Daniel P. Berrange | a090187 | 2015-03-13 17:39:26 +0000 | [diff] [blame] | 1 | # -*- Mode: Python -*- |
Andrea Bolognani | f7160f3 | 2020-07-29 20:50:24 +0200 | [diff] [blame] | 2 | # vim: filetype=python |
Daniel P. Berrange | a090187 | 2015-03-13 17:39:26 +0000 | [diff] [blame] | 3 | # |
Marc-André Lureau | d3a4837 | 2017-01-13 15:41:23 +0100 | [diff] [blame] | 4 | |
| 5 | ## |
Markus Armbruster | f5cf31c | 2017-08-24 21:14:08 +0200 | [diff] [blame] | 6 | # = Cryptography |
Marc-André Lureau | d3a4837 | 2017-01-13 15:41:23 +0100 | [diff] [blame] | 7 | ## |
Daniel P. Berrange | a090187 | 2015-03-13 17:39:26 +0000 | [diff] [blame] | 8 | |
| 9 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 10 | # @QCryptoTLSCredsEndpoint: |
Daniel P. Berrange | a090187 | 2015-03-13 17:39:26 +0000 | [diff] [blame] | 11 | # |
| 12 | # The type of network endpoint that will be using the credentials. |
| 13 | # Most types of credential require different setup / structures |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 14 | # depending on whether they will be used in a server versus a client. |
Daniel P. Berrange | a090187 | 2015-03-13 17:39:26 +0000 | [diff] [blame] | 15 | # |
| 16 | # @client: the network endpoint is acting as the client |
| 17 | # |
| 18 | # @server: the network endpoint is acting as the server |
| 19 | # |
| 20 | # Since: 2.5 |
| 21 | ## |
| 22 | { 'enum': 'QCryptoTLSCredsEndpoint', |
| 23 | 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT', |
| 24 | 'data': ['client', 'server']} |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 25 | |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 26 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 27 | # @QCryptoSecretFormat: |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 28 | # |
| 29 | # The data format that the secret is provided in |
| 30 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 31 | # @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences |
| 32 | # can be used |
| 33 | # |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 34 | # @base64: arbitrary base64 encoded binary data |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 35 | # |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 36 | # Since: 2.6 |
| 37 | ## |
| 38 | { 'enum': 'QCryptoSecretFormat', |
| 39 | 'prefix': 'QCRYPTO_SECRET_FORMAT', |
| 40 | 'data': ['raw', 'base64']} |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 41 | |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 42 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 43 | # @QCryptoHashAlgorithm: |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 44 | # |
| 45 | # The supported algorithms for computing content digests |
| 46 | # |
| 47 | # @md5: MD5. Should not be used in any new code, legacy compat only |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 48 | # |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 49 | # @sha1: SHA-1. Should not be used in any new code, legacy compat only |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 50 | # |
Daniel P. Berrange | 9164b89 | 2016-03-11 18:33:08 +0000 | [diff] [blame] | 51 | # @sha224: SHA-224. (since 2.7) |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 52 | # |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 53 | # @sha256: SHA-256. Current recommended strong hash. |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 54 | # |
Daniel P. Berrange | 9164b89 | 2016-03-11 18:33:08 +0000 | [diff] [blame] | 55 | # @sha384: SHA-384. (since 2.7) |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 56 | # |
Daniel P. Berrange | 9164b89 | 2016-03-11 18:33:08 +0000 | [diff] [blame] | 57 | # @sha512: SHA-512. (since 2.7) |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 58 | # |
Daniel P. Berrange | 9164b89 | 2016-03-11 18:33:08 +0000 | [diff] [blame] | 59 | # @ripemd160: RIPEMD-160. (since 2.7) |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 60 | # |
Daniel P. Berrange | d84b79d | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 61 | # Since: 2.6 |
| 62 | ## |
| 63 | { 'enum': 'QCryptoHashAlgorithm', |
| 64 | 'prefix': 'QCRYPTO_HASH_ALG', |
Daniel P. Berrange | 9164b89 | 2016-03-11 18:33:08 +0000 | [diff] [blame] | 65 | 'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']} |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 66 | |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 67 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 68 | # @QCryptoCipherAlgorithm: |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 69 | # |
| 70 | # The supported algorithms for content encryption ciphers |
| 71 | # |
| 72 | # @aes-128: AES with 128 bit / 16 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 73 | # |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 74 | # @aes-192: AES with 192 bit / 24 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 75 | # |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 76 | # @aes-256: AES with 256 bit / 32 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 77 | # |
| 78 | # @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. |
| 79 | # (since 6.1) |
| 80 | # |
Longpeng(Mike) | ffb7bf4 | 2016-12-08 10:33:28 +0800 | [diff] [blame] | 81 | # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 82 | # |
Daniel P. Berrange | 084a85e | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 83 | # @cast5-128: Cast5 with 128 bit / 16 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 84 | # |
Daniel P. Berrange | 9431852 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 85 | # @serpent-128: Serpent with 128 bit / 16 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 86 | # |
Daniel P. Berrange | 9431852 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 87 | # @serpent-192: Serpent with 192 bit / 24 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 88 | # |
Daniel P. Berrange | 9431852 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 89 | # @serpent-256: Serpent with 256 bit / 32 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 90 | # |
Daniel P. Berrange | 50f6753 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 91 | # @twofish-128: Twofish with 128 bit / 16 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 92 | # |
Daniel P. Berrange | 50f6753 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 93 | # @twofish-192: Twofish with 192 bit / 24 byte keys |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 94 | # |
Daniel P. Berrange | 50f6753 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 95 | # @twofish-256: Twofish with 256 bit / 32 byte keys |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 96 | # |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 97 | # Since: 2.6 |
| 98 | ## |
| 99 | { 'enum': 'QCryptoCipherAlgorithm', |
| 100 | 'prefix': 'QCRYPTO_CIPHER_ALG', |
Daniel P. Berrange | 084a85e | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 101 | 'data': ['aes-128', 'aes-192', 'aes-256', |
Daniel P. Berrangé | 83bee4b | 2021-06-29 14:25:32 +0100 | [diff] [blame] | 102 | 'des', '3des', |
Daniel P. Berrange | 9431852 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 103 | 'cast5-128', |
Daniel P. Berrange | 50f6753 | 2016-02-10 17:07:42 +0000 | [diff] [blame] | 104 | 'serpent-128', 'serpent-192', 'serpent-256', |
| 105 | 'twofish-128', 'twofish-192', 'twofish-256']} |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 106 | |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 107 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 108 | # @QCryptoCipherMode: |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 109 | # |
| 110 | # The supported modes for content encryption ciphers |
| 111 | # |
| 112 | # @ecb: Electronic Code Book |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 113 | # |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 114 | # @cbc: Cipher Block Chaining |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 115 | # |
Daniel P. Berrange | eaec903 | 2016-02-11 14:05:21 +0000 | [diff] [blame] | 116 | # @xts: XEX with tweaked code book and ciphertext stealing |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 117 | # |
Gonglei | 3c28292 | 2016-09-26 17:23:22 +0800 | [diff] [blame] | 118 | # @ctr: Counter (Since 2.8) |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 119 | # |
Daniel P. Berrange | d8c02bc | 2015-11-19 17:09:01 +0000 | [diff] [blame] | 120 | # Since: 2.6 |
| 121 | ## |
| 122 | { 'enum': 'QCryptoCipherMode', |
| 123 | 'prefix': 'QCRYPTO_CIPHER_MODE', |
Gonglei | 3c28292 | 2016-09-26 17:23:22 +0800 | [diff] [blame] | 124 | 'data': ['ecb', 'cbc', 'xts', 'ctr']} |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 125 | |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 126 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 127 | # @QCryptoIVGenAlgorithm: |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 128 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 129 | # The supported algorithms for generating initialization vectors for |
| 130 | # full disk encryption. The 'plain' generator should not be used for |
| 131 | # disks with sector numbers larger than 2^32, except where |
| 132 | # compatibility with pre-existing Linux dm-crypt volumes is required. |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 133 | # |
| 134 | # @plain: 64-bit sector number truncated to 32-bits |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 135 | # |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 136 | # @plain64: 64-bit sector number |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 137 | # |
| 138 | # @essiv: 64-bit sector number encrypted with a hash of the encryption |
| 139 | # key |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 140 | # |
Daniel P. Berrange | cb73089 | 2015-10-15 12:35:28 +0100 | [diff] [blame] | 141 | # Since: 2.6 |
| 142 | ## |
| 143 | { 'enum': 'QCryptoIVGenAlgorithm', |
| 144 | 'prefix': 'QCRYPTO_IVGEN_ALG', |
| 145 | 'data': ['plain', 'plain64', 'essiv']} |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 146 | |
| 147 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 148 | # @QCryptoBlockFormat: |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 149 | # |
| 150 | # The supported full disk encryption formats |
| 151 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 152 | # @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only for |
| 153 | # liberating data from old images. |
| 154 | # |
| 155 | # @luks: LUKS encryption format. Recommended for new images |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 156 | # |
| 157 | # Since: 2.6 |
| 158 | ## |
| 159 | { 'enum': 'QCryptoBlockFormat', |
| 160 | # 'prefix': 'QCRYPTO_BLOCK_FORMAT', |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 161 | 'data': ['qcow', 'luks']} |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 162 | |
| 163 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 164 | # @QCryptoBlockOptionsBase: |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 165 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 166 | # The common options that apply to all full disk encryption formats |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 167 | # |
| 168 | # @format: the encryption format |
| 169 | # |
| 170 | # Since: 2.6 |
| 171 | ## |
| 172 | { 'struct': 'QCryptoBlockOptionsBase', |
| 173 | 'data': { 'format': 'QCryptoBlockFormat' }} |
| 174 | |
| 175 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 176 | # @QCryptoBlockOptionsQCow: |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 177 | # |
| 178 | # The options that apply to QCow/QCow2 AES-CBC encryption format |
| 179 | # |
Markus Armbruster | 1d8bda1 | 2017-03-15 13:57:06 +0100 | [diff] [blame] | 180 | # @key-secret: the ID of a QCryptoSecret object providing the |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 181 | # decryption key. Mandatory except when probing image for |
| 182 | # metadata only. |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 183 | # |
| 184 | # Since: 2.6 |
| 185 | ## |
| 186 | { 'struct': 'QCryptoBlockOptionsQCow', |
| 187 | 'data': { '*key-secret': 'str' }} |
| 188 | |
| 189 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 190 | # @QCryptoBlockOptionsLUKS: |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 191 | # |
| 192 | # The options that apply to LUKS encryption format |
| 193 | # |
Markus Armbruster | 1d8bda1 | 2017-03-15 13:57:06 +0100 | [diff] [blame] | 194 | # @key-secret: the ID of a QCryptoSecret object providing the |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 195 | # decryption key. Mandatory except when probing image for |
| 196 | # metadata only. |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 197 | # |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 198 | # Since: 2.6 |
| 199 | ## |
| 200 | { 'struct': 'QCryptoBlockOptionsLUKS', |
| 201 | 'data': { '*key-secret': 'str' }} |
| 202 | |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 203 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 204 | # @QCryptoBlockCreateOptionsLUKS: |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 205 | # |
| 206 | # The options that apply to LUKS encryption format initialization |
| 207 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 208 | # @cipher-alg: the cipher algorithm for data encryption Currently |
| 209 | # defaults to 'aes-256'. |
| 210 | # |
| 211 | # @cipher-mode: the cipher mode for data encryption Currently defaults |
| 212 | # to 'xts' |
| 213 | # |
| 214 | # @ivgen-alg: the initialization vector generator Currently defaults |
| 215 | # to 'plain64' |
| 216 | # |
| 217 | # @ivgen-hash-alg: the initialization vector generator hash Currently |
| 218 | # defaults to 'sha256' |
| 219 | # |
| 220 | # @hash-alg: the master key hash algorithm Currently defaults to |
| 221 | # 'sha256' |
| 222 | # |
| 223 | # @iter-time: number of milliseconds to spend in PBKDF passphrase |
| 224 | # processing. Currently defaults to 2000. (since 2.8) |
Andrea Bolognani | 4ae65a5 | 2022-05-03 09:37:32 +0200 | [diff] [blame] | 225 | # |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 226 | # Since: 2.6 |
| 227 | ## |
| 228 | { 'struct': 'QCryptoBlockCreateOptionsLUKS', |
| 229 | 'base': 'QCryptoBlockOptionsLUKS', |
| 230 | 'data': { '*cipher-alg': 'QCryptoCipherAlgorithm', |
| 231 | '*cipher-mode': 'QCryptoCipherMode', |
| 232 | '*ivgen-alg': 'QCryptoIVGenAlgorithm', |
| 233 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', |
Daniel P. Berrange | 3bd1889 | 2016-09-06 18:43:00 +0100 | [diff] [blame] | 234 | '*hash-alg': 'QCryptoHashAlgorithm', |
| 235 | '*iter-time': 'int'}} |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 236 | |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 237 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 238 | # @QCryptoBlockOpenOptions: |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 239 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 240 | # The options that are available for all encryption formats when |
| 241 | # opening an existing volume |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 242 | # |
| 243 | # Since: 2.6 |
| 244 | ## |
| 245 | { 'union': 'QCryptoBlockOpenOptions', |
| 246 | 'base': 'QCryptoBlockOptionsBase', |
| 247 | 'discriminator': 'format', |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 248 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', |
| 249 | 'luks': 'QCryptoBlockOptionsLUKS' } } |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 250 | |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 251 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 252 | # @QCryptoBlockCreateOptions: |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 253 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 254 | # The options that are available for all encryption formats when |
| 255 | # initializing a new volume |
Daniel P. Berrange | 7d96901 | 2015-10-24 11:44:13 +0100 | [diff] [blame] | 256 | # |
| 257 | # Since: 2.6 |
| 258 | ## |
| 259 | { 'union': 'QCryptoBlockCreateOptions', |
| 260 | 'base': 'QCryptoBlockOptionsBase', |
| 261 | 'discriminator': 'format', |
Daniel P. Berrange | 3e308f2 | 2015-10-24 11:55:48 +0100 | [diff] [blame] | 262 | 'data': { 'qcow': 'QCryptoBlockOptionsQCow', |
| 263 | 'luks': 'QCryptoBlockCreateOptionsLUKS' } } |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 264 | |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 265 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 266 | # @QCryptoBlockInfoBase: |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 267 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 268 | # The common information that applies to all full disk encryption |
| 269 | # formats |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 270 | # |
| 271 | # @format: the encryption format |
| 272 | # |
| 273 | # Since: 2.7 |
| 274 | ## |
| 275 | { 'struct': 'QCryptoBlockInfoBase', |
| 276 | 'data': { 'format': 'QCryptoBlockFormat' }} |
| 277 | |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 278 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 279 | # @QCryptoBlockInfoLUKSSlot: |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 280 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 281 | # Information about the LUKS block encryption key slot options |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 282 | # |
| 283 | # @active: whether the key slot is currently in use |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 284 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 285 | # @key-offset: offset to the key material in bytes |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 286 | # |
Markus Armbruster | 1d8bda1 | 2017-03-15 13:57:06 +0100 | [diff] [blame] | 287 | # @iters: number of PBKDF2 iterations for key material |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 288 | # |
Markus Armbruster | 1d8bda1 | 2017-03-15 13:57:06 +0100 | [diff] [blame] | 289 | # @stripes: number of stripes for splitting key material |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 290 | # |
| 291 | # Since: 2.7 |
| 292 | ## |
| 293 | { 'struct': 'QCryptoBlockInfoLUKSSlot', |
| 294 | 'data': {'active': 'bool', |
| 295 | '*iters': 'int', |
| 296 | '*stripes': 'int', |
| 297 | 'key-offset': 'int' } } |
| 298 | |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 299 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 300 | # @QCryptoBlockInfoLUKS: |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 301 | # |
| 302 | # Information about the LUKS block encryption options |
| 303 | # |
| 304 | # @cipher-alg: the cipher algorithm for data encryption |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 305 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 306 | # @cipher-mode: the cipher mode for data encryption |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 307 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 308 | # @ivgen-alg: the initialization vector generator |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 309 | # |
Markus Armbruster | 1d8bda1 | 2017-03-15 13:57:06 +0100 | [diff] [blame] | 310 | # @ivgen-hash-alg: the initialization vector generator hash |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 311 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 312 | # @hash-alg: the master key hash algorithm |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 313 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 314 | # @payload-offset: offset to the payload data in bytes |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 315 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 316 | # @master-key-iters: number of PBKDF2 iterations for key material |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 317 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 318 | # @uuid: unique identifier for the volume |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 319 | # |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 320 | # @slots: information about each key slot |
| 321 | # |
| 322 | # Since: 2.7 |
| 323 | ## |
| 324 | { 'struct': 'QCryptoBlockInfoLUKS', |
| 325 | 'data': {'cipher-alg': 'QCryptoCipherAlgorithm', |
| 326 | 'cipher-mode': 'QCryptoCipherMode', |
| 327 | 'ivgen-alg': 'QCryptoIVGenAlgorithm', |
| 328 | '*ivgen-hash-alg': 'QCryptoHashAlgorithm', |
| 329 | 'hash-alg': 'QCryptoHashAlgorithm', |
| 330 | 'payload-offset': 'int', |
| 331 | 'master-key-iters': 'int', |
| 332 | 'uuid': 'str', |
| 333 | 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }} |
| 334 | |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 335 | ## |
Marc-André Lureau | c5927e7 | 2016-11-17 19:54:52 +0400 | [diff] [blame] | 336 | # @QCryptoBlockInfo: |
Daniel P. Berrange | 40c8502 | 2016-07-22 13:53:34 +0100 | [diff] [blame] | 337 | # |
| 338 | # Information about the block encryption options |
| 339 | # |
| 340 | # Since: 2.7 |
| 341 | ## |
| 342 | { 'union': 'QCryptoBlockInfo', |
| 343 | 'base': 'QCryptoBlockInfoBase', |
| 344 | 'discriminator': 'format', |
Anton Nefedov | 29cd040 | 2018-06-18 11:40:06 +0300 | [diff] [blame] | 345 | 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 346 | |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 347 | ## |
| 348 | # @QCryptoBlockLUKSKeyslotState: |
| 349 | # |
| 350 | # Defines state of keyslots that are affected by the update |
| 351 | # |
Andrea Bolognani | c0ac533 | 2022-05-03 09:37:36 +0200 | [diff] [blame] | 352 | # @active: The slots contain the given password and marked as active |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 353 | # |
| 354 | # @inactive: The slots are erased (contain garbage) and marked as |
| 355 | # inactive |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 356 | # |
| 357 | # Since: 5.1 |
| 358 | ## |
| 359 | { 'enum': 'QCryptoBlockLUKSKeyslotState', |
| 360 | 'data': [ 'active', 'inactive' ] } |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 361 | |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 362 | ## |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 363 | # @QCryptoBlockAmendOptionsLUKS: |
| 364 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 365 | # This struct defines the update parameters that activate/de-activate |
| 366 | # set of keyslots |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 367 | # |
| 368 | # @state: the desired state of the keyslots |
| 369 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 370 | # @new-secret: The ID of a QCryptoSecret object providing the password |
| 371 | # to be written into added active keyslots |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 372 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 373 | # @old-secret: Optional (for deactivation only) If given will |
| 374 | # deactivate all keyslots that match password located in |
| 375 | # QCryptoSecret with this ID |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 376 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 377 | # @iter-time: Optional (for activation only) Number of milliseconds to |
| 378 | # spend in PBKDF passphrase processing for the newly activated |
| 379 | # keyslot. Currently defaults to 2000. |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 380 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 381 | # @keyslot: Optional. ID of the keyslot to activate/deactivate. For |
| 382 | # keyslot activation, keyslot should not be active already (this |
| 383 | # is unsafe to update an active keyslot), but possible if 'force' |
| 384 | # parameter is given. If keyslot is not given, first free keyslot |
| 385 | # will be written. |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 386 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 387 | # For keyslot deactivation, this parameter specifies the exact |
| 388 | # keyslot to deactivate |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 389 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 390 | # @secret: Optional. The ID of a QCryptoSecret object providing the |
| 391 | # password to use to retrieve current master key. Defaults to the |
| 392 | # same secret that was used to open the image |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 393 | # |
Markus Armbruster | 433a4fd | 2022-04-22 15:28:07 +0200 | [diff] [blame] | 394 | # Since: 5.1 |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 395 | ## |
| 396 | { 'struct': 'QCryptoBlockAmendOptionsLUKS', |
| 397 | 'data': { 'state': 'QCryptoBlockLUKSKeyslotState', |
| 398 | '*new-secret': 'str', |
| 399 | '*old-secret': 'str', |
| 400 | '*keyslot': 'int', |
| 401 | '*iter-time': 'int', |
| 402 | '*secret': 'str' } } |
| 403 | |
| 404 | ## |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 405 | # @QCryptoBlockAmendOptions: |
| 406 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 407 | # The options that are available for all encryption formats when |
| 408 | # amending encryption settings |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 409 | # |
| 410 | # Since: 5.1 |
| 411 | ## |
| 412 | { 'union': 'QCryptoBlockAmendOptions', |
| 413 | 'base': 'QCryptoBlockOptionsBase', |
| 414 | 'discriminator': 'format', |
| 415 | 'data': { |
Maxim Levitsky | 557d2bd | 2020-06-25 14:55:37 +0200 | [diff] [blame] | 416 | 'luks': 'QCryptoBlockAmendOptionsLUKS' } } |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 417 | |
| 418 | ## |
| 419 | # @SecretCommonProperties: |
| 420 | # |
| 421 | # Properties for objects of classes derived from secret-common. |
| 422 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 423 | # @loaded: if true, the secret is loaded immediately when applying |
| 424 | # this option and will probably fail when processing the next |
| 425 | # option. Don't use; only provided for compatibility. |
| 426 | # (default: false) |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 427 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 428 | # @format: the data format that the secret is provided in |
| 429 | # (default: raw) |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 430 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 431 | # @keyid: the name of another secret that should be used to decrypt |
| 432 | # the provided data. If not present, the data is assumed to be |
| 433 | # unencrypted. |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 434 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 435 | # @iv: the random initialization vector used for encryption of this |
| 436 | # particular secret. Should be a base64 encrypted string of the |
| 437 | # 16-byte IV. Mandatory if @keyid is given. Ignored if @keyid is |
| 438 | # absent. |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 439 | # |
| 440 | # Features: |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 441 | # |
| 442 | # @deprecated: Member @loaded is deprecated. Setting true doesn't |
| 443 | # make sense, and false is already the default. |
Kevin Wolf | 39c4c27 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 444 | # |
| 445 | # Since: 2.6 |
| 446 | ## |
| 447 | { 'struct': 'SecretCommonProperties', |
| 448 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, |
| 449 | '*format': 'QCryptoSecretFormat', |
| 450 | '*keyid': 'str', |
| 451 | '*iv': 'str' } } |
| 452 | |
| 453 | ## |
| 454 | # @SecretProperties: |
| 455 | # |
| 456 | # Properties for secret objects. |
| 457 | # |
| 458 | # Either @data or @file must be provided, but not both. |
| 459 | # |
| 460 | # @data: the associated with the secret from |
| 461 | # |
| 462 | # @file: the filename to load the data associated with the secret from |
| 463 | # |
| 464 | # Since: 2.6 |
| 465 | ## |
| 466 | { 'struct': 'SecretProperties', |
| 467 | 'base': 'SecretCommonProperties', |
| 468 | 'data': { '*data': 'str', |
| 469 | '*file': 'str' } } |
| 470 | |
| 471 | ## |
| 472 | # @SecretKeyringProperties: |
| 473 | # |
| 474 | # Properties for secret_keyring objects. |
| 475 | # |
| 476 | # @serial: serial number that identifies a key to get from the kernel |
| 477 | # |
| 478 | # Since: 5.1 |
| 479 | ## |
| 480 | { 'struct': 'SecretKeyringProperties', |
| 481 | 'base': 'SecretCommonProperties', |
| 482 | 'data': { 'serial': 'int32' } } |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 483 | |
| 484 | ## |
| 485 | # @TlsCredsProperties: |
| 486 | # |
| 487 | # Properties for objects of classes derived from tls-creds. |
| 488 | # |
| 489 | # @verify-peer: if true the peer credentials will be verified once the |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 490 | # handshake is completed. This is a no-op for anonymous |
| 491 | # credentials. (default: true) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 492 | # |
| 493 | # @dir: the path of the directory that contains the credential files |
| 494 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 495 | # @endpoint: whether the QEMU network backend that uses the |
| 496 | # credentials will be acting as a client or as a server |
| 497 | # (default: client) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 498 | # |
| 499 | # @priority: a gnutls priority string as described at |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 500 | # https://gnutls.org/manual/html_node/Priority-Strings.html |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 501 | # |
| 502 | # Since: 2.5 |
| 503 | ## |
| 504 | { 'struct': 'TlsCredsProperties', |
| 505 | 'data': { '*verify-peer': 'bool', |
| 506 | '*dir': 'str', |
| 507 | '*endpoint': 'QCryptoTLSCredsEndpoint', |
| 508 | '*priority': 'str' } } |
| 509 | |
| 510 | ## |
| 511 | # @TlsCredsAnonProperties: |
| 512 | # |
| 513 | # Properties for tls-creds-anon objects. |
| 514 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 515 | # @loaded: if true, the credentials are loaded immediately when |
| 516 | # applying this option and will ignore options that are processed |
| 517 | # later. Don't use; only provided for compatibility. |
| 518 | # (default: false) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 519 | # |
| 520 | # Features: |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 521 | # |
| 522 | # @deprecated: Member @loaded is deprecated. Setting true doesn't |
| 523 | # make sense, and false is already the default. |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 524 | # |
| 525 | # Since: 2.5 |
| 526 | ## |
| 527 | { 'struct': 'TlsCredsAnonProperties', |
| 528 | 'base': 'TlsCredsProperties', |
| 529 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } } |
| 530 | |
| 531 | ## |
| 532 | # @TlsCredsPskProperties: |
| 533 | # |
| 534 | # Properties for tls-creds-psk objects. |
| 535 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 536 | # @loaded: if true, the credentials are loaded immediately when |
| 537 | # applying this option and will ignore options that are processed |
| 538 | # later. Don't use; only provided for compatibility. |
| 539 | # (default: false) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 540 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 541 | # @username: the username which will be sent to the server. For |
| 542 | # clients only. If absent, "qemu" is sent and the property will |
| 543 | # read back as an empty string. |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 544 | # |
| 545 | # Features: |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 546 | # |
| 547 | # @deprecated: Member @loaded is deprecated. Setting true doesn't |
| 548 | # make sense, and false is already the default. |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 549 | # |
| 550 | # Since: 3.0 |
| 551 | ## |
| 552 | { 'struct': 'TlsCredsPskProperties', |
| 553 | 'base': 'TlsCredsProperties', |
| 554 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, |
| 555 | '*username': 'str' } } |
| 556 | |
| 557 | ## |
| 558 | # @TlsCredsX509Properties: |
| 559 | # |
| 560 | # Properties for tls-creds-x509 objects. |
| 561 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 562 | # @loaded: if true, the credentials are loaded immediately when |
| 563 | # applying this option and will ignore options that are processed |
| 564 | # later. Don't use; only provided for compatibility. |
| 565 | # (default: false) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 566 | # |
| 567 | # @sanity-check: if true, perform some sanity checks before using the |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 568 | # credentials (default: true) |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 569 | # |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 570 | # @passwordid: For the server-key.pem and client-key.pem files which |
| 571 | # contain sensitive private keys, it is possible to use an |
| 572 | # encrypted version by providing the @passwordid parameter. This |
| 573 | # provides the ID of a previously created secret object containing |
| 574 | # the password for decryption. |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 575 | # |
| 576 | # Features: |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 577 | # |
| 578 | # @deprecated: Member @loaded is deprecated. Setting true doesn't |
| 579 | # make sense, and false is already the default. |
Kevin Wolf | d09e493 | 2020-10-20 12:47:58 +0200 | [diff] [blame] | 580 | # |
| 581 | # Since: 2.5 |
| 582 | ## |
| 583 | { 'struct': 'TlsCredsX509Properties', |
| 584 | 'base': 'TlsCredsProperties', |
| 585 | 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, |
| 586 | '*sanity-check': 'bool', |
| 587 | '*passwordid': 'str' } } |
Lei He | daa55f3 | 2022-05-25 17:01:11 +0800 | [diff] [blame] | 588 | ## |
| 589 | # @QCryptoAkCipherAlgorithm: |
| 590 | # |
| 591 | # The supported algorithms for asymmetric encryption ciphers |
| 592 | # |
| 593 | # @rsa: RSA algorithm |
| 594 | # |
| 595 | # Since: 7.1 |
| 596 | ## |
| 597 | { 'enum': 'QCryptoAkCipherAlgorithm', |
| 598 | 'prefix': 'QCRYPTO_AKCIPHER_ALG', |
| 599 | 'data': ['rsa']} |
| 600 | |
| 601 | ## |
| 602 | # @QCryptoAkCipherKeyType: |
| 603 | # |
| 604 | # The type of asymmetric keys. |
| 605 | # |
| 606 | # Since: 7.1 |
| 607 | ## |
| 608 | { 'enum': 'QCryptoAkCipherKeyType', |
| 609 | 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE', |
| 610 | 'data': ['public', 'private']} |
| 611 | |
| 612 | ## |
| 613 | # @QCryptoRSAPaddingAlgorithm: |
| 614 | # |
| 615 | # The padding algorithm for RSA. |
| 616 | # |
| 617 | # @raw: no padding used |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 618 | # |
Lei He | daa55f3 | 2022-05-25 17:01:11 +0800 | [diff] [blame] | 619 | # @pkcs1: pkcs1#v1.5 |
| 620 | # |
| 621 | # Since: 7.1 |
| 622 | ## |
| 623 | { 'enum': 'QCryptoRSAPaddingAlgorithm', |
| 624 | 'prefix': 'QCRYPTO_RSA_PADDING_ALG', |
| 625 | 'data': ['raw', 'pkcs1']} |
| 626 | |
| 627 | ## |
| 628 | # @QCryptoAkCipherOptionsRSA: |
| 629 | # |
| 630 | # Specific parameters for RSA algorithm. |
| 631 | # |
| 632 | # @hash-alg: QCryptoHashAlgorithm |
Markus Armbruster | a937b6a | 2023-04-28 12:54:29 +0200 | [diff] [blame] | 633 | # |
Lei He | daa55f3 | 2022-05-25 17:01:11 +0800 | [diff] [blame] | 634 | # @padding-alg: QCryptoRSAPaddingAlgorithm |
| 635 | # |
| 636 | # Since: 7.1 |
| 637 | ## |
| 638 | { 'struct': 'QCryptoAkCipherOptionsRSA', |
| 639 | 'data': { 'hash-alg':'QCryptoHashAlgorithm', |
| 640 | 'padding-alg': 'QCryptoRSAPaddingAlgorithm'}} |
| 641 | |
| 642 | ## |
| 643 | # @QCryptoAkCipherOptions: |
| 644 | # |
| 645 | # The options that are available for all asymmetric key algorithms |
| 646 | # when creating a new QCryptoAkCipher. |
| 647 | # |
| 648 | # Since: 7.1 |
| 649 | ## |
| 650 | { 'union': 'QCryptoAkCipherOptions', |
| 651 | 'base': { 'alg': 'QCryptoAkCipherAlgorithm' }, |
| 652 | 'discriminator': 'alg', |
| 653 | 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }} |