qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

channel-tls.h (4851B)

      1 /*
      2  * QEMU I/O channels TLS driver
      3  *
      4  * Copyright (c) 2015 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #ifndef QIO_CHANNEL_TLS_H
     22 #define QIO_CHANNEL_TLS_H
     23 
     24 #include "io/channel.h"
     25 #include "io/task.h"
     26 #include "crypto/tlssession.h"
     27 #include "qom/object.h"
     28 
     29 #define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
     30 OBJECT_DECLARE_SIMPLE_TYPE(QIOChannelTLS, QIO_CHANNEL_TLS)
     31 
     32 
     33 /**
     34  * QIOChannelTLS
     35  *
     36  * The QIOChannelTLS class provides a channel wrapper which
     37  * can transparently run the TLS encryption protocol. It is
     38  * usually used over a TCP socket, but there is actually no
     39  * technical restriction on which type of master channel is
     40  * used as the transport.
     41  *
     42  * This channel object is capable of running as either a
     43  * TLS server or TLS client.
     44  */
     45 
     46 struct QIOChannelTLS {
     47     QIOChannel parent;
     48     QIOChannel *master;
     49     QCryptoTLSSession *session;
     50     QIOChannelShutdown shutdown;
     51 };
     52 
     53 /**
     54  * qio_channel_tls_new_server:
     55  * @master: the underlying channel object
     56  * @creds: the credentials to use for TLS handshake
     57  * @aclname: the access control list for validating clients
     58  * @errp: pointer to a NULL-initialized error object
     59  *
     60  * Create a new TLS channel that runs the server side of
     61  * a TLS session. The TLS session handshake will use the
     62  * credentials provided in @creds. If the @aclname parameter
     63  * is non-NULL, then the client will have to provide
     64  * credentials (ie a x509 client certificate) which will
     65  * then be validated against the ACL.
     66  *
     67  * After creating the channel, it is mandatory to call
     68  * the qio_channel_tls_handshake() method before attempting
     69  * todo any I/O on the channel.
     70  *
     71  * Once the handshake has completed, all I/O should be done
     72  * via the new TLS channel object and not the original
     73  * master channel
     74  *
     75  * Returns: the new TLS channel object, or NULL
     76  */
     77 QIOChannelTLS *
     78 qio_channel_tls_new_server(QIOChannel *master,
     79                            QCryptoTLSCreds *creds,
     80                            const char *aclname,
     81                            Error **errp);
     82 
     83 /**
     84  * qio_channel_tls_new_client:
     85  * @master: the underlying channel object
     86  * @creds: the credentials to use for TLS handshake
     87  * @hostname: the user specified server hostname
     88  * @errp: pointer to a NULL-initialized error object
     89  *
     90  * Create a new TLS channel that runs the client side of
     91  * a TLS session. The TLS session handshake will use the
     92  * credentials provided in @creds. The @hostname parameter
     93  * should provide the user specified hostname of the server
     94  * and will be validated against the server's credentials
     95  * (ie CommonName of the x509 certificate)
     96  *
     97  * After creating the channel, it is mandatory to call
     98  * the qio_channel_tls_handshake() method before attempting
     99  * todo any I/O on the channel.
    100  *
    101  * Once the handshake has completed, all I/O should be done
    102  * via the new TLS channel object and not the original
    103  * master channel
    104  *
    105  * Returns: the new TLS channel object, or NULL
    106  */
    107 QIOChannelTLS *
    108 qio_channel_tls_new_client(QIOChannel *master,
    109                            QCryptoTLSCreds *creds,
    110                            const char *hostname,
    111                            Error **errp);
    112 
    113 /**
    114  * qio_channel_tls_handshake:
    115  * @ioc: the TLS channel object
    116  * @func: the callback to invoke when completed
    117  * @opaque: opaque data to pass to @func
    118  * @destroy: optional callback to free @opaque
    119  * @context: the context that TLS handshake will run with. If %NULL,
    120  *           the default context will be used
    121  *
    122  * Perform the TLS session handshake. This method
    123  * will return immediately and the handshake will
    124  * continue in the background, provided the main
    125  * loop is running. When the handshake is complete,
    126  * or fails, the @func callback will be invoked.
    127  */
    128 void qio_channel_tls_handshake(QIOChannelTLS *ioc,
    129                                QIOTaskFunc func,
    130                                gpointer opaque,
    131                                GDestroyNotify destroy,
    132                                GMainContext *context);
    133 
    134 /**
    135  * qio_channel_tls_get_session:
    136  * @ioc: the TLS channel object
    137  *
    138  * Get the TLS session used by the channel.
    139  *
    140  * Returns: the TLS session
    141  */
    142 QCryptoTLSSession *
    143 qio_channel_tls_get_session(QIOChannelTLS *ioc);
    144 
    145 #endif /* QIO_CHANNEL_TLS_H */