/*
|
* Licensed to the Apache Software Foundation (ASF) under one
|
* or more contributor license agreements. See the NOTICE file
|
* distributed with this work for additional information
|
* regarding copyright ownership. The ASF licenses this file
|
* to you under the Apache License, Version 2.0 (the
|
* "License"); you may not use this file except in compliance
|
* with the License. You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing,
|
* software distributed under the License is distributed on an
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
* KIND, either express or implied. See the License for the
|
* specific language governing permissions and limitations
|
* under the License.
|
*/
|
|
#include <assert.h>
|
#include <stdint.h>
|
#include "mcu/mcu.h"
|
#include "nimble/ble.h"
|
#include "controller/ble_hw.h"
|
#include "CMAC.h"
|
#include "cmac_driver/cmac_shared.h"
|
#include "tinycrypt/aes.h"
|
|
static struct tc_aes_key_sched_struct g_ctx;
|
|
int
|
ble_hw_rng_init(ble_rng_isr_cb_t cb, int bias)
|
{
|
cmac_rand_set_isr_cb(cb);
|
return 0;
|
}
|
|
int
|
ble_hw_rng_start(void)
|
{
|
/* Chime the M33 in case we need random numbers generated */
|
cmac_rand_start();
|
CMAC->CM_EV_SET_REG = CMAC_CM_EV_SET_REG_EV1C_CMAC2SYS_IRQ_SET_Msk;
|
return 0;
|
}
|
|
int
|
ble_hw_rng_stop(void)
|
{
|
cmac_rand_stop();
|
return 0;
|
}
|
|
#define BLE_HW_RESOLV_LIST_SIZE (MYNEWT_VAL(BLE_LL_RESOLV_LIST_SIZE))
|
|
struct ble_hw_resolv_irk {
|
uint32_t key[4];
|
};
|
|
struct ble_hw_resolv_list {
|
uint8_t count;
|
struct ble_hw_resolv_irk irk[BLE_HW_RESOLV_LIST_SIZE];
|
};
|
|
struct ble_hw_resolv_proc {
|
uint32_t hash;
|
uint8_t f_configured;
|
uint8_t f_active;
|
uint8_t f_match;
|
uint8_t f_done;
|
struct ble_hw_resolv_irk *irk;
|
struct ble_hw_resolv_irk *irk_end;
|
uint32_t crypto_prand_in[4];
|
uint32_t crypto_e_out[4];
|
};
|
|
static struct ble_hw_resolv_list g_ble_hw_resolv_list;
|
static struct ble_hw_resolv_proc g_ble_hw_resolv_proc;
|
|
int
|
ble_hw_get_public_addr(ble_addr_t *addr)
|
{
|
return -1;
|
}
|
|
int
|
ble_hw_get_static_addr(ble_addr_t *addr)
|
{
|
return -1;
|
}
|
|
void
|
ble_hw_whitelist_clear(void)
|
{
|
}
|
|
int
|
ble_hw_whitelist_add(const uint8_t *addr, uint8_t addr_type)
|
{
|
return 0;
|
}
|
|
void
|
ble_hw_whitelist_rmv(const uint8_t *addr, uint8_t addr_type)
|
{
|
}
|
|
uint8_t
|
ble_hw_whitelist_size(void)
|
{
|
return 0;
|
}
|
|
void
|
ble_hw_whitelist_enable(void)
|
{
|
}
|
|
|
void
|
ble_hw_whitelist_disable(void)
|
{
|
}
|
|
int
|
ble_hw_whitelist_match(void)
|
{
|
return 0;
|
}
|
|
int
|
ble_hw_encrypt_block(struct ble_encryption_block *ecb)
|
{
|
uint32_t in_addr;
|
uint32_t out_addr;
|
|
/*
|
* The following code bears some explanation. This function is called by
|
* the LL task to encrypt blocks and calculate session keys. Address
|
* resolution also calls this function. Furthermore, during connections,
|
* the M0 crypto accelerator is used but this function is not called when
|
* using it. During the entire connection event, the M0 crypto block cannot
|
* be used as the crypto state (some of it) needs to remain un-changed.
|
* Note that this is also true when address resolution is enabled: the
|
* HW crypto block is set up and cannot be modified.
|
*
|
* Rather than attempt to share the M0 crypto block between the various
|
* controller features which require it, we decided to use software to
|
* perform the encryption task for anything being done at the link-layer
|
* (outside of an ISR). If this function is called inside an ISR, and it
|
* is when resolving addresses, the crypto accelerator is not being used
|
* by a connection event. Thus, we check to see if we are inside of an ISR.
|
* If so, we use the M0 crypto block. If outside of an ISR, we use the M33
|
*/
|
if (!os_arch_in_isr()) {
|
tc_aes128_set_encrypt_key(&g_ctx, ecb->key);
|
tc_aes_encrypt(ecb->cipher_text, ecb->plain_text, &g_ctx);
|
return 0;
|
}
|
|
/* Need to retain state of in/out pointers */
|
in_addr = CMAC->CM_CRYPTO_IN_ADR2_REG;
|
out_addr = CMAC->CM_CRYPTO_OUT_ADR_REG;
|
|
while (CMAC->CM_CRYPTO_STAT_REG & CMAC_CM_CRYPTO_STAT_REG_CM_CRYPTO_BUSY_Msk);
|
|
/* RECB, memory in/out, encryption */
|
CMAC->CM_CRYPTO_CTRL_REG = CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_ECB_ENC_EN_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_IN_SEL_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_OUT_SEL_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_ENC_DECN_Msk;
|
|
CMAC->CM_CRYPTO_KEY_31_0_REG = get_le32(&ecb->key[0]);
|
CMAC->CM_CRYPTO_KEY_63_32_REG = get_le32(&ecb->key[4]);
|
CMAC->CM_CRYPTO_KEY_95_64_REG = get_le32(&ecb->key[8]);
|
CMAC->CM_CRYPTO_KEY_127_96_REG = get_le32(&ecb->key[12]);
|
CMAC->CM_CRYPTO_IN_ADR2_REG = (uint32_t)ecb->plain_text;
|
CMAC->CM_CRYPTO_OUT_ADR_REG = (uint32_t)ecb->cipher_text;
|
|
CMAC->CM_EXC_STAT_REG = CMAC_CM_EXC_STAT_REG_EXC_CRYPTO_Msk;
|
CMAC->CM_EV_SET_REG = CMAC_CM_EV_SET_REG_EV_CRYPTO_START_Msk;
|
while (!(CMAC->CM_EXC_STAT_REG & CMAC_CM_EXC_STAT_REG_EXC_CRYPTO_Msk));
|
CMAC->CM_EXC_STAT_REG = CMAC_CM_EXC_STAT_REG_EXC_CRYPTO_Msk;
|
|
CMAC->CM_CRYPTO_IN_ADR2_REG = in_addr;
|
CMAC->CM_CRYPTO_OUT_ADR_REG = out_addr;
|
|
return 0;
|
}
|
|
void
|
ble_hw_resolv_list_clear(void)
|
{
|
g_ble_hw_resolv_list.count = 0;
|
}
|
|
int
|
ble_hw_resolv_list_add(uint8_t *irk)
|
{
|
struct ble_hw_resolv_irk *e;
|
|
if (g_ble_hw_resolv_list.count == BLE_HW_RESOLV_LIST_SIZE) {
|
return BLE_ERR_MEM_CAPACITY;
|
}
|
|
e = &g_ble_hw_resolv_list.irk[g_ble_hw_resolv_list.count];
|
/* Prepare key here so we do not need to do it during resolving */
|
e->key[0] = get_le32(&irk[0]);
|
e->key[1] = get_le32(&irk[4]);
|
e->key[2] = get_le32(&irk[8]);
|
e->key[3] = get_le32(&irk[12]);
|
|
g_ble_hw_resolv_list.count++;
|
|
return BLE_ERR_SUCCESS;
|
}
|
|
void
|
ble_hw_resolv_list_rmv(int index)
|
{
|
struct ble_hw_resolv_irk *e;
|
|
if (index < g_ble_hw_resolv_list.count) {
|
g_ble_hw_resolv_list.count--;
|
|
e = &g_ble_hw_resolv_list.irk[index];
|
memmove(e, e + 1, (g_ble_hw_resolv_list.count - index) * sizeof(e->key));
|
}
|
}
|
|
uint8_t
|
ble_hw_resolv_list_size(void)
|
{
|
return BLE_HW_RESOLV_LIST_SIZE;
|
}
|
|
int
|
ble_hw_resolv_list_match(void)
|
{
|
return g_ble_hw_resolv_proc.f_match ?
|
g_ble_hw_resolv_proc.irk - g_ble_hw_resolv_list.irk : -1;
|
}
|
|
static void
|
ble_hw_resolv_proc_next(void)
|
{
|
void *src = &g_ble_hw_resolv_proc.irk->key;
|
|
if (g_ble_hw_resolv_proc.irk == g_ble_hw_resolv_proc.irk_end) {
|
g_ble_hw_resolv_proc.f_done = 1;
|
g_ble_hw_resolv_proc.f_active = 0;
|
} else {
|
__asm__ volatile (".syntax unified \n"
|
" ldm %[ptr]!, {r1, r2, r3, r4} \n"
|
" ldr %[ptr], =%[reg] \n"
|
" stm %[ptr]!, {r1, r2, r3, r4} \n"
|
: [ptr] "+l" (src)
|
: [reg] "i" (&CMAC->CM_CRYPTO_KEY_31_0_REG)
|
: "r1", "r2", "r3", "r4", "memory");
|
|
CMAC->CM_EV_SET_REG = CMAC_CM_EV_SET_REG_EV_CRYPTO_START_Msk;
|
}
|
}
|
|
void
|
ble_hw_resolv_proc_enable(void)
|
{
|
assert(!g_ble_hw_resolv_proc.f_active);
|
|
CMAC->CM_CRYPTO_CTRL_REG = CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_SW_REQ_ABORT_Msk;
|
|
CMAC->CM_CRYPTO_CTRL_REG = CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_ECB_ENC_EN_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_IN_SEL_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_OUT_SEL_Msk |
|
CMAC_CM_CRYPTO_CTRL_REG_CM_CRYPTO_ENC_DECN_Msk;
|
|
CMAC->CM_CRYPTO_IN_ADR2_REG = (uint32_t)g_ble_hw_resolv_proc.crypto_prand_in;
|
CMAC->CM_CRYPTO_OUT_ADR_REG = (uint32_t)g_ble_hw_resolv_proc.crypto_e_out;
|
|
g_ble_hw_resolv_proc.irk = g_ble_hw_resolv_list.irk;
|
g_ble_hw_resolv_proc.irk_end = g_ble_hw_resolv_list.irk +
|
g_ble_hw_resolv_list.count;
|
g_ble_hw_resolv_proc.f_configured = 1;
|
g_ble_hw_resolv_proc.f_active = 0;
|
|
/*
|
* It would be better to enable IRQ in ble_hw_resolv_proc_start, but this
|
* would introduce a bit of latency when starting resolving procedure and
|
* we need to save every us possible there in order to be able to resolve
|
* RPA on time.
|
*/
|
NVIC_ClearPendingIRQ(CRYPTO_IRQn);
|
NVIC_EnableIRQ(CRYPTO_IRQn);
|
}
|
|
void
|
ble_hw_resolv_proc_disable(void)
|
{
|
g_ble_hw_resolv_proc.f_configured = 0;
|
g_ble_hw_resolv_proc.f_active = 0;
|
g_ble_hw_resolv_proc.f_match = 0;
|
g_ble_hw_resolv_proc.f_done = 1;
|
|
NVIC_DisableIRQ(CRYPTO_IRQn);
|
}
|
|
void
|
ble_hw_resolv_proc_reset(const uint8_t *addr)
|
{
|
g_ble_hw_resolv_proc.f_match = 0;
|
}
|
|
void
|
ble_hw_resolv_proc_start(const uint8_t *addr)
|
{
|
assert(g_ble_hw_resolv_proc.f_configured);
|
|
/* crypto_prand_in is already zeroed so prand is properly padded */
|
g_ble_hw_resolv_proc.crypto_prand_in[3] = get_be24(&addr[3]) << 8;
|
g_ble_hw_resolv_proc.hash = get_be24(&addr[0]);
|
|
g_ble_hw_resolv_proc.f_match = 0;
|
g_ble_hw_resolv_proc.f_done = 0;
|
g_ble_hw_resolv_proc.f_active = 1;
|
|
ble_hw_resolv_proc_next();
|
}
|
|
void
|
CRYPTO_IRQHandler(void)
|
{
|
uint32_t hash;
|
|
CMAC->CM_EXC_STAT_REG = CMAC_CM_EXC_STAT_REG_EXC_CRYPTO_Msk;
|
|
hash = g_ble_hw_resolv_proc.crypto_e_out[3] >> 8;
|
if (g_ble_hw_resolv_proc.hash == hash) {
|
g_ble_hw_resolv_proc.f_active = 0;
|
g_ble_hw_resolv_proc.f_match = 1;
|
g_ble_hw_resolv_proc.f_done = 1;
|
} else {
|
g_ble_hw_resolv_proc.irk++;
|
ble_hw_resolv_proc_next();
|
}
|
}
|
