mirror of
https://github.com/espressif/esp-idf.git
synced 2026-04-27 19:13:21 +00:00
Merge branch 'fix/fix_blufi_security_for_3072_bit_keys_v6.0' into 'release/v6.0'
Fix blufi security for 3072 bit keys (v6.0) See merge request espressif/esp-idf!46182
This commit is contained in:
Jiang Jiang Jian
@@ -76,9 +76,11 @@ typedef enum {
|
||||
ESP_BLUFI_READ_PARAM_ERROR,
|
||||
ESP_BLUFI_MAKE_PUBLIC_ERROR,
|
||||
ESP_BLUFI_DATA_FORMAT_ERROR,
|
||||
// BLUFI_CALC_MD5 entry kept for backward compatibility
|
||||
ESP_BLUFI_CALC_MD5_ERROR,
|
||||
ESP_BLUFI_WIFI_SCAN_FAIL,
|
||||
ESP_BLUFI_MSG_STATE_ERROR,
|
||||
ESP_BLUFI_CALC_SHA_256_ERROR,
|
||||
} esp_blufi_error_state_t;
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2021-2026 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Unlicense OR CC0-1.0
|
||||
*/
|
||||
@@ -36,25 +36,79 @@
|
||||
#define SEC_TYPE_DH_G 0x03
|
||||
#define SEC_TYPE_DH_PUBLIC 0x04
|
||||
|
||||
#define BLUFI_IV_PREFIX_LEN 9
|
||||
#define BLUFI_IV_SIZE 16
|
||||
#define BLUFI_HASH_SIZE 32 /* SHA-256 output size */
|
||||
#define BLUFI_KEY_SIZE 32
|
||||
#define BLUFI_ENC_DOMAIN_STR "blufi_enc"
|
||||
#define BLUFI_DEC_DOMAIN_STR "blufi_dec"
|
||||
|
||||
struct blufi_security {
|
||||
#define DH_PARAM_LEN_MAX 1024
|
||||
#define DH_SELF_PUB_KEY_LEN 256
|
||||
#define DH_SELF_PUB_KEY_LEN 384 /* Support 3072-bit DH key (3072/8 = 384 bytes) */
|
||||
uint8_t self_public_key[DH_SELF_PUB_KEY_LEN];
|
||||
#define SHARE_KEY_LEN 256
|
||||
#define SHARE_KEY_LEN 384 /* Support 3072-bit DH key (3072/8 = 384 bytes) */
|
||||
uint8_t share_key[SHARE_KEY_LEN];
|
||||
size_t share_len;
|
||||
#define PSK_LEN 16
|
||||
#define PSK_LEN 32
|
||||
uint8_t psk[PSK_LEN];
|
||||
uint8_t *dh_param;
|
||||
int dh_param_len;
|
||||
uint8_t iv[16];
|
||||
psa_key_id_t aes_key;
|
||||
psa_cipher_operation_t enc_operation; /* Persistent cipher operation for encryption */
|
||||
psa_cipher_operation_t dec_operation; /* Persistent cipher operation for decryption */
|
||||
};
|
||||
static struct blufi_security *blufi_sec;
|
||||
|
||||
extern void btc_blufi_report_error(esp_blufi_error_state_t state);
|
||||
|
||||
/**
|
||||
* @brief Clean up DH parameter memory
|
||||
*/
|
||||
static void blufi_cleanup_dh_param(void)
|
||||
{
|
||||
if (blufi_sec && blufi_sec->dh_param) {
|
||||
free(blufi_sec->dh_param);
|
||||
blufi_sec->dh_param = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Clean up AES key and cipher operations
|
||||
*
|
||||
* @param abort_enc Whether to abort encryption operation
|
||||
* @param abort_dec Whether to abort decryption operation
|
||||
*/
|
||||
static void blufi_cleanup_aes_session(bool abort_enc, bool abort_dec)
|
||||
{
|
||||
if (!blufi_sec) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (abort_enc) {
|
||||
psa_cipher_abort(&blufi_sec->enc_operation);
|
||||
}
|
||||
if (abort_dec) {
|
||||
psa_cipher_abort(&blufi_sec->dec_operation);
|
||||
}
|
||||
if (blufi_sec->aes_key != 0) {
|
||||
psa_destroy_key(blufi_sec->aes_key);
|
||||
blufi_sec->aes_key = 0;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Clean up entire DH negotiation session (AES key, cipher ops, and DH params)
|
||||
*
|
||||
* @param abort_enc Whether to abort encryption operation
|
||||
* @param abort_dec Whether to abort decryption operation
|
||||
*/
|
||||
static void blufi_cleanup_negotiation(bool abort_enc, bool abort_dec)
|
||||
{
|
||||
blufi_cleanup_aes_session(abort_enc, abort_dec);
|
||||
blufi_cleanup_dh_param();
|
||||
}
|
||||
|
||||
void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_data, int *output_len, bool *need_free)
|
||||
{
|
||||
if (data == NULL || len < 3) {
|
||||
@@ -63,6 +117,13 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
return;
|
||||
}
|
||||
|
||||
/* Validate output parameters */
|
||||
if (output_data == NULL || output_len == NULL || need_free == NULL) {
|
||||
BLUFI_ERROR("BLUFI Invalid output parameters");
|
||||
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t type = data[0];
|
||||
|
||||
if (blufi_sec == NULL) {
|
||||
@@ -81,10 +142,11 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
if (blufi_sec->dh_param) {
|
||||
free(blufi_sec->dh_param);
|
||||
blufi_sec->dh_param = NULL;
|
||||
}
|
||||
|
||||
/* Allow renegotiation - clean up previous state */
|
||||
blufi_cleanup_dh_param();
|
||||
blufi_cleanup_aes_session(true, true);
|
||||
|
||||
blufi_sec->dh_param = (uint8_t *)malloc(blufi_sec->dh_param_len);
|
||||
if (blufi_sec->dh_param == NULL) {
|
||||
blufi_sec->dh_param_len = 0; /* Reset length to avoid using unallocated memory */
|
||||
@@ -106,35 +168,89 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
uint8_t *param = blufi_sec->dh_param;
|
||||
memcpy(blufi_sec->dh_param, &data[1], blufi_sec->dh_param_len);
|
||||
size_t p_len = (param[0] << 8) | param[1];
|
||||
param += 2 + p_len;
|
||||
|
||||
/* Parse P length */
|
||||
if (blufi_sec->dh_param_len < 2) {
|
||||
BLUFI_ERROR("DH param too short for P length");
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
size_t p_len = (param[0] << 8) | param[1];
|
||||
size_t p_offset = 2 + p_len;
|
||||
if (p_offset > (size_t)blufi_sec->dh_param_len) {
|
||||
BLUFI_ERROR("P length %d exceeds dh_param bounds", p_len);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
param += p_offset;
|
||||
|
||||
/* Parse G length */
|
||||
if ((param - blufi_sec->dh_param) + 2 > (size_t)blufi_sec->dh_param_len) {
|
||||
BLUFI_ERROR("DH param too short for G length");
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
size_t g_len = (param[0] << 8) | param[1];
|
||||
size_t g_offset = (param - blufi_sec->dh_param) + 2 + g_len;
|
||||
if (g_offset > (size_t)blufi_sec->dh_param_len) {
|
||||
BLUFI_ERROR("G length %d exceeds dh_param bounds", g_len);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
param += 2 + g_len;
|
||||
|
||||
/* Parse public key length */
|
||||
if ((param - blufi_sec->dh_param) + 2 > (size_t)blufi_sec->dh_param_len) {
|
||||
BLUFI_ERROR("DH param too short for public key length");
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
size_t pub_len = (param[0] << 8) | param[1];
|
||||
param += 2;
|
||||
ESP_LOGD("blfi", "P len %d, G len %d, pub len %d", p_len, g_len, pub_len);
|
||||
|
||||
size_t pub_offset = (param - blufi_sec->dh_param) + pub_len;
|
||||
if (pub_offset > (size_t)blufi_sec->dh_param_len) {
|
||||
BLUFI_ERROR("Public key length %d exceeds dh_param bounds", pub_len);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Determine key bits based on public key length (RFC7919 key sizes)
|
||||
* Note: Only 3072 bit keys are supported due to buffer size constraints
|
||||
* (DH_SELF_PUB_KEY_LEN = 384 bytes = 3072 bits) */
|
||||
size_t key_bits = pub_len * 8;
|
||||
if (key_bits != 3072) {
|
||||
BLUFI_ERROR("Unsupported DH key length: %d bytes (only 3072 bit keys supported)", pub_len);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Validate public key length fits in output buffer */
|
||||
if (pub_len > DH_SELF_PUB_KEY_LEN) {
|
||||
BLUFI_ERROR("Public key length %d exceeds output buffer size %d", pub_len, DH_SELF_PUB_KEY_LEN);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
psa_key_type_t key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
size_t key_bits = 3072;
|
||||
ESP_LOGI("blfi", "DH param len %d, bits %d", blufi_sec->dh_param_len, key_bits);
|
||||
psa_algorithm_t alg = PSA_ALG_FFDH;
|
||||
psa_key_attributes_t attributes = psa_key_attributes_init();
|
||||
psa_set_key_type(&attributes, key_type);
|
||||
psa_set_key_bits(&attributes, key_bits);
|
||||
psa_set_key_algorithm(&attributes, alg);
|
||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
|
||||
|
||||
psa_key_id_t private_key = 0;
|
||||
psa_status_t status = psa_generate_key(&attributes, &private_key);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s psa_generate_key failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_dh_param();
|
||||
return;
|
||||
}
|
||||
|
||||
psa_reset_key_attributes(&attributes);
|
||||
size_t public_key_len = 0;
|
||||
status = psa_export_public_key(private_key, blufi_sec->self_public_key, DH_SELF_PUB_KEY_LEN, &public_key_len);
|
||||
@@ -142,6 +258,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
BLUFI_ERROR("%s psa_export_public_key failed %d\n", __func__, status);
|
||||
psa_destroy_key(private_key);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_dh_param();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -149,31 +266,121 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
psa_destroy_key(private_key);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s psa_raw_key_agreement failed %d\n", __func__, status);
|
||||
free(blufi_sec->dh_param);
|
||||
blufi_sec->dh_param = NULL;
|
||||
blufi_cleanup_dh_param();
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Validate share key length fits in buffer */
|
||||
if (blufi_sec->share_len > SHARE_KEY_LEN) {
|
||||
BLUFI_ERROR("Share key length %d exceeds buffer size %d", blufi_sec->share_len, SHARE_KEY_LEN);
|
||||
blufi_cleanup_dh_param();
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
size_t hash_length = 0;
|
||||
status = psa_hash_compute(PSA_ALG_MD5, blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk, PSK_LEN, &hash_length);
|
||||
status = psa_hash_compute(PSA_ALG_SHA_256, blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk, PSK_LEN, &hash_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s psa_hash_compute failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR);
|
||||
btc_blufi_report_error(ESP_BLUFI_CALC_SHA_256_ERROR);
|
||||
blufi_cleanup_dh_param();
|
||||
return;
|
||||
}
|
||||
|
||||
// mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, PSK_LEN * 8);
|
||||
/* Destroy previous AES key and cipher operations if they exist */
|
||||
blufi_cleanup_aes_session(true, true);
|
||||
|
||||
/* Import AES key for CTR mode */
|
||||
attributes = psa_key_attributes_init();
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
|
||||
psa_set_key_bits(&attributes, PSK_LEN * 8);
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_CTR);
|
||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
|
||||
status = psa_import_key(&attributes, blufi_sec->psk, PSK_LEN, &blufi_sec->aes_key);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s psa_import_key failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_dh_param();
|
||||
return;
|
||||
}
|
||||
psa_reset_key_attributes(&attributes);
|
||||
|
||||
/* Derive domain-separated IVs for encryption and decryption */
|
||||
uint8_t enc_material[BLUFI_IV_PREFIX_LEN + SHARE_KEY_LEN];
|
||||
memcpy(enc_material, BLUFI_ENC_DOMAIN_STR, BLUFI_IV_PREFIX_LEN);
|
||||
memcpy(enc_material + BLUFI_IV_PREFIX_LEN, blufi_sec->share_key, blufi_sec->share_len);
|
||||
|
||||
uint8_t enc_hash[BLUFI_HASH_SIZE];
|
||||
status = psa_hash_compute(PSA_ALG_SHA_256, enc_material, BLUFI_IV_PREFIX_LEN + blufi_sec->share_len,
|
||||
enc_hash, BLUFI_HASH_SIZE, &hash_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s encryption IV derivation failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(false, false);
|
||||
return;
|
||||
}
|
||||
mbedtls_platform_zeroize(enc_material, sizeof(enc_material));
|
||||
|
||||
uint8_t dec_material[BLUFI_IV_PREFIX_LEN + SHARE_KEY_LEN];
|
||||
memcpy(dec_material, BLUFI_DEC_DOMAIN_STR, BLUFI_IV_PREFIX_LEN);
|
||||
memcpy(dec_material + BLUFI_IV_PREFIX_LEN, blufi_sec->share_key, blufi_sec->share_len);
|
||||
|
||||
uint8_t dec_hash[BLUFI_HASH_SIZE];
|
||||
status = psa_hash_compute(PSA_ALG_SHA_256, dec_material, BLUFI_IV_PREFIX_LEN + blufi_sec->share_len,
|
||||
dec_hash, BLUFI_HASH_SIZE, &hash_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s decryption IV derivation failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(false, false);
|
||||
return;
|
||||
}
|
||||
mbedtls_platform_zeroize(dec_material, sizeof(dec_material));
|
||||
|
||||
/* Use first 16 bytes (128 bits) as IV for CTR mode */
|
||||
uint8_t iv_enc[BLUFI_IV_SIZE], iv_dec[BLUFI_IV_SIZE];
|
||||
memcpy(iv_enc, enc_hash, BLUFI_IV_SIZE);
|
||||
memcpy(iv_dec, dec_hash, BLUFI_IV_SIZE);
|
||||
mbedtls_platform_zeroize(enc_hash, sizeof(enc_hash));
|
||||
mbedtls_platform_zeroize(dec_hash, sizeof(dec_hash));
|
||||
|
||||
/* Setup persistent cipher operations */
|
||||
blufi_sec->enc_operation = psa_cipher_operation_init();
|
||||
status = psa_cipher_encrypt_setup(&blufi_sec->enc_operation, blufi_sec->aes_key, PSA_ALG_CTR);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s encryption setup failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(false, false);
|
||||
return;
|
||||
}
|
||||
|
||||
status = psa_cipher_set_iv(&blufi_sec->enc_operation, iv_enc, BLUFI_IV_SIZE);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s encryption IV setup failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(true, false);
|
||||
return;
|
||||
}
|
||||
mbedtls_platform_zeroize(iv_enc, sizeof(iv_enc));
|
||||
|
||||
blufi_sec->dec_operation = psa_cipher_operation_init();
|
||||
/* Note: CTR mode uses encrypt_setup for both encryption and decryption */
|
||||
status = psa_cipher_encrypt_setup(&blufi_sec->dec_operation, blufi_sec->aes_key, PSA_ALG_CTR);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s decryption setup failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(true, false);
|
||||
return;
|
||||
}
|
||||
|
||||
status = psa_cipher_set_iv(&blufi_sec->dec_operation, iv_dec, BLUFI_IV_SIZE);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("%s decryption IV setup failed %d\n", __func__, status);
|
||||
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
|
||||
blufi_cleanup_negotiation(true, true);
|
||||
return;
|
||||
}
|
||||
mbedtls_platform_zeroize(iv_dec, sizeof(iv_dec));
|
||||
|
||||
/* alloc output data */
|
||||
*output_data = &blufi_sec->self_public_key[0];
|
||||
@@ -188,85 +395,104 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
|
||||
break;
|
||||
case SEC_TYPE_DH_PUBLIC:
|
||||
break;
|
||||
default:
|
||||
/* Reject unknown packet types */
|
||||
BLUFI_ERROR("Unknown packet type: 0x%02x", type);
|
||||
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
int blufi_aes_encrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
|
||||
{
|
||||
uint8_t iv0[16];
|
||||
(void)iv8; /* iv8 parameter is no longer used with persistent CTR operation */
|
||||
|
||||
if (!blufi_sec) {
|
||||
if (!blufi_sec || !crypt_data || crypt_len < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
|
||||
psa_status_t status = psa_cipher_encrypt_setup(&operation, blufi_sec->aes_key, PSA_ALG_CFB);
|
||||
if (crypt_len == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (blufi_sec->aes_key == 0) {
|
||||
BLUFI_ERROR("AES key is not initialized");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Use persistent cipher operation - CTR counter is automatically managed */
|
||||
size_t output_len = 0;
|
||||
size_t output_buf_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, PSA_ALG_CTR, crypt_len);
|
||||
uint8_t *output_buf = (uint8_t *)malloc(output_buf_size);
|
||||
if (output_buf == NULL) {
|
||||
BLUFI_ERROR("Failed to allocate output buffer");
|
||||
return -1;
|
||||
}
|
||||
|
||||
psa_status_t status = psa_cipher_update(&blufi_sec->enc_operation, crypt_data, crypt_len,
|
||||
output_buf, output_buf_size, &output_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("Encryption failed with status=%d", status);
|
||||
free(output_buf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
|
||||
iv0[0] = iv8;
|
||||
|
||||
status = psa_cipher_set_iv(&operation, iv0, sizeof(iv0));
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
if (output_len > (size_t)crypt_len) {
|
||||
BLUFI_ERROR("Output length %d exceeds input buffer size %d", output_len, crypt_len);
|
||||
free(output_buf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
size_t encrypt_out_len = 0;
|
||||
status = psa_cipher_update(&operation, crypt_data, crypt_len, crypt_data, crypt_len, &encrypt_out_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
return -1;
|
||||
}
|
||||
memcpy(crypt_data, output_buf, output_len);
|
||||
free(output_buf);
|
||||
|
||||
status = psa_cipher_finish(&operation, crypt_data, crypt_len, &encrypt_out_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return encrypt_out_len;
|
||||
return output_len;
|
||||
}
|
||||
|
||||
int blufi_aes_decrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
|
||||
{
|
||||
uint8_t iv0[16];
|
||||
(void)iv8; /* iv8 parameter is no longer used with persistent CTR operation */
|
||||
|
||||
if (!blufi_sec) {
|
||||
if (!blufi_sec || !crypt_data || crypt_len < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
|
||||
psa_status_t status = psa_cipher_decrypt_setup(&operation, blufi_sec->aes_key, PSA_ALG_CFB);
|
||||
if (crypt_len == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (blufi_sec->aes_key == 0) {
|
||||
BLUFI_ERROR("AES key is not initialized");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Use persistent cipher operation - CTR counter is automatically managed */
|
||||
size_t output_len = 0;
|
||||
size_t output_buf_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, PSA_ALG_CTR, crypt_len);
|
||||
uint8_t *output_buf = (uint8_t *)malloc(output_buf_size);
|
||||
if (output_buf == NULL) {
|
||||
BLUFI_ERROR("Failed to allocate output buffer");
|
||||
return -1;
|
||||
}
|
||||
|
||||
psa_status_t status = psa_cipher_update(&blufi_sec->dec_operation, crypt_data, crypt_len,
|
||||
output_buf, output_buf_size, &output_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
BLUFI_ERROR("Decryption failed with status=%d", status);
|
||||
free(output_buf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
|
||||
iv0[0] = iv8;
|
||||
|
||||
status = psa_cipher_set_iv(&operation, iv0, sizeof(iv0));
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
if (output_len > (size_t)crypt_len) {
|
||||
BLUFI_ERROR("Output length %d exceeds input buffer size %d", output_len, crypt_len);
|
||||
free(output_buf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
size_t encrypt_out_len = 0;
|
||||
status = psa_cipher_update(&operation, crypt_data, crypt_len, crypt_data, crypt_len, &encrypt_out_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
return -1;
|
||||
}
|
||||
memcpy(crypt_data, output_buf, output_len);
|
||||
free(output_buf);
|
||||
|
||||
status = psa_cipher_finish(&operation, crypt_data, crypt_len, &encrypt_out_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_cipher_abort(&operation);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return crypt_len;
|
||||
return output_len;
|
||||
}
|
||||
|
||||
uint16_t blufi_crc_checksum(uint8_t iv8, uint8_t *data, int len)
|
||||
@@ -283,8 +509,9 @@ esp_err_t blufi_security_init(void)
|
||||
}
|
||||
|
||||
memset(blufi_sec, 0x0, sizeof(struct blufi_security));
|
||||
blufi_sec->enc_operation = psa_cipher_operation_init();
|
||||
blufi_sec->dec_operation = psa_cipher_operation_init();
|
||||
|
||||
memset(blufi_sec->iv, 0x0, sizeof(blufi_sec->iv));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -293,11 +520,9 @@ void blufi_security_deinit(void)
|
||||
if (blufi_sec == NULL) {
|
||||
return;
|
||||
}
|
||||
if (blufi_sec->dh_param){
|
||||
free(blufi_sec->dh_param);
|
||||
blufi_sec->dh_param = NULL;
|
||||
}
|
||||
psa_destroy_key(blufi_sec->aes_key);
|
||||
|
||||
/* Clean up all resources */
|
||||
blufi_cleanup_negotiation(true, true);
|
||||
|
||||
memset(blufi_sec, 0x0, sizeof(struct blufi_security));
|
||||
|
||||
|
||||
@@ -14,4 +14,4 @@ CONFIG_BT_ENABLED=y
|
||||
CONFIG_BT_GATTC_ENABLE=n
|
||||
CONFIG_BT_BLE_SMP_ENABLE=n
|
||||
CONFIG_BT_BLE_BLUFI_ENABLE=y
|
||||
CONFIG_MBEDTLS_HARDWARE_MPI=n
|
||||
CONFIG_MBEDTLS_HARDWARE_MPI=y
|
||||
|
||||
@@ -46,8 +46,6 @@ CONFIG_BT_NIMBLE_DIS_SERVICE=n
|
||||
|
||||
CONFIG_BT_ALARM_MAX_NUM=15
|
||||
|
||||
CONFIG_MBEDTLS_HARDWARE_MPI=n
|
||||
|
||||
CONFIG_BT_NIMBLE_BLUFI_ENABLE=y
|
||||
|
||||
CONFIG_BT_NIMBLE_ATT_PREFERRED_MTU=23
|
||||
|
||||
Reference in New Issue
Block a user