26 	/* The mandatory to support and the default NIST P-256 curve needs to
99 static int dpp_hash_vector(const struct dpp_curve_params *curve,  in dpp_hash_vector()  argument
103 	if (curve->hash_len == 32)  in dpp_hash_vector()
105 	if (curve->hash_len == 48)  in dpp_hash_vector()
107 	if (curve->hash_len == 64)  in dpp_hash_vector()
270 struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)  in dpp_gen_keypair()  argument
276 	key = crypto_ec_key_gen(curve->ike_group);  in dpp_gen_keypair()
284 struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,  in dpp_set_keypair()  argument
302 	*curve = dpp_get_curve_ike_group(group);  in dpp_set_keypair()
303 	if (!*curve) {  in dpp_set_keypair()
305 			   "DPP: Unsupported curve (group=%d) in pre-assigned key",  in dpp_set_keypair()
333 int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,  in dpp_keygen()  argument
341 	bi->curve = dpp_get_curve_name(curve);  in dpp_keygen()
342 	if (!bi->curve) {  in dpp_keygen()
343 		wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", curve);  in dpp_keygen()
348 		bi->pubkey = dpp_set_keypair(&bi->curve, privkey, privkey_len);  in dpp_keygen()
350 		bi->pubkey = dpp_gen_keypair(bi->curve);  in dpp_keygen()
446 	unsigned int hash_len = auth->curve->hash_len;  in dpp_derive_bk_ke()
447 	size_t nonce_len = auth->curve->nonce_len;  in dpp_derive_bk_ke()
591 	bi->curve = dpp_get_curve_ike_group(crypto_ec_key_group(key));  in dpp_get_subject_public_key()
592 	if (!bi->curve) {  in dpp_get_subject_public_key()
594 			   "DPP: Unsupported SubjectPublicKeyInfo curve: group %d",  in dpp_get_subject_public_key()
608 dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,  in dpp_parse_jws_prot_hdr()  argument
649 	if (os_strcmp(token->string, curve->jws_alg) != 0) {  in dpp_parse_jws_prot_hdr()
652 			   token->string, curve->jws_alg);  in dpp_parse_jws_prot_hdr()
730 	const struct dpp_curve_params *curve;  in dpp_process_signed_connector()  local
733 	curve = dpp_get_curve_ike_group(crypto_ec_key_group(csign_pub));  in dpp_process_signed_connector()
734 	if (!curve)  in dpp_process_signed_connector()
736 	wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv);  in dpp_process_signed_connector()
756 	kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len, &hash_func);  in dpp_process_signed_connector()
812 	hash = os_malloc(curve->hash_len);  in dpp_process_signed_connector()
833 						 hash, curve->hash_len,  in dpp_process_signed_connector()
897 	nonce_len = auth->curve->nonce_len;  in dpp_gen_r_auth()
956 	res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth);  in dpp_gen_r_auth()
959 			    auth->curve->hash_len);  in dpp_gen_r_auth()
980 	nonce_len = auth->curve->nonce_len;  in dpp_gen_i_auth()
1043 	res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth);  in dpp_gen_i_auth()
1046 			    auth->curve->hash_len);  in dpp_gen_i_auth()
1169 int dpp_derive_pmkid(const struct dpp_curve_params *curve,  in dpp_derive_pmkid()  argument
1422 dpp_pkex_get_role_elem(const struct dpp_curve_params *curve, int init)  in dpp_pkex_get_role_elem()  argument
1426 	switch (curve->ike_group) {  in dpp_pkex_get_role_elem()
1455 	return crypto_ec_key_set_pub(curve->ike_group, x, y, curve->prime_len);  in dpp_pkex_get_role_elem()
1460 dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, const u8 *mac_init,  in dpp_pkex_derive_Qi()  argument
1493 	if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)  in dpp_pkex_derive_Qi()
1497 			hash, curve->hash_len);  in dpp_pkex_derive_Qi()
1498 	Pi_key = dpp_pkex_get_role_elem(curve, 1);  in dpp_pkex_derive_Qi()
1503 	ec = crypto_ec_init(curve->ike_group);  in dpp_pkex_derive_Qi()
1509 	hash_bn = crypto_bignum_init_set(hash, curve->hash_len);  in dpp_pkex_derive_Qi()
1535 dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, const u8 *mac_resp,  in dpp_pkex_derive_Qr()  argument
1568 	if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)  in dpp_pkex_derive_Qr()
1572 			hash, curve->hash_len);  in dpp_pkex_derive_Qr()
1573 	Pr_key = dpp_pkex_get_role_elem(curve, 0);  in dpp_pkex_derive_Qr()
1578 	ec = crypto_ec_init(curve->ike_group);  in dpp_pkex_derive_Qr()
1584 	hash_bn = crypto_bignum_init_set(hash, curve->hash_len);  in dpp_pkex_derive_Qr()
1694 	const struct dpp_curve_params *curve;  in dpp_reconfig_derive_ke_responder()  local
1698 	own_key = dpp_set_keypair(&auth->curve, net_access_key,  in dpp_reconfig_derive_ke_responder()
1705 	peer_key = dpp_parse_jwk(peer_net_access_key, &curve);  in dpp_reconfig_derive_ke_responder()
1710 	if (auth->curve != curve) {  in dpp_reconfig_derive_ke_responder()
1713 			   auth->curve->name, curve->name);  in dpp_reconfig_derive_ke_responder()
1717 	auth->own_protocol_key = dpp_gen_keypair(curve);  in dpp_reconfig_derive_ke_responder()
1721 	if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {  in dpp_reconfig_derive_ke_responder()
1726 			auth->e_nonce, auth->curve->nonce_len);  in dpp_reconfig_derive_ke_responder()
1729 	ec = crypto_ec_init(curve->ike_group);  in dpp_reconfig_derive_ke_responder()
1746 	wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);  in dpp_reconfig_derive_ke_responder()
1751 	os_memcpy(nonces, auth->c_nonce, curve->nonce_len);  in dpp_reconfig_derive_ke_responder()
1752 	os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);  in dpp_reconfig_derive_ke_responder()
1753 	if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,  in dpp_reconfig_derive_ke_responder()
1754 		     Mx, curve->prime_len, prk) < 0)  in dpp_reconfig_derive_ke_responder()
1756 	wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);  in dpp_reconfig_derive_ke_responder()
1759 	if (dpp_hkdf_expand(curve->hash_len, prk, curve->hash_len,  in dpp_reconfig_derive_ke_responder()
1760 			    "dpp reconfig key", auth->ke, curve->hash_len) < 0)  in dpp_reconfig_derive_ke_responder()
1764 			auth->ke, curve->hash_len);  in dpp_reconfig_derive_ke_responder()
1796 	const struct dpp_curve_params *curve;  in dpp_reconfig_derive_ke_initiator()  local
1810 	peer_key = dpp_parse_jwk(net_access_key, &curve);  in dpp_reconfig_derive_ke_initiator()
1814 	if (auth->curve != curve) {  in dpp_reconfig_derive_ke_initiator()
1817 			   auth->curve->name, curve->name);  in dpp_reconfig_derive_ke_initiator()
1822 	ec = crypto_ec_init(curve->ike_group);  in dpp_reconfig_derive_ke_initiator()
1839 	wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);  in dpp_reconfig_derive_ke_initiator()
1844 	os_memcpy(nonces, auth->c_nonce, curve->nonce_len);  in dpp_reconfig_derive_ke_initiator()
1845 	os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);  in dpp_reconfig_derive_ke_initiator()
1846 	if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,  in dpp_reconfig_derive_ke_initiator()
1847 		     Mx, curve->prime_len, prk) < 0)  in dpp_reconfig_derive_ke_initiator()
1849 	wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);  in dpp_reconfig_derive_ke_initiator()
1852 	if (dpp_hkdf_expand(curve->hash_len, prk, curve->hash_len,  in dpp_reconfig_derive_ke_initiator()
1853 			    "dpp reconfig key", auth->ke, curve->hash_len) < 0)  in dpp_reconfig_derive_ke_initiator()
1857 			auth->ke, curve->hash_len);  in dpp_reconfig_derive_ke_initiator()
1889 	json_add_string(jws_prot_hdr, "alg", conf->curve->jws_alg);  in dpp_build_jws_prot_hdr()
1905 	const struct dpp_curve_params *curve;  in dpp_build_conn_signature()  local
1921 	curve = conf->curve;  in dpp_build_conn_signature()
1922 	hash = os_malloc(curve->hash_len);  in dpp_build_conn_signature()
1925 	if (curve->hash_len == SHA256_MAC_LEN) {  in dpp_build_conn_signature()
1927 	} else if (curve->hash_len == SHA384_MAC_LEN) {  in dpp_build_conn_signature()
1929 	} else if (curve->hash_len == SHA512_MAC_LEN) {  in dpp_build_conn_signature()
1940 		    hash, curve->hash_len);  in dpp_build_conn_signature()
1942 	sig = crypto_ec_key_sign_r_s(conf->csign, hash, curve->hash_len);  in dpp_build_conn_signature()
2012 	own_key = dpp_set_keypair(&pfs->curve, net_access_key,  in dpp_pfs_init()
2020 	pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group);  in dpp_pfs_init()
2025 	pub = wpabuf_zeropad(pub, pfs->curve->prime_len);  in dpp_pfs_init()
2035 	wpabuf_put_le16(pfs->ie, pfs->curve->ike_group);  in dpp_pfs_init()
2053 	if (WPA_GET_LE16(peer_ie) != pfs->curve->ike_group) {  in dpp_pfs_process()
2060 	pfs->secret = wpabuf_zeropad(pfs->secret, pfs->curve->prime_len);  in dpp_pfs_process()
2086 	unsigned int hash_len = auth->curve->hash_len;  in dpp_build_csr()
2161 	unsigned int hash_len = auth->curve->hash_len;  in dpp_validate_csr()
2404 	hash_len = auth->curve->hash_len;  in dpp_derive_auth_i()
2411 	 *                 len(new-curve-hash-out))  in dpp_derive_auth_i()
2415 	 * updated to use the new keys. The new curve determines the size of  in dpp_derive_auth_i()
2417 	 * algorithm, k) are determined based on the initially determined curve  in dpp_derive_auth_i()
2447 	len[0] = auth->curve->nonce_len;  in dpp_derive_auth_i()
2526 			     const struct dpp_curve_params *curve)  in dpp_test_gen_invalid_key()  argument
2534 	ec = crypto_ec_init(curve->ike_group);  in dpp_test_gen_invalid_key()
2535 	x = wpabuf_put(msg, curve->prime_len);  in dpp_test_gen_invalid_key()
2536 	y = wpabuf_put(msg, curve->prime_len);  in dpp_test_gen_invalid_key()
2542 	key = crypto_ec_key_gen(curve->ike_group);  in dpp_test_gen_invalid_key()
2552 	y[curve->prime_len - 1] ^= 0x01;  in dpp_test_gen_invalid_key()