3 # QAPI crypto definitions
6 # QCryptoTLSCredsEndpoint:
8 # The type of network endpoint that will be using the credentials.
9 # Most types of credential require different setup / structures
10 # depending on whether they will be used in a server versus a
13 # @client: the network endpoint is acting as the client
15 # @server: the network endpoint is acting as the server
19 { 'enum': 'QCryptoTLSCredsEndpoint',
20 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
21 'data': ['client', 'server']}
25 # QCryptoSecretFormat:
27 # The data format that the secret is provided in
29 # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
30 # @base64: arbitrary base64 encoded binary data
33 { 'enum': 'QCryptoSecretFormat',
34 'prefix': 'QCRYPTO_SECRET_FORMAT',
35 'data': ['raw', 'base64']}
39 # QCryptoHashAlgorithm:
41 # The supported algorithms for computing content digests
43 # @md5: MD5. Should not be used in any new code, legacy compat only
44 # @sha1: SHA-1. Should not be used in any new code, legacy compat only
45 # @sha256: SHA-256. Current recommended strong hash.
48 { 'enum': 'QCryptoHashAlgorithm',
49 'prefix': 'QCRYPTO_HASH_ALG',
50 'data': ['md5', 'sha1', 'sha256']}
54 # QCryptoCipherAlgorithm:
56 # The supported algorithms for content encryption ciphers
58 # @aes-128: AES with 128 bit / 16 byte keys
59 # @aes-192: AES with 192 bit / 24 byte keys
60 # @aes-256: AES with 256 bit / 32 byte keys
61 # @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
62 # @cast5-128: Cast5 with 128 bit / 16 byte keys
63 # @serpent-128: Serpent with 128 bit / 16 byte keys
64 # @serpent-192: Serpent with 192 bit / 24 byte keys
65 # @serpent-256: Serpent with 256 bit / 32 byte keys
66 # @twofish-128: Twofish with 128 bit / 16 byte keys
67 # @twofish-192: Twofish with 192 bit / 24 byte keys
68 # @twofish-256: Twofish with 256 bit / 32 byte keys
71 { 'enum': 'QCryptoCipherAlgorithm',
72 'prefix': 'QCRYPTO_CIPHER_ALG',
73 'data': ['aes-128', 'aes-192', 'aes-256',
76 'serpent-128', 'serpent-192', 'serpent-256',
77 'twofish-128', 'twofish-192', 'twofish-256']}
83 # The supported modes for content encryption ciphers
85 # @ecb: Electronic Code Book
86 # @cbc: Cipher Block Chaining
87 # @xts: XEX with tweaked code book and ciphertext stealing
90 { 'enum': 'QCryptoCipherMode',
91 'prefix': 'QCRYPTO_CIPHER_MODE',
92 'data': ['ecb', 'cbc', 'xts']}
96 # QCryptoIVGenAlgorithm:
98 # The supported algorithms for generating initialization
99 # vectors for full disk encryption. The 'plain' generator
100 # should not be used for disks with sector numbers larger
101 # than 2^32, except where compatibility with pre-existing
102 # Linux dm-crypt volumes is required.
104 # @plain: 64-bit sector number truncated to 32-bits
105 # @plain64: 64-bit sector number
106 # @essiv: 64-bit sector number encrypted with a hash of the encryption key
109 { 'enum': 'QCryptoIVGenAlgorithm',
110 'prefix': 'QCRYPTO_IVGEN_ALG',
111 'data': ['plain', 'plain64', 'essiv']}