2 * WPA Supplicant / SSL/TLS interface functions for openssl
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #include <gnutls/gnutls.h>
17 #include <gnutls/x509.h>
19 #include <gnutls/pkcs12.h>
20 #endif /* PKCS12_FUNCS */
22 #ifdef CONFIG_GNUTLS_EXTRA
23 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
25 #include <gnutls/extra.h>
26 #if LIBGNUTLS_VERSION_NUMBER == 0x010302
27 /* This function is not included in the current gnutls/extra.h even though it
28 * should be, so define it here as a workaround for the time being. */
29 int gnutls_ia_verify_endphase(gnutls_session_t session
, char *checksum
);
30 #endif /* LIBGNUTLS_VERSION_NUMBER == 0x010302 */
31 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
32 #endif /* CONFIG_GNUTLS_EXTRA */
38 #define TLS_RANDOM_SIZE 32
39 #define TLS_MASTER_SIZE 48
42 #if LIBGNUTLS_VERSION_NUMBER < 0x010302
43 /* GnuTLS 1.3.2 added functions for using master secret. Older versions require
44 * use of internal structures to get the master_secret and
45 * {server,client}_random.
47 #define GNUTLS_INTERNAL_STRUCTURE_HACK
48 #endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
51 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
53 * It looks like gnutls does not provide access to client/server_random and
54 * master_key. This is somewhat unfortunate since these are needed for key
55 * derivation in EAP-{TLS,TTLS,PEAP,FAST}. Workaround for now is a horrible
56 * hack that copies the gnutls_session_int definition from gnutls_int.h so that
57 * we can get the needed information.
61 typedef unsigned char opaque
;
67 gnutls_connection_end_t entity
;
68 gnutls_kx_algorithm_t kx_algorithm
;
69 gnutls_cipher_algorithm_t read_bulk_cipher_algorithm
;
70 gnutls_mac_algorithm_t read_mac_algorithm
;
71 gnutls_compression_method_t read_compression_algorithm
;
72 gnutls_cipher_algorithm_t write_bulk_cipher_algorithm
;
73 gnutls_mac_algorithm_t write_mac_algorithm
;
74 gnutls_compression_method_t write_compression_algorithm
;
75 cipher_suite_st current_cipher_suite
;
76 opaque master_secret
[TLS_MASTER_SIZE
];
77 opaque client_random
[TLS_RANDOM_SIZE
];
78 opaque server_random
[TLS_RANDOM_SIZE
];
79 /* followed by stuff we are not interested in */
80 } security_parameters_st
;
82 struct gnutls_session_int
{
83 security_parameters_st security_parameters
;
84 /* followed by things we are not interested in */
86 #endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
88 static int tls_gnutls_ref_count
= 0;
91 /* Data for session resumption */
93 size_t session_data_size
;
98 gnutls_certificate_credentials_t xcred
;
101 struct tls_connection
{
102 gnutls_session session
;
103 char *subject_match
, *altsubject_match
;
104 int read_alerts
, write_alerts
, failed
;
106 u8
*pre_shared_secret
;
107 size_t pre_shared_secret_len
;
111 u8
*push_buf
, *pull_buf
, *pull_buf_offset
;
112 size_t push_buf_len
, pull_buf_len
;
115 gnutls_certificate_credentials_t xcred
;
118 int final_phase_finished
;
121 gnutls_ia_server_credentials_t iacred_srv
;
122 gnutls_ia_client_credentials_t iacred_cli
;
124 /* Session keys generated in the current phase for inner secret
125 * permutation before generating/verifying PhaseFinished. */
127 size_t session_keys_len
;
129 u8 inner_secret
[TLS_MASTER_SIZE
];
130 #endif /* GNUTLS_IA */
134 static void tls_log_func(int level
, const char *msg
)
137 if (level
== 6 || level
== 7) {
138 /* These levels seem to be mostly I/O debug and msg dumps */
147 while (*pos
!= '\0') {
154 wpa_printf(level
> 3 ? MSG_MSGDUMP
: MSG_DEBUG
,
155 "gnutls<%d> %s", level
, s
);
160 extern int wpa_debug_show_keys
;
162 void * tls_init(const struct tls_config
*conf
)
164 struct tls_global
*global
;
166 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
167 /* Because of the horrible hack to get master_secret and client/server
168 * random, we need to make sure that the gnutls version is something
169 * that is expected to have same structure definition for the session
172 const char *ok_ver
[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9",
176 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
178 global
= os_zalloc(sizeof(*global
));
182 if (tls_gnutls_ref_count
== 0 && gnutls_global_init() < 0) {
186 tls_gnutls_ref_count
++;
188 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
189 ver
= gnutls_check_version(NULL
);
194 wpa_printf(MSG_DEBUG
, "%s - gnutls version %s", __func__
, ver
);
195 for (i
= 0; ok_ver
[i
]; i
++) {
196 if (strcmp(ok_ver
[i
], ver
) == 0)
199 if (ok_ver
[i
] == NULL
) {
200 wpa_printf(MSG_INFO
, "Untested gnutls version %s - this needs "
201 "to be tested and enabled in tls_gnutls.c", ver
);
205 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
207 gnutls_global_set_log_function(tls_log_func
);
208 if (wpa_debug_show_keys
)
209 gnutls_global_set_log_level(11);
214 void tls_deinit(void *ssl_ctx
)
216 struct tls_global
*global
= ssl_ctx
;
218 if (global
->params_set
)
219 gnutls_certificate_free_credentials(global
->xcred
);
220 os_free(global
->session_data
);
224 tls_gnutls_ref_count
--;
225 if (tls_gnutls_ref_count
== 0)
226 gnutls_global_deinit();
230 int tls_get_errors(void *ssl_ctx
)
236 static ssize_t
tls_pull_func(gnutls_transport_ptr ptr
, void *buf
,
239 struct tls_connection
*conn
= (struct tls_connection
*) ptr
;
241 if (conn
->pull_buf
== NULL
) {
246 end
= conn
->pull_buf
+ conn
->pull_buf_len
;
247 if ((size_t) (end
- conn
->pull_buf_offset
) < len
)
248 len
= end
- conn
->pull_buf_offset
;
249 os_memcpy(buf
, conn
->pull_buf_offset
, len
);
250 conn
->pull_buf_offset
+= len
;
251 if (conn
->pull_buf_offset
== end
) {
252 wpa_printf(MSG_DEBUG
, "%s - pull_buf consumed", __func__
);
253 os_free(conn
->pull_buf
);
254 conn
->pull_buf
= conn
->pull_buf_offset
= NULL
;
255 conn
->pull_buf_len
= 0;
257 wpa_printf(MSG_DEBUG
, "%s - %d bytes remaining in pull_buf",
258 __func__
, end
- conn
->pull_buf_offset
);
264 static ssize_t
tls_push_func(gnutls_transport_ptr ptr
, const void *buf
,
267 struct tls_connection
*conn
= (struct tls_connection
*) ptr
;
270 nbuf
= os_realloc(conn
->push_buf
, conn
->push_buf_len
+ len
);
275 os_memcpy(nbuf
+ conn
->push_buf_len
, buf
, len
);
276 conn
->push_buf
= nbuf
;
277 conn
->push_buf_len
+= len
;
283 static int tls_gnutls_init_session(struct tls_global
*global
,
284 struct tls_connection
*conn
)
286 const int cert_types
[2] = { GNUTLS_CRT_X509
, 0 };
287 const int protos
[2] = { GNUTLS_TLS1
, 0 };
290 ret
= gnutls_init(&conn
->session
,
291 global
->server
? GNUTLS_SERVER
: GNUTLS_CLIENT
);
293 wpa_printf(MSG_INFO
, "TLS: Failed to initialize new TLS "
294 "connection: %s", gnutls_strerror(ret
));
298 ret
= gnutls_set_default_priority(conn
->session
);
302 ret
= gnutls_certificate_type_set_priority(conn
->session
, cert_types
);
306 ret
= gnutls_protocol_set_priority(conn
->session
, protos
);
310 gnutls_transport_set_pull_function(conn
->session
, tls_pull_func
);
311 gnutls_transport_set_push_function(conn
->session
, tls_push_func
);
312 gnutls_transport_set_ptr(conn
->session
, (gnutls_transport_ptr
) conn
);
317 wpa_printf(MSG_INFO
, "TLS: Failed to setup new TLS connection: %s",
318 gnutls_strerror(ret
));
319 gnutls_deinit(conn
->session
);
324 struct tls_connection
* tls_connection_init(void *ssl_ctx
)
326 struct tls_global
*global
= ssl_ctx
;
327 struct tls_connection
*conn
;
330 conn
= os_zalloc(sizeof(*conn
));
334 if (tls_gnutls_init_session(global
, conn
)) {
339 if (global
->params_set
) {
340 ret
= gnutls_credentials_set(conn
->session
,
341 GNUTLS_CRD_CERTIFICATE
,
344 wpa_printf(MSG_INFO
, "Failed to configure "
345 "credentials: %s", gnutls_strerror(ret
));
351 if (gnutls_certificate_allocate_credentials(&conn
->xcred
)) {
360 void tls_connection_deinit(void *ssl_ctx
, struct tls_connection
*conn
)
366 if (conn
->iacred_srv
)
367 gnutls_ia_free_server_credentials(conn
->iacred_srv
);
368 if (conn
->iacred_cli
)
369 gnutls_ia_free_client_credentials(conn
->iacred_cli
);
370 if (conn
->session_keys
) {
371 os_memset(conn
->session_keys
, 0, conn
->session_keys_len
);
372 os_free(conn
->session_keys
);
374 #endif /* GNUTLS_IA */
376 gnutls_certificate_free_credentials(conn
->xcred
);
377 gnutls_deinit(conn
->session
);
378 os_free(conn
->pre_shared_secret
);
379 os_free(conn
->subject_match
);
380 os_free(conn
->altsubject_match
);
381 os_free(conn
->push_buf
);
382 os_free(conn
->pull_buf
);
387 int tls_connection_established(void *ssl_ctx
, struct tls_connection
*conn
)
389 return conn
? conn
->established
: 0;
393 int tls_connection_shutdown(void *ssl_ctx
, struct tls_connection
*conn
)
395 struct tls_global
*global
= ssl_ctx
;
401 /* Shutdown previous TLS connection without notifying the peer
402 * because the connection was already terminated in practice
403 * and "close notify" shutdown alert would confuse AS. */
404 gnutls_bye(conn
->session
, GNUTLS_SHUT_RDWR
);
405 os_free(conn
->push_buf
);
406 conn
->push_buf
= NULL
;
407 conn
->push_buf_len
= 0;
408 conn
->established
= 0;
409 conn
->final_phase_finished
= 0;
411 if (conn
->session_keys
) {
412 os_memset(conn
->session_keys
, 0, conn
->session_keys_len
);
413 os_free(conn
->session_keys
);
415 conn
->session_keys_len
= 0;
416 #endif /* GNUTLS_IA */
418 gnutls_deinit(conn
->session
);
419 if (tls_gnutls_init_session(global
, conn
)) {
420 wpa_printf(MSG_INFO
, "GnuTLS: Failed to preparare new session "
421 "for session resumption use");
425 ret
= gnutls_credentials_set(conn
->session
, GNUTLS_CRD_CERTIFICATE
,
426 conn
->params_set
? conn
->xcred
:
429 wpa_printf(MSG_INFO
, "GnuTLS: Failed to configure credentials "
430 "for session resumption: %s", gnutls_strerror(ret
));
434 if (global
->session_data
) {
435 ret
= gnutls_session_set_data(conn
->session
,
436 global
->session_data
,
437 global
->session_data_size
);
439 wpa_printf(MSG_INFO
, "GnuTLS: Failed to set session "
440 "data: %s", gnutls_strerror(ret
));
450 static int tls_match_altsubject(X509
*cert
, const char *match
)
458 ext
= X509_get_ext_d2i(cert
, NID_subject_alt_name
, NULL
, NULL
);
460 for (i
= 0; ext
&& i
< sk_GENERAL_NAME_num(ext
); i
++) {
461 gen
= sk_GENERAL_NAME_value(ext
, i
);
474 wpa_printf(MSG_DEBUG
, "TLS: altSubjectName: "
475 "unsupported type=%d", gen
->type
);
482 wpa_printf(MSG_DEBUG
, "TLS: altSubjectName: %s:%s",
483 field
, gen
->d
.ia5
->data
);
484 len
= os_strlen(field
) + 1 +
485 strlen((char *) gen
->d
.ia5
->data
) + 1;
486 tmp
= os_malloc(len
);
489 snprintf(tmp
, len
, "%s:%s", field
, gen
->d
.ia5
->data
);
490 if (strstr(tmp
, match
))
501 static int tls_verify_cb(int preverify_ok
, X509_STORE_CTX
*x509_ctx
)
507 struct tls_connection
*conn
;
508 char *match
, *altmatch
;
510 err_cert
= X509_STORE_CTX_get_current_cert(x509_ctx
);
511 err
= X509_STORE_CTX_get_error(x509_ctx
);
512 depth
= X509_STORE_CTX_get_error_depth(x509_ctx
);
513 ssl
= X509_STORE_CTX_get_ex_data(x509_ctx
,
514 SSL_get_ex_data_X509_STORE_CTX_idx());
515 X509_NAME_oneline(X509_get_subject_name(err_cert
), buf
, sizeof(buf
));
517 conn
= SSL_get_app_data(ssl
);
518 match
= conn
? conn
->subject_match
: NULL
;
519 altmatch
= conn
? conn
->altsubject_match
: NULL
;
522 wpa_printf(MSG_WARNING
, "TLS: Certificate verification failed,"
523 " error %d (%s) depth %d for '%s'", err
,
524 X509_verify_cert_error_string(err
), depth
, buf
);
526 wpa_printf(MSG_DEBUG
, "TLS: tls_verify_cb - "
527 "preverify_ok=%d err=%d (%s) depth=%d buf='%s'",
529 X509_verify_cert_error_string(err
), depth
, buf
);
530 if (depth
== 0 && match
&& strstr(buf
, match
) == NULL
) {
531 wpa_printf(MSG_WARNING
, "TLS: Subject '%s' did not "
532 "match with '%s'", buf
, match
);
534 } else if (depth
== 0 && altmatch
&&
535 !tls_match_altsubject(err_cert
, altmatch
)) {
536 wpa_printf(MSG_WARNING
, "TLS: altSubjectName match "
537 "'%s' not found", altmatch
);
547 int tls_connection_set_params(void *tls_ctx
, struct tls_connection
*conn
,
548 const struct tls_connection_params
*params
)
552 if (conn
== NULL
|| params
== NULL
)
555 os_free(conn
->subject_match
);
556 conn
->subject_match
= NULL
;
557 if (params
->subject_match
) {
558 conn
->subject_match
= os_strdup(params
->subject_match
);
559 if (conn
->subject_match
== NULL
)
563 os_free(conn
->altsubject_match
);
564 conn
->altsubject_match
= NULL
;
565 if (params
->altsubject_match
) {
566 conn
->altsubject_match
= os_strdup(params
->altsubject_match
);
567 if (conn
->altsubject_match
== NULL
)
571 /* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
572 * to force peer validation(?) */
574 if (params
->ca_cert
) {
575 conn
->verify_peer
= 1;
576 ret
= gnutls_certificate_set_x509_trust_file(
577 conn
->xcred
, params
->ca_cert
, GNUTLS_X509_FMT_PEM
);
579 wpa_printf(MSG_DEBUG
, "Failed to read CA cert '%s' "
580 "in PEM format: %s", params
->ca_cert
,
581 gnutls_strerror(ret
));
582 ret
= gnutls_certificate_set_x509_trust_file(
583 conn
->xcred
, params
->ca_cert
,
584 GNUTLS_X509_FMT_DER
);
586 wpa_printf(MSG_DEBUG
, "Failed to read CA cert "
587 "'%s' in DER format: %s",
589 gnutls_strerror(ret
));
595 if (params
->client_cert
&& params
->private_key
) {
596 /* TODO: private_key_passwd? */
597 ret
= gnutls_certificate_set_x509_key_file(
598 conn
->xcred
, params
->client_cert
, params
->private_key
,
599 GNUTLS_X509_FMT_PEM
);
601 wpa_printf(MSG_DEBUG
, "Failed to read client cert/key "
602 "in PEM format: %s", gnutls_strerror(ret
));
603 ret
= gnutls_certificate_set_x509_key_file(
604 conn
->xcred
, params
->client_cert
,
605 params
->private_key
, GNUTLS_X509_FMT_DER
);
607 wpa_printf(MSG_DEBUG
, "Failed to read client "
608 "cert/key in DER format: %s",
609 gnutls_strerror(ret
));
613 } else if (params
->private_key
) {
616 /* Try to load in PKCS#12 format */
617 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
618 ret
= gnutls_certificate_set_x509_simple_pkcs12_file(
619 conn
->xcred
, params
->private_key
, GNUTLS_X509_FMT_DER
,
620 params
->private_key_passwd
);
622 wpa_printf(MSG_DEBUG
, "Failed to load private_key in "
623 "PKCS#12 format: %s", gnutls_strerror(ret
));
627 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
628 #endif /* PKCS12_FUNCS */
631 wpa_printf(MSG_DEBUG
, "GnuTLS: PKCS#12 support not "
637 conn
->tls_ia
= params
->tls_ia
;
638 conn
->params_set
= 1;
640 ret
= gnutls_credentials_set(conn
->session
, GNUTLS_CRD_CERTIFICATE
,
643 wpa_printf(MSG_INFO
, "Failed to configure credentials: %s",
644 gnutls_strerror(ret
));
648 if (conn
->iacred_cli
)
649 gnutls_ia_free_client_credentials(conn
->iacred_cli
);
651 ret
= gnutls_ia_allocate_client_credentials(&conn
->iacred_cli
);
653 wpa_printf(MSG_DEBUG
, "Failed to allocate IA credentials: %s",
654 gnutls_strerror(ret
));
658 ret
= gnutls_credentials_set(conn
->session
, GNUTLS_CRD_IA
,
661 wpa_printf(MSG_DEBUG
, "Failed to configure IA credentials: %s",
662 gnutls_strerror(ret
));
663 gnutls_ia_free_client_credentials(conn
->iacred_cli
);
664 conn
->iacred_cli
= NULL
;
667 #endif /* GNUTLS_IE */
673 int tls_global_set_params(void *tls_ctx
,
674 const struct tls_connection_params
*params
)
676 struct tls_global
*global
= tls_ctx
;
679 /* Currently, global parameters are only set when running in server
683 if (global
->params_set
) {
684 gnutls_certificate_free_credentials(global
->xcred
);
685 global
->params_set
= 0;
688 ret
= gnutls_certificate_allocate_credentials(&global
->xcred
);
690 wpa_printf(MSG_DEBUG
, "Failed to allocate global credentials "
691 "%s", gnutls_strerror(ret
));
695 if (params
->ca_cert
) {
696 ret
= gnutls_certificate_set_x509_trust_file(
697 global
->xcred
, params
->ca_cert
, GNUTLS_X509_FMT_PEM
);
699 wpa_printf(MSG_DEBUG
, "Failed to read CA cert '%s' "
700 "in PEM format: %s", params
->ca_cert
,
701 gnutls_strerror(ret
));
702 ret
= gnutls_certificate_set_x509_trust_file(
703 global
->xcred
, params
->ca_cert
,
704 GNUTLS_X509_FMT_DER
);
706 wpa_printf(MSG_DEBUG
, "Failed to read CA cert "
707 "'%s' in DER format: %s",
709 gnutls_strerror(ret
));
715 if (params
->client_cert
&& params
->private_key
) {
716 /* TODO: private_key_passwd? */
717 ret
= gnutls_certificate_set_x509_key_file(
718 global
->xcred
, params
->client_cert
,
719 params
->private_key
, GNUTLS_X509_FMT_PEM
);
721 wpa_printf(MSG_DEBUG
, "Failed to read client cert/key "
722 "in PEM format: %s", gnutls_strerror(ret
));
723 ret
= gnutls_certificate_set_x509_key_file(
724 global
->xcred
, params
->client_cert
,
725 params
->private_key
, GNUTLS_X509_FMT_DER
);
727 wpa_printf(MSG_DEBUG
, "Failed to read client "
728 "cert/key in DER format: %s",
729 gnutls_strerror(ret
));
733 } else if (params
->private_key
) {
736 /* Try to load in PKCS#12 format */
737 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
738 ret
= gnutls_certificate_set_x509_simple_pkcs12_file(
739 global
->xcred
, params
->private_key
,
740 GNUTLS_X509_FMT_DER
, params
->private_key_passwd
);
742 wpa_printf(MSG_DEBUG
, "Failed to load private_key in "
743 "PKCS#12 format: %s", gnutls_strerror(ret
));
747 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
748 #endif /* PKCS12_FUNCS */
751 wpa_printf(MSG_DEBUG
, "GnuTLS: PKCS#12 support not "
757 global
->params_set
= 1;
762 gnutls_certificate_free_credentials(global
->xcred
);
767 int tls_global_set_verify(void *ssl_ctx
, int check_crl
)
774 int tls_connection_set_verify(void *ssl_ctx
, struct tls_connection
*conn
,
777 if (conn
== NULL
|| conn
->session
== NULL
)
780 conn
->verify_peer
= verify_peer
;
781 gnutls_certificate_server_set_request(conn
->session
,
782 verify_peer
? GNUTLS_CERT_REQUIRE
783 : GNUTLS_CERT_REQUEST
);
789 int tls_connection_get_keys(void *ssl_ctx
, struct tls_connection
*conn
,
790 struct tls_keys
*keys
)
792 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
793 security_parameters_st
*sec
;
794 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
796 if (conn
== NULL
|| conn
->session
== NULL
|| keys
== NULL
)
799 os_memset(keys
, 0, sizeof(*keys
));
801 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
802 sec
= &conn
->session
->security_parameters
;
803 keys
->master_key
= sec
->master_secret
;
804 keys
->master_key_len
= TLS_MASTER_SIZE
;
805 keys
->client_random
= sec
->client_random
;
806 keys
->server_random
= sec
->server_random
;
807 #else /* GNUTLS_INTERNAL_STRUCTURE_HACK */
808 keys
->client_random
=
809 (u8
*) gnutls_session_get_client_random(conn
->session
);
810 keys
->server_random
=
811 (u8
*) gnutls_session_get_server_random(conn
->session
);
812 /* No access to master_secret */
813 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
816 gnutls_ia_extract_inner_secret(conn
->session
,
817 (char *) conn
->inner_secret
);
818 keys
->inner_secret
= conn
->inner_secret
;
819 keys
->inner_secret_len
= TLS_MASTER_SIZE
;
820 #endif /* GNUTLS_IA */
822 keys
->client_random_len
= TLS_RANDOM_SIZE
;
823 keys
->server_random_len
= TLS_RANDOM_SIZE
;
829 int tls_connection_prf(void *tls_ctx
, struct tls_connection
*conn
,
830 const char *label
, int server_random_first
,
831 u8
*out
, size_t out_len
)
833 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
834 if (conn
== NULL
|| conn
->session
== NULL
)
837 return gnutls_prf(conn
->session
, os_strlen(label
), label
,
838 server_random_first
, 0, NULL
, out_len
, (char *) out
);
839 #else /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
841 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
845 static int tls_connection_verify_peer(struct tls_connection
*conn
)
847 unsigned int status
, num_certs
, i
;
849 const gnutls_datum_t
*certs
;
850 gnutls_x509_crt_t cert
;
852 if (gnutls_certificate_verify_peers2(conn
->session
, &status
) < 0) {
853 wpa_printf(MSG_INFO
, "TLS: Failed to verify peer "
854 "certificate chain");
858 if (conn
->verify_peer
&& (status
& GNUTLS_CERT_INVALID
)) {
859 wpa_printf(MSG_INFO
, "TLS: Peer certificate not trusted");
863 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
) {
864 wpa_printf(MSG_INFO
, "TLS: Peer certificate does not have a "
869 if (status
& GNUTLS_CERT_REVOKED
) {
870 wpa_printf(MSG_INFO
, "TLS: Peer certificate has been revoked");
876 certs
= gnutls_certificate_get_peers(conn
->session
, &num_certs
);
878 wpa_printf(MSG_INFO
, "TLS: No peer certificate chain "
883 for (i
= 0; i
< num_certs
; i
++) {
886 if (gnutls_x509_crt_init(&cert
) < 0) {
887 wpa_printf(MSG_INFO
, "TLS: Certificate initialization "
892 if (gnutls_x509_crt_import(cert
, &certs
[i
],
893 GNUTLS_X509_FMT_DER
) < 0) {
894 wpa_printf(MSG_INFO
, "TLS: Could not parse peer "
895 "certificate %d/%d", i
+ 1, num_certs
);
896 gnutls_x509_crt_deinit(cert
);
900 gnutls_x509_crt_get_dn(cert
, NULL
, &len
);
902 buf
= os_malloc(len
+ 1);
904 buf
[0] = buf
[len
] = '\0';
905 gnutls_x509_crt_get_dn(cert
, buf
, &len
);
907 wpa_printf(MSG_DEBUG
, "TLS: Peer cert chain %d/%d: %s",
908 i
+ 1, num_certs
, buf
);
911 /* TODO: validate subject_match and altsubject_match */
916 if (gnutls_x509_crt_get_expiration_time(cert
) < now
.sec
||
917 gnutls_x509_crt_get_activation_time(cert
) > now
.sec
) {
918 wpa_printf(MSG_INFO
, "TLS: Peer certificate %d/%d is "
919 "not valid at this time",
921 gnutls_x509_crt_deinit(cert
);
925 gnutls_x509_crt_deinit(cert
);
932 u8
* tls_connection_handshake(void *ssl_ctx
, struct tls_connection
*conn
,
933 const u8
*in_data
, size_t in_len
,
934 size_t *out_len
, u8
**appl_data
,
935 size_t *appl_data_len
)
937 struct tls_global
*global
= ssl_ctx
;
944 if (in_data
&& in_len
) {
945 if (conn
->pull_buf
) {
946 wpa_printf(MSG_DEBUG
, "%s - %d bytes remaining in "
947 "pull_buf", __func__
, conn
->pull_buf_len
);
948 os_free(conn
->pull_buf
);
950 conn
->pull_buf
= os_malloc(in_len
);
951 if (conn
->pull_buf
== NULL
)
953 os_memcpy(conn
->pull_buf
, in_data
, in_len
);
954 conn
->pull_buf_offset
= conn
->pull_buf
;
955 conn
->pull_buf_len
= in_len
;
958 ret
= gnutls_handshake(conn
->session
);
962 if (global
->server
&& conn
->established
&&
963 conn
->push_buf
== NULL
) {
964 /* Need to return something to trigger
965 * completion of EAP-TLS. */
966 conn
->push_buf
= os_malloc(1);
969 case GNUTLS_E_FATAL_ALERT_RECEIVED
:
970 wpa_printf(MSG_DEBUG
, "%s - received fatal '%s' alert",
971 __func__
, gnutls_alert_get_name(
972 gnutls_alert_get(conn
->session
)));
976 wpa_printf(MSG_DEBUG
, "%s - gnutls_handshake failed "
977 "-> %s", __func__
, gnutls_strerror(ret
));
983 if (conn
->verify_peer
&& tls_connection_verify_peer(conn
)) {
984 wpa_printf(MSG_INFO
, "TLS: Peer certificate chain "
985 "failed validation");
990 if (conn
->tls_ia
&& !gnutls_ia_handshake_p(conn
->session
)) {
991 wpa_printf(MSG_INFO
, "TLS: No TLS/IA negotiation");
997 wpa_printf(MSG_DEBUG
, "TLS: Start TLS/IA handshake");
999 wpa_printf(MSG_DEBUG
, "TLS: Handshake completed "
1002 conn
->established
= 1;
1003 if (conn
->push_buf
== NULL
) {
1004 /* Need to return something to get final TLS ACK. */
1005 conn
->push_buf
= os_malloc(1);
1008 gnutls_session_get_data(conn
->session
, NULL
, &size
);
1009 if (global
->session_data
== NULL
||
1010 global
->session_data_size
< size
) {
1011 os_free(global
->session_data
);
1012 global
->session_data
= os_malloc(size
);
1014 if (global
->session_data
) {
1015 global
->session_data_size
= size
;
1016 gnutls_session_get_data(conn
->session
,
1017 global
->session_data
,
1018 &global
->session_data_size
);
1022 out_data
= conn
->push_buf
;
1023 *out_len
= conn
->push_buf_len
;
1024 conn
->push_buf
= NULL
;
1025 conn
->push_buf_len
= 0;
1030 u8
* tls_connection_server_handshake(void *ssl_ctx
,
1031 struct tls_connection
*conn
,
1032 const u8
*in_data
, size_t in_len
,
1035 return tls_connection_handshake(ssl_ctx
, conn
, in_data
, in_len
,
1036 out_len
, NULL
, NULL
);
1040 int tls_connection_encrypt(void *ssl_ctx
, struct tls_connection
*conn
,
1041 const u8
*in_data
, size_t in_len
,
1042 u8
*out_data
, size_t out_len
)
1048 res
= gnutls_ia_send(conn
->session
, (char *) in_data
, in_len
);
1050 #endif /* GNUTLS_IA */
1051 res
= gnutls_record_send(conn
->session
, in_data
, in_len
);
1053 wpa_printf(MSG_INFO
, "%s: Encryption failed: %s",
1054 __func__
, gnutls_strerror(res
));
1057 if (conn
->push_buf
== NULL
)
1059 if (conn
->push_buf_len
< out_len
)
1060 out_len
= conn
->push_buf_len
;
1061 os_memcpy(out_data
, conn
->push_buf
, out_len
);
1062 os_free(conn
->push_buf
);
1063 conn
->push_buf
= NULL
;
1064 conn
->push_buf_len
= 0;
1069 int tls_connection_decrypt(void *ssl_ctx
, struct tls_connection
*conn
,
1070 const u8
*in_data
, size_t in_len
,
1071 u8
*out_data
, size_t out_len
)
1075 if (conn
->pull_buf
) {
1076 wpa_printf(MSG_DEBUG
, "%s - %d bytes remaining in "
1077 "pull_buf", __func__
, conn
->pull_buf_len
);
1078 os_free(conn
->pull_buf
);
1080 conn
->pull_buf
= os_malloc(in_len
);
1081 if (conn
->pull_buf
== NULL
)
1083 os_memcpy(conn
->pull_buf
, in_data
, in_len
);
1084 conn
->pull_buf_offset
= conn
->pull_buf
;
1085 conn
->pull_buf_len
= in_len
;
1089 res
= gnutls_ia_recv(conn
->session
, (char *) out_data
,
1091 if (out_len
>= 12 &&
1092 (res
== GNUTLS_E_WARNING_IA_IPHF_RECEIVED
||
1093 res
== GNUTLS_E_WARNING_IA_FPHF_RECEIVED
)) {
1094 int final
= res
== GNUTLS_E_WARNING_IA_FPHF_RECEIVED
;
1095 wpa_printf(MSG_DEBUG
, "%s: Received %sPhaseFinished",
1096 __func__
, final
? "Final" : "Intermediate");
1098 res
= gnutls_ia_permute_inner_secret(
1099 conn
->session
, conn
->session_keys_len
,
1100 (char *) conn
->session_keys
);
1101 if (conn
->session_keys
) {
1102 os_memset(conn
->session_keys
, 0,
1103 conn
->session_keys_len
);
1104 os_free(conn
->session_keys
);
1106 conn
->session_keys
= NULL
;
1107 conn
->session_keys_len
= 0;
1109 wpa_printf(MSG_DEBUG
, "%s: Failed to permute "
1111 __func__
, gnutls_strerror(res
));
1115 res
= gnutls_ia_verify_endphase(conn
->session
,
1118 wpa_printf(MSG_DEBUG
, "%s: Correct endphase "
1119 "checksum", __func__
);
1121 wpa_printf(MSG_INFO
, "%s: Endphase "
1122 "verification failed: %s",
1123 __func__
, gnutls_strerror(res
));
1128 conn
->final_phase_finished
= 1;
1134 wpa_printf(MSG_DEBUG
, "%s - gnutls_ia_recv failed: %d "
1135 "(%s)", __func__
, res
,
1136 gnutls_strerror(res
));
1140 #endif /* GNUTLS_IA */
1142 res
= gnutls_record_recv(conn
->session
, out_data
, out_len
);
1144 wpa_printf(MSG_DEBUG
, "%s - gnutls_record_recv failed: %d "
1145 "(%s)", __func__
, res
, gnutls_strerror(res
));
1152 int tls_connection_resumed(void *ssl_ctx
, struct tls_connection
*conn
)
1156 return gnutls_session_is_resumed(conn
->session
);
1160 int tls_connection_set_cipher_list(void *tls_ctx
, struct tls_connection
*conn
,
1168 int tls_get_cipher(void *ssl_ctx
, struct tls_connection
*conn
,
1169 char *buf
, size_t buflen
)
1177 int tls_connection_enable_workaround(void *ssl_ctx
,
1178 struct tls_connection
*conn
)
1180 /* TODO: set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
1185 int tls_connection_client_hello_ext(void *ssl_ctx
, struct tls_connection
*conn
,
1186 int ext_type
, const u8
*data
,
1194 int tls_connection_get_failed(void *ssl_ctx
, struct tls_connection
*conn
)
1198 return conn
->failed
;
1202 int tls_connection_get_read_alerts(void *ssl_ctx
, struct tls_connection
*conn
)
1206 return conn
->read_alerts
;
1210 int tls_connection_get_write_alerts(void *ssl_ctx
, struct tls_connection
*conn
)
1214 return conn
->write_alerts
;
1218 int tls_connection_get_keyblock_size(void *tls_ctx
,
1219 struct tls_connection
*conn
)
1226 unsigned int tls_capabilities(void *tls_ctx
)
1228 unsigned int capa
= 0;
1231 capa
|= TLS_CAPABILITY_IA
;
1232 #endif /* GNUTLS_IA */
1238 int tls_connection_set_ia(void *tls_ctx
, struct tls_connection
*conn
,
1247 conn
->tls_ia
= tls_ia
;
1251 ret
= gnutls_ia_allocate_server_credentials(&conn
->iacred_srv
);
1253 wpa_printf(MSG_DEBUG
, "Failed to allocate IA credentials: %s",
1254 gnutls_strerror(ret
));
1258 ret
= gnutls_credentials_set(conn
->session
, GNUTLS_CRD_IA
,
1261 wpa_printf(MSG_DEBUG
, "Failed to configure IA credentials: %s",
1262 gnutls_strerror(ret
));
1263 gnutls_ia_free_server_credentials(conn
->iacred_srv
);
1264 conn
->iacred_srv
= NULL
;
1269 #else /* GNUTLS_IA */
1271 #endif /* GNUTLS_IA */
1275 int tls_connection_ia_send_phase_finished(void *tls_ctx
,
1276 struct tls_connection
*conn
,
1278 u8
*out_data
, size_t out_len
)
1283 if (conn
== NULL
|| conn
->session
== NULL
|| !conn
->tls_ia
)
1286 ret
= gnutls_ia_permute_inner_secret(conn
->session
,
1287 conn
->session_keys_len
,
1288 (char *) conn
->session_keys
);
1289 if (conn
->session_keys
) {
1290 os_memset(conn
->session_keys
, 0, conn
->session_keys_len
);
1291 os_free(conn
->session_keys
);
1293 conn
->session_keys
= NULL
;
1294 conn
->session_keys_len
= 0;
1296 wpa_printf(MSG_DEBUG
, "%s: Failed to permute inner secret: %s",
1297 __func__
, gnutls_strerror(ret
));
1301 ret
= gnutls_ia_endphase_send(conn
->session
, final
);
1303 wpa_printf(MSG_DEBUG
, "%s: Failed to send endphase: %s",
1304 __func__
, gnutls_strerror(ret
));
1308 if (conn
->push_buf
== NULL
)
1310 if (conn
->push_buf_len
< out_len
)
1311 out_len
= conn
->push_buf_len
;
1312 os_memcpy(out_data
, conn
->push_buf
, out_len
);
1313 os_free(conn
->push_buf
);
1314 conn
->push_buf
= NULL
;
1315 conn
->push_buf_len
= 0;
1317 #else /* GNUTLS_IA */
1319 #endif /* GNUTLS_IA */
1323 int tls_connection_ia_final_phase_finished(void *tls_ctx
,
1324 struct tls_connection
*conn
)
1329 return conn
->final_phase_finished
;
1333 int tls_connection_ia_permute_inner_secret(void *tls_ctx
,
1334 struct tls_connection
*conn
,
1335 const u8
*key
, size_t key_len
)
1338 if (conn
== NULL
|| !conn
->tls_ia
)
1341 if (conn
->session_keys
) {
1342 os_memset(conn
->session_keys
, 0, conn
->session_keys_len
);
1343 os_free(conn
->session_keys
);
1345 conn
->session_keys_len
= 0;
1348 conn
->session_keys
= os_malloc(key_len
);
1349 if (conn
->session_keys
== NULL
)
1351 os_memcpy(conn
->session_keys
, key
, key_len
);
1352 conn
->session_keys_len
= key_len
;
1354 conn
->session_keys
= NULL
;
1355 conn
->session_keys_len
= 0;
1359 #else /* GNUTLS_IA */
1361 #endif /* GNUTLS_IA */