Merge "Crypto: Always call aes_128 with Octet16" into main (d2e05fec) · Commits · e / os / android_packages_modules_Bluetooth

system/bta/csis/csis_types.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -490,15 +490,15 @@ class CsisGroup {
		* Resolving Key \|sirk\| */
		static bool is_rsi_match_sirk(const RawAddress& rsi, const Octet16& sirk) {
		/* use the 3 MSB of bd address as prand */
		uint8_t rand[3];
		Octet16 rand{};
		rand[0] = rsi.address[2];
		rand[1] = rsi.address[1];
		rand[2] = rsi.address[0];
		DLOG(INFO) << "Prand " << base::HexEncode(rand, 3);
		DLOG(INFO) << "Prand " << base::HexEncode(rand.data(), 3);

		DLOG(INFO) << "SIRK " << base::HexEncode(sirk.data(), 16);
		/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
		Octet16 x = crypto_toolbox::aes_128(sirk, &rand[0], 3);
		Octet16 x = crypto_toolbox::aes_128(sirk, rand);

		DLOG(INFO) << "X" << base::HexEncode(x.data(), 16);

		@@ -506,7 +506,7 @@ class CsisGroup {
		rand[1] = rsi.address[4];
		rand[2] = rsi.address[3];

		DLOG(INFO) << "Hash " << base::HexEncode(rand, 3);
		DLOG(INFO) << "Hash " << base::HexEncode(rand.data(), 3);

		if (memcmp(x.data(), &rand[0], 3) == 0) {
		// match

+6 −4

Original line number	Diff line number	Diff line
		@@ -2068,16 +2068,18 @@ static void btm_notify_new_key(uint8_t key_type) {
		static void btm_ble_reset_id_impl(const Octet16& rand1, const Octet16& rand2) {
		/* Regenerate Identity Root */
		btm_sec_cb.devcb.id_keys.ir = rand1;
		uint8_t btm_ble_dhk_pt = 0x03;
		Octet16 btm_ble_dhk_pt{};
		btm_ble_dhk_pt[0] = 0x03;

		/* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
		btm_sec_cb.devcb.id_keys.dhk =
		crypto_toolbox::aes_128(btm_sec_cb.devcb.id_keys.ir, &btm_ble_dhk_pt, 1);
		crypto_toolbox::aes_128(btm_sec_cb.devcb.id_keys.ir, btm_ble_dhk_pt);

		uint8_t btm_ble_irk_pt = 0x01;
		Octet16 btm_ble_irk_pt{};
		btm_ble_irk_pt[0] = 0x01;
		/* IRK = D1(IR, 1) */
		btm_sec_cb.devcb.id_keys.irk =
		crypto_toolbox::aes_128(btm_sec_cb.devcb.id_keys.ir, &btm_ble_irk_pt, 1);
		crypto_toolbox::aes_128(btm_sec_cb.devcb.id_keys.ir, btm_ble_irk_pt);

		btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);

+8 −4

Original line number	Diff line number	Diff line
		@@ -55,7 +55,11 @@ static RawAddress generate_rpa_from_irk_and_rand(const Octet16& irk,
		address.address[0] = random[2];

		/* encrypt with IRK */
		Octet16 p = crypto_toolbox::aes_128(irk, random, 3);
		Octet16 r{};
		r[0] = random[0];
		r[1] = random[1];
		r[2] = random[2];
		Octet16 p = crypto_toolbox::aes_128(irk, r);

		/* set hash to be LSB of rpAddress */
		address.address[5] = p[0];
		@@ -120,19 +124,19 @@ bool btm_ble_init_pseudo_addr(tBTM_SEC_DEV_REC* p_dev_rec,
		* Resolving Key \|irk\| */
		static bool rpa_matches_irk(const RawAddress& rpa, const Octet16& irk) {
		/* use the 3 MSB of bd address as prand */
		uint8_t rand[3];
		Octet16 rand{};
		rand[0] = rpa.address[2];
		rand[1] = rpa.address[1];
		rand[2] = rpa.address[0];

		/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
		Octet16 x = crypto_toolbox::aes_128(irk, &rand[0], 3);
		Octet16 x = crypto_toolbox::aes_128(irk, rand);

		rand[0] = rpa.address[5];
		rand[1] = rpa.address[4];
		rand[2] = rpa.address[3];

		if (memcmp(x.data(), &rand[0], 3) == 0) {
		if (memcmp(x.data(), rand.data(), 3) == 0) {
		// match
		return true;
		}

+3 −3

Original line number	Diff line number	Diff line
		@@ -109,8 +109,8 @@ static Octet16 cmac_aes_k_calculate(const Octet16& key) {
		/* Mi' := Mi (+) X */
		xor_128((Octet16)&cmac_cb.text[(cmac_cb.round - i) OCTET16_LEN], x);

		output = aes_128(key, &cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN],
		OCTET16_LEN);
		output = aes_128(
		key, (Octet16)&cmac_cb.text[(cmac_cb.round - i) * OCTET16_LEN]);
		x = output;
		i++;
		}
		@@ -143,7 +143,7 @@ static void cmac_prepare_last_block(const Octet16& k1, const Octet16& k2) {
		*/
		static void cmac_generate_subkey(const Octet16& key) {
		Octet16 zero{};
		Octet16 p = aes_128(key, zero.data(), OCTET16_LEN);
		Octet16 p = aes_128(key, zero);

		Octet16 k1, k2;
		uint8_t* pp = p.data();

+0 −11

Original line number	Diff line number	Diff line
		@@ -37,17 +37,6 @@ uint32_t g2(const uint8_t* u, const uint8_t* v, const Octet16& x,
		Octet16 ltk_to_link_key(const Octet16& ltk, bool use_h7);
		Octet16 link_key_to_ltk(const Octet16& link_key, bool use_h7);

		/* This function computes AES_128(key, message). \|key\| must be 128bit.
		* \|message\| can be at most 16 bytes long, it's length in bytes is given in
		* \|length\| */
		inline Octet16 aes_128(const Octet16& key, const uint8_t* message,
		const uint8_t length) {
		CHECK(length <= OCTET16_LEN) << "you tried aes_128 more than 16 bytes!";
		Octet16 msg{0};
		std::copy(message, message + length, msg.begin());
		return aes_128(key, msg);
		}

		// \|tlen\| - lenth of mac desired
		// \|p_signature\| - data pointer to where signed data to be stored, tlen long.
		inline void aes_cmac(const Octet16& key, const uint8_t* message,