xref: /openbmc/qemu/include/crypto/tlscredsanon.h (revision c00506aa) 
1 /*
2  * QEMU crypto TLS anonymous credential support
3  *
4  * Copyright (c) 2015 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QCRYPTO_TLSCREDSANON_H
22 #define QCRYPTO_TLSCREDSANON_H
23 
24 #include "crypto/tlscreds.h"
25 #include "qom/object.h"
26 
27 #define TYPE_QCRYPTO_TLS_CREDS_ANON "tls-creds-anon"
28 typedef struct QCryptoTLSCredsAnon QCryptoTLSCredsAnon;
29 DECLARE_INSTANCE_CHECKER(QCryptoTLSCredsAnon, QCRYPTO_TLS_CREDS_ANON,
30                          TYPE_QCRYPTO_TLS_CREDS_ANON)
31 
32 
33 typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsAnonClass;
34 
35 /**
36  * QCryptoTLSCredsAnon:
37  *
38  * The QCryptoTLSCredsAnon object provides a representation
39  * of anonymous credentials used perform a TLS handshake.
40  * This is primarily provided for backwards compatibility and
41  * its use is discouraged as it has poor security characteristics
42  * due to lacking MITM attack protection amongst other problems.
43  *
44  * This is a user creatable object, which can be instantiated
45  * via object_new_propv():
46  *
47  * <example>
48  *   <title>Creating anonymous TLS credential objects in code</title>
49  *   <programlisting>
50  *   Object *obj;
51  *   Error *err = NULL;
52  *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_ANON,
53  *                          "tlscreds0",
54  *                          &err,
55  *                          "endpoint", "server",
56  *                          "dir", "/path/x509/cert/dir",
57  *                          "verify-peer", "yes",
58  *                          NULL);
59  *   </programlisting>
60  * </example>
61  *
62  * Or via QMP:
63  *
64  * <example>
65  *   <title>Creating anonymous TLS credential objects via QMP</title>
66  *   <programlisting>
67  *    {
68  *       "execute": "object-add", "arguments": {
69  *          "id": "tlscreds0",
70  *          "qom-type": "tls-creds-anon",
71  *          "props": {
72  *             "endpoint": "server",
73  *             "dir": "/path/to/x509/cert/dir",
74  *             "verify-peer": false
75  *          }
76  *       }
77  *    }
78  *   </programlisting>
79  * </example>
80  *
81  *
82  * Or via the CLI:
83  *
84  * <example>
85  *   <title>Creating anonymous TLS credential objects via CLI</title>
86  *   <programlisting>
87  *  qemu-system-x86_64 -object tls-creds-anon,id=tlscreds0,\
88  *          endpoint=server,verify-peer=off,\
89  *          dir=/path/to/x509/certdir/
90  *   </programlisting>
91  * </example>
92  *
93  */
94 
95 
96 struct QCryptoTLSCredsAnon {
97     QCryptoTLSCreds parent_obj;
98 #ifdef CONFIG_GNUTLS
99     union {
100         gnutls_anon_server_credentials_t server;
101         gnutls_anon_client_credentials_t client;
102     } data;
103 #endif
104 };
105 
106 
107 struct QCryptoTLSCredsAnonClass {
108     QCryptoTLSCredsClass parent_class;
109 };
110 
111 
112 #endif /* QCRYPTO_TLSCREDSANON_H */
113