2017-03-15 11:19:27 +01:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2017 Nordic Semiconductor ASA
|
|
|
|
* Copyright (c) 2015-2016 Intel Corporation
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
|
includes: prefer <zephyr/kernel.h> over <zephyr/zephyr.h>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
2022-08-25 09:58:46 +02:00
|
|
|
#include <zephyr/kernel.h>
|
2022-05-06 11:12:04 +02:00
|
|
|
#include <zephyr/sys/byteorder.h>
|
2022-10-20 16:52:57 +02:00
|
|
|
#include <zephyr/sys/check.h>
|
2017-03-15 11:19:27 +01:00
|
|
|
|
2022-05-06 11:12:04 +02:00
|
|
|
#include <zephyr/bluetooth/bluetooth.h>
|
|
|
|
#include <zephyr/bluetooth/hci.h>
|
|
|
|
#include <zephyr/bluetooth/conn.h>
|
|
|
|
#include <zephyr/bluetooth/crypto.h>
|
2017-03-15 11:19:27 +01:00
|
|
|
|
2024-06-04 13:47:34 +02:00
|
|
|
#include "psa/crypto.h"
|
2017-03-15 11:19:27 +01:00
|
|
|
|
2022-10-25 08:48:54 +02:00
|
|
|
#include "common/bt_str.h"
|
2017-05-10 16:27:16 +02:00
|
|
|
|
|
|
|
#include "hci_core.h"
|
|
|
|
|
2022-11-02 14:31:13 +01:00
|
|
|
#define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
|
|
|
|
#include <zephyr/logging/log.h>
|
|
|
|
LOG_MODULE_REGISTER(bt_host_crypto);
|
|
|
|
|
2017-03-15 11:19:27 +01:00
|
|
|
int prng_init(void)
|
|
|
|
{
|
2024-06-04 13:47:34 +02:00
|
|
|
if (psa_crypto_init() != PSA_SUCCESS) {
|
2024-10-18 05:44:27 +02:00
|
|
|
LOG_ERR("psa_crypto_init() failed");
|
2017-03-15 11:19:27 +01:00
|
|
|
return -EIO;
|
|
|
|
}
|
2024-06-04 13:47:34 +02:00
|
|
|
return 0;
|
2017-03-15 11:19:27 +01:00
|
|
|
}
|
|
|
|
|
2022-01-29 08:53:38 +08:00
|
|
|
#if defined(CONFIG_BT_HOST_CRYPTO_PRNG)
|
2017-03-15 11:19:27 +01:00
|
|
|
int bt_rand(void *buf, size_t len)
|
|
|
|
{
|
2024-06-04 13:47:34 +02:00
|
|
|
if (psa_generate_random(buf, len) == PSA_SUCCESS) {
|
2017-03-15 11:19:27 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2024-10-18 05:44:27 +02:00
|
|
|
LOG_ERR("psa_generate_random() failed");
|
2017-03-15 11:19:27 +01:00
|
|
|
return -EIO;
|
|
|
|
}
|
2022-01-29 08:53:38 +08:00
|
|
|
#else /* !CONFIG_BT_HOST_CRYPTO_PRNG */
|
|
|
|
int bt_rand(void *buf, size_t len)
|
|
|
|
{
|
2022-10-20 16:52:57 +02:00
|
|
|
CHECKIF(buf == NULL || len == 0) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2022-03-31 18:52:47 +02:00
|
|
|
return bt_hci_le_rand(buf, len);
|
2022-01-29 08:53:38 +08:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_BT_HOST_CRYPTO_PRNG */
|
2017-03-15 11:19:27 +01:00
|
|
|
|
2020-05-27 11:26:57 -05:00
|
|
|
int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
|
|
|
|
uint8_t enc_data[16])
|
2017-03-15 11:19:27 +01:00
|
|
|
{
|
2024-06-04 13:47:34 +02:00
|
|
|
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
|
|
|
psa_status_t status, destroy_status;
|
|
|
|
size_t out_len;
|
2020-05-27 11:26:57 -05:00
|
|
|
uint8_t tmp[16];
|
2017-03-15 11:19:27 +01:00
|
|
|
|
2022-10-20 16:52:57 +02:00
|
|
|
CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2022-11-02 14:31:13 +01:00
|
|
|
LOG_DBG("key %s", bt_hex(key, 16));
|
|
|
|
LOG_DBG("plaintext %s", bt_hex(plaintext, 16));
|
2017-03-15 11:19:27 +01:00
|
|
|
|
|
|
|
sys_memcpy_swap(tmp, key, 16);
|
|
|
|
|
2024-06-04 13:47:34 +02:00
|
|
|
psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
|
|
|
|
psa_set_key_bits(&attr, 128);
|
|
|
|
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
|
|
|
|
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
|
|
|
|
if (psa_import_key(&attr, tmp, 16, &key_id) != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("Failed to import AES key");
|
2017-03-15 11:19:27 +01:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
sys_memcpy_swap(tmp, plaintext, 16);
|
|
|
|
|
2024-06-04 13:47:34 +02:00
|
|
|
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, tmp, 16,
|
|
|
|
enc_data, 16, &out_len);
|
|
|
|
if (status != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("AES encryption failed");
|
|
|
|
}
|
|
|
|
|
|
|
|
destroy_status = psa_destroy_key(key_id);
|
|
|
|
if (destroy_status != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("Failed to destroy AES key");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {
|
|
|
|
return -EIO;
|
2017-03-15 11:19:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
sys_mem_swap(enc_data, 16);
|
|
|
|
|
2022-11-02 14:31:13 +01:00
|
|
|
LOG_DBG("enc_data %s", bt_hex(enc_data, 16));
|
2017-03-15 11:19:27 +01:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2017-03-16 10:56:35 +02:00
|
|
|
|
2020-05-27 11:26:57 -05:00
|
|
|
int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
|
|
|
|
uint8_t enc_data[16])
|
2017-03-16 10:56:35 +02:00
|
|
|
{
|
2024-06-04 13:47:34 +02:00
|
|
|
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
|
|
|
psa_status_t status, destroy_status;
|
|
|
|
size_t out_len;
|
2017-03-16 10:56:35 +02:00
|
|
|
|
2022-10-20 16:52:57 +02:00
|
|
|
CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2022-11-02 14:31:13 +01:00
|
|
|
LOG_DBG("key %s", bt_hex(key, 16));
|
|
|
|
LOG_DBG("plaintext %s", bt_hex(plaintext, 16));
|
2017-03-16 10:56:35 +02:00
|
|
|
|
2024-06-04 13:47:34 +02:00
|
|
|
psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
|
|
|
|
psa_set_key_bits(&attr, 128);
|
|
|
|
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
|
|
|
|
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
|
|
|
|
if (psa_import_key(&attr, key, 16, &key_id) != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("Failed to import AES key");
|
2017-03-16 10:56:35 +02:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2024-06-04 13:47:34 +02:00
|
|
|
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING,
|
|
|
|
plaintext, 16, enc_data, 16, &out_len);
|
|
|
|
if (status != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("AES encryption failed");
|
|
|
|
}
|
|
|
|
|
|
|
|
destroy_status = psa_destroy_key(key_id);
|
|
|
|
if (destroy_status != PSA_SUCCESS) {
|
|
|
|
LOG_ERR("Failed to destroy AES key");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {
|
|
|
|
return -EIO;
|
2017-03-16 10:56:35 +02:00
|
|
|
}
|
|
|
|
|
2022-11-02 14:31:13 +01:00
|
|
|
LOG_DBG("enc_data %s", bt_hex(enc_data, 16));
|
2017-03-16 10:56:35 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|