]>
Commit | Line | Data |
---|---|---|
1 | # -*- Mode: Python -*- | |
2 | # vim: filetype=python | |
3 | # | |
4 | ||
5 | ## | |
6 | # = Cryptography | |
7 | ## | |
8 | ||
9 | ## | |
10 | # @QCryptoTLSCredsEndpoint: | |
11 | # | |
12 | # The type of network endpoint that will be using the credentials. | |
13 | # Most types of credential require different setup / structures | |
14 | # depending on whether they will be used in a server versus a client. | |
15 | # | |
16 | # @client: the network endpoint is acting as the client | |
17 | # | |
18 | # @server: the network endpoint is acting as the server | |
19 | # | |
20 | # Since: 2.5 | |
21 | ## | |
22 | { 'enum': 'QCryptoTLSCredsEndpoint', | |
23 | 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT', | |
24 | 'data': ['client', 'server']} | |
25 | ||
26 | ## | |
27 | # @QCryptoSecretFormat: | |
28 | # | |
29 | # The data format that the secret is provided in | |
30 | # | |
31 | # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences | |
32 | # can be used | |
33 | # | |
34 | # @base64: arbitrary base64 encoded binary data | |
35 | # | |
36 | # Since: 2.6 | |
37 | ## | |
38 | { 'enum': 'QCryptoSecretFormat', | |
39 | 'prefix': 'QCRYPTO_SECRET_FORMAT', | |
40 | 'data': ['raw', 'base64']} | |
41 | ||
42 | ## | |
43 | # @QCryptoHashAlgorithm: | |
44 | # | |
45 | # The supported algorithms for computing content digests | |
46 | # | |
47 | # @md5: MD5. Should not be used in any new code, legacy compat only | |
48 | # | |
49 | # @sha1: SHA-1. Should not be used in any new code, legacy compat only | |
50 | # | |
51 | # @sha224: SHA-224. (since 2.7) | |
52 | # | |
53 | # @sha256: SHA-256. Current recommended strong hash. | |
54 | # | |
55 | # @sha384: SHA-384. (since 2.7) | |
56 | # | |
57 | # @sha512: SHA-512. (since 2.7) | |
58 | # | |
59 | # @ripemd160: RIPEMD-160. (since 2.7) | |
60 | # | |
61 | # Since: 2.6 | |
62 | ## | |
63 | { 'enum': 'QCryptoHashAlgorithm', | |
64 | 'prefix': 'QCRYPTO_HASH_ALG', | |
65 | 'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']} | |
66 | ||
67 | ## | |
68 | # @QCryptoCipherAlgorithm: | |
69 | # | |
70 | # The supported algorithms for content encryption ciphers | |
71 | # | |
72 | # @aes-128: AES with 128 bit / 16 byte keys | |
73 | # | |
74 | # @aes-192: AES with 192 bit / 24 byte keys | |
75 | # | |
76 | # @aes-256: AES with 256 bit / 32 byte keys | |
77 | # | |
78 | # @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. | |
79 | # (since 6.1) | |
80 | # | |
81 | # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) | |
82 | # | |
83 | # @cast5-128: Cast5 with 128 bit / 16 byte keys | |
84 | # | |
85 | # @serpent-128: Serpent with 128 bit / 16 byte keys | |
86 | # | |
87 | # @serpent-192: Serpent with 192 bit / 24 byte keys | |
88 | # | |
89 | # @serpent-256: Serpent with 256 bit / 32 byte keys | |
90 | # | |
91 | # @twofish-128: Twofish with 128 bit / 16 byte keys | |
92 | # | |
93 | # @twofish-192: Twofish with 192 bit / 24 byte keys | |
94 | # | |
95 | # @twofish-256: Twofish with 256 bit / 32 byte keys | |
96 | # | |
97 | # Since: 2.6 | |
98 | ## | |
99 | { 'enum': 'QCryptoCipherAlgorithm', | |
100 | 'prefix': 'QCRYPTO_CIPHER_ALG', | |
101 | 'data': ['aes-128', 'aes-192', 'aes-256', | |
102 | 'des', '3des', | |
103 | 'cast5-128', | |
104 | 'serpent-128', 'serpent-192', 'serpent-256', | |
105 | 'twofish-128', 'twofish-192', 'twofish-256']} | |
106 | ||
107 | ## | |
108 | # @QCryptoCipherMode: | |
109 | # | |
110 | # The supported modes for content encryption ciphers | |
111 | # | |
112 | # @ecb: Electronic Code Book | |
113 | # | |
114 | # @cbc: Cipher Block Chaining | |
115 | # | |
116 | # @xts: XEX with tweaked code book and ciphertext stealing | |
117 | # | |
118 | # @ctr: Counter (Since 2.8) | |
119 | # | |
120 | # Since: 2.6 | |
121 | ## | |
122 | { 'enum': 'QCryptoCipherMode', | |
123 | 'prefix': 'QCRYPTO_CIPHER_MODE', | |
124 | 'data': ['ecb', 'cbc', 'xts', 'ctr']} | |
125 | ||
126 | ## | |
127 | # @QCryptoIVGenAlgorithm: | |
128 | # | |
129 | # The supported algorithms for generating initialization vectors for | |
130 | # full disk encryption. The 'plain' generator should not be used for | |
131 | # disks with sector numbers larger than 2^32, except where | |
132 | # compatibility with pre-existing Linux dm-crypt volumes is required. | |
133 | # | |
134 | # @plain: 64-bit sector number truncated to 32-bits | |
135 | # | |
136 | # @plain64: 64-bit sector number | |
137 | # | |
138 | # @essiv: 64-bit sector number encrypted with a hash of the encryption | |
139 | # key | |
140 | # | |
141 | # Since: 2.6 | |
142 | ## | |
143 | { 'enum': 'QCryptoIVGenAlgorithm', | |
144 | 'prefix': 'QCRYPTO_IVGEN_ALG', | |
145 | 'data': ['plain', 'plain64', 'essiv']} | |
146 | ||
147 | ## | |
148 | # @QCryptoBlockFormat: | |
149 | # | |
150 | # The supported full disk encryption formats | |
151 | # | |
152 | # @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only for | |
153 | # liberating data from old images. | |
154 | # | |
155 | # @luks: LUKS encryption format. Recommended for new images | |
156 | # | |
157 | # Since: 2.6 | |
158 | ## | |
159 | { 'enum': 'QCryptoBlockFormat', | |
160 | # 'prefix': 'QCRYPTO_BLOCK_FORMAT', | |
161 | 'data': ['qcow', 'luks']} | |
162 | ||
163 | ## | |
164 | # @QCryptoBlockOptionsBase: | |
165 | # | |
166 | # The common options that apply to all full disk encryption formats | |
167 | # | |
168 | # @format: the encryption format | |
169 | # | |
170 | # Since: 2.6 | |
171 | ## | |
172 | { 'struct': 'QCryptoBlockOptionsBase', | |
173 | 'data': { 'format': 'QCryptoBlockFormat' }} | |
174 | ||
175 | ## | |
176 | # @QCryptoBlockOptionsQCow: | |
177 | # | |
178 | # The options that apply to QCow/QCow2 AES-CBC encryption format | |
179 | # | |
180 | # @key-secret: the ID of a QCryptoSecret object providing the | |
181 | # decryption key. Mandatory except when probing image for | |
182 | # metadata only. | |
183 | # | |
184 | # Since: 2.6 | |
185 | ## | |
186 | { 'struct': 'QCryptoBlockOptionsQCow', | |
187 | 'data': { '*key-secret': 'str' }} | |
188 | ||
189 | ## | |
190 | # @QCryptoBlockOptionsLUKS: | |
191 | # | |
192 | # The options that apply to LUKS encryption format | |
193 | # | |
194 | # @key-secret: the ID of a QCryptoSecret object providing the | |
195 | # decryption key. Mandatory except when probing image for | |
196 | # metadata only. | |
197 | # | |
198 | # Since: 2.6 | |
199 | ## | |
200 | { 'struct': 'QCryptoBlockOptionsLUKS', | |
201 | 'data': { '*key-secret': 'str' }} | |
202 | ||
203 | ## | |
204 | # @QCryptoBlockCreateOptionsLUKS: | |
205 | # | |
206 | # The options that apply to LUKS encryption format initialization | |
207 | # | |
208 | # @cipher-alg: the cipher algorithm for data encryption Currently | |
209 | # defaults to 'aes-256'. | |
210 | # | |
211 | # @cipher-mode: the cipher mode for data encryption Currently defaults | |
212 | # to 'xts' | |
213 | # | |
214 | # @ivgen-alg: the initialization vector generator Currently defaults | |
215 | # to 'plain64' | |
216 | # | |
217 | # @ivgen-hash-alg: the initialization vector generator hash Currently | |
218 | # defaults to 'sha256' | |
219 | # | |
220 | # @hash-alg: the master key hash algorithm Currently defaults to | |
221 | # 'sha256' | |
222 | # | |
223 | # @iter-time: number of milliseconds to spend in PBKDF passphrase | |
224 | # processing. Currently defaults to 2000. (since 2.8) | |
225 | # | |
226 | # Since: 2.6 | |
227 | ## | |
228 | { 'struct': 'QCryptoBlockCreateOptionsLUKS', | |
229 | 'base': 'QCryptoBlockOptionsLUKS', | |
230 | 'data': { '*cipher-alg': 'QCryptoCipherAlgorithm', | |
231 | '*cipher-mode': 'QCryptoCipherMode', | |
232 | '*ivgen-alg': 'QCryptoIVGenAlgorithm', | |
233 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', | |
234 | '*hash-alg': 'QCryptoHashAlgorithm', | |
235 | '*iter-time': 'int'}} | |
236 | ||
237 | ## | |
238 | # @QCryptoBlockOpenOptions: | |
239 | # | |
240 | # The options that are available for all encryption formats when | |
241 | # opening an existing volume | |
242 | # | |
243 | # Since: 2.6 | |
244 | ## | |
245 | { 'union': 'QCryptoBlockOpenOptions', | |
246 | 'base': 'QCryptoBlockOptionsBase', | |
247 | 'discriminator': 'format', | |
248 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', | |
249 | 'luks': 'QCryptoBlockOptionsLUKS' } } | |
250 | ||
251 | ## | |
252 | # @QCryptoBlockCreateOptions: | |
253 | # | |
254 | # The options that are available for all encryption formats when | |
255 | # initializing a new volume | |
256 | # | |
257 | # Since: 2.6 | |
258 | ## | |
259 | { 'union': 'QCryptoBlockCreateOptions', | |
260 | 'base': 'QCryptoBlockOptionsBase', | |
261 | 'discriminator': 'format', | |
262 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', | |
263 | 'luks': 'QCryptoBlockCreateOptionsLUKS' } } | |
264 | ||
265 | ## | |
266 | # @QCryptoBlockInfoBase: | |
267 | # | |
268 | # The common information that applies to all full disk encryption | |
269 | # formats | |
270 | # | |
271 | # @format: the encryption format | |
272 | # | |
273 | # Since: 2.7 | |
274 | ## | |
275 | { 'struct': 'QCryptoBlockInfoBase', | |
276 | 'data': { 'format': 'QCryptoBlockFormat' }} | |
277 | ||
278 | ## | |
279 | # @QCryptoBlockInfoLUKSSlot: | |
280 | # | |
281 | # Information about the LUKS block encryption key slot options | |
282 | # | |
283 | # @active: whether the key slot is currently in use | |
284 | # | |
285 | # @key-offset: offset to the key material in bytes | |
286 | # | |
287 | # @iters: number of PBKDF2 iterations for key material | |
288 | # | |
289 | # @stripes: number of stripes for splitting key material | |
290 | # | |
291 | # Since: 2.7 | |
292 | ## | |
293 | { 'struct': 'QCryptoBlockInfoLUKSSlot', | |
294 | 'data': {'active': 'bool', | |
295 | '*iters': 'int', | |
296 | '*stripes': 'int', | |
297 | 'key-offset': 'int' } } | |
298 | ||
299 | ## | |
300 | # @QCryptoBlockInfoLUKS: | |
301 | # | |
302 | # Information about the LUKS block encryption options | |
303 | # | |
304 | # @cipher-alg: the cipher algorithm for data encryption | |
305 | # | |
306 | # @cipher-mode: the cipher mode for data encryption | |
307 | # | |
308 | # @ivgen-alg: the initialization vector generator | |
309 | # | |
310 | # @ivgen-hash-alg: the initialization vector generator hash | |
311 | # | |
312 | # @hash-alg: the master key hash algorithm | |
313 | # | |
314 | # @payload-offset: offset to the payload data in bytes | |
315 | # | |
316 | # @master-key-iters: number of PBKDF2 iterations for key material | |
317 | # | |
318 | # @uuid: unique identifier for the volume | |
319 | # | |
320 | # @slots: information about each key slot | |
321 | # | |
322 | # Since: 2.7 | |
323 | ## | |
324 | { 'struct': 'QCryptoBlockInfoLUKS', | |
325 | 'data': {'cipher-alg': 'QCryptoCipherAlgorithm', | |
326 | 'cipher-mode': 'QCryptoCipherMode', | |
327 | 'ivgen-alg': 'QCryptoIVGenAlgorithm', | |
328 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', | |
329 | 'hash-alg': 'QCryptoHashAlgorithm', | |
330 | 'payload-offset': 'int', | |
331 | 'master-key-iters': 'int', | |
332 | 'uuid': 'str', | |
333 | 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }} | |
334 | ||
335 | ## | |
336 | # @QCryptoBlockInfo: | |
337 | # | |
338 | # Information about the block encryption options | |
339 | # | |
340 | # Since: 2.7 | |
341 | ## | |
342 | { 'union': 'QCryptoBlockInfo', | |
343 | 'base': 'QCryptoBlockInfoBase', | |
344 | 'discriminator': 'format', | |
345 | 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } | |
346 | ||
347 | ## | |
348 | # @QCryptoBlockLUKSKeyslotState: | |
349 | # | |
350 | # Defines state of keyslots that are affected by the update | |
351 | # | |
352 | # @active: The slots contain the given password and marked as active | |
353 | # | |
354 | # @inactive: The slots are erased (contain garbage) and marked as | |
355 | # inactive | |
356 | # | |
357 | # Since: 5.1 | |
358 | ## | |
359 | { 'enum': 'QCryptoBlockLUKSKeyslotState', | |
360 | 'data': [ 'active', 'inactive' ] } | |
361 | ||
362 | ## | |
363 | # @QCryptoBlockAmendOptionsLUKS: | |
364 | # | |
365 | # This struct defines the update parameters that activate/de-activate | |
366 | # set of keyslots | |
367 | # | |
368 | # @state: the desired state of the keyslots | |
369 | # | |
370 | # @new-secret: The ID of a QCryptoSecret object providing the password | |
371 | # to be written into added active keyslots | |
372 | # | |
373 | # @old-secret: Optional (for deactivation only) If given will | |
374 | # deactivate all keyslots that match password located in | |
375 | # QCryptoSecret with this ID | |
376 | # | |
377 | # @iter-time: Optional (for activation only) Number of milliseconds to | |
378 | # spend in PBKDF passphrase processing for the newly activated | |
379 | # keyslot. Currently defaults to 2000. | |
380 | # | |
381 | # @keyslot: Optional. ID of the keyslot to activate/deactivate. For | |
382 | # keyslot activation, keyslot should not be active already (this | |
383 | # is unsafe to update an active keyslot), but possible if 'force' | |
384 | # parameter is given. If keyslot is not given, first free keyslot | |
385 | # will be written. | |
386 | # | |
387 | # For keyslot deactivation, this parameter specifies the exact | |
388 | # keyslot to deactivate | |
389 | # | |
390 | # @secret: Optional. The ID of a QCryptoSecret object providing the | |
391 | # password to use to retrieve current master key. Defaults to the | |
392 | # same secret that was used to open the image | |
393 | # | |
394 | # Since: 5.1 | |
395 | ## | |
396 | { 'struct': 'QCryptoBlockAmendOptionsLUKS', | |
397 | 'data': { 'state': 'QCryptoBlockLUKSKeyslotState', | |
398 | '*new-secret': 'str', | |
399 | '*old-secret': 'str', | |
400 | '*keyslot': 'int', | |
401 | '*iter-time': 'int', | |
402 | '*secret': 'str' } } | |
403 | ||
404 | ## | |
405 | # @QCryptoBlockAmendOptions: | |
406 | # | |
407 | # The options that are available for all encryption formats when | |
408 | # amending encryption settings | |
409 | # | |
410 | # Since: 5.1 | |
411 | ## | |
412 | { 'union': 'QCryptoBlockAmendOptions', | |
413 | 'base': 'QCryptoBlockOptionsBase', | |
414 | 'discriminator': 'format', | |
415 | 'data': { | |
416 | 'luks': 'QCryptoBlockAmendOptionsLUKS' } } | |
417 | ||
418 | ## | |
419 | # @SecretCommonProperties: | |
420 | # | |
421 | # Properties for objects of classes derived from secret-common. | |
422 | # | |
423 | # @loaded: if true, the secret is loaded immediately when applying | |
424 | # this option and will probably fail when processing the next | |
425 | # option. Don't use; only provided for compatibility. | |
426 | # (default: false) | |
427 | # | |
428 | # @format: the data format that the secret is provided in | |
429 | # (default: raw) | |
430 | # | |
431 | # @keyid: the name of another secret that should be used to decrypt | |
432 | # the provided data. If not present, the data is assumed to be | |
433 | # unencrypted. | |
434 | # | |
435 | # @iv: the random initialization vector used for encryption of this | |
436 | # particular secret. Should be a base64 encrypted string of the | |
437 | # 16-byte IV. Mandatory if @keyid is given. Ignored if @keyid is | |
438 | # absent. | |
439 | # | |
440 | # Features: | |
441 | # | |
442 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
443 | # make sense, and false is already the default. | |
444 | # | |
445 | # Since: 2.6 | |
446 | ## | |
447 | { 'struct': 'SecretCommonProperties', | |
448 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
449 | '*format': 'QCryptoSecretFormat', | |
450 | '*keyid': 'str', | |
451 | '*iv': 'str' } } | |
452 | ||
453 | ## | |
454 | # @SecretProperties: | |
455 | # | |
456 | # Properties for secret objects. | |
457 | # | |
458 | # Either @data or @file must be provided, but not both. | |
459 | # | |
460 | # @data: the associated with the secret from | |
461 | # | |
462 | # @file: the filename to load the data associated with the secret from | |
463 | # | |
464 | # Since: 2.6 | |
465 | ## | |
466 | { 'struct': 'SecretProperties', | |
467 | 'base': 'SecretCommonProperties', | |
468 | 'data': { '*data': 'str', | |
469 | '*file': 'str' } } | |
470 | ||
471 | ## | |
472 | # @SecretKeyringProperties: | |
473 | # | |
474 | # Properties for secret_keyring objects. | |
475 | # | |
476 | # @serial: serial number that identifies a key to get from the kernel | |
477 | # | |
478 | # Since: 5.1 | |
479 | ## | |
480 | { 'struct': 'SecretKeyringProperties', | |
481 | 'base': 'SecretCommonProperties', | |
482 | 'data': { 'serial': 'int32' } } | |
483 | ||
484 | ## | |
485 | # @TlsCredsProperties: | |
486 | # | |
487 | # Properties for objects of classes derived from tls-creds. | |
488 | # | |
489 | # @verify-peer: if true the peer credentials will be verified once the | |
490 | # handshake is completed. This is a no-op for anonymous | |
491 | # credentials. (default: true) | |
492 | # | |
493 | # @dir: the path of the directory that contains the credential files | |
494 | # | |
495 | # @endpoint: whether the QEMU network backend that uses the | |
496 | # credentials will be acting as a client or as a server | |
497 | # (default: client) | |
498 | # | |
499 | # @priority: a gnutls priority string as described at | |
500 | # https://gnutls.org/manual/html_node/Priority-Strings.html | |
501 | # | |
502 | # Since: 2.5 | |
503 | ## | |
504 | { 'struct': 'TlsCredsProperties', | |
505 | 'data': { '*verify-peer': 'bool', | |
506 | '*dir': 'str', | |
507 | '*endpoint': 'QCryptoTLSCredsEndpoint', | |
508 | '*priority': 'str' } } | |
509 | ||
510 | ## | |
511 | # @TlsCredsAnonProperties: | |
512 | # | |
513 | # Properties for tls-creds-anon objects. | |
514 | # | |
515 | # @loaded: if true, the credentials are loaded immediately when | |
516 | # applying this option and will ignore options that are processed | |
517 | # later. Don't use; only provided for compatibility. | |
518 | # (default: false) | |
519 | # | |
520 | # Features: | |
521 | # | |
522 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
523 | # make sense, and false is already the default. | |
524 | # | |
525 | # Since: 2.5 | |
526 | ## | |
527 | { 'struct': 'TlsCredsAnonProperties', | |
528 | 'base': 'TlsCredsProperties', | |
529 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } } | |
530 | ||
531 | ## | |
532 | # @TlsCredsPskProperties: | |
533 | # | |
534 | # Properties for tls-creds-psk objects. | |
535 | # | |
536 | # @loaded: if true, the credentials are loaded immediately when | |
537 | # applying this option and will ignore options that are processed | |
538 | # later. Don't use; only provided for compatibility. | |
539 | # (default: false) | |
540 | # | |
541 | # @username: the username which will be sent to the server. For | |
542 | # clients only. If absent, "qemu" is sent and the property will | |
543 | # read back as an empty string. | |
544 | # | |
545 | # Features: | |
546 | # | |
547 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
548 | # make sense, and false is already the default. | |
549 | # | |
550 | # Since: 3.0 | |
551 | ## | |
552 | { 'struct': 'TlsCredsPskProperties', | |
553 | 'base': 'TlsCredsProperties', | |
554 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
555 | '*username': 'str' } } | |
556 | ||
557 | ## | |
558 | # @TlsCredsX509Properties: | |
559 | # | |
560 | # Properties for tls-creds-x509 objects. | |
561 | # | |
562 | # @loaded: if true, the credentials are loaded immediately when | |
563 | # applying this option and will ignore options that are processed | |
564 | # later. Don't use; only provided for compatibility. | |
565 | # (default: false) | |
566 | # | |
567 | # @sanity-check: if true, perform some sanity checks before using the | |
568 | # credentials (default: true) | |
569 | # | |
570 | # @passwordid: For the server-key.pem and client-key.pem files which | |
571 | # contain sensitive private keys, it is possible to use an | |
572 | # encrypted version by providing the @passwordid parameter. This | |
573 | # provides the ID of a previously created secret object containing | |
574 | # the password for decryption. | |
575 | # | |
576 | # Features: | |
577 | # | |
578 | # @deprecated: Member @loaded is deprecated. Setting true doesn't | |
579 | # make sense, and false is already the default. | |
580 | # | |
581 | # Since: 2.5 | |
582 | ## | |
583 | { 'struct': 'TlsCredsX509Properties', | |
584 | 'base': 'TlsCredsProperties', | |
585 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, | |
586 | '*sanity-check': 'bool', | |
587 | '*passwordid': 'str' } } | |
588 | ## | |
589 | # @QCryptoAkCipherAlgorithm: | |
590 | # | |
591 | # The supported algorithms for asymmetric encryption ciphers | |
592 | # | |
593 | # @rsa: RSA algorithm | |
594 | # | |
595 | # Since: 7.1 | |
596 | ## | |
597 | { 'enum': 'QCryptoAkCipherAlgorithm', | |
598 | 'prefix': 'QCRYPTO_AKCIPHER_ALG', | |
599 | 'data': ['rsa']} | |
600 | ||
601 | ## | |
602 | # @QCryptoAkCipherKeyType: | |
603 | # | |
604 | # The type of asymmetric keys. | |
605 | # | |
606 | # Since: 7.1 | |
607 | ## | |
608 | { 'enum': 'QCryptoAkCipherKeyType', | |
609 | 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE', | |
610 | 'data': ['public', 'private']} | |
611 | ||
612 | ## | |
613 | # @QCryptoRSAPaddingAlgorithm: | |
614 | # | |
615 | # The padding algorithm for RSA. | |
616 | # | |
617 | # @raw: no padding used | |
618 | # | |
619 | # @pkcs1: pkcs1#v1.5 | |
620 | # | |
621 | # Since: 7.1 | |
622 | ## | |
623 | { 'enum': 'QCryptoRSAPaddingAlgorithm', | |
624 | 'prefix': 'QCRYPTO_RSA_PADDING_ALG', | |
625 | 'data': ['raw', 'pkcs1']} | |
626 | ||
627 | ## | |
628 | # @QCryptoAkCipherOptionsRSA: | |
629 | # | |
630 | # Specific parameters for RSA algorithm. | |
631 | # | |
632 | # @hash-alg: QCryptoHashAlgorithm | |
633 | # | |
634 | # @padding-alg: QCryptoRSAPaddingAlgorithm | |
635 | # | |
636 | # Since: 7.1 | |
637 | ## | |
638 | { 'struct': 'QCryptoAkCipherOptionsRSA', | |
639 | 'data': { 'hash-alg':'QCryptoHashAlgorithm', | |
640 | 'padding-alg': 'QCryptoRSAPaddingAlgorithm'}} | |
641 | ||
642 | ## | |
643 | # @QCryptoAkCipherOptions: | |
644 | # | |
645 | # The options that are available for all asymmetric key algorithms | |
646 | # when creating a new QCryptoAkCipher. | |
647 | # | |
648 | # Since: 7.1 | |
649 | ## | |
650 | { 'union': 'QCryptoAkCipherOptions', | |
651 | 'base': { 'alg': 'QCryptoAkCipherAlgorithm' }, | |
652 | 'discriminator': 'alg', | |
653 | 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }} |