2015-03-14 01:39:26 +08:00
|
|
|
/*
|
|
|
|
* QEMU crypto TLS credential support
|
|
|
|
*
|
|
|
|
* Copyright (c) 2015 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2016-01-27 02:16:55 +08:00
|
|
|
#include "qemu/osdep.h"
|
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-14 16:01:28 +08:00
|
|
|
#include "qapi/error.h"
|
2015-03-14 01:39:26 +08:00
|
|
|
#include "crypto/tlscredspriv.h"
|
|
|
|
#include "trace.h"
|
|
|
|
|
|
|
|
#define DH_BITS 2048
|
|
|
|
|
|
|
|
#ifdef CONFIG_GNUTLS
|
|
|
|
int
|
|
|
|
qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *creds,
|
|
|
|
const char *filename,
|
|
|
|
gnutls_dh_params_t *dh_params,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
trace_qcrypto_tls_creds_load_dh(creds, filename ? filename : "<generated>");
|
|
|
|
|
|
|
|
if (filename == NULL) {
|
|
|
|
ret = gnutls_dh_params_init(dh_params);
|
|
|
|
if (ret < 0) {
|
|
|
|
error_setg(errp, "Unable to initialize DH parameters: %s",
|
|
|
|
gnutls_strerror(ret));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ret = gnutls_dh_params_generate2(*dh_params, DH_BITS);
|
|
|
|
if (ret < 0) {
|
|
|
|
gnutls_dh_params_deinit(*dh_params);
|
|
|
|
*dh_params = NULL;
|
|
|
|
error_setg(errp, "Unable to generate DH parameters: %s",
|
|
|
|
gnutls_strerror(ret));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
GError *gerr = NULL;
|
|
|
|
gchar *contents;
|
|
|
|
gsize len;
|
|
|
|
gnutls_datum_t data;
|
|
|
|
if (!g_file_get_contents(filename,
|
|
|
|
&contents,
|
|
|
|
&len,
|
|
|
|
&gerr)) {
|
|
|
|
|
|
|
|
error_setg(errp, "%s", gerr->message);
|
|
|
|
g_error_free(gerr);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
data.data = (unsigned char *)contents;
|
|
|
|
data.size = len;
|
|
|
|
ret = gnutls_dh_params_init(dh_params);
|
|
|
|
if (ret < 0) {
|
|
|
|
g_free(contents);
|
|
|
|
error_setg(errp, "Unable to initialize DH parameters: %s",
|
|
|
|
gnutls_strerror(ret));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ret = gnutls_dh_params_import_pkcs3(*dh_params,
|
|
|
|
&data,
|
|
|
|
GNUTLS_X509_FMT_PEM);
|
|
|
|
g_free(contents);
|
|
|
|
if (ret < 0) {
|
|
|
|
gnutls_dh_params_deinit(*dh_params);
|
|
|
|
*dh_params = NULL;
|
|
|
|
error_setg(errp, "Unable to load DH parameters from %s: %s",
|
|
|
|
filename, gnutls_strerror(ret));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds,
|
|
|
|
const char *filename,
|
|
|
|
bool required,
|
|
|
|
char **cred,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (!creds->dir) {
|
|
|
|
if (required) {
|
|
|
|
error_setg(errp, "Missing 'dir' property value");
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*cred = g_strdup_printf("%s/%s", creds->dir, filename);
|
|
|
|
|
|
|
|
if (stat(*cred, &sb) < 0) {
|
|
|
|
if (errno == ENOENT && !required) {
|
|
|
|
ret = 0;
|
|
|
|
} else {
|
|
|
|
error_setg_errno(errp, errno,
|
|
|
|
"Unable to access credentials %s",
|
|
|
|
*cred);
|
|
|
|
}
|
|
|
|
g_free(*cred);
|
|
|
|
*cred = NULL;
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
cleanup:
|
2015-11-14 01:45:27 +08:00
|
|
|
trace_qcrypto_tls_creds_get_path(creds, filename,
|
|
|
|
*cred ? *cred : "<none>");
|
2015-03-14 01:39:26 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* ! CONFIG_GNUTLS */
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_prop_set_verify(Object *obj,
|
|
|
|
bool value,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
creds->verifyPeer = value;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static bool
|
|
|
|
qcrypto_tls_creds_prop_get_verify(Object *obj,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
return creds->verifyPeer;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_prop_set_dir(Object *obj,
|
|
|
|
const char *value,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
creds->dir = g_strdup(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
qcrypto_tls_creds_prop_get_dir(Object *obj,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
return g_strdup(creds->dir);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
crypto: add support for TLS priority string override
The gnutls default priority is either "NORMAL" (most historical
versions of gnutls) which is a built-in label in gnutls code,
or "@SYSTEM" (latest gnutls on Fedora at least) which refers
to an admin customizable entry in a gnutls config file.
Regardless of which default is used by a distro, they are both
global defaults applying to all applications using gnutls. If
a single application on the system needs to use a weaker set
of crypto priorities, this potentially forces the weakness onto
all applications. Or conversely if a single application wants a
strong default than all others, it can't do this via the global
config file.
This adds an extra parameter to the tls credential object which
allows the mgmt app / user to explicitly provide a priority
string to QEMU when configuring TLS.
For example, to use the "NORMAL" priority, but disable SSL 3.0
one can now configure QEMU thus:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
priority="NORMAL:-VERS-SSL3.0" \
..other args...
If creating tls-creds-anon, whatever priority the user specifies
will always have "+ANON-DH" appended to it, since that's mandatory
to make the anonymous credentials work.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-06 16:52:07 +08:00
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_prop_set_priority(Object *obj,
|
|
|
|
const char *value,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
creds->priority = g_strdup(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
qcrypto_tls_creds_prop_get_priority(Object *obj,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
return g_strdup(creds->priority);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-03-14 01:39:26 +08:00
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_prop_set_endpoint(Object *obj,
|
|
|
|
int value,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
creds->endpoint = value;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
qcrypto_tls_creds_prop_get_endpoint(Object *obj,
|
|
|
|
Error **errp G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
return creds->endpoint;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-08-25 01:46:57 +08:00
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_class_init(ObjectClass *oc, void *data)
|
|
|
|
{
|
|
|
|
object_class_property_add_bool(oc, "verify-peer",
|
|
|
|
qcrypto_tls_creds_prop_get_verify,
|
|
|
|
qcrypto_tls_creds_prop_set_verify,
|
|
|
|
NULL);
|
|
|
|
object_class_property_add_str(oc, "dir",
|
|
|
|
qcrypto_tls_creds_prop_get_dir,
|
|
|
|
qcrypto_tls_creds_prop_set_dir,
|
|
|
|
NULL);
|
|
|
|
object_class_property_add_enum(oc, "endpoint",
|
|
|
|
"QCryptoTLSCredsEndpoint",
|
|
|
|
QCryptoTLSCredsEndpoint_lookup,
|
|
|
|
qcrypto_tls_creds_prop_get_endpoint,
|
|
|
|
qcrypto_tls_creds_prop_set_endpoint,
|
|
|
|
NULL);
|
crypto: add support for TLS priority string override
The gnutls default priority is either "NORMAL" (most historical
versions of gnutls) which is a built-in label in gnutls code,
or "@SYSTEM" (latest gnutls on Fedora at least) which refers
to an admin customizable entry in a gnutls config file.
Regardless of which default is used by a distro, they are both
global defaults applying to all applications using gnutls. If
a single application on the system needs to use a weaker set
of crypto priorities, this potentially forces the weakness onto
all applications. Or conversely if a single application wants a
strong default than all others, it can't do this via the global
config file.
This adds an extra parameter to the tls credential object which
allows the mgmt app / user to explicitly provide a priority
string to QEMU when configuring TLS.
For example, to use the "NORMAL" priority, but disable SSL 3.0
one can now configure QEMU thus:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
priority="NORMAL:-VERS-SSL3.0" \
..other args...
If creating tls-creds-anon, whatever priority the user specifies
will always have "+ANON-DH" appended to it, since that's mandatory
to make the anonymous credentials work.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-06 16:52:07 +08:00
|
|
|
object_class_property_add_str(oc, "priority",
|
|
|
|
qcrypto_tls_creds_prop_get_priority,
|
|
|
|
qcrypto_tls_creds_prop_set_priority,
|
|
|
|
NULL);
|
2015-08-25 01:46:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-03-14 01:39:26 +08:00
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_init(Object *obj)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
creds->verifyPeer = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_finalize(Object *obj)
|
|
|
|
{
|
|
|
|
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
|
|
|
|
|
|
|
g_free(creds->dir);
|
crypto: add support for TLS priority string override
The gnutls default priority is either "NORMAL" (most historical
versions of gnutls) which is a built-in label in gnutls code,
or "@SYSTEM" (latest gnutls on Fedora at least) which refers
to an admin customizable entry in a gnutls config file.
Regardless of which default is used by a distro, they are both
global defaults applying to all applications using gnutls. If
a single application on the system needs to use a weaker set
of crypto priorities, this potentially forces the weakness onto
all applications. Or conversely if a single application wants a
strong default than all others, it can't do this via the global
config file.
This adds an extra parameter to the tls credential object which
allows the mgmt app / user to explicitly provide a priority
string to QEMU when configuring TLS.
For example, to use the "NORMAL" priority, but disable SSL 3.0
one can now configure QEMU thus:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
priority="NORMAL:-VERS-SSL3.0" \
..other args...
If creating tls-creds-anon, whatever priority the user specifies
will always have "+ANON-DH" appended to it, since that's mandatory
to make the anonymous credentials work.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-06 16:52:07 +08:00
|
|
|
g_free(creds->priority);
|
2015-03-14 01:39:26 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const TypeInfo qcrypto_tls_creds_info = {
|
|
|
|
.parent = TYPE_OBJECT,
|
|
|
|
.name = TYPE_QCRYPTO_TLS_CREDS,
|
|
|
|
.instance_size = sizeof(QCryptoTLSCreds),
|
|
|
|
.instance_init = qcrypto_tls_creds_init,
|
|
|
|
.instance_finalize = qcrypto_tls_creds_finalize,
|
2015-08-25 01:46:57 +08:00
|
|
|
.class_init = qcrypto_tls_creds_class_init,
|
2015-03-14 01:39:26 +08:00
|
|
|
.class_size = sizeof(QCryptoTLSCredsClass),
|
|
|
|
.abstract = true,
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
qcrypto_tls_creds_register_types(void)
|
|
|
|
{
|
|
|
|
type_register_static(&qcrypto_tls_creds_info);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type_init(qcrypto_tls_creds_register_types);
|