dpp.h revision 351611 
1/*
2 * DPP functionality shared between hostapd and wpa_supplicant
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2019, The Linux Foundation
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10#ifndef DPP_H
11#define DPP_H
12
13#ifdef CONFIG_DPP
14#include <openssl/x509.h>
15
16#include "utils/list.h"
17#include "common/wpa_common.h"
18#include "crypto/sha256.h"
19
20struct crypto_ecdh;
21struct hostapd_ip_addr;
22struct dpp_global;
23
24#define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */
25#define DPP_TCP_PORT 7871
26
27enum dpp_public_action_frame_type {
28	DPP_PA_AUTHENTICATION_REQ = 0,
29	DPP_PA_AUTHENTICATION_RESP = 1,
30	DPP_PA_AUTHENTICATION_CONF = 2,
31	DPP_PA_PEER_DISCOVERY_REQ = 5,
32	DPP_PA_PEER_DISCOVERY_RESP = 6,
33	DPP_PA_PKEX_EXCHANGE_REQ = 7,
34	DPP_PA_PKEX_EXCHANGE_RESP = 8,
35	DPP_PA_PKEX_COMMIT_REVEAL_REQ = 9,
36	DPP_PA_PKEX_COMMIT_REVEAL_RESP = 10,
37	DPP_PA_CONFIGURATION_RESULT = 11,
38};
39
40enum dpp_attribute_id {
41	DPP_ATTR_STATUS = 0x1000,
42	DPP_ATTR_I_BOOTSTRAP_KEY_HASH = 0x1001,
43	DPP_ATTR_R_BOOTSTRAP_KEY_HASH = 0x1002,
44	DPP_ATTR_I_PROTOCOL_KEY = 0x1003,
45	DPP_ATTR_WRAPPED_DATA = 0x1004,
46	DPP_ATTR_I_NONCE = 0x1005,
47	DPP_ATTR_I_CAPABILITIES = 0x1006,
48	DPP_ATTR_R_NONCE = 0x1007,
49	DPP_ATTR_R_CAPABILITIES = 0x1008,
50	DPP_ATTR_R_PROTOCOL_KEY = 0x1009,
51	DPP_ATTR_I_AUTH_TAG = 0x100A,
52	DPP_ATTR_R_AUTH_TAG = 0x100B,
53	DPP_ATTR_CONFIG_OBJ = 0x100C,
54	DPP_ATTR_CONNECTOR = 0x100D,
55	DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E,
56	DPP_ATTR_BOOTSTRAP_KEY = 0x100F,
57	DPP_ATTR_OWN_NET_NK_HASH = 0x1011,
58	DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012,
59	DPP_ATTR_ENCRYPTED_KEY = 0x1013,
60	DPP_ATTR_ENROLLEE_NONCE = 0x1014,
61	DPP_ATTR_CODE_IDENTIFIER = 0x1015,
62	DPP_ATTR_TRANSACTION_ID = 0x1016,
63	DPP_ATTR_BOOTSTRAP_INFO = 0x1017,
64	DPP_ATTR_CHANNEL = 0x1018,
65	DPP_ATTR_PROTOCOL_VERSION = 0x1019,
66	DPP_ATTR_ENVELOPED_DATA = 0x101A,
67};
68
69enum dpp_status_error {
70	DPP_STATUS_OK = 0,
71	DPP_STATUS_NOT_COMPATIBLE = 1,
72	DPP_STATUS_AUTH_FAILURE = 2,
73	DPP_STATUS_UNWRAP_FAILURE = 3,
74	DPP_STATUS_BAD_GROUP = 4,
75	DPP_STATUS_CONFIGURE_FAILURE = 5,
76	DPP_STATUS_RESPONSE_PENDING = 6,
77	DPP_STATUS_INVALID_CONNECTOR = 7,
78	DPP_STATUS_NO_MATCH = 8,
79	DPP_STATUS_CONFIG_REJECTED = 9,
80};
81
82#define DPP_CAPAB_ENROLLEE BIT(0)
83#define DPP_CAPAB_CONFIGURATOR BIT(1)
84#define DPP_CAPAB_ROLE_MASK (BIT(0) | BIT(1))
85
86#define DPP_BOOTSTRAP_MAX_FREQ 30
87#define DPP_MAX_NONCE_LEN 32
88#define DPP_MAX_HASH_LEN 64
89#define DPP_MAX_SHARED_SECRET_LEN 66
90
91struct dpp_curve_params {
92	const char *name;
93	size_t hash_len;
94	size_t aes_siv_key_len;
95	size_t nonce_len;
96	size_t prime_len;
97	const char *jwk_crv;
98	u16 ike_group;
99	const char *jws_alg;
100};
101
102enum dpp_bootstrap_type {
103	DPP_BOOTSTRAP_QR_CODE,
104	DPP_BOOTSTRAP_PKEX,
105};
106
107struct dpp_bootstrap_info {
108	struct dl_list list;
109	unsigned int id;
110	enum dpp_bootstrap_type type;
111	char *uri;
112	u8 mac_addr[ETH_ALEN];
113	char *info;
114	unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
115	unsigned int num_freq;
116	int own;
117	EVP_PKEY *pubkey;
118	u8 pubkey_hash[SHA256_MAC_LEN];
119	const struct dpp_curve_params *curve;
120	unsigned int pkex_t; /* number of failures before dpp_pkex
121			      * instantiation */
122};
123
124#define PKEX_COUNTER_T_LIMIT 5
125
126struct dpp_pkex {
127	void *msg_ctx;
128	unsigned int initiator:1;
129	unsigned int exchange_done:1;
130	unsigned int failed:1;
131	struct dpp_bootstrap_info *own_bi;
132	u8 own_mac[ETH_ALEN];
133	u8 peer_mac[ETH_ALEN];
134	char *identifier;
135	char *code;
136	EVP_PKEY *x;
137	EVP_PKEY *y;
138	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
139	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
140	u8 z[DPP_MAX_HASH_LEN];
141	EVP_PKEY *peer_bootstrap_key;
142	struct wpabuf *exchange_req;
143	struct wpabuf *exchange_resp;
144	unsigned int t; /* number of failures on code use */
145	unsigned int exch_req_wait_time;
146	unsigned int exch_req_tries;
147	unsigned int freq;
148};
149
150enum dpp_akm {
151	DPP_AKM_UNKNOWN,
152	DPP_AKM_DPP,
153	DPP_AKM_PSK,
154	DPP_AKM_SAE,
155	DPP_AKM_PSK_SAE,
156	DPP_AKM_SAE_DPP,
157	DPP_AKM_PSK_SAE_DPP,
158};
159
160struct dpp_configuration {
161	u8 ssid[32];
162	size_t ssid_len;
163	enum dpp_akm akm;
164
165	/* For DPP configuration (connector) */
166	os_time_t netaccesskey_expiry;
167
168	/* TODO: groups */
169	char *group_id;
170
171	/* For legacy configuration */
172	char *passphrase;
173	u8 psk[32];
174	int psk_set;
175};
176
177struct dpp_authentication {
178	void *msg_ctx;
179	u8 peer_version;
180	const struct dpp_curve_params *curve;
181	struct dpp_bootstrap_info *peer_bi;
182	struct dpp_bootstrap_info *own_bi;
183	struct dpp_bootstrap_info *tmp_own_bi;
184	u8 waiting_pubkey_hash[SHA256_MAC_LEN];
185	int response_pending;
186	enum dpp_status_error auth_resp_status;
187	enum dpp_status_error conf_resp_status;
188	u8 peer_mac_addr[ETH_ALEN];
189	u8 i_nonce[DPP_MAX_NONCE_LEN];
190	u8 r_nonce[DPP_MAX_NONCE_LEN];
191	u8 e_nonce[DPP_MAX_NONCE_LEN];
192	u8 i_capab;
193	u8 r_capab;
194	EVP_PKEY *own_protocol_key;
195	EVP_PKEY *peer_protocol_key;
196	struct wpabuf *req_msg;
197	struct wpabuf *resp_msg;
198	/* Intersection of possible frequencies for initiating DPP
199	 * Authentication exchange */
200	unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
201	unsigned int num_freq, freq_idx;
202	unsigned int curr_freq;
203	unsigned int neg_freq;
204	unsigned int num_freq_iters;
205	size_t secret_len;
206	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
207	size_t Mx_len;
208	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
209	size_t Nx_len;
210	u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
211	size_t Lx_len;
212	u8 k1[DPP_MAX_HASH_LEN];
213	u8 k2[DPP_MAX_HASH_LEN];
214	u8 ke[DPP_MAX_HASH_LEN];
215	int initiator;
216	int waiting_auth_resp;
217	int waiting_auth_conf;
218	int auth_req_ack;
219	unsigned int auth_resp_tries;
220	u8 allowed_roles;
221	int configurator;
222	int remove_on_tx_status;
223	int connect_on_tx_status;
224	int waiting_conf_result;
225	int auth_success;
226	struct wpabuf *conf_req;
227	const struct wpabuf *conf_resp; /* owned by GAS server */
228	struct dpp_configuration *conf_ap;
229	struct dpp_configuration *conf_sta;
230	struct dpp_configurator *conf;
231	char *connector; /* received signedConnector */
232	u8 ssid[SSID_MAX_LEN];
233	u8 ssid_len;
234	char passphrase[64];
235	u8 psk[PMK_LEN];
236	int psk_set;
237	enum dpp_akm akm;
238	struct wpabuf *net_access_key;
239	os_time_t net_access_key_expiry;
240	struct wpabuf *c_sign_key;
241#ifdef CONFIG_TESTING_OPTIONS
242	char *config_obj_override;
243	char *discovery_override;
244	char *groups_override;
245	unsigned int ignore_netaccesskey_mismatch:1;
246#endif /* CONFIG_TESTING_OPTIONS */
247};
248
249struct dpp_configurator {
250	struct dl_list list;
251	unsigned int id;
252	int own;
253	EVP_PKEY *csign;
254	char *kid;
255	const struct dpp_curve_params *curve;
256};
257
258struct dpp_introduction {
259	u8 pmkid[PMKID_LEN];
260	u8 pmk[PMK_LEN_MAX];
261	size_t pmk_len;
262};
263
264struct dpp_relay_config {
265	const struct hostapd_ip_addr *ipaddr;
266	const u8 *pkhash;
267
268	void *cb_ctx;
269	void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg,
270		   size_t len);
271	void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, int prot,
272			    struct wpabuf *buf);
273};
274
275struct dpp_controller_config {
276	const char *configurator_params;
277	int tcp_port;
278};
279
280#ifdef CONFIG_TESTING_OPTIONS
281enum dpp_test_behavior {
282	DPP_TEST_DISABLED = 0,
283	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ = 1,
284	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP = 2,
285	DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF = 3,
286	DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ = 4,
287	DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP = 5,
288	DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ = 6,
289	DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP = 7,
290	DPP_TEST_ZERO_I_CAPAB = 8,
291	DPP_TEST_ZERO_R_CAPAB = 9,
292	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 10,
293	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 11,
294	DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ = 12,
295	DPP_TEST_NO_I_NONCE_AUTH_REQ = 13,
296	DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14,
297	DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15,
298	DPP_TEST_NO_STATUS_AUTH_RESP = 16,
299	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17,
300	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18,
301	DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19,
302	DPP_TEST_NO_R_NONCE_AUTH_RESP = 20,
303	DPP_TEST_NO_I_NONCE_AUTH_RESP = 21,
304	DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22,
305	DPP_TEST_NO_R_AUTH_AUTH_RESP = 23,
306	DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24,
307	DPP_TEST_NO_STATUS_AUTH_CONF = 25,
308	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26,
309	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27,
310	DPP_TEST_NO_I_AUTH_AUTH_CONF = 28,
311	DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29,
312	DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30,
313	DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
314	DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
315	DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
316	DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34,
317	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35,
318	DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36,
319	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37,
320	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38,
321	DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39,
322	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40,
323	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41,
324	DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42,
325	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43,
326	DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 44,
327	DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 45,
328	DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP = 46,
329	DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ = 47,
330	DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP = 48,
331	DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ = 49,
332	DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP = 50,
333	DPP_TEST_NO_E_NONCE_CONF_REQ = 51,
334	DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ = 52,
335	DPP_TEST_NO_WRAPPED_DATA_CONF_REQ = 53,
336	DPP_TEST_NO_E_NONCE_CONF_RESP = 54,
337	DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55,
338	DPP_TEST_NO_STATUS_CONF_RESP = 56,
339	DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57,
340	DPP_TEST_INVALID_STATUS_CONF_RESP = 58,
341	DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59,
342	DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ = 60,
343	DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ = 61,
344	DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP = 62,
345	DPP_TEST_NO_STATUS_PEER_DISC_RESP = 63,
346	DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP = 64,
347	DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65,
348	DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66,
349	DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67,
350	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68,
351	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69,
352	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70,
353	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71,
354	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72,
355	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73,
356	DPP_TEST_INVALID_STATUS_AUTH_RESP = 74,
357	DPP_TEST_INVALID_STATUS_AUTH_CONF = 75,
358	DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76,
359	DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77,
360	DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78,
361	DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79,
362	DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80,
363	DPP_TEST_INVALID_I_NONCE_AUTH_REQ = 81,
364	DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ = 82,
365	DPP_TEST_INVALID_E_NONCE_CONF_REQ = 83,
366	DPP_TEST_STOP_AT_PKEX_EXCHANGE_RESP = 84,
367	DPP_TEST_STOP_AT_PKEX_CR_REQ = 85,
368	DPP_TEST_STOP_AT_PKEX_CR_RESP = 86,
369	DPP_TEST_STOP_AT_AUTH_REQ = 87,
370	DPP_TEST_STOP_AT_AUTH_RESP = 88,
371	DPP_TEST_STOP_AT_AUTH_CONF = 89,
372	DPP_TEST_STOP_AT_CONF_REQ = 90,
373	DPP_TEST_REJECT_CONFIG = 91,
374};
375
376extern enum dpp_test_behavior dpp_test;
377extern u8 dpp_pkex_own_mac_override[ETH_ALEN];
378extern u8 dpp_pkex_peer_mac_override[ETH_ALEN];
379extern u8 dpp_pkex_ephemeral_key_override[600];
380extern size_t dpp_pkex_ephemeral_key_override_len;
381extern u8 dpp_protocol_key_override[600];
382extern size_t dpp_protocol_key_override_len;
383extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
384extern size_t dpp_nonce_override_len;
385#endif /* CONFIG_TESTING_OPTIONS */
386
387void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
388const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type);
389int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
390int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
391			    const char *chan_list);
392int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac);
393int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info);
394struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri);
395char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
396		  const u8 *privkey, size_t privkey_len);
397struct hostapd_hw_modes;
398struct dpp_authentication * dpp_auth_init(void *msg_ctx,
399					  struct dpp_bootstrap_info *peer_bi,
400					  struct dpp_bootstrap_info *own_bi,
401					  u8 dpp_allowed_roles,
402					  unsigned int neg_freq,
403					  struct hostapd_hw_modes *own_modes,
404					  u16 num_modes);
405struct dpp_authentication *
406dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
407		struct dpp_bootstrap_info *peer_bi,
408		struct dpp_bootstrap_info *own_bi,
409		unsigned int freq, const u8 *hdr, const u8 *attr_start,
410		size_t attr_len);
411struct wpabuf *
412dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
413		 const u8 *attr_start, size_t attr_len);
414struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
415				   const char *json);
416int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
417		     const u8 *attr_start, size_t attr_len);
418int dpp_notify_new_qr_code(struct dpp_authentication *auth,
419			   struct dpp_bootstrap_info *peer_bi);
420struct dpp_configuration * dpp_configuration_alloc(const char *type);
421int dpp_akm_psk(enum dpp_akm akm);
422int dpp_akm_sae(enum dpp_akm akm);
423int dpp_akm_legacy(enum dpp_akm akm);
424int dpp_akm_dpp(enum dpp_akm akm);
425int dpp_akm_ver2(enum dpp_akm akm);
426int dpp_configuration_valid(const struct dpp_configuration *conf);
427void dpp_configuration_free(struct dpp_configuration *conf);
428int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx,
429			 struct dpp_authentication *auth,
430			 const char *cmd);
431void dpp_auth_deinit(struct dpp_authentication *auth);
432struct wpabuf *
433dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
434		size_t attr_len);
435int dpp_conf_resp_rx(struct dpp_authentication *auth,
436		     const struct wpabuf *resp);
437enum dpp_status_error dpp_conf_result_rx(struct dpp_authentication *auth,
438					 const u8 *hdr,
439					 const u8 *attr_start, size_t attr_len);
440struct wpabuf * dpp_build_conf_result(struct dpp_authentication *auth,
441				      enum dpp_status_error status);
442struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type,
443			      size_t len);
444const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
445int dpp_check_attrs(const u8 *buf, size_t len);
446int dpp_key_expired(const char *timestamp, os_time_t *expiry);
447const char * dpp_akm_str(enum dpp_akm akm);
448int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
449			     size_t buflen);
450void dpp_configurator_free(struct dpp_configurator *conf);
451struct dpp_configurator *
452dpp_keygen_configurator(const char *curve, const u8 *privkey,
453			size_t privkey_len);
454int dpp_configurator_own_config(struct dpp_authentication *auth,
455				const char *curve, int ap);
456enum dpp_status_error
457dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
458	       const u8 *net_access_key, size_t net_access_key_len,
459	       const u8 *csign_key, size_t csign_key_len,
460	       const u8 *peer_connector, size_t peer_connector_len,
461	       os_time_t *expiry);
462struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi,
463				const u8 *own_mac,
464				const char *identifier,
465				const char *code);
466struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
467					   struct dpp_bootstrap_info *bi,
468					   const u8 *own_mac,
469					   const u8 *peer_mac,
470					   const char *identifier,
471					   const char *code,
472					   const u8 *buf, size_t len);
473struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
474					  const u8 *peer_mac,
475					  const u8 *buf, size_t len);
476struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
477					      const u8 *hdr,
478					      const u8 *buf, size_t len);
479int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
480				   const u8 *buf, size_t len);
481void dpp_pkex_free(struct dpp_pkex *pkex);
482
483char * dpp_corrupt_connector_signature(const char *connector);
484
485
486struct dpp_pfs {
487	struct crypto_ecdh *ecdh;
488	const struct dpp_curve_params *curve;
489	struct wpabuf *ie;
490	struct wpabuf *secret;
491};
492
493struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
494			      size_t net_access_key_len);
495int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
496void dpp_pfs_free(struct dpp_pfs *pfs);
497
498struct dpp_bootstrap_info * dpp_add_qr_code(struct dpp_global *dpp,
499					    const char *uri);
500int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd);
501struct dpp_bootstrap_info *
502dpp_bootstrap_get_id(struct dpp_global *dpp, unsigned int id);
503int dpp_bootstrap_remove(struct dpp_global *dpp, const char *id);
504struct dpp_bootstrap_info *
505dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer,
506		unsigned int freq);
507const char * dpp_bootstrap_get_uri(struct dpp_global *dpp, unsigned int id);
508int dpp_bootstrap_info(struct dpp_global *dpp, int id,
509		       char *reply, int reply_size);
510void dpp_bootstrap_find_pair(struct dpp_global *dpp, const u8 *i_bootstrap,
511			     const u8 *r_bootstrap,
512			     struct dpp_bootstrap_info **own_bi,
513			     struct dpp_bootstrap_info **peer_bi);
514int dpp_configurator_add(struct dpp_global *dpp, const char *cmd);
515int dpp_configurator_remove(struct dpp_global *dpp, const char *id);
516int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id,
517				char *buf, size_t buflen);
518int dpp_relay_add_controller(struct dpp_global *dpp,
519			     struct dpp_relay_config *config);
520int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
521			const u8 *buf, size_t len, unsigned int freq,
522			const u8 *i_bootstrap, const u8 *r_bootstrap);
523int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data,
524			 size_t data_len);
525int dpp_controller_start(struct dpp_global *dpp,
526			 struct dpp_controller_config *config);
527void dpp_controller_stop(struct dpp_global *dpp);
528int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
529		 const struct hostapd_ip_addr *addr, int port);
530
531struct dpp_global_config {
532	void *msg_ctx;
533	void *cb_ctx;
534	int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
535};
536
537struct dpp_global * dpp_global_init(struct dpp_global_config *config);
538void dpp_global_clear(struct dpp_global *dpp);
539void dpp_global_deinit(struct dpp_global *dpp);
540
541#endif /* CONFIG_DPP */
542#endif /* DPP_H */
543