]>
Commit | Line | Data |
---|---|---|
be27e185 JM |
1 | /* |
2 | * DPP functionality shared between hostapd and wpa_supplicant | |
3 | * Copyright (c) 2017, Qualcomm Atheros, Inc. | |
2bbe6ad3 | 4 | * Copyright (c) 2018-2020, The Linux Foundation |
be27e185 JM |
5 | * |
6 | * This software may be distributed under the terms of the BSD license. | |
7 | * See README for more details. | |
8 | */ | |
9 | ||
10 | #ifndef DPP_H | |
11 | #define DPP_H | |
12 | ||
1326cb76 | 13 | #ifdef CONFIG_DPP |
be27e185 JM |
14 | #include <openssl/x509.h> |
15 | ||
16 | #include "utils/list.h" | |
650a70a7 | 17 | #include "common/wpa_common.h" |
be27e185 JM |
18 | #include "crypto/sha256.h" |
19 | ||
10ec6a5f | 20 | struct crypto_ecdh; |
88a78bdd | 21 | struct hostapd_ip_addr; |
87d8435c | 22 | struct dpp_global; |
10ec6a5f | 23 | |
dc4d271c | 24 | #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */ |
88a78bdd | 25 | #define DPP_TCP_PORT 7871 |
dc4d271c | 26 | |
30d27b04 JM |
27 | enum dpp_public_action_frame_type { |
28 | DPP_PA_AUTHENTICATION_REQ = 0, | |
29 | DPP_PA_AUTHENTICATION_RESP = 1, | |
30 | DPP_PA_AUTHENTICATION_CONF = 2, | |
31 | DPP_PA_PEER_DISCOVERY_REQ = 5, | |
32 | DPP_PA_PEER_DISCOVERY_RESP = 6, | |
33 | DPP_PA_PKEX_EXCHANGE_REQ = 7, | |
34 | DPP_PA_PKEX_EXCHANGE_RESP = 8, | |
35 | DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9, | |
36 | DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10, | |
22f90b32 | 37 | DPP_PA_CONFIGURATION_RESULT = 11, |
e501a2eb | 38 | DPP_PA_CONNECTION_STATUS_RESULT = 12, |
30d27b04 JM |
39 | }; |
40 | ||
41 | enum dpp_attribute_id { | |
42 | DPP_ATTR_STATUS = 0x1000, | |
43 | DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001, | |
44 | DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002, | |
45 | DPP_ATTR_I_PROTOCOL_KEY = 0x1003, | |
46 | DPP_ATTR_WRAPPED_DATA = 0x1004, | |
47 | DPP_ATTR_I_NONCE = 0x1005, | |
48 | DPP_ATTR_I_CAPABILITIES = 0x1006, | |
49 | DPP_ATTR_R_NONCE = 0x1007, | |
50 | DPP_ATTR_R_CAPABILITIES = 0x1008, | |
51 | DPP_ATTR_R_PROTOCOL_KEY = 0x1009, | |
52 | DPP_ATTR_I_AUTH_TAG = 0x100A, | |
53 | DPP_ATTR_R_AUTH_TAG = 0x100B, | |
54 | DPP_ATTR_CONFIG_OBJ = 0x100C, | |
55 | DPP_ATTR_CONNECTOR = 0x100D, | |
56 | DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E, | |
57 | DPP_ATTR_BOOTSTRAP_KEY = 0x100F, | |
30d27b04 JM |
58 | DPP_ATTR_OWN_NET_NK_HASH = 0x1011, |
59 | DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012, | |
60 | DPP_ATTR_ENCRYPTED_KEY = 0x1013, | |
61 | DPP_ATTR_ENROLLEE_NONCE = 0x1014, | |
62 | DPP_ATTR_CODE_IDENTIFIER = 0x1015, | |
85fd8263 | 63 | DPP_ATTR_TRANSACTION_ID = 0x1016, |
d2709206 JM |
64 | DPP_ATTR_BOOTSTRAP_INFO = 0x1017, |
65 | DPP_ATTR_CHANNEL = 0x1018, | |
0b4a906d JM |
66 | DPP_ATTR_PROTOCOL_VERSION = 0x1019, |
67 | DPP_ATTR_ENVELOPED_DATA = 0x101A, | |
e501a2eb JM |
68 | DPP_ATTR_SEND_CONN_STATUS = 0x101B, |
69 | DPP_ATTR_CONN_STATUS = 0x101C, | |
30d27b04 JM |
70 | }; |
71 | ||
72 | enum dpp_status_error { | |
73 | DPP_STATUS_OK = 0, | |
74 | DPP_STATUS_NOT_COMPATIBLE = 1, | |
75 | DPP_STATUS_AUTH_FAILURE = 2, | |
76 | DPP_STATUS_UNWRAP_FAILURE = 3, | |
77 | DPP_STATUS_BAD_GROUP = 4, | |
78 | DPP_STATUS_CONFIGURE_FAILURE = 5, | |
79 | DPP_STATUS_RESPONSE_PENDING = 6, | |
e85b6601 JM |
80 | DPP_STATUS_INVALID_CONNECTOR = 7, |
81 | DPP_STATUS_NO_MATCH = 8, | |
22f90b32 | 82 | DPP_STATUS_CONFIG_REJECTED = 9, |
e501a2eb | 83 | DPP_STATUS_NO_AP = 10, |
30d27b04 JM |
84 | }; |
85 | ||
86 | #define DPP_CAPAB_ENROLLEE BIT(0) | |
87 | #define DPP_CAPAB_CONFIGURATOR BIT(1) | |
88 | #define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1)) | |
89 | ||
be27e185 | 90 | #define DPP_BOOTSTRAP_MAX_FREQ 30 |
30d27b04 JM |
91 | #define DPP_MAX_NONCE_LEN 32 |
92 | #define DPP_MAX_HASH_LEN 64 | |
93 | #define DPP_MAX_SHARED_SECRET_LEN 66 | |
be27e185 JM |
94 | |
95 | struct dpp_curve_params { | |
96 | const char *name; | |
97 | size_t hash_len; | |
98 | size_t aes_siv_key_len; | |
99 | size_t nonce_len; | |
100 | size_t prime_len; | |
101 | const char *jwk_crv; | |
500ed7f0 | 102 | u16 ike_group; |
31f03cb0 | 103 | const char *jws_alg; |
be27e185 JM |
104 | }; |
105 | ||
106 | enum dpp_bootstrap_type { | |
107 | DPP_BOOTSTRAP_QR_CODE, | |
500ed7f0 | 108 | DPP_BOOTSTRAP_PKEX, |
e780b4bf | 109 | DPP_BOOTSTRAP_NFC_URI, |
be27e185 JM |
110 | }; |
111 | ||
112 | struct dpp_bootstrap_info { | |
113 | struct dl_list list; | |
114 | unsigned int id; | |
115 | enum dpp_bootstrap_type type; | |
116 | char *uri; | |
117 | u8 mac_addr[ETH_ALEN]; | |
2bbe6ad3 | 118 | char *chan; |
be27e185 | 119 | char *info; |
2bbe6ad3 | 120 | char *pk; |
be27e185 JM |
121 | unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; |
122 | unsigned int num_freq; | |
123 | int own; | |
124 | EVP_PKEY *pubkey; | |
125 | u8 pubkey_hash[SHA256_MAC_LEN]; | |
126 | const struct dpp_curve_params *curve; | |
29ab69e4 JM |
127 | unsigned int pkex_t; /* number of failures before dpp_pkex |
128 | * instantiation */ | |
be27e185 JM |
129 | }; |
130 | ||
29ab69e4 JM |
131 | #define PKEX_COUNTER_T_LIMIT 5 |
132 | ||
500ed7f0 | 133 | struct dpp_pkex { |
219d4c9f | 134 | void *msg_ctx; |
500ed7f0 JM |
135 | unsigned int initiator:1; |
136 | unsigned int exchange_done:1; | |
e0247e79 | 137 | unsigned int failed:1; |
500ed7f0 JM |
138 | struct dpp_bootstrap_info *own_bi; |
139 | u8 own_mac[ETH_ALEN]; | |
140 | u8 peer_mac[ETH_ALEN]; | |
141 | char *identifier; | |
142 | char *code; | |
143 | EVP_PKEY *x; | |
144 | EVP_PKEY *y; | |
145 | u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; | |
146 | u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; | |
147 | u8 z[DPP_MAX_HASH_LEN]; | |
148 | EVP_PKEY *peer_bootstrap_key; | |
149 | struct wpabuf *exchange_req; | |
150 | struct wpabuf *exchange_resp; | |
29ab69e4 | 151 | unsigned int t; /* number of failures on code use */ |
00d2d13d JM |
152 | unsigned int exch_req_wait_time; |
153 | unsigned int exch_req_tries; | |
154 | unsigned int freq; | |
500ed7f0 JM |
155 | }; |
156 | ||
5dd745b7 JM |
157 | enum dpp_akm { |
158 | DPP_AKM_UNKNOWN, | |
159 | DPP_AKM_DPP, | |
160 | DPP_AKM_PSK, | |
161 | DPP_AKM_SAE, | |
18015fc8 JM |
162 | DPP_AKM_PSK_SAE, |
163 | DPP_AKM_SAE_DPP, | |
164 | DPP_AKM_PSK_SAE_DPP, | |
5dd745b7 JM |
165 | }; |
166 | ||
99918e06 JM |
167 | enum dpp_netrole { |
168 | DPP_NETROLE_STA, | |
169 | DPP_NETROLE_AP, | |
5661ebd7 | 170 | DPP_NETROLE_CONFIGURATOR, |
99918e06 JM |
171 | }; |
172 | ||
461d39af JM |
173 | struct dpp_configuration { |
174 | u8 ssid[32]; | |
175 | size_t ssid_len; | |
71e2848e | 176 | int ssid_charset; |
e3a5882b | 177 | enum dpp_akm akm; |
99918e06 | 178 | enum dpp_netrole netrole; |
461d39af JM |
179 | |
180 | /* For DPP configuration (connector) */ | |
181 | os_time_t netaccesskey_expiry; | |
182 | ||
a4bf0078 | 183 | /* TODO: groups */ |
20f612d9 | 184 | char *group_id; |
461d39af JM |
185 | |
186 | /* For legacy configuration */ | |
187 | char *passphrase; | |
188 | u8 psk[32]; | |
9305c233 | 189 | int psk_set; |
461d39af JM |
190 | }; |
191 | ||
ea91ddb0 JM |
192 | struct dpp_asymmetric_key { |
193 | struct dpp_asymmetric_key *next; | |
194 | EVP_PKEY *csign; | |
195 | char *config_template; | |
196 | char *connector_template; | |
197 | }; | |
198 | ||
52d469de JM |
199 | #define DPP_MAX_CONF_OBJ 10 |
200 | ||
30d27b04 JM |
201 | struct dpp_authentication { |
202 | void *msg_ctx; | |
0b4a906d | 203 | u8 peer_version; |
30d27b04 JM |
204 | const struct dpp_curve_params *curve; |
205 | struct dpp_bootstrap_info *peer_bi; | |
206 | struct dpp_bootstrap_info *own_bi; | |
73f21929 | 207 | struct dpp_bootstrap_info *tmp_own_bi; |
30d27b04 JM |
208 | u8 waiting_pubkey_hash[SHA256_MAC_LEN]; |
209 | int response_pending; | |
210 | enum dpp_status_error auth_resp_status; | |
22f90b32 | 211 | enum dpp_status_error conf_resp_status; |
30d27b04 JM |
212 | u8 peer_mac_addr[ETH_ALEN]; |
213 | u8 i_nonce[DPP_MAX_NONCE_LEN]; | |
214 | u8 r_nonce[DPP_MAX_NONCE_LEN]; | |
461d39af | 215 | u8 e_nonce[DPP_MAX_NONCE_LEN]; |
30d27b04 JM |
216 | u8 i_capab; |
217 | u8 r_capab; | |
218 | EVP_PKEY *own_protocol_key; | |
219 | EVP_PKEY *peer_protocol_key; | |
dc4d271c JM |
220 | struct wpabuf *req_msg; |
221 | struct wpabuf *resp_msg; | |
f97ace34 JM |
222 | /* Intersection of possible frequencies for initiating DPP |
223 | * Authentication exchange */ | |
224 | unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; | |
225 | unsigned int num_freq, freq_idx; | |
30d27b04 | 226 | unsigned int curr_freq; |
d2709206 | 227 | unsigned int neg_freq; |
f97ace34 | 228 | unsigned int num_freq_iters; |
30d27b04 JM |
229 | size_t secret_len; |
230 | u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; | |
630ea133 | 231 | size_t Mx_len; |
30d27b04 | 232 | u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; |
630ea133 | 233 | size_t Nx_len; |
30d27b04 | 234 | u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; |
630ea133 | 235 | size_t Lx_len; |
30d27b04 JM |
236 | u8 k1[DPP_MAX_HASH_LEN]; |
237 | u8 k2[DPP_MAX_HASH_LEN]; | |
238 | u8 ke[DPP_MAX_HASH_LEN]; | |
239 | int initiator; | |
f97ace34 | 240 | int waiting_auth_resp; |
95b0104a | 241 | int waiting_auth_conf; |
248264c6 | 242 | int auth_req_ack; |
95b0104a | 243 | unsigned int auth_resp_tries; |
d1f08264 | 244 | u8 allowed_roles; |
30d27b04 JM |
245 | int configurator; |
246 | int remove_on_tx_status; | |
22f90b32 JM |
247 | int connect_on_tx_status; |
248 | int waiting_conf_result; | |
b10e01a7 | 249 | int waiting_conn_status_result; |
30d27b04 | 250 | int auth_success; |
461d39af | 251 | struct wpabuf *conf_req; |
82feacce | 252 | const struct wpabuf *conf_resp; /* owned by GAS server */ |
461d39af | 253 | struct dpp_configuration *conf_ap; |
7eb06a33 | 254 | struct dpp_configuration *conf2_ap; |
461d39af | 255 | struct dpp_configuration *conf_sta; |
7eb06a33 | 256 | struct dpp_configuration *conf2_sta; |
e2b1e7dc | 257 | int provision_configurator; |
461d39af | 258 | struct dpp_configurator *conf; |
52d469de JM |
259 | struct dpp_config_obj { |
260 | char *connector; /* received signedConnector */ | |
261 | u8 ssid[SSID_MAX_LEN]; | |
262 | u8 ssid_len; | |
57a63b13 | 263 | int ssid_charset; |
52d469de JM |
264 | char passphrase[64]; |
265 | u8 psk[PMK_LEN]; | |
266 | int psk_set; | |
267 | enum dpp_akm akm; | |
268 | struct wpabuf *c_sign_key; | |
269 | } conf_obj[DPP_MAX_CONF_OBJ]; | |
270 | unsigned int num_conf_obj; | |
ea91ddb0 | 271 | struct dpp_asymmetric_key *conf_key_pkg; |
461d39af JM |
272 | struct wpabuf *net_access_key; |
273 | os_time_t net_access_key_expiry; | |
b10e01a7 | 274 | int send_conn_status; |
16ef233b | 275 | int conn_status_requested; |
68fea960 | 276 | int akm_use_selector; |
461d39af JM |
277 | #ifdef CONFIG_TESTING_OPTIONS |
278 | char *config_obj_override; | |
279 | char *discovery_override; | |
280 | char *groups_override; | |
461d39af JM |
281 | unsigned int ignore_netaccesskey_mismatch:1; |
282 | #endif /* CONFIG_TESTING_OPTIONS */ | |
283 | }; | |
284 | ||
285 | struct dpp_configurator { | |
286 | struct dl_list list; | |
287 | unsigned int id; | |
288 | int own; | |
289 | EVP_PKEY *csign; | |
290 | char *kid; | |
291 | const struct dpp_curve_params *curve; | |
30d27b04 JM |
292 | }; |
293 | ||
650a70a7 JM |
294 | struct dpp_introduction { |
295 | u8 pmkid[PMKID_LEN]; | |
296 | u8 pmk[PMK_LEN_MAX]; | |
297 | size_t pmk_len; | |
650a70a7 JM |
298 | }; |
299 | ||
88a78bdd JM |
300 | struct dpp_relay_config { |
301 | const struct hostapd_ip_addr *ipaddr; | |
302 | const u8 *pkhash; | |
303 | ||
304 | void *cb_ctx; | |
305 | void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, | |
306 | size_t len); | |
307 | void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, int prot, | |
308 | struct wpabuf *buf); | |
309 | }; | |
310 | ||
311 | struct dpp_controller_config { | |
312 | const char *configurator_params; | |
313 | int tcp_port; | |
314 | }; | |
315 | ||
60239f60 JM |
316 | #ifdef CONFIG_TESTING_OPTIONS |
317 | enum dpp_test_behavior { | |
318 | DPP_TEST_DISABLED = 0, | |
319 | DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1, | |
320 | DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2, | |
321 | DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3, | |
322 | DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4, | |
323 | DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5, | |
324 | DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6, | |
325 | DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7, | |
326 | DPP_TEST_ZERO_I_CAPAB = 8, | |
327 | DPP_TEST_ZERO_R_CAPAB = 9, | |
0e7cb8c6 JM |
328 | DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10, |
329 | DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11, | |
330 | DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12, | |
331 | DPP_TEST_NO_I_NONCE_AUTH_REQ = 13, | |
332 | DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14, | |
333 | DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15, | |
ce9acce0 JM |
334 | DPP_TEST_NO_STATUS_AUTH_RESP = 16, |
335 | DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17, | |
336 | DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18, | |
337 | DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19, | |
338 | DPP_TEST_NO_R_NONCE_AUTH_RESP = 20, | |
339 | DPP_TEST_NO_I_NONCE_AUTH_RESP = 21, | |
340 | DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22, | |
341 | DPP_TEST_NO_R_AUTH_AUTH_RESP = 23, | |
342 | DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24, | |
f9c7d770 JM |
343 | DPP_TEST_NO_STATUS_AUTH_CONF = 25, |
344 | DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26, | |
345 | DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27, | |
346 | DPP_TEST_NO_I_AUTH_AUTH_CONF = 28, | |
347 | DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29, | |
978bc3f2 JM |
348 | DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30, |
349 | DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31, | |
350 | DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32, | |
351 | DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33, | |
61f9f27f JM |
352 | DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34, |
353 | DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35, | |
354 | DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36, | |
355 | DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37, | |
356 | DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38, | |
357 | DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39, | |
358 | DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40, | |
359 | DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41, | |
360 | DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42, | |
361 | DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43, | |
1cfcbd32 JM |
362 | DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44, |
363 | DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45, | |
f31ef96d | 364 | DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46, |
89d0bf67 JM |
365 | DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47, |
366 | DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48, | |
7e0ebe21 JM |
367 | DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49, |
368 | DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50, | |
f411ad1b JM |
369 | DPP_TEST_NO_E_NONCE_CONF_REQ = 51, |
370 | DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52, | |
371 | DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53, | |
372 | DPP_TEST_NO_E_NONCE_CONF_RESP = 54, | |
373 | DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55, | |
374 | DPP_TEST_NO_STATUS_CONF_RESP = 56, | |
375 | DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57, | |
af7f10fc JM |
376 | DPP_TEST_INVALID_STATUS_CONF_RESP = 58, |
377 | DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59, | |
a306ed5a JM |
378 | DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60, |
379 | DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61, | |
380 | DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62, | |
381 | DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63, | |
382 | DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64, | |
762fb4f0 | 383 | DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65, |
b6b4226b JM |
384 | DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66, |
385 | DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67, | |
65ecce87 JM |
386 | DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68, |
387 | DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69, | |
388 | DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70, | |
389 | DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71, | |
390 | DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72, | |
391 | DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73, | |
3f35ec2d JM |
392 | DPP_TEST_INVALID_STATUS_AUTH_RESP = 74, |
393 | DPP_TEST_INVALID_STATUS_AUTH_CONF = 75, | |
f9cf7d03 | 394 | DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76, |
4b8de0c9 JM |
395 | DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77, |
396 | DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78, | |
397 | DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79, | |
398 | DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80, | |
a4446739 | 399 | DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81, |
55c6c858 | 400 | DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82, |
f0a383a9 | 401 | DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83, |
34603767 JM |
402 | DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84, |
403 | DPP_TEST_STOP_AT_PKEX_CR_REQ = 85, | |
404 | DPP_TEST_STOP_AT_PKEX_CR_RESP = 86, | |
405 | DPP_TEST_STOP_AT_AUTH_REQ = 87, | |
406 | DPP_TEST_STOP_AT_AUTH_RESP = 88, | |
407 | DPP_TEST_STOP_AT_AUTH_CONF = 89, | |
408 | DPP_TEST_STOP_AT_CONF_REQ = 90, | |
67b3bcc9 | 409 | DPP_TEST_REJECT_CONFIG = 91, |
60239f60 JM |
410 | }; |
411 | ||
412 | extern enum dpp_test_behavior dpp_test; | |
2bdc47a9 JM |
413 | extern u8 dpp_pkex_own_mac_override[ETH_ALEN]; |
414 | extern u8 dpp_pkex_peer_mac_override[ETH_ALEN]; | |
acc555f9 JM |
415 | extern u8 dpp_pkex_ephemeral_key_override[600]; |
416 | extern size_t dpp_pkex_ephemeral_key_override_len; | |
f5526975 JM |
417 | extern u8 dpp_protocol_key_override[600]; |
418 | extern size_t dpp_protocol_key_override_len; | |
055cd397 JM |
419 | extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN]; |
420 | extern size_t dpp_nonce_override_len; | |
60239f60 JM |
421 | #endif /* CONFIG_TESTING_OPTIONS */ |
422 | ||
be27e185 | 423 | void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); |
484788b8 | 424 | const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type); |
500ed7f0 | 425 | int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi); |
be27e185 JM |
426 | int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, |
427 | const char *chan_list); | |
428 | int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); | |
429 | int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); | |
5e287724 JM |
430 | int dpp_nfc_update_bi(struct dpp_bootstrap_info *own_bi, |
431 | struct dpp_bootstrap_info *peer_bi); | |
f97ace34 | 432 | struct hostapd_hw_modes; |
30d27b04 JM |
433 | struct dpp_authentication * dpp_auth_init(void *msg_ctx, |
434 | struct dpp_bootstrap_info *peer_bi, | |
435 | struct dpp_bootstrap_info *own_bi, | |
d1f08264 | 436 | u8 dpp_allowed_roles, |
f97ace34 JM |
437 | unsigned int neg_freq, |
438 | struct hostapd_hw_modes *own_modes, | |
439 | u16 num_modes); | |
30d27b04 JM |
440 | struct dpp_authentication * |
441 | dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, | |
442 | struct dpp_bootstrap_info *peer_bi, | |
443 | struct dpp_bootstrap_info *own_bi, | |
dc4d271c | 444 | unsigned int freq, const u8 *hdr, const u8 *attr_start, |
27fefbbb | 445 | size_t attr_len); |
30d27b04 | 446 | struct wpabuf * |
dc4d271c JM |
447 | dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, |
448 | const u8 *attr_start, size_t attr_len); | |
461d39af JM |
449 | struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, |
450 | const char *json); | |
5a5639b0 | 451 | struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, |
74045744 JM |
452 | const char *name, |
453 | enum dpp_netrole netrole, | |
8f8c423a | 454 | const char *mud_url, int *opclasses); |
dc4d271c JM |
455 | int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, |
456 | const u8 *attr_start, size_t attr_len); | |
30d27b04 JM |
457 | int dpp_notify_new_qr_code(struct dpp_authentication *auth, |
458 | struct dpp_bootstrap_info *peer_bi); | |
9305c233 | 459 | struct dpp_configuration * dpp_configuration_alloc(const char *type); |
18015fc8 JM |
460 | int dpp_akm_psk(enum dpp_akm akm); |
461 | int dpp_akm_sae(enum dpp_akm akm); | |
462 | int dpp_akm_legacy(enum dpp_akm akm); | |
463 | int dpp_akm_dpp(enum dpp_akm akm); | |
464 | int dpp_akm_ver2(enum dpp_akm akm); | |
9305c233 | 465 | int dpp_configuration_valid(const struct dpp_configuration *conf); |
461d39af | 466 | void dpp_configuration_free(struct dpp_configuration *conf); |
87d8435c JM |
467 | int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx, |
468 | struct dpp_authentication *auth, | |
469 | const char *cmd); | |
30d27b04 | 470 | void dpp_auth_deinit(struct dpp_authentication *auth); |
461d39af JM |
471 | struct wpabuf * |
472 | dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, | |
473 | size_t attr_len); | |
474 | int dpp_conf_resp_rx(struct dpp_authentication *auth, | |
475 | const struct wpabuf *resp); | |
22f90b32 JM |
476 | enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth, |
477 | const u8 *hdr, | |
478 | const u8 *attr_start, size_t attr_len); | |
479 | struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, | |
480 | enum dpp_status_error status); | |
b10e01a7 JM |
481 | enum dpp_status_error dpp_conn_status_result_rx(struct dpp_authentication *auth, |
482 | const u8 *hdr, | |
483 | const u8 *attr_start, | |
484 | size_t attr_len, | |
485 | u8 *ssid, size_t *ssid_len, | |
486 | char **channel_list); | |
16ef233b JM |
487 | struct wpabuf * dpp_build_conn_status_result(struct dpp_authentication *auth, |
488 | enum dpp_status_error result, | |
489 | const u8 *ssid, size_t ssid_len, | |
490 | const char *channel_list); | |
30d27b04 JM |
491 | struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, |
492 | size_t len); | |
493 | const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); | |
494 | int dpp_check_attrs(const u8 *buf, size_t len); | |
461d39af | 495 | int dpp_key_expired(const char *timestamp, os_time_t *expiry); |
5dd745b7 | 496 | const char * dpp_akm_str(enum dpp_akm akm); |
68fea960 | 497 | const char * dpp_akm_selector_str(enum dpp_akm akm); |
8179ae3a PK |
498 | int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, |
499 | size_t buflen); | |
461d39af JM |
500 | void dpp_configurator_free(struct dpp_configurator *conf); |
501 | struct dpp_configurator * | |
502 | dpp_keygen_configurator(const char *curve, const u8 *privkey, | |
503 | size_t privkey_len); | |
f522bb23 | 504 | int dpp_configurator_own_config(struct dpp_authentication *auth, |
a2588be8 | 505 | const char *curve, int ap); |
e85b6601 JM |
506 | enum dpp_status_error |
507 | dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, | |
508 | const u8 *net_access_key, size_t net_access_key_len, | |
509 | const u8 *csign_key, size_t csign_key_len, | |
510 | const u8 *peer_connector, size_t peer_connector_len, | |
511 | os_time_t *expiry); | |
219d4c9f | 512 | struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, |
500ed7f0 JM |
513 | const u8 *own_mac, |
514 | const char *identifier, | |
515 | const char *code); | |
219d4c9f JM |
516 | struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, |
517 | struct dpp_bootstrap_info *bi, | |
500ed7f0 JM |
518 | const u8 *own_mac, |
519 | const u8 *peer_mac, | |
520 | const char *identifier, | |
521 | const char *code, | |
522 | const u8 *buf, size_t len); | |
523 | struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, | |
af4103e5 | 524 | const u8 *peer_mac, |
500ed7f0 JM |
525 | const u8 *buf, size_t len); |
526 | struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, | |
4be5bc98 | 527 | const u8 *hdr, |
500ed7f0 | 528 | const u8 *buf, size_t len); |
4be5bc98 | 529 | int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr, |
500ed7f0 JM |
530 | const u8 *buf, size_t len); |
531 | void dpp_pkex_free(struct dpp_pkex *pkex); | |
be27e185 | 532 | |
4b8de0c9 JM |
533 | char * dpp_corrupt_connector_signature(const char *connector); |
534 | ||
10ec6a5f JM |
535 | |
536 | struct dpp_pfs { | |
537 | struct crypto_ecdh *ecdh; | |
538 | const struct dpp_curve_params *curve; | |
539 | struct wpabuf *ie; | |
540 | struct wpabuf *secret; | |
541 | }; | |
542 | ||
543 | struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, | |
544 | size_t net_access_key_len); | |
545 | int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len); | |
546 | void dpp_pfs_free(struct dpp_pfs *pfs); | |
547 | ||
87d8435c JM |
548 | struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, |
549 | const char *uri); | |
e780b4bf JM |
550 | struct dpp_bootstrap_info * dpp_add_nfc_uri(struct dpp_global *dpp, |
551 | const char *uri); | |
87d8435c JM |
552 | int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd); |
553 | struct dpp_bootstrap_info * | |
554 | dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id); | |
555 | int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id); | |
556 | struct dpp_bootstrap_info * | |
557 | dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer, | |
558 | unsigned int freq); | |
559 | const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id); | |
560 | int dpp_bootstrap_info(struct dpp_global *dpp, int id, | |
561 | char *reply, int reply_size); | |
562 | void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap, | |
563 | const u8 *r_bootstrap, | |
564 | struct dpp_bootstrap_info **own_bi, | |
565 | struct dpp_bootstrap_info **peer_bi); | |
566 | int dpp_configurator_add(struct dpp_global *dpp, const char *cmd); | |
567 | int dpp_configurator_remove(struct dpp_global *dpp, const char *id); | |
568 | int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id, | |
569 | char *buf, size_t buflen); | |
7d9e3200 JM |
570 | int dpp_configurator_from_backup(struct dpp_global *dpp, |
571 | struct dpp_asymmetric_key *key); | |
88a78bdd JM |
572 | int dpp_relay_add_controller(struct dpp_global *dpp, |
573 | struct dpp_relay_config *config); | |
574 | int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, | |
575 | const u8 *buf, size_t len, unsigned int freq, | |
576 | const u8 *i_bootstrap, const u8 *r_bootstrap); | |
577 | int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, | |
578 | size_t data_len); | |
579 | int dpp_controller_start(struct dpp_global *dpp, | |
580 | struct dpp_controller_config *config); | |
581 | void dpp_controller_stop(struct dpp_global *dpp); | |
582 | int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, | |
583 | const struct hostapd_ip_addr *addr, int port); | |
2ed2b52f JM |
584 | |
585 | struct dpp_global_config { | |
586 | void *msg_ctx; | |
88a78bdd JM |
587 | void *cb_ctx; |
588 | int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); | |
2ed2b52f JM |
589 | }; |
590 | ||
591 | struct dpp_global * dpp_global_init(struct dpp_global_config *config); | |
87d8435c JM |
592 | void dpp_global_clear(struct dpp_global *dpp); |
593 | void dpp_global_deinit(struct dpp_global *dpp); | |
594 | ||
1326cb76 | 595 | #endif /* CONFIG_DPP */ |
be27e185 | 596 | #endif /* DPP_H */ |