projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support connectable advertising setting
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59
GP		 24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
eb492e01
AB		 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
2b64d153 31#include <net/bluetooth/mgmt.h>
ac4b7236 32
3b19146d 33#include "ecc.h"
ac4b7236 34#include "smp.h"
d22ef0bc 35
c7a3d57d
JH		 36/* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
39 */
40#ifdef DEBUG
41#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
42 ##__VA_ARGS__)
43#else
44#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#endif
47
b28b4943 48#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 49
3b19146d
JH		 50/* Keys which are not distributed with Secure Connections */
51#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52
17b02e62 53#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 54
0edb14de
JH		 55#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
56 0x1f : 0x07)
57#define KEY_DIST_MASK 0x07
065a13e2 58
cbbbe3e2
JH		 59/* Maximum message length that can be passed to aes_cmac */
60#define CMAC_MSG_MAX 80
61
533e35d4
JH		 62enum {
63 SMP_FLAG_TK_VALID,
64 SMP_FLAG_CFM_PENDING,
65 SMP_FLAG_MITM_AUTH,
66 SMP_FLAG_COMPLETE,
67 SMP_FLAG_INITIATOR,
65668776 68 SMP_FLAG_SC,
d8f8edbe 69 SMP_FLAG_REMOTE_PK,
aeb7d461 70 SMP_FLAG_DEBUG_KEY,
38606f14 71 SMP_FLAG_WAIT_USER,
d3e54a87 72 SMP_FLAG_DHKEY_PENDING,
02b05bd8 73 SMP_FLAG_OOB,
533e35d4 74};
4bc58f51
JH		 75
76struct smp_chan {
b68fda68
JH		 77 struct l2cap_conn *conn;
78 struct delayed_work security_timer;
b28b4943 79 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 80
4bc58f51
JH		 81 u8 preq[7]; /* SMP Pairing Request */
82 u8 prsp[7]; /* SMP Pairing Response */
83 u8 prnd[16]; /* SMP Pairing Random (local) */
84 u8 rrnd[16]; /* SMP Pairing Random (remote) */
85 u8 pcnf[16]; /* SMP Pairing Confirm */
86 u8 tk[16]; /* SMP Temporary Key */
a29b0733 87 u8 rr[16];
4bc58f51
JH		 88 u8 enc_key_size;
89 u8 remote_key_dist;
90 bdaddr_t id_addr;
91 u8 id_addr_type;
92 u8 irk[16];
93 struct smp_csrk *csrk;
94 struct smp_csrk *slave_csrk;
95 struct smp_ltk *ltk;
96 struct smp_ltk *slave_ltk;
97 struct smp_irk *remote_irk;
6a77083a 98 u8 *link_key;
4a74d658 99 unsigned long flags;
783e0574 100 u8 method;
38606f14 101 u8 passkey_round;
6a7bd103 102
3b19146d
JH		 103 /* Secure Connections variables */
104 u8 local_pk[64];
105 u8 local_sk[32];
d8f8edbe
JH		 106 u8 remote_pk[64];
107 u8 dhkey[32];
760b018b 108 u8 mackey[16];
3b19146d 109
6a7bd103 110 struct crypto_blkcipher *tfm_aes;
407cecf6 111 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 112};
113
aeb7d461
JH		 114/* These debug key values are defined in the SMP section of the core
115 * specification. debug_pk is the public debug key and debug_sk the
116 * private debug key.
117 */
118static const u8 debug_pk[64] = {
119 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
120 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
121 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
122 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
123
124 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
125 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
126 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
127 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
128};
129
130static const u8 debug_sk[32] = {
131 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
132 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
133 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
134 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
135};
136
8a2936f4 137static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 138{
8a2936f4 139 size_t i;
d22ef0bc 140
8a2936f4
JH		 141 for (i = 0; i < len; i++)
142 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 143}
144
06edf8de
JH		 145/* The following functions map to the LE SC SMP crypto functions
146 * AES-CMAC, f4, f5, f6, g2 and h6.
147 */
148
cbbbe3e2
JH		 149static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
150 size_t len, u8 mac[16])
151{
152 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
153 struct hash_desc desc;
154 struct scatterlist sg;
155 int err;
156
157 if (len > CMAC_MSG_MAX)
158 return -EFBIG;
159
160 if (!tfm) {
161 BT_ERR("tfm %p", tfm);
162 return -EINVAL;
163 }
164
165 desc.tfm = tfm;
166 desc.flags = 0;
167
168 crypto_hash_init(&desc);
169
170 /* Swap key and message from LSB to MSB */
171 swap_buf(k, tmp, 16);
172 swap_buf(m, msg_msb, len);
173
c7a3d57d
JH		 174 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
175 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 176
177 err = crypto_hash_setkey(tfm, tmp, 16);
178 if (err) {
179 BT_ERR("cipher setkey failed: %d", err);
180 return err;
181 }
182
183 sg_init_one(&sg, msg_msb, len);
184
185 err = crypto_hash_update(&desc, &sg, len);
186 if (err) {
187 BT_ERR("Hash update error %d", err);
188 return err;
189 }
190
191 err = crypto_hash_final(&desc, mac_msb);
192 if (err) {
193 BT_ERR("Hash final error %d", err);
194 return err;
195 }
196
197 swap_buf(mac_msb, mac, 16);
198
c7a3d57d 199 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 200
201 return 0;
202}
203
204static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
205 const u8 x[16], u8 z, u8 res[16])
206{
207 u8 m[65];
208 int err;
209
c7a3d57d
JH		 210 SMP_DBG("u %32phN", u);
211 SMP_DBG("v %32phN", v);
212 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 213
214 m[0] = z;
215 memcpy(m + 1, v, 32);
216 memcpy(m + 33, u, 32);
217
218 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
219 if (err)
220 return err;
221
c7a3d57d 222 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 223
224 return err;
225}
226
4da50de8
JH		 227static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
228 const u8 n1[16], const u8 n2[16], const u8 a1[7],
229 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 230{
231 /* The btle, salt and length "magic" values are as defined in
232 * the SMP section of the Bluetooth core specification. In ASCII
233 * the btle value ends up being 'btle'. The salt is just a
234 * random number whereas length is the value 256 in little
235 * endian format.
236 */
237 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
238 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
239 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
240 const u8 length[2] = { 0x00, 0x01 };
241 u8 m[53], t[16];
242 int err;
243
c7a3d57d
JH		 244 SMP_DBG("w %32phN", w);
245 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
246 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 247
248 err = aes_cmac(tfm_cmac, salt, w, 32, t);
249 if (err)
250 return err;
251
c7a3d57d 252 SMP_DBG("t %16phN", t);
760b018b
JH		 253
254 memcpy(m, length, 2);
255 memcpy(m + 2, a2, 7);
256 memcpy(m + 9, a1, 7);
257 memcpy(m + 16, n2, 16);
258 memcpy(m + 32, n1, 16);
259 memcpy(m + 48, btle, 4);
260
261 m[52] = 0; /* Counter */
262
263 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
264 if (err)
265 return err;
266
c7a3d57d 267 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 268
269 m[52] = 1; /* Counter */
270
271 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
272 if (err)
273 return err;
274
c7a3d57d 275 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 276
277 return 0;
278}
279
280static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 281 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 282 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
283 u8 res[16])
284{
285 u8 m[65];
286 int err;
287
c7a3d57d
JH		 288 SMP_DBG("w %16phN", w);
289 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
290 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 291
292 memcpy(m, a2, 7);
293 memcpy(m + 7, a1, 7);
294 memcpy(m + 14, io_cap, 3);
295 memcpy(m + 17, r, 16);
296 memcpy(m + 33, n2, 16);
297 memcpy(m + 49, n1, 16);
298
299 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
300 if (err)
301 return err;
302
203de21b 303 SMP_DBG("res %16phN", res);
760b018b
JH		 304
305 return err;
306}
307
191dc7fe
JH		 308static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
309 const u8 x[16], const u8 y[16], u32 *val)
310{
311 u8 m[80], tmp[16];
312 int err;
313
c7a3d57d
JH		 314 SMP_DBG("u %32phN", u);
315 SMP_DBG("v %32phN", v);
316 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 317
318 memcpy(m, y, 16);
319 memcpy(m + 16, v, 32);
320 memcpy(m + 48, u, 32);
321
322 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
323 if (err)
324 return err;
325
326 *val = get_unaligned_le32(tmp);
327 *val %= 1000000;
328
c7a3d57d 329 SMP_DBG("val %06u", *val);
191dc7fe
JH		 330
331 return 0;
332}
333
06edf8de
JH		 334static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
335 const u8 key_id[4], u8 res[16])
336{
337 int err;
338
339 SMP_DBG("w %16phN key_id %4phN", w, key_id);
340
341 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
342 if (err)
343 return err;
344
345 SMP_DBG("res %16phN", res);
346
347 return err;
348}
349
350/* The following functions map to the legacy SMP crypto functions e, c1,
351 * s1 and ah.
352 */
353
d22ef0bc
AB		 354static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
355{
356 struct blkcipher_desc desc;
357 struct scatterlist sg;
943a732a 358 uint8_t tmp[16], data[16];
201a5929 359 int err;
d22ef0bc 360
7f376cd6 361 if (!tfm) {
d22ef0bc
AB		 362 BT_ERR("tfm %p", tfm);
363 return -EINVAL;
364 }
365
366 desc.tfm = tfm;
367 desc.flags = 0;
368
943a732a 369 /* The most significant octet of key corresponds to k[0] */
8a2936f4 370 swap_buf(k, tmp, 16);
943a732a
JH		 371
372 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 373 if (err) {
374 BT_ERR("cipher setkey failed: %d", err);
375 return err;
376 }
377
943a732a 378 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 379 swap_buf(r, data, 16);
943a732a
JH		 380
381 sg_init_one(&sg, data, 16);
d22ef0bc 382
d22ef0bc
AB		 383 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
384 if (err)
385 BT_ERR("Encrypt data error %d", err);
386
943a732a 387 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 388 swap_buf(data, r, 16);
943a732a 389
d22ef0bc
AB		 390 return err;
391}
392
06edf8de
JH		 393static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
394 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
395 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 396{
06edf8de 397 u8 p1[16], p2[16];
6a77083a
JH		 398 int err;
399
06edf8de 400 memset(p1, 0, 16);
6a77083a 401
06edf8de
JH		 402 /* p1 = pres || preq || _rat || _iat */
403 p1[0] = _iat;
404 p1[1] = _rat;
405 memcpy(p1 + 2, preq, 7);
406 memcpy(p1 + 9, pres, 7);
407
408 /* p2 = padding || ia || ra */
409 memcpy(p2, ra, 6);
410 memcpy(p2 + 6, ia, 6);
411 memset(p2 + 12, 0, 4);
412
413 /* res = r XOR p1 */
414 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
415
416 /* res = e(k, res) */
417 err = smp_e(tfm_aes, k, res);
418 if (err) {
419 BT_ERR("Encrypt data error");
6a77083a 420 return err;
06edf8de 421 }
6a77083a 422
06edf8de
JH		 423 /* res = res XOR p2 */
424 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
425
426 /* res = e(k, res) */
427 err = smp_e(tfm_aes, k, res);
428 if (err)
429 BT_ERR("Encrypt data error");
430
431 return err;
432}
433
434static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
435 const u8 r1[16], const u8 r2[16], u8 _r[16])
436{
437 int err;
438
439 /* Just least significant octets from r1 and r2 are considered */
440 memcpy(_r, r2, 8);
441 memcpy(_r + 8, r1, 8);
442
443 err = smp_e(tfm_aes, k, _r);
444 if (err)
445 BT_ERR("Encrypt data error");
6a77083a
JH		 446
447 return err;
448}
449
cd082797
JH		 450static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
451 const u8 r[3], u8 res[3])
60478054 452{
943a732a 453 u8 _res[16];
60478054
JH		 454 int err;
455
456 /* r' = padding || r */
943a732a
JH		 457 memcpy(_res, r, 3);
458 memset(_res + 3, 0, 13);
60478054 459
943a732a 460 err = smp_e(tfm, irk, _res);
60478054
JH		 461 if (err) {
462 BT_ERR("Encrypt error");
463 return err;
464 }
465
466 /* The output of the random address function ah is:
467 * ah(h, r) = e(k, r') mod 2^24
468 * The output of the security function e is then truncated to 24 bits
469 * by taking the least significant 24 bits of the output of e as the
470 * result of ah.
471 */
943a732a 472 memcpy(res, _res, 3);
60478054
JH		 473
474 return 0;
475}
476
cd082797
JH		 477bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
478 const bdaddr_t *bdaddr)
60478054 479{
defce9e8
JH		 480 struct l2cap_chan *chan = hdev->smp_data;
481 struct crypto_blkcipher *tfm;
60478054
JH		 482 u8 hash[3];
483 int err;
484
defce9e8
JH		 485 if (!chan || !chan->data)
486 return false;
487
488 tfm = chan->data;
489
60478054
JH		 490 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
491
492 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
493 if (err)
494 return false;
495
496 return !memcmp(bdaddr->b, hash, 3);
497}
498
cd082797 499int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 500{
defce9e8
JH		 501 struct l2cap_chan *chan = hdev->smp_data;
502 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 503 int err;
504
defce9e8
JH		 505 if (!chan || !chan->data)
506 return -EOPNOTSUPP;
507
508 tfm = chan->data;
509
b1e2b3ae
JH		 510 get_random_bytes(&rpa->b[3], 3);
511
512 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
513 rpa->b[5] |= 0x40; /* Set second most significant bit */
514
515 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
516 if (err < 0)
517 return err;
518
519 BT_DBG("RPA %pMR", rpa);
520
521 return 0;
522}
523
5d88cc73 524static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 525{
5d88cc73 526 struct l2cap_chan *chan = conn->smp;
b68fda68 527 struct smp_chan *smp;
5d88cc73
JH		 528 struct kvec iv[2];
529 struct msghdr msg;
eb492e01 530
5d88cc73
JH		 531 if (!chan)
532 return;
eb492e01 533
5d88cc73 534 BT_DBG("code 0x%2.2x", code);
eb492e01 535
5d88cc73
JH		 536 iv[0].iov_base = &code;
537 iv[0].iov_len = 1;
eb492e01 538
5d88cc73
JH		 539 iv[1].iov_base = data;
540 iv[1].iov_len = len;
eb492e01 541
5d88cc73 542 memset(&msg, 0, sizeof(msg));
eb492e01 543
17836394 544 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 545
5d88cc73 546 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 547
b68fda68
JH		 548 if (!chan->data)
549 return;
550
551 smp = chan->data;
552
553 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 554 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 555}
556
d2eb9e10 557static u8 authreq_to_seclevel(u8 authreq)
2b64d153 558{
d2eb9e10
JH		 559 if (authreq & SMP_AUTH_MITM) {
560 if (authreq & SMP_AUTH_SC)
561 return BT_SECURITY_FIPS;
562 else
563 return BT_SECURITY_HIGH;
564 } else {
2b64d153 565 return BT_SECURITY_MEDIUM;
d2eb9e10 566 }
2b64d153
BG		 567}
568
569static __u8 seclevel_to_authreq(__u8 sec_level)
570{
571 switch (sec_level) {
d2eb9e10 572 case BT_SECURITY_FIPS:
2b64d153
BG		 573 case BT_SECURITY_HIGH:
574 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
575 case BT_SECURITY_MEDIUM:
576 return SMP_AUTH_BONDING;
577 default:
578 return SMP_AUTH_NONE;
579 }
580}
581
b8e66eac 582static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 583 struct smp_cmd_pairing *req,
584 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 585{
5d88cc73
JH		 586 struct l2cap_chan *chan = conn->smp;
587 struct smp_chan *smp = chan->data;
fd349c02
JH		 588 struct hci_conn *hcon = conn->hcon;
589 struct hci_dev *hdev = hcon->hdev;
02b05bd8 590 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 591
b6ae8457 592 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 593 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
594 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 595 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 596 } else {
597 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 598 }
599
fd349c02
JH		 600 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
601 remote_dist |= SMP_DIST_ID_KEY;
602
863efaf2
JH		 603 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
604 local_dist |= SMP_DIST_ID_KEY;
605
02b05bd8
JH		 606 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
607 (authreq & SMP_AUTH_SC)) {
608 struct oob_data *oob_data;
609 u8 bdaddr_type;
610
611 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
df8e1a4c
JH		 612 local_dist |= SMP_DIST_LINK_KEY;
613 remote_dist |= SMP_DIST_LINK_KEY;
614 }
02b05bd8
JH		 615
616 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
617 bdaddr_type = BDADDR_LE_PUBLIC;
618 else
619 bdaddr_type = BDADDR_LE_RANDOM;
620
621 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
622 bdaddr_type);
4775a4ea 623 if (oob_data && oob_data->present) {
02b05bd8
JH		 624 set_bit(SMP_FLAG_OOB, &smp->flags);
625 oob_flag = SMP_OOB_PRESENT;
a29b0733 626 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 627 memcpy(smp->pcnf, oob_data->hash256, 16);
628 }
629
df8e1a4c
JH		 630 } else {
631 authreq &= ~SMP_AUTH_SC;
632 }
633
54790f73
VCG		 634 if (rsp == NULL) {
635 req->io_capability = conn->hcon->io_capability;
02b05bd8 636 req->oob_flag = oob_flag;
54790f73 637 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 638 req->init_key_dist = local_dist;
639 req->resp_key_dist = remote_dist;
0edb14de 640 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 641
642 smp->remote_key_dist = remote_dist;
54790f73
VCG		 643 return;
644 }
645
646 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 647 rsp->oob_flag = oob_flag;
54790f73 648 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 649 rsp->init_key_dist = req->init_key_dist & remote_dist;
650 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 651 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 652
653 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 654}
655
3158c50c
VCG		 656static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
657{
5d88cc73
JH		 658 struct l2cap_chan *chan = conn->smp;
659 struct smp_chan *smp = chan->data;
1c1def09 660
3158c50c 661 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 662 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 663 return SMP_ENC_KEY_SIZE;
664
f7aa611a 665 smp->enc_key_size = max_key_size;
3158c50c
VCG		 666
667 return 0;
668}
669
6f48e260
JH		 670static void smp_chan_destroy(struct l2cap_conn *conn)
671{
672 struct l2cap_chan *chan = conn->smp;
673 struct smp_chan *smp = chan->data;
923e2414 674 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 675 bool complete;
676
677 BUG_ON(!smp);
678
679 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 680
6f48e260 681 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 682 mgmt_smp_complete(hcon, complete);
6f48e260
JH		 683
684 kfree(smp->csrk);
685 kfree(smp->slave_csrk);
6a77083a 686 kfree(smp->link_key);
6f48e260
JH		 687
688 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 689 crypto_free_hash(smp->tfm_cmac);
6f48e260 690
923e2414
JH		 691 /* Ensure that we don't leave any debug key around if debug key
692 * support hasn't been explicitly enabled.
693 */
694 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
695 !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
696 list_del_rcu(&smp->ltk->list);
697 kfree_rcu(smp->ltk, rcu);
698 smp->ltk = NULL;
699 }
700
6f48e260
JH		 701 /* If pairing failed clean up any keys we might have */
702 if (!complete) {
703 if (smp->ltk) {
970d0f1b
JH		 704 list_del_rcu(&smp->ltk->list);
705 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 706 }
707
708 if (smp->slave_ltk) {
970d0f1b
JH		 709 list_del_rcu(&smp->slave_ltk->list);
710 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 711 }
712
713 if (smp->remote_irk) {
adae20cb
JH		 714 list_del_rcu(&smp->remote_irk->list);
715 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 716 }
717 }
718
719 chan->data = NULL;
720 kfree(smp);
923e2414 721 hci_conn_drop(hcon);
6f48e260
JH		 722}
723
84794e11 724static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 725{
bab73cb6 726 struct hci_conn *hcon = conn->hcon;
b68fda68 727 struct l2cap_chan *chan = conn->smp;
bab73cb6 728
84794e11 729 if (reason)
4f957a76 730 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 731 &reason);
4f957a76 732
ce39fb4e 733 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 734 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 735
fc75cc86 736 if (chan->data)
f1c09c07 737 smp_chan_destroy(conn);
4f957a76
BG		 738}
739
2b64d153
BG		 740#define JUST_WORKS 0x00
741#define JUST_CFM 0x01
742#define REQ_PASSKEY 0x02
743#define CFM_PASSKEY 0x03
744#define REQ_OOB 0x04
5e3d3d9b 745#define DSP_PASSKEY 0x05
2b64d153
BG		 746#define OVERLAP 0xFF
747
748static const u8 gen_method[5][5] = {
749 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
750 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
751 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
752 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
753 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
754};
755
5e3d3d9b
JH		 756static const u8 sc_method[5][5] = {
757 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
758 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
759 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
760 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
761 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
762};
763
581370cc
JH		 764static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
765{
2bcd4003
JH		 766 /* If either side has unknown io_caps, use JUST_CFM (which gets
767 * converted later to JUST_WORKS if we're initiators.
768 */
581370cc
JH		 769 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
770 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 771 return JUST_CFM;
581370cc 772
5e3d3d9b
JH		 773 if (test_bit(SMP_FLAG_SC, &smp->flags))
774 return sc_method[remote_io][local_io];
775
581370cc
JH		 776 return gen_method[remote_io][local_io];
777}
778
2b64d153
BG		 779static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
780 u8 local_io, u8 remote_io)
781{
782 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 783 struct l2cap_chan *chan = conn->smp;
784 struct smp_chan *smp = chan->data;
2b64d153
BG		 785 u32 passkey = 0;
786 int ret = 0;
787
788 /* Initialize key for JUST WORKS */
789 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 790 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 791
792 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
793
2bcd4003
JH		 794 /* If neither side wants MITM, either "just" confirm an incoming
795 * request or use just-works for outgoing ones. The JUST_CFM
796 * will be converted to JUST_WORKS if necessary later in this
797 * function. If either side has MITM look up the method from the
798 * table.
799 */
581370cc 800 if (!(auth & SMP_AUTH_MITM))
783e0574 801 smp->method = JUST_CFM;
2b64d153 802 else
783e0574 803 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 804
a82505c7 805 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 806 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
807 &smp->flags))
808 smp->method = JUST_WORKS;
a82505c7 809
02f3e254 810 /* Don't bother user space with no IO capabilities */
783e0574
JH		 811 if (smp->method == JUST_CFM &&
812 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
813 smp->method = JUST_WORKS;
02f3e254 814
2b64d153 815 /* If Just Works, Continue with Zero TK */
783e0574 816 if (smp->method == JUST_WORKS) {
4a74d658 817 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 818 return 0;
819 }
820
821 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 822 if (smp->method != JUST_CFM) {
4a74d658 823 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 824 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
825 hcon->pending_sec_level = BT_SECURITY_HIGH;
826 }
2b64d153
BG		 827
828 /* If both devices have Keyoard-Display I/O, the master
829 * Confirms and the slave Enters the passkey.
830 */
783e0574 831 if (smp->method == OVERLAP) {
40bef302 832 if (hcon->role == HCI_ROLE_MASTER)
783e0574 833 smp->method = CFM_PASSKEY;
2b64d153 834 else
783e0574 835 smp->method = REQ_PASSKEY;
2b64d153
BG		 836 }
837
01ad34d2 838 /* Generate random passkey. */
783e0574 839 if (smp->method == CFM_PASSKEY) {
943a732a 840 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 841 get_random_bytes(&passkey, sizeof(passkey));
842 passkey %= 1000000;
943a732a 843 put_unaligned_le32(passkey, smp->tk);
2b64d153 844 BT_DBG("PassKey: %d", passkey);
4a74d658 845 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 846 }
847
783e0574 848 if (smp->method == REQ_PASSKEY)
ce39fb4e 849 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 850 hcon->type, hcon->dst_type);
783e0574 851 else if (smp->method == JUST_CFM)
4eb65e66
JH		 852 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
853 hcon->type, hcon->dst_type,
854 passkey, 1);
2b64d153 855 else
01ad34d2 856 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 857 hcon->type, hcon->dst_type,
39adbffe 858 passkey, 0);
2b64d153 859
2b64d153
BG		 860 return ret;
861}
862
1cc61144 863static u8 smp_confirm(struct smp_chan *smp)
8aab4757 864{
8aab4757 865 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 866 struct smp_cmd_pairing_confirm cp;
867 int ret;
8aab4757
VCG		 868
869 BT_DBG("conn %p", conn);
870
e491eaf3 871 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 872 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 873 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
874 cp.confirm_val);
1cc61144
JH		 875 if (ret)
876 return SMP_UNSPECIFIED;
8aab4757 877
4a74d658 878 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 879
8aab4757
VCG		 880 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
881
b28b4943
JH		 882 if (conn->hcon->out)
883 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
884 else
885 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
886
1cc61144 887 return 0;
8aab4757
VCG		 888}
889
861580a9 890static u8 smp_random(struct smp_chan *smp)
8aab4757 891{
8aab4757
VCG		 892 struct l2cap_conn *conn = smp->conn;
893 struct hci_conn *hcon = conn->hcon;
861580a9 894 u8 confirm[16];
8aab4757
VCG		 895 int ret;
896
ec70f36f 897 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 898 return SMP_UNSPECIFIED;
8aab4757
VCG		 899
900 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
901
e491eaf3 902 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 903 hcon->init_addr_type, &hcon->init_addr,
943a732a 904 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 905 if (ret)
906 return SMP_UNSPECIFIED;
8aab4757 907
8aab4757
VCG		 908 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
909 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 910 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 911 }
912
913 if (hcon->out) {
fe39c7b2
MH		 914 u8 stk[16];
915 __le64 rand = 0;
916 __le16 ediv = 0;
8aab4757 917
e491eaf3 918 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 919
f7aa611a 920 memset(stk + smp->enc_key_size, 0,
04124681 921 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 922
861580a9
JH		 923 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
924 return SMP_UNSPECIFIED;
8aab4757
VCG		 925
926 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 927 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 928 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 929 } else {
fff3490f 930 u8 stk[16], auth;
fe39c7b2
MH		 931 __le64 rand = 0;
932 __le16 ediv = 0;
8aab4757 933
943a732a
JH		 934 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
935 smp->prnd);
8aab4757 936
e491eaf3 937 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 938
f7aa611a 939 memset(stk + smp->enc_key_size, 0,
f1560463 940 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 941
fff3490f
JH		 942 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
943 auth = 1;
944 else
945 auth = 0;
946
7d5843b7
JH		 947 /* Even though there's no _SLAVE suffix this is the
948 * slave STK we're adding for later lookup (the master
949 * STK never needs to be stored).
950 */
ce39fb4e 951 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 952 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 953 }
954
861580a9 955 return 0;
8aab4757
VCG		 956}
957
44f1a7ab
JH		 958static void smp_notify_keys(struct l2cap_conn *conn)
959{
960 struct l2cap_chan *chan = conn->smp;
961 struct smp_chan *smp = chan->data;
962 struct hci_conn *hcon = conn->hcon;
963 struct hci_dev *hdev = hcon->hdev;
964 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
965 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
966 bool persistent;
967
968 if (smp->remote_irk) {
969 mgmt_new_irk(hdev, smp->remote_irk);
970 /* Now that user space can be considered to know the
971 * identity address track the connection based on it
b5ae344d 972 * from now on (assuming this is an LE link).
44f1a7ab 973 */
b5ae344d
JH		 974 if (hcon->type == LE_LINK) {
975 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
976 hcon->dst_type = smp->remote_irk->addr_type;
977 queue_work(hdev->workqueue, &conn->id_addr_update_work);
978 }
44f1a7ab
JH		 979
980 /* When receiving an indentity resolving key for
981 * a remote device that does not use a resolvable
982 * private address, just remove the key so that
983 * it is possible to use the controller white
984 * list for scanning.
985 *
986 * Userspace will have been told to not store
987 * this key at this point. So it is safe to
988 * just remove it.
989 */
990 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 991 list_del_rcu(&smp->remote_irk->list);
992 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 993 smp->remote_irk = NULL;
994 }
995 }
996
b5ae344d
JH		 997 if (hcon->type == ACL_LINK) {
998 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
999 persistent = false;
1000 else
1001 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1002 &hcon->flags);
1003 } else {
1004 /* The LTKs and CSRKs should be persistent only if both sides
1005 * had the bonding bit set in their authentication requests.
1006 */
1007 persistent = !!((req->auth_req & rsp->auth_req) &
1008 SMP_AUTH_BONDING);
1009 }
1010
44f1a7ab
JH		 1011
1012 if (smp->csrk) {
1013 smp->csrk->bdaddr_type = hcon->dst_type;
1014 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1015 mgmt_new_csrk(hdev, smp->csrk, persistent);
1016 }
1017
1018 if (smp->slave_csrk) {
1019 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1020 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1021 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1022 }
1023
1024 if (smp->ltk) {
1025 smp->ltk->bdaddr_type = hcon->dst_type;
1026 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1027 mgmt_new_ltk(hdev, smp->ltk, persistent);
1028 }
1029
1030 if (smp->slave_ltk) {
1031 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1032 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1033 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1034 }
6a77083a
JH		 1035
1036 if (smp->link_key) {
e3befab9
JH		 1037 struct link_key *key;
1038 u8 type;
1039
1040 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1041 type = HCI_LK_DEBUG_COMBINATION;
1042 else if (hcon->sec_level == BT_SECURITY_FIPS)
1043 type = HCI_LK_AUTH_COMBINATION_P256;
1044 else
1045 type = HCI_LK_UNAUTH_COMBINATION_P256;
1046
1047 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1048 smp->link_key, type, 0, &persistent);
1049 if (key) {
1050 mgmt_new_link_key(hdev, key, persistent);
1051
1052 /* Don't keep debug keys around if the relevant
1053 * flag is not set.
1054 */
1055 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1056 key->type == HCI_LK_DEBUG_COMBINATION) {
1057 list_del_rcu(&key->list);
1058 kfree_rcu(key, rcu);
1059 }
1060 }
6a77083a
JH		 1061 }
1062}
1063
d3e54a87
JH		 1064static void sc_add_ltk(struct smp_chan *smp)
1065{
1066 struct hci_conn *hcon = smp->conn->hcon;
1067 u8 key_type, auth;
1068
1069 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1070 key_type = SMP_LTK_P256_DEBUG;
1071 else
1072 key_type = SMP_LTK_P256;
1073
1074 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1075 auth = 1;
1076 else
1077 auth = 0;
1078
1079 memset(smp->tk + smp->enc_key_size, 0,
1080 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1081
1082 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1083 key_type, auth, smp->tk, smp->enc_key_size,
1084 0, 0);
1085}
1086
6a77083a
JH		 1087static void sc_generate_link_key(struct smp_chan *smp)
1088{
1089 /* These constants are as specified in the core specification.
1090 * In ASCII they spell out to 'tmp1' and 'lebr'.
1091 */
1092 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1093 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1094
1095 smp->link_key = kzalloc(16, GFP_KERNEL);
1096 if (!smp->link_key)
1097 return;
1098
1099 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1100 kfree(smp->link_key);
1101 smp->link_key = NULL;
1102 return;
1103 }
1104
1105 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1106 kfree(smp->link_key);
1107 smp->link_key = NULL;
1108 return;
1109 }
44f1a7ab
JH		 1110}
1111
b28b4943
JH		 1112static void smp_allow_key_dist(struct smp_chan *smp)
1113{
1114 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1115 * will be allowed in each PDU handler to ensure we receive
1116 * them in the correct order.
1117 */
1118 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1119 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1120 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1121 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1122 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1123 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1124}
1125
b5ae344d
JH		 1126static void sc_generate_ltk(struct smp_chan *smp)
1127{
1128 /* These constants are as specified in the core specification.
1129 * In ASCII they spell out to 'tmp2' and 'brle'.
1130 */
1131 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1132 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1133 struct hci_conn *hcon = smp->conn->hcon;
1134 struct hci_dev *hdev = hcon->hdev;
1135 struct link_key *key;
1136
1137 key = hci_find_link_key(hdev, &hcon->dst);
1138 if (!key) {
1139 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1140 return;
1141 }
1142
1143 if (key->type == HCI_LK_DEBUG_COMBINATION)
1144 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1145
1146 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1147 return;
1148
1149 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1150 return;
1151
1152 sc_add_ltk(smp);
1153}
1154
d6268e86 1155static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1156{
1157 struct smp_cmd_pairing *req, *rsp;
86d1407c 1158 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1159 struct hci_conn *hcon = conn->hcon;
1160 struct hci_dev *hdev = hcon->hdev;
1161 __u8 *keydist;
1162
1163 BT_DBG("conn %p", conn);
1164
44f1a7ab
JH		 1165 rsp = (void *) &smp->prsp[1];
1166
1167 /* The responder sends its keys first */
b28b4943
JH		 1168 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1169 smp_allow_key_dist(smp);
86d1407c 1170 return;
b28b4943 1171 }
44f1a7ab
JH		 1172
1173 req = (void *) &smp->preq[1];
1174
1175 if (hcon->out) {
1176 keydist = &rsp->init_key_dist;
1177 *keydist &= req->init_key_dist;
1178 } else {
1179 keydist = &rsp->resp_key_dist;
1180 *keydist &= req->resp_key_dist;
1181 }
1182
6a77083a 1183 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1184 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1185 sc_generate_link_key(smp);
b5ae344d
JH		 1186 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1187 sc_generate_ltk(smp);
6a77083a
JH		 1188
1189 /* Clear the keys which are generated but not distributed */
1190 *keydist &= ~SMP_SC_NO_DIST;
1191 }
1192
44f1a7ab
JH		 1193 BT_DBG("keydist 0x%x", *keydist);
1194
1195 if (*keydist & SMP_DIST_ENC_KEY) {
1196 struct smp_cmd_encrypt_info enc;
1197 struct smp_cmd_master_ident ident;
1198 struct smp_ltk *ltk;
1199 u8 authenticated;
1200 __le16 ediv;
1201 __le64 rand;
1202
1203 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1204 get_random_bytes(&ediv, sizeof(ediv));
1205 get_random_bytes(&rand, sizeof(rand));
1206
1207 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1208
1209 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1210 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1211 SMP_LTK_SLAVE, authenticated, enc.ltk,
1212 smp->enc_key_size, ediv, rand);
1213 smp->slave_ltk = ltk;
1214
1215 ident.ediv = ediv;
1216 ident.rand = rand;
1217
1218 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1219
1220 *keydist &= ~SMP_DIST_ENC_KEY;
1221 }
1222
1223 if (*keydist & SMP_DIST_ID_KEY) {
1224 struct smp_cmd_ident_addr_info addrinfo;
1225 struct smp_cmd_ident_info idinfo;
1226
1227 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1228
1229 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1230
1231 /* The hci_conn contains the local identity address
1232 * after the connection has been established.
1233 *
1234 * This is true even when the connection has been
1235 * established using a resolvable random address.
1236 */
1237 bacpy(&addrinfo.bdaddr, &hcon->src);
1238 addrinfo.addr_type = hcon->src_type;
1239
1240 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1241 &addrinfo);
1242
1243 *keydist &= ~SMP_DIST_ID_KEY;
1244 }
1245
1246 if (*keydist & SMP_DIST_SIGN) {
1247 struct smp_cmd_sign_info sign;
1248 struct smp_csrk *csrk;
1249
1250 /* Generate a new random key */
1251 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1252
1253 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1254 if (csrk) {
4cd3928a
JH		 1255 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1256 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1257 else
1258 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1259 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1260 }
1261 smp->slave_csrk = csrk;
1262
1263 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1264
1265 *keydist &= ~SMP_DIST_SIGN;
1266 }
1267
1268 /* If there are still keys to be received wait for them */
b28b4943
JH		 1269 if (smp->remote_key_dist & KEY_DIST_MASK) {
1270 smp_allow_key_dist(smp);
86d1407c 1271 return;
b28b4943 1272 }
44f1a7ab 1273
44f1a7ab
JH		 1274 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1275 smp_notify_keys(conn);
1276
1277 smp_chan_destroy(conn);
44f1a7ab
JH		 1278}
1279
b68fda68
JH		 1280static void smp_timeout(struct work_struct *work)
1281{
1282 struct smp_chan *smp = container_of(work, struct smp_chan,
1283 security_timer.work);
1284 struct l2cap_conn *conn = smp->conn;
1285
1286 BT_DBG("conn %p", conn);
1287
1e91c29e 1288 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1289}
1290
8aab4757
VCG		 1291static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1292{
5d88cc73 1293 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1294 struct smp_chan *smp;
1295
f1560463 1296 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1297 if (!smp)
8aab4757
VCG		 1298 return NULL;
1299
6a7bd103
JH		 1300 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1301 if (IS_ERR(smp->tfm_aes)) {
1302 BT_ERR("Unable to create ECB crypto context");
1303 kfree(smp);
1304 return NULL;
1305 }
1306
407cecf6
JH		 1307 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1308 if (IS_ERR(smp->tfm_cmac)) {
1309 BT_ERR("Unable to create CMAC crypto context");
1310 crypto_free_blkcipher(smp->tfm_aes);
1311 kfree(smp);
1312 return NULL;
1313 }
1314
8aab4757 1315 smp->conn = conn;
5d88cc73 1316 chan->data = smp;
8aab4757 1317
b28b4943
JH		 1318 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1319
b68fda68
JH		 1320 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1321
8aab4757
VCG		 1322 hci_conn_hold(conn->hcon);
1323
1324 return smp;
1325}
1326
760b018b
JH		 1327static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1328{
1329 struct hci_conn *hcon = smp->conn->hcon;
1330 u8 *na, *nb, a[7], b[7];
1331
1332 if (hcon->out) {
1333 na = smp->prnd;
1334 nb = smp->rrnd;
1335 } else {
1336 na = smp->rrnd;
1337 nb = smp->prnd;
1338 }
1339
1340 memcpy(a, &hcon->init_addr, 6);
1341 memcpy(b, &hcon->resp_addr, 6);
1342 a[6] = hcon->init_addr_type;
1343 b[6] = hcon->resp_addr_type;
1344
1345 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1346}
1347
38606f14 1348static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1349{
1350 struct hci_conn *hcon = smp->conn->hcon;
1351 struct smp_cmd_dhkey_check check;
1352 u8 a[7], b[7], *local_addr, *remote_addr;
1353 u8 io_cap[3], r[16];
1354
760b018b
JH		 1355 memcpy(a, &hcon->init_addr, 6);
1356 memcpy(b, &hcon->resp_addr, 6);
1357 a[6] = hcon->init_addr_type;
1358 b[6] = hcon->resp_addr_type;
1359
1360 if (hcon->out) {
1361 local_addr = a;
1362 remote_addr = b;
1363 memcpy(io_cap, &smp->preq[1], 3);
1364 } else {
1365 local_addr = b;
1366 remote_addr = a;
1367 memcpy(io_cap, &smp->prsp[1], 3);
1368 }
1369
dddd3059
JH		 1370 memset(r, 0, sizeof(r));
1371
1372 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1373 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1374
a29b0733
JH		 1375 if (smp->method == REQ_OOB)
1376 memcpy(r, smp->rr, 16);
1377
760b018b
JH		 1378 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1379 local_addr, remote_addr, check.e);
1380
1381 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1382}
1383
38606f14
JH		 1384static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1385{
1386 struct l2cap_conn *conn = smp->conn;
1387 struct hci_conn *hcon = conn->hcon;
1388 struct smp_cmd_pairing_confirm cfm;
1389 u8 r;
1390
1391 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1392 r |= 0x80;
1393
1394 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1395
1396 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1397 cfm.confirm_val))
1398 return SMP_UNSPECIFIED;
1399
1400 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1401
1402 return 0;
1403}
1404
1405static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1406{
1407 struct l2cap_conn *conn = smp->conn;
1408 struct hci_conn *hcon = conn->hcon;
1409 struct hci_dev *hdev = hcon->hdev;
1410 u8 cfm[16], r;
1411
1412 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1413 if (smp->passkey_round >= 20)
1414 return 0;
1415
1416 switch (smp_op) {
1417 case SMP_CMD_PAIRING_RANDOM:
1418 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1419 r |= 0x80;
1420
1421 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1422 smp->rrnd, r, cfm))
1423 return SMP_UNSPECIFIED;
1424
1425 if (memcmp(smp->pcnf, cfm, 16))
1426 return SMP_CONFIRM_FAILED;
1427
1428 smp->passkey_round++;
1429
1430 if (smp->passkey_round == 20) {
1431 /* Generate MacKey and LTK */
1432 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1433 return SMP_UNSPECIFIED;
1434 }
1435
1436 /* The round is only complete when the initiator
1437 * receives pairing random.
1438 */
1439 if (!hcon->out) {
1440 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1441 sizeof(smp->prnd), smp->prnd);
d3e54a87 1442 if (smp->passkey_round == 20)
38606f14 1443 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1444 else
38606f14 1445 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1446 return 0;
1447 }
1448
1449 /* Start the next round */
1450 if (smp->passkey_round != 20)
1451 return sc_passkey_round(smp, 0);
1452
1453 /* Passkey rounds are complete - start DHKey Check */
1454 sc_dhkey_check(smp);
1455 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1456
1457 break;
1458
1459 case SMP_CMD_PAIRING_CONFIRM:
1460 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1461 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1462 return 0;
1463 }
1464
1465 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1466
1467 if (hcon->out) {
1468 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1469 sizeof(smp->prnd), smp->prnd);
1470 return 0;
1471 }
1472
1473 return sc_passkey_send_confirm(smp);
1474
1475 case SMP_CMD_PUBLIC_KEY:
1476 default:
1477 /* Initiating device starts the round */
1478 if (!hcon->out)
1479 return 0;
1480
1481 BT_DBG("%s Starting passkey round %u", hdev->name,
1482 smp->passkey_round + 1);
1483
1484 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1485
1486 return sc_passkey_send_confirm(smp);
1487 }
1488
1489 return 0;
1490}
1491
dddd3059
JH		 1492static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1493{
38606f14
JH		 1494 struct l2cap_conn *conn = smp->conn;
1495 struct hci_conn *hcon = conn->hcon;
1496 u8 smp_op;
1497
1498 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1499
dddd3059
JH		 1500 switch (mgmt_op) {
1501 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1502 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1503 return 0;
1504 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1505 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1506 return 0;
38606f14
JH		 1507 case MGMT_OP_USER_PASSKEY_REPLY:
1508 hcon->passkey_notify = le32_to_cpu(passkey);
1509 smp->passkey_round = 0;
1510
1511 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1512 smp_op = SMP_CMD_PAIRING_CONFIRM;
1513 else
1514 smp_op = 0;
1515
1516 if (sc_passkey_round(smp, smp_op))
1517 return -EIO;
1518
1519 return 0;
dddd3059
JH		 1520 }
1521
d3e54a87
JH		 1522 /* Initiator sends DHKey check first */
1523 if (hcon->out) {
1524 sc_dhkey_check(smp);
1525 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1526 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1527 sc_dhkey_check(smp);
1528 sc_add_ltk(smp);
1529 }
760b018b
JH		 1530
1531 return 0;
1532}
1533
2b64d153
BG		 1534int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1535{
b10e8017 1536 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1537 struct l2cap_chan *chan;
2b64d153
BG		 1538 struct smp_chan *smp;
1539 u32 value;
fc75cc86 1540 int err;
2b64d153
BG		 1541
1542 BT_DBG("");
1543
fc75cc86 1544 if (!conn)
2b64d153
BG		 1545 return -ENOTCONN;
1546
5d88cc73
JH		 1547 chan = conn->smp;
1548 if (!chan)
1549 return -ENOTCONN;
1550
fc75cc86
JH		 1551 l2cap_chan_lock(chan);
1552 if (!chan->data) {
1553 err = -ENOTCONN;
1554 goto unlock;
1555 }
1556
5d88cc73 1557 smp = chan->data;
2b64d153 1558
760b018b
JH		 1559 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1560 err = sc_user_reply(smp, mgmt_op, passkey);
1561 goto unlock;
1562 }
1563
2b64d153
BG		 1564 switch (mgmt_op) {
1565 case MGMT_OP_USER_PASSKEY_REPLY:
1566 value = le32_to_cpu(passkey);
943a732a 1567 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1568 BT_DBG("PassKey: %d", value);
943a732a 1569 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1570 /* Fall Through */
1571 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1572 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1573 break;
1574 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1575 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1576 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1577 err = 0;
1578 goto unlock;
2b64d153 1579 default:
84794e11 1580 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1581 err = -EOPNOTSUPP;
1582 goto unlock;
2b64d153
BG		 1583 }
1584
fc75cc86
JH		 1585 err = 0;
1586
2b64d153 1587 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1588 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1589 u8 rsp = smp_confirm(smp);
1590 if (rsp)
1591 smp_failure(conn, rsp);
1592 }
2b64d153 1593
fc75cc86
JH		 1594unlock:
1595 l2cap_chan_unlock(chan);
1596 return err;
2b64d153
BG		 1597}
1598
b5ae344d
JH		 1599static void build_bredr_pairing_cmd(struct smp_chan *smp,
1600 struct smp_cmd_pairing *req,
1601 struct smp_cmd_pairing *rsp)
1602{
1603 struct l2cap_conn *conn = smp->conn;
1604 struct hci_dev *hdev = conn->hcon->hdev;
1605 u8 local_dist = 0, remote_dist = 0;
1606
1607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1608 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1609 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1610 }
1611
1612 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1613 remote_dist |= SMP_DIST_ID_KEY;
1614
1615 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1616 local_dist |= SMP_DIST_ID_KEY;
1617
1618 if (!rsp) {
1619 memset(req, 0, sizeof(*req));
1620
1621 req->init_key_dist = local_dist;
1622 req->resp_key_dist = remote_dist;
1623 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1624
1625 smp->remote_key_dist = remote_dist;
1626
1627 return;
1628 }
1629
1630 memset(rsp, 0, sizeof(*rsp));
1631
1632 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1633 rsp->init_key_dist = req->init_key_dist & remote_dist;
1634 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1635
1636 smp->remote_key_dist = rsp->init_key_dist;
1637}
1638
da85e5e5 1639static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1640{
3158c50c 1641 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1642 struct l2cap_chan *chan = conn->smp;
b3c6410b 1643 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1644 struct smp_chan *smp;
c7262e71 1645 u8 key_size, auth, sec_level;
8aab4757 1646 int ret;
88ba43b6
AB		 1647
1648 BT_DBG("conn %p", conn);
1649
c46b98be 1650 if (skb->len < sizeof(*req))
38e4a915 1651 return SMP_INVALID_PARAMS;
c46b98be 1652
40bef302 1653 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1654 return SMP_CMD_NOTSUPP;
1655
fc75cc86 1656 if (!chan->data)
8aab4757 1657 smp = smp_chan_create(conn);
fc75cc86 1658 else
5d88cc73 1659 smp = chan->data;
8aab4757 1660
d08fd0e7
AE		 1661 if (!smp)
1662 return SMP_UNSPECIFIED;
d26a2345 1663
c05b9339 1664 /* We didn't start the pairing, so match remote */
0edb14de 1665 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1666
b6ae8457 1667 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1668 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1669 return SMP_PAIRING_NOTSUPP;
1670
903b71c7
JH		 1671 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1672 return SMP_AUTH_REQUIREMENTS;
1673
1c1def09
VCG		 1674 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1675 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1676 skb_pull(skb, sizeof(*req));
88ba43b6 1677
b5ae344d
JH		 1678 /* SMP over BR/EDR requires special treatment */
1679 if (conn->hcon->type == ACL_LINK) {
1680 /* We must have a BR/EDR SC link */
08f63cc5 1681 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
300acfde 1682 !test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
b5ae344d
JH		 1683 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1684
1685 set_bit(SMP_FLAG_SC, &smp->flags);
1686
1687 build_bredr_pairing_cmd(smp, req, &rsp);
1688
1689 key_size = min(req->max_key_size, rsp.max_key_size);
1690 if (check_enc_key_size(conn, key_size))
1691 return SMP_ENC_KEY_SIZE;
1692
1693 /* Clear bits which are generated but not distributed */
1694 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1695
1696 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1697 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1698 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1699
1700 smp_distribute_keys(smp);
1701 return 0;
1702 }
1703
5e3d3d9b
JH		 1704 build_pairing_cmd(conn, req, &rsp, auth);
1705
1706 if (rsp.auth_req & SMP_AUTH_SC)
1707 set_bit(SMP_FLAG_SC, &smp->flags);
1708
5be5e275 1709 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1710 sec_level = BT_SECURITY_MEDIUM;
1711 else
1712 sec_level = authreq_to_seclevel(auth);
1713
c7262e71
JH		 1714 if (sec_level > conn->hcon->pending_sec_level)
1715 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1716
49c922bb 1717 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1718 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1719 u8 method;
1720
1721 method = get_auth_method(smp, conn->hcon->io_capability,
1722 req->io_capability);
1723 if (method == JUST_WORKS || method == JUST_CFM)
1724 return SMP_AUTH_REQUIREMENTS;
1725 }
1726
3158c50c
VCG		 1727 key_size = min(req->max_key_size, rsp.max_key_size);
1728 if (check_enc_key_size(conn, key_size))
1729 return SMP_ENC_KEY_SIZE;
88ba43b6 1730
e84a6b13 1731 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1732
1c1def09
VCG		 1733 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1734 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1735
3158c50c 1736 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1737
1738 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1739
1740 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1741 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1742 /* Clear bits which are generated but not distributed */
1743 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1744 /* Wait for Public Key from Initiating Device */
1745 return 0;
3b19146d 1746 }
da85e5e5 1747
983f9814
MH		 1748 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1749
2b64d153
BG		 1750 /* Request setup of TK */
1751 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1752 if (ret)
1753 return SMP_UNSPECIFIED;
1754
da85e5e5 1755 return 0;
88ba43b6
AB		 1756}
1757
3b19146d
JH		 1758static u8 sc_send_public_key(struct smp_chan *smp)
1759{
70157ef5
JH		 1760 struct hci_dev *hdev = smp->conn->hcon->hdev;
1761
3b19146d
JH		 1762 BT_DBG("");
1763
70157ef5
JH		 1764 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1765 BT_DBG("Using debug keys");
1766 memcpy(smp->local_pk, debug_pk, 64);
1767 memcpy(smp->local_sk, debug_sk, 32);
1768 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1769 } else {
1770 while (true) {
1771 /* Generate local key pair for Secure Connections */
1772 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1773 return SMP_UNSPECIFIED;
6c0dcc50 1774
70157ef5
JH		 1775 /* This is unlikely, but we need to check that
1776 * we didn't accidentially generate a debug key.
1777 */
1778 if (memcmp(smp->local_sk, debug_sk, 32))
1779 break;
1780 }
6c0dcc50 1781 }
3b19146d 1782
c7a3d57d
JH		 1783 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1784 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1785 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1786
1787 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1788
1789 return 0;
1790}
1791
da85e5e5 1792static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1793{
3158c50c 1794 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1795 struct l2cap_chan *chan = conn->smp;
1796 struct smp_chan *smp = chan->data;
0edb14de 1797 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1798 u8 key_size, auth;
7d24ddcc 1799 int ret;
88ba43b6
AB		 1800
1801 BT_DBG("conn %p", conn);
1802
c46b98be 1803 if (skb->len < sizeof(*rsp))
38e4a915 1804 return SMP_INVALID_PARAMS;
c46b98be 1805
40bef302 1806 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1807 return SMP_CMD_NOTSUPP;
1808
3158c50c
VCG		 1809 skb_pull(skb, sizeof(*rsp));
1810
1c1def09 1811 req = (void *) &smp->preq[1];
da85e5e5 1812
3158c50c
VCG		 1813 key_size = min(req->max_key_size, rsp->max_key_size);
1814 if (check_enc_key_size(conn, key_size))
1815 return SMP_ENC_KEY_SIZE;
1816
0edb14de 1817 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1818
903b71c7
JH		 1819 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1820 return SMP_AUTH_REQUIREMENTS;
1821
b5ae344d
JH		 1822 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1823 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1824
1825 /* Update remote key distribution in case the remote cleared
1826 * some bits that we had enabled in our request.
1827 */
1828 smp->remote_key_dist &= rsp->resp_key_dist;
1829
1830 /* For BR/EDR this means we're done and can start phase 3 */
1831 if (conn->hcon->type == ACL_LINK) {
1832 /* Clear bits which are generated but not distributed */
1833 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1834 smp_distribute_keys(smp);
1835 return 0;
1836 }
1837
65668776
JH		 1838 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1839 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1840 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1841 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1842
49c922bb 1843 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1844 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1845 u8 method;
1846
1847 method = get_auth_method(smp, req->io_capability,
1848 rsp->io_capability);
1849 if (method == JUST_WORKS || method == JUST_CFM)
1850 return SMP_AUTH_REQUIREMENTS;
1851 }
1852
e84a6b13 1853 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1854
fdcc4bec
JH		 1855 /* Update remote key distribution in case the remote cleared
1856 * some bits that we had enabled in our request.
1857 */
1858 smp->remote_key_dist &= rsp->resp_key_dist;
1859
3b19146d
JH		 1860 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1861 /* Clear bits which are generated but not distributed */
1862 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1863 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1864 return sc_send_public_key(smp);
1865 }
1866
c05b9339 1867 auth |= req->auth_req;
2b64d153 1868
476585ec 1869 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1870 if (ret)
1871 return SMP_UNSPECIFIED;
1872
4a74d658 1873 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1874
1875 /* Can't compose response until we have been confirmed */
4a74d658 1876 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1877 return smp_confirm(smp);
da85e5e5
VCG		 1878
1879 return 0;
88ba43b6
AB		 1880}
1881
dcee2b32
JH		 1882static u8 sc_check_confirm(struct smp_chan *smp)
1883{
1884 struct l2cap_conn *conn = smp->conn;
1885
1886 BT_DBG("");
1887
1888 /* Public Key exchange must happen before any other steps */
1889 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1890 return SMP_UNSPECIFIED;
1891
38606f14
JH		 1892 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1893 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1894
dcee2b32
JH		 1895 if (conn->hcon->out) {
1896 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1897 smp->prnd);
1898 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1899 }
1900
1901 return 0;
1902}
1903
da85e5e5 1904static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1905{
5d88cc73
JH		 1906 struct l2cap_chan *chan = conn->smp;
1907 struct smp_chan *smp = chan->data;
7d24ddcc 1908
88ba43b6
AB		 1909 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1910
c46b98be 1911 if (skb->len < sizeof(smp->pcnf))
38e4a915 1912 return SMP_INVALID_PARAMS;
c46b98be 1913
1c1def09
VCG		 1914 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1915 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1916
dcee2b32
JH		 1917 if (test_bit(SMP_FLAG_SC, &smp->flags))
1918 return sc_check_confirm(smp);
1919
b28b4943 1920 if (conn->hcon->out) {
943a732a
JH		 1921 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1922 smp->prnd);
b28b4943
JH		 1923 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1924 return 0;
1925 }
1926
1927 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1928 return smp_confirm(smp);
983f9814
MH		 1929
1930 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1931
1932 return 0;
88ba43b6
AB		 1933}
1934
da85e5e5 1935static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1936{
5d88cc73
JH		 1937 struct l2cap_chan *chan = conn->smp;
1938 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1939 struct hci_conn *hcon = conn->hcon;
1940 u8 *pkax, *pkbx, *na, *nb;
1941 u32 passkey;
1942 int err;
7d24ddcc 1943
8aab4757 1944 BT_DBG("conn %p", conn);
3158c50c 1945
c46b98be 1946 if (skb->len < sizeof(smp->rrnd))
38e4a915 1947 return SMP_INVALID_PARAMS;
c46b98be 1948
943a732a 1949 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1950 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1951
191dc7fe
JH		 1952 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1953 return smp_random(smp);
1954
580039e8
JH		 1955 if (hcon->out) {
1956 pkax = smp->local_pk;
1957 pkbx = smp->remote_pk;
1958 na = smp->prnd;
1959 nb = smp->rrnd;
1960 } else {
1961 pkax = smp->remote_pk;
1962 pkbx = smp->local_pk;
1963 na = smp->rrnd;
1964 nb = smp->prnd;
1965 }
1966
a29b0733
JH		 1967 if (smp->method == REQ_OOB) {
1968 if (!hcon->out)
1969 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1970 sizeof(smp->prnd), smp->prnd);
1971 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1972 goto mackey_and_ltk;
1973 }
1974
38606f14
JH		 1975 /* Passkey entry has special treatment */
1976 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1977 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1978
191dc7fe
JH		 1979 if (hcon->out) {
1980 u8 cfm[16];
1981
1982 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1983 smp->rrnd, 0, cfm);
1984 if (err)
1985 return SMP_UNSPECIFIED;
1986
1987 if (memcmp(smp->pcnf, cfm, 16))
1988 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 1989 } else {
1990 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1991 smp->prnd);
1992 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 1993 }
1994
a29b0733 1995mackey_and_ltk:
760b018b
JH		 1996 /* Generate MacKey and LTK */
1997 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1998 if (err)
1999 return SMP_UNSPECIFIED;
2000
a29b0733 2001 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2002 if (hcon->out) {
38606f14 2003 sc_dhkey_check(smp);
dddd3059
JH		 2004 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2005 }
2006 return 0;
2007 }
2008
38606f14
JH		 2009 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2010 if (err)
2011 return SMP_UNSPECIFIED;
2012
2013 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2014 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2015 if (err)
2016 return SMP_UNSPECIFIED;
2017
38606f14
JH		 2018 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2019
191dc7fe 2020 return 0;
88ba43b6
AB		 2021}
2022
f81cd823 2023static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2024{
c9839a11 2025 struct smp_ltk *key;
988c5997
VCG		 2026 struct hci_conn *hcon = conn->hcon;
2027
f3a73d97 2028 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2029 if (!key)
f81cd823 2030 return false;
988c5997 2031
a6f7833c 2032 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2033 return false;
4dab7864 2034
51a8efd7 2035 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2036 return true;
988c5997 2037
c9839a11
VCG		 2038 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2039 hcon->enc_key_size = key->enc_size;
988c5997 2040
fe59a05f
JH		 2041 /* We never store STKs for master role, so clear this flag */
2042 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2043
f81cd823 2044 return true;
988c5997 2045}
f1560463 2046
35dc6f83
JH		 2047bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2048 enum smp_key_pref key_pref)
854f4727
JH		 2049{
2050 if (sec_level == BT_SECURITY_LOW)
2051 return true;
2052
35dc6f83
JH		 2053 /* If we're encrypted with an STK but the caller prefers using
2054 * LTK claim insufficient security. This way we allow the
2055 * connection to be re-encrypted with an LTK, even if the LTK
2056 * provides the same level of security. Only exception is if we
2057 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2058 */
35dc6f83
JH		 2059 if (key_pref == SMP_USE_LTK &&
2060 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2061 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2062 return false;
2063
854f4727
JH		 2064 if (hcon->sec_level >= sec_level)
2065 return true;
2066
2067 return false;
2068}
2069
da85e5e5 2070static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2071{
2072 struct smp_cmd_security_req *rp = (void *) skb->data;
2073 struct smp_cmd_pairing cp;
f1cb9af5 2074 struct hci_conn *hcon = conn->hcon;
0edb14de 2075 struct hci_dev *hdev = hcon->hdev;
8aab4757 2076 struct smp_chan *smp;
c05b9339 2077 u8 sec_level, auth;
88ba43b6
AB		 2078
2079 BT_DBG("conn %p", conn);
2080
c46b98be 2081 if (skb->len < sizeof(*rp))
38e4a915 2082 return SMP_INVALID_PARAMS;
c46b98be 2083
40bef302 2084 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2085 return SMP_CMD_NOTSUPP;
2086
0edb14de 2087 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2088
903b71c7
JH		 2089 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2090 return SMP_AUTH_REQUIREMENTS;
2091
5be5e275 2092 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2093 sec_level = BT_SECURITY_MEDIUM;
2094 else
2095 sec_level = authreq_to_seclevel(auth);
2096
35dc6f83 2097 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2098 return 0;
2099
c7262e71
JH		 2100 if (sec_level > hcon->pending_sec_level)
2101 hcon->pending_sec_level = sec_level;
feb45eb5 2102
4dab7864 2103 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2104 return 0;
2105
8aab4757 2106 smp = smp_chan_create(conn);
c29d2444
JH		 2107 if (!smp)
2108 return SMP_UNSPECIFIED;
d26a2345 2109
b6ae8457 2110 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 2111 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2112 return SMP_PAIRING_NOTSUPP;
2113
88ba43b6 2114 skb_pull(skb, sizeof(*rp));
88ba43b6 2115
da85e5e5 2116 memset(&cp, 0, sizeof(cp));
c05b9339 2117 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2118
1c1def09
VCG		 2119 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2120 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2121
88ba43b6 2122 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2123 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2124
da85e5e5 2125 return 0;
88ba43b6
AB		 2126}
2127
cc110922 2128int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2129{
cc110922 2130 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2131 struct l2cap_chan *chan;
0a66cf20 2132 struct smp_chan *smp;
2b64d153 2133 __u8 authreq;
fc75cc86 2134 int ret;
eb492e01 2135
3a0259bb
VCG		 2136 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2137
0a66cf20
JH		 2138 /* This may be NULL if there's an unexpected disconnection */
2139 if (!conn)
2140 return 1;
2141
c68b7f12
JH		 2142 chan = conn->smp;
2143
757aee0f 2144 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 2145 return 1;
2146
35dc6f83 2147 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2148 return 1;
f1cb9af5 2149
c7262e71
JH		 2150 if (sec_level > hcon->pending_sec_level)
2151 hcon->pending_sec_level = sec_level;
2152
40bef302 2153 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2154 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2155 return 0;
d26a2345 2156
fc75cc86
JH		 2157 l2cap_chan_lock(chan);
2158
2159 /* If SMP is already in progress ignore this request */
2160 if (chan->data) {
2161 ret = 0;
2162 goto unlock;
2163 }
d26a2345 2164
8aab4757 2165 smp = smp_chan_create(conn);
fc75cc86
JH		 2166 if (!smp) {
2167 ret = 1;
2168 goto unlock;
2169 }
2b64d153
BG		 2170
2171 authreq = seclevel_to_authreq(sec_level);
d26a2345 2172
d2eb9e10
JH		 2173 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2174 authreq |= SMP_AUTH_SC;
2175
79897d20
JH		 2176 /* Require MITM if IO Capability allows or the security level
2177 * requires it.
2e233644 2178 */
79897d20 2179 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2180 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2181 authreq |= SMP_AUTH_MITM;
2182
40bef302 2183 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2184 struct smp_cmd_pairing cp;
f01ead31 2185
2b64d153 2186 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2187 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2188 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2189
eb492e01 2190 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2191 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2192 } else {
2193 struct smp_cmd_security_req cp;
2b64d153 2194 cp.auth_req = authreq;
eb492e01 2195 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2196 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2197 }
2198
4a74d658 2199 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2200 ret = 0;
edca792c 2201
fc75cc86
JH		 2202unlock:
2203 l2cap_chan_unlock(chan);
2204 return ret;
eb492e01
AB		 2205}
2206
7034b911
VCG		 2207static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2208{
16b90839 2209 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2210 struct l2cap_chan *chan = conn->smp;
2211 struct smp_chan *smp = chan->data;
16b90839 2212
c46b98be
JH		 2213 BT_DBG("conn %p", conn);
2214
2215 if (skb->len < sizeof(*rp))
38e4a915 2216 return SMP_INVALID_PARAMS;
c46b98be 2217
b28b4943 2218 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2219
16b90839
VCG		 2220 skb_pull(skb, sizeof(*rp));
2221
1c1def09 2222 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2223
7034b911
VCG		 2224 return 0;
2225}
2226
2227static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2228{
16b90839 2229 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2230 struct l2cap_chan *chan = conn->smp;
2231 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2232 struct hci_dev *hdev = conn->hcon->hdev;
2233 struct hci_conn *hcon = conn->hcon;
23d0e128 2234 struct smp_ltk *ltk;
c9839a11 2235 u8 authenticated;
16b90839 2236
c46b98be
JH		 2237 BT_DBG("conn %p", conn);
2238
2239 if (skb->len < sizeof(*rp))
38e4a915 2240 return SMP_INVALID_PARAMS;
c46b98be 2241
9747a9f3
JH		 2242 /* Mark the information as received */
2243 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2244
b28b4943
JH		 2245 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2246 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2247 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2248 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2249
16b90839 2250 skb_pull(skb, sizeof(*rp));
7034b911 2251
ce39fb4e 2252 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2253 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2254 authenticated, smp->tk, smp->enc_key_size,
2255 rp->ediv, rp->rand);
2256 smp->ltk = ltk;
c6e81e9a 2257 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2258 smp_distribute_keys(smp);
7034b911
VCG		 2259
2260 return 0;
2261}
2262
fd349c02
JH		 2263static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2264{
2265 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2266 struct l2cap_chan *chan = conn->smp;
2267 struct smp_chan *smp = chan->data;
fd349c02
JH		 2268
2269 BT_DBG("");
2270
2271 if (skb->len < sizeof(*info))
38e4a915 2272 return SMP_INVALID_PARAMS;
fd349c02 2273
b28b4943 2274 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2275
fd349c02
JH		 2276 skb_pull(skb, sizeof(*info));
2277
2278 memcpy(smp->irk, info->irk, 16);
2279
2280 return 0;
2281}
2282
2283static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2284 struct sk_buff *skb)
2285{
2286 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2287 struct l2cap_chan *chan = conn->smp;
2288 struct smp_chan *smp = chan->data;
fd349c02
JH		 2289 struct hci_conn *hcon = conn->hcon;
2290 bdaddr_t rpa;
2291
2292 BT_DBG("");
2293
2294 if (skb->len < sizeof(*info))
38e4a915 2295 return SMP_INVALID_PARAMS;
fd349c02 2296
9747a9f3
JH		 2297 /* Mark the information as received */
2298 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2299
b28b4943
JH		 2300 if (smp->remote_key_dist & SMP_DIST_SIGN)
2301 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2302
fd349c02
JH		 2303 skb_pull(skb, sizeof(*info));
2304
a9a58f86
JH		 2305 /* Strictly speaking the Core Specification (4.1) allows sending
2306 * an empty address which would force us to rely on just the IRK
2307 * as "identity information". However, since such
2308 * implementations are not known of and in order to not over
2309 * complicate our implementation, simply pretend that we never
2310 * received an IRK for such a device.
e12af489
JH		 2311 *
2312 * The Identity Address must also be a Static Random or Public
2313 * Address, which hci_is_identity_address() checks for.
a9a58f86 2314 */
e12af489
JH		 2315 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2316 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2317 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2318 goto distribute;
a9a58f86
JH		 2319 }
2320
fd349c02
JH		 2321 bacpy(&smp->id_addr, &info->bdaddr);
2322 smp->id_addr_type = info->addr_type;
2323
2324 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2325 bacpy(&rpa, &hcon->dst);
2326 else
2327 bacpy(&rpa, BDADDR_ANY);
2328
23d0e128
JH		 2329 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2330 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2331
31dd624e 2332distribute:
c6e81e9a
JH		 2333 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2334 smp_distribute_keys(smp);
fd349c02
JH		 2335
2336 return 0;
2337}
2338
7ee4ea36
MH		 2339static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2340{
2341 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2342 struct l2cap_chan *chan = conn->smp;
2343 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2344 struct smp_csrk *csrk;
2345
2346 BT_DBG("conn %p", conn);
2347
2348 if (skb->len < sizeof(*rp))
38e4a915 2349 return SMP_INVALID_PARAMS;
7ee4ea36 2350
7ee4ea36
MH		 2351 /* Mark the information as received */
2352 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2353
2354 skb_pull(skb, sizeof(*rp));
2355
7ee4ea36
MH		 2356 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2357 if (csrk) {
4cd3928a
JH		 2358 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2359 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2360 else
2361 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2362 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2363 }
2364 smp->csrk = csrk;
d6268e86 2365 smp_distribute_keys(smp);
7ee4ea36
MH		 2366
2367 return 0;
2368}
2369
5e3d3d9b
JH		 2370static u8 sc_select_method(struct smp_chan *smp)
2371{
2372 struct l2cap_conn *conn = smp->conn;
2373 struct hci_conn *hcon = conn->hcon;
2374 struct smp_cmd_pairing *local, *remote;
2375 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2376
a29b0733
JH		 2377 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2378 return REQ_OOB;
2379
5e3d3d9b
JH		 2380 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2381 * which are needed as inputs to some crypto functions. To get
2382 * the "struct smp_cmd_pairing" from them we need to skip the
2383 * first byte which contains the opcode.
2384 */
2385 if (hcon->out) {
2386 local = (void *) &smp->preq[1];
2387 remote = (void *) &smp->prsp[1];
2388 } else {
2389 local = (void *) &smp->prsp[1];
2390 remote = (void *) &smp->preq[1];
2391 }
2392
2393 local_io = local->io_capability;
2394 remote_io = remote->io_capability;
2395
2396 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2397 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2398
2399 /* If either side wants MITM, look up the method from the table,
2400 * otherwise use JUST WORKS.
2401 */
2402 if (local_mitm || remote_mitm)
2403 method = get_auth_method(smp, local_io, remote_io);
2404 else
2405 method = JUST_WORKS;
2406
2407 /* Don't confirm locally initiated pairing attempts */
2408 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2409 method = JUST_WORKS;
2410
2411 return method;
2412}
2413
d8f8edbe
JH		 2414static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2415{
2416 struct smp_cmd_public_key *key = (void *) skb->data;
2417 struct hci_conn *hcon = conn->hcon;
2418 struct l2cap_chan *chan = conn->smp;
2419 struct smp_chan *smp = chan->data;
5e3d3d9b 2420 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2421 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2422 int err;
2423
2424 BT_DBG("conn %p", conn);
2425
2426 if (skb->len < sizeof(*key))
2427 return SMP_INVALID_PARAMS;
2428
2429 memcpy(smp->remote_pk, key, 64);
2430
2431 /* Non-initiating device sends its public key after receiving
2432 * the key from the initiating device.
2433 */
2434 if (!hcon->out) {
2435 err = sc_send_public_key(smp);
2436 if (err)
2437 return err;
2438 }
2439
c7a3d57d
JH		 2440 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2441 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2442
2443 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2444 return SMP_UNSPECIFIED;
2445
c7a3d57d 2446 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2447
2448 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2449
5e3d3d9b
JH		 2450 smp->method = sc_select_method(smp);
2451
2452 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2453
2454 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2455 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2456 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2457 else
2458 hcon->pending_sec_level = BT_SECURITY_FIPS;
2459
aeb7d461
JH		 2460 if (!memcmp(debug_pk, smp->remote_pk, 64))
2461 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2462
38606f14
JH		 2463 if (smp->method == DSP_PASSKEY) {
2464 get_random_bytes(&hcon->passkey_notify,
2465 sizeof(hcon->passkey_notify));
2466 hcon->passkey_notify %= 1000000;
2467 hcon->passkey_entered = 0;
2468 smp->passkey_round = 0;
2469 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2470 hcon->dst_type,
2471 hcon->passkey_notify,
2472 hcon->passkey_entered))
2473 return SMP_UNSPECIFIED;
2474 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2475 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2476 }
2477
a29b0733
JH		 2478 if (smp->method == REQ_OOB) {
2479 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2480 smp->rr, 0, cfm.confirm_val);
2481 if (err)
2482 return SMP_UNSPECIFIED;
2483
2484 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2485 return SMP_CONFIRM_FAILED;
2486
2487 if (hcon->out)
2488 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2489 sizeof(smp->prnd), smp->prnd);
2490
2491 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2492
2493 return 0;
2494 }
2495
38606f14
JH		 2496 if (hcon->out)
2497 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2498
2499 if (smp->method == REQ_PASSKEY) {
2500 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2501 hcon->dst_type))
2502 return SMP_UNSPECIFIED;
2503 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2504 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2505 return 0;
2506 }
2507
cbbbe3e2
JH		 2508 /* The Initiating device waits for the non-initiating device to
2509 * send the confirm value.
2510 */
2511 if (conn->hcon->out)
2512 return 0;
2513
2514 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2515 0, cfm.confirm_val);
2516 if (err)
2517 return SMP_UNSPECIFIED;
2518
2519 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2520 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2521
d8f8edbe
JH		 2522 return 0;
2523}
2524
6433a9a2
JH		 2525static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2526{
2527 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2528 struct l2cap_chan *chan = conn->smp;
2529 struct hci_conn *hcon = conn->hcon;
2530 struct smp_chan *smp = chan->data;
2531 u8 a[7], b[7], *local_addr, *remote_addr;
2532 u8 io_cap[3], r[16], e[16];
2533 int err;
2534
2535 BT_DBG("conn %p", conn);
2536
2537 if (skb->len < sizeof(*check))
2538 return SMP_INVALID_PARAMS;
2539
2540 memcpy(a, &hcon->init_addr, 6);
2541 memcpy(b, &hcon->resp_addr, 6);
2542 a[6] = hcon->init_addr_type;
2543 b[6] = hcon->resp_addr_type;
2544
2545 if (hcon->out) {
2546 local_addr = a;
2547 remote_addr = b;
2548 memcpy(io_cap, &smp->prsp[1], 3);
2549 } else {
2550 local_addr = b;
2551 remote_addr = a;
2552 memcpy(io_cap, &smp->preq[1], 3);
2553 }
2554
2555 memset(r, 0, sizeof(r));
2556
38606f14
JH		 2557 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2558 put_unaligned_le32(hcon->passkey_notify, r);
2559
6433a9a2
JH		 2560 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2561 io_cap, remote_addr, local_addr, e);
2562 if (err)
2563 return SMP_UNSPECIFIED;
2564
2565 if (memcmp(check->e, e, 16))
2566 return SMP_DHKEY_CHECK_FAILED;
2567
d3e54a87
JH		 2568 if (!hcon->out) {
2569 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2570 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2571 return 0;
2572 }
d378a2d7 2573
d3e54a87
JH		 2574 /* Slave sends DHKey check as response to master */
2575 sc_dhkey_check(smp);
2576 }
d378a2d7 2577
d3e54a87 2578 sc_add_ltk(smp);
6433a9a2
JH		 2579
2580 if (hcon->out) {
2581 hci_le_start_enc(hcon, 0, 0, smp->tk);
2582 hcon->enc_key_size = smp->enc_key_size;
2583 }
2584
2585 return 0;
2586}
2587
1408bb6e
JH		 2588static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2589 struct sk_buff *skb)
2590{
2591 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2592
2593 BT_DBG("value 0x%02x", kp->value);
2594
2595 return 0;
2596}
2597
4befb867 2598static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2599{
5d88cc73 2600 struct l2cap_conn *conn = chan->conn;
7b9899db 2601 struct hci_conn *hcon = conn->hcon;
b28b4943 2602 struct smp_chan *smp;
92381f5c 2603 __u8 code, reason;
eb492e01
AB		 2604 int err = 0;
2605
8ae9b984 2606 if (skb->len < 1)
92381f5c 2607 return -EILSEQ;
92381f5c 2608
06ae3314 2609 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2610 reason = SMP_PAIRING_NOTSUPP;
2611 goto done;
2612 }
2613
92381f5c 2614 code = skb->data[0];
eb492e01
AB		 2615 skb_pull(skb, sizeof(code));
2616
b28b4943
JH		 2617 smp = chan->data;
2618
2619 if (code > SMP_CMD_MAX)
2620 goto drop;
2621
24bd0bd9 2622 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2623 goto drop;
2624
2625 /* If we don't have a context the only allowed commands are
2626 * pairing request and security request.
8cf9fa12 2627 */
b28b4943
JH		 2628 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2629 goto drop;
8cf9fa12 2630
eb492e01
AB		 2631 switch (code) {
2632 case SMP_CMD_PAIRING_REQ:
da85e5e5 2633 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2634 break;
2635
2636 case SMP_CMD_PAIRING_FAIL:
84794e11 2637 smp_failure(conn, 0);
da85e5e5 2638 err = -EPERM;
eb492e01
AB		 2639 break;
2640
2641 case SMP_CMD_PAIRING_RSP:
da85e5e5 2642 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2643 break;
2644
2645 case SMP_CMD_SECURITY_REQ:
da85e5e5 2646 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2647 break;
2648
eb492e01 2649 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2650 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2651 break;
2652
eb492e01 2653 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2654 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2655 break;
2656
eb492e01 2657 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2658 reason = smp_cmd_encrypt_info(conn, skb);
2659 break;
2660
eb492e01 2661 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2662 reason = smp_cmd_master_ident(conn, skb);
2663 break;
2664
eb492e01 2665 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2666 reason = smp_cmd_ident_info(conn, skb);
2667 break;
2668
eb492e01 2669 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2670 reason = smp_cmd_ident_addr_info(conn, skb);
2671 break;
2672
eb492e01 2673 case SMP_CMD_SIGN_INFO:
7ee4ea36 2674 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2675 break;
2676
d8f8edbe
JH		 2677 case SMP_CMD_PUBLIC_KEY:
2678 reason = smp_cmd_public_key(conn, skb);
2679 break;
2680
6433a9a2
JH		 2681 case SMP_CMD_DHKEY_CHECK:
2682 reason = smp_cmd_dhkey_check(conn, skb);
2683 break;
2684
1408bb6e
JH		 2685 case SMP_CMD_KEYPRESS_NOTIFY:
2686 reason = smp_cmd_keypress_notify(conn, skb);
2687 break;
2688
eb492e01
AB		 2689 default:
2690 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2691 reason = SMP_CMD_NOTSUPP;
3a0259bb 2692 goto done;
eb492e01
AB		 2693 }
2694
3a0259bb 2695done:
9b7b18ef
JH		 2696 if (!err) {
2697 if (reason)
2698 smp_failure(conn, reason);
8ae9b984 2699 kfree_skb(skb);
9b7b18ef
JH		 2700 }
2701
eb492e01 2702 return err;
b28b4943
JH		 2703
2704drop:
2705 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2706 code, &hcon->dst);
2707 kfree_skb(skb);
2708 return 0;
eb492e01 2709}
7034b911 2710
70db83c4
JH		 2711static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2712{
2713 struct l2cap_conn *conn = chan->conn;
2714
2715 BT_DBG("chan %p", chan);
2716
fc75cc86 2717 if (chan->data)
5d88cc73 2718 smp_chan_destroy(conn);
5d88cc73 2719
70db83c4
JH		 2720 conn->smp = NULL;
2721 l2cap_chan_put(chan);
2722}
2723
b5ae344d
JH		 2724static void bredr_pairing(struct l2cap_chan *chan)
2725{
2726 struct l2cap_conn *conn = chan->conn;
2727 struct hci_conn *hcon = conn->hcon;
2728 struct hci_dev *hdev = hcon->hdev;
2729 struct smp_cmd_pairing req;
2730 struct smp_chan *smp;
2731
2732 BT_DBG("chan %p", chan);
2733
2734 /* Only new pairings are interesting */
2735 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2736 return;
2737
2738 /* Don't bother if we're not encrypted */
2739 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2740 return;
2741
2742 /* Only master may initiate SMP over BR/EDR */
2743 if (hcon->role != HCI_ROLE_MASTER)
2744 return;
2745
2746 /* Secure Connections support must be enabled */
2747 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2748 return;
2749
2750 /* BR/EDR must use Secure Connections for SMP */
2751 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
300acfde 2752 !test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
b5ae344d
JH		 2753 return;
2754
2755 /* If our LE support is not enabled don't do anything */
2756 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2757 return;
2758
2759 /* Don't bother if remote LE support is not enabled */
2760 if (!lmp_host_le_capable(hcon))
2761 return;
2762
2763 /* Remote must support SMP fixed chan for BR/EDR */
2764 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2765 return;
2766
2767 /* Don't bother if SMP is already ongoing */
2768 if (chan->data)
2769 return;
2770
2771 smp = smp_chan_create(conn);
2772 if (!smp) {
2773 BT_ERR("%s unable to create SMP context for BR/EDR",
2774 hdev->name);
2775 return;
2776 }
2777
2778 set_bit(SMP_FLAG_SC, &smp->flags);
2779
2780 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2781
2782 /* Prepare and send the BR/EDR SMP Pairing Request */
2783 build_bredr_pairing_cmd(smp, &req, NULL);
2784
2785 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2786 memcpy(&smp->preq[1], &req, sizeof(req));
2787
2788 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2789 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2790}
2791
44f1a7ab
JH		 2792static void smp_resume_cb(struct l2cap_chan *chan)
2793{
b68fda68 2794 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2795 struct l2cap_conn *conn = chan->conn;
2796 struct hci_conn *hcon = conn->hcon;
2797
2798 BT_DBG("chan %p", chan);
2799
b5ae344d
JH		 2800 if (hcon->type == ACL_LINK) {
2801 bredr_pairing(chan);
ef8efe4b 2802 return;
b5ae344d 2803 }
ef8efe4b 2804
86d1407c
JH		 2805 if (!smp)
2806 return;
b68fda68 2807
84bc0db5
JH		 2808 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2809 return;
2810
86d1407c
JH		 2811 cancel_delayed_work(&smp->security_timer);
2812
d6268e86 2813 smp_distribute_keys(smp);
44f1a7ab
JH		 2814}
2815
70db83c4
JH		 2816static void smp_ready_cb(struct l2cap_chan *chan)
2817{
2818 struct l2cap_conn *conn = chan->conn;
b5ae344d 2819 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2820
2821 BT_DBG("chan %p", chan);
2822
2823 conn->smp = chan;
2824 l2cap_chan_hold(chan);
b5ae344d
JH		 2825
2826 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2827 bredr_pairing(chan);
70db83c4
JH		 2828}
2829
4befb867
JH		 2830static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2831{
2832 int err;
2833
2834 BT_DBG("chan %p", chan);
2835
2836 err = smp_sig_channel(chan, skb);
2837 if (err) {
b68fda68 2838 struct smp_chan *smp = chan->data;
4befb867 2839
b68fda68
JH		 2840 if (smp)
2841 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2842
1e91c29e 2843 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2844 }
2845
2846 return err;
2847}
2848
70db83c4
JH		 2849static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2850 unsigned long hdr_len,
2851 unsigned long len, int nb)
2852{
2853 struct sk_buff *skb;
2854
2855 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2856 if (!skb)
2857 return ERR_PTR(-ENOMEM);
2858
2859 skb->priority = HCI_PRIO_MAX;
2860 bt_cb(skb)->chan = chan;
2861
2862 return skb;
2863}
2864
2865static const struct l2cap_ops smp_chan_ops = {
2866 .name = "Security Manager",
2867 .ready = smp_ready_cb,
5d88cc73 2868 .recv = smp_recv_cb,
70db83c4
JH		 2869 .alloc_skb = smp_alloc_skb_cb,
2870 .teardown = smp_teardown_cb,
44f1a7ab 2871 .resume = smp_resume_cb,
70db83c4
JH		 2872
2873 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2874 .state_change = l2cap_chan_no_state_change,
2875 .close = l2cap_chan_no_close,
2876 .defer = l2cap_chan_no_defer,
2877 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2878 .set_shutdown = l2cap_chan_no_set_shutdown,
2879 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2880};
2881
2882static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2883{
2884 struct l2cap_chan *chan;
2885
2886 BT_DBG("pchan %p", pchan);
2887
2888 chan = l2cap_chan_create();
2889 if (!chan)
2890 return NULL;
2891
2892 chan->chan_type = pchan->chan_type;
2893 chan->ops = &smp_chan_ops;
2894 chan->scid = pchan->scid;
2895 chan->dcid = chan->scid;
2896 chan->imtu = pchan->imtu;
2897 chan->omtu = pchan->omtu;
2898 chan->mode = pchan->mode;
2899
abe84903
JH		 2900 /* Other L2CAP channels may request SMP routines in order to
2901 * change the security level. This means that the SMP channel
2902 * lock must be considered in its own category to avoid lockdep
2903 * warnings.
2904 */
2905 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2906
70db83c4
JH		 2907 BT_DBG("created chan %p", chan);
2908
2909 return chan;
2910}
2911
2912static const struct l2cap_ops smp_root_chan_ops = {
2913 .name = "Security Manager Root",
2914 .new_connection = smp_new_conn_cb,
2915
2916 /* None of these are implemented for the root channel */
2917 .close = l2cap_chan_no_close,
2918 .alloc_skb = l2cap_chan_no_alloc_skb,
2919 .recv = l2cap_chan_no_recv,
2920 .state_change = l2cap_chan_no_state_change,
2921 .teardown = l2cap_chan_no_teardown,
2922 .ready = l2cap_chan_no_ready,
2923 .defer = l2cap_chan_no_defer,
2924 .suspend = l2cap_chan_no_suspend,
2925 .resume = l2cap_chan_no_resume,
2926 .set_shutdown = l2cap_chan_no_set_shutdown,
2927 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2928};
2929
ef8efe4b 2930static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 2931{
70db83c4 2932 struct l2cap_chan *chan;
defce9e8 2933 struct crypto_blkcipher *tfm_aes;
70db83c4 2934
ef8efe4b
JH		 2935 if (cid == L2CAP_CID_SMP_BREDR) {
2936 tfm_aes = NULL;
2937 goto create_chan;
2938 }
711eafe3 2939
adae20cb 2940 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8 2941 if (IS_ERR(tfm_aes)) {
711eafe3 2942 BT_ERR("Unable to create crypto context");
fe700771 2943 return ERR_CAST(tfm_aes);
711eafe3
JH		 2944 }
2945
ef8efe4b 2946create_chan:
70db83c4
JH		 2947 chan = l2cap_chan_create();
2948 if (!chan) {
defce9e8 2949 crypto_free_blkcipher(tfm_aes);
ef8efe4b 2950 return ERR_PTR(-ENOMEM);
70db83c4
JH		 2951 }
2952
defce9e8
JH		 2953 chan->data = tfm_aes;
2954
ef8efe4b 2955 l2cap_add_scid(chan, cid);
70db83c4
JH		 2956
2957 l2cap_chan_set_defaults(chan);
2958
157029ba 2959 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 2960 u8 bdaddr_type;
2961
2962 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
2963
2964 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 2965 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 2966 else
2967 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 2968 } else {
2969 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 2970 chan->src_type = BDADDR_BREDR;
157029ba
MH		 2971 }
2972
70db83c4
JH		 2973 chan->state = BT_LISTEN;
2974 chan->mode = L2CAP_MODE_BASIC;
2975 chan->imtu = L2CAP_DEFAULT_MTU;
2976 chan->ops = &smp_root_chan_ops;
2977
abe84903
JH		 2978 /* Set correct nesting level for a parent/listening channel */
2979 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2980
ef8efe4b 2981 return chan;
711eafe3
JH		 2982}
2983
ef8efe4b 2984static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 2985{
ef8efe4b 2986 struct crypto_blkcipher *tfm_aes;
70db83c4 2987
ef8efe4b 2988 BT_DBG("chan %p", chan);
711eafe3 2989
defce9e8
JH		 2990 tfm_aes = chan->data;
2991 if (tfm_aes) {
2992 chan->data = NULL;
2993 crypto_free_blkcipher(tfm_aes);
711eafe3 2994 }
70db83c4 2995
70db83c4 2996 l2cap_chan_put(chan);
711eafe3 2997}
ef8efe4b 2998
300acfde
MH		 2999static ssize_t force_bredr_smp_read(struct file *file,
3000 char __user *user_buf,
3001 size_t count, loff_t *ppos)
3002{
3003 struct hci_dev *hdev = file->private_data;
3004 char buf[3];
3005
3006 buf[0] = test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags) ? 'Y': 'N';
3007 buf[1] = '\n';
3008 buf[2] = '\0';
3009 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3010}
3011
3012static ssize_t force_bredr_smp_write(struct file *file,
3013 const char __user *user_buf,
3014 size_t count, loff_t *ppos)
3015{
3016 struct hci_dev *hdev = file->private_data;
3017 char buf[32];
3018 size_t buf_size = min(count, (sizeof(buf)-1));
3019 bool enable;
3020
3021 if (copy_from_user(buf, user_buf, buf_size))
3022 return -EFAULT;
3023
3024 buf[buf_size] = '\0';
3025 if (strtobool(buf, &enable))
3026 return -EINVAL;
3027
3028 if (enable == test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
3029 return -EALREADY;
3030
3031 if (enable) {
3032 struct l2cap_chan *chan;
3033
3034 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3035 if (IS_ERR(chan))
3036 return PTR_ERR(chan);
3037
3038 hdev->smp_bredr_data = chan;
3039 } else {
3040 struct l2cap_chan *chan;
3041
3042 chan = hdev->smp_bredr_data;
3043 hdev->smp_bredr_data = NULL;
3044 smp_del_chan(chan);
3045 }
3046
3047 change_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags);
3048
3049 return count;
3050}
3051
3052static const struct file_operations force_bredr_smp_fops = {
3053 .open = simple_open,
3054 .read = force_bredr_smp_read,
3055 .write = force_bredr_smp_write,
3056 .llseek = default_llseek,
3057};
3058
ef8efe4b
JH		 3059int smp_register(struct hci_dev *hdev)
3060{
3061 struct l2cap_chan *chan;
3062
3063 BT_DBG("%s", hdev->name);
3064
7e7ec445
MH		 3065 /* If the controller does not support Low Energy operation, then
3066 * there is also no need to register any SMP channel.
3067 */
3068 if (!lmp_le_capable(hdev))
3069 return 0;
3070
2b8df323
MH		 3071 if (WARN_ON(hdev->smp_data)) {
3072 chan = hdev->smp_data;
3073 hdev->smp_data = NULL;
3074 smp_del_chan(chan);
3075 }
3076
ef8efe4b
JH		 3077 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3078 if (IS_ERR(chan))
3079 return PTR_ERR(chan);
3080
3081 hdev->smp_data = chan;
3082
300acfde
MH		 3083 /* If the controller does not support BR/EDR Secure Connections
3084 * feature, then the BR/EDR SMP channel shall not be present.
3085 *
3086 * To test this with Bluetooth 4.0 controllers, create a debugfs
3087 * switch that allows forcing BR/EDR SMP support and accepting
3088 * cross-transport pairing on non-AES encrypted connections.
3089 */
3090 if (!lmp_sc_capable(hdev)) {
3091 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3092 hdev, &force_bredr_smp_fops);
ef8efe4b 3093 return 0;
300acfde 3094 }
ef8efe4b 3095
2b8df323
MH		 3096 if (WARN_ON(hdev->smp_bredr_data)) {
3097 chan = hdev->smp_bredr_data;
3098 hdev->smp_bredr_data = NULL;
3099 smp_del_chan(chan);
3100 }
3101
ef8efe4b
JH		 3102 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3103 if (IS_ERR(chan)) {
3104 int err = PTR_ERR(chan);
3105 chan = hdev->smp_data;
3106 hdev->smp_data = NULL;
3107 smp_del_chan(chan);
3108 return err;
3109 }
3110
3111 hdev->smp_bredr_data = chan;
3112
3113 return 0;
3114}
3115
3116void smp_unregister(struct hci_dev *hdev)
3117{
3118 struct l2cap_chan *chan;
3119
3120 if (hdev->smp_bredr_data) {
3121 chan = hdev->smp_bredr_data;
3122 hdev->smp_bredr_data = NULL;
3123 smp_del_chan(chan);
3124 }
3125
3126 if (hdev->smp_data) {
3127 chan = hdev->smp_data;
3128 hdev->smp_data = NULL;
3129 smp_del_chan(chan);
3130 }
3131}
0a2b0f04
JH		 3132
3133#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3134
cfc4198e
JH		 3135static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3136{
3137 const u8 irk[16] = {
3138 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3139 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3140 const u8 r[3] = { 0x94, 0x81, 0x70 };
3141 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3142 u8 res[3];
3143 int err;
3144
3145 err = smp_ah(tfm_aes, irk, r, res);
3146 if (err)
3147 return err;
3148
3149 if (memcmp(res, exp, 3))
3150 return -EINVAL;
3151
3152 return 0;
3153}
3154
3155static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3156{
3157 const u8 k[16] = {
3158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3160 const u8 r[16] = {
3161 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3162 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3163 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3164 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3165 const u8 _iat = 0x01;
3166 const u8 _rat = 0x00;
3167 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3168 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3169 const u8 exp[16] = {
3170 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3171 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3172 u8 res[16];
3173 int err;
3174
3175 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3176 if (err)
3177 return err;
3178
3179 if (memcmp(res, exp, 16))
3180 return -EINVAL;
3181
3182 return 0;
3183}
3184
3185static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3186{
3187 const u8 k[16] = {
3188 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3189 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3190 const u8 r1[16] = {
3191 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3192 const u8 r2[16] = {
3193 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3194 const u8 exp[16] = {
3195 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3196 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3197 u8 res[16];
3198 int err;
3199
3200 err = smp_s1(tfm_aes, k, r1, r2, res);
3201 if (err)
3202 return err;
3203
3204 if (memcmp(res, exp, 16))
3205 return -EINVAL;
3206
3207 return 0;
3208}
3209
fb2969a3
JH		 3210static int __init test_f4(struct crypto_hash *tfm_cmac)
3211{
3212 const u8 u[32] = {
3213 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3214 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3215 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3216 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3217 const u8 v[32] = {
3218 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3219 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3220 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3221 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3222 const u8 x[16] = {
3223 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3224 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3225 const u8 z = 0x00;
3226 const u8 exp[16] = {
3227 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3228 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3229 u8 res[16];
3230 int err;
3231
3232 err = smp_f4(tfm_cmac, u, v, x, z, res);
3233 if (err)
3234 return err;
3235
3236 if (memcmp(res, exp, 16))
3237 return -EINVAL;
3238
3239 return 0;
3240}
3241
3242static int __init test_f5(struct crypto_hash *tfm_cmac)
3243{
3244 const u8 w[32] = {
3245 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3246 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3247 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3248 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3249 const u8 n1[16] = {
3250 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3251 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3252 const u8 n2[16] = {
3253 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3254 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3255 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3256 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3257 const u8 exp_ltk[16] = {
3258 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3259 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3260 const u8 exp_mackey[16] = {
3261 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3262 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3263 u8 mackey[16], ltk[16];
3264 int err;
3265
3266 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3267 if (err)
3268 return err;
3269
3270 if (memcmp(mackey, exp_mackey, 16))
3271 return -EINVAL;
3272
3273 if (memcmp(ltk, exp_ltk, 16))
3274 return -EINVAL;
3275
3276 return 0;
3277}
3278
3279static int __init test_f6(struct crypto_hash *tfm_cmac)
3280{
3281 const u8 w[16] = {
3282 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3283 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3284 const u8 n1[16] = {
3285 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3286 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3287 const u8 n2[16] = {
3288 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3289 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3290 const u8 r[16] = {
3291 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3292 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3293 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3294 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3295 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3296 const u8 exp[16] = {
3297 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3298 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3299 u8 res[16];
3300 int err;
3301
3302 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3303 if (err)
3304 return err;
3305
3306 if (memcmp(res, exp, 16))
3307 return -EINVAL;
3308
3309 return 0;
3310}
3311
3312static int __init test_g2(struct crypto_hash *tfm_cmac)
3313{
3314 const u8 u[32] = {
3315 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3316 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3317 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3318 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3319 const u8 v[32] = {
3320 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3321 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3322 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3323 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3324 const u8 x[16] = {
3325 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3326 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3327 const u8 y[16] = {
3328 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3329 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3330 const u32 exp_val = 0x2f9ed5ba % 1000000;
3331 u32 val;
3332 int err;
3333
3334 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3335 if (err)
3336 return err;
3337
3338 if (val != exp_val)
3339 return -EINVAL;
3340
3341 return 0;
3342}
3343
3344static int __init test_h6(struct crypto_hash *tfm_cmac)
3345{
3346 const u8 w[16] = {
3347 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3348 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3349 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3350 const u8 exp[16] = {
3351 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3352 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3353 u8 res[16];
3354 int err;
3355
3356 err = smp_h6(tfm_cmac, w, key_id, res);
3357 if (err)
3358 return err;
3359
3360 if (memcmp(res, exp, 16))
3361 return -EINVAL;
3362
3363 return 0;
3364}
3365
0a2b0f04
JH		 3366static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3367 struct crypto_hash *tfm_cmac)
3368{
255047b0
MH		 3369 ktime_t calltime, delta, rettime;
3370 unsigned long long duration;
cfc4198e
JH		 3371 int err;
3372
255047b0
MH		 3373 calltime = ktime_get();
3374
cfc4198e
JH		 3375 err = test_ah(tfm_aes);
3376 if (err) {
3377 BT_ERR("smp_ah test failed");
3378 return err;
3379 }
3380
3381 err = test_c1(tfm_aes);
3382 if (err) {
3383 BT_ERR("smp_c1 test failed");
3384 return err;
3385 }
3386
3387 err = test_s1(tfm_aes);
3388 if (err) {
3389 BT_ERR("smp_s1 test failed");
3390 return err;
3391 }
3392
fb2969a3
JH		 3393 err = test_f4(tfm_cmac);
3394 if (err) {
3395 BT_ERR("smp_f4 test failed");
3396 return err;
3397 }
3398
3399 err = test_f5(tfm_cmac);
3400 if (err) {
3401 BT_ERR("smp_f5 test failed");
3402 return err;
3403 }
3404
3405 err = test_f6(tfm_cmac);
3406 if (err) {
3407 BT_ERR("smp_f6 test failed");
3408 return err;
3409 }
3410
3411 err = test_g2(tfm_cmac);
3412 if (err) {
3413 BT_ERR("smp_g2 test failed");
3414 return err;
3415 }
3416
3417 err = test_h6(tfm_cmac);
3418 if (err) {
3419 BT_ERR("smp_h6 test failed");
3420 return err;
3421 }
3422
255047b0
MH		 3423 rettime = ktime_get();
3424 delta = ktime_sub(rettime, calltime);
3425 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3426
5ced2464 3427 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04
JH		 3428
3429 return 0;
3430}
3431
3432int __init bt_selftest_smp(void)
3433{
3434 struct crypto_blkcipher *tfm_aes;
3435 struct crypto_hash *tfm_cmac;
3436 int err;
3437
3438 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3439 if (IS_ERR(tfm_aes)) {
3440 BT_ERR("Unable to create ECB crypto context");
3441 return PTR_ERR(tfm_aes);
3442 }
3443
3444 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3445 if (IS_ERR(tfm_cmac)) {
3446 BT_ERR("Unable to create CMAC crypto context");
3447 crypto_free_blkcipher(tfm_aes);
3448 return PTR_ERR(tfm_cmac);
3449 }
3450
3451 err = run_selftests(tfm_aes, tfm_cmac);
3452
3453 crypto_free_hash(tfm_cmac);
3454 crypto_free_blkcipher(tfm_aes);
3455
3456 return err;
3457}
3458
3459#endif
Linux kernel - Deliverables
This page took 0.650333 seconds and 5 git commands to generate.