xref: /freebsd/contrib/wpa/src/common/dpp.h (revision 53384ed5eea5fead452b20a84b7db7fe45afb059)
1 /*
2  * DPP functionality shared between hostapd and wpa_supplicant
3  * Copyright (c) 2017, Qualcomm Atheros, Inc.
4  * Copyright (c) 2018-2019, The Linux Foundation
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #ifndef DPP_H
11 #define DPP_H
12 
13 #ifdef CONFIG_DPP
14 #include <openssl/x509.h>
15 
16 #include "utils/list.h"
17 #include "common/wpa_common.h"
18 #include "crypto/sha256.h"
19 
20 struct crypto_ecdh;
21 struct dpp_global;
22 
23 #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */
24 
25 enum dpp_public_action_frame_type {
26 	DPP_PA_AUTHENTICATION_REQ = 0,
27 	DPP_PA_AUTHENTICATION_RESP = 1,
28 	DPP_PA_AUTHENTICATION_CONF = 2,
29 	DPP_PA_PEER_DISCOVERY_REQ = 5,
30 	DPP_PA_PEER_DISCOVERY_RESP = 6,
31 	DPP_PA_PKEX_EXCHANGE_REQ = 7,
32 	DPP_PA_PKEX_EXCHANGE_RESP = 8,
33 	DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9,
34 	DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10,
35 	DPP_PA_CONFIGURATION_RESULT = 11,
36 };
37 
38 enum dpp_attribute_id {
39 	DPP_ATTR_STATUS = 0x1000,
40 	DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001,
41 	DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002,
42 	DPP_ATTR_I_PROTOCOL_KEY = 0x1003,
43 	DPP_ATTR_WRAPPED_DATA = 0x1004,
44 	DPP_ATTR_I_NONCE = 0x1005,
45 	DPP_ATTR_I_CAPABILITIES = 0x1006,
46 	DPP_ATTR_R_NONCE = 0x1007,
47 	DPP_ATTR_R_CAPABILITIES = 0x1008,
48 	DPP_ATTR_R_PROTOCOL_KEY = 0x1009,
49 	DPP_ATTR_I_AUTH_TAG = 0x100A,
50 	DPP_ATTR_R_AUTH_TAG = 0x100B,
51 	DPP_ATTR_CONFIG_OBJ = 0x100C,
52 	DPP_ATTR_CONNECTOR = 0x100D,
53 	DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E,
54 	DPP_ATTR_BOOTSTRAP_KEY = 0x100F,
55 	DPP_ATTR_OWN_NET_NK_HASH = 0x1011,
56 	DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012,
57 	DPP_ATTR_ENCRYPTED_KEY = 0x1013,
58 	DPP_ATTR_ENROLLEE_NONCE = 0x1014,
59 	DPP_ATTR_CODE_IDENTIFIER = 0x1015,
60 	DPP_ATTR_TRANSACTION_ID = 0x1016,
61 	DPP_ATTR_BOOTSTRAP_INFO = 0x1017,
62 	DPP_ATTR_CHANNEL = 0x1018,
63 	DPP_ATTR_PROTOCOL_VERSION = 0x1019,
64 	DPP_ATTR_ENVELOPED_DATA = 0x101A,
65 };
66 
67 enum dpp_status_error {
68 	DPP_STATUS_OK = 0,
69 	DPP_STATUS_NOT_COMPATIBLE = 1,
70 	DPP_STATUS_AUTH_FAILURE = 2,
71 	DPP_STATUS_UNWRAP_FAILURE = 3,
72 	DPP_STATUS_BAD_GROUP = 4,
73 	DPP_STATUS_CONFIGURE_FAILURE = 5,
74 	DPP_STATUS_RESPONSE_PENDING = 6,
75 	DPP_STATUS_INVALID_CONNECTOR = 7,
76 	DPP_STATUS_NO_MATCH = 8,
77 	DPP_STATUS_CONFIG_REJECTED = 9,
78 };
79 
80 #define DPP_CAPAB_ENROLLEE BIT(0)
81 #define DPP_CAPAB_CONFIGURATOR BIT(1)
82 #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1))
83 
84 #define DPP_BOOTSTRAP_MAX_FREQ 30
85 #define DPP_MAX_NONCE_LEN 32
86 #define DPP_MAX_HASH_LEN 64
87 #define DPP_MAX_SHARED_SECRET_LEN 66
88 
89 struct dpp_curve_params {
90 	const char *name;
91 	size_t hash_len;
92 	size_t aes_siv_key_len;
93 	size_t nonce_len;
94 	size_t prime_len;
95 	const char *jwk_crv;
96 	u16 ike_group;
97 	const char *jws_alg;
98 };
99 
100 enum dpp_bootstrap_type {
101 	DPP_BOOTSTRAP_QR_CODE,
102 	DPP_BOOTSTRAP_PKEX,
103 };
104 
105 struct dpp_bootstrap_info {
106 	struct dl_list list;
107 	unsigned int id;
108 	enum dpp_bootstrap_type type;
109 	char *uri;
110 	u8 mac_addr[ETH_ALEN];
111 	char *info;
112 	unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
113 	unsigned int num_freq;
114 	int own;
115 	EVP_PKEY *pubkey;
116 	u8 pubkey_hash[SHA256_MAC_LEN];
117 	const struct dpp_curve_params *curve;
118 	unsigned int pkex_t; /* number of failures before dpp_pkex
119 			      * instantiation */
120 };
121 
122 #define PKEX_COUNTER_T_LIMIT 5
123 
124 struct dpp_pkex {
125 	void *msg_ctx;
126 	unsigned int initiator:1;
127 	unsigned int exchange_done:1;
128 	unsigned int failed:1;
129 	struct dpp_bootstrap_info *own_bi;
130 	u8 own_mac[ETH_ALEN];
131 	u8 peer_mac[ETH_ALEN];
132 	char *identifier;
133 	char *code;
134 	EVP_PKEY *x;
135 	EVP_PKEY *y;
136 	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
137 	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
138 	u8 z[DPP_MAX_HASH_LEN];
139 	EVP_PKEY *peer_bootstrap_key;
140 	struct wpabuf *exchange_req;
141 	struct wpabuf *exchange_resp;
142 	unsigned int t; /* number of failures on code use */
143 	unsigned int exch_req_wait_time;
144 	unsigned int exch_req_tries;
145 	unsigned int freq;
146 };
147 
148 enum dpp_akm {
149 	DPP_AKM_UNKNOWN,
150 	DPP_AKM_DPP,
151 	DPP_AKM_PSK,
152 	DPP_AKM_SAE,
153 	DPP_AKM_PSK_SAE,
154 	DPP_AKM_SAE_DPP,
155 	DPP_AKM_PSK_SAE_DPP,
156 };
157 
158 struct dpp_configuration {
159 	u8 ssid[32];
160 	size_t ssid_len;
161 	enum dpp_akm akm;
162 
163 	/* For DPP configuration (connector) */
164 	os_time_t netaccesskey_expiry;
165 
166 	/* TODO: groups */
167 	char *group_id;
168 
169 	/* For legacy configuration */
170 	char *passphrase;
171 	u8 psk[32];
172 	int psk_set;
173 };
174 
175 struct dpp_authentication {
176 	void *msg_ctx;
177 	u8 peer_version;
178 	const struct dpp_curve_params *curve;
179 	struct dpp_bootstrap_info *peer_bi;
180 	struct dpp_bootstrap_info *own_bi;
181 	struct dpp_bootstrap_info *tmp_own_bi;
182 	u8 waiting_pubkey_hash[SHA256_MAC_LEN];
183 	int response_pending;
184 	enum dpp_status_error auth_resp_status;
185 	enum dpp_status_error conf_resp_status;
186 	u8 peer_mac_addr[ETH_ALEN];
187 	u8 i_nonce[DPP_MAX_NONCE_LEN];
188 	u8 r_nonce[DPP_MAX_NONCE_LEN];
189 	u8 e_nonce[DPP_MAX_NONCE_LEN];
190 	u8 i_capab;
191 	u8 r_capab;
192 	EVP_PKEY *own_protocol_key;
193 	EVP_PKEY *peer_protocol_key;
194 	struct wpabuf *req_msg;
195 	struct wpabuf *resp_msg;
196 	/* Intersection of possible frequencies for initiating DPP
197 	 * Authentication exchange */
198 	unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
199 	unsigned int num_freq, freq_idx;
200 	unsigned int curr_freq;
201 	unsigned int neg_freq;
202 	unsigned int num_freq_iters;
203 	size_t secret_len;
204 	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
205 	size_t Mx_len;
206 	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
207 	size_t Nx_len;
208 	u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
209 	size_t Lx_len;
210 	u8 k1[DPP_MAX_HASH_LEN];
211 	u8 k2[DPP_MAX_HASH_LEN];
212 	u8 ke[DPP_MAX_HASH_LEN];
213 	int initiator;
214 	int waiting_auth_resp;
215 	int waiting_auth_conf;
216 	int auth_req_ack;
217 	unsigned int auth_resp_tries;
218 	u8 allowed_roles;
219 	int configurator;
220 	int remove_on_tx_status;
221 	int connect_on_tx_status;
222 	int waiting_conf_result;
223 	int auth_success;
224 	struct wpabuf *conf_req;
225 	const struct wpabuf *conf_resp; /* owned by GAS server */
226 	struct dpp_configuration *conf_ap;
227 	struct dpp_configuration *conf_sta;
228 	struct dpp_configurator *conf;
229 	char *connector; /* received signedConnector */
230 	u8 ssid[SSID_MAX_LEN];
231 	u8 ssid_len;
232 	char passphrase[64];
233 	u8 psk[PMK_LEN];
234 	int psk_set;
235 	enum dpp_akm akm;
236 	struct wpabuf *net_access_key;
237 	os_time_t net_access_key_expiry;
238 	struct wpabuf *c_sign_key;
239 #ifdef CONFIG_TESTING_OPTIONS
240 	char *config_obj_override;
241 	char *discovery_override;
242 	char *groups_override;
243 	unsigned int ignore_netaccesskey_mismatch:1;
244 #endif /* CONFIG_TESTING_OPTIONS */
245 };
246 
247 struct dpp_configurator {
248 	struct dl_list list;
249 	unsigned int id;
250 	int own;
251 	EVP_PKEY *csign;
252 	char *kid;
253 	const struct dpp_curve_params *curve;
254 };
255 
256 struct dpp_introduction {
257 	u8 pmkid[PMKID_LEN];
258 	u8 pmk[PMK_LEN_MAX];
259 	size_t pmk_len;
260 };
261 
262 #ifdef CONFIG_TESTING_OPTIONS
263 enum dpp_test_behavior {
264 	DPP_TEST_DISABLED = 0,
265 	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1,
266 	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2,
267 	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3,
268 	DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4,
269 	DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5,
270 	DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6,
271 	DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7,
272 	DPP_TEST_ZERO_I_CAPAB = 8,
273 	DPP_TEST_ZERO_R_CAPAB = 9,
274 	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10,
275 	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11,
276 	DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12,
277 	DPP_TEST_NO_I_NONCE_AUTH_REQ = 13,
278 	DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14,
279 	DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15,
280 	DPP_TEST_NO_STATUS_AUTH_RESP = 16,
281 	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17,
282 	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18,
283 	DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19,
284 	DPP_TEST_NO_R_NONCE_AUTH_RESP = 20,
285 	DPP_TEST_NO_I_NONCE_AUTH_RESP = 21,
286 	DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22,
287 	DPP_TEST_NO_R_AUTH_AUTH_RESP = 23,
288 	DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24,
289 	DPP_TEST_NO_STATUS_AUTH_CONF = 25,
290 	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26,
291 	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27,
292 	DPP_TEST_NO_I_AUTH_AUTH_CONF = 28,
293 	DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29,
294 	DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30,
295 	DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
296 	DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
297 	DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
298 	DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34,
299 	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35,
300 	DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36,
301 	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37,
302 	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38,
303 	DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39,
304 	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40,
305 	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41,
306 	DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42,
307 	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43,
308 	DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44,
309 	DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45,
310 	DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46,
311 	DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47,
312 	DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48,
313 	DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49,
314 	DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50,
315 	DPP_TEST_NO_E_NONCE_CONF_REQ = 51,
316 	DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52,
317 	DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53,
318 	DPP_TEST_NO_E_NONCE_CONF_RESP = 54,
319 	DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55,
320 	DPP_TEST_NO_STATUS_CONF_RESP = 56,
321 	DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57,
322 	DPP_TEST_INVALID_STATUS_CONF_RESP = 58,
323 	DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59,
324 	DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60,
325 	DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61,
326 	DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62,
327 	DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63,
328 	DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64,
329 	DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65,
330 	DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66,
331 	DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67,
332 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68,
333 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69,
334 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70,
335 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71,
336 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72,
337 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73,
338 	DPP_TEST_INVALID_STATUS_AUTH_RESP = 74,
339 	DPP_TEST_INVALID_STATUS_AUTH_CONF = 75,
340 	DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76,
341 	DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77,
342 	DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78,
343 	DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79,
344 	DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80,
345 	DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81,
346 	DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82,
347 	DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83,
348 	DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84,
349 	DPP_TEST_STOP_AT_PKEX_CR_REQ = 85,
350 	DPP_TEST_STOP_AT_PKEX_CR_RESP = 86,
351 	DPP_TEST_STOP_AT_AUTH_REQ = 87,
352 	DPP_TEST_STOP_AT_AUTH_RESP = 88,
353 	DPP_TEST_STOP_AT_AUTH_CONF = 89,
354 	DPP_TEST_STOP_AT_CONF_REQ = 90,
355 	DPP_TEST_REJECT_CONFIG = 91,
356 };
357 
358 extern enum dpp_test_behavior dpp_test;
359 extern u8 dpp_pkex_own_mac_override[ETH_ALEN];
360 extern u8 dpp_pkex_peer_mac_override[ETH_ALEN];
361 extern u8 dpp_pkex_ephemeral_key_override[600];
362 extern size_t dpp_pkex_ephemeral_key_override_len;
363 extern u8 dpp_protocol_key_override[600];
364 extern size_t dpp_protocol_key_override_len;
365 extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
366 extern size_t dpp_nonce_override_len;
367 #endif /* CONFIG_TESTING_OPTIONS */
368 
369 void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
370 const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type);
371 int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
372 int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
373 			    const char *chan_list);
374 int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac);
375 int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info);
376 struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri);
377 char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
378 		  const u8 *privkey, size_t privkey_len);
379 struct hostapd_hw_modes;
380 struct dpp_authentication * dpp_auth_init(void *msg_ctx,
381 					  struct dpp_bootstrap_info *peer_bi,
382 					  struct dpp_bootstrap_info *own_bi,
383 					  u8 dpp_allowed_roles,
384 					  unsigned int neg_freq,
385 					  struct hostapd_hw_modes *own_modes,
386 					  u16 num_modes);
387 struct dpp_authentication *
388 dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
389 		struct dpp_bootstrap_info *peer_bi,
390 		struct dpp_bootstrap_info *own_bi,
391 		unsigned int freq, const u8 *hdr, const u8 *attr_start,
392 		size_t attr_len);
393 struct wpabuf *
394 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
395 		 const u8 *attr_start, size_t attr_len);
396 struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
397 				   const char *json);
398 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
399 		     const u8 *attr_start, size_t attr_len);
400 int dpp_notify_new_qr_code(struct dpp_authentication *auth,
401 			   struct dpp_bootstrap_info *peer_bi);
402 struct dpp_configuration * dpp_configuration_alloc(const char *type);
403 int dpp_akm_psk(enum dpp_akm akm);
404 int dpp_akm_sae(enum dpp_akm akm);
405 int dpp_akm_legacy(enum dpp_akm akm);
406 int dpp_akm_dpp(enum dpp_akm akm);
407 int dpp_akm_ver2(enum dpp_akm akm);
408 int dpp_configuration_valid(const struct dpp_configuration *conf);
409 void dpp_configuration_free(struct dpp_configuration *conf);
410 int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx,
411 			 struct dpp_authentication *auth,
412 			 const char *cmd);
413 void dpp_auth_deinit(struct dpp_authentication *auth);
414 struct wpabuf *
415 dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
416 		size_t attr_len);
417 int dpp_conf_resp_rx(struct dpp_authentication *auth,
418 		     const struct wpabuf *resp);
419 enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth,
420 					 const u8 *hdr,
421 					 const u8 *attr_start, size_t attr_len);
422 struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth,
423 				      enum dpp_status_error status);
424 struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type,
425 			      size_t len);
426 const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
427 int dpp_check_attrs(const u8 *buf, size_t len);
428 int dpp_key_expired(const char *timestamp, os_time_t *expiry);
429 const char * dpp_akm_str(enum dpp_akm akm);
430 int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
431 			     size_t buflen);
432 void dpp_configurator_free(struct dpp_configurator *conf);
433 struct dpp_configurator *
434 dpp_keygen_configurator(const char *curve, const u8 *privkey,
435 			size_t privkey_len);
436 int dpp_configurator_own_config(struct dpp_authentication *auth,
437 				const char *curve, int ap);
438 enum dpp_status_error
439 dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
440 	       const u8 *net_access_key, size_t net_access_key_len,
441 	       const u8 *csign_key, size_t csign_key_len,
442 	       const u8 *peer_connector, size_t peer_connector_len,
443 	       os_time_t *expiry);
444 struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi,
445 				const u8 *own_mac,
446 				const char *identifier,
447 				const char *code);
448 struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
449 					   struct dpp_bootstrap_info *bi,
450 					   const u8 *own_mac,
451 					   const u8 *peer_mac,
452 					   const char *identifier,
453 					   const char *code,
454 					   const u8 *buf, size_t len);
455 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
456 					  const u8 *peer_mac,
457 					  const u8 *buf, size_t len);
458 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
459 					      const u8 *hdr,
460 					      const u8 *buf, size_t len);
461 int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
462 				   const u8 *buf, size_t len);
463 void dpp_pkex_free(struct dpp_pkex *pkex);
464 
465 char * dpp_corrupt_connector_signature(const char *connector);
466 
467 
468 struct dpp_pfs {
469 	struct crypto_ecdh *ecdh;
470 	const struct dpp_curve_params *curve;
471 	struct wpabuf *ie;
472 	struct wpabuf *secret;
473 };
474 
475 struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
476 			      size_t net_access_key_len);
477 int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
478 void dpp_pfs_free(struct dpp_pfs *pfs);
479 
480 struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp,
481 					    const char *uri);
482 int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd);
483 struct dpp_bootstrap_info *
484 dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id);
485 int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id);
486 struct dpp_bootstrap_info *
487 dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer,
488 		unsigned int freq);
489 const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id);
490 int dpp_bootstrap_info(struct dpp_global *dpp, int id,
491 		       char *reply, int reply_size);
492 void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap,
493 			     const u8 *r_bootstrap,
494 			     struct dpp_bootstrap_info **own_bi,
495 			     struct dpp_bootstrap_info **peer_bi);
496 int dpp_configurator_add(struct dpp_global *dpp, const char *cmd);
497 int dpp_configurator_remove(struct dpp_global *dpp, const char *id);
498 int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id,
499 				char *buf, size_t buflen);
500 struct dpp_global * dpp_global_init(void);
501 void dpp_global_clear(struct dpp_global *dpp);
502 void dpp_global_deinit(struct dpp_global *dpp);
503 
504 #endif /* CONFIG_DPP */
505 #endif /* DPP_H */
506