2
* QEMU TLS Cipher Suites
4
* Copyright (c) 2018-2020 Red Hat, Inc.
6
* Author: Philippe Mathieu-Daudé <philmd@redhat.com>
8
* SPDX-License-Identifier: GPL-2.0-or-later
11
#include "qemu/osdep.h"
12
#include "qapi/error.h"
13
#include "qom/object_interfaces.h"
14
#include "crypto/tlscreds.h"
15
#include "crypto/tls-cipher-suites.h"
16
#include "hw/nvram/fw_cfg.h"
17
#include "tlscredspriv.h"
20
struct QCryptoTLSCipherSuites {
22
QCryptoTLSCreds parent_obj;
27
* IANA registered TLS ciphers:
28
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
32
} QEMU_PACKED IANA_TLS_CIPHER;
34
GByteArray *qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites *obj,
37
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
38
gnutls_priority_t pcache;
39
GByteArray *byte_array;
44
trace_qcrypto_tls_cipher_suite_priority(creds->priority);
45
ret = gnutls_priority_init(&pcache, creds->priority, &err);
47
error_setg(errp, "Syntax error using priority '%s': %s",
48
creds->priority, gnutls_strerror(ret));
52
byte_array = g_byte_array_new();
57
IANA_TLS_CIPHER cipher;
58
gnutls_protocol_t protocol;
61
ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
62
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
65
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
69
name = gnutls_cipher_suite_info(idx, (unsigned char *)&cipher,
70
NULL, NULL, NULL, &protocol);
75
version = gnutls_protocol_get_name(protocol);
76
g_byte_array_append(byte_array, cipher.data, 2);
77
trace_qcrypto_tls_cipher_suite_info(cipher.data[0],
81
trace_qcrypto_tls_cipher_suite_count(byte_array->len);
82
gnutls_priority_deinit(pcache);
87
static void qcrypto_tls_cipher_suites_complete(UserCreatable *uc,
90
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(uc);
92
if (!creds->priority) {
93
error_setg(errp, "'priority' property is not set");
98
static GByteArray *qcrypto_tls_cipher_suites_fw_cfg_gen_data(Object *obj,
101
return qcrypto_tls_cipher_suites_get_data(QCRYPTO_TLS_CIPHER_SUITES(obj),
105
static void qcrypto_tls_cipher_suites_class_init(ObjectClass *oc, void *data)
107
UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
108
FWCfgDataGeneratorClass *fwgc = FW_CFG_DATA_GENERATOR_CLASS(oc);
110
ucc->complete = qcrypto_tls_cipher_suites_complete;
111
fwgc->get_data = qcrypto_tls_cipher_suites_fw_cfg_gen_data;
114
static const TypeInfo qcrypto_tls_cipher_suites_info = {
115
.parent = TYPE_QCRYPTO_TLS_CREDS,
116
.name = TYPE_QCRYPTO_TLS_CIPHER_SUITES,
117
.instance_size = sizeof(QCryptoTLSCipherSuites),
118
.class_size = sizeof(QCryptoTLSCredsClass),
119
.class_init = qcrypto_tls_cipher_suites_class_init,
120
.interfaces = (InterfaceInfo[]) {
121
{ TYPE_USER_CREATABLE },
122
{ TYPE_FW_CFG_DATA_GENERATOR_INTERFACE },
127
static void qcrypto_tls_cipher_suites_register_types(void)
129
type_register_static(&qcrypto_tls_cipher_suites_info);
132
type_init(qcrypto_tls_cipher_suites_register_types);