[mirror_qemu.git] / qapi / crypto.json

# -*- Mode: Python -*-
#
# QAPI crypto definitions

##
# QCryptoTLSCredsEndpoint:
#
# The type of network endpoint that will be using the credentials.
# Most types of credential require different setup / structures
# depending on whether they will be used in a server versus a
# client.
#
# @client: the network endpoint is acting as the client
#
# @server: the network endpoint is acting as the server
#
# Since: 2.5
##
{ 'enum': 'QCryptoTLSCredsEndpoint',
  'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
  'data': ['client', 'server']}


##
# QCryptoSecretFormat:
#
# The data format that the secret is provided in
#
# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
# @base64: arbitrary base64 encoded binary data
# Since: 2.6
##
{ 'enum': 'QCryptoSecretFormat',
  'prefix': 'QCRYPTO_SECRET_FORMAT',
  'data': ['raw', 'base64']}


##
# QCryptoHashAlgorithm:
#
# The supported algorithms for computing content digests
#
# @md5: MD5. Should not be used in any new code, legacy compat only
# @sha1: SHA-1. Should not be used in any new code, legacy compat only
# @sha256: SHA-256. Current recommended strong hash.
# Since: 2.6
##
{ 'enum': 'QCryptoHashAlgorithm',
  'prefix': 'QCRYPTO_HASH_ALG',
  'data': ['md5', 'sha1', 'sha256']}


##
# QCryptoCipherAlgorithm:
#
# The supported algorithms for content encryption ciphers
#
# @aes-128: AES with 128 bit / 16 byte keys
# @aes-192: AES with 192 bit / 24 byte keys
# @aes-256: AES with 256 bit / 32 byte keys
# @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
# @cast5-128: Cast5 with 128 bit / 16 byte keys
# @serpent-128: Serpent with 128 bit / 16 byte keys
# @serpent-192: Serpent with 192 bit / 24 byte keys
# @serpent-256: Serpent with 256 bit / 32 byte keys
# @twofish-128: Twofish with 128 bit / 16 byte keys
# @twofish-192: Twofish with 192 bit / 24 byte keys
# @twofish-256: Twofish with 256 bit / 32 byte keys
# Since: 2.6
##
{ 'enum': 'QCryptoCipherAlgorithm',
  'prefix': 'QCRYPTO_CIPHER_ALG',
  'data': ['aes-128', 'aes-192', 'aes-256',
           'des-rfb',
           'cast5-128',
           'serpent-128', 'serpent-192', 'serpent-256',
           'twofish-128', 'twofish-192', 'twofish-256']}


##
# QCryptoCipherMode:
#
# The supported modes for content encryption ciphers
#
# @ecb: Electronic Code Book
# @cbc: Cipher Block Chaining
# @xts: XEX with tweaked code book and ciphertext stealing
# Since: 2.6
##
{ 'enum': 'QCryptoCipherMode',
  'prefix': 'QCRYPTO_CIPHER_MODE',
  'data': ['ecb', 'cbc', 'xts']}


##
# QCryptoIVGenAlgorithm:
#
# The supported algorithms for generating initialization
# vectors for full disk encryption. The 'plain' generator
# should not be used for disks with sector numbers larger
# than 2^32, except where compatibility with pre-existing
# Linux dm-crypt volumes is required.
#
# @plain: 64-bit sector number truncated to 32-bits
# @plain64: 64-bit sector number
# @essiv: 64-bit sector number encrypted with a hash of the encryption key
# Since: 2.6
##
{ 'enum': 'QCryptoIVGenAlgorithm',
  'prefix': 'QCRYPTO_IVGEN_ALG',
  'data': ['plain', 'plain64', 'essiv']}

##
# QCryptoBlockFormat:
#
# The supported full disk encryption formats
#
# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
#        for liberating data from old images.
#
# Since: 2.6
##
{ 'enum': 'QCryptoBlockFormat',
#  'prefix': 'QCRYPTO_BLOCK_FORMAT',
  'data': ['qcow']}

##
# QCryptoBlockOptionsBase:
#
# The common options that apply to all full disk
# encryption formats
#
# @format: the encryption format
#
# Since: 2.6
##
{ 'struct': 'QCryptoBlockOptionsBase',
  'data': { 'format': 'QCryptoBlockFormat' }}

##
# QCryptoBlockOptionsQCow:
#
# The options that apply to QCow/QCow2 AES-CBC encryption format
#
# @key-secret: #optional the ID of a QCryptoSecret object providing the
#              decryption key. Mandatory except when probing image for
#              metadata only.
#
# Since: 2.6
##
{ 'struct': 'QCryptoBlockOptionsQCow',
  'data': { '*key-secret': 'str' }}

##
# QCryptoBlockOpenOptions:
#
# The options that are available for all encryption formats
# when opening an existing volume
#
# Since: 2.6
##
{ 'union': 'QCryptoBlockOpenOptions',
  'base': 'QCryptoBlockOptionsBase',
  'discriminator': 'format',
  'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }


##
# QCryptoBlockCreateOptions:
#
# The options that are available for all encryption formats
# when initializing a new volume
#
# Since: 2.6
##
{ 'union': 'QCryptoBlockCreateOptions',
  'base': 'QCryptoBlockOptionsBase',
  'discriminator': 'format',
  'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }
Commit	Line	Data
a090187d DB	1	# -- Mode: Python --
	2	#
	3	# QAPI crypto definitions
	4
	5	##
	6	# QCryptoTLSCredsEndpoint:
	7	#
	8	# The type of network endpoint that will be using the credentials.
	9	# Most types of credential require different setup / structures
	10	# depending on whether they will be used in a server versus a
	11	# client.
	12	#
	13	# @client: the network endpoint is acting as the client
	14	#
	15	# @server: the network endpoint is acting as the server
	16	#
	17	# Since: 2.5
	18	##
	19	{ 'enum': 'QCryptoTLSCredsEndpoint',
	20	'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
	21	'data': ['client', 'server']}
ac1d8878 DB	22
	23
	24	##
	25	# QCryptoSecretFormat:
	26	#
	27	# The data format that the secret is provided in
	28	#
	29	# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
	30	# @base64: arbitrary base64 encoded binary data
	31	# Since: 2.6
	32	##
	33	{ 'enum': 'QCryptoSecretFormat',
	34	'prefix': 'QCRYPTO_SECRET_FORMAT',
	35	'data': ['raw', 'base64']}
d84b79d3 DB	36
	37
	38	##
	39	# QCryptoHashAlgorithm:
	40	#
	41	# The supported algorithms for computing content digests
	42	#
	43	# @md5: MD5. Should not be used in any new code, legacy compat only
	44	# @sha1: SHA-1. Should not be used in any new code, legacy compat only
	45	# @sha256: SHA-256. Current recommended strong hash.
	46	# Since: 2.6
	47	##
	48	{ 'enum': 'QCryptoHashAlgorithm',
	49	'prefix': 'QCRYPTO_HASH_ALG',
	50	'data': ['md5', 'sha1', 'sha256']}
d8c02bcc DB	51
	52
	53	##
	54	# QCryptoCipherAlgorithm:
	55	#
	56	# The supported algorithms for content encryption ciphers
	57	#
	58	# @aes-128: AES with 128 bit / 16 byte keys
	59	# @aes-192: AES with 192 bit / 24 byte keys
	60	# @aes-256: AES with 256 bit / 32 byte keys
	61	# @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
084a85ee	62	# @cast5-128: Cast5 with 128 bit / 16 byte keys
94318522 DB	63	# @serpent-128: Serpent with 128 bit / 16 byte keys
	64	# @serpent-192: Serpent with 192 bit / 24 byte keys
	65	# @serpent-256: Serpent with 256 bit / 32 byte keys
50f6753e DB	66	# @twofish-128: Twofish with 128 bit / 16 byte keys
	67	# @twofish-192: Twofish with 192 bit / 24 byte keys
	68	# @twofish-256: Twofish with 256 bit / 32 byte keys
d8c02bcc DB	69	# Since: 2.6
	70	##
	71	{ 'enum': 'QCryptoCipherAlgorithm',
	72	'prefix': 'QCRYPTO_CIPHER_ALG',
084a85ee DB	73	'data': ['aes-128', 'aes-192', 'aes-256',
084a85ee DB	74	'des-rfb',
94318522	75	'cast5-128',
50f6753e DB	76	'serpent-128', 'serpent-192', 'serpent-256',
50f6753e DB	77	'twofish-128', 'twofish-192', 'twofish-256']}
d8c02bcc DB	78
	79
	80	##
	81	# QCryptoCipherMode:
	82	#
	83	# The supported modes for content encryption ciphers
	84	#
	85	# @ecb: Electronic Code Book
	86	# @cbc: Cipher Block Chaining
eaec903c	87	# @xts: XEX with tweaked code book and ciphertext stealing
d8c02bcc DB	88	# Since: 2.6
	89	##
	90	{ 'enum': 'QCryptoCipherMode',
	91	'prefix': 'QCRYPTO_CIPHER_MODE',
eaec903c	92	'data': ['ecb', 'cbc', 'xts']}
cb730894 DB	93
	94
	95	##
	96	# QCryptoIVGenAlgorithm:
	97	#
	98	# The supported algorithms for generating initialization
	99	# vectors for full disk encryption. The 'plain' generator
	100	# should not be used for disks with sector numbers larger
	101	# than 2^32, except where compatibility with pre-existing
	102	# Linux dm-crypt volumes is required.
	103	#
	104	# @plain: 64-bit sector number truncated to 32-bits
	105	# @plain64: 64-bit sector number
	106	# @essiv: 64-bit sector number encrypted with a hash of the encryption key
	107	# Since: 2.6
	108	##
	109	{ 'enum': 'QCryptoIVGenAlgorithm',
	110	'prefix': 'QCRYPTO_IVGEN_ALG',
	111	'data': ['plain', 'plain64', 'essiv']}
7d969014 DB	112
	113	##
	114	# QCryptoBlockFormat:
	115	#
	116	# The supported full disk encryption formats
	117	#
	118	# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
	119	# for liberating data from old images.
	120	#
	121	# Since: 2.6
	122	##
	123	{ 'enum': 'QCryptoBlockFormat',
	124	# 'prefix': 'QCRYPTO_BLOCK_FORMAT',
	125	'data': ['qcow']}
	126
	127	##
	128	# QCryptoBlockOptionsBase:
	129	#
	130	# The common options that apply to all full disk
	131	# encryption formats
	132	#
	133	# @format: the encryption format
	134	#
	135	# Since: 2.6
	136	##
	137	{ 'struct': 'QCryptoBlockOptionsBase',
	138	'data': { 'format': 'QCryptoBlockFormat' }}
	139
	140	##
	141	# QCryptoBlockOptionsQCow:
	142	#
	143	# The options that apply to QCow/QCow2 AES-CBC encryption format
	144	#
	145	# @key-secret: #optional the ID of a QCryptoSecret object providing the
	146	# decryption key. Mandatory except when probing image for
	147	# metadata only.
	148	#
	149	# Since: 2.6
	150	##
	151	{ 'struct': 'QCryptoBlockOptionsQCow',
	152	'data': { '*key-secret': 'str' }}
	153
	154	##
	155	# QCryptoBlockOpenOptions:
	156	#
	157	# The options that are available for all encryption formats
	158	# when opening an existing volume
	159	#
	160	# Since: 2.6
	161	##
	162	{ 'union': 'QCryptoBlockOpenOptions',
	163	'base': 'QCryptoBlockOptionsBase',
	164	'discriminator': 'format',
	165	'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }
	166
	167
	168	##
	169	# QCryptoBlockCreateOptions:
	170	#
	171	# The options that are available for all encryption formats
	172	# when initializing a new volume
	173	#
	174	# Since: 2.6
	175	##
176	{ 'union': 'QCryptoBlockCreateOptions',
177	'base': 'QCryptoBlockOptionsBase',
178	'discriminator': 'format',
179	'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }