cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

channel-tls.h (4851B)

      1/*
      2 * QEMU I/O channels TLS driver
      3 *
      4 * Copyright (c) 2015 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#ifndef QIO_CHANNEL_TLS_H
     22#define QIO_CHANNEL_TLS_H
     23
     24#include "io/channel.h"
     25#include "io/task.h"
     26#include "crypto/tlssession.h"
     27#include "qom/object.h"
     28
     29#define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
     30OBJECT_DECLARE_SIMPLE_TYPE(QIOChannelTLS, QIO_CHANNEL_TLS)
     31
     32
     33/**
     34 * QIOChannelTLS
     35 *
     36 * The QIOChannelTLS class provides a channel wrapper which
     37 * can transparently run the TLS encryption protocol. It is
     38 * usually used over a TCP socket, but there is actually no
     39 * technical restriction on which type of master channel is
     40 * used as the transport.
     41 *
     42 * This channel object is capable of running as either a
     43 * TLS server or TLS client.
     44 */
     45
     46struct QIOChannelTLS {
     47    QIOChannel parent;
     48    QIOChannel *master;
     49    QCryptoTLSSession *session;
     50    QIOChannelShutdown shutdown;
     51};
     52
     53/**
     54 * qio_channel_tls_new_server:
     55 * @master: the underlying channel object
     56 * @creds: the credentials to use for TLS handshake
     57 * @aclname: the access control list for validating clients
     58 * @errp: pointer to a NULL-initialized error object
     59 *
     60 * Create a new TLS channel that runs the server side of
     61 * a TLS session. The TLS session handshake will use the
     62 * credentials provided in @creds. If the @aclname parameter
     63 * is non-NULL, then the client will have to provide
     64 * credentials (ie a x509 client certificate) which will
     65 * then be validated against the ACL.
     66 *
     67 * After creating the channel, it is mandatory to call
     68 * the qio_channel_tls_handshake() method before attempting
     69 * todo any I/O on the channel.
     70 *
     71 * Once the handshake has completed, all I/O should be done
     72 * via the new TLS channel object and not the original
     73 * master channel
     74 *
     75 * Returns: the new TLS channel object, or NULL
     76 */
     77QIOChannelTLS *
     78qio_channel_tls_new_server(QIOChannel *master,
     79                           QCryptoTLSCreds *creds,
     80                           const char *aclname,
     81                           Error **errp);
     82
     83/**
     84 * qio_channel_tls_new_client:
     85 * @master: the underlying channel object
     86 * @creds: the credentials to use for TLS handshake
     87 * @hostname: the user specified server hostname
     88 * @errp: pointer to a NULL-initialized error object
     89 *
     90 * Create a new TLS channel that runs the client side of
     91 * a TLS session. The TLS session handshake will use the
     92 * credentials provided in @creds. The @hostname parameter
     93 * should provide the user specified hostname of the server
     94 * and will be validated against the server's credentials
     95 * (ie CommonName of the x509 certificate)
     96 *
     97 * After creating the channel, it is mandatory to call
     98 * the qio_channel_tls_handshake() method before attempting
     99 * todo any I/O on the channel.
    100 *
    101 * Once the handshake has completed, all I/O should be done
    102 * via the new TLS channel object and not the original
    103 * master channel
    104 *
    105 * Returns: the new TLS channel object, or NULL
    106 */
    107QIOChannelTLS *
    108qio_channel_tls_new_client(QIOChannel *master,
    109                           QCryptoTLSCreds *creds,
    110                           const char *hostname,
    111                           Error **errp);
    112
    113/**
    114 * qio_channel_tls_handshake:
    115 * @ioc: the TLS channel object
    116 * @func: the callback to invoke when completed
    117 * @opaque: opaque data to pass to @func
    118 * @destroy: optional callback to free @opaque
    119 * @context: the context that TLS handshake will run with. If %NULL,
    120 *           the default context will be used
    121 *
    122 * Perform the TLS session handshake. This method
    123 * will return immediately and the handshake will
    124 * continue in the background, provided the main
    125 * loop is running. When the handshake is complete,
    126 * or fails, the @func callback will be invoked.
    127 */
    128void qio_channel_tls_handshake(QIOChannelTLS *ioc,
    129                               QIOTaskFunc func,
    130                               gpointer opaque,
    131                               GDestroyNotify destroy,
    132                               GMainContext *context);
    133
    134/**
    135 * qio_channel_tls_get_session:
    136 * @ioc: the TLS channel object
    137 *
    138 * Get the TLS session used by the channel.
    139 *
    140 * Returns: the TLS session
    141 */
    142QCryptoTLSSession *
    143qio_channel_tls_get_session(QIOChannelTLS *ioc);
    144
    145#endif /* QIO_CHANNEL_TLS_H */