[PATCH v2 3/6] qemu: Add support to build the tls-creds-psk object

23 Jun 2026

Build the tls-creds-psk object with the following params: id, dir,
endpoint.

Note: Libvirt generates a keys.psk file for each migration session
that only contains the pre-shared key for the "qemu" user. Because
QEMU defaults to using "qemu" as the username if the username attribute
of the tls-creds-psk object is undefined. We intentionally do not set
this attribute.

Suggested-by: Tejus GK <tejus.gk@nutanix.com>
Signed-off-by: Abhisek Panda <abhisek.panda1@nutanix.com>
---
 src/qemu/qemu_command.c | 26 ++++++++++++++++++++++++++
 src/qemu/qemu_command.h |  7 +++++++
 2 files changed, 33 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index e726dc661c..6b72d74fc2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1293,6 +1293,32 @@ qemuBuildTLSx509CommandLine(virCommand *cmd,
 }
 
 
+/* qemuBuildTLSPSKBackendProps:
+ * @tlsPSKPath: path to the TLS-PSK credentials file
+ * @isListen: boolean listen for client or server setting
+ * @alias: alias for the TLS-PSK object
+ * @propsret: json properties to return
+ *
+ * Create a backend string for the tls-creds-psk object.
+ *
+ * Returns 0 on success, -1 on failure with error set.
+ */
+int
+qemuBuildTLSPSKBackendProps(const char *tlsPSKPath,
+                            bool isListen,
+                            const char *alias,
+                            virJSONValue **propsret)
+{
+    if (qemuMonitorCreateObjectProps(propsret, "tls-creds-psk", alias,
+                                     "s:dir", tlsPSKPath,
+                                     "s:endpoint", (isListen ? "server": "client"),
+                                     NULL) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 static int
 qemuBuildChardevCommand(virCommand *cmd,
                         const virDomainChrSourceDef *dev,
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index e34172fbff..245c605b24 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -72,6 +72,13 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
                              const char *secalias,
                              virJSONValue **propsret);
 
+/* Generate the object properties for a tls-creds-psk */               
+int                                                                    
+qemuBuildTLSPSKBackendProps(const char *tlsPSKPath,                    
+                            bool isListen,                             
+                            const char *alias,                         
+                            virJSONValue **propsret);
+
 /* Open a UNIX socket for chardev FD passing */
 int
 qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev);
-- 
2.43.7

    