[qemu.git] / crypto / tls-cipher-suites.c

/*
 * QEMU TLS Cipher Suites
 *
 * Copyright (c) 2018-2020 Red Hat, Inc.
 *
 * Author: Philippe Mathieu-Daudé <[email protected]>
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qom/object_interfaces.h"
#include "crypto/tlscreds.h"
#include "crypto/tls-cipher-suites.h"
#include "hw/nvram/fw_cfg.h"
#include "trace.h"

/*
 * IANA registered TLS ciphers:
 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
 */
typedef struct {
    uint8_t data[2];
} QEMU_PACKED IANA_TLS_CIPHER;

GByteArray *qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites *obj,
                                               Error **errp)
{
    QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
    gnutls_priority_t pcache;
    GByteArray *byte_array;
    const char *err;
    size_t i;
    int ret;

    trace_qcrypto_tls_cipher_suite_priority(creds->priority);
    ret = gnutls_priority_init(&pcache, creds->priority, &err);
    if (ret < 0) {
        error_setg(errp, "Syntax error using priority '%s': %s",
                   creds->priority, gnutls_strerror(ret));
        return NULL;
    }

    byte_array = g_byte_array_new();

    for (i = 0;; i++) {
        int ret;
        unsigned idx;
        const char *name;
        IANA_TLS_CIPHER cipher;
        gnutls_protocol_t protocol;
        const char *version;

        ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
        if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
            break;
        }
        if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
            continue;
        }

        name = gnutls_cipher_suite_info(idx, (unsigned char *)&cipher,
                                        NULL, NULL, NULL, &protocol);
        if (name == NULL) {
            continue;
        }

        version = gnutls_protocol_get_name(protocol);
        g_byte_array_append(byte_array, cipher.data, 2);
        trace_qcrypto_tls_cipher_suite_info(cipher.data[0],
                                            cipher.data[1],
                                            version, name);
    }
    trace_qcrypto_tls_cipher_suite_count(byte_array->len);
    gnutls_priority_deinit(pcache);

    return byte_array;
}

static void qcrypto_tls_cipher_suites_complete(UserCreatable *uc,
                                               Error **errp)
{
    QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(uc);

    if (!creds->priority) {
        error_setg(errp, "'priority' property is not set");
        return;
    }
}

static GByteArray *qcrypto_tls_cipher_suites_fw_cfg_gen_data(Object *obj,
                                                             Error **errp)
{
    return qcrypto_tls_cipher_suites_get_data(QCRYPTO_TLS_CIPHER_SUITES(obj),
                                              errp);
}

static void qcrypto_tls_cipher_suites_class_init(ObjectClass *oc, void *data)
{
    UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
    FWCfgDataGeneratorClass *fwgc = FW_CFG_DATA_GENERATOR_CLASS(oc);

    ucc->complete = qcrypto_tls_cipher_suites_complete;
    fwgc->get_data = qcrypto_tls_cipher_suites_fw_cfg_gen_data;
}

static const TypeInfo qcrypto_tls_cipher_suites_info = {
    .parent = TYPE_QCRYPTO_TLS_CREDS,
    .name = TYPE_QCRYPTO_TLS_CIPHER_SUITES,
    .instance_size = sizeof(QCryptoTLSCipherSuites),
    .class_size = sizeof(QCryptoTLSCredsClass),
    .class_init = qcrypto_tls_cipher_suites_class_init,
    .interfaces = (InterfaceInfo[]) {
        { TYPE_USER_CREATABLE },
        { TYPE_FW_CFG_DATA_GENERATOR_INTERFACE },
        { }
    }
};

static void qcrypto_tls_cipher_suites_register_types(void)
{
    type_register_static(&qcrypto_tls_cipher_suites_info);
}

type_init(qcrypto_tls_cipher_suites_register_types);
Commit	Line	Data
993aec27 PMD	1	/*
	2	* QEMU TLS Cipher Suites
	3	*
	4	* Copyright (c) 2018-2020 Red Hat, Inc.
	5	*
	6	* Author: Philippe Mathieu-Daudé <[email protected]>
	7	*
	8	* SPDX-License-Identifier: GPL-2.0-or-later
	9	*/
	10
	11	#include "qemu/osdep.h"
	12	#include "qapi/error.h"
	13	#include "qom/object_interfaces.h"
	14	#include "crypto/tlscreds.h"
	15	#include "crypto/tls-cipher-suites.h"
69699f30	16	#include "hw/nvram/fw_cfg.h"
993aec27 PMD	17	#include "trace.h"
	18
	19	/*
	20	* IANA registered TLS ciphers:
	21	* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
	22	*/
	23	typedef struct {
	24	uint8_t data[2];
	25	} QEMU_PACKED IANA_TLS_CIPHER;
	26
	27	GByteArray qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites obj,
	28	Error **errp)
	29	{
	30	QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
	31	gnutls_priority_t pcache;
	32	GByteArray *byte_array;
	33	const char *err;
	34	size_t i;
	35	int ret;
	36
	37	trace_qcrypto_tls_cipher_suite_priority(creds->priority);
	38	ret = gnutls_priority_init(&pcache, creds->priority, &err);
	39	if (ret < 0) {
	40	error_setg(errp, "Syntax error using priority '%s': %s",
	41	creds->priority, gnutls_strerror(ret));
	42	return NULL;
	43	}
	44
	45	byte_array = g_byte_array_new();
	46
	47	for (i = 0;; i++) {
	48	int ret;
	49	unsigned idx;
	50	const char *name;
	51	IANA_TLS_CIPHER cipher;
	52	gnutls_protocol_t protocol;
	53	const char *version;
	54
	55	ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
	56	if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
	57	break;
	58	}
	59	if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
	60	continue;
	61	}
	62
	63	name = gnutls_cipher_suite_info(idx, (unsigned char *)&cipher,
	64	NULL, NULL, NULL, &protocol);
	65	if (name == NULL) {
	66	continue;
	67	}
	68
	69	version = gnutls_protocol_get_name(protocol);
	70	g_byte_array_append(byte_array, cipher.data, 2);
	71	trace_qcrypto_tls_cipher_suite_info(cipher.data[0],
	72	cipher.data[1],
	73	version, name);
	74	}
	75	trace_qcrypto_tls_cipher_suite_count(byte_array->len);
	76	gnutls_priority_deinit(pcache);
	77
	78	return byte_array;
	79	}
	80
81	static void qcrypto_tls_cipher_suites_complete(UserCreatable *uc,
82	Error **errp)
83	{
84	QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(uc);
85
86	if (!creds->priority) {
87	error_setg(errp, "'priority' property is not set");
88	return;
89	}
90	}
91
69699f30 PMD	92	static GByteArray qcrypto_tls_cipher_suites_fw_cfg_gen_data(Object obj,
	93	Error **errp)
	94	{
	95	return qcrypto_tls_cipher_suites_get_data(QCRYPTO_TLS_CIPHER_SUITES(obj),
	96	errp);
	97	}
	98
993aec27 PMD	99	static void qcrypto_tls_cipher_suites_class_init(ObjectClass oc, void data)
	100	{
	101	UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
69699f30	102	FWCfgDataGeneratorClass *fwgc = FW_CFG_DATA_GENERATOR_CLASS(oc);
993aec27 PMD	103
993aec27 PMD	104	ucc->complete = qcrypto_tls_cipher_suites_complete;
69699f30	105	fwgc->get_data = qcrypto_tls_cipher_suites_fw_cfg_gen_data;
993aec27 PMD	106	}
	107
	108	static const TypeInfo qcrypto_tls_cipher_suites_info = {
	109	.parent = TYPE_QCRYPTO_TLS_CREDS,
	110	.name = TYPE_QCRYPTO_TLS_CIPHER_SUITES,
a7c893a1	111	.instance_size = sizeof(QCryptoTLSCipherSuites),
993aec27 PMD	112	.class_size = sizeof(QCryptoTLSCredsClass),
	113	.class_init = qcrypto_tls_cipher_suites_class_init,
	114	.interfaces = (InterfaceInfo[]) {
	115	{ TYPE_USER_CREATABLE },
69699f30	116	{ TYPE_FW_CFG_DATA_GENERATOR_INTERFACE },
993aec27 PMD	117	{ }
	118	}
	119	};
	120
	121	static void qcrypto_tls_cipher_suites_register_types(void)
	122	{
	123	type_register_static(&qcrypto_tls_cipher_suites_info);
	124	}
	125
	126	type_init(qcrypto_tls_cipher_suites_register_types);