3 pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, okCertificate, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel
11 int pushtls(int fd, char *hashalg, char *encalg,
13 int isclient, char *secret, char *dir)
17 .B #include <libsec.h>
20 int tlsClient(int fd, TLSconn *conn)
23 int tlsServer(int fd, TLSconn *conn)
26 uchar *readcert(char *filename, int *pcertlen)
29 PEMchain *readcertchain(char *filename)
32 Thumbprint *initThumbprints(char *ok, char *crl, char *tag)
35 void freeThumbprints(Thumbprint *table)
38 int okThumbprint(uchar *hash, int len, Thumbprint *table)
41 int okCertificate(uchar *cert, int len, Thumbprint *table)
43 Transport Layer Security (TLS) comprises a record layer protocol,
44 doing message digesting and encrypting in the kernel,
45 and a handshake protocol,
46 doing initial authentication and secret creation at
47 user level and then starting a data channel in the record protocol.
48 TLS is nearly the same as SSL 3.0, and the software should interoperate
49 with implementations of either standard.
51 To use just the record layer, as described in
55 to open the record layer device, connect to the communications channel
57 and start up encryption and message authentication as specified
63 These parameters must have been arranged at the two ends of the
64 conversation by other means.
74 could be the base-64 encoding of two (client-to-server and server-to-client)
75 20-byte digest keys and two corresponding 16-byte encryption keys.
77 returns a file descriptor for the TLS data channel. Anything written to this
78 descriptor will get encrypted and authenticated and then written to the
85 close the original file descriptor on success.
88 is non-zero, the path name of the connection directory is copied into
90 This path name is guaranteed to be less than 40 bytes long.
92 .\" and other horseshit
95 to speak the full handshake protocol,
96 negotiate the algorithms and secrets,
97 and return a new data file descriptor for the data channel.
99 points to a (caller-allocated) struct:
102 typedef struct TLSconn {
103 char dir[40]; /* OUT connection directory */
104 uchar *cert; /* IN/OUT certificate */
105 uchar *sessionID; /* IN/OUT session ID */
106 uchar *psk; /* opt IN pre-shared key */
107 int certlen, sessionIDlen, psklen;
108 int (*trace)(char*fmt, ...);
110 char *sessionType; /* opt IN session type */
111 uchar *sessionKey; /* opt IN/OUT session key */
112 int sessionKeylen; /* opt IN session key length */
113 char *sessionConst; /* opt IN session constant */
114 char *serverName; /* opt IN server name */
115 char *pskID; /* opt IN pre-shared key ID */
121 On input, the caller can provide options such as
123 the local certificate, and
125 used by a client to resume a previously negotiated security association.
126 On output, the connection directory is set, as with
132 is freed and a freshly allocated copy of the remote's certificate
135 to be checked by the caller
136 according to its needs.
137 One way to check the remote certificate is to use
141 which allocate and free, respectively, a table of hashes
142 from files of known trusted and revoked certificates.
144 confirms that a particular hash is in the table.
147 will optionally compute a session key for use
148 by higher-level protocols.
149 To compute a session key, the caller must set
151 to a known session type;
153 to the desired key length;
155 to a buffer of length
159 to the desired salting constant.
160 The only supported session type is
165 executes the server side of the handshake.
166 The caller must initialize
170 to read and decode the PEM-encoded certificate from
174 storage containing the certificate,
175 and store its length through
177 The private key corresponding to
179 should have been previously loaded into factotum.
182 for more about key generation.)
185 will read a PEM-encoded chain of certificates from
187 and return a pointer to a linked list of
190 structures, defined in
194 typedef struct PEMChain PEMChain;
205 conn->chain = readcertchain("intermediate-certs.pem");
208 the server can present extra certificate evidence
209 to establish the chain of trust to a root authority
213 is not required for the ongoing conversation and may
214 be freed by the application whenever convenient.
216 Start the client half of TLS and check the remote certificate:
219 conn = (TLSconn*)mallocz(sizeof *conn, 1);
220 fd = tlsClient(fd, conn);
221 if(!okCertificate(conn->cert, conn->certlen, table))
222 sysfatal("suspect server: %r");
223 \fI...application begins...\fP
229 fd = accept(lcfd, ldir);
230 conn = (TLSconn*)mallocz(sizeof *conn, 1);
231 conn->cert = readcert("cert.pem", &conn->certlen);
232 fd = tlsServer(fd, conn);
233 \fI...application begins...\fP
239 thumbprints of trusted services
242 PEM certificate files
244 .B /sys/src/libc/9sys/pushtls.c
246 .B /sys/src/libsec/port
253 Return \-1 on failure.
255 Client certificates and client sessionIDs are not yet
263 do not close the original file descriptor on failure,
272 structure have to be freed by the caller.
274 Note that in the TLS protocol
276 itself is public; it is used as a pointer to