Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 98409be0d89a8016663687d026cf4393a9639eb7 / . / src / crypto / tls_internal.c
blob: 8b90d56526b24d0351b1adb3449a035bb2cd9628 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * TLS interface functions and an internal TLS implementation
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12#include "includes.h"
13
14#include "common.h"
15#include "tls.h"
16#include "tls/tlsv1_client.h"
17#include "tls/tlsv1_server.h"
18
19
20static int tls_ref_count = 0;
21
22struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]26
27 void (*event_cb)(void *ctx, enum tls_event ev,
28 union tls_event_data *data);
29 void *cb_ctx;
30 int cert_in_cb;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]31};
32
33struct tls_connection {
34 struct tlsv1_client *client;
35 struct tlsv1_server *server;
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]36 struct tls_global *global;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]37};
38
39
40void * tls_init(const struct tls_config *conf)
41{
42 struct tls_global *global;
43
44 if (tls_ref_count == 0) {
45#ifdef CONFIG_TLS_INTERNAL_CLIENT
46 if (tlsv1_client_global_init())
47 return NULL;
48#endif /* CONFIG_TLS_INTERNAL_CLIENT */
49#ifdef CONFIG_TLS_INTERNAL_SERVER
50 if (tlsv1_server_global_init())
51 return NULL;
52#endif /* CONFIG_TLS_INTERNAL_SERVER */
53 }
54 tls_ref_count++;
55
56 global = os_zalloc(sizeof(*global));
57 if (global == NULL)
58 return NULL;
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]59 if (conf) {
60 global->event_cb = conf->event_cb;
61 global->cb_ctx = conf->cb_ctx;
62 global->cert_in_cb = conf->cert_in_cb;
63 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]64
65 return global;
66}
67
68void tls_deinit(void *ssl_ctx)
69{
70 struct tls_global *global = ssl_ctx;
71 tls_ref_count--;
72 if (tls_ref_count == 0) {
73#ifdef CONFIG_TLS_INTERNAL_CLIENT
74 tlsv1_client_global_deinit();
75#endif /* CONFIG_TLS_INTERNAL_CLIENT */
76#ifdef CONFIG_TLS_INTERNAL_SERVER
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]77 tlsv1_server_global_deinit();
78#endif /* CONFIG_TLS_INTERNAL_SERVER */
79 }
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]80#ifdef CONFIG_TLS_INTERNAL_SERVER
81 tlsv1_cred_free(global->server_cred);
82#endif /* CONFIG_TLS_INTERNAL_SERVER */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]83 os_free(global);
84}
85
86
87int tls_get_errors(void *tls_ctx)
88{
89 return 0;
90}
91
92
93struct tls_connection * tls_connection_init(void *tls_ctx)
94{
95 struct tls_connection *conn;
96 struct tls_global *global = tls_ctx;
97
98 conn = os_zalloc(sizeof(*conn));
99 if (conn == NULL)
100 return NULL;
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]101 conn->global = global;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]102
103#ifdef CONFIG_TLS_INTERNAL_CLIENT
104 if (!global->server) {
105 conn->client = tlsv1_client_init();
106 if (conn->client == NULL) {
107 os_free(conn);
108 return NULL;
109 }
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]110 tlsv1_client_set_cb(conn->client, global->event_cb,
111 global->cb_ctx, global->cert_in_cb);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]112 }
113#endif /* CONFIG_TLS_INTERNAL_CLIENT */
114#ifdef CONFIG_TLS_INTERNAL_SERVER
115 if (global->server) {
116 conn->server = tlsv1_server_init(global->server_cred);
117 if (conn->server == NULL) {
118 os_free(conn);
119 return NULL;
120 }
121 }
122#endif /* CONFIG_TLS_INTERNAL_SERVER */
123
124 return conn;
125}
126
127
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]128#ifdef CONFIG_TESTING_OPTIONS
129#ifdef CONFIG_TLS_INTERNAL_SERVER
130void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
131{
132 if (conn->server)
133 tlsv1_server_set_test_flags(conn->server, flags);
134}
135#endif /* CONFIG_TLS_INTERNAL_SERVER */
136#endif /* CONFIG_TESTING_OPTIONS */
137
138
139void tls_connection_set_log_cb(struct tls_connection *conn,
140 void (*log_cb)(void *ctx, const char *msg),
141 void *ctx)
142{
143#ifdef CONFIG_TLS_INTERNAL_SERVER
144 if (conn->server)
145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
146#endif /* CONFIG_TLS_INTERNAL_SERVER */
147}
148
149
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]150void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
151{
152 if (conn == NULL)
153 return;
154#ifdef CONFIG_TLS_INTERNAL_CLIENT
155 if (conn->client)
156 tlsv1_client_deinit(conn->client);
157#endif /* CONFIG_TLS_INTERNAL_CLIENT */
158#ifdef CONFIG_TLS_INTERNAL_SERVER
159 if (conn->server)
160 tlsv1_server_deinit(conn->server);
161#endif /* CONFIG_TLS_INTERNAL_SERVER */
162 os_free(conn);
163}
164
165
166int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
167{
168#ifdef CONFIG_TLS_INTERNAL_CLIENT
169 if (conn->client)
170 return tlsv1_client_established(conn->client);
171#endif /* CONFIG_TLS_INTERNAL_CLIENT */
172#ifdef CONFIG_TLS_INTERNAL_SERVER
173 if (conn->server)
174 return tlsv1_server_established(conn->server);
175#endif /* CONFIG_TLS_INTERNAL_SERVER */
176 return 0;
177}
178
179
180int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
181{
182#ifdef CONFIG_TLS_INTERNAL_CLIENT
183 if (conn->client)
184 return tlsv1_client_shutdown(conn->client);
185#endif /* CONFIG_TLS_INTERNAL_CLIENT */
186#ifdef CONFIG_TLS_INTERNAL_SERVER
187 if (conn->server)
188 return tlsv1_server_shutdown(conn->server);
189#endif /* CONFIG_TLS_INTERNAL_SERVER */
190 return -1;
191}
192
193
194int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
195 const struct tls_connection_params *params)
196{
197#ifdef CONFIG_TLS_INTERNAL_CLIENT
198 struct tlsv1_credentials *cred;
199
200 if (conn->client == NULL)
201 return -1;
202
Dmitry Shmidt1b467752015-12-14 12:45:46 -0800[diff] [blame]203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
204 wpa_printf(MSG_INFO,
205 "TLS: tls_ext_cert_check=1 not supported");
206 return -1;
207 }
208
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]209 cred = tlsv1_cred_alloc();
210 if (cred == NULL)
211 return -1;
212
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]213 if (params->subject_match) {
214 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]215 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]216 return -1;
217 }
218
219 if (params->altsubject_match) {
220 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]221 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]222 return -1;
223 }
224
225 if (params->suffix_match) {
226 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]227 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]228 return -1;
229 }
230
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]231 if (params->domain_match) {
232 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]233 tlsv1_cred_free(cred);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]234 return -1;
235 }
236
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]237 if (params->openssl_ciphers) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]238 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
239 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]240 return -1;
241 }
242
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]243 if (tlsv1_set_ca_cert(cred, params->ca_cert,
244 params->ca_cert_blob, params->ca_cert_blob_len,
245 params->ca_path)) {
246 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
247 "certificates");
248 tlsv1_cred_free(cred);
249 return -1;
250 }
251
252 if (tlsv1_set_cert(cred, params->client_cert,
253 params->client_cert_blob,
254 params->client_cert_blob_len)) {
255 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
256 "certificate");
257 tlsv1_cred_free(cred);
258 return -1;
259 }
260
261 if (tlsv1_set_private_key(cred, params->private_key,
262 params->private_key_passwd,
263 params->private_key_blob,
264 params->private_key_blob_len)) {
265 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
266 tlsv1_cred_free(cred);
267 return -1;
268 }
269
270 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
271 params->dh_blob_len)) {
272 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
273 tlsv1_cred_free(cred);
274 return -1;
275 }
276
277 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
278 tlsv1_cred_free(cred);
279 return -1;
280 }
281
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]282 tlsv1_client_set_flags(conn->client, params->flags);
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]283
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]284 return 0;
285#else /* CONFIG_TLS_INTERNAL_CLIENT */
286 return -1;
287#endif /* CONFIG_TLS_INTERNAL_CLIENT */
288}
289
290
291int tls_global_set_params(void *tls_ctx,
292 const struct tls_connection_params *params)
293{
294#ifdef CONFIG_TLS_INTERNAL_SERVER
295 struct tls_global *global = tls_ctx;
296 struct tlsv1_credentials *cred;
297
298 /* Currently, global parameters are only set when running in server
299 * mode. */
300 global->server = 1;
301 tlsv1_cred_free(global->server_cred);
302 global->server_cred = cred = tlsv1_cred_alloc();
303 if (cred == NULL)
304 return -1;
305
306 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
307 params->ca_cert_blob_len, params->ca_path)) {
308 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
309 "certificates");
310 return -1;
311 }
312
313 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
314 params->client_cert_blob_len)) {
315 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
316 "certificate");
317 return -1;
318 }
319
320 if (tlsv1_set_private_key(cred, params->private_key,
321 params->private_key_passwd,
322 params->private_key_blob,
323 params->private_key_blob_len)) {
324 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
325 return -1;
326 }
327
328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
329 params->dh_blob_len)) {
330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
331 return -1;
332 }
333
334 return 0;
335#else /* CONFIG_TLS_INTERNAL_SERVER */
336 return -1;
337#endif /* CONFIG_TLS_INTERNAL_SERVER */
338}
339
340
341int tls_global_set_verify(void *tls_ctx, int check_crl)
342{
343 struct tls_global *global = tls_ctx;
344 global->check_crl = check_crl;
345 return 0;
346}
347
348
349int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]350 int verify_peer, unsigned int flags,
351 const u8 *session_ctx, size_t session_ctx_len)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]352{
353#ifdef CONFIG_TLS_INTERNAL_SERVER
354 if (conn->server)
355 return tlsv1_server_set_verify(conn->server, verify_peer);
356#endif /* CONFIG_TLS_INTERNAL_SERVER */
357 return -1;
358}
359
360
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]361int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
362 struct tls_random *data)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]363{
364#ifdef CONFIG_TLS_INTERNAL_CLIENT
365 if (conn->client)
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]366 return tlsv1_client_get_random(conn->client, data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]367#endif /* CONFIG_TLS_INTERNAL_CLIENT */
368#ifdef CONFIG_TLS_INTERNAL_SERVER
369 if (conn->server)
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]370 return tlsv1_server_get_random(conn->server, data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]371#endif /* CONFIG_TLS_INTERNAL_SERVER */
372 return -1;
373}
374
375
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]376static int tls_get_keyblock_size(struct tls_connection *conn)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]377{
378#ifdef CONFIG_TLS_INTERNAL_CLIENT
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]379 if (conn->client)
380 return tlsv1_client_get_keyblock_size(conn->client);
381#endif /* CONFIG_TLS_INTERNAL_CLIENT */
382#ifdef CONFIG_TLS_INTERNAL_SERVER
383 if (conn->server)
384 return tlsv1_server_get_keyblock_size(conn->server);
385#endif /* CONFIG_TLS_INTERNAL_SERVER */
386 return -1;
387}
388
389
390int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
391 const char *label, int server_random_first,
392 int skip_keyblock, u8 *out, size_t out_len)
393{
394 int ret = -1, skip = 0;
395 u8 *tmp_out = NULL;
396 u8 *_out = out;
397
398 if (skip_keyblock) {
399 skip = tls_get_keyblock_size(conn);
400 if (skip < 0)
401 return -1;
402 tmp_out = os_malloc(skip + out_len);
403 if (!tmp_out)
404 return -1;
405 _out = tmp_out;
406 }
407
408#ifdef CONFIG_TLS_INTERNAL_CLIENT
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]409 if (conn->client) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]410 ret = tlsv1_client_prf(conn->client, label,
411 server_random_first,
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]412 _out, skip + out_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]413 }
414#endif /* CONFIG_TLS_INTERNAL_CLIENT */
415#ifdef CONFIG_TLS_INTERNAL_SERVER
416 if (conn->server) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]417 ret = tlsv1_server_prf(conn->server, label,
418 server_random_first,
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]419 _out, skip + out_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]420 }
421#endif /* CONFIG_TLS_INTERNAL_SERVER */
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]422 if (ret == 0 && skip_keyblock)
423 os_memcpy(out, _out + skip, out_len);
424 bin_clear_free(tmp_out, skip);
425
426 return ret;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]427}
428
429
430struct wpabuf * tls_connection_handshake(void *tls_ctx,
431 struct tls_connection *conn,
432 const struct wpabuf *in_data,
433 struct wpabuf **appl_data)
434{
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]435 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
436 NULL);
437}
438
439
440struct wpabuf * tls_connection_handshake2(void *tls_ctx,
441 struct tls_connection *conn,
442 const struct wpabuf *in_data,
443 struct wpabuf **appl_data,
444 int *need_more_data)
445{
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]446#ifdef CONFIG_TLS_INTERNAL_CLIENT
447 u8 *res, *ad;
448 size_t res_len, ad_len;
449 struct wpabuf *out;
450
451 if (conn->client == NULL)
452 return NULL;
453
454 ad = NULL;
455 res = tlsv1_client_handshake(conn->client,
456 in_data ? wpabuf_head(in_data) : NULL,
457 in_data ? wpabuf_len(in_data) : 0,
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]458 &res_len, &ad, &ad_len, need_more_data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]459 if (res == NULL)
460 return NULL;
461 out = wpabuf_alloc_ext_data(res, res_len);
462 if (out == NULL) {
463 os_free(res);
464 os_free(ad);
465 return NULL;
466 }
467 if (appl_data) {
468 if (ad) {
469 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
470 if (*appl_data == NULL)
471 os_free(ad);
472 } else
473 *appl_data = NULL;
474 } else
475 os_free(ad);
476
477 return out;
478#else /* CONFIG_TLS_INTERNAL_CLIENT */
479 return NULL;
480#endif /* CONFIG_TLS_INTERNAL_CLIENT */
481}
482
483
484struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
485 struct tls_connection *conn,
486 const struct wpabuf *in_data,
487 struct wpabuf **appl_data)
488{
489#ifdef CONFIG_TLS_INTERNAL_SERVER
490 u8 *res;
491 size_t res_len;
492 struct wpabuf *out;
493
494 if (conn->server == NULL)
495 return NULL;
496
497 if (appl_data)
498 *appl_data = NULL;
499
500 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
501 wpabuf_len(in_data), &res_len);
502 if (res == NULL && tlsv1_server_established(conn->server))
503 return wpabuf_alloc(0);
504 if (res == NULL)
505 return NULL;
506 out = wpabuf_alloc_ext_data(res, res_len);
507 if (out == NULL) {
508 os_free(res);
509 return NULL;
510 }
511
512 return out;
513#else /* CONFIG_TLS_INTERNAL_SERVER */
514 return NULL;
515#endif /* CONFIG_TLS_INTERNAL_SERVER */
516}
517
518
519struct wpabuf * tls_connection_encrypt(void *tls_ctx,
520 struct tls_connection *conn,
521 const struct wpabuf *in_data)
522{
523#ifdef CONFIG_TLS_INTERNAL_CLIENT
524 if (conn->client) {
525 struct wpabuf *buf;
526 int res;
527 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
528 if (buf == NULL)
529 return NULL;
530 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
531 wpabuf_len(in_data),
532 wpabuf_mhead(buf),
533 wpabuf_size(buf));
534 if (res < 0) {
535 wpabuf_free(buf);
536 return NULL;
537 }
538 wpabuf_put(buf, res);
539 return buf;
540 }
541#endif /* CONFIG_TLS_INTERNAL_CLIENT */
542#ifdef CONFIG_TLS_INTERNAL_SERVER
543 if (conn->server) {
544 struct wpabuf *buf;
545 int res;
546 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
547 if (buf == NULL)
548 return NULL;
549 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
550 wpabuf_len(in_data),
551 wpabuf_mhead(buf),
552 wpabuf_size(buf));
553 if (res < 0) {
554 wpabuf_free(buf);
555 return NULL;
556 }
557 wpabuf_put(buf, res);
558 return buf;
559 }
560#endif /* CONFIG_TLS_INTERNAL_SERVER */
561 return NULL;
562}
563
564
565struct wpabuf * tls_connection_decrypt(void *tls_ctx,
566 struct tls_connection *conn,
567 const struct wpabuf *in_data)
568{
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]569 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
570}
571
572
573struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
574 struct tls_connection *conn,
575 const struct wpabuf *in_data,
576 int *need_more_data)
577{
578 if (need_more_data)
579 *need_more_data = 0;
580
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]581#ifdef CONFIG_TLS_INTERNAL_CLIENT
582 if (conn->client) {
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]583 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
584 wpabuf_len(in_data),
585 need_more_data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]586 }
587#endif /* CONFIG_TLS_INTERNAL_CLIENT */
588#ifdef CONFIG_TLS_INTERNAL_SERVER
589 if (conn->server) {
590 struct wpabuf *buf;
591 int res;
592 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
593 if (buf == NULL)
594 return NULL;
595 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
596 wpabuf_len(in_data),
597 wpabuf_mhead(buf),
598 wpabuf_size(buf));
599 if (res < 0) {
600 wpabuf_free(buf);
601 return NULL;
602 }
603 wpabuf_put(buf, res);
604 return buf;
605 }
606#endif /* CONFIG_TLS_INTERNAL_SERVER */
607 return NULL;
608}
609
610
611int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
612{
613#ifdef CONFIG_TLS_INTERNAL_CLIENT
614 if (conn->client)
615 return tlsv1_client_resumed(conn->client);
616#endif /* CONFIG_TLS_INTERNAL_CLIENT */
617#ifdef CONFIG_TLS_INTERNAL_SERVER
618 if (conn->server)
619 return tlsv1_server_resumed(conn->server);
620#endif /* CONFIG_TLS_INTERNAL_SERVER */
621 return -1;
622}
623
624
625int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
626 u8 *ciphers)
627{
628#ifdef CONFIG_TLS_INTERNAL_CLIENT
629 if (conn->client)
630 return tlsv1_client_set_cipher_list(conn->client, ciphers);
631#endif /* CONFIG_TLS_INTERNAL_CLIENT */
632#ifdef CONFIG_TLS_INTERNAL_SERVER
633 if (conn->server)
634 return tlsv1_server_set_cipher_list(conn->server, ciphers);
635#endif /* CONFIG_TLS_INTERNAL_SERVER */
636 return -1;
637}
638
639
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]640int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
641 char *buf, size_t buflen)
642{
Dmitry Shmidtd7ff03d2015-12-04 14:49:35 -0800[diff] [blame]643 if (conn == NULL)
644 return -1;
645#ifdef CONFIG_TLS_INTERNAL_CLIENT
646 if (conn->client)
647 return tlsv1_client_get_version(conn->client, buf, buflen);
648#endif /* CONFIG_TLS_INTERNAL_CLIENT */
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]649 return -1;
650}
651
652
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]653int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
654 char *buf, size_t buflen)
655{
656 if (conn == NULL)
657 return -1;
658#ifdef CONFIG_TLS_INTERNAL_CLIENT
659 if (conn->client)
660 return tlsv1_client_get_cipher(conn->client, buf, buflen);
661#endif /* CONFIG_TLS_INTERNAL_CLIENT */
662#ifdef CONFIG_TLS_INTERNAL_SERVER
663 if (conn->server)
664 return tlsv1_server_get_cipher(conn->server, buf, buflen);
665#endif /* CONFIG_TLS_INTERNAL_SERVER */
666 return -1;
667}
668
669
670int tls_connection_enable_workaround(void *tls_ctx,
671 struct tls_connection *conn)
672{
673 return -1;
674}
675
676
677int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
678 int ext_type, const u8 *data,
679 size_t data_len)
680{
681#ifdef CONFIG_TLS_INTERNAL_CLIENT
682 if (conn->client) {
683 return tlsv1_client_hello_ext(conn->client, ext_type,
684 data, data_len);
685 }
686#endif /* CONFIG_TLS_INTERNAL_CLIENT */
687 return -1;
688}
689
690
691int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
692{
693 return 0;
694}
695
696
697int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
698{
699 return 0;
700}
701
702
703int tls_connection_get_write_alerts(void *tls_ctx,
704 struct tls_connection *conn)
705{
706 return 0;
707}
708
709
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]710int tls_connection_set_session_ticket_cb(void *tls_ctx,
711 struct tls_connection *conn,
712 tls_session_ticket_cb cb,
713 void *ctx)
714{
715#ifdef CONFIG_TLS_INTERNAL_CLIENT
716 if (conn->client) {
717 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
718 return 0;
719 }
720#endif /* CONFIG_TLS_INTERNAL_CLIENT */
721#ifdef CONFIG_TLS_INTERNAL_SERVER
722 if (conn->server) {
723 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
724 return 0;
725 }
726#endif /* CONFIG_TLS_INTERNAL_SERVER */
727 return -1;
728}
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]729
730
731int tls_get_library_version(char *buf, size_t buf_len)
732{
733 return os_snprintf(buf, buf_len, "internal");
734}
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]735
736
737void tls_connection_set_success_data(struct tls_connection *conn,
738 struct wpabuf *data)
739{
740}
741
742
743void tls_connection_set_success_data_resumed(struct tls_connection *conn)
744{
745}
746
747
748const struct wpabuf *
749tls_connection_get_success_data(struct tls_connection *conn)
750{
751 return NULL;
752}
753
754
755void tls_connection_remove_session(struct tls_connection *conn)
756{
757}