Bluetooth: Add the cryptographic toolbox function h8

Add to the cryptographic toolbox the h8 function, defined in the Bluetooth Core Vol. 6, part E 1.1.1. Also add test and SMP self test for this function. The data used for those are from the Bluetooth Core. Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
2022-10-31 14:58:02 +01:00 · 2022-10-31 14:58:02 +01:00 · e9c542ab5b
commit e9c542ab5b
parent f16738b62b
4 changed files with 85 additions and 0 deletions
--- a/subsys/bluetooth/bt_crypto/bt_crypto.c
+++ b/subsys/bluetooth/bt_crypto/bt_crypto.c
@ -256,3 +256,21 @@ int bt_crypto_h7(const uint8_t salt[16], const uint8_t w[16], uint8_t res[16])

 	return 0;
 }
+
+int bt_crypto_h8(const uint8_t k[16], const uint8_t s[16], const uint8_t key_id[4], uint8_t res[16])
+{
+	int err;
+	uint8_t ik[16];
+
+	err = bt_crypto_aes_cmac(s, k, 16, ik);
+	if (err) {
+		return err;
+	}
+
+	err = bt_crypto_aes_cmac(ik, key_id, 4, res);
+	if (err) {
+		return err;
+	}
+
+	return 0;
+}
--- a/subsys/bluetooth/bt_crypto/include/bt_crypto.h
+++ b/subsys/bluetooth/bt_crypto/include/bt_crypto.h
@ -122,3 +122,24 @@ int bt_crypto_h6(const uint8_t w[16], const uint8_t key_id[4], uint8_t res[16]);
 * @retval -EIO Computation failed.
 */
 int bt_crypto_h7(const uint8_t salt[16], const uint8_t w[16], uint8_t res[16]);
+
+/**
+ * @brief Cryptograhic Toolbox function h8
+ *
+ * Defined in Core Vol. 6, part E 1.1.1.
+ *
+ * @note This function is purely a shorthand for the calculation. The parameters
+ * are therefore intentionally not assigned meaning.
+ *
+ * Pseudocode: `aes_cmac(key=aes_cmac(key=s, plaintext=k), plaintext=key_id)`
+ *
+ * @param[in] k (128-bit number in big endian)
+ * @param[in] s (128-bit number in big endian)
+ * @param[in] key_id (32-bit number in big endian)
+ * @param[out] res (128-bit number in big endian)
+ *
+ * @retval 0 Computation was successful. @p res contains the result.
+ * @retval -EIO Computation failed.
+ */
+int bt_crypto_h8(const uint8_t k[16], const uint8_t s[16], const uint8_t key_id[4],
+		 uint8_t res[16]);
--- a/subsys/bluetooth/host/smp.c
+++ b/subsys/bluetooth/host/smp.c
@ -5085,6 +5085,31 @@ static int smp_h7_test(void)
 }
 #endif /* CONFIG_BT_BREDR */

+static int smp_h8_test(void)
+{
+	uint8_t k[16] = {0xec, 0x02, 0x34, 0xa3, 0x57, 0xc8, 0xad, 0x05,
+			 0x34, 0x10, 0x10, 0xa6, 0x0a, 0x39, 0x7d, 0x9b};
+	uint8_t s[16] = {0x15, 0x36, 0xd1, 0x8d, 0xe3, 0xd2, 0x0d, 0xf9,
+			 0x9b, 0x70, 0x44, 0xc1, 0x2f, 0x9e, 0xd5, 0xba};
+	uint8_t key_id[4] = {0xcc, 0x03, 0x01, 0x48};
+
+	uint8_t exp_res[16] = {0xe5, 0xe5, 0xbe, 0xba, 0xae, 0x72, 0x28, 0xe7,
+			       0x22, 0xa3, 0x89, 0x04, 0xed, 0x35, 0x0f, 0x6d};
+	uint8_t res[16];
+	int err;
+
+	err = bt_crypto_h8(k, s, key_id, res);
+	if (err) {
+		return err;
+	}
+
+	if (memcmp(res, exp_res, 16)) {
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int smp_self_test(void)
 {
 	int err;
@ -5138,6 +5163,11 @@ static int smp_self_test(void)
 		return err;
 	}
 #endif /* CONFIG_BT_BREDR */
+	err = smp_h8_test();
+	if (err) {
+		BT_ERR("SMP h8 self test failed");
+		return err;
+	}

 	return 0;
 }
--- a/tests/bluetooth/bt_crypto/src/test_bt_crypto.c
+++ b/tests/bluetooth/bt_crypto/src/test_bt_crypto.c
@ -160,3 +160,19 @@ ZTEST(bt_crypto, test_result_h7)
 	bt_crypto_h7(salt, w, res);
 	zassert_mem_equal(res, exp_res, 16);
 }
+
+ZTEST(bt_crypto, test_result_h8)
+{
+	uint8_t k[16] = {0xec, 0x02, 0x34, 0xa3, 0x57, 0xc8, 0xad, 0x05,
+			 0x34, 0x10, 0x10, 0xa6, 0x0a, 0x39, 0x7d, 0x9b};
+	uint8_t s[16] = {0x15, 0x36, 0xd1, 0x8d, 0xe3, 0xd2, 0x0d, 0xf9,
+			 0x9b, 0x70, 0x44, 0xc1, 0x2f, 0x9e, 0xd5, 0xba};
+	uint8_t key_id[4] = {0xcc, 0x03, 0x01, 0x48};
+
+	uint8_t exp_res[16] = {0xe5, 0xe5, 0xbe, 0xba, 0xae, 0x72, 0x28, 0xe7,
+			       0x22, 0xa3, 0x89, 0x04, 0xed, 0x35, 0x0f, 0x6d};
+	uint8_t res[16];
+
+	bt_crypto_h8(k, s, key_id, res);
+	zassert_mem_equal(res, exp_res, 16);
+}