1a090187dSDaniel P. Berrange# -*- Mode: Python -*- 2f7160f32SAndrea Bolognani# vim: filetype=python 3a090187dSDaniel P. Berrange# 4d3a48372SMarc-André Lureau 5d3a48372SMarc-André Lureau## 6f5cf31c5SMarkus Armbruster# = Cryptography 7d3a48372SMarc-André Lureau## 8a090187dSDaniel P. Berrange 9a090187dSDaniel P. Berrange## 10c5927e7aSMarc-André Lureau# @QCryptoTLSCredsEndpoint: 11a090187dSDaniel P. Berrange# 12a090187dSDaniel P. Berrange# The type of network endpoint that will be using the credentials. 13a090187dSDaniel P. Berrange# Most types of credential require different setup / structures 14a937b6aaSMarkus Armbruster# depending on whether they will be used in a server versus a client. 15a090187dSDaniel P. Berrange# 16a090187dSDaniel P. Berrange# @client: the network endpoint is acting as the client 17a090187dSDaniel P. Berrange# 18a090187dSDaniel P. Berrange# @server: the network endpoint is acting as the server 19a090187dSDaniel P. Berrange# 20a090187dSDaniel P. Berrange# Since: 2.5 21a090187dSDaniel P. Berrange## 22a090187dSDaniel P. Berrange{ 'enum': 'QCryptoTLSCredsEndpoint', 23a090187dSDaniel P. Berrange 'data': ['client', 'server']} 24ac1d8878SDaniel P. Berrange 25ac1d8878SDaniel P. Berrange## 26c5927e7aSMarc-André Lureau# @QCryptoSecretFormat: 27ac1d8878SDaniel P. Berrange# 28ac1d8878SDaniel P. Berrange# The data format that the secret is provided in 29ac1d8878SDaniel P. Berrange# 30a937b6aaSMarkus Armbruster# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences 31a937b6aaSMarkus Armbruster# can be used 32a937b6aaSMarkus Armbruster# 33ac1d8878SDaniel P. Berrange# @base64: arbitrary base64 encoded binary data 344ae65a52SAndrea Bolognani# 35ac1d8878SDaniel P. Berrange# Since: 2.6 36ac1d8878SDaniel P. Berrange## 37ac1d8878SDaniel P. Berrange{ 'enum': 'QCryptoSecretFormat', 38ac1d8878SDaniel P. Berrange 'data': ['raw', 'base64']} 39d84b79d3SDaniel P. Berrange 40d84b79d3SDaniel P. Berrange## 41ef834aa2SMarkus Armbruster# @QCryptoHashAlgo: 42d84b79d3SDaniel P. Berrange# 43d84b79d3SDaniel P. Berrange# The supported algorithms for computing content digests 44d84b79d3SDaniel P. Berrange# 45d84b79d3SDaniel P. Berrange# @md5: MD5. Should not be used in any new code, legacy compat only 46a937b6aaSMarkus Armbruster# 47d84b79d3SDaniel P. Berrange# @sha1: SHA-1. Should not be used in any new code, legacy compat only 48a937b6aaSMarkus Armbruster# 499164b897SDaniel P. Berrange# @sha224: SHA-224. (since 2.7) 50a937b6aaSMarkus Armbruster# 51d84b79d3SDaniel P. Berrange# @sha256: SHA-256. Current recommended strong hash. 52a937b6aaSMarkus Armbruster# 539164b897SDaniel P. Berrange# @sha384: SHA-384. (since 2.7) 54a937b6aaSMarkus Armbruster# 559164b897SDaniel P. Berrange# @sha512: SHA-512. (since 2.7) 56a937b6aaSMarkus Armbruster# 579164b897SDaniel P. Berrange# @ripemd160: RIPEMD-160. (since 2.7) 58*d078da86Sliequan che# @sm3: SM3. (since 9.2.0) 594ae65a52SAndrea Bolognani# 60d84b79d3SDaniel P. Berrange# Since: 2.6 61d84b79d3SDaniel P. Berrange## 62ef834aa2SMarkus Armbruster{ 'enum': 'QCryptoHashAlgo', 63*d078da86Sliequan che 'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160', 'sm3']} 64d8c02bccSDaniel P. Berrange 65d8c02bccSDaniel P. Berrange## 66a092c513SMarkus Armbruster# @QCryptoCipherAlgo: 67d8c02bccSDaniel P. Berrange# 68d8c02bccSDaniel P. Berrange# The supported algorithms for content encryption ciphers 69d8c02bccSDaniel P. Berrange# 70d8c02bccSDaniel P. Berrange# @aes-128: AES with 128 bit / 16 byte keys 71a937b6aaSMarkus Armbruster# 72d8c02bccSDaniel P. Berrange# @aes-192: AES with 192 bit / 24 byte keys 73a937b6aaSMarkus Armbruster# 74d8c02bccSDaniel P. Berrange# @aes-256: AES with 256 bit / 32 byte keys 75a937b6aaSMarkus Armbruster# 76a937b6aaSMarkus Armbruster# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. 77a937b6aaSMarkus Armbruster# (since 6.1) 78a937b6aaSMarkus Armbruster# 79ffb7bf45SLongpeng(Mike)# @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) 80a937b6aaSMarkus Armbruster# 81084a85eeSDaniel P. Berrange# @cast5-128: Cast5 with 128 bit / 16 byte keys 82a937b6aaSMarkus Armbruster# 8394318522SDaniel P. Berrange# @serpent-128: Serpent with 128 bit / 16 byte keys 84a937b6aaSMarkus Armbruster# 8594318522SDaniel P. Berrange# @serpent-192: Serpent with 192 bit / 24 byte keys 86a937b6aaSMarkus Armbruster# 8794318522SDaniel P. Berrange# @serpent-256: Serpent with 256 bit / 32 byte keys 88a937b6aaSMarkus Armbruster# 8950f6753eSDaniel P. Berrange# @twofish-128: Twofish with 128 bit / 16 byte keys 90a937b6aaSMarkus Armbruster# 9150f6753eSDaniel P. Berrange# @twofish-192: Twofish with 192 bit / 24 byte keys 92a937b6aaSMarkus Armbruster# 9350f6753eSDaniel P. Berrange# @twofish-256: Twofish with 256 bit / 32 byte keys 944ae65a52SAndrea Bolognani# 9552ed9f45SHyman Huang# @sm4: SM4 with 128 bit / 16 byte keys (since 9.0) 9652ed9f45SHyman Huang# 97d8c02bccSDaniel P. Berrange# Since: 2.6 98d8c02bccSDaniel P. Berrange## 99a092c513SMarkus Armbruster{ 'enum': 'QCryptoCipherAlgo', 100084a85eeSDaniel P. Berrange 'data': ['aes-128', 'aes-192', 'aes-256', 10183bee4b5SDaniel P. Berrangé 'des', '3des', 10294318522SDaniel P. Berrange 'cast5-128', 10350f6753eSDaniel P. Berrange 'serpent-128', 'serpent-192', 'serpent-256', 10452ed9f45SHyman Huang 'twofish-128', 'twofish-192', 'twofish-256', 10552ed9f45SHyman Huang 'sm4']} 106d8c02bccSDaniel P. Berrange 107d8c02bccSDaniel P. Berrange## 108c5927e7aSMarc-André Lureau# @QCryptoCipherMode: 109d8c02bccSDaniel P. Berrange# 110d8c02bccSDaniel P. Berrange# The supported modes for content encryption ciphers 111d8c02bccSDaniel P. Berrange# 112d8c02bccSDaniel P. Berrange# @ecb: Electronic Code Book 113a937b6aaSMarkus Armbruster# 114d8c02bccSDaniel P. Berrange# @cbc: Cipher Block Chaining 115a937b6aaSMarkus Armbruster# 116eaec903cSDaniel P. Berrange# @xts: XEX with tweaked code book and ciphertext stealing 117a937b6aaSMarkus Armbruster# 1183c28292fSGonglei# @ctr: Counter (Since 2.8) 1194ae65a52SAndrea Bolognani# 120d8c02bccSDaniel P. Berrange# Since: 2.6 121d8c02bccSDaniel P. Berrange## 122d8c02bccSDaniel P. Berrange{ 'enum': 'QCryptoCipherMode', 1233c28292fSGonglei 'data': ['ecb', 'cbc', 'xts', 'ctr']} 124cb730894SDaniel P. Berrange 125cb730894SDaniel P. Berrange## 1265e0e5102SMarkus Armbruster# @QCryptoIVGenAlgo: 127cb730894SDaniel P. Berrange# 128a937b6aaSMarkus Armbruster# The supported algorithms for generating initialization vectors for 129a937b6aaSMarkus Armbruster# full disk encryption. The 'plain' generator should not be used for 130a937b6aaSMarkus Armbruster# disks with sector numbers larger than 2^32, except where 131a937b6aaSMarkus Armbruster# compatibility with pre-existing Linux dm-crypt volumes is required. 132cb730894SDaniel P. Berrange# 133cb730894SDaniel P. Berrange# @plain: 64-bit sector number truncated to 32-bits 134a937b6aaSMarkus Armbruster# 135cb730894SDaniel P. Berrange# @plain64: 64-bit sector number 136a937b6aaSMarkus Armbruster# 137a937b6aaSMarkus Armbruster# @essiv: 64-bit sector number encrypted with a hash of the encryption 138a937b6aaSMarkus Armbruster# key 1394ae65a52SAndrea Bolognani# 140cb730894SDaniel P. Berrange# Since: 2.6 141cb730894SDaniel P. Berrange## 1425e0e5102SMarkus Armbruster{ 'enum': 'QCryptoIVGenAlgo', 143cb730894SDaniel P. Berrange 'data': ['plain', 'plain64', 'essiv']} 1447d969014SDaniel P. Berrange 1457d969014SDaniel P. Berrange## 146c5927e7aSMarc-André Lureau# @QCryptoBlockFormat: 1477d969014SDaniel P. Berrange# 1487d969014SDaniel P. Berrange# The supported full disk encryption formats 1497d969014SDaniel P. Berrange# 150a937b6aaSMarkus Armbruster# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only for 151a937b6aaSMarkus Armbruster# liberating data from old images. 152a937b6aaSMarkus Armbruster# 1533e308f20SDaniel P. Berrange# @luks: LUKS encryption format. Recommended for new images 1547d969014SDaniel P. Berrange# 1557d969014SDaniel P. Berrange# Since: 2.6 1567d969014SDaniel P. Berrange## 1577d969014SDaniel P. Berrange{ 'enum': 'QCryptoBlockFormat', 1583e308f20SDaniel P. Berrange 'data': ['qcow', 'luks']} 1597d969014SDaniel P. Berrange 1607d969014SDaniel P. Berrange## 161c5927e7aSMarc-André Lureau# @QCryptoBlockOptionsBase: 1627d969014SDaniel P. Berrange# 163a937b6aaSMarkus Armbruster# The common options that apply to all full disk encryption formats 1647d969014SDaniel P. Berrange# 1657d969014SDaniel P. Berrange# @format: the encryption format 1667d969014SDaniel P. Berrange# 1677d969014SDaniel P. Berrange# Since: 2.6 1687d969014SDaniel P. Berrange## 1697d969014SDaniel P. Berrange{ 'struct': 'QCryptoBlockOptionsBase', 1707d969014SDaniel P. Berrange 'data': { 'format': 'QCryptoBlockFormat' }} 1717d969014SDaniel P. Berrange 1727d969014SDaniel P. Berrange## 173c5927e7aSMarc-André Lureau# @QCryptoBlockOptionsQCow: 1747d969014SDaniel P. Berrange# 1757d969014SDaniel P. Berrange# The options that apply to QCow/QCow2 AES-CBC encryption format 1767d969014SDaniel P. Berrange# 1771d8bda12SMarkus Armbruster# @key-secret: the ID of a QCryptoSecret object providing the 1787d969014SDaniel P. Berrange# decryption key. Mandatory except when probing image for 1797d969014SDaniel P. Berrange# metadata only. 1807d969014SDaniel P. Berrange# 1817d969014SDaniel P. Berrange# Since: 2.6 1827d969014SDaniel P. Berrange## 1837d969014SDaniel P. Berrange{ 'struct': 'QCryptoBlockOptionsQCow', 1847d969014SDaniel P. Berrange 'data': { '*key-secret': 'str' }} 1857d969014SDaniel P. Berrange 1867d969014SDaniel P. Berrange## 187c5927e7aSMarc-André Lureau# @QCryptoBlockOptionsLUKS: 1883e308f20SDaniel P. Berrange# 1893e308f20SDaniel P. Berrange# The options that apply to LUKS encryption format 1903e308f20SDaniel P. Berrange# 1911d8bda12SMarkus Armbruster# @key-secret: the ID of a QCryptoSecret object providing the 1923e308f20SDaniel P. Berrange# decryption key. Mandatory except when probing image for 1933e308f20SDaniel P. Berrange# metadata only. 1944ae65a52SAndrea Bolognani# 1953e308f20SDaniel P. Berrange# Since: 2.6 1963e308f20SDaniel P. Berrange## 1973e308f20SDaniel P. Berrange{ 'struct': 'QCryptoBlockOptionsLUKS', 1983e308f20SDaniel P. Berrange 'data': { '*key-secret': 'str' }} 1993e308f20SDaniel P. Berrange 2003e308f20SDaniel P. Berrange## 201c5927e7aSMarc-André Lureau# @QCryptoBlockCreateOptionsLUKS: 2023e308f20SDaniel P. Berrange# 2033e308f20SDaniel P. Berrange# The options that apply to LUKS encryption format initialization 2043e308f20SDaniel P. Berrange# 205a937b6aaSMarkus Armbruster# @cipher-alg: the cipher algorithm for data encryption Currently 206a937b6aaSMarkus Armbruster# defaults to 'aes-256'. 207a937b6aaSMarkus Armbruster# 208a937b6aaSMarkus Armbruster# @cipher-mode: the cipher mode for data encryption Currently defaults 209a937b6aaSMarkus Armbruster# to 'xts' 210a937b6aaSMarkus Armbruster# 211a937b6aaSMarkus Armbruster# @ivgen-alg: the initialization vector generator Currently defaults 212a937b6aaSMarkus Armbruster# to 'plain64' 213a937b6aaSMarkus Armbruster# 214a937b6aaSMarkus Armbruster# @ivgen-hash-alg: the initialization vector generator hash Currently 215a937b6aaSMarkus Armbruster# defaults to 'sha256' 216a937b6aaSMarkus Armbruster# 217a937b6aaSMarkus Armbruster# @hash-alg: the master key hash algorithm Currently defaults to 218a937b6aaSMarkus Armbruster# 'sha256' 219a937b6aaSMarkus Armbruster# 220a937b6aaSMarkus Armbruster# @iter-time: number of milliseconds to spend in PBKDF passphrase 221a937b6aaSMarkus Armbruster# processing. Currently defaults to 2000. (since 2.8) 2224ae65a52SAndrea Bolognani# 2233e308f20SDaniel P. Berrange# Since: 2.6 2243e308f20SDaniel P. Berrange## 2253e308f20SDaniel P. Berrange{ 'struct': 'QCryptoBlockCreateOptionsLUKS', 2263e308f20SDaniel P. Berrange 'base': 'QCryptoBlockOptionsLUKS', 227a092c513SMarkus Armbruster 'data': { '*cipher-alg': 'QCryptoCipherAlgo', 2283e308f20SDaniel P. Berrange '*cipher-mode': 'QCryptoCipherMode', 2295e0e5102SMarkus Armbruster '*ivgen-alg': 'QCryptoIVGenAlgo', 230ef834aa2SMarkus Armbruster '*ivgen-hash-alg': 'QCryptoHashAlgo', 231ef834aa2SMarkus Armbruster '*hash-alg': 'QCryptoHashAlgo', 232e818c01aSDaniel P. Berrangé '*iter-time': 'int' }} 2333e308f20SDaniel P. Berrange 2343e308f20SDaniel P. Berrange## 235c5927e7aSMarc-André Lureau# @QCryptoBlockOpenOptions: 2367d969014SDaniel P. Berrange# 237a937b6aaSMarkus Armbruster# The options that are available for all encryption formats when 238a937b6aaSMarkus Armbruster# opening an existing volume 2397d969014SDaniel P. Berrange# 2407d969014SDaniel P. Berrange# Since: 2.6 2417d969014SDaniel P. Berrange## 2427d969014SDaniel P. Berrange{ 'union': 'QCryptoBlockOpenOptions', 2437d969014SDaniel P. Berrange 'base': 'QCryptoBlockOptionsBase', 2447d969014SDaniel P. Berrange 'discriminator': 'format', 2453e308f20SDaniel P. Berrange 'data': { 'qcow': 'QCryptoBlockOptionsQCow', 2463e308f20SDaniel P. Berrange 'luks': 'QCryptoBlockOptionsLUKS' } } 2477d969014SDaniel P. Berrange 2487d969014SDaniel P. Berrange## 249c5927e7aSMarc-André Lureau# @QCryptoBlockCreateOptions: 2507d969014SDaniel P. Berrange# 251a937b6aaSMarkus Armbruster# The options that are available for all encryption formats when 252a937b6aaSMarkus Armbruster# initializing a new volume 2537d969014SDaniel P. Berrange# 2547d969014SDaniel P. Berrange# Since: 2.6 2557d969014SDaniel P. Berrange## 2567d969014SDaniel P. Berrange{ 'union': 'QCryptoBlockCreateOptions', 2577d969014SDaniel P. Berrange 'base': 'QCryptoBlockOptionsBase', 2587d969014SDaniel P. Berrange 'discriminator': 'format', 2593e308f20SDaniel P. Berrange 'data': { 'qcow': 'QCryptoBlockOptionsQCow', 2603e308f20SDaniel P. Berrange 'luks': 'QCryptoBlockCreateOptionsLUKS' } } 26140c85028SDaniel P. Berrange 26240c85028SDaniel P. Berrange## 263c5927e7aSMarc-André Lureau# @QCryptoBlockInfoBase: 26440c85028SDaniel P. Berrange# 265a937b6aaSMarkus Armbruster# The common information that applies to all full disk encryption 266a937b6aaSMarkus Armbruster# formats 26740c85028SDaniel P. Berrange# 26840c85028SDaniel P. Berrange# @format: the encryption format 26940c85028SDaniel P. Berrange# 27040c85028SDaniel P. Berrange# Since: 2.7 27140c85028SDaniel P. Berrange## 27240c85028SDaniel P. Berrange{ 'struct': 'QCryptoBlockInfoBase', 27340c85028SDaniel P. Berrange 'data': { 'format': 'QCryptoBlockFormat' }} 27440c85028SDaniel P. Berrange 27540c85028SDaniel P. Berrange## 276c5927e7aSMarc-André Lureau# @QCryptoBlockInfoLUKSSlot: 27740c85028SDaniel P. Berrange# 278a937b6aaSMarkus Armbruster# Information about the LUKS block encryption key slot options 27940c85028SDaniel P. Berrange# 28040c85028SDaniel P. Berrange# @active: whether the key slot is currently in use 281a937b6aaSMarkus Armbruster# 28240c85028SDaniel P. Berrange# @key-offset: offset to the key material in bytes 283a937b6aaSMarkus Armbruster# 2841d8bda12SMarkus Armbruster# @iters: number of PBKDF2 iterations for key material 285a937b6aaSMarkus Armbruster# 2861d8bda12SMarkus Armbruster# @stripes: number of stripes for splitting key material 28740c85028SDaniel P. Berrange# 28840c85028SDaniel P. Berrange# Since: 2.7 28940c85028SDaniel P. Berrange## 29040c85028SDaniel P. Berrange{ 'struct': 'QCryptoBlockInfoLUKSSlot', 29140c85028SDaniel P. Berrange 'data': {'active': 'bool', 29240c85028SDaniel P. Berrange '*iters': 'int', 29340c85028SDaniel P. Berrange '*stripes': 'int', 29440c85028SDaniel P. Berrange 'key-offset': 'int' } } 29540c85028SDaniel P. Berrange 29640c85028SDaniel P. Berrange## 297c5927e7aSMarc-André Lureau# @QCryptoBlockInfoLUKS: 29840c85028SDaniel P. Berrange# 29940c85028SDaniel P. Berrange# Information about the LUKS block encryption options 30040c85028SDaniel P. Berrange# 30140c85028SDaniel P. Berrange# @cipher-alg: the cipher algorithm for data encryption 302a937b6aaSMarkus Armbruster# 30340c85028SDaniel P. Berrange# @cipher-mode: the cipher mode for data encryption 304a937b6aaSMarkus Armbruster# 30540c85028SDaniel P. Berrange# @ivgen-alg: the initialization vector generator 306a937b6aaSMarkus Armbruster# 3071d8bda12SMarkus Armbruster# @ivgen-hash-alg: the initialization vector generator hash 308a937b6aaSMarkus Armbruster# 30940c85028SDaniel P. Berrange# @hash-alg: the master key hash algorithm 310a937b6aaSMarkus Armbruster# 3110bd779e2SHyman Huang# @detached-header: whether the LUKS header is detached (Since 9.0) 3120bd779e2SHyman Huang# 31340c85028SDaniel P. Berrange# @payload-offset: offset to the payload data in bytes 314a937b6aaSMarkus Armbruster# 31540c85028SDaniel P. Berrange# @master-key-iters: number of PBKDF2 iterations for key material 316a937b6aaSMarkus Armbruster# 31740c85028SDaniel P. Berrange# @uuid: unique identifier for the volume 318a937b6aaSMarkus Armbruster# 31940c85028SDaniel P. Berrange# @slots: information about each key slot 32040c85028SDaniel P. Berrange# 32140c85028SDaniel P. Berrange# Since: 2.7 32240c85028SDaniel P. Berrange## 32340c85028SDaniel P. Berrange{ 'struct': 'QCryptoBlockInfoLUKS', 324a092c513SMarkus Armbruster 'data': {'cipher-alg': 'QCryptoCipherAlgo', 32540c85028SDaniel P. Berrange 'cipher-mode': 'QCryptoCipherMode', 3265e0e5102SMarkus Armbruster 'ivgen-alg': 'QCryptoIVGenAlgo', 327ef834aa2SMarkus Armbruster '*ivgen-hash-alg': 'QCryptoHashAlgo', 328ef834aa2SMarkus Armbruster 'hash-alg': 'QCryptoHashAlgo', 3290bd779e2SHyman Huang 'detached-header': 'bool', 33040c85028SDaniel P. Berrange 'payload-offset': 'int', 33140c85028SDaniel P. Berrange 'master-key-iters': 'int', 33240c85028SDaniel P. Berrange 'uuid': 'str', 33340c85028SDaniel P. Berrange 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }} 33440c85028SDaniel P. Berrange 33540c85028SDaniel P. Berrange## 336c5927e7aSMarc-André Lureau# @QCryptoBlockInfo: 33740c85028SDaniel P. Berrange# 33840c85028SDaniel P. Berrange# Information about the block encryption options 33940c85028SDaniel P. Berrange# 34040c85028SDaniel P. Berrange# Since: 2.7 34140c85028SDaniel P. Berrange## 34240c85028SDaniel P. Berrange{ 'union': 'QCryptoBlockInfo', 34340c85028SDaniel P. Berrange 'base': 'QCryptoBlockInfoBase', 34440c85028SDaniel P. Berrange 'discriminator': 'format', 34529cd0403SAnton Nefedov 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } 34643cbd06dSMaxim Levitsky 347557d2bdcSMaxim Levitsky## 348557d2bdcSMaxim Levitsky# @QCryptoBlockLUKSKeyslotState: 349557d2bdcSMaxim Levitsky# 350557d2bdcSMaxim Levitsky# Defines state of keyslots that are affected by the update 351557d2bdcSMaxim Levitsky# 352557d2bdcSMaxim Levitsky# @active: The slots contain the given password and marked as active 353a937b6aaSMarkus Armbruster# 354a937b6aaSMarkus Armbruster# @inactive: The slots are erased (contain garbage) and marked as 355a937b6aaSMarkus Armbruster# inactive 356557d2bdcSMaxim Levitsky# 357557d2bdcSMaxim Levitsky# Since: 5.1 358557d2bdcSMaxim Levitsky## 359557d2bdcSMaxim Levitsky{ 'enum': 'QCryptoBlockLUKSKeyslotState', 360557d2bdcSMaxim Levitsky 'data': [ 'active', 'inactive' ] } 36143cbd06dSMaxim Levitsky 36243cbd06dSMaxim Levitsky## 363557d2bdcSMaxim Levitsky# @QCryptoBlockAmendOptionsLUKS: 364557d2bdcSMaxim Levitsky# 365a937b6aaSMarkus Armbruster# This struct defines the update parameters that activate/de-activate 366a937b6aaSMarkus Armbruster# set of keyslots 367557d2bdcSMaxim Levitsky# 368557d2bdcSMaxim Levitsky# @state: the desired state of the keyslots 369557d2bdcSMaxim Levitsky# 370a937b6aaSMarkus Armbruster# @new-secret: The ID of a QCryptoSecret object providing the password 371a937b6aaSMarkus Armbruster# to be written into added active keyslots 372557d2bdcSMaxim Levitsky# 373a937b6aaSMarkus Armbruster# @old-secret: Optional (for deactivation only) If given will 374a937b6aaSMarkus Armbruster# deactivate all keyslots that match password located in 375a937b6aaSMarkus Armbruster# QCryptoSecret with this ID 376557d2bdcSMaxim Levitsky# 377a937b6aaSMarkus Armbruster# @iter-time: Optional (for activation only) Number of milliseconds to 378a937b6aaSMarkus Armbruster# spend in PBKDF passphrase processing for the newly activated 379a937b6aaSMarkus Armbruster# keyslot. Currently defaults to 2000. 380557d2bdcSMaxim Levitsky# 381a937b6aaSMarkus Armbruster# @keyslot: Optional. ID of the keyslot to activate/deactivate. For 382a937b6aaSMarkus Armbruster# keyslot activation, keyslot should not be active already (this 383a937b6aaSMarkus Armbruster# is unsafe to update an active keyslot), but possible if 'force' 384a937b6aaSMarkus Armbruster# parameter is given. If keyslot is not given, first free keyslot 385a937b6aaSMarkus Armbruster# will be written. 386557d2bdcSMaxim Levitsky# 387557d2bdcSMaxim Levitsky# For keyslot deactivation, this parameter specifies the exact 388557d2bdcSMaxim Levitsky# keyslot to deactivate 389557d2bdcSMaxim Levitsky# 390557d2bdcSMaxim Levitsky# @secret: Optional. The ID of a QCryptoSecret object providing the 391a937b6aaSMarkus Armbruster# password to use to retrieve current master key. Defaults to the 392a937b6aaSMarkus Armbruster# same secret that was used to open the image 393557d2bdcSMaxim Levitsky# 394433a4fdcSMarkus Armbruster# Since: 5.1 395557d2bdcSMaxim Levitsky## 396557d2bdcSMaxim Levitsky{ 'struct': 'QCryptoBlockAmendOptionsLUKS', 397557d2bdcSMaxim Levitsky 'data': { 'state': 'QCryptoBlockLUKSKeyslotState', 398557d2bdcSMaxim Levitsky '*new-secret': 'str', 399557d2bdcSMaxim Levitsky '*old-secret': 'str', 400557d2bdcSMaxim Levitsky '*keyslot': 'int', 401557d2bdcSMaxim Levitsky '*iter-time': 'int', 402557d2bdcSMaxim Levitsky '*secret': 'str' } } 403557d2bdcSMaxim Levitsky 404557d2bdcSMaxim Levitsky## 40543cbd06dSMaxim Levitsky# @QCryptoBlockAmendOptions: 40643cbd06dSMaxim Levitsky# 407a937b6aaSMarkus Armbruster# The options that are available for all encryption formats when 408a937b6aaSMarkus Armbruster# amending encryption settings 40943cbd06dSMaxim Levitsky# 41043cbd06dSMaxim Levitsky# Since: 5.1 41143cbd06dSMaxim Levitsky## 41243cbd06dSMaxim Levitsky{ 'union': 'QCryptoBlockAmendOptions', 41343cbd06dSMaxim Levitsky 'base': 'QCryptoBlockOptionsBase', 41443cbd06dSMaxim Levitsky 'discriminator': 'format', 41543cbd06dSMaxim Levitsky 'data': { 416557d2bdcSMaxim Levitsky 'luks': 'QCryptoBlockAmendOptionsLUKS' } } 41739c4c27dSKevin Wolf 41839c4c27dSKevin Wolf## 41939c4c27dSKevin Wolf# @SecretCommonProperties: 42039c4c27dSKevin Wolf# 42139c4c27dSKevin Wolf# Properties for objects of classes derived from secret-common. 42239c4c27dSKevin Wolf# 423a937b6aaSMarkus Armbruster# @format: the data format that the secret is provided in 424a937b6aaSMarkus Armbruster# (default: raw) 42539c4c27dSKevin Wolf# 426a937b6aaSMarkus Armbruster# @keyid: the name of another secret that should be used to decrypt 427a937b6aaSMarkus Armbruster# the provided data. If not present, the data is assumed to be 428a937b6aaSMarkus Armbruster# unencrypted. 42939c4c27dSKevin Wolf# 430a937b6aaSMarkus Armbruster# @iv: the random initialization vector used for encryption of this 431a937b6aaSMarkus Armbruster# particular secret. Should be a base64 encrypted string of the 432a937b6aaSMarkus Armbruster# 16-byte IV. Mandatory if @keyid is given. Ignored if @keyid is 433a937b6aaSMarkus Armbruster# absent. 43439c4c27dSKevin Wolf# 43539c4c27dSKevin Wolf# Since: 2.6 43639c4c27dSKevin Wolf## 43739c4c27dSKevin Wolf{ 'struct': 'SecretCommonProperties', 43862eb377eSDaniel P. Berrangé 'data': { '*format': 'QCryptoSecretFormat', 43939c4c27dSKevin Wolf '*keyid': 'str', 44039c4c27dSKevin Wolf '*iv': 'str' } } 44139c4c27dSKevin Wolf 44239c4c27dSKevin Wolf## 44339c4c27dSKevin Wolf# @SecretProperties: 44439c4c27dSKevin Wolf# 44539c4c27dSKevin Wolf# Properties for secret objects. 44639c4c27dSKevin Wolf# 44739c4c27dSKevin Wolf# Either @data or @file must be provided, but not both. 44839c4c27dSKevin Wolf# 44939c4c27dSKevin Wolf# @data: the associated with the secret from 45039c4c27dSKevin Wolf# 45139c4c27dSKevin Wolf# @file: the filename to load the data associated with the secret from 45239c4c27dSKevin Wolf# 45339c4c27dSKevin Wolf# Since: 2.6 45439c4c27dSKevin Wolf## 45539c4c27dSKevin Wolf{ 'struct': 'SecretProperties', 45639c4c27dSKevin Wolf 'base': 'SecretCommonProperties', 45739c4c27dSKevin Wolf 'data': { '*data': 'str', 45839c4c27dSKevin Wolf '*file': 'str' } } 45939c4c27dSKevin Wolf 46039c4c27dSKevin Wolf## 46139c4c27dSKevin Wolf# @SecretKeyringProperties: 46239c4c27dSKevin Wolf# 46339c4c27dSKevin Wolf# Properties for secret_keyring objects. 46439c4c27dSKevin Wolf# 46539c4c27dSKevin Wolf# @serial: serial number that identifies a key to get from the kernel 46639c4c27dSKevin Wolf# 46739c4c27dSKevin Wolf# Since: 5.1 46839c4c27dSKevin Wolf## 46939c4c27dSKevin Wolf{ 'struct': 'SecretKeyringProperties', 47039c4c27dSKevin Wolf 'base': 'SecretCommonProperties', 471657ea58bSStefano Garzarella 'data': { 'serial': 'int32' }, 472657ea58bSStefano Garzarella 'if': 'CONFIG_SECRET_KEYRING' } 473d09e4937SKevin Wolf 474d09e4937SKevin Wolf## 475d09e4937SKevin Wolf# @TlsCredsProperties: 476d09e4937SKevin Wolf# 477d09e4937SKevin Wolf# Properties for objects of classes derived from tls-creds. 478d09e4937SKevin Wolf# 479d09e4937SKevin Wolf# @verify-peer: if true the peer credentials will be verified once the 480d09e4937SKevin Wolf# handshake is completed. This is a no-op for anonymous 481d09e4937SKevin Wolf# credentials. (default: true) 482d09e4937SKevin Wolf# 483d09e4937SKevin Wolf# @dir: the path of the directory that contains the credential files 484d09e4937SKevin Wolf# 485a937b6aaSMarkus Armbruster# @endpoint: whether the QEMU network backend that uses the 486a937b6aaSMarkus Armbruster# credentials will be acting as a client or as a server 487a937b6aaSMarkus Armbruster# (default: client) 488d09e4937SKevin Wolf# 489d09e4937SKevin Wolf# @priority: a gnutls priority string as described at 490d09e4937SKevin Wolf# https://gnutls.org/manual/html_node/Priority-Strings.html 491d09e4937SKevin Wolf# 492d09e4937SKevin Wolf# Since: 2.5 493d09e4937SKevin Wolf## 494d09e4937SKevin Wolf{ 'struct': 'TlsCredsProperties', 495d09e4937SKevin Wolf 'data': { '*verify-peer': 'bool', 496d09e4937SKevin Wolf '*dir': 'str', 497d09e4937SKevin Wolf '*endpoint': 'QCryptoTLSCredsEndpoint', 498d09e4937SKevin Wolf '*priority': 'str' } } 499d09e4937SKevin Wolf 500d09e4937SKevin Wolf## 501d09e4937SKevin Wolf# @TlsCredsAnonProperties: 502d09e4937SKevin Wolf# 503d09e4937SKevin Wolf# Properties for tls-creds-anon objects. 504d09e4937SKevin Wolf# 505d09e4937SKevin Wolf# Since: 2.5 506d09e4937SKevin Wolf## 507d09e4937SKevin Wolf{ 'struct': 'TlsCredsAnonProperties', 508d09e4937SKevin Wolf 'base': 'TlsCredsProperties', 50962eb377eSDaniel P. Berrangé 'data': { } } 510d09e4937SKevin Wolf 511d09e4937SKevin Wolf## 512d09e4937SKevin Wolf# @TlsCredsPskProperties: 513d09e4937SKevin Wolf# 514d09e4937SKevin Wolf# Properties for tls-creds-psk objects. 515d09e4937SKevin Wolf# 516a937b6aaSMarkus Armbruster# @username: the username which will be sent to the server. For 517a937b6aaSMarkus Armbruster# clients only. If absent, "qemu" is sent and the property will 518a937b6aaSMarkus Armbruster# read back as an empty string. 519d09e4937SKevin Wolf# 520d09e4937SKevin Wolf# Since: 3.0 521d09e4937SKevin Wolf## 522d09e4937SKevin Wolf{ 'struct': 'TlsCredsPskProperties', 523d09e4937SKevin Wolf 'base': 'TlsCredsProperties', 52462eb377eSDaniel P. Berrangé 'data': { '*username': 'str' } } 525d09e4937SKevin Wolf 526d09e4937SKevin Wolf## 527d09e4937SKevin Wolf# @TlsCredsX509Properties: 528d09e4937SKevin Wolf# 529d09e4937SKevin Wolf# Properties for tls-creds-x509 objects. 530d09e4937SKevin Wolf# 531d09e4937SKevin Wolf# @sanity-check: if true, perform some sanity checks before using the 532d09e4937SKevin Wolf# credentials (default: true) 533d09e4937SKevin Wolf# 534a937b6aaSMarkus Armbruster# @passwordid: For the server-key.pem and client-key.pem files which 535a937b6aaSMarkus Armbruster# contain sensitive private keys, it is possible to use an 536a937b6aaSMarkus Armbruster# encrypted version by providing the @passwordid parameter. This 537a937b6aaSMarkus Armbruster# provides the ID of a previously created secret object containing 538a937b6aaSMarkus Armbruster# the password for decryption. 539d09e4937SKevin Wolf# 540d09e4937SKevin Wolf# Since: 2.5 541d09e4937SKevin Wolf## 542d09e4937SKevin Wolf{ 'struct': 'TlsCredsX509Properties', 543d09e4937SKevin Wolf 'base': 'TlsCredsProperties', 54462eb377eSDaniel P. Berrangé 'data': { '*sanity-check': 'bool', 545d09e4937SKevin Wolf '*passwordid': 'str' } } 546daa55f3eSLei He## 547cd48d82aSMarkus Armbruster# @QCryptoAkCipherAlgo: 548daa55f3eSLei He# 549daa55f3eSLei He# The supported algorithms for asymmetric encryption ciphers 550daa55f3eSLei He# 551daa55f3eSLei He# @rsa: RSA algorithm 552daa55f3eSLei He# 553daa55f3eSLei He# Since: 7.1 554daa55f3eSLei He## 555cd48d82aSMarkus Armbruster{ 'enum': 'QCryptoAkCipherAlgo', 556daa55f3eSLei He 'data': ['rsa']} 557daa55f3eSLei He 558daa55f3eSLei He## 559daa55f3eSLei He# @QCryptoAkCipherKeyType: 560daa55f3eSLei He# 561daa55f3eSLei He# The type of asymmetric keys. 562daa55f3eSLei He# 5636b467266SMarkus Armbruster# @public: public key 5646b467266SMarkus Armbruster# 5656b467266SMarkus Armbruster# @private: private key 5666b467266SMarkus Armbruster# 567daa55f3eSLei He# Since: 7.1 568daa55f3eSLei He## 569daa55f3eSLei He{ 'enum': 'QCryptoAkCipherKeyType', 570daa55f3eSLei He 'data': ['public', 'private']} 571daa55f3eSLei He 572daa55f3eSLei He## 573c96050f4SMarkus Armbruster# @QCryptoRSAPaddingAlgo: 574daa55f3eSLei He# 575daa55f3eSLei He# The padding algorithm for RSA. 576daa55f3eSLei He# 577daa55f3eSLei He# @raw: no padding used 578a937b6aaSMarkus Armbruster# 579daa55f3eSLei He# @pkcs1: pkcs1#v1.5 580daa55f3eSLei He# 581daa55f3eSLei He# Since: 7.1 582daa55f3eSLei He## 583c96050f4SMarkus Armbruster{ 'enum': 'QCryptoRSAPaddingAlgo', 584daa55f3eSLei He 'data': ['raw', 'pkcs1']} 585daa55f3eSLei He 586daa55f3eSLei He## 587daa55f3eSLei He# @QCryptoAkCipherOptionsRSA: 588daa55f3eSLei He# 589daa55f3eSLei He# Specific parameters for RSA algorithm. 590daa55f3eSLei He# 591ef834aa2SMarkus Armbruster# @hash-alg: QCryptoHashAlgo 592a937b6aaSMarkus Armbruster# 593c96050f4SMarkus Armbruster# @padding-alg: QCryptoRSAPaddingAlgo 594daa55f3eSLei He# 595daa55f3eSLei He# Since: 7.1 596daa55f3eSLei He## 597daa55f3eSLei He{ 'struct': 'QCryptoAkCipherOptionsRSA', 598ef834aa2SMarkus Armbruster 'data': { 'hash-alg':'QCryptoHashAlgo', 599c96050f4SMarkus Armbruster 'padding-alg': 'QCryptoRSAPaddingAlgo'}} 600daa55f3eSLei He 601daa55f3eSLei He## 602daa55f3eSLei He# @QCryptoAkCipherOptions: 603daa55f3eSLei He# 604daa55f3eSLei He# The options that are available for all asymmetric key algorithms 605daa55f3eSLei He# when creating a new QCryptoAkCipher. 606daa55f3eSLei He# 60789a2273bSMarkus Armbruster# @alg: encryption cipher algorithm 60889a2273bSMarkus Armbruster# 609daa55f3eSLei He# Since: 7.1 610daa55f3eSLei He## 611daa55f3eSLei He{ 'union': 'QCryptoAkCipherOptions', 612cd48d82aSMarkus Armbruster 'base': { 'alg': 'QCryptoAkCipherAlgo' }, 613daa55f3eSLei He 'discriminator': 'alg', 614daa55f3eSLei He 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }} 615