diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig index 9c91136647b..20a78dac3a4 100644 --- a/net/bluetooth/Kconfig +++ b/net/bluetooth/Kconfig @@ -54,6 +54,14 @@ config BLUETOOTH_CENTRAL select BLUETOOTH_CONN if BLUETOOTH_PERIPHERAL || BLUETOOTH_CENTRAL +config BLUETOOTH_SIGNING + bool + prompt "Data signing support" + default n + help + This option enables data signing which is used for transferring + authenticated data in an unencrypted connection. + config BLUETOOTH_MAX_CONN int prompt "Maximum number of simultaneous connections" diff --git a/net/bluetooth/keys.h b/net/bluetooth/keys.h index bab0689c476..7d07a137db1 100644 --- a/net/bluetooth/keys.h +++ b/net/bluetooth/keys.h @@ -71,8 +71,10 @@ struct bt_keys { struct bt_ltk slave_ltk; struct bt_ltk ltk; struct bt_irk irk; +#if defined(CONFIG_BLUETOOTH_SIGNING) struct bt_csrk local_csrk; struct bt_csrk remote_csrk; +#endif /* BLUETOOTH_SIGNING */ }; struct bt_keys *bt_keys_get_addr(const bt_addr_le_t *addr); diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 1977ded18e6..4e52c7819b6 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -57,8 +57,13 @@ #include "l2cap.h" #include "smp.h" +#if defined(CONFIG_BLUETOOTH_SIGNING) #define RECV_KEYS (BT_SMP_DIST_ID_KEY | BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_SIGN) #define SEND_KEYS (BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_SIGN) +#else +#define RECV_KEYS (BT_SMP_DIST_ID_KEY | BT_SMP_DIST_ENC_KEY) +#define SEND_KEYS (BT_SMP_DIST_ENC_KEY) +#endif /* CONFIG_BLUETOOTH_SIGNING */ enum pairing_method { JUST_WORKS, /* JustWorks pairing */ @@ -194,6 +199,7 @@ static void xor_128(const uint128_t *p, const uint128_t *q, uint128_t *r) r->b = p->b ^ q->b; } +#if defined(CONFIG_TINYCRYPT_AES) || defined(CONFIG_BLUETOOTH_SIGNING) /* swap octets for LE encrypt */ static void swap_buf(const uint8_t *src, uint8_t *dst, uint16_t len) { @@ -215,6 +221,7 @@ static void swap_in_place(uint8_t *buf, uint16_t len) buf[j] = tmp; } } +#endif /* CONFIG_TINYCRYPT_AES || CONFIG_BLUETOOTH_SIGNING */ #if defined(CONFIG_TINYCRYPT_AES) static int le_encrypt(const uint8_t key[16], const uint8_t plaintext[16], @@ -993,6 +1000,7 @@ static void bt_smp_distribute_keys(struct bt_conn *conn) bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf); } +#if defined(CONFIG_BLUETOOTH_SIGNING) if (smp->local_dist & BT_SMP_DIST_SIGN) { struct bt_smp_signing_info *info; @@ -1013,6 +1021,7 @@ static void bt_smp_distribute_keys(struct bt_conn *conn) bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf); } +#endif /* CONFIG_BLUETOOTH_SIGNING */ } static uint8_t smp_encrypt_info(struct bt_conn *conn, struct bt_buf *buf) @@ -1158,6 +1167,7 @@ static uint8_t smp_ident_addr_info(struct bt_conn *conn, struct bt_buf *buf) return 0; } +#if defined(CONFIG_BLUETOOTH_SIGNING) static uint8_t smp_signing_info(struct bt_conn *conn, struct bt_buf *buf) { struct bt_smp_signing_info *req = (void *)buf->data; @@ -1185,6 +1195,12 @@ static uint8_t smp_signing_info(struct bt_conn *conn, struct bt_buf *buf) return 0; } +#else +static uint8_t smp_signing_info(struct bt_conn *conn, struct bt_buf *buf) +{ + return BT_SMP_ERR_CMD_NOTSUPP; +} +#endif /* CONFIG_BLUETOOTH_SIGNING */ #if defined(CONFIG_BLUETOOTH_CENTRAL) static uint8_t smp_security_request(struct bt_conn *conn, struct bt_buf *buf) @@ -1393,7 +1409,7 @@ bool bt_smp_irk_matches(const uint8_t irk[16], const bt_addr_t *addr) return !memcmp(addr->val, hash, 3); } - +#if defined(CONFIG_BLUETOOTH_SIGNING) /* 1 bit left shift */ static void array_shift(const uint8_t *in, uint8_t *out) { @@ -1672,6 +1688,17 @@ int bt_smp_sign(struct bt_conn *conn, struct bt_buf *buf) return 0; } +#else +int bt_smp_sign_verify(struct bt_conn *conn, struct bt_buf *buf) +{ + return -ENOTSUP; +} + +int bt_smp_sign(struct bt_conn *conn, struct bt_buf *buf) +{ + return -ENOTSUP; +} +#endif /* CONFIG_BLUETOOTH_SIGNING */ #if defined(CONFIG_BLUETOOTH_SMP_SELFTEST) /* Test vectors are taken from RFC 4493 diff --git a/samples/bluetooth/shell/prj_arm.conf b/samples/bluetooth/shell/prj_arm.conf index e3f4049d30b..bab8667f194 100644 --- a/samples/bluetooth/shell/prj_arm.conf +++ b/samples/bluetooth/shell/prj_arm.conf @@ -6,3 +6,4 @@ CONFIG_BLUETOOTH_DEBUG=y CONFIG_CONSOLE_HANDLER=y CONFIG_BLUETOOTH_CENTRAL=y CONFIG_BLUETOOTH_PERIPHERAL=y +CONFIG_BLUETOOTH_SIGNING=y diff --git a/samples/bluetooth/shell/prj_x86.conf b/samples/bluetooth/shell/prj_x86.conf index 114a446bc71..8ca03200768 100644 --- a/samples/bluetooth/shell/prj_x86.conf +++ b/samples/bluetooth/shell/prj_x86.conf @@ -6,5 +6,6 @@ CONFIG_BLUETOOTH_UART=y CONFIG_CONSOLE_HANDLER=y CONFIG_BLUETOOTH_CENTRAL=y CONFIG_BLUETOOTH_PERIPHERAL=y +CONFIG_BLUETOOTH_SIGNING=y CONFIG_TINYCRYPT=y CONFIG_TINYCRYPT_AES=y diff --git a/samples/bluetooth/tester/prj_arm.conf b/samples/bluetooth/tester/prj_arm.conf index d5f93f3e7ad..78a4d445071 100644 --- a/samples/bluetooth/tester/prj_arm.conf +++ b/samples/bluetooth/tester/prj_arm.conf @@ -5,6 +5,7 @@ CONFIG_BLUETOOTH=y CONFIG_BLUETOOTH_UART=y CONFIG_BLUETOOTH_CENTRAL=y CONFIG_BLUETOOTH_PERIPHERAL=y +CONFIG_BLUETOOTH_SIGNING=y CONFIG_BLUETOOTH_DEBUG=y CONFIG_BLUETOOTH_DEBUG_HCI_CORE=y CONFIG_BLUETOOTH_DEBUG_BUF=y