xref: /openbmc/qemu/include/crypto/tlscredsx509.h (revision 8fa3b702)
1 /*
2  * QEMU crypto TLS x509 credential support
3  *
4  * Copyright (c) 2015 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QCRYPTO_TLSCREDSX509_H
22 #define QCRYPTO_TLSCREDSX509_H
23 
24 #include "crypto/tlscreds.h"
25 #include "qom/object.h"
26 
27 #define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509"
28 typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509;
29 DECLARE_INSTANCE_CHECKER(QCryptoTLSCredsX509, QCRYPTO_TLS_CREDS_X509,
30                          TYPE_QCRYPTO_TLS_CREDS_X509)
31 
32 typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class;
33 
34 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
35 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
36 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
37 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
39 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
40 
41 
42 /**
43  * QCryptoTLSCredsX509:
44  *
45  * The QCryptoTLSCredsX509 object provides a representation
46  * of x509 credentials used to perform a TLS handshake.
47  *
48  * This is a user creatable object, which can be instantiated
49  * via object_new_propv():
50  *
51  * <example>
52  *   <title>Creating x509 TLS credential objects in code</title>
53  *   <programlisting>
54  *   Object *obj;
55  *   Error *err = NULL;
56  *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509,
57  *                          "tlscreds0",
58  *                          &err,
59  *                          "endpoint", "server",
60  *                          "dir", "/path/x509/cert/dir",
61  *                          "verify-peer", "yes",
62  *                          NULL);
63  *   </programlisting>
64  * </example>
65  *
66  * Or via QMP:
67  *
68  * <example>
69  *   <title>Creating x509 TLS credential objects via QMP</title>
70  *   <programlisting>
71  *    {
72  *       "execute": "object-add", "arguments": {
73  *          "id": "tlscreds0",
74  *          "qom-type": "tls-creds-x509",
75  *          "props": {
76  *             "endpoint": "server",
77  *             "dir": "/path/to/x509/cert/dir",
78  *             "verify-peer": false
79  *          }
80  *       }
81  *    }
82  *   </programlisting>
83  * </example>
84  *
85  *
86  * Or via the CLI:
87  *
88  * <example>
89  *   <title>Creating x509 TLS credential objects via CLI</title>
90  *   <programlisting>
91  *  qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\
92  *          endpoint=server,verify-peer=off,\
93  *          dir=/path/to/x509/certdir/
94  *   </programlisting>
95  * </example>
96  *
97  */
98 
99 struct QCryptoTLSCredsX509 {
100     QCryptoTLSCreds parent_obj;
101 #ifdef CONFIG_GNUTLS
102     gnutls_certificate_credentials_t data;
103 #endif
104     bool sanityCheck;
105     char *passwordid;
106 };
107 
108 
109 struct QCryptoTLSCredsX509Class {
110     QCryptoTLSCredsClass parent_class;
111 };
112 
113 
114 #endif /* QCRYPTO_TLSCREDSX509_H */
115