blob: 1ec54c15ca5f148c62d08d5c650af205415bf4ec [file] [log] [blame]
Daniel P. Berrangea0901872015-03-13 17:39:26 +00001# -*- Mode: Python -*-
Andrea Bolognanif7160f32020-07-29 20:50:24 +02002# vim: filetype=python
Daniel P. Berrangea0901872015-03-13 17:39:26 +00003#
Marc-André Lureaud3a48372017-01-13 15:41:23 +01004
5##
Markus Armbrusterf5cf31c2017-08-24 21:14:08 +02006# = Cryptography
Marc-André Lureaud3a48372017-01-13 15:41:23 +01007##
Daniel P. Berrangea0901872015-03-13 17:39:26 +00008
9##
Marc-André Lureauc5927e72016-11-17 19:54:52 +040010# @QCryptoTLSCredsEndpoint:
Daniel P. Berrangea0901872015-03-13 17:39:26 +000011#
12# The type of network endpoint that will be using the credentials.
13# Most types of credential require different setup / structures
14# depending on whether they will be used in a server versus a
15# client.
16#
17# @client: the network endpoint is acting as the client
18#
19# @server: the network endpoint is acting as the server
20#
21# Since: 2.5
22##
23{ 'enum': 'QCryptoTLSCredsEndpoint',
24 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
25 'data': ['client', 'server']}
Daniel P. Berrangeac1d8872015-10-14 09:58:38 +010026
27
28##
Marc-André Lureauc5927e72016-11-17 19:54:52 +040029# @QCryptoSecretFormat:
Daniel P. Berrangeac1d8872015-10-14 09:58:38 +010030#
31# The data format that the secret is provided in
32#
33# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
34# @base64: arbitrary base64 encoded binary data
35# Since: 2.6
36##
37{ 'enum': 'QCryptoSecretFormat',
38 'prefix': 'QCRYPTO_SECRET_FORMAT',
39 'data': ['raw', 'base64']}
Daniel P. Berranged84b79d2015-11-19 17:09:01 +000040
41
42##
Marc-André Lureauc5927e72016-11-17 19:54:52 +040043# @QCryptoHashAlgorithm:
Daniel P. Berranged84b79d2015-11-19 17:09:01 +000044#
45# The supported algorithms for computing content digests
46#
47# @md5: MD5. Should not be used in any new code, legacy compat only
48# @sha1: SHA-1. Should not be used in any new code, legacy compat only
Daniel P. Berrange9164b892016-03-11 18:33:08 +000049# @sha224: SHA-224. (since 2.7)
Daniel P. Berranged84b79d2015-11-19 17:09:01 +000050# @sha256: SHA-256. Current recommended strong hash.
Daniel P. Berrange9164b892016-03-11 18:33:08 +000051# @sha384: SHA-384. (since 2.7)
52# @sha512: SHA-512. (since 2.7)
53# @ripemd160: RIPEMD-160. (since 2.7)
Daniel P. Berranged84b79d2015-11-19 17:09:01 +000054# Since: 2.6
55##
56{ 'enum': 'QCryptoHashAlgorithm',
57 'prefix': 'QCRYPTO_HASH_ALG',
Daniel P. Berrange9164b892016-03-11 18:33:08 +000058 'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000059
60
61##
Marc-André Lureauc5927e72016-11-17 19:54:52 +040062# @QCryptoCipherAlgorithm:
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000063#
64# The supported algorithms for content encryption ciphers
65#
66# @aes-128: AES with 128 bit / 16 byte keys
67# @aes-192: AES with 192 bit / 24 byte keys
68# @aes-256: AES with 256 bit / 32 byte keys
Daniel P. Berrangé83bee4b2021-06-29 14:25:32 +010069# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. (since 6.1)
Longpeng(Mike)ffb7bf42016-12-08 10:33:28 +080070# @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9)
Daniel P. Berrange084a85e2016-02-10 17:07:42 +000071# @cast5-128: Cast5 with 128 bit / 16 byte keys
Daniel P. Berrange94318522016-02-10 17:07:42 +000072# @serpent-128: Serpent with 128 bit / 16 byte keys
73# @serpent-192: Serpent with 192 bit / 24 byte keys
74# @serpent-256: Serpent with 256 bit / 32 byte keys
Daniel P. Berrange50f67532016-02-10 17:07:42 +000075# @twofish-128: Twofish with 128 bit / 16 byte keys
76# @twofish-192: Twofish with 192 bit / 24 byte keys
77# @twofish-256: Twofish with 256 bit / 32 byte keys
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000078# Since: 2.6
79##
80{ 'enum': 'QCryptoCipherAlgorithm',
81 'prefix': 'QCRYPTO_CIPHER_ALG',
Daniel P. Berrange084a85e2016-02-10 17:07:42 +000082 'data': ['aes-128', 'aes-192', 'aes-256',
Daniel P. Berrangé83bee4b2021-06-29 14:25:32 +010083 'des', '3des',
Daniel P. Berrange94318522016-02-10 17:07:42 +000084 'cast5-128',
Daniel P. Berrange50f67532016-02-10 17:07:42 +000085 'serpent-128', 'serpent-192', 'serpent-256',
86 'twofish-128', 'twofish-192', 'twofish-256']}
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000087
88
89##
Marc-André Lureauc5927e72016-11-17 19:54:52 +040090# @QCryptoCipherMode:
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000091#
92# The supported modes for content encryption ciphers
93#
94# @ecb: Electronic Code Book
95# @cbc: Cipher Block Chaining
Daniel P. Berrangeeaec9032016-02-11 14:05:21 +000096# @xts: XEX with tweaked code book and ciphertext stealing
Gonglei3c282922016-09-26 17:23:22 +080097# @ctr: Counter (Since 2.8)
Daniel P. Berranged8c02bc2015-11-19 17:09:01 +000098# Since: 2.6
99##
100{ 'enum': 'QCryptoCipherMode',
101 'prefix': 'QCRYPTO_CIPHER_MODE',
Gonglei3c282922016-09-26 17:23:22 +0800102 'data': ['ecb', 'cbc', 'xts', 'ctr']}
Daniel P. Berrangecb730892015-10-15 12:35:28 +0100103
104
105##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400106# @QCryptoIVGenAlgorithm:
Daniel P. Berrangecb730892015-10-15 12:35:28 +0100107#
108# The supported algorithms for generating initialization
109# vectors for full disk encryption. The 'plain' generator
110# should not be used for disks with sector numbers larger
111# than 2^32, except where compatibility with pre-existing
112# Linux dm-crypt volumes is required.
113#
114# @plain: 64-bit sector number truncated to 32-bits
115# @plain64: 64-bit sector number
116# @essiv: 64-bit sector number encrypted with a hash of the encryption key
117# Since: 2.6
118##
119{ 'enum': 'QCryptoIVGenAlgorithm',
120 'prefix': 'QCRYPTO_IVGEN_ALG',
121 'data': ['plain', 'plain64', 'essiv']}
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100122
123##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400124# @QCryptoBlockFormat:
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100125#
126# The supported full disk encryption formats
127#
128# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
129# for liberating data from old images.
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100130# @luks: LUKS encryption format. Recommended for new images
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100131#
132# Since: 2.6
133##
134{ 'enum': 'QCryptoBlockFormat',
135# 'prefix': 'QCRYPTO_BLOCK_FORMAT',
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100136 'data': ['qcow', 'luks']}
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100137
138##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400139# @QCryptoBlockOptionsBase:
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100140#
141# The common options that apply to all full disk
142# encryption formats
143#
144# @format: the encryption format
145#
146# Since: 2.6
147##
148{ 'struct': 'QCryptoBlockOptionsBase',
149 'data': { 'format': 'QCryptoBlockFormat' }}
150
151##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400152# @QCryptoBlockOptionsQCow:
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100153#
154# The options that apply to QCow/QCow2 AES-CBC encryption format
155#
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100156# @key-secret: the ID of a QCryptoSecret object providing the
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100157# decryption key. Mandatory except when probing image for
158# metadata only.
159#
160# Since: 2.6
161##
162{ 'struct': 'QCryptoBlockOptionsQCow',
163 'data': { '*key-secret': 'str' }}
164
165##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400166# @QCryptoBlockOptionsLUKS:
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100167#
168# The options that apply to LUKS encryption format
169#
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100170# @key-secret: the ID of a QCryptoSecret object providing the
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100171# decryption key. Mandatory except when probing image for
172# metadata only.
173# Since: 2.6
174##
175{ 'struct': 'QCryptoBlockOptionsLUKS',
176 'data': { '*key-secret': 'str' }}
177
178
179##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400180# @QCryptoBlockCreateOptionsLUKS:
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100181#
182# The options that apply to LUKS encryption format initialization
183#
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100184# @cipher-alg: the cipher algorithm for data encryption
Alberto Garciaa8b826d2018-10-05 16:52:02 +0200185# Currently defaults to 'aes-256'.
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100186# @cipher-mode: the cipher mode for data encryption
Alberto Garciaa8b826d2018-10-05 16:52:02 +0200187# Currently defaults to 'xts'
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100188# @ivgen-alg: the initialization vector generator
Alberto Garciaa8b826d2018-10-05 16:52:02 +0200189# Currently defaults to 'plain64'
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100190# @ivgen-hash-alg: the initialization vector generator hash
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100191# Currently defaults to 'sha256'
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100192# @hash-alg: the master key hash algorithm
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100193# Currently defaults to 'sha256'
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100194# @iter-time: number of milliseconds to spend in
Daniel P. Berrange3bd18892016-09-06 18:43:00 +0100195# PBKDF passphrase processing. Currently defaults
Daniel P. Berrange2ab66cd2016-09-07 12:48:32 +0100196# to 2000. (since 2.8)
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100197# Since: 2.6
198##
199{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
200 'base': 'QCryptoBlockOptionsLUKS',
201 'data': { '*cipher-alg': 'QCryptoCipherAlgorithm',
202 '*cipher-mode': 'QCryptoCipherMode',
203 '*ivgen-alg': 'QCryptoIVGenAlgorithm',
204 '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
Daniel P. Berrange3bd18892016-09-06 18:43:00 +0100205 '*hash-alg': 'QCryptoHashAlgorithm',
206 '*iter-time': 'int'}}
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100207
208
209##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400210# @QCryptoBlockOpenOptions:
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100211#
212# The options that are available for all encryption formats
213# when opening an existing volume
214#
215# Since: 2.6
216##
217{ 'union': 'QCryptoBlockOpenOptions',
218 'base': 'QCryptoBlockOptionsBase',
219 'discriminator': 'format',
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100220 'data': { 'qcow': 'QCryptoBlockOptionsQCow',
221 'luks': 'QCryptoBlockOptionsLUKS' } }
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100222
223
224##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400225# @QCryptoBlockCreateOptions:
Daniel P. Berrange7d969012015-10-24 11:44:13 +0100226#
227# The options that are available for all encryption formats
228# when initializing a new volume
229#
230# Since: 2.6
231##
232{ 'union': 'QCryptoBlockCreateOptions',
233 'base': 'QCryptoBlockOptionsBase',
234 'discriminator': 'format',
Daniel P. Berrange3e308f22015-10-24 11:55:48 +0100235 'data': { 'qcow': 'QCryptoBlockOptionsQCow',
236 'luks': 'QCryptoBlockCreateOptionsLUKS' } }
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100237
238
239##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400240# @QCryptoBlockInfoBase:
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100241#
242# The common information that applies to all full disk
243# encryption formats
244#
245# @format: the encryption format
246#
247# Since: 2.7
248##
249{ 'struct': 'QCryptoBlockInfoBase',
250 'data': { 'format': 'QCryptoBlockFormat' }}
251
252
253##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400254# @QCryptoBlockInfoLUKSSlot:
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100255#
256# Information about the LUKS block encryption key
257# slot options
258#
259# @active: whether the key slot is currently in use
260# @key-offset: offset to the key material in bytes
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100261# @iters: number of PBKDF2 iterations for key material
262# @stripes: number of stripes for splitting key material
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100263#
264# Since: 2.7
265##
266{ 'struct': 'QCryptoBlockInfoLUKSSlot',
267 'data': {'active': 'bool',
268 '*iters': 'int',
269 '*stripes': 'int',
270 'key-offset': 'int' } }
271
272
273##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400274# @QCryptoBlockInfoLUKS:
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100275#
276# Information about the LUKS block encryption options
277#
278# @cipher-alg: the cipher algorithm for data encryption
279# @cipher-mode: the cipher mode for data encryption
280# @ivgen-alg: the initialization vector generator
Markus Armbruster1d8bda12017-03-15 13:57:06 +0100281# @ivgen-hash-alg: the initialization vector generator hash
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100282# @hash-alg: the master key hash algorithm
283# @payload-offset: offset to the payload data in bytes
284# @master-key-iters: number of PBKDF2 iterations for key material
285# @uuid: unique identifier for the volume
286# @slots: information about each key slot
287#
288# Since: 2.7
289##
290{ 'struct': 'QCryptoBlockInfoLUKS',
291 'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
292 'cipher-mode': 'QCryptoCipherMode',
293 'ivgen-alg': 'QCryptoIVGenAlgorithm',
294 '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
295 'hash-alg': 'QCryptoHashAlgorithm',
296 'payload-offset': 'int',
297 'master-key-iters': 'int',
298 'uuid': 'str',
299 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
300
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100301##
Marc-André Lureauc5927e72016-11-17 19:54:52 +0400302# @QCryptoBlockInfo:
Daniel P. Berrange40c85022016-07-22 13:53:34 +0100303#
304# Information about the block encryption options
305#
306# Since: 2.7
307##
308{ 'union': 'QCryptoBlockInfo',
309 'base': 'QCryptoBlockInfoBase',
310 'discriminator': 'format',
Anton Nefedov29cd0402018-06-18 11:40:06 +0300311 'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
Maxim Levitsky43cbd062020-06-25 14:55:36 +0200312
Maxim Levitsky557d2bd2020-06-25 14:55:37 +0200313##
314# @QCryptoBlockLUKSKeyslotState:
315#
316# Defines state of keyslots that are affected by the update
317#
318# @active: The slots contain the given password and marked as active
319# @inactive: The slots are erased (contain garbage) and marked as inactive
320#
321# Since: 5.1
322##
323{ 'enum': 'QCryptoBlockLUKSKeyslotState',
324 'data': [ 'active', 'inactive' ] }
Maxim Levitsky43cbd062020-06-25 14:55:36 +0200325
326
327##
Maxim Levitsky557d2bd2020-06-25 14:55:37 +0200328# @QCryptoBlockAmendOptionsLUKS:
329#
330# This struct defines the update parameters that activate/de-activate set
331# of keyslots
332#
333# @state: the desired state of the keyslots
334#
335# @new-secret: The ID of a QCryptoSecret object providing the password to be
336# written into added active keyslots
337#
338# @old-secret: Optional (for deactivation only)
zhaolichang2400e502020-09-17 15:50:28 +0800339# If given will deactivate all keyslots that
Maxim Levitsky557d2bd2020-06-25 14:55:37 +0200340# match password located in QCryptoSecret with this ID
341#
342# @iter-time: Optional (for activation only)
343# Number of milliseconds to spend in
344# PBKDF passphrase processing for the newly activated keyslot.
345# Currently defaults to 2000.
346#
347# @keyslot: Optional. ID of the keyslot to activate/deactivate.
348# For keyslot activation, keyslot should not be active already
349# (this is unsafe to update an active keyslot),
350# but possible if 'force' parameter is given.
351# If keyslot is not given, first free keyslot will be written.
352#
353# For keyslot deactivation, this parameter specifies the exact
354# keyslot to deactivate
355#
356# @secret: Optional. The ID of a QCryptoSecret object providing the
zhaolichang2400e502020-09-17 15:50:28 +0800357# password to use to retrieve current master key.
Maxim Levitsky557d2bd2020-06-25 14:55:37 +0200358# Defaults to the same secret that was used to open the image
359#
360#
361# Since 5.1
362##
363{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
364 'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
365 '*new-secret': 'str',
366 '*old-secret': 'str',
367 '*keyslot': 'int',
368 '*iter-time': 'int',
369 '*secret': 'str' } }
370
371##
Maxim Levitsky43cbd062020-06-25 14:55:36 +0200372# @QCryptoBlockAmendOptions:
373#
374# The options that are available for all encryption formats
375# when amending encryption settings
376#
377# Since: 5.1
378##
379{ 'union': 'QCryptoBlockAmendOptions',
380 'base': 'QCryptoBlockOptionsBase',
381 'discriminator': 'format',
382 'data': {
Maxim Levitsky557d2bd2020-06-25 14:55:37 +0200383 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
Kevin Wolf39c4c272020-10-20 12:47:58 +0200384
385##
386# @SecretCommonProperties:
387#
388# Properties for objects of classes derived from secret-common.
389#
390# @loaded: if true, the secret is loaded immediately when applying this option
391# and will probably fail when processing the next option. Don't use;
392# only provided for compatibility. (default: false)
393#
394# @format: the data format that the secret is provided in (default: raw)
395#
396# @keyid: the name of another secret that should be used to decrypt the
397# provided data. If not present, the data is assumed to be unencrypted.
398#
399# @iv: the random initialization vector used for encryption of this particular
400# secret. Should be a base64 encrypted string of the 16-byte IV. Mandatory
401# if @keyid is given. Ignored if @keyid is absent.
402#
403# Features:
404# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense,
405# and false is already the default.
406#
407# Since: 2.6
408##
409{ 'struct': 'SecretCommonProperties',
410 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
411 '*format': 'QCryptoSecretFormat',
412 '*keyid': 'str',
413 '*iv': 'str' } }
414
415##
416# @SecretProperties:
417#
418# Properties for secret objects.
419#
420# Either @data or @file must be provided, but not both.
421#
422# @data: the associated with the secret from
423#
424# @file: the filename to load the data associated with the secret from
425#
426# Since: 2.6
427##
428{ 'struct': 'SecretProperties',
429 'base': 'SecretCommonProperties',
430 'data': { '*data': 'str',
431 '*file': 'str' } }
432
433##
434# @SecretKeyringProperties:
435#
436# Properties for secret_keyring objects.
437#
438# @serial: serial number that identifies a key to get from the kernel
439#
440# Since: 5.1
441##
442{ 'struct': 'SecretKeyringProperties',
443 'base': 'SecretCommonProperties',
444 'data': { 'serial': 'int32' } }
Kevin Wolfd09e4932020-10-20 12:47:58 +0200445
446##
447# @TlsCredsProperties:
448#
449# Properties for objects of classes derived from tls-creds.
450#
451# @verify-peer: if true the peer credentials will be verified once the
452# handshake is completed. This is a no-op for anonymous
453# credentials. (default: true)
454#
455# @dir: the path of the directory that contains the credential files
456#
457# @endpoint: whether the QEMU network backend that uses the credentials will be
458# acting as a client or as a server (default: client)
459#
460# @priority: a gnutls priority string as described at
461# https://gnutls.org/manual/html_node/Priority-Strings.html
462#
463# Since: 2.5
464##
465{ 'struct': 'TlsCredsProperties',
466 'data': { '*verify-peer': 'bool',
467 '*dir': 'str',
468 '*endpoint': 'QCryptoTLSCredsEndpoint',
469 '*priority': 'str' } }
470
471##
472# @TlsCredsAnonProperties:
473#
474# Properties for tls-creds-anon objects.
475#
476# @loaded: if true, the credentials are loaded immediately when applying this
477# option and will ignore options that are processed later. Don't use;
478# only provided for compatibility. (default: false)
479#
480# Features:
481# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense,
482# and false is already the default.
483#
484# Since: 2.5
485##
486{ 'struct': 'TlsCredsAnonProperties',
487 'base': 'TlsCredsProperties',
488 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } }
489
490##
491# @TlsCredsPskProperties:
492#
493# Properties for tls-creds-psk objects.
494#
495# @loaded: if true, the credentials are loaded immediately when applying this
496# option and will ignore options that are processed later. Don't use;
497# only provided for compatibility. (default: false)
498#
499# @username: the username which will be sent to the server. For clients only.
500# If absent, "qemu" is sent and the property will read back as an
501# empty string.
502#
503# Features:
504# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense,
505# and false is already the default.
506#
507# Since: 3.0
508##
509{ 'struct': 'TlsCredsPskProperties',
510 'base': 'TlsCredsProperties',
511 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
512 '*username': 'str' } }
513
514##
515# @TlsCredsX509Properties:
516#
517# Properties for tls-creds-x509 objects.
518#
519# @loaded: if true, the credentials are loaded immediately when applying this
520# option and will ignore options that are processed later. Don't use;
521# only provided for compatibility. (default: false)
522#
523# @sanity-check: if true, perform some sanity checks before using the
524# credentials (default: true)
525#
526# @passwordid: For the server-key.pem and client-key.pem files which contain
527# sensitive private keys, it is possible to use an encrypted
528# version by providing the @passwordid parameter. This provides
529# the ID of a previously created secret object containing the
530# password for decryption.
531#
532# Features:
533# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense,
534# and false is already the default.
535#
536# Since: 2.5
537##
538{ 'struct': 'TlsCredsX509Properties',
539 'base': 'TlsCredsProperties',
540 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
541 '*sanity-check': 'bool',
542 '*passwordid': 'str' } }