| /* |
| * QEMU I/O channels TLS driver |
| * |
| * Copyright (c) 2015 Red Hat, Inc. |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
| * |
| */ |
| |
| #ifndef QIO_CHANNEL_TLS_H |
| #define QIO_CHANNEL_TLS_H |
| |
| #include "io/channel.h" |
| #include "io/task.h" |
| #include "crypto/tlssession.h" |
| |
| #define TYPE_QIO_CHANNEL_TLS "qio-channel-tls" |
| #define QIO_CHANNEL_TLS(obj) \ |
| OBJECT_CHECK(QIOChannelTLS, (obj), TYPE_QIO_CHANNEL_TLS) |
| |
| typedef struct QIOChannelTLS QIOChannelTLS; |
| |
| /** |
| * QIOChannelTLS |
| * |
| * The QIOChannelTLS class provides a channel wrapper which |
| * can transparently run the TLS encryption protocol. It is |
| * usually used over a TCP socket, but there is actually no |
| * technical restriction on which type of master channel is |
| * used as the transport. |
| * |
| * This channel object is capable of running as either a |
| * TLS server or TLS client. |
| */ |
| |
| struct QIOChannelTLS { |
| QIOChannel parent; |
| QIOChannel *master; |
| QCryptoTLSSession *session; |
| }; |
| |
| /** |
| * qio_channel_tls_new_server: |
| * @master: the underlying channel object |
| * @creds: the credentials to use for TLS handshake |
| * @aclname: the access control list for validating clients |
| * @errp: pointer to a NULL-initialized error object |
| * |
| * Create a new TLS channel that runs the server side of |
| * a TLS session. The TLS session handshake will use the |
| * credentials provided in @creds. If the @aclname parameter |
| * is non-NULL, then the client will have to provide |
| * credentials (ie a x509 client certificate) which will |
| * then be validated against the ACL. |
| * |
| * After creating the channel, it is mandatory to call |
| * the qio_channel_tls_handshake() method before attempting |
| * todo any I/O on the channel. |
| * |
| * Once the handshake has completed, all I/O should be done |
| * via the new TLS channel object and not the original |
| * master channel |
| * |
| * Returns: the new TLS channel object, or NULL |
| */ |
| QIOChannelTLS * |
| qio_channel_tls_new_server(QIOChannel *master, |
| QCryptoTLSCreds *creds, |
| const char *aclname, |
| Error **errp); |
| |
| /** |
| * qio_channel_tls_new_client: |
| * @master: the underlying channel object |
| * @creds: the credentials to use for TLS handshake |
| * @hostname: the user specified server hostname |
| * @errp: pointer to a NULL-initialized error object |
| * |
| * Create a new TLS channel that runs the client side of |
| * a TLS session. The TLS session handshake will use the |
| * credentials provided in @creds. The @hostname parameter |
| * should provide the user specified hostname of the server |
| * and will be validated against the server's credentials |
| * (ie CommonName of the x509 certificate) |
| * |
| * After creating the channel, it is mandatory to call |
| * the qio_channel_tls_handshake() method before attempting |
| * todo any I/O on the channel. |
| * |
| * Once the handshake has completed, all I/O should be done |
| * via the new TLS channel object and not the original |
| * master channel |
| * |
| * Returns: the new TLS channel object, or NULL |
| */ |
| QIOChannelTLS * |
| qio_channel_tls_new_client(QIOChannel *master, |
| QCryptoTLSCreds *creds, |
| const char *hostname, |
| Error **errp); |
| |
| /** |
| * qio_channel_tls_handshake: |
| * @ioc: the TLS channel object |
| * @func: the callback to invoke when completed |
| * @opaque: opaque data to pass to @func |
| * @destroy: optional callback to free @opaque |
| * |
| * Perform the TLS session handshake. This method |
| * will return immediately and the handshake will |
| * continue in the background, provided the main |
| * loop is running. When the handshake is complete, |
| * or fails, the @func callback will be invoked. |
| */ |
| void qio_channel_tls_handshake(QIOChannelTLS *ioc, |
| QIOTaskFunc func, |
| gpointer opaque, |
| GDestroyNotify destroy); |
| |
| /** |
| * qio_channel_tls_get_session: |
| * @ioc: the TLS channel object |
| * |
| * Get the TLS session used by the channel. |
| * |
| * Returns: the TLS session |
| */ |
| QCryptoTLSSession * |
| qio_channel_tls_get_session(QIOChannelTLS *ioc); |
| |
| #endif /* QIO_CHANNEL_TLS_H */ |