xref: /nrf52832-nimble/packages/NimBLE-latest/nimble/host/mesh/src/crypto.h (revision 042d53a763ad75cb1465103098bb88c245d95138) 
1 /*  Bluetooth Mesh */
2 
3 /*
4  * Copyright (c) 2017 Intel Corporation
5  *
6  * SPDX-License-Identifier: Apache-2.0
7  */
8 #ifndef __CRYPTO_H__
9 #define __CRYPTO_H__
10 
11 #include "mesh/mesh.h"
12 
13 struct bt_mesh_sg {
14 	const void *data;
15 	size_t len;
16 };
17 
18 int bt_mesh_aes_cmac(const u8_t key[16], struct bt_mesh_sg *sg,
19 		     size_t sg_len, u8_t mac[16]);
20 
bt_mesh_aes_cmac_one(const u8_t key[16],const void * m,size_t len,u8_t mac[16])21 static inline int bt_mesh_aes_cmac_one(const u8_t key[16], const void *m,
22 				       size_t len, u8_t mac[16])
23 {
24 	struct bt_mesh_sg sg = { m, len };
25 
26 	return bt_mesh_aes_cmac(key, &sg, 1, mac);
27 }
28 
bt_mesh_s1(const char * m,u8_t salt[16])29 static inline bool bt_mesh_s1(const char *m, u8_t salt[16])
30 {
31 	const u8_t zero[16] = { 0 };
32 
33 	return bt_mesh_aes_cmac_one(zero, m, strlen(m), salt);
34 }
35 
36 int bt_mesh_k1(const u8_t *ikm, size_t ikm_len, const u8_t salt[16],
37 	       const char *info, u8_t okm[16]);
38 
39 #define bt_mesh_k1_str(ikm, ikm_len, salt_str, info, okm) \
40 ({ \
41 	const u8_t salt[16] = salt_str; \
42 	bt_mesh_k1(ikm, ikm_len, salt, info, okm); \
43 })
44 
45 int bt_mesh_k2(const u8_t n[16], const u8_t *p, size_t p_len,
46 	       u8_t net_id[1], u8_t enc_key[16], u8_t priv_key[16]);
47 
48 int bt_mesh_k3(const u8_t n[16], u8_t out[8]);
49 
50 int bt_mesh_k4(const u8_t n[16], u8_t out[1]);
51 
52 int bt_mesh_id128(const u8_t n[16], const char *s, u8_t out[16]);
53 
bt_mesh_id_resolving_key(const u8_t net_key[16],u8_t resolving_key[16])54 static inline int bt_mesh_id_resolving_key(const u8_t net_key[16],
55 					   u8_t resolving_key[16])
56 {
57 	return bt_mesh_k1_str(net_key, 16, "smbt", "smbi", resolving_key);
58 }
59 
bt_mesh_identity_key(const u8_t net_key[16],u8_t identity_key[16])60 static inline int bt_mesh_identity_key(const u8_t net_key[16],
61 				       u8_t identity_key[16])
62 {
63 	return bt_mesh_id128(net_key, "nkik", identity_key);
64 }
65 
bt_mesh_beacon_key(const u8_t net_key[16],u8_t beacon_key[16])66 static inline int bt_mesh_beacon_key(const u8_t net_key[16],
67 				     u8_t beacon_key[16])
68 {
69 	return bt_mesh_id128(net_key, "nkbk", beacon_key);
70 }
71 
72 int bt_mesh_beacon_auth(const u8_t beacon_key[16], u8_t flags,
73 			const u8_t net_id[16], u32_t iv_index,
74 			u8_t auth[8]);
75 
bt_mesh_app_id(const u8_t app_key[16],u8_t app_id[1])76 static inline int bt_mesh_app_id(const u8_t app_key[16], u8_t app_id[1])
77 {
78 	return bt_mesh_k4(app_key, app_id);
79 }
80 
bt_mesh_session_key(const u8_t dhkey[32],const u8_t prov_salt[16],u8_t session_key[16])81 static inline int bt_mesh_session_key(const u8_t dhkey[32],
82 				      const u8_t prov_salt[16],
83 				      u8_t session_key[16])
84 {
85 	return bt_mesh_k1(dhkey, 32, prov_salt, "prsk", session_key);
86 }
87 
bt_mesh_prov_nonce(const u8_t dhkey[32],const u8_t prov_salt[16],u8_t nonce[13])88 static inline int bt_mesh_prov_nonce(const u8_t dhkey[32],
89 				     const u8_t prov_salt[16],
90 				     u8_t nonce[13])
91 {
92 	u8_t tmp[16];
93 	int err;
94 
95 	err = bt_mesh_k1(dhkey, 32, prov_salt, "prsn", tmp);
96 	if (!err) {
97 		memcpy(nonce, tmp + 3, 13);
98 	}
99 
100 	return err;
101 }
102 
bt_mesh_dev_key(const u8_t dhkey[32],const u8_t prov_salt[16],u8_t dev_key[16])103 static inline int bt_mesh_dev_key(const u8_t dhkey[32],
104 				  const u8_t prov_salt[16],
105 				  u8_t dev_key[16])
106 {
107 	return bt_mesh_k1(dhkey, 32, prov_salt, "prdk", dev_key);
108 }
109 
bt_mesh_prov_salt(const u8_t conf_salt[16],const u8_t prov_rand[16],const u8_t dev_rand[16],u8_t prov_salt[16])110 static inline int bt_mesh_prov_salt(const u8_t conf_salt[16],
111 				    const u8_t prov_rand[16],
112 				    const u8_t dev_rand[16],
113 				    u8_t prov_salt[16])
114 {
115 	const u8_t prov_salt_key[16] = { 0 };
116 	struct bt_mesh_sg sg[] = {
117 		{ conf_salt, 16 },
118 		{ prov_rand, 16 },
119 		{ dev_rand, 16 },
120 	};
121 
122 	return bt_mesh_aes_cmac(prov_salt_key, sg, ARRAY_SIZE(sg), prov_salt);
123 }
124 
125 int bt_mesh_net_obfuscate(u8_t *pdu, u32_t iv_index,
126 			  const u8_t privacy_key[16]);
127 
128 int bt_mesh_net_encrypt(const u8_t key[16], struct os_mbuf *buf,
129 			u32_t iv_index, bool proxy);
130 
131 int bt_mesh_net_decrypt(const u8_t key[16], struct os_mbuf *buf,
132 			u32_t iv_index, bool proxy);
133 
134 int bt_mesh_app_encrypt(const u8_t key[16], bool dev_key, u8_t aszmic,
135 			struct os_mbuf*buf, const u8_t *ad,
136 			u16_t src, u16_t dst, u32_t seq_num, u32_t iv_index);
137 
138 int bt_mesh_app_decrypt(const u8_t key[16], bool dev_key, u8_t aszmic,
139 			struct os_mbuf*buf, struct os_mbuf*out,
140 			const u8_t *ad, u16_t src, u16_t dst, u32_t seq_num,
141 			u32_t iv_index);
142 
143 u8_t bt_mesh_fcs_calc(const u8_t *data, u8_t data_len);
144 
145 bool bt_mesh_fcs_check(struct os_mbuf *buf, u8_t received_fcs);
146 
147 int bt_mesh_virtual_addr(const u8_t virtual_label[16], u16_t *addr);
148 
149 int bt_mesh_prov_conf_salt(const u8_t conf_inputs[145], u8_t salt[16]);
150 
151 int bt_mesh_prov_conf_key(const u8_t dhkey[32], const u8_t conf_salt[16],
152 			  u8_t conf_key[16]);
153 
154 int bt_mesh_prov_conf(const u8_t conf_key[16], const u8_t rand[16],
155 		      const u8_t auth[16], u8_t conf[16]);
156 
157 int bt_mesh_prov_decrypt(const u8_t key[16], u8_t nonce[13],
158 			 const u8_t data[25 + 8], u8_t out[25]);
159 
160 #endif
161