From 5e8695d7be45f2c04ccb720a446836a985c90a20 Mon Sep 17 00:00:00 2001 From: lly Date: Tue, 2 Feb 2021 22:29:21 +0800 Subject: [PATCH 1/2] ble_mesh: stack: Fix mbedtls aes ctx not initialized --- .../bluedroid_host/mesh_bearer_adapt.c | 88 +++++++------------ .../mesh_core/include/mesh_bearer_adapt.h | 6 -- .../mesh_core/nimble_host/mesh_bearer_adapt.c | 88 +++++++------------ 3 files changed, 66 insertions(+), 116 deletions(-) diff --git a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c index b2f0b6aad2..b3745c1a3f 100644 --- a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c @@ -1868,60 +1868,33 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons return 0; } -#if CONFIG_MBEDTLS_HARDWARE_AES -static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le, - uint8_t *const cipher_text_le, uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb = {0}; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - mem_rcopy(&aes_ctx.key[0], key_le, 16); - mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - if (cipher_text_le) { - mem_rcopy(cipher_text_le, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } - - if (cipher_text_be) { - memcpy(cipher_text_be, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } -} - -static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be, - uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb = {0}; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - memcpy(&aes_ctx.key[0], key_be, 16); - memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text)); -} -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ - int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { -#if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - - ecb_encrypt(key, plaintext, enc_data, NULL); - - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); - return 0; -#else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s = {0}; uint8_t tmp[16] = {0}; BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); +#if CONFIG_MBEDTLS_HARDWARE_AES + mbedtls_aes_context ctx = {0}; + + mbedtls_aes_init(&ctx); + + sys_memcpy_swap(tmp, key, 16); + + if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + return -EINVAL; + } + + sys_memcpy_swap(tmp, plaintext, 16); + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + tmp, enc_data) != 0) { + return -EINVAL; + } +#else /* CONFIG_MBEDTLS_HARDWARE_AES */ + struct tc_aes_key_sched_struct s = {0}; + sys_memcpy_swap(tmp, key, 16); if (tc_aes128_set_encrypt_key(&s, tmp) == TC_CRYPTO_FAIL) { @@ -1933,31 +1906,36 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ sys_mem_swap(enc_data, 16); BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { -#if CONFIG_MBEDTLS_HARDWARE_AES BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - ecb_encrypt_be(key, plaintext, enc_data); +#if CONFIG_MBEDTLS_HARDWARE_AES + mbedtls_aes_context ctx = {0}; - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); + mbedtls_aes_init(&ctx); - return 0; + if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + return -EINVAL; + } + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + plaintext, enc_data) != 0) { + return -EINVAL; + } #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0}; - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); - if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) { return -EINVAL; } @@ -1965,11 +1943,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) diff --git a/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h b/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h index cc3d2b7bfc..b7b326388e 100644 --- a/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h +++ b/components/bt/esp_ble_mesh/mesh_core/include/mesh_bearer_adapt.h @@ -325,12 +325,6 @@ struct bt_mesh_gatt_service { sys_snode_t node; }; -struct bt_mesh_ecb_param { - uint8_t key[16]; - uint8_t clear_text[16]; - uint8_t cipher_text[16]; -} __packed; - typedef struct { uint8_t type; uint8_t val[6]; diff --git a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c index 56b761e41f..25bcdb8356 100644 --- a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c @@ -1849,59 +1849,32 @@ int bt_mesh_dh_key_gen(const uint8_t remote_pk[64], bt_mesh_dh_key_cb_t cb, cons return 0; } -#if CONFIG_MBEDTLS_HARDWARE_AES -static void ecb_encrypt(uint8_t const *const key_le, uint8_t const *const clear_text_le, - uint8_t *const cipher_text_le, uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - mem_rcopy(&aes_ctx.key[0], key_le, 16); - mem_rcopy(&ecb.clear_text[0], clear_text_le, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - if (cipher_text_le) { - mem_rcopy(cipher_text_le, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } - - if (cipher_text_be) { - memcpy(cipher_text_be, &ecb.cipher_text[0], - sizeof(ecb.cipher_text)); - } -} - -static void ecb_encrypt_be(uint8_t const *const key_be, uint8_t const *const clear_text_be, - uint8_t *const cipher_text_be) -{ - struct bt_mesh_ecb_param ecb; - mbedtls_aes_context aes_ctx = {0}; - - aes_ctx.key_bytes = 16; - memcpy(&aes_ctx.key[0], key_be, 16); - memcpy(&ecb.clear_text[0], clear_text_be, sizeof(ecb.clear_text)); - mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, &ecb.clear_text[0], &ecb.cipher_text[0]); - - memcpy(cipher_text_be, &ecb.cipher_text[0], sizeof(ecb.cipher_text)); -} -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ - int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { + uint8_t tmp[16] = {0}; + + BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + #if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + mbedtls_aes_context ctx = {0}; - ecb_encrypt(key, plaintext, enc_data, NULL); + mbedtls_aes_init(&ctx); - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); - return 0; + sys_memcpy_swap(tmp, key, 16); + + if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + return -EINVAL; + } + + sys_memcpy_swap(tmp, plaintext, 16); + + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + tmp, enc_data) != 0) { + return -EINVAL; + } #else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s; - uint8_t tmp[16]; - - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + struct tc_aes_key_sched_struct s = {0}; sys_memcpy_swap(tmp, key, 16); @@ -1914,30 +1887,35 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ sys_mem_swap(enc_data, 16); BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]) { + BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + #if CONFIG_MBEDTLS_HARDWARE_AES - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + mbedtls_aes_context ctx = {0}; - ecb_encrypt_be(key, plaintext, enc_data); + mbedtls_aes_init(&ctx); - BT_DBG("enc_data %s", bt_hex(enc_data, 16)); + if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + return -EINVAL; + } - return 0; + if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, + plaintext, enc_data) != 0) { + return -EINVAL; + } #else /* CONFIG_MBEDTLS_HARDWARE_AES */ - struct tc_aes_key_sched_struct s; - - BT_DBG("key %s plaintext %s", bt_hex(key, 16), bt_hex(plaintext, 16)); + struct tc_aes_key_sched_struct s = {0}; if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) { return -EINVAL; @@ -1946,11 +1924,11 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) { return -EINVAL; } +#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ BT_DBG("enc_data %s", bt_hex(enc_data, 16)); return 0; -#endif /* CONFIG_MBEDTLS_HARDWARE_AES */ } #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) From 10b5436cc927b4149f852bc02bd76c822e41586f Mon Sep 17 00:00:00 2001 From: lly Date: Thu, 4 Feb 2021 11:13:51 +0800 Subject: [PATCH 2/2] ble_mesh: stack: Fix mbedtls aes ctx not deallocated --- .../mesh_core/bluedroid_host/mesh_bearer_adapt.c | 8 ++++++++ .../mesh_core/nimble_host/mesh_bearer_adapt.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c index b3745c1a3f..49a0ee6fa5 100644 --- a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c @@ -1883,6 +1883,7 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], sys_memcpy_swap(tmp, key, 16); if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } @@ -1890,8 +1891,11 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, tmp, enc_data) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0}; @@ -1926,13 +1930,17 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], mbedtls_aes_init(&ctx); if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, plaintext, enc_data) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0}; diff --git a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c index 25bcdb8356..2b0a5d3933 100644 --- a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c +++ b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c @@ -1864,6 +1864,7 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], sys_memcpy_swap(tmp, key, 16); if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } @@ -1871,8 +1872,11 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, tmp, enc_data) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0}; @@ -1907,13 +1911,17 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], mbedtls_aes_init(&ctx); if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, plaintext, enc_data) != 0) { + mbedtls_aes_free(&ctx); return -EINVAL; } + + mbedtls_aes_free(&ctx); #else /* CONFIG_MBEDTLS_HARDWARE_AES */ struct tc_aes_key_sched_struct s = {0};