Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / d80a401aed31d06f261efd19223cf55d1a2a8228 / . / src / crypto / tls_internal.c
blob: 1b82245e043a812f24e535fde5e0d31ac628ba9d [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * TLS interface functions and an internal TLS implementation
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12#include "includes.h"
13
14#include "common.h"
15#include "tls.h"
16#include "tls/tlsv1_client.h"
17#include "tls/tlsv1_server.h"
18
19
20static int tls_ref_count = 0;
21
22struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
26};
27
28struct tls_connection {
29 struct tlsv1_client *client;
30 struct tlsv1_server *server;
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]31 struct tls_global *global;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]32};
33
34
35void * tls_init(const struct tls_config *conf)
36{
37 struct tls_global *global;
38
39 if (tls_ref_count == 0) {
40#ifdef CONFIG_TLS_INTERNAL_CLIENT
41 if (tlsv1_client_global_init())
42 return NULL;
43#endif /* CONFIG_TLS_INTERNAL_CLIENT */
44#ifdef CONFIG_TLS_INTERNAL_SERVER
45 if (tlsv1_server_global_init())
46 return NULL;
47#endif /* CONFIG_TLS_INTERNAL_SERVER */
48 }
49 tls_ref_count++;
50
51 global = os_zalloc(sizeof(*global));
52 if (global == NULL)
53 return NULL;
54
55 return global;
56}
57
58void tls_deinit(void *ssl_ctx)
59{
60 struct tls_global *global = ssl_ctx;
61 tls_ref_count--;
62 if (tls_ref_count == 0) {
63#ifdef CONFIG_TLS_INTERNAL_CLIENT
64 tlsv1_client_global_deinit();
65#endif /* CONFIG_TLS_INTERNAL_CLIENT */
66#ifdef CONFIG_TLS_INTERNAL_SERVER
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]67 tlsv1_server_global_deinit();
68#endif /* CONFIG_TLS_INTERNAL_SERVER */
69 }
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]70#ifdef CONFIG_TLS_INTERNAL_SERVER
71 tlsv1_cred_free(global->server_cred);
72#endif /* CONFIG_TLS_INTERNAL_SERVER */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]73 os_free(global);
74}
75
76
77int tls_get_errors(void *tls_ctx)
78{
79 return 0;
80}
81
82
83struct tls_connection * tls_connection_init(void *tls_ctx)
84{
85 struct tls_connection *conn;
86 struct tls_global *global = tls_ctx;
87
88 conn = os_zalloc(sizeof(*conn));
89 if (conn == NULL)
90 return NULL;
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]91 conn->global = global;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]92
93#ifdef CONFIG_TLS_INTERNAL_CLIENT
94 if (!global->server) {
95 conn->client = tlsv1_client_init();
96 if (conn->client == NULL) {
97 os_free(conn);
98 return NULL;
99 }
100 }
101#endif /* CONFIG_TLS_INTERNAL_CLIENT */
102#ifdef CONFIG_TLS_INTERNAL_SERVER
103 if (global->server) {
104 conn->server = tlsv1_server_init(global->server_cred);
105 if (conn->server == NULL) {
106 os_free(conn);
107 return NULL;
108 }
109 }
110#endif /* CONFIG_TLS_INTERNAL_SERVER */
111
112 return conn;
113}
114
115
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]116#ifdef CONFIG_TESTING_OPTIONS
117#ifdef CONFIG_TLS_INTERNAL_SERVER
118void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
119{
120 if (conn->server)
121 tlsv1_server_set_test_flags(conn->server, flags);
122}
123#endif /* CONFIG_TLS_INTERNAL_SERVER */
124#endif /* CONFIG_TESTING_OPTIONS */
125
126
127void tls_connection_set_log_cb(struct tls_connection *conn,
128 void (*log_cb)(void *ctx, const char *msg),
129 void *ctx)
130{
131#ifdef CONFIG_TLS_INTERNAL_SERVER
132 if (conn->server)
133 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
134#endif /* CONFIG_TLS_INTERNAL_SERVER */
135}
136
137
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]138void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
139{
140 if (conn == NULL)
141 return;
142#ifdef CONFIG_TLS_INTERNAL_CLIENT
143 if (conn->client)
144 tlsv1_client_deinit(conn->client);
145#endif /* CONFIG_TLS_INTERNAL_CLIENT */
146#ifdef CONFIG_TLS_INTERNAL_SERVER
147 if (conn->server)
148 tlsv1_server_deinit(conn->server);
149#endif /* CONFIG_TLS_INTERNAL_SERVER */
150 os_free(conn);
151}
152
153
154int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
155{
156#ifdef CONFIG_TLS_INTERNAL_CLIENT
157 if (conn->client)
158 return tlsv1_client_established(conn->client);
159#endif /* CONFIG_TLS_INTERNAL_CLIENT */
160#ifdef CONFIG_TLS_INTERNAL_SERVER
161 if (conn->server)
162 return tlsv1_server_established(conn->server);
163#endif /* CONFIG_TLS_INTERNAL_SERVER */
164 return 0;
165}
166
167
168int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
169{
170#ifdef CONFIG_TLS_INTERNAL_CLIENT
171 if (conn->client)
172 return tlsv1_client_shutdown(conn->client);
173#endif /* CONFIG_TLS_INTERNAL_CLIENT */
174#ifdef CONFIG_TLS_INTERNAL_SERVER
175 if (conn->server)
176 return tlsv1_server_shutdown(conn->server);
177#endif /* CONFIG_TLS_INTERNAL_SERVER */
178 return -1;
179}
180
181
182int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
183 const struct tls_connection_params *params)
184{
185#ifdef CONFIG_TLS_INTERNAL_CLIENT
186 struct tlsv1_credentials *cred;
187
188 if (conn->client == NULL)
189 return -1;
190
191 cred = tlsv1_cred_alloc();
192 if (cred == NULL)
193 return -1;
194
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]195 if (params->subject_match) {
196 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]197 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]198 return -1;
199 }
200
201 if (params->altsubject_match) {
202 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]203 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]204 return -1;
205 }
206
207 if (params->suffix_match) {
208 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]209 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]210 return -1;
211 }
212
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]213 if (params->domain_match) {
214 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]215 tlsv1_cred_free(cred);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]216 return -1;
217 }
218
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]219 if (params->openssl_ciphers) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]220 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
221 tlsv1_cred_free(cred);
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]222 return -1;
223 }
224
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]225 if (tlsv1_set_ca_cert(cred, params->ca_cert,
226 params->ca_cert_blob, params->ca_cert_blob_len,
227 params->ca_path)) {
228 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
229 "certificates");
230 tlsv1_cred_free(cred);
231 return -1;
232 }
233
234 if (tlsv1_set_cert(cred, params->client_cert,
235 params->client_cert_blob,
236 params->client_cert_blob_len)) {
237 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
238 "certificate");
239 tlsv1_cred_free(cred);
240 return -1;
241 }
242
243 if (tlsv1_set_private_key(cred, params->private_key,
244 params->private_key_passwd,
245 params->private_key_blob,
246 params->private_key_blob_len)) {
247 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
248 tlsv1_cred_free(cred);
249 return -1;
250 }
251
252 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
253 params->dh_blob_len)) {
254 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
255 tlsv1_cred_free(cred);
256 return -1;
257 }
258
259 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
260 tlsv1_cred_free(cred);
261 return -1;
262 }
263
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]264 tlsv1_client_set_time_checks(
265 conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
266
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]267 return 0;
268#else /* CONFIG_TLS_INTERNAL_CLIENT */
269 return -1;
270#endif /* CONFIG_TLS_INTERNAL_CLIENT */
271}
272
273
274int tls_global_set_params(void *tls_ctx,
275 const struct tls_connection_params *params)
276{
277#ifdef CONFIG_TLS_INTERNAL_SERVER
278 struct tls_global *global = tls_ctx;
279 struct tlsv1_credentials *cred;
280
281 /* Currently, global parameters are only set when running in server
282 * mode. */
283 global->server = 1;
284 tlsv1_cred_free(global->server_cred);
285 global->server_cred = cred = tlsv1_cred_alloc();
286 if (cred == NULL)
287 return -1;
288
289 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
290 params->ca_cert_blob_len, params->ca_path)) {
291 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
292 "certificates");
293 return -1;
294 }
295
296 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
297 params->client_cert_blob_len)) {
298 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
299 "certificate");
300 return -1;
301 }
302
303 if (tlsv1_set_private_key(cred, params->private_key,
304 params->private_key_passwd,
305 params->private_key_blob,
306 params->private_key_blob_len)) {
307 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
308 return -1;
309 }
310
311 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
312 params->dh_blob_len)) {
313 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
314 return -1;
315 }
316
317 return 0;
318#else /* CONFIG_TLS_INTERNAL_SERVER */
319 return -1;
320#endif /* CONFIG_TLS_INTERNAL_SERVER */
321}
322
323
324int tls_global_set_verify(void *tls_ctx, int check_crl)
325{
326 struct tls_global *global = tls_ctx;
327 global->check_crl = check_crl;
328 return 0;
329}
330
331
332int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]333 int verify_peer, unsigned int flags,
334 const u8 *session_ctx, size_t session_ctx_len)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]335{
336#ifdef CONFIG_TLS_INTERNAL_SERVER
337 if (conn->server)
338 return tlsv1_server_set_verify(conn->server, verify_peer);
339#endif /* CONFIG_TLS_INTERNAL_SERVER */
340 return -1;
341}
342
343
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]344int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
345 struct tls_random *data)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]346{
347#ifdef CONFIG_TLS_INTERNAL_CLIENT
348 if (conn->client)
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]349 return tlsv1_client_get_random(conn->client, data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]350#endif /* CONFIG_TLS_INTERNAL_CLIENT */
351#ifdef CONFIG_TLS_INTERNAL_SERVER
352 if (conn->server)
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]353 return tlsv1_server_get_random(conn->server, data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]354#endif /* CONFIG_TLS_INTERNAL_SERVER */
355 return -1;
356}
357
358
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]359static int tls_get_keyblock_size(struct tls_connection *conn)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]360{
361#ifdef CONFIG_TLS_INTERNAL_CLIENT
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]362 if (conn->client)
363 return tlsv1_client_get_keyblock_size(conn->client);
364#endif /* CONFIG_TLS_INTERNAL_CLIENT */
365#ifdef CONFIG_TLS_INTERNAL_SERVER
366 if (conn->server)
367 return tlsv1_server_get_keyblock_size(conn->server);
368#endif /* CONFIG_TLS_INTERNAL_SERVER */
369 return -1;
370}
371
372
373int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
374 const char *label, int server_random_first,
375 int skip_keyblock, u8 *out, size_t out_len)
376{
377 int ret = -1, skip = 0;
378 u8 *tmp_out = NULL;
379 u8 *_out = out;
380
381 if (skip_keyblock) {
382 skip = tls_get_keyblock_size(conn);
383 if (skip < 0)
384 return -1;
385 tmp_out = os_malloc(skip + out_len);
386 if (!tmp_out)
387 return -1;
388 _out = tmp_out;
389 }
390
391#ifdef CONFIG_TLS_INTERNAL_CLIENT
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]392 if (conn->client) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]393 ret = tlsv1_client_prf(conn->client, label,
394 server_random_first,
395 _out, out_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]396 }
397#endif /* CONFIG_TLS_INTERNAL_CLIENT */
398#ifdef CONFIG_TLS_INTERNAL_SERVER
399 if (conn->server) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]400 ret = tlsv1_server_prf(conn->server, label,
401 server_random_first,
402 _out, out_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]403 }
404#endif /* CONFIG_TLS_INTERNAL_SERVER */
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]405 if (ret == 0 && skip_keyblock)
406 os_memcpy(out, _out + skip, out_len);
407 bin_clear_free(tmp_out, skip);
408
409 return ret;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]410}
411
412
413struct wpabuf * tls_connection_handshake(void *tls_ctx,
414 struct tls_connection *conn,
415 const struct wpabuf *in_data,
416 struct wpabuf **appl_data)
417{
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]418 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
419 NULL);
420}
421
422
423struct wpabuf * tls_connection_handshake2(void *tls_ctx,
424 struct tls_connection *conn,
425 const struct wpabuf *in_data,
426 struct wpabuf **appl_data,
427 int *need_more_data)
428{
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]429#ifdef CONFIG_TLS_INTERNAL_CLIENT
430 u8 *res, *ad;
431 size_t res_len, ad_len;
432 struct wpabuf *out;
433
434 if (conn->client == NULL)
435 return NULL;
436
437 ad = NULL;
438 res = tlsv1_client_handshake(conn->client,
439 in_data ? wpabuf_head(in_data) : NULL,
440 in_data ? wpabuf_len(in_data) : 0,
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]441 &res_len, &ad, &ad_len, need_more_data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]442 if (res == NULL)
443 return NULL;
444 out = wpabuf_alloc_ext_data(res, res_len);
445 if (out == NULL) {
446 os_free(res);
447 os_free(ad);
448 return NULL;
449 }
450 if (appl_data) {
451 if (ad) {
452 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
453 if (*appl_data == NULL)
454 os_free(ad);
455 } else
456 *appl_data = NULL;
457 } else
458 os_free(ad);
459
460 return out;
461#else /* CONFIG_TLS_INTERNAL_CLIENT */
462 return NULL;
463#endif /* CONFIG_TLS_INTERNAL_CLIENT */
464}
465
466
467struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
468 struct tls_connection *conn,
469 const struct wpabuf *in_data,
470 struct wpabuf **appl_data)
471{
472#ifdef CONFIG_TLS_INTERNAL_SERVER
473 u8 *res;
474 size_t res_len;
475 struct wpabuf *out;
476
477 if (conn->server == NULL)
478 return NULL;
479
480 if (appl_data)
481 *appl_data = NULL;
482
483 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
484 wpabuf_len(in_data), &res_len);
485 if (res == NULL && tlsv1_server_established(conn->server))
486 return wpabuf_alloc(0);
487 if (res == NULL)
488 return NULL;
489 out = wpabuf_alloc_ext_data(res, res_len);
490 if (out == NULL) {
491 os_free(res);
492 return NULL;
493 }
494
495 return out;
496#else /* CONFIG_TLS_INTERNAL_SERVER */
497 return NULL;
498#endif /* CONFIG_TLS_INTERNAL_SERVER */
499}
500
501
502struct wpabuf * tls_connection_encrypt(void *tls_ctx,
503 struct tls_connection *conn,
504 const struct wpabuf *in_data)
505{
506#ifdef CONFIG_TLS_INTERNAL_CLIENT
507 if (conn->client) {
508 struct wpabuf *buf;
509 int res;
510 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
511 if (buf == NULL)
512 return NULL;
513 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
514 wpabuf_len(in_data),
515 wpabuf_mhead(buf),
516 wpabuf_size(buf));
517 if (res < 0) {
518 wpabuf_free(buf);
519 return NULL;
520 }
521 wpabuf_put(buf, res);
522 return buf;
523 }
524#endif /* CONFIG_TLS_INTERNAL_CLIENT */
525#ifdef CONFIG_TLS_INTERNAL_SERVER
526 if (conn->server) {
527 struct wpabuf *buf;
528 int res;
529 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
530 if (buf == NULL)
531 return NULL;
532 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
533 wpabuf_len(in_data),
534 wpabuf_mhead(buf),
535 wpabuf_size(buf));
536 if (res < 0) {
537 wpabuf_free(buf);
538 return NULL;
539 }
540 wpabuf_put(buf, res);
541 return buf;
542 }
543#endif /* CONFIG_TLS_INTERNAL_SERVER */
544 return NULL;
545}
546
547
548struct wpabuf * tls_connection_decrypt(void *tls_ctx,
549 struct tls_connection *conn,
550 const struct wpabuf *in_data)
551{
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]552 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
553}
554
555
556struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
557 struct tls_connection *conn,
558 const struct wpabuf *in_data,
559 int *need_more_data)
560{
561 if (need_more_data)
562 *need_more_data = 0;
563
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]564#ifdef CONFIG_TLS_INTERNAL_CLIENT
565 if (conn->client) {
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]566 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
567 wpabuf_len(in_data),
568 need_more_data);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]569 }
570#endif /* CONFIG_TLS_INTERNAL_CLIENT */
571#ifdef CONFIG_TLS_INTERNAL_SERVER
572 if (conn->server) {
573 struct wpabuf *buf;
574 int res;
575 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
576 if (buf == NULL)
577 return NULL;
578 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
579 wpabuf_len(in_data),
580 wpabuf_mhead(buf),
581 wpabuf_size(buf));
582 if (res < 0) {
583 wpabuf_free(buf);
584 return NULL;
585 }
586 wpabuf_put(buf, res);
587 return buf;
588 }
589#endif /* CONFIG_TLS_INTERNAL_SERVER */
590 return NULL;
591}
592
593
594int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
595{
596#ifdef CONFIG_TLS_INTERNAL_CLIENT
597 if (conn->client)
598 return tlsv1_client_resumed(conn->client);
599#endif /* CONFIG_TLS_INTERNAL_CLIENT */
600#ifdef CONFIG_TLS_INTERNAL_SERVER
601 if (conn->server)
602 return tlsv1_server_resumed(conn->server);
603#endif /* CONFIG_TLS_INTERNAL_SERVER */
604 return -1;
605}
606
607
608int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
609 u8 *ciphers)
610{
611#ifdef CONFIG_TLS_INTERNAL_CLIENT
612 if (conn->client)
613 return tlsv1_client_set_cipher_list(conn->client, ciphers);
614#endif /* CONFIG_TLS_INTERNAL_CLIENT */
615#ifdef CONFIG_TLS_INTERNAL_SERVER
616 if (conn->server)
617 return tlsv1_server_set_cipher_list(conn->server, ciphers);
618#endif /* CONFIG_TLS_INTERNAL_SERVER */
619 return -1;
620}
621
622
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]623int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
624 char *buf, size_t buflen)
625{
626 /* TODO */
627 return -1;
628}
629
630
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]631int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
632 char *buf, size_t buflen)
633{
634 if (conn == NULL)
635 return -1;
636#ifdef CONFIG_TLS_INTERNAL_CLIENT
637 if (conn->client)
638 return tlsv1_client_get_cipher(conn->client, buf, buflen);
639#endif /* CONFIG_TLS_INTERNAL_CLIENT */
640#ifdef CONFIG_TLS_INTERNAL_SERVER
641 if (conn->server)
642 return tlsv1_server_get_cipher(conn->server, buf, buflen);
643#endif /* CONFIG_TLS_INTERNAL_SERVER */
644 return -1;
645}
646
647
648int tls_connection_enable_workaround(void *tls_ctx,
649 struct tls_connection *conn)
650{
651 return -1;
652}
653
654
655int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
656 int ext_type, const u8 *data,
657 size_t data_len)
658{
659#ifdef CONFIG_TLS_INTERNAL_CLIENT
660 if (conn->client) {
661 return tlsv1_client_hello_ext(conn->client, ext_type,
662 data, data_len);
663 }
664#endif /* CONFIG_TLS_INTERNAL_CLIENT */
665 return -1;
666}
667
668
669int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
670{
671 return 0;
672}
673
674
675int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
676{
677 return 0;
678}
679
680
681int tls_connection_get_write_alerts(void *tls_ctx,
682 struct tls_connection *conn)
683{
684 return 0;
685}
686
687
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]688int tls_connection_set_session_ticket_cb(void *tls_ctx,
689 struct tls_connection *conn,
690 tls_session_ticket_cb cb,
691 void *ctx)
692{
693#ifdef CONFIG_TLS_INTERNAL_CLIENT
694 if (conn->client) {
695 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
696 return 0;
697 }
698#endif /* CONFIG_TLS_INTERNAL_CLIENT */
699#ifdef CONFIG_TLS_INTERNAL_SERVER
700 if (conn->server) {
701 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
702 return 0;
703 }
704#endif /* CONFIG_TLS_INTERNAL_SERVER */
705 return -1;
706}
Dmitry Shmidtff787d52015-01-12 13:01:47 -0800[diff] [blame]707
708
709int tls_get_library_version(char *buf, size_t buf_len)
710{
711 return os_snprintf(buf, buf_len, "internal");
712}
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame^]713
714
715void tls_connection_set_success_data(struct tls_connection *conn,
716 struct wpabuf *data)
717{
718}
719
720
721void tls_connection_set_success_data_resumed(struct tls_connection *conn)
722{
723}
724
725
726const struct wpabuf *
727tls_connection_get_success_data(struct tls_connection *conn)
728{
729 return NULL;
730}
731
732
733void tls_connection_remove_session(struct tls_connection *conn)
734{
735}