Lines Matching refs:auth
81 struct dpp_authentication *auth;
130 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
698 static void dpp_auth_fail(struct dpp_authentication *auth, const char *txt)
700 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt);
1576 static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke,
1588 if (!auth->Mx_len || !auth->Nx_len) {
1597 nonce_len = auth->curve->nonce_len;
1598 os_memcpy(nonces, auth->i_nonce, nonce_len);
1599 os_memcpy(&nonces[nonce_len], auth->r_nonce, nonce_len);
1600 addr[num_elem] = auth->Mx;
1601 len[num_elem] = auth->Mx_len;
1603 addr[num_elem] = auth->Nx;
1604 len[num_elem] = auth->Nx_len;
1606 if (auth->peer_bi && auth->own_bi) {
1607 if (!auth->Lx_len) {
1612 addr[num_elem] = auth->Lx;
1613 len[num_elem] = auth->secret_len;
1669 static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,
1762 os_memcpy(pos, auth->i_nonce, nonce_len - 1);
1773 os_memcpy(pos, auth->i_nonce, nonce_len);
1789 auth->i_capab = auth->allowed_roles;
1790 *pos++ = auth->i_capab;
1813 if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
1841 static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
1861 auth->waiting_auth_conf = 1;
1862 auth->auth_resp_tries = 0;
1913 /* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */
1954 auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR :
1956 *pos++ = auth->r_capab;
1964 if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) ==
1968 pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :
1975 /* {R-auth}ke */
1996 if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,
2077 static int dpp_channel_intersect(struct dpp_authentication *auth,
2081 struct dpp_bootstrap_info *peer_bi = auth->peer_bi;
2086 if (freq_included(auth->freq, auth->num_freq, freq))
2089 auth->freq[auth->num_freq++] = freq;
2091 if (!auth->num_freq) {
2096 auth->curr_freq = auth->freq[0];
2101 static int dpp_channel_local_list(struct dpp_authentication *auth,
2109 auth->num_freq = 0;
2112 auth->freq[0] = 2412;
2113 auth->freq[1] = 2437;
2114 auth->freq[2] = 2462;
2115 auth->num_freq = 3;
2127 if (freq_included(auth->freq, auth->num_freq, freq))
2129 auth->freq[auth->num_freq++] = freq;
2130 if (auth->num_freq == DPP_BOOTSTRAP_MAX_FREQ) {
2137 return auth->num_freq == 0 ? -1 : 0;
2141 static int dpp_prepare_channel_list(struct dpp_authentication *auth,
2149 if (auth->peer_bi->num_freq > 0)
2150 res = dpp_channel_intersect(auth, own_modes, num_modes);
2152 res = dpp_channel_local_list(auth, own_modes, num_modes);
2158 freq_to_start(auth->freq, auth->num_freq, 2462);
2159 freq_to_start(auth->freq, auth->num_freq, 2412);
2160 freq_to_start(auth->freq, auth->num_freq, 2437);
2162 auth->freq_idx = 0;
2163 auth->curr_freq = auth->freq[0];
2167 for (i = 0; i < auth->num_freq; i++) {
2168 res = os_snprintf(pos, end - pos, " %u", auth->freq[i]);
2181 static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth)
2187 if (auth->own_bi)
2194 pk = dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0);
2208 auth->tmp_own_bi = auth->own_bi = bi;
2228 struct dpp_authentication *auth;
2237 auth = os_zalloc(sizeof(*auth));
2238 if (!auth)
2240 auth->msg_ctx = msg_ctx;
2241 auth->initiator = 1;
2242 auth->waiting_auth_resp = 1;
2243 auth->allowed_roles = dpp_allowed_roles;
2244 auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR);
2245 auth->peer_bi = peer_bi;
2246 auth->own_bi = own_bi;
2247 auth->curve = peer_bi->curve;
2249 if (dpp_autogen_bootstrap_key(auth) < 0 ||
2250 dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
2257 os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);
2259 nonce_len = auth->curve->nonce_len;
2260 if (random_get_bytes(auth->i_nonce, nonce_len)) {
2267 nonce_len = auth->curve->nonce_len;
2268 if (random_get_bytes(auth->i_nonce, nonce_len)) {
2273 wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
2281 auth->own_protocol_key = dpp_set_keypair(
2285 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2288 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2290 if (!auth->own_protocol_key)
2293 pi = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2298 if (dpp_ecdh(auth->own_protocol_key, auth->peer_bi->pubkey,
2299 auth->Mx, &secret_len) < 0)
2301 auth->secret_len = secret_len;
2304 auth->Mx, auth->secret_len);
2305 auth->Mx_len = auth->secret_len;
2307 if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
2308 auth->curve->hash_len) < 0)
2311 r_pubkey_hash = auth->peer_bi->pubkey_hash;
2312 i_pubkey_hash = auth->own_bi->pubkey_hash;
2340 pi = wpabuf_alloc(2 * auth->curve->prime_len);
2341 if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)
2346 auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash,
2348 if (!auth->req_msg)
2353 return auth;
2355 dpp_auth_deinit(auth);
2356 auth = NULL;
2361 static struct wpabuf * dpp_build_conf_req_attr(struct dpp_authentication *auth,
2372 nonce_len = auth->curve->nonce_len;
2373 if (random_get_bytes(auth->e_nonce, nonce_len)) {
2377 wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", auth->e_nonce, nonce_len);
2402 wpabuf_put_data(clear, auth->e_nonce, nonce_len - 1);
2414 wpabuf_put_data(clear, auth->e_nonce, nonce_len);
2439 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
2488 struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
2493 conf_req = dpp_build_conf_req_attr(auth, json);
2515 static void dpp_auth_success(struct dpp_authentication *auth)
2519 os_memset(auth->Mx, 0, sizeof(auth->Mx));
2520 auth->Mx_len = 0;
2521 os_memset(auth->Nx, 0, sizeof(auth->Nx));
2522 auth->Nx_len = 0;
2523 os_memset(auth->Lx, 0, sizeof(auth->Lx));
2524 auth->Lx_len = 0;
2525 os_memset(auth->k1, 0, sizeof(auth->k1));
2526 os_memset(auth->k2, 0, sizeof(auth->k2));
2528 auth->auth_success = 1;
2532 static int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
2542 /* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
2543 nonce_len = auth->curve->nonce_len;
2545 if (auth->initiator) {
2546 pix = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2547 prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
2548 if (auth->own_bi)
2549 bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
2552 brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
2554 pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
2555 prx = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2556 if (auth->peer_bi)
2557 bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
2560 brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
2565 addr[num_elem] = auth->i_nonce;
2569 addr[num_elem] = auth->r_nonce;
2595 wpa_printf(MSG_DEBUG, "DPP: R-auth hash components");
2598 res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth);
2600 wpa_hexdump(MSG_DEBUG, "DPP: R-auth", r_auth,
2601 auth->curve->hash_len);
2611 static int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth)
2621 /* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
2622 nonce_len = auth->curve->nonce_len;
2624 if (auth->initiator) {
2625 pix = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2626 prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
2627 if (auth->own_bi)
2628 bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
2631 if (!auth->peer_bi)
2633 brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
2635 pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
2636 prx = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2637 if (auth->peer_bi)
2638 bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
2641 if (!auth->own_bi)
2643 brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
2648 addr[num_elem] = auth->r_nonce;
2652 addr[num_elem] = auth->i_nonce;
2678 wpa_printf(MSG_DEBUG, "DPP: I-auth hash components");
2681 res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth);
2683 wpa_hexdump(MSG_DEBUG, "DPP: I-auth", i_auth,
2684 auth->curve->hash_len);
2694 static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
2713 BI = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
2721 bR = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
2722 pR = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key);
2743 if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
2745 wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
2746 auth->Lx_len = auth->secret_len;
2761 static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
2778 BR = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
2779 PR = EVP_PKEY_get1_EC_KEY(auth->peer_protocol_key);
2785 bI = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
2805 if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
2807 wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
2808 auth->Lx_len = auth->secret_len;
2822 static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
2838 if (!auth->own_bi)
2845 os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);
2847 nonce_len = auth->curve->nonce_len;
2848 if (random_get_bytes(auth->r_nonce, nonce_len)) {
2855 nonce_len = auth->curve->nonce_len;
2856 if (random_get_bytes(auth->r_nonce, nonce_len)) {
2861 wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
2863 EVP_PKEY_free(auth->own_protocol_key);
2870 auth->own_protocol_key = dpp_set_keypair(
2874 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2877 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2879 if (!auth->own_protocol_key)
2882 pr = dpp_get_pubkey_point(auth->own_protocol_key, 0);
2887 if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key,
2888 auth->Nx, &secret_len) < 0)
2892 auth->Nx, auth->secret_len);
2893 auth->Nx_len = auth->secret_len;
2895 if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
2896 auth->curve->hash_len) < 0)
2899 if (auth->own_bi && auth->peer_bi) {
2901 if (dpp_auth_derive_l_responder(auth) < 0)
2905 if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
2908 /* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
2910 WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);
2911 if (dpp_gen_r_auth(auth, r_auth + 4) < 0)
2915 wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch");
2916 r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
2919 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
2920 r_auth, 4 + auth->curve->hash_len,
2923 wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;
2924 wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke",
2928 r_pubkey_hash = auth->own_bi->pubkey_hash;
2929 if (auth->peer_bi)
2930 i_pubkey_hash = auth->peer_bi->pubkey_hash;
2934 i_nonce = auth->i_nonce;
2935 r_nonce = auth->r_nonce;
2968 pr = wpabuf_alloc(2 * auth->curve->prime_len);
2969 if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)
2990 msg = dpp_auth_build_resp(auth, status, pr, nonce_len,
2994 auth->k2);
2997 wpabuf_free(auth->resp_msg);
2998 auth->resp_msg = msg;
3006 static int dpp_auth_build_resp_status(struct dpp_authentication *auth,
3015 if (!auth->own_bi)
3019 r_pubkey_hash = auth->own_bi->pubkey_hash;
3020 if (auth->peer_bi)
3021 i_pubkey_hash = auth->peer_bi->pubkey_hash;
3025 i_nonce = auth->i_nonce;
3060 msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,
3062 NULL, i_nonce, NULL, 0, auth->k1);
3065 wpabuf_free(auth->resp_msg);
3066 auth->resp_msg = msg;
3089 struct dpp_authentication *auth = NULL;
3114 auth = os_zalloc(sizeof(*auth));
3115 if (!auth)
3117 auth->msg_ctx = msg_ctx;
3118 auth->peer_bi = peer_bi;
3119 auth->own_bi = own_bi;
3120 auth->curve = own_bi->curve;
3121 auth->curr_freq = freq;
3123 auth->peer_version = 1; /* default to the first version */
3129 dpp_auth_fail(auth,
3133 auth->peer_version = version[0];
3135 auth->peer_version);
3145 dpp_auth_fail(auth, "Too short Channel attribute");
3154 dpp_auth_fail(auth,
3159 if (auth->curr_freq != (unsigned int) neg_freq) {
3163 auth->curr_freq = neg_freq;
3170 dpp_auth_fail(auth,
3180 dpp_auth_fail(auth, "Invalid Initiator Protocol Key");
3185 if (dpp_ecdh(own_bi->pubkey, pi, auth->Mx, &secret_len) < 0)
3187 auth->secret_len = secret_len;
3190 auth->Mx, auth->secret_len);
3191 auth->Mx_len = auth->secret_len;
3193 if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
3194 auth->curve->hash_len) < 0)
3209 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
3212 dpp_auth_fail(auth, "AES-SIV decryption failed");
3219 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
3225 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3226 dpp_auth_fail(auth, "Missing or invalid I-nonce");
3230 os_memcpy(auth->i_nonce, i_nonce, i_nonce_len);
3236 dpp_auth_fail(auth, "Missing or invalid I-capabilities");
3239 auth->i_capab = i_capab[0];
3240 wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab);
3245 switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) {
3253 auth->configurator = 1;
3262 auth->configurator = 0;
3267 auth->configurator = 0;
3270 auth->configurator = 1;
3279 wpa_msg(auth->msg_ctx, MSG_INFO,
3281 auth->i_capab & DPP_CAPAB_ROLE_MASK);
3285 auth->peer_protocol_key = pi;
3292 if (dpp_auth_build_resp_status(auth,
3299 auth->response_pending = 1;
3300 os_memcpy(auth->waiting_pubkey_hash,
3308 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE
3310 return auth;
3312 if (dpp_auth_build_resp_ok(auth) < 0)
3315 return auth;
3318 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
3319 "i-capab=0x%02x", auth->i_capab);
3321 auth->configurator = 1;
3323 auth->configurator = 0;
3324 auth->peer_protocol_key = pi;
3326 if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0)
3329 auth->remove_on_tx_status = 1;
3330 return auth;
3335 dpp_auth_deinit(auth);
3340 int dpp_notify_new_qr_code(struct dpp_authentication *auth,
3343 if (!auth || !auth->response_pending ||
3344 os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash,
3350 MACSTR, MAC2STR(auth->peer_mac_addr));
3351 auth->peer_bi = peer_bi;
3353 if (dpp_auth_build_resp_ok(auth) < 0)
3360 static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth,
3380 i_auth_len = 4 + auth->curve->hash_len;
3381 r_nonce_len = 4 + auth->curve->nonce_len;
3395 r_pubkey_hash = auth->peer_bi->pubkey_hash;
3396 if (auth->own_bi)
3397 i_pubkey_hash = auth->own_bi->pubkey_hash;
3468 /* I-auth wrapped with ke */
3478 /* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |]
3481 WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);
3482 if (dpp_gen_i_auth(auth, i_auth + 4) < 0)
3487 wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch");
3488 i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
3492 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
3496 wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke",
3505 WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);
3506 os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);
3508 if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,
3528 dpp_auth_success(auth);
3539 dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,
3561 dpp_auth_fail(auth, "Responder reported failure");
3577 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
3580 dpp_auth_fail(auth, "AES-SIV decryption failed");
3587 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
3593 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3594 dpp_auth_fail(auth, "Missing or invalid I-nonce");
3598 if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
3599 dpp_auth_fail(auth, "I-nonce mismatch");
3607 dpp_auth_fail(auth, "Missing or invalid R-capabilities");
3610 auth->r_capab = r_capab[0];
3611 wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
3613 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
3614 "r-capab=0x%02x", auth->r_capab);
3616 u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
3618 if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
3619 (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
3620 wpa_msg(auth->msg_ctx, MSG_INFO,
3626 wpa_msg(auth->msg_ctx, MSG_INFO,
3628 auth->tmp_own_bi ? auth->tmp_own_bi->uri : "");
3637 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
3666 if (!auth->initiator || !auth->peer_bi) {
3667 dpp_auth_fail(auth, "Unexpected Authentication Response");
3671 auth->waiting_auth_resp = 0;
3676 dpp_auth_fail(auth,
3689 dpp_auth_fail(auth,
3695 if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash,
3697 dpp_auth_fail(auth,
3701 auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
3710 dpp_auth_fail(auth,
3717 if (!auth->own_bi ||
3718 os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash,
3720 dpp_auth_fail(auth,
3724 } else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) {
3726 dpp_auth_fail(auth,
3731 auth->peer_version = 1; /* default to the first version */
3737 dpp_auth_fail(auth,
3741 auth->peer_version = version[0];
3743 auth->peer_version);
3750 dpp_auth_fail(auth,
3755 auth->auth_resp_status = status[0];
3757 dpp_auth_resp_rx_status(auth, hdr, attr_start,
3763 if (!i_bootstrap && auth->own_bi) {
3766 auth->own_bi = NULL;
3769 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_DIRECTION "mutual=%d",
3770 auth->own_bi != NULL);
3775 dpp_auth_fail(auth,
3783 pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len);
3785 dpp_auth_fail(auth, "Invalid Responder Protocol Key");
3790 if (dpp_ecdh(auth->own_protocol_key, pr, auth->Nx, &secret_len) < 0) {
3791 dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
3794 EVP_PKEY_free(auth->peer_protocol_key);
3795 auth->peer_protocol_key = pr;
3799 auth->Nx, auth->secret_len);
3800 auth->Nx_len = auth->secret_len;
3802 if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
3803 auth->curve->hash_len) < 0)
3818 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
3821 dpp_auth_fail(auth, "AES-SIV decryption failed");
3828 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
3834 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
3835 dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
3839 os_memcpy(auth->r_nonce, r_nonce, r_nonce_len);
3843 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3844 dpp_auth_fail(auth, "Missing or invalid I-nonce");
3848 if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
3849 dpp_auth_fail(auth, "I-nonce mismatch");
3853 if (auth->own_bi) {
3855 if (dpp_auth_derive_l_initiator(auth) < 0)
3863 dpp_auth_fail(auth, "Missing or invalid R-capabilities");
3866 auth->r_capab = r_capab[0];
3867 wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
3868 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
3869 if ((auth->allowed_roles ==
3874 auth->configurator = role == DPP_CAPAB_ENROLLEE;
3876 auth->configurator ? "Configurator" : "Enrollee");
3877 } else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
3878 (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
3880 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
3887 auth->remove_on_tx_status = 1;
3888 return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE);
3894 dpp_auth_fail(auth,
3902 if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
3909 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
3912 dpp_auth_fail(auth, "AES-SIV decryption failed");
3919 dpp_auth_fail(auth,
3926 if (!r_auth || r_auth_len != auth->curve->hash_len) {
3927 dpp_auth_fail(auth,
3933 /* R-auth' = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
3934 if (dpp_gen_r_auth(auth, r_auth2) < 0)
3939 dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag");
3942 auth->remove_on_tx_status = 1;
3943 return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE);
3953 if (dpp_auth_build_resp_ok(auth) < 0)
3955 return wpabuf_dup(auth->resp_msg);
3959 return dpp_auth_build_conf(auth, DPP_STATUS_OK);
3969 static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth,
3997 dpp_auth_fail(auth, "Authentication failed");
4000 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
4003 dpp_auth_fail(auth, "AES-SIV decryption failed");
4010 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
4016 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
4017 dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
4020 if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) {
4024 auth->r_nonce, r_nonce_len);
4025 dpp_auth_fail(auth, "R-nonce mismatch");
4030 dpp_auth_fail(auth, "Peer reported incompatible R-capab role");
4032 dpp_auth_fail(auth, "Peer reported authentication failure)");
4040 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
4060 if (auth->initiator || !auth->own_bi) {
4061 dpp_auth_fail(auth, "Unexpected Authentication Confirm");
4065 auth->waiting_auth_conf = 0;
4070 dpp_auth_fail(auth,
4083 dpp_auth_fail(auth,
4089 if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash,
4093 auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
4094 dpp_auth_fail(auth,
4104 dpp_auth_fail(auth,
4111 if (!auth->peer_bi ||
4112 os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash,
4114 dpp_auth_fail(auth,
4118 } else if (auth->peer_bi) {
4121 dpp_auth_fail(auth,
4129 dpp_auth_fail(auth,
4136 return dpp_auth_conf_rx_failure(auth, hdr, attr_start,
4141 dpp_auth_fail(auth, "Authentication failed");
4157 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
4160 dpp_auth_fail(auth, "AES-SIV decryption failed");
4167 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
4173 if (!i_auth || i_auth_len != auth->curve->hash_len) {
4174 dpp_auth_fail(auth,
4180 /* I-auth' = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
4181 if (dpp_gen_i_auth(auth, i_auth2) < 0)
4186 dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag");
4191 dpp_auth_success(auth);
4302 static int dpp_configuration_parse(struct dpp_authentication *auth,
4399 auth->conf_sta = conf_sta;
4400 auth->conf_ap = conf_ap;
4428 struct dpp_authentication *auth,
4441 auth->conf = dpp_configurator_get_id(dpp, atoi(pos));
4442 if (!auth->conf) {
4449 if (dpp_configuration_parse(auth, cmd) < 0) {
4458 void dpp_auth_deinit(struct dpp_authentication *auth)
4460 if (!auth)
4462 dpp_configuration_free(auth->conf_ap);
4463 dpp_configuration_free(auth->conf_sta);
4464 EVP_PKEY_free(auth->own_protocol_key);
4465 EVP_PKEY_free(auth->peer_protocol_key);
4466 wpabuf_free(auth->req_msg);
4467 wpabuf_free(auth->resp_msg);
4468 wpabuf_free(auth->conf_req);
4469 os_free(auth->connector);
4470 wpabuf_free(auth->net_access_key);
4471 wpabuf_free(auth->c_sign_key);
4472 dpp_bootstrap_info_free(auth->tmp_own_bi);
4474 os_free(auth->config_obj_override);
4475 os_free(auth->discovery_override);
4476 os_free(auth->groups_override);
4478 bin_clear_free(auth, sizeof(*auth));
4483 dpp_build_conf_start(struct dpp_authentication *auth,
4490 if (auth->discovery_override)
4491 tailroom += os_strlen(auth->discovery_override);
4499 if (auth->discovery_override) {
4501 auth->discovery_override);
4502 wpabuf_put_str(buf, auth->discovery_override);
4583 dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
4605 if (!auth->conf) {
4610 curve = auth->conf->curve;
4623 if (dpp_akm_ver2(akm) && auth->peer_version < 2) {
4630 if (auth->groups_override)
4631 extra_len += os_strlen(auth->groups_override);
4638 dppcon = wpabuf_alloc(extra_len + 2 * auth->curve->prime_len * 4 / 3);
4642 if (auth->groups_override) {
4644 if (auth->groups_override) {
4647 auth->groups_override);
4649 wpabuf_put_str(dppcon, auth->groups_override);
4661 if (dpp_build_jwk(dppcon, "netAccessKey", auth->peer_protocol_key, NULL,
4662 auth->curve) < 0) {
4685 auth->conf->kid, curve->jws_alg);
4701 auth->conf->csign) != 1) {
4748 tailroom += 2 * curve->prime_len * 4 / 3 + os_strlen(auth->conf->kid);
4752 buf = dpp_build_conf_start(auth, conf, tailroom);
4768 if (dpp_build_jwk(buf, "csign", auth->conf->csign, auth->conf->kid,
4797 dpp_build_conf_obj_legacy(struct dpp_authentication *auth, int ap,
4802 buf = dpp_build_conf_start(auth, conf, 1000);
4818 dpp_build_conf_obj(struct dpp_authentication *auth, int ap)
4823 if (auth->config_obj_override) {
4825 return wpabuf_alloc_copy(auth->config_obj_override,
4826 os_strlen(auth->config_obj_override));
4830 conf = ap ? auth->conf_ap : auth->conf_sta;
4839 return dpp_build_conf_obj_dpp(auth, ap, conf);
4840 return dpp_build_conf_obj_legacy(auth, ap, conf);
4845 dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce,
4856 conf = dpp_build_conf_obj(auth, ap);
4862 auth->conf_resp_status = status;
4944 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
4974 dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
4994 dpp_auth_fail(auth, "Invalid attribute in config request");
5001 dpp_auth_fail(auth,
5012 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
5015 dpp_auth_fail(auth, "AES-SIV decryption failed");
5022 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
5029 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
5030 dpp_auth_fail(auth,
5035 os_memcpy(auth->e_nonce, e_nonce, e_nonce_len);
5041 dpp_auth_fail(auth,
5050 dpp_auth_fail(auth, "Could not parse Config Attributes");
5056 dpp_auth_fail(auth, "No Config Attributes - name");
5063 dpp_auth_fail(auth, "No Config Attributes - wi-fi_tech");
5070 dpp_auth_fail(auth, "Unsupported wi-fi_tech");
5076 dpp_auth_fail(auth, "No Config Attributes - netRole");
5087 dpp_auth_fail(auth, "Unsupported netRole");
5091 resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, ap);
5180 static int dpp_parse_cred_legacy(struct dpp_authentication *auth,
5197 os_strlcpy(auth->passphrase, pass->string,
5198 sizeof(auth->passphrase));
5200 if (dpp_akm_sae(auth->akm) && !dpp_akm_psk(auth->akm)) {
5206 hexstr2bin(psk_hex->string, auth->psk, PMK_LEN) < 0) {
5211 auth->psk, PMK_LEN);
5212 auth->psk_set = 1;
5218 if (dpp_akm_sae(auth->akm) && !auth->passphrase[0]) {
5385 static int dpp_parse_connector(struct dpp_authentication *auth,
5440 &auth->net_access_key_expiry)) {
5458 if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
5462 if (auth->ignore_netaccesskey_mismatch) {
5513 static void dpp_copy_csign(struct dpp_authentication *auth, EVP_PKEY *csign)
5521 wpabuf_free(auth->c_sign_key);
5522 auth->c_sign_key = wpabuf_alloc_copy(der, der_len);
5527 static void dpp_copy_netaccesskey(struct dpp_authentication *auth)
5533 eckey = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key);
5542 wpabuf_free(auth->net_access_key);
5543 auth->net_access_key = wpabuf_alloc_copy(der, der_len);
5720 static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
5732 if (dpp_akm_psk(auth->akm) || dpp_akm_sae(auth->akm)) {
5735 if (dpp_parse_cred_legacy(auth, cred) < 0)
5774 if (dpp_parse_connector(auth, info.payload, info.payload_len) < 0) {
5779 os_free(auth->connector);
5780 auth->connector = os_strdup(signed_connector);
5782 dpp_copy_csign(auth, csign_pub);
5783 dpp_copy_netaccesskey(auth);
5832 static int dpp_parse_conf_obj(struct dpp_authentication *auth,
5842 dpp_auth_fail(auth, "JSON root is not an object");
5848 dpp_auth_fail(auth, "No wi-fi_tech string value found");
5854 dpp_auth_fail(auth, "Unsupported wi-fi_tech value");
5860 dpp_auth_fail(auth, "No discovery object in JSON");
5866 dpp_auth_fail(auth, "No discovery::ssid string value found");
5872 dpp_auth_fail(auth, "Too long discovery::ssid string value");
5875 auth->ssid_len = os_strlen(token->string);
5876 os_memcpy(auth->ssid, token->string, auth->ssid_len);
5880 dpp_auth_fail(auth, "No cred object in JSON");
5886 dpp_auth_fail(auth, "No cred::akm string value found");
5889 auth->akm = dpp_akm_from_str(token->string);
5891 if (dpp_akm_legacy(auth->akm)) {
5892 if (dpp_parse_cred_legacy(auth, cred) < 0)
5894 } else if (dpp_akm_dpp(auth->akm)) {
5895 if (dpp_parse_cred_dpp(auth, cred) < 0)
5900 dpp_auth_fail(auth, "Unsupported akm");
5912 int dpp_conf_resp_rx(struct dpp_authentication *auth,
5923 auth->conf_resp_status = 255;
5926 dpp_auth_fail(auth, "Invalid attribute in config response");
5934 dpp_auth_fail(auth,
5950 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
5953 dpp_auth_fail(auth, "AES-SIV decryption failed");
5960 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
5967 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
5968 dpp_auth_fail(auth,
5973 if (os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {
5974 dpp_auth_fail(auth, "Enrollee Nonce mismatch");
5981 dpp_auth_fail(auth,
5985 auth->conf_resp_status = status[0];
5988 dpp_auth_fail(auth, "Configurator rejected configuration");
5995 dpp_auth_fail(auth,
6001 if (dpp_parse_conf_obj(auth, conf_obj, conf_obj_len) < 0)
6013 enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth,
6028 dpp_auth_fail(auth,
6049 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
6052 dpp_auth_fail(auth, "AES-SIV decryption failed");
6059 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
6066 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
6067 dpp_auth_fail(auth,
6072 if (os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {
6073 dpp_auth_fail(auth, "Enrollee Nonce mismatch");
6075 auth->e_nonce, e_nonce_len);
6082 dpp_auth_fail(auth,
6096 struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth,
6105 nonce_len = auth->curve->nonce_len;
6119 wpabuf_put_data(clear, auth->e_nonce, nonce_len);
6137 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
6249 int dpp_configurator_own_config(struct dpp_authentication *auth,
6255 if (!auth->conf) {
6261 auth->curve = &dpp_curves[0];
6263 auth->curve = dpp_get_curve_name(curve);
6264 if (!auth->curve) {
6272 auth->curve->name);
6274 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
6275 if (!auth->own_protocol_key)
6277 dpp_copy_netaccesskey(auth);
6278 auth->peer_protocol_key = auth->own_protocol_key;
6279 dpp_copy_csign(auth, auth->conf->csign);
6281 conf_obj = dpp_build_conf_obj(auth, ap);
6284 ret = dpp_parse_conf_obj(auth, wpabuf_head(conf_obj),
6288 auth->peer_protocol_key = NULL;
8733 dpp_auth_deinit(conn->auth);
8880 struct dpp_authentication *auth = conn->auth;
8882 if (auth->peer_version >= 2 &&
8883 auth->conf_resp_status == DPP_STATUS_OK) {
8885 auth->waiting_conf_result = 1;
8939 conn->auth) {
8952 struct dpp_authentication *auth = conn->auth;
8970 buf = dpp_build_conf_req(auth, json);
9004 struct dpp_authentication *auth = conn->auth;
9006 if (!auth)
9016 if (auth->configurator) {
9018 auth->auth_success = 0;
9024 if (!auth->configurator)
9337 if (conn->auth) {
9343 conn->auth = dpp_auth_req_rx(conn->ctrl->global->msg_ctx,
9347 if (!conn->auth) {
9353 conn->auth,
9361 conn->msg_out = wpabuf_alloc(4 + wpabuf_len(conn->auth->resp_msg) - 1);
9364 wpabuf_put_be32(conn->msg_out, wpabuf_len(conn->auth->resp_msg) - 1);
9365 wpabuf_put_data(conn->msg_out, wpabuf_head_u8(conn->auth->resp_msg) + 1,
9366 wpabuf_len(conn->auth->resp_msg) - 1);
9385 struct dpp_authentication *auth = conn->auth;
9388 if (!auth)
9393 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
9395 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
9435 struct dpp_authentication *auth = conn->auth;
9439 if (!auth) {
9445 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
9459 struct dpp_authentication *auth = conn->auth;
9467 if (!auth || !auth->waiting_conf_result) {
9473 status = dpp_conf_result_rx(auth, hdr, buf, len);
9548 struct dpp_authentication *auth = conn->auth;
9556 if (!conn->ctrl || !auth || !auth->auth_success) {
9588 resp = dpp_conf_req_rx(auth, pos, slen);
9623 struct dpp_authentication *auth = conn->auth;
9631 res = dpp_conf_resp_rx(auth, resp);
9640 auth);
9644 if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK)
9649 msg = dpp_build_conf_result(auth, status);
9908 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
9921 dpp_auth_deinit(auth);
9927 dpp_auth_deinit(auth);
9932 conn->auth = auth;
9961 hdr = wpabuf_head(auth->req_msg);
9962 end = hdr + wpabuf_len(auth->req_msg);