xref: /openbmc/qemu/qapi/crypto.json (revision d6cd3ae0)
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# = Cryptography
7##
8
9##
10# @QCryptoTLSCredsEndpoint:
11#
12# The type of network endpoint that will be using the credentials.
13# Most types of credential require different setup / structures
14# depending on whether they will be used in a server versus a
15# client.
16#
17# @client: the network endpoint is acting as the client
18#
19# @server: the network endpoint is acting as the server
20#
21# Since: 2.5
22##
23{ 'enum': 'QCryptoTLSCredsEndpoint',
24  'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
25  'data': ['client', 'server']}
26
27##
28# @QCryptoSecretFormat:
29#
30# The data format that the secret is provided in
31#
32# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
33# @base64: arbitrary base64 encoded binary data
34#
35# Since: 2.6
36##
37{ 'enum': 'QCryptoSecretFormat',
38  'prefix': 'QCRYPTO_SECRET_FORMAT',
39  'data': ['raw', 'base64']}
40
41##
42# @QCryptoHashAlgorithm:
43#
44# The supported algorithms for computing content digests
45#
46# @md5: MD5. Should not be used in any new code, legacy compat only
47# @sha1: SHA-1. Should not be used in any new code, legacy compat only
48# @sha224: SHA-224. (since 2.7)
49# @sha256: SHA-256. Current recommended strong hash.
50# @sha384: SHA-384. (since 2.7)
51# @sha512: SHA-512. (since 2.7)
52# @ripemd160: RIPEMD-160. (since 2.7)
53#
54# Since: 2.6
55##
56{ 'enum': 'QCryptoHashAlgorithm',
57  'prefix': 'QCRYPTO_HASH_ALG',
58  'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
59
60##
61# @QCryptoCipherAlgorithm:
62#
63# The supported algorithms for content encryption ciphers
64#
65# @aes-128: AES with 128 bit / 16 byte keys
66# @aes-192: AES with 192 bit / 24 byte keys
67# @aes-256: AES with 256 bit / 32 byte keys
68# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. (since 6.1)
69# @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9)
70# @cast5-128: Cast5 with 128 bit / 16 byte keys
71# @serpent-128: Serpent with 128 bit / 16 byte keys
72# @serpent-192: Serpent with 192 bit / 24 byte keys
73# @serpent-256: Serpent with 256 bit / 32 byte keys
74# @twofish-128: Twofish with 128 bit / 16 byte keys
75# @twofish-192: Twofish with 192 bit / 24 byte keys
76# @twofish-256: Twofish with 256 bit / 32 byte keys
77#
78# Since: 2.6
79##
80{ 'enum': 'QCryptoCipherAlgorithm',
81  'prefix': 'QCRYPTO_CIPHER_ALG',
82  'data': ['aes-128', 'aes-192', 'aes-256',
83           'des', '3des',
84           'cast5-128',
85           'serpent-128', 'serpent-192', 'serpent-256',
86           'twofish-128', 'twofish-192', 'twofish-256']}
87
88##
89# @QCryptoCipherMode:
90#
91# The supported modes for content encryption ciphers
92#
93# @ecb: Electronic Code Book
94# @cbc: Cipher Block Chaining
95# @xts: XEX with tweaked code book and ciphertext stealing
96# @ctr: Counter (Since 2.8)
97#
98# Since: 2.6
99##
100{ 'enum': 'QCryptoCipherMode',
101  'prefix': 'QCRYPTO_CIPHER_MODE',
102  'data': ['ecb', 'cbc', 'xts', 'ctr']}
103
104##
105# @QCryptoIVGenAlgorithm:
106#
107# The supported algorithms for generating initialization
108# vectors for full disk encryption. The 'plain' generator
109# should not be used for disks with sector numbers larger
110# than 2^32, except where compatibility with pre-existing
111# Linux dm-crypt volumes is required.
112#
113# @plain: 64-bit sector number truncated to 32-bits
114# @plain64: 64-bit sector number
115# @essiv: 64-bit sector number encrypted with a hash of the encryption key
116#
117# Since: 2.6
118##
119{ 'enum': 'QCryptoIVGenAlgorithm',
120  'prefix': 'QCRYPTO_IVGEN_ALG',
121  'data': ['plain', 'plain64', 'essiv']}
122
123##
124# @QCryptoBlockFormat:
125#
126# The supported full disk encryption formats
127#
128# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
129#        for liberating data from old images.
130# @luks: LUKS encryption format. Recommended for new images
131#
132# Since: 2.6
133##
134{ 'enum': 'QCryptoBlockFormat',
135#  'prefix': 'QCRYPTO_BLOCK_FORMAT',
136  'data': ['qcow', 'luks']}
137
138##
139# @QCryptoBlockOptionsBase:
140#
141# The common options that apply to all full disk
142# encryption formats
143#
144# @format: the encryption format
145#
146# Since: 2.6
147##
148{ 'struct': 'QCryptoBlockOptionsBase',
149  'data': { 'format': 'QCryptoBlockFormat' }}
150
151##
152# @QCryptoBlockOptionsQCow:
153#
154# The options that apply to QCow/QCow2 AES-CBC encryption format
155#
156# @key-secret: the ID of a QCryptoSecret object providing the
157#              decryption key. Mandatory except when probing image for
158#              metadata only.
159#
160# Since: 2.6
161##
162{ 'struct': 'QCryptoBlockOptionsQCow',
163  'data': { '*key-secret': 'str' }}
164
165##
166# @QCryptoBlockOptionsLUKS:
167#
168# The options that apply to LUKS encryption format
169#
170# @key-secret: the ID of a QCryptoSecret object providing the
171#              decryption key. Mandatory except when probing image for
172#              metadata only.
173#
174# Since: 2.6
175##
176{ 'struct': 'QCryptoBlockOptionsLUKS',
177  'data': { '*key-secret': 'str' }}
178
179##
180# @QCryptoBlockCreateOptionsLUKS:
181#
182# The options that apply to LUKS encryption format initialization
183#
184# @cipher-alg: the cipher algorithm for data encryption
185#              Currently defaults to 'aes-256'.
186# @cipher-mode: the cipher mode for data encryption
187#               Currently defaults to 'xts'
188# @ivgen-alg: the initialization vector generator
189#             Currently defaults to 'plain64'
190# @ivgen-hash-alg: the initialization vector generator hash
191#                  Currently defaults to 'sha256'
192# @hash-alg: the master key hash algorithm
193#            Currently defaults to 'sha256'
194# @iter-time: number of milliseconds to spend in
195#             PBKDF passphrase processing. Currently defaults
196#             to 2000. (since 2.8)
197#
198# Since: 2.6
199##
200{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
201  'base': 'QCryptoBlockOptionsLUKS',
202  'data': { '*cipher-alg': 'QCryptoCipherAlgorithm',
203            '*cipher-mode': 'QCryptoCipherMode',
204            '*ivgen-alg': 'QCryptoIVGenAlgorithm',
205            '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
206            '*hash-alg': 'QCryptoHashAlgorithm',
207            '*iter-time': 'int'}}
208
209##
210# @QCryptoBlockOpenOptions:
211#
212# The options that are available for all encryption formats
213# when opening an existing volume
214#
215# Since: 2.6
216##
217{ 'union': 'QCryptoBlockOpenOptions',
218  'base': 'QCryptoBlockOptionsBase',
219  'discriminator': 'format',
220  'data': { 'qcow': 'QCryptoBlockOptionsQCow',
221            'luks': 'QCryptoBlockOptionsLUKS' } }
222
223##
224# @QCryptoBlockCreateOptions:
225#
226# The options that are available for all encryption formats
227# when initializing a new volume
228#
229# Since: 2.6
230##
231{ 'union': 'QCryptoBlockCreateOptions',
232  'base': 'QCryptoBlockOptionsBase',
233  'discriminator': 'format',
234  'data': { 'qcow': 'QCryptoBlockOptionsQCow',
235            'luks': 'QCryptoBlockCreateOptionsLUKS' } }
236
237##
238# @QCryptoBlockInfoBase:
239#
240# The common information that applies to all full disk
241# encryption formats
242#
243# @format: the encryption format
244#
245# Since: 2.7
246##
247{ 'struct': 'QCryptoBlockInfoBase',
248  'data': { 'format': 'QCryptoBlockFormat' }}
249
250##
251# @QCryptoBlockInfoLUKSSlot:
252#
253# Information about the LUKS block encryption key
254# slot options
255#
256# @active: whether the key slot is currently in use
257# @key-offset: offset to the key material in bytes
258# @iters: number of PBKDF2 iterations for key material
259# @stripes: number of stripes for splitting key material
260#
261# Since: 2.7
262##
263{ 'struct': 'QCryptoBlockInfoLUKSSlot',
264  'data': {'active': 'bool',
265           '*iters': 'int',
266           '*stripes': 'int',
267           'key-offset': 'int' } }
268
269##
270# @QCryptoBlockInfoLUKS:
271#
272# Information about the LUKS block encryption options
273#
274# @cipher-alg: the cipher algorithm for data encryption
275# @cipher-mode: the cipher mode for data encryption
276# @ivgen-alg: the initialization vector generator
277# @ivgen-hash-alg: the initialization vector generator hash
278# @hash-alg: the master key hash algorithm
279# @payload-offset: offset to the payload data in bytes
280# @master-key-iters: number of PBKDF2 iterations for key material
281# @uuid: unique identifier for the volume
282# @slots: information about each key slot
283#
284# Since: 2.7
285##
286{ 'struct': 'QCryptoBlockInfoLUKS',
287  'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
288           'cipher-mode': 'QCryptoCipherMode',
289           'ivgen-alg': 'QCryptoIVGenAlgorithm',
290           '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
291           'hash-alg': 'QCryptoHashAlgorithm',
292           'payload-offset': 'int',
293           'master-key-iters': 'int',
294           'uuid': 'str',
295           'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
296
297##
298# @QCryptoBlockInfo:
299#
300# Information about the block encryption options
301#
302# Since: 2.7
303##
304{ 'union': 'QCryptoBlockInfo',
305  'base': 'QCryptoBlockInfoBase',
306  'discriminator': 'format',
307  'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
308
309##
310# @QCryptoBlockLUKSKeyslotState:
311#
312# Defines state of keyslots that are affected by the update
313#
314# @active: The slots contain the given password and marked as active
315# @inactive: The slots are erased (contain garbage) and marked as inactive
316#
317# Since: 5.1
318##
319{ 'enum': 'QCryptoBlockLUKSKeyslotState',
320  'data': [ 'active', 'inactive' ] }
321
322##
323# @QCryptoBlockAmendOptionsLUKS:
324#
325# This struct defines the update parameters that activate/de-activate set
326# of keyslots
327#
328# @state: the desired state of the keyslots
329#
330# @new-secret: The ID of a QCryptoSecret object providing the password to be
331#              written into added active keyslots
332#
333# @old-secret: Optional (for deactivation only)
334#              If given will deactivate all keyslots that
335#              match password located in QCryptoSecret with this ID
336#
337# @iter-time: Optional (for activation only)
338#             Number of milliseconds to spend in
339#             PBKDF passphrase processing for the newly activated keyslot.
340#             Currently defaults to 2000.
341#
342# @keyslot: Optional. ID of the keyslot to activate/deactivate.
343#           For keyslot activation, keyslot should not be active already
344#           (this is unsafe to update an active keyslot),
345#           but possible if 'force' parameter is given.
346#           If keyslot is not given, first free keyslot will be written.
347#
348#           For keyslot deactivation, this parameter specifies the exact
349#           keyslot to deactivate
350#
351# @secret: Optional. The ID of a QCryptoSecret object providing the
352#          password to use to retrieve current master key.
353#          Defaults to the same secret that was used to open the image
354#
355# Since: 5.1
356##
357{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
358  'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
359            '*new-secret': 'str',
360            '*old-secret': 'str',
361            '*keyslot': 'int',
362            '*iter-time': 'int',
363            '*secret': 'str' } }
364
365##
366# @QCryptoBlockAmendOptions:
367#
368# The options that are available for all encryption formats
369# when amending encryption settings
370#
371# Since: 5.1
372##
373{ 'union': 'QCryptoBlockAmendOptions',
374  'base': 'QCryptoBlockOptionsBase',
375  'discriminator': 'format',
376  'data': {
377          'luks': 'QCryptoBlockAmendOptionsLUKS' } }
378
379##
380# @SecretCommonProperties:
381#
382# Properties for objects of classes derived from secret-common.
383#
384# @loaded: if true, the secret is loaded immediately when applying this option
385#          and will probably fail when processing the next option. Don't use;
386#          only provided for compatibility. (default: false)
387#
388# @format: the data format that the secret is provided in (default: raw)
389#
390# @keyid: the name of another secret that should be used to decrypt the
391#         provided data. If not present, the data is assumed to be unencrypted.
392#
393# @iv: the random initialization vector used for encryption of this particular
394#      secret. Should be a base64 encrypted string of the 16-byte IV. Mandatory
395#      if @keyid is given. Ignored if @keyid is absent.
396#
397# Features:
398# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
399#              and false is already the default.
400#
401# Since: 2.6
402##
403{ 'struct': 'SecretCommonProperties',
404  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
405            '*format': 'QCryptoSecretFormat',
406            '*keyid': 'str',
407            '*iv': 'str' } }
408
409##
410# @SecretProperties:
411#
412# Properties for secret objects.
413#
414# Either @data or @file must be provided, but not both.
415#
416# @data: the associated with the secret from
417#
418# @file: the filename to load the data associated with the secret from
419#
420# Since: 2.6
421##
422{ 'struct': 'SecretProperties',
423  'base': 'SecretCommonProperties',
424  'data': { '*data': 'str',
425            '*file': 'str' } }
426
427##
428# @SecretKeyringProperties:
429#
430# Properties for secret_keyring objects.
431#
432# @serial: serial number that identifies a key to get from the kernel
433#
434# Since: 5.1
435##
436{ 'struct': 'SecretKeyringProperties',
437  'base': 'SecretCommonProperties',
438  'data': { 'serial': 'int32' } }
439
440##
441# @TlsCredsProperties:
442#
443# Properties for objects of classes derived from tls-creds.
444#
445# @verify-peer: if true the peer credentials will be verified once the
446#               handshake is completed.  This is a no-op for anonymous
447#               credentials. (default: true)
448#
449# @dir: the path of the directory that contains the credential files
450#
451# @endpoint: whether the QEMU network backend that uses the credentials will be
452#            acting as a client or as a server (default: client)
453#
454# @priority: a gnutls priority string as described at
455#            https://gnutls.org/manual/html_node/Priority-Strings.html
456#
457# Since: 2.5
458##
459{ 'struct': 'TlsCredsProperties',
460  'data': { '*verify-peer': 'bool',
461            '*dir': 'str',
462            '*endpoint': 'QCryptoTLSCredsEndpoint',
463            '*priority': 'str' } }
464
465##
466# @TlsCredsAnonProperties:
467#
468# Properties for tls-creds-anon objects.
469#
470# @loaded: if true, the credentials are loaded immediately when applying this
471#          option and will ignore options that are processed later. Don't use;
472#          only provided for compatibility. (default: false)
473#
474# Features:
475# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
476#              and false is already the default.
477#
478# Since: 2.5
479##
480{ 'struct': 'TlsCredsAnonProperties',
481  'base': 'TlsCredsProperties',
482  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] } } }
483
484##
485# @TlsCredsPskProperties:
486#
487# Properties for tls-creds-psk objects.
488#
489# @loaded: if true, the credentials are loaded immediately when applying this
490#          option and will ignore options that are processed later. Don't use;
491#          only provided for compatibility. (default: false)
492#
493# @username: the username which will be sent to the server.  For clients only.
494#            If absent, "qemu" is sent and the property will read back as an
495#            empty string.
496#
497# Features:
498# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
499#              and false is already the default.
500#
501# Since: 3.0
502##
503{ 'struct': 'TlsCredsPskProperties',
504  'base': 'TlsCredsProperties',
505  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
506            '*username': 'str' } }
507
508##
509# @TlsCredsX509Properties:
510#
511# Properties for tls-creds-x509 objects.
512#
513# @loaded: if true, the credentials are loaded immediately when applying this
514#          option and will ignore options that are processed later. Don't use;
515#          only provided for compatibility. (default: false)
516#
517# @sanity-check: if true, perform some sanity checks before using the
518#                credentials (default: true)
519#
520# @passwordid: For the server-key.pem and client-key.pem files which contain
521#              sensitive private keys, it is possible to use an encrypted
522#              version by providing the @passwordid parameter.  This provides
523#              the ID of a previously created secret object containing the
524#              password for decryption.
525#
526# Features:
527# @deprecated: Member @loaded is deprecated.  Setting true doesn't make sense,
528#              and false is already the default.
529#
530# Since: 2.5
531##
532{ 'struct': 'TlsCredsX509Properties',
533  'base': 'TlsCredsProperties',
534  'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
535            '*sanity-check': 'bool',
536            '*passwordid': 'str' } }
537