1 /* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the 9 * integrated TLSv1 implementation. 10 */ 11 12 #include "includes.h" 13 14 #include "common.h" 15 #include "tls.h" 16 #include "tls/tlsv1_client.h" 17 #include "tls/tlsv1_server.h" 18 19 20 static int tls_ref_count = 0; 21 22 struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; 26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; 31 }; 32 33 struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37 }; 38 39 tls_init(const struct tls_config * conf)40 void * tls_init(const struct tls_config *conf) 41 { 42 struct tls_global *global; 43 44 if (tls_ref_count == 0) { 45 #ifdef CONFIG_TLS_INTERNAL_CLIENT 46 if (tlsv1_client_global_init()) 47 return NULL; 48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49 #ifdef CONFIG_TLS_INTERNAL_SERVER 50 if (tlsv1_server_global_init()) 51 return NULL; 52 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; 59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } 64 65 return global; 66 } 67 tls_deinit(void * ssl_ctx)68 void tls_deinit(void *ssl_ctx) 69 { 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73 #ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76 #ifdef CONFIG_TLS_INTERNAL_SERVER 77 tlsv1_server_global_deinit(); 78 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } 80 #ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 83 os_free(global); 84 } 85 86 tls_get_errors(void * tls_ctx)87 int tls_get_errors(void *tls_ctx) 88 { 89 return 0; 90 } 91 92 tls_connection_init(void * tls_ctx)93 struct tls_connection * tls_connection_init(void *tls_ctx) 94 { 95 struct tls_connection *conn; 96 struct tls_global *global = tls_ctx; 97 98 conn = os_zalloc(sizeof(*conn)); 99 if (conn == NULL) 100 return NULL; 101 conn->global = global; 102 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } 110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); 112 } 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114 #ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; 120 } 121 } 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 123 124 return conn; 125 } 126 127 128 #ifdef CONFIG_TESTING_OPTIONS 129 #ifdef CONFIG_TLS_INTERNAL_SERVER tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131 { 132 if (conn->server) 133 tlsv1_server_set_test_flags(conn->server, flags); 134 } 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 136 #endif /* CONFIG_TESTING_OPTIONS */ 137 138 tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)139 void tls_connection_set_log_cb(struct tls_connection *conn, 140 void (*log_cb)(void *ctx, const char *msg), 141 void *ctx) 142 { 143 #ifdef CONFIG_TLS_INTERNAL_SERVER 144 if (conn->server) 145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 147 } 148 149 tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151 { 152 if (conn == NULL) 153 return; 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT 155 if (conn->client) 156 tlsv1_client_deinit(conn->client); 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158 #ifdef CONFIG_TLS_INTERNAL_SERVER 159 if (conn->server) 160 tlsv1_server_deinit(conn->server); 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 162 os_free(conn); 163 } 164 165 tls_connection_established(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167 { 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT 169 if (conn->client) 170 return tlsv1_client_established(conn->client); 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172 #ifdef CONFIG_TLS_INTERNAL_SERVER 173 if (conn->server) 174 return tlsv1_server_established(conn->server); 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 176 return 0; 177 } 178 179 tls_connection_peer_serial_num(void * tls_ctx,struct tls_connection * conn)180 char * tls_connection_peer_serial_num(void *tls_ctx, 181 struct tls_connection *conn) 182 { 183 /* TODO */ 184 return NULL; 185 } 186 187 tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 189 { 190 #ifdef CONFIG_TLS_INTERNAL_CLIENT 191 if (conn->client) 192 return tlsv1_client_shutdown(conn->client); 193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 194 #ifdef CONFIG_TLS_INTERNAL_SERVER 195 if (conn->server) 196 return tlsv1_server_shutdown(conn->server); 197 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 198 return -1; 199 } 200 201 tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 203 const struct tls_connection_params *params) 204 { 205 #ifdef CONFIG_TLS_INTERNAL_CLIENT 206 struct tlsv1_credentials *cred; 207 208 if (conn->client == NULL) 209 return -1; 210 211 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 212 wpa_printf(MSG_INFO, 213 "TLS: tls_ext_cert_check=1 not supported"); 214 return -1; 215 } 216 217 cred = tlsv1_cred_alloc(); 218 if (cred == NULL) 219 return -1; 220 221 if (params->subject_match) { 222 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 223 tlsv1_cred_free(cred); 224 return -1; 225 } 226 227 if (params->altsubject_match) { 228 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 229 tlsv1_cred_free(cred); 230 return -1; 231 } 232 233 if (params->suffix_match) { 234 wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 235 tlsv1_cred_free(cred); 236 return -1; 237 } 238 239 if (params->domain_match) { 240 wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 241 tlsv1_cred_free(cred); 242 return -1; 243 } 244 245 if (params->openssl_ciphers) { 246 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 247 tlsv1_cred_free(cred); 248 return -1; 249 } 250 251 if (params->openssl_ecdh_curves) { 252 wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported"); 253 tlsv1_cred_free(cred); 254 return -1; 255 } 256 257 if (tlsv1_set_ca_cert(cred, params->ca_cert, 258 params->ca_cert_blob, params->ca_cert_blob_len, 259 params->ca_path)) { 260 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 261 "certificates"); 262 tlsv1_cred_free(cred); 263 return -1; 264 } 265 266 if (tlsv1_set_cert(cred, params->client_cert, 267 params->client_cert_blob, 268 params->client_cert_blob_len)) { 269 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 270 "certificate"); 271 tlsv1_cred_free(cred); 272 return -1; 273 } 274 275 if (tlsv1_set_private_key(cred, params->private_key, 276 params->private_key_passwd, 277 params->private_key_blob, 278 params->private_key_blob_len)) { 279 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 280 tlsv1_cred_free(cred); 281 return -1; 282 } 283 284 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 285 tlsv1_cred_free(cred); 286 return -1; 287 } 288 289 tlsv1_client_set_flags(conn->client, params->flags); 290 291 return 0; 292 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 293 return -1; 294 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 295 } 296 297 tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)298 int tls_global_set_params(void *tls_ctx, 299 const struct tls_connection_params *params) 300 { 301 #ifdef CONFIG_TLS_INTERNAL_SERVER 302 struct tls_global *global = tls_ctx; 303 struct tlsv1_credentials *cred; 304 305 if (params->check_cert_subject) 306 return -1; /* not yet supported */ 307 308 /* Currently, global parameters are only set when running in server 309 * mode. */ 310 global->server = 1; 311 tlsv1_cred_free(global->server_cred); 312 global->server_cred = cred = tlsv1_cred_alloc(); 313 if (cred == NULL) 314 return -1; 315 316 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 317 params->ca_cert_blob_len, params->ca_path)) { 318 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 319 "certificates"); 320 return -1; 321 } 322 323 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 324 params->client_cert_blob_len)) { 325 wpa_printf(MSG_INFO, "TLS: Failed to configure server " 326 "certificate"); 327 return -1; 328 } 329 330 if (tlsv1_set_private_key(cred, params->private_key, 331 params->private_key_passwd, 332 params->private_key_blob, 333 params->private_key_blob_len)) { 334 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 335 return -1; 336 } 337 338 if (tlsv1_set_dhparams(cred, params->dh_file, NULL, 0)) { 339 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 340 return -1; 341 } 342 343 if (params->ocsp_stapling_response) 344 cred->ocsp_stapling_response = 345 os_strdup(params->ocsp_stapling_response); 346 if (params->ocsp_stapling_response_multi) 347 cred->ocsp_stapling_response_multi = 348 os_strdup(params->ocsp_stapling_response_multi); 349 350 return 0; 351 #else /* CONFIG_TLS_INTERNAL_SERVER */ 352 return -1; 353 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 354 } 355 356 tls_global_set_verify(void * tls_ctx,int check_crl,int strict)357 int tls_global_set_verify(void *tls_ctx, int check_crl, int strict) 358 { 359 struct tls_global *global = tls_ctx; 360 global->check_crl = check_crl; 361 return 0; 362 } 363 364 tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)365 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 366 int verify_peer, unsigned int flags, 367 const u8 *session_ctx, size_t session_ctx_len) 368 { 369 #ifdef CONFIG_TLS_INTERNAL_SERVER 370 if (conn->server) 371 return tlsv1_server_set_verify(conn->server, verify_peer); 372 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 373 return -1; 374 } 375 376 tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)377 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 378 struct tls_random *data) 379 { 380 #ifdef CONFIG_TLS_INTERNAL_CLIENT 381 if (conn->client) 382 return tlsv1_client_get_random(conn->client, data); 383 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 384 #ifdef CONFIG_TLS_INTERNAL_SERVER 385 if (conn->server) 386 return tlsv1_server_get_random(conn->server, data); 387 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 388 return -1; 389 } 390 391 tls_get_keyblock_size(struct tls_connection * conn)392 static int tls_get_keyblock_size(struct tls_connection *conn) 393 { 394 #ifdef CONFIG_TLS_INTERNAL_CLIENT 395 if (conn->client) 396 return tlsv1_client_get_keyblock_size(conn->client); 397 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 398 #ifdef CONFIG_TLS_INTERNAL_SERVER 399 if (conn->server) 400 return tlsv1_server_get_keyblock_size(conn->server); 401 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 402 return -1; 403 } 404 405 tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)406 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 407 const char *label, const u8 *context, 408 size_t context_len, int server_random_first, 409 int skip_keyblock, u8 *out, size_t out_len) 410 { 411 int ret = -1, skip = 0; 412 u8 *tmp_out = NULL; 413 u8 *_out = out; 414 415 if (skip_keyblock) { 416 skip = tls_get_keyblock_size(conn); 417 if (skip < 0) 418 return -1; 419 tmp_out = os_malloc(skip + out_len); 420 if (!tmp_out) 421 return -1; 422 _out = tmp_out; 423 } 424 425 #ifdef CONFIG_TLS_INTERNAL_CLIENT 426 if (conn->client) { 427 ret = tlsv1_client_prf(conn->client, label, context, 428 context_len, server_random_first, 429 _out, skip + out_len); 430 } 431 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 432 #ifdef CONFIG_TLS_INTERNAL_SERVER 433 if (conn->server) { 434 ret = tlsv1_server_prf(conn->server, label, context, 435 context_len, server_random_first, 436 _out, skip + out_len); 437 } 438 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 439 if (ret == 0 && skip_keyblock) 440 os_memcpy(out, _out + skip, out_len); 441 bin_clear_free(tmp_out, skip); 442 443 return ret; 444 } 445 446 tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)447 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 448 const char *label, const u8 *context, 449 size_t context_len, u8 *out, size_t out_len) 450 { 451 return tls_connection_prf(tls_ctx, conn, label, context, context_len, 452 0, 0, out, out_len); 453 } 454 455 tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)456 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 457 u8 *out, size_t out_len) 458 { 459 return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0, 460 1, 1, out, out_len); 461 } 462 463 tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)464 struct wpabuf * tls_connection_handshake(void *tls_ctx, 465 struct tls_connection *conn, 466 const struct wpabuf *in_data, 467 struct wpabuf **appl_data) 468 { 469 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 470 NULL); 471 } 472 473 tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)474 struct wpabuf * tls_connection_handshake2(void *tls_ctx, 475 struct tls_connection *conn, 476 const struct wpabuf *in_data, 477 struct wpabuf **appl_data, 478 int *need_more_data) 479 { 480 #ifdef CONFIG_TLS_INTERNAL_CLIENT 481 u8 *res, *ad; 482 size_t res_len, ad_len; 483 struct wpabuf *out; 484 485 if (conn->client == NULL) 486 return NULL; 487 488 ad = NULL; 489 res = tlsv1_client_handshake(conn->client, 490 in_data ? wpabuf_head(in_data) : NULL, 491 in_data ? wpabuf_len(in_data) : 0, 492 &res_len, &ad, &ad_len, need_more_data); 493 if (res == NULL) 494 return NULL; 495 out = wpabuf_alloc_ext_data(res, res_len); 496 if (out == NULL) { 497 os_free(res); 498 os_free(ad); 499 return NULL; 500 } 501 if (appl_data) { 502 if (ad) { 503 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 504 if (*appl_data == NULL) 505 os_free(ad); 506 } else 507 *appl_data = NULL; 508 } else 509 os_free(ad); 510 511 return out; 512 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 513 return NULL; 514 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 515 } 516 517 tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)518 struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 519 struct tls_connection *conn, 520 const struct wpabuf *in_data, 521 struct wpabuf **appl_data) 522 { 523 #ifdef CONFIG_TLS_INTERNAL_SERVER 524 u8 *res; 525 size_t res_len; 526 struct wpabuf *out; 527 528 if (conn->server == NULL) 529 return NULL; 530 531 if (appl_data) 532 *appl_data = NULL; 533 534 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 535 wpabuf_len(in_data), &res_len); 536 if (res == NULL && tlsv1_server_established(conn->server)) 537 return wpabuf_alloc(0); 538 if (res == NULL) 539 return NULL; 540 out = wpabuf_alloc_ext_data(res, res_len); 541 if (out == NULL) { 542 os_free(res); 543 return NULL; 544 } 545 546 return out; 547 #else /* CONFIG_TLS_INTERNAL_SERVER */ 548 return NULL; 549 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 550 } 551 552 tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)553 struct wpabuf * tls_connection_encrypt(void *tls_ctx, 554 struct tls_connection *conn, 555 const struct wpabuf *in_data) 556 { 557 #ifdef CONFIG_TLS_INTERNAL_CLIENT 558 if (conn->client) { 559 struct wpabuf *buf; 560 int res; 561 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 562 if (buf == NULL) 563 return NULL; 564 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 565 wpabuf_len(in_data), 566 wpabuf_mhead(buf), 567 wpabuf_size(buf)); 568 if (res < 0) { 569 wpabuf_free(buf); 570 return NULL; 571 } 572 wpabuf_put(buf, res); 573 return buf; 574 } 575 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 576 #ifdef CONFIG_TLS_INTERNAL_SERVER 577 if (conn->server) { 578 struct wpabuf *buf; 579 int res; 580 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 581 if (buf == NULL) 582 return NULL; 583 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 584 wpabuf_len(in_data), 585 wpabuf_mhead(buf), 586 wpabuf_size(buf)); 587 if (res < 0) { 588 wpabuf_free(buf); 589 return NULL; 590 } 591 wpabuf_put(buf, res); 592 return buf; 593 } 594 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 595 return NULL; 596 } 597 598 tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)599 struct wpabuf * tls_connection_decrypt(void *tls_ctx, 600 struct tls_connection *conn, 601 const struct wpabuf *in_data) 602 { 603 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 604 } 605 606 tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)607 struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 608 struct tls_connection *conn, 609 const struct wpabuf *in_data, 610 int *need_more_data) 611 { 612 if (need_more_data) 613 *need_more_data = 0; 614 615 #ifdef CONFIG_TLS_INTERNAL_CLIENT 616 if (conn->client) { 617 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 618 wpabuf_len(in_data), 619 need_more_data); 620 } 621 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 622 #ifdef CONFIG_TLS_INTERNAL_SERVER 623 if (conn->server) { 624 struct wpabuf *buf; 625 int res; 626 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 627 if (buf == NULL) 628 return NULL; 629 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 630 wpabuf_len(in_data), 631 wpabuf_mhead(buf), 632 wpabuf_size(buf)); 633 if (res < 0) { 634 wpabuf_free(buf); 635 return NULL; 636 } 637 wpabuf_put(buf, res); 638 return buf; 639 } 640 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 641 return NULL; 642 } 643 644 tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)645 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 646 { 647 #ifdef CONFIG_TLS_INTERNAL_CLIENT 648 if (conn->client) 649 return tlsv1_client_resumed(conn->client); 650 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 651 #ifdef CONFIG_TLS_INTERNAL_SERVER 652 if (conn->server) 653 return tlsv1_server_resumed(conn->server); 654 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 655 return -1; 656 } 657 658 tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)659 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 660 u8 *ciphers) 661 { 662 #ifdef CONFIG_TLS_INTERNAL_CLIENT 663 if (conn->client) 664 return tlsv1_client_set_cipher_list(conn->client, ciphers); 665 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 666 #ifdef CONFIG_TLS_INTERNAL_SERVER 667 if (conn->server) 668 return tlsv1_server_set_cipher_list(conn->server, ciphers); 669 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 670 return -1; 671 } 672 673 tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)674 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 675 char *buf, size_t buflen) 676 { 677 if (conn == NULL) 678 return -1; 679 #ifdef CONFIG_TLS_INTERNAL_CLIENT 680 if (conn->client) 681 return tlsv1_client_get_version(conn->client, buf, buflen); 682 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 683 return -1; 684 } 685 686 tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)687 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 688 char *buf, size_t buflen) 689 { 690 if (conn == NULL) 691 return -1; 692 #ifdef CONFIG_TLS_INTERNAL_CLIENT 693 if (conn->client) 694 return tlsv1_client_get_cipher(conn->client, buf, buflen); 695 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 696 #ifdef CONFIG_TLS_INTERNAL_SERVER 697 if (conn->server) 698 return tlsv1_server_get_cipher(conn->server, buf, buflen); 699 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 700 return -1; 701 } 702 703 tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)704 int tls_connection_enable_workaround(void *tls_ctx, 705 struct tls_connection *conn) 706 { 707 return -1; 708 } 709 710 tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)711 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 712 int ext_type, const u8 *data, 713 size_t data_len) 714 { 715 #ifdef CONFIG_TLS_INTERNAL_CLIENT 716 if (conn->client) { 717 return tlsv1_client_hello_ext(conn->client, ext_type, 718 data, data_len); 719 } 720 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 721 return -1; 722 } 723 724 tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)725 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 726 { 727 #ifdef CONFIG_TLS_INTERNAL_SERVER 728 if (conn->server) 729 return tlsv1_server_get_failed(conn->server); 730 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 731 return 0; 732 } 733 734 tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)735 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 736 { 737 #ifdef CONFIG_TLS_INTERNAL_SERVER 738 if (conn->server) 739 return tlsv1_server_get_read_alerts(conn->server); 740 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 741 return 0; 742 } 743 744 tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)745 int tls_connection_get_write_alerts(void *tls_ctx, 746 struct tls_connection *conn) 747 { 748 #ifdef CONFIG_TLS_INTERNAL_SERVER 749 if (conn->server) 750 return tlsv1_server_get_write_alerts(conn->server); 751 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 752 return 0; 753 } 754 755 tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)756 int tls_connection_set_session_ticket_cb(void *tls_ctx, 757 struct tls_connection *conn, 758 tls_session_ticket_cb cb, 759 void *ctx) 760 { 761 #ifdef CONFIG_TLS_INTERNAL_CLIENT 762 if (conn->client) { 763 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 764 return 0; 765 } 766 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 767 #ifdef CONFIG_TLS_INTERNAL_SERVER 768 if (conn->server) { 769 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 770 return 0; 771 } 772 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 773 return -1; 774 } 775 776 tls_get_library_version(char * buf,size_t buf_len)777 int tls_get_library_version(char *buf, size_t buf_len) 778 { 779 return os_snprintf(buf, buf_len, "internal"); 780 } 781 782 tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)783 void tls_connection_set_success_data(struct tls_connection *conn, 784 struct wpabuf *data) 785 { 786 wpabuf_free(data); 787 } 788 789 tls_connection_set_success_data_resumed(struct tls_connection * conn)790 void tls_connection_set_success_data_resumed(struct tls_connection *conn) 791 { 792 } 793 794 795 const struct wpabuf * tls_connection_get_success_data(struct tls_connection * conn)796 tls_connection_get_success_data(struct tls_connection *conn) 797 { 798 return NULL; 799 } 800 801 tls_connection_remove_session(struct tls_connection * conn)802 void tls_connection_remove_session(struct tls_connection *conn) 803 { 804 } 805