]>
Commit | Line | Data |
---|---|---|
be27e185 JM |
1 | /* |
2 | * DPP functionality shared between hostapd and wpa_supplicant | |
3 | * Copyright (c) 2017, Qualcomm Atheros, Inc. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #ifndef DPP_H | |
10 | #define DPP_H | |
11 | ||
12 | #include <openssl/x509.h> | |
13 | ||
14 | #include "utils/list.h" | |
650a70a7 | 15 | #include "common/wpa_common.h" |
be27e185 JM |
16 | #include "crypto/sha256.h" |
17 | ||
30d27b04 JM |
18 | /* DPP Public Action frame identifiers - OUI_WFA */ |
19 | #define DPP_OUI_TYPE 0x1A | |
20 | ||
21 | enum dpp_public_action_frame_type { | |
22 | DPP_PA_AUTHENTICATION_REQ = 0, | |
23 | DPP_PA_AUTHENTICATION_RESP = 1, | |
24 | DPP_PA_AUTHENTICATION_CONF = 2, | |
25 | DPP_PA_PEER_DISCOVERY_REQ = 5, | |
26 | DPP_PA_PEER_DISCOVERY_RESP = 6, | |
27 | DPP_PA_PKEX_EXCHANGE_REQ = 7, | |
28 | DPP_PA_PKEX_EXCHANGE_RESP = 8, | |
29 | DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9, | |
30 | DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10, | |
31 | }; | |
32 | ||
33 | enum dpp_attribute_id { | |
34 | DPP_ATTR_STATUS = 0x1000, | |
35 | DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001, | |
36 | DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002, | |
37 | DPP_ATTR_I_PROTOCOL_KEY = 0x1003, | |
38 | DPP_ATTR_WRAPPED_DATA = 0x1004, | |
39 | DPP_ATTR_I_NONCE = 0x1005, | |
40 | DPP_ATTR_I_CAPABILITIES = 0x1006, | |
41 | DPP_ATTR_R_NONCE = 0x1007, | |
42 | DPP_ATTR_R_CAPABILITIES = 0x1008, | |
43 | DPP_ATTR_R_PROTOCOL_KEY = 0x1009, | |
44 | DPP_ATTR_I_AUTH_TAG = 0x100A, | |
45 | DPP_ATTR_R_AUTH_TAG = 0x100B, | |
46 | DPP_ATTR_CONFIG_OBJ = 0x100C, | |
47 | DPP_ATTR_CONNECTOR = 0x100D, | |
48 | DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E, | |
49 | DPP_ATTR_BOOTSTRAP_KEY = 0x100F, | |
50 | DPP_ATTR_PEER_NET_PK_HASH = 0x1010, | |
51 | DPP_ATTR_OWN_NET_NK_HASH = 0x1011, | |
52 | DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012, | |
53 | DPP_ATTR_ENCRYPTED_KEY = 0x1013, | |
54 | DPP_ATTR_ENROLLEE_NONCE = 0x1014, | |
55 | DPP_ATTR_CODE_IDENTIFIER = 0x1015, | |
56 | }; | |
57 | ||
58 | enum dpp_status_error { | |
59 | DPP_STATUS_OK = 0, | |
60 | DPP_STATUS_NOT_COMPATIBLE = 1, | |
61 | DPP_STATUS_AUTH_FAILURE = 2, | |
62 | DPP_STATUS_UNWRAP_FAILURE = 3, | |
63 | DPP_STATUS_BAD_GROUP = 4, | |
64 | DPP_STATUS_CONFIGURE_FAILURE = 5, | |
65 | DPP_STATUS_RESPONSE_PENDING = 6, | |
66 | }; | |
67 | ||
68 | #define DPP_CAPAB_ENROLLEE BIT(0) | |
69 | #define DPP_CAPAB_CONFIGURATOR BIT(1) | |
70 | #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1)) | |
71 | ||
be27e185 | 72 | #define DPP_BOOTSTRAP_MAX_FREQ 30 |
30d27b04 JM |
73 | #define DPP_MAX_NONCE_LEN 32 |
74 | #define DPP_MAX_HASH_LEN 64 | |
75 | #define DPP_MAX_SHARED_SECRET_LEN 66 | |
be27e185 JM |
76 | |
77 | struct dpp_curve_params { | |
78 | const char *name; | |
79 | size_t hash_len; | |
80 | size_t aes_siv_key_len; | |
81 | size_t nonce_len; | |
82 | size_t prime_len; | |
83 | const char *jwk_crv; | |
500ed7f0 | 84 | u16 ike_group; |
be27e185 JM |
85 | }; |
86 | ||
87 | enum dpp_bootstrap_type { | |
88 | DPP_BOOTSTRAP_QR_CODE, | |
500ed7f0 | 89 | DPP_BOOTSTRAP_PKEX, |
be27e185 JM |
90 | }; |
91 | ||
92 | struct dpp_bootstrap_info { | |
93 | struct dl_list list; | |
94 | unsigned int id; | |
95 | enum dpp_bootstrap_type type; | |
96 | char *uri; | |
97 | u8 mac_addr[ETH_ALEN]; | |
98 | char *info; | |
99 | unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; | |
100 | unsigned int num_freq; | |
101 | int own; | |
102 | EVP_PKEY *pubkey; | |
103 | u8 pubkey_hash[SHA256_MAC_LEN]; | |
104 | const struct dpp_curve_params *curve; | |
105 | }; | |
106 | ||
500ed7f0 JM |
107 | struct dpp_pkex { |
108 | unsigned int initiator:1; | |
109 | unsigned int exchange_done:1; | |
110 | struct dpp_bootstrap_info *own_bi; | |
111 | u8 own_mac[ETH_ALEN]; | |
112 | u8 peer_mac[ETH_ALEN]; | |
113 | char *identifier; | |
114 | char *code; | |
115 | EVP_PKEY *x; | |
116 | EVP_PKEY *y; | |
117 | u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; | |
118 | u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; | |
119 | u8 z[DPP_MAX_HASH_LEN]; | |
120 | EVP_PKEY *peer_bootstrap_key; | |
121 | struct wpabuf *exchange_req; | |
122 | struct wpabuf *exchange_resp; | |
123 | }; | |
124 | ||
461d39af JM |
125 | struct dpp_configuration { |
126 | u8 ssid[32]; | |
127 | size_t ssid_len; | |
128 | int dpp; /* whether to use DPP or legacy configuration */ | |
129 | ||
130 | /* For DPP configuration (connector) */ | |
131 | os_time_t netaccesskey_expiry; | |
132 | ||
133 | /* TODO: groups, devices */ | |
134 | ||
135 | /* For legacy configuration */ | |
136 | char *passphrase; | |
137 | u8 psk[32]; | |
138 | }; | |
139 | ||
30d27b04 JM |
140 | struct dpp_authentication { |
141 | void *msg_ctx; | |
142 | const struct dpp_curve_params *curve; | |
143 | struct dpp_bootstrap_info *peer_bi; | |
144 | struct dpp_bootstrap_info *own_bi; | |
145 | u8 waiting_pubkey_hash[SHA256_MAC_LEN]; | |
146 | int response_pending; | |
147 | enum dpp_status_error auth_resp_status; | |
148 | u8 peer_mac_addr[ETH_ALEN]; | |
149 | u8 i_nonce[DPP_MAX_NONCE_LEN]; | |
150 | u8 r_nonce[DPP_MAX_NONCE_LEN]; | |
461d39af | 151 | u8 e_nonce[DPP_MAX_NONCE_LEN]; |
30d27b04 JM |
152 | u8 i_capab; |
153 | u8 r_capab; | |
154 | EVP_PKEY *own_protocol_key; | |
155 | EVP_PKEY *peer_protocol_key; | |
156 | struct wpabuf *req_attr; | |
157 | struct wpabuf *resp_attr; | |
158 | unsigned int curr_freq; | |
159 | size_t secret_len; | |
160 | u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; | |
161 | u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; | |
162 | u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; | |
163 | u8 k1[DPP_MAX_HASH_LEN]; | |
164 | u8 k2[DPP_MAX_HASH_LEN]; | |
165 | u8 ke[DPP_MAX_HASH_LEN]; | |
166 | int initiator; | |
167 | int configurator; | |
168 | int remove_on_tx_status; | |
169 | int auth_success; | |
461d39af JM |
170 | struct wpabuf *conf_req; |
171 | struct dpp_configuration *conf_ap; | |
172 | struct dpp_configuration *conf_sta; | |
173 | struct dpp_configurator *conf; | |
174 | char *connector; /* received signedConnector */ | |
175 | u8 ssid[SSID_MAX_LEN]; | |
176 | u8 ssid_len; | |
8528994e JM |
177 | char passphrase[64]; |
178 | u8 psk[PMK_LEN]; | |
179 | int psk_set; | |
461d39af JM |
180 | struct wpabuf *net_access_key; |
181 | os_time_t net_access_key_expiry; | |
182 | struct wpabuf *c_sign_key; | |
183 | os_time_t c_sign_key_expiry; | |
184 | #ifdef CONFIG_TESTING_OPTIONS | |
185 | char *config_obj_override; | |
186 | char *discovery_override; | |
187 | char *groups_override; | |
188 | char *devices_override; | |
189 | unsigned int ignore_netaccesskey_mismatch:1; | |
190 | #endif /* CONFIG_TESTING_OPTIONS */ | |
191 | }; | |
192 | ||
193 | struct dpp_configurator { | |
194 | struct dl_list list; | |
195 | unsigned int id; | |
196 | int own; | |
197 | EVP_PKEY *csign; | |
198 | char *kid; | |
199 | const struct dpp_curve_params *curve; | |
200 | os_time_t csign_expiry; | |
30d27b04 JM |
201 | }; |
202 | ||
650a70a7 JM |
203 | struct dpp_introduction { |
204 | u8 pmkid[PMKID_LEN]; | |
205 | u8 pmk[PMK_LEN_MAX]; | |
206 | size_t pmk_len; | |
207 | u8 pk_hash[SHA256_MAC_LEN]; | |
208 | u8 nk_hash[SHA256_MAC_LEN]; | |
209 | }; | |
210 | ||
be27e185 | 211 | void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); |
500ed7f0 | 212 | int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi); |
be27e185 JM |
213 | int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, |
214 | const char *chan_list); | |
215 | int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); | |
216 | int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); | |
217 | struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri); | |
218 | char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, | |
219 | const u8 *privkey, size_t privkey_len); | |
30d27b04 JM |
220 | struct dpp_authentication * dpp_auth_init(void *msg_ctx, |
221 | struct dpp_bootstrap_info *peer_bi, | |
222 | struct dpp_bootstrap_info *own_bi, | |
223 | int configurator); | |
224 | struct dpp_authentication * | |
225 | dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, | |
226 | struct dpp_bootstrap_info *peer_bi, | |
227 | struct dpp_bootstrap_info *own_bi, | |
228 | unsigned int freq, const u8 *attr_start, | |
229 | const u8 *wrapped_data, u16 wrapped_data_len); | |
230 | struct wpabuf * | |
231 | dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *attr_start, | |
232 | size_t attr_len); | |
461d39af JM |
233 | struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, |
234 | const char *json); | |
30d27b04 JM |
235 | int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *attr_start, |
236 | size_t attr_len); | |
237 | int dpp_notify_new_qr_code(struct dpp_authentication *auth, | |
238 | struct dpp_bootstrap_info *peer_bi); | |
461d39af | 239 | void dpp_configuration_free(struct dpp_configuration *conf); |
30d27b04 | 240 | void dpp_auth_deinit(struct dpp_authentication *auth); |
461d39af JM |
241 | struct wpabuf * |
242 | dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, | |
243 | size_t attr_len); | |
244 | int dpp_conf_resp_rx(struct dpp_authentication *auth, | |
245 | const struct wpabuf *resp); | |
30d27b04 JM |
246 | struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, |
247 | size_t len); | |
248 | const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); | |
249 | int dpp_check_attrs(const u8 *buf, size_t len); | |
461d39af JM |
250 | int dpp_key_expired(const char *timestamp, os_time_t *expiry); |
251 | void dpp_configurator_free(struct dpp_configurator *conf); | |
252 | struct dpp_configurator * | |
253 | dpp_keygen_configurator(const char *curve, const u8 *privkey, | |
254 | size_t privkey_len); | |
650a70a7 JM |
255 | int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, |
256 | const u8 *net_access_key, size_t net_access_key_len, | |
257 | const u8 *csign_key, size_t csign_key_len, | |
258 | const u8 *peer_connector, size_t peer_connector_len); | |
500ed7f0 JM |
259 | struct dpp_pkex * dpp_pkex_init(struct dpp_bootstrap_info *bi, |
260 | const u8 *own_mac, | |
261 | const char *identifier, | |
262 | const char *code); | |
263 | struct dpp_pkex * dpp_pkex_rx_exchange_req(struct dpp_bootstrap_info *bi, | |
264 | const u8 *own_mac, | |
265 | const u8 *peer_mac, | |
266 | const char *identifier, | |
267 | const char *code, | |
268 | const u8 *buf, size_t len); | |
269 | struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, | |
270 | const u8 *buf, size_t len); | |
271 | struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, | |
272 | const u8 *buf, size_t len); | |
273 | int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, | |
274 | const u8 *buf, size_t len); | |
275 | void dpp_pkex_free(struct dpp_pkex *pkex); | |
be27e185 JM |
276 | |
277 | #endif /* DPP_H */ |