3 pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel
11 int pushtls(int fd, char *hashalg, char *encalg,
13 int isclient, char *secret, char *dir)
17 .B #include <libsec.h>
20 int tlsClient(int fd, TLSconn *conn)
23 int tlsServer(int fd, TLSconn *conn)
26 uchar *readcert(char *filename, int *pcertlen)
29 PEMchain *readcertchain(char *filename)
32 Thumbprint *initThumbprints(char *ok, char *crl)
35 void freeThumbprints(Thumbprint *table)
38 int okThumbprint(uchar *hash, Thumbprint *table)
40 Transport Layer Security (TLS) comprises a record layer protocol,
41 doing message digesting and encrypting in the kernel,
42 and a handshake protocol,
43 doing initial authentication and secret creation at
44 user level and then starting a data channel in the record protocol.
45 TLS is nearly the same as SSL 3.0, and the software should interoperate
46 with implementations of either standard.
48 To use just the record layer, as described in
52 to open the record layer device, connect to the communications channel
54 and start up encryption and message authentication as specified
60 These parameters must have been arranged at the two ends of the
61 conversation by other means.
71 could be the base-64 encoding of two (client-to-server and server-to-client)
72 20-byte digest keys and two corresponding 16-byte encryption keys.
74 returns a file descriptor for the TLS data channel. Anything written to this
75 descriptor will get encrypted and authenticated and then written to the
82 close the original file descriptor on success.
85 is non-zero, the path name of the connection directory is copied into
87 This path name is guaranteed to be less than 40 bytes long.
89 .\" and other horseshit
92 to speak the full handshake protocol,
93 negotiate the algorithms and secrets,
94 and return a new data file descriptor for the data channel.
96 points to a (caller-allocated) struct:
99 typedef struct TLSconn {
100 char dir[40]; /* OUT connection directory */
101 uchar *cert; /* IN/OUT certificate */
102 uchar *sessionID; /* IN/OUT session ID */
103 uchar *psk; /* opt IN pre-shared key */
104 int certlen, sessionIDlen, psklen;
105 int (*trace)(char*fmt, ...);
107 char *sessionType; /* opt IN session type */
108 uchar *sessionKey; /* opt IN/OUT session key */
109 int sessionKeylen; /* opt IN session key length */
110 char *sessionConst; /* opt IN session constant */
111 char *serverName; /* opt IN server name */
112 char *pskID; /* opt IN pre-shared key ID */
118 On input, the caller can provide options such as
120 the local certificate, and
122 used by a client to resume a previously negotiated security association.
123 On output, the connection directory is set, as with
129 is freed and a freshly allocated copy of the remote's certificate
132 to be checked by the caller
133 according to its needs.
134 One way to check the remote certificate is to use
138 which allocate and free, respectively, a table of hashes
139 from files of known trusted and revoked certificates.
141 confirms that a particular hash is in the table.
144 will optionally compute a session key for use
145 by higher-level protocols.
146 To compute a session key, the caller must set
148 to a known session type;
150 to the desired key length;
152 to a buffer of length
156 to the desired salting constant.
157 The only supported session type is
162 executes the server side of the handshake.
163 The caller must initialize
167 to read and decode the PEM-encoded certificate from
171 storage containing the certificate,
172 and store its length through
174 The private key corresponding to
176 should have been previously loaded into factotum.
179 for more about key generation.)
182 will read a PEM-encoded chain of certificates from
184 and return a pointer to a linked list of
187 structures, defined in
191 typedef struct PEMChain PEMChain;
202 conn->chain = readcertchain("intermediate-certs.pem");
205 the server can present extra certificate evidence
206 to establish the chain of trust to a root authority
210 is not required for the ongoing conversation and may
211 be freed by the application whenever convenient.
213 Start the client half of TLS and check the remote certificate:
216 uchar hash[SHA1dlen];
218 conn = (TLSconn*)mallocz(sizeof *conn, 1);
219 fd = tlsClient(fd, conn);
220 sha1(conn->cert, conn->certlen, hash, nil);
221 if(!okThumbprint(hash,table))
222 exits("suspect server");
223 \fI...application begins...\fP
229 fd = accept(lcfd, ldir);
230 conn = (TLSconn*)mallocz(sizeof *conn, 1);
231 conn->cert = readcert("cert.pem", &conn->certlen);
232 fd = tlsServer(fd, conn);
233 \fI...application begins...\fP
239 thumbprints of trusted services
242 PEM certificate files
244 .B /sys/src/libc/9sys/pushtls.c
246 .B /sys/src/libsec/port
253 Return \-1 on failure.
255 Client certificates and client sessionIDs are not yet
263 do not close the original file descriptor on failure,
272 structure have to be freed by the caller.
274 Note that in the TLS protocol
276 itself is public; it is used as a pointer to