1 /*
2 * SSL/TLS interface functions for mbedtls
3 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * This software may be distributed under the terms of the BSD license.
17 * See README for more details.
18 */
19
20 #include "library/common.h"
21 #include "includes.h"
22 #include "common.h"
23 #include "tls.h"
24 #include "mbedtls/ssl.h"
25 #include "mbedtls/ssl_ciphersuites.h"
26 #include "mbedtls/entropy.h"
27 #include "mbedtls/ctr_drbg.h"
28 #include "mbedtls/x509.h"
29 #include "mbedtls/x509_crt.h"
30 #include "mbedtls/debug.h"
31 #include "mbedtls/version.h"
32
33 #define TLS_KEY_RANDOM_LEN 32
34
35 typedef struct eap_tls_keys {
36 unsigned char master_secret[48];
37 unsigned char randbytes[TLS_KEY_RANDOM_LEN * 2];
38 mbedtls_tls_prf_types tls_prf_type;
39 } eap_tls_keys;
40
41 struct tls_connection {
42 mbedtls_ssl_context *ssl;
43 mbedtls_ssl_config *conf;
44 mbedtls_ctr_drbg_context *ctr_drbg;
45 mbedtls_entropy_context *entropy;
46 mbedtls_x509_crt *ca_cert;
47 mbedtls_x509_crt *cli_cert;
48 mbedtls_pk_context *pk;
49 const unsigned char *in_buf;
50 size_t in_buf_len;
51
52 struct wpabuf *out_buf;
53 int failed;
54 int status;
55 unsigned int client_hello_generated:1;
56 unsigned int server:1;
57 eap_tls_keys eap_tls_keying;
58 };
59
60 static ext_wifi_ent_import_callback g_tls_import_cb = { NULL };
61
62 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
tls_key_derivation(void * p_expkey,const unsigned char * ms,const unsigned char * kb,size_t maclen,size_t keylen,size_t ivlen,const unsigned char client_random[TLS_KEY_RANDOM_LEN],const unsigned char server_random[TLS_KEY_RANDOM_LEN],mbedtls_tls_prf_types tls_prf_type)63 static int tls_key_derivation(void *p_expkey,
64 const unsigned char *ms,
65 const unsigned char *kb,
66 size_t maclen,
67 size_t keylen,
68 size_t ivlen,
69 const unsigned char client_random[TLS_KEY_RANDOM_LEN],
70 const unsigned char server_random[TLS_KEY_RANDOM_LEN],
71 mbedtls_tls_prf_types tls_prf_type)
72 {
73 if ((p_expkey == NULL) || (ms == NULL))
74 return -1;
75 eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
76
77 (void)kb;
78 (void)maclen;
79 (void)keylen;
80 (void)ivlen;
81
82 (void)os_memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
83 (void)os_memcpy(keys->randbytes, client_random, TLS_KEY_RANDOM_LEN);
84 (void)os_memcpy(keys->randbytes + TLS_KEY_RANDOM_LEN, server_random, TLS_KEY_RANDOM_LEN);
85 keys->tls_prf_type = tls_prf_type;
86
87 return 0;
88 }
89 #else
tls_key_derivation(void * p_expkey,mbedtls_ssl_key_export_type secret_type,const unsigned char * secret,size_t secret_len,const unsigned char client_random[TLS_KEY_RANDOM_LEN],const unsigned char server_random[TLS_KEY_RANDOM_LEN],mbedtls_tls_prf_types tls_prf_type)90 static void tls_key_derivation(void *p_expkey,
91 mbedtls_ssl_key_export_type secret_type,
92 const unsigned char *secret,
93 size_t secret_len,
94 const unsigned char client_random[TLS_KEY_RANDOM_LEN],
95 const unsigned char server_random[TLS_KEY_RANDOM_LEN],
96 mbedtls_tls_prf_types tls_prf_type)
97 {
98 if ((p_expkey == NULL) || (secret == NULL))
99 return;
100
101 eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
102 if (secret_len != sizeof(keys->master_secret))
103 return;
104
105 (void)secret_type;
106
107 (void)os_memcpy(keys->master_secret, secret, sizeof(keys->master_secret));
108 (void)os_memcpy(keys->randbytes, client_random, TLS_KEY_RANDOM_LEN);
109 (void)os_memcpy(keys->randbytes + TLS_KEY_RANDOM_LEN, server_random, TLS_KEY_RANDOM_LEN);
110 keys->tls_prf_type = tls_prf_type;
111 }
112 #endif
113
tls_get_errors(void * tls_ctx)114 int tls_get_errors(void *tls_ctx)
115 {
116 (void)tls_ctx;
117 return 0;
118 }
119
tls_wpa_send(void * ctx,const unsigned char * buf,size_t len)120 static int tls_wpa_send(void *ctx, const unsigned char *buf, size_t len)
121 {
122 struct tls_connection *conn = NULL;
123
124 if ((ctx == NULL) || (buf == NULL) || (len == 0))
125 return 0;
126
127 conn = (struct tls_connection *)ctx;
128 if (conn->out_buf == NULL) {
129 conn->out_buf = wpabuf_alloc_copy(buf, len);
130 if (conn->out_buf == NULL)
131 return MBEDTLS_ERR_SSL_WANT_WRITE;
132 } else {
133 if (wpabuf_resize(&conn->out_buf, len) == 0)
134 wpabuf_put_data(conn->out_buf, buf, len);
135 else
136 return MBEDTLS_ERR_SSL_WANT_WRITE;
137 }
138 return len;
139 }
140
tls_wpa_recv(void * ctx,unsigned char * buf,size_t len)141 static int tls_wpa_recv(void *ctx, unsigned char *buf, size_t len)
142 {
143 struct tls_connection *conn = NULL;
144 size_t data_len = len;
145
146 if ((ctx == NULL) || (buf == NULL))
147 return 0;
148
149 conn = (struct tls_connection *)ctx;
150 if ((conn->in_buf == NULL) || (conn->in_buf_len == 0))
151 return MBEDTLS_ERR_SSL_WANT_READ;
152
153 if (conn->in_buf_len < len)
154 data_len = conn->in_buf_len;
155
156 (void)os_memcpy(buf, conn->in_buf, data_len);
157
158 conn->in_buf += data_len;
159 conn->in_buf_len -= data_len;
160
161 return data_len;
162 }
163
164 #if defined(CONFIG_WPA_ENTERPRISE_DEBUG)
tls_debug(void * ctx,int level,const char * file,int line,const char * str)165 static void tls_debug(void *ctx, int level,
166 const char *file, int line,
167 const char *str)
168 {
169 (void)ctx;
170 const char *p = NULL;
171 const char *basename = NULL;
172 for (p = basename = file; (p != NULL) && (*p != '\0'); p++) {
173 if (*p == '/' || *p == '\\')
174 basename = p + 1;
175 }
176
177 wpa_printf(MSG_DEBUG, "%s:%04d: |%d| %s", basename, line, level, str);
178 }
179 #endif
180
tls_connection_init(void * tls_ctx)181 struct tls_connection *tls_connection_init(void *tls_ctx)
182 {
183 int ret = 0;
184 const char *pers = "eap tls";
185 struct tls_connection *conn = NULL;
186 mbedtls_ssl_context *ssl = NULL;
187 mbedtls_entropy_context *entropy = NULL;
188 mbedtls_ctr_drbg_context *ctr_drbg = NULL;
189 mbedtls_ssl_config *conf = NULL;
190 int role = MBEDTLS_SSL_IS_CLIENT;
191
192 conn = os_zalloc(sizeof(*conn));
193 if (conn == NULL)
194 return NULL;
195
196 ssl = os_zalloc(sizeof(*ssl));
197 conf = os_zalloc(sizeof(*conf));
198 ctr_drbg = os_zalloc(sizeof(*ctr_drbg));
199 entropy = os_zalloc(sizeof(*entropy));
200 if (ssl == NULL || conf == NULL || ctr_drbg == NULL || entropy == NULL) {
201 os_free(ssl);
202 os_free(conf);
203 os_free(ctr_drbg);
204 os_free(entropy);
205 os_free(conn);
206 return NULL;
207 }
208
209 conn->ssl = ssl;
210 conn->conf = conf;
211 conn->ctr_drbg = ctr_drbg;
212 conn->entropy = entropy;
213
214 /* Initialize the RNG and the session data */
215 mbedtls_ssl_init(ssl);
216 mbedtls_ssl_config_init(conf);
217 mbedtls_ctr_drbg_init(ctr_drbg);
218
219 mbedtls_entropy_init(entropy);
220 ret = mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy,
221 (const unsigned char *)pers,
222 strlen(pers));
223 if (ret != 0) {
224 wpa_printf(MSG_ERROR, "TLS: Failed to generate random number(%d)!", ret);
225 goto exit;
226 }
227
228 /* Setup stuff */
229 ret = mbedtls_ssl_config_defaults(conf, role,
230 MBEDTLS_SSL_TRANSPORT_STREAM,
231 MBEDTLS_SSL_PRESET_DEFAULT);
232 if (ret != 0) {
233 wpa_printf(MSG_ERROR, "TLS: Failed to load default config(%d)!", ret);
234 goto exit;
235 }
236
237 /* REQUIRED is the recommended mode security on client */
238 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
239 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, ctr_drbg);
240
241 ret = mbedtls_ssl_setup(ssl, conf);
242 if (ret != 0) {
243 wpa_printf(MSG_ERROR, "TLS: Failed to setup ssl(%d)!", ret);
244 goto exit;
245 }
246
247 mbedtls_ssl_set_bio(ssl, conn, tls_wpa_send, tls_wpa_recv, NULL);
248 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
249 mbedtls_ssl_conf_export_keys_ext_cb(conf, tls_key_derivation, &conn->eap_tls_keying);
250 #else
251 mbedtls_ssl_set_export_keys_cb(ssl, tls_key_derivation, &conn->eap_tls_keying);
252 #endif
253
254 #if defined(CONFIG_WPA_ENTERPRISE_DEBUG)
255 mbedtls_debug_set_threshold(3);
256 mbedtls_ssl_conf_dbg(conf, tls_debug, NULL);
257 #endif
258
259 return conn;
260 exit:
261 tls_connection_deinit(tls_ctx, conn);
262 return NULL;
263 }
264
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)265 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
266 {
267 (void)tls_ctx;
268
269 if (conn == NULL)
270 return;
271
272 forced_memzero(&(conn->eap_tls_keying), sizeof(eap_tls_keys));
273 if (conn->ca_cert != NULL) {
274 mbedtls_x509_crt_free(conn->ca_cert);
275 os_free(conn->ca_cert);
276 conn->ca_cert = NULL;
277 }
278 if (conn->cli_cert != NULL) {
279 mbedtls_x509_crt_free(conn->cli_cert);
280 os_free(conn->cli_cert);
281 conn->cli_cert = NULL;
282 }
283 if (conn->pk != NULL) {
284 mbedtls_pk_free(conn->pk);
285 os_free(conn->pk);
286 conn->pk = NULL;
287 }
288 if (conn->entropy != NULL) {
289 mbedtls_entropy_free(conn->entropy);
290 os_free(conn->entropy);
291 conn->entropy = NULL;
292 }
293 if (conn->ctr_drbg != NULL) {
294 mbedtls_ctr_drbg_free(conn->ctr_drbg);
295 os_free(conn->ctr_drbg);
296 conn->ctr_drbg = NULL;
297 }
298 if (conn->ssl != NULL) {
299 mbedtls_ssl_free(conn->ssl);
300 os_free(conn->ssl);
301 conn->ssl = NULL;
302 }
303 if (conn->conf != NULL) {
304 mbedtls_ssl_config_free(conn->conf);
305 os_free(conn->conf);
306 conn->conf = NULL;
307 }
308 os_free(conn);
309 }
310
tls_connection_established(void * tls_ctx,struct tls_connection * conn)311 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
312 {
313 (void)tls_ctx;
314
315 if (conn == NULL)
316 return 0;
317 return conn->status;
318 }
319
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)320 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
321 {
322 (void)tls_ctx;
323
324 if (conn == NULL)
325 return -1;
326
327 (void)mbedtls_ssl_session_reset(conn->ssl);
328 conn->status = 0;
329 conn->failed = 0;
330 conn->in_buf = NULL;
331 conn->in_buf_len = 0;
332 conn->client_hello_generated = 0;
333 return 0;
334 }
335
tls_connection_ca_cert(struct tls_connection * conn,const char * ca_cert,const u8 * ca_cert_blob,size_t ca_cert_blob_len,const char * ca_path)336 static int tls_connection_ca_cert(struct tls_connection *conn,
337 const char *ca_cert, const u8 *ca_cert_blob,
338 size_t ca_cert_blob_len, const char *ca_path)
339 {
340 mbedtls_ssl_context *ssl = NULL;
341 mbedtls_ssl_config *conf = NULL;
342 unsigned char *cert_buf = NULL;
343 mbedtls_x509_crt *cacert = NULL;
344 unsigned int cert_len = 0;
345 int ret;
346
347 (void)ca_cert;
348 (void)ca_cert_blob;
349 (void)ca_cert_blob_len;
350 (void)ca_path;
351
352 if ((conn == NULL) || (conn->ssl == NULL))
353 return -1;
354
355 ssl = conn->ssl;
356 conf = (mbedtls_ssl_config *)ssl->conf;
357
358 if (g_tls_import_cb.ca_cert_import == NULL) {
359 wpa_printf(MSG_ERROR, "TLS: ca_cert == NULL!");
360 return -1;
361 }
362
363 g_tls_import_cb.ca_cert_import(&cert_buf, &cert_len);
364 if ((cert_buf == NULL) || (cert_len == 0)) {
365 wpa_printf(MSG_ERROR, "TLS: Failed to read ca cert!");
366 return -1;
367 }
368
369 cacert = os_zalloc(sizeof(*cacert));
370 if (cacert == NULL)
371 return -1;
372
373 mbedtls_x509_crt_init(cacert);
374 ret = mbedtls_x509_crt_parse(cacert, cert_buf, (size_t)cert_len);
375 if (ret != 0) {
376 wpa_printf(MSG_ERROR, "TLS: Failed to parse crt!");
377 ret = -1;
378 goto exit;
379 }
380
381 mbedtls_ssl_conf_ca_chain(conf, cacert, NULL);
382 conn->ca_cert = cacert;
383
384 return 0;
385
386 exit:
387 mbedtls_x509_crt_free(cacert);
388 os_free(cacert);
389 return ret;
390 }
391
tls_connection_client_cert(struct tls_connection * conn,const char * private_key,const char * client_cert,const u8 * client_cert_blob,size_t client_cert_blob_len)392 static int tls_connection_client_cert(struct tls_connection *conn,
393 const char *private_key,
394 const char *client_cert,
395 const u8 *client_cert_blob,
396 size_t client_cert_blob_len)
397 {
398 mbedtls_ssl_context *ssl = NULL;
399 mbedtls_ssl_config *conf = NULL;
400 unsigned char *cli_buf = NULL;
401 unsigned char *key_buf = NULL;
402 mbedtls_x509_crt *clicert = NULL;
403 mbedtls_pk_context *pk = NULL;
404 unsigned int cli_len = 0;
405 unsigned int key_len = 0;
406 int ret;
407
408 (void)private_key;
409 (void)client_cert;
410 (void)client_cert_blob;
411 (void)client_cert_blob_len;
412
413 if ((conn == NULL) || (conn->ssl == NULL))
414 return -1;
415
416 ssl = conn->ssl;
417 conf = (mbedtls_ssl_config *)ssl->conf;
418
419 if ((g_tls_import_cb.cli_cert_import == NULL) || (g_tls_import_cb.cli_key_import == NULL)) {
420 wpa_printf(MSG_ERROR, "TLS: cli_cert/cli_key == NULL!");
421 return -1;
422 }
423
424 g_tls_import_cb.cli_cert_import(&cli_buf, &cli_len);
425 if ((cli_buf == NULL) || (cli_len == 0)) {
426 wpa_printf(MSG_ERROR, "TLS: Failed to read client cert!");
427 return -1;
428 }
429 g_tls_import_cb.cli_key_import(&key_buf, &key_len);
430 if ((key_buf == NULL) || (key_len == 0)) {
431 wpa_printf(MSG_ERROR, "TLS: Failed to read client key!");
432 return -1;
433 }
434
435 clicert = os_zalloc(sizeof(*clicert));
436 if (clicert == NULL)
437 return -1;
438
439 mbedtls_x509_crt_init(clicert);
440 ret = mbedtls_x509_crt_parse(clicert, cli_buf, (size_t)cli_len);
441 if (ret != 0)
442 goto exit;
443
444 pk = os_zalloc(sizeof(*pk));
445 if (pk == NULL)
446 goto exit;
447
448 mbedtls_pk_init(pk);
449 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
450 ret = mbedtls_pk_parse_key(pk, key_buf, (size_t)key_len, NULL, 0);
451 #else
452 ret = mbedtls_pk_parse_key(pk, key_buf, (size_t)key_len, NULL, 0,
453 mbedtls_ctr_drbg_random, conn->ctr_drbg);
454 #endif
455 if (ret != 0)
456 goto exit;
457
458 ret = mbedtls_ssl_conf_own_cert(conf, clicert, pk);
459 if (ret != 0)
460 goto exit;
461
462 conn->cli_cert = clicert;
463 conn->pk = pk;
464
465 return ret;
466
467 exit:
468 if (pk != NULL) {
469 mbedtls_pk_free(pk);
470 os_free(pk);
471 }
472 if (clicert != NULL) {
473 mbedtls_x509_crt_free(clicert);
474 os_free(clicert);
475 }
476 return -1;
477 }
478
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)479 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
480 const struct tls_connection_params *params)
481 {
482 (void)tls_ctx;
483
484 if ((conn == NULL) || (params == NULL))
485 return -1;
486
487 if (tls_connection_ca_cert(conn,
488 params->ca_cert,
489 params->ca_cert_blob,
490 params->ca_cert_blob_len,
491 params->ca_path)) {
492 wpa_printf(MSG_ERROR, "TLS: Failed to set CA certificate!");
493 return -1;
494 }
495
496 if (tls_connection_client_cert(conn,
497 params->private_key,
498 params->client_cert,
499 params->client_cert_blob,
500 params->client_cert_blob_len)) {
501 wpa_printf(MSG_ERROR, "TLS: Failed to set client certificate!");
502 return -1;
503 }
504
505 return 0;
506 }
507
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)508 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, struct tls_random *data)
509 {
510 (void)tls_ctx;
511
512 if ((conn == NULL) || (data == NULL))
513 return -1;
514
515 os_memset(data, 0, sizeof(*data));
516 data->client_random = conn->eap_tls_keying.randbytes;
517 data->client_random_len = TLS_KEY_RANDOM_LEN;
518 data->server_random = conn->eap_tls_keying.randbytes + TLS_KEY_RANDOM_LEN;
519 data->server_random_len = TLS_KEY_RANDOM_LEN;
520 return 0;
521 }
522
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)523 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
524 const char *label, const u8 *context,
525 size_t context_len, u8 *out, size_t out_len)
526 {
527 eap_tls_keys *keys = NULL;
528 (void)tls_ctx;
529 (void)context;
530
531 if ((conn == NULL) || (label == NULL) || (out == NULL))
532 return -1;
533
534 keys = &conn->eap_tls_keying;
535 if (mbedtls_ssl_tls_prf(keys->tls_prf_type,
536 keys->master_secret,
537 sizeof(keys->master_secret),
538 label,
539 keys->randbytes,
540 sizeof(keys->randbytes),
541 out, out_len) != 0)
542 return -1;
543
544 return 0;
545 }
546
tls_wpa_handshake(struct tls_connection * conn,const struct wpabuf * in_data)547 static struct wpabuf *tls_wpa_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
548 {
549 int res;
550
551 if (conn == NULL)
552 return NULL;
553
554 /* out_buf is freed by eap_tls_process_output */
555 conn->out_buf = NULL;
556
557 /* conn->in_buf is the pointer of in_data and shouldn't be freed */
558 if (in_data != NULL && wpabuf_len(in_data) > 0) {
559 conn->in_buf = wpabuf_head(in_data);
560 conn->in_buf_len = wpabuf_len(in_data);
561 }
562
563 /* Initiate TLS handshake or continue the existing handshake */
564 res = mbedtls_ssl_handshake(conn->ssl);
565 if (res != 0) {
566 if (res == MBEDTLS_ERR_SSL_WANT_READ)
567 wpa_printf(MSG_DEBUG, "TLS: SSL_connect - want more data");
568 else if (res == MBEDTLS_ERR_SSL_WANT_WRITE)
569 wpa_printf(MSG_DEBUG, "TLS: SSL_connect - want to write");
570 else {
571 conn->failed++;
572 if (!conn->server && !conn->client_hello_generated) {
573 /* The server would not understand TLS Alert
574 * before ClientHello, so simply terminate
575 * handshake on this type of error case caused
576 * by a likely internal error like no ciphers
577 * available. */
578 wpa_printf(MSG_DEBUG, "TLS: Could not generate ClientHello");
579 }
580 }
581
582 if (res != MBEDTLS_ERR_SSL_WANT_READ)
583 goto exit;
584 } else
585 conn->status = 1;
586
587 if (conn->out_buf == NULL) {
588 wpa_printf(MSG_DEBUG, "TLS: Added dummy for ack.");
589 /* return 0-size buf */
590 conn->out_buf = wpabuf_alloc(0);
591 }
592
593 if (!conn->server && !conn->failed)
594 conn->client_hello_generated = 1;
595 exit:
596 return conn->out_buf;
597 }
598
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)599 struct wpabuf *tls_connection_handshake(void *tls_ctx,
600 struct tls_connection *conn,
601 const struct wpabuf *in_data,
602 struct wpabuf **appl_data)
603 {
604 (void)tls_ctx;
605 (void)appl_data;
606 return tls_wpa_handshake(conn, in_data);
607 }
608
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)609 struct wpabuf *tls_connection_encrypt(void *tls_ctx,
610 struct tls_connection *conn,
611 const struct wpabuf *in_data)
612 {
613 (void)tls_ctx;
614 (void)conn;
615 (void)in_data;
616 return NULL;
617 }
618
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)619 struct wpabuf *tls_connection_decrypt(void *tls_ctx,
620 struct tls_connection *conn,
621 const struct wpabuf *in_data)
622 {
623 (void)tls_ctx;
624 (void)conn;
625 (void)in_data;
626 return NULL;
627 }
628
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)629 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
630 {
631 (void)tls_ctx;
632 (void)conn;
633 return 0;
634 }
635
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)636 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, char *buf, size_t buflen)
637 {
638 const char *name = NULL;
639 (void)ssl_ctx;
640
641 if ((conn == NULL) || (conn->ssl == NULL) || (buf == NULL) || (buflen == 0))
642 return -1;
643
644 name = mbedtls_ssl_get_version(conn->ssl);
645 if (name == NULL)
646 return -1;
647
648 os_strlcpy(buf, name, buflen);
649 return 0;
650 }
651
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)652 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, char *buf, size_t buflen)
653 {
654 const char *name = NULL;
655 (void)tls_ctx;
656
657 if ((conn == NULL) || (conn->ssl == NULL) || (buf == NULL) || (buflen == 0))
658 return -1;
659
660 name = mbedtls_ssl_get_ciphersuite(conn->ssl);
661 if (name == NULL) {
662 return -1;
663 }
664
665 os_strlcpy(buf, name, buflen);
666 return 0;
667 }
668
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)669 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
670 {
671 (void)tls_ctx;
672 if (conn == NULL)
673 return -1;
674 return conn->failed;
675 }
676
tls_set_import_cb(ext_wifi_ent_import_callback * cb)677 int tls_set_import_cb(ext_wifi_ent_import_callback *cb)
678 {
679 if (cb == NULL)
680 return -1;
681 (void)os_memcpy(&g_tls_import_cb, cb, sizeof(ext_wifi_ent_import_callback));
682 return 0;
683 }
684
685