xref: /openbmc/qemu/include/crypto/tlscreds.h (revision e9ac68083f26759b85ef0d871ca2bbe897218f64) 
1a090187dSDaniel P. Berrange /*
2a090187dSDaniel P. Berrange  * QEMU crypto TLS credential support
3a090187dSDaniel P. Berrange  *
4a090187dSDaniel P. Berrange  * Copyright (c) 2015 Red Hat, Inc.
5a090187dSDaniel P. Berrange  *
6a090187dSDaniel P. Berrange  * This library is free software; you can redistribute it and/or
7a090187dSDaniel P. Berrange  * modify it under the terms of the GNU Lesser General Public
8a090187dSDaniel P. Berrange  * License as published by the Free Software Foundation; either
9b7cbb874SThomas Huth  * version 2.1 of the License, or (at your option) any later version.
10a090187dSDaniel P. Berrange  *
11a090187dSDaniel P. Berrange  * This library is distributed in the hope that it will be useful,
12a090187dSDaniel P. Berrange  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13a090187dSDaniel P. Berrange  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14a090187dSDaniel P. Berrange  * Lesser General Public License for more details.
15a090187dSDaniel P. Berrange  *
16a090187dSDaniel P. Berrange  * You should have received a copy of the GNU Lesser General Public
17a090187dSDaniel P. Berrange  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18a090187dSDaniel P. Berrange  *
19a090187dSDaniel P. Berrange  */
20a090187dSDaniel P. Berrange 
21121d0712SMarkus Armbruster #ifndef QCRYPTO_TLSCREDS_H
22121d0712SMarkus Armbruster #define QCRYPTO_TLSCREDS_H
23a090187dSDaniel P. Berrange 
249af23989SMarkus Armbruster #include "qapi/qapi-types-crypto.h"
25a090187dSDaniel P. Berrange #include "qom/object.h"
26a090187dSDaniel P. Berrange 
27a090187dSDaniel P. Berrange #ifdef CONFIG_GNUTLS
28a090187dSDaniel P. Berrange #include <gnutls/gnutls.h>
29a090187dSDaniel P. Berrange #endif
30a090187dSDaniel P. Berrange 
31a090187dSDaniel P. Berrange #define TYPE_QCRYPTO_TLS_CREDS "tls-creds"
32db1015e9SEduardo Habkost typedef struct QCryptoTLSCreds QCryptoTLSCreds;
33a29acc9cSZihao Chang typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass;
34a29acc9cSZihao Chang DECLARE_OBJ_CHECKERS(QCryptoTLSCreds, QCryptoTLSCredsClass, QCRYPTO_TLS_CREDS,
358110fa1dSEduardo Habkost                      TYPE_QCRYPTO_TLS_CREDS)
36a090187dSDaniel P. Berrange 
37a090187dSDaniel P. Berrange 
38a090187dSDaniel P. Berrange #define QCRYPTO_TLS_CREDS_DH_PARAMS "dh-params.pem"
39a090187dSDaniel P. Berrange 
40a090187dSDaniel P. Berrange 
41a29acc9cSZihao Chang typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, Error **);
42a090187dSDaniel P. Berrange /**
43a090187dSDaniel P. Berrange  * QCryptoTLSCreds:
44a090187dSDaniel P. Berrange  *
45a090187dSDaniel P. Berrange  * The QCryptoTLSCreds object is an abstract base for different
46a090187dSDaniel P. Berrange  * types of TLS handshake credentials. Most commonly the
47a090187dSDaniel P. Berrange  * QCryptoTLSCredsX509 subclass will be used to provide x509
48a090187dSDaniel P. Berrange  * certificate credentials.
49a090187dSDaniel P. Berrange  */
50a090187dSDaniel P. Berrange 
51a090187dSDaniel P. Berrange struct QCryptoTLSCreds {
52a090187dSDaniel P. Berrange     Object parent_obj;
53a090187dSDaniel P. Berrange     char *dir;
54a090187dSDaniel P. Berrange     QCryptoTLSCredsEndpoint endpoint;
55a090187dSDaniel P. Berrange #ifdef CONFIG_GNUTLS
56a090187dSDaniel P. Berrange     gnutls_dh_params_t dh_params;
57a090187dSDaniel P. Berrange #endif
58a090187dSDaniel P. Berrange     bool verifyPeer;
5913f12430SDaniel P. Berrange     char *priority;
60a090187dSDaniel P. Berrange };
61a090187dSDaniel P. Berrange 
62a090187dSDaniel P. Berrange 
63a090187dSDaniel P. Berrange struct QCryptoTLSCredsClass {
64a090187dSDaniel P. Berrange     ObjectClass parent_class;
65a29acc9cSZihao Chang     CryptoTLSCredsReload reload;
66a090187dSDaniel P. Berrange };
67a090187dSDaniel P. Berrange 
68*e9ac6808SPhilippe Mathieu-Daudé /**
69*e9ac6808SPhilippe Mathieu-Daudé  * qcrypto_tls_creds_check_endpoint:
70*e9ac6808SPhilippe Mathieu-Daudé  * @creds: pointer to a TLS credentials object
71*e9ac6808SPhilippe Mathieu-Daudé  * @endpoint: type of network endpoint that will be using the credentials
72*e9ac6808SPhilippe Mathieu-Daudé  * @errp: pointer to a NULL-initialized error object
73*e9ac6808SPhilippe Mathieu-Daudé  *
74*e9ac6808SPhilippe Mathieu-Daudé  * Check whether the credentials is setup according to
75*e9ac6808SPhilippe Mathieu-Daudé  * the type of @endpoint argument.
76*e9ac6808SPhilippe Mathieu-Daudé  *
77*e9ac6808SPhilippe Mathieu-Daudé  * Returns true if the credentials is setup for the endpoint, false otherwise
78*e9ac6808SPhilippe Mathieu-Daudé  */
79*e9ac6808SPhilippe Mathieu-Daudé bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds,
80*e9ac6808SPhilippe Mathieu-Daudé                                       QCryptoTLSCredsEndpoint endpoint,
81*e9ac6808SPhilippe Mathieu-Daudé                                       Error **errp);
82a090187dSDaniel P. Berrange 
83121d0712SMarkus Armbruster #endif /* QCRYPTO_TLSCREDS_H */
84