| sm.c (7ece0eaa04a64d54ee270d7d31e39198d41ab411) | sm.c (57132f1279d026ab1e746c1ee5571eca6f132703) |
|---|---|
| 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 1111 unchanged lines hidden (view full) --- 1120 setup->sm_s_addr_type = sm_conn->sm_peer_addr_type; 1121 (void)memcpy(setup->sm_s_address, sm_conn->sm_peer_address, 6); 1122 1123 int key_distribution_flags = sm_key_distribution_flags_for_auth_req(); 1124 sm_pairing_packet_set_initiator_key_distribution(setup->sm_m_preq, key_distribution_flags); 1125 sm_pairing_packet_set_responder_key_distribution(setup->sm_m_preq, key_distribution_flags); 1126 } 1127 | 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 1111 unchanged lines hidden (view full) --- 1120 setup->sm_s_addr_type = sm_conn->sm_peer_addr_type; 1121 (void)memcpy(setup->sm_s_address, sm_conn->sm_peer_address, 6); 1122 1123 int key_distribution_flags = sm_key_distribution_flags_for_auth_req(); 1124 sm_pairing_packet_set_initiator_key_distribution(setup->sm_m_preq, key_distribution_flags); 1125 sm_pairing_packet_set_responder_key_distribution(setup->sm_m_preq, key_distribution_flags); 1126 } 1127 |
| 1128 uint8_t auth_req = sm_auth_req; | 1128 uint8_t auth_req = sm_auth_req & ~SM_AUTHREQ_CT2; 1129#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION 1130 // set CT2 if SC + Bonding + CTKD 1131 const uint8_t auth_req_for_ct2 = SM_AUTHREQ_SECURE_CONNECTION | SM_AUTHREQ_BONDING; 1132 if ((auth_req & auth_req_for_ct2) == auth_req_for_ct2){ 1133 auth_req |= SM_AUTHREQ_CT2; 1134 } 1135#endif |
| 1129 sm_pairing_packet_set_io_capability(*local_packet, sm_io_capabilities); 1130 sm_pairing_packet_set_oob_data_flag(*local_packet, setup->sm_have_oob_data); 1131 sm_pairing_packet_set_auth_req(*local_packet, auth_req); 1132 sm_pairing_packet_set_max_encryption_key_size(*local_packet, sm_max_encryption_key_size); 1133} 1134 1135static int sm_stk_generation_init(sm_connection_t * sm_conn){ 1136 --- 390 unchanged lines hidden (view full) --- 1527 // responder 1528 sm_conn->sm_engine_state = SM_SC_SEND_DHKEY_CHECK_COMMAND; 1529 } else { 1530 // initiator 1531 sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION; 1532 } 1533 break; 1534#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION | 1136 sm_pairing_packet_set_io_capability(*local_packet, sm_io_capabilities); 1137 sm_pairing_packet_set_oob_data_flag(*local_packet, setup->sm_have_oob_data); 1138 sm_pairing_packet_set_auth_req(*local_packet, auth_req); 1139 sm_pairing_packet_set_max_encryption_key_size(*local_packet, sm_max_encryption_key_size); 1140} 1141 1142static int sm_stk_generation_init(sm_connection_t * sm_conn){ 1143 --- 390 unchanged lines hidden (view full) --- 1534 // responder 1535 sm_conn->sm_engine_state = SM_SC_SEND_DHKEY_CHECK_COMMAND; 1536 } else { 1537 // initiator 1538 sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION; 1539 } 1540 break; 1541#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION |
| 1535 case SM_SC_W4_CALCULATE_H6_ILK: | 1542 case SM_SC_W4_CALCULATE_ILK: |
| 1536 (void)memcpy(setup->sm_t, hash, 16); | 1543 (void)memcpy(setup->sm_t, hash, 16); |
| 1537 sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_BR_EDR_LINK_KEY; | 1544 sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_BR_EDR_LINK_KEY; |
| 1538 break; | 1545 break; |
| 1539 case SM_SC_W4_CALCULATE_H6_BR_EDR_LINK_KEY: | 1546 case SM_SC_W4_CALCULATE_BR_EDR_LINK_KEY: |
| 1540 reverse_128(hash, setup->sm_t); 1541 link_key_type = sm_conn->sm_connection_authenticated ? 1542 AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256 : UNAUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256; 1543 log_info("Derived classic link key from LE using h6, type %u", (int) link_key_type); 1544 gap_store_link_key_for_bd_addr(setup->sm_peer_address, setup->sm_t, link_key_type); 1545 if (IS_RESPONDER(sm_conn->sm_role)){ 1546 sm_conn->sm_engine_state = SM_RESPONDER_IDLE; 1547 } else { --- 248 unchanged lines hidden (view full) --- 1796 } 1797} 1798 1799#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION 1800 1801// 1802// Link Key Conversion Function h6 1803// | 1547 reverse_128(hash, setup->sm_t); 1548 link_key_type = sm_conn->sm_connection_authenticated ? 1549 AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256 : UNAUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256; 1550 log_info("Derived classic link key from LE using h6, type %u", (int) link_key_type); 1551 gap_store_link_key_for_bd_addr(setup->sm_peer_address, setup->sm_t, link_key_type); 1552 if (IS_RESPONDER(sm_conn->sm_role)){ 1553 sm_conn->sm_engine_state = SM_RESPONDER_IDLE; 1554 } else { --- 248 unchanged lines hidden (view full) --- 1803 } 1804} 1805 1806#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION 1807 1808// 1809// Link Key Conversion Function h6 1810// |
| 1804// h6(W, keyID) = AES-CMACW(keyID) | 1811// h6(W, keyID) = AES-CMAC_W(keyID) |
| 1805// - W is 128 bits 1806// - keyID is 32 bits 1807static void h6_engine(sm_connection_t * sm_conn, const sm_key_t w, const uint32_t key_id){ 1808 const uint16_t message_len = 4; 1809 sm_cmac_connection = sm_conn; 1810 big_endian_store_32(sm_cmac_sc_buffer, 0, key_id); 1811 log_info("h6 key"); 1812 log_info_hexdump(w, 16); 1813 log_info("h6 message"); 1814 log_info_hexdump(sm_cmac_sc_buffer, message_len); 1815 sm_cmac_message_start(w, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done); 1816} | 1812// - W is 128 bits 1813// - keyID is 32 bits 1814static void h6_engine(sm_connection_t * sm_conn, const sm_key_t w, const uint32_t key_id){ 1815 const uint16_t message_len = 4; 1816 sm_cmac_connection = sm_conn; 1817 big_endian_store_32(sm_cmac_sc_buffer, 0, key_id); 1818 log_info("h6 key"); 1819 log_info_hexdump(w, 16); 1820 log_info("h6 message"); 1821 log_info_hexdump(sm_cmac_sc_buffer, message_len); 1822 sm_cmac_message_start(w, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done); 1823} |
| 1824// 1825// Link Key Conversion Function h7 1826// 1827// h7(SALT, W) = AES-CMAC_SALT(W) 1828// - SALT is 128 bits 1829// - W is 128 bits 1830static void h7_engine(sm_connection_t * sm_conn, const sm_key_t salt, const sm_key_t w) { 1831 const uint16_t message_len = 16; 1832 sm_cmac_connection = sm_conn; 1833 log_info("h7 key"); 1834 log_info_hexdump(salt, 16); 1835 log_info("h7 message"); 1836 log_info_hexdump(w, 16); 1837 sm_cmac_message_start(salt, message_len, w, &sm_sc_cmac_done); 1838} |
|
| 1817 1818// For SC, setup->sm_local_ltk holds full LTK (sm_ltk is already truncated) 1819// Errata Service Release to the Bluetooth Specification: ESR09 1820// E6405 – Cross transport key derivation from a key of size less than 128 bits 1821// "Note: When the BR/EDR link key is being derived from the LTK, the derivation is done before the LTK gets masked." | 1839 1840// For SC, setup->sm_local_ltk holds full LTK (sm_ltk is already truncated) 1841// Errata Service Release to the Bluetooth Specification: ESR09 1842// E6405 – Cross transport key derivation from a key of size less than 128 bits 1843// "Note: When the BR/EDR link key is being derived from the LTK, the derivation is done before the LTK gets masked." |
| 1844 |
|
| 1822static void h6_calculate_ilk(sm_connection_t * sm_conn){ 1823 h6_engine(sm_conn, setup->sm_local_ltk, 0x746D7031); // "tmp1" 1824} 1825 1826static void h6_calculate_br_edr_link_key(sm_connection_t * sm_conn){ 1827 h6_engine(sm_conn, setup->sm_t, 0x6c656272); // "lebr" 1828} 1829 | 1845static void h6_calculate_ilk(sm_connection_t * sm_conn){ 1846 h6_engine(sm_conn, setup->sm_local_ltk, 0x746D7031); // "tmp1" 1847} 1848 1849static void h6_calculate_br_edr_link_key(sm_connection_t * sm_conn){ 1850 h6_engine(sm_conn, setup->sm_t, 0x6c656272); // "lebr" 1851} 1852 |
| 1853static void h7_calculate_ilk(sm_connection_t * sm_conn){ 1854 const uint8_t salt[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x74, 0x6D, 0x70, 0x31}; // "tmp1" 1855 h7_engine(sm_conn, salt, setup->sm_local_ltk); 1856} |
|
| 1830#endif 1831 1832#endif 1833 1834// key management legacy connections: 1835// - potentially two different LTKs based on direction. each device stores LTK provided by peer 1836// - master stores LTK, EDIV, RAND. responder optionally stored master LTK (only if it needs to reconnect) 1837// - initiators reconnects: initiator uses stored LTK, EDIV, RAND generated by responder --- 513 unchanged lines hidden (view full) --- 2351 f5_calculate_ltk(connection); 2352 break; 2353 case SM_SC_W2_CALCULATE_G2: 2354 if (!sm_cmac_ready()) break; 2355 connection->sm_engine_state = SM_SC_W4_CALCULATE_G2; 2356 g2_calculate(connection); 2357 break; 2358#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION | 1857#endif 1858 1859#endif 1860 1861// key management legacy connections: 1862// - potentially two different LTKs based on direction. each device stores LTK provided by peer 1863// - master stores LTK, EDIV, RAND. responder optionally stored master LTK (only if it needs to reconnect) 1864// - initiators reconnects: initiator uses stored LTK, EDIV, RAND generated by responder --- 513 unchanged lines hidden (view full) --- 2378 f5_calculate_ltk(connection); 2379 break; 2380 case SM_SC_W2_CALCULATE_G2: 2381 if (!sm_cmac_ready()) break; 2382 connection->sm_engine_state = SM_SC_W4_CALCULATE_G2; 2383 g2_calculate(connection); 2384 break; 2385#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION |
| 2359 case SM_SC_W2_CALCULATE_H6_ILK: | 2386 case SM_SC_W2_CALCULATE_ILK_USING_H6: |
| 2360 if (!sm_cmac_ready()) break; | 2387 if (!sm_cmac_ready()) break; |
| 2361 connection->sm_engine_state = SM_SC_W4_CALCULATE_H6_ILK; | 2388 connection->sm_engine_state = SM_SC_W4_CALCULATE_ILK; |
| 2362 h6_calculate_ilk(connection); 2363 break; | 2389 h6_calculate_ilk(connection); 2390 break; |
| 2364 case SM_SC_W2_CALCULATE_H6_BR_EDR_LINK_KEY: | 2391 case SM_SC_W2_CALCULATE_BR_EDR_LINK_KEY: |
| 2365 if (!sm_cmac_ready()) break; | 2392 if (!sm_cmac_ready()) break; |
| 2366 connection->sm_engine_state = SM_SC_W4_CALCULATE_H6_BR_EDR_LINK_KEY; | 2393 connection->sm_engine_state = SM_SC_W4_CALCULATE_BR_EDR_LINK_KEY; |
| 2367 h6_calculate_br_edr_link_key(connection); 2368 break; | 2394 h6_calculate_br_edr_link_key(connection); 2395 break; |
| 2396 case SM_SC_W2_CALCULATE_ILK_USING_H7: 2397 if (!sm_cmac_ready()) break; 2398 connection->sm_engine_state = SM_SC_W4_CALCULATE_ILK; 2399 h7_calculate_ilk(connection); 2400 break; |
|
| 2369#endif 2370#endif 2371 2372#ifdef ENABLE_LE_CENTRAL 2373 // initiator side 2374 case SM_INITIATOR_PH0_SEND_START_ENCRYPTION: { 2375 sm_key_t peer_ltk_flipped; 2376 reverse_128(setup->sm_peer_ltk, peer_ltk_flipped); --- 593 unchanged lines hidden (view full) --- 2970 connection->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS; 2971 } else { 2972 // no keys to send, just continue 2973 if (IS_RESPONDER(connection->sm_role)){ 2974 // slave -> receive master keys 2975 connection->sm_engine_state = SM_PH3_RECEIVE_KEYS; 2976 } else { 2977 if (sm_ctkd_from_le(connection)){ | 2401#endif 2402#endif 2403 2404#ifdef ENABLE_LE_CENTRAL 2405 // initiator side 2406 case SM_INITIATOR_PH0_SEND_START_ENCRYPTION: { 2407 sm_key_t peer_ltk_flipped; 2408 reverse_128(setup->sm_peer_ltk, peer_ltk_flipped); --- 593 unchanged lines hidden (view full) --- 3002 connection->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS; 3003 } else { 3004 // no keys to send, just continue 3005 if (IS_RESPONDER(connection->sm_role)){ 3006 // slave -> receive master keys 3007 connection->sm_engine_state = SM_PH3_RECEIVE_KEYS; 3008 } else { 3009 if (sm_ctkd_from_le(connection)){ |
| 2978 connection->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK; | 3010 bool use_h7 = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_CT2) != 0; 3011 connection->sm_engine_state = use_h7 ? SM_SC_W2_CALCULATE_ILK_USING_H7 : SM_SC_W2_CALCULATE_ILK_USING_H6; |
| 2979 } else { 2980 sm_master_pairing_success(connection); 2981 } 2982 } 2983 } 2984 sm_trigger_run(); 2985} 2986 --- 1036 unchanged lines hidden (view full) --- 4023 } 4024 // done with key distribution? 4025 if (sm_key_distribution_all_received(sm_conn)){ 4026 4027 sm_key_distribution_handle_all_received(sm_conn); 4028 4029 if (IS_RESPONDER(sm_conn->sm_role)){ 4030 if (sm_ctkd_from_le(sm_conn)){ | 3012 } else { 3013 sm_master_pairing_success(connection); 3014 } 3015 } 3016 } 3017 sm_trigger_run(); 3018} 3019 --- 1036 unchanged lines hidden (view full) --- 4056 } 4057 // done with key distribution? 4058 if (sm_key_distribution_all_received(sm_conn)){ 4059 4060 sm_key_distribution_handle_all_received(sm_conn); 4061 4062 if (IS_RESPONDER(sm_conn->sm_role)){ 4063 if (sm_ctkd_from_le(sm_conn)){ |
| 4031 sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK; | 4064 bool use_h7 = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_CT2) != 0; 4065 sm_conn->sm_engine_state = use_h7 ? SM_SC_W2_CALCULATE_ILK_USING_H7 : SM_SC_W2_CALCULATE_ILK_USING_H6; |
| 4032 } else { 4033 sm_conn->sm_engine_state = SM_RESPONDER_IDLE; 4034 sm_notify_client_status_reason(sm_conn, ERROR_CODE_SUCCESS, 0); 4035 sm_done_for_handle(sm_conn->sm_handle); 4036 } 4037 } else { 4038 if (setup->sm_use_secure_connections){ 4039 sm_conn->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS; --- 511 unchanged lines hidden --- | 4066 } else { 4067 sm_conn->sm_engine_state = SM_RESPONDER_IDLE; 4068 sm_notify_client_status_reason(sm_conn, ERROR_CODE_SUCCESS, 0); 4069 sm_done_for_handle(sm_conn->sm_handle); 4070 } 4071 } else { 4072 if (setup->sm_use_secure_connections){ 4073 sm_conn->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS; --- 511 unchanged lines hidden --- |