42 static void dpp_auth_success(struct dpp_authentication *auth)  in dpp_auth_success()  argument
46 	os_memset(auth->Mx, 0, sizeof(auth->Mx));  in dpp_auth_success()
47 	auth->Mx_len = 0;  in dpp_auth_success()
48 	os_memset(auth->Nx, 0, sizeof(auth->Nx));  in dpp_auth_success()
49 	auth->Nx_len = 0;  in dpp_auth_success()
50 	os_memset(auth->Lx, 0, sizeof(auth->Lx));  in dpp_auth_success()
51 	auth->Lx_len = 0;  in dpp_auth_success()
52 	os_memset(auth->k1, 0, sizeof(auth->k1));  in dpp_auth_success()
53 	os_memset(auth->k2, 0, sizeof(auth->k2));  in dpp_auth_success()
55 	auth->auth_success = 1;  in dpp_auth_success()
59 static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,  in dpp_auth_build_req()  argument
154 		os_memcpy(pos, auth->i_nonce, nonce_len - 1);  in dpp_auth_build_req()
165 	os_memcpy(pos, auth->i_nonce, nonce_len);  in dpp_auth_build_req()
181 	auth->i_capab = auth->allowed_roles;  in dpp_auth_build_req()
182 	*pos++ = auth->i_capab;  in dpp_auth_build_req()
205 	if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_req()
233 static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,  in dpp_auth_build_resp()  argument
253 	auth->waiting_auth_conf = 1;  in dpp_auth_build_resp()
254 	auth->auth_resp_tries = 0;  in dpp_auth_build_resp()
291 	if (auth->peer_version >= 2) {  in dpp_auth_build_resp()
348 	auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR :  in dpp_auth_build_resp()
350 	*pos++ = auth->r_capab;  in dpp_auth_build_resp()
358 		if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) ==  in dpp_auth_build_resp()
362 			pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :  in dpp_auth_build_resp()
390 	if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_resp()
417 static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)  in dpp_auth_build_resp_ok()  argument
433 	if (!auth->own_bi)  in dpp_auth_build_resp_ok()
440 		os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);  in dpp_auth_build_resp_ok()
442 		nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
443 		if (random_get_bytes(auth->r_nonce, nonce_len)) {  in dpp_auth_build_resp_ok()
450 	nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
451 	if (random_get_bytes(auth->r_nonce, nonce_len)) {  in dpp_auth_build_resp_ok()
456 	wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);  in dpp_auth_build_resp_ok()
458 	EVP_PKEY_free(auth->own_protocol_key);  in dpp_auth_build_resp_ok()
465 		auth->own_protocol_key = dpp_set_keypair(  in dpp_auth_build_resp_ok()
469 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
472 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
474 	if (!auth->own_protocol_key)  in dpp_auth_build_resp_ok()
477 	pr = dpp_get_pubkey_point(auth->own_protocol_key, 0);  in dpp_auth_build_resp_ok()
482 	if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key,  in dpp_auth_build_resp_ok()
483 		     auth->Nx, &secret_len) < 0)  in dpp_auth_build_resp_ok()
487 			auth->Nx, auth->secret_len);  in dpp_auth_build_resp_ok()
488 	auth->Nx_len = auth->secret_len;  in dpp_auth_build_resp_ok()
490 	if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,  in dpp_auth_build_resp_ok()
491 			  auth->curve->hash_len) < 0)  in dpp_auth_build_resp_ok()
494 	if (auth->own_bi && auth->peer_bi) {  in dpp_auth_build_resp_ok()
496 		if (dpp_auth_derive_l_responder(auth) < 0)  in dpp_auth_build_resp_ok()
500 	if (dpp_derive_bk_ke(auth) < 0)  in dpp_auth_build_resp_ok()
505 	WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);  in dpp_auth_build_resp_ok()
506 	if (dpp_gen_r_auth(auth, r_auth + 4) < 0)  in dpp_auth_build_resp_ok()
511 		r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_resp_ok()
514 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_resp_ok()
515 			    r_auth, 4 + auth->curve->hash_len,  in dpp_auth_build_resp_ok()
518 	wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;  in dpp_auth_build_resp_ok()
523 	r_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_resp_ok()
524 	if (auth->peer_bi)  in dpp_auth_build_resp_ok()
525 		i_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_resp_ok()
529 	i_nonce = auth->i_nonce;  in dpp_auth_build_resp_ok()
530 	r_nonce = auth->r_nonce;  in dpp_auth_build_resp_ok()
563 		pr = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_build_resp_ok()
564 		if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)  in dpp_auth_build_resp_ok()
585 	msg = dpp_auth_build_resp(auth, status, pr, nonce_len,  in dpp_auth_build_resp_ok()
589 				  auth->k2);  in dpp_auth_build_resp_ok()
592 	wpabuf_free(auth->resp_msg);  in dpp_auth_build_resp_ok()
593 	auth->resp_msg = msg;  in dpp_auth_build_resp_ok()
601 static int dpp_auth_build_resp_status(struct dpp_authentication *auth,  in dpp_auth_build_resp_status()  argument
610 	if (!auth->own_bi)  in dpp_auth_build_resp_status()
614 	r_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_resp_status()
615 	if (auth->peer_bi)  in dpp_auth_build_resp_status()
616 		i_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_resp_status()
620 	i_nonce = auth->i_nonce;  in dpp_auth_build_resp_status()
655 	msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,  in dpp_auth_build_resp_status()
657 				  NULL, i_nonce, NULL, 0, auth->k1);  in dpp_auth_build_resp_status()
660 	wpabuf_free(auth->resp_msg);  in dpp_auth_build_resp_status()
661 	auth->resp_msg = msg;  in dpp_auth_build_resp_status()
684 	struct dpp_authentication *auth = NULL;  in dpp_auth_req_rx()  local
709 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_auth_req_rx()
710 	if (!auth)  in dpp_auth_req_rx()
713 	    dpp_set_configurator(auth, peer_bi->configurator_params) < 0)  in dpp_auth_req_rx()
715 	auth->peer_bi = peer_bi;  in dpp_auth_req_rx()
716 	auth->own_bi = own_bi;  in dpp_auth_req_rx()
717 	auth->curve = own_bi->curve;  in dpp_auth_req_rx()
718 	auth->curr_freq = freq;  in dpp_auth_req_rx()
720 	auth->peer_version = 1; /* default to the first version */  in dpp_auth_req_rx()
726 			dpp_auth_fail(auth,  in dpp_auth_req_rx()
730 		auth->peer_version = version[0];  in dpp_auth_req_rx()
732 			   auth->peer_version);  in dpp_auth_req_rx()
742 			dpp_auth_fail(auth, "Too short Channel attribute");  in dpp_auth_req_rx()
751 			dpp_auth_fail(auth,  in dpp_auth_req_rx()
756 		if (auth->curr_freq != (unsigned int) neg_freq) {  in dpp_auth_req_rx()
760 			auth->curr_freq = neg_freq;  in dpp_auth_req_rx()
767 		dpp_auth_fail(auth,  in dpp_auth_req_rx()
777 		dpp_auth_fail(auth, "Invalid Initiator Protocol Key");  in dpp_auth_req_rx()
782 	if (dpp_ecdh(own_bi->pubkey, pi, auth->Mx, &secret_len) < 0)  in dpp_auth_req_rx()
784 	auth->secret_len = secret_len;  in dpp_auth_req_rx()
787 			auth->Mx, auth->secret_len);  in dpp_auth_req_rx()
788 	auth->Mx_len = auth->secret_len;  in dpp_auth_req_rx()
790 	if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,  in dpp_auth_req_rx()
791 			  auth->curve->hash_len) < 0)  in dpp_auth_req_rx()
806 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_req_rx()
809 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_req_rx()
816 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_req_rx()
822 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_req_rx()
823 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_req_rx()
827 	os_memcpy(auth->i_nonce, i_nonce, i_nonce_len);  in dpp_auth_req_rx()
833 		dpp_auth_fail(auth, "Missing or invalid I-capabilities");  in dpp_auth_req_rx()
836 	auth->i_capab = i_capab[0];  in dpp_auth_req_rx()
837 	wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab);  in dpp_auth_req_rx()
842 	switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) {  in dpp_auth_req_rx()
850 		auth->configurator = 1;  in dpp_auth_req_rx()
859 		auth->configurator = 0;  in dpp_auth_req_rx()
864 			auth->configurator = 0;  in dpp_auth_req_rx()
867 			auth->configurator = 1;  in dpp_auth_req_rx()
876 		wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_req_rx()
878 			auth->i_capab & DPP_CAPAB_ROLE_MASK);  in dpp_auth_req_rx()
882 	auth->peer_protocol_key = pi;  in dpp_auth_req_rx()
889 		if (dpp_auth_build_resp_status(auth,  in dpp_auth_req_rx()
896 			auth->response_pending = 1;  in dpp_auth_req_rx()
897 			os_memcpy(auth->waiting_pubkey_hash,  in dpp_auth_req_rx()
905 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE  in dpp_auth_req_rx()
907 		return auth;  in dpp_auth_req_rx()
909 	if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_auth_req_rx()
912 	return auth;  in dpp_auth_req_rx()
915 	wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE  in dpp_auth_req_rx()
916 		"i-capab=0x%02x", auth->i_capab);  in dpp_auth_req_rx()
918 		auth->configurator = 1;  in dpp_auth_req_rx()
920 		auth->configurator = 0;  in dpp_auth_req_rx()
921 	auth->peer_protocol_key = pi;  in dpp_auth_req_rx()
923 	if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0)  in dpp_auth_req_rx()
926 	auth->remove_on_tx_status = 1;  in dpp_auth_req_rx()
927 	return auth;  in dpp_auth_req_rx()
932 	dpp_auth_deinit(auth);  in dpp_auth_req_rx()
937 int dpp_notify_new_qr_code(struct dpp_authentication *auth,  in dpp_notify_new_qr_code()  argument
940 	if (!auth || !auth->response_pending ||  in dpp_notify_new_qr_code()
941 	    os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash,  in dpp_notify_new_qr_code()
947 		   MACSTR, MAC2STR(auth->peer_mac_addr));  in dpp_notify_new_qr_code()
948 	auth->peer_bi = peer_bi;  in dpp_notify_new_qr_code()
950 	if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_notify_new_qr_code()
957 static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth,  in dpp_auth_build_conf()  argument
977 	i_auth_len = 4 + auth->curve->hash_len;  in dpp_auth_build_conf()
978 	r_nonce_len = 4 + auth->curve->nonce_len;  in dpp_auth_build_conf()
992 	r_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_build_conf()
993 	if (auth->own_bi)  in dpp_auth_build_conf()
994 		i_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_build_conf()
1078 		WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);  in dpp_auth_build_conf()
1079 		if (dpp_gen_i_auth(auth, i_auth + 4) < 0)  in dpp_auth_build_conf()
1085 			i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_conf()
1089 		if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_conf()
1102 		WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);  in dpp_auth_build_conf()
1103 		os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);  in dpp_auth_build_conf()
1105 		if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_build_conf()
1125 		dpp_auth_success(auth);  in dpp_auth_build_conf()
1135 static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth)  in dpp_autogen_bootstrap_key()  argument
1139 	if (auth->own_bi)  in dpp_autogen_bootstrap_key()
1146 	if (dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0) < 0 ||  in dpp_autogen_bootstrap_key()
1153 	auth->tmp_own_bi = auth->own_bi = bi;  in dpp_autogen_bootstrap_key()
1170 	struct dpp_authentication *auth;  in dpp_auth_init()  local
1179 	auth = dpp_alloc_auth(dpp, msg_ctx);  in dpp_auth_init()
1180 	if (!auth)  in dpp_auth_init()
1183 	    dpp_set_configurator(auth, peer_bi->configurator_params) < 0)  in dpp_auth_init()
1185 	auth->initiator = 1;  in dpp_auth_init()
1186 	auth->waiting_auth_resp = 1;  in dpp_auth_init()
1187 	auth->allowed_roles = dpp_allowed_roles;  in dpp_auth_init()
1188 	auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR);  in dpp_auth_init()
1189 	auth->peer_bi = peer_bi;  in dpp_auth_init()
1190 	auth->own_bi = own_bi;  in dpp_auth_init()
1191 	auth->curve = peer_bi->curve;  in dpp_auth_init()
1193 	if (dpp_autogen_bootstrap_key(auth) < 0 ||  in dpp_auth_init()
1194 	    dpp_prepare_channel_list(auth, neg_freq, own_modes, num_modes) < 0)  in dpp_auth_init()
1201 		os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);  in dpp_auth_init()
1203 		nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1204 		if (random_get_bytes(auth->i_nonce, nonce_len)) {  in dpp_auth_init()
1211 	nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1212 	if (random_get_bytes(auth->i_nonce, nonce_len)) {  in dpp_auth_init()
1217 	wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);  in dpp_auth_init()
1225 		auth->own_protocol_key = dpp_set_keypair(  in dpp_auth_init()
1229 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1232 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1234 	if (!auth->own_protocol_key)  in dpp_auth_init()
1237 	pi = dpp_get_pubkey_point(auth->own_protocol_key, 0);  in dpp_auth_init()
1242 	if (dpp_ecdh(auth->own_protocol_key, auth->peer_bi->pubkey,  in dpp_auth_init()
1243 		     auth->Mx, &secret_len) < 0)  in dpp_auth_init()
1245 	auth->secret_len = secret_len;  in dpp_auth_init()
1248 			auth->Mx, auth->secret_len);  in dpp_auth_init()
1249 	auth->Mx_len = auth->secret_len;  in dpp_auth_init()
1251 	if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,  in dpp_auth_init()
1252 			  auth->curve->hash_len) < 0)  in dpp_auth_init()
1255 	r_pubkey_hash = auth->peer_bi->pubkey_hash;  in dpp_auth_init()
1256 	i_pubkey_hash = auth->own_bi->pubkey_hash;  in dpp_auth_init()
1284 		pi = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_init()
1285 		if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)  in dpp_auth_init()
1290 	if (neg_freq && auth->num_freq == 1 && auth->freq[0] == neg_freq)  in dpp_auth_init()
1292 	auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash,  in dpp_auth_init()
1294 	if (!auth->req_msg)  in dpp_auth_init()
1299 	return auth;  in dpp_auth_init()
1301 	dpp_auth_deinit(auth);  in dpp_auth_init()
1302 	auth = NULL;  in dpp_auth_init()
1306 dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_resp_rx_status()  argument
1328 		dpp_auth_fail(auth, "Responder reported failure");  in dpp_auth_resp_rx_status()
1344 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_resp_rx_status()
1347 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx_status()
1354 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_resp_rx_status()
1360 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx_status()
1361 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_resp_rx_status()
1365 	if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {  in dpp_auth_resp_rx_status()
1366 		dpp_auth_fail(auth, "I-nonce mismatch");  in dpp_auth_resp_rx_status()
1374 		dpp_auth_fail(auth, "Missing or invalid R-capabilities");  in dpp_auth_resp_rx_status()
1377 	auth->r_capab = r_capab[0];  in dpp_auth_resp_rx_status()
1378 	wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);  in dpp_auth_resp_rx_status()
1380 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE  in dpp_auth_resp_rx_status()
1381 			"r-capab=0x%02x", auth->r_capab);  in dpp_auth_resp_rx_status()
1383 		u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;  in dpp_auth_resp_rx_status()
1385 		if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||  in dpp_auth_resp_rx_status()
1386 		    (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {  in dpp_auth_resp_rx_status()
1387 			wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_resp_rx_status()
1393 			wpa_msg(auth->msg_ctx, MSG_INFO,  in dpp_auth_resp_rx_status()
1395 				auth->tmp_own_bi ? auth->tmp_own_bi->uri : "");  in dpp_auth_resp_rx_status()
1404 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_resp_rx()  argument
1433 	if (!auth->initiator || !auth->peer_bi || auth->reconfig) {  in dpp_auth_resp_rx()
1434 		dpp_auth_fail(auth, "Unexpected Authentication Response");  in dpp_auth_resp_rx()
1438 	auth->waiting_auth_resp = 0;  in dpp_auth_resp_rx()
1443 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1456 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1462 	if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash,  in dpp_auth_resp_rx()
1464 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1468 			    auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);  in dpp_auth_resp_rx()
1477 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1484 		if (!auth->own_bi ||  in dpp_auth_resp_rx()
1485 		    os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash,  in dpp_auth_resp_rx()
1487 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1491 	} else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) {  in dpp_auth_resp_rx()
1493 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1496 	} else if (auth->own_bi &&  in dpp_auth_resp_rx()
1497 		   auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&  in dpp_auth_resp_rx()
1498 		   auth->own_bi->nfc_negotiated) {  in dpp_auth_resp_rx()
1501 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1506 	auth->peer_version = 1; /* default to the first version */  in dpp_auth_resp_rx()
1512 			dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1516 		auth->peer_version = version[0];  in dpp_auth_resp_rx()
1518 			   auth->peer_version);  in dpp_auth_resp_rx()
1525 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1530 	auth->auth_resp_status = status[0];  in dpp_auth_resp_rx()
1532 		dpp_auth_resp_rx_status(auth, hdr, attr_start,  in dpp_auth_resp_rx()
1538 	if (!i_bootstrap && auth->own_bi) {  in dpp_auth_resp_rx()
1541 		auth->own_bi = NULL;  in dpp_auth_resp_rx()
1544 	wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_DIRECTION "mutual=%d",  in dpp_auth_resp_rx()
1545 		auth->own_bi != NULL);  in dpp_auth_resp_rx()
1550 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1558 	pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len);  in dpp_auth_resp_rx()
1560 		dpp_auth_fail(auth, "Invalid Responder Protocol Key");  in dpp_auth_resp_rx()
1565 	if (dpp_ecdh(auth->own_protocol_key, pr, auth->Nx, &secret_len) < 0) {  in dpp_auth_resp_rx()
1566 		dpp_auth_fail(auth, "Failed to derive ECDH shared secret");  in dpp_auth_resp_rx()
1569 	EVP_PKEY_free(auth->peer_protocol_key);  in dpp_auth_resp_rx()
1570 	auth->peer_protocol_key = pr;  in dpp_auth_resp_rx()
1574 			auth->Nx, auth->secret_len);  in dpp_auth_resp_rx()
1575 	auth->Nx_len = auth->secret_len;  in dpp_auth_resp_rx()
1577 	if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,  in dpp_auth_resp_rx()
1578 			  auth->curve->hash_len) < 0)  in dpp_auth_resp_rx()
1593 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_resp_rx()
1596 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx()
1603 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_resp_rx()
1609 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
1610 		dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");  in dpp_auth_resp_rx()
1614 	os_memcpy(auth->r_nonce, r_nonce, r_nonce_len);  in dpp_auth_resp_rx()
1618 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
1619 		dpp_auth_fail(auth, "Missing or invalid I-nonce");  in dpp_auth_resp_rx()
1623 	if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {  in dpp_auth_resp_rx()
1624 		dpp_auth_fail(auth, "I-nonce mismatch");  in dpp_auth_resp_rx()
1628 	if (auth->own_bi) {  in dpp_auth_resp_rx()
1630 		if (dpp_auth_derive_l_initiator(auth) < 0)  in dpp_auth_resp_rx()
1638 		dpp_auth_fail(auth, "Missing or invalid R-capabilities");  in dpp_auth_resp_rx()
1641 	auth->r_capab = r_capab[0];  in dpp_auth_resp_rx()
1642 	wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);  in dpp_auth_resp_rx()
1643 	role = auth->r_capab & DPP_CAPAB_ROLE_MASK;  in dpp_auth_resp_rx()
1644 	if ((auth->allowed_roles ==  in dpp_auth_resp_rx()
1649 		auth->configurator = role == DPP_CAPAB_ENROLLEE;  in dpp_auth_resp_rx()
1651 			   auth->configurator ? "Configurator" : "Enrollee");  in dpp_auth_resp_rx()
1652 	} else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||  in dpp_auth_resp_rx()
1653 		   (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {  in dpp_auth_resp_rx()
1655 		wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL  in dpp_auth_resp_rx()
1662 		auth->remove_on_tx_status = 1;  in dpp_auth_resp_rx()
1663 		return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE);  in dpp_auth_resp_rx()
1669 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1677 	if (dpp_derive_bk_ke(auth) < 0)  in dpp_auth_resp_rx()
1684 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_resp_rx()
1687 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_resp_rx()
1694 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1701 	if (!r_auth || r_auth_len != auth->curve->hash_len) {  in dpp_auth_resp_rx()
1702 		dpp_auth_fail(auth,  in dpp_auth_resp_rx()
1709 	if (dpp_gen_r_auth(auth, r_auth2) < 0)  in dpp_auth_resp_rx()
1714 		dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag");  in dpp_auth_resp_rx()
1717 		auth->remove_on_tx_status = 1;  in dpp_auth_resp_rx()
1718 		return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE);  in dpp_auth_resp_rx()
1728 		if (dpp_auth_build_resp_ok(auth) < 0)  in dpp_auth_resp_rx()
1730 		return wpabuf_dup(auth->resp_msg);  in dpp_auth_resp_rx()
1734 	return dpp_auth_build_conf(auth, DPP_STATUS_OK);  in dpp_auth_resp_rx()
1744 static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth,  in dpp_auth_conf_rx_failure()  argument
1772 		dpp_auth_fail(auth, "Authentication failed");  in dpp_auth_conf_rx_failure()
1775 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_conf_rx_failure()
1778 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_conf_rx_failure()
1785 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_conf_rx_failure()
1791 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_conf_rx_failure()
1792 		dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");  in dpp_auth_conf_rx_failure()
1795 	if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) {  in dpp_auth_conf_rx_failure()
1799 			    auth->r_nonce, r_nonce_len);  in dpp_auth_conf_rx_failure()
1800 		dpp_auth_fail(auth, "R-nonce mismatch");  in dpp_auth_conf_rx_failure()
1805 		dpp_auth_fail(auth, "Peer reported incompatible R-capab role");  in dpp_auth_conf_rx_failure()
1807 		dpp_auth_fail(auth, "Peer reported authentication failure)");  in dpp_auth_conf_rx_failure()
1815 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,  in dpp_auth_conf_rx()  argument
1835 	if (auth->initiator || !auth->own_bi || !auth->waiting_auth_conf ||  in dpp_auth_conf_rx()
1836 	    auth->reconfig) {  in dpp_auth_conf_rx()
1839 			   auth->initiator, !!auth->own_bi,  in dpp_auth_conf_rx()
1840 			   auth->waiting_auth_conf);  in dpp_auth_conf_rx()
1841 		dpp_auth_fail(auth, "Unexpected Authentication Confirm");  in dpp_auth_conf_rx()
1845 	auth->waiting_auth_conf = 0;  in dpp_auth_conf_rx()
1850 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1863 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1869 	if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash,  in dpp_auth_conf_rx()
1873 			    auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);  in dpp_auth_conf_rx()
1874 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1884 			dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1891 		if (!auth->peer_bi ||  in dpp_auth_conf_rx()
1892 		    os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash,  in dpp_auth_conf_rx()
1894 			dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1898 	} else if (auth->peer_bi) {  in dpp_auth_conf_rx()
1901 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1909 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1916 		return dpp_auth_conf_rx_failure(auth, hdr, attr_start,  in dpp_auth_conf_rx()
1921 		dpp_auth_fail(auth, "Authentication failed");  in dpp_auth_conf_rx()
1937 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_conf_rx()
1940 		dpp_auth_fail(auth, "AES-SIV decryption failed");  in dpp_auth_conf_rx()
1947 		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");  in dpp_auth_conf_rx()
1953 	if (!i_auth || i_auth_len != auth->curve->hash_len) {  in dpp_auth_conf_rx()
1954 		dpp_auth_fail(auth,  in dpp_auth_conf_rx()
1961 	if (dpp_gen_i_auth(auth, i_auth2) < 0)  in dpp_auth_conf_rx()
1966 		dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag");  in dpp_auth_conf_rx()
1971 	dpp_auth_success(auth);  in dpp_auth_conf_rx()