 1939ccdaa6
			
		
	
	
		1939ccdaa6
		
	
	
	
	
		
			
			A new parameter "context" is added to qio_channel_tls_handshake() is to allow the TLS to be run on a non-default context. Still, no functional change. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
		
			
				
	
	
		
			146 lines
		
	
	
		
			4.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			146 lines
		
	
	
		
			4.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * QEMU I/O channels TLS driver
 | |
|  *
 | |
|  * Copyright (c) 2015 Red Hat, Inc.
 | |
|  *
 | |
|  * This library is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU Lesser General Public
 | |
|  * License as published by the Free Software Foundation; either
 | |
|  * version 2 of the License, or (at your option) any later version.
 | |
|  *
 | |
|  * This library is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 | |
|  * Lesser General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Lesser General Public
 | |
|  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 | |
|  *
 | |
|  */
 | |
| 
 | |
| #ifndef QIO_CHANNEL_TLS_H
 | |
| #define QIO_CHANNEL_TLS_H
 | |
| 
 | |
| #include "io/channel.h"
 | |
| #include "io/task.h"
 | |
| #include "crypto/tlssession.h"
 | |
| 
 | |
| #define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
 | |
| #define QIO_CHANNEL_TLS(obj)                                     \
 | |
|     OBJECT_CHECK(QIOChannelTLS, (obj), TYPE_QIO_CHANNEL_TLS)
 | |
| 
 | |
| typedef struct QIOChannelTLS QIOChannelTLS;
 | |
| 
 | |
| /**
 | |
|  * QIOChannelTLS
 | |
|  *
 | |
|  * The QIOChannelTLS class provides a channel wrapper which
 | |
|  * can transparently run the TLS encryption protocol. It is
 | |
|  * usually used over a TCP socket, but there is actually no
 | |
|  * technical restriction on which type of master channel is
 | |
|  * used as the transport.
 | |
|  *
 | |
|  * This channel object is capable of running as either a
 | |
|  * TLS server or TLS client.
 | |
|  */
 | |
| 
 | |
| struct QIOChannelTLS {
 | |
|     QIOChannel parent;
 | |
|     QIOChannel *master;
 | |
|     QCryptoTLSSession *session;
 | |
| };
 | |
| 
 | |
| /**
 | |
|  * qio_channel_tls_new_server:
 | |
|  * @master: the underlying channel object
 | |
|  * @creds: the credentials to use for TLS handshake
 | |
|  * @aclname: the access control list for validating clients
 | |
|  * @errp: pointer to a NULL-initialized error object
 | |
|  *
 | |
|  * Create a new TLS channel that runs the server side of
 | |
|  * a TLS session. The TLS session handshake will use the
 | |
|  * credentials provided in @creds. If the @aclname parameter
 | |
|  * is non-NULL, then the client will have to provide
 | |
|  * credentials (ie a x509 client certificate) which will
 | |
|  * then be validated against the ACL.
 | |
|  *
 | |
|  * After creating the channel, it is mandatory to call
 | |
|  * the qio_channel_tls_handshake() method before attempting
 | |
|  * todo any I/O on the channel.
 | |
|  *
 | |
|  * Once the handshake has completed, all I/O should be done
 | |
|  * via the new TLS channel object and not the original
 | |
|  * master channel
 | |
|  *
 | |
|  * Returns: the new TLS channel object, or NULL
 | |
|  */
 | |
| QIOChannelTLS *
 | |
| qio_channel_tls_new_server(QIOChannel *master,
 | |
|                            QCryptoTLSCreds *creds,
 | |
|                            const char *aclname,
 | |
|                            Error **errp);
 | |
| 
 | |
| /**
 | |
|  * qio_channel_tls_new_client:
 | |
|  * @master: the underlying channel object
 | |
|  * @creds: the credentials to use for TLS handshake
 | |
|  * @hostname: the user specified server hostname
 | |
|  * @errp: pointer to a NULL-initialized error object
 | |
|  *
 | |
|  * Create a new TLS channel that runs the client side of
 | |
|  * a TLS session. The TLS session handshake will use the
 | |
|  * credentials provided in @creds. The @hostname parameter
 | |
|  * should provide the user specified hostname of the server
 | |
|  * and will be validated against the server's credentials
 | |
|  * (ie CommonName of the x509 certificate)
 | |
|  *
 | |
|  * After creating the channel, it is mandatory to call
 | |
|  * the qio_channel_tls_handshake() method before attempting
 | |
|  * todo any I/O on the channel.
 | |
|  *
 | |
|  * Once the handshake has completed, all I/O should be done
 | |
|  * via the new TLS channel object and not the original
 | |
|  * master channel
 | |
|  *
 | |
|  * Returns: the new TLS channel object, or NULL
 | |
|  */
 | |
| QIOChannelTLS *
 | |
| qio_channel_tls_new_client(QIOChannel *master,
 | |
|                            QCryptoTLSCreds *creds,
 | |
|                            const char *hostname,
 | |
|                            Error **errp);
 | |
| 
 | |
| /**
 | |
|  * qio_channel_tls_handshake:
 | |
|  * @ioc: the TLS channel object
 | |
|  * @func: the callback to invoke when completed
 | |
|  * @opaque: opaque data to pass to @func
 | |
|  * @destroy: optional callback to free @opaque
 | |
|  * @context: the context that TLS handshake will run with. If %NULL,
 | |
|  *           the default context will be used
 | |
|  *
 | |
|  * Perform the TLS session handshake. This method
 | |
|  * will return immediately and the handshake will
 | |
|  * continue in the background, provided the main
 | |
|  * loop is running. When the handshake is complete,
 | |
|  * or fails, the @func callback will be invoked.
 | |
|  */
 | |
| void qio_channel_tls_handshake(QIOChannelTLS *ioc,
 | |
|                                QIOTaskFunc func,
 | |
|                                gpointer opaque,
 | |
|                                GDestroyNotify destroy,
 | |
|                                GMainContext *context);
 | |
| 
 | |
| /**
 | |
|  * qio_channel_tls_get_session:
 | |
|  * @ioc: the TLS channel object
 | |
|  *
 | |
|  * Get the TLS session used by the channel.
 | |
|  *
 | |
|  * Returns: the TLS session
 | |
|  */
 | |
| QCryptoTLSSession *
 | |
| qio_channel_tls_get_session(QIOChannelTLS *ioc);
 | |
| 
 | |
| #endif /* QIO_CHANNEL_TLS_H */
 |