21
#include "qemu/osdep.h"
22
#include "qapi/error.h"
23
#include "qapi-types-crypto.h"
24
#include "qemu/module.h"
25
#include "tlscredspriv.h"
32
qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *creds,
34
gnutls_dh_params_t *dh_params,
39
trace_qcrypto_tls_creds_load_dh(creds, filename ? filename : "<generated>");
41
if (filename == NULL) {
42
ret = gnutls_dh_params_init(dh_params);
44
error_setg(errp, "Unable to initialize DH parameters: %s",
45
gnutls_strerror(ret));
48
ret = gnutls_dh_params_generate2(*dh_params, DH_BITS);
50
gnutls_dh_params_deinit(*dh_params);
52
error_setg(errp, "Unable to generate DH parameters: %s",
53
gnutls_strerror(ret));
61
if (!g_file_get_contents(filename,
66
error_setg(errp, "%s", gerr->message);
70
data.data = (unsigned char *)contents;
72
ret = gnutls_dh_params_init(dh_params);
75
error_setg(errp, "Unable to initialize DH parameters: %s",
76
gnutls_strerror(ret));
79
ret = gnutls_dh_params_import_pkcs3(*dh_params,
84
gnutls_dh_params_deinit(*dh_params);
86
error_setg(errp, "Unable to load DH parameters from %s: %s",
87
filename, gnutls_strerror(ret));
97
qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds,
108
error_setg(errp, "Missing 'dir' property value");
115
*cred = g_strdup_printf("%s/%s", creds->dir, filename);
117
if (stat(*cred, &sb) < 0) {
118
if (errno == ENOENT && !required) {
121
error_setg_errno(errp, errno,
122
"Unable to access credentials %s",
132
trace_qcrypto_tls_creds_get_path(creds, filename,
133
*cred ? *cred : "<none>");
142
qcrypto_tls_creds_prop_set_verify(Object *obj,
144
Error **errp G_GNUC_UNUSED)
146
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
148
creds->verifyPeer = value;
153
qcrypto_tls_creds_prop_get_verify(Object *obj,
154
Error **errp G_GNUC_UNUSED)
156
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
158
return creds->verifyPeer;
163
qcrypto_tls_creds_prop_set_dir(Object *obj,
165
Error **errp G_GNUC_UNUSED)
167
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
169
creds->dir = g_strdup(value);
174
qcrypto_tls_creds_prop_get_dir(Object *obj,
175
Error **errp G_GNUC_UNUSED)
177
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
179
return g_strdup(creds->dir);
184
qcrypto_tls_creds_prop_set_priority(Object *obj,
186
Error **errp G_GNUC_UNUSED)
188
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
190
creds->priority = g_strdup(value);
195
qcrypto_tls_creds_prop_get_priority(Object *obj,
196
Error **errp G_GNUC_UNUSED)
198
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
200
return g_strdup(creds->priority);
205
qcrypto_tls_creds_prop_set_endpoint(Object *obj,
207
Error **errp G_GNUC_UNUSED)
209
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
211
creds->endpoint = value;
216
qcrypto_tls_creds_prop_get_endpoint(Object *obj,
217
Error **errp G_GNUC_UNUSED)
219
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
221
return creds->endpoint;
226
qcrypto_tls_creds_class_init(ObjectClass *oc, void *data)
228
object_class_property_add_bool(oc, "verify-peer",
229
qcrypto_tls_creds_prop_get_verify,
230
qcrypto_tls_creds_prop_set_verify);
231
object_class_property_add_str(oc, "dir",
232
qcrypto_tls_creds_prop_get_dir,
233
qcrypto_tls_creds_prop_set_dir);
234
object_class_property_add_enum(oc, "endpoint",
235
"QCryptoTLSCredsEndpoint",
236
&QCryptoTLSCredsEndpoint_lookup,
237
qcrypto_tls_creds_prop_get_endpoint,
238
qcrypto_tls_creds_prop_set_endpoint);
239
object_class_property_add_str(oc, "priority",
240
qcrypto_tls_creds_prop_get_priority,
241
qcrypto_tls_creds_prop_set_priority);
246
qcrypto_tls_creds_init(Object *obj)
248
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
250
creds->verifyPeer = true;
255
qcrypto_tls_creds_finalize(Object *obj)
257
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
260
g_free(creds->priority);
263
bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds,
264
QCryptoTLSCredsEndpoint endpoint,
267
if (creds->endpoint != endpoint) {
268
error_setg(errp, "Expected TLS credentials for a %s endpoint",
269
QCryptoTLSCredsEndpoint_str(endpoint));
275
static const TypeInfo qcrypto_tls_creds_info = {
276
.parent = TYPE_OBJECT,
277
.name = TYPE_QCRYPTO_TLS_CREDS,
278
.instance_size = sizeof(QCryptoTLSCreds),
279
.instance_init = qcrypto_tls_creds_init,
280
.instance_finalize = qcrypto_tls_creds_finalize,
281
.class_init = qcrypto_tls_creds_class_init,
282
.class_size = sizeof(QCryptoTLSCredsClass),
288
qcrypto_tls_creds_register_types(void)
290
type_register_static(&qcrypto_tls_creds_info);
294
type_init(qcrypto_tls_creds_register_types);