1 /* 2 * DPP functionality shared between hostapd and wpa_supplicant 3 * Copyright (c) 2017, Qualcomm Atheros, Inc. 4 * Copyright (c) 2018-2019, The Linux Foundation 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #ifndef DPP_H 11 #define DPP_H 12 13 #ifdef CONFIG_DPP 14 #include <openssl/x509.h> 15 16 #include "utils/list.h" 17 #include "common/wpa_common.h" 18 #include "crypto/sha256.h" 19 20 struct crypto_ecdh; 21 struct dpp_global; 22 23 #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */ 24 25 enum dpp_public_action_frame_type { 26 DPP_PA_AUTHENTICATION_REQ = 0, 27 DPP_PA_AUTHENTICATION_RESP = 1, 28 DPP_PA_AUTHENTICATION_CONF = 2, 29 DPP_PA_PEER_DISCOVERY_REQ = 5, 30 DPP_PA_PEER_DISCOVERY_RESP = 6, 31 DPP_PA_PKEX_EXCHANGE_REQ = 7, 32 DPP_PA_PKEX_EXCHANGE_RESP = 8, 33 DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9, 34 DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10, 35 DPP_PA_CONFIGURATION_RESULT = 11, 36 }; 37 38 enum dpp_attribute_id { 39 DPP_ATTR_STATUS = 0x1000, 40 DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001, 41 DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002, 42 DPP_ATTR_I_PROTOCOL_KEY = 0x1003, 43 DPP_ATTR_WRAPPED_DATA = 0x1004, 44 DPP_ATTR_I_NONCE = 0x1005, 45 DPP_ATTR_I_CAPABILITIES = 0x1006, 46 DPP_ATTR_R_NONCE = 0x1007, 47 DPP_ATTR_R_CAPABILITIES = 0x1008, 48 DPP_ATTR_R_PROTOCOL_KEY = 0x1009, 49 DPP_ATTR_I_AUTH_TAG = 0x100A, 50 DPP_ATTR_R_AUTH_TAG = 0x100B, 51 DPP_ATTR_CONFIG_OBJ = 0x100C, 52 DPP_ATTR_CONNECTOR = 0x100D, 53 DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E, 54 DPP_ATTR_BOOTSTRAP_KEY = 0x100F, 55 DPP_ATTR_OWN_NET_NK_HASH = 0x1011, 56 DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012, 57 DPP_ATTR_ENCRYPTED_KEY = 0x1013, 58 DPP_ATTR_ENROLLEE_NONCE = 0x1014, 59 DPP_ATTR_CODE_IDENTIFIER = 0x1015, 60 DPP_ATTR_TRANSACTION_ID = 0x1016, 61 DPP_ATTR_BOOTSTRAP_INFO = 0x1017, 62 DPP_ATTR_CHANNEL = 0x1018, 63 DPP_ATTR_PROTOCOL_VERSION = 0x1019, 64 DPP_ATTR_ENVELOPED_DATA = 0x101A, 65 }; 66 67 enum dpp_status_error { 68 DPP_STATUS_OK = 0, 69 DPP_STATUS_NOT_COMPATIBLE = 1, 70 DPP_STATUS_AUTH_FAILURE = 2, 71 DPP_STATUS_UNWRAP_FAILURE = 3, 72 DPP_STATUS_BAD_GROUP = 4, 73 DPP_STATUS_CONFIGURE_FAILURE = 5, 74 DPP_STATUS_RESPONSE_PENDING = 6, 75 DPP_STATUS_INVALID_CONNECTOR = 7, 76 DPP_STATUS_NO_MATCH = 8, 77 DPP_STATUS_CONFIG_REJECTED = 9, 78 }; 79 80 #define DPP_CAPAB_ENROLLEE BIT(0) 81 #define DPP_CAPAB_CONFIGURATOR BIT(1) 82 #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1)) 83 84 #define DPP_BOOTSTRAP_MAX_FREQ 30 85 #define DPP_MAX_NONCE_LEN 32 86 #define DPP_MAX_HASH_LEN 64 87 #define DPP_MAX_SHARED_SECRET_LEN 66 88 89 struct dpp_curve_params { 90 const char *name; 91 size_t hash_len; 92 size_t aes_siv_key_len; 93 size_t nonce_len; 94 size_t prime_len; 95 const char *jwk_crv; 96 u16 ike_group; 97 const char *jws_alg; 98 }; 99 100 enum dpp_bootstrap_type { 101 DPP_BOOTSTRAP_QR_CODE, 102 DPP_BOOTSTRAP_PKEX, 103 }; 104 105 struct dpp_bootstrap_info { 106 struct dl_list list; 107 unsigned int id; 108 enum dpp_bootstrap_type type; 109 char *uri; 110 u8 mac_addr[ETH_ALEN]; 111 char *info; 112 unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 113 unsigned int num_freq; 114 int own; 115 EVP_PKEY *pubkey; 116 u8 pubkey_hash[SHA256_MAC_LEN]; 117 const struct dpp_curve_params *curve; 118 unsigned int pkex_t; /* number of failures before dpp_pkex 119 * instantiation */ 120 }; 121 122 #define PKEX_COUNTER_T_LIMIT 5 123 124 struct dpp_pkex { 125 void *msg_ctx; 126 unsigned int initiator:1; 127 unsigned int exchange_done:1; 128 unsigned int failed:1; 129 struct dpp_bootstrap_info *own_bi; 130 u8 own_mac[ETH_ALEN]; 131 u8 peer_mac[ETH_ALEN]; 132 char *identifier; 133 char *code; 134 EVP_PKEY *x; 135 EVP_PKEY *y; 136 u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 137 u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 138 u8 z[DPP_MAX_HASH_LEN]; 139 EVP_PKEY *peer_bootstrap_key; 140 struct wpabuf *exchange_req; 141 struct wpabuf *exchange_resp; 142 unsigned int t; /* number of failures on code use */ 143 unsigned int exch_req_wait_time; 144 unsigned int exch_req_tries; 145 unsigned int freq; 146 }; 147 148 enum dpp_akm { 149 DPP_AKM_UNKNOWN, 150 DPP_AKM_DPP, 151 DPP_AKM_PSK, 152 DPP_AKM_SAE, 153 DPP_AKM_PSK_SAE, 154 DPP_AKM_SAE_DPP, 155 DPP_AKM_PSK_SAE_DPP, 156 }; 157 158 struct dpp_configuration { 159 u8 ssid[32]; 160 size_t ssid_len; 161 enum dpp_akm akm; 162 163 /* For DPP configuration (connector) */ 164 os_time_t netaccesskey_expiry; 165 166 /* TODO: groups */ 167 char *group_id; 168 169 /* For legacy configuration */ 170 char *passphrase; 171 u8 psk[32]; 172 int psk_set; 173 }; 174 175 struct dpp_authentication { 176 void *msg_ctx; 177 u8 peer_version; 178 const struct dpp_curve_params *curve; 179 struct dpp_bootstrap_info *peer_bi; 180 struct dpp_bootstrap_info *own_bi; 181 struct dpp_bootstrap_info *tmp_own_bi; 182 u8 waiting_pubkey_hash[SHA256_MAC_LEN]; 183 int response_pending; 184 enum dpp_status_error auth_resp_status; 185 enum dpp_status_error conf_resp_status; 186 u8 peer_mac_addr[ETH_ALEN]; 187 u8 i_nonce[DPP_MAX_NONCE_LEN]; 188 u8 r_nonce[DPP_MAX_NONCE_LEN]; 189 u8 e_nonce[DPP_MAX_NONCE_LEN]; 190 u8 i_capab; 191 u8 r_capab; 192 EVP_PKEY *own_protocol_key; 193 EVP_PKEY *peer_protocol_key; 194 struct wpabuf *req_msg; 195 struct wpabuf *resp_msg; 196 /* Intersection of possible frequencies for initiating DPP 197 * Authentication exchange */ 198 unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 199 unsigned int num_freq, freq_idx; 200 unsigned int curr_freq; 201 unsigned int neg_freq; 202 unsigned int num_freq_iters; 203 size_t secret_len; 204 u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 205 size_t Mx_len; 206 u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 207 size_t Nx_len; 208 u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; 209 size_t Lx_len; 210 u8 k1[DPP_MAX_HASH_LEN]; 211 u8 k2[DPP_MAX_HASH_LEN]; 212 u8 ke[DPP_MAX_HASH_LEN]; 213 int initiator; 214 int waiting_auth_resp; 215 int waiting_auth_conf; 216 int auth_req_ack; 217 unsigned int auth_resp_tries; 218 u8 allowed_roles; 219 int configurator; 220 int remove_on_tx_status; 221 int connect_on_tx_status; 222 int waiting_conf_result; 223 int auth_success; 224 struct wpabuf *conf_req; 225 const struct wpabuf *conf_resp; /* owned by GAS server */ 226 struct dpp_configuration *conf_ap; 227 struct dpp_configuration *conf_sta; 228 struct dpp_configurator *conf; 229 char *connector; /* received signedConnector */ 230 u8 ssid[SSID_MAX_LEN]; 231 u8 ssid_len; 232 char passphrase[64]; 233 u8 psk[PMK_LEN]; 234 int psk_set; 235 enum dpp_akm akm; 236 struct wpabuf *net_access_key; 237 os_time_t net_access_key_expiry; 238 struct wpabuf *c_sign_key; 239 #ifdef CONFIG_TESTING_OPTIONS 240 char *config_obj_override; 241 char *discovery_override; 242 char *groups_override; 243 unsigned int ignore_netaccesskey_mismatch:1; 244 #endif /* CONFIG_TESTING_OPTIONS */ 245 }; 246 247 struct dpp_configurator { 248 struct dl_list list; 249 unsigned int id; 250 int own; 251 EVP_PKEY *csign; 252 char *kid; 253 const struct dpp_curve_params *curve; 254 }; 255 256 struct dpp_introduction { 257 u8 pmkid[PMKID_LEN]; 258 u8 pmk[PMK_LEN_MAX]; 259 size_t pmk_len; 260 }; 261 262 #ifdef CONFIG_TESTING_OPTIONS 263 enum dpp_test_behavior { 264 DPP_TEST_DISABLED = 0, 265 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1, 266 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2, 267 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3, 268 DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4, 269 DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5, 270 DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6, 271 DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7, 272 DPP_TEST_ZERO_I_CAPAB = 8, 273 DPP_TEST_ZERO_R_CAPAB = 9, 274 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10, 275 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11, 276 DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12, 277 DPP_TEST_NO_I_NONCE_AUTH_REQ = 13, 278 DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14, 279 DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15, 280 DPP_TEST_NO_STATUS_AUTH_RESP = 16, 281 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17, 282 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18, 283 DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19, 284 DPP_TEST_NO_R_NONCE_AUTH_RESP = 20, 285 DPP_TEST_NO_I_NONCE_AUTH_RESP = 21, 286 DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22, 287 DPP_TEST_NO_R_AUTH_AUTH_RESP = 23, 288 DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24, 289 DPP_TEST_NO_STATUS_AUTH_CONF = 25, 290 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26, 291 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27, 292 DPP_TEST_NO_I_AUTH_AUTH_CONF = 28, 293 DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29, 294 DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30, 295 DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31, 296 DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32, 297 DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33, 298 DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34, 299 DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35, 300 DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36, 301 DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37, 302 DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38, 303 DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39, 304 DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40, 305 DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41, 306 DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42, 307 DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43, 308 DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44, 309 DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45, 310 DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46, 311 DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47, 312 DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48, 313 DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49, 314 DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50, 315 DPP_TEST_NO_E_NONCE_CONF_REQ = 51, 316 DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52, 317 DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53, 318 DPP_TEST_NO_E_NONCE_CONF_RESP = 54, 319 DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55, 320 DPP_TEST_NO_STATUS_CONF_RESP = 56, 321 DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57, 322 DPP_TEST_INVALID_STATUS_CONF_RESP = 58, 323 DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59, 324 DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60, 325 DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61, 326 DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62, 327 DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63, 328 DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64, 329 DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65, 330 DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66, 331 DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67, 332 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68, 333 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69, 334 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70, 335 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71, 336 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72, 337 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73, 338 DPP_TEST_INVALID_STATUS_AUTH_RESP = 74, 339 DPP_TEST_INVALID_STATUS_AUTH_CONF = 75, 340 DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76, 341 DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77, 342 DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78, 343 DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79, 344 DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80, 345 DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81, 346 DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82, 347 DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83, 348 DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84, 349 DPP_TEST_STOP_AT_PKEX_CR_REQ = 85, 350 DPP_TEST_STOP_AT_PKEX_CR_RESP = 86, 351 DPP_TEST_STOP_AT_AUTH_REQ = 87, 352 DPP_TEST_STOP_AT_AUTH_RESP = 88, 353 DPP_TEST_STOP_AT_AUTH_CONF = 89, 354 DPP_TEST_STOP_AT_CONF_REQ = 90, 355 DPP_TEST_REJECT_CONFIG = 91, 356 }; 357 358 extern enum dpp_test_behavior dpp_test; 359 extern u8 dpp_pkex_own_mac_override[ETH_ALEN]; 360 extern u8 dpp_pkex_peer_mac_override[ETH_ALEN]; 361 extern u8 dpp_pkex_ephemeral_key_override[600]; 362 extern size_t dpp_pkex_ephemeral_key_override_len; 363 extern u8 dpp_protocol_key_override[600]; 364 extern size_t dpp_protocol_key_override_len; 365 extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN]; 366 extern size_t dpp_nonce_override_len; 367 #endif /* CONFIG_TESTING_OPTIONS */ 368 369 void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); 370 const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type); 371 int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi); 372 int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, 373 const char *chan_list); 374 int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); 375 int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); 376 struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri); 377 char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, 378 const u8 *privkey, size_t privkey_len); 379 struct hostapd_hw_modes; 380 struct dpp_authentication * dpp_auth_init(void *msg_ctx, 381 struct dpp_bootstrap_info *peer_bi, 382 struct dpp_bootstrap_info *own_bi, 383 u8 dpp_allowed_roles, 384 unsigned int neg_freq, 385 struct hostapd_hw_modes *own_modes, 386 u16 num_modes); 387 struct dpp_authentication * 388 dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, 389 struct dpp_bootstrap_info *peer_bi, 390 struct dpp_bootstrap_info *own_bi, 391 unsigned int freq, const u8 *hdr, const u8 *attr_start, 392 size_t attr_len); 393 struct wpabuf * 394 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, 395 const u8 *attr_start, size_t attr_len); 396 struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, 397 const char *json); 398 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, 399 const u8 *attr_start, size_t attr_len); 400 int dpp_notify_new_qr_code(struct dpp_authentication *auth, 401 struct dpp_bootstrap_info *peer_bi); 402 struct dpp_configuration * dpp_configuration_alloc(const char *type); 403 int dpp_akm_psk(enum dpp_akm akm); 404 int dpp_akm_sae(enum dpp_akm akm); 405 int dpp_akm_legacy(enum dpp_akm akm); 406 int dpp_akm_dpp(enum dpp_akm akm); 407 int dpp_akm_ver2(enum dpp_akm akm); 408 int dpp_configuration_valid(const struct dpp_configuration *conf); 409 void dpp_configuration_free(struct dpp_configuration *conf); 410 int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx, 411 struct dpp_authentication *auth, 412 const char *cmd); 413 void dpp_auth_deinit(struct dpp_authentication *auth); 414 struct wpabuf * 415 dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, 416 size_t attr_len); 417 int dpp_conf_resp_rx(struct dpp_authentication *auth, 418 const struct wpabuf *resp); 419 enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth, 420 const u8 *hdr, 421 const u8 *attr_start, size_t attr_len); 422 struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, 423 enum dpp_status_error status); 424 struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, 425 size_t len); 426 const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); 427 int dpp_check_attrs(const u8 *buf, size_t len); 428 int dpp_key_expired(const char *timestamp, os_time_t *expiry); 429 const char * dpp_akm_str(enum dpp_akm akm); 430 int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, 431 size_t buflen); 432 void dpp_configurator_free(struct dpp_configurator *conf); 433 struct dpp_configurator * 434 dpp_keygen_configurator(const char *curve, const u8 *privkey, 435 size_t privkey_len); 436 int dpp_configurator_own_config(struct dpp_authentication *auth, 437 const char *curve, int ap); 438 enum dpp_status_error 439 dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, 440 const u8 *net_access_key, size_t net_access_key_len, 441 const u8 *csign_key, size_t csign_key_len, 442 const u8 *peer_connector, size_t peer_connector_len, 443 os_time_t *expiry); 444 struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, 445 const u8 *own_mac, 446 const char *identifier, 447 const char *code); 448 struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, 449 struct dpp_bootstrap_info *bi, 450 const u8 *own_mac, 451 const u8 *peer_mac, 452 const char *identifier, 453 const char *code, 454 const u8 *buf, size_t len); 455 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, 456 const u8 *peer_mac, 457 const u8 *buf, size_t len); 458 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, 459 const u8 *hdr, 460 const u8 *buf, size_t len); 461 int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr, 462 const u8 *buf, size_t len); 463 void dpp_pkex_free(struct dpp_pkex *pkex); 464 465 char * dpp_corrupt_connector_signature(const char *connector); 466 467 468 struct dpp_pfs { 469 struct crypto_ecdh *ecdh; 470 const struct dpp_curve_params *curve; 471 struct wpabuf *ie; 472 struct wpabuf *secret; 473 }; 474 475 struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, 476 size_t net_access_key_len); 477 int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len); 478 void dpp_pfs_free(struct dpp_pfs *pfs); 479 480 struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, 481 const char *uri); 482 int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd); 483 struct dpp_bootstrap_info * 484 dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id); 485 int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id); 486 struct dpp_bootstrap_info * 487 dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer, 488 unsigned int freq); 489 const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id); 490 int dpp_bootstrap_info(struct dpp_global *dpp, int id, 491 char *reply, int reply_size); 492 void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap, 493 const u8 *r_bootstrap, 494 struct dpp_bootstrap_info **own_bi, 495 struct dpp_bootstrap_info **peer_bi); 496 int dpp_configurator_add(struct dpp_global *dpp, const char *cmd); 497 int dpp_configurator_remove(struct dpp_global *dpp, const char *id); 498 int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id, 499 char *buf, size_t buflen); 500 struct dpp_global * dpp_global_init(void); 501 void dpp_global_clear(struct dpp_global *dpp); 502 void dpp_global_deinit(struct dpp_global *dpp); 503 504 #endif /* CONFIG_DPP */ 505 #endif /* DPP_H */ 506
