xref: /openbmc/qemu/qapi/crypto.json (revision 4ae65a52) 
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# = Cryptography
7##
8
9##
10# @QCryptoTLSCredsEndpoint:
11#
12# The type of network endpoint that will be using the credentials.
13# Most types of credential require different setup / structures
14# depending on whether they will be used in a server versus a
15# client.
16#
17# @client: the network endpoint is acting as the client
18#
19# @server: the network endpoint is acting as the server
20#
21# Since: 2.5
22##
23{ 'enum': 'QCryptoTLSCredsEndpoint',
24  'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
25  'data': ['client', 'server']}
26
27
28##
29# @QCryptoSecretFormat:
30#
31# The data format that the secret is provided in
32#
33# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
34# @base64: arbitrary base64 encoded binary data
35#
36# Since: 2.6
37##
38{ 'enum': 'QCryptoSecretFormat',
39  'prefix': 'QCRYPTO_SECRET_FORMAT',
40  'data': ['raw', 'base64']}
41
42
43##
44# @QCryptoHashAlgorithm:
45#
46# The supported algorithms for computing content digests
47#
48# @md5: MD5. Should not be used in any new code, legacy compat only
49# @sha1: SHA-1. Should not be used in any new code, legacy compat only
50# @sha224: SHA-224. (since 2.7)
51# @sha256: SHA-256. Current recommended strong hash.
52# @sha384: SHA-384. (since 2.7)
53# @sha512: SHA-512. (since 2.7)
54# @ripemd160: RIPEMD-160. (since 2.7)
55#
56# Since: 2.6
57##
58{ 'enum': 'QCryptoHashAlgorithm',
59  'prefix': 'QCRYPTO_HASH_ALG',
60  'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
61
62
63##
64# @QCryptoCipherAlgorithm:
65#
66# The supported algorithms for content encryption ciphers
67#
68# @aes-128: AES with 128 bit / 16 byte keys
69# @aes-192: AES with 192 bit / 24 byte keys
70# @aes-256: AES with 256 bit / 32 byte keys
71# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. (since 6.1)
72# @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9)
73# @cast5-128: Cast5 with 128 bit / 16 byte keys
74# @serpent-128: Serpent with 128 bit / 16 byte keys
75# @serpent-192: Serpent with 192 bit / 24 byte keys
76# @serpent-256: Serpent with 256 bit / 32 byte keys
77# @twofish-128: Twofish with 128 bit / 16 byte keys
78# @twofish-192: Twofish with 192 bit / 24 byte keys
79# @twofish-256: Twofish with 256 bit / 32 byte keys
80#
81# Since: 2.6
82##
83{ 'enum': 'QCryptoCipherAlgorithm',
84  'prefix': 'QCRYPTO_CIPHER_ALG',
85  'data': ['aes-128', 'aes-192', 'aes-256',
86           'des', '3des',
87           'cast5-128',
88           'serpent-128', 'serpent-192', 'serpent-256',
89           'twofish-128', 'twofish-192', 'twofish-256']}
90
91
92##
93# @QCryptoCipherMode:
94#
95# The supported modes for content encryption ciphers
96#
97# @ecb: Electronic Code Book
98# @cbc: Cipher Block Chaining
99# @xts: XEX with tweaked code book and ciphertext stealing
100# @ctr: Counter (Since 2.8)
101#
102# Since: 2.6
103##
104{ 'enum': 'QCryptoCipherMode',
105  'prefix': 'QCRYPTO_CIPHER_MODE',
106  'data': ['ecb', 'cbc', 'xts', 'ctr']}
107
108
109##
110# @QCryptoIVGenAlgorithm:
111#
112# The supported algorithms for generating initialization
113# vectors for full disk encryption. The 'plain' generator
114# should not be used for disks with sector numbers larger
115# than 2^32, except where compatibility with pre-existing
116# Linux dm-crypt volumes is required.
117#
118# @plain: 64-bit sector number truncated to 32-bits
119# @plain64: 64-bit sector number
120# @essiv: 64-bit sector number encrypted with a hash of the encryption key
121#
122# Since: 2.6
123##
124{ 'enum': 'QCryptoIVGenAlgorithm',
125  'prefix': 'QCRYPTO_IVGEN_ALG',
126  'data': ['plain', 'plain64', 'essiv']}
127
128##
129# @QCryptoBlockFormat:
130#
131# The supported full disk encryption formats
132#
133# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
134#        for liberating data from old images.
135# @luks: LUKS encryption format. Recommended for new images
136#
137# Since: 2.6
138##
139{ 'enum': 'QCryptoBlockFormat',
140#  'prefix': 'QCRYPTO_BLOCK_FORMAT',
141  'data': ['qcow', 'luks']}
142
143##
144# @QCryptoBlockOptionsBase:
145#
146# The common options that apply to all full disk
147# encryption formats
148#
149# @format: the encryption format
150#
151# Since: 2.6
152##
153{ 'struct': 'QCryptoBlockOptionsBase',
154  'data': { 'format': 'QCryptoBlockFormat' }}
155
156##
157# @QCryptoBlockOptionsQCow:
158#
159# The options that apply to QCow/QCow2 AES-CBC encryption format
160#
161# @key-secret: the ID of a QCryptoSecret object providing the
162#              decryption key. Mandatory except when probing image for
163#              metadata only.
164#
165# Since: 2.6
166##
167{ 'struct': 'QCryptoBlockOptionsQCow',
168  'data': { '*key-secret': 'str' }}
169
170##
171# @QCryptoBlockOptionsLUKS:
172#
173# The options that apply to LUKS encryption format
174#
175# @key-secret: the ID of a QCryptoSecret object providing the
176#              decryption key. Mandatory except when probing image for
177#              metadata only.
178#
179# Since: 2.6
180##
181{ 'struct': 'QCryptoBlockOptionsLUKS',
182  'data': { '*key-secret': 'str' }}
183
184
185##
186# @QCryptoBlockCreateOptionsLUKS:
187#
188# The options that apply to LUKS encryption format initialization
189#
190# @cipher-alg: the cipher algorithm for data encryption
191#              Currently defaults to 'aes-256'.
192# @cipher-mode: the cipher mode for data encryption
193#               Currently defaults to 'xts'
194# @ivgen-alg: the initialization vector generator
195#             Currently defaults to 'plain64'
196# @ivgen-hash-alg: the initialization vector generator hash
197#                  Currently defaults to 'sha256'
198# @hash-alg: the master key hash algorithm
199#            Currently defaults to 'sha256'
200# @iter-time: number of milliseconds to spend in
201#             PBKDF passphrase processing. Currently defaults
202#             to 2000. (since 2.8)
203#
204# Since: 2.6
205##
206{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
207  'base': 'QCryptoBlockOptionsLUKS',
208  'data': { '*cipher-alg': 'QCryptoCipherAlgorithm',
209            '*cipher-mode': 'QCryptoCipherMode',
210            '*ivgen-alg': 'QCryptoIVGenAlgorithm',
211            '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
212            '*hash-alg': 'QCryptoHashAlgorithm',
213            '*iter-time': 'int'}}
214
215
216##
217# @QCryptoBlockOpenOptions:
218#
219# The options that are available for all encryption formats
220# when opening an existing volume
221#
222# Since: 2.6
223##
224{ 'union': 'QCryptoBlockOpenOptions',
225  'base': 'QCryptoBlockOptionsBase',
226  'discriminator': 'format',
227  'data': { 'qcow': 'QCryptoBlockOptionsQCow',
228            'luks': 'QCryptoBlockOptionsLUKS' } }
229
230
231##
232# @QCryptoBlockCreateOptions:
233#
234# The options that are available for all encryption formats
235# when initializing a new volume
236#
237# Since: 2.6
238##
239{ 'union': 'QCryptoBlockCreateOptions',
240  'base': 'QCryptoBlockOptionsBase',
241  'discriminator': 'format',
242  'data': { 'qcow': 'QCryptoBlockOptionsQCow',
243            'luks': 'QCryptoBlockCreateOptionsLUKS' } }
244
245
246##
247# @QCryptoBlockInfoBase:
248#
249# The common information that applies to all full disk
250# encryption formats
251#
252# @format: the encryption format
253#
254# Since: 2.7
255##
256{ 'struct': 'QCryptoBlockInfoBase',
257  'data': { 'format': 'QCryptoBlockFormat' }}
258
259
260##
261# @QCryptoBlockInfoLUKSSlot:
262#
263# Information about the LUKS block encryption key
264# slot options
265#
266# @active: whether the key slot is currently in use
267# @key-offset: offset to the key material in bytes
268# @iters: number of PBKDF2 iterations for key material
269# @stripes: number of stripes for splitting key material
270#
271# Since: 2.7
272##
273{ 'struct': 'QCryptoBlockInfoLUKSSlot',
274  'data': {'active': 'bool',
275           '*iters': 'int',
276           '*stripes': 'int',
277           'key-offset': 'int' } }
278
279
280##
281# @QCryptoBlockInfoLUKS:
282#
283# Information about the LUKS block encryption options
284#
285# @cipher-alg: the cipher algorithm for data encryption
286# @cipher-mode: the cipher mode for data encryption
287# @ivgen-alg: the initialization vector generator
288# @ivgen-hash-alg: the initialization vector generator hash
289# @hash-alg: the master key hash algorithm
290# @payload-offset: offset to the payload data in bytes
291# @master-key-iters: number of PBKDF2 iterations for key material
292# @uuid: unique identifier for the volume
293# @slots: information about each key slot
294#
295# Since: 2.7
296##
297{ 'struct': 'QCryptoBlockInfoLUKS',
298  'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
299           'cipher-mode': 'QCryptoCipherMode',
300           'ivgen-alg': 'QCryptoIVGenAlgorithm',
301           '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
302           'hash-alg': 'QCryptoHashAlgorithm',
303           'payload-offset': 'int',
304           'master-key-iters': 'int',
305           'uuid': 'str',
306           'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
307
308##
309# @QCryptoBlockInfo:
310#
311# Information about the block encryption options
312#
313# Since: 2.7
314##
315{ 'union': 'QCryptoBlockInfo',
316  'base': 'QCryptoBlockInfoBase',
317  'discriminator': 'format',
318  'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
319
320##
321# @QCryptoBlockLUKSKeyslotState:
322#
323# Defines state of keyslots that are affected by the update
324#
325# @active:    The slots contain the given password and marked as active
326# @inactive:  The slots are erased (contain garbage) and marked as inactive
327#
328# Since: 5.1
329##
330{ 'enum': 'QCryptoBlockLUKSKeyslotState',
331  'data': [ 'active', 'inactive' ] }
332
333
334##
335# @QCryptoBlockAmendOptionsLUKS:
336#
337# This struct defines the update parameters that activate/de-activate set
338# of keyslots
339#
340# @state: the desired state of the keyslots
341#
342# @new-secret:    The ID of a QCryptoSecret object providing the password to be
343#                 written into added active keyslots
344#
345# @old-secret:    Optional (for deactivation only)
346#                 If given will deactivate all keyslots that
347#                 match password located in QCryptoSecret with this ID
348#
349# @iter-time:     Optional (for activation only)
350#                 Number of milliseconds to spend in
351#                 PBKDF passphrase processing for the newly activated keyslot.
352#                 Currently defaults to 2000.
353#
354# @keyslot:       Optional. ID of the keyslot to activate/deactivate.
355#                 For keyslot activation, keyslot should not be active already
356#                 (this is unsafe to update an active keyslot),
357#                 but possible if 'force' parameter is given.
358#                 If keyslot is not given, first free keyslot will be written.
359#
360#                 For keyslot deactivation, this parameter specifies the exact
361#                 keyslot to deactivate
362#
363# @secret:        Optional. The ID of a QCryptoSecret object providing the
364#                 password to use to retrieve current master key.
365#                 Defaults to the same secret that was used to open the image
366#
367# Since: 5.1
368##
369{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
370  'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
371            '*new-secret': 'str',
372            '*old-secret': 'str',
373            '*keyslot': 'int',
374            '*iter-time': 'int',
375            '*secret': 'str' } }
376
377##
378# @QCryptoBlockAmendOptions:
379#
380# The options that are available for all encryption formats
381# when amending encryption settings
382#
383# Since: 5.1
384##
385{ 'union': 'QCryptoBlockAmendOptions',
386  'base': 'QCryptoBlockOptionsBase',
387  'discriminator': 'format',
388  'data': {
389          'luks': 'QCryptoBlockAmendOptionsLUKS' } }
390
391##
392# @SecretCommonProperties:
393#
394# Properties for objects of classes derived from secret-common.
395#
396# @loaded: if true, the secret is loaded immediately when applying this option
397#          and will probably fail when processing the next option. Don't use;
398#          only provided for compatibility. (default: false)
399#
400# @format: the data format that the secret is provided in (default: raw)
401#
402# @keyid: the name of another secret that should be used to decrypt the
403#         provided data. If not present, the data is assumed to be unencrypted.
404#
405# @iv: the random initialization vector used for encryption of this particular
406#      secret. Should be a base64 encrypted string of the 16-byte IV. Mandatory
407#      if @keyid is given. Ignored if @keyid is absent.
408#
409# Features:
410# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
411#              and false is already the default.
412#
413# Since: 2.6
414##
415{ 'struct': 'SecretCommonProperties',
416  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
417            '*format': 'QCryptoSecretFormat',
418            '*keyid': 'str',
419            '*iv': 'str' } }
420
421##
422# @SecretProperties:
423#
424# Properties for secret objects.
425#
426# Either @data or @file must be provided, but not both.
427#
428# @data: the associated with the secret from
429#
430# @file: the filename to load the data associated with the secret from
431#
432# Since: 2.6
433##
434{ 'struct': 'SecretProperties',
435  'base': 'SecretCommonProperties',
436  'data': { '*data': 'str',
437            '*file': 'str' } }
438
439##
440# @SecretKeyringProperties:
441#
442# Properties for secret_keyring objects.
443#
444# @serial: serial number that identifies a key to get from the kernel
445#
446# Since: 5.1
447##
448{ 'struct': 'SecretKeyringProperties',
449  'base': 'SecretCommonProperties',
450  'data': { 'serial': 'int32' } }
451
452##
453# @TlsCredsProperties:
454#
455# Properties for objects of classes derived from tls-creds.
456#
457# @verify-peer: if true the peer credentials will be verified once the
458#               handshake is completed.  This is a no-op for anonymous
459#               credentials. (default: true)
460#
461# @dir: the path of the directory that contains the credential files
462#
463# @endpoint: whether the QEMU network backend that uses the credentials will be
464#            acting as a client or as a server (default: client)
465#
466# @priority: a gnutls priority string as described at
467#            https://gnutls.org/manual/html_node/Priority-Strings.html
468#
469# Since: 2.5
470##
471{ 'struct': 'TlsCredsProperties',
472  'data': { '*verify-peer': 'bool',
473            '*dir': 'str',
474            '*endpoint': 'QCryptoTLSCredsEndpoint',
475            '*priority': 'str' } }
476
477##
478# @TlsCredsAnonProperties:
479#
480# Properties for tls-creds-anon objects.
481#
482# @loaded: if true, the credentials are loaded immediately when applying this
483#          option and will ignore options that are processed later. Don't use;
484#          only provided for compatibility. (default: false)
485#
486# Features:
487# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
488#              and false is already the default.
489#
490# Since: 2.5
491##
492{ 'struct': 'TlsCredsAnonProperties',
493  'base': 'TlsCredsProperties',
494  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } }
495
496##
497# @TlsCredsPskProperties:
498#
499# Properties for tls-creds-psk objects.
500#
501# @loaded: if true, the credentials are loaded immediately when applying this
502#          option and will ignore options that are processed later. Don't use;
503#          only provided for compatibility. (default: false)
504#
505# @username: the username which will be sent to the server.  For clients only.
506#            If absent, "qemu" is sent and the property will read back as an
507#            empty string.
508#
509# Features:
510# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
511#              and false is already the default.
512#
513# Since: 3.0
514##
515{ 'struct': 'TlsCredsPskProperties',
516  'base': 'TlsCredsProperties',
517  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
518            '*username': 'str' } }
519
520##
521# @TlsCredsX509Properties:
522#
523# Properties for tls-creds-x509 objects.
524#
525# @loaded: if true, the credentials are loaded immediately when applying this
526#          option and will ignore options that are processed later. Don't use;
527#          only provided for compatibility. (default: false)
528#
529# @sanity-check: if true, perform some sanity checks before using the
530#                credentials (default: true)
531#
532# @passwordid: For the server-key.pem and client-key.pem files which contain
533#              sensitive private keys, it is possible to use an encrypted
534#              version by providing the @passwordid parameter.  This provides
535#              the ID of a previously created secret object containing the
536#              password for decryption.
537#
538# Features:
539# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
540#              and false is already the default.
541#
542# Since: 2.5
543##
544{ 'struct': 'TlsCredsX509Properties',
545  'base': 'TlsCredsProperties',
546  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
547            '*sanity-check': 'bool',
548            '*passwordid': 'str' } }
549