projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'mvebu-fixes-4.5-2' of git://git.infradead.org/linux-mvebu into fixes
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
2fd36558
JH		 36#define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
38
c7a3d57d
JH		 39/* Low-level debug macros to be used for stuff that we don't want
40 * accidentially in dmesg, i.e. the values of the various crypto keys
41 * and the inputs & outputs of crypto functions.
42 */
43#ifdef DEBUG
44#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#else
47#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49#endif
50
b28b4943 51#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 52
3b19146d
JH		 53/* Keys which are not distributed with Secure Connections */
54#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
55
17b02e62 56#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 57
d7a5a11d 58#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
0edb14de
JH		 59 0x1f : 0x07)
60#define KEY_DIST_MASK 0x07
065a13e2 61
cbbbe3e2
JH		 62/* Maximum message length that can be passed to aes_cmac */
63#define CMAC_MSG_MAX 80
64
533e35d4
JH		 65enum {
66 SMP_FLAG_TK_VALID,
67 SMP_FLAG_CFM_PENDING,
68 SMP_FLAG_MITM_AUTH,
69 SMP_FLAG_COMPLETE,
70 SMP_FLAG_INITIATOR,
65668776 71 SMP_FLAG_SC,
d8f8edbe 72 SMP_FLAG_REMOTE_PK,
aeb7d461 73 SMP_FLAG_DEBUG_KEY,
38606f14 74 SMP_FLAG_WAIT_USER,
d3e54a87 75 SMP_FLAG_DHKEY_PENDING,
1a8bab4f
JH		 76 SMP_FLAG_REMOTE_OOB,
77 SMP_FLAG_LOCAL_OOB,
533e35d4 78};
4bc58f51 79
88a479d9 80struct smp_dev {
60a27d65
MH		 81 /* Secure Connections OOB data */
82 u8 local_pk[64];
83 u8 local_sk[32];
fb334fee 84 u8 local_rand[16];
60a27d65
MH		 85 bool debug_key;
86
b1f663c9 87 u8 min_key_size;
2fd36558
JH		 88 u8 max_key_size;
89
88a479d9 90 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 91 struct crypto_hash *tfm_cmac;
88a479d9
MH		 92};
93
4bc58f51 94struct smp_chan {
b68fda68
JH		 95 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
b28b4943 97 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 98
4bc58f51
JH		 99 u8 preq[7]; /* SMP Pairing Request */
100 u8 prsp[7]; /* SMP Pairing Response */
101 u8 prnd[16]; /* SMP Pairing Random (local) */
102 u8 rrnd[16]; /* SMP Pairing Random (remote) */
103 u8 pcnf[16]; /* SMP Pairing Confirm */
104 u8 tk[16]; /* SMP Temporary Key */
882fafad
JH		 105 u8 rr[16]; /* Remote OOB ra/rb value */
106 u8 lr[16]; /* Local OOB ra/rb value */
4bc58f51
JH		 107 u8 enc_key_size;
108 u8 remote_key_dist;
109 bdaddr_t id_addr;
110 u8 id_addr_type;
111 u8 irk[16];
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
114 struct smp_ltk *ltk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
6a77083a 117 u8 *link_key;
4a74d658 118 unsigned long flags;
783e0574 119 u8 method;
38606f14 120 u8 passkey_round;
6a7bd103 121
3b19146d
JH		 122 /* Secure Connections variables */
123 u8 local_pk[64];
124 u8 local_sk[32];
d8f8edbe
JH		 125 u8 remote_pk[64];
126 u8 dhkey[32];
760b018b 127 u8 mackey[16];
3b19146d 128
6a7bd103 129 struct crypto_blkcipher *tfm_aes;
407cecf6 130 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 131};
132
aeb7d461
JH		 133/* These debug key values are defined in the SMP section of the core
134 * specification. debug_pk is the public debug key and debug_sk the
135 * private debug key.
136 */
137static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
142
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
147};
148
149static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
154};
155
8a2936f4 156static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 157{
8a2936f4 158 size_t i;
d22ef0bc 159
8a2936f4
JH		 160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 162}
163
06edf8de
JH		 164/* The following functions map to the LE SC SMP crypto functions
165 * AES-CMAC, f4, f5, f6, g2 and h6.
166 */
167
cbbbe3e2
JH		 168static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
170{
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
174 int err;
175
176 if (len > CMAC_MSG_MAX)
177 return -EFBIG;
178
179 if (!tfm) {
180 BT_ERR("tfm %p", tfm);
181 return -EINVAL;
182 }
183
184 desc.tfm = tfm;
185 desc.flags = 0;
186
187 crypto_hash_init(&desc);
188
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
c7a3d57d
JH		 193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 195
196 err = crypto_hash_setkey(tfm, tmp, 16);
197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
202 sg_init_one(&sg, msg_msb, len);
203
204 err = crypto_hash_update(&desc, &sg, len);
205 if (err) {
206 BT_ERR("Hash update error %d", err);
207 return err;
208 }
209
210 err = crypto_hash_final(&desc, mac_msb);
211 if (err) {
212 BT_ERR("Hash final error %d", err);
213 return err;
214 }
215
216 swap_buf(mac_msb, mac, 16);
217
c7a3d57d 218 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 219
220 return 0;
221}
222
223static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
225{
226 u8 m[65];
227 int err;
228
c7a3d57d
JH		 229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 232
233 m[0] = z;
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
236
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
238 if (err)
239 return err;
240
c7a3d57d 241 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 242
243 return err;
244}
245
4da50de8
JH		 246static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 249{
250 /* The btle, salt and length "magic" values are as defined in
251 * the SMP section of the Bluetooth core specification. In ASCII
252 * the btle value ends up being 'btle'. The salt is just a
253 * random number whereas length is the value 256 in little
254 * endian format.
255 */
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
260 u8 m[53], t[16];
261 int err;
262
c7a3d57d
JH		 263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 266
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
268 if (err)
269 return err;
270
c7a3d57d 271 SMP_DBG("t %16phN", t);
760b018b
JH		 272
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
279
280 m[52] = 0; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
283 if (err)
284 return err;
285
c7a3d57d 286 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 287
288 m[52] = 1; /* Counter */
289
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
291 if (err)
292 return err;
293
c7a3d57d 294 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 295
296 return 0;
297}
298
299static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 300 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
302 u8 res[16])
303{
304 u8 m[65];
305 int err;
306
c7a3d57d
JH		 307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 310
311 memcpy(m, a2, 7);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
317
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
319 if (err)
320 return err;
321
203de21b 322 SMP_DBG("res %16phN", res);
760b018b
JH		 323
324 return err;
325}
326
191dc7fe
JH		 327static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
329{
330 u8 m[80], tmp[16];
331 int err;
332
c7a3d57d
JH		 333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 336
337 memcpy(m, y, 16);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
340
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
342 if (err)
343 return err;
344
345 *val = get_unaligned_le32(tmp);
346 *val %= 1000000;
347
c7a3d57d 348 SMP_DBG("val %06u", *val);
191dc7fe
JH		 349
350 return 0;
351}
352
06edf8de
JH		 353static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355{
356 int err;
357
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 SMP_DBG("res %16phN", res);
365
366 return err;
367}
368
369/* The following functions map to the legacy SMP crypto functions e, c1,
370 * s1 and ah.
371 */
372
d22ef0bc
AB		 373static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
374{
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
943a732a 377 uint8_t tmp[16], data[16];
201a5929 378 int err;
d22ef0bc 379
011c391a
JH		 380 SMP_DBG("k %16phN r %16phN", k, r);
381
7f376cd6 382 if (!tfm) {
d22ef0bc
AB		 383 BT_ERR("tfm %p", tfm);
384 return -EINVAL;
385 }
386
387 desc.tfm = tfm;
388 desc.flags = 0;
389
943a732a 390 /* The most significant octet of key corresponds to k[0] */
8a2936f4 391 swap_buf(k, tmp, 16);
943a732a
JH		 392
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 394 if (err) {
395 BT_ERR("cipher setkey failed: %d", err);
396 return err;
397 }
398
943a732a 399 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 400 swap_buf(r, data, 16);
943a732a
JH		 401
402 sg_init_one(&sg, data, 16);
d22ef0bc 403
d22ef0bc
AB		 404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
405 if (err)
406 BT_ERR("Encrypt data error %d", err);
407
943a732a 408 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 409 swap_buf(data, r, 16);
943a732a 410
011c391a
JH		 411 SMP_DBG("r %16phN", r);
412
d22ef0bc
AB		 413 return err;
414}
415
06edf8de
JH		 416static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 419{
06edf8de 420 u8 p1[16], p2[16];
6a77083a
JH		 421 int err;
422
011c391a
JH		 423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
06edf8de 427 memset(p1, 0, 16);
6a77083a 428
06edf8de
JH		 429 /* p1 = pres || preq || _rat || _iat */
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
011c391a 435 SMP_DBG("p1 %16phN", p1);
06edf8de
JH		 436
437 /* res = r XOR p1 */
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
6a77083a 444 return err;
06edf8de 445 }
6a77083a 446
011c391a
JH		 447 /* p2 = padding || ia || ra */
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
06edf8de
JH		 454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
465static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467{
468 int err;
469
470 /* Just least significant octets from r1 and r2 are considered */
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
6a77083a
JH		 477
478 return err;
479}
480
cd082797
JH		 481static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
60478054 483{
943a732a 484 u8 _res[16];
60478054
JH		 485 int err;
486
487 /* r' = padding || r */
943a732a
JH		 488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
60478054 490
943a732a 491 err = smp_e(tfm, irk, _res);
60478054
JH		 492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497 /* The output of the random address function ah is:
c5080d42 498 * ah(k, r) = e(k, r') mod 2^24
60478054
JH		 499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
501 * result of ah.
502 */
943a732a 503 memcpy(res, _res, 3);
60478054
JH		 504
505 return 0;
506}
507
cd082797
JH		 508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
60478054 510{
defce9e8 511 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 512 struct smp_dev *smp;
60478054
JH		 513 u8 hash[3];
514 int err;
515
defce9e8
JH		 516 if (!chan || !chan->data)
517 return false;
518
88a479d9 519 smp = chan->data;
defce9e8 520
60478054
JH		 521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
88a479d9 523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 524 if (err)
525 return false;
526
527 return !memcmp(bdaddr->b, hash, 3);
528}
529
cd082797 530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 531{
defce9e8 532 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 533 struct smp_dev *smp;
b1e2b3ae
JH		 534 int err;
535
defce9e8
JH		 536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
88a479d9 539 smp = chan->data;
defce9e8 540
b1e2b3ae
JH		 541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
545
88a479d9 546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
60a27d65
MH		 555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573 /* Generate local key pair for Secure Connections */
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
575 return -EIO;
576
577 /* This is unlikely, but we need to check that
578 * we didn't accidentially generate a debug key.
579 */
580 if (memcmp(smp->local_sk, debug_sk, 32))
581 break;
582 }
583 smp->debug_key = false;
584 }
585
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
589
fb334fee 590 get_random_bytes(smp->local_rand, 16);
60a27d65
MH		 591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
fb334fee 593 smp->local_rand, 0, hash);
60a27d65
MH		 594 if (err < 0)
595 return err;
596
fb334fee 597 memcpy(rand, smp->local_rand, 16);
60a27d65
MH		 598
599 return 0;
600}
601
5d88cc73 602static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 603{
5d88cc73 604 struct l2cap_chan *chan = conn->smp;
b68fda68 605 struct smp_chan *smp;
5d88cc73
JH		 606 struct kvec iv[2];
607 struct msghdr msg;
eb492e01 608
5d88cc73
JH		 609 if (!chan)
610 return;
eb492e01 611
5d88cc73 612 BT_DBG("code 0x%2.2x", code);
eb492e01 613
5d88cc73
JH		 614 iv[0].iov_base = &code;
615 iv[0].iov_len = 1;
eb492e01 616
5d88cc73
JH		 617 iv[1].iov_base = data;
618 iv[1].iov_len = len;
eb492e01 619
5d88cc73 620 memset(&msg, 0, sizeof(msg));
eb492e01 621
17836394 622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 623
5d88cc73 624 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 625
b68fda68
JH		 626 if (!chan->data)
627 return;
628
629 smp = chan->data;
630
631 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 633}
634
d2eb9e10 635static u8 authreq_to_seclevel(u8 authreq)
2b64d153 636{
d2eb9e10
JH		 637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
640 else
641 return BT_SECURITY_HIGH;
642 } else {
2b64d153 643 return BT_SECURITY_MEDIUM;
d2eb9e10 644 }
2b64d153
BG		 645}
646
647static __u8 seclevel_to_authreq(__u8 sec_level)
648{
649 switch (sec_level) {
d2eb9e10 650 case BT_SECURITY_FIPS:
2b64d153
BG		 651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
655 default:
656 return SMP_AUTH_NONE;
657 }
658}
659
b8e66eac 660static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 663{
5d88cc73
JH		 664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
fd349c02
JH		 666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
02b05bd8 668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 673 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 674 } else {
675 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 676 }
677
d7a5a11d 678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 679 remote_dist |= SMP_DIST_ID_KEY;
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 682 local_dist |= SMP_DIST_ID_KEY;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
687 u8 bdaddr_type;
688
d7a5a11d 689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
692 }
02b05bd8
JH		 693
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
696 else
697 bdaddr_type = BDADDR_LE_RANDOM;
698
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
700 bdaddr_type);
4775a4ea 701 if (oob_data && oob_data->present) {
1a8bab4f 702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
02b05bd8 703 oob_flag = SMP_OOB_PRESENT;
a29b0733 704 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8 705 memcpy(smp->pcnf, oob_data->hash256, 16);
bc07cd69
MH		 706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
02b05bd8
JH		 708 }
709
df8e1a4c
JH		 710 } else {
711 authreq &= ~SMP_AUTH_SC;
712 }
713
54790f73
VCG		 714 if (rsp == NULL) {
715 req->io_capability = conn->hcon->io_capability;
02b05bd8 716 req->oob_flag = oob_flag;
2fd36558 717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
0edb14de 720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 721
722 smp->remote_key_dist = remote_dist;
54790f73
VCG		 723 return;
724 }
725
726 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 727 rsp->oob_flag = oob_flag;
2fd36558 728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 732
733 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 734}
735
3158c50c
VCG		 736static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
737{
5d88cc73 738 struct l2cap_chan *chan = conn->smp;
2fd36558 739 struct hci_dev *hdev = conn->hcon->hdev;
5d88cc73 740 struct smp_chan *smp = chan->data;
1c1def09 741
2fd36558
JH		 742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
3158c50c
VCG		 744 return SMP_ENC_KEY_SIZE;
745
f7aa611a 746 smp->enc_key_size = max_key_size;
3158c50c
VCG		 747
748 return 0;
749}
750
6f48e260
JH		 751static void smp_chan_destroy(struct l2cap_conn *conn)
752{
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
923e2414 755 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 756 bool complete;
757
758 BUG_ON(!smp);
759
760 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 761
6f48e260 762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 763 mgmt_smp_complete(hcon, complete);
6f48e260 764
276812ec
MH		 765 kzfree(smp->csrk);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
6f48e260
JH		 768
769 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 770 crypto_free_hash(smp->tfm_cmac);
6f48e260 771
923e2414
JH		 772 /* Ensure that we don't leave any debug key around if debug key
773 * support hasn't been explicitly enabled.
774 */
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
779 smp->ltk = NULL;
780 }
781
6f48e260
JH		 782 /* If pairing failed clean up any keys we might have */
783 if (!complete) {
784 if (smp->ltk) {
970d0f1b
JH		 785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 787 }
788
789 if (smp->slave_ltk) {
970d0f1b
JH		 790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 792 }
793
794 if (smp->remote_irk) {
adae20cb
JH		 795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 797 }
798 }
799
800 chan->data = NULL;
276812ec 801 kzfree(smp);
923e2414 802 hci_conn_drop(hcon);
6f48e260
JH		 803}
804
84794e11 805static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 806{
bab73cb6 807 struct hci_conn *hcon = conn->hcon;
b68fda68 808 struct l2cap_chan *chan = conn->smp;
bab73cb6 809
84794e11 810 if (reason)
4f957a76 811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 812 &reason);
4f957a76 813
e1e930f5 814 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 815
fc75cc86 816 if (chan->data)
f1c09c07 817 smp_chan_destroy(conn);
4f957a76
BG		 818}
819
2b64d153
BG		 820#define JUST_WORKS 0x00
821#define JUST_CFM 0x01
822#define REQ_PASSKEY 0x02
823#define CFM_PASSKEY 0x03
824#define REQ_OOB 0x04
5e3d3d9b 825#define DSP_PASSKEY 0x05
2b64d153
BG		 826#define OVERLAP 0xFF
827
828static const u8 gen_method[5][5] = {
829 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
832 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
833 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
834};
835
5e3d3d9b
JH		 836static const u8 sc_method[5][5] = {
837 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
838 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
839 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
840 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
841 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842};
843
581370cc
JH		 844static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
845{
2bcd4003
JH		 846 /* If either side has unknown io_caps, use JUST_CFM (which gets
847 * converted later to JUST_WORKS if we're initiators.
848 */
581370cc
JH		 849 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
850 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 851 return JUST_CFM;
581370cc 852
5e3d3d9b
JH		 853 if (test_bit(SMP_FLAG_SC, &smp->flags))
854 return sc_method[remote_io][local_io];
855
581370cc
JH		 856 return gen_method[remote_io][local_io];
857}
858
2b64d153
BG		 859static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
860 u8 local_io, u8 remote_io)
861{
862 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 863 struct l2cap_chan *chan = conn->smp;
864 struct smp_chan *smp = chan->data;
2b64d153
BG		 865 u32 passkey = 0;
866 int ret = 0;
867
868 /* Initialize key for JUST WORKS */
869 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 870 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 871
872 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
873
2bcd4003
JH		 874 /* If neither side wants MITM, either "just" confirm an incoming
875 * request or use just-works for outgoing ones. The JUST_CFM
876 * will be converted to JUST_WORKS if necessary later in this
877 * function. If either side has MITM look up the method from the
878 * table.
879 */
581370cc 880 if (!(auth & SMP_AUTH_MITM))
783e0574 881 smp->method = JUST_CFM;
2b64d153 882 else
783e0574 883 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 884
a82505c7 885 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 886 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
887 &smp->flags))
888 smp->method = JUST_WORKS;
a82505c7 889
02f3e254 890 /* Don't bother user space with no IO capabilities */
783e0574
JH		 891 if (smp->method == JUST_CFM &&
892 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
893 smp->method = JUST_WORKS;
02f3e254 894
2b64d153 895 /* If Just Works, Continue with Zero TK */
783e0574 896 if (smp->method == JUST_WORKS) {
4a74d658 897 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 898 return 0;
899 }
900
19c5ce9c
JH		 901 /* If this function is used for SC -> legacy fallback we
902 * can only recover the just-works case.
903 */
904 if (test_bit(SMP_FLAG_SC, &smp->flags))
905 return -EINVAL;
906
2b64d153 907 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 908 if (smp->method != JUST_CFM) {
4a74d658 909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 910 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
911 hcon->pending_sec_level = BT_SECURITY_HIGH;
912 }
2b64d153
BG		 913
914 /* If both devices have Keyoard-Display I/O, the master
915 * Confirms and the slave Enters the passkey.
916 */
783e0574 917 if (smp->method == OVERLAP) {
40bef302 918 if (hcon->role == HCI_ROLE_MASTER)
783e0574 919 smp->method = CFM_PASSKEY;
2b64d153 920 else
783e0574 921 smp->method = REQ_PASSKEY;
2b64d153
BG		 922 }
923
01ad34d2 924 /* Generate random passkey. */
783e0574 925 if (smp->method == CFM_PASSKEY) {
943a732a 926 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 927 get_random_bytes(&passkey, sizeof(passkey));
928 passkey %= 1000000;
943a732a 929 put_unaligned_le32(passkey, smp->tk);
2b64d153 930 BT_DBG("PassKey: %d", passkey);
4a74d658 931 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 932 }
933
783e0574 934 if (smp->method == REQ_PASSKEY)
ce39fb4e 935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 936 hcon->type, hcon->dst_type);
783e0574 937 else if (smp->method == JUST_CFM)
4eb65e66
JH		 938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type,
940 passkey, 1);
2b64d153 941 else
01ad34d2 942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 943 hcon->type, hcon->dst_type,
39adbffe 944 passkey, 0);
2b64d153 945
2b64d153
BG		 946 return ret;
947}
948
1cc61144 949static u8 smp_confirm(struct smp_chan *smp)
8aab4757 950{
8aab4757 951 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 952 struct smp_cmd_pairing_confirm cp;
953 int ret;
8aab4757
VCG		 954
955 BT_DBG("conn %p", conn);
956
e491eaf3 957 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 958 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
960 cp.confirm_val);
1cc61144
JH		 961 if (ret)
962 return SMP_UNSPECIFIED;
8aab4757 963
4a74d658 964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 965
8aab4757
VCG		 966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
967
b28b4943
JH		 968 if (conn->hcon->out)
969 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
970 else
971 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
972
1cc61144 973 return 0;
8aab4757
VCG		 974}
975
861580a9 976static u8 smp_random(struct smp_chan *smp)
8aab4757 977{
8aab4757
VCG		 978 struct l2cap_conn *conn = smp->conn;
979 struct hci_conn *hcon = conn->hcon;
861580a9 980 u8 confirm[16];
8aab4757
VCG		 981 int ret;
982
ec70f36f 983 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 984 return SMP_UNSPECIFIED;
8aab4757
VCG		 985
986 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
987
e491eaf3 988 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 989 hcon->init_addr_type, &hcon->init_addr,
943a732a 990 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 991 if (ret)
992 return SMP_UNSPECIFIED;
8aab4757 993
8aab4757
VCG		 994 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
995 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 996 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 997 }
998
999 if (hcon->out) {
fe39c7b2
MH		 1000 u8 stk[16];
1001 __le64 rand = 0;
1002 __le16 ediv = 0;
8aab4757 1003
e491eaf3 1004 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 1005
861580a9
JH		 1006 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1007 return SMP_UNSPECIFIED;
8aab4757 1008
8b76ce34 1009 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
f7aa611a 1010 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 1011 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 1012 } else {
fff3490f 1013 u8 stk[16], auth;
fe39c7b2
MH		 1014 __le64 rand = 0;
1015 __le16 ediv = 0;
8aab4757 1016
943a732a
JH		 1017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1018 smp->prnd);
8aab4757 1019
e491eaf3 1020 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 1021
fff3490f
JH		 1022 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1023 auth = 1;
1024 else
1025 auth = 0;
1026
7d5843b7
JH		 1027 /* Even though there's no _SLAVE suffix this is the
1028 * slave STK we're adding for later lookup (the master
1029 * STK never needs to be stored).
1030 */
ce39fb4e 1031 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1032 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1033 }
1034
861580a9 1035 return 0;
8aab4757
VCG		 1036}
1037
44f1a7ab
JH		 1038static void smp_notify_keys(struct l2cap_conn *conn)
1039{
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042 struct hci_conn *hcon = conn->hcon;
1043 struct hci_dev *hdev = hcon->hdev;
1044 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1045 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1046 bool persistent;
1047
cad20c27
JH		 1048 if (hcon->type == ACL_LINK) {
1049 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1050 persistent = false;
1051 else
1052 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1053 &hcon->flags);
1054 } else {
1055 /* The LTKs, IRKs and CSRKs should be persistent only if
1056 * both sides had the bonding bit set in their
1057 * authentication requests.
1058 */
1059 persistent = !!((req->auth_req & rsp->auth_req) &
1060 SMP_AUTH_BONDING);
1061 }
1062
44f1a7ab 1063 if (smp->remote_irk) {
cad20c27
JH		 1064 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1065
44f1a7ab
JH		 1066 /* Now that user space can be considered to know the
1067 * identity address track the connection based on it
b5ae344d 1068 * from now on (assuming this is an LE link).
44f1a7ab 1069 */
b5ae344d
JH		 1070 if (hcon->type == LE_LINK) {
1071 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1072 hcon->dst_type = smp->remote_irk->addr_type;
1073 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1074 }
44f1a7ab
JH		 1075 }
1076
44f1a7ab
JH		 1077 if (smp->csrk) {
1078 smp->csrk->bdaddr_type = hcon->dst_type;
1079 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1080 mgmt_new_csrk(hdev, smp->csrk, persistent);
1081 }
1082
1083 if (smp->slave_csrk) {
1084 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1085 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1086 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1087 }
1088
1089 if (smp->ltk) {
1090 smp->ltk->bdaddr_type = hcon->dst_type;
1091 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1092 mgmt_new_ltk(hdev, smp->ltk, persistent);
1093 }
1094
1095 if (smp->slave_ltk) {
1096 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1097 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1098 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1099 }
6a77083a
JH		 1100
1101 if (smp->link_key) {
e3befab9
JH		 1102 struct link_key *key;
1103 u8 type;
1104
1105 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1106 type = HCI_LK_DEBUG_COMBINATION;
1107 else if (hcon->sec_level == BT_SECURITY_FIPS)
1108 type = HCI_LK_AUTH_COMBINATION_P256;
1109 else
1110 type = HCI_LK_UNAUTH_COMBINATION_P256;
1111
1112 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1113 smp->link_key, type, 0, &persistent);
1114 if (key) {
1115 mgmt_new_link_key(hdev, key, persistent);
1116
1117 /* Don't keep debug keys around if the relevant
1118 * flag is not set.
1119 */
d7a5a11d 1120 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1121 key->type == HCI_LK_DEBUG_COMBINATION) {
1122 list_del_rcu(&key->list);
1123 kfree_rcu(key, rcu);
1124 }
1125 }
6a77083a
JH		 1126 }
1127}
1128
d3e54a87
JH		 1129static void sc_add_ltk(struct smp_chan *smp)
1130{
1131 struct hci_conn *hcon = smp->conn->hcon;
1132 u8 key_type, auth;
1133
1134 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1135 key_type = SMP_LTK_P256_DEBUG;
1136 else
1137 key_type = SMP_LTK_P256;
1138
1139 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1140 auth = 1;
1141 else
1142 auth = 0;
1143
d3e54a87
JH		 1144 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1145 key_type, auth, smp->tk, smp->enc_key_size,
1146 0, 0);
1147}
1148
6a77083a
JH		 1149static void sc_generate_link_key(struct smp_chan *smp)
1150{
1151 /* These constants are as specified in the core specification.
1152 * In ASCII they spell out to 'tmp1' and 'lebr'.
1153 */
1154 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
1161 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
276812ec 1162 kzfree(smp->link_key);
6a77083a
JH		 1163 smp->link_key = NULL;
1164 return;
1165 }
1166
1167 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1168 kzfree(smp->link_key);
6a77083a
JH		 1169 smp->link_key = NULL;
1170 return;
1171 }
44f1a7ab
JH		 1172}
1173
b28b4943
JH		 1174static void smp_allow_key_dist(struct smp_chan *smp)
1175{
1176 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1177 * will be allowed in each PDU handler to ensure we receive
1178 * them in the correct order.
1179 */
1180 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1182 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1183 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1184 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1185 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1186}
1187
b5ae344d
JH		 1188static void sc_generate_ltk(struct smp_chan *smp)
1189{
1190 /* These constants are as specified in the core specification.
1191 * In ASCII they spell out to 'tmp2' and 'brle'.
1192 */
1193 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1194 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1195 struct hci_conn *hcon = smp->conn->hcon;
1196 struct hci_dev *hdev = hcon->hdev;
1197 struct link_key *key;
1198
1199 key = hci_find_link_key(hdev, &hcon->dst);
1200 if (!key) {
1201 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1202 return;
1203 }
1204
1205 if (key->type == HCI_LK_DEBUG_COMBINATION)
1206 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1207
1208 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1209 return;
1210
1211 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1212 return;
1213
1214 sc_add_ltk(smp);
1215}
1216
d6268e86 1217static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1218{
1219 struct smp_cmd_pairing *req, *rsp;
86d1407c 1220 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1221 struct hci_conn *hcon = conn->hcon;
1222 struct hci_dev *hdev = hcon->hdev;
1223 __u8 *keydist;
1224
1225 BT_DBG("conn %p", conn);
1226
44f1a7ab
JH		 1227 rsp = (void *) &smp->prsp[1];
1228
1229 /* The responder sends its keys first */
b28b4943
JH		 1230 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1231 smp_allow_key_dist(smp);
86d1407c 1232 return;
b28b4943 1233 }
44f1a7ab
JH		 1234
1235 req = (void *) &smp->preq[1];
1236
1237 if (hcon->out) {
1238 keydist = &rsp->init_key_dist;
1239 *keydist &= req->init_key_dist;
1240 } else {
1241 keydist = &rsp->resp_key_dist;
1242 *keydist &= req->resp_key_dist;
1243 }
1244
6a77083a 1245 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1246 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1247 sc_generate_link_key(smp);
b5ae344d
JH		 1248 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1249 sc_generate_ltk(smp);
6a77083a
JH		 1250
1251 /* Clear the keys which are generated but not distributed */
1252 *keydist &= ~SMP_SC_NO_DIST;
1253 }
1254
44f1a7ab
JH		 1255 BT_DBG("keydist 0x%x", *keydist);
1256
1257 if (*keydist & SMP_DIST_ENC_KEY) {
1258 struct smp_cmd_encrypt_info enc;
1259 struct smp_cmd_master_ident ident;
1260 struct smp_ltk *ltk;
1261 u8 authenticated;
1262 __le16 ediv;
1263 __le64 rand;
1264
1fc62c52
JH		 1265 /* Make sure we generate only the significant amount of
1266 * bytes based on the encryption key size, and set the rest
1267 * of the value to zeroes.
1268 */
1269 get_random_bytes(enc.ltk, smp->enc_key_size);
1270 memset(enc.ltk + smp->enc_key_size, 0,
1271 sizeof(enc.ltk) - smp->enc_key_size);
1272
44f1a7ab
JH		 1273 get_random_bytes(&ediv, sizeof(ediv));
1274 get_random_bytes(&rand, sizeof(rand));
1275
1276 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1277
1278 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1279 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1280 SMP_LTK_SLAVE, authenticated, enc.ltk,
1281 smp->enc_key_size, ediv, rand);
1282 smp->slave_ltk = ltk;
1283
1284 ident.ediv = ediv;
1285 ident.rand = rand;
1286
1287 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1288
1289 *keydist &= ~SMP_DIST_ENC_KEY;
1290 }
1291
1292 if (*keydist & SMP_DIST_ID_KEY) {
1293 struct smp_cmd_ident_addr_info addrinfo;
1294 struct smp_cmd_ident_info idinfo;
1295
1296 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1297
1298 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1299
1300 /* The hci_conn contains the local identity address
1301 * after the connection has been established.
1302 *
1303 * This is true even when the connection has been
1304 * established using a resolvable random address.
1305 */
1306 bacpy(&addrinfo.bdaddr, &hcon->src);
1307 addrinfo.addr_type = hcon->src_type;
1308
1309 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1310 &addrinfo);
1311
1312 *keydist &= ~SMP_DIST_ID_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_SIGN) {
1316 struct smp_cmd_sign_info sign;
1317 struct smp_csrk *csrk;
1318
1319 /* Generate a new random key */
1320 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1321
1322 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1323 if (csrk) {
4cd3928a
JH		 1324 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1325 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1326 else
1327 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1328 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1329 }
1330 smp->slave_csrk = csrk;
1331
1332 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1333
1334 *keydist &= ~SMP_DIST_SIGN;
1335 }
1336
1337 /* If there are still keys to be received wait for them */
b28b4943
JH		 1338 if (smp->remote_key_dist & KEY_DIST_MASK) {
1339 smp_allow_key_dist(smp);
86d1407c 1340 return;
b28b4943 1341 }
44f1a7ab 1342
44f1a7ab
JH		 1343 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1344 smp_notify_keys(conn);
1345
1346 smp_chan_destroy(conn);
44f1a7ab
JH		 1347}
1348
b68fda68
JH		 1349static void smp_timeout(struct work_struct *work)
1350{
1351 struct smp_chan *smp = container_of(work, struct smp_chan,
1352 security_timer.work);
1353 struct l2cap_conn *conn = smp->conn;
1354
1355 BT_DBG("conn %p", conn);
1356
1e91c29e 1357 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1358}
1359
8aab4757
VCG		 1360static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1361{
5d88cc73 1362 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1363 struct smp_chan *smp;
1364
f1560463 1365 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1366 if (!smp)
8aab4757
VCG		 1367 return NULL;
1368
6a7bd103
JH		 1369 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1370 if (IS_ERR(smp->tfm_aes)) {
1371 BT_ERR("Unable to create ECB crypto context");
276812ec 1372 kzfree(smp);
6a7bd103
JH		 1373 return NULL;
1374 }
1375
407cecf6
JH		 1376 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1377 if (IS_ERR(smp->tfm_cmac)) {
1378 BT_ERR("Unable to create CMAC crypto context");
1379 crypto_free_blkcipher(smp->tfm_aes);
276812ec 1380 kzfree(smp);
407cecf6
JH		 1381 return NULL;
1382 }
1383
8aab4757 1384 smp->conn = conn;
5d88cc73 1385 chan->data = smp;
8aab4757 1386
b28b4943
JH		 1387 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1388
b68fda68
JH		 1389 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1390
8aab4757
VCG		 1391 hci_conn_hold(conn->hcon);
1392
1393 return smp;
1394}
1395
760b018b
JH		 1396static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1397{
1398 struct hci_conn *hcon = smp->conn->hcon;
1399 u8 *na, *nb, a[7], b[7];
1400
1401 if (hcon->out) {
1402 na = smp->prnd;
1403 nb = smp->rrnd;
1404 } else {
1405 na = smp->rrnd;
1406 nb = smp->prnd;
1407 }
1408
1409 memcpy(a, &hcon->init_addr, 6);
1410 memcpy(b, &hcon->resp_addr, 6);
1411 a[6] = hcon->init_addr_type;
1412 b[6] = hcon->resp_addr_type;
1413
1414 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1415}
1416
38606f14 1417static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1418{
1419 struct hci_conn *hcon = smp->conn->hcon;
1420 struct smp_cmd_dhkey_check check;
1421 u8 a[7], b[7], *local_addr, *remote_addr;
1422 u8 io_cap[3], r[16];
1423
760b018b
JH		 1424 memcpy(a, &hcon->init_addr, 6);
1425 memcpy(b, &hcon->resp_addr, 6);
1426 a[6] = hcon->init_addr_type;
1427 b[6] = hcon->resp_addr_type;
1428
1429 if (hcon->out) {
1430 local_addr = a;
1431 remote_addr = b;
1432 memcpy(io_cap, &smp->preq[1], 3);
1433 } else {
1434 local_addr = b;
1435 remote_addr = a;
1436 memcpy(io_cap, &smp->prsp[1], 3);
1437 }
1438
dddd3059
JH		 1439 memset(r, 0, sizeof(r));
1440
1441 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1442 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1443
a29b0733
JH		 1444 if (smp->method == REQ_OOB)
1445 memcpy(r, smp->rr, 16);
1446
760b018b
JH		 1447 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1448 local_addr, remote_addr, check.e);
1449
1450 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1451}
1452
38606f14
JH		 1453static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1454{
1455 struct l2cap_conn *conn = smp->conn;
1456 struct hci_conn *hcon = conn->hcon;
1457 struct smp_cmd_pairing_confirm cfm;
1458 u8 r;
1459
1460 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1461 r |= 0x80;
1462
1463 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1464
1465 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1466 cfm.confirm_val))
1467 return SMP_UNSPECIFIED;
1468
1469 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1470
1471 return 0;
1472}
1473
1474static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1475{
1476 struct l2cap_conn *conn = smp->conn;
1477 struct hci_conn *hcon = conn->hcon;
1478 struct hci_dev *hdev = hcon->hdev;
1479 u8 cfm[16], r;
1480
1481 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1482 if (smp->passkey_round >= 20)
1483 return 0;
1484
1485 switch (smp_op) {
1486 case SMP_CMD_PAIRING_RANDOM:
1487 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1488 r |= 0x80;
1489
1490 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1491 smp->rrnd, r, cfm))
1492 return SMP_UNSPECIFIED;
1493
1494 if (memcmp(smp->pcnf, cfm, 16))
1495 return SMP_CONFIRM_FAILED;
1496
1497 smp->passkey_round++;
1498
1499 if (smp->passkey_round == 20) {
1500 /* Generate MacKey and LTK */
1501 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1502 return SMP_UNSPECIFIED;
1503 }
1504
1505 /* The round is only complete when the initiator
1506 * receives pairing random.
1507 */
1508 if (!hcon->out) {
1509 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1510 sizeof(smp->prnd), smp->prnd);
d3e54a87 1511 if (smp->passkey_round == 20)
38606f14 1512 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1513 else
38606f14 1514 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1515 return 0;
1516 }
1517
1518 /* Start the next round */
1519 if (smp->passkey_round != 20)
1520 return sc_passkey_round(smp, 0);
1521
1522 /* Passkey rounds are complete - start DHKey Check */
1523 sc_dhkey_check(smp);
1524 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1525
1526 break;
1527
1528 case SMP_CMD_PAIRING_CONFIRM:
1529 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1530 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1531 return 0;
1532 }
1533
1534 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1535
1536 if (hcon->out) {
1537 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1538 sizeof(smp->prnd), smp->prnd);
1539 return 0;
1540 }
1541
1542 return sc_passkey_send_confirm(smp);
1543
1544 case SMP_CMD_PUBLIC_KEY:
1545 default:
1546 /* Initiating device starts the round */
1547 if (!hcon->out)
1548 return 0;
1549
1550 BT_DBG("%s Starting passkey round %u", hdev->name,
1551 smp->passkey_round + 1);
1552
1553 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1554
1555 return sc_passkey_send_confirm(smp);
1556 }
1557
1558 return 0;
1559}
1560
dddd3059
JH		 1561static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1562{
38606f14
JH		 1563 struct l2cap_conn *conn = smp->conn;
1564 struct hci_conn *hcon = conn->hcon;
1565 u8 smp_op;
1566
1567 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1568
dddd3059
JH		 1569 switch (mgmt_op) {
1570 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1571 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1572 return 0;
1573 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1574 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1575 return 0;
38606f14
JH		 1576 case MGMT_OP_USER_PASSKEY_REPLY:
1577 hcon->passkey_notify = le32_to_cpu(passkey);
1578 smp->passkey_round = 0;
1579
1580 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1581 smp_op = SMP_CMD_PAIRING_CONFIRM;
1582 else
1583 smp_op = 0;
1584
1585 if (sc_passkey_round(smp, smp_op))
1586 return -EIO;
1587
1588 return 0;
dddd3059
JH		 1589 }
1590
d3e54a87
JH		 1591 /* Initiator sends DHKey check first */
1592 if (hcon->out) {
1593 sc_dhkey_check(smp);
1594 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1595 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1596 sc_dhkey_check(smp);
1597 sc_add_ltk(smp);
1598 }
760b018b
JH		 1599
1600 return 0;
1601}
1602
2b64d153
BG		 1603int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1604{
b10e8017 1605 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1606 struct l2cap_chan *chan;
2b64d153
BG		 1607 struct smp_chan *smp;
1608 u32 value;
fc75cc86 1609 int err;
2b64d153
BG		 1610
1611 BT_DBG("");
1612
fc75cc86 1613 if (!conn)
2b64d153
BG		 1614 return -ENOTCONN;
1615
5d88cc73
JH		 1616 chan = conn->smp;
1617 if (!chan)
1618 return -ENOTCONN;
1619
fc75cc86
JH		 1620 l2cap_chan_lock(chan);
1621 if (!chan->data) {
1622 err = -ENOTCONN;
1623 goto unlock;
1624 }
1625
5d88cc73 1626 smp = chan->data;
2b64d153 1627
760b018b
JH		 1628 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1629 err = sc_user_reply(smp, mgmt_op, passkey);
1630 goto unlock;
1631 }
1632
2b64d153
BG		 1633 switch (mgmt_op) {
1634 case MGMT_OP_USER_PASSKEY_REPLY:
1635 value = le32_to_cpu(passkey);
943a732a 1636 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1637 BT_DBG("PassKey: %d", value);
943a732a 1638 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1639 /* Fall Through */
1640 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1641 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1642 break;
1643 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1644 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1645 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1646 err = 0;
1647 goto unlock;
2b64d153 1648 default:
84794e11 1649 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1650 err = -EOPNOTSUPP;
1651 goto unlock;
2b64d153
BG		 1652 }
1653
fc75cc86
JH		 1654 err = 0;
1655
2b64d153 1656 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1657 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1658 u8 rsp = smp_confirm(smp);
1659 if (rsp)
1660 smp_failure(conn, rsp);
1661 }
2b64d153 1662
fc75cc86
JH		 1663unlock:
1664 l2cap_chan_unlock(chan);
1665 return err;
2b64d153
BG		 1666}
1667
b5ae344d
JH		 1668static void build_bredr_pairing_cmd(struct smp_chan *smp,
1669 struct smp_cmd_pairing *req,
1670 struct smp_cmd_pairing *rsp)
1671{
1672 struct l2cap_conn *conn = smp->conn;
1673 struct hci_dev *hdev = conn->hcon->hdev;
1674 u8 local_dist = 0, remote_dist = 0;
1675
d7a5a11d 1676 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1677 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1678 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1679 }
1680
d7a5a11d 1681 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1682 remote_dist |= SMP_DIST_ID_KEY;
1683
d7a5a11d 1684 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1685 local_dist |= SMP_DIST_ID_KEY;
1686
1687 if (!rsp) {
1688 memset(req, 0, sizeof(*req));
1689
1690 req->init_key_dist = local_dist;
1691 req->resp_key_dist = remote_dist;
e3f6a257 1692 req->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1693
1694 smp->remote_key_dist = remote_dist;
1695
1696 return;
1697 }
1698
1699 memset(rsp, 0, sizeof(*rsp));
1700
e3f6a257 1701 rsp->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1702 rsp->init_key_dist = req->init_key_dist & remote_dist;
1703 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1704
1705 smp->remote_key_dist = rsp->init_key_dist;
1706}
1707
da85e5e5 1708static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1709{
3158c50c 1710 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1711 struct l2cap_chan *chan = conn->smp;
b3c6410b 1712 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1713 struct smp_chan *smp;
c7262e71 1714 u8 key_size, auth, sec_level;
8aab4757 1715 int ret;
88ba43b6
AB		 1716
1717 BT_DBG("conn %p", conn);
1718
c46b98be 1719 if (skb->len < sizeof(*req))
38e4a915 1720 return SMP_INVALID_PARAMS;
c46b98be 1721
40bef302 1722 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1723 return SMP_CMD_NOTSUPP;
1724
fc75cc86 1725 if (!chan->data)
8aab4757 1726 smp = smp_chan_create(conn);
fc75cc86 1727 else
5d88cc73 1728 smp = chan->data;
8aab4757 1729
d08fd0e7
AE		 1730 if (!smp)
1731 return SMP_UNSPECIFIED;
d26a2345 1732
c05b9339 1733 /* We didn't start the pairing, so match remote */
0edb14de 1734 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1735
d7a5a11d 1736 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1737 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1738 return SMP_PAIRING_NOTSUPP;
1739
d7a5a11d 1740 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1741 return SMP_AUTH_REQUIREMENTS;
1742
1c1def09
VCG		 1743 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1744 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1745 skb_pull(skb, sizeof(*req));
88ba43b6 1746
cb06d366
JH		 1747 /* If the remote side's OOB flag is set it means it has
1748 * successfully received our local OOB data - therefore set the
1749 * flag to indicate that local OOB is in use.
1750 */
58428563
JH		 1751 if (req->oob_flag == SMP_OOB_PRESENT)
1752 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1753
b5ae344d
JH		 1754 /* SMP over BR/EDR requires special treatment */
1755 if (conn->hcon->type == ACL_LINK) {
1756 /* We must have a BR/EDR SC link */
08f63cc5 1757 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1758 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1759 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1760
1761 set_bit(SMP_FLAG_SC, &smp->flags);
1762
1763 build_bredr_pairing_cmd(smp, req, &rsp);
1764
1765 key_size = min(req->max_key_size, rsp.max_key_size);
1766 if (check_enc_key_size(conn, key_size))
1767 return SMP_ENC_KEY_SIZE;
1768
1769 /* Clear bits which are generated but not distributed */
1770 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1771
1772 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1773 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1774 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1775
1776 smp_distribute_keys(smp);
1777 return 0;
1778 }
1779
5e3d3d9b
JH		 1780 build_pairing_cmd(conn, req, &rsp, auth);
1781
1782 if (rsp.auth_req & SMP_AUTH_SC)
1783 set_bit(SMP_FLAG_SC, &smp->flags);
1784
5be5e275 1785 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1786 sec_level = BT_SECURITY_MEDIUM;
1787 else
1788 sec_level = authreq_to_seclevel(auth);
1789
c7262e71
JH		 1790 if (sec_level > conn->hcon->pending_sec_level)
1791 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1792
49c922bb 1793 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1794 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1795 u8 method;
1796
1797 method = get_auth_method(smp, conn->hcon->io_capability,
1798 req->io_capability);
1799 if (method == JUST_WORKS || method == JUST_CFM)
1800 return SMP_AUTH_REQUIREMENTS;
1801 }
1802
3158c50c
VCG		 1803 key_size = min(req->max_key_size, rsp.max_key_size);
1804 if (check_enc_key_size(conn, key_size))
1805 return SMP_ENC_KEY_SIZE;
88ba43b6 1806
e84a6b13 1807 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1808
1c1def09
VCG		 1809 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1810 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1811
3158c50c 1812 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1813
1814 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1815
19c5ce9c
JH		 1816 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1817 * SC case, however some implementations incorrectly copy RFU auth
1818 * req bits from our security request, which may create a false
1819 * positive SC enablement.
1820 */
1821 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1822
3b19146d
JH		 1823 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1824 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1825 /* Clear bits which are generated but not distributed */
1826 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1827 /* Wait for Public Key from Initiating Device */
1828 return 0;
3b19146d 1829 }
da85e5e5 1830
2b64d153
BG		 1831 /* Request setup of TK */
1832 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1833 if (ret)
1834 return SMP_UNSPECIFIED;
1835
da85e5e5 1836 return 0;
88ba43b6
AB		 1837}
1838
3b19146d
JH		 1839static u8 sc_send_public_key(struct smp_chan *smp)
1840{
70157ef5
JH		 1841 struct hci_dev *hdev = smp->conn->hcon->hdev;
1842
3b19146d
JH		 1843 BT_DBG("");
1844
1a8bab4f 1845 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
33d0c030
MH		 1846 struct l2cap_chan *chan = hdev->smp_data;
1847 struct smp_dev *smp_dev;
1848
1849 if (!chan || !chan->data)
1850 return SMP_UNSPECIFIED;
1851
1852 smp_dev = chan->data;
1853
1854 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1855 memcpy(smp->local_sk, smp_dev->local_sk, 32);
fb334fee 1856 memcpy(smp->lr, smp_dev->local_rand, 16);
33d0c030
MH		 1857
1858 if (smp_dev->debug_key)
1859 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1860
1861 goto done;
1862 }
1863
d7a5a11d 1864 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1865 BT_DBG("Using debug keys");
1866 memcpy(smp->local_pk, debug_pk, 64);
1867 memcpy(smp->local_sk, debug_sk, 32);
1868 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1869 } else {
1870 while (true) {
1871 /* Generate local key pair for Secure Connections */
1872 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1873 return SMP_UNSPECIFIED;
6c0dcc50 1874
70157ef5
JH		 1875 /* This is unlikely, but we need to check that
1876 * we didn't accidentially generate a debug key.
1877 */
1878 if (memcmp(smp->local_sk, debug_sk, 32))
1879 break;
1880 }
6c0dcc50 1881 }
3b19146d 1882
33d0c030 1883done:
c7a3d57d 1884 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
8e4e2ee5 1885 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
c7a3d57d 1886 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1887
1888 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1889
1890 return 0;
1891}
1892
da85e5e5 1893static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1894{
3158c50c 1895 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1896 struct l2cap_chan *chan = conn->smp;
1897 struct smp_chan *smp = chan->data;
0edb14de 1898 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1899 u8 key_size, auth;
7d24ddcc 1900 int ret;
88ba43b6
AB		 1901
1902 BT_DBG("conn %p", conn);
1903
c46b98be 1904 if (skb->len < sizeof(*rsp))
38e4a915 1905 return SMP_INVALID_PARAMS;
c46b98be 1906
40bef302 1907 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1908 return SMP_CMD_NOTSUPP;
1909
3158c50c
VCG		 1910 skb_pull(skb, sizeof(*rsp));
1911
1c1def09 1912 req = (void *) &smp->preq[1];
da85e5e5 1913
3158c50c
VCG		 1914 key_size = min(req->max_key_size, rsp->max_key_size);
1915 if (check_enc_key_size(conn, key_size))
1916 return SMP_ENC_KEY_SIZE;
1917
0edb14de 1918 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1919
d7a5a11d 1920 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1921 return SMP_AUTH_REQUIREMENTS;
1922
cb06d366
JH		 1923 /* If the remote side's OOB flag is set it means it has
1924 * successfully received our local OOB data - therefore set the
1925 * flag to indicate that local OOB is in use.
1926 */
58428563
JH		 1927 if (rsp->oob_flag == SMP_OOB_PRESENT)
1928 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1929
b5ae344d
JH		 1930 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1931 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1932
1933 /* Update remote key distribution in case the remote cleared
1934 * some bits that we had enabled in our request.
1935 */
1936 smp->remote_key_dist &= rsp->resp_key_dist;
1937
1938 /* For BR/EDR this means we're done and can start phase 3 */
1939 if (conn->hcon->type == ACL_LINK) {
1940 /* Clear bits which are generated but not distributed */
1941 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1942 smp_distribute_keys(smp);
1943 return 0;
1944 }
1945
65668776
JH		 1946 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1947 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1948 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1949 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1950
49c922bb 1951 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1952 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1953 u8 method;
1954
1955 method = get_auth_method(smp, req->io_capability,
1956 rsp->io_capability);
1957 if (method == JUST_WORKS || method == JUST_CFM)
1958 return SMP_AUTH_REQUIREMENTS;
1959 }
1960
e84a6b13 1961 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1962
fdcc4bec
JH		 1963 /* Update remote key distribution in case the remote cleared
1964 * some bits that we had enabled in our request.
1965 */
1966 smp->remote_key_dist &= rsp->resp_key_dist;
1967
3b19146d
JH		 1968 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1969 /* Clear bits which are generated but not distributed */
1970 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1971 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1972 return sc_send_public_key(smp);
1973 }
1974
c05b9339 1975 auth |= req->auth_req;
2b64d153 1976
476585ec 1977 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1978 if (ret)
1979 return SMP_UNSPECIFIED;
1980
4a74d658 1981 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1982
1983 /* Can't compose response until we have been confirmed */
4a74d658 1984 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1985 return smp_confirm(smp);
da85e5e5
VCG		 1986
1987 return 0;
88ba43b6
AB		 1988}
1989
dcee2b32
JH		 1990static u8 sc_check_confirm(struct smp_chan *smp)
1991{
1992 struct l2cap_conn *conn = smp->conn;
1993
1994 BT_DBG("");
1995
38606f14
JH		 1996 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1997 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1998
dcee2b32
JH		 1999 if (conn->hcon->out) {
2000 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2001 smp->prnd);
2002 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2003 }
2004
2005 return 0;
2006}
2007
19c5ce9c
JH		 2008/* Work-around for some implementations that incorrectly copy RFU bits
2009 * from our security request and thereby create the impression that
2010 * we're doing SC when in fact the remote doesn't support it.
2011 */
2012static int fixup_sc_false_positive(struct smp_chan *smp)
2013{
2014 struct l2cap_conn *conn = smp->conn;
2015 struct hci_conn *hcon = conn->hcon;
2016 struct hci_dev *hdev = hcon->hdev;
2017 struct smp_cmd_pairing *req, *rsp;
2018 u8 auth;
2019
2020 /* The issue is only observed when we're in slave role */
2021 if (hcon->out)
2022 return SMP_UNSPECIFIED;
2023
2024 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2025 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2026 return SMP_UNSPECIFIED;
2027 }
2028
2029 BT_ERR("Trying to fall back to legacy SMP");
2030
2031 req = (void *) &smp->preq[1];
2032 rsp = (void *) &smp->prsp[1];
2033
2034 /* Rebuild key dist flags which may have been cleared for SC */
2035 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2036
2037 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2038
2039 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2040 BT_ERR("Failed to fall back to legacy SMP");
2041 return SMP_UNSPECIFIED;
2042 }
2043
2044 clear_bit(SMP_FLAG_SC, &smp->flags);
2045
2046 return 0;
2047}
2048
da85e5e5 2049static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2050{
5d88cc73
JH		 2051 struct l2cap_chan *chan = conn->smp;
2052 struct smp_chan *smp = chan->data;
7d24ddcc 2053
88ba43b6
AB		 2054 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2055
c46b98be 2056 if (skb->len < sizeof(smp->pcnf))
38e4a915 2057 return SMP_INVALID_PARAMS;
c46b98be 2058
1c1def09
VCG		 2059 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2060 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 2061
19c5ce9c
JH		 2062 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2063 int ret;
2064
2065 /* Public Key exchange must happen before any other steps */
2066 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2067 return sc_check_confirm(smp);
2068
2069 BT_ERR("Unexpected SMP Pairing Confirm");
2070
2071 ret = fixup_sc_false_positive(smp);
2072 if (ret)
2073 return ret;
2074 }
dcee2b32 2075
b28b4943 2076 if (conn->hcon->out) {
943a732a
JH		 2077 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2078 smp->prnd);
b28b4943
JH		 2079 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2080 return 0;
2081 }
2082
2083 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2084 return smp_confirm(smp);
983f9814
MH		 2085
2086 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2087
2088 return 0;
88ba43b6
AB		 2089}
2090
da85e5e5 2091static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2092{
5d88cc73
JH		 2093 struct l2cap_chan *chan = conn->smp;
2094 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2095 struct hci_conn *hcon = conn->hcon;
2096 u8 *pkax, *pkbx, *na, *nb;
2097 u32 passkey;
2098 int err;
7d24ddcc 2099
8aab4757 2100 BT_DBG("conn %p", conn);
3158c50c 2101
c46b98be 2102 if (skb->len < sizeof(smp->rrnd))
38e4a915 2103 return SMP_INVALID_PARAMS;
c46b98be 2104
943a732a 2105 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2106 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2107
191dc7fe
JH		 2108 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2109 return smp_random(smp);
2110
580039e8
JH		 2111 if (hcon->out) {
2112 pkax = smp->local_pk;
2113 pkbx = smp->remote_pk;
2114 na = smp->prnd;
2115 nb = smp->rrnd;
2116 } else {
2117 pkax = smp->remote_pk;
2118 pkbx = smp->local_pk;
2119 na = smp->rrnd;
2120 nb = smp->prnd;
2121 }
2122
a29b0733
JH		 2123 if (smp->method == REQ_OOB) {
2124 if (!hcon->out)
2125 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2126 sizeof(smp->prnd), smp->prnd);
2127 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2128 goto mackey_and_ltk;
2129 }
2130
38606f14
JH		 2131 /* Passkey entry has special treatment */
2132 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2133 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2134
191dc7fe
JH		 2135 if (hcon->out) {
2136 u8 cfm[16];
2137
2138 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2139 smp->rrnd, 0, cfm);
2140 if (err)
2141 return SMP_UNSPECIFIED;
2142
2143 if (memcmp(smp->pcnf, cfm, 16))
2144 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2145 } else {
2146 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2147 smp->prnd);
2148 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2149 }
2150
a29b0733 2151mackey_and_ltk:
760b018b
JH		 2152 /* Generate MacKey and LTK */
2153 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2154 if (err)
2155 return SMP_UNSPECIFIED;
2156
a29b0733 2157 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2158 if (hcon->out) {
38606f14 2159 sc_dhkey_check(smp);
dddd3059
JH		 2160 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2161 }
2162 return 0;
2163 }
2164
38606f14
JH		 2165 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2166 if (err)
2167 return SMP_UNSPECIFIED;
2168
2169 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2170 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2171 if (err)
2172 return SMP_UNSPECIFIED;
2173
38606f14
JH		 2174 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2175
191dc7fe 2176 return 0;
88ba43b6
AB		 2177}
2178
f81cd823 2179static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2180{
c9839a11 2181 struct smp_ltk *key;
988c5997
VCG		 2182 struct hci_conn *hcon = conn->hcon;
2183
f3a73d97 2184 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2185 if (!key)
f81cd823 2186 return false;
988c5997 2187
a6f7833c 2188 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2189 return false;
4dab7864 2190
51a8efd7 2191 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2192 return true;
988c5997 2193
8b76ce34 2194 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
c9839a11 2195 hcon->enc_key_size = key->enc_size;
988c5997 2196
fe59a05f
JH		 2197 /* We never store STKs for master role, so clear this flag */
2198 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2199
f81cd823 2200 return true;
988c5997 2201}
f1560463 2202
35dc6f83
JH		 2203bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2204 enum smp_key_pref key_pref)
854f4727
JH		 2205{
2206 if (sec_level == BT_SECURITY_LOW)
2207 return true;
2208
35dc6f83
JH		 2209 /* If we're encrypted with an STK but the caller prefers using
2210 * LTK claim insufficient security. This way we allow the
2211 * connection to be re-encrypted with an LTK, even if the LTK
2212 * provides the same level of security. Only exception is if we
2213 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2214 */
35dc6f83
JH		 2215 if (key_pref == SMP_USE_LTK &&
2216 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2217 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2218 return false;
2219
854f4727
JH		 2220 if (hcon->sec_level >= sec_level)
2221 return true;
2222
2223 return false;
2224}
2225
da85e5e5 2226static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2227{
2228 struct smp_cmd_security_req *rp = (void *) skb->data;
2229 struct smp_cmd_pairing cp;
f1cb9af5 2230 struct hci_conn *hcon = conn->hcon;
0edb14de 2231 struct hci_dev *hdev = hcon->hdev;
8aab4757 2232 struct smp_chan *smp;
c05b9339 2233 u8 sec_level, auth;
88ba43b6
AB		 2234
2235 BT_DBG("conn %p", conn);
2236
c46b98be 2237 if (skb->len < sizeof(*rp))
38e4a915 2238 return SMP_INVALID_PARAMS;
c46b98be 2239
40bef302 2240 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2241 return SMP_CMD_NOTSUPP;
2242
0edb14de 2243 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2244
d7a5a11d 2245 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2246 return SMP_AUTH_REQUIREMENTS;
2247
5be5e275 2248 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2249 sec_level = BT_SECURITY_MEDIUM;
2250 else
2251 sec_level = authreq_to_seclevel(auth);
2252
35dc6f83 2253 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2254 return 0;
2255
c7262e71
JH		 2256 if (sec_level > hcon->pending_sec_level)
2257 hcon->pending_sec_level = sec_level;
feb45eb5 2258
4dab7864 2259 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2260 return 0;
2261
8aab4757 2262 smp = smp_chan_create(conn);
c29d2444
JH		 2263 if (!smp)
2264 return SMP_UNSPECIFIED;
d26a2345 2265
d7a5a11d 2266 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2267 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2268 return SMP_PAIRING_NOTSUPP;
2269
88ba43b6 2270 skb_pull(skb, sizeof(*rp));
88ba43b6 2271
da85e5e5 2272 memset(&cp, 0, sizeof(cp));
c05b9339 2273 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2274
1c1def09
VCG		 2275 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2276 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2277
88ba43b6 2278 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2279 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2280
da85e5e5 2281 return 0;
88ba43b6
AB		 2282}
2283
cc110922 2284int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2285{
cc110922 2286 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2287 struct l2cap_chan *chan;
0a66cf20 2288 struct smp_chan *smp;
2b64d153 2289 __u8 authreq;
fc75cc86 2290 int ret;
eb492e01 2291
3a0259bb
VCG		 2292 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2293
0a66cf20
JH		 2294 /* This may be NULL if there's an unexpected disconnection */
2295 if (!conn)
2296 return 1;
2297
d7a5a11d 2298 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2299 return 1;
2300
35dc6f83 2301 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2302 return 1;
f1cb9af5 2303
c7262e71
JH		 2304 if (sec_level > hcon->pending_sec_level)
2305 hcon->pending_sec_level = sec_level;
2306
40bef302 2307 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2308 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2309 return 0;
d26a2345 2310
d8949aad
JH		 2311 chan = conn->smp;
2312 if (!chan) {
2313 BT_ERR("SMP security requested but not available");
2314 return 1;
2315 }
2316
fc75cc86
JH		 2317 l2cap_chan_lock(chan);
2318
2319 /* If SMP is already in progress ignore this request */
2320 if (chan->data) {
2321 ret = 0;
2322 goto unlock;
2323 }
d26a2345 2324
8aab4757 2325 smp = smp_chan_create(conn);
fc75cc86
JH		 2326 if (!smp) {
2327 ret = 1;
2328 goto unlock;
2329 }
2b64d153
BG		 2330
2331 authreq = seclevel_to_authreq(sec_level);
d26a2345 2332
d7a5a11d 2333 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
d2eb9e10
JH		 2334 authreq |= SMP_AUTH_SC;
2335
79897d20
JH		 2336 /* Require MITM if IO Capability allows or the security level
2337 * requires it.
2e233644 2338 */
79897d20 2339 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2340 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2341 authreq |= SMP_AUTH_MITM;
2342
40bef302 2343 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2344 struct smp_cmd_pairing cp;
f01ead31 2345
2b64d153 2346 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2347 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2348 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2349
eb492e01 2350 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2351 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2352 } else {
2353 struct smp_cmd_security_req cp;
2b64d153 2354 cp.auth_req = authreq;
eb492e01 2355 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2356 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2357 }
2358
4a74d658 2359 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2360 ret = 0;
edca792c 2361
fc75cc86
JH		 2362unlock:
2363 l2cap_chan_unlock(chan);
2364 return ret;
eb492e01
AB		 2365}
2366
c81d555a
JH		 2367void smp_cancel_pairing(struct hci_conn *hcon)
2368{
2369 struct l2cap_conn *conn = hcon->l2cap_data;
2370 struct l2cap_chan *chan;
2371 struct smp_chan *smp;
2372
2373 if (!conn)
2374 return;
2375
2376 chan = conn->smp;
2377 if (!chan)
2378 return;
2379
2380 l2cap_chan_lock(chan);
2381
2382 smp = chan->data;
2383 if (smp) {
2384 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2385 smp_failure(conn, 0);
2386 else
2387 smp_failure(conn, SMP_UNSPECIFIED);
2388 }
2389
2390 l2cap_chan_unlock(chan);
2391}
2392
7034b911
VCG		 2393static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2394{
16b90839 2395 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2396 struct l2cap_chan *chan = conn->smp;
2397 struct smp_chan *smp = chan->data;
16b90839 2398
c46b98be
JH		 2399 BT_DBG("conn %p", conn);
2400
2401 if (skb->len < sizeof(*rp))
38e4a915 2402 return SMP_INVALID_PARAMS;
c46b98be 2403
b28b4943 2404 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2405
16b90839
VCG		 2406 skb_pull(skb, sizeof(*rp));
2407
1c1def09 2408 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2409
7034b911
VCG		 2410 return 0;
2411}
2412
2413static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2414{
16b90839 2415 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2416 struct l2cap_chan *chan = conn->smp;
2417 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2418 struct hci_dev *hdev = conn->hcon->hdev;
2419 struct hci_conn *hcon = conn->hcon;
23d0e128 2420 struct smp_ltk *ltk;
c9839a11 2421 u8 authenticated;
16b90839 2422
c46b98be
JH		 2423 BT_DBG("conn %p", conn);
2424
2425 if (skb->len < sizeof(*rp))
38e4a915 2426 return SMP_INVALID_PARAMS;
c46b98be 2427
9747a9f3
JH		 2428 /* Mark the information as received */
2429 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2430
b28b4943
JH		 2431 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2432 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2433 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2434 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2435
16b90839 2436 skb_pull(skb, sizeof(*rp));
7034b911 2437
ce39fb4e 2438 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2439 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2440 authenticated, smp->tk, smp->enc_key_size,
2441 rp->ediv, rp->rand);
2442 smp->ltk = ltk;
c6e81e9a 2443 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2444 smp_distribute_keys(smp);
7034b911
VCG		 2445
2446 return 0;
2447}
2448
fd349c02
JH		 2449static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2450{
2451 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2452 struct l2cap_chan *chan = conn->smp;
2453 struct smp_chan *smp = chan->data;
fd349c02
JH		 2454
2455 BT_DBG("");
2456
2457 if (skb->len < sizeof(*info))
38e4a915 2458 return SMP_INVALID_PARAMS;
fd349c02 2459
b28b4943 2460 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2461
fd349c02
JH		 2462 skb_pull(skb, sizeof(*info));
2463
2464 memcpy(smp->irk, info->irk, 16);
2465
2466 return 0;
2467}
2468
2469static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2470 struct sk_buff *skb)
2471{
2472 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2473 struct l2cap_chan *chan = conn->smp;
2474 struct smp_chan *smp = chan->data;
fd349c02
JH		 2475 struct hci_conn *hcon = conn->hcon;
2476 bdaddr_t rpa;
2477
2478 BT_DBG("");
2479
2480 if (skb->len < sizeof(*info))
38e4a915 2481 return SMP_INVALID_PARAMS;
fd349c02 2482
9747a9f3
JH		 2483 /* Mark the information as received */
2484 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2485
b28b4943
JH		 2486 if (smp->remote_key_dist & SMP_DIST_SIGN)
2487 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2488
fd349c02
JH		 2489 skb_pull(skb, sizeof(*info));
2490
a9a58f86
JH		 2491 /* Strictly speaking the Core Specification (4.1) allows sending
2492 * an empty address which would force us to rely on just the IRK
2493 * as "identity information". However, since such
2494 * implementations are not known of and in order to not over
2495 * complicate our implementation, simply pretend that we never
2496 * received an IRK for such a device.
e12af489
JH		 2497 *
2498 * The Identity Address must also be a Static Random or Public
2499 * Address, which hci_is_identity_address() checks for.
a9a58f86 2500 */
e12af489
JH		 2501 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2502 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2503 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2504 goto distribute;
a9a58f86
JH		 2505 }
2506
fd349c02
JH		 2507 bacpy(&smp->id_addr, &info->bdaddr);
2508 smp->id_addr_type = info->addr_type;
2509
2510 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2511 bacpy(&rpa, &hcon->dst);
2512 else
2513 bacpy(&rpa, BDADDR_ANY);
2514
23d0e128
JH		 2515 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2516 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2517
31dd624e 2518distribute:
c6e81e9a
JH		 2519 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2520 smp_distribute_keys(smp);
fd349c02
JH		 2521
2522 return 0;
2523}
2524
7ee4ea36
MH		 2525static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2526{
2527 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2528 struct l2cap_chan *chan = conn->smp;
2529 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2530 struct smp_csrk *csrk;
2531
2532 BT_DBG("conn %p", conn);
2533
2534 if (skb->len < sizeof(*rp))
38e4a915 2535 return SMP_INVALID_PARAMS;
7ee4ea36 2536
7ee4ea36
MH		 2537 /* Mark the information as received */
2538 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2539
2540 skb_pull(skb, sizeof(*rp));
2541
7ee4ea36
MH		 2542 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2543 if (csrk) {
4cd3928a
JH		 2544 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2545 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2546 else
2547 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2548 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2549 }
2550 smp->csrk = csrk;
d6268e86 2551 smp_distribute_keys(smp);
7ee4ea36
MH		 2552
2553 return 0;
2554}
2555
5e3d3d9b
JH		 2556static u8 sc_select_method(struct smp_chan *smp)
2557{
2558 struct l2cap_conn *conn = smp->conn;
2559 struct hci_conn *hcon = conn->hcon;
2560 struct smp_cmd_pairing *local, *remote;
2561 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2562
1a8bab4f
JH		 2563 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2564 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
a29b0733
JH		 2565 return REQ_OOB;
2566
5e3d3d9b
JH		 2567 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2568 * which are needed as inputs to some crypto functions. To get
2569 * the "struct smp_cmd_pairing" from them we need to skip the
2570 * first byte which contains the opcode.
2571 */
2572 if (hcon->out) {
2573 local = (void *) &smp->preq[1];
2574 remote = (void *) &smp->prsp[1];
2575 } else {
2576 local = (void *) &smp->prsp[1];
2577 remote = (void *) &smp->preq[1];
2578 }
2579
2580 local_io = local->io_capability;
2581 remote_io = remote->io_capability;
2582
2583 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2584 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2585
2586 /* If either side wants MITM, look up the method from the table,
2587 * otherwise use JUST WORKS.
2588 */
2589 if (local_mitm || remote_mitm)
2590 method = get_auth_method(smp, local_io, remote_io);
2591 else
2592 method = JUST_WORKS;
2593
2594 /* Don't confirm locally initiated pairing attempts */
2595 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2596 method = JUST_WORKS;
2597
2598 return method;
2599}
2600
d8f8edbe
JH		 2601static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2602{
2603 struct smp_cmd_public_key *key = (void *) skb->data;
2604 struct hci_conn *hcon = conn->hcon;
2605 struct l2cap_chan *chan = conn->smp;
2606 struct smp_chan *smp = chan->data;
5e3d3d9b 2607 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2608 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2609 int err;
2610
2611 BT_DBG("conn %p", conn);
2612
2613 if (skb->len < sizeof(*key))
2614 return SMP_INVALID_PARAMS;
2615
2616 memcpy(smp->remote_pk, key, 64);
2617
a8ca617c
JH		 2618 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2619 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2620 smp->rr, 0, cfm.confirm_val);
2621 if (err)
2622 return SMP_UNSPECIFIED;
2623
2624 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2625 return SMP_CONFIRM_FAILED;
2626 }
2627
d8f8edbe
JH		 2628 /* Non-initiating device sends its public key after receiving
2629 * the key from the initiating device.
2630 */
2631 if (!hcon->out) {
2632 err = sc_send_public_key(smp);
2633 if (err)
2634 return err;
2635 }
2636
c7a3d57d 2637 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
e091526d 2638 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
d8f8edbe
JH		 2639
2640 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2641 return SMP_UNSPECIFIED;
2642
c7a3d57d 2643 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2644
2645 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2646
5e3d3d9b
JH		 2647 smp->method = sc_select_method(smp);
2648
2649 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2650
2651 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2652 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2653 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2654 else
2655 hcon->pending_sec_level = BT_SECURITY_FIPS;
2656
aeb7d461
JH		 2657 if (!memcmp(debug_pk, smp->remote_pk, 64))
2658 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2659
38606f14
JH		 2660 if (smp->method == DSP_PASSKEY) {
2661 get_random_bytes(&hcon->passkey_notify,
2662 sizeof(hcon->passkey_notify));
2663 hcon->passkey_notify %= 1000000;
2664 hcon->passkey_entered = 0;
2665 smp->passkey_round = 0;
2666 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2667 hcon->dst_type,
2668 hcon->passkey_notify,
2669 hcon->passkey_entered))
2670 return SMP_UNSPECIFIED;
2671 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2672 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2673 }
2674
94ea7257 2675 if (smp->method == REQ_OOB) {
a29b0733
JH		 2676 if (hcon->out)
2677 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2678 sizeof(smp->prnd), smp->prnd);
2679
2680 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2681
2682 return 0;
2683 }
2684
38606f14
JH		 2685 if (hcon->out)
2686 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2687
2688 if (smp->method == REQ_PASSKEY) {
2689 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2690 hcon->dst_type))
2691 return SMP_UNSPECIFIED;
2692 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2693 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2694 return 0;
2695 }
2696
cbbbe3e2
JH		 2697 /* The Initiating device waits for the non-initiating device to
2698 * send the confirm value.
2699 */
2700 if (conn->hcon->out)
2701 return 0;
2702
2703 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2704 0, cfm.confirm_val);
2705 if (err)
2706 return SMP_UNSPECIFIED;
2707
2708 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2709 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2710
d8f8edbe
JH		 2711 return 0;
2712}
2713
6433a9a2
JH		 2714static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2715{
2716 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2717 struct l2cap_chan *chan = conn->smp;
2718 struct hci_conn *hcon = conn->hcon;
2719 struct smp_chan *smp = chan->data;
2720 u8 a[7], b[7], *local_addr, *remote_addr;
2721 u8 io_cap[3], r[16], e[16];
2722 int err;
2723
2724 BT_DBG("conn %p", conn);
2725
2726 if (skb->len < sizeof(*check))
2727 return SMP_INVALID_PARAMS;
2728
2729 memcpy(a, &hcon->init_addr, 6);
2730 memcpy(b, &hcon->resp_addr, 6);
2731 a[6] = hcon->init_addr_type;
2732 b[6] = hcon->resp_addr_type;
2733
2734 if (hcon->out) {
2735 local_addr = a;
2736 remote_addr = b;
2737 memcpy(io_cap, &smp->prsp[1], 3);
2738 } else {
2739 local_addr = b;
2740 remote_addr = a;
2741 memcpy(io_cap, &smp->preq[1], 3);
2742 }
2743
2744 memset(r, 0, sizeof(r));
2745
38606f14
JH		 2746 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2747 put_unaligned_le32(hcon->passkey_notify, r);
882fafad
JH		 2748 else if (smp->method == REQ_OOB)
2749 memcpy(r, smp->lr, 16);
38606f14 2750
6433a9a2
JH		 2751 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2752 io_cap, remote_addr, local_addr, e);
2753 if (err)
2754 return SMP_UNSPECIFIED;
2755
2756 if (memcmp(check->e, e, 16))
2757 return SMP_DHKEY_CHECK_FAILED;
2758
d3e54a87
JH		 2759 if (!hcon->out) {
2760 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2761 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2762 return 0;
2763 }
d378a2d7 2764
d3e54a87
JH		 2765 /* Slave sends DHKey check as response to master */
2766 sc_dhkey_check(smp);
2767 }
d378a2d7 2768
d3e54a87 2769 sc_add_ltk(smp);
6433a9a2
JH		 2770
2771 if (hcon->out) {
8b76ce34 2772 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
6433a9a2
JH		 2773 hcon->enc_key_size = smp->enc_key_size;
2774 }
2775
2776 return 0;
2777}
2778
1408bb6e
JH		 2779static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2780 struct sk_buff *skb)
2781{
2782 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2783
2784 BT_DBG("value 0x%02x", kp->value);
2785
2786 return 0;
2787}
2788
4befb867 2789static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2790{
5d88cc73 2791 struct l2cap_conn *conn = chan->conn;
7b9899db 2792 struct hci_conn *hcon = conn->hcon;
b28b4943 2793 struct smp_chan *smp;
92381f5c 2794 __u8 code, reason;
eb492e01
AB		 2795 int err = 0;
2796
8ae9b984 2797 if (skb->len < 1)
92381f5c 2798 return -EILSEQ;
92381f5c 2799
d7a5a11d 2800 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2801 reason = SMP_PAIRING_NOTSUPP;
2802 goto done;
2803 }
2804
92381f5c 2805 code = skb->data[0];
eb492e01
AB		 2806 skb_pull(skb, sizeof(code));
2807
b28b4943
JH		 2808 smp = chan->data;
2809
2810 if (code > SMP_CMD_MAX)
2811 goto drop;
2812
24bd0bd9 2813 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2814 goto drop;
2815
2816 /* If we don't have a context the only allowed commands are
2817 * pairing request and security request.
8cf9fa12 2818 */
b28b4943
JH		 2819 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2820 goto drop;
8cf9fa12 2821
eb492e01
AB		 2822 switch (code) {
2823 case SMP_CMD_PAIRING_REQ:
da85e5e5 2824 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2825 break;
2826
2827 case SMP_CMD_PAIRING_FAIL:
84794e11 2828 smp_failure(conn, 0);
da85e5e5 2829 err = -EPERM;
eb492e01
AB		 2830 break;
2831
2832 case SMP_CMD_PAIRING_RSP:
da85e5e5 2833 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2834 break;
2835
2836 case SMP_CMD_SECURITY_REQ:
da85e5e5 2837 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2838 break;
2839
eb492e01 2840 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2841 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2842 break;
2843
eb492e01 2844 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2845 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2846 break;
2847
eb492e01 2848 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2849 reason = smp_cmd_encrypt_info(conn, skb);
2850 break;
2851
eb492e01 2852 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2853 reason = smp_cmd_master_ident(conn, skb);
2854 break;
2855
eb492e01 2856 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2857 reason = smp_cmd_ident_info(conn, skb);
2858 break;
2859
eb492e01 2860 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2861 reason = smp_cmd_ident_addr_info(conn, skb);
2862 break;
2863
eb492e01 2864 case SMP_CMD_SIGN_INFO:
7ee4ea36 2865 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2866 break;
2867
d8f8edbe
JH		 2868 case SMP_CMD_PUBLIC_KEY:
2869 reason = smp_cmd_public_key(conn, skb);
2870 break;
2871
6433a9a2
JH		 2872 case SMP_CMD_DHKEY_CHECK:
2873 reason = smp_cmd_dhkey_check(conn, skb);
2874 break;
2875
1408bb6e
JH		 2876 case SMP_CMD_KEYPRESS_NOTIFY:
2877 reason = smp_cmd_keypress_notify(conn, skb);
2878 break;
2879
eb492e01
AB		 2880 default:
2881 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2882 reason = SMP_CMD_NOTSUPP;
3a0259bb 2883 goto done;
eb492e01
AB		 2884 }
2885
3a0259bb 2886done:
9b7b18ef
JH		 2887 if (!err) {
2888 if (reason)
2889 smp_failure(conn, reason);
8ae9b984 2890 kfree_skb(skb);
9b7b18ef
JH		 2891 }
2892
eb492e01 2893 return err;
b28b4943
JH		 2894
2895drop:
2896 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2897 code, &hcon->dst);
2898 kfree_skb(skb);
2899 return 0;
eb492e01 2900}
7034b911 2901
70db83c4
JH		 2902static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2903{
2904 struct l2cap_conn *conn = chan->conn;
2905
2906 BT_DBG("chan %p", chan);
2907
fc75cc86 2908 if (chan->data)
5d88cc73 2909 smp_chan_destroy(conn);
5d88cc73 2910
70db83c4
JH		 2911 conn->smp = NULL;
2912 l2cap_chan_put(chan);
2913}
2914
b5ae344d
JH		 2915static void bredr_pairing(struct l2cap_chan *chan)
2916{
2917 struct l2cap_conn *conn = chan->conn;
2918 struct hci_conn *hcon = conn->hcon;
2919 struct hci_dev *hdev = hcon->hdev;
2920 struct smp_cmd_pairing req;
2921 struct smp_chan *smp;
2922
2923 BT_DBG("chan %p", chan);
2924
2925 /* Only new pairings are interesting */
2926 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2927 return;
2928
2929 /* Don't bother if we're not encrypted */
2930 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2931 return;
2932
2933 /* Only master may initiate SMP over BR/EDR */
2934 if (hcon->role != HCI_ROLE_MASTER)
2935 return;
2936
2937 /* Secure Connections support must be enabled */
d7a5a11d 2938 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2939 return;
2940
2941 /* BR/EDR must use Secure Connections for SMP */
2942 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2943 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2944 return;
2945
2946 /* If our LE support is not enabled don't do anything */
d7a5a11d 2947 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2948 return;
2949
2950 /* Don't bother if remote LE support is not enabled */
2951 if (!lmp_host_le_capable(hcon))
2952 return;
2953
2954 /* Remote must support SMP fixed chan for BR/EDR */
2955 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2956 return;
2957
2958 /* Don't bother if SMP is already ongoing */
2959 if (chan->data)
2960 return;
2961
2962 smp = smp_chan_create(conn);
2963 if (!smp) {
2964 BT_ERR("%s unable to create SMP context for BR/EDR",
2965 hdev->name);
2966 return;
2967 }
2968
2969 set_bit(SMP_FLAG_SC, &smp->flags);
2970
2971 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2972
2973 /* Prepare and send the BR/EDR SMP Pairing Request */
2974 build_bredr_pairing_cmd(smp, &req, NULL);
2975
2976 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2977 memcpy(&smp->preq[1], &req, sizeof(req));
2978
2979 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2980 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2981}
2982
44f1a7ab
JH		 2983static void smp_resume_cb(struct l2cap_chan *chan)
2984{
b68fda68 2985 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2986 struct l2cap_conn *conn = chan->conn;
2987 struct hci_conn *hcon = conn->hcon;
2988
2989 BT_DBG("chan %p", chan);
2990
b5ae344d
JH		 2991 if (hcon->type == ACL_LINK) {
2992 bredr_pairing(chan);
ef8efe4b 2993 return;
b5ae344d 2994 }
ef8efe4b 2995
86d1407c
JH		 2996 if (!smp)
2997 return;
b68fda68 2998
84bc0db5
JH		 2999 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3000 return;
3001
86d1407c
JH		 3002 cancel_delayed_work(&smp->security_timer);
3003
d6268e86 3004 smp_distribute_keys(smp);
44f1a7ab
JH		 3005}
3006
70db83c4
JH		 3007static void smp_ready_cb(struct l2cap_chan *chan)
3008{
3009 struct l2cap_conn *conn = chan->conn;
b5ae344d 3010 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 3011
3012 BT_DBG("chan %p", chan);
3013
7883746b
JH		 3014 /* No need to call l2cap_chan_hold() here since we already own
3015 * the reference taken in smp_new_conn_cb(). This is just the
3016 * first time that we tie it to a specific pointer. The code in
3017 * l2cap_core.c ensures that there's no risk this function wont
3018 * get called if smp_new_conn_cb was previously called.
3019 */
70db83c4 3020 conn->smp = chan;
b5ae344d
JH		 3021
3022 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3023 bredr_pairing(chan);
70db83c4
JH		 3024}
3025
4befb867
JH		 3026static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3027{
3028 int err;
3029
3030 BT_DBG("chan %p", chan);
3031
3032 err = smp_sig_channel(chan, skb);
3033 if (err) {
b68fda68 3034 struct smp_chan *smp = chan->data;
4befb867 3035
b68fda68
JH		 3036 if (smp)
3037 cancel_delayed_work_sync(&smp->security_timer);
4befb867 3038
1e91c29e 3039 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 3040 }
3041
3042 return err;
3043}
3044
70db83c4
JH		 3045static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3046 unsigned long hdr_len,
3047 unsigned long len, int nb)
3048{
3049 struct sk_buff *skb;
3050
3051 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3052 if (!skb)
3053 return ERR_PTR(-ENOMEM);
3054
3055 skb->priority = HCI_PRIO_MAX;
a4368ff3 3056 bt_cb(skb)->l2cap.chan = chan;
70db83c4
JH		 3057
3058 return skb;
3059}
3060
3061static const struct l2cap_ops smp_chan_ops = {
3062 .name = "Security Manager",
3063 .ready = smp_ready_cb,
5d88cc73 3064 .recv = smp_recv_cb,
70db83c4
JH		 3065 .alloc_skb = smp_alloc_skb_cb,
3066 .teardown = smp_teardown_cb,
44f1a7ab 3067 .resume = smp_resume_cb,
70db83c4
JH		 3068
3069 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 3070 .state_change = l2cap_chan_no_state_change,
3071 .close = l2cap_chan_no_close,
3072 .defer = l2cap_chan_no_defer,
3073 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 3074 .set_shutdown = l2cap_chan_no_set_shutdown,
3075 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3076};
3077
3078static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3079{
3080 struct l2cap_chan *chan;
3081
3082 BT_DBG("pchan %p", pchan);
3083
3084 chan = l2cap_chan_create();
3085 if (!chan)
3086 return NULL;
3087
3088 chan->chan_type = pchan->chan_type;
3089 chan->ops = &smp_chan_ops;
3090 chan->scid = pchan->scid;
3091 chan->dcid = chan->scid;
3092 chan->imtu = pchan->imtu;
3093 chan->omtu = pchan->omtu;
3094 chan->mode = pchan->mode;
3095
abe84903
JH		 3096 /* Other L2CAP channels may request SMP routines in order to
3097 * change the security level. This means that the SMP channel
3098 * lock must be considered in its own category to avoid lockdep
3099 * warnings.
3100 */
3101 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3102
70db83c4
JH		 3103 BT_DBG("created chan %p", chan);
3104
3105 return chan;
3106}
3107
3108static const struct l2cap_ops smp_root_chan_ops = {
3109 .name = "Security Manager Root",
3110 .new_connection = smp_new_conn_cb,
3111
3112 /* None of these are implemented for the root channel */
3113 .close = l2cap_chan_no_close,
3114 .alloc_skb = l2cap_chan_no_alloc_skb,
3115 .recv = l2cap_chan_no_recv,
3116 .state_change = l2cap_chan_no_state_change,
3117 .teardown = l2cap_chan_no_teardown,
3118 .ready = l2cap_chan_no_ready,
3119 .defer = l2cap_chan_no_defer,
3120 .suspend = l2cap_chan_no_suspend,
3121 .resume = l2cap_chan_no_resume,
3122 .set_shutdown = l2cap_chan_no_set_shutdown,
3123 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3124};
3125
ef8efe4b 3126static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3127{
70db83c4 3128 struct l2cap_chan *chan;
88a479d9
MH		 3129 struct smp_dev *smp;
3130 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 3131 struct crypto_hash *tfm_cmac;
70db83c4 3132
ef8efe4b 3133 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3134 smp = NULL;
ef8efe4b
JH		 3135 goto create_chan;
3136 }
711eafe3 3137
88a479d9
MH		 3138 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3139 if (!smp)
3140 return ERR_PTR(-ENOMEM);
3141
3142 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
defce9e8 3143 if (IS_ERR(tfm_aes)) {
88a479d9
MH		 3144 BT_ERR("Unable to create ECB crypto context");
3145 kzfree(smp);
fe700771 3146 return ERR_CAST(tfm_aes);
711eafe3
JH		 3147 }
3148
6e2dc6d1
MH		 3149 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3150 if (IS_ERR(tfm_cmac)) {
3151 BT_ERR("Unable to create CMAC crypto context");
3152 crypto_free_blkcipher(tfm_aes);
3153 kzfree(smp);
3154 return ERR_CAST(tfm_cmac);
3155 }
3156
88a479d9 3157 smp->tfm_aes = tfm_aes;
6e2dc6d1 3158 smp->tfm_cmac = tfm_cmac;
b1f663c9 3159 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
2fd36558 3160 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
88a479d9 3161
ef8efe4b 3162create_chan:
70db83c4
JH		 3163 chan = l2cap_chan_create();
3164 if (!chan) {
63511f6d
MH		 3165 if (smp) {
3166 crypto_free_blkcipher(smp->tfm_aes);
3167 crypto_free_hash(smp->tfm_cmac);
3168 kzfree(smp);
3169 }
ef8efe4b 3170 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3171 }
3172
88a479d9 3173 chan->data = smp;
defce9e8 3174
ef8efe4b 3175 l2cap_add_scid(chan, cid);
70db83c4
JH		 3176
3177 l2cap_chan_set_defaults(chan);
3178
157029ba 3179 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3180 u8 bdaddr_type;
3181
3182 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3183
3184 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3185 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3186 else
3187 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3188 } else {
3189 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3190 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3191 }
3192
70db83c4
JH		 3193 chan->state = BT_LISTEN;
3194 chan->mode = L2CAP_MODE_BASIC;
3195 chan->imtu = L2CAP_DEFAULT_MTU;
3196 chan->ops = &smp_root_chan_ops;
3197
abe84903
JH		 3198 /* Set correct nesting level for a parent/listening channel */
3199 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3200
ef8efe4b 3201 return chan;
711eafe3
JH		 3202}
3203
ef8efe4b 3204static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3205{
88a479d9 3206 struct smp_dev *smp;
70db83c4 3207
ef8efe4b 3208 BT_DBG("chan %p", chan);
711eafe3 3209
88a479d9
MH		 3210 smp = chan->data;
3211 if (smp) {
defce9e8 3212 chan->data = NULL;
88a479d9
MH		 3213 if (smp->tfm_aes)
3214 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1
MH		 3215 if (smp->tfm_cmac)
3216 crypto_free_hash(smp->tfm_cmac);
88a479d9 3217 kzfree(smp);
711eafe3 3218 }
70db83c4 3219
70db83c4 3220 l2cap_chan_put(chan);
711eafe3 3221}
ef8efe4b 3222
300acfde
MH		 3223static ssize_t force_bredr_smp_read(struct file *file,
3224 char __user *user_buf,
3225 size_t count, loff_t *ppos)
3226{
3227 struct hci_dev *hdev = file->private_data;
3228 char buf[3];
3229
b7cb93e5 3230 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3231 buf[1] = '\n';
3232 buf[2] = '\0';
3233 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3234}
3235
3236static ssize_t force_bredr_smp_write(struct file *file,
3237 const char __user *user_buf,
3238 size_t count, loff_t *ppos)
3239{
3240 struct hci_dev *hdev = file->private_data;
3241 char buf[32];
3242 size_t buf_size = min(count, (sizeof(buf)-1));
3243 bool enable;
3244
3245 if (copy_from_user(buf, user_buf, buf_size))
3246 return -EFAULT;
3247
3248 buf[buf_size] = '\0';
3249 if (strtobool(buf, &enable))
3250 return -EINVAL;
3251
b7cb93e5 3252 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3253 return -EALREADY;
3254
3255 if (enable) {
3256 struct l2cap_chan *chan;
3257
3258 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3259 if (IS_ERR(chan))
3260 return PTR_ERR(chan);
3261
3262 hdev->smp_bredr_data = chan;
3263 } else {
3264 struct l2cap_chan *chan;
3265
3266 chan = hdev->smp_bredr_data;
3267 hdev->smp_bredr_data = NULL;
3268 smp_del_chan(chan);
3269 }
3270
b7cb93e5 3271 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3272
3273 return count;
3274}
3275
3276static const struct file_operations force_bredr_smp_fops = {
3277 .open = simple_open,
3278 .read = force_bredr_smp_read,
3279 .write = force_bredr_smp_write,
3280 .llseek = default_llseek,
3281};
3282
b1f663c9
JH		 3283static ssize_t le_min_key_size_read(struct file *file,
3284 char __user *user_buf,
3285 size_t count, loff_t *ppos)
3286{
3287 struct hci_dev *hdev = file->private_data;
3288 char buf[4];
3289
3290 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3291
3292 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3293}
3294
3295static ssize_t le_min_key_size_write(struct file *file,
3296 const char __user *user_buf,
3297 size_t count, loff_t *ppos)
3298{
3299 struct hci_dev *hdev = file->private_data;
3300 char buf[32];
3301 size_t buf_size = min(count, (sizeof(buf) - 1));
3302 u8 key_size;
3303
3304 if (copy_from_user(buf, user_buf, buf_size))
3305 return -EFAULT;
3306
3307 buf[buf_size] = '\0';
3308
3309 sscanf(buf, "%hhu", &key_size);
3310
3311 if (key_size > SMP_DEV(hdev)->max_key_size ||
3312 key_size < SMP_MIN_ENC_KEY_SIZE)
3313 return -EINVAL;
3314
3315 SMP_DEV(hdev)->min_key_size = key_size;
3316
3317 return count;
3318}
3319
3320static const struct file_operations le_min_key_size_fops = {
3321 .open = simple_open,
3322 .read = le_min_key_size_read,
3323 .write = le_min_key_size_write,
3324 .llseek = default_llseek,
3325};
3326
2fd36558
JH		 3327static ssize_t le_max_key_size_read(struct file *file,
3328 char __user *user_buf,
3329 size_t count, loff_t *ppos)
3330{
3331 struct hci_dev *hdev = file->private_data;
3332 char buf[4];
3333
3334 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3335
3336 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3337}
3338
3339static ssize_t le_max_key_size_write(struct file *file,
3340 const char __user *user_buf,
3341 size_t count, loff_t *ppos)
3342{
3343 struct hci_dev *hdev = file->private_data;
3344 char buf[32];
3345 size_t buf_size = min(count, (sizeof(buf) - 1));
3346 u8 key_size;
3347
3348 if (copy_from_user(buf, user_buf, buf_size))
3349 return -EFAULT;
3350
3351 buf[buf_size] = '\0';
3352
3353 sscanf(buf, "%hhu", &key_size);
3354
b1f663c9
JH		 3355 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3356 key_size < SMP_DEV(hdev)->min_key_size)
2fd36558
JH		 3357 return -EINVAL;
3358
3359 SMP_DEV(hdev)->max_key_size = key_size;
3360
3361 return count;
3362}
3363
3364static const struct file_operations le_max_key_size_fops = {
3365 .open = simple_open,
3366 .read = le_max_key_size_read,
3367 .write = le_max_key_size_write,
3368 .llseek = default_llseek,
3369};
3370
ef8efe4b
JH		 3371int smp_register(struct hci_dev *hdev)
3372{
3373 struct l2cap_chan *chan;
3374
3375 BT_DBG("%s", hdev->name);
3376
7e7ec445
MH		 3377 /* If the controller does not support Low Energy operation, then
3378 * there is also no need to register any SMP channel.
3379 */
3380 if (!lmp_le_capable(hdev))
3381 return 0;
3382
2b8df323
MH		 3383 if (WARN_ON(hdev->smp_data)) {
3384 chan = hdev->smp_data;
3385 hdev->smp_data = NULL;
3386 smp_del_chan(chan);
3387 }
3388
ef8efe4b
JH		 3389 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3390 if (IS_ERR(chan))
3391 return PTR_ERR(chan);
3392
3393 hdev->smp_data = chan;
3394
b1f663c9
JH		 3395 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3396 &le_min_key_size_fops);
2fd36558
JH		 3397 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3398 &le_max_key_size_fops);
3399
300acfde
MH		 3400 /* If the controller does not support BR/EDR Secure Connections
3401 * feature, then the BR/EDR SMP channel shall not be present.
3402 *
3403 * To test this with Bluetooth 4.0 controllers, create a debugfs
3404 * switch that allows forcing BR/EDR SMP support and accepting
3405 * cross-transport pairing on non-AES encrypted connections.
3406 */
3407 if (!lmp_sc_capable(hdev)) {
3408 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3409 hdev, &force_bredr_smp_fops);
ef8efe4b 3410 return 0;
300acfde 3411 }
ef8efe4b 3412
2b8df323
MH		 3413 if (WARN_ON(hdev->smp_bredr_data)) {
3414 chan = hdev->smp_bredr_data;
3415 hdev->smp_bredr_data = NULL;
3416 smp_del_chan(chan);
3417 }
3418
ef8efe4b
JH		 3419 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3420 if (IS_ERR(chan)) {
3421 int err = PTR_ERR(chan);
3422 chan = hdev->smp_data;
3423 hdev->smp_data = NULL;
3424 smp_del_chan(chan);
3425 return err;
3426 }
3427
3428 hdev->smp_bredr_data = chan;
3429
3430 return 0;
3431}
3432
3433void smp_unregister(struct hci_dev *hdev)
3434{
3435 struct l2cap_chan *chan;
3436
3437 if (hdev->smp_bredr_data) {
3438 chan = hdev->smp_bredr_data;
3439 hdev->smp_bredr_data = NULL;
3440 smp_del_chan(chan);
3441 }
3442
3443 if (hdev->smp_data) {
3444 chan = hdev->smp_data;
3445 hdev->smp_data = NULL;
3446 smp_del_chan(chan);
3447 }
3448}
0a2b0f04
JH		 3449
3450#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3451
cfc4198e
JH		 3452static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3453{
3454 const u8 irk[16] = {
3455 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3456 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3457 const u8 r[3] = { 0x94, 0x81, 0x70 };
3458 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3459 u8 res[3];
3460 int err;
3461
3462 err = smp_ah(tfm_aes, irk, r, res);
3463 if (err)
3464 return err;
3465
3466 if (memcmp(res, exp, 3))
3467 return -EINVAL;
3468
3469 return 0;
3470}
3471
3472static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3473{
3474 const u8 k[16] = {
3475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3477 const u8 r[16] = {
3478 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3479 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3480 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3481 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3482 const u8 _iat = 0x01;
3483 const u8 _rat = 0x00;
3484 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3485 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3486 const u8 exp[16] = {
3487 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3488 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3489 u8 res[16];
3490 int err;
3491
3492 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3493 if (err)
3494 return err;
3495
3496 if (memcmp(res, exp, 16))
3497 return -EINVAL;
3498
3499 return 0;
3500}
3501
3502static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3503{
3504 const u8 k[16] = {
3505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3507 const u8 r1[16] = {
3508 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3509 const u8 r2[16] = {
3510 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3511 const u8 exp[16] = {
3512 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3513 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3514 u8 res[16];
3515 int err;
3516
3517 err = smp_s1(tfm_aes, k, r1, r2, res);
3518 if (err)
3519 return err;
3520
3521 if (memcmp(res, exp, 16))
3522 return -EINVAL;
3523
3524 return 0;
3525}
3526
fb2969a3
JH		 3527static int __init test_f4(struct crypto_hash *tfm_cmac)
3528{
3529 const u8 u[32] = {
3530 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3531 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3532 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3533 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3534 const u8 v[32] = {
3535 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3536 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3537 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3538 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3539 const u8 x[16] = {
3540 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3541 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3542 const u8 z = 0x00;
3543 const u8 exp[16] = {
3544 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3545 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3546 u8 res[16];
3547 int err;
3548
3549 err = smp_f4(tfm_cmac, u, v, x, z, res);
3550 if (err)
3551 return err;
3552
3553 if (memcmp(res, exp, 16))
3554 return -EINVAL;
3555
3556 return 0;
3557}
3558
3559static int __init test_f5(struct crypto_hash *tfm_cmac)
3560{
3561 const u8 w[32] = {
3562 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3563 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3564 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3565 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3566 const u8 n1[16] = {
3567 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3568 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3569 const u8 n2[16] = {
3570 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3571 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3572 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3573 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3574 const u8 exp_ltk[16] = {
3575 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3576 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3577 const u8 exp_mackey[16] = {
3578 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3579 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3580 u8 mackey[16], ltk[16];
3581 int err;
3582
3583 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3584 if (err)
3585 return err;
3586
3587 if (memcmp(mackey, exp_mackey, 16))
3588 return -EINVAL;
3589
3590 if (memcmp(ltk, exp_ltk, 16))
3591 return -EINVAL;
3592
3593 return 0;
3594}
3595
3596static int __init test_f6(struct crypto_hash *tfm_cmac)
3597{
3598 const u8 w[16] = {
3599 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3600 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3601 const u8 n1[16] = {
3602 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3603 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3604 const u8 n2[16] = {
3605 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3606 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3607 const u8 r[16] = {
3608 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3609 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3610 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3611 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3612 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3613 const u8 exp[16] = {
3614 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3615 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3616 u8 res[16];
3617 int err;
3618
3619 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3620 if (err)
3621 return err;
3622
3623 if (memcmp(res, exp, 16))
3624 return -EINVAL;
3625
3626 return 0;
3627}
3628
3629static int __init test_g2(struct crypto_hash *tfm_cmac)
3630{
3631 const u8 u[32] = {
3632 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3633 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3634 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3635 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3636 const u8 v[32] = {
3637 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3638 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3639 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3640 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3641 const u8 x[16] = {
3642 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3643 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3644 const u8 y[16] = {
3645 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3646 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3647 const u32 exp_val = 0x2f9ed5ba % 1000000;
3648 u32 val;
3649 int err;
3650
3651 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3652 if (err)
3653 return err;
3654
3655 if (val != exp_val)
3656 return -EINVAL;
3657
3658 return 0;
3659}
3660
3661static int __init test_h6(struct crypto_hash *tfm_cmac)
3662{
3663 const u8 w[16] = {
3664 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3665 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3666 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3667 const u8 exp[16] = {
3668 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3669 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3670 u8 res[16];
3671 int err;
3672
3673 err = smp_h6(tfm_cmac, w, key_id, res);
3674 if (err)
3675 return err;
3676
3677 if (memcmp(res, exp, 16))
3678 return -EINVAL;
3679
3680 return 0;
3681}
3682
64dd374e
MH		 3683static char test_smp_buffer[32];
3684
3685static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3686 size_t count, loff_t *ppos)
3687{
3688 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3689 strlen(test_smp_buffer));
3690}
3691
3692static const struct file_operations test_smp_fops = {
3693 .open = simple_open,
3694 .read = test_smp_read,
3695 .llseek = default_llseek,
3696};
3697
0a2b0f04
JH		 3698static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3699 struct crypto_hash *tfm_cmac)
3700{
255047b0
MH		 3701 ktime_t calltime, delta, rettime;
3702 unsigned long long duration;
cfc4198e
JH		 3703 int err;
3704
255047b0
MH		 3705 calltime = ktime_get();
3706
cfc4198e
JH		 3707 err = test_ah(tfm_aes);
3708 if (err) {
3709 BT_ERR("smp_ah test failed");
64dd374e 3710 goto done;
cfc4198e
JH		 3711 }
3712
3713 err = test_c1(tfm_aes);
3714 if (err) {
3715 BT_ERR("smp_c1 test failed");
64dd374e 3716 goto done;
cfc4198e
JH		 3717 }
3718
3719 err = test_s1(tfm_aes);
3720 if (err) {
3721 BT_ERR("smp_s1 test failed");
64dd374e 3722 goto done;
cfc4198e
JH		 3723 }
3724
fb2969a3
JH		 3725 err = test_f4(tfm_cmac);
3726 if (err) {
3727 BT_ERR("smp_f4 test failed");
64dd374e 3728 goto done;
fb2969a3
JH		 3729 }
3730
3731 err = test_f5(tfm_cmac);
3732 if (err) {
3733 BT_ERR("smp_f5 test failed");
64dd374e 3734 goto done;
fb2969a3
JH		 3735 }
3736
3737 err = test_f6(tfm_cmac);
3738 if (err) {
3739 BT_ERR("smp_f6 test failed");
64dd374e 3740 goto done;
fb2969a3
JH		 3741 }
3742
3743 err = test_g2(tfm_cmac);
3744 if (err) {
3745 BT_ERR("smp_g2 test failed");
64dd374e 3746 goto done;
fb2969a3
JH		 3747 }
3748
3749 err = test_h6(tfm_cmac);
3750 if (err) {
3751 BT_ERR("smp_h6 test failed");
64dd374e 3752 goto done;
fb2969a3
JH		 3753 }
3754
255047b0
MH		 3755 rettime = ktime_get();
3756 delta = ktime_sub(rettime, calltime);
3757 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3758
5ced2464 3759 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04 3760
64dd374e
MH		 3761done:
3762 if (!err)
3763 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3764 "PASS (%llu usecs)\n", duration);
3765 else
3766 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3767
3768 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3769 &test_smp_fops);
3770
3771 return err;
0a2b0f04
JH		 3772}
3773
3774int __init bt_selftest_smp(void)
3775{
3776 struct crypto_blkcipher *tfm_aes;
3777 struct crypto_hash *tfm_cmac;
3778 int err;
3779
3780 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3781 if (IS_ERR(tfm_aes)) {
3782 BT_ERR("Unable to create ECB crypto context");
3783 return PTR_ERR(tfm_aes);
3784 }
3785
3786 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3787 if (IS_ERR(tfm_cmac)) {
3788 BT_ERR("Unable to create CMAC crypto context");
3789 crypto_free_blkcipher(tfm_aes);
3790 return PTR_ERR(tfm_cmac);
3791 }
3792
3793 err = run_selftests(tfm_aes, tfm_cmac);
3794
3795 crypto_free_hash(tfm_cmac);
3796 crypto_free_blkcipher(tfm_aes);
3797
3798 return err;
3799}
3800
3801#endif
Linux kernel - Deliverables
This page took 1.066658 seconds and 5 git commands to generate.