projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Return LE SC confirm and random values for out-of-band data
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
d7a5a11d 55#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
0edb14de
JH		 56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
02b05bd8 73 SMP_FLAG_OOB,
533e35d4 74};
4bc58f51 75
88a479d9 76struct smp_dev {
60a27d65
MH		 77 /* Secure Connections OOB data */
78 u8 local_pk[64];
79 u8 local_sk[32];
80 u8 local_rr[16];
81 bool debug_key;
82
88a479d9 83 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 84 struct crypto_hash *tfm_cmac;
88a479d9
MH		 85};
86
4bc58f51 87struct smp_chan {
b68fda68
JH		 88 struct l2cap_conn *conn;
89 struct delayed_work security_timer;
b28b4943 90 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 91
4bc58f51
JH		 92 u8 preq[7]; /* SMP Pairing Request */
93 u8 prsp[7]; /* SMP Pairing Response */
94 u8 prnd[16]; /* SMP Pairing Random (local) */
95 u8 rrnd[16]; /* SMP Pairing Random (remote) */
96 u8 pcnf[16]; /* SMP Pairing Confirm */
97 u8 tk[16]; /* SMP Temporary Key */
a29b0733 98 u8 rr[16];
4bc58f51
JH		 99 u8 enc_key_size;
100 u8 remote_key_dist;
101 bdaddr_t id_addr;
102 u8 id_addr_type;
103 u8 irk[16];
104 struct smp_csrk *csrk;
105 struct smp_csrk *slave_csrk;
106 struct smp_ltk *ltk;
107 struct smp_ltk *slave_ltk;
108 struct smp_irk *remote_irk;
6a77083a 109 u8 *link_key;
4a74d658 110 unsigned long flags;
783e0574 111 u8 method;
38606f14 112 u8 passkey_round;
6a7bd103 113
3b19146d
JH		 114 /* Secure Connections variables */
115 u8 local_pk[64];
116 u8 local_sk[32];
d8f8edbe
JH		 117 u8 remote_pk[64];
118 u8 dhkey[32];
760b018b 119 u8 mackey[16];
3b19146d 120
6a7bd103 121 struct crypto_blkcipher *tfm_aes;
407cecf6 122 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 123};
124
aeb7d461
JH		 125/* These debug key values are defined in the SMP section of the core
126 * specification. debug_pk is the public debug key and debug_sk the
127 * private debug key.
128 */
129static const u8 debug_pk[64] = {
130 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
131 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
132 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
133 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
134
135 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
136 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
137 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
138 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
139};
140
141static const u8 debug_sk[32] = {
142 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
143 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
144 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
145 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
146};
147
8a2936f4 148static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 149{
8a2936f4 150 size_t i;
d22ef0bc 151
8a2936f4
JH		 152 for (i = 0; i < len; i++)
153 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 154}
155
06edf8de
JH		 156/* The following functions map to the LE SC SMP crypto functions
157 * AES-CMAC, f4, f5, f6, g2 and h6.
158 */
159
cbbbe3e2
JH		 160static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
161 size_t len, u8 mac[16])
162{
163 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
164 struct hash_desc desc;
165 struct scatterlist sg;
166 int err;
167
168 if (len > CMAC_MSG_MAX)
169 return -EFBIG;
170
171 if (!tfm) {
172 BT_ERR("tfm %p", tfm);
173 return -EINVAL;
174 }
175
176 desc.tfm = tfm;
177 desc.flags = 0;
178
179 crypto_hash_init(&desc);
180
181 /* Swap key and message from LSB to MSB */
182 swap_buf(k, tmp, 16);
183 swap_buf(m, msg_msb, len);
184
c7a3d57d
JH		 185 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
186 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 187
188 err = crypto_hash_setkey(tfm, tmp, 16);
189 if (err) {
190 BT_ERR("cipher setkey failed: %d", err);
191 return err;
192 }
193
194 sg_init_one(&sg, msg_msb, len);
195
196 err = crypto_hash_update(&desc, &sg, len);
197 if (err) {
198 BT_ERR("Hash update error %d", err);
199 return err;
200 }
201
202 err = crypto_hash_final(&desc, mac_msb);
203 if (err) {
204 BT_ERR("Hash final error %d", err);
205 return err;
206 }
207
208 swap_buf(mac_msb, mac, 16);
209
c7a3d57d 210 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 211
212 return 0;
213}
214
215static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
216 const u8 x[16], u8 z, u8 res[16])
217{
218 u8 m[65];
219 int err;
220
c7a3d57d
JH		 221 SMP_DBG("u %32phN", u);
222 SMP_DBG("v %32phN", v);
223 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 224
225 m[0] = z;
226 memcpy(m + 1, v, 32);
227 memcpy(m + 33, u, 32);
228
229 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
230 if (err)
231 return err;
232
c7a3d57d 233 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 234
235 return err;
236}
237
4da50de8
JH		 238static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
239 const u8 n1[16], const u8 n2[16], const u8 a1[7],
240 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 241{
242 /* The btle, salt and length "magic" values are as defined in
243 * the SMP section of the Bluetooth core specification. In ASCII
244 * the btle value ends up being 'btle'. The salt is just a
245 * random number whereas length is the value 256 in little
246 * endian format.
247 */
248 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
249 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
250 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
251 const u8 length[2] = { 0x00, 0x01 };
252 u8 m[53], t[16];
253 int err;
254
c7a3d57d
JH		 255 SMP_DBG("w %32phN", w);
256 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
257 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 258
259 err = aes_cmac(tfm_cmac, salt, w, 32, t);
260 if (err)
261 return err;
262
c7a3d57d 263 SMP_DBG("t %16phN", t);
760b018b
JH		 264
265 memcpy(m, length, 2);
266 memcpy(m + 2, a2, 7);
267 memcpy(m + 9, a1, 7);
268 memcpy(m + 16, n2, 16);
269 memcpy(m + 32, n1, 16);
270 memcpy(m + 48, btle, 4);
271
272 m[52] = 0; /* Counter */
273
274 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
275 if (err)
276 return err;
277
c7a3d57d 278 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 279
280 m[52] = 1; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
283 if (err)
284 return err;
285
c7a3d57d 286 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 287
288 return 0;
289}
290
291static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 292 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 293 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
294 u8 res[16])
295{
296 u8 m[65];
297 int err;
298
c7a3d57d
JH		 299 SMP_DBG("w %16phN", w);
300 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
301 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 302
303 memcpy(m, a2, 7);
304 memcpy(m + 7, a1, 7);
305 memcpy(m + 14, io_cap, 3);
306 memcpy(m + 17, r, 16);
307 memcpy(m + 33, n2, 16);
308 memcpy(m + 49, n1, 16);
309
310 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
311 if (err)
312 return err;
313
203de21b 314 SMP_DBG("res %16phN", res);
760b018b
JH		 315
316 return err;
317}
318
191dc7fe
JH		 319static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
320 const u8 x[16], const u8 y[16], u32 *val)
321{
322 u8 m[80], tmp[16];
323 int err;
324
c7a3d57d
JH		 325 SMP_DBG("u %32phN", u);
326 SMP_DBG("v %32phN", v);
327 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 328
329 memcpy(m, y, 16);
330 memcpy(m + 16, v, 32);
331 memcpy(m + 48, u, 32);
332
333 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
334 if (err)
335 return err;
336
337 *val = get_unaligned_le32(tmp);
338 *val %= 1000000;
339
c7a3d57d 340 SMP_DBG("val %06u", *val);
191dc7fe
JH		 341
342 return 0;
343}
344
06edf8de
JH		 345static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
346 const u8 key_id[4], u8 res[16])
347{
348 int err;
349
350 SMP_DBG("w %16phN key_id %4phN", w, key_id);
351
352 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
353 if (err)
354 return err;
355
356 SMP_DBG("res %16phN", res);
357
358 return err;
359}
360
361/* The following functions map to the legacy SMP crypto functions e, c1,
362 * s1 and ah.
363 */
364
d22ef0bc
AB		 365static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
366{
367 struct blkcipher_desc desc;
368 struct scatterlist sg;
943a732a 369 uint8_t tmp[16], data[16];
201a5929 370 int err;
d22ef0bc 371
7f376cd6 372 if (!tfm) {
d22ef0bc
AB		 373 BT_ERR("tfm %p", tfm);
374 return -EINVAL;
375 }
376
377 desc.tfm = tfm;
378 desc.flags = 0;
379
943a732a 380 /* The most significant octet of key corresponds to k[0] */
8a2936f4 381 swap_buf(k, tmp, 16);
943a732a
JH		 382
383 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 384 if (err) {
385 BT_ERR("cipher setkey failed: %d", err);
386 return err;
387 }
388
943a732a 389 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 390 swap_buf(r, data, 16);
943a732a
JH		 391
392 sg_init_one(&sg, data, 16);
d22ef0bc 393
d22ef0bc
AB		 394 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
395 if (err)
396 BT_ERR("Encrypt data error %d", err);
397
943a732a 398 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 399 swap_buf(data, r, 16);
943a732a 400
d22ef0bc
AB		 401 return err;
402}
403
06edf8de
JH		 404static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
405 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
406 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 407{
06edf8de 408 u8 p1[16], p2[16];
6a77083a
JH		 409 int err;
410
06edf8de 411 memset(p1, 0, 16);
6a77083a 412
06edf8de
JH		 413 /* p1 = pres || preq || _rat || _iat */
414 p1[0] = _iat;
415 p1[1] = _rat;
416 memcpy(p1 + 2, preq, 7);
417 memcpy(p1 + 9, pres, 7);
418
419 /* p2 = padding || ia || ra */
420 memcpy(p2, ra, 6);
421 memcpy(p2 + 6, ia, 6);
422 memset(p2 + 12, 0, 4);
423
424 /* res = r XOR p1 */
425 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
426
427 /* res = e(k, res) */
428 err = smp_e(tfm_aes, k, res);
429 if (err) {
430 BT_ERR("Encrypt data error");
6a77083a 431 return err;
06edf8de 432 }
6a77083a 433
06edf8de
JH		 434 /* res = res XOR p2 */
435 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
436
437 /* res = e(k, res) */
438 err = smp_e(tfm_aes, k, res);
439 if (err)
440 BT_ERR("Encrypt data error");
441
442 return err;
443}
444
445static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
446 const u8 r1[16], const u8 r2[16], u8 _r[16])
447{
448 int err;
449
450 /* Just least significant octets from r1 and r2 are considered */
451 memcpy(_r, r2, 8);
452 memcpy(_r + 8, r1, 8);
453
454 err = smp_e(tfm_aes, k, _r);
455 if (err)
456 BT_ERR("Encrypt data error");
6a77083a
JH		 457
458 return err;
459}
460
cd082797
JH		 461static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
462 const u8 r[3], u8 res[3])
60478054 463{
943a732a 464 u8 _res[16];
60478054
JH		 465 int err;
466
467 /* r' = padding || r */
943a732a
JH		 468 memcpy(_res, r, 3);
469 memset(_res + 3, 0, 13);
60478054 470
943a732a 471 err = smp_e(tfm, irk, _res);
60478054
JH		 472 if (err) {
473 BT_ERR("Encrypt error");
474 return err;
475 }
476
477 /* The output of the random address function ah is:
478 * ah(h, r) = e(k, r') mod 2^24
479 * The output of the security function e is then truncated to 24 bits
480 * by taking the least significant 24 bits of the output of e as the
481 * result of ah.
482 */
943a732a 483 memcpy(res, _res, 3);
60478054
JH		 484
485 return 0;
486}
487
cd082797
JH		 488bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
489 const bdaddr_t *bdaddr)
60478054 490{
defce9e8 491 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 492 struct smp_dev *smp;
60478054
JH		 493 u8 hash[3];
494 int err;
495
defce9e8
JH		 496 if (!chan || !chan->data)
497 return false;
498
88a479d9 499 smp = chan->data;
defce9e8 500
60478054
JH		 501 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
502
88a479d9 503 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 504 if (err)
505 return false;
506
507 return !memcmp(bdaddr->b, hash, 3);
508}
509
cd082797 510int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 511{
defce9e8 512 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 513 struct smp_dev *smp;
b1e2b3ae
JH		 514 int err;
515
defce9e8
JH		 516 if (!chan || !chan->data)
517 return -EOPNOTSUPP;
518
88a479d9 519 smp = chan->data;
defce9e8 520
b1e2b3ae
JH		 521 get_random_bytes(&rpa->b[3], 3);
522
523 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
524 rpa->b[5] |= 0x40; /* Set second most significant bit */
525
88a479d9 526 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 527 if (err < 0)
528 return err;
529
530 BT_DBG("RPA %pMR", rpa);
531
532 return 0;
533}
534
60a27d65
MH		 535int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
536{
537 struct l2cap_chan *chan = hdev->smp_data;
538 struct smp_dev *smp;
539 int err;
540
541 if (!chan || !chan->data)
542 return -EOPNOTSUPP;
543
544 smp = chan->data;
545
546 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
547 BT_DBG("Using debug keys");
548 memcpy(smp->local_pk, debug_pk, 64);
549 memcpy(smp->local_sk, debug_sk, 32);
550 smp->debug_key = true;
551 } else {
552 while (true) {
553 /* Generate local key pair for Secure Connections */
554 if (!ecc_make_key(smp->local_pk, smp->local_sk))
555 return -EIO;
556
557 /* This is unlikely, but we need to check that
558 * we didn't accidentially generate a debug key.
559 */
560 if (memcmp(smp->local_sk, debug_sk, 32))
561 break;
562 }
563 smp->debug_key = false;
564 }
565
566 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
567 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
568 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
569
570 get_random_bytes(smp->local_rr, 16);
571
572 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
573 smp->local_rr, 0, hash);
574 if (err < 0)
575 return err;
576
577 memcpy(rand, smp->local_rr, 16);
578
579 return 0;
580}
581
5d88cc73 582static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 583{
5d88cc73 584 struct l2cap_chan *chan = conn->smp;
b68fda68 585 struct smp_chan *smp;
5d88cc73
JH		 586 struct kvec iv[2];
587 struct msghdr msg;
eb492e01 588
5d88cc73
JH		 589 if (!chan)
590 return;
eb492e01 591
5d88cc73 592 BT_DBG("code 0x%2.2x", code);
eb492e01 593
5d88cc73
JH		 594 iv[0].iov_base = &code;
595 iv[0].iov_len = 1;
eb492e01 596
5d88cc73
JH		 597 iv[1].iov_base = data;
598 iv[1].iov_len = len;
eb492e01 599
5d88cc73 600 memset(&msg, 0, sizeof(msg));
eb492e01 601
17836394 602 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 603
5d88cc73 604 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 605
b68fda68
JH		 606 if (!chan->data)
607 return;
608
609 smp = chan->data;
610
611 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 612 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 613}
614
d2eb9e10 615static u8 authreq_to_seclevel(u8 authreq)
2b64d153 616{
d2eb9e10
JH		 617 if (authreq & SMP_AUTH_MITM) {
618 if (authreq & SMP_AUTH_SC)
619 return BT_SECURITY_FIPS;
620 else
621 return BT_SECURITY_HIGH;
622 } else {
2b64d153 623 return BT_SECURITY_MEDIUM;
d2eb9e10 624 }
2b64d153
BG		 625}
626
627static __u8 seclevel_to_authreq(__u8 sec_level)
628{
629 switch (sec_level) {
d2eb9e10 630 case BT_SECURITY_FIPS:
2b64d153
BG		 631 case BT_SECURITY_HIGH:
632 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
633 case BT_SECURITY_MEDIUM:
634 return SMP_AUTH_BONDING;
635 default:
636 return SMP_AUTH_NONE;
637 }
638}
639
b8e66eac 640static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 641 struct smp_cmd_pairing *req,
642 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 643{
5d88cc73
JH		 644 struct l2cap_chan *chan = conn->smp;
645 struct smp_chan *smp = chan->data;
fd349c02
JH		 646 struct hci_conn *hcon = conn->hcon;
647 struct hci_dev *hdev = hcon->hdev;
02b05bd8 648 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 649
d7a5a11d 650 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 651 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
652 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 653 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 654 } else {
655 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 656 }
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 659 remote_dist |= SMP_DIST_ID_KEY;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 662 local_dist |= SMP_DIST_ID_KEY;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 665 (authreq & SMP_AUTH_SC)) {
666 struct oob_data *oob_data;
667 u8 bdaddr_type;
668
d7a5a11d 669 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 670 local_dist |= SMP_DIST_LINK_KEY;
671 remote_dist |= SMP_DIST_LINK_KEY;
672 }
02b05bd8
JH		 673
674 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
675 bdaddr_type = BDADDR_LE_PUBLIC;
676 else
677 bdaddr_type = BDADDR_LE_RANDOM;
678
679 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
680 bdaddr_type);
4775a4ea 681 if (oob_data && oob_data->present) {
02b05bd8
JH		 682 set_bit(SMP_FLAG_OOB, &smp->flags);
683 oob_flag = SMP_OOB_PRESENT;
a29b0733 684 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 685 memcpy(smp->pcnf, oob_data->hash256, 16);
686 }
687
df8e1a4c
JH		 688 } else {
689 authreq &= ~SMP_AUTH_SC;
690 }
691
54790f73
VCG		 692 if (rsp == NULL) {
693 req->io_capability = conn->hcon->io_capability;
02b05bd8 694 req->oob_flag = oob_flag;
54790f73 695 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 696 req->init_key_dist = local_dist;
697 req->resp_key_dist = remote_dist;
0edb14de 698 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 699
700 smp->remote_key_dist = remote_dist;
54790f73
VCG		 701 return;
702 }
703
704 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 705 rsp->oob_flag = oob_flag;
54790f73 706 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 707 rsp->init_key_dist = req->init_key_dist & remote_dist;
708 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 709 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 710
711 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 712}
713
3158c50c
VCG		 714static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
715{
5d88cc73
JH		 716 struct l2cap_chan *chan = conn->smp;
717 struct smp_chan *smp = chan->data;
1c1def09 718
3158c50c 719 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 720 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 721 return SMP_ENC_KEY_SIZE;
722
f7aa611a 723 smp->enc_key_size = max_key_size;
3158c50c
VCG		 724
725 return 0;
726}
727
6f48e260
JH		 728static void smp_chan_destroy(struct l2cap_conn *conn)
729{
730 struct l2cap_chan *chan = conn->smp;
731 struct smp_chan *smp = chan->data;
923e2414 732 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 733 bool complete;
734
735 BUG_ON(!smp);
736
737 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 738
6f48e260 739 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 740 mgmt_smp_complete(hcon, complete);
6f48e260 741
276812ec
MH		 742 kzfree(smp->csrk);
743 kzfree(smp->slave_csrk);
744 kzfree(smp->link_key);
6f48e260
JH		 745
746 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 747 crypto_free_hash(smp->tfm_cmac);
6f48e260 748
923e2414
JH		 749 /* Ensure that we don't leave any debug key around if debug key
750 * support hasn't been explicitly enabled.
751 */
752 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 753 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 754 list_del_rcu(&smp->ltk->list);
755 kfree_rcu(smp->ltk, rcu);
756 smp->ltk = NULL;
757 }
758
6f48e260
JH		 759 /* If pairing failed clean up any keys we might have */
760 if (!complete) {
761 if (smp->ltk) {
970d0f1b
JH		 762 list_del_rcu(&smp->ltk->list);
763 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 764 }
765
766 if (smp->slave_ltk) {
970d0f1b
JH		 767 list_del_rcu(&smp->slave_ltk->list);
768 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 769 }
770
771 if (smp->remote_irk) {
adae20cb
JH		 772 list_del_rcu(&smp->remote_irk->list);
773 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 774 }
775 }
776
777 chan->data = NULL;
276812ec 778 kzfree(smp);
923e2414 779 hci_conn_drop(hcon);
6f48e260
JH		 780}
781
84794e11 782static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 783{
bab73cb6 784 struct hci_conn *hcon = conn->hcon;
b68fda68 785 struct l2cap_chan *chan = conn->smp;
bab73cb6 786
84794e11 787 if (reason)
4f957a76 788 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 789 &reason);
4f957a76 790
ce39fb4e 791 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 792 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 793
fc75cc86 794 if (chan->data)
f1c09c07 795 smp_chan_destroy(conn);
4f957a76
BG		 796}
797
2b64d153
BG		 798#define JUST_WORKS 0x00
799#define JUST_CFM 0x01
800#define REQ_PASSKEY 0x02
801#define CFM_PASSKEY 0x03
802#define REQ_OOB 0x04
5e3d3d9b 803#define DSP_PASSKEY 0x05
2b64d153
BG		 804#define OVERLAP 0xFF
805
806static const u8 gen_method[5][5] = {
807 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
808 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
809 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
810 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
811 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
812};
813
5e3d3d9b
JH		 814static const u8 sc_method[5][5] = {
815 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
816 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
817 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
818 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
819 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
820};
821
581370cc
JH		 822static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
823{
2bcd4003
JH		 824 /* If either side has unknown io_caps, use JUST_CFM (which gets
825 * converted later to JUST_WORKS if we're initiators.
826 */
581370cc
JH		 827 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
828 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 829 return JUST_CFM;
581370cc 830
5e3d3d9b
JH		 831 if (test_bit(SMP_FLAG_SC, &smp->flags))
832 return sc_method[remote_io][local_io];
833
581370cc
JH		 834 return gen_method[remote_io][local_io];
835}
836
2b64d153
BG		 837static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
838 u8 local_io, u8 remote_io)
839{
840 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 841 struct l2cap_chan *chan = conn->smp;
842 struct smp_chan *smp = chan->data;
2b64d153
BG		 843 u32 passkey = 0;
844 int ret = 0;
845
846 /* Initialize key for JUST WORKS */
847 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 848 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 849
850 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
851
2bcd4003
JH		 852 /* If neither side wants MITM, either "just" confirm an incoming
853 * request or use just-works for outgoing ones. The JUST_CFM
854 * will be converted to JUST_WORKS if necessary later in this
855 * function. If either side has MITM look up the method from the
856 * table.
857 */
581370cc 858 if (!(auth & SMP_AUTH_MITM))
783e0574 859 smp->method = JUST_CFM;
2b64d153 860 else
783e0574 861 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 862
a82505c7 863 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 864 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
865 &smp->flags))
866 smp->method = JUST_WORKS;
a82505c7 867
02f3e254 868 /* Don't bother user space with no IO capabilities */
783e0574
JH		 869 if (smp->method == JUST_CFM &&
870 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
871 smp->method = JUST_WORKS;
02f3e254 872
2b64d153 873 /* If Just Works, Continue with Zero TK */
783e0574 874 if (smp->method == JUST_WORKS) {
4a74d658 875 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 876 return 0;
877 }
878
879 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 880 if (smp->method != JUST_CFM) {
4a74d658 881 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 882 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
883 hcon->pending_sec_level = BT_SECURITY_HIGH;
884 }
2b64d153
BG		 885
886 /* If both devices have Keyoard-Display I/O, the master
887 * Confirms and the slave Enters the passkey.
888 */
783e0574 889 if (smp->method == OVERLAP) {
40bef302 890 if (hcon->role == HCI_ROLE_MASTER)
783e0574 891 smp->method = CFM_PASSKEY;
2b64d153 892 else
783e0574 893 smp->method = REQ_PASSKEY;
2b64d153
BG		 894 }
895
01ad34d2 896 /* Generate random passkey. */
783e0574 897 if (smp->method == CFM_PASSKEY) {
943a732a 898 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 899 get_random_bytes(&passkey, sizeof(passkey));
900 passkey %= 1000000;
943a732a 901 put_unaligned_le32(passkey, smp->tk);
2b64d153 902 BT_DBG("PassKey: %d", passkey);
4a74d658 903 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 904 }
905
783e0574 906 if (smp->method == REQ_PASSKEY)
ce39fb4e 907 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 908 hcon->type, hcon->dst_type);
783e0574 909 else if (smp->method == JUST_CFM)
4eb65e66
JH		 910 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
911 hcon->type, hcon->dst_type,
912 passkey, 1);
2b64d153 913 else
01ad34d2 914 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 915 hcon->type, hcon->dst_type,
39adbffe 916 passkey, 0);
2b64d153 917
2b64d153
BG		 918 return ret;
919}
920
1cc61144 921static u8 smp_confirm(struct smp_chan *smp)
8aab4757 922{
8aab4757 923 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 924 struct smp_cmd_pairing_confirm cp;
925 int ret;
8aab4757
VCG		 926
927 BT_DBG("conn %p", conn);
928
e491eaf3 929 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 930 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 931 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
932 cp.confirm_val);
1cc61144
JH		 933 if (ret)
934 return SMP_UNSPECIFIED;
8aab4757 935
4a74d658 936 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 937
8aab4757
VCG		 938 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
939
b28b4943
JH		 940 if (conn->hcon->out)
941 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
942 else
943 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
944
1cc61144 945 return 0;
8aab4757
VCG		 946}
947
861580a9 948static u8 smp_random(struct smp_chan *smp)
8aab4757 949{
8aab4757
VCG		 950 struct l2cap_conn *conn = smp->conn;
951 struct hci_conn *hcon = conn->hcon;
861580a9 952 u8 confirm[16];
8aab4757
VCG		 953 int ret;
954
ec70f36f 955 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 956 return SMP_UNSPECIFIED;
8aab4757
VCG		 957
958 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
959
e491eaf3 960 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 961 hcon->init_addr_type, &hcon->init_addr,
943a732a 962 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 963 if (ret)
964 return SMP_UNSPECIFIED;
8aab4757 965
8aab4757
VCG		 966 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
967 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 968 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 969 }
970
971 if (hcon->out) {
fe39c7b2
MH		 972 u8 stk[16];
973 __le64 rand = 0;
974 __le16 ediv = 0;
8aab4757 975
e491eaf3 976 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 977
f7aa611a 978 memset(stk + smp->enc_key_size, 0,
04124681 979 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 980
861580a9
JH		 981 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
982 return SMP_UNSPECIFIED;
8aab4757
VCG		 983
984 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 985 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 986 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 987 } else {
fff3490f 988 u8 stk[16], auth;
fe39c7b2
MH		 989 __le64 rand = 0;
990 __le16 ediv = 0;
8aab4757 991
943a732a
JH		 992 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
993 smp->prnd);
8aab4757 994
e491eaf3 995 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 996
f7aa611a 997 memset(stk + smp->enc_key_size, 0,
f1560463 998 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 999
fff3490f
JH		 1000 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1001 auth = 1;
1002 else
1003 auth = 0;
1004
7d5843b7
JH		 1005 /* Even though there's no _SLAVE suffix this is the
1006 * slave STK we're adding for later lookup (the master
1007 * STK never needs to be stored).
1008 */
ce39fb4e 1009 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1010 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1011 }
1012
861580a9 1013 return 0;
8aab4757
VCG		 1014}
1015
44f1a7ab
JH		 1016static void smp_notify_keys(struct l2cap_conn *conn)
1017{
1018 struct l2cap_chan *chan = conn->smp;
1019 struct smp_chan *smp = chan->data;
1020 struct hci_conn *hcon = conn->hcon;
1021 struct hci_dev *hdev = hcon->hdev;
1022 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1023 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1024 bool persistent;
1025
1026 if (smp->remote_irk) {
1027 mgmt_new_irk(hdev, smp->remote_irk);
1028 /* Now that user space can be considered to know the
1029 * identity address track the connection based on it
b5ae344d 1030 * from now on (assuming this is an LE link).
44f1a7ab 1031 */
b5ae344d
JH		 1032 if (hcon->type == LE_LINK) {
1033 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1034 hcon->dst_type = smp->remote_irk->addr_type;
1035 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1036 }
44f1a7ab
JH		 1037
1038 /* When receiving an indentity resolving key for
1039 * a remote device that does not use a resolvable
1040 * private address, just remove the key so that
1041 * it is possible to use the controller white
1042 * list for scanning.
1043 *
1044 * Userspace will have been told to not store
1045 * this key at this point. So it is safe to
1046 * just remove it.
1047 */
1048 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 1049 list_del_rcu(&smp->remote_irk->list);
1050 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 1051 smp->remote_irk = NULL;
1052 }
1053 }
1054
b5ae344d
JH		 1055 if (hcon->type == ACL_LINK) {
1056 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1057 persistent = false;
1058 else
1059 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1060 &hcon->flags);
1061 } else {
1062 /* The LTKs and CSRKs should be persistent only if both sides
1063 * had the bonding bit set in their authentication requests.
1064 */
1065 persistent = !!((req->auth_req & rsp->auth_req) &
1066 SMP_AUTH_BONDING);
1067 }
1068
44f1a7ab
JH		 1069
1070 if (smp->csrk) {
1071 smp->csrk->bdaddr_type = hcon->dst_type;
1072 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1073 mgmt_new_csrk(hdev, smp->csrk, persistent);
1074 }
1075
1076 if (smp->slave_csrk) {
1077 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1078 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1079 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1080 }
1081
1082 if (smp->ltk) {
1083 smp->ltk->bdaddr_type = hcon->dst_type;
1084 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1085 mgmt_new_ltk(hdev, smp->ltk, persistent);
1086 }
1087
1088 if (smp->slave_ltk) {
1089 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1090 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1091 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1092 }
6a77083a
JH		 1093
1094 if (smp->link_key) {
e3befab9
JH		 1095 struct link_key *key;
1096 u8 type;
1097
1098 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1099 type = HCI_LK_DEBUG_COMBINATION;
1100 else if (hcon->sec_level == BT_SECURITY_FIPS)
1101 type = HCI_LK_AUTH_COMBINATION_P256;
1102 else
1103 type = HCI_LK_UNAUTH_COMBINATION_P256;
1104
1105 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1106 smp->link_key, type, 0, &persistent);
1107 if (key) {
1108 mgmt_new_link_key(hdev, key, persistent);
1109
1110 /* Don't keep debug keys around if the relevant
1111 * flag is not set.
1112 */
d7a5a11d 1113 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1114 key->type == HCI_LK_DEBUG_COMBINATION) {
1115 list_del_rcu(&key->list);
1116 kfree_rcu(key, rcu);
1117 }
1118 }
6a77083a
JH		 1119 }
1120}
1121
d3e54a87
JH		 1122static void sc_add_ltk(struct smp_chan *smp)
1123{
1124 struct hci_conn *hcon = smp->conn->hcon;
1125 u8 key_type, auth;
1126
1127 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1128 key_type = SMP_LTK_P256_DEBUG;
1129 else
1130 key_type = SMP_LTK_P256;
1131
1132 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1133 auth = 1;
1134 else
1135 auth = 0;
1136
1137 memset(smp->tk + smp->enc_key_size, 0,
1138 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1139
1140 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1141 key_type, auth, smp->tk, smp->enc_key_size,
1142 0, 0);
1143}
1144
6a77083a
JH		 1145static void sc_generate_link_key(struct smp_chan *smp)
1146{
1147 /* These constants are as specified in the core specification.
1148 * In ASCII they spell out to 'tmp1' and 'lebr'.
1149 */
1150 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1151 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1152
1153 smp->link_key = kzalloc(16, GFP_KERNEL);
1154 if (!smp->link_key)
1155 return;
1156
1157 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
276812ec 1158 kzfree(smp->link_key);
6a77083a
JH		 1159 smp->link_key = NULL;
1160 return;
1161 }
1162
1163 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1164 kzfree(smp->link_key);
6a77083a
JH		 1165 smp->link_key = NULL;
1166 return;
1167 }
44f1a7ab
JH		 1168}
1169
b28b4943
JH		 1170static void smp_allow_key_dist(struct smp_chan *smp)
1171{
1172 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1173 * will be allowed in each PDU handler to ensure we receive
1174 * them in the correct order.
1175 */
1176 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1177 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1178 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1179 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1180 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1182}
1183
b5ae344d
JH		 1184static void sc_generate_ltk(struct smp_chan *smp)
1185{
1186 /* These constants are as specified in the core specification.
1187 * In ASCII they spell out to 'tmp2' and 'brle'.
1188 */
1189 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1190 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1191 struct hci_conn *hcon = smp->conn->hcon;
1192 struct hci_dev *hdev = hcon->hdev;
1193 struct link_key *key;
1194
1195 key = hci_find_link_key(hdev, &hcon->dst);
1196 if (!key) {
1197 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1198 return;
1199 }
1200
1201 if (key->type == HCI_LK_DEBUG_COMBINATION)
1202 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1203
1204 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1205 return;
1206
1207 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1208 return;
1209
1210 sc_add_ltk(smp);
1211}
1212
d6268e86 1213static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1214{
1215 struct smp_cmd_pairing *req, *rsp;
86d1407c 1216 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1217 struct hci_conn *hcon = conn->hcon;
1218 struct hci_dev *hdev = hcon->hdev;
1219 __u8 *keydist;
1220
1221 BT_DBG("conn %p", conn);
1222
44f1a7ab
JH		 1223 rsp = (void *) &smp->prsp[1];
1224
1225 /* The responder sends its keys first */
b28b4943
JH		 1226 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1227 smp_allow_key_dist(smp);
86d1407c 1228 return;
b28b4943 1229 }
44f1a7ab
JH		 1230
1231 req = (void *) &smp->preq[1];
1232
1233 if (hcon->out) {
1234 keydist = &rsp->init_key_dist;
1235 *keydist &= req->init_key_dist;
1236 } else {
1237 keydist = &rsp->resp_key_dist;
1238 *keydist &= req->resp_key_dist;
1239 }
1240
6a77083a 1241 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1242 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1243 sc_generate_link_key(smp);
b5ae344d
JH		 1244 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1245 sc_generate_ltk(smp);
6a77083a
JH		 1246
1247 /* Clear the keys which are generated but not distributed */
1248 *keydist &= ~SMP_SC_NO_DIST;
1249 }
1250
44f1a7ab
JH		 1251 BT_DBG("keydist 0x%x", *keydist);
1252
1253 if (*keydist & SMP_DIST_ENC_KEY) {
1254 struct smp_cmd_encrypt_info enc;
1255 struct smp_cmd_master_ident ident;
1256 struct smp_ltk *ltk;
1257 u8 authenticated;
1258 __le16 ediv;
1259 __le64 rand;
1260
1261 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1262 get_random_bytes(&ediv, sizeof(ediv));
1263 get_random_bytes(&rand, sizeof(rand));
1264
1265 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1266
1267 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1268 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1269 SMP_LTK_SLAVE, authenticated, enc.ltk,
1270 smp->enc_key_size, ediv, rand);
1271 smp->slave_ltk = ltk;
1272
1273 ident.ediv = ediv;
1274 ident.rand = rand;
1275
1276 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1277
1278 *keydist &= ~SMP_DIST_ENC_KEY;
1279 }
1280
1281 if (*keydist & SMP_DIST_ID_KEY) {
1282 struct smp_cmd_ident_addr_info addrinfo;
1283 struct smp_cmd_ident_info idinfo;
1284
1285 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1286
1287 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1288
1289 /* The hci_conn contains the local identity address
1290 * after the connection has been established.
1291 *
1292 * This is true even when the connection has been
1293 * established using a resolvable random address.
1294 */
1295 bacpy(&addrinfo.bdaddr, &hcon->src);
1296 addrinfo.addr_type = hcon->src_type;
1297
1298 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1299 &addrinfo);
1300
1301 *keydist &= ~SMP_DIST_ID_KEY;
1302 }
1303
1304 if (*keydist & SMP_DIST_SIGN) {
1305 struct smp_cmd_sign_info sign;
1306 struct smp_csrk *csrk;
1307
1308 /* Generate a new random key */
1309 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1310
1311 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1312 if (csrk) {
4cd3928a
JH		 1313 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1314 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1315 else
1316 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1317 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1318 }
1319 smp->slave_csrk = csrk;
1320
1321 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1322
1323 *keydist &= ~SMP_DIST_SIGN;
1324 }
1325
1326 /* If there are still keys to be received wait for them */
b28b4943
JH		 1327 if (smp->remote_key_dist & KEY_DIST_MASK) {
1328 smp_allow_key_dist(smp);
86d1407c 1329 return;
b28b4943 1330 }
44f1a7ab 1331
44f1a7ab
JH		 1332 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1333 smp_notify_keys(conn);
1334
1335 smp_chan_destroy(conn);
44f1a7ab
JH		 1336}
1337
b68fda68
JH		 1338static void smp_timeout(struct work_struct *work)
1339{
1340 struct smp_chan *smp = container_of(work, struct smp_chan,
1341 security_timer.work);
1342 struct l2cap_conn *conn = smp->conn;
1343
1344 BT_DBG("conn %p", conn);
1345
1e91c29e 1346 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1347}
1348
8aab4757
VCG		 1349static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1350{
5d88cc73 1351 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1352 struct smp_chan *smp;
1353
f1560463 1354 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1355 if (!smp)
8aab4757
VCG		 1356 return NULL;
1357
6a7bd103
JH		 1358 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1359 if (IS_ERR(smp->tfm_aes)) {
1360 BT_ERR("Unable to create ECB crypto context");
276812ec 1361 kzfree(smp);
6a7bd103
JH		 1362 return NULL;
1363 }
1364
407cecf6
JH		 1365 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1366 if (IS_ERR(smp->tfm_cmac)) {
1367 BT_ERR("Unable to create CMAC crypto context");
1368 crypto_free_blkcipher(smp->tfm_aes);
276812ec 1369 kzfree(smp);
407cecf6
JH		 1370 return NULL;
1371 }
1372
8aab4757 1373 smp->conn = conn;
5d88cc73 1374 chan->data = smp;
8aab4757 1375
b28b4943
JH		 1376 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1377
b68fda68
JH		 1378 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1379
8aab4757
VCG		 1380 hci_conn_hold(conn->hcon);
1381
1382 return smp;
1383}
1384
760b018b
JH		 1385static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1386{
1387 struct hci_conn *hcon = smp->conn->hcon;
1388 u8 *na, *nb, a[7], b[7];
1389
1390 if (hcon->out) {
1391 na = smp->prnd;
1392 nb = smp->rrnd;
1393 } else {
1394 na = smp->rrnd;
1395 nb = smp->prnd;
1396 }
1397
1398 memcpy(a, &hcon->init_addr, 6);
1399 memcpy(b, &hcon->resp_addr, 6);
1400 a[6] = hcon->init_addr_type;
1401 b[6] = hcon->resp_addr_type;
1402
1403 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1404}
1405
38606f14 1406static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1407{
1408 struct hci_conn *hcon = smp->conn->hcon;
1409 struct smp_cmd_dhkey_check check;
1410 u8 a[7], b[7], *local_addr, *remote_addr;
1411 u8 io_cap[3], r[16];
1412
760b018b
JH		 1413 memcpy(a, &hcon->init_addr, 6);
1414 memcpy(b, &hcon->resp_addr, 6);
1415 a[6] = hcon->init_addr_type;
1416 b[6] = hcon->resp_addr_type;
1417
1418 if (hcon->out) {
1419 local_addr = a;
1420 remote_addr = b;
1421 memcpy(io_cap, &smp->preq[1], 3);
1422 } else {
1423 local_addr = b;
1424 remote_addr = a;
1425 memcpy(io_cap, &smp->prsp[1], 3);
1426 }
1427
dddd3059
JH		 1428 memset(r, 0, sizeof(r));
1429
1430 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1431 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1432
a29b0733
JH		 1433 if (smp->method == REQ_OOB)
1434 memcpy(r, smp->rr, 16);
1435
760b018b
JH		 1436 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1437 local_addr, remote_addr, check.e);
1438
1439 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1440}
1441
38606f14
JH		 1442static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1443{
1444 struct l2cap_conn *conn = smp->conn;
1445 struct hci_conn *hcon = conn->hcon;
1446 struct smp_cmd_pairing_confirm cfm;
1447 u8 r;
1448
1449 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1450 r |= 0x80;
1451
1452 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1453
1454 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1455 cfm.confirm_val))
1456 return SMP_UNSPECIFIED;
1457
1458 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1459
1460 return 0;
1461}
1462
1463static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1464{
1465 struct l2cap_conn *conn = smp->conn;
1466 struct hci_conn *hcon = conn->hcon;
1467 struct hci_dev *hdev = hcon->hdev;
1468 u8 cfm[16], r;
1469
1470 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1471 if (smp->passkey_round >= 20)
1472 return 0;
1473
1474 switch (smp_op) {
1475 case SMP_CMD_PAIRING_RANDOM:
1476 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1477 r |= 0x80;
1478
1479 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1480 smp->rrnd, r, cfm))
1481 return SMP_UNSPECIFIED;
1482
1483 if (memcmp(smp->pcnf, cfm, 16))
1484 return SMP_CONFIRM_FAILED;
1485
1486 smp->passkey_round++;
1487
1488 if (smp->passkey_round == 20) {
1489 /* Generate MacKey and LTK */
1490 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1491 return SMP_UNSPECIFIED;
1492 }
1493
1494 /* The round is only complete when the initiator
1495 * receives pairing random.
1496 */
1497 if (!hcon->out) {
1498 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1499 sizeof(smp->prnd), smp->prnd);
d3e54a87 1500 if (smp->passkey_round == 20)
38606f14 1501 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1502 else
38606f14 1503 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1504 return 0;
1505 }
1506
1507 /* Start the next round */
1508 if (smp->passkey_round != 20)
1509 return sc_passkey_round(smp, 0);
1510
1511 /* Passkey rounds are complete - start DHKey Check */
1512 sc_dhkey_check(smp);
1513 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1514
1515 break;
1516
1517 case SMP_CMD_PAIRING_CONFIRM:
1518 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1519 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1520 return 0;
1521 }
1522
1523 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1524
1525 if (hcon->out) {
1526 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1527 sizeof(smp->prnd), smp->prnd);
1528 return 0;
1529 }
1530
1531 return sc_passkey_send_confirm(smp);
1532
1533 case SMP_CMD_PUBLIC_KEY:
1534 default:
1535 /* Initiating device starts the round */
1536 if (!hcon->out)
1537 return 0;
1538
1539 BT_DBG("%s Starting passkey round %u", hdev->name,
1540 smp->passkey_round + 1);
1541
1542 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1543
1544 return sc_passkey_send_confirm(smp);
1545 }
1546
1547 return 0;
1548}
1549
dddd3059
JH		 1550static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1551{
38606f14
JH		 1552 struct l2cap_conn *conn = smp->conn;
1553 struct hci_conn *hcon = conn->hcon;
1554 u8 smp_op;
1555
1556 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1557
dddd3059
JH		 1558 switch (mgmt_op) {
1559 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1560 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1561 return 0;
1562 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1563 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1564 return 0;
38606f14
JH		 1565 case MGMT_OP_USER_PASSKEY_REPLY:
1566 hcon->passkey_notify = le32_to_cpu(passkey);
1567 smp->passkey_round = 0;
1568
1569 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1570 smp_op = SMP_CMD_PAIRING_CONFIRM;
1571 else
1572 smp_op = 0;
1573
1574 if (sc_passkey_round(smp, smp_op))
1575 return -EIO;
1576
1577 return 0;
dddd3059
JH		 1578 }
1579
d3e54a87
JH		 1580 /* Initiator sends DHKey check first */
1581 if (hcon->out) {
1582 sc_dhkey_check(smp);
1583 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1584 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1585 sc_dhkey_check(smp);
1586 sc_add_ltk(smp);
1587 }
760b018b
JH		 1588
1589 return 0;
1590}
1591
2b64d153
BG		 1592int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1593{
b10e8017 1594 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1595 struct l2cap_chan *chan;
2b64d153
BG		 1596 struct smp_chan *smp;
1597 u32 value;
fc75cc86 1598 int err;
2b64d153
BG		 1599
1600 BT_DBG("");
1601
fc75cc86 1602 if (!conn)
2b64d153
BG		 1603 return -ENOTCONN;
1604
5d88cc73
JH		 1605 chan = conn->smp;
1606 if (!chan)
1607 return -ENOTCONN;
1608
fc75cc86
JH		 1609 l2cap_chan_lock(chan);
1610 if (!chan->data) {
1611 err = -ENOTCONN;
1612 goto unlock;
1613 }
1614
5d88cc73 1615 smp = chan->data;
2b64d153 1616
760b018b
JH		 1617 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1618 err = sc_user_reply(smp, mgmt_op, passkey);
1619 goto unlock;
1620 }
1621
2b64d153
BG		 1622 switch (mgmt_op) {
1623 case MGMT_OP_USER_PASSKEY_REPLY:
1624 value = le32_to_cpu(passkey);
943a732a 1625 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1626 BT_DBG("PassKey: %d", value);
943a732a 1627 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1628 /* Fall Through */
1629 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1630 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1631 break;
1632 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1633 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1634 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1635 err = 0;
1636 goto unlock;
2b64d153 1637 default:
84794e11 1638 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1639 err = -EOPNOTSUPP;
1640 goto unlock;
2b64d153
BG		 1641 }
1642
fc75cc86
JH		 1643 err = 0;
1644
2b64d153 1645 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1646 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1647 u8 rsp = smp_confirm(smp);
1648 if (rsp)
1649 smp_failure(conn, rsp);
1650 }
2b64d153 1651
fc75cc86
JH		 1652unlock:
1653 l2cap_chan_unlock(chan);
1654 return err;
2b64d153
BG		 1655}
1656
b5ae344d
JH		 1657static void build_bredr_pairing_cmd(struct smp_chan *smp,
1658 struct smp_cmd_pairing *req,
1659 struct smp_cmd_pairing *rsp)
1660{
1661 struct l2cap_conn *conn = smp->conn;
1662 struct hci_dev *hdev = conn->hcon->hdev;
1663 u8 local_dist = 0, remote_dist = 0;
1664
d7a5a11d 1665 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1666 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1667 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1668 }
1669
d7a5a11d 1670 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1671 remote_dist |= SMP_DIST_ID_KEY;
1672
d7a5a11d 1673 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1674 local_dist |= SMP_DIST_ID_KEY;
1675
1676 if (!rsp) {
1677 memset(req, 0, sizeof(*req));
1678
1679 req->init_key_dist = local_dist;
1680 req->resp_key_dist = remote_dist;
1681 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1682
1683 smp->remote_key_dist = remote_dist;
1684
1685 return;
1686 }
1687
1688 memset(rsp, 0, sizeof(*rsp));
1689
1690 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1691 rsp->init_key_dist = req->init_key_dist & remote_dist;
1692 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1693
1694 smp->remote_key_dist = rsp->init_key_dist;
1695}
1696
da85e5e5 1697static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1698{
3158c50c 1699 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1700 struct l2cap_chan *chan = conn->smp;
b3c6410b 1701 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1702 struct smp_chan *smp;
c7262e71 1703 u8 key_size, auth, sec_level;
8aab4757 1704 int ret;
88ba43b6
AB		 1705
1706 BT_DBG("conn %p", conn);
1707
c46b98be 1708 if (skb->len < sizeof(*req))
38e4a915 1709 return SMP_INVALID_PARAMS;
c46b98be 1710
40bef302 1711 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1712 return SMP_CMD_NOTSUPP;
1713
fc75cc86 1714 if (!chan->data)
8aab4757 1715 smp = smp_chan_create(conn);
fc75cc86 1716 else
5d88cc73 1717 smp = chan->data;
8aab4757 1718
d08fd0e7
AE		 1719 if (!smp)
1720 return SMP_UNSPECIFIED;
d26a2345 1721
c05b9339 1722 /* We didn't start the pairing, so match remote */
0edb14de 1723 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1724
d7a5a11d 1725 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1726 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1727 return SMP_PAIRING_NOTSUPP;
1728
d7a5a11d 1729 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1730 return SMP_AUTH_REQUIREMENTS;
1731
1c1def09
VCG		 1732 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1733 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1734 skb_pull(skb, sizeof(*req));
88ba43b6 1735
b5ae344d
JH		 1736 /* SMP over BR/EDR requires special treatment */
1737 if (conn->hcon->type == ACL_LINK) {
1738 /* We must have a BR/EDR SC link */
08f63cc5 1739 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1740 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1741 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1742
1743 set_bit(SMP_FLAG_SC, &smp->flags);
1744
1745 build_bredr_pairing_cmd(smp, req, &rsp);
1746
1747 key_size = min(req->max_key_size, rsp.max_key_size);
1748 if (check_enc_key_size(conn, key_size))
1749 return SMP_ENC_KEY_SIZE;
1750
1751 /* Clear bits which are generated but not distributed */
1752 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1753
1754 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1755 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1756 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1757
1758 smp_distribute_keys(smp);
1759 return 0;
1760 }
1761
5e3d3d9b
JH		 1762 build_pairing_cmd(conn, req, &rsp, auth);
1763
1764 if (rsp.auth_req & SMP_AUTH_SC)
1765 set_bit(SMP_FLAG_SC, &smp->flags);
1766
5be5e275 1767 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1768 sec_level = BT_SECURITY_MEDIUM;
1769 else
1770 sec_level = authreq_to_seclevel(auth);
1771
c7262e71
JH		 1772 if (sec_level > conn->hcon->pending_sec_level)
1773 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1774
49c922bb 1775 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1776 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1777 u8 method;
1778
1779 method = get_auth_method(smp, conn->hcon->io_capability,
1780 req->io_capability);
1781 if (method == JUST_WORKS || method == JUST_CFM)
1782 return SMP_AUTH_REQUIREMENTS;
1783 }
1784
3158c50c
VCG		 1785 key_size = min(req->max_key_size, rsp.max_key_size);
1786 if (check_enc_key_size(conn, key_size))
1787 return SMP_ENC_KEY_SIZE;
88ba43b6 1788
e84a6b13 1789 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1790
1c1def09
VCG		 1791 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1792 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1793
3158c50c 1794 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1795
1796 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1797
1798 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1799 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1800 /* Clear bits which are generated but not distributed */
1801 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1802 /* Wait for Public Key from Initiating Device */
1803 return 0;
3b19146d 1804 }
da85e5e5 1805
983f9814
MH		 1806 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1807
2b64d153
BG		 1808 /* Request setup of TK */
1809 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1810 if (ret)
1811 return SMP_UNSPECIFIED;
1812
da85e5e5 1813 return 0;
88ba43b6
AB		 1814}
1815
3b19146d
JH		 1816static u8 sc_send_public_key(struct smp_chan *smp)
1817{
70157ef5
JH		 1818 struct hci_dev *hdev = smp->conn->hcon->hdev;
1819
3b19146d
JH		 1820 BT_DBG("");
1821
d7a5a11d 1822 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1823 BT_DBG("Using debug keys");
1824 memcpy(smp->local_pk, debug_pk, 64);
1825 memcpy(smp->local_sk, debug_sk, 32);
1826 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1827 } else {
1828 while (true) {
1829 /* Generate local key pair for Secure Connections */
1830 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1831 return SMP_UNSPECIFIED;
6c0dcc50 1832
70157ef5
JH		 1833 /* This is unlikely, but we need to check that
1834 * we didn't accidentially generate a debug key.
1835 */
1836 if (memcmp(smp->local_sk, debug_sk, 32))
1837 break;
1838 }
6c0dcc50 1839 }
3b19146d 1840
c7a3d57d
JH		 1841 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1842 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1843 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1844
1845 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1846
1847 return 0;
1848}
1849
da85e5e5 1850static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1851{
3158c50c 1852 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1853 struct l2cap_chan *chan = conn->smp;
1854 struct smp_chan *smp = chan->data;
0edb14de 1855 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1856 u8 key_size, auth;
7d24ddcc 1857 int ret;
88ba43b6
AB		 1858
1859 BT_DBG("conn %p", conn);
1860
c46b98be 1861 if (skb->len < sizeof(*rsp))
38e4a915 1862 return SMP_INVALID_PARAMS;
c46b98be 1863
40bef302 1864 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1865 return SMP_CMD_NOTSUPP;
1866
3158c50c
VCG		 1867 skb_pull(skb, sizeof(*rsp));
1868
1c1def09 1869 req = (void *) &smp->preq[1];
da85e5e5 1870
3158c50c
VCG		 1871 key_size = min(req->max_key_size, rsp->max_key_size);
1872 if (check_enc_key_size(conn, key_size))
1873 return SMP_ENC_KEY_SIZE;
1874
0edb14de 1875 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1876
d7a5a11d 1877 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1878 return SMP_AUTH_REQUIREMENTS;
1879
b5ae344d
JH		 1880 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1881 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1882
1883 /* Update remote key distribution in case the remote cleared
1884 * some bits that we had enabled in our request.
1885 */
1886 smp->remote_key_dist &= rsp->resp_key_dist;
1887
1888 /* For BR/EDR this means we're done and can start phase 3 */
1889 if (conn->hcon->type == ACL_LINK) {
1890 /* Clear bits which are generated but not distributed */
1891 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1892 smp_distribute_keys(smp);
1893 return 0;
1894 }
1895
65668776
JH		 1896 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1897 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1898 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1899 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1900
49c922bb 1901 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1902 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1903 u8 method;
1904
1905 method = get_auth_method(smp, req->io_capability,
1906 rsp->io_capability);
1907 if (method == JUST_WORKS || method == JUST_CFM)
1908 return SMP_AUTH_REQUIREMENTS;
1909 }
1910
e84a6b13 1911 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1912
fdcc4bec
JH		 1913 /* Update remote key distribution in case the remote cleared
1914 * some bits that we had enabled in our request.
1915 */
1916 smp->remote_key_dist &= rsp->resp_key_dist;
1917
3b19146d
JH		 1918 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1919 /* Clear bits which are generated but not distributed */
1920 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1921 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1922 return sc_send_public_key(smp);
1923 }
1924
c05b9339 1925 auth |= req->auth_req;
2b64d153 1926
476585ec 1927 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1928 if (ret)
1929 return SMP_UNSPECIFIED;
1930
4a74d658 1931 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1932
1933 /* Can't compose response until we have been confirmed */
4a74d658 1934 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1935 return smp_confirm(smp);
da85e5e5
VCG		 1936
1937 return 0;
88ba43b6
AB		 1938}
1939
dcee2b32
JH		 1940static u8 sc_check_confirm(struct smp_chan *smp)
1941{
1942 struct l2cap_conn *conn = smp->conn;
1943
1944 BT_DBG("");
1945
1946 /* Public Key exchange must happen before any other steps */
1947 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1948 return SMP_UNSPECIFIED;
1949
38606f14
JH		 1950 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1951 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1952
dcee2b32
JH		 1953 if (conn->hcon->out) {
1954 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1955 smp->prnd);
1956 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1957 }
1958
1959 return 0;
1960}
1961
da85e5e5 1962static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1963{
5d88cc73
JH		 1964 struct l2cap_chan *chan = conn->smp;
1965 struct smp_chan *smp = chan->data;
7d24ddcc 1966
88ba43b6
AB		 1967 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1968
c46b98be 1969 if (skb->len < sizeof(smp->pcnf))
38e4a915 1970 return SMP_INVALID_PARAMS;
c46b98be 1971
1c1def09
VCG		 1972 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1973 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1974
dcee2b32
JH		 1975 if (test_bit(SMP_FLAG_SC, &smp->flags))
1976 return sc_check_confirm(smp);
1977
b28b4943 1978 if (conn->hcon->out) {
943a732a
JH		 1979 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1980 smp->prnd);
b28b4943
JH		 1981 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1982 return 0;
1983 }
1984
1985 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1986 return smp_confirm(smp);
983f9814
MH		 1987
1988 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1989
1990 return 0;
88ba43b6
AB		 1991}
1992
da85e5e5 1993static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1994{
5d88cc73
JH		 1995 struct l2cap_chan *chan = conn->smp;
1996 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1997 struct hci_conn *hcon = conn->hcon;
1998 u8 *pkax, *pkbx, *na, *nb;
1999 u32 passkey;
2000 int err;
7d24ddcc 2001
8aab4757 2002 BT_DBG("conn %p", conn);
3158c50c 2003
c46b98be 2004 if (skb->len < sizeof(smp->rrnd))
38e4a915 2005 return SMP_INVALID_PARAMS;
c46b98be 2006
943a732a 2007 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2008 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2009
191dc7fe
JH		 2010 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2011 return smp_random(smp);
2012
580039e8
JH		 2013 if (hcon->out) {
2014 pkax = smp->local_pk;
2015 pkbx = smp->remote_pk;
2016 na = smp->prnd;
2017 nb = smp->rrnd;
2018 } else {
2019 pkax = smp->remote_pk;
2020 pkbx = smp->local_pk;
2021 na = smp->rrnd;
2022 nb = smp->prnd;
2023 }
2024
a29b0733
JH		 2025 if (smp->method == REQ_OOB) {
2026 if (!hcon->out)
2027 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2028 sizeof(smp->prnd), smp->prnd);
2029 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2030 goto mackey_and_ltk;
2031 }
2032
38606f14
JH		 2033 /* Passkey entry has special treatment */
2034 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2035 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2036
191dc7fe
JH		 2037 if (hcon->out) {
2038 u8 cfm[16];
2039
2040 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2041 smp->rrnd, 0, cfm);
2042 if (err)
2043 return SMP_UNSPECIFIED;
2044
2045 if (memcmp(smp->pcnf, cfm, 16))
2046 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2047 } else {
2048 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2049 smp->prnd);
2050 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2051 }
2052
a29b0733 2053mackey_and_ltk:
760b018b
JH		 2054 /* Generate MacKey and LTK */
2055 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2056 if (err)
2057 return SMP_UNSPECIFIED;
2058
a29b0733 2059 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2060 if (hcon->out) {
38606f14 2061 sc_dhkey_check(smp);
dddd3059
JH		 2062 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2063 }
2064 return 0;
2065 }
2066
38606f14
JH		 2067 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2068 if (err)
2069 return SMP_UNSPECIFIED;
2070
2071 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2072 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2073 if (err)
2074 return SMP_UNSPECIFIED;
2075
38606f14
JH		 2076 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2077
191dc7fe 2078 return 0;
88ba43b6
AB		 2079}
2080
f81cd823 2081static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2082{
c9839a11 2083 struct smp_ltk *key;
988c5997
VCG		 2084 struct hci_conn *hcon = conn->hcon;
2085
f3a73d97 2086 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2087 if (!key)
f81cd823 2088 return false;
988c5997 2089
a6f7833c 2090 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2091 return false;
4dab7864 2092
51a8efd7 2093 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2094 return true;
988c5997 2095
c9839a11
VCG		 2096 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2097 hcon->enc_key_size = key->enc_size;
988c5997 2098
fe59a05f
JH		 2099 /* We never store STKs for master role, so clear this flag */
2100 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2101
f81cd823 2102 return true;
988c5997 2103}
f1560463 2104
35dc6f83
JH		 2105bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2106 enum smp_key_pref key_pref)
854f4727
JH		 2107{
2108 if (sec_level == BT_SECURITY_LOW)
2109 return true;
2110
35dc6f83
JH		 2111 /* If we're encrypted with an STK but the caller prefers using
2112 * LTK claim insufficient security. This way we allow the
2113 * connection to be re-encrypted with an LTK, even if the LTK
2114 * provides the same level of security. Only exception is if we
2115 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2116 */
35dc6f83
JH		 2117 if (key_pref == SMP_USE_LTK &&
2118 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2119 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2120 return false;
2121
854f4727
JH		 2122 if (hcon->sec_level >= sec_level)
2123 return true;
2124
2125 return false;
2126}
2127
da85e5e5 2128static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2129{
2130 struct smp_cmd_security_req *rp = (void *) skb->data;
2131 struct smp_cmd_pairing cp;
f1cb9af5 2132 struct hci_conn *hcon = conn->hcon;
0edb14de 2133 struct hci_dev *hdev = hcon->hdev;
8aab4757 2134 struct smp_chan *smp;
c05b9339 2135 u8 sec_level, auth;
88ba43b6
AB		 2136
2137 BT_DBG("conn %p", conn);
2138
c46b98be 2139 if (skb->len < sizeof(*rp))
38e4a915 2140 return SMP_INVALID_PARAMS;
c46b98be 2141
40bef302 2142 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2143 return SMP_CMD_NOTSUPP;
2144
0edb14de 2145 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2146
d7a5a11d 2147 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2148 return SMP_AUTH_REQUIREMENTS;
2149
5be5e275 2150 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2151 sec_level = BT_SECURITY_MEDIUM;
2152 else
2153 sec_level = authreq_to_seclevel(auth);
2154
35dc6f83 2155 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2156 return 0;
2157
c7262e71
JH		 2158 if (sec_level > hcon->pending_sec_level)
2159 hcon->pending_sec_level = sec_level;
feb45eb5 2160
4dab7864 2161 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2162 return 0;
2163
8aab4757 2164 smp = smp_chan_create(conn);
c29d2444
JH		 2165 if (!smp)
2166 return SMP_UNSPECIFIED;
d26a2345 2167
d7a5a11d 2168 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2169 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2170 return SMP_PAIRING_NOTSUPP;
2171
88ba43b6 2172 skb_pull(skb, sizeof(*rp));
88ba43b6 2173
da85e5e5 2174 memset(&cp, 0, sizeof(cp));
c05b9339 2175 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2176
1c1def09
VCG		 2177 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2178 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2179
88ba43b6 2180 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2181 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2182
da85e5e5 2183 return 0;
88ba43b6
AB		 2184}
2185
cc110922 2186int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2187{
cc110922 2188 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2189 struct l2cap_chan *chan;
0a66cf20 2190 struct smp_chan *smp;
2b64d153 2191 __u8 authreq;
fc75cc86 2192 int ret;
eb492e01 2193
3a0259bb
VCG		 2194 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2195
0a66cf20
JH		 2196 /* This may be NULL if there's an unexpected disconnection */
2197 if (!conn)
2198 return 1;
2199
c68b7f12
JH		 2200 chan = conn->smp;
2201
d7a5a11d 2202 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2203 return 1;
2204
35dc6f83 2205 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2206 return 1;
f1cb9af5 2207
c7262e71
JH		 2208 if (sec_level > hcon->pending_sec_level)
2209 hcon->pending_sec_level = sec_level;
2210
40bef302 2211 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2212 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2213 return 0;
d26a2345 2214
fc75cc86
JH		 2215 l2cap_chan_lock(chan);
2216
2217 /* If SMP is already in progress ignore this request */
2218 if (chan->data) {
2219 ret = 0;
2220 goto unlock;
2221 }
d26a2345 2222
8aab4757 2223 smp = smp_chan_create(conn);
fc75cc86
JH		 2224 if (!smp) {
2225 ret = 1;
2226 goto unlock;
2227 }
2b64d153
BG		 2228
2229 authreq = seclevel_to_authreq(sec_level);
d26a2345 2230
d7a5a11d 2231 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
d2eb9e10
JH		 2232 authreq |= SMP_AUTH_SC;
2233
79897d20
JH		 2234 /* Require MITM if IO Capability allows or the security level
2235 * requires it.
2e233644 2236 */
79897d20 2237 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2238 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2239 authreq |= SMP_AUTH_MITM;
2240
40bef302 2241 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2242 struct smp_cmd_pairing cp;
f01ead31 2243
2b64d153 2244 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2245 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2246 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2247
eb492e01 2248 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2249 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2250 } else {
2251 struct smp_cmd_security_req cp;
2b64d153 2252 cp.auth_req = authreq;
eb492e01 2253 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2254 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2255 }
2256
4a74d658 2257 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2258 ret = 0;
edca792c 2259
fc75cc86
JH		 2260unlock:
2261 l2cap_chan_unlock(chan);
2262 return ret;
eb492e01
AB		 2263}
2264
7034b911
VCG		 2265static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2266{
16b90839 2267 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2268 struct l2cap_chan *chan = conn->smp;
2269 struct smp_chan *smp = chan->data;
16b90839 2270
c46b98be
JH		 2271 BT_DBG("conn %p", conn);
2272
2273 if (skb->len < sizeof(*rp))
38e4a915 2274 return SMP_INVALID_PARAMS;
c46b98be 2275
b28b4943 2276 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2277
16b90839
VCG		 2278 skb_pull(skb, sizeof(*rp));
2279
1c1def09 2280 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2281
7034b911
VCG		 2282 return 0;
2283}
2284
2285static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2286{
16b90839 2287 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2288 struct l2cap_chan *chan = conn->smp;
2289 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2290 struct hci_dev *hdev = conn->hcon->hdev;
2291 struct hci_conn *hcon = conn->hcon;
23d0e128 2292 struct smp_ltk *ltk;
c9839a11 2293 u8 authenticated;
16b90839 2294
c46b98be
JH		 2295 BT_DBG("conn %p", conn);
2296
2297 if (skb->len < sizeof(*rp))
38e4a915 2298 return SMP_INVALID_PARAMS;
c46b98be 2299
9747a9f3
JH		 2300 /* Mark the information as received */
2301 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2302
b28b4943
JH		 2303 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2304 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2305 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2306 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2307
16b90839 2308 skb_pull(skb, sizeof(*rp));
7034b911 2309
ce39fb4e 2310 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2311 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2312 authenticated, smp->tk, smp->enc_key_size,
2313 rp->ediv, rp->rand);
2314 smp->ltk = ltk;
c6e81e9a 2315 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2316 smp_distribute_keys(smp);
7034b911
VCG		 2317
2318 return 0;
2319}
2320
fd349c02
JH		 2321static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2322{
2323 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2324 struct l2cap_chan *chan = conn->smp;
2325 struct smp_chan *smp = chan->data;
fd349c02
JH		 2326
2327 BT_DBG("");
2328
2329 if (skb->len < sizeof(*info))
38e4a915 2330 return SMP_INVALID_PARAMS;
fd349c02 2331
b28b4943 2332 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2333
fd349c02
JH		 2334 skb_pull(skb, sizeof(*info));
2335
2336 memcpy(smp->irk, info->irk, 16);
2337
2338 return 0;
2339}
2340
2341static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2342 struct sk_buff *skb)
2343{
2344 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2345 struct l2cap_chan *chan = conn->smp;
2346 struct smp_chan *smp = chan->data;
fd349c02
JH		 2347 struct hci_conn *hcon = conn->hcon;
2348 bdaddr_t rpa;
2349
2350 BT_DBG("");
2351
2352 if (skb->len < sizeof(*info))
38e4a915 2353 return SMP_INVALID_PARAMS;
fd349c02 2354
9747a9f3
JH		 2355 /* Mark the information as received */
2356 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2357
b28b4943
JH		 2358 if (smp->remote_key_dist & SMP_DIST_SIGN)
2359 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2360
fd349c02
JH		 2361 skb_pull(skb, sizeof(*info));
2362
a9a58f86
JH		 2363 /* Strictly speaking the Core Specification (4.1) allows sending
2364 * an empty address which would force us to rely on just the IRK
2365 * as "identity information". However, since such
2366 * implementations are not known of and in order to not over
2367 * complicate our implementation, simply pretend that we never
2368 * received an IRK for such a device.
e12af489
JH		 2369 *
2370 * The Identity Address must also be a Static Random or Public
2371 * Address, which hci_is_identity_address() checks for.
a9a58f86 2372 */
e12af489
JH		 2373 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2374 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2375 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2376 goto distribute;
a9a58f86
JH		 2377 }
2378
fd349c02
JH		 2379 bacpy(&smp->id_addr, &info->bdaddr);
2380 smp->id_addr_type = info->addr_type;
2381
2382 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2383 bacpy(&rpa, &hcon->dst);
2384 else
2385 bacpy(&rpa, BDADDR_ANY);
2386
23d0e128
JH		 2387 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2388 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2389
31dd624e 2390distribute:
c6e81e9a
JH		 2391 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2392 smp_distribute_keys(smp);
fd349c02
JH		 2393
2394 return 0;
2395}
2396
7ee4ea36
MH		 2397static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2398{
2399 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2400 struct l2cap_chan *chan = conn->smp;
2401 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2402 struct smp_csrk *csrk;
2403
2404 BT_DBG("conn %p", conn);
2405
2406 if (skb->len < sizeof(*rp))
38e4a915 2407 return SMP_INVALID_PARAMS;
7ee4ea36 2408
7ee4ea36
MH		 2409 /* Mark the information as received */
2410 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2411
2412 skb_pull(skb, sizeof(*rp));
2413
7ee4ea36
MH		 2414 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2415 if (csrk) {
4cd3928a
JH		 2416 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2417 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2418 else
2419 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2420 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2421 }
2422 smp->csrk = csrk;
d6268e86 2423 smp_distribute_keys(smp);
7ee4ea36
MH		 2424
2425 return 0;
2426}
2427
5e3d3d9b
JH		 2428static u8 sc_select_method(struct smp_chan *smp)
2429{
2430 struct l2cap_conn *conn = smp->conn;
2431 struct hci_conn *hcon = conn->hcon;
2432 struct smp_cmd_pairing *local, *remote;
2433 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2434
a29b0733
JH		 2435 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2436 return REQ_OOB;
2437
5e3d3d9b
JH		 2438 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2439 * which are needed as inputs to some crypto functions. To get
2440 * the "struct smp_cmd_pairing" from them we need to skip the
2441 * first byte which contains the opcode.
2442 */
2443 if (hcon->out) {
2444 local = (void *) &smp->preq[1];
2445 remote = (void *) &smp->prsp[1];
2446 } else {
2447 local = (void *) &smp->prsp[1];
2448 remote = (void *) &smp->preq[1];
2449 }
2450
2451 local_io = local->io_capability;
2452 remote_io = remote->io_capability;
2453
2454 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2455 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2456
2457 /* If either side wants MITM, look up the method from the table,
2458 * otherwise use JUST WORKS.
2459 */
2460 if (local_mitm || remote_mitm)
2461 method = get_auth_method(smp, local_io, remote_io);
2462 else
2463 method = JUST_WORKS;
2464
2465 /* Don't confirm locally initiated pairing attempts */
2466 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2467 method = JUST_WORKS;
2468
2469 return method;
2470}
2471
d8f8edbe
JH		 2472static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2473{
2474 struct smp_cmd_public_key *key = (void *) skb->data;
2475 struct hci_conn *hcon = conn->hcon;
2476 struct l2cap_chan *chan = conn->smp;
2477 struct smp_chan *smp = chan->data;
5e3d3d9b 2478 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2479 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2480 int err;
2481
2482 BT_DBG("conn %p", conn);
2483
2484 if (skb->len < sizeof(*key))
2485 return SMP_INVALID_PARAMS;
2486
2487 memcpy(smp->remote_pk, key, 64);
2488
2489 /* Non-initiating device sends its public key after receiving
2490 * the key from the initiating device.
2491 */
2492 if (!hcon->out) {
2493 err = sc_send_public_key(smp);
2494 if (err)
2495 return err;
2496 }
2497
c7a3d57d
JH		 2498 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2499 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2500
2501 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2502 return SMP_UNSPECIFIED;
2503
c7a3d57d 2504 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2505
2506 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2507
5e3d3d9b
JH		 2508 smp->method = sc_select_method(smp);
2509
2510 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2511
2512 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2513 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2514 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2515 else
2516 hcon->pending_sec_level = BT_SECURITY_FIPS;
2517
aeb7d461
JH		 2518 if (!memcmp(debug_pk, smp->remote_pk, 64))
2519 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2520
38606f14
JH		 2521 if (smp->method == DSP_PASSKEY) {
2522 get_random_bytes(&hcon->passkey_notify,
2523 sizeof(hcon->passkey_notify));
2524 hcon->passkey_notify %= 1000000;
2525 hcon->passkey_entered = 0;
2526 smp->passkey_round = 0;
2527 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2528 hcon->dst_type,
2529 hcon->passkey_notify,
2530 hcon->passkey_entered))
2531 return SMP_UNSPECIFIED;
2532 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2533 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2534 }
2535
a29b0733
JH		 2536 if (smp->method == REQ_OOB) {
2537 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2538 smp->rr, 0, cfm.confirm_val);
2539 if (err)
2540 return SMP_UNSPECIFIED;
2541
2542 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2543 return SMP_CONFIRM_FAILED;
2544
2545 if (hcon->out)
2546 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2547 sizeof(smp->prnd), smp->prnd);
2548
2549 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2550
2551 return 0;
2552 }
2553
38606f14
JH		 2554 if (hcon->out)
2555 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2556
2557 if (smp->method == REQ_PASSKEY) {
2558 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2559 hcon->dst_type))
2560 return SMP_UNSPECIFIED;
2561 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2562 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2563 return 0;
2564 }
2565
cbbbe3e2
JH		 2566 /* The Initiating device waits for the non-initiating device to
2567 * send the confirm value.
2568 */
2569 if (conn->hcon->out)
2570 return 0;
2571
2572 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2573 0, cfm.confirm_val);
2574 if (err)
2575 return SMP_UNSPECIFIED;
2576
2577 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2578 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2579
d8f8edbe
JH		 2580 return 0;
2581}
2582
6433a9a2
JH		 2583static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2584{
2585 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2586 struct l2cap_chan *chan = conn->smp;
2587 struct hci_conn *hcon = conn->hcon;
2588 struct smp_chan *smp = chan->data;
2589 u8 a[7], b[7], *local_addr, *remote_addr;
2590 u8 io_cap[3], r[16], e[16];
2591 int err;
2592
2593 BT_DBG("conn %p", conn);
2594
2595 if (skb->len < sizeof(*check))
2596 return SMP_INVALID_PARAMS;
2597
2598 memcpy(a, &hcon->init_addr, 6);
2599 memcpy(b, &hcon->resp_addr, 6);
2600 a[6] = hcon->init_addr_type;
2601 b[6] = hcon->resp_addr_type;
2602
2603 if (hcon->out) {
2604 local_addr = a;
2605 remote_addr = b;
2606 memcpy(io_cap, &smp->prsp[1], 3);
2607 } else {
2608 local_addr = b;
2609 remote_addr = a;
2610 memcpy(io_cap, &smp->preq[1], 3);
2611 }
2612
2613 memset(r, 0, sizeof(r));
2614
38606f14
JH		 2615 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2616 put_unaligned_le32(hcon->passkey_notify, r);
2617
6433a9a2
JH		 2618 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2619 io_cap, remote_addr, local_addr, e);
2620 if (err)
2621 return SMP_UNSPECIFIED;
2622
2623 if (memcmp(check->e, e, 16))
2624 return SMP_DHKEY_CHECK_FAILED;
2625
d3e54a87
JH		 2626 if (!hcon->out) {
2627 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2628 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2629 return 0;
2630 }
d378a2d7 2631
d3e54a87
JH		 2632 /* Slave sends DHKey check as response to master */
2633 sc_dhkey_check(smp);
2634 }
d378a2d7 2635
d3e54a87 2636 sc_add_ltk(smp);
6433a9a2
JH		 2637
2638 if (hcon->out) {
2639 hci_le_start_enc(hcon, 0, 0, smp->tk);
2640 hcon->enc_key_size = smp->enc_key_size;
2641 }
2642
2643 return 0;
2644}
2645
1408bb6e
JH		 2646static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2647 struct sk_buff *skb)
2648{
2649 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2650
2651 BT_DBG("value 0x%02x", kp->value);
2652
2653 return 0;
2654}
2655
4befb867 2656static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2657{
5d88cc73 2658 struct l2cap_conn *conn = chan->conn;
7b9899db 2659 struct hci_conn *hcon = conn->hcon;
b28b4943 2660 struct smp_chan *smp;
92381f5c 2661 __u8 code, reason;
eb492e01
AB		 2662 int err = 0;
2663
8ae9b984 2664 if (skb->len < 1)
92381f5c 2665 return -EILSEQ;
92381f5c 2666
d7a5a11d 2667 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2668 reason = SMP_PAIRING_NOTSUPP;
2669 goto done;
2670 }
2671
92381f5c 2672 code = skb->data[0];
eb492e01
AB		 2673 skb_pull(skb, sizeof(code));
2674
b28b4943
JH		 2675 smp = chan->data;
2676
2677 if (code > SMP_CMD_MAX)
2678 goto drop;
2679
24bd0bd9 2680 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2681 goto drop;
2682
2683 /* If we don't have a context the only allowed commands are
2684 * pairing request and security request.
8cf9fa12 2685 */
b28b4943
JH		 2686 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2687 goto drop;
8cf9fa12 2688
eb492e01
AB		 2689 switch (code) {
2690 case SMP_CMD_PAIRING_REQ:
da85e5e5 2691 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2692 break;
2693
2694 case SMP_CMD_PAIRING_FAIL:
84794e11 2695 smp_failure(conn, 0);
da85e5e5 2696 err = -EPERM;
eb492e01
AB		 2697 break;
2698
2699 case SMP_CMD_PAIRING_RSP:
da85e5e5 2700 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2701 break;
2702
2703 case SMP_CMD_SECURITY_REQ:
da85e5e5 2704 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2705 break;
2706
eb492e01 2707 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2708 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2709 break;
2710
eb492e01 2711 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2712 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2713 break;
2714
eb492e01 2715 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2716 reason = smp_cmd_encrypt_info(conn, skb);
2717 break;
2718
eb492e01 2719 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2720 reason = smp_cmd_master_ident(conn, skb);
2721 break;
2722
eb492e01 2723 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2724 reason = smp_cmd_ident_info(conn, skb);
2725 break;
2726
eb492e01 2727 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2728 reason = smp_cmd_ident_addr_info(conn, skb);
2729 break;
2730
eb492e01 2731 case SMP_CMD_SIGN_INFO:
7ee4ea36 2732 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2733 break;
2734
d8f8edbe
JH		 2735 case SMP_CMD_PUBLIC_KEY:
2736 reason = smp_cmd_public_key(conn, skb);
2737 break;
2738
6433a9a2
JH		 2739 case SMP_CMD_DHKEY_CHECK:
2740 reason = smp_cmd_dhkey_check(conn, skb);
2741 break;
2742
1408bb6e
JH		 2743 case SMP_CMD_KEYPRESS_NOTIFY:
2744 reason = smp_cmd_keypress_notify(conn, skb);
2745 break;
2746
eb492e01
AB		 2747 default:
2748 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2749 reason = SMP_CMD_NOTSUPP;
3a0259bb 2750 goto done;
eb492e01
AB		 2751 }
2752
3a0259bb 2753done:
9b7b18ef
JH		 2754 if (!err) {
2755 if (reason)
2756 smp_failure(conn, reason);
8ae9b984 2757 kfree_skb(skb);
9b7b18ef
JH		 2758 }
2759
eb492e01 2760 return err;
b28b4943
JH		 2761
2762drop:
2763 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2764 code, &hcon->dst);
2765 kfree_skb(skb);
2766 return 0;
eb492e01 2767}
7034b911 2768
70db83c4
JH		 2769static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2770{
2771 struct l2cap_conn *conn = chan->conn;
2772
2773 BT_DBG("chan %p", chan);
2774
fc75cc86 2775 if (chan->data)
5d88cc73 2776 smp_chan_destroy(conn);
5d88cc73 2777
70db83c4
JH		 2778 conn->smp = NULL;
2779 l2cap_chan_put(chan);
2780}
2781
b5ae344d
JH		 2782static void bredr_pairing(struct l2cap_chan *chan)
2783{
2784 struct l2cap_conn *conn = chan->conn;
2785 struct hci_conn *hcon = conn->hcon;
2786 struct hci_dev *hdev = hcon->hdev;
2787 struct smp_cmd_pairing req;
2788 struct smp_chan *smp;
2789
2790 BT_DBG("chan %p", chan);
2791
2792 /* Only new pairings are interesting */
2793 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2794 return;
2795
2796 /* Don't bother if we're not encrypted */
2797 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2798 return;
2799
2800 /* Only master may initiate SMP over BR/EDR */
2801 if (hcon->role != HCI_ROLE_MASTER)
2802 return;
2803
2804 /* Secure Connections support must be enabled */
d7a5a11d 2805 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2806 return;
2807
2808 /* BR/EDR must use Secure Connections for SMP */
2809 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2810 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2811 return;
2812
2813 /* If our LE support is not enabled don't do anything */
d7a5a11d 2814 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2815 return;
2816
2817 /* Don't bother if remote LE support is not enabled */
2818 if (!lmp_host_le_capable(hcon))
2819 return;
2820
2821 /* Remote must support SMP fixed chan for BR/EDR */
2822 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2823 return;
2824
2825 /* Don't bother if SMP is already ongoing */
2826 if (chan->data)
2827 return;
2828
2829 smp = smp_chan_create(conn);
2830 if (!smp) {
2831 BT_ERR("%s unable to create SMP context for BR/EDR",
2832 hdev->name);
2833 return;
2834 }
2835
2836 set_bit(SMP_FLAG_SC, &smp->flags);
2837
2838 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2839
2840 /* Prepare and send the BR/EDR SMP Pairing Request */
2841 build_bredr_pairing_cmd(smp, &req, NULL);
2842
2843 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2844 memcpy(&smp->preq[1], &req, sizeof(req));
2845
2846 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2847 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2848}
2849
44f1a7ab
JH		 2850static void smp_resume_cb(struct l2cap_chan *chan)
2851{
b68fda68 2852 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2853 struct l2cap_conn *conn = chan->conn;
2854 struct hci_conn *hcon = conn->hcon;
2855
2856 BT_DBG("chan %p", chan);
2857
b5ae344d
JH		 2858 if (hcon->type == ACL_LINK) {
2859 bredr_pairing(chan);
ef8efe4b 2860 return;
b5ae344d 2861 }
ef8efe4b 2862
86d1407c
JH		 2863 if (!smp)
2864 return;
b68fda68 2865
84bc0db5
JH		 2866 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2867 return;
2868
86d1407c
JH		 2869 cancel_delayed_work(&smp->security_timer);
2870
d6268e86 2871 smp_distribute_keys(smp);
44f1a7ab
JH		 2872}
2873
70db83c4
JH		 2874static void smp_ready_cb(struct l2cap_chan *chan)
2875{
2876 struct l2cap_conn *conn = chan->conn;
b5ae344d 2877 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2878
2879 BT_DBG("chan %p", chan);
2880
2881 conn->smp = chan;
2882 l2cap_chan_hold(chan);
b5ae344d
JH		 2883
2884 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2885 bredr_pairing(chan);
70db83c4
JH		 2886}
2887
4befb867
JH		 2888static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2889{
2890 int err;
2891
2892 BT_DBG("chan %p", chan);
2893
2894 err = smp_sig_channel(chan, skb);
2895 if (err) {
b68fda68 2896 struct smp_chan *smp = chan->data;
4befb867 2897
b68fda68
JH		 2898 if (smp)
2899 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2900
1e91c29e 2901 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2902 }
2903
2904 return err;
2905}
2906
70db83c4
JH		 2907static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2908 unsigned long hdr_len,
2909 unsigned long len, int nb)
2910{
2911 struct sk_buff *skb;
2912
2913 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2914 if (!skb)
2915 return ERR_PTR(-ENOMEM);
2916
2917 skb->priority = HCI_PRIO_MAX;
2918 bt_cb(skb)->chan = chan;
2919
2920 return skb;
2921}
2922
2923static const struct l2cap_ops smp_chan_ops = {
2924 .name = "Security Manager",
2925 .ready = smp_ready_cb,
5d88cc73 2926 .recv = smp_recv_cb,
70db83c4
JH		 2927 .alloc_skb = smp_alloc_skb_cb,
2928 .teardown = smp_teardown_cb,
44f1a7ab 2929 .resume = smp_resume_cb,
70db83c4
JH		 2930
2931 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2932 .state_change = l2cap_chan_no_state_change,
2933 .close = l2cap_chan_no_close,
2934 .defer = l2cap_chan_no_defer,
2935 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2936 .set_shutdown = l2cap_chan_no_set_shutdown,
2937 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2938};
2939
2940static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2941{
2942 struct l2cap_chan *chan;
2943
2944 BT_DBG("pchan %p", pchan);
2945
2946 chan = l2cap_chan_create();
2947 if (!chan)
2948 return NULL;
2949
2950 chan->chan_type = pchan->chan_type;
2951 chan->ops = &smp_chan_ops;
2952 chan->scid = pchan->scid;
2953 chan->dcid = chan->scid;
2954 chan->imtu = pchan->imtu;
2955 chan->omtu = pchan->omtu;
2956 chan->mode = pchan->mode;
2957
abe84903
JH		 2958 /* Other L2CAP channels may request SMP routines in order to
2959 * change the security level. This means that the SMP channel
2960 * lock must be considered in its own category to avoid lockdep
2961 * warnings.
2962 */
2963 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2964
70db83c4
JH		 2965 BT_DBG("created chan %p", chan);
2966
2967 return chan;
2968}
2969
2970static const struct l2cap_ops smp_root_chan_ops = {
2971 .name = "Security Manager Root",
2972 .new_connection = smp_new_conn_cb,
2973
2974 /* None of these are implemented for the root channel */
2975 .close = l2cap_chan_no_close,
2976 .alloc_skb = l2cap_chan_no_alloc_skb,
2977 .recv = l2cap_chan_no_recv,
2978 .state_change = l2cap_chan_no_state_change,
2979 .teardown = l2cap_chan_no_teardown,
2980 .ready = l2cap_chan_no_ready,
2981 .defer = l2cap_chan_no_defer,
2982 .suspend = l2cap_chan_no_suspend,
2983 .resume = l2cap_chan_no_resume,
2984 .set_shutdown = l2cap_chan_no_set_shutdown,
2985 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2986};
2987
ef8efe4b 2988static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 2989{
70db83c4 2990 struct l2cap_chan *chan;
88a479d9
MH		 2991 struct smp_dev *smp;
2992 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 2993 struct crypto_hash *tfm_cmac;
70db83c4 2994
ef8efe4b 2995 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 2996 smp = NULL;
ef8efe4b
JH		 2997 goto create_chan;
2998 }
711eafe3 2999
88a479d9
MH		 3000 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3001 if (!smp)
3002 return ERR_PTR(-ENOMEM);
3003
3004 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
defce9e8 3005 if (IS_ERR(tfm_aes)) {
88a479d9
MH		 3006 BT_ERR("Unable to create ECB crypto context");
3007 kzfree(smp);
fe700771 3008 return ERR_CAST(tfm_aes);
711eafe3
JH		 3009 }
3010
6e2dc6d1
MH		 3011 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3012 if (IS_ERR(tfm_cmac)) {
3013 BT_ERR("Unable to create CMAC crypto context");
3014 crypto_free_blkcipher(tfm_aes);
3015 kzfree(smp);
3016 return ERR_CAST(tfm_cmac);
3017 }
3018
88a479d9 3019 smp->tfm_aes = tfm_aes;
6e2dc6d1 3020 smp->tfm_cmac = tfm_cmac;
88a479d9 3021
ef8efe4b 3022create_chan:
70db83c4
JH		 3023 chan = l2cap_chan_create();
3024 if (!chan) {
88a479d9 3025 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1 3026 crypto_free_hash(smp->tfm_cmac);
88a479d9 3027 kzfree(smp);
ef8efe4b 3028 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3029 }
3030
88a479d9 3031 chan->data = smp;
defce9e8 3032
ef8efe4b 3033 l2cap_add_scid(chan, cid);
70db83c4
JH		 3034
3035 l2cap_chan_set_defaults(chan);
3036
157029ba 3037 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3038 u8 bdaddr_type;
3039
3040 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3041
3042 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3043 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3044 else
3045 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3046 } else {
3047 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3048 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3049 }
3050
70db83c4
JH		 3051 chan->state = BT_LISTEN;
3052 chan->mode = L2CAP_MODE_BASIC;
3053 chan->imtu = L2CAP_DEFAULT_MTU;
3054 chan->ops = &smp_root_chan_ops;
3055
abe84903
JH		 3056 /* Set correct nesting level for a parent/listening channel */
3057 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3058
ef8efe4b 3059 return chan;
711eafe3
JH		 3060}
3061
ef8efe4b 3062static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3063{
88a479d9 3064 struct smp_dev *smp;
70db83c4 3065
ef8efe4b 3066 BT_DBG("chan %p", chan);
711eafe3 3067
88a479d9
MH		 3068 smp = chan->data;
3069 if (smp) {
defce9e8 3070 chan->data = NULL;
88a479d9
MH		 3071 if (smp->tfm_aes)
3072 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1
MH		 3073 if (smp->tfm_cmac)
3074 crypto_free_hash(smp->tfm_cmac);
88a479d9 3075 kzfree(smp);
711eafe3 3076 }
70db83c4 3077
70db83c4 3078 l2cap_chan_put(chan);
711eafe3 3079}
ef8efe4b 3080
300acfde
MH		 3081static ssize_t force_bredr_smp_read(struct file *file,
3082 char __user *user_buf,
3083 size_t count, loff_t *ppos)
3084{
3085 struct hci_dev *hdev = file->private_data;
3086 char buf[3];
3087
b7cb93e5 3088 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3089 buf[1] = '\n';
3090 buf[2] = '\0';
3091 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3092}
3093
3094static ssize_t force_bredr_smp_write(struct file *file,
3095 const char __user *user_buf,
3096 size_t count, loff_t *ppos)
3097{
3098 struct hci_dev *hdev = file->private_data;
3099 char buf[32];
3100 size_t buf_size = min(count, (sizeof(buf)-1));
3101 bool enable;
3102
3103 if (copy_from_user(buf, user_buf, buf_size))
3104 return -EFAULT;
3105
3106 buf[buf_size] = '\0';
3107 if (strtobool(buf, &enable))
3108 return -EINVAL;
3109
b7cb93e5 3110 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3111 return -EALREADY;
3112
3113 if (enable) {
3114 struct l2cap_chan *chan;
3115
3116 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3117 if (IS_ERR(chan))
3118 return PTR_ERR(chan);
3119
3120 hdev->smp_bredr_data = chan;
3121 } else {
3122 struct l2cap_chan *chan;
3123
3124 chan = hdev->smp_bredr_data;
3125 hdev->smp_bredr_data = NULL;
3126 smp_del_chan(chan);
3127 }
3128
b7cb93e5 3129 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3130
3131 return count;
3132}
3133
3134static const struct file_operations force_bredr_smp_fops = {
3135 .open = simple_open,
3136 .read = force_bredr_smp_read,
3137 .write = force_bredr_smp_write,
3138 .llseek = default_llseek,
3139};
3140
ef8efe4b
JH		 3141int smp_register(struct hci_dev *hdev)
3142{
3143 struct l2cap_chan *chan;
3144
3145 BT_DBG("%s", hdev->name);
3146
7e7ec445
MH		 3147 /* If the controller does not support Low Energy operation, then
3148 * there is also no need to register any SMP channel.
3149 */
3150 if (!lmp_le_capable(hdev))
3151 return 0;
3152
2b8df323
MH		 3153 if (WARN_ON(hdev->smp_data)) {
3154 chan = hdev->smp_data;
3155 hdev->smp_data = NULL;
3156 smp_del_chan(chan);
3157 }
3158
ef8efe4b
JH		 3159 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3160 if (IS_ERR(chan))
3161 return PTR_ERR(chan);
3162
3163 hdev->smp_data = chan;
3164
300acfde
MH		 3165 /* If the controller does not support BR/EDR Secure Connections
3166 * feature, then the BR/EDR SMP channel shall not be present.
3167 *
3168 * To test this with Bluetooth 4.0 controllers, create a debugfs
3169 * switch that allows forcing BR/EDR SMP support and accepting
3170 * cross-transport pairing on non-AES encrypted connections.
3171 */
3172 if (!lmp_sc_capable(hdev)) {
3173 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3174 hdev, &force_bredr_smp_fops);
ef8efe4b 3175 return 0;
300acfde 3176 }
ef8efe4b 3177
2b8df323
MH		 3178 if (WARN_ON(hdev->smp_bredr_data)) {
3179 chan = hdev->smp_bredr_data;
3180 hdev->smp_bredr_data = NULL;
3181 smp_del_chan(chan);
3182 }
3183
ef8efe4b
JH		 3184 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3185 if (IS_ERR(chan)) {
3186 int err = PTR_ERR(chan);
3187 chan = hdev->smp_data;
3188 hdev->smp_data = NULL;
3189 smp_del_chan(chan);
3190 return err;
3191 }
3192
3193 hdev->smp_bredr_data = chan;
3194
3195 return 0;
3196}
3197
3198void smp_unregister(struct hci_dev *hdev)
3199{
3200 struct l2cap_chan *chan;
3201
3202 if (hdev->smp_bredr_data) {
3203 chan = hdev->smp_bredr_data;
3204 hdev->smp_bredr_data = NULL;
3205 smp_del_chan(chan);
3206 }
3207
3208 if (hdev->smp_data) {
3209 chan = hdev->smp_data;
3210 hdev->smp_data = NULL;
3211 smp_del_chan(chan);
3212 }
3213}
0a2b0f04
JH		 3214
3215#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3216
cfc4198e
JH		 3217static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3218{
3219 const u8 irk[16] = {
3220 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3221 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3222 const u8 r[3] = { 0x94, 0x81, 0x70 };
3223 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3224 u8 res[3];
3225 int err;
3226
3227 err = smp_ah(tfm_aes, irk, r, res);
3228 if (err)
3229 return err;
3230
3231 if (memcmp(res, exp, 3))
3232 return -EINVAL;
3233
3234 return 0;
3235}
3236
3237static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3238{
3239 const u8 k[16] = {
3240 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3242 const u8 r[16] = {
3243 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3244 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3245 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3246 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3247 const u8 _iat = 0x01;
3248 const u8 _rat = 0x00;
3249 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3250 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3251 const u8 exp[16] = {
3252 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3253 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3254 u8 res[16];
3255 int err;
3256
3257 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3258 if (err)
3259 return err;
3260
3261 if (memcmp(res, exp, 16))
3262 return -EINVAL;
3263
3264 return 0;
3265}
3266
3267static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3268{
3269 const u8 k[16] = {
3270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3271 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3272 const u8 r1[16] = {
3273 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3274 const u8 r2[16] = {
3275 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3276 const u8 exp[16] = {
3277 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3278 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3279 u8 res[16];
3280 int err;
3281
3282 err = smp_s1(tfm_aes, k, r1, r2, res);
3283 if (err)
3284 return err;
3285
3286 if (memcmp(res, exp, 16))
3287 return -EINVAL;
3288
3289 return 0;
3290}
3291
fb2969a3
JH		 3292static int __init test_f4(struct crypto_hash *tfm_cmac)
3293{
3294 const u8 u[32] = {
3295 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3296 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3297 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3298 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3299 const u8 v[32] = {
3300 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3301 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3302 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3303 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3304 const u8 x[16] = {
3305 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3306 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3307 const u8 z = 0x00;
3308 const u8 exp[16] = {
3309 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3310 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3311 u8 res[16];
3312 int err;
3313
3314 err = smp_f4(tfm_cmac, u, v, x, z, res);
3315 if (err)
3316 return err;
3317
3318 if (memcmp(res, exp, 16))
3319 return -EINVAL;
3320
3321 return 0;
3322}
3323
3324static int __init test_f5(struct crypto_hash *tfm_cmac)
3325{
3326 const u8 w[32] = {
3327 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3328 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3329 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3330 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3331 const u8 n1[16] = {
3332 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3333 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3334 const u8 n2[16] = {
3335 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3336 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3337 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3338 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3339 const u8 exp_ltk[16] = {
3340 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3341 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3342 const u8 exp_mackey[16] = {
3343 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3344 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3345 u8 mackey[16], ltk[16];
3346 int err;
3347
3348 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3349 if (err)
3350 return err;
3351
3352 if (memcmp(mackey, exp_mackey, 16))
3353 return -EINVAL;
3354
3355 if (memcmp(ltk, exp_ltk, 16))
3356 return -EINVAL;
3357
3358 return 0;
3359}
3360
3361static int __init test_f6(struct crypto_hash *tfm_cmac)
3362{
3363 const u8 w[16] = {
3364 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3365 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3366 const u8 n1[16] = {
3367 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3368 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3369 const u8 n2[16] = {
3370 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3371 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3372 const u8 r[16] = {
3373 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3374 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3375 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3376 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3377 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3378 const u8 exp[16] = {
3379 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3380 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3381 u8 res[16];
3382 int err;
3383
3384 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3385 if (err)
3386 return err;
3387
3388 if (memcmp(res, exp, 16))
3389 return -EINVAL;
3390
3391 return 0;
3392}
3393
3394static int __init test_g2(struct crypto_hash *tfm_cmac)
3395{
3396 const u8 u[32] = {
3397 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3398 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3399 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3400 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3401 const u8 v[32] = {
3402 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3403 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3404 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3405 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3406 const u8 x[16] = {
3407 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3408 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3409 const u8 y[16] = {
3410 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3411 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3412 const u32 exp_val = 0x2f9ed5ba % 1000000;
3413 u32 val;
3414 int err;
3415
3416 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3417 if (err)
3418 return err;
3419
3420 if (val != exp_val)
3421 return -EINVAL;
3422
3423 return 0;
3424}
3425
3426static int __init test_h6(struct crypto_hash *tfm_cmac)
3427{
3428 const u8 w[16] = {
3429 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3430 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3431 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3432 const u8 exp[16] = {
3433 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3434 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3435 u8 res[16];
3436 int err;
3437
3438 err = smp_h6(tfm_cmac, w, key_id, res);
3439 if (err)
3440 return err;
3441
3442 if (memcmp(res, exp, 16))
3443 return -EINVAL;
3444
3445 return 0;
3446}
3447
0a2b0f04
JH		 3448static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3449 struct crypto_hash *tfm_cmac)
3450{
255047b0
MH		 3451 ktime_t calltime, delta, rettime;
3452 unsigned long long duration;
cfc4198e
JH		 3453 int err;
3454
255047b0
MH		 3455 calltime = ktime_get();
3456
cfc4198e
JH		 3457 err = test_ah(tfm_aes);
3458 if (err) {
3459 BT_ERR("smp_ah test failed");
3460 return err;
3461 }
3462
3463 err = test_c1(tfm_aes);
3464 if (err) {
3465 BT_ERR("smp_c1 test failed");
3466 return err;
3467 }
3468
3469 err = test_s1(tfm_aes);
3470 if (err) {
3471 BT_ERR("smp_s1 test failed");
3472 return err;
3473 }
3474
fb2969a3
JH		 3475 err = test_f4(tfm_cmac);
3476 if (err) {
3477 BT_ERR("smp_f4 test failed");
3478 return err;
3479 }
3480
3481 err = test_f5(tfm_cmac);
3482 if (err) {
3483 BT_ERR("smp_f5 test failed");
3484 return err;
3485 }
3486
3487 err = test_f6(tfm_cmac);
3488 if (err) {
3489 BT_ERR("smp_f6 test failed");
3490 return err;
3491 }
3492
3493 err = test_g2(tfm_cmac);
3494 if (err) {
3495 BT_ERR("smp_g2 test failed");
3496 return err;
3497 }
3498
3499 err = test_h6(tfm_cmac);
3500 if (err) {
3501 BT_ERR("smp_h6 test failed");
3502 return err;
3503 }
3504
255047b0
MH		 3505 rettime = ktime_get();
3506 delta = ktime_sub(rettime, calltime);
3507 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3508
5ced2464 3509 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04
JH		 3510
3511 return 0;
3512}
3513
3514int __init bt_selftest_smp(void)
3515{
3516 struct crypto_blkcipher *tfm_aes;
3517 struct crypto_hash *tfm_cmac;
3518 int err;
3519
3520 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3521 if (IS_ERR(tfm_aes)) {
3522 BT_ERR("Unable to create ECB crypto context");
3523 return PTR_ERR(tfm_aes);
3524 }
3525
3526 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3527 if (IS_ERR(tfm_cmac)) {
3528 BT_ERR("Unable to create CMAC crypto context");
3529 crypto_free_blkcipher(tfm_aes);
3530 return PTR_ERR(tfm_cmac);
3531 }
3532
3533 err = run_selftests(tfm_aes, tfm_cmac);
3534
3535 crypto_free_hash(tfm_cmac);
3536 crypto_free_blkcipher(tfm_aes);
3537
3538 return err;
3539}
3540
3541#endif
Linux kernel - Deliverables
This page took 0.730544 seconds and 5 git commands to generate.