00001
00019 #include "includes.h"
00020
00021 #include "common.h"
00022 #include "tls.h"
00023 #include "tls/tlsv1_client.h"
00024 #include "tls/tlsv1_server.h"
00025
00026
00027 static int tls_ref_count = 0;
00028
00029 struct tls_global {
00030 int server;
00031 struct tlsv1_credentials *server_cred;
00032 int check_crl;
00033 };
00034
00035 struct tls_connection {
00036 struct tlsv1_client *client;
00037 struct tlsv1_server *server;
00038 };
00039
00040
00041 void * tls_init(const struct tls_config *conf)
00042 {
00043 struct tls_global *global;
00044
00045 if (tls_ref_count == 0) {
00046 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00047 if (tlsv1_client_global_init())
00048 return NULL;
00049 #endif
00050 #ifdef CONFIG_TLS_INTERNAL_SERVER
00051 if (tlsv1_server_global_init())
00052 return NULL;
00053 #endif
00054 }
00055 tls_ref_count++;
00056
00057 global = os_zalloc(sizeof(*global));
00058 if (global == NULL)
00059 return NULL;
00060
00061 return global;
00062 }
00063
00064 void tls_deinit(void *ssl_ctx)
00065 {
00066 struct tls_global *global = ssl_ctx;
00067 tls_ref_count--;
00068 if (tls_ref_count == 0) {
00069 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00070 tlsv1_client_global_deinit();
00071 #endif
00072 #ifdef CONFIG_TLS_INTERNAL_SERVER
00073 tlsv1_cred_free(global->server_cred);
00074 tlsv1_server_global_deinit();
00075 #endif
00076 }
00077 os_free(global);
00078 }
00079
00080
00081 int tls_get_errors(void *tls_ctx)
00082 {
00083 return 0;
00084 }
00085
00086
00087 struct tls_connection * tls_connection_init(void *tls_ctx)
00088 {
00089 struct tls_connection *conn;
00090 struct tls_global *global = tls_ctx;
00091
00092 conn = os_zalloc(sizeof(*conn));
00093 if (conn == NULL)
00094 return NULL;
00095
00096 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00097 if (!global->server) {
00098 conn->client = tlsv1_client_init();
00099 if (conn->client == NULL) {
00100 os_free(conn);
00101 return NULL;
00102 }
00103 }
00104 #endif
00105 #ifdef CONFIG_TLS_INTERNAL_SERVER
00106 if (global->server) {
00107 conn->server = tlsv1_server_init(global->server_cred);
00108 if (conn->server == NULL) {
00109 os_free(conn);
00110 return NULL;
00111 }
00112 }
00113 #endif
00114
00115 return conn;
00116 }
00117
00118
00119 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
00120 {
00121 if (conn == NULL)
00122 return;
00123 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00124 if (conn->client)
00125 tlsv1_client_deinit(conn->client);
00126 #endif
00127 #ifdef CONFIG_TLS_INTERNAL_SERVER
00128 if (conn->server)
00129 tlsv1_server_deinit(conn->server);
00130 #endif
00131 os_free(conn);
00132 }
00133
00134
00135 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
00136 {
00137 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00138 if (conn->client)
00139 return tlsv1_client_established(conn->client);
00140 #endif
00141 #ifdef CONFIG_TLS_INTERNAL_SERVER
00142 if (conn->server)
00143 return tlsv1_server_established(conn->server);
00144 #endif
00145 return 0;
00146 }
00147
00148
00149 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
00150 {
00151 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00152 if (conn->client)
00153 return tlsv1_client_shutdown(conn->client);
00154 #endif
00155 #ifdef CONFIG_TLS_INTERNAL_SERVER
00156 if (conn->server)
00157 return tlsv1_server_shutdown(conn->server);
00158 #endif
00159 return -1;
00160 }
00161
00162
00163 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
00164 const struct tls_connection_params *params)
00165 {
00166 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00167 struct tlsv1_credentials *cred;
00168
00169 if (conn->client == NULL)
00170 return -1;
00171
00172 cred = tlsv1_cred_alloc();
00173 if (cred == NULL)
00174 return -1;
00175
00176 if (tlsv1_set_ca_cert(cred, params->ca_cert,
00177 params->ca_cert_blob, params->ca_cert_blob_len,
00178 params->ca_path)) {
00179 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
00180 "certificates");
00181 tlsv1_cred_free(cred);
00182 return -1;
00183 }
00184
00185 if (tlsv1_set_cert(cred, params->client_cert,
00186 params->client_cert_blob,
00187 params->client_cert_blob_len)) {
00188 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
00189 "certificate");
00190 tlsv1_cred_free(cred);
00191 return -1;
00192 }
00193
00194 if (tlsv1_set_private_key(cred, params->private_key,
00195 params->private_key_passwd,
00196 params->private_key_blob,
00197 params->private_key_blob_len)) {
00198 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
00199 tlsv1_cred_free(cred);
00200 return -1;
00201 }
00202
00203 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
00204 params->dh_blob_len)) {
00205 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
00206 tlsv1_cred_free(cred);
00207 return -1;
00208 }
00209
00210 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
00211 tlsv1_cred_free(cred);
00212 return -1;
00213 }
00214
00215 return 0;
00216 #else
00217 return -1;
00218 #endif
00219 }
00220
00221
00222 int tls_global_set_params(void *tls_ctx,
00223 const struct tls_connection_params *params)
00224 {
00225 #ifdef CONFIG_TLS_INTERNAL_SERVER
00226 struct tls_global *global = tls_ctx;
00227 struct tlsv1_credentials *cred;
00228
00229
00230
00231 global->server = 1;
00232 tlsv1_cred_free(global->server_cred);
00233 global->server_cred = cred = tlsv1_cred_alloc();
00234 if (cred == NULL)
00235 return -1;
00236
00237 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
00238 params->ca_cert_blob_len, params->ca_path)) {
00239 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
00240 "certificates");
00241 return -1;
00242 }
00243
00244 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
00245 params->client_cert_blob_len)) {
00246 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
00247 "certificate");
00248 return -1;
00249 }
00250
00251 if (tlsv1_set_private_key(cred, params->private_key,
00252 params->private_key_passwd,
00253 params->private_key_blob,
00254 params->private_key_blob_len)) {
00255 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
00256 return -1;
00257 }
00258
00259 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
00260 params->dh_blob_len)) {
00261 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
00262 return -1;
00263 }
00264
00265 return 0;
00266 #else
00267 return -1;
00268 #endif
00269 }
00270
00271
00272 int tls_global_set_verify(void *tls_ctx, int check_crl)
00273 {
00274 struct tls_global *global = tls_ctx;
00275 global->check_crl = check_crl;
00276 return 0;
00277 }
00278
00279
00280 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
00281 int verify_peer)
00282 {
00283 #ifdef CONFIG_TLS_INTERNAL_SERVER
00284 if (conn->server)
00285 return tlsv1_server_set_verify(conn->server, verify_peer);
00286 #endif
00287 return -1;
00288 }
00289
00290
00291 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
00292 int tls_ia)
00293 {
00294 return -1;
00295 }
00296
00297
00298 int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
00299 struct tls_keys *keys)
00300 {
00301 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00302 if (conn->client)
00303 return tlsv1_client_get_keys(conn->client, keys);
00304 #endif
00305 #ifdef CONFIG_TLS_INTERNAL_SERVER
00306 if (conn->server)
00307 return tlsv1_server_get_keys(conn->server, keys);
00308 #endif
00309 return -1;
00310 }
00311
00312
00313 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
00314 const char *label, int server_random_first,
00315 u8 *out, size_t out_len)
00316 {
00317 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00318 if (conn->client) {
00319 return tlsv1_client_prf(conn->client, label,
00320 server_random_first,
00321 out, out_len);
00322 }
00323 #endif
00324 #ifdef CONFIG_TLS_INTERNAL_SERVER
00325 if (conn->server) {
00326 return tlsv1_server_prf(conn->server, label,
00327 server_random_first,
00328 out, out_len);
00329 }
00330 #endif
00331 return -1;
00332 }
00333
00334
00335 u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
00336 const u8 *in_data, size_t in_len,
00337 size_t *out_len, u8 **appl_data,
00338 size_t *appl_data_len)
00339 {
00340 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00341 if (conn->client == NULL)
00342 return NULL;
00343
00344 if (appl_data)
00345 *appl_data = NULL;
00346
00347 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
00348 __func__, in_data, (unsigned long) in_len);
00349 return tlsv1_client_handshake(conn->client, in_data, in_len, out_len,
00350 appl_data, appl_data_len);
00351 #else
00352 return NULL;
00353 #endif
00354 }
00355
00356
00357 u8 * tls_connection_server_handshake(void *tls_ctx,
00358 struct tls_connection *conn,
00359 const u8 *in_data, size_t in_len,
00360 size_t *out_len)
00361 {
00362 #ifdef CONFIG_TLS_INTERNAL_SERVER
00363 u8 *out;
00364 if (conn->server == NULL)
00365 return NULL;
00366
00367 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
00368 __func__, in_data, (unsigned long) in_len);
00369 out = tlsv1_server_handshake(conn->server, in_data, in_len, out_len);
00370 if (out == NULL && tlsv1_server_established(conn->server)) {
00371 out = os_malloc(1);
00372 *out_len = 0;
00373 }
00374 return out;
00375 #else
00376 return NULL;
00377 #endif
00378 }
00379
00380
00381 int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
00382 const u8 *in_data, size_t in_len,
00383 u8 *out_data, size_t out_len)
00384 {
00385 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00386 if (conn->client) {
00387 return tlsv1_client_encrypt(conn->client, in_data, in_len,
00388 out_data, out_len);
00389 }
00390 #endif
00391 #ifdef CONFIG_TLS_INTERNAL_SERVER
00392 if (conn->server) {
00393 return tlsv1_server_encrypt(conn->server, in_data, in_len,
00394 out_data, out_len);
00395 }
00396 #endif
00397 return -1;
00398 }
00399
00400
00401 int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
00402 const u8 *in_data, size_t in_len,
00403 u8 *out_data, size_t out_len)
00404 {
00405 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00406 if (conn->client) {
00407 return tlsv1_client_decrypt(conn->client, in_data, in_len,
00408 out_data, out_len);
00409 }
00410 #endif
00411 #ifdef CONFIG_TLS_INTERNAL_SERVER
00412 if (conn->server) {
00413 return tlsv1_server_decrypt(conn->server, in_data, in_len,
00414 out_data, out_len);
00415 }
00416 #endif
00417 return -1;
00418 }
00419
00420
00421 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
00422 {
00423 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00424 if (conn->client)
00425 return tlsv1_client_resumed(conn->client);
00426 #endif
00427 #ifdef CONFIG_TLS_INTERNAL_SERVER
00428 if (conn->server)
00429 return tlsv1_server_resumed(conn->server);
00430 #endif
00431 return -1;
00432 }
00433
00434
00435 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
00436 u8 *ciphers)
00437 {
00438 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00439 if (conn->client)
00440 return tlsv1_client_set_cipher_list(conn->client, ciphers);
00441 #endif
00442 #ifdef CONFIG_TLS_INTERNAL_SERVER
00443 if (conn->server)
00444 return tlsv1_server_set_cipher_list(conn->server, ciphers);
00445 #endif
00446 return -1;
00447 }
00448
00449
00450 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
00451 char *buf, size_t buflen)
00452 {
00453 if (conn == NULL)
00454 return -1;
00455 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00456 if (conn->client)
00457 return tlsv1_client_get_cipher(conn->client, buf, buflen);
00458 #endif
00459 #ifdef CONFIG_TLS_INTERNAL_SERVER
00460 if (conn->server)
00461 return tlsv1_server_get_cipher(conn->server, buf, buflen);
00462 #endif
00463 return -1;
00464 }
00465
00466
00467 int tls_connection_enable_workaround(void *tls_ctx,
00468 struct tls_connection *conn)
00469 {
00470 return -1;
00471 }
00472
00473
00474 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
00475 int ext_type, const u8 *data,
00476 size_t data_len)
00477 {
00478 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00479 if (conn->client) {
00480 return tlsv1_client_hello_ext(conn->client, ext_type,
00481 data, data_len);
00482 }
00483 #endif
00484 return -1;
00485 }
00486
00487
00488 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
00489 {
00490 return 0;
00491 }
00492
00493
00494 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
00495 {
00496 return 0;
00497 }
00498
00499
00500 int tls_connection_get_write_alerts(void *tls_ctx,
00501 struct tls_connection *conn)
00502 {
00503 return 0;
00504 }
00505
00506
00507 int tls_connection_get_keyblock_size(void *tls_ctx,
00508 struct tls_connection *conn)
00509 {
00510 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00511 if (conn->client)
00512 return tlsv1_client_get_keyblock_size(conn->client);
00513 #endif
00514 #ifdef CONFIG_TLS_INTERNAL_SERVER
00515 if (conn->server)
00516 return tlsv1_server_get_keyblock_size(conn->server);
00517 #endif
00518 return -1;
00519 }
00520
00521
00522 unsigned int tls_capabilities(void *tls_ctx)
00523 {
00524 return 0;
00525 }
00526
00527
00528 int tls_connection_ia_send_phase_finished(void *tls_ctx,
00529 struct tls_connection *conn,
00530 int final,
00531 u8 *out_data, size_t out_len)
00532 {
00533 return -1;
00534 }
00535
00536
00537 int tls_connection_ia_final_phase_finished(void *tls_ctx,
00538 struct tls_connection *conn)
00539 {
00540 return -1;
00541 }
00542
00543
00544 int tls_connection_ia_permute_inner_secret(void *tls_ctx,
00545 struct tls_connection *conn,
00546 const u8 *key, size_t key_len)
00547 {
00548 return -1;
00549 }
00550
00551
00552 int tls_connection_set_session_ticket_cb(void *tls_ctx,
00553 struct tls_connection *conn,
00554 tls_session_ticket_cb cb,
00555 void *ctx)
00556 {
00557 #ifdef CONFIG_TLS_INTERNAL_CLIENT
00558 if (conn->client) {
00559 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
00560 return 0;
00561 }
00562 #endif
00563 #ifdef CONFIG_TLS_INTERNAL_SERVER
00564 if (conn->server) {
00565 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
00566 return 0;
00567 }
00568 #endif
00569 return -1;
00570 }
00571
1.6.1
