diff options
| author | Peter Maydell | 2018-07-04 00:06:18 +0200 |
|---|---|---|
| committer | Peter Maydell | 2018-07-04 00:06:18 +0200 |
| commit | 2a018f6e98782a4931b936a3087404ed81685bac (patch) | |
| tree | af5c160ce5077ef7dd323d13a4e463eb83230b1d /qemu-options.hx | |
| parent | Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180703-pull-request' ... (diff) | |
| parent | crypto: Implement TLS Pre-Shared Keys (PSK). (diff) | |
| download | qemu-2a018f6e98782a4931b936a3087404ed81685bac.tar.gz qemu-2a018f6e98782a4931b936a3087404ed81685bac.tar.xz qemu-2a018f6e98782a4931b936a3087404ed81685bac.zip | |
Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging
Add support for PSK credentials with TLS
# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/qcrypto-next-pull-request:
crypto: Implement TLS Pre-Shared Keys (PSK).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index 81b1e99d58..16208f63f2 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4123,6 +4123,30 @@ expensive operation that consumes random pool entropy, so it is recommended that a persistent set of parameters be generated upfront and saved. +@item -object tls-creds-psk,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/keys/dir}[,username=@var{username}] + +Creates a TLS Pre-Shared Keys (PSK) credentials object, which can be used to provide +TLS support on network backends. The @option{id} parameter is a unique +ID which network backends will use to access the credentials. The +@option{endpoint} is either @option{server} or @option{client} depending +on whether the QEMU network backend that uses the credentials will be +acting as a client or as a server. For clients only, @option{username} +is the username which will be sent to the server. If omitted +it defaults to ``qemu''. + +The @var{dir} parameter tells QEMU where to find the keys file. +It is called ``@var{dir}/keys.psk'' and contains ``username:key'' +pairs. This file can most easily be created using the GnuTLS +@code{psktool} program. + +For server endpoints, @var{dir} may also contain a file +@var{dh-params.pem} providing diffie-hellman parameters to use +for the TLS server. If the file is missing, QEMU will generate +a set of DH parameters at startup. This is a computationally +expensive operation that consumes random pool entropy, so it is +recommended that a persistent set of parameters be generated +up front and saved. + @item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},priority=@var{priority},verify-peer=@var{on|off},passwordid=@var{id} Creates a TLS anonymous credentials object, which can be used to provide |