34 				    const struct dpp_curve_params *curve);
96 static int dpp_hash_vector(const struct dpp_curve_params *curve,  in dpp_hash_vector()  argument
100 	if (curve->hash_len == 32)  in dpp_hash_vector()
103 	if (curve->hash_len == 48)  in dpp_hash_vector()
105 	if (curve->hash_len == 64)  in dpp_hash_vector()
580 	bi->curve = dpp_get_curve_group_id(id);  in dpp_parse_uri_pk()
581 	if (!bi->curve) {  in dpp_parse_uri_pk()
659 static struct crypto_key * dpp_gen_keypair(const struct dpp_curve_params *curve)  in dpp_gen_keypair()  argument
661 	struct crypto_key *key = crypto_ec_gen_keypair(curve->ike_group);  in dpp_gen_keypair()
697 static struct crypto_key * dpp_set_keypair(const struct dpp_curve_params **curve,  in dpp_set_keypair()  argument
713 	*curve = dpp_get_curve_group_id(id);  in dpp_set_keypair()
714 	if (!*curve) {  in dpp_set_keypair()
768 char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,  in dpp_keygen()  argument
778 	if (!curve) {  in dpp_keygen()
779 		bi->curve = &dpp_curves[0];  in dpp_keygen()
781 		bi->curve = dpp_get_curve_name(curve);  in dpp_keygen()
782 		if (!bi->curve) {  in dpp_keygen()
784 				   curve);  in dpp_keygen()
789 		bi->pubkey = dpp_set_keypair(&bi->curve, privkey, privkey_len);  in dpp_keygen()
791 		bi->pubkey = dpp_gen_keypair(bi->curve);  in dpp_keygen()
910 	nonce_len = auth->curve->nonce_len;  in dpp_derive_ke()
1109 	if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_req()
1282 	if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,  in dpp_auth_build_resp()
1487 	pk = dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0);  in dpp_autogen_bootstrap_key()
1540 	auth->curve = peer_bi->curve;  in dpp_auth_init()
1552 		nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1560 	nonce_len = auth->curve->nonce_len;  in dpp_auth_init()
1578 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1581 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_init()
1601 			  auth->curve->hash_len) < 0)  in dpp_auth_init()
1633 		pi = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_init()
1634 		if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)  in dpp_auth_init()
1665 	nonce_len = auth->curve->nonce_len;  in dpp_build_conf_req_attr()
1732 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_build_conf_req_attr()
1896 	nonce_len = auth->curve->nonce_len;  in dpp_gen_r_auth()
1951 	res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth);  in dpp_gen_r_auth()
1954 			    auth->curve->hash_len);  in dpp_gen_r_auth()
1974 	nonce_len = auth->curve->nonce_len;  in dpp_gen_i_auth()
2033 	res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth);  in dpp_gen_i_auth()
2036 			    auth->curve->hash_len);  in dpp_gen_i_auth()
2168 		nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
2176 	nonce_len = auth->curve->nonce_len;  in dpp_auth_build_resp_ok()
2195 		auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
2198 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_auth_build_resp_ok()
2217 			  auth->curve->hash_len) < 0)  in dpp_auth_build_resp_ok()
2226 	if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)  in dpp_auth_build_resp_ok()
2231 	WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);  in dpp_auth_build_resp_ok()
2237 		r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_resp_ok()
2240 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_resp_ok()
2241 			    r_auth, 4 + auth->curve->hash_len,  in dpp_auth_build_resp_ok()
2244 	wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;  in dpp_auth_build_resp_ok()
2289 		pr = wpabuf_alloc(2 * auth->curve->prime_len);  in dpp_auth_build_resp_ok()
2290 		if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)  in dpp_auth_build_resp_ok()
2381 	msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,  in dpp_auth_build_resp_status()
2442 	auth->curve = own_bi->curve;  in dpp_auth_req_rx()
2506 			  auth->curve->hash_len) < 0)  in dpp_auth_req_rx()
2521 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_req_rx()
2537 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_req_rx()
2688 	i_auth_len = 4 + auth->curve->hash_len;  in dpp_auth_build_conf()
2689 	r_nonce_len = 4 + auth->curve->nonce_len;  in dpp_auth_build_conf()
2789 		WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);  in dpp_auth_build_conf()
2796 			i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;  in dpp_auth_build_conf()
2800 		if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_build_conf()
2813 		WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);  in dpp_auth_build_conf()
2814 		os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);  in dpp_auth_build_conf()
2816 		if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_build_conf()
2885 	if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,  in dpp_auth_resp_rx_status()
2901 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx_status()
3093 			  auth->curve->hash_len) < 0)  in dpp_auth_resp_rx()
3108 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_resp_rx()
3124 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
3133 	if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {  in dpp_auth_resp_rx()
3192 	if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)  in dpp_auth_resp_rx()
3199 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_resp_rx()
3216 	if (!r_auth || r_auth_len != auth->curve->hash_len) {  in dpp_auth_resp_rx()
3290 	if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,  in dpp_auth_conf_rx_failure()
3306 	if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {  in dpp_auth_conf_rx_failure()
3447 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_auth_conf_rx()
3463 	if (!i_auth || i_auth_len != auth->curve->hash_len) {  in dpp_auth_conf_rx()
3895 			 const char *kid, const struct dpp_curve_params *curve)  in dpp_build_jwk()  argument
3908 	json_add_string(buf, "crv", curve->jwk_crv);  in dpp_build_jwk()
3911 	if (json_add_base64url(buf, "x", pos, curve->prime_len) < 0)  in dpp_build_jwk()
3914 	pos += curve->prime_len;  in dpp_build_jwk()
3915 	if (json_add_base64url(buf, "y", pos, curve->prime_len) < 0)  in dpp_build_jwk()
3991 	const struct dpp_curve_params *curve;  in dpp_build_conf_obj_dpp()  local
4009 	curve = auth->conf->curve;  in dpp_build_conf_obj_dpp()
4026 	dppcon = wpabuf_alloc(extra_len + 2 * auth->curve->prime_len * 4 / 3);  in dpp_build_conf_obj_dpp()
4057 			  auth->curve) < 0) {  in dpp_build_conf_obj_dpp()
4089 	json_add_string(jws_prot_hdr, "alg", curve->jws_alg);  in dpp_build_conf_obj_dpp()
4100 	hash = os_malloc(curve->hash_len);  in dpp_build_conf_obj_dpp()
4104 	if (dpp_get_config_obj_hash(signed1, signed1_len, signed2, signed1_len, hash, curve->hash_len) < 0)  in dpp_build_conf_obj_dpp()
4109 	if (crypto_ecdsa_get_sign(hash, r, s, auth->conf->csign, curve->hash_len) < 0)  in dpp_build_conf_obj_dpp()
4112 	signature = os_malloc(2 * curve->prime_len);  in dpp_build_conf_obj_dpp()
4115 	if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 ||  in dpp_build_conf_obj_dpp()
4116 			dpp_bn2bin_pad(s, signature + curve->prime_len,  in dpp_build_conf_obj_dpp()
4117 				curve->prime_len) < 0)  in dpp_build_conf_obj_dpp()
4119 	signature_len = 2 * curve->prime_len;  in dpp_build_conf_obj_dpp()
4128 	tailroom += 2 * curve->prime_len * 4 / 3 + os_strlen(auth->conf->kid);  in dpp_build_conf_obj_dpp()
4156 			  curve) < 0) {  in dpp_build_conf_obj_dpp()
4380 	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,  in dpp_build_conf_resp()
4449 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_conf_req_rx()
4466 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {  in dpp_conf_req_rx()
4559 dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,  in dpp_parse_jws_prot_hdr()  argument
4599 	if (os_strcmp(token->string, curve->jws_alg) != 0) {  in dpp_parse_jws_prot_hdr()
4602 			   token->string, curve->jws_alg);  in dpp_parse_jws_prot_hdr()
4671 	const struct dpp_curve_params *curve;  in dpp_parse_jwk()  local
4694 	curve = dpp_get_curve_jwk_crv(token->string);  in dpp_parse_jwk()
4695 	if (!curve) {  in dpp_parse_jwk()
4707 	if (wpabuf_len(x) != curve->prime_len) {  in dpp_parse_jwk()
4711 			   (unsigned int) curve->prime_len, curve->name);  in dpp_parse_jwk()
4721 	if (wpabuf_len(y) != curve->prime_len) {  in dpp_parse_jwk()
4725 			   (unsigned int) curve->prime_len, curve->name);  in dpp_parse_jwk()
4729 	group = crypto_ec_get_group_byname(curve->name);  in dpp_parse_jwk()
4742 	*key_curve = curve;  in dpp_parse_jwk()
4840 	const struct dpp_curve_params *curve;  in dpp_parse_connector()  local
4901 	key = dpp_parse_jwk(netkey, &curve);  in dpp_parse_connector()
5001 	const struct dpp_curve_params *curve;  in dpp_process_signed_connector()  local
5009 	curve = dpp_get_curve_group_id(id);  in dpp_process_signed_connector()
5010 	if (!curve)  in dpp_process_signed_connector()
5012 	wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv);  in dpp_process_signed_connector()
5032 	kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len);  in dpp_process_signed_connector()
5433 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,  in dpp_conf_resp_rx()
5450 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {  in dpp_conf_resp_rx()
5530 dpp_keygen_configurator(const char *curve, u8 *privkey,  in dpp_keygen_configurator()  argument
5543 	if (!curve) {  in dpp_keygen_configurator()
5544 		conf->curve = &dpp_curves[0];  in dpp_keygen_configurator()
5546 		conf->curve = dpp_get_curve_name(curve);  in dpp_keygen_configurator()
5547 		if (!conf->curve) {  in dpp_keygen_configurator()
5549 				   curve);  in dpp_keygen_configurator()
5555 		conf->csign = dpp_set_keypair(&conf->curve, privkey,  in dpp_keygen_configurator()
5558 		conf->csign = dpp_gen_keypair(conf->curve);  in dpp_keygen_configurator()
5592 				const char *curve, int ap)  in dpp_configurator_own_config()  argument
5602 	if (!curve) {  in dpp_configurator_own_config()
5603 		auth->curve = &dpp_curves[0];  in dpp_configurator_own_config()
5605 		auth->curve = dpp_get_curve_name(curve);  in dpp_configurator_own_config()
5606 		if (!auth->curve) {  in dpp_configurator_own_config()
5608 				   curve);  in dpp_configurator_own_config()
5614 		   auth->curve->name);  in dpp_configurator_own_config()
5616 	auth->own_protocol_key = dpp_gen_keypair(auth->curve);  in dpp_configurator_own_config()
5746 static int dpp_derive_pmkid(const struct dpp_curve_params *curve,  in dpp_derive_pmkid()  argument
5798 	const struct dpp_curve_params *curve, *own_curve;  in dpp_peer_intro()  local
5902 	peer_key = dpp_parse_jwk(netkey, &curve);  in dpp_peer_intro()
5909 	if (own_curve != curve) {  in dpp_peer_intro()
5912 			   own_curve->name, curve->name);  in dpp_peer_intro()
5925 	if (dpp_derive_pmk(Nx, Nx_len, intro->pmk, curve->hash_len) < 0) {  in dpp_peer_intro()
5929 	intro->pmk_len = curve->hash_len;  in dpp_peer_intro()
5932 	if (dpp_derive_pmkid(curve, own_key, peer_key, intro->pmkid) < 0) {  in dpp_peer_intro()
5956 				    const struct dpp_curve_params *curve)  in dpp_test_gen_invalid_key()  argument
6085 	char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL;  in dpp_bootstrap_gen()  local
6109 	curve = get_param(cmd, " curve=");  in dpp_bootstrap_gen()
6121 	pk = dpp_keygen(bi, curve, privkey, privkey_len);  in dpp_bootstrap_gen()
6156 	os_free(curve);  in dpp_bootstrap_gen()
6230 			   bi->curve->name,  in dpp_get_bootstrap_info()
6287 	char *curve = NULL;  in dpp_configurator_add()  local
6294 	curve = get_param(cmd, " curve=");  in dpp_configurator_add()
6305 	conf = dpp_keygen_configurator(curve, privkey, privkey_len);  in dpp_configurator_add()
6314 	os_free(curve);  in dpp_configurator_add()