include/io/channel-tls.h - qemu - Git at Google

 /*
  * QEMU I/O channels TLS driver
  *
  * Copyright (c) 2015 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
  * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  *
  */

 #ifndef QIO_CHANNEL_TLS_H
 #define QIO_CHANNEL_TLS_H

 #include "io/channel.h"
 #include "io/task.h"
 #include "crypto/tlssession.h"
 #include "qom/object.h"

 #define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
 OBJECT_DECLARE_SIMPLE_TYPE(QIOChannelTLS, QIO_CHANNEL_TLS)


 /**
  * QIOChannelTLS
  *
  * The QIOChannelTLS class provides a channel wrapper which
  * can transparently run the TLS encryption protocol. It is
  * usually used over a TCP socket, but there is actually no
  * technical restriction on which type of master channel is
  * used as the transport.
  *
  * This channel object is capable of running as either a
  * TLS server or TLS client.
  */

 struct QIOChannelTLS {
     QIOChannel parent;
     QIOChannel *master;
     QCryptoTLSSession *session;
     QIOChannelShutdown shutdown;
     guint hs_ioc_tag;
 };

 /**
  * qio_channel_tls_new_server:
  * @master: the underlying channel object
  * @creds: the credentials to use for TLS handshake
  * @aclname: the access control list for validating clients
  * @errp: pointer to a NULL-initialized error object
  *
  * Create a new TLS channel that runs the server side of
  * a TLS session. The TLS session handshake will use the
  * credentials provided in @creds. If the @aclname parameter
  * is non-NULL, then the client will have to provide
  * credentials (ie a x509 client certificate) which will
  * then be validated against the ACL.
  *
  * After creating the channel, it is mandatory to call
  * the qio_channel_tls_handshake() method before attempting
  * todo any I/O on the channel.
  *
  * Once the handshake has completed, all I/O should be done
  * via the new TLS channel object and not the original
  * master channel
  *
  * Returns: the new TLS channel object, or NULL
  */
 QIOChannelTLS *
 qio_channel_tls_new_server(QIOChannel *master,
                            QCryptoTLSCreds *creds,
                            const char *aclname,
                            Error **errp);

 /**
  * qio_channel_tls_new_client:
  * @master: the underlying channel object
  * @creds: the credentials to use for TLS handshake
  * @hostname: the user specified server hostname
  * @errp: pointer to a NULL-initialized error object
  *
  * Create a new TLS channel that runs the client side of
  * a TLS session. The TLS session handshake will use the
  * credentials provided in @creds. The @hostname parameter
  * should provide the user specified hostname of the server
  * and will be validated against the server's credentials
  * (ie CommonName of the x509 certificate)
  *
  * After creating the channel, it is mandatory to call
  * the qio_channel_tls_handshake() method before attempting
  * todo any I/O on the channel.
  *
  * Once the handshake has completed, all I/O should be done
  * via the new TLS channel object and not the original
  * master channel
  *
  * Returns: the new TLS channel object, or NULL
  */
 QIOChannelTLS *
 qio_channel_tls_new_client(QIOChannel *master,
                            QCryptoTLSCreds *creds,
                            const char *hostname,
                            Error **errp);

 /**
  * qio_channel_tls_handshake:
  * @ioc: the TLS channel object
  * @func: the callback to invoke when completed
  * @opaque: opaque data to pass to @func
  * @destroy: optional callback to free @opaque
  * @context: the context that TLS handshake will run with. If %NULL,
  *           the default context will be used
  *
  * Perform the TLS session handshake. This method
  * will return immediately and the handshake will
  * continue in the background, provided the main
  * loop is running. When the handshake is complete,
  * or fails, the @func callback will be invoked.
  */
 void qio_channel_tls_handshake(QIOChannelTLS *ioc,
                                QIOTaskFunc func,
                                gpointer opaque,
                                GDestroyNotify destroy,
                                GMainContext *context);

 /**
  * qio_channel_tls_get_session:
  * @ioc: the TLS channel object
  *
  * Get the TLS session used by the channel.
  *
  * Returns: the TLS session
  */
 QCryptoTLSSession *
 qio_channel_tls_get_session(QIOChannelTLS *ioc);

 #endif /* QIO_CHANNEL_TLS_H */
	/*
	* QEMU I/O channels TLS driver
	*
	* Copyright (c) 2015 Red Hat, Inc.
	*
	* This library is free software; you can redistribute it and/or
	* modify it under the terms of the GNU Lesser General Public
	* License as published by the Free Software Foundation; either
	* version 2.1 of the License, or (at your option) any later version.
	*
	* This library is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	* Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	*
	*/

	#ifndef QIO_CHANNEL_TLS_H
	#define QIO_CHANNEL_TLS_H

	#include "io/channel.h"
	#include "io/task.h"
	#include "crypto/tlssession.h"
	#include "qom/object.h"

	#define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
	OBJECT_DECLARE_SIMPLE_TYPE(QIOChannelTLS, QIO_CHANNEL_TLS)


	/**
	* QIOChannelTLS
	*
	* The QIOChannelTLS class provides a channel wrapper which
	* can transparently run the TLS encryption protocol. It is
	* usually used over a TCP socket, but there is actually no
	* technical restriction on which type of master channel is
	* used as the transport.
	*
	* This channel object is capable of running as either a
	* TLS server or TLS client.
	*/

	struct QIOChannelTLS {
	QIOChannel parent;
	QIOChannel *master;
	QCryptoTLSSession *session;
	QIOChannelShutdown shutdown;
	guint hs_ioc_tag;
	};

	/**
	* qio_channel_tls_new_server:
	* @master: the underlying channel object
	* @creds: the credentials to use for TLS handshake
	* @aclname: the access control list for validating clients
	* @errp: pointer to a NULL-initialized error object
	*
	* Create a new TLS channel that runs the server side of
	* a TLS session. The TLS session handshake will use the
	* credentials provided in @creds. If the @aclname parameter
	* is non-NULL, then the client will have to provide
	* credentials (ie a x509 client certificate) which will
	* then be validated against the ACL.
	*
	* After creating the channel, it is mandatory to call
	* the qio_channel_tls_handshake() method before attempting
	* todo any I/O on the channel.
	*
	* Once the handshake has completed, all I/O should be done
	* via the new TLS channel object and not the original
	* master channel
	*
	* Returns: the new TLS channel object, or NULL
	*/
	QIOChannelTLS *
	qio_channel_tls_new_server(QIOChannel *master,
	QCryptoTLSCreds *creds,
	const char *aclname,
	Error **errp);

	/**
	* qio_channel_tls_new_client:
	* @master: the underlying channel object
	* @creds: the credentials to use for TLS handshake
	* @hostname: the user specified server hostname
	* @errp: pointer to a NULL-initialized error object
	*
	* Create a new TLS channel that runs the client side of
	* a TLS session. The TLS session handshake will use the
	* credentials provided in @creds. The @hostname parameter
	* should provide the user specified hostname of the server
	* and will be validated against the server's credentials
	* (ie CommonName of the x509 certificate)
	*
	* After creating the channel, it is mandatory to call
	* the qio_channel_tls_handshake() method before attempting
	* todo any I/O on the channel.
	*
	* Once the handshake has completed, all I/O should be done
	* via the new TLS channel object and not the original
	* master channel
	*
	* Returns: the new TLS channel object, or NULL
	*/
	QIOChannelTLS *
	qio_channel_tls_new_client(QIOChannel *master,
	QCryptoTLSCreds *creds,
	const char *hostname,
	Error **errp);

	/**
	* qio_channel_tls_handshake:
	* @ioc: the TLS channel object
	* @func: the callback to invoke when completed
	* @opaque: opaque data to pass to @func
	* @destroy: optional callback to free @opaque
	* @context: the context that TLS handshake will run with. If %NULL,
	* the default context will be used
	*
	* Perform the TLS session handshake. This method
	* will return immediately and the handshake will
	* continue in the background, provided the main
	* loop is running. When the handshake is complete,
	* or fails, the @func callback will be invoked.
	*/
	void qio_channel_tls_handshake(QIOChannelTLS *ioc,
	QIOTaskFunc func,
	gpointer opaque,
	GDestroyNotify destroy,
	GMainContext *context);

	/**
	* qio_channel_tls_get_session:
	* @ioc: the TLS channel object
	*
	* Get the TLS session used by the channel.
	*
	* Returns: the TLS session
	*/
	QCryptoTLSSession *
	qio_channel_tls_get_session(QIOChannelTLS *ioc);

	#endif /* QIO_CHANNEL_TLS_H */