diff --git a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c index 956ada4717..c4d5b893b6 100644 --- a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c @@ -1868,60 +1868,37 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons return 0; } -#if CONFIG_MBEDTLS_HARDWARE_AES -static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le, - uint8_t *const cipher_text_le, uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb = {0}; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - mem_rcopy(&aes_ctx.key[0], key_le, 16); - mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - if (cipher_text_le) { - mem_rcopy(cipher_text_le, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } - - if (cipher_text_be) { - memcpy(cipher_text_be, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } -} - -static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be, - uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb = {0}; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - memcpy(&aes_ctx.key[0], key_be, 16); - memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text)); -} -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ - int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { -#if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - - ecb_encrypt(key, plaintext, enc_data, NULL); - - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); - return 0; -#else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s = {0}; uint8_t tmp[16] = {0}; BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); +#if CONFIG_MBEDTLS_HARDWARE_AES + mbedtls_aes_context ctx = {0}; + + mbedtls_aes_init(&ctx); + + sys_memcpy_swap(tmp, key, 16); + + if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + sys_memcpy_swap(tmp, plaintext, 16); + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + tmp, enc_data) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + mbedtls_aes_free(&ctx); +#else /* CONFIG_MBEDTLS_HARDWARE_AES */ + struct tc_aes_key_sched_struct s = {0}; + sys_memcpy_swap(tmp, key, 16); if (tc_aes128_set_encrypt_key(&s, tmp) == TC_CRYPTO_FAIL) { @@ -1933,31 +1910,40 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ sys_mem_swap(enc_data, 16); BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { -#if CONFIG_MBEDTLS_HARDWARE_AES BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - ecb_encrypt_be(key, plaintext, enc_data); +#if CONFIG_MBEDTLS_HARDWARE_AES + mbedtls_aes_context ctx = {0}; - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); + mbedtls_aes_init(&ctx); - return 0; + if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + plaintext, enc_data) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0}; - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) { return -EINVAL; } @@ -1965,11 +1951,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) diff --git a/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h b/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h index 25068554d0..03ece2f335 100644 --- a/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h +++ b/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h @@ -325,12 +325,6 @@ struct bt_mesh_gatt_service { sys_snode_t node; }; -struct bt_mesh_ecb_param { - uint8_t key[16]; - uint8_t clear_text[16]; - uint8_t cipher_text[16]; -} __packed; - typedef struct { uint8_t type; uint8_t val[6]; diff --git a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c index fb2a9e337a..a3b737bac4 100644 --- a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c @@ -1851,59 +1851,36 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons return 0; } -#if CONFIG_MBEDTLS_HARDWARE_AES -static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le, - uint8_t *const cipher_text_le, uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - mem_rcopy(&aes_ctx.key[0], key_le, 16); - mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - if (cipher_text_le) { - mem_rcopy(cipher_text_le, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } - - if (cipher_text_be) { - memcpy(cipher_text_be, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } -} - -static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be, - uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - memcpy(&aes_ctx.key[0], key_be, 16); - memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text)); -} -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ - int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { + uint8_t tmp[16] = {0}; + + BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + #if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + mbedtls_aes_context ctx = {0}; - ecb_encrypt(key, plaintext, enc_data, NULL); + mbedtls_aes_init(&ctx); - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); - return 0; + sys_memcpy_swap(tmp, key, 16); + + if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + sys_memcpy_swap(tmp, plaintext, 16); + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + tmp, enc_data) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s; - uint8_t tmp[16]; - - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + struct tc_aes_key_sched_struct s = {0}; sys_memcpy_swap(tmp, key, 16); @@ -1916,30 +1893,39 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ sys_mem_swap(enc_data, 16); BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { + BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + #if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + mbedtls_aes_context ctx = {0}; - ecb_encrypt_be(key, plaintext, enc_data); + mbedtls_aes_init(&ctx); - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); + if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } - return 0; + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + plaintext, enc_data) != 0) { + mbedtls_aes_free(&ctx); + return -EINVAL; + } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s; - - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + struct tc_aes_key_sched_struct s = {0}; if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) { return -EINVAL; @@ -1948,11 +1934,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)