← Back to branch summary

~ubuntu-branches/ubuntu/gutsy/wpasupplicant/gutsy

« back to all changes in this revision

Viewing changes to src/crypto/tls_schannel.c

  • Committer: Bazaar Package Importer
  • Author(s): Reinhard Tartler, Alexander Sack
  • Date: 2007-08-26 16:06:57 UTC
  • mfrom: (1.1.9 upstream)
  • Revision ID: james.westby@ubuntu.com-20070826160657-2m8pxoweuxe8f93t
Tags: 0.6.0+0.5.8-0ubuntu1
https://launchpad.net/bugs/140763
https://launchpad.net/bugs/141233
* New upstream release
* remove patch 11_erroneous_manpage_ref, applied upstream
* remove patch 25_wpas_dbus_unregister_iface_fix, applied upstream

[ Alexander Sack ]
* bumping upstream version to replace development version 0.6.0 with
  this package from stable release branch.
* attempt to fix wierd timeout and high latency issues by going
  back to stable upstream version (0.5.9) (LP: #140763,
  LP: #141233).

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/crypto/tls_schannel.c
1
 
/*
2
 
 * WPA Supplicant / SSL/TLS interface functions for Microsoft Schannel
3
 
 * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
4
 
 *
5
 
 * This program is free software; you can redistribute it and/or modify
6
 
 * it under the terms of the GNU General Public License version 2 as
7
 
 * published by the Free Software Foundation.
8
 
 *
9
 
 * Alternatively, this software may be distributed under the terms of BSD
10
 
 * license.
11
 
 *
12
 
 * See README and COPYING for more details.
13
 
 */
14
 
 
15
 
/*
16
 
 * FIX: Go through all SSPI functions and verify what needs to be freed
17
 
 * FIX: session resumption
18
 
 * TODO: add support for server cert chain validation
19
 
 * TODO: add support for CA cert validation
20
 
 * TODO: add support for EAP-TLS (client cert/key conf)
21
 
 */
22
 
 
23
 
#include "includes.h"
24
 
#include <windows.h>
25
 
#include <wincrypt.h>
26
 
#include <schannel.h>
27
 
#define SECURITY_WIN32
28
 
#include <security.h>
29
 
#include <sspi.h>
30
 
 
31
 
#include "common.h"
32
 
#include "tls.h"
33
 
 
34
 
 
35
 
struct tls_global {
36
 
        HMODULE hsecurity;
37
 
        PSecurityFunctionTable sspi;
38
 
        HCERTSTORE my_cert_store;
39
 
};
40
 
 
41
 
struct tls_connection {
42
 
        int established, start;
43
 
        int failed, read_alerts, write_alerts;
44
 
 
45
 
        SCHANNEL_CRED schannel_cred;
46
 
        CredHandle creds;
47
 
        CtxtHandle context;
48
 
 
49
 
        u8 eap_tls_prf[128];
50
 
        int eap_tls_prf_set;
51
 
};
52
 
 
53
 
 
54
 
static int schannel_load_lib(struct tls_global *global)
55
 
{
56
 
        INIT_SECURITY_INTERFACE pInitSecurityInterface;
57
 
 
58
 
        global->hsecurity = LoadLibrary(TEXT("Secur32.dll"));
59
 
        if (global->hsecurity == NULL) {
60
 
                wpa_printf(MSG_ERROR, "%s: Could not load Secur32.dll - 0x%x",
61
 
                           __func__, (unsigned int) GetLastError());
62
 
                return -1;
63
 
        }
64
 
 
65
 
        pInitSecurityInterface = (INIT_SECURITY_INTERFACE) GetProcAddress(
66
 
                global->hsecurity, "InitSecurityInterfaceA");
67
 
        if (pInitSecurityInterface == NULL) {
68
 
                wpa_printf(MSG_ERROR, "%s: Could not find "
69
 
                           "InitSecurityInterfaceA from Secur32.dll",
70
 
                           __func__);
71
 
                FreeLibrary(global->hsecurity);
72
 
                global->hsecurity = NULL;
73
 
                return -1;
74
 
        }
75
 
 
76
 
        global->sspi = pInitSecurityInterface();
77
 
        if (global->sspi == NULL) {
78
 
                wpa_printf(MSG_ERROR, "%s: Could not read security "
79
 
                           "interface - 0x%x",
80
 
                           __func__, (unsigned int) GetLastError());
81
 
                FreeLibrary(global->hsecurity);
82
 
                global->hsecurity = NULL;
83
 
                return -1;
84
 
        }
85
 
 
86
 
        return 0;
87
 
}
88
 
 
89
 
 
90
 
void * tls_init(const struct tls_config *conf)
91
 
{
92
 
        struct tls_global *global;
93
 
 
94
 
        global = os_zalloc(sizeof(*global));
95
 
        if (global == NULL)
96
 
                return NULL;
97
 
        if (schannel_load_lib(global)) {
98
 
                os_free(global);
99
 
                return NULL;
100
 
        }
101
 
        return global;
102
 
}
103
 
 
104
 
 
105
 
void tls_deinit(void *ssl_ctx)
106
 
{
107
 
        struct tls_global *global = ssl_ctx;
108
 
 
109
 
        if (global->my_cert_store)
110
 
                CertCloseStore(global->my_cert_store, 0);
111
 
        FreeLibrary(global->hsecurity);
112
 
        os_free(global);
113
 
}
114
 
 
115
 
 
116
 
int tls_get_errors(void *ssl_ctx)
117
 
{
118
 
        return 0;
119
 
}
120
 
 
121
 
 
122
 
struct tls_connection * tls_connection_init(void *ssl_ctx)
123
 
{
124
 
        struct tls_connection *conn;
125
 
 
126
 
        conn = os_zalloc(sizeof(*conn));
127
 
        if (conn == NULL)
128
 
                return NULL;
129
 
        conn->start = 1;
130
 
 
131
 
        return conn;
132
 
}
133
 
 
134
 
 
135
 
void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
136
 
{
137
 
        if (conn == NULL)
138
 
                return;
139
 
 
140
 
        os_free(conn);
141
 
}
142
 
 
143
 
 
144
 
int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
145
 
{
146
 
        return conn ? conn->established : 0;
147
 
}
148
 
 
149
 
 
150
 
int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
151
 
{
152
 
        struct tls_global *global = ssl_ctx;
153
 
        if (conn == NULL)
154
 
                return -1;
155
 
 
156
 
        conn->eap_tls_prf_set = 0;
157
 
        conn->established = conn->failed = 0;
158
 
        conn->read_alerts = conn->write_alerts = 0;
159
 
        global->sspi->DeleteSecurityContext(&conn->context);
160
 
        /* FIX: what else needs to be reseted? */
161
 
 
162
 
        return 0;
163
 
}
164
 
 
165
 
 
166
 
int tls_global_set_params(void *tls_ctx,
167
 
                          const struct tls_connection_params *params)
168
 
{
169
 
        return -1;
170
 
}
171
 
 
172
 
 
173
 
int tls_global_set_verify(void *ssl_ctx, int check_crl)
174
 
{
175
 
        return -1;
176
 
}
177
 
 
178
 
 
179
 
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
180
 
                              int verify_peer)
181
 
{
182
 
        return -1;
183
 
}
184
 
 
185
 
 
186
 
int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
187
 
                            struct tls_keys *keys)
188
 
{
189
 
        /* Schannel does not export master secret or client/server random. */
190
 
        return -1;
191
 
}
192
 
 
193
 
 
194
 
int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
195
 
                       const char *label, int server_random_first,
196
 
                       u8 *out, size_t out_len)
197
 
{
198
 
        /*
199
 
         * Cannot get master_key from Schannel, but EapKeyBlock can be used to
200
 
         * generate session keys for EAP-TLS and EAP-PEAPv0. EAP-PEAPv2 and
201
 
         * EAP-TTLS cannot use this, though, since they are using different
202
 
         * labels. The only option could be to implement TLSv1 completely here
203
 
         * and just use Schannel or CryptoAPI for low-level crypto
204
 
         * functionality..
205
 
         */
206
 
 
207
 
        if (conn == NULL || !conn->eap_tls_prf_set || server_random_first ||
208
 
            os_strcmp(label, "client EAP encryption") != 0 ||
209
 
            out_len > sizeof(conn->eap_tls_prf))
210
 
                return -1;
211
 
 
212
 
        os_memcpy(out, conn->eap_tls_prf, out_len);
213
 
 
214
 
        return 0;
215
 
}
216
 
 
217
 
 
218
 
static u8 * tls_conn_hs_clienthello(struct tls_global *global,
219
 
                                    struct tls_connection *conn,
220
 
                                    size_t *out_len)
221
 
{
222
 
        DWORD sspi_flags, sspi_flags_out;
223
 
        SecBufferDesc outbuf;
224
 
        SecBuffer outbufs[1];
225
 
        SECURITY_STATUS status;
226
 
        TimeStamp ts_expiry;
227
 
 
228
 
        sspi_flags = ISC_REQ_REPLAY_DETECT |
229
 
                ISC_REQ_CONFIDENTIALITY |
230
 
                ISC_RET_EXTENDED_ERROR |
231
 
                ISC_REQ_ALLOCATE_MEMORY |
232
 
                ISC_REQ_MANUAL_CRED_VALIDATION;
233
 
 
234
 
        wpa_printf(MSG_DEBUG, "%s: Generating ClientHello", __func__);
235
 
 
236
 
        outbufs[0].pvBuffer = NULL;
237
 
        outbufs[0].BufferType = SECBUFFER_TOKEN;
238
 
        outbufs[0].cbBuffer = 0;
239
 
 
240
 
        outbuf.cBuffers = 1;
241
 
        outbuf.pBuffers = outbufs;
242
 
        outbuf.ulVersion = SECBUFFER_VERSION;
243
 
 
244
 
#ifdef UNICODE
245
 
        status = global->sspi->InitializeSecurityContextW(
246
 
                &conn->creds, NULL, NULL /* server name */, sspi_flags, 0,
247
 
                SECURITY_NATIVE_DREP, NULL, 0, &conn->context,
248
 
                &outbuf, &sspi_flags_out, &ts_expiry);
249
 
#else /* UNICODE */
250
 
        status = global->sspi->InitializeSecurityContextA(
251
 
                &conn->creds, NULL, NULL /* server name */, sspi_flags, 0,
252
 
                SECURITY_NATIVE_DREP, NULL, 0, &conn->context,
253
 
                &outbuf, &sspi_flags_out, &ts_expiry);
254
 
#endif /* UNICODE */
255
 
        if (status != SEC_I_CONTINUE_NEEDED) {
256
 
                wpa_printf(MSG_ERROR, "%s: InitializeSecurityContextA "
257
 
                           "failed - 0x%x",
258
 
                           __func__, (unsigned int) status);
259
 
                return NULL;
260
 
        }
261
 
 
262
 
        if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) {
263
 
                u8 *buf;
264
 
                wpa_hexdump(MSG_MSGDUMP, "SChannel - ClientHello",
265
 
                            outbufs[0].pvBuffer, outbufs[0].cbBuffer);
266
 
                conn->start = 0;
267
 
                *out_len = outbufs[0].cbBuffer;
268
 
                buf = os_malloc(*out_len);
269
 
                if (buf == NULL)
270
 
                        return NULL;
271
 
                os_memcpy(buf, outbufs[0].pvBuffer, *out_len);
272
 
                global->sspi->FreeContextBuffer(outbufs[0].pvBuffer);
273
 
                return buf;
274
 
        }
275
 
 
276
 
        wpa_printf(MSG_ERROR, "SChannel: Failed to generate ClientHello");
277
 
 
278
 
        return NULL;
279
 
}
280
 
 
281
 
 
282
 
#ifndef SECPKG_ATTR_EAP_KEY_BLOCK
283
 
#define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b
284
 
 
285
 
typedef struct _SecPkgContext_EapKeyBlock {
286
 
        BYTE rgbKeys[128];
287
 
        BYTE rgbIVs[64];
288
 
} SecPkgContext_EapKeyBlock, *PSecPkgContext_EapKeyBlock;
289
 
#endif /* !SECPKG_ATTR_EAP_KEY_BLOCK */
290
 
 
291
 
static int tls_get_eap(struct tls_global *global, struct tls_connection *conn)
292
 
{
293
 
        SECURITY_STATUS status;
294
 
        SecPkgContext_EapKeyBlock kb;
295
 
 
296
 
        /* Note: Windows NT and Windows Me/98/95 do not support getting
297
 
         * EapKeyBlock */
298
 
 
299
 
        status = global->sspi->QueryContextAttributes(
300
 
                &conn->context, SECPKG_ATTR_EAP_KEY_BLOCK, &kb);
301
 
        if (status != SEC_E_OK) {
302
 
                wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes("
303
 
                           "SECPKG_ATTR_EAP_KEY_BLOCK) failed (%d)",
304
 
                           __func__, (int) status);
305
 
                return -1;
306
 
        }
307
 
 
308
 
        wpa_hexdump_key(MSG_MSGDUMP, "Schannel - EapKeyBlock - rgbKeys",
309
 
                        kb.rgbKeys, sizeof(kb.rgbKeys));
310
 
        wpa_hexdump_key(MSG_MSGDUMP, "Schannel - EapKeyBlock - rgbIVs",
311
 
                        kb.rgbIVs, sizeof(kb.rgbIVs));
312
 
 
313
 
        os_memcpy(conn->eap_tls_prf, kb.rgbKeys, sizeof(kb.rgbKeys));
314
 
        conn->eap_tls_prf_set = 1;
315
 
        return 0;
316
 
}
317
 
 
318
 
 
319
 
u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
320
 
                              const u8 *in_data, size_t in_len,
321
 
                              size_t *out_len, u8 **appl_data,
322
 
                              size_t *appl_data_len)
323
 
{
324
 
        struct tls_global *global = ssl_ctx;
325
 
        DWORD sspi_flags, sspi_flags_out;
326
 
        SecBufferDesc inbuf, outbuf;
327
 
        SecBuffer inbufs[2], outbufs[1];
328
 
        SECURITY_STATUS status;
329
 
        TimeStamp ts_expiry;
330
 
        u8 *out_buf = NULL;
331
 
 
332
 
        if (appl_data)
333
 
                *appl_data = NULL;
334
 
 
335
 
        if (conn->start) {
336
 
                return tls_conn_hs_clienthello(global, conn, out_len);
337
 
        }
338
 
 
339
 
        wpa_printf(MSG_DEBUG, "SChannel: %d bytes handshake data to process",
340
 
                   in_len);
341
 
 
342
 
        sspi_flags = ISC_REQ_REPLAY_DETECT |
343
 
                ISC_REQ_CONFIDENTIALITY |
344
 
                ISC_RET_EXTENDED_ERROR |
345
 
                ISC_REQ_ALLOCATE_MEMORY |
346
 
                ISC_REQ_MANUAL_CRED_VALIDATION;
347
 
 
348
 
        /* Input buffer for Schannel */
349
 
        inbufs[0].pvBuffer = (u8 *) in_data;
350
 
        inbufs[0].cbBuffer = in_len;
351
 
        inbufs[0].BufferType = SECBUFFER_TOKEN;
352
 
 
353
 
        /* Place for leftover data from Schannel */
354
 
        inbufs[1].pvBuffer = NULL;
355
 
        inbufs[1].cbBuffer = 0;
356
 
        inbufs[1].BufferType = SECBUFFER_EMPTY;
357
 
 
358
 
        inbuf.cBuffers = 2;
359
 
        inbuf.pBuffers = inbufs;
360
 
        inbuf.ulVersion = SECBUFFER_VERSION;
361
 
 
362
 
        /* Output buffer for Schannel */
363
 
        outbufs[0].pvBuffer = NULL;
364
 
        outbufs[0].cbBuffer = 0;
365
 
        outbufs[0].BufferType = SECBUFFER_TOKEN;
366
 
 
367
 
        outbuf.cBuffers = 1;
368
 
        outbuf.pBuffers = outbufs;
369
 
        outbuf.ulVersion = SECBUFFER_VERSION;
370
 
 
371
 
#ifdef UNICODE
372
 
        status = global->sspi->InitializeSecurityContextW(
373
 
                &conn->creds, &conn->context, NULL, sspi_flags, 0,
374
 
                SECURITY_NATIVE_DREP, &inbuf, 0, NULL,
375
 
                &outbuf, &sspi_flags_out, &ts_expiry);
376
 
#else /* UNICODE */
377
 
        status = global->sspi->InitializeSecurityContextA(
378
 
                &conn->creds, &conn->context, NULL, sspi_flags, 0,
379
 
                SECURITY_NATIVE_DREP, &inbuf, 0, NULL,
380
 
                &outbuf, &sspi_flags_out, &ts_expiry);
381
 
#endif /* UNICODE */
382
 
 
383
 
        wpa_printf(MSG_MSGDUMP, "Schannel: InitializeSecurityContext -> "
384
 
                   "status=%d inlen[0]=%d intype[0]=%d inlen[1]=%d "
385
 
                   "intype[1]=%d outlen[0]=%d",
386
 
                   (int) status, (int) inbufs[0].cbBuffer,
387
 
                   (int) inbufs[0].BufferType, (int) inbufs[1].cbBuffer,
388
 
                   (int) inbufs[1].BufferType,
389
 
                   (int) outbufs[0].cbBuffer);
390
 
        if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED ||
391
 
            (FAILED(status) && (sspi_flags_out & ISC_RET_EXTENDED_ERROR))) {
392
 
                if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) {
393
 
                        wpa_hexdump(MSG_MSGDUMP, "SChannel - output",
394
 
                                    outbufs[0].pvBuffer, outbufs[0].cbBuffer);
395
 
                        *out_len = outbufs[0].cbBuffer;
396
 
                        out_buf = os_malloc(*out_len);
397
 
                        if (out_buf)
398
 
                                os_memcpy(out_buf, outbufs[0].pvBuffer,
399
 
                                          *out_len);
400
 
                        global->sspi->FreeContextBuffer(outbufs[0].pvBuffer);
401
 
                        outbufs[0].pvBuffer = NULL;
402
 
                        if (out_buf == NULL)
403
 
                                return NULL;
404
 
                }
405
 
        }
406
 
 
407
 
        switch (status) {
408
 
        case SEC_E_INCOMPLETE_MESSAGE:
409
 
                wpa_printf(MSG_DEBUG, "Schannel: SEC_E_INCOMPLETE_MESSAGE");
410
 
                break;
411
 
        case SEC_I_CONTINUE_NEEDED:
412
 
                wpa_printf(MSG_DEBUG, "Schannel: SEC_I_CONTINUE_NEEDED");
413
 
                break;
414
 
        case SEC_E_OK:
415
 
                /* TODO: verify server certificate chain */
416
 
                wpa_printf(MSG_DEBUG, "Schannel: SEC_E_OK - Handshake "
417
 
                           "completed successfully");
418
 
                conn->established = 1;
419
 
                tls_get_eap(global, conn);
420
 
 
421
 
                /* Need to return something to get final TLS ACK. */
422
 
                if (out_buf == NULL)
423
 
                        out_buf = os_malloc(1);
424
 
 
425
 
                if (inbufs[1].BufferType == SECBUFFER_EXTRA) {
426
 
                        wpa_hexdump(MSG_MSGDUMP, "SChannel - Encrypted "
427
 
                                    "application data",
428
 
                                    inbufs[1].pvBuffer, inbufs[1].cbBuffer);
429
 
                        if (appl_data) {
430
 
                                *appl_data_len = outbufs[1].cbBuffer;
431
 
                                appl_data = os_malloc(*appl_data_len);
432
 
                                if (appl_data)
433
 
                                        os_memcpy(appl_data,
434
 
                                                  outbufs[1].pvBuffer,
435
 
                                                  *appl_data_len);
436
 
                        }
437
 
                        global->sspi->FreeContextBuffer(inbufs[1].pvBuffer);
438
 
                        inbufs[1].pvBuffer = NULL;
439
 
                }
440
 
                break;
441
 
        case SEC_I_INCOMPLETE_CREDENTIALS:
442
 
                wpa_printf(MSG_DEBUG,
443
 
                           "Schannel: SEC_I_INCOMPLETE_CREDENTIALS");
444
 
                break;
445
 
        case SEC_E_WRONG_PRINCIPAL:
446
 
                wpa_printf(MSG_DEBUG, "Schannel: SEC_E_WRONG_PRINCIPAL");
447
 
                break;
448
 
        case SEC_E_INTERNAL_ERROR:
449
 
                wpa_printf(MSG_DEBUG, "Schannel: SEC_E_INTERNAL_ERROR");
450
 
                break;
451
 
        }
452
 
 
453
 
        if (FAILED(status)) {
454
 
                wpa_printf(MSG_DEBUG, "Schannel: Handshake failed "
455
 
                           "(out_buf=%p)", out_buf);
456
 
                conn->failed++;
457
 
                global->sspi->DeleteSecurityContext(&conn->context);
458
 
                return out_buf;
459
 
        }
460
 
 
461
 
        if (inbufs[1].BufferType == SECBUFFER_EXTRA) {
462
 
                /* TODO: Can this happen? What to do with this data? */
463
 
                wpa_hexdump(MSG_MSGDUMP, "SChannel - Leftover data",
464
 
                            inbufs[1].pvBuffer, inbufs[1].cbBuffer);
465
 
                global->sspi->FreeContextBuffer(inbufs[1].pvBuffer);
466
 
                inbufs[1].pvBuffer = NULL;
467
 
        }
468
 
 
469
 
        return out_buf;
470
 
}
471
 
 
472
 
 
473
 
u8 * tls_connection_server_handshake(void *ssl_ctx,
474
 
                                     struct tls_connection *conn,
475
 
                                     const u8 *in_data, size_t in_len,
476
 
                                     size_t *out_len)
477
 
{
478
 
        return NULL;
479
 
}
480
 
 
481
 
 
482
 
int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
483
 
                           const u8 *in_data, size_t in_len,
484
 
                           u8 *out_data, size_t out_len)
485
 
{
486
 
        struct tls_global *global = ssl_ctx;
487
 
        SECURITY_STATUS status;
488
 
        SecBufferDesc buf;
489
 
        SecBuffer bufs[4];
490
 
        SecPkgContext_StreamSizes sizes;
491
 
        int i;
492
 
        size_t total_len;
493
 
 
494
 
        status = global->sspi->QueryContextAttributes(&conn->context,
495
 
                                                      SECPKG_ATTR_STREAM_SIZES,
496
 
                                                      &sizes);
497
 
        if (status != SEC_E_OK) {
498
 
                wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes failed",
499
 
                           __func__);
500
 
                return -1;
501
 
        }
502
 
        wpa_printf(MSG_DEBUG, "%s: Stream sizes: header=%u trailer=%u",
503
 
                   __func__,
504
 
                   (unsigned int) sizes.cbHeader,
505
 
                   (unsigned int) sizes.cbTrailer);
506
 
 
507
 
        total_len = sizes.cbHeader + in_len + sizes.cbTrailer;
508
 
 
509
 
        if (out_len < total_len) {
510
 
                wpa_printf(MSG_DEBUG, "%s: too short out_data (out_len=%lu "
511
 
                           "in_len=%lu total_len=%lu)", __func__,
512
 
                           (unsigned long) out_len, (unsigned long) in_len,
513
 
                           (unsigned long) total_len);
514
 
                return -1;
515
 
        }
516
 
 
517
 
        os_memset(&bufs, 0, sizeof(bufs));
518
 
        bufs[0].pvBuffer = out_data;
519
 
        bufs[0].cbBuffer = sizes.cbHeader;
520
 
        bufs[0].BufferType = SECBUFFER_STREAM_HEADER;
521
 
 
522
 
        os_memcpy(out_data + sizes.cbHeader, in_data, in_len);
523
 
        bufs[1].pvBuffer = out_data + sizes.cbHeader;
524
 
        bufs[1].cbBuffer = in_len;
525
 
        bufs[1].BufferType = SECBUFFER_DATA;
526
 
 
527
 
        bufs[2].pvBuffer = out_data + sizes.cbHeader + in_len;
528
 
        bufs[2].cbBuffer = sizes.cbTrailer;
529
 
        bufs[2].BufferType = SECBUFFER_STREAM_TRAILER;
530
 
 
531
 
        buf.ulVersion = SECBUFFER_VERSION;
532
 
        buf.cBuffers = 3;
533
 
        buf.pBuffers = bufs;
534
 
 
535
 
        status = global->sspi->EncryptMessage(&conn->context, 0, &buf, 0);
536
 
 
537
 
        wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage -> "
538
 
                   "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d "
539
 
                   "len[2]=%d type[2]=%d",
540
 
                   (int) status,
541
 
                   (int) bufs[0].cbBuffer, (int) bufs[0].BufferType,
542
 
                   (int) bufs[1].cbBuffer, (int) bufs[1].BufferType,
543
 
                   (int) bufs[2].cbBuffer, (int) bufs[2].BufferType);
544
 
        wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage pointers: "
545
 
                   "out_data=%p bufs %p %p %p",
546
 
                   out_data, bufs[0].pvBuffer, bufs[1].pvBuffer,
547
 
                   bufs[2].pvBuffer);
548
 
 
549
 
        for (i = 0; i < 3; i++) {
550
 
                if (bufs[i].pvBuffer && bufs[i].BufferType != SECBUFFER_EMPTY)
551
 
                {
552
 
                        wpa_hexdump(MSG_MSGDUMP, "SChannel: bufs",
553
 
                                    bufs[i].pvBuffer, bufs[i].cbBuffer);
554
 
                }
555
 
        }
556
 
 
557
 
        if (status == SEC_E_OK) {
558
 
                wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__);
559
 
                wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Encrypted data from "
560
 
                                "EncryptMessage", out_data, total_len);
561
 
                return total_len;
562
 
        }
563
 
 
564
 
        wpa_printf(MSG_DEBUG, "%s: Failed - status=%d",
565
 
                   __func__, (int) status);
566
 
        return -1;
567
 
}
568
 
 
569
 
 
570
 
int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
571
 
                           const u8 *in_data, size_t in_len,
572
 
                           u8 *out_data, size_t out_len)
573
 
{
574
 
        struct tls_global *global = ssl_ctx;
575
 
        SECURITY_STATUS status;
576
 
        SecBufferDesc buf;
577
 
        SecBuffer bufs[4];
578
 
        int i;
579
 
 
580
 
        if (out_len < in_len) {
581
 
                wpa_printf(MSG_DEBUG, "%s: out_len=%lu < in_len=%lu", __func__,
582
 
                           (unsigned long) out_len, (unsigned long) in_len);
583
 
                return -1;
584
 
        }
585
 
 
586
 
        wpa_hexdump(MSG_MSGDUMP, "Schannel: Encrypted data to DecryptMessage",
587
 
                    in_data, in_len);
588
 
        os_memset(&bufs, 0, sizeof(bufs));
589
 
        os_memcpy(out_data, in_data, in_len);
590
 
        bufs[0].pvBuffer = out_data;
591
 
        bufs[0].cbBuffer = in_len;
592
 
        bufs[0].BufferType = SECBUFFER_DATA;
593
 
 
594
 
        bufs[1].BufferType = SECBUFFER_EMPTY;
595
 
        bufs[2].BufferType = SECBUFFER_EMPTY;
596
 
        bufs[3].BufferType = SECBUFFER_EMPTY;
597
 
 
598
 
        buf.ulVersion = SECBUFFER_VERSION;
599
 
        buf.cBuffers = 4;
600
 
        buf.pBuffers = bufs;
601
 
 
602
 
        status = global->sspi->DecryptMessage(&conn->context, &buf, 0,
603
 
                                                    NULL);
604
 
        wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage -> "
605
 
                   "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d "
606
 
                   "len[2]=%d type[2]=%d len[3]=%d type[3]=%d",
607
 
                   (int) status,
608
 
                   (int) bufs[0].cbBuffer, (int) bufs[0].BufferType,
609
 
                   (int) bufs[1].cbBuffer, (int) bufs[1].BufferType,
610
 
                   (int) bufs[2].cbBuffer, (int) bufs[2].BufferType,
611
 
                   (int) bufs[3].cbBuffer, (int) bufs[3].BufferType);
612
 
        wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage pointers: "
613
 
                   "out_data=%p bufs %p %p %p %p",
614
 
                   out_data, bufs[0].pvBuffer, bufs[1].pvBuffer,
615
 
                   bufs[2].pvBuffer, bufs[3].pvBuffer);
616
 
 
617
 
        switch (status) {
618
 
        case SEC_E_INCOMPLETE_MESSAGE:
619
 
                wpa_printf(MSG_DEBUG, "%s: SEC_E_INCOMPLETE_MESSAGE",
620
 
                           __func__);
621
 
                break;
622
 
        case SEC_E_OK:
623
 
                wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__);
624
 
                for (i = 0; i < 4; i++) {
625
 
                        if (bufs[i].BufferType == SECBUFFER_DATA)
626
 
                                break;
627
 
                }
628
 
                if (i == 4) {
629
 
                        wpa_printf(MSG_DEBUG, "%s: No output data from "
630
 
                                   "DecryptMessage", __func__);
631
 
                        return -1;
632
 
                }
633
 
                wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Decrypted data from "
634
 
                                "DecryptMessage",
635
 
                                bufs[i].pvBuffer, bufs[i].cbBuffer);
636
 
                if (bufs[i].cbBuffer > out_len) {
637
 
                        wpa_printf(MSG_DEBUG, "%s: Too long output data",
638
 
                                   __func__);
639
 
                        return -1;
640
 
                }
641
 
                os_memmove(out_data, bufs[i].pvBuffer, bufs[i].cbBuffer);
642
 
                return bufs[i].cbBuffer;
643
 
        }
644
 
 
645
 
        wpa_printf(MSG_DEBUG, "%s: Failed - status=%d",
646
 
                   __func__, (int) status);
647
 
        return -1;
648
 
}
649
 
 
650
 
 
651
 
int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
652
 
{
653
 
        return 0;
654
 
}
655
 
 
656
 
 
657
 
int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn,
658
 
                                  const u8 *key, size_t key_len)
659
 
{
660
 
        return -1;
661
 
}
662
 
 
663
 
 
664
 
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
665
 
                                   u8 *ciphers)
666
 
{
667
 
        return -1;
668
 
}
669
 
 
670
 
 
671
 
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
672
 
                   char *buf, size_t buflen)
673
 
{
674
 
        return -1;
675
 
}
676
 
 
677
 
 
678
 
int tls_connection_enable_workaround(void *ssl_ctx,
679
 
                                     struct tls_connection *conn)
680
 
{
681
 
        return 0;
682
 
}
683
 
 
684
 
 
685
 
int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
686
 
                                    int ext_type, const u8 *data,
687
 
                                    size_t data_len)
688
 
{
689
 
        return -1;
690
 
}
691
 
 
692
 
 
693
 
int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
694
 
{
695
 
        if (conn == NULL)
696
 
                return -1;
697
 
        return conn->failed;
698
 
}
699
 
 
700
 
 
701
 
int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
702
 
{
703
 
        if (conn == NULL)
704
 
                return -1;
705
 
        return conn->read_alerts;
706
 
}
707
 
 
708
 
 
709
 
int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
710
 
{
711
 
        if (conn == NULL)
712
 
                return -1;
713
 
        return conn->write_alerts;
714
 
}
715
 
 
716
 
 
717
 
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
718
 
                              const struct tls_connection_params *params)
719
 
{
720
 
        struct tls_global *global = tls_ctx;
721
 
        ALG_ID algs[1];
722
 
        SECURITY_STATUS status;
723
 
        TimeStamp ts_expiry;
724
 
 
725
 
        if (conn == NULL)
726
 
                return -1;
727
 
 
728
 
        if (global->my_cert_store == NULL &&
729
 
            (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
730
 
            NULL) {
731
 
                wpa_printf(MSG_ERROR, "%s: CertOpenSystemStore failed - 0x%x",
732
 
                           __func__, (unsigned int) GetLastError());
733
 
                return -1;
734
 
        }
735
 
 
736
 
        os_memset(&conn->schannel_cred, 0, sizeof(conn->schannel_cred));
737
 
        conn->schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
738
 
        conn->schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1;
739
 
        algs[0] = CALG_RSA_KEYX;
740
 
        conn->schannel_cred.cSupportedAlgs = 1;
741
 
        conn->schannel_cred.palgSupportedAlgs = algs;
742
 
        conn->schannel_cred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
743
 
#ifdef UNICODE
744
 
        status = global->sspi->AcquireCredentialsHandleW(
745
 
                NULL, UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL,
746
 
                &conn->schannel_cred, NULL, NULL, &conn->creds, &ts_expiry);
747
 
#else /* UNICODE */
748
 
        status = global->sspi->AcquireCredentialsHandleA(
749
 
                NULL, UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
750
 
                &conn->schannel_cred, NULL, NULL, &conn->creds, &ts_expiry);
751
 
#endif /* UNICODE */
752
 
        if (status != SEC_E_OK) {
753
 
                wpa_printf(MSG_DEBUG, "%s: AcquireCredentialsHandleA failed - "
754
 
                           "0x%x", __func__, (unsigned int) status);
755
 
                return -1;
756
 
        }
757
 
 
758
 
        return 0;
759
 
}
760
 
 
761
 
 
762
 
unsigned int tls_capabilities(void *tls_ctx)
763
 
{
764
 
        return 0;
765
 
}
766
 
 
767
 
 
768
 
int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
769
 
                          int tls_ia)
770
 
{
771
 
        return -1;
772
 
}
773
 
 
774
 
 
775
 
int tls_connection_ia_send_phase_finished(void *tls_ctx,
776
 
                                          struct tls_connection *conn,
777
 
                                          int final,
778
 
                                          u8 *out_data, size_t out_len)
779
 
{
780
 
        return -1;
781
 
}
782
 
 
783
 
 
784
 
int tls_connection_ia_final_phase_finished(void *tls_ctx,
785
 
                                           struct tls_connection *conn)
786
 
{
787
 
        return -1;
788
 
}
789
 
 
790
 
 
791
 
int tls_connection_ia_permute_inner_secret(void *tls_ctx,
792
 
                                           struct tls_connection *conn,
793
 
                                           const u8 *key, size_t key_len)
794
 
{
795
 
        return -1;
796
 
}