include/crypto/tlscredsx509.h

   1 /*
   2  * QEMU crypto TLS x509 credential support
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #ifndef QCRYPTO_TLSCREDSX509_H
  22 #define QCRYPTO_TLSCREDSX509_H
  23
  24 #include "crypto/tlscreds.h"
  25
  26 #define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509"
  27 #define QCRYPTO_TLS_CREDS_X509(obj)                  \
  28     OBJECT_CHECK(QCryptoTLSCredsX509, (obj), TYPE_QCRYPTO_TLS_CREDS_X509)
  29
  30 typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509;
  31 typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class;
  32
  33 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
  34 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
  35 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
  36 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
  37 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
  38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
  39
  40
  41 /**
  42  * QCryptoTLSCredsX509:
  43  *
  44  * The QCryptoTLSCredsX509 object provides a representation
  45  * of x509 credentials used to perform a TLS handshake.
  46  *
  47  * This is a user creatable object, which can be instantiated
  48  * via object_new_propv():
  49  *
  50  * <example>
  51  *   <title>Creating x509 TLS credential objects in code</title>
  52  *   <programlisting>
  53  *   Object *obj;
  54  *   Error *err = NULL;
  55  *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509,
  56  *                          "tlscreds0",
  57  *                          &err,
  58  *                          "endpoint", "server",
  59  *                          "dir", "/path/x509/cert/dir",
  60  *                          "verify-peer", "yes",
  61  *                          NULL);
  62  *   </programlisting>
  63  * </example>
  64  *
  65  * Or via QMP:
  66  *
  67  * <example>
  68  *   <title>Creating x509 TLS credential objects via QMP</title>
  69  *   <programlisting>
  70  *    {
  71  *       "execute": "object-add", "arguments": {
  72  *          "id": "tlscreds0",
  73  *          "qom-type": "tls-creds-x509",
  74  *          "props": {
  75  *             "endpoint": "server",
  76  *             "dir": "/path/to/x509/cert/dir",
  77  *             "verify-peer": false
  78  *          }
  79  *       }
  80  *    }
  81  *   </programlisting>
  82  * </example>
  83  *
  84  *
  85  * Or via the CLI:
  86  *
  87  * <example>
  88  *   <title>Creating x509 TLS credential objects via CLI</title>
  89  *   <programlisting>
  90  *  qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\
  91  *          endpoint=server,verify-peer=off,\
  92  *          dir=/path/to/x509/certdir/
  93  *   </programlisting>
  94  * </example>
  95  *
  96  */
  97
  98 struct QCryptoTLSCredsX509 {
  99     QCryptoTLSCreds parent_obj;
 100 #ifdef CONFIG_GNUTLS
 101     gnutls_certificate_credentials_t data;
 102 #endif
 103     bool sanityCheck;
 104     char *passwordid;
 105 };
 106
 107
 108 struct QCryptoTLSCredsX509Class {
 109     QCryptoTLSCredsClass parent_class;
 110 };
 111
 112
 113 #endif /* QCRYPTO_TLSCREDSX509_H */