Merge branch 'feature/add_dpp_crypto_layer' into 'master'

feature(esp_wifi):Restructure dpp crypto layer

See merge request espressif/esp-idf!30225
This commit is contained in:
Jiang Jiang Jian 2024-09-29 19:47:26 +08:00
commit 42f1e2177a
8 changed files with 1503 additions and 1453 deletions

View File

@ -202,6 +202,7 @@ endif()
if(CONFIG_ESP_WIFI_DPP_SUPPORT) if(CONFIG_ESP_WIFI_DPP_SUPPORT)
set(dpp_src "src/common/dpp.c" set(dpp_src "src/common/dpp.c"
"src/common/dpp_crypto.c"
"esp_supplicant/src/esp_dpp.c") "esp_supplicant/src/esp_dpp.c")
else() else()
set(dpp_src "") set(dpp_src "")

View File

@ -453,7 +453,7 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
(const mbedtls_ecp_point *) b); (const mbedtls_ecp_point *) b);
} }
int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2) int crypto_ec_key_compare(struct crypto_ec_key *key1, struct crypto_ec_key *key2)
{ {
int ret = 0; int ret = 0;
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
@ -488,7 +488,7 @@ void crypto_debug_print_point(const char *title, struct crypto_ec *e,
wpa_hexdump(MSG_ERROR, "y:", y, 32); wpa_hexdump(MSG_ERROR, "y:", y, 32);
} }
static struct crypto_key *crypto_alloc_key(void) static struct crypto_ec_key *crypto_alloc_key(void)
{ {
mbedtls_pk_context *key = os_malloc(sizeof(*key)); mbedtls_pk_context *key = os_malloc(sizeof(*key));
@ -498,14 +498,14 @@ static struct crypto_key *crypto_alloc_key(void)
} }
mbedtls_pk_init(key); mbedtls_pk_init(key);
return (struct crypto_key *)key; return (struct crypto_ec_key *)key;
} }
struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group, struct crypto_ec_key * crypto_ec_key_set_pub(const struct crypto_ec_group *group,
const u8 *buf, size_t len) const u8 *buf, size_t len)
{ {
mbedtls_ecp_point *point = NULL; mbedtls_ecp_point *point = NULL;
struct crypto_key *pkey = NULL; struct crypto_ec_key *pkey = NULL;
int ret; int ret;
mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key(); mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
mbedtls_ecp_group *ecp_grp = (mbedtls_ecp_group *)group; mbedtls_ecp_group *ecp_grp = (mbedtls_ecp_group *)group;
@ -543,7 +543,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point); mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), ecp_grp->id); mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), ecp_grp->id);
pkey = (struct crypto_key *)key; pkey = (struct crypto_ec_key *)key;
crypto_ec_point_deinit((struct crypto_ec_point *)point, 0); crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
return pkey; return pkey;
fail: fail:
@ -557,21 +557,14 @@ fail:
return pkey; return pkey;
} }
void crypto_ec_free_key(struct crypto_key *key) struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_ec_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
mbedtls_pk_free(pkey);
os_free(key);
}
struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
{ {
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q); return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q);
} }
int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len) int crypto_ec_get_priv_key_der(struct crypto_ec_key *key, unsigned char **key_data, int *key_len)
{ {
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
char *der_data = os_malloc(ECP_PRV_DER_MAX_BYTES); char *der_data = os_malloc(ECP_PRV_DER_MAX_BYTES);
@ -599,7 +592,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data,
return 0; return 0;
} }
struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key) struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_ec_key *key)
{ {
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
@ -614,14 +607,14 @@ int crypto_ec_key_group(struct crypto_ec_key *key)
return iana_group; return iana_group;
} }
struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key) struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_ec_key *key)
{ {
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return ((struct crypto_bignum *) & (mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d))); return ((struct crypto_bignum *) & (mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d)));
} }
int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len) int crypto_ec_get_publickey_buf(struct crypto_ec_key *key, u8 *key_buf, int len)
{ {
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */
@ -644,7 +637,7 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
return pk_len; return pk_len;
} }
int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf) int crypto_write_pubkey_der(struct crypto_ec_key *key, unsigned char **key_buf)
{ {
unsigned char *buf = os_malloc(ECP_PUB_DER_MAX_BYTES); unsigned char *buf = os_malloc(ECP_PUB_DER_MAX_BYTES);
@ -669,7 +662,7 @@ int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
return len; return len;
} }
struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len) struct crypto_ec_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len)
{ {
int ret; int ret;
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key(); mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
@ -685,7 +678,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
goto fail; goto fail;
} }
return (struct crypto_key *)kctx; return (struct crypto_ec_key *)kctx;
fail: fail:
mbedtls_pk_free(kctx); mbedtls_pk_free(kctx);
@ -728,7 +721,7 @@ int crypto_ec_get_curve_id(const struct crypto_ec_group *group)
return (crypto_ec_get_mbedtls_to_nist_group_id(grp->id)); return (crypto_ec_get_mbedtls_to_nist_group_id(grp->id));
} }
int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, int crypto_ecdh(struct crypto_ec_key *key_own, struct crypto_ec_key *key_peer,
u8 *secret, size_t *secret_len) u8 *secret, size_t *secret_len)
{ {
mbedtls_ecdh_context *ctx = NULL; mbedtls_ecdh_context *ctx = NULL;
@ -795,7 +788,7 @@ fail:
} }
int crypto_ecdsa_get_sign(unsigned char *hash, int crypto_ecdsa_get_sign(unsigned char *hash,
const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hash_len) const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_ec_key *csign, int hash_len)
{ {
int ret = -1; int ret = -1;
mbedtls_pk_context *pkey = (mbedtls_pk_context *)csign; mbedtls_pk_context *pkey = (mbedtls_pk_context *)csign;
@ -820,8 +813,10 @@ fail:
return ret; return ret;
} }
int crypto_edcsa_sign_verify(const unsigned char *hash, int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *csign,
const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hlen) const unsigned char *hash, int hlen,
const u8 *r, size_t r_len,
const u8 *s, size_t s_len)
{ {
/* (mbedtls_ecdsa_context *) */ /* (mbedtls_ecdsa_context *) */
mbedtls_ecp_keypair *ecp_kp = mbedtls_pk_ec(*(mbedtls_pk_context *)csign); mbedtls_ecp_keypair *ecp_kp = mbedtls_pk_ec(*(mbedtls_pk_context *)csign);
@ -829,39 +824,45 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
return -1; return -1;
} }
struct crypto_bignum *rb = NULL, *sb = NULL;
rb = crypto_bignum_init_set(r, r_len);
sb = crypto_bignum_init_set(s, s_len);
mbedtls_ecp_group *ecp_kp_grp = &ecp_kp->MBEDTLS_PRIVATE(grp); mbedtls_ecp_group *ecp_kp_grp = &ecp_kp->MBEDTLS_PRIVATE(grp);
mbedtls_ecp_point *ecp_kp_q = &ecp_kp->MBEDTLS_PRIVATE(Q); mbedtls_ecp_point *ecp_kp_q = &ecp_kp->MBEDTLS_PRIVATE(Q);
int ret = mbedtls_ecdsa_verify(ecp_kp_grp, hash, hlen, int ret = mbedtls_ecdsa_verify(ecp_kp_grp, hash, hlen,
ecp_kp_q, (mbedtls_mpi *)r, (mbedtls_mpi *)s); ecp_kp_q, (mbedtls_mpi *)rb, (mbedtls_mpi *)sb);
if (ret != 0) { if (ret != 0) {
wpa_printf(MSG_ERROR, "ecdsa verification failed"); wpa_printf(MSG_ERROR, "ecdsa verification failed");
crypto_bignum_deinit(rb, 0);
crypto_bignum_deinit(sb, 0);
return ret; return ret;
} }
return ret; return ret;
} }
void crypto_debug_print_ec_key(const char *title, struct crypto_key *key) void crypto_ec_key_debug_print(struct crypto_ec_key *key, const char *title)
{ {
#ifdef DEBUG_PRINT #ifdef DEBUG_PRINT
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(*pkey); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(*pkey);
u8 x[32], y[32], d[32]; u8 x[32], y[32], d[32];
wpa_printf(MSG_ERROR, "curve: %s", wpa_printf(MSG_INFO, "curve: %s",
mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name); mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key))); int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key)));
wpa_printf(MSG_ERROR, "prime len is %d", len); wpa_printf(MSG_INFO, "prime len is %d", len);
crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_get_public_key(key), x, y); crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_key_get_public_key(key), x, y);
crypto_bignum_to_bin(crypto_ec_get_private_key(key), crypto_bignum_to_bin(crypto_ec_key_get_private_key(key),
d, len, len); d, len, len);
wpa_hexdump(MSG_ERROR, "Q_x:", x, 32); wpa_hexdump(MSG_INFO, "Q_x:", x, 32);
wpa_hexdump(MSG_ERROR, "Q_y:", y, 32); wpa_hexdump(MSG_INFO, "Q_y:", y, 32);
wpa_hexdump(MSG_ERROR, "d: ", d, 32); wpa_hexdump(MSG_INFO, "d: ", d, 32);
#endif #endif
} }
struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len) struct crypto_ec_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len)
{ {
int ret; int ret;
mbedtls_pk_context *pkey = (mbedtls_pk_context *)crypto_alloc_key(); mbedtls_pk_context *pkey = (mbedtls_pk_context *)crypto_alloc_key();
@ -871,7 +872,7 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
} }
ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey); ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);
if (ret == 0) { if (ret == 0) {
return (struct crypto_key *)pkey; return (struct crypto_ec_key *)pkey;
} }
mbedtls_pk_free(pkey); mbedtls_pk_free(pkey);
@ -879,13 +880,13 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
return NULL; return NULL;
} }
int crypto_is_ec_key(struct crypto_key *key) int crypto_is_ec_key(struct crypto_ec_key *key)
{ {
int ret = mbedtls_pk_can_do((mbedtls_pk_context *)key, MBEDTLS_PK_ECKEY); int ret = mbedtls_pk_can_do((mbedtls_pk_context *)key, MBEDTLS_PK_ECKEY);
return ret; return ret;
} }
struct crypto_key * crypto_ec_gen_keypair(u16 ike_group) struct crypto_ec_key * crypto_ec_key_gen(u16 ike_group)
{ {
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key(); mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
@ -902,7 +903,7 @@ struct crypto_key * crypto_ec_gen_keypair(u16 ike_group)
mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(*kctx), //get this from argument mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(*kctx), //get this from argument
crypto_rng_wrapper, NULL); crypto_rng_wrapper, NULL);
return (struct crypto_key *)kctx; return (struct crypto_ec_key *)kctx;
fail: fail:
mbedtls_pk_free(kctx); mbedtls_pk_free(kctx);
os_free(kctx); os_free(kctx);
@ -1018,7 +1019,7 @@ int crypto_pk_write_formatted_pubkey_der(mbedtls_pk_context *key, unsigned char
return ((int) len); return ((int) len);
} }
int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf) int crypto_ec_write_pub_key(struct crypto_ec_key *key, unsigned char **key_buf)
{ {
unsigned char output_buf[1600] = {0}; unsigned char output_buf[1600] = {0};
int len = crypto_pk_write_formatted_pubkey_der((mbedtls_pk_context *)key, output_buf, 1600, 1); int len = crypto_pk_write_formatted_pubkey_der((mbedtls_pk_context *)key, output_buf, 1600, 1);
@ -1036,6 +1037,23 @@ int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf)
return len; return len;
} }
struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key)
{
unsigned char *der = NULL;
struct wpabuf *ret = NULL;
int der_len;
der_len = crypto_ec_write_pub_key(key, &der);
if (!der) {
wpa_printf(MSG_ERROR, "failed to get der for bootstrapping key\n");
return NULL;
}
ret = wpabuf_alloc_copy(der, der_len);
os_free(der);
return ret;
}
int crypto_mbedtls_get_grp_id(int group) int crypto_mbedtls_get_grp_id(int group)
{ {
switch (group) { switch (group) {
@ -1140,7 +1158,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
struct crypto_bignum *bn_x = NULL; struct crypto_bignum *bn_x = NULL;
struct crypto_ec_point *ec_pt = NULL; struct crypto_ec_point *ec_pt = NULL;
uint8_t *px = NULL, *py = NULL, *buf = NULL; uint8_t *px = NULL, *py = NULL, *buf = NULL;
struct crypto_key *pkey = NULL; struct crypto_ec_key *pkey = NULL;
struct wpabuf *sh_secret = NULL; struct wpabuf *sh_secret = NULL;
int secret_key = 0; int secret_key = 0;
@ -1188,7 +1206,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
os_memcpy(buf, px, len); os_memcpy(buf, px, len);
os_memcpy(buf + len, py, len); os_memcpy(buf + len, py, len);
pkey = crypto_ec_set_pubkey_point((struct crypto_ec_group*)ACCESS_ECDH(&ctx, grp), buf, len); pkey = crypto_ec_key_set_pub((struct crypto_ec_group*)ACCESS_ECDH(&ctx, grp), buf, len);
if (!pkey) { if (!pkey) {
wpa_printf(MSG_ERROR, "Failed to set point for peer's public key"); wpa_printf(MSG_ERROR, "Failed to set point for peer's public key");
goto cleanup; goto cleanup;
@ -1228,7 +1246,7 @@ cleanup:
os_free(py); os_free(py);
os_free(buf); os_free(buf);
os_free(secret); os_free(secret);
crypto_ec_free_key(pkey); crypto_ec_key_deinit(pkey);
crypto_bignum_deinit(bn_x, 1); crypto_bignum_deinit(bn_x, 1);
crypto_ec_point_deinit(ec_pt, 1); crypto_ec_point_deinit(ec_pt, 1);
mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ctr_drbg_free(&ctr_drbg);

View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -10,7 +10,6 @@
#include "esp_err.h" #include "esp_err.h"
#include "utils/includes.h" #include "utils/includes.h"
#include "utils/common.h" #include "utils/common.h"
#include "common/dpp.h" #include "common/dpp.h"
#include "esp_dpp.h" #include "esp_dpp.h"
#include "esp_wifi_driver.h" #include "esp_wifi_driver.h"
@ -59,6 +58,11 @@ struct esp_dpp_context_t {
int esp_supp_rx_action(uint8_t *hdr, uint8_t *payload, size_t len, uint8_t channel); int esp_supp_rx_action(uint8_t *hdr, uint8_t *payload, size_t len, uint8_t channel);
esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data); esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data);
#ifdef CONFIG_TESTING_OPTIONS
int dpp_test_gen_invalid_key(struct wpabuf *msg, const struct dpp_curve_params *curve);
char * dpp_corrupt_connector_signature(const char *connector);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_ESP_WIFI_DPP_SUPPORT #ifdef CONFIG_ESP_WIFI_DPP_SUPPORT
bool is_dpp_enabled(void); bool is_dpp_enabled(void);
#else #else

File diff suppressed because it is too large Load Diff

View File

@ -18,6 +18,7 @@
#include "utils/common.h" #include "utils/common.h"
#include "esp_err.h" #include "esp_err.h"
#include "esp_dpp.h" #include "esp_dpp.h"
#include "crypto/crypto.h"
struct crypto_ecdh; struct crypto_ecdh;
struct hostapd_ip_addr; struct hostapd_ip_addr;
@ -159,11 +160,13 @@ struct dpp_bootstrap_info {
enum dpp_bootstrap_type type; enum dpp_bootstrap_type type;
char *uri; char *uri;
u8 mac_addr[ETH_ALEN]; u8 mac_addr[ETH_ALEN];
char *chan;
char *info; char *info;
char *pk;
unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ]; unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
unsigned int num_freq; unsigned int num_freq;
int own; int own;
struct crypto_key *pubkey; struct crypto_ec_key *pubkey;
u8 pubkey_hash[SHA256_MAC_LEN]; u8 pubkey_hash[SHA256_MAC_LEN];
const struct dpp_curve_params *curve; const struct dpp_curve_params *curve;
unsigned int pkex_t; /* number of failures before dpp_pkex unsigned int pkex_t; /* number of failures before dpp_pkex
@ -182,12 +185,12 @@ struct dpp_pkex {
u8 peer_mac[ETH_ALEN]; u8 peer_mac[ETH_ALEN];
char *identifier; char *identifier;
char *code; char *code;
struct crypto_key *x; struct crypto_ec_key *x;
struct crypto_key *y; struct crypto_ec_key *y;
u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
u8 z[DPP_MAX_HASH_LEN]; u8 z[DPP_MAX_HASH_LEN];
struct crypto_key *peer_bootstrap_key; struct crypto_ec_key *peer_bootstrap_key;
struct wpabuf *exchange_req; struct wpabuf *exchange_req;
struct wpabuf *exchange_resp; struct wpabuf *exchange_resp;
unsigned int t; /* number of failures on code use */ unsigned int t; /* number of failures on code use */
@ -250,8 +253,8 @@ struct dpp_authentication {
u8 e_nonce[DPP_MAX_NONCE_LEN]; u8 e_nonce[DPP_MAX_NONCE_LEN];
u8 i_capab; u8 i_capab;
u8 r_capab; u8 r_capab;
struct crypto_key *own_protocol_key; struct crypto_ec_key *own_protocol_key;
struct crypto_key *peer_protocol_key; struct crypto_ec_key *peer_protocol_key;
struct wpabuf *req_msg; struct wpabuf *req_msg;
struct wpabuf *resp_msg; struct wpabuf *resp_msg;
/* Intersection of possible frequencies for initiating DPP /* Intersection of possible frequencies for initiating DPP
@ -320,7 +323,7 @@ struct dpp_configurator {
struct dl_list list; struct dl_list list;
unsigned int id; unsigned int id;
int own; int own;
struct crypto_key *csign; struct crypto_ec_key *csign;
char *kid; char *kid;
const struct dpp_curve_params *curve; const struct dpp_curve_params *curve;
}; };
@ -440,13 +443,10 @@ extern size_t dpp_nonce_override_len;
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type); const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type);
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi, int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
const char *chan_list); const char *chan_list);
int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac); int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac);
int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info); int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info);
char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
u8 *privkey, size_t privkey_len);
struct hostapd_hw_modes; struct hostapd_hw_modes;
struct dpp_authentication * dpp_auth_init(void *msg_ctx, struct dpp_authentication * dpp_auth_init(void *msg_ctx,
struct dpp_bootstrap_info *peer_bi, struct dpp_bootstrap_info *peer_bi,

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,79 @@
/*
* DPP module internal definitions
* Copyright (c) 2017, Qualcomm Atheros, Inc.
* Copyright (c) 2018-2020, The Linux Foundation
* Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef ESP_DPP_I_H
#define ESP_DPP_I_H
#include "esp_err.h"
#include "utils/includes.h"
#include "utils/common.h"
#include "common/dpp.h"
#include "esp_dpp.h"
#include "esp_wifi_driver.h"
/* dpp_crypto.c */
struct dpp_signed_connector_info {
unsigned char *payload;
size_t payload_len;
};
const struct dpp_curve_params *dpp_get_curve_name(const char *name);
const struct dpp_curve_params *dpp_get_curve_jwk_crv(const char *name);
void dpp_debug_print_key(const char *title, struct crypto_ec_key *key);
int dpp_hash_vector(const struct dpp_curve_params *curve,
size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
const char *label, u8 *out, size_t outlen);
int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
size_t num_elem, const u8 *addr[],
const size_t *len, u8 *mac);
int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len,
const u8 *data, size_t data_len, u8 *mac);
struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
const u8 *buf, size_t len);
struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
const u8 *privkey, size_t privkey_len);
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
u8 *privkey, size_t privkey_len);
int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
unsigned int hash_len);
int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2,
unsigned int hash_len);
int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer,
u8 *secret, size_t *secret_len);
struct wpabuf *dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
const u8 *prot_hdr, u16 prot_hdr_len, int *hash_func);
int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash);
enum dpp_status_error dpp_process_signed_connector(struct dpp_signed_connector_info *info,
struct crypto_ec_key *csign_pub, const char *connector);
int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth);
int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth);
int dpp_auth_derive_l_responder(struct dpp_authentication *auth);
int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
unsigned int hash_len);
int dpp_derive_pmkid(const struct dpp_curve_params *curve,
struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid);
int dpp_bn2bin_pad(const struct crypto_bignum *bn, u8 *pos, size_t len);
struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key);
struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *pkey, int prefix);
int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi, const u8 *data, size_t data_len);
int dpp_derive_bk_ke(struct dpp_authentication *auth);
enum dpp_status_error
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *csign_key, size_t csign_key_len,
const u8 *peer_connector, size_t peer_connector_len);
/* dpp crypto apis */
#endif /* ESP_DPP_I_H */

View File

@ -798,7 +798,7 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
*/ */
/** /**
* crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve * crypto_ec_get_b - Get 'b' coefficient of an EC group's curve
* @e: EC context from crypto_ec_init() * @e: EC context from crypto_ec_init()
* Returns: 'b' coefficient (bignum) of the group * Returns: 'b' coefficient (bignum) of the group
*/ */
@ -932,6 +932,9 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
const struct crypto_ec_point *a, const struct crypto_ec_point *a,
const struct crypto_ec_point *b); const struct crypto_ec_point *b);
struct crypto_ec_key;
/** /**
* crypto_ec_get_publickey_buf - Write EC public key to buffer * crypto_ec_get_publickey_buf - Write EC public key to buffer
* @key: crypto key * @key: crypto key
@ -939,29 +942,29 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
* @len: length of buffer * @len: length of buffer
* Returns: 0 on success, non-zero otherwise * Returns: 0 on success, non-zero otherwise
*/ */
int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len); int crypto_ec_get_publickey_buf(struct crypto_ec_key *key, u8 *key_buf, int len);
/** /**
* crypto_ec_get_group_from_key - Write EC group from key * crypto_ec_get_group_from_key - Write EC group from key
* @key: crypto key * @key: crypto key
* Returns: EC group * Returns: EC group
*/ */
struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key); struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_ec_key *key);
/** /**
* crypto_ec_get_private_key - Get EC private key (in bignum format) * crypto_ec_key_get_private_key - Get EC private key (in bignum format)
* @key: crypto key * @key: crypto key
* Returns: Private key * Returns: Private key
*/ */
struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key); struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_ec_key *key);
/** /**
* crypto_ec_get_key - Read key from character stream * crypto_ec_key_parse_priv - Read key from character stream
* @privkey: Private key * @privkey: Private key
* @privkey_len: private key len * @privkey_len: private key len
* Returns: Crypto key * Returns: Crypto key
*/ */
struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len); struct crypto_ec_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len);
/** /**
* crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group * crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group
@ -985,7 +988,7 @@ int crypto_ec_get_curve_id(const struct crypto_ec_group *group);
* @secret_len: secret len * @secret_len: secret len
* Returns: 0 if success else negative value * Returns: 0 if success else negative value
*/ */
int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, int crypto_ecdh(struct crypto_ec_key *key_own, struct crypto_ec_key *key_peer,
u8 *secret, size_t *secret_len); u8 *secret, size_t *secret_len);
/** /**
@ -999,78 +1002,84 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
*/ */
int crypto_ecdsa_get_sign(unsigned char *hash, int crypto_ecdsa_get_sign(unsigned char *hash,
const struct crypto_bignum *r, const struct crypto_bignum *s, const struct crypto_bignum *r, const struct crypto_bignum *s,
struct crypto_key *csign, int hash_len); struct crypto_ec_key *csign, int hash_len);
/** /**
* crypto_edcsa_sign_verify: verify crypto ecdsa signed hash * crypto_ec_key_verify_signature_r_s: verify ec key signature
* @csign: csign
* @hash: signed hash * @hash: signed hash
* @hlen: length of hash
* @r: ecdsa r * @r: ecdsa r
* @s: ecdsa s * @s: ecdsa s
* @csign: csign * @r_len: Length of @r buffer
* @hlen: length of hash * @s_len: Length of @s buffer
* Return: 0 if success else negative value * Return: 0 if success else negative value
*/ */
int crypto_edcsa_sign_verify(const unsigned char *hash, const struct crypto_bignum *r, int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *csign,
const struct crypto_bignum *s, struct crypto_key *csign, int hlen); const unsigned char *hash, int hlen,
const u8 *r, size_t r_len,
const u8 *s, size_t s_len);
/** /**
* crypto_ec_parse_subpub_key: get EC key context from sub public key * crypto_ec_parse_subpub_key: get EC key context from sub public key
* @p: data * @p: data
* @len: data len * @len: data len
* Return: crypto_key * Return: crypto_ec_key
*/ */
struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len); struct crypto_ec_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len);
/** /**
* crypto_is_ec_key: check whether a key is EC key or not * crypto_is_ec_key: check whether a key is EC key or not
* @key: crypto key * @key: crypto key
* Return: true if key else false * Return: true if key else false
*/ */
int crypto_is_ec_key(struct crypto_key *key); int crypto_is_ec_key(struct crypto_ec_key *key);
/** /**
* crypto_ec_gen_keypair: generate crypto ec keypair * crypto_ec_key_gen: generate crypto ec keypair
* @ike_group: grpup * @ike_group: grpup
* Return: crypto key * Return: crypto key
*/ */
struct crypto_key * crypto_ec_gen_keypair(u16 ike_group); struct crypto_ec_key * crypto_ec_key_gen(u16 ike_group);
/** /**
* crypto_ec_write_pub_key: return public key in charater buffer * crypto_ec_write_pub_key: return public key in character buffer
* @key: crypto key * @key: crypto key
* @der_len: buffer len * @der_len: buffer len
* Return: public key buffer * Return: public key buffer
*/ */
int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf); int crypto_ec_write_pub_key(struct crypto_ec_key *key, unsigned char **key_buf);
/** /**
* crypto_ec_set_pubkey_point: set bignum point on ec curve * crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for an EC key
* @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen()
* Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo or %NULL on failure
*/
struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key);
/**
* crypto_ec_key_set_pub: set bignum point on ec curve
* @group: ec group * @group: ec group
* @buf: x,y coordinate * @buf: x,y coordinate
* @len: length of x and y coordiate * @len: length of x and y coordinate
* Return : crypto key * Return : crypto key or NULL on failure
*/ */
struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group, struct crypto_ec_key * crypto_ec_key_set_pub(const struct crypto_ec_group *group,
const u8 *buf, size_t len); const u8 *buf, size_t len);
/** /**
* crypto_ec_free_key: free crypto key * crypto_ec_key_debug_print: print ec key
* Return : None
*/
void crypto_ec_free_key(struct crypto_key *key);
/**
* crypto_debug_print_ec_key: print ec key
* @title: title
* @key: crypto key * @key: crypto key
* @title: title
* Return: None * Return: None
*/ */
void crypto_debug_print_ec_key(const char *title, struct crypto_key *key); void crypto_ec_key_debug_print(struct crypto_ec_key *key, const char *title);
/** /**
* crypto_ec_get_public_key: Public key from crypto key * crypto_ec_key_get_public_key: Public key from crypto key
* @key: crypto key * @key: crypto key
* Return : Public key * Return : Public key
*/ */
struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key); struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_ec_key *key);
/** /**
* crypto_get_order: free crypto key * crypto_get_order: free crypto key
@ -1079,7 +1088,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key);
int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x); int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x);
/** /**
* crypto_ec_get_affine_coordinates : get affine corrdinate of ec curve * crypto_ec_get_affine_coordinates : get affine coordinate of ec curve
* @e: ec curve * @e: ec curve
* @pt: point * @pt: point
* @x: x coordinate * @x: x coordinate
@ -1097,18 +1106,18 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point
struct crypto_ec_group *crypto_ec_get_group_byname(const char *name); struct crypto_ec_group *crypto_ec_get_group_byname(const char *name);
/** /**
* crypto_key_compare: check whether two keys belong to same * crypto_ec_key_compare: check whether two keys belong to same
* Return : 1 if yes else 0 * Return : 1 if yes else 0
*/ */
int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2); int crypto_ec_key_compare(struct crypto_ec_key *key1, struct crypto_ec_key *key2);
/* /*
* crypto_write_pubkey_der: get public key in der format * crypto_write_pubkey_der: get public key in der format
* @csign: key * @csign: key
* @key_buf: key buffer in charater format * @key_buf: key buffer in character format
* Return : len of char buffer if success * Return : len of char buffer if success
*/ */
int crypto_write_pubkey_der(struct crypto_key *csign, unsigned char **key_buf); int crypto_write_pubkey_der(struct crypto_ec_key *csign, unsigned char **key_buf);
/** /**
* crypto_free_buffer: free buffer allocated by crypto API * crypto_free_buffer: free buffer allocated by crypto API
@ -1120,11 +1129,11 @@ void crypto_free_buffer(unsigned char *buf);
/** /**
* @crypto_ec_get_priv_key_der: get private key in der format * @crypto_ec_get_priv_key_der: get private key in der format
* @key: key structure * @key: key structure
* @key_data: key data in charater buffer * @key_data: key data in character buffer
* @key_len = key length of charater buffer * @key_len = key length of character buffer
* Return : 0 if success * Return : 0 if success
*/ */
int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len); int crypto_ec_get_priv_key_der(struct crypto_ec_key *key, unsigned char **key_data, int *key_len);
/** /**
* crypto_bignum_to_string: get big number in ascii format * crypto_bignum_to_string: get big number in ascii format
@ -1148,9 +1157,6 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
const u8 *key, size_t len); const u8 *key, size_t len);
struct crypto_ec_key;
/** /**
* crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1 * crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1
* @der: DER encoding of ASN.1 SubjectPublicKeyInfo * @der: DER encoding of ASN.1 SubjectPublicKeyInfo