1d8bda128d
We traditionally mark optional members #optional in the doc comment. Before commit3313b61
, this was entirely manual. Commit3313b61
added some automation because its qapi2texi.py relied on #optional to determine whether a member is optional. This is no longer the case since the previous commit: the only thing qapi2texi.py still does with #optional is stripping it out. We still reject bogus qapi-schema.json and six places for qga/qapi-schema.json. Thus, you can't actually rely on #optional to see whether something is optional. Yet we still make people add it manually. That's just busy-work. Drop the code to check, fix up and strip out #optional, along with all instances of #optional. To keep it out, add code to reject it, to be dropped again once the dust settles. No change to generated documentation. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-18-git-send-email-armbru@redhat.com>
323 lines
8.5 KiB
Python
323 lines
8.5 KiB
Python
# -*- Mode: Python -*-
|
|
#
|
|
|
|
##
|
|
# = QAPI crypto definitions
|
|
##
|
|
|
|
##
|
|
# @QCryptoTLSCredsEndpoint:
|
|
#
|
|
# The type of network endpoint that will be using the credentials.
|
|
# Most types of credential require different setup / structures
|
|
# depending on whether they will be used in a server versus a
|
|
# client.
|
|
#
|
|
# @client: the network endpoint is acting as the client
|
|
#
|
|
# @server: the network endpoint is acting as the server
|
|
#
|
|
# Since: 2.5
|
|
##
|
|
{ 'enum': 'QCryptoTLSCredsEndpoint',
|
|
'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
|
|
'data': ['client', 'server']}
|
|
|
|
|
|
##
|
|
# @QCryptoSecretFormat:
|
|
#
|
|
# The data format that the secret is provided in
|
|
#
|
|
# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used
|
|
# @base64: arbitrary base64 encoded binary data
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoSecretFormat',
|
|
'prefix': 'QCRYPTO_SECRET_FORMAT',
|
|
'data': ['raw', 'base64']}
|
|
|
|
|
|
##
|
|
# @QCryptoHashAlgorithm:
|
|
#
|
|
# The supported algorithms for computing content digests
|
|
#
|
|
# @md5: MD5. Should not be used in any new code, legacy compat only
|
|
# @sha1: SHA-1. Should not be used in any new code, legacy compat only
|
|
# @sha224: SHA-224. (since 2.7)
|
|
# @sha256: SHA-256. Current recommended strong hash.
|
|
# @sha384: SHA-384. (since 2.7)
|
|
# @sha512: SHA-512. (since 2.7)
|
|
# @ripemd160: RIPEMD-160. (since 2.7)
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoHashAlgorithm',
|
|
'prefix': 'QCRYPTO_HASH_ALG',
|
|
'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
|
|
|
|
|
|
##
|
|
# @QCryptoCipherAlgorithm:
|
|
#
|
|
# The supported algorithms for content encryption ciphers
|
|
#
|
|
# @aes-128: AES with 128 bit / 16 byte keys
|
|
# @aes-192: AES with 192 bit / 24 byte keys
|
|
# @aes-256: AES with 256 bit / 32 byte keys
|
|
# @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
|
|
# @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9)
|
|
# @cast5-128: Cast5 with 128 bit / 16 byte keys
|
|
# @serpent-128: Serpent with 128 bit / 16 byte keys
|
|
# @serpent-192: Serpent with 192 bit / 24 byte keys
|
|
# @serpent-256: Serpent with 256 bit / 32 byte keys
|
|
# @twofish-128: Twofish with 128 bit / 16 byte keys
|
|
# @twofish-192: Twofish with 192 bit / 24 byte keys
|
|
# @twofish-256: Twofish with 256 bit / 32 byte keys
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoCipherAlgorithm',
|
|
'prefix': 'QCRYPTO_CIPHER_ALG',
|
|
'data': ['aes-128', 'aes-192', 'aes-256',
|
|
'des-rfb', '3des',
|
|
'cast5-128',
|
|
'serpent-128', 'serpent-192', 'serpent-256',
|
|
'twofish-128', 'twofish-192', 'twofish-256']}
|
|
|
|
|
|
##
|
|
# @QCryptoCipherMode:
|
|
#
|
|
# The supported modes for content encryption ciphers
|
|
#
|
|
# @ecb: Electronic Code Book
|
|
# @cbc: Cipher Block Chaining
|
|
# @xts: XEX with tweaked code book and ciphertext stealing
|
|
# @ctr: Counter (Since 2.8)
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoCipherMode',
|
|
'prefix': 'QCRYPTO_CIPHER_MODE',
|
|
'data': ['ecb', 'cbc', 'xts', 'ctr']}
|
|
|
|
|
|
##
|
|
# @QCryptoIVGenAlgorithm:
|
|
#
|
|
# The supported algorithms for generating initialization
|
|
# vectors for full disk encryption. The 'plain' generator
|
|
# should not be used for disks with sector numbers larger
|
|
# than 2^32, except where compatibility with pre-existing
|
|
# Linux dm-crypt volumes is required.
|
|
#
|
|
# @plain: 64-bit sector number truncated to 32-bits
|
|
# @plain64: 64-bit sector number
|
|
# @essiv: 64-bit sector number encrypted with a hash of the encryption key
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoIVGenAlgorithm',
|
|
'prefix': 'QCRYPTO_IVGEN_ALG',
|
|
'data': ['plain', 'plain64', 'essiv']}
|
|
|
|
##
|
|
# @QCryptoBlockFormat:
|
|
#
|
|
# The supported full disk encryption formats
|
|
#
|
|
# @qcow: QCow/QCow2 built-in AES-CBC encryption. Use only
|
|
# for liberating data from old images.
|
|
# @luks: LUKS encryption format. Recommended for new images
|
|
#
|
|
# Since: 2.6
|
|
##
|
|
{ 'enum': 'QCryptoBlockFormat',
|
|
# 'prefix': 'QCRYPTO_BLOCK_FORMAT',
|
|
'data': ['qcow', 'luks']}
|
|
|
|
##
|
|
# @QCryptoBlockOptionsBase:
|
|
#
|
|
# The common options that apply to all full disk
|
|
# encryption formats
|
|
#
|
|
# @format: the encryption format
|
|
#
|
|
# Since: 2.6
|
|
##
|
|
{ 'struct': 'QCryptoBlockOptionsBase',
|
|
'data': { 'format': 'QCryptoBlockFormat' }}
|
|
|
|
##
|
|
# @QCryptoBlockOptionsQCow:
|
|
#
|
|
# The options that apply to QCow/QCow2 AES-CBC encryption format
|
|
#
|
|
# @key-secret: the ID of a QCryptoSecret object providing the
|
|
# decryption key. Mandatory except when probing image for
|
|
# metadata only.
|
|
#
|
|
# Since: 2.6
|
|
##
|
|
{ 'struct': 'QCryptoBlockOptionsQCow',
|
|
'data': { '*key-secret': 'str' }}
|
|
|
|
##
|
|
# @QCryptoBlockOptionsLUKS:
|
|
#
|
|
# The options that apply to LUKS encryption format
|
|
#
|
|
# @key-secret: the ID of a QCryptoSecret object providing the
|
|
# decryption key. Mandatory except when probing image for
|
|
# metadata only.
|
|
# Since: 2.6
|
|
##
|
|
{ 'struct': 'QCryptoBlockOptionsLUKS',
|
|
'data': { '*key-secret': 'str' }}
|
|
|
|
|
|
##
|
|
# @QCryptoBlockCreateOptionsLUKS:
|
|
#
|
|
# The options that apply to LUKS encryption format initialization
|
|
#
|
|
# @cipher-alg: the cipher algorithm for data encryption
|
|
# Currently defaults to 'aes'.
|
|
# @cipher-mode: the cipher mode for data encryption
|
|
# Currently defaults to 'cbc'
|
|
# @ivgen-alg: the initialization vector generator
|
|
# Currently defaults to 'essiv'
|
|
# @ivgen-hash-alg: the initialization vector generator hash
|
|
# Currently defaults to 'sha256'
|
|
# @hash-alg: the master key hash algorithm
|
|
# Currently defaults to 'sha256'
|
|
# @iter-time: number of milliseconds to spend in
|
|
# PBKDF passphrase processing. Currently defaults
|
|
# to 2000. (since 2.8)
|
|
# Since: 2.6
|
|
##
|
|
{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
|
|
'base': 'QCryptoBlockOptionsLUKS',
|
|
'data': { '*cipher-alg': 'QCryptoCipherAlgorithm',
|
|
'*cipher-mode': 'QCryptoCipherMode',
|
|
'*ivgen-alg': 'QCryptoIVGenAlgorithm',
|
|
'*ivgen-hash-alg': 'QCryptoHashAlgorithm',
|
|
'*hash-alg': 'QCryptoHashAlgorithm',
|
|
'*iter-time': 'int'}}
|
|
|
|
|
|
##
|
|
# @QCryptoBlockOpenOptions:
|
|
#
|
|
# The options that are available for all encryption formats
|
|
# when opening an existing volume
|
|
#
|
|
# Since: 2.6
|
|
##
|
|
{ 'union': 'QCryptoBlockOpenOptions',
|
|
'base': 'QCryptoBlockOptionsBase',
|
|
'discriminator': 'format',
|
|
'data': { 'qcow': 'QCryptoBlockOptionsQCow',
|
|
'luks': 'QCryptoBlockOptionsLUKS' } }
|
|
|
|
|
|
##
|
|
# @QCryptoBlockCreateOptions:
|
|
#
|
|
# The options that are available for all encryption formats
|
|
# when initializing a new volume
|
|
#
|
|
# Since: 2.6
|
|
##
|
|
{ 'union': 'QCryptoBlockCreateOptions',
|
|
'base': 'QCryptoBlockOptionsBase',
|
|
'discriminator': 'format',
|
|
'data': { 'qcow': 'QCryptoBlockOptionsQCow',
|
|
'luks': 'QCryptoBlockCreateOptionsLUKS' } }
|
|
|
|
|
|
##
|
|
# @QCryptoBlockInfoBase:
|
|
#
|
|
# The common information that applies to all full disk
|
|
# encryption formats
|
|
#
|
|
# @format: the encryption format
|
|
#
|
|
# Since: 2.7
|
|
##
|
|
{ 'struct': 'QCryptoBlockInfoBase',
|
|
'data': { 'format': 'QCryptoBlockFormat' }}
|
|
|
|
|
|
##
|
|
# @QCryptoBlockInfoLUKSSlot:
|
|
#
|
|
# Information about the LUKS block encryption key
|
|
# slot options
|
|
#
|
|
# @active: whether the key slot is currently in use
|
|
# @key-offset: offset to the key material in bytes
|
|
# @iters: number of PBKDF2 iterations for key material
|
|
# @stripes: number of stripes for splitting key material
|
|
#
|
|
# Since: 2.7
|
|
##
|
|
{ 'struct': 'QCryptoBlockInfoLUKSSlot',
|
|
'data': {'active': 'bool',
|
|
'*iters': 'int',
|
|
'*stripes': 'int',
|
|
'key-offset': 'int' } }
|
|
|
|
|
|
##
|
|
# @QCryptoBlockInfoLUKS:
|
|
#
|
|
# Information about the LUKS block encryption options
|
|
#
|
|
# @cipher-alg: the cipher algorithm for data encryption
|
|
# @cipher-mode: the cipher mode for data encryption
|
|
# @ivgen-alg: the initialization vector generator
|
|
# @ivgen-hash-alg: the initialization vector generator hash
|
|
# @hash-alg: the master key hash algorithm
|
|
# @payload-offset: offset to the payload data in bytes
|
|
# @master-key-iters: number of PBKDF2 iterations for key material
|
|
# @uuid: unique identifier for the volume
|
|
# @slots: information about each key slot
|
|
#
|
|
# Since: 2.7
|
|
##
|
|
{ 'struct': 'QCryptoBlockInfoLUKS',
|
|
'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
|
|
'cipher-mode': 'QCryptoCipherMode',
|
|
'ivgen-alg': 'QCryptoIVGenAlgorithm',
|
|
'*ivgen-hash-alg': 'QCryptoHashAlgorithm',
|
|
'hash-alg': 'QCryptoHashAlgorithm',
|
|
'payload-offset': 'int',
|
|
'master-key-iters': 'int',
|
|
'uuid': 'str',
|
|
'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
|
|
|
|
##
|
|
# @QCryptoBlockInfoQCow:
|
|
#
|
|
# Information about the QCow block encryption options
|
|
#
|
|
# Since: 2.7
|
|
##
|
|
{ 'struct': 'QCryptoBlockInfoQCow',
|
|
'data': { }}
|
|
|
|
|
|
##
|
|
# @QCryptoBlockInfo:
|
|
#
|
|
# Information about the block encryption options
|
|
#
|
|
# Since: 2.7
|
|
##
|
|
{ 'union': 'QCryptoBlockInfo',
|
|
'base': 'QCryptoBlockInfoBase',
|
|
'discriminator': 'format',
|
|
'data': { 'qcow': 'QCryptoBlockInfoQCow',
|
|
'luks': 'QCryptoBlockInfoLUKS' } }
|