]>
Commit | Line | Data |
---|---|---|
a090187d DB |
1 | # -*- Mode: Python -*- |
2 | # | |
3 | # QAPI crypto definitions | |
4 | ||
5 | ## | |
6 | # QCryptoTLSCredsEndpoint: | |
7 | # | |
8 | # The type of network endpoint that will be using the credentials. | |
9 | # Most types of credential require different setup / structures | |
10 | # depending on whether they will be used in a server versus a | |
11 | # client. | |
12 | # | |
13 | # @client: the network endpoint is acting as the client | |
14 | # | |
15 | # @server: the network endpoint is acting as the server | |
16 | # | |
17 | # Since: 2.5 | |
18 | ## | |
19 | { 'enum': 'QCryptoTLSCredsEndpoint', | |
20 | 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT', | |
21 | 'data': ['client', 'server']} | |
ac1d8878 DB |
22 | |
23 | ||
24 | ## | |
25 | # QCryptoSecretFormat: | |
26 | # | |
27 | # The data format that the secret is provided in | |
28 | # | |
29 | # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used | |
30 | # @base64: arbitrary base64 encoded binary data | |
31 | # Since: 2.6 | |
32 | ## | |
33 | { 'enum': 'QCryptoSecretFormat', | |
34 | 'prefix': 'QCRYPTO_SECRET_FORMAT', | |
35 | 'data': ['raw', 'base64']} | |
d84b79d3 DB |
36 | |
37 | ||
38 | ## | |
39 | # QCryptoHashAlgorithm: | |
40 | # | |
41 | # The supported algorithms for computing content digests | |
42 | # | |
43 | # @md5: MD5. Should not be used in any new code, legacy compat only | |
44 | # @sha1: SHA-1. Should not be used in any new code, legacy compat only | |
45 | # @sha256: SHA-256. Current recommended strong hash. | |
46 | # Since: 2.6 | |
47 | ## | |
48 | { 'enum': 'QCryptoHashAlgorithm', | |
49 | 'prefix': 'QCRYPTO_HASH_ALG', | |
50 | 'data': ['md5', 'sha1', 'sha256']} | |
d8c02bcc DB |
51 | |
52 | ||
53 | ## | |
54 | # QCryptoCipherAlgorithm: | |
55 | # | |
56 | # The supported algorithms for content encryption ciphers | |
57 | # | |
58 | # @aes-128: AES with 128 bit / 16 byte keys | |
59 | # @aes-192: AES with 192 bit / 24 byte keys | |
60 | # @aes-256: AES with 256 bit / 32 byte keys | |
61 | # @des-rfb: RFB specific variant of single DES. Do not use except in VNC. | |
084a85ee | 62 | # @cast5-128: Cast5 with 128 bit / 16 byte keys |
94318522 DB |
63 | # @serpent-128: Serpent with 128 bit / 16 byte keys |
64 | # @serpent-192: Serpent with 192 bit / 24 byte keys | |
65 | # @serpent-256: Serpent with 256 bit / 32 byte keys | |
50f6753e DB |
66 | # @twofish-128: Twofish with 128 bit / 16 byte keys |
67 | # @twofish-192: Twofish with 192 bit / 24 byte keys | |
68 | # @twofish-256: Twofish with 256 bit / 32 byte keys | |
d8c02bcc DB |
69 | # Since: 2.6 |
70 | ## | |
71 | { 'enum': 'QCryptoCipherAlgorithm', | |
72 | 'prefix': 'QCRYPTO_CIPHER_ALG', | |
084a85ee DB |
73 | 'data': ['aes-128', 'aes-192', 'aes-256', |
74 | 'des-rfb', | |
94318522 | 75 | 'cast5-128', |
50f6753e DB |
76 | 'serpent-128', 'serpent-192', 'serpent-256', |
77 | 'twofish-128', 'twofish-192', 'twofish-256']} | |
d8c02bcc DB |
78 | |
79 | ||
80 | ## | |
81 | # QCryptoCipherMode: | |
82 | # | |
83 | # The supported modes for content encryption ciphers | |
84 | # | |
85 | # @ecb: Electronic Code Book | |
86 | # @cbc: Cipher Block Chaining | |
eaec903c | 87 | # @xts: XEX with tweaked code book and ciphertext stealing |
d8c02bcc DB |
88 | # Since: 2.6 |
89 | ## | |
90 | { 'enum': 'QCryptoCipherMode', | |
91 | 'prefix': 'QCRYPTO_CIPHER_MODE', | |
eaec903c | 92 | 'data': ['ecb', 'cbc', 'xts']} |
cb730894 DB |
93 | |
94 | ||
95 | ## | |
96 | # QCryptoIVGenAlgorithm: | |
97 | # | |
98 | # The supported algorithms for generating initialization | |
99 | # vectors for full disk encryption. The 'plain' generator | |
100 | # should not be used for disks with sector numbers larger | |
101 | # than 2^32, except where compatibility with pre-existing | |
102 | # Linux dm-crypt volumes is required. | |
103 | # | |
104 | # @plain: 64-bit sector number truncated to 32-bits | |
105 | # @plain64: 64-bit sector number | |
106 | # @essiv: 64-bit sector number encrypted with a hash of the encryption key | |
107 | # Since: 2.6 | |
108 | ## | |
109 | { 'enum': 'QCryptoIVGenAlgorithm', | |
110 | 'prefix': 'QCRYPTO_IVGEN_ALG', | |
111 | 'data': ['plain', 'plain64', 'essiv']} | |
7d969014 DB |
112 | |
113 | ## | |
114 | # QCryptoBlockFormat: | |
115 | # | |
116 | # The supported full disk encryption formats | |
117 | # | |
118 | # @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only | |
119 | # for liberating data from old images. | |
120 | # | |
121 | # Since: 2.6 | |
122 | ## | |
123 | { 'enum': 'QCryptoBlockFormat', | |
124 | # 'prefix': 'QCRYPTO_BLOCK_FORMAT', | |
125 | 'data': ['qcow']} | |
126 | ||
127 | ## | |
128 | # QCryptoBlockOptionsBase: | |
129 | # | |
130 | # The common options that apply to all full disk | |
131 | # encryption formats | |
132 | # | |
133 | # @format: the encryption format | |
134 | # | |
135 | # Since: 2.6 | |
136 | ## | |
137 | { 'struct': 'QCryptoBlockOptionsBase', | |
138 | 'data': { 'format': 'QCryptoBlockFormat' }} | |
139 | ||
140 | ## | |
141 | # QCryptoBlockOptionsQCow: | |
142 | # | |
143 | # The options that apply to QCow/QCow2 AES-CBC encryption format | |
144 | # | |
145 | # @key-secret: #optional the ID of a QCryptoSecret object providing the | |
146 | # decryption key. Mandatory except when probing image for | |
147 | # metadata only. | |
148 | # | |
149 | # Since: 2.6 | |
150 | ## | |
151 | { 'struct': 'QCryptoBlockOptionsQCow', | |
152 | 'data': { '*key-secret': 'str' }} | |
153 | ||
154 | ## | |
155 | # QCryptoBlockOpenOptions: | |
156 | # | |
157 | # The options that are available for all encryption formats | |
158 | # when opening an existing volume | |
159 | # | |
160 | # Since: 2.6 | |
161 | ## | |
162 | { 'union': 'QCryptoBlockOpenOptions', | |
163 | 'base': 'QCryptoBlockOptionsBase', | |
164 | 'discriminator': 'format', | |
165 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } } | |
166 | ||
167 | ||
168 | ## | |
169 | # QCryptoBlockCreateOptions: | |
170 | # | |
171 | # The options that are available for all encryption formats | |
172 | # when initializing a new volume | |
173 | # | |
174 | # Since: 2.6 | |
175 | ## | |
176 | { 'union': 'QCryptoBlockCreateOptions', | |
177 | 'base': 'QCryptoBlockOptionsBase', | |
178 | 'discriminator': 'format', | |
179 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } } |