projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix local OOB data handling for SMP
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
d7a5a11d 55#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
0edb14de
JH		 56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
02b05bd8 73 SMP_FLAG_OOB,
533e35d4 74};
4bc58f51 75
88a479d9 76struct smp_dev {
60a27d65
MH		 77 /* Secure Connections OOB data */
78 u8 local_pk[64];
79 u8 local_sk[32];
80 u8 local_rr[16];
81 bool debug_key;
82
88a479d9 83 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 84 struct crypto_hash *tfm_cmac;
88a479d9
MH		 85};
86
4bc58f51 87struct smp_chan {
b68fda68
JH		 88 struct l2cap_conn *conn;
89 struct delayed_work security_timer;
b28b4943 90 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 91
4bc58f51
JH		 92 u8 preq[7]; /* SMP Pairing Request */
93 u8 prsp[7]; /* SMP Pairing Response */
94 u8 prnd[16]; /* SMP Pairing Random (local) */
95 u8 rrnd[16]; /* SMP Pairing Random (remote) */
96 u8 pcnf[16]; /* SMP Pairing Confirm */
97 u8 tk[16]; /* SMP Temporary Key */
882fafad
JH		 98 u8 rr[16]; /* Remote OOB ra/rb value */
99 u8 lr[16]; /* Local OOB ra/rb value */
4bc58f51
JH		 100 u8 enc_key_size;
101 u8 remote_key_dist;
102 bdaddr_t id_addr;
103 u8 id_addr_type;
104 u8 irk[16];
105 struct smp_csrk *csrk;
106 struct smp_csrk *slave_csrk;
107 struct smp_ltk *ltk;
108 struct smp_ltk *slave_ltk;
109 struct smp_irk *remote_irk;
6a77083a 110 u8 *link_key;
4a74d658 111 unsigned long flags;
783e0574 112 u8 method;
38606f14 113 u8 passkey_round;
6a7bd103 114
3b19146d
JH		 115 /* Secure Connections variables */
116 u8 local_pk[64];
117 u8 local_sk[32];
d8f8edbe
JH		 118 u8 remote_pk[64];
119 u8 dhkey[32];
760b018b 120 u8 mackey[16];
3b19146d 121
6a7bd103 122 struct crypto_blkcipher *tfm_aes;
407cecf6 123 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 124};
125
aeb7d461
JH		 126/* These debug key values are defined in the SMP section of the core
127 * specification. debug_pk is the public debug key and debug_sk the
128 * private debug key.
129 */
130static const u8 debug_pk[64] = {
131 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
132 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
133 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
134 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
135
136 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
137 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
138 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
139 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
140};
141
142static const u8 debug_sk[32] = {
143 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
144 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
145 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
146 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
147};
148
8a2936f4 149static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 150{
8a2936f4 151 size_t i;
d22ef0bc 152
8a2936f4
JH		 153 for (i = 0; i < len; i++)
154 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 155}
156
06edf8de
JH		 157/* The following functions map to the LE SC SMP crypto functions
158 * AES-CMAC, f4, f5, f6, g2 and h6.
159 */
160
cbbbe3e2
JH		 161static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
162 size_t len, u8 mac[16])
163{
164 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
165 struct hash_desc desc;
166 struct scatterlist sg;
167 int err;
168
169 if (len > CMAC_MSG_MAX)
170 return -EFBIG;
171
172 if (!tfm) {
173 BT_ERR("tfm %p", tfm);
174 return -EINVAL;
175 }
176
177 desc.tfm = tfm;
178 desc.flags = 0;
179
180 crypto_hash_init(&desc);
181
182 /* Swap key and message from LSB to MSB */
183 swap_buf(k, tmp, 16);
184 swap_buf(m, msg_msb, len);
185
c7a3d57d
JH		 186 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
187 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 188
189 err = crypto_hash_setkey(tfm, tmp, 16);
190 if (err) {
191 BT_ERR("cipher setkey failed: %d", err);
192 return err;
193 }
194
195 sg_init_one(&sg, msg_msb, len);
196
197 err = crypto_hash_update(&desc, &sg, len);
198 if (err) {
199 BT_ERR("Hash update error %d", err);
200 return err;
201 }
202
203 err = crypto_hash_final(&desc, mac_msb);
204 if (err) {
205 BT_ERR("Hash final error %d", err);
206 return err;
207 }
208
209 swap_buf(mac_msb, mac, 16);
210
c7a3d57d 211 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 212
213 return 0;
214}
215
216static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
217 const u8 x[16], u8 z, u8 res[16])
218{
219 u8 m[65];
220 int err;
221
c7a3d57d
JH		 222 SMP_DBG("u %32phN", u);
223 SMP_DBG("v %32phN", v);
224 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 225
226 m[0] = z;
227 memcpy(m + 1, v, 32);
228 memcpy(m + 33, u, 32);
229
230 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
231 if (err)
232 return err;
233
c7a3d57d 234 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 235
236 return err;
237}
238
4da50de8
JH		 239static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
240 const u8 n1[16], const u8 n2[16], const u8 a1[7],
241 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 242{
243 /* The btle, salt and length "magic" values are as defined in
244 * the SMP section of the Bluetooth core specification. In ASCII
245 * the btle value ends up being 'btle'. The salt is just a
246 * random number whereas length is the value 256 in little
247 * endian format.
248 */
249 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
250 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
251 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
252 const u8 length[2] = { 0x00, 0x01 };
253 u8 m[53], t[16];
254 int err;
255
c7a3d57d
JH		 256 SMP_DBG("w %32phN", w);
257 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
258 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 259
260 err = aes_cmac(tfm_cmac, salt, w, 32, t);
261 if (err)
262 return err;
263
c7a3d57d 264 SMP_DBG("t %16phN", t);
760b018b
JH		 265
266 memcpy(m, length, 2);
267 memcpy(m + 2, a2, 7);
268 memcpy(m + 9, a1, 7);
269 memcpy(m + 16, n2, 16);
270 memcpy(m + 32, n1, 16);
271 memcpy(m + 48, btle, 4);
272
273 m[52] = 0; /* Counter */
274
275 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
276 if (err)
277 return err;
278
c7a3d57d 279 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 280
281 m[52] = 1; /* Counter */
282
283 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
284 if (err)
285 return err;
286
c7a3d57d 287 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 288
289 return 0;
290}
291
292static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 293 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 294 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
295 u8 res[16])
296{
297 u8 m[65];
298 int err;
299
c7a3d57d
JH		 300 SMP_DBG("w %16phN", w);
301 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
302 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 303
304 memcpy(m, a2, 7);
305 memcpy(m + 7, a1, 7);
306 memcpy(m + 14, io_cap, 3);
307 memcpy(m + 17, r, 16);
308 memcpy(m + 33, n2, 16);
309 memcpy(m + 49, n1, 16);
310
311 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
312 if (err)
313 return err;
314
203de21b 315 SMP_DBG("res %16phN", res);
760b018b
JH		 316
317 return err;
318}
319
191dc7fe
JH		 320static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
321 const u8 x[16], const u8 y[16], u32 *val)
322{
323 u8 m[80], tmp[16];
324 int err;
325
c7a3d57d
JH		 326 SMP_DBG("u %32phN", u);
327 SMP_DBG("v %32phN", v);
328 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 329
330 memcpy(m, y, 16);
331 memcpy(m + 16, v, 32);
332 memcpy(m + 48, u, 32);
333
334 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
335 if (err)
336 return err;
337
338 *val = get_unaligned_le32(tmp);
339 *val %= 1000000;
340
c7a3d57d 341 SMP_DBG("val %06u", *val);
191dc7fe
JH		 342
343 return 0;
344}
345
06edf8de
JH		 346static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
347 const u8 key_id[4], u8 res[16])
348{
349 int err;
350
351 SMP_DBG("w %16phN key_id %4phN", w, key_id);
352
353 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
354 if (err)
355 return err;
356
357 SMP_DBG("res %16phN", res);
358
359 return err;
360}
361
362/* The following functions map to the legacy SMP crypto functions e, c1,
363 * s1 and ah.
364 */
365
d22ef0bc
AB		 366static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
367{
368 struct blkcipher_desc desc;
369 struct scatterlist sg;
943a732a 370 uint8_t tmp[16], data[16];
201a5929 371 int err;
d22ef0bc 372
7f376cd6 373 if (!tfm) {
d22ef0bc
AB		 374 BT_ERR("tfm %p", tfm);
375 return -EINVAL;
376 }
377
378 desc.tfm = tfm;
379 desc.flags = 0;
380
943a732a 381 /* The most significant octet of key corresponds to k[0] */
8a2936f4 382 swap_buf(k, tmp, 16);
943a732a
JH		 383
384 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 385 if (err) {
386 BT_ERR("cipher setkey failed: %d", err);
387 return err;
388 }
389
943a732a 390 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 391 swap_buf(r, data, 16);
943a732a
JH		 392
393 sg_init_one(&sg, data, 16);
d22ef0bc 394
d22ef0bc
AB		 395 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
396 if (err)
397 BT_ERR("Encrypt data error %d", err);
398
943a732a 399 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 400 swap_buf(data, r, 16);
943a732a 401
d22ef0bc
AB		 402 return err;
403}
404
06edf8de
JH		 405static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
406 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
407 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 408{
06edf8de 409 u8 p1[16], p2[16];
6a77083a
JH		 410 int err;
411
06edf8de 412 memset(p1, 0, 16);
6a77083a 413
06edf8de
JH		 414 /* p1 = pres || preq || _rat || _iat */
415 p1[0] = _iat;
416 p1[1] = _rat;
417 memcpy(p1 + 2, preq, 7);
418 memcpy(p1 + 9, pres, 7);
419
420 /* p2 = padding || ia || ra */
421 memcpy(p2, ra, 6);
422 memcpy(p2 + 6, ia, 6);
423 memset(p2 + 12, 0, 4);
424
425 /* res = r XOR p1 */
426 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
427
428 /* res = e(k, res) */
429 err = smp_e(tfm_aes, k, res);
430 if (err) {
431 BT_ERR("Encrypt data error");
6a77083a 432 return err;
06edf8de 433 }
6a77083a 434
06edf8de
JH		 435 /* res = res XOR p2 */
436 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
437
438 /* res = e(k, res) */
439 err = smp_e(tfm_aes, k, res);
440 if (err)
441 BT_ERR("Encrypt data error");
442
443 return err;
444}
445
446static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
447 const u8 r1[16], const u8 r2[16], u8 _r[16])
448{
449 int err;
450
451 /* Just least significant octets from r1 and r2 are considered */
452 memcpy(_r, r2, 8);
453 memcpy(_r + 8, r1, 8);
454
455 err = smp_e(tfm_aes, k, _r);
456 if (err)
457 BT_ERR("Encrypt data error");
6a77083a
JH		 458
459 return err;
460}
461
cd082797
JH		 462static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
463 const u8 r[3], u8 res[3])
60478054 464{
943a732a 465 u8 _res[16];
60478054
JH		 466 int err;
467
468 /* r' = padding || r */
943a732a
JH		 469 memcpy(_res, r, 3);
470 memset(_res + 3, 0, 13);
60478054 471
943a732a 472 err = smp_e(tfm, irk, _res);
60478054
JH		 473 if (err) {
474 BT_ERR("Encrypt error");
475 return err;
476 }
477
478 /* The output of the random address function ah is:
479 * ah(h, r) = e(k, r') mod 2^24
480 * The output of the security function e is then truncated to 24 bits
481 * by taking the least significant 24 bits of the output of e as the
482 * result of ah.
483 */
943a732a 484 memcpy(res, _res, 3);
60478054
JH		 485
486 return 0;
487}
488
cd082797
JH		 489bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
490 const bdaddr_t *bdaddr)
60478054 491{
defce9e8 492 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 493 struct smp_dev *smp;
60478054
JH		 494 u8 hash[3];
495 int err;
496
defce9e8
JH		 497 if (!chan || !chan->data)
498 return false;
499
88a479d9 500 smp = chan->data;
defce9e8 501
60478054
JH		 502 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
503
88a479d9 504 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 505 if (err)
506 return false;
507
508 return !memcmp(bdaddr->b, hash, 3);
509}
510
cd082797 511int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 512{
defce9e8 513 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 514 struct smp_dev *smp;
b1e2b3ae
JH		 515 int err;
516
defce9e8
JH		 517 if (!chan || !chan->data)
518 return -EOPNOTSUPP;
519
88a479d9 520 smp = chan->data;
defce9e8 521
b1e2b3ae
JH		 522 get_random_bytes(&rpa->b[3], 3);
523
524 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
525 rpa->b[5] |= 0x40; /* Set second most significant bit */
526
88a479d9 527 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 528 if (err < 0)
529 return err;
530
531 BT_DBG("RPA %pMR", rpa);
532
533 return 0;
534}
535
60a27d65
MH		 536int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
537{
538 struct l2cap_chan *chan = hdev->smp_data;
539 struct smp_dev *smp;
540 int err;
541
542 if (!chan || !chan->data)
543 return -EOPNOTSUPP;
544
545 smp = chan->data;
546
547 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
548 BT_DBG("Using debug keys");
549 memcpy(smp->local_pk, debug_pk, 64);
550 memcpy(smp->local_sk, debug_sk, 32);
551 smp->debug_key = true;
552 } else {
553 while (true) {
554 /* Generate local key pair for Secure Connections */
555 if (!ecc_make_key(smp->local_pk, smp->local_sk))
556 return -EIO;
557
558 /* This is unlikely, but we need to check that
559 * we didn't accidentially generate a debug key.
560 */
561 if (memcmp(smp->local_sk, debug_sk, 32))
562 break;
563 }
564 smp->debug_key = false;
565 }
566
567 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
568 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
569 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
570
571 get_random_bytes(smp->local_rr, 16);
572
573 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
574 smp->local_rr, 0, hash);
575 if (err < 0)
576 return err;
577
578 memcpy(rand, smp->local_rr, 16);
579
580 return 0;
581}
582
5d88cc73 583static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 584{
5d88cc73 585 struct l2cap_chan *chan = conn->smp;
b68fda68 586 struct smp_chan *smp;
5d88cc73
JH		 587 struct kvec iv[2];
588 struct msghdr msg;
eb492e01 589
5d88cc73
JH		 590 if (!chan)
591 return;
eb492e01 592
5d88cc73 593 BT_DBG("code 0x%2.2x", code);
eb492e01 594
5d88cc73
JH		 595 iv[0].iov_base = &code;
596 iv[0].iov_len = 1;
eb492e01 597
5d88cc73
JH		 598 iv[1].iov_base = data;
599 iv[1].iov_len = len;
eb492e01 600
5d88cc73 601 memset(&msg, 0, sizeof(msg));
eb492e01 602
17836394 603 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 604
5d88cc73 605 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 606
b68fda68
JH		 607 if (!chan->data)
608 return;
609
610 smp = chan->data;
611
612 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 613 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 614}
615
d2eb9e10 616static u8 authreq_to_seclevel(u8 authreq)
2b64d153 617{
d2eb9e10
JH		 618 if (authreq & SMP_AUTH_MITM) {
619 if (authreq & SMP_AUTH_SC)
620 return BT_SECURITY_FIPS;
621 else
622 return BT_SECURITY_HIGH;
623 } else {
2b64d153 624 return BT_SECURITY_MEDIUM;
d2eb9e10 625 }
2b64d153
BG		 626}
627
628static __u8 seclevel_to_authreq(__u8 sec_level)
629{
630 switch (sec_level) {
d2eb9e10 631 case BT_SECURITY_FIPS:
2b64d153
BG		 632 case BT_SECURITY_HIGH:
633 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
634 case BT_SECURITY_MEDIUM:
635 return SMP_AUTH_BONDING;
636 default:
637 return SMP_AUTH_NONE;
638 }
639}
640
b8e66eac 641static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 642 struct smp_cmd_pairing *req,
643 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 644{
5d88cc73
JH		 645 struct l2cap_chan *chan = conn->smp;
646 struct smp_chan *smp = chan->data;
fd349c02
JH		 647 struct hci_conn *hcon = conn->hcon;
648 struct hci_dev *hdev = hcon->hdev;
02b05bd8 649 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 650
d7a5a11d 651 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 652 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
653 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 654 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 655 } else {
656 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 657 }
658
d7a5a11d 659 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 660 remote_dist |= SMP_DIST_ID_KEY;
661
d7a5a11d 662 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 663 local_dist |= SMP_DIST_ID_KEY;
664
d7a5a11d 665 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 666 (authreq & SMP_AUTH_SC)) {
667 struct oob_data *oob_data;
668 u8 bdaddr_type;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 671 local_dist |= SMP_DIST_LINK_KEY;
672 remote_dist |= SMP_DIST_LINK_KEY;
673 }
02b05bd8
JH		 674
675 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
676 bdaddr_type = BDADDR_LE_PUBLIC;
677 else
678 bdaddr_type = BDADDR_LE_RANDOM;
679
680 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
681 bdaddr_type);
4775a4ea 682 if (oob_data && oob_data->present) {
02b05bd8
JH		 683 set_bit(SMP_FLAG_OOB, &smp->flags);
684 oob_flag = SMP_OOB_PRESENT;
a29b0733 685 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 686 memcpy(smp->pcnf, oob_data->hash256, 16);
687 }
688
df8e1a4c
JH		 689 } else {
690 authreq &= ~SMP_AUTH_SC;
691 }
692
54790f73
VCG		 693 if (rsp == NULL) {
694 req->io_capability = conn->hcon->io_capability;
02b05bd8 695 req->oob_flag = oob_flag;
54790f73 696 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 697 req->init_key_dist = local_dist;
698 req->resp_key_dist = remote_dist;
0edb14de 699 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 700
701 smp->remote_key_dist = remote_dist;
54790f73
VCG		 702 return;
703 }
704
705 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 706 rsp->oob_flag = oob_flag;
54790f73 707 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 708 rsp->init_key_dist = req->init_key_dist & remote_dist;
709 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 710 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 711
712 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 713}
714
3158c50c
VCG		 715static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
716{
5d88cc73
JH		 717 struct l2cap_chan *chan = conn->smp;
718 struct smp_chan *smp = chan->data;
1c1def09 719
3158c50c 720 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 721 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 722 return SMP_ENC_KEY_SIZE;
723
f7aa611a 724 smp->enc_key_size = max_key_size;
3158c50c
VCG		 725
726 return 0;
727}
728
6f48e260
JH		 729static void smp_chan_destroy(struct l2cap_conn *conn)
730{
731 struct l2cap_chan *chan = conn->smp;
732 struct smp_chan *smp = chan->data;
923e2414 733 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 734 bool complete;
735
736 BUG_ON(!smp);
737
738 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 739
6f48e260 740 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 741 mgmt_smp_complete(hcon, complete);
6f48e260 742
276812ec
MH		 743 kzfree(smp->csrk);
744 kzfree(smp->slave_csrk);
745 kzfree(smp->link_key);
6f48e260
JH		 746
747 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 748 crypto_free_hash(smp->tfm_cmac);
6f48e260 749
923e2414
JH		 750 /* Ensure that we don't leave any debug key around if debug key
751 * support hasn't been explicitly enabled.
752 */
753 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 754 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 755 list_del_rcu(&smp->ltk->list);
756 kfree_rcu(smp->ltk, rcu);
757 smp->ltk = NULL;
758 }
759
6f48e260
JH		 760 /* If pairing failed clean up any keys we might have */
761 if (!complete) {
762 if (smp->ltk) {
970d0f1b
JH		 763 list_del_rcu(&smp->ltk->list);
764 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 765 }
766
767 if (smp->slave_ltk) {
970d0f1b
JH		 768 list_del_rcu(&smp->slave_ltk->list);
769 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 770 }
771
772 if (smp->remote_irk) {
adae20cb
JH		 773 list_del_rcu(&smp->remote_irk->list);
774 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 775 }
776 }
777
778 chan->data = NULL;
276812ec 779 kzfree(smp);
923e2414 780 hci_conn_drop(hcon);
6f48e260
JH		 781}
782
84794e11 783static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 784{
bab73cb6 785 struct hci_conn *hcon = conn->hcon;
b68fda68 786 struct l2cap_chan *chan = conn->smp;
bab73cb6 787
84794e11 788 if (reason)
4f957a76 789 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 790 &reason);
4f957a76 791
ce39fb4e 792 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 793 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 794
fc75cc86 795 if (chan->data)
f1c09c07 796 smp_chan_destroy(conn);
4f957a76
BG		 797}
798
2b64d153
BG		 799#define JUST_WORKS 0x00
800#define JUST_CFM 0x01
801#define REQ_PASSKEY 0x02
802#define CFM_PASSKEY 0x03
803#define REQ_OOB 0x04
5e3d3d9b 804#define DSP_PASSKEY 0x05
2b64d153
BG		 805#define OVERLAP 0xFF
806
807static const u8 gen_method[5][5] = {
808 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
809 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
810 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
811 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
812 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
813};
814
5e3d3d9b
JH		 815static const u8 sc_method[5][5] = {
816 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
817 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
818 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
819 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
820 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
821};
822
581370cc
JH		 823static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
824{
2bcd4003
JH		 825 /* If either side has unknown io_caps, use JUST_CFM (which gets
826 * converted later to JUST_WORKS if we're initiators.
827 */
581370cc
JH		 828 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
829 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 830 return JUST_CFM;
581370cc 831
5e3d3d9b
JH		 832 if (test_bit(SMP_FLAG_SC, &smp->flags))
833 return sc_method[remote_io][local_io];
834
581370cc
JH		 835 return gen_method[remote_io][local_io];
836}
837
2b64d153
BG		 838static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
839 u8 local_io, u8 remote_io)
840{
841 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 842 struct l2cap_chan *chan = conn->smp;
843 struct smp_chan *smp = chan->data;
2b64d153
BG		 844 u32 passkey = 0;
845 int ret = 0;
846
847 /* Initialize key for JUST WORKS */
848 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 849 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 850
851 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
852
2bcd4003
JH		 853 /* If neither side wants MITM, either "just" confirm an incoming
854 * request or use just-works for outgoing ones. The JUST_CFM
855 * will be converted to JUST_WORKS if necessary later in this
856 * function. If either side has MITM look up the method from the
857 * table.
858 */
581370cc 859 if (!(auth & SMP_AUTH_MITM))
783e0574 860 smp->method = JUST_CFM;
2b64d153 861 else
783e0574 862 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 863
a82505c7 864 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 865 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
866 &smp->flags))
867 smp->method = JUST_WORKS;
a82505c7 868
02f3e254 869 /* Don't bother user space with no IO capabilities */
783e0574
JH		 870 if (smp->method == JUST_CFM &&
871 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
872 smp->method = JUST_WORKS;
02f3e254 873
2b64d153 874 /* If Just Works, Continue with Zero TK */
783e0574 875 if (smp->method == JUST_WORKS) {
4a74d658 876 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 877 return 0;
878 }
879
880 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 881 if (smp->method != JUST_CFM) {
4a74d658 882 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 883 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
884 hcon->pending_sec_level = BT_SECURITY_HIGH;
885 }
2b64d153
BG		 886
887 /* If both devices have Keyoard-Display I/O, the master
888 * Confirms and the slave Enters the passkey.
889 */
783e0574 890 if (smp->method == OVERLAP) {
40bef302 891 if (hcon->role == HCI_ROLE_MASTER)
783e0574 892 smp->method = CFM_PASSKEY;
2b64d153 893 else
783e0574 894 smp->method = REQ_PASSKEY;
2b64d153
BG		 895 }
896
01ad34d2 897 /* Generate random passkey. */
783e0574 898 if (smp->method == CFM_PASSKEY) {
943a732a 899 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 900 get_random_bytes(&passkey, sizeof(passkey));
901 passkey %= 1000000;
943a732a 902 put_unaligned_le32(passkey, smp->tk);
2b64d153 903 BT_DBG("PassKey: %d", passkey);
4a74d658 904 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 905 }
906
783e0574 907 if (smp->method == REQ_PASSKEY)
ce39fb4e 908 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 909 hcon->type, hcon->dst_type);
783e0574 910 else if (smp->method == JUST_CFM)
4eb65e66
JH		 911 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
912 hcon->type, hcon->dst_type,
913 passkey, 1);
2b64d153 914 else
01ad34d2 915 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 916 hcon->type, hcon->dst_type,
39adbffe 917 passkey, 0);
2b64d153 918
2b64d153
BG		 919 return ret;
920}
921
1cc61144 922static u8 smp_confirm(struct smp_chan *smp)
8aab4757 923{
8aab4757 924 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 925 struct smp_cmd_pairing_confirm cp;
926 int ret;
8aab4757
VCG		 927
928 BT_DBG("conn %p", conn);
929
e491eaf3 930 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 931 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 932 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
933 cp.confirm_val);
1cc61144
JH		 934 if (ret)
935 return SMP_UNSPECIFIED;
8aab4757 936
4a74d658 937 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 938
8aab4757
VCG		 939 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
940
b28b4943
JH		 941 if (conn->hcon->out)
942 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
943 else
944 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
945
1cc61144 946 return 0;
8aab4757
VCG		 947}
948
861580a9 949static u8 smp_random(struct smp_chan *smp)
8aab4757 950{
8aab4757
VCG		 951 struct l2cap_conn *conn = smp->conn;
952 struct hci_conn *hcon = conn->hcon;
861580a9 953 u8 confirm[16];
8aab4757
VCG		 954 int ret;
955
ec70f36f 956 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 957 return SMP_UNSPECIFIED;
8aab4757
VCG		 958
959 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
960
e491eaf3 961 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 962 hcon->init_addr_type, &hcon->init_addr,
943a732a 963 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 964 if (ret)
965 return SMP_UNSPECIFIED;
8aab4757 966
8aab4757
VCG		 967 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
968 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 969 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 970 }
971
972 if (hcon->out) {
fe39c7b2
MH		 973 u8 stk[16];
974 __le64 rand = 0;
975 __le16 ediv = 0;
8aab4757 976
e491eaf3 977 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 978
f7aa611a 979 memset(stk + smp->enc_key_size, 0,
04124681 980 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 981
861580a9
JH		 982 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
983 return SMP_UNSPECIFIED;
8aab4757
VCG		 984
985 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 986 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 987 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 988 } else {
fff3490f 989 u8 stk[16], auth;
fe39c7b2
MH		 990 __le64 rand = 0;
991 __le16 ediv = 0;
8aab4757 992
943a732a
JH		 993 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
994 smp->prnd);
8aab4757 995
e491eaf3 996 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 997
f7aa611a 998 memset(stk + smp->enc_key_size, 0,
f1560463 999 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 1000
fff3490f
JH		 1001 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1002 auth = 1;
1003 else
1004 auth = 0;
1005
7d5843b7
JH		 1006 /* Even though there's no _SLAVE suffix this is the
1007 * slave STK we're adding for later lookup (the master
1008 * STK never needs to be stored).
1009 */
ce39fb4e 1010 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1011 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1012 }
1013
861580a9 1014 return 0;
8aab4757
VCG		 1015}
1016
44f1a7ab
JH		 1017static void smp_notify_keys(struct l2cap_conn *conn)
1018{
1019 struct l2cap_chan *chan = conn->smp;
1020 struct smp_chan *smp = chan->data;
1021 struct hci_conn *hcon = conn->hcon;
1022 struct hci_dev *hdev = hcon->hdev;
1023 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1024 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1025 bool persistent;
1026
1027 if (smp->remote_irk) {
1028 mgmt_new_irk(hdev, smp->remote_irk);
1029 /* Now that user space can be considered to know the
1030 * identity address track the connection based on it
b5ae344d 1031 * from now on (assuming this is an LE link).
44f1a7ab 1032 */
b5ae344d
JH		 1033 if (hcon->type == LE_LINK) {
1034 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1035 hcon->dst_type = smp->remote_irk->addr_type;
1036 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1037 }
44f1a7ab
JH		 1038
1039 /* When receiving an indentity resolving key for
1040 * a remote device that does not use a resolvable
1041 * private address, just remove the key so that
1042 * it is possible to use the controller white
1043 * list for scanning.
1044 *
1045 * Userspace will have been told to not store
1046 * this key at this point. So it is safe to
1047 * just remove it.
1048 */
1049 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 1050 list_del_rcu(&smp->remote_irk->list);
1051 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 1052 smp->remote_irk = NULL;
1053 }
1054 }
1055
b5ae344d
JH		 1056 if (hcon->type == ACL_LINK) {
1057 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1058 persistent = false;
1059 else
1060 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1061 &hcon->flags);
1062 } else {
1063 /* The LTKs and CSRKs should be persistent only if both sides
1064 * had the bonding bit set in their authentication requests.
1065 */
1066 persistent = !!((req->auth_req & rsp->auth_req) &
1067 SMP_AUTH_BONDING);
1068 }
1069
44f1a7ab
JH		 1070
1071 if (smp->csrk) {
1072 smp->csrk->bdaddr_type = hcon->dst_type;
1073 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1074 mgmt_new_csrk(hdev, smp->csrk, persistent);
1075 }
1076
1077 if (smp->slave_csrk) {
1078 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1079 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1080 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1081 }
1082
1083 if (smp->ltk) {
1084 smp->ltk->bdaddr_type = hcon->dst_type;
1085 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1086 mgmt_new_ltk(hdev, smp->ltk, persistent);
1087 }
1088
1089 if (smp->slave_ltk) {
1090 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1091 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1092 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1093 }
6a77083a
JH		 1094
1095 if (smp->link_key) {
e3befab9
JH		 1096 struct link_key *key;
1097 u8 type;
1098
1099 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1100 type = HCI_LK_DEBUG_COMBINATION;
1101 else if (hcon->sec_level == BT_SECURITY_FIPS)
1102 type = HCI_LK_AUTH_COMBINATION_P256;
1103 else
1104 type = HCI_LK_UNAUTH_COMBINATION_P256;
1105
1106 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1107 smp->link_key, type, 0, &persistent);
1108 if (key) {
1109 mgmt_new_link_key(hdev, key, persistent);
1110
1111 /* Don't keep debug keys around if the relevant
1112 * flag is not set.
1113 */
d7a5a11d 1114 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1115 key->type == HCI_LK_DEBUG_COMBINATION) {
1116 list_del_rcu(&key->list);
1117 kfree_rcu(key, rcu);
1118 }
1119 }
6a77083a
JH		 1120 }
1121}
1122
d3e54a87
JH		 1123static void sc_add_ltk(struct smp_chan *smp)
1124{
1125 struct hci_conn *hcon = smp->conn->hcon;
1126 u8 key_type, auth;
1127
1128 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1129 key_type = SMP_LTK_P256_DEBUG;
1130 else
1131 key_type = SMP_LTK_P256;
1132
1133 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1134 auth = 1;
1135 else
1136 auth = 0;
1137
1138 memset(smp->tk + smp->enc_key_size, 0,
1139 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1140
1141 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1142 key_type, auth, smp->tk, smp->enc_key_size,
1143 0, 0);
1144}
1145
6a77083a
JH		 1146static void sc_generate_link_key(struct smp_chan *smp)
1147{
1148 /* These constants are as specified in the core specification.
1149 * In ASCII they spell out to 'tmp1' and 'lebr'.
1150 */
1151 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1152 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1153
1154 smp->link_key = kzalloc(16, GFP_KERNEL);
1155 if (!smp->link_key)
1156 return;
1157
1158 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
276812ec 1159 kzfree(smp->link_key);
6a77083a
JH		 1160 smp->link_key = NULL;
1161 return;
1162 }
1163
1164 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1165 kzfree(smp->link_key);
6a77083a
JH		 1166 smp->link_key = NULL;
1167 return;
1168 }
44f1a7ab
JH		 1169}
1170
b28b4943
JH		 1171static void smp_allow_key_dist(struct smp_chan *smp)
1172{
1173 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1174 * will be allowed in each PDU handler to ensure we receive
1175 * them in the correct order.
1176 */
1177 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1178 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1179 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1180 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1181 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1182 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1183}
1184
b5ae344d
JH		 1185static void sc_generate_ltk(struct smp_chan *smp)
1186{
1187 /* These constants are as specified in the core specification.
1188 * In ASCII they spell out to 'tmp2' and 'brle'.
1189 */
1190 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1191 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1192 struct hci_conn *hcon = smp->conn->hcon;
1193 struct hci_dev *hdev = hcon->hdev;
1194 struct link_key *key;
1195
1196 key = hci_find_link_key(hdev, &hcon->dst);
1197 if (!key) {
1198 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1199 return;
1200 }
1201
1202 if (key->type == HCI_LK_DEBUG_COMBINATION)
1203 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1204
1205 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1206 return;
1207
1208 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1209 return;
1210
1211 sc_add_ltk(smp);
1212}
1213
d6268e86 1214static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1215{
1216 struct smp_cmd_pairing *req, *rsp;
86d1407c 1217 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1218 struct hci_conn *hcon = conn->hcon;
1219 struct hci_dev *hdev = hcon->hdev;
1220 __u8 *keydist;
1221
1222 BT_DBG("conn %p", conn);
1223
44f1a7ab
JH		 1224 rsp = (void *) &smp->prsp[1];
1225
1226 /* The responder sends its keys first */
b28b4943
JH		 1227 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1228 smp_allow_key_dist(smp);
86d1407c 1229 return;
b28b4943 1230 }
44f1a7ab
JH		 1231
1232 req = (void *) &smp->preq[1];
1233
1234 if (hcon->out) {
1235 keydist = &rsp->init_key_dist;
1236 *keydist &= req->init_key_dist;
1237 } else {
1238 keydist = &rsp->resp_key_dist;
1239 *keydist &= req->resp_key_dist;
1240 }
1241
6a77083a 1242 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1243 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1244 sc_generate_link_key(smp);
b5ae344d
JH		 1245 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1246 sc_generate_ltk(smp);
6a77083a
JH		 1247
1248 /* Clear the keys which are generated but not distributed */
1249 *keydist &= ~SMP_SC_NO_DIST;
1250 }
1251
44f1a7ab
JH		 1252 BT_DBG("keydist 0x%x", *keydist);
1253
1254 if (*keydist & SMP_DIST_ENC_KEY) {
1255 struct smp_cmd_encrypt_info enc;
1256 struct smp_cmd_master_ident ident;
1257 struct smp_ltk *ltk;
1258 u8 authenticated;
1259 __le16 ediv;
1260 __le64 rand;
1261
1262 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1263 get_random_bytes(&ediv, sizeof(ediv));
1264 get_random_bytes(&rand, sizeof(rand));
1265
1266 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1267
1268 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1269 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1270 SMP_LTK_SLAVE, authenticated, enc.ltk,
1271 smp->enc_key_size, ediv, rand);
1272 smp->slave_ltk = ltk;
1273
1274 ident.ediv = ediv;
1275 ident.rand = rand;
1276
1277 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1278
1279 *keydist &= ~SMP_DIST_ENC_KEY;
1280 }
1281
1282 if (*keydist & SMP_DIST_ID_KEY) {
1283 struct smp_cmd_ident_addr_info addrinfo;
1284 struct smp_cmd_ident_info idinfo;
1285
1286 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1287
1288 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1289
1290 /* The hci_conn contains the local identity address
1291 * after the connection has been established.
1292 *
1293 * This is true even when the connection has been
1294 * established using a resolvable random address.
1295 */
1296 bacpy(&addrinfo.bdaddr, &hcon->src);
1297 addrinfo.addr_type = hcon->src_type;
1298
1299 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1300 &addrinfo);
1301
1302 *keydist &= ~SMP_DIST_ID_KEY;
1303 }
1304
1305 if (*keydist & SMP_DIST_SIGN) {
1306 struct smp_cmd_sign_info sign;
1307 struct smp_csrk *csrk;
1308
1309 /* Generate a new random key */
1310 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1311
1312 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1313 if (csrk) {
4cd3928a
JH		 1314 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1315 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1316 else
1317 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1318 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1319 }
1320 smp->slave_csrk = csrk;
1321
1322 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1323
1324 *keydist &= ~SMP_DIST_SIGN;
1325 }
1326
1327 /* If there are still keys to be received wait for them */
b28b4943
JH		 1328 if (smp->remote_key_dist & KEY_DIST_MASK) {
1329 smp_allow_key_dist(smp);
86d1407c 1330 return;
b28b4943 1331 }
44f1a7ab 1332
44f1a7ab
JH		 1333 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1334 smp_notify_keys(conn);
1335
1336 smp_chan_destroy(conn);
44f1a7ab
JH		 1337}
1338
b68fda68
JH		 1339static void smp_timeout(struct work_struct *work)
1340{
1341 struct smp_chan *smp = container_of(work, struct smp_chan,
1342 security_timer.work);
1343 struct l2cap_conn *conn = smp->conn;
1344
1345 BT_DBG("conn %p", conn);
1346
1e91c29e 1347 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1348}
1349
8aab4757
VCG		 1350static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1351{
5d88cc73 1352 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1353 struct smp_chan *smp;
1354
f1560463 1355 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1356 if (!smp)
8aab4757
VCG		 1357 return NULL;
1358
6a7bd103
JH		 1359 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1360 if (IS_ERR(smp->tfm_aes)) {
1361 BT_ERR("Unable to create ECB crypto context");
276812ec 1362 kzfree(smp);
6a7bd103
JH		 1363 return NULL;
1364 }
1365
407cecf6
JH		 1366 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1367 if (IS_ERR(smp->tfm_cmac)) {
1368 BT_ERR("Unable to create CMAC crypto context");
1369 crypto_free_blkcipher(smp->tfm_aes);
276812ec 1370 kzfree(smp);
407cecf6
JH		 1371 return NULL;
1372 }
1373
8aab4757 1374 smp->conn = conn;
5d88cc73 1375 chan->data = smp;
8aab4757 1376
b28b4943
JH		 1377 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1378
b68fda68
JH		 1379 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1380
8aab4757
VCG		 1381 hci_conn_hold(conn->hcon);
1382
1383 return smp;
1384}
1385
760b018b
JH		 1386static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1387{
1388 struct hci_conn *hcon = smp->conn->hcon;
1389 u8 *na, *nb, a[7], b[7];
1390
1391 if (hcon->out) {
1392 na = smp->prnd;
1393 nb = smp->rrnd;
1394 } else {
1395 na = smp->rrnd;
1396 nb = smp->prnd;
1397 }
1398
1399 memcpy(a, &hcon->init_addr, 6);
1400 memcpy(b, &hcon->resp_addr, 6);
1401 a[6] = hcon->init_addr_type;
1402 b[6] = hcon->resp_addr_type;
1403
1404 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1405}
1406
38606f14 1407static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1408{
1409 struct hci_conn *hcon = smp->conn->hcon;
1410 struct smp_cmd_dhkey_check check;
1411 u8 a[7], b[7], *local_addr, *remote_addr;
1412 u8 io_cap[3], r[16];
1413
760b018b
JH		 1414 memcpy(a, &hcon->init_addr, 6);
1415 memcpy(b, &hcon->resp_addr, 6);
1416 a[6] = hcon->init_addr_type;
1417 b[6] = hcon->resp_addr_type;
1418
1419 if (hcon->out) {
1420 local_addr = a;
1421 remote_addr = b;
1422 memcpy(io_cap, &smp->preq[1], 3);
1423 } else {
1424 local_addr = b;
1425 remote_addr = a;
1426 memcpy(io_cap, &smp->prsp[1], 3);
1427 }
1428
dddd3059
JH		 1429 memset(r, 0, sizeof(r));
1430
1431 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1432 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1433
a29b0733
JH		 1434 if (smp->method == REQ_OOB)
1435 memcpy(r, smp->rr, 16);
1436
760b018b
JH		 1437 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1438 local_addr, remote_addr, check.e);
1439
1440 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1441}
1442
38606f14
JH		 1443static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1444{
1445 struct l2cap_conn *conn = smp->conn;
1446 struct hci_conn *hcon = conn->hcon;
1447 struct smp_cmd_pairing_confirm cfm;
1448 u8 r;
1449
1450 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1451 r |= 0x80;
1452
1453 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1454
1455 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1456 cfm.confirm_val))
1457 return SMP_UNSPECIFIED;
1458
1459 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1460
1461 return 0;
1462}
1463
1464static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1465{
1466 struct l2cap_conn *conn = smp->conn;
1467 struct hci_conn *hcon = conn->hcon;
1468 struct hci_dev *hdev = hcon->hdev;
1469 u8 cfm[16], r;
1470
1471 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1472 if (smp->passkey_round >= 20)
1473 return 0;
1474
1475 switch (smp_op) {
1476 case SMP_CMD_PAIRING_RANDOM:
1477 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1478 r |= 0x80;
1479
1480 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1481 smp->rrnd, r, cfm))
1482 return SMP_UNSPECIFIED;
1483
1484 if (memcmp(smp->pcnf, cfm, 16))
1485 return SMP_CONFIRM_FAILED;
1486
1487 smp->passkey_round++;
1488
1489 if (smp->passkey_round == 20) {
1490 /* Generate MacKey and LTK */
1491 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1492 return SMP_UNSPECIFIED;
1493 }
1494
1495 /* The round is only complete when the initiator
1496 * receives pairing random.
1497 */
1498 if (!hcon->out) {
1499 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1500 sizeof(smp->prnd), smp->prnd);
d3e54a87 1501 if (smp->passkey_round == 20)
38606f14 1502 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1503 else
38606f14 1504 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1505 return 0;
1506 }
1507
1508 /* Start the next round */
1509 if (smp->passkey_round != 20)
1510 return sc_passkey_round(smp, 0);
1511
1512 /* Passkey rounds are complete - start DHKey Check */
1513 sc_dhkey_check(smp);
1514 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1515
1516 break;
1517
1518 case SMP_CMD_PAIRING_CONFIRM:
1519 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1520 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1521 return 0;
1522 }
1523
1524 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1525
1526 if (hcon->out) {
1527 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1528 sizeof(smp->prnd), smp->prnd);
1529 return 0;
1530 }
1531
1532 return sc_passkey_send_confirm(smp);
1533
1534 case SMP_CMD_PUBLIC_KEY:
1535 default:
1536 /* Initiating device starts the round */
1537 if (!hcon->out)
1538 return 0;
1539
1540 BT_DBG("%s Starting passkey round %u", hdev->name,
1541 smp->passkey_round + 1);
1542
1543 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1544
1545 return sc_passkey_send_confirm(smp);
1546 }
1547
1548 return 0;
1549}
1550
dddd3059
JH		 1551static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1552{
38606f14
JH		 1553 struct l2cap_conn *conn = smp->conn;
1554 struct hci_conn *hcon = conn->hcon;
1555 u8 smp_op;
1556
1557 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1558
dddd3059
JH		 1559 switch (mgmt_op) {
1560 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1561 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1562 return 0;
1563 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1564 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1565 return 0;
38606f14
JH		 1566 case MGMT_OP_USER_PASSKEY_REPLY:
1567 hcon->passkey_notify = le32_to_cpu(passkey);
1568 smp->passkey_round = 0;
1569
1570 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1571 smp_op = SMP_CMD_PAIRING_CONFIRM;
1572 else
1573 smp_op = 0;
1574
1575 if (sc_passkey_round(smp, smp_op))
1576 return -EIO;
1577
1578 return 0;
dddd3059
JH		 1579 }
1580
d3e54a87
JH		 1581 /* Initiator sends DHKey check first */
1582 if (hcon->out) {
1583 sc_dhkey_check(smp);
1584 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1585 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1586 sc_dhkey_check(smp);
1587 sc_add_ltk(smp);
1588 }
760b018b
JH		 1589
1590 return 0;
1591}
1592
2b64d153
BG		 1593int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1594{
b10e8017 1595 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1596 struct l2cap_chan *chan;
2b64d153
BG		 1597 struct smp_chan *smp;
1598 u32 value;
fc75cc86 1599 int err;
2b64d153
BG		 1600
1601 BT_DBG("");
1602
fc75cc86 1603 if (!conn)
2b64d153
BG		 1604 return -ENOTCONN;
1605
5d88cc73
JH		 1606 chan = conn->smp;
1607 if (!chan)
1608 return -ENOTCONN;
1609
fc75cc86
JH		 1610 l2cap_chan_lock(chan);
1611 if (!chan->data) {
1612 err = -ENOTCONN;
1613 goto unlock;
1614 }
1615
5d88cc73 1616 smp = chan->data;
2b64d153 1617
760b018b
JH		 1618 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1619 err = sc_user_reply(smp, mgmt_op, passkey);
1620 goto unlock;
1621 }
1622
2b64d153
BG		 1623 switch (mgmt_op) {
1624 case MGMT_OP_USER_PASSKEY_REPLY:
1625 value = le32_to_cpu(passkey);
943a732a 1626 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1627 BT_DBG("PassKey: %d", value);
943a732a 1628 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1629 /* Fall Through */
1630 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1631 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1632 break;
1633 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1634 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1635 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1636 err = 0;
1637 goto unlock;
2b64d153 1638 default:
84794e11 1639 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1640 err = -EOPNOTSUPP;
1641 goto unlock;
2b64d153
BG		 1642 }
1643
fc75cc86
JH		 1644 err = 0;
1645
2b64d153 1646 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1647 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1648 u8 rsp = smp_confirm(smp);
1649 if (rsp)
1650 smp_failure(conn, rsp);
1651 }
2b64d153 1652
fc75cc86
JH		 1653unlock:
1654 l2cap_chan_unlock(chan);
1655 return err;
2b64d153
BG		 1656}
1657
b5ae344d
JH		 1658static void build_bredr_pairing_cmd(struct smp_chan *smp,
1659 struct smp_cmd_pairing *req,
1660 struct smp_cmd_pairing *rsp)
1661{
1662 struct l2cap_conn *conn = smp->conn;
1663 struct hci_dev *hdev = conn->hcon->hdev;
1664 u8 local_dist = 0, remote_dist = 0;
1665
d7a5a11d 1666 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1667 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1668 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1669 }
1670
d7a5a11d 1671 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1672 remote_dist |= SMP_DIST_ID_KEY;
1673
d7a5a11d 1674 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1675 local_dist |= SMP_DIST_ID_KEY;
1676
1677 if (!rsp) {
1678 memset(req, 0, sizeof(*req));
1679
1680 req->init_key_dist = local_dist;
1681 req->resp_key_dist = remote_dist;
1682 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1683
1684 smp->remote_key_dist = remote_dist;
1685
1686 return;
1687 }
1688
1689 memset(rsp, 0, sizeof(*rsp));
1690
1691 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1692 rsp->init_key_dist = req->init_key_dist & remote_dist;
1693 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1694
1695 smp->remote_key_dist = rsp->init_key_dist;
1696}
1697
da85e5e5 1698static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1699{
3158c50c 1700 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1701 struct l2cap_chan *chan = conn->smp;
b3c6410b 1702 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1703 struct smp_chan *smp;
c7262e71 1704 u8 key_size, auth, sec_level;
8aab4757 1705 int ret;
88ba43b6
AB		 1706
1707 BT_DBG("conn %p", conn);
1708
c46b98be 1709 if (skb->len < sizeof(*req))
38e4a915 1710 return SMP_INVALID_PARAMS;
c46b98be 1711
40bef302 1712 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1713 return SMP_CMD_NOTSUPP;
1714
fc75cc86 1715 if (!chan->data)
8aab4757 1716 smp = smp_chan_create(conn);
fc75cc86 1717 else
5d88cc73 1718 smp = chan->data;
8aab4757 1719
d08fd0e7
AE		 1720 if (!smp)
1721 return SMP_UNSPECIFIED;
d26a2345 1722
c05b9339 1723 /* We didn't start the pairing, so match remote */
0edb14de 1724 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1725
d7a5a11d 1726 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1727 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1728 return SMP_PAIRING_NOTSUPP;
1729
d7a5a11d 1730 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1731 return SMP_AUTH_REQUIREMENTS;
1732
1c1def09
VCG		 1733 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1734 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1735 skb_pull(skb, sizeof(*req));
88ba43b6 1736
b5ae344d
JH		 1737 /* SMP over BR/EDR requires special treatment */
1738 if (conn->hcon->type == ACL_LINK) {
1739 /* We must have a BR/EDR SC link */
08f63cc5 1740 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1741 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1742 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1743
1744 set_bit(SMP_FLAG_SC, &smp->flags);
1745
1746 build_bredr_pairing_cmd(smp, req, &rsp);
1747
1748 key_size = min(req->max_key_size, rsp.max_key_size);
1749 if (check_enc_key_size(conn, key_size))
1750 return SMP_ENC_KEY_SIZE;
1751
1752 /* Clear bits which are generated but not distributed */
1753 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1754
1755 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1756 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1757 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1758
1759 smp_distribute_keys(smp);
1760 return 0;
1761 }
1762
5e3d3d9b
JH		 1763 build_pairing_cmd(conn, req, &rsp, auth);
1764
1765 if (rsp.auth_req & SMP_AUTH_SC)
1766 set_bit(SMP_FLAG_SC, &smp->flags);
1767
5be5e275 1768 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1769 sec_level = BT_SECURITY_MEDIUM;
1770 else
1771 sec_level = authreq_to_seclevel(auth);
1772
c7262e71
JH		 1773 if (sec_level > conn->hcon->pending_sec_level)
1774 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1775
49c922bb 1776 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1777 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1778 u8 method;
1779
1780 method = get_auth_method(smp, conn->hcon->io_capability,
1781 req->io_capability);
1782 if (method == JUST_WORKS || method == JUST_CFM)
1783 return SMP_AUTH_REQUIREMENTS;
1784 }
1785
3158c50c
VCG		 1786 key_size = min(req->max_key_size, rsp.max_key_size);
1787 if (check_enc_key_size(conn, key_size))
1788 return SMP_ENC_KEY_SIZE;
88ba43b6 1789
e84a6b13 1790 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1791
1c1def09
VCG		 1792 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1793 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1794
3158c50c 1795 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1796
1797 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1798
1799 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1800 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1801 /* Clear bits which are generated but not distributed */
1802 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1803 /* Wait for Public Key from Initiating Device */
1804 return 0;
3b19146d 1805 }
da85e5e5 1806
983f9814
MH		 1807 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1808
2b64d153
BG		 1809 /* Request setup of TK */
1810 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1811 if (ret)
1812 return SMP_UNSPECIFIED;
1813
da85e5e5 1814 return 0;
88ba43b6
AB		 1815}
1816
3b19146d
JH		 1817static u8 sc_send_public_key(struct smp_chan *smp)
1818{
70157ef5
JH		 1819 struct hci_dev *hdev = smp->conn->hcon->hdev;
1820
3b19146d
JH		 1821 BT_DBG("");
1822
33d0c030
MH		 1823 if (test_bit(SMP_FLAG_OOB, &smp->flags)) {
1824 struct l2cap_chan *chan = hdev->smp_data;
1825 struct smp_dev *smp_dev;
1826
1827 if (!chan || !chan->data)
1828 return SMP_UNSPECIFIED;
1829
1830 smp_dev = chan->data;
1831
1832 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1833 memcpy(smp->local_sk, smp_dev->local_sk, 32);
882fafad 1834 memcpy(smp->lr, smp_dev->local_rr, 16);
33d0c030
MH		 1835
1836 if (smp_dev->debug_key)
1837 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1838
1839 goto done;
1840 }
1841
d7a5a11d 1842 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1843 BT_DBG("Using debug keys");
1844 memcpy(smp->local_pk, debug_pk, 64);
1845 memcpy(smp->local_sk, debug_sk, 32);
1846 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1847 } else {
1848 while (true) {
1849 /* Generate local key pair for Secure Connections */
1850 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1851 return SMP_UNSPECIFIED;
6c0dcc50 1852
70157ef5
JH		 1853 /* This is unlikely, but we need to check that
1854 * we didn't accidentially generate a debug key.
1855 */
1856 if (memcmp(smp->local_sk, debug_sk, 32))
1857 break;
1858 }
6c0dcc50 1859 }
3b19146d 1860
33d0c030 1861done:
c7a3d57d 1862 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
8e4e2ee5 1863 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
c7a3d57d 1864 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1865
1866 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1867
1868 return 0;
1869}
1870
da85e5e5 1871static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1872{
3158c50c 1873 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1874 struct l2cap_chan *chan = conn->smp;
1875 struct smp_chan *smp = chan->data;
0edb14de 1876 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1877 u8 key_size, auth;
7d24ddcc 1878 int ret;
88ba43b6
AB		 1879
1880 BT_DBG("conn %p", conn);
1881
c46b98be 1882 if (skb->len < sizeof(*rsp))
38e4a915 1883 return SMP_INVALID_PARAMS;
c46b98be 1884
40bef302 1885 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1886 return SMP_CMD_NOTSUPP;
1887
3158c50c
VCG		 1888 skb_pull(skb, sizeof(*rsp));
1889
1c1def09 1890 req = (void *) &smp->preq[1];
da85e5e5 1891
3158c50c
VCG		 1892 key_size = min(req->max_key_size, rsp->max_key_size);
1893 if (check_enc_key_size(conn, key_size))
1894 return SMP_ENC_KEY_SIZE;
1895
0edb14de 1896 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1897
d7a5a11d 1898 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1899 return SMP_AUTH_REQUIREMENTS;
1900
b5ae344d
JH		 1901 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1902 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1903
1904 /* Update remote key distribution in case the remote cleared
1905 * some bits that we had enabled in our request.
1906 */
1907 smp->remote_key_dist &= rsp->resp_key_dist;
1908
1909 /* For BR/EDR this means we're done and can start phase 3 */
1910 if (conn->hcon->type == ACL_LINK) {
1911 /* Clear bits which are generated but not distributed */
1912 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1913 smp_distribute_keys(smp);
1914 return 0;
1915 }
1916
65668776
JH		 1917 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1918 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1919 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1920 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1921
49c922bb 1922 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1923 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1924 u8 method;
1925
1926 method = get_auth_method(smp, req->io_capability,
1927 rsp->io_capability);
1928 if (method == JUST_WORKS || method == JUST_CFM)
1929 return SMP_AUTH_REQUIREMENTS;
1930 }
1931
e84a6b13 1932 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1933
fdcc4bec
JH		 1934 /* Update remote key distribution in case the remote cleared
1935 * some bits that we had enabled in our request.
1936 */
1937 smp->remote_key_dist &= rsp->resp_key_dist;
1938
3b19146d
JH		 1939 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1940 /* Clear bits which are generated but not distributed */
1941 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1942 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1943 return sc_send_public_key(smp);
1944 }
1945
c05b9339 1946 auth |= req->auth_req;
2b64d153 1947
476585ec 1948 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1949 if (ret)
1950 return SMP_UNSPECIFIED;
1951
4a74d658 1952 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1953
1954 /* Can't compose response until we have been confirmed */
4a74d658 1955 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1956 return smp_confirm(smp);
da85e5e5
VCG		 1957
1958 return 0;
88ba43b6
AB		 1959}
1960
dcee2b32
JH		 1961static u8 sc_check_confirm(struct smp_chan *smp)
1962{
1963 struct l2cap_conn *conn = smp->conn;
1964
1965 BT_DBG("");
1966
1967 /* Public Key exchange must happen before any other steps */
1968 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1969 return SMP_UNSPECIFIED;
1970
38606f14
JH		 1971 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1972 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1973
dcee2b32
JH		 1974 if (conn->hcon->out) {
1975 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1976 smp->prnd);
1977 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1978 }
1979
1980 return 0;
1981}
1982
da85e5e5 1983static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1984{
5d88cc73
JH		 1985 struct l2cap_chan *chan = conn->smp;
1986 struct smp_chan *smp = chan->data;
7d24ddcc 1987
88ba43b6
AB		 1988 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1989
c46b98be 1990 if (skb->len < sizeof(smp->pcnf))
38e4a915 1991 return SMP_INVALID_PARAMS;
c46b98be 1992
1c1def09
VCG		 1993 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1994 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1995
dcee2b32
JH		 1996 if (test_bit(SMP_FLAG_SC, &smp->flags))
1997 return sc_check_confirm(smp);
1998
b28b4943 1999 if (conn->hcon->out) {
943a732a
JH		 2000 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2001 smp->prnd);
b28b4943
JH		 2002 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2003 return 0;
2004 }
2005
2006 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2007 return smp_confirm(smp);
983f9814
MH		 2008
2009 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2010
2011 return 0;
88ba43b6
AB		 2012}
2013
da85e5e5 2014static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2015{
5d88cc73
JH		 2016 struct l2cap_chan *chan = conn->smp;
2017 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2018 struct hci_conn *hcon = conn->hcon;
2019 u8 *pkax, *pkbx, *na, *nb;
2020 u32 passkey;
2021 int err;
7d24ddcc 2022
8aab4757 2023 BT_DBG("conn %p", conn);
3158c50c 2024
c46b98be 2025 if (skb->len < sizeof(smp->rrnd))
38e4a915 2026 return SMP_INVALID_PARAMS;
c46b98be 2027
943a732a 2028 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2029 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2030
191dc7fe
JH		 2031 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2032 return smp_random(smp);
2033
580039e8
JH		 2034 if (hcon->out) {
2035 pkax = smp->local_pk;
2036 pkbx = smp->remote_pk;
2037 na = smp->prnd;
2038 nb = smp->rrnd;
2039 } else {
2040 pkax = smp->remote_pk;
2041 pkbx = smp->local_pk;
2042 na = smp->rrnd;
2043 nb = smp->prnd;
2044 }
2045
a29b0733
JH		 2046 if (smp->method == REQ_OOB) {
2047 if (!hcon->out)
2048 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2049 sizeof(smp->prnd), smp->prnd);
2050 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2051 goto mackey_and_ltk;
2052 }
2053
38606f14
JH		 2054 /* Passkey entry has special treatment */
2055 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2056 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2057
191dc7fe
JH		 2058 if (hcon->out) {
2059 u8 cfm[16];
2060
2061 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2062 smp->rrnd, 0, cfm);
2063 if (err)
2064 return SMP_UNSPECIFIED;
2065
2066 if (memcmp(smp->pcnf, cfm, 16))
2067 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2068 } else {
2069 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2070 smp->prnd);
2071 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2072 }
2073
a29b0733 2074mackey_and_ltk:
760b018b
JH		 2075 /* Generate MacKey and LTK */
2076 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2077 if (err)
2078 return SMP_UNSPECIFIED;
2079
a29b0733 2080 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2081 if (hcon->out) {
38606f14 2082 sc_dhkey_check(smp);
dddd3059
JH		 2083 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2084 }
2085 return 0;
2086 }
2087
38606f14
JH		 2088 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2089 if (err)
2090 return SMP_UNSPECIFIED;
2091
2092 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2093 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2094 if (err)
2095 return SMP_UNSPECIFIED;
2096
38606f14
JH		 2097 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2098
191dc7fe 2099 return 0;
88ba43b6
AB		 2100}
2101
f81cd823 2102static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2103{
c9839a11 2104 struct smp_ltk *key;
988c5997
VCG		 2105 struct hci_conn *hcon = conn->hcon;
2106
f3a73d97 2107 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2108 if (!key)
f81cd823 2109 return false;
988c5997 2110
a6f7833c 2111 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2112 return false;
4dab7864 2113
51a8efd7 2114 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2115 return true;
988c5997 2116
c9839a11
VCG		 2117 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2118 hcon->enc_key_size = key->enc_size;
988c5997 2119
fe59a05f
JH		 2120 /* We never store STKs for master role, so clear this flag */
2121 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2122
f81cd823 2123 return true;
988c5997 2124}
f1560463 2125
35dc6f83
JH		 2126bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2127 enum smp_key_pref key_pref)
854f4727
JH		 2128{
2129 if (sec_level == BT_SECURITY_LOW)
2130 return true;
2131
35dc6f83
JH		 2132 /* If we're encrypted with an STK but the caller prefers using
2133 * LTK claim insufficient security. This way we allow the
2134 * connection to be re-encrypted with an LTK, even if the LTK
2135 * provides the same level of security. Only exception is if we
2136 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2137 */
35dc6f83
JH		 2138 if (key_pref == SMP_USE_LTK &&
2139 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2140 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2141 return false;
2142
854f4727
JH		 2143 if (hcon->sec_level >= sec_level)
2144 return true;
2145
2146 return false;
2147}
2148
da85e5e5 2149static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2150{
2151 struct smp_cmd_security_req *rp = (void *) skb->data;
2152 struct smp_cmd_pairing cp;
f1cb9af5 2153 struct hci_conn *hcon = conn->hcon;
0edb14de 2154 struct hci_dev *hdev = hcon->hdev;
8aab4757 2155 struct smp_chan *smp;
c05b9339 2156 u8 sec_level, auth;
88ba43b6
AB		 2157
2158 BT_DBG("conn %p", conn);
2159
c46b98be 2160 if (skb->len < sizeof(*rp))
38e4a915 2161 return SMP_INVALID_PARAMS;
c46b98be 2162
40bef302 2163 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2164 return SMP_CMD_NOTSUPP;
2165
0edb14de 2166 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2167
d7a5a11d 2168 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2169 return SMP_AUTH_REQUIREMENTS;
2170
5be5e275 2171 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2172 sec_level = BT_SECURITY_MEDIUM;
2173 else
2174 sec_level = authreq_to_seclevel(auth);
2175
35dc6f83 2176 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2177 return 0;
2178
c7262e71
JH		 2179 if (sec_level > hcon->pending_sec_level)
2180 hcon->pending_sec_level = sec_level;
feb45eb5 2181
4dab7864 2182 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2183 return 0;
2184
8aab4757 2185 smp = smp_chan_create(conn);
c29d2444
JH		 2186 if (!smp)
2187 return SMP_UNSPECIFIED;
d26a2345 2188
d7a5a11d 2189 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2190 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2191 return SMP_PAIRING_NOTSUPP;
2192
88ba43b6 2193 skb_pull(skb, sizeof(*rp));
88ba43b6 2194
da85e5e5 2195 memset(&cp, 0, sizeof(cp));
c05b9339 2196 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2197
1c1def09
VCG		 2198 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2199 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2200
88ba43b6 2201 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2202 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2203
da85e5e5 2204 return 0;
88ba43b6
AB		 2205}
2206
cc110922 2207int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2208{
cc110922 2209 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2210 struct l2cap_chan *chan;
0a66cf20 2211 struct smp_chan *smp;
2b64d153 2212 __u8 authreq;
fc75cc86 2213 int ret;
eb492e01 2214
3a0259bb
VCG		 2215 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2216
0a66cf20
JH		 2217 /* This may be NULL if there's an unexpected disconnection */
2218 if (!conn)
2219 return 1;
2220
c68b7f12
JH		 2221 chan = conn->smp;
2222
d7a5a11d 2223 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2224 return 1;
2225
35dc6f83 2226 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2227 return 1;
f1cb9af5 2228
c7262e71
JH		 2229 if (sec_level > hcon->pending_sec_level)
2230 hcon->pending_sec_level = sec_level;
2231
40bef302 2232 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2233 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2234 return 0;
d26a2345 2235
fc75cc86
JH		 2236 l2cap_chan_lock(chan);
2237
2238 /* If SMP is already in progress ignore this request */
2239 if (chan->data) {
2240 ret = 0;
2241 goto unlock;
2242 }
d26a2345 2243
8aab4757 2244 smp = smp_chan_create(conn);
fc75cc86
JH		 2245 if (!smp) {
2246 ret = 1;
2247 goto unlock;
2248 }
2b64d153
BG		 2249
2250 authreq = seclevel_to_authreq(sec_level);
d26a2345 2251
d7a5a11d 2252 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
d2eb9e10
JH		 2253 authreq |= SMP_AUTH_SC;
2254
79897d20
JH		 2255 /* Require MITM if IO Capability allows or the security level
2256 * requires it.
2e233644 2257 */
79897d20 2258 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2259 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2260 authreq |= SMP_AUTH_MITM;
2261
40bef302 2262 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2263 struct smp_cmd_pairing cp;
f01ead31 2264
2b64d153 2265 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2266 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2267 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2268
eb492e01 2269 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2270 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2271 } else {
2272 struct smp_cmd_security_req cp;
2b64d153 2273 cp.auth_req = authreq;
eb492e01 2274 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2275 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2276 }
2277
4a74d658 2278 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2279 ret = 0;
edca792c 2280
fc75cc86
JH		 2281unlock:
2282 l2cap_chan_unlock(chan);
2283 return ret;
eb492e01
AB		 2284}
2285
7034b911
VCG		 2286static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2287{
16b90839 2288 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2289 struct l2cap_chan *chan = conn->smp;
2290 struct smp_chan *smp = chan->data;
16b90839 2291
c46b98be
JH		 2292 BT_DBG("conn %p", conn);
2293
2294 if (skb->len < sizeof(*rp))
38e4a915 2295 return SMP_INVALID_PARAMS;
c46b98be 2296
b28b4943 2297 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2298
16b90839
VCG		 2299 skb_pull(skb, sizeof(*rp));
2300
1c1def09 2301 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2302
7034b911
VCG		 2303 return 0;
2304}
2305
2306static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2307{
16b90839 2308 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2309 struct l2cap_chan *chan = conn->smp;
2310 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2311 struct hci_dev *hdev = conn->hcon->hdev;
2312 struct hci_conn *hcon = conn->hcon;
23d0e128 2313 struct smp_ltk *ltk;
c9839a11 2314 u8 authenticated;
16b90839 2315
c46b98be
JH		 2316 BT_DBG("conn %p", conn);
2317
2318 if (skb->len < sizeof(*rp))
38e4a915 2319 return SMP_INVALID_PARAMS;
c46b98be 2320
9747a9f3
JH		 2321 /* Mark the information as received */
2322 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2323
b28b4943
JH		 2324 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2325 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2326 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2327 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2328
16b90839 2329 skb_pull(skb, sizeof(*rp));
7034b911 2330
ce39fb4e 2331 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2332 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2333 authenticated, smp->tk, smp->enc_key_size,
2334 rp->ediv, rp->rand);
2335 smp->ltk = ltk;
c6e81e9a 2336 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2337 smp_distribute_keys(smp);
7034b911
VCG		 2338
2339 return 0;
2340}
2341
fd349c02
JH		 2342static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2343{
2344 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2345 struct l2cap_chan *chan = conn->smp;
2346 struct smp_chan *smp = chan->data;
fd349c02
JH		 2347
2348 BT_DBG("");
2349
2350 if (skb->len < sizeof(*info))
38e4a915 2351 return SMP_INVALID_PARAMS;
fd349c02 2352
b28b4943 2353 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2354
fd349c02
JH		 2355 skb_pull(skb, sizeof(*info));
2356
2357 memcpy(smp->irk, info->irk, 16);
2358
2359 return 0;
2360}
2361
2362static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2363 struct sk_buff *skb)
2364{
2365 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2366 struct l2cap_chan *chan = conn->smp;
2367 struct smp_chan *smp = chan->data;
fd349c02
JH		 2368 struct hci_conn *hcon = conn->hcon;
2369 bdaddr_t rpa;
2370
2371 BT_DBG("");
2372
2373 if (skb->len < sizeof(*info))
38e4a915 2374 return SMP_INVALID_PARAMS;
fd349c02 2375
9747a9f3
JH		 2376 /* Mark the information as received */
2377 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2378
b28b4943
JH		 2379 if (smp->remote_key_dist & SMP_DIST_SIGN)
2380 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2381
fd349c02
JH		 2382 skb_pull(skb, sizeof(*info));
2383
a9a58f86
JH		 2384 /* Strictly speaking the Core Specification (4.1) allows sending
2385 * an empty address which would force us to rely on just the IRK
2386 * as "identity information". However, since such
2387 * implementations are not known of and in order to not over
2388 * complicate our implementation, simply pretend that we never
2389 * received an IRK for such a device.
e12af489
JH		 2390 *
2391 * The Identity Address must also be a Static Random or Public
2392 * Address, which hci_is_identity_address() checks for.
a9a58f86 2393 */
e12af489
JH		 2394 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2395 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2396 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2397 goto distribute;
a9a58f86
JH		 2398 }
2399
fd349c02
JH		 2400 bacpy(&smp->id_addr, &info->bdaddr);
2401 smp->id_addr_type = info->addr_type;
2402
2403 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2404 bacpy(&rpa, &hcon->dst);
2405 else
2406 bacpy(&rpa, BDADDR_ANY);
2407
23d0e128
JH		 2408 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2409 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2410
31dd624e 2411distribute:
c6e81e9a
JH		 2412 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2413 smp_distribute_keys(smp);
fd349c02
JH		 2414
2415 return 0;
2416}
2417
7ee4ea36
MH		 2418static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2419{
2420 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2421 struct l2cap_chan *chan = conn->smp;
2422 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2423 struct smp_csrk *csrk;
2424
2425 BT_DBG("conn %p", conn);
2426
2427 if (skb->len < sizeof(*rp))
38e4a915 2428 return SMP_INVALID_PARAMS;
7ee4ea36 2429
7ee4ea36
MH		 2430 /* Mark the information as received */
2431 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2432
2433 skb_pull(skb, sizeof(*rp));
2434
7ee4ea36
MH		 2435 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2436 if (csrk) {
4cd3928a
JH		 2437 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2438 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2439 else
2440 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2441 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2442 }
2443 smp->csrk = csrk;
d6268e86 2444 smp_distribute_keys(smp);
7ee4ea36
MH		 2445
2446 return 0;
2447}
2448
5e3d3d9b
JH		 2449static u8 sc_select_method(struct smp_chan *smp)
2450{
2451 struct l2cap_conn *conn = smp->conn;
2452 struct hci_conn *hcon = conn->hcon;
2453 struct smp_cmd_pairing *local, *remote;
2454 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2455
a29b0733
JH		 2456 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2457 return REQ_OOB;
2458
5e3d3d9b
JH		 2459 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2460 * which are needed as inputs to some crypto functions. To get
2461 * the "struct smp_cmd_pairing" from them we need to skip the
2462 * first byte which contains the opcode.
2463 */
2464 if (hcon->out) {
2465 local = (void *) &smp->preq[1];
2466 remote = (void *) &smp->prsp[1];
2467 } else {
2468 local = (void *) &smp->prsp[1];
2469 remote = (void *) &smp->preq[1];
2470 }
2471
2472 local_io = local->io_capability;
2473 remote_io = remote->io_capability;
2474
2475 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2476 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2477
2478 /* If either side wants MITM, look up the method from the table,
2479 * otherwise use JUST WORKS.
2480 */
2481 if (local_mitm || remote_mitm)
2482 method = get_auth_method(smp, local_io, remote_io);
2483 else
2484 method = JUST_WORKS;
2485
2486 /* Don't confirm locally initiated pairing attempts */
2487 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2488 method = JUST_WORKS;
2489
2490 return method;
2491}
2492
d8f8edbe
JH		 2493static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2494{
2495 struct smp_cmd_public_key *key = (void *) skb->data;
2496 struct hci_conn *hcon = conn->hcon;
2497 struct l2cap_chan *chan = conn->smp;
2498 struct smp_chan *smp = chan->data;
5e3d3d9b 2499 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2500 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2501 int err;
2502
2503 BT_DBG("conn %p", conn);
2504
2505 if (skb->len < sizeof(*key))
2506 return SMP_INVALID_PARAMS;
2507
2508 memcpy(smp->remote_pk, key, 64);
2509
2510 /* Non-initiating device sends its public key after receiving
2511 * the key from the initiating device.
2512 */
2513 if (!hcon->out) {
2514 err = sc_send_public_key(smp);
2515 if (err)
2516 return err;
2517 }
2518
c7a3d57d
JH		 2519 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2520 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2521
2522 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2523 return SMP_UNSPECIFIED;
2524
c7a3d57d 2525 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2526
2527 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2528
5e3d3d9b
JH		 2529 smp->method = sc_select_method(smp);
2530
2531 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2532
2533 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2534 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2535 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2536 else
2537 hcon->pending_sec_level = BT_SECURITY_FIPS;
2538
aeb7d461
JH		 2539 if (!memcmp(debug_pk, smp->remote_pk, 64))
2540 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2541
38606f14
JH		 2542 if (smp->method == DSP_PASSKEY) {
2543 get_random_bytes(&hcon->passkey_notify,
2544 sizeof(hcon->passkey_notify));
2545 hcon->passkey_notify %= 1000000;
2546 hcon->passkey_entered = 0;
2547 smp->passkey_round = 0;
2548 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2549 hcon->dst_type,
2550 hcon->passkey_notify,
2551 hcon->passkey_entered))
2552 return SMP_UNSPECIFIED;
2553 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2554 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2555 }
2556
a29b0733
JH		 2557 if (smp->method == REQ_OOB) {
2558 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2559 smp->rr, 0, cfm.confirm_val);
2560 if (err)
2561 return SMP_UNSPECIFIED;
2562
2563 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2564 return SMP_CONFIRM_FAILED;
2565
2566 if (hcon->out)
2567 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2568 sizeof(smp->prnd), smp->prnd);
2569
2570 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2571
2572 return 0;
2573 }
2574
38606f14
JH		 2575 if (hcon->out)
2576 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2577
2578 if (smp->method == REQ_PASSKEY) {
2579 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2580 hcon->dst_type))
2581 return SMP_UNSPECIFIED;
2582 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2583 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2584 return 0;
2585 }
2586
cbbbe3e2
JH		 2587 /* The Initiating device waits for the non-initiating device to
2588 * send the confirm value.
2589 */
2590 if (conn->hcon->out)
2591 return 0;
2592
2593 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2594 0, cfm.confirm_val);
2595 if (err)
2596 return SMP_UNSPECIFIED;
2597
2598 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2599 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2600
d8f8edbe
JH		 2601 return 0;
2602}
2603
6433a9a2
JH		 2604static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2605{
2606 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2607 struct l2cap_chan *chan = conn->smp;
2608 struct hci_conn *hcon = conn->hcon;
2609 struct smp_chan *smp = chan->data;
2610 u8 a[7], b[7], *local_addr, *remote_addr;
2611 u8 io_cap[3], r[16], e[16];
2612 int err;
2613
2614 BT_DBG("conn %p", conn);
2615
2616 if (skb->len < sizeof(*check))
2617 return SMP_INVALID_PARAMS;
2618
2619 memcpy(a, &hcon->init_addr, 6);
2620 memcpy(b, &hcon->resp_addr, 6);
2621 a[6] = hcon->init_addr_type;
2622 b[6] = hcon->resp_addr_type;
2623
2624 if (hcon->out) {
2625 local_addr = a;
2626 remote_addr = b;
2627 memcpy(io_cap, &smp->prsp[1], 3);
2628 } else {
2629 local_addr = b;
2630 remote_addr = a;
2631 memcpy(io_cap, &smp->preq[1], 3);
2632 }
2633
2634 memset(r, 0, sizeof(r));
2635
38606f14
JH		 2636 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2637 put_unaligned_le32(hcon->passkey_notify, r);
882fafad
JH		 2638 else if (smp->method == REQ_OOB)
2639 memcpy(r, smp->lr, 16);
38606f14 2640
6433a9a2
JH		 2641 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2642 io_cap, remote_addr, local_addr, e);
2643 if (err)
2644 return SMP_UNSPECIFIED;
2645
2646 if (memcmp(check->e, e, 16))
2647 return SMP_DHKEY_CHECK_FAILED;
2648
d3e54a87
JH		 2649 if (!hcon->out) {
2650 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2651 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2652 return 0;
2653 }
d378a2d7 2654
d3e54a87
JH		 2655 /* Slave sends DHKey check as response to master */
2656 sc_dhkey_check(smp);
2657 }
d378a2d7 2658
d3e54a87 2659 sc_add_ltk(smp);
6433a9a2
JH		 2660
2661 if (hcon->out) {
2662 hci_le_start_enc(hcon, 0, 0, smp->tk);
2663 hcon->enc_key_size = smp->enc_key_size;
2664 }
2665
2666 return 0;
2667}
2668
1408bb6e
JH		 2669static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2670 struct sk_buff *skb)
2671{
2672 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2673
2674 BT_DBG("value 0x%02x", kp->value);
2675
2676 return 0;
2677}
2678
4befb867 2679static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2680{
5d88cc73 2681 struct l2cap_conn *conn = chan->conn;
7b9899db 2682 struct hci_conn *hcon = conn->hcon;
b28b4943 2683 struct smp_chan *smp;
92381f5c 2684 __u8 code, reason;
eb492e01
AB		 2685 int err = 0;
2686
8ae9b984 2687 if (skb->len < 1)
92381f5c 2688 return -EILSEQ;
92381f5c 2689
d7a5a11d 2690 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2691 reason = SMP_PAIRING_NOTSUPP;
2692 goto done;
2693 }
2694
92381f5c 2695 code = skb->data[0];
eb492e01
AB		 2696 skb_pull(skb, sizeof(code));
2697
b28b4943
JH		 2698 smp = chan->data;
2699
2700 if (code > SMP_CMD_MAX)
2701 goto drop;
2702
24bd0bd9 2703 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2704 goto drop;
2705
2706 /* If we don't have a context the only allowed commands are
2707 * pairing request and security request.
8cf9fa12 2708 */
b28b4943
JH		 2709 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2710 goto drop;
8cf9fa12 2711
eb492e01
AB		 2712 switch (code) {
2713 case SMP_CMD_PAIRING_REQ:
da85e5e5 2714 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2715 break;
2716
2717 case SMP_CMD_PAIRING_FAIL:
84794e11 2718 smp_failure(conn, 0);
da85e5e5 2719 err = -EPERM;
eb492e01
AB		 2720 break;
2721
2722 case SMP_CMD_PAIRING_RSP:
da85e5e5 2723 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2724 break;
2725
2726 case SMP_CMD_SECURITY_REQ:
da85e5e5 2727 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2728 break;
2729
eb492e01 2730 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2731 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2732 break;
2733
eb492e01 2734 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2735 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2736 break;
2737
eb492e01 2738 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2739 reason = smp_cmd_encrypt_info(conn, skb);
2740 break;
2741
eb492e01 2742 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2743 reason = smp_cmd_master_ident(conn, skb);
2744 break;
2745
eb492e01 2746 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2747 reason = smp_cmd_ident_info(conn, skb);
2748 break;
2749
eb492e01 2750 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2751 reason = smp_cmd_ident_addr_info(conn, skb);
2752 break;
2753
eb492e01 2754 case SMP_CMD_SIGN_INFO:
7ee4ea36 2755 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2756 break;
2757
d8f8edbe
JH		 2758 case SMP_CMD_PUBLIC_KEY:
2759 reason = smp_cmd_public_key(conn, skb);
2760 break;
2761
6433a9a2
JH		 2762 case SMP_CMD_DHKEY_CHECK:
2763 reason = smp_cmd_dhkey_check(conn, skb);
2764 break;
2765
1408bb6e
JH		 2766 case SMP_CMD_KEYPRESS_NOTIFY:
2767 reason = smp_cmd_keypress_notify(conn, skb);
2768 break;
2769
eb492e01
AB		 2770 default:
2771 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2772 reason = SMP_CMD_NOTSUPP;
3a0259bb 2773 goto done;
eb492e01
AB		 2774 }
2775
3a0259bb 2776done:
9b7b18ef
JH		 2777 if (!err) {
2778 if (reason)
2779 smp_failure(conn, reason);
8ae9b984 2780 kfree_skb(skb);
9b7b18ef
JH		 2781 }
2782
eb492e01 2783 return err;
b28b4943
JH		 2784
2785drop:
2786 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2787 code, &hcon->dst);
2788 kfree_skb(skb);
2789 return 0;
eb492e01 2790}
7034b911 2791
70db83c4
JH		 2792static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2793{
2794 struct l2cap_conn *conn = chan->conn;
2795
2796 BT_DBG("chan %p", chan);
2797
fc75cc86 2798 if (chan->data)
5d88cc73 2799 smp_chan_destroy(conn);
5d88cc73 2800
70db83c4
JH		 2801 conn->smp = NULL;
2802 l2cap_chan_put(chan);
2803}
2804
b5ae344d
JH		 2805static void bredr_pairing(struct l2cap_chan *chan)
2806{
2807 struct l2cap_conn *conn = chan->conn;
2808 struct hci_conn *hcon = conn->hcon;
2809 struct hci_dev *hdev = hcon->hdev;
2810 struct smp_cmd_pairing req;
2811 struct smp_chan *smp;
2812
2813 BT_DBG("chan %p", chan);
2814
2815 /* Only new pairings are interesting */
2816 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2817 return;
2818
2819 /* Don't bother if we're not encrypted */
2820 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2821 return;
2822
2823 /* Only master may initiate SMP over BR/EDR */
2824 if (hcon->role != HCI_ROLE_MASTER)
2825 return;
2826
2827 /* Secure Connections support must be enabled */
d7a5a11d 2828 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2829 return;
2830
2831 /* BR/EDR must use Secure Connections for SMP */
2832 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2833 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2834 return;
2835
2836 /* If our LE support is not enabled don't do anything */
d7a5a11d 2837 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2838 return;
2839
2840 /* Don't bother if remote LE support is not enabled */
2841 if (!lmp_host_le_capable(hcon))
2842 return;
2843
2844 /* Remote must support SMP fixed chan for BR/EDR */
2845 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2846 return;
2847
2848 /* Don't bother if SMP is already ongoing */
2849 if (chan->data)
2850 return;
2851
2852 smp = smp_chan_create(conn);
2853 if (!smp) {
2854 BT_ERR("%s unable to create SMP context for BR/EDR",
2855 hdev->name);
2856 return;
2857 }
2858
2859 set_bit(SMP_FLAG_SC, &smp->flags);
2860
2861 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2862
2863 /* Prepare and send the BR/EDR SMP Pairing Request */
2864 build_bredr_pairing_cmd(smp, &req, NULL);
2865
2866 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2867 memcpy(&smp->preq[1], &req, sizeof(req));
2868
2869 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2870 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2871}
2872
44f1a7ab
JH		 2873static void smp_resume_cb(struct l2cap_chan *chan)
2874{
b68fda68 2875 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2876 struct l2cap_conn *conn = chan->conn;
2877 struct hci_conn *hcon = conn->hcon;
2878
2879 BT_DBG("chan %p", chan);
2880
b5ae344d
JH		 2881 if (hcon->type == ACL_LINK) {
2882 bredr_pairing(chan);
ef8efe4b 2883 return;
b5ae344d 2884 }
ef8efe4b 2885
86d1407c
JH		 2886 if (!smp)
2887 return;
b68fda68 2888
84bc0db5
JH		 2889 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2890 return;
2891
86d1407c
JH		 2892 cancel_delayed_work(&smp->security_timer);
2893
d6268e86 2894 smp_distribute_keys(smp);
44f1a7ab
JH		 2895}
2896
70db83c4
JH		 2897static void smp_ready_cb(struct l2cap_chan *chan)
2898{
2899 struct l2cap_conn *conn = chan->conn;
b5ae344d 2900 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2901
2902 BT_DBG("chan %p", chan);
2903
2904 conn->smp = chan;
2905 l2cap_chan_hold(chan);
b5ae344d
JH		 2906
2907 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2908 bredr_pairing(chan);
70db83c4
JH		 2909}
2910
4befb867
JH		 2911static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2912{
2913 int err;
2914
2915 BT_DBG("chan %p", chan);
2916
2917 err = smp_sig_channel(chan, skb);
2918 if (err) {
b68fda68 2919 struct smp_chan *smp = chan->data;
4befb867 2920
b68fda68
JH		 2921 if (smp)
2922 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2923
1e91c29e 2924 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2925 }
2926
2927 return err;
2928}
2929
70db83c4
JH		 2930static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2931 unsigned long hdr_len,
2932 unsigned long len, int nb)
2933{
2934 struct sk_buff *skb;
2935
2936 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2937 if (!skb)
2938 return ERR_PTR(-ENOMEM);
2939
2940 skb->priority = HCI_PRIO_MAX;
2941 bt_cb(skb)->chan = chan;
2942
2943 return skb;
2944}
2945
2946static const struct l2cap_ops smp_chan_ops = {
2947 .name = "Security Manager",
2948 .ready = smp_ready_cb,
5d88cc73 2949 .recv = smp_recv_cb,
70db83c4
JH		 2950 .alloc_skb = smp_alloc_skb_cb,
2951 .teardown = smp_teardown_cb,
44f1a7ab 2952 .resume = smp_resume_cb,
70db83c4
JH		 2953
2954 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2955 .state_change = l2cap_chan_no_state_change,
2956 .close = l2cap_chan_no_close,
2957 .defer = l2cap_chan_no_defer,
2958 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2959 .set_shutdown = l2cap_chan_no_set_shutdown,
2960 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2961};
2962
2963static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2964{
2965 struct l2cap_chan *chan;
2966
2967 BT_DBG("pchan %p", pchan);
2968
2969 chan = l2cap_chan_create();
2970 if (!chan)
2971 return NULL;
2972
2973 chan->chan_type = pchan->chan_type;
2974 chan->ops = &smp_chan_ops;
2975 chan->scid = pchan->scid;
2976 chan->dcid = chan->scid;
2977 chan->imtu = pchan->imtu;
2978 chan->omtu = pchan->omtu;
2979 chan->mode = pchan->mode;
2980
abe84903
JH		 2981 /* Other L2CAP channels may request SMP routines in order to
2982 * change the security level. This means that the SMP channel
2983 * lock must be considered in its own category to avoid lockdep
2984 * warnings.
2985 */
2986 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2987
70db83c4
JH		 2988 BT_DBG("created chan %p", chan);
2989
2990 return chan;
2991}
2992
2993static const struct l2cap_ops smp_root_chan_ops = {
2994 .name = "Security Manager Root",
2995 .new_connection = smp_new_conn_cb,
2996
2997 /* None of these are implemented for the root channel */
2998 .close = l2cap_chan_no_close,
2999 .alloc_skb = l2cap_chan_no_alloc_skb,
3000 .recv = l2cap_chan_no_recv,
3001 .state_change = l2cap_chan_no_state_change,
3002 .teardown = l2cap_chan_no_teardown,
3003 .ready = l2cap_chan_no_ready,
3004 .defer = l2cap_chan_no_defer,
3005 .suspend = l2cap_chan_no_suspend,
3006 .resume = l2cap_chan_no_resume,
3007 .set_shutdown = l2cap_chan_no_set_shutdown,
3008 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3009};
3010
ef8efe4b 3011static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3012{
70db83c4 3013 struct l2cap_chan *chan;
88a479d9
MH		 3014 struct smp_dev *smp;
3015 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 3016 struct crypto_hash *tfm_cmac;
70db83c4 3017
ef8efe4b 3018 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3019 smp = NULL;
ef8efe4b
JH		 3020 goto create_chan;
3021 }
711eafe3 3022
88a479d9
MH		 3023 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3024 if (!smp)
3025 return ERR_PTR(-ENOMEM);
3026
3027 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
defce9e8 3028 if (IS_ERR(tfm_aes)) {
88a479d9
MH		 3029 BT_ERR("Unable to create ECB crypto context");
3030 kzfree(smp);
fe700771 3031 return ERR_CAST(tfm_aes);
711eafe3
JH		 3032 }
3033
6e2dc6d1
MH		 3034 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3035 if (IS_ERR(tfm_cmac)) {
3036 BT_ERR("Unable to create CMAC crypto context");
3037 crypto_free_blkcipher(tfm_aes);
3038 kzfree(smp);
3039 return ERR_CAST(tfm_cmac);
3040 }
3041
88a479d9 3042 smp->tfm_aes = tfm_aes;
6e2dc6d1 3043 smp->tfm_cmac = tfm_cmac;
88a479d9 3044
ef8efe4b 3045create_chan:
70db83c4
JH		 3046 chan = l2cap_chan_create();
3047 if (!chan) {
88a479d9 3048 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1 3049 crypto_free_hash(smp->tfm_cmac);
88a479d9 3050 kzfree(smp);
ef8efe4b 3051 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3052 }
3053
88a479d9 3054 chan->data = smp;
defce9e8 3055
ef8efe4b 3056 l2cap_add_scid(chan, cid);
70db83c4
JH		 3057
3058 l2cap_chan_set_defaults(chan);
3059
157029ba 3060 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3061 u8 bdaddr_type;
3062
3063 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3064
3065 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3066 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3067 else
3068 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3069 } else {
3070 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3071 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3072 }
3073
70db83c4
JH		 3074 chan->state = BT_LISTEN;
3075 chan->mode = L2CAP_MODE_BASIC;
3076 chan->imtu = L2CAP_DEFAULT_MTU;
3077 chan->ops = &smp_root_chan_ops;
3078
abe84903
JH		 3079 /* Set correct nesting level for a parent/listening channel */
3080 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3081
ef8efe4b 3082 return chan;
711eafe3
JH		 3083}
3084
ef8efe4b 3085static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3086{
88a479d9 3087 struct smp_dev *smp;
70db83c4 3088
ef8efe4b 3089 BT_DBG("chan %p", chan);
711eafe3 3090
88a479d9
MH		 3091 smp = chan->data;
3092 if (smp) {
defce9e8 3093 chan->data = NULL;
88a479d9
MH		 3094 if (smp->tfm_aes)
3095 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1
MH		 3096 if (smp->tfm_cmac)
3097 crypto_free_hash(smp->tfm_cmac);
88a479d9 3098 kzfree(smp);
711eafe3 3099 }
70db83c4 3100
70db83c4 3101 l2cap_chan_put(chan);
711eafe3 3102}
ef8efe4b 3103
300acfde
MH		 3104static ssize_t force_bredr_smp_read(struct file *file,
3105 char __user *user_buf,
3106 size_t count, loff_t *ppos)
3107{
3108 struct hci_dev *hdev = file->private_data;
3109 char buf[3];
3110
b7cb93e5 3111 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3112 buf[1] = '\n';
3113 buf[2] = '\0';
3114 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3115}
3116
3117static ssize_t force_bredr_smp_write(struct file *file,
3118 const char __user *user_buf,
3119 size_t count, loff_t *ppos)
3120{
3121 struct hci_dev *hdev = file->private_data;
3122 char buf[32];
3123 size_t buf_size = min(count, (sizeof(buf)-1));
3124 bool enable;
3125
3126 if (copy_from_user(buf, user_buf, buf_size))
3127 return -EFAULT;
3128
3129 buf[buf_size] = '\0';
3130 if (strtobool(buf, &enable))
3131 return -EINVAL;
3132
b7cb93e5 3133 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3134 return -EALREADY;
3135
3136 if (enable) {
3137 struct l2cap_chan *chan;
3138
3139 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3140 if (IS_ERR(chan))
3141 return PTR_ERR(chan);
3142
3143 hdev->smp_bredr_data = chan;
3144 } else {
3145 struct l2cap_chan *chan;
3146
3147 chan = hdev->smp_bredr_data;
3148 hdev->smp_bredr_data = NULL;
3149 smp_del_chan(chan);
3150 }
3151
b7cb93e5 3152 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3153
3154 return count;
3155}
3156
3157static const struct file_operations force_bredr_smp_fops = {
3158 .open = simple_open,
3159 .read = force_bredr_smp_read,
3160 .write = force_bredr_smp_write,
3161 .llseek = default_llseek,
3162};
3163
ef8efe4b
JH		 3164int smp_register(struct hci_dev *hdev)
3165{
3166 struct l2cap_chan *chan;
3167
3168 BT_DBG("%s", hdev->name);
3169
7e7ec445
MH		 3170 /* If the controller does not support Low Energy operation, then
3171 * there is also no need to register any SMP channel.
3172 */
3173 if (!lmp_le_capable(hdev))
3174 return 0;
3175
2b8df323
MH		 3176 if (WARN_ON(hdev->smp_data)) {
3177 chan = hdev->smp_data;
3178 hdev->smp_data = NULL;
3179 smp_del_chan(chan);
3180 }
3181
ef8efe4b
JH		 3182 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3183 if (IS_ERR(chan))
3184 return PTR_ERR(chan);
3185
3186 hdev->smp_data = chan;
3187
300acfde
MH		 3188 /* If the controller does not support BR/EDR Secure Connections
3189 * feature, then the BR/EDR SMP channel shall not be present.
3190 *
3191 * To test this with Bluetooth 4.0 controllers, create a debugfs
3192 * switch that allows forcing BR/EDR SMP support and accepting
3193 * cross-transport pairing on non-AES encrypted connections.
3194 */
3195 if (!lmp_sc_capable(hdev)) {
3196 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3197 hdev, &force_bredr_smp_fops);
ef8efe4b 3198 return 0;
300acfde 3199 }
ef8efe4b 3200
2b8df323
MH		 3201 if (WARN_ON(hdev->smp_bredr_data)) {
3202 chan = hdev->smp_bredr_data;
3203 hdev->smp_bredr_data = NULL;
3204 smp_del_chan(chan);
3205 }
3206
ef8efe4b
JH		 3207 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3208 if (IS_ERR(chan)) {
3209 int err = PTR_ERR(chan);
3210 chan = hdev->smp_data;
3211 hdev->smp_data = NULL;
3212 smp_del_chan(chan);
3213 return err;
3214 }
3215
3216 hdev->smp_bredr_data = chan;
3217
3218 return 0;
3219}
3220
3221void smp_unregister(struct hci_dev *hdev)
3222{
3223 struct l2cap_chan *chan;
3224
3225 if (hdev->smp_bredr_data) {
3226 chan = hdev->smp_bredr_data;
3227 hdev->smp_bredr_data = NULL;
3228 smp_del_chan(chan);
3229 }
3230
3231 if (hdev->smp_data) {
3232 chan = hdev->smp_data;
3233 hdev->smp_data = NULL;
3234 smp_del_chan(chan);
3235 }
3236}
0a2b0f04
JH		 3237
3238#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3239
cfc4198e
JH		 3240static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3241{
3242 const u8 irk[16] = {
3243 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3244 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3245 const u8 r[3] = { 0x94, 0x81, 0x70 };
3246 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3247 u8 res[3];
3248 int err;
3249
3250 err = smp_ah(tfm_aes, irk, r, res);
3251 if (err)
3252 return err;
3253
3254 if (memcmp(res, exp, 3))
3255 return -EINVAL;
3256
3257 return 0;
3258}
3259
3260static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3261{
3262 const u8 k[16] = {
3263 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3264 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3265 const u8 r[16] = {
3266 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3267 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3268 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3269 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3270 const u8 _iat = 0x01;
3271 const u8 _rat = 0x00;
3272 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3273 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3274 const u8 exp[16] = {
3275 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3276 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3277 u8 res[16];
3278 int err;
3279
3280 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3281 if (err)
3282 return err;
3283
3284 if (memcmp(res, exp, 16))
3285 return -EINVAL;
3286
3287 return 0;
3288}
3289
3290static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3291{
3292 const u8 k[16] = {
3293 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3295 const u8 r1[16] = {
3296 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3297 const u8 r2[16] = {
3298 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3299 const u8 exp[16] = {
3300 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3301 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3302 u8 res[16];
3303 int err;
3304
3305 err = smp_s1(tfm_aes, k, r1, r2, res);
3306 if (err)
3307 return err;
3308
3309 if (memcmp(res, exp, 16))
3310 return -EINVAL;
3311
3312 return 0;
3313}
3314
fb2969a3
JH		 3315static int __init test_f4(struct crypto_hash *tfm_cmac)
3316{
3317 const u8 u[32] = {
3318 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3319 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3320 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3321 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3322 const u8 v[32] = {
3323 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3324 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3325 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3326 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3327 const u8 x[16] = {
3328 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3329 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3330 const u8 z = 0x00;
3331 const u8 exp[16] = {
3332 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3333 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3334 u8 res[16];
3335 int err;
3336
3337 err = smp_f4(tfm_cmac, u, v, x, z, res);
3338 if (err)
3339 return err;
3340
3341 if (memcmp(res, exp, 16))
3342 return -EINVAL;
3343
3344 return 0;
3345}
3346
3347static int __init test_f5(struct crypto_hash *tfm_cmac)
3348{
3349 const u8 w[32] = {
3350 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3351 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3352 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3353 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3354 const u8 n1[16] = {
3355 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3356 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3357 const u8 n2[16] = {
3358 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3359 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3360 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3361 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3362 const u8 exp_ltk[16] = {
3363 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3364 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3365 const u8 exp_mackey[16] = {
3366 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3367 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3368 u8 mackey[16], ltk[16];
3369 int err;
3370
3371 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3372 if (err)
3373 return err;
3374
3375 if (memcmp(mackey, exp_mackey, 16))
3376 return -EINVAL;
3377
3378 if (memcmp(ltk, exp_ltk, 16))
3379 return -EINVAL;
3380
3381 return 0;
3382}
3383
3384static int __init test_f6(struct crypto_hash *tfm_cmac)
3385{
3386 const u8 w[16] = {
3387 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3388 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3389 const u8 n1[16] = {
3390 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3391 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3392 const u8 n2[16] = {
3393 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3394 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3395 const u8 r[16] = {
3396 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3397 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3398 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3399 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3400 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3401 const u8 exp[16] = {
3402 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3403 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3404 u8 res[16];
3405 int err;
3406
3407 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3408 if (err)
3409 return err;
3410
3411 if (memcmp(res, exp, 16))
3412 return -EINVAL;
3413
3414 return 0;
3415}
3416
3417static int __init test_g2(struct crypto_hash *tfm_cmac)
3418{
3419 const u8 u[32] = {
3420 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3421 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3422 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3423 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3424 const u8 v[32] = {
3425 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3426 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3427 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3428 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3429 const u8 x[16] = {
3430 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3431 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3432 const u8 y[16] = {
3433 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3434 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3435 const u32 exp_val = 0x2f9ed5ba % 1000000;
3436 u32 val;
3437 int err;
3438
3439 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3440 if (err)
3441 return err;
3442
3443 if (val != exp_val)
3444 return -EINVAL;
3445
3446 return 0;
3447}
3448
3449static int __init test_h6(struct crypto_hash *tfm_cmac)
3450{
3451 const u8 w[16] = {
3452 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3453 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3454 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3455 const u8 exp[16] = {
3456 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3457 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3458 u8 res[16];
3459 int err;
3460
3461 err = smp_h6(tfm_cmac, w, key_id, res);
3462 if (err)
3463 return err;
3464
3465 if (memcmp(res, exp, 16))
3466 return -EINVAL;
3467
3468 return 0;
3469}
3470
0a2b0f04
JH		 3471static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3472 struct crypto_hash *tfm_cmac)
3473{
255047b0
MH		 3474 ktime_t calltime, delta, rettime;
3475 unsigned long long duration;
cfc4198e
JH		 3476 int err;
3477
255047b0
MH		 3478 calltime = ktime_get();
3479
cfc4198e
JH		 3480 err = test_ah(tfm_aes);
3481 if (err) {
3482 BT_ERR("smp_ah test failed");
3483 return err;
3484 }
3485
3486 err = test_c1(tfm_aes);
3487 if (err) {
3488 BT_ERR("smp_c1 test failed");
3489 return err;
3490 }
3491
3492 err = test_s1(tfm_aes);
3493 if (err) {
3494 BT_ERR("smp_s1 test failed");
3495 return err;
3496 }
3497
fb2969a3
JH		 3498 err = test_f4(tfm_cmac);
3499 if (err) {
3500 BT_ERR("smp_f4 test failed");
3501 return err;
3502 }
3503
3504 err = test_f5(tfm_cmac);
3505 if (err) {
3506 BT_ERR("smp_f5 test failed");
3507 return err;
3508 }
3509
3510 err = test_f6(tfm_cmac);
3511 if (err) {
3512 BT_ERR("smp_f6 test failed");
3513 return err;
3514 }
3515
3516 err = test_g2(tfm_cmac);
3517 if (err) {
3518 BT_ERR("smp_g2 test failed");
3519 return err;
3520 }
3521
3522 err = test_h6(tfm_cmac);
3523 if (err) {
3524 BT_ERR("smp_h6 test failed");
3525 return err;
3526 }
3527
255047b0
MH		 3528 rettime = ktime_get();
3529 delta = ktime_sub(rettime, calltime);
3530 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3531
5ced2464 3532 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04
JH		 3533
3534 return 0;
3535}
3536
3537int __init bt_selftest_smp(void)
3538{
3539 struct crypto_blkcipher *tfm_aes;
3540 struct crypto_hash *tfm_cmac;
3541 int err;
3542
3543 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3544 if (IS_ERR(tfm_aes)) {
3545 BT_ERR("Unable to create ECB crypto context");
3546 return PTR_ERR(tfm_aes);
3547 }
3548
3549 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3550 if (IS_ERR(tfm_cmac)) {
3551 BT_ERR("Unable to create CMAC crypto context");
3552 crypto_free_blkcipher(tfm_aes);
3553 return PTR_ERR(tfm_cmac);
3554 }
3555
3556 err = run_selftests(tfm_aes, tfm_cmac);
3557
3558 crypto_free_hash(tfm_cmac);
3559 crypto_free_blkcipher(tfm_aes);
3560
3561 return err;
3562}
3563
3564#endif
Linux kernel - Deliverables
This page took 0.399724 seconds and 5 git commands to generate.