projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add extra SMP_DBG statement for remote OOB data
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
d7a5a11d 55#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
0edb14de
JH		 56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
1a8bab4f
JH		 73 SMP_FLAG_REMOTE_OOB,
74 SMP_FLAG_LOCAL_OOB,
533e35d4 75};
4bc58f51 76
88a479d9 77struct smp_dev {
60a27d65
MH		 78 /* Secure Connections OOB data */
79 u8 local_pk[64];
80 u8 local_sk[32];
81 u8 local_rr[16];
82 bool debug_key;
83
88a479d9 84 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 85 struct crypto_hash *tfm_cmac;
88a479d9
MH		 86};
87
4bc58f51 88struct smp_chan {
b68fda68
JH		 89 struct l2cap_conn *conn;
90 struct delayed_work security_timer;
b28b4943 91 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 92
4bc58f51
JH		 93 u8 preq[7]; /* SMP Pairing Request */
94 u8 prsp[7]; /* SMP Pairing Response */
95 u8 prnd[16]; /* SMP Pairing Random (local) */
96 u8 rrnd[16]; /* SMP Pairing Random (remote) */
97 u8 pcnf[16]; /* SMP Pairing Confirm */
98 u8 tk[16]; /* SMP Temporary Key */
882fafad
JH		 99 u8 rr[16]; /* Remote OOB ra/rb value */
100 u8 lr[16]; /* Local OOB ra/rb value */
4bc58f51
JH		 101 u8 enc_key_size;
102 u8 remote_key_dist;
103 bdaddr_t id_addr;
104 u8 id_addr_type;
105 u8 irk[16];
106 struct smp_csrk *csrk;
107 struct smp_csrk *slave_csrk;
108 struct smp_ltk *ltk;
109 struct smp_ltk *slave_ltk;
110 struct smp_irk *remote_irk;
6a77083a 111 u8 *link_key;
4a74d658 112 unsigned long flags;
783e0574 113 u8 method;
38606f14 114 u8 passkey_round;
6a7bd103 115
3b19146d
JH		 116 /* Secure Connections variables */
117 u8 local_pk[64];
118 u8 local_sk[32];
d8f8edbe
JH		 119 u8 remote_pk[64];
120 u8 dhkey[32];
760b018b 121 u8 mackey[16];
3b19146d 122
6a7bd103 123 struct crypto_blkcipher *tfm_aes;
407cecf6 124 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 125};
126
aeb7d461
JH		 127/* These debug key values are defined in the SMP section of the core
128 * specification. debug_pk is the public debug key and debug_sk the
129 * private debug key.
130 */
131static const u8 debug_pk[64] = {
132 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
133 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
134 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
135 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
136
137 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
138 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
139 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
140 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
141};
142
143static const u8 debug_sk[32] = {
144 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
145 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
146 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
147 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
148};
149
8a2936f4 150static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 151{
8a2936f4 152 size_t i;
d22ef0bc 153
8a2936f4
JH		 154 for (i = 0; i < len; i++)
155 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 156}
157
06edf8de
JH		 158/* The following functions map to the LE SC SMP crypto functions
159 * AES-CMAC, f4, f5, f6, g2 and h6.
160 */
161
cbbbe3e2
JH		 162static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
163 size_t len, u8 mac[16])
164{
165 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
166 struct hash_desc desc;
167 struct scatterlist sg;
168 int err;
169
170 if (len > CMAC_MSG_MAX)
171 return -EFBIG;
172
173 if (!tfm) {
174 BT_ERR("tfm %p", tfm);
175 return -EINVAL;
176 }
177
178 desc.tfm = tfm;
179 desc.flags = 0;
180
181 crypto_hash_init(&desc);
182
183 /* Swap key and message from LSB to MSB */
184 swap_buf(k, tmp, 16);
185 swap_buf(m, msg_msb, len);
186
c7a3d57d
JH		 187 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
188 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 189
190 err = crypto_hash_setkey(tfm, tmp, 16);
191 if (err) {
192 BT_ERR("cipher setkey failed: %d", err);
193 return err;
194 }
195
196 sg_init_one(&sg, msg_msb, len);
197
198 err = crypto_hash_update(&desc, &sg, len);
199 if (err) {
200 BT_ERR("Hash update error %d", err);
201 return err;
202 }
203
204 err = crypto_hash_final(&desc, mac_msb);
205 if (err) {
206 BT_ERR("Hash final error %d", err);
207 return err;
208 }
209
210 swap_buf(mac_msb, mac, 16);
211
c7a3d57d 212 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 213
214 return 0;
215}
216
217static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
218 const u8 x[16], u8 z, u8 res[16])
219{
220 u8 m[65];
221 int err;
222
c7a3d57d
JH		 223 SMP_DBG("u %32phN", u);
224 SMP_DBG("v %32phN", v);
225 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 226
227 m[0] = z;
228 memcpy(m + 1, v, 32);
229 memcpy(m + 33, u, 32);
230
231 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
232 if (err)
233 return err;
234
c7a3d57d 235 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 236
237 return err;
238}
239
4da50de8
JH		 240static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
241 const u8 n1[16], const u8 n2[16], const u8 a1[7],
242 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 243{
244 /* The btle, salt and length "magic" values are as defined in
245 * the SMP section of the Bluetooth core specification. In ASCII
246 * the btle value ends up being 'btle'. The salt is just a
247 * random number whereas length is the value 256 in little
248 * endian format.
249 */
250 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
251 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
252 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
253 const u8 length[2] = { 0x00, 0x01 };
254 u8 m[53], t[16];
255 int err;
256
c7a3d57d
JH		 257 SMP_DBG("w %32phN", w);
258 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
259 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 260
261 err = aes_cmac(tfm_cmac, salt, w, 32, t);
262 if (err)
263 return err;
264
c7a3d57d 265 SMP_DBG("t %16phN", t);
760b018b
JH		 266
267 memcpy(m, length, 2);
268 memcpy(m + 2, a2, 7);
269 memcpy(m + 9, a1, 7);
270 memcpy(m + 16, n2, 16);
271 memcpy(m + 32, n1, 16);
272 memcpy(m + 48, btle, 4);
273
274 m[52] = 0; /* Counter */
275
276 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
277 if (err)
278 return err;
279
c7a3d57d 280 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 281
282 m[52] = 1; /* Counter */
283
284 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
285 if (err)
286 return err;
287
c7a3d57d 288 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 289
290 return 0;
291}
292
293static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 294 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 295 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
296 u8 res[16])
297{
298 u8 m[65];
299 int err;
300
c7a3d57d
JH		 301 SMP_DBG("w %16phN", w);
302 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
303 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 304
305 memcpy(m, a2, 7);
306 memcpy(m + 7, a1, 7);
307 memcpy(m + 14, io_cap, 3);
308 memcpy(m + 17, r, 16);
309 memcpy(m + 33, n2, 16);
310 memcpy(m + 49, n1, 16);
311
312 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
313 if (err)
314 return err;
315
203de21b 316 SMP_DBG("res %16phN", res);
760b018b
JH		 317
318 return err;
319}
320
191dc7fe
JH		 321static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
322 const u8 x[16], const u8 y[16], u32 *val)
323{
324 u8 m[80], tmp[16];
325 int err;
326
c7a3d57d
JH		 327 SMP_DBG("u %32phN", u);
328 SMP_DBG("v %32phN", v);
329 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 330
331 memcpy(m, y, 16);
332 memcpy(m + 16, v, 32);
333 memcpy(m + 48, u, 32);
334
335 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
336 if (err)
337 return err;
338
339 *val = get_unaligned_le32(tmp);
340 *val %= 1000000;
341
c7a3d57d 342 SMP_DBG("val %06u", *val);
191dc7fe
JH		 343
344 return 0;
345}
346
06edf8de
JH		 347static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
348 const u8 key_id[4], u8 res[16])
349{
350 int err;
351
352 SMP_DBG("w %16phN key_id %4phN", w, key_id);
353
354 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
355 if (err)
356 return err;
357
358 SMP_DBG("res %16phN", res);
359
360 return err;
361}
362
363/* The following functions map to the legacy SMP crypto functions e, c1,
364 * s1 and ah.
365 */
366
d22ef0bc
AB		 367static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
368{
369 struct blkcipher_desc desc;
370 struct scatterlist sg;
943a732a 371 uint8_t tmp[16], data[16];
201a5929 372 int err;
d22ef0bc 373
7f376cd6 374 if (!tfm) {
d22ef0bc
AB		 375 BT_ERR("tfm %p", tfm);
376 return -EINVAL;
377 }
378
379 desc.tfm = tfm;
380 desc.flags = 0;
381
943a732a 382 /* The most significant octet of key corresponds to k[0] */
8a2936f4 383 swap_buf(k, tmp, 16);
943a732a
JH		 384
385 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 386 if (err) {
387 BT_ERR("cipher setkey failed: %d", err);
388 return err;
389 }
390
943a732a 391 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 392 swap_buf(r, data, 16);
943a732a
JH		 393
394 sg_init_one(&sg, data, 16);
d22ef0bc 395
d22ef0bc
AB		 396 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
397 if (err)
398 BT_ERR("Encrypt data error %d", err);
399
943a732a 400 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 401 swap_buf(data, r, 16);
943a732a 402
d22ef0bc
AB		 403 return err;
404}
405
06edf8de
JH		 406static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
407 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
408 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 409{
06edf8de 410 u8 p1[16], p2[16];
6a77083a
JH		 411 int err;
412
06edf8de 413 memset(p1, 0, 16);
6a77083a 414
06edf8de
JH		 415 /* p1 = pres || preq || _rat || _iat */
416 p1[0] = _iat;
417 p1[1] = _rat;
418 memcpy(p1 + 2, preq, 7);
419 memcpy(p1 + 9, pres, 7);
420
421 /* p2 = padding || ia || ra */
422 memcpy(p2, ra, 6);
423 memcpy(p2 + 6, ia, 6);
424 memset(p2 + 12, 0, 4);
425
426 /* res = r XOR p1 */
427 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
428
429 /* res = e(k, res) */
430 err = smp_e(tfm_aes, k, res);
431 if (err) {
432 BT_ERR("Encrypt data error");
6a77083a 433 return err;
06edf8de 434 }
6a77083a 435
06edf8de
JH		 436 /* res = res XOR p2 */
437 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
438
439 /* res = e(k, res) */
440 err = smp_e(tfm_aes, k, res);
441 if (err)
442 BT_ERR("Encrypt data error");
443
444 return err;
445}
446
447static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
448 const u8 r1[16], const u8 r2[16], u8 _r[16])
449{
450 int err;
451
452 /* Just least significant octets from r1 and r2 are considered */
453 memcpy(_r, r2, 8);
454 memcpy(_r + 8, r1, 8);
455
456 err = smp_e(tfm_aes, k, _r);
457 if (err)
458 BT_ERR("Encrypt data error");
6a77083a
JH		 459
460 return err;
461}
462
cd082797
JH		 463static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
464 const u8 r[3], u8 res[3])
60478054 465{
943a732a 466 u8 _res[16];
60478054
JH		 467 int err;
468
469 /* r' = padding || r */
943a732a
JH		 470 memcpy(_res, r, 3);
471 memset(_res + 3, 0, 13);
60478054 472
943a732a 473 err = smp_e(tfm, irk, _res);
60478054
JH		 474 if (err) {
475 BT_ERR("Encrypt error");
476 return err;
477 }
478
479 /* The output of the random address function ah is:
480 * ah(h, r) = e(k, r') mod 2^24
481 * The output of the security function e is then truncated to 24 bits
482 * by taking the least significant 24 bits of the output of e as the
483 * result of ah.
484 */
943a732a 485 memcpy(res, _res, 3);
60478054
JH		 486
487 return 0;
488}
489
cd082797
JH		 490bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
491 const bdaddr_t *bdaddr)
60478054 492{
defce9e8 493 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 494 struct smp_dev *smp;
60478054
JH		 495 u8 hash[3];
496 int err;
497
defce9e8
JH		 498 if (!chan || !chan->data)
499 return false;
500
88a479d9 501 smp = chan->data;
defce9e8 502
60478054
JH		 503 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
504
88a479d9 505 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 506 if (err)
507 return false;
508
509 return !memcmp(bdaddr->b, hash, 3);
510}
511
cd082797 512int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 513{
defce9e8 514 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 515 struct smp_dev *smp;
b1e2b3ae
JH		 516 int err;
517
defce9e8
JH		 518 if (!chan || !chan->data)
519 return -EOPNOTSUPP;
520
88a479d9 521 smp = chan->data;
defce9e8 522
b1e2b3ae
JH		 523 get_random_bytes(&rpa->b[3], 3);
524
525 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
526 rpa->b[5] |= 0x40; /* Set second most significant bit */
527
88a479d9 528 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 529 if (err < 0)
530 return err;
531
532 BT_DBG("RPA %pMR", rpa);
533
534 return 0;
535}
536
60a27d65
MH		 537int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
538{
539 struct l2cap_chan *chan = hdev->smp_data;
540 struct smp_dev *smp;
541 int err;
542
543 if (!chan || !chan->data)
544 return -EOPNOTSUPP;
545
546 smp = chan->data;
547
548 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
549 BT_DBG("Using debug keys");
550 memcpy(smp->local_pk, debug_pk, 64);
551 memcpy(smp->local_sk, debug_sk, 32);
552 smp->debug_key = true;
553 } else {
554 while (true) {
555 /* Generate local key pair for Secure Connections */
556 if (!ecc_make_key(smp->local_pk, smp->local_sk))
557 return -EIO;
558
559 /* This is unlikely, but we need to check that
560 * we didn't accidentially generate a debug key.
561 */
562 if (memcmp(smp->local_sk, debug_sk, 32))
563 break;
564 }
565 smp->debug_key = false;
566 }
567
568 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
569 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
570 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
571
572 get_random_bytes(smp->local_rr, 16);
573
574 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
575 smp->local_rr, 0, hash);
576 if (err < 0)
577 return err;
578
579 memcpy(rand, smp->local_rr, 16);
580
581 return 0;
582}
583
5d88cc73 584static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 585{
5d88cc73 586 struct l2cap_chan *chan = conn->smp;
b68fda68 587 struct smp_chan *smp;
5d88cc73
JH		 588 struct kvec iv[2];
589 struct msghdr msg;
eb492e01 590
5d88cc73
JH		 591 if (!chan)
592 return;
eb492e01 593
5d88cc73 594 BT_DBG("code 0x%2.2x", code);
eb492e01 595
5d88cc73
JH		 596 iv[0].iov_base = &code;
597 iv[0].iov_len = 1;
eb492e01 598
5d88cc73
JH		 599 iv[1].iov_base = data;
600 iv[1].iov_len = len;
eb492e01 601
5d88cc73 602 memset(&msg, 0, sizeof(msg));
eb492e01 603
17836394 604 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 605
5d88cc73 606 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 607
b68fda68
JH		 608 if (!chan->data)
609 return;
610
611 smp = chan->data;
612
613 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 614 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 615}
616
d2eb9e10 617static u8 authreq_to_seclevel(u8 authreq)
2b64d153 618{
d2eb9e10
JH		 619 if (authreq & SMP_AUTH_MITM) {
620 if (authreq & SMP_AUTH_SC)
621 return BT_SECURITY_FIPS;
622 else
623 return BT_SECURITY_HIGH;
624 } else {
2b64d153 625 return BT_SECURITY_MEDIUM;
d2eb9e10 626 }
2b64d153
BG		 627}
628
629static __u8 seclevel_to_authreq(__u8 sec_level)
630{
631 switch (sec_level) {
d2eb9e10 632 case BT_SECURITY_FIPS:
2b64d153
BG		 633 case BT_SECURITY_HIGH:
634 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
635 case BT_SECURITY_MEDIUM:
636 return SMP_AUTH_BONDING;
637 default:
638 return SMP_AUTH_NONE;
639 }
640}
641
b8e66eac 642static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 643 struct smp_cmd_pairing *req,
644 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 645{
5d88cc73
JH		 646 struct l2cap_chan *chan = conn->smp;
647 struct smp_chan *smp = chan->data;
fd349c02
JH		 648 struct hci_conn *hcon = conn->hcon;
649 struct hci_dev *hdev = hcon->hdev;
02b05bd8 650 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 651
d7a5a11d 652 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 653 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
654 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 655 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 656 } else {
657 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 658 }
659
d7a5a11d 660 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 661 remote_dist |= SMP_DIST_ID_KEY;
662
d7a5a11d 663 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 664 local_dist |= SMP_DIST_ID_KEY;
665
d7a5a11d 666 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 667 (authreq & SMP_AUTH_SC)) {
668 struct oob_data *oob_data;
669 u8 bdaddr_type;
670
d7a5a11d 671 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 672 local_dist |= SMP_DIST_LINK_KEY;
673 remote_dist |= SMP_DIST_LINK_KEY;
674 }
02b05bd8
JH		 675
676 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
677 bdaddr_type = BDADDR_LE_PUBLIC;
678 else
679 bdaddr_type = BDADDR_LE_RANDOM;
680
681 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
682 bdaddr_type);
4775a4ea 683 if (oob_data && oob_data->present) {
1a8bab4f 684 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
02b05bd8 685 oob_flag = SMP_OOB_PRESENT;
a29b0733 686 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8 687 memcpy(smp->pcnf, oob_data->hash256, 16);
bc07cd69
MH		 688 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
689 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
02b05bd8
JH		 690 }
691
df8e1a4c
JH		 692 } else {
693 authreq &= ~SMP_AUTH_SC;
694 }
695
54790f73
VCG		 696 if (rsp == NULL) {
697 req->io_capability = conn->hcon->io_capability;
02b05bd8 698 req->oob_flag = oob_flag;
54790f73 699 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 700 req->init_key_dist = local_dist;
701 req->resp_key_dist = remote_dist;
0edb14de 702 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 703
704 smp->remote_key_dist = remote_dist;
54790f73
VCG		 705 return;
706 }
707
708 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 709 rsp->oob_flag = oob_flag;
54790f73 710 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 711 rsp->init_key_dist = req->init_key_dist & remote_dist;
712 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 713 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 714
715 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 716}
717
3158c50c
VCG		 718static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
719{
5d88cc73
JH		 720 struct l2cap_chan *chan = conn->smp;
721 struct smp_chan *smp = chan->data;
1c1def09 722
3158c50c 723 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 724 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 725 return SMP_ENC_KEY_SIZE;
726
f7aa611a 727 smp->enc_key_size = max_key_size;
3158c50c
VCG		 728
729 return 0;
730}
731
6f48e260
JH		 732static void smp_chan_destroy(struct l2cap_conn *conn)
733{
734 struct l2cap_chan *chan = conn->smp;
735 struct smp_chan *smp = chan->data;
923e2414 736 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 737 bool complete;
738
739 BUG_ON(!smp);
740
741 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 742
6f48e260 743 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 744 mgmt_smp_complete(hcon, complete);
6f48e260 745
276812ec
MH		 746 kzfree(smp->csrk);
747 kzfree(smp->slave_csrk);
748 kzfree(smp->link_key);
6f48e260
JH		 749
750 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 751 crypto_free_hash(smp->tfm_cmac);
6f48e260 752
923e2414
JH		 753 /* Ensure that we don't leave any debug key around if debug key
754 * support hasn't been explicitly enabled.
755 */
756 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 757 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 758 list_del_rcu(&smp->ltk->list);
759 kfree_rcu(smp->ltk, rcu);
760 smp->ltk = NULL;
761 }
762
6f48e260
JH		 763 /* If pairing failed clean up any keys we might have */
764 if (!complete) {
765 if (smp->ltk) {
970d0f1b
JH		 766 list_del_rcu(&smp->ltk->list);
767 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 768 }
769
770 if (smp->slave_ltk) {
970d0f1b
JH		 771 list_del_rcu(&smp->slave_ltk->list);
772 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 773 }
774
775 if (smp->remote_irk) {
adae20cb
JH		 776 list_del_rcu(&smp->remote_irk->list);
777 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 778 }
779 }
780
781 chan->data = NULL;
276812ec 782 kzfree(smp);
923e2414 783 hci_conn_drop(hcon);
6f48e260
JH		 784}
785
84794e11 786static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 787{
bab73cb6 788 struct hci_conn *hcon = conn->hcon;
b68fda68 789 struct l2cap_chan *chan = conn->smp;
bab73cb6 790
84794e11 791 if (reason)
4f957a76 792 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 793 &reason);
4f957a76 794
ce39fb4e 795 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 796 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 797
fc75cc86 798 if (chan->data)
f1c09c07 799 smp_chan_destroy(conn);
4f957a76
BG		 800}
801
2b64d153
BG		 802#define JUST_WORKS 0x00
803#define JUST_CFM 0x01
804#define REQ_PASSKEY 0x02
805#define CFM_PASSKEY 0x03
806#define REQ_OOB 0x04
5e3d3d9b 807#define DSP_PASSKEY 0x05
2b64d153
BG		 808#define OVERLAP 0xFF
809
810static const u8 gen_method[5][5] = {
811 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
812 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
813 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
814 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
815 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
816};
817
5e3d3d9b
JH		 818static const u8 sc_method[5][5] = {
819 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
820 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
821 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
822 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
823 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
824};
825
581370cc
JH		 826static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
827{
2bcd4003
JH		 828 /* If either side has unknown io_caps, use JUST_CFM (which gets
829 * converted later to JUST_WORKS if we're initiators.
830 */
581370cc
JH		 831 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
832 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 833 return JUST_CFM;
581370cc 834
5e3d3d9b
JH		 835 if (test_bit(SMP_FLAG_SC, &smp->flags))
836 return sc_method[remote_io][local_io];
837
581370cc
JH		 838 return gen_method[remote_io][local_io];
839}
840
2b64d153
BG		 841static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
842 u8 local_io, u8 remote_io)
843{
844 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 845 struct l2cap_chan *chan = conn->smp;
846 struct smp_chan *smp = chan->data;
2b64d153
BG		 847 u32 passkey = 0;
848 int ret = 0;
849
850 /* Initialize key for JUST WORKS */
851 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 852 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 853
854 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
855
2bcd4003
JH		 856 /* If neither side wants MITM, either "just" confirm an incoming
857 * request or use just-works for outgoing ones. The JUST_CFM
858 * will be converted to JUST_WORKS if necessary later in this
859 * function. If either side has MITM look up the method from the
860 * table.
861 */
581370cc 862 if (!(auth & SMP_AUTH_MITM))
783e0574 863 smp->method = JUST_CFM;
2b64d153 864 else
783e0574 865 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 866
a82505c7 867 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 868 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
869 &smp->flags))
870 smp->method = JUST_WORKS;
a82505c7 871
02f3e254 872 /* Don't bother user space with no IO capabilities */
783e0574
JH		 873 if (smp->method == JUST_CFM &&
874 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
875 smp->method = JUST_WORKS;
02f3e254 876
2b64d153 877 /* If Just Works, Continue with Zero TK */
783e0574 878 if (smp->method == JUST_WORKS) {
4a74d658 879 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 880 return 0;
881 }
882
883 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 884 if (smp->method != JUST_CFM) {
4a74d658 885 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 886 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
887 hcon->pending_sec_level = BT_SECURITY_HIGH;
888 }
2b64d153
BG		 889
890 /* If both devices have Keyoard-Display I/O, the master
891 * Confirms and the slave Enters the passkey.
892 */
783e0574 893 if (smp->method == OVERLAP) {
40bef302 894 if (hcon->role == HCI_ROLE_MASTER)
783e0574 895 smp->method = CFM_PASSKEY;
2b64d153 896 else
783e0574 897 smp->method = REQ_PASSKEY;
2b64d153
BG		 898 }
899
01ad34d2 900 /* Generate random passkey. */
783e0574 901 if (smp->method == CFM_PASSKEY) {
943a732a 902 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 903 get_random_bytes(&passkey, sizeof(passkey));
904 passkey %= 1000000;
943a732a 905 put_unaligned_le32(passkey, smp->tk);
2b64d153 906 BT_DBG("PassKey: %d", passkey);
4a74d658 907 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 908 }
909
783e0574 910 if (smp->method == REQ_PASSKEY)
ce39fb4e 911 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 912 hcon->type, hcon->dst_type);
783e0574 913 else if (smp->method == JUST_CFM)
4eb65e66
JH		 914 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
915 hcon->type, hcon->dst_type,
916 passkey, 1);
2b64d153 917 else
01ad34d2 918 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 919 hcon->type, hcon->dst_type,
39adbffe 920 passkey, 0);
2b64d153 921
2b64d153
BG		 922 return ret;
923}
924
1cc61144 925static u8 smp_confirm(struct smp_chan *smp)
8aab4757 926{
8aab4757 927 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 928 struct smp_cmd_pairing_confirm cp;
929 int ret;
8aab4757
VCG		 930
931 BT_DBG("conn %p", conn);
932
e491eaf3 933 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 934 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 935 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
936 cp.confirm_val);
1cc61144
JH		 937 if (ret)
938 return SMP_UNSPECIFIED;
8aab4757 939
4a74d658 940 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 941
8aab4757
VCG		 942 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
943
b28b4943
JH		 944 if (conn->hcon->out)
945 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
946 else
947 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
948
1cc61144 949 return 0;
8aab4757
VCG		 950}
951
861580a9 952static u8 smp_random(struct smp_chan *smp)
8aab4757 953{
8aab4757
VCG		 954 struct l2cap_conn *conn = smp->conn;
955 struct hci_conn *hcon = conn->hcon;
861580a9 956 u8 confirm[16];
8aab4757
VCG		 957 int ret;
958
ec70f36f 959 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 960 return SMP_UNSPECIFIED;
8aab4757
VCG		 961
962 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
963
e491eaf3 964 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 965 hcon->init_addr_type, &hcon->init_addr,
943a732a 966 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 967 if (ret)
968 return SMP_UNSPECIFIED;
8aab4757 969
8aab4757
VCG		 970 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
971 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 972 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 973 }
974
975 if (hcon->out) {
fe39c7b2
MH		 976 u8 stk[16];
977 __le64 rand = 0;
978 __le16 ediv = 0;
8aab4757 979
e491eaf3 980 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 981
f7aa611a 982 memset(stk + smp->enc_key_size, 0,
04124681 983 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 984
861580a9
JH		 985 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
986 return SMP_UNSPECIFIED;
8aab4757
VCG		 987
988 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 989 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 990 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 991 } else {
fff3490f 992 u8 stk[16], auth;
fe39c7b2
MH		 993 __le64 rand = 0;
994 __le16 ediv = 0;
8aab4757 995
943a732a
JH		 996 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
997 smp->prnd);
8aab4757 998
e491eaf3 999 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 1000
f7aa611a 1001 memset(stk + smp->enc_key_size, 0,
f1560463 1002 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 1003
fff3490f
JH		 1004 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1005 auth = 1;
1006 else
1007 auth = 0;
1008
7d5843b7
JH		 1009 /* Even though there's no _SLAVE suffix this is the
1010 * slave STK we're adding for later lookup (the master
1011 * STK never needs to be stored).
1012 */
ce39fb4e 1013 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1014 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1015 }
1016
861580a9 1017 return 0;
8aab4757
VCG		 1018}
1019
44f1a7ab
JH		 1020static void smp_notify_keys(struct l2cap_conn *conn)
1021{
1022 struct l2cap_chan *chan = conn->smp;
1023 struct smp_chan *smp = chan->data;
1024 struct hci_conn *hcon = conn->hcon;
1025 struct hci_dev *hdev = hcon->hdev;
1026 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1027 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1028 bool persistent;
1029
1030 if (smp->remote_irk) {
1031 mgmt_new_irk(hdev, smp->remote_irk);
1032 /* Now that user space can be considered to know the
1033 * identity address track the connection based on it
b5ae344d 1034 * from now on (assuming this is an LE link).
44f1a7ab 1035 */
b5ae344d
JH		 1036 if (hcon->type == LE_LINK) {
1037 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1038 hcon->dst_type = smp->remote_irk->addr_type;
1039 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1040 }
44f1a7ab
JH		 1041
1042 /* When receiving an indentity resolving key for
1043 * a remote device that does not use a resolvable
1044 * private address, just remove the key so that
1045 * it is possible to use the controller white
1046 * list for scanning.
1047 *
1048 * Userspace will have been told to not store
1049 * this key at this point. So it is safe to
1050 * just remove it.
1051 */
1052 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 1053 list_del_rcu(&smp->remote_irk->list);
1054 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 1055 smp->remote_irk = NULL;
1056 }
1057 }
1058
b5ae344d
JH		 1059 if (hcon->type == ACL_LINK) {
1060 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1061 persistent = false;
1062 else
1063 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1064 &hcon->flags);
1065 } else {
1066 /* The LTKs and CSRKs should be persistent only if both sides
1067 * had the bonding bit set in their authentication requests.
1068 */
1069 persistent = !!((req->auth_req & rsp->auth_req) &
1070 SMP_AUTH_BONDING);
1071 }
1072
44f1a7ab
JH		 1073
1074 if (smp->csrk) {
1075 smp->csrk->bdaddr_type = hcon->dst_type;
1076 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1077 mgmt_new_csrk(hdev, smp->csrk, persistent);
1078 }
1079
1080 if (smp->slave_csrk) {
1081 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1082 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1083 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1084 }
1085
1086 if (smp->ltk) {
1087 smp->ltk->bdaddr_type = hcon->dst_type;
1088 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1089 mgmt_new_ltk(hdev, smp->ltk, persistent);
1090 }
1091
1092 if (smp->slave_ltk) {
1093 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1094 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1095 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1096 }
6a77083a
JH		 1097
1098 if (smp->link_key) {
e3befab9
JH		 1099 struct link_key *key;
1100 u8 type;
1101
1102 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1103 type = HCI_LK_DEBUG_COMBINATION;
1104 else if (hcon->sec_level == BT_SECURITY_FIPS)
1105 type = HCI_LK_AUTH_COMBINATION_P256;
1106 else
1107 type = HCI_LK_UNAUTH_COMBINATION_P256;
1108
1109 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1110 smp->link_key, type, 0, &persistent);
1111 if (key) {
1112 mgmt_new_link_key(hdev, key, persistent);
1113
1114 /* Don't keep debug keys around if the relevant
1115 * flag is not set.
1116 */
d7a5a11d 1117 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1118 key->type == HCI_LK_DEBUG_COMBINATION) {
1119 list_del_rcu(&key->list);
1120 kfree_rcu(key, rcu);
1121 }
1122 }
6a77083a
JH		 1123 }
1124}
1125
d3e54a87
JH		 1126static void sc_add_ltk(struct smp_chan *smp)
1127{
1128 struct hci_conn *hcon = smp->conn->hcon;
1129 u8 key_type, auth;
1130
1131 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1132 key_type = SMP_LTK_P256_DEBUG;
1133 else
1134 key_type = SMP_LTK_P256;
1135
1136 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1137 auth = 1;
1138 else
1139 auth = 0;
1140
1141 memset(smp->tk + smp->enc_key_size, 0,
1142 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1143
1144 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1145 key_type, auth, smp->tk, smp->enc_key_size,
1146 0, 0);
1147}
1148
6a77083a
JH		 1149static void sc_generate_link_key(struct smp_chan *smp)
1150{
1151 /* These constants are as specified in the core specification.
1152 * In ASCII they spell out to 'tmp1' and 'lebr'.
1153 */
1154 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
1161 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
276812ec 1162 kzfree(smp->link_key);
6a77083a
JH		 1163 smp->link_key = NULL;
1164 return;
1165 }
1166
1167 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1168 kzfree(smp->link_key);
6a77083a
JH		 1169 smp->link_key = NULL;
1170 return;
1171 }
44f1a7ab
JH		 1172}
1173
b28b4943
JH		 1174static void smp_allow_key_dist(struct smp_chan *smp)
1175{
1176 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1177 * will be allowed in each PDU handler to ensure we receive
1178 * them in the correct order.
1179 */
1180 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1182 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1183 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1184 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1185 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1186}
1187
b5ae344d
JH		 1188static void sc_generate_ltk(struct smp_chan *smp)
1189{
1190 /* These constants are as specified in the core specification.
1191 * In ASCII they spell out to 'tmp2' and 'brle'.
1192 */
1193 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1194 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1195 struct hci_conn *hcon = smp->conn->hcon;
1196 struct hci_dev *hdev = hcon->hdev;
1197 struct link_key *key;
1198
1199 key = hci_find_link_key(hdev, &hcon->dst);
1200 if (!key) {
1201 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1202 return;
1203 }
1204
1205 if (key->type == HCI_LK_DEBUG_COMBINATION)
1206 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1207
1208 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1209 return;
1210
1211 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1212 return;
1213
1214 sc_add_ltk(smp);
1215}
1216
d6268e86 1217static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1218{
1219 struct smp_cmd_pairing *req, *rsp;
86d1407c 1220 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1221 struct hci_conn *hcon = conn->hcon;
1222 struct hci_dev *hdev = hcon->hdev;
1223 __u8 *keydist;
1224
1225 BT_DBG("conn %p", conn);
1226
44f1a7ab
JH		 1227 rsp = (void *) &smp->prsp[1];
1228
1229 /* The responder sends its keys first */
b28b4943
JH		 1230 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1231 smp_allow_key_dist(smp);
86d1407c 1232 return;
b28b4943 1233 }
44f1a7ab
JH		 1234
1235 req = (void *) &smp->preq[1];
1236
1237 if (hcon->out) {
1238 keydist = &rsp->init_key_dist;
1239 *keydist &= req->init_key_dist;
1240 } else {
1241 keydist = &rsp->resp_key_dist;
1242 *keydist &= req->resp_key_dist;
1243 }
1244
6a77083a 1245 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1246 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1247 sc_generate_link_key(smp);
b5ae344d
JH		 1248 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1249 sc_generate_ltk(smp);
6a77083a
JH		 1250
1251 /* Clear the keys which are generated but not distributed */
1252 *keydist &= ~SMP_SC_NO_DIST;
1253 }
1254
44f1a7ab
JH		 1255 BT_DBG("keydist 0x%x", *keydist);
1256
1257 if (*keydist & SMP_DIST_ENC_KEY) {
1258 struct smp_cmd_encrypt_info enc;
1259 struct smp_cmd_master_ident ident;
1260 struct smp_ltk *ltk;
1261 u8 authenticated;
1262 __le16 ediv;
1263 __le64 rand;
1264
1265 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1266 get_random_bytes(&ediv, sizeof(ediv));
1267 get_random_bytes(&rand, sizeof(rand));
1268
1269 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1270
1271 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1272 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1273 SMP_LTK_SLAVE, authenticated, enc.ltk,
1274 smp->enc_key_size, ediv, rand);
1275 smp->slave_ltk = ltk;
1276
1277 ident.ediv = ediv;
1278 ident.rand = rand;
1279
1280 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1281
1282 *keydist &= ~SMP_DIST_ENC_KEY;
1283 }
1284
1285 if (*keydist & SMP_DIST_ID_KEY) {
1286 struct smp_cmd_ident_addr_info addrinfo;
1287 struct smp_cmd_ident_info idinfo;
1288
1289 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1290
1291 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1292
1293 /* The hci_conn contains the local identity address
1294 * after the connection has been established.
1295 *
1296 * This is true even when the connection has been
1297 * established using a resolvable random address.
1298 */
1299 bacpy(&addrinfo.bdaddr, &hcon->src);
1300 addrinfo.addr_type = hcon->src_type;
1301
1302 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1303 &addrinfo);
1304
1305 *keydist &= ~SMP_DIST_ID_KEY;
1306 }
1307
1308 if (*keydist & SMP_DIST_SIGN) {
1309 struct smp_cmd_sign_info sign;
1310 struct smp_csrk *csrk;
1311
1312 /* Generate a new random key */
1313 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1314
1315 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1316 if (csrk) {
4cd3928a
JH		 1317 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1318 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1319 else
1320 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1321 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1322 }
1323 smp->slave_csrk = csrk;
1324
1325 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1326
1327 *keydist &= ~SMP_DIST_SIGN;
1328 }
1329
1330 /* If there are still keys to be received wait for them */
b28b4943
JH		 1331 if (smp->remote_key_dist & KEY_DIST_MASK) {
1332 smp_allow_key_dist(smp);
86d1407c 1333 return;
b28b4943 1334 }
44f1a7ab 1335
44f1a7ab
JH		 1336 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1337 smp_notify_keys(conn);
1338
1339 smp_chan_destroy(conn);
44f1a7ab
JH		 1340}
1341
b68fda68
JH		 1342static void smp_timeout(struct work_struct *work)
1343{
1344 struct smp_chan *smp = container_of(work, struct smp_chan,
1345 security_timer.work);
1346 struct l2cap_conn *conn = smp->conn;
1347
1348 BT_DBG("conn %p", conn);
1349
1e91c29e 1350 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1351}
1352
8aab4757
VCG		 1353static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1354{
5d88cc73 1355 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1356 struct smp_chan *smp;
1357
f1560463 1358 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1359 if (!smp)
8aab4757
VCG		 1360 return NULL;
1361
6a7bd103
JH		 1362 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1363 if (IS_ERR(smp->tfm_aes)) {
1364 BT_ERR("Unable to create ECB crypto context");
276812ec 1365 kzfree(smp);
6a7bd103
JH		 1366 return NULL;
1367 }
1368
407cecf6
JH		 1369 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1370 if (IS_ERR(smp->tfm_cmac)) {
1371 BT_ERR("Unable to create CMAC crypto context");
1372 crypto_free_blkcipher(smp->tfm_aes);
276812ec 1373 kzfree(smp);
407cecf6
JH		 1374 return NULL;
1375 }
1376
8aab4757 1377 smp->conn = conn;
5d88cc73 1378 chan->data = smp;
8aab4757 1379
b28b4943
JH		 1380 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1381
b68fda68
JH		 1382 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1383
8aab4757
VCG		 1384 hci_conn_hold(conn->hcon);
1385
1386 return smp;
1387}
1388
760b018b
JH		 1389static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1390{
1391 struct hci_conn *hcon = smp->conn->hcon;
1392 u8 *na, *nb, a[7], b[7];
1393
1394 if (hcon->out) {
1395 na = smp->prnd;
1396 nb = smp->rrnd;
1397 } else {
1398 na = smp->rrnd;
1399 nb = smp->prnd;
1400 }
1401
1402 memcpy(a, &hcon->init_addr, 6);
1403 memcpy(b, &hcon->resp_addr, 6);
1404 a[6] = hcon->init_addr_type;
1405 b[6] = hcon->resp_addr_type;
1406
1407 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1408}
1409
38606f14 1410static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1411{
1412 struct hci_conn *hcon = smp->conn->hcon;
1413 struct smp_cmd_dhkey_check check;
1414 u8 a[7], b[7], *local_addr, *remote_addr;
1415 u8 io_cap[3], r[16];
1416
760b018b
JH		 1417 memcpy(a, &hcon->init_addr, 6);
1418 memcpy(b, &hcon->resp_addr, 6);
1419 a[6] = hcon->init_addr_type;
1420 b[6] = hcon->resp_addr_type;
1421
1422 if (hcon->out) {
1423 local_addr = a;
1424 remote_addr = b;
1425 memcpy(io_cap, &smp->preq[1], 3);
1426 } else {
1427 local_addr = b;
1428 remote_addr = a;
1429 memcpy(io_cap, &smp->prsp[1], 3);
1430 }
1431
dddd3059
JH		 1432 memset(r, 0, sizeof(r));
1433
1434 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1435 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1436
a29b0733
JH		 1437 if (smp->method == REQ_OOB)
1438 memcpy(r, smp->rr, 16);
1439
760b018b
JH		 1440 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1441 local_addr, remote_addr, check.e);
1442
1443 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1444}
1445
38606f14
JH		 1446static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1447{
1448 struct l2cap_conn *conn = smp->conn;
1449 struct hci_conn *hcon = conn->hcon;
1450 struct smp_cmd_pairing_confirm cfm;
1451 u8 r;
1452
1453 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1454 r |= 0x80;
1455
1456 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1457
1458 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1459 cfm.confirm_val))
1460 return SMP_UNSPECIFIED;
1461
1462 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1463
1464 return 0;
1465}
1466
1467static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1468{
1469 struct l2cap_conn *conn = smp->conn;
1470 struct hci_conn *hcon = conn->hcon;
1471 struct hci_dev *hdev = hcon->hdev;
1472 u8 cfm[16], r;
1473
1474 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1475 if (smp->passkey_round >= 20)
1476 return 0;
1477
1478 switch (smp_op) {
1479 case SMP_CMD_PAIRING_RANDOM:
1480 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1481 r |= 0x80;
1482
1483 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1484 smp->rrnd, r, cfm))
1485 return SMP_UNSPECIFIED;
1486
1487 if (memcmp(smp->pcnf, cfm, 16))
1488 return SMP_CONFIRM_FAILED;
1489
1490 smp->passkey_round++;
1491
1492 if (smp->passkey_round == 20) {
1493 /* Generate MacKey and LTK */
1494 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1495 return SMP_UNSPECIFIED;
1496 }
1497
1498 /* The round is only complete when the initiator
1499 * receives pairing random.
1500 */
1501 if (!hcon->out) {
1502 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1503 sizeof(smp->prnd), smp->prnd);
d3e54a87 1504 if (smp->passkey_round == 20)
38606f14 1505 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1506 else
38606f14 1507 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1508 return 0;
1509 }
1510
1511 /* Start the next round */
1512 if (smp->passkey_round != 20)
1513 return sc_passkey_round(smp, 0);
1514
1515 /* Passkey rounds are complete - start DHKey Check */
1516 sc_dhkey_check(smp);
1517 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1518
1519 break;
1520
1521 case SMP_CMD_PAIRING_CONFIRM:
1522 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1523 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1524 return 0;
1525 }
1526
1527 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1528
1529 if (hcon->out) {
1530 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1531 sizeof(smp->prnd), smp->prnd);
1532 return 0;
1533 }
1534
1535 return sc_passkey_send_confirm(smp);
1536
1537 case SMP_CMD_PUBLIC_KEY:
1538 default:
1539 /* Initiating device starts the round */
1540 if (!hcon->out)
1541 return 0;
1542
1543 BT_DBG("%s Starting passkey round %u", hdev->name,
1544 smp->passkey_round + 1);
1545
1546 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1547
1548 return sc_passkey_send_confirm(smp);
1549 }
1550
1551 return 0;
1552}
1553
dddd3059
JH		 1554static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1555{
38606f14
JH		 1556 struct l2cap_conn *conn = smp->conn;
1557 struct hci_conn *hcon = conn->hcon;
1558 u8 smp_op;
1559
1560 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1561
dddd3059
JH		 1562 switch (mgmt_op) {
1563 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1564 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1565 return 0;
1566 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1567 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1568 return 0;
38606f14
JH		 1569 case MGMT_OP_USER_PASSKEY_REPLY:
1570 hcon->passkey_notify = le32_to_cpu(passkey);
1571 smp->passkey_round = 0;
1572
1573 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1574 smp_op = SMP_CMD_PAIRING_CONFIRM;
1575 else
1576 smp_op = 0;
1577
1578 if (sc_passkey_round(smp, smp_op))
1579 return -EIO;
1580
1581 return 0;
dddd3059
JH		 1582 }
1583
d3e54a87
JH		 1584 /* Initiator sends DHKey check first */
1585 if (hcon->out) {
1586 sc_dhkey_check(smp);
1587 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1588 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1589 sc_dhkey_check(smp);
1590 sc_add_ltk(smp);
1591 }
760b018b
JH		 1592
1593 return 0;
1594}
1595
2b64d153
BG		 1596int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1597{
b10e8017 1598 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1599 struct l2cap_chan *chan;
2b64d153
BG		 1600 struct smp_chan *smp;
1601 u32 value;
fc75cc86 1602 int err;
2b64d153
BG		 1603
1604 BT_DBG("");
1605
fc75cc86 1606 if (!conn)
2b64d153
BG		 1607 return -ENOTCONN;
1608
5d88cc73
JH		 1609 chan = conn->smp;
1610 if (!chan)
1611 return -ENOTCONN;
1612
fc75cc86
JH		 1613 l2cap_chan_lock(chan);
1614 if (!chan->data) {
1615 err = -ENOTCONN;
1616 goto unlock;
1617 }
1618
5d88cc73 1619 smp = chan->data;
2b64d153 1620
760b018b
JH		 1621 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1622 err = sc_user_reply(smp, mgmt_op, passkey);
1623 goto unlock;
1624 }
1625
2b64d153
BG		 1626 switch (mgmt_op) {
1627 case MGMT_OP_USER_PASSKEY_REPLY:
1628 value = le32_to_cpu(passkey);
943a732a 1629 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1630 BT_DBG("PassKey: %d", value);
943a732a 1631 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1632 /* Fall Through */
1633 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1634 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1635 break;
1636 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1637 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1638 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1639 err = 0;
1640 goto unlock;
2b64d153 1641 default:
84794e11 1642 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1643 err = -EOPNOTSUPP;
1644 goto unlock;
2b64d153
BG		 1645 }
1646
fc75cc86
JH		 1647 err = 0;
1648
2b64d153 1649 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1650 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1651 u8 rsp = smp_confirm(smp);
1652 if (rsp)
1653 smp_failure(conn, rsp);
1654 }
2b64d153 1655
fc75cc86
JH		 1656unlock:
1657 l2cap_chan_unlock(chan);
1658 return err;
2b64d153
BG		 1659}
1660
b5ae344d
JH		 1661static void build_bredr_pairing_cmd(struct smp_chan *smp,
1662 struct smp_cmd_pairing *req,
1663 struct smp_cmd_pairing *rsp)
1664{
1665 struct l2cap_conn *conn = smp->conn;
1666 struct hci_dev *hdev = conn->hcon->hdev;
1667 u8 local_dist = 0, remote_dist = 0;
1668
d7a5a11d 1669 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1670 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1671 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1672 }
1673
d7a5a11d 1674 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1675 remote_dist |= SMP_DIST_ID_KEY;
1676
d7a5a11d 1677 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1678 local_dist |= SMP_DIST_ID_KEY;
1679
1680 if (!rsp) {
1681 memset(req, 0, sizeof(*req));
1682
1683 req->init_key_dist = local_dist;
1684 req->resp_key_dist = remote_dist;
1685 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1686
1687 smp->remote_key_dist = remote_dist;
1688
1689 return;
1690 }
1691
1692 memset(rsp, 0, sizeof(*rsp));
1693
1694 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1695 rsp->init_key_dist = req->init_key_dist & remote_dist;
1696 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1697
1698 smp->remote_key_dist = rsp->init_key_dist;
1699}
1700
da85e5e5 1701static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1702{
3158c50c 1703 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1704 struct l2cap_chan *chan = conn->smp;
b3c6410b 1705 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1706 struct smp_chan *smp;
c7262e71 1707 u8 key_size, auth, sec_level;
8aab4757 1708 int ret;
88ba43b6
AB		 1709
1710 BT_DBG("conn %p", conn);
1711
c46b98be 1712 if (skb->len < sizeof(*req))
38e4a915 1713 return SMP_INVALID_PARAMS;
c46b98be 1714
40bef302 1715 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1716 return SMP_CMD_NOTSUPP;
1717
fc75cc86 1718 if (!chan->data)
8aab4757 1719 smp = smp_chan_create(conn);
fc75cc86 1720 else
5d88cc73 1721 smp = chan->data;
8aab4757 1722
d08fd0e7
AE		 1723 if (!smp)
1724 return SMP_UNSPECIFIED;
d26a2345 1725
c05b9339 1726 /* We didn't start the pairing, so match remote */
0edb14de 1727 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1728
d7a5a11d 1729 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1730 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1731 return SMP_PAIRING_NOTSUPP;
1732
d7a5a11d 1733 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1734 return SMP_AUTH_REQUIREMENTS;
1735
1c1def09
VCG		 1736 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1737 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1738 skb_pull(skb, sizeof(*req));
88ba43b6 1739
cb06d366
JH		 1740 /* If the remote side's OOB flag is set it means it has
1741 * successfully received our local OOB data - therefore set the
1742 * flag to indicate that local OOB is in use.
1743 */
58428563
JH		 1744 if (req->oob_flag == SMP_OOB_PRESENT)
1745 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1746
b5ae344d
JH		 1747 /* SMP over BR/EDR requires special treatment */
1748 if (conn->hcon->type == ACL_LINK) {
1749 /* We must have a BR/EDR SC link */
08f63cc5 1750 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1751 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1752 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1753
1754 set_bit(SMP_FLAG_SC, &smp->flags);
1755
1756 build_bredr_pairing_cmd(smp, req, &rsp);
1757
1758 key_size = min(req->max_key_size, rsp.max_key_size);
1759 if (check_enc_key_size(conn, key_size))
1760 return SMP_ENC_KEY_SIZE;
1761
1762 /* Clear bits which are generated but not distributed */
1763 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1764
1765 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1766 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1767 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1768
1769 smp_distribute_keys(smp);
1770 return 0;
1771 }
1772
5e3d3d9b
JH		 1773 build_pairing_cmd(conn, req, &rsp, auth);
1774
1775 if (rsp.auth_req & SMP_AUTH_SC)
1776 set_bit(SMP_FLAG_SC, &smp->flags);
1777
5be5e275 1778 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1779 sec_level = BT_SECURITY_MEDIUM;
1780 else
1781 sec_level = authreq_to_seclevel(auth);
1782
c7262e71
JH		 1783 if (sec_level > conn->hcon->pending_sec_level)
1784 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1785
49c922bb 1786 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1787 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1788 u8 method;
1789
1790 method = get_auth_method(smp, conn->hcon->io_capability,
1791 req->io_capability);
1792 if (method == JUST_WORKS || method == JUST_CFM)
1793 return SMP_AUTH_REQUIREMENTS;
1794 }
1795
3158c50c
VCG		 1796 key_size = min(req->max_key_size, rsp.max_key_size);
1797 if (check_enc_key_size(conn, key_size))
1798 return SMP_ENC_KEY_SIZE;
88ba43b6 1799
e84a6b13 1800 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1801
1c1def09
VCG		 1802 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1803 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1804
3158c50c 1805 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1806
1807 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1808
1809 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1810 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1811 /* Clear bits which are generated but not distributed */
1812 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1813 /* Wait for Public Key from Initiating Device */
1814 return 0;
3b19146d 1815 }
da85e5e5 1816
983f9814
MH		 1817 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1818
2b64d153
BG		 1819 /* Request setup of TK */
1820 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1821 if (ret)
1822 return SMP_UNSPECIFIED;
1823
da85e5e5 1824 return 0;
88ba43b6
AB		 1825}
1826
3b19146d
JH		 1827static u8 sc_send_public_key(struct smp_chan *smp)
1828{
70157ef5
JH		 1829 struct hci_dev *hdev = smp->conn->hcon->hdev;
1830
3b19146d
JH		 1831 BT_DBG("");
1832
1a8bab4f 1833 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
33d0c030
MH		 1834 struct l2cap_chan *chan = hdev->smp_data;
1835 struct smp_dev *smp_dev;
1836
1837 if (!chan || !chan->data)
1838 return SMP_UNSPECIFIED;
1839
1840 smp_dev = chan->data;
1841
1842 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1843 memcpy(smp->local_sk, smp_dev->local_sk, 32);
882fafad 1844 memcpy(smp->lr, smp_dev->local_rr, 16);
33d0c030
MH		 1845
1846 if (smp_dev->debug_key)
1847 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1848
1849 goto done;
1850 }
1851
d7a5a11d 1852 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1853 BT_DBG("Using debug keys");
1854 memcpy(smp->local_pk, debug_pk, 64);
1855 memcpy(smp->local_sk, debug_sk, 32);
1856 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1857 } else {
1858 while (true) {
1859 /* Generate local key pair for Secure Connections */
1860 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1861 return SMP_UNSPECIFIED;
6c0dcc50 1862
70157ef5
JH		 1863 /* This is unlikely, but we need to check that
1864 * we didn't accidentially generate a debug key.
1865 */
1866 if (memcmp(smp->local_sk, debug_sk, 32))
1867 break;
1868 }
6c0dcc50 1869 }
3b19146d 1870
33d0c030 1871done:
c7a3d57d 1872 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
8e4e2ee5 1873 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
c7a3d57d 1874 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1875
1876 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1877
1878 return 0;
1879}
1880
da85e5e5 1881static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1882{
3158c50c 1883 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1884 struct l2cap_chan *chan = conn->smp;
1885 struct smp_chan *smp = chan->data;
0edb14de 1886 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1887 u8 key_size, auth;
7d24ddcc 1888 int ret;
88ba43b6
AB		 1889
1890 BT_DBG("conn %p", conn);
1891
c46b98be 1892 if (skb->len < sizeof(*rsp))
38e4a915 1893 return SMP_INVALID_PARAMS;
c46b98be 1894
40bef302 1895 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1896 return SMP_CMD_NOTSUPP;
1897
3158c50c
VCG		 1898 skb_pull(skb, sizeof(*rsp));
1899
1c1def09 1900 req = (void *) &smp->preq[1];
da85e5e5 1901
3158c50c
VCG		 1902 key_size = min(req->max_key_size, rsp->max_key_size);
1903 if (check_enc_key_size(conn, key_size))
1904 return SMP_ENC_KEY_SIZE;
1905
0edb14de 1906 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1907
d7a5a11d 1908 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1909 return SMP_AUTH_REQUIREMENTS;
1910
cb06d366
JH		 1911 /* If the remote side's OOB flag is set it means it has
1912 * successfully received our local OOB data - therefore set the
1913 * flag to indicate that local OOB is in use.
1914 */
58428563
JH		 1915 if (rsp->oob_flag == SMP_OOB_PRESENT)
1916 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1917
b5ae344d
JH		 1918 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1919 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1920
1921 /* Update remote key distribution in case the remote cleared
1922 * some bits that we had enabled in our request.
1923 */
1924 smp->remote_key_dist &= rsp->resp_key_dist;
1925
1926 /* For BR/EDR this means we're done and can start phase 3 */
1927 if (conn->hcon->type == ACL_LINK) {
1928 /* Clear bits which are generated but not distributed */
1929 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1930 smp_distribute_keys(smp);
1931 return 0;
1932 }
1933
65668776
JH		 1934 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1935 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1936 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1937 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1938
49c922bb 1939 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1940 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1941 u8 method;
1942
1943 method = get_auth_method(smp, req->io_capability,
1944 rsp->io_capability);
1945 if (method == JUST_WORKS || method == JUST_CFM)
1946 return SMP_AUTH_REQUIREMENTS;
1947 }
1948
e84a6b13 1949 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1950
fdcc4bec
JH		 1951 /* Update remote key distribution in case the remote cleared
1952 * some bits that we had enabled in our request.
1953 */
1954 smp->remote_key_dist &= rsp->resp_key_dist;
1955
3b19146d
JH		 1956 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1957 /* Clear bits which are generated but not distributed */
1958 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1959 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1960 return sc_send_public_key(smp);
1961 }
1962
c05b9339 1963 auth |= req->auth_req;
2b64d153 1964
476585ec 1965 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1966 if (ret)
1967 return SMP_UNSPECIFIED;
1968
4a74d658 1969 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1970
1971 /* Can't compose response until we have been confirmed */
4a74d658 1972 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1973 return smp_confirm(smp);
da85e5e5
VCG		 1974
1975 return 0;
88ba43b6
AB		 1976}
1977
dcee2b32
JH		 1978static u8 sc_check_confirm(struct smp_chan *smp)
1979{
1980 struct l2cap_conn *conn = smp->conn;
1981
1982 BT_DBG("");
1983
1984 /* Public Key exchange must happen before any other steps */
1985 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1986 return SMP_UNSPECIFIED;
1987
38606f14
JH		 1988 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1989 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1990
dcee2b32
JH		 1991 if (conn->hcon->out) {
1992 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1993 smp->prnd);
1994 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1995 }
1996
1997 return 0;
1998}
1999
da85e5e5 2000static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2001{
5d88cc73
JH		 2002 struct l2cap_chan *chan = conn->smp;
2003 struct smp_chan *smp = chan->data;
7d24ddcc 2004
88ba43b6
AB		 2005 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2006
c46b98be 2007 if (skb->len < sizeof(smp->pcnf))
38e4a915 2008 return SMP_INVALID_PARAMS;
c46b98be 2009
1c1def09
VCG		 2010 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2011 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 2012
dcee2b32
JH		 2013 if (test_bit(SMP_FLAG_SC, &smp->flags))
2014 return sc_check_confirm(smp);
2015
b28b4943 2016 if (conn->hcon->out) {
943a732a
JH		 2017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2018 smp->prnd);
b28b4943
JH		 2019 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2020 return 0;
2021 }
2022
2023 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2024 return smp_confirm(smp);
983f9814
MH		 2025
2026 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2027
2028 return 0;
88ba43b6
AB		 2029}
2030
da85e5e5 2031static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2032{
5d88cc73
JH		 2033 struct l2cap_chan *chan = conn->smp;
2034 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2035 struct hci_conn *hcon = conn->hcon;
2036 u8 *pkax, *pkbx, *na, *nb;
2037 u32 passkey;
2038 int err;
7d24ddcc 2039
8aab4757 2040 BT_DBG("conn %p", conn);
3158c50c 2041
c46b98be 2042 if (skb->len < sizeof(smp->rrnd))
38e4a915 2043 return SMP_INVALID_PARAMS;
c46b98be 2044
943a732a 2045 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2046 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2047
191dc7fe
JH		 2048 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2049 return smp_random(smp);
2050
580039e8
JH		 2051 if (hcon->out) {
2052 pkax = smp->local_pk;
2053 pkbx = smp->remote_pk;
2054 na = smp->prnd;
2055 nb = smp->rrnd;
2056 } else {
2057 pkax = smp->remote_pk;
2058 pkbx = smp->local_pk;
2059 na = smp->rrnd;
2060 nb = smp->prnd;
2061 }
2062
a29b0733
JH		 2063 if (smp->method == REQ_OOB) {
2064 if (!hcon->out)
2065 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2066 sizeof(smp->prnd), smp->prnd);
2067 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2068 goto mackey_and_ltk;
2069 }
2070
38606f14
JH		 2071 /* Passkey entry has special treatment */
2072 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2073 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2074
191dc7fe
JH		 2075 if (hcon->out) {
2076 u8 cfm[16];
2077
2078 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2079 smp->rrnd, 0, cfm);
2080 if (err)
2081 return SMP_UNSPECIFIED;
2082
2083 if (memcmp(smp->pcnf, cfm, 16))
2084 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2085 } else {
2086 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2087 smp->prnd);
2088 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2089 }
2090
a29b0733 2091mackey_and_ltk:
760b018b
JH		 2092 /* Generate MacKey and LTK */
2093 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2094 if (err)
2095 return SMP_UNSPECIFIED;
2096
a29b0733 2097 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2098 if (hcon->out) {
38606f14 2099 sc_dhkey_check(smp);
dddd3059
JH		 2100 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2101 }
2102 return 0;
2103 }
2104
38606f14
JH		 2105 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2106 if (err)
2107 return SMP_UNSPECIFIED;
2108
2109 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2110 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2111 if (err)
2112 return SMP_UNSPECIFIED;
2113
38606f14
JH		 2114 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2115
191dc7fe 2116 return 0;
88ba43b6
AB		 2117}
2118
f81cd823 2119static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2120{
c9839a11 2121 struct smp_ltk *key;
988c5997
VCG		 2122 struct hci_conn *hcon = conn->hcon;
2123
f3a73d97 2124 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2125 if (!key)
f81cd823 2126 return false;
988c5997 2127
a6f7833c 2128 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2129 return false;
4dab7864 2130
51a8efd7 2131 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2132 return true;
988c5997 2133
c9839a11
VCG		 2134 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2135 hcon->enc_key_size = key->enc_size;
988c5997 2136
fe59a05f
JH		 2137 /* We never store STKs for master role, so clear this flag */
2138 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2139
f81cd823 2140 return true;
988c5997 2141}
f1560463 2142
35dc6f83
JH		 2143bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2144 enum smp_key_pref key_pref)
854f4727
JH		 2145{
2146 if (sec_level == BT_SECURITY_LOW)
2147 return true;
2148
35dc6f83
JH		 2149 /* If we're encrypted with an STK but the caller prefers using
2150 * LTK claim insufficient security. This way we allow the
2151 * connection to be re-encrypted with an LTK, even if the LTK
2152 * provides the same level of security. Only exception is if we
2153 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2154 */
35dc6f83
JH		 2155 if (key_pref == SMP_USE_LTK &&
2156 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2157 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2158 return false;
2159
854f4727
JH		 2160 if (hcon->sec_level >= sec_level)
2161 return true;
2162
2163 return false;
2164}
2165
da85e5e5 2166static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2167{
2168 struct smp_cmd_security_req *rp = (void *) skb->data;
2169 struct smp_cmd_pairing cp;
f1cb9af5 2170 struct hci_conn *hcon = conn->hcon;
0edb14de 2171 struct hci_dev *hdev = hcon->hdev;
8aab4757 2172 struct smp_chan *smp;
c05b9339 2173 u8 sec_level, auth;
88ba43b6
AB		 2174
2175 BT_DBG("conn %p", conn);
2176
c46b98be 2177 if (skb->len < sizeof(*rp))
38e4a915 2178 return SMP_INVALID_PARAMS;
c46b98be 2179
40bef302 2180 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2181 return SMP_CMD_NOTSUPP;
2182
0edb14de 2183 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2184
d7a5a11d 2185 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2186 return SMP_AUTH_REQUIREMENTS;
2187
5be5e275 2188 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2189 sec_level = BT_SECURITY_MEDIUM;
2190 else
2191 sec_level = authreq_to_seclevel(auth);
2192
35dc6f83 2193 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2194 return 0;
2195
c7262e71
JH		 2196 if (sec_level > hcon->pending_sec_level)
2197 hcon->pending_sec_level = sec_level;
feb45eb5 2198
4dab7864 2199 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2200 return 0;
2201
8aab4757 2202 smp = smp_chan_create(conn);
c29d2444
JH		 2203 if (!smp)
2204 return SMP_UNSPECIFIED;
d26a2345 2205
d7a5a11d 2206 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2207 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2208 return SMP_PAIRING_NOTSUPP;
2209
88ba43b6 2210 skb_pull(skb, sizeof(*rp));
88ba43b6 2211
da85e5e5 2212 memset(&cp, 0, sizeof(cp));
c05b9339 2213 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2214
1c1def09
VCG		 2215 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2216 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2217
88ba43b6 2218 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2219 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2220
da85e5e5 2221 return 0;
88ba43b6
AB		 2222}
2223
cc110922 2224int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2225{
cc110922 2226 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2227 struct l2cap_chan *chan;
0a66cf20 2228 struct smp_chan *smp;
2b64d153 2229 __u8 authreq;
fc75cc86 2230 int ret;
eb492e01 2231
3a0259bb
VCG		 2232 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2233
0a66cf20
JH		 2234 /* This may be NULL if there's an unexpected disconnection */
2235 if (!conn)
2236 return 1;
2237
c68b7f12
JH		 2238 chan = conn->smp;
2239
d7a5a11d 2240 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2241 return 1;
2242
35dc6f83 2243 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2244 return 1;
f1cb9af5 2245
c7262e71
JH		 2246 if (sec_level > hcon->pending_sec_level)
2247 hcon->pending_sec_level = sec_level;
2248
40bef302 2249 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2250 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2251 return 0;
d26a2345 2252
fc75cc86
JH		 2253 l2cap_chan_lock(chan);
2254
2255 /* If SMP is already in progress ignore this request */
2256 if (chan->data) {
2257 ret = 0;
2258 goto unlock;
2259 }
d26a2345 2260
8aab4757 2261 smp = smp_chan_create(conn);
fc75cc86
JH		 2262 if (!smp) {
2263 ret = 1;
2264 goto unlock;
2265 }
2b64d153
BG		 2266
2267 authreq = seclevel_to_authreq(sec_level);
d26a2345 2268
d7a5a11d 2269 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
d2eb9e10
JH		 2270 authreq |= SMP_AUTH_SC;
2271
79897d20
JH		 2272 /* Require MITM if IO Capability allows or the security level
2273 * requires it.
2e233644 2274 */
79897d20 2275 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2276 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2277 authreq |= SMP_AUTH_MITM;
2278
40bef302 2279 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2280 struct smp_cmd_pairing cp;
f01ead31 2281
2b64d153 2282 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2283 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2284 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2285
eb492e01 2286 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2287 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2288 } else {
2289 struct smp_cmd_security_req cp;
2b64d153 2290 cp.auth_req = authreq;
eb492e01 2291 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2292 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2293 }
2294
4a74d658 2295 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2296 ret = 0;
edca792c 2297
fc75cc86
JH		 2298unlock:
2299 l2cap_chan_unlock(chan);
2300 return ret;
eb492e01
AB		 2301}
2302
7034b911
VCG		 2303static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2304{
16b90839 2305 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2306 struct l2cap_chan *chan = conn->smp;
2307 struct smp_chan *smp = chan->data;
16b90839 2308
c46b98be
JH		 2309 BT_DBG("conn %p", conn);
2310
2311 if (skb->len < sizeof(*rp))
38e4a915 2312 return SMP_INVALID_PARAMS;
c46b98be 2313
b28b4943 2314 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2315
16b90839
VCG		 2316 skb_pull(skb, sizeof(*rp));
2317
1c1def09 2318 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2319
7034b911
VCG		 2320 return 0;
2321}
2322
2323static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2324{
16b90839 2325 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2326 struct l2cap_chan *chan = conn->smp;
2327 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2328 struct hci_dev *hdev = conn->hcon->hdev;
2329 struct hci_conn *hcon = conn->hcon;
23d0e128 2330 struct smp_ltk *ltk;
c9839a11 2331 u8 authenticated;
16b90839 2332
c46b98be
JH		 2333 BT_DBG("conn %p", conn);
2334
2335 if (skb->len < sizeof(*rp))
38e4a915 2336 return SMP_INVALID_PARAMS;
c46b98be 2337
9747a9f3
JH		 2338 /* Mark the information as received */
2339 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2340
b28b4943
JH		 2341 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2342 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2343 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2344 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2345
16b90839 2346 skb_pull(skb, sizeof(*rp));
7034b911 2347
ce39fb4e 2348 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2349 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2350 authenticated, smp->tk, smp->enc_key_size,
2351 rp->ediv, rp->rand);
2352 smp->ltk = ltk;
c6e81e9a 2353 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2354 smp_distribute_keys(smp);
7034b911
VCG		 2355
2356 return 0;
2357}
2358
fd349c02
JH		 2359static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2360{
2361 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2362 struct l2cap_chan *chan = conn->smp;
2363 struct smp_chan *smp = chan->data;
fd349c02
JH		 2364
2365 BT_DBG("");
2366
2367 if (skb->len < sizeof(*info))
38e4a915 2368 return SMP_INVALID_PARAMS;
fd349c02 2369
b28b4943 2370 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2371
fd349c02
JH		 2372 skb_pull(skb, sizeof(*info));
2373
2374 memcpy(smp->irk, info->irk, 16);
2375
2376 return 0;
2377}
2378
2379static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2380 struct sk_buff *skb)
2381{
2382 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2383 struct l2cap_chan *chan = conn->smp;
2384 struct smp_chan *smp = chan->data;
fd349c02
JH		 2385 struct hci_conn *hcon = conn->hcon;
2386 bdaddr_t rpa;
2387
2388 BT_DBG("");
2389
2390 if (skb->len < sizeof(*info))
38e4a915 2391 return SMP_INVALID_PARAMS;
fd349c02 2392
9747a9f3
JH		 2393 /* Mark the information as received */
2394 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2395
b28b4943
JH		 2396 if (smp->remote_key_dist & SMP_DIST_SIGN)
2397 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2398
fd349c02
JH		 2399 skb_pull(skb, sizeof(*info));
2400
a9a58f86
JH		 2401 /* Strictly speaking the Core Specification (4.1) allows sending
2402 * an empty address which would force us to rely on just the IRK
2403 * as "identity information". However, since such
2404 * implementations are not known of and in order to not over
2405 * complicate our implementation, simply pretend that we never
2406 * received an IRK for such a device.
e12af489
JH		 2407 *
2408 * The Identity Address must also be a Static Random or Public
2409 * Address, which hci_is_identity_address() checks for.
a9a58f86 2410 */
e12af489
JH		 2411 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2412 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2413 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2414 goto distribute;
a9a58f86
JH		 2415 }
2416
fd349c02
JH		 2417 bacpy(&smp->id_addr, &info->bdaddr);
2418 smp->id_addr_type = info->addr_type;
2419
2420 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2421 bacpy(&rpa, &hcon->dst);
2422 else
2423 bacpy(&rpa, BDADDR_ANY);
2424
23d0e128
JH		 2425 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2426 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2427
31dd624e 2428distribute:
c6e81e9a
JH		 2429 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2430 smp_distribute_keys(smp);
fd349c02
JH		 2431
2432 return 0;
2433}
2434
7ee4ea36
MH		 2435static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2436{
2437 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2438 struct l2cap_chan *chan = conn->smp;
2439 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2440 struct smp_csrk *csrk;
2441
2442 BT_DBG("conn %p", conn);
2443
2444 if (skb->len < sizeof(*rp))
38e4a915 2445 return SMP_INVALID_PARAMS;
7ee4ea36 2446
7ee4ea36
MH		 2447 /* Mark the information as received */
2448 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2449
2450 skb_pull(skb, sizeof(*rp));
2451
7ee4ea36
MH		 2452 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2453 if (csrk) {
4cd3928a
JH		 2454 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2455 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2456 else
2457 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2458 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2459 }
2460 smp->csrk = csrk;
d6268e86 2461 smp_distribute_keys(smp);
7ee4ea36
MH		 2462
2463 return 0;
2464}
2465
5e3d3d9b
JH		 2466static u8 sc_select_method(struct smp_chan *smp)
2467{
2468 struct l2cap_conn *conn = smp->conn;
2469 struct hci_conn *hcon = conn->hcon;
2470 struct smp_cmd_pairing *local, *remote;
2471 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2472
1a8bab4f
JH		 2473 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2474 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
a29b0733
JH		 2475 return REQ_OOB;
2476
5e3d3d9b
JH		 2477 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2478 * which are needed as inputs to some crypto functions. To get
2479 * the "struct smp_cmd_pairing" from them we need to skip the
2480 * first byte which contains the opcode.
2481 */
2482 if (hcon->out) {
2483 local = (void *) &smp->preq[1];
2484 remote = (void *) &smp->prsp[1];
2485 } else {
2486 local = (void *) &smp->prsp[1];
2487 remote = (void *) &smp->preq[1];
2488 }
2489
2490 local_io = local->io_capability;
2491 remote_io = remote->io_capability;
2492
2493 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2494 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2495
2496 /* If either side wants MITM, look up the method from the table,
2497 * otherwise use JUST WORKS.
2498 */
2499 if (local_mitm || remote_mitm)
2500 method = get_auth_method(smp, local_io, remote_io);
2501 else
2502 method = JUST_WORKS;
2503
2504 /* Don't confirm locally initiated pairing attempts */
2505 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2506 method = JUST_WORKS;
2507
2508 return method;
2509}
2510
d8f8edbe
JH		 2511static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2512{
2513 struct smp_cmd_public_key *key = (void *) skb->data;
2514 struct hci_conn *hcon = conn->hcon;
2515 struct l2cap_chan *chan = conn->smp;
2516 struct smp_chan *smp = chan->data;
5e3d3d9b 2517 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2518 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2519 int err;
2520
2521 BT_DBG("conn %p", conn);
2522
2523 if (skb->len < sizeof(*key))
2524 return SMP_INVALID_PARAMS;
2525
2526 memcpy(smp->remote_pk, key, 64);
2527
a8ca617c
JH		 2528 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2529 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2530 smp->rr, 0, cfm.confirm_val);
2531 if (err)
2532 return SMP_UNSPECIFIED;
2533
2534 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2535 return SMP_CONFIRM_FAILED;
2536 }
2537
d8f8edbe
JH		 2538 /* Non-initiating device sends its public key after receiving
2539 * the key from the initiating device.
2540 */
2541 if (!hcon->out) {
2542 err = sc_send_public_key(smp);
2543 if (err)
2544 return err;
2545 }
2546
c7a3d57d 2547 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
e091526d 2548 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
d8f8edbe
JH		 2549
2550 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2551 return SMP_UNSPECIFIED;
2552
c7a3d57d 2553 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2554
2555 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2556
5e3d3d9b
JH		 2557 smp->method = sc_select_method(smp);
2558
2559 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2560
2561 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2562 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2563 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2564 else
2565 hcon->pending_sec_level = BT_SECURITY_FIPS;
2566
aeb7d461
JH		 2567 if (!memcmp(debug_pk, smp->remote_pk, 64))
2568 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2569
38606f14
JH		 2570 if (smp->method == DSP_PASSKEY) {
2571 get_random_bytes(&hcon->passkey_notify,
2572 sizeof(hcon->passkey_notify));
2573 hcon->passkey_notify %= 1000000;
2574 hcon->passkey_entered = 0;
2575 smp->passkey_round = 0;
2576 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2577 hcon->dst_type,
2578 hcon->passkey_notify,
2579 hcon->passkey_entered))
2580 return SMP_UNSPECIFIED;
2581 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2582 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2583 }
2584
94ea7257 2585 if (smp->method == REQ_OOB) {
a29b0733
JH		 2586 if (hcon->out)
2587 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2588 sizeof(smp->prnd), smp->prnd);
2589
2590 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2591
2592 return 0;
2593 }
2594
38606f14
JH		 2595 if (hcon->out)
2596 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2597
2598 if (smp->method == REQ_PASSKEY) {
2599 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2600 hcon->dst_type))
2601 return SMP_UNSPECIFIED;
2602 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2603 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2604 return 0;
2605 }
2606
cbbbe3e2
JH		 2607 /* The Initiating device waits for the non-initiating device to
2608 * send the confirm value.
2609 */
2610 if (conn->hcon->out)
2611 return 0;
2612
2613 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2614 0, cfm.confirm_val);
2615 if (err)
2616 return SMP_UNSPECIFIED;
2617
2618 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2619 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2620
d8f8edbe
JH		 2621 return 0;
2622}
2623
6433a9a2
JH		 2624static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2625{
2626 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2627 struct l2cap_chan *chan = conn->smp;
2628 struct hci_conn *hcon = conn->hcon;
2629 struct smp_chan *smp = chan->data;
2630 u8 a[7], b[7], *local_addr, *remote_addr;
2631 u8 io_cap[3], r[16], e[16];
2632 int err;
2633
2634 BT_DBG("conn %p", conn);
2635
2636 if (skb->len < sizeof(*check))
2637 return SMP_INVALID_PARAMS;
2638
2639 memcpy(a, &hcon->init_addr, 6);
2640 memcpy(b, &hcon->resp_addr, 6);
2641 a[6] = hcon->init_addr_type;
2642 b[6] = hcon->resp_addr_type;
2643
2644 if (hcon->out) {
2645 local_addr = a;
2646 remote_addr = b;
2647 memcpy(io_cap, &smp->prsp[1], 3);
2648 } else {
2649 local_addr = b;
2650 remote_addr = a;
2651 memcpy(io_cap, &smp->preq[1], 3);
2652 }
2653
2654 memset(r, 0, sizeof(r));
2655
38606f14
JH		 2656 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2657 put_unaligned_le32(hcon->passkey_notify, r);
882fafad
JH		 2658 else if (smp->method == REQ_OOB)
2659 memcpy(r, smp->lr, 16);
38606f14 2660
6433a9a2
JH		 2661 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2662 io_cap, remote_addr, local_addr, e);
2663 if (err)
2664 return SMP_UNSPECIFIED;
2665
2666 if (memcmp(check->e, e, 16))
2667 return SMP_DHKEY_CHECK_FAILED;
2668
d3e54a87
JH		 2669 if (!hcon->out) {
2670 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2671 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2672 return 0;
2673 }
d378a2d7 2674
d3e54a87
JH		 2675 /* Slave sends DHKey check as response to master */
2676 sc_dhkey_check(smp);
2677 }
d378a2d7 2678
d3e54a87 2679 sc_add_ltk(smp);
6433a9a2
JH		 2680
2681 if (hcon->out) {
2682 hci_le_start_enc(hcon, 0, 0, smp->tk);
2683 hcon->enc_key_size = smp->enc_key_size;
2684 }
2685
2686 return 0;
2687}
2688
1408bb6e
JH		 2689static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2690 struct sk_buff *skb)
2691{
2692 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2693
2694 BT_DBG("value 0x%02x", kp->value);
2695
2696 return 0;
2697}
2698
4befb867 2699static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2700{
5d88cc73 2701 struct l2cap_conn *conn = chan->conn;
7b9899db 2702 struct hci_conn *hcon = conn->hcon;
b28b4943 2703 struct smp_chan *smp;
92381f5c 2704 __u8 code, reason;
eb492e01
AB		 2705 int err = 0;
2706
8ae9b984 2707 if (skb->len < 1)
92381f5c 2708 return -EILSEQ;
92381f5c 2709
d7a5a11d 2710 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2711 reason = SMP_PAIRING_NOTSUPP;
2712 goto done;
2713 }
2714
92381f5c 2715 code = skb->data[0];
eb492e01
AB		 2716 skb_pull(skb, sizeof(code));
2717
b28b4943
JH		 2718 smp = chan->data;
2719
2720 if (code > SMP_CMD_MAX)
2721 goto drop;
2722
24bd0bd9 2723 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2724 goto drop;
2725
2726 /* If we don't have a context the only allowed commands are
2727 * pairing request and security request.
8cf9fa12 2728 */
b28b4943
JH		 2729 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2730 goto drop;
8cf9fa12 2731
eb492e01
AB		 2732 switch (code) {
2733 case SMP_CMD_PAIRING_REQ:
da85e5e5 2734 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2735 break;
2736
2737 case SMP_CMD_PAIRING_FAIL:
84794e11 2738 smp_failure(conn, 0);
da85e5e5 2739 err = -EPERM;
eb492e01
AB		 2740 break;
2741
2742 case SMP_CMD_PAIRING_RSP:
da85e5e5 2743 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2744 break;
2745
2746 case SMP_CMD_SECURITY_REQ:
da85e5e5 2747 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2748 break;
2749
eb492e01 2750 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2751 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2752 break;
2753
eb492e01 2754 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2755 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2756 break;
2757
eb492e01 2758 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2759 reason = smp_cmd_encrypt_info(conn, skb);
2760 break;
2761
eb492e01 2762 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2763 reason = smp_cmd_master_ident(conn, skb);
2764 break;
2765
eb492e01 2766 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2767 reason = smp_cmd_ident_info(conn, skb);
2768 break;
2769
eb492e01 2770 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2771 reason = smp_cmd_ident_addr_info(conn, skb);
2772 break;
2773
eb492e01 2774 case SMP_CMD_SIGN_INFO:
7ee4ea36 2775 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2776 break;
2777
d8f8edbe
JH		 2778 case SMP_CMD_PUBLIC_KEY:
2779 reason = smp_cmd_public_key(conn, skb);
2780 break;
2781
6433a9a2
JH		 2782 case SMP_CMD_DHKEY_CHECK:
2783 reason = smp_cmd_dhkey_check(conn, skb);
2784 break;
2785
1408bb6e
JH		 2786 case SMP_CMD_KEYPRESS_NOTIFY:
2787 reason = smp_cmd_keypress_notify(conn, skb);
2788 break;
2789
eb492e01
AB		 2790 default:
2791 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2792 reason = SMP_CMD_NOTSUPP;
3a0259bb 2793 goto done;
eb492e01
AB		 2794 }
2795
3a0259bb 2796done:
9b7b18ef
JH		 2797 if (!err) {
2798 if (reason)
2799 smp_failure(conn, reason);
8ae9b984 2800 kfree_skb(skb);
9b7b18ef
JH		 2801 }
2802
eb492e01 2803 return err;
b28b4943
JH		 2804
2805drop:
2806 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2807 code, &hcon->dst);
2808 kfree_skb(skb);
2809 return 0;
eb492e01 2810}
7034b911 2811
70db83c4
JH		 2812static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2813{
2814 struct l2cap_conn *conn = chan->conn;
2815
2816 BT_DBG("chan %p", chan);
2817
fc75cc86 2818 if (chan->data)
5d88cc73 2819 smp_chan_destroy(conn);
5d88cc73 2820
70db83c4
JH		 2821 conn->smp = NULL;
2822 l2cap_chan_put(chan);
2823}
2824
b5ae344d
JH		 2825static void bredr_pairing(struct l2cap_chan *chan)
2826{
2827 struct l2cap_conn *conn = chan->conn;
2828 struct hci_conn *hcon = conn->hcon;
2829 struct hci_dev *hdev = hcon->hdev;
2830 struct smp_cmd_pairing req;
2831 struct smp_chan *smp;
2832
2833 BT_DBG("chan %p", chan);
2834
2835 /* Only new pairings are interesting */
2836 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2837 return;
2838
2839 /* Don't bother if we're not encrypted */
2840 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2841 return;
2842
2843 /* Only master may initiate SMP over BR/EDR */
2844 if (hcon->role != HCI_ROLE_MASTER)
2845 return;
2846
2847 /* Secure Connections support must be enabled */
d7a5a11d 2848 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2849 return;
2850
2851 /* BR/EDR must use Secure Connections for SMP */
2852 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2853 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2854 return;
2855
2856 /* If our LE support is not enabled don't do anything */
d7a5a11d 2857 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2858 return;
2859
2860 /* Don't bother if remote LE support is not enabled */
2861 if (!lmp_host_le_capable(hcon))
2862 return;
2863
2864 /* Remote must support SMP fixed chan for BR/EDR */
2865 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2866 return;
2867
2868 /* Don't bother if SMP is already ongoing */
2869 if (chan->data)
2870 return;
2871
2872 smp = smp_chan_create(conn);
2873 if (!smp) {
2874 BT_ERR("%s unable to create SMP context for BR/EDR",
2875 hdev->name);
2876 return;
2877 }
2878
2879 set_bit(SMP_FLAG_SC, &smp->flags);
2880
2881 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2882
2883 /* Prepare and send the BR/EDR SMP Pairing Request */
2884 build_bredr_pairing_cmd(smp, &req, NULL);
2885
2886 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2887 memcpy(&smp->preq[1], &req, sizeof(req));
2888
2889 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2890 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2891}
2892
44f1a7ab
JH		 2893static void smp_resume_cb(struct l2cap_chan *chan)
2894{
b68fda68 2895 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2896 struct l2cap_conn *conn = chan->conn;
2897 struct hci_conn *hcon = conn->hcon;
2898
2899 BT_DBG("chan %p", chan);
2900
b5ae344d
JH		 2901 if (hcon->type == ACL_LINK) {
2902 bredr_pairing(chan);
ef8efe4b 2903 return;
b5ae344d 2904 }
ef8efe4b 2905
86d1407c
JH		 2906 if (!smp)
2907 return;
b68fda68 2908
84bc0db5
JH		 2909 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2910 return;
2911
86d1407c
JH		 2912 cancel_delayed_work(&smp->security_timer);
2913
d6268e86 2914 smp_distribute_keys(smp);
44f1a7ab
JH		 2915}
2916
70db83c4
JH		 2917static void smp_ready_cb(struct l2cap_chan *chan)
2918{
2919 struct l2cap_conn *conn = chan->conn;
b5ae344d 2920 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2921
2922 BT_DBG("chan %p", chan);
2923
2924 conn->smp = chan;
2925 l2cap_chan_hold(chan);
b5ae344d
JH		 2926
2927 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2928 bredr_pairing(chan);
70db83c4
JH		 2929}
2930
4befb867
JH		 2931static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2932{
2933 int err;
2934
2935 BT_DBG("chan %p", chan);
2936
2937 err = smp_sig_channel(chan, skb);
2938 if (err) {
b68fda68 2939 struct smp_chan *smp = chan->data;
4befb867 2940
b68fda68
JH		 2941 if (smp)
2942 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2943
1e91c29e 2944 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2945 }
2946
2947 return err;
2948}
2949
70db83c4
JH		 2950static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2951 unsigned long hdr_len,
2952 unsigned long len, int nb)
2953{
2954 struct sk_buff *skb;
2955
2956 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2957 if (!skb)
2958 return ERR_PTR(-ENOMEM);
2959
2960 skb->priority = HCI_PRIO_MAX;
2961 bt_cb(skb)->chan = chan;
2962
2963 return skb;
2964}
2965
2966static const struct l2cap_ops smp_chan_ops = {
2967 .name = "Security Manager",
2968 .ready = smp_ready_cb,
5d88cc73 2969 .recv = smp_recv_cb,
70db83c4
JH		 2970 .alloc_skb = smp_alloc_skb_cb,
2971 .teardown = smp_teardown_cb,
44f1a7ab 2972 .resume = smp_resume_cb,
70db83c4
JH		 2973
2974 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2975 .state_change = l2cap_chan_no_state_change,
2976 .close = l2cap_chan_no_close,
2977 .defer = l2cap_chan_no_defer,
2978 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2979 .set_shutdown = l2cap_chan_no_set_shutdown,
2980 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2981};
2982
2983static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2984{
2985 struct l2cap_chan *chan;
2986
2987 BT_DBG("pchan %p", pchan);
2988
2989 chan = l2cap_chan_create();
2990 if (!chan)
2991 return NULL;
2992
2993 chan->chan_type = pchan->chan_type;
2994 chan->ops = &smp_chan_ops;
2995 chan->scid = pchan->scid;
2996 chan->dcid = chan->scid;
2997 chan->imtu = pchan->imtu;
2998 chan->omtu = pchan->omtu;
2999 chan->mode = pchan->mode;
3000
abe84903
JH		 3001 /* Other L2CAP channels may request SMP routines in order to
3002 * change the security level. This means that the SMP channel
3003 * lock must be considered in its own category to avoid lockdep
3004 * warnings.
3005 */
3006 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3007
70db83c4
JH		 3008 BT_DBG("created chan %p", chan);
3009
3010 return chan;
3011}
3012
3013static const struct l2cap_ops smp_root_chan_ops = {
3014 .name = "Security Manager Root",
3015 .new_connection = smp_new_conn_cb,
3016
3017 /* None of these are implemented for the root channel */
3018 .close = l2cap_chan_no_close,
3019 .alloc_skb = l2cap_chan_no_alloc_skb,
3020 .recv = l2cap_chan_no_recv,
3021 .state_change = l2cap_chan_no_state_change,
3022 .teardown = l2cap_chan_no_teardown,
3023 .ready = l2cap_chan_no_ready,
3024 .defer = l2cap_chan_no_defer,
3025 .suspend = l2cap_chan_no_suspend,
3026 .resume = l2cap_chan_no_resume,
3027 .set_shutdown = l2cap_chan_no_set_shutdown,
3028 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3029};
3030
ef8efe4b 3031static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3032{
70db83c4 3033 struct l2cap_chan *chan;
88a479d9
MH		 3034 struct smp_dev *smp;
3035 struct crypto_blkcipher *tfm_aes;
6e2dc6d1 3036 struct crypto_hash *tfm_cmac;
70db83c4 3037
ef8efe4b 3038 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3039 smp = NULL;
ef8efe4b
JH		 3040 goto create_chan;
3041 }
711eafe3 3042
88a479d9
MH		 3043 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3044 if (!smp)
3045 return ERR_PTR(-ENOMEM);
3046
3047 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
defce9e8 3048 if (IS_ERR(tfm_aes)) {
88a479d9
MH		 3049 BT_ERR("Unable to create ECB crypto context");
3050 kzfree(smp);
fe700771 3051 return ERR_CAST(tfm_aes);
711eafe3
JH		 3052 }
3053
6e2dc6d1
MH		 3054 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3055 if (IS_ERR(tfm_cmac)) {
3056 BT_ERR("Unable to create CMAC crypto context");
3057 crypto_free_blkcipher(tfm_aes);
3058 kzfree(smp);
3059 return ERR_CAST(tfm_cmac);
3060 }
3061
88a479d9 3062 smp->tfm_aes = tfm_aes;
6e2dc6d1 3063 smp->tfm_cmac = tfm_cmac;
88a479d9 3064
ef8efe4b 3065create_chan:
70db83c4
JH		 3066 chan = l2cap_chan_create();
3067 if (!chan) {
88a479d9 3068 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1 3069 crypto_free_hash(smp->tfm_cmac);
88a479d9 3070 kzfree(smp);
ef8efe4b 3071 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3072 }
3073
88a479d9 3074 chan->data = smp;
defce9e8 3075
ef8efe4b 3076 l2cap_add_scid(chan, cid);
70db83c4
JH		 3077
3078 l2cap_chan_set_defaults(chan);
3079
157029ba 3080 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3081 u8 bdaddr_type;
3082
3083 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3084
3085 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3086 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3087 else
3088 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3089 } else {
3090 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3091 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3092 }
3093
70db83c4
JH		 3094 chan->state = BT_LISTEN;
3095 chan->mode = L2CAP_MODE_BASIC;
3096 chan->imtu = L2CAP_DEFAULT_MTU;
3097 chan->ops = &smp_root_chan_ops;
3098
abe84903
JH		 3099 /* Set correct nesting level for a parent/listening channel */
3100 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3101
ef8efe4b 3102 return chan;
711eafe3
JH		 3103}
3104
ef8efe4b 3105static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3106{
88a479d9 3107 struct smp_dev *smp;
70db83c4 3108
ef8efe4b 3109 BT_DBG("chan %p", chan);
711eafe3 3110
88a479d9
MH		 3111 smp = chan->data;
3112 if (smp) {
defce9e8 3113 chan->data = NULL;
88a479d9
MH		 3114 if (smp->tfm_aes)
3115 crypto_free_blkcipher(smp->tfm_aes);
6e2dc6d1
MH		 3116 if (smp->tfm_cmac)
3117 crypto_free_hash(smp->tfm_cmac);
88a479d9 3118 kzfree(smp);
711eafe3 3119 }
70db83c4 3120
70db83c4 3121 l2cap_chan_put(chan);
711eafe3 3122}
ef8efe4b 3123
300acfde
MH		 3124static ssize_t force_bredr_smp_read(struct file *file,
3125 char __user *user_buf,
3126 size_t count, loff_t *ppos)
3127{
3128 struct hci_dev *hdev = file->private_data;
3129 char buf[3];
3130
b7cb93e5 3131 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3132 buf[1] = '\n';
3133 buf[2] = '\0';
3134 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3135}
3136
3137static ssize_t force_bredr_smp_write(struct file *file,
3138 const char __user *user_buf,
3139 size_t count, loff_t *ppos)
3140{
3141 struct hci_dev *hdev = file->private_data;
3142 char buf[32];
3143 size_t buf_size = min(count, (sizeof(buf)-1));
3144 bool enable;
3145
3146 if (copy_from_user(buf, user_buf, buf_size))
3147 return -EFAULT;
3148
3149 buf[buf_size] = '\0';
3150 if (strtobool(buf, &enable))
3151 return -EINVAL;
3152
b7cb93e5 3153 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3154 return -EALREADY;
3155
3156 if (enable) {
3157 struct l2cap_chan *chan;
3158
3159 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3160 if (IS_ERR(chan))
3161 return PTR_ERR(chan);
3162
3163 hdev->smp_bredr_data = chan;
3164 } else {
3165 struct l2cap_chan *chan;
3166
3167 chan = hdev->smp_bredr_data;
3168 hdev->smp_bredr_data = NULL;
3169 smp_del_chan(chan);
3170 }
3171
b7cb93e5 3172 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3173
3174 return count;
3175}
3176
3177static const struct file_operations force_bredr_smp_fops = {
3178 .open = simple_open,
3179 .read = force_bredr_smp_read,
3180 .write = force_bredr_smp_write,
3181 .llseek = default_llseek,
3182};
3183
ef8efe4b
JH		 3184int smp_register(struct hci_dev *hdev)
3185{
3186 struct l2cap_chan *chan;
3187
3188 BT_DBG("%s", hdev->name);
3189
7e7ec445
MH		 3190 /* If the controller does not support Low Energy operation, then
3191 * there is also no need to register any SMP channel.
3192 */
3193 if (!lmp_le_capable(hdev))
3194 return 0;
3195
2b8df323
MH		 3196 if (WARN_ON(hdev->smp_data)) {
3197 chan = hdev->smp_data;
3198 hdev->smp_data = NULL;
3199 smp_del_chan(chan);
3200 }
3201
ef8efe4b
JH		 3202 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3203 if (IS_ERR(chan))
3204 return PTR_ERR(chan);
3205
3206 hdev->smp_data = chan;
3207
300acfde
MH		 3208 /* If the controller does not support BR/EDR Secure Connections
3209 * feature, then the BR/EDR SMP channel shall not be present.
3210 *
3211 * To test this with Bluetooth 4.0 controllers, create a debugfs
3212 * switch that allows forcing BR/EDR SMP support and accepting
3213 * cross-transport pairing on non-AES encrypted connections.
3214 */
3215 if (!lmp_sc_capable(hdev)) {
3216 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3217 hdev, &force_bredr_smp_fops);
ef8efe4b 3218 return 0;
300acfde 3219 }
ef8efe4b 3220
2b8df323
MH		 3221 if (WARN_ON(hdev->smp_bredr_data)) {
3222 chan = hdev->smp_bredr_data;
3223 hdev->smp_bredr_data = NULL;
3224 smp_del_chan(chan);
3225 }
3226
ef8efe4b
JH		 3227 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3228 if (IS_ERR(chan)) {
3229 int err = PTR_ERR(chan);
3230 chan = hdev->smp_data;
3231 hdev->smp_data = NULL;
3232 smp_del_chan(chan);
3233 return err;
3234 }
3235
3236 hdev->smp_bredr_data = chan;
3237
3238 return 0;
3239}
3240
3241void smp_unregister(struct hci_dev *hdev)
3242{
3243 struct l2cap_chan *chan;
3244
3245 if (hdev->smp_bredr_data) {
3246 chan = hdev->smp_bredr_data;
3247 hdev->smp_bredr_data = NULL;
3248 smp_del_chan(chan);
3249 }
3250
3251 if (hdev->smp_data) {
3252 chan = hdev->smp_data;
3253 hdev->smp_data = NULL;
3254 smp_del_chan(chan);
3255 }
3256}
0a2b0f04
JH		 3257
3258#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3259
cfc4198e
JH		 3260static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3261{
3262 const u8 irk[16] = {
3263 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3264 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3265 const u8 r[3] = { 0x94, 0x81, 0x70 };
3266 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3267 u8 res[3];
3268 int err;
3269
3270 err = smp_ah(tfm_aes, irk, r, res);
3271 if (err)
3272 return err;
3273
3274 if (memcmp(res, exp, 3))
3275 return -EINVAL;
3276
3277 return 0;
3278}
3279
3280static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3281{
3282 const u8 k[16] = {
3283 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3285 const u8 r[16] = {
3286 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3287 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3288 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3289 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3290 const u8 _iat = 0x01;
3291 const u8 _rat = 0x00;
3292 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3293 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3294 const u8 exp[16] = {
3295 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3296 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3297 u8 res[16];
3298 int err;
3299
3300 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3301 if (err)
3302 return err;
3303
3304 if (memcmp(res, exp, 16))
3305 return -EINVAL;
3306
3307 return 0;
3308}
3309
3310static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3311{
3312 const u8 k[16] = {
3313 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3314 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3315 const u8 r1[16] = {
3316 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3317 const u8 r2[16] = {
3318 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3319 const u8 exp[16] = {
3320 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3321 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3322 u8 res[16];
3323 int err;
3324
3325 err = smp_s1(tfm_aes, k, r1, r2, res);
3326 if (err)
3327 return err;
3328
3329 if (memcmp(res, exp, 16))
3330 return -EINVAL;
3331
3332 return 0;
3333}
3334
fb2969a3
JH		 3335static int __init test_f4(struct crypto_hash *tfm_cmac)
3336{
3337 const u8 u[32] = {
3338 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3339 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3340 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3341 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3342 const u8 v[32] = {
3343 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3344 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3345 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3346 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3347 const u8 x[16] = {
3348 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3349 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3350 const u8 z = 0x00;
3351 const u8 exp[16] = {
3352 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3353 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3354 u8 res[16];
3355 int err;
3356
3357 err = smp_f4(tfm_cmac, u, v, x, z, res);
3358 if (err)
3359 return err;
3360
3361 if (memcmp(res, exp, 16))
3362 return -EINVAL;
3363
3364 return 0;
3365}
3366
3367static int __init test_f5(struct crypto_hash *tfm_cmac)
3368{
3369 const u8 w[32] = {
3370 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3371 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3372 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3373 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3374 const u8 n1[16] = {
3375 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3376 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3377 const u8 n2[16] = {
3378 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3379 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3380 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3381 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3382 const u8 exp_ltk[16] = {
3383 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3384 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3385 const u8 exp_mackey[16] = {
3386 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3387 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3388 u8 mackey[16], ltk[16];
3389 int err;
3390
3391 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3392 if (err)
3393 return err;
3394
3395 if (memcmp(mackey, exp_mackey, 16))
3396 return -EINVAL;
3397
3398 if (memcmp(ltk, exp_ltk, 16))
3399 return -EINVAL;
3400
3401 return 0;
3402}
3403
3404static int __init test_f6(struct crypto_hash *tfm_cmac)
3405{
3406 const u8 w[16] = {
3407 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3408 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3409 const u8 n1[16] = {
3410 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3411 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3412 const u8 n2[16] = {
3413 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3414 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3415 const u8 r[16] = {
3416 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3417 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3418 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3419 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3420 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3421 const u8 exp[16] = {
3422 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3423 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3424 u8 res[16];
3425 int err;
3426
3427 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3428 if (err)
3429 return err;
3430
3431 if (memcmp(res, exp, 16))
3432 return -EINVAL;
3433
3434 return 0;
3435}
3436
3437static int __init test_g2(struct crypto_hash *tfm_cmac)
3438{
3439 const u8 u[32] = {
3440 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3441 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3442 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3443 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3444 const u8 v[32] = {
3445 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3446 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3447 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3448 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3449 const u8 x[16] = {
3450 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3451 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3452 const u8 y[16] = {
3453 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3454 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3455 const u32 exp_val = 0x2f9ed5ba % 1000000;
3456 u32 val;
3457 int err;
3458
3459 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3460 if (err)
3461 return err;
3462
3463 if (val != exp_val)
3464 return -EINVAL;
3465
3466 return 0;
3467}
3468
3469static int __init test_h6(struct crypto_hash *tfm_cmac)
3470{
3471 const u8 w[16] = {
3472 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3473 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3474 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3475 const u8 exp[16] = {
3476 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3477 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3478 u8 res[16];
3479 int err;
3480
3481 err = smp_h6(tfm_cmac, w, key_id, res);
3482 if (err)
3483 return err;
3484
3485 if (memcmp(res, exp, 16))
3486 return -EINVAL;
3487
3488 return 0;
3489}
3490
0a2b0f04
JH		 3491static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3492 struct crypto_hash *tfm_cmac)
3493{
255047b0
MH		 3494 ktime_t calltime, delta, rettime;
3495 unsigned long long duration;
cfc4198e
JH		 3496 int err;
3497
255047b0
MH		 3498 calltime = ktime_get();
3499
cfc4198e
JH		 3500 err = test_ah(tfm_aes);
3501 if (err) {
3502 BT_ERR("smp_ah test failed");
3503 return err;
3504 }
3505
3506 err = test_c1(tfm_aes);
3507 if (err) {
3508 BT_ERR("smp_c1 test failed");
3509 return err;
3510 }
3511
3512 err = test_s1(tfm_aes);
3513 if (err) {
3514 BT_ERR("smp_s1 test failed");
3515 return err;
3516 }
3517
fb2969a3
JH		 3518 err = test_f4(tfm_cmac);
3519 if (err) {
3520 BT_ERR("smp_f4 test failed");
3521 return err;
3522 }
3523
3524 err = test_f5(tfm_cmac);
3525 if (err) {
3526 BT_ERR("smp_f5 test failed");
3527 return err;
3528 }
3529
3530 err = test_f6(tfm_cmac);
3531 if (err) {
3532 BT_ERR("smp_f6 test failed");
3533 return err;
3534 }
3535
3536 err = test_g2(tfm_cmac);
3537 if (err) {
3538 BT_ERR("smp_g2 test failed");
3539 return err;
3540 }
3541
3542 err = test_h6(tfm_cmac);
3543 if (err) {
3544 BT_ERR("smp_h6 test failed");
3545 return err;
3546 }
3547
255047b0
MH		 3548 rettime = ktime_get();
3549 delta = ktime_sub(rettime, calltime);
3550 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3551
5ced2464 3552 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04
JH		 3553
3554 return 0;
3555}
3556
3557int __init bt_selftest_smp(void)
3558{
3559 struct crypto_blkcipher *tfm_aes;
3560 struct crypto_hash *tfm_cmac;
3561 int err;
3562
3563 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3564 if (IS_ERR(tfm_aes)) {
3565 BT_ERR("Unable to create ECB crypto context");
3566 return PTR_ERR(tfm_aes);
3567 }
3568
3569 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3570 if (IS_ERR(tfm_cmac)) {
3571 BT_ERR("Unable to create CMAC crypto context");
3572 crypto_free_blkcipher(tfm_aes);
3573 return PTR_ERR(tfm_cmac);
3574 }
3575
3576 err = run_selftests(tfm_aes, tfm_cmac);
3577
3578 crypto_free_hash(tfm_cmac);
3579 crypto_free_blkcipher(tfm_aes);
3580
3581 return err;
3582}
3583
3584#endif
Linux kernel - Deliverables
This page took 0.402035 seconds and 5 git commands to generate.