1 /*
2  * Copyright (C) 2018-2020 Alibaba Group Holding Limited
3  */
4 
5 #include <stdio.h>
6 #include <string.h>
7 #include <ctype.h>
8 
9 //#include <aos/aos.h>
10 
11 #include <misc/printk.h>
12 #include <misc/byteorder.h>
13 #include <tinycrypt/sha256.h>
14 #include <tinycrypt/constants.h>
15 #include <port/mesh_hal_sec.h>
16 
17 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_GENIE_CRYPTO)
18 #include "common/log.h"
19 
20 #include "genie_service.h"
21 
22 static uint8_t g_auth[32];
23 static uint8_t g_ble_key[32];
24 
genie_crypto_get_auth(const uint8_t random[16])25 uint8_t *genie_crypto_get_auth(const uint8_t random[16])
26 {
27     int ret;
28     genie_triple_t *p_genie_triple = genie_triple_get();
29     char mac_str[(GENIE_TRIPLE_MAC_SIZE << 1) + 1] = "";
30     char key_str[(GENIE_TRIPLE_KEY_SIZE << 1) + 1] = "";
31     char static_str[88] = ""; // pid + ',' + mac + ',' + secret = 8+1+12+1+32+1+32'\0'
32     char rad_str[33] = "";
33     struct tc_sha256_state_struct sha256_ctx;
34 
35     hextostring(p_genie_triple->mac, mac_str, GENIE_TRIPLE_MAC_SIZE);
36     hextostring(p_genie_triple->key, key_str, GENIE_TRIPLE_KEY_SIZE);
37     hextostring(random, rad_str, 16);
38 
39 #ifdef GENIE_OLD_AUTH
40     sprintf(static_str, "%08x,%s,%s", p_genie_triple->pid, mac_str, key_str);
41 #else
42     sprintf(static_str, "%08x,%s,%s,%s", p_genie_triple->pid, mac_str, key_str, rad_str);
43 #endif
44     BT_DBG("static oob: %s", static_str);
45 
46     /* calculate the sha256 of oob info and
47      * fetch the top 16 bytes as static value
48      */
49     ret = tc_sha256_init(&sha256_ctx);
50     if (ret != TC_CRYPTO_SUCCESS)
51     {
52         BT_ERR("sha256 init fail\n");
53     }
54 
55     ret = tc_sha256_update(&sha256_ctx, (const uint8_t *)static_str, strlen(static_str));
56     if (ret != TC_CRYPTO_SUCCESS)
57     {
58         BT_ERR("sha256 udpate fail\n");
59     }
60 
61     ret = tc_sha256_final(g_auth, &sha256_ctx);
62     if (ret != TC_CRYPTO_SUCCESS)
63     {
64         BT_ERR("sha256 final fail\n");
65     }
66     else
67     {
68         BT_DBG("auth: %s", bt_hex((char *)g_auth, 16));
69     }
70     return g_auth;
71 }
72 
genie_crypto_encrypt(const uint8_t data_in[16],uint8_t data_out[16])73 int genie_crypto_encrypt(const uint8_t data_in[16], uint8_t data_out[16])
74 {
75     uint8_t i = 0;
76     uint8_t local_data[16];
77     uint8_t aes_iv[16] = {0x31, 0x32, 0x33, 0x61, 0x71, 0x77, 0x65, 0x64,
78                           0x23, 0x2a, 0x24, 0x21, 0x28, 0x34, 0x6a, 0x75};
79 
80     memcpy(local_data, data_in, 16);
81     while (i < 16)
82     {
83         local_data[i] ^= aes_iv[i];
84         i++;
85     }
86 
87     return bt_mesh_aes_encrypt(g_ble_key, local_data, data_out);
88 }
89 
genie_crypto_decrypt(const uint8_t data_in[16],uint8_t data_out[16])90 int genie_crypto_decrypt(const uint8_t data_in[16], uint8_t data_out[16])
91 {
92     int ret = bt_mesh_aes_decrypt(g_ble_key, data_in, data_out);
93     uint8_t aes_iv[16] = {0x31, 0x32, 0x33, 0x61, 0x71, 0x77, 0x65, 0x64,
94                           0x23, 0x2a, 0x24, 0x21, 0x28, 0x34, 0x6a, 0x75};
95     uint8_t i = 0;
96 
97     while (i < 16)
98     {
99         data_out[i] ^= aes_iv[i];
100         i++;
101     }
102 
103     return ret;
104 }
105 
genie_ais_get_cipher(const uint8_t random[16],uint8_t * cipher)106 void genie_ais_get_cipher(const uint8_t random[16], uint8_t *cipher)
107 {
108     int ret;
109     genie_triple_t *p_genie_triple = genie_triple_get();
110     char mac_str[(GENIE_TRIPLE_MAC_SIZE << 1) + 1] = "";
111     char key_str[(GENIE_TRIPLE_KEY_SIZE << 1) + 1] = "";
112     char static_str[72] = ""; // random + ',' + pid + ',' + mac + ',' + secret = 16+1+8+1+12+1+32'\0'
113     struct tc_sha256_state_struct sha256_ctx;
114 
115     hextostring(p_genie_triple->mac, mac_str, GENIE_TRIPLE_MAC_SIZE);
116     hextostring(p_genie_triple->key, key_str, GENIE_TRIPLE_KEY_SIZE);
117 
118     memcpy(static_str, random, 16);
119     sprintf(static_str + 16, ",%08x,%s,%s", p_genie_triple->pid, mac_str, key_str);
120 
121     BT_DBG("string: %s", static_str);
122 
123     /* calculate the sha256 of oob info and
124      * fetch the top 16 bytes as static value
125      */
126     ret = tc_sha256_init(&sha256_ctx);
127     if (ret != TC_CRYPTO_SUCCESS)
128     {
129         BT_ERR("sha256 init fail\n");
130     }
131 
132     ret = tc_sha256_update(&sha256_ctx, (const uint8_t *)static_str, strlen(static_str));
133     if (ret != TC_CRYPTO_SUCCESS)
134     {
135         BT_ERR("sha256 udpate fail\n");
136     }
137 
138     ret = tc_sha256_final(g_ble_key, &sha256_ctx);
139     if (ret != TC_CRYPTO_SUCCESS)
140     {
141         BT_ERR("sha256 final fail\n");
142     }
143     else
144     {
145         BT_DBG("auth: %s", bt_hex((char *)g_ble_key, 16));
146     }
147     genie_crypto_encrypt(random, cipher);
148 
149     BT_DBG("cipher: %s", bt_hex((char *)cipher, 16));
150 }
151 
genie_ais_reset(void)152 void genie_ais_reset(void)
153 {
154     memset(g_ble_key, 0, 32);
155 }
156 
genie_crypto_adv_create(uint8_t ad_structure[14],uint8_t is_silent)157 void genie_crypto_adv_create(uint8_t ad_structure[14], uint8_t is_silent)
158 {
159     genie_triple_t *p_genie_triple = genie_triple_get();
160 
161     ad_structure[3] |= 0x08; //FMSK auth enable
162     if (is_silent)
163     {
164         ad_structure[3] |= 0x20;
165     }
166     else
167     {
168         ad_structure[3] &= ~0x20;
169     }
170 
171     memcpy(ad_structure + GENIE_TRIPLE_PID_SIZE, &p_genie_triple->pid, GENIE_TRIPLE_PID_SIZE);
172     // mac addr
173     for (int i = 0; i < GENIE_TRIPLE_MAC_SIZE; i++)
174     {
175         ad_structure[8 + i] = p_genie_triple->mac[GENIE_TRIPLE_MAC_SIZE - 1 - i];
176     }
177 }
178