From 993aec27aa39aa90f89f227d8f82cc1f8062386e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 11 Oct 2018 20:21:11 +0200 Subject: crypto: Add tls-cipher-suites object MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On the host OS, various aspects of TLS operation are configurable. In particular it is possible for the sysadmin to control the TLS cipher/protocol algorithms that applications are permitted to use. * Any given crypto library has a built-in default priority list defined by the distro maintainer of the library package (or by upstream). * The "crypto-policies" RPM (or equivalent host OS package) provides a config file such as "/etc/crypto-policies/config", where the sysadmin can set a high level (library-independent) policy. The "update-crypto-policies --set" command (or equivalent) is used to translate the global policy to individual library representations, producing files such as "/etc/crypto-policies/back-ends/*.config". The generated files, if present, are loaded by the various crypto libraries to override their own built-in defaults. For example, the GNUTLS library may read "/etc/crypto-policies/back-ends/gnutls.config". * A management application (or the QEMU user) may overide the system-wide crypto-policies config via their own config, if they need to diverge from the former. Thus the priority order is "QEMU user config" > "crypto-policies system config" > "library built-in config". Introduce the "tls-cipher-suites" object for exposing the ordered list of permitted TLS cipher suites from the host side to the guest firmware, via fw_cfg. The list is represented as an array of bytes. The priority at which the host-side policy is retrieved is given by the "priority" property of the new object type. For example, "priority=@SYSTEM" may be used to refer to "/etc/crypto-policies/back-ends/gnutls.config" (given that QEMU uses GNUTLS). The firmware uses the IANA_TLS_CIPHER array for configuring guest-side TLS, for example in UEFI HTTPS Boot. [Description from Daniel P. Berrangé, edited by Laszlo Ersek.] Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Acked-by: Laszlo Ersek Message-Id: <20200623172726.21040-2-philmd@redhat.com> --- qemu-options.hx | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index 196f468786..ecc4658e1f 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4567,6 +4567,25 @@ SRST string as described at https://gnutls.org/manual/html_node/Priority-Strings.html. + ``-object tls-cipher-suites,id=id,priority=priority`` + Creates a TLS cipher suites object, which can be used to control + the TLS cipher/protocol algorithms that applications are permitted + to use. + + The ``id`` parameter is a unique ID which frontends will use to + access the ordered list of permitted TLS cipher suites from the + host. + + The ``priority`` parameter allows to override the global default + priority used by gnutls. This can be useful if the system + administrator needs to use a weaker set of crypto priorities for + QEMU without potentially forcing the weakness onto all + applications. Or conversely if one wants wants a stronger + default for QEMU than for all other applications, they can do + this through this parameter. Its format is a gnutls priority + string as described at + https://gnutls.org/manual/html_node/Priority-Strings.html. + ``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=][,insert=behind|before]`` Interval t can't be 0, this filter batches the packet delivery: all packets arriving in a given interval on netdev netdevid are -- cgit v1.2.3 From 69699f3055a59e24f1153c329ae6eff4b9a343e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 14 May 2020 15:15:47 +0200 Subject: crypto/tls-cipher-suites: Produce fw_cfg consumable blob MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since our format is consumable by the fw_cfg device, we can implement the FW_CFG_DATA_GENERATOR interface. Example of use to dump the cipher suites (if tracing enabled): $ qemu-system-x86_64 -S \ -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ -trace qcrypto\* 1590664444.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM 1590664444.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] version=TLS1.3 name=TLS_AES_256_GCM_SHA384 1590664444.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 1590664444.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] version=TLS1.3 name=TLS_AES_128_GCM_SHA256 1590664444.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] version=TLS1.3 name=TLS_AES_128_CCM_SHA256 1590664444.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 1590664444.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 1590664444.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 1590664444.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 1590664444.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 1590664444.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 1590664444.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 1590664444.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM 1590664444.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 1590664444.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 1590664444.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM 1590664444.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 1590664444.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 1590664444.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_CCM 1590664444.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 1590664444.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 1590664444.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_CCM 1590664444.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 1590664444.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 1590664444.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 1590664444.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM 1590664444.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 1590664444.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 1590664444.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM 1590664444.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 1590664444.197345:qcrypto_tls_cipher_suite_count count: 29 Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Acked-by: Laszlo Ersek Message-Id: <20200623172726.21040-6-philmd@redhat.com> --- qemu-options.hx | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index ecc4658e1f..b2cbbbf281 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4586,6 +4586,24 @@ SRST string as described at https://gnutls.org/manual/html_node/Priority-Strings.html. + An example of use of this object is to control UEFI HTTPS Boot. + The tls-cipher-suites object exposes the ordered list of permitted + TLS cipher suites from the host side to the guest firmware, via + fw_cfg. The list is represented as an array of IANA_TLS_CIPHER + objects. The firmware uses the IANA_TLS_CIPHER array for configuring + guest-side TLS. + + In the following example, the priority at which the host-side policy + is retrieved is given by the ``priority`` property. + Given that QEMU uses GNUTLS, ``priority=@SYSTEM`` may be used to + refer to /etc/crypto-policies/back-ends/gnutls.config. + + .. parsed-literal:: + + # |qemu_system| \ + -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \ + -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0 + ``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=][,insert=behind|before]`` Interval t can't be 0, this filter batches the packet delivery: all packets arriving in a given interval on netdev netdevid are -- cgit v1.2.3