search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / wpa / src / crypto / tls_internal.c
blobdfd0db060b46533fb8191bb6a078b27437576fbc
1 /*
2 * WPA Supplicant / TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file interface functions for hostapd/wpa_supplicant to use the
15 * integrated TLSv1 implementation.
16 */
17
18 #include "includes.h"
19
20 #include "common.h"
21 #include "tls.h"
22 #include "tls/tlsv1_client.h"
23 #include "tls/tlsv1_server.h"
24
25
26 static int tls_ref_count = 0;
27
28 struct tls_global {
29 int server;
30 struct tlsv1_credentials *server_cred;
31 int check_crl;
32 };
33
34 struct tls_connection {
35 struct tlsv1_client *client;
36 struct tlsv1_server *server;
37 };
38
39
40 void * tls_init(const struct tls_config *conf)
41 {
42 struct tls_global *global;
43
44 if (tls_ref_count == 0) {
45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
46 if (tlsv1_client_global_init())
47 return NULL;
48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
49 #ifdef CONFIG_TLS_INTERNAL_SERVER
50 if (tlsv1_server_global_init())
51 return NULL;
52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
53 }
54 tls_ref_count++;
55
56 global = os_zalloc(sizeof(*global));
57 if (global == NULL)
58 return NULL;
59
60 return global;
61 }
62
63 void tls_deinit(void *ssl_ctx)
64 {
65 struct tls_global *global = ssl_ctx;
66 tls_ref_count--;
67 if (tls_ref_count == 0) {
68 #ifdef CONFIG_TLS_INTERNAL_CLIENT
69 tlsv1_client_global_deinit();
70 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
71 #ifdef CONFIG_TLS_INTERNAL_SERVER
72 tlsv1_cred_free(global->server_cred);
73 tlsv1_server_global_deinit();
74 #endif /* CONFIG_TLS_INTERNAL_SERVER */
75 }
76 os_free(global);
77 }
78
79
80 int tls_get_errors(void *tls_ctx)
81 {
82 return 0;
83 }
84
85
86 struct tls_connection * tls_connection_init(void *tls_ctx)
87 {
88 struct tls_connection *conn;
89 struct tls_global *global = tls_ctx;
90
91 conn = os_zalloc(sizeof(*conn));
92 if (conn == NULL)
93 return NULL;
94
95 #ifdef CONFIG_TLS_INTERNAL_CLIENT
96 if (!global->server) {
97 conn->client = tlsv1_client_init();
98 if (conn->client == NULL) {
99 os_free(conn);
100 return NULL;
101 }
102 }
103 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
104 #ifdef CONFIG_TLS_INTERNAL_SERVER
105 if (global->server) {
106 conn->server = tlsv1_server_init(global->server_cred);
107 if (conn->server == NULL) {
108 os_free(conn);
109 return NULL;
110 }
111 }
112 #endif /* CONFIG_TLS_INTERNAL_SERVER */
113
114 return conn;
115 }
116
117
118 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
119 {
120 if (conn == NULL)
121 return;
122 #ifdef CONFIG_TLS_INTERNAL_CLIENT
123 if (conn->client)
124 tlsv1_client_deinit(conn->client);
125 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
126 #ifdef CONFIG_TLS_INTERNAL_SERVER
127 if (conn->server)
128 tlsv1_server_deinit(conn->server);
129 #endif /* CONFIG_TLS_INTERNAL_SERVER */
130 os_free(conn);
131 }
132
133
134 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
135 {
136 #ifdef CONFIG_TLS_INTERNAL_CLIENT
137 if (conn->client)
138 return tlsv1_client_established(conn->client);
139 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
140 #ifdef CONFIG_TLS_INTERNAL_SERVER
141 if (conn->server)
142 return tlsv1_server_established(conn->server);
143 #endif /* CONFIG_TLS_INTERNAL_SERVER */
144 return 0;
145 }
146
147
148 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
149 {
150 #ifdef CONFIG_TLS_INTERNAL_CLIENT
151 if (conn->client)
152 return tlsv1_client_shutdown(conn->client);
153 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
154 #ifdef CONFIG_TLS_INTERNAL_SERVER
155 if (conn->server)
156 return tlsv1_server_shutdown(conn->server);
157 #endif /* CONFIG_TLS_INTERNAL_SERVER */
158 return -1;
159 }
160
161
162 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
163 const struct tls_connection_params *params)
164 {
165 #ifdef CONFIG_TLS_INTERNAL_CLIENT
166 struct tlsv1_credentials *cred;
167
168 if (conn->client == NULL)
169 return -1;
170
171 cred = tlsv1_cred_alloc();
172 if (cred == NULL)
173 return -1;
174
175 if (tlsv1_set_ca_cert(cred, params->ca_cert,
176 params->ca_cert_blob, params->ca_cert_blob_len,
177 params->ca_path)) {
178 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
179 "certificates");
180 tlsv1_cred_free(cred);
181 return -1;
182 }
183
184 if (tlsv1_set_cert(cred, params->client_cert,
185 params->client_cert_blob,
186 params->client_cert_blob_len)) {
187 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
188 "certificate");
189 tlsv1_cred_free(cred);
190 return -1;
191 }
192
193 if (tlsv1_set_private_key(cred, params->private_key,
194 params->private_key_passwd,
195 params->private_key_blob,
196 params->private_key_blob_len)) {
197 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
198 tlsv1_cred_free(cred);
199 return -1;
200 }
201
202 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
203 params->dh_blob_len)) {
204 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
205 tlsv1_cred_free(cred);
206 return -1;
207 }
208
209 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
210 tlsv1_cred_free(cred);
211 return -1;
212 }
213
214 return 0;
215 #else /* CONFIG_TLS_INTERNAL_CLIENT */
216 return -1;
217 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
218 }
219
220
221 int tls_global_set_params(void *tls_ctx,
222 const struct tls_connection_params *params)
223 {
224 #ifdef CONFIG_TLS_INTERNAL_SERVER
225 struct tls_global *global = tls_ctx;
226 struct tlsv1_credentials *cred;
227
228 /* Currently, global parameters are only set when running in server
229 * mode. */
230 global->server = 1;
231 tlsv1_cred_free(global->server_cred);
232 global->server_cred = cred = tlsv1_cred_alloc();
233 if (cred == NULL)
234 return -1;
235
236 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
237 params->ca_cert_blob_len, params->ca_path)) {
238 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
239 "certificates");
240 return -1;
241 }
242
243 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
244 params->client_cert_blob_len)) {
245 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
246 "certificate");
247 return -1;
248 }
249
250 if (tlsv1_set_private_key(cred, params->private_key,
251 params->private_key_passwd,
252 params->private_key_blob,
253 params->private_key_blob_len)) {
254 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
255 return -1;
256 }
257
258 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
259 params->dh_blob_len)) {
260 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
261 return -1;
262 }
263
264 return 0;
265 #else /* CONFIG_TLS_INTERNAL_SERVER */
266 return -1;
267 #endif /* CONFIG_TLS_INTERNAL_SERVER */
268 }
269
270
271 int tls_global_set_verify(void *tls_ctx, int check_crl)
272 {
273 struct tls_global *global = tls_ctx;
274 global->check_crl = check_crl;
275 return 0;
276 }
277
278
279 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
280 int verify_peer)
281 {
282 #ifdef CONFIG_TLS_INTERNAL_SERVER
283 if (conn->server)
284 return tlsv1_server_set_verify(conn->server, verify_peer);
285 #endif /* CONFIG_TLS_INTERNAL_SERVER */
286 return -1;
287 }
288
289
290 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
291 int tls_ia)
292 {
293 return -1;
294 }
295
296
297 int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
298 struct tls_keys *keys)
299 {
300 #ifdef CONFIG_TLS_INTERNAL_CLIENT
301 if (conn->client)
302 return tlsv1_client_get_keys(conn->client, keys);
303 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
304 #ifdef CONFIG_TLS_INTERNAL_SERVER
305 if (conn->server)
306 return tlsv1_server_get_keys(conn->server, keys);
307 #endif /* CONFIG_TLS_INTERNAL_SERVER */
308 return -1;
309 }
310
311
312 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
313 const char *label, int server_random_first,
314 u8 *out, size_t out_len)
315 {
316 #ifdef CONFIG_TLS_INTERNAL_CLIENT
317 if (conn->client) {
318 return tlsv1_client_prf(conn->client, label,
319 server_random_first,
320 out, out_len);
321 }
322 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
323 #ifdef CONFIG_TLS_INTERNAL_SERVER
324 if (conn->server) {
325 return tlsv1_server_prf(conn->server, label,
326 server_random_first,
327 out, out_len);
328 }
329 #endif /* CONFIG_TLS_INTERNAL_SERVER */
330 return -1;
331 }
332
333
334 u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
335 const u8 *in_data, size_t in_len,
336 size_t *out_len, u8 **appl_data,
337 size_t *appl_data_len)
338 {
339 #ifdef CONFIG_TLS_INTERNAL_CLIENT
340 if (conn->client == NULL)
341 return NULL;
342
343 if (appl_data)
344 *appl_data = NULL;
345
346 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
347 __func__, in_data, (unsigned long) in_len);
348 return tlsv1_client_handshake(conn->client, in_data, in_len, out_len,
349 appl_data, appl_data_len);
350 #else /* CONFIG_TLS_INTERNAL_CLIENT */
351 return NULL;
352 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
353 }
354
355
356 u8 * tls_connection_server_handshake(void *tls_ctx,
357 struct tls_connection *conn,
358 const u8 *in_data, size_t in_len,
359 size_t *out_len)
360 {
361 #ifdef CONFIG_TLS_INTERNAL_SERVER
362 u8 *out;
363 if (conn->server == NULL)
364 return NULL;
365
366 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
367 __func__, in_data, (unsigned long) in_len);
368 out = tlsv1_server_handshake(conn->server, in_data, in_len, out_len);
369 if (out == NULL && tlsv1_server_established(conn->server))
370 out = os_malloc(1);
371 return out;
372 #else /* CONFIG_TLS_INTERNAL_SERVER */
373 return NULL;
374 #endif /* CONFIG_TLS_INTERNAL_SERVER */
375 }
376
377
378 int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
379 const u8 *in_data, size_t in_len,
380 u8 *out_data, size_t out_len)
381 {
382 #ifdef CONFIG_TLS_INTERNAL_CLIENT
383 if (conn->client) {
384 return tlsv1_client_encrypt(conn->client, in_data, in_len,
385 out_data, out_len);
386 }
387 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
388 #ifdef CONFIG_TLS_INTERNAL_SERVER
389 if (conn->server) {
390 return tlsv1_server_encrypt(conn->server, in_data, in_len,
391 out_data, out_len);
392 }
393 #endif /* CONFIG_TLS_INTERNAL_SERVER */
394 return -1;
395 }
396
397
398 int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
399 const u8 *in_data, size_t in_len,
400 u8 *out_data, size_t out_len)
401 {
402 #ifdef CONFIG_TLS_INTERNAL_CLIENT
403 if (conn->client) {
404 return tlsv1_client_decrypt(conn->client, in_data, in_len,
405 out_data, out_len);
406 }
407 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
408 #ifdef CONFIG_TLS_INTERNAL_SERVER
409 if (conn->server) {
410 return tlsv1_server_decrypt(conn->server, in_data, in_len,
411 out_data, out_len);
412 }
413 #endif /* CONFIG_TLS_INTERNAL_SERVER */
414 return -1;
415 }
416
417
418 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
419 {
420 #ifdef CONFIG_TLS_INTERNAL_CLIENT
421 if (conn->client)
422 return tlsv1_client_resumed(conn->client);
423 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
424 #ifdef CONFIG_TLS_INTERNAL_SERVER
425 if (conn->server)
426 return tlsv1_server_resumed(conn->server);
427 #endif /* CONFIG_TLS_INTERNAL_SERVER */
428 return -1;
429 }
430
431
432 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
433 u8 *ciphers)
434 {
435 #ifdef CONFIG_TLS_INTERNAL_CLIENT
436 if (conn->client)
437 return tlsv1_client_set_cipher_list(conn->client, ciphers);
438 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
439 #ifdef CONFIG_TLS_INTERNAL_SERVER
440 if (conn->server)
441 return tlsv1_server_set_cipher_list(conn->server, ciphers);
442 #endif /* CONFIG_TLS_INTERNAL_SERVER */
443 return -1;
444 }
445
446
447 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
448 char *buf, size_t buflen)
449 {
450 if (conn == NULL)
451 return -1;
452 #ifdef CONFIG_TLS_INTERNAL_CLIENT
453 if (conn->client)
454 return tlsv1_client_get_cipher(conn->client, buf, buflen);
455 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
456 #ifdef CONFIG_TLS_INTERNAL_SERVER
457 if (conn->server)
458 return tlsv1_server_get_cipher(conn->server, buf, buflen);
459 #endif /* CONFIG_TLS_INTERNAL_SERVER */
460 return -1;
461 }
462
463
464 int tls_connection_enable_workaround(void *tls_ctx,
465 struct tls_connection *conn)
466 {
467 return -1;
468 }
469
470
471 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
472 int ext_type, const u8 *data,
473 size_t data_len)
474 {
475 #ifdef CONFIG_TLS_INTERNAL_CLIENT
476 if (conn->client) {
477 return tlsv1_client_hello_ext(conn->client, ext_type,
478 data, data_len);
479 }
480 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
481 return -1;
482 }
483
484
485 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
486 {
487 return 0;
488 }
489
490
491 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
492 {
493 return 0;
494 }
495
496
497 int tls_connection_get_write_alerts(void *tls_ctx,
498 struct tls_connection *conn)
499 {
500 return 0;
501 }
502
503
504 int tls_connection_get_keyblock_size(void *tls_ctx,
505 struct tls_connection *conn)
506 {
507 #ifdef CONFIG_TLS_INTERNAL_CLIENT
508 if (conn->client)
509 return tlsv1_client_get_keyblock_size(conn->client);
510 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
511 #ifdef CONFIG_TLS_INTERNAL_SERVER
512 if (conn->server)
513 return tlsv1_server_get_keyblock_size(conn->server);
514 #endif /* CONFIG_TLS_INTERNAL_SERVER */
515 return -1;
516 }
517
518
519 unsigned int tls_capabilities(void *tls_ctx)
520 {
521 return 0;
522 }
523
524
525 int tls_connection_ia_send_phase_finished(void *tls_ctx,
526 struct tls_connection *conn,
527 int final,
528 u8 *out_data, size_t out_len)
529 {
530 return -1;
531 }
532
533
534 int tls_connection_ia_final_phase_finished(void *tls_ctx,
535 struct tls_connection *conn)
536 {
537 return -1;
538 }
539
540
541 int tls_connection_ia_permute_inner_secret(void *tls_ctx,
542 struct tls_connection *conn,
543 const u8 *key, size_t key_len)
544 {
545 return -1;
546 }
547
548
549 int tls_connection_set_session_ticket_cb(void *tls_ctx,
550 struct tls_connection *conn,
551 tls_session_ticket_cb cb,
552 void *ctx)
553 {
554 #ifdef CONFIG_TLS_INTERNAL_CLIENT
555 if (conn->client) {
556 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
557 return 0;
558 }
559 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
560 #ifdef CONFIG_TLS_INTERNAL_SERVER
561 if (conn->server) {
562 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
563 return 0;
564 }
565 #endif /* CONFIG_TLS_INTERNAL_SERVER */
566 return -1;
567 }
NetBSD on the FriendlyARM MINI2440