michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Mesh: split crypto on seclib dependent and independent parts

Browse source 
Commit splits mesh crypto module on security library dependent
and independent parts.
Independent part includes security toolbox implementation.
Dependent part includes security algorithms usage based on
API third party security library.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
This commit is contained in:
Aleksandr Khromykh 2023-03-29 11:24:36 +02:00 committed by Carles Cufí
commit 3f08bd335f
8 changed files with 266 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

1
subsys/bluetooth/mesh/CMakeLists.txt
View file

@ -13,6 +13,7 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH
app_keys.c
heartbeat.c
crypto.c
crypto_tc.c
access.c
msg.c
cfg_srv.c

151
subsys/bluetooth/mesh/crypto.c
View file

@ -8,22 +8,8 @@
#include <string.h>
#include <stdbool.h>
#include <errno.h>
#include <zephyr/toolchain.h>
#include <zephyr/types.h>
#include <zephyr/sys/byteorder.h>
#include <zephyr/sys/util.h>
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
#include <tinycrypt/aes.h>
#include <tinycrypt/cmac_mode.h>
#include <tinycrypt/ccm_mode.h>
#include <tinycrypt/ecc.h>
#include <tinycrypt/ecc_dh.h>
#include <tinycrypt/hmac.h>
#include <zephyr/bluetooth/mesh.h>
#include <zephyr/bluetooth/crypto.h>
#include "common/bt_str.h"
@ -32,48 +18,26 @@
#define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL
#include <zephyr/logging/log.h>
LOG_MODULE_REGISTER(bt_mesh_tc_crypto);
LOG_MODULE_REGISTER(bt_mesh_crypto);
#define NET_MIC_LEN(pdu) (((pdu)[1] & 0x80) ? 8 : 4)
#define APP_MIC_LEN(aszmic) ((aszmic) ? 8 : 4)
struct bt_mesh_sg {
const void *data;
size_t len;
};
static int bt_mesh_aes_cmac(const uint8_t key[16], struct bt_mesh_sg *sg,
size_t sg_len, uint8_t mac[16])
{
struct tc_aes_key_sched_struct sched;
struct tc_cmac_struct state;
if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
return -EIO;
}
for (; sg_len; sg_len--, sg++) {
if (tc_cmac_update(&state, sg->data,
sg->len) == TC_CRYPTO_FAIL) {
return -EIO;
}
}
if (tc_cmac_final(mac, &state) == TC_CRYPTO_FAIL) {
return -EIO;
}
return 0;
}
int bt_mesh_aes_cmac_one(const uint8_t key[16], const void *m,
size_t len, uint8_t mac[16])
static int bt_mesh_aes_cmac_one(const uint8_t key[16], const void *m, size_t len, uint8_t mac[16])
{
struct bt_mesh_sg sg = {m, len};
return bt_mesh_aes_cmac(key, &sg, 1, mac);
}
static int bt_mesh_sha256_hmac_one(const uint8_t key[32], const void *m, size_t len,
uint8_t mac[32])
{
struct bt_mesh_sg sg = {m, len};
return bt_mesh_sha256_hmac(key, &sg, 1, mac);
}
int bt_mesh_s1(const char *m, size_t m_len, uint8_t salt[16])
{
const uint8_t zero[16] = { 0 };
@ -81,41 +45,6 @@ int bt_mesh_s1(const char *m, size_t m_len, uint8_t salt[16])
return bt_mesh_aes_cmac_one(zero, m, m_len, salt);
}
int bt_mesh_sha256_hmac(const uint8_t key[32], struct bt_mesh_sg *sg,
size_t sg_len, uint8_t mac[32])
{
struct tc_hmac_state_struct h;
if (tc_hmac_set_key(&h, key, 32) == TC_CRYPTO_FAIL) {
return -EIO;
}
if (tc_hmac_init(&h) == TC_CRYPTO_FAIL) {
return -EIO;
}
for (; sg_len; sg_len--, sg++) {
if (tc_hmac_update(&h, sg->data,
sg->len) == TC_CRYPTO_FAIL) {
return -EIO;
}
}
if (tc_hmac_final(mac, 32, &h) == TC_CRYPTO_FAIL) {
return -EIO;
}
return 0;
}
static inline int bt_mesh_sha256_hmac_one(const uint8_t key[32], const void *m,
size_t len, uint8_t mac[32])
{
struct bt_mesh_sg sg = { m, len };
return bt_mesh_sha256_hmac(key, &sg, 1, mac);
}
int bt_mesh_s2(const char *m, size_t m_len, uint8_t salt[32])
{
const uint8_t zero[32] = { 0 };
@ -288,6 +217,30 @@ int bt_mesh_id128(const uint8_t n[16], const char *s, uint8_t out[16])
return bt_mesh_k1(n, 16, salt, id128, out);
}
int bt_mesh_prov_nonce(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t nonce[13])
{
uint8_t tmp[16];
int err;
err = bt_mesh_k1(dhkey, 32, prov_salt, "prsn", tmp);
if (!err) {
memcpy(nonce, tmp + 3, 13);
}
return err;
}
int bt_mesh_session_key(const uint8_t dhkey[32], const uint8_t prov_salt[16],
uint8_t session_key[16])
{
return bt_mesh_k1(dhkey, 32, prov_salt, "prsk", session_key);
}
int bt_mesh_dev_key(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t dev_key[16])
{
return bt_mesh_k1(dhkey, 32, prov_salt, "prdk", dev_key);
}
static void create_proxy_nonce(uint8_t nonce[13], const uint8_t *pdu,
uint32_t iv_index)
{
@ -366,7 +319,7 @@ int bt_mesh_net_obfuscate(uint8_t *pdu, uint32_t iv_index,
LOG_DBG("PrivacyRandom %s", bt_hex(priv_rand, 16));
err = bt_encrypt_be(privacy_key, priv_rand, tmp);
err = bt_mesh_encrypt(privacy_key, priv_rand, tmp);
if (err) {
return err;
}
@ -399,7 +352,7 @@ int bt_mesh_net_encrypt(const uint8_t key[16], struct net_buf_simple *buf,
LOG_DBG("Nonce %s", bt_hex(nonce, 13));
err = bt_ccm_encrypt(key, nonce, &buf->data[7], buf->len - 7, NULL, 0,
err = bt_mesh_ccm_encrypt(key, nonce, &buf->data[7], buf->len - 7, NULL, 0,
&buf->data[7], mic_len);
if (!err) {
net_buf_simple_add(buf, mic_len);
@ -430,7 +383,7 @@ int bt_mesh_net_decrypt(const uint8_t key[16], struct net_buf_simple *buf,
buf->len -= mic_len;
return bt_ccm_decrypt(key, nonce, &buf->data[7], buf->len - 7, NULL, 0,
return bt_mesh_ccm_decrypt(key, nonce, &buf->data[7], buf->len - 7, NULL, 0,
&buf->data[7], mic_len);
}
@ -467,7 +420,7 @@ int bt_mesh_app_encrypt(const uint8_t key[16],
LOG_DBG("Nonce %s", bt_hex(nonce, 13));
err = bt_ccm_encrypt(key, nonce, buf->data, buf->len, ctx->ad,
err = bt_mesh_ccm_encrypt(key, nonce, buf->data, buf->len, ctx->ad,
ctx->ad ? 16 : 0, buf->data,
APP_MIC_LEN(ctx->aszmic));
if (!err) {
@ -492,7 +445,7 @@ int bt_mesh_app_decrypt(const uint8_t key[16],
LOG_DBG("AppKey %s", bt_hex(key, 16));
LOG_DBG("Nonce %s", bt_hex(nonce, 13));
err = bt_ccm_decrypt(key, nonce, buf->data, buf->len, ctx->ad,
err = bt_mesh_ccm_decrypt(key, nonce, buf->data, buf->len, ctx->ad,
ctx->ad ? 16 : 0, out->data,
APP_MIC_LEN(ctx->aszmic));
if (!err) {
@ -673,13 +626,13 @@ int bt_mesh_prov_conf(uint8_t algorithm, const uint8_t *conf_key,
int bt_mesh_prov_decrypt(const uint8_t key[16], uint8_t nonce[13],
const uint8_t data[25 + 8], uint8_t out[25])
{
return bt_ccm_decrypt(key, nonce, data, 25, NULL, 0, out, 8);
return bt_mesh_ccm_decrypt(key, nonce, data, 25, NULL, 0, out, 8);
}
int bt_mesh_prov_encrypt(const uint8_t key[16], uint8_t nonce[13],
const uint8_t data[25], uint8_t out[25 + 8])
{
return bt_ccm_encrypt(key, nonce, data, 25, NULL, 0, out, 8);
return bt_mesh_ccm_encrypt(key, nonce, data, 25, NULL, 0, out, 8);
}
int bt_mesh_beacon_auth(const uint8_t beacon_key[16], uint8_t flags,
@ -707,20 +660,6 @@ int bt_mesh_beacon_auth(const uint8_t beacon_key[16], uint8_t flags,
return err;
}
int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey)
{
if (uECC_valid_public_key(pub_key, &curve_secp256r1)) {
LOG_ERR("Public key is not valid");
return -EIO;
} else if (uECC_shared_secret(pub_key, priv_key, dhkey,
&curve_secp256r1) != TC_CRYPTO_SUCCESS) {
LOG_ERR("DHKey generation failed");
return -EIO;
}
return 0;
}
static int private_beacon_obf(const uint8_t pbk[16], const uint8_t data[5],
const uint8_t random[13], uint8_t out[5])
{
@ -733,7 +672,7 @@ static int private_beacon_obf(const uint8_t pbk[16], const uint8_t data[5],
sys_put_be16(0x0001, &salt[14]);
/* ObfData = e(pbk, C1) ^ (flags | iv_index) */
err = bt_encrypt_be(pbk, salt, salt);
err = bt_mesh_encrypt(pbk, salt, salt);
if (err) {
return err;
}
@ -759,7 +698,7 @@ static int private_beacon_auth(const uint8_t pbk[16],
sys_put_be16(0x0005, &salt[14]);
/* T0 = e(PBK, b0) */
err = bt_encrypt_be(pbk, salt, tmp);
err = bt_mesh_encrypt(pbk, salt, tmp);
if (err) {
return err;
}
@ -770,7 +709,7 @@ static int private_beacon_auth(const uint8_t pbk[16],
tmp[i] ^= beacon_data[i];
}
err = bt_encrypt_be(pbk, tmp, tmp);
err = bt_mesh_encrypt(pbk, tmp, tmp);
if (err) {
return err;
}
@ -782,7 +721,7 @@ static int private_beacon_auth(const uint8_t pbk[16],
/* T2 = T1 ^ e(PBK, C0) */
memcpy(auth, tmp, 8);
err = bt_encrypt_be(pbk, salt, tmp);
err = bt_mesh_encrypt(pbk, salt, tmp);
if (err) {
return err;
}

140
subsys/bluetooth/mesh/crypto.h
View file

@ -11,13 +11,29 @@ enum bt_mesh_nonce_type {
BT_MESH_NONCE_SOLICITATION,
};
int bt_mesh_s1(const char *m, size_t m_len, uint8_t salt[16]);
struct bt_mesh_sg {
const void *data;
size_t len;
};
/* FIXME: This is needed by dfu_metadata.c and should be moved to crypto.c
* for proper encapsulation.
*/
int bt_mesh_aes_cmac_one(const uint8_t key[16], const void *m,
size_t len, uint8_t mac[16]);
int bt_mesh_crypto_init(void);
int bt_mesh_encrypt(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]);
int bt_mesh_ccm_encrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t *plaintext,
size_t len, const uint8_t *aad, size_t aad_len, uint8_t *enc_data,
size_t mic_size);
int bt_mesh_ccm_decrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t *enc_data,
size_t len, const uint8_t *aad, size_t aad_len, uint8_t *plaintext,
size_t mic_size);
int bt_mesh_aes_cmac(const uint8_t key[16], struct bt_mesh_sg *sg, size_t sg_len, uint8_t mac[16]);
int bt_mesh_sha256_hmac(const uint8_t key[32], struct bt_mesh_sg *sg, size_t sg_len,
uint8_t mac[32]);
int bt_mesh_s1(const char *m, size_t m_len, uint8_t salt[16]);
static inline int bt_mesh_s1_str(const char *m, uint8_t salt[16])
{
@ -26,37 +42,26 @@ static inline int bt_mesh_s1_str(const char *m, uint8_t salt[16])
int bt_mesh_s2(const char *m, size_t m_len, uint8_t salt[32]);
int bt_mesh_k1(const uint8_t *ikm, size_t ikm_len, const uint8_t salt[16],
const char *info, uint8_t okm[16]);
int bt_mesh_k1(const uint8_t *ikm, size_t ikm_len, const uint8_t salt[16], const char *info,
uint8_t okm[16]);
int bt_mesh_k2(const uint8_t n[16], const uint8_t *p, size_t p_len,
uint8_t net_id[1], uint8_t enc_key[16], uint8_t priv_key[16]);
int bt_mesh_k2(const uint8_t n[16], const uint8_t *p, size_t p_len, uint8_t net_id[1],
uint8_t enc_key[16], uint8_t priv_key[16]);
int bt_mesh_k3(const uint8_t n[16], uint8_t out[8]);
int bt_mesh_k4(const uint8_t n[16], uint8_t out[1]);
int bt_mesh_k5(const uint8_t *n, size_t n_len, const uint8_t salt[32],
uint8_t *p, uint8_t out[32]);
int bt_mesh_k5(const uint8_t *n, size_t n_len, const uint8_t salt[32], uint8_t *p, uint8_t out[32]);
int bt_mesh_id128(const uint8_t n[16], const char *s, uint8_t out[16]);
static inline int bt_mesh_id_resolving_key(const uint8_t net_key[16],
uint8_t resolving_key[16])
{
const uint8_t salt[16] = "smbt";
return bt_mesh_k1(net_key, 16, salt, "smbi", resolving_key);
}
static inline int bt_mesh_identity_key(const uint8_t net_key[16],
uint8_t identity_key[16])
static inline int bt_mesh_identity_key(const uint8_t net_key[16], uint8_t identity_key[16])
{
return bt_mesh_id128(net_key, "nkik", identity_key);
}
static inline int bt_mesh_beacon_key(const uint8_t net_key[16],
uint8_t beacon_key[16])
static inline int bt_mesh_beacon_key(const uint8_t net_key[16], uint8_t beacon_key[16])
{
return bt_mesh_id128(net_key, "nkbk", beacon_key);
}
@ -67,58 +72,31 @@ static inline int bt_mesh_private_beacon_key(const uint8_t net_key[16],
return bt_mesh_id128(net_key, "nkpk", private_beacon_key);
}
int bt_mesh_beacon_auth(const uint8_t beacon_key[16], uint8_t flags,
const uint8_t net_id[8], uint32_t iv_index,
uint8_t auth[8]);
int bt_mesh_beacon_auth(const uint8_t beacon_key[16], uint8_t flags, const uint8_t net_id[8],
uint32_t iv_index, uint8_t auth[8]);
static inline int bt_mesh_app_id(const uint8_t app_key[16], uint8_t app_id[1])
{
return bt_mesh_k4(app_key, app_id);
}
static inline int bt_mesh_session_key(const uint8_t dhkey[32],
const uint8_t prov_salt[16],
uint8_t session_key[16])
{
return bt_mesh_k1(dhkey, 32, prov_salt, "prsk", session_key);
}
int bt_mesh_session_key(const uint8_t dhkey[32], const uint8_t prov_salt[16],
uint8_t session_key[16]);
static inline int bt_mesh_prov_nonce(const uint8_t dhkey[32],
const uint8_t prov_salt[16],
uint8_t nonce[13])
{
uint8_t tmp[16];
int err;
int bt_mesh_prov_nonce(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t nonce[13]);
err = bt_mesh_k1(dhkey, 32, prov_salt, "prsn", tmp);
if (!err) {
memcpy(nonce, tmp + 3, 13);
}
int bt_mesh_dev_key(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t dev_key[16]);
return err;
}
int bt_mesh_prov_salt(uint8_t algorithm, const uint8_t *conf_salt, const uint8_t *prov_rand,
const uint8_t *dev_rand, uint8_t *prov_salt);
static inline int bt_mesh_dev_key(const uint8_t dhkey[32],
const uint8_t prov_salt[16],
uint8_t dev_key[16])
{
return bt_mesh_k1(dhkey, 32, prov_salt, "prdk", dev_key);
}
int bt_mesh_net_obfuscate(uint8_t *pdu, uint32_t iv_index, const uint8_t privacy_key[16]);
int bt_mesh_prov_salt(uint8_t algorithm,
const uint8_t *conf_salt,
const uint8_t *prov_rand,
const uint8_t *dev_rand,
uint8_t *prov_salt);
int bt_mesh_net_encrypt(const uint8_t key[16], struct net_buf_simple *buf, uint32_t iv_index,
enum bt_mesh_nonce_type type);
int bt_mesh_net_obfuscate(uint8_t *pdu, uint32_t iv_index,
const uint8_t privacy_key[16]);
int bt_mesh_net_encrypt(const uint8_t key[16], struct net_buf_simple *buf,
uint32_t iv_index, enum bt_mesh_nonce_type type);
int bt_mesh_net_decrypt(const uint8_t key[16], struct net_buf_simple *buf,
uint32_t iv_index, enum bt_mesh_nonce_type type);
int bt_mesh_net_decrypt(const uint8_t key[16], struct net_buf_simple *buf, uint32_t iv_index,
enum bt_mesh_nonce_type type);
struct bt_mesh_app_crypto_ctx {
bool dev_key;
@ -130,12 +108,10 @@ struct bt_mesh_app_crypto_ctx {
const uint8_t *ad;
};
int bt_mesh_app_encrypt(const uint8_t key[16],
const struct bt_mesh_app_crypto_ctx *ctx,
int bt_mesh_app_encrypt(const uint8_t key[16], const struct bt_mesh_app_crypto_ctx *ctx,
struct net_buf_simple *buf);
int bt_mesh_app_decrypt(const uint8_t key[16],
const struct bt_mesh_app_crypto_ctx *ctx,
int bt_mesh_app_decrypt(const uint8_t key[16], const struct bt_mesh_app_crypto_ctx *ctx,
struct net_buf_simple *buf, struct net_buf_simple *out);
uint8_t bt_mesh_fcs_calc(const uint8_t *data, uint8_t data_len);
@ -144,26 +120,28 @@ bool bt_mesh_fcs_check(struct net_buf_simple *buf, uint8_t received_fcs);
int bt_mesh_virtual_addr(const uint8_t virtual_label[16], uint16_t *addr);
int bt_mesh_prov_conf_salt(uint8_t algorithm, const uint8_t conf_inputs[145],
uint8_t *salt);
int bt_mesh_prov_conf_salt(uint8_t algorithm, const uint8_t conf_inputs[145], uint8_t *salt);
int bt_mesh_prov_conf_key(uint8_t algorithm, const uint8_t *k_input,
const uint8_t *conf_salt, uint8_t *conf_key);
int bt_mesh_prov_conf_key(uint8_t algorithm, const uint8_t *k_input, const uint8_t *conf_salt,
uint8_t *conf_key);
int bt_mesh_prov_conf(uint8_t algorithm, const uint8_t *conf_key,
const uint8_t *prov_rand, const uint8_t *auth, uint8_t *conf);
int bt_mesh_prov_conf(uint8_t algorithm, const uint8_t *conf_key, const uint8_t *prov_rand,
const uint8_t *auth, uint8_t *conf);
int bt_mesh_prov_decrypt(const uint8_t key[16], uint8_t nonce[13],
const uint8_t data[25 + 8], uint8_t out[25]);
int bt_mesh_prov_decrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t data[25 + 8],
uint8_t out[25]);
int bt_mesh_prov_encrypt(const uint8_t key[16], uint8_t nonce[13],
const uint8_t data[25], uint8_t out[25 + 8]);
int bt_mesh_prov_encrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t data[25],
uint8_t out[25 + 8]);
int bt_mesh_pub_key_gen(void);
const uint8_t *bt_mesh_pub_key_get(void);
int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey);
int bt_mesh_beacon_decrypt(const uint8_t pbk[16], const uint8_t random[13],
const uint8_t data[5], const uint8_t expected_auth[8],
uint8_t out[5]);
int bt_mesh_beacon_decrypt(const uint8_t pbk[16], const uint8_t random[13], const uint8_t data[5],
const uint8_t expected_auth[8], uint8_t out[5]);
int bt_mesh_beacon_encrypt(const uint8_t pbk[16], uint8_t flags, uint32_t iv_index,
const uint8_t random[13], uint8_t data[5], uint8_t auth[8]);

145
subsys/bluetooth/mesh/crypto_tc.c Normal file
View file

@ -0,0 +1,145 @@
/*
* Copyright (c) 2017 Intel Corporation
* Copyright (c) 2023 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <errno.h>
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
#include <tinycrypt/aes.h>
#include <tinycrypt/cmac_mode.h>
#include <tinycrypt/ccm_mode.h>
#include <tinycrypt/ecc.h>
#include <tinycrypt/ecc_dh.h>
#include <tinycrypt/hmac.h>
#include <zephyr/bluetooth/mesh.h>
#include <zephyr/bluetooth/crypto.h>
#define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL
#include <zephyr/logging/log.h>
LOG_MODULE_REGISTER(bt_mesh_crypto_tc);
#include "mesh.h"
#include "crypto.h"
#include "prov.h"
static struct {
bool is_ready;
uint8_t private_key_be[PRIV_KEY_SIZE];
uint8_t public_key_be[PUB_KEY_SIZE];
} key;
int bt_mesh_encrypt(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16])
{
return bt_encrypt_be(key, plaintext, enc_data);
}
int bt_mesh_ccm_encrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t *plaintext,
size_t len, const uint8_t *aad, size_t aad_len, uint8_t *enc_data,
size_t mic_size)
{
return bt_ccm_encrypt(key, nonce, plaintext, len, aad, aad_len, enc_data, mic_size);
}
int bt_mesh_ccm_decrypt(const uint8_t key[16], uint8_t nonce[13], const uint8_t *enc_data,
size_t len, const uint8_t *aad, size_t aad_len, uint8_t *plaintext,
size_t mic_size)
{
return bt_ccm_decrypt(key, nonce, enc_data, len, aad, aad_len, plaintext, mic_size);
}
int bt_mesh_aes_cmac(const uint8_t key[16], struct bt_mesh_sg *sg, size_t sg_len, uint8_t mac[16])
{
struct tc_aes_key_sched_struct sched;
struct tc_cmac_struct state;
if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
return -EIO;
}
for (; sg_len; sg_len--, sg++) {
if (tc_cmac_update(&state, sg->data, sg->len) == TC_CRYPTO_FAIL) {
return -EIO;
}
}
if (tc_cmac_final(mac, &state) == TC_CRYPTO_FAIL) {
return -EIO;
}
return 0;
}
int bt_mesh_sha256_hmac(const uint8_t key[32], struct bt_mesh_sg *sg, size_t sg_len,
uint8_t mac[32])
{
struct tc_hmac_state_struct h;
if (tc_hmac_set_key(&h, key, 32) == TC_CRYPTO_FAIL) {
return -EIO;
}
if (tc_hmac_init(&h) == TC_CRYPTO_FAIL) {
return -EIO;
}
for (; sg_len; sg_len--, sg++) {
if (tc_hmac_update(&h, sg->data, sg->len) == TC_CRYPTO_FAIL) {
return -EIO;
}
}
if (tc_hmac_final(mac, 32, &h) == TC_CRYPTO_FAIL) {
return -EIO;
}
return 0;
}
int bt_mesh_pub_key_gen(void)
{
int rc = uECC_make_key(key.public_key_be, key.private_key_be, &curve_secp256r1);
if (rc == TC_CRYPTO_FAIL) {
key.is_ready = false;
LOG_ERR("Failed to create public/private pair");
return -EIO;
}
key.is_ready = true;
return 0;
}
const uint8_t *bt_mesh_pub_key_get(void)
{
return key.is_ready ? key.public_key_be : NULL;
}
int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey)
{
if (uECC_valid_public_key(pub_key, &curve_secp256r1)) {
LOG_ERR("Public key is not valid");
return -EIO;
} else if (uECC_shared_secret(pub_key, priv_key ? priv_key : key.private_key_be, dhkey,
&curve_secp256r1) != TC_CRYPTO_SUCCESS) {
LOG_ERR("DHKey generation failed");
return -EIO;
}
return 0;
}
__weak int default_CSPRNG(uint8_t *dst, unsigned int len)
{
return !bt_rand(dst, len);
}
int bt_mesh_crypto_init(void)
{
return 0;
}

3
subsys/bluetooth/mesh/dfu_metadata.c
View file

@ -75,8 +75,9 @@ int bt_mesh_dfu_metadata_comp_hash_get(struct net_buf_simple *buf, uint8_t *key,
{
uint8_t mac[16];
int err;
struct bt_mesh_sg sg = {.data = buf->data, .len = buf->len};
err = bt_mesh_aes_cmac_one(key, buf->data, buf->len, mac);
err = bt_mesh_aes_cmac(key, &sg, 1, mac);
if (err) {
return err;
}

6
subsys/bluetooth/mesh/main.c
View file

@ -40,6 +40,7 @@
#include "mesh.h"
#include "solicitation.h"
#include "gatt_cli.h"
#include "crypto.h"
LOG_MODULE_REGISTER(bt_mesh_main, CONFIG_BT_MESH_LOG_LEVEL);
@ -466,6 +467,11 @@ int bt_mesh_init(const struct bt_mesh_prov *prov,
return err;
}
err = bt_mesh_crypto_init();
if (err) {
return err;
}
err = bt_mesh_comp_register(comp);
if (err) {
return err;

8
subsys/bluetooth/mesh/prov.h
View file

@ -70,6 +70,10 @@
#define PROV_IO_OOB_SIZE_MAX 8 /* in bytes */
#define PRIV_KEY_SIZE 32
#define PUB_KEY_SIZE PDU_LEN_PUB_KEY
#define DH_KEY_SIZE 32
#define PROV_BUF(name, len) \
NET_BUF_SIMPLE_DEFINE(name, PROV_BEARER_BUF_HEADROOM + PDU_OP_LEN + len + \
PROV_BEARER_BUF_TAILROOM)
@ -128,7 +132,7 @@ struct bt_mesh_prov_link {
uint8_t oob_size; /* Authen size */
uint8_t auth[PROV_AUTH_MAX_LEN]; /* Authen value */
uint8_t dhkey[BT_DH_KEY_LEN]; /* Calculated DHKey */
uint8_t dhkey[DH_KEY_SIZE]; /* Calculated DHKey */
uint8_t expect; /* Next expected PDU */
uint8_t conf[PROV_AUTH_MAX_LEN]; /* Local/Remote Confirmation */
@ -168,7 +172,7 @@ static inline uint8_t bt_mesh_prov_auth_size_get(void)
return bt_mesh_prov_link.algorithm == BT_MESH_PROV_AUTH_CMAC_AES128_AES_CCM ? 16 : 32;
}
int bt_mesh_prov_reset_state(void (*func)(const uint8_t key[BT_PUB_KEY_LEN]));
int bt_mesh_prov_reset_state(void (*func)(const uint8_t key[PUB_KEY_SIZE]));
bool bt_mesh_prov_active(void);

2
subsys/bluetooth/mesh/proxy_srv.c
View file

@ -497,7 +497,7 @@ static int enc_id_adv(struct bt_mesh_subnet *sub, uint8_t type,
};
int err;
err = bt_encrypt_be(sub->keys[SUBNET_KEY_TX_IDX(sub)].identity, hash, hash);
err = bt_mesh_encrypt(sub->keys[SUBNET_KEY_TX_IDX(sub)].identity, hash, hash);
if (err) {
return err;
}