wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Functions
tlsv1_server.c File Reference

TLS v1.0/v1.1/v1.2 server (RFC 2246, RFC 4346, RFC 5246) More...

#include "includes.h"
#include "common.h"
#include "crypto/sha1.h"
#include "crypto/tls.h"
#include "tlsv1_common.h"
#include "tlsv1_record.h"
#include "tlsv1_server.h"
#include "tlsv1_server_i.h"

Functions

void tlsv1_server_log (struct tlsv1_server *conn, const char *fmt,...)
 
void tlsv1_server_alert (struct tlsv1_server *conn, u8 level, u8 description)
 
int tlsv1_server_derive_keys (struct tlsv1_server *conn, const u8 *pre_master_secret, size_t pre_master_secret_len)
 
u8 * tlsv1_server_handshake (struct tlsv1_server *conn, const u8 *in_data, size_t in_len, size_t *out_len)
 Process TLS handshake. More...
 
int tlsv1_server_encrypt (struct tlsv1_server *conn, const u8 *in_data, size_t in_len, u8 *out_data, size_t out_len)
 Encrypt data into TLS tunnel. More...
 
int tlsv1_server_decrypt (struct tlsv1_server *conn, const u8 *in_data, size_t in_len, u8 *out_data, size_t out_len)
 Decrypt data from TLS tunnel. More...
 
int tlsv1_server_global_init (void)
 Initialize TLSv1 server. More...
 
void tlsv1_server_global_deinit (void)
 Deinitialize TLSv1 server. More...
 
struct tlsv1_servertlsv1_server_init (struct tlsv1_credentials *cred)
 Initialize TLSv1 server connection. More...
 
void tlsv1_server_deinit (struct tlsv1_server *conn)
 Deinitialize TLSv1 server connection. More...
 
int tlsv1_server_established (struct tlsv1_server *conn)
 Check whether connection has been established. More...
 
int tlsv1_server_prf (struct tlsv1_server *conn, const char *label, int server_random_first, u8 *out, size_t out_len)
 Use TLS-PRF to derive keying material. More...
 
int tlsv1_server_get_cipher (struct tlsv1_server *conn, char *buf, size_t buflen)
 Get current cipher name. More...
 
int tlsv1_server_shutdown (struct tlsv1_server *conn)
 Shutdown TLS connection. More...
 
int tlsv1_server_resumed (struct tlsv1_server *conn)
 Was session resumption used. More...
 
int tlsv1_server_get_random (struct tlsv1_server *conn, struct tls_random *keys)
 Get random data from TLS connection. More...
 
int tlsv1_server_get_keyblock_size (struct tlsv1_server *conn)
 Get TLS key_block size. More...
 
int tlsv1_server_set_cipher_list (struct tlsv1_server *conn, u8 *ciphers)
 Configure acceptable cipher suites. More...
 
int tlsv1_server_set_verify (struct tlsv1_server *conn, int verify_peer)
 
void tlsv1_server_set_session_ticket_cb (struct tlsv1_server *conn, tlsv1_server_session_ticket_cb cb, void *ctx)
 
void tlsv1_server_set_log_cb (struct tlsv1_server *conn, void(*cb)(void *ctx, const char *msg), void *ctx)
 
void tlsv1_server_get_dh_p (struct tlsv1_server *conn, const u8 **dh_p, size_t *dh_p_len)
 

Detailed Description

TLS v1.0/v1.1/v1.2 server (RFC 2246, RFC 4346, RFC 5246)

Function Documentation

int tlsv1_server_decrypt ( struct tlsv1_server conn,
const u8 *  in_data,
size_t  in_len,
u8 *  out_data,
size_t  out_len 
)

Decrypt data from TLS tunnel.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
in_dataPointer to input buffer (encrypted TLS data)
in_lenInput buffer length
out_dataPointer to output buffer (decrypted data from TLS tunnel)
out_lenMaximum out_data length
Returns
Number of bytes written to out_data, -1 on failure

This function is used after TLS handshake has been completed successfully to receive data from the encrypted tunnel.

void tlsv1_server_deinit ( struct tlsv1_server conn)

Deinitialize TLSv1 server connection.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
int tlsv1_server_encrypt ( struct tlsv1_server conn,
const u8 *  in_data,
size_t  in_len,
u8 *  out_data,
size_t  out_len 
)

Encrypt data into TLS tunnel.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
in_dataPointer to plaintext data to be encrypted
in_lenInput buffer length
out_dataPointer to output buffer (encrypted TLS data)
out_lenMaximum out_data length
Returns
Number of bytes written to out_data, -1 on failure

This function is used after TLS handshake has been completed successfully to send data in the encrypted tunnel.

int tlsv1_server_established ( struct tlsv1_server conn)

Check whether connection has been established.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
Returns
1 if connection is established, 0 if not
int tlsv1_server_get_cipher ( struct tlsv1_server conn,
char *  buf,
size_t  buflen 
)

Get current cipher name.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
bufBuffer for the cipher name
buflenbuf size
Returns
0 on success, -1 on failure

Get the name of the currently used cipher.

int tlsv1_server_get_keyblock_size ( struct tlsv1_server conn)

Get TLS key_block size.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
Returns
Size of the key_block for the negotiated cipher suite or -1 on failure
int tlsv1_server_get_random ( struct tlsv1_server conn,
struct tls_random keys 
)

Get random data from TLS connection.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
keysStructure of random data (filled on success)
Returns
0 on success, -1 on failure
void tlsv1_server_global_deinit ( void  )

Deinitialize TLSv1 server.

This function can be used to deinitialize the TLSv1 server that was initialized by calling tlsv1_server_global_init(). No TLSv1 server functions can be called after this before calling tlsv1_server_global_init() again.

int tlsv1_server_global_init ( void  )

Initialize TLSv1 server.

Returns
0 on success, -1 on failure

This function must be called before using any other TLSv1 server functions.

u8* tlsv1_server_handshake ( struct tlsv1_server conn,
const u8 *  in_data,
size_t  in_len,
size_t *  out_len 
)

Process TLS handshake.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
in_dataInput data from TLS peer
in_lenInput data length
out_lenLength of the output buffer.
Returns
Pointer to output data, NULL on failure
struct tlsv1_server* tlsv1_server_init ( struct tlsv1_credentials cred)

Initialize TLSv1 server connection.

Parameters
credPointer to server credentials from tlsv1_server_cred_alloc()
Returns
Pointer to TLSv1 server connection data or NULL on failure
int tlsv1_server_prf ( struct tlsv1_server conn,
const char *  label,
int  server_random_first,
u8 *  out,
size_t  out_len 
)

Use TLS-PRF to derive keying material.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
labelLabel (e.g., description of the key) for PRF
server_random_firstseed is 0 = client_random|server_random, 1 = server_random|client_random
outBuffer for output data from TLS-PRF
out_lenLength of the output buffer
Returns
0 on success, -1 on failure
int tlsv1_server_resumed ( struct tlsv1_server conn)

Was session resumption used.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
Returns
1 if current session used session resumption, 0 if not
int tlsv1_server_set_cipher_list ( struct tlsv1_server conn,
u8 *  ciphers 
)

Configure acceptable cipher suites.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
ciphersZero (TLS_CIPHER_NONE) terminated list of allowed ciphers (TLS_CIPHER_*).
Returns
0 on success, -1 on failure
int tlsv1_server_shutdown ( struct tlsv1_server conn)

Shutdown TLS connection.

Parameters
connTLSv1 server connection data from tlsv1_server_init()
Returns
0 on success, -1 on failure