29 static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex,  in dpp_pkex_build_exchange_req()  argument
37 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_build_exchange_req()
43 	Qi = dpp_pkex_derive_Qi(curve, v2 ? NULL : pkex->own_mac, pkex->code,  in dpp_pkex_build_exchange_req()
44 				pkex->code_len, pkex->identifier, &ec);  in dpp_pkex_build_exchange_req()
55 		pkex->x = dpp_set_keypair(&tmp_curve,  in dpp_pkex_build_exchange_req()
59 		pkex->x = dpp_gen_keypair(curve);  in dpp_pkex_build_exchange_req()
62 	pkex->x = dpp_gen_keypair(curve);  in dpp_pkex_build_exchange_req()
64 	if (!pkex->x)  in dpp_pkex_build_exchange_req()
68 	X = crypto_ec_key_get_public_key(pkex->x);  in dpp_pkex_build_exchange_req()
84 	if (pkex->identifier)  in dpp_pkex_build_exchange_req()
85 		attr_len += 4 + os_strlen(pkex->identifier);  in dpp_pkex_build_exchange_req()
118 	if (pkex->identifier) {  in dpp_pkex_build_exchange_req()
120 		wpabuf_put_le16(msg, os_strlen(pkex->identifier));  in dpp_pkex_build_exchange_req()
121 		wpabuf_put_str(msg, pkex->identifier);  in dpp_pkex_build_exchange_req()
148 	wpabuf_free(pkex->enc_key);  in dpp_pkex_build_exchange_req()
149 	pkex->enc_key = wpabuf_alloc_copy(Mx, 2 * curve->prime_len);  in dpp_pkex_build_exchange_req()
151 	os_memcpy(pkex->Mx, Mx, curve->prime_len);  in dpp_pkex_build_exchange_req()
167 static void dpp_pkex_fail(struct dpp_pkex *pkex, const char *txt)  in dpp_pkex_fail()  argument
169 	wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt);  in dpp_pkex_fail()
178 	struct dpp_pkex *pkex;  in dpp_pkex_init()  local
188 	pkex = os_zalloc(sizeof(*pkex));  in dpp_pkex_init()
189 	if (!pkex)  in dpp_pkex_init()
191 	pkex->msg_ctx = msg_ctx;  in dpp_pkex_init()
192 	pkex->initiator = 1;  in dpp_pkex_init()
193 	pkex->v2 = v2;  in dpp_pkex_init()
194 	pkex->own_bi = bi;  in dpp_pkex_init()
195 	os_memcpy(pkex->own_mac, own_mac, ETH_ALEN);  in dpp_pkex_init()
197 		pkex->identifier = os_strdup(identifier);  in dpp_pkex_init()
198 		if (!pkex->identifier)  in dpp_pkex_init()
201 	pkex->code = os_memdup(code, code_len);  in dpp_pkex_init()
202 	if (!pkex->code)  in dpp_pkex_init()
204 	pkex->code_len = code_len;  in dpp_pkex_init()
205 	pkex->exchange_req = dpp_pkex_build_exchange_req(pkex, v2);  in dpp_pkex_init()
206 	if (!pkex->exchange_req)  in dpp_pkex_init()
208 	return pkex;  in dpp_pkex_init()
210 	dpp_pkex_free(pkex);  in dpp_pkex_init()
216 dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,  in dpp_pkex_build_exchange_resp()  argument
222 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_build_exchange_resp()
228 	if (pkex->v2)  in dpp_pkex_build_exchange_resp()
231 	if (pkex->identifier)  in dpp_pkex_build_exchange_resp()
232 		attr_len += 4 + os_strlen(pkex->identifier);  in dpp_pkex_build_exchange_resp()
258 	if (pkex->v2) {  in dpp_pkex_build_exchange_resp()
267 	if (pkex->identifier) {  in dpp_pkex_build_exchange_resp()
269 		wpabuf_put_le16(msg, os_strlen(pkex->identifier));  in dpp_pkex_build_exchange_resp()
270 		wpabuf_put_str(msg, pkex->identifier);  in dpp_pkex_build_exchange_resp()
298 	os_memcpy(pkex->Nx, Nx, curve->prime_len);  in dpp_pkex_build_exchange_resp()
353 	struct dpp_pkex *pkex = NULL;  in dpp_pkex_rx_exchange_req()  local
418 		pkex = os_zalloc(sizeof(*pkex));  in dpp_pkex_rx_exchange_req()
419 		if (!pkex)  in dpp_pkex_rx_exchange_req()
421 		pkex->v2 = v2;  in dpp_pkex_rx_exchange_req()
422 		pkex->peer_version = peer_version;  in dpp_pkex_rx_exchange_req()
423 		pkex->own_bi = bi;  in dpp_pkex_rx_exchange_req()
424 		pkex->failed = 1;  in dpp_pkex_rx_exchange_req()
425 		pkex->exchange_resp = dpp_pkex_build_exchange_resp(  in dpp_pkex_rx_exchange_req()
426 			pkex, DPP_STATUS_BAD_GROUP, NULL, NULL);  in dpp_pkex_rx_exchange_req()
427 		if (!pkex->exchange_resp)  in dpp_pkex_rx_exchange_req()
429 		return pkex;  in dpp_pkex_rx_exchange_req()
466 	pkex = os_zalloc(sizeof(*pkex));  in dpp_pkex_rx_exchange_req()
467 	if (!pkex)  in dpp_pkex_rx_exchange_req()
469 	pkex->v2 = v2;  in dpp_pkex_rx_exchange_req()
470 	pkex->peer_version = peer_version;  in dpp_pkex_rx_exchange_req()
471 	pkex->t = bi->pkex_t;  in dpp_pkex_rx_exchange_req()
472 	pkex->msg_ctx = msg_ctx;  in dpp_pkex_rx_exchange_req()
473 	pkex->own_bi = bi;  in dpp_pkex_rx_exchange_req()
475 		os_memcpy(pkex->own_mac, own_mac, ETH_ALEN);  in dpp_pkex_rx_exchange_req()
477 		os_memcpy(pkex->peer_mac, peer_mac, ETH_ALEN);  in dpp_pkex_rx_exchange_req()
479 		pkex->identifier = os_strdup(identifier);  in dpp_pkex_rx_exchange_req()
480 		if (!pkex->identifier)  in dpp_pkex_rx_exchange_req()
483 	pkex->code = os_memdup(code, code_len);  in dpp_pkex_rx_exchange_req()
484 	if (!pkex->code)  in dpp_pkex_rx_exchange_req()
486 	pkex->code_len = code_len;  in dpp_pkex_rx_exchange_req()
488 	os_memcpy(pkex->Mx, attr_key, attr_key_len / 2);  in dpp_pkex_rx_exchange_req()
496 	pkex->x = crypto_ec_key_set_pub(curve->ike_group, x_coord,  in dpp_pkex_rx_exchange_req()
498 	if (!pkex->x)  in dpp_pkex_rx_exchange_req()
514 		pkex->y = dpp_set_keypair(&tmp_curve,  in dpp_pkex_rx_exchange_req()
518 		pkex->y = dpp_gen_keypair(curve);  in dpp_pkex_rx_exchange_req()
521 	pkex->y = dpp_gen_keypair(curve);  in dpp_pkex_rx_exchange_req()
523 	if (!pkex->y)  in dpp_pkex_rx_exchange_req()
527 	Y = crypto_ec_key_get_public_key(pkex->y);  in dpp_pkex_rx_exchange_req()
539 	pkex->exchange_resp = dpp_pkex_build_exchange_resp(pkex, DPP_STATUS_OK,  in dpp_pkex_rx_exchange_req()
541 	if (!pkex->exchange_resp)  in dpp_pkex_rx_exchange_req()
545 	if (dpp_ecdh(pkex->y, pkex->x, Kx, &Kx_len) < 0)  in dpp_pkex_rx_exchange_req()
552 	res = dpp_pkex_derive_z(pkex->v2 ? NULL : pkex->peer_mac,  in dpp_pkex_rx_exchange_req()
553 				pkex->v2 ? NULL : pkex->own_mac,  in dpp_pkex_rx_exchange_req()
554 				pkex->peer_version, DPP_VERSION,  in dpp_pkex_rx_exchange_req()
555 				pkex->Mx, curve->prime_len,  in dpp_pkex_rx_exchange_req()
556 				pkex->Nx, curve->prime_len, pkex->code,  in dpp_pkex_rx_exchange_req()
557 				pkex->code_len,	Kx, Kx_len, pkex->z,  in dpp_pkex_rx_exchange_req()
563 	pkex->exchange_done = 1;  in dpp_pkex_rx_exchange_req()
575 	return pkex;  in dpp_pkex_rx_exchange_req()
578 	dpp_pkex_free(pkex);  in dpp_pkex_rx_exchange_req()
579 	pkex = NULL;  in dpp_pkex_rx_exchange_req()
585 dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,  in dpp_pkex_build_commit_reveal_req()  argument
588 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_build_commit_reveal_req()
671 	if (aes_siv_encrypt(pkex->z, curve->hash_len,  in dpp_pkex_build_commit_reveal_req()
697 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,  in dpp_pkex_rx_exchange_resp()  argument
705 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_rx_exchange_resp()
716 	if (pkex->failed || pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator)  in dpp_pkex_rx_exchange_resp()
723 		pkex->failed = 1;  in dpp_pkex_rx_exchange_resp()
735 	if (pkex->v2) {  in dpp_pkex_rx_exchange_resp()
742 		dpp_pkex_fail(pkex,  in dpp_pkex_rx_exchange_resp()
746 		pkex->peer_version = version[0];  in dpp_pkex_rx_exchange_resp()
748 			   pkex->peer_version);  in dpp_pkex_rx_exchange_resp()
753 		os_memcpy(pkex->peer_mac, peer_mac, ETH_ALEN);  in dpp_pkex_rx_exchange_resp()
758 		dpp_pkex_fail(pkex, "No DPP Status attribute");  in dpp_pkex_rx_exchange_resp()
768 			wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL  in dpp_pkex_rx_exchange_resp()
776 		dpp_pkex_fail(pkex, "PKEX failed (peer indicated failure)");  in dpp_pkex_rx_exchange_resp()
784 				       pkex->identifier)) {  in dpp_pkex_rx_exchange_resp()
785 		dpp_pkex_fail(pkex, "PKEX code identifier mismatch");  in dpp_pkex_rx_exchange_resp()
793 		dpp_pkex_fail(pkex, "Missing Encrypted Key attribute");  in dpp_pkex_rx_exchange_resp()
798 	Qr = dpp_pkex_derive_Qr(curve, pkex->v2 ? NULL : pkex->peer_mac,  in dpp_pkex_rx_exchange_resp()
799 				pkex->code, pkex->code_len, pkex->identifier,  in dpp_pkex_rx_exchange_resp()
814 		dpp_pkex_fail(pkex, "Invalid Encrypted Key value");  in dpp_pkex_rx_exchange_resp()
815 		pkex->t++;  in dpp_pkex_rx_exchange_resp()
821 	pkex->exchange_done = 1;  in dpp_pkex_rx_exchange_resp()
829 	pkex->y = crypto_ec_key_set_pub(curve->ike_group, x_coord, y_coord,  in dpp_pkex_rx_exchange_resp()
831 	if (!pkex->y)  in dpp_pkex_rx_exchange_resp()
833 	if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0)  in dpp_pkex_rx_exchange_resp()
840 	A_pub = crypto_ec_key_get_pubkey_point(pkex->own_bi->pubkey, 0);  in dpp_pkex_rx_exchange_resp()
841 	Y_pub = crypto_ec_key_get_pubkey_point(pkex->y, 0);  in dpp_pkex_rx_exchange_resp()
842 	X_pub = crypto_ec_key_get_pubkey_point(pkex->x, 0);  in dpp_pkex_rx_exchange_resp()
846 	if (!pkex->v2) {  in dpp_pkex_rx_exchange_resp()
847 		addr[num_elem] = pkex->own_mac;  in dpp_pkex_rx_exchange_resp()
866 	if (dpp_ecdh(pkex->x, pkex->y, Kx, &Kx_len) < 0)  in dpp_pkex_rx_exchange_resp()
873 	res = dpp_pkex_derive_z(pkex->v2 ? NULL : pkex->own_mac,  in dpp_pkex_rx_exchange_resp()
874 				pkex->v2 ? NULL : pkex->peer_mac,  in dpp_pkex_rx_exchange_resp()
875 				DPP_VERSION, pkex->peer_version,  in dpp_pkex_rx_exchange_resp()
876 				pkex->Mx, curve->prime_len,  in dpp_pkex_rx_exchange_resp()
878 				pkex->code, pkex->code_len, Kx, Kx_len,  in dpp_pkex_rx_exchange_resp()
879 				pkex->z, curve->hash_len);  in dpp_pkex_rx_exchange_resp()
884 	msg = dpp_pkex_build_commit_reveal_req(pkex, A_pub, u);  in dpp_pkex_rx_exchange_resp()
906 dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,  in dpp_pkex_build_commit_reveal_resp()  argument
909 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_build_commit_reveal_resp()
992 	if (aes_siv_encrypt(pkex->z, curve->hash_len,  in dpp_pkex_build_commit_reveal_resp()
1018 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,  in dpp_pkex_rx_commit_reveal_req()  argument
1022 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_rx_commit_reveal_req()
1042 		pkex->failed = 1;  in dpp_pkex_rx_commit_reveal_req()
1047 	if (!pkex->exchange_done || pkex->failed ||  in dpp_pkex_rx_commit_reveal_req()
1048 	    pkex->t >= PKEX_COUNTER_T_LIMIT || pkex->initiator)  in dpp_pkex_rx_commit_reveal_req()
1054 		dpp_pkex_fail(pkex,  in dpp_pkex_rx_commit_reveal_req()
1074 	if (aes_siv_decrypt(pkex->z, curve->hash_len,  in dpp_pkex_rx_commit_reveal_req()
1077 		dpp_pkex_fail(pkex,  in dpp_pkex_rx_commit_reveal_req()
1079 		pkex->failed = 1;  in dpp_pkex_rx_commit_reveal_req()
1080 		pkex->t++;  in dpp_pkex_rx_commit_reveal_req()
1087 		dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data");  in dpp_pkex_rx_commit_reveal_req()
1094 		dpp_pkex_fail(pkex, "No valid peer bootstrapping key found");  in dpp_pkex_rx_commit_reveal_req()
1097 	pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key,  in dpp_pkex_rx_commit_reveal_req()
1099 	if (!pkex->peer_bootstrap_key) {  in dpp_pkex_rx_commit_reveal_req()
1100 		dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid");  in dpp_pkex_rx_commit_reveal_req()
1104 			    pkex->peer_bootstrap_key);  in dpp_pkex_rx_commit_reveal_req()
1107 	if (dpp_ecdh(pkex->y, pkex->peer_bootstrap_key, Jx, &Jx_len) < 0)  in dpp_pkex_rx_commit_reveal_req()
1114 	A_pub = crypto_ec_key_get_pubkey_point(pkex->peer_bootstrap_key, 0);  in dpp_pkex_rx_commit_reveal_req()
1115 	Y_pub = crypto_ec_key_get_pubkey_point(pkex->y, 0);  in dpp_pkex_rx_commit_reveal_req()
1116 	X_pub = crypto_ec_key_get_pubkey_point(pkex->x, 0);  in dpp_pkex_rx_commit_reveal_req()
1120 	if (!pkex->v2) {  in dpp_pkex_rx_commit_reveal_req()
1121 		addr[num_elem] = pkex->peer_mac;  in dpp_pkex_rx_commit_reveal_req()
1142 		dpp_pkex_fail(pkex, "No valid u (I-Auth tag) found");  in dpp_pkex_rx_commit_reveal_req()
1146 		pkex->t++;  in dpp_pkex_rx_commit_reveal_req()
1152 	if (dpp_ecdh(pkex->own_bi->pubkey, pkex->x, Lx, &Lx_len) < 0)  in dpp_pkex_rx_commit_reveal_req()
1159 	B_pub = crypto_ec_key_get_pubkey_point(pkex->own_bi->pubkey, 0);  in dpp_pkex_rx_commit_reveal_req()
1163 	if (!pkex->v2) {  in dpp_pkex_rx_commit_reveal_req()
1164 		addr[num_elem] = pkex->own_mac;  in dpp_pkex_rx_commit_reveal_req()
1182 	msg = dpp_pkex_build_commit_reveal_resp(pkex, B_pub, v);  in dpp_pkex_rx_commit_reveal_req()
1200 int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,  in dpp_pkex_rx_commit_reveal_resp()  argument
1203 	const struct dpp_curve_params *curve = pkex->own_bi->curve;  in dpp_pkex_rx_commit_reveal_resp()
1222 		pkex->failed = 1;  in dpp_pkex_rx_commit_reveal_resp()
1227 	if (!pkex->exchange_done || pkex->failed ||  in dpp_pkex_rx_commit_reveal_resp()
1228 	    pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator)  in dpp_pkex_rx_commit_reveal_resp()
1234 		dpp_pkex_fail(pkex,  in dpp_pkex_rx_commit_reveal_resp()
1254 	if (aes_siv_decrypt(pkex->z, curve->hash_len,  in dpp_pkex_rx_commit_reveal_resp()
1257 		dpp_pkex_fail(pkex,  in dpp_pkex_rx_commit_reveal_resp()
1259 		pkex->t++;  in dpp_pkex_rx_commit_reveal_resp()
1266 		dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data");  in dpp_pkex_rx_commit_reveal_resp()
1273 		dpp_pkex_fail(pkex, "No valid peer bootstrapping key found");  in dpp_pkex_rx_commit_reveal_resp()
1276 	pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key,  in dpp_pkex_rx_commit_reveal_resp()
1278 	if (!pkex->peer_bootstrap_key) {  in dpp_pkex_rx_commit_reveal_resp()
1279 		dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid");  in dpp_pkex_rx_commit_reveal_resp()
1283 			    pkex->peer_bootstrap_key);  in dpp_pkex_rx_commit_reveal_resp()
1286 	if (dpp_ecdh(pkex->x, pkex->peer_bootstrap_key, Lx, &Lx_len) < 0)  in dpp_pkex_rx_commit_reveal_resp()
1293 	B_pub = crypto_ec_key_get_pubkey_point(pkex->peer_bootstrap_key, 0);  in dpp_pkex_rx_commit_reveal_resp()
1294 	X_pub = crypto_ec_key_get_pubkey_point(pkex->x, 0);  in dpp_pkex_rx_commit_reveal_resp()
1295 	Y_pub = crypto_ec_key_get_pubkey_point(pkex->y, 0);  in dpp_pkex_rx_commit_reveal_resp()
1299 	if (!pkex->v2) {  in dpp_pkex_rx_commit_reveal_resp()
1300 		addr[num_elem] = pkex->peer_mac;  in dpp_pkex_rx_commit_reveal_resp()
1321 		dpp_pkex_fail(pkex, "No valid v (R-Auth tag) found");  in dpp_pkex_rx_commit_reveal_resp()
1325 		pkex->t++;  in dpp_pkex_rx_commit_reveal_resp()
1343 dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer,  in dpp_pkex_finish()  argument
1359 	bi->curve = pkex->own_bi->curve;  in dpp_pkex_finish()
1360 	bi->pubkey = pkex->peer_bootstrap_key;  in dpp_pkex_finish()
1361 	pkex->peer_bootstrap_key = NULL;  in dpp_pkex_finish()
1366 	os_memcpy(pkex->own_bi->peer_pubkey_hash, bi->pubkey_hash,  in dpp_pkex_finish()
1368 	dpp_pkex_free(pkex);  in dpp_pkex_finish()
1374 void dpp_pkex_free(struct dpp_pkex *pkex)  in dpp_pkex_free()  argument
1376 	if (!pkex)  in dpp_pkex_free()
1379 	os_free(pkex->identifier);  in dpp_pkex_free()
1380 	os_free(pkex->code);  in dpp_pkex_free()
1381 	crypto_ec_key_deinit(pkex->x);  in dpp_pkex_free()
1382 	crypto_ec_key_deinit(pkex->y);  in dpp_pkex_free()
1383 	crypto_ec_key_deinit(pkex->peer_bootstrap_key);  in dpp_pkex_free()
1384 	wpabuf_free(pkex->exchange_req);  in dpp_pkex_free()
1385 	wpabuf_free(pkex->exchange_resp);  in dpp_pkex_free()
1386 	wpabuf_free(pkex->enc_key);  in dpp_pkex_free()
1387 	os_free(pkex);  in dpp_pkex_free()