summaryrefslogtreecommitdiffstats
path: root/qemu/include/crypto
diff options
context:
space:
mode:
authorRajithaY <rajithax.yerrumsetty@intel.com>2017-04-25 03:31:15 -0700
committerRajitha Yerrumchetty <rajithax.yerrumsetty@intel.com>2017-05-22 06:48:08 +0000
commitbb756eebdac6fd24e8919e2c43f7d2c8c4091f59 (patch)
treeca11e03542edf2d8f631efeca5e1626d211107e3 /qemu/include/crypto
parenta14b48d18a9ed03ec191cf16b162206998a895ce (diff)
Adding qemu as a submodule of KVMFORNFV
This Patch includes the changes to add qemu as a submodule to kvmfornfv repo and make use of the updated latest qemu for the execution of all testcase Change-Id: I1280af507a857675c7f81d30c95255635667bdd7 Signed-off-by:RajithaY<rajithax.yerrumsetty@intel.com>
Diffstat (limited to 'qemu/include/crypto')
-rw-r--r--qemu/include/crypto/aes.h68
-rw-r--r--qemu/include/crypto/afsplit.h135
-rw-r--r--qemu/include/crypto/block.h232
-rw-r--r--qemu/include/crypto/cipher.h233
-rw-r--r--qemu/include/crypto/desrfb.h49
-rw-r--r--qemu/include/crypto/hash.h192
-rw-r--r--qemu/include/crypto/init.h26
-rw-r--r--qemu/include/crypto/ivgen.h206
-rw-r--r--qemu/include/crypto/pbkdf.h152
-rw-r--r--qemu/include/crypto/random.h44
-rw-r--r--qemu/include/crypto/secret.h146
-rw-r--r--qemu/include/crypto/tlscreds.h66
-rw-r--r--qemu/include/crypto/tlscredsanon.h112
-rw-r--r--qemu/include/crypto/tlscredsx509.h114
-rw-r--r--qemu/include/crypto/tlssession.h322
-rw-r--r--qemu/include/crypto/xts.h86
16 files changed, 0 insertions, 2183 deletions
diff --git a/qemu/include/crypto/aes.h b/qemu/include/crypto/aes.h
deleted file mode 100644
index a006da222..000000000
--- a/qemu/include/crypto/aes.h
+++ /dev/null
@@ -1,68 +0,0 @@
-#ifndef QEMU_AES_H
-#define QEMU_AES_H
-
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
-
-struct aes_key_st {
- uint32_t rd_key[4 *(AES_MAXNR + 1)];
- int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */
-#ifdef __FreeBSD__
-#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
-#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
-#define AES_encrypt QEMU_AES_encrypt
-#define AES_decrypt QEMU_AES_decrypt
-#define AES_cbc_encrypt QEMU_AES_cbc_encrypt
-#endif
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, const int enc);
-
-extern const uint8_t AES_sbox[256];
-extern const uint8_t AES_isbox[256];
-
-/* AES ShiftRows and InvShiftRows */
-extern const uint8_t AES_shifts[16];
-extern const uint8_t AES_ishifts[16];
-
-/* AES InvMixColumns */
-/* AES_imc[x][0] = [x].[0e, 09, 0d, 0b]; */
-/* AES_imc[x][1] = [x].[0b, 0e, 09, 0d]; */
-/* AES_imc[x][2] = [x].[0d, 0b, 0e, 09]; */
-/* AES_imc[x][3] = [x].[09, 0d, 0b, 0e]; */
-extern const uint32_t AES_imc[256][4];
-
-/*
-AES_Te0[x] = S [x].[02, 01, 01, 03];
-AES_Te1[x] = S [x].[03, 02, 01, 01];
-AES_Te2[x] = S [x].[01, 03, 02, 01];
-AES_Te3[x] = S [x].[01, 01, 03, 02];
-AES_Te4[x] = S [x].[01, 01, 01, 01];
-
-AES_Td0[x] = Si[x].[0e, 09, 0d, 0b];
-AES_Td1[x] = Si[x].[0b, 0e, 09, 0d];
-AES_Td2[x] = Si[x].[0d, 0b, 0e, 09];
-AES_Td3[x] = Si[x].[09, 0d, 0b, 0e];
-AES_Td4[x] = Si[x].[01, 01, 01, 01];
-*/
-
-extern const uint32_t AES_Te0[256], AES_Te1[256], AES_Te2[256],
- AES_Te3[256], AES_Te4[256];
-extern const uint32_t AES_Td0[256], AES_Td1[256], AES_Td2[256],
- AES_Td3[256], AES_Td4[256];
-
-#endif
diff --git a/qemu/include/crypto/afsplit.h b/qemu/include/crypto/afsplit.h
deleted file mode 100644
index 4cc4ca4b3..000000000
--- a/qemu/include/crypto/afsplit.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * QEMU Crypto anti forensic information splitter
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_AFSPLIT_H__
-#define QCRYPTO_AFSPLIT_H__
-
-#include "crypto/hash.h"
-
-/**
- * This module implements the anti-forensic splitter that is specified
- * as part of the LUKS format:
- *
- * http://clemens.endorphin.org/cryptography
- * http://clemens.endorphin.org/TKS1-draft.pdf
- *
- * The core idea is to take a short piece of data (key material)
- * and process it to expand it to a much larger piece of data.
- * The expansion process is reversible, to obtain the original
- * short data. The key property of the expansion is that if any
- * byte in the larger data set is changed / missing, it should be
- * impossible to recreate the original short data.
- *
- * <example>
- * <title>Creating a large split key for storage</title>
- * <programlisting>
- * size_t nkey = 32;
- * uint32_t stripes = 32768; // To produce a 1 MB split key
- * uint8_t *masterkey = ....a 32-byte AES key...
- * uint8_t *splitkey;
- *
- * splitkey = g_new0(uint8_t, nkey * stripes);
- *
- * if (qcrypto_afsplit_encode(QCRYPTO_HASH_ALG_SHA256,
- * nkey, stripes,
- * masterkey, splitkey, errp) < 0) {
- * g_free(splitkey);
- * g_free(masterkey);
- * return -1;
- * }
- *
- * ...store splitkey somewhere...
- *
- * g_free(splitkey);
- * g_free(masterkey);
- * </programlisting>
- * </example>
- *
- * <example>
- * <title>Retrieving a master key from storage</title>
- * <programlisting>
- * size_t nkey = 32;
- * uint32_t stripes = 32768; // To produce a 1 MB split key
- * uint8_t *masterkey;
- * uint8_t *splitkey = .... read in 1 MB of data...
- *
- * masterkey = g_new0(uint8_t, nkey);
- *
- * if (qcrypto_afsplit_decode(QCRYPTO_HASH_ALG_SHA256,
- * nkey, stripes,
- * splitkey, masterkey, errp) < 0) {
- * g_free(splitkey);
- * g_free(masterkey);
- * return -1;
- * }
- *
- * ..decrypt data with masterkey...
- *
- * g_free(splitkey);
- * g_free(masterkey);
- * </programlisting>
- * </example>
- */
-
-/**
- * qcrypto_afsplit_encode:
- * @hash: the hash algorithm to use for data expansion
- * @blocklen: the size of @in in bytes
- * @stripes: the number of times to expand @in in size
- * @in: the master key to be expanded in size
- * @out: preallocated buffer to hold the split key
- * @errp: pointer to a NULL-initialized error object
- *
- * Split the data in @in, which is @blocklen bytes in
- * size, to form a larger piece of data @out, which is
- * @blocklen * @stripes bytes in size.
- *
- * Returns: 0 on success, -1 on error;
- */
-int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
- size_t blocklen,
- uint32_t stripes,
- const uint8_t *in,
- uint8_t *out,
- Error **errp);
-
-/**
- * qcrypto_afsplit_decode:
- * @hash: the hash algorithm to use for data compression
- * @blocklen: the size of @out in bytes
- * @stripes: the number of times to decrease @in in size
- * @in: the split key to be recombined
- * @out: preallocated buffer to hold the master key
- * @errp: pointer to a NULL-initialized error object
- *
- * Join the data in @in, which is @blocklen * @stripes
- * bytes in size, to form the original small piece of
- * data @out, which is @blocklen bytes in size.
- *
- * Returns: 0 on success, -1 on error;
- */
-int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
- size_t blocklen,
- uint32_t stripes,
- const uint8_t *in,
- uint8_t *out,
- Error **errp);
-
-#endif /* QCRYPTO_AFSPLIT_H__ */
diff --git a/qemu/include/crypto/block.h b/qemu/include/crypto/block.h
deleted file mode 100644
index a21e11ff8..000000000
--- a/qemu/include/crypto/block.h
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * QEMU Crypto block device encryption
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_BLOCK_H__
-#define QCRYPTO_BLOCK_H__
-
-#include "crypto/cipher.h"
-#include "crypto/ivgen.h"
-
-typedef struct QCryptoBlock QCryptoBlock;
-
-/* See also QCryptoBlockFormat, QCryptoBlockCreateOptions
- * and QCryptoBlockOpenOptions in qapi/crypto.json */
-
-typedef ssize_t (*QCryptoBlockReadFunc)(QCryptoBlock *block,
- size_t offset,
- uint8_t *buf,
- size_t buflen,
- Error **errp,
- void *opaque);
-
-typedef ssize_t (*QCryptoBlockInitFunc)(QCryptoBlock *block,
- size_t headerlen,
- Error **errp,
- void *opaque);
-
-typedef ssize_t (*QCryptoBlockWriteFunc)(QCryptoBlock *block,
- size_t offset,
- const uint8_t *buf,
- size_t buflen,
- Error **errp,
- void *opaque);
-
-/**
- * qcrypto_block_has_format:
- * @format: the encryption format
- * @buf: the data from head of the volume
- * @len: the length of @buf in bytes
- *
- * Given @len bytes of data from the head of a storage volume
- * in @buf, probe to determine if the volume has the encryption
- * format specified in @format.
- *
- * Returns: true if the data in @buf matches @format
- */
-bool qcrypto_block_has_format(QCryptoBlockFormat format,
- const uint8_t *buf,
- size_t buflen);
-
-typedef enum {
- QCRYPTO_BLOCK_OPEN_NO_IO = (1 << 0),
-} QCryptoBlockOpenFlags;
-
-/**
- * qcrypto_block_open:
- * @options: the encryption options
- * @readfunc: callback for reading data from the volume
- * @opaque: data to pass to @readfunc
- * @flags: bitmask of QCryptoBlockOpenFlags values
- * @errp: pointer to a NULL-initialized error object
- *
- * Create a new block encryption object for an existing
- * storage volume encrypted with format identified by
- * the parameters in @options.
- *
- * This will use @readfunc to initialize the encryption
- * context based on the volume header(s), extracting the
- * master key(s) as required.
- *
- * If @flags contains QCRYPTO_BLOCK_OPEN_NO_IO then
- * the open process will be optimized to skip any parts
- * that are only required to perform I/O. In particular
- * this would usually avoid the need to decrypt any
- * master keys. The only thing that can be done with
- * the resulting QCryptoBlock object would be to query
- * metadata such as the payload offset. There will be
- * no cipher or ivgen objects available.
- *
- * If any part of initializing the encryption context
- * fails an error will be returned. This could be due
- * to the volume being in the wrong format, a cipher
- * or IV generator algorithm that is not supported,
- * or incorrect passphrases.
- *
- * Returns: a block encryption format, or NULL on error
- */
-QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
- QCryptoBlockReadFunc readfunc,
- void *opaque,
- unsigned int flags,
- Error **errp);
-
-/**
- * qcrypto_block_create:
- * @format: the encryption format
- * @initfunc: callback for initializing volume header
- * @writefunc: callback for writing data to the volume header
- * @opaque: data to pass to @initfunc and @writefunc
- * @errp: pointer to a NULL-initialized error object
- *
- * Create a new block encryption object for initializing
- * a storage volume to be encrypted with format identified
- * by the parameters in @options.
- *
- * This method will allocate space for a new volume header
- * using @initfunc and then write header data using @writefunc,
- * generating new master keys, etc as required. Any existing
- * data present on the volume will be irrevocably destroyed.
- *
- * If any part of initializing the encryption context
- * fails an error will be returned. This could be due
- * to the volume being in the wrong format, a cipher
- * or IV generator algorithm that is not supported,
- * or incorrect passphrases.
- *
- * Returns: a block encryption format, or NULL on error
- */
-QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
- QCryptoBlockInitFunc initfunc,
- QCryptoBlockWriteFunc writefunc,
- void *opaque,
- Error **errp);
-
-/**
- * @qcrypto_block_decrypt:
- * @block: the block encryption object
- * @startsector: the sector from which @buf was read
- * @buf: the buffer to decrypt
- * @len: the length of @buf in bytes
- * @errp: pointer to a NULL-initialized error object
- *
- * Decrypt @len bytes of cipher text in @buf, writing
- * plain text back into @buf
- *
- * Returns 0 on success, -1 on failure
- */
-int qcrypto_block_decrypt(QCryptoBlock *block,
- uint64_t startsector,
- uint8_t *buf,
- size_t len,
- Error **errp);
-
-/**
- * @qcrypto_block_encrypt:
- * @block: the block encryption object
- * @startsector: the sector to which @buf will be written
- * @buf: the buffer to decrypt
- * @len: the length of @buf in bytes
- * @errp: pointer to a NULL-initialized error object
- *
- * Encrypt @len bytes of plain text in @buf, writing
- * cipher text back into @buf
- *
- * Returns 0 on success, -1 on failure
- */
-int qcrypto_block_encrypt(QCryptoBlock *block,
- uint64_t startsector,
- uint8_t *buf,
- size_t len,
- Error **errp);
-
-/**
- * qcrypto_block_get_cipher:
- * @block: the block encryption object
- *
- * Get the cipher to use for payload encryption
- *
- * Returns: the cipher object
- */
-QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block);
-
-/**
- * qcrypto_block_get_ivgen:
- * @block: the block encryption object
- *
- * Get the initialization vector generator to use for
- * payload encryption
- *
- * Returns: the IV generator object
- */
-QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block);
-
-
-/**
- * qcrypto_block_get_kdf_hash:
- * @block: the block encryption object
- *
- * Get the hash algorithm used with the key derivation
- * function
- *
- * Returns: the hash algorithm
- */
-QCryptoHashAlgorithm qcrypto_block_get_kdf_hash(QCryptoBlock *block);
-
-/**
- * qcrypto_block_get_payload_offset:
- * @block: the block encryption object
- *
- * Get the offset to the payload indicated by the
- * encryption header, in bytes.
- *
- * Returns: the payload offset in bytes
- */
-uint64_t qcrypto_block_get_payload_offset(QCryptoBlock *block);
-
-/**
- * qcrypto_block_free:
- * @block: the block encryption object
- *
- * Release all resources associated with the encryption
- * object
- */
-void qcrypto_block_free(QCryptoBlock *block);
-
-#endif /* QCRYPTO_BLOCK_H__ */
diff --git a/qemu/include/crypto/cipher.h b/qemu/include/crypto/cipher.h
deleted file mode 100644
index d770c4835..000000000
--- a/qemu/include/crypto/cipher.h
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * QEMU Crypto cipher algorithms
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_CIPHER_H__
-#define QCRYPTO_CIPHER_H__
-
-#include "qapi-types.h"
-
-typedef struct QCryptoCipher QCryptoCipher;
-
-/* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode"
- * enums defined in qapi/crypto.json */
-
-/**
- * QCryptoCipher:
- *
- * The QCryptoCipher object provides a way to perform encryption
- * and decryption of data, with a standard API, regardless of the
- * algorithm used. It further isolates the calling code from the
- * details of the specific underlying implementation, whether
- * built-in, libgcrypt or nettle.
- *
- * Each QCryptoCipher object is capable of performing both
- * encryption and decryption, and can operate in a number
- * or modes including ECB, CBC.
- *
- * <example>
- * <title>Encrypting data with AES-128 in CBC mode</title>
- * <programlisting>
- * QCryptoCipher *cipher;
- * uint8_t key = ....;
- * size_t keylen = 16;
- * uint8_t iv = ....;
- *
- * if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
- * error_report(errp, "Feature <blah> requires AES cipher support");
- * return -1;
- * }
- *
- * cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
- * QCRYPTO_CIPHER_MODE_CBC,
- * key, keylen,
- * errp);
- * if (!cipher) {
- * return -1;
- * }
- *
- * if (qcrypto_cipher_set_iv(cipher, iv, keylen, errp) < 0) {
- * return -1;
- * }
- *
- * if (qcrypto_cipher_encrypt(cipher, rawdata, encdata, datalen, errp) < 0) {
- * return -1;
- * }
- *
- * qcrypto_cipher_free(cipher);
- * </programlisting>
- * </example>
- *
- */
-
-struct QCryptoCipher {
- QCryptoCipherAlgorithm alg;
- QCryptoCipherMode mode;
- void *opaque;
-};
-
-/**
- * qcrypto_cipher_supports:
- * @alg: the cipher algorithm
- *
- * Determine if @alg cipher algorithm is supported by the
- * current configured build
- *
- * Returns: true if the algorithm is supported, false otherwise
- */
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg);
-
-/**
- * qcrypto_cipher_get_block_len:
- * @alg: the cipher algorithm
- *
- * Get the required data block size in bytes. When
- * encrypting data, it must be a multiple of the
- * block size.
- *
- * Returns: the block size in bytes
- */
-size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg);
-
-
-/**
- * qcrypto_cipher_get_key_len:
- * @alg: the cipher algorithm
- *
- * Get the required key size in bytes.
- *
- * Returns: the key size in bytes
- */
-size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg);
-
-
-/**
- * qcrypto_cipher_get_iv_len:
- * @alg: the cipher algorithm
- * @mode: the cipher mode
- *
- * Get the required initialization vector size
- * in bytes, if one is required.
- *
- * Returns: the IV size in bytes, or 0 if no IV is permitted
- */
-size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode);
-
-
-/**
- * qcrypto_cipher_new:
- * @alg: the cipher algorithm
- * @mode: the cipher usage mode
- * @key: the private key bytes
- * @nkey: the length of @key
- * @errp: pointer to a NULL-initialized error object
- *
- * Creates a new cipher object for encrypting/decrypting
- * data with the algorithm @alg in the usage mode @mode.
- *
- * The @key parameter provides the bytes representing
- * the encryption/decryption key to use. The @nkey parameter
- * specifies the length of @key in bytes. Each algorithm has
- * one or more valid key lengths, and it is an error to provide
- * a key of the incorrect length.
- *
- * The returned cipher object must be released with
- * qcrypto_cipher_free() when no longer required
- *
- * Returns: a new cipher object, or NULL on error
- */
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp);
-
-/**
- * qcrypto_cipher_free:
- * @cipher: the cipher object
- *
- * Release the memory associated with @cipher that
- * was previously allocated by qcrypto_cipher_new()
- */
-void qcrypto_cipher_free(QCryptoCipher *cipher);
-
-/**
- * qcrypto_cipher_encrypt:
- * @cipher: the cipher object
- * @in: buffer holding the plain text input data
- * @out: buffer to fill with the cipher text output data
- * @len: the length of @in and @out buffers
- * @errp: pointer to a NULL-initialized error object
- *
- * Encrypts the plain text stored in @in, filling
- * @out with the resulting ciphered text. Both the
- * @in and @out buffers must have the same size,
- * given by @len.
- *
- * Returns: 0 on success, or -1 on error
- */
-int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp);
-
-
-/**
- * qcrypto_cipher_decrypt:
- * @cipher: the cipher object
- * @in: buffer holding the cipher text input data
- * @out: buffer to fill with the plain text output data
- * @len: the length of @in and @out buffers
- * @errp: pointer to a NULL-initialized error object
- *
- * Decrypts the cipher text stored in @in, filling
- * @out with the resulting plain text. Both the
- * @in and @out buffers must have the same size,
- * given by @len.
- *
- * Returns: 0 on success, or -1 on error
- */
-int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp);
-
-/**
- * qcrypto_cipher_setiv:
- * @cipher: the cipher object
- * @iv: the initialization vector bytes
- * @niv: the length of @iv
- * @errpr: pointer to a NULL-initialized error object
- *
- * If the @cipher object is setup to use a mode that requires
- * initialization vectors, this sets the initialization vector
- * bytes. The @iv data should have the same length as the
- * cipher key used when originally constructing the cipher
- * object. It is an error to set an initialization vector
- * if the cipher mode does not require one.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_cipher_setiv(QCryptoCipher *cipher,
- const uint8_t *iv, size_t niv,
- Error **errp);
-
-#endif /* QCRYPTO_CIPHER_H__ */
diff --git a/qemu/include/crypto/desrfb.h b/qemu/include/crypto/desrfb.h
deleted file mode 100644
index 773667ee7..000000000
--- a/qemu/include/crypto/desrfb.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * This is D3DES (V5.09) by Richard Outerbridge with the double and
- * triple-length support removed for use in VNC.
- *
- * These changes are:
- * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- */
-#ifndef D3DES_H
-#define D3DES_H 1
-
-/* d3des.h -
- *
- * Headers and defines for d3des.c
- * Graven Imagery, 1992.
- *
- * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge
- * (GEnie : OUTER; CIS : [71755,204])
- */
-
-#define EN0 0 /* MODE == encrypt */
-#define DE1 1 /* MODE == decrypt */
-
-void deskey(unsigned char *, int);
-/* hexkey[8] MODE
- * Sets the internal key register according to the hexadecimal
- * key contained in the 8 bytes of hexkey, according to the DES,
- * for encryption or decryption according to MODE.
- */
-
-void usekey(unsigned long *);
-/* cookedkey[32]
- * Loads the internal key register with the data in cookedkey.
- */
-
-void des(unsigned char *, unsigned char *);
-/* from[8] to[8]
- * Encrypts/Decrypts (according to the key currently loaded in the
- * internal key register) one block of eight bytes at address 'from'
- * into the block at address 'to'. They can be the same.
- */
-
-/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery
- ********************************************************************/
-
-#endif
diff --git a/qemu/include/crypto/hash.h b/qemu/include/crypto/hash.h
deleted file mode 100644
index f38caed66..000000000
--- a/qemu/include/crypto/hash.h
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * QEMU Crypto hash algorithms
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_HASH_H__
-#define QCRYPTO_HASH_H__
-
-#include "qapi-types.h"
-
-/* See also "QCryptoHashAlgorithm" defined in qapi/crypto.json */
-
-/**
- * qcrypto_hash_supports:
- * @alg: the hash algorithm
- *
- * Determine if @alg hash algorithm is supported by the
- * current configured build.
- *
- * Returns: true if the algorithm is supported, false otherwise
- */
-gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg);
-
-
-/**
- * qcrypto_hash_digest_len:
- * @alg: the hash algorithm
- *
- * Determine the size of the hash digest in bytes
- *
- * Returns: the digest length in bytes
- */
-size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg);
-
-/**
- * qcrypto_hash_bytesv:
- * @alg: the hash algorithm
- * @iov: the array of memory regions to hash
- * @niov: the length of @iov
- * @result: pointer to hold output hash
- * @resultlen: pointer to hold length of @result
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory regions
- * present in @iov. The @result pointer will be
- * filled with raw bytes representing the computed
- * hash, which will have length @resultlen. The
- * memory pointer in @result must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp);
-
-/**
- * qcrypto_hash_bytes:
- * @alg: the hash algorithm
- * @buf: the memory region to hash
- * @len: the length of @buf
- * @result: pointer to hold output hash
- * @resultlen: pointer to hold length of @result
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory region
- * @buf of length @len. The @result pointer will be
- * filled with raw bytes representing the computed
- * hash, which will have length @resultlen. The
- * memory pointer in @result must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_bytes(QCryptoHashAlgorithm alg,
- const char *buf,
- size_t len,
- uint8_t **result,
- size_t *resultlen,
- Error **errp);
-
-/**
- * qcrypto_hash_digestv:
- * @alg: the hash algorithm
- * @iov: the array of memory regions to hash
- * @niov: the length of @iov
- * @digest: pointer to hold output hash
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory regions
- * present in @iov. The @digest pointer will be
- * filled with the printable hex digest of the computed
- * hash, which will be terminated by '\0'. The
- * memory pointer in @digest must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_digestv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- char **digest,
- Error **errp);
-
-/**
- * qcrypto_hash_digest:
- * @alg: the hash algorithm
- * @buf: the memory region to hash
- * @len: the length of @buf
- * @digest: pointer to hold output hash
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory region
- * @buf of length @len. The @digest pointer will be
- * filled with the printable hex digest of the computed
- * hash, which will be terminated by '\0'. The
- * memory pointer in @digest must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_digest(QCryptoHashAlgorithm alg,
- const char *buf,
- size_t len,
- char **digest,
- Error **errp);
-
-/**
- * qcrypto_hash_base64v:
- * @alg: the hash algorithm
- * @iov: the array of memory regions to hash
- * @niov: the length of @iov
- * @base64: pointer to hold output hash
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory regions
- * present in @iov. The @base64 pointer will be
- * filled with the base64 encoding of the computed
- * hash, which will be terminated by '\0'. The
- * memory pointer in @base64 must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_base64v(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- char **base64,
- Error **errp);
-
-/**
- * qcrypto_hash_base64:
- * @alg: the hash algorithm
- * @buf: the memory region to hash
- * @len: the length of @buf
- * @base64: pointer to hold output hash
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hash across all the memory region
- * @buf of length @len. The @base64 pointer will be
- * filled with the base64 encoding of the computed
- * hash, which will be terminated by '\0'. The
- * memory pointer in @base64 must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hash_base64(QCryptoHashAlgorithm alg,
- const char *buf,
- size_t len,
- char **base64,
- Error **errp);
-
-#endif /* QCRYPTO_HASH_H__ */
diff --git a/qemu/include/crypto/init.h b/qemu/include/crypto/init.h
deleted file mode 100644
index 2513ed098..000000000
--- a/qemu/include/crypto/init.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * QEMU Crypto initialization
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_INIT_H__
-#define QCRYPTO_INIT_H__
-
-int qcrypto_init(Error **errp);
-
-#endif /* QCRYPTO_INIT_H__ */
diff --git a/qemu/include/crypto/ivgen.h b/qemu/include/crypto/ivgen.h
deleted file mode 100644
index 09cdb6fcd..000000000
--- a/qemu/include/crypto/ivgen.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * QEMU Crypto block IV generator
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_IVGEN_H__
-#define QCRYPTO_IVGEN_H__
-
-#include "crypto/cipher.h"
-#include "crypto/hash.h"
-
-/**
- * This module provides a framework for generating initialization
- * vectors for block encryption schemes using chained cipher modes
- * CBC. The principle is that each disk sector is assigned a unique
- * initialization vector for use for encryption of data in that
- * sector.
- *
- * <example>
- * <title>Encrypting block data with initialiation vectors</title>
- * <programlisting>
- * uint8_t *data = ....data to encrypt...
- * size_t ndata = XXX;
- * uint8_t *key = ....some encryption key...
- * size_t nkey = XXX;
- * uint8_t *iv;
- * size_t niv;
- * size_t sector = 0;
- *
- * g_assert((ndata % 512) == 0);
- *
- * QCryptoIVGen *ivgen = qcrypto_ivgen_new(QCRYPTO_IVGEN_ALG_ESSIV,
- * QCRYPTO_CIPHER_ALG_AES_128,
- * QCRYPTO_HASH_ALG_SHA256,
- * key, nkey, errp);
- * if (!ivgen) {
- * return -1;
- * }
- *
- * QCryptoCipher *cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
- * QCRYPTO_CIPHER_MODE_CBC,
- * key, nkey, errp);
- * if (!cipher) {
- * goto error;
- * }
- *
- * niv = qcrypto_cipher_get_iv_len(QCRYPTO_CIPHER_ALG_AES_128,
- * QCRYPTO_CIPHER_MODE_CBC);
- * iv = g_new0(uint8_t, niv);
- *
- *
- * while (ndata) {
- * if (qcrypto_ivgen_calculate(ivgen, sector, iv, niv, errp) < 0) {
- * goto error;
- * }
- * if (qcrypto_cipher_setiv(cipher, iv, niv, errp) < 0) {
- * goto error;
- * }
- * if (qcrypto_cipher_encrypt(cipher,
- * data + (sector * 512),
- * data + (sector * 512),
- * 512, errp) < 0) {
- * goto error;
- * }
- * sector++;
- * ndata -= 512;
- * }
- *
- * g_free(iv);
- * qcrypto_ivgen_free(ivgen);
- * qcrypto_cipher_free(cipher);
- * return 0;
- *
- *error:
- * g_free(iv);
- * qcrypto_ivgen_free(ivgen);
- * qcrypto_cipher_free(cipher);
- * return -1;
- * </programlisting>
- * </example>
- */
-
-typedef struct QCryptoIVGen QCryptoIVGen;
-
-/* See also QCryptoIVGenAlgorithm enum in qapi/crypto.json */
-
-
-/**
- * qcrypto_ivgen_new:
- * @alg: the initialization vector generation algorithm
- * @cipheralg: the cipher algorithm or 0
- * @hash: the hash algorithm or 0
- * @key: the encryption key or NULL
- * @nkey: the size of @key in bytes
- *
- * Create a new initialization vector generator that uses
- * the algorithm @alg. Whether the remaining parameters
- * are required or not depends on the choice of @alg
- * requested.
- *
- * - QCRYPTO_IVGEN_ALG_PLAIN
- *
- * The IVs are generated by the 32-bit truncated sector
- * number. This should never be used for block devices
- * that are larger than 2^32 sectors in size.
- * All the other parameters are unused.
- *
- * - QCRYPTO_IVGEN_ALG_PLAIN64
- *
- * The IVs are generated by the 64-bit sector number.
- * All the other parameters are unused.
- *
- * - QCRYPTO_IVGEN_ALG_ESSIV:
- *
- * The IVs are generated by encrypting the 64-bit sector
- * number with a hash of an encryption key. The @cipheralg,
- * @hash, @key and @nkey parameters are all required.
- *
- * Returns: a new IV generator, or NULL on error
- */
-QCryptoIVGen *qcrypto_ivgen_new(QCryptoIVGenAlgorithm alg,
- QCryptoCipherAlgorithm cipheralg,
- QCryptoHashAlgorithm hash,
- const uint8_t *key, size_t nkey,
- Error **errp);
-
-/**
- * qcrypto_ivgen_calculate:
- * @ivgen: the IV generator object
- * @sector: the 64-bit sector number
- * @iv: a pre-allocated buffer to hold the generated IV
- * @niv: the number of bytes in @iv
- * @errp: pointer to a NULL-initialized error object
- *
- * Calculate a new initialiation vector for the data
- * to be stored in sector @sector. The IV will be
- * written into the buffer @iv of size @niv.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_ivgen_calculate(QCryptoIVGen *ivgen,
- uint64_t sector,
- uint8_t *iv, size_t niv,
- Error **errp);
-
-
-/**
- * qcrypto_ivgen_get_algorithm:
- * @ivgen: the IV generator object
- *
- * Get the algorithm used by this IV generator
- *
- * Returns: the IV generator algorithm
- */
-QCryptoIVGenAlgorithm qcrypto_ivgen_get_algorithm(QCryptoIVGen *ivgen);
-
-
-/**
- * qcrypto_ivgen_get_cipher:
- * @ivgen: the IV generator object
- *
- * Get the cipher algorithm used by this IV generator (if
- * applicable)
- *
- * Returns: the cipher algorithm
- */
-QCryptoCipherAlgorithm qcrypto_ivgen_get_cipher(QCryptoIVGen *ivgen);
-
-
-/**
- * qcrypto_ivgen_get_hash:
- * @ivgen: the IV generator object
- *
- * Get the hash algorithm used by this IV generator (if
- * applicable)
- *
- * Returns: the hash algorithm
- */
-QCryptoHashAlgorithm qcrypto_ivgen_get_hash(QCryptoIVGen *ivgen);
-
-
-/**
- * qcrypto_ivgen_free:
- * @ivgen: the IV generator object
- *
- * Release all resources associated with @ivgen, or a no-op
- * if @ivgen is NULL
- */
-void qcrypto_ivgen_free(QCryptoIVGen *ivgen);
-
-#endif /* QCRYPTO_IVGEN_H__ */
diff --git a/qemu/include/crypto/pbkdf.h b/qemu/include/crypto/pbkdf.h
deleted file mode 100644
index 58a1fe62a..000000000
--- a/qemu/include/crypto/pbkdf.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_PBKDF_H__
-#define QCRYPTO_PBKDF_H__
-
-#include "crypto/hash.h"
-
-/**
- * This module provides an interface to the PBKDF2 algorithm
- *
- * https://en.wikipedia.org/wiki/PBKDF2
- *
- * <example>
- * <title>Generating an AES encryption key from a user password</title>
- * <programlisting>
- * #include "crypto/cipher.h"
- * #include "crypto/random.h"
- * #include "crypto/pbkdf.h"
- *
- * ....
- *
- * char *password = "a-typical-awful-user-password";
- * size_t nkey = qcrypto_cipher_get_key_len(QCRYPTO_CIPHER_ALG_AES_128);
- * uint8_t *salt = g_new0(uint8_t, nkey);
- * uint8_t *key = g_new0(uint8_t, nkey);
- * int iterations;
- * QCryptoCipher *cipher;
- *
- * if (qcrypto_random_bytes(salt, nkey, errp) < 0) {
- * g_free(key);
- * g_free(salt);
- * return -1;
- * }
- *
- * iterations = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256,
- * (const uint8_t *)password,
- * strlen(password),
- * salt, nkey, errp);
- * if (iterations < 0) {
- * g_free(key);
- * g_free(salt);
- * return -1;
- * }
- *
- * if (qcrypto_pbkdf2(QCRYPTO_HASH_ALG_SHA256,
- * (const uint8_t *)password, strlen(password),
- * salt, nkey, iterations, key, nkey, errp) < 0) {
- * g_free(key);
- * g_free(salt);
- * return -1;
- * }
- *
- * g_free(salt);
- *
- * cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
- * QCRYPTO_CIPHER_MODE_ECB,
- * key, nkey, errp);
- * g_free(key);
- *
- * ....encrypt some data...
- *
- * qcrypto_cipher_free(cipher);
- * </programlisting>
- * </example>
- *
- */
-
-/**
- * qcrypto_pbkdf2_supports:
- * @hash: the hash algorithm
- *
- * Determine if the current build supports the PBKDF2 algorithm
- * in combination with the hash @hash.
- *
- * Returns true if supported, false otherwise
- */
-bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash);
-
-
-/**
- * qcrypto_pbkdf2:
- * @hash: the hash algorithm to use
- * @key: the user password / key
- * @nkey: the length of @key in bytes
- * @salt: a random salt
- * @nsalt: length of @salt in bytes
- * @iterations: the number of iterations to compute
- * @out: pointer to pre-allocated buffer to hold output
- * @nout: length of @out in bytes
- * @errp: pointer to a NULL-initialized error object
- *
- * Apply the PBKDF2 algorithm to derive an encryption
- * key from a user password provided in @key. The
- * @salt parameter is used to perturb the algorithm.
- * The @iterations count determines how many times
- * the hashing process is run, which influences how
- * hard it is to crack the key. The number of @iterations
- * should be large enough such that the algorithm takes
- * 1 second or longer to derive a key. The derived key
- * will be stored in the preallocated buffer @out.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
- const uint8_t *key, size_t nkey,
- const uint8_t *salt, size_t nsalt,
- unsigned int iterations,
- uint8_t *out, size_t nout,
- Error **errp);
-
-/**
- * qcrypto_pbkdf2_count_iters:
- * @hash: the hash algorithm to use
- * @key: the user password / key
- * @nkey: the length of @key in bytes
- * @salt: a random salt
- * @nsalt: length of @salt in bytes
- * @errp: pointer to a NULL-initialized error object
- *
- * Time the PBKDF2 algorithm to determine how many
- * iterations are required to derive an encryption
- * key from a user password provided in @key in 1
- * second of compute time. The result of this can
- * be used as a the @iterations parameter of a later
- * call to qcrypto_pbkdf2().
- *
- * Returns: number of iterations in 1 second, -1 on error
- */
-int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
- const uint8_t *key, size_t nkey,
- const uint8_t *salt, size_t nsalt,
- Error **errp);
-
-#endif /* QCRYPTO_PBKDF_H__ */
diff --git a/qemu/include/crypto/random.h b/qemu/include/crypto/random.h
deleted file mode 100644
index b3021c4ce..000000000
--- a/qemu/include/crypto/random.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * QEMU Crypto random number provider
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_RANDOM_H__
-#define QCRYPTO_RANDOM_H__
-
-#include "qemu-common.h"
-#include "qapi/error.h"
-
-
-/**
- * qcrypto_random_bytes:
- * @buf: the buffer to fill
- * @buflen: length of @buf in bytes
- * @errp: pointer to a NULL-initialized error object
- *
- * Fill @buf with @buflen bytes of cryptographically strong
- * random data
- *
- * Returns 0 on sucess, -1 on error
- */
-int qcrypto_random_bytes(uint8_t *buf,
- size_t buflen,
- Error **errp);
-
-
-#endif /* QCRYPTO_RANDOM_H__ */
diff --git a/qemu/include/crypto/secret.h b/qemu/include/crypto/secret.h
deleted file mode 100644
index b7392c6ba..000000000
--- a/qemu/include/crypto/secret.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * QEMU crypto secret support
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_SECRET_H__
-#define QCRYPTO_SECRET_H__
-
-#include "qom/object.h"
-
-#define TYPE_QCRYPTO_SECRET "secret"
-#define QCRYPTO_SECRET(obj) \
- OBJECT_CHECK(QCryptoSecret, (obj), TYPE_QCRYPTO_SECRET)
-
-typedef struct QCryptoSecret QCryptoSecret;
-typedef struct QCryptoSecretClass QCryptoSecretClass;
-
-/**
- * QCryptoSecret:
- *
- * The QCryptoSecret object provides storage of secrets,
- * which may be user passwords, encryption keys or any
- * other kind of sensitive data that is represented as
- * a sequence of bytes.
- *
- * The sensitive data associated with the secret can
- * be provided directly via the 'data' property, or
- * indirectly via the 'file' property. In the latter
- * case there is support for file descriptor passing
- * via the usual /dev/fdset/NN syntax that QEMU uses.
- *
- * The data for a secret can be provided in two formats,
- * either as a UTF-8 string (the default), or as base64
- * encoded 8-bit binary data. The latter is appropriate
- * for raw encryption keys, while the former is appropriate
- * for user entered passwords.
- *
- * The data may be optionally encrypted with AES-256-CBC,
- * and the decryption key provided by another
- * QCryptoSecret instance identified by the 'keyid'
- * property. When passing sensitive data directly
- * via the 'data' property it is strongly recommended
- * to use the AES encryption facility to prevent the
- * sensitive data being exposed in the process listing
- * or system log files.
- *
- * Providing data directly, insecurely (suitable for
- * ad hoc developer testing only)
- *
- * $QEMU -object secret,id=sec0,data=letmein
- *
- * Providing data indirectly:
- *
- * # printf "letmein" > password.txt
- * # $QEMU \
- * -object secret,id=sec0,file=password.txt
- *
- * Using a master encryption key with data.
- *
- * The master key needs to be created as 32 secure
- * random bytes (optionally base64 encoded)
- *
- * # openssl rand -base64 32 > key.b64
- * # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"')
- *
- * Each secret to be encrypted needs to have a random
- * initialization vector generated. These do not need
- * to be kept secret
- *
- * # openssl rand -base64 16 > iv.b64
- * # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"')
- *
- * A secret to be defined can now be encrypted
- *
- * # SECRET=$(printf "letmein" |
- * openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
- *
- * When launching QEMU, create a master secret pointing
- * to key.b64 and specify that to be used to decrypt
- * the user password
- *
- * # $QEMU \
- * -object secret,id=secmaster0,format=base64,file=key.b64 \
- * -object secret,id=sec0,keyid=secmaster0,format=base64,\
- * data=$SECRET,iv=$(<iv.b64)
- *
- * When encrypting, the data can still be provided via an
- * external file, in which case it is possible to use either
- * raw binary data, or base64 encoded. This example uses
- * raw format
- *
- * # printf "letmein" |
- * openssl enc -aes-256-cbc -K $KEY -iv $IV -o pw.aes
- * # $QEMU \
- * -object secret,id=secmaster0,format=base64,file=key.b64 \
- * -object secret,id=sec0,keyid=secmaster0,\
- * file=pw.aes,iv=$(<iv.b64)
- *
- * Note that the ciphertext can be in either raw or base64
- * format, as indicated by the 'format' parameter, but the
- * plaintext resulting from decryption is expected to always
- * be in raw format.
- */
-
-struct QCryptoSecret {
- Object parent_obj;
- uint8_t *rawdata;
- size_t rawlen;
- QCryptoSecretFormat format;
- char *data;
- char *file;
- char *keyid;
- char *iv;
-};
-
-
-struct QCryptoSecretClass {
- ObjectClass parent_class;
-};
-
-
-extern int qcrypto_secret_lookup(const char *secretid,
- uint8_t **data,
- size_t *datalen,
- Error **errp);
-extern char *qcrypto_secret_lookup_as_utf8(const char *secretid,
- Error **errp);
-extern char *qcrypto_secret_lookup_as_base64(const char *secretid,
- Error **errp);
-
-#endif /* QCRYPTO_SECRET_H__ */
diff --git a/qemu/include/crypto/tlscreds.h b/qemu/include/crypto/tlscreds.h
deleted file mode 100644
index 8e2babd53..000000000
--- a/qemu/include/crypto/tlscreds.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * QEMU crypto TLS credential support
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_TLSCRED_H__
-#define QCRYPTO_TLSCRED_H__
-
-#include "qom/object.h"
-
-#ifdef CONFIG_GNUTLS
-#include <gnutls/gnutls.h>
-#endif
-
-#define TYPE_QCRYPTO_TLS_CREDS "tls-creds"
-#define QCRYPTO_TLS_CREDS(obj) \
- OBJECT_CHECK(QCryptoTLSCreds, (obj), TYPE_QCRYPTO_TLS_CREDS)
-
-typedef struct QCryptoTLSCreds QCryptoTLSCreds;
-typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass;
-
-#define QCRYPTO_TLS_CREDS_DH_PARAMS "dh-params.pem"
-
-
-/**
- * QCryptoTLSCreds:
- *
- * The QCryptoTLSCreds object is an abstract base for different
- * types of TLS handshake credentials. Most commonly the
- * QCryptoTLSCredsX509 subclass will be used to provide x509
- * certificate credentials.
- */
-
-struct QCryptoTLSCreds {
- Object parent_obj;
- char *dir;
- QCryptoTLSCredsEndpoint endpoint;
-#ifdef CONFIG_GNUTLS
- gnutls_dh_params_t dh_params;
-#endif
- bool verifyPeer;
-};
-
-
-struct QCryptoTLSCredsClass {
- ObjectClass parent_class;
-};
-
-
-#endif /* QCRYPTO_TLSCRED_H__ */
-
diff --git a/qemu/include/crypto/tlscredsanon.h b/qemu/include/crypto/tlscredsanon.h
deleted file mode 100644
index d3976b84b..000000000
--- a/qemu/include/crypto/tlscredsanon.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * QEMU crypto TLS anonymous credential support
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_TLSCRED_ANON_H__
-#define QCRYPTO_TLSCRED_ANON_H__
-
-#include "crypto/tlscreds.h"
-
-#define TYPE_QCRYPTO_TLS_CREDS_ANON "tls-creds-anon"
-#define QCRYPTO_TLS_CREDS_ANON(obj) \
- OBJECT_CHECK(QCryptoTLSCredsAnon, (obj), TYPE_QCRYPTO_TLS_CREDS_ANON)
-
-
-typedef struct QCryptoTLSCredsAnon QCryptoTLSCredsAnon;
-typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsAnonClass;
-
-/**
- * QCryptoTLSCredsAnon:
- *
- * The QCryptoTLSCredsAnon object provides a representation
- * of anonymous credentials used perform a TLS handshake.
- * This is primarily provided for backwards compatibility and
- * its use is discouraged as it has poor security characteristics
- * due to lacking MITM attack protection amongst other problems.
- *
- * This is a user creatable object, which can be instantiated
- * via object_new_propv():
- *
- * <example>
- * <title>Creating anonymous TLS credential objects in code</title>
- * <programlisting>
- * Object *obj;
- * Error *err = NULL;
- * obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_ANON,
- * "tlscreds0",
- * &err,
- * "endpoint", "server",
- * "dir", "/path/x509/cert/dir",
- * "verify-peer", "yes",
- * NULL);
- * </programlisting>
- * </example>
- *
- * Or via QMP:
- *
- * <example>
- * <title>Creating anonymous TLS credential objects via QMP</title>
- * <programlisting>
- * {
- * "execute": "object-add", "arguments": {
- * "id": "tlscreds0",
- * "qom-type": "tls-creds-anon",
- * "props": {
- * "endpoint": "server",
- * "dir": "/path/to/x509/cert/dir",
- * "verify-peer": false
- * }
- * }
- * }
- * </programlisting>
- * </example>
- *
- *
- * Or via the CLI:
- *
- * <example>
- * <title>Creating anonymous TLS credential objects via CLI</title>
- * <programlisting>
- * qemu-system-x86_64 -object tls-creds-anon,id=tlscreds0,\
- * endpoint=server,verify-peer=off,\
- * dir=/path/to/x509/certdir/
- * </programlisting>
- * </example>
- *
- */
-
-
-struct QCryptoTLSCredsAnon {
- QCryptoTLSCreds parent_obj;
-#ifdef CONFIG_GNUTLS
- union {
- gnutls_anon_server_credentials_t server;
- gnutls_anon_client_credentials_t client;
- } data;
-#endif
-};
-
-
-struct QCryptoTLSCredsAnonClass {
- QCryptoTLSCredsClass parent_class;
-};
-
-
-#endif /* QCRYPTO_TLSCRED_H__ */
-
diff --git a/qemu/include/crypto/tlscredsx509.h b/qemu/include/crypto/tlscredsx509.h
deleted file mode 100644
index 25796d7de..000000000
--- a/qemu/include/crypto/tlscredsx509.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * QEMU crypto TLS x509 credential support
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_TLSCRED_X509_H__
-#define QCRYPTO_TLSCRED_X509_H__
-
-#include "crypto/tlscreds.h"
-
-#define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509"
-#define QCRYPTO_TLS_CREDS_X509(obj) \
- OBJECT_CHECK(QCryptoTLSCredsX509, (obj), TYPE_QCRYPTO_TLS_CREDS_X509)
-
-typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509;
-typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class;
-
-#define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
-#define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
-#define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
-#define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
-#define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
-#define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
-
-
-/**
- * QCryptoTLSCredsX509:
- *
- * The QCryptoTLSCredsX509 object provides a representation
- * of x509 credentials used to perform a TLS handshake.
- *
- * This is a user creatable object, which can be instantiated
- * via object_new_propv():
- *
- * <example>
- * <title>Creating x509 TLS credential objects in code</title>
- * <programlisting>
- * Object *obj;
- * Error *err = NULL;
- * obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509,
- * "tlscreds0",
- * &err,
- * "endpoint", "server",
- * "dir", "/path/x509/cert/dir",
- * "verify-peer", "yes",
- * NULL);
- * </programlisting>
- * </example>
- *
- * Or via QMP:
- *
- * <example>
- * <title>Creating x509 TLS credential objects via QMP</title>
- * <programlisting>
- * {
- * "execute": "object-add", "arguments": {
- * "id": "tlscreds0",
- * "qom-type": "tls-creds-x509",
- * "props": {
- * "endpoint": "server",
- * "dir": "/path/to/x509/cert/dir",
- * "verify-peer": false
- * }
- * }
- * }
- * </programlisting>
- * </example>
- *
- *
- * Or via the CLI:
- *
- * <example>
- * <title>Creating x509 TLS credential objects via CLI</title>
- * <programlisting>
- * qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\
- * endpoint=server,verify-peer=off,\
- * dir=/path/to/x509/certdir/
- * </programlisting>
- * </example>
- *
- */
-
-struct QCryptoTLSCredsX509 {
- QCryptoTLSCreds parent_obj;
-#ifdef CONFIG_GNUTLS
- gnutls_certificate_credentials_t data;
-#endif
- bool sanityCheck;
- char *passwordid;
-};
-
-
-struct QCryptoTLSCredsX509Class {
- QCryptoTLSCredsClass parent_class;
-};
-
-
-#endif /* QCRYPTO_TLSCRED_X509_H__ */
-
diff --git a/qemu/include/crypto/tlssession.h b/qemu/include/crypto/tlssession.h
deleted file mode 100644
index c1bad9e4f..000000000
--- a/qemu/include/crypto/tlssession.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * QEMU crypto TLS session support
- *
- * Copyright (c) 2015 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#ifndef QCRYPTO_TLS_SESSION_H__
-#define QCRYPTO_TLS_SESSION_H__
-
-#include "crypto/tlscreds.h"
-
-/**
- * QCryptoTLSSession:
- *
- * The QCryptoTLSSession object encapsulates the
- * logic to integrate with a TLS providing library such
- * as GNUTLS, to setup and run TLS sessions.
- *
- * The API is designed such that it has no assumption about
- * the type of transport it is running over. It may be a
- * traditional TCP socket, or something else entirely. The
- * only requirement is a full-duplex stream of some kind.
- *
- * <example>
- * <title>Using TLS session objects</title>
- * <programlisting>
- * static ssize_t mysock_send(const char *buf, size_t len,
- * void *opaque)
- * {
- * int fd = GPOINTER_TO_INT(opaque);
- *
- * return write(*fd, buf, len);
- * }
- *
- * static ssize_t mysock_recv(const char *buf, size_t len,
- * void *opaque)
- * {
- * int fd = GPOINTER_TO_INT(opaque);
- *
- * return read(*fd, buf, len);
- * }
- *
- * static int mysock_run_tls(int sockfd,
- * QCryptoTLSCreds *creds,
- * Error *errp)
- * {
- * QCryptoTLSSession *sess;
- *
- * sess = qcrypto_tls_session_new(creds,
- * "vnc.example.com",
- * NULL,
- * QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT,
- * errp);
- * if (sess == NULL) {
- * return -1;
- * }
- *
- * qcrypto_tls_session_set_callbacks(sess,
- * mysock_send,
- * mysock_recv
- * GINT_TO_POINTER(fd));
- *
- * while (1) {
- * if (qcrypto_tls_session_handshake(sess, errp) < 0) {
- * qcrypto_tls_session_free(sess);
- * return -1;
- * }
- *
- * switch(qcrypto_tls_session_get_handshake_status(sess)) {
- * case QCRYPTO_TLS_HANDSHAKE_COMPLETE:
- * if (qcrypto_tls_session_check_credentials(sess, errp) < )) {
- * qcrypto_tls_session_free(sess);
- * return -1;
- * }
- * goto done;
- * case QCRYPTO_TLS_HANDSHAKE_RECVING:
- * ...wait for GIO_IN event on fd...
- * break;
- * case QCRYPTO_TLS_HANDSHAKE_SENDING:
- * ...wait for GIO_OUT event on fd...
- * break;
- * }
- * }
- * done:
- *
- * ....send/recv payload data on sess...
- *
- * qcrypto_tls_session_free(sess):
- * }
- * </programlisting>
- * </example>
- */
-
-typedef struct QCryptoTLSSession QCryptoTLSSession;
-
-
-/**
- * qcrypto_tls_session_new:
- * @creds: pointer to a TLS credentials object
- * @hostname: optional hostname to validate
- * @aclname: optional ACL to validate peer credentials against
- * @endpoint: role of the TLS session, client or server
- * @errp: pointer to a NULL-initialized error object
- *
- * Create a new TLS session object that will be used to
- * negotiate a TLS session over an arbitrary data channel.
- * The session object can operate as either the server or
- * client, according to the value of the @endpoint argument.
- *
- * For clients, the @hostname parameter should hold the full
- * unmodified hostname as requested by the user. This will
- * be used to verify the against the hostname reported in
- * the server's credentials (aka x509 certificate).
- *
- * The @aclname parameter (optionally) specifies the name
- * of an access control list that will be used to validate
- * the peer's credentials. For x509 credentials, the ACL
- * will be matched against the CommonName shown in the peer's
- * certificate. If the session is acting as a server, setting
- * an ACL will require that the client provide a validate
- * x509 client certificate.
- *
- * After creating the session object, the I/O callbacks
- * must be set using the qcrypto_tls_session_set_callbacks()
- * method. A TLS handshake sequence must then be completed
- * using qcrypto_tls_session_handshake(), before payload
- * data is permitted to be sent/received.
- *
- * The session object must be released by calling
- * qcrypto_tls_session_free() when no longer required
- *
- * Returns: a TLS session object, or NULL on error.
- */
-QCryptoTLSSession *qcrypto_tls_session_new(QCryptoTLSCreds *creds,
- const char *hostname,
- const char *aclname,
- QCryptoTLSCredsEndpoint endpoint,
- Error **errp);
-
-/**
- * qcrypto_tls_session_free:
- * @sess: the TLS session object
- *
- * Release all memory associated with the TLS session
- * object previously allocated by qcrypto_tls_session_new()
- */
-void qcrypto_tls_session_free(QCryptoTLSSession *sess);
-
-/**
- * qcrypto_tls_session_check_credentials:
- * @sess: the TLS session object
- * @errp: pointer to a NULL-initialized error object
- *
- * Validate the peer's credentials after a successful
- * TLS handshake. It is an error to call this before
- * qcrypto_tls_session_get_handshake_status() returns
- * QCRYPTO_TLS_HANDSHAKE_COMPLETE
- *
- * Returns 0 if the credentials validated, -1 on error
- */
-int qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess,
- Error **errp);
-
-typedef ssize_t (*QCryptoTLSSessionWriteFunc)(const char *buf,
- size_t len,
- void *opaque);
-typedef ssize_t (*QCryptoTLSSessionReadFunc)(char *buf,
- size_t len,
- void *opaque);
-
-/**
- * qcrypto_tls_session_set_callbacks:
- * @sess: the TLS session object
- * @writeFunc: callback for sending data
- * @readFunc: callback to receiving data
- * @opaque: data to pass to callbacks
- *
- * Sets the callback functions that are to be used for sending
- * and receiving data on the underlying data channel. Typically
- * the callbacks to write/read to/from a TCP socket, but there
- * is no assumption made about the type of channel used.
- *
- * The @writeFunc callback will be passed the encrypted
- * data to send to the remote peer.
- *
- * The @readFunc callback will be passed a pointer to fill
- * with encrypted data received from the remote peer
- */
-void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess,
- QCryptoTLSSessionWriteFunc writeFunc,
- QCryptoTLSSessionReadFunc readFunc,
- void *opaque);
-
-/**
- * qcrypto_tls_session_write:
- * @sess: the TLS session object
- * @buf: the plain text to send
- * @len: the length of @buf
- *
- * Encrypt @len bytes of the data in @buf and send
- * it to the remote peer using the callback previously
- * registered with qcrypto_tls_session_set_callbacks()
- *
- * It is an error to call this before
- * qcrypto_tls_session_get_handshake_status() returns
- * QCRYPTO_TLS_HANDSHAKE_COMPLETE
- *
- * Returns: the number of bytes sent, or -1 on error
- */
-ssize_t qcrypto_tls_session_write(QCryptoTLSSession *sess,
- const char *buf,
- size_t len);
-
-/**
- * qcrypto_tls_session_read:
- * @sess: the TLS session object
- * @buf: to fill with plain text received
- * @len: the length of @buf
- *
- * Receive up to @len bytes of data from the remote peer
- * using the callback previously registered with
- * qcrypto_tls_session_set_callbacks(), decrypt it and
- * store it in @buf.
- *
- * It is an error to call this before
- * qcrypto_tls_session_get_handshake_status() returns
- * QCRYPTO_TLS_HANDSHAKE_COMPLETE
- *
- * Returns: the number of bytes received, or -1 on error
- */
-ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess,
- char *buf,
- size_t len);
-
-/**
- * qcrypto_tls_session_handshake:
- * @sess: the TLS session object
- * @errp: pointer to a NULL-initialized error object
- *
- * Start, or continue, a TLS handshake sequence. If
- * the underlying data channel is non-blocking, then
- * this method may return control before the handshake
- * is complete. On non-blocking channels the
- * qcrypto_tls_session_get_handshake_status() method
- * should be used to determine whether the handshake
- * has completed, or is waiting to send or receive
- * data. In the latter cases, the caller should setup
- * an event loop watch and call this method again
- * once the underlying data channel is ready to read
- * or write again
- */
-int qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
- Error **errp);
-
-typedef enum {
- QCRYPTO_TLS_HANDSHAKE_COMPLETE,
- QCRYPTO_TLS_HANDSHAKE_SENDING,
- QCRYPTO_TLS_HANDSHAKE_RECVING,
-} QCryptoTLSSessionHandshakeStatus;
-
-/**
- * qcrypto_tls_session_get_handshake_status:
- * @sess: the TLS session object
- *
- * Check the status of the TLS handshake. This
- * is used with non-blocking data channels to
- * determine whether the handshake is waiting
- * to send or receive further data to/from the
- * remote peer.
- *
- * Once this returns QCRYPTO_TLS_HANDSHAKE_COMPLETE
- * it is permitted to send/receive payload data on
- * the channel
- */
-QCryptoTLSSessionHandshakeStatus
-qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess);
-
-/**
- * qcrypto_tls_session_get_key_size:
- * @sess: the TLS session object
- * @errp: pointer to a NULL-initialized error object
- *
- * Check the size of the data channel encryption key
- *
- * Returns: the length in bytes of the encryption key
- * or -1 on error
- */
-int qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
- Error **errp);
-
-/**
- * qcrypto_tls_session_get_peer_name:
- * @sess: the TLS session object
- *
- * Get the identified name of the remote peer. If the
- * TLS session was negotiated using x509 certificate
- * credentials, this will return the CommonName from
- * the peer's certificate. If no identified name is
- * available it will return NULL.
- *
- * The returned data must be released with g_free()
- * when no longer required.
- *
- * Returns: the peer's name or NULL.
- */
-char *qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess);
-
-#endif /* QCRYPTO_TLS_SESSION_H__ */
diff --git a/qemu/include/crypto/xts.h b/qemu/include/crypto/xts.h
deleted file mode 100644
index c2924d8ba..000000000
--- a/qemu/include/crypto/xts.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * QEMU Crypto XTS cipher mode
- *
- * Copyright (c) 2015-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- * This code is originally derived from public domain / WTFPL code in
- * LibTomCrypt crytographic library http://libtom.org. The XTS code
- * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
- * to the LibTom Projects
- *
- */
-
-
-#ifndef QCRYPTO_XTS_H_
-#define QCRYPTO_XTS_H_
-
-#include "qemu-common.h"
-#include "qapi/error.h"
-
-
-#define XTS_BLOCK_SIZE 16
-
-typedef void xts_cipher_func(const void *ctx,
- size_t length,
- uint8_t *dst,
- const uint8_t *src);
-
-/**
- * xts_decrypt:
- * @datactx: the cipher context for data decryption
- * @tweakctx: the cipher context for tweak decryption
- * @encfunc: the cipher function for encryption
- * @decfunc: the cipher function for decryption
- * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes
- * @length: the length of @dst and @src
- * @dst: buffer to hold the decrypted plaintext
- * @src: buffer providing the ciphertext
- *
- * Decrypts @src into @dst
- */
-void xts_decrypt(const void *datactx,
- const void *tweakctx,
- xts_cipher_func *encfunc,
- xts_cipher_func *decfunc,
- uint8_t *iv,
- size_t length,
- uint8_t *dst,
- const uint8_t *src);
-
-/**
- * xts_decrypt:
- * @datactx: the cipher context for data encryption
- * @tweakctx: the cipher context for tweak encryption
- * @encfunc: the cipher function for encryption
- * @decfunc: the cipher function for decryption
- * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes
- * @length: the length of @dst and @src
- * @dst: buffer to hold the encrypted ciphertext
- * @src: buffer providing the plaintext
- *
- * Decrypts @src into @dst
- */
-void xts_encrypt(const void *datactx,
- const void *tweakctx,
- xts_cipher_func *encfunc,
- xts_cipher_func *decfunc,
- uint8_t *iv,
- size_t length,
- uint8_t *dst,
- const uint8_t *src);
-
-
-#endif /* QCRYPTO_XTS_H_ */