/
valemobil
/
qemu
GigaCode
beta
ОбзорЦентр заботыВойти

qemu

Форк
0
Ветки: 48Коммиты: 115287Теги: 388
qemu
/crypto
/
tls-cipher-suites.c 
132 строки · 3.8 Кб
1
/*
2
 * QEMU TLS Cipher Suites
3
 *
4
 * Copyright (c) 2018-2020 Red Hat, Inc.
5
 *
6
 * Author: Philippe Mathieu-Daudé <philmd@redhat.com>
7
 *
8
 * SPDX-License-Identifier: GPL-2.0-or-later
9
 */
10


11
#include "qemu/osdep.h"
12
#include "qapi/error.h"
13
#include "qom/object_interfaces.h"
14
#include "crypto/tlscreds.h"
15
#include "crypto/tls-cipher-suites.h"
16
#include "hw/nvram/fw_cfg.h"
17
#include "tlscredspriv.h"
18
#include "trace.h"
19


20
struct QCryptoTLSCipherSuites {
21
    /* <private> */
22
    QCryptoTLSCreds parent_obj;
23
    /* <public> */
24
};
25


26
/*
27
 * IANA registered TLS ciphers:
28
 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
29
 */
30
typedef struct {
31
    uint8_t data[2];
32
} QEMU_PACKED IANA_TLS_CIPHER;
33


34
GByteArray *qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites *obj,
35
                                               Error **errp)
36
{
37
    QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
38
    gnutls_priority_t pcache;
39
    GByteArray *byte_array;
40
    const char *err;
41
    size_t i;
42
    int ret;
43


44
    trace_qcrypto_tls_cipher_suite_priority(creds->priority);
45
    ret = gnutls_priority_init(&pcache, creds->priority, &err);
46
    if (ret < 0) {
47
        error_setg(errp, "Syntax error using priority '%s': %s",
48
                   creds->priority, gnutls_strerror(ret));
49
        return NULL;
50
    }
51


52
    byte_array = g_byte_array_new();
53


54
    for (i = 0;; i++) {
55
        unsigned idx;
56
        const char *name;
57
        IANA_TLS_CIPHER cipher;
58
        gnutls_protocol_t protocol;
59
        const char *version;
60


61
        ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
62
        if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
63
            break;
64
        }
65
        if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
66
            continue;
67
        }
68


69
        name = gnutls_cipher_suite_info(idx, (unsigned char *)&cipher,
70
                                        NULL, NULL, NULL, &protocol);
71
        if (name == NULL) {
72
            continue;
73
        }
74


75
        version = gnutls_protocol_get_name(protocol);
76
        g_byte_array_append(byte_array, cipher.data, 2);
77
        trace_qcrypto_tls_cipher_suite_info(cipher.data[0],
78
                                            cipher.data[1],
79
                                            version, name);
80
    }
81
    trace_qcrypto_tls_cipher_suite_count(byte_array->len);
82
    gnutls_priority_deinit(pcache);
83


84
    return byte_array;
85
}
86


87
static void qcrypto_tls_cipher_suites_complete(UserCreatable *uc,
88
                                               Error **errp)
89
{
90
    QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(uc);
91


92
    if (!creds->priority) {
93
        error_setg(errp, "'priority' property is not set");
94
        return;
95
    }
96
}
97


98
static GByteArray *qcrypto_tls_cipher_suites_fw_cfg_gen_data(Object *obj,
99
                                                             Error **errp)
100
{
101
    return qcrypto_tls_cipher_suites_get_data(QCRYPTO_TLS_CIPHER_SUITES(obj),
102
                                              errp);
103
}
104


105
static void qcrypto_tls_cipher_suites_class_init(ObjectClass *oc, void *data)
106
{
107
    UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
108
    FWCfgDataGeneratorClass *fwgc = FW_CFG_DATA_GENERATOR_CLASS(oc);
109


110
    ucc->complete = qcrypto_tls_cipher_suites_complete;
111
    fwgc->get_data = qcrypto_tls_cipher_suites_fw_cfg_gen_data;
112
}
113


114
static const TypeInfo qcrypto_tls_cipher_suites_info = {
115
    .parent = TYPE_QCRYPTO_TLS_CREDS,
116
    .name = TYPE_QCRYPTO_TLS_CIPHER_SUITES,
117
    .instance_size = sizeof(QCryptoTLSCipherSuites),
118
    .class_size = sizeof(QCryptoTLSCredsClass),
119
    .class_init = qcrypto_tls_cipher_suites_class_init,
120
    .interfaces = (InterfaceInfo[]) {
121
        { TYPE_USER_CREATABLE },
122
        { TYPE_FW_CFG_DATA_GENERATOR_INTERFACE },
123
        { }
124
    }
125
};
126


127
static void qcrypto_tls_cipher_suites_register_types(void)
128
{
129
    type_register_static(&qcrypto_tls_cipher_suites_info);
130
}
131


132
type_init(qcrypto_tls_cipher_suites_register_types);
133

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.