2 * WPA Supplicant / TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file interface functions for hostapd/wpa_supplicant to use the
15 * integrated TLSv1 implementation.
22 #include "tlsv1_client.h"
25 static int tls_ref_count
= 0;
31 struct tls_connection
{
32 struct tlsv1_client
*client
;
36 void * tls_init(const struct tls_config
*conf
)
38 struct tls_global
*global
;
40 if (tls_ref_count
== 0) {
41 if (tlsv1_client_global_init())
46 global
= os_zalloc(sizeof(*global
));
53 void tls_deinit(void *ssl_ctx
)
55 struct tls_global
*global
= ssl_ctx
;
57 if (tls_ref_count
== 0) {
58 tlsv1_client_global_deinit();
64 int tls_get_errors(void *tls_ctx
)
70 struct tls_connection
* tls_connection_init(void *tls_ctx
)
72 struct tls_connection
*conn
;
74 conn
= os_zalloc(sizeof(*conn
));
78 conn
->client
= tlsv1_client_init();
79 if (conn
->client
== NULL
) {
88 void tls_connection_deinit(void *tls_ctx
, struct tls_connection
*conn
)
92 tlsv1_client_deinit(conn
->client
);
97 int tls_connection_established(void *tls_ctx
, struct tls_connection
*conn
)
99 return tlsv1_client_established(conn
->client
);
103 int tls_connection_shutdown(void *tls_ctx
, struct tls_connection
*conn
)
105 return tlsv1_client_shutdown(conn
->client
);
109 int tls_connection_set_params(void *tls_ctx
, struct tls_connection
*conn
,
110 const struct tls_connection_params
*params
)
112 if (tlsv1_client_set_ca_cert(conn
->client
, params
->ca_cert
,
113 params
->ca_cert_blob
,
114 params
->ca_cert_blob_len
,
116 wpa_printf(MSG_INFO
, "TLS: Failed to configure trusted CA "
121 if (tlsv1_client_set_client_cert(conn
->client
, params
->client_cert
,
122 params
->client_cert_blob
,
123 params
->client_cert_blob_len
)) {
124 wpa_printf(MSG_INFO
, "TLS: Failed to configure client "
129 if (tlsv1_client_set_private_key(conn
->client
,
131 params
->private_key_passwd
,
132 params
->private_key_blob
,
133 params
->private_key_blob_len
)) {
134 wpa_printf(MSG_INFO
, "TLS: Failed to load private key");
142 int tls_global_set_params(void *tls_ctx
,
143 const struct tls_connection_params
*params
)
145 wpa_printf(MSG_INFO
, "TLS: not implemented - %s", __func__
);
150 int tls_global_set_verify(void *tls_ctx
, int check_crl
)
152 wpa_printf(MSG_INFO
, "TLS: not implemented - %s", __func__
);
157 int tls_connection_set_verify(void *tls_ctx
, struct tls_connection
*conn
,
164 int tls_connection_set_ia(void *tls_ctx
, struct tls_connection
*conn
,
171 int tls_connection_get_keys(void *tls_ctx
, struct tls_connection
*conn
,
172 struct tls_keys
*keys
)
174 return tlsv1_client_get_keys(conn
->client
, keys
);
178 int tls_connection_prf(void *tls_ctx
, struct tls_connection
*conn
,
179 const char *label
, int server_random_first
,
180 u8
*out
, size_t out_len
)
182 return tlsv1_client_prf(conn
->client
, label
, server_random_first
,
187 u8
* tls_connection_handshake(void *tls_ctx
, struct tls_connection
*conn
,
188 const u8
*in_data
, size_t in_len
,
189 size_t *out_len
, u8
**appl_data
,
190 size_t *appl_data_len
)
195 wpa_printf(MSG_DEBUG
, "TLS: %s(in_data=%p in_len=%lu)",
196 __func__
, in_data
, (unsigned long) in_len
);
197 return tlsv1_client_handshake(conn
->client
, in_data
, in_len
, out_len
);
201 u8
* tls_connection_server_handshake(void *tls_ctx
,
202 struct tls_connection
*conn
,
203 const u8
*in_data
, size_t in_len
,
206 wpa_printf(MSG_INFO
, "TLS: not implemented - %s", __func__
);
211 int tls_connection_encrypt(void *tls_ctx
, struct tls_connection
*conn
,
212 const u8
*in_data
, size_t in_len
,
213 u8
*out_data
, size_t out_len
)
215 return tlsv1_client_encrypt(conn
->client
, in_data
, in_len
, out_data
,
220 int tls_connection_decrypt(void *tls_ctx
, struct tls_connection
*conn
,
221 const u8
*in_data
, size_t in_len
,
222 u8
*out_data
, size_t out_len
)
224 return tlsv1_client_decrypt(conn
->client
, in_data
, in_len
, out_data
,
229 int tls_connection_resumed(void *tls_ctx
, struct tls_connection
*conn
)
231 return tlsv1_client_resumed(conn
->client
);
235 int tls_connection_set_master_key(void *tls_ctx
, struct tls_connection
*conn
,
236 const u8
*key
, size_t key_len
)
238 return tlsv1_client_set_master_key(conn
->client
, key
, key_len
);
242 int tls_connection_set_cipher_list(void *tls_ctx
, struct tls_connection
*conn
,
245 return tlsv1_client_set_cipher_list(conn
->client
, ciphers
);
249 int tls_get_cipher(void *tls_ctx
, struct tls_connection
*conn
,
250 char *buf
, size_t buflen
)
254 return tlsv1_client_get_cipher(conn
->client
, buf
, buflen
);
258 int tls_connection_enable_workaround(void *tls_ctx
,
259 struct tls_connection
*conn
)
265 int tls_connection_client_hello_ext(void *tls_ctx
, struct tls_connection
*conn
,
266 int ext_type
, const u8
*data
,
269 return tlsv1_client_hello_ext(conn
->client
, ext_type
, data
, data_len
);
273 int tls_connection_get_failed(void *tls_ctx
, struct tls_connection
*conn
)
279 int tls_connection_get_read_alerts(void *tls_ctx
, struct tls_connection
*conn
)
285 int tls_connection_get_write_alerts(void *tls_ctx
,
286 struct tls_connection
*conn
)
292 int tls_connection_get_keyblock_size(void *tls_ctx
,
293 struct tls_connection
*conn
)
295 return tlsv1_client_get_keyblock_size(conn
->client
);
299 unsigned int tls_capabilities(void *tls_ctx
)
305 int tls_connection_ia_send_phase_finished(void *tls_ctx
,
306 struct tls_connection
*conn
,
308 u8
*out_data
, size_t out_len
)
314 int tls_connection_ia_final_phase_finished(void *tls_ctx
,
315 struct tls_connection
*conn
)
321 int tls_connection_ia_permute_inner_secret(void *tls_ctx
,
322 struct tls_connection
*conn
,
323 const u8
*key
, size_t key_len
)
