1 /* 2 * WPA Supplicant / TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2006, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file interface functions for hostapd/wpa_supplicant to use the 15 * integrated TLSv1 implementation. 16 */ 17 18 #include "includes.h" 19 20 #include "common.h" 21 #include "tls.h" 22 #include "tlsv1_client.h" 23 24 25 static int tls_ref_count = 0; 26 27 struct tls_global { 28 int dummy; 29 }; 30 31 struct tls_connection { 32 struct tlsv1_client *client; 33 }; 34 35 36 void * tls_init(const struct tls_config *conf) 37 { 38 struct tls_global *global; 39 40 if (tls_ref_count == 0) { 41 if (tlsv1_client_global_init()) 42 return NULL; 43 } 44 tls_ref_count++; 45 46 global = os_zalloc(sizeof(*global)); 47 if (global == NULL) 48 return NULL; 49 50 return global; 51 } 52 53 void tls_deinit(void *ssl_ctx) 54 { 55 struct tls_global *global = ssl_ctx; 56 tls_ref_count--; 57 if (tls_ref_count == 0) { 58 tlsv1_client_global_deinit(); 59 } 60 os_free(global); 61 } 62 63 64 int tls_get_errors(void *tls_ctx) 65 { 66 return 0; 67 } 68 69 70 struct tls_connection * tls_connection_init(void *tls_ctx) 71 { 72 struct tls_connection *conn; 73 74 conn = os_zalloc(sizeof(*conn)); 75 if (conn == NULL) 76 return NULL; 77 78 conn->client = tlsv1_client_init(); 79 if (conn->client == NULL) { 80 os_free(conn); 81 return NULL; 82 } 83 84 return conn; 85 } 86 87 88 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 89 { 90 if (conn == NULL) 91 return; 92 tlsv1_client_deinit(conn->client); 93 os_free(conn); 94 } 95 96 97 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 98 { 99 return tlsv1_client_established(conn->client); 100 } 101 102 103 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 104 { 105 return tlsv1_client_shutdown(conn->client); 106 } 107 108 109 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 110 const struct tls_connection_params *params) 111 { 112 if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert, 113 params->ca_cert_blob, 114 params->ca_cert_blob_len, 115 params->ca_path)) { 116 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 117 "certificates"); 118 return -1; 119 } 120 121 if (tlsv1_client_set_client_cert(conn->client, params->client_cert, 122 params->client_cert_blob, 123 params->client_cert_blob_len)) { 124 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 125 "certificate"); 126 return -1; 127 } 128 129 if (tlsv1_client_set_private_key(conn->client, 130 params->private_key, 131 params->private_key_passwd, 132 params->private_key_blob, 133 params->private_key_blob_len)) { 134 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 135 return -1; 136 } 137 138 return 0; 139 } 140 141 142 int tls_global_set_params(void *tls_ctx, 143 const struct tls_connection_params *params) 144 { 145 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 146 return -1; 147 } 148 149 150 int tls_global_set_verify(void *tls_ctx, int check_crl) 151 { 152 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 153 return -1; 154 } 155 156 157 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 158 int verify_peer) 159 { 160 return -1; 161 } 162 163 164 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 165 int tls_ia) 166 { 167 return -1; 168 } 169 170 171 int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn, 172 struct tls_keys *keys) 173 { 174 return tlsv1_client_get_keys(conn->client, keys); 175 } 176 177 178 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 179 const char *label, int server_random_first, 180 u8 *out, size_t out_len) 181 { 182 return tlsv1_client_prf(conn->client, label, server_random_first, 183 out, out_len); 184 } 185 186 187 u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn, 188 const u8 *in_data, size_t in_len, 189 size_t *out_len, u8 **appl_data, 190 size_t *appl_data_len) 191 { 192 if (appl_data) 193 *appl_data = NULL; 194 195 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)", 196 __func__, in_data, (unsigned long) in_len); 197 return tlsv1_client_handshake(conn->client, in_data, in_len, out_len); 198 } 199 200 201 u8 * tls_connection_server_handshake(void *tls_ctx, 202 struct tls_connection *conn, 203 const u8 *in_data, size_t in_len, 204 size_t *out_len) 205 { 206 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__); 207 return NULL; 208 } 209 210 211 int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn, 212 const u8 *in_data, size_t in_len, 213 u8 *out_data, size_t out_len) 214 { 215 return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data, 216 out_len); 217 } 218 219 220 int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn, 221 const u8 *in_data, size_t in_len, 222 u8 *out_data, size_t out_len) 223 { 224 return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data, 225 out_len); 226 } 227 228 229 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 230 { 231 return tlsv1_client_resumed(conn->client); 232 } 233 234 235 int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn, 236 const u8 *key, size_t key_len) 237 { 238 return tlsv1_client_set_master_key(conn->client, key, key_len); 239 } 240 241 242 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 243 u8 *ciphers) 244 { 245 return tlsv1_client_set_cipher_list(conn->client, ciphers); 246 } 247 248 249 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 250 char *buf, size_t buflen) 251 { 252 if (conn == NULL) 253 return -1; 254 return tlsv1_client_get_cipher(conn->client, buf, buflen); 255 } 256 257 258 int tls_connection_enable_workaround(void *tls_ctx, 259 struct tls_connection *conn) 260 { 261 return -1; 262 } 263 264 265 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 266 int ext_type, const u8 *data, 267 size_t data_len) 268 { 269 return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len); 270 } 271 272 273 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 274 { 275 return 0; 276 } 277 278 279 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 280 { 281 return 0; 282 } 283 284 285 int tls_connection_get_write_alerts(void *tls_ctx, 286 struct tls_connection *conn) 287 { 288 return 0; 289 } 290 291 292 int tls_connection_get_keyblock_size(void *tls_ctx, 293 struct tls_connection *conn) 294 { 295 return tlsv1_client_get_keyblock_size(conn->client); 296 } 297 298 299 unsigned int tls_capabilities(void *tls_ctx) 300 { 301 return 0; 302 } 303 304 305 int tls_connection_ia_send_phase_finished(void *tls_ctx, 306 struct tls_connection *conn, 307 int final, 308 u8 *out_data, size_t out_len) 309 { 310 return -1; 311 } 312 313 314 int tls_connection_ia_final_phase_finished(void *tls_ctx, 315 struct tls_connection *conn) 316 { 317 return -1; 318 } 319 320 321 int tls_connection_ia_permute_inner_secret(void *tls_ctx, 322 struct tls_connection *conn, 323 const u8 *key, size_t key_len) 324 { 325 return -1; 326 } 327