platform/atm2/ATM22xx-x1x/include/ble/smpc.h - platform/hardware/google/atv/refDesignRcu/atmosic - Git at Google

 /**
  ****************************************************************************************
  *
  * @file smpc.h
  *
  * @brief Header file - SMPC.
  *
  * Copyright (C) RivieraWaves 2009-2016
  * Copyright (C) Atmosic 2023
  *
  ****************************************************************************************
  */

 #ifndef SMPC_H_
 #define SMPC_H_

 /**
  ****************************************************************************************
  * @addtogroup SMP Security Manager Protocol
  * @ingroup HOST
  * @brief Security Manager Protocol.
  *
  * The SMP is responsible for the over-all security policies of BLE.
  * It defines methods for pairing and key distribution, handles encryption,
  * data signing and privacy features such as random addressing generation and resolution.
  *
  * Pairing is performed to exchange pairing features and generate a short term
  * key for link encryption.
  * A transport specific key distribution is performed to
  * share the keys that can be used to encrypt the link in the future
  * reconnection process, signed data verification and random address
  * resolution.
  *
  * There exist 3 phases in the complete security procedure:
  * 1. Feature exchange (IO capabilities, OOB flags, Authentication Requirements, Key distributions)
  * 2. Short Term Key generation
  *    Generation method depends on exchanged features:
  *     - Just Works - use Temporary key = 0
  *     - PassKey Entry - use Temporary Key = 6-digit provided by user
  *     - Out of Band (OOB) - use Temporary Key = 16-octet key, available form OOB source
  * 3. Transport Specific Key Distribution (TKDP)(LTK+EDIV+RAND_NB, IRK+ADDR, CSRK)
  *---------------------------------------------------------------------
  * @addtogroup SMPC Security Manager Protocol Controller
  * @ingroup SMP
  * @brief Security Manager Protocol Controller.
  *
  * This block handles control of SM procedures for several possible existing connections,
  * for which the security procedure may be conducted simultaneously.
  *
  * It allows flow control for HCI access to encryption and random number generation, used
  * at different moments in the procedure.
  *
  * It handles PDU creation and sending through L2CAP, also their reception from L2CAP
  * and interpretation.
  *
  * Other small utilities such as maximum key size determination and TKDP organization are
  * implemented in SMPC.
  * @{
  *
  ****************************************************************************************
  */


 /*
  * INCLUDE FILES
  ****************************************************************************************
  */
 #include "rwip_config.h"

 #if (BLE_SMPC)
 #include "co_bt.h"
 #include "gap.h"
 #include "gapc_task.h"
 #include "ke_task.h"

 /*
  * DEFINES
  ****************************************************************************************
  */

 /// MAC length
 #define SMPC_SIGN_MAC_LEN                       (8)
 /// SignCounter length
 #define SMPC_SIGN_COUNTER_LEN                   (4)
 /// Signature length
 #define SMPC_SIGN_LEN                           (SMPC_SIGN_MAC_LEN + SMPC_SIGN_COUNTER_LEN)

 /**
  * Repeated Attempts Timer Configuration
  */
 /// Repeated Attempts Timer default value (x10ms)
 #define SMPC_REP_ATTEMPTS_TIMER_DEF_VAL         (200)      //2s
 /// Repeated Attempts Timer max value (x10ms)
 #define SMPC_REP_ATTEMPTS_TIMER_MAX_VAL         (3000)     //30s
 /// Repeated Attempts Timer multiplier
 #define SMPC_REP_ATTEMPTS_TIMER_MULT            (2)

 /**
  * Timeout Timer Configuration
  */
 #define SMPC_TIMEOUT_TIMER_DURATION             (3000)     //30s

 #define SMPC_PUBLIC_KEY_256_COORD_LEN            0x20
 /*
  * ENUMERATIONS
  ****************************************************************************************
  */


 /// Information source.
 enum smpc_addr_src
 {
     /// Local info.
     SMPC_INFO_LOCAL,
     /// Peer info.
     SMPC_INFO_PEER,
     /// Maximum info source.
     SMPC_INFO_MAX
 };

 /*
  * STRUCTURES DEFINITION
  ****************************************************************************************
  */

 /// Master ID Information Structure
 struct smpc_mst_id_info
 {
     // Encryption Diversifier
     uint16_t ediv;

     // Random Number
     uint8_t randnb[GAP_RAND_NB_LEN];
 };

 #if (SECURE_CONNECTIONS)
 struct smp_aes_cmac
 {
     uint8_t* M; // pointer to memory allocated by calling function
     uint8_t  M_len;
     uint8_t  M_last[16];
     uint8_t  X[16];
     uint8_t  Y[16];
     uint8_t*  K; //[16];
     uint8_t  K1[16];
     uint8_t  K2[16];
     uint8_t  next_block;
     uint8_t  num_blocks;
     uint8_t  state;  // Only 3 States - Idle, SubKey Generation, Block AES
 };

 struct smp_f4
 {
     uint8_t M[65];
     uint8_t X[16]; // The Key
 };

 struct smp_f5
 {
     uint8_t M[53];
     uint8_t* W;
     uint8_t T[16];
     uint8_t SALT[16];
 };


 struct smp_f6
 {
     uint8_t W[16];
     uint8_t M[65];
 };

 struct smp_g2
 {
     uint8_t X[16];
     uint8_t M[80];
 };

 struct gapc_public_key
 {
     uint8_t x[GAP_P256_KEY_LEN];
     uint8_t y[GAP_P256_KEY_LEN];
 };

 #endif // (SECURE_CONNECTIONS)
 /// Pairing Information
 struct smpc_pair_info
 {
     /// TK during Phase 2, LTK or IRK during Phase 3
     struct gap_sec_key key;
     /// Pairing request command
     struct gapc_pairing pair_req_feat;
     /// Pairing response feature
     struct gapc_pairing pair_rsp_feat;
     /// Random number value
     uint8_t rand[RAND_VAL_LEN];
     /// Remote random number value
     uint8_t rem_rand[RAND_VAL_LEN];
     /// Confirm value to check
     uint8_t conf_value[GAP_KEY_LEN];
     /// Pairing Method
     uint8_t pair_method;
     /// Authentication level
     uint8_t auth;
     /// check that LTK exchanged during pairing
     bool ltk_exchanged;
     /// Key to be exchanged (transmitted or to be received)
     uint8_t keys_dist;


     #if (SECURE_CONNECTIONS)
     // AES_CMAC Info
     struct smp_aes_cmac* aes_cmac;
     // Structure for Secure Connections Crypto functions
     struct smp_f4*  f4_info;
     struct smp_f5*  f5_info;
     struct smp_f6*  f6_info;
     struct smp_g2*  g2_info;

     bool dh_key_calculation_complete;

     uint8_t MacKey[GAP_KEY_LEN];
     uint8_t dh_key_check_peer[DHKEY_CHECK_LEN];
     uint8_t dh_key_local[DH_KEY_LEN];

     uint8_t dh_key_check_local[DHKEY_CHECK_LEN];
     bool dh_key_check_received_from_peer;

     public_key_t peer_public_key;

     uint8_t passkey_bit_count;
     uint32_t passkey;

     // Required for OOB
     uint8_t peer_r[GAP_KEY_LEN];
     uint8_t local_r[GAP_KEY_LEN];
     bool peer_rand_received;
     bool peer_confirm_received;
     #endif // (SECURE_CONNECTIONS)
 };

 /// Signing Information
 struct smpc_sign_info
 {
     /// Operation requester task id
     ke_task_id_t requester;

     /// Message offset
     uint16_t msg_offset;
     /// Number of block
     uint8_t block_nb;
     /// Cn-1 value -> Need to kept this value to retrieve it after L generation
     uint8_t cn1[GAP_KEY_LEN];
 };

 /// SMPC environment structure
 struct smpc_env
 {
     /// SMPC temporary information
     union smpc_info
     {
         /**
          * Pairing Information - This structure is allocated at the beginning of a pairing
          * or procedure. It is freed when a disconnection occurs or at the end of
          * the pairing procedure. If not enough memory can be found, the procedure will fail
          *  with an "Unspecified Reason" error
          */
         struct smpc_pair_info *pair;

         /**
          * Signature Procedure Information - This structure is allocated at the beginning of a
          * signing procedure. It is freed when a disconnection occurs or at the end of
          * the signing procedure. If not enough memory can be found, the procedure will fail
          *  with an "Unspecified Reason" error.
          */
         struct smpc_sign_info *sign;
     } info;

     /// CSRK values (Local and remote)
     struct gap_sec_key csrk[SMPC_INFO_MAX];

     /// signature counter values (Local and remote)
     uint32_t sign_counter[SMPC_INFO_MAX];

     /// Repeated Attempt Timer value
     uint16_t rep_att_timer_val;

     /// Encryption key size
     uint8_t key_size;

     /**
      * Contains the current state of the two timers needed in the SMPC task
      *      Bit 0 - Is Timeout Timer running
      *      Bit 1 - Is Repeated Attempt Timer running
      *      Bit 2 - Has task reached a SMP Timeout
      */
     uint8_t timer_state;

     /// State of the current procedure
     uint8_t state;

     #if (SECURE_CONNECTIONS)
     bool secure_connections_enabled;
     #endif // (SECURE_CONNECTIONS)
 };

 /*
  * GLOBAL VARIABLES DEFINITION
  ****************************************************************************************
  */


 /*
  * MACROS
  ****************************************************************************************
  */

 /*
  * FUNCTION DECLARATIONS
  ****************************************************************************************
  */


 #endif //(BLE_SMPC)
 #endif //SMPC_H_

 /// @} SMPC
	/**
	****************************************************************************************
	*
	* @file smpc.h
	*
	* @brief Header file - SMPC.
	*
	* Copyright (C) RivieraWaves 2009-2016
	* Copyright (C) Atmosic 2023
	*
	****************************************************************************************
	*/

	#ifndef SMPC_H_
	#define SMPC_H_

	/**
	****************************************************************************************
	* @addtogroup SMP Security Manager Protocol
	* @ingroup HOST
	* @brief Security Manager Protocol.
	*
	* The SMP is responsible for the over-all security policies of BLE.
	* It defines methods for pairing and key distribution, handles encryption,
	* data signing and privacy features such as random addressing generation and resolution.
	*
	* Pairing is performed to exchange pairing features and generate a short term
	* key for link encryption.
	* A transport specific key distribution is performed to
	* share the keys that can be used to encrypt the link in the future
	* reconnection process, signed data verification and random address
	* resolution.
	*
	* There exist 3 phases in the complete security procedure:
	* 1. Feature exchange (IO capabilities, OOB flags, Authentication Requirements, Key distributions)
	* 2. Short Term Key generation
	* Generation method depends on exchanged features:
	* - Just Works - use Temporary key = 0
	* - PassKey Entry - use Temporary Key = 6-digit provided by user
	* - Out of Band (OOB) - use Temporary Key = 16-octet key, available form OOB source
	* 3. Transport Specific Key Distribution (TKDP)(LTK+EDIV+RAND_NB, IRK+ADDR, CSRK)
	*---------------------------------------------------------------------
	* @addtogroup SMPC Security Manager Protocol Controller
	* @ingroup SMP
	* @brief Security Manager Protocol Controller.
	*
	* This block handles control of SM procedures for several possible existing connections,
	* for which the security procedure may be conducted simultaneously.
	*
	* It allows flow control for HCI access to encryption and random number generation, used
	* at different moments in the procedure.
	*
	* It handles PDU creation and sending through L2CAP, also their reception from L2CAP
	* and interpretation.
	*
	* Other small utilities such as maximum key size determination and TKDP organization are
	* implemented in SMPC.
	* @{
	*
	****************************************************************************************
	*/


	/*
	* INCLUDE FILES
	****************************************************************************************
	*/
	#include "rwip_config.h"

	#if (BLE_SMPC)
	#include "co_bt.h"
	#include "gap.h"
	#include "gapc_task.h"
	#include "ke_task.h"

	/*
	* DEFINES
	****************************************************************************************
	*/

	/// MAC length
	#define SMPC_SIGN_MAC_LEN (8)
	/// SignCounter length
	#define SMPC_SIGN_COUNTER_LEN (4)
	/// Signature length
	#define SMPC_SIGN_LEN (SMPC_SIGN_MAC_LEN + SMPC_SIGN_COUNTER_LEN)

	/**
	* Repeated Attempts Timer Configuration
	*/
	/// Repeated Attempts Timer default value (x10ms)
	#define SMPC_REP_ATTEMPTS_TIMER_DEF_VAL (200) //2s
	/// Repeated Attempts Timer max value (x10ms)
	#define SMPC_REP_ATTEMPTS_TIMER_MAX_VAL (3000) //30s
	/// Repeated Attempts Timer multiplier
	#define SMPC_REP_ATTEMPTS_TIMER_MULT (2)

	/**
	* Timeout Timer Configuration
	*/
	#define SMPC_TIMEOUT_TIMER_DURATION (3000) //30s

	#define SMPC_PUBLIC_KEY_256_COORD_LEN 0x20
	/*
	* ENUMERATIONS
	****************************************************************************************
	*/


	/// Information source.
	enum smpc_addr_src
	{
	/// Local info.
	SMPC_INFO_LOCAL,
	/// Peer info.
	SMPC_INFO_PEER,
	/// Maximum info source.
	SMPC_INFO_MAX
	};

	/*
	* STRUCTURES DEFINITION
	****************************************************************************************
	*/

	/// Master ID Information Structure
	struct smpc_mst_id_info
	{
	// Encryption Diversifier
	uint16_t ediv;

	// Random Number
	uint8_t randnb[GAP_RAND_NB_LEN];
	};

	#if (SECURE_CONNECTIONS)
	struct smp_aes_cmac
	{
	uint8_t* M; // pointer to memory allocated by calling function
	uint8_t M_len;
	uint8_t M_last[16];
	uint8_t X[16];
	uint8_t Y[16];
	uint8_t* K; //[16];
	uint8_t K1[16];
	uint8_t K2[16];
	uint8_t next_block;
	uint8_t num_blocks;
	uint8_t state; // Only 3 States - Idle, SubKey Generation, Block AES
	};

	struct smp_f4
	{
	uint8_t M[65];
	uint8_t X[16]; // The Key
	};

	struct smp_f5
	{
	uint8_t M[53];
	uint8_t* W;
	uint8_t T[16];
	uint8_t SALT[16];
	};


	struct smp_f6
	{
	uint8_t W[16];
	uint8_t M[65];
	};

	struct smp_g2
	{
	uint8_t X[16];
	uint8_t M[80];
	};

	struct gapc_public_key
	{
	uint8_t x[GAP_P256_KEY_LEN];
	uint8_t y[GAP_P256_KEY_LEN];
	};

	#endif // (SECURE_CONNECTIONS)
	/// Pairing Information
	struct smpc_pair_info
	{
	/// TK during Phase 2, LTK or IRK during Phase 3
	struct gap_sec_key key;
	/// Pairing request command
	struct gapc_pairing pair_req_feat;
	/// Pairing response feature
	struct gapc_pairing pair_rsp_feat;
	/// Random number value
	uint8_t rand[RAND_VAL_LEN];
	/// Remote random number value
	uint8_t rem_rand[RAND_VAL_LEN];
	/// Confirm value to check
	uint8_t conf_value[GAP_KEY_LEN];
	/// Pairing Method
	uint8_t pair_method;
	/// Authentication level
	uint8_t auth;
	/// check that LTK exchanged during pairing
	bool ltk_exchanged;
	/// Key to be exchanged (transmitted or to be received)
	uint8_t keys_dist;


	#if (SECURE_CONNECTIONS)
	// AES_CMAC Info
	struct smp_aes_cmac* aes_cmac;
	// Structure for Secure Connections Crypto functions
	struct smp_f4* f4_info;
	struct smp_f5* f5_info;
	struct smp_f6* f6_info;
	struct smp_g2* g2_info;

	bool dh_key_calculation_complete;

	uint8_t MacKey[GAP_KEY_LEN];
	uint8_t dh_key_check_peer[DHKEY_CHECK_LEN];
	uint8_t dh_key_local[DH_KEY_LEN];

	uint8_t dh_key_check_local[DHKEY_CHECK_LEN];
	bool dh_key_check_received_from_peer;

	public_key_t peer_public_key;

	uint8_t passkey_bit_count;
	uint32_t passkey;

	// Required for OOB
	uint8_t peer_r[GAP_KEY_LEN];
	uint8_t local_r[GAP_KEY_LEN];
	bool peer_rand_received;
	bool peer_confirm_received;
	#endif // (SECURE_CONNECTIONS)
	};

	/// Signing Information
	struct smpc_sign_info
	{
	/// Operation requester task id
	ke_task_id_t requester;

	/// Message offset
	uint16_t msg_offset;
	/// Number of block
	uint8_t block_nb;
	/// Cn-1 value -> Need to kept this value to retrieve it after L generation
	uint8_t cn1[GAP_KEY_LEN];
	};

	/// SMPC environment structure
	struct smpc_env
	{
	/// SMPC temporary information
	union smpc_info
	{
	/**
	* Pairing Information - This structure is allocated at the beginning of a pairing
	* or procedure. It is freed when a disconnection occurs or at the end of
	* the pairing procedure. If not enough memory can be found, the procedure will fail
	* with an "Unspecified Reason" error
	*/
	struct smpc_pair_info *pair;

	/**
	* Signature Procedure Information - This structure is allocated at the beginning of a
	* signing procedure. It is freed when a disconnection occurs or at the end of
	* the signing procedure. If not enough memory can be found, the procedure will fail
	* with an "Unspecified Reason" error.
	*/
	struct smpc_sign_info *sign;
	} info;

	/// CSRK values (Local and remote)
	struct gap_sec_key csrk[SMPC_INFO_MAX];

	/// signature counter values (Local and remote)
	uint32_t sign_counter[SMPC_INFO_MAX];

	/// Repeated Attempt Timer value
	uint16_t rep_att_timer_val;

	/// Encryption key size
	uint8_t key_size;

	/**
	* Contains the current state of the two timers needed in the SMPC task
	* Bit 0 - Is Timeout Timer running
	* Bit 1 - Is Repeated Attempt Timer running
	* Bit 2 - Has task reached a SMP Timeout
	*/
	uint8_t timer_state;

	/// State of the current procedure
	uint8_t state;

	#if (SECURE_CONNECTIONS)
	bool secure_connections_enabled;
	#endif // (SECURE_CONNECTIONS)
	};

	/*
	* GLOBAL VARIABLES DEFINITION
	****************************************************************************************
	*/


	/*
	* MACROS
	****************************************************************************************
	*/

	/*
	* FUNCTION DECLARATIONS
	****************************************************************************************
	*/


	#endif //(BLE_SMPC)
	#endif //SMPC_H_

	/// @} SMPC