185732ac8SCy Schubert /* 285732ac8SCy Schubert * DPP functionality shared between hostapd and wpa_supplicant 385732ac8SCy Schubert * Copyright (c) 2017, Qualcomm Atheros, Inc. 4c1d255d3SCy Schubert * Copyright (c) 2018-2020, The Linux Foundation 5*a90b9d01SCy Schubert * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. 685732ac8SCy Schubert * 785732ac8SCy Schubert * This software may be distributed under the terms of the BSD license. 885732ac8SCy Schubert * See README for more details. 985732ac8SCy Schubert */ 1085732ac8SCy Schubert 1185732ac8SCy Schubert #ifndef DPP_H 1285732ac8SCy Schubert #define DPP_H 1385732ac8SCy Schubert 144bc52338SCy Schubert #ifdef CONFIG_DPP 1585732ac8SCy Schubert #include "utils/list.h" 1685732ac8SCy Schubert #include "common/wpa_common.h" 1785732ac8SCy Schubert #include "crypto/sha256.h" 184b72b91aSCy Schubert #include "crypto/crypto.h" 1985732ac8SCy Schubert 20206b73d0SCy Schubert struct hostapd_ip_addr; 214bc52338SCy Schubert struct dpp_global; 22c1d255d3SCy Schubert struct json_token; 23c1d255d3SCy Schubert struct dpp_reconfig_id; 24c1d255d3SCy Schubert 25c1d255d3SCy Schubert #ifdef CONFIG_TESTING_OPTIONS 26c1d255d3SCy Schubert #define DPP_VERSION (dpp_version_override) 27c1d255d3SCy Schubert extern int dpp_version_override; 28c1d255d3SCy Schubert #else /* CONFIG_TESTING_OPTIONS */ 2932a95656SCy Schubert #ifdef CONFIG_DPP3 3032a95656SCy Schubert #define DPP_VERSION 3 3132a95656SCy Schubert #elif defined(CONFIG_DPP2) 32c1d255d3SCy Schubert #define DPP_VERSION 2 33c1d255d3SCy Schubert #else 34c1d255d3SCy Schubert #define DPP_VERSION 1 35c1d255d3SCy Schubert #endif 36c1d255d3SCy Schubert #endif /* CONFIG_TESTING_OPTIONS */ 374bc52338SCy Schubert 3885732ac8SCy Schubert #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */ 39c1d255d3SCy Schubert #define DPP_TCP_PORT 8908 4085732ac8SCy Schubert 4185732ac8SCy Schubert enum dpp_public_action_frame_type { 4285732ac8SCy Schubert DPP_PA_AUTHENTICATION_REQ = 0, 4385732ac8SCy Schubert DPP_PA_AUTHENTICATION_RESP = 1, 4485732ac8SCy Schubert DPP_PA_AUTHENTICATION_CONF = 2, 4585732ac8SCy Schubert DPP_PA_PEER_DISCOVERY_REQ = 5, 4685732ac8SCy Schubert DPP_PA_PEER_DISCOVERY_RESP = 6, 4732a95656SCy Schubert DPP_PA_PKEX_V1_EXCHANGE_REQ = 7, 4885732ac8SCy Schubert DPP_PA_PKEX_EXCHANGE_RESP = 8, 4985732ac8SCy Schubert DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9, 5085732ac8SCy Schubert DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10, 514bc52338SCy Schubert DPP_PA_CONFIGURATION_RESULT = 11, 52c1d255d3SCy Schubert DPP_PA_CONNECTION_STATUS_RESULT = 12, 53c1d255d3SCy Schubert DPP_PA_PRESENCE_ANNOUNCEMENT = 13, 54c1d255d3SCy Schubert DPP_PA_RECONFIG_ANNOUNCEMENT = 14, 55c1d255d3SCy Schubert DPP_PA_RECONFIG_AUTH_REQ = 15, 56c1d255d3SCy Schubert DPP_PA_RECONFIG_AUTH_RESP = 16, 57c1d255d3SCy Schubert DPP_PA_RECONFIG_AUTH_CONF = 17, 5832a95656SCy Schubert DPP_PA_PKEX_EXCHANGE_REQ = 18, 59*a90b9d01SCy Schubert DPP_PA_PB_PRESENCE_ANNOUNCEMENT = 19, 60*a90b9d01SCy Schubert DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP = 20, 61*a90b9d01SCy Schubert DPP_PA_PRIV_PEER_INTRO_QUERY = 21, 62*a90b9d01SCy Schubert DPP_PA_PRIV_PEER_INTRO_NOTIFY = 22, 63*a90b9d01SCy Schubert DPP_PA_PRIV_PEER_INTRO_UPDATE = 23, 6485732ac8SCy Schubert }; 6585732ac8SCy Schubert 6685732ac8SCy Schubert enum dpp_attribute_id { 6785732ac8SCy Schubert DPP_ATTR_STATUS = 0x1000, 6885732ac8SCy Schubert DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001, 6985732ac8SCy Schubert DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002, 7085732ac8SCy Schubert DPP_ATTR_I_PROTOCOL_KEY = 0x1003, 7185732ac8SCy Schubert DPP_ATTR_WRAPPED_DATA = 0x1004, 7285732ac8SCy Schubert DPP_ATTR_I_NONCE = 0x1005, 7385732ac8SCy Schubert DPP_ATTR_I_CAPABILITIES = 0x1006, 7485732ac8SCy Schubert DPP_ATTR_R_NONCE = 0x1007, 7585732ac8SCy Schubert DPP_ATTR_R_CAPABILITIES = 0x1008, 7685732ac8SCy Schubert DPP_ATTR_R_PROTOCOL_KEY = 0x1009, 7785732ac8SCy Schubert DPP_ATTR_I_AUTH_TAG = 0x100A, 7885732ac8SCy Schubert DPP_ATTR_R_AUTH_TAG = 0x100B, 7985732ac8SCy Schubert DPP_ATTR_CONFIG_OBJ = 0x100C, 8085732ac8SCy Schubert DPP_ATTR_CONNECTOR = 0x100D, 8185732ac8SCy Schubert DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E, 8285732ac8SCy Schubert DPP_ATTR_BOOTSTRAP_KEY = 0x100F, 8385732ac8SCy Schubert DPP_ATTR_OWN_NET_NK_HASH = 0x1011, 8485732ac8SCy Schubert DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012, 8585732ac8SCy Schubert DPP_ATTR_ENCRYPTED_KEY = 0x1013, 8685732ac8SCy Schubert DPP_ATTR_ENROLLEE_NONCE = 0x1014, 8785732ac8SCy Schubert DPP_ATTR_CODE_IDENTIFIER = 0x1015, 8885732ac8SCy Schubert DPP_ATTR_TRANSACTION_ID = 0x1016, 8985732ac8SCy Schubert DPP_ATTR_BOOTSTRAP_INFO = 0x1017, 9085732ac8SCy Schubert DPP_ATTR_CHANNEL = 0x1018, 914bc52338SCy Schubert DPP_ATTR_PROTOCOL_VERSION = 0x1019, 924bc52338SCy Schubert DPP_ATTR_ENVELOPED_DATA = 0x101A, 93c1d255d3SCy Schubert DPP_ATTR_SEND_CONN_STATUS = 0x101B, 94c1d255d3SCy Schubert DPP_ATTR_CONN_STATUS = 0x101C, 95c1d255d3SCy Schubert DPP_ATTR_RECONFIG_FLAGS = 0x101D, 96c1d255d3SCy Schubert DPP_ATTR_C_SIGN_KEY_HASH = 0x101E, 97c1d255d3SCy Schubert DPP_ATTR_CSR_ATTR_REQ = 0x101F, 98c1d255d3SCy Schubert DPP_ATTR_A_NONCE = 0x1020, 99c1d255d3SCy Schubert DPP_ATTR_E_PRIME_ID = 0x1021, 100c1d255d3SCy Schubert DPP_ATTR_CONFIGURATOR_NONCE = 0x1022, 10185732ac8SCy Schubert }; 10285732ac8SCy Schubert 10385732ac8SCy Schubert enum dpp_status_error { 10485732ac8SCy Schubert DPP_STATUS_OK = 0, 10585732ac8SCy Schubert DPP_STATUS_NOT_COMPATIBLE = 1, 10685732ac8SCy Schubert DPP_STATUS_AUTH_FAILURE = 2, 10785732ac8SCy Schubert DPP_STATUS_UNWRAP_FAILURE = 3, 10885732ac8SCy Schubert DPP_STATUS_BAD_GROUP = 4, 10985732ac8SCy Schubert DPP_STATUS_CONFIGURE_FAILURE = 5, 11085732ac8SCy Schubert DPP_STATUS_RESPONSE_PENDING = 6, 11185732ac8SCy Schubert DPP_STATUS_INVALID_CONNECTOR = 7, 11285732ac8SCy Schubert DPP_STATUS_NO_MATCH = 8, 1134bc52338SCy Schubert DPP_STATUS_CONFIG_REJECTED = 9, 114c1d255d3SCy Schubert DPP_STATUS_NO_AP = 10, 115c1d255d3SCy Schubert DPP_STATUS_CONFIGURE_PENDING = 11, 116c1d255d3SCy Schubert DPP_STATUS_CSR_NEEDED = 12, 117c1d255d3SCy Schubert DPP_STATUS_CSR_BAD = 13, 118*a90b9d01SCy Schubert DPP_STATUS_NEW_KEY_NEEDED = 14, 119c1d255d3SCy Schubert }; 120c1d255d3SCy Schubert 121c1d255d3SCy Schubert /* DPP Reconfig Flags object - connectorKey values */ 122c1d255d3SCy Schubert enum dpp_connector_key { 123c1d255d3SCy Schubert DPP_CONFIG_REUSEKEY = 0, 124c1d255d3SCy Schubert DPP_CONFIG_REPLACEKEY = 1, 12585732ac8SCy Schubert }; 12685732ac8SCy Schubert 12785732ac8SCy Schubert #define DPP_CAPAB_ENROLLEE BIT(0) 12885732ac8SCy Schubert #define DPP_CAPAB_CONFIGURATOR BIT(1) 12985732ac8SCy Schubert #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1)) 13085732ac8SCy Schubert 13185732ac8SCy Schubert #define DPP_BOOTSTRAP_MAX_FREQ 30 13285732ac8SCy Schubert #define DPP_MAX_NONCE_LEN 32 13385732ac8SCy Schubert #define DPP_MAX_HASH_LEN 64 13485732ac8SCy Schubert #define DPP_MAX_SHARED_SECRET_LEN 66 135c1d255d3SCy Schubert #define DPP_CP_LEN 64 13685732ac8SCy Schubert 13785732ac8SCy Schubert struct dpp_curve_params { 13885732ac8SCy Schubert const char *name; 13985732ac8SCy Schubert size_t hash_len; 14085732ac8SCy Schubert size_t aes_siv_key_len; 14185732ac8SCy Schubert size_t nonce_len; 14285732ac8SCy Schubert size_t prime_len; 14385732ac8SCy Schubert const char *jwk_crv; 14485732ac8SCy Schubert u16 ike_group; 14585732ac8SCy Schubert const char *jws_alg; 14685732ac8SCy Schubert }; 14785732ac8SCy Schubert 14885732ac8SCy Schubert enum dpp_bootstrap_type { 14985732ac8SCy Schubert DPP_BOOTSTRAP_QR_CODE, 15085732ac8SCy Schubert DPP_BOOTSTRAP_PKEX, 151c1d255d3SCy Schubert DPP_BOOTSTRAP_NFC_URI, 15285732ac8SCy Schubert }; 15385732ac8SCy Schubert 154*a90b9d01SCy Schubert enum dpp_bootstrap_supported_curves { 155*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_P_256 = 0, 156*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_P_384 = 1, 157*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_P_521 = 2, 158*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_BP_256 = 3, 159*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_BP_384 = 4, 160*a90b9d01SCy Schubert DPP_BOOTSTRAP_CURVE_BP_512 = 5, 161*a90b9d01SCy Schubert }; 162*a90b9d01SCy Schubert 16385732ac8SCy Schubert struct dpp_bootstrap_info { 16485732ac8SCy Schubert struct dl_list list; 16585732ac8SCy Schubert unsigned int id; 16685732ac8SCy Schubert enum dpp_bootstrap_type type; 16785732ac8SCy Schubert char *uri; 16885732ac8SCy Schubert u8 mac_addr[ETH_ALEN]; 169c1d255d3SCy Schubert char *chan; 17085732ac8SCy Schubert char *info; 171*a90b9d01SCy Schubert struct hostapd_ip_addr *host; 172*a90b9d01SCy Schubert unsigned int port; 173c1d255d3SCy Schubert char *pk; 17485732ac8SCy Schubert unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 17585732ac8SCy Schubert unsigned int num_freq; 176c1d255d3SCy Schubert bool channels_listed; 177c1d255d3SCy Schubert u8 version; 178*a90b9d01SCy Schubert u8 supported_curves; /* enum dpp_bootstrap_supported_curves bitmap */ 17985732ac8SCy Schubert int own; 1804b72b91aSCy Schubert struct crypto_ec_key *pubkey; 18185732ac8SCy Schubert u8 pubkey_hash[SHA256_MAC_LEN]; 182c1d255d3SCy Schubert u8 pubkey_hash_chirp[SHA256_MAC_LEN]; 18385732ac8SCy Schubert const struct dpp_curve_params *curve; 18485732ac8SCy Schubert unsigned int pkex_t; /* number of failures before dpp_pkex 18585732ac8SCy Schubert * instantiation */ 186c1d255d3SCy Schubert int nfc_negotiated; /* whether this has been used in NFC negotiated 187c1d255d3SCy Schubert * connection handover */ 188c1d255d3SCy Schubert char *configurator_params; 189*a90b9d01SCy Schubert u8 peer_pubkey_hash[SHA256_MAC_LEN]; /* for enforcing a specific 190*a90b9d01SCy Schubert * peer bootstrapping key with 191*a90b9d01SCy Schubert * PKEX */ 19285732ac8SCy Schubert }; 19385732ac8SCy Schubert 19485732ac8SCy Schubert #define PKEX_COUNTER_T_LIMIT 5 19585732ac8SCy Schubert 196*a90b9d01SCy Schubert enum dpp_pkex_ver { 197*a90b9d01SCy Schubert PKEX_VER_AUTO, 198*a90b9d01SCy Schubert PKEX_VER_ONLY_1, 199*a90b9d01SCy Schubert PKEX_VER_ONLY_2, 200*a90b9d01SCy Schubert }; 201*a90b9d01SCy Schubert 20285732ac8SCy Schubert struct dpp_pkex { 20385732ac8SCy Schubert void *msg_ctx; 20485732ac8SCy Schubert unsigned int initiator:1; 20585732ac8SCy Schubert unsigned int exchange_done:1; 20685732ac8SCy Schubert unsigned int failed:1; 20732a95656SCy Schubert unsigned int v2:1; 208*a90b9d01SCy Schubert unsigned int forced_ver:1; 20985732ac8SCy Schubert struct dpp_bootstrap_info *own_bi; 21085732ac8SCy Schubert u8 own_mac[ETH_ALEN]; 21185732ac8SCy Schubert u8 peer_mac[ETH_ALEN]; 21285732ac8SCy Schubert char *identifier; 21385732ac8SCy Schubert char *code; 214*a90b9d01SCy Schubert size_t code_len; 2154b72b91aSCy Schubert struct crypto_ec_key *x; 2164b72b91aSCy Schubert struct crypto_ec_key *y; 21785732ac8SCy Schubert u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 21885732ac8SCy Schubert u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 21985732ac8SCy Schubert u8 z[DPP_MAX_HASH_LEN]; 2204b72b91aSCy Schubert struct crypto_ec_key *peer_bootstrap_key; 22185732ac8SCy Schubert struct wpabuf *exchange_req; 22285732ac8SCy Schubert struct wpabuf *exchange_resp; 22385732ac8SCy Schubert unsigned int t; /* number of failures on code use */ 22485732ac8SCy Schubert unsigned int exch_req_wait_time; 22585732ac8SCy Schubert unsigned int exch_req_tries; 22685732ac8SCy Schubert unsigned int freq; 22732a95656SCy Schubert u8 peer_version; 228*a90b9d01SCy Schubert struct wpabuf *enc_key; 22985732ac8SCy Schubert }; 23085732ac8SCy Schubert 23185732ac8SCy Schubert enum dpp_akm { 23285732ac8SCy Schubert DPP_AKM_UNKNOWN, 23385732ac8SCy Schubert DPP_AKM_DPP, 23485732ac8SCy Schubert DPP_AKM_PSK, 23585732ac8SCy Schubert DPP_AKM_SAE, 2364bc52338SCy Schubert DPP_AKM_PSK_SAE, 2374bc52338SCy Schubert DPP_AKM_SAE_DPP, 2384bc52338SCy Schubert DPP_AKM_PSK_SAE_DPP, 239c1d255d3SCy Schubert DPP_AKM_DOT1X, 240c1d255d3SCy Schubert }; 241c1d255d3SCy Schubert 242c1d255d3SCy Schubert enum dpp_netrole { 243c1d255d3SCy Schubert DPP_NETROLE_STA, 244c1d255d3SCy Schubert DPP_NETROLE_AP, 245c1d255d3SCy Schubert DPP_NETROLE_CONFIGURATOR, 24685732ac8SCy Schubert }; 24785732ac8SCy Schubert 24885732ac8SCy Schubert struct dpp_configuration { 24985732ac8SCy Schubert u8 ssid[32]; 25085732ac8SCy Schubert size_t ssid_len; 251c1d255d3SCy Schubert int ssid_charset; 25285732ac8SCy Schubert enum dpp_akm akm; 253c1d255d3SCy Schubert enum dpp_netrole netrole; 25485732ac8SCy Schubert 25585732ac8SCy Schubert /* For DPP configuration (connector) */ 25685732ac8SCy Schubert os_time_t netaccesskey_expiry; 25785732ac8SCy Schubert 25885732ac8SCy Schubert /* TODO: groups */ 25985732ac8SCy Schubert char *group_id; 26085732ac8SCy Schubert 26185732ac8SCy Schubert /* For legacy configuration */ 26285732ac8SCy Schubert char *passphrase; 26385732ac8SCy Schubert u8 psk[32]; 2644bc52338SCy Schubert int psk_set; 265c1d255d3SCy Schubert 266c1d255d3SCy Schubert char *csrattrs; 267*a90b9d01SCy Schubert char *extra_name; 268*a90b9d01SCy Schubert char *extra_value; 26985732ac8SCy Schubert }; 27085732ac8SCy Schubert 271c1d255d3SCy Schubert struct dpp_asymmetric_key { 272c1d255d3SCy Schubert struct dpp_asymmetric_key *next; 2734b72b91aSCy Schubert struct crypto_ec_key *csign; 2744b72b91aSCy Schubert struct crypto_ec_key *pp_key; 275c1d255d3SCy Schubert char *config_template; 276c1d255d3SCy Schubert char *connector_template; 277c1d255d3SCy Schubert }; 278c1d255d3SCy Schubert 279c1d255d3SCy Schubert #define DPP_MAX_CONF_OBJ 10 280c1d255d3SCy Schubert 28185732ac8SCy Schubert struct dpp_authentication { 282c1d255d3SCy Schubert struct dpp_global *global; 28385732ac8SCy Schubert void *msg_ctx; 2844bc52338SCy Schubert u8 peer_version; 28585732ac8SCy Schubert const struct dpp_curve_params *curve; 286*a90b9d01SCy Schubert const struct dpp_curve_params *new_curve; 28785732ac8SCy Schubert struct dpp_bootstrap_info *peer_bi; 28885732ac8SCy Schubert struct dpp_bootstrap_info *own_bi; 28985732ac8SCy Schubert struct dpp_bootstrap_info *tmp_own_bi; 290c1d255d3SCy Schubert struct dpp_bootstrap_info *tmp_peer_bi; 29185732ac8SCy Schubert u8 waiting_pubkey_hash[SHA256_MAC_LEN]; 29285732ac8SCy Schubert int response_pending; 293c1d255d3SCy Schubert int reconfig; 294c1d255d3SCy Schubert enum dpp_connector_key reconfig_connector_key; 29585732ac8SCy Schubert enum dpp_status_error auth_resp_status; 2964bc52338SCy Schubert enum dpp_status_error conf_resp_status; 297c1d255d3SCy Schubert enum dpp_status_error force_conf_resp_status; 29885732ac8SCy Schubert u8 peer_mac_addr[ETH_ALEN]; 29985732ac8SCy Schubert u8 i_nonce[DPP_MAX_NONCE_LEN]; 30085732ac8SCy Schubert u8 r_nonce[DPP_MAX_NONCE_LEN]; 30185732ac8SCy Schubert u8 e_nonce[DPP_MAX_NONCE_LEN]; 302c1d255d3SCy Schubert u8 c_nonce[DPP_MAX_NONCE_LEN]; 30385732ac8SCy Schubert u8 i_capab; 30485732ac8SCy Schubert u8 r_capab; 305c1d255d3SCy Schubert enum dpp_netrole e_netrole; 3064b72b91aSCy Schubert struct crypto_ec_key *own_protocol_key; 3074b72b91aSCy Schubert struct crypto_ec_key *peer_protocol_key; 3084b72b91aSCy Schubert struct crypto_ec_key *reconfig_old_protocol_key; 30985732ac8SCy Schubert struct wpabuf *req_msg; 31085732ac8SCy Schubert struct wpabuf *resp_msg; 311c1d255d3SCy Schubert struct wpabuf *reconfig_req_msg; 312c1d255d3SCy Schubert struct wpabuf *reconfig_resp_msg; 31385732ac8SCy Schubert /* Intersection of possible frequencies for initiating DPP 31485732ac8SCy Schubert * Authentication exchange */ 31585732ac8SCy Schubert unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 31685732ac8SCy Schubert unsigned int num_freq, freq_idx; 31785732ac8SCy Schubert unsigned int curr_freq; 31885732ac8SCy Schubert unsigned int neg_freq; 31985732ac8SCy Schubert unsigned int num_freq_iters; 32085732ac8SCy Schubert size_t secret_len; 32185732ac8SCy Schubert u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 32285732ac8SCy Schubert size_t Mx_len; 32385732ac8SCy Schubert u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 32485732ac8SCy Schubert size_t Nx_len; 32585732ac8SCy Schubert u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; 32685732ac8SCy Schubert size_t Lx_len; 32785732ac8SCy Schubert u8 k1[DPP_MAX_HASH_LEN]; 32885732ac8SCy Schubert u8 k2[DPP_MAX_HASH_LEN]; 32985732ac8SCy Schubert u8 ke[DPP_MAX_HASH_LEN]; 330c1d255d3SCy Schubert u8 bk[DPP_MAX_HASH_LEN]; 33185732ac8SCy Schubert int initiator; 33285732ac8SCy Schubert int waiting_auth_resp; 33385732ac8SCy Schubert int waiting_auth_conf; 33485732ac8SCy Schubert int auth_req_ack; 33585732ac8SCy Schubert unsigned int auth_resp_tries; 33685732ac8SCy Schubert u8 allowed_roles; 33785732ac8SCy Schubert int configurator; 33885732ac8SCy Schubert int remove_on_tx_status; 3394bc52338SCy Schubert int connect_on_tx_status; 3404bc52338SCy Schubert int waiting_conf_result; 341c1d255d3SCy Schubert int waiting_conn_status_result; 34285732ac8SCy Schubert int auth_success; 343c1d255d3SCy Schubert bool reconfig_success; 34485732ac8SCy Schubert struct wpabuf *conf_req; 34585732ac8SCy Schubert const struct wpabuf *conf_resp; /* owned by GAS server */ 346c1d255d3SCy Schubert struct wpabuf *conf_resp_tcp; 34785732ac8SCy Schubert struct dpp_configuration *conf_ap; 348c1d255d3SCy Schubert struct dpp_configuration *conf2_ap; 34985732ac8SCy Schubert struct dpp_configuration *conf_sta; 350c1d255d3SCy Schubert struct dpp_configuration *conf2_sta; 351c1d255d3SCy Schubert int provision_configurator; 35285732ac8SCy Schubert struct dpp_configurator *conf; 353c1d255d3SCy Schubert struct dpp_config_obj { 35485732ac8SCy Schubert char *connector; /* received signedConnector */ 35585732ac8SCy Schubert u8 ssid[SSID_MAX_LEN]; 35685732ac8SCy Schubert u8 ssid_len; 357c1d255d3SCy Schubert int ssid_charset; 35885732ac8SCy Schubert char passphrase[64]; 35985732ac8SCy Schubert u8 psk[PMK_LEN]; 36085732ac8SCy Schubert int psk_set; 36185732ac8SCy Schubert enum dpp_akm akm; 362c1d255d3SCy Schubert struct wpabuf *c_sign_key; 363c1d255d3SCy Schubert struct wpabuf *certbag; 364c1d255d3SCy Schubert struct wpabuf *certs; 365c1d255d3SCy Schubert struct wpabuf *cacert; 366c1d255d3SCy Schubert char *server_name; 367c1d255d3SCy Schubert struct wpabuf *pp_key; 368c1d255d3SCy Schubert } conf_obj[DPP_MAX_CONF_OBJ]; 369c1d255d3SCy Schubert unsigned int num_conf_obj; 370c1d255d3SCy Schubert struct dpp_asymmetric_key *conf_key_pkg; 37185732ac8SCy Schubert struct wpabuf *net_access_key; 37285732ac8SCy Schubert os_time_t net_access_key_expiry; 373c1d255d3SCy Schubert int send_conn_status; 374c1d255d3SCy Schubert int conn_status_requested; 375c1d255d3SCy Schubert int akm_use_selector; 376c1d255d3SCy Schubert int configurator_set; 377c1d255d3SCy Schubert u8 transaction_id; 378c1d255d3SCy Schubert u8 *csrattrs; 379c1d255d3SCy Schubert size_t csrattrs_len; 380c1d255d3SCy Schubert bool waiting_csr; 381c1d255d3SCy Schubert struct wpabuf *csr; 382c1d255d3SCy Schubert struct wpabuf *priv_key; /* DER-encoded private key used for csr */ 383c1d255d3SCy Schubert bool waiting_cert; 384c1d255d3SCy Schubert char *trusted_eap_server_name; 385c1d255d3SCy Schubert struct wpabuf *cacert; 386c1d255d3SCy Schubert struct wpabuf *certbag; 387*a90b9d01SCy Schubert bool waiting_new_key; 388*a90b9d01SCy Schubert bool new_key_received; 389*a90b9d01SCy Schubert void *config_resp_ctx; 390c1d255d3SCy Schubert void *gas_server_ctx; 391*a90b9d01SCy Schubert bool use_config_query; 392*a90b9d01SCy Schubert bool waiting_config; 393*a90b9d01SCy Schubert char *e_name; 394*a90b9d01SCy Schubert char *e_mud_url; 395*a90b9d01SCy Schubert int *e_band_support; 39685732ac8SCy Schubert #ifdef CONFIG_TESTING_OPTIONS 39785732ac8SCy Schubert char *config_obj_override; 39885732ac8SCy Schubert char *discovery_override; 39985732ac8SCy Schubert char *groups_override; 40085732ac8SCy Schubert unsigned int ignore_netaccesskey_mismatch:1; 40185732ac8SCy Schubert #endif /* CONFIG_TESTING_OPTIONS */ 40285732ac8SCy Schubert }; 40385732ac8SCy Schubert 40485732ac8SCy Schubert struct dpp_configurator { 40585732ac8SCy Schubert struct dl_list list; 40685732ac8SCy Schubert unsigned int id; 40785732ac8SCy Schubert int own; 4084b72b91aSCy Schubert struct crypto_ec_key *csign; 409c1d255d3SCy Schubert u8 kid_hash[SHA256_MAC_LEN]; 41085732ac8SCy Schubert char *kid; 41185732ac8SCy Schubert const struct dpp_curve_params *curve; 412*a90b9d01SCy Schubert const struct dpp_curve_params *net_access_key_curve; 413c1d255d3SCy Schubert char *connector; /* own Connector for reconfiguration */ 4144b72b91aSCy Schubert struct crypto_ec_key *connector_key; 4154b72b91aSCy Schubert struct crypto_ec_key *pp_key; 41685732ac8SCy Schubert }; 41785732ac8SCy Schubert 41885732ac8SCy Schubert struct dpp_introduction { 41985732ac8SCy Schubert u8 pmkid[PMKID_LEN]; 42085732ac8SCy Schubert u8 pmk[PMK_LEN_MAX]; 42185732ac8SCy Schubert size_t pmk_len; 42232a95656SCy Schubert int peer_version; 423*a90b9d01SCy Schubert struct crypto_ec_key *peer_key; 424*a90b9d01SCy Schubert enum hpke_kem_id kem_id; 425*a90b9d01SCy Schubert enum hpke_kdf_id kdf_id; 426*a90b9d01SCy Schubert enum hpke_aead_id aead_id; 42785732ac8SCy Schubert }; 42885732ac8SCy Schubert 429206b73d0SCy Schubert struct dpp_relay_config { 430206b73d0SCy Schubert const struct hostapd_ip_addr *ipaddr; 431206b73d0SCy Schubert const u8 *pkhash; 432206b73d0SCy Schubert 433c1d255d3SCy Schubert void *msg_ctx; 434206b73d0SCy Schubert void *cb_ctx; 435206b73d0SCy Schubert void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, 436206b73d0SCy Schubert size_t len); 437206b73d0SCy Schubert void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, int prot, 438206b73d0SCy Schubert struct wpabuf *buf); 439206b73d0SCy Schubert }; 440206b73d0SCy Schubert 441206b73d0SCy Schubert struct dpp_controller_config { 442206b73d0SCy Schubert const char *configurator_params; 443206b73d0SCy Schubert int tcp_port; 444c1d255d3SCy Schubert u8 allowed_roles; 445c1d255d3SCy Schubert int qr_mutual; 446c1d255d3SCy Schubert enum dpp_netrole netrole; 447c1d255d3SCy Schubert void *msg_ctx; 448c1d255d3SCy Schubert void *cb_ctx; 449c1d255d3SCy Schubert int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 450*a90b9d01SCy Schubert bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth); 451*a90b9d01SCy Schubert }; 452*a90b9d01SCy Schubert 453*a90b9d01SCy Schubert #define DPP_PB_INFO_COUNT 2 454*a90b9d01SCy Schubert 455*a90b9d01SCy Schubert struct dpp_pb_info { 456*a90b9d01SCy Schubert u8 hash[SHA256_MAC_LEN]; 457*a90b9d01SCy Schubert struct os_reltime rx_time; 458206b73d0SCy Schubert }; 459206b73d0SCy Schubert 46085732ac8SCy Schubert #ifdef CONFIG_TESTING_OPTIONS 46185732ac8SCy Schubert enum dpp_test_behavior { 46285732ac8SCy Schubert DPP_TEST_DISABLED = 0, 46385732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1, 46485732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2, 46585732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3, 46685732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4, 46785732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5, 46885732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6, 46985732ac8SCy Schubert DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7, 47085732ac8SCy Schubert DPP_TEST_ZERO_I_CAPAB = 8, 47185732ac8SCy Schubert DPP_TEST_ZERO_R_CAPAB = 9, 47285732ac8SCy Schubert DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10, 47385732ac8SCy Schubert DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11, 47485732ac8SCy Schubert DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12, 47585732ac8SCy Schubert DPP_TEST_NO_I_NONCE_AUTH_REQ = 13, 47685732ac8SCy Schubert DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14, 47785732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15, 47885732ac8SCy Schubert DPP_TEST_NO_STATUS_AUTH_RESP = 16, 47985732ac8SCy Schubert DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17, 48085732ac8SCy Schubert DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18, 48185732ac8SCy Schubert DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19, 48285732ac8SCy Schubert DPP_TEST_NO_R_NONCE_AUTH_RESP = 20, 48385732ac8SCy Schubert DPP_TEST_NO_I_NONCE_AUTH_RESP = 21, 48485732ac8SCy Schubert DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22, 48585732ac8SCy Schubert DPP_TEST_NO_R_AUTH_AUTH_RESP = 23, 48685732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24, 48785732ac8SCy Schubert DPP_TEST_NO_STATUS_AUTH_CONF = 25, 48885732ac8SCy Schubert DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26, 48985732ac8SCy Schubert DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27, 49085732ac8SCy Schubert DPP_TEST_NO_I_AUTH_AUTH_CONF = 28, 49185732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29, 49285732ac8SCy Schubert DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30, 49385732ac8SCy Schubert DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31, 49485732ac8SCy Schubert DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32, 49585732ac8SCy Schubert DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33, 49685732ac8SCy Schubert DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34, 49785732ac8SCy Schubert DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35, 49885732ac8SCy Schubert DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36, 49985732ac8SCy Schubert DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37, 50085732ac8SCy Schubert DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38, 50185732ac8SCy Schubert DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39, 50285732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40, 50385732ac8SCy Schubert DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41, 50485732ac8SCy Schubert DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42, 50585732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43, 50685732ac8SCy Schubert DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44, 50785732ac8SCy Schubert DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45, 50885732ac8SCy Schubert DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46, 50985732ac8SCy Schubert DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47, 51085732ac8SCy Schubert DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48, 51185732ac8SCy Schubert DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49, 51285732ac8SCy Schubert DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50, 51385732ac8SCy Schubert DPP_TEST_NO_E_NONCE_CONF_REQ = 51, 51485732ac8SCy Schubert DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52, 51585732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53, 51685732ac8SCy Schubert DPP_TEST_NO_E_NONCE_CONF_RESP = 54, 51785732ac8SCy Schubert DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55, 51885732ac8SCy Schubert DPP_TEST_NO_STATUS_CONF_RESP = 56, 51985732ac8SCy Schubert DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57, 52085732ac8SCy Schubert DPP_TEST_INVALID_STATUS_CONF_RESP = 58, 52185732ac8SCy Schubert DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59, 52285732ac8SCy Schubert DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60, 52385732ac8SCy Schubert DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61, 52485732ac8SCy Schubert DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62, 52585732ac8SCy Schubert DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63, 52685732ac8SCy Schubert DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64, 52785732ac8SCy Schubert DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65, 52885732ac8SCy Schubert DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66, 52985732ac8SCy Schubert DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67, 53085732ac8SCy Schubert DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68, 53185732ac8SCy Schubert DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69, 53285732ac8SCy Schubert DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70, 53385732ac8SCy Schubert DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71, 53485732ac8SCy Schubert DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72, 53585732ac8SCy Schubert DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73, 53685732ac8SCy Schubert DPP_TEST_INVALID_STATUS_AUTH_RESP = 74, 53785732ac8SCy Schubert DPP_TEST_INVALID_STATUS_AUTH_CONF = 75, 53885732ac8SCy Schubert DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76, 53985732ac8SCy Schubert DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77, 54085732ac8SCy Schubert DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78, 54185732ac8SCy Schubert DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79, 54285732ac8SCy Schubert DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80, 54385732ac8SCy Schubert DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81, 54485732ac8SCy Schubert DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82, 54585732ac8SCy Schubert DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83, 54685732ac8SCy Schubert DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84, 54785732ac8SCy Schubert DPP_TEST_STOP_AT_PKEX_CR_REQ = 85, 54885732ac8SCy Schubert DPP_TEST_STOP_AT_PKEX_CR_RESP = 86, 54985732ac8SCy Schubert DPP_TEST_STOP_AT_AUTH_REQ = 87, 55085732ac8SCy Schubert DPP_TEST_STOP_AT_AUTH_RESP = 88, 55185732ac8SCy Schubert DPP_TEST_STOP_AT_AUTH_CONF = 89, 55285732ac8SCy Schubert DPP_TEST_STOP_AT_CONF_REQ = 90, 5534bc52338SCy Schubert DPP_TEST_REJECT_CONFIG = 91, 55432a95656SCy Schubert DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ = 92, 55532a95656SCy Schubert DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_RESP = 93, 556*a90b9d01SCy Schubert DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ = 94, 557*a90b9d01SCy Schubert DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_RESP = 95, 558*a90b9d01SCy Schubert DPP_TEST_INVALID_PROTOCOL_VERSION_RECONFIG_AUTH_REQ = 96, 559*a90b9d01SCy Schubert DPP_TEST_NO_PROTOCOL_VERSION_RECONFIG_AUTH_REQ = 97, 560*a90b9d01SCy Schubert DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ = 98, 561*a90b9d01SCy Schubert DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_PB_RESP = 99, 562*a90b9d01SCy Schubert DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_RESP = 100, 56385732ac8SCy Schubert }; 56485732ac8SCy Schubert 56585732ac8SCy Schubert extern enum dpp_test_behavior dpp_test; 56685732ac8SCy Schubert extern u8 dpp_pkex_own_mac_override[ETH_ALEN]; 56785732ac8SCy Schubert extern u8 dpp_pkex_peer_mac_override[ETH_ALEN]; 56885732ac8SCy Schubert extern u8 dpp_pkex_ephemeral_key_override[600]; 56985732ac8SCy Schubert extern size_t dpp_pkex_ephemeral_key_override_len; 57085732ac8SCy Schubert extern u8 dpp_protocol_key_override[600]; 57185732ac8SCy Schubert extern size_t dpp_protocol_key_override_len; 57285732ac8SCy Schubert extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN]; 57385732ac8SCy Schubert extern size_t dpp_nonce_override_len; 57485732ac8SCy Schubert #endif /* CONFIG_TESTING_OPTIONS */ 57585732ac8SCy Schubert 57685732ac8SCy Schubert void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); 57785732ac8SCy Schubert const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type); 57885732ac8SCy Schubert int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, 57985732ac8SCy Schubert const char *chan_list); 58085732ac8SCy Schubert int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); 58185732ac8SCy Schubert int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); 582c1d255d3SCy Schubert int dpp_nfc_update_bi(struct dpp_bootstrap_info *own_bi, 583c1d255d3SCy Schubert struct dpp_bootstrap_info *peer_bi); 584*a90b9d01SCy Schubert const char * dpp_netrole_str(enum dpp_netrole netrole); 585c1d255d3SCy Schubert struct dpp_authentication * 586c1d255d3SCy Schubert dpp_alloc_auth(struct dpp_global *dpp, void *msg_ctx); 58785732ac8SCy Schubert struct hostapd_hw_modes; 588c1d255d3SCy Schubert struct dpp_authentication * dpp_auth_init(struct dpp_global *dpp, void *msg_ctx, 58985732ac8SCy Schubert struct dpp_bootstrap_info *peer_bi, 59085732ac8SCy Schubert struct dpp_bootstrap_info *own_bi, 59185732ac8SCy Schubert u8 dpp_allowed_roles, 59285732ac8SCy Schubert unsigned int neg_freq, 59385732ac8SCy Schubert struct hostapd_hw_modes *own_modes, 59485732ac8SCy Schubert u16 num_modes); 59585732ac8SCy Schubert struct dpp_authentication * 596c1d255d3SCy Schubert dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles, 597c1d255d3SCy Schubert int qr_mutual, struct dpp_bootstrap_info *peer_bi, 59885732ac8SCy Schubert struct dpp_bootstrap_info *own_bi, 59985732ac8SCy Schubert unsigned int freq, const u8 *hdr, const u8 *attr_start, 60085732ac8SCy Schubert size_t attr_len); 60185732ac8SCy Schubert struct wpabuf * 60285732ac8SCy Schubert dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, 60385732ac8SCy Schubert const u8 *attr_start, size_t attr_len); 60485732ac8SCy Schubert struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, 60585732ac8SCy Schubert const char *json); 606c1d255d3SCy Schubert struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, 607c1d255d3SCy Schubert const char *name, 608c1d255d3SCy Schubert enum dpp_netrole netrole, 609*a90b9d01SCy Schubert const char *mud_url, int *opclasses, 610*a90b9d01SCy Schubert const char *extra_name, 611*a90b9d01SCy Schubert const char *extra_value); 61285732ac8SCy Schubert int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, 61385732ac8SCy Schubert const u8 *attr_start, size_t attr_len); 61485732ac8SCy Schubert int dpp_notify_new_qr_code(struct dpp_authentication *auth, 61585732ac8SCy Schubert struct dpp_bootstrap_info *peer_bi); 616*a90b9d01SCy Schubert void dpp_controller_pkex_add(struct dpp_global *dpp, 617*a90b9d01SCy Schubert struct dpp_bootstrap_info *bi, 618*a90b9d01SCy Schubert const char *code, const char *identifier); 619*a90b9d01SCy Schubert bool dpp_controller_is_own_pkex_req(struct dpp_global *dpp, 620*a90b9d01SCy Schubert const u8 *buf, size_t len); 6214bc52338SCy Schubert struct dpp_configuration * dpp_configuration_alloc(const char *type); 6224bc52338SCy Schubert int dpp_akm_psk(enum dpp_akm akm); 6234bc52338SCy Schubert int dpp_akm_sae(enum dpp_akm akm); 6244bc52338SCy Schubert int dpp_akm_legacy(enum dpp_akm akm); 6254bc52338SCy Schubert int dpp_akm_dpp(enum dpp_akm akm); 6264bc52338SCy Schubert int dpp_akm_ver2(enum dpp_akm akm); 6274bc52338SCy Schubert int dpp_configuration_valid(const struct dpp_configuration *conf); 62885732ac8SCy Schubert void dpp_configuration_free(struct dpp_configuration *conf); 629c1d255d3SCy Schubert int dpp_set_configurator(struct dpp_authentication *auth, const char *cmd); 63085732ac8SCy Schubert void dpp_auth_deinit(struct dpp_authentication *auth); 63185732ac8SCy Schubert struct wpabuf * 632c1d255d3SCy Schubert dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce, 633c1d255d3SCy Schubert u16 e_nonce_len, enum dpp_netrole netrole, 634c1d255d3SCy Schubert bool cert_req); 635c1d255d3SCy Schubert struct wpabuf * 63685732ac8SCy Schubert dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, 63785732ac8SCy Schubert size_t attr_len); 63885732ac8SCy Schubert int dpp_conf_resp_rx(struct dpp_authentication *auth, 63985732ac8SCy Schubert const struct wpabuf *resp); 6404bc52338SCy Schubert enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth, 6414bc52338SCy Schubert const u8 *hdr, 6424bc52338SCy Schubert const u8 *attr_start, size_t attr_len); 6434bc52338SCy Schubert struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, 6444bc52338SCy Schubert enum dpp_status_error status); 645c1d255d3SCy Schubert enum dpp_status_error dpp_conn_status_result_rx(struct dpp_authentication *auth, 646c1d255d3SCy Schubert const u8 *hdr, 647c1d255d3SCy Schubert const u8 *attr_start, 648c1d255d3SCy Schubert size_t attr_len, 649c1d255d3SCy Schubert u8 *ssid, size_t *ssid_len, 650c1d255d3SCy Schubert char **channel_list); 651c1d255d3SCy Schubert struct wpabuf * dpp_build_conn_status_result(struct dpp_authentication *auth, 652c1d255d3SCy Schubert enum dpp_status_error result, 653c1d255d3SCy Schubert const u8 *ssid, size_t ssid_len, 654c1d255d3SCy Schubert const char *channel_list); 65585732ac8SCy Schubert struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, 65685732ac8SCy Schubert size_t len); 65785732ac8SCy Schubert const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); 65885732ac8SCy Schubert int dpp_check_attrs(const u8 *buf, size_t len); 65985732ac8SCy Schubert int dpp_key_expired(const char *timestamp, os_time_t *expiry); 66085732ac8SCy Schubert const char * dpp_akm_str(enum dpp_akm akm); 661c1d255d3SCy Schubert const char * dpp_akm_selector_str(enum dpp_akm akm); 66285732ac8SCy Schubert int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, 66385732ac8SCy Schubert size_t buflen); 66485732ac8SCy Schubert void dpp_configurator_free(struct dpp_configurator *conf); 66585732ac8SCy Schubert int dpp_configurator_own_config(struct dpp_authentication *auth, 66685732ac8SCy Schubert const char *curve, int ap); 66785732ac8SCy Schubert enum dpp_status_error 66885732ac8SCy Schubert dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, 66985732ac8SCy Schubert const u8 *net_access_key, size_t net_access_key_len, 67085732ac8SCy Schubert const u8 *csign_key, size_t csign_key_len, 67185732ac8SCy Schubert const u8 *peer_connector, size_t peer_connector_len, 672*a90b9d01SCy Schubert os_time_t *expiry, u8 *peer_key_hash); 673*a90b9d01SCy Schubert void dpp_peer_intro_deinit(struct dpp_introduction *intro); 67432a95656SCy Schubert int dpp_get_connector_version(const char *connector); 67585732ac8SCy Schubert struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, 67685732ac8SCy Schubert const u8 *own_mac, 67732a95656SCy Schubert const char *identifier, const char *code, 678*a90b9d01SCy Schubert size_t code_len, bool v2); 67985732ac8SCy Schubert struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, 68085732ac8SCy Schubert struct dpp_bootstrap_info *bi, 68185732ac8SCy Schubert const u8 *own_mac, 68285732ac8SCy Schubert const u8 *peer_mac, 68385732ac8SCy Schubert const char *identifier, 684*a90b9d01SCy Schubert const char *code, size_t code_len, 68532a95656SCy Schubert const u8 *buf, size_t len, bool v2); 68685732ac8SCy Schubert struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, 68785732ac8SCy Schubert const u8 *peer_mac, 68885732ac8SCy Schubert const u8 *buf, size_t len); 68985732ac8SCy Schubert struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, 69085732ac8SCy Schubert const u8 *hdr, 69185732ac8SCy Schubert const u8 *buf, size_t len); 69285732ac8SCy Schubert int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr, 69385732ac8SCy Schubert const u8 *buf, size_t len); 69485732ac8SCy Schubert void dpp_pkex_free(struct dpp_pkex *pkex); 69585732ac8SCy Schubert 69685732ac8SCy Schubert char * dpp_corrupt_connector_signature(const char *connector); 69785732ac8SCy Schubert 6984bc52338SCy Schubert 6994bc52338SCy Schubert struct dpp_pfs { 7004bc52338SCy Schubert struct crypto_ecdh *ecdh; 7014bc52338SCy Schubert const struct dpp_curve_params *curve; 7024bc52338SCy Schubert struct wpabuf *ie; 7034bc52338SCy Schubert struct wpabuf *secret; 7044bc52338SCy Schubert }; 7054bc52338SCy Schubert 7064bc52338SCy Schubert struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, 7074bc52338SCy Schubert size_t net_access_key_len); 7084bc52338SCy Schubert int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len); 7094bc52338SCy Schubert void dpp_pfs_free(struct dpp_pfs *pfs); 7104bc52338SCy Schubert 711*a90b9d01SCy Schubert struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve, 712*a90b9d01SCy Schubert const u8 *privkey, size_t privkey_len); 713*a90b9d01SCy Schubert int dpp_hpke_suite(int iana_group, enum hpke_kem_id *kem_id, 714*a90b9d01SCy Schubert enum hpke_kdf_id *kdf_id, enum hpke_aead_id *aead_id); 715*a90b9d01SCy Schubert 716c1d255d3SCy Schubert struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, 717c1d255d3SCy Schubert const char *name); 718c1d255d3SCy Schubert int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr); 719c1d255d3SCy Schubert 7204bc52338SCy Schubert struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, 7214bc52338SCy Schubert const char *uri); 722c1d255d3SCy Schubert struct dpp_bootstrap_info * dpp_add_nfc_uri(struct dpp_global *dpp, 723c1d255d3SCy Schubert const char *uri); 7244bc52338SCy Schubert int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd); 7254bc52338SCy Schubert struct dpp_bootstrap_info * 7264bc52338SCy Schubert dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id); 7274bc52338SCy Schubert int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id); 7284bc52338SCy Schubert struct dpp_bootstrap_info * 7294bc52338SCy Schubert dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer, 7304bc52338SCy Schubert unsigned int freq); 7314bc52338SCy Schubert const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id); 7324bc52338SCy Schubert int dpp_bootstrap_info(struct dpp_global *dpp, int id, 7334bc52338SCy Schubert char *reply, int reply_size); 734c1d255d3SCy Schubert int dpp_bootstrap_set(struct dpp_global *dpp, int id, const char *params); 7354bc52338SCy Schubert void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap, 7364bc52338SCy Schubert const u8 *r_bootstrap, 7374bc52338SCy Schubert struct dpp_bootstrap_info **own_bi, 7384bc52338SCy Schubert struct dpp_bootstrap_info **peer_bi); 739c1d255d3SCy Schubert struct dpp_bootstrap_info * dpp_bootstrap_find_chirp(struct dpp_global *dpp, 740c1d255d3SCy Schubert const u8 *hash); 7414bc52338SCy Schubert int dpp_configurator_add(struct dpp_global *dpp, const char *cmd); 742*a90b9d01SCy Schubert int dpp_configurator_set(struct dpp_global *dpp, const char *cmd); 7434bc52338SCy Schubert int dpp_configurator_remove(struct dpp_global *dpp, const char *id); 7444bc52338SCy Schubert int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id, 7454bc52338SCy Schubert char *buf, size_t buflen); 746c1d255d3SCy Schubert int dpp_configurator_from_backup(struct dpp_global *dpp, 747c1d255d3SCy Schubert struct dpp_asymmetric_key *key); 748c1d255d3SCy Schubert struct dpp_configurator * dpp_configurator_find_kid(struct dpp_global *dpp, 749c1d255d3SCy Schubert const u8 *kid); 750206b73d0SCy Schubert int dpp_relay_add_controller(struct dpp_global *dpp, 751206b73d0SCy Schubert struct dpp_relay_config *config); 752*a90b9d01SCy Schubert void dpp_relay_remove_controller(struct dpp_global *dpp, 753*a90b9d01SCy Schubert const struct hostapd_ip_addr *addr); 754*a90b9d01SCy Schubert int dpp_relay_listen(struct dpp_global *dpp, int port, 755*a90b9d01SCy Schubert struct dpp_relay_config *config); 756*a90b9d01SCy Schubert void dpp_relay_stop_listen(struct dpp_global *dpp); 757206b73d0SCy Schubert int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, 758206b73d0SCy Schubert const u8 *buf, size_t len, unsigned int freq, 759c1d255d3SCy Schubert const u8 *i_bootstrap, const u8 *r_bootstrap, 760c1d255d3SCy Schubert void *cb_ctx); 761206b73d0SCy Schubert int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, 762206b73d0SCy Schubert size_t data_len); 763*a90b9d01SCy Schubert bool dpp_relay_controller_available(struct dpp_global *dpp); 764206b73d0SCy Schubert int dpp_controller_start(struct dpp_global *dpp, 765206b73d0SCy Schubert struct dpp_controller_config *config); 766*a90b9d01SCy Schubert int dpp_controller_set_params(struct dpp_global *dpp, 767*a90b9d01SCy Schubert const char *configurator_params); 768206b73d0SCy Schubert void dpp_controller_stop(struct dpp_global *dpp); 7694b72b91aSCy Schubert void dpp_controller_stop_for_ctx(struct dpp_global *dpp, void *cb_ctx); 770c1d255d3SCy Schubert struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp, 771c1d255d3SCy Schubert unsigned int id); 772c1d255d3SCy Schubert void dpp_controller_new_qr_code(struct dpp_global *dpp, 773c1d255d3SCy Schubert struct dpp_bootstrap_info *bi); 774*a90b9d01SCy Schubert int dpp_tcp_pkex_init(struct dpp_global *dpp, struct dpp_pkex *pkex, 775*a90b9d01SCy Schubert const struct hostapd_ip_addr *addr, int port, 776*a90b9d01SCy Schubert void *msg_ctx, void *cb_ctx, 777*a90b9d01SCy Schubert int (*pkex_done)(void *ctx, void *conn, 778*a90b9d01SCy Schubert struct dpp_bootstrap_info *bi)); 779206b73d0SCy Schubert int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, 780c1d255d3SCy Schubert const struct hostapd_ip_addr *addr, int port, 781*a90b9d01SCy Schubert const char *name, enum dpp_netrole netrole, 782*a90b9d01SCy Schubert const char *mud_url, 783*a90b9d01SCy Schubert const char *extra_conf_req_name, 784*a90b9d01SCy Schubert const char *extra_conf_req_value, 785*a90b9d01SCy Schubert void *msg_ctx, void *cb_ctx, 786c1d255d3SCy Schubert int (*process_conf_obj)(void *ctx, 787*a90b9d01SCy Schubert struct dpp_authentication *auth), 788*a90b9d01SCy Schubert bool (*tcp_msg_sent)(void *ctx, 789c1d255d3SCy Schubert struct dpp_authentication *auth)); 790*a90b9d01SCy Schubert int dpp_tcp_auth(struct dpp_global *dpp, void *_conn, 791*a90b9d01SCy Schubert struct dpp_authentication *auth, const char *name, 792*a90b9d01SCy Schubert enum dpp_netrole netrole, const char *mud_url, 793*a90b9d01SCy Schubert const char *extra_conf_req_name, 794*a90b9d01SCy Schubert const char *extra_conf_req_value, 795*a90b9d01SCy Schubert int (*process_conf_obj)(void *ctx, 796*a90b9d01SCy Schubert struct dpp_authentication *auth), 797*a90b9d01SCy Schubert bool (*tcp_msg_sent)(void *ctx, 798*a90b9d01SCy Schubert struct dpp_authentication *auth)); 799*a90b9d01SCy Schubert bool dpp_tcp_conn_status_requested(struct dpp_global *dpp); 800*a90b9d01SCy Schubert void dpp_tcp_send_conn_status(struct dpp_global *dpp, 801*a90b9d01SCy Schubert enum dpp_status_error result, 802*a90b9d01SCy Schubert const u8 *ssid, size_t ssid_len, 803*a90b9d01SCy Schubert const char *channel_list); 804c1d255d3SCy Schubert 805c1d255d3SCy Schubert struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi); 806c1d255d3SCy Schubert void dpp_notify_chirp_received(void *msg_ctx, int id, const u8 *src, 807c1d255d3SCy Schubert unsigned int freq, const u8 *hash); 808206b73d0SCy Schubert 809*a90b9d01SCy Schubert struct wpabuf * dpp_build_pb_announcement(struct dpp_bootstrap_info *bi); 810*a90b9d01SCy Schubert struct wpabuf * dpp_build_pb_announcement_resp(struct dpp_bootstrap_info *bi, 811*a90b9d01SCy Schubert const u8 *e_hash, 812*a90b9d01SCy Schubert const u8 *c_nonce, 813*a90b9d01SCy Schubert size_t c_nonce_len); 814*a90b9d01SCy Schubert 815206b73d0SCy Schubert struct dpp_global_config { 816206b73d0SCy Schubert void *cb_ctx; 817c1d255d3SCy Schubert void (*remove_bi)(void *ctx, struct dpp_bootstrap_info *bi); 818206b73d0SCy Schubert }; 819206b73d0SCy Schubert 820206b73d0SCy Schubert struct dpp_global * dpp_global_init(struct dpp_global_config *config); 8214bc52338SCy Schubert void dpp_global_clear(struct dpp_global *dpp); 8224bc52338SCy Schubert void dpp_global_deinit(struct dpp_global *dpp); 823*a90b9d01SCy Schubert void dpp_notify_auth_success(struct dpp_authentication *auth, int initiator); 8244bc52338SCy Schubert 825c1d255d3SCy Schubert /* dpp_reconfig.c */ 826c1d255d3SCy Schubert 827c1d255d3SCy Schubert struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, 828c1d255d3SCy Schubert size_t csign_key_len, 829c1d255d3SCy Schubert const u8 *net_access_key, 830c1d255d3SCy Schubert size_t net_access_key_len, 831c1d255d3SCy Schubert struct dpp_reconfig_id *id); 832c1d255d3SCy Schubert struct dpp_authentication * 833c1d255d3SCy Schubert dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx, 834c1d255d3SCy Schubert struct dpp_configurator *conf, unsigned int freq, u16 group, 835c1d255d3SCy Schubert const u8 *a_nonce_attr, size_t a_nonce_len, 836c1d255d3SCy Schubert const u8 *e_id_attr, size_t e_id_len); 837c1d255d3SCy Schubert struct dpp_authentication * 838c1d255d3SCy Schubert dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, 839c1d255d3SCy Schubert const char *own_connector, 840c1d255d3SCy Schubert const u8 *net_access_key, size_t net_access_key_len, 841c1d255d3SCy Schubert const u8 *csign_key, size_t csign_key_len, 842c1d255d3SCy Schubert unsigned int freq, const u8 *hdr, 843c1d255d3SCy Schubert const u8 *attr_start, size_t attr_len); 844c1d255d3SCy Schubert struct wpabuf * 845c1d255d3SCy Schubert dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, 846c1d255d3SCy Schubert const u8 *attr_start, size_t attr_len); 847c1d255d3SCy Schubert int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, 848c1d255d3SCy Schubert const u8 *attr_start, size_t attr_len); 849c1d255d3SCy Schubert 850c1d255d3SCy Schubert struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key, 851c1d255d3SCy Schubert size_t csign_key_len, 852c1d255d3SCy Schubert const u8 *pp_key, 853c1d255d3SCy Schubert size_t pp_key_len); 854c1d255d3SCy Schubert int dpp_update_reconfig_id(struct dpp_reconfig_id *id); 855c1d255d3SCy Schubert void dpp_free_reconfig_id(struct dpp_reconfig_id *id); 856*a90b9d01SCy Schubert int dpp_get_pubkey_hash(struct crypto_ec_key *key, u8 *hash); 857c1d255d3SCy Schubert 8584bc52338SCy Schubert #endif /* CONFIG_DPP */ 85985732ac8SCy Schubert #endif /* DPP_H */ 860