Strona główna Odkrywaj Pomoc
Zaloguj się
RT-Thread-packages
/
esp-idf
kopia lustrzana https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: 453b5ded1d
Gałęzie Tagi
esp-idf
/
examples
/
bluetooth
/
blufi
/
main
/
blufi_security.c

blufi_security.c 5.7 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205 
  1. // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. #include <stdio.h>
    16. 

  16. #include <stdlib.h>
    17. 

  17. #include <string.h>
    18. 

  18. #include "freertos/FreeRTOS.h"
    19. 

  19. #include "freertos/task.h"
    20. 

  20. #include "freertos/event_groups.h"
    21. 

  21. #include "esp_system.h"
    22. 

  22. #include "esp_wifi.h"
    23. 

  23. #include "esp_event_loop.h"
    24. 

  24. #include "esp_log.h"
    25. 

  25. #include "nvs_flash.h"
    26. 

  26. #include "bt.h"
    27. 

  27. 

  28. #include "esp_blufi_api.h"
    29. 

  29. #include "esp_bt_defs.h"
    30. 

  30. #include "esp_gap_ble_api.h"
    31. 

  31. #include "esp_bt_main.h"
    32. 

  32. #include "blufi_example.h"
    33. 

  33. 

  34. #include "mbedtls/aes.h"
    35. 

  35. #include "mbedtls/dhm.h"
    36. 

  36. #include "mbedtls/md5.h"
    37. 

  37. #include "rom/crc.h"
    38. 

  38. 

  39. /*
    40. 

  40.    The SEC_TYPE_xxx is for self-defined packet data type in the procedure of "BLUFI negotiate key"
    41. 

  41.    If user use other negotiation procedure to exchange(or generate) key, should redefine the type by yourself.
    42. 

  42.  */
    43. 

  43. #define SEC_TYPE_DH_PARAM_LEN   0x00
    44. 

  44. #define SEC_TYPE_DH_PARAM_DATA  0x01
    45. 

  45. #define SEC_TYPE_DH_P           0x02
    46. 

  46. #define SEC_TYPE_DH_G           0x03
    47. 

  47. #define SEC_TYPE_DH_PUBLIC      0x04
    48. 

  48. 

  49. 

  50. struct blufi_security {
    51. 

  51. #define DH_SELF_PUB_KEY_LEN     128
    52. 

  52. #define DH_SELF_PUB_KEY_BIT_LEN (DH_SELF_PUB_KEY_LEN * 8)
    53. 

  53.     uint8_t  self_public_key[DH_SELF_PUB_KEY_LEN];
    54. 

  54. #define SHARE_KEY_LEN           128
    55. 

  55. #define SHARE_KEY_BIT_LEN       (SHARE_KEY_LEN * 8)
    56. 

  56.     uint8_t  share_key[SHARE_KEY_LEN];
    57. 

  57.     size_t   share_len;
    58. 

  58. #define PSK_LEN                 16
    59. 

  59.     uint8_t  psk[PSK_LEN];
    60. 

  60.     uint8_t  *dh_param;
    61. 

  61.     int      dh_param_len;
    62. 

  62.     uint8_t  iv[16];
    63. 

  63.     mbedtls_dhm_context dhm;
    64. 

  64.     mbedtls_aes_context aes;
    65. 

  65. };
    66. 

  66. static struct blufi_security *blufi_sec;
    67. 

  67. 

  68. static int myrand( void *rng_state, unsigned char *output, size_t len )
    69. 

  69. {
    70. 

  70.     size_t i;
    71. 

  71. 

  72.     for( i = 0; i < len; ++i )
    73. 

  73.         output[i] = esp_random();
    74. 

  74. 

  75.     return( 0 );
    76. 

  76. }
    77. 

  77. 

  78. void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_data, int *output_len, bool *need_free)
    79. 

  79. {
    80. 

  80.     int ret;
    81. 

  81.     uint8_t type = data[0];
    82. 

  82. 

  83.     if (blufi_sec == NULL) {
    84. 

  84.         BLUFI_ERROR("BLUFI Security is not initialized");
    85. 

  85.         return;
    86. 

  86.     }
    87. 

  87. 

  88.     switch (type) {
    89. 

  89.     case SEC_TYPE_DH_PARAM_LEN:
    90. 

  90.         blufi_sec->dh_param_len = ((data[1]<<8)|data[2]);
    91. 

  91.         if (blufi_sec->dh_param) {
    92. 

  92.             free(blufi_sec->dh_param);
    93. 

  93.         }
    94. 

  94.         blufi_sec->dh_param = (uint8_t *)malloc(blufi_sec->dh_param_len);
    95. 

  95.         if (blufi_sec->dh_param == NULL) {
    96. 

  96.             return;
    97. 

  97.         }
    98. 

  98.         break;
    99. 

  99.     case SEC_TYPE_DH_PARAM_DATA:
    100. 

  100. 

  101.         memcpy(blufi_sec->dh_param, &data[1], blufi_sec->dh_param_len);
    102. 

  102. 

  103.         ret = mbedtls_dhm_read_params(&blufi_sec->dhm, &blufi_sec->dh_param, &blufi_sec->dh_param[blufi_sec->dh_param_len]);
    104. 

  104.         if (ret) {
    105. 

  105.             BLUFI_ERROR("%s read param failed %d\n", __func__, ret);
    106. 

  106.             return;
    107. 

  107.         }
    108. 

  108. 

  109.         ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.P ), blufi_sec->self_public_key, blufi_sec->dhm.len, myrand, NULL);
    110. 

  110.         if (ret) {
    111. 

  111.             BLUFI_ERROR("%s make public failed %d\n", __func__, ret);
    112. 

  112.             return;
    113. 

  113.         }
    114. 

  114. 

  115.         mbedtls_dhm_calc_secret( &blufi_sec->dhm,
    116. 

  116.                 blufi_sec->share_key,
    117. 

  117.                 SHARE_KEY_BIT_LEN,
    118. 

  118.                 &blufi_sec->share_len,
    119. 

  119.                 NULL, NULL);
    120. 

  120. 

  121.         mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
    122. 

  122. 

  123.         mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128);
    124. 

  124.         mbedtls_aes_setkey_dec(&blufi_sec->aes, blufi_sec->psk, 128);
    125. 

  125.         
    126. 

  126.         /* alloc output data */
    127. 

  127.         *output_data = &blufi_sec->self_public_key[0];
    128. 

  128.         *output_len = blufi_sec->dhm.len;
    129. 

  129.         *need_free = false;
    130. 

  130.         break;
    131. 

  131.     case SEC_TYPE_DH_P:
    132. 

  132.         break;
    133. 

  133.     case SEC_TYPE_DH_G:
    134. 

  134.         break;
    135. 

  135.     case SEC_TYPE_DH_PUBLIC:
    136. 

  136.         break;
    137. 

  137.     }
    138. 

  138. }
    139. 

  139. 

  140. int blufi_aes_encrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
    141. 

  141. {
    142. 

  142.     int ret;
    143. 

  143.     size_t iv_offset = 0;
    144. 

  144.     uint8_t iv0[16];
    145. 

  145. 

  146.     memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
    147. 

  147.     iv0[0] = iv8;   /* set iv8 as the iv0[0] */
    148. 

  148. 

  149.     ret = mbedtls_aes_crypt_cfb128(&blufi_sec->aes, MBEDTLS_AES_ENCRYPT, crypt_len, &iv_offset, iv0, crypt_data, crypt_data);
    150. 

  150.     if (ret) {
    151. 

  151.         return -1;
    152. 

  152.     }
    153. 

  153. 

  154.     return crypt_len;
    155. 

  155. }
    156. 

  156. 

  157. int blufi_aes_decrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
    158. 

  158. {
    159. 

  159.     int ret;
    160. 

  160.     size_t iv_offset = 0;
    161. 

  161.     uint8_t iv0[16];
    162. 

  162. 

  163.     memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
    164. 

  164.     iv0[0] = iv8;   /* set iv8 as the iv0[0] */
    165. 

  165. 

  166.     ret = mbedtls_aes_crypt_cfb128(&blufi_sec->aes, MBEDTLS_AES_DECRYPT, crypt_len, &iv_offset, iv0, crypt_data, crypt_data);
    167. 

  167.     if (ret) {
    168. 

  168.         return -1;
    169. 

  169.     }
    170. 

  170. 

  171.     return crypt_len;
    172. 

  172. }
    173. 

  173. 

  174. uint16_t blufi_crc_checksum(uint8_t iv8, uint8_t *data, int len)
    175. 

  175. {
    176. 

  176.     /* This iv8 ignore, not used */
    177. 

  177.     return crc16_be(0, data, len);
    178. 

  178. }
    179. 

  179. 

  180. esp_err_t blufi_security_init(void)
    181. 

  181. {
    182. 

  182.     blufi_sec = (struct blufi_security *)malloc(sizeof(struct blufi_security));
    183. 

  183.     if (blufi_sec == NULL) {
    184. 

  184.         return ESP_FAIL;
    185. 

  185.     }
    186. 

  186. 

  187.     memset(blufi_sec, 0x0, sizeof(struct blufi_security));
    188. 

  188. 

  189.     mbedtls_dhm_init(&blufi_sec->dhm);
    190. 

  190.     mbedtls_aes_init(&blufi_sec->aes);
    191. 

  191. 

  192.     memset(blufi_sec->iv, 0x0, 16);
    193. 

  193.     return 0;
    194. 

  194. }
    195. 

  195. 

  196. void blufi_security_deinit(void)
    197. 

  197. {
    198. 

  198.     mbedtls_dhm_free(&blufi_sec->dhm);
    199. 

  199.     mbedtls_aes_free(&blufi_sec->aes);
    200. 

  200. 

  201.     memset(blufi_sec, 0x0, sizeof(struct blufi_security));
    202. 

  202. 

  203.     free(blufi_sec);
    204. 

  204.     blufi_sec =  NULL;
    205. 

  205. }
    206.