projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix scope of sc_only_mode debugfs entry
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
0edb14de
JH		 55#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
02b05bd8 73 SMP_FLAG_OOB,
533e35d4 74};
4bc58f51
JH		 75
76struct smp_chan {
b68fda68
JH		 77 struct l2cap_conn *conn;
78 struct delayed_work security_timer;
b28b4943 79 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 80
4bc58f51
JH		 81 u8 preq[7]; /* SMP Pairing Request */
82 u8 prsp[7]; /* SMP Pairing Response */
83 u8 prnd[16]; /* SMP Pairing Random (local) */
84 u8 rrnd[16]; /* SMP Pairing Random (remote) */
85 u8 pcnf[16]; /* SMP Pairing Confirm */
86 u8 tk[16]; /* SMP Temporary Key */
a29b0733 87 u8 rr[16];
4bc58f51
JH		 88 u8 enc_key_size;
89 u8 remote_key_dist;
90 bdaddr_t id_addr;
91 u8 id_addr_type;
92 u8 irk[16];
93 struct smp_csrk *csrk;
94 struct smp_csrk *slave_csrk;
95 struct smp_ltk *ltk;
96 struct smp_ltk *slave_ltk;
97 struct smp_irk *remote_irk;
6a77083a 98 u8 *link_key;
4a74d658 99 unsigned long flags;
783e0574 100 u8 method;
38606f14 101 u8 passkey_round;
6a7bd103 102
3b19146d
JH		 103 /* Secure Connections variables */
104 u8 local_pk[64];
105 u8 local_sk[32];
d8f8edbe
JH		 106 u8 remote_pk[64];
107 u8 dhkey[32];
760b018b 108 u8 mackey[16];
3b19146d 109
6a7bd103 110 struct crypto_blkcipher *tfm_aes;
407cecf6 111 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 112};
113
aeb7d461
JH		 114/* These debug key values are defined in the SMP section of the core
115 * specification. debug_pk is the public debug key and debug_sk the
116 * private debug key.
117 */
118static const u8 debug_pk[64] = {
119 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
120 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
121 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
122 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
123
124 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
125 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
126 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
127 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
128};
129
130static const u8 debug_sk[32] = {
131 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
132 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
133 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
134 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
135};
136
8a2936f4 137static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 138{
8a2936f4 139 size_t i;
d22ef0bc 140
8a2936f4
JH		 141 for (i = 0; i < len; i++)
142 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 143}
144
06edf8de
JH		 145/* The following functions map to the LE SC SMP crypto functions
146 * AES-CMAC, f4, f5, f6, g2 and h6.
147 */
148
cbbbe3e2
JH		 149static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
150 size_t len, u8 mac[16])
151{
152 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
153 struct hash_desc desc;
154 struct scatterlist sg;
155 int err;
156
157 if (len > CMAC_MSG_MAX)
158 return -EFBIG;
159
160 if (!tfm) {
161 BT_ERR("tfm %p", tfm);
162 return -EINVAL;
163 }
164
165 desc.tfm = tfm;
166 desc.flags = 0;
167
168 crypto_hash_init(&desc);
169
170 /* Swap key and message from LSB to MSB */
171 swap_buf(k, tmp, 16);
172 swap_buf(m, msg_msb, len);
173
c7a3d57d
JH		 174 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
175 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 176
177 err = crypto_hash_setkey(tfm, tmp, 16);
178 if (err) {
179 BT_ERR("cipher setkey failed: %d", err);
180 return err;
181 }
182
183 sg_init_one(&sg, msg_msb, len);
184
185 err = crypto_hash_update(&desc, &sg, len);
186 if (err) {
187 BT_ERR("Hash update error %d", err);
188 return err;
189 }
190
191 err = crypto_hash_final(&desc, mac_msb);
192 if (err) {
193 BT_ERR("Hash final error %d", err);
194 return err;
195 }
196
197 swap_buf(mac_msb, mac, 16);
198
c7a3d57d 199 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 200
201 return 0;
202}
203
204static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
205 const u8 x[16], u8 z, u8 res[16])
206{
207 u8 m[65];
208 int err;
209
c7a3d57d
JH		 210 SMP_DBG("u %32phN", u);
211 SMP_DBG("v %32phN", v);
212 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 213
214 m[0] = z;
215 memcpy(m + 1, v, 32);
216 memcpy(m + 33, u, 32);
217
218 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
219 if (err)
220 return err;
221
c7a3d57d 222 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 223
224 return err;
225}
226
4da50de8
JH		 227static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
228 const u8 n1[16], const u8 n2[16], const u8 a1[7],
229 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 230{
231 /* The btle, salt and length "magic" values are as defined in
232 * the SMP section of the Bluetooth core specification. In ASCII
233 * the btle value ends up being 'btle'. The salt is just a
234 * random number whereas length is the value 256 in little
235 * endian format.
236 */
237 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
238 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
239 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
240 const u8 length[2] = { 0x00, 0x01 };
241 u8 m[53], t[16];
242 int err;
243
c7a3d57d
JH		 244 SMP_DBG("w %32phN", w);
245 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
246 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 247
248 err = aes_cmac(tfm_cmac, salt, w, 32, t);
249 if (err)
250 return err;
251
c7a3d57d 252 SMP_DBG("t %16phN", t);
760b018b
JH		 253
254 memcpy(m, length, 2);
255 memcpy(m + 2, a2, 7);
256 memcpy(m + 9, a1, 7);
257 memcpy(m + 16, n2, 16);
258 memcpy(m + 32, n1, 16);
259 memcpy(m + 48, btle, 4);
260
261 m[52] = 0; /* Counter */
262
263 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
264 if (err)
265 return err;
266
c7a3d57d 267 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 268
269 m[52] = 1; /* Counter */
270
271 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
272 if (err)
273 return err;
274
c7a3d57d 275 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 276
277 return 0;
278}
279
280static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 281 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 282 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
283 u8 res[16])
284{
285 u8 m[65];
286 int err;
287
c7a3d57d
JH		 288 SMP_DBG("w %16phN", w);
289 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
290 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 291
292 memcpy(m, a2, 7);
293 memcpy(m + 7, a1, 7);
294 memcpy(m + 14, io_cap, 3);
295 memcpy(m + 17, r, 16);
296 memcpy(m + 33, n2, 16);
297 memcpy(m + 49, n1, 16);
298
299 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
300 if (err)
301 return err;
302
303 BT_DBG("res %16phN", res);
304
305 return err;
306}
307
191dc7fe
JH		 308static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
309 const u8 x[16], const u8 y[16], u32 *val)
310{
311 u8 m[80], tmp[16];
312 int err;
313
c7a3d57d
JH		 314 SMP_DBG("u %32phN", u);
315 SMP_DBG("v %32phN", v);
316 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 317
318 memcpy(m, y, 16);
319 memcpy(m + 16, v, 32);
320 memcpy(m + 48, u, 32);
321
322 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
323 if (err)
324 return err;
325
326 *val = get_unaligned_le32(tmp);
327 *val %= 1000000;
328
c7a3d57d 329 SMP_DBG("val %06u", *val);
191dc7fe
JH		 330
331 return 0;
332}
333
06edf8de
JH		 334static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
335 const u8 key_id[4], u8 res[16])
336{
337 int err;
338
339 SMP_DBG("w %16phN key_id %4phN", w, key_id);
340
341 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
342 if (err)
343 return err;
344
345 SMP_DBG("res %16phN", res);
346
347 return err;
348}
349
350/* The following functions map to the legacy SMP crypto functions e, c1,
351 * s1 and ah.
352 */
353
d22ef0bc
AB		 354static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
355{
356 struct blkcipher_desc desc;
357 struct scatterlist sg;
943a732a 358 uint8_t tmp[16], data[16];
201a5929 359 int err;
d22ef0bc 360
7f376cd6 361 if (!tfm) {
d22ef0bc
AB		 362 BT_ERR("tfm %p", tfm);
363 return -EINVAL;
364 }
365
366 desc.tfm = tfm;
367 desc.flags = 0;
368
943a732a 369 /* The most significant octet of key corresponds to k[0] */
8a2936f4 370 swap_buf(k, tmp, 16);
943a732a
JH		 371
372 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 373 if (err) {
374 BT_ERR("cipher setkey failed: %d", err);
375 return err;
376 }
377
943a732a 378 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 379 swap_buf(r, data, 16);
943a732a
JH		 380
381 sg_init_one(&sg, data, 16);
d22ef0bc 382
d22ef0bc
AB		 383 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
384 if (err)
385 BT_ERR("Encrypt data error %d", err);
386
943a732a 387 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 388 swap_buf(data, r, 16);
943a732a 389
d22ef0bc
AB		 390 return err;
391}
392
06edf8de
JH		 393static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
394 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
395 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 396{
06edf8de 397 u8 p1[16], p2[16];
6a77083a
JH		 398 int err;
399
06edf8de 400 memset(p1, 0, 16);
6a77083a 401
06edf8de
JH		 402 /* p1 = pres || preq || _rat || _iat */
403 p1[0] = _iat;
404 p1[1] = _rat;
405 memcpy(p1 + 2, preq, 7);
406 memcpy(p1 + 9, pres, 7);
407
408 /* p2 = padding || ia || ra */
409 memcpy(p2, ra, 6);
410 memcpy(p2 + 6, ia, 6);
411 memset(p2 + 12, 0, 4);
412
413 /* res = r XOR p1 */
414 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
415
416 /* res = e(k, res) */
417 err = smp_e(tfm_aes, k, res);
418 if (err) {
419 BT_ERR("Encrypt data error");
6a77083a 420 return err;
06edf8de 421 }
6a77083a 422
06edf8de
JH		 423 /* res = res XOR p2 */
424 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
425
426 /* res = e(k, res) */
427 err = smp_e(tfm_aes, k, res);
428 if (err)
429 BT_ERR("Encrypt data error");
430
431 return err;
432}
433
434static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
435 const u8 r1[16], const u8 r2[16], u8 _r[16])
436{
437 int err;
438
439 /* Just least significant octets from r1 and r2 are considered */
440 memcpy(_r, r2, 8);
441 memcpy(_r + 8, r1, 8);
442
443 err = smp_e(tfm_aes, k, _r);
444 if (err)
445 BT_ERR("Encrypt data error");
6a77083a
JH		 446
447 return err;
448}
449
cd082797
JH		 450static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
451 const u8 r[3], u8 res[3])
60478054 452{
943a732a 453 u8 _res[16];
60478054
JH		 454 int err;
455
456 /* r' = padding || r */
943a732a
JH		 457 memcpy(_res, r, 3);
458 memset(_res + 3, 0, 13);
60478054 459
943a732a 460 err = smp_e(tfm, irk, _res);
60478054
JH		 461 if (err) {
462 BT_ERR("Encrypt error");
463 return err;
464 }
465
466 /* The output of the random address function ah is:
467 * ah(h, r) = e(k, r') mod 2^24
468 * The output of the security function e is then truncated to 24 bits
469 * by taking the least significant 24 bits of the output of e as the
470 * result of ah.
471 */
943a732a 472 memcpy(res, _res, 3);
60478054
JH		 473
474 return 0;
475}
476
cd082797
JH		 477bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
478 const bdaddr_t *bdaddr)
60478054 479{
defce9e8
JH		 480 struct l2cap_chan *chan = hdev->smp_data;
481 struct crypto_blkcipher *tfm;
60478054
JH		 482 u8 hash[3];
483 int err;
484
defce9e8
JH		 485 if (!chan || !chan->data)
486 return false;
487
488 tfm = chan->data;
489
60478054
JH		 490 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
491
492 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
493 if (err)
494 return false;
495
496 return !memcmp(bdaddr->b, hash, 3);
497}
498
cd082797 499int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 500{
defce9e8
JH		 501 struct l2cap_chan *chan = hdev->smp_data;
502 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 503 int err;
504
defce9e8
JH		 505 if (!chan || !chan->data)
506 return -EOPNOTSUPP;
507
508 tfm = chan->data;
509
b1e2b3ae
JH		 510 get_random_bytes(&rpa->b[3], 3);
511
512 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
513 rpa->b[5] |= 0x40; /* Set second most significant bit */
514
515 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
516 if (err < 0)
517 return err;
518
519 BT_DBG("RPA %pMR", rpa);
520
521 return 0;
522}
523
5d88cc73 524static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 525{
5d88cc73 526 struct l2cap_chan *chan = conn->smp;
b68fda68 527 struct smp_chan *smp;
5d88cc73
JH		 528 struct kvec iv[2];
529 struct msghdr msg;
eb492e01 530
5d88cc73
JH		 531 if (!chan)
532 return;
eb492e01 533
5d88cc73 534 BT_DBG("code 0x%2.2x", code);
eb492e01 535
5d88cc73
JH		 536 iv[0].iov_base = &code;
537 iv[0].iov_len = 1;
eb492e01 538
5d88cc73
JH		 539 iv[1].iov_base = data;
540 iv[1].iov_len = len;
eb492e01 541
5d88cc73 542 memset(&msg, 0, sizeof(msg));
eb492e01 543
17836394 544 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 545
5d88cc73 546 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 547
b68fda68
JH		 548 if (!chan->data)
549 return;
550
551 smp = chan->data;
552
553 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 554 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 555}
556
d2eb9e10 557static u8 authreq_to_seclevel(u8 authreq)
2b64d153 558{
d2eb9e10
JH		 559 if (authreq & SMP_AUTH_MITM) {
560 if (authreq & SMP_AUTH_SC)
561 return BT_SECURITY_FIPS;
562 else
563 return BT_SECURITY_HIGH;
564 } else {
2b64d153 565 return BT_SECURITY_MEDIUM;
d2eb9e10 566 }
2b64d153
BG		 567}
568
569static __u8 seclevel_to_authreq(__u8 sec_level)
570{
571 switch (sec_level) {
d2eb9e10 572 case BT_SECURITY_FIPS:
2b64d153
BG		 573 case BT_SECURITY_HIGH:
574 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
575 case BT_SECURITY_MEDIUM:
576 return SMP_AUTH_BONDING;
577 default:
578 return SMP_AUTH_NONE;
579 }
580}
581
b8e66eac 582static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 583 struct smp_cmd_pairing *req,
584 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 585{
5d88cc73
JH		 586 struct l2cap_chan *chan = conn->smp;
587 struct smp_chan *smp = chan->data;
fd349c02
JH		 588 struct hci_conn *hcon = conn->hcon;
589 struct hci_dev *hdev = hcon->hdev;
02b05bd8 590 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 591
b6ae8457 592 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 593 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
594 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 595 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 596 } else {
597 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 598 }
599
fd349c02
JH		 600 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
601 remote_dist |= SMP_DIST_ID_KEY;
602
863efaf2
JH		 603 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
604 local_dist |= SMP_DIST_ID_KEY;
605
02b05bd8
JH		 606 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
607 (authreq & SMP_AUTH_SC)) {
608 struct oob_data *oob_data;
609 u8 bdaddr_type;
610
611 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
df8e1a4c
JH		 612 local_dist |= SMP_DIST_LINK_KEY;
613 remote_dist |= SMP_DIST_LINK_KEY;
614 }
02b05bd8
JH		 615
616 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
617 bdaddr_type = BDADDR_LE_PUBLIC;
618 else
619 bdaddr_type = BDADDR_LE_RANDOM;
620
621 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
622 bdaddr_type);
623 if (oob_data) {
624 set_bit(SMP_FLAG_OOB, &smp->flags);
625 oob_flag = SMP_OOB_PRESENT;
a29b0733 626 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 627 memcpy(smp->pcnf, oob_data->hash256, 16);
628 }
629
df8e1a4c
JH		 630 } else {
631 authreq &= ~SMP_AUTH_SC;
632 }
633
54790f73
VCG		 634 if (rsp == NULL) {
635 req->io_capability = conn->hcon->io_capability;
02b05bd8 636 req->oob_flag = oob_flag;
54790f73 637 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 638 req->init_key_dist = local_dist;
639 req->resp_key_dist = remote_dist;
0edb14de 640 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 641
642 smp->remote_key_dist = remote_dist;
54790f73
VCG		 643 return;
644 }
645
646 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 647 rsp->oob_flag = oob_flag;
54790f73 648 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 649 rsp->init_key_dist = req->init_key_dist & remote_dist;
650 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 651 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 652
653 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 654}
655
3158c50c
VCG		 656static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
657{
5d88cc73
JH		 658 struct l2cap_chan *chan = conn->smp;
659 struct smp_chan *smp = chan->data;
1c1def09 660
3158c50c 661 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 662 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 663 return SMP_ENC_KEY_SIZE;
664
f7aa611a 665 smp->enc_key_size = max_key_size;
3158c50c
VCG		 666
667 return 0;
668}
669
6f48e260
JH		 670static void smp_chan_destroy(struct l2cap_conn *conn)
671{
672 struct l2cap_chan *chan = conn->smp;
673 struct smp_chan *smp = chan->data;
923e2414 674 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 675 bool complete;
676
677 BUG_ON(!smp);
678
679 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 680
6f48e260 681 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 682 mgmt_smp_complete(hcon, complete);
6f48e260
JH		 683
684 kfree(smp->csrk);
685 kfree(smp->slave_csrk);
6a77083a 686 kfree(smp->link_key);
6f48e260
JH		 687
688 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 689 crypto_free_hash(smp->tfm_cmac);
6f48e260 690
923e2414
JH		 691 /* Ensure that we don't leave any debug key around if debug key
692 * support hasn't been explicitly enabled.
693 */
694 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
695 !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
696 list_del_rcu(&smp->ltk->list);
697 kfree_rcu(smp->ltk, rcu);
698 smp->ltk = NULL;
699 }
700
6f48e260
JH		 701 /* If pairing failed clean up any keys we might have */
702 if (!complete) {
703 if (smp->ltk) {
970d0f1b
JH		 704 list_del_rcu(&smp->ltk->list);
705 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 706 }
707
708 if (smp->slave_ltk) {
970d0f1b
JH		 709 list_del_rcu(&smp->slave_ltk->list);
710 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 711 }
712
713 if (smp->remote_irk) {
adae20cb
JH		 714 list_del_rcu(&smp->remote_irk->list);
715 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 716 }
717 }
718
719 chan->data = NULL;
720 kfree(smp);
923e2414 721 hci_conn_drop(hcon);
6f48e260
JH		 722}
723
84794e11 724static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 725{
bab73cb6 726 struct hci_conn *hcon = conn->hcon;
b68fda68 727 struct l2cap_chan *chan = conn->smp;
bab73cb6 728
84794e11 729 if (reason)
4f957a76 730 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 731 &reason);
4f957a76 732
ce39fb4e 733 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 734 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 735
fc75cc86 736 if (chan->data)
f1c09c07 737 smp_chan_destroy(conn);
4f957a76
BG		 738}
739
2b64d153
BG		 740#define JUST_WORKS 0x00
741#define JUST_CFM 0x01
742#define REQ_PASSKEY 0x02
743#define CFM_PASSKEY 0x03
744#define REQ_OOB 0x04
5e3d3d9b 745#define DSP_PASSKEY 0x05
2b64d153
BG		 746#define OVERLAP 0xFF
747
748static const u8 gen_method[5][5] = {
749 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
750 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
751 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
752 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
753 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
754};
755
5e3d3d9b
JH		 756static const u8 sc_method[5][5] = {
757 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
758 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
759 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
760 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
761 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
762};
763
581370cc
JH		 764static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
765{
2bcd4003
JH		 766 /* If either side has unknown io_caps, use JUST_CFM (which gets
767 * converted later to JUST_WORKS if we're initiators.
768 */
581370cc
JH		 769 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
770 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 771 return JUST_CFM;
581370cc 772
5e3d3d9b
JH		 773 if (test_bit(SMP_FLAG_SC, &smp->flags))
774 return sc_method[remote_io][local_io];
775
581370cc
JH		 776 return gen_method[remote_io][local_io];
777}
778
2b64d153
BG		 779static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
780 u8 local_io, u8 remote_io)
781{
782 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 783 struct l2cap_chan *chan = conn->smp;
784 struct smp_chan *smp = chan->data;
2b64d153
BG		 785 u32 passkey = 0;
786 int ret = 0;
787
788 /* Initialize key for JUST WORKS */
789 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 790 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 791
792 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
793
2bcd4003
JH		 794 /* If neither side wants MITM, either "just" confirm an incoming
795 * request or use just-works for outgoing ones. The JUST_CFM
796 * will be converted to JUST_WORKS if necessary later in this
797 * function. If either side has MITM look up the method from the
798 * table.
799 */
581370cc 800 if (!(auth & SMP_AUTH_MITM))
783e0574 801 smp->method = JUST_CFM;
2b64d153 802 else
783e0574 803 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 804
a82505c7 805 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 806 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
807 &smp->flags))
808 smp->method = JUST_WORKS;
a82505c7 809
02f3e254 810 /* Don't bother user space with no IO capabilities */
783e0574
JH		 811 if (smp->method == JUST_CFM &&
812 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
813 smp->method = JUST_WORKS;
02f3e254 814
2b64d153 815 /* If Just Works, Continue with Zero TK */
783e0574 816 if (smp->method == JUST_WORKS) {
4a74d658 817 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 818 return 0;
819 }
820
821 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 822 if (smp->method != JUST_CFM) {
4a74d658 823 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 824 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
825 hcon->pending_sec_level = BT_SECURITY_HIGH;
826 }
2b64d153
BG		 827
828 /* If both devices have Keyoard-Display I/O, the master
829 * Confirms and the slave Enters the passkey.
830 */
783e0574 831 if (smp->method == OVERLAP) {
40bef302 832 if (hcon->role == HCI_ROLE_MASTER)
783e0574 833 smp->method = CFM_PASSKEY;
2b64d153 834 else
783e0574 835 smp->method = REQ_PASSKEY;
2b64d153
BG		 836 }
837
01ad34d2 838 /* Generate random passkey. */
783e0574 839 if (smp->method == CFM_PASSKEY) {
943a732a 840 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 841 get_random_bytes(&passkey, sizeof(passkey));
842 passkey %= 1000000;
943a732a 843 put_unaligned_le32(passkey, smp->tk);
2b64d153 844 BT_DBG("PassKey: %d", passkey);
4a74d658 845 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 846 }
847
783e0574 848 if (smp->method == REQ_PASSKEY)
ce39fb4e 849 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 850 hcon->type, hcon->dst_type);
783e0574 851 else if (smp->method == JUST_CFM)
4eb65e66
JH		 852 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
853 hcon->type, hcon->dst_type,
854 passkey, 1);
2b64d153 855 else
01ad34d2 856 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 857 hcon->type, hcon->dst_type,
39adbffe 858 passkey, 0);
2b64d153 859
2b64d153
BG		 860 return ret;
861}
862
1cc61144 863static u8 smp_confirm(struct smp_chan *smp)
8aab4757 864{
8aab4757 865 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 866 struct smp_cmd_pairing_confirm cp;
867 int ret;
8aab4757
VCG		 868
869 BT_DBG("conn %p", conn);
870
e491eaf3 871 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 872 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 873 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
874 cp.confirm_val);
1cc61144
JH		 875 if (ret)
876 return SMP_UNSPECIFIED;
8aab4757 877
4a74d658 878 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 879
8aab4757
VCG		 880 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
881
b28b4943
JH		 882 if (conn->hcon->out)
883 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
884 else
885 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
886
1cc61144 887 return 0;
8aab4757
VCG		 888}
889
861580a9 890static u8 smp_random(struct smp_chan *smp)
8aab4757 891{
8aab4757
VCG		 892 struct l2cap_conn *conn = smp->conn;
893 struct hci_conn *hcon = conn->hcon;
861580a9 894 u8 confirm[16];
8aab4757
VCG		 895 int ret;
896
ec70f36f 897 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 898 return SMP_UNSPECIFIED;
8aab4757
VCG		 899
900 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
901
e491eaf3 902 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 903 hcon->init_addr_type, &hcon->init_addr,
943a732a 904 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 905 if (ret)
906 return SMP_UNSPECIFIED;
8aab4757 907
8aab4757
VCG		 908 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
909 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 910 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 911 }
912
913 if (hcon->out) {
fe39c7b2
MH		 914 u8 stk[16];
915 __le64 rand = 0;
916 __le16 ediv = 0;
8aab4757 917
e491eaf3 918 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 919
f7aa611a 920 memset(stk + smp->enc_key_size, 0,
04124681 921 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 922
861580a9
JH		 923 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
924 return SMP_UNSPECIFIED;
8aab4757
VCG		 925
926 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 927 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 928 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 929 } else {
fff3490f 930 u8 stk[16], auth;
fe39c7b2
MH		 931 __le64 rand = 0;
932 __le16 ediv = 0;
8aab4757 933
943a732a
JH		 934 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
935 smp->prnd);
8aab4757 936
e491eaf3 937 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 938
f7aa611a 939 memset(stk + smp->enc_key_size, 0,
f1560463 940 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 941
fff3490f
JH		 942 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
943 auth = 1;
944 else
945 auth = 0;
946
7d5843b7
JH		 947 /* Even though there's no _SLAVE suffix this is the
948 * slave STK we're adding for later lookup (the master
949 * STK never needs to be stored).
950 */
ce39fb4e 951 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 952 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 953 }
954
861580a9 955 return 0;
8aab4757
VCG		 956}
957
44f1a7ab
JH		 958static void smp_notify_keys(struct l2cap_conn *conn)
959{
960 struct l2cap_chan *chan = conn->smp;
961 struct smp_chan *smp = chan->data;
962 struct hci_conn *hcon = conn->hcon;
963 struct hci_dev *hdev = hcon->hdev;
964 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
965 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
966 bool persistent;
967
968 if (smp->remote_irk) {
969 mgmt_new_irk(hdev, smp->remote_irk);
970 /* Now that user space can be considered to know the
971 * identity address track the connection based on it
b5ae344d 972 * from now on (assuming this is an LE link).
44f1a7ab 973 */
b5ae344d
JH		 974 if (hcon->type == LE_LINK) {
975 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
976 hcon->dst_type = smp->remote_irk->addr_type;
977 queue_work(hdev->workqueue, &conn->id_addr_update_work);
978 }
44f1a7ab
JH		 979
980 /* When receiving an indentity resolving key for
981 * a remote device that does not use a resolvable
982 * private address, just remove the key so that
983 * it is possible to use the controller white
984 * list for scanning.
985 *
986 * Userspace will have been told to not store
987 * this key at this point. So it is safe to
988 * just remove it.
989 */
990 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 991 list_del_rcu(&smp->remote_irk->list);
992 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 993 smp->remote_irk = NULL;
994 }
995 }
996
b5ae344d
JH		 997 if (hcon->type == ACL_LINK) {
998 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
999 persistent = false;
1000 else
1001 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1002 &hcon->flags);
1003 } else {
1004 /* The LTKs and CSRKs should be persistent only if both sides
1005 * had the bonding bit set in their authentication requests.
1006 */
1007 persistent = !!((req->auth_req & rsp->auth_req) &
1008 SMP_AUTH_BONDING);
1009 }
1010
44f1a7ab
JH		 1011
1012 if (smp->csrk) {
1013 smp->csrk->bdaddr_type = hcon->dst_type;
1014 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1015 mgmt_new_csrk(hdev, smp->csrk, persistent);
1016 }
1017
1018 if (smp->slave_csrk) {
1019 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1020 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1021 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1022 }
1023
1024 if (smp->ltk) {
1025 smp->ltk->bdaddr_type = hcon->dst_type;
1026 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1027 mgmt_new_ltk(hdev, smp->ltk, persistent);
1028 }
1029
1030 if (smp->slave_ltk) {
1031 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1032 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1033 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1034 }
6a77083a
JH		 1035
1036 if (smp->link_key) {
e3befab9
JH		 1037 struct link_key *key;
1038 u8 type;
1039
1040 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1041 type = HCI_LK_DEBUG_COMBINATION;
1042 else if (hcon->sec_level == BT_SECURITY_FIPS)
1043 type = HCI_LK_AUTH_COMBINATION_P256;
1044 else
1045 type = HCI_LK_UNAUTH_COMBINATION_P256;
1046
1047 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1048 smp->link_key, type, 0, &persistent);
1049 if (key) {
1050 mgmt_new_link_key(hdev, key, persistent);
1051
1052 /* Don't keep debug keys around if the relevant
1053 * flag is not set.
1054 */
1055 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1056 key->type == HCI_LK_DEBUG_COMBINATION) {
1057 list_del_rcu(&key->list);
1058 kfree_rcu(key, rcu);
1059 }
1060 }
6a77083a
JH		 1061 }
1062}
1063
d3e54a87
JH		 1064static void sc_add_ltk(struct smp_chan *smp)
1065{
1066 struct hci_conn *hcon = smp->conn->hcon;
1067 u8 key_type, auth;
1068
1069 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1070 key_type = SMP_LTK_P256_DEBUG;
1071 else
1072 key_type = SMP_LTK_P256;
1073
1074 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1075 auth = 1;
1076 else
1077 auth = 0;
1078
1079 memset(smp->tk + smp->enc_key_size, 0,
1080 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1081
1082 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1083 key_type, auth, smp->tk, smp->enc_key_size,
1084 0, 0);
1085}
1086
6a77083a
JH		 1087static void sc_generate_link_key(struct smp_chan *smp)
1088{
1089 /* These constants are as specified in the core specification.
1090 * In ASCII they spell out to 'tmp1' and 'lebr'.
1091 */
1092 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1093 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1094
1095 smp->link_key = kzalloc(16, GFP_KERNEL);
1096 if (!smp->link_key)
1097 return;
1098
1099 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1100 kfree(smp->link_key);
1101 smp->link_key = NULL;
1102 return;
1103 }
1104
1105 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1106 kfree(smp->link_key);
1107 smp->link_key = NULL;
1108 return;
1109 }
44f1a7ab
JH		 1110}
1111
b28b4943
JH		 1112static void smp_allow_key_dist(struct smp_chan *smp)
1113{
1114 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1115 * will be allowed in each PDU handler to ensure we receive
1116 * them in the correct order.
1117 */
1118 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1119 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1120 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1121 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1122 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1123 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1124}
1125
b5ae344d
JH		 1126static void sc_generate_ltk(struct smp_chan *smp)
1127{
1128 /* These constants are as specified in the core specification.
1129 * In ASCII they spell out to 'tmp2' and 'brle'.
1130 */
1131 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1132 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1133 struct hci_conn *hcon = smp->conn->hcon;
1134 struct hci_dev *hdev = hcon->hdev;
1135 struct link_key *key;
1136
1137 key = hci_find_link_key(hdev, &hcon->dst);
1138 if (!key) {
1139 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1140 return;
1141 }
1142
1143 if (key->type == HCI_LK_DEBUG_COMBINATION)
1144 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1145
1146 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1147 return;
1148
1149 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1150 return;
1151
1152 sc_add_ltk(smp);
1153}
1154
d6268e86 1155static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1156{
1157 struct smp_cmd_pairing *req, *rsp;
86d1407c 1158 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1159 struct hci_conn *hcon = conn->hcon;
1160 struct hci_dev *hdev = hcon->hdev;
1161 __u8 *keydist;
1162
1163 BT_DBG("conn %p", conn);
1164
44f1a7ab
JH		 1165 rsp = (void *) &smp->prsp[1];
1166
1167 /* The responder sends its keys first */
b28b4943
JH		 1168 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1169 smp_allow_key_dist(smp);
86d1407c 1170 return;
b28b4943 1171 }
44f1a7ab
JH		 1172
1173 req = (void *) &smp->preq[1];
1174
1175 if (hcon->out) {
1176 keydist = &rsp->init_key_dist;
1177 *keydist &= req->init_key_dist;
1178 } else {
1179 keydist = &rsp->resp_key_dist;
1180 *keydist &= req->resp_key_dist;
1181 }
1182
6a77083a 1183 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1184 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1185 sc_generate_link_key(smp);
b5ae344d
JH		 1186 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1187 sc_generate_ltk(smp);
6a77083a
JH		 1188
1189 /* Clear the keys which are generated but not distributed */
1190 *keydist &= ~SMP_SC_NO_DIST;
1191 }
1192
44f1a7ab
JH		 1193 BT_DBG("keydist 0x%x", *keydist);
1194
1195 if (*keydist & SMP_DIST_ENC_KEY) {
1196 struct smp_cmd_encrypt_info enc;
1197 struct smp_cmd_master_ident ident;
1198 struct smp_ltk *ltk;
1199 u8 authenticated;
1200 __le16 ediv;
1201 __le64 rand;
1202
1203 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1204 get_random_bytes(&ediv, sizeof(ediv));
1205 get_random_bytes(&rand, sizeof(rand));
1206
1207 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1208
1209 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1210 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1211 SMP_LTK_SLAVE, authenticated, enc.ltk,
1212 smp->enc_key_size, ediv, rand);
1213 smp->slave_ltk = ltk;
1214
1215 ident.ediv = ediv;
1216 ident.rand = rand;
1217
1218 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1219
1220 *keydist &= ~SMP_DIST_ENC_KEY;
1221 }
1222
1223 if (*keydist & SMP_DIST_ID_KEY) {
1224 struct smp_cmd_ident_addr_info addrinfo;
1225 struct smp_cmd_ident_info idinfo;
1226
1227 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1228
1229 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1230
1231 /* The hci_conn contains the local identity address
1232 * after the connection has been established.
1233 *
1234 * This is true even when the connection has been
1235 * established using a resolvable random address.
1236 */
1237 bacpy(&addrinfo.bdaddr, &hcon->src);
1238 addrinfo.addr_type = hcon->src_type;
1239
1240 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1241 &addrinfo);
1242
1243 *keydist &= ~SMP_DIST_ID_KEY;
1244 }
1245
1246 if (*keydist & SMP_DIST_SIGN) {
1247 struct smp_cmd_sign_info sign;
1248 struct smp_csrk *csrk;
1249
1250 /* Generate a new random key */
1251 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1252
1253 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1254 if (csrk) {
1255 csrk->master = 0x00;
1256 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1257 }
1258 smp->slave_csrk = csrk;
1259
1260 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1261
1262 *keydist &= ~SMP_DIST_SIGN;
1263 }
1264
1265 /* If there are still keys to be received wait for them */
b28b4943
JH		 1266 if (smp->remote_key_dist & KEY_DIST_MASK) {
1267 smp_allow_key_dist(smp);
86d1407c 1268 return;
b28b4943 1269 }
44f1a7ab 1270
44f1a7ab
JH		 1271 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1272 smp_notify_keys(conn);
1273
1274 smp_chan_destroy(conn);
44f1a7ab
JH		 1275}
1276
b68fda68
JH		 1277static void smp_timeout(struct work_struct *work)
1278{
1279 struct smp_chan *smp = container_of(work, struct smp_chan,
1280 security_timer.work);
1281 struct l2cap_conn *conn = smp->conn;
1282
1283 BT_DBG("conn %p", conn);
1284
1e91c29e 1285 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1286}
1287
8aab4757
VCG		 1288static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1289{
5d88cc73 1290 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1291 struct smp_chan *smp;
1292
f1560463 1293 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1294 if (!smp)
8aab4757
VCG		 1295 return NULL;
1296
6a7bd103
JH		 1297 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1298 if (IS_ERR(smp->tfm_aes)) {
1299 BT_ERR("Unable to create ECB crypto context");
1300 kfree(smp);
1301 return NULL;
1302 }
1303
407cecf6
JH		 1304 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1305 if (IS_ERR(smp->tfm_cmac)) {
1306 BT_ERR("Unable to create CMAC crypto context");
1307 crypto_free_blkcipher(smp->tfm_aes);
1308 kfree(smp);
1309 return NULL;
1310 }
1311
8aab4757 1312 smp->conn = conn;
5d88cc73 1313 chan->data = smp;
8aab4757 1314
b28b4943
JH		 1315 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1316
b68fda68
JH		 1317 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1318
8aab4757
VCG		 1319 hci_conn_hold(conn->hcon);
1320
1321 return smp;
1322}
1323
760b018b
JH		 1324static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1325{
1326 struct hci_conn *hcon = smp->conn->hcon;
1327 u8 *na, *nb, a[7], b[7];
1328
1329 if (hcon->out) {
1330 na = smp->prnd;
1331 nb = smp->rrnd;
1332 } else {
1333 na = smp->rrnd;
1334 nb = smp->prnd;
1335 }
1336
1337 memcpy(a, &hcon->init_addr, 6);
1338 memcpy(b, &hcon->resp_addr, 6);
1339 a[6] = hcon->init_addr_type;
1340 b[6] = hcon->resp_addr_type;
1341
1342 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1343}
1344
38606f14 1345static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1346{
1347 struct hci_conn *hcon = smp->conn->hcon;
1348 struct smp_cmd_dhkey_check check;
1349 u8 a[7], b[7], *local_addr, *remote_addr;
1350 u8 io_cap[3], r[16];
1351
760b018b
JH		 1352 memcpy(a, &hcon->init_addr, 6);
1353 memcpy(b, &hcon->resp_addr, 6);
1354 a[6] = hcon->init_addr_type;
1355 b[6] = hcon->resp_addr_type;
1356
1357 if (hcon->out) {
1358 local_addr = a;
1359 remote_addr = b;
1360 memcpy(io_cap, &smp->preq[1], 3);
1361 } else {
1362 local_addr = b;
1363 remote_addr = a;
1364 memcpy(io_cap, &smp->prsp[1], 3);
1365 }
1366
dddd3059
JH		 1367 memset(r, 0, sizeof(r));
1368
1369 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1370 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1371
a29b0733
JH		 1372 if (smp->method == REQ_OOB)
1373 memcpy(r, smp->rr, 16);
1374
760b018b
JH		 1375 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1376 local_addr, remote_addr, check.e);
1377
1378 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1379}
1380
38606f14
JH		 1381static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1382{
1383 struct l2cap_conn *conn = smp->conn;
1384 struct hci_conn *hcon = conn->hcon;
1385 struct smp_cmd_pairing_confirm cfm;
1386 u8 r;
1387
1388 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1389 r |= 0x80;
1390
1391 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1392
1393 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1394 cfm.confirm_val))
1395 return SMP_UNSPECIFIED;
1396
1397 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1398
1399 return 0;
1400}
1401
1402static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1403{
1404 struct l2cap_conn *conn = smp->conn;
1405 struct hci_conn *hcon = conn->hcon;
1406 struct hci_dev *hdev = hcon->hdev;
1407 u8 cfm[16], r;
1408
1409 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1410 if (smp->passkey_round >= 20)
1411 return 0;
1412
1413 switch (smp_op) {
1414 case SMP_CMD_PAIRING_RANDOM:
1415 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1416 r |= 0x80;
1417
1418 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1419 smp->rrnd, r, cfm))
1420 return SMP_UNSPECIFIED;
1421
1422 if (memcmp(smp->pcnf, cfm, 16))
1423 return SMP_CONFIRM_FAILED;
1424
1425 smp->passkey_round++;
1426
1427 if (smp->passkey_round == 20) {
1428 /* Generate MacKey and LTK */
1429 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1430 return SMP_UNSPECIFIED;
1431 }
1432
1433 /* The round is only complete when the initiator
1434 * receives pairing random.
1435 */
1436 if (!hcon->out) {
1437 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1438 sizeof(smp->prnd), smp->prnd);
d3e54a87 1439 if (smp->passkey_round == 20)
38606f14 1440 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1441 else
38606f14 1442 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1443 return 0;
1444 }
1445
1446 /* Start the next round */
1447 if (smp->passkey_round != 20)
1448 return sc_passkey_round(smp, 0);
1449
1450 /* Passkey rounds are complete - start DHKey Check */
1451 sc_dhkey_check(smp);
1452 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1453
1454 break;
1455
1456 case SMP_CMD_PAIRING_CONFIRM:
1457 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1458 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1459 return 0;
1460 }
1461
1462 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1463
1464 if (hcon->out) {
1465 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1466 sizeof(smp->prnd), smp->prnd);
1467 return 0;
1468 }
1469
1470 return sc_passkey_send_confirm(smp);
1471
1472 case SMP_CMD_PUBLIC_KEY:
1473 default:
1474 /* Initiating device starts the round */
1475 if (!hcon->out)
1476 return 0;
1477
1478 BT_DBG("%s Starting passkey round %u", hdev->name,
1479 smp->passkey_round + 1);
1480
1481 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1482
1483 return sc_passkey_send_confirm(smp);
1484 }
1485
1486 return 0;
1487}
1488
dddd3059
JH		 1489static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1490{
38606f14
JH		 1491 struct l2cap_conn *conn = smp->conn;
1492 struct hci_conn *hcon = conn->hcon;
1493 u8 smp_op;
1494
1495 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1496
dddd3059
JH		 1497 switch (mgmt_op) {
1498 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1499 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1500 return 0;
1501 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1502 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1503 return 0;
38606f14
JH		 1504 case MGMT_OP_USER_PASSKEY_REPLY:
1505 hcon->passkey_notify = le32_to_cpu(passkey);
1506 smp->passkey_round = 0;
1507
1508 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1509 smp_op = SMP_CMD_PAIRING_CONFIRM;
1510 else
1511 smp_op = 0;
1512
1513 if (sc_passkey_round(smp, smp_op))
1514 return -EIO;
1515
1516 return 0;
dddd3059
JH		 1517 }
1518
d3e54a87
JH		 1519 /* Initiator sends DHKey check first */
1520 if (hcon->out) {
1521 sc_dhkey_check(smp);
1522 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1523 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1524 sc_dhkey_check(smp);
1525 sc_add_ltk(smp);
1526 }
760b018b
JH		 1527
1528 return 0;
1529}
1530
2b64d153
BG		 1531int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1532{
b10e8017 1533 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1534 struct l2cap_chan *chan;
2b64d153
BG		 1535 struct smp_chan *smp;
1536 u32 value;
fc75cc86 1537 int err;
2b64d153
BG		 1538
1539 BT_DBG("");
1540
fc75cc86 1541 if (!conn)
2b64d153
BG		 1542 return -ENOTCONN;
1543
5d88cc73
JH		 1544 chan = conn->smp;
1545 if (!chan)
1546 return -ENOTCONN;
1547
fc75cc86
JH		 1548 l2cap_chan_lock(chan);
1549 if (!chan->data) {
1550 err = -ENOTCONN;
1551 goto unlock;
1552 }
1553
5d88cc73 1554 smp = chan->data;
2b64d153 1555
760b018b
JH		 1556 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1557 err = sc_user_reply(smp, mgmt_op, passkey);
1558 goto unlock;
1559 }
1560
2b64d153
BG		 1561 switch (mgmt_op) {
1562 case MGMT_OP_USER_PASSKEY_REPLY:
1563 value = le32_to_cpu(passkey);
943a732a 1564 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1565 BT_DBG("PassKey: %d", value);
943a732a 1566 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1567 /* Fall Through */
1568 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1569 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1570 break;
1571 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1572 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1573 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1574 err = 0;
1575 goto unlock;
2b64d153 1576 default:
84794e11 1577 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1578 err = -EOPNOTSUPP;
1579 goto unlock;
2b64d153
BG		 1580 }
1581
fc75cc86
JH		 1582 err = 0;
1583
2b64d153 1584 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1585 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1586 u8 rsp = smp_confirm(smp);
1587 if (rsp)
1588 smp_failure(conn, rsp);
1589 }
2b64d153 1590
fc75cc86
JH		 1591unlock:
1592 l2cap_chan_unlock(chan);
1593 return err;
2b64d153
BG		 1594}
1595
b5ae344d
JH		 1596static void build_bredr_pairing_cmd(struct smp_chan *smp,
1597 struct smp_cmd_pairing *req,
1598 struct smp_cmd_pairing *rsp)
1599{
1600 struct l2cap_conn *conn = smp->conn;
1601 struct hci_dev *hdev = conn->hcon->hdev;
1602 u8 local_dist = 0, remote_dist = 0;
1603
1604 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1605 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1606 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1607 }
1608
1609 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1610 remote_dist |= SMP_DIST_ID_KEY;
1611
1612 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1613 local_dist |= SMP_DIST_ID_KEY;
1614
1615 if (!rsp) {
1616 memset(req, 0, sizeof(*req));
1617
1618 req->init_key_dist = local_dist;
1619 req->resp_key_dist = remote_dist;
1620 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1621
1622 smp->remote_key_dist = remote_dist;
1623
1624 return;
1625 }
1626
1627 memset(rsp, 0, sizeof(*rsp));
1628
1629 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1630 rsp->init_key_dist = req->init_key_dist & remote_dist;
1631 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1632
1633 smp->remote_key_dist = rsp->init_key_dist;
1634}
1635
da85e5e5 1636static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1637{
3158c50c 1638 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1639 struct l2cap_chan *chan = conn->smp;
b3c6410b 1640 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1641 struct smp_chan *smp;
c7262e71 1642 u8 key_size, auth, sec_level;
8aab4757 1643 int ret;
88ba43b6
AB		 1644
1645 BT_DBG("conn %p", conn);
1646
c46b98be 1647 if (skb->len < sizeof(*req))
38e4a915 1648 return SMP_INVALID_PARAMS;
c46b98be 1649
40bef302 1650 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1651 return SMP_CMD_NOTSUPP;
1652
fc75cc86 1653 if (!chan->data)
8aab4757 1654 smp = smp_chan_create(conn);
fc75cc86 1655 else
5d88cc73 1656 smp = chan->data;
8aab4757 1657
d08fd0e7
AE		 1658 if (!smp)
1659 return SMP_UNSPECIFIED;
d26a2345 1660
c05b9339 1661 /* We didn't start the pairing, so match remote */
0edb14de 1662 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1663
b6ae8457 1664 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1665 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1666 return SMP_PAIRING_NOTSUPP;
1667
903b71c7
JH		 1668 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1669 return SMP_AUTH_REQUIREMENTS;
1670
1c1def09
VCG		 1671 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1672 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1673 skb_pull(skb, sizeof(*req));
88ba43b6 1674
b5ae344d
JH		 1675 /* SMP over BR/EDR requires special treatment */
1676 if (conn->hcon->type == ACL_LINK) {
1677 /* We must have a BR/EDR SC link */
08f63cc5 1678 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
300acfde 1679 !test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
b5ae344d
JH		 1680 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1681
1682 set_bit(SMP_FLAG_SC, &smp->flags);
1683
1684 build_bredr_pairing_cmd(smp, req, &rsp);
1685
1686 key_size = min(req->max_key_size, rsp.max_key_size);
1687 if (check_enc_key_size(conn, key_size))
1688 return SMP_ENC_KEY_SIZE;
1689
1690 /* Clear bits which are generated but not distributed */
1691 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1692
1693 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1694 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1695 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1696
1697 smp_distribute_keys(smp);
1698 return 0;
1699 }
1700
5e3d3d9b
JH		 1701 build_pairing_cmd(conn, req, &rsp, auth);
1702
1703 if (rsp.auth_req & SMP_AUTH_SC)
1704 set_bit(SMP_FLAG_SC, &smp->flags);
1705
5be5e275 1706 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1707 sec_level = BT_SECURITY_MEDIUM;
1708 else
1709 sec_level = authreq_to_seclevel(auth);
1710
c7262e71
JH		 1711 if (sec_level > conn->hcon->pending_sec_level)
1712 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1713
49c922bb 1714 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1715 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1716 u8 method;
1717
1718 method = get_auth_method(smp, conn->hcon->io_capability,
1719 req->io_capability);
1720 if (method == JUST_WORKS || method == JUST_CFM)
1721 return SMP_AUTH_REQUIREMENTS;
1722 }
1723
3158c50c
VCG		 1724 key_size = min(req->max_key_size, rsp.max_key_size);
1725 if (check_enc_key_size(conn, key_size))
1726 return SMP_ENC_KEY_SIZE;
88ba43b6 1727
e84a6b13 1728 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1729
1c1def09
VCG		 1730 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1731 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1732
3158c50c 1733 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1734
1735 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1736
1737 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1738 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1739 /* Clear bits which are generated but not distributed */
1740 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1741 /* Wait for Public Key from Initiating Device */
1742 return 0;
1743 } else {
1744 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1745 }
da85e5e5 1746
2b64d153
BG		 1747 /* Request setup of TK */
1748 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1749 if (ret)
1750 return SMP_UNSPECIFIED;
1751
da85e5e5 1752 return 0;
88ba43b6
AB		 1753}
1754
3b19146d
JH		 1755static u8 sc_send_public_key(struct smp_chan *smp)
1756{
70157ef5
JH		 1757 struct hci_dev *hdev = smp->conn->hcon->hdev;
1758
3b19146d
JH		 1759 BT_DBG("");
1760
70157ef5
JH		 1761 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1762 BT_DBG("Using debug keys");
1763 memcpy(smp->local_pk, debug_pk, 64);
1764 memcpy(smp->local_sk, debug_sk, 32);
1765 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1766 } else {
1767 while (true) {
1768 /* Generate local key pair for Secure Connections */
1769 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1770 return SMP_UNSPECIFIED;
6c0dcc50 1771
70157ef5
JH		 1772 /* This is unlikely, but we need to check that
1773 * we didn't accidentially generate a debug key.
1774 */
1775 if (memcmp(smp->local_sk, debug_sk, 32))
1776 break;
1777 }
6c0dcc50 1778 }
3b19146d 1779
c7a3d57d
JH		 1780 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1781 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1782 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1783
1784 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1785
1786 return 0;
1787}
1788
da85e5e5 1789static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1790{
3158c50c 1791 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1792 struct l2cap_chan *chan = conn->smp;
1793 struct smp_chan *smp = chan->data;
0edb14de 1794 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1795 u8 key_size, auth;
7d24ddcc 1796 int ret;
88ba43b6
AB		 1797
1798 BT_DBG("conn %p", conn);
1799
c46b98be 1800 if (skb->len < sizeof(*rsp))
38e4a915 1801 return SMP_INVALID_PARAMS;
c46b98be 1802
40bef302 1803 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1804 return SMP_CMD_NOTSUPP;
1805
3158c50c
VCG		 1806 skb_pull(skb, sizeof(*rsp));
1807
1c1def09 1808 req = (void *) &smp->preq[1];
da85e5e5 1809
3158c50c
VCG		 1810 key_size = min(req->max_key_size, rsp->max_key_size);
1811 if (check_enc_key_size(conn, key_size))
1812 return SMP_ENC_KEY_SIZE;
1813
0edb14de 1814 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1815
903b71c7
JH		 1816 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1817 return SMP_AUTH_REQUIREMENTS;
1818
b5ae344d
JH		 1819 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1820 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1821
1822 /* Update remote key distribution in case the remote cleared
1823 * some bits that we had enabled in our request.
1824 */
1825 smp->remote_key_dist &= rsp->resp_key_dist;
1826
1827 /* For BR/EDR this means we're done and can start phase 3 */
1828 if (conn->hcon->type == ACL_LINK) {
1829 /* Clear bits which are generated but not distributed */
1830 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1831 smp_distribute_keys(smp);
1832 return 0;
1833 }
1834
65668776
JH		 1835 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1836 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1837 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1838 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1839
49c922bb 1840 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1841 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1842 u8 method;
1843
1844 method = get_auth_method(smp, req->io_capability,
1845 rsp->io_capability);
1846 if (method == JUST_WORKS || method == JUST_CFM)
1847 return SMP_AUTH_REQUIREMENTS;
1848 }
1849
e84a6b13 1850 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1851
fdcc4bec
JH		 1852 /* Update remote key distribution in case the remote cleared
1853 * some bits that we had enabled in our request.
1854 */
1855 smp->remote_key_dist &= rsp->resp_key_dist;
1856
3b19146d
JH		 1857 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1858 /* Clear bits which are generated but not distributed */
1859 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1860 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1861 return sc_send_public_key(smp);
1862 }
1863
c05b9339 1864 auth |= req->auth_req;
2b64d153 1865
476585ec 1866 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1867 if (ret)
1868 return SMP_UNSPECIFIED;
1869
4a74d658 1870 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1871
1872 /* Can't compose response until we have been confirmed */
4a74d658 1873 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1874 return smp_confirm(smp);
da85e5e5
VCG		 1875
1876 return 0;
88ba43b6
AB		 1877}
1878
dcee2b32
JH		 1879static u8 sc_check_confirm(struct smp_chan *smp)
1880{
1881 struct l2cap_conn *conn = smp->conn;
1882
1883 BT_DBG("");
1884
1885 /* Public Key exchange must happen before any other steps */
1886 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1887 return SMP_UNSPECIFIED;
1888
38606f14
JH		 1889 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1890 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1891
dcee2b32
JH		 1892 if (conn->hcon->out) {
1893 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1894 smp->prnd);
1895 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1896 }
1897
1898 return 0;
1899}
1900
da85e5e5 1901static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1902{
5d88cc73
JH		 1903 struct l2cap_chan *chan = conn->smp;
1904 struct smp_chan *smp = chan->data;
7d24ddcc 1905
88ba43b6
AB		 1906 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1907
c46b98be 1908 if (skb->len < sizeof(smp->pcnf))
38e4a915 1909 return SMP_INVALID_PARAMS;
c46b98be 1910
1c1def09
VCG		 1911 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1912 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1913
dcee2b32
JH		 1914 if (test_bit(SMP_FLAG_SC, &smp->flags))
1915 return sc_check_confirm(smp);
1916
b28b4943 1917 if (conn->hcon->out) {
943a732a
JH		 1918 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1919 smp->prnd);
b28b4943
JH		 1920 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1921 return 0;
1922 }
1923
1924 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1925 return smp_confirm(smp);
943a732a 1926 else
4a74d658 1927 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1928
1929 return 0;
88ba43b6
AB		 1930}
1931
da85e5e5 1932static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1933{
5d88cc73
JH		 1934 struct l2cap_chan *chan = conn->smp;
1935 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1936 struct hci_conn *hcon = conn->hcon;
1937 u8 *pkax, *pkbx, *na, *nb;
1938 u32 passkey;
1939 int err;
7d24ddcc 1940
8aab4757 1941 BT_DBG("conn %p", conn);
3158c50c 1942
c46b98be 1943 if (skb->len < sizeof(smp->rrnd))
38e4a915 1944 return SMP_INVALID_PARAMS;
c46b98be 1945
943a732a 1946 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1947 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1948
191dc7fe
JH		 1949 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1950 return smp_random(smp);
1951
580039e8
JH		 1952 if (hcon->out) {
1953 pkax = smp->local_pk;
1954 pkbx = smp->remote_pk;
1955 na = smp->prnd;
1956 nb = smp->rrnd;
1957 } else {
1958 pkax = smp->remote_pk;
1959 pkbx = smp->local_pk;
1960 na = smp->rrnd;
1961 nb = smp->prnd;
1962 }
1963
a29b0733
JH		 1964 if (smp->method == REQ_OOB) {
1965 if (!hcon->out)
1966 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1967 sizeof(smp->prnd), smp->prnd);
1968 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1969 goto mackey_and_ltk;
1970 }
1971
38606f14
JH		 1972 /* Passkey entry has special treatment */
1973 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1974 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1975
191dc7fe
JH		 1976 if (hcon->out) {
1977 u8 cfm[16];
1978
1979 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1980 smp->rrnd, 0, cfm);
1981 if (err)
1982 return SMP_UNSPECIFIED;
1983
1984 if (memcmp(smp->pcnf, cfm, 16))
1985 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 1986 } else {
1987 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1988 smp->prnd);
1989 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 1990 }
1991
a29b0733 1992mackey_and_ltk:
760b018b
JH		 1993 /* Generate MacKey and LTK */
1994 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1995 if (err)
1996 return SMP_UNSPECIFIED;
1997
a29b0733 1998 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 1999 if (hcon->out) {
38606f14 2000 sc_dhkey_check(smp);
dddd3059
JH		 2001 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2002 }
2003 return 0;
2004 }
2005
38606f14
JH		 2006 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2007 if (err)
2008 return SMP_UNSPECIFIED;
2009
2010 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2011 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2012 if (err)
2013 return SMP_UNSPECIFIED;
2014
38606f14
JH		 2015 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2016
191dc7fe 2017 return 0;
88ba43b6
AB		 2018}
2019
f81cd823 2020static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2021{
c9839a11 2022 struct smp_ltk *key;
988c5997
VCG		 2023 struct hci_conn *hcon = conn->hcon;
2024
f3a73d97 2025 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2026 if (!key)
f81cd823 2027 return false;
988c5997 2028
a6f7833c 2029 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2030 return false;
4dab7864 2031
51a8efd7 2032 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2033 return true;
988c5997 2034
c9839a11
VCG		 2035 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2036 hcon->enc_key_size = key->enc_size;
988c5997 2037
fe59a05f
JH		 2038 /* We never store STKs for master role, so clear this flag */
2039 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2040
f81cd823 2041 return true;
988c5997 2042}
f1560463 2043
35dc6f83
JH		 2044bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2045 enum smp_key_pref key_pref)
854f4727
JH		 2046{
2047 if (sec_level == BT_SECURITY_LOW)
2048 return true;
2049
35dc6f83
JH		 2050 /* If we're encrypted with an STK but the caller prefers using
2051 * LTK claim insufficient security. This way we allow the
2052 * connection to be re-encrypted with an LTK, even if the LTK
2053 * provides the same level of security. Only exception is if we
2054 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2055 */
35dc6f83
JH		 2056 if (key_pref == SMP_USE_LTK &&
2057 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2058 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2059 return false;
2060
854f4727
JH		 2061 if (hcon->sec_level >= sec_level)
2062 return true;
2063
2064 return false;
2065}
2066
da85e5e5 2067static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2068{
2069 struct smp_cmd_security_req *rp = (void *) skb->data;
2070 struct smp_cmd_pairing cp;
f1cb9af5 2071 struct hci_conn *hcon = conn->hcon;
0edb14de 2072 struct hci_dev *hdev = hcon->hdev;
8aab4757 2073 struct smp_chan *smp;
c05b9339 2074 u8 sec_level, auth;
88ba43b6
AB		 2075
2076 BT_DBG("conn %p", conn);
2077
c46b98be 2078 if (skb->len < sizeof(*rp))
38e4a915 2079 return SMP_INVALID_PARAMS;
c46b98be 2080
40bef302 2081 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2082 return SMP_CMD_NOTSUPP;
2083
0edb14de 2084 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2085
903b71c7
JH		 2086 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2087 return SMP_AUTH_REQUIREMENTS;
2088
5be5e275 2089 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2090 sec_level = BT_SECURITY_MEDIUM;
2091 else
2092 sec_level = authreq_to_seclevel(auth);
2093
35dc6f83 2094 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2095 return 0;
2096
c7262e71
JH		 2097 if (sec_level > hcon->pending_sec_level)
2098 hcon->pending_sec_level = sec_level;
feb45eb5 2099
4dab7864 2100 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2101 return 0;
2102
8aab4757 2103 smp = smp_chan_create(conn);
c29d2444
JH		 2104 if (!smp)
2105 return SMP_UNSPECIFIED;
d26a2345 2106
b6ae8457 2107 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 2108 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2109 return SMP_PAIRING_NOTSUPP;
2110
88ba43b6 2111 skb_pull(skb, sizeof(*rp));
88ba43b6 2112
da85e5e5 2113 memset(&cp, 0, sizeof(cp));
c05b9339 2114 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2115
1c1def09
VCG		 2116 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2117 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2118
88ba43b6 2119 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2120 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2121
da85e5e5 2122 return 0;
88ba43b6
AB		 2123}
2124
cc110922 2125int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2126{
cc110922 2127 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2128 struct l2cap_chan *chan;
0a66cf20 2129 struct smp_chan *smp;
2b64d153 2130 __u8 authreq;
fc75cc86 2131 int ret;
eb492e01 2132
3a0259bb
VCG		 2133 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2134
0a66cf20
JH		 2135 /* This may be NULL if there's an unexpected disconnection */
2136 if (!conn)
2137 return 1;
2138
c68b7f12
JH		 2139 chan = conn->smp;
2140
757aee0f 2141 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 2142 return 1;
2143
35dc6f83 2144 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2145 return 1;
f1cb9af5 2146
c7262e71
JH		 2147 if (sec_level > hcon->pending_sec_level)
2148 hcon->pending_sec_level = sec_level;
2149
40bef302 2150 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2151 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2152 return 0;
d26a2345 2153
fc75cc86
JH		 2154 l2cap_chan_lock(chan);
2155
2156 /* If SMP is already in progress ignore this request */
2157 if (chan->data) {
2158 ret = 0;
2159 goto unlock;
2160 }
d26a2345 2161
8aab4757 2162 smp = smp_chan_create(conn);
fc75cc86
JH		 2163 if (!smp) {
2164 ret = 1;
2165 goto unlock;
2166 }
2b64d153
BG		 2167
2168 authreq = seclevel_to_authreq(sec_level);
d26a2345 2169
d2eb9e10
JH		 2170 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2171 authreq |= SMP_AUTH_SC;
2172
79897d20
JH		 2173 /* Require MITM if IO Capability allows or the security level
2174 * requires it.
2e233644 2175 */
79897d20 2176 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2177 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2178 authreq |= SMP_AUTH_MITM;
2179
40bef302 2180 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2181 struct smp_cmd_pairing cp;
f01ead31 2182
2b64d153 2183 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2184 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2185 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2186
eb492e01 2187 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2188 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2189 } else {
2190 struct smp_cmd_security_req cp;
2b64d153 2191 cp.auth_req = authreq;
eb492e01 2192 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2193 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2194 }
2195
4a74d658 2196 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2197 ret = 0;
edca792c 2198
fc75cc86
JH		 2199unlock:
2200 l2cap_chan_unlock(chan);
2201 return ret;
eb492e01
AB		 2202}
2203
7034b911
VCG		 2204static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2205{
16b90839 2206 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2207 struct l2cap_chan *chan = conn->smp;
2208 struct smp_chan *smp = chan->data;
16b90839 2209
c46b98be
JH		 2210 BT_DBG("conn %p", conn);
2211
2212 if (skb->len < sizeof(*rp))
38e4a915 2213 return SMP_INVALID_PARAMS;
c46b98be 2214
b28b4943 2215 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2216
16b90839
VCG		 2217 skb_pull(skb, sizeof(*rp));
2218
1c1def09 2219 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2220
7034b911
VCG		 2221 return 0;
2222}
2223
2224static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2225{
16b90839 2226 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2227 struct l2cap_chan *chan = conn->smp;
2228 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2229 struct hci_dev *hdev = conn->hcon->hdev;
2230 struct hci_conn *hcon = conn->hcon;
23d0e128 2231 struct smp_ltk *ltk;
c9839a11 2232 u8 authenticated;
16b90839 2233
c46b98be
JH		 2234 BT_DBG("conn %p", conn);
2235
2236 if (skb->len < sizeof(*rp))
38e4a915 2237 return SMP_INVALID_PARAMS;
c46b98be 2238
9747a9f3
JH		 2239 /* Mark the information as received */
2240 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2241
b28b4943
JH		 2242 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2243 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2244 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2245 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2246
16b90839 2247 skb_pull(skb, sizeof(*rp));
7034b911 2248
ce39fb4e 2249 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2250 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2251 authenticated, smp->tk, smp->enc_key_size,
2252 rp->ediv, rp->rand);
2253 smp->ltk = ltk;
c6e81e9a 2254 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2255 smp_distribute_keys(smp);
7034b911
VCG		 2256
2257 return 0;
2258}
2259
fd349c02
JH		 2260static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2261{
2262 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2263 struct l2cap_chan *chan = conn->smp;
2264 struct smp_chan *smp = chan->data;
fd349c02
JH		 2265
2266 BT_DBG("");
2267
2268 if (skb->len < sizeof(*info))
38e4a915 2269 return SMP_INVALID_PARAMS;
fd349c02 2270
b28b4943 2271 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2272
fd349c02
JH		 2273 skb_pull(skb, sizeof(*info));
2274
2275 memcpy(smp->irk, info->irk, 16);
2276
2277 return 0;
2278}
2279
2280static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2281 struct sk_buff *skb)
2282{
2283 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2284 struct l2cap_chan *chan = conn->smp;
2285 struct smp_chan *smp = chan->data;
fd349c02
JH		 2286 struct hci_conn *hcon = conn->hcon;
2287 bdaddr_t rpa;
2288
2289 BT_DBG("");
2290
2291 if (skb->len < sizeof(*info))
38e4a915 2292 return SMP_INVALID_PARAMS;
fd349c02 2293
9747a9f3
JH		 2294 /* Mark the information as received */
2295 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2296
b28b4943
JH		 2297 if (smp->remote_key_dist & SMP_DIST_SIGN)
2298 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2299
fd349c02
JH		 2300 skb_pull(skb, sizeof(*info));
2301
a9a58f86
JH		 2302 /* Strictly speaking the Core Specification (4.1) allows sending
2303 * an empty address which would force us to rely on just the IRK
2304 * as "identity information". However, since such
2305 * implementations are not known of and in order to not over
2306 * complicate our implementation, simply pretend that we never
2307 * received an IRK for such a device.
2308 */
2309 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2310 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2311 goto distribute;
a9a58f86
JH		 2312 }
2313
fd349c02
JH		 2314 bacpy(&smp->id_addr, &info->bdaddr);
2315 smp->id_addr_type = info->addr_type;
2316
2317 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2318 bacpy(&rpa, &hcon->dst);
2319 else
2320 bacpy(&rpa, BDADDR_ANY);
2321
23d0e128
JH		 2322 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2323 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2324
31dd624e 2325distribute:
c6e81e9a
JH		 2326 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2327 smp_distribute_keys(smp);
fd349c02
JH		 2328
2329 return 0;
2330}
2331
7ee4ea36
MH		 2332static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2333{
2334 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2335 struct l2cap_chan *chan = conn->smp;
2336 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2337 struct smp_csrk *csrk;
2338
2339 BT_DBG("conn %p", conn);
2340
2341 if (skb->len < sizeof(*rp))
38e4a915 2342 return SMP_INVALID_PARAMS;
7ee4ea36 2343
7ee4ea36
MH		 2344 /* Mark the information as received */
2345 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2346
2347 skb_pull(skb, sizeof(*rp));
2348
7ee4ea36
MH		 2349 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2350 if (csrk) {
2351 csrk->master = 0x01;
2352 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2353 }
2354 smp->csrk = csrk;
d6268e86 2355 smp_distribute_keys(smp);
7ee4ea36
MH		 2356
2357 return 0;
2358}
2359
5e3d3d9b
JH		 2360static u8 sc_select_method(struct smp_chan *smp)
2361{
2362 struct l2cap_conn *conn = smp->conn;
2363 struct hci_conn *hcon = conn->hcon;
2364 struct smp_cmd_pairing *local, *remote;
2365 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2366
a29b0733
JH		 2367 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2368 return REQ_OOB;
2369
5e3d3d9b
JH		 2370 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2371 * which are needed as inputs to some crypto functions. To get
2372 * the "struct smp_cmd_pairing" from them we need to skip the
2373 * first byte which contains the opcode.
2374 */
2375 if (hcon->out) {
2376 local = (void *) &smp->preq[1];
2377 remote = (void *) &smp->prsp[1];
2378 } else {
2379 local = (void *) &smp->prsp[1];
2380 remote = (void *) &smp->preq[1];
2381 }
2382
2383 local_io = local->io_capability;
2384 remote_io = remote->io_capability;
2385
2386 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2387 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2388
2389 /* If either side wants MITM, look up the method from the table,
2390 * otherwise use JUST WORKS.
2391 */
2392 if (local_mitm || remote_mitm)
2393 method = get_auth_method(smp, local_io, remote_io);
2394 else
2395 method = JUST_WORKS;
2396
2397 /* Don't confirm locally initiated pairing attempts */
2398 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2399 method = JUST_WORKS;
2400
2401 return method;
2402}
2403
d8f8edbe
JH		 2404static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2405{
2406 struct smp_cmd_public_key *key = (void *) skb->data;
2407 struct hci_conn *hcon = conn->hcon;
2408 struct l2cap_chan *chan = conn->smp;
2409 struct smp_chan *smp = chan->data;
5e3d3d9b 2410 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2411 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2412 int err;
2413
2414 BT_DBG("conn %p", conn);
2415
2416 if (skb->len < sizeof(*key))
2417 return SMP_INVALID_PARAMS;
2418
2419 memcpy(smp->remote_pk, key, 64);
2420
2421 /* Non-initiating device sends its public key after receiving
2422 * the key from the initiating device.
2423 */
2424 if (!hcon->out) {
2425 err = sc_send_public_key(smp);
2426 if (err)
2427 return err;
2428 }
2429
c7a3d57d
JH		 2430 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2431 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2432
2433 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2434 return SMP_UNSPECIFIED;
2435
c7a3d57d 2436 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2437
2438 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2439
5e3d3d9b
JH		 2440 smp->method = sc_select_method(smp);
2441
2442 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2443
2444 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2445 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2446 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2447 else
2448 hcon->pending_sec_level = BT_SECURITY_FIPS;
2449
aeb7d461
JH		 2450 if (!memcmp(debug_pk, smp->remote_pk, 64))
2451 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2452
38606f14
JH		 2453 if (smp->method == DSP_PASSKEY) {
2454 get_random_bytes(&hcon->passkey_notify,
2455 sizeof(hcon->passkey_notify));
2456 hcon->passkey_notify %= 1000000;
2457 hcon->passkey_entered = 0;
2458 smp->passkey_round = 0;
2459 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2460 hcon->dst_type,
2461 hcon->passkey_notify,
2462 hcon->passkey_entered))
2463 return SMP_UNSPECIFIED;
2464 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2465 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2466 }
2467
a29b0733
JH		 2468 if (smp->method == REQ_OOB) {
2469 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2470 smp->rr, 0, cfm.confirm_val);
2471 if (err)
2472 return SMP_UNSPECIFIED;
2473
2474 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2475 return SMP_CONFIRM_FAILED;
2476
2477 if (hcon->out)
2478 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2479 sizeof(smp->prnd), smp->prnd);
2480
2481 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2482
2483 return 0;
2484 }
2485
38606f14
JH		 2486 if (hcon->out)
2487 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2488
2489 if (smp->method == REQ_PASSKEY) {
2490 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2491 hcon->dst_type))
2492 return SMP_UNSPECIFIED;
2493 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2494 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2495 return 0;
2496 }
2497
cbbbe3e2
JH		 2498 /* The Initiating device waits for the non-initiating device to
2499 * send the confirm value.
2500 */
2501 if (conn->hcon->out)
2502 return 0;
2503
2504 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2505 0, cfm.confirm_val);
2506 if (err)
2507 return SMP_UNSPECIFIED;
2508
2509 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2510 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2511
d8f8edbe
JH		 2512 return 0;
2513}
2514
6433a9a2
JH		 2515static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2516{
2517 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2518 struct l2cap_chan *chan = conn->smp;
2519 struct hci_conn *hcon = conn->hcon;
2520 struct smp_chan *smp = chan->data;
2521 u8 a[7], b[7], *local_addr, *remote_addr;
2522 u8 io_cap[3], r[16], e[16];
2523 int err;
2524
2525 BT_DBG("conn %p", conn);
2526
2527 if (skb->len < sizeof(*check))
2528 return SMP_INVALID_PARAMS;
2529
2530 memcpy(a, &hcon->init_addr, 6);
2531 memcpy(b, &hcon->resp_addr, 6);
2532 a[6] = hcon->init_addr_type;
2533 b[6] = hcon->resp_addr_type;
2534
2535 if (hcon->out) {
2536 local_addr = a;
2537 remote_addr = b;
2538 memcpy(io_cap, &smp->prsp[1], 3);
2539 } else {
2540 local_addr = b;
2541 remote_addr = a;
2542 memcpy(io_cap, &smp->preq[1], 3);
2543 }
2544
2545 memset(r, 0, sizeof(r));
2546
38606f14
JH		 2547 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2548 put_unaligned_le32(hcon->passkey_notify, r);
2549
6433a9a2
JH		 2550 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2551 io_cap, remote_addr, local_addr, e);
2552 if (err)
2553 return SMP_UNSPECIFIED;
2554
2555 if (memcmp(check->e, e, 16))
2556 return SMP_DHKEY_CHECK_FAILED;
2557
d3e54a87
JH		 2558 if (!hcon->out) {
2559 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2560 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2561 return 0;
2562 }
d378a2d7 2563
d3e54a87
JH		 2564 /* Slave sends DHKey check as response to master */
2565 sc_dhkey_check(smp);
2566 }
d378a2d7 2567
d3e54a87 2568 sc_add_ltk(smp);
6433a9a2
JH		 2569
2570 if (hcon->out) {
2571 hci_le_start_enc(hcon, 0, 0, smp->tk);
2572 hcon->enc_key_size = smp->enc_key_size;
2573 }
2574
2575 return 0;
2576}
2577
1408bb6e
JH		 2578static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2579 struct sk_buff *skb)
2580{
2581 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2582
2583 BT_DBG("value 0x%02x", kp->value);
2584
2585 return 0;
2586}
2587
4befb867 2588static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2589{
5d88cc73 2590 struct l2cap_conn *conn = chan->conn;
7b9899db 2591 struct hci_conn *hcon = conn->hcon;
b28b4943 2592 struct smp_chan *smp;
92381f5c 2593 __u8 code, reason;
eb492e01
AB		 2594 int err = 0;
2595
8ae9b984 2596 if (skb->len < 1)
92381f5c 2597 return -EILSEQ;
92381f5c 2598
06ae3314 2599 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2600 reason = SMP_PAIRING_NOTSUPP;
2601 goto done;
2602 }
2603
92381f5c 2604 code = skb->data[0];
eb492e01
AB		 2605 skb_pull(skb, sizeof(code));
2606
b28b4943
JH		 2607 smp = chan->data;
2608
2609 if (code > SMP_CMD_MAX)
2610 goto drop;
2611
24bd0bd9 2612 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2613 goto drop;
2614
2615 /* If we don't have a context the only allowed commands are
2616 * pairing request and security request.
8cf9fa12 2617 */
b28b4943
JH		 2618 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2619 goto drop;
8cf9fa12 2620
eb492e01
AB		 2621 switch (code) {
2622 case SMP_CMD_PAIRING_REQ:
da85e5e5 2623 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2624 break;
2625
2626 case SMP_CMD_PAIRING_FAIL:
84794e11 2627 smp_failure(conn, 0);
da85e5e5 2628 err = -EPERM;
eb492e01
AB		 2629 break;
2630
2631 case SMP_CMD_PAIRING_RSP:
da85e5e5 2632 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2633 break;
2634
2635 case SMP_CMD_SECURITY_REQ:
da85e5e5 2636 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2637 break;
2638
eb492e01 2639 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2640 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2641 break;
2642
eb492e01 2643 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2644 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2645 break;
2646
eb492e01 2647 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2648 reason = smp_cmd_encrypt_info(conn, skb);
2649 break;
2650
eb492e01 2651 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2652 reason = smp_cmd_master_ident(conn, skb);
2653 break;
2654
eb492e01 2655 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2656 reason = smp_cmd_ident_info(conn, skb);
2657 break;
2658
eb492e01 2659 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2660 reason = smp_cmd_ident_addr_info(conn, skb);
2661 break;
2662
eb492e01 2663 case SMP_CMD_SIGN_INFO:
7ee4ea36 2664 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2665 break;
2666
d8f8edbe
JH		 2667 case SMP_CMD_PUBLIC_KEY:
2668 reason = smp_cmd_public_key(conn, skb);
2669 break;
2670
6433a9a2
JH		 2671 case SMP_CMD_DHKEY_CHECK:
2672 reason = smp_cmd_dhkey_check(conn, skb);
2673 break;
2674
1408bb6e
JH		 2675 case SMP_CMD_KEYPRESS_NOTIFY:
2676 reason = smp_cmd_keypress_notify(conn, skb);
2677 break;
2678
eb492e01
AB		 2679 default:
2680 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2681 reason = SMP_CMD_NOTSUPP;
3a0259bb 2682 goto done;
eb492e01
AB		 2683 }
2684
3a0259bb 2685done:
9b7b18ef
JH		 2686 if (!err) {
2687 if (reason)
2688 smp_failure(conn, reason);
8ae9b984 2689 kfree_skb(skb);
9b7b18ef
JH		 2690 }
2691
eb492e01 2692 return err;
b28b4943
JH		 2693
2694drop:
2695 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2696 code, &hcon->dst);
2697 kfree_skb(skb);
2698 return 0;
eb492e01 2699}
7034b911 2700
70db83c4
JH		 2701static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2702{
2703 struct l2cap_conn *conn = chan->conn;
2704
2705 BT_DBG("chan %p", chan);
2706
fc75cc86 2707 if (chan->data)
5d88cc73 2708 smp_chan_destroy(conn);
5d88cc73 2709
70db83c4
JH		 2710 conn->smp = NULL;
2711 l2cap_chan_put(chan);
2712}
2713
b5ae344d
JH		 2714static void bredr_pairing(struct l2cap_chan *chan)
2715{
2716 struct l2cap_conn *conn = chan->conn;
2717 struct hci_conn *hcon = conn->hcon;
2718 struct hci_dev *hdev = hcon->hdev;
2719 struct smp_cmd_pairing req;
2720 struct smp_chan *smp;
2721
2722 BT_DBG("chan %p", chan);
2723
2724 /* Only new pairings are interesting */
2725 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2726 return;
2727
2728 /* Don't bother if we're not encrypted */
2729 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2730 return;
2731
2732 /* Only master may initiate SMP over BR/EDR */
2733 if (hcon->role != HCI_ROLE_MASTER)
2734 return;
2735
2736 /* Secure Connections support must be enabled */
2737 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2738 return;
2739
2740 /* BR/EDR must use Secure Connections for SMP */
2741 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
300acfde 2742 !test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
b5ae344d
JH		 2743 return;
2744
2745 /* If our LE support is not enabled don't do anything */
2746 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2747 return;
2748
2749 /* Don't bother if remote LE support is not enabled */
2750 if (!lmp_host_le_capable(hcon))
2751 return;
2752
2753 /* Remote must support SMP fixed chan for BR/EDR */
2754 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2755 return;
2756
2757 /* Don't bother if SMP is already ongoing */
2758 if (chan->data)
2759 return;
2760
2761 smp = smp_chan_create(conn);
2762 if (!smp) {
2763 BT_ERR("%s unable to create SMP context for BR/EDR",
2764 hdev->name);
2765 return;
2766 }
2767
2768 set_bit(SMP_FLAG_SC, &smp->flags);
2769
2770 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2771
2772 /* Prepare and send the BR/EDR SMP Pairing Request */
2773 build_bredr_pairing_cmd(smp, &req, NULL);
2774
2775 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2776 memcpy(&smp->preq[1], &req, sizeof(req));
2777
2778 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2779 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2780}
2781
44f1a7ab
JH		 2782static void smp_resume_cb(struct l2cap_chan *chan)
2783{
b68fda68 2784 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2785 struct l2cap_conn *conn = chan->conn;
2786 struct hci_conn *hcon = conn->hcon;
2787
2788 BT_DBG("chan %p", chan);
2789
b5ae344d
JH		 2790 if (hcon->type == ACL_LINK) {
2791 bredr_pairing(chan);
ef8efe4b 2792 return;
b5ae344d 2793 }
ef8efe4b 2794
86d1407c
JH		 2795 if (!smp)
2796 return;
b68fda68 2797
84bc0db5
JH		 2798 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2799 return;
2800
86d1407c
JH		 2801 cancel_delayed_work(&smp->security_timer);
2802
d6268e86 2803 smp_distribute_keys(smp);
44f1a7ab
JH		 2804}
2805
70db83c4
JH		 2806static void smp_ready_cb(struct l2cap_chan *chan)
2807{
2808 struct l2cap_conn *conn = chan->conn;
b5ae344d 2809 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2810
2811 BT_DBG("chan %p", chan);
2812
2813 conn->smp = chan;
2814 l2cap_chan_hold(chan);
b5ae344d
JH		 2815
2816 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2817 bredr_pairing(chan);
70db83c4
JH		 2818}
2819
4befb867
JH		 2820static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2821{
2822 int err;
2823
2824 BT_DBG("chan %p", chan);
2825
2826 err = smp_sig_channel(chan, skb);
2827 if (err) {
b68fda68 2828 struct smp_chan *smp = chan->data;
4befb867 2829
b68fda68
JH		 2830 if (smp)
2831 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2832
1e91c29e 2833 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2834 }
2835
2836 return err;
2837}
2838
70db83c4
JH		 2839static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2840 unsigned long hdr_len,
2841 unsigned long len, int nb)
2842{
2843 struct sk_buff *skb;
2844
2845 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2846 if (!skb)
2847 return ERR_PTR(-ENOMEM);
2848
2849 skb->priority = HCI_PRIO_MAX;
2850 bt_cb(skb)->chan = chan;
2851
2852 return skb;
2853}
2854
2855static const struct l2cap_ops smp_chan_ops = {
2856 .name = "Security Manager",
2857 .ready = smp_ready_cb,
5d88cc73 2858 .recv = smp_recv_cb,
70db83c4
JH		 2859 .alloc_skb = smp_alloc_skb_cb,
2860 .teardown = smp_teardown_cb,
44f1a7ab 2861 .resume = smp_resume_cb,
70db83c4
JH		 2862
2863 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2864 .state_change = l2cap_chan_no_state_change,
2865 .close = l2cap_chan_no_close,
2866 .defer = l2cap_chan_no_defer,
2867 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2868 .set_shutdown = l2cap_chan_no_set_shutdown,
2869 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2870};
2871
2872static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2873{
2874 struct l2cap_chan *chan;
2875
2876 BT_DBG("pchan %p", pchan);
2877
2878 chan = l2cap_chan_create();
2879 if (!chan)
2880 return NULL;
2881
2882 chan->chan_type = pchan->chan_type;
2883 chan->ops = &smp_chan_ops;
2884 chan->scid = pchan->scid;
2885 chan->dcid = chan->scid;
2886 chan->imtu = pchan->imtu;
2887 chan->omtu = pchan->omtu;
2888 chan->mode = pchan->mode;
2889
abe84903
JH		 2890 /* Other L2CAP channels may request SMP routines in order to
2891 * change the security level. This means that the SMP channel
2892 * lock must be considered in its own category to avoid lockdep
2893 * warnings.
2894 */
2895 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2896
70db83c4
JH		 2897 BT_DBG("created chan %p", chan);
2898
2899 return chan;
2900}
2901
2902static const struct l2cap_ops smp_root_chan_ops = {
2903 .name = "Security Manager Root",
2904 .new_connection = smp_new_conn_cb,
2905
2906 /* None of these are implemented for the root channel */
2907 .close = l2cap_chan_no_close,
2908 .alloc_skb = l2cap_chan_no_alloc_skb,
2909 .recv = l2cap_chan_no_recv,
2910 .state_change = l2cap_chan_no_state_change,
2911 .teardown = l2cap_chan_no_teardown,
2912 .ready = l2cap_chan_no_ready,
2913 .defer = l2cap_chan_no_defer,
2914 .suspend = l2cap_chan_no_suspend,
2915 .resume = l2cap_chan_no_resume,
2916 .set_shutdown = l2cap_chan_no_set_shutdown,
2917 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2918};
2919
ef8efe4b 2920static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 2921{
70db83c4 2922 struct l2cap_chan *chan;
defce9e8 2923 struct crypto_blkcipher *tfm_aes;
70db83c4 2924
ef8efe4b
JH		 2925 if (cid == L2CAP_CID_SMP_BREDR) {
2926 tfm_aes = NULL;
2927 goto create_chan;
2928 }
711eafe3 2929
adae20cb 2930 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8 2931 if (IS_ERR(tfm_aes)) {
711eafe3 2932 BT_ERR("Unable to create crypto context");
fe700771 2933 return ERR_CAST(tfm_aes);
711eafe3
JH		 2934 }
2935
ef8efe4b 2936create_chan:
70db83c4
JH		 2937 chan = l2cap_chan_create();
2938 if (!chan) {
defce9e8 2939 crypto_free_blkcipher(tfm_aes);
ef8efe4b 2940 return ERR_PTR(-ENOMEM);
70db83c4
JH		 2941 }
2942
defce9e8
JH		 2943 chan->data = tfm_aes;
2944
ef8efe4b 2945 l2cap_add_scid(chan, cid);
70db83c4
JH		 2946
2947 l2cap_chan_set_defaults(chan);
2948
2949 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b
JH		 2950 if (cid == L2CAP_CID_SMP)
2951 chan->src_type = BDADDR_LE_PUBLIC;
2952 else
2953 chan->src_type = BDADDR_BREDR;
70db83c4
JH		 2954 chan->state = BT_LISTEN;
2955 chan->mode = L2CAP_MODE_BASIC;
2956 chan->imtu = L2CAP_DEFAULT_MTU;
2957 chan->ops = &smp_root_chan_ops;
2958
abe84903
JH		 2959 /* Set correct nesting level for a parent/listening channel */
2960 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2961
ef8efe4b 2962 return chan;
711eafe3
JH		 2963}
2964
ef8efe4b 2965static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 2966{
ef8efe4b 2967 struct crypto_blkcipher *tfm_aes;
70db83c4 2968
ef8efe4b 2969 BT_DBG("chan %p", chan);
711eafe3 2970
defce9e8
JH		 2971 tfm_aes = chan->data;
2972 if (tfm_aes) {
2973 chan->data = NULL;
2974 crypto_free_blkcipher(tfm_aes);
711eafe3 2975 }
70db83c4 2976
70db83c4 2977 l2cap_chan_put(chan);
711eafe3 2978}
ef8efe4b 2979
300acfde
MH		 2980static ssize_t force_bredr_smp_read(struct file *file,
2981 char __user *user_buf,
2982 size_t count, loff_t *ppos)
2983{
2984 struct hci_dev *hdev = file->private_data;
2985 char buf[3];
2986
2987 buf[0] = test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags) ? 'Y': 'N';
2988 buf[1] = '\n';
2989 buf[2] = '\0';
2990 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
2991}
2992
2993static ssize_t force_bredr_smp_write(struct file *file,
2994 const char __user *user_buf,
2995 size_t count, loff_t *ppos)
2996{
2997 struct hci_dev *hdev = file->private_data;
2998 char buf[32];
2999 size_t buf_size = min(count, (sizeof(buf)-1));
3000 bool enable;
3001
3002 if (copy_from_user(buf, user_buf, buf_size))
3003 return -EFAULT;
3004
3005 buf[buf_size] = '\0';
3006 if (strtobool(buf, &enable))
3007 return -EINVAL;
3008
3009 if (enable == test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
3010 return -EALREADY;
3011
3012 if (enable) {
3013 struct l2cap_chan *chan;
3014
3015 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3016 if (IS_ERR(chan))
3017 return PTR_ERR(chan);
3018
3019 hdev->smp_bredr_data = chan;
3020 } else {
3021 struct l2cap_chan *chan;
3022
3023 chan = hdev->smp_bredr_data;
3024 hdev->smp_bredr_data = NULL;
3025 smp_del_chan(chan);
3026 }
3027
3028 change_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags);
3029
3030 return count;
3031}
3032
3033static const struct file_operations force_bredr_smp_fops = {
3034 .open = simple_open,
3035 .read = force_bredr_smp_read,
3036 .write = force_bredr_smp_write,
3037 .llseek = default_llseek,
3038};
3039
ef8efe4b
JH		 3040int smp_register(struct hci_dev *hdev)
3041{
3042 struct l2cap_chan *chan;
3043
3044 BT_DBG("%s", hdev->name);
3045
3046 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3047 if (IS_ERR(chan))
3048 return PTR_ERR(chan);
3049
3050 hdev->smp_data = chan;
3051
300acfde
MH		 3052 /* If the controller does not support BR/EDR Secure Connections
3053 * feature, then the BR/EDR SMP channel shall not be present.
3054 *
3055 * To test this with Bluetooth 4.0 controllers, create a debugfs
3056 * switch that allows forcing BR/EDR SMP support and accepting
3057 * cross-transport pairing on non-AES encrypted connections.
3058 */
3059 if (!lmp_sc_capable(hdev)) {
3060 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3061 hdev, &force_bredr_smp_fops);
ef8efe4b 3062 return 0;
300acfde 3063 }
ef8efe4b
JH		 3064
3065 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3066 if (IS_ERR(chan)) {
3067 int err = PTR_ERR(chan);
3068 chan = hdev->smp_data;
3069 hdev->smp_data = NULL;
3070 smp_del_chan(chan);
3071 return err;
3072 }
3073
3074 hdev->smp_bredr_data = chan;
3075
3076 return 0;
3077}
3078
3079void smp_unregister(struct hci_dev *hdev)
3080{
3081 struct l2cap_chan *chan;
3082
3083 if (hdev->smp_bredr_data) {
3084 chan = hdev->smp_bredr_data;
3085 hdev->smp_bredr_data = NULL;
3086 smp_del_chan(chan);
3087 }
3088
3089 if (hdev->smp_data) {
3090 chan = hdev->smp_data;
3091 hdev->smp_data = NULL;
3092 smp_del_chan(chan);
3093 }
3094}
0a2b0f04
JH		 3095
3096#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3097
cfc4198e
JH		 3098static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3099{
3100 const u8 irk[16] = {
3101 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3102 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3103 const u8 r[3] = { 0x94, 0x81, 0x70 };
3104 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3105 u8 res[3];
3106 int err;
3107
3108 err = smp_ah(tfm_aes, irk, r, res);
3109 if (err)
3110 return err;
3111
3112 if (memcmp(res, exp, 3))
3113 return -EINVAL;
3114
3115 return 0;
3116}
3117
3118static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3119{
3120 const u8 k[16] = {
3121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3122 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3123 const u8 r[16] = {
3124 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3125 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3126 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3127 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3128 const u8 _iat = 0x01;
3129 const u8 _rat = 0x00;
3130 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3131 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3132 const u8 exp[16] = {
3133 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3134 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3135 u8 res[16];
3136 int err;
3137
3138 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3139 if (err)
3140 return err;
3141
3142 if (memcmp(res, exp, 16))
3143 return -EINVAL;
3144
3145 return 0;
3146}
3147
3148static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3149{
3150 const u8 k[16] = {
3151 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3152 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3153 const u8 r1[16] = {
3154 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3155 const u8 r2[16] = {
3156 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3157 const u8 exp[16] = {
3158 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3159 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3160 u8 res[16];
3161 int err;
3162
3163 err = smp_s1(tfm_aes, k, r1, r2, res);
3164 if (err)
3165 return err;
3166
3167 if (memcmp(res, exp, 16))
3168 return -EINVAL;
3169
3170 return 0;
3171}
3172
fb2969a3
JH		 3173static int __init test_f4(struct crypto_hash *tfm_cmac)
3174{
3175 const u8 u[32] = {
3176 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3177 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3178 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3179 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3180 const u8 v[32] = {
3181 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3182 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3183 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3184 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3185 const u8 x[16] = {
3186 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3187 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3188 const u8 z = 0x00;
3189 const u8 exp[16] = {
3190 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3191 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3192 u8 res[16];
3193 int err;
3194
3195 err = smp_f4(tfm_cmac, u, v, x, z, res);
3196 if (err)
3197 return err;
3198
3199 if (memcmp(res, exp, 16))
3200 return -EINVAL;
3201
3202 return 0;
3203}
3204
3205static int __init test_f5(struct crypto_hash *tfm_cmac)
3206{
3207 const u8 w[32] = {
3208 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3209 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3210 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3211 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3212 const u8 n1[16] = {
3213 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3214 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3215 const u8 n2[16] = {
3216 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3217 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3218 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3219 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3220 const u8 exp_ltk[16] = {
3221 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3222 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3223 const u8 exp_mackey[16] = {
3224 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3225 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3226 u8 mackey[16], ltk[16];
3227 int err;
3228
3229 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3230 if (err)
3231 return err;
3232
3233 if (memcmp(mackey, exp_mackey, 16))
3234 return -EINVAL;
3235
3236 if (memcmp(ltk, exp_ltk, 16))
3237 return -EINVAL;
3238
3239 return 0;
3240}
3241
3242static int __init test_f6(struct crypto_hash *tfm_cmac)
3243{
3244 const u8 w[16] = {
3245 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3246 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3247 const u8 n1[16] = {
3248 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3249 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3250 const u8 n2[16] = {
3251 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3252 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3253 const u8 r[16] = {
3254 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3255 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3256 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3257 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3258 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3259 const u8 exp[16] = {
3260 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3261 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3262 u8 res[16];
3263 int err;
3264
3265 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3266 if (err)
3267 return err;
3268
3269 if (memcmp(res, exp, 16))
3270 return -EINVAL;
3271
3272 return 0;
3273}
3274
3275static int __init test_g2(struct crypto_hash *tfm_cmac)
3276{
3277 const u8 u[32] = {
3278 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3279 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3280 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3281 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3282 const u8 v[32] = {
3283 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3284 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3285 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3286 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3287 const u8 x[16] = {
3288 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3289 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3290 const u8 y[16] = {
3291 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3292 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3293 const u32 exp_val = 0x2f9ed5ba % 1000000;
3294 u32 val;
3295 int err;
3296
3297 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3298 if (err)
3299 return err;
3300
3301 if (val != exp_val)
3302 return -EINVAL;
3303
3304 return 0;
3305}
3306
3307static int __init test_h6(struct crypto_hash *tfm_cmac)
3308{
3309 const u8 w[16] = {
3310 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3311 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3312 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3313 const u8 exp[16] = {
3314 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3315 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3316 u8 res[16];
3317 int err;
3318
3319 err = smp_h6(tfm_cmac, w, key_id, res);
3320 if (err)
3321 return err;
3322
3323 if (memcmp(res, exp, 16))
3324 return -EINVAL;
3325
3326 return 0;
3327}
3328
0a2b0f04
JH		 3329static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3330 struct crypto_hash *tfm_cmac)
3331{
255047b0
MH		 3332 ktime_t calltime, delta, rettime;
3333 unsigned long long duration;
cfc4198e
JH		 3334 int err;
3335
255047b0
MH		 3336 calltime = ktime_get();
3337
cfc4198e
JH		 3338 err = test_ah(tfm_aes);
3339 if (err) {
3340 BT_ERR("smp_ah test failed");
3341 return err;
3342 }
3343
3344 err = test_c1(tfm_aes);
3345 if (err) {
3346 BT_ERR("smp_c1 test failed");
3347 return err;
3348 }
3349
3350 err = test_s1(tfm_aes);
3351 if (err) {
3352 BT_ERR("smp_s1 test failed");
3353 return err;
3354 }
3355
fb2969a3
JH		 3356 err = test_f4(tfm_cmac);
3357 if (err) {
3358 BT_ERR("smp_f4 test failed");
3359 return err;
3360 }
3361
3362 err = test_f5(tfm_cmac);
3363 if (err) {
3364 BT_ERR("smp_f5 test failed");
3365 return err;
3366 }
3367
3368 err = test_f6(tfm_cmac);
3369 if (err) {
3370 BT_ERR("smp_f6 test failed");
3371 return err;
3372 }
3373
3374 err = test_g2(tfm_cmac);
3375 if (err) {
3376 BT_ERR("smp_g2 test failed");
3377 return err;
3378 }
3379
3380 err = test_h6(tfm_cmac);
3381 if (err) {
3382 BT_ERR("smp_h6 test failed");
3383 return err;
3384 }
3385
255047b0
MH		 3386 rettime = ktime_get();
3387 delta = ktime_sub(rettime, calltime);
3388 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3389
3390 BT_INFO("SMP test passed in %lld usecs", duration);
0a2b0f04
JH		 3391
3392 return 0;
3393}
3394
3395int __init bt_selftest_smp(void)
3396{
3397 struct crypto_blkcipher *tfm_aes;
3398 struct crypto_hash *tfm_cmac;
3399 int err;
3400
3401 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3402 if (IS_ERR(tfm_aes)) {
3403 BT_ERR("Unable to create ECB crypto context");
3404 return PTR_ERR(tfm_aes);
3405 }
3406
3407 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3408 if (IS_ERR(tfm_cmac)) {
3409 BT_ERR("Unable to create CMAC crypto context");
3410 crypto_free_blkcipher(tfm_aes);
3411 return PTR_ERR(tfm_cmac);
3412 }
3413
3414 err = run_selftests(tfm_aes, tfm_cmac);
3415
3416 crypto_free_hash(tfm_cmac);
3417 crypto_free_blkcipher(tfm_aes);
3418
3419 return err;
3420}
3421
3422#endif
Linux kernel - Deliverables
This page took 0.361579 seconds and 5 git commands to generate.