[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e1a6dc: crypto: Implement TLS Pre-Shared Keys
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] e1a6dc: crypto: Implement TLS Pre-Shared Keys (PSK). |
Date: |
Tue, 03 Jul 2018 23:27:33 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: e1a6dc91ddb55ef77a705b62b6e62634631fd57d
https://github.com/qemu/qemu/commit/e1a6dc91ddb55ef77a705b62b6e62634631fd57d
Author: Richard W.M. Jones <address@hidden>
Date: 2018-07-03 (Tue, 03 Jul 2018)
Changed paths:
M crypto/Makefile.objs
A crypto/tlscredspsk.c
M crypto/tlssession.c
M crypto/trace-events
A include/crypto/tlscredspsk.h
M qemu-doc.texi
M qemu-options.hx
M tests/Makefile.include
A tests/crypto-tls-psk-helpers.c
A tests/crypto-tls-psk-helpers.h
M tests/test-crypto-tlssession.c
Log Message:
-----------
crypto: Implement TLS Pre-Shared Keys (PSK).
Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:
$ mkdir -m 0700 /tmp/keys
$ psktool -u rjones -p /tmp/keys/keys.psk
$ cat /tmp/keys/keys.psk
rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc
The key can be secretly shared between clients and servers. Clients
must specify the directory containing the "keys.psk" file and a
username (defaults to "qemu"). Servers must specify only the
directory.
Example NBD client:
$ qemu-img info \
--object
tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \
--image-opts \
file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/
Example NBD server using qemu-nbd:
$ qemu-nbd -t -x / \
--object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \
--tls-creds tls0 \
image.qcow2
Example NBD server using nbdkit:
$ nbdkit -n -e / -fv \
--tls=on --tls-psk=/tmp/keys/keys.psk \
file file=disk.img
Signed-off-by: Richard W.M. Jones <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: 2a018f6e98782a4931b936a3087404ed81685bac
https://github.com/qemu/qemu/commit/2a018f6e98782a4931b936a3087404ed81685bac
Author: Peter Maydell <address@hidden>
Date: 2018-07-03 (Tue, 03 Jul 2018)
Changed paths:
M crypto/Makefile.objs
A crypto/tlscredspsk.c
M crypto/tlssession.c
M crypto/trace-events
A include/crypto/tlscredspsk.h
M qemu-doc.texi
M qemu-options.hx
M tests/Makefile.include
A tests/crypto-tls-psk-helpers.c
A tests/crypto-tls-psk-helpers.h
M tests/test-crypto-tlssession.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/berrange/tags/qcrypto-next-pull-request' into staging
Add support for PSK credentials with TLS
# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg: aka "Daniel P. Berrange <address@hidden>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/qcrypto-next-pull-request:
crypto: Implement TLS Pre-Shared Keys (PSK).
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/79c2b203a932...2a018f6e9878
**NOTE:** This service been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e1a6dc: crypto: Implement TLS Pre-Shared Keys (PSK).,
GitHub <=