sm: use btstack_crypto (lifted from btstack-crypto branch)

2025-03-23 19:20:51 +00:00 · 2018-04-04 15:53:01 +02:00 · 2018-04-04 15:53:01 +02:00 · d1a1f6a4cf
commit d1a1f6a4cf
parent 13aa3e4b90
6 changed files with 1711 additions and 1009 deletions
--- a/example/Makefile.inc
+++ b/example/Makefile.inc
@ -36,6 +36,7 @@ COMMON += \
 	l2cap.c			            \
 	l2cap_signaling.c	        \
 	btstack_tlv.c               \
+	btstack_crypto.c            \

 CLASSIC += \
 	btstack_link_key_db_memory.c   \
--- a/src/ble/att_server.c
+++ b/src/ble/att_server.c
@ -65,6 +65,9 @@
 #include "hci_dump.h"
 #include "l2cap.h"
 #include "btstack_tlv.h"
+#ifdef ENABLE_LE_SIGNED_WRITE
+#include "ble/sm.h"
+#endif

 #ifndef NVN_NUM_GATT_SERVER_CCC
 #define NVN_NUM_GATT_SERVER_CCC 20
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
--- a/src/ble/sm.h
+++ b/src/ble/sm.h
@ -170,22 +170,11 @@ void sm_authorization_decline(hci_con_handle_t con_handle);
 */
 void sm_authorization_grant(hci_con_handle_t con_handle);

-
 /**
- * @brief Check if CMAC AES engine is ready
- * @return ready
+ * @brief Support for signed writes, used by att_server.
+ * @returns ready
 */
- int sm_cmac_ready(void);
-
-/*
- * @brief Generic CMAC AES
- * @param key
- * @param message_len
- * @param get_byte_callback
- * @param done_callback
- * @note hash is 16 bytes in big endian
- */
-void sm_cmac_general_start(const sm_key_t key, uint16_t message_len, uint8_t (*get_byte_callback)(uint16_t offset), void (*done_callback)(uint8_t * hash));
+int sm_cmac_ready(void);

 /**
 * @brief Support for signed writes, used by att_server.
@ -215,15 +204,6 @@ int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr);
 */
 int sm_le_device_index(hci_con_handle_t con_handle );

-/**
- * @brief Set Elliptic Key Public/Private Keypair
- * @note Using the same key for more than one device is not recommended. 
- * @param qx 32 bytes
- * @param qy 32 bytes
- * @param d  32 bytes
- */
-void sm_use_fixed_ec_keypair(uint8_t * qx, uint8_t * qy, uint8_t * d);
-
 /**
 * @brief Use fixec passkey for Legacy and SC instead of generating a random number
 * @note Can be used to improve security over Just Works if no keyboard or displary are present and 
@ -264,7 +244,6 @@ void sm_register_sc_oob_data_callback( int (*get_sc_oob_data_callback)(uint8_t a
 // PTS testing
 void sm_test_set_irk(sm_key_t irk);
 void sm_test_use_fixed_local_csrk(void);
-void sm_test_use_fixed_ec_keypair(void);

 #ifdef ENABLE_TESTING_SUPPORT
 void sm_test_set_pairing_failure(int reason);
--- a/src/btstack_crypto.c
+++ b/src/btstack_crypto.c
--- a/src/btstack_crypto.h
+++ b/src/btstack_crypto.h
@ -0,0 +1,258 @@
+/*
+ * Copyright (C) 2017 BlueKitchen GmbH
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holders nor the names of
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 4. Any redistribution, use, or modification is done solely for
+ *    personal benefit and not for any commercial purpose or for
+ *    monetary gain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS
+ * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Please inquire about commercial licensing options at 
+ * contact@bluekitchen-gmbh.com
+ *
+ */
+
+/*
+ * btstack_crypto.h
+ *
+ * Central place for all crypto-related functions with completion callbacks to allow
+ * using of MCU crypto peripherals or the Bluetooth controller
+ */
+
+#ifndef __BTSTACK_CTRYPTO_H
+#define __BTSTACK_CTRYPTO_H
+
+#include "btstack_defines.h"
+
+#if defined __cplusplus
+extern "C" {
+#endif
+
+#define CMAC_TEMP_API
+
+typedef enum {
+	BTSTACK_CRYPTO_RANDOM,
+	BTSTACK_CRYPTO_AES128,
+	BTSTACK_CRYPTO_CMAC_GENERATOR,
+	BTSTACK_CRYPTO_CMAC_MESSAGE,
+	BTSTACK_CRYPTO_ECC_P256_GENERATE_KEY,
+	BTSTACK_CRYPTO_ECC_P256_CALCULATE_DHKEY,
+	BTSTACK_CRYPTO_CCM_ENCRYPT_BLOCK,
+	BTSTACK_CRYPTO_CCM_DECRYPT_BLOCK,
+} btstack_crypto_operation_t;
+
+typedef struct {
+	btstack_context_callback_registration_t context_callback;
+	btstack_crypto_operation_t              operation;	
+} btstack_crypto_t;
+
+typedef struct {
+	btstack_crypto_t btstack_crypto;
+	uint8_t  * buffer;
+	uint16_t   size;
+} btstack_crypto_random_t;
+
+typedef struct {
+	btstack_crypto_t btstack_crypto;
+	const uint8_t  * key;
+	const uint8_t  * plaintext;
+	uint8_t  * ciphertext;
+} btstack_crypto_aes128_t;
+
+typedef struct {
+	btstack_crypto_t btstack_crypto;
+	const uint8_t  * key;
+	uint16_t         size;
+	union {
+		uint8_t (*get_byte_callback)(uint16_t pos);
+		const uint8_t * message;
+	};
+	uint8_t  * hash;
+} btstack_crypto_aes128_cmac_t;
+
+typedef struct {
+	btstack_crypto_t btstack_crypto;
+	uint8_t * public_key;
+    uint8_t * dhkey;
+} btstack_crypto_ecc_p256_t;
+
+typedef enum {
+    CCM_CALCULATE_X1,
+    CCM_W4_X1,
+    CCM_CALCULATE_XN,
+    CCM_W4_XN,
+    CCM_CALCULATE_S0,
+    CCM_W4_S0,
+    CCM_CALCULATE_SN,
+    CCM_W4_SN,
+} btstack_crypto_ccm_state_t;
+
+typedef struct {
+	btstack_crypto_t btstack_crypto;
+	btstack_crypto_ccm_state_t state;
+	const uint8_t * key;
+	const uint8_t * nonce;
+	const uint8_t * input;
+	uint8_t       * output;
+	uint8_t         x_i[16];
+	uint16_t        message_len;
+	uint16_t        block_len;
+	uint16_t        counter;
+} btstack_crypto_ccm_t;
+
+/** 
+ * Initialize crypto functions
+ */
+void btstack_crypto_init(void);
+
+/** 
+ * Generate random data
+ * @param request
+ * @param buffer for output
+ * @param size of requested random data
+ * @param callback
+ * @param callback_arg
+ * @note request needs to stay avaliable until callback (i.e. not provided on stack)
+ */
+void btstack_crypto_random_generate(btstack_crypto_random_t * request, uint8_t * buffer, uint16_t size, void (* callback)(void * arg), void * callback_arg);
+
+/** 
+ * Encrypt plaintext using AES128
+ * @param request
+ * @param key (16 bytes)
+ * @param plaintext (16 bytes)
+ * @param ciphertext (16 bytes)
+ * @param callback
+ * @param callback_arg
+ * @note request needs to stay avaliable until callback (i.e. not provided on stack)
+ */
+void btstack_crypto_aes128_encrypt(btstack_crypto_aes128_t * request, const uint8_t * key, const uint8_t * plaintext, uint8_t * ciphertext, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Calculate Cipher-based Message Authentication Code (CMAC) using AES128 and a generator function to provide data
+ * @param request
+ * @param key (16 bytes)
+ * @param size of message
+ * @param generator provides byte at requested position
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_aes128_cmac_generator(btstack_crypto_aes128_cmac_t * request, const uint8_t * key, uint16_t size, uint8_t (*get_byte_callback)(uint16_t pos), uint8_t * hash, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Calculate Cipher-based Message Authentication Code (CMAC) using AES128 and complete message
+ * @param request
+ * @param key (16 bytes)
+ * @param len of message
+ * @param message
+ * @param hash result
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_aes128_cmac_message(btstack_crypto_aes128_cmac_t * request, const uint8_t * key, uint16_t len, const uint8_t * message,  uint8_t * hash, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Calculate AES128-CMAC with key ZERO and complete message
+ * @param request
+ * @param len of message
+ * @param message
+ * @param hash
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_aes128_cmac_zero(btstack_crypto_aes128_cmac_t * request, uint16_t len, const uint8_t * message,  uint8_t * hash, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Generate Elliptic Curve Public/Private Key Pair (FIPS P-256)
+ * @note BTstack uses a single ECC key pair per reset. 
+ * @note If LE Controller is used for ECC, private key cannot be read or managed
+ * @param request
+ * @param public_key (64 bytes)
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_ecc_p256_generate_key(btstack_crypto_ecc_p256_t * request, uint8_t * public_key, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Calculate Diffie-Hellman Key based on local private key and remote public key
+ * @param request
+ * @param public_key (64 bytes)
+ * @param dhkey (32 bytes)
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_ecc_p256_calculate_dhkey(btstack_crypto_ecc_p256_t * request, const uint8_t * public_key, uint8_t * dhkey, void (* callback)(void * arg), void * callback_arg);
+
+/*
+ * Validate public key (not implemented for LE Controller ECC)
+ * @param public_key (64 bytes)
+ * @result 0 == valid
+ */
+int btstack_crypto_ecc_p256_validate_public_key(const uint8_t * public_key);
+
+/** 
+ * Initialize Counter with CBC-MAC for Bluetooth Mesh (L=2,M=8)
+ * @param request
+ * @param nonce
+ * @param key
+ * @param message_len
+ */
+void btstack_crypo_ccm_init(btstack_crypto_ccm_t * request, const uint8_t * key, const uint8_t * nonce, uint16_t message_len);
+
+/** 
+ * Get authentication value (M=8) after encrypt or decrypt operation
+ * @param request
+ * @param authentication_value
+ */
+void btstack_crypo_ccm_get_authentication_value(btstack_crypto_ccm_t * request, uint8_t * authentication_value);
+
+/**
+ * Encrypt block - can be called multiple times. len must be a multiply of 16 for all but the last call
+ * @param request
+ * @param len (16 bytes for all but the last block)
+ * @param plaintext  (16 bytes)
+ * @param ciphertext (16 bytes)
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_ccm_encrypt_block(btstack_crypto_ccm_t * request, uint16_t len, const uint8_t * plaintext, uint8_t * ciphertext, void (* callback)(void * arg), void * callback_arg);
+
+/**
+ * Decrypt block - can be called multiple times. len must be a multiply of 16 for all but the last call
+ * @param request
+ * @param len (16 for all but last block)
+ * @param ciphertext (16 bytes)
+ * @param plaintext  (16 bytes)
+ * @param callback
+ * @param callback_arg
+ */
+void btstack_crypto_ccm_decrypt_block(btstack_crypto_ccm_t * request, uint16_t len, const uint8_t * ciphertext, uint8_t * plaintext, void (* callback)(void * arg), void * callback_arg);
+
+#if defined __cplusplus
+}
+#endif
+
+#endif /* __BTSTACK_CTRYPTO_H */