1 /*
2 * Copyright (c) 2017 Intel Corporation
3 * Copyright (c) 2022 Nordic Semiconductor ASA
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include "keys.h"
9
10 enum bt_mesh_nonce_type {
11 BT_MESH_NONCE_NETWORK,
12 BT_MESH_NONCE_PROXY,
13 BT_MESH_NONCE_SOLICITATION,
14 };
15
16 struct bt_mesh_sg {
17 const void *data;
18 size_t len;
19 };
20
21 int bt_mesh_crypto_init(void);
22
23 int bt_mesh_encrypt(const struct bt_mesh_key *key, const uint8_t plaintext[16],
24 uint8_t enc_data[16]);
25
26 int bt_mesh_ccm_encrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *plaintext,
27 size_t len, const uint8_t *aad, size_t aad_len, uint8_t *enc_data,
28 size_t mic_size);
29
30 int bt_mesh_ccm_decrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *enc_data,
31 size_t len, const uint8_t *aad, size_t aad_len, uint8_t *plaintext,
32 size_t mic_size);
33
34 int bt_mesh_aes_cmac_mesh_key(const struct bt_mesh_key *key, struct bt_mesh_sg *sg, size_t sg_len,
35 uint8_t mac[16]);
36
37 int bt_mesh_aes_cmac_raw_key(const uint8_t key[16], struct bt_mesh_sg *sg, size_t sg_len,
38 uint8_t mac[16]);
39
40 int bt_mesh_sha256_hmac_raw_key(const uint8_t key[32], struct bt_mesh_sg *sg, size_t sg_len,
41 uint8_t mac[32]);
42
43 int bt_mesh_s1(const char *m, size_t m_len, uint8_t salt[16]);
44
bt_mesh_s1_str(const char * m,uint8_t salt[16])45 static inline int bt_mesh_s1_str(const char *m, uint8_t salt[16])
46 {
47 return bt_mesh_s1(m, strlen(m), salt);
48 }
49
50 int bt_mesh_s2(const char *m, size_t m_len, uint8_t salt[32]);
51
52 int bt_mesh_k1(const uint8_t *ikm, size_t ikm_len, const uint8_t salt[16], const char *info,
53 uint8_t okm[16]);
54
55 int bt_mesh_k2(const uint8_t n[16], const uint8_t *p, size_t p_len, uint8_t net_id[1],
56 struct bt_mesh_key *enc_key, struct bt_mesh_key *priv_key);
57
58 int bt_mesh_k3(const uint8_t n[16], uint8_t out[8]);
59
60 int bt_mesh_k4(const uint8_t n[16], uint8_t out[1]);
61
62 int bt_mesh_k5(const uint8_t *n, size_t n_len, const uint8_t salt[32], uint8_t *p, uint8_t out[32]);
63
64 int bt_mesh_id128(const uint8_t n[16], const char *s, enum bt_mesh_key_type type,
65 struct bt_mesh_key *out);
66
bt_mesh_identity_key(const uint8_t net_key[16],struct bt_mesh_key * identity_key)67 static inline int bt_mesh_identity_key(const uint8_t net_key[16], struct bt_mesh_key *identity_key)
68 {
69 return bt_mesh_id128(net_key, "nkik", BT_MESH_KEY_TYPE_ECB, identity_key);
70 }
71
bt_mesh_beacon_key(const uint8_t net_key[16],struct bt_mesh_key * beacon_key)72 static inline int bt_mesh_beacon_key(const uint8_t net_key[16], struct bt_mesh_key *beacon_key)
73 {
74 return bt_mesh_id128(net_key, "nkbk", BT_MESH_KEY_TYPE_CMAC, beacon_key);
75 }
76
bt_mesh_private_beacon_key(const uint8_t net_key[16],struct bt_mesh_key * private_beacon_key)77 static inline int bt_mesh_private_beacon_key(const uint8_t net_key[16],
78 struct bt_mesh_key *private_beacon_key)
79 {
80 return bt_mesh_id128(net_key, "nkpk", BT_MESH_KEY_TYPE_ECB, private_beacon_key);
81 }
82
83 int bt_mesh_beacon_auth(const struct bt_mesh_key *beacon_key, uint8_t flags,
84 const uint8_t net_id[8], uint32_t iv_index, uint8_t auth[8]);
85
bt_mesh_app_id(const uint8_t app_key[16],uint8_t app_id[1])86 static inline int bt_mesh_app_id(const uint8_t app_key[16], uint8_t app_id[1])
87 {
88 return bt_mesh_k4(app_key, app_id);
89 }
90
91 int bt_mesh_session_key(const uint8_t dhkey[32], const uint8_t prov_salt[16],
92 struct bt_mesh_key *session_key);
93
94 int bt_mesh_prov_nonce(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t nonce[13]);
95
96 int bt_mesh_dev_key(const uint8_t dhkey[32], const uint8_t prov_salt[16], uint8_t dev_key[16]);
97
98 int bt_mesh_prov_salt(uint8_t algorithm, const uint8_t *conf_salt, const uint8_t *prov_rand,
99 const uint8_t *dev_rand, uint8_t *prov_salt);
100
101 int bt_mesh_net_obfuscate(uint8_t *pdu, uint32_t iv_index, const struct bt_mesh_key *privacy_key);
102
103 int bt_mesh_net_encrypt(const struct bt_mesh_key *key, struct net_buf_simple *buf,
104 uint32_t iv_index, enum bt_mesh_nonce_type type);
105
106 int bt_mesh_net_decrypt(const struct bt_mesh_key *key, struct net_buf_simple *buf,
107 uint32_t iv_index, enum bt_mesh_nonce_type type);
108
109 struct bt_mesh_app_crypto_ctx {
110 bool dev_key;
111 uint8_t aszmic;
112 uint16_t src;
113 uint16_t dst;
114 uint32_t seq_num;
115 uint32_t iv_index;
116 const uint8_t *ad;
117 };
118
119 int bt_mesh_app_encrypt(const struct bt_mesh_key *key, const struct bt_mesh_app_crypto_ctx *ctx,
120 struct net_buf_simple *buf);
121
122 int bt_mesh_app_decrypt(const struct bt_mesh_key *key, const struct bt_mesh_app_crypto_ctx *ctx,
123 struct net_buf_simple *buf, struct net_buf_simple *out);
124
125 uint8_t bt_mesh_fcs_calc(const uint8_t *data, uint8_t data_len);
126
127 bool bt_mesh_fcs_check(struct net_buf_simple *buf, uint8_t received_fcs);
128
129 int bt_mesh_virtual_addr(const uint8_t virtual_label[16], uint16_t *addr);
130
131 int bt_mesh_prov_conf_salt(uint8_t algorithm, const uint8_t conf_inputs[145], uint8_t *salt);
132
133 int bt_mesh_prov_conf_key(uint8_t algorithm, const uint8_t *k_input, const uint8_t *conf_salt,
134 uint8_t *conf_key);
135
136 int bt_mesh_prov_conf(uint8_t algorithm, const uint8_t *conf_key, const uint8_t *prov_rand,
137 const uint8_t *auth, uint8_t *conf);
138
139 int bt_mesh_prov_decrypt(struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t data[25 + 8],
140 uint8_t out[25]);
141
142 int bt_mesh_prov_encrypt(struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t data[25],
143 uint8_t out[25 + 8]);
144
145 int bt_mesh_pub_key_gen(void);
146
147 const uint8_t *bt_mesh_pub_key_get(void);
148
149 int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey);
150
151 int bt_mesh_beacon_decrypt(const struct bt_mesh_key *pbk, const uint8_t random[13],
152 const uint8_t data[5], const uint8_t expected_auth[8], uint8_t out[5]);
153
154 int bt_mesh_beacon_encrypt(const struct bt_mesh_key *pbk, uint8_t flags, uint32_t iv_index,
155 const uint8_t random[13], uint8_t data[5], uint8_t auth[8]);
156
