Loading system/gd/crypto_toolbox/aes_cmac.cc +16 −13 Original line number Diff line number Diff line Loading @@ -26,9 +26,12 @@ #include "crypto_toolbox/aes.h" #include "crypto_toolbox/crypto_toolbox.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { using hci::kOctet16Length; using hci::Octet16; namespace { Loading @@ -44,14 +47,14 @@ thread_local tCMAC_CB cmac_cb; Octet16 const_Rb{0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; /** utility function to do an biteise exclusive-OR of two bit strings of the * length of OCTET16_LEN. Result is stored in first argument. * length of kOctet16Length. Result is stored in first argument. */ static void xor_128(Octet16* a, const Octet16& b) { // CHECK(a); uint8_t i, *aa = a->data(); const uint8_t* bb = b.data(); for (i = 0; i < OCTET16_LEN; i++) { for (i = 0; i < kOctet16Length; i++) { aa[i] = aa[i] ^ bb[i]; } } Loading @@ -76,18 +79,18 @@ Octet16 aes_128(const Octet16& key, const Octet16& message) { /** utility function to padding the given text to be a 128 bits data. The * parameter dest is input and output parameter, it must point to a * OCTET16_LEN memory space; where include length bytes valid data. */ * kOctet16Length memory space; where include length bytes valid data. */ static void padding(Octet16* dest, uint8_t length) { uint8_t i, *p = dest->data(); /* original last block */ for (i = length; i < OCTET16_LEN; i++) p[OCTET16_LEN - i - 1] = (i == length) ? 0x80 : 0; for (i = length; i < kOctet16Length; i++) p[kOctet16Length - i - 1] = (i == length) ? 0x80 : 0; } /** utility function to left shift one bit for a 128 bits value. */ static void leftshift_onebit(uint8_t* input, uint8_t* output) { uint8_t i, overflow = 0, next_overflow = 0; /* input[0] is LSB */ for (i = 0; i < OCTET16_LEN; i++) { for (i = 0; i < kOctet16Length; i++) { next_overflow = (input[i] & 0x80) ? 1 : 0; output[i] = (input[i] << 1) | overflow; overflow = next_overflow; Loading @@ -103,9 +106,9 @@ static Octet16 cmac_aes_k_calculate(const Octet16& key) { uint16_t i = 1; while (i <= cmac_cb.round) { /* Mi' := Mi (+) X */ xor_128((Octet16*)&cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN], x); xor_128((Octet16*)&cmac_cb.text[(cmac_cb.round - i) * kOctet16Length], x); output = aes_128(key, &cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN], OCTET16_LEN); output = aes_128(key, &cmac_cb.text[(cmac_cb.round - i) * kOctet16Length], kOctet16Length); x = output; i++; } Loading @@ -121,7 +124,7 @@ static void cmac_prepare_last_block(const Octet16& k1, const Octet16& k2) { bool flag; /* last block is a complete block set flag to 1 */ flag = ((cmac_cb.len % OCTET16_LEN) == 0 && cmac_cb.len != 0) ? true : false; flag = ((cmac_cb.len % kOctet16Length) == 0 && cmac_cb.len != 0) ? true : false; if (flag) { /* last block is complete block */ xor_128((Octet16*)&cmac_cb.text[0], k1); Loading @@ -138,13 +141,13 @@ static void cmac_prepare_last_block(const Octet16& k1, const Octet16& k2) { */ static void cmac_generate_subkey(const Octet16& key) { Octet16 zero{}; Octet16 p = aes_128(key, zero.data(), OCTET16_LEN); Octet16 p = aes_128(key, zero.data(), kOctet16Length); Octet16 k1, k2; uint8_t* pp = p.data(); /* If MSB(L) = 0, then K1 = L << 1 */ if ((pp[OCTET16_LEN - 1] & 0x80) != 0) { if ((pp[kOctet16Length - 1] & 0x80) != 0) { /* Else K1 = ( L << 1 ) (+) Rb */ leftshift_onebit(pp, k1.data()); xor_128(&k1, const_Rb); Loading @@ -152,7 +155,7 @@ static void cmac_generate_subkey(const Octet16& key) { leftshift_onebit(pp, k1.data()); } if ((k1[OCTET16_LEN - 1] & 0x80) != 0) { if ((k1[kOctet16Length - 1] & 0x80) != 0) { /* K2 = (K1 << 1) (+) Rb */ leftshift_onebit(k1.data(), k2.data()); xor_128(&k2, const_Rb); Loading @@ -172,10 +175,10 @@ Octet16 aes_cmac(const Octet16& key, const uint8_t* input, uint16_t length) { uint32_t len; uint16_t diff; /* n is number of rounds */ uint16_t n = (length + OCTET16_LEN - 1) / OCTET16_LEN; uint16_t n = (length + kOctet16Length - 1) / kOctet16Length; if (n == 0) n = 1; len = n * OCTET16_LEN; len = n * kOctet16Length; /* allocate a memory space of multiple of 16 bytes to hold text */ cmac_cb.text = (uint8_t*)alloca(len); Loading system/gd/crypto_toolbox/crypto_toolbox.cc +26 −21 Original line number Diff line number Diff line Loading @@ -20,12 +20,14 @@ #include <algorithm> #include "crypto_toolbox/aes.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { constexpr int OCTET32_LEN = 32; using hci::kOctet16Length; using hci::kOctet32Length; using hci::Octet16; using hci::Octet32; Octet16 h6(const Octet16& w, std::array<uint8_t, 4> keyid) { return aes_cmac(w, keyid.data(), keyid.size()); Loading @@ -36,16 +38,17 @@ Octet16 h7(const Octet16& salt, const Octet16& w) { } Octet16 f4(uint8_t* u, uint8_t* v, const Octet16& x, uint8_t z) { constexpr size_t msg_len = OCTET32_LEN /* U size */ + OCTET32_LEN /* V size */ + 1 /* Z size */; constexpr size_t msg_len = kOctet32Length /* U size */ + kOctet32Length /* V size */ + 1 /* Z size */; // VLOG(1) << "U=" << HexEncode(u, OCTET32_LEN) << ", V=" << HexEncode(v, OCTET32_LEN) // VLOG(1) << "U=" << HexEncode(u, kOctet32Length) << ", V=" << HexEncode(v, kOctet32Length) // << ", X=" << HexEncode(x.data(), x.size()) << ", Z=" << std::hex << +z; std::array<uint8_t, msg_len> msg; auto it = msg.begin(); it = std::copy(&z, &z + 1, it); it = std::copy(v, v + OCTET32_LEN, it); it = std::copy(u, u + OCTET32_LEN, it); it = std::copy(v, v + kOctet32Length, it); it = std::copy(u, u + kOctet32Length, it); return aes_cmac(x, msg.data(), msg.size()); } Loading @@ -59,8 +62,9 @@ static Octet16 calculate_mac_key_or_ltk( uint8_t* a1, uint8_t* a2, uint8_t* length) { constexpr size_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + OCTET16_LEN /* N1 size */ + OCTET16_LEN /* N2 size */ + 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; constexpr size_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + kOctet16Length /* N1 size */ + kOctet16Length /* N2 size */ + 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; std::array<uint8_t, msg_len> msg; auto it = msg.begin(); Loading @@ -76,13 +80,13 @@ static Octet16 calculate_mac_key_or_ltk( } void f5(uint8_t* w, const Octet16& n1, const Octet16& n2, uint8_t* a1, uint8_t* a2, Octet16* mac_key, Octet16* ltk) { // VLOG(1) << __func__ << "W=" << HexEncode(w, OCTET32_LEN) << ", N1=" << // VLOG(1) << __func__ << "W=" << HexEncode(w, kOctet32Length) << ", N1=" << // HexEncode(n1.data(), n1.size()) // << ", N2=" << HexEncode(n2.data(), n2.size()) << ", A1=" << HexEncode(a1, 7) << ", // A2=" << HexEncode(a2, 7); const Octet16 salt{0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60, 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C}; Octet16 t = aes_cmac(salt, w, OCTET32_LEN); Octet16 t = aes_cmac(salt, w, kOctet32Length); // VLOG(1) << "T=" << HexEncode(t.data(), t.size()); Loading @@ -99,8 +103,9 @@ void f5(uint8_t* w, const Octet16& n1, const Octet16& n2, uint8_t* a1, uint8_t* Octet16 f6(const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, uint8_t* iocap, uint8_t* a1, uint8_t* a2) { const uint8_t msg_len = OCTET16_LEN /* N1 size */ + OCTET16_LEN /* N2 size */ + OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ + 7 /* A2 size*/; const uint8_t msg_len = kOctet16Length /* N1 size */ + kOctet16Length /* N2 size */ + kOctet16Length /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ + 7 /* A2 size*/; // VLOG(1) << __func__ << "W=" << HexEncode(w.data(), w.size()) << ", N1=" << // HexEncode(n1.data(), n1.size()) Loading @@ -122,18 +127,18 @@ f6(const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, uin } uint32_t g2(uint8_t* u, uint8_t* v, const Octet16& x, const Octet16& y) { constexpr size_t msg_len = OCTET32_LEN /* U size */ + OCTET32_LEN /* V size */ + OCTET16_LEN /* Y size */; constexpr size_t msg_len = kOctet32Length /* U size */ + kOctet32Length /* V size */ + kOctet16Length /* Y size */; // VLOG(1) << __func__ << "U=" << HexEncode(u, OCTET32_LEN) << ", V=" << HexEncode(v, // OCTET32_LEN) // VLOG(1) << __func__ << "U=" << HexEncode(u, kOctet32Length) << ", V=" << HexEncode(v, // kOctet32Length) // << ", X=" << HexEncode(x.data(), x.size()) << ", Y=" << HexEncode(y.data(), y.size()); std::array<uint8_t, msg_len> msg; auto it = msg.begin(); it = std::copy(y.begin(), y.end(), it); it = std::copy(v, v + OCTET32_LEN, it); it = std::copy(u, u + OCTET32_LEN, it); it = std::copy(v, v + kOctet32Length, it); it = std::copy(u, u + kOctet32Length, it); Octet16 cmac = aes_cmac(x, msg.data(), msg.size()); Loading Loading @@ -191,7 +196,7 @@ Octet16 c1( it = std::copy(preq, preq + 7, it); it = std::copy(pres, pres + 7, it); for (uint8_t i = 0; i < OCTET16_LEN; i++) { for (uint8_t i = 0; i < kOctet16Length; i++) { p1[i] = r[i] ^ p1[i]; } Loading @@ -204,7 +209,7 @@ Octet16 c1( it = std::copy(ia, ia + 6, it); it = std::copy(padding.begin(), padding.end(), it); for (uint8_t i = 0; i < OCTET16_LEN; i++) { for (uint8_t i = 0; i < kOctet16Length; i++) { p2[i] = p1bis[i] ^ p2[i]; } Loading system/gd/crypto_toolbox/crypto_toolbox.h +32 −30 Original line number Diff line number Diff line Loading @@ -26,65 +26,67 @@ namespace bluetooth { namespace crypto_toolbox { constexpr int OCTET16_LEN = hci::kOctet16Length; using Octet16 = hci::Octet16; Octet16 c1( const Octet16& k, const Octet16& r, hci::Octet16 c1( const hci::Octet16& k, const hci::Octet16& r, const uint8_t* pres, const uint8_t* preq, const uint8_t iat, const uint8_t* ia, const uint8_t rat, const uint8_t* ra); Octet16 s1(const Octet16& k, const Octet16& r1, const Octet16& r2); hci::Octet16 s1(const hci::Octet16& k, const hci::Octet16& r1, const hci::Octet16& r2); Octet16 aes_128(const Octet16& key, const Octet16& message); Octet16 aes_cmac(const Octet16& key, const uint8_t* message, uint16_t length); Octet16 f4(uint8_t* u, uint8_t* v, const Octet16& x, uint8_t z); hci::Octet16 aes_128(const hci::Octet16& key, const hci::Octet16& message); hci::Octet16 aes_cmac(const hci::Octet16& key, const uint8_t* message, uint16_t length); hci::Octet16 f4(uint8_t* u, uint8_t* v, const hci::Octet16& x, uint8_t z); void f5( uint8_t* w, const Octet16& n1, const Octet16& n2, const hci::Octet16& n1, const hci::Octet16& n2, uint8_t* a1, uint8_t* a2, Octet16* mac_key, Octet16* ltk); Octet16 f6( const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, hci::Octet16* mac_key, hci::Octet16* ltk); hci::Octet16 f6( const hci::Octet16& w, const hci::Octet16& n1, const hci::Octet16& n2, const hci::Octet16& r, uint8_t* iocap, uint8_t* a1, uint8_t* a2); Octet16 h6(const Octet16& w, std::array<uint8_t, 4> keyid); Octet16 h7(const Octet16& salt, const Octet16& w); uint32_t g2(uint8_t* u, uint8_t* v, const Octet16& x, const Octet16& y); Octet16 ltk_to_link_key(const Octet16& ltk, bool use_h7); Octet16 link_key_to_ltk(const Octet16& link_key, bool use_h7); hci::Octet16 h6(const hci::Octet16& w, std::array<uint8_t, 4> keyid); hci::Octet16 h7(const hci::Octet16& salt, const hci::Octet16& w); uint32_t g2(uint8_t* u, uint8_t* v, const hci::Octet16& x, const hci::Octet16& y); hci::Octet16 ltk_to_link_key(const hci::Octet16& ltk, bool use_h7); hci::Octet16 link_key_to_ltk(const hci::Octet16& link_key, bool use_h7); /* This function computes AES_128(key, message). |key| must be 128bit. * |message| can be at most 16 bytes long, it's length in bytes is given in * |length| */ inline Octet16 aes_128(const Octet16& key, const uint8_t* message, const uint8_t length) { inline hci::Octet16 aes_128(const hci::Octet16& key, const uint8_t* message, const uint8_t length) { // CHECK(length <= OCTET16_LEN) << "you tried aes_128 more than 16 bytes!"; Octet16 msg{0}; hci::Octet16 msg{0}; std::copy(message, message + length, msg.begin()); return aes_128(key, msg); } // |tlen| - lenth of mac desired // |p_signature| - data pointer to where signed data to be stored, tlen long. inline void aes_cmac(const Octet16& key, const uint8_t* message, uint16_t length, uint16_t tlen, uint8_t* p_signature) { Octet16 signature = aes_cmac(key, message, length); inline void aes_cmac( const hci::Octet16& key, const uint8_t* message, uint16_t length, uint16_t tlen, uint8_t* p_signature) { hci::Octet16 signature = aes_cmac(key, message, length); uint8_t* p_mac = signature.data() + (OCTET16_LEN - tlen); uint8_t* p_mac = signature.data() + (hci::kOctet16Length - tlen); memcpy(p_signature, p_mac, tlen); } inline Octet16 aes_cmac(const Octet16& key, const Octet16& message) { inline hci::Octet16 aes_cmac(const hci::Octet16& key, const hci::Octet16& message) { return aes_cmac(key, message.data(), message.size()); } Loading system/gd/crypto_toolbox/crypto_toolbox_test.cc +4 −1 Original line number Diff line number Diff line Loading @@ -23,9 +23,12 @@ #include <vector> #include "crypto_toolbox/aes.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { using hci::kOctet16Length; using hci::Octet16; // BT Spec 5.0 | Vol 3, Part H D.1 TEST(CryptoToolboxTest, bt_spec_test_d_1_test) { Loading @@ -41,7 +44,7 @@ TEST(CryptoToolboxTest, bt_spec_test_d_1_test) { aes_set_key(k, sizeof(k), &ctx); aes_encrypt(m, output, &ctx); /* outputs in byte 48 to byte 63 */ EXPECT_TRUE(memcmp(output, aes_cmac_k_m, OCTET16_LEN) == 0); EXPECT_TRUE(memcmp(output, aes_cmac_k_m, kOctet16Length) == 0); // useful for debugging // LOG(INFO) << "k " << base::HexEncode(k, OCTET16_LEN); Loading system/gd/hci/acl_manager.cc +2 −4 Original line number Diff line number Diff line Loading @@ -19,12 +19,10 @@ #include <atomic> #include <future> #include <mutex> #include <set> #include "common/bidi_queue.h" #include "hci/acl_manager/acl_scheduler.h" #include "hci/acl_manager/classic_impl.h" #include "hci/acl_manager/connection_management_callbacks.h" #include "hci/acl_manager/le_acceptlist_callbacks.h" #include "hci/acl_manager/le_acl_connection.h" #include "hci/acl_manager/le_impl.h" Loading Loading @@ -280,7 +278,7 @@ void AclManager::SetPrivacyPolicyForInitiatorAddress( AddressWithType fixed_address, std::chrono::milliseconds minimum_rotation_time, std::chrono::milliseconds maximum_rotation_time) { crypto_toolbox::Octet16 rotation_irk{}; Octet16 rotation_irk{}; auto irk_prop = GetDependency<storage::StorageModule>()->GetProperty("Adapter", "LE_LOCAL_KEY_IRK"); if (irk_prop.has_value()) { Loading @@ -303,7 +301,7 @@ void AclManager::SetPrivacyPolicyForInitiatorAddress( void AclManager::SetPrivacyPolicyForInitiatorAddressForTest( LeAddressManager::AddressPolicy address_policy, AddressWithType fixed_address, crypto_toolbox::Octet16 rotation_irk, Octet16 rotation_irk, std::chrono::milliseconds minimum_rotation_time, std::chrono::milliseconds maximum_rotation_time) { CallOn( Loading Loading
system/gd/crypto_toolbox/aes_cmac.cc +16 −13 Original line number Diff line number Diff line Loading @@ -26,9 +26,12 @@ #include "crypto_toolbox/aes.h" #include "crypto_toolbox/crypto_toolbox.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { using hci::kOctet16Length; using hci::Octet16; namespace { Loading @@ -44,14 +47,14 @@ thread_local tCMAC_CB cmac_cb; Octet16 const_Rb{0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; /** utility function to do an biteise exclusive-OR of two bit strings of the * length of OCTET16_LEN. Result is stored in first argument. * length of kOctet16Length. Result is stored in first argument. */ static void xor_128(Octet16* a, const Octet16& b) { // CHECK(a); uint8_t i, *aa = a->data(); const uint8_t* bb = b.data(); for (i = 0; i < OCTET16_LEN; i++) { for (i = 0; i < kOctet16Length; i++) { aa[i] = aa[i] ^ bb[i]; } } Loading @@ -76,18 +79,18 @@ Octet16 aes_128(const Octet16& key, const Octet16& message) { /** utility function to padding the given text to be a 128 bits data. The * parameter dest is input and output parameter, it must point to a * OCTET16_LEN memory space; where include length bytes valid data. */ * kOctet16Length memory space; where include length bytes valid data. */ static void padding(Octet16* dest, uint8_t length) { uint8_t i, *p = dest->data(); /* original last block */ for (i = length; i < OCTET16_LEN; i++) p[OCTET16_LEN - i - 1] = (i == length) ? 0x80 : 0; for (i = length; i < kOctet16Length; i++) p[kOctet16Length - i - 1] = (i == length) ? 0x80 : 0; } /** utility function to left shift one bit for a 128 bits value. */ static void leftshift_onebit(uint8_t* input, uint8_t* output) { uint8_t i, overflow = 0, next_overflow = 0; /* input[0] is LSB */ for (i = 0; i < OCTET16_LEN; i++) { for (i = 0; i < kOctet16Length; i++) { next_overflow = (input[i] & 0x80) ? 1 : 0; output[i] = (input[i] << 1) | overflow; overflow = next_overflow; Loading @@ -103,9 +106,9 @@ static Octet16 cmac_aes_k_calculate(const Octet16& key) { uint16_t i = 1; while (i <= cmac_cb.round) { /* Mi' := Mi (+) X */ xor_128((Octet16*)&cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN], x); xor_128((Octet16*)&cmac_cb.text[(cmac_cb.round - i) * kOctet16Length], x); output = aes_128(key, &cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN], OCTET16_LEN); output = aes_128(key, &cmac_cb.text[(cmac_cb.round - i) * kOctet16Length], kOctet16Length); x = output; i++; } Loading @@ -121,7 +124,7 @@ static void cmac_prepare_last_block(const Octet16& k1, const Octet16& k2) { bool flag; /* last block is a complete block set flag to 1 */ flag = ((cmac_cb.len % OCTET16_LEN) == 0 && cmac_cb.len != 0) ? true : false; flag = ((cmac_cb.len % kOctet16Length) == 0 && cmac_cb.len != 0) ? true : false; if (flag) { /* last block is complete block */ xor_128((Octet16*)&cmac_cb.text[0], k1); Loading @@ -138,13 +141,13 @@ static void cmac_prepare_last_block(const Octet16& k1, const Octet16& k2) { */ static void cmac_generate_subkey(const Octet16& key) { Octet16 zero{}; Octet16 p = aes_128(key, zero.data(), OCTET16_LEN); Octet16 p = aes_128(key, zero.data(), kOctet16Length); Octet16 k1, k2; uint8_t* pp = p.data(); /* If MSB(L) = 0, then K1 = L << 1 */ if ((pp[OCTET16_LEN - 1] & 0x80) != 0) { if ((pp[kOctet16Length - 1] & 0x80) != 0) { /* Else K1 = ( L << 1 ) (+) Rb */ leftshift_onebit(pp, k1.data()); xor_128(&k1, const_Rb); Loading @@ -152,7 +155,7 @@ static void cmac_generate_subkey(const Octet16& key) { leftshift_onebit(pp, k1.data()); } if ((k1[OCTET16_LEN - 1] & 0x80) != 0) { if ((k1[kOctet16Length - 1] & 0x80) != 0) { /* K2 = (K1 << 1) (+) Rb */ leftshift_onebit(k1.data(), k2.data()); xor_128(&k2, const_Rb); Loading @@ -172,10 +175,10 @@ Octet16 aes_cmac(const Octet16& key, const uint8_t* input, uint16_t length) { uint32_t len; uint16_t diff; /* n is number of rounds */ uint16_t n = (length + OCTET16_LEN - 1) / OCTET16_LEN; uint16_t n = (length + kOctet16Length - 1) / kOctet16Length; if (n == 0) n = 1; len = n * OCTET16_LEN; len = n * kOctet16Length; /* allocate a memory space of multiple of 16 bytes to hold text */ cmac_cb.text = (uint8_t*)alloca(len); Loading
system/gd/crypto_toolbox/crypto_toolbox.cc +26 −21 Original line number Diff line number Diff line Loading @@ -20,12 +20,14 @@ #include <algorithm> #include "crypto_toolbox/aes.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { constexpr int OCTET32_LEN = 32; using hci::kOctet16Length; using hci::kOctet32Length; using hci::Octet16; using hci::Octet32; Octet16 h6(const Octet16& w, std::array<uint8_t, 4> keyid) { return aes_cmac(w, keyid.data(), keyid.size()); Loading @@ -36,16 +38,17 @@ Octet16 h7(const Octet16& salt, const Octet16& w) { } Octet16 f4(uint8_t* u, uint8_t* v, const Octet16& x, uint8_t z) { constexpr size_t msg_len = OCTET32_LEN /* U size */ + OCTET32_LEN /* V size */ + 1 /* Z size */; constexpr size_t msg_len = kOctet32Length /* U size */ + kOctet32Length /* V size */ + 1 /* Z size */; // VLOG(1) << "U=" << HexEncode(u, OCTET32_LEN) << ", V=" << HexEncode(v, OCTET32_LEN) // VLOG(1) << "U=" << HexEncode(u, kOctet32Length) << ", V=" << HexEncode(v, kOctet32Length) // << ", X=" << HexEncode(x.data(), x.size()) << ", Z=" << std::hex << +z; std::array<uint8_t, msg_len> msg; auto it = msg.begin(); it = std::copy(&z, &z + 1, it); it = std::copy(v, v + OCTET32_LEN, it); it = std::copy(u, u + OCTET32_LEN, it); it = std::copy(v, v + kOctet32Length, it); it = std::copy(u, u + kOctet32Length, it); return aes_cmac(x, msg.data(), msg.size()); } Loading @@ -59,8 +62,9 @@ static Octet16 calculate_mac_key_or_ltk( uint8_t* a1, uint8_t* a2, uint8_t* length) { constexpr size_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + OCTET16_LEN /* N1 size */ + OCTET16_LEN /* N2 size */ + 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; constexpr size_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + kOctet16Length /* N1 size */ + kOctet16Length /* N2 size */ + 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; std::array<uint8_t, msg_len> msg; auto it = msg.begin(); Loading @@ -76,13 +80,13 @@ static Octet16 calculate_mac_key_or_ltk( } void f5(uint8_t* w, const Octet16& n1, const Octet16& n2, uint8_t* a1, uint8_t* a2, Octet16* mac_key, Octet16* ltk) { // VLOG(1) << __func__ << "W=" << HexEncode(w, OCTET32_LEN) << ", N1=" << // VLOG(1) << __func__ << "W=" << HexEncode(w, kOctet32Length) << ", N1=" << // HexEncode(n1.data(), n1.size()) // << ", N2=" << HexEncode(n2.data(), n2.size()) << ", A1=" << HexEncode(a1, 7) << ", // A2=" << HexEncode(a2, 7); const Octet16 salt{0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60, 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C}; Octet16 t = aes_cmac(salt, w, OCTET32_LEN); Octet16 t = aes_cmac(salt, w, kOctet32Length); // VLOG(1) << "T=" << HexEncode(t.data(), t.size()); Loading @@ -99,8 +103,9 @@ void f5(uint8_t* w, const Octet16& n1, const Octet16& n2, uint8_t* a1, uint8_t* Octet16 f6(const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, uint8_t* iocap, uint8_t* a1, uint8_t* a2) { const uint8_t msg_len = OCTET16_LEN /* N1 size */ + OCTET16_LEN /* N2 size */ + OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ + 7 /* A2 size*/; const uint8_t msg_len = kOctet16Length /* N1 size */ + kOctet16Length /* N2 size */ + kOctet16Length /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ + 7 /* A2 size*/; // VLOG(1) << __func__ << "W=" << HexEncode(w.data(), w.size()) << ", N1=" << // HexEncode(n1.data(), n1.size()) Loading @@ -122,18 +127,18 @@ f6(const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, uin } uint32_t g2(uint8_t* u, uint8_t* v, const Octet16& x, const Octet16& y) { constexpr size_t msg_len = OCTET32_LEN /* U size */ + OCTET32_LEN /* V size */ + OCTET16_LEN /* Y size */; constexpr size_t msg_len = kOctet32Length /* U size */ + kOctet32Length /* V size */ + kOctet16Length /* Y size */; // VLOG(1) << __func__ << "U=" << HexEncode(u, OCTET32_LEN) << ", V=" << HexEncode(v, // OCTET32_LEN) // VLOG(1) << __func__ << "U=" << HexEncode(u, kOctet32Length) << ", V=" << HexEncode(v, // kOctet32Length) // << ", X=" << HexEncode(x.data(), x.size()) << ", Y=" << HexEncode(y.data(), y.size()); std::array<uint8_t, msg_len> msg; auto it = msg.begin(); it = std::copy(y.begin(), y.end(), it); it = std::copy(v, v + OCTET32_LEN, it); it = std::copy(u, u + OCTET32_LEN, it); it = std::copy(v, v + kOctet32Length, it); it = std::copy(u, u + kOctet32Length, it); Octet16 cmac = aes_cmac(x, msg.data(), msg.size()); Loading Loading @@ -191,7 +196,7 @@ Octet16 c1( it = std::copy(preq, preq + 7, it); it = std::copy(pres, pres + 7, it); for (uint8_t i = 0; i < OCTET16_LEN; i++) { for (uint8_t i = 0; i < kOctet16Length; i++) { p1[i] = r[i] ^ p1[i]; } Loading @@ -204,7 +209,7 @@ Octet16 c1( it = std::copy(ia, ia + 6, it); it = std::copy(padding.begin(), padding.end(), it); for (uint8_t i = 0; i < OCTET16_LEN; i++) { for (uint8_t i = 0; i < kOctet16Length; i++) { p2[i] = p1bis[i] ^ p2[i]; } Loading
system/gd/crypto_toolbox/crypto_toolbox.h +32 −30 Original line number Diff line number Diff line Loading @@ -26,65 +26,67 @@ namespace bluetooth { namespace crypto_toolbox { constexpr int OCTET16_LEN = hci::kOctet16Length; using Octet16 = hci::Octet16; Octet16 c1( const Octet16& k, const Octet16& r, hci::Octet16 c1( const hci::Octet16& k, const hci::Octet16& r, const uint8_t* pres, const uint8_t* preq, const uint8_t iat, const uint8_t* ia, const uint8_t rat, const uint8_t* ra); Octet16 s1(const Octet16& k, const Octet16& r1, const Octet16& r2); hci::Octet16 s1(const hci::Octet16& k, const hci::Octet16& r1, const hci::Octet16& r2); Octet16 aes_128(const Octet16& key, const Octet16& message); Octet16 aes_cmac(const Octet16& key, const uint8_t* message, uint16_t length); Octet16 f4(uint8_t* u, uint8_t* v, const Octet16& x, uint8_t z); hci::Octet16 aes_128(const hci::Octet16& key, const hci::Octet16& message); hci::Octet16 aes_cmac(const hci::Octet16& key, const uint8_t* message, uint16_t length); hci::Octet16 f4(uint8_t* u, uint8_t* v, const hci::Octet16& x, uint8_t z); void f5( uint8_t* w, const Octet16& n1, const Octet16& n2, const hci::Octet16& n1, const hci::Octet16& n2, uint8_t* a1, uint8_t* a2, Octet16* mac_key, Octet16* ltk); Octet16 f6( const Octet16& w, const Octet16& n1, const Octet16& n2, const Octet16& r, hci::Octet16* mac_key, hci::Octet16* ltk); hci::Octet16 f6( const hci::Octet16& w, const hci::Octet16& n1, const hci::Octet16& n2, const hci::Octet16& r, uint8_t* iocap, uint8_t* a1, uint8_t* a2); Octet16 h6(const Octet16& w, std::array<uint8_t, 4> keyid); Octet16 h7(const Octet16& salt, const Octet16& w); uint32_t g2(uint8_t* u, uint8_t* v, const Octet16& x, const Octet16& y); Octet16 ltk_to_link_key(const Octet16& ltk, bool use_h7); Octet16 link_key_to_ltk(const Octet16& link_key, bool use_h7); hci::Octet16 h6(const hci::Octet16& w, std::array<uint8_t, 4> keyid); hci::Octet16 h7(const hci::Octet16& salt, const hci::Octet16& w); uint32_t g2(uint8_t* u, uint8_t* v, const hci::Octet16& x, const hci::Octet16& y); hci::Octet16 ltk_to_link_key(const hci::Octet16& ltk, bool use_h7); hci::Octet16 link_key_to_ltk(const hci::Octet16& link_key, bool use_h7); /* This function computes AES_128(key, message). |key| must be 128bit. * |message| can be at most 16 bytes long, it's length in bytes is given in * |length| */ inline Octet16 aes_128(const Octet16& key, const uint8_t* message, const uint8_t length) { inline hci::Octet16 aes_128(const hci::Octet16& key, const uint8_t* message, const uint8_t length) { // CHECK(length <= OCTET16_LEN) << "you tried aes_128 more than 16 bytes!"; Octet16 msg{0}; hci::Octet16 msg{0}; std::copy(message, message + length, msg.begin()); return aes_128(key, msg); } // |tlen| - lenth of mac desired // |p_signature| - data pointer to where signed data to be stored, tlen long. inline void aes_cmac(const Octet16& key, const uint8_t* message, uint16_t length, uint16_t tlen, uint8_t* p_signature) { Octet16 signature = aes_cmac(key, message, length); inline void aes_cmac( const hci::Octet16& key, const uint8_t* message, uint16_t length, uint16_t tlen, uint8_t* p_signature) { hci::Octet16 signature = aes_cmac(key, message, length); uint8_t* p_mac = signature.data() + (OCTET16_LEN - tlen); uint8_t* p_mac = signature.data() + (hci::kOctet16Length - tlen); memcpy(p_signature, p_mac, tlen); } inline Octet16 aes_cmac(const Octet16& key, const Octet16& message) { inline hci::Octet16 aes_cmac(const hci::Octet16& key, const hci::Octet16& message) { return aes_cmac(key, message.data(), message.size()); } Loading
system/gd/crypto_toolbox/crypto_toolbox_test.cc +4 −1 Original line number Diff line number Diff line Loading @@ -23,9 +23,12 @@ #include <vector> #include "crypto_toolbox/aes.h" #include "hci/octets.h" namespace bluetooth { namespace crypto_toolbox { using hci::kOctet16Length; using hci::Octet16; // BT Spec 5.0 | Vol 3, Part H D.1 TEST(CryptoToolboxTest, bt_spec_test_d_1_test) { Loading @@ -41,7 +44,7 @@ TEST(CryptoToolboxTest, bt_spec_test_d_1_test) { aes_set_key(k, sizeof(k), &ctx); aes_encrypt(m, output, &ctx); /* outputs in byte 48 to byte 63 */ EXPECT_TRUE(memcmp(output, aes_cmac_k_m, OCTET16_LEN) == 0); EXPECT_TRUE(memcmp(output, aes_cmac_k_m, kOctet16Length) == 0); // useful for debugging // LOG(INFO) << "k " << base::HexEncode(k, OCTET16_LEN); Loading
system/gd/hci/acl_manager.cc +2 −4 Original line number Diff line number Diff line Loading @@ -19,12 +19,10 @@ #include <atomic> #include <future> #include <mutex> #include <set> #include "common/bidi_queue.h" #include "hci/acl_manager/acl_scheduler.h" #include "hci/acl_manager/classic_impl.h" #include "hci/acl_manager/connection_management_callbacks.h" #include "hci/acl_manager/le_acceptlist_callbacks.h" #include "hci/acl_manager/le_acl_connection.h" #include "hci/acl_manager/le_impl.h" Loading Loading @@ -280,7 +278,7 @@ void AclManager::SetPrivacyPolicyForInitiatorAddress( AddressWithType fixed_address, std::chrono::milliseconds minimum_rotation_time, std::chrono::milliseconds maximum_rotation_time) { crypto_toolbox::Octet16 rotation_irk{}; Octet16 rotation_irk{}; auto irk_prop = GetDependency<storage::StorageModule>()->GetProperty("Adapter", "LE_LOCAL_KEY_IRK"); if (irk_prop.has_value()) { Loading @@ -303,7 +301,7 @@ void AclManager::SetPrivacyPolicyForInitiatorAddress( void AclManager::SetPrivacyPolicyForInitiatorAddressForTest( LeAddressManager::AddressPolicy address_policy, AddressWithType fixed_address, crypto_toolbox::Octet16 rotation_irk, Octet16 rotation_irk, std::chrono::milliseconds minimum_rotation_time, std::chrono::milliseconds maximum_rotation_time) { CallOn( Loading
