2 * WPA Supplicant / SSL/TLS interface functions for openssl
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #include <gnutls/gnutls.h>
17 #include <gnutls/x509.h>
19 #include <gnutls/pkcs12.h>
20 #endif /* PKCS12_FUNCS */
22 #ifdef CONFIG_GNUTLS_EXTRA
23 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
25 #include <gnutls/extra.h>
26 #if LIBGNUTLS_VERSION_NUMBER == 0x010302
27 /* This function is not included in the current gnutls/extra.h even though it
28 * should be, so define it here as a workaround for the time being. */
29 int gnutls_ia_verify_endphase(gnutls_session_t session, char *checksum);
30 #endif /* LIBGNUTLS_VERSION_NUMBER == 0x010302 */
31 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
32 #endif /* CONFIG_GNUTLS_EXTRA */
38 #ifndef TLS_RANDOM_SIZE
39 #define TLS_RANDOM_SIZE 32
41 #ifndef TLS_MASTER_SIZE
42 #define TLS_MASTER_SIZE 48
46 #if LIBGNUTLS_VERSION_NUMBER < 0x010302
47 /* GnuTLS 1.3.2 added functions for using master secret. Older versions require
48 * use of internal structures to get the master_secret and
49 * {server,client}_random.
51 #define GNUTLS_INTERNAL_STRUCTURE_HACK
52 #endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
55 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
57 * It looks like gnutls does not provide access to client/server_random and
58 * master_key. This is somewhat unfortunate since these are needed for key
59 * derivation in EAP-{TLS,TTLS,PEAP,FAST}. Workaround for now is a horrible
60 * hack that copies the gnutls_session_int definition from gnutls_int.h so that
61 * we can get the needed information.
65 typedef unsigned char opaque;
71 gnutls_connection_end_t entity;
72 gnutls_kx_algorithm_t kx_algorithm;
73 gnutls_cipher_algorithm_t read_bulk_cipher_algorithm;
74 gnutls_mac_algorithm_t read_mac_algorithm;
75 gnutls_compression_method_t read_compression_algorithm;
76 gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
77 gnutls_mac_algorithm_t write_mac_algorithm;
78 gnutls_compression_method_t write_compression_algorithm;
79 cipher_suite_st current_cipher_suite;
80 opaque master_secret[TLS_MASTER_SIZE];
81 opaque client_random[TLS_RANDOM_SIZE];
82 opaque server_random[TLS_RANDOM_SIZE];
83 /* followed by stuff we are not interested in */
84 } security_parameters_st;
86 struct gnutls_session_int {
87 security_parameters_st security_parameters;
88 /* followed by things we are not interested in */
90 #endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
92 static int tls_gnutls_ref_count = 0;
95 /* Data for session resumption */
97 size_t session_data_size;
102 gnutls_certificate_credentials_t xcred;
105 struct tls_connection {
106 gnutls_session session;
107 char *subject_match, *altsubject_match;
108 int read_alerts, write_alerts, failed;
110 u8 *pre_shared_secret;
111 size_t pre_shared_secret_len;
115 u8 *push_buf, *pull_buf, *pull_buf_offset;
116 size_t push_buf_len, pull_buf_len;
119 gnutls_certificate_credentials_t xcred;
122 int final_phase_finished;
125 gnutls_ia_server_credentials_t iacred_srv;
126 gnutls_ia_client_credentials_t iacred_cli;
128 /* Session keys generated in the current phase for inner secret
129 * permutation before generating/verifying PhaseFinished. */
131 size_t session_keys_len;
133 u8 inner_secret[TLS_MASTER_SIZE];
134 #endif /* GNUTLS_IA */
138 static void tls_log_func(int level, const char *msg)
141 if (level == 6 || level == 7) {
142 /* These levels seem to be mostly I/O debug and msg dumps */
151 while (*pos != '\0') {
158 wpa_printf(level > 3 ? MSG_MSGDUMP : MSG_DEBUG,
159 "gnutls<%d> %s", level, s);
164 extern int wpa_debug_show_keys;
166 void * tls_init(const struct tls_config *conf)
168 struct tls_global *global;
170 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
171 /* Because of the horrible hack to get master_secret and client/server
172 * random, we need to make sure that the gnutls version is something
173 * that is expected to have same structure definition for the session
176 const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9",
180 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
182 global = os_zalloc(sizeof(*global));
186 if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
190 tls_gnutls_ref_count++;
192 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
193 ver = gnutls_check_version(NULL);
198 wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
199 for (i = 0; ok_ver[i]; i++) {
200 if (strcmp(ok_ver[i], ver) == 0)
203 if (ok_ver[i] == NULL) {
204 wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
205 "to be tested and enabled in tls_gnutls.c", ver);
209 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
211 gnutls_global_set_log_function(tls_log_func);
212 if (wpa_debug_show_keys)
213 gnutls_global_set_log_level(11);
218 void tls_deinit(void *ssl_ctx)
220 struct tls_global *global = ssl_ctx;
222 if (global->params_set)
223 gnutls_certificate_free_credentials(global->xcred);
224 os_free(global->session_data);
228 tls_gnutls_ref_count--;
229 if (tls_gnutls_ref_count == 0)
230 gnutls_global_deinit();
234 int tls_get_errors(void *ssl_ctx)
240 static ssize_t tls_pull_func(gnutls_transport_ptr ptr, void *buf,
243 struct tls_connection *conn = (struct tls_connection *) ptr;
245 if (conn->pull_buf == NULL) {
250 end = conn->pull_buf + conn->pull_buf_len;
251 if ((size_t) (end - conn->pull_buf_offset) < len)
252 len = end - conn->pull_buf_offset;
253 os_memcpy(buf, conn->pull_buf_offset, len);
254 conn->pull_buf_offset += len;
255 if (conn->pull_buf_offset == end) {
256 wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__);
257 os_free(conn->pull_buf);
258 conn->pull_buf = conn->pull_buf_offset = NULL;
259 conn->pull_buf_len = 0;
261 wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in pull_buf",
263 (unsigned long) (end - conn->pull_buf_offset));
269 static ssize_t tls_push_func(gnutls_transport_ptr ptr, const void *buf,
272 struct tls_connection *conn = (struct tls_connection *) ptr;
275 nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len);
280 os_memcpy(nbuf + conn->push_buf_len, buf, len);
281 conn->push_buf = nbuf;
282 conn->push_buf_len += len;
288 static int tls_gnutls_init_session(struct tls_global *global,
289 struct tls_connection *conn)
291 const int cert_types[2] = { GNUTLS_CRT_X509, 0 };
292 const int protos[2] = { GNUTLS_TLS1, 0 };
295 ret = gnutls_init(&conn->session,
296 global->server ? GNUTLS_SERVER : GNUTLS_CLIENT);
298 wpa_printf(MSG_INFO, "TLS: Failed to initialize new TLS "
299 "connection: %s", gnutls_strerror(ret));
303 ret = gnutls_set_default_priority(conn->session);
307 ret = gnutls_certificate_type_set_priority(conn->session, cert_types);
311 ret = gnutls_protocol_set_priority(conn->session, protos);
315 gnutls_transport_set_pull_function(conn->session, tls_pull_func);
316 gnutls_transport_set_push_function(conn->session, tls_push_func);
317 gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);
322 wpa_printf(MSG_INFO, "TLS: Failed to setup new TLS connection: %s",
323 gnutls_strerror(ret));
324 gnutls_deinit(conn->session);
329 struct tls_connection * tls_connection_init(void *ssl_ctx)
331 struct tls_global *global = ssl_ctx;
332 struct tls_connection *conn;
335 conn = os_zalloc(sizeof(*conn));
339 if (tls_gnutls_init_session(global, conn)) {
344 if (global->params_set) {
345 ret = gnutls_credentials_set(conn->session,
346 GNUTLS_CRD_CERTIFICATE,
349 wpa_printf(MSG_INFO, "Failed to configure "
350 "credentials: %s", gnutls_strerror(ret));
356 if (gnutls_certificate_allocate_credentials(&conn->xcred)) {
365 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
371 if (conn->iacred_srv)
372 gnutls_ia_free_server_credentials(conn->iacred_srv);
373 if (conn->iacred_cli)
374 gnutls_ia_free_client_credentials(conn->iacred_cli);
375 if (conn->session_keys) {
376 os_memset(conn->session_keys, 0, conn->session_keys_len);
377 os_free(conn->session_keys);
379 #endif /* GNUTLS_IA */
381 gnutls_certificate_free_credentials(conn->xcred);
382 gnutls_deinit(conn->session);
383 os_free(conn->pre_shared_secret);
384 os_free(conn->subject_match);
385 os_free(conn->altsubject_match);
386 os_free(conn->push_buf);
387 os_free(conn->pull_buf);
392 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
394 return conn ? conn->established : 0;
398 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
400 struct tls_global *global = ssl_ctx;
406 /* Shutdown previous TLS connection without notifying the peer
407 * because the connection was already terminated in practice
408 * and "close notify" shutdown alert would confuse AS. */
409 gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
410 os_free(conn->push_buf);
411 conn->push_buf = NULL;
412 conn->push_buf_len = 0;
413 conn->established = 0;
414 conn->final_phase_finished = 0;
416 if (conn->session_keys) {
417 os_memset(conn->session_keys, 0, conn->session_keys_len);
418 os_free(conn->session_keys);
420 conn->session_keys_len = 0;
421 #endif /* GNUTLS_IA */
423 gnutls_deinit(conn->session);
424 if (tls_gnutls_init_session(global, conn)) {
425 wpa_printf(MSG_INFO, "GnuTLS: Failed to preparare new session "
426 "for session resumption use");
430 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
431 conn->params_set ? conn->xcred :
434 wpa_printf(MSG_INFO, "GnuTLS: Failed to configure credentials "
435 "for session resumption: %s", gnutls_strerror(ret));
439 if (global->session_data) {
440 ret = gnutls_session_set_data(conn->session,
441 global->session_data,
442 global->session_data_size);
444 wpa_printf(MSG_INFO, "GnuTLS: Failed to set session "
445 "data: %s", gnutls_strerror(ret));
455 static int tls_match_altsubject(X509 *cert, const char *match)
463 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
465 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
466 gen = sk_GENERAL_NAME_value(ext, i);
479 wpa_printf(MSG_DEBUG, "TLS: altSubjectName: "
480 "unsupported type=%d", gen->type);
487 wpa_printf(MSG_DEBUG, "TLS: altSubjectName: %s:%s",
488 field, gen->d.ia5->data);
489 len = os_strlen(field) + 1 +
490 strlen((char *) gen->d.ia5->data) + 1;
491 tmp = os_malloc(len);
494 snprintf(tmp, len, "%s:%s", field, gen->d.ia5->data);
495 if (strstr(tmp, match))
506 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
512 struct tls_connection *conn;
513 char *match, *altmatch;
515 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
516 err = X509_STORE_CTX_get_error(x509_ctx);
517 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
518 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
519 SSL_get_ex_data_X509_STORE_CTX_idx());
520 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
522 conn = SSL_get_app_data(ssl);
523 match = conn ? conn->subject_match : NULL;
524 altmatch = conn ? conn->altsubject_match : NULL;
527 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
528 " error %d (%s) depth %d for '%s'", err,
529 X509_verify_cert_error_string(err), depth, buf);
531 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - "
532 "preverify_ok=%d err=%d (%s) depth=%d buf='%s'",
534 X509_verify_cert_error_string(err), depth, buf);
535 if (depth == 0 && match && strstr(buf, match) == NULL) {
536 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
537 "match with '%s'", buf, match);
539 } else if (depth == 0 && altmatch &&
540 !tls_match_altsubject(err_cert, altmatch)) {
541 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
542 "'%s' not found", altmatch);
552 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
553 const struct tls_connection_params *params)
557 if (conn == NULL || params == NULL)
560 os_free(conn->subject_match);
561 conn->subject_match = NULL;
562 if (params->subject_match) {
563 conn->subject_match = os_strdup(params->subject_match);
564 if (conn->subject_match == NULL)
568 os_free(conn->altsubject_match);
569 conn->altsubject_match = NULL;
570 if (params->altsubject_match) {
571 conn->altsubject_match = os_strdup(params->altsubject_match);
572 if (conn->altsubject_match == NULL)
576 /* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
577 * to force peer validation(?) */
579 if (params->ca_cert) {
580 conn->verify_peer = 1;
581 ret = gnutls_certificate_set_x509_trust_file(
582 conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
584 wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' "
585 "in PEM format: %s", params->ca_cert,
586 gnutls_strerror(ret));
587 ret = gnutls_certificate_set_x509_trust_file(
588 conn->xcred, params->ca_cert,
589 GNUTLS_X509_FMT_DER);
591 wpa_printf(MSG_DEBUG, "Failed to read CA cert "
592 "'%s' in DER format: %s",
594 gnutls_strerror(ret));
600 if (params->client_cert && params->private_key) {
601 /* TODO: private_key_passwd? */
602 ret = gnutls_certificate_set_x509_key_file(
603 conn->xcred, params->client_cert, params->private_key,
604 GNUTLS_X509_FMT_PEM);
606 wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
607 "in PEM format: %s", gnutls_strerror(ret));
608 ret = gnutls_certificate_set_x509_key_file(
609 conn->xcred, params->client_cert,
610 params->private_key, GNUTLS_X509_FMT_DER);
612 wpa_printf(MSG_DEBUG, "Failed to read client "
613 "cert/key in DER format: %s",
614 gnutls_strerror(ret));
618 } else if (params->private_key) {
621 /* Try to load in PKCS#12 format */
622 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
623 ret = gnutls_certificate_set_x509_simple_pkcs12_file(
624 conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
625 params->private_key_passwd);
627 wpa_printf(MSG_DEBUG, "Failed to load private_key in "
628 "PKCS#12 format: %s", gnutls_strerror(ret));
632 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
633 #endif /* PKCS12_FUNCS */
636 wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not "
642 conn->tls_ia = params->tls_ia;
643 conn->params_set = 1;
645 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
648 wpa_printf(MSG_INFO, "Failed to configure credentials: %s",
649 gnutls_strerror(ret));
653 if (conn->iacred_cli)
654 gnutls_ia_free_client_credentials(conn->iacred_cli);
656 ret = gnutls_ia_allocate_client_credentials(&conn->iacred_cli);
658 wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s",
659 gnutls_strerror(ret));
663 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
666 wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s",
667 gnutls_strerror(ret));
668 gnutls_ia_free_client_credentials(conn->iacred_cli);
669 conn->iacred_cli = NULL;
672 #endif /* GNUTLS_IE */
678 int tls_global_set_params(void *tls_ctx,
679 const struct tls_connection_params *params)
681 struct tls_global *global = tls_ctx;
684 /* Currently, global parameters are only set when running in server
688 if (global->params_set) {
689 gnutls_certificate_free_credentials(global->xcred);
690 global->params_set = 0;
693 ret = gnutls_certificate_allocate_credentials(&global->xcred);
695 wpa_printf(MSG_DEBUG, "Failed to allocate global credentials "
696 "%s", gnutls_strerror(ret));
700 if (params->ca_cert) {
701 ret = gnutls_certificate_set_x509_trust_file(
702 global->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
704 wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' "
705 "in PEM format: %s", params->ca_cert,
706 gnutls_strerror(ret));
707 ret = gnutls_certificate_set_x509_trust_file(
708 global->xcred, params->ca_cert,
709 GNUTLS_X509_FMT_DER);
711 wpa_printf(MSG_DEBUG, "Failed to read CA cert "
712 "'%s' in DER format: %s",
714 gnutls_strerror(ret));
720 if (params->client_cert && params->private_key) {
721 /* TODO: private_key_passwd? */
722 ret = gnutls_certificate_set_x509_key_file(
723 global->xcred, params->client_cert,
724 params->private_key, GNUTLS_X509_FMT_PEM);
726 wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
727 "in PEM format: %s", gnutls_strerror(ret));
728 ret = gnutls_certificate_set_x509_key_file(
729 global->xcred, params->client_cert,
730 params->private_key, GNUTLS_X509_FMT_DER);
732 wpa_printf(MSG_DEBUG, "Failed to read client "
733 "cert/key in DER format: %s",
734 gnutls_strerror(ret));
738 } else if (params->private_key) {
741 /* Try to load in PKCS#12 format */
742 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
743 ret = gnutls_certificate_set_x509_simple_pkcs12_file(
744 global->xcred, params->private_key,
745 GNUTLS_X509_FMT_DER, params->private_key_passwd);
747 wpa_printf(MSG_DEBUG, "Failed to load private_key in "
748 "PKCS#12 format: %s", gnutls_strerror(ret));
752 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
753 #endif /* PKCS12_FUNCS */
756 wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not "
762 global->params_set = 1;
767 gnutls_certificate_free_credentials(global->xcred);
772 int tls_global_set_verify(void *ssl_ctx, int check_crl)
779 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
782 if (conn == NULL || conn->session == NULL)
785 conn->verify_peer = verify_peer;
786 gnutls_certificate_server_set_request(conn->session,
787 verify_peer ? GNUTLS_CERT_REQUIRE
788 : GNUTLS_CERT_REQUEST);
794 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
795 struct tls_keys *keys)
797 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
798 security_parameters_st *sec;
799 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
801 if (conn == NULL || conn->session == NULL || keys == NULL)
804 os_memset(keys, 0, sizeof(*keys));
806 #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
807 sec = &conn->session->security_parameters;
808 keys->master_key = sec->master_secret;
809 keys->master_key_len = TLS_MASTER_SIZE;
810 keys->client_random = sec->client_random;
811 keys->server_random = sec->server_random;
812 #else /* GNUTLS_INTERNAL_STRUCTURE_HACK */
813 keys->client_random =
814 (u8 *) gnutls_session_get_client_random(conn->session);
815 keys->server_random =
816 (u8 *) gnutls_session_get_server_random(conn->session);
817 /* No access to master_secret */
818 #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
821 gnutls_ia_extract_inner_secret(conn->session,
822 (char *) conn->inner_secret);
823 keys->inner_secret = conn->inner_secret;
824 keys->inner_secret_len = TLS_MASTER_SIZE;
825 #endif /* GNUTLS_IA */
827 keys->client_random_len = TLS_RANDOM_SIZE;
828 keys->server_random_len = TLS_RANDOM_SIZE;
834 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
835 const char *label, int server_random_first,
836 u8 *out, size_t out_len)
838 #if LIBGNUTLS_VERSION_NUMBER >= 0x010302
839 if (conn == NULL || conn->session == NULL)
842 return gnutls_prf(conn->session, os_strlen(label), label,
843 server_random_first, 0, NULL, out_len, (char *) out);
844 #else /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
846 #endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
850 static int tls_connection_verify_peer(struct tls_connection *conn)
852 unsigned int status, num_certs, i;
854 const gnutls_datum_t *certs;
855 gnutls_x509_crt_t cert;
857 if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) {
858 wpa_printf(MSG_INFO, "TLS: Failed to verify peer "
859 "certificate chain");
863 if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
864 wpa_printf(MSG_INFO, "TLS: Peer certificate not trusted");
868 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
869 wpa_printf(MSG_INFO, "TLS: Peer certificate does not have a "
874 if (status & GNUTLS_CERT_REVOKED) {
875 wpa_printf(MSG_INFO, "TLS: Peer certificate has been revoked");
881 certs = gnutls_certificate_get_peers(conn->session, &num_certs);
883 wpa_printf(MSG_INFO, "TLS: No peer certificate chain "
888 for (i = 0; i < num_certs; i++) {
891 if (gnutls_x509_crt_init(&cert) < 0) {
892 wpa_printf(MSG_INFO, "TLS: Certificate initialization "
897 if (gnutls_x509_crt_import(cert, &certs[i],
898 GNUTLS_X509_FMT_DER) < 0) {
899 wpa_printf(MSG_INFO, "TLS: Could not parse peer "
900 "certificate %d/%d", i + 1, num_certs);
901 gnutls_x509_crt_deinit(cert);
905 gnutls_x509_crt_get_dn(cert, NULL, &len);
907 buf = os_malloc(len + 1);
909 buf[0] = buf[len] = '\0';
910 gnutls_x509_crt_get_dn(cert, buf, &len);
912 wpa_printf(MSG_DEBUG, "TLS: Peer cert chain %d/%d: %s",
913 i + 1, num_certs, buf);
916 /* TODO: validate subject_match and altsubject_match */
921 if (gnutls_x509_crt_get_expiration_time(cert) < now.sec ||
922 gnutls_x509_crt_get_activation_time(cert) > now.sec) {
923 wpa_printf(MSG_INFO, "TLS: Peer certificate %d/%d is "
924 "not valid at this time",
926 gnutls_x509_crt_deinit(cert);
930 gnutls_x509_crt_deinit(cert);
937 u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
938 const u8 *in_data, size_t in_len,
939 size_t *out_len, u8 **appl_data,
940 size_t *appl_data_len)
942 struct tls_global *global = ssl_ctx;
949 if (in_data && in_len) {
950 if (conn->pull_buf) {
951 wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in "
952 "pull_buf", __func__,
953 (unsigned long) conn->pull_buf_len);
954 os_free(conn->pull_buf);
956 conn->pull_buf = os_malloc(in_len);
957 if (conn->pull_buf == NULL)
959 os_memcpy(conn->pull_buf, in_data, in_len);
960 conn->pull_buf_offset = conn->pull_buf;
961 conn->pull_buf_len = in_len;
964 ret = gnutls_handshake(conn->session);
968 if (global->server && conn->established &&
969 conn->push_buf == NULL) {
970 /* Need to return something to trigger
971 * completion of EAP-TLS. */
972 conn->push_buf = os_malloc(1);
975 case GNUTLS_E_FATAL_ALERT_RECEIVED:
976 wpa_printf(MSG_DEBUG, "%s - received fatal '%s' alert",
977 __func__, gnutls_alert_get_name(
978 gnutls_alert_get(conn->session)));
982 wpa_printf(MSG_DEBUG, "%s - gnutls_handshake failed "
983 "-> %s", __func__, gnutls_strerror(ret));
989 if (conn->verify_peer && tls_connection_verify_peer(conn)) {
990 wpa_printf(MSG_INFO, "TLS: Peer certificate chain "
991 "failed validation");
996 #ifdef CONFIG_GNUTLS_EXTRA
997 if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) {
998 wpa_printf(MSG_INFO, "TLS: No TLS/IA negotiation");
1002 #endif /* CONFIG_GNUTLS_EXTRA */
1005 wpa_printf(MSG_DEBUG, "TLS: Start TLS/IA handshake");
1007 wpa_printf(MSG_DEBUG, "TLS: Handshake completed "
1010 conn->established = 1;
1011 if (conn->push_buf == NULL) {
1012 /* Need to return something to get final TLS ACK. */
1013 conn->push_buf = os_malloc(1);
1016 gnutls_session_get_data(conn->session, NULL, &size);
1017 if (global->session_data == NULL ||
1018 global->session_data_size < size) {
1019 os_free(global->session_data);
1020 global->session_data = os_malloc(size);
1022 if (global->session_data) {
1023 global->session_data_size = size;
1024 gnutls_session_get_data(conn->session,
1025 global->session_data,
1026 &global->session_data_size);
1030 out_data = conn->push_buf;
1031 *out_len = conn->push_buf_len;
1032 conn->push_buf = NULL;
1033 conn->push_buf_len = 0;
1038 u8 * tls_connection_server_handshake(void *ssl_ctx,
1039 struct tls_connection *conn,
1040 const u8 *in_data, size_t in_len,
1043 return tls_connection_handshake(ssl_ctx, conn, in_data, in_len,
1044 out_len, NULL, NULL);
1048 int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
1049 const u8 *in_data, size_t in_len,
1050 u8 *out_data, size_t out_len)
1056 res = gnutls_ia_send(conn->session, (char *) in_data, in_len);
1058 #endif /* GNUTLS_IA */
1059 res = gnutls_record_send(conn->session, in_data, in_len);
1061 wpa_printf(MSG_INFO, "%s: Encryption failed: %s",
1062 __func__, gnutls_strerror(res));
1065 if (conn->push_buf == NULL)
1067 if (conn->push_buf_len < out_len)
1068 out_len = conn->push_buf_len;
1069 else if (conn->push_buf_len > out_len) {
1070 wpa_printf(MSG_INFO, "GnuTLS: Not enough buffer space for "
1071 "encrypted message (in_len=%lu push_buf_len=%lu "
1073 (unsigned long) in_len,
1074 (unsigned long) conn->push_buf_len,
1075 (unsigned long) out_len);
1077 os_memcpy(out_data, conn->push_buf, out_len);
1078 os_free(conn->push_buf);
1079 conn->push_buf = NULL;
1080 conn->push_buf_len = 0;
1085 int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
1086 const u8 *in_data, size_t in_len,
1087 u8 *out_data, size_t out_len)
1091 if (conn->pull_buf) {
1092 wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in "
1093 "pull_buf", __func__,
1094 (unsigned long) conn->pull_buf_len);
1095 os_free(conn->pull_buf);
1097 conn->pull_buf = os_malloc(in_len);
1098 if (conn->pull_buf == NULL)
1100 os_memcpy(conn->pull_buf, in_data, in_len);
1101 conn->pull_buf_offset = conn->pull_buf;
1102 conn->pull_buf_len = in_len;
1106 res = gnutls_ia_recv(conn->session, (char *) out_data,
1108 if (out_len >= 12 &&
1109 (res == GNUTLS_E_WARNING_IA_IPHF_RECEIVED ||
1110 res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)) {
1111 int final = res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED;
1112 wpa_printf(MSG_DEBUG, "%s: Received %sPhaseFinished",
1113 __func__, final ? "Final" : "Intermediate");
1115 res = gnutls_ia_permute_inner_secret(
1116 conn->session, conn->session_keys_len,
1117 (char *) conn->session_keys);
1118 if (conn->session_keys) {
1119 os_memset(conn->session_keys, 0,
1120 conn->session_keys_len);
1121 os_free(conn->session_keys);
1123 conn->session_keys = NULL;
1124 conn->session_keys_len = 0;
1126 wpa_printf(MSG_DEBUG, "%s: Failed to permute "
1128 __func__, gnutls_strerror(res));
1132 res = gnutls_ia_verify_endphase(conn->session,
1135 wpa_printf(MSG_DEBUG, "%s: Correct endphase "
1136 "checksum", __func__);
1138 wpa_printf(MSG_INFO, "%s: Endphase "
1139 "verification failed: %s",
1140 __func__, gnutls_strerror(res));
1145 conn->final_phase_finished = 1;
1151 wpa_printf(MSG_DEBUG, "%s - gnutls_ia_recv failed: %d "
1152 "(%s)", __func__, (int) res,
1153 gnutls_strerror(res));
1157 #endif /* GNUTLS_IA */
1159 res = gnutls_record_recv(conn->session, out_data, out_len);
1161 wpa_printf(MSG_DEBUG, "%s - gnutls_record_recv failed: %d "
1162 "(%s)", __func__, (int) res, gnutls_strerror(res));
1169 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
1173 return gnutls_session_is_resumed(conn->session);
1177 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
1185 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
1186 char *buf, size_t buflen)
1194 int tls_connection_enable_workaround(void *ssl_ctx,
1195 struct tls_connection *conn)
1197 /* TODO: set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
1202 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
1203 int ext_type, const u8 *data,
1211 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
1215 return conn->failed;
1219 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
1223 return conn->read_alerts;
1227 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
1231 return conn->write_alerts;
1235 int tls_connection_get_keyblock_size(void *tls_ctx,
1236 struct tls_connection *conn)
1243 unsigned int tls_capabilities(void *tls_ctx)
1245 unsigned int capa = 0;
1248 capa |= TLS_CAPABILITY_IA;
1249 #endif /* GNUTLS_IA */
1255 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
1264 conn->tls_ia = tls_ia;
1268 ret = gnutls_ia_allocate_server_credentials(&conn->iacred_srv);
1270 wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s",
1271 gnutls_strerror(ret));
1275 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
1278 wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s",
1279 gnutls_strerror(ret));
1280 gnutls_ia_free_server_credentials(conn->iacred_srv);
1281 conn->iacred_srv = NULL;
1286 #else /* GNUTLS_IA */
1288 #endif /* GNUTLS_IA */
1292 int tls_connection_ia_send_phase_finished(void *tls_ctx,
1293 struct tls_connection *conn,
1295 u8 *out_data, size_t out_len)
1300 if (conn == NULL || conn->session == NULL || !conn->tls_ia)
1303 ret = gnutls_ia_permute_inner_secret(conn->session,
1304 conn->session_keys_len,
1305 (char *) conn->session_keys);
1306 if (conn->session_keys) {
1307 os_memset(conn->session_keys, 0, conn->session_keys_len);
1308 os_free(conn->session_keys);
1310 conn->session_keys = NULL;
1311 conn->session_keys_len = 0;
1313 wpa_printf(MSG_DEBUG, "%s: Failed to permute inner secret: %s",
1314 __func__, gnutls_strerror(ret));
1318 ret = gnutls_ia_endphase_send(conn->session, final);
1320 wpa_printf(MSG_DEBUG, "%s: Failed to send endphase: %s",
1321 __func__, gnutls_strerror(ret));
1325 if (conn->push_buf == NULL)
1327 if (conn->push_buf_len < out_len)
1328 out_len = conn->push_buf_len;
1329 os_memcpy(out_data, conn->push_buf, out_len);
1330 os_free(conn->push_buf);
1331 conn->push_buf = NULL;
1332 conn->push_buf_len = 0;
1334 #else /* GNUTLS_IA */
1336 #endif /* GNUTLS_IA */
1340 int tls_connection_ia_final_phase_finished(void *tls_ctx,
1341 struct tls_connection *conn)
1346 return conn->final_phase_finished;
1350 int tls_connection_ia_permute_inner_secret(void *tls_ctx,
1351 struct tls_connection *conn,
1352 const u8 *key, size_t key_len)
1355 if (conn == NULL || !conn->tls_ia)
1358 if (conn->session_keys) {
1359 os_memset(conn->session_keys, 0, conn->session_keys_len);
1360 os_free(conn->session_keys);
1362 conn->session_keys_len = 0;
1365 conn->session_keys = os_malloc(key_len);
1366 if (conn->session_keys == NULL)
1368 os_memcpy(conn->session_keys, key, key_len);
1369 conn->session_keys_len = key_len;
1371 conn->session_keys = NULL;
1372 conn->session_keys_len = 0;
1376 #else /* GNUTLS_IA */
1378 #endif /* GNUTLS_IA */