wpa_supplicant / hostapd
2.5
|
TLS v1.0/v1.1/v1.2 client (RFC 2246, RFC 4346, RFC 5246) More...
#include "includes.h"
#include "common.h"
#include "crypto/sha1.h"
#include "crypto/tls.h"
#include "tlsv1_common.h"
#include "tlsv1_record.h"
#include "tlsv1_client.h"
#include "tlsv1_client_i.h"
Functions | |
void | tls_alert (struct tlsv1_client *conn, u8 level, u8 description) |
void | tlsv1_client_free_dh (struct tlsv1_client *conn) |
int | tls_derive_pre_master_secret (u8 *pre_master_secret) |
int | tls_derive_keys (struct tlsv1_client *conn, const u8 *pre_master_secret, size_t pre_master_secret_len) |
u8 * | tlsv1_client_handshake (struct tlsv1_client *conn, const u8 *in_data, size_t in_len, size_t *out_len, u8 **appl_data, size_t *appl_data_len, int *need_more_data) |
Process TLS handshake. More... | |
int | tlsv1_client_encrypt (struct tlsv1_client *conn, const u8 *in_data, size_t in_len, u8 *out_data, size_t out_len) |
Encrypt data into TLS tunnel. More... | |
struct wpabuf * | tlsv1_client_decrypt (struct tlsv1_client *conn, const u8 *in_data, size_t in_len, int *need_more_data) |
Decrypt data from TLS tunnel. More... | |
int | tlsv1_client_global_init (void) |
Initialize TLSv1 client. More... | |
void | tlsv1_client_global_deinit (void) |
Deinitialize TLSv1 client. More... | |
struct tlsv1_client * | tlsv1_client_init (void) |
Initialize TLSv1 client connection. More... | |
void | tlsv1_client_deinit (struct tlsv1_client *conn) |
Deinitialize TLSv1 client connection. More... | |
int | tlsv1_client_established (struct tlsv1_client *conn) |
Check whether connection has been established. More... | |
int | tlsv1_client_prf (struct tlsv1_client *conn, const char *label, int server_random_first, u8 *out, size_t out_len) |
Use TLS-PRF to derive keying material. More... | |
int | tlsv1_client_get_cipher (struct tlsv1_client *conn, char *buf, size_t buflen) |
Get current cipher name. More... | |
int | tlsv1_client_shutdown (struct tlsv1_client *conn) |
Shutdown TLS connection. More... | |
int | tlsv1_client_resumed (struct tlsv1_client *conn) |
Was session resumption used. More... | |
int | tlsv1_client_hello_ext (struct tlsv1_client *conn, int ext_type, const u8 *data, size_t data_len) |
Set TLS extension for ClientHello. More... | |
int | tlsv1_client_get_random (struct tlsv1_client *conn, struct tls_random *keys) |
Get random data from TLS connection. More... | |
int | tlsv1_client_get_keyblock_size (struct tlsv1_client *conn) |
Get TLS key_block size. More... | |
int | tlsv1_client_set_cipher_list (struct tlsv1_client *conn, u8 *ciphers) |
Configure acceptable cipher suites. More... | |
int | tlsv1_client_set_cred (struct tlsv1_client *conn, struct tlsv1_credentials *cred) |
Set client credentials. More... | |
void | tlsv1_client_set_time_checks (struct tlsv1_client *conn, int enabled) |
void | tlsv1_client_set_session_ticket_cb (struct tlsv1_client *conn, tlsv1_client_session_ticket_cb cb, void *ctx) |
TLS v1.0/v1.1/v1.2 client (RFC 2246, RFC 4346, RFC 5246)
struct wpabuf* tlsv1_client_decrypt | ( | struct tlsv1_client * | conn, |
const u8 * | in_data, | ||
size_t | in_len, | ||
int * | need_more_data | ||
) |
Decrypt data from TLS tunnel.
conn | TLSv1 client connection data from tlsv1_client_init() |
in_data | Pointer to input buffer (encrypted TLS data) |
in_len | Input buffer length |
need_more_data | Set to 1 if more data would be needed to complete processing |
This function is used after TLS handshake has been completed successfully to receive data from the encrypted tunnel.
void tlsv1_client_deinit | ( | struct tlsv1_client * | conn | ) |
Deinitialize TLSv1 client connection.
conn | TLSv1 client connection data from tlsv1_client_init() |
int tlsv1_client_encrypt | ( | struct tlsv1_client * | conn, |
const u8 * | in_data, | ||
size_t | in_len, | ||
u8 * | out_data, | ||
size_t | out_len | ||
) |
Encrypt data into TLS tunnel.
conn | TLSv1 client connection data from tlsv1_client_init() |
in_data | Pointer to plaintext data to be encrypted |
in_len | Input buffer length |
out_data | Pointer to output buffer (encrypted TLS data) |
out_len | Maximum out_data length |
This function is used after TLS handshake has been completed successfully to send data in the encrypted tunnel.
int tlsv1_client_established | ( | struct tlsv1_client * | conn | ) |
Check whether connection has been established.
conn | TLSv1 client connection data from tlsv1_client_init() |
int tlsv1_client_get_cipher | ( | struct tlsv1_client * | conn, |
char * | buf, | ||
size_t | buflen | ||
) |
Get current cipher name.
conn | TLSv1 client connection data from tlsv1_client_init() |
buf | Buffer for the cipher name |
buflen | buf size |
Get the name of the currently used cipher.
int tlsv1_client_get_keyblock_size | ( | struct tlsv1_client * | conn | ) |
Get TLS key_block size.
conn | TLSv1 client connection data from tlsv1_client_init() |
int tlsv1_client_get_random | ( | struct tlsv1_client * | conn, |
struct tls_random * | keys | ||
) |
Get random data from TLS connection.
conn | TLSv1 client connection data from tlsv1_client_init() |
keys | Structure of random data (filled on success) |
void tlsv1_client_global_deinit | ( | void | ) |
Deinitialize TLSv1 client.
This function can be used to deinitialize the TLSv1 client that was initialized by calling tlsv1_client_global_init(). No TLSv1 client functions can be called after this before calling tlsv1_client_global_init() again.
int tlsv1_client_global_init | ( | void | ) |
Initialize TLSv1 client.
This function must be called before using any other TLSv1 client functions.
u8* tlsv1_client_handshake | ( | struct tlsv1_client * | conn, |
const u8 * | in_data, | ||
size_t | in_len, | ||
size_t * | out_len, | ||
u8 ** | appl_data, | ||
size_t * | appl_data_len, | ||
int * | need_more_data | ||
) |
Process TLS handshake.
conn | TLSv1 client connection data from tlsv1_client_init() |
in_data | Input data from TLS peer |
in_len | Input data length |
out_len | Length of the output buffer. |
appl_data | Pointer to application data pointer, or NULL if dropped |
appl_data_len | Pointer to variable that is set to appl_data length |
need_more_data | Set to 1 if more data would be needed to complete processing |
int tlsv1_client_hello_ext | ( | struct tlsv1_client * | conn, |
int | ext_type, | ||
const u8 * | data, | ||
size_t | data_len | ||
) |
Set TLS extension for ClientHello.
conn | TLSv1 client connection data from tlsv1_client_init() |
ext_type | Extension type |
data | Extension payload (NULL to remove extension) |
data_len | Extension payload length |
struct tlsv1_client* tlsv1_client_init | ( | void | ) |
Initialize TLSv1 client connection.
int tlsv1_client_prf | ( | struct tlsv1_client * | conn, |
const char * | label, | ||
int | server_random_first, | ||
u8 * | out, | ||
size_t | out_len | ||
) |
Use TLS-PRF to derive keying material.
conn | TLSv1 client connection data from tlsv1_client_init() |
label | Label (e.g., description of the key) for PRF |
server_random_first | seed is 0 = client_random|server_random, 1 = server_random|client_random |
out | Buffer for output data from TLS-PRF |
out_len | Length of the output buffer |
int tlsv1_client_resumed | ( | struct tlsv1_client * | conn | ) |
Was session resumption used.
conn | TLSv1 client connection data from tlsv1_client_init() |
int tlsv1_client_set_cipher_list | ( | struct tlsv1_client * | conn, |
u8 * | ciphers | ||
) |
Configure acceptable cipher suites.
conn | TLSv1 client connection data from tlsv1_client_init() |
ciphers | Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers (TLS_CIPHER_*). |
int tlsv1_client_set_cred | ( | struct tlsv1_client * | conn, |
struct tlsv1_credentials * | cred | ||
) |
Set client credentials.
conn | TLSv1 client connection data from tlsv1_client_init() |
cred | Credentials from tlsv1_cred_alloc() |
On success, the client takes ownership of the credentials block and caller must not free it. On failure, caller is responsible for freeing the credential block.
int tlsv1_client_shutdown | ( | struct tlsv1_client * | conn | ) |
Shutdown TLS connection.
conn | TLSv1 client connection data from tlsv1_client_init() |