|
Packit Service |
8264ee |
/*
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
* BlueZ - Bluetooth protocol stack for Linux
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
* Copyright (C) 2019 Intel Corporation. All rights reserved.
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
* This library is free software; you can redistribute it and/or
|
|
Packit Service |
8264ee |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit Service |
8264ee |
* License as published by the Free Software Foundation; either
|
|
Packit Service |
8264ee |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
* This library is distributed in the hope that it will be useful,
|
|
Packit Service |
8264ee |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
8264ee |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
8264ee |
* Lesser General Public License for more details.
|
|
Packit Service |
8264ee |
*
|
|
Packit Service |
8264ee |
*/
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
8264ee |
#include <config.h>
|
|
Packit Service |
8264ee |
#endif
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
#include <ell/ell.h>
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
#include "mesh/crypto.h"
|
|
Packit Service |
8264ee |
#include "mesh/net-keys.h"
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
#define BEACON_TYPE_SNB 0x01
|
|
Packit Service |
8264ee |
#define KEY_REFRESH 0x01
|
|
Packit Service |
8264ee |
#define IV_INDEX_UPDATE 0x02
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
struct net_key {
|
|
Packit Service |
8264ee |
uint32_t id;
|
|
Packit Service |
8264ee |
uint16_t ref_cnt;
|
|
Packit Service |
8264ee |
uint8_t friend_key;
|
|
Packit Service |
8264ee |
uint8_t nid;
|
|
Packit Service |
8264ee |
uint8_t master[16];
|
|
Packit Service |
8264ee |
uint8_t encrypt[16];
|
|
Packit Service |
8264ee |
uint8_t privacy[16];
|
|
Packit Service |
8264ee |
uint8_t beacon[16];
|
|
Packit Service |
8264ee |
uint8_t network[8];
|
|
Packit Service |
8264ee |
};
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
static struct l_queue *keys = NULL;
|
|
Packit Service |
8264ee |
static uint32_t last_master_id = 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
/* To avoid re-decrypting same packet for multiple nodes, cache and check */
|
|
Packit Service |
8264ee |
static uint8_t cache_pkt[29];
|
|
Packit Service |
8264ee |
static uint8_t cache_plain[29];
|
|
Packit Service |
8264ee |
static size_t cache_len;
|
|
Packit Service |
8264ee |
static size_t cache_plainlen;
|
|
Packit Service |
8264ee |
static uint32_t cache_id;
|
|
Packit Service |
8264ee |
static uint32_t cache_iv_index;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
static bool match_master(const void *a, const void *b)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
const struct net_key *key = a;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return (memcmp(key->master, b, sizeof(key->master)) == 0);
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
static bool match_id(const void *a, const void *b)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
const struct net_key *key = a;
|
|
Packit Service |
8264ee |
uint32_t id = L_PTR_TO_UINT(b);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return id == key->id;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
static bool match_network(const void *a, const void *b)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
const struct net_key *key = a;
|
|
Packit Service |
8264ee |
const uint8_t *network = b;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return memcmp(key->network, network, sizeof(key->network)) == 0;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
/* Key added from Provisioning, NetKey Add or NetKey update */
|
|
Packit Service |
8264ee |
uint32_t net_key_add(const uint8_t master[16])
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_master, master);
|
|
Packit Service |
8264ee |
uint8_t p[] = {0};
|
|
Packit Service |
8264ee |
bool result;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (key) {
|
|
Packit Service |
8264ee |
key->ref_cnt++;
|
|
Packit Service |
8264ee |
return key->id;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!keys)
|
|
Packit Service |
8264ee |
keys = l_queue_new();
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
key = l_new(struct net_key, 1);
|
|
Packit Service |
8264ee |
memcpy(key->master, master, 16);
|
|
Packit Service |
8264ee |
key->ref_cnt++;
|
|
Packit Service |
8264ee |
result = mesh_crypto_k2(master, p, sizeof(p), &key->nid, key->encrypt,
|
|
Packit Service |
8264ee |
key->privacy);
|
|
Packit Service |
8264ee |
if (!result)
|
|
Packit Service |
8264ee |
goto fail;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_k3(master, key->network);
|
|
Packit Service |
8264ee |
if (!result)
|
|
Packit Service |
8264ee |
goto fail;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_nkbk(master, key->beacon);
|
|
Packit Service |
8264ee |
if (!result)
|
|
Packit Service |
8264ee |
goto fail;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
key->id = ++last_master_id;
|
|
Packit Service |
8264ee |
l_queue_push_tail(keys, key);
|
|
Packit Service |
8264ee |
return key->id;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
fail:
|
|
Packit Service |
8264ee |
l_free(key);
|
|
Packit Service |
8264ee |
return 0;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
uint32_t net_key_frnd_add(uint32_t master_id, uint16_t lpn, uint16_t frnd,
|
|
Packit Service |
8264ee |
uint16_t lp_cnt, uint16_t fn_cnt)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
const struct net_key *key = l_queue_find(keys, match_id,
|
|
Packit Service |
8264ee |
L_UINT_TO_PTR(master_id));
|
|
Packit Service |
8264ee |
struct net_key *frnd_key;
|
|
Packit Service |
8264ee |
uint8_t p[9] = {0x01};
|
|
Packit Service |
8264ee |
bool result;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!key || key->friend_key)
|
|
Packit Service |
8264ee |
return 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
frnd_key = l_new(struct net_key, 1);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
l_put_be16(lpn, p + 1);
|
|
Packit Service |
8264ee |
l_put_be16(frnd, p + 3);
|
|
Packit Service |
8264ee |
l_put_be16(lp_cnt, p + 5);
|
|
Packit Service |
8264ee |
l_put_be16(fn_cnt, p + 7);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_k2(key->master, p, sizeof(p), &frnd_key->nid,
|
|
Packit Service |
8264ee |
frnd_key->encrypt, frnd_key->privacy);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!result) {
|
|
Packit Service |
8264ee |
l_free(frnd_key);
|
|
Packit Service |
8264ee |
return 0;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
frnd_key->friend_key = true;
|
|
Packit Service |
8264ee |
frnd_key->ref_cnt++;
|
|
Packit Service |
8264ee |
frnd_key->id = ++last_master_id;
|
|
Packit Service |
8264ee |
l_queue_push_head(keys, frnd_key);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return frnd_key->id;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
void net_key_unref(uint32_t id)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (key && key->ref_cnt) {
|
|
Packit Service |
8264ee |
if (--key->ref_cnt == 0) {
|
|
Packit Service |
8264ee |
l_queue_remove(keys, key);
|
|
Packit Service |
8264ee |
l_free(key);
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
bool net_key_confirm(uint32_t id, const uint8_t *master)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (key)
|
|
Packit Service |
8264ee |
return memcmp(key->master, master, sizeof(key->master)) == 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
bool net_key_retrieve(uint32_t id, uint8_t *master)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (key) {
|
|
Packit Service |
8264ee |
memcpy(master, key->master, sizeof(key->master));
|
|
Packit Service |
8264ee |
return true;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
static void decrypt_net_pkt(void *a, void *b)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
const struct net_key *key = a;
|
|
Packit Service |
8264ee |
bool result;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (cache_id || !key->ref_cnt || (cache_pkt[0] & 0x7f) != key->nid)
|
|
Packit Service |
8264ee |
return;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_packet_decode(cache_pkt, cache_len, false,
|
|
Packit Service |
8264ee |
cache_plain, cache_iv_index,
|
|
Packit Service |
8264ee |
key->encrypt, key->privacy);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (result) {
|
|
Packit Service |
8264ee |
cache_id = key->id;
|
|
Packit Service |
8264ee |
if (cache_plain[1] & 0x80)
|
|
Packit Service |
8264ee |
cache_plainlen = cache_len - 8;
|
|
Packit Service |
8264ee |
else
|
|
Packit Service |
8264ee |
cache_plainlen = cache_len - 4;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
uint32_t net_key_decrypt(uint32_t iv_index, const uint8_t *pkt, size_t len,
|
|
Packit Service |
8264ee |
uint8_t **plain, size_t *plain_len)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
/* If we already successfully decrypted this packet, use cached data */
|
|
Packit Service |
8264ee |
if (cache_id && cache_len == len && !memcmp(pkt, cache_pkt, len)) {
|
|
Packit Service |
8264ee |
/* IV Index must match what was used to decrypt */
|
|
Packit Service |
8264ee |
if (cache_iv_index != iv_index)
|
|
Packit Service |
8264ee |
return 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
goto done;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
cache_id = 0;
|
|
Packit Service |
8264ee |
memcpy(cache_pkt, pkt, len);
|
|
Packit Service |
8264ee |
cache_len = len;
|
|
Packit Service |
8264ee |
cache_iv_index = iv_index;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
/* Try all network keys known to us */
|
|
Packit Service |
8264ee |
l_queue_foreach(keys, decrypt_net_pkt, NULL);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
done:
|
|
Packit Service |
8264ee |
if (cache_id) {
|
|
Packit Service |
8264ee |
*plain = cache_plain;
|
|
Packit Service |
8264ee |
*plain_len = cache_plainlen;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return cache_id;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
bool net_key_encrypt(uint32_t id, uint32_t iv_index, uint8_t *pkt, size_t len)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
bool result;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!key)
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_packet_encode(pkt, len, key->encrypt, iv_index,
|
|
Packit Service |
8264ee |
key->privacy);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!result)
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
result = mesh_crypto_packet_label(pkt, len, iv_index, key->nid);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return result;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
uint32_t net_key_network_id(const uint8_t network[8])
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_network, network);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!key)
|
|
Packit Service |
8264ee |
return 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return key->id;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
bool net_key_snb_check(uint32_t id, uint32_t iv_index, bool kr, bool ivu,
|
|
Packit Service |
8264ee |
uint64_t cmac)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
uint64_t cmac_check;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!key)
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
/* Any behavioral changes must pass CMAC test */
|
|
Packit Service |
8264ee |
if (!mesh_crypto_beacon_cmac(key->beacon, key->network, iv_index, kr,
|
|
Packit Service |
8264ee |
ivu, &cmac_check)) {
|
|
Packit Service |
8264ee |
l_error("mesh_crypto_beacon_cmac failed");
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (cmac != cmac_check) {
|
|
Packit Service |
8264ee |
l_error("cmac compare failed 0x%16" PRIx64 " != 0x%16" PRIx64,
|
|
Packit Service |
8264ee |
cmac, cmac_check);
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return true;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
bool net_key_snb_compose(uint32_t id, uint32_t iv_index, bool kr, bool ivu,
|
|
Packit Service |
8264ee |
uint8_t *snb)
|
|
Packit Service |
8264ee |
{
|
|
Packit Service |
8264ee |
struct net_key *key = l_queue_find(keys, match_id, L_UINT_TO_PTR(id));
|
|
Packit Service |
8264ee |
uint64_t cmac;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (!key)
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
/* Any behavioral changes must pass CMAC test */
|
|
Packit Service |
8264ee |
if (!mesh_crypto_beacon_cmac(key->beacon, key->network, iv_index, kr,
|
|
Packit Service |
8264ee |
ivu, &cmac)) {
|
|
Packit Service |
8264ee |
l_error("mesh_crypto_beacon_cmac failed");
|
|
Packit Service |
8264ee |
return false;
|
|
Packit Service |
8264ee |
}
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
snb[0] = BEACON_TYPE_SNB;
|
|
Packit Service |
8264ee |
snb[1] = 0;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (kr)
|
|
Packit Service |
8264ee |
snb[1] |= KEY_REFRESH;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
if (ivu)
|
|
Packit Service |
8264ee |
snb[1] |= IV_INDEX_UPDATE;
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
memcpy(snb + 2, key->network, 8);
|
|
Packit Service |
8264ee |
l_put_be32(iv_index, snb + 10);
|
|
Packit Service |
8264ee |
l_put_be64(cmac, snb + 14);
|
|
Packit Service |
8264ee |
|
|
Packit Service |
8264ee |
return true;
|
|
Packit Service |
8264ee |
}
|