]>
Commit | Line | Data |
---|---|---|
a090187d | 1 | # -*- Mode: Python -*- |
f7160f32 | 2 | # vim: filetype=python |
a090187d | 3 | # |
d3a48372 MAL |
4 | |
5 | ## | |
f5cf31c5 | 6 | # = Cryptography |
d3a48372 | 7 | ## |
a090187d DB |
8 | |
9 | ## | |
c5927e7a | 10 | # @QCryptoTLSCredsEndpoint: |
a090187d DB |
11 | # |
12 | # The type of network endpoint that will be using the credentials. | |
13 | # Most types of credential require different setup / structures | |
a937b6aa | 14 | # depending on whether they will be used in a server versus a client. |
a090187d DB |
15 | # |
16 | # @client: the network endpoint is acting as the client | |
17 | # | |
18 | # @server: the network endpoint is acting as the server | |
19 | # | |
20 | # Since: 2.5 | |
21 | ## | |
22 | { 'enum': 'QCryptoTLSCredsEndpoint', | |
23 | 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT', | |
24 | 'data': ['client', 'server']} | |
ac1d8878 | 25 | |
ac1d8878 | 26 | ## |
c5927e7a | 27 | # @QCryptoSecretFormat: |
ac1d8878 DB |
28 | # |
29 | # The data format that the secret is provided in | |
30 | # | |
a937b6aa MA |
31 | # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences |
32 | # can be used | |
33 | # | |
ac1d8878 | 34 | # @base64: arbitrary base64 encoded binary data |
4ae65a52 | 35 | # |
ac1d8878 DB |
36 | # Since: 2.6 |
37 | ## | |
38 | { 'enum': 'QCryptoSecretFormat', | |
39 | 'prefix': 'QCRYPTO_SECRET_FORMAT', | |
40 | 'data': ['raw', 'base64']} | |
d84b79d3 | 41 | |
d84b79d3 | 42 | ## |
c5927e7a | 43 | # @QCryptoHashAlgorithm: |
d84b79d3 DB |
44 | # |
45 | # The supported algorithms for computing content digests | |
46 | # | |
47 | # @md5: MD5. Should not be used in any new code, legacy compat only | |
a937b6aa | 48 | # |
d84b79d3 | 49 | # @sha1: SHA-1. Should not be used in any new code, legacy compat only |
a937b6aa | 50 | # |
9164b897 | 51 | # @sha224: SHA-224. (since 2.7) |
a937b6aa | 52 | # |
d84b79d3 | 53 | # @sha256: SHA-256. Current recommended strong hash. |
a937b6aa | 54 | # |
9164b897 | 55 | # @sha384: SHA-384. (since 2.7) |
a937b6aa | 56 | # |
9164b897 | 57 | # @sha512: SHA-512. (since 2.7) |
a937b6aa | 58 | # |
9164b897 | 59 | # @ripemd160: RIPEMD-160. (since 2.7) |
4ae65a52 | 60 | # |
d84b79d3 DB |
61 | # Since: 2.6 |
62 | ## | |
63 | { 'enum': 'QCryptoHashAlgorithm', | |
64 | 'prefix': 'QCRYPTO_HASH_ALG', | |
9164b897 | 65 | 'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']} |
d8c02bcc | 66 | |
d8c02bcc | 67 | ## |
c5927e7a | 68 | # @QCryptoCipherAlgorithm: |
d8c02bcc DB |
69 | # |
70 | # The supported algorithms for content encryption ciphers | |
71 | # | |
72 | # @aes-128: AES with 128 bit / 16 byte keys | |
a937b6aa | 73 | # |
d8c02bcc | 74 | # @aes-192: AES with 192 bit / 24 byte keys |
a937b6aa | 75 | # |
d8c02bcc | 76 | # @aes-256: AES with 256 bit / 32 byte keys |
a937b6aa MA |
77 | # |
78 | # @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. | |
79 | # (since 6.1) | |
80 | # | |
ffb7bf45 | 81 | # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) |
a937b6aa | 82 | # |
084a85ee | 83 | # @cast5-128: Cast5 with 128 bit / 16 byte keys |
a937b6aa | 84 | # |
94318522 | 85 | # @serpent-128: Serpent with 128 bit / 16 byte keys |
a937b6aa | 86 | # |
94318522 | 87 | # @serpent-192: Serpent with 192 bit / 24 byte keys |
a937b6aa | 88 | # |
94318522 | 89 | # @serpent-256: Serpent with 256 bit / 32 byte keys |
a937b6aa | 90 | # |
50f6753e | 91 | # @twofish-128: Twofish with 128 bit / 16 byte keys |
a937b6aa | 92 | # |
50f6753e | 93 | # @twofish-192: Twofish with 192 bit / 24 byte keys |
a937b6aa | 94 | # |
50f6753e | 95 | # @twofish-256: Twofish with 256 bit / 32 byte keys |
4ae65a52 | 96 | # |
d8c02bcc DB |
97 | # Since: 2.6 |
98 | ## | |
99 | { 'enum': 'QCryptoCipherAlgorithm', | |
100 | 'prefix': 'QCRYPTO_CIPHER_ALG', | |
084a85ee | 101 | 'data': ['aes-128', 'aes-192', 'aes-256', |
83bee4b5 | 102 | 'des', '3des', |
94318522 | 103 | 'cast5-128', |
50f6753e DB |
104 | 'serpent-128', 'serpent-192', 'serpent-256', |
105 | 'twofish-128', 'twofish-192', 'twofish-256']} | |
d8c02bcc | 106 | |
d8c02bcc | 107 | ## |
c5927e7a | 108 | # @QCryptoCipherMode: |
d8c02bcc DB |
109 | # |
110 | # The supported modes for content encryption ciphers | |
111 | # | |
112 | # @ecb: Electronic Code Book | |
a937b6aa | 113 | # |
d8c02bcc | 114 | # @cbc: Cipher Block Chaining |
a937b6aa | 115 | # |
eaec903c | 116 | # @xts: XEX with tweaked code book and ciphertext stealing |
a937b6aa | 117 | # |
3c28292f | 118 | # @ctr: Counter (Since 2.8) |
4ae65a52 | 119 | # |
d8c02bcc DB |
120 | # Since: 2.6 |
121 | ## | |
122 | { 'enum': 'QCryptoCipherMode', | |
123 | 'prefix': 'QCRYPTO_CIPHER_MODE', | |
3c28292f | 124 | 'data': ['ecb', 'cbc', 'xts', 'ctr']} |
cb730894 | 125 | |
cb730894 | 126 | ## |
c5927e7a | 127 | # @QCryptoIVGenAlgorithm: |
cb730894 | 128 | # |
a937b6aa MA |
129 | # The supported algorithms for generating initialization vectors for |
130 | # full disk encryption. The 'plain' generator should not be used for | |
131 | # disks with sector numbers larger than 2^32, except where | |
132 | # compatibility with pre-existing Linux dm-crypt volumes is required. | |
cb730894 DB |
133 | # |
134 | # @plain: 64-bit sector number truncated to 32-bits | |
a937b6aa | 135 | # |
cb730894 | 136 | # @plain64: 64-bit sector number |
a937b6aa MA |
137 | # |
138 | # @essiv: 64-bit sector number encrypted with a hash of the encryption | |
139 | # key | |
4ae65a52 | 140 | # |
cb730894 DB |
141 | # Since: 2.6 |
142 | ## | |
143 | { 'enum': 'QCryptoIVGenAlgorithm', | |
144 | 'prefix': 'QCRYPTO_IVGEN_ALG', | |
145 | 'data': ['plain', 'plain64', 'essiv']} | |
7d969014 DB |
146 | |
147 | ## | |
c5927e7a | 148 | # @QCryptoBlockFormat: |
7d969014 DB |
149 | # |
150 | # The supported full disk encryption formats | |
151 | # | |
a937b6aa MA |
152 | # @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only for |
153 | # liberating data from old images. | |
154 | # | |
155 | # @luks: LUKS encryption format. Recommended for new images | |
7d969014 DB |
156 | # |
157 | # Since: 2.6 | |
158 | ## | |
159 | { 'enum': 'QCryptoBlockFormat', | |
160 | # 'prefix': 'QCRYPTO_BLOCK_FORMAT', | |
3e308f20 | 161 | 'data': ['qcow', 'luks']} |
7d969014 DB |
162 | |
163 | ## | |
c5927e7a | 164 | # @QCryptoBlockOptionsBase: |
7d969014 | 165 | # |
a937b6aa | 166 | # The common options that apply to all full disk encryption formats |
7d969014 DB |
167 | # |
168 | # @format: the encryption format | |
169 | # | |
170 | # Since: 2.6 | |
171 | ## | |
172 | { 'struct': 'QCryptoBlockOptionsBase', | |
173 | 'data': { 'format': 'QCryptoBlockFormat' }} | |
174 | ||
175 | ## | |
c5927e7a | 176 | # @QCryptoBlockOptionsQCow: |
7d969014 DB |
177 | # |
178 | # The options that apply to QCow/QCow2 AES-CBC encryption format | |
179 | # | |
1d8bda12 | 180 | # @key-secret: the ID of a QCryptoSecret object providing the |
a937b6aa MA |
181 | # decryption key. Mandatory except when probing image for |
182 | # metadata only. | |
7d969014 DB |
183 | # |
184 | # Since: 2.6 | |
185 | ## | |
186 | { 'struct': 'QCryptoBlockOptionsQCow', | |
187 | 'data': { '*key-secret': 'str' }} | |
188 | ||
3e308f20 | 189 | ## |
c5927e7a | 190 | # @QCryptoBlockOptionsLUKS: |
3e308f20 DB |
191 | # |
192 | # The options that apply to LUKS encryption format | |
193 | # | |
1d8bda12 | 194 | # @key-secret: the ID of a QCryptoSecret object providing the |
a937b6aa MA |
195 | # decryption key. Mandatory except when probing image for |
196 | # metadata only. | |
4ae65a52 | 197 | # |
3e308f20 DB |
198 | # Since: 2.6 |
199 | ## | |
200 | { 'struct': 'QCryptoBlockOptionsLUKS', | |
201 | 'data': { '*key-secret': 'str' }} | |
202 | ||
3e308f20 | 203 | ## |
c5927e7a | 204 | # @QCryptoBlockCreateOptionsLUKS: |
3e308f20 DB |
205 | # |
206 | # The options that apply to LUKS encryption format initialization | |
207 | # | |
a937b6aa MA |
208 | # @cipher-alg: the cipher algorithm for data encryption Currently |
209 | # defaults to 'aes-256'. | |
210 | # | |
211 | # @cipher-mode: the cipher mode for data encryption Currently defaults | |
212 | # to 'xts' | |
213 | # | |
214 | # @ivgen-alg: the initialization vector generator Currently defaults | |
215 | # to 'plain64' | |
216 | # | |
217 | # @ivgen-hash-alg: the initialization vector generator hash Currently | |
218 | # defaults to 'sha256' | |
219 | # | |
220 | # @hash-alg: the master key hash algorithm Currently defaults to | |
221 | # 'sha256' | |
222 | # | |
223 | # @iter-time: number of milliseconds to spend in PBKDF passphrase | |
224 | # processing. Currently defaults to 2000. (since 2.8) | |
4ae65a52 | 225 | # |
3e308f20 DB |
226 | # Since: 2.6 |
227 | ## | |
228 | { 'struct': 'QCryptoBlockCreateOptionsLUKS', | |
229 | 'base': 'QCryptoBlockOptionsLUKS', | |
230 | 'data': { '*cipher-alg': 'QCryptoCipherAlgorithm', | |
231 | '*cipher-mode': 'QCryptoCipherMode', | |
232 | '*ivgen-alg': 'QCryptoIVGenAlgorithm', | |
233 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', | |
3bd18890 DB |
234 | '*hash-alg': 'QCryptoHashAlgorithm', |
235 | '*iter-time': 'int'}} | |
3e308f20 | 236 | |
7d969014 | 237 | ## |
c5927e7a | 238 | # @QCryptoBlockOpenOptions: |
7d969014 | 239 | # |
a937b6aa MA |
240 | # The options that are available for all encryption formats when |
241 | # opening an existing volume | |
7d969014 DB |
242 | # |
243 | # Since: 2.6 | |
244 | ## | |
245 | { 'union': 'QCryptoBlockOpenOptions', | |
246 | 'base': 'QCryptoBlockOptionsBase', | |
247 | 'discriminator': 'format', | |
3e308f20 DB |
248 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', |
249 | 'luks': 'QCryptoBlockOptionsLUKS' } } | |
7d969014 | 250 | |
7d969014 | 251 | ## |
c5927e7a | 252 | # @QCryptoBlockCreateOptions: |
7d969014 | 253 | # |
a937b6aa MA |
254 | # The options that are available for all encryption formats when |
255 | # initializing a new volume | |
7d969014 DB |
256 | # |
257 | # Since: 2.6 | |
258 | ## | |
259 | { 'union': 'QCryptoBlockCreateOptions', | |
260 | 'base': 'QCryptoBlockOptionsBase', | |
261 | 'discriminator': 'format', | |
3e308f20 DB |
262 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', |
263 | 'luks': 'QCryptoBlockCreateOptionsLUKS' } } | |
40c85028 | 264 | |
40c85028 | 265 | ## |
c5927e7a | 266 | # @QCryptoBlockInfoBase: |
40c85028 | 267 | # |
a937b6aa MA |
268 | # The common information that applies to all full disk encryption |
269 | # formats | |
40c85028 DB |
270 | # |
271 | # @format: the encryption format | |
272 | # | |
273 | # Since: 2.7 | |
274 | ## | |
275 | { 'struct': 'QCryptoBlockInfoBase', | |
276 | 'data': { 'format': 'QCryptoBlockFormat' }} | |
277 | ||
40c85028 | 278 | ## |
c5927e7a | 279 | # @QCryptoBlockInfoLUKSSlot: |
40c85028 | 280 | # |
a937b6aa | 281 | # Information about the LUKS block encryption key slot options |
40c85028 DB |
282 | # |
283 | # @active: whether the key slot is currently in use | |
a937b6aa | 284 | # |
40c85028 | 285 | # @key-offset: offset to the key material in bytes |
a937b6aa | 286 | # |
1d8bda12 | 287 | # @iters: number of PBKDF2 iterations for key material |
a937b6aa | 288 | # |
1d8bda12 | 289 | # @stripes: number of stripes for splitting key material |
40c85028 DB |
290 | # |
291 | # Since: 2.7 | |
292 | ## | |
293 | { 'struct': 'QCryptoBlockInfoLUKSSlot', | |
294 | 'data': {'active': 'bool', | |
295 | '*iters': 'int', | |
296 | '*stripes': 'int', | |
297 | 'key-offset': 'int' } } | |
298 | ||
40c85028 | 299 | ## |
c5927e7a | 300 | # @QCryptoBlockInfoLUKS: |
40c85028 DB |
301 | # |
302 | # Information about the LUKS block encryption options | |
303 | # | |
304 | # @cipher-alg: the cipher algorithm for data encryption | |
a937b6aa | 305 | # |
40c85028 | 306 | # @cipher-mode: the cipher mode for data encryption |
a937b6aa | 307 | # |
40c85028 | 308 | # @ivgen-alg: the initialization vector generator |
a937b6aa | 309 | # |
1d8bda12 | 310 | # @ivgen-hash-alg: the initialization vector generator hash |
a937b6aa | 311 | # |
40c85028 | 312 | # @hash-alg: the master key hash algorithm |
a937b6aa | 313 | # |
40c85028 | 314 | # @payload-offset: offset to the payload data in bytes |
a937b6aa | 315 | # |
40c85028 | 316 | # @master-key-iters: number of PBKDF2 iterations for key material |
a937b6aa | 317 | # |
40c85028 | 318 | # @uuid: unique identifier for the volume |
a937b6aa | 319 | # |
40c85028 DB |
320 | # @slots: information about each key slot |
321 | # | |
322 | # Since: 2.7 | |
323 | ## | |
324 | { 'struct': 'QCryptoBlockInfoLUKS', | |
325 | 'data': {'cipher-alg': 'QCryptoCipherAlgorithm', | |
326 | 'cipher-mode': 'QCryptoCipherMode', | |
327 | 'ivgen-alg': 'QCryptoIVGenAlgorithm', | |
328 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', | |
329 | 'hash-alg': 'QCryptoHashAlgorithm', | |
330 | 'payload-offset': 'int', | |
331 | 'master-key-iters': 'int', | |
332 | 'uuid': 'str', | |
333 | 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }} | |
334 | ||
40c85028 | 335 | ## |
c5927e7a | 336 | # @QCryptoBlockInfo: |
40c85028 DB |
337 | # |
338 | # Information about the block encryption options | |
339 | # | |
340 | # Since: 2.7 | |
341 | ## | |
342 | { 'union': 'QCryptoBlockInfo', | |
343 | 'base': 'QCryptoBlockInfoBase', | |
344 | 'discriminator': 'format', | |
29cd0403 | 345 | 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } |
43cbd06d | 346 | |
557d2bdc ML |
347 | ## |
348 | # @QCryptoBlockLUKSKeyslotState: | |
349 | # | |
350 | # Defines state of keyslots that are affected by the update | |
351 | # | |
c0ac533b | 352 | # @active: The slots contain the given password and marked as active |
a937b6aa MA |
353 | # |
354 | # @inactive: The slots are erased (contain garbage) and marked as | |
355 | # inactive | |
557d2bdc ML |
356 | # |
357 | # Since: 5.1 | |
358 | ## | |
359 | { 'enum': 'QCryptoBlockLUKSKeyslotState', | |
360 | 'data': [ 'active', 'inactive' ] } | |
361 | ||
557d2bdc ML |
362 | ## |
363 | # @QCryptoBlockAmendOptionsLUKS: | |
364 | # | |
a937b6aa MA |
365 | # This struct defines the update parameters that activate/de-activate |
366 | # set of keyslots | |
557d2bdc ML |
367 | # |
368 | # @state: the desired state of the keyslots | |
369 | # | |
a937b6aa MA |
370 | # @new-secret: The ID of a QCryptoSecret object providing the password |
371 | # to be written into added active keyslots | |
557d2bdc | 372 | # |
a937b6aa MA |
373 | # @old-secret: Optional (for deactivation only) If given will |
374 | # deactivate all keyslots that match password located in | |
375 | # QCryptoSecret with this ID | |
557d2bdc | 376 | # |
a937b6aa MA |
377 | # @iter-time: Optional (for activation only) Number of milliseconds to |
378 | # spend in PBKDF passphrase processing for the newly activated | |
379 | # keyslot. Currently defaults to 2000. | |
557d2bdc | 380 | # |
a937b6aa MA |
381 | # @keyslot: Optional. ID of the keyslot to activate/deactivate. For |
382 | # keyslot activation, keyslot should not be active already (this | |
383 | # is unsafe to update an active keyslot), but possible if 'force' | |
384 | # parameter is given. If keyslot is not given, first free keyslot | |
385 | # will be written. | |
557d2bdc | 386 | # |
a937b6aa MA |
387 | # For keyslot deactivation, this parameter specifies the exact |
388 | # keyslot to deactivate | |
557d2bdc | 389 | # |
a937b6aa MA |
390 | # @secret: Optional. The ID of a QCryptoSecret object providing the |
391 | # password to use to retrieve current master key. Defaults to the | |
392 | # same secret that was used to open the image | |
557d2bdc | 393 | # |
433a4fdc | 394 | # Since: 5.1 |
557d2bdc ML |
395 | ## |
396 | { 'struct': 'QCryptoBlockAmendOptionsLUKS', | |
397 | 'data': { 'state': 'QCryptoBlockLUKSKeyslotState', | |
398 | '*new-secret': 'str', | |
399 | '*old-secret': 'str', | |
400 | '*keyslot': 'int', | |
401 | '*iter-time': 'int', | |
402 | '*secret': 'str' } } | |
43cbd06d ML |
403 | |
404 | ## | |
405 | # @QCryptoBlockAmendOptions: | |
406 | # | |
a937b6aa MA |
407 | # The options that are available for all encryption formats when |
408 | # amending encryption settings | |
43cbd06d ML |
409 | # |
410 | # Since: 5.1 | |
411 | ## | |
412 | { 'union': 'QCryptoBlockAmendOptions', | |
413 | 'base': 'QCryptoBlockOptionsBase', | |
414 | 'discriminator': 'format', | |
415 | 'data': { | |
557d2bdc | 416 | 'luks': 'QCryptoBlockAmendOptionsLUKS' } } |
39c4c27d KW |
417 | |
418 | ## | |
419 | # @SecretCommonProperties: | |
420 | # | |
421 | # Properties for objects of classes derived from secret-common. | |
422 | # | |
a937b6aa MA |
423 | # @loaded: if true, the secret is loaded immediately when applying |
424 | # this option and will probably fail when processing the next | |
425 | # option. Don't use; only provided for compatibility. | |
426 | # (default: false) | |
39c4c27d | 427 | # |
a937b6aa MA |
428 | # @format: the data format that the secret is provided in |
429 | # (default: raw) | |
39c4c27d | 430 | # |
a937b6aa MA |
431 | # @keyid: the name of another secret that should be used to decrypt |
432 | # the provided data. If not present, the data is assumed to be | |
433 | # unencrypted. | |
39c4c27d | 434 | # |
a937b6aa MA |
435 | # @iv: the random initialization vector used for encryption of this |
436 | # particular secret. Should be a base64 encrypted string of the | |
437 | # 16-byte IV. Mandatory if @keyid is given. Ignored if @keyid is | |
438 | # absent. | |
39c4c27d KW |
439 | # |
440 | # Features: | |
a937b6aa MA |
441 | # |
442 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
443 | # make sense, and false is already the default. | |
39c4c27d KW |
444 | # |
445 | # Since: 2.6 | |
446 | ## | |
447 | { 'struct': 'SecretCommonProperties', | |
448 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
449 | '*format': 'QCryptoSecretFormat', | |
450 | '*keyid': 'str', | |
451 | '*iv': 'str' } } | |
452 | ||
453 | ## | |
454 | # @SecretProperties: | |
455 | # | |
456 | # Properties for secret objects. | |
457 | # | |
458 | # Either @data or @file must be provided, but not both. | |
459 | # | |
460 | # @data: the associated with the secret from | |
461 | # | |
462 | # @file: the filename to load the data associated with the secret from | |
463 | # | |
464 | # Since: 2.6 | |
465 | ## | |
466 | { 'struct': 'SecretProperties', | |
467 | 'base': 'SecretCommonProperties', | |
468 | 'data': { '*data': 'str', | |
469 | '*file': 'str' } } | |
470 | ||
471 | ## | |
472 | # @SecretKeyringProperties: | |
473 | # | |
474 | # Properties for secret_keyring objects. | |
475 | # | |
476 | # @serial: serial number that identifies a key to get from the kernel | |
477 | # | |
478 | # Since: 5.1 | |
479 | ## | |
480 | { 'struct': 'SecretKeyringProperties', | |
481 | 'base': 'SecretCommonProperties', | |
482 | 'data': { 'serial': 'int32' } } | |
d09e4937 KW |
483 | |
484 | ## | |
485 | # @TlsCredsProperties: | |
486 | # | |
487 | # Properties for objects of classes derived from tls-creds. | |
488 | # | |
489 | # @verify-peer: if true the peer credentials will be verified once the | |
a937b6aa MA |
490 | # handshake is completed. This is a no-op for anonymous |
491 | # credentials. (default: true) | |
d09e4937 KW |
492 | # |
493 | # @dir: the path of the directory that contains the credential files | |
494 | # | |
a937b6aa MA |
495 | # @endpoint: whether the QEMU network backend that uses the |
496 | # credentials will be acting as a client or as a server | |
497 | # (default: client) | |
d09e4937 KW |
498 | # |
499 | # @priority: a gnutls priority string as described at | |
a937b6aa | 500 | # https://gnutls.org/manual/html_node/Priority-Strings.html |
d09e4937 KW |
501 | # |
502 | # Since: 2.5 | |
503 | ## | |
504 | { 'struct': 'TlsCredsProperties', | |
505 | 'data': { '*verify-peer': 'bool', | |
506 | '*dir': 'str', | |
507 | '*endpoint': 'QCryptoTLSCredsEndpoint', | |
508 | '*priority': 'str' } } | |
509 | ||
510 | ## | |
511 | # @TlsCredsAnonProperties: | |
512 | # | |
513 | # Properties for tls-creds-anon objects. | |
514 | # | |
a937b6aa MA |
515 | # @loaded: if true, the credentials are loaded immediately when |
516 | # applying this option and will ignore options that are processed | |
517 | # later. Don't use; only provided for compatibility. | |
518 | # (default: false) | |
d09e4937 KW |
519 | # |
520 | # Features: | |
a937b6aa MA |
521 | # |
522 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
523 | # make sense, and false is already the default. | |
d09e4937 KW |
524 | # |
525 | # Since: 2.5 | |
526 | ## | |
527 | { 'struct': 'TlsCredsAnonProperties', | |
528 | 'base': 'TlsCredsProperties', | |
529 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } } | |
530 | ||
531 | ## | |
532 | # @TlsCredsPskProperties: | |
533 | # | |
534 | # Properties for tls-creds-psk objects. | |
535 | # | |
a937b6aa MA |
536 | # @loaded: if true, the credentials are loaded immediately when |
537 | # applying this option and will ignore options that are processed | |
538 | # later. Don't use; only provided for compatibility. | |
539 | # (default: false) | |
d09e4937 | 540 | # |
a937b6aa MA |
541 | # @username: the username which will be sent to the server. For |
542 | # clients only. If absent, "qemu" is sent and the property will | |
543 | # read back as an empty string. | |
d09e4937 KW |
544 | # |
545 | # Features: | |
a937b6aa MA |
546 | # |
547 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
548 | # make sense, and false is already the default. | |
d09e4937 KW |
549 | # |
550 | # Since: 3.0 | |
551 | ## | |
552 | { 'struct': 'TlsCredsPskProperties', | |
553 | 'base': 'TlsCredsProperties', | |
554 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
555 | '*username': 'str' } } | |
556 | ||
557 | ## | |
558 | # @TlsCredsX509Properties: | |
559 | # | |
560 | # Properties for tls-creds-x509 objects. | |
561 | # | |
a937b6aa MA |
562 | # @loaded: if true, the credentials are loaded immediately when |
563 | # applying this option and will ignore options that are processed | |
564 | # later. Don't use; only provided for compatibility. | |
565 | # (default: false) | |
d09e4937 KW |
566 | # |
567 | # @sanity-check: if true, perform some sanity checks before using the | |
a937b6aa | 568 | # credentials (default: true) |
d09e4937 | 569 | # |
a937b6aa MA |
570 | # @passwordid: For the server-key.pem and client-key.pem files which |
571 | # contain sensitive private keys, it is possible to use an | |
572 | # encrypted version by providing the @passwordid parameter. This | |
573 | # provides the ID of a previously created secret object containing | |
574 | # the password for decryption. | |
d09e4937 KW |
575 | # |
576 | # Features: | |
a937b6aa MA |
577 | # |
578 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
579 | # make sense, and false is already the default. | |
d09e4937 KW |
580 | # |
581 | # Since: 2.5 | |
582 | ## | |
583 | { 'struct': 'TlsCredsX509Properties', | |
584 | 'base': 'TlsCredsProperties', | |
585 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
586 | '*sanity-check': 'bool', | |
587 | '*passwordid': 'str' } } | |
daa55f3e LH |
588 | ## |
589 | # @QCryptoAkCipherAlgorithm: | |
590 | # | |
591 | # The supported algorithms for asymmetric encryption ciphers | |
592 | # | |
593 | # @rsa: RSA algorithm | |
594 | # | |
595 | # Since: 7.1 | |
596 | ## | |
597 | { 'enum': 'QCryptoAkCipherAlgorithm', | |
598 | 'prefix': 'QCRYPTO_AKCIPHER_ALG', | |
599 | 'data': ['rsa']} | |
600 | ||
601 | ## | |
602 | # @QCryptoAkCipherKeyType: | |
603 | # | |
604 | # The type of asymmetric keys. | |
605 | # | |
606 | # Since: 7.1 | |
607 | ## | |
608 | { 'enum': 'QCryptoAkCipherKeyType', | |
609 | 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE', | |
610 | 'data': ['public', 'private']} | |
611 | ||
612 | ## | |
613 | # @QCryptoRSAPaddingAlgorithm: | |
614 | # | |
615 | # The padding algorithm for RSA. | |
616 | # | |
617 | # @raw: no padding used | |
a937b6aa | 618 | # |
daa55f3e LH |
619 | # @pkcs1: pkcs1#v1.5 |
620 | # | |
621 | # Since: 7.1 | |
622 | ## | |
623 | { 'enum': 'QCryptoRSAPaddingAlgorithm', | |
624 | 'prefix': 'QCRYPTO_RSA_PADDING_ALG', | |
625 | 'data': ['raw', 'pkcs1']} | |
626 | ||
627 | ## | |
628 | # @QCryptoAkCipherOptionsRSA: | |
629 | # | |
630 | # Specific parameters for RSA algorithm. | |
631 | # | |
632 | # @hash-alg: QCryptoHashAlgorithm | |
a937b6aa | 633 | # |
daa55f3e LH |
634 | # @padding-alg: QCryptoRSAPaddingAlgorithm |
635 | # | |
636 | # Since: 7.1 | |
637 | ## | |
638 | { 'struct': 'QCryptoAkCipherOptionsRSA', | |
639 | 'data': { 'hash-alg':'QCryptoHashAlgorithm', | |
640 | 'padding-alg': 'QCryptoRSAPaddingAlgorithm'}} | |
641 | ||
642 | ## | |
643 | # @QCryptoAkCipherOptions: | |
644 | # | |
645 | # The options that are available for all asymmetric key algorithms | |
646 | # when creating a new QCryptoAkCipher. | |
647 | # | |
648 | # Since: 7.1 | |
649 | ## | |
650 | { 'union': 'QCryptoAkCipherOptions', | |
651 | 'base': { 'alg': 'QCryptoAkCipherAlgorithm' }, | |
652 | 'discriminator': 'alg', | |
653 | 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }} |