projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: skbuff: don't zero tc members when freeing skb
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
8c520a59
GP		 23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
eb492e01
AB		 27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
2b64d153 30#include <net/bluetooth/mgmt.h>
ac4b7236 31
3b19146d 32#include "ecc.h"
ac4b7236 33#include "smp.h"
d22ef0bc 34
c7a3d57d
JH		 35/* Low-level debug macros to be used for stuff that we don't want
36 * accidentially in dmesg, i.e. the values of the various crypto keys
37 * and the inputs & outputs of crypto functions.
38 */
39#ifdef DEBUG
40#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
41 ##__VA_ARGS__)
42#else
43#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
44 ##__VA_ARGS__)
45#endif
46
b28b4943 47#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 48
3b19146d
JH		 49/* Keys which are not distributed with Secure Connections */
50#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
51
17b02e62 52#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 53
0edb14de
JH		 54#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
55 0x1f : 0x07)
56#define KEY_DIST_MASK 0x07
065a13e2 57
cbbbe3e2
JH		 58/* Maximum message length that can be passed to aes_cmac */
59#define CMAC_MSG_MAX 80
60
533e35d4
JH		 61enum {
62 SMP_FLAG_TK_VALID,
63 SMP_FLAG_CFM_PENDING,
64 SMP_FLAG_MITM_AUTH,
65 SMP_FLAG_COMPLETE,
66 SMP_FLAG_INITIATOR,
65668776 67 SMP_FLAG_SC,
d8f8edbe 68 SMP_FLAG_REMOTE_PK,
aeb7d461 69 SMP_FLAG_DEBUG_KEY,
38606f14 70 SMP_FLAG_WAIT_USER,
d3e54a87 71 SMP_FLAG_DHKEY_PENDING,
02b05bd8 72 SMP_FLAG_OOB,
533e35d4 73};
4bc58f51
JH		 74
75struct smp_chan {
b68fda68
JH		 76 struct l2cap_conn *conn;
77 struct delayed_work security_timer;
b28b4943 78 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 79
4bc58f51
JH		 80 u8 preq[7]; /* SMP Pairing Request */
81 u8 prsp[7]; /* SMP Pairing Response */
82 u8 prnd[16]; /* SMP Pairing Random (local) */
83 u8 rrnd[16]; /* SMP Pairing Random (remote) */
84 u8 pcnf[16]; /* SMP Pairing Confirm */
85 u8 tk[16]; /* SMP Temporary Key */
a29b0733 86 u8 rr[16];
4bc58f51
JH		 87 u8 enc_key_size;
88 u8 remote_key_dist;
89 bdaddr_t id_addr;
90 u8 id_addr_type;
91 u8 irk[16];
92 struct smp_csrk *csrk;
93 struct smp_csrk *slave_csrk;
94 struct smp_ltk *ltk;
95 struct smp_ltk *slave_ltk;
96 struct smp_irk *remote_irk;
6a77083a 97 u8 *link_key;
4a74d658 98 unsigned long flags;
783e0574 99 u8 method;
38606f14 100 u8 passkey_round;
6a7bd103 101
3b19146d
JH		 102 /* Secure Connections variables */
103 u8 local_pk[64];
104 u8 local_sk[32];
d8f8edbe
JH		 105 u8 remote_pk[64];
106 u8 dhkey[32];
760b018b 107 u8 mackey[16];
3b19146d 108
6a7bd103 109 struct crypto_blkcipher *tfm_aes;
407cecf6 110 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 111};
112
aeb7d461
JH		 113/* These debug key values are defined in the SMP section of the core
114 * specification. debug_pk is the public debug key and debug_sk the
115 * private debug key.
116 */
117static const u8 debug_pk[64] = {
118 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
122
123 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
127};
128
129static const u8 debug_sk[32] = {
130 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
134};
135
8a2936f4 136static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 137{
8a2936f4 138 size_t i;
d22ef0bc 139
8a2936f4
JH		 140 for (i = 0; i < len; i++)
141 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 142}
143
06edf8de
JH		 144/* The following functions map to the LE SC SMP crypto functions
145 * AES-CMAC, f4, f5, f6, g2 and h6.
146 */
147
cbbbe3e2
JH		 148static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
149 size_t len, u8 mac[16])
150{
151 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
152 struct hash_desc desc;
153 struct scatterlist sg;
154 int err;
155
156 if (len > CMAC_MSG_MAX)
157 return -EFBIG;
158
159 if (!tfm) {
160 BT_ERR("tfm %p", tfm);
161 return -EINVAL;
162 }
163
164 desc.tfm = tfm;
165 desc.flags = 0;
166
167 crypto_hash_init(&desc);
168
169 /* Swap key and message from LSB to MSB */
170 swap_buf(k, tmp, 16);
171 swap_buf(m, msg_msb, len);
172
c7a3d57d
JH		 173 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
174 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 175
176 err = crypto_hash_setkey(tfm, tmp, 16);
177 if (err) {
178 BT_ERR("cipher setkey failed: %d", err);
179 return err;
180 }
181
182 sg_init_one(&sg, msg_msb, len);
183
184 err = crypto_hash_update(&desc, &sg, len);
185 if (err) {
186 BT_ERR("Hash update error %d", err);
187 return err;
188 }
189
190 err = crypto_hash_final(&desc, mac_msb);
191 if (err) {
192 BT_ERR("Hash final error %d", err);
193 return err;
194 }
195
196 swap_buf(mac_msb, mac, 16);
197
c7a3d57d 198 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 199
200 return 0;
201}
202
203static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
204 const u8 x[16], u8 z, u8 res[16])
205{
206 u8 m[65];
207 int err;
208
c7a3d57d
JH		 209 SMP_DBG("u %32phN", u);
210 SMP_DBG("v %32phN", v);
211 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 212
213 m[0] = z;
214 memcpy(m + 1, v, 32);
215 memcpy(m + 33, u, 32);
216
217 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
218 if (err)
219 return err;
220
c7a3d57d 221 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 222
223 return err;
224}
225
4da50de8
JH		 226static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
227 const u8 n1[16], const u8 n2[16], const u8 a1[7],
228 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 229{
230 /* The btle, salt and length "magic" values are as defined in
231 * the SMP section of the Bluetooth core specification. In ASCII
232 * the btle value ends up being 'btle'. The salt is just a
233 * random number whereas length is the value 256 in little
234 * endian format.
235 */
236 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
237 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
238 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
239 const u8 length[2] = { 0x00, 0x01 };
240 u8 m[53], t[16];
241 int err;
242
c7a3d57d
JH		 243 SMP_DBG("w %32phN", w);
244 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
245 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 246
247 err = aes_cmac(tfm_cmac, salt, w, 32, t);
248 if (err)
249 return err;
250
c7a3d57d 251 SMP_DBG("t %16phN", t);
760b018b
JH		 252
253 memcpy(m, length, 2);
254 memcpy(m + 2, a2, 7);
255 memcpy(m + 9, a1, 7);
256 memcpy(m + 16, n2, 16);
257 memcpy(m + 32, n1, 16);
258 memcpy(m + 48, btle, 4);
259
260 m[52] = 0; /* Counter */
261
262 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
263 if (err)
264 return err;
265
c7a3d57d 266 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 267
268 m[52] = 1; /* Counter */
269
270 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
271 if (err)
272 return err;
273
c7a3d57d 274 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 275
276 return 0;
277}
278
279static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
4da50de8 280 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 281 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
282 u8 res[16])
283{
284 u8 m[65];
285 int err;
286
c7a3d57d
JH		 287 SMP_DBG("w %16phN", w);
288 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
289 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 290
291 memcpy(m, a2, 7);
292 memcpy(m + 7, a1, 7);
293 memcpy(m + 14, io_cap, 3);
294 memcpy(m + 17, r, 16);
295 memcpy(m + 33, n2, 16);
296 memcpy(m + 49, n1, 16);
297
298 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
299 if (err)
300 return err;
301
302 BT_DBG("res %16phN", res);
303
304 return err;
305}
306
191dc7fe
JH		 307static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
308 const u8 x[16], const u8 y[16], u32 *val)
309{
310 u8 m[80], tmp[16];
311 int err;
312
c7a3d57d
JH		 313 SMP_DBG("u %32phN", u);
314 SMP_DBG("v %32phN", v);
315 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 316
317 memcpy(m, y, 16);
318 memcpy(m + 16, v, 32);
319 memcpy(m + 48, u, 32);
320
321 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
322 if (err)
323 return err;
324
325 *val = get_unaligned_le32(tmp);
326 *val %= 1000000;
327
c7a3d57d 328 SMP_DBG("val %06u", *val);
191dc7fe
JH		 329
330 return 0;
331}
332
06edf8de
JH		 333static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
334 const u8 key_id[4], u8 res[16])
335{
336 int err;
337
338 SMP_DBG("w %16phN key_id %4phN", w, key_id);
339
340 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
341 if (err)
342 return err;
343
344 SMP_DBG("res %16phN", res);
345
346 return err;
347}
348
349/* The following functions map to the legacy SMP crypto functions e, c1,
350 * s1 and ah.
351 */
352
d22ef0bc
AB		 353static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
354{
355 struct blkcipher_desc desc;
356 struct scatterlist sg;
943a732a 357 uint8_t tmp[16], data[16];
201a5929 358 int err;
d22ef0bc 359
7f376cd6 360 if (!tfm) {
d22ef0bc
AB		 361 BT_ERR("tfm %p", tfm);
362 return -EINVAL;
363 }
364
365 desc.tfm = tfm;
366 desc.flags = 0;
367
943a732a 368 /* The most significant octet of key corresponds to k[0] */
8a2936f4 369 swap_buf(k, tmp, 16);
943a732a
JH		 370
371 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 372 if (err) {
373 BT_ERR("cipher setkey failed: %d", err);
374 return err;
375 }
376
943a732a 377 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 378 swap_buf(r, data, 16);
943a732a
JH		 379
380 sg_init_one(&sg, data, 16);
d22ef0bc 381
d22ef0bc
AB		 382 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
383 if (err)
384 BT_ERR("Encrypt data error %d", err);
385
943a732a 386 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 387 swap_buf(data, r, 16);
943a732a 388
d22ef0bc
AB		 389 return err;
390}
391
06edf8de
JH		 392static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
393 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
394 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 395{
06edf8de 396 u8 p1[16], p2[16];
6a77083a
JH		 397 int err;
398
06edf8de 399 memset(p1, 0, 16);
6a77083a 400
06edf8de
JH		 401 /* p1 = pres || preq || _rat || _iat */
402 p1[0] = _iat;
403 p1[1] = _rat;
404 memcpy(p1 + 2, preq, 7);
405 memcpy(p1 + 9, pres, 7);
406
407 /* p2 = padding || ia || ra */
408 memcpy(p2, ra, 6);
409 memcpy(p2 + 6, ia, 6);
410 memset(p2 + 12, 0, 4);
411
412 /* res = r XOR p1 */
413 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
414
415 /* res = e(k, res) */
416 err = smp_e(tfm_aes, k, res);
417 if (err) {
418 BT_ERR("Encrypt data error");
6a77083a 419 return err;
06edf8de 420 }
6a77083a 421
06edf8de
JH		 422 /* res = res XOR p2 */
423 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
424
425 /* res = e(k, res) */
426 err = smp_e(tfm_aes, k, res);
427 if (err)
428 BT_ERR("Encrypt data error");
429
430 return err;
431}
432
433static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
434 const u8 r1[16], const u8 r2[16], u8 _r[16])
435{
436 int err;
437
438 /* Just least significant octets from r1 and r2 are considered */
439 memcpy(_r, r2, 8);
440 memcpy(_r + 8, r1, 8);
441
442 err = smp_e(tfm_aes, k, _r);
443 if (err)
444 BT_ERR("Encrypt data error");
6a77083a
JH		 445
446 return err;
447}
448
cd082797
JH		 449static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
450 const u8 r[3], u8 res[3])
60478054 451{
943a732a 452 u8 _res[16];
60478054
JH		 453 int err;
454
455 /* r' = padding || r */
943a732a
JH		 456 memcpy(_res, r, 3);
457 memset(_res + 3, 0, 13);
60478054 458
943a732a 459 err = smp_e(tfm, irk, _res);
60478054
JH		 460 if (err) {
461 BT_ERR("Encrypt error");
462 return err;
463 }
464
465 /* The output of the random address function ah is:
466 * ah(h, r) = e(k, r') mod 2^24
467 * The output of the security function e is then truncated to 24 bits
468 * by taking the least significant 24 bits of the output of e as the
469 * result of ah.
470 */
943a732a 471 memcpy(res, _res, 3);
60478054
JH		 472
473 return 0;
474}
475
cd082797
JH		 476bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
477 const bdaddr_t *bdaddr)
60478054 478{
defce9e8
JH		 479 struct l2cap_chan *chan = hdev->smp_data;
480 struct crypto_blkcipher *tfm;
60478054
JH		 481 u8 hash[3];
482 int err;
483
defce9e8
JH		 484 if (!chan || !chan->data)
485 return false;
486
487 tfm = chan->data;
488
60478054
JH		 489 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
490
491 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
492 if (err)
493 return false;
494
495 return !memcmp(bdaddr->b, hash, 3);
496}
497
cd082797 498int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 499{
defce9e8
JH		 500 struct l2cap_chan *chan = hdev->smp_data;
501 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 502 int err;
503
defce9e8
JH		 504 if (!chan || !chan->data)
505 return -EOPNOTSUPP;
506
507 tfm = chan->data;
508
b1e2b3ae
JH		 509 get_random_bytes(&rpa->b[3], 3);
510
511 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
512 rpa->b[5] |= 0x40; /* Set second most significant bit */
513
514 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
515 if (err < 0)
516 return err;
517
518 BT_DBG("RPA %pMR", rpa);
519
520 return 0;
521}
522
5d88cc73 523static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 524{
5d88cc73 525 struct l2cap_chan *chan = conn->smp;
b68fda68 526 struct smp_chan *smp;
5d88cc73
JH		 527 struct kvec iv[2];
528 struct msghdr msg;
eb492e01 529
5d88cc73
JH		 530 if (!chan)
531 return;
eb492e01 532
5d88cc73 533 BT_DBG("code 0x%2.2x", code);
eb492e01 534
5d88cc73
JH		 535 iv[0].iov_base = &code;
536 iv[0].iov_len = 1;
eb492e01 537
5d88cc73
JH		 538 iv[1].iov_base = data;
539 iv[1].iov_len = len;
eb492e01 540
5d88cc73 541 memset(&msg, 0, sizeof(msg));
eb492e01 542
17836394 543 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 544
5d88cc73 545 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 546
b68fda68
JH		 547 if (!chan->data)
548 return;
549
550 smp = chan->data;
551
552 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 553 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 554}
555
d2eb9e10 556static u8 authreq_to_seclevel(u8 authreq)
2b64d153 557{
d2eb9e10
JH		 558 if (authreq & SMP_AUTH_MITM) {
559 if (authreq & SMP_AUTH_SC)
560 return BT_SECURITY_FIPS;
561 else
562 return BT_SECURITY_HIGH;
563 } else {
2b64d153 564 return BT_SECURITY_MEDIUM;
d2eb9e10 565 }
2b64d153
BG		 566}
567
568static __u8 seclevel_to_authreq(__u8 sec_level)
569{
570 switch (sec_level) {
d2eb9e10 571 case BT_SECURITY_FIPS:
2b64d153
BG		 572 case BT_SECURITY_HIGH:
573 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
574 case BT_SECURITY_MEDIUM:
575 return SMP_AUTH_BONDING;
576 default:
577 return SMP_AUTH_NONE;
578 }
579}
580
b8e66eac 581static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 582 struct smp_cmd_pairing *req,
583 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 584{
5d88cc73
JH		 585 struct l2cap_chan *chan = conn->smp;
586 struct smp_chan *smp = chan->data;
fd349c02
JH		 587 struct hci_conn *hcon = conn->hcon;
588 struct hci_dev *hdev = hcon->hdev;
02b05bd8 589 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 590
b6ae8457 591 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 592 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
593 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 594 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 595 } else {
596 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 597 }
598
fd349c02
JH		 599 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
600 remote_dist |= SMP_DIST_ID_KEY;
601
863efaf2
JH		 602 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
603 local_dist |= SMP_DIST_ID_KEY;
604
02b05bd8
JH		 605 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
606 (authreq & SMP_AUTH_SC)) {
607 struct oob_data *oob_data;
608 u8 bdaddr_type;
609
610 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
df8e1a4c
JH		 611 local_dist |= SMP_DIST_LINK_KEY;
612 remote_dist |= SMP_DIST_LINK_KEY;
613 }
02b05bd8
JH		 614
615 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
616 bdaddr_type = BDADDR_LE_PUBLIC;
617 else
618 bdaddr_type = BDADDR_LE_RANDOM;
619
620 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
621 bdaddr_type);
622 if (oob_data) {
623 set_bit(SMP_FLAG_OOB, &smp->flags);
624 oob_flag = SMP_OOB_PRESENT;
a29b0733 625 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 626 memcpy(smp->pcnf, oob_data->hash256, 16);
627 }
628
df8e1a4c
JH		 629 } else {
630 authreq &= ~SMP_AUTH_SC;
631 }
632
54790f73
VCG		 633 if (rsp == NULL) {
634 req->io_capability = conn->hcon->io_capability;
02b05bd8 635 req->oob_flag = oob_flag;
54790f73 636 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 637 req->init_key_dist = local_dist;
638 req->resp_key_dist = remote_dist;
0edb14de 639 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 640
641 smp->remote_key_dist = remote_dist;
54790f73
VCG		 642 return;
643 }
644
645 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 646 rsp->oob_flag = oob_flag;
54790f73 647 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 648 rsp->init_key_dist = req->init_key_dist & remote_dist;
649 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 650 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 651
652 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 653}
654
3158c50c
VCG		 655static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
656{
5d88cc73
JH		 657 struct l2cap_chan *chan = conn->smp;
658 struct smp_chan *smp = chan->data;
1c1def09 659
3158c50c 660 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 661 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 662 return SMP_ENC_KEY_SIZE;
663
f7aa611a 664 smp->enc_key_size = max_key_size;
3158c50c
VCG		 665
666 return 0;
667}
668
6f48e260
JH		 669static void smp_chan_destroy(struct l2cap_conn *conn)
670{
671 struct l2cap_chan *chan = conn->smp;
672 struct smp_chan *smp = chan->data;
923e2414 673 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 674 bool complete;
675
676 BUG_ON(!smp);
677
678 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 679
6f48e260 680 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 681 mgmt_smp_complete(hcon, complete);
6f48e260
JH		 682
683 kfree(smp->csrk);
684 kfree(smp->slave_csrk);
6a77083a 685 kfree(smp->link_key);
6f48e260
JH		 686
687 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 688 crypto_free_hash(smp->tfm_cmac);
6f48e260 689
923e2414
JH		 690 /* Ensure that we don't leave any debug key around if debug key
691 * support hasn't been explicitly enabled.
692 */
693 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
694 !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
695 list_del_rcu(&smp->ltk->list);
696 kfree_rcu(smp->ltk, rcu);
697 smp->ltk = NULL;
698 }
699
6f48e260
JH		 700 /* If pairing failed clean up any keys we might have */
701 if (!complete) {
702 if (smp->ltk) {
970d0f1b
JH		 703 list_del_rcu(&smp->ltk->list);
704 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 705 }
706
707 if (smp->slave_ltk) {
970d0f1b
JH		 708 list_del_rcu(&smp->slave_ltk->list);
709 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 710 }
711
712 if (smp->remote_irk) {
adae20cb
JH		 713 list_del_rcu(&smp->remote_irk->list);
714 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 715 }
716 }
717
718 chan->data = NULL;
719 kfree(smp);
923e2414 720 hci_conn_drop(hcon);
6f48e260
JH		 721}
722
84794e11 723static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 724{
bab73cb6 725 struct hci_conn *hcon = conn->hcon;
b68fda68 726 struct l2cap_chan *chan = conn->smp;
bab73cb6 727
84794e11 728 if (reason)
4f957a76 729 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 730 &reason);
4f957a76 731
ce39fb4e 732 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 733 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 734
fc75cc86 735 if (chan->data)
f1c09c07 736 smp_chan_destroy(conn);
4f957a76
BG		 737}
738
2b64d153
BG		 739#define JUST_WORKS 0x00
740#define JUST_CFM 0x01
741#define REQ_PASSKEY 0x02
742#define CFM_PASSKEY 0x03
743#define REQ_OOB 0x04
5e3d3d9b 744#define DSP_PASSKEY 0x05
2b64d153
BG		 745#define OVERLAP 0xFF
746
747static const u8 gen_method[5][5] = {
748 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
749 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
750 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
751 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
752 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
753};
754
5e3d3d9b
JH		 755static const u8 sc_method[5][5] = {
756 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
757 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
758 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
759 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
760 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
761};
762
581370cc
JH		 763static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
764{
2bcd4003
JH		 765 /* If either side has unknown io_caps, use JUST_CFM (which gets
766 * converted later to JUST_WORKS if we're initiators.
767 */
581370cc
JH		 768 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
769 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 770 return JUST_CFM;
581370cc 771
5e3d3d9b
JH		 772 if (test_bit(SMP_FLAG_SC, &smp->flags))
773 return sc_method[remote_io][local_io];
774
581370cc
JH		 775 return gen_method[remote_io][local_io];
776}
777
2b64d153
BG		 778static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
779 u8 local_io, u8 remote_io)
780{
781 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 782 struct l2cap_chan *chan = conn->smp;
783 struct smp_chan *smp = chan->data;
2b64d153
BG		 784 u32 passkey = 0;
785 int ret = 0;
786
787 /* Initialize key for JUST WORKS */
788 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 789 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 790
791 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
792
2bcd4003
JH		 793 /* If neither side wants MITM, either "just" confirm an incoming
794 * request or use just-works for outgoing ones. The JUST_CFM
795 * will be converted to JUST_WORKS if necessary later in this
796 * function. If either side has MITM look up the method from the
797 * table.
798 */
581370cc 799 if (!(auth & SMP_AUTH_MITM))
783e0574 800 smp->method = JUST_CFM;
2b64d153 801 else
783e0574 802 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 803
a82505c7 804 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 805 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
806 &smp->flags))
807 smp->method = JUST_WORKS;
a82505c7 808
02f3e254 809 /* Don't bother user space with no IO capabilities */
783e0574
JH		 810 if (smp->method == JUST_CFM &&
811 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
812 smp->method = JUST_WORKS;
02f3e254 813
2b64d153 814 /* If Just Works, Continue with Zero TK */
783e0574 815 if (smp->method == JUST_WORKS) {
4a74d658 816 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 817 return 0;
818 }
819
820 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 821 if (smp->method != JUST_CFM) {
4a74d658 822 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 823 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
824 hcon->pending_sec_level = BT_SECURITY_HIGH;
825 }
2b64d153
BG		 826
827 /* If both devices have Keyoard-Display I/O, the master
828 * Confirms and the slave Enters the passkey.
829 */
783e0574 830 if (smp->method == OVERLAP) {
40bef302 831 if (hcon->role == HCI_ROLE_MASTER)
783e0574 832 smp->method = CFM_PASSKEY;
2b64d153 833 else
783e0574 834 smp->method = REQ_PASSKEY;
2b64d153
BG		 835 }
836
01ad34d2 837 /* Generate random passkey. */
783e0574 838 if (smp->method == CFM_PASSKEY) {
943a732a 839 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 840 get_random_bytes(&passkey, sizeof(passkey));
841 passkey %= 1000000;
943a732a 842 put_unaligned_le32(passkey, smp->tk);
2b64d153 843 BT_DBG("PassKey: %d", passkey);
4a74d658 844 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 845 }
846
783e0574 847 if (smp->method == REQ_PASSKEY)
ce39fb4e 848 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 849 hcon->type, hcon->dst_type);
783e0574 850 else if (smp->method == JUST_CFM)
4eb65e66
JH		 851 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
852 hcon->type, hcon->dst_type,
853 passkey, 1);
2b64d153 854 else
01ad34d2 855 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 856 hcon->type, hcon->dst_type,
39adbffe 857 passkey, 0);
2b64d153 858
2b64d153
BG		 859 return ret;
860}
861
1cc61144 862static u8 smp_confirm(struct smp_chan *smp)
8aab4757 863{
8aab4757 864 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 865 struct smp_cmd_pairing_confirm cp;
866 int ret;
8aab4757
VCG		 867
868 BT_DBG("conn %p", conn);
869
e491eaf3 870 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 871 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 872 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
873 cp.confirm_val);
1cc61144
JH		 874 if (ret)
875 return SMP_UNSPECIFIED;
8aab4757 876
4a74d658 877 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 878
8aab4757
VCG		 879 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
880
b28b4943
JH		 881 if (conn->hcon->out)
882 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
883 else
884 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
885
1cc61144 886 return 0;
8aab4757
VCG		 887}
888
861580a9 889static u8 smp_random(struct smp_chan *smp)
8aab4757 890{
8aab4757
VCG		 891 struct l2cap_conn *conn = smp->conn;
892 struct hci_conn *hcon = conn->hcon;
861580a9 893 u8 confirm[16];
8aab4757
VCG		 894 int ret;
895
ec70f36f 896 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 897 return SMP_UNSPECIFIED;
8aab4757
VCG		 898
899 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
900
e491eaf3 901 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 902 hcon->init_addr_type, &hcon->init_addr,
943a732a 903 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 904 if (ret)
905 return SMP_UNSPECIFIED;
8aab4757 906
8aab4757
VCG		 907 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
908 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 909 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 910 }
911
912 if (hcon->out) {
fe39c7b2
MH		 913 u8 stk[16];
914 __le64 rand = 0;
915 __le16 ediv = 0;
8aab4757 916
e491eaf3 917 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 918
f7aa611a 919 memset(stk + smp->enc_key_size, 0,
04124681 920 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 921
861580a9
JH		 922 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
923 return SMP_UNSPECIFIED;
8aab4757
VCG		 924
925 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 926 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 927 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 928 } else {
fff3490f 929 u8 stk[16], auth;
fe39c7b2
MH		 930 __le64 rand = 0;
931 __le16 ediv = 0;
8aab4757 932
943a732a
JH		 933 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
934 smp->prnd);
8aab4757 935
e491eaf3 936 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 937
f7aa611a 938 memset(stk + smp->enc_key_size, 0,
f1560463 939 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 940
fff3490f
JH		 941 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
942 auth = 1;
943 else
944 auth = 0;
945
7d5843b7
JH		 946 /* Even though there's no _SLAVE suffix this is the
947 * slave STK we're adding for later lookup (the master
948 * STK never needs to be stored).
949 */
ce39fb4e 950 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 951 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 952 }
953
861580a9 954 return 0;
8aab4757
VCG		 955}
956
44f1a7ab
JH		 957static void smp_notify_keys(struct l2cap_conn *conn)
958{
959 struct l2cap_chan *chan = conn->smp;
960 struct smp_chan *smp = chan->data;
961 struct hci_conn *hcon = conn->hcon;
962 struct hci_dev *hdev = hcon->hdev;
963 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
964 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
965 bool persistent;
966
967 if (smp->remote_irk) {
968 mgmt_new_irk(hdev, smp->remote_irk);
969 /* Now that user space can be considered to know the
970 * identity address track the connection based on it
b5ae344d 971 * from now on (assuming this is an LE link).
44f1a7ab 972 */
b5ae344d
JH		 973 if (hcon->type == LE_LINK) {
974 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
975 hcon->dst_type = smp->remote_irk->addr_type;
976 queue_work(hdev->workqueue, &conn->id_addr_update_work);
977 }
44f1a7ab
JH		 978
979 /* When receiving an indentity resolving key for
980 * a remote device that does not use a resolvable
981 * private address, just remove the key so that
982 * it is possible to use the controller white
983 * list for scanning.
984 *
985 * Userspace will have been told to not store
986 * this key at this point. So it is safe to
987 * just remove it.
988 */
989 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 990 list_del_rcu(&smp->remote_irk->list);
991 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 992 smp->remote_irk = NULL;
993 }
994 }
995
b5ae344d
JH		 996 if (hcon->type == ACL_LINK) {
997 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
998 persistent = false;
999 else
1000 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1001 &hcon->flags);
1002 } else {
1003 /* The LTKs and CSRKs should be persistent only if both sides
1004 * had the bonding bit set in their authentication requests.
1005 */
1006 persistent = !!((req->auth_req & rsp->auth_req) &
1007 SMP_AUTH_BONDING);
1008 }
1009
44f1a7ab
JH		 1010
1011 if (smp->csrk) {
1012 smp->csrk->bdaddr_type = hcon->dst_type;
1013 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1014 mgmt_new_csrk(hdev, smp->csrk, persistent);
1015 }
1016
1017 if (smp->slave_csrk) {
1018 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1019 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1020 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1021 }
1022
1023 if (smp->ltk) {
1024 smp->ltk->bdaddr_type = hcon->dst_type;
1025 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1026 mgmt_new_ltk(hdev, smp->ltk, persistent);
1027 }
1028
1029 if (smp->slave_ltk) {
1030 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1031 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1032 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1033 }
6a77083a
JH		 1034
1035 if (smp->link_key) {
e3befab9
JH		 1036 struct link_key *key;
1037 u8 type;
1038
1039 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1040 type = HCI_LK_DEBUG_COMBINATION;
1041 else if (hcon->sec_level == BT_SECURITY_FIPS)
1042 type = HCI_LK_AUTH_COMBINATION_P256;
1043 else
1044 type = HCI_LK_UNAUTH_COMBINATION_P256;
1045
1046 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1047 smp->link_key, type, 0, &persistent);
1048 if (key) {
1049 mgmt_new_link_key(hdev, key, persistent);
1050
1051 /* Don't keep debug keys around if the relevant
1052 * flag is not set.
1053 */
1054 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1055 key->type == HCI_LK_DEBUG_COMBINATION) {
1056 list_del_rcu(&key->list);
1057 kfree_rcu(key, rcu);
1058 }
1059 }
6a77083a
JH		 1060 }
1061}
1062
d3e54a87
JH		 1063static void sc_add_ltk(struct smp_chan *smp)
1064{
1065 struct hci_conn *hcon = smp->conn->hcon;
1066 u8 key_type, auth;
1067
1068 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1069 key_type = SMP_LTK_P256_DEBUG;
1070 else
1071 key_type = SMP_LTK_P256;
1072
1073 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1074 auth = 1;
1075 else
1076 auth = 0;
1077
1078 memset(smp->tk + smp->enc_key_size, 0,
1079 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1080
1081 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1082 key_type, auth, smp->tk, smp->enc_key_size,
1083 0, 0);
1084}
1085
6a77083a
JH		 1086static void sc_generate_link_key(struct smp_chan *smp)
1087{
1088 /* These constants are as specified in the core specification.
1089 * In ASCII they spell out to 'tmp1' and 'lebr'.
1090 */
1091 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1092 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1093
1094 smp->link_key = kzalloc(16, GFP_KERNEL);
1095 if (!smp->link_key)
1096 return;
1097
1098 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1099 kfree(smp->link_key);
1100 smp->link_key = NULL;
1101 return;
1102 }
1103
1104 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1105 kfree(smp->link_key);
1106 smp->link_key = NULL;
1107 return;
1108 }
44f1a7ab
JH		 1109}
1110
b28b4943
JH		 1111static void smp_allow_key_dist(struct smp_chan *smp)
1112{
1113 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1114 * will be allowed in each PDU handler to ensure we receive
1115 * them in the correct order.
1116 */
1117 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1118 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1119 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1120 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1121 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1122 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1123}
1124
b5ae344d
JH		 1125static void sc_generate_ltk(struct smp_chan *smp)
1126{
1127 /* These constants are as specified in the core specification.
1128 * In ASCII they spell out to 'tmp2' and 'brle'.
1129 */
1130 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1131 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1132 struct hci_conn *hcon = smp->conn->hcon;
1133 struct hci_dev *hdev = hcon->hdev;
1134 struct link_key *key;
1135
1136 key = hci_find_link_key(hdev, &hcon->dst);
1137 if (!key) {
1138 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1139 return;
1140 }
1141
1142 if (key->type == HCI_LK_DEBUG_COMBINATION)
1143 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1144
1145 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1146 return;
1147
1148 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1149 return;
1150
1151 sc_add_ltk(smp);
1152}
1153
d6268e86 1154static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1155{
1156 struct smp_cmd_pairing *req, *rsp;
86d1407c 1157 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1158 struct hci_conn *hcon = conn->hcon;
1159 struct hci_dev *hdev = hcon->hdev;
1160 __u8 *keydist;
1161
1162 BT_DBG("conn %p", conn);
1163
44f1a7ab
JH		 1164 rsp = (void *) &smp->prsp[1];
1165
1166 /* The responder sends its keys first */
b28b4943
JH		 1167 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1168 smp_allow_key_dist(smp);
86d1407c 1169 return;
b28b4943 1170 }
44f1a7ab
JH		 1171
1172 req = (void *) &smp->preq[1];
1173
1174 if (hcon->out) {
1175 keydist = &rsp->init_key_dist;
1176 *keydist &= req->init_key_dist;
1177 } else {
1178 keydist = &rsp->resp_key_dist;
1179 *keydist &= req->resp_key_dist;
1180 }
1181
6a77083a 1182 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1183 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1184 sc_generate_link_key(smp);
b5ae344d
JH		 1185 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1186 sc_generate_ltk(smp);
6a77083a
JH		 1187
1188 /* Clear the keys which are generated but not distributed */
1189 *keydist &= ~SMP_SC_NO_DIST;
1190 }
1191
44f1a7ab
JH		 1192 BT_DBG("keydist 0x%x", *keydist);
1193
1194 if (*keydist & SMP_DIST_ENC_KEY) {
1195 struct smp_cmd_encrypt_info enc;
1196 struct smp_cmd_master_ident ident;
1197 struct smp_ltk *ltk;
1198 u8 authenticated;
1199 __le16 ediv;
1200 __le64 rand;
1201
1202 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1203 get_random_bytes(&ediv, sizeof(ediv));
1204 get_random_bytes(&rand, sizeof(rand));
1205
1206 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1207
1208 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1209 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1210 SMP_LTK_SLAVE, authenticated, enc.ltk,
1211 smp->enc_key_size, ediv, rand);
1212 smp->slave_ltk = ltk;
1213
1214 ident.ediv = ediv;
1215 ident.rand = rand;
1216
1217 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1218
1219 *keydist &= ~SMP_DIST_ENC_KEY;
1220 }
1221
1222 if (*keydist & SMP_DIST_ID_KEY) {
1223 struct smp_cmd_ident_addr_info addrinfo;
1224 struct smp_cmd_ident_info idinfo;
1225
1226 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1227
1228 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1229
1230 /* The hci_conn contains the local identity address
1231 * after the connection has been established.
1232 *
1233 * This is true even when the connection has been
1234 * established using a resolvable random address.
1235 */
1236 bacpy(&addrinfo.bdaddr, &hcon->src);
1237 addrinfo.addr_type = hcon->src_type;
1238
1239 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1240 &addrinfo);
1241
1242 *keydist &= ~SMP_DIST_ID_KEY;
1243 }
1244
1245 if (*keydist & SMP_DIST_SIGN) {
1246 struct smp_cmd_sign_info sign;
1247 struct smp_csrk *csrk;
1248
1249 /* Generate a new random key */
1250 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1251
1252 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1253 if (csrk) {
1254 csrk->master = 0x00;
1255 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1256 }
1257 smp->slave_csrk = csrk;
1258
1259 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1260
1261 *keydist &= ~SMP_DIST_SIGN;
1262 }
1263
1264 /* If there are still keys to be received wait for them */
b28b4943
JH		 1265 if (smp->remote_key_dist & KEY_DIST_MASK) {
1266 smp_allow_key_dist(smp);
86d1407c 1267 return;
b28b4943 1268 }
44f1a7ab 1269
44f1a7ab
JH		 1270 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1271 smp_notify_keys(conn);
1272
1273 smp_chan_destroy(conn);
44f1a7ab
JH		 1274}
1275
b68fda68
JH		 1276static void smp_timeout(struct work_struct *work)
1277{
1278 struct smp_chan *smp = container_of(work, struct smp_chan,
1279 security_timer.work);
1280 struct l2cap_conn *conn = smp->conn;
1281
1282 BT_DBG("conn %p", conn);
1283
1e91c29e 1284 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1285}
1286
8aab4757
VCG		 1287static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1288{
5d88cc73 1289 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1290 struct smp_chan *smp;
1291
f1560463 1292 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1293 if (!smp)
8aab4757
VCG		 1294 return NULL;
1295
6a7bd103
JH		 1296 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1297 if (IS_ERR(smp->tfm_aes)) {
1298 BT_ERR("Unable to create ECB crypto context");
1299 kfree(smp);
1300 return NULL;
1301 }
1302
407cecf6
JH		 1303 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1304 if (IS_ERR(smp->tfm_cmac)) {
1305 BT_ERR("Unable to create CMAC crypto context");
1306 crypto_free_blkcipher(smp->tfm_aes);
1307 kfree(smp);
1308 return NULL;
1309 }
1310
8aab4757 1311 smp->conn = conn;
5d88cc73 1312 chan->data = smp;
8aab4757 1313
b28b4943
JH		 1314 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1315
b68fda68
JH		 1316 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1317
8aab4757
VCG		 1318 hci_conn_hold(conn->hcon);
1319
1320 return smp;
1321}
1322
760b018b
JH		 1323static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1324{
1325 struct hci_conn *hcon = smp->conn->hcon;
1326 u8 *na, *nb, a[7], b[7];
1327
1328 if (hcon->out) {
1329 na = smp->prnd;
1330 nb = smp->rrnd;
1331 } else {
1332 na = smp->rrnd;
1333 nb = smp->prnd;
1334 }
1335
1336 memcpy(a, &hcon->init_addr, 6);
1337 memcpy(b, &hcon->resp_addr, 6);
1338 a[6] = hcon->init_addr_type;
1339 b[6] = hcon->resp_addr_type;
1340
1341 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1342}
1343
38606f14 1344static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1345{
1346 struct hci_conn *hcon = smp->conn->hcon;
1347 struct smp_cmd_dhkey_check check;
1348 u8 a[7], b[7], *local_addr, *remote_addr;
1349 u8 io_cap[3], r[16];
1350
760b018b
JH		 1351 memcpy(a, &hcon->init_addr, 6);
1352 memcpy(b, &hcon->resp_addr, 6);
1353 a[6] = hcon->init_addr_type;
1354 b[6] = hcon->resp_addr_type;
1355
1356 if (hcon->out) {
1357 local_addr = a;
1358 remote_addr = b;
1359 memcpy(io_cap, &smp->preq[1], 3);
1360 } else {
1361 local_addr = b;
1362 remote_addr = a;
1363 memcpy(io_cap, &smp->prsp[1], 3);
1364 }
1365
dddd3059
JH		 1366 memset(r, 0, sizeof(r));
1367
1368 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1369 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1370
a29b0733
JH		 1371 if (smp->method == REQ_OOB)
1372 memcpy(r, smp->rr, 16);
1373
760b018b
JH		 1374 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1375 local_addr, remote_addr, check.e);
1376
1377 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1378}
1379
38606f14
JH		 1380static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1381{
1382 struct l2cap_conn *conn = smp->conn;
1383 struct hci_conn *hcon = conn->hcon;
1384 struct smp_cmd_pairing_confirm cfm;
1385 u8 r;
1386
1387 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1388 r |= 0x80;
1389
1390 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1391
1392 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1393 cfm.confirm_val))
1394 return SMP_UNSPECIFIED;
1395
1396 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1397
1398 return 0;
1399}
1400
1401static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1402{
1403 struct l2cap_conn *conn = smp->conn;
1404 struct hci_conn *hcon = conn->hcon;
1405 struct hci_dev *hdev = hcon->hdev;
1406 u8 cfm[16], r;
1407
1408 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1409 if (smp->passkey_round >= 20)
1410 return 0;
1411
1412 switch (smp_op) {
1413 case SMP_CMD_PAIRING_RANDOM:
1414 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1415 r |= 0x80;
1416
1417 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1418 smp->rrnd, r, cfm))
1419 return SMP_UNSPECIFIED;
1420
1421 if (memcmp(smp->pcnf, cfm, 16))
1422 return SMP_CONFIRM_FAILED;
1423
1424 smp->passkey_round++;
1425
1426 if (smp->passkey_round == 20) {
1427 /* Generate MacKey and LTK */
1428 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1429 return SMP_UNSPECIFIED;
1430 }
1431
1432 /* The round is only complete when the initiator
1433 * receives pairing random.
1434 */
1435 if (!hcon->out) {
1436 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1437 sizeof(smp->prnd), smp->prnd);
d3e54a87 1438 if (smp->passkey_round == 20)
38606f14 1439 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1440 else
38606f14 1441 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1442 return 0;
1443 }
1444
1445 /* Start the next round */
1446 if (smp->passkey_round != 20)
1447 return sc_passkey_round(smp, 0);
1448
1449 /* Passkey rounds are complete - start DHKey Check */
1450 sc_dhkey_check(smp);
1451 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1452
1453 break;
1454
1455 case SMP_CMD_PAIRING_CONFIRM:
1456 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1457 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1458 return 0;
1459 }
1460
1461 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1462
1463 if (hcon->out) {
1464 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1465 sizeof(smp->prnd), smp->prnd);
1466 return 0;
1467 }
1468
1469 return sc_passkey_send_confirm(smp);
1470
1471 case SMP_CMD_PUBLIC_KEY:
1472 default:
1473 /* Initiating device starts the round */
1474 if (!hcon->out)
1475 return 0;
1476
1477 BT_DBG("%s Starting passkey round %u", hdev->name,
1478 smp->passkey_round + 1);
1479
1480 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1481
1482 return sc_passkey_send_confirm(smp);
1483 }
1484
1485 return 0;
1486}
1487
dddd3059
JH		 1488static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1489{
38606f14
JH		 1490 struct l2cap_conn *conn = smp->conn;
1491 struct hci_conn *hcon = conn->hcon;
1492 u8 smp_op;
1493
1494 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1495
dddd3059
JH		 1496 switch (mgmt_op) {
1497 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1498 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1499 return 0;
1500 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1501 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1502 return 0;
38606f14
JH		 1503 case MGMT_OP_USER_PASSKEY_REPLY:
1504 hcon->passkey_notify = le32_to_cpu(passkey);
1505 smp->passkey_round = 0;
1506
1507 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1508 smp_op = SMP_CMD_PAIRING_CONFIRM;
1509 else
1510 smp_op = 0;
1511
1512 if (sc_passkey_round(smp, smp_op))
1513 return -EIO;
1514
1515 return 0;
dddd3059
JH		 1516 }
1517
d3e54a87
JH		 1518 /* Initiator sends DHKey check first */
1519 if (hcon->out) {
1520 sc_dhkey_check(smp);
1521 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1522 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1523 sc_dhkey_check(smp);
1524 sc_add_ltk(smp);
1525 }
760b018b
JH		 1526
1527 return 0;
1528}
1529
2b64d153
BG		 1530int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1531{
b10e8017 1532 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1533 struct l2cap_chan *chan;
2b64d153
BG		 1534 struct smp_chan *smp;
1535 u32 value;
fc75cc86 1536 int err;
2b64d153
BG		 1537
1538 BT_DBG("");
1539
fc75cc86 1540 if (!conn)
2b64d153
BG		 1541 return -ENOTCONN;
1542
5d88cc73
JH		 1543 chan = conn->smp;
1544 if (!chan)
1545 return -ENOTCONN;
1546
fc75cc86
JH		 1547 l2cap_chan_lock(chan);
1548 if (!chan->data) {
1549 err = -ENOTCONN;
1550 goto unlock;
1551 }
1552
5d88cc73 1553 smp = chan->data;
2b64d153 1554
760b018b
JH		 1555 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1556 err = sc_user_reply(smp, mgmt_op, passkey);
1557 goto unlock;
1558 }
1559
2b64d153
BG		 1560 switch (mgmt_op) {
1561 case MGMT_OP_USER_PASSKEY_REPLY:
1562 value = le32_to_cpu(passkey);
943a732a 1563 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1564 BT_DBG("PassKey: %d", value);
943a732a 1565 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1566 /* Fall Through */
1567 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1568 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1569 break;
1570 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1571 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1572 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1573 err = 0;
1574 goto unlock;
2b64d153 1575 default:
84794e11 1576 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1577 err = -EOPNOTSUPP;
1578 goto unlock;
2b64d153
BG		 1579 }
1580
fc75cc86
JH		 1581 err = 0;
1582
2b64d153 1583 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1584 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1585 u8 rsp = smp_confirm(smp);
1586 if (rsp)
1587 smp_failure(conn, rsp);
1588 }
2b64d153 1589
fc75cc86
JH		 1590unlock:
1591 l2cap_chan_unlock(chan);
1592 return err;
2b64d153
BG		 1593}
1594
b5ae344d
JH		 1595static void build_bredr_pairing_cmd(struct smp_chan *smp,
1596 struct smp_cmd_pairing *req,
1597 struct smp_cmd_pairing *rsp)
1598{
1599 struct l2cap_conn *conn = smp->conn;
1600 struct hci_dev *hdev = conn->hcon->hdev;
1601 u8 local_dist = 0, remote_dist = 0;
1602
1603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1604 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1605 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1606 }
1607
1608 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1609 remote_dist |= SMP_DIST_ID_KEY;
1610
1611 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1612 local_dist |= SMP_DIST_ID_KEY;
1613
1614 if (!rsp) {
1615 memset(req, 0, sizeof(*req));
1616
1617 req->init_key_dist = local_dist;
1618 req->resp_key_dist = remote_dist;
1619 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1620
1621 smp->remote_key_dist = remote_dist;
1622
1623 return;
1624 }
1625
1626 memset(rsp, 0, sizeof(*rsp));
1627
1628 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1629 rsp->init_key_dist = req->init_key_dist & remote_dist;
1630 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1631
1632 smp->remote_key_dist = rsp->init_key_dist;
1633}
1634
da85e5e5 1635static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1636{
3158c50c 1637 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1638 struct l2cap_chan *chan = conn->smp;
b3c6410b 1639 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1640 struct smp_chan *smp;
c7262e71 1641 u8 key_size, auth, sec_level;
8aab4757 1642 int ret;
88ba43b6
AB		 1643
1644 BT_DBG("conn %p", conn);
1645
c46b98be 1646 if (skb->len < sizeof(*req))
38e4a915 1647 return SMP_INVALID_PARAMS;
c46b98be 1648
40bef302 1649 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1650 return SMP_CMD_NOTSUPP;
1651
fc75cc86 1652 if (!chan->data)
8aab4757 1653 smp = smp_chan_create(conn);
fc75cc86 1654 else
5d88cc73 1655 smp = chan->data;
8aab4757 1656
d08fd0e7
AE		 1657 if (!smp)
1658 return SMP_UNSPECIFIED;
d26a2345 1659
c05b9339 1660 /* We didn't start the pairing, so match remote */
0edb14de 1661 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1662
b6ae8457 1663 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1664 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1665 return SMP_PAIRING_NOTSUPP;
1666
903b71c7
JH		 1667 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1668 return SMP_AUTH_REQUIREMENTS;
1669
1c1def09
VCG		 1670 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1671 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1672 skb_pull(skb, sizeof(*req));
88ba43b6 1673
b5ae344d
JH		 1674 /* SMP over BR/EDR requires special treatment */
1675 if (conn->hcon->type == ACL_LINK) {
1676 /* We must have a BR/EDR SC link */
08f63cc5
MH		 1677 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1678 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
b5ae344d
JH		 1679 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1680
1681 set_bit(SMP_FLAG_SC, &smp->flags);
1682
1683 build_bredr_pairing_cmd(smp, req, &rsp);
1684
1685 key_size = min(req->max_key_size, rsp.max_key_size);
1686 if (check_enc_key_size(conn, key_size))
1687 return SMP_ENC_KEY_SIZE;
1688
1689 /* Clear bits which are generated but not distributed */
1690 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1691
1692 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1693 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1694 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1695
1696 smp_distribute_keys(smp);
1697 return 0;
1698 }
1699
5e3d3d9b
JH		 1700 build_pairing_cmd(conn, req, &rsp, auth);
1701
1702 if (rsp.auth_req & SMP_AUTH_SC)
1703 set_bit(SMP_FLAG_SC, &smp->flags);
1704
5be5e275 1705 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1706 sec_level = BT_SECURITY_MEDIUM;
1707 else
1708 sec_level = authreq_to_seclevel(auth);
1709
c7262e71
JH		 1710 if (sec_level > conn->hcon->pending_sec_level)
1711 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1712
49c922bb 1713 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1714 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1715 u8 method;
1716
1717 method = get_auth_method(smp, conn->hcon->io_capability,
1718 req->io_capability);
1719 if (method == JUST_WORKS || method == JUST_CFM)
1720 return SMP_AUTH_REQUIREMENTS;
1721 }
1722
3158c50c
VCG		 1723 key_size = min(req->max_key_size, rsp.max_key_size);
1724 if (check_enc_key_size(conn, key_size))
1725 return SMP_ENC_KEY_SIZE;
88ba43b6 1726
e84a6b13 1727 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1728
1c1def09
VCG		 1729 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1730 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1731
3158c50c 1732 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1733
1734 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1735
1736 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1737 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1738 /* Clear bits which are generated but not distributed */
1739 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1740 /* Wait for Public Key from Initiating Device */
1741 return 0;
1742 } else {
1743 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1744 }
da85e5e5 1745
2b64d153
BG		 1746 /* Request setup of TK */
1747 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1748 if (ret)
1749 return SMP_UNSPECIFIED;
1750
da85e5e5 1751 return 0;
88ba43b6
AB		 1752}
1753
3b19146d
JH		 1754static u8 sc_send_public_key(struct smp_chan *smp)
1755{
70157ef5
JH		 1756 struct hci_dev *hdev = smp->conn->hcon->hdev;
1757
3b19146d
JH		 1758 BT_DBG("");
1759
70157ef5
JH		 1760 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1761 BT_DBG("Using debug keys");
1762 memcpy(smp->local_pk, debug_pk, 64);
1763 memcpy(smp->local_sk, debug_sk, 32);
1764 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1765 } else {
1766 while (true) {
1767 /* Generate local key pair for Secure Connections */
1768 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1769 return SMP_UNSPECIFIED;
6c0dcc50 1770
70157ef5
JH		 1771 /* This is unlikely, but we need to check that
1772 * we didn't accidentially generate a debug key.
1773 */
1774 if (memcmp(smp->local_sk, debug_sk, 32))
1775 break;
1776 }
6c0dcc50 1777 }
3b19146d 1778
c7a3d57d
JH		 1779 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1780 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1781 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1782
1783 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1784
1785 return 0;
1786}
1787
da85e5e5 1788static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1789{
3158c50c 1790 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1791 struct l2cap_chan *chan = conn->smp;
1792 struct smp_chan *smp = chan->data;
0edb14de 1793 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1794 u8 key_size, auth;
7d24ddcc 1795 int ret;
88ba43b6
AB		 1796
1797 BT_DBG("conn %p", conn);
1798
c46b98be 1799 if (skb->len < sizeof(*rsp))
38e4a915 1800 return SMP_INVALID_PARAMS;
c46b98be 1801
40bef302 1802 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1803 return SMP_CMD_NOTSUPP;
1804
3158c50c
VCG		 1805 skb_pull(skb, sizeof(*rsp));
1806
1c1def09 1807 req = (void *) &smp->preq[1];
da85e5e5 1808
3158c50c
VCG		 1809 key_size = min(req->max_key_size, rsp->max_key_size);
1810 if (check_enc_key_size(conn, key_size))
1811 return SMP_ENC_KEY_SIZE;
1812
0edb14de 1813 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1814
903b71c7
JH		 1815 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1816 return SMP_AUTH_REQUIREMENTS;
1817
b5ae344d
JH		 1818 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1819 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1820
1821 /* Update remote key distribution in case the remote cleared
1822 * some bits that we had enabled in our request.
1823 */
1824 smp->remote_key_dist &= rsp->resp_key_dist;
1825
1826 /* For BR/EDR this means we're done and can start phase 3 */
1827 if (conn->hcon->type == ACL_LINK) {
1828 /* Clear bits which are generated but not distributed */
1829 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1830 smp_distribute_keys(smp);
1831 return 0;
1832 }
1833
65668776
JH		 1834 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1835 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1836 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1837 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1838
49c922bb 1839 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1840 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1841 u8 method;
1842
1843 method = get_auth_method(smp, req->io_capability,
1844 rsp->io_capability);
1845 if (method == JUST_WORKS || method == JUST_CFM)
1846 return SMP_AUTH_REQUIREMENTS;
1847 }
1848
e84a6b13 1849 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1850
fdcc4bec
JH		 1851 /* Update remote key distribution in case the remote cleared
1852 * some bits that we had enabled in our request.
1853 */
1854 smp->remote_key_dist &= rsp->resp_key_dist;
1855
3b19146d
JH		 1856 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1857 /* Clear bits which are generated but not distributed */
1858 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1859 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1860 return sc_send_public_key(smp);
1861 }
1862
c05b9339 1863 auth |= req->auth_req;
2b64d153 1864
476585ec 1865 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1866 if (ret)
1867 return SMP_UNSPECIFIED;
1868
4a74d658 1869 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1870
1871 /* Can't compose response until we have been confirmed */
4a74d658 1872 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1873 return smp_confirm(smp);
da85e5e5
VCG		 1874
1875 return 0;
88ba43b6
AB		 1876}
1877
dcee2b32
JH		 1878static u8 sc_check_confirm(struct smp_chan *smp)
1879{
1880 struct l2cap_conn *conn = smp->conn;
1881
1882 BT_DBG("");
1883
1884 /* Public Key exchange must happen before any other steps */
1885 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1886 return SMP_UNSPECIFIED;
1887
38606f14
JH		 1888 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1889 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1890
dcee2b32
JH		 1891 if (conn->hcon->out) {
1892 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1893 smp->prnd);
1894 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1895 }
1896
1897 return 0;
1898}
1899
da85e5e5 1900static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1901{
5d88cc73
JH		 1902 struct l2cap_chan *chan = conn->smp;
1903 struct smp_chan *smp = chan->data;
7d24ddcc 1904
88ba43b6
AB		 1905 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1906
c46b98be 1907 if (skb->len < sizeof(smp->pcnf))
38e4a915 1908 return SMP_INVALID_PARAMS;
c46b98be 1909
1c1def09
VCG		 1910 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1911 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1912
dcee2b32
JH		 1913 if (test_bit(SMP_FLAG_SC, &smp->flags))
1914 return sc_check_confirm(smp);
1915
b28b4943 1916 if (conn->hcon->out) {
943a732a
JH		 1917 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1918 smp->prnd);
b28b4943
JH		 1919 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1920 return 0;
1921 }
1922
1923 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1924 return smp_confirm(smp);
943a732a 1925 else
4a74d658 1926 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1927
1928 return 0;
88ba43b6
AB		 1929}
1930
da85e5e5 1931static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1932{
5d88cc73
JH		 1933 struct l2cap_chan *chan = conn->smp;
1934 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1935 struct hci_conn *hcon = conn->hcon;
1936 u8 *pkax, *pkbx, *na, *nb;
1937 u32 passkey;
1938 int err;
7d24ddcc 1939
8aab4757 1940 BT_DBG("conn %p", conn);
3158c50c 1941
c46b98be 1942 if (skb->len < sizeof(smp->rrnd))
38e4a915 1943 return SMP_INVALID_PARAMS;
c46b98be 1944
943a732a 1945 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1946 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1947
191dc7fe
JH		 1948 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1949 return smp_random(smp);
1950
580039e8
JH		 1951 if (hcon->out) {
1952 pkax = smp->local_pk;
1953 pkbx = smp->remote_pk;
1954 na = smp->prnd;
1955 nb = smp->rrnd;
1956 } else {
1957 pkax = smp->remote_pk;
1958 pkbx = smp->local_pk;
1959 na = smp->rrnd;
1960 nb = smp->prnd;
1961 }
1962
a29b0733
JH		 1963 if (smp->method == REQ_OOB) {
1964 if (!hcon->out)
1965 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1966 sizeof(smp->prnd), smp->prnd);
1967 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1968 goto mackey_and_ltk;
1969 }
1970
38606f14
JH		 1971 /* Passkey entry has special treatment */
1972 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1973 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1974
191dc7fe
JH		 1975 if (hcon->out) {
1976 u8 cfm[16];
1977
1978 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1979 smp->rrnd, 0, cfm);
1980 if (err)
1981 return SMP_UNSPECIFIED;
1982
1983 if (memcmp(smp->pcnf, cfm, 16))
1984 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 1985 } else {
1986 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1987 smp->prnd);
1988 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 1989 }
1990
a29b0733 1991mackey_and_ltk:
760b018b
JH		 1992 /* Generate MacKey and LTK */
1993 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1994 if (err)
1995 return SMP_UNSPECIFIED;
1996
a29b0733 1997 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 1998 if (hcon->out) {
38606f14 1999 sc_dhkey_check(smp);
dddd3059
JH		 2000 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2001 }
2002 return 0;
2003 }
2004
38606f14
JH		 2005 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2006 if (err)
2007 return SMP_UNSPECIFIED;
2008
2009 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2010 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2011 if (err)
2012 return SMP_UNSPECIFIED;
2013
38606f14
JH		 2014 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2015
191dc7fe 2016 return 0;
88ba43b6
AB		 2017}
2018
f81cd823 2019static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2020{
c9839a11 2021 struct smp_ltk *key;
988c5997
VCG		 2022 struct hci_conn *hcon = conn->hcon;
2023
f3a73d97 2024 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2025 if (!key)
f81cd823 2026 return false;
988c5997 2027
a6f7833c 2028 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2029 return false;
4dab7864 2030
51a8efd7 2031 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2032 return true;
988c5997 2033
c9839a11
VCG		 2034 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2035 hcon->enc_key_size = key->enc_size;
988c5997 2036
fe59a05f
JH		 2037 /* We never store STKs for master role, so clear this flag */
2038 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2039
f81cd823 2040 return true;
988c5997 2041}
f1560463 2042
35dc6f83
JH		 2043bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2044 enum smp_key_pref key_pref)
854f4727
JH		 2045{
2046 if (sec_level == BT_SECURITY_LOW)
2047 return true;
2048
35dc6f83
JH		 2049 /* If we're encrypted with an STK but the caller prefers using
2050 * LTK claim insufficient security. This way we allow the
2051 * connection to be re-encrypted with an LTK, even if the LTK
2052 * provides the same level of security. Only exception is if we
2053 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2054 */
35dc6f83
JH		 2055 if (key_pref == SMP_USE_LTK &&
2056 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2057 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2058 return false;
2059
854f4727
JH		 2060 if (hcon->sec_level >= sec_level)
2061 return true;
2062
2063 return false;
2064}
2065
da85e5e5 2066static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2067{
2068 struct smp_cmd_security_req *rp = (void *) skb->data;
2069 struct smp_cmd_pairing cp;
f1cb9af5 2070 struct hci_conn *hcon = conn->hcon;
0edb14de 2071 struct hci_dev *hdev = hcon->hdev;
8aab4757 2072 struct smp_chan *smp;
c05b9339 2073 u8 sec_level, auth;
88ba43b6
AB		 2074
2075 BT_DBG("conn %p", conn);
2076
c46b98be 2077 if (skb->len < sizeof(*rp))
38e4a915 2078 return SMP_INVALID_PARAMS;
c46b98be 2079
40bef302 2080 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2081 return SMP_CMD_NOTSUPP;
2082
0edb14de 2083 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2084
903b71c7
JH		 2085 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2086 return SMP_AUTH_REQUIREMENTS;
2087
5be5e275 2088 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2089 sec_level = BT_SECURITY_MEDIUM;
2090 else
2091 sec_level = authreq_to_seclevel(auth);
2092
35dc6f83 2093 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2094 return 0;
2095
c7262e71
JH		 2096 if (sec_level > hcon->pending_sec_level)
2097 hcon->pending_sec_level = sec_level;
feb45eb5 2098
4dab7864 2099 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2100 return 0;
2101
8aab4757 2102 smp = smp_chan_create(conn);
c29d2444
JH		 2103 if (!smp)
2104 return SMP_UNSPECIFIED;
d26a2345 2105
b6ae8457 2106 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 2107 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2108 return SMP_PAIRING_NOTSUPP;
2109
88ba43b6 2110 skb_pull(skb, sizeof(*rp));
88ba43b6 2111
da85e5e5 2112 memset(&cp, 0, sizeof(cp));
c05b9339 2113 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2114
1c1def09
VCG		 2115 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2116 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2117
88ba43b6 2118 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2119 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2120
da85e5e5 2121 return 0;
88ba43b6
AB		 2122}
2123
cc110922 2124int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2125{
cc110922 2126 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2127 struct l2cap_chan *chan;
0a66cf20 2128 struct smp_chan *smp;
2b64d153 2129 __u8 authreq;
fc75cc86 2130 int ret;
eb492e01 2131
3a0259bb
VCG		 2132 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2133
0a66cf20
JH		 2134 /* This may be NULL if there's an unexpected disconnection */
2135 if (!conn)
2136 return 1;
2137
c68b7f12
JH		 2138 chan = conn->smp;
2139
757aee0f 2140 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 2141 return 1;
2142
35dc6f83 2143 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2144 return 1;
f1cb9af5 2145
c7262e71
JH		 2146 if (sec_level > hcon->pending_sec_level)
2147 hcon->pending_sec_level = sec_level;
2148
40bef302 2149 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2150 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2151 return 0;
d26a2345 2152
fc75cc86
JH		 2153 l2cap_chan_lock(chan);
2154
2155 /* If SMP is already in progress ignore this request */
2156 if (chan->data) {
2157 ret = 0;
2158 goto unlock;
2159 }
d26a2345 2160
8aab4757 2161 smp = smp_chan_create(conn);
fc75cc86
JH		 2162 if (!smp) {
2163 ret = 1;
2164 goto unlock;
2165 }
2b64d153
BG		 2166
2167 authreq = seclevel_to_authreq(sec_level);
d26a2345 2168
d2eb9e10
JH		 2169 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2170 authreq |= SMP_AUTH_SC;
2171
79897d20
JH		 2172 /* Require MITM if IO Capability allows or the security level
2173 * requires it.
2e233644 2174 */
79897d20 2175 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2176 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2177 authreq |= SMP_AUTH_MITM;
2178
40bef302 2179 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2180 struct smp_cmd_pairing cp;
f01ead31 2181
2b64d153 2182 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2183 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2184 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2185
eb492e01 2186 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2187 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2188 } else {
2189 struct smp_cmd_security_req cp;
2b64d153 2190 cp.auth_req = authreq;
eb492e01 2191 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2192 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2193 }
2194
4a74d658 2195 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2196 ret = 0;
edca792c 2197
fc75cc86
JH		 2198unlock:
2199 l2cap_chan_unlock(chan);
2200 return ret;
eb492e01
AB		 2201}
2202
7034b911
VCG		 2203static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2204{
16b90839 2205 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2206 struct l2cap_chan *chan = conn->smp;
2207 struct smp_chan *smp = chan->data;
16b90839 2208
c46b98be
JH		 2209 BT_DBG("conn %p", conn);
2210
2211 if (skb->len < sizeof(*rp))
38e4a915 2212 return SMP_INVALID_PARAMS;
c46b98be 2213
b28b4943 2214 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2215
16b90839
VCG		 2216 skb_pull(skb, sizeof(*rp));
2217
1c1def09 2218 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2219
7034b911
VCG		 2220 return 0;
2221}
2222
2223static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2224{
16b90839 2225 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2226 struct l2cap_chan *chan = conn->smp;
2227 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2228 struct hci_dev *hdev = conn->hcon->hdev;
2229 struct hci_conn *hcon = conn->hcon;
23d0e128 2230 struct smp_ltk *ltk;
c9839a11 2231 u8 authenticated;
16b90839 2232
c46b98be
JH		 2233 BT_DBG("conn %p", conn);
2234
2235 if (skb->len < sizeof(*rp))
38e4a915 2236 return SMP_INVALID_PARAMS;
c46b98be 2237
9747a9f3
JH		 2238 /* Mark the information as received */
2239 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2240
b28b4943
JH		 2241 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2242 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2243 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2244 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2245
16b90839 2246 skb_pull(skb, sizeof(*rp));
7034b911 2247
ce39fb4e 2248 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2249 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2250 authenticated, smp->tk, smp->enc_key_size,
2251 rp->ediv, rp->rand);
2252 smp->ltk = ltk;
c6e81e9a 2253 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2254 smp_distribute_keys(smp);
7034b911
VCG		 2255
2256 return 0;
2257}
2258
fd349c02
JH		 2259static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2260{
2261 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2262 struct l2cap_chan *chan = conn->smp;
2263 struct smp_chan *smp = chan->data;
fd349c02
JH		 2264
2265 BT_DBG("");
2266
2267 if (skb->len < sizeof(*info))
38e4a915 2268 return SMP_INVALID_PARAMS;
fd349c02 2269
b28b4943 2270 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2271
fd349c02
JH		 2272 skb_pull(skb, sizeof(*info));
2273
2274 memcpy(smp->irk, info->irk, 16);
2275
2276 return 0;
2277}
2278
2279static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2280 struct sk_buff *skb)
2281{
2282 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2283 struct l2cap_chan *chan = conn->smp;
2284 struct smp_chan *smp = chan->data;
fd349c02
JH		 2285 struct hci_conn *hcon = conn->hcon;
2286 bdaddr_t rpa;
2287
2288 BT_DBG("");
2289
2290 if (skb->len < sizeof(*info))
38e4a915 2291 return SMP_INVALID_PARAMS;
fd349c02 2292
9747a9f3
JH		 2293 /* Mark the information as received */
2294 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2295
b28b4943
JH		 2296 if (smp->remote_key_dist & SMP_DIST_SIGN)
2297 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2298
fd349c02
JH		 2299 skb_pull(skb, sizeof(*info));
2300
a9a58f86
JH		 2301 /* Strictly speaking the Core Specification (4.1) allows sending
2302 * an empty address which would force us to rely on just the IRK
2303 * as "identity information". However, since such
2304 * implementations are not known of and in order to not over
2305 * complicate our implementation, simply pretend that we never
2306 * received an IRK for such a device.
2307 */
2308 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2309 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2310 goto distribute;
a9a58f86
JH		 2311 }
2312
fd349c02
JH		 2313 bacpy(&smp->id_addr, &info->bdaddr);
2314 smp->id_addr_type = info->addr_type;
2315
2316 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2317 bacpy(&rpa, &hcon->dst);
2318 else
2319 bacpy(&rpa, BDADDR_ANY);
2320
23d0e128
JH		 2321 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2322 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2323
31dd624e 2324distribute:
c6e81e9a
JH		 2325 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2326 smp_distribute_keys(smp);
fd349c02
JH		 2327
2328 return 0;
2329}
2330
7ee4ea36
MH		 2331static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2332{
2333 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2334 struct l2cap_chan *chan = conn->smp;
2335 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2336 struct smp_csrk *csrk;
2337
2338 BT_DBG("conn %p", conn);
2339
2340 if (skb->len < sizeof(*rp))
38e4a915 2341 return SMP_INVALID_PARAMS;
7ee4ea36 2342
7ee4ea36
MH		 2343 /* Mark the information as received */
2344 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2345
2346 skb_pull(skb, sizeof(*rp));
2347
7ee4ea36
MH		 2348 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2349 if (csrk) {
2350 csrk->master = 0x01;
2351 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2352 }
2353 smp->csrk = csrk;
d6268e86 2354 smp_distribute_keys(smp);
7ee4ea36
MH		 2355
2356 return 0;
2357}
2358
5e3d3d9b
JH		 2359static u8 sc_select_method(struct smp_chan *smp)
2360{
2361 struct l2cap_conn *conn = smp->conn;
2362 struct hci_conn *hcon = conn->hcon;
2363 struct smp_cmd_pairing *local, *remote;
2364 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2365
a29b0733
JH		 2366 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2367 return REQ_OOB;
2368
5e3d3d9b
JH		 2369 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2370 * which are needed as inputs to some crypto functions. To get
2371 * the "struct smp_cmd_pairing" from them we need to skip the
2372 * first byte which contains the opcode.
2373 */
2374 if (hcon->out) {
2375 local = (void *) &smp->preq[1];
2376 remote = (void *) &smp->prsp[1];
2377 } else {
2378 local = (void *) &smp->prsp[1];
2379 remote = (void *) &smp->preq[1];
2380 }
2381
2382 local_io = local->io_capability;
2383 remote_io = remote->io_capability;
2384
2385 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2386 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2387
2388 /* If either side wants MITM, look up the method from the table,
2389 * otherwise use JUST WORKS.
2390 */
2391 if (local_mitm || remote_mitm)
2392 method = get_auth_method(smp, local_io, remote_io);
2393 else
2394 method = JUST_WORKS;
2395
2396 /* Don't confirm locally initiated pairing attempts */
2397 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2398 method = JUST_WORKS;
2399
2400 return method;
2401}
2402
d8f8edbe
JH		 2403static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2404{
2405 struct smp_cmd_public_key *key = (void *) skb->data;
2406 struct hci_conn *hcon = conn->hcon;
2407 struct l2cap_chan *chan = conn->smp;
2408 struct smp_chan *smp = chan->data;
5e3d3d9b 2409 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2410 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2411 int err;
2412
2413 BT_DBG("conn %p", conn);
2414
2415 if (skb->len < sizeof(*key))
2416 return SMP_INVALID_PARAMS;
2417
2418 memcpy(smp->remote_pk, key, 64);
2419
2420 /* Non-initiating device sends its public key after receiving
2421 * the key from the initiating device.
2422 */
2423 if (!hcon->out) {
2424 err = sc_send_public_key(smp);
2425 if (err)
2426 return err;
2427 }
2428
c7a3d57d
JH		 2429 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2430 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2431
2432 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2433 return SMP_UNSPECIFIED;
2434
c7a3d57d 2435 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2436
2437 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2438
5e3d3d9b
JH		 2439 smp->method = sc_select_method(smp);
2440
2441 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2442
2443 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2444 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2445 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2446 else
2447 hcon->pending_sec_level = BT_SECURITY_FIPS;
2448
aeb7d461
JH		 2449 if (!memcmp(debug_pk, smp->remote_pk, 64))
2450 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2451
38606f14
JH		 2452 if (smp->method == DSP_PASSKEY) {
2453 get_random_bytes(&hcon->passkey_notify,
2454 sizeof(hcon->passkey_notify));
2455 hcon->passkey_notify %= 1000000;
2456 hcon->passkey_entered = 0;
2457 smp->passkey_round = 0;
2458 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2459 hcon->dst_type,
2460 hcon->passkey_notify,
2461 hcon->passkey_entered))
2462 return SMP_UNSPECIFIED;
2463 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2464 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2465 }
2466
a29b0733
JH		 2467 if (smp->method == REQ_OOB) {
2468 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2469 smp->rr, 0, cfm.confirm_val);
2470 if (err)
2471 return SMP_UNSPECIFIED;
2472
2473 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2474 return SMP_CONFIRM_FAILED;
2475
2476 if (hcon->out)
2477 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2478 sizeof(smp->prnd), smp->prnd);
2479
2480 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2481
2482 return 0;
2483 }
2484
38606f14
JH		 2485 if (hcon->out)
2486 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2487
2488 if (smp->method == REQ_PASSKEY) {
2489 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2490 hcon->dst_type))
2491 return SMP_UNSPECIFIED;
2492 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2493 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2494 return 0;
2495 }
2496
cbbbe3e2
JH		 2497 /* The Initiating device waits for the non-initiating device to
2498 * send the confirm value.
2499 */
2500 if (conn->hcon->out)
2501 return 0;
2502
2503 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2504 0, cfm.confirm_val);
2505 if (err)
2506 return SMP_UNSPECIFIED;
2507
2508 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2509 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2510
d8f8edbe
JH		 2511 return 0;
2512}
2513
6433a9a2
JH		 2514static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2515{
2516 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2517 struct l2cap_chan *chan = conn->smp;
2518 struct hci_conn *hcon = conn->hcon;
2519 struct smp_chan *smp = chan->data;
2520 u8 a[7], b[7], *local_addr, *remote_addr;
2521 u8 io_cap[3], r[16], e[16];
2522 int err;
2523
2524 BT_DBG("conn %p", conn);
2525
2526 if (skb->len < sizeof(*check))
2527 return SMP_INVALID_PARAMS;
2528
2529 memcpy(a, &hcon->init_addr, 6);
2530 memcpy(b, &hcon->resp_addr, 6);
2531 a[6] = hcon->init_addr_type;
2532 b[6] = hcon->resp_addr_type;
2533
2534 if (hcon->out) {
2535 local_addr = a;
2536 remote_addr = b;
2537 memcpy(io_cap, &smp->prsp[1], 3);
2538 } else {
2539 local_addr = b;
2540 remote_addr = a;
2541 memcpy(io_cap, &smp->preq[1], 3);
2542 }
2543
2544 memset(r, 0, sizeof(r));
2545
38606f14
JH		 2546 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2547 put_unaligned_le32(hcon->passkey_notify, r);
2548
6433a9a2
JH		 2549 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2550 io_cap, remote_addr, local_addr, e);
2551 if (err)
2552 return SMP_UNSPECIFIED;
2553
2554 if (memcmp(check->e, e, 16))
2555 return SMP_DHKEY_CHECK_FAILED;
2556
d3e54a87
JH		 2557 if (!hcon->out) {
2558 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2559 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2560 return 0;
2561 }
d378a2d7 2562
d3e54a87
JH		 2563 /* Slave sends DHKey check as response to master */
2564 sc_dhkey_check(smp);
2565 }
d378a2d7 2566
d3e54a87 2567 sc_add_ltk(smp);
6433a9a2
JH		 2568
2569 if (hcon->out) {
2570 hci_le_start_enc(hcon, 0, 0, smp->tk);
2571 hcon->enc_key_size = smp->enc_key_size;
2572 }
2573
2574 return 0;
2575}
2576
1408bb6e
JH		 2577static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2578 struct sk_buff *skb)
2579{
2580 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2581
2582 BT_DBG("value 0x%02x", kp->value);
2583
2584 return 0;
2585}
2586
4befb867 2587static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2588{
5d88cc73 2589 struct l2cap_conn *conn = chan->conn;
7b9899db 2590 struct hci_conn *hcon = conn->hcon;
b28b4943 2591 struct smp_chan *smp;
92381f5c 2592 __u8 code, reason;
eb492e01
AB		 2593 int err = 0;
2594
8ae9b984 2595 if (skb->len < 1)
92381f5c 2596 return -EILSEQ;
92381f5c 2597
06ae3314 2598 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2599 reason = SMP_PAIRING_NOTSUPP;
2600 goto done;
2601 }
2602
92381f5c 2603 code = skb->data[0];
eb492e01
AB		 2604 skb_pull(skb, sizeof(code));
2605
b28b4943
JH		 2606 smp = chan->data;
2607
2608 if (code > SMP_CMD_MAX)
2609 goto drop;
2610
24bd0bd9 2611 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2612 goto drop;
2613
2614 /* If we don't have a context the only allowed commands are
2615 * pairing request and security request.
8cf9fa12 2616 */
b28b4943
JH		 2617 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2618 goto drop;
8cf9fa12 2619
eb492e01
AB		 2620 switch (code) {
2621 case SMP_CMD_PAIRING_REQ:
da85e5e5 2622 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2623 break;
2624
2625 case SMP_CMD_PAIRING_FAIL:
84794e11 2626 smp_failure(conn, 0);
da85e5e5 2627 err = -EPERM;
eb492e01
AB		 2628 break;
2629
2630 case SMP_CMD_PAIRING_RSP:
da85e5e5 2631 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2632 break;
2633
2634 case SMP_CMD_SECURITY_REQ:
da85e5e5 2635 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2636 break;
2637
eb492e01 2638 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2639 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2640 break;
2641
eb492e01 2642 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2643 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2644 break;
2645
eb492e01 2646 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2647 reason = smp_cmd_encrypt_info(conn, skb);
2648 break;
2649
eb492e01 2650 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2651 reason = smp_cmd_master_ident(conn, skb);
2652 break;
2653
eb492e01 2654 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2655 reason = smp_cmd_ident_info(conn, skb);
2656 break;
2657
eb492e01 2658 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2659 reason = smp_cmd_ident_addr_info(conn, skb);
2660 break;
2661
eb492e01 2662 case SMP_CMD_SIGN_INFO:
7ee4ea36 2663 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2664 break;
2665
d8f8edbe
JH		 2666 case SMP_CMD_PUBLIC_KEY:
2667 reason = smp_cmd_public_key(conn, skb);
2668 break;
2669
6433a9a2
JH		 2670 case SMP_CMD_DHKEY_CHECK:
2671 reason = smp_cmd_dhkey_check(conn, skb);
2672 break;
2673
1408bb6e
JH		 2674 case SMP_CMD_KEYPRESS_NOTIFY:
2675 reason = smp_cmd_keypress_notify(conn, skb);
2676 break;
2677
eb492e01
AB		 2678 default:
2679 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2680 reason = SMP_CMD_NOTSUPP;
3a0259bb 2681 goto done;
eb492e01
AB		 2682 }
2683
3a0259bb 2684done:
9b7b18ef
JH		 2685 if (!err) {
2686 if (reason)
2687 smp_failure(conn, reason);
8ae9b984 2688 kfree_skb(skb);
9b7b18ef
JH		 2689 }
2690
eb492e01 2691 return err;
b28b4943
JH		 2692
2693drop:
2694 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2695 code, &hcon->dst);
2696 kfree_skb(skb);
2697 return 0;
eb492e01 2698}
7034b911 2699
70db83c4
JH		 2700static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2701{
2702 struct l2cap_conn *conn = chan->conn;
2703
2704 BT_DBG("chan %p", chan);
2705
fc75cc86 2706 if (chan->data)
5d88cc73 2707 smp_chan_destroy(conn);
5d88cc73 2708
70db83c4
JH		 2709 conn->smp = NULL;
2710 l2cap_chan_put(chan);
2711}
2712
b5ae344d
JH		 2713static void bredr_pairing(struct l2cap_chan *chan)
2714{
2715 struct l2cap_conn *conn = chan->conn;
2716 struct hci_conn *hcon = conn->hcon;
2717 struct hci_dev *hdev = hcon->hdev;
2718 struct smp_cmd_pairing req;
2719 struct smp_chan *smp;
2720
2721 BT_DBG("chan %p", chan);
2722
2723 /* Only new pairings are interesting */
2724 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2725 return;
2726
2727 /* Don't bother if we're not encrypted */
2728 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2729 return;
2730
2731 /* Only master may initiate SMP over BR/EDR */
2732 if (hcon->role != HCI_ROLE_MASTER)
2733 return;
2734
2735 /* Secure Connections support must be enabled */
2736 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2737 return;
2738
2739 /* BR/EDR must use Secure Connections for SMP */
2740 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2741 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2742 return;
2743
2744 /* If our LE support is not enabled don't do anything */
2745 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2746 return;
2747
2748 /* Don't bother if remote LE support is not enabled */
2749 if (!lmp_host_le_capable(hcon))
2750 return;
2751
2752 /* Remote must support SMP fixed chan for BR/EDR */
2753 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2754 return;
2755
2756 /* Don't bother if SMP is already ongoing */
2757 if (chan->data)
2758 return;
2759
2760 smp = smp_chan_create(conn);
2761 if (!smp) {
2762 BT_ERR("%s unable to create SMP context for BR/EDR",
2763 hdev->name);
2764 return;
2765 }
2766
2767 set_bit(SMP_FLAG_SC, &smp->flags);
2768
2769 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2770
2771 /* Prepare and send the BR/EDR SMP Pairing Request */
2772 build_bredr_pairing_cmd(smp, &req, NULL);
2773
2774 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2775 memcpy(&smp->preq[1], &req, sizeof(req));
2776
2777 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2778 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2779}
2780
44f1a7ab
JH		 2781static void smp_resume_cb(struct l2cap_chan *chan)
2782{
b68fda68 2783 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2784 struct l2cap_conn *conn = chan->conn;
2785 struct hci_conn *hcon = conn->hcon;
2786
2787 BT_DBG("chan %p", chan);
2788
b5ae344d
JH		 2789 if (hcon->type == ACL_LINK) {
2790 bredr_pairing(chan);
ef8efe4b 2791 return;
b5ae344d 2792 }
ef8efe4b 2793
86d1407c
JH		 2794 if (!smp)
2795 return;
b68fda68 2796
84bc0db5
JH		 2797 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2798 return;
2799
86d1407c
JH		 2800 cancel_delayed_work(&smp->security_timer);
2801
d6268e86 2802 smp_distribute_keys(smp);
44f1a7ab
JH		 2803}
2804
70db83c4
JH		 2805static void smp_ready_cb(struct l2cap_chan *chan)
2806{
2807 struct l2cap_conn *conn = chan->conn;
b5ae344d 2808 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2809
2810 BT_DBG("chan %p", chan);
2811
2812 conn->smp = chan;
2813 l2cap_chan_hold(chan);
b5ae344d
JH		 2814
2815 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2816 bredr_pairing(chan);
70db83c4
JH		 2817}
2818
4befb867
JH		 2819static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2820{
2821 int err;
2822
2823 BT_DBG("chan %p", chan);
2824
2825 err = smp_sig_channel(chan, skb);
2826 if (err) {
b68fda68 2827 struct smp_chan *smp = chan->data;
4befb867 2828
b68fda68
JH		 2829 if (smp)
2830 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2831
1e91c29e 2832 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2833 }
2834
2835 return err;
2836}
2837
70db83c4
JH		 2838static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2839 unsigned long hdr_len,
2840 unsigned long len, int nb)
2841{
2842 struct sk_buff *skb;
2843
2844 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2845 if (!skb)
2846 return ERR_PTR(-ENOMEM);
2847
2848 skb->priority = HCI_PRIO_MAX;
2849 bt_cb(skb)->chan = chan;
2850
2851 return skb;
2852}
2853
2854static const struct l2cap_ops smp_chan_ops = {
2855 .name = "Security Manager",
2856 .ready = smp_ready_cb,
5d88cc73 2857 .recv = smp_recv_cb,
70db83c4
JH		 2858 .alloc_skb = smp_alloc_skb_cb,
2859 .teardown = smp_teardown_cb,
44f1a7ab 2860 .resume = smp_resume_cb,
70db83c4
JH		 2861
2862 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2863 .state_change = l2cap_chan_no_state_change,
2864 .close = l2cap_chan_no_close,
2865 .defer = l2cap_chan_no_defer,
2866 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2867 .set_shutdown = l2cap_chan_no_set_shutdown,
2868 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2869};
2870
2871static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2872{
2873 struct l2cap_chan *chan;
2874
2875 BT_DBG("pchan %p", pchan);
2876
2877 chan = l2cap_chan_create();
2878 if (!chan)
2879 return NULL;
2880
2881 chan->chan_type = pchan->chan_type;
2882 chan->ops = &smp_chan_ops;
2883 chan->scid = pchan->scid;
2884 chan->dcid = chan->scid;
2885 chan->imtu = pchan->imtu;
2886 chan->omtu = pchan->omtu;
2887 chan->mode = pchan->mode;
2888
abe84903
JH		 2889 /* Other L2CAP channels may request SMP routines in order to
2890 * change the security level. This means that the SMP channel
2891 * lock must be considered in its own category to avoid lockdep
2892 * warnings.
2893 */
2894 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2895
70db83c4
JH		 2896 BT_DBG("created chan %p", chan);
2897
2898 return chan;
2899}
2900
2901static const struct l2cap_ops smp_root_chan_ops = {
2902 .name = "Security Manager Root",
2903 .new_connection = smp_new_conn_cb,
2904
2905 /* None of these are implemented for the root channel */
2906 .close = l2cap_chan_no_close,
2907 .alloc_skb = l2cap_chan_no_alloc_skb,
2908 .recv = l2cap_chan_no_recv,
2909 .state_change = l2cap_chan_no_state_change,
2910 .teardown = l2cap_chan_no_teardown,
2911 .ready = l2cap_chan_no_ready,
2912 .defer = l2cap_chan_no_defer,
2913 .suspend = l2cap_chan_no_suspend,
2914 .resume = l2cap_chan_no_resume,
2915 .set_shutdown = l2cap_chan_no_set_shutdown,
2916 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 2917};
2918
ef8efe4b 2919static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 2920{
70db83c4 2921 struct l2cap_chan *chan;
defce9e8 2922 struct crypto_blkcipher *tfm_aes;
70db83c4 2923
ef8efe4b
JH		 2924 if (cid == L2CAP_CID_SMP_BREDR) {
2925 tfm_aes = NULL;
2926 goto create_chan;
2927 }
711eafe3 2928
adae20cb 2929 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8 2930 if (IS_ERR(tfm_aes)) {
711eafe3 2931 BT_ERR("Unable to create crypto context");
fe700771 2932 return ERR_CAST(tfm_aes);
711eafe3
JH		 2933 }
2934
ef8efe4b 2935create_chan:
70db83c4
JH		 2936 chan = l2cap_chan_create();
2937 if (!chan) {
defce9e8 2938 crypto_free_blkcipher(tfm_aes);
ef8efe4b 2939 return ERR_PTR(-ENOMEM);
70db83c4
JH		 2940 }
2941
defce9e8
JH		 2942 chan->data = tfm_aes;
2943
ef8efe4b 2944 l2cap_add_scid(chan, cid);
70db83c4
JH		 2945
2946 l2cap_chan_set_defaults(chan);
2947
2948 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b
JH		 2949 if (cid == L2CAP_CID_SMP)
2950 chan->src_type = BDADDR_LE_PUBLIC;
2951 else
2952 chan->src_type = BDADDR_BREDR;
70db83c4
JH		 2953 chan->state = BT_LISTEN;
2954 chan->mode = L2CAP_MODE_BASIC;
2955 chan->imtu = L2CAP_DEFAULT_MTU;
2956 chan->ops = &smp_root_chan_ops;
2957
abe84903
JH		 2958 /* Set correct nesting level for a parent/listening channel */
2959 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2960
ef8efe4b 2961 return chan;
711eafe3
JH		 2962}
2963
ef8efe4b 2964static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 2965{
ef8efe4b 2966 struct crypto_blkcipher *tfm_aes;
70db83c4 2967
ef8efe4b 2968 BT_DBG("chan %p", chan);
711eafe3 2969
defce9e8
JH		 2970 tfm_aes = chan->data;
2971 if (tfm_aes) {
2972 chan->data = NULL;
2973 crypto_free_blkcipher(tfm_aes);
711eafe3 2974 }
70db83c4 2975
70db83c4 2976 l2cap_chan_put(chan);
711eafe3 2977}
ef8efe4b
JH		 2978
2979int smp_register(struct hci_dev *hdev)
2980{
2981 struct l2cap_chan *chan;
2982
2983 BT_DBG("%s", hdev->name);
2984
2985 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
2986 if (IS_ERR(chan))
2987 return PTR_ERR(chan);
2988
2989 hdev->smp_data = chan;
2990
2991 if (!lmp_sc_capable(hdev) &&
2992 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2993 return 0;
2994
2995 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
2996 if (IS_ERR(chan)) {
2997 int err = PTR_ERR(chan);
2998 chan = hdev->smp_data;
2999 hdev->smp_data = NULL;
3000 smp_del_chan(chan);
3001 return err;
3002 }
3003
3004 hdev->smp_bredr_data = chan;
3005
3006 return 0;
3007}
3008
3009void smp_unregister(struct hci_dev *hdev)
3010{
3011 struct l2cap_chan *chan;
3012
3013 if (hdev->smp_bredr_data) {
3014 chan = hdev->smp_bredr_data;
3015 hdev->smp_bredr_data = NULL;
3016 smp_del_chan(chan);
3017 }
3018
3019 if (hdev->smp_data) {
3020 chan = hdev->smp_data;
3021 hdev->smp_data = NULL;
3022 smp_del_chan(chan);
3023 }
3024}
0a2b0f04
JH		 3025
3026#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3027
cfc4198e
JH		 3028static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3029{
3030 const u8 irk[16] = {
3031 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3032 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3033 const u8 r[3] = { 0x94, 0x81, 0x70 };
3034 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3035 u8 res[3];
3036 int err;
3037
3038 err = smp_ah(tfm_aes, irk, r, res);
3039 if (err)
3040 return err;
3041
3042 if (memcmp(res, exp, 3))
3043 return -EINVAL;
3044
3045 return 0;
3046}
3047
3048static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3049{
3050 const u8 k[16] = {
3051 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3052 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3053 const u8 r[16] = {
3054 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3055 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3056 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3057 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3058 const u8 _iat = 0x01;
3059 const u8 _rat = 0x00;
3060 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3061 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3062 const u8 exp[16] = {
3063 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3064 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3065 u8 res[16];
3066 int err;
3067
3068 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3069 if (err)
3070 return err;
3071
3072 if (memcmp(res, exp, 16))
3073 return -EINVAL;
3074
3075 return 0;
3076}
3077
3078static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3079{
3080 const u8 k[16] = {
3081 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3082 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3083 const u8 r1[16] = {
3084 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3085 const u8 r2[16] = {
3086 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3087 const u8 exp[16] = {
3088 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3089 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3090 u8 res[16];
3091 int err;
3092
3093 err = smp_s1(tfm_aes, k, r1, r2, res);
3094 if (err)
3095 return err;
3096
3097 if (memcmp(res, exp, 16))
3098 return -EINVAL;
3099
3100 return 0;
3101}
3102
fb2969a3
JH		 3103static int __init test_f4(struct crypto_hash *tfm_cmac)
3104{
3105 const u8 u[32] = {
3106 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3107 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3108 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3109 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3110 const u8 v[32] = {
3111 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3112 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3113 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3114 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3115 const u8 x[16] = {
3116 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3117 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3118 const u8 z = 0x00;
3119 const u8 exp[16] = {
3120 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3121 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3122 u8 res[16];
3123 int err;
3124
3125 err = smp_f4(tfm_cmac, u, v, x, z, res);
3126 if (err)
3127 return err;
3128
3129 if (memcmp(res, exp, 16))
3130 return -EINVAL;
3131
3132 return 0;
3133}
3134
3135static int __init test_f5(struct crypto_hash *tfm_cmac)
3136{
3137 const u8 w[32] = {
3138 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3139 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3140 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3141 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3142 const u8 n1[16] = {
3143 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3144 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3145 const u8 n2[16] = {
3146 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3147 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3148 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3149 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3150 const u8 exp_ltk[16] = {
3151 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3152 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3153 const u8 exp_mackey[16] = {
3154 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3155 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3156 u8 mackey[16], ltk[16];
3157 int err;
3158
3159 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3160 if (err)
3161 return err;
3162
3163 if (memcmp(mackey, exp_mackey, 16))
3164 return -EINVAL;
3165
3166 if (memcmp(ltk, exp_ltk, 16))
3167 return -EINVAL;
3168
3169 return 0;
3170}
3171
3172static int __init test_f6(struct crypto_hash *tfm_cmac)
3173{
3174 const u8 w[16] = {
3175 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3176 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3177 const u8 n1[16] = {
3178 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3179 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3180 const u8 n2[16] = {
3181 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3182 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3183 const u8 r[16] = {
3184 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3185 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3186 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3187 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3188 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3189 const u8 exp[16] = {
3190 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3191 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3192 u8 res[16];
3193 int err;
3194
3195 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3196 if (err)
3197 return err;
3198
3199 if (memcmp(res, exp, 16))
3200 return -EINVAL;
3201
3202 return 0;
3203}
3204
3205static int __init test_g2(struct crypto_hash *tfm_cmac)
3206{
3207 const u8 u[32] = {
3208 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3209 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3210 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3211 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3212 const u8 v[32] = {
3213 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3214 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3215 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3216 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3217 const u8 x[16] = {
3218 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3219 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3220 const u8 y[16] = {
3221 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3222 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3223 const u32 exp_val = 0x2f9ed5ba % 1000000;
3224 u32 val;
3225 int err;
3226
3227 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3228 if (err)
3229 return err;
3230
3231 if (val != exp_val)
3232 return -EINVAL;
3233
3234 return 0;
3235}
3236
3237static int __init test_h6(struct crypto_hash *tfm_cmac)
3238{
3239 const u8 w[16] = {
3240 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3241 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3242 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3243 const u8 exp[16] = {
3244 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3245 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3246 u8 res[16];
3247 int err;
3248
3249 err = smp_h6(tfm_cmac, w, key_id, res);
3250 if (err)
3251 return err;
3252
3253 if (memcmp(res, exp, 16))
3254 return -EINVAL;
3255
3256 return 0;
3257}
3258
0a2b0f04
JH		 3259static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3260 struct crypto_hash *tfm_cmac)
3261{
255047b0
MH		 3262 ktime_t calltime, delta, rettime;
3263 unsigned long long duration;
cfc4198e
JH		 3264 int err;
3265
255047b0
MH		 3266 calltime = ktime_get();
3267
cfc4198e
JH		 3268 err = test_ah(tfm_aes);
3269 if (err) {
3270 BT_ERR("smp_ah test failed");
3271 return err;
3272 }
3273
3274 err = test_c1(tfm_aes);
3275 if (err) {
3276 BT_ERR("smp_c1 test failed");
3277 return err;
3278 }
3279
3280 err = test_s1(tfm_aes);
3281 if (err) {
3282 BT_ERR("smp_s1 test failed");
3283 return err;
3284 }
3285
fb2969a3
JH		 3286 err = test_f4(tfm_cmac);
3287 if (err) {
3288 BT_ERR("smp_f4 test failed");
3289 return err;
3290 }
3291
3292 err = test_f5(tfm_cmac);
3293 if (err) {
3294 BT_ERR("smp_f5 test failed");
3295 return err;
3296 }
3297
3298 err = test_f6(tfm_cmac);
3299 if (err) {
3300 BT_ERR("smp_f6 test failed");
3301 return err;
3302 }
3303
3304 err = test_g2(tfm_cmac);
3305 if (err) {
3306 BT_ERR("smp_g2 test failed");
3307 return err;
3308 }
3309
3310 err = test_h6(tfm_cmac);
3311 if (err) {
3312 BT_ERR("smp_h6 test failed");
3313 return err;
3314 }
3315
255047b0
MH		 3316 rettime = ktime_get();
3317 delta = ktime_sub(rettime, calltime);
3318 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3319
3320 BT_INFO("SMP test passed in %lld usecs", duration);
0a2b0f04
JH		 3321
3322 return 0;
3323}
3324
3325int __init bt_selftest_smp(void)
3326{
3327 struct crypto_blkcipher *tfm_aes;
3328 struct crypto_hash *tfm_cmac;
3329 int err;
3330
3331 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3332 if (IS_ERR(tfm_aes)) {
3333 BT_ERR("Unable to create ECB crypto context");
3334 return PTR_ERR(tfm_aes);
3335 }
3336
3337 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3338 if (IS_ERR(tfm_cmac)) {
3339 BT_ERR("Unable to create CMAC crypto context");
3340 crypto_free_blkcipher(tfm_aes);
3341 return PTR_ERR(tfm_cmac);
3342 }
3343
3344 err = run_selftests(tfm_aes, tfm_cmac);
3345
3346 crypto_free_hash(tfm_cmac);
3347 crypto_free_blkcipher(tfm_aes);
3348
3349 return err;
3350}
3351
3352#endif
Linux kernel - Deliverables
This page took 0.388496 seconds and 5 git commands to generate.