qapi/crypto.json

   1 # -*- Mode: Python -*-
   2 #
   3 # QAPI crypto definitions
   4
   5 ##
   6 # QCryptoTLSCredsEndpoint:
   7 #
   8 # The type of network endpoint that will be using the credentials.
   9 # Most types of credential require different setup / structures
  10 # depending on whether they will be used in a server versus a
  11 # client.
  12 #
  13 # @client: the network endpoint is acting as the client
  14 #
  15 # @server: the network endpoint is acting as the server
  16 #
  17 # Since: 2.5
  18 ##
  19 { 'enum': 'QCryptoTLSCredsEndpoint',
  20   'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
  21   'data': ['client', 'server']}
  22
  23
  24 ##
  25 # QCryptoSecretFormat:
  26 #
  27 # The data format that the secret is provided in
  28 #
  29 # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
  30 # @base64: arbitrary base64 encoded binary data
  31 # Since: 2.6
  32 ##
  33 { 'enum': 'QCryptoSecretFormat',
  34   'prefix': 'QCRYPTO_SECRET_FORMAT',
  35   'data': ['raw', 'base64']}
  36
  37
  38 ##
  39 # QCryptoHashAlgorithm:
  40 #
  41 # The supported algorithms for computing content digests
  42 #
  43 # @md5: MD5. Should not be used in any new code, legacy compat only
  44 # @sha1: SHA-1. Should not be used in any new code, legacy compat only
  45 # @sha256: SHA-256. Current recommended strong hash.
  46 # Since: 2.6
  47 ##
  48 { 'enum': 'QCryptoHashAlgorithm',
  49   'prefix': 'QCRYPTO_HASH_ALG',
  50   'data': ['md5', 'sha1', 'sha256']}
  51
  52
  53 ##
  54 # QCryptoCipherAlgorithm:
  55 #
  56 # The supported algorithms for content encryption ciphers
  57 #
  58 # @aes-128: AES with 128 bit / 16 byte keys
  59 # @aes-192: AES with 192 bit / 24 byte keys
  60 # @aes-256: AES with 256 bit / 32 byte keys
  61 # @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
  62 # @cast5-128: Cast5 with 128 bit / 16 byte keys
  63 # @serpent-128: Serpent with 128 bit / 16 byte keys
  64 # @serpent-192: Serpent with 192 bit / 24 byte keys
  65 # @serpent-256: Serpent with 256 bit / 32 byte keys
  66 # Since: 2.6
  67 ##
  68 { 'enum': 'QCryptoCipherAlgorithm',
  69   'prefix': 'QCRYPTO_CIPHER_ALG',
  70   'data': ['aes-128', 'aes-192', 'aes-256',
  71            'des-rfb',
  72            'cast5-128',
  73            'serpent-128', 'serpent-192', 'serpent-256']}
  74
  75
  76 ##
  77 # QCryptoCipherMode:
  78 #
  79 # The supported modes for content encryption ciphers
  80 #
  81 # @ecb: Electronic Code Book
  82 # @cbc: Cipher Block Chaining
  83 # Since: 2.6
  84 ##
  85 { 'enum': 'QCryptoCipherMode',
  86   'prefix': 'QCRYPTO_CIPHER_MODE',
  87   'data': ['ecb', 'cbc']}
  88
  89
  90 ##
  91 # QCryptoIVGenAlgorithm:
  92 #
  93 # The supported algorithms for generating initialization
  94 # vectors for full disk encryption. The 'plain' generator
  95 # should not be used for disks with sector numbers larger
  96 # than 2^32, except where compatibility with pre-existing
  97 # Linux dm-crypt volumes is required.
  98 #
  99 # @plain: 64-bit sector number truncated to 32-bits
 100 # @plain64: 64-bit sector number
 101 # @essiv: 64-bit sector number encrypted with a hash of the encryption key
 102 # Since: 2.6
 103 ##
 104 { 'enum': 'QCryptoIVGenAlgorithm',
 105   'prefix': 'QCRYPTO_IVGEN_ALG',
 106   'data': ['plain', 'plain64', 'essiv']}