Merge branch 'bugfix/ble_mesh_mbedtls_aes_fix_v4.0' into 'release/v4.0'

Bugfix/ble mesh mbedtls aes fix (v4.0)

See merge request espressif/esp-idf!12271

components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c

@@ -1868,59 +1868,36 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons
     return 0;
 }
 
-#if CONFIG_MBEDTLS_HARDWARE_AES
-static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le,
-                        uint8_t *const cipher_text_le, uint8_t *const cipher_text_be)
+int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
+                       uint8_t enc_data[16])
 {
-    struct bt_mesh_ecb_param ecb = {0};
-    mbedtls_aes_context aes_ctx = {0};
-
-    aes_ctx.key_bytes = 16;
-    mem_rcopy(&aes_ctx.key[0], key_le, 16);
-    mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text));
-    mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]);
+    uint8_t tmp[16] = {0};
 
-    if (cipher_text_le) {
-        mem_rcopy(cipher_text_le, &ecb.cipher_text[0],
-                  sizeof(ecb.cipher_text));
-    }
+    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
 
-    if (cipher_text_be) {
-        memcpy(cipher_text_be, &ecb.cipher_text[0],
-               sizeof(ecb.cipher_text));
-    }
-}
+#if CONFIG_MBEDTLS_HARDWARE_AES
+    mbedtls_aes_context ctx = {0};
 
-static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be,
-                           uint8_t *const cipher_text_be)
-{
-    struct bt_mesh_ecb_param ecb = {0};
-    mbedtls_aes_context aes_ctx = {0};
+    mbedtls_aes_init(&ctx);
 
-    aes_ctx.key_bytes = 16;
-    memcpy(&aes_ctx.key[0], key_be, 16);
-    memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text));
-    mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]);
+    sys_memcpy_swap(tmp, key, 16);
 
-    memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text));
-}
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
+    if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
 
-int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
-                       uint8_t enc_data[16])
-{
-#if CONFIG_MBEDTLS_HARDWARE_AES
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
+    sys_memcpy_swap(tmp, plaintext, 16);
 
-    ecb_encrypt(key, plaintext, enc_data, NULL);
+    if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
+                              tmp, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
 
-    BT_DBG("enc_data %s", bt_hex(enc_data, 16));
-    return 0;
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};
-    uint8_t tmp[16] = {0};
-
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
 
     sys_memcpy_swap(tmp, key, 16);
 
@@ -1933,31 +1910,40 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
     if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) {
         return -EINVAL;
     }
+#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 
     sys_mem_swap(enc_data, 16);
 
     BT_DBG("enc_data %s", bt_hex(enc_data, 16));
 
     return 0;
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 }
 
 int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
                        uint8_t enc_data[16])
 {
-#if CONFIG_MBEDTLS_HARDWARE_AES
     BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
 
-    ecb_encrypt_be(key, plaintext, enc_data);
+#if CONFIG_MBEDTLS_HARDWARE_AES
+    mbedtls_aes_context ctx = {0};
 
-    BT_DBG("enc_data %s", bt_hex(enc_data, 16));
+    mbedtls_aes_init(&ctx);
 
-    return 0;
+    if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
+
+    if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
+                              plaintext, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
+
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};
 
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
-
     if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) {
         return -EINVAL;
     }
@@ -1965,11 +1951,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
     if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) {
         return -EINVAL;
     }
+#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 
     BT_DBG("enc_data %s", bt_hex(enc_data, 16));
 
     return 0;
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 }
 
 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)

components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h

@@ -325,12 +325,6 @@ struct bt_mesh_gatt_service {
     sys_snode_t               node;
 };
 
-struct bt_mesh_ecb_param {
-    uint8_t key[16];
-    uint8_t clear_text[16];
-    uint8_t cipher_text[16];
-} __packed;
-
 typedef struct {
     uint8_t type;
     uint8_t val[6];

components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c

@@ -1851,59 +1851,36 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons
     return 0;
 }
 
-#if CONFIG_MBEDTLS_HARDWARE_AES
-static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le,
-                        uint8_t *const cipher_text_le, uint8_t *const cipher_text_be)
+int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
+                       uint8_t enc_data[16])
 {
-    struct bt_mesh_ecb_param ecb;
-    mbedtls_aes_context aes_ctx = {0};
+    uint8_t tmp[16] = {0};
 
-    aes_ctx.key_bytes = 16;
-    mem_rcopy(&aes_ctx.key[0], key_le, 16);
-    mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text));
-    mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]);
-
-    if (cipher_text_le) {
-        mem_rcopy(cipher_text_le, &ecb.cipher_text[0],
-                  sizeof(ecb.cipher_text));
-    }
+    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
 
-    if (cipher_text_be) {
-        memcpy(cipher_text_be, &ecb.cipher_text[0],
-               sizeof(ecb.cipher_text));
-    }
-}
+#if CONFIG_MBEDTLS_HARDWARE_AES
+    mbedtls_aes_context ctx = {0};
 
-static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be,
-                           uint8_t *const cipher_text_be)
-{
-    struct bt_mesh_ecb_param ecb;
-    mbedtls_aes_context aes_ctx = {0};
+    mbedtls_aes_init(&ctx);
 
-    aes_ctx.key_bytes = 16;
-    memcpy(&aes_ctx.key[0], key_be, 16);
-    memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text));
-    mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]);
+    sys_memcpy_swap(tmp, key, 16);
 
-    memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text));
-}
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
+    if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
 
-int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
-                       uint8_t enc_data[16])
-{
-#if CONFIG_MBEDTLS_HARDWARE_AES
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
+    sys_memcpy_swap(tmp, plaintext, 16);
 
-    ecb_encrypt(key, plaintext, enc_data, NULL);
+    if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
+                              tmp, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
 
-    BT_DBG("enc_data %s", bt_hex(enc_data, 16));
-    return 0;
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
-    struct tc_aes_key_sched_struct s;
-    uint8_t tmp[16];
-
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
+    struct tc_aes_key_sched_struct s = {0};
 
     sys_memcpy_swap(tmp, key, 16);
 
@@ -1916,30 +1893,39 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
     if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) {
         return -EINVAL;
     }
+#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 
     sys_mem_swap(enc_data, 16);
 
     BT_DBG("enc_data %s", bt_hex(enc_data, 16));
 
     return 0;
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 }
 
 int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
                        uint8_t enc_data[16])
 {
-#if CONFIG_MBEDTLS_HARDWARE_AES
     BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
 
-    ecb_encrypt_be(key, plaintext, enc_data);
+#if CONFIG_MBEDTLS_HARDWARE_AES
+    mbedtls_aes_context ctx = {0};
 
-    BT_DBG("enc_data %s", bt_hex(enc_data, 16));
+    mbedtls_aes_init(&ctx);
 
-    return 0;
-#else /* CONFIG_MBEDTLS_HARDWARE_AES */
-    struct tc_aes_key_sched_struct s;
+    if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
 
-    BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16));
+    if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
+                              plaintext, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
+        return -EINVAL;
+    }
+
+    mbedtls_aes_free(&ctx);
+#else /* CONFIG_MBEDTLS_HARDWARE_AES */
+    struct tc_aes_key_sched_struct s = {0};
 
     if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) {
         return -EINVAL;
@@ -1948,11 +1934,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
     if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) {
         return -EINVAL;
     }
+#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 
     BT_DBG("enc_data %s", bt_hex(enc_data, 16));
 
     return 0;
-#endif /* CONFIG_MBEDTLS_HARDWARE_AES */
 }
 
 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)