Lines Matching full:session
2 * QEMU crypto TLS session support
58 qcrypto_tls_session_free(QCryptoTLSSession *session) in qcrypto_tls_session_free() argument
60 if (!session) { in qcrypto_tls_session_free()
64 error_free(session->rerr); in qcrypto_tls_session_free()
65 error_free(session->werr); in qcrypto_tls_session_free()
67 gnutls_deinit(session->handle); in qcrypto_tls_session_free()
68 g_free(session->hostname); in qcrypto_tls_session_free()
69 g_free(session->peername); in qcrypto_tls_session_free()
70 g_free(session->authzid); in qcrypto_tls_session_free()
71 object_unref(OBJECT(session->creds)); in qcrypto_tls_session_free()
72 g_free(session); in qcrypto_tls_session_free()
79 QCryptoTLSSession *session = opaque; in qcrypto_tls_session_push() local
82 if (!session->writeFunc) { in qcrypto_tls_session_push()
87 error_free(session->werr); in qcrypto_tls_session_push()
88 session->werr = NULL; in qcrypto_tls_session_push()
90 ret = session->writeFunc(buf, len, session->opaque, &session->werr); in qcrypto_tls_session_push()
106 QCryptoTLSSession *session = opaque; in qcrypto_tls_session_pull() local
109 if (!session->readFunc) { in qcrypto_tls_session_pull()
114 error_free(session->rerr); in qcrypto_tls_session_pull()
115 session->rerr = NULL; in qcrypto_tls_session_pull()
117 ret = session->readFunc(buf, len, session->opaque, &session->rerr); in qcrypto_tls_session_pull()
139 QCryptoTLSSession *session; in qcrypto_tls_session_new() local
142 session = g_new0(QCryptoTLSSession, 1); in qcrypto_tls_session_new()
144 session, creds, hostname ? hostname : "<none>", in qcrypto_tls_session_new()
148 session->hostname = g_strdup(hostname); in qcrypto_tls_session_new()
151 session->authzid = g_strdup(authzid); in qcrypto_tls_session_new()
153 session->creds = creds; in qcrypto_tls_session_new()
157 error_setg(errp, "Credentials endpoint doesn't match session"); in qcrypto_tls_session_new()
162 ret = gnutls_init(&session->handle, GNUTLS_SERVER); in qcrypto_tls_session_new()
164 ret = gnutls_init(&session->handle, GNUTLS_CLIENT); in qcrypto_tls_session_new()
167 error_setg(errp, "Cannot initialize TLS session: %s", in qcrypto_tls_session_new()
186 ret = gnutls_priority_set_direct(session->handle, prio, NULL); in qcrypto_tls_session_new()
188 error_setg(errp, "Unable to set TLS session priority %s: %s", in qcrypto_tls_session_new()
195 ret = gnutls_credentials_set(session->handle, in qcrypto_tls_session_new()
199 ret = gnutls_credentials_set(session->handle, in qcrypto_tls_session_new()
204 error_setg(errp, "Cannot set session credentials: %s", in qcrypto_tls_session_new()
222 ret = gnutls_priority_set_direct(session->handle, prio, NULL); in qcrypto_tls_session_new()
224 error_setg(errp, "Unable to set TLS session priority %s: %s", in qcrypto_tls_session_new()
231 ret = gnutls_credentials_set(session->handle, in qcrypto_tls_session_new()
235 ret = gnutls_credentials_set(session->handle, in qcrypto_tls_session_new()
240 error_setg(errp, "Cannot set session credentials: %s", in qcrypto_tls_session_new()
252 ret = gnutls_priority_set_direct(session->handle, prio, NULL); in qcrypto_tls_session_new()
254 error_setg(errp, "Cannot set default TLS session priority %s: %s", in qcrypto_tls_session_new()
258 ret = gnutls_credentials_set(session->handle, in qcrypto_tls_session_new()
262 error_setg(errp, "Cannot set session credentials: %s", in qcrypto_tls_session_new()
270 gnutls_certificate_server_set_request(session->handle, in qcrypto_tls_session_new()
279 gnutls_transport_set_ptr(session->handle, session); in qcrypto_tls_session_new()
280 gnutls_transport_set_push_function(session->handle, in qcrypto_tls_session_new()
282 gnutls_transport_set_pull_function(session->handle, in qcrypto_tls_session_new()
285 return session; in qcrypto_tls_session_new()
288 qcrypto_tls_session_free(session); in qcrypto_tls_session_new()
293 qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, in qcrypto_tls_session_check_certificate() argument
310 ret = gnutls_certificate_verify_peers2(session->handle, &status); in qcrypto_tls_session_check_certificate()
339 certs = gnutls_certificate_get_peers(session->handle, &nCerts); in qcrypto_tls_session_check_certificate()
377 session->peername = g_malloc(dnameSize); in qcrypto_tls_session_check_certificate()
379 ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize); in qcrypto_tls_session_check_certificate()
382 session->peername = g_realloc(session->peername, in qcrypto_tls_session_check_certificate()
390 if (session->authzid) { in qcrypto_tls_session_check_certificate()
393 allow = qauthz_is_allowed_by_id(session->authzid, in qcrypto_tls_session_check_certificate()
394 session->peername, &err); in qcrypto_tls_session_check_certificate()
401 session->peername); in qcrypto_tls_session_check_certificate()
405 if (session->hostname) { in qcrypto_tls_session_check_certificate()
406 if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) { in qcrypto_tls_session_check_certificate()
409 session->hostname); in qcrypto_tls_session_check_certificate()
413 if (session->creds->endpoint == in qcrypto_tls_session_check_certificate()
433 qcrypto_tls_session_check_credentials(QCryptoTLSSession *session, in qcrypto_tls_session_check_credentials() argument
436 if (object_dynamic_cast(OBJECT(session->creds), in qcrypto_tls_session_check_credentials()
438 trace_qcrypto_tls_session_check_creds(session, "nop"); in qcrypto_tls_session_check_credentials()
440 } else if (object_dynamic_cast(OBJECT(session->creds), in qcrypto_tls_session_check_credentials()
442 trace_qcrypto_tls_session_check_creds(session, "nop"); in qcrypto_tls_session_check_credentials()
444 } else if (object_dynamic_cast(OBJECT(session->creds), in qcrypto_tls_session_check_credentials()
446 if (session->creds->verifyPeer) { in qcrypto_tls_session_check_credentials()
447 int ret = qcrypto_tls_session_check_certificate(session, in qcrypto_tls_session_check_credentials()
449 trace_qcrypto_tls_session_check_creds(session, in qcrypto_tls_session_check_credentials()
453 trace_qcrypto_tls_session_check_creds(session, "skip"); in qcrypto_tls_session_check_credentials()
457 trace_qcrypto_tls_session_check_creds(session, "error"); in qcrypto_tls_session_check_credentials()
459 object_get_typename(OBJECT(session->creds))); in qcrypto_tls_session_check_credentials()
466 qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session, in qcrypto_tls_session_set_callbacks() argument
471 session->writeFunc = writeFunc; in qcrypto_tls_session_set_callbacks()
472 session->readFunc = readFunc; in qcrypto_tls_session_set_callbacks()
473 session->opaque = opaque; in qcrypto_tls_session_set_callbacks()
478 qcrypto_tls_session_write(QCryptoTLSSession *session, in qcrypto_tls_session_write() argument
483 ssize_t ret = gnutls_record_send(session->handle, buf, len); in qcrypto_tls_session_write()
489 if (session->werr) { in qcrypto_tls_session_write()
490 error_propagate(errp, session->werr); in qcrypto_tls_session_write()
491 session->werr = NULL; in qcrypto_tls_session_write()
506 qcrypto_tls_session_read(QCryptoTLSSession *session, in qcrypto_tls_session_read() argument
512 ssize_t ret = gnutls_record_recv(session->handle, buf, len); in qcrypto_tls_session_read()
521 if (session->rerr) { in qcrypto_tls_session_read()
522 error_propagate(errp, session->rerr); in qcrypto_tls_session_read()
523 session->rerr = NULL; in qcrypto_tls_session_read()
538 qcrypto_tls_session_check_pending(QCryptoTLSSession *session) in qcrypto_tls_session_check_pending() argument
540 return gnutls_record_check_pending(session->handle); in qcrypto_tls_session_check_pending()
545 qcrypto_tls_session_handshake(QCryptoTLSSession *session, in qcrypto_tls_session_handshake() argument
548 int ret = gnutls_handshake(session->handle); in qcrypto_tls_session_handshake()
550 session->handshakeComplete = true; in qcrypto_tls_session_handshake()
556 if (session->rerr || session->werr) { in qcrypto_tls_session_handshake()
559 error_get_pretty(session->rerr ? in qcrypto_tls_session_handshake()
560 session->rerr : session->werr)); in qcrypto_tls_session_handshake()
568 error_free(session->rerr); in qcrypto_tls_session_handshake()
569 error_free(session->werr); in qcrypto_tls_session_handshake()
570 session->rerr = session->werr = NULL; in qcrypto_tls_session_handshake()
577 qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session) in qcrypto_tls_session_get_handshake_status() argument
579 if (session->handshakeComplete) { in qcrypto_tls_session_get_handshake_status()
581 } else if (gnutls_record_get_direction(session->handle) == 0) { in qcrypto_tls_session_get_handshake_status()
590 qcrypto_tls_session_get_key_size(QCryptoTLSSession *session, in qcrypto_tls_session_get_key_size() argument
596 cipher = gnutls_cipher_get(session->handle); in qcrypto_tls_session_get_key_size()
607 qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session) in qcrypto_tls_session_get_peer_name() argument
609 if (session->peername) { in qcrypto_tls_session_get_peer_name()
610 return g_strdup(session->peername); in qcrypto_tls_session_get_peer_name()
680 qcrypto_tls_session_check_pending(QCryptoTLSSession *session) in qcrypto_tls_session_check_pending() argument