ble_gatt_client
|
#include <stdbool.h>
#include <stdint.h>
Go to the source code of this file.
Functions | |
struct bt_crypto * | bt_crypto_new (void) |
struct bt_crypto * | bt_crypto_ref (struct bt_crypto *crypto) |
void | bt_crypto_unref (struct bt_crypto *crypto) |
bool | bt_crypto_random_bytes (struct bt_crypto *crypto, uint8_t *buf, uint8_t num_bytes) |
bool | bt_crypto_e (struct bt_crypto *crypto, const uint8_t key[16], const uint8_t plaintext[16], uint8_t encrypted[16]) |
bool | bt_crypto_ah (struct bt_crypto *crypto, const uint8_t k[16], const uint8_t r[3], uint8_t hash[3]) |
bool | bt_crypto_c1 (struct bt_crypto *crypto, const uint8_t k[16], const uint8_t r[16], const uint8_t pres[7], const uint8_t preq[7], uint8_t iat, const uint8_t ia[6], uint8_t rat, const uint8_t ra[6], uint8_t res[16]) |
bool | bt_crypto_s1 (struct bt_crypto *crypto, const uint8_t k[16], const uint8_t r1[16], const uint8_t r2[16], uint8_t res[16]) |
bool | bt_crypto_f4 (struct bt_crypto *crypto, uint8_t u[32], uint8_t v[32], uint8_t x[16], uint8_t z, uint8_t res[16]) |
bool | bt_crypto_f5 (struct bt_crypto *crypto, uint8_t w[32], uint8_t n1[16], uint8_t n2[16], uint8_t a1[7], uint8_t a2[7], uint8_t mackey[16], uint8_t ltk[16]) |
bool | bt_crypto_f6 (struct bt_crypto *crypto, uint8_t w[16], uint8_t n1[16], uint8_t n2[16], uint8_t r[16], uint8_t io_cap[3], uint8_t a1[7], uint8_t a2[7], uint8_t res[16]) |
bool | bt_crypto_g2 (struct bt_crypto *crypto, uint8_t u[32], uint8_t v[32], uint8_t x[16], uint8_t y[16], uint32_t *val) |
bool | bt_crypto_sign_att (struct bt_crypto *crypto, const uint8_t key[16], const uint8_t *m, uint16_t m_len, uint32_t sign_cnt, uint8_t signature[12]) |
bool bt_crypto_ah | ( | struct bt_crypto * | crypto, |
const uint8_t | k[16], | ||
const uint8_t | r[3], | ||
uint8_t | hash[3] | ||
) |
Random Address Hash function ah
The random address hash function ah is used to generate a hash value that is used in resolvable private addresses.
The following are inputs to the random address hash function ah:
k is 128 bits r is 24 bits padding is 104 bits
r is concatenated with padding to generate r' which is used as the 128-bit input parameter plaintextData to security function e:
r' = padding || r
The least significant octet of r becomes the least significant octet of r’ and the most significant octet of padding becomes the most significant octet of r'.
For example, if the 24-bit value r is 0x423456 then r' is 0x00000000000000000000000000423456.
The output of the random address function ah is:
ah(k, r) = e(k, r') mod 2^24
The output of the security function e is then truncated to 24 bits by taking the least significant 24 bits of the output of e as the result of ah.
Definition at line 424 of file crypto.c.
References bt_crypto_e().
bool bt_crypto_c1 | ( | struct bt_crypto * | crypto, |
const uint8_t | k[16], | ||
const uint8_t | r[16], | ||
const uint8_t | pres[7], | ||
const uint8_t | preq[7], | ||
uint8_t | iat, | ||
const uint8_t | ia[6], | ||
uint8_t | rat, | ||
const uint8_t | ra[6], | ||
uint8_t | res[16] | ||
) |
Confirm value generation function c1
During the pairing process confirm values are exchanged. This confirm value generation function c1 is used to generate the confirm values.
The following are inputs to the confirm value generation function c1:
k is 128 bits r is 128 bits pres is 56 bits preq is 56 bits iat is 1 bit ia is 48 bits rat is 1 bit ra is 48 bits padding is 32 bits of 0
iat is concatenated with 7-bits of 0 to create iat' which is 8 bits in length. iat is the least significant bit of iat'
rat is concatenated with 7-bits of 0 to create rat' which is 8 bits in length. rat is the least significant bit of rat'
pres, preq, rat' and iat' are concatenated to generate p1 which is XORed with r and used as 128-bit input parameter plaintextData to security function e:
p1 = pres || preq || rat' || iat'
The octet of iat' becomes the least significant octet of p1 and the most significant octet of pres becomes the most significant octet of p1.
ra is concatenated with ia and padding to generate p2 which is XORed with the result of the security function e using p1 as the input paremter plaintextData and is then used as the 128-bit input parameter plaintextData to security function e:
p2 = padding || ia || ra
The least significant octet of ra becomes the least significant octet of p2 and the most significant octet of padding becomes the most significant octet of p2.
The output of the confirm value generation function c1 is:
c1(k, r, preq, pres, iat, rat, ia, ra) = e(k, e(k, r XOR p1) XOR p2)
The 128-bit output of the security function e is used as the result of confirm value generation function c1.
Definition at line 517 of file crypto.c.
References bt_crypto_e(), and u128_xor().
bool bt_crypto_e | ( | struct bt_crypto * | crypto, |
const uint8_t | key[16], | ||
const uint8_t | plaintext[16], | ||
uint8_t | encrypted[16] | ||
) |
Security function e
Security function e generates 128-bit encryptedData from a 128-bit key and 128-bit plaintextData using the AES-128-bit block cypher:
encryptedData = e(key, plaintextData)
The most significant octet of key corresponds to key[0], the most significant octet of plaintextData corresponds to in[0] and the most significant octet of encryptedData corresponds to out[0].
Definition at line 359 of file crypto.c.
References alg_encrypt(), alg_new(), bt_crypto::ecb_aes, and swap_buf().
Referenced by bt_crypto_ah(), bt_crypto_c1(), and bt_crypto_s1().
bool bt_crypto_f4 | ( | struct bt_crypto * | crypto, |
uint8_t | u[32], | ||
uint8_t | v[32], | ||
uint8_t | x[16], | ||
uint8_t | z, | ||
uint8_t | res[16] | ||
) |
Definition at line 626 of file crypto.c.
References aes_cmac().
bool bt_crypto_f5 | ( | struct bt_crypto * | crypto, |
uint8_t | w[32], | ||
uint8_t | n1[16], | ||
uint8_t | n2[16], | ||
uint8_t | a1[7], | ||
uint8_t | a2[7], | ||
uint8_t | mackey[16], | ||
uint8_t | ltk[16] | ||
) |
Definition at line 641 of file crypto.c.
References aes_cmac().
bool bt_crypto_f6 | ( | struct bt_crypto * | crypto, |
uint8_t | w[16], | ||
uint8_t | n1[16], | ||
uint8_t | n2[16], | ||
uint8_t | r[16], | ||
uint8_t | io_cap[3], | ||
uint8_t | a1[7], | ||
uint8_t | a2[7], | ||
uint8_t | res[16] | ||
) |
Definition at line 669 of file crypto.c.
References aes_cmac().
bool bt_crypto_g2 | ( | struct bt_crypto * | crypto, |
uint8_t | u[32], | ||
uint8_t | v[32], | ||
uint8_t | x[16], | ||
uint8_t | y[16], | ||
uint32_t * | val | ||
) |
Definition at line 685 of file crypto.c.
References aes_cmac(), and get_le32().
struct bt_crypto* bt_crypto_new | ( | void | ) |
Definition at line 158 of file crypto.c.
References bt_crypto_ref(), bt_crypto::cmac_aes, cmac_aes_setup(), bt_crypto::ecb_aes, ecb_aes_setup(), new0, bt_crypto::urandom, and urandom_setup().
Referenced by bt_att_new().
bool bt_crypto_random_bytes | ( | struct bt_crypto * | crypto, |
uint8_t * | buf, | ||
uint8_t | num_bytes | ||
) |
Definition at line 215 of file crypto.c.
References bt_crypto::urandom.
Definition at line 190 of file crypto.c.
References bt_crypto::ref_count.
Referenced by bt_crypto_new().
bool bt_crypto_s1 | ( | struct bt_crypto * | crypto, |
const uint8_t | k[16], | ||
const uint8_t | r1[16], | ||
const uint8_t | r2[16], | ||
uint8_t | res[16] | ||
) |
Key generation function s1
The key generation function s1 is used to generate the STK during the pairing process.
The following are inputs to the key generation function s1:
k is 128 bits r1 is 128 bits r2 is 128 bits
The most significant 64-bits of r1 are discarded to generate r1' and the most significant 64-bits of r2 are discarded to generate r2'.
r1' is concatenated with r2' to generate r' which is used as the 128-bit input parameter plaintextData to security function e:
r' = r1' || r2'
The least significant octet of r2' becomes the least significant octet of r' and the most significant octet of r1' becomes the most significant octet of r'.
The output of the key generation function s1 is:
s1(k, r1, r2) = e(k, r')
The 128-bit output of the security function e is used as the result of key generation function s1.
Definition at line 581 of file crypto.c.
References bt_crypto_e().
bool bt_crypto_sign_att | ( | struct bt_crypto * | crypto, |
const uint8_t | key[16], | ||
const uint8_t * | m, | ||
uint16_t | m_len, | ||
uint32_t | sign_cnt, | ||
uint8_t | signature[12] | ||
) |
Definition at line 286 of file crypto.c.
References alg_new(), bt_crypto::cmac_aes, put_be32(), put_le32(), and swap_buf().
Referenced by encode_pdu(), and handle_signed().
void bt_crypto_unref | ( | struct bt_crypto * | crypto | ) |
Definition at line 200 of file crypto.c.
References bt_crypto::cmac_aes, bt_crypto::ecb_aes, bt_crypto::ref_count, and bt_crypto::urandom.
Referenced by bt_att_free().