1/* 2 * WPA Supplicant / TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file interface functions for hostapd/wpa_supplicant to use the 15 * integrated TLSv1 implementation. 16 */ 17 18#include "includes.h" 19 20#include "common.h" 21#include "tls.h" 22#include "tlsv1_client.h" 23 24 25static int tls_ref_count = 0; 26 27struct tls_global { 28 int dummy; 29}; 30 31struct tls_connection { 32 struct tlsv1_client *client; 33}; 34 35 36void * tls_init(const struct tls_config *conf) 37{ 38 struct tls_global *global; 39 40 if (tls_ref_count == 0) { 41 if (tlsv1_client_global_init()) 42 return NULL; 43 } 44 tls_ref_count++; 45 46 global = os_zalloc(sizeof(*global)); 47 if (global == NULL) 48 return NULL; 49 50 return global; 51} 52 53void tls_deinit(void *ssl_ctx) 54{ 55 struct tls_global *global = ssl_ctx; 56 tls_ref_count--; 57 if (tls_ref_count == 0) { 58 tlsv1_client_global_deinit(); 59 } 60 os_free(global); 61} 62 63 64int tls_get_errors(void *tls_ctx) 65{ 66 return 0; 67} 68 69 70struct tls_connection * tls_connection_init(void *tls_ctx) 71{ 72 struct tls_connection *conn; 73 74 conn = os_zalloc(sizeof(*conn)); 75 if (conn == NULL) 76 return NULL; 77 78 conn->client = tlsv1_client_init(); 79 if (conn->client == NULL) { 80 os_free(conn); 81 return NULL; 82 } 83 84 return conn; 85} 86 87 88void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 89{ 90 if (conn == NULL) 91 return; 92 tlsv1_client_deinit(conn->client); 93 os_free(conn); 94} 95 96 97int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 98{ 99 return tlsv1_client_established(conn->client); 100} 101 102 103int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 104{ 105 return tlsv1_client_shutdown(conn->client); 106} 107 108 109int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 110 const struct tls_connection_params *params) 111{ 112 if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert, 113 params->ca_cert_blob, 114 params->ca_cert_blob_len, 115 params->ca_path)) { 116 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 117 "certificates"); 118 return -1; 119 } 120 121 if (tlsv1_client_set_client_cert(conn->client, params->client_cert, 122 params->client_cert_blob, 123 params->client_cert_blob_len)) { 124 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 125 "certificate"); 126 return -1; 127 } 128 129 if (tlsv1_client_set_private_key(conn->client, 130 params->private_key, 131 params->private_key_passwd, 132 params->private_key_blob, 133 params->private_key_blob_len)) { 134 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 135 return -1; 136 } 137 138 return 0; 139} 140 141 142int tls_global_set_params(void *tls_ctx, 143 const struct tls_connection_params *params) 144{ 145 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 146 return -1; 147} 148 149 150int tls_global_set_verify(void *tls_ctx, int check_crl) 151{ 152 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 153 return -1; 154} 155 156 157int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 158 int verify_peer) 159{ 160 return -1; 161} 162 163 164int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 165 int tls_ia) 166{ 167 return -1; 168} 169 170 171int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn, 172 struct tls_keys *keys) 173{ 174 return tlsv1_client_get_keys(conn->client, keys); 175} 176 177 178int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 179 const char *label, int server_random_first, 180 u8 *out, size_t out_len) 181{ 182 return tlsv1_client_prf(conn->client, label, server_random_first, 183 out, out_len); 184} 185 186 187u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn, 188 const u8 *in_data, size_t in_len, 189 size_t *out_len, u8 **appl_data, 190 size_t *appl_data_len) 191{ 192 if (appl_data) 193 *appl_data = NULL; 194 195 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)", 196 __func__, in_data, (unsigned long) in_len); 197 return tlsv1_client_handshake(conn->client, in_data, in_len, out_len); 198} 199 200 201u8 * tls_connection_server_handshake(void *tls_ctx, 202 struct tls_connection *conn, 203 const u8 *in_data, size_t in_len, 204 size_t *out_len) 205{ 206 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 207 return NULL; 208} 209 210 211int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn, 212 const u8 *in_data, size_t in_len, 213 u8 *out_data, size_t out_len) 214{ 215 return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data, 216 out_len); 217} 218 219 220int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn, 221 const u8 *in_data, size_t in_len, 222 u8 *out_data, size_t out_len) 223{ 224 return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data, 225 out_len); 226} 227 228 229int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 230{ 231 return tlsv1_client_resumed(conn->client); 232} 233 234 235int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn, 236 const u8 *key, size_t key_len) 237{ 238 return tlsv1_client_set_master_key(conn->client, key, key_len); 239} 240 241 242int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 243 u8 *ciphers) 244{ 245 return tlsv1_client_set_cipher_list(conn->client, ciphers); 246} 247 248 249int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 250 char *buf, size_t buflen) 251{ 252 if (conn == NULL) 253 return -1; 254 return tlsv1_client_get_cipher(conn->client, buf, buflen); 255} 256 257 258int tls_connection_enable_workaround(void *tls_ctx, 259 struct tls_connection *conn) 260{ 261 return -1; 262} 263 264 265int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 266 int ext_type, const u8 *data, 267 size_t data_len) 268{ 269 return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len); 270} 271 272 273int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 274{ 275 return 0; 276} 277 278 279int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 280{ 281 return 0; 282} 283 284 285int tls_connection_get_write_alerts(void *tls_ctx, 286 struct tls_connection *conn) 287{ 288 return 0; 289} 290 291 292int tls_connection_get_keyblock_size(void *tls_ctx, 293 struct tls_connection *conn) 294{ 295 return tlsv1_client_get_keyblock_size(conn->client); 296} 297 298 299unsigned int tls_capabilities(void *tls_ctx) 300{ 301 return 0; 302} 303 304 305int tls_connection_ia_send_phase_finished(void *tls_ctx, 306 struct tls_connection *conn, 307 int final, 308 u8 *out_data, size_t out_len) 309{ 310 return -1; 311} 312 313 314int tls_connection_ia_final_phase_finished(void *tls_ctx, 315 struct tls_connection *conn) 316{ 317 return -1; 318} 319 320 321int tls_connection_ia_permute_inner_secret(void *tls_ctx, 322 struct tls_connection *conn, 323 const u8 *key, size_t key_len) 324{ 325 return -1; 326} 327