include/crypto/secret.h - third_party/qemu - Git at Google

 /*
  * QEMU crypto secret support
  *
  * Copyright (c) 2015 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
  * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  *
  */

 #ifndef QCRYPTO_SECRET_H
 #define QCRYPTO_SECRET_H

 #include "qapi/qapi-types-crypto.h"
 #include "qom/object.h"

 #define TYPE_QCRYPTO_SECRET "secret"
 #define QCRYPTO_SECRET(obj)                  \
     OBJECT_CHECK(QCryptoSecret, (obj), TYPE_QCRYPTO_SECRET)

 typedef struct QCryptoSecret QCryptoSecret;
 typedef struct QCryptoSecretClass QCryptoSecretClass;

 /**
  * QCryptoSecret:
  *
  * The QCryptoSecret object provides storage of secrets,
  * which may be user passwords, encryption keys or any
  * other kind of sensitive data that is represented as
  * a sequence of bytes.
  *
  * The sensitive data associated with the secret can
  * be provided directly via the 'data' property, or
  * indirectly via the 'file' property. In the latter
  * case there is support for file descriptor passing
  * via the usual /dev/fdset/NN syntax that QEMU uses.
  *
  * The data for a secret can be provided in two formats,
  * either as a UTF-8 string (the default), or as base64
  * encoded 8-bit binary data. The latter is appropriate
  * for raw encryption keys, while the former is appropriate
  * for user entered passwords.
  *
  * The data may be optionally encrypted with AES-256-CBC,
  * and the decryption key provided by another
  * QCryptoSecret instance identified by the 'keyid'
  * property. When passing sensitive data directly
  * via the 'data' property it is strongly recommended
  * to use the AES encryption facility to prevent the
  * sensitive data being exposed in the process listing
  * or system log files.
  *
  * Providing data directly, insecurely (suitable for
  * ad hoc developer testing only)
  *
  *  $QEMU -object secret,id=sec0,data=letmein
  *
  * Providing data indirectly:
  *
  *  # printf "letmein" > password.txt
  *  # $QEMU \
  *      -object secret,id=sec0,file=password.txt
  *
  * Using a master encryption key with data.
  *
  * The master key needs to be created as 32 secure
  * random bytes (optionally base64 encoded)
  *
  *  # openssl rand -base64 32 > key.b64
  *  # KEY=$(base64 -d key.b64 | hexdump  -v -e '/1 "%02X"')
  *
  * Each secret to be encrypted needs to have a random
  * initialization vector generated. These do not need
  * to be kept secret
  *
  *  # openssl rand -base64 16 > iv.b64
  *  # IV=$(base64 -d iv.b64 | hexdump  -v -e '/1 "%02X"')
  *
  * A secret to be defined can now be encrypted
  *
  *  # SECRET=$(printf "letmein" |
  *             openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
  *
  * When launching QEMU, create a master secret pointing
  * to key.b64 and specify that to be used to decrypt
  * the user password
  *
  *  # $QEMU \
  *      -object secret,id=secmaster0,format=base64,file=key.b64 \
  *      -object secret,id=sec0,keyid=secmaster0,format=base64,\
  *          data=$SECRET,iv=$(<iv.b64)
  *
  * When encrypting, the data can still be provided via an
  * external file, in which case it is possible to use either
  * raw binary data, or base64 encoded. This example uses
  * raw format
  *
  *  # printf "letmein" |
  *       openssl enc -aes-256-cbc -K $KEY -iv $IV -o pw.aes
  *  # $QEMU \
  *      -object secret,id=secmaster0,format=base64,file=key.b64 \
  *      -object secret,id=sec0,keyid=secmaster0,\
  *          file=pw.aes,iv=$(<iv.b64)
  *
  * Note that the ciphertext can be in either raw or base64
  * format, as indicated by the 'format' parameter, but the
  * plaintext resulting from decryption is expected to always
  * be in raw format.
  */

 struct QCryptoSecret {
     Object parent_obj;
     uint8_t *rawdata;
     size_t rawlen;
     QCryptoSecretFormat format;
     char *data;
     char *file;
     char *keyid;
     char *iv;
 };


 struct QCryptoSecretClass {
     ObjectClass parent_class;
 };


 extern int qcrypto_secret_lookup(const char *secretid,
                                  uint8_t **data,
                                  size_t *datalen,
                                  Error **errp);
 extern char *qcrypto_secret_lookup_as_utf8(const char *secretid,
                                            Error **errp);
 extern char *qcrypto_secret_lookup_as_base64(const char *secretid,
                                              Error **errp);

 #endif /* QCRYPTO_SECRET_H */
	/*
	* QEMU crypto secret support
	*
	* Copyright (c) 2015 Red Hat, Inc.
	*
	* This library is free software; you can redistribute it and/or
	* modify it under the terms of the GNU Lesser General Public
	* License as published by the Free Software Foundation; either
	* version 2.1 of the License, or (at your option) any later version.
	*
	* This library is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	* Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	*
	*/

	#ifndef QCRYPTO_SECRET_H
	#define QCRYPTO_SECRET_H

	#include "qapi/qapi-types-crypto.h"
	#include "qom/object.h"

	#define TYPE_QCRYPTO_SECRET "secret"
	#define QCRYPTO_SECRET(obj) \
	OBJECT_CHECK(QCryptoSecret, (obj), TYPE_QCRYPTO_SECRET)

	typedef struct QCryptoSecret QCryptoSecret;
	typedef struct QCryptoSecretClass QCryptoSecretClass;

	/**
	* QCryptoSecret:
	*
	* The QCryptoSecret object provides storage of secrets,
	* which may be user passwords, encryption keys or any
	* other kind of sensitive data that is represented as
	* a sequence of bytes.
	*
	* The sensitive data associated with the secret can
	* be provided directly via the 'data' property, or
	* indirectly via the 'file' property. In the latter
	* case there is support for file descriptor passing
	* via the usual /dev/fdset/NN syntax that QEMU uses.
	*
	* The data for a secret can be provided in two formats,
	* either as a UTF-8 string (the default), or as base64
	* encoded 8-bit binary data. The latter is appropriate
	* for raw encryption keys, while the former is appropriate
	* for user entered passwords.
	*
	* The data may be optionally encrypted with AES-256-CBC,
	* and the decryption key provided by another
	* QCryptoSecret instance identified by the 'keyid'
	* property. When passing sensitive data directly
	* via the 'data' property it is strongly recommended
	* to use the AES encryption facility to prevent the
	* sensitive data being exposed in the process listing
	* or system log files.
	*
	* Providing data directly, insecurely (suitable for
	* ad hoc developer testing only)
	*
	* $QEMU -object secret,id=sec0,data=letmein
	*
	* Providing data indirectly:
	*
	* # printf "letmein" > password.txt
	* # $QEMU \
	* -object secret,id=sec0,file=password.txt
	*
	* Using a master encryption key with data.
	*
	* The master key needs to be created as 32 secure
	* random bytes (optionally base64 encoded)
	*
	* # openssl rand -base64 32 > key.b64
	* # KEY=$(base64 -d key.b64 \| hexdump -v -e '/1 "%02X"')
	*
	* Each secret to be encrypted needs to have a random
	* initialization vector generated. These do not need
	* to be kept secret
	*
	* # openssl rand -base64 16 > iv.b64
	* # IV=$(base64 -d iv.b64 \| hexdump -v -e '/1 "%02X"')
	*
	* A secret to be defined can now be encrypted
	*
	* # SECRET=$(printf "letmein" \|
	* openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
	*
	* When launching QEMU, create a master secret pointing
	* to key.b64 and specify that to be used to decrypt
	* the user password
	*
	* # $QEMU \
	* -object secret,id=secmaster0,format=base64,file=key.b64 \
	* -object secret,id=sec0,keyid=secmaster0,format=base64,\
	* data=$SECRET,iv=$(<iv.b64)
	*
	* When encrypting, the data can still be provided via an
	* external file, in which case it is possible to use either
	* raw binary data, or base64 encoded. This example uses
	* raw format
	*
	* # printf "letmein" \|
	* openssl enc -aes-256-cbc -K $KEY -iv $IV -o pw.aes
	* # $QEMU \
	* -object secret,id=secmaster0,format=base64,file=key.b64 \
	* -object secret,id=sec0,keyid=secmaster0,\
	* file=pw.aes,iv=$(<iv.b64)
	*
	* Note that the ciphertext can be in either raw or base64
	* format, as indicated by the 'format' parameter, but the
	* plaintext resulting from decryption is expected to always
	* be in raw format.
	*/

	struct QCryptoSecret {
	Object parent_obj;
	uint8_t *rawdata;
	size_t rawlen;
	QCryptoSecretFormat format;
	char *data;
	char *file;
	char *keyid;
	char *iv;
	};


	struct QCryptoSecretClass {
	ObjectClass parent_class;
	};


	extern int qcrypto_secret_lookup(const char *secretid,
	uint8_t **data,
	size_t *datalen,
	Error **errp);
	extern char qcrypto_secret_lookup_as_utf8(const char secretid,
	Error **errp);
	extern char qcrypto_secret_lookup_as_base64(const char secretid,
	Error **errp);

	#endif /* QCRYPTO_SECRET_H */