xref: /openbmc/qemu/crypto/tlscredsanon.c (revision 200280af0e19bfaeb9431eb0ee1ee2d8bf8d3a0a)
1 /*
2  * QEMU crypto TLS anonymous credential support
3  *
4  * Copyright (c) 2015 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #include "qemu/osdep.h"
22 #include "crypto/tlscredsanon.h"
23 #include "tlscredspriv.h"
24 #include "qapi/error.h"
25 #include "qom/object_interfaces.h"
26 #include "trace.h"
27 
28 
29 #ifdef CONFIG_GNUTLS
30 
31 
32 static int
33 qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds,
34                             Error **errp)
35 {
36     char *dhparams = NULL;
37     int ret;
38     int rv = -1;
39 
40     trace_qcrypto_tls_creds_anon_load(creds,
41             creds->parent_obj.dir ? creds->parent_obj.dir : "<nodir>");
42 
43     if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
44         if (qcrypto_tls_creds_get_path(&creds->parent_obj,
45                                        QCRYPTO_TLS_CREDS_DH_PARAMS,
46                                        false, &dhparams, errp) < 0) {
47             goto cleanup;
48         }
49 
50         ret = gnutls_anon_allocate_server_credentials(&creds->data.server);
51         if (ret < 0) {
52             error_setg(errp, "Cannot allocate credentials: %s",
53                        gnutls_strerror(ret));
54             goto cleanup;
55         }
56 
57         if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhparams,
58                                                  &creds->parent_obj.dh_params,
59                                                  errp) < 0) {
60             goto cleanup;
61         }
62 
63         gnutls_anon_set_server_dh_params(creds->data.server,
64                                          creds->parent_obj.dh_params);
65     } else {
66         ret = gnutls_anon_allocate_client_credentials(&creds->data.client);
67         if (ret < 0) {
68             error_setg(errp, "Cannot allocate credentials: %s",
69                        gnutls_strerror(ret));
70             goto cleanup;
71         }
72     }
73 
74     rv = 0;
75  cleanup:
76     g_free(dhparams);
77     return rv;
78 }
79 
80 
81 static void
82 qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds)
83 {
84     if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
85         if (creds->data.client) {
86             gnutls_anon_free_client_credentials(creds->data.client);
87             creds->data.client = NULL;
88         }
89     } else {
90         if (creds->data.server) {
91             gnutls_anon_free_server_credentials(creds->data.server);
92             creds->data.server = NULL;
93         }
94     }
95     if (creds->parent_obj.dh_params) {
96         gnutls_dh_params_deinit(creds->parent_obj.dh_params);
97         creds->parent_obj.dh_params = NULL;
98     }
99 }
100 
101 #else /* ! CONFIG_GNUTLS */
102 
103 
104 static void
105 qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds G_GNUC_UNUSED,
106                             Error **errp)
107 {
108     error_setg(errp, "TLS credentials support requires GNUTLS");
109 }
110 
111 
112 static void
113 qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds G_GNUC_UNUSED)
114 {
115     /* nada */
116 }
117 
118 
119 #endif /* ! CONFIG_GNUTLS */
120 
121 
122 static void
123 qcrypto_tls_creds_anon_prop_set_loaded(Object *obj,
124                                        bool value,
125                                        Error **errp)
126 {
127     QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(obj);
128 
129     if (value) {
130         qcrypto_tls_creds_anon_load(creds, errp);
131     } else {
132         qcrypto_tls_creds_anon_unload(creds);
133     }
134 }
135 
136 
137 #ifdef CONFIG_GNUTLS
138 
139 
140 static bool
141 qcrypto_tls_creds_anon_prop_get_loaded(Object *obj,
142                                        Error **errp G_GNUC_UNUSED)
143 {
144     QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(obj);
145 
146     if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
147         return creds->data.server != NULL;
148     } else {
149         return creds->data.client != NULL;
150     }
151 }
152 
153 
154 #else /* ! CONFIG_GNUTLS */
155 
156 
157 static bool
158 qcrypto_tls_creds_anon_prop_get_loaded(Object *obj G_GNUC_UNUSED,
159                                        Error **errp G_GNUC_UNUSED)
160 {
161     return false;
162 }
163 
164 
165 #endif /* ! CONFIG_GNUTLS */
166 
167 
168 static void
169 qcrypto_tls_creds_anon_complete(UserCreatable *uc, Error **errp)
170 {
171     object_property_set_bool(OBJECT(uc), true, "loaded", errp);
172 }
173 
174 
175 static void
176 qcrypto_tls_creds_anon_finalize(Object *obj)
177 {
178     QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(obj);
179 
180     qcrypto_tls_creds_anon_unload(creds);
181 }
182 
183 
184 static void
185 qcrypto_tls_creds_anon_class_init(ObjectClass *oc, void *data)
186 {
187     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
188 
189     ucc->complete = qcrypto_tls_creds_anon_complete;
190 
191     object_class_property_add_bool(oc, "loaded",
192                                    qcrypto_tls_creds_anon_prop_get_loaded,
193                                    qcrypto_tls_creds_anon_prop_set_loaded,
194                                    NULL);
195 }
196 
197 
198 static const TypeInfo qcrypto_tls_creds_anon_info = {
199     .parent = TYPE_QCRYPTO_TLS_CREDS,
200     .name = TYPE_QCRYPTO_TLS_CREDS_ANON,
201     .instance_size = sizeof(QCryptoTLSCredsAnon),
202     .instance_finalize = qcrypto_tls_creds_anon_finalize,
203     .class_size = sizeof(QCryptoTLSCredsAnonClass),
204     .class_init = qcrypto_tls_creds_anon_class_init,
205     .interfaces = (InterfaceInfo[]) {
206         { TYPE_USER_CREATABLE },
207         { }
208     }
209 };
210 
211 
212 static void
213 qcrypto_tls_creds_anon_register_types(void)
214 {
215     type_register_static(&qcrypto_tls_creds_anon_info);
216 }
217 
218 
219 type_init(qcrypto_tls_creds_anon_register_types);
220