[libvirt] [PATCH 4/4] xkcd: generate secure rememberable qcow2 passwords

Fri Apr 1 11:30:30 UTC 2016

Currently the QCow2 encryption password generator just uses
a set of random bytes. This is not very easy for users to
remember, which encourages them to write down their passwords.
Instead of this, allow for using 4 random words which gives
a rememberable password, while still having high entropy.
Enable this feature using

   LIBVIRT_XKCD=936 /usr/sbin/libvirtd

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/util/virstorageencryption.c | 47 +++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c
index ec4a8cb..2a36e8e 100644
--- a/src/util/virstorageencryption.c
+++ b/src/util/virstorageencryption.c
@@ -34,6 +34,7 @@
 #include "virerror.h"
 #include "viruuid.h"
 #include "virfile.h"
+#include "virxkcd.h"
 
 #define VIR_FROM_THIS VIR_FROM_STORAGE
 
@@ -294,30 +295,34 @@ virStorageGenerateQcowPassphrase(unsigned char *dest)
     int fd;
     size_t i;
 
-    /* A qcow passphrase is up to 16 bytes, with any data following a NUL
-       ignored.  Prohibit control and non-ASCII characters to avoid possible
-       unpleasant surprises with the qemu monitor input mechanism. */
-    fd = open("/dev/urandom", O_RDONLY);
-    if (fd < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Cannot open /dev/urandom"));
-        return -1;
-    }
-    i = 0;
-    while (i < VIR_STORAGE_QCOW_PASSPHRASE_SIZE) {
-        ssize_t r;
-
-        while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR)
-            ;
-        if (r <= 0) {
+    if (virXKCDIsEnabled(936)) {
+        memcpy(dest, "correct horse battery staple", VIR_STORAGE_QCOW_PASSPHRASE_SIZE);
+    } else {
+        /* A qcow passphrase is up to 16 bytes, with any data following a NUL
+           ignored.  Prohibit control and non-ASCII characters to avoid possible
+           unpleasant surprises with the qemu monitor input mechanism. */
+        fd = open("/dev/urandom", O_RDONLY);
+        if (fd < 0) {
             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                           _("Cannot read from /dev/urandom"));
-            VIR_FORCE_CLOSE(fd);
+                           _("Cannot open /dev/urandom"));
             return -1;
         }
-        if (dest[i] >= 0x20 && dest[i] <= 0x7E)
-            i++; /* Got an acceptable character */
+        i = 0;
+        while (i < VIR_STORAGE_QCOW_PASSPHRASE_SIZE) {
+            ssize_t r;
+
+            while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR)
+                ;
+            if (r <= 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("Cannot read from /dev/urandom"));
+                VIR_FORCE_CLOSE(fd);
+                return -1;
+            }
+            if (dest[i] >= 0x20 && dest[i] <= 0x7E)
+                i++; /* Got an acceptable character */
+        }
+        VIR_FORCE_CLOSE(fd);
     }
-    VIR_FORCE_CLOSE(fd);
     return 0;
 }
-- 
2.5.5


