Merge branch 'feature/add_dpp_crypto_layer' into 'master'

feature(esp_wifi):Restructure dpp crypto layer

See merge request espressif/esp-idf!30225

components/wpa_supplicant/CMakeLists.txt

@@ -202,6 +202,7 @@ endif()
 
 if(CONFIG_ESP_WIFI_DPP_SUPPORT)
     set(dpp_src "src/common/dpp.c"
+    "src/common/dpp_crypto.c"
     "esp_supplicant/src/esp_dpp.c")
 else()
     set(dpp_src "")

components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c

@@ -453,7 +453,7 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
                                  (const mbedtls_ecp_point *) b);
 }
 
-int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2)
+int crypto_ec_key_compare(struct crypto_ec_key *key1, struct crypto_ec_key *key2)
 {
     int ret = 0;
     mbedtls_entropy_context entropy;
@@ -488,7 +488,7 @@ void crypto_debug_print_point(const char *title, struct crypto_ec *e,
     wpa_hexdump(MSG_ERROR, "y:", y, 32);
 }
 
-static struct crypto_key *crypto_alloc_key(void)
+static struct crypto_ec_key *crypto_alloc_key(void)
 {
     mbedtls_pk_context *key = os_malloc(sizeof(*key));
 
@@ -498,14 +498,14 @@ static struct crypto_key *crypto_alloc_key(void)
     }
     mbedtls_pk_init(key);
 
-    return (struct crypto_key *)key;
+    return (struct crypto_ec_key *)key;
 }
 
-struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group,
-                                               const u8 *buf, size_t len)
+struct crypto_ec_key * crypto_ec_key_set_pub(const struct crypto_ec_group *group,
+                                             const u8 *buf, size_t len)
 {
     mbedtls_ecp_point *point = NULL;
-    struct crypto_key *pkey = NULL;
+    struct crypto_ec_key *pkey = NULL;
     int ret;
     mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
     mbedtls_ecp_group *ecp_grp = (mbedtls_ecp_group *)group;
@@ -543,7 +543,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
     mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
     mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), ecp_grp->id);
 
-    pkey = (struct crypto_key *)key;
+    pkey = (struct crypto_ec_key *)key;
     crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
     return pkey;
 fail:
@@ -557,21 +557,14 @@ fail:
     return pkey;
 }
 
-void crypto_ec_free_key(struct crypto_key *key)
-{
-    mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
-    mbedtls_pk_free(pkey);
-    os_free(key);
-}
-
-struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
+struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_ec_key *key)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 
     return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q);
 }
 
-int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len)
+int crypto_ec_get_priv_key_der(struct crypto_ec_key *key, unsigned char **key_data, int *key_len)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
     char *der_data = os_malloc(ECP_PRV_DER_MAX_BYTES);
@@ -599,7 +592,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data,
     return 0;
 }
 
-struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key)
+struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_ec_key *key)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 
@@ -614,14 +607,14 @@ int crypto_ec_key_group(struct crypto_ec_key *key)
     return iana_group;
 }
 
-struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key)
+struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_ec_key *key)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 
     return ((struct crypto_bignum *) & (mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d)));
 }
 
-int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
+int crypto_ec_get_publickey_buf(struct crypto_ec_key *key, u8 *key_buf, int len)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */
@@ -644,7 +637,7 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
     return pk_len;
 }
 
-int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
+int crypto_write_pubkey_der(struct crypto_ec_key *key, unsigned char **key_buf)
 {
     unsigned char *buf = os_malloc(ECP_PUB_DER_MAX_BYTES);
 
@@ -669,7 +662,7 @@ int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
     return len;
 }
 
-struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
+struct crypto_ec_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len)
 {
     int ret;
     mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
@@ -685,7 +678,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
         goto fail;
     }
 
-    return (struct crypto_key *)kctx;
+    return (struct crypto_ec_key *)kctx;
 
 fail:
     mbedtls_pk_free(kctx);
@@ -728,7 +721,7 @@ int crypto_ec_get_curve_id(const struct crypto_ec_group *group)
     return (crypto_ec_get_mbedtls_to_nist_group_id(grp->id));
 }
 
-int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
+int crypto_ecdh(struct crypto_ec_key *key_own, struct crypto_ec_key *key_peer,
                 u8 *secret, size_t *secret_len)
 {
     mbedtls_ecdh_context *ctx = NULL;
@@ -795,7 +788,7 @@ fail:
 }
 
 int crypto_ecdsa_get_sign(unsigned char *hash,
-                          const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hash_len)
+                          const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_ec_key *csign, int hash_len)
 {
     int ret = -1;
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)csign;
@@ -820,8 +813,10 @@ fail:
     return  ret;
 }
 
-int crypto_edcsa_sign_verify(const unsigned char *hash,
-                             const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hlen)
+int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *csign,
+                                       const unsigned char *hash, int hlen,
+                                       const u8 *r, size_t r_len,
+                                       const u8 *s, size_t s_len)
 {
     /* (mbedtls_ecdsa_context *) */
     mbedtls_ecp_keypair *ecp_kp = mbedtls_pk_ec(*(mbedtls_pk_context *)csign);
@@ -829,39 +824,45 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
         return -1;
     }
 
+    struct crypto_bignum *rb = NULL, *sb = NULL;
+    rb = crypto_bignum_init_set(r, r_len);
+    sb = crypto_bignum_init_set(s, s_len);
+
     mbedtls_ecp_group *ecp_kp_grp = &ecp_kp->MBEDTLS_PRIVATE(grp);
     mbedtls_ecp_point *ecp_kp_q = &ecp_kp->MBEDTLS_PRIVATE(Q);
     int ret = mbedtls_ecdsa_verify(ecp_kp_grp, hash, hlen,
-                                   ecp_kp_q, (mbedtls_mpi *)r, (mbedtls_mpi *)s);
+                                   ecp_kp_q, (mbedtls_mpi *)rb, (mbedtls_mpi *)sb);
     if (ret != 0) {
         wpa_printf(MSG_ERROR, "ecdsa verification failed");
+        crypto_bignum_deinit(rb, 0);
+        crypto_bignum_deinit(sb, 0);
         return ret;
     }
 
     return ret;
 }
 
-void crypto_debug_print_ec_key(const char *title, struct crypto_key *key)
+void crypto_ec_key_debug_print(struct crypto_ec_key *key, const char *title)
 {
 #ifdef DEBUG_PRINT
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
     mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(*pkey);
     u8 x[32], y[32], d[32];
-    wpa_printf(MSG_ERROR, "curve: %s",
+    wpa_printf(MSG_INFO, "curve: %s",
                mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
     int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key)));
 
-    wpa_printf(MSG_ERROR, "prime len is %d", len);
-    crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_get_public_key(key), x, y);
-    crypto_bignum_to_bin(crypto_ec_get_private_key(key),
+    wpa_printf(MSG_INFO, "prime len is %d", len);
+    crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_key_get_public_key(key), x, y);
+    crypto_bignum_to_bin(crypto_ec_key_get_private_key(key),
                          d, len, len);
-    wpa_hexdump(MSG_ERROR, "Q_x:", x, 32);
-    wpa_hexdump(MSG_ERROR, "Q_y:", y, 32);
-    wpa_hexdump(MSG_ERROR, "d:     ",  d, 32);
+    wpa_hexdump(MSG_INFO, "Q_x:", x, 32);
+    wpa_hexdump(MSG_INFO, "Q_y:", y, 32);
+    wpa_hexdump(MSG_INFO, "d:     ",  d, 32);
 #endif
 }
 
-struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len)
+struct crypto_ec_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len)
 {
     int ret;
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)crypto_alloc_key();
@@ -871,7 +872,7 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
     }
     ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);
     if (ret == 0) {
-        return (struct crypto_key *)pkey;
+        return (struct crypto_ec_key *)pkey;
     }
 
     mbedtls_pk_free(pkey);
@@ -879,13 +880,13 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
     return NULL;
 }
 
-int crypto_is_ec_key(struct crypto_key *key)
+int crypto_is_ec_key(struct crypto_ec_key *key)
 {
     int ret = mbedtls_pk_can_do((mbedtls_pk_context *)key, MBEDTLS_PK_ECKEY);
     return  ret;
 }
 
-struct crypto_key * crypto_ec_gen_keypair(u16 ike_group)
+struct crypto_ec_key * crypto_ec_key_gen(u16 ike_group)
 {
     mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
 
@@ -902,7 +903,7 @@ struct crypto_key * crypto_ec_gen_keypair(u16 ike_group)
     mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(*kctx), //get this from argument
                         crypto_rng_wrapper, NULL);
 
-    return (struct crypto_key *)kctx;
+    return (struct crypto_ec_key *)kctx;
 fail:
     mbedtls_pk_free(kctx);
     os_free(kctx);
@@ -1018,7 +1019,7 @@ int crypto_pk_write_formatted_pubkey_der(mbedtls_pk_context *key, unsigned char
     return ((int) len);
 }
 
-int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf)
+int crypto_ec_write_pub_key(struct crypto_ec_key *key, unsigned char **key_buf)
 {
     unsigned char output_buf[1600] = {0};
     int len = crypto_pk_write_formatted_pubkey_der((mbedtls_pk_context *)key, output_buf, 1600, 1);
@@ -1036,6 +1037,23 @@ int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf)
     return len;
 }
 
+struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key)
+{
+    unsigned char *der = NULL;
+    struct wpabuf *ret = NULL;
+    int der_len;
+
+    der_len = crypto_ec_write_pub_key(key, &der);
+    if (!der) {
+        wpa_printf(MSG_ERROR, "failed to get der for bootstrapping key\n");
+        return NULL;
+    }
+    ret = wpabuf_alloc_copy(der, der_len);
+
+    os_free(der);
+    return ret;
+}
+
 int crypto_mbedtls_get_grp_id(int group)
 {
     switch (group) {
@@ -1140,7 +1158,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
     struct crypto_bignum *bn_x = NULL;
     struct crypto_ec_point *ec_pt = NULL;
     uint8_t *px = NULL, *py = NULL, *buf = NULL;
-    struct crypto_key *pkey = NULL;
+    struct crypto_ec_key *pkey = NULL;
     struct wpabuf *sh_secret = NULL;
     int secret_key = 0;
 
@@ -1188,7 +1206,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
     os_memcpy(buf, px, len);
     os_memcpy(buf + len, py, len);
 
-    pkey = crypto_ec_set_pubkey_point((struct crypto_ec_group*)ACCESS_ECDH(&ctx, grp), buf, len);
+    pkey = crypto_ec_key_set_pub((struct crypto_ec_group*)ACCESS_ECDH(&ctx, grp), buf, len);
     if (!pkey) {
         wpa_printf(MSG_ERROR, "Failed to set point for peer's public key");
         goto cleanup;
@@ -1228,7 +1246,7 @@ cleanup:
     os_free(py);
     os_free(buf);
     os_free(secret);
-    crypto_ec_free_key(pkey);
+    crypto_ec_key_deinit(pkey);
     crypto_bignum_deinit(bn_x, 1);
     crypto_ec_point_deinit(ec_pt, 1);
     mbedtls_ctr_drbg_free(&ctr_drbg);

components/wpa_supplicant/esp_supplicant/src/esp_dpp_i.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -10,7 +10,6 @@
 #include "esp_err.h"
 #include "utils/includes.h"
 #include "utils/common.h"
-
 #include "common/dpp.h"
 #include "esp_dpp.h"
 #include "esp_wifi_driver.h"
@@ -59,6 +58,11 @@ struct esp_dpp_context_t {
 int esp_supp_rx_action(uint8_t *hdr, uint8_t *payload, size_t len, uint8_t channel);
 esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data);
 
+#ifdef CONFIG_TESTING_OPTIONS
+int dpp_test_gen_invalid_key(struct wpabuf *msg, const struct dpp_curve_params *curve);
+char * dpp_corrupt_connector_signature(const char *connector);
+#endif /* CONFIG_TESTING_OPTIONS */
+
 #ifdef CONFIG_ESP_WIFI_DPP_SUPPORT
 bool is_dpp_enabled(void);
 #else

components/wpa_supplicant/src/common/dpp.h

@@ -18,6 +18,7 @@
 #include "utils/common.h"
 #include "esp_err.h"
 #include "esp_dpp.h"
+#include "crypto/crypto.h"
 
 struct crypto_ecdh;
 struct hostapd_ip_addr;
@@ -159,11 +160,13 @@ struct dpp_bootstrap_info {
 	enum dpp_bootstrap_type type;
 	char *uri;
 	u8 mac_addr[ETH_ALEN];
+	char *chan;
 	char *info;
+	char *pk;
 	unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
 	unsigned int num_freq;
 	int own;
-	struct crypto_key *pubkey;
+	struct crypto_ec_key *pubkey;
 	u8 pubkey_hash[SHA256_MAC_LEN];
 	const struct dpp_curve_params *curve;
 	unsigned int pkex_t; /* number of failures before dpp_pkex
@@ -182,12 +185,12 @@ struct dpp_pkex {
 	u8 peer_mac[ETH_ALEN];
 	char *identifier;
 	char *code;
-	struct crypto_key *x;
-	struct crypto_key *y;
+	struct crypto_ec_key *x;
+	struct crypto_ec_key *y;
 	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
 	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
 	u8 z[DPP_MAX_HASH_LEN];
-	struct crypto_key *peer_bootstrap_key;
+	struct crypto_ec_key *peer_bootstrap_key;
 	struct wpabuf *exchange_req;
 	struct wpabuf *exchange_resp;
 	unsigned int t; /* number of failures on code use */
@@ -250,8 +253,8 @@ struct dpp_authentication {
 	u8 e_nonce[DPP_MAX_NONCE_LEN];
 	u8 i_capab;
 	u8 r_capab;
-	struct crypto_key *own_protocol_key;
-	struct crypto_key *peer_protocol_key;
+	struct crypto_ec_key *own_protocol_key;
+	struct crypto_ec_key *peer_protocol_key;
 	struct wpabuf *req_msg;
 	struct wpabuf *resp_msg;
 	/* Intersection of possible frequencies for initiating DPP
@@ -320,7 +323,7 @@ struct dpp_configurator {
 	struct dl_list list;
 	unsigned int id;
 	int own;
-	struct crypto_key *csign;
+	struct crypto_ec_key *csign;
 	char *kid;
 	const struct dpp_curve_params *curve;
 };
@@ -440,13 +443,10 @@ extern size_t dpp_nonce_override_len;
 
 void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
 const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type);
-int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
 int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
 			    const char *chan_list);
 int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac);
 int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info);
-char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
-		  u8 *privkey, size_t privkey_len);
 struct hostapd_hw_modes;
 struct dpp_authentication * dpp_auth_init(void *msg_ctx,
 					  struct dpp_bootstrap_info *peer_bi,

components/wpa_supplicant/src/common/dpp_i.h

@@ -0,0 +1,79 @@
+/*
+ * DPP module internal definitions
+ * Copyright (c) 2017, Qualcomm Atheros, Inc.
+ * Copyright (c) 2018-2020, The Linux Foundation
+ * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef ESP_DPP_I_H
+#define ESP_DPP_I_H
+
+#include "esp_err.h"
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/dpp.h"
+#include "esp_dpp.h"
+#include "esp_wifi_driver.h"
+
+/* dpp_crypto.c */
+
+struct dpp_signed_connector_info {
+	unsigned char *payload;
+	size_t payload_len;
+};
+
+const struct dpp_curve_params *dpp_get_curve_name(const char *name);
+const struct dpp_curve_params *dpp_get_curve_jwk_crv(const char *name);
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key);
+int dpp_hash_vector(const struct dpp_curve_params *curve,
+	size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
+			   const char *label, u8 *out, size_t outlen);
+int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
+			   size_t num_elem, const u8 *addr[],
+			   const size_t *len, u8 *mac);
+int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len,
+		    const u8 *data, size_t data_len, u8 *mac);
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+				       const u8 *buf, size_t len);
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+					   const u8 *privkey, size_t privkey_len);
+int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
+int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
+		  u8 *privkey, size_t privkey_len);
+int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
+			 unsigned int hash_len);
+int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2,
+			 unsigned int hash_len);
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer,
+		    u8 *secret, size_t *secret_len);
+struct wpabuf *dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
+		       const u8 *prot_hdr, u16 prot_hdr_len, int *hash_func);
+int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash);
+enum dpp_status_error dpp_process_signed_connector(struct dpp_signed_connector_info *info,
+			struct crypto_ec_key *csign_pub, const char *connector);
+int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth);
+int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth);
+int dpp_auth_derive_l_responder(struct dpp_authentication *auth);
+int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
+int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
+			  unsigned int hash_len);
+int dpp_derive_pmkid(const struct dpp_curve_params *curve,
+			    struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid);
+int dpp_bn2bin_pad(const struct crypto_bignum *bn, u8 *pos, size_t len);
+struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key);
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *pkey, int prefix);
+int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi, const u8 *data, size_t data_len);
+int dpp_derive_bk_ke(struct dpp_authentication *auth);
+enum dpp_status_error
+dpp_check_signed_connector(struct dpp_signed_connector_info *info,
+                           const u8 *csign_key, size_t csign_key_len,
+                           const u8 *peer_connector, size_t peer_connector_len);
+
+/* dpp crypto apis */
+
+#endif /* ESP_DPP_I_H */

components/wpa_supplicant/src/crypto/crypto.h

@@ -798,7 +798,7 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
  */
 
 /**
- * crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve
+ * crypto_ec_get_b - Get 'b' coefficient of an EC group's curve
  * @e: EC context from crypto_ec_init()
  * Returns: 'b' coefficient (bignum) of the group
  */
@@ -932,6 +932,9 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
         const struct crypto_ec_point *a,
         const struct crypto_ec_point *b);
 
+
+struct crypto_ec_key;
+
 /**
  * crypto_ec_get_publickey_buf - Write EC public key to buffer
  * @key: crypto key
@@ -939,29 +942,29 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
  * @len: length of buffer
  * Returns: 0 on success, non-zero otherwise
  */
-int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len);
+int crypto_ec_get_publickey_buf(struct crypto_ec_key *key, u8 *key_buf, int len);
 
 /**
  * crypto_ec_get_group_from_key - Write EC group from key
  * @key: crypto key
  * Returns: EC group
  */
-struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key);
+struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_ec_key *key);
 
 /**
- * crypto_ec_get_private_key - Get EC private key (in bignum format)
+ * crypto_ec_key_get_private_key - Get EC private key (in bignum format)
  * @key: crypto key
  * Returns: Private key
  */
-struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key);
+struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_ec_key *key);
 
 /**
- * crypto_ec_get_key - Read key from character stream
+ * crypto_ec_key_parse_priv - Read key from character stream
  * @privkey: Private key
  * @privkey_len: private key len
  * Returns: Crypto key
  */
-struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len);
+struct crypto_ec_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len);
 
 /**
  * crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group
@@ -985,7 +988,7 @@ int crypto_ec_get_curve_id(const struct crypto_ec_group *group);
  * @secret_len: secret len
  * Returns: 0 if success else negative value
  */
-int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
+int crypto_ecdh(struct crypto_ec_key *key_own, struct crypto_ec_key *key_peer,
 		    u8 *secret, size_t *secret_len);
 
 /**
@@ -999,78 +1002,84 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
  */
 int crypto_ecdsa_get_sign(unsigned char *hash,
 		const struct crypto_bignum *r, const struct crypto_bignum *s,
-		struct crypto_key *csign, int hash_len);
+		struct crypto_ec_key *csign, int hash_len);
 
 /**
- * crypto_edcsa_sign_verify: verify crypto ecdsa signed hash
+ * crypto_ec_key_verify_signature_r_s: verify ec key signature
+ * @csign: csign
  * @hash: signed hash
+ * @hlen: length of hash
  * @r: ecdsa r
  * @s: ecdsa s
- * @csign: csign
- * @hlen: length of hash
+ * @r_len: Length of @r buffer
+ * @s_len: Length of @s buffer
  * Return: 0 if success else negative value
  */
-int crypto_edcsa_sign_verify(const unsigned char *hash, const struct crypto_bignum *r,
-			const struct crypto_bignum *s, struct crypto_key *csign, int hlen);
+int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *csign,
+		const unsigned char *hash, int hlen,
+		const u8 *r, size_t r_len,
+		const u8 *s, size_t s_len);
 
 /**
  * crypto_ec_parse_subpub_key: get EC key context from sub public key
  * @p: data
  * @len: data len
- * Return: crypto_key
+ * Return: crypto_ec_key
  */
-struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len);
+struct crypto_ec_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len);
 
 /**
  * crypto_is_ec_key: check whether a key is EC key or not
  * @key: crypto key
  * Return: true if key else false
  */
-int crypto_is_ec_key(struct crypto_key *key);
+int crypto_is_ec_key(struct crypto_ec_key *key);
 
 /**
- * crypto_ec_gen_keypair: generate crypto ec keypair
+ * crypto_ec_key_gen: generate crypto ec keypair
  * @ike_group: grpup
  * Return: crypto key
  */
-struct crypto_key * crypto_ec_gen_keypair(u16 ike_group);
+struct crypto_ec_key * crypto_ec_key_gen(u16 ike_group);
 
 /**
- * crypto_ec_write_pub_key: return public key in charater buffer
+ * crypto_ec_write_pub_key: return public key in character buffer
  * @key: crypto key
  * @der_len: buffer len
  * Return: public key buffer
  */
-int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf);
+int crypto_ec_write_pub_key(struct crypto_ec_key *key, unsigned char **key_buf);
 
 /**
- * crypto_ec_set_pubkey_point: set bignum point on ec curve
+ * crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for an EC key
+ * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen()
+ * Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo or %NULL on failure
+ */
+struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key);
+
+/**
+ * crypto_ec_key_set_pub: set bignum point on ec curve
  * @group: ec group
  * @buf: x,y coordinate
- * @len: length of x and y coordiate
- * Return : crypto key
+ * @len: length of x and y coordinate
+ * Return : crypto key or NULL on failure
  */
-struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group,
+struct crypto_ec_key * crypto_ec_key_set_pub(const struct crypto_ec_group *group,
 					     const u8 *buf, size_t len);
 /**
- * crypto_ec_free_key: free crypto key
- * Return : None
- */
-void crypto_ec_free_key(struct crypto_key *key);
-/**
- * crypto_debug_print_ec_key: print ec key
- * @title: title
+ * crypto_ec_key_debug_print: print ec key
  * @key: crypto key
+ * @title: title
  * Return: None
  */
-void crypto_debug_print_ec_key(const char *title, struct crypto_key *key);
+void crypto_ec_key_debug_print(struct crypto_ec_key *key, const char *title);
 
 /**
- * crypto_ec_get_public_key: Public key from crypto key
+ * crypto_ec_key_get_public_key: Public key from crypto key
  * @key: crypto key
  * Return : Public key
  */
-struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key);
+struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_ec_key *key);
 
 /**
  * crypto_get_order: free crypto key
@@ -1079,7 +1088,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key);
 int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x);
 
 /**
- * crypto_ec_get_affine_coordinates : get affine corrdinate of ec curve
+ * crypto_ec_get_affine_coordinates : get affine coordinate of ec curve
  * @e: ec curve
  * @pt: point
  * @x: x coordinate
@@ -1097,18 +1106,18 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point
 struct crypto_ec_group *crypto_ec_get_group_byname(const char *name);
 
 /**
- * crypto_key_compare: check whether two keys belong to same
+ * crypto_ec_key_compare: check whether two keys belong to same
  * Return : 1 if yes else 0
  */
-int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2);
+int crypto_ec_key_compare(struct crypto_ec_key *key1, struct crypto_ec_key *key2);
 
 /*
  * crypto_write_pubkey_der: get public key in der format
  * @csign: key
- * @key_buf: key buffer in charater format
+ * @key_buf: key buffer in character format
  * Return : len of char buffer if success
  */
-int crypto_write_pubkey_der(struct crypto_key *csign, unsigned char **key_buf);
+int crypto_write_pubkey_der(struct crypto_ec_key *csign, unsigned char **key_buf);
 
 /**
  * crypto_free_buffer: free buffer allocated by crypto API
@@ -1120,11 +1129,11 @@ void crypto_free_buffer(unsigned char *buf);
 /**
  * @crypto_ec_get_priv_key_der: get private key in der format
  * @key: key structure
- * @key_data: key data in charater buffer
- * @key_len = key length of charater buffer
+ * @key_data: key data in character buffer
+ * @key_len = key length of character buffer
  * Return : 0 if success
  */
-int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len);
+int crypto_ec_get_priv_key_der(struct crypto_ec_key *key, unsigned char **key_data, int *key_len);
 
 /**
  * crypto_bignum_to_string: get big number in ascii format
@@ -1148,9 +1157,6 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
                                         const u8 *key, size_t len);
 
 
-struct crypto_ec_key;
-
-
 /**
  * crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1
  * @der: DER encoding of ASN.1 SubjectPublicKeyInfo