tls_internal.c - platform/external/wpa_supplicant - Git at Google

 /*
  * WPA Supplicant / TLS interface functions and an internal TLS implementation
  * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
  * published by the Free Software Foundation.
  *
  * Alternatively, this software may be distributed under the terms of BSD
  * license.
  *
  * See README and COPYING for more details.
  *
  * This file interface functions for hostapd/wpa_supplicant to use the
  * integrated TLSv1 implementation.
  */

 #include "includes.h"

 #include "common.h"
 #include "tls.h"
 #include "tlsv1_client.h"


 static int tls_ref_count = 0;

 struct tls_global {
 	int dummy;
 };

 struct tls_connection {
 	struct tlsv1_client *client;
 };


 void * tls_init(const struct tls_config *conf)
 {
 	struct tls_global *global;

 	if (tls_ref_count == 0) {
 		if (tlsv1_client_global_init())
 			return NULL;
 	}
 	tls_ref_count++;

 	global = os_zalloc(sizeof(*global));
 	if (global == NULL)
 		return NULL;

 	return global;
 }

 void tls_deinit(void *ssl_ctx)
 {
 	struct tls_global *global = ssl_ctx;
 	tls_ref_count--;
 	if (tls_ref_count == 0) {
 		tlsv1_client_global_deinit();
 	}
 	os_free(global);
 }


 int tls_get_errors(void *tls_ctx)
 {
 	return 0;
 }


 struct tls_connection * tls_connection_init(void *tls_ctx)
 {
 	struct tls_connection *conn;

 	conn = os_zalloc(sizeof(*conn));
 	if (conn == NULL)
 		return NULL;

 	conn->client = tlsv1_client_init();
 	if (conn->client == NULL) {
 		os_free(conn);
 		return NULL;
 	}

 	return conn;
 }


 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 {
 	if (conn == NULL)
 		return;
 	tlsv1_client_deinit(conn->client);
 	os_free(conn);
 }


 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 {
 	return tlsv1_client_established(conn->client);
 }


 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
 {
 	return tlsv1_client_shutdown(conn->client);
 }


 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 			      const struct tls_connection_params *params)
 {
 	if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert,
 				     params->ca_cert_blob,
 				     params->ca_cert_blob_len,
 				     params->ca_path)) {
 		wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 			   "certificates");
 		return -1;
 	}

 	if (tlsv1_client_set_client_cert(conn->client, params->client_cert,
 					 params->client_cert_blob,
 					 params->client_cert_blob_len)) {
 		wpa_printf(MSG_INFO, "TLS: Failed to configure client "
 			   "certificate");
 		return -1;
 	}

 	if (tlsv1_client_set_private_key(conn->client,
 					 params->private_key,
 					 params->private_key_passwd,
 					 params->private_key_blob,
 					 params->private_key_blob_len)) {
 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 		return -1;
 	}

 	return 0;
 }


 int tls_global_set_params(void *tls_ctx,
 			  const struct tls_connection_params *params)
 {
 	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
 	return -1;
 }


 int tls_global_set_verify(void *tls_ctx, int check_crl)
 {
 	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
 	return -1;
 }


 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
 			      int verify_peer)
 {
 	return -1;
 }


 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
 			  int tls_ia)
 {
 	return -1;
 }


 int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
 			    struct tls_keys *keys)
 {
 	return tlsv1_client_get_keys(conn->client, keys);
 }


 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 		       const char *label, int server_random_first,
 		       u8 *out, size_t out_len)
 {
 	return tlsv1_client_prf(conn->client, label, server_random_first,
 				out, out_len);
 }


 u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
 			      const u8 *in_data, size_t in_len,
 			      size_t *out_len, u8 **appl_data,
 			      size_t *appl_data_len)
 {
 	if (appl_data)
 		*appl_data = NULL;

 	wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
 		   __func__, in_data, (unsigned long) in_len);
 	return tlsv1_client_handshake(conn->client, in_data, in_len, out_len);
 }


 u8 * tls_connection_server_handshake(void *tls_ctx,
 				     struct tls_connection *conn,
 				     const u8 *in_data, size_t in_len,
 				     size_t *out_len)
 {
 	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
 	return NULL;
 }


 int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
 			   const u8 *in_data, size_t in_len,
 			   u8 *out_data, size_t out_len)
 {
 	return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data,
 				    out_len);
 }


 int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
 			   const u8 *in_data, size_t in_len,
 			   u8 *out_data, size_t out_len)
 {
 	return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data,
 				    out_len);
 }


 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 {
 	return tlsv1_client_resumed(conn->client);
 }


 int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
 				  const u8 *key, size_t key_len)
 {
 	return tlsv1_client_set_master_key(conn->client, key, key_len);
 }


 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 				   u8 *ciphers)
 {
 	return tlsv1_client_set_cipher_list(conn->client, ciphers);
 }


 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 		   char *buf, size_t buflen)
 {
 	if (conn == NULL)
 		return -1;
 	return tlsv1_client_get_cipher(conn->client, buf, buflen);
 }


 int tls_connection_enable_workaround(void *tls_ctx,
 				     struct tls_connection *conn)
 {
 	return -1;
 }


 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
 				    int ext_type, const u8 *data,
 				    size_t data_len)
 {
 	return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len);
 }


 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 {
 	return 0;
 }


 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 {
 	return 0;
 }


 int tls_connection_get_write_alerts(void *tls_ctx,
 				    struct tls_connection *conn)
 {
 	return 0;
 }


 int tls_connection_get_keyblock_size(void *tls_ctx,
 				     struct tls_connection *conn)
 {
 	return tlsv1_client_get_keyblock_size(conn->client);
 }


 unsigned int tls_capabilities(void *tls_ctx)
 {
 	return 0;
 }


 int tls_connection_ia_send_phase_finished(void *tls_ctx,
 					  struct tls_connection *conn,
 					  int final,
 					  u8 *out_data, size_t out_len)
 {
 	return -1;
 }


 int tls_connection_ia_final_phase_finished(void *tls_ctx,
 					   struct tls_connection *conn)
 {
 	return -1;
 }


 int tls_connection_ia_permute_inner_secret(void *tls_ctx,
 					   struct tls_connection *conn,
 					   const u8 *key, size_t key_len)
 {
 	return -1;
 }
	/*
	* WPA Supplicant / TLS interface functions and an internal TLS implementation
	* Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2 as
	* published by the Free Software Foundation.
	*
	* Alternatively, this software may be distributed under the terms of BSD
	* license.
	*
	* See README and COPYING for more details.
	*
	* This file interface functions for hostapd/wpa_supplicant to use the
	* integrated TLSv1 implementation.
	*/

	#include "includes.h"

	#include "common.h"
	#include "tls.h"
	#include "tlsv1_client.h"


	static int tls_ref_count = 0;

	struct tls_global {
	int dummy;
	};

	struct tls_connection {
	struct tlsv1_client *client;
	};


	void * tls_init(const struct tls_config *conf)
	{
	struct tls_global *global;

	if (tls_ref_count == 0) {
	if (tlsv1_client_global_init())
	return NULL;
	}
	tls_ref_count++;

	global = os_zalloc(sizeof(*global));
	if (global == NULL)
	return NULL;

	return global;
	}

	void tls_deinit(void *ssl_ctx)
	{
	struct tls_global *global = ssl_ctx;
	tls_ref_count--;
	if (tls_ref_count == 0) {
	tlsv1_client_global_deinit();
	}
	os_free(global);
	}


	int tls_get_errors(void *tls_ctx)
	{
	return 0;
	}


	struct tls_connection * tls_connection_init(void *tls_ctx)
	{
	struct tls_connection *conn;

	conn = os_zalloc(sizeof(*conn));
	if (conn == NULL)
	return NULL;

	conn->client = tlsv1_client_init();
	if (conn->client == NULL) {
	os_free(conn);
	return NULL;
	}

	return conn;
	}


	void tls_connection_deinit(void tls_ctx, struct tls_connection conn)
	{
	if (conn == NULL)
	return;
	tlsv1_client_deinit(conn->client);
	os_free(conn);
	}


	int tls_connection_established(void tls_ctx, struct tls_connection conn)
	{
	return tlsv1_client_established(conn->client);
	}


	int tls_connection_shutdown(void tls_ctx, struct tls_connection conn)
	{
	return tlsv1_client_shutdown(conn->client);
	}


	int tls_connection_set_params(void tls_ctx, struct tls_connection conn,
	const struct tls_connection_params *params)
	{
	if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert,
	params->ca_cert_blob,
	params->ca_cert_blob_len,
	params->ca_path)) {
	wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
	"certificates");
	return -1;
	}

	if (tlsv1_client_set_client_cert(conn->client, params->client_cert,
	params->client_cert_blob,
	params->client_cert_blob_len)) {
	wpa_printf(MSG_INFO, "TLS: Failed to configure client "
	"certificate");
	return -1;
	}

	if (tlsv1_client_set_private_key(conn->client,
	params->private_key,
	params->private_key_passwd,
	params->private_key_blob,
	params->private_key_blob_len)) {
	wpa_printf(MSG_INFO, "TLS: Failed to load private key");
	return -1;
	}

	return 0;
	}


	int tls_global_set_params(void *tls_ctx,
	const struct tls_connection_params *params)
	{
	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
	return -1;
	}


	int tls_global_set_verify(void *tls_ctx, int check_crl)
	{
	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
	return -1;
	}


	int tls_connection_set_verify(void tls_ctx, struct tls_connection conn,
	int verify_peer)
	{
	return -1;
	}


	int tls_connection_set_ia(void tls_ctx, struct tls_connection conn,
	int tls_ia)
	{
	return -1;
	}


	int tls_connection_get_keys(void tls_ctx, struct tls_connection conn,
	struct tls_keys *keys)
	{
	return tlsv1_client_get_keys(conn->client, keys);
	}


	int tls_connection_prf(void tls_ctx, struct tls_connection conn,
	const char *label, int server_random_first,
	u8 *out, size_t out_len)
	{
	return tlsv1_client_prf(conn->client, label, server_random_first,
	out, out_len);
	}


	u8 * tls_connection_handshake(void tls_ctx, struct tls_connection conn,
	const u8 *in_data, size_t in_len,
	size_t out_len, u8 *appl_data,
	size_t *appl_data_len)
	{
	if (appl_data)
	*appl_data = NULL;

	wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
	__func__, in_data, (unsigned long) in_len);
	return tlsv1_client_handshake(conn->client, in_data, in_len, out_len);
	}


	u8 * tls_connection_server_handshake(void *tls_ctx,
	struct tls_connection *conn,
	const u8 *in_data, size_t in_len,
	size_t *out_len)
	{
	wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
	return NULL;
	}


	int tls_connection_encrypt(void tls_ctx, struct tls_connection conn,
	const u8 *in_data, size_t in_len,
	u8 *out_data, size_t out_len)
	{
	return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data,
	out_len);
	}


	int tls_connection_decrypt(void tls_ctx, struct tls_connection conn,
	const u8 *in_data, size_t in_len,
	u8 *out_data, size_t out_len)
	{
	return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data,
	out_len);
	}


	int tls_connection_resumed(void tls_ctx, struct tls_connection conn)
	{
	return tlsv1_client_resumed(conn->client);
	}


	int tls_connection_set_master_key(void tls_ctx, struct tls_connection conn,
	const u8 *key, size_t key_len)
	{
	return tlsv1_client_set_master_key(conn->client, key, key_len);
	}


	int tls_connection_set_cipher_list(void tls_ctx, struct tls_connection conn,
	u8 *ciphers)
	{
	return tlsv1_client_set_cipher_list(conn->client, ciphers);
	}


	int tls_get_cipher(void tls_ctx, struct tls_connection conn,
	char *buf, size_t buflen)
	{
	if (conn == NULL)
	return -1;
	return tlsv1_client_get_cipher(conn->client, buf, buflen);
	}


	int tls_connection_enable_workaround(void *tls_ctx,
	struct tls_connection *conn)
	{
	return -1;
	}


	int tls_connection_client_hello_ext(void tls_ctx, struct tls_connection conn,
	int ext_type, const u8 *data,
	size_t data_len)
	{
	return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len);
	}


	int tls_connection_get_failed(void tls_ctx, struct tls_connection conn)
	{
	return 0;
	}


	int tls_connection_get_read_alerts(void tls_ctx, struct tls_connection conn)
	{
	return 0;
	}


	int tls_connection_get_write_alerts(void *tls_ctx,
	struct tls_connection *conn)
	{
	return 0;
	}


	int tls_connection_get_keyblock_size(void *tls_ctx,
	struct tls_connection *conn)
	{
	return tlsv1_client_get_keyblock_size(conn->client);
	}


	unsigned int tls_capabilities(void *tls_ctx)
	{
	return 0;
	}


	int tls_connection_ia_send_phase_finished(void *tls_ctx,
	struct tls_connection *conn,
	int final,
	u8 *out_data, size_t out_len)
	{
	return -1;
	}


	int tls_connection_ia_final_phase_finished(void *tls_ctx,
	struct tls_connection *conn)
	{
	return -1;
	}


	int tls_connection_ia_permute_inner_secret(void *tls_ctx,
	struct tls_connection *conn,
	const u8 *key, size_t key_len)
	{
	return -1;
	}