Lines Matching refs:auth
42 static void dpp_auth_success(struct dpp_authentication *auth)
46 os_memset(auth->Mx, 0, sizeof(auth->Mx));
47 auth->Mx_len = 0;
48 os_memset(auth->Nx, 0, sizeof(auth->Nx));
49 auth->Nx_len = 0;
50 os_memset(auth->Lx, 0, sizeof(auth->Lx));
51 auth->Lx_len = 0;
52 os_memset(auth->k1, 0, sizeof(auth->k1));
53 os_memset(auth->k2, 0, sizeof(auth->k2));
55 auth->auth_success = 1;
59 static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,
154 os_memcpy(pos, auth->i_nonce, nonce_len - 1);
165 os_memcpy(pos, auth->i_nonce, nonce_len);
181 auth->i_capab = auth->allowed_roles;
182 *pos++ = auth->i_capab;
205 if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
233 static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
253 auth->waiting_auth_conf = 1;
254 auth->auth_resp_status = status;
255 auth->auth_resp_tries = 0;
292 if (auth->peer_version >= 2) {
308 /* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */
349 auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR :
351 *pos++ = auth->r_capab;
359 if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) ==
363 pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :
370 /* {R-auth}ke */
391 if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,
418 static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
434 if (!auth->own_bi)
441 os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);
443 nonce_len = auth->curve->nonce_len;
444 if (random_get_bytes(auth->r_nonce, nonce_len)) {
451 nonce_len = auth->curve->nonce_len;
452 if (random_get_bytes(auth->r_nonce, nonce_len)) {
457 wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
459 crypto_ec_key_deinit(auth->own_protocol_key);
466 auth->own_protocol_key = dpp_set_keypair(
470 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
473 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
475 if (!auth->own_protocol_key)
478 pr = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);
483 if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key,
484 auth->Nx, &secret_len) < 0)
488 auth->Nx, auth->secret_len);
489 auth->Nx_len = auth->secret_len;
491 if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
492 auth->curve->hash_len) < 0)
495 if (auth->own_bi && auth->peer_bi) {
497 if (dpp_auth_derive_l_responder(auth) < 0)
501 if (dpp_derive_bk_ke(auth) < 0)
504 /* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
506 WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);
507 if (dpp_gen_r_auth(auth, r_auth + 4) < 0)
511 wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch");
512 r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
515 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
516 r_auth, 4 + auth->curve->hash_len,
519 wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;
520 wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke",
524 r_pubkey_hash = auth->own_bi->pubkey_hash;
525 if (auth->peer_bi)
526 i_pubkey_hash = auth->peer_bi->pubkey_hash;
530 i_nonce = auth->i_nonce;
531 r_nonce = auth->r_nonce;
564 pr = wpabuf_alloc(2 * auth->curve->prime_len);
565 if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)
586 msg = dpp_auth_build_resp(auth, status, pr, nonce_len,
590 auth->k2);
593 wpabuf_free(auth->resp_msg);
594 auth->resp_msg = msg;
602 static int dpp_auth_build_resp_status(struct dpp_authentication *auth,
611 if (!auth->own_bi)
615 r_pubkey_hash = auth->own_bi->pubkey_hash;
616 if (auth->peer_bi)
617 i_pubkey_hash = auth->peer_bi->pubkey_hash;
621 i_nonce = auth->i_nonce;
656 msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,
658 NULL, i_nonce, NULL, 0, auth->k1);
661 wpabuf_free(auth->resp_msg);
662 auth->resp_msg = msg;
684 struct dpp_authentication *auth = NULL;
709 auth = dpp_alloc_auth(dpp, msg_ctx);
710 if (!auth)
713 dpp_set_configurator(auth, peer_bi->configurator_params) < 0)
715 auth->peer_bi = peer_bi;
716 auth->own_bi = own_bi;
717 auth->curve = own_bi->curve;
718 auth->curr_freq = freq;
720 auth->peer_version = 1; /* default to the first version */
726 dpp_auth_fail(auth,
730 auth->peer_version = version[0];
732 auth->peer_version);
742 dpp_auth_fail(auth, "Too short Channel attribute");
751 dpp_auth_fail(auth,
756 if (auth->curr_freq != (unsigned int) neg_freq) {
760 auth->curr_freq = neg_freq;
767 dpp_auth_fail(auth,
777 dpp_auth_fail(auth, "Invalid Initiator Protocol Key");
782 if (dpp_ecdh(own_bi->pubkey, pi, auth->Mx, &secret_len) < 0)
784 auth->secret_len = secret_len;
787 auth->Mx, auth->secret_len);
788 auth->Mx_len = auth->secret_len;
790 if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
791 auth->curve->hash_len) < 0)
806 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
809 dpp_auth_fail(auth, "AES-SIV decryption failed");
816 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
822 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
823 dpp_auth_fail(auth, "Missing or invalid I-nonce");
827 os_memcpy(auth->i_nonce, i_nonce, i_nonce_len);
833 dpp_auth_fail(auth, "Missing or invalid I-capabilities");
836 auth->i_capab = i_capab[0];
837 wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab);
842 switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) {
850 auth->configurator = 1;
859 auth->configurator = 0;
864 auth->configurator = 0;
867 auth->configurator = 1;
876 wpa_msg(auth->msg_ctx, MSG_INFO,
878 auth->i_capab & DPP_CAPAB_ROLE_MASK);
882 auth->peer_protocol_key = pi;
889 if (dpp_auth_build_resp_status(auth,
896 auth->response_pending = 1;
897 os_memcpy(auth->waiting_pubkey_hash,
905 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE
907 return auth;
909 if (dpp_auth_build_resp_ok(auth) < 0)
912 return auth;
915 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
916 "i-capab=0x%02x", auth->i_capab);
918 auth->configurator = 1;
920 auth->configurator = 0;
921 auth->peer_protocol_key = pi;
923 if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0)
926 auth->remove_on_tx_status = 1;
927 return auth;
931 dpp_auth_deinit(auth);
936 int dpp_notify_new_qr_code(struct dpp_authentication *auth,
939 if (!auth || !auth->response_pending ||
940 os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash,
946 MACSTR, MAC2STR(auth->peer_mac_addr));
947 auth->peer_bi = peer_bi;
949 if (dpp_auth_build_resp_ok(auth) < 0)
956 static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth,
976 i_auth_len = 4 + auth->curve->hash_len;
977 r_nonce_len = 4 + auth->curve->nonce_len;
991 r_pubkey_hash = auth->peer_bi->pubkey_hash;
992 if (auth->own_bi)
993 i_pubkey_hash = auth->own_bi->pubkey_hash;
1064 /* I-auth wrapped with ke */
1074 /* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |]
1077 WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);
1078 if (dpp_gen_i_auth(auth, i_auth + 4) < 0)
1083 wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch");
1084 i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
1088 if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
1092 wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke",
1101 WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);
1102 os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);
1104 if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,
1124 dpp_auth_success(auth);
1134 static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth)
1138 if (auth->own_bi)
1145 if (dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0) < 0 ||
1152 auth->tmp_own_bi = auth->own_bi = bi;
1169 struct dpp_authentication *auth;
1178 auth = dpp_alloc_auth(dpp, msg_ctx);
1179 if (!auth)
1182 dpp_set_configurator(auth, peer_bi->configurator_params) < 0)
1184 auth->initiator = 1;
1185 auth->waiting_auth_resp = 1;
1186 auth->allowed_roles = dpp_allowed_roles;
1187 auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR);
1188 auth->peer_bi = peer_bi;
1189 auth->own_bi = own_bi;
1190 auth->curve = peer_bi->curve;
1192 if (dpp_autogen_bootstrap_key(auth) < 0 ||
1193 dpp_prepare_channel_list(auth, neg_freq, own_modes, num_modes) < 0)
1200 os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);
1202 nonce_len = auth->curve->nonce_len;
1203 if (random_get_bytes(auth->i_nonce, nonce_len)) {
1210 nonce_len = auth->curve->nonce_len;
1211 if (random_get_bytes(auth->i_nonce, nonce_len)) {
1216 wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
1224 auth->own_protocol_key = dpp_set_keypair(
1228 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
1231 auth->own_protocol_key = dpp_gen_keypair(auth->curve);
1233 if (!auth->own_protocol_key)
1236 pi = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);
1241 if (dpp_ecdh(auth->own_protocol_key, auth->peer_bi->pubkey,
1242 auth->Mx, &secret_len) < 0)
1244 auth->secret_len = secret_len;
1247 auth->Mx, auth->secret_len);
1248 auth->Mx_len = auth->secret_len;
1250 if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
1251 auth->curve->hash_len) < 0)
1254 r_pubkey_hash = auth->peer_bi->pubkey_hash;
1255 i_pubkey_hash = auth->own_bi->pubkey_hash;
1283 pi = wpabuf_alloc(2 * auth->curve->prime_len);
1284 if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)
1289 if (neg_freq && auth->num_freq == 1 && auth->freq[0] == neg_freq)
1291 auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash,
1293 if (!auth->req_msg)
1298 return auth;
1300 dpp_auth_deinit(auth);
1301 auth = NULL;
1305 dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,
1327 dpp_auth_fail(auth, "Responder reported failure");
1343 if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
1346 dpp_auth_fail(auth, "AES-SIV decryption failed");
1353 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
1359 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
1360 dpp_auth_fail(auth, "Missing or invalid I-nonce");
1364 if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
1365 dpp_auth_fail(auth, "I-nonce mismatch");
1373 dpp_auth_fail(auth, "Missing or invalid R-capabilities");
1376 auth->r_capab = r_capab[0];
1377 wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
1379 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
1380 "r-capab=0x%02x", auth->r_capab);
1382 u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
1384 if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
1385 (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
1386 wpa_msg(auth->msg_ctx, MSG_INFO,
1392 wpa_msg(auth->msg_ctx, MSG_INFO,
1394 auth->tmp_own_bi ? auth->tmp_own_bi->uri : "");
1403 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
1432 if (!auth->initiator || !auth->peer_bi || auth->reconfig) {
1433 dpp_auth_fail(auth, "Unexpected Authentication Response");
1437 auth->waiting_auth_resp = 0;
1442 dpp_auth_fail(auth,
1455 dpp_auth_fail(auth,
1461 if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash,
1463 dpp_auth_fail(auth,
1467 auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
1476 dpp_auth_fail(auth,
1483 if (!auth->own_bi ||
1484 os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash,
1486 dpp_auth_fail(auth,
1490 } else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) {
1492 dpp_auth_fail(auth,
1495 } else if (auth->own_bi &&
1496 auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
1497 auth->own_bi->nfc_negotiated) {
1500 dpp_auth_fail(auth,
1505 auth->peer_version = 1; /* default to the first version */
1511 dpp_auth_fail(auth,
1515 auth->peer_version = version[0];
1517 auth->peer_version);
1524 dpp_auth_fail(auth,
1529 auth->auth_resp_status = status[0];
1531 dpp_auth_resp_rx_status(auth, hdr, attr_start,
1537 if (!i_bootstrap && auth->own_bi) {
1540 auth->own_bi = NULL;
1543 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_DIRECTION "mutual=%d",
1544 auth->own_bi != NULL);
1549 dpp_auth_fail(auth,
1557 pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len);
1559 dpp_auth_fail(auth, "Invalid Responder Protocol Key");
1564 if (dpp_ecdh(auth->own_protocol_key, pr, auth->Nx, &secret_len) < 0) {
1565 dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
1568 crypto_ec_key_deinit(auth->peer_protocol_key);
1569 auth->peer_protocol_key = pr;
1573 auth->Nx, auth->secret_len);
1574 auth->Nx_len = auth->secret_len;
1576 if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
1577 auth->curve->hash_len) < 0)
1592 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
1595 dpp_auth_fail(auth, "AES-SIV decryption failed");
1602 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
1608 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
1609 dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
1613 os_memcpy(auth->r_nonce, r_nonce, r_nonce_len);
1617 if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
1618 dpp_auth_fail(auth, "Missing or invalid I-nonce");
1622 if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
1623 dpp_auth_fail(auth, "I-nonce mismatch");
1627 if (auth->own_bi) {
1629 if (dpp_auth_derive_l_initiator(auth) < 0)
1637 dpp_auth_fail(auth, "Missing or invalid R-capabilities");
1640 auth->r_capab = r_capab[0];
1641 wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
1642 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
1643 if ((auth->allowed_roles ==
1648 auth->configurator = role == DPP_CAPAB_ENROLLEE;
1650 auth->configurator ? "Configurator" : "Enrollee");
1651 } else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
1652 (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
1654 wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1661 auth->remove_on_tx_status = 1;
1662 return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE);
1668 dpp_auth_fail(auth,
1676 if (dpp_derive_bk_ke(auth) < 0)
1683 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
1686 dpp_auth_fail(auth, "AES-SIV decryption failed");
1693 dpp_auth_fail(auth,
1700 if (!r_auth || r_auth_len != auth->curve->hash_len) {
1701 dpp_auth_fail(auth,
1707 /* R-auth' = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
1708 if (dpp_gen_r_auth(auth, r_auth2) < 0)
1713 dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag");
1716 auth->remove_on_tx_status = 1;
1717 return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE);
1727 if (dpp_auth_build_resp_ok(auth) < 0)
1729 return wpabuf_dup(auth->resp_msg);
1733 return dpp_auth_build_conf(auth, DPP_STATUS_OK);
1743 static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth,
1771 dpp_auth_fail(auth, "Authentication failed");
1774 if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
1777 dpp_auth_fail(auth, "AES-SIV decryption failed");
1784 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
1790 if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
1791 dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
1794 if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) {
1798 auth->r_nonce, r_nonce_len);
1799 dpp_auth_fail(auth, "R-nonce mismatch");
1804 dpp_auth_fail(auth, "Peer reported incompatible R-capab role");
1806 dpp_auth_fail(auth, "Peer reported authentication failure)");
1814 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
1834 if (auth->initiator || !auth->own_bi || !auth->waiting_auth_conf ||
1835 auth->reconfig) {
1838 auth->initiator, !!auth->own_bi,
1839 auth->waiting_auth_conf);
1840 dpp_auth_fail(auth, "Unexpected Authentication Confirm");
1844 auth->waiting_auth_conf = 0;
1849 dpp_auth_fail(auth,
1862 dpp_auth_fail(auth,
1868 if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash,
1872 auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
1873 dpp_auth_fail(auth,
1883 dpp_auth_fail(auth,
1890 if (!auth->peer_bi ||
1891 os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash,
1893 dpp_auth_fail(auth,
1897 } else if (auth->peer_bi) {
1900 dpp_auth_fail(auth,
1908 dpp_auth_fail(auth,
1915 return dpp_auth_conf_rx_failure(auth, hdr, attr_start,
1920 dpp_auth_fail(auth, "Authentication failed");
1936 if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
1939 dpp_auth_fail(auth, "AES-SIV decryption failed");
1946 dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
1952 if (!i_auth || i_auth_len != auth->curve->hash_len) {
1953 dpp_auth_fail(auth,
1959 /* I-auth' = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
1960 if (dpp_gen_i_auth(auth, i_auth2) < 0)
1965 dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag");
1970 dpp_auth_success(auth);