xref: /openbmc/qemu/include/crypto/tlscredsanon.h (revision 5a67d7735d4162630769ef495cf813244fc850df) 
1e00adf6cSDaniel P. Berrange /*
2e00adf6cSDaniel P. Berrange  * QEMU crypto TLS anonymous credential support
3e00adf6cSDaniel P. Berrange  *
4e00adf6cSDaniel P. Berrange  * Copyright (c) 2015 Red Hat, Inc.
5e00adf6cSDaniel P. Berrange  *
6e00adf6cSDaniel P. Berrange  * This library is free software; you can redistribute it and/or
7e00adf6cSDaniel P. Berrange  * modify it under the terms of the GNU Lesser General Public
8e00adf6cSDaniel P. Berrange  * License as published by the Free Software Foundation; either
9b7cbb874SThomas Huth  * version 2.1 of the License, or (at your option) any later version.
10e00adf6cSDaniel P. Berrange  *
11e00adf6cSDaniel P. Berrange  * This library is distributed in the hope that it will be useful,
12e00adf6cSDaniel P. Berrange  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13e00adf6cSDaniel P. Berrange  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14e00adf6cSDaniel P. Berrange  * Lesser General Public License for more details.
15e00adf6cSDaniel P. Berrange  *
16e00adf6cSDaniel P. Berrange  * You should have received a copy of the GNU Lesser General Public
17e00adf6cSDaniel P. Berrange  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18e00adf6cSDaniel P. Berrange  *
19e00adf6cSDaniel P. Berrange  */
20e00adf6cSDaniel P. Berrange 
21121d0712SMarkus Armbruster #ifndef QCRYPTO_TLSCREDSANON_H
22121d0712SMarkus Armbruster #define QCRYPTO_TLSCREDSANON_H
23e00adf6cSDaniel P. Berrange 
24e00adf6cSDaniel P. Berrange #include "crypto/tlscreds.h"
25db1015e9SEduardo Habkost #include "qom/object.h"
26e00adf6cSDaniel P. Berrange 
27e00adf6cSDaniel P. Berrange #define TYPE_QCRYPTO_TLS_CREDS_ANON "tls-creds-anon"
28db1015e9SEduardo Habkost typedef struct QCryptoTLSCredsAnon QCryptoTLSCredsAnon;
29*8110fa1dSEduardo Habkost DECLARE_INSTANCE_CHECKER(QCryptoTLSCredsAnon, QCRYPTO_TLS_CREDS_ANON,
30*8110fa1dSEduardo Habkost                          TYPE_QCRYPTO_TLS_CREDS_ANON)
31e00adf6cSDaniel P. Berrange 
32e00adf6cSDaniel P. Berrange 
33e00adf6cSDaniel P. Berrange typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsAnonClass;
34e00adf6cSDaniel P. Berrange 
35e00adf6cSDaniel P. Berrange /**
36e00adf6cSDaniel P. Berrange  * QCryptoTLSCredsAnon:
37e00adf6cSDaniel P. Berrange  *
38e00adf6cSDaniel P. Berrange  * The QCryptoTLSCredsAnon object provides a representation
39e00adf6cSDaniel P. Berrange  * of anonymous credentials used perform a TLS handshake.
40e00adf6cSDaniel P. Berrange  * This is primarily provided for backwards compatibility and
41e00adf6cSDaniel P. Berrange  * its use is discouraged as it has poor security characteristics
42e00adf6cSDaniel P. Berrange  * due to lacking MITM attack protection amongst other problems.
43e00adf6cSDaniel P. Berrange  *
44e00adf6cSDaniel P. Berrange  * This is a user creatable object, which can be instantiated
45e00adf6cSDaniel P. Berrange  * via object_new_propv():
46e00adf6cSDaniel P. Berrange  *
47e00adf6cSDaniel P. Berrange  * <example>
48e00adf6cSDaniel P. Berrange  *   <title>Creating anonymous TLS credential objects in code</title>
49e00adf6cSDaniel P. Berrange  *   <programlisting>
50e00adf6cSDaniel P. Berrange  *   Object *obj;
51e00adf6cSDaniel P. Berrange  *   Error *err = NULL;
52e00adf6cSDaniel P. Berrange  *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_ANON,
53e00adf6cSDaniel P. Berrange  *                          "tlscreds0",
54e00adf6cSDaniel P. Berrange  *                          &err,
55e00adf6cSDaniel P. Berrange  *                          "endpoint", "server",
56e00adf6cSDaniel P. Berrange  *                          "dir", "/path/x509/cert/dir",
57e00adf6cSDaniel P. Berrange  *                          "verify-peer", "yes",
58e00adf6cSDaniel P. Berrange  *                          NULL);
59e00adf6cSDaniel P. Berrange  *   </programlisting>
60e00adf6cSDaniel P. Berrange  * </example>
61e00adf6cSDaniel P. Berrange  *
62e00adf6cSDaniel P. Berrange  * Or via QMP:
63e00adf6cSDaniel P. Berrange  *
64e00adf6cSDaniel P. Berrange  * <example>
65e00adf6cSDaniel P. Berrange  *   <title>Creating anonymous TLS credential objects via QMP</title>
66e00adf6cSDaniel P. Berrange  *   <programlisting>
67e00adf6cSDaniel P. Berrange  *    {
68e00adf6cSDaniel P. Berrange  *       "execute": "object-add", "arguments": {
69e00adf6cSDaniel P. Berrange  *          "id": "tlscreds0",
70e00adf6cSDaniel P. Berrange  *          "qom-type": "tls-creds-anon",
71e00adf6cSDaniel P. Berrange  *          "props": {
72e00adf6cSDaniel P. Berrange  *             "endpoint": "server",
73e00adf6cSDaniel P. Berrange  *             "dir": "/path/to/x509/cert/dir",
74e00adf6cSDaniel P. Berrange  *             "verify-peer": false
75e00adf6cSDaniel P. Berrange  *          }
76e00adf6cSDaniel P. Berrange  *       }
77e00adf6cSDaniel P. Berrange  *    }
78e00adf6cSDaniel P. Berrange  *   </programlisting>
79e00adf6cSDaniel P. Berrange  * </example>
80e00adf6cSDaniel P. Berrange  *
81e00adf6cSDaniel P. Berrange  *
82e00adf6cSDaniel P. Berrange  * Or via the CLI:
83e00adf6cSDaniel P. Berrange  *
84e00adf6cSDaniel P. Berrange  * <example>
85e00adf6cSDaniel P. Berrange  *   <title>Creating anonymous TLS credential objects via CLI</title>
86e00adf6cSDaniel P. Berrange  *   <programlisting>
87e00adf6cSDaniel P. Berrange  *  qemu-system-x86_64 -object tls-creds-anon,id=tlscreds0,\
88e00adf6cSDaniel P. Berrange  *          endpoint=server,verify-peer=off,\
89e00adf6cSDaniel P. Berrange  *          dir=/path/to/x509/certdir/
90e00adf6cSDaniel P. Berrange  *   </programlisting>
91e00adf6cSDaniel P. Berrange  * </example>
92e00adf6cSDaniel P. Berrange  *
93e00adf6cSDaniel P. Berrange  */
94e00adf6cSDaniel P. Berrange 
95e00adf6cSDaniel P. Berrange struct QCryptoTLSCredsAnonClass {
96e00adf6cSDaniel P. Berrange     QCryptoTLSCredsClass parent_class;
97e00adf6cSDaniel P. Berrange };
98e00adf6cSDaniel P. Berrange 
99e00adf6cSDaniel P. Berrange 
100121d0712SMarkus Armbruster #endif /* QCRYPTO_TLSCREDSANON_H */
101