| #
e8ad8b99 |
| 02-May-2024 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
crypto: Remove 'crypto-tls-x509-helpers.h' from crypto-tls-psk-helpers.c
crypto-tls-psk-helpers.c doesn't access the declarations
of "crypto-tls-x509-helpers.h", remove the include line
to avoid whe
crypto: Remove 'crypto-tls-x509-helpers.h' from crypto-tls-psk-helpers.c
crypto-tls-psk-helpers.c doesn't access the declarations
of "crypto-tls-x509-helpers.h", remove the include line
to avoid when building with GNUTLS but without Libtasn1:
In file included from tests/unit/crypto-tls-psk-helpers.c:23:
tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error:
libtasn1.h: No such file or directory
26 | #include <libtasn1.h>
| ^~~~~~~~~~~~
compilation terminated.
Fixes: e1a6dc91dd ("crypto: Implement TLS Pre-Shared Keys (PSK).")
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
| #
f1018ea0 |
| 28-Sep-2022 |
Daniel P. Berrangé <berrange@redhat.com> |
tests: avoid DOS line endings in PSK file
Using FILE * APIs for writing the PSK file results in translation from
UNIX to DOS line endings on Windows. When the crypto PSK code later
loads the credent
tests: avoid DOS line endings in PSK file
Using FILE * APIs for writing the PSK file results in translation from
UNIX to DOS line endings on Windows. When the crypto PSK code later
loads the credentials the stray \r will result in failure to load the
PSK credentials into GNUTLS.
Rather than switching the FILE* APIs to open in binary format, just
switch to the more concise g_file_set_contents API.
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
| #
58d25e97 |
| 26-Apr-2022 |
Daniel P. Berrangé <berrange@redhat.com> |
tests: add migration tests of TLS with PSK credentials
This validates that we correctly handle migration success and failure
scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P.
tests: add migration tests of TLS with PSK credentials
This validates that we correctly handle migration success and failure
scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220426160048.812266-4-berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
show more ...
|
| #
a17ec44d |
| 10-Mar-2022 |
Daniel P. Berrangé <berrange@redhat.com> |
tests: improve error message when saving TLS PSK file fails
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-3-be
tests: improve error message when saving TLS PSK file fails
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-3-berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
show more ...
|
| #
4c1f23cf |
| 16-Jun-2021 |
Paolo Bonzini <pbonzini@redhat.com> |
tests: remove QCRYPTO_HAVE_TLS_TEST_SUPPORT
meson.build already decides whether it is possible to build the TLS
test suite. There is no need to include that in the source as well.
The dummy tests i
tests: remove QCRYPTO_HAVE_TLS_TEST_SUPPORT
meson.build already decides whether it is possible to build the TLS
test suite. There is no need to include that in the source as well.
The dummy tests in fact are broken because they do not produce valid
TAP output (empty output is rejected by scripts/tap-driver.pl).
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| #
da668aa1 |
| 10-Mar-2021 |
Thomas Huth <thuth@redhat.com> |
tests: Move unit tests into a separate directory
The main tests directory still looks very crowded, and it's not
clear which files are part of a unit tests and which belong to
a different test subsy
tests: Move unit tests into a separate directory
The main tests directory still looks very crowded, and it's not
clear which files are part of a unit tests and which belong to
a different test subsystem. Let's clean up the mess and move the
unit tests to a separate directory.
Message-Id: <20210310063314.1049838-1-thuth@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
| #
e1a6dc91 |
| 03-Jul-2018 |
Richard W.M. Jones <rjones@redhat.com> |
crypto: Implement TLS Pre-Shared Keys (PSK).
Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:
$ mkdir -m 0
crypto: Implement TLS Pre-Shared Keys (PSK).
Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:
$ mkdir -m 0700 /tmp/keys
$ psktool -u rjones -p /tmp/keys/keys.psk
$ cat /tmp/keys/keys.psk
rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc
The key can be secretly shared between clients and servers. Clients
must specify the directory containing the "keys.psk" file and a
username (defaults to "qemu"). Servers must specify only the
directory.
Example NBD client:
$ qemu-img info \
--object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \
--image-opts \
file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/
Example NBD server using qemu-nbd:
$ qemu-nbd -t -x / \
--object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \
--tls-creds tls0 \
image.qcow2
Example NBD server using nbdkit:
$ nbdkit -n -e / -fv \
--tls=on --tls-psk=/tmp/keys/keys.psk \
file file=disk.img
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|