42 static void dpp_auth_success(struct dpp_authentication *auth)  in dpp_auth_success()  argument
46 	os_memset(auth->Mx, 0, sizeof(auth->Mx));  in dpp_auth_success()
47 	auth->Mx_len = 0;  in dpp_auth_success()
48 	os_memset(auth->Nx, 0, sizeof(auth->Nx));  in dpp_auth_success()
49 	auth->Nx_len = 0;  in dpp_auth_success()
50 	os_memset(auth->Lx, 0, sizeof(auth->Lx));  in dpp_auth_success()
51 	auth->Lx_len = 0;  in dpp_auth_success()
52 	os_memset(auth->k1, 0, sizeof(auth->k1));  in dpp_auth_success()
53 	os_memset(auth->k2, 0, sizeof(auth->k2));  in dpp_auth_success()
55 	auth->auth_success = 1;  in dpp_auth_success()
59 static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,  in dpp_auth_build_req()  argument
154 		os_memcpy(pos, auth->i_nonce, nonce_len - 1);  in dpp_auth_build_req()
165 	os_memcpy(pos, auth->i_nonce, nonce_len);  in dpp_auth_build_req()
181 	auth->i_capab = auth->allowed_roles;  in dpp_auth_build_req()
182 	*pos++ = auth->i_capab;  in dpp_auth_build_req()
205 	if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_req()
233 static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,  in dpp_auth_build_resp()  argument
253 	auth->waiting_auth_conf = 1;  in dpp_auth_build_resp()
254 	auth->auth_resp_status = status;  in dpp_auth_build_resp()
255 	auth->auth_resp_tries = 0;  in dpp_auth_build_resp()
292 	if (auth->peer_version >= 2) {  in dpp_auth_build_resp()
308 	/* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */  in dpp_auth_build_resp()
349 	auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR :  in dpp_auth_build_resp()
351 	*pos++ = auth->r_capab;  in dpp_auth_build_resp()
359 		if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) ==  in dpp_auth_build_resp()
363 			pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :  in dpp_auth_build_resp()
370 		/* {R-auth}ke */  in dpp_auth_build_resp()
391 	if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_resp()
418 static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)  in dpp_auth_build_resp_ok()  argument
434 	if (!auth->own_bi)  in dpp_auth_build_resp_ok()
441 		os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);  in dpp_auth_build_resp_ok()
443 		nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
444 		if (random_get_bytes(auth->r_nonce, nonce_len)) {  in dpp_auth_build_resp_ok()
451 	nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
452 	if (random_get_bytes(auth->r_nonce, nonce_len)) {  in dpp_auth_build_resp_ok()
457 	wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);  in dpp_auth_build_resp_ok()
459 	crypto_ec_key_deinit(auth->own_protocol_key);  in dpp_auth_build_resp_ok()
466 		auth->own_protocol_key = dpp_set_keypair(  in dpp_auth_build_resp_ok()
470 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
473 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
475 	if (!auth->own_protocol_key)  in dpp_auth_build_resp_ok()
478 	pr = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);  in dpp_auth_build_resp_ok()
483 	if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key,  in dpp_auth_build_resp_ok()
484 		     auth->Nx, &secret_len) < 0)  in dpp_auth_build_resp_ok()
488 			auth->Nx, auth->secret_len);  in dpp_auth_build_resp_ok()
489 	auth->Nx_len = auth->secret_len;  in dpp_auth_build_resp_ok()
491 	if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,  in dpp_auth_build_resp_ok()
492 			  auth->curve->hash_len) < 0)  in dpp_auth_build_resp_ok()
495 	if (auth->own_bi && auth->peer_bi) {  in dpp_auth_build_resp_ok()
497 		if (dpp_auth_derive_l_responder(auth) < 0)  in dpp_auth_build_resp_ok()
501 	if (dpp_derive_bk_ke(auth) < 0)  in dpp_auth_build_resp_ok()
504 	/* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */  in dpp_auth_build_resp_ok()
506 	WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);  in dpp_auth_build_resp_ok()
507 	if (dpp_gen_r_auth(auth, r_auth + 4) < 0)  in dpp_auth_build_resp_ok()
511 		wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch");  in dpp_auth_build_resp_ok()
512 		r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_resp_ok()
515 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_resp_ok()
516 			    r_auth, 4 + auth->curve->hash_len,  in dpp_auth_build_resp_ok()
519 	wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;  in dpp_auth_build_resp_ok()
520 	wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke",  in dpp_auth_build_resp_ok()
524 	r_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_resp_ok()
525 	if (auth->peer_bi)  in dpp_auth_build_resp_ok()
526 		i_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_resp_ok()
530 	i_nonce = auth->i_nonce;  in dpp_auth_build_resp_ok()
531 	r_nonce = auth->r_nonce;  in dpp_auth_build_resp_ok()
564 		pr = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_build_resp_ok()
565 		if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)  in dpp_auth_build_resp_ok()
568 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth");  in dpp_auth_build_resp_ok()
586 	msg = dpp_auth_build_resp(auth, status, pr, nonce_len,  in dpp_auth_build_resp_ok()
590 				  auth->k2);  in dpp_auth_build_resp_ok()
593 	wpabuf_free(auth->resp_msg);  in dpp_auth_build_resp_ok()
594 	auth->resp_msg = msg;  in dpp_auth_build_resp_ok()
602 static int dpp_auth_build_resp_status(struct dpp_authentication *auth,  in dpp_auth_build_resp_status()  argument
611 	if (!auth->own_bi)  in dpp_auth_build_resp_status()
615 	r_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_resp_status()
616 	if (auth->peer_bi)  in dpp_auth_build_resp_status()
617 		i_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_resp_status()
621 	i_nonce = auth->i_nonce;  in dpp_auth_build_resp_status()
656 	msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,  in dpp_auth_build_resp_status()
658 				  NULL, i_nonce, NULL, 0, auth->k1);  in dpp_auth_build_resp_status()
661 	wpabuf_free(auth->resp_msg);  in dpp_auth_build_resp_status()
662 	auth->resp_msg = msg;  in dpp_auth_build_resp_status()
684 	struct dpp_authentication *auth = NULL;  in dpp_auth_req_rx()  local
709 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_auth_req_rx()
710 	if (!auth)  in dpp_auth_req_rx()
713 	    dpp_set_configurator(auth, peer_bi->configurator_params) < 0)  in dpp_auth_req_rx()
715 	auth->peer_bi = peer_bi;  in dpp_auth_req_rx()
716 	auth->own_bi = own_bi;  in dpp_auth_req_rx()
717 	auth->curve = own_bi->curve;  in dpp_auth_req_rx()
718 	auth->curr_freq = freq;  in dpp_auth_req_rx()
720 	auth->peer_version = 1; /* default to the first version */  in dpp_auth_req_rx()
726 			dpp_auth_fail(auth,  in dpp_auth_req_rx()
730 		auth->peer_version = version[0];  in dpp_auth_req_rx()
732 			   auth->peer_version);  in dpp_auth_req_rx()
742 			dpp_auth_fail(auth, "Too short Channel attribute");  in dpp_auth_req_rx()
751 			dpp_auth_fail(auth,  in dpp_auth_req_rx()
756 		if (auth->curr_freq != (unsigned int) neg_freq) {  in dpp_auth_req_rx()
760 			auth->curr_freq = neg_freq;  in dpp_auth_req_rx()
767 		dpp_auth_fail(auth,  in dpp_auth_req_rx()
777 		dpp_auth_fail(auth, "Invalid Initiator Protocol Key");  in dpp_auth_req_rx()
782 	if (dpp_ecdh(own_bi->pubkey, pi, auth->Mx, &secret_len) < 0)  in dpp_auth_req_rx()
784 	auth->secret_len = secret_len;  in dpp_auth_req_rx()
787 			auth->Mx, auth->secret_len);  in dpp_auth_req_rx()
788 	auth->Mx_len = auth->secret_len;  in dpp_auth_req_rx()
790 	if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,  in dpp_auth_req_rx()
791 			  auth->curve->hash_len) < 0)  in dpp_auth_req_rx()
806 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_req_rx()
809 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_req_rx()
816 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_req_rx()
822 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_req_rx()
823 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_req_rx()
827 	os_memcpy(auth->i_nonce, i_nonce, i_nonce_len);  in dpp_auth_req_rx()
833 		dpp_auth_fail(auth, "Missing or invalid I-capabilities");  in dpp_auth_req_rx()
836 	auth->i_capab = i_capab[0];  in dpp_auth_req_rx()
837 	wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab);  in dpp_auth_req_rx()
842 	switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) {  in dpp_auth_req_rx()
850 		auth->configurator = 1;  in dpp_auth_req_rx()
859 		auth->configurator = 0;  in dpp_auth_req_rx()
864 			auth->configurator = 0;  in dpp_auth_req_rx()
867 			auth->configurator = 1;  in dpp_auth_req_rx()
876 		wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_req_rx()
878 			auth->i_capab & DPP_CAPAB_ROLE_MASK);  in dpp_auth_req_rx()
882 	auth->peer_protocol_key = pi;  in dpp_auth_req_rx()
889 		if (dpp_auth_build_resp_status(auth,  in dpp_auth_req_rx()
896 			auth->response_pending = 1;  in dpp_auth_req_rx()
897 			os_memcpy(auth->waiting_pubkey_hash,  in dpp_auth_req_rx()
905 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE  in dpp_auth_req_rx()
907 		return auth;  in dpp_auth_req_rx()
909 	if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_auth_req_rx()
912 	return auth;  in dpp_auth_req_rx()
915 	wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE  in dpp_auth_req_rx()
916 		"i-capab=0x%02x", auth->i_capab);  in dpp_auth_req_rx()
918 		auth->configurator = 1;  in dpp_auth_req_rx()
920 		auth->configurator = 0;  in dpp_auth_req_rx()
921 	auth->peer_protocol_key = pi;  in dpp_auth_req_rx()
923 	if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0)  in dpp_auth_req_rx()
926 	auth->remove_on_tx_status = 1;  in dpp_auth_req_rx()
927 	return auth;  in dpp_auth_req_rx()
931 	dpp_auth_deinit(auth);  in dpp_auth_req_rx()
936 int dpp_notify_new_qr_code(struct dpp_authentication *auth,  in dpp_notify_new_qr_code()  argument
939 	if (!auth || !auth->response_pending ||  in dpp_notify_new_qr_code()
940 	    os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash,  in dpp_notify_new_qr_code()
946 		   MACSTR, MAC2STR(auth->peer_mac_addr));  in dpp_notify_new_qr_code()
947 	auth->peer_bi = peer_bi;  in dpp_notify_new_qr_code()
949 	if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_notify_new_qr_code()
956 static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth,  in dpp_auth_build_conf()  argument
976 	i_auth_len = 4 + auth->curve->hash_len;  in dpp_auth_build_conf()
977 	r_nonce_len = 4 + auth->curve->nonce_len;  in dpp_auth_build_conf()
991 	r_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_conf()
992 	if (auth->own_bi)  in dpp_auth_build_conf()
993 		i_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_conf()
1064 		/* I-auth wrapped with ke */  in dpp_auth_build_conf()
1074 		/* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |]  in dpp_auth_build_conf()
1077 		WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);  in dpp_auth_build_conf()
1078 		if (dpp_gen_i_auth(auth, i_auth + 4) < 0)  in dpp_auth_build_conf()
1083 			wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch");  in dpp_auth_build_conf()
1084 			i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_conf()
1088 		if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_conf()
1092 		wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke",  in dpp_auth_build_conf()
1101 		WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);  in dpp_auth_build_conf()
1102 		os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);  in dpp_auth_build_conf()
1104 		if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_build_conf()
1124 		dpp_auth_success(auth);  in dpp_auth_build_conf()
1134 static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth)  in dpp_autogen_bootstrap_key()  argument
1138 	if (auth->own_bi)  in dpp_autogen_bootstrap_key()
1145 	if (dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0) < 0 ||  in dpp_autogen_bootstrap_key()
1152 	auth->tmp_own_bi = auth->own_bi = bi;  in dpp_autogen_bootstrap_key()
1169 	struct dpp_authentication *auth;  in dpp_auth_init()  local
1178 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_auth_init()
1179 	if (!auth)  in dpp_auth_init()
1182 	    dpp_set_configurator(auth, peer_bi->configurator_params) < 0)  in dpp_auth_init()
1184 	auth->initiator = 1;  in dpp_auth_init()
1185 	auth->waiting_auth_resp = 1;  in dpp_auth_init()
1186 	auth->allowed_roles = dpp_allowed_roles;  in dpp_auth_init()
1187 	auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR);  in dpp_auth_init()
1188 	auth->peer_bi = peer_bi;  in dpp_auth_init()
1189 	auth->own_bi = own_bi;  in dpp_auth_init()
1190 	auth->curve = peer_bi->curve;  in dpp_auth_init()
1192 	if (dpp_autogen_bootstrap_key(auth) < 0 ||  in dpp_auth_init()
1193 	    dpp_prepare_channel_list(auth, neg_freq, own_modes, num_modes) < 0)  in dpp_auth_init()
1200 		os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);  in dpp_auth_init()
1202 		nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1203 		if (random_get_bytes(auth->i_nonce, nonce_len)) {  in dpp_auth_init()
1210 	nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1211 	if (random_get_bytes(auth->i_nonce, nonce_len)) {  in dpp_auth_init()
1216 	wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);  in dpp_auth_init()
1224 		auth->own_protocol_key = dpp_set_keypair(  in dpp_auth_init()
1228 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1231 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1233 	if (!auth->own_protocol_key)  in dpp_auth_init()
1236 	pi = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);  in dpp_auth_init()
1241 	if (dpp_ecdh(auth->own_protocol_key, auth->peer_bi->pubkey,  in dpp_auth_init()
1242 		     auth->Mx, &secret_len) < 0)  in dpp_auth_init()
1244 	auth->secret_len = secret_len;  in dpp_auth_init()
1247 			auth->Mx, auth->secret_len);  in dpp_auth_init()
1248 	auth->Mx_len = auth->secret_len;  in dpp_auth_init()
1250 	if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,  in dpp_auth_init()
1251 			  auth->curve->hash_len) < 0)  in dpp_auth_init()
1254 	r_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_init()
1255 	i_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_init()
1283 		pi = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_init()
1284 		if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)  in dpp_auth_init()
1289 	if (neg_freq && auth->num_freq == 1 && auth->freq[0] == neg_freq)  in dpp_auth_init()
1291 	auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash,  in dpp_auth_init()
1293 	if (!auth->req_msg)  in dpp_auth_init()
1298 	return auth;  in dpp_auth_init()
1300 	dpp_auth_deinit(auth);  in dpp_auth_init()
1301 	auth = NULL;  in dpp_auth_init()
1305 dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_resp_rx_status()  argument
1327 		dpp_auth_fail(auth, "Responder reported failure");  in dpp_auth_resp_rx_status()
1343 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_resp_rx_status()
1346 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx_status()
1353 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_resp_rx_status()
1359 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx_status()
1360 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_resp_rx_status()
1364 	if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {  in dpp_auth_resp_rx_status()
1365 		dpp_auth_fail(auth, "I-nonce mismatch");  in dpp_auth_resp_rx_status()
1373 		dpp_auth_fail(auth, "Missing or invalid R-capabilities");  in dpp_auth_resp_rx_status()
1376 	auth->r_capab = r_capab[0];  in dpp_auth_resp_rx_status()
1377 	wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);  in dpp_auth_resp_rx_status()
1379 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE  in dpp_auth_resp_rx_status()
1380 			"r-capab=0x%02x", auth->r_capab);  in dpp_auth_resp_rx_status()
1382 		u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;  in dpp_auth_resp_rx_status()
1384 		if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||  in dpp_auth_resp_rx_status()
1385 		    (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {  in dpp_auth_resp_rx_status()
1386 			wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_resp_rx_status()
1392 			wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_resp_rx_status()
1394 				auth->tmp_own_bi ? auth->tmp_own_bi->uri : "");  in dpp_auth_resp_rx_status()
1403 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_resp_rx()  argument
1432 	if (!auth->initiator || !auth->peer_bi || auth->reconfig) {  in dpp_auth_resp_rx()
1433 		dpp_auth_fail(auth, "Unexpected Authentication Response");  in dpp_auth_resp_rx()
1437 	auth->waiting_auth_resp = 0;  in dpp_auth_resp_rx()
1442 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1455 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1461 	if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash,  in dpp_auth_resp_rx()
1463 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1467 			    auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);  in dpp_auth_resp_rx()
1476 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1483 		if (!auth->own_bi ||  in dpp_auth_resp_rx()
1484 		    os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash,  in dpp_auth_resp_rx()
1486 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1490 	} else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) {  in dpp_auth_resp_rx()
1492 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1495 	} else if (auth->own_bi &&  in dpp_auth_resp_rx()
1496 		   auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&  in dpp_auth_resp_rx()
1497 		   auth->own_bi->nfc_negotiated) {  in dpp_auth_resp_rx()
1500 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1505 	auth->peer_version = 1; /* default to the first version */  in dpp_auth_resp_rx()
1511 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1515 		auth->peer_version = version[0];  in dpp_auth_resp_rx()
1517 			   auth->peer_version);  in dpp_auth_resp_rx()
1524 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1529 	auth->auth_resp_status = status[0];  in dpp_auth_resp_rx()
1531 		dpp_auth_resp_rx_status(auth, hdr, attr_start,  in dpp_auth_resp_rx()
1537 	if (!i_bootstrap && auth->own_bi) {  in dpp_auth_resp_rx()
1540 		auth->own_bi = NULL;  in dpp_auth_resp_rx()
1543 	wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_DIRECTION "mutual=%d",  in dpp_auth_resp_rx()
1544 		auth->own_bi != NULL);  in dpp_auth_resp_rx()
1549 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1557 	pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len);  in dpp_auth_resp_rx()
1559 		dpp_auth_fail(auth, "Invalid Responder Protocol Key");  in dpp_auth_resp_rx()
1564 	if (dpp_ecdh(auth->own_protocol_key, pr, auth->Nx, &secret_len) < 0) {  in dpp_auth_resp_rx()
1565 		dpp_auth_fail(auth, "Failed to derive ECDH shared secret");  in dpp_auth_resp_rx()
1568 	crypto_ec_key_deinit(auth->peer_protocol_key);  in dpp_auth_resp_rx()
1569 	auth->peer_protocol_key = pr;  in dpp_auth_resp_rx()
1573 			auth->Nx, auth->secret_len);  in dpp_auth_resp_rx()
1574 	auth->Nx_len = auth->secret_len;  in dpp_auth_resp_rx()
1576 	if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,  in dpp_auth_resp_rx()
1577 			  auth->curve->hash_len) < 0)  in dpp_auth_resp_rx()
1592 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_resp_rx()
1595 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx()
1602 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_resp_rx()
1608 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
1609 		dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");  in dpp_auth_resp_rx()
1613 	os_memcpy(auth->r_nonce, r_nonce, r_nonce_len);  in dpp_auth_resp_rx()
1617 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
1618 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_resp_rx()
1622 	if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {  in dpp_auth_resp_rx()
1623 		dpp_auth_fail(auth, "I-nonce mismatch");  in dpp_auth_resp_rx()
1627 	if (auth->own_bi) {  in dpp_auth_resp_rx()
1629 		if (dpp_auth_derive_l_initiator(auth) < 0)  in dpp_auth_resp_rx()
1637 		dpp_auth_fail(auth, "Missing or invalid R-capabilities");  in dpp_auth_resp_rx()
1640 	auth->r_capab = r_capab[0];  in dpp_auth_resp_rx()
1641 	wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);  in dpp_auth_resp_rx()
1642 	role = auth->r_capab & DPP_CAPAB_ROLE_MASK;  in dpp_auth_resp_rx()
1643 	if ((auth->allowed_roles ==  in dpp_auth_resp_rx()
1648 		auth->configurator = role == DPP_CAPAB_ENROLLEE;  in dpp_auth_resp_rx()
1650 			   auth->configurator ? "Configurator" : "Enrollee");  in dpp_auth_resp_rx()
1651 	} else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||  in dpp_auth_resp_rx()
1652 		   (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {  in dpp_auth_resp_rx()
1654 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL  in dpp_auth_resp_rx()
1661 		auth->remove_on_tx_status = 1;  in dpp_auth_resp_rx()
1662 		return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE);  in dpp_auth_resp_rx()
1668 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1676 	if (dpp_derive_bk_ke(auth) < 0)  in dpp_auth_resp_rx()
1683 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_resp_rx()
1686 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx()
1693 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1700 	if (!r_auth || r_auth_len != auth->curve->hash_len) {  in dpp_auth_resp_rx()
1701 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1707 	/* R-auth' = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */  in dpp_auth_resp_rx()
1708 	if (dpp_gen_r_auth(auth, r_auth2) < 0)  in dpp_auth_resp_rx()
1713 		dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag");  in dpp_auth_resp_rx()
1716 		auth->remove_on_tx_status = 1;  in dpp_auth_resp_rx()
1717 		return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE);  in dpp_auth_resp_rx()
1727 		if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_auth_resp_rx()
1729 		return wpabuf_dup(auth->resp_msg);  in dpp_auth_resp_rx()
1733 	return dpp_auth_build_conf(auth, DPP_STATUS_OK);  in dpp_auth_resp_rx()
1743 static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth,  in dpp_auth_conf_rx_failure()  argument
1771 		dpp_auth_fail(auth, "Authentication failed");  in dpp_auth_conf_rx_failure()
1774 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_conf_rx_failure()
1777 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_conf_rx_failure()
1784 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_conf_rx_failure()
1790 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_conf_rx_failure()
1791 		dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");  in dpp_auth_conf_rx_failure()
1794 	if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) {  in dpp_auth_conf_rx_failure()
1798 			    auth->r_nonce, r_nonce_len);  in dpp_auth_conf_rx_failure()
1799 		dpp_auth_fail(auth, "R-nonce mismatch");  in dpp_auth_conf_rx_failure()
1804 		dpp_auth_fail(auth, "Peer reported incompatible R-capab role");  in dpp_auth_conf_rx_failure()
1806 		dpp_auth_fail(auth, "Peer reported authentication failure)");  in dpp_auth_conf_rx_failure()
1814 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_conf_rx()  argument
1834 	if (auth->initiator || !auth->own_bi || !auth->waiting_auth_conf ||  in dpp_auth_conf_rx()
1835 	    auth->reconfig) {  in dpp_auth_conf_rx()
1838 			   auth->initiator, !!auth->own_bi,  in dpp_auth_conf_rx()
1839 			   auth->waiting_auth_conf);  in dpp_auth_conf_rx()
1840 		dpp_auth_fail(auth, "Unexpected Authentication Confirm");  in dpp_auth_conf_rx()
1844 	auth->waiting_auth_conf = 0;  in dpp_auth_conf_rx()
1849 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1862 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1868 	if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash,  in dpp_auth_conf_rx()
1872 			    auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);  in dpp_auth_conf_rx()
1873 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1883 			dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1890 		if (!auth->peer_bi ||  in dpp_auth_conf_rx()
1891 		    os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash,  in dpp_auth_conf_rx()
1893 			dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1897 	} else if (auth->peer_bi) {  in dpp_auth_conf_rx()
1900 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1908 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1915 		return dpp_auth_conf_rx_failure(auth, hdr, attr_start,  in dpp_auth_conf_rx()
1920 		dpp_auth_fail(auth, "Authentication failed");  in dpp_auth_conf_rx()
1936 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_conf_rx()
1939 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_conf_rx()
1946 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_conf_rx()
1952 	if (!i_auth || i_auth_len != auth->curve->hash_len) {  in dpp_auth_conf_rx()
1953 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1959 	/* I-auth' = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */  in dpp_auth_conf_rx()
1960 	if (dpp_gen_i_auth(auth, i_auth2) < 0)  in dpp_auth_conf_rx()
1965 		dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag");  in dpp_auth_conf_rx()
1970 	dpp_auth_success(auth);  in dpp_auth_conf_rx()