1 /* 2 * DPP functionality shared between hostapd and wpa_supplicant 3 * Copyright (c) 2017, Qualcomm Atheros, Inc. 4 * Copyright (c) 2018-2020, The Linux Foundation 5 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #ifndef DPP_H 12 #define DPP_H 13 14 #ifdef CONFIG_DPP 15 #include "utils/list.h" 16 #include "common/wpa_common.h" 17 #include "crypto/sha256.h" 18 #include "crypto/crypto.h" 19 20 struct hostapd_ip_addr; 21 struct dpp_global; 22 struct json_token; 23 struct dpp_reconfig_id; 24 25 #ifdef CONFIG_TESTING_OPTIONS 26 #define DPP_VERSION (dpp_version_override) 27 extern int dpp_version_override; 28 #else /* CONFIG_TESTING_OPTIONS */ 29 #ifdef CONFIG_DPP3 30 #define DPP_VERSION 3 31 #elif defined(CONFIG_DPP2) 32 #define DPP_VERSION 2 33 #else 34 #define DPP_VERSION 1 35 #endif 36 #endif /* CONFIG_TESTING_OPTIONS */ 37 38 #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */ 39 #define DPP_TCP_PORT 8908 40 41 enum dpp_public_action_frame_type { 42 DPP_PA_AUTHENTICATION_REQ = 0, 43 DPP_PA_AUTHENTICATION_RESP = 1, 44 DPP_PA_AUTHENTICATION_CONF = 2, 45 DPP_PA_PEER_DISCOVERY_REQ = 5, 46 DPP_PA_PEER_DISCOVERY_RESP = 6, 47 DPP_PA_PKEX_V1_EXCHANGE_REQ = 7, 48 DPP_PA_PKEX_EXCHANGE_RESP = 8, 49 DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9, 50 DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10, 51 DPP_PA_CONFIGURATION_RESULT = 11, 52 DPP_PA_CONNECTION_STATUS_RESULT = 12, 53 DPP_PA_PRESENCE_ANNOUNCEMENT = 13, 54 DPP_PA_RECONFIG_ANNOUNCEMENT = 14, 55 DPP_PA_RECONFIG_AUTH_REQ = 15, 56 DPP_PA_RECONFIG_AUTH_RESP = 16, 57 DPP_PA_RECONFIG_AUTH_CONF = 17, 58 DPP_PA_PKEX_EXCHANGE_REQ = 18, 59 DPP_PA_PB_PRESENCE_ANNOUNCEMENT = 19, 60 DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP = 20, 61 DPP_PA_PRIV_PEER_INTRO_QUERY = 21, 62 DPP_PA_PRIV_PEER_INTRO_NOTIFY = 22, 63 DPP_PA_PRIV_PEER_INTRO_UPDATE = 23, 64 }; 65 66 enum dpp_attribute_id { 67 DPP_ATTR_STATUS = 0x1000, 68 DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001, 69 DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002, 70 DPP_ATTR_I_PROTOCOL_KEY = 0x1003, 71 DPP_ATTR_WRAPPED_DATA = 0x1004, 72 DPP_ATTR_I_NONCE = 0x1005, 73 DPP_ATTR_I_CAPABILITIES = 0x1006, 74 DPP_ATTR_R_NONCE = 0x1007, 75 DPP_ATTR_R_CAPABILITIES = 0x1008, 76 DPP_ATTR_R_PROTOCOL_KEY = 0x1009, 77 DPP_ATTR_I_AUTH_TAG = 0x100A, 78 DPP_ATTR_R_AUTH_TAG = 0x100B, 79 DPP_ATTR_CONFIG_OBJ = 0x100C, 80 DPP_ATTR_CONNECTOR = 0x100D, 81 DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E, 82 DPP_ATTR_BOOTSTRAP_KEY = 0x100F, 83 DPP_ATTR_OWN_NET_NK_HASH = 0x1011, 84 DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012, 85 DPP_ATTR_ENCRYPTED_KEY = 0x1013, 86 DPP_ATTR_ENROLLEE_NONCE = 0x1014, 87 DPP_ATTR_CODE_IDENTIFIER = 0x1015, 88 DPP_ATTR_TRANSACTION_ID = 0x1016, 89 DPP_ATTR_BOOTSTRAP_INFO = 0x1017, 90 DPP_ATTR_CHANNEL = 0x1018, 91 DPP_ATTR_PROTOCOL_VERSION = 0x1019, 92 DPP_ATTR_ENVELOPED_DATA = 0x101A, 93 DPP_ATTR_SEND_CONN_STATUS = 0x101B, 94 DPP_ATTR_CONN_STATUS = 0x101C, 95 DPP_ATTR_RECONFIG_FLAGS = 0x101D, 96 DPP_ATTR_C_SIGN_KEY_HASH = 0x101E, 97 DPP_ATTR_CSR_ATTR_REQ = 0x101F, 98 DPP_ATTR_A_NONCE = 0x1020, 99 DPP_ATTR_E_PRIME_ID = 0x1021, 100 DPP_ATTR_CONFIGURATOR_NONCE = 0x1022, 101 }; 102 103 enum dpp_status_error { 104 DPP_STATUS_OK = 0, 105 DPP_STATUS_NOT_COMPATIBLE = 1, 106 DPP_STATUS_AUTH_FAILURE = 2, 107 DPP_STATUS_UNWRAP_FAILURE = 3, 108 DPP_STATUS_BAD_GROUP = 4, 109 DPP_STATUS_CONFIGURE_FAILURE = 5, 110 DPP_STATUS_RESPONSE_PENDING = 6, 111 DPP_STATUS_INVALID_CONNECTOR = 7, 112 DPP_STATUS_NO_MATCH = 8, 113 DPP_STATUS_CONFIG_REJECTED = 9, 114 DPP_STATUS_NO_AP = 10, 115 DPP_STATUS_CONFIGURE_PENDING = 11, 116 DPP_STATUS_CSR_NEEDED = 12, 117 DPP_STATUS_CSR_BAD = 13, 118 DPP_STATUS_NEW_KEY_NEEDED = 14, 119 }; 120 121 /* DPP Reconfig Flags object - connectorKey values */ 122 enum dpp_connector_key { 123 DPP_CONFIG_REUSEKEY = 0, 124 DPP_CONFIG_REPLACEKEY = 1, 125 }; 126 127 #define DPP_CAPAB_ENROLLEE BIT(0) 128 #define DPP_CAPAB_CONFIGURATOR BIT(1) 129 #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1)) 130 131 #define DPP_BOOTSTRAP_MAX_FREQ 30 132 #define DPP_MAX_NONCE_LEN 32 133 #define DPP_MAX_HASH_LEN 64 134 #define DPP_MAX_SHARED_SECRET_LEN 66 135 #define DPP_CP_LEN 64 136 137 /* DPP Configuration Request - Enrollee Capabilities */ 138 #define DPP_ENROLLEE_CAPAB_SAE_PW_ID BIT(0) 139 140 struct dpp_curve_params { 141 const char *name; 142 size_t hash_len; 143 size_t aes_siv_key_len; 144 size_t nonce_len; 145 size_t prime_len; 146 const char *jwk_crv; 147 u16 ike_group; 148 const char *jws_alg; 149 }; 150 151 enum dpp_bootstrap_type { 152 DPP_BOOTSTRAP_QR_CODE, 153 DPP_BOOTSTRAP_PKEX, 154 DPP_BOOTSTRAP_NFC_URI, 155 }; 156 157 enum dpp_bootstrap_supported_curves { 158 DPP_BOOTSTRAP_CURVE_P_256 = 0, 159 DPP_BOOTSTRAP_CURVE_P_384 = 1, 160 DPP_BOOTSTRAP_CURVE_P_521 = 2, 161 DPP_BOOTSTRAP_CURVE_BP_256 = 3, 162 DPP_BOOTSTRAP_CURVE_BP_384 = 4, 163 DPP_BOOTSTRAP_CURVE_BP_512 = 5, 164 }; 165 166 struct dpp_bootstrap_info { 167 struct dl_list list; 168 unsigned int id; 169 enum dpp_bootstrap_type type; 170 char *uri; 171 u8 mac_addr[ETH_ALEN]; 172 char *chan; 173 char *info; 174 struct hostapd_ip_addr *host; 175 unsigned int port; 176 char *pk; 177 unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 178 unsigned int num_freq; 179 bool channels_listed; 180 u8 version; 181 u8 supported_curves; /* enum dpp_bootstrap_supported_curves bitmap */ 182 int own; 183 struct crypto_ec_key *pubkey; 184 u8 pubkey_hash[SHA256_MAC_LEN]; 185 u8 pubkey_hash_chirp[SHA256_MAC_LEN]; 186 const struct dpp_curve_params *curve; 187 unsigned int pkex_t; /* number of failures before dpp_pkex 188 * instantiation */ 189 int nfc_negotiated; /* whether this has been used in NFC negotiated 190 * connection handover */ 191 char *configurator_params; 192 u8 peer_pubkey_hash[SHA256_MAC_LEN]; /* for enforcing a specific 193 * peer bootstrapping key with 194 * PKEX */ 195 }; 196 197 #define PKEX_COUNTER_T_LIMIT 5 198 199 enum dpp_pkex_ver { 200 PKEX_VER_AUTO, 201 PKEX_VER_ONLY_1, 202 PKEX_VER_ONLY_2, 203 }; 204 205 struct dpp_pkex { 206 void *msg_ctx; 207 unsigned int initiator:1; 208 unsigned int exchange_done:1; 209 unsigned int failed:1; 210 unsigned int v2:1; 211 unsigned int forced_ver:1; 212 struct dpp_bootstrap_info *own_bi; 213 u8 own_mac[ETH_ALEN]; 214 u8 peer_mac[ETH_ALEN]; 215 char *identifier; 216 char *code; 217 size_t code_len; 218 struct crypto_ec_key *x; 219 struct crypto_ec_key *y; 220 u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 221 u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 222 u8 z[DPP_MAX_HASH_LEN]; 223 struct crypto_ec_key *peer_bootstrap_key; 224 struct wpabuf *exchange_req; 225 struct wpabuf *exchange_resp; 226 unsigned int t; /* number of failures on code use */ 227 unsigned int exch_req_wait_time; 228 unsigned int exch_req_tries; 229 unsigned int freq; 230 u8 peer_version; 231 struct wpabuf *enc_key; 232 }; 233 234 enum dpp_akm { 235 DPP_AKM_UNKNOWN, 236 DPP_AKM_DPP, 237 DPP_AKM_PSK, 238 DPP_AKM_SAE, 239 DPP_AKM_PSK_SAE, 240 DPP_AKM_SAE_DPP, 241 DPP_AKM_PSK_SAE_DPP, 242 DPP_AKM_DOT1X, 243 }; 244 245 enum dpp_netrole { 246 DPP_NETROLE_STA, 247 DPP_NETROLE_AP, 248 DPP_NETROLE_CONFIGURATOR, 249 }; 250 251 struct dpp_configuration { 252 u8 ssid[32]; 253 size_t ssid_len; 254 int ssid_charset; 255 enum dpp_akm akm; 256 enum dpp_netrole netrole; 257 258 /* For DPP configuration (connector) */ 259 os_time_t netaccesskey_expiry; 260 261 /* TODO: groups */ 262 char *group_id; 263 264 /* For legacy configuration */ 265 char *passphrase; 266 char *idpass; 267 u8 psk[32]; 268 int psk_set; 269 270 char *csrattrs; 271 char *extra_name; 272 char *extra_value; 273 }; 274 275 struct dpp_asymmetric_key { 276 struct dpp_asymmetric_key *next; 277 struct crypto_ec_key *csign; 278 struct crypto_ec_key *pp_key; 279 char *config_template; 280 char *connector_template; 281 }; 282 283 #define DPP_MAX_CONF_OBJ 10 284 #define DPP_MAX_CHANNELS 32 285 286 struct dpp_authentication { 287 struct dpp_global *global; 288 void *msg_ctx; 289 u8 peer_version; 290 const struct dpp_curve_params *curve; 291 const struct dpp_curve_params *new_curve; 292 struct dpp_bootstrap_info *peer_bi; 293 struct dpp_bootstrap_info *own_bi; 294 struct dpp_bootstrap_info *tmp_own_bi; 295 struct dpp_bootstrap_info *tmp_peer_bi; 296 u8 waiting_pubkey_hash[SHA256_MAC_LEN]; 297 int response_pending; 298 int reconfig; 299 enum dpp_connector_key reconfig_connector_key; 300 enum dpp_status_error auth_resp_status; 301 enum dpp_status_error conf_resp_status; 302 enum dpp_status_error force_conf_resp_status; 303 enum dpp_status_error conn_result_status; 304 u8 peer_mac_addr[ETH_ALEN]; 305 u8 i_nonce[DPP_MAX_NONCE_LEN]; 306 u8 r_nonce[DPP_MAX_NONCE_LEN]; 307 u8 e_nonce[DPP_MAX_NONCE_LEN]; 308 u8 c_nonce[DPP_MAX_NONCE_LEN]; 309 u8 i_capab; 310 u8 r_capab; 311 enum dpp_netrole e_netrole; 312 struct crypto_ec_key *own_protocol_key; 313 struct crypto_ec_key *peer_protocol_key; 314 struct crypto_ec_key *reconfig_old_protocol_key; 315 struct wpabuf *req_msg; 316 struct wpabuf *resp_msg; 317 struct wpabuf *reconfig_req_msg; 318 struct wpabuf *reconfig_resp_msg; 319 /* Intersection of possible frequencies for initiating DPP 320 * Authentication exchange */ 321 unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; 322 unsigned int num_freq, freq_idx; 323 unsigned int curr_freq; 324 unsigned int neg_freq; 325 unsigned int num_freq_iters; 326 size_t secret_len; 327 u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; 328 size_t Mx_len; 329 u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; 330 size_t Nx_len; 331 u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; 332 size_t Lx_len; 333 u8 k1[DPP_MAX_HASH_LEN]; 334 u8 k2[DPP_MAX_HASH_LEN]; 335 u8 ke[DPP_MAX_HASH_LEN]; 336 u8 bk[DPP_MAX_HASH_LEN]; 337 int initiator; 338 int waiting_auth_resp; 339 int waiting_auth_conf; 340 int auth_req_ack; 341 unsigned int auth_resp_tries; 342 u8 allowed_roles; 343 int configurator; 344 int remove_on_tx_status; 345 int connect_on_tx_status; 346 int waiting_conf_result; 347 int waiting_conn_status_result; 348 int tx_conn_status_result_started; 349 int auth_success; 350 bool reconfig_success; 351 struct wpabuf *conf_req; 352 const struct wpabuf *conf_resp; /* owned by GAS server */ 353 struct wpabuf *conf_resp_tcp; 354 struct dpp_configuration *conf_ap; 355 struct dpp_configuration *conf2_ap; 356 struct dpp_configuration *conf_sta; 357 struct dpp_configuration *conf2_sta; 358 int provision_configurator; 359 struct dpp_configurator *conf; 360 struct dpp_config_obj { 361 char *connector; /* received signedConnector */ 362 u8 ssid[SSID_MAX_LEN]; 363 u8 ssid_len; 364 int ssid_charset; 365 char passphrase[64]; 366 #ifdef CONFIG_DPP3 367 char password_id[64]; 368 #endif /* CONFIG_DPP3 */ 369 u8 psk[PMK_LEN]; 370 int psk_set; 371 enum dpp_akm akm; 372 struct wpabuf *c_sign_key; 373 struct wpabuf *certbag; 374 struct wpabuf *certs; 375 struct wpabuf *cacert; 376 char *server_name; 377 struct wpabuf *pp_key; 378 } conf_obj[DPP_MAX_CONF_OBJ]; 379 unsigned int num_conf_obj; 380 struct dpp_asymmetric_key *conf_key_pkg; 381 struct wpabuf *net_access_key; 382 os_time_t net_access_key_expiry; 383 int send_conn_status; 384 int conn_status_requested; 385 int akm_use_selector; 386 int configurator_set; 387 u8 transaction_id; 388 u8 *csrattrs; 389 size_t csrattrs_len; 390 bool waiting_csr; 391 struct wpabuf *csr; 392 struct wpabuf *priv_key; /* DER-encoded private key used for csr */ 393 bool waiting_cert; 394 char *trusted_eap_server_name; 395 struct wpabuf *cacert; 396 struct wpabuf *certbag; 397 bool waiting_new_key; 398 bool new_key_received; 399 void *config_resp_ctx; 400 void *gas_server_ctx; 401 bool use_config_query; 402 bool waiting_config; 403 char *e_name; 404 char *e_mud_url; 405 int *e_band_support; 406 unsigned int enrollee_capabilities; 407 #ifdef CONFIG_TESTING_OPTIONS 408 char *config_obj_override; 409 char *discovery_override; 410 char *groups_override; 411 unsigned int ignore_netaccesskey_mismatch:1; 412 #endif /* CONFIG_TESTING_OPTIONS */ 413 unsigned short band_list[DPP_MAX_CHANNELS]; 414 int band_list_size; 415 }; 416 417 struct dpp_configurator { 418 struct dl_list list; 419 unsigned int id; 420 int own; 421 struct crypto_ec_key *csign; 422 u8 kid_hash[SHA256_MAC_LEN]; 423 char *kid; 424 const struct dpp_curve_params *curve; 425 const struct dpp_curve_params *net_access_key_curve; 426 char *connector; /* own Connector for reconfiguration */ 427 struct crypto_ec_key *connector_key; 428 struct crypto_ec_key *pp_key; 429 }; 430 431 struct dpp_introduction { 432 u8 pmkid[PMKID_LEN]; 433 u8 pmk[PMK_LEN_MAX]; 434 size_t pmk_len; 435 int peer_version; 436 struct crypto_ec_key *peer_key; 437 enum hpke_kem_id kem_id; 438 enum hpke_kdf_id kdf_id; 439 enum hpke_aead_id aead_id; 440 }; 441 442 struct dpp_relay_config { 443 const struct hostapd_ip_addr *ipaddr; 444 const u8 *pkhash; 445 446 void *msg_ctx; 447 void *cb_ctx; 448 void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, 449 size_t len); 450 void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, int prot, 451 struct wpabuf *buf); 452 }; 453 454 struct dpp_controller_config { 455 const char *configurator_params; 456 int tcp_port; 457 u8 allowed_roles; 458 int qr_mutual; 459 enum dpp_netrole netrole; 460 void *msg_ctx; 461 void *cb_ctx; 462 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 463 bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth); 464 }; 465 466 #define DPP_PB_INFO_COUNT 2 467 468 struct dpp_pb_info { 469 u8 hash[SHA256_MAC_LEN]; 470 struct os_reltime rx_time; 471 }; 472 473 #ifdef CONFIG_TESTING_OPTIONS 474 enum dpp_test_behavior { 475 DPP_TEST_DISABLED = 0, 476 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1, 477 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2, 478 DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3, 479 DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4, 480 DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5, 481 DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6, 482 DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7, 483 DPP_TEST_ZERO_I_CAPAB = 8, 484 DPP_TEST_ZERO_R_CAPAB = 9, 485 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10, 486 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11, 487 DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12, 488 DPP_TEST_NO_I_NONCE_AUTH_REQ = 13, 489 DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14, 490 DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15, 491 DPP_TEST_NO_STATUS_AUTH_RESP = 16, 492 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17, 493 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18, 494 DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19, 495 DPP_TEST_NO_R_NONCE_AUTH_RESP = 20, 496 DPP_TEST_NO_I_NONCE_AUTH_RESP = 21, 497 DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22, 498 DPP_TEST_NO_R_AUTH_AUTH_RESP = 23, 499 DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24, 500 DPP_TEST_NO_STATUS_AUTH_CONF = 25, 501 DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26, 502 DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27, 503 DPP_TEST_NO_I_AUTH_AUTH_CONF = 28, 504 DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29, 505 DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30, 506 DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31, 507 DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32, 508 DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33, 509 DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34, 510 DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35, 511 DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36, 512 DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37, 513 DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38, 514 DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39, 515 DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40, 516 DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41, 517 DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42, 518 DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43, 519 DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44, 520 DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45, 521 DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46, 522 DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47, 523 DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48, 524 DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49, 525 DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50, 526 DPP_TEST_NO_E_NONCE_CONF_REQ = 51, 527 DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52, 528 DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53, 529 DPP_TEST_NO_E_NONCE_CONF_RESP = 54, 530 DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55, 531 DPP_TEST_NO_STATUS_CONF_RESP = 56, 532 DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57, 533 DPP_TEST_INVALID_STATUS_CONF_RESP = 58, 534 DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59, 535 DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60, 536 DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61, 537 DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62, 538 DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63, 539 DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64, 540 DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65, 541 DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66, 542 DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67, 543 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68, 544 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69, 545 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70, 546 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71, 547 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72, 548 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73, 549 DPP_TEST_INVALID_STATUS_AUTH_RESP = 74, 550 DPP_TEST_INVALID_STATUS_AUTH_CONF = 75, 551 DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76, 552 DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77, 553 DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78, 554 DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79, 555 DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80, 556 DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81, 557 DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82, 558 DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83, 559 DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84, 560 DPP_TEST_STOP_AT_PKEX_CR_REQ = 85, 561 DPP_TEST_STOP_AT_PKEX_CR_RESP = 86, 562 DPP_TEST_STOP_AT_AUTH_REQ = 87, 563 DPP_TEST_STOP_AT_AUTH_RESP = 88, 564 DPP_TEST_STOP_AT_AUTH_CONF = 89, 565 DPP_TEST_STOP_AT_CONF_REQ = 90, 566 DPP_TEST_REJECT_CONFIG = 91, 567 DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ = 92, 568 DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_RESP = 93, 569 DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ = 94, 570 DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_RESP = 95, 571 DPP_TEST_INVALID_PROTOCOL_VERSION_RECONFIG_AUTH_REQ = 96, 572 DPP_TEST_NO_PROTOCOL_VERSION_RECONFIG_AUTH_REQ = 97, 573 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ = 98, 574 DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_PB_RESP = 99, 575 DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_RESP = 100, 576 }; 577 578 extern enum dpp_test_behavior dpp_test; 579 extern u8 dpp_pkex_own_mac_override[ETH_ALEN]; 580 extern u8 dpp_pkex_peer_mac_override[ETH_ALEN]; 581 extern u8 dpp_pkex_ephemeral_key_override[600]; 582 extern size_t dpp_pkex_ephemeral_key_override_len; 583 extern u8 dpp_protocol_key_override[600]; 584 extern size_t dpp_protocol_key_override_len; 585 extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN]; 586 extern size_t dpp_nonce_override_len; 587 #endif /* CONFIG_TESTING_OPTIONS */ 588 589 void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); 590 const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type); 591 int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, 592 const char *chan_list); 593 int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); 594 int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); 595 int dpp_nfc_update_bi(struct dpp_bootstrap_info *own_bi, 596 struct dpp_bootstrap_info *peer_bi); 597 const char * dpp_netrole_str(enum dpp_netrole netrole); 598 struct dpp_authentication * 599 dpp_alloc_auth(struct dpp_global *dpp, void *msg_ctx); 600 struct hostapd_hw_modes; 601 struct dpp_authentication * dpp_auth_init(struct dpp_global *dpp, void *msg_ctx, 602 struct dpp_bootstrap_info *peer_bi, 603 struct dpp_bootstrap_info *own_bi, 604 u8 dpp_allowed_roles, 605 unsigned int neg_freq, 606 struct hostapd_hw_modes *own_modes, 607 u16 num_modes); 608 struct dpp_authentication * 609 dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles, 610 int qr_mutual, struct dpp_bootstrap_info *peer_bi, 611 struct dpp_bootstrap_info *own_bi, 612 unsigned int freq, const u8 *hdr, const u8 *attr_start, 613 size_t attr_len); 614 struct wpabuf * 615 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, 616 const u8 *attr_start, size_t attr_len); 617 struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, 618 const char *json); 619 struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, 620 const char *name, 621 enum dpp_netrole netrole, 622 const char *mud_url, int *opclasses, 623 const char *extra_name, 624 const char *extra_value); 625 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, 626 const u8 *attr_start, size_t attr_len); 627 int dpp_notify_new_qr_code(struct dpp_authentication *auth, 628 struct dpp_bootstrap_info *peer_bi); 629 void dpp_controller_pkex_add(struct dpp_global *dpp, 630 struct dpp_bootstrap_info *bi, 631 const char *code, const char *identifier); 632 bool dpp_controller_is_own_pkex_req(struct dpp_global *dpp, 633 const u8 *buf, size_t len); 634 struct dpp_configuration * dpp_configuration_alloc(const char *type); 635 int dpp_akm_psk(enum dpp_akm akm); 636 int dpp_akm_sae(enum dpp_akm akm); 637 int dpp_akm_legacy(enum dpp_akm akm); 638 int dpp_akm_dpp(enum dpp_akm akm); 639 int dpp_akm_ver2(enum dpp_akm akm); 640 int dpp_configuration_valid(const struct dpp_configuration *conf); 641 void dpp_configuration_free(struct dpp_configuration *conf); 642 int dpp_set_configurator(struct dpp_authentication *auth, const char *cmd); 643 void dpp_auth_deinit(struct dpp_authentication *auth); 644 struct wpabuf * 645 dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce, 646 u16 e_nonce_len, enum dpp_netrole netrole, 647 bool cert_req); 648 struct wpabuf * 649 dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, 650 size_t attr_len); 651 int dpp_conf_resp_rx(struct dpp_authentication *auth, 652 const struct wpabuf *resp); 653 enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth, 654 const u8 *hdr, 655 const u8 *attr_start, size_t attr_len); 656 struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, 657 enum dpp_status_error status); 658 enum dpp_status_error dpp_conn_status_result_rx(struct dpp_authentication *auth, 659 const u8 *hdr, 660 const u8 *attr_start, 661 size_t attr_len, 662 u8 *ssid, size_t *ssid_len, 663 char **channel_list); 664 struct wpabuf * dpp_build_conn_status_result(struct dpp_authentication *auth, 665 enum dpp_status_error result, 666 const u8 *ssid, size_t ssid_len, 667 const char *channel_list); 668 struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, 669 size_t len); 670 const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); 671 int dpp_check_attrs(const u8 *buf, size_t len); 672 int dpp_key_expired(const char *timestamp, os_time_t *expiry); 673 const char * dpp_akm_str(enum dpp_akm akm); 674 const char * dpp_akm_selector_str(enum dpp_akm akm); 675 int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, 676 size_t buflen); 677 void dpp_configurator_free(struct dpp_configurator *conf); 678 int dpp_configurator_own_config(struct dpp_authentication *auth, 679 const char *curve, int ap); 680 enum dpp_status_error 681 dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, 682 const u8 *net_access_key, size_t net_access_key_len, 683 const u8 *csign_key, size_t csign_key_len, 684 const u8 *peer_connector, size_t peer_connector_len, 685 os_time_t *expiry, u8 *peer_key_hash); 686 void dpp_peer_intro_deinit(struct dpp_introduction *intro); 687 int dpp_get_connector_version(const char *connector); 688 struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, 689 const u8 *own_mac, 690 const char *identifier, const char *code, 691 size_t code_len, bool v2); 692 struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, 693 struct dpp_bootstrap_info *bi, 694 const u8 *own_mac, 695 const u8 *peer_mac, 696 const char *identifier, 697 const char *code, size_t code_len, 698 const u8 *buf, size_t len, bool v2); 699 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, 700 const u8 *peer_mac, 701 const u8 *buf, size_t len); 702 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, 703 const u8 *hdr, 704 const u8 *buf, size_t len); 705 int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr, 706 const u8 *buf, size_t len); 707 void dpp_pkex_free(struct dpp_pkex *pkex); 708 709 char * dpp_corrupt_connector_signature(const char *connector); 710 711 712 struct dpp_pfs { 713 struct crypto_ecdh *ecdh; 714 const struct dpp_curve_params *curve; 715 struct wpabuf *ie; 716 struct wpabuf *secret; 717 }; 718 719 struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, 720 size_t net_access_key_len); 721 int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len); 722 void dpp_pfs_free(struct dpp_pfs *pfs); 723 724 struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve, 725 const u8 *privkey, size_t privkey_len); 726 int dpp_hpke_suite(int iana_group, enum hpke_kem_id *kem_id, 727 enum hpke_kdf_id *kdf_id, enum hpke_aead_id *aead_id); 728 729 struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, 730 const char *name); 731 int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr); 732 733 struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, 734 const char *uri); 735 struct dpp_bootstrap_info * dpp_add_nfc_uri(struct dpp_global *dpp, 736 const char *uri); 737 int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd); 738 struct dpp_bootstrap_info * 739 dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id); 740 int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id); 741 struct dpp_bootstrap_info * 742 dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer, 743 unsigned int freq); 744 const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id); 745 int dpp_bootstrap_info(struct dpp_global *dpp, int id, 746 char *reply, int reply_size); 747 int dpp_bootstrap_set(struct dpp_global *dpp, int id, const char *params); 748 void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap, 749 const u8 *r_bootstrap, 750 struct dpp_bootstrap_info **own_bi, 751 struct dpp_bootstrap_info **peer_bi); 752 struct dpp_bootstrap_info * dpp_bootstrap_find_chirp(struct dpp_global *dpp, 753 const u8 *hash); 754 int dpp_configurator_add(struct dpp_global *dpp, const char *cmd); 755 int dpp_configurator_set(struct dpp_global *dpp, const char *cmd); 756 int dpp_configurator_remove(struct dpp_global *dpp, const char *id); 757 int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id, 758 char *buf, size_t buflen); 759 int dpp_configurator_from_backup(struct dpp_global *dpp, 760 struct dpp_asymmetric_key *key); 761 struct dpp_configurator * dpp_configurator_find_kid(struct dpp_global *dpp, 762 const u8 *kid); 763 int dpp_relay_add_controller(struct dpp_global *dpp, 764 struct dpp_relay_config *config); 765 void dpp_relay_remove_controller(struct dpp_global *dpp, 766 const struct hostapd_ip_addr *addr); 767 int dpp_relay_listen(struct dpp_global *dpp, int port, 768 struct dpp_relay_config *config); 769 void dpp_relay_stop_listen(struct dpp_global *dpp); 770 int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, 771 const u8 *buf, size_t len, unsigned int freq, 772 const u8 *i_bootstrap, const u8 *r_bootstrap, 773 void *cb_ctx); 774 int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, 775 size_t data_len); 776 bool dpp_relay_controller_available(struct dpp_global *dpp); 777 int dpp_controller_start(struct dpp_global *dpp, 778 struct dpp_controller_config *config); 779 int dpp_controller_set_params(struct dpp_global *dpp, 780 const char *configurator_params); 781 void dpp_controller_stop(struct dpp_global *dpp); 782 void dpp_controller_stop_for_ctx(struct dpp_global *dpp, void *cb_ctx); 783 struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp, 784 unsigned int id); 785 void dpp_controller_new_qr_code(struct dpp_global *dpp, 786 struct dpp_bootstrap_info *bi); 787 int dpp_tcp_pkex_init(struct dpp_global *dpp, struct dpp_pkex *pkex, 788 const struct hostapd_ip_addr *addr, int port, 789 void *msg_ctx, void *cb_ctx, 790 int (*pkex_done)(void *ctx, void *conn, 791 struct dpp_bootstrap_info *bi)); 792 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, 793 const struct hostapd_ip_addr *addr, int port, 794 const char *name, enum dpp_netrole netrole, 795 const char *mud_url, 796 const char *extra_conf_req_name, 797 const char *extra_conf_req_value, 798 void *msg_ctx, void *cb_ctx, 799 int (*process_conf_obj)(void *ctx, 800 struct dpp_authentication *auth), 801 bool (*tcp_msg_sent)(void *ctx, 802 struct dpp_authentication *auth)); 803 int dpp_tcp_auth(struct dpp_global *dpp, void *_conn, 804 struct dpp_authentication *auth, const char *name, 805 enum dpp_netrole netrole, const char *mud_url, 806 const char *extra_conf_req_name, 807 const char *extra_conf_req_value, 808 int (*process_conf_obj)(void *ctx, 809 struct dpp_authentication *auth), 810 bool (*tcp_msg_sent)(void *ctx, 811 struct dpp_authentication *auth)); 812 bool dpp_tcp_conn_status_requested(struct dpp_global *dpp); 813 void dpp_tcp_send_conn_status(struct dpp_global *dpp, 814 enum dpp_status_error result, 815 const u8 *ssid, size_t ssid_len, 816 const char *channel_list); 817 818 struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi); 819 void dpp_notify_chirp_received(void *msg_ctx, int id, const u8 *src, 820 unsigned int freq, const u8 *hash); 821 822 struct wpabuf * dpp_build_pb_announcement(struct dpp_bootstrap_info *bi); 823 struct wpabuf * dpp_build_pb_announcement_resp(struct dpp_bootstrap_info *bi, 824 const u8 *e_hash, 825 const u8 *c_nonce, 826 size_t c_nonce_len); 827 828 struct dpp_global_config { 829 void *cb_ctx; 830 void (*remove_bi)(void *ctx, struct dpp_bootstrap_info *bi); 831 }; 832 833 struct dpp_global * dpp_global_init(struct dpp_global_config *config); 834 void dpp_global_clear(struct dpp_global *dpp); 835 void dpp_global_deinit(struct dpp_global *dpp); 836 void dpp_notify_auth_success(struct dpp_authentication *auth, int initiator); 837 838 /* dpp_reconfig.c */ 839 840 struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, 841 size_t csign_key_len, 842 const u8 *net_access_key, 843 size_t net_access_key_len, 844 struct dpp_reconfig_id *id); 845 struct dpp_authentication * 846 dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx, 847 struct dpp_configurator *conf, unsigned int freq, u16 group, 848 const u8 *a_nonce_attr, size_t a_nonce_len, 849 const u8 *e_id_attr, size_t e_id_len); 850 struct dpp_authentication * 851 dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, 852 const char *own_connector, 853 const u8 *net_access_key, size_t net_access_key_len, 854 const u8 *csign_key, size_t csign_key_len, 855 unsigned int freq, const u8 *hdr, 856 const u8 *attr_start, size_t attr_len); 857 struct wpabuf * 858 dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, 859 const u8 *attr_start, size_t attr_len); 860 int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, 861 const u8 *attr_start, size_t attr_len); 862 863 struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key, 864 size_t csign_key_len, 865 const u8 *pp_key, 866 size_t pp_key_len); 867 int dpp_update_reconfig_id(struct dpp_reconfig_id *id); 868 void dpp_free_reconfig_id(struct dpp_reconfig_id *id); 869 int dpp_get_pubkey_hash(struct crypto_ec_key *key, u8 *hash); 870 871 #endif /* CONFIG_DPP */ 872 #endif /* DPP_H */ 873