projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use OOB key pair for LE SC pairing with OOB method
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
d7a5a11d 55#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
0edb14de
JH		 56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
02b05bd8 73 SMP_FLAG_OOB,
533e35d4 74};
4bc58f51 75
88a479d9 76struct smp_dev {
60a27d65
MH		 77 /* Secure Connections OOB data */
78 u8 local_pk[64];
79 u8 local_sk[32];
80 u8 local_rr[16];
81 bool debug_key;
82
88a479d9 83 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 84 struct crypto_hash *tfm_cmac;
88a479d9
MH		 85};
86
4bc58f51 87struct smp_chan {
b68fda68
JH		 88 struct l2cap_conn *conn;
89 struct delayed_work security_timer;
b28b4943 90 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 91
4bc58f51
JH		 92 u8 preq[7]; /* SMP Pairing Request */
93 u8 prsp[7]; /* SMP Pairing Response */
94 u8 prnd[16]; /* SMP Pairing Random (local) */
95 u8 rrnd[16]; /* SMP Pairing Random (remote) */
96 u8 pcnf[16]; /* SMP Pairing Confirm */
97 u8 tk[16]; /* SMP Temporary Key */
a29b0733 98 u8 rr[16];
4bc58f51
JH		 99 u8 enc_key_size;
100 u8 remote_key_dist;
101 bdaddr_t id_addr;
102 u8 id_addr_type;
103 u8 irk[16];
104 struct smp_csrk *csrk;
105 struct smp_csrk *slave_csrk;
106 struct smp_ltk *ltk;
107 struct smp_ltk *slave_ltk;
108 struct smp_irk *remote_irk;
6a77083a 109 u8 *link_key;
4a74d658 110 unsigned long flags;
783e0574 111 u8 method;
38606f14 112 u8 passkey_round;
6a7bd103 113
3b19146d
JH		 114 /* Secure Connections variables */
115 u8 local_pk[64];
116 u8 local_sk[32];
d8f8edbe
JH		 117 u8 remote_pk[64];
118 u8 dhkey[32];
760b018b 119 u8 mackey[16];
3b19146d 120
6a7bd103 121 struct crypto_blkcipher *tfm_aes;
407cecf6 122 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 123};
124
aeb7d461
JH		 125/* These debug key values are defined in the SMP section of the core
126 * specification. debug_pk is the public debug key and debug_sk the
127 * private debug key.
128 */
129static const u8 debug_pk[64] = {
130 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
131 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
132 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
133 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
134
135 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
136 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
137 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
138 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
139};
140
141static const u8 debug_sk[32] = {
142 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
143 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
144 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
145 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
146};
147
8a2936f4 148static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 149{
8a2936f4 150 size_t i;
d22ef0bc 151
8a2936f4
JH		 152 for (i = 0; i < len; i++)
153 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 154}
155
06edf8de
JH		 156/* The following functions map to the LE SC SMP crypto functions
157 * AES-CMAC, f4, f5, f6, g2 and h6.
158 */
159
cbbbe3e2
JH		 160static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
161 size_t len, u8 mac[16])
162{
163 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
164 struct hash_desc desc;
165 struct scatterlist sg;
166 int err;
167
168 if (len > CMAC_MSG_MAX)
169 return -EFBIG;
170
171 if (!tfm) {
172 BT_ERR("tfm %p", tfm);
173 return -EINVAL;
174 }
175
176 desc.tfm = tfm;
177 desc.flags = 0;
178
179 crypto_hash_init(&desc);
180
181 /* Swap key and message from LSB to MSB */
182 swap_buf(k, tmp, 16);
183 swap_buf(m, msg_msb, len);
184
c7a3d57d
JH		 185 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
186 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 187
188 err = crypto_hash_setkey(tfm, tmp, 16);
189 if (err) {
190 BT_ERR("cipher setkey failed: %d", err);
191 return err;
192 }
193
194 sg_init_one(&sg, msg_msb, len);
195
196 err = crypto_hash_update(&desc, &sg, len);
197 if (err) {
198 BT_ERR("Hash update error %d", err);
199 return err;
200 }
201
202 err = crypto_hash_final(&desc, mac_msb);
203 if (err) {
204 BT_ERR("Hash final error %d", err);
205 return err;
206 }
207
208 swap_buf(mac_msb, mac, 16);
209
c7a3d57d 210 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 211
212 return 0;
213}
214
215static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
216 const u8 x[16], u8 z, u8 res[16])
217{
218 u8 m[65];
219 int err;
220
c7a3d57d
JH		 221 SMP_DBG("u %32phN", u);
222 SMP_DBG("v %32phN", v);
223 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 224
225 m[0] = z;
226 memcpy(m + 1, v, 32);
227 memcpy(m + 33, u, 32);
228
229 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
230 if (err)
231 return err;
232
c7a3d57d 233 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 234
235 return err;
236}
237
4da50de8
JH		 238static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
239 const u8 n1[16], const u8 n2[16], const u8 a1[7],
240 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 241{
242 /* The btle, salt and length "magic" values are as defined in
243 * the SMP section of the Bluetooth core specification. In ASCII
244 * the btle value ends up being 'btle'. The salt is just a
245 * random number whereas length is the value 256 in little
246 * endian format.
247 */
248 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
249 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
250 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
251 const u8 length[2] = { 0x00, 0x01 };
252 u8 m[53], t[16];
253 int err;
254
c7a3d57d
JH		 255 SMP_DBG("w %32phN", w);
256 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
257 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 258
259 err = aes_cmac(tfm_cmac, salt, w, 32, t);
260 if (err)
261 return err;
262
c7a3d57d 263 SMP_DBG("t %16phN", t);
760b018b
JH		 264
265 memcpy(m, length, 2);
266 memcpy(m + 2, a2, 7);
267 memcpy(m + 9, a1, 7);
268 memcpy(m + 16, n2, 16);
269 memcpy(m + 32, n1, 16);
270 memcpy(m + 48, btle, 4);
271
272 m[52] = 0; /* Counter */
273
274 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
275 if (err)
276 return err;
277
c7a3d57d 278 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 279
280 m[52] = 1; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
283 if (err)
284 return err;
285
c7a3d57d 286 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 287
288 return 0;
289}
290
291static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 292 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 293 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
294 u8 res[16])
295{
296 u8 m[65];
297 int err;
298
c7a3d57d
JH		 299 SMP_DBG("w %16phN", w);
300 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
301 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 302
303 memcpy(m, a2, 7);
304 memcpy(m + 7, a1, 7);
305 memcpy(m + 14, io_cap, 3);
306 memcpy(m + 17, r, 16);
307 memcpy(m + 33, n2, 16);
308 memcpy(m + 49, n1, 16);
309
310 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
311 if (err)
312 return err;
313
203de21b 314 SMP_DBG("res %16phN", res);
760b018b
JH		 315
316 return err;
317}
318
191dc7fe
JH		 319static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
320 const u8 x[16], const u8 y[16], u32 *val)
321{
322 u8 m[80], tmp[16];
323 int err;
324
c7a3d57d
JH		 325 SMP_DBG("u %32phN", u);
326 SMP_DBG("v %32phN", v);
327 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 328
329 memcpy(m, y, 16);
330 memcpy(m + 16, v, 32);
331 memcpy(m + 48, u, 32);
332
333 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
334 if (err)
335 return err;
336
337 *val = get_unaligned_le32(tmp);
338 *val %= 1000000;
339
c7a3d57d 340 SMP_DBG("val %06u", *val);
191dc7fe
JH		 341
342 return 0;
343}
344
06edf8de
JH		 345static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
346 const u8 key_id[4], u8 res[16])
347{
348 int err;
349
350 SMP_DBG("w %16phN key_id %4phN", w, key_id);
351
352 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
353 if (err)
354 return err;
355
356 SMP_DBG("res %16phN", res);
357
358 return err;
359}
360
361/* The following functions map to the legacy SMP crypto functions e, c1,
362 * s1 and ah.
363 */
364
d22ef0bc
AB		 365static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
366{
367 struct blkcipher_desc desc;
368 struct scatterlist sg;
943a732a 369 uint8_t tmp[16], data[16];
201a5929 370 int err;
d22ef0bc 371
7f376cd6 372 if (!tfm) {
d22ef0bc
AB		 373 BT_ERR("tfm %p", tfm);
374 return -EINVAL;
375 }
376
377 desc.tfm = tfm;
378 desc.flags = 0;
379
943a732a 380 /* The most significant octet of key corresponds to k[0] */
8a2936f4 381 swap_buf(k, tmp, 16);
943a732a
JH		 382
383 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 384 if (err) {
385 BT_ERR("cipher setkey failed: %d", err);
386 return err;
387 }
388
943a732a 389 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 390 swap_buf(r, data, 16);
943a732a
JH		 391
392 sg_init_one(&sg, data, 16);
d22ef0bc 393
d22ef0bc
AB		 394 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
395 if (err)
396 BT_ERR("Encrypt data error %d", err);
397
943a732a 398 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 399 swap_buf(data, r, 16);
943a732a 400
d22ef0bc
AB		 401 return err;
402}
403
06edf8de
JH		 404static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
405 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
406 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 407{
06edf8de 408 u8 p1[16], p2[16];
6a77083a
JH		 409 int err;
410
06edf8de 411 memset(p1, 0, 16);
6a77083a 412
06edf8de
JH		 413 /* p1 = pres || preq || _rat || _iat */
414 p1[0] = _iat;
415 p1[1] = _rat;
416 memcpy(p1 + 2, preq, 7);
417 memcpy(p1 + 9, pres, 7);
418
419 /* p2 = padding || ia || ra */
420 memcpy(p2, ra, 6);
421 memcpy(p2 + 6, ia, 6);
422 memset(p2 + 12, 0, 4);
423
424 /* res = r XOR p1 */
425 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
426
427 /* res = e(k, res) */
428 err = smp_e(tfm_aes, k, res);
429 if (err) {
430 BT_ERR("Encrypt data error");
6a77083a 431 return err;
06edf8de 432 }
6a77083a 433
06edf8de
JH		 434 /* res = res XOR p2 */
435 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
436
437 /* res = e(k, res) */
438 err = smp_e(tfm_aes, k, res);
439 if (err)
440 BT_ERR("Encrypt data error");
441
442 return err;
443}
444
445static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
446 const u8 r1[16], const u8 r2[16], u8 _r[16])
447{
448 int err;
449
450 /* Just least significant octets from r1 and r2 are considered */
451 memcpy(_r, r2, 8);
452 memcpy(_r + 8, r1, 8);
453
454 err = smp_e(tfm_aes, k, _r);
455 if (err)
456 BT_ERR("Encrypt data error");
6a77083a
JH		 457
458 return err;
459}
460
cd082797
JH		 461static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
462 const u8 r[3], u8 res[3])
60478054 463{
943a732a 464 u8 _res[16];
60478054
JH		 465 int err;
466
467 /* r' = padding || r */
943a732a
JH		 468 memcpy(_res, r, 3);
469 memset(_res + 3, 0, 13);
60478054 470
943a732a 471 err = smp_e(tfm, irk, _res);
60478054
JH		 472 if (err) {
473 BT_ERR("Encrypt error");
474 return err;
475 }
476
477 /* The output of the random address function ah is:
478 * ah(h, r) = e(k, r') mod 2^24
479 * The output of the security function e is then truncated to 24 bits
480 * by taking the least significant 24 bits of the output of e as the
481 * result of ah.
482 */
943a732a 483 memcpy(res, _res, 3);
60478054
JH		 484
485 return 0;
486}
487
cd082797
JH		 488bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
489 const bdaddr_t *bdaddr)
60478054 490{
defce9e8 491 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 492 struct smp_dev *smp;
60478054
JH		 493 u8 hash[3];
494 int err;
495
defce9e8
JH		 496 if (!chan || !chan->data)
497 return false;
498
88a479d9 499 smp = chan->data;
defce9e8 500
60478054
JH		 501 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
502
88a479d9 503 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 504 if (err)
505 return false;
506
507 return !memcmp(bdaddr->b, hash, 3);
508}
509
cd082797 510int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 511{
defce9e8 512 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 513 struct smp_dev *smp;
b1e2b3ae
JH		 514 int err;
515
defce9e8
JH		 516 if (!chan || !chan->data)
517 return -EOPNOTSUPP;
518
88a479d9 519 smp = chan->data;
defce9e8 520
b1e2b3ae
JH		 521 get_random_bytes(&rpa->b[3], 3);
522
523 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
524 rpa->b[5] |= 0x40; /* Set second most significant bit */
525
88a479d9 526 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 527 if (err < 0)
528 return err;
529
530 BT_DBG("RPA %pMR", rpa);
531
532 return 0;
533}
534
60a27d65
MH		 535int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
536{
537 struct l2cap_chan *chan = hdev->smp_data;
538 struct smp_dev *smp;
539 int err;
540
541 if (!chan || !chan->data)
542 return -EOPNOTSUPP;
543
544 smp = chan->data;
545
546 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
547 BT_DBG("Using debug keys");
548 memcpy(smp->local_pk, debug_pk, 64);
549 memcpy(smp->local_sk, debug_sk, 32);
550 smp->debug_key = true;
551 } else {
552 while (true) {
553 /* Generate local key pair for Secure Connections */
554 if (!ecc_make_key(smp->local_pk, smp->local_sk))
555 return -EIO;
556
557 /* This is unlikely, but we need to check that
558 * we didn't accidentially generate a debug key.
559 */
560 if (memcmp(smp->local_sk, debug_sk, 32))
561 break;
562 }
563 smp->debug_key = false;
564 }
565
566 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
567 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
568 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
569
570 get_random_bytes(smp->local_rr, 16);
571
572 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
573 smp->local_rr, 0, hash);
574 if (err < 0)
575 return err;
576
577 memcpy(rand, smp->local_rr, 16);
578
579 return 0;
580}
581
5d88cc73 582static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 583{
5d88cc73 584 struct l2cap_chan *chan = conn->smp;
b68fda68 585 struct smp_chan *smp;
5d88cc73
JH		 586 struct kvec iv[2];
587 struct msghdr msg;
eb492e01 588
5d88cc73
JH		 589 if (!chan)
590 return;
eb492e01 591
5d88cc73 592 BT_DBG("code 0x%2.2x", code);
eb492e01 593
5d88cc73
JH		 594 iv[0].iov_base = &code;
595 iv[0].iov_len = 1;
eb492e01 596
5d88cc73
JH		 597 iv[1].iov_base = data;
598 iv[1].iov_len = len;
eb492e01 599
5d88cc73 600 memset(&msg, 0, sizeof(msg));
eb492e01 601
17836394 602 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 603
5d88cc73 604 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 605
b68fda68
JH		 606 if (!chan->data)
607 return;
608
609 smp = chan->data;
610
611 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 612 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 613}
614
d2eb9e10 615static u8 authreq_to_seclevel(u8 authreq)
2b64d153 616{
d2eb9e10
JH		 617 if (authreq & SMP_AUTH_MITM) {
618 if (authreq & SMP_AUTH_SC)
619 return BT_SECURITY_FIPS;
620 else
621 return BT_SECURITY_HIGH;
622 } else {
2b64d153 623 return BT_SECURITY_MEDIUM;
d2eb9e10 624 }
2b64d153
BG		 625}
626
627static __u8 seclevel_to_authreq(__u8 sec_level)
628{
629 switch (sec_level) {
d2eb9e10 630 case BT_SECURITY_FIPS:
2b64d153
BG		 631 case BT_SECURITY_HIGH:
632 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
633 case BT_SECURITY_MEDIUM:
634 return SMP_AUTH_BONDING;
635 default:
636 return SMP_AUTH_NONE;
637 }
638}
639
b8e66eac 640static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 641 struct smp_cmd_pairing *req,
642 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 643{
5d88cc73
JH		 644 struct l2cap_chan *chan = conn->smp;
645 struct smp_chan *smp = chan->data;
fd349c02
JH		 646 struct hci_conn *hcon = conn->hcon;
647 struct hci_dev *hdev = hcon->hdev;
02b05bd8 648 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 649
d7a5a11d 650 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 651 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
652 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 653 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 654 } else {
655 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 656 }
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 659 remote_dist |= SMP_DIST_ID_KEY;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 662 local_dist |= SMP_DIST_ID_KEY;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 665 (authreq & SMP_AUTH_SC)) {
666 struct oob_data *oob_data;
667 u8 bdaddr_type;
668
d7a5a11d 669 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 670 local_dist |= SMP_DIST_LINK_KEY;
671 remote_dist |= SMP_DIST_LINK_KEY;
672 }
02b05bd8
JH		 673
674 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
675 bdaddr_type = BDADDR_LE_PUBLIC;
676 else
677 bdaddr_type = BDADDR_LE_RANDOM;
678
679 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
680 bdaddr_type);
4775a4ea 681 if (oob_data && oob_data->present) {
02b05bd8
JH		 682 set_bit(SMP_FLAG_OOB, &smp->flags);
683 oob_flag = SMP_OOB_PRESENT;
a29b0733 684 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 685 memcpy(smp->pcnf, oob_data->hash256, 16);
686 }
687
df8e1a4c
JH		 688 } else {
689 authreq &= ~SMP_AUTH_SC;
690 }
691
54790f73
VCG		 692 if (rsp == NULL) {
693 req->io_capability = conn->hcon->io_capability;
02b05bd8 694 req->oob_flag = oob_flag;
54790f73 695 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 696 req->init_key_dist = local_dist;
697 req->resp_key_dist = remote_dist;
0edb14de 698 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 699
700 smp->remote_key_dist = remote_dist;
54790f73
VCG		 701 return;
702 }
703
704 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 705 rsp->oob_flag = oob_flag;
54790f73 706 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 707 rsp->init_key_dist = req->init_key_dist & remote_dist;
708 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 709 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 710
711 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 712}
713
3158c50c
VCG		 714static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
715{
5d88cc73
JH		 716 struct l2cap_chan *chan = conn->smp;
717 struct smp_chan *smp = chan->data;
1c1def09 718
3158c50c 719 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 720 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 721 return SMP_ENC_KEY_SIZE;
722
f7aa611a 723 smp->enc_key_size = max_key_size;
3158c50c
VCG		 724
725 return 0;
726}
727
6f48e260
JH		 728static void smp_chan_destroy(struct l2cap_conn *conn)
729{
730 struct l2cap_chan *chan = conn->smp;
731 struct smp_chan *smp = chan->data;
923e2414 732 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 733 bool complete;
734
735 BUG_ON(!smp);
736
737 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 738
6f48e260 739 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 740 mgmt_smp_complete(hcon, complete);
6f48e260 741
276812ec
MH		 742 kzfree(smp->csrk);
743 kzfree(smp->slave_csrk);
744 kzfree(smp->link_key);
6f48e260
JH		 745
746 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 747 crypto_free_hash(smp->tfm_cmac);
6f48e260 748
923e2414
JH		 749 /* Ensure that we don't leave any debug key around if debug key
750 * support hasn't been explicitly enabled.
751 */
752 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 753 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 754 list_del_rcu(&smp->ltk->list);
755 kfree_rcu(smp->ltk, rcu);
756 smp->ltk = NULL;
757 }
758
6f48e260
JH		 759 /* If pairing failed clean up any keys we might have */
760 if (!complete) {
761 if (smp->ltk) {
970d0f1b
JH		 762 list_del_rcu(&smp->ltk->list);
763 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 764 }
765
766 if (smp->slave_ltk) {
970d0f1b
JH		 767 list_del_rcu(&smp->slave_ltk->list);
768 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 769 }
770
771 if (smp->remote_irk) {
adae20cb
JH		 772 list_del_rcu(&smp->remote_irk->list);
773 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 774 }
775 }
776
777 chan->data = NULL;
276812ec 778 kzfree(smp);
923e2414 779 hci_conn_drop(hcon);
6f48e260
JH		 780}
781
84794e11 782static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 783{
bab73cb6 784 struct hci_conn *hcon = conn->hcon;
b68fda68 785 struct l2cap_chan *chan = conn->smp;
bab73cb6 786
84794e11 787 if (reason)
4f957a76 788 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 789 &reason);
4f957a76 790
ce39fb4e 791 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 792 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 793
fc75cc86 794 if (chan->data)
f1c09c07 795 smp_chan_destroy(conn);
4f957a76
BG		 796}
797
2b64d153
BG		 798#define JUST_WORKS 0x00
799#define JUST_CFM 0x01
800#define REQ_PASSKEY 0x02
801#define CFM_PASSKEY 0x03
802#define REQ_OOB 0x04
5e3d3d9b 803#define DSP_PASSKEY 0x05
2b64d153
BG		 804#define OVERLAP 0xFF
805
806static const u8 gen_method[5][5] = {
807 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
808 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
809 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
810 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
811 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
812};
813
5e3d3d9b
JH		 814static const u8 sc_method[5][5] = {
815 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
816 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
817 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
818 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
819 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
820};
821
581370cc
JH		 822static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
823{
2bcd4003
JH		 824 /* If either side has unknown io_caps, use JUST_CFM (which gets
825 * converted later to JUST_WORKS if we're initiators.
826 */
581370cc
JH		 827 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
828 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 829 return JUST_CFM;
581370cc 830
5e3d3d9b
JH		 831 if (test_bit(SMP_FLAG_SC, &smp->flags))
832 return sc_method[remote_io][local_io];
833
581370cc
JH		 834 return gen_method[remote_io][local_io];
835}
836
2b64d153
BG		 837static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
838 u8 local_io, u8 remote_io)
839{
840 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 841 struct l2cap_chan *chan = conn->smp;
842 struct smp_chan *smp = chan->data;
2b64d153
BG		 843 u32 passkey = 0;
844 int ret = 0;
845
846 /* Initialize key for JUST WORKS */
847 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 848 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 849
850 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
851
2bcd4003
JH		 852 /* If neither side wants MITM, either "just" confirm an incoming
853 * request or use just-works for outgoing ones. The JUST_CFM
854 * will be converted to JUST_WORKS if necessary later in this
855 * function. If either side has MITM look up the method from the
856 * table.
857 */
581370cc 858 if (!(auth & SMP_AUTH_MITM))
783e0574 859 smp->method = JUST_CFM;
2b64d153 860 else
783e0574 861 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 862
a82505c7 863 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 864 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
865 &smp->flags))
866 smp->method = JUST_WORKS;
a82505c7 867
02f3e254 868 /* Don't bother user space with no IO capabilities */
783e0574
JH		 869 if (smp->method == JUST_CFM &&
870 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
871 smp->method = JUST_WORKS;
02f3e254 872
2b64d153 873 /* If Just Works, Continue with Zero TK */
783e0574 874 if (smp->method == JUST_WORKS) {
4a74d658 875 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 876 return 0;
877 }
878
879 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 880 if (smp->method != JUST_CFM) {
4a74d658 881 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 882 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
883 hcon->pending_sec_level = BT_SECURITY_HIGH;
884 }
2b64d153
BG		 885
886 /* If both devices have Keyoard-Display I/O, the master
887 * Confirms and the slave Enters the passkey.
888 */
783e0574 889 if (smp->method == OVERLAP) {
40bef302 890 if (hcon->role == HCI_ROLE_MASTER)
783e0574 891 smp->method = CFM_PASSKEY;
2b64d153 892 else
783e0574 893 smp->method = REQ_PASSKEY;
2b64d153
BG		 894 }
895
01ad34d2 896 /* Generate random passkey. */
783e0574 897 if (smp->method == CFM_PASSKEY) {
943a732a 898 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 899 get_random_bytes(&passkey, sizeof(passkey));
900 passkey %= 1000000;
943a732a 901 put_unaligned_le32(passkey, smp->tk);
2b64d153 902 BT_DBG("PassKey: %d", passkey);
4a74d658 903 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 904 }
905
783e0574 906 if (smp->method == REQ_PASSKEY)
ce39fb4e 907 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 908 hcon->type, hcon->dst_type);
783e0574 909 else if (smp->method == JUST_CFM)
4eb65e66
JH		 910 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
911 hcon->type, hcon->dst_type,
912 passkey, 1);
2b64d153 913 else
01ad34d2 914 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 915 hcon->type, hcon->dst_type,
39adbffe 916 passkey, 0);
2b64d153 917
2b64d153
BG		 918 return ret;
919}
920
1cc61144 921static u8 smp_confirm(struct smp_chan *smp)
8aab4757 922{
8aab4757 923 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 924 struct smp_cmd_pairing_confirm cp;
925 int ret;
8aab4757
VCG		 926
927 BT_DBG("conn %p", conn);
928
e491eaf3 929 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 930 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 931 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
932 cp.confirm_val);
1cc61144
JH		 933 if (ret)
934 return SMP_UNSPECIFIED;
8aab4757 935
4a74d658 936 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 937
8aab4757
VCG		 938 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
939
b28b4943
JH		 940 if (conn->hcon->out)
941 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
942 else
943 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
944
1cc61144 945 return 0;
8aab4757
VCG		 946}
947
861580a9 948static u8 smp_random(struct smp_chan *smp)
8aab4757 949{
8aab4757
VCG		 950 struct l2cap_conn *conn = smp->conn;
951 struct hci_conn *hcon = conn->hcon;
861580a9 952 u8 confirm[16];
8aab4757
VCG		 953 int ret;
954
ec70f36f 955 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 956 return SMP_UNSPECIFIED;
8aab4757
VCG		 957
958 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
959
e491eaf3 960 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 961 hcon->init_addr_type, &hcon->init_addr,
943a732a 962 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 963 if (ret)
964 return SMP_UNSPECIFIED;
8aab4757 965
8aab4757
VCG		 966 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
967 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 968 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 969 }
970
971 if (hcon->out) {
fe39c7b2
MH		 972 u8 stk[16];
973 __le64 rand = 0;
974 __le16 ediv = 0;
8aab4757 975
e491eaf3 976 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 977
f7aa611a 978 memset(stk + smp->enc_key_size, 0,
04124681 979 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 980
861580a9
JH		 981 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
982 return SMP_UNSPECIFIED;
8aab4757
VCG		 983
984 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 985 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 986 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 987 } else {
fff3490f 988 u8 stk[16], auth;
fe39c7b2
MH		 989 __le64 rand = 0;
990 __le16 ediv = 0;
8aab4757 991
943a732a
JH		 992 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
993 smp->prnd);
8aab4757 994
e491eaf3 995 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 996
f7aa611a 997 memset(stk + smp->enc_key_size, 0,
f1560463 998 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 999
fff3490f
JH		 1000 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1001 auth = 1;
1002 else
1003 auth = 0;
1004
7d5843b7
JH		 1005 /* Even though there's no _SLAVE suffix this is the
1006 * slave STK we're adding for later lookup (the master
1007 * STK never needs to be stored).
1008 */
ce39fb4e 1009 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1010 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1011 }
1012
861580a9 1013 return 0;
8aab4757
VCG		 1014}
1015
44f1a7ab
JH		 1016static void smp_notify_keys(struct l2cap_conn *conn)
1017{
1018 struct l2cap_chan *chan = conn->smp;
1019 struct smp_chan *smp = chan->data;
1020 struct hci_conn *hcon = conn->hcon;
1021 struct hci_dev *hdev = hcon->hdev;
1022 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1023 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1024 bool persistent;
1025
1026 if (smp->remote_irk) {
1027 mgmt_new_irk(hdev, smp->remote_irk);
1028 /* Now that user space can be considered to know the
1029 * identity address track the connection based on it
b5ae344d 1030 * from now on (assuming this is an LE link).
44f1a7ab 1031 */
b5ae344d
JH		 1032 if (hcon->type == LE_LINK) {
1033 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1034 hcon->dst_type = smp->remote_irk->addr_type;
1035 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1036 }
44f1a7ab
JH		 1037
1038 /* When receiving an indentity resolving key for
1039 * a remote device that does not use a resolvable
1040 * private address, just remove the key so that
1041 * it is possible to use the controller white
1042 * list for scanning.
1043 *
1044 * Userspace will have been told to not store
1045 * this key at this point. So it is safe to
1046 * just remove it.
1047 */
1048 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 1049 list_del_rcu(&smp->remote_irk->list);
1050 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 1051 smp->remote_irk = NULL;
1052 }
1053 }
1054
b5ae344d
JH		 1055 if (hcon->type == ACL_LINK) {
1056 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1057 persistent = false;
1058 else
1059 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1060 &hcon->flags);
1061 } else {
1062 /* The LTKs and CSRKs should be persistent only if both sides
1063 * had the bonding bit set in their authentication requests.
1064 */
1065 persistent = !!((req->auth_req & rsp->auth_req) &
1066 SMP_AUTH_BONDING);
1067 }
1068
44f1a7ab
JH		 1069
1070 if (smp->csrk) {
1071 smp->csrk->bdaddr_type = hcon->dst_type;
1072 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1073 mgmt_new_csrk(hdev, smp->csrk, persistent);
1074 }
1075
1076 if (smp->slave_csrk) {
1077 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1078 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1079 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1080 }
1081
1082 if (smp->ltk) {
1083 smp->ltk->bdaddr_type = hcon->dst_type;
1084 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1085 mgmt_new_ltk(hdev, smp->ltk, persistent);
1086 }
1087
1088 if (smp->slave_ltk) {
1089 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1090 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1091 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1092 }
6a77083a
JH		 1093
1094 if (smp->link_key) {
e3befab9
JH		 1095 struct link_key *key;
1096 u8 type;
1097
1098 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1099 type = HCI_LK_DEBUG_COMBINATION;
1100 else if (hcon->sec_level == BT_SECURITY_FIPS)
1101 type = HCI_LK_AUTH_COMBINATION_P256;
1102 else
1103 type = HCI_LK_UNAUTH_COMBINATION_P256;
1104
1105 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1106 smp->link_key, type, 0, &persistent);
1107 if (key) {
1108 mgmt_new_link_key(hdev, key, persistent);
1109
1110 /* Don't keep debug keys around if the relevant
1111 * flag is not set.
1112 */
d7a5a11d 1113 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1114 key->type == HCI_LK_DEBUG_COMBINATION) {
1115 list_del_rcu(&key->list);
1116 kfree_rcu(key, rcu);
1117 }
1118 }
6a77083a
JH		 1119 }
1120}
1121
d3e54a87
JH		 1122static void sc_add_ltk(struct smp_chan *smp)
1123{
1124 struct hci_conn *hcon = smp->conn->hcon;
1125 u8 key_type, auth;
1126
1127 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1128 key_type = SMP_LTK_P256_DEBUG;
1129 else
1130 key_type = SMP_LTK_P256;
1131
1132 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1133 auth = 1;
1134 else
1135 auth = 0;
1136
1137 memset(smp->tk + smp->enc_key_size, 0,
1138 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1139
1140 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1141 key_type, auth, smp->tk, smp->enc_key_size,
1142 0, 0);
1143}
1144
6a77083a
JH		 1145static void sc_generate_link_key(struct smp_chan *smp)
1146{
1147 /* These constants are as specified in the core specification.
1148 * In ASCII they spell out to 'tmp1' and 'lebr'.
1149 */
1150 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1151 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1152
1153 smp->link_key = kzalloc(16, GFP_KERNEL);
1154 if (!smp->link_key)
1155 return;
1156
1157 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
276812ec 1158 kzfree(smp->link_key);
6a77083a
JH		 1159 smp->link_key = NULL;
1160 return;
1161 }
1162
1163 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1164 kzfree(smp->link_key);
6a77083a
JH		 1165 smp->link_key = NULL;
1166 return;
1167 }
44f1a7ab
JH		 1168}
1169
b28b4943
JH		 1170static void smp_allow_key_dist(struct smp_chan *smp)
1171{
1172 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1173 * will be allowed in each PDU handler to ensure we receive
1174 * them in the correct order.
1175 */
1176 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1177 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1178 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1179 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1180 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1182}
1183
b5ae344d
JH		 1184static void sc_generate_ltk(struct smp_chan *smp)
1185{
1186 /* These constants are as specified in the core specification.
1187 * In ASCII they spell out to 'tmp2' and 'brle'.
1188 */
1189 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1190 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1191 struct hci_conn *hcon = smp->conn->hcon;
1192 struct hci_dev *hdev = hcon->hdev;
1193 struct link_key *key;
1194
1195 key = hci_find_link_key(hdev, &hcon->dst);
1196 if (!key) {
1197 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1198 return;
1199 }
1200
1201 if (key->type == HCI_LK_DEBUG_COMBINATION)
1202 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1203
1204 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1205 return;
1206
1207 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1208 return;
1209
1210 sc_add_ltk(smp);
1211}
1212
d6268e86 1213static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1214{
1215 struct smp_cmd_pairing *req, *rsp;
86d1407c 1216 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1217 struct hci_conn *hcon = conn->hcon;
1218 struct hci_dev *hdev = hcon->hdev;
1219 __u8 *keydist;
1220
1221 BT_DBG("conn %p", conn);
1222
44f1a7ab
JH		 1223 rsp = (void *) &smp->prsp[1];
1224
1225 /* The responder sends its keys first */
b28b4943
JH		 1226 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1227 smp_allow_key_dist(smp);
86d1407c 1228 return;
b28b4943 1229 }
44f1a7ab
JH		 1230
1231 req = (void *) &smp->preq[1];
1232
1233 if (hcon->out) {
1234 keydist = &rsp->init_key_dist;
1235 *keydist &= req->init_key_dist;
1236 } else {
1237 keydist = &rsp->resp_key_dist;
1238 *keydist &= req->resp_key_dist;
1239 }
1240
6a77083a 1241 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1242 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1243 sc_generate_link_key(smp);
b5ae344d
JH		 1244 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1245 sc_generate_ltk(smp);
6a77083a
JH		 1246
1247 /* Clear the keys which are generated but not distributed */
1248 *keydist &= ~SMP_SC_NO_DIST;
1249 }
1250
44f1a7ab
JH		 1251 BT_DBG("keydist 0x%x", *keydist);
1252
1253 if (*keydist & SMP_DIST_ENC_KEY) {
1254 struct smp_cmd_encrypt_info enc;
1255 struct smp_cmd_master_ident ident;
1256 struct smp_ltk *ltk;
1257 u8 authenticated;
1258 __le16 ediv;
1259 __le64 rand;
1260
1261 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1262 get_random_bytes(&ediv, sizeof(ediv));
1263 get_random_bytes(&rand, sizeof(rand));
1264
1265 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1266
1267 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1268 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1269 SMP_LTK_SLAVE, authenticated, enc.ltk,
1270 smp->enc_key_size, ediv, rand);
1271 smp->slave_ltk = ltk;
1272
1273 ident.ediv = ediv;
1274 ident.rand = rand;
1275
1276 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1277
1278 *keydist &= ~SMP_DIST_ENC_KEY;
1279 }
1280
1281 if (*keydist & SMP_DIST_ID_KEY) {
1282 struct smp_cmd_ident_addr_info addrinfo;
1283 struct smp_cmd_ident_info idinfo;
1284
1285 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1286
1287 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1288
1289 /* The hci_conn contains the local identity address
1290 * after the connection has been established.
1291 *
1292 * This is true even when the connection has been
1293 * established using a resolvable random address.
1294 */
1295 bacpy(&addrinfo.bdaddr, &hcon->src);
1296 addrinfo.addr_type = hcon->src_type;
1297
1298 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1299 &addrinfo);
1300
1301 *keydist &= ~SMP_DIST_ID_KEY;
1302 }
1303
1304 if (*keydist & SMP_DIST_SIGN) {
1305 struct smp_cmd_sign_info sign;
1306 struct smp_csrk *csrk;
1307
1308 /* Generate a new random key */
1309 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1310
1311 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1312 if (csrk) {
4cd3928a
JH		 1313 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1314 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1315 else
1316 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1317 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1318 }
1319 smp->slave_csrk = csrk;
1320
1321 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1322
1323 *keydist &= ~SMP_DIST_SIGN;
1324 }
1325
1326 /* If there are still keys to be received wait for them */
b28b4943
JH		 1327 if (smp->remote_key_dist & KEY_DIST_MASK) {
1328 smp_allow_key_dist(smp);
86d1407c 1329 return;
b28b4943 1330 }
44f1a7ab 1331
44f1a7ab
JH		 1332 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1333 smp_notify_keys(conn);
1334
1335 smp_chan_destroy(conn);
44f1a7ab
JH		 1336}
1337
b68fda68
JH		 1338static void smp_timeout(struct work_struct *work)
1339{
1340 struct smp_chan *smp = container_of(work, struct smp_chan,
1341 security_timer.work);
1342 struct l2cap_conn *conn = smp->conn;
1343
1344 BT_DBG("conn %p", conn);
1345
1e91c29e 1346 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1347}
1348
8aab4757
VCG		 1349static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1350{
5d88cc73 1351 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1352 struct smp_chan *smp;
1353
f1560463 1354 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1355 if (!smp)
8aab4757
VCG		 1356 return NULL;
1357
6a7bd103
JH		 1358 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1359 if (IS_ERR(smp->tfm_aes)) {
1360 BT_ERR("Unable to create ECB crypto context");
276812ec 1361 kzfree(smp);
6a7bd103
JH		 1362 return NULL;
1363 }
1364
407cecf6
JH		 1365 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1366 if (IS_ERR(smp->tfm_cmac)) {
1367 BT_ERR("Unable to create CMAC crypto context");
1368 crypto_free_blkcipher(smp->tfm_aes);
276812ec 1369 kzfree(smp);
407cecf6
JH		 1370 return NULL;
1371 }
1372
8aab4757 1373 smp->conn = conn;
5d88cc73 1374 chan->data = smp;
8aab4757 1375
b28b4943
JH		 1376 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1377
b68fda68
JH		 1378 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1379
8aab4757
VCG		 1380 hci_conn_hold(conn->hcon);
1381
1382 return smp;
1383}
1384
760b018b
JH		 1385static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1386{
1387 struct hci_conn *hcon = smp->conn->hcon;
1388 u8 *na, *nb, a[7], b[7];
1389
1390 if (hcon->out) {
1391 na = smp->prnd;
1392 nb = smp->rrnd;
1393 } else {
1394 na = smp->rrnd;
1395 nb = smp->prnd;
1396 }
1397
1398 memcpy(a, &hcon->init_addr, 6);
1399 memcpy(b, &hcon->resp_addr, 6);
1400 a[6] = hcon->init_addr_type;
1401 b[6] = hcon->resp_addr_type;
1402
1403 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1404}
1405
38606f14 1406static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1407{
1408 struct hci_conn *hcon = smp->conn->hcon;
1409 struct smp_cmd_dhkey_check check;
1410 u8 a[7], b[7], *local_addr, *remote_addr;
1411 u8 io_cap[3], r[16];
1412
760b018b
JH		 1413 memcpy(a, &hcon->init_addr, 6);
1414 memcpy(b, &hcon->resp_addr, 6);
1415 a[6] = hcon->init_addr_type;
1416 b[6] = hcon->resp_addr_type;
1417
1418 if (hcon->out) {
1419 local_addr = a;
1420 remote_addr = b;
1421 memcpy(io_cap, &smp->preq[1], 3);
1422 } else {
1423 local_addr = b;
1424 remote_addr = a;
1425 memcpy(io_cap, &smp->prsp[1], 3);
1426 }
1427
dddd3059
JH		 1428 memset(r, 0, sizeof(r));
1429
1430 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1431 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1432
a29b0733
JH		 1433 if (smp->method == REQ_OOB)
1434 memcpy(r, smp->rr, 16);
1435
760b018b
JH		 1436 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1437 local_addr, remote_addr, check.e);
1438
1439 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1440}
1441
38606f14
JH		 1442static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1443{
1444 struct l2cap_conn *conn = smp->conn;
1445 struct hci_conn *hcon = conn->hcon;
1446 struct smp_cmd_pairing_confirm cfm;
1447 u8 r;
1448
1449 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1450 r |= 0x80;
1451
1452 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1453
1454 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1455 cfm.confirm_val))
1456 return SMP_UNSPECIFIED;
1457
1458 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1459
1460 return 0;
1461}
1462
1463static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1464{
1465 struct l2cap_conn *conn = smp->conn;
1466 struct hci_conn *hcon = conn->hcon;
1467 struct hci_dev *hdev = hcon->hdev;
1468 u8 cfm[16], r;
1469
1470 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1471 if (smp->passkey_round >= 20)
1472 return 0;
1473
1474 switch (smp_op) {
1475 case SMP_CMD_PAIRING_RANDOM:
1476 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1477 r |= 0x80;
1478
1479 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1480 smp->rrnd, r, cfm))
1481 return SMP_UNSPECIFIED;
1482
1483 if (memcmp(smp->pcnf, cfm, 16))
1484 return SMP_CONFIRM_FAILED;
1485
1486 smp->passkey_round++;
1487
1488 if (smp->passkey_round == 20) {
1489 /* Generate MacKey and LTK */
1490 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1491 return SMP_UNSPECIFIED;
1492 }
1493
1494 /* The round is only complete when the initiator
1495 * receives pairing random.
1496 */
1497 if (!hcon->out) {
1498 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1499 sizeof(smp->prnd), smp->prnd);
d3e54a87 1500 if (smp->passkey_round == 20)
38606f14 1501 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1502 else
38606f14 1503 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1504 return 0;
1505 }
1506
1507 /* Start the next round */
1508 if (smp->passkey_round != 20)
1509 return sc_passkey_round(smp, 0);
1510
1511 /* Passkey rounds are complete - start DHKey Check */
1512 sc_dhkey_check(smp);
1513 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1514
1515 break;
1516
1517 case SMP_CMD_PAIRING_CONFIRM:
1518 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1519 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1520 return 0;
1521 }
1522
1523 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1524
1525 if (hcon->out) {
1526 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1527 sizeof(smp->prnd), smp->prnd);
1528 return 0;
1529 }
1530
1531 return sc_passkey_send_confirm(smp);
1532
1533 case SMP_CMD_PUBLIC_KEY:
1534 default:
1535 /* Initiating device starts the round */
1536 if (!hcon->out)
1537 return 0;
1538
1539 BT_DBG("%s Starting passkey round %u", hdev->name,
1540 smp->passkey_round + 1);
1541
1542 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1543
1544 return sc_passkey_send_confirm(smp);
1545 }
1546
1547 return 0;
1548}
1549
dddd3059
JH		 1550static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1551{
38606f14
JH		 1552 struct l2cap_conn *conn = smp->conn;
1553 struct hci_conn *hcon = conn->hcon;
1554 u8 smp_op;
1555
1556 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1557
dddd3059
JH		 1558 switch (mgmt_op) {
1559 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1560 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1561 return 0;
1562 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1563 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1564 return 0;
38606f14
JH		 1565 case MGMT_OP_USER_PASSKEY_REPLY:
1566 hcon->passkey_notify = le32_to_cpu(passkey);
1567 smp->passkey_round = 0;
1568
1569 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1570 smp_op = SMP_CMD_PAIRING_CONFIRM;
1571 else
1572 smp_op = 0;
1573
1574 if (sc_passkey_round(smp, smp_op))
1575 return -EIO;
1576
1577 return 0;
dddd3059
JH		 1578 }
1579
d3e54a87
JH		 1580 /* Initiator sends DHKey check first */
1581 if (hcon->out) {
1582 sc_dhkey_check(smp);
1583 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1584 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1585 sc_dhkey_check(smp);
1586 sc_add_ltk(smp);
1587 }
760b018b
JH		 1588
1589 return 0;
1590}
1591
2b64d153
BG		 1592int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1593{
b10e8017 1594 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1595 struct l2cap_chan *chan;
2b64d153
BG		 1596 struct smp_chan *smp;
1597 u32 value;
fc75cc86 1598 int err;
2b64d153
BG		 1599
1600 BT_DBG("");
1601
fc75cc86 1602 if (!conn)
2b64d153
BG		 1603 return -ENOTCONN;
1604
5d88cc73
JH		 1605 chan = conn->smp;
1606 if (!chan)
1607 return -ENOTCONN;
1608
fc75cc86
JH		 1609 l2cap_chan_lock(chan);
1610 if (!chan->data) {
1611 err = -ENOTCONN;
1612 goto unlock;
1613 }
1614
5d88cc73 1615 smp = chan->data;
2b64d153 1616
760b018b
JH		 1617 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1618 err = sc_user_reply(smp, mgmt_op, passkey);
1619 goto unlock;
1620 }
1621
2b64d153
BG		 1622 switch (mgmt_op) {
1623 case MGMT_OP_USER_PASSKEY_REPLY:
1624 value = le32_to_cpu(passkey);
943a732a 1625 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1626 BT_DBG("PassKey: %d", value);
943a732a 1627 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1628 /* Fall Through */
1629 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1630 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1631 break;
1632 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1633 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1634 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1635 err = 0;
1636 goto unlock;
2b64d153 1637 default:
84794e11 1638 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1639 err = -EOPNOTSUPP;
1640 goto unlock;
2b64d153
BG		 1641 }
1642
fc75cc86
JH		 1643 err = 0;
1644
2b64d153 1645 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1646 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1647 u8 rsp = smp_confirm(smp);
1648 if (rsp)
1649 smp_failure(conn, rsp);
1650 }
2b64d153 1651
fc75cc86
JH		 1652unlock:
1653 l2cap_chan_unlock(chan);
1654 return err;
2b64d153
BG		 1655}
1656
b5ae344d
JH		 1657static void build_bredr_pairing_cmd(struct smp_chan *smp,
1658 struct smp_cmd_pairing *req,
1659 struct smp_cmd_pairing *rsp)
1660{
1661 struct l2cap_conn *conn = smp->conn;
1662 struct hci_dev *hdev = conn->hcon->hdev;
1663 u8 local_dist = 0, remote_dist = 0;
1664
d7a5a11d 1665 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1666 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1667 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1668 }
1669
d7a5a11d 1670 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1671 remote_dist |= SMP_DIST_ID_KEY;
1672
d7a5a11d 1673 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1674 local_dist |= SMP_DIST_ID_KEY;
1675
1676 if (!rsp) {
1677 memset(req, 0, sizeof(*req));
1678
1679 req->init_key_dist = local_dist;
1680 req->resp_key_dist = remote_dist;
1681 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1682
1683 smp->remote_key_dist = remote_dist;
1684
1685 return;
1686 }
1687
1688 memset(rsp, 0, sizeof(*rsp));
1689
1690 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1691 rsp->init_key_dist = req->init_key_dist & remote_dist;
1692 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1693
1694 smp->remote_key_dist = rsp->init_key_dist;
1695}
1696
da85e5e5 1697static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1698{
3158c50c 1699 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1700 struct l2cap_chan *chan = conn->smp;
b3c6410b 1701 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1702 struct smp_chan *smp;
c7262e71 1703 u8 key_size, auth, sec_level;
8aab4757 1704 int ret;
88ba43b6
AB		 1705
1706 BT_DBG("conn %p", conn);
1707
c46b98be 1708 if (skb->len < sizeof(*req))
38e4a915 1709 return SMP_INVALID_PARAMS;
c46b98be 1710
40bef302 1711 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1712 return SMP_CMD_NOTSUPP;
1713
fc75cc86 1714 if (!chan->data)
8aab4757 1715 smp = smp_chan_create(conn);
fc75cc86 1716 else
5d88cc73 1717 smp = chan->data;
8aab4757 1718
d08fd0e7
AE		 1719 if (!smp)
1720 return SMP_UNSPECIFIED;
d26a2345 1721
c05b9339 1722 /* We didn't start the pairing, so match remote */
0edb14de 1723 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1724
d7a5a11d 1725 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1726 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1727 return SMP_PAIRING_NOTSUPP;
1728
d7a5a11d 1729 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1730 return SMP_AUTH_REQUIREMENTS;
1731
1c1def09
VCG		 1732 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1733 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1734 skb_pull(skb, sizeof(*req));
88ba43b6 1735
b5ae344d
JH		 1736 /* SMP over BR/EDR requires special treatment */
1737 if (conn->hcon->type == ACL_LINK) {
1738 /* We must have a BR/EDR SC link */
08f63cc5 1739 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1740 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1741 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1742
1743 set_bit(SMP_FLAG_SC, &smp->flags);
1744
1745 build_bredr_pairing_cmd(smp, req, &rsp);
1746
1747 key_size = min(req->max_key_size, rsp.max_key_size);
1748 if (check_enc_key_size(conn, key_size))
1749 return SMP_ENC_KEY_SIZE;
1750
1751 /* Clear bits which are generated but not distributed */
1752 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1753
1754 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1755 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1756 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1757
1758 smp_distribute_keys(smp);
1759 return 0;
1760 }
1761
5e3d3d9b
JH		 1762 build_pairing_cmd(conn, req, &rsp, auth);
1763
1764 if (rsp.auth_req & SMP_AUTH_SC)
1765 set_bit(SMP_FLAG_SC, &smp->flags);
1766
5be5e275 1767 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1768 sec_level = BT_SECURITY_MEDIUM;
1769 else
1770 sec_level = authreq_to_seclevel(auth);
1771
c7262e71
JH		 1772 if (sec_level > conn->hcon->pending_sec_level)
1773 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1774
49c922bb 1775 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1776 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1777 u8 method;
1778
1779 method = get_auth_method(smp, conn->hcon->io_capability,
1780 req->io_capability);
1781 if (method == JUST_WORKS || method == JUST_CFM)
1782 return SMP_AUTH_REQUIREMENTS;
1783 }
1784
3158c50c
VCG		 1785 key_size = min(req->max_key_size, rsp.max_key_size);
1786 if (check_enc_key_size(conn, key_size))
1787 return SMP_ENC_KEY_SIZE;
88ba43b6 1788
e84a6b13 1789 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1790
1c1def09
VCG		 1791 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1792 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1793
3158c50c 1794 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1795
1796 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1797
1798 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1799 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1800 /* Clear bits which are generated but not distributed */
1801 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1802 /* Wait for Public Key from Initiating Device */
1803 return 0;
3b19146d 1804 }
da85e5e5 1805
983f9814
MH		 1806 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1807
2b64d153
BG		 1808 /* Request setup of TK */
1809 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1810 if (ret)
1811 return SMP_UNSPECIFIED;
1812
da85e5e5 1813 return 0;
88ba43b6
AB		 1814}
1815
3b19146d
JH		 1816static u8 sc_send_public_key(struct smp_chan *smp)
1817{
70157ef5
JH		 1818 struct hci_dev *hdev = smp->conn->hcon->hdev;
1819
3b19146d
JH		 1820 BT_DBG("");
1821
33d0c030
MH		 1822 if (test_bit(SMP_FLAG_OOB, &smp->flags)) {
1823 struct l2cap_chan *chan = hdev->smp_data;
1824 struct smp_dev *smp_dev;
1825
1826 if (!chan || !chan->data)
1827 return SMP_UNSPECIFIED;
1828
1829 smp_dev = chan->data;
1830
1831 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1832 memcpy(smp->local_sk, smp_dev->local_sk, 32);
1833 memcpy(smp->rr, smp_dev->local_rr, 16);
1834
1835 if (smp_dev->debug_key)
1836 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1837
1838 goto done;
1839 }
1840
d7a5a11d 1841 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1842 BT_DBG("Using debug keys");
1843 memcpy(smp->local_pk, debug_pk, 64);
1844 memcpy(smp->local_sk, debug_sk, 32);
1845 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1846 } else {
1847 while (true) {
1848 /* Generate local key pair for Secure Connections */
1849 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1850 return SMP_UNSPECIFIED;
6c0dcc50 1851
70157ef5
JH		 1852 /* This is unlikely, but we need to check that
1853 * we didn't accidentially generate a debug key.
1854 */
1855 if (memcmp(smp->local_sk, debug_sk, 32))
1856 break;
1857 }
6c0dcc50 1858 }
3b19146d 1859
33d0c030 1860done:
c7a3d57d
JH		 1861 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1862 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1863 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1864
1865 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1866
1867 return 0;
1868}
1869
da85e5e5 1870static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1871{
3158c50c 1872 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1873 struct l2cap_chan *chan = conn->smp;
1874 struct smp_chan *smp = chan->data;
0edb14de 1875 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1876 u8 key_size, auth;
7d24ddcc 1877 int ret;
88ba43b6
AB		 1878
1879 BT_DBG("conn %p", conn);
1880
c46b98be 1881 if (skb->len < sizeof(*rsp))
38e4a915 1882 return SMP_INVALID_PARAMS;
c46b98be 1883
40bef302 1884 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1885 return SMP_CMD_NOTSUPP;
1886
3158c50c
VCG		 1887 skb_pull(skb, sizeof(*rsp));
1888
1c1def09 1889 req = (void *) &smp->preq[1];
da85e5e5 1890
3158c50c
VCG		 1891 key_size = min(req->max_key_size, rsp->max_key_size);
1892 if (check_enc_key_size(conn, key_size))
1893 return SMP_ENC_KEY_SIZE;
1894
0edb14de 1895 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1896
d7a5a11d 1897 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1898 return SMP_AUTH_REQUIREMENTS;
1899
b5ae344d
JH		 1900 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1901 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1902
1903 /* Update remote key distribution in case the remote cleared
1904 * some bits that we had enabled in our request.
1905 */
1906 smp->remote_key_dist &= rsp->resp_key_dist;
1907
1908 /* For BR/EDR this means we're done and can start phase 3 */
1909 if (conn->hcon->type == ACL_LINK) {
1910 /* Clear bits which are generated but not distributed */
1911 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1912 smp_distribute_keys(smp);
1913 return 0;
1914 }
1915
65668776
JH		 1916 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1917 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1918 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1919 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1920
49c922bb 1921 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1922 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1923 u8 method;
1924
1925 method = get_auth_method(smp, req->io_capability,
1926 rsp->io_capability);
1927 if (method == JUST_WORKS || method == JUST_CFM)
1928 return SMP_AUTH_REQUIREMENTS;
1929 }
1930
e84a6b13 1931 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1932
fdcc4bec
JH		 1933 /* Update remote key distribution in case the remote cleared
1934 * some bits that we had enabled in our request.
1935 */
1936 smp->remote_key_dist &= rsp->resp_key_dist;
1937
3b19146d
JH		 1938 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1939 /* Clear bits which are generated but not distributed */
1940 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1941 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1942 return sc_send_public_key(smp);
1943 }
1944
c05b9339 1945 auth |= req->auth_req;
2b64d153 1946
476585ec 1947 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1948 if (ret)
1949 return SMP_UNSPECIFIED;
1950
4a74d658 1951 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1952
1953 /* Can't compose response until we have been confirmed */
4a74d658 1954 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1955 return smp_confirm(smp);
da85e5e5
VCG		 1956
1957 return 0;
88ba43b6
AB		 1958}
1959
dcee2b32
JH		 1960static u8 sc_check_confirm(struct smp_chan *smp)
1961{
1962 struct l2cap_conn *conn = smp->conn;
1963
1964 BT_DBG("");
1965
1966 /* Public Key exchange must happen before any other steps */
1967 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1968 return SMP_UNSPECIFIED;
1969
38606f14
JH		 1970 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1971 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1972
dcee2b32
JH		 1973 if (conn->hcon->out) {
1974 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1975 smp->prnd);
1976 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1977 }
1978
1979 return 0;
1980}
1981
da85e5e5 1982static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1983{
5d88cc73
JH		 1984 struct l2cap_chan *chan = conn->smp;
1985 struct smp_chan *smp = chan->data;
7d24ddcc 1986
88ba43b6
AB		 1987 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1988
c46b98be 1989 if (skb->len < sizeof(smp->pcnf))
38e4a915 1990 return SMP_INVALID_PARAMS;
c46b98be 1991
1c1def09
VCG		 1992 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1993 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1994
dcee2b32
JH		 1995 if (test_bit(SMP_FLAG_SC, &smp->flags))
1996 return sc_check_confirm(smp);
1997
b28b4943 1998 if (conn->hcon->out) {
943a732a
JH		 1999 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2000 smp->prnd);
b28b4943
JH		 2001 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2002 return 0;
2003 }
2004
2005 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2006 return smp_confirm(smp);
983f9814
MH		 2007
2008 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2009
2010 return 0;
88ba43b6
AB		 2011}
2012
da85e5e5 2013static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2014{
5d88cc73
JH		 2015 struct l2cap_chan *chan = conn->smp;
2016 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2017 struct hci_conn *hcon = conn->hcon;
2018 u8 *pkax, *pkbx, *na, *nb;
2019 u32 passkey;
2020 int err;
7d24ddcc 2021
8aab4757 2022 BT_DBG("conn %p", conn);
3158c50c 2023
c46b98be 2024 if (skb->len < sizeof(smp->rrnd))
38e4a915 2025 return SMP_INVALID_PARAMS;
c46b98be 2026
943a732a 2027 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2028 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2029
191dc7fe
JH		 2030 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2031 return smp_random(smp);
2032
580039e8
JH		 2033 if (hcon->out) {
2034 pkax = smp->local_pk;
2035 pkbx = smp->remote_pk;
2036 na = smp->prnd;
2037 nb = smp->rrnd;
2038 } else {
2039 pkax = smp->remote_pk;
2040 pkbx = smp->local_pk;
2041 na = smp->rrnd;
2042 nb = smp->prnd;
2043 }
2044
a29b0733
JH		 2045 if (smp->method == REQ_OOB) {
2046 if (!hcon->out)
2047 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2048 sizeof(smp->prnd), smp->prnd);
2049 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2050 goto mackey_and_ltk;
2051 }
2052
38606f14
JH		 2053 /* Passkey entry has special treatment */
2054 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2055 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2056
191dc7fe
JH		 2057 if (hcon->out) {
2058 u8 cfm[16];
2059
2060 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2061 smp->rrnd, 0, cfm);
2062 if (err)
2063 return SMP_UNSPECIFIED;
2064
2065 if (memcmp(smp->pcnf, cfm, 16))
2066 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2067 } else {
2068 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2069 smp->prnd);
2070 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2071 }
2072
a29b0733 2073mackey_and_ltk:
760b018b
JH		 2074 /* Generate MacKey and LTK */
2075 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2076 if (err)
2077 return SMP_UNSPECIFIED;
2078
a29b0733 2079 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2080 if (hcon->out) {
38606f14 2081 sc_dhkey_check(smp);
dddd3059
JH		 2082 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2083 }
2084 return 0;
2085 }
2086
38606f14
JH		 2087 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2088 if (err)
2089 return SMP_UNSPECIFIED;
2090
2091 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2092 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2093 if (err)
2094 return SMP_UNSPECIFIED;
2095
38606f14
JH		 2096 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2097
191dc7fe 2098 return 0;
88ba43b6
AB		 2099}
2100
f81cd823 2101static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2102{
c9839a11 2103 struct smp_ltk *key;
988c5997
VCG		 2104 struct hci_conn *hcon = conn->hcon;
2105
f3a73d97 2106 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2107 if (!key)
f81cd823 2108 return false;
988c5997 2109
a6f7833c 2110 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2111 return false;
4dab7864 2112
51a8efd7 2113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2114 return true;
988c5997 2115
c9839a11
VCG		 2116 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2117 hcon->enc_key_size = key->enc_size;
988c5997 2118
fe59a05f
JH		 2119 /* We never store STKs for master role, so clear this flag */
2120 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2121
f81cd823 2122 return true;
988c5997 2123}
f1560463 2124
35dc6f83
JH		 2125bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2126 enum smp_key_pref key_pref)
854f4727
JH		 2127{
2128 if (sec_level == BT_SECURITY_LOW)
2129 return true;
2130
35dc6f83
JH		 2131 /* If we're encrypted with an STK but the caller prefers using
2132 * LTK claim insufficient security. This way we allow the
2133 * connection to be re-encrypted with an LTK, even if the LTK
2134 * provides the same level of security. Only exception is if we
2135 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2136 */
35dc6f83
JH		 2137 if (key_pref == SMP_USE_LTK &&
2138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2139 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2140 return false;
2141
854f4727
JH		 2142 if (hcon->sec_level >= sec_level)
2143 return true;
2144
2145 return false;
2146}
2147
da85e5e5 2148static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2149{
2150 struct smp_cmd_security_req *rp = (void *) skb->data;
2151 struct smp_cmd_pairing cp;
f1cb9af5 2152 struct hci_conn *hcon = conn->hcon;
0edb14de 2153 struct hci_dev *hdev = hcon->hdev;
8aab4757 2154 struct smp_chan *smp;
c05b9339 2155 u8 sec_level, auth;
88ba43b6
AB		 2156
2157 BT_DBG("conn %p", conn);
2158
c46b98be 2159 if (skb->len < sizeof(*rp))
38e4a915 2160 return SMP_INVALID_PARAMS;
c46b98be 2161
40bef302 2162 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2163 return SMP_CMD_NOTSUPP;
2164
0edb14de 2165 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2166
d7a5a11d 2167 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2168 return SMP_AUTH_REQUIREMENTS;
2169
5be5e275 2170 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2171 sec_level = BT_SECURITY_MEDIUM;
2172 else
2173 sec_level = authreq_to_seclevel(auth);
2174
35dc6f83 2175 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2176 return 0;
2177
c7262e71
JH		 2178 if (sec_level > hcon->pending_sec_level)
2179 hcon->pending_sec_level = sec_level;
feb45eb5 2180
4dab7864 2181 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2182 return 0;
2183
8aab4757 2184 smp = smp_chan_create(conn);
c29d2444
JH		 2185 if (!smp)
2186 return SMP_UNSPECIFIED;
d26a2345 2187
d7a5a11d 2188 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2189 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2190 return SMP_PAIRING_NOTSUPP;
2191
88ba43b6 2192 skb_pull(skb, sizeof(*rp));
88ba43b6 2193
da85e5e5 2194 memset(&cp, 0, sizeof(cp));
c05b9339 2195 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2196
1c1def09
VCG		 2197 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2198 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2199
88ba43b6 2200 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2201 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2202
da85e5e5 2203 return 0;
88ba43b6
AB		 2204}
2205
cc110922 2206int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2207{
cc110922 2208 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2209 struct l2cap_chan *chan;
0a66cf20 2210 struct smp_chan *smp;
2b64d153 2211 __u8 authreq;
fc75cc86 2212 int ret;
eb492e01 2213
3a0259bb
VCG		 2214 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2215
0a66cf20
JH		 2216 /* This may be NULL if there's an unexpected disconnection */
2217 if (!conn)
2218 return 1;
2219
c68b7f12
JH		 2220 chan = conn->smp;
2221
d7a5a11d 2222 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2223 return 1;
2224
35dc6f83 2225 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2226 return 1;
f1cb9af5 2227
c7262e71
JH		 2228 if (sec_level > hcon->pending_sec_level)
2229 hcon->pending_sec_level = sec_level;
2230
40bef302 2231 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2232 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2233 return 0;
d26a2345 2234
fc75cc86
JH		 2235 l2cap_chan_lock(chan);
2236
2237 /* If SMP is already in progress ignore this request */
2238 if (chan->data) {
2239 ret = 0;
2240 goto unlock;
2241 }
d26a2345 2242
8aab4757 2243 smp = smp_chan_create(conn);
fc75cc86
JH		 2244 if (!smp) {
2245 ret = 1;
2246 goto unlock;
2247 }
2b64d153
BG		 2248
2249 authreq = seclevel_to_authreq(sec_level);
d26a2345 2250
d7a5a11d 2251 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
d2eb9e10
JH		 2252 authreq |= SMP_AUTH_SC;
2253
79897d20
JH		 2254 /* Require MITM if IO Capability allows or the security level
2255 * requires it.
2e233644 2256 */
79897d20 2257 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2258 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2259 authreq |= SMP_AUTH_MITM;
2260
40bef302 2261 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2262 struct smp_cmd_pairing cp;
f01ead31 2263
2b64d153 2264 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2265 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2266 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2267
eb492e01 2268 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2269 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2270 } else {
2271 struct smp_cmd_security_req cp;
2b64d153 2272 cp.auth_req = authreq;
eb492e01 2273 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2274 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2275 }
2276
4a74d658 2277 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2278 ret = 0;
edca792c 2279
fc75cc86
JH		 2280unlock:
2281 l2cap_chan_unlock(chan);
2282 return ret;
eb492e01
AB		 2283}
2284
7034b911
VCG		 2285static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2286{
16b90839 2287 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2288 struct l2cap_chan *chan = conn->smp;
2289 struct smp_chan *smp = chan->data;
16b90839 2290
c46b98be
JH		 2291 BT_DBG("conn %p", conn);
2292
2293 if (skb->len < sizeof(*rp))
38e4a915 2294 return SMP_INVALID_PARAMS;
c46b98be 2295
b28b4943 2296 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2297
16b90839
VCG		 2298 skb_pull(skb, sizeof(*rp));
2299
1c1def09 2300 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2301
7034b911
VCG		 2302 return 0;
2303}
2304
2305static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2306{
16b90839 2307 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2308 struct l2cap_chan *chan = conn->smp;
2309 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2310 struct hci_dev *hdev = conn->hcon->hdev;
2311 struct hci_conn *hcon = conn->hcon;
23d0e128 2312 struct smp_ltk *ltk;
c9839a11 2313 u8 authenticated;
16b90839 2314
c46b98be
JH		 2315 BT_DBG("conn %p", conn);
2316
2317 if (skb->len < sizeof(*rp))
38e4a915 2318 return SMP_INVALID_PARAMS;
c46b98be 2319
9747a9f3
JH		 2320 /* Mark the information as received */
2321 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2322
b28b4943
JH		 2323 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2324 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2325 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2326 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2327
16b90839 2328 skb_pull(skb, sizeof(*rp));
7034b911 2329
ce39fb4e 2330 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2331 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2332 authenticated, smp->tk, smp->enc_key_size,
2333 rp->ediv, rp->rand);
2334 smp->ltk = ltk;
c6e81e9a 2335 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2336 smp_distribute_keys(smp);
7034b911
VCG		 2337
2338 return 0;
2339}
2340
fd349c02
JH		 2341static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2342{
2343 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2344 struct l2cap_chan *chan = conn->smp;
2345 struct smp_chan *smp = chan->data;
fd349c02
JH		 2346
2347 BT_DBG("");
2348
2349 if (skb->len < sizeof(*info))
38e4a915 2350 return SMP_INVALID_PARAMS;
fd349c02 2351
b28b4943 2352 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2353
fd349c02
JH		 2354 skb_pull(skb, sizeof(*info));
2355
2356 memcpy(smp->irk, info->irk, 16);
2357
2358 return 0;
2359}
2360
2361static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2362 struct sk_buff *skb)
2363{
2364 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2365 struct l2cap_chan *chan = conn->smp;
2366 struct smp_chan *smp = chan->data;
fd349c02
JH		 2367 struct hci_conn *hcon = conn->hcon;
2368 bdaddr_t rpa;
2369
2370 BT_DBG("");
2371
2372 if (skb->len < sizeof(*info))
38e4a915 2373 return SMP_INVALID_PARAMS;
fd349c02 2374
9747a9f3
JH		 2375 /* Mark the information as received */
2376 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2377
b28b4943
JH		 2378 if (smp->remote_key_dist & SMP_DIST_SIGN)
2379 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2380
fd349c02
JH		 2381 skb_pull(skb, sizeof(*info));
2382
a9a58f86
JH		 2383 /* Strictly speaking the Core Specification (4.1) allows sending
2384 * an empty address which would force us to rely on just the IRK
2385 * as "identity information". However, since such
2386 * implementations are not known of and in order to not over
2387 * complicate our implementation, simply pretend that we never
2388 * received an IRK for such a device.
e12af489
JH		 2389 *
2390 * The Identity Address must also be a Static Random or Public
2391 * Address, which hci_is_identity_address() checks for.
a9a58f86 2392 */
e12af489
JH		 2393 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2394 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2395 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2396 goto distribute;
a9a58f86
JH		 2397 }
2398
fd349c02
JH		 2399 bacpy(&smp->id_addr, &info->bdaddr);
2400 smp->id_addr_type = info->addr_type;
2401
2402 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2403 bacpy(&rpa, &hcon->dst);
2404 else
2405 bacpy(&rpa, BDADDR_ANY);
2406
23d0e128
JH		 2407 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2408 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2409
31dd624e 2410distribute:
c6e81e9a
JH		 2411 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2412 smp_distribute_keys(smp);
fd349c02
JH		 2413
2414 return 0;
2415}
2416
7ee4ea36
MH		 2417static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2418{
2419 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2420 struct l2cap_chan *chan = conn->smp;
2421 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2422 struct smp_csrk *csrk;
2423
2424 BT_DBG("conn %p", conn);
2425
2426 if (skb->len < sizeof(*rp))
38e4a915 2427 return SMP_INVALID_PARAMS;
7ee4ea36 2428
7ee4ea36
MH		 2429 /* Mark the information as received */
2430 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2431
2432 skb_pull(skb, sizeof(*rp));
2433
7ee4ea36
MH		 2434 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2435 if (csrk) {
4cd3928a
JH		 2436 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2437 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2438 else
2439 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2440 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2441 }
2442 smp->csrk = csrk;
d6268e86 2443 smp_distribute_keys(smp);
7ee4ea36
MH		 2444
2445 return 0;
2446}
2447
5e3d3d9b
JH		 2448static u8 sc_select_method(struct smp_chan *smp)
2449{
2450 struct l2cap_conn *conn = smp->conn;
2451 struct hci_conn *hcon = conn->hcon;
2452 struct smp_cmd_pairing *local, *remote;
2453 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2454
a29b0733
JH		 2455 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2456 return REQ_OOB;
2457
5e3d3d9b
JH		 2458 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2459 * which are needed as inputs to some crypto functions. To get
2460 * the "struct smp_cmd_pairing" from them we need to skip the
2461 * first byte which contains the opcode.
2462 */
2463 if (hcon->out) {
2464 local = (void *) &smp->preq[1];
2465 remote = (void *) &smp->prsp[1];
2466 } else {
2467 local = (void *) &smp->prsp[1];
2468 remote = (void *) &smp->preq[1];
2469 }
2470
2471 local_io = local->io_capability;
2472 remote_io = remote->io_capability;
2473
2474 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2475 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2476
2477 /* If either side wants MITM, look up the method from the table,
2478 * otherwise use JUST WORKS.
2479 */
2480 if (local_mitm || remote_mitm)
2481 method = get_auth_method(smp, local_io, remote_io);
2482 else
2483 method = JUST_WORKS;
2484
2485 /* Don't confirm locally initiated pairing attempts */
2486 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2487 method = JUST_WORKS;
2488
2489 return method;
2490}
2491
d8f8edbe
JH		 2492static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2493{
2494 struct smp_cmd_public_key *key = (void *) skb->data;
2495 struct hci_conn *hcon = conn->hcon;
2496 struct l2cap_chan *chan = conn->smp;
2497 struct smp_chan *smp = chan->data;
5e3d3d9b 2498 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2499 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2500 int err;
2501
2502 BT_DBG("conn %p", conn);
2503
2504 if (skb->len < sizeof(*key))
2505 return SMP_INVALID_PARAMS;
2506
2507 memcpy(smp->remote_pk, key, 64);
2508
2509 /* Non-initiating device sends its public key after receiving
2510 * the key from the initiating device.
2511 */
2512 if (!hcon->out) {
2513 err = sc_send_public_key(smp);
2514 if (err)
2515 return err;
2516 }
2517
c7a3d57d
JH		 2518 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2519 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2520
2521 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2522 return SMP_UNSPECIFIED;
2523
c7a3d57d 2524 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2525
2526 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2527
5e3d3d9b
JH		 2528 smp->method = sc_select_method(smp);
2529
2530 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2531
2532 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2533 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2534 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2535 else
2536 hcon->pending_sec_level = BT_SECURITY_FIPS;
2537
aeb7d461
JH		 2538 if (!memcmp(debug_pk, smp->remote_pk, 64))
2539 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2540
38606f14
JH		 2541 if (smp->method == DSP_PASSKEY) {
2542 get_random_bytes(&hcon->passkey_notify,
2543 sizeof(hcon->passkey_notify));
2544 hcon->passkey_notify %= 1000000;
2545 hcon->passkey_entered = 0;
2546 smp->passkey_round = 0;
2547 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2548 hcon->dst_type,
2549 hcon->passkey_notify,
2550 hcon->passkey_entered))
2551 return SMP_UNSPECIFIED;
2552 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2553 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2554 }
2555
a29b0733
JH		 2556 if (smp->method == REQ_OOB) {
2557 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2558 smp->rr, 0, cfm.confirm_val);
2559 if (err)
2560 return SMP_UNSPECIFIED;
2561
2562 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2563 return SMP_CONFIRM_FAILED;
2564
2565 if (hcon->out)
2566 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2567 sizeof(smp->prnd), smp->prnd);
2568
2569 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2570
2571 return 0;
2572 }
2573
38606f14
JH		 2574 if (hcon->out)
2575 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2576
2577 if (smp->method == REQ_PASSKEY) {
2578 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2579 hcon->dst_type))
2580 return SMP_UNSPECIFIED;
2581 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2582 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2583 return 0;
2584 }
2585
cbbbe3e2
JH		 2586 /* The Initiating device waits for the non-initiating device to
2587 * send the confirm value.
2588 */
2589 if (conn->hcon->out)
2590 return 0;
2591
2592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2593 0, cfm.confirm_val);
2594 if (err)
2595 return SMP_UNSPECIFIED;
2596
2597 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2598 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2599
d8f8edbe
JH		 2600 return 0;
2601}
2602
6433a9a2
JH		 2603static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2604{
2605 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2606 struct l2cap_chan *chan = conn->smp;
2607 struct hci_conn *hcon = conn->hcon;
2608 struct smp_chan *smp = chan->data;
2609 u8 a[7], b[7], *local_addr, *remote_addr;
2610 u8 io_cap[3], r[16], e[16];
2611 int err;
2612
2613 BT_DBG("conn %p", conn);
2614
2615 if (skb->len < sizeof(*check))
2616 return SMP_INVALID_PARAMS;
2617
2618 memcpy(a, &hcon->init_addr, 6);
2619 memcpy(b, &hcon->resp_addr, 6);
2620 a[6] = hcon->init_addr_type;
2621 b[6] = hcon->resp_addr_type;
2622
2623 if (hcon->out) {
2624 local_addr = a;
2625 remote_addr = b;
2626 memcpy(io_cap, &smp->prsp[1], 3);
2627 } else {
2628 local_addr = b;
2629 remote_addr = a;
2630 memcpy(io_cap, &smp->preq[1], 3);
2631 }
2632
2633 memset(r, 0, sizeof(r));
2634
38606f14
JH		 2635 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2636 put_unaligned_le32(hcon->passkey_notify, r);
2637
6433a9a2
JH		 2638 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2639 io_cap, remote_addr, local_addr, e);
2640 if (err)
2641 return SMP_UNSPECIFIED;
2642
2643 if (memcmp(check->e, e, 16))
2644 return SMP_DHKEY_CHECK_FAILED;
2645
d3e54a87
JH		 2646 if (!hcon->out) {
2647 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2648 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2649 return 0;
2650 }
d378a2d7 2651
d3e54a87
JH		 2652 /* Slave sends DHKey check as response to master */
2653 sc_dhkey_check(smp);
2654 }
d378a2d7 2655
d3e54a87 2656 sc_add_ltk(smp);
6433a9a2
JH		 2657
2658 if (hcon->out) {
2659 hci_le_start_enc(hcon, 0, 0, smp->tk);
2660 hcon->enc_key_size = smp->enc_key_size;
2661 }
2662
2663 return 0;
2664}
2665
1408bb6e
JH		 2666static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2667 struct sk_buff *skb)
2668{
2669 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2670
2671 BT_DBG("value 0x%02x", kp->value);
2672
2673 return 0;
2674}
2675
4befb867 2676static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2677{
5d88cc73 2678 struct l2cap_conn *conn = chan->conn;
7b9899db 2679 struct hci_conn *hcon = conn->hcon;
b28b4943 2680 struct smp_chan *smp;
92381f5c 2681 __u8 code, reason;
eb492e01
AB		 2682 int err = 0;
2683
8ae9b984 2684 if (skb->len < 1)
92381f5c 2685 return -EILSEQ;
92381f5c 2686
d7a5a11d 2687 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2688 reason = SMP_PAIRING_NOTSUPP;
2689 goto done;
2690 }
2691
92381f5c 2692 code = skb->data[0];
eb492e01
AB		 2693 skb_pull(skb, sizeof(code));
2694
b28b4943
JH		 2695 smp = chan->data;
2696
2697 if (code > SMP_CMD_MAX)
2698 goto drop;
2699
24bd0bd9 2700 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2701 goto drop;
2702
2703 /* If we don't have a context the only allowed commands are
2704 * pairing request and security request.
8cf9fa12 2705 */
b28b4943
JH		 2706 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2707 goto drop;
8cf9fa12 2708
eb492e01
AB		 2709 switch (code) {
2710 case SMP_CMD_PAIRING_REQ:
da85e5e5 2711 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2712 break;
2713
2714 case SMP_CMD_PAIRING_FAIL:
84794e11 2715 smp_failure(conn, 0);
da85e5e5 2716 err = -EPERM;
eb492e01
AB		 2717 break;
2718
2719 case SMP_CMD_PAIRING_RSP:
da85e5e5 2720 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2721 break;
2722
2723 case SMP_CMD_SECURITY_REQ:
da85e5e5 2724 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2725 break;
2726
eb492e01 2727 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2728 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2729 break;
2730
eb492e01 2731 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2732 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2733 break;
2734
eb492e01 2735 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2736 reason = smp_cmd_encrypt_info(conn, skb);
2737 break;
2738
eb492e01 2739 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2740 reason = smp_cmd_master_ident(conn, skb);
2741 break;
2742
eb492e01 2743 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2744 reason = smp_cmd_ident_info(conn, skb);
2745 break;
2746
eb492e01 2747 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2748 reason = smp_cmd_ident_addr_info(conn, skb);
2749 break;
2750
eb492e01 2751 case SMP_CMD_SIGN_INFO:
7ee4ea36 2752 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2753 break;
2754
d8f8edbe
JH		 2755 case SMP_CMD_PUBLIC_KEY:
2756 reason = smp_cmd_public_key(conn, skb);
2757 break;
2758
6433a9a2
JH		 2759 case SMP_CMD_DHKEY_CHECK:
2760 reason = smp_cmd_dhkey_check(conn, skb);
2761 break;
2762
1408bb6e
JH		 2763 case SMP_CMD_KEYPRESS_NOTIFY:
2764 reason = smp_cmd_keypress_notify(conn, skb);
2765 break;
2766
eb492e01
AB		 2767 default:
2768 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2769 reason = SMP_CMD_NOTSUPP;
3a0259bb 2770 goto done;
eb492e01
AB		 2771 }
2772
3a0259bb 2773done:
9b7b18ef
JH		 2774 if (!err) {
2775 if (reason)
2776 smp_failure(conn, reason);
8ae9b984 2777 kfree_skb(skb);
9b7b18ef
JH		 2778 }
2779
eb492e01 2780 return err;
b28b4943
JH		 2781
2782drop:
2783 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2784 code, &hcon->dst);
2785 kfree_skb(skb);
2786 return 0;
eb492e01 2787}
7034b911 2788
70db83c4
JH		 2789static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2790{
2791 struct l2cap_conn *conn = chan->conn;
2792
2793 BT_DBG("chan %p", chan);
2794
fc75cc86 2795 if (chan->data)
5d88cc73 2796 smp_chan_destroy(conn);
5d88cc73 2797
70db83c4
JH		 2798 conn->smp = NULL;
2799 l2cap_chan_put(chan);
2800}
2801
b5ae344d
JH		 2802static void bredr_pairing(struct l2cap_chan *chan)
2803{
2804 struct l2cap_conn *conn = chan->conn;
2805 struct hci_conn *hcon = conn->hcon;
2806 struct hci_dev *hdev = hcon->hdev;
2807 struct smp_cmd_pairing req;
2808 struct smp_chan *smp;
2809
2810 BT_DBG("chan %p", chan);
2811
2812 /* Only new pairings are interesting */
2813 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2814 return;
2815
2816 /* Don't bother if we're not encrypted */
2817 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2818 return;
2819
2820 /* Only master may initiate SMP over BR/EDR */
2821 if (hcon->role != HCI_ROLE_MASTER)
2822 return;
2823
2824 /* Secure Connections support must be enabled */
d7a5a11d 2825 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2826 return;
2827
2828 /* BR/EDR must use Secure Connections for SMP */
2829 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2830 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2831 return;
2832
2833 /* If our LE support is not enabled don't do anything */
d7a5a11d 2834 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2835 return;
2836
2837 /* Don't bother if remote LE support is not enabled */
2838 if (!lmp_host_le_capable(hcon))
2839 return;
2840
2841 /* Remote must support SMP fixed chan for BR/EDR */
2842 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2843 return;
2844
2845 /* Don't bother if SMP is already ongoing */
2846 if (chan->data)
2847 return;
2848
2849 smp = smp_chan_create(conn);
2850 if (!smp) {
2851 BT_ERR("%s unable to create SMP context for BR/EDR",
2852 hdev->name);
2853 return;
2854 }
2855
2856 set_bit(SMP_FLAG_SC, &smp->flags);
2857
2858 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2859
2860 /* Prepare and send the BR/EDR SMP Pairing Request */
2861 build_bredr_pairing_cmd(smp, &req, NULL);
2862
2863 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2864 memcpy(&smp->preq[1], &req, sizeof(req));
2865
2866 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2867 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2868}
2869
44f1a7ab
JH		 2870static void smp_resume_cb(struct l2cap_chan *chan)
2871{
b68fda68 2872 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2873 struct l2cap_conn *conn = chan->conn;
2874 struct hci_conn *hcon = conn->hcon;
2875
2876 BT_DBG("chan %p", chan);
2877
b5ae344d
JH		 2878 if (hcon->type == ACL_LINK) {
2879 bredr_pairing(chan);
ef8efe4b 2880 return;
b5ae344d 2881 }
ef8efe4b 2882
86d1407c
JH		 2883 if (!smp)
2884 return;
b68fda68 2885
84bc0db5
JH		 2886 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2887 return;
2888
86d1407c
JH		 2889 cancel_delayed_work(&smp->security_timer);
2890
d6268e86 2891 smp_distribute_keys(smp);
44f1a7ab
JH		 2892}
2893
70db83c4
JH		 2894static void smp_ready_cb(struct l2cap_chan *chan)
2895{
2896 struct l2cap_conn *conn = chan->conn;
b5ae344d 2897 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2898
2899 BT_DBG("chan %p", chan);
2900
2901 conn->smp = chan;
2902 l2cap_chan_hold(chan);
b5ae344d
JH		 2903
2904 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2905 bredr_pairing(chan);
70db83c4
JH		 2906}
2907
4befb867
JH		 2908static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2909{
2910 int err;
2911
2912 BT_DBG("chan %p", chan);
2913
2914 err = smp_sig_channel(chan, skb);
2915 if (err) {
b68fda68 2916 struct smp_chan *smp = chan->data;
4befb867 2917
b68fda68
JH		 2918 if (smp)
2919 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2920
1e91c29e 2921 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2922 }
2923
2924 return err;
2925}
2926
70db83c4
JH		 2927static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2928 unsigned long hdr_len,
2929 unsigned long len, int nb)
2930{
2931 struct sk_buff *skb;
2932
2933 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2934 if (!skb)
2935 return ERR_PTR(-ENOMEM);
2936
2937 skb->priority = HCI_PRIO_MAX;
2938 bt_cb(skb)->chan = chan;
2939
2940 return skb;
2941}
2942
2943static const struct l2cap_ops smp_chan_ops = {
2944 .name = "Security Manager",
2945 .ready = smp_ready_cb,
5d88cc73 2946 .recv = smp_recv_cb,
70db83c4
JH		 2947 .alloc_skb = smp_alloc_skb_cb,
2948 .teardown = smp_teardown_cb,
44f1a7ab 2949 .resume = smp_resume_cb,
70db83c4
JH		 2950
2951 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2952 .state_change = l2cap_chan_no_state_change,
2953 .close = l2cap_chan_no_close,
2954 .defer = l2cap_chan_no_defer,
2955 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2956 .set_shutdown = l2cap_chan_no_set_shutdown,
2957 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2958};
2959
2960static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2961{
2962 struct l2cap_chan *chan;
2963
2964 BT_DBG("pchan %p", pchan);
2965
2966 chan = l2cap_chan_create();
2967 if (!chan)
2968 return NULL;
2969
2970 chan->chan_type = pchan->chan_type;
2971 chan->ops = &smp_chan_ops;
2972 chan->scid = pchan->scid;
2973 chan->dcid = chan->scid;
2974 chan->imtu = pchan->imtu;
2975 chan->omtu = pchan->omtu;
2976 chan->mode = pchan->mode;
2977
abe84903
JH		 2978 /* Other L2CAP channels may request SMP routines in order to
2979 * change the security level. This means that the SMP channel
2980 * lock must be considered in its own category to avoid lockdep
2981 * warnings.
2982 */
2983 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2984
70db83c4
JH		 2985 BT_DBG("created chan %p", chan);
2986
2987 return chan;
2988}
2989
2990static const struct l2cap_ops smp_root_chan_ops = {
2991 .name = "Security Manager Root",
2992 .new_connection = smp_new_conn_cb,
2993
2994 /* None of these are implemented for the root channel */
2995 .close = l2cap_chan_no_close,
2996 .alloc_skb = l2cap_chan_no_alloc_skb,
2997 .recv = l2cap_chan_no_recv,
2998 .state_change = l2cap_chan_no_state_change,
2999 .teardown = l2cap_chan_no_teardown,
3000 .ready = l2cap_chan_no_ready,
3001 .defer = l2cap_chan_no_defer,
3002 .suspend = l2cap_chan_no_suspend,
3003 .resume = l2cap_chan_no_resume,
3004 .set_shutdown = l2cap_chan_no_set_shutdown,
3005 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3006};
3007
ef8efe4b 3008static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3009{
70db83c4 3010 struct l2cap_chan *chan;
88a479d9
MH		 3011 struct smp_dev *smp;
3012 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 3013 struct crypto_hash *tfm_cmac;
70db83c4 3014
ef8efe4b 3015 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3016 smp = NULL;
ef8efe4b
JH		 3017 goto create_chan;
3018 }
711eafe3 3019
88a479d9
MH		 3020 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3021 if (!smp)
3022 return ERR_PTR(-ENOMEM);
3023
3024 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
defce9e8 3025 if (IS_ERR(tfm_aes)) {
88a479d9
MH		 3026 BT_ERR("Unable to create ECB crypto context");
3027 kzfree(smp);
fe700771 3028 return ERR_CAST(tfm_aes);
711eafe3
JH		 3029 }
3030
6e2dc6d1
MH		 3031 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3032 if (IS_ERR(tfm_cmac)) {
3033 BT_ERR("Unable to create CMAC crypto context");
3034 crypto_free_blkcipher(tfm_aes);
3035 kzfree(smp);
3036 return ERR_CAST(tfm_cmac);
3037 }
3038
88a479d9 3039 smp->tfm_aes = tfm_aes;
6e2dc6d1 3040 smp->tfm_cmac = tfm_cmac;
88a479d9 3041
ef8efe4b 3042create_chan:
70db83c4
JH		 3043 chan = l2cap_chan_create();
3044 if (!chan) {
88a479d9 3045 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1 3046 crypto_free_hash(smp->tfm_cmac);
88a479d9 3047 kzfree(smp);
ef8efe4b 3048 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3049 }
3050
88a479d9 3051 chan->data = smp;
defce9e8 3052
ef8efe4b 3053 l2cap_add_scid(chan, cid);
70db83c4
JH		 3054
3055 l2cap_chan_set_defaults(chan);
3056
157029ba 3057 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3058 u8 bdaddr_type;
3059
3060 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3061
3062 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3063 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3064 else
3065 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3066 } else {
3067 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3068 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3069 }
3070
70db83c4
JH		 3071 chan->state = BT_LISTEN;
3072 chan->mode = L2CAP_MODE_BASIC;
3073 chan->imtu = L2CAP_DEFAULT_MTU;
3074 chan->ops = &smp_root_chan_ops;
3075
abe84903
JH		 3076 /* Set correct nesting level for a parent/listening channel */
3077 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3078
ef8efe4b 3079 return chan;
711eafe3
JH		 3080}
3081
ef8efe4b 3082static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3083{
88a479d9 3084 struct smp_dev *smp;
70db83c4 3085
ef8efe4b 3086 BT_DBG("chan %p", chan);
711eafe3 3087
88a479d9
MH		 3088 smp = chan->data;
3089 if (smp) {
defce9e8 3090 chan->data = NULL;
88a479d9
MH		 3091 if (smp->tfm_aes)
3092 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1
MH		 3093 if (smp->tfm_cmac)
3094 crypto_free_hash(smp->tfm_cmac);
88a479d9 3095 kzfree(smp);
711eafe3 3096 }
70db83c4 3097
70db83c4 3098 l2cap_chan_put(chan);
711eafe3 3099}
ef8efe4b 3100
300acfde
MH		 3101static ssize_t force_bredr_smp_read(struct file *file,
3102 char __user *user_buf,
3103 size_t count, loff_t *ppos)
3104{
3105 struct hci_dev *hdev = file->private_data;
3106 char buf[3];
3107
b7cb93e5 3108 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3109 buf[1] = '\n';
3110 buf[2] = '\0';
3111 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3112}
3113
3114static ssize_t force_bredr_smp_write(struct file *file,
3115 const char __user *user_buf,
3116 size_t count, loff_t *ppos)
3117{
3118 struct hci_dev *hdev = file->private_data;
3119 char buf[32];
3120 size_t buf_size = min(count, (sizeof(buf)-1));
3121 bool enable;
3122
3123 if (copy_from_user(buf, user_buf, buf_size))
3124 return -EFAULT;
3125
3126 buf[buf_size] = '\0';
3127 if (strtobool(buf, &enable))
3128 return -EINVAL;
3129
b7cb93e5 3130 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3131 return -EALREADY;
3132
3133 if (enable) {
3134 struct l2cap_chan *chan;
3135
3136 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3137 if (IS_ERR(chan))
3138 return PTR_ERR(chan);
3139
3140 hdev->smp_bredr_data = chan;
3141 } else {
3142 struct l2cap_chan *chan;
3143
3144 chan = hdev->smp_bredr_data;
3145 hdev->smp_bredr_data = NULL;
3146 smp_del_chan(chan);
3147 }
3148
b7cb93e5 3149 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3150
3151 return count;
3152}
3153
3154static const struct file_operations force_bredr_smp_fops = {
3155 .open = simple_open,
3156 .read = force_bredr_smp_read,
3157 .write = force_bredr_smp_write,
3158 .llseek = default_llseek,
3159};
3160
ef8efe4b
JH		 3161int smp_register(struct hci_dev *hdev)
3162{
3163 struct l2cap_chan *chan;
3164
3165 BT_DBG("%s", hdev->name);
3166
7e7ec445
MH		 3167 /* If the controller does not support Low Energy operation, then
3168 * there is also no need to register any SMP channel.
3169 */
3170 if (!lmp_le_capable(hdev))
3171 return 0;
3172
2b8df323
MH		 3173 if (WARN_ON(hdev->smp_data)) {
3174 chan = hdev->smp_data;
3175 hdev->smp_data = NULL;
3176 smp_del_chan(chan);
3177 }
3178
ef8efe4b
JH		 3179 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3180 if (IS_ERR(chan))
3181 return PTR_ERR(chan);
3182
3183 hdev->smp_data = chan;
3184
300acfde
MH		 3185 /* If the controller does not support BR/EDR Secure Connections
3186 * feature, then the BR/EDR SMP channel shall not be present.
3187 *
3188 * To test this with Bluetooth 4.0 controllers, create a debugfs
3189 * switch that allows forcing BR/EDR SMP support and accepting
3190 * cross-transport pairing on non-AES encrypted connections.
3191 */
3192 if (!lmp_sc_capable(hdev)) {
3193 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3194 hdev, &force_bredr_smp_fops);
ef8efe4b 3195 return 0;
300acfde 3196 }
ef8efe4b 3197
2b8df323
MH		 3198 if (WARN_ON(hdev->smp_bredr_data)) {
3199 chan = hdev->smp_bredr_data;
3200 hdev->smp_bredr_data = NULL;
3201 smp_del_chan(chan);
3202 }
3203
ef8efe4b
JH		 3204 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3205 if (IS_ERR(chan)) {
3206 int err = PTR_ERR(chan);
3207 chan = hdev->smp_data;
3208 hdev->smp_data = NULL;
3209 smp_del_chan(chan);
3210 return err;
3211 }
3212
3213 hdev->smp_bredr_data = chan;
3214
3215 return 0;
3216}
3217
3218void smp_unregister(struct hci_dev *hdev)
3219{
3220 struct l2cap_chan *chan;
3221
3222 if (hdev->smp_bredr_data) {
3223 chan = hdev->smp_bredr_data;
3224 hdev->smp_bredr_data = NULL;
3225 smp_del_chan(chan);
3226 }
3227
3228 if (hdev->smp_data) {
3229 chan = hdev->smp_data;
3230 hdev->smp_data = NULL;
3231 smp_del_chan(chan);
3232 }
3233}
0a2b0f04
JH		 3234
3235#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3236
cfc4198e
JH		 3237static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3238{
3239 const u8 irk[16] = {
3240 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3241 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3242 const u8 r[3] = { 0x94, 0x81, 0x70 };
3243 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3244 u8 res[3];
3245 int err;
3246
3247 err = smp_ah(tfm_aes, irk, r, res);
3248 if (err)
3249 return err;
3250
3251 if (memcmp(res, exp, 3))
3252 return -EINVAL;
3253
3254 return 0;
3255}
3256
3257static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3258{
3259 const u8 k[16] = {
3260 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3261 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3262 const u8 r[16] = {
3263 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3264 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3265 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3266 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3267 const u8 _iat = 0x01;
3268 const u8 _rat = 0x00;
3269 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3270 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3271 const u8 exp[16] = {
3272 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3273 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3274 u8 res[16];
3275 int err;
3276
3277 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3278 if (err)
3279 return err;
3280
3281 if (memcmp(res, exp, 16))
3282 return -EINVAL;
3283
3284 return 0;
3285}
3286
3287static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3288{
3289 const u8 k[16] = {
3290 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3291 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3292 const u8 r1[16] = {
3293 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3294 const u8 r2[16] = {
3295 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3296 const u8 exp[16] = {
3297 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3298 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3299 u8 res[16];
3300 int err;
3301
3302 err = smp_s1(tfm_aes, k, r1, r2, res);
3303 if (err)
3304 return err;
3305
3306 if (memcmp(res, exp, 16))
3307 return -EINVAL;
3308
3309 return 0;
3310}
3311
fb2969a3
JH		 3312static int __init test_f4(struct crypto_hash *tfm_cmac)
3313{
3314 const u8 u[32] = {
3315 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3316 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3317 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3318 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3319 const u8 v[32] = {
3320 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3321 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3322 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3323 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3324 const u8 x[16] = {
3325 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3326 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3327 const u8 z = 0x00;
3328 const u8 exp[16] = {
3329 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3330 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3331 u8 res[16];
3332 int err;
3333
3334 err = smp_f4(tfm_cmac, u, v, x, z, res);
3335 if (err)
3336 return err;
3337
3338 if (memcmp(res, exp, 16))
3339 return -EINVAL;
3340
3341 return 0;
3342}
3343
3344static int __init test_f5(struct crypto_hash *tfm_cmac)
3345{
3346 const u8 w[32] = {
3347 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3348 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3349 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3350 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3351 const u8 n1[16] = {
3352 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3353 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3354 const u8 n2[16] = {
3355 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3356 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3357 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3358 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3359 const u8 exp_ltk[16] = {
3360 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3361 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3362 const u8 exp_mackey[16] = {
3363 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3364 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3365 u8 mackey[16], ltk[16];
3366 int err;
3367
3368 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3369 if (err)
3370 return err;
3371
3372 if (memcmp(mackey, exp_mackey, 16))
3373 return -EINVAL;
3374
3375 if (memcmp(ltk, exp_ltk, 16))
3376 return -EINVAL;
3377
3378 return 0;
3379}
3380
3381static int __init test_f6(struct crypto_hash *tfm_cmac)
3382{
3383 const u8 w[16] = {
3384 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3385 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3386 const u8 n1[16] = {
3387 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3388 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3389 const u8 n2[16] = {
3390 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3391 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3392 const u8 r[16] = {
3393 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3394 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3395 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3396 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3397 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3398 const u8 exp[16] = {
3399 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3400 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3401 u8 res[16];
3402 int err;
3403
3404 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3405 if (err)
3406 return err;
3407
3408 if (memcmp(res, exp, 16))
3409 return -EINVAL;
3410
3411 return 0;
3412}
3413
3414static int __init test_g2(struct crypto_hash *tfm_cmac)
3415{
3416 const u8 u[32] = {
3417 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3418 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3419 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3420 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3421 const u8 v[32] = {
3422 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3423 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3424 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3425 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3426 const u8 x[16] = {
3427 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3428 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3429 const u8 y[16] = {
3430 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3431 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3432 const u32 exp_val = 0x2f9ed5ba % 1000000;
3433 u32 val;
3434 int err;
3435
3436 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3437 if (err)
3438 return err;
3439
3440 if (val != exp_val)
3441 return -EINVAL;
3442
3443 return 0;
3444}
3445
3446static int __init test_h6(struct crypto_hash *tfm_cmac)
3447{
3448 const u8 w[16] = {
3449 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3450 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3451 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3452 const u8 exp[16] = {
3453 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3454 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3455 u8 res[16];
3456 int err;
3457
3458 err = smp_h6(tfm_cmac, w, key_id, res);
3459 if (err)
3460 return err;
3461
3462 if (memcmp(res, exp, 16))
3463 return -EINVAL;
3464
3465 return 0;
3466}
3467
0a2b0f04
JH		 3468static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3469 struct crypto_hash *tfm_cmac)
3470{
255047b0
MH		 3471 ktime_t calltime, delta, rettime;
3472 unsigned long long duration;
cfc4198e
JH		 3473 int err;
3474
255047b0
MH		 3475 calltime = ktime_get();
3476
cfc4198e
JH		 3477 err = test_ah(tfm_aes);
3478 if (err) {
3479 BT_ERR("smp_ah test failed");
3480 return err;
3481 }
3482
3483 err = test_c1(tfm_aes);
3484 if (err) {
3485 BT_ERR("smp_c1 test failed");
3486 return err;
3487 }
3488
3489 err = test_s1(tfm_aes);
3490 if (err) {
3491 BT_ERR("smp_s1 test failed");
3492 return err;
3493 }
3494
fb2969a3
JH		 3495 err = test_f4(tfm_cmac);
3496 if (err) {
3497 BT_ERR("smp_f4 test failed");
3498 return err;
3499 }
3500
3501 err = test_f5(tfm_cmac);
3502 if (err) {
3503 BT_ERR("smp_f5 test failed");
3504 return err;
3505 }
3506
3507 err = test_f6(tfm_cmac);
3508 if (err) {
3509 BT_ERR("smp_f6 test failed");
3510 return err;
3511 }
3512
3513 err = test_g2(tfm_cmac);
3514 if (err) {
3515 BT_ERR("smp_g2 test failed");
3516 return err;
3517 }
3518
3519 err = test_h6(tfm_cmac);
3520 if (err) {
3521 BT_ERR("smp_h6 test failed");
3522 return err;
3523 }
3524
255047b0
MH		 3525 rettime = ktime_get();
3526 delta = ktime_sub(rettime, calltime);
3527 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3528
5ced2464 3529 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04
JH		 3530
3531 return 0;
3532}
3533
3534int __init bt_selftest_smp(void)
3535{
3536 struct crypto_blkcipher *tfm_aes;
3537 struct crypto_hash *tfm_cmac;
3538 int err;
3539
3540 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3541 if (IS_ERR(tfm_aes)) {
3542 BT_ERR("Unable to create ECB crypto context");
3543 return PTR_ERR(tfm_aes);
3544 }
3545
3546 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3547 if (IS_ERR(tfm_cmac)) {
3548 BT_ERR("Unable to create CMAC crypto context");
3549 crypto_free_blkcipher(tfm_aes);
3550 return PTR_ERR(tfm_cmac);
3551 }
3552
3553 err = run_selftests(tfm_aes, tfm_cmac);
3554
3555 crypto_free_hash(tfm_cmac);
3556 crypto_free_blkcipher(tfm_aes);
3557
3558 return err;
3559}
3560
3561#endif
Linux kernel - Deliverables
This page took 0.413714 seconds and 5 git commands to generate.