1 /* 2 * QEMU crypto TLS anonymous credential support 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QCRYPTO_TLSCRED_ANON_H__ 22 #define QCRYPTO_TLSCRED_ANON_H__ 23 24 #include "crypto/tlscreds.h" 25 26 #define TYPE_QCRYPTO_TLS_CREDS_ANON "tls-creds-anon" 27 #define QCRYPTO_TLS_CREDS_ANON(obj) \ 28 OBJECT_CHECK(QCryptoTLSCredsAnon, (obj), TYPE_QCRYPTO_TLS_CREDS_ANON) 29 30 31 typedef struct QCryptoTLSCredsAnon QCryptoTLSCredsAnon; 32 typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsAnonClass; 33 34 /** 35 * QCryptoTLSCredsAnon: 36 * 37 * The QCryptoTLSCredsAnon object provides a representation 38 * of anonymous credentials used perform a TLS handshake. 39 * This is primarily provided for backwards compatibility and 40 * its use is discouraged as it has poor security characteristics 41 * due to lacking MITM attack protection amongst other problems. 42 * 43 * This is a user creatable object, which can be instantiated 44 * via object_new_propv(): 45 * 46 * <example> 47 * <title>Creating anonymous TLS credential objects in code</title> 48 * <programlisting> 49 * Object *obj; 50 * Error *err = NULL; 51 * obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_ANON, 52 * "tlscreds0", 53 * &err, 54 * "endpoint", "server", 55 * "dir", "/path/x509/cert/dir", 56 * "verify-peer", "yes", 57 * NULL); 58 * </programlisting> 59 * </example> 60 * 61 * Or via QMP: 62 * 63 * <example> 64 * <title>Creating anonymous TLS credential objects via QMP</title> 65 * <programlisting> 66 * { 67 * "execute": "object-add", "arguments": { 68 * "id": "tlscreds0", 69 * "qom-type": "tls-creds-anon", 70 * "props": { 71 * "endpoint": "server", 72 * "dir": "/path/to/x509/cert/dir", 73 * "verify-peer": false 74 * } 75 * } 76 * } 77 * </programlisting> 78 * </example> 79 * 80 * 81 * Or via the CLI: 82 * 83 * <example> 84 * <title>Creating anonymous TLS credential objects via CLI</title> 85 * <programlisting> 86 * qemu-system-x86_64 -object tls-creds-anon,id=tlscreds0,\ 87 * endpoint=server,verify-peer=off,\ 88 * dir=/path/to/x509/certdir/ 89 * </programlisting> 90 * </example> 91 * 92 */ 93 94 95 struct QCryptoTLSCredsAnon { 96 QCryptoTLSCreds parent_obj; 97 #ifdef CONFIG_GNUTLS 98 union { 99 gnutls_anon_server_credentials_t server; 100 gnutls_anon_client_credentials_t client; 101 } data; 102 #endif 103 }; 104 105 106 struct QCryptoTLSCredsAnonClass { 107 QCryptoTLSCredsClass parent_class; 108 }; 109 110 111 #endif /* QCRYPTO_TLSCRED_H__ */ 112 113