Gitiles
Code Review Sign In
android-review.linaro.org / platform / external / wpa_supplicant / refs/tags/android-adt-0.9.9 / . / tls_internal.c
blob: a3858dd8a9c7613c4b3f3925704bd0585b34da6d [file] [log] [blame]
The Android Open Source Project845e0122009-03-03 19:31:34 -0800[diff] [blame]1/*
2 * WPA Supplicant / TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file interface functions for hostapd/wpa_supplicant to use the
15 * integrated TLSv1 implementation.
16 */
17
18#include "includes.h"
19
20#include "common.h"
21#include "tls.h"
22#include "tlsv1_client.h"
23
24
25static int tls_ref_count = 0;
26
27struct tls_global {
28 int dummy;
29};
30
31struct tls_connection {
32 struct tlsv1_client *client;
33};
34
35
36void * tls_init(const struct tls_config *conf)
37{
38 struct tls_global *global;
39
40 if (tls_ref_count == 0) {
41 if (tlsv1_client_global_init())
42 return NULL;
43 }
44 tls_ref_count++;
45
46 global = os_zalloc(sizeof(*global));
47 if (global == NULL)
48 return NULL;
49
50 return global;
51}
52
53void tls_deinit(void *ssl_ctx)
54{
55 struct tls_global *global = ssl_ctx;
56 tls_ref_count--;
57 if (tls_ref_count == 0) {
58 tlsv1_client_global_deinit();
59 }
60 os_free(global);
61}
62
63
64int tls_get_errors(void *tls_ctx)
65{
66 return 0;
67}
68
69
70struct tls_connection * tls_connection_init(void *tls_ctx)
71{
72 struct tls_connection *conn;
73
74 conn = os_zalloc(sizeof(*conn));
75 if (conn == NULL)
76 return NULL;
77
78 conn->client = tlsv1_client_init();
79 if (conn->client == NULL) {
80 os_free(conn);
81 return NULL;
82 }
83
84 return conn;
85}
86
87
88void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
89{
90 if (conn == NULL)
91 return;
92 tlsv1_client_deinit(conn->client);
93 os_free(conn);
94}
95
96
97int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
98{
99 return tlsv1_client_established(conn->client);
100}
101
102
103int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
104{
105 return tlsv1_client_shutdown(conn->client);
106}
107
108
109int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
110 const struct tls_connection_params *params)
111{
112 if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert,
113 params->ca_cert_blob,
114 params->ca_cert_blob_len,
115 params->ca_path)) {
116 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
117 "certificates");
118 return -1;
119 }
120
121 if (tlsv1_client_set_client_cert(conn->client, params->client_cert,
122 params->client_cert_blob,
123 params->client_cert_blob_len)) {
124 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
125 "certificate");
126 return -1;
127 }
128
129 if (tlsv1_client_set_private_key(conn->client,
130 params->private_key,
131 params->private_key_passwd,
132 params->private_key_blob,
133 params->private_key_blob_len)) {
134 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
135 return -1;
136 }
137
138 return 0;
139}
140
141
142int tls_global_set_params(void *tls_ctx,
143 const struct tls_connection_params *params)
144{
145 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
146 return -1;
147}
148
149
150int tls_global_set_verify(void *tls_ctx, int check_crl)
151{
152 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
153 return -1;
154}
155
156
157int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
158 int verify_peer)
159{
160 return -1;
161}
162
163
164int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
165 int tls_ia)
166{
167 return -1;
168}
169
170
171int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
172 struct tls_keys *keys)
173{
174 return tlsv1_client_get_keys(conn->client, keys);
175}
176
177
178int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
179 const char *label, int server_random_first,
180 u8 *out, size_t out_len)
181{
182 return tlsv1_client_prf(conn->client, label, server_random_first,
183 out, out_len);
184}
185
186
187u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
188 const u8 *in_data, size_t in_len,
189 size_t *out_len, u8 **appl_data,
190 size_t *appl_data_len)
191{
192 if (appl_data)
193 *appl_data = NULL;
194
195 wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
196 __func__, in_data, (unsigned long) in_len);
197 return tlsv1_client_handshake(conn->client, in_data, in_len, out_len);
198}
199
200
201u8 * tls_connection_server_handshake(void *tls_ctx,
202 struct tls_connection *conn,
203 const u8 *in_data, size_t in_len,
204 size_t *out_len)
205{
206 wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
207 return NULL;
208}
209
210
211int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
212 const u8 *in_data, size_t in_len,
213 u8 *out_data, size_t out_len)
214{
215 return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data,
216 out_len);
217}
218
219
220int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
221 const u8 *in_data, size_t in_len,
222 u8 *out_data, size_t out_len)
223{
224 return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data,
225 out_len);
226}
227
228
229int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
230{
231 return tlsv1_client_resumed(conn->client);
232}
233
234
235int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
236 const u8 *key, size_t key_len)
237{
238 return tlsv1_client_set_master_key(conn->client, key, key_len);
239}
240
241
242int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
243 u8 *ciphers)
244{
245 return tlsv1_client_set_cipher_list(conn->client, ciphers);
246}
247
248
249int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
250 char *buf, size_t buflen)
251{
252 if (conn == NULL)
253 return -1;
254 return tlsv1_client_get_cipher(conn->client, buf, buflen);
255}
256
257
258int tls_connection_enable_workaround(void *tls_ctx,
259 struct tls_connection *conn)
260{
261 return -1;
262}
263
264
265int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
266 int ext_type, const u8 *data,
267 size_t data_len)
268{
269 return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len);
270}
271
272
273int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
274{
275 return 0;
276}
277
278
279int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
280{
281 return 0;
282}
283
284
285int tls_connection_get_write_alerts(void *tls_ctx,
286 struct tls_connection *conn)
287{
288 return 0;
289}
290
291
292int tls_connection_get_keyblock_size(void *tls_ctx,
293 struct tls_connection *conn)
294{
295 return tlsv1_client_get_keyblock_size(conn->client);
296}
297
298
299unsigned int tls_capabilities(void *tls_ctx)
300{
301 return 0;
302}
303
304
305int tls_connection_ia_send_phase_finished(void *tls_ctx,
306 struct tls_connection *conn,
307 int final,
308 u8 *out_data, size_t out_len)
309{
310 return -1;
311}
312
313
314int tls_connection_ia_final_phase_finished(void *tls_ctx,
315 struct tls_connection *conn)
316{
317 return -1;
318}
319
320
321int tls_connection_ia_permute_inner_secret(void *tls_ctx,
322 struct tls_connection *conn,
323 const u8 *key, size_t key_len)
324{
325 return -1;
326}