2
* WPA Supplicant / TLS interface functions and an internal TLS implementation
3
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
14
* This file interface functions for hostapd/wpa_supplicant to use the
15
* integrated TLSv1 implementation.
22
#include "tls/tlsv1_client.h"
25
static int tls_ref_count = 0;
31
struct tls_connection {
32
struct tlsv1_client *client;
36
void * tls_init(const struct tls_config *conf)
38
struct tls_global *global;
40
if (tls_ref_count == 0) {
41
if (tlsv1_client_global_init())
46
global = os_zalloc(sizeof(*global));
53
void tls_deinit(void *ssl_ctx)
55
struct tls_global *global = ssl_ctx;
57
if (tls_ref_count == 0) {
58
tlsv1_client_global_deinit();
64
int tls_get_errors(void *tls_ctx)
70
struct tls_connection * tls_connection_init(void *tls_ctx)
72
struct tls_connection *conn;
74
conn = os_zalloc(sizeof(*conn));
78
conn->client = tlsv1_client_init();
79
if (conn->client == NULL) {
88
void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
92
tlsv1_client_deinit(conn->client);
97
int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
99
return tlsv1_client_established(conn->client);
103
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
105
return tlsv1_client_shutdown(conn->client);
109
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
110
const struct tls_connection_params *params)
112
if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert,
113
params->ca_cert_blob,
114
params->ca_cert_blob_len,
116
wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
121
if (tlsv1_client_set_client_cert(conn->client, params->client_cert,
122
params->client_cert_blob,
123
params->client_cert_blob_len)) {
124
wpa_printf(MSG_INFO, "TLS: Failed to configure client "
129
if (tlsv1_client_set_private_key(conn->client,
131
params->private_key_passwd,
132
params->private_key_blob,
133
params->private_key_blob_len)) {
134
wpa_printf(MSG_INFO, "TLS: Failed to load private key");
142
int tls_global_set_params(void *tls_ctx,
143
const struct tls_connection_params *params)
145
wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
150
int tls_global_set_verify(void *tls_ctx, int check_crl)
152
wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
157
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
164
int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
171
int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
172
struct tls_keys *keys)
174
return tlsv1_client_get_keys(conn->client, keys);
178
int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
179
const char *label, int server_random_first,
180
u8 *out, size_t out_len)
182
return tlsv1_client_prf(conn->client, label, server_random_first,
187
u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
188
const u8 *in_data, size_t in_len,
189
size_t *out_len, u8 **appl_data,
190
size_t *appl_data_len)
195
wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
196
__func__, in_data, (unsigned long) in_len);
197
return tlsv1_client_handshake(conn->client, in_data, in_len, out_len,
198
appl_data, appl_data_len);
202
u8 * tls_connection_server_handshake(void *tls_ctx,
203
struct tls_connection *conn,
204
const u8 *in_data, size_t in_len,
207
wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
212
int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
213
const u8 *in_data, size_t in_len,
214
u8 *out_data, size_t out_len)
216
return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data,
221
int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
222
const u8 *in_data, size_t in_len,
223
u8 *out_data, size_t out_len)
225
return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data,
230
int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
232
return tlsv1_client_resumed(conn->client);
236
int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
237
const u8 *key, size_t key_len)
239
return tlsv1_client_set_master_key(conn->client, key, key_len);
243
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
246
return tlsv1_client_set_cipher_list(conn->client, ciphers);
250
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
251
char *buf, size_t buflen)
255
return tlsv1_client_get_cipher(conn->client, buf, buflen);
259
int tls_connection_enable_workaround(void *tls_ctx,
260
struct tls_connection *conn)
266
int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
267
int ext_type, const u8 *data,
270
return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len);
274
int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
280
int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
286
int tls_connection_get_write_alerts(void *tls_ctx,
287
struct tls_connection *conn)
293
int tls_connection_get_keyblock_size(void *tls_ctx,
294
struct tls_connection *conn)
296
return tlsv1_client_get_keyblock_size(conn->client);
300
unsigned int tls_capabilities(void *tls_ctx)
306
int tls_connection_ia_send_phase_finished(void *tls_ctx,
307
struct tls_connection *conn,
309
u8 *out_data, size_t out_len)
315
int tls_connection_ia_final_phase_finished(void *tls_ctx,
316
struct tls_connection *conn)
322
int tls_connection_ia_permute_inner_secret(void *tls_ctx,
323
struct tls_connection *conn,
324
const u8 *key, size_t key_len)