Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions embedded/common/source/mbedtls/gen_secret.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@

#define MBEDTLS_ALLOW_PRIVATE_ACCESS

#if defined(__has_include)
#if __has_include(<psa/crypto.h>)
#define NEARBY_PLATFORM_USE_PSA_CRYPTO 1
#endif
#endif

#if defined(NEARBY_PLATFORM_USE_PSA_CRYPTO)
#include <psa/crypto.h>
#include <string.h>
#else
Comment on lines +34 to +43
#include <mbedtls/aes.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/ecp.h>
Expand All @@ -40,11 +50,60 @@
#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
#include <mbedtls/compat-2.x.h>
#endif
#endif

#include <nearby_platform_se.h>
#include <stdlib.h>

#ifndef NEARBY_PLATFORM_HAS_SE
#if defined(NEARBY_PLATFORM_USE_PSA_CRYPTO)
static nearby_platform_status nearby_platform_InitCrypto() {
return psa_crypto_init() == PSA_SUCCESS ? kNearbyStatusOK : kNearbyStatusError;
}

nearby_platform_status nearby_platform_GenSec256r1Secret(
const uint8_t remote_party_public_key[64], uint8_t shared_secret[32]) {
if (nearby_platform_InitCrypto() != kNearbyStatusOK) {
Comment on lines +60 to +66
return kNearbyStatusError;
}

const uint8_t* pkp = nearby_platform_GetAntiSpoofingPrivateKey();
if (!pkp) {
return kNearbyStatusError;
}

nearby_platform_status platform_status = kNearbyStatusError;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
size_t shared_secret_length = 0;
uint8_t peer_public_key[65] = {0x04};

memcpy(&peer_public_key[1], remote_party_public_key, 64);

psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&attributes, 256);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);

psa_status_t status = psa_import_key(&attributes, pkp, 32, &key_id);
psa_reset_key_attributes(&attributes);
if (status != PSA_SUCCESS) {
goto exit;
}

status = psa_raw_key_agreement(PSA_ALG_ECDH, key_id, peer_public_key, sizeof(peer_public_key),
shared_secret, 32, &shared_secret_length);
if (status == PSA_SUCCESS && shared_secret_length == 32) {
platform_status = kNearbyStatusOK;
}

exit:
if (key_id != 0) {
psa_destroy_key(key_id);
}
return platform_status;
}
#else
static int crypto_rand(void* const seed, uint8_t* const out,
size_t const size) {
(void)seed;
Expand Down Expand Up @@ -105,4 +164,5 @@ nearby_platform_status nearby_platform_GenSec256r1Secret(

return status;
}
#endif
#endif /* NEARBY_PLATFORM_HAS_SE */
103 changes: 103 additions & 0 deletions embedded/common/source/mbedtls/mbedtls.c
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,15 @@
// separate file, gen_secret.c.
//

#if defined(__has_include)
#if __has_include(<psa/crypto.h>)
#define NEARBY_PLATFORM_USE_PSA_CRYPTO 1
#endif
#endif

Comment on lines +40 to +45
#if defined(NEARBY_PLATFORM_USE_PSA_CRYPTO)
#include <psa/crypto.h>
#else
#include <mbedtls/aes.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/ecp.h>
Expand All @@ -45,9 +54,102 @@
#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
#include <mbedtls/compat-2.x.h>
#endif
#endif

#include <nearby_platform_se.h>

#if defined(NEARBY_PLATFORM_USE_PSA_CRYPTO)
static psa_hash_operation_t sha256_op = PSA_HASH_OPERATION_INIT;

static nearby_platform_status nearby_platform_InitCrypto() {
return psa_crypto_init() == PSA_SUCCESS ? kNearbyStatusOK : kNearbyStatusError;
}

nearby_platform_status nearby_platform_Sha256Start() {
if (nearby_platform_InitCrypto() != kNearbyStatusOK) {
Comment on lines +64 to +69
return kNearbyStatusError;
}
psa_hash_abort(&sha256_op);
return psa_hash_setup(&sha256_op, PSA_ALG_SHA_256) == PSA_SUCCESS ? kNearbyStatusOK
: kNearbyStatusError;
}

nearby_platform_status nearby_platform_Sha256Update(const void* data,
size_t length) {
return psa_hash_update(&sha256_op, (const uint8_t*)data, length) == PSA_SUCCESS
? kNearbyStatusOK
: kNearbyStatusError;
Comment on lines +79 to +81
}

nearby_platform_status nearby_platform_Sha256Finish(uint8_t out[32]) {
size_t out_length = 0;
psa_status_t status = psa_hash_finish(&sha256_op, out, 32, &out_length);
if (status != PSA_SUCCESS || out_length != 32) {
psa_hash_abort(&sha256_op);
return kNearbyStatusError;
}
return kNearbyStatusOK;
}

static nearby_platform_status nearby_platform_Aes128Crypt(
const uint8_t input[AES_MESSAGE_SIZE_BYTES],
uint8_t output[AES_MESSAGE_SIZE_BYTES],
const uint8_t key[AES_MESSAGE_SIZE_BYTES], psa_key_usage_t usage) {
if (nearby_platform_InitCrypto() != kNearbyStatusOK) {
return kNearbyStatusError;
}

nearby_platform_status platform_status = kNearbyStatusError;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
size_t output_length = 0;

psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 128);
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING);

psa_status_t status = psa_import_key(&attributes, key, AES_MESSAGE_SIZE_BYTES, &key_id);
psa_reset_key_attributes(&attributes);
if (status != PSA_SUCCESS) {
goto exit;
}

if (usage == PSA_KEY_USAGE_ENCRYPT) {
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, input,
AES_MESSAGE_SIZE_BYTES, output, AES_MESSAGE_SIZE_BYTES,
&output_length);
} else {
status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING, input,
AES_MESSAGE_SIZE_BYTES, output, AES_MESSAGE_SIZE_BYTES,
&output_length);
}

if (status == PSA_SUCCESS && output_length == AES_MESSAGE_SIZE_BYTES) {
platform_status = kNearbyStatusOK;
}

exit:
if (key_id != 0) {
psa_destroy_key(key_id);
}
return platform_status;
}

nearby_platform_status nearby_platform_Aes128Encrypt(
const uint8_t input[AES_MESSAGE_SIZE_BYTES],
uint8_t output[AES_MESSAGE_SIZE_BYTES],
const uint8_t key[AES_MESSAGE_SIZE_BYTES]) {
return nearby_platform_Aes128Crypt(input, output, key, PSA_KEY_USAGE_ENCRYPT);
}

nearby_platform_status nearby_platform_Aes128Decrypt(
const uint8_t input[AES_MESSAGE_SIZE_BYTES],
uint8_t output[AES_MESSAGE_SIZE_BYTES],
const uint8_t key[AES_MESSAGE_SIZE_BYTES]) {
return nearby_platform_Aes128Crypt(input, output, key, PSA_KEY_USAGE_DECRYPT);
}
#else
static mbedtls_sha256_context sha256_ctx;

nearby_platform_status nearby_platform_Sha256Start() {
Expand Down Expand Up @@ -119,3 +221,4 @@ nearby_platform_status nearby_platform_Aes128Decrypt(
mbedtls_aes_free(&ctx);
return status;
}
#endif