feat(esp_wifi): Restructure dpp crypto Layer APIs

1) Update dpp implementation as per upstram hostapd tag hostap_2_10.
2) Move dpp crypto routines into a separate source code file.

components/wpa_supplicant/CMakeLists.txt

@@ -202,6 +202,7 @@ endif()
 
 if(CONFIG_ESP_WIFI_DPP_SUPPORT)
     set(dpp_src "src/common/dpp.c"
+    "src/common/dpp_crypto.c"
     "esp_supplicant/src/esp_dpp.c")
 else()
     set(dpp_src "")

components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c

@@ -565,7 +565,7 @@ void crypto_ec_free_key(struct crypto_key *key)
     os_free(key);
 }
 
-struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
+struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_key *key)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 
@@ -615,7 +615,7 @@ int crypto_ec_key_group(struct crypto_ec_key *key)
     return iana_group;
 }
 
-struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key)
+struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_key *key)
 {
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 
@@ -670,7 +670,7 @@ int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
     return len;
 }
 
-struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
+struct crypto_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len)
 {
     int ret;
     mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
@@ -842,7 +842,7 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
     return ret;
 }
 
-void crypto_debug_print_ec_key(const char *title, struct crypto_key *key)
+void crypto_ec_key_debug_print(const char *title, struct crypto_key *key)
 {
 #ifdef DEBUG_PRINT
     mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
@@ -853,12 +853,12 @@ void crypto_debug_print_ec_key(const char *title, struct crypto_key *key)
     int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key)));
 
     wpa_printf(MSG_ERROR, "prime len is %d", len);
-    crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_get_public_key(key), x, y);
-    crypto_bignum_to_bin(crypto_ec_get_private_key(key),
-                         d, len, len);
-    wpa_hexdump(MSG_ERROR, "Q_x:", x, 32);
-    wpa_hexdump(MSG_ERROR, "Q_y:", y, 32);
-    wpa_hexdump(MSG_ERROR, "d:     ",  d, 32);
+    crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_key_get_public_key(key), x, y);
+    crypto_bignum_to_bin(crypto_ec_key_get_private_key(key),
+                d, len, len);
+    wpa_hexdump(MSG_INFO, "Q_x:", x, 32);
+    wpa_hexdump(MSG_INFO, "Q_y:", y, 32);
+    wpa_hexdump(MSG_INFO, "d:     ",  d , 32);
 #endif
 }
 
@@ -886,7 +886,7 @@ int crypto_is_ec_key(struct crypto_key *key)
     return  ret;
 }
 
-struct crypto_key * crypto_ec_gen_keypair(u16 ike_group)
+struct crypto_key * crypto_ec_key_gen(u16 ike_group)
 {
     mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
 

components/wpa_supplicant/esp_supplicant/src/esp_dpp_i.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -10,7 +10,6 @@
 #include "esp_err.h"
 #include "utils/includes.h"
 #include "utils/common.h"
-
 #include "common/dpp.h"
 #include "esp_dpp.h"
 #include "esp_wifi_driver.h"
@@ -59,6 +58,12 @@ struct esp_dpp_context_t {
 int esp_supp_rx_action(uint8_t *hdr, uint8_t *payload, size_t len, uint8_t channel);
 esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data);
 
+#ifdef CONFIG_TESTING_OPTIONS
+int dpp_test_gen_invalid_key(struct wpabuf *msg,
+				    const struct dpp_curve_params *curve);
+char * dpp_corrupt_connector_signature(const char *connector);
+#endif /* CONFIG_TESTING_OPTIONS */
+
 #ifdef CONFIG_ESP_WIFI_DPP_SUPPORT
 bool is_dpp_enabled(void);
 #else

components/wpa_supplicant/src/common/dpp.h

@@ -18,6 +18,7 @@
 #include "utils/common.h"
 #include "esp_err.h"
 #include "esp_dpp.h"
+#include "crypto/crypto.h"
 
 struct crypto_ecdh;
 struct hostapd_ip_addr;
@@ -594,5 +595,64 @@ void dpp_global_deinit(struct dpp_global *dpp);
 int dpp_connect(uint8_t *bssid, bool pdr_done);
 esp_err_t esp_dpp_start_net_intro_protocol(uint8_t *bssid);
 
+/* dpp_crypto.c */
+
+struct dpp_signed_connector_info {
+	unsigned char *payload;
+	size_t payload_len;
+};
+
+const struct dpp_curve_params *dpp_get_curve_name(const char *name);
+const struct dpp_curve_params *dpp_get_curve_jwk_crv(const char *name);
+const struct dpp_curve_params * dpp_get_curve_group_id(int group_id);
+void dpp_debug_print_key(const char *title, struct crypto_key *key);
+int dpp_hash_vector(const struct dpp_curve_params *curve,
+	size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
+			   const char *label, u8 *out, size_t outlen);
+int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
+			   size_t num_elem, const u8 *addr[],
+			   const size_t *len, u8 *mac);
+int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len,
+		    const u8 *data, size_t data_len, u8 *mac);
+struct crypto_key * dpp_set_pubkey_point(struct crypto_key *group_key,
+				       const u8 *buf, size_t len);
+struct crypto_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
+struct crypto_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+					   const u8 *privkey, size_t privkey_len);
+int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
+char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
+		  u8 *privkey, size_t privkey_len);
+int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
+			 unsigned int hash_len);
+int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2,
+			 unsigned int hash_len);
+int dpp_ecdh(struct crypto_key *own, struct crypto_key *peer,
+		    u8 *secret, size_t *secret_len);
+struct wpabuf *dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
+		       const u8 *prot_hdr, u16 prot_hdr_len, int *hash_func);
+int dpp_check_pubkey_match(struct crypto_key *pub, struct wpabuf *r_hash);
+enum dpp_status_error dpp_process_signed_connector(struct dpp_signed_connector_info *info,
+			struct crypto_key *csign_pub, const char *connector);
+int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth);
+int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth);
+int dpp_auth_derive_l_responder(struct dpp_authentication *auth);
+int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
+int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
+			  unsigned int hash_len);
+int dpp_derive_pmkid(const struct dpp_curve_params *curve,
+			    struct crypto_key *own_key, struct crypto_key *peer_key, u8 *pmkid);
+int dpp_bn2bin_pad(const struct crypto_bignum *bn, u8 *pos, size_t len);
+struct wpabuf * dpp_bootstrap_key_der(struct crypto_key *key);
+struct wpabuf * dpp_get_pubkey_point(struct crypto_key *pkey, int prefix);
+int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi, const u8 *data, size_t data_len);
+int dpp_derive_bk_ke(struct dpp_authentication *auth);
+enum dpp_status_error
+dpp_check_signed_connector(struct dpp_signed_connector_info *info,
+                           const u8 *csign_key, size_t csign_key_len,
+                           const u8 *peer_connector, size_t peer_connector_len);
+
+/* dpp crypto apis */
+
 #endif /* CONFIG_DPP */
 #endif /* DPP_H */

components/wpa_supplicant/src/crypto/crypto.h

@@ -798,7 +798,7 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
  */
 
 /**
- * crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve
+ * crypto_ec_get_b - Get 'b' coefficient of an EC group's curve
  * @e: EC context from crypto_ec_init()
  * Returns: 'b' coefficient (bignum) of the group
  */
@@ -949,19 +949,19 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len);
 struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key);
 
 /**
- * crypto_ec_get_private_key - Get EC private key (in bignum format)
+ * crypto_ec_key_get_private_key - Get EC private key (in bignum format)
  * @key: crypto key
  * Returns: Private key
  */
-struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key);
+struct crypto_bignum *crypto_ec_key_get_private_key(struct crypto_key *key);
 
 /**
- * crypto_ec_get_key - Read key from character stream
+ * crypto_ec_key_parse_priv - Read key from character stream
  * @privkey: Private key
  * @privkey_len: private key len
  * Returns: Crypto key
  */
-struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len);
+struct crypto_key *crypto_ec_key_parse_priv(const u8 *privkey, size_t privkey_len);
 
 /**
  * crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group
@@ -1029,14 +1029,14 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
 int crypto_is_ec_key(struct crypto_key *key);
 
 /**
- * crypto_ec_gen_keypair: generate crypto ec keypair
+ * crypto_ec_key_gen: generate crypto ec keypair
  * @ike_group: grpup
  * Return: crypto key
  */
-struct crypto_key * crypto_ec_gen_keypair(u16 ike_group);
+struct crypto_key * crypto_ec_key_gen(u16 ike_group);
 
 /**
- * crypto_ec_write_pub_key: return public key in charater buffer
+ * crypto_ec_write_pub_key: return public key in character buffer
  * @key: crypto key
  * @der_len: buffer len
  * Return: public key buffer
@@ -1047,7 +1047,7 @@ int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf);
  * crypto_ec_set_pubkey_point: set bignum point on ec curve
  * @group: ec group
  * @buf: x,y coordinate
- * @len: length of x and y coordiate
+ * @len: length of x and y coordinate
  * Return : crypto key
  */
 struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group,
@@ -1058,19 +1058,19 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
  */
 void crypto_ec_free_key(struct crypto_key *key);
 /**
- * crypto_debug_print_ec_key: print ec key
+ * crypto_ec_key_debug_print: print ec key
  * @title: title
  * @key: crypto key
  * Return: None
  */
-void crypto_debug_print_ec_key(const char *title, struct crypto_key *key);
+void crypto_ec_key_debug_print(const char *title, struct crypto_key *key);
 
 /**
- * crypto_ec_get_public_key: Public key from crypto key
+ * crypto_ec_key_get_public_key: Public key from crypto key
  * @key: crypto key
  * Return : Public key
  */
-struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key);
+struct crypto_ec_point *crypto_ec_key_get_public_key(struct crypto_key *key);
 
 /**
  * crypto_get_order: free crypto key
@@ -1079,7 +1079,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key);
 int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x);
 
 /**
- * crypto_ec_get_affine_coordinates : get affine corrdinate of ec curve
+ * crypto_ec_get_affine_coordinates : get affine coordinate of ec curve
  * @e: ec curve
  * @pt: point
  * @x: x coordinate
@@ -1105,7 +1105,7 @@ int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2);
 /*
  * crypto_write_pubkey_der: get public key in der format
  * @csign: key
- * @key_buf: key buffer in charater format
+ * @key_buf: key buffer in character format
  * Return : len of char buffer if success
  */
 int crypto_write_pubkey_der(struct crypto_key *csign, unsigned char **key_buf);
@@ -1120,8 +1120,8 @@ void crypto_free_buffer(unsigned char *buf);
 /**
  * @crypto_ec_get_priv_key_der: get private key in der format
  * @key: key structure
- * @key_data: key data in charater buffer
- * @key_len = key length of charater buffer
+ * @key_data: key data in character buffer
+ * @key_len = key length of character buffer
  * Return : 0 if success
  */
 int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len);