Lines Matching refs:curve
48 const struct dpp_curve_params *curve);
135 /* The mandatory to support and the default NIST P-256 curve needs to
391 static int dpp_hash_vector(const struct dpp_curve_params *curve,
395 if (curve->hash_len == 32)
397 if (curve->hash_len == 48)
399 if (curve->hash_len == 64)
1073 bi->curve = dpp_get_curve_oid(poid);
1074 if (!bi->curve) {
1076 "DPP: Unsupported SubjectPublicKeyInfo curve: %s",
1222 static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
1231 nid = OBJ_txt2nid(curve->name);
1233 wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
1300 static EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
1326 *curve = dpp_get_curve_nid(nid);
1327 if (!*curve) {
1329 "DPP: Unsupported curve (nid=%d) in pre-assigned key",
1347 * as an OID identifying the curve */
1454 char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
1464 if (!curve) {
1465 bi->curve = &dpp_curves[0];
1467 bi->curve = dpp_get_curve_name(curve);
1468 if (!bi->curve) {
1469 wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
1470 curve);
1475 bi->pubkey = dpp_set_keypair(&bi->curve, privkey, privkey_len);
1477 bi->pubkey = dpp_gen_keypair(bi->curve);
1597 nonce_len = auth->curve->nonce_len;
1813 if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
1996 if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,
2194 pk = dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0);
2247 auth->curve = peer_bi->curve;
2259 nonce_len = auth->curve->nonce_len;
2267 nonce_len = auth->curve->nonce_len;
2285 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2288 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2308 auth->curve->hash_len) < 0)
2340 pi = wpabuf_alloc(2 * auth->curve->prime_len);
2341 if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)
2372 nonce_len = auth->curve->nonce_len;
2439 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
2543 nonce_len = auth->curve->nonce_len;
2598 res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth);
2601 auth->curve->hash_len);
2622 nonce_len = auth->curve->nonce_len;
2681 res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth);
2684 auth->curve->hash_len);
2847 nonce_len = auth->curve->nonce_len;
2855 nonce_len = auth->curve->nonce_len;
2874 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2877 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
2896 auth->curve->hash_len) < 0)
2905 if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
2910 WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);
2916 r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
2919 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
2920 r_auth, 4 + auth->curve->hash_len,
2923 wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;
2968 pr = wpabuf_alloc(2 * auth->curve->prime_len);
2969 if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)
3060 msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,
3120 auth->curve = own_bi->curve;
3194 auth->curve->hash_len) < 0)
3209 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
3225 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3380 i_auth_len = 4 + auth->curve->hash_len;
3381 r_nonce_len = 4 + auth->curve->nonce_len;
3481 WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);
3488 i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
3492 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
3505 WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);
3506 os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);
3508 if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,
3577 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
3593 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3803 auth->curve->hash_len) < 0)
3818 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
3834 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
3843 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
3902 if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
3909 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
3926 if (!r_auth || r_auth_len != auth->curve->hash_len) {
4000 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
4016 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
4157 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
4173 if (!i_auth || i_auth_len != auth->curve->hash_len) {
4518 const char *kid, const struct dpp_curve_params *curve)
4529 x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
4530 pos += curve->prime_len;
4531 y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
4538 wpabuf_put_str(buf, curve->jwk_crv);
4589 const struct dpp_curve_params *curve;
4610 curve = auth->conf->curve;
4611 if (curve->hash_len == SHA256_MAC_LEN) {
4613 } else if (curve->hash_len == SHA384_MAC_LEN) {
4615 } else if (curve->hash_len == SHA512_MAC_LEN) {
4638 dppcon = wpabuf_alloc(extra_len + 2 * auth->curve->prime_len * 4 / 3);
4662 auth->curve) < 0) {
4685 auth->conf->kid, curve->jws_alg);
4734 if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 ||
4735 dpp_bn2bin_pad(s, signature + curve->prime_len,
4736 curve->prime_len) < 0)
4738 signature_len = 2 * curve->prime_len;
4748 tailroom += 2 * curve->prime_len * 4 / 3 + os_strlen(auth->conf->kid);
4769 curve) < 0) {
4944 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
5012 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
5029 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
5101 dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
5142 if (os_strcmp(token->string, curve->jws_alg) != 0) {
5145 token->string, curve->jws_alg);
5231 const struct dpp_curve_params *curve;
5252 curve = dpp_get_curve_jwk_crv(token->string);
5253 if (!curve) {
5265 if (wpabuf_len(x) != curve->prime_len) {
5267 "DPP: Unexpected JWK x length %u (expected %u for curve %s)",
5269 (unsigned int) curve->prime_len, curve->name);
5279 if (wpabuf_len(y) != curve->prime_len) {
5281 "DPP: Unexpected JWK y length %u (expected %u for curve %s)",
5283 (unsigned int) curve->prime_len, curve->name);
5287 group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
5296 *key_curve = curve;
5392 const struct dpp_curve_params *curve;
5453 key = dpp_parse_jwk(netkey, &curve);
5570 const struct dpp_curve_params *curve;
5582 curve = dpp_get_curve_nid(nid);
5583 if (!curve)
5585 wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv);
5606 kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len, &sign_md);
5950 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
5967 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
6049 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
6066 if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
6105 nonce_len = auth->curve->nonce_len;
6137 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
6187 dpp_keygen_configurator(const char *curve, const u8 *privkey,
6200 if (!curve) {
6201 conf->curve = &dpp_curves[0];
6203 conf->curve = dpp_get_curve_name(curve);
6204 if (!conf->curve) {
6205 wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
6206 curve);
6212 conf->csign = dpp_set_keypair(&conf->curve, privkey,
6215 conf->csign = dpp_gen_keypair(conf->curve);
6250 const char *curve, int ap)
6260 if (!curve) {
6261 auth->curve = &dpp_curves[0];
6263 auth->curve = dpp_get_curve_name(curve);
6264 if (!auth->curve) {
6265 wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
6266 curve);
6271 "DPP: Building own configuration/connector with curve %s",
6272 auth->curve->name);
6274 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
6404 static int dpp_derive_pmkid(const struct dpp_curve_params *curve,
6456 const struct dpp_curve_params *curve, *own_curve;
6561 peer_key = dpp_parse_jwk(netkey, &curve);
6568 if (own_curve != curve) {
6571 own_curve->name, curve->name);
6584 if (dpp_derive_pmk(Nx, Nx_len, intro->pmk, curve->hash_len) < 0) {
6588 intro->pmk_len = curve->hash_len;
6591 if (dpp_derive_pmkid(curve, own_key, peer_key, intro->pmkid) < 0) {
6614 static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
6618 size_t len = curve->prime_len;
6622 switch (curve->ike_group) {
6651 group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
6660 static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
6694 if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)
6698 hash, curve->hash_len);
6699 Pi = dpp_pkex_get_role_elem(curve, 1);
6719 hash_bn = BN_bin2bn(hash, curve->hash_len, NULL);
6744 static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
6778 if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)
6782 hash, curve->hash_len);
6783 Pr = dpp_pkex_get_role_elem(curve, 0);
6803 hash_bn = BN_bin2bn(hash, curve->hash_len, NULL);
6830 const struct dpp_curve_params *curve)
6838 group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
6849 if (BN_rand(x, curve->prime_len * 8, 0, 0) != 1)
6853 * on the curve. */
6855 if (BN_rand(y, curve->prime_len * 8, 0, 0) != 1)
6863 * when the point is not on the curve. */
6874 if (dpp_bn2bin_pad(x, wpabuf_put(msg, curve->prime_len),
6875 curve->prime_len) < 0 ||
6876 dpp_bn2bin_pad(y, wpabuf_put(msg, curve->prime_len),
6877 curve->prime_len) < 0)
6906 const struct dpp_curve_params *curve = pkex->own_bi->curve;
6914 Qi = dpp_pkex_derive_Qi(curve, pkex->own_mac, pkex->code,
6930 pkex->x = dpp_gen_keypair(curve);
6933 pkex->x = dpp_gen_keypair(curve);
6959 attr_len += 4 + 2 * curve->prime_len;
6974 wpabuf_put_le16(msg, curve->ike_group);
6996 wpabuf_put_le16(msg, 2 * curve->prime_len);
7001 if (dpp_test_gen_invalid_key(msg, curve) < 0)
7007 if (dpp_bn2bin_pad(Mx, wpabuf_put(msg, curve->prime_len),
7008 curve->prime_len) < 0 ||
7009 dpp_bn2bin_pad(Mx, pkex->Mx, curve->prime_len) < 0 ||
7010 dpp_bn2bin_pad(My, wpabuf_put(msg, curve->prime_len),
7011 curve->prime_len) < 0)
7085 const struct dpp_curve_params *curve = pkex->own_bi->curve;
7091 attr_len += 4 + 2 * curve->prime_len;
7134 wpabuf_put_le16(msg, 2 * curve->prime_len);
7139 if (dpp_test_gen_invalid_key(msg, curve) < 0)
7145 if (dpp_bn2bin_pad(Nx, wpabuf_put(msg, curve->prime_len),
7146 curve->prime_len) < 0 ||
7147 dpp_bn2bin_pad(Nx, pkex->Nx, curve->prime_len) < 0 ||
7148 dpp_bn2bin_pad(Ny, wpabuf_put(msg, curve->prime_len),
7149 curve->prime_len) < 0)
7157 wpabuf_put_le16(msg, curve->ike_group);
7262 const struct dpp_curve_params *curve = bi->curve;
7309 if (ike_group != curve->ike_group) {
7311 "Mismatching PKEX curve: peer=%u own=%u",
7312 ike_group, curve->ike_group);
7339 Qi = dpp_pkex_derive_Qi(curve, peer_mac, code, identifier, bnctx,
7395 Qr = dpp_pkex_derive_Qr(curve, own_mac, code, identifier, bnctx, NULL);
7410 pkex->y = dpp_gen_keypair(curve);
7413 pkex->y = dpp_gen_keypair(curve);
7450 pkex->Mx, curve->prime_len,
7451 pkex->Nx, curve->prime_len, pkex->code,
7452 Kx, Kx_len, pkex->z, curve->hash_len);
7486 const struct dpp_curve_params *curve = pkex->own_bi->curve;
7496 clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len;
7515 wpabuf_put_le16(clear, 2 * curve->prime_len);
7516 if (dpp_test_gen_invalid_key(clear, curve) < 0)
7536 wpabuf_put_le16(clear, curve->hash_len);
7537 wpabuf_put_data(clear, u, curve->hash_len - 1);
7538 wpabuf_put_u8(clear, u[curve->hash_len - 1] ^ 0x01);
7545 wpabuf_put_le16(clear, curve->hash_len);
7546 wpabuf_put_data(clear, u, curve->hash_len);
7569 if (aes_siv_encrypt(pkex->z, curve->hash_len,
7604 const struct dpp_curve_params *curve = pkex->own_bi->curve;
7681 Qr = dpp_pkex_derive_Qr(curve, pkex->peer_mac, pkex->code,
7738 if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0)
7740 wpa_hexdump(MSG_DEBUG, "DPP: u", u, curve->hash_len);
7752 pkex->Mx, curve->prime_len,
7755 pkex->z, curve->hash_len);
7787 const struct dpp_curve_params *curve = pkex->own_bi->curve;
7797 clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len;
7816 wpabuf_put_le16(clear, 2 * curve->prime_len);
7817 if (dpp_test_gen_invalid_key(clear, curve) < 0)
7837 wpabuf_put_le16(clear, curve->hash_len);
7838 wpabuf_put_data(clear, v, curve->hash_len - 1);
7839 wpabuf_put_u8(clear, v[curve->hash_len - 1] ^ 0x01);
7846 wpabuf_put_le16(clear, curve->hash_len);
7847 wpabuf_put_data(clear, v, curve->hash_len);
7870 if (aes_siv_encrypt(pkex->z, curve->hash_len,
7900 const struct dpp_curve_params *curve = pkex->own_bi->curve;
7951 if (aes_siv_decrypt(pkex->z, curve->hash_len,
7970 if (!b_key || b_key_len != 2 * curve->prime_len) {
8004 if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0)
8009 if (!peer_u || peer_u_len != curve->hash_len ||
8010 os_memcmp(peer_u, u, curve->hash_len) != 0) {
8013 u, curve->hash_len);
8039 if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0)
8041 wpa_hexdump(MSG_DEBUG, "DPP: v", v, curve->hash_len);
8064 const struct dpp_curve_params *curve = pkex->own_bi->curve;
8114 if (aes_siv_decrypt(pkex->z, curve->hash_len,
8132 if (!b_key || b_key_len != 2 * curve->prime_len) {
8166 if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0)
8171 if (!peer_v || peer_v_len != curve->hash_len ||
8172 os_memcmp(peer_v, v, curve->hash_len) != 0) {
8175 v, curve->hash_len);
8276 own_key = dpp_set_keypair(&pfs->curve, net_access_key,
8284 pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group);
8289 pub = wpabuf_zeropad(pub, pfs->curve->prime_len);
8299 wpabuf_put_le16(pfs->ie, pfs->curve->ike_group);
8317 if (WPA_GET_LE16(peer_ie) != pfs->curve->ike_group) {
8324 pfs->secret = wpabuf_zeropad(pfs->secret, pfs->curve->prime_len);
8403 char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL;
8428 curve = get_param(cmd, " curve=");
8439 pk = dpp_keygen(bi, curve, privkey, privkey_len);
8473 os_free(curve);
8531 bi->curve = pkex->own_bi->curve;
8570 "curve=%s\n"
8576 bi->curve->name,
8633 char *curve = NULL;
8640 curve = get_param(cmd, " curve=");
8651 conf = dpp_keygen_configurator(curve, privkey, privkey_len);
8660 os_free(curve);