130 static struct wpabuf * dpp_reconfig_build_req(struct dpp_authentication *auth)  in dpp_reconfig_build_req()  argument
137 	attr_len = 4 + 1 + 4 + 1 + 4 + os_strlen(auth->conf->connector) +  in dpp_reconfig_build_req()
138 		4 + auth->curve->nonce_len;  in dpp_reconfig_build_req()
146 	wpabuf_put_u8(msg, auth->transaction_id);  in dpp_reconfig_build_req()
170 	wpabuf_put_le16(msg, os_strlen(auth->conf->connector));  in dpp_reconfig_build_req()
171 	wpabuf_put_str(msg, auth->conf->connector);  in dpp_reconfig_build_req()
175 	wpabuf_put_le16(msg, auth->curve->nonce_len);  in dpp_reconfig_build_req()
176 	wpabuf_put_data(msg, auth->c_nonce, auth->curve->nonce_len);  in dpp_reconfig_build_req()
243 	struct dpp_authentication *auth;  in dpp_reconfig_init()  local
292 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_reconfig_init()
293 	if (!auth)  in dpp_reconfig_init()
296 	auth->conf = conf;  in dpp_reconfig_init()
297 	auth->reconfig = 1;  in dpp_reconfig_init()
298 	auth->initiator = 1;  in dpp_reconfig_init()
299 	auth->waiting_auth_resp = 1;  in dpp_reconfig_init()
300 	auth->allowed_roles = DPP_CAPAB_CONFIGURATOR;  in dpp_reconfig_init()
301 	auth->configurator = 1;  in dpp_reconfig_init()
302 	auth->curve = curve;  in dpp_reconfig_init()
303 	auth->transaction_id = 1;  in dpp_reconfig_init()
304 	if (freq && dpp_prepare_channel_list(auth, freq, NULL, 0) < 0)  in dpp_reconfig_init()
310 	if (random_get_bytes(auth->c_nonce, auth->curve->nonce_len)) {  in dpp_reconfig_init()
315 	auth->reconfig_req_msg = dpp_reconfig_build_req(auth);  in dpp_reconfig_init()
316 	if (!auth->reconfig_req_msg)  in dpp_reconfig_init()
320 	return auth;  in dpp_reconfig_init()
322 	dpp_auth_deinit(auth);  in dpp_reconfig_init()
323 	auth = NULL;  in dpp_reconfig_init()
328 static int dpp_reconfig_build_resp(struct dpp_authentication *auth,  in dpp_reconfig_build_resp()  argument
340 	clear_len = 4 + auth->curve->nonce_len +  in dpp_reconfig_build_resp()
348 	wpabuf_put_le16(clear, auth->curve->nonce_len);  in dpp_reconfig_build_resp()
349 	wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len);  in dpp_reconfig_build_resp()
356 	pr = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);  in dpp_reconfig_build_resp()
362 		4 + auth->curve->nonce_len +  in dpp_reconfig_build_resp()
374 	wpabuf_put_u8(msg, auth->transaction_id);  in dpp_reconfig_build_resp()
388 	wpabuf_put_le16(msg, auth->curve->nonce_len);  in dpp_reconfig_build_resp()
389 	wpabuf_put_data(msg, auth->e_nonce, auth->curve->nonce_len);  in dpp_reconfig_build_resp()
414 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_reconfig_build_resp()
423 	wpabuf_free(auth->reconfig_resp_msg);  in dpp_reconfig_build_resp()
424 	auth->reconfig_resp_msg = msg;  in dpp_reconfig_build_resp()
445 	struct dpp_authentication *auth = NULL;  in dpp_reconfig_auth_req_rx()  local
520 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_reconfig_auth_req_rx()
521 	if (!auth)  in dpp_reconfig_auth_req_rx()
524 	auth->reconfig = 1;  in dpp_reconfig_auth_req_rx()
525 	auth->allowed_roles = DPP_CAPAB_ENROLLEE;  in dpp_reconfig_auth_req_rx()
526 	if (dpp_prepare_channel_list(auth, freq, NULL, 0) < 0)  in dpp_reconfig_auth_req_rx()
529 	auth->transaction_id = trans_id[0];  in dpp_reconfig_auth_req_rx()
531 	auth->peer_version = version[0];  in dpp_reconfig_auth_req_rx()
533 		   auth->peer_version);  in dpp_reconfig_auth_req_rx()
535 	os_memcpy(auth->c_nonce, c_nonce, c_nonce_len);  in dpp_reconfig_auth_req_rx()
537 	if (dpp_reconfig_derive_ke_responder(auth, net_access_key,  in dpp_reconfig_auth_req_rx()
541 	if (c_nonce_len != auth->curve->nonce_len) {  in dpp_reconfig_auth_req_rx()
544 			   c_nonce_len, auth->curve->nonce_len);  in dpp_reconfig_auth_req_rx()
555 	if (dpp_reconfig_build_resp(auth, own_connector, conn_status) < 0)  in dpp_reconfig_auth_req_rx()
564 	return auth;  in dpp_reconfig_auth_req_rx()
566 	dpp_auth_deinit(auth);  in dpp_reconfig_auth_req_rx()
567 	auth = NULL;  in dpp_reconfig_auth_req_rx()
573 dpp_reconfig_build_conf(struct dpp_authentication *auth)  in dpp_reconfig_build_conf()  argument
583 	clear_len = 4 + 1 + 4 + 1 + 2 * (4 + auth->curve->nonce_len) +  in dpp_reconfig_build_conf()
592 	wpabuf_put_u8(clear, auth->transaction_id);  in dpp_reconfig_build_conf()
597 	wpabuf_put_u8(clear, auth->peer_version);  in dpp_reconfig_build_conf()
601 	wpabuf_put_le16(clear, auth->curve->nonce_len);  in dpp_reconfig_build_conf()
602 	wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len);  in dpp_reconfig_build_conf()
606 	wpabuf_put_le16(clear, auth->curve->nonce_len);  in dpp_reconfig_build_conf()
607 	wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len);  in dpp_reconfig_build_conf()
644 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_reconfig_build_conf()
664 dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_reconfig_auth_resp_rx()  argument
683 	if (!auth->reconfig || !auth->configurator)  in dpp_reconfig_auth_resp_rx()
689 		dpp_auth_fail(auth,  in dpp_reconfig_auth_resp_rx()
700 		dpp_auth_fail(auth, "Peer did not include Transaction ID");  in dpp_reconfig_auth_resp_rx()
703 	if (trans_id[0] != auth->transaction_id) {  in dpp_reconfig_auth_resp_rx()
704 		dpp_auth_fail(auth, "Transaction ID mismatch");  in dpp_reconfig_auth_resp_rx()
711 		dpp_auth_fail(auth,  in dpp_reconfig_auth_resp_rx()
715 	auth->peer_version = version[0];  in dpp_reconfig_auth_resp_rx()
717 		   auth->peer_version);  in dpp_reconfig_auth_resp_rx()
722 		dpp_auth_fail(auth, " Missing R-Connector attribute");  in dpp_reconfig_auth_resp_rx()
730 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {  in dpp_reconfig_auth_resp_rx()
731 		dpp_auth_fail(auth, "Missing or invalid E-nonce");  in dpp_reconfig_auth_resp_rx()
735 	os_memcpy(auth->e_nonce, e_nonce, e_nonce_len);  in dpp_reconfig_auth_resp_rx()
740 		dpp_auth_fail(auth,  in dpp_reconfig_auth_resp_rx()
753 	res = dpp_process_signed_connector(&info, auth->conf->csign,  in dpp_reconfig_auth_resp_rx()
756 		dpp_auth_fail(auth, "Invalid R-Connector");  in dpp_reconfig_auth_resp_rx()
762 		dpp_auth_fail(auth, "Invalid Connector payload");  in dpp_reconfig_auth_resp_rx()
771 		dpp_auth_fail(auth, "No netAccessKey object found");  in dpp_reconfig_auth_resp_rx()
775 	if (dpp_reconfig_derive_ke_initiator(auth, r_proto, r_proto_len,  in dpp_reconfig_auth_resp_rx()
791 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_reconfig_auth_resp_rx()
794 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_reconfig_auth_resp_rx()
801 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_reconfig_auth_resp_rx()
807 	if (!c_nonce || c_nonce_len != auth->curve->nonce_len ||  in dpp_reconfig_auth_resp_rx()
808 	    os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) {  in dpp_reconfig_auth_resp_rx()
809 		dpp_auth_fail(auth, "Missing or invalid C-nonce");  in dpp_reconfig_auth_resp_rx()
817 		dpp_auth_fail(auth, "Missing Connection Status attribute");  in dpp_reconfig_auth_resp_rx()
826 		dpp_auth_fail(auth, "Could not parse connStatus");  in dpp_reconfig_auth_resp_rx()
831 	conf = dpp_reconfig_build_conf(auth);  in dpp_reconfig_auth_resp_rx()
833 		auth->reconfig_success = true;  in dpp_reconfig_auth_resp_rx()
849 int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_reconfig_auth_conf_rx()  argument
863 	if (!auth->reconfig || auth->configurator)  in dpp_reconfig_auth_conf_rx()
869 		dpp_auth_fail(auth,  in dpp_reconfig_auth_conf_rx()
880 		dpp_auth_fail(auth,  in dpp_reconfig_auth_conf_rx()
886 		dpp_auth_fail(auth,  in dpp_reconfig_auth_conf_rx()
903 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_reconfig_auth_conf_rx()
906 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_reconfig_auth_conf_rx()
913 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_reconfig_auth_conf_rx()
920 	    trans_id[0] != auth->transaction_id) {  in dpp_reconfig_auth_conf_rx()
921 		dpp_auth_fail(auth,  in dpp_reconfig_auth_conf_rx()
929 		dpp_auth_fail(auth,  in dpp_reconfig_auth_conf_rx()
936 	if (!c_nonce || c_nonce_len != auth->curve->nonce_len ||  in dpp_reconfig_auth_conf_rx()
937 	    os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) {  in dpp_reconfig_auth_conf_rx()
938 		dpp_auth_fail(auth, "Missing or invalid C-nonce");  in dpp_reconfig_auth_conf_rx()
945 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len ||  in dpp_reconfig_auth_conf_rx()
946 	    os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {  in dpp_reconfig_auth_conf_rx()
947 		dpp_auth_fail(auth, "Missing or invalid E-nonce");  in dpp_reconfig_auth_conf_rx()
956 		dpp_auth_fail(auth, "Missing or invalid Reconfig-Flags");  in dpp_reconfig_auth_conf_rx()
961 	auth->reconfig_connector_key = flags;  in dpp_reconfig_auth_conf_rx()
963 	auth->reconfig_success = true;  in dpp_reconfig_auth_conf_rx()