| /* |
| * Copyright (c) 2017 Nordic Semiconductor ASA |
| * Copyright (c) 2015-2016 Intel Corporation |
| * |
| * SPDX-License-Identifier: Apache-2.0 |
| */ |
| |
| #include <string.h> |
| #include <errno.h> |
| |
| #include <zephyr.h> |
| #include <misc/byteorder.h> |
| |
| #include <bluetooth/bluetooth.h> |
| #include <bluetooth/hci.h> |
| #include <bluetooth/conn.h> |
| |
| #include <tinycrypt/constants.h> |
| #include <tinycrypt/hmac_prng.h> |
| #include <tinycrypt/aes.h> |
| #include <tinycrypt/utils.h> |
| |
| #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_HCI_CORE) |
| #define LOG_MODULE_NAME bt_crypto |
| #include "common/log.h" |
| |
| #include "hci_core.h" |
| |
| static struct tc_hmac_prng_struct prng; |
| |
| static int prng_reseed(struct tc_hmac_prng_struct *h) |
| { |
| u8_t seed[32]; |
| s64_t extra; |
| int ret, i; |
| |
| for (i = 0; i < (sizeof(seed) / 8); i++) { |
| struct bt_hci_rp_le_rand *rp; |
| struct net_buf *rsp; |
| |
| ret = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp); |
| if (ret) { |
| return ret; |
| } |
| |
| rp = (void *)rsp->data; |
| memcpy(&seed[i * 8], rp->rand, 8); |
| |
| net_buf_unref(rsp); |
| } |
| |
| extra = k_uptime_get(); |
| |
| ret = tc_hmac_prng_reseed(h, seed, sizeof(seed), (u8_t *)&extra, |
| sizeof(extra)); |
| if (ret == TC_CRYPTO_FAIL) { |
| BT_ERR("Failed to re-seed PRNG"); |
| return -EIO; |
| } |
| |
| return 0; |
| } |
| |
| int prng_init(void) |
| { |
| struct bt_hci_rp_le_rand *rp; |
| struct net_buf *rsp; |
| int ret; |
| |
| /* Check first that HCI_LE_Rand is supported */ |
| if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 7)) { |
| return -ENOTSUP; |
| } |
| |
| ret = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp); |
| if (ret) { |
| return ret; |
| } |
| |
| rp = (void *)rsp->data; |
| |
| ret = tc_hmac_prng_init(&prng, rp->rand, sizeof(rp->rand)); |
| |
| net_buf_unref(rsp); |
| |
| if (ret == TC_CRYPTO_FAIL) { |
| BT_ERR("Failed to initialize PRNG"); |
| return -EIO; |
| } |
| |
| /* re-seed is needed after init */ |
| return prng_reseed(&prng); |
| } |
| |
| int bt_rand(void *buf, size_t len) |
| { |
| int ret; |
| |
| ret = tc_hmac_prng_generate(buf, len, &prng); |
| if (ret == TC_HMAC_PRNG_RESEED_REQ) { |
| ret = prng_reseed(&prng); |
| if (ret) { |
| return ret; |
| } |
| |
| ret = tc_hmac_prng_generate(buf, len, &prng); |
| } |
| |
| if (ret == TC_CRYPTO_SUCCESS) { |
| return 0; |
| } |
| |
| return -EIO; |
| } |
| |
| int bt_encrypt_le(const u8_t key[16], const u8_t plaintext[16], |
| u8_t enc_data[16]) |
| { |
| struct tc_aes_key_sched_struct s; |
| u8_t tmp[16]; |
| |
| BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); |
| |
| sys_memcpy_swap(tmp, key, 16); |
| |
| if (tc_aes128_set_encrypt_key(&s, tmp) == TC_CRYPTO_FAIL) { |
| return -EINVAL; |
| } |
| |
| sys_memcpy_swap(tmp, plaintext, 16); |
| |
| if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) { |
| return -EINVAL; |
| } |
| |
| sys_mem_swap(enc_data, 16); |
| |
| BT_DBG("enc_data %s", bt_hex(enc_data, 16)); |
| |
| return 0; |
| } |
| |
| int bt_encrypt_be(const u8_t key[16], const u8_t plaintext[16], |
| u8_t enc_data[16]) |
| { |
| struct tc_aes_key_sched_struct s; |
| |
| BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); |
| |
| if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) { |
| return -EINVAL; |
| } |
| |
| if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) { |
| return -EINVAL; |
| } |
| |
| BT_DBG("enc_data %s", bt_hex(enc_data, 16)); |
| |
| return 0; |
| } |