1 /* Copyright (c) 2022 Nordic Semiconductor ASA 2 * SPDX-License-Identifier: Apache-2.0 3 */ 4 5 #ifndef __BT_CRYPTO_H 6 #define __BT_CRYPTO_H 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <zephyr/bluetooth/bluetooth.h> 12 13 /** 14 * @brief Cypher based Message Authentication Code (CMAC) with AES 128 bit 15 * 16 * Defined in Core Vol. 3, part H 2.2.5. 17 * 18 * @param[in] key 128-bit key 19 * @param[in] in message to be authenticated 20 * @param[in] len length of the message in octets 21 * @param[out] out message authentication code 22 * 23 * @retval 0 Computation was successful. @p res contains the result. 24 * @retval -EIO Computation failed. 25 */ 26 int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out); 27 28 /** 29 * @brief Cryptographic Toolbox f4 30 * 31 * Defined in Core Vol. 3, part H 2.2.6. 32 * 33 * @param[in] u 256-bit 34 * @param[in] v 256-bit 35 * @param[in] x 128-bit key 36 * @param[in] z 8-bit 37 * @param[out] res 38 * 39 * @retval 0 Computation was successful. @p res contains the result. 40 * @retval -EIO Computation failed. 41 */ 42 int bt_crypto_f4(const uint8_t *u, const uint8_t *v, const uint8_t *x, uint8_t z, uint8_t res[16]); 43 44 /** 45 * @brief Cryptographic Toolbox f5 46 * 47 * Defined in Core Vol. 3, part H 2.2.7. 48 * 49 * @param[in] w 256-bit 50 * @param[in] n1 128-bit 51 * @param[in] n2 128-bit 52 * @param[in] a1 56-bit 53 * @param[in] a2 56-bit 54 * @param[out] mackey most significant 128-bit of the result 55 * @param[out] ltk least significant 128-bit of the result 56 * 57 * @retval 0 Computation was successful. @p res contains the result. 58 * @retval -EIO Computation failed. 59 */ 60 int bt_crypto_f5(const uint8_t *w, const uint8_t *n1, const uint8_t *n2, const bt_addr_le_t *a1, 61 const bt_addr_le_t *a2, uint8_t *mackey, uint8_t *ltk); 62 63 /** 64 * @brief Cryptographic Toolbox f6 65 * 66 * Defined in Core Vol. 3, part H 2.2.8. 67 * 68 * @param[in] w 128-bit 69 * @param[in] n1 128-bit 70 * @param[in] n2 128-bit 71 * @param[in] r 128-bit 72 * @param[in] iocap 24-bit 73 * @param[in] a1 56-bit 74 * @param[in] a2 56-bit 75 * @param[out] check 76 * 77 * @retval 0 Computation was successful. @p res contains the result. 78 * @retval -EIO Computation failed. 79 */ 80 int bt_crypto_f6(const uint8_t *w, const uint8_t *n1, const uint8_t *n2, const uint8_t *r, 81 const uint8_t *iocap, const bt_addr_le_t *a1, const bt_addr_le_t *a2, 82 uint8_t *check); 83 84 /** 85 * @brief Cryptographic Toolbox g2 86 87 * Defined in Core Vol. 3, part H 2.2.9. 88 * 89 * @param[in] u 256-bit 90 * @param[in] v 256-bit 91 * @param[in] x 128-bit 92 * @param[in] y 128-bit 93 * @param[out] passkey 94 * 95 * @retval 0 Computation was successful. @p res contains the result. 96 * @retval -EIO Computation failed. 97 */ 98 int bt_crypto_g2(const uint8_t u[32], const uint8_t v[32], const uint8_t x[16], const uint8_t y[16], 99 uint32_t *passkey); 100 101 /** 102 * @brief Cryptographic Toolbox h6 103 * 104 * Link key conversion defined in Core Vol. 3, part H 2.2.10. 105 * 106 * @param[in] w 128-bit key 107 * @param[in] key_id 32-bit 108 * @param[out] res 128-bit 109 * 110 * @retval 0 Computation was successful. @p res contains the result. 111 * @retval -EIO Computation failed. 112 */ 113 int bt_crypto_h6(const uint8_t w[16], const uint8_t key_id[4], uint8_t res[16]); 114 115 /** 116 * @brief Cryptographic Toolbox h7 117 * 118 * Link key conversion defined in Core Vol. 3, part H 2.2.11. 119 * 120 * @param[in] salt 128-bit key 121 * @param[in] w 128-bit input of the AES-CMAC function 122 * @param[out] res 128-bit 123 * 124 * @retval 0 Computation was successful. @p res contains the result. 125 * @retval -EIO Computation failed. 126 */ 127 int bt_crypto_h7(const uint8_t salt[16], const uint8_t w[16], uint8_t res[16]); 128 129 /** 130 * @brief Cryptographic Toolbox function h8 131 * 132 * Defined in Core Vol. 6, part E 1.1.1. 133 * 134 * @note This function is purely a shorthand for the calculation. The parameters 135 * are therefore intentionally not assigned meaning. 136 * 137 * Pseudocode: `aes_cmac(key=aes_cmac(key=s, plaintext=k), plaintext=key_id)` 138 * 139 * @param[in] k (128-bit number in big endian) 140 * @param[in] s (128-bit number in big endian) 141 * @param[in] key_id (32-bit number in big endian) 142 * @param[out] res (128-bit number in big endian) 143 * 144 * @retval 0 Computation was successful. @p res contains the result. 145 * @retval -EIO Computation failed. 146 */ 147 int bt_crypto_h8(const uint8_t k[16], const uint8_t s[16], const uint8_t key_id[4], 148 uint8_t res[16]); 149 150 #endif /* __BT_CRYPTO_H */ 151
