2008-02-28 02:34:43 +01:00
|
|
|
/*
|
2009-12-20 17:17:55 +01:00
|
|
|
* TLS interface functions and an internal TLS implementation
|
2011-07-05 10:29:42 +02:00
|
|
|
* Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
|
|
|
* This file interface functions for hostapd/wpa_supplicant to use the
|
|
|
|
* integrated TLSv1 implementation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "includes.h"
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
#include "tls.h"
|
|
|
|
#include "tls/tlsv1_client.h"
|
|
|
|
#include "tls/tlsv1_server.h"
|
|
|
|
|
|
|
|
|
|
|
|
static int tls_ref_count = 0;
|
|
|
|
|
|
|
|
struct tls_global {
|
|
|
|
int server;
|
|
|
|
struct tlsv1_credentials *server_cred;
|
|
|
|
int check_crl;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tls_connection {
|
|
|
|
struct tlsv1_client *client;
|
|
|
|
struct tlsv1_server *server;
|
2014-03-01 23:07:50 +01:00
|
|
|
struct tls_global *global;
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void * tls_init(const struct tls_config *conf)
|
|
|
|
{
|
|
|
|
struct tls_global *global;
|
|
|
|
|
|
|
|
if (tls_ref_count == 0) {
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (tlsv1_client_global_init())
|
|
|
|
return NULL;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (tlsv1_server_global_init())
|
|
|
|
return NULL;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
}
|
|
|
|
tls_ref_count++;
|
|
|
|
|
|
|
|
global = os_zalloc(sizeof(*global));
|
|
|
|
if (global == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return global;
|
|
|
|
}
|
|
|
|
|
|
|
|
void tls_deinit(void *ssl_ctx)
|
|
|
|
{
|
|
|
|
struct tls_global *global = ssl_ctx;
|
|
|
|
tls_ref_count--;
|
|
|
|
if (tls_ref_count == 0) {
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
tlsv1_client_global_deinit();
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
tlsv1_cred_free(global->server_cred);
|
|
|
|
tlsv1_server_global_deinit();
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
}
|
|
|
|
os_free(global);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_get_errors(void *tls_ctx)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct tls_connection * tls_connection_init(void *tls_ctx)
|
|
|
|
{
|
|
|
|
struct tls_connection *conn;
|
|
|
|
struct tls_global *global = tls_ctx;
|
|
|
|
|
|
|
|
conn = os_zalloc(sizeof(*conn));
|
|
|
|
if (conn == NULL)
|
|
|
|
return NULL;
|
2014-03-01 23:07:50 +01:00
|
|
|
conn->global = global;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (!global->server) {
|
|
|
|
conn->client = tlsv1_client_init();
|
|
|
|
if (conn->client == NULL) {
|
|
|
|
os_free(conn);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (global->server) {
|
|
|
|
conn->server = tlsv1_server_init(global->server_cred);
|
|
|
|
if (conn->server == NULL) {
|
|
|
|
os_free(conn);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
|
|
|
|
return conn;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-03-01 23:43:59 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
|
|
|
|
{
|
|
|
|
if (conn->server)
|
|
|
|
tlsv1_server_set_test_flags(conn->server, flags);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
|
|
|
|
2014-03-01 23:07:50 +01:00
|
|
|
void tls_connection_set_log_cb(struct tls_connection *conn,
|
|
|
|
void (*log_cb)(void *ctx, const char *msg),
|
|
|
|
void *ctx)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
if (conn == NULL)
|
|
|
|
return;
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
tlsv1_client_deinit(conn->client);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
tlsv1_server_deinit(conn->server);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
os_free(conn);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_established(conn->client);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_established(conn->server);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_shutdown(conn->client);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_shutdown(conn->server);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
const struct tls_connection_params *params)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
struct tlsv1_credentials *cred;
|
|
|
|
|
|
|
|
if (conn->client == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
cred = tlsv1_cred_alloc();
|
|
|
|
if (cred == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (tlsv1_set_ca_cert(cred, params->ca_cert,
|
|
|
|
params->ca_cert_blob, params->ca_cert_blob_len,
|
|
|
|
params->ca_path)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
|
|
|
|
"certificates");
|
|
|
|
tlsv1_cred_free(cred);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_cert(cred, params->client_cert,
|
|
|
|
params->client_cert_blob,
|
|
|
|
params->client_cert_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to configure client "
|
|
|
|
"certificate");
|
|
|
|
tlsv1_cred_free(cred);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_private_key(cred, params->private_key,
|
|
|
|
params->private_key_passwd,
|
|
|
|
params->private_key_blob,
|
|
|
|
params->private_key_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to load private key");
|
|
|
|
tlsv1_cred_free(cred);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
|
|
|
|
params->dh_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
|
|
|
|
tlsv1_cred_free(cred);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_client_set_cred(conn->client, cred) < 0) {
|
|
|
|
tlsv1_cred_free(cred);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-07-05 10:29:42 +02:00
|
|
|
tlsv1_client_set_time_checks(
|
|
|
|
conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return 0;
|
|
|
|
#else /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
return -1;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_global_set_params(void *tls_ctx,
|
|
|
|
const struct tls_connection_params *params)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
struct tls_global *global = tls_ctx;
|
|
|
|
struct tlsv1_credentials *cred;
|
|
|
|
|
|
|
|
/* Currently, global parameters are only set when running in server
|
|
|
|
* mode. */
|
|
|
|
global->server = 1;
|
|
|
|
tlsv1_cred_free(global->server_cred);
|
|
|
|
global->server_cred = cred = tlsv1_cred_alloc();
|
|
|
|
if (cred == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
|
|
|
|
params->ca_cert_blob_len, params->ca_path)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
|
|
|
|
"certificates");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
|
|
|
|
params->client_cert_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to configure server "
|
|
|
|
"certificate");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_private_key(cred, params->private_key,
|
|
|
|
params->private_key_passwd,
|
|
|
|
params->private_key_blob,
|
|
|
|
params->private_key_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to load private key");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
|
|
|
|
params->dh_blob_len)) {
|
|
|
|
wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
#else /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_global_set_verify(void *tls_ctx, int check_crl)
|
|
|
|
{
|
|
|
|
struct tls_global *global = tls_ctx;
|
|
|
|
global->check_crl = check_crl;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
int verify_peer)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_set_verify(conn->server, verify_peer);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
struct tls_keys *keys)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_get_keys(conn->client, keys);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_get_keys(conn->server, keys);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
const char *label, int server_random_first,
|
|
|
|
u8 *out, size_t out_len)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client) {
|
|
|
|
return tlsv1_client_prf(conn->client, label,
|
|
|
|
server_random_first,
|
|
|
|
out, out_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server) {
|
|
|
|
return tlsv1_server_prf(conn->server, label,
|
|
|
|
server_random_first,
|
|
|
|
out, out_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data,
|
|
|
|
struct wpabuf **appl_data)
|
2011-11-13 09:47:04 +01:00
|
|
|
{
|
|
|
|
return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
|
|
|
|
NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct wpabuf * tls_connection_handshake2(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data,
|
|
|
|
struct wpabuf **appl_data,
|
|
|
|
int *need_more_data)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
2009-12-20 17:17:55 +01:00
|
|
|
u8 *res, *ad;
|
|
|
|
size_t res_len, ad_len;
|
|
|
|
struct wpabuf *out;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (conn->client == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
ad = NULL;
|
|
|
|
res = tlsv1_client_handshake(conn->client,
|
|
|
|
in_data ? wpabuf_head(in_data) : NULL,
|
|
|
|
in_data ? wpabuf_len(in_data) : 0,
|
2011-11-13 09:47:04 +01:00
|
|
|
&res_len, &ad, &ad_len, need_more_data);
|
2009-12-20 17:17:55 +01:00
|
|
|
if (res == NULL)
|
|
|
|
return NULL;
|
|
|
|
out = wpabuf_alloc_ext_data(res, res_len);
|
|
|
|
if (out == NULL) {
|
|
|
|
os_free(res);
|
|
|
|
os_free(ad);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (appl_data) {
|
|
|
|
if (ad) {
|
|
|
|
*appl_data = wpabuf_alloc_ext_data(ad, ad_len);
|
|
|
|
if (*appl_data == NULL)
|
|
|
|
os_free(ad);
|
|
|
|
} else
|
|
|
|
*appl_data = NULL;
|
|
|
|
} else
|
|
|
|
os_free(ad);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
return out;
|
2008-02-28 02:34:43 +01:00
|
|
|
#else /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
return NULL;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data,
|
|
|
|
struct wpabuf **appl_data)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
2009-12-20 17:17:55 +01:00
|
|
|
u8 *res;
|
|
|
|
size_t res_len;
|
|
|
|
struct wpabuf *out;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (conn->server == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
if (appl_data)
|
|
|
|
*appl_data = NULL;
|
|
|
|
|
|
|
|
res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
|
|
|
|
wpabuf_len(in_data), &res_len);
|
|
|
|
if (res == NULL && tlsv1_server_established(conn->server))
|
|
|
|
return wpabuf_alloc(0);
|
|
|
|
if (res == NULL)
|
|
|
|
return NULL;
|
|
|
|
out = wpabuf_alloc_ext_data(res, res_len);
|
|
|
|
if (out == NULL) {
|
|
|
|
os_free(res);
|
|
|
|
return NULL;
|
2008-08-24 12:08:15 +02:00
|
|
|
}
|
2009-12-20 17:17:55 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return out;
|
|
|
|
#else /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return NULL;
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf * tls_connection_encrypt(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client) {
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf *buf;
|
|
|
|
int res;
|
|
|
|
buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
|
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
|
|
|
|
wpabuf_len(in_data),
|
|
|
|
wpabuf_mhead(buf),
|
|
|
|
wpabuf_size(buf));
|
|
|
|
if (res < 0) {
|
|
|
|
wpabuf_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
wpabuf_put(buf, res);
|
|
|
|
return buf;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server) {
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf *buf;
|
|
|
|
int res;
|
|
|
|
buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
|
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
|
|
|
|
wpabuf_len(in_data),
|
|
|
|
wpabuf_mhead(buf),
|
|
|
|
wpabuf_size(buf));
|
|
|
|
if (res < 0) {
|
|
|
|
wpabuf_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
wpabuf_put(buf, res);
|
|
|
|
return buf;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
2009-12-20 17:17:55 +01:00
|
|
|
return NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf * tls_connection_decrypt(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2011-11-13 09:47:04 +01:00
|
|
|
return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
const struct wpabuf *in_data,
|
|
|
|
int *need_more_data)
|
|
|
|
{
|
|
|
|
if (need_more_data)
|
|
|
|
*need_more_data = 0;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client) {
|
2011-11-13 09:47:04 +01:00
|
|
|
return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
|
|
|
|
wpabuf_len(in_data),
|
|
|
|
need_more_data);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server) {
|
2009-12-20 17:17:55 +01:00
|
|
|
struct wpabuf *buf;
|
|
|
|
int res;
|
|
|
|
buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
|
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
|
|
|
|
wpabuf_len(in_data),
|
|
|
|
wpabuf_mhead(buf),
|
|
|
|
wpabuf_size(buf));
|
|
|
|
if (res < 0) {
|
|
|
|
wpabuf_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
wpabuf_put(buf, res);
|
|
|
|
return buf;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
2009-12-20 17:17:55 +01:00
|
|
|
return NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_resumed(conn->client);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_resumed(conn->server);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
u8 *ciphers)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_set_cipher_list(conn->client, ciphers);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_set_cipher_list(conn->server, ciphers);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
if (conn == NULL)
|
|
|
|
return -1;
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_get_cipher(conn->client, buf, buflen);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_get_cipher(conn->server, buf, buflen);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_enable_workaround(void *tls_ctx,
|
|
|
|
struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
|
|
|
|
int ext_type, const u8 *data,
|
|
|
|
size_t data_len)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client) {
|
|
|
|
return tlsv1_client_hello_ext(conn->client, ext_type,
|
|
|
|
data, data_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_get_write_alerts(void *tls_ctx,
|
|
|
|
struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_get_keyblock_size(void *tls_ctx,
|
|
|
|
struct tls_connection *conn)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client)
|
|
|
|
return tlsv1_client_get_keyblock_size(conn->client);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server)
|
|
|
|
return tlsv1_server_get_keyblock_size(conn->server);
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
unsigned int tls_capabilities(void *tls_ctx)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int tls_connection_set_session_ticket_cb(void *tls_ctx,
|
|
|
|
struct tls_connection *conn,
|
|
|
|
tls_session_ticket_cb cb,
|
|
|
|
void *ctx)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
|
|
|
if (conn->client) {
|
|
|
|
tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
|
|
|
|
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
|
|
|
if (conn->server) {
|
|
|
|
tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
|
|
|
return -1;
|
|
|
|
}
|