From patchwork Thu Dec 22 22:43:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 636404 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC40CC4332F for ; Thu, 22 Dec 2022 22:43:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229976AbiLVWng (ORCPT ); Thu, 22 Dec 2022 17:43:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229783AbiLVWne (ORCPT ); Thu, 22 Dec 2022 17:43:34 -0500 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C64F0EBE for ; Thu, 22 Dec 2022 14:43:32 -0800 (PST) Received: by mail-pg1-x533.google.com with SMTP id f9so2229589pgf.7 for ; Thu, 22 Dec 2022 14:43:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=FREv2B+vzQnAcYjD62du1FNguIros7B8DOElyGaLYug=; b=JdBHurtsexgb6mf1WSLcvnWmwstFW1R/w1s29adGbYHnS3+xRw+NOLwBiXNW7kbZk+ pFtNlEGf658K2H9uBGp/LWoOCEZ9W7uN00vJETpTCsn0xurUS9JAlrlafkiAWnHW/srf TbsIx5HSB3883cOsqMM1LeigZvLG5j1aCY3oBbCLqyWwNq6fZZpnUll2u7EbWxS4xQI3 yzvstNMTDw4liq4MeoZcepyyDfr+DeUaYfVvP89a9ONDdpB3hhogenQp+wuFL8o2tAFE Vu2aP2S1r0OgMo4TcsA+UpB0jdDHCpBBGm9Glvh612LnaqrO+gwoQDhIHiSzFNT8INAb AYFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FREv2B+vzQnAcYjD62du1FNguIros7B8DOElyGaLYug=; b=LYd0AqCGnJ+n37AiCJ2SJDn9fkqt4hrKYhnIPPO3hduoIaeOr/8Y0P8l0h5eH0RSnd eC+V9r0x/Aj1pXTCwL17DYR5E9XOa8gmluHDGYSp/tO+NRdNUNc4HfFY2DyGRP88JGrW zDomdHssT7+vbflbtibnMl3Y0rJkpB36DHqecVBtUViH7idYLGAifMQ/nji7VH1XnECJ 0qvUivf4qt4Or8S853du1i2V6gfq28IPJmpI+e1A5EjxJ/BALc+gzXgnGpphN9E2IgXq 3Q9GLmN2QLaZwT8mQql+BKlaOXlAxOmyr9+cHMgMPvjpyMZfmyNh6PknGUEcRy61f2Bp 023Q== X-Gm-Message-State: AFqh2kr77qnqiO/qzDT2qMMTiaxhzPvxPdey+DJQrenQvVcGQ0QrwT8Q fqJ94joqshqNRhTsjME+MYKnKLXeYFUExQ== X-Google-Smtp-Source: AMrXdXudJxkBSEdpSSTcvxWEzdLA5FuxMxXVDVaQUZ9BvuNegHGFzjpV/jlresJjZUYEbTM5NfXCsg== X-Received: by 2002:a05:6a00:a07:b0:580:9431:1b1a with SMTP id p7-20020a056a000a0700b0058094311b1amr333445pfh.5.1671749011755; Thu, 22 Dec 2022 14:43:31 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f6-20020aa79d86000000b0056bbeaa82b9sm1187546pfq.113.2022.12.22.14.43.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 14:43:31 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 1/5] shared/crypto: Adds bt_crypto_sih Date: Thu, 22 Dec 2022 14:43:25 -0800 Message-Id: <20221222224329.685837-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This adds bt_crypto_sih is is used to create a hash as stated on CSIS[1] spec: '4.7. Resolvable Set Identifier hash function sih' https://www.bluetooth.com/specifications/csis-1-0-1/ --- src/shared/crypto.c | 36 ++++++++++++++++++++++++++++++++++++ src/shared/crypto.h | 2 ++ 2 files changed, 38 insertions(+) diff --git a/src/shared/crypto.c b/src/shared/crypto.c index d5efa416dd99..f164ba69d2a5 100644 --- a/src/shared/crypto.c +++ b/src/shared/crypto.c @@ -737,3 +737,39 @@ bool bt_crypto_gatt_hash(struct bt_crypto *crypto, struct iovec *iov, return true; } + +/* + * Resolvable Set Identifier hash function sih + * + * The RSI hash function sih is used to generate a hash value that is used in + * RSIs. + * + * The following variables are the inputs to the RSI hash function sih: + * + * k is 128 bits + * r is 24 bits + * padding is 104 bits, all set to 0 + * + * r is concatenated with padding to generate r', which is used as the 128-bit + * input parameter plaintextData to security function e: + * + * r'=padding||r + * + * The LSO of r becomes the LSO of r', and the MSO of padding becomes the MSO + * of r'. + * + * For example, if the 24-bit value r is 0x3A98B5, then r' is + * 0x000000000000000000000000003A98B5. + * + * The output of the Resolvable Set Identifier function sih is: + * + * sih(k, r)=e(k, r') mod 2^24 + * + * The output of the security function e is truncated to 24 bits by taking the + * least significant 24 bits of the output of e as the result of sih. + */ +bool bt_crypto_sih(struct bt_crypto *crypto, const uint8_t k[16], + const uint8_t r[3], uint8_t hash[3]) +{ + return bt_crypto_ah(crypto, k, r, hash); +} diff --git a/src/shared/crypto.h b/src/shared/crypto.h index 356326d75408..fca52e38e5e2 100644 --- a/src/shared/crypto.h +++ b/src/shared/crypto.h @@ -53,3 +53,5 @@ bool bt_crypto_verify_att_sign(struct bt_crypto *crypto, const uint8_t key[16], const uint8_t *pdu, uint16_t pdu_len); bool bt_crypto_gatt_hash(struct bt_crypto *crypto, struct iovec *iov, size_t iov_len, uint8_t res[16]); +bool bt_crypto_sih(struct bt_crypto *crypto, const uint8_t k[16], + const uint8_t r[3], uint8_t hash[3]); From patchwork Thu Dec 22 22:43:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 636064 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89FD4C3DA7A for ; Thu, 22 Dec 2022 22:43:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229982AbiLVWni (ORCPT ); Thu, 22 Dec 2022 17:43:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229840AbiLVWne (ORCPT ); Thu, 22 Dec 2022 17:43:34 -0500 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 065AE5F98 for ; Thu, 22 Dec 2022 14:43:34 -0800 (PST) Received: by mail-pg1-x531.google.com with SMTP id v3so2236493pgh.4 for ; Thu, 22 Dec 2022 14:43:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iw+r5Narpa4DdlfzmvlvH1UwTk5c6dLIcrTnhMGzjKg=; b=laoumNqjvqBA1hlzPdTEjKaGoo3cZaxVcc/SvI6/TBMyxAluORt8L9/GG+bdIaBjss 4voej20Te+XXrMFYnFXtN1cM0j28jL1tcXb8TH4nTcN032EAsDunsInVTZs9xbe9nSmo uzO3RTaDf7QD7gsHqviCviTPtr+fuQQGHiiHXA2WF5Ssgl54ckA/ANj41UoZiYxevajM 768bb7Oe9uBtJanIBy/kR6ATE23UpRGNonlJuEWMFMGYXFRATKN1aDcAm5Xbk7EYTHGd XbZqpeY7FfthjmNNMk3YWdlHpCxeZTUIBStogDW4bjuhzb3aSI/ep6+us/tqyLxzqG6m ISmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iw+r5Narpa4DdlfzmvlvH1UwTk5c6dLIcrTnhMGzjKg=; b=crrFNHviRm+37GfuSjFygaRJ6tJXQI9YrEXgmPZObs04p42d+Lzhi10PwCg5FexN5w eGwpsZi27EPMIn0oCMu5s7DOWuhb2j2BT+1ccyURSEeoBRpQHDxbrQbQvl1glRyvAQ5n zYTUOc2DJxANO/j2f88dz3vVX/2EONrVBQZ2Xu8wpaFi+rNyxD+Ahjz2sFP+2tVKJ8wX TL/uOAE8zflmzzUiX0r7syHO2gOrrhCblXY/5ZsZ1NiSvZ5FgHSunG9VUtybxuCjO+h1 2PCuVF7NJkNi0ZNAR2VPvZ8p1OZtGySdX7fCXZpnFqMZTldamUtkhhax0PpCrnk8tJzs /Iiw== X-Gm-Message-State: AFqh2kr3hgxJTt1sY8pVWxXoTObbZzx6Tfj4JTq00esEigFYxHLtdBFA phY4uQ2x42EOJW+K6ria4C06KNONoofSDA== X-Google-Smtp-Source: AMrXdXv+GkPPnHSQg878FRsf+t+Q6o8w0mjvR0djy7Hb2Qy6h70dVpLZLlzffLBjGC+A4A9aoq0eMA== X-Received: by 2002:a62:1ec7:0:b0:56d:1e00:f078 with SMTP id e190-20020a621ec7000000b0056d1e00f078mr7419470pfe.32.1671749012881; Thu, 22 Dec 2022 14:43:32 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f6-20020aa79d86000000b0056bbeaa82b9sm1187546pfq.113.2022.12.22.14.43.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 14:43:32 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 2/5] test-crypto: Add /crypto/sih test Date: Thu, 22 Dec 2022 14:43:26 -0800 Message-Id: <20221222224329.685837-2-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221222224329.685837-1-luiz.dentz@gmail.com> References: <20221222224329.685837-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This adds test /crypto/sih which validas the implementation of bt_crypto_sih using the sample data from CSIS[1] spec: A.1. sih Resolvable Set Identifier hash function > unit/test-crypto -s "/crypto/sih" K: cd cc 72 dd 86 8c cd ce 22 fd a1 21 09 7d 7d 45 ..r....."..!.}}E R: 63 f5 69 c.i Expected: da 48 19 .H. Result: da 48 19 .H. [1] https://www.bluetooth.com/specifications/csis-1-0-1/ --- unit/test-crypto.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/unit/test-crypto.c b/unit/test-crypto.c index 3a88b4a52b47..b5404d542af3 100644 --- a/unit/test-crypto.c +++ b/unit/test-crypto.c @@ -311,6 +311,40 @@ static void test_verify_sign(gconstpointer data) tester_test_passed(); } +static void test_sih(const void *data) +{ + const uint8_t k[16] = { + 0xcd, 0xcc, 0x72, 0xdd, 0x86, 0x8c, 0xcd, 0xce, + 0x22, 0xfd, 0xa1, 0x21, 0x09, 0x7d, 0x7d, 0x45 }; + const uint8_t r[3] = { 0x63, 0xf5, 0x69 }; + const uint8_t exp[3] = { 0xda, 0x48, 0x19 }; + uint8_t hash[3]; + + tester_debug("K:"); + util_hexdump(' ', k, 16, print_debug, NULL); + + tester_debug("R:"); + util_hexdump(' ', r, 3, print_debug, NULL); + + if (!bt_crypto_sih(crypto, k, r, hash)) { + tester_test_failed(); + return; + } + + tester_debug("Expected:"); + util_hexdump(' ', exp, 3, print_debug, NULL); + + tester_debug("Result:"); + util_hexdump(' ', hash, 3, print_debug, NULL); + + if (memcmp(hash, exp, 3)) { + tester_test_failed(); + return; + } + + tester_test_passed(); +} + int main(int argc, char *argv[]) { int exit_status; @@ -337,6 +371,7 @@ int main(int argc, char *argv[]) NULL, test_verify_sign, NULL); tester_add("/crypto/verify_sign_too_short", &verify_sign_too_short_data, NULL, test_verify_sign, NULL); + tester_add("/crypto/sih", NULL, NULL, test_sih, NULL); exit_status = tester_run(); From patchwork Thu Dec 22 22:43:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 636403 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35497C4332F for ; Thu, 22 Dec 2022 22:43:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230025AbiLVWnj (ORCPT ); Thu, 22 Dec 2022 17:43:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229974AbiLVWng (ORCPT ); Thu, 22 Dec 2022 17:43:36 -0500 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CCFCA454 for ; Thu, 22 Dec 2022 14:43:35 -0800 (PST) Received: by mail-pf1-x431.google.com with SMTP id t18so2161526pfq.13 for ; Thu, 22 Dec 2022 14:43:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SHaWOlOm7jgNY7jeaRPYb+rl9KCBQx+25Z+0YLymEv4=; b=lM76fjfoOHBpmQmedOCp1dLnEuZp2/vpAZSqVmPL9g7KHiZnGcjdSKY9O9xzKILuJ2 lFDlfW+Ssj/EZcs7jRHjdtDcYMoAFqvC8EHlMsMPbNeksPEiEQjK7g4NgAn0+3I55Y/v fs3BvK9/N/+AQAFY5d/cMxK9KzoHDwkewsupC7rEG9hlUUoilb3U7aIkmx1/6Nd0ANKr XolVOgIbQOnMJ5hErarIDtelZ4y/wsu8BX1fR/8uJd3AasMWGTT0mJOusK1q+33oYane if0wWtc0+gjzdBy7/vAQ93pM+SbBtX+PtCAsFWiC21rwnXI454pu/cpUWjFQHnQQZYNT jweQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SHaWOlOm7jgNY7jeaRPYb+rl9KCBQx+25Z+0YLymEv4=; b=2yOedmp0HwCqdL17MNrlqQP2fl0O+gkkvFVucvb7SYLfrMnOC5qUR9zkQ4Q84NqYod jX/KFq9xYW4UzDJitWTHBNs7lWVCq3CleyRRje48VX5JTO8l7MDPvAbBZGCjOUYxTZdF QQKiK5J1QS/Q/rrW5DuAS/ZbT67OkcRzwPTr5LsoTQvZPVLm/HSYYui/U+kxkWxW+Yx9 W070kqAKq+V4zuQwTus7uVYrmMVeRNYv0c7701i3cFvX9XE4D++Yo33hk+lJqyeyUs3H VYK0i/kSY9UzzV9x6tQ3XOnclwZZgxmxIjE1LRUbWFYqg7TsRnPuvRR8YE1/W3dNxX3F t1Lg== X-Gm-Message-State: AFqh2krNZK+wf5+MEEQHdc6FcTU7jxJyNz8IJttM2e6zjrZKg7+0MQx2 hvBsVckDGeO3npUWTMKO5iFYRvV34ug3vQ== X-Google-Smtp-Source: AMrXdXsibb5azhZTaBJ/o/bpKNU+koRdqxkqdKGnCWs4+SchEzFpLsS8G0xMrC+oklBoW55aP0ZYQQ== X-Received: by 2002:a62:f20f:0:b0:56b:b890:6ccd with SMTP id m15-20020a62f20f000000b0056bb8906ccdmr7967779pfh.4.1671749014058; Thu, 22 Dec 2022 14:43:34 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f6-20020aa79d86000000b0056bbeaa82b9sm1187546pfq.113.2022.12.22.14.43.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 14:43:33 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 3/5] shared/crypto: Adds bt_crypto_sef Date: Thu, 22 Dec 2022 14:43:27 -0800 Message-Id: <20221222224329.685837-3-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221222224329.685837-1-luiz.dentz@gmail.com> References: <20221222224329.685837-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This adds bt_crypto_sef is is used to create a hash as stated on CSIS spec: '4.5. SIRK encryption function sef' https://www.bluetooth.com/specifications/csis-1-0-1/ --- src/shared/crypto.c | 171 +++++++++++++++++++++++++++++++++++++++++--- src/shared/crypto.h | 2 + 2 files changed, 164 insertions(+), 9 deletions(-) diff --git a/src/shared/crypto.c b/src/shared/crypto.c index f164ba69d2a5..4cb2ea857ea8 100644 --- a/src/shared/crypto.c +++ b/src/shared/crypto.c @@ -586,41 +586,55 @@ bool bt_crypto_s1(struct bt_crypto *crypto, const uint8_t k[16], return bt_crypto_e(crypto, k, res, res); } -static bool aes_cmac(struct bt_crypto *crypto, const uint8_t key[16], +static bool aes_cmac_be(struct bt_crypto *crypto, const uint8_t key[16], const uint8_t *msg, size_t msg_len, uint8_t res[16]) { - uint8_t key_msb[16], out[16], msg_msb[CMAC_MSG_MAX]; ssize_t len; int fd; if (msg_len > CMAC_MSG_MAX) return false; - swap_buf(key, key_msb, 16); - fd = alg_new(crypto->cmac_aes, key_msb, 16); + fd = alg_new(crypto->cmac_aes, key, 16); if (fd < 0) return false; - swap_buf(msg, msg_msb, msg_len); - len = send(fd, msg_msb, msg_len, 0); + len = send(fd, msg, msg_len, 0); if (len < 0) { close(fd); return false; } - len = read(fd, out, 16); + len = read(fd, res, 16); if (len < 0) { close(fd); return false; } - swap_buf(out, res, 16); - close(fd); return true; } +static bool aes_cmac(struct bt_crypto *crypto, const uint8_t key[16], + const uint8_t *msg, size_t msg_len, uint8_t res[16]) +{ + uint8_t key_msb[16], out[16], msg_msb[CMAC_MSG_MAX]; + + if (msg_len > CMAC_MSG_MAX) + return false; + + swap_buf(key, key_msb, 16); + swap_buf(msg, msg_msb, msg_len); + + if (!aes_cmac_be(crypto, key_msb, msg_msb, msg_len, out)) + return false; + + swap_buf(out, res, 16); + + return true; +} + bool bt_crypto_f4(struct bt_crypto *crypto, uint8_t u[32], uint8_t v[32], uint8_t x[16], uint8_t z, uint8_t res[16]) { @@ -773,3 +787,142 @@ bool bt_crypto_sih(struct bt_crypto *crypto, const uint8_t k[16], { return bt_crypto_ah(crypto, k, r, hash); } + +static bool aes_cmac_zero(struct bt_crypto *crypto, const uint8_t *msg, + size_t msg_len, uint8_t res[16]) +{ + const uint8_t zero[16] = {}; + + return aes_cmac_be(crypto, zero, msg, msg_len, res); +} + +/* The inputs to function s1 are: + * + * M is a non-zero length octet array or ASCII encoded string + * + * If M is an ASCII encoded string, M shall be converted into an integer number + * by replacing each string character with its ASCII code preserving the order. + * For example, if M is the string “CSIS”, M is converted into the integer + * number: 0x4353 4953. + * + * ZERO is the 128-bit value: + * + * 0x0000 0000 0000 0000 0000 0000 0000 0000 + * + * The output of the salt generation function s1 shall be calculated as follows: + * + * s1(M)=AES‐CMACZERO(M) + * + * Where AES-CMACZERO is the CMAC function defined in Section 4.2. + */ +static bool sef_s1(struct bt_crypto *crypto, const uint8_t *m, + size_t m_len, uint8_t res[16]) +{ + /* s1(M)=AES‐CMACZERO(M) */ + return aes_cmac_zero(crypto, m, m_len, res); +} + +/* The key derivation function k1 is used to derive a key. The derived key is + * used to encrypt and decrypt the value of the Set Identity Resolving Key + * characteristic (see Section 5.1). + * + * The definition of this key generation function uses the MAC function + * AES-CMACT with a 128-bit key T. + * + * The inputs to function k1 are: + * + * N is 0 or more octets + * + * SALT is 128 bits + * + * P is 0 or more octets + * + * The key (T) shall be computed as follows: + * + * T=AES‐CMACSALT(N) + * + * Where AES-CMACSALT is the CMAC function defined in Section 4.2. + * + * The output of the key generation function k1 shall be calculated as follows: + * + * k1(N, SALT, P)=AES‐CMACT(P) + * + * Where AES-CMACT is the CMAC function defined in Section 4.2. + */ +static bool sef_k1(struct bt_crypto *crypto, const uint8_t n[16], + uint8_t salt[16], const uint8_t *p, + size_t p_len, uint8_t res[16]) +{ + uint8_t res1[16]; + + /* T=AES‐CMACSALT(N) */ + if (!aes_cmac_be(crypto, salt, n, 16, res1)) + return false; + + /* k1(N, SALT, P)=AES‐CMACT(P) */ + return aes_cmac_be(crypto, res1, p, p_len, res); +} + +/* + * SIRK encryption function sef + * + * The SIRK encryption function sef shall be used by the server to encrypt the + * SIRK with a key K. The value of K depends on the transport on which the Set + * Identity Resolving Key characteristic is read or notified. + * + * If the Set Identity Resolving Key characteristic is read or notified on the + * Basic Rate/Enhanced Data Rate (BR/EDR) transport, K shall be equal to the + * Link Key shared by the server and the client. + * + * K=LinkKey + * + * If the Set Identity Resolving Key characteristic is read or notified on the + * Bluetooth Low Energy (LE) transport, K shall be equal to the LTK shared by + * the server and client. That is, + * + * K=LTK + * + * The inputs to the function sef are: + * + * K is the key defined above in this section + * + * SIRK is the value of the SIRK to be encrypted + * + * The output of the SIRK encryption function sef is as follows: + * + * sef(K, SIRK)=k1(K, s1(“SIRKenc”), “csis”)^SIRK + * + * Where ^ is the bitwise exclusive or operation. + */ +bool bt_crypto_sef(struct bt_crypto *crypto, const uint8_t k[16], + const uint8_t sirk[16], uint8_t out[16]) +{ + const uint8_t m[] = {'S', 'I', 'R', 'K', 'e', 'n', 'c'}; + const uint8_t p[] = {'c', 's', 'i', 's'}; + uint8_t k_msb[16]; + uint8_t salt[16]; + uint8_t res_msb[16]; + uint8_t res[16]; + + if (!crypto) + return false; + + /* salt = s1(“SIRKenc”) */ + if (!sef_s1(crypto, m, sizeof(m), salt)) + return false; + + /* Convert K to MSB/BE format */ + swap_buf(k, k_msb, 16); + + /* res_msb = k1(K, salt, “csis”) */ + if (!sef_k1(crypto, k_msb, salt, p, sizeof(p), res_msb)) + return false; + + /* Convert back to LSB/LE format */ + swap_buf(res_msb, res, 16); + + /* res^SIRK */ + u128_xor(res, sirk, out); + + return true; +} diff --git a/src/shared/crypto.h b/src/shared/crypto.h index fca52e38e5e2..fc1ba0c4feeb 100644 --- a/src/shared/crypto.h +++ b/src/shared/crypto.h @@ -53,5 +53,7 @@ bool bt_crypto_verify_att_sign(struct bt_crypto *crypto, const uint8_t key[16], const uint8_t *pdu, uint16_t pdu_len); bool bt_crypto_gatt_hash(struct bt_crypto *crypto, struct iovec *iov, size_t iov_len, uint8_t res[16]); +bool bt_crypto_sef(struct bt_crypto *crypto, const uint8_t k[16], + const uint8_t sirk[16], uint8_t out[16]); bool bt_crypto_sih(struct bt_crypto *crypto, const uint8_t k[16], const uint8_t r[3], uint8_t hash[3]); From patchwork Thu Dec 22 22:43:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 636063 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 850A4C3DA7A for ; Thu, 22 Dec 2022 22:43:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235120AbiLVWnl (ORCPT ); Thu, 22 Dec 2022 17:43:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229918AbiLVWnh (ORCPT ); Thu, 22 Dec 2022 17:43:37 -0500 Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED76D5F98 for ; Thu, 22 Dec 2022 14:43:36 -0800 (PST) Received: by mail-pg1-x530.google.com with SMTP id 78so2224587pgb.8 for ; Thu, 22 Dec 2022 14:43:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dM8sGE2SjkciM3MF8nF0v27r3EhD5DXOeLpZ9kBJUOI=; b=mu2Rxt0mPoOL01DX59tW3gutonzvUw+Lb7wzJvRBzI1mPGncviHmZrkH++s1H2AHUc usJQnlLf+6TJENOqUlSMaO3Lh4Rp8GPTPreH9ytkvxJqQNh7zuIKHrar+8sQvXSGlz+t WUX/HjXmJSiVnIGS2HeM+ukC30j4x/9CAYKToZx7wzafgUP/y9NGr6BQ4atWJqag2Ve8 mwbs8NVkURWbR63ZCgnTi3zBYpWbwHFTiXNPIJG4dHjInxM2YYrC2O4dRtKe6P/c4yhn d8fLRv0ww4uhM4XHSogvxryeE9iQqXIXkmQ1ATMKyt4u0KldxexHiKO3nT87yxfEIv5s 7Ozg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dM8sGE2SjkciM3MF8nF0v27r3EhD5DXOeLpZ9kBJUOI=; b=lh/efZ9Jy0QI71iY+jHlCjMJT11Jlhmwn/kkH3XAS63XnlQ9TqoWTFmPLZG3OUv1oI 35aXnjHW3N6q8uoW6x4CA9De9g3DsG6uQzkWf5hVl9KLlpfVtkdSNSqwtrwtfKfVvUDB eNK6JiVDS05F6Nx69te9bw3vmCjiM9RMyNlCvPNRsmIJvBF1+7yxnQkyiz/6LilfMphp yMMkEwPVIcc/0cTBmbcQP5K1gnBXF25NABZMqZDpXahewoNJdQmlT0MATbZrFgk75VV7 7NPJAx5JXFz+AAoj/pz3v4lwsE56D7+SOk9n3soPJcqq8vUZ/cQSjLj3foFTzTtCtNHJ 0gdQ== X-Gm-Message-State: AFqh2kpwlPZ3kUCGQzmGEbHhZMwFWmMAl3ZSA2LKL0Z5WLcml2jhD0Su VbeWOZ9PXMA21FyxvScMRGf1Fhq0TJdBKQ== X-Google-Smtp-Source: AMrXdXtoFWKkz55s6OZiVM2N1MBJHcwjUEzHecTpV4PDtu+cDz7WU7i1TD5bVRzxCiAj0fFOibj62g== X-Received: by 2002:a62:1456:0:b0:566:900d:466c with SMTP id 83-20020a621456000000b00566900d466cmr7926310pfu.6.1671749015384; Thu, 22 Dec 2022 14:43:35 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f6-20020aa79d86000000b0056bbeaa82b9sm1187546pfq.113.2022.12.22.14.43.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 14:43:34 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 4/5] test-crypto: Add /crypto/sef test Date: Thu, 22 Dec 2022 14:43:28 -0800 Message-Id: <20221222224329.685837-4-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221222224329.685837-1-luiz.dentz@gmail.com> References: <20221222224329.685837-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This adds test /crypto/sef which validas the implementation of bt_crypto_sef using the sample data from CSIS[1] spec: A.2. sef SIRK Encryption Function > unit/test-crypto -s "/crypto/sef" SIRK: cd cc 72 dd 86 8c cd ce 22 fd a1 21 09 7d 7d 45 ..r....."..!.}}E K: d9 ce e5 3c 22 c6 1e 06 6f 69 48 d4 9b 1b 6e 67 ...<"...oiH...ng Expected: 46 d3 5f f2 d5 62 25 7e a0 24 35 e1 35 38 0a 17 F._..b%~.$5.58.. Result: 46 d3 5f f2 d5 62 25 7e a0 24 35 e1 35 38 0a 17 F._..b%~.$5.58.. [1]https://www.bluetooth.com/specifications/csis-1-0-1/ --- unit/test-crypto.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/unit/test-crypto.c b/unit/test-crypto.c index b5404d542af3..8fd7bec8ea83 100644 --- a/unit/test-crypto.c +++ b/unit/test-crypto.c @@ -311,6 +311,44 @@ static void test_verify_sign(gconstpointer data) tester_test_passed(); } +static void test_sef(const void *data) +{ + const uint8_t sirk[16] = { + 0xcd, 0xcc, 0x72, 0xdd, 0x86, 0x8c, 0xcd, 0xce, + 0x22, 0xfd, 0xa1, 0x21, 0x09, 0x7d, 0x7d, 0x45 }; + const uint8_t k[16] = { + 0xd9, 0xce, 0xe5, 0x3c, 0x22, 0xc6, 0x1e, 0x06, + 0x6f, 0x69, 0x48, 0xd4, 0x9b, 0x1b, 0x6e, 0x67 }; + const uint8_t exp[16] = { + 0x46, 0xd3, 0x5f, 0xf2, 0xd5, 0x62, 0x25, 0x7e, + 0xa0, 0x24, 0x35, 0xe1, 0x35, 0x38, 0x0a, 0x17 }; + uint8_t res[16]; + + tester_debug("SIRK:"); + util_hexdump(' ', sirk, 16, print_debug, NULL); + + tester_debug("K:"); + util_hexdump(' ', k, 16, print_debug, NULL); + + if (!bt_crypto_sef(crypto, k, sirk, res)) { + tester_test_failed(); + return; + } + + tester_debug("Expected:"); + util_hexdump(' ', exp, 16, print_debug, NULL); + + tester_debug("Result:"); + util_hexdump(' ', res, 16, print_debug, NULL); + + if (memcmp(res, exp, 16)) { + tester_test_failed(); + return; + } + + tester_test_passed(); +} + static void test_sih(const void *data) { const uint8_t k[16] = { @@ -371,6 +409,7 @@ int main(int argc, char *argv[]) NULL, test_verify_sign, NULL); tester_add("/crypto/verify_sign_too_short", &verify_sign_too_short_data, NULL, test_verify_sign, NULL); + tester_add("/crypto/sef", NULL, NULL, test_sef, NULL); tester_add("/crypto/sih", NULL, NULL, test_sih, NULL); exit_status = tester_run(); From patchwork Thu Dec 22 22:43:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 636402 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 625EAC4167B for ; Thu, 22 Dec 2022 22:43:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230181AbiLVWnm (ORCPT ); Thu, 22 Dec 2022 17:43:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230034AbiLVWni (ORCPT ); Thu, 22 Dec 2022 17:43:38 -0500 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA59B5F7A for ; Thu, 22 Dec 2022 14:43:37 -0800 (PST) Received: by mail-pg1-x529.google.com with SMTP id b12so2229825pgj.6 for ; Thu, 22 Dec 2022 14:43:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9dhV8egEZU8cWS7ajuLRcKLQDgDZ98wBiHZ4g2Ri8EI=; b=Jy8gN1TEgkEd+0gaIZsXCnXzG/okrp3PJ0G8JWSNNECuz8CEe4BOMZpZudYH99bBL5 H6QIkJppW0n0Xt7lY+f1FSPDaJlLGfKhs3bykUf/wB1SZzUEyynsBDiZBLkL0ME5Ha9U FOTvV14nlXups5eOgsjy1E0hTqcRzyOdyNbappFF02lpeONp+//SQoP+WzgQ/Nt8GFIh txskIHYRkXtInQ624PdBOVn/yMobXk/Zv5R+he0tncw826CNXjLJpMxTnBa1G5ifx7SO bI4faFCGPOEgmJjLrayLWUpmw8d4DnOBFwfkySxCVADt4eifWqrBxtlzasRLA2lckyg8 bH6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9dhV8egEZU8cWS7ajuLRcKLQDgDZ98wBiHZ4g2Ri8EI=; b=HqHeivKDbGXo9vIMwt7sU+mfVx0ZEApkB4NcXwqDlzFne4a8epPeRjaJ7I6+H4pLNb ZaNEgvuRwZiH5FVW6J2U4vzNmF2hGqYREW0HwiWxl2htE9FkwaKvs3q75RiqpL9fGVEM nBURc26SAQYDf/QitlPemY0Tj8zjp46zfHDDs0AsgTefgE0uBflR19m7qEEdKPmmy5sp /33pV7PnrT49eA98J44CoK2tegeRjt3K/DnPuqJ8a0PpcYHLK2fUgmi4yRj3htoa1Y5d qOTtu+r5kADBU3QLFUxG4b9N/mQhGVMcLrPihNKyP7riuez9C8BjkYFLqyG5EKhxrfoj SuGA== X-Gm-Message-State: AFqh2koUJU1jMvpErb/CTNkQeLMLCMECfmkUGsyEmhnDknmdDsx2df0w uRIAsrmOZQcKj/4utPafx7oTZMtyfm4PWg== X-Google-Smtp-Source: AMrXdXtU5vrINMPbN3Xo7cYEsLNjNTmX/epxYhyLBvg1Z6jj82FLRD+2U8G68HMQ4zDhgcXQgVZQww== X-Received: by 2002:aa7:85d4:0:b0:578:8864:7b24 with SMTP id z20-20020aa785d4000000b0057888647b24mr7828601pfn.12.1671749016695; Thu, 22 Dec 2022 14:43:36 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f6-20020aa79d86000000b0056bbeaa82b9sm1187546pfq.113.2022.12.22.14.43.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 14:43:35 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 5/5] monitor: Add support for decoding RSI Date: Thu, 22 Dec 2022 14:43:29 -0800 Message-Id: <20221222224329.685837-5-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221222224329.685837-1-luiz.dentz@gmail.com> References: <20221222224329.685837-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This adds support for decoding Resolvable Set Identifier[1] advertising type (0x2e) according to CIS[2] spec: Resolvable Set Identifier: 46-BB-DB-26-D8-55 Hash: 0x26d855 Random: 0x46bbdb [1] https://www.bluetooth.com/specifications/assigned-numbers/ [2] https://www.bluetooth.com/specifications/csis-1-0-1/ --- monitor/packet.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/monitor/packet.c b/monitor/packet.c index 134cf398a66f..44f1941bd30c 100644 --- a/monitor/packet.c +++ b/monitor/packet.c @@ -3123,6 +3123,7 @@ static void print_fec(uint8_t fec) #define BT_EIR_MESH_PROV 0x29 #define BT_EIR_MESH_DATA 0x2a #define BT_EIR_MESH_BEACON 0x2b +#define BT_EIR_CSIP_RSI 0x2e #define BT_EIR_3D_INFO_DATA 0x3d #define BT_EIR_MANUFACTURER_DATA 0xff @@ -4017,6 +4018,14 @@ static void print_eir(const uint8_t *eir, uint8_t eir_len, bool le) print_mesh_beacon(data, data_len); break; + case BT_EIR_CSIP_RSI: + if (data_len < 6) + break; + print_addr("Resolvable Set Identifier", data, 0xff); + print_field(" Hash: 0x%6x", get_le24(data)); + print_field(" Random: 0x%6x", get_le24(data + 3)); + break; + case BT_EIR_MANUFACTURER_DATA: if (data_len < 2) break;