diff options
Diffstat (limited to 'contrib/wpa/src/common/dpp.c')
-rw-r--r-- | contrib/wpa/src/common/dpp.c | 8787 |
1 files changed, 1578 insertions, 7209 deletions
diff --git a/contrib/wpa/src/common/dpp.c b/contrib/wpa/src/common/dpp.c index dcbc80b6b84b..3c8c7682d514 100644 --- a/contrib/wpa/src/common/dpp.c +++ b/contrib/wpa/src/common/dpp.c @@ -1,51 +1,41 @@ /* * DPP functionality shared between hostapd and wpa_supplicant * Copyright (c) 2017, Qualcomm Atheros, Inc. - * Copyright (c) 2018-2019, The Linux Foundation + * Copyright (c) 2018-2020, The Linux Foundation * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "utils/includes.h" -#include <fcntl.h> #include <openssl/opensslv.h> #include <openssl/err.h> -#include <openssl/asn1.h> -#include <openssl/asn1t.h> #include "utils/common.h" #include "utils/base64.h" #include "utils/json.h" -#include "utils/ip_addr.h" -#include "utils/eloop.h" #include "common/ieee802_11_common.h" -#include "common/ieee802_11_defs.h" #include "common/wpa_ctrl.h" #include "common/gas.h" +#include "eap_common/eap_defs.h" #include "crypto/crypto.h" #include "crypto/random.h" #include "crypto/aes.h" #include "crypto/aes_siv.h" -#include "crypto/sha384.h" -#include "crypto/sha512.h" #include "drivers/driver.h" #include "dpp.h" +#include "dpp_i.h" +static const char * dpp_netrole_str(enum dpp_netrole netrole); + #ifdef CONFIG_TESTING_OPTIONS +#ifdef CONFIG_DPP2 +int dpp_version_override = 2; +#else +int dpp_version_override = 1; +#endif enum dpp_test_behavior dpp_test = DPP_TEST_DISABLED; -u8 dpp_pkex_own_mac_override[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; -u8 dpp_pkex_peer_mac_override[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; -u8 dpp_pkex_ephemeral_key_override[600]; -size_t dpp_pkex_ephemeral_key_override_len = 0; -u8 dpp_protocol_key_override[600]; -size_t dpp_protocol_key_override_len = 0; -u8 dpp_nonce_override[DPP_MAX_NONCE_LEN]; -size_t dpp_nonce_override_len = 0; - -static int dpp_test_gen_invalid_key(struct wpabuf *msg, - const struct dpp_curve_params *curve); #endif /* CONFIG_TESTING_OPTIONS */ #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ @@ -53,649 +43,19 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg, LIBRESSL_VERSION_NUMBER < 0x20700000L) /* Compatibility wrappers for older versions. */ -static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - sig->r = r; - sig->s = s; - return 1; -} - - -static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, - const BIGNUM **ps) -{ - if (pr) - *pr = sig->r; - if (ps) - *ps = sig->s; -} - -#endif - - -struct dpp_connection { - struct dl_list list; - struct dpp_controller *ctrl; - struct dpp_relay_controller *relay; - struct dpp_global *global; - struct dpp_authentication *auth; - int sock; - u8 mac_addr[ETH_ALEN]; - unsigned int freq; - u8 msg_len[4]; - size_t msg_len_octets; - struct wpabuf *msg; - struct wpabuf *msg_out; - size_t msg_out_pos; - unsigned int read_eloop:1; - unsigned int write_eloop:1; - unsigned int on_tcp_tx_complete_gas_done:1; - unsigned int on_tcp_tx_complete_remove:1; - unsigned int on_tcp_tx_complete_auth_ok:1; -}; - -/* Remote Controller */ -struct dpp_relay_controller { - struct dl_list list; - struct dpp_global *global; - u8 pkhash[SHA256_MAC_LEN]; - struct hostapd_ip_addr ipaddr; - void *cb_ctx; - void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, - size_t len); - void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, - int prot, struct wpabuf *buf); - struct dl_list conn; /* struct dpp_connection */ -}; - -/* Local Controller */ -struct dpp_controller { - struct dpp_global *global; - u8 allowed_roles; - int qr_mutual; - int sock; - struct dl_list conn; /* struct dpp_connection */ - char *configurator_params; -}; - -struct dpp_global { - void *msg_ctx; - struct dl_list bootstrap; /* struct dpp_bootstrap_info */ - struct dl_list configurator; /* struct dpp_configurator */ #ifdef CONFIG_DPP2 - struct dl_list controllers; /* struct dpp_relay_controller */ - struct dpp_controller *controller; - struct dl_list tcp_init; /* struct dpp_connection */ - void *cb_ctx; - int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); -#endif /* CONFIG_DPP2 */ -}; - -static const struct dpp_curve_params dpp_curves[] = { - /* The mandatory to support and the default NIST P-256 curve needs to - * be the first entry on this list. */ - { "prime256v1", 32, 32, 16, 32, "P-256", 19, "ES256" }, - { "secp384r1", 48, 48, 24, 48, "P-384", 20, "ES384" }, - { "secp521r1", 64, 64, 32, 66, "P-521", 21, "ES512" }, - { "brainpoolP256r1", 32, 32, 16, 32, "BP-256", 28, "BS256" }, - { "brainpoolP384r1", 48, 48, 24, 48, "BP-384", 29, "BS384" }, - { "brainpoolP512r1", 64, 64, 32, 64, "BP-512", 30, "BS512" }, - { NULL, 0, 0, 0, 0, NULL, 0, NULL } -}; - - -/* Role-specific elements for PKEX */ - -/* NIST P-256 */ -static const u8 pkex_init_x_p256[32] = { - 0x56, 0x26, 0x12, 0xcf, 0x36, 0x48, 0xfe, 0x0b, - 0x07, 0x04, 0xbb, 0x12, 0x22, 0x50, 0xb2, 0x54, - 0xb1, 0x94, 0x64, 0x7e, 0x54, 0xce, 0x08, 0x07, - 0x2e, 0xec, 0xca, 0x74, 0x5b, 0x61, 0x2d, 0x25 - }; -static const u8 pkex_init_y_p256[32] = { - 0x3e, 0x44, 0xc7, 0xc9, 0x8c, 0x1c, 0xa1, 0x0b, - 0x20, 0x09, 0x93, 0xb2, 0xfd, 0xe5, 0x69, 0xdc, - 0x75, 0xbc, 0xad, 0x33, 0xc1, 0xe7, 0xc6, 0x45, - 0x4d, 0x10, 0x1e, 0x6a, 0x3d, 0x84, 0x3c, 0xa4 - }; -static const u8 pkex_resp_x_p256[32] = { - 0x1e, 0xa4, 0x8a, 0xb1, 0xa4, 0xe8, 0x42, 0x39, - 0xad, 0x73, 0x07, 0xf2, 0x34, 0xdf, 0x57, 0x4f, - 0xc0, 0x9d, 0x54, 0xbe, 0x36, 0x1b, 0x31, 0x0f, - 0x59, 0x91, 0x52, 0x33, 0xac, 0x19, 0x9d, 0x76 -}; -static const u8 pkex_resp_y_p256[32] = { - 0xd9, 0xfb, 0xf6, 0xb9, 0xf5, 0xfa, 0xdf, 0x19, - 0x58, 0xd8, 0x3e, 0xc9, 0x89, 0x7a, 0x35, 0xc1, - 0xbd, 0xe9, 0x0b, 0x77, 0x7a, 0xcb, 0x91, 0x2a, - 0xe8, 0x21, 0x3f, 0x47, 0x52, 0x02, 0x4d, 0x67 -}; - -/* NIST P-384 */ -static const u8 pkex_init_x_p384[48] = { - 0x95, 0x3f, 0x42, 0x9e, 0x50, 0x7f, 0xf9, 0xaa, - 0xac, 0x1a, 0xf2, 0x85, 0x2e, 0x64, 0x91, 0x68, - 0x64, 0xc4, 0x3c, 0xb7, 0x5c, 0xf8, 0xc9, 0x53, - 0x6e, 0x58, 0x4c, 0x7f, 0xc4, 0x64, 0x61, 0xac, - 0x51, 0x8a, 0x6f, 0xfe, 0xab, 0x74, 0xe6, 0x12, - 0x81, 0xac, 0x38, 0x5d, 0x41, 0xe6, 0xb9, 0xa3 -}; -static const u8 pkex_init_y_p384[48] = { - 0x76, 0x2f, 0x68, 0x84, 0xa6, 0xb0, 0x59, 0x29, - 0x83, 0xa2, 0x6c, 0xa4, 0x6c, 0x3b, 0xf8, 0x56, - 0x76, 0x11, 0x2a, 0x32, 0x90, 0xbd, 0x07, 0xc7, - 0x37, 0x39, 0x9d, 0xdb, 0x96, 0xf3, 0x2b, 0xb6, - 0x27, 0xbb, 0x29, 0x3c, 0x17, 0x33, 0x9d, 0x94, - 0xc3, 0xda, 0xac, 0x46, 0xb0, 0x8e, 0x07, 0x18 -}; -static const u8 pkex_resp_x_p384[48] = { - 0xad, 0xbe, 0xd7, 0x1d, 0x3a, 0x71, 0x64, 0x98, - 0x5f, 0xb4, 0xd6, 0x4b, 0x50, 0xd0, 0x84, 0x97, - 0x4b, 0x7e, 0x57, 0x70, 0xd2, 0xd9, 0xf4, 0x92, - 0x2a, 0x3f, 0xce, 0x99, 0xc5, 0x77, 0x33, 0x44, - 0x14, 0x56, 0x92, 0xcb, 0xae, 0x46, 0x64, 0xdf, - 0xe0, 0xbb, 0xd7, 0xb1, 0x29, 0x20, 0x72, 0xdf -}; -static const u8 pkex_resp_y_p384[48] = { - 0xab, 0xa7, 0xdf, 0x52, 0xaa, 0xe2, 0x35, 0x0c, - 0xe3, 0x75, 0x32, 0xe6, 0xbf, 0x06, 0xc8, 0x7c, - 0x38, 0x29, 0x4c, 0xec, 0x82, 0xac, 0xd7, 0xa3, - 0x09, 0xd2, 0x0e, 0x22, 0x5a, 0x74, 0x52, 0xa1, - 0x7e, 0x54, 0x4e, 0xfe, 0xc6, 0x29, 0x33, 0x63, - 0x15, 0xe1, 0x7b, 0xe3, 0x40, 0x1c, 0xca, 0x06 -}; - -/* NIST P-521 */ -static const u8 pkex_init_x_p521[66] = { - 0x00, 0x16, 0x20, 0x45, 0x19, 0x50, 0x95, 0x23, - 0x0d, 0x24, 0xbe, 0x00, 0x87, 0xdc, 0xfa, 0xf0, - 0x58, 0x9a, 0x01, 0x60, 0x07, 0x7a, 0xca, 0x76, - 0x01, 0xab, 0x2d, 0x5a, 0x46, 0xcd, 0x2c, 0xb5, - 0x11, 0x9a, 0xff, 0xaa, 0x48, 0x04, 0x91, 0x38, - 0xcf, 0x86, 0xfc, 0xa4, 0xa5, 0x0f, 0x47, 0x01, - 0x80, 0x1b, 0x30, 0xa3, 0xae, 0xe8, 0x1c, 0x2e, - 0xea, 0xcc, 0xf0, 0x03, 0x9f, 0x77, 0x4c, 0x8d, - 0x97, 0x76 -}; -static const u8 pkex_init_y_p521[66] = { - 0x00, 0xb3, 0x8e, 0x02, 0xe4, 0x2a, 0x63, 0x59, - 0x12, 0xc6, 0x10, 0xba, 0x3a, 0xf9, 0x02, 0x99, - 0x3f, 0x14, 0xf0, 0x40, 0xde, 0x5c, 0xc9, 0x8b, - 0x02, 0x55, 0xfa, 0x91, 0xb1, 0xcc, 0x6a, 0xbd, - 0xe5, 0x62, 0xc0, 0xc5, 0xe3, 0xa1, 0x57, 0x9f, - 0x08, 0x1a, 0xa6, 0xe2, 0xf8, 0x55, 0x90, 0xbf, - 0xf5, 0xa6, 0xc3, 0xd8, 0x52, 0x1f, 0xb7, 0x02, - 0x2e, 0x7c, 0xc8, 0xb3, 0x20, 0x1e, 0x79, 0x8d, - 0x03, 0xa8 -}; -static const u8 pkex_resp_x_p521[66] = { - 0x00, 0x79, 0xe4, 0x4d, 0x6b, 0x5e, 0x12, 0x0a, - 0x18, 0x2c, 0xb3, 0x05, 0x77, 0x0f, 0xc3, 0x44, - 0x1a, 0xcd, 0x78, 0x46, 0x14, 0xee, 0x46, 0x3f, - 0xab, 0xc9, 0x59, 0x7c, 0x85, 0xa0, 0xc2, 0xfb, - 0x02, 0x32, 0x99, 0xde, 0x5d, 0xe1, 0x0d, 0x48, - 0x2d, 0x71, 0x7d, 0x8d, 0x3f, 0x61, 0x67, 0x9e, - 0x2b, 0x8b, 0x12, 0xde, 0x10, 0x21, 0x55, 0x0a, - 0x5b, 0x2d, 0xe8, 0x05, 0x09, 0xf6, 0x20, 0x97, - 0x84, 0xb4 -}; -static const u8 pkex_resp_y_p521[66] = { - 0x00, 0x46, 0x63, 0x39, 0xbe, 0xcd, 0xa4, 0x2d, - 0xca, 0x27, 0x74, 0xd4, 0x1b, 0x91, 0x33, 0x20, - 0x83, 0xc7, 0x3b, 0xa4, 0x09, 0x8b, 0x8e, 0xa3, - 0x88, 0xe9, 0x75, 0x7f, 0x56, 0x7b, 0x38, 0x84, - 0x62, 0x02, 0x7c, 0x90, 0x51, 0x07, 0xdb, 0xe9, - 0xd0, 0xde, 0xda, 0x9a, 0x5d, 0xe5, 0x94, 0xd2, - 0xcf, 0x9d, 0x4c, 0x33, 0x91, 0xa6, 0xc3, 0x80, - 0xa7, 0x6e, 0x7e, 0x8d, 0xf8, 0x73, 0x6e, 0x53, - 0xce, 0xe1 -}; - -/* Brainpool P-256r1 */ -static const u8 pkex_init_x_bp_p256r1[32] = { - 0x46, 0x98, 0x18, 0x6c, 0x27, 0xcd, 0x4b, 0x10, - 0x7d, 0x55, 0xa3, 0xdd, 0x89, 0x1f, 0x9f, 0xca, - 0xc7, 0x42, 0x5b, 0x8a, 0x23, 0xed, 0xf8, 0x75, - 0xac, 0xc7, 0xe9, 0x8d, 0xc2, 0x6f, 0xec, 0xd8 -}; -static const u8 pkex_init_y_bp_p256r1[32] = { - 0x93, 0xca, 0xef, 0xa9, 0x66, 0x3e, 0x87, 0xcd, - 0x52, 0x6e, 0x54, 0x13, 0xef, 0x31, 0x67, 0x30, - 0x15, 0x13, 0x9d, 0x6d, 0xc0, 0x95, 0x32, 0xbe, - 0x4f, 0xab, 0x5d, 0xf7, 0xbf, 0x5e, 0xaa, 0x0b -}; -static const u8 pkex_resp_x_bp_p256r1[32] = { - 0x90, 0x18, 0x84, 0xc9, 0xdc, 0xcc, 0xb5, 0x2f, - 0x4a, 0x3f, 0x4f, 0x18, 0x0a, 0x22, 0x56, 0x6a, - 0xa9, 0xef, 0xd4, 0xe6, 0xc3, 0x53, 0xc2, 0x1a, - 0x23, 0x54, 0xdd, 0x08, 0x7e, 0x10, 0xd8, 0xe3 -}; -static const u8 pkex_resp_y_bp_p256r1[32] = { - 0x2a, 0xfa, 0x98, 0x9b, 0xe3, 0xda, 0x30, 0xfd, - 0x32, 0x28, 0xcb, 0x66, 0xfb, 0x40, 0x7f, 0xf2, - 0xb2, 0x25, 0x80, 0x82, 0x44, 0x85, 0x13, 0x7e, - 0x4b, 0xb5, 0x06, 0xc0, 0x03, 0x69, 0x23, 0x64 -}; - -/* Brainpool P-384r1 */ -static const u8 pkex_init_x_bp_p384r1[48] = { - 0x0a, 0x2c, 0xeb, 0x49, 0x5e, 0xb7, 0x23, 0xbd, - 0x20, 0x5b, 0xe0, 0x49, 0xdf, 0xcf, 0xcf, 0x19, - 0x37, 0x36, 0xe1, 0x2f, 0x59, 0xdb, 0x07, 0x06, - 0xb5, 0xeb, 0x2d, 0xae, 0xc2, 0xb2, 0x38, 0x62, - 0xa6, 0x73, 0x09, 0xa0, 0x6c, 0x0a, 0xa2, 0x30, - 0x99, 0xeb, 0xf7, 0x1e, 0x47, 0xb9, 0x5e, 0xbe -}; -static const u8 pkex_init_y_bp_p384r1[48] = { - 0x54, 0x76, 0x61, 0x65, 0x75, 0x5a, 0x2f, 0x99, - 0x39, 0x73, 0xca, 0x6c, 0xf9, 0xf7, 0x12, 0x86, - 0x54, 0xd5, 0xd4, 0xad, 0x45, 0x7b, 0xbf, 0x32, - 0xee, 0x62, 0x8b, 0x9f, 0x52, 0xe8, 0xa0, 0xc9, - 0xb7, 0x9d, 0xd1, 0x09, 0xb4, 0x79, 0x1c, 0x3e, - 0x1a, 0xbf, 0x21, 0x45, 0x66, 0x6b, 0x02, 0x52 -}; -static const u8 pkex_resp_x_bp_p384r1[48] = { - 0x03, 0xa2, 0x57, 0xef, 0xe8, 0x51, 0x21, 0xa0, - 0xc8, 0x9e, 0x21, 0x02, 0xb5, 0x9a, 0x36, 0x25, - 0x74, 0x22, 0xd1, 0xf2, 0x1b, 0xa8, 0x9a, 0x9b, - 0x97, 0xbc, 0x5a, 0xeb, 0x26, 0x15, 0x09, 0x71, - 0x77, 0x59, 0xec, 0x8b, 0xb7, 0xe1, 0xe8, 0xce, - 0x65, 0xb8, 0xaf, 0xf8, 0x80, 0xae, 0x74, 0x6c -}; -static const u8 pkex_resp_y_bp_p384r1[48] = { - 0x2f, 0xd9, 0x6a, 0xc7, 0x3e, 0xec, 0x76, 0x65, - 0x2d, 0x38, 0x7f, 0xec, 0x63, 0x26, 0x3f, 0x04, - 0xd8, 0x4e, 0xff, 0xe1, 0x0a, 0x51, 0x74, 0x70, - 0xe5, 0x46, 0x63, 0x7f, 0x5c, 0xc0, 0xd1, 0x7c, - 0xfb, 0x2f, 0xea, 0xe2, 0xd8, 0x0f, 0x84, 0xcb, - 0xe9, 0x39, 0x5c, 0x64, 0xfe, 0xcb, 0x2f, 0xf1 -}; - -/* Brainpool P-512r1 */ -static const u8 pkex_init_x_bp_p512r1[64] = { - 0x4c, 0xe9, 0xb6, 0x1c, 0xe2, 0x00, 0x3c, 0x9c, - 0xa9, 0xc8, 0x56, 0x52, 0xaf, 0x87, 0x3e, 0x51, - 0x9c, 0xbb, 0x15, 0x31, 0x1e, 0xc1, 0x05, 0xfc, - 0x7c, 0x77, 0xd7, 0x37, 0x61, 0x27, 0xd0, 0x95, - 0x98, 0xee, 0x5d, 0xa4, 0x3d, 0x09, 0xdb, 0x3d, - 0xfa, 0x89, 0x9e, 0x7f, 0xa6, 0xa6, 0x9c, 0xff, - 0x83, 0x5c, 0x21, 0x6c, 0x3e, 0xf2, 0xfe, 0xdc, - 0x63, 0xe4, 0xd1, 0x0e, 0x75, 0x45, 0x69, 0x0f -}; -static const u8 pkex_init_y_bp_p512r1[64] = { - 0x50, 0xb5, 0x9b, 0xfa, 0x45, 0x67, 0x75, 0x94, - 0x44, 0xe7, 0x68, 0xb0, 0xeb, 0x3e, 0xb3, 0xb8, - 0xf9, 0x99, 0x05, 0xef, 0xae, 0x6c, 0xbc, 0xe3, - 0xe1, 0xd2, 0x51, 0x54, 0xdf, 0x59, 0xd4, 0x45, - 0x41, 0x3a, 0xa8, 0x0b, 0x76, 0x32, 0x44, 0x0e, - 0x07, 0x60, 0x3a, 0x6e, 0xbe, 0xfe, 0xe0, 0x58, - 0x52, 0xa0, 0xaa, 0x8b, 0xd8, 0x5b, 0xf2, 0x71, - 0x11, 0x9a, 0x9e, 0x8f, 0x1a, 0xd1, 0xc9, 0x99 -}; -static const u8 pkex_resp_x_bp_p512r1[64] = { - 0x2a, 0x60, 0x32, 0x27, 0xa1, 0xe6, 0x94, 0x72, - 0x1c, 0x48, 0xbe, 0xc5, 0x77, 0x14, 0x30, 0x76, - 0xe4, 0xbf, 0xf7, 0x7b, 0xc5, 0xfd, 0xdf, 0x19, - 0x1e, 0x0f, 0xdf, 0x1c, 0x40, 0xfa, 0x34, 0x9e, - 0x1f, 0x42, 0x24, 0xa3, 0x2c, 0xd5, 0xc7, 0xc9, - 0x7b, 0x47, 0x78, 0x96, 0xf1, 0x37, 0x0e, 0x88, - 0xcb, 0xa6, 0x52, 0x29, 0xd7, 0xa8, 0x38, 0x29, - 0x8e, 0x6e, 0x23, 0x47, 0xd4, 0x4b, 0x70, 0x3e -}; -static const u8 pkex_resp_y_bp_p512r1[64] = { - 0x80, 0x1f, 0x43, 0xd2, 0x17, 0x35, 0xec, 0x81, - 0xd9, 0x4b, 0xdc, 0x81, 0x19, 0xd9, 0x5f, 0x68, - 0x16, 0x84, 0xfe, 0x63, 0x4b, 0x8d, 0x5d, 0xaa, - 0x88, 0x4a, 0x47, 0x48, 0xd4, 0xea, 0xab, 0x7d, - 0x6a, 0xbf, 0xe1, 0x28, 0x99, 0x6a, 0x87, 0x1c, - 0x30, 0xb4, 0x44, 0x2d, 0x75, 0xac, 0x35, 0x09, - 0x73, 0x24, 0x3d, 0xb4, 0x43, 0xb1, 0xc1, 0x56, - 0x56, 0xad, 0x30, 0x87, 0xf4, 0xc3, 0x00, 0xc7 -}; - - -static void dpp_debug_print_point(const char *title, const EC_GROUP *group, - const EC_POINT *point) -{ - BIGNUM *x, *y; - BN_CTX *ctx; - char *x_str = NULL, *y_str = NULL; - - if (!wpa_debug_show_keys) - return; - - ctx = BN_CTX_new(); - x = BN_new(); - y = BN_new(); - if (!ctx || !x || !y || - EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx) != 1) - goto fail; - - x_str = BN_bn2hex(x); - y_str = BN_bn2hex(y); - if (!x_str || !y_str) - goto fail; - - wpa_printf(MSG_DEBUG, "%s (%s,%s)", title, x_str, y_str); - -fail: - OPENSSL_free(x_str); - OPENSSL_free(y_str); - BN_free(x); - BN_free(y); - BN_CTX_free(ctx); -} - - -static int dpp_hash_vector(const struct dpp_curve_params *curve, - size_t num_elem, const u8 *addr[], const size_t *len, - u8 *mac) -{ - if (curve->hash_len == 32) - return sha256_vector(num_elem, addr, len, mac); - if (curve->hash_len == 48) - return sha384_vector(num_elem, addr, len, mac); - if (curve->hash_len == 64) - return sha512_vector(num_elem, addr, len, mac); - return -1; -} - - -static int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len, - const char *label, u8 *out, size_t outlen) -{ - if (hash_len == 32) - return hmac_sha256_kdf(secret, secret_len, NULL, - (const u8 *) label, os_strlen(label), - out, outlen); - if (hash_len == 48) - return hmac_sha384_kdf(secret, secret_len, NULL, - (const u8 *) label, os_strlen(label), - out, outlen); - if (hash_len == 64) - return hmac_sha512_kdf(secret, secret_len, NULL, - (const u8 *) label, os_strlen(label), - out, outlen); - return -1; -} - - -static int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len, - size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac) -{ - if (hash_len == 32) - return hmac_sha256_vector(key, key_len, num_elem, addr, len, - mac); - if (hash_len == 48) - return hmac_sha384_vector(key, key_len, num_elem, addr, len, - mac); - if (hash_len == 64) - return hmac_sha512_vector(key, key_len, num_elem, addr, len, - mac); - return -1; -} - - -static int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len, - const u8 *data, size_t data_len, u8 *mac) -{ - if (hash_len == 32) - return hmac_sha256(key, key_len, data, data_len, mac); - if (hash_len == 48) - return hmac_sha384(key, key_len, data, data_len, mac); - if (hash_len == 64) - return hmac_sha512(key, key_len, data, data_len, mac); - return -1; -} - - -static int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len) -{ - int num_bytes, offset; - - num_bytes = BN_num_bytes(bn); - if ((size_t) num_bytes > len) - return -1; - offset = len - num_bytes; - os_memset(pos, 0, offset); - BN_bn2bin(bn, pos + offset); - return 0; -} - - -static struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix) -{ - int len, res; - EC_KEY *eckey; - struct wpabuf *buf; - unsigned char *pos; - - eckey = EVP_PKEY_get1_EC_KEY(pkey); - if (!eckey) - return NULL; - EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED); - len = i2o_ECPublicKey(eckey, NULL); - if (len <= 0) { - wpa_printf(MSG_ERROR, - "DDP: Failed to determine public key encoding length"); - EC_KEY_free(eckey); - return NULL; - } - - buf = wpabuf_alloc(len); - if (!buf) { - EC_KEY_free(eckey); - return NULL; - } - - pos = wpabuf_put(buf, len); - res = i2o_ECPublicKey(eckey, &pos); - EC_KEY_free(eckey); - if (res != len) { - wpa_printf(MSG_ERROR, - "DDP: Failed to encode public key (res=%d/%d)", - res, len); - wpabuf_free(buf); - return NULL; - } - - if (!prefix) { - /* Remove 0x04 prefix to match DPP definition */ - pos = wpabuf_mhead(buf); - os_memmove(pos, pos + 1, len - 1); - buf->used--; - } - - return buf; -} - - -static EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group, - const u8 *buf_x, const u8 *buf_y, - size_t len) -{ - EC_KEY *eckey = NULL; - BN_CTX *ctx; - EC_POINT *point = NULL; - BIGNUM *x = NULL, *y = NULL; - EVP_PKEY *pkey = NULL; - - ctx = BN_CTX_new(); - if (!ctx) { - wpa_printf(MSG_ERROR, "DPP: Out of memory"); - return NULL; - } - - point = EC_POINT_new(group); - x = BN_bin2bn(buf_x, len, NULL); - y = BN_bin2bn(buf_y, len, NULL); - if (!point || !x || !y) { - wpa_printf(MSG_ERROR, "DPP: Out of memory"); - goto fail; - } - - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { - wpa_printf(MSG_ERROR, - "DPP: OpenSSL: EC_POINT_set_affine_coordinates_GFp failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (!EC_POINT_is_on_curve(group, point, ctx) || - EC_POINT_is_at_infinity(group, point)) { - wpa_printf(MSG_ERROR, "DPP: Invalid point"); - goto fail; - } - dpp_debug_print_point("DPP: dpp_set_pubkey_point_group", group, point); - - eckey = EC_KEY_new(); - if (!eckey || - EC_KEY_set_group(eckey, group) != 1 || - EC_KEY_set_public_key(eckey, point) != 1) { - wpa_printf(MSG_ERROR, - "DPP: Failed to set EC_KEY: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); - - pkey = EVP_PKEY_new(); - if (!pkey || EVP_PKEY_set1_EC_KEY(pkey, eckey) != 1) { - wpa_printf(MSG_ERROR, "DPP: Could not create EVP_PKEY"); - goto fail; - } - -out: - BN_free(x); - BN_free(y); - EC_KEY_free(eckey); - EC_POINT_free(point); - BN_CTX_free(ctx); - return pkey; -fail: - EVP_PKEY_free(pkey); - pkey = NULL; - goto out; -} - - -static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, - const u8 *buf, size_t len) +static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { - EC_KEY *eckey; - const EC_GROUP *group; - EVP_PKEY *pkey = NULL; - - if (len & 1) - return NULL; - - eckey = EVP_PKEY_get1_EC_KEY(group_key); - if (!eckey) { - wpa_printf(MSG_ERROR, - "DPP: Could not get EC_KEY from group_key"); + if (pkey->type != EVP_PKEY_EC) return NULL; - } - - group = EC_KEY_get0_group(eckey); - if (group) - pkey = dpp_set_pubkey_point_group(group, buf, buf + len / 2, - len / 2); - else - wpa_printf(MSG_ERROR, "DPP: Could not get EC group"); - - EC_KEY_free(eckey); - return pkey; + return pkey->pkey.ec; } +#endif /* CONFIG_DPP2 */ - -static int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, - u8 *secret, size_t *secret_len) -{ - EVP_PKEY_CTX *ctx; - int ret = -1; - - ERR_clear_error(); - *secret_len = 0; - - ctx = EVP_PKEY_CTX_new(own, NULL); - if (!ctx) { - wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - return -1; - } - - if (EVP_PKEY_derive_init(ctx) != 1) { - wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_derive_init failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (EVP_PKEY_derive_set_peer(ctx, peer) != 1) { - wpa_printf(MSG_ERROR, - "DPP: EVP_PKEY_derive_set_peet failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (EVP_PKEY_derive(ctx, NULL, secret_len) != 1) { - wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_derive(NULL) failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) { - u8 buf[200]; - int level = *secret_len > 200 ? MSG_ERROR : MSG_DEBUG; - - /* It looks like OpenSSL can return unexpectedly large buffer - * need for shared secret from EVP_PKEY_derive(NULL) in some - * cases. For example, group 19 has shown cases where secret_len - * is set to 72 even though the actual length ends up being - * updated to 32 when EVP_PKEY_derive() is called with a buffer - * for the value. Work around this by trying to fetch the value - * and continue if it is within supported range even when the - * initial buffer need is claimed to be larger. */ - wpa_printf(level, - "DPP: Unexpected secret_len=%d from EVP_PKEY_derive()", - (int) *secret_len); - if (*secret_len > 200) - goto fail; - if (EVP_PKEY_derive(ctx, buf, secret_len) != 1) { - wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_derive failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) { - wpa_printf(MSG_ERROR, - "DPP: Unexpected secret_len=%d from EVP_PKEY_derive()", - (int) *secret_len); - goto fail; - } - wpa_hexdump_key(MSG_DEBUG, "DPP: Unexpected secret_len change", - buf, *secret_len); - os_memcpy(secret, buf, *secret_len); - forced_memzero(buf, sizeof(buf)); - goto done; - } - - if (EVP_PKEY_derive(ctx, secret, secret_len) != 1) { - wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_derive failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - -done: - ret = 0; - -fail: - EVP_PKEY_CTX_free(ctx); - return ret; -} +#endif -static void dpp_auth_fail(struct dpp_authentication *auth, const char *txt) +void dpp_auth_fail(struct dpp_authentication *auth, const char *txt) { wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt); } @@ -742,6 +102,34 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len) } +static const u8 * dpp_get_attr_next(const u8 *prev, const u8 *buf, size_t len, + u16 req_id, u16 *ret_len) +{ + u16 id, alen; + const u8 *pos, *end = buf + len; + + if (!prev) + pos = buf; + else + pos = prev + WPA_GET_LE16(prev - 2); + while (end - pos >= 4) { + id = WPA_GET_LE16(pos); + pos += 2; + alen = WPA_GET_LE16(pos); + pos += 2; + if (alen > end - pos) + return NULL; + if (id == req_id) { + *ret_len = alen; + return pos; + } + pos += alen; + } + + return NULL; +} + + int dpp_check_attrs(const u8 *buf, size_t len) { const u8 *pos, *end; @@ -790,7 +178,10 @@ void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info) return; os_free(info->uri); os_free(info->info); + os_free(info->chan); + os_free(info->pk); EVP_PKEY_free(info->pubkey); + str_clear_free(info->configurator_params); os_free(info); } @@ -802,6 +193,8 @@ const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type) return "QRCODE"; case DPP_BOOTSTRAP_PKEX: return "PKEX"; + case DPP_BOOTSTRAP_NFC_URI: + return "NFC-URI"; } return "??"; } @@ -852,6 +245,7 @@ int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, wpa_printf(MSG_DEBUG, "DPP: URI channel-list: opclass=%d channel=%d ==> freq=%d", opclass, channel, freq); + bi->channels_listed = true; if (freq < 0) { wpa_printf(MSG_DEBUG, "DPP: Ignore unknown URI channel-list channel (opclass=%d channel=%d)", @@ -920,67 +314,38 @@ int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info) } -static const struct dpp_curve_params * -dpp_get_curve_oid(const ASN1_OBJECT *poid) +int dpp_parse_uri_version(struct dpp_bootstrap_info *bi, const char *version) { - ASN1_OBJECT *oid; - int i; - - for (i = 0; dpp_curves[i].name; i++) { - oid = OBJ_txt2obj(dpp_curves[i].name, 0); - if (oid && OBJ_cmp(poid, oid) == 0) - return &dpp_curves[i]; - } - return NULL; -} +#ifdef CONFIG_DPP2 + if (!version || DPP_VERSION < 2) + return 0; + if (*version == '1') + bi->version = 1; + else if (*version == '2') + bi->version = 2; + else + wpa_printf(MSG_DEBUG, "DPP: Unknown URI version"); -static const struct dpp_curve_params * dpp_get_curve_nid(int nid) -{ - int i, tmp; + wpa_printf(MSG_DEBUG, "DPP: URI version: %d", bi->version); +#endif /* CONFIG_DPP2 */ - if (!nid) - return NULL; - for (i = 0; dpp_curves[i].name; i++) { - tmp = OBJ_txt2nid(dpp_curves[i].name); - if (tmp == nid) - return &dpp_curves[i]; - } - return NULL; + return 0; } static int dpp_parse_uri_pk(struct dpp_bootstrap_info *bi, const char *info) { - const char *end; u8 *data; size_t data_len; - EVP_PKEY *pkey; - const unsigned char *p; int res; - X509_PUBKEY *pub = NULL; - ASN1_OBJECT *ppkalg; - const unsigned char *pk; - int ppklen; - X509_ALGOR *pa; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - (defined(LIBRESSL_VERSION_NUMBER) && \ - LIBRESSL_VERSION_NUMBER < 0x20800000L) - ASN1_OBJECT *pa_oid; -#else - const ASN1_OBJECT *pa_oid; -#endif - const void *pval; - int ptype; - const ASN1_OBJECT *poid; - char buf[100]; + const char *end; end = os_strchr(info, ';'); if (!end) return -1; - data = base64_decode((const unsigned char *) info, end - info, - &data_len); + data = base64_decode(info, end - info, &data_len); if (!data) { wpa_printf(MSG_DEBUG, "DPP: Invalid base64 encoding on URI public-key"); @@ -989,104 +354,9 @@ static int dpp_parse_uri_pk(struct dpp_bootstrap_info *bi, const char *info) wpa_hexdump(MSG_DEBUG, "DPP: Base64 decoded URI public-key", data, data_len); - if (sha256_vector(1, (const u8 **) &data, &data_len, - bi->pubkey_hash) < 0) { - wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); - os_free(data); - return -1; - } - wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", - bi->pubkey_hash, SHA256_MAC_LEN); - - /* DER encoded ASN.1 SubjectPublicKeyInfo - * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * subjectPublicKey = compressed format public key per ANSI X9.63 - * algorithm = ecPublicKey (1.2.840.10045.2.1) - * parameters = shall be present and shall be OBJECT IDENTIFIER; e.g., - * prime256v1 (1.2.840.10045.3.1.7) - */ - - p = data; - pkey = d2i_PUBKEY(NULL, &p, data_len); + res = dpp_get_subject_public_key(bi, data, data_len); os_free(data); - - if (!pkey) { - wpa_printf(MSG_DEBUG, - "DPP: Could not parse URI public-key SubjectPublicKeyInfo"); - return -1; - } - - if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { - wpa_printf(MSG_DEBUG, - "DPP: SubjectPublicKeyInfo does not describe an EC key"); - EVP_PKEY_free(pkey); - return -1; - } - - res = X509_PUBKEY_set(&pub, pkey); - if (res != 1) { - wpa_printf(MSG_DEBUG, "DPP: Could not set pubkey"); - goto fail; - } - - res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub); - if (res != 1) { - wpa_printf(MSG_DEBUG, - "DPP: Could not extract SubjectPublicKeyInfo parameters"); - goto fail; - } - res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0); - if (res < 0 || (size_t) res >= sizeof(buf)) { - wpa_printf(MSG_DEBUG, - "DPP: Could not extract SubjectPublicKeyInfo algorithm"); - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: URI subjectPublicKey algorithm: %s", buf); - if (os_strcmp(buf, "id-ecPublicKey") != 0) { - wpa_printf(MSG_DEBUG, - "DPP: Unsupported SubjectPublicKeyInfo algorithm"); - goto fail; - } - - X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa); - if (ptype != V_ASN1_OBJECT) { - wpa_printf(MSG_DEBUG, - "DPP: SubjectPublicKeyInfo parameters did not contain an OID"); - goto fail; - } - poid = pval; - res = OBJ_obj2txt(buf, sizeof(buf), poid, 0); - if (res < 0 || (size_t) res >= sizeof(buf)) { - wpa_printf(MSG_DEBUG, - "DPP: Could not extract SubjectPublicKeyInfo parameters OID"); - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: URI subjectPublicKey parameters: %s", buf); - bi->curve = dpp_get_curve_oid(poid); - if (!bi->curve) { - wpa_printf(MSG_DEBUG, - "DPP: Unsupported SubjectPublicKeyInfo curve: %s", - buf); - goto fail; - } - - wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen); - - X509_PUBKEY_free(pub); - bi->pubkey = pkey; - return 0; -fail: - X509_PUBKEY_free(pub); - EVP_PKEY_free(pkey); - return -1; + return res; } @@ -1095,6 +365,7 @@ static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri) const char *pos = uri; const char *end; const char *chan_list = NULL, *mac = NULL, *info = NULL, *pk = NULL; + const char *version = NULL; struct dpp_bootstrap_info *bi; wpa_hexdump_ascii(MSG_DEBUG, "DPP: URI", uri, os_strlen(uri)); @@ -1125,6 +396,8 @@ static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri) info = pos + 2; else if (pos[0] == 'K' && pos[1] == ':' && !pk) pk = pos + 2; + else if (pos[0] == 'V' && pos[1] == ':' && !version) + version = pos + 2; else wpa_hexdump_ascii(MSG_DEBUG, "DPP: Ignore unrecognized URI parameter", @@ -1145,6 +418,7 @@ static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri) dpp_parse_uri_chan_list(bi, chan_list) < 0 || dpp_parse_uri_mac(bi, mac) < 0 || dpp_parse_uri_info(bi, info) < 0 || + dpp_parse_uri_version(bi, version) < 0 || dpp_parse_uri_pk(bi, pk) < 0) { dpp_bootstrap_info_free(bi); bi = NULL; @@ -1154,486 +428,7 @@ static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri) } -struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri) -{ - struct dpp_bootstrap_info *bi; - - bi = dpp_parse_uri(uri); - if (bi) - bi->type = DPP_BOOTSTRAP_QR_CODE; - return bi; -} - - -static void dpp_debug_print_key(const char *title, EVP_PKEY *key) -{ - EC_KEY *eckey; - BIO *out; - size_t rlen; - char *txt; - int res; - unsigned char *der = NULL; - int der_len; - const EC_GROUP *group; - const EC_POINT *point; - - out = BIO_new(BIO_s_mem()); - if (!out) - return; - - EVP_PKEY_print_private(out, key, 0, NULL); - rlen = BIO_ctrl_pending(out); - txt = os_malloc(rlen + 1); - if (txt) { - res = BIO_read(out, txt, rlen); - if (res > 0) { - txt[res] = '\0'; - wpa_printf(MSG_DEBUG, "%s: %s", title, txt); - } - os_free(txt); - } - BIO_free(out); - - eckey = EVP_PKEY_get1_EC_KEY(key); - if (!eckey) - return; - - group = EC_KEY_get0_group(eckey); - point = EC_KEY_get0_public_key(eckey); - if (group && point) - dpp_debug_print_point(title, group, point); - - der_len = i2d_ECPrivateKey(eckey, &der); - if (der_len > 0) - wpa_hexdump_key(MSG_DEBUG, "DPP: ECPrivateKey", der, der_len); - OPENSSL_free(der); - if (der_len <= 0) { - der = NULL; - der_len = i2d_EC_PUBKEY(eckey, &der); - if (der_len > 0) - wpa_hexdump(MSG_DEBUG, "DPP: EC_PUBKEY", der, der_len); - OPENSSL_free(der); - } - - EC_KEY_free(eckey); -} - - -static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) -{ - EVP_PKEY_CTX *kctx = NULL; - EC_KEY *ec_params = NULL; - EVP_PKEY *params = NULL, *key = NULL; - int nid; - - wpa_printf(MSG_DEBUG, "DPP: Generating a keypair"); - - nid = OBJ_txt2nid(curve->name); - if (nid == NID_undef) { - wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name); - return NULL; - } - - ec_params = EC_KEY_new_by_curve_name(nid); - if (!ec_params) { - wpa_printf(MSG_ERROR, - "DPP: Failed to generate EC_KEY parameters"); - goto fail; - } - EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE); - params = EVP_PKEY_new(); - if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) { - wpa_printf(MSG_ERROR, - "DPP: Failed to generate EVP_PKEY parameters"); - goto fail; - } - - kctx = EVP_PKEY_CTX_new(params, NULL); - if (!kctx || - EVP_PKEY_keygen_init(kctx) != 1 || - EVP_PKEY_keygen(kctx, &key) != 1) { - wpa_printf(MSG_ERROR, "DPP: Failed to generate EC key"); - key = NULL; - goto fail; - } - - if (wpa_debug_show_keys) - dpp_debug_print_key("Own generated key", key); - -fail: - EC_KEY_free(ec_params); - EVP_PKEY_free(params); - EVP_PKEY_CTX_free(kctx); - return key; -} - - -static const struct dpp_curve_params * -dpp_get_curve_name(const char *name) -{ - int i; - - for (i = 0; dpp_curves[i].name; i++) { - if (os_strcmp(name, dpp_curves[i].name) == 0 || - (dpp_curves[i].jwk_crv && - os_strcmp(name, dpp_curves[i].jwk_crv) == 0)) - return &dpp_curves[i]; - } - return NULL; -} - - -static const struct dpp_curve_params * -dpp_get_curve_jwk_crv(const char *name) -{ - int i; - - for (i = 0; dpp_curves[i].name; i++) { - if (dpp_curves[i].jwk_crv && - os_strcmp(name, dpp_curves[i].jwk_crv) == 0) - return &dpp_curves[i]; - } - return NULL; -} - - -static EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve, - const u8 *privkey, size_t privkey_len) -{ - EVP_PKEY *pkey; - EC_KEY *eckey; - const EC_GROUP *group; - int nid; - - pkey = EVP_PKEY_new(); - if (!pkey) - return NULL; - eckey = d2i_ECPrivateKey(NULL, &privkey, privkey_len); - if (!eckey) { - wpa_printf(MSG_INFO, - "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - EVP_PKEY_free(pkey); - return NULL; - } - group = EC_KEY_get0_group(eckey); - if (!group) { - EC_KEY_free(eckey); - EVP_PKEY_free(pkey); - return NULL; - } - nid = EC_GROUP_get_curve_name(group); - *curve = dpp_get_curve_nid(nid); - if (!*curve) { - wpa_printf(MSG_INFO, - "DPP: Unsupported curve (nid=%d) in pre-assigned key", - nid); - EC_KEY_free(eckey); - EVP_PKEY_free(pkey); - return NULL; - } - - if (EVP_PKEY_assign_EC_KEY(pkey, eckey) != 1) { - EC_KEY_free(eckey); - EVP_PKEY_free(pkey); - return NULL; - } - return pkey; -} - - -typedef struct { - /* AlgorithmIdentifier ecPublicKey with optional parameters present - * as an OID identifying the curve */ - X509_ALGOR *alg; - /* Compressed format public key per ANSI X9.63 */ - ASN1_BIT_STRING *pub_key; -} DPP_BOOTSTRAPPING_KEY; - -ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = { - ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR), - ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY); - -IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY); - - -static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key) -{ - unsigned char *der = NULL; - int der_len; - EC_KEY *eckey; - struct wpabuf *ret = NULL; - size_t len; - const EC_GROUP *group; - const EC_POINT *point; - BN_CTX *ctx; - DPP_BOOTSTRAPPING_KEY *bootstrap = NULL; - int nid; - - ctx = BN_CTX_new(); - eckey = EVP_PKEY_get1_EC_KEY(key); - if (!ctx || !eckey) - goto fail; - - group = EC_KEY_get0_group(eckey); - point = EC_KEY_get0_public_key(eckey); - if (!group || !point) - goto fail; - dpp_debug_print_point("DPP: bootstrap public key", group, point); - nid = EC_GROUP_get_curve_name(group); - - bootstrap = DPP_BOOTSTRAPPING_KEY_new(); - if (!bootstrap || - X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC), - V_ASN1_OBJECT, (void *) OBJ_nid2obj(nid)) != 1) - goto fail; - - len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, - NULL, 0, ctx); - if (len == 0) - goto fail; - - der = OPENSSL_malloc(len); - if (!der) - goto fail; - len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, - der, len, ctx); - - OPENSSL_free(bootstrap->pub_key->data); - bootstrap->pub_key->data = der; - der = NULL; - bootstrap->pub_key->length = len; - /* No unused bits */ - bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; - - der_len = i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der); - if (der_len <= 0) { - wpa_printf(MSG_ERROR, - "DDP: Failed to build DER encoded public key"); - goto fail; - } - - ret = wpabuf_alloc_copy(der, der_len); -fail: - DPP_BOOTSTRAPPING_KEY_free(bootstrap); - OPENSSL_free(der); - EC_KEY_free(eckey); - BN_CTX_free(ctx); - return ret; -} - - -int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi) -{ - struct wpabuf *der; - int res; - const u8 *addr[1]; - size_t len[1]; - - der = dpp_bootstrap_key_der(bi->pubkey); - if (!der) - return -1; - wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)", - der); - - addr[0] = wpabuf_head(der); - len[0] = wpabuf_len(der); - res = sha256_vector(1, addr, len, bi->pubkey_hash); - if (res < 0) - wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); - else - wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash, - SHA256_MAC_LEN); - wpabuf_free(der); - return res; -} - - -char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, - const u8 *privkey, size_t privkey_len) -{ - unsigned char *base64 = NULL; - char *pos, *end; - size_t len; - struct wpabuf *der = NULL; - const u8 *addr[1]; - int res; - - if (!curve) { - bi->curve = &dpp_curves[0]; - } else { - bi->curve = dpp_get_curve_name(curve); - if (!bi->curve) { - wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", - curve); - return NULL; - } - } - if (privkey) - bi->pubkey = dpp_set_keypair(&bi->curve, privkey, privkey_len); - else - bi->pubkey = dpp_gen_keypair(bi->curve); - if (!bi->pubkey) - goto fail; - bi->own = 1; - - der = dpp_bootstrap_key_der(bi->pubkey); - if (!der) - goto fail; - wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)", - der); - - addr[0] = wpabuf_head(der); - len = wpabuf_len(der); - res = sha256_vector(1, addr, &len, bi->pubkey_hash); - if (res < 0) { - wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash, - SHA256_MAC_LEN); - - base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len); - wpabuf_free(der); - der = NULL; - if (!base64) - goto fail; - pos = (char *) base64; - end = pos + len; - for (;;) { - pos = os_strchr(pos, '\n'); - if (!pos) - break; - os_memmove(pos, pos + 1, end - pos); - } - return (char *) base64; -fail: - os_free(base64); - wpabuf_free(der); - return NULL; -} - - -static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, - unsigned int hash_len) -{ - u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN]; - const char *info = "first intermediate key"; - int res; - - /* k1 = HKDF(<>, "first intermediate key", M.x) */ - - /* HKDF-Extract(<>, M.x) */ - os_memset(salt, 0, hash_len); - if (dpp_hmac(hash_len, salt, hash_len, Mx, Mx_len, prk) < 0) - return -1; - wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=M.x)", - prk, hash_len); - - /* HKDF-Expand(PRK, info, L) */ - res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len); - os_memset(prk, 0, hash_len); - if (res < 0) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "DPP: k1 = HKDF-Expand(PRK, info, L)", - k1, hash_len); - return 0; -} - - -static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, - unsigned int hash_len) -{ - u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN]; - const char *info = "second intermediate key"; - int res; - - /* k2 = HKDF(<>, "second intermediate key", N.x) */ - - /* HKDF-Extract(<>, N.x) */ - os_memset(salt, 0, hash_len); - res = dpp_hmac(hash_len, salt, hash_len, Nx, Nx_len, prk); - if (res < 0) - return -1; - wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=N.x)", - prk, hash_len); - - /* HKDF-Expand(PRK, info, L) */ - res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len); - os_memset(prk, 0, hash_len); - if (res < 0) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "DPP: k2 = HKDF-Expand(PRK, info, L)", - k2, hash_len); - return 0; -} - - -static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke, - unsigned int hash_len) -{ - size_t nonce_len; - u8 nonces[2 * DPP_MAX_NONCE_LEN]; - const char *info_ke = "DPP Key"; - u8 prk[DPP_MAX_HASH_LEN]; - int res; - const u8 *addr[3]; - size_t len[3]; - size_t num_elem = 0; - - if (!auth->Mx_len || !auth->Nx_len) { - wpa_printf(MSG_DEBUG, - "DPP: Mx/Nx not available - cannot derive ke"); - return -1; - } - - /* ke = HKDF(I-nonce | R-nonce, "DPP Key", M.x | N.x [| L.x]) */ - - /* HKDF-Extract(I-nonce | R-nonce, M.x | N.x [| L.x]) */ - nonce_len = auth->curve->nonce_len; - os_memcpy(nonces, auth->i_nonce, nonce_len); - os_memcpy(&nonces[nonce_len], auth->r_nonce, nonce_len); - addr[num_elem] = auth->Mx; - len[num_elem] = auth->Mx_len; - num_elem++; - addr[num_elem] = auth->Nx; - len[num_elem] = auth->Nx_len; - num_elem++; - if (auth->peer_bi && auth->own_bi) { - if (!auth->Lx_len) { - wpa_printf(MSG_DEBUG, - "DPP: Lx not available - cannot derive ke"); - return -1; - } - addr[num_elem] = auth->Lx; - len[num_elem] = auth->secret_len; - num_elem++; - } - res = dpp_hmac_vector(hash_len, nonces, 2 * nonce_len, - num_elem, addr, len, prk); - if (res < 0) - return -1; - wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)", - prk, hash_len); - - /* HKDF-Expand(PRK, info, L) */ - res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len); - os_memset(prk, 0, hash_len); - if (res < 0) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ke = HKDF-Expand(PRK, info, L)", - ke, hash_len); - return 0; -} - - -static void dpp_build_attr_status(struct wpabuf *msg, - enum dpp_status_error status) +void dpp_build_attr_status(struct wpabuf *msg, enum dpp_status_error status) { wpa_printf(MSG_DEBUG, "DPP: Status %d", status); wpabuf_put_le16(msg, DPP_ATTR_STATUS); @@ -1642,8 +437,7 @@ static void dpp_build_attr_status(struct wpabuf *msg, } -static void dpp_build_attr_r_bootstrap_key_hash(struct wpabuf *msg, - const u8 *hash) +void dpp_build_attr_r_bootstrap_key_hash(struct wpabuf *msg, const u8 *hash) { if (hash) { wpa_printf(MSG_DEBUG, "DPP: R-Bootstrap Key Hash"); @@ -1654,372 +448,6 @@ static void dpp_build_attr_r_bootstrap_key_hash(struct wpabuf *msg, } -static void dpp_build_attr_i_bootstrap_key_hash(struct wpabuf *msg, - const u8 *hash) -{ - if (hash) { - wpa_printf(MSG_DEBUG, "DPP: I-Bootstrap Key Hash"); - wpabuf_put_le16(msg, DPP_ATTR_I_BOOTSTRAP_KEY_HASH); - wpabuf_put_le16(msg, SHA256_MAC_LEN); - wpabuf_put_data(msg, hash, SHA256_MAC_LEN); - } -} - - -static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth, - const struct wpabuf *pi, - size_t nonce_len, - const u8 *r_pubkey_hash, - const u8 *i_pubkey_hash, - unsigned int neg_freq) -{ - struct wpabuf *msg; - u8 clear[4 + DPP_MAX_NONCE_LEN + 4 + 1]; - u8 wrapped_data[4 + DPP_MAX_NONCE_LEN + 4 + 1 + AES_BLOCK_SIZE]; - u8 *pos; - const u8 *addr[2]; - size_t len[2], siv_len, attr_len; - u8 *attr_start, *attr_end; - - /* Build DPP Authentication Request frame attributes */ - attr_len = 2 * (4 + SHA256_MAC_LEN) + 4 + (pi ? wpabuf_len(pi) : 0) + - 4 + sizeof(wrapped_data); - if (neg_freq > 0) - attr_len += 4 + 2; -#ifdef CONFIG_DPP2 - attr_len += 5; -#endif /* CONFIG_DPP2 */ -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ) - attr_len += 5; -#endif /* CONFIG_TESTING_OPTIONS */ - msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ, attr_len); - if (!msg) - return NULL; - - attr_start = wpabuf_put(msg, 0); - - /* Responder Bootstrapping Key Hash */ - dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash); - - /* Initiator Bootstrapping Key Hash */ - dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash); - - /* Initiator Protocol Key */ - if (pi) { - wpabuf_put_le16(msg, DPP_ATTR_I_PROTOCOL_KEY); - wpabuf_put_le16(msg, wpabuf_len(pi)); - wpabuf_put_buf(msg, pi); - } - - /* Channel */ - if (neg_freq > 0) { - u8 op_class, channel; - - if (ieee80211_freq_to_channel_ext(neg_freq, 0, 0, &op_class, - &channel) == - NUM_HOSTAPD_MODES) { - wpa_printf(MSG_INFO, - "DPP: Unsupported negotiation frequency request: %d", - neg_freq); - wpabuf_free(msg); - return NULL; - } - wpabuf_put_le16(msg, DPP_ATTR_CHANNEL); - wpabuf_put_le16(msg, 2); - wpabuf_put_u8(msg, op_class); - wpabuf_put_u8(msg, channel); - } - -#ifdef CONFIG_DPP2 - /* Protocol Version */ - wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); - wpabuf_put_le16(msg, 1); - wpabuf_put_u8(msg, 2); -#endif /* CONFIG_DPP2 */ - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data"); - goto skip_wrapped_data; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Wrapped data ({I-nonce, I-capabilities}k1) */ - pos = clear; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce"); - goto skip_i_nonce; - } - if (dpp_test == DPP_TEST_INVALID_I_NONCE_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid I-nonce"); - WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE); - pos += 2; - WPA_PUT_LE16(pos, nonce_len - 1); - pos += 2; - os_memcpy(pos, auth->i_nonce, nonce_len - 1); - pos += nonce_len - 1; - goto skip_i_nonce; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* I-nonce */ - WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE); - pos += 2; - WPA_PUT_LE16(pos, nonce_len); - pos += 2; - os_memcpy(pos, auth->i_nonce, nonce_len); - pos += nonce_len; - -#ifdef CONFIG_TESTING_OPTIONS -skip_i_nonce: - if (dpp_test == DPP_TEST_NO_I_CAPAB_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-capab"); - goto skip_i_capab; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* I-capabilities */ - WPA_PUT_LE16(pos, DPP_ATTR_I_CAPABILITIES); - pos += 2; - WPA_PUT_LE16(pos, 1); - pos += 2; - auth->i_capab = auth->allowed_roles; - *pos++ = auth->i_capab; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_ZERO_I_CAPAB) { - wpa_printf(MSG_INFO, "DPP: TESTING - zero I-capabilities"); - pos[-1] = 0; - } -skip_i_capab: -#endif /* CONFIG_TESTING_OPTIONS */ - - attr_end = wpabuf_put(msg, 0); - - /* OUI, OUI type, Crypto Suite, DPP frame type */ - addr[0] = wpabuf_head_u8(msg) + 2; - len[0] = 3 + 1 + 1 + 1; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - - /* Attributes before Wrapped Data */ - addr[1] = attr_start; - len[1] = attr_end - attr_start; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - siv_len = pos - clear; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len); - if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len, - 2, addr, len, wrapped_data) < 0) { - wpabuf_free(msg); - return NULL; - } - siv_len += AES_BLOCK_SIZE; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, siv_len); - - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, siv_len); - wpabuf_put_data(msg, wrapped_data, siv_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data"); - dpp_build_attr_status(msg, DPP_STATUS_OK); - } -skip_wrapped_data: -#endif /* CONFIG_TESTING_OPTIONS */ - - wpa_hexdump_buf(MSG_DEBUG, - "DPP: Authentication Request frame attributes", msg); - - return msg; -} - - -static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth, - enum dpp_status_error status, - const struct wpabuf *pr, - size_t nonce_len, - const u8 *r_pubkey_hash, - const u8 *i_pubkey_hash, - const u8 *r_nonce, const u8 *i_nonce, - const u8 *wrapped_r_auth, - size_t wrapped_r_auth_len, - const u8 *siv_key) -{ - struct wpabuf *msg; -#define DPP_AUTH_RESP_CLEAR_LEN 2 * (4 + DPP_MAX_NONCE_LEN) + 4 + 1 + \ - 4 + 4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE - u8 clear[DPP_AUTH_RESP_CLEAR_LEN]; - u8 wrapped_data[DPP_AUTH_RESP_CLEAR_LEN + AES_BLOCK_SIZE]; - const u8 *addr[2]; - size_t len[2], siv_len, attr_len; - u8 *attr_start, *attr_end, *pos; - - auth->waiting_auth_conf = 1; - auth->auth_resp_tries = 0; - - /* Build DPP Authentication Response frame attributes */ - attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) + - 4 + (pr ? wpabuf_len(pr) : 0) + 4 + sizeof(wrapped_data); -#ifdef CONFIG_DPP2 - attr_len += 5; -#endif /* CONFIG_DPP2 */ -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP) - attr_len += 5; -#endif /* CONFIG_TESTING_OPTIONS */ - msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP, attr_len); - if (!msg) - return NULL; - - attr_start = wpabuf_put(msg, 0); - - /* DPP Status */ - if (status != 255) - dpp_build_attr_status(msg, status); - - /* Responder Bootstrapping Key Hash */ - dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash); - - /* Initiator Bootstrapping Key Hash (mutual authentication) */ - dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash); - - /* Responder Protocol Key */ - if (pr) { - wpabuf_put_le16(msg, DPP_ATTR_R_PROTOCOL_KEY); - wpabuf_put_le16(msg, wpabuf_len(pr)); - wpabuf_put_buf(msg, pr); - } - -#ifdef CONFIG_DPP2 - /* Protocol Version */ - wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); - wpabuf_put_le16(msg, 1); - wpabuf_put_u8(msg, 2); -#endif /* CONFIG_DPP2 */ - - attr_end = wpabuf_put(msg, 0); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data"); - goto skip_wrapped_data; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */ - pos = clear; - - if (r_nonce) { - /* R-nonce */ - WPA_PUT_LE16(pos, DPP_ATTR_R_NONCE); - pos += 2; - WPA_PUT_LE16(pos, nonce_len); - pos += 2; - os_memcpy(pos, r_nonce, nonce_len); - pos += nonce_len; - } - - if (i_nonce) { - /* I-nonce */ - WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE); - pos += 2; - WPA_PUT_LE16(pos, nonce_len); - pos += 2; - os_memcpy(pos, i_nonce, nonce_len); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - I-nonce mismatch"); - pos[nonce_len / 2] ^= 0x01; - } -#endif /* CONFIG_TESTING_OPTIONS */ - pos += nonce_len; - } - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_R_CAPAB_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-capab"); - goto skip_r_capab; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* R-capabilities */ - WPA_PUT_LE16(pos, DPP_ATTR_R_CAPABILITIES); - pos += 2; - WPA_PUT_LE16(pos, 1); - pos += 2; - auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR : - DPP_CAPAB_ENROLLEE; - *pos++ = auth->r_capab; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_ZERO_R_CAPAB) { - wpa_printf(MSG_INFO, "DPP: TESTING - zero R-capabilities"); - pos[-1] = 0; - } else if (dpp_test == DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - incompatible R-capabilities"); - if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) == - (DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE)) - pos[-1] = 0; - else - pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE : - DPP_CAPAB_CONFIGURATOR; - } -skip_r_capab: -#endif /* CONFIG_TESTING_OPTIONS */ - - if (wrapped_r_auth) { - /* {R-auth}ke */ - WPA_PUT_LE16(pos, DPP_ATTR_WRAPPED_DATA); - pos += 2; - WPA_PUT_LE16(pos, wrapped_r_auth_len); - pos += 2; - os_memcpy(pos, wrapped_r_auth, wrapped_r_auth_len); - pos += wrapped_r_auth_len; - } - - /* OUI, OUI type, Crypto Suite, DPP frame type */ - addr[0] = wpabuf_head_u8(msg) + 2; - len[0] = 3 + 1 + 1 + 1; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - - /* Attributes before Wrapped Data */ - addr[1] = attr_start; - len[1] = attr_end - attr_start; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - siv_len = pos - clear; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len); - if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len, - 2, addr, len, wrapped_data) < 0) { - wpabuf_free(msg); - return NULL; - } - siv_len += AES_BLOCK_SIZE; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, siv_len); - - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, siv_len); - wpabuf_put_data(msg, wrapped_data, siv_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data"); - dpp_build_attr_status(msg, DPP_STATUS_OK); - } -skip_wrapped_data: -#endif /* CONFIG_TESTING_OPTIONS */ - - wpa_hexdump_buf(MSG_DEBUG, - "DPP: Authentication Response frame attributes", msg); - return msg; -} - - static int dpp_channel_ok_init(struct hostapd_hw_modes *own_modes, u16 num_modes, unsigned int freq) { @@ -2138,14 +566,23 @@ static int dpp_channel_local_list(struct dpp_authentication *auth, } -static int dpp_prepare_channel_list(struct dpp_authentication *auth, - struct hostapd_hw_modes *own_modes, - u16 num_modes) +int dpp_prepare_channel_list(struct dpp_authentication *auth, + unsigned int neg_freq, + struct hostapd_hw_modes *own_modes, u16 num_modes) { int res; char freqs[DPP_BOOTSTRAP_MAX_FREQ * 6 + 10], *pos, *end; unsigned int i; + if (!own_modes) { + if (!neg_freq) + return -1; + auth->num_freq = 1; + auth->freq[0] = neg_freq; + auth->curr_freq = neg_freq; + return 0; + } + if (auth->peer_bi->num_freq > 0) res = dpp_channel_intersect(auth, own_modes, num_modes); else @@ -2178,183 +615,55 @@ static int dpp_prepare_channel_list(struct dpp_authentication *auth, } -static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth) +int dpp_gen_uri(struct dpp_bootstrap_info *bi) { - struct dpp_bootstrap_info *bi; - char *pk = NULL; + char macstr[ETH_ALEN * 2 + 10]; size_t len; - if (auth->own_bi) - return 0; /* already generated */ - - bi = os_zalloc(sizeof(*bi)); - if (!bi) - return -1; - bi->type = DPP_BOOTSTRAP_QR_CODE; - pk = dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0); - if (!pk) - goto fail; - len = 4; /* "DPP:" */ - len += 4 + os_strlen(pk); + if (bi->chan) + len += 3 + os_strlen(bi->chan); /* C:...; */ + if (is_zero_ether_addr(bi->mac_addr)) + macstr[0] = '\0'; + else + os_snprintf(macstr, sizeof(macstr), "M:" COMPACT_MACSTR ";", + MAC2STR(bi->mac_addr)); + len += os_strlen(macstr); /* M:...; */ + if (bi->info) + len += 3 + os_strlen(bi->info); /* I:...; */ +#ifdef CONFIG_DPP2 + len += 4; /* V:2; */ +#endif /* CONFIG_DPP2 */ + len += 4 + os_strlen(bi->pk); /* K:...;; */ + + os_free(bi->uri); bi->uri = os_malloc(len + 1); if (!bi->uri) - goto fail; - os_snprintf(bi->uri, len + 1, "DPP:K:%s;;", pk); - wpa_printf(MSG_DEBUG, - "DPP: Auto-generated own bootstrapping key info: URI %s", - bi->uri); - - auth->tmp_own_bi = auth->own_bi = bi; - - os_free(pk); - + return -1; + os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%sK:%s;;", + bi->chan ? "C:" : "", bi->chan ? bi->chan : "", + bi->chan ? ";" : "", + macstr, + bi->info ? "I:" : "", bi->info ? bi->info : "", + bi->info ? ";" : "", + DPP_VERSION == 2 ? "V:2;" : "", + bi->pk); return 0; -fail: - os_free(pk); - dpp_bootstrap_info_free(bi); - return -1; } -struct dpp_authentication * dpp_auth_init(void *msg_ctx, - struct dpp_bootstrap_info *peer_bi, - struct dpp_bootstrap_info *own_bi, - u8 dpp_allowed_roles, - unsigned int neg_freq, - struct hostapd_hw_modes *own_modes, - u16 num_modes) +struct dpp_authentication * +dpp_alloc_auth(struct dpp_global *dpp, void *msg_ctx) { struct dpp_authentication *auth; - size_t nonce_len; - size_t secret_len; - struct wpabuf *pi = NULL; - const u8 *r_pubkey_hash, *i_pubkey_hash; -#ifdef CONFIG_TESTING_OPTIONS - u8 test_hash[SHA256_MAC_LEN]; -#endif /* CONFIG_TESTING_OPTIONS */ auth = os_zalloc(sizeof(*auth)); if (!auth) return NULL; + auth->global = dpp; auth->msg_ctx = msg_ctx; - auth->initiator = 1; - auth->waiting_auth_resp = 1; - auth->allowed_roles = dpp_allowed_roles; - auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR); - auth->peer_bi = peer_bi; - auth->own_bi = own_bi; - auth->curve = peer_bi->curve; - - if (dpp_autogen_bootstrap_key(auth) < 0 || - dpp_prepare_channel_list(auth, own_modes, num_modes) < 0) - goto fail; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_nonce_override_len > 0) { - wpa_printf(MSG_INFO, "DPP: TESTING - override I-nonce"); - nonce_len = dpp_nonce_override_len; - os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len); - } else { - nonce_len = auth->curve->nonce_len; - if (random_get_bytes(auth->i_nonce, nonce_len)) { - wpa_printf(MSG_ERROR, - "DPP: Failed to generate I-nonce"); - goto fail; - } - } -#else /* CONFIG_TESTING_OPTIONS */ - nonce_len = auth->curve->nonce_len; - if (random_get_bytes(auth->i_nonce, nonce_len)) { - wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce"); - goto fail; - } -#endif /* CONFIG_TESTING_OPTIONS */ - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_protocol_key_override_len) { - const struct dpp_curve_params *tmp_curve; - - wpa_printf(MSG_INFO, - "DPP: TESTING - override protocol key"); - auth->own_protocol_key = dpp_set_keypair( - &tmp_curve, dpp_protocol_key_override, - dpp_protocol_key_override_len); - } else { - auth->own_protocol_key = dpp_gen_keypair(auth->curve); - } -#else /* CONFIG_TESTING_OPTIONS */ - auth->own_protocol_key = dpp_gen_keypair(auth->curve); -#endif /* CONFIG_TESTING_OPTIONS */ - if (!auth->own_protocol_key) - goto fail; - - pi = dpp_get_pubkey_point(auth->own_protocol_key, 0); - if (!pi) - goto fail; - - /* ECDH: M = pI * BR */ - if (dpp_ecdh(auth->own_protocol_key, auth->peer_bi->pubkey, - auth->Mx, &secret_len) < 0) - goto fail; - auth->secret_len = secret_len; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (M.x)", - auth->Mx, auth->secret_len); - auth->Mx_len = auth->secret_len; - - if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1, - auth->curve->hash_len) < 0) - goto fail; - - r_pubkey_hash = auth->peer_bi->pubkey_hash; - i_pubkey_hash = auth->own_bi->pubkey_hash; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); - r_pubkey_hash = NULL; - } else if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid R-Bootstrap Key Hash"); - os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - r_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); - i_pubkey_hash = NULL; - } else if (dpp_test == DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid I-Bootstrap Key Hash"); - os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - i_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Proto Key"); - wpabuf_free(pi); - pi = NULL; - } else if (dpp_test == DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid I-Proto Key"); - wpabuf_free(pi); - pi = wpabuf_alloc(2 * auth->curve->prime_len); - if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0) - goto fail; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash, - i_pubkey_hash, neg_freq); - if (!auth->req_msg) - goto fail; - -out: - wpabuf_free(pi); + auth->conf_resp_status = 255; return auth; -fail: - dpp_auth_deinit(auth); - auth = NULL; - goto out; } @@ -2376,7 +685,7 @@ static struct wpabuf * dpp_build_conf_req_attr(struct dpp_authentication *auth, } wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", auth->e_nonce, nonce_len); json_len = os_strlen(json); - wpa_hexdump_ascii(MSG_DEBUG, "DPP: configAttr JSON", json, json_len); + wpa_hexdump_ascii(MSG_DEBUG, "DPP: configRequest JSON", json, json_len); /* { E-nonce, configAttrib }ke */ clear_len = 4 + nonce_len + 4 + json_len; @@ -2463,7 +772,7 @@ fail: } -static void dpp_write_adv_proto(struct wpabuf *buf) +void dpp_write_adv_proto(struct wpabuf *buf) { /* Advertisement Protocol IE */ wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO); @@ -2477,7 +786,7 @@ static void dpp_write_adv_proto(struct wpabuf *buf) } -static void dpp_write_gas_query(struct wpabuf *buf, struct wpabuf *query) +void dpp_write_gas_query(struct wpabuf *buf, struct wpabuf *query) { /* GAS Query */ wpabuf_put_le16(buf, wpabuf_len(query)); @@ -2512,1687 +821,80 @@ struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, } -static void dpp_auth_success(struct dpp_authentication *auth) -{ - wpa_printf(MSG_DEBUG, - "DPP: Authentication success - clear temporary keys"); - os_memset(auth->Mx, 0, sizeof(auth->Mx)); - auth->Mx_len = 0; - os_memset(auth->Nx, 0, sizeof(auth->Nx)); - auth->Nx_len = 0; - os_memset(auth->Lx, 0, sizeof(auth->Lx)); - auth->Lx_len = 0; - os_memset(auth->k1, 0, sizeof(auth->k1)); - os_memset(auth->k2, 0, sizeof(auth->k2)); - - auth->auth_success = 1; -} - - -static int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth) -{ - struct wpabuf *pix, *prx, *bix, *brx; - const u8 *addr[7]; - size_t len[7]; - size_t i, num_elem = 0; - size_t nonce_len; - u8 zero = 0; - int res = -1; - - /* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */ - nonce_len = auth->curve->nonce_len; - - if (auth->initiator) { - pix = dpp_get_pubkey_point(auth->own_protocol_key, 0); - prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0); - if (auth->own_bi) - bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0); - else - bix = NULL; - brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0); - } else { - pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0); - prx = dpp_get_pubkey_point(auth->own_protocol_key, 0); - if (auth->peer_bi) - bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0); - else - bix = NULL; - brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0); - } - if (!pix || !prx || !brx) - goto fail; - - addr[num_elem] = auth->i_nonce; - len[num_elem] = nonce_len; - num_elem++; - - addr[num_elem] = auth->r_nonce; - len[num_elem] = nonce_len; - num_elem++; - - addr[num_elem] = wpabuf_head(pix); - len[num_elem] = wpabuf_len(pix) / 2; - num_elem++; - - addr[num_elem] = wpabuf_head(prx); - len[num_elem] = wpabuf_len(prx) / 2; - num_elem++; - - if (bix) { - addr[num_elem] = wpabuf_head(bix); - len[num_elem] = wpabuf_len(bix) / 2; - num_elem++; - } - - addr[num_elem] = wpabuf_head(brx); - len[num_elem] = wpabuf_len(brx) / 2; - num_elem++; - - addr[num_elem] = &zero; - len[num_elem] = 1; - num_elem++; - - wpa_printf(MSG_DEBUG, "DPP: R-auth hash components"); - for (i = 0; i < num_elem; i++) - wpa_hexdump(MSG_DEBUG, "DPP: hash component", addr[i], len[i]); - res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth); - if (res == 0) - wpa_hexdump(MSG_DEBUG, "DPP: R-auth", r_auth, - auth->curve->hash_len); -fail: - wpabuf_free(pix); - wpabuf_free(prx); - wpabuf_free(bix); - wpabuf_free(brx); - return res; -} - - -static int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth) -{ - struct wpabuf *pix = NULL, *prx = NULL, *bix = NULL, *brx = NULL; - const u8 *addr[7]; - size_t len[7]; - size_t i, num_elem = 0; - size_t nonce_len; - u8 one = 1; - int res = -1; - - /* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */ - nonce_len = auth->curve->nonce_len; - - if (auth->initiator) { - pix = dpp_get_pubkey_point(auth->own_protocol_key, 0); - prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0); - if (auth->own_bi) - bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0); - else - bix = NULL; - if (!auth->peer_bi) - goto fail; - brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0); - } else { - pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0); - prx = dpp_get_pubkey_point(auth->own_protocol_key, 0); - if (auth->peer_bi) - bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0); - else - bix = NULL; - if (!auth->own_bi) - goto fail; - brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0); - } - if (!pix || !prx || !brx) - goto fail; - - addr[num_elem] = auth->r_nonce; - len[num_elem] = nonce_len; - num_elem++; - - addr[num_elem] = auth->i_nonce; - len[num_elem] = nonce_len; - num_elem++; - - addr[num_elem] = wpabuf_head(prx); - len[num_elem] = wpabuf_len(prx) / 2; - num_elem++; - - addr[num_elem] = wpabuf_head(pix); - len[num_elem] = wpabuf_len(pix) / 2; - num_elem++; - - addr[num_elem] = wpabuf_head(brx); - len[num_elem] = wpabuf_len(brx) / 2; - num_elem++; - - if (bix) { - addr[num_elem] = wpabuf_head(bix); - len[num_elem] = wpabuf_len(bix) / 2; - num_elem++; - } - - addr[num_elem] = &one; - len[num_elem] = 1; - num_elem++; - - wpa_printf(MSG_DEBUG, "DPP: I-auth hash components"); - for (i = 0; i < num_elem; i++) - wpa_hexdump(MSG_DEBUG, "DPP: hash component", addr[i], len[i]); - res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth); - if (res == 0) - wpa_hexdump(MSG_DEBUG, "DPP: I-auth", i_auth, - auth->curve->hash_len); -fail: - wpabuf_free(pix); - wpabuf_free(prx); - wpabuf_free(bix); - wpabuf_free(brx); - return res; -} - - -static int dpp_auth_derive_l_responder(struct dpp_authentication *auth) -{ - const EC_GROUP *group; - EC_POINT *l = NULL; - EC_KEY *BI = NULL, *bR = NULL, *pR = NULL; - const EC_POINT *BI_point; - BN_CTX *bnctx; - BIGNUM *lx, *sum, *q; - const BIGNUM *bR_bn, *pR_bn; - int ret = -1; - - /* L = ((bR + pR) modulo q) * BI */ - - bnctx = BN_CTX_new(); - sum = BN_new(); - q = BN_new(); - lx = BN_new(); - if (!bnctx || !sum || !q || !lx) - goto fail; - BI = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey); - if (!BI) - goto fail; - BI_point = EC_KEY_get0_public_key(BI); - group = EC_KEY_get0_group(BI); - if (!group) - goto fail; - - bR = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey); - pR = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key); - if (!bR || !pR) - goto fail; - bR_bn = EC_KEY_get0_private_key(bR); - pR_bn = EC_KEY_get0_private_key(pR); - if (!bR_bn || !pR_bn) - goto fail; - if (EC_GROUP_get_order(group, q, bnctx) != 1 || - BN_mod_add(sum, bR_bn, pR_bn, q, bnctx) != 1) - goto fail; - l = EC_POINT_new(group); - if (!l || - EC_POINT_mul(group, l, NULL, BI_point, sum, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL, - bnctx) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0) - goto fail; - wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len); - auth->Lx_len = auth->secret_len; - ret = 0; -fail: - EC_POINT_clear_free(l); - EC_KEY_free(BI); - EC_KEY_free(bR); - EC_KEY_free(pR); - BN_clear_free(lx); - BN_clear_free(sum); - BN_free(q); - BN_CTX_free(bnctx); - return ret; -} - - -static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth) -{ - const EC_GROUP *group; - EC_POINT *l = NULL, *sum = NULL; - EC_KEY *bI = NULL, *BR = NULL, *PR = NULL; - const EC_POINT *BR_point, *PR_point; - BN_CTX *bnctx; - BIGNUM *lx; - const BIGNUM *bI_bn; - int ret = -1; - - /* L = bI * (BR + PR) */ - - bnctx = BN_CTX_new(); - lx = BN_new(); - if (!bnctx || !lx) - goto fail; - BR = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey); - PR = EVP_PKEY_get1_EC_KEY(auth->peer_protocol_key); - if (!BR || !PR) - goto fail; - BR_point = EC_KEY_get0_public_key(BR); - PR_point = EC_KEY_get0_public_key(PR); - - bI = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey); - if (!bI) - goto fail; - group = EC_KEY_get0_group(bI); - bI_bn = EC_KEY_get0_private_key(bI); - if (!group || !bI_bn) - goto fail; - sum = EC_POINT_new(group); - l = EC_POINT_new(group); - if (!sum || !l || - EC_POINT_add(group, sum, BR_point, PR_point, bnctx) != 1 || - EC_POINT_mul(group, l, NULL, sum, bI_bn, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL, - bnctx) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0) - goto fail; - wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len); - auth->Lx_len = auth->secret_len; - ret = 0; -fail: - EC_POINT_clear_free(l); - EC_POINT_clear_free(sum); - EC_KEY_free(bI); - EC_KEY_free(BR); - EC_KEY_free(PR); - BN_clear_free(lx); - BN_CTX_free(bnctx); - return ret; -} - - -static int dpp_auth_build_resp_ok(struct dpp_authentication *auth) -{ - size_t nonce_len; - size_t secret_len; - struct wpabuf *msg, *pr = NULL; - u8 r_auth[4 + DPP_MAX_HASH_LEN]; - u8 wrapped_r_auth[4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE], *w_r_auth; - size_t wrapped_r_auth_len; - int ret = -1; - const u8 *r_pubkey_hash, *i_pubkey_hash, *r_nonce, *i_nonce; - enum dpp_status_error status = DPP_STATUS_OK; -#ifdef CONFIG_TESTING_OPTIONS - u8 test_hash[SHA256_MAC_LEN]; -#endif /* CONFIG_TESTING_OPTIONS */ - - wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response"); - if (!auth->own_bi) - return -1; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_nonce_override_len > 0) { - wpa_printf(MSG_INFO, "DPP: TESTING - override R-nonce"); - nonce_len = dpp_nonce_override_len; - os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len); - } else { - nonce_len = auth->curve->nonce_len; - if (random_get_bytes(auth->r_nonce, nonce_len)) { - wpa_printf(MSG_ERROR, - "DPP: Failed to generate R-nonce"); - goto fail; - } - } -#else /* CONFIG_TESTING_OPTIONS */ - nonce_len = auth->curve->nonce_len; - if (random_get_bytes(auth->r_nonce, nonce_len)) { - wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce"); - goto fail; - } -#endif /* CONFIG_TESTING_OPTIONS */ - wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len); - - EVP_PKEY_free(auth->own_protocol_key); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_protocol_key_override_len) { - const struct dpp_curve_params *tmp_curve; - - wpa_printf(MSG_INFO, - "DPP: TESTING - override protocol key"); - auth->own_protocol_key = dpp_set_keypair( - &tmp_curve, dpp_protocol_key_override, - dpp_protocol_key_override_len); - } else { - auth->own_protocol_key = dpp_gen_keypair(auth->curve); - } -#else /* CONFIG_TESTING_OPTIONS */ - auth->own_protocol_key = dpp_gen_keypair(auth->curve); -#endif /* CONFIG_TESTING_OPTIONS */ - if (!auth->own_protocol_key) - goto fail; - - pr = dpp_get_pubkey_point(auth->own_protocol_key, 0); - if (!pr) - goto fail; - - /* ECDH: N = pR * PI */ - if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key, - auth->Nx, &secret_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (N.x)", - auth->Nx, auth->secret_len); - auth->Nx_len = auth->secret_len; - - if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2, - auth->curve->hash_len) < 0) - goto fail; - - if (auth->own_bi && auth->peer_bi) { - /* Mutual authentication */ - if (dpp_auth_derive_l_responder(auth) < 0) - goto fail; - } - - if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0) - goto fail; - - /* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */ - WPA_PUT_LE16(r_auth, DPP_ATTR_R_AUTH_TAG); - WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len); - if (dpp_gen_r_auth(auth, r_auth + 4) < 0) - goto fail; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch"); - r_auth[4 + auth->curve->hash_len / 2] ^= 0x01; - } -#endif /* CONFIG_TESTING_OPTIONS */ - if (aes_siv_encrypt(auth->ke, auth->curve->hash_len, - r_auth, 4 + auth->curve->hash_len, - 0, NULL, NULL, wrapped_r_auth) < 0) - goto fail; - wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE; - wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke", - wrapped_r_auth, wrapped_r_auth_len); - w_r_auth = wrapped_r_auth; - - r_pubkey_hash = auth->own_bi->pubkey_hash; - if (auth->peer_bi) - i_pubkey_hash = auth->peer_bi->pubkey_hash; - else - i_pubkey_hash = NULL; - - i_nonce = auth->i_nonce; - r_nonce = auth->r_nonce; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); - r_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid R-Bootstrap Key Hash"); - os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - r_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); - i_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid I-Bootstrap Key Hash"); - if (i_pubkey_hash) - os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); - else - os_memset(test_hash, 0, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - i_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Proto Key"); - wpabuf_free(pr); - pr = NULL; - } else if (dpp_test == DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid R-Proto Key"); - wpabuf_free(pr); - pr = wpabuf_alloc(2 * auth->curve->prime_len); - if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0) - goto fail; - } else if (dpp_test == DPP_TEST_NO_R_AUTH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth"); - w_r_auth = NULL; - wrapped_r_auth_len = 0; - } else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); - status = 255; - } else if (dpp_test == DPP_TEST_INVALID_STATUS_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status"); - status = 254; - } else if (dpp_test == DPP_TEST_NO_R_NONCE_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-nonce"); - r_nonce = NULL; - } else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce"); - i_nonce = NULL; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - msg = dpp_auth_build_resp(auth, status, pr, nonce_len, - r_pubkey_hash, i_pubkey_hash, - r_nonce, i_nonce, - w_r_auth, wrapped_r_auth_len, - auth->k2); - if (!msg) - goto fail; - wpabuf_free(auth->resp_msg); - auth->resp_msg = msg; - ret = 0; -fail: - wpabuf_free(pr); - return ret; -} - - -static int dpp_auth_build_resp_status(struct dpp_authentication *auth, - enum dpp_status_error status) -{ - struct wpabuf *msg; - const u8 *r_pubkey_hash, *i_pubkey_hash, *i_nonce; -#ifdef CONFIG_TESTING_OPTIONS - u8 test_hash[SHA256_MAC_LEN]; -#endif /* CONFIG_TESTING_OPTIONS */ - - if (!auth->own_bi) - return -1; - wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response"); - - r_pubkey_hash = auth->own_bi->pubkey_hash; - if (auth->peer_bi) - i_pubkey_hash = auth->peer_bi->pubkey_hash; - else - i_pubkey_hash = NULL; - - i_nonce = auth->i_nonce; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); - r_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid R-Bootstrap Key Hash"); - os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - r_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); - i_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid I-Bootstrap Key Hash"); - if (i_pubkey_hash) - os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); - else - os_memset(test_hash, 0, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - i_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); - status = 255; - } else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce"); - i_nonce = NULL; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len, - r_pubkey_hash, i_pubkey_hash, - NULL, i_nonce, NULL, 0, auth->k1); - if (!msg) - return -1; - wpabuf_free(auth->resp_msg); - auth->resp_msg = msg; - return 0; -} - - -struct dpp_authentication * -dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, - struct dpp_bootstrap_info *peer_bi, - struct dpp_bootstrap_info *own_bi, - unsigned int freq, const u8 *hdr, const u8 *attr_start, - size_t attr_len) -{ - EVP_PKEY *pi = NULL; - EVP_PKEY_CTX *ctx = NULL; - size_t secret_len; - const u8 *addr[2]; - size_t len[2]; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - const u8 *wrapped_data, *i_proto, *i_nonce, *i_capab, *i_bootstrap, - *channel; - u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len, - i_bootstrap_len, channel_len; - struct dpp_authentication *auth = NULL; -#ifdef CONFIG_DPP2 - const u8 *version; - u16 version_len; -#endif /* CONFIG_DPP2 */ - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_AUTH_REQ) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at Authentication Request"); - return NULL; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Missing or invalid required Wrapped Data attribute"); - return NULL; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped Data", - wrapped_data, wrapped_data_len); - attr_len = wrapped_data - 4 - attr_start; - - auth = os_zalloc(sizeof(*auth)); - if (!auth) - goto fail; - auth->msg_ctx = msg_ctx; - auth->peer_bi = peer_bi; - auth->own_bi = own_bi; - auth->curve = own_bi->curve; - auth->curr_freq = freq; - - auth->peer_version = 1; /* default to the first version */ -#ifdef CONFIG_DPP2 - version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION, - &version_len); - if (version) { - if (version_len < 1 || version[0] == 0) { - dpp_auth_fail(auth, - "Invalid Protocol Version attribute"); - goto fail; - } - auth->peer_version = version[0]; - wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", - auth->peer_version); - } -#endif /* CONFIG_DPP2 */ - - channel = dpp_get_attr(attr_start, attr_len, DPP_ATTR_CHANNEL, - &channel_len); - if (channel) { - int neg_freq; - - if (channel_len < 2) { - dpp_auth_fail(auth, "Too short Channel attribute"); - goto fail; - } - - neg_freq = ieee80211_chan_to_freq(NULL, channel[0], channel[1]); - wpa_printf(MSG_DEBUG, - "DPP: Initiator requested different channel for negotiation: op_class=%u channel=%u --> freq=%d", - channel[0], channel[1], neg_freq); - if (neg_freq < 0) { - dpp_auth_fail(auth, - "Unsupported Channel attribute value"); - goto fail; - } - - if (auth->curr_freq != (unsigned int) neg_freq) { - wpa_printf(MSG_DEBUG, - "DPP: Changing negotiation channel from %u MHz to %u MHz", - freq, neg_freq); - auth->curr_freq = neg_freq; - } - } - - i_proto = dpp_get_attr(attr_start, attr_len, DPP_ATTR_I_PROTOCOL_KEY, - &i_proto_len); - if (!i_proto) { - dpp_auth_fail(auth, - "Missing required Initiator Protocol Key attribute"); - goto fail; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Protocol Key", - i_proto, i_proto_len); - - /* M = bR * PI */ - pi = dpp_set_pubkey_point(own_bi->pubkey, i_proto, i_proto_len); - if (!pi) { - dpp_auth_fail(auth, "Invalid Initiator Protocol Key"); - goto fail; - } - dpp_debug_print_key("Peer (Initiator) Protocol Key", pi); - - if (dpp_ecdh(own_bi->pubkey, pi, auth->Mx, &secret_len) < 0) - goto fail; - auth->secret_len = secret_len; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (M.x)", - auth->Mx, auth->secret_len); - auth->Mx_len = auth->secret_len; - - if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1, - auth->curve->hash_len) < 0) - goto fail; - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - addr[1] = attr_start; - len[1] = attr_len; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - goto fail; - if (aes_siv_decrypt(auth->k1, auth->curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); - goto fail; - } - - i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "Missing or invalid I-nonce"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); - os_memcpy(auth->i_nonce, i_nonce, i_nonce_len); - - i_capab = dpp_get_attr(unwrapped, unwrapped_len, - DPP_ATTR_I_CAPABILITIES, - &i_capab_len); - if (!i_capab || i_capab_len < 1) { - dpp_auth_fail(auth, "Missing or invalid I-capabilities"); - goto fail; - } - auth->i_capab = i_capab[0]; - wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab); - - bin_clear_free(unwrapped, unwrapped_len); - unwrapped = NULL; - - switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) { - case DPP_CAPAB_ENROLLEE: - if (!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR)) { - wpa_printf(MSG_DEBUG, - "DPP: Local policy does not allow Configurator role"); - goto not_compatible; - } - wpa_printf(MSG_DEBUG, "DPP: Acting as Configurator"); - auth->configurator = 1; - break; - case DPP_CAPAB_CONFIGURATOR: - if (!(dpp_allowed_roles & DPP_CAPAB_ENROLLEE)) { - wpa_printf(MSG_DEBUG, - "DPP: Local policy does not allow Enrollee role"); - goto not_compatible; - } - wpa_printf(MSG_DEBUG, "DPP: Acting as Enrollee"); - auth->configurator = 0; - break; - case DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE: - if (dpp_allowed_roles & DPP_CAPAB_ENROLLEE) { - wpa_printf(MSG_DEBUG, "DPP: Acting as Enrollee"); - auth->configurator = 0; - } else if (dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR) { - wpa_printf(MSG_DEBUG, "DPP: Acting as Configurator"); - auth->configurator = 1; - } else { - wpa_printf(MSG_DEBUG, - "DPP: Local policy does not allow Configurator/Enrollee role"); - goto not_compatible; - } - break; - default: - wpa_printf(MSG_DEBUG, "DPP: Unexpected role in I-capabilities"); - wpa_msg(auth->msg_ctx, MSG_INFO, - DPP_EVENT_FAIL "Invalid role in I-capabilities 0x%02x", - auth->i_capab & DPP_CAPAB_ROLE_MASK); - goto fail; - } - - auth->peer_protocol_key = pi; - pi = NULL; - if (qr_mutual && !peer_bi && own_bi->type == DPP_BOOTSTRAP_QR_CODE) { - char hex[SHA256_MAC_LEN * 2 + 1]; - - wpa_printf(MSG_DEBUG, - "DPP: Mutual authentication required with QR Codes, but peer info is not yet available - request more time"); - if (dpp_auth_build_resp_status(auth, - DPP_STATUS_RESPONSE_PENDING) < 0) - goto fail; - i_bootstrap = dpp_get_attr(attr_start, attr_len, - DPP_ATTR_I_BOOTSTRAP_KEY_HASH, - &i_bootstrap_len); - if (i_bootstrap && i_bootstrap_len == SHA256_MAC_LEN) { - auth->response_pending = 1; - os_memcpy(auth->waiting_pubkey_hash, - i_bootstrap, i_bootstrap_len); - wpa_snprintf_hex(hex, sizeof(hex), i_bootstrap, - i_bootstrap_len); - } else { - hex[0] = '\0'; - } - - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE - "%s", hex); - return auth; - } - if (dpp_auth_build_resp_ok(auth) < 0) - goto fail; - - return auth; - -not_compatible: - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE - "i-capab=0x%02x", auth->i_capab); - if (dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR) - auth->configurator = 1; - else - auth->configurator = 0; - auth->peer_protocol_key = pi; - pi = NULL; - if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0) - goto fail; - - auth->remove_on_tx_status = 1; - return auth; -fail: - bin_clear_free(unwrapped, unwrapped_len); - EVP_PKEY_free(pi); - EVP_PKEY_CTX_free(ctx); - dpp_auth_deinit(auth); - return NULL; -} - - -int dpp_notify_new_qr_code(struct dpp_authentication *auth, - struct dpp_bootstrap_info *peer_bi) -{ - if (!auth || !auth->response_pending || - os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash, - SHA256_MAC_LEN) != 0) - return 0; - - wpa_printf(MSG_DEBUG, - "DPP: New scanned QR Code has matching public key that was needed to continue DPP Authentication exchange with " - MACSTR, MAC2STR(auth->peer_mac_addr)); - auth->peer_bi = peer_bi; - - if (dpp_auth_build_resp_ok(auth) < 0) - return -1; - - return 1; -} - - -static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth, - enum dpp_status_error status) +struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, + const char *name, + enum dpp_netrole netrole, + const char *mud_url, int *opclasses) { - struct wpabuf *msg; - u8 i_auth[4 + DPP_MAX_HASH_LEN]; - size_t i_auth_len; - u8 r_nonce[4 + DPP_MAX_NONCE_LEN]; - size_t r_nonce_len; - const u8 *addr[2]; - size_t len[2], attr_len; - u8 *wrapped_i_auth; - u8 *wrapped_r_nonce; - u8 *attr_start, *attr_end; - const u8 *r_pubkey_hash, *i_pubkey_hash; -#ifdef CONFIG_TESTING_OPTIONS - u8 test_hash[SHA256_MAC_LEN]; -#endif /* CONFIG_TESTING_OPTIONS */ - - wpa_printf(MSG_DEBUG, "DPP: Build Authentication Confirmation"); - - i_auth_len = 4 + auth->curve->hash_len; - r_nonce_len = 4 + auth->curve->nonce_len; - /* Build DPP Authentication Confirmation frame attributes */ - attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) + - 4 + i_auth_len + r_nonce_len + AES_BLOCK_SIZE; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF) - attr_len += 5; -#endif /* CONFIG_TESTING_OPTIONS */ - msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, attr_len); - if (!msg) - goto fail; - - attr_start = wpabuf_put(msg, 0); - - r_pubkey_hash = auth->peer_bi->pubkey_hash; - if (auth->own_bi) - i_pubkey_hash = auth->own_bi->pubkey_hash; - else - i_pubkey_hash = NULL; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_STATUS_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); - goto skip_status; - } else if (dpp_test == DPP_TEST_INVALID_STATUS_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status"); - status = 254; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* DPP Status */ - dpp_build_attr_status(msg, status); - -#ifdef CONFIG_TESTING_OPTIONS -skip_status: - if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); - r_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid R-Bootstrap Key Hash"); - os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - r_pubkey_hash = test_hash; - } else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); - i_pubkey_hash = NULL; - } else if (dpp_test == - DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) { - wpa_printf(MSG_INFO, - "DPP: TESTING - invalid I-Bootstrap Key Hash"); - if (i_pubkey_hash) - os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); - else - os_memset(test_hash, 0, SHA256_MAC_LEN); - test_hash[SHA256_MAC_LEN - 1] ^= 0x01; - i_pubkey_hash = test_hash; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Responder Bootstrapping Key Hash */ - dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash); - - /* Initiator Bootstrapping Key Hash (mutual authentication) */ - dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF) - goto skip_wrapped_data; - if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF) - i_auth_len = 0; -#endif /* CONFIG_TESTING_OPTIONS */ - - attr_end = wpabuf_put(msg, 0); - - /* OUI, OUI type, Crypto Suite, DPP frame type */ - addr[0] = wpabuf_head_u8(msg) + 2; - len[0] = 3 + 1 + 1 + 1; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - - /* Attributes before Wrapped Data */ - addr[1] = attr_start; - len[1] = attr_end - attr_start; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - if (status == DPP_STATUS_OK) { - /* I-auth wrapped with ke */ - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, i_auth_len + AES_BLOCK_SIZE); - wrapped_i_auth = wpabuf_put(msg, i_auth_len + AES_BLOCK_SIZE); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF) - goto skip_i_auth; -#endif /* CONFIG_TESTING_OPTIONS */ - - /* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] - * 1) */ - WPA_PUT_LE16(i_auth, DPP_ATTR_I_AUTH_TAG); - WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len); - if (dpp_gen_i_auth(auth, i_auth + 4) < 0) - goto fail; + size_t len, name_len; + const char *tech = "infra"; + const char *dpp_name; + struct wpabuf *buf, *json; + char *csr = NULL; #ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch"); - i_auth[4 + auth->curve->hash_len / 2] ^= 0x01; - } -skip_i_auth: -#endif /* CONFIG_TESTING_OPTIONS */ - if (aes_siv_encrypt(auth->ke, auth->curve->hash_len, - i_auth, i_auth_len, - 2, addr, len, wrapped_i_auth) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke", - wrapped_i_auth, i_auth_len + AES_BLOCK_SIZE); - } else { - /* R-nonce wrapped with k2 */ - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, r_nonce_len + AES_BLOCK_SIZE); - wrapped_r_nonce = wpabuf_put(msg, r_nonce_len + AES_BLOCK_SIZE); - - WPA_PUT_LE16(r_nonce, DPP_ATTR_R_NONCE); - WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len); - os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len); - - if (aes_siv_encrypt(auth->k2, auth->curve->hash_len, - r_nonce, r_nonce_len, - 2, addr, len, wrapped_r_nonce) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: {R-nonce}k2", - wrapped_r_nonce, r_nonce_len + AES_BLOCK_SIZE); - } + if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { + static const char *bogus_tech = "knfra"; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF) { - wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data"); - dpp_build_attr_status(msg, DPP_STATUS_OK); + wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); + tech = bogus_tech; } -skip_wrapped_data: #endif /* CONFIG_TESTING_OPTIONS */ - wpa_hexdump_buf(MSG_DEBUG, - "DPP: Authentication Confirmation frame attributes", - msg); - if (status == DPP_STATUS_OK) - dpp_auth_success(auth); - - return msg; - -fail: - wpabuf_free(msg); - return NULL; -} - + dpp_name = name ? name : "Test"; + name_len = os_strlen(dpp_name); -static void -dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr, - const u8 *attr_start, size_t attr_len, - const u8 *wrapped_data, u16 wrapped_data_len, - enum dpp_status_error status) -{ - const u8 *addr[2]; - size_t len[2]; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - const u8 *i_nonce, *r_capab; - u16 i_nonce_len, r_capab_len; - - if (status == DPP_STATUS_NOT_COMPATIBLE) { - wpa_printf(MSG_DEBUG, - "DPP: Responder reported incompatible roles"); - } else if (status == DPP_STATUS_RESPONSE_PENDING) { - wpa_printf(MSG_DEBUG, - "DPP: Responder reported more time needed"); - } else { - wpa_printf(MSG_DEBUG, - "DPP: Responder reported failure (status %d)", - status); - dpp_auth_fail(auth, "Responder reported failure"); - return; - } - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - addr[1] = attr_start; - len[1] = attr_len; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - goto fail; - if (aes_siv_decrypt(auth->k1, auth->curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); - goto fail; - } - - i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "Missing or invalid I-nonce"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); - if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) { - dpp_auth_fail(auth, "I-nonce mismatch"); - goto fail; - } - - r_capab = dpp_get_attr(unwrapped, unwrapped_len, - DPP_ATTR_R_CAPABILITIES, - &r_capab_len); - if (!r_capab || r_capab_len < 1) { - dpp_auth_fail(auth, "Missing or invalid R-capabilities"); - goto fail; - } - auth->r_capab = r_capab[0]; - wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab); - if (status == DPP_STATUS_NOT_COMPATIBLE) { - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE - "r-capab=0x%02x", auth->r_capab); - } else if (status == DPP_STATUS_RESPONSE_PENDING) { - u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK; - - if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) || - (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) { - wpa_msg(auth->msg_ctx, MSG_INFO, - DPP_EVENT_FAIL "Unexpected role in R-capabilities 0x%02x", - role); - } else { - wpa_printf(MSG_DEBUG, - "DPP: Continue waiting for full DPP Authentication Response"); - wpa_msg(auth->msg_ctx, MSG_INFO, - DPP_EVENT_RESPONSE_PENDING "%s", - auth->tmp_own_bi ? auth->tmp_own_bi->uri : ""); - } - } -fail: - bin_clear_free(unwrapped, unwrapped_len); -} - - -struct wpabuf * -dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, - const u8 *attr_start, size_t attr_len) -{ - EVP_PKEY *pr; - size_t secret_len; - const u8 *addr[2]; - size_t len[2]; - u8 *unwrapped = NULL, *unwrapped2 = NULL; - size_t unwrapped_len = 0, unwrapped2_len = 0; - const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *r_proto, - *r_nonce, *i_nonce, *r_capab, *wrapped2, *r_auth; - u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len, status_len, - r_proto_len, r_nonce_len, i_nonce_len, r_capab_len, - wrapped2_len, r_auth_len; - u8 r_auth2[DPP_MAX_HASH_LEN]; - u8 role; + len = 100 + name_len * 6 + 1 + int_array_len(opclasses) * 4; + if (mud_url && mud_url[0]) + len += 10 + os_strlen(mud_url); #ifdef CONFIG_DPP2 - const u8 *version; - u16 version_len; -#endif /* CONFIG_DPP2 */ + if (auth->csr) { + size_t csr_len; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_AUTH_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at Authentication Response"); - return NULL; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (!auth->initiator || !auth->peer_bi) { - dpp_auth_fail(auth, "Unexpected Authentication Response"); - return NULL; - } - - auth->waiting_auth_resp = 0; - - wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { - dpp_auth_fail(auth, - "Missing or invalid required Wrapped Data attribute"); - return NULL; - } - wpa_hexdump(MSG_DEBUG, "DPP: Wrapped data", - wrapped_data, wrapped_data_len); - - attr_len = wrapped_data - 4 - attr_start; - - r_bootstrap = dpp_get_attr(attr_start, attr_len, - DPP_ATTR_R_BOOTSTRAP_KEY_HASH, - &r_bootstrap_len); - if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { - dpp_auth_fail(auth, - "Missing or invalid required Responder Bootstrapping Key Hash attribute"); - return NULL; - } - wpa_hexdump(MSG_DEBUG, "DPP: Responder Bootstrapping Key Hash", - r_bootstrap, r_bootstrap_len); - if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash, - SHA256_MAC_LEN) != 0) { - dpp_auth_fail(auth, - "Unexpected Responder Bootstrapping Key Hash value"); - wpa_hexdump(MSG_DEBUG, - "DPP: Expected Responder Bootstrapping Key Hash", - auth->peer_bi->pubkey_hash, SHA256_MAC_LEN); - return NULL; - } - - i_bootstrap = dpp_get_attr(attr_start, attr_len, - DPP_ATTR_I_BOOTSTRAP_KEY_HASH, - &i_bootstrap_len); - if (i_bootstrap) { - if (i_bootstrap_len != SHA256_MAC_LEN) { - dpp_auth_fail(auth, - "Invalid Initiator Bootstrapping Key Hash attribute"); - return NULL; - } - wpa_hexdump(MSG_MSGDUMP, - "DPP: Initiator Bootstrapping Key Hash", - i_bootstrap, i_bootstrap_len); - if (!auth->own_bi || - os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash, - SHA256_MAC_LEN) != 0) { - dpp_auth_fail(auth, - "Initiator Bootstrapping Key Hash attribute did not match"); - return NULL; - } - } else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) { - /* PKEX bootstrapping mandates use of mutual authentication */ - dpp_auth_fail(auth, - "Missing Initiator Bootstrapping Key Hash attribute"); - return NULL; - } - - auth->peer_version = 1; /* default to the first version */ -#ifdef CONFIG_DPP2 - version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION, - &version_len); - if (version) { - if (version_len < 1 || version[0] == 0) { - dpp_auth_fail(auth, - "Invalid Protocol Version attribute"); + csr = base64_encode_no_lf(wpabuf_head(auth->csr), + wpabuf_len(auth->csr), &csr_len); + if (!csr) return NULL; - } - auth->peer_version = version[0]; - wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", - auth->peer_version); + len += 30 + csr_len; } #endif /* CONFIG_DPP2 */ - - status = dpp_get_attr(attr_start, attr_len, DPP_ATTR_STATUS, - &status_len); - if (!status || status_len < 1) { - dpp_auth_fail(auth, - "Missing or invalid required DPP Status attribute"); - return NULL; - } - wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]); - auth->auth_resp_status = status[0]; - if (status[0] != DPP_STATUS_OK) { - dpp_auth_resp_rx_status(auth, hdr, attr_start, - attr_len, wrapped_data, - wrapped_data_len, status[0]); + json = wpabuf_alloc(len); + if (!json) return NULL; - } - - if (!i_bootstrap && auth->own_bi) { - wpa_printf(MSG_DEBUG, - "DPP: Responder decided not to use mutual authentication"); - auth->own_bi = NULL; - } - - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_DIRECTION "mutual=%d", - auth->own_bi != NULL); - r_proto = dpp_get_attr(attr_start, attr_len, DPP_ATTR_R_PROTOCOL_KEY, - &r_proto_len); - if (!r_proto) { - dpp_auth_fail(auth, - "Missing required Responder Protocol Key attribute"); - return NULL; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Protocol Key", - r_proto, r_proto_len); - - /* N = pI * PR */ - pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len); - if (!pr) { - dpp_auth_fail(auth, "Invalid Responder Protocol Key"); + json_start_object(json, NULL); + if (json_add_string_escape(json, "name", dpp_name, name_len) < 0) { + wpabuf_free(json); return NULL; } - dpp_debug_print_key("Peer (Responder) Protocol Key", pr); - - if (dpp_ecdh(auth->own_protocol_key, pr, auth->Nx, &secret_len) < 0) { - dpp_auth_fail(auth, "Failed to derive ECDH shared secret"); - goto fail; - } - EVP_PKEY_free(auth->peer_protocol_key); - auth->peer_protocol_key = pr; - pr = NULL; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (N.x)", - auth->Nx, auth->secret_len); - auth->Nx_len = auth->secret_len; - - if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2, - auth->curve->hash_len) < 0) - goto fail; - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - addr[1] = attr_start; - len[1] = attr_len; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - goto fail; - if (aes_siv_decrypt(auth->k2, auth->curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); - goto fail; - } - - r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, - &r_nonce_len); - if (!r_nonce || r_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len); - os_memcpy(auth->r_nonce, r_nonce, r_nonce_len); - - i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "Missing or invalid I-nonce"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); - if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) { - dpp_auth_fail(auth, "I-nonce mismatch"); - goto fail; + json_value_sep(json); + json_add_string(json, "wi-fi_tech", tech); + json_value_sep(json); + json_add_string(json, "netRole", dpp_netrole_str(netrole)); + if (mud_url && mud_url[0]) { + json_value_sep(json); + json_add_string(json, "mudurl", mud_url); } + if (opclasses) { + int i; - if (auth->own_bi) { - /* Mutual authentication */ - if (dpp_auth_derive_l_initiator(auth) < 0) - goto fail; - } - - r_capab = dpp_get_attr(unwrapped, unwrapped_len, - DPP_ATTR_R_CAPABILITIES, - &r_capab_len); - if (!r_capab || r_capab_len < 1) { - dpp_auth_fail(auth, "Missing or invalid R-capabilities"); - goto fail; - } - auth->r_capab = r_capab[0]; - wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab); - role = auth->r_capab & DPP_CAPAB_ROLE_MASK; - if ((auth->allowed_roles == - (DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE)) && - (role == DPP_CAPAB_CONFIGURATOR || role == DPP_CAPAB_ENROLLEE)) { - /* Peer selected its role, so move from "either role" to the - * role that is compatible with peer's selection. */ - auth->configurator = role == DPP_CAPAB_ENROLLEE; - wpa_printf(MSG_DEBUG, "DPP: Acting as %s", - auth->configurator ? "Configurator" : "Enrollee"); - } else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) || - (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) { - wpa_printf(MSG_DEBUG, "DPP: Incompatible role selection"); - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Unexpected role in R-capabilities 0x%02x", - role); - if (role != DPP_CAPAB_ENROLLEE && - role != DPP_CAPAB_CONFIGURATOR) - goto fail; - bin_clear_free(unwrapped, unwrapped_len); - auth->remove_on_tx_status = 1; - return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE); + json_value_sep(json); + json_start_array(json, "bandSupport"); + for (i = 0; opclasses[i]; i++) + wpabuf_printf(json, "%s%u", i ? "," : "", opclasses[i]); + json_end_array(json); } - - wrapped2 = dpp_get_attr(unwrapped, unwrapped_len, - DPP_ATTR_WRAPPED_DATA, &wrapped2_len); - if (!wrapped2 || wrapped2_len < AES_BLOCK_SIZE) { - dpp_auth_fail(auth, - "Missing or invalid Secondary Wrapped Data"); - goto fail; + if (csr) { + json_value_sep(json); + json_add_string(json, "pkcs10", csr); } + json_end_object(json); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped2, wrapped2_len); - - if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0) - goto fail; + buf = dpp_build_conf_req(auth, wpabuf_head(json)); + wpabuf_free(json); + os_free(csr); - unwrapped2_len = wrapped2_len - AES_BLOCK_SIZE; - unwrapped2 = os_malloc(unwrapped2_len); - if (!unwrapped2) - goto fail; - if (aes_siv_decrypt(auth->ke, auth->curve->hash_len, - wrapped2, wrapped2_len, - 0, NULL, NULL, unwrapped2) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped2, unwrapped2_len); - - if (dpp_check_attrs(unwrapped2, unwrapped2_len) < 0) { - dpp_auth_fail(auth, - "Invalid attribute in secondary unwrapped data"); - goto fail; - } - - r_auth = dpp_get_attr(unwrapped2, unwrapped2_len, DPP_ATTR_R_AUTH_TAG, - &r_auth_len); - if (!r_auth || r_auth_len != auth->curve->hash_len) { - dpp_auth_fail(auth, - "Missing or invalid Responder Authenticating Tag"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: Received Responder Authenticating Tag", - r_auth, r_auth_len); - /* R-auth' = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */ - if (dpp_gen_r_auth(auth, r_auth2) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: Calculated Responder Authenticating Tag", - r_auth2, r_auth_len); - if (os_memcmp(r_auth, r_auth2, r_auth_len) != 0) { - dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag"); - bin_clear_free(unwrapped, unwrapped_len); - bin_clear_free(unwrapped2, unwrapped2_len); - auth->remove_on_tx_status = 1; - return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE); - } - - bin_clear_free(unwrapped, unwrapped_len); - bin_clear_free(unwrapped2, unwrapped2_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF) { - wpa_printf(MSG_INFO, - "DPP: TESTING - Authentication Response in place of Confirm"); - if (dpp_auth_build_resp_ok(auth) < 0) - return NULL; - return wpabuf_dup(auth->resp_msg); - } -#endif /* CONFIG_TESTING_OPTIONS */ - - return dpp_auth_build_conf(auth, DPP_STATUS_OK); - -fail: - bin_clear_free(unwrapped, unwrapped_len); - bin_clear_free(unwrapped2, unwrapped2_len); - EVP_PKEY_free(pr); - return NULL; -} - - -static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth, - const u8 *hdr, - const u8 *attr_start, size_t attr_len, - const u8 *wrapped_data, - u16 wrapped_data_len, - enum dpp_status_error status) -{ - const u8 *addr[2]; - size_t len[2]; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - const u8 *r_nonce; - u16 r_nonce_len; - - /* Authentication Confirm failure cases are expected to include - * {R-nonce}k2 in the Wrapped Data attribute. */ - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - addr[1] = attr_start; - len[1] = attr_len; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) { - dpp_auth_fail(auth, "Authentication failed"); - goto fail; - } - if (aes_siv_decrypt(auth->k2, auth->curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); - goto fail; - } - - r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, - &r_nonce_len); - if (!r_nonce || r_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce"); - goto fail; - } - if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) { - wpa_hexdump(MSG_DEBUG, "DPP: Received R-nonce", - r_nonce, r_nonce_len); - wpa_hexdump(MSG_DEBUG, "DPP: Expected R-nonce", - auth->r_nonce, r_nonce_len); - dpp_auth_fail(auth, "R-nonce mismatch"); - goto fail; - } - - if (status == DPP_STATUS_NOT_COMPATIBLE) - dpp_auth_fail(auth, "Peer reported incompatible R-capab role"); - else if (status == DPP_STATUS_AUTH_FAILURE) - dpp_auth_fail(auth, "Peer reported authentication failure)"); - -fail: - bin_clear_free(unwrapped, unwrapped_len); - return -1; -} - - -int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, - const u8 *attr_start, size_t attr_len) -{ - const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *i_auth; - u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len, status_len, - i_auth_len; - const u8 *addr[2]; - size_t len[2]; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - u8 i_auth2[DPP_MAX_HASH_LEN]; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at Authentication Confirm"); - return -1; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (auth->initiator || !auth->own_bi) { - dpp_auth_fail(auth, "Unexpected Authentication Confirm"); - return -1; - } - - auth->waiting_auth_conf = 0; - - wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { - dpp_auth_fail(auth, - "Missing or invalid required Wrapped Data attribute"); - return -1; - } - wpa_hexdump(MSG_DEBUG, "DPP: Wrapped data", - wrapped_data, wrapped_data_len); - - attr_len = wrapped_data - 4 - attr_start; - - r_bootstrap = dpp_get_attr(attr_start, attr_len, - DPP_ATTR_R_BOOTSTRAP_KEY_HASH, - &r_bootstrap_len); - if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { - dpp_auth_fail(auth, - "Missing or invalid required Responder Bootstrapping Key Hash attribute"); - return -1; - } - wpa_hexdump(MSG_DEBUG, "DPP: Responder Bootstrapping Key Hash", - r_bootstrap, r_bootstrap_len); - if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash, - SHA256_MAC_LEN) != 0) { - wpa_hexdump(MSG_DEBUG, - "DPP: Expected Responder Bootstrapping Key Hash", - auth->peer_bi->pubkey_hash, SHA256_MAC_LEN); - dpp_auth_fail(auth, - "Responder Bootstrapping Key Hash mismatch"); - return -1; - } - - i_bootstrap = dpp_get_attr(attr_start, attr_len, - DPP_ATTR_I_BOOTSTRAP_KEY_HASH, - &i_bootstrap_len); - if (i_bootstrap) { - if (i_bootstrap_len != SHA256_MAC_LEN) { - dpp_auth_fail(auth, - "Invalid Initiator Bootstrapping Key Hash attribute"); - return -1; - } - wpa_hexdump(MSG_MSGDUMP, - "DPP: Initiator Bootstrapping Key Hash", - i_bootstrap, i_bootstrap_len); - if (!auth->peer_bi || - os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash, - SHA256_MAC_LEN) != 0) { - dpp_auth_fail(auth, - "Initiator Bootstrapping Key Hash mismatch"); - return -1; - } - } else if (auth->peer_bi) { - /* Mutual authentication and peer did not include its - * Bootstrapping Key Hash attribute. */ - dpp_auth_fail(auth, - "Missing Initiator Bootstrapping Key Hash attribute"); - return -1; - } - - status = dpp_get_attr(attr_start, attr_len, DPP_ATTR_STATUS, - &status_len); - if (!status || status_len < 1) { - dpp_auth_fail(auth, - "Missing or invalid required DPP Status attribute"); - return -1; - } - wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]); - if (status[0] == DPP_STATUS_NOT_COMPATIBLE || - status[0] == DPP_STATUS_AUTH_FAILURE) - return dpp_auth_conf_rx_failure(auth, hdr, attr_start, - attr_len, wrapped_data, - wrapped_data_len, status[0]); - - if (status[0] != DPP_STATUS_OK) { - dpp_auth_fail(auth, "Authentication failed"); - return -1; - } - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - addr[1] = attr_start; - len[1] = attr_len; - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - return -1; - if (aes_siv_decrypt(auth->ke, auth->curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_auth_fail(auth, "AES-SIV decryption failed"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); - goto fail; - } - - i_auth = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_AUTH_TAG, - &i_auth_len); - if (!i_auth || i_auth_len != auth->curve->hash_len) { - dpp_auth_fail(auth, - "Missing or invalid Initiator Authenticating Tag"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: Received Initiator Authenticating Tag", - i_auth, i_auth_len); - /* I-auth' = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */ - if (dpp_gen_i_auth(auth, i_auth2) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: Calculated Initiator Authenticating Tag", - i_auth2, i_auth_len); - if (os_memcmp(i_auth, i_auth2, i_auth_len) != 0) { - dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag"); - goto fail; - } - - bin_clear_free(unwrapped, unwrapped_len); - dpp_auth_success(auth); - return 0; -fail: - bin_clear_free(unwrapped, unwrapped_len); - return -1; + return buf; } @@ -4233,6 +935,8 @@ struct dpp_configuration * dpp_configuration_alloc(const char *type) conf->akm = DPP_AKM_PSK_SAE_DPP; else if (bin_str_eq(type, len, "dpp")) conf->akm = DPP_AKM_DPP; + else if (bin_str_eq(type, len, "dot1x")) + conf->akm = DPP_AKM_DOT1X; else goto fail; @@ -4295,22 +999,25 @@ void dpp_configuration_free(struct dpp_configuration *conf) return; str_clear_free(conf->passphrase); os_free(conf->group_id); + os_free(conf->csrattrs); bin_clear_free(conf, sizeof(*conf)); } -static int dpp_configuration_parse(struct dpp_authentication *auth, - const char *cmd) +static int dpp_configuration_parse_helper(struct dpp_authentication *auth, + const char *cmd, int idx) { const char *pos, *end; struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL; struct dpp_configuration *conf = NULL; + size_t len; pos = os_strstr(cmd, " conf=sta-"); if (pos) { conf_sta = dpp_configuration_alloc(pos + 10); if (!conf_sta) goto fail; + conf_sta->netrole = DPP_NETROLE_STA; conf = conf_sta; } @@ -4319,9 +1026,14 @@ static int dpp_configuration_parse(struct dpp_authentication *auth, conf_ap = dpp_configuration_alloc(pos + 9); if (!conf_ap) goto fail; + conf_ap->netrole = DPP_NETROLE_AP; conf = conf_ap; } + pos = os_strstr(cmd, " conf=configurator"); + if (pos) + auth->provision_configurator = 1; + if (!conf) return 0; @@ -4344,6 +1056,16 @@ static int dpp_configuration_parse(struct dpp_authentication *auth, #endif /* CONFIG_TESTING_OPTIONS */ } + pos = os_strstr(cmd, " ssid_charset="); + if (pos) { + if (conf_ap) { + wpa_printf(MSG_INFO, + "DPP: ssid64 option (ssid_charset param) not allowed for AP enrollee"); + goto fail; + } + conf->ssid_charset = atoi(pos + 14); + } + pos = os_strstr(cmd, " pass="); if (pos) { size_t pass_len; @@ -4393,11 +1115,29 @@ static int dpp_configuration_parse(struct dpp_authentication *auth, conf->netaccesskey_expiry = val; } + pos = os_strstr(cmd, " csrattrs="); + if (pos) { + pos += 10; + end = os_strchr(pos, ' '); + len = end ? (size_t) (end - pos) : os_strlen(pos); + conf->csrattrs = os_zalloc(len + 1); + if (!conf->csrattrs) + goto fail; + os_memcpy(conf->csrattrs, pos, len); + } + if (!dpp_configuration_valid(conf)) goto fail; - auth->conf_sta = conf_sta; - auth->conf_ap = conf_ap; + if (idx == 0) { + auth->conf_sta = conf_sta; + auth->conf_ap = conf_ap; + } else if (idx == 1) { + auth->conf2_sta = conf_sta; + auth->conf2_ap = conf_ap; + } else { + goto fail; + } return 0; fail: @@ -4407,6 +1147,41 @@ fail: } +static int dpp_configuration_parse(struct dpp_authentication *auth, + const char *cmd) +{ + const char *pos; + char *tmp; + size_t len; + int res; + + pos = os_strstr(cmd, " @CONF-OBJ-SEP@ "); + if (!pos) + return dpp_configuration_parse_helper(auth, cmd, 0); + + len = pos - cmd; + tmp = os_malloc(len + 1); + if (!tmp) + goto fail; + os_memcpy(tmp, cmd, len); + tmp[len] = '\0'; + res = dpp_configuration_parse_helper(auth, cmd, 0); + str_clear_free(tmp); + if (res) + goto fail; + res = dpp_configuration_parse_helper(auth, cmd + len, 1); + if (res) + goto fail; + return 0; +fail: + dpp_configuration_free(auth->conf_sta); + dpp_configuration_free(auth->conf2_sta); + dpp_configuration_free(auth->conf_ap); + dpp_configuration_free(auth->conf2_ap); + return -1; +} + + static struct dpp_configurator * dpp_configurator_get_id(struct dpp_global *dpp, unsigned int id) { @@ -4424,52 +1199,110 @@ dpp_configurator_get_id(struct dpp_global *dpp, unsigned int id) } -int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx, - struct dpp_authentication *auth, - const char *cmd) +int dpp_set_configurator(struct dpp_authentication *auth, const char *cmd) { const char *pos; + char *tmp = NULL; + int ret = -1; - if (!cmd) + if (!cmd || auth->configurator_set) return 0; + auth->configurator_set = 1; + + if (cmd[0] != ' ') { + size_t len; + + len = os_strlen(cmd); + tmp = os_malloc(len + 2); + if (!tmp) + goto fail; + tmp[0] = ' '; + os_memcpy(tmp + 1, cmd, len + 1); + cmd = tmp; + } wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd); pos = os_strstr(cmd, " configurator="); - if (pos) { + if (!auth->conf && pos) { pos += 14; - auth->conf = dpp_configurator_get_id(dpp, atoi(pos)); + auth->conf = dpp_configurator_get_id(auth->global, atoi(pos)); if (!auth->conf) { wpa_printf(MSG_INFO, "DPP: Could not find the specified configurator"); - return -1; + goto fail; } } + pos = os_strstr(cmd, " conn_status="); + if (pos) { + pos += 13; + auth->send_conn_status = atoi(pos); + } + + pos = os_strstr(cmd, " akm_use_selector="); + if (pos) { + pos += 18; + auth->akm_use_selector = atoi(pos); + } + if (dpp_configuration_parse(auth, cmd) < 0) { - wpa_msg(msg_ctx, MSG_INFO, + wpa_msg(auth->msg_ctx, MSG_INFO, "DPP: Failed to set configurator parameters"); - return -1; + goto fail; } - return 0; + ret = 0; +fail: + os_free(tmp); + return ret; } void dpp_auth_deinit(struct dpp_authentication *auth) { + unsigned int i; + if (!auth) return; dpp_configuration_free(auth->conf_ap); + dpp_configuration_free(auth->conf2_ap); dpp_configuration_free(auth->conf_sta); + dpp_configuration_free(auth->conf2_sta); EVP_PKEY_free(auth->own_protocol_key); EVP_PKEY_free(auth->peer_protocol_key); + EVP_PKEY_free(auth->reconfig_old_protocol_key); wpabuf_free(auth->req_msg); wpabuf_free(auth->resp_msg); wpabuf_free(auth->conf_req); - os_free(auth->connector); + wpabuf_free(auth->reconfig_req_msg); + wpabuf_free(auth->reconfig_resp_msg); + for (i = 0; i < auth->num_conf_obj; i++) { + struct dpp_config_obj *conf = &auth->conf_obj[i]; + + os_free(conf->connector); + wpabuf_free(conf->c_sign_key); + wpabuf_free(conf->certbag); + wpabuf_free(conf->certs); + wpabuf_free(conf->cacert); + os_free(conf->server_name); + wpabuf_free(conf->pp_key); + } +#ifdef CONFIG_DPP2 + dpp_free_asymmetric_key(auth->conf_key_pkg); + os_free(auth->csrattrs); + wpabuf_free(auth->csr); + wpabuf_free(auth->priv_key); + wpabuf_free(auth->cacert); + wpabuf_free(auth->certbag); + os_free(auth->trusted_eap_server_name); + wpabuf_free(auth->conf_resp_tcp); +#endif /* CONFIG_DPP2 */ wpabuf_free(auth->net_access_key); - wpabuf_free(auth->c_sign_key); dpp_bootstrap_info_free(auth->tmp_own_bi); + if (auth->tmp_peer_bi) { + dl_list_del(&auth->tmp_peer_bi->list); + dpp_bootstrap_info_free(auth->tmp_peer_bi); + } #ifdef CONFIG_TESTING_OPTIONS os_free(auth->config_obj_override); os_free(auth->discovery_override); @@ -4484,7 +1317,6 @@ dpp_build_conf_start(struct dpp_authentication *auth, struct dpp_configuration *conf, size_t tailroom) { struct wpabuf *buf; - char ssid[6 * sizeof(conf->ssid) + 1]; #ifdef CONFIG_TESTING_OPTIONS if (auth->discovery_override) @@ -4494,62 +1326,71 @@ dpp_build_conf_start(struct dpp_authentication *auth, buf = wpabuf_alloc(200 + tailroom); if (!buf) return NULL; - wpabuf_put_str(buf, "{\"wi-fi_tech\":\"infra\",\"discovery\":"); + json_start_object(buf, NULL); + json_add_string(buf, "wi-fi_tech", "infra"); + json_value_sep(buf); #ifdef CONFIG_TESTING_OPTIONS if (auth->discovery_override) { wpa_printf(MSG_DEBUG, "DPP: TESTING - discovery override: '%s'", auth->discovery_override); + wpabuf_put_str(buf, "\"discovery\":"); wpabuf_put_str(buf, auth->discovery_override); - wpabuf_put_u8(buf, ','); + json_value_sep(buf); return buf; } #endif /* CONFIG_TESTING_OPTIONS */ - wpabuf_put_str(buf, "{\"ssid\":\""); - json_escape_string(ssid, sizeof(ssid), - (const char *) conf->ssid, conf->ssid_len); - wpabuf_put_str(buf, ssid); - wpabuf_put_str(buf, "\"},"); + json_start_object(buf, "discovery"); + if (((!conf->ssid_charset || auth->peer_version < 2) && + json_add_string_escape(buf, "ssid", conf->ssid, + conf->ssid_len) < 0) || + ((conf->ssid_charset && auth->peer_version >= 2) && + json_add_base64url(buf, "ssid64", conf->ssid, + conf->ssid_len) < 0)) { + wpabuf_free(buf); + return NULL; + } + if (conf->ssid_charset > 0) { + json_value_sep(buf); + json_add_int(buf, "ssid_charset", conf->ssid_charset); + } + json_end_object(buf); + json_value_sep(buf); return buf; } -static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, - const char *kid, const struct dpp_curve_params *curve) +int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, + const char *kid, const struct dpp_curve_params *curve) { struct wpabuf *pub; const u8 *pos; - char *x = NULL, *y = NULL; int ret = -1; pub = dpp_get_pubkey_point(key, 0); if (!pub) goto fail; + + json_start_object(buf, name); + json_add_string(buf, "kty", "EC"); + json_value_sep(buf); + json_add_string(buf, "crv", curve->jwk_crv); + json_value_sep(buf); pos = wpabuf_head(pub); - x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0); + if (json_add_base64url(buf, "x", pos, curve->prime_len) < 0) + goto fail; + json_value_sep(buf); pos += curve->prime_len; - y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0); - if (!x || !y) + if (json_add_base64url(buf, "y", pos, curve->prime_len) < 0) goto fail; - - wpabuf_put_str(buf, "\""); - wpabuf_put_str(buf, name); - wpabuf_put_str(buf, "\":{\"kty\":\"EC\",\"crv\":\""); - wpabuf_put_str(buf, curve->jwk_crv); - wpabuf_put_str(buf, "\",\"x\":\""); - wpabuf_put_str(buf, x); - wpabuf_put_str(buf, "\",\"y\":\""); - wpabuf_put_str(buf, y); if (kid) { - wpabuf_put_str(buf, "\",\"kid\":\""); - wpabuf_put_str(buf, kid); + json_value_sep(buf); + json_add_string(buf, "kid", kid); } - wpabuf_put_str(buf, "\"}"); + json_end_object(buf); ret = 0; fail: wpabuf_free(pub); - os_free(x); - os_free(y); return ret; } @@ -4558,49 +1399,47 @@ static void dpp_build_legacy_cred_params(struct wpabuf *buf, struct dpp_configuration *conf) { if (conf->passphrase && os_strlen(conf->passphrase) < 64) { - char pass[63 * 6 + 1]; - - json_escape_string(pass, sizeof(pass), conf->passphrase, - os_strlen(conf->passphrase)); - wpabuf_put_str(buf, "\"pass\":\""); - wpabuf_put_str(buf, pass); - wpabuf_put_str(buf, "\""); - os_memset(pass, 0, sizeof(pass)); + json_add_string_escape(buf, "pass", conf->passphrase, + os_strlen(conf->passphrase)); } else if (conf->psk_set) { char psk[2 * sizeof(conf->psk) + 1]; wpa_snprintf_hex(psk, sizeof(psk), conf->psk, sizeof(conf->psk)); - wpabuf_put_str(buf, "\"psk_hex\":\""); - wpabuf_put_str(buf, psk); - wpabuf_put_str(buf, "\""); - os_memset(psk, 0, sizeof(psk)); + json_add_string(buf, "psk_hex", psk); + forced_memzero(psk, sizeof(psk)); + } +} + + +static const char * dpp_netrole_str(enum dpp_netrole netrole) +{ + switch (netrole) { + case DPP_NETROLE_STA: + return "sta"; + case DPP_NETROLE_AP: + return "ap"; + case DPP_NETROLE_CONFIGURATOR: + return "configurator"; + default: + return "??"; } } static struct wpabuf * -dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap, +dpp_build_conf_obj_dpp(struct dpp_authentication *auth, struct dpp_configuration *conf) { struct wpabuf *buf = NULL; - char *signed1 = NULL, *signed2 = NULL, *signed3 = NULL; + char *signed_conn = NULL; size_t tailroom; const struct dpp_curve_params *curve; - char jws_prot_hdr[100]; - size_t signed1_len, signed2_len, signed3_len; struct wpabuf *dppcon = NULL; - unsigned char *signature = NULL; - const unsigned char *p; - size_t signature_len; - EVP_MD_CTX *md_ctx = NULL; - ECDSA_SIG *sig = NULL; - char *dot = "."; - const EVP_MD *sign_md; - const BIGNUM *r, *s; size_t extra_len = 1000; int incl_legacy; enum dpp_akm akm; + const char *akm_str; if (!auth->conf) { wpa_printf(MSG_INFO, @@ -4608,16 +1447,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap, goto fail; } curve = auth->conf->curve; - if (curve->hash_len == SHA256_MAC_LEN) { - sign_md = EVP_sha256(); - } else if (curve->hash_len == SHA384_MAC_LEN) { - sign_md = EVP_sha384(); - } else if (curve->hash_len == SHA512_MAC_LEN) { - sign_md = EVP_sha512(); - } else { - wpa_printf(MSG_DEBUG, "DPP: Unknown signature algorithm"); - goto fail; - } akm = conf->akm; if (dpp_akm_ver2(akm) && auth->peer_version < 2) { @@ -4647,142 +1476,136 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap, auth->groups_override); wpabuf_put_str(dppcon, "\"groups\":"); wpabuf_put_str(dppcon, auth->groups_override); - wpabuf_put_u8(dppcon, ','); + json_value_sep(dppcon); } goto skip_groups; } #endif /* CONFIG_TESTING_OPTIONS */ - wpabuf_printf(dppcon, "{\"groups\":[{\"groupId\":\"%s\",", - conf->group_id ? conf->group_id : "*"); - wpabuf_printf(dppcon, "\"netRole\":\"%s\"}],", ap ? "ap" : "sta"); + json_start_object(dppcon, NULL); + json_start_array(dppcon, "groups"); + json_start_object(dppcon, NULL); + json_add_string(dppcon, "groupId", + conf->group_id ? conf->group_id : "*"); + json_value_sep(dppcon); + json_add_string(dppcon, "netRole", dpp_netrole_str(conf->netrole)); + json_end_object(dppcon); + json_end_array(dppcon); + json_value_sep(dppcon); #ifdef CONFIG_TESTING_OPTIONS skip_groups: #endif /* CONFIG_TESTING_OPTIONS */ - if (dpp_build_jwk(dppcon, "netAccessKey", auth->peer_protocol_key, NULL, + if (!auth->peer_protocol_key || + dpp_build_jwk(dppcon, "netAccessKey", auth->peer_protocol_key, NULL, auth->curve) < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to build netAccessKey JWK"); goto fail; } if (conf->netaccesskey_expiry) { struct os_tm tm; + char expiry[30]; if (os_gmtime(conf->netaccesskey_expiry, &tm) < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to generate expiry string"); goto fail; } - wpabuf_printf(dppcon, - ",\"expiry\":\"%04u-%02u-%02uT%02u:%02u:%02uZ\"", - tm.year, tm.month, tm.day, - tm.hour, tm.min, tm.sec); - } - wpabuf_put_u8(dppcon, '}'); + os_snprintf(expiry, sizeof(expiry), + "%04u-%02u-%02uT%02u:%02u:%02uZ", + tm.year, tm.month, tm.day, + tm.hour, tm.min, tm.sec); + json_value_sep(dppcon); + json_add_string(dppcon, "expiry", expiry); + } + json_end_object(dppcon); wpa_printf(MSG_DEBUG, "DPP: dppCon: %s", (const char *) wpabuf_head(dppcon)); - os_snprintf(jws_prot_hdr, sizeof(jws_prot_hdr), - "{\"typ\":\"dppCon\",\"kid\":\"%s\",\"alg\":\"%s\"}", - auth->conf->kid, curve->jws_alg); - signed1 = (char *) base64_url_encode((unsigned char *) jws_prot_hdr, - os_strlen(jws_prot_hdr), - &signed1_len, 0); - signed2 = (char *) base64_url_encode(wpabuf_head(dppcon), - wpabuf_len(dppcon), - &signed2_len, 0); - if (!signed1 || !signed2) - goto fail; - - md_ctx = EVP_MD_CTX_create(); - if (!md_ctx) - goto fail; - - ERR_clear_error(); - if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, - auth->conf->csign) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - if (EVP_DigestSignUpdate(md_ctx, signed1, signed1_len) != 1 || - EVP_DigestSignUpdate(md_ctx, dot, 1) != 1 || - EVP_DigestSignUpdate(md_ctx, signed2, signed2_len) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignUpdate failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - if (EVP_DigestSignFinal(md_ctx, NULL, &signature_len) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignFinal failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - signature = os_malloc(signature_len); - if (!signature) - goto fail; - if (EVP_DigestSignFinal(md_ctx, signature, &signature_len) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignFinal failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: signedConnector ECDSA signature (DER)", - signature, signature_len); - /* Convert to raw coordinates r,s */ - p = signature; - sig = d2i_ECDSA_SIG(NULL, &p, signature_len); - if (!sig) - goto fail; - ECDSA_SIG_get0(sig, &r, &s); - if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 || - dpp_bn2bin_pad(s, signature + curve->prime_len, - curve->prime_len) < 0) - goto fail; - signature_len = 2 * curve->prime_len; - wpa_hexdump(MSG_DEBUG, "DPP: signedConnector ECDSA signature (raw r,s)", - signature, signature_len); - signed3 = (char *) base64_url_encode(signature, signature_len, - &signed3_len, 0); - if (!signed3) + signed_conn = dpp_sign_connector(auth->conf, dppcon); + if (!signed_conn) goto fail; incl_legacy = dpp_akm_psk(akm) || dpp_akm_sae(akm); tailroom = 1000; tailroom += 2 * curve->prime_len * 4 / 3 + os_strlen(auth->conf->kid); - tailroom += signed1_len + signed2_len + signed3_len; + tailroom += os_strlen(signed_conn); if (incl_legacy) tailroom += 1000; + if (akm == DPP_AKM_DOT1X) { + if (auth->certbag) + tailroom += 2 * wpabuf_len(auth->certbag); + if (auth->cacert) + tailroom += 2 * wpabuf_len(auth->cacert); + if (auth->trusted_eap_server_name) + tailroom += os_strlen(auth->trusted_eap_server_name); + tailroom += 1000; + } buf = dpp_build_conf_start(auth, conf, tailroom); if (!buf) goto fail; - wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(akm)); + if (auth->akm_use_selector && dpp_akm_ver2(akm)) + akm_str = dpp_akm_selector_str(akm); + else + akm_str = dpp_akm_str(akm); + json_start_object(buf, "cred"); + json_add_string(buf, "akm", akm_str); + json_value_sep(buf); if (incl_legacy) { dpp_build_legacy_cred_params(buf, conf); - wpabuf_put_str(buf, ","); + json_value_sep(buf); + } + if (akm == DPP_AKM_DOT1X) { + json_start_object(buf, "entCreds"); + if (!auth->certbag) + goto fail; + json_add_base64(buf, "certBag", wpabuf_head(auth->certbag), + wpabuf_len(auth->certbag)); + if (auth->cacert) { + json_value_sep(buf); + json_add_base64(buf, "caCert", + wpabuf_head(auth->cacert), + wpabuf_len(auth->cacert)); + } + if (auth->trusted_eap_server_name) { + json_value_sep(buf); + json_add_string(buf, "trustedEapServerName", + auth->trusted_eap_server_name); + } + json_value_sep(buf); + json_start_array(buf, "eapMethods"); + wpabuf_printf(buf, "%d", EAP_TYPE_TLS); + json_end_array(buf); + json_end_object(buf); + json_value_sep(buf); } wpabuf_put_str(buf, "\"signedConnector\":\""); - wpabuf_put_str(buf, signed1); - wpabuf_put_u8(buf, '.'); - wpabuf_put_str(buf, signed2); - wpabuf_put_u8(buf, '.'); - wpabuf_put_str(buf, signed3); - wpabuf_put_str(buf, "\","); + wpabuf_put_str(buf, signed_conn); + wpabuf_put_str(buf, "\""); + json_value_sep(buf); if (dpp_build_jwk(buf, "csign", auth->conf->csign, auth->conf->kid, curve) < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK"); goto fail; } +#ifdef CONFIG_DPP2 + if (auth->peer_version >= 2 && auth->conf->pp_key) { + json_value_sep(buf); + if (dpp_build_jwk(buf, "ppKey", auth->conf->pp_key, NULL, + curve) < 0) { + wpa_printf(MSG_DEBUG, "DPP: Failed to build ppKey JWK"); + goto fail; + } + } +#endif /* CONFIG_DPP2 */ - wpabuf_put_str(buf, "}}"); + json_end_object(buf); + json_end_object(buf); wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Configuration Object", wpabuf_head(buf), wpabuf_len(buf)); out: - EVP_MD_CTX_destroy(md_ctx); - ECDSA_SIG_free(sig); - os_free(signed1); - os_free(signed2); - os_free(signed3); - os_free(signature); + os_free(signed_conn); wpabuf_free(dppcon); return buf; fail: @@ -4794,18 +1617,26 @@ fail: static struct wpabuf * -dpp_build_conf_obj_legacy(struct dpp_authentication *auth, int ap, +dpp_build_conf_obj_legacy(struct dpp_authentication *auth, struct dpp_configuration *conf) { struct wpabuf *buf; + const char *akm_str; buf = dpp_build_conf_start(auth, conf, 1000); if (!buf) return NULL; - wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm)); + if (auth->akm_use_selector && dpp_akm_ver2(conf->akm)) + akm_str = dpp_akm_selector_str(conf->akm); + else + akm_str = dpp_akm_str(conf->akm); + json_start_object(buf, "cred"); + json_add_string(buf, "akm", akm_str); + json_value_sep(buf); dpp_build_legacy_cred_params(buf, conf); - wpabuf_put_str(buf, "}}"); + json_end_object(buf); + json_end_object(buf); wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Configuration Object (legacy)", wpabuf_head(buf), wpabuf_len(buf)); @@ -4815,37 +1646,64 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth, int ap, static struct wpabuf * -dpp_build_conf_obj(struct dpp_authentication *auth, int ap) +dpp_build_conf_obj(struct dpp_authentication *auth, enum dpp_netrole netrole, + int idx, bool cert_req) { - struct dpp_configuration *conf; + struct dpp_configuration *conf = NULL; #ifdef CONFIG_TESTING_OPTIONS if (auth->config_obj_override) { + if (idx != 0) + return NULL; wpa_printf(MSG_DEBUG, "DPP: Testing - Config Object override"); return wpabuf_alloc_copy(auth->config_obj_override, os_strlen(auth->config_obj_override)); } #endif /* CONFIG_TESTING_OPTIONS */ - conf = ap ? auth->conf_ap : auth->conf_sta; + if (idx == 0) { + if (netrole == DPP_NETROLE_STA) + conf = auth->conf_sta; + else if (netrole == DPP_NETROLE_AP) + conf = auth->conf_ap; + } else if (idx == 1) { + if (netrole == DPP_NETROLE_STA) + conf = auth->conf2_sta; + else if (netrole == DPP_NETROLE_AP) + conf = auth->conf2_ap; + } if (!conf) { - wpa_printf(MSG_DEBUG, - "DPP: No configuration available for Enrollee(%s) - reject configuration request", - ap ? "ap" : "sta"); + if (idx == 0) + wpa_printf(MSG_DEBUG, + "DPP: No configuration available for Enrollee(%s) - reject configuration request", + dpp_netrole_str(netrole)); return NULL; } - if (dpp_akm_dpp(conf->akm)) - return dpp_build_conf_obj_dpp(auth, ap, conf); - return dpp_build_conf_obj_legacy(auth, ap, conf); + if (conf->akm == DPP_AKM_DOT1X) { + if (!auth->conf) { + wpa_printf(MSG_DEBUG, + "DPP: No Configurator data available"); + return NULL; + } + if (!cert_req && !auth->certbag) { + wpa_printf(MSG_DEBUG, + "DPP: No certificate data available for dot1x configuration"); + return NULL; + } + return dpp_build_conf_obj_dpp(auth, conf); + } + if (dpp_akm_dpp(conf->akm) || (auth->peer_version >= 2 && auth->conf)) + return dpp_build_conf_obj_dpp(auth, conf); + return dpp_build_conf_obj_legacy(auth, conf); } -static struct wpabuf * +struct wpabuf * dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce, - u16 e_nonce_len, int ap) + u16 e_nonce_len, enum dpp_netrole netrole, bool cert_req) { - struct wpabuf *conf; + struct wpabuf *conf = NULL, *conf2 = NULL, *env_data = NULL; size_t clear_len, attr_len; struct wpabuf *clear = NULL, *msg = NULL; u8 *wrapped; @@ -4853,18 +1711,49 @@ dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce, size_t len[1]; enum dpp_status_error status; - conf = dpp_build_conf_obj(auth, ap); - if (conf) { - wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON", - wpabuf_head(conf), wpabuf_len(conf)); + if (auth->force_conf_resp_status != DPP_STATUS_OK) { + status = auth->force_conf_resp_status; + goto forced_status; } - status = conf ? DPP_STATUS_OK : DPP_STATUS_CONFIGURE_FAILURE; + + if (netrole == DPP_NETROLE_CONFIGURATOR) { +#ifdef CONFIG_DPP2 + env_data = dpp_build_enveloped_data(auth); +#endif /* CONFIG_DPP2 */ + } else { + conf = dpp_build_conf_obj(auth, netrole, 0, cert_req); + if (conf) { + wpa_hexdump_ascii(MSG_DEBUG, + "DPP: configurationObject JSON", + wpabuf_head(conf), wpabuf_len(conf)); + conf2 = dpp_build_conf_obj(auth, netrole, 1, cert_req); + } + } + + if (conf || env_data) + status = DPP_STATUS_OK; + else if (!cert_req && netrole == DPP_NETROLE_STA && auth->conf_sta && + auth->conf_sta->akm == DPP_AKM_DOT1X && !auth->waiting_csr) + status = DPP_STATUS_CSR_NEEDED; + else + status = DPP_STATUS_CONFIGURE_FAILURE; +forced_status: auth->conf_resp_status = status; - /* { E-nonce, configurationObject}ke */ + /* { E-nonce, configurationObject[, sendConnStatus]}ke */ clear_len = 4 + e_nonce_len; if (conf) clear_len += 4 + wpabuf_len(conf); + if (conf2) + clear_len += 4 + wpabuf_len(conf2); + if (env_data) + clear_len += 4 + wpabuf_len(env_data); + if (auth->peer_version >= 2 && auth->send_conn_status && + netrole == DPP_NETROLE_STA) + clear_len += 4; + if (status == DPP_STATUS_CSR_NEEDED && auth->conf_sta && + auth->conf_sta->csrattrs) + clear_len += 4 + os_strlen(auth->conf_sta->csrattrs); clear = wpabuf_alloc(clear_len); attr_len = 4 + 1 + 4 + clear_len + AES_BLOCK_SIZE; #ifdef CONFIG_TESTING_OPTIONS @@ -4912,6 +1801,35 @@ skip_e_nonce: wpabuf_put_le16(clear, wpabuf_len(conf)); wpabuf_put_buf(clear, conf); } + if (auth->peer_version >= 2 && conf2) { + wpabuf_put_le16(clear, DPP_ATTR_CONFIG_OBJ); + wpabuf_put_le16(clear, wpabuf_len(conf2)); + wpabuf_put_buf(clear, conf2); + } else if (conf2) { + wpa_printf(MSG_DEBUG, + "DPP: Second Config Object available, but peer does not support more than one"); + } + if (env_data) { + wpabuf_put_le16(clear, DPP_ATTR_ENVELOPED_DATA); + wpabuf_put_le16(clear, wpabuf_len(env_data)); + wpabuf_put_buf(clear, env_data); + } + + if (auth->peer_version >= 2 && auth->send_conn_status && + netrole == DPP_NETROLE_STA && status == DPP_STATUS_OK) { + wpa_printf(MSG_DEBUG, "DPP: sendConnStatus"); + wpabuf_put_le16(clear, DPP_ATTR_SEND_CONN_STATUS); + wpabuf_put_le16(clear, 0); + } + + if (status == DPP_STATUS_CSR_NEEDED && auth->conf_sta && + auth->conf_sta->csrattrs) { + auth->waiting_csr = true; + wpa_printf(MSG_DEBUG, "DPP: CSR Attributes Request"); + wpabuf_put_le16(clear, DPP_ATTR_CSR_ATTR_REQ); + wpabuf_put_le16(clear, os_strlen(auth->conf_sta->csrattrs)); + wpabuf_put_str(clear, auth->conf_sta->csrattrs); + } #ifdef CONFIG_TESTING_OPTIONS skip_config_obj: @@ -4959,8 +1877,10 @@ skip_wrapped_data: wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response attributes", msg); out: - wpabuf_free(conf); - wpabuf_free(clear); + wpabuf_clear_free(conf); + wpabuf_clear_free(conf2); + wpabuf_clear_free(env_data); + wpabuf_clear_free(clear); return msg; fail: @@ -4980,7 +1900,8 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, size_t unwrapped_len = 0; struct wpabuf *resp = NULL; struct json_token *root = NULL, *token; - int ap; + enum dpp_netrole netrole; + struct wpabuf *cert_req = NULL; #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_STOP_AT_CONF_REQ) { @@ -5078,106 +1999,121 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, } wpa_printf(MSG_DEBUG, "DPP: netRole = '%s'", token->string); if (os_strcmp(token->string, "sta") == 0) { - ap = 0; + netrole = DPP_NETROLE_STA; } else if (os_strcmp(token->string, "ap") == 0) { - ap = 1; + netrole = DPP_NETROLE_AP; + } else if (os_strcmp(token->string, "configurator") == 0) { + netrole = DPP_NETROLE_CONFIGURATOR; } else { wpa_printf(MSG_DEBUG, "DPP: Unsupported netRole '%s'", token->string); dpp_auth_fail(auth, "Unsupported netRole"); goto fail; } + auth->e_netrole = netrole; + + token = json_get_member(root, "mudurl"); + if (token && token->type == JSON_STRING) { + wpa_printf(MSG_DEBUG, "DPP: mudurl = '%s'", token->string); + wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_MUD_URL "%s", + token->string); + } + + token = json_get_member(root, "bandSupport"); + if (token && token->type == JSON_ARRAY) { + int *opclass = NULL; + char txt[200], *pos, *end; + int i, res; + + wpa_printf(MSG_DEBUG, "DPP: bandSupport"); + token = token->child; + while (token) { + if (token->type != JSON_NUMBER) { + wpa_printf(MSG_DEBUG, + "DPP: Invalid bandSupport array member type"); + } else { + wpa_printf(MSG_DEBUG, + "DPP: Supported global operating class: %d", + token->number); + int_array_add_unique(&opclass, token->number); + } + token = token->sibling; + } - resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, ap); - -fail: - json_free(root); - os_free(unwrapped); - return resp; -} - - -static struct wpabuf * -dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve, - const u8 *prot_hdr, u16 prot_hdr_len, - const EVP_MD **ret_md) -{ - struct json_token *root, *token; - struct wpabuf *kid = NULL; - - root = json_parse((const char *) prot_hdr, prot_hdr_len); - if (!root) { - wpa_printf(MSG_DEBUG, - "DPP: JSON parsing failed for JWS Protected Header"); - goto fail; + txt[0] = '\0'; + pos = txt; + end = txt + sizeof(txt); + for (i = 0; opclass && opclass[i]; i++) { + res = os_snprintf(pos, end - pos, "%s%d", + pos == txt ? "" : ",", opclass[i]); + if (os_snprintf_error(end - pos, res)) { + *pos = '\0'; + break; + } + pos += res; + } + os_free(opclass); + wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_BAND_SUPPORT "%s", + txt); } - if (root->type != JSON_OBJECT) { - wpa_printf(MSG_DEBUG, - "DPP: JWS Protected Header root is not an object"); - goto fail; - } +#ifdef CONFIG_DPP2 + cert_req = json_get_member_base64(root, "pkcs10"); + if (cert_req) { + char *txt; + int id; + + wpa_hexdump_buf(MSG_DEBUG, "DPP: CertificateRequest", cert_req); + if (dpp_validate_csr(auth, cert_req) < 0) { + wpa_printf(MSG_DEBUG, "DPP: CSR is not valid"); + auth->force_conf_resp_status = DPP_STATUS_CSR_BAD; + goto cont; + } - token = json_get_member(root, "typ"); - if (!token || token->type != JSON_STRING) { - wpa_printf(MSG_DEBUG, "DPP: No typ string value found"); - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: JWS Protected Header typ=%s", - token->string); - if (os_strcmp(token->string, "dppCon") != 0) { - wpa_printf(MSG_DEBUG, - "DPP: Unsupported JWS Protected Header typ=%s", - token->string); - goto fail; - } + if (auth->peer_bi) { + id = auth->peer_bi->id; + } else if (auth->tmp_peer_bi) { + id = auth->tmp_peer_bi->id; + } else { + struct dpp_bootstrap_info *bi; + + bi = os_zalloc(sizeof(*bi)); + if (!bi) + goto fail; + bi->id = dpp_next_id(auth->global); + dl_list_add(&auth->global->bootstrap, &bi->list); + auth->tmp_peer_bi = bi; + id = bi->id; + } - token = json_get_member(root, "alg"); - if (!token || token->type != JSON_STRING) { - wpa_printf(MSG_DEBUG, "DPP: No alg string value found"); - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: JWS Protected Header alg=%s", - token->string); - if (os_strcmp(token->string, curve->jws_alg) != 0) { - wpa_printf(MSG_DEBUG, - "DPP: Unexpected JWS Protected Header alg=%s (expected %s based on C-sign-key)", - token->string, curve->jws_alg); - goto fail; - } - if (os_strcmp(token->string, "ES256") == 0 || - os_strcmp(token->string, "BS256") == 0) - *ret_md = EVP_sha256(); - else if (os_strcmp(token->string, "ES384") == 0 || - os_strcmp(token->string, "BS384") == 0) - *ret_md = EVP_sha384(); - else if (os_strcmp(token->string, "ES512") == 0 || - os_strcmp(token->string, "BS512") == 0) - *ret_md = EVP_sha512(); - else - *ret_md = NULL; - if (!*ret_md) { - wpa_printf(MSG_DEBUG, - "DPP: Unsupported JWS Protected Header alg=%s", - token->string); - goto fail; - } + wpa_printf(MSG_DEBUG, "DPP: CSR is valid - forward to CA/RA"); + txt = base64_encode_no_lf(wpabuf_head(cert_req), + wpabuf_len(cert_req), NULL); + if (!txt) + goto fail; - kid = json_get_member_base64url(root, "kid"); - if (!kid) { - wpa_printf(MSG_DEBUG, "DPP: No kid string value found"); + wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_CSR "peer=%d csr=%s", + id, txt); + os_free(txt); + auth->waiting_csr = false; + auth->waiting_cert = true; goto fail; } - wpa_hexdump_buf(MSG_DEBUG, "DPP: JWS Protected Header kid (decoded)", - kid); +cont: +#endif /* CONFIG_DPP2 */ + + resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, netrole, + cert_req); fail: + wpabuf_free(cert_req); json_free(root); - return kid; + os_free(unwrapped); + return resp; } -static int dpp_parse_cred_legacy(struct dpp_authentication *auth, +static int dpp_parse_cred_legacy(struct dpp_config_obj *conf, struct json_token *cred) { struct json_token *pass, *psk_hex; @@ -5194,28 +2130,28 @@ static int dpp_parse_cred_legacy(struct dpp_authentication *auth, pass->string, len); if (len < 8 || len > 63) return -1; - os_strlcpy(auth->passphrase, pass->string, - sizeof(auth->passphrase)); + os_strlcpy(conf->passphrase, pass->string, + sizeof(conf->passphrase)); } else if (psk_hex && psk_hex->type == JSON_STRING) { - if (dpp_akm_sae(auth->akm) && !dpp_akm_psk(auth->akm)) { + if (dpp_akm_sae(conf->akm) && !dpp_akm_psk(conf->akm)) { wpa_printf(MSG_DEBUG, "DPP: Unexpected psk_hex with akm=sae"); return -1; } if (os_strlen(psk_hex->string) != PMK_LEN * 2 || - hexstr2bin(psk_hex->string, auth->psk, PMK_LEN) < 0) { + hexstr2bin(psk_hex->string, conf->psk, PMK_LEN) < 0) { wpa_printf(MSG_DEBUG, "DPP: Invalid psk_hex encoding"); return -1; } wpa_hexdump_key(MSG_DEBUG, "DPP: Legacy PSK", - auth->psk, PMK_LEN); - auth->psk_set = 1; + conf->psk, PMK_LEN); + conf->psk_set = 1; } else { wpa_printf(MSG_DEBUG, "DPP: No pass or psk_hex strings found"); return -1; } - if (dpp_akm_sae(auth->akm) && !auth->passphrase[0]) { + if (dpp_akm_sae(conf->akm) && !conf->passphrase[0]) { wpa_printf(MSG_DEBUG, "DPP: No pass for sae found"); return -1; } @@ -5224,8 +2160,8 @@ static int dpp_parse_cred_legacy(struct dpp_authentication *auth, } -static EVP_PKEY * dpp_parse_jwk(struct json_token *jwk, - const struct dpp_curve_params **key_curve) +EVP_PKEY * dpp_parse_jwk(struct json_token *jwk, + const struct dpp_curve_params **key_curve) { struct json_token *token; const struct dpp_curve_params *curve; @@ -5383,6 +2319,7 @@ int dpp_key_expired(const char *timestamp, os_time_t *expiry) static int dpp_parse_connector(struct dpp_authentication *auth, + struct dpp_config_obj *conf, const unsigned char *payload, u16 payload_len) { @@ -5478,59 +2415,49 @@ fail: } -static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash) +static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign) { - struct wpabuf *uncomp; - int res; - u8 hash[SHA256_MAC_LEN]; - const u8 *addr[1]; - size_t len[1]; + unsigned char *der = NULL; + int der_len; - if (wpabuf_len(r_hash) != SHA256_MAC_LEN) - return -1; - uncomp = dpp_get_pubkey_point(pub, 1); - if (!uncomp) - return -1; - addr[0] = wpabuf_head(uncomp); - len[0] = wpabuf_len(uncomp); - wpa_hexdump(MSG_DEBUG, "DPP: Uncompressed public key", - addr[0], len[0]); - res = sha256_vector(1, addr, len, hash); - wpabuf_free(uncomp); - if (res < 0) - return -1; - if (os_memcmp(hash, wpabuf_head(r_hash), SHA256_MAC_LEN) != 0) { - wpa_printf(MSG_DEBUG, - "DPP: Received hash value does not match calculated public key hash value"); - wpa_hexdump(MSG_DEBUG, "DPP: Calculated hash", - hash, SHA256_MAC_LEN); - return -1; - } - return 0; + der_len = i2d_PUBKEY(csign, &der); + if (der_len <= 0) + return; + wpabuf_free(conf->c_sign_key); + conf->c_sign_key = wpabuf_alloc_copy(der, der_len); + OPENSSL_free(der); } -static void dpp_copy_csign(struct dpp_authentication *auth, EVP_PKEY *csign) +static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey) { unsigned char *der = NULL; int der_len; - der_len = i2d_PUBKEY(csign, &der); + der_len = i2d_PUBKEY(ppkey, &der); if (der_len <= 0) return; - wpabuf_free(auth->c_sign_key); - auth->c_sign_key = wpabuf_alloc_copy(der, der_len); + wpabuf_free(conf->pp_key); + conf->pp_key = wpabuf_alloc_copy(der, der_len); OPENSSL_free(der); } -static void dpp_copy_netaccesskey(struct dpp_authentication *auth) +static void dpp_copy_netaccesskey(struct dpp_authentication *auth, + struct dpp_config_obj *conf) { unsigned char *der = NULL; int der_len; EC_KEY *eckey; + EVP_PKEY *own_key; - eckey = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key); + own_key = auth->own_protocol_key; +#ifdef CONFIG_DPP2 + if (auth->reconfig_connector_key == DPP_CONFIG_REUSEKEY && + auth->reconfig_old_protocol_key) + own_key = auth->reconfig_old_protocol_key; +#endif /* CONFIG_DPP2 */ + eckey = EVP_PKEY_get1_EC_KEY(own_key); if (!eckey) return; @@ -5546,193 +2473,23 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth) } -struct dpp_signed_connector_info { - unsigned char *payload; - size_t payload_len; -}; - -static enum dpp_status_error -dpp_process_signed_connector(struct dpp_signed_connector_info *info, - EVP_PKEY *csign_pub, const char *connector) -{ - enum dpp_status_error ret = 255; - const char *pos, *end, *signed_start, *signed_end; - struct wpabuf *kid = NULL; - unsigned char *prot_hdr = NULL, *signature = NULL; - size_t prot_hdr_len = 0, signature_len = 0; - const EVP_MD *sign_md = NULL; - unsigned char *der = NULL; - int der_len; - int res; - EVP_MD_CTX *md_ctx = NULL; - ECDSA_SIG *sig = NULL; - BIGNUM *r = NULL, *s = NULL; - const struct dpp_curve_params *curve; - EC_KEY *eckey; - const EC_GROUP *group; - int nid; - - eckey = EVP_PKEY_get1_EC_KEY(csign_pub); - if (!eckey) - goto fail; - group = EC_KEY_get0_group(eckey); - if (!group) - goto fail; - nid = EC_GROUP_get_curve_name(group); - curve = dpp_get_curve_nid(nid); - if (!curve) - goto fail; - wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv); - os_memset(info, 0, sizeof(*info)); - - signed_start = pos = connector; - end = os_strchr(pos, '.'); - if (!end) { - wpa_printf(MSG_DEBUG, "DPP: Missing dot(1) in signedConnector"); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - prot_hdr = base64_url_decode((const unsigned char *) pos, - end - pos, &prot_hdr_len); - if (!prot_hdr) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to base64url decode signedConnector JWS Protected Header"); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - wpa_hexdump_ascii(MSG_DEBUG, - "DPP: signedConnector - JWS Protected Header", - prot_hdr, prot_hdr_len); - kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len, &sign_md); - if (!kid) { - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - if (wpabuf_len(kid) != SHA256_MAC_LEN) { - wpa_printf(MSG_DEBUG, - "DPP: Unexpected signedConnector JWS Protected Header kid length: %u (expected %u)", - (unsigned int) wpabuf_len(kid), SHA256_MAC_LEN); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - - pos = end + 1; - end = os_strchr(pos, '.'); - if (!end) { - wpa_printf(MSG_DEBUG, - "DPP: Missing dot(2) in signedConnector"); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - signed_end = end - 1; - info->payload = base64_url_decode((const unsigned char *) pos, - end - pos, &info->payload_len); - if (!info->payload) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to base64url decode signedConnector JWS Payload"); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - wpa_hexdump_ascii(MSG_DEBUG, - "DPP: signedConnector - JWS Payload", - info->payload, info->payload_len); - pos = end + 1; - signature = base64_url_decode((const unsigned char *) pos, - os_strlen(pos), &signature_len); - if (!signature) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to base64url decode signedConnector signature"); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: signedConnector - signature", - signature, signature_len); - - if (dpp_check_pubkey_match(csign_pub, kid) < 0) { - ret = DPP_STATUS_NO_MATCH; - goto fail; - } - - if (signature_len & 0x01) { - wpa_printf(MSG_DEBUG, - "DPP: Unexpected signedConnector signature length (%d)", - (int) signature_len); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - - /* JWS Signature encodes the signature (r,s) as two octet strings. Need - * to convert that to DER encoded ECDSA_SIG for OpenSSL EVP routines. */ - r = BN_bin2bn(signature, signature_len / 2, NULL); - s = BN_bin2bn(signature + signature_len / 2, signature_len / 2, NULL); - sig = ECDSA_SIG_new(); - if (!r || !s || !sig || ECDSA_SIG_set0(sig, r, s) != 1) - goto fail; - r = NULL; - s = NULL; - - der_len = i2d_ECDSA_SIG(sig, &der); - if (der_len <= 0) { - wpa_printf(MSG_DEBUG, "DPP: Could not DER encode signature"); - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: DER encoded signature", der, der_len); - md_ctx = EVP_MD_CTX_create(); - if (!md_ctx) - goto fail; - - ERR_clear_error(); - if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - if (EVP_DigestVerifyUpdate(md_ctx, signed_start, - signed_end - signed_start + 1) != 1) { - wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyUpdate failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - res = EVP_DigestVerifyFinal(md_ctx, der, der_len); - if (res != 1) { - wpa_printf(MSG_DEBUG, - "DPP: EVP_DigestVerifyFinal failed (res=%d): %s", - res, ERR_error_string(ERR_get_error(), NULL)); - ret = DPP_STATUS_INVALID_CONNECTOR; - goto fail; - } - - ret = DPP_STATUS_OK; -fail: - EC_KEY_free(eckey); - EVP_MD_CTX_destroy(md_ctx); - os_free(prot_hdr); - wpabuf_free(kid); - os_free(signature); - ECDSA_SIG_free(sig); - BN_free(r); - BN_free(s); - OPENSSL_free(der); - return ret; -} - - static int dpp_parse_cred_dpp(struct dpp_authentication *auth, + struct dpp_config_obj *conf, struct json_token *cred) { struct dpp_signed_connector_info info; - struct json_token *token, *csign; + struct json_token *token, *csign, *ppkey; int ret = -1; - EVP_PKEY *csign_pub = NULL; - const struct dpp_curve_params *key_curve = NULL; + EVP_PKEY *csign_pub = NULL, *pp_pub = NULL; + const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL; const char *signed_connector; os_memset(&info, 0, sizeof(info)); - if (dpp_akm_psk(auth->akm) || dpp_akm_sae(auth->akm)) { + if (dpp_akm_psk(conf->akm) || dpp_akm_sae(conf->akm)) { wpa_printf(MSG_DEBUG, "DPP: Legacy credential included in Connector credential"); - if (dpp_parse_cred_legacy(auth, cred) < 0) + if (dpp_parse_cred_legacy(conf, cred) < 0) return -1; } @@ -5751,6 +2508,21 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, } dpp_debug_print_key("DPP: Received C-sign-key", csign_pub); + ppkey = json_get_member(cred, "ppKey"); + if (ppkey && ppkey->type == JSON_OBJECT) { + pp_pub = dpp_parse_jwk(ppkey, &pp_curve); + if (!pp_pub) { + wpa_printf(MSG_DEBUG, "DPP: Failed to parse ppKey JWK"); + goto fail; + } + dpp_debug_print_key("DPP: Received ppKey", pp_pub); + if (key_curve != pp_curve) { + wpa_printf(MSG_DEBUG, + "DPP: C-sign-key and ppKey do not use the same curve"); + goto fail; + } + } + token = json_get_member(cred, "signedConnector"); if (!token || token->type != JSON_STRING) { wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found"); @@ -5771,25 +2543,82 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, signed_connector) != DPP_STATUS_OK) goto fail; - if (dpp_parse_connector(auth, info.payload, info.payload_len) < 0) { + if (dpp_parse_connector(auth, conf, + info.payload, info.payload_len) < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to parse connector"); goto fail; } - os_free(auth->connector); - auth->connector = os_strdup(signed_connector); + os_free(conf->connector); + conf->connector = os_strdup(signed_connector); - dpp_copy_csign(auth, csign_pub); - dpp_copy_netaccesskey(auth); + dpp_copy_csign(conf, csign_pub); + if (pp_pub) + dpp_copy_ppkey(conf, pp_pub); + if (dpp_akm_dpp(conf->akm) || auth->peer_version >= 2) + dpp_copy_netaccesskey(auth, conf); ret = 0; fail: EVP_PKEY_free(csign_pub); + EVP_PKEY_free(pp_pub); os_free(info.payload); return ret; } +#ifdef CONFIG_DPP2 +static int dpp_parse_cred_dot1x(struct dpp_authentication *auth, + struct dpp_config_obj *conf, + struct json_token *cred) +{ + struct json_token *ent, *name; + + ent = json_get_member(cred, "entCreds"); + if (!ent || ent->type != JSON_OBJECT) { + dpp_auth_fail(auth, "No entCreds in JSON"); + return -1; + } + + conf->certbag = json_get_member_base64(ent, "certBag"); + if (!conf->certbag) { + dpp_auth_fail(auth, "No certBag in JSON"); + return -1; + } + wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Received certBag", conf->certbag); + conf->certs = dpp_pkcs7_certs(conf->certbag); + if (!conf->certs) { + dpp_auth_fail(auth, "No certificates in certBag"); + return -1; + } + + conf->cacert = json_get_member_base64(ent, "caCert"); + if (conf->cacert) + wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Received caCert", + conf->cacert); + + name = json_get_member(ent, "trustedEapServerName"); + if (name && + (name->type != JSON_STRING || + has_ctrl_char((const u8 *) name->string, + os_strlen(name->string)))) { + dpp_auth_fail(auth, + "Invalid trustedEapServerName type in JSON"); + return -1; + } + if (name && name->string) { + wpa_printf(MSG_DEBUG, "DPP: Received trustedEapServerName: %s", + name->string); + conf->server_name = os_strdup(name->string); + if (!conf->server_name) + return -1; + } + + return 0; +} +#endif /* CONFIG_DPP2 */ + + const char * dpp_akm_str(enum dpp_akm akm) { switch (akm) { @@ -5805,6 +2634,31 @@ const char * dpp_akm_str(enum dpp_akm akm) return "dpp+sae"; case DPP_AKM_PSK_SAE_DPP: return "dpp+psk+sae"; + case DPP_AKM_DOT1X: + return "dot1x"; + default: + return "??"; + } +} + + +const char * dpp_akm_selector_str(enum dpp_akm akm) +{ + switch (akm) { + case DPP_AKM_DPP: + return "506F9A02"; + case DPP_AKM_PSK: + return "000FAC02+000FAC06"; + case DPP_AKM_SAE: + return "000FAC08"; + case DPP_AKM_PSK_SAE: + return "000FAC02+000FAC06+000FAC08"; + case DPP_AKM_SAE_DPP: + return "506F9A02+000FAC08"; + case DPP_AKM_PSK_SAE_DPP: + return "506F9A02+000FAC08+000FAC02+000FAC06"; + case DPP_AKM_DOT1X: + return "000FAC01+000FAC05"; default: return "??"; } @@ -5813,6 +2667,9 @@ const char * dpp_akm_str(enum dpp_akm akm) static enum dpp_akm dpp_akm_from_str(const char *akm) { + const char *pos; + int dpp = 0, psk = 0, sae = 0, dot1x = 0; + if (os_strcmp(akm, "psk") == 0) return DPP_AKM_PSK; if (os_strcmp(akm, "sae") == 0) @@ -5825,6 +2682,46 @@ static enum dpp_akm dpp_akm_from_str(const char *akm) return DPP_AKM_SAE_DPP; if (os_strcmp(akm, "dpp+psk+sae") == 0) return DPP_AKM_PSK_SAE_DPP; + if (os_strcmp(akm, "dot1x") == 0) + return DPP_AKM_DOT1X; + + pos = akm; + while (*pos) { + if (os_strlen(pos) < 8) + break; + if (os_strncasecmp(pos, "506F9A02", 8) == 0) + dpp = 1; + else if (os_strncasecmp(pos, "000FAC02", 8) == 0) + psk = 1; + else if (os_strncasecmp(pos, "000FAC06", 8) == 0) + psk = 1; + else if (os_strncasecmp(pos, "000FAC08", 8) == 0) + sae = 1; + else if (os_strncasecmp(pos, "000FAC01", 8) == 0) + dot1x = 1; + else if (os_strncasecmp(pos, "000FAC05", 8) == 0) + dot1x = 1; + pos += 8; + if (*pos != '+') + break; + pos++; + } + + if (dpp && psk && sae) + return DPP_AKM_PSK_SAE_DPP; + if (dpp && sae) + return DPP_AKM_SAE_DPP; + if (dpp) + return DPP_AKM_DPP; + if (psk && sae) + return DPP_AKM_PSK_SAE; + if (sae) + return DPP_AKM_SAE; + if (psk) + return DPP_AKM_PSK; + if (dot1x) + return DPP_AKM_DOT1X; + return DPP_AKM_UNKNOWN; } @@ -5834,6 +2731,9 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth, { int ret = -1; struct json_token *root, *token, *discovery, *cred; + struct dpp_config_obj *conf; + struct wpabuf *ssid64 = NULL; + int legacy; root = json_parse((const char *) conf_obj, conf_obj_len); if (!root) @@ -5861,19 +2761,52 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth, goto fail; } - token = json_get_member(discovery, "ssid"); - if (!token || token->type != JSON_STRING) { - dpp_auth_fail(auth, "No discovery::ssid string value found"); - goto fail; + ssid64 = json_get_member_base64url(discovery, "ssid64"); + if (ssid64) { + wpa_hexdump_ascii(MSG_DEBUG, "DPP: discovery::ssid64", + wpabuf_head(ssid64), wpabuf_len(ssid64)); + if (wpabuf_len(ssid64) > SSID_MAX_LEN) { + dpp_auth_fail(auth, "Too long discovery::ssid64 value"); + goto fail; + } + } else { + token = json_get_member(discovery, "ssid"); + if (!token || token->type != JSON_STRING) { + dpp_auth_fail(auth, + "No discovery::ssid string value found"); + goto fail; + } + wpa_hexdump_ascii(MSG_DEBUG, "DPP: discovery::ssid", + token->string, os_strlen(token->string)); + if (os_strlen(token->string) > SSID_MAX_LEN) { + dpp_auth_fail(auth, + "Too long discovery::ssid string value"); + goto fail; + } } - wpa_hexdump_ascii(MSG_DEBUG, "DPP: discovery::ssid", - token->string, os_strlen(token->string)); - if (os_strlen(token->string) > SSID_MAX_LEN) { - dpp_auth_fail(auth, "Too long discovery::ssid string value"); + + if (auth->num_conf_obj == DPP_MAX_CONF_OBJ) { + wpa_printf(MSG_DEBUG, + "DPP: No room for this many Config Objects - ignore this one"); + ret = 0; goto fail; } - auth->ssid_len = os_strlen(token->string); - os_memcpy(auth->ssid, token->string, auth->ssid_len); + conf = &auth->conf_obj[auth->num_conf_obj++]; + + if (ssid64) { + conf->ssid_len = wpabuf_len(ssid64); + os_memcpy(conf->ssid, wpabuf_head(ssid64), conf->ssid_len); + } else { + conf->ssid_len = os_strlen(token->string); + os_memcpy(conf->ssid, token->string, conf->ssid_len); + } + + token = json_get_member(discovery, "ssid_charset"); + if (token && token->type == JSON_NUMBER) { + conf->ssid_charset = token->number; + wpa_printf(MSG_DEBUG, "DPP: ssid_charset=%d", + conf->ssid_charset); + } cred = json_get_member(root, "cred"); if (!cred || cred->type != JSON_OBJECT) { @@ -5886,14 +2819,31 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth, dpp_auth_fail(auth, "No cred::akm string value found"); goto fail; } - auth->akm = dpp_akm_from_str(token->string); + conf->akm = dpp_akm_from_str(token->string); - if (dpp_akm_legacy(auth->akm)) { - if (dpp_parse_cred_legacy(auth, cred) < 0) + legacy = dpp_akm_legacy(conf->akm); + if (legacy && auth->peer_version >= 2) { + struct json_token *csign, *s_conn; + + csign = json_get_member(cred, "csign"); + s_conn = json_get_member(cred, "signedConnector"); + if (csign && csign->type == JSON_OBJECT && + s_conn && s_conn->type == JSON_STRING) + legacy = 0; + } + if (legacy) { + if (dpp_parse_cred_legacy(conf, cred) < 0) goto fail; - } else if (dpp_akm_dpp(auth->akm)) { - if (dpp_parse_cred_dpp(auth, cred) < 0) + } else if (dpp_akm_dpp(conf->akm) || + (auth->peer_version >= 2 && dpp_akm_legacy(conf->akm))) { + if (dpp_parse_cred_dpp(auth, conf, cred) < 0) goto fail; +#ifdef CONFIG_DPP2 + } else if (conf->akm == DPP_AKM_DOT1X) { + if (dpp_parse_cred_dot1x(auth, conf, cred) < 0 || + dpp_parse_cred_dpp(auth, conf, cred) < 0) + goto fail; +#endif /* CONFIG_DPP2 */ } else { wpa_printf(MSG_DEBUG, "DPP: Unsupported akm: %s", token->string); @@ -5904,16 +2854,33 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth, wpa_printf(MSG_DEBUG, "DPP: JSON parsing completed successfully"); ret = 0; fail: + wpabuf_free(ssid64); json_free(root); return ret; } +#ifdef CONFIG_DPP2 +static u8 * dpp_get_csr_attrs(const u8 *attrs, size_t attrs_len, size_t *len) +{ + const u8 *b64; + u16 b64_len; + + b64 = dpp_get_attr(attrs, attrs_len, DPP_ATTR_CSR_ATTR_REQ, &b64_len); + if (!b64) + return NULL; + return base64_decode((const char *) b64, b64_len, len); +} +#endif /* CONFIG_DPP2 */ + + int dpp_conf_resp_rx(struct dpp_authentication *auth, const struct wpabuf *resp) { const u8 *wrapped_data, *e_nonce, *status, *conf_obj; u16 wrapped_data_len, e_nonce_len, status_len, conf_obj_len; + const u8 *env_data; + u16 env_data_len; const u8 *addr[1]; size_t len[1]; u8 *unwrapped = NULL; @@ -5984,22 +2951,67 @@ int dpp_conf_resp_rx(struct dpp_authentication *auth, } auth->conf_resp_status = status[0]; wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]); +#ifdef CONFIG_DPP2 + if (status[0] == DPP_STATUS_CSR_NEEDED) { + u8 *csrattrs; + size_t csrattrs_len; + + wpa_printf(MSG_DEBUG, "DPP: Configurator requested CSR"); + + csrattrs = dpp_get_csr_attrs(unwrapped, unwrapped_len, + &csrattrs_len); + if (!csrattrs) { + dpp_auth_fail(auth, + "Missing or invalid CSR Attributes Request attribute"); + goto fail; + } + wpa_hexdump(MSG_DEBUG, "DPP: CsrAttrs", csrattrs, csrattrs_len); + os_free(auth->csrattrs); + auth->csrattrs = csrattrs; + auth->csrattrs_len = csrattrs_len; + ret = -2; + goto fail; + } +#endif /* CONFIG_DPP2 */ if (status[0] != DPP_STATUS_OK) { dpp_auth_fail(auth, "Configurator rejected configuration"); goto fail; } - conf_obj = dpp_get_attr(unwrapped, unwrapped_len, - DPP_ATTR_CONFIG_OBJ, &conf_obj_len); - if (!conf_obj) { + env_data = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_ENVELOPED_DATA, &env_data_len); +#ifdef CONFIG_DPP2 + if (env_data && + dpp_conf_resp_env_data(auth, env_data, env_data_len) < 0) + goto fail; +#endif /* CONFIG_DPP2 */ + + conf_obj = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_CONFIG_OBJ, + &conf_obj_len); + if (!conf_obj && !env_data) { dpp_auth_fail(auth, "Missing required Configuration Object attribute"); goto fail; } - wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON", - conf_obj, conf_obj_len); - if (dpp_parse_conf_obj(auth, conf_obj, conf_obj_len) < 0) - goto fail; + while (conf_obj) { + wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON", + conf_obj, conf_obj_len); + if (dpp_parse_conf_obj(auth, conf_obj, conf_obj_len) < 0) + goto fail; + conf_obj = dpp_get_attr_next(conf_obj, unwrapped, unwrapped_len, + DPP_ATTR_CONFIG_OBJ, + &conf_obj_len); + } + +#ifdef CONFIG_DPP2 + status = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_SEND_CONN_STATUS, &status_len); + if (status) { + wpa_printf(MSG_DEBUG, + "DPP: Configurator requested connection status result"); + auth->conn_status_requested = 1; + } +#endif /* CONFIG_DPP2 */ ret = 0; @@ -6010,6 +3022,7 @@ fail: #ifdef CONFIG_DPP2 + enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len) @@ -6090,7 +3103,6 @@ fail: bin_clear_free(unwrapped, unwrapped_len); return ret; } -#endif /* CONFIG_DPP2 */ struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, @@ -6108,7 +3120,7 @@ struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth, clear = wpabuf_alloc(clear_len); msg = dpp_alloc_msg(DPP_PA_CONFIGURATION_RESULT, attr_len); if (!clear || !msg) - return NULL; + goto fail; /* DPP Status */ dpp_build_attr_status(clear, status); @@ -6149,12 +3161,244 @@ fail: } +static int valid_channel_list(const char *val) +{ + while (*val) { + if (!((*val >= '0' && *val <= '9') || + *val == '/' || *val == ',')) + return 0; + val++; + } + + return 1; +} + + +enum dpp_status_error dpp_conn_status_result_rx(struct dpp_authentication *auth, + const u8 *hdr, + const u8 *attr_start, + size_t attr_len, + u8 *ssid, size_t *ssid_len, + char **channel_list) +{ + const u8 *wrapped_data, *status, *e_nonce; + u16 wrapped_data_len, status_len, e_nonce_len; + const u8 *addr[2]; + size_t len[2]; + u8 *unwrapped = NULL; + size_t unwrapped_len = 0; + enum dpp_status_error ret = 256; + struct json_token *root = NULL, *token; + struct wpabuf *ssid64; + + *ssid_len = 0; + *channel_list = NULL; + + wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, + &wrapped_data_len); + if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { + dpp_auth_fail(auth, + "Missing or invalid required Wrapped Data attribute"); + goto fail; + } + wpa_hexdump(MSG_DEBUG, "DPP: Wrapped data", + wrapped_data, wrapped_data_len); + + attr_len = wrapped_data - 4 - attr_start; + + addr[0] = hdr; + len[0] = DPP_HDR_LEN; + addr[1] = attr_start; + len[1] = attr_len; + wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); + wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); + wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", + wrapped_data, wrapped_data_len); + unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; + unwrapped = os_malloc(unwrapped_len); + if (!unwrapped) + goto fail; + if (aes_siv_decrypt(auth->ke, auth->curve->hash_len, + wrapped_data, wrapped_data_len, + 2, addr, len, unwrapped) < 0) { + dpp_auth_fail(auth, "AES-SIV decryption failed"); + goto fail; + } + wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", + unwrapped, unwrapped_len); + + if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { + dpp_auth_fail(auth, "Invalid attribute in unwrapped data"); + goto fail; + } + + e_nonce = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_ENROLLEE_NONCE, + &e_nonce_len); + if (!e_nonce || e_nonce_len != auth->curve->nonce_len) { + dpp_auth_fail(auth, + "Missing or invalid Enrollee Nonce attribute"); + goto fail; + } + wpa_hexdump(MSG_DEBUG, "DPP: Enrollee Nonce", e_nonce, e_nonce_len); + if (os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) { + dpp_auth_fail(auth, "Enrollee Nonce mismatch"); + wpa_hexdump(MSG_DEBUG, "DPP: Expected Enrollee Nonce", + auth->e_nonce, e_nonce_len); + goto fail; + } + + status = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_CONN_STATUS, + &status_len); + if (!status) { + dpp_auth_fail(auth, + "Missing required DPP Connection Status attribute"); + goto fail; + } + wpa_hexdump_ascii(MSG_DEBUG, "DPP: connStatus JSON", + status, status_len); + + root = json_parse((const char *) status, status_len); + if (!root) { + dpp_auth_fail(auth, "Could not parse connStatus"); + goto fail; + } + + ssid64 = json_get_member_base64url(root, "ssid64"); + if (ssid64 && wpabuf_len(ssid64) <= SSID_MAX_LEN) { + *ssid_len = wpabuf_len(ssid64); + os_memcpy(ssid, wpabuf_head(ssid64), *ssid_len); + } + wpabuf_free(ssid64); + + token = json_get_member(root, "channelList"); + if (token && token->type == JSON_STRING && + valid_channel_list(token->string)) + *channel_list = os_strdup(token->string); + + token = json_get_member(root, "result"); + if (!token || token->type != JSON_NUMBER) { + dpp_auth_fail(auth, "No connStatus - result"); + goto fail; + } + wpa_printf(MSG_DEBUG, "DPP: result %d", token->number); + ret = token->number; + +fail: + json_free(root); + bin_clear_free(unwrapped, unwrapped_len); + return ret; +} + + +struct wpabuf * dpp_build_conn_status(enum dpp_status_error result, + const u8 *ssid, size_t ssid_len, + const char *channel_list) +{ + struct wpabuf *json; + + json = wpabuf_alloc(1000); + if (!json) + return NULL; + json_start_object(json, NULL); + json_add_int(json, "result", result); + if (ssid) { + json_value_sep(json); + if (json_add_base64url(json, "ssid64", ssid, ssid_len) < 0) { + wpabuf_free(json); + return NULL; + } + } + if (channel_list) { + json_value_sep(json); + json_add_string(json, "channelList", channel_list); + } + json_end_object(json); + wpa_hexdump_ascii(MSG_DEBUG, "DPP: connStatus JSON", + wpabuf_head(json), wpabuf_len(json)); + + return json; +} + + +struct wpabuf * dpp_build_conn_status_result(struct dpp_authentication *auth, + enum dpp_status_error result, + const u8 *ssid, size_t ssid_len, + const char *channel_list) +{ + struct wpabuf *msg = NULL, *clear = NULL, *json; + size_t nonce_len, clear_len, attr_len; + const u8 *addr[2]; + size_t len[2]; + u8 *wrapped; + + json = dpp_build_conn_status(result, ssid, ssid_len, channel_list); + if (!json) + return NULL; + + nonce_len = auth->curve->nonce_len; + clear_len = 5 + 4 + nonce_len + 4 + wpabuf_len(json); + attr_len = 4 + clear_len + AES_BLOCK_SIZE; + clear = wpabuf_alloc(clear_len); + msg = dpp_alloc_msg(DPP_PA_CONNECTION_STATUS_RESULT, attr_len); + if (!clear || !msg) + goto fail; + + /* E-nonce */ + wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE); + wpabuf_put_le16(clear, nonce_len); + wpabuf_put_data(clear, auth->e_nonce, nonce_len); + + /* DPP Connection Status */ + wpabuf_put_le16(clear, DPP_ATTR_CONN_STATUS); + wpabuf_put_le16(clear, wpabuf_len(json)); + wpabuf_put_buf(clear, json); + + /* OUI, OUI type, Crypto Suite, DPP frame type */ + addr[0] = wpabuf_head_u8(msg) + 2; + len[0] = 3 + 1 + 1 + 1; + wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); + + /* Attributes before Wrapped Data (none) */ + addr[1] = wpabuf_put(msg, 0); + len[1] = 0; + wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); + + /* Wrapped Data */ + wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); + wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); + wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); + + wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear); + if (aes_siv_encrypt(auth->ke, auth->curve->hash_len, + wpabuf_head(clear), wpabuf_len(clear), + 2, addr, len, wrapped) < 0) + goto fail; + + wpa_hexdump_buf(MSG_DEBUG, "DPP: Connection Status Result attributes", + msg); + wpabuf_free(json); + wpabuf_free(clear); + return msg; +fail: + wpabuf_free(json); + wpabuf_free(clear); + wpabuf_free(msg); + return NULL; +} + +#endif /* CONFIG_DPP2 */ + + void dpp_configurator_free(struct dpp_configurator *conf) { if (!conf) return; EVP_PKEY_free(conf->csign); os_free(conf->kid); + os_free(conf->connector); + EVP_PKEY_free(conf->connector_key); + EVP_PKEY_free(conf->pp_key); os_free(conf); } @@ -6183,66 +3427,73 @@ int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, } -struct dpp_configurator * -dpp_keygen_configurator(const char *curve, const u8 *privkey, - size_t privkey_len) +static int dpp_configurator_gen_kid(struct dpp_configurator *conf) { - struct dpp_configurator *conf; struct wpabuf *csign_pub = NULL; - u8 kid_hash[SHA256_MAC_LEN]; const u8 *addr[1]; size_t len[1]; + int res; + + csign_pub = dpp_get_pubkey_point(conf->csign, 1); + if (!csign_pub) { + wpa_printf(MSG_INFO, "DPP: Failed to extract C-sign-key"); + return -1; + } + + /* kid = SHA256(ANSI X9.63 uncompressed C-sign-key) */ + addr[0] = wpabuf_head(csign_pub); + len[0] = wpabuf_len(csign_pub); + res = sha256_vector(1, addr, len, conf->kid_hash); + wpabuf_free(csign_pub); + if (res < 0) { + wpa_printf(MSG_DEBUG, + "DPP: Failed to derive kid for C-sign-key"); + return -1; + } + + conf->kid = base64_url_encode(conf->kid_hash, sizeof(conf->kid_hash), + NULL); + return conf->kid ? 0 : -1; +} + + +static struct dpp_configurator * +dpp_keygen_configurator(const char *curve, const u8 *privkey, + size_t privkey_len, const u8 *pp_key, size_t pp_key_len) +{ + struct dpp_configurator *conf; conf = os_zalloc(sizeof(*conf)); if (!conf) return NULL; - if (!curve) { - conf->curve = &dpp_curves[0]; - } else { - conf->curve = dpp_get_curve_name(curve); - if (!conf->curve) { - wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", - curve); - os_free(conf); - return NULL; - } + conf->curve = dpp_get_curve_name(curve); + if (!conf->curve) { + wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", curve); + os_free(conf); + return NULL; } + if (privkey) conf->csign = dpp_set_keypair(&conf->curve, privkey, privkey_len); else conf->csign = dpp_gen_keypair(conf->curve); - if (!conf->csign) + if (pp_key) + conf->pp_key = dpp_set_keypair(&conf->curve, pp_key, + pp_key_len); + else + conf->pp_key = dpp_gen_keypair(conf->curve); + if (!conf->csign || !conf->pp_key) goto fail; conf->own = 1; - csign_pub = dpp_get_pubkey_point(conf->csign, 1); - if (!csign_pub) { - wpa_printf(MSG_INFO, "DPP: Failed to extract C-sign-key"); - goto fail; - } - - /* kid = SHA256(ANSI X9.63 uncompressed C-sign-key) */ - addr[0] = wpabuf_head(csign_pub); - len[0] = wpabuf_len(csign_pub); - if (sha256_vector(1, addr, len, kid_hash) < 0) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to derive kid for C-sign-key"); - goto fail; - } - - conf->kid = (char *) base64_url_encode(kid_hash, sizeof(kid_hash), - NULL, 0); - if (!conf->kid) + if (dpp_configurator_gen_kid(conf) < 0) goto fail; -out: - wpabuf_free(csign_pub); return conf; fail: dpp_configurator_free(conf); - conf = NULL; - goto out; + return NULL; } @@ -6257,16 +3508,12 @@ int dpp_configurator_own_config(struct dpp_authentication *auth, return -1; } - if (!curve) { - auth->curve = &dpp_curves[0]; - } else { - auth->curve = dpp_get_curve_name(curve); - if (!auth->curve) { - wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", - curve); - return -1; - } + auth->curve = dpp_get_curve_name(curve); + if (!auth->curve) { + wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s", curve); + return -1; } + wpa_printf(MSG_DEBUG, "DPP: Building own configuration/connector with curve %s", auth->curve->name); @@ -6274,13 +3521,16 @@ int dpp_configurator_own_config(struct dpp_authentication *auth, auth->own_protocol_key = dpp_gen_keypair(auth->curve); if (!auth->own_protocol_key) return -1; - dpp_copy_netaccesskey(auth); + dpp_copy_netaccesskey(auth, &auth->conf_obj[0]); auth->peer_protocol_key = auth->own_protocol_key; - dpp_copy_csign(auth, auth->conf->csign); + dpp_copy_csign(&auth->conf_obj[0], auth->conf->csign); - conf_obj = dpp_build_conf_obj(auth, ap); - if (!conf_obj) + conf_obj = dpp_build_conf_obj(auth, ap, 0, NULL); + if (!conf_obj) { + wpabuf_free(auth->conf_obj[0].c_sign_key); + auth->conf_obj[0].c_sign_key = NULL; goto fail; + } ret = dpp_parse_conf_obj(auth, wpabuf_head(conf_obj), wpabuf_len(conf_obj)); fail: @@ -6299,7 +3549,8 @@ static int dpp_compatible_netrole(const char *role1, const char *role2) static int dpp_connector_compatible_group(struct json_token *root, const char *group_id, - const char *net_role) + const char *net_role, + bool reconfig) { struct json_token *groups, *token; @@ -6323,7 +3574,9 @@ static int dpp_connector_compatible_group(struct json_token *root, os_strcmp(id->string, group_id) != 0) continue; - if (dpp_compatible_netrole(role->string, net_role)) + if (reconfig && os_strcmp(net_role, "configurator") == 0) + return 1; + if (!reconfig && dpp_compatible_netrole(role->string, net_role)) return 1; } @@ -6331,8 +3584,8 @@ static int dpp_connector_compatible_group(struct json_token *root, } -static int dpp_connector_match_groups(struct json_token *own_root, - struct json_token *peer_root) +int dpp_connector_match_groups(struct json_token *own_root, + struct json_token *peer_root, bool reconfig) { struct json_token *groups, *token; @@ -6362,7 +3615,7 @@ static int dpp_connector_match_groups(struct json_token *own_root, "DPP: peer connector group: groupId='%s' netRole='%s'", id->string, role->string); if (dpp_connector_compatible_group(own_root, id->string, - role->string)) { + role->string, reconfig)) { wpa_printf(MSG_DEBUG, "DPP: Compatible group/netRole in own connector"); return 1; @@ -6373,71 +3626,37 @@ static int dpp_connector_match_groups(struct json_token *own_root, } -static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, - unsigned int hash_len) +struct json_token * dpp_parse_own_connector(const char *own_connector) { - u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN]; - const char *info = "DPP PMK"; - int res; - - /* PMK = HKDF(<>, "DPP PMK", N.x) */ - - /* HKDF-Extract(<>, N.x) */ - os_memset(salt, 0, hash_len); - if (dpp_hmac(hash_len, salt, hash_len, Nx, Nx_len, prk) < 0) - return -1; - wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=N.x)", - prk, hash_len); - - /* HKDF-Expand(PRK, info, L) */ - res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len); - os_memset(prk, 0, hash_len); - if (res < 0) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "DPP: PMK = HKDF-Expand(PRK, info, L)", - pmk, hash_len); - return 0; -} + unsigned char *own_conn; + size_t own_conn_len; + const char *pos, *end; + struct json_token *own_root; + pos = os_strchr(own_connector, '.'); + if (!pos) { + wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the first dot (.)"); + return NULL; + } + pos++; + end = os_strchr(pos, '.'); + if (!end) { + wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the second dot (.)"); + return NULL; + } + own_conn = base64_url_decode(pos, end - pos, &own_conn_len); + if (!own_conn) { + wpa_printf(MSG_DEBUG, + "DPP: Failed to base64url decode own signedConnector JWS Payload"); + return NULL; + } -static int dpp_derive_pmkid(const struct dpp_curve_params *curve, - EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid) -{ - struct wpabuf *nkx, *pkx; - int ret = -1, res; - const u8 *addr[2]; - size_t len[2]; - u8 hash[SHA256_MAC_LEN]; + own_root = json_parse((const char *) own_conn, own_conn_len); + os_free(own_conn); + if (!own_root) + wpa_printf(MSG_DEBUG, "DPP: Failed to parse local connector"); - /* PMKID = Truncate-128(H(min(NK.x, PK.x) | max(NK.x, PK.x))) */ - nkx = dpp_get_pubkey_point(own_key, 0); - pkx = dpp_get_pubkey_point(peer_key, 0); - if (!nkx || !pkx) - goto fail; - addr[0] = wpabuf_head(nkx); - len[0] = wpabuf_len(nkx) / 2; - addr[1] = wpabuf_head(pkx); - len[1] = wpabuf_len(pkx) / 2; - if (len[0] != len[1]) - goto fail; - if (os_memcmp(addr[0], addr[1], len[0]) > 0) { - addr[0] = wpabuf_head(pkx); - addr[1] = wpabuf_head(nkx); - } - wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 1", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 2", addr[1], len[1]); - res = sha256_vector(2, addr, len, hash); - if (res < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash output", hash, SHA256_MAC_LEN); - os_memcpy(pmkid, hash, PMKID_LEN); - wpa_hexdump(MSG_DEBUG, "DPP: PMKID", pmkid, PMKID_LEN); - ret = 0; -fail: - wpabuf_free(nkx); - wpabuf_free(pkx); - return ret; + return own_root; } @@ -6455,12 +3674,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, struct wpabuf *own_key_pub = NULL; const struct dpp_curve_params *curve, *own_curve; struct dpp_signed_connector_info info; - const unsigned char *p; - EVP_PKEY *csign = NULL; - char *signed_connector = NULL; - const char *pos, *end; - unsigned char *own_conn = NULL; - size_t own_conn_len; size_t Nx_len; u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; @@ -6469,14 +3682,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, if (expiry) *expiry = 0; - p = csign_key; - csign = d2i_PUBKEY(NULL, &p, csign_key_len); - if (!csign) { - wpa_printf(MSG_ERROR, - "DPP: Failed to parse local C-sign-key information"); - goto fail; - } - own_key = dpp_set_keypair(&own_curve, net_access_key, net_access_key_len); if (!own_key) { @@ -6484,40 +3689,12 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, goto fail; } - pos = os_strchr(own_connector, '.'); - if (!pos) { - wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the first dot (.)"); - goto fail; - } - pos++; - end = os_strchr(pos, '.'); - if (!end) { - wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the second dot (.)"); - goto fail; - } - own_conn = base64_url_decode((const unsigned char *) pos, - end - pos, &own_conn_len); - if (!own_conn) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to base64url decode own signedConnector JWS Payload"); - goto fail; - } - - own_root = json_parse((const char *) own_conn, own_conn_len); - if (!own_root) { - wpa_printf(MSG_DEBUG, "DPP: Failed to parse local connector"); + own_root = dpp_parse_own_connector(own_connector); + if (!own_root) goto fail; - } - wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector", - peer_connector, peer_connector_len); - signed_connector = os_malloc(peer_connector_len + 1); - if (!signed_connector) - goto fail; - os_memcpy(signed_connector, peer_connector, peer_connector_len); - signed_connector[peer_connector_len] = '\0'; - - res = dpp_process_signed_connector(&info, csign, signed_connector); + res = dpp_check_signed_connector(&info, csign_key, csign_key_len, + peer_connector, peer_connector_len); if (res != DPP_STATUS_OK) { ret = res; goto fail; @@ -6530,7 +3707,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, goto fail; } - if (!dpp_connector_match_groups(own_root, root)) { + if (!dpp_connector_match_groups(own_root, root, false)) { wpa_printf(MSG_DEBUG, "DPP: Peer connector does not include compatible group netrole with own connector"); ret = DPP_STATUS_NO_MATCH; @@ -6598,1753 +3775,17 @@ fail: if (ret != DPP_STATUS_OK) os_memset(intro, 0, sizeof(*intro)); os_memset(Nx, 0, sizeof(Nx)); - os_free(own_conn); - os_free(signed_connector); os_free(info.payload); EVP_PKEY_free(own_key); wpabuf_free(own_key_pub); EVP_PKEY_free(peer_key); - EVP_PKEY_free(csign); json_free(root); json_free(own_root); return ret; } -static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve, - int init) -{ - EC_GROUP *group; - size_t len = curve->prime_len; - const u8 *x, *y; - EVP_PKEY *res; - - switch (curve->ike_group) { - case 19: - x = init ? pkex_init_x_p256 : pkex_resp_x_p256; - y = init ? pkex_init_y_p256 : pkex_resp_y_p256; - break; - case 20: - x = init ? pkex_init_x_p384 : pkex_resp_x_p384; - y = init ? pkex_init_y_p384 : pkex_resp_y_p384; - break; - case 21: - x = init ? pkex_init_x_p521 : pkex_resp_x_p521; - y = init ? pkex_init_y_p521 : pkex_resp_y_p521; - break; - case 28: - x = init ? pkex_init_x_bp_p256r1 : pkex_resp_x_bp_p256r1; - y = init ? pkex_init_y_bp_p256r1 : pkex_resp_y_bp_p256r1; - break; - case 29: - x = init ? pkex_init_x_bp_p384r1 : pkex_resp_x_bp_p384r1; - y = init ? pkex_init_y_bp_p384r1 : pkex_resp_y_bp_p384r1; - break; - case 30: - x = init ? pkex_init_x_bp_p512r1 : pkex_resp_x_bp_p512r1; - y = init ? pkex_init_y_bp_p512r1 : pkex_resp_y_bp_p512r1; - break; - default: - return NULL; - } - - group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name)); - if (!group) - return NULL; - res = dpp_set_pubkey_point_group(group, x, y, len); - EC_GROUP_free(group); - return res; -} - - -static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, - const u8 *mac_init, const char *code, - const char *identifier, BN_CTX *bnctx, - EC_GROUP **ret_group) -{ - u8 hash[DPP_MAX_HASH_LEN]; - const u8 *addr[3]; - size_t len[3]; - unsigned int num_elem = 0; - EC_POINT *Qi = NULL; - EVP_PKEY *Pi = NULL; - EC_KEY *Pi_ec = NULL; - const EC_POINT *Pi_point; - BIGNUM *hash_bn = NULL; - const EC_GROUP *group = NULL; - EC_GROUP *group2 = NULL; - - /* Qi = H(MAC-Initiator | [identifier |] code) * Pi */ - - wpa_printf(MSG_DEBUG, "DPP: MAC-Initiator: " MACSTR, MAC2STR(mac_init)); - addr[num_elem] = mac_init; - len[num_elem] = ETH_ALEN; - num_elem++; - if (identifier) { - wpa_printf(MSG_DEBUG, "DPP: code identifier: %s", - identifier); - addr[num_elem] = (const u8 *) identifier; - len[num_elem] = os_strlen(identifier); - num_elem++; - } - wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: code", code, os_strlen(code)); - addr[num_elem] = (const u8 *) code; - len[num_elem] = os_strlen(code); - num_elem++; - if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0) - goto fail; - wpa_hexdump_key(MSG_DEBUG, - "DPP: H(MAC-Initiator | [identifier |] code)", - hash, curve->hash_len); - Pi = dpp_pkex_get_role_elem(curve, 1); - if (!Pi) - goto fail; - dpp_debug_print_key("DPP: Pi", Pi); - Pi_ec = EVP_PKEY_get1_EC_KEY(Pi); - if (!Pi_ec) - goto fail; - Pi_point = EC_KEY_get0_public_key(Pi_ec); - - group = EC_KEY_get0_group(Pi_ec); - if (!group) - goto fail; - group2 = EC_GROUP_dup(group); - if (!group2) - goto fail; - Qi = EC_POINT_new(group2); - if (!Qi) { - EC_GROUP_free(group2); - goto fail; - } - hash_bn = BN_bin2bn(hash, curve->hash_len, NULL); - if (!hash_bn || - EC_POINT_mul(group2, Qi, NULL, Pi_point, hash_bn, bnctx) != 1) - goto fail; - if (EC_POINT_is_at_infinity(group, Qi)) { - wpa_printf(MSG_INFO, "DPP: Qi is the point-at-infinity"); - goto fail; - } - dpp_debug_print_point("DPP: Qi", group, Qi); -out: - EC_KEY_free(Pi_ec); - EVP_PKEY_free(Pi); - BN_clear_free(hash_bn); - if (ret_group && Qi) - *ret_group = group2; - else - EC_GROUP_free(group2); - return Qi; -fail: - EC_POINT_free(Qi); - Qi = NULL; - goto out; -} - - -static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, - const u8 *mac_resp, const char *code, - const char *identifier, BN_CTX *bnctx, - EC_GROUP **ret_group) -{ - u8 hash[DPP_MAX_HASH_LEN]; - const u8 *addr[3]; - size_t len[3]; - unsigned int num_elem = 0; - EC_POINT *Qr = NULL; - EVP_PKEY *Pr = NULL; - EC_KEY *Pr_ec = NULL; - const EC_POINT *Pr_point; - BIGNUM *hash_bn = NULL; - const EC_GROUP *group = NULL; - EC_GROUP *group2 = NULL; - - /* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */ - - wpa_printf(MSG_DEBUG, "DPP: MAC-Responder: " MACSTR, MAC2STR(mac_resp)); - addr[num_elem] = mac_resp; - len[num_elem] = ETH_ALEN; - num_elem++; - if (identifier) { - wpa_printf(MSG_DEBUG, "DPP: code identifier: %s", - identifier); - addr[num_elem] = (const u8 *) identifier; - len[num_elem] = os_strlen(identifier); - num_elem++; - } - wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: code", code, os_strlen(code)); - addr[num_elem] = (const u8 *) code; - len[num_elem] = os_strlen(code); - num_elem++; - if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0) - goto fail; - wpa_hexdump_key(MSG_DEBUG, - "DPP: H(MAC-Responder | [identifier |] code)", - hash, curve->hash_len); - Pr = dpp_pkex_get_role_elem(curve, 0); - if (!Pr) - goto fail; - dpp_debug_print_key("DPP: Pr", Pr); - Pr_ec = EVP_PKEY_get1_EC_KEY(Pr); - if (!Pr_ec) - goto fail; - Pr_point = EC_KEY_get0_public_key(Pr_ec); - - group = EC_KEY_get0_group(Pr_ec); - if (!group) - goto fail; - group2 = EC_GROUP_dup(group); - if (!group2) - goto fail; - Qr = EC_POINT_new(group2); - if (!Qr) { - EC_GROUP_free(group2); - goto fail; - } - hash_bn = BN_bin2bn(hash, curve->hash_len, NULL); - if (!hash_bn || - EC_POINT_mul(group2, Qr, NULL, Pr_point, hash_bn, bnctx) != 1) - goto fail; - if (EC_POINT_is_at_infinity(group, Qr)) { - wpa_printf(MSG_INFO, "DPP: Qr is the point-at-infinity"); - goto fail; - } - dpp_debug_print_point("DPP: Qr", group, Qr); -out: - EC_KEY_free(Pr_ec); - EVP_PKEY_free(Pr); - BN_clear_free(hash_bn); - if (ret_group && Qr) - *ret_group = group2; - else - EC_GROUP_free(group2); - return Qr; -fail: - EC_POINT_free(Qr); - Qr = NULL; - goto out; -} - - -#ifdef CONFIG_TESTING_OPTIONS -static int dpp_test_gen_invalid_key(struct wpabuf *msg, - const struct dpp_curve_params *curve) -{ - BN_CTX *ctx; - BIGNUM *x, *y; - int ret = -1; - EC_GROUP *group; - EC_POINT *point; - - group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name)); - if (!group) - return -1; - - ctx = BN_CTX_new(); - point = EC_POINT_new(group); - x = BN_new(); - y = BN_new(); - if (!ctx || !point || !x || !y) - goto fail; - - if (BN_rand(x, curve->prime_len * 8, 0, 0) != 1) - goto fail; - - /* Generate a random y coordinate that results in a point that is not - * on the curve. */ - for (;;) { - if (BN_rand(y, curve->prime_len * 8, 0, 0) != 1) - goto fail; - - if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y, - ctx) != 1) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL) - /* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL - * return an error from EC_POINT_set_affine_coordinates_GFp() - * when the point is not on the curve. */ - break; -#else /* >=1.1.0 or OPENSSL_IS_BORINGSSL */ - goto fail; -#endif /* >= 1.1.0 or OPENSSL_IS_BORINGSSL */ - } - - if (!EC_POINT_is_on_curve(group, point, ctx)) - break; - } - - if (dpp_bn2bin_pad(x, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0 || - dpp_bn2bin_pad(y, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0) - goto fail; - - ret = 0; -fail: - if (ret < 0) - wpa_printf(MSG_INFO, "DPP: Failed to generate invalid key"); - BN_free(x); - BN_free(y); - EC_POINT_free(point); - BN_CTX_free(ctx); - EC_GROUP_free(group); - - return ret; -} -#endif /* CONFIG_TESTING_OPTIONS */ - - -static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex) -{ - EC_KEY *X_ec = NULL; - const EC_POINT *X_point; - BN_CTX *bnctx = NULL; - EC_GROUP *group = NULL; - EC_POINT *Qi = NULL, *M = NULL; - struct wpabuf *M_buf = NULL; - BIGNUM *Mx = NULL, *My = NULL; - struct wpabuf *msg = NULL; - size_t attr_len; - const struct dpp_curve_params *curve = pkex->own_bi->curve; - - wpa_printf(MSG_DEBUG, "DPP: Build PKEX Exchange Request"); - - /* Qi = H(MAC-Initiator | [identifier |] code) * Pi */ - bnctx = BN_CTX_new(); - if (!bnctx) - goto fail; - Qi = dpp_pkex_derive_Qi(curve, pkex->own_mac, pkex->code, - pkex->identifier, bnctx, &group); - if (!Qi) - goto fail; - - /* Generate a random ephemeral keypair x/X */ -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_pkex_ephemeral_key_override_len) { - const struct dpp_curve_params *tmp_curve; - - wpa_printf(MSG_INFO, - "DPP: TESTING - override ephemeral key x/X"); - pkex->x = dpp_set_keypair(&tmp_curve, - dpp_pkex_ephemeral_key_override, - dpp_pkex_ephemeral_key_override_len); - } else { - pkex->x = dpp_gen_keypair(curve); - } -#else /* CONFIG_TESTING_OPTIONS */ - pkex->x = dpp_gen_keypair(curve); -#endif /* CONFIG_TESTING_OPTIONS */ - if (!pkex->x) - goto fail; - - /* M = X + Qi */ - X_ec = EVP_PKEY_get1_EC_KEY(pkex->x); - if (!X_ec) - goto fail; - X_point = EC_KEY_get0_public_key(X_ec); - if (!X_point) - goto fail; - dpp_debug_print_point("DPP: X", group, X_point); - M = EC_POINT_new(group); - Mx = BN_new(); - My = BN_new(); - if (!M || !Mx || !My || - EC_POINT_add(group, M, X_point, Qi, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, M, Mx, My, bnctx) != 1) - goto fail; - dpp_debug_print_point("DPP: M", group, M); - - /* Initiator -> Responder: group, [identifier,] M */ - attr_len = 4 + 2; - if (pkex->identifier) - attr_len += 4 + os_strlen(pkex->identifier); - attr_len += 4 + 2 * curve->prime_len; - msg = dpp_alloc_msg(DPP_PA_PKEX_EXCHANGE_REQ, attr_len); - if (!msg) - goto fail; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Finite Cyclic Group"); - goto skip_finite_cyclic_group; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Finite Cyclic Group attribute */ - wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP); - wpabuf_put_le16(msg, 2); - wpabuf_put_le16(msg, curve->ike_group); - -#ifdef CONFIG_TESTING_OPTIONS -skip_finite_cyclic_group: -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Code Identifier attribute */ - if (pkex->identifier) { - wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER); - wpabuf_put_le16(msg, os_strlen(pkex->identifier)); - wpabuf_put_str(msg, pkex->identifier); - } - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key"); - goto out; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* M in Encrypted Key attribute */ - wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY); - wpabuf_put_le16(msg, 2 * curve->prime_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Encrypted Key"); - if (dpp_test_gen_invalid_key(msg, curve) < 0) - goto fail; - goto out; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (dpp_bn2bin_pad(Mx, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0 || - dpp_bn2bin_pad(Mx, pkex->Mx, curve->prime_len) < 0 || - dpp_bn2bin_pad(My, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0) - goto fail; - -out: - wpabuf_free(M_buf); - EC_KEY_free(X_ec); - EC_POINT_free(M); - EC_POINT_free(Qi); - BN_clear_free(Mx); - BN_clear_free(My); - BN_CTX_free(bnctx); - EC_GROUP_free(group); - return msg; -fail: - wpa_printf(MSG_INFO, "DPP: Failed to build PKEX Exchange Request"); - wpabuf_free(msg); - msg = NULL; - goto out; -} - - -static void dpp_pkex_fail(struct dpp_pkex *pkex, const char *txt) -{ - wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt); -} - - -struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, - const u8 *own_mac, - const char *identifier, - const char *code) -{ - struct dpp_pkex *pkex; - -#ifdef CONFIG_TESTING_OPTIONS - if (!is_zero_ether_addr(dpp_pkex_own_mac_override)) { - wpa_printf(MSG_INFO, "DPP: TESTING - own_mac override " MACSTR, - MAC2STR(dpp_pkex_own_mac_override)); - own_mac = dpp_pkex_own_mac_override; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - pkex = os_zalloc(sizeof(*pkex)); - if (!pkex) - return NULL; - pkex->msg_ctx = msg_ctx; - pkex->initiator = 1; - pkex->own_bi = bi; - os_memcpy(pkex->own_mac, own_mac, ETH_ALEN); - if (identifier) { - pkex->identifier = os_strdup(identifier); - if (!pkex->identifier) - goto fail; - } - pkex->code = os_strdup(code); - if (!pkex->code) - goto fail; - pkex->exchange_req = dpp_pkex_build_exchange_req(pkex); - if (!pkex->exchange_req) - goto fail; - return pkex; -fail: - dpp_pkex_free(pkex); - return NULL; -} - - -static struct wpabuf * -dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex, - enum dpp_status_error status, - const BIGNUM *Nx, const BIGNUM *Ny) -{ - struct wpabuf *msg = NULL; - size_t attr_len; - const struct dpp_curve_params *curve = pkex->own_bi->curve; - - /* Initiator -> Responder: DPP Status, [identifier,] N */ - attr_len = 4 + 1; - if (pkex->identifier) - attr_len += 4 + os_strlen(pkex->identifier); - attr_len += 4 + 2 * curve->prime_len; - msg = dpp_alloc_msg(DPP_PA_PKEX_EXCHANGE_RESP, attr_len); - if (!msg) - goto fail; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); - goto skip_status; - } - - if (dpp_test == DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status"); - status = 255; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* DPP Status */ - dpp_build_attr_status(msg, status); - -#ifdef CONFIG_TESTING_OPTIONS -skip_status: -#endif /* CONFIG_TESTING_OPTIONS */ - - /* Code Identifier attribute */ - if (pkex->identifier) { - wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER); - wpabuf_put_le16(msg, os_strlen(pkex->identifier)); - wpabuf_put_str(msg, pkex->identifier); - } - - if (status != DPP_STATUS_OK) - goto skip_encrypted_key; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key"); - goto skip_encrypted_key; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* N in Encrypted Key attribute */ - wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY); - wpabuf_put_le16(msg, 2 * curve->prime_len); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Encrypted Key"); - if (dpp_test_gen_invalid_key(msg, curve) < 0) - goto fail; - goto skip_encrypted_key; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (dpp_bn2bin_pad(Nx, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0 || - dpp_bn2bin_pad(Nx, pkex->Nx, curve->prime_len) < 0 || - dpp_bn2bin_pad(Ny, wpabuf_put(msg, curve->prime_len), - curve->prime_len) < 0) - goto fail; - -skip_encrypted_key: - if (status == DPP_STATUS_BAD_GROUP) { - /* Finite Cyclic Group attribute */ - wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP); - wpabuf_put_le16(msg, 2); - wpabuf_put_le16(msg, curve->ike_group); - } - - return msg; -fail: - wpabuf_free(msg); - return NULL; -} - - -static int dpp_pkex_derive_z(const u8 *mac_init, const u8 *mac_resp, - const u8 *Mx, size_t Mx_len, - const u8 *Nx, size_t Nx_len, - const char *code, - const u8 *Kx, size_t Kx_len, - u8 *z, unsigned int hash_len) -{ - u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN]; - int res; - u8 *info, *pos; - size_t info_len; - - /* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x) - */ - - /* HKDF-Extract(<>, IKM=K.x) */ - os_memset(salt, 0, hash_len); - if (dpp_hmac(hash_len, salt, hash_len, Kx, Kx_len, prk) < 0) - return -1; - wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)", - prk, hash_len); - info_len = 2 * ETH_ALEN + Mx_len + Nx_len + os_strlen(code); - info = os_malloc(info_len); - if (!info) - return -1; - pos = info; - os_memcpy(pos, mac_init, ETH_ALEN); - pos += ETH_ALEN; - os_memcpy(pos, mac_resp, ETH_ALEN); - pos += ETH_ALEN; - os_memcpy(pos, Mx, Mx_len); - pos += Mx_len; - os_memcpy(pos, Nx, Nx_len); - pos += Nx_len; - os_memcpy(pos, code, os_strlen(code)); - - /* HKDF-Expand(PRK, info, L) */ - if (hash_len == 32) - res = hmac_sha256_kdf(prk, hash_len, NULL, info, info_len, - z, hash_len); - else if (hash_len == 48) - res = hmac_sha384_kdf(prk, hash_len, NULL, info, info_len, - z, hash_len); - else if (hash_len == 64) - res = hmac_sha512_kdf(prk, hash_len, NULL, info, info_len, - z, hash_len); - else - res = -1; - os_free(info); - os_memset(prk, 0, hash_len); - if (res < 0) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "DPP: z = HKDF-Expand(PRK, info, L)", - z, hash_len); - return 0; -} - - -static int dpp_pkex_identifier_match(const u8 *attr_id, u16 attr_id_len, - const char *identifier) -{ - if (!attr_id && identifier) { - wpa_printf(MSG_DEBUG, - "DPP: No PKEX code identifier received, but expected one"); - return 0; - } - - if (attr_id && !identifier) { - wpa_printf(MSG_DEBUG, - "DPP: PKEX code identifier received, but not expecting one"); - return 0; - } - - if (attr_id && identifier && - (os_strlen(identifier) != attr_id_len || - os_memcmp(identifier, attr_id, attr_id_len) != 0)) { - wpa_printf(MSG_DEBUG, "DPP: PKEX code identifier mismatch"); - return 0; - } - - return 1; -} - - -struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, - struct dpp_bootstrap_info *bi, - const u8 *own_mac, - const u8 *peer_mac, - const char *identifier, - const char *code, - const u8 *buf, size_t len) -{ - const u8 *attr_group, *attr_id, *attr_key; - u16 attr_group_len, attr_id_len, attr_key_len; - const struct dpp_curve_params *curve = bi->curve; - u16 ike_group; - struct dpp_pkex *pkex = NULL; - EC_POINT *Qi = NULL, *Qr = NULL, *M = NULL, *X = NULL, *N = NULL; - BN_CTX *bnctx = NULL; - EC_GROUP *group = NULL; - BIGNUM *Mx = NULL, *My = NULL; - EC_KEY *Y_ec = NULL, *X_ec = NULL;; - const EC_POINT *Y_point; - BIGNUM *Nx = NULL, *Ny = NULL; - u8 Kx[DPP_MAX_SHARED_SECRET_LEN]; - size_t Kx_len; - int res; - - if (bi->pkex_t >= PKEX_COUNTER_T_LIMIT) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "PKEX counter t limit reached - ignore message"); - return NULL; - } - -#ifdef CONFIG_TESTING_OPTIONS - if (!is_zero_ether_addr(dpp_pkex_peer_mac_override)) { - wpa_printf(MSG_INFO, "DPP: TESTING - peer_mac override " MACSTR, - MAC2STR(dpp_pkex_peer_mac_override)); - peer_mac = dpp_pkex_peer_mac_override; - } - if (!is_zero_ether_addr(dpp_pkex_own_mac_override)) { - wpa_printf(MSG_INFO, "DPP: TESTING - own_mac override " MACSTR, - MAC2STR(dpp_pkex_own_mac_override)); - own_mac = dpp_pkex_own_mac_override; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - attr_id_len = 0; - attr_id = dpp_get_attr(buf, len, DPP_ATTR_CODE_IDENTIFIER, - &attr_id_len); - if (!dpp_pkex_identifier_match(attr_id, attr_id_len, identifier)) - return NULL; - - attr_group = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, - &attr_group_len); - if (!attr_group || attr_group_len != 2) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Missing or invalid Finite Cyclic Group attribute"); - return NULL; - } - ike_group = WPA_GET_LE16(attr_group); - if (ike_group != curve->ike_group) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Mismatching PKEX curve: peer=%u own=%u", - ike_group, curve->ike_group); - pkex = os_zalloc(sizeof(*pkex)); - if (!pkex) - goto fail; - pkex->own_bi = bi; - pkex->failed = 1; - pkex->exchange_resp = dpp_pkex_build_exchange_resp( - pkex, DPP_STATUS_BAD_GROUP, NULL, NULL); - if (!pkex->exchange_resp) - goto fail; - return pkex; - } - - /* M in Encrypted Key attribute */ - attr_key = dpp_get_attr(buf, len, DPP_ATTR_ENCRYPTED_KEY, - &attr_key_len); - if (!attr_key || attr_key_len & 0x01 || attr_key_len < 2 || - attr_key_len / 2 > DPP_MAX_SHARED_SECRET_LEN) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Missing Encrypted Key attribute"); - return NULL; - } - - /* Qi = H(MAC-Initiator | [identifier |] code) * Pi */ - bnctx = BN_CTX_new(); - if (!bnctx) - goto fail; - Qi = dpp_pkex_derive_Qi(curve, peer_mac, code, identifier, bnctx, - &group); - if (!Qi) - goto fail; - - /* X' = M - Qi */ - X = EC_POINT_new(group); - M = EC_POINT_new(group); - Mx = BN_bin2bn(attr_key, attr_key_len / 2, NULL); - My = BN_bin2bn(attr_key + attr_key_len / 2, attr_key_len / 2, NULL); - if (!X || !M || !Mx || !My || - EC_POINT_set_affine_coordinates_GFp(group, M, Mx, My, bnctx) != 1 || - EC_POINT_is_at_infinity(group, M) || - !EC_POINT_is_on_curve(group, M, bnctx) || - EC_POINT_invert(group, Qi, bnctx) != 1 || - EC_POINT_add(group, X, M, Qi, bnctx) != 1 || - EC_POINT_is_at_infinity(group, X) || - !EC_POINT_is_on_curve(group, X, bnctx)) { - wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Invalid Encrypted Key value"); - bi->pkex_t++; - goto fail; - } - dpp_debug_print_point("DPP: M", group, M); - dpp_debug_print_point("DPP: X'", group, X); - - pkex = os_zalloc(sizeof(*pkex)); - if (!pkex) - goto fail; - pkex->t = bi->pkex_t; - pkex->msg_ctx = msg_ctx; - pkex->own_bi = bi; - os_memcpy(pkex->own_mac, own_mac, ETH_ALEN); - os_memcpy(pkex->peer_mac, peer_mac, ETH_ALEN); - if (identifier) { - pkex->identifier = os_strdup(identifier); - if (!pkex->identifier) - goto fail; - } - pkex->code = os_strdup(code); - if (!pkex->code) - goto fail; - - os_memcpy(pkex->Mx, attr_key, attr_key_len / 2); - - X_ec = EC_KEY_new(); - if (!X_ec || - EC_KEY_set_group(X_ec, group) != 1 || - EC_KEY_set_public_key(X_ec, X) != 1) - goto fail; - pkex->x = EVP_PKEY_new(); - if (!pkex->x || - EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1) - goto fail; - - /* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */ - Qr = dpp_pkex_derive_Qr(curve, own_mac, code, identifier, bnctx, NULL); - if (!Qr) - goto fail; - - /* Generate a random ephemeral keypair y/Y */ -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_pkex_ephemeral_key_override_len) { - const struct dpp_curve_params *tmp_curve; - - wpa_printf(MSG_INFO, - "DPP: TESTING - override ephemeral key y/Y"); - pkex->y = dpp_set_keypair(&tmp_curve, - dpp_pkex_ephemeral_key_override, - dpp_pkex_ephemeral_key_override_len); - } else { - pkex->y = dpp_gen_keypair(curve); - } -#else /* CONFIG_TESTING_OPTIONS */ - pkex->y = dpp_gen_keypair(curve); -#endif /* CONFIG_TESTING_OPTIONS */ - if (!pkex->y) - goto fail; - - /* N = Y + Qr */ - Y_ec = EVP_PKEY_get1_EC_KEY(pkex->y); - if (!Y_ec) - goto fail; - Y_point = EC_KEY_get0_public_key(Y_ec); - if (!Y_point) - goto fail; - dpp_debug_print_point("DPP: Y", group, Y_point); - N = EC_POINT_new(group); - Nx = BN_new(); - Ny = BN_new(); - if (!N || !Nx || !Ny || - EC_POINT_add(group, N, Y_point, Qr, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, N, Nx, Ny, bnctx) != 1) - goto fail; - dpp_debug_print_point("DPP: N", group, N); - - pkex->exchange_resp = dpp_pkex_build_exchange_resp(pkex, DPP_STATUS_OK, - Nx, Ny); - if (!pkex->exchange_resp) - goto fail; - - /* K = y * X' */ - if (dpp_ecdh(pkex->y, pkex->x, Kx, &Kx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)", - Kx, Kx_len); - - /* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x) - */ - res = dpp_pkex_derive_z(pkex->peer_mac, pkex->own_mac, - pkex->Mx, curve->prime_len, - pkex->Nx, curve->prime_len, pkex->code, - Kx, Kx_len, pkex->z, curve->hash_len); - os_memset(Kx, 0, Kx_len); - if (res < 0) - goto fail; - - pkex->exchange_done = 1; - -out: - BN_CTX_free(bnctx); - EC_POINT_free(Qi); - EC_POINT_free(Qr); - BN_free(Mx); - BN_free(My); - BN_free(Nx); - BN_free(Ny); - EC_POINT_free(M); - EC_POINT_free(N); - EC_POINT_free(X); - EC_KEY_free(X_ec); - EC_KEY_free(Y_ec); - EC_GROUP_free(group); - return pkex; -fail: - wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request processing failed"); - dpp_pkex_free(pkex); - pkex = NULL; - goto out; -} - - -static struct wpabuf * -dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex, - const struct wpabuf *A_pub, const u8 *u) -{ - const struct dpp_curve_params *curve = pkex->own_bi->curve; - struct wpabuf *msg = NULL; - size_t clear_len, attr_len; - struct wpabuf *clear = NULL; - u8 *wrapped; - u8 octet; - const u8 *addr[2]; - size_t len[2]; - - /* {A, u, [bootstrapping info]}z */ - clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len; - clear = wpabuf_alloc(clear_len); - attr_len = 4 + clear_len + AES_BLOCK_SIZE; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ) - attr_len += 5; -#endif /* CONFIG_TESTING_OPTIONS */ - msg = dpp_alloc_msg(DPP_PA_PKEX_COMMIT_REVEAL_REQ, attr_len); - if (!clear || !msg) - goto fail; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key"); - goto skip_bootstrap_key; - } - if (dpp_test == DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Bootstrap Key"); - wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); - wpabuf_put_le16(clear, 2 * curve->prime_len); - if (dpp_test_gen_invalid_key(clear, curve) < 0) - goto fail; - goto skip_bootstrap_key; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* A in Bootstrap Key attribute */ - wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); - wpabuf_put_le16(clear, wpabuf_len(A_pub)); - wpabuf_put_buf(clear, A_pub); - -#ifdef CONFIG_TESTING_OPTIONS -skip_bootstrap_key: - if (dpp_test == DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no I-Auth tag"); - goto skip_i_auth_tag; - } - if (dpp_test == DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - I-Auth tag mismatch"); - wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG); - wpabuf_put_le16(clear, curve->hash_len); - wpabuf_put_data(clear, u, curve->hash_len - 1); - wpabuf_put_u8(clear, u[curve->hash_len - 1] ^ 0x01); - goto skip_i_auth_tag; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* u in I-Auth tag attribute */ - wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG); - wpabuf_put_le16(clear, curve->hash_len); - wpabuf_put_data(clear, u, curve->hash_len); - -#ifdef CONFIG_TESTING_OPTIONS -skip_i_auth_tag: - if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data"); - goto skip_wrapped_data; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - addr[0] = wpabuf_head_u8(msg) + 2; - len[0] = DPP_HDR_LEN; - octet = 0; - addr[1] = &octet; - len[1] = sizeof(octet); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); - wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); - - wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear); - if (aes_siv_encrypt(pkex->z, curve->hash_len, - wpabuf_head(clear), wpabuf_len(clear), - 2, addr, len, wrapped) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data"); - dpp_build_attr_status(msg, DPP_STATUS_OK); - } -skip_wrapped_data: -#endif /* CONFIG_TESTING_OPTIONS */ - -out: - wpabuf_free(clear); - return msg; - -fail: - wpabuf_free(msg); - msg = NULL; - goto out; -} - - -struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, - const u8 *peer_mac, - const u8 *buf, size_t buflen) -{ - const u8 *attr_status, *attr_id, *attr_key, *attr_group; - u16 attr_status_len, attr_id_len, attr_key_len, attr_group_len; - EC_GROUP *group = NULL; - BN_CTX *bnctx = NULL; - struct wpabuf *msg = NULL, *A_pub = NULL, *X_pub = NULL, *Y_pub = NULL; - const struct dpp_curve_params *curve = pkex->own_bi->curve; - EC_POINT *Qr = NULL, *Y = NULL, *N = NULL; - BIGNUM *Nx = NULL, *Ny = NULL; - EC_KEY *Y_ec = NULL; - size_t Jx_len, Kx_len; - u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Kx[DPP_MAX_SHARED_SECRET_LEN]; - const u8 *addr[4]; - size_t len[4]; - u8 u[DPP_MAX_HASH_LEN]; - int res; - - if (pkex->failed || pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator) - return NULL; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at PKEX Exchange Response"); - pkex->failed = 1; - return NULL; - } - - if (!is_zero_ether_addr(dpp_pkex_peer_mac_override)) { - wpa_printf(MSG_INFO, "DPP: TESTING - peer_mac override " MACSTR, - MAC2STR(dpp_pkex_peer_mac_override)); - peer_mac = dpp_pkex_peer_mac_override; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - os_memcpy(pkex->peer_mac, peer_mac, ETH_ALEN); - - attr_status = dpp_get_attr(buf, buflen, DPP_ATTR_STATUS, - &attr_status_len); - if (!attr_status || attr_status_len != 1) { - dpp_pkex_fail(pkex, "No DPP Status attribute"); - return NULL; - } - wpa_printf(MSG_DEBUG, "DPP: Status %u", attr_status[0]); - - if (attr_status[0] == DPP_STATUS_BAD_GROUP) { - attr_group = dpp_get_attr(buf, buflen, - DPP_ATTR_FINITE_CYCLIC_GROUP, - &attr_group_len); - if (attr_group && attr_group_len == 2) { - wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL - "Peer indicated mismatching PKEX group - proposed %u", - WPA_GET_LE16(attr_group)); - return NULL; - } - } - - if (attr_status[0] != DPP_STATUS_OK) { - dpp_pkex_fail(pkex, "PKEX failed (peer indicated failure)"); - return NULL; - } - - attr_id_len = 0; - attr_id = dpp_get_attr(buf, buflen, DPP_ATTR_CODE_IDENTIFIER, - &attr_id_len); - if (!dpp_pkex_identifier_match(attr_id, attr_id_len, - pkex->identifier)) { - dpp_pkex_fail(pkex, "PKEX code identifier mismatch"); - return NULL; - } - - /* N in Encrypted Key attribute */ - attr_key = dpp_get_attr(buf, buflen, DPP_ATTR_ENCRYPTED_KEY, - &attr_key_len); - if (!attr_key || attr_key_len & 0x01 || attr_key_len < 2) { - dpp_pkex_fail(pkex, "Missing Encrypted Key attribute"); - return NULL; - } - - /* Qr = H(MAC-Responder | [identifier |] code) * Pr */ - bnctx = BN_CTX_new(); - if (!bnctx) - goto fail; - Qr = dpp_pkex_derive_Qr(curve, pkex->peer_mac, pkex->code, - pkex->identifier, bnctx, &group); - if (!Qr) - goto fail; - - /* Y' = N - Qr */ - Y = EC_POINT_new(group); - N = EC_POINT_new(group); - Nx = BN_bin2bn(attr_key, attr_key_len / 2, NULL); - Ny = BN_bin2bn(attr_key + attr_key_len / 2, attr_key_len / 2, NULL); - if (!Y || !N || !Nx || !Ny || - EC_POINT_set_affine_coordinates_GFp(group, N, Nx, Ny, bnctx) != 1 || - EC_POINT_is_at_infinity(group, N) || - !EC_POINT_is_on_curve(group, N, bnctx) || - EC_POINT_invert(group, Qr, bnctx) != 1 || - EC_POINT_add(group, Y, N, Qr, bnctx) != 1 || - EC_POINT_is_at_infinity(group, Y) || - !EC_POINT_is_on_curve(group, Y, bnctx)) { - dpp_pkex_fail(pkex, "Invalid Encrypted Key value"); - pkex->t++; - goto fail; - } - dpp_debug_print_point("DPP: N", group, N); - dpp_debug_print_point("DPP: Y'", group, Y); - - pkex->exchange_done = 1; - - /* ECDH: J = a * Y’ */ - Y_ec = EC_KEY_new(); - if (!Y_ec || - EC_KEY_set_group(Y_ec, group) != 1 || - EC_KEY_set_public_key(Y_ec, Y) != 1) - goto fail; - pkex->y = EVP_PKEY_new(); - if (!pkex->y || - EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1) - goto fail; - if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (J.x)", - Jx, Jx_len); - - /* u = HMAC(J.x, MAC-Initiator | A.x | Y’.x | X.x ) */ - A_pub = dpp_get_pubkey_point(pkex->own_bi->pubkey, 0); - Y_pub = dpp_get_pubkey_point(pkex->y, 0); - X_pub = dpp_get_pubkey_point(pkex->x, 0); - if (!A_pub || !Y_pub || !X_pub) - goto fail; - addr[0] = pkex->own_mac; - len[0] = ETH_ALEN; - addr[1] = wpabuf_head(A_pub); - len[1] = wpabuf_len(A_pub) / 2; - addr[2] = wpabuf_head(Y_pub); - len[2] = wpabuf_len(Y_pub) / 2; - addr[3] = wpabuf_head(X_pub); - len[3] = wpabuf_len(X_pub) / 2; - if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: u", u, curve->hash_len); - - /* K = x * Y’ */ - if (dpp_ecdh(pkex->x, pkex->y, Kx, &Kx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)", - Kx, Kx_len); - - /* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x) - */ - res = dpp_pkex_derive_z(pkex->own_mac, pkex->peer_mac, - pkex->Mx, curve->prime_len, - attr_key /* N.x */, attr_key_len / 2, - pkex->code, Kx, Kx_len, - pkex->z, curve->hash_len); - os_memset(Kx, 0, Kx_len); - if (res < 0) - goto fail; - - msg = dpp_pkex_build_commit_reveal_req(pkex, A_pub, u); - if (!msg) - goto fail; - -out: - wpabuf_free(A_pub); - wpabuf_free(X_pub); - wpabuf_free(Y_pub); - EC_POINT_free(Qr); - EC_POINT_free(Y); - EC_POINT_free(N); - BN_free(Nx); - BN_free(Ny); - EC_KEY_free(Y_ec); - BN_CTX_free(bnctx); - EC_GROUP_free(group); - return msg; -fail: - wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response processing failed"); - goto out; -} - - -static struct wpabuf * -dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex, - const struct wpabuf *B_pub, const u8 *v) -{ - const struct dpp_curve_params *curve = pkex->own_bi->curve; - struct wpabuf *msg = NULL; - const u8 *addr[2]; - size_t len[2]; - u8 octet; - u8 *wrapped; - struct wpabuf *clear = NULL; - size_t clear_len, attr_len; - - /* {B, v [bootstrapping info]}z */ - clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len; - clear = wpabuf_alloc(clear_len); - attr_len = 4 + clear_len + AES_BLOCK_SIZE; -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP) - attr_len += 5; -#endif /* CONFIG_TESTING_OPTIONS */ - msg = dpp_alloc_msg(DPP_PA_PKEX_COMMIT_REVEAL_RESP, attr_len); - if (!clear || !msg) - goto fail; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key"); - goto skip_bootstrap_key; - } - if (dpp_test == DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Bootstrap Key"); - wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); - wpabuf_put_le16(clear, 2 * curve->prime_len); - if (dpp_test_gen_invalid_key(clear, curve) < 0) - goto fail; - goto skip_bootstrap_key; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* B in Bootstrap Key attribute */ - wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); - wpabuf_put_le16(clear, wpabuf_len(B_pub)); - wpabuf_put_buf(clear, B_pub); - -#ifdef CONFIG_TESTING_OPTIONS -skip_bootstrap_key: - if (dpp_test == DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth tag"); - goto skip_r_auth_tag; - } - if (dpp_test == DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - R-Auth tag mismatch"); - wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG); - wpabuf_put_le16(clear, curve->hash_len); - wpabuf_put_data(clear, v, curve->hash_len - 1); - wpabuf_put_u8(clear, v[curve->hash_len - 1] ^ 0x01); - goto skip_r_auth_tag; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - /* v in R-Auth tag attribute */ - wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG); - wpabuf_put_le16(clear, curve->hash_len); - wpabuf_put_data(clear, v, curve->hash_len); - -#ifdef CONFIG_TESTING_OPTIONS -skip_r_auth_tag: - if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data"); - goto skip_wrapped_data; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - addr[0] = wpabuf_head_u8(msg) + 2; - len[0] = DPP_HDR_LEN; - octet = 1; - addr[1] = &octet; - len[1] = sizeof(octet); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); - wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); - wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); - - wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear); - if (aes_siv_encrypt(pkex->z, curve->hash_len, - wpabuf_head(clear), wpabuf_len(clear), - 2, addr, len, wrapped) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE); - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data"); - dpp_build_attr_status(msg, DPP_STATUS_OK); - } -skip_wrapped_data: -#endif /* CONFIG_TESTING_OPTIONS */ - -out: - wpabuf_free(clear); - return msg; - -fail: - wpabuf_free(msg); - msg = NULL; - goto out; -} - - -struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex, - const u8 *hdr, - const u8 *buf, size_t buflen) -{ - const struct dpp_curve_params *curve = pkex->own_bi->curve; - size_t Jx_len, Lx_len; - u8 Jx[DPP_MAX_SHARED_SECRET_LEN]; - u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; - const u8 *wrapped_data, *b_key, *peer_u; - u16 wrapped_data_len, b_key_len, peer_u_len = 0; - const u8 *addr[4]; - size_t len[4]; - u8 octet; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - struct wpabuf *msg = NULL, *A_pub = NULL, *X_pub = NULL, *Y_pub = NULL; - struct wpabuf *B_pub = NULL; - u8 u[DPP_MAX_HASH_LEN], v[DPP_MAX_HASH_LEN]; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_PKEX_CR_REQ) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at PKEX CR Request"); - pkex->failed = 1; - return NULL; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (!pkex->exchange_done || pkex->failed || - pkex->t >= PKEX_COUNTER_T_LIMIT || pkex->initiator) - goto fail; - - wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { - dpp_pkex_fail(pkex, - "Missing or invalid required Wrapped Data attribute"); - goto fail; - } - - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - goto fail; - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - octet = 0; - addr[1] = &octet; - len[1] = sizeof(octet); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - if (aes_siv_decrypt(pkex->z, curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_pkex_fail(pkex, - "AES-SIV decryption failed - possible PKEX code mismatch"); - pkex->failed = 1; - pkex->t++; - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data"); - goto fail; - } - - b_key = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_BOOTSTRAP_KEY, - &b_key_len); - if (!b_key || b_key_len != 2 * curve->prime_len) { - dpp_pkex_fail(pkex, "No valid peer bootstrapping key found"); - goto fail; - } - pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key, - b_key_len); - if (!pkex->peer_bootstrap_key) { - dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid"); - goto fail; - } - dpp_debug_print_key("DPP: Peer bootstrap public key", - pkex->peer_bootstrap_key); - - /* ECDH: J' = y * A' */ - if (dpp_ecdh(pkex->y, pkex->peer_bootstrap_key, Jx, &Jx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (J.x)", - Jx, Jx_len); - - /* u' = HMAC(J'.x, MAC-Initiator | A'.x | Y.x | X'.x) */ - A_pub = dpp_get_pubkey_point(pkex->peer_bootstrap_key, 0); - Y_pub = dpp_get_pubkey_point(pkex->y, 0); - X_pub = dpp_get_pubkey_point(pkex->x, 0); - if (!A_pub || !Y_pub || !X_pub) - goto fail; - addr[0] = pkex->peer_mac; - len[0] = ETH_ALEN; - addr[1] = wpabuf_head(A_pub); - len[1] = wpabuf_len(A_pub) / 2; - addr[2] = wpabuf_head(Y_pub); - len[2] = wpabuf_len(Y_pub) / 2; - addr[3] = wpabuf_head(X_pub); - len[3] = wpabuf_len(X_pub) / 2; - if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0) - goto fail; - - peer_u = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_AUTH_TAG, - &peer_u_len); - if (!peer_u || peer_u_len != curve->hash_len || - os_memcmp(peer_u, u, curve->hash_len) != 0) { - dpp_pkex_fail(pkex, "No valid u (I-Auth tag) found"); - wpa_hexdump(MSG_DEBUG, "DPP: Calculated u'", - u, curve->hash_len); - wpa_hexdump(MSG_DEBUG, "DPP: Received u", peer_u, peer_u_len); - pkex->t++; - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: Valid u (I-Auth tag) received"); - - /* ECDH: L = b * X' */ - if (dpp_ecdh(pkex->own_bi->pubkey, pkex->x, Lx, &Lx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (L.x)", - Lx, Lx_len); - - /* v = HMAC(L.x, MAC-Responder | B.x | X'.x | Y.x) */ - B_pub = dpp_get_pubkey_point(pkex->own_bi->pubkey, 0); - if (!B_pub) - goto fail; - addr[0] = pkex->own_mac; - len[0] = ETH_ALEN; - addr[1] = wpabuf_head(B_pub); - len[1] = wpabuf_len(B_pub) / 2; - addr[2] = wpabuf_head(X_pub); - len[2] = wpabuf_len(X_pub) / 2; - addr[3] = wpabuf_head(Y_pub); - len[3] = wpabuf_len(Y_pub) / 2; - if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: v", v, curve->hash_len); - - msg = dpp_pkex_build_commit_reveal_resp(pkex, B_pub, v); - if (!msg) - goto fail; - -out: - os_free(unwrapped); - wpabuf_free(A_pub); - wpabuf_free(B_pub); - wpabuf_free(X_pub); - wpabuf_free(Y_pub); - return msg; -fail: - wpa_printf(MSG_DEBUG, - "DPP: PKEX Commit-Reveal Request processing failed"); - goto out; -} - - -int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr, - const u8 *buf, size_t buflen) -{ - const struct dpp_curve_params *curve = pkex->own_bi->curve; - const u8 *wrapped_data, *b_key, *peer_v; - u16 wrapped_data_len, b_key_len, peer_v_len = 0; - const u8 *addr[4]; - size_t len[4]; - u8 octet; - u8 *unwrapped = NULL; - size_t unwrapped_len = 0; - int ret = -1; - u8 v[DPP_MAX_HASH_LEN]; - size_t Lx_len; - u8 Lx[DPP_MAX_SHARED_SECRET_LEN]; - struct wpabuf *B_pub = NULL, *X_pub = NULL, *Y_pub = NULL; - -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_PKEX_CR_RESP) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at PKEX CR Response"); - pkex->failed = 1; - goto fail; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (!pkex->exchange_done || pkex->failed || - pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator) - goto fail; - - wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { - dpp_pkex_fail(pkex, - "Missing or invalid required Wrapped Data attribute"); - goto fail; - } - - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext", - wrapped_data, wrapped_data_len); - unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE; - unwrapped = os_malloc(unwrapped_len); - if (!unwrapped) - goto fail; - - addr[0] = hdr; - len[0] = DPP_HDR_LEN; - octet = 1; - addr[1] = &octet; - len[1] = sizeof(octet); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]); - wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - - if (aes_siv_decrypt(pkex->z, curve->hash_len, - wrapped_data, wrapped_data_len, - 2, addr, len, unwrapped) < 0) { - dpp_pkex_fail(pkex, - "AES-SIV decryption failed - possible PKEX code mismatch"); - pkex->t++; - goto fail; - } - wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", - unwrapped, unwrapped_len); - - if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) { - dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data"); - goto fail; - } - - b_key = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_BOOTSTRAP_KEY, - &b_key_len); - if (!b_key || b_key_len != 2 * curve->prime_len) { - dpp_pkex_fail(pkex, "No valid peer bootstrapping key found"); - goto fail; - } - pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key, - b_key_len); - if (!pkex->peer_bootstrap_key) { - dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid"); - goto fail; - } - dpp_debug_print_key("DPP: Peer bootstrap public key", - pkex->peer_bootstrap_key); - - /* ECDH: L' = x * B' */ - if (dpp_ecdh(pkex->x, pkex->peer_bootstrap_key, Lx, &Lx_len) < 0) - goto fail; - - wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (L.x)", - Lx, Lx_len); - - /* v' = HMAC(L.x, MAC-Responder | B'.x | X.x | Y'.x) */ - B_pub = dpp_get_pubkey_point(pkex->peer_bootstrap_key, 0); - X_pub = dpp_get_pubkey_point(pkex->x, 0); - Y_pub = dpp_get_pubkey_point(pkex->y, 0); - if (!B_pub || !X_pub || !Y_pub) - goto fail; - addr[0] = pkex->peer_mac; - len[0] = ETH_ALEN; - addr[1] = wpabuf_head(B_pub); - len[1] = wpabuf_len(B_pub) / 2; - addr[2] = wpabuf_head(X_pub); - len[2] = wpabuf_len(X_pub) / 2; - addr[3] = wpabuf_head(Y_pub); - len[3] = wpabuf_len(Y_pub) / 2; - if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0) - goto fail; - - peer_v = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_AUTH_TAG, - &peer_v_len); - if (!peer_v || peer_v_len != curve->hash_len || - os_memcmp(peer_v, v, curve->hash_len) != 0) { - dpp_pkex_fail(pkex, "No valid v (R-Auth tag) found"); - wpa_hexdump(MSG_DEBUG, "DPP: Calculated v'", - v, curve->hash_len); - wpa_hexdump(MSG_DEBUG, "DPP: Received v", peer_v, peer_v_len); - pkex->t++; - goto fail; - } - wpa_printf(MSG_DEBUG, "DPP: Valid v (R-Auth tag) received"); - - ret = 0; -out: - wpabuf_free(B_pub); - wpabuf_free(X_pub); - wpabuf_free(Y_pub); - os_free(unwrapped); - return ret; -fail: - goto out; -} - - -void dpp_pkex_free(struct dpp_pkex *pkex) -{ - if (!pkex) - return; - - os_free(pkex->identifier); - os_free(pkex->code); - EVP_PKEY_free(pkex->x); - EVP_PKEY_free(pkex->y); - EVP_PKEY_free(pkex->peer_bootstrap_key); - wpabuf_free(pkex->exchange_req); - wpabuf_free(pkex->exchange_resp); - os_free(pkex); -} - - -#ifdef CONFIG_TESTING_OPTIONS -char * dpp_corrupt_connector_signature(const char *connector) -{ - char *tmp, *pos, *signed3 = NULL; - unsigned char *signature = NULL; - size_t signature_len = 0, signed3_len; - - tmp = os_zalloc(os_strlen(connector) + 5); - if (!tmp) - goto fail; - os_memcpy(tmp, connector, os_strlen(connector)); - - pos = os_strchr(tmp, '.'); - if (!pos) - goto fail; - - pos = os_strchr(pos + 1, '.'); - if (!pos) - goto fail; - pos++; - - wpa_printf(MSG_DEBUG, "DPP: Original base64url encoded signature: %s", - pos); - signature = base64_url_decode((const unsigned char *) pos, - os_strlen(pos), &signature_len); - if (!signature || signature_len == 0) - goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: Original Connector signature", - signature, signature_len); - signature[signature_len - 1] ^= 0x01; - wpa_hexdump(MSG_DEBUG, "DPP: Corrupted Connector signature", - signature, signature_len); - signed3 = (char *) base64_url_encode(signature, signature_len, - &signed3_len, 0); - if (!signed3) - goto fail; - os_memcpy(pos, signed3, signed3_len); - pos[signed3_len] = '\0'; - wpa_printf(MSG_DEBUG, "DPP: Corrupted base64url encoded signature: %s", - pos); - -out: - os_free(signature); - os_free(signed3); - return tmp; -fail: - os_free(tmp); - tmp = NULL; - goto out; -} -#endif /* CONFIG_TESTING_OPTIONS */ - - -#ifdef CONFIG_DPP2 - -struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, - size_t net_access_key_len) -{ - struct wpabuf *pub = NULL; - EVP_PKEY *own_key; - struct dpp_pfs *pfs; - - pfs = os_zalloc(sizeof(*pfs)); - if (!pfs) - return NULL; - - own_key = dpp_set_keypair(&pfs->curve, net_access_key, - net_access_key_len); - if (!own_key) { - wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey"); - goto fail; - } - EVP_PKEY_free(own_key); - - pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group); - if (!pfs->ecdh) - goto fail; - - pub = crypto_ecdh_get_pubkey(pfs->ecdh, 0); - pub = wpabuf_zeropad(pub, pfs->curve->prime_len); - if (!pub) - goto fail; - - pfs->ie = wpabuf_alloc(5 + wpabuf_len(pub)); - if (!pfs->ie) - goto fail; - wpabuf_put_u8(pfs->ie, WLAN_EID_EXTENSION); - wpabuf_put_u8(pfs->ie, 1 + 2 + wpabuf_len(pub)); - wpabuf_put_u8(pfs->ie, WLAN_EID_EXT_OWE_DH_PARAM); - wpabuf_put_le16(pfs->ie, pfs->curve->ike_group); - wpabuf_put_buf(pfs->ie, pub); - wpabuf_free(pub); - wpa_hexdump_buf(MSG_DEBUG, "DPP: Diffie-Hellman Parameter element", - pfs->ie); - - return pfs; -fail: - wpabuf_free(pub); - dpp_pfs_free(pfs); - return NULL; -} - - -int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len) -{ - if (peer_ie_len < 2) - return -1; - if (WPA_GET_LE16(peer_ie) != pfs->curve->ike_group) { - wpa_printf(MSG_DEBUG, "DPP: Peer used different group for PFS"); - return -1; - } - - pfs->secret = crypto_ecdh_set_peerkey(pfs->ecdh, 0, peer_ie + 2, - peer_ie_len - 2); - pfs->secret = wpabuf_zeropad(pfs->secret, pfs->curve->prime_len); - if (!pfs->secret) { - wpa_printf(MSG_DEBUG, "DPP: Invalid peer DH public key"); - return -1; - } - wpa_hexdump_buf_key(MSG_DEBUG, "DPP: DH shared secret", pfs->secret); - return 0; -} - - -void dpp_pfs_free(struct dpp_pfs *pfs) -{ - if (!pfs) - return; - crypto_ecdh_deinit(pfs->ecdh); - wpabuf_free(pfs->ie); - wpabuf_clear_free(pfs->secret); - os_free(pfs); -} - -#endif /* CONFIG_DPP2 */ - - -static unsigned int dpp_next_id(struct dpp_global *dpp) +unsigned int dpp_next_id(struct dpp_global *dpp) { struct dpp_bootstrap_info *bi; unsigned int max_id = 0; @@ -8370,6 +3811,10 @@ static int dpp_bootstrap_del(struct dpp_global *dpp, unsigned int id) if (id && bi->id != id) continue; found = 1; +#ifdef CONFIG_DPP2 + if (dpp->remove_bi) + dpp->remove_bi(dpp->cb_ctx, bi); +#endif /* CONFIG_DPP2 */ dl_list_del(&bi->list); dpp_bootstrap_info_free(bi); } @@ -8388,10 +3833,30 @@ struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, if (!dpp) return NULL; - bi = dpp_parse_qr_code(uri); + bi = dpp_parse_uri(uri); + if (!bi) + return NULL; + + bi->type = DPP_BOOTSTRAP_QR_CODE; + bi->id = dpp_next_id(dpp); + dl_list_add(&dpp->bootstrap, &bi->list); + return bi; +} + + +struct dpp_bootstrap_info * dpp_add_nfc_uri(struct dpp_global *dpp, + const char *uri) +{ + struct dpp_bootstrap_info *bi; + + if (!dpp) + return NULL; + + bi = dpp_parse_uri(uri); if (!bi) return NULL; + bi->type = DPP_BOOTSTRAP_NFC_URI; bi->id = dpp_next_id(dpp); dl_list_add(&dpp->bootstrap, &bi->list); return bi; @@ -8400,11 +3865,10 @@ struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp, int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd) { - char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL; + char *mac = NULL, *info = NULL, *curve = NULL; char *key = NULL; u8 *privkey = NULL; size_t privkey_len = 0; - size_t len; int ret = -1; struct dpp_bootstrap_info *bi; @@ -8419,10 +3883,12 @@ int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd) bi->type = DPP_BOOTSTRAP_QR_CODE; else if (os_strstr(cmd, "type=pkex")) bi->type = DPP_BOOTSTRAP_PKEX; + else if (os_strstr(cmd, "type=nfc-uri")) + bi->type = DPP_BOOTSTRAP_NFC_URI; else goto fail; - chan = get_param(cmd, " chan="); + bi->chan = get_param(cmd, " chan="); mac = get_param(cmd, " mac="); info = get_param(cmd, " info="); curve = get_param(cmd, " curve="); @@ -8436,43 +3902,19 @@ int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd) goto fail; } - pk = dpp_keygen(bi, curve, privkey, privkey_len); - if (!pk) + if (dpp_keygen(bi, curve, privkey, privkey_len) < 0 || + dpp_parse_uri_chan_list(bi, bi->chan) < 0 || + dpp_parse_uri_mac(bi, mac) < 0 || + dpp_parse_uri_info(bi, info) < 0 || + dpp_gen_uri(bi) < 0) goto fail; - len = 4; /* "DPP:" */ - if (chan) { - if (dpp_parse_uri_chan_list(bi, chan) < 0) - goto fail; - len += 3 + os_strlen(chan); /* C:...; */ - } - if (mac) { - if (dpp_parse_uri_mac(bi, mac) < 0) - goto fail; - len += 3 + os_strlen(mac); /* M:...; */ - } - if (info) { - if (dpp_parse_uri_info(bi, info) < 0) - goto fail; - len += 3 + os_strlen(info); /* I:...; */ - } - len += 4 + os_strlen(pk); - bi->uri = os_malloc(len + 1); - if (!bi->uri) - goto fail; - os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;", - chan ? "C:" : "", chan ? chan : "", chan ? ";" : "", - mac ? "M:" : "", mac ? mac : "", mac ? ";" : "", - info ? "I:" : "", info ? info : "", info ? ";" : "", - pk); bi->id = dpp_next_id(dpp); dl_list_add(&dpp->bootstrap, &bi->list); ret = bi->id; bi = NULL; fail: os_free(curve); - os_free(pk); - os_free(chan); os_free(mac); os_free(info); str_clear_free(key); @@ -8514,33 +3956,6 @@ int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id) } -struct dpp_bootstrap_info * -dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer, - unsigned int freq) -{ - struct dpp_bootstrap_info *bi; - - bi = os_zalloc(sizeof(*bi)); - if (!bi) - return NULL; - bi->id = dpp_next_id(dpp); - bi->type = DPP_BOOTSTRAP_PKEX; - os_memcpy(bi->mac_addr, peer, ETH_ALEN); - bi->num_freq = 1; - bi->freq[0] = freq; - bi->curve = pkex->own_bi->curve; - bi->pubkey = pkex->peer_bootstrap_key; - pkex->peer_bootstrap_key = NULL; - if (dpp_bootstrap_key_hash(bi) < 0) { - dpp_bootstrap_info_free(bi); - return NULL; - } - dpp_pkex_free(pkex); - dl_list_add(&dpp->bootstrap, &bi->list); - return bi; -} - - const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id) { struct dpp_bootstrap_info *bi; @@ -8567,14 +3982,38 @@ int dpp_bootstrap_info(struct dpp_global *dpp, int id, "mac_addr=" MACSTR "\n" "info=%s\n" "num_freq=%u\n" + "use_freq=%u\n" "curve=%s\n" - "pkhash=%s\n", + "pkhash=%s\n" + "version=%d\n", dpp_bootstrap_type_txt(bi->type), MAC2STR(bi->mac_addr), bi->info ? bi->info : "", bi->num_freq, + bi->num_freq == 1 ? bi->freq[0] : 0, bi->curve->name, - pkhash); + pkhash, + bi->version); +} + + +int dpp_bootstrap_set(struct dpp_global *dpp, int id, const char *params) +{ + struct dpp_bootstrap_info *bi; + + bi = dpp_bootstrap_get_id(dpp, id); + if (!bi) + return -1; + + str_clear_free(bi->configurator_params); + + if (params) { + bi->configurator_params = os_strdup(params); + return bi->configurator_params ? 0 : -1; + } + + bi->configurator_params = NULL; + return 0; } @@ -8610,7 +4049,108 @@ void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap, if (*own_bi && *peer_bi) break; } +} + + +#ifdef CONFIG_DPP2 +struct dpp_bootstrap_info * dpp_bootstrap_find_chirp(struct dpp_global *dpp, + const u8 *hash) +{ + struct dpp_bootstrap_info *bi; + + if (!dpp) + return NULL; + + dl_list_for_each(bi, &dpp->bootstrap, struct dpp_bootstrap_info, list) { + if (!bi->own && os_memcmp(bi->pubkey_hash_chirp, hash, + SHA256_MAC_LEN) == 0) + return bi; + } + + return NULL; +} +#endif /* CONFIG_DPP2 */ + + +static int dpp_nfc_update_bi_channel(struct dpp_bootstrap_info *own_bi, + struct dpp_bootstrap_info *peer_bi) +{ + unsigned int i, freq = 0; + enum hostapd_hw_mode mode; + u8 op_class, channel; + char chan[20]; + + if (peer_bi->num_freq == 0 && !peer_bi->channels_listed) + return 0; /* no channel preference/constraint */ + + for (i = 0; i < peer_bi->num_freq; i++) { + if ((own_bi->num_freq == 0 && !own_bi->channels_listed) || + freq_included(own_bi->freq, own_bi->num_freq, + peer_bi->freq[i])) { + freq = peer_bi->freq[i]; + break; + } + } + if (!freq) { + wpa_printf(MSG_DEBUG, "DPP: No common channel found"); + return -1; + } + + mode = ieee80211_freq_to_channel_ext(freq, 0, 0, &op_class, &channel); + if (mode == NUM_HOSTAPD_MODES) { + wpa_printf(MSG_DEBUG, + "DPP: Could not determine operating class or channel number for %u MHz", + freq); + } + + wpa_printf(MSG_DEBUG, + "DPP: Selected %u MHz (op_class %u channel %u) as the negotiation channel based on information from NFC negotiated handover", + freq, op_class, channel); + os_snprintf(chan, sizeof(chan), "%u/%u", op_class, channel); + os_free(own_bi->chan); + own_bi->chan = os_strdup(chan); + own_bi->freq[0] = freq; + own_bi->num_freq = 1; + os_free(peer_bi->chan); + peer_bi->chan = os_strdup(chan); + peer_bi->freq[0] = freq; + peer_bi->num_freq = 1; + + return dpp_gen_uri(own_bi); +} + + +static int dpp_nfc_update_bi_key(struct dpp_bootstrap_info *own_bi, + struct dpp_bootstrap_info *peer_bi) +{ + if (peer_bi->curve == own_bi->curve) + return 0; + wpa_printf(MSG_DEBUG, + "DPP: Update own bootstrapping key to match peer curve from NFC handover"); + + EVP_PKEY_free(own_bi->pubkey); + own_bi->pubkey = NULL; + + if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 || + dpp_gen_uri(own_bi) < 0) + goto fail; + + return 0; +fail: + dl_list_del(&own_bi->list); + dpp_bootstrap_info_free(own_bi); + return -1; +} + + +int dpp_nfc_update_bi(struct dpp_bootstrap_info *own_bi, + struct dpp_bootstrap_info *peer_bi) +{ + if (dpp_nfc_update_bi_channel(own_bi, peer_bi) < 0 || + dpp_nfc_update_bi_key(own_bi, peer_bi) < 0) + return -1; + return 0; } @@ -8631,14 +4171,15 @@ static unsigned int dpp_next_configurator_id(struct dpp_global *dpp) int dpp_configurator_add(struct dpp_global *dpp, const char *cmd) { char *curve = NULL; - char *key = NULL; - u8 *privkey = NULL; - size_t privkey_len = 0; + char *key = NULL, *ppkey = NULL; + u8 *privkey = NULL, *pp_key = NULL; + size_t privkey_len = 0, pp_key_len = 0; int ret = -1; struct dpp_configurator *conf = NULL; curve = get_param(cmd, " curve="); key = get_param(cmd, " key="); + ppkey = get_param(cmd, " ppkey="); if (key) { privkey_len = os_strlen(key) / 2; @@ -8648,7 +4189,16 @@ int dpp_configurator_add(struct dpp_global *dpp, const char *cmd) goto fail; } - conf = dpp_keygen_configurator(curve, privkey, privkey_len); + if (ppkey) { + pp_key_len = os_strlen(ppkey) / 2; + pp_key = os_malloc(pp_key_len); + if (!pp_key || + hexstr2bin(ppkey, pp_key, pp_key_len) < 0) + goto fail; + } + + conf = dpp_keygen_configurator(curve, privkey, privkey_len, + pp_key, pp_key_len); if (!conf) goto fail; @@ -8659,7 +4209,9 @@ int dpp_configurator_add(struct dpp_global *dpp, const char *cmd) fail: os_free(curve); str_clear_free(key); + str_clear_free(ppkey); bin_clear_free(privkey, privkey_len); + bin_clear_free(pp_key, pp_key_len); dpp_configurator_free(conf); return ret; } @@ -8719,62 +4271,76 @@ int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id, #ifdef CONFIG_DPP2 -static void dpp_connection_free(struct dpp_connection *conn) -{ - if (conn->sock >= 0) { - wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d", - conn->sock); - eloop_unregister_sock(conn->sock, EVENT_TYPE_READ); - eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); - close(conn->sock); - } - wpabuf_free(conn->msg); - wpabuf_free(conn->msg_out); - dpp_auth_deinit(conn->auth); - os_free(conn); -} - - -static void dpp_connection_remove(struct dpp_connection *conn) -{ - dl_list_del(&conn->list); - dpp_connection_free(conn); -} - - -static void dpp_tcp_init_flush(struct dpp_global *dpp) +int dpp_configurator_from_backup(struct dpp_global *dpp, + struct dpp_asymmetric_key *key) { - struct dpp_connection *conn, *tmp; - - dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection, - list) - dpp_connection_remove(conn); -} + struct dpp_configurator *conf; + const EC_KEY *eckey, *eckey_pp; + const EC_GROUP *group, *group_pp; + int nid; + const struct dpp_curve_params *curve; + if (!key->csign || !key->pp_key) + return -1; + eckey = EVP_PKEY_get0_EC_KEY(key->csign); + if (!eckey) + return -1; + group = EC_KEY_get0_group(eckey); + if (!group) + return -1; + nid = EC_GROUP_get_curve_name(group); + curve = dpp_get_curve_nid(nid); + if (!curve) { + wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key"); + return -1; + } + eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key); + if (!eckey_pp) + return -1; + group_pp = EC_KEY_get0_group(eckey_pp); + if (!group_pp) + return -1; + if (EC_GROUP_get_curve_name(group) != + EC_GROUP_get_curve_name(group_pp)) { + wpa_printf(MSG_INFO, + "DPP: Mismatch in c-sign-key and ppKey groups"); + return -1; + } -static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl) -{ - struct dpp_connection *conn, *tmp; + conf = os_zalloc(sizeof(*conf)); + if (!conf) + return -1; + conf->curve = curve; + conf->csign = key->csign; + key->csign = NULL; + conf->pp_key = key->pp_key; + key->pp_key = NULL; + conf->own = 1; + if (dpp_configurator_gen_kid(conf) < 0) { + dpp_configurator_free(conf); + return -1; + } - dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, - list) - dpp_connection_remove(conn); - os_free(ctrl); + conf->id = dpp_next_configurator_id(dpp); + dl_list_add(&dpp->configurator, &conf->list); + return conf->id; } -static void dpp_relay_flush_controllers(struct dpp_global *dpp) +struct dpp_configurator * dpp_configurator_find_kid(struct dpp_global *dpp, + const u8 *kid) { - struct dpp_relay_controller *ctrl, *tmp; + struct dpp_configurator *conf; if (!dpp) - return; + return NULL; - dl_list_for_each_safe(ctrl, tmp, &dpp->controllers, - struct dpp_relay_controller, list) { - dl_list_del(&ctrl->list); - dpp_relay_controller_free(ctrl); + dl_list_for_each(conf, &dpp->configurator, + struct dpp_configurator, list) { + if (os_memcmp(conf->kid_hash, kid, SHA256_MAC_LEN) == 0) + return conf; } + return NULL; } #endif /* CONFIG_DPP2 */ @@ -8787,10 +4353,9 @@ struct dpp_global * dpp_global_init(struct dpp_global_config *config) dpp = os_zalloc(sizeof(*dpp)); if (!dpp) return NULL; - dpp->msg_ctx = config->msg_ctx; #ifdef CONFIG_DPP2 dpp->cb_ctx = config->cb_ctx; - dpp->process_conf_obj = config->process_conf_obj; + dpp->remove_bi = config->remove_bi; #endif /* CONFIG_DPP2 */ dl_list_init(&dpp->bootstrap); @@ -8828,1229 +4393,33 @@ void dpp_global_deinit(struct dpp_global *dpp) #ifdef CONFIG_DPP2 -static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx); -static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx); -static void dpp_controller_auth_success(struct dpp_connection *conn, - int initiator); - - -int dpp_relay_add_controller(struct dpp_global *dpp, - struct dpp_relay_config *config) -{ - struct dpp_relay_controller *ctrl; - - if (!dpp) - return -1; - - ctrl = os_zalloc(sizeof(*ctrl)); - if (!ctrl) - return -1; - dl_list_init(&ctrl->conn); - ctrl->global = dpp; - os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr)); - os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN); - ctrl->cb_ctx = config->cb_ctx; - ctrl->tx = config->tx; - ctrl->gas_resp_tx = config->gas_resp_tx; - dl_list_add(&dpp->controllers, &ctrl->list); - return 0; -} - - -static struct dpp_relay_controller * -dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash) -{ - struct dpp_relay_controller *ctrl; - - if (!dpp) - return NULL; - - dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, - list) { - if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0) - return ctrl; - } - - return NULL; -} - - -static void dpp_controller_gas_done(struct dpp_connection *conn) -{ - struct dpp_authentication *auth = conn->auth; - - if (auth->peer_version >= 2 && - auth->conf_resp_status == DPP_STATUS_OK) { - wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); - auth->waiting_conf_result = 1; - return; - } - - wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); - dpp_connection_remove(conn); -} - - -static int dpp_tcp_send(struct dpp_connection *conn) -{ - int res; - - if (!conn->msg_out) { - eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); - conn->write_eloop = 0; - return -1; - } - res = send(conn->sock, - wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos, - wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0); - if (res < 0) { - wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s", - strerror(errno)); - dpp_connection_remove(conn); - return -1; - } - - conn->msg_out_pos += res; - if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) { - wpa_printf(MSG_DEBUG, - "DPP: %u/%u bytes of message sent to Controller", - (unsigned int) conn->msg_out_pos, - (unsigned int) wpabuf_len(conn->msg_out)); - if (!conn->write_eloop && - eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, conn, NULL) == 0) - conn->write_eloop = 1; - return 1; - } - - wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP"); - wpabuf_free(conn->msg_out); - conn->msg_out = NULL; - conn->msg_out_pos = 0; - eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); - conn->write_eloop = 0; - if (!conn->read_eloop && - eloop_register_sock(conn->sock, EVENT_TYPE_READ, - dpp_controller_rx, conn, NULL) == 0) - conn->read_eloop = 1; - if (conn->on_tcp_tx_complete_remove) { - dpp_connection_remove(conn); - } else if (conn->ctrl && conn->on_tcp_tx_complete_gas_done && - conn->auth) { - dpp_controller_gas_done(conn); - } else if (conn->on_tcp_tx_complete_auth_ok) { - conn->on_tcp_tx_complete_auth_ok = 0; - dpp_controller_auth_success(conn, 1); - } - - return 0; -} - - -static void dpp_controller_start_gas_client(struct dpp_connection *conn) -{ - struct dpp_authentication *auth = conn->auth; - struct wpabuf *buf; - char json[100]; - int netrole_ap = 0; /* TODO: make this configurable */ - - os_snprintf(json, sizeof(json), - "{\"name\":\"Test\"," - "\"wi-fi_tech\":\"infra\"," - "\"netRole\":\"%s\"}", - netrole_ap ? "ap" : "sta"); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); - json[29] = 'k'; /* replace "infra" with "knfra" */ - } -#endif /* CONFIG_TESTING_OPTIONS */ - wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json); - - buf = dpp_build_conf_req(auth, json); - if (!buf) { - wpa_printf(MSG_DEBUG, - "DPP: No configuration request data available"); - return; - } - - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = wpabuf_alloc(4 + wpabuf_len(buf) - 1); - if (!conn->msg_out) { - wpabuf_free(buf); - return; - } - wpabuf_put_be32(conn->msg_out, wpabuf_len(buf) - 1); - wpabuf_put_data(conn->msg_out, wpabuf_head_u8(buf) + 1, - wpabuf_len(buf) - 1); - wpabuf_free(buf); - - if (dpp_tcp_send(conn) == 1) { - if (!conn->write_eloop) { - if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, - conn, NULL) < 0) - return; - conn->write_eloop = 1; - } - } -} - - -static void dpp_controller_auth_success(struct dpp_connection *conn, - int initiator) -{ - struct dpp_authentication *auth = conn->auth; - - if (!auth) - return; - - wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); - wpa_msg(conn->global->msg_ctx, MSG_INFO, - DPP_EVENT_AUTH_SUCCESS "init=%d", initiator); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { - wpa_printf(MSG_INFO, - "DPP: TESTING - stop at Authentication Confirm"); - if (auth->configurator) { - /* Prevent GAS response */ - auth->auth_success = 0; - } - return; - } -#endif /* CONFIG_TESTING_OPTIONS */ - - if (!auth->configurator) - dpp_controller_start_gas_client(conn); -} - - -static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx) -{ - struct dpp_connection *conn = eloop_ctx; - - wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock); - dpp_tcp_send(conn); -} - - -static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen, - const struct hostapd_ip_addr *ipaddr, - int port) -{ - struct sockaddr_in *dst; -#ifdef CONFIG_IPV6 - struct sockaddr_in6 *dst6; -#endif /* CONFIG_IPV6 */ - - switch (ipaddr->af) { - case AF_INET: - dst = (struct sockaddr_in *) addr; - os_memset(dst, 0, sizeof(*dst)); - dst->sin_family = AF_INET; - dst->sin_addr.s_addr = ipaddr->u.v4.s_addr; - dst->sin_port = htons(port); - *addrlen = sizeof(*dst); - break; -#ifdef CONFIG_IPV6 - case AF_INET6: - dst6 = (struct sockaddr_in6 *) addr; - os_memset(dst6, 0, sizeof(*dst6)); - dst6->sin6_family = AF_INET6; - os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6, - sizeof(struct in6_addr)); - dst6->sin6_port = htons(port); - *addrlen = sizeof(*dst6); - break; -#endif /* CONFIG_IPV6 */ - default: - return -1; - } - - return 0; -} - - -static struct dpp_connection * -dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, - unsigned int freq) -{ - struct dpp_connection *conn; - struct sockaddr_storage addr; - socklen_t addrlen; - char txt[100]; - - if (dl_list_len(&ctrl->conn) >= 15) { - wpa_printf(MSG_DEBUG, - "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one"); - return NULL; - } - - if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen, - &ctrl->ipaddr, DPP_TCP_PORT) < 0) - return NULL; - - conn = os_zalloc(sizeof(*conn)); - if (!conn) - return NULL; - - conn->global = ctrl->global; - conn->relay = ctrl; - os_memcpy(conn->mac_addr, src, ETH_ALEN); - conn->freq = freq; - - conn->sock = socket(AF_INET, SOCK_STREAM, 0); - if (conn->sock < 0) - goto fail; - wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s", - conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); - - if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { - wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", - strerror(errno)); - goto fail; - } - - if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) { - if (errno != EINPROGRESS) { - wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", - strerror(errno)); - goto fail; - } - - /* - * Continue connecting in the background; eloop will call us - * once the connection is ready (or failed). - */ - } - - if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, conn, NULL) < 0) - goto fail; - conn->write_eloop = 1; - - /* TODO: eloop timeout to clear a connection if it does not complete - * properly */ - - dl_list_add(&ctrl->conn, &conn->list); - return conn; -fail: - dpp_connection_free(conn); - return NULL; -} - - -static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len) +struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi) { struct wpabuf *msg; - msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len); - if (!msg) - return NULL; - wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len); - wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC); - wpabuf_put_data(msg, hdr, DPP_HDR_LEN); - wpabuf_put_data(msg, buf, len); - wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); - return msg; -} - - -static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr, - const u8 *buf, size_t len) -{ - u8 type = hdr[DPP_HDR_LEN - 1]; - - wpa_printf(MSG_DEBUG, - "DPP: Continue already established Relay/Controller connection for this session"); - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = dpp_tcp_encaps(hdr, buf, len); - if (!conn->msg_out) { - dpp_connection_remove(conn); - return -1; - } - - /* TODO: for proto ver 1, need to do remove connection based on GAS Resp - * TX status */ - if (type == DPP_PA_CONFIGURATION_RESULT) - conn->on_tcp_tx_complete_remove = 1; - dpp_tcp_send(conn); - return 0; -} - - -int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, - const u8 *buf, size_t len, unsigned int freq, - const u8 *i_bootstrap, const u8 *r_bootstrap) -{ - struct dpp_relay_controller *ctrl; - struct dpp_connection *conn; - u8 type = hdr[DPP_HDR_LEN - 1]; - - /* Check if there is an already started session for this peer and if so, - * continue that session (send this over TCP) and return 0. - */ - if (type != DPP_PA_PEER_DISCOVERY_REQ && - type != DPP_PA_PEER_DISCOVERY_RESP) { - dl_list_for_each(ctrl, &dpp->controllers, - struct dpp_relay_controller, list) { - dl_list_for_each(conn, &ctrl->conn, - struct dpp_connection, list) { - if (os_memcmp(src, conn->mac_addr, - ETH_ALEN) == 0) - return dpp_relay_tx(conn, hdr, buf, len); - } - } - } - - if (!r_bootstrap) - return -1; - - ctrl = dpp_relay_controller_get(dpp, r_bootstrap); - if (!ctrl) - return -1; - - wpa_printf(MSG_DEBUG, - "DPP: Authentication Request for a configured Controller"); - conn = dpp_relay_new_conn(ctrl, src, freq); - if (!conn) - return -1; - - conn->msg_out = dpp_tcp_encaps(hdr, buf, len); - if (!conn->msg_out) { - dpp_connection_remove(conn); - return -1; - } - /* Message will be sent in dpp_conn_tx_ready() */ - - return 0; -} - - -int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, - size_t data_len) -{ - struct dpp_relay_controller *ctrl; - struct dpp_connection *conn, *found = NULL; - struct wpabuf *msg; - - /* Check if there is a successfully completed authentication for this - * and if so, continue that session (send this over TCP) and return 0. - */ - dl_list_for_each(ctrl, &dpp->controllers, - struct dpp_relay_controller, list) { - if (found) - break; - dl_list_for_each(conn, &ctrl->conn, - struct dpp_connection, list) { - if (os_memcmp(src, conn->mac_addr, - ETH_ALEN) == 0) { - found = conn; - break; - } - } - } - - if (!found) - return -1; - - msg = wpabuf_alloc(4 + 1 + data_len); - if (!msg) - return -1; - wpabuf_put_be32(msg, 1 + data_len); - wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ); - wpabuf_put_data(msg, data, data_len); - wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); - - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = msg; - dpp_tcp_send(conn); - return 0; -} - - -static void dpp_controller_free(struct dpp_controller *ctrl) -{ - struct dpp_connection *conn, *tmp; - - if (!ctrl) - return; - - dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, - list) - dpp_connection_remove(conn); - - if (ctrl->sock >= 0) { - close(ctrl->sock); - eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ); - } - os_free(ctrl->configurator_params); - os_free(ctrl); -} - - -static int dpp_controller_rx_auth_req(struct dpp_connection *conn, - const u8 *hdr, const u8 *buf, size_t len) -{ - const u8 *r_bootstrap, *i_bootstrap; - u16 r_bootstrap_len, i_bootstrap_len; - struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; - - if (!conn->ctrl) - return 0; - - wpa_printf(MSG_DEBUG, "DPP: Authentication Request"); - - r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, - &r_bootstrap_len); - if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { - wpa_printf(MSG_INFO, - "Missing or invalid required Responder Bootstrapping Key Hash attribute"); - return -1; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", - r_bootstrap, r_bootstrap_len); - - i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, - &i_bootstrap_len); - if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { - wpa_printf(MSG_INFO, - "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); - return -1; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", - i_bootstrap, i_bootstrap_len); - - /* Try to find own and peer bootstrapping key matches based on the - * received hash values */ - dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap, - &own_bi, &peer_bi); - if (!own_bi) { - wpa_printf(MSG_INFO, - "No matching own bootstrapping key found - ignore message"); - return -1; - } - - if (conn->auth) { - wpa_printf(MSG_INFO, - "Already in DPP authentication exchange - ignore new one"); - return 0; - } - - conn->auth = dpp_auth_req_rx(conn->ctrl->global->msg_ctx, - conn->ctrl->allowed_roles, - conn->ctrl->qr_mutual, - peer_bi, own_bi, -1, hdr, buf, len); - if (!conn->auth) { - wpa_printf(MSG_DEBUG, "DPP: No response generated"); - return -1; - } - - if (dpp_set_configurator(conn->ctrl->global, conn->ctrl->global->msg_ctx, - conn->auth, - conn->ctrl->configurator_params) < 0) { - dpp_connection_remove(conn); - return -1; - } - - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = wpabuf_alloc(4 + wpabuf_len(conn->auth->resp_msg) - 1); - if (!conn->msg_out) - return -1; - wpabuf_put_be32(conn->msg_out, wpabuf_len(conn->auth->resp_msg) - 1); - wpabuf_put_data(conn->msg_out, wpabuf_head_u8(conn->auth->resp_msg) + 1, - wpabuf_len(conn->auth->resp_msg) - 1); - - if (dpp_tcp_send(conn) == 1) { - if (!conn->write_eloop) { - if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, - conn, NULL) < 0) - return -1; - conn->write_eloop = 1; - } - } - - return 0; -} - - -static int dpp_controller_rx_auth_resp(struct dpp_connection *conn, - const u8 *hdr, const u8 *buf, size_t len) -{ - struct dpp_authentication *auth = conn->auth; - struct wpabuf *msg; - - if (!auth) - return -1; - - wpa_printf(MSG_DEBUG, "DPP: Authentication Response"); - - msg = dpp_auth_resp_rx(auth, hdr, buf, len); - if (!msg) { - if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { - wpa_printf(MSG_DEBUG, - "DPP: Start wait for full response"); - return -1; - } - wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); - dpp_connection_remove(conn); - return -1; - } - - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1); - if (!conn->msg_out) { - wpabuf_free(msg); - return -1; - } - wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1); - wpabuf_put_data(conn->msg_out, wpabuf_head_u8(msg) + 1, - wpabuf_len(msg) - 1); - wpabuf_free(msg); - - conn->on_tcp_tx_complete_auth_ok = 1; - if (dpp_tcp_send(conn) == 1) { - if (!conn->write_eloop) { - if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, - conn, NULL) < 0) - return -1; - conn->write_eloop = 1; - } - } - - return 0; -} - - -static int dpp_controller_rx_auth_conf(struct dpp_connection *conn, - const u8 *hdr, const u8 *buf, size_t len) -{ - struct dpp_authentication *auth = conn->auth; - - wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation"); - - if (!auth) { - wpa_printf(MSG_DEBUG, - "DPP: No DPP Authentication in progress - drop"); - return -1; - } - - if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { - wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); - return -1; - } - - dpp_controller_auth_success(conn, 0); - return 0; -} - - -static int dpp_controller_rx_conf_result(struct dpp_connection *conn, - const u8 *hdr, const u8 *buf, - size_t len) -{ - struct dpp_authentication *auth = conn->auth; - enum dpp_status_error status; - - if (!conn->ctrl) - return 0; - - wpa_printf(MSG_DEBUG, "DPP: Configuration Result"); - - if (!auth || !auth->waiting_conf_result) { - wpa_printf(MSG_DEBUG, - "DPP: No DPP Configuration waiting for result - drop"); - return -1; - } - - status = dpp_conf_result_rx(auth, hdr, buf, len); - if (status == DPP_STATUS_OK) - wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, - DPP_EVENT_CONF_SENT); - else - wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, - DPP_EVENT_CONF_FAILED); - return -1; /* to remove the completed connection */ -} - - -static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg, - size_t len) -{ - const u8 *pos, *end; - u8 type; - - wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP"); - pos = msg; - end = msg + len; - - if (end - pos < DPP_HDR_LEN || - WPA_GET_BE24(pos) != OUI_WFA || - pos[3] != DPP_OUI_TYPE) { - wpa_printf(MSG_DEBUG, "DPP: Unrecognized header"); - return -1; - } - - if (pos[4] != 1) { - wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u", - pos[4]); - return -1; - } - type = pos[5]; - wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type); - pos += DPP_HDR_LEN; - - wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", - pos, end - pos); - if (dpp_check_attrs(pos, end - pos) < 0) - return -1; - - if (conn->relay) { - wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); - conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr, - conn->freq, msg, len); - return 0; - } - - switch (type) { - case DPP_PA_AUTHENTICATION_REQ: - return dpp_controller_rx_auth_req(conn, msg, pos, end - pos); - case DPP_PA_AUTHENTICATION_RESP: - return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos); - case DPP_PA_AUTHENTICATION_CONF: - return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos); - case DPP_PA_CONFIGURATION_RESULT: - return dpp_controller_rx_conf_result(conn, msg, pos, end - pos); - default: - /* TODO: missing messages types */ - wpa_printf(MSG_DEBUG, - "DPP: Unsupported frame subtype %d", type); - return -1; - } -} - - -static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg, - size_t len) -{ - const u8 *pos, *end, *next; - u8 dialog_token; - const u8 *adv_proto; - u16 slen; - struct wpabuf *resp, *buf; - struct dpp_authentication *auth = conn->auth; - - if (len < 1 + 2) - return -1; - - wpa_printf(MSG_DEBUG, - "DPP: Received DPP Configuration Request over TCP"); - - if (!conn->ctrl || !auth || !auth->auth_success) { - wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); - return -1; - } - - pos = msg; - end = msg + len; - - dialog_token = *pos++; - adv_proto = pos++; - slen = *pos++; - if (*adv_proto != WLAN_EID_ADV_PROTO || - slen > end - pos || slen < 2) - return -1; - - next = pos + slen; - pos++; /* skip QueryRespLenLimit and PAME-BI */ - - if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || - pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || - pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) - return -1; - - pos = next; - /* Query Request */ - if (end - pos < 2) - return -1; - slen = WPA_GET_LE16(pos); - pos += 2; - if (slen > end - pos) - return -1; - - resp = dpp_conf_req_rx(auth, pos, slen); - if (!resp) - return -1; - - buf = wpabuf_alloc(4 + 18 + wpabuf_len(resp)); - if (!buf) { - wpabuf_free(resp); - return -1; - } - - wpabuf_put_be32(buf, 18 + wpabuf_len(resp)); - - wpabuf_put_u8(buf, WLAN_PA_GAS_INITIAL_RESP); - wpabuf_put_u8(buf, dialog_token); - wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); - wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */ - - dpp_write_adv_proto(buf); - dpp_write_gas_query(buf, resp); - wpabuf_free(resp); - - /* Send Config Response over TCP; GAS fragmentation is taken care of by - * the Relay */ - wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = buf; - conn->on_tcp_tx_complete_gas_done = 1; - dpp_tcp_send(conn); - return 0; -} - - -static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp) -{ - struct dpp_authentication *auth = conn->auth; - int res; - struct wpabuf *msg, *encaps; - enum dpp_status_error status; - - wpa_printf(MSG_DEBUG, - "DPP: Configuration Response for local stack from TCP"); - - res = dpp_conf_resp_rx(auth, resp); - wpabuf_free(resp); - if (res < 0) { - wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); - return -1; - } - - if (conn->global->process_conf_obj) - res = conn->global->process_conf_obj(conn->global->cb_ctx, - auth); - else - res = 0; + wpa_printf(MSG_DEBUG, "DPP: Build Presence Announcement frame"); - if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK) - return -1; - - wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); - status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK; - msg = dpp_build_conf_result(auth, status); + msg = dpp_alloc_msg(DPP_PA_PRESENCE_ANNOUNCEMENT, 4 + SHA256_MAC_LEN); if (!msg) - return -1; - - encaps = wpabuf_alloc(4 + wpabuf_len(msg) - 1); - if (!encaps) { - wpabuf_free(msg); - return -1; - } - wpabuf_put_be32(encaps, wpabuf_len(msg) - 1); - wpabuf_put_data(encaps, wpabuf_head_u8(msg) + 1, wpabuf_len(msg) - 1); - wpabuf_free(msg); - wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", encaps); - - wpabuf_free(conn->msg_out); - conn->msg_out_pos = 0; - conn->msg_out = encaps; - conn->on_tcp_tx_complete_remove = 1; - dpp_tcp_send(conn); - - /* This exchange will be terminated in the TX status handler */ - - return 0; -} - - -static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg, - size_t len) -{ - struct wpabuf *buf; - u8 dialog_token; - const u8 *pos, *end, *next, *adv_proto; - u16 status, slen; - - if (len < 5 + 2) - return -1; - - wpa_printf(MSG_DEBUG, - "DPP: Received DPP Configuration Response over TCP"); - - pos = msg; - end = msg + len; - - dialog_token = *pos++; - status = WPA_GET_LE16(pos); - if (status != WLAN_STATUS_SUCCESS) { - wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status); - return -1; - } - pos += 2; - pos += 2; /* ignore GAS Comeback Delay */ - - adv_proto = pos++; - slen = *pos++; - if (*adv_proto != WLAN_EID_ADV_PROTO || - slen > end - pos || slen < 2) - return -1; - - next = pos + slen; - pos++; /* skip QueryRespLenLimit and PAME-BI */ - - if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || - pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || - pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) - return -1; - - pos = next; - /* Query Response */ - if (end - pos < 2) - return -1; - slen = WPA_GET_LE16(pos); - pos += 2; - if (slen > end - pos) - return -1; - - buf = wpabuf_alloc(slen); - if (!buf) - return -1; - wpabuf_put_data(buf, pos, slen); - - if (!conn->relay && !conn->ctrl) - return dpp_tcp_rx_gas_resp(conn, buf); - - if (!conn->relay) { - wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); - wpabuf_free(buf); - return -1; - } - wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); - conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr, - dialog_token, 0, buf); - - return 0; -} - - -static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx) -{ - struct dpp_connection *conn = eloop_ctx; - int res; - const u8 *pos; - - wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)", - sd); - - if (conn->msg_len_octets < 4) { - u32 msglen; - - res = recv(sd, &conn->msg_len[conn->msg_len_octets], - 4 - conn->msg_len_octets, 0); - if (res < 0) { - wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", - strerror(errno)); - dpp_connection_remove(conn); - return; - } - if (res == 0) { - wpa_printf(MSG_DEBUG, - "DPP: No more data available over TCP"); - dpp_connection_remove(conn); - return; - } - wpa_printf(MSG_DEBUG, - "DPP: Received %d/%d octet(s) of message length field", - res, (int) (4 - conn->msg_len_octets)); - conn->msg_len_octets += res; - - if (conn->msg_len_octets < 4) { - wpa_printf(MSG_DEBUG, - "DPP: Need %d more octets of message length field", - (int) (4 - conn->msg_len_octets)); - return; - } - - msglen = WPA_GET_BE32(conn->msg_len); - wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen); - if (msglen > 65535) { - wpa_printf(MSG_INFO, "DPP: Unexpectedly long message"); - dpp_connection_remove(conn); - return; - } - - wpabuf_free(conn->msg); - conn->msg = wpabuf_alloc(msglen); - } - - if (!conn->msg) { - wpa_printf(MSG_DEBUG, - "DPP: No buffer available for receiving the message"); - dpp_connection_remove(conn); - return; - } - - wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload", - (unsigned int) wpabuf_tailroom(conn->msg)); - - res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0); - if (res < 0) { - wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno)); - dpp_connection_remove(conn); - return; - } - if (res == 0) { - wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP"); - dpp_connection_remove(conn); - return; - } - wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res); - wpabuf_put(conn->msg, res); - - if (wpabuf_tailroom(conn->msg) > 0) { - wpa_printf(MSG_DEBUG, - "DPP: Need %u more octets of message payload", - (unsigned int) wpabuf_tailroom(conn->msg)); - return; - } - - conn->msg_len_octets = 0; - wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg); - if (wpabuf_len(conn->msg) < 1) { - dpp_connection_remove(conn); - return; - } - - pos = wpabuf_head(conn->msg); - switch (*pos) { - case WLAN_PA_VENDOR_SPECIFIC: - if (dpp_controller_rx_action(conn, pos + 1, - wpabuf_len(conn->msg) - 1) < 0) - dpp_connection_remove(conn); - break; - case WLAN_PA_GAS_INITIAL_REQ: - if (dpp_controller_rx_gas_req(conn, pos + 1, - wpabuf_len(conn->msg) - 1) < 0) - dpp_connection_remove(conn); - break; - case WLAN_PA_GAS_INITIAL_RESP: - if (dpp_rx_gas_resp(conn, pos + 1, - wpabuf_len(conn->msg) - 1) < 0) - dpp_connection_remove(conn); - break; - default: - wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u", - *pos); - break; - } -} - - -static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx) -{ - struct dpp_controller *ctrl = eloop_ctx; - struct sockaddr_in addr; - socklen_t addr_len = sizeof(addr); - int fd; - struct dpp_connection *conn; - - wpa_printf(MSG_DEBUG, "DPP: New TCP connection"); - - fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len); - if (fd < 0) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to accept new connection: %s", - strerror(errno)); - return; - } - wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", - inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); - - conn = os_zalloc(sizeof(*conn)); - if (!conn) - goto fail; - - conn->global = ctrl->global; - conn->ctrl = ctrl; - conn->sock = fd; - - if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { - wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", - strerror(errno)); - goto fail; - } - - if (eloop_register_sock(conn->sock, EVENT_TYPE_READ, - dpp_controller_rx, conn, NULL) < 0) - goto fail; - conn->read_eloop = 1; - - /* TODO: eloop timeout to expire connections that do not complete in - * reasonable time */ - dl_list_add(&ctrl->conn, &conn->list); - return; - -fail: - close(fd); - os_free(conn); -} - - -int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, - const struct hostapd_ip_addr *addr, int port) -{ - struct dpp_connection *conn; - struct sockaddr_storage saddr; - socklen_t addrlen; - const u8 *hdr, *pos, *end; - char txt[100]; - - wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d", - hostapd_ip_txt(addr, txt, sizeof(txt)), port); - if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen, - addr, port) < 0) { - dpp_auth_deinit(auth); - return -1; - } - - conn = os_zalloc(sizeof(*conn)); - if (!conn) { - dpp_auth_deinit(auth); - return -1; - } - - conn->global = dpp; - conn->auth = auth; - conn->sock = socket(AF_INET, SOCK_STREAM, 0); - if (conn->sock < 0) - goto fail; - - if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { - wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", - strerror(errno)); - goto fail; - } - - if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { - if (errno != EINPROGRESS) { - wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", - strerror(errno)); - goto fail; - } - - /* - * Continue connecting in the background; eloop will call us - * once the connection is ready (or failed). - */ - } - - if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, - dpp_conn_tx_ready, conn, NULL) < 0) - goto fail; - conn->write_eloop = 1; - - hdr = wpabuf_head(auth->req_msg); - end = hdr + wpabuf_len(auth->req_msg); - hdr += 2; /* skip Category and Actiom */ - pos = hdr + DPP_HDR_LEN; - conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos); - if (!conn->msg_out) - goto fail; - /* Message will be sent in dpp_conn_tx_ready() */ + return NULL; - /* TODO: eloop timeout to clear a connection if it does not complete - * properly */ - dl_list_add(&dpp->tcp_init, &conn->list); - return 0; -fail: - dpp_connection_free(conn); - return -1; + /* Responder Bootstrapping Key Hash */ + dpp_build_attr_r_bootstrap_key_hash(msg, bi->pubkey_hash_chirp); + wpa_hexdump_buf(MSG_DEBUG, + "DPP: Presence Announcement frame attributes", msg); + return msg; } -int dpp_controller_start(struct dpp_global *dpp, - struct dpp_controller_config *config) +void dpp_notify_chirp_received(void *msg_ctx, int id, const u8 *src, + unsigned int freq, const u8 *hash) { - struct dpp_controller *ctrl; - int on = 1; - struct sockaddr_in sin; - int port; - - if (!dpp || dpp->controller) - return -1; - - ctrl = os_zalloc(sizeof(*ctrl)); - if (!ctrl) - return -1; - ctrl->global = dpp; - if (config->configurator_params) - ctrl->configurator_params = - os_strdup(config->configurator_params); - dl_list_init(&ctrl->conn); - /* TODO: configure these somehow */ - ctrl->allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR; - ctrl->qr_mutual = 0; - - ctrl->sock = socket(AF_INET, SOCK_STREAM, 0); - if (ctrl->sock < 0) - goto fail; - - if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)) < 0) { - wpa_printf(MSG_DEBUG, - "DPP: setsockopt(SO_REUSEADDR) failed: %s", - strerror(errno)); - /* try to continue anyway */ - } - - if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) { - wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s", - strerror(errno)); - goto fail; - } + char hex[SHA256_MAC_LEN * 2 + 1]; - /* TODO: IPv6 */ - os_memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; - port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT; - sin.sin_port = htons(port); - if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - wpa_printf(MSG_INFO, - "DPP: Failed to bind Controller TCP port: %s", - strerror(errno)); - goto fail; - } - if (listen(ctrl->sock, 10 /* max backlog */) < 0 || - fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 || - eloop_register_sock(ctrl->sock, EVENT_TYPE_READ, - dpp_controller_tcp_cb, ctrl, NULL)) - goto fail; - - dpp->controller = ctrl; - wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port); - return 0; -fail: - dpp_controller_free(ctrl); - return -1; -} - - -void dpp_controller_stop(struct dpp_global *dpp) -{ - if (dpp) { - dpp_controller_free(dpp->controller); - dpp->controller = NULL; - } + wpa_snprintf_hex(hex, sizeof(hex), hash, SHA256_MAC_LEN); + wpa_msg(msg_ctx, MSG_INFO, + DPP_EVENT_CHIRP_RX "id=%d src=" MACSTR " freq=%u hash=%s", + id, MAC2STR(src), freq, hex); } #endif /* CONFIG_DPP2 */ |