projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branches 'asoc/topic/rcar', 'asoc/topic/rockchip', 'asoc/topic...
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/debugfs.h>
24 #include <linux/crypto.h>
25 #include <linux/scatterlist.h>
26 #include <crypto/b128ops.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "ecc.h"
34 #include "smp.h"
35
36 #define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
38
39 /* Low-level debug macros to be used for stuff that we don't want
40 * accidentially in dmesg, i.e. the values of the various crypto keys
41 * and the inputs & outputs of crypto functions.
42 */
43 #ifdef DEBUG
44 #define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46 #else
47 #define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49 #endif
50
51 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
52
53 /* Keys which are not distributed with Secure Connections */
54 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
55
56 #define SMP_TIMEOUT msecs_to_jiffies(30000)
57
58 #define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
59 0x1f : 0x07)
60 #define KEY_DIST_MASK 0x07
61
62 /* Maximum message length that can be passed to aes_cmac */
63 #define CMAC_MSG_MAX 80
64
65 enum {
66 SMP_FLAG_TK_VALID,
67 SMP_FLAG_CFM_PENDING,
68 SMP_FLAG_MITM_AUTH,
69 SMP_FLAG_COMPLETE,
70 SMP_FLAG_INITIATOR,
71 SMP_FLAG_SC,
72 SMP_FLAG_REMOTE_PK,
73 SMP_FLAG_DEBUG_KEY,
74 SMP_FLAG_WAIT_USER,
75 SMP_FLAG_DHKEY_PENDING,
76 SMP_FLAG_REMOTE_OOB,
77 SMP_FLAG_LOCAL_OOB,
78 };
79
80 struct smp_dev {
81 /* Secure Connections OOB data */
82 u8 local_pk[64];
83 u8 local_sk[32];
84 u8 local_rand[16];
85 bool debug_key;
86
87 u8 min_key_size;
88 u8 max_key_size;
89
90 struct crypto_blkcipher *tfm_aes;
91 struct crypto_hash *tfm_cmac;
92 };
93
94 struct smp_chan {
95 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
97 unsigned long allow_cmd; /* Bitmask of allowed commands */
98
99 u8 preq[7]; /* SMP Pairing Request */
100 u8 prsp[7]; /* SMP Pairing Response */
101 u8 prnd[16]; /* SMP Pairing Random (local) */
102 u8 rrnd[16]; /* SMP Pairing Random (remote) */
103 u8 pcnf[16]; /* SMP Pairing Confirm */
104 u8 tk[16]; /* SMP Temporary Key */
105 u8 rr[16]; /* Remote OOB ra/rb value */
106 u8 lr[16]; /* Local OOB ra/rb value */
107 u8 enc_key_size;
108 u8 remote_key_dist;
109 bdaddr_t id_addr;
110 u8 id_addr_type;
111 u8 irk[16];
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
114 struct smp_ltk *ltk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
117 u8 *link_key;
118 unsigned long flags;
119 u8 method;
120 u8 passkey_round;
121
122 /* Secure Connections variables */
123 u8 local_pk[64];
124 u8 local_sk[32];
125 u8 remote_pk[64];
126 u8 dhkey[32];
127 u8 mackey[16];
128
129 struct crypto_blkcipher *tfm_aes;
130 struct crypto_hash *tfm_cmac;
131 };
132
133 /* These debug key values are defined in the SMP section of the core
134 * specification. debug_pk is the public debug key and debug_sk the
135 * private debug key.
136 */
137 static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
142
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
147 };
148
149 static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
154 };
155
156 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
157 {
158 size_t i;
159
160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
162 }
163
164 /* The following functions map to the LE SC SMP crypto functions
165 * AES-CMAC, f4, f5, f6, g2 and h6.
166 */
167
168 static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
170 {
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
174 int err;
175
176 if (len > CMAC_MSG_MAX)
177 return -EFBIG;
178
179 if (!tfm) {
180 BT_ERR("tfm %p", tfm);
181 return -EINVAL;
182 }
183
184 desc.tfm = tfm;
185 desc.flags = 0;
186
187 crypto_hash_init(&desc);
188
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
195
196 err = crypto_hash_setkey(tfm, tmp, 16);
197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
202 sg_init_one(&sg, msg_msb, len);
203
204 err = crypto_hash_update(&desc, &sg, len);
205 if (err) {
206 BT_ERR("Hash update error %d", err);
207 return err;
208 }
209
210 err = crypto_hash_final(&desc, mac_msb);
211 if (err) {
212 BT_ERR("Hash final error %d", err);
213 return err;
214 }
215
216 swap_buf(mac_msb, mac, 16);
217
218 SMP_DBG("mac %16phN", mac);
219
220 return 0;
221 }
222
223 static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
225 {
226 u8 m[65];
227 int err;
228
229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
232
233 m[0] = z;
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
236
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
238 if (err)
239 return err;
240
241 SMP_DBG("res %16phN", res);
242
243 return err;
244 }
245
246 static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
249 {
250 /* The btle, salt and length "magic" values are as defined in
251 * the SMP section of the Bluetooth core specification. In ASCII
252 * the btle value ends up being 'btle'. The salt is just a
253 * random number whereas length is the value 256 in little
254 * endian format.
255 */
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
260 u8 m[53], t[16];
261 int err;
262
263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
266
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
268 if (err)
269 return err;
270
271 SMP_DBG("t %16phN", t);
272
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
279
280 m[52] = 0; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
283 if (err)
284 return err;
285
286 SMP_DBG("mackey %16phN", mackey);
287
288 m[52] = 1; /* Counter */
289
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
291 if (err)
292 return err;
293
294 SMP_DBG("ltk %16phN", ltk);
295
296 return 0;
297 }
298
299 static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
300 const u8 n1[16], const u8 n2[16], const u8 r[16],
301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
302 u8 res[16])
303 {
304 u8 m[65];
305 int err;
306
307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
310
311 memcpy(m, a2, 7);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
317
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
319 if (err)
320 return err;
321
322 SMP_DBG("res %16phN", res);
323
324 return err;
325 }
326
327 static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
329 {
330 u8 m[80], tmp[16];
331 int err;
332
333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
336
337 memcpy(m, y, 16);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
340
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
342 if (err)
343 return err;
344
345 *val = get_unaligned_le32(tmp);
346 *val %= 1000000;
347
348 SMP_DBG("val %06u", *val);
349
350 return 0;
351 }
352
353 static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355 {
356 int err;
357
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 SMP_DBG("res %16phN", res);
365
366 return err;
367 }
368
369 /* The following functions map to the legacy SMP crypto functions e, c1,
370 * s1 and ah.
371 */
372
373 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
374 {
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
377 uint8_t tmp[16], data[16];
378 int err;
379
380 SMP_DBG("k %16phN r %16phN", k, r);
381
382 if (!tfm) {
383 BT_ERR("tfm %p", tfm);
384 return -EINVAL;
385 }
386
387 desc.tfm = tfm;
388 desc.flags = 0;
389
390 /* The most significant octet of key corresponds to k[0] */
391 swap_buf(k, tmp, 16);
392
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
394 if (err) {
395 BT_ERR("cipher setkey failed: %d", err);
396 return err;
397 }
398
399 /* Most significant octet of plaintextData corresponds to data[0] */
400 swap_buf(r, data, 16);
401
402 sg_init_one(&sg, data, 16);
403
404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
405 if (err)
406 BT_ERR("Encrypt data error %d", err);
407
408 /* Most significant octet of encryptedData corresponds to data[0] */
409 swap_buf(data, r, 16);
410
411 SMP_DBG("r %16phN", r);
412
413 return err;
414 }
415
416 static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
419 {
420 u8 p1[16], p2[16];
421 int err;
422
423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
427 memset(p1, 0, 16);
428
429 /* p1 = pres || preq || _rat || _iat */
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
435 SMP_DBG("p1 %16phN", p1);
436
437 /* res = r XOR p1 */
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
444 return err;
445 }
446
447 /* p2 = padding || ia || ra */
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463 }
464
465 static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467 {
468 int err;
469
470 /* Just least significant octets from r1 and r2 are considered */
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
477
478 return err;
479 }
480
481 static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
483 {
484 u8 _res[16];
485 int err;
486
487 /* r' = padding || r */
488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
490
491 err = smp_e(tfm, irk, _res);
492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497 /* The output of the random address function ah is:
498 * ah(k, r) = e(k, r') mod 2^24
499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
501 * result of ah.
502 */
503 memcpy(res, _res, 3);
504
505 return 0;
506 }
507
508 bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
510 {
511 struct l2cap_chan *chan = hdev->smp_data;
512 struct smp_dev *smp;
513 u8 hash[3];
514 int err;
515
516 if (!chan || !chan->data)
517 return false;
518
519 smp = chan->data;
520
521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
524 if (err)
525 return false;
526
527 return !memcmp(bdaddr->b, hash, 3);
528 }
529
530 int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
531 {
532 struct l2cap_chan *chan = hdev->smp_data;
533 struct smp_dev *smp;
534 int err;
535
536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
539 smp = chan->data;
540
541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
545
546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553 }
554
555 int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556 {
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573 /* Generate local key pair for Secure Connections */
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
575 return -EIO;
576
577 /* This is unlikely, but we need to check that
578 * we didn't accidentially generate a debug key.
579 */
580 if (memcmp(smp->local_sk, debug_sk, 32))
581 break;
582 }
583 smp->debug_key = false;
584 }
585
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
589
590 get_random_bytes(smp->local_rand, 16);
591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
593 smp->local_rand, 0, hash);
594 if (err < 0)
595 return err;
596
597 memcpy(rand, smp->local_rand, 16);
598
599 return 0;
600 }
601
602 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
603 {
604 struct l2cap_chan *chan = conn->smp;
605 struct smp_chan *smp;
606 struct kvec iv[2];
607 struct msghdr msg;
608
609 if (!chan)
610 return;
611
612 BT_DBG("code 0x%2.2x", code);
613
614 iv[0].iov_base = &code;
615 iv[0].iov_len = 1;
616
617 iv[1].iov_base = data;
618 iv[1].iov_len = len;
619
620 memset(&msg, 0, sizeof(msg));
621
622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
623
624 l2cap_chan_send(chan, &msg, 1 + len);
625
626 if (!chan->data)
627 return;
628
629 smp = chan->data;
630
631 cancel_delayed_work_sync(&smp->security_timer);
632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
633 }
634
635 static u8 authreq_to_seclevel(u8 authreq)
636 {
637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
640 else
641 return BT_SECURITY_HIGH;
642 } else {
643 return BT_SECURITY_MEDIUM;
644 }
645 }
646
647 static __u8 seclevel_to_authreq(__u8 sec_level)
648 {
649 switch (sec_level) {
650 case BT_SECURITY_FIPS:
651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
655 default:
656 return SMP_AUTH_NONE;
657 }
658 }
659
660 static void build_pairing_cmd(struct l2cap_conn *conn,
661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
663 {
664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
669
670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
673 authreq |= SMP_AUTH_BONDING;
674 } else {
675 authreq &= ~SMP_AUTH_BONDING;
676 }
677
678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
679 remote_dist |= SMP_DIST_ID_KEY;
680
681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
682 local_dist |= SMP_DIST_ID_KEY;
683
684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
687 u8 bdaddr_type;
688
689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
692 }
693
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
696 else
697 bdaddr_type = BDADDR_LE_RANDOM;
698
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
700 bdaddr_type);
701 if (oob_data && oob_data->present) {
702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
703 oob_flag = SMP_OOB_PRESENT;
704 memcpy(smp->rr, oob_data->rand256, 16);
705 memcpy(smp->pcnf, oob_data->hash256, 16);
706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
708 }
709
710 } else {
711 authreq &= ~SMP_AUTH_SC;
712 }
713
714 if (rsp == NULL) {
715 req->io_capability = conn->hcon->io_capability;
716 req->oob_flag = oob_flag;
717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
721
722 smp->remote_key_dist = remote_dist;
723 return;
724 }
725
726 rsp->io_capability = conn->hcon->io_capability;
727 rsp->oob_flag = oob_flag;
728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
732
733 smp->remote_key_dist = rsp->init_key_dist;
734 }
735
736 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
737 {
738 struct l2cap_chan *chan = conn->smp;
739 struct hci_dev *hdev = conn->hcon->hdev;
740 struct smp_chan *smp = chan->data;
741
742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
744 return SMP_ENC_KEY_SIZE;
745
746 smp->enc_key_size = max_key_size;
747
748 return 0;
749 }
750
751 static void smp_chan_destroy(struct l2cap_conn *conn)
752 {
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
755 struct hci_conn *hcon = conn->hcon;
756 bool complete;
757
758 BUG_ON(!smp);
759
760 cancel_delayed_work_sync(&smp->security_timer);
761
762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
763 mgmt_smp_complete(hcon, complete);
764
765 kzfree(smp->csrk);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
768
769 crypto_free_blkcipher(smp->tfm_aes);
770 crypto_free_hash(smp->tfm_cmac);
771
772 /* Ensure that we don't leave any debug key around if debug key
773 * support hasn't been explicitly enabled.
774 */
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
779 smp->ltk = NULL;
780 }
781
782 /* If pairing failed clean up any keys we might have */
783 if (!complete) {
784 if (smp->ltk) {
785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
787 }
788
789 if (smp->slave_ltk) {
790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
792 }
793
794 if (smp->remote_irk) {
795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
797 }
798 }
799
800 chan->data = NULL;
801 kzfree(smp);
802 hci_conn_drop(hcon);
803 }
804
805 static void smp_failure(struct l2cap_conn *conn, u8 reason)
806 {
807 struct hci_conn *hcon = conn->hcon;
808 struct l2cap_chan *chan = conn->smp;
809
810 if (reason)
811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
812 &reason);
813
814 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
815
816 if (chan->data)
817 smp_chan_destroy(conn);
818 }
819
820 #define JUST_WORKS 0x00
821 #define JUST_CFM 0x01
822 #define REQ_PASSKEY 0x02
823 #define CFM_PASSKEY 0x03
824 #define REQ_OOB 0x04
825 #define DSP_PASSKEY 0x05
826 #define OVERLAP 0xFF
827
828 static const u8 gen_method[5][5] = {
829 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
832 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
833 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
834 };
835
836 static const u8 sc_method[5][5] = {
837 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
838 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
839 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
840 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
841 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842 };
843
844 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
845 {
846 /* If either side has unknown io_caps, use JUST_CFM (which gets
847 * converted later to JUST_WORKS if we're initiators.
848 */
849 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
850 remote_io > SMP_IO_KEYBOARD_DISPLAY)
851 return JUST_CFM;
852
853 if (test_bit(SMP_FLAG_SC, &smp->flags))
854 return sc_method[remote_io][local_io];
855
856 return gen_method[remote_io][local_io];
857 }
858
859 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
860 u8 local_io, u8 remote_io)
861 {
862 struct hci_conn *hcon = conn->hcon;
863 struct l2cap_chan *chan = conn->smp;
864 struct smp_chan *smp = chan->data;
865 u32 passkey = 0;
866 int ret = 0;
867
868 /* Initialize key for JUST WORKS */
869 memset(smp->tk, 0, sizeof(smp->tk));
870 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
871
872 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
873
874 /* If neither side wants MITM, either "just" confirm an incoming
875 * request or use just-works for outgoing ones. The JUST_CFM
876 * will be converted to JUST_WORKS if necessary later in this
877 * function. If either side has MITM look up the method from the
878 * table.
879 */
880 if (!(auth & SMP_AUTH_MITM))
881 smp->method = JUST_CFM;
882 else
883 smp->method = get_auth_method(smp, local_io, remote_io);
884
885 /* Don't confirm locally initiated pairing attempts */
886 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
887 &smp->flags))
888 smp->method = JUST_WORKS;
889
890 /* Don't bother user space with no IO capabilities */
891 if (smp->method == JUST_CFM &&
892 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
893 smp->method = JUST_WORKS;
894
895 /* If Just Works, Continue with Zero TK */
896 if (smp->method == JUST_WORKS) {
897 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
898 return 0;
899 }
900
901 /* If this function is used for SC -> legacy fallback we
902 * can only recover the just-works case.
903 */
904 if (test_bit(SMP_FLAG_SC, &smp->flags))
905 return -EINVAL;
906
907 /* Not Just Works/Confirm results in MITM Authentication */
908 if (smp->method != JUST_CFM) {
909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
910 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
911 hcon->pending_sec_level = BT_SECURITY_HIGH;
912 }
913
914 /* If both devices have Keyoard-Display I/O, the master
915 * Confirms and the slave Enters the passkey.
916 */
917 if (smp->method == OVERLAP) {
918 if (hcon->role == HCI_ROLE_MASTER)
919 smp->method = CFM_PASSKEY;
920 else
921 smp->method = REQ_PASSKEY;
922 }
923
924 /* Generate random passkey. */
925 if (smp->method == CFM_PASSKEY) {
926 memset(smp->tk, 0, sizeof(smp->tk));
927 get_random_bytes(&passkey, sizeof(passkey));
928 passkey %= 1000000;
929 put_unaligned_le32(passkey, smp->tk);
930 BT_DBG("PassKey: %d", passkey);
931 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
932 }
933
934 if (smp->method == REQ_PASSKEY)
935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
936 hcon->type, hcon->dst_type);
937 else if (smp->method == JUST_CFM)
938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type,
940 passkey, 1);
941 else
942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
943 hcon->type, hcon->dst_type,
944 passkey, 0);
945
946 return ret;
947 }
948
949 static u8 smp_confirm(struct smp_chan *smp)
950 {
951 struct l2cap_conn *conn = smp->conn;
952 struct smp_cmd_pairing_confirm cp;
953 int ret;
954
955 BT_DBG("conn %p", conn);
956
957 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
958 conn->hcon->init_addr_type, &conn->hcon->init_addr,
959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
960 cp.confirm_val);
961 if (ret)
962 return SMP_UNSPECIFIED;
963
964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
965
966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
967
968 if (conn->hcon->out)
969 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
970 else
971 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
972
973 return 0;
974 }
975
976 static u8 smp_random(struct smp_chan *smp)
977 {
978 struct l2cap_conn *conn = smp->conn;
979 struct hci_conn *hcon = conn->hcon;
980 u8 confirm[16];
981 int ret;
982
983 if (IS_ERR_OR_NULL(smp->tfm_aes))
984 return SMP_UNSPECIFIED;
985
986 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
987
988 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
989 hcon->init_addr_type, &hcon->init_addr,
990 hcon->resp_addr_type, &hcon->resp_addr, confirm);
991 if (ret)
992 return SMP_UNSPECIFIED;
993
994 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
995 BT_ERR("Pairing failed (confirmation values mismatch)");
996 return SMP_CONFIRM_FAILED;
997 }
998
999 if (hcon->out) {
1000 u8 stk[16];
1001 __le64 rand = 0;
1002 __le16 ediv = 0;
1003
1004 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1005
1006 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1007 return SMP_UNSPECIFIED;
1008
1009 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
1010 hcon->enc_key_size = smp->enc_key_size;
1011 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1012 } else {
1013 u8 stk[16], auth;
1014 __le64 rand = 0;
1015 __le16 ediv = 0;
1016
1017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1018 smp->prnd);
1019
1020 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1021
1022 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1023 auth = 1;
1024 else
1025 auth = 0;
1026
1027 /* Even though there's no _SLAVE suffix this is the
1028 * slave STK we're adding for later lookup (the master
1029 * STK never needs to be stored).
1030 */
1031 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1032 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
1033 }
1034
1035 return 0;
1036 }
1037
1038 static void smp_notify_keys(struct l2cap_conn *conn)
1039 {
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042 struct hci_conn *hcon = conn->hcon;
1043 struct hci_dev *hdev = hcon->hdev;
1044 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1045 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1046 bool persistent;
1047
1048 if (hcon->type == ACL_LINK) {
1049 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1050 persistent = false;
1051 else
1052 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1053 &hcon->flags);
1054 } else {
1055 /* The LTKs, IRKs and CSRKs should be persistent only if
1056 * both sides had the bonding bit set in their
1057 * authentication requests.
1058 */
1059 persistent = !!((req->auth_req & rsp->auth_req) &
1060 SMP_AUTH_BONDING);
1061 }
1062
1063 if (smp->remote_irk) {
1064 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1065
1066 /* Now that user space can be considered to know the
1067 * identity address track the connection based on it
1068 * from now on (assuming this is an LE link).
1069 */
1070 if (hcon->type == LE_LINK) {
1071 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1072 hcon->dst_type = smp->remote_irk->addr_type;
1073 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1074 }
1075 }
1076
1077 if (smp->csrk) {
1078 smp->csrk->bdaddr_type = hcon->dst_type;
1079 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1080 mgmt_new_csrk(hdev, smp->csrk, persistent);
1081 }
1082
1083 if (smp->slave_csrk) {
1084 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1085 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1086 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1087 }
1088
1089 if (smp->ltk) {
1090 smp->ltk->bdaddr_type = hcon->dst_type;
1091 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1092 mgmt_new_ltk(hdev, smp->ltk, persistent);
1093 }
1094
1095 if (smp->slave_ltk) {
1096 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1097 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1098 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1099 }
1100
1101 if (smp->link_key) {
1102 struct link_key *key;
1103 u8 type;
1104
1105 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1106 type = HCI_LK_DEBUG_COMBINATION;
1107 else if (hcon->sec_level == BT_SECURITY_FIPS)
1108 type = HCI_LK_AUTH_COMBINATION_P256;
1109 else
1110 type = HCI_LK_UNAUTH_COMBINATION_P256;
1111
1112 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1113 smp->link_key, type, 0, &persistent);
1114 if (key) {
1115 mgmt_new_link_key(hdev, key, persistent);
1116
1117 /* Don't keep debug keys around if the relevant
1118 * flag is not set.
1119 */
1120 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
1121 key->type == HCI_LK_DEBUG_COMBINATION) {
1122 list_del_rcu(&key->list);
1123 kfree_rcu(key, rcu);
1124 }
1125 }
1126 }
1127 }
1128
1129 static void sc_add_ltk(struct smp_chan *smp)
1130 {
1131 struct hci_conn *hcon = smp->conn->hcon;
1132 u8 key_type, auth;
1133
1134 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1135 key_type = SMP_LTK_P256_DEBUG;
1136 else
1137 key_type = SMP_LTK_P256;
1138
1139 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1140 auth = 1;
1141 else
1142 auth = 0;
1143
1144 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1145 key_type, auth, smp->tk, smp->enc_key_size,
1146 0, 0);
1147 }
1148
1149 static void sc_generate_link_key(struct smp_chan *smp)
1150 {
1151 /* These constants are as specified in the core specification.
1152 * In ASCII they spell out to 'tmp1' and 'lebr'.
1153 */
1154 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
1161 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1162 kzfree(smp->link_key);
1163 smp->link_key = NULL;
1164 return;
1165 }
1166
1167 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1168 kzfree(smp->link_key);
1169 smp->link_key = NULL;
1170 return;
1171 }
1172 }
1173
1174 static void smp_allow_key_dist(struct smp_chan *smp)
1175 {
1176 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1177 * will be allowed in each PDU handler to ensure we receive
1178 * them in the correct order.
1179 */
1180 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1182 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1183 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1184 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1185 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1186 }
1187
1188 static void sc_generate_ltk(struct smp_chan *smp)
1189 {
1190 /* These constants are as specified in the core specification.
1191 * In ASCII they spell out to 'tmp2' and 'brle'.
1192 */
1193 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1194 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1195 struct hci_conn *hcon = smp->conn->hcon;
1196 struct hci_dev *hdev = hcon->hdev;
1197 struct link_key *key;
1198
1199 key = hci_find_link_key(hdev, &hcon->dst);
1200 if (!key) {
1201 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1202 return;
1203 }
1204
1205 if (key->type == HCI_LK_DEBUG_COMBINATION)
1206 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1207
1208 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1209 return;
1210
1211 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1212 return;
1213
1214 sc_add_ltk(smp);
1215 }
1216
1217 static void smp_distribute_keys(struct smp_chan *smp)
1218 {
1219 struct smp_cmd_pairing *req, *rsp;
1220 struct l2cap_conn *conn = smp->conn;
1221 struct hci_conn *hcon = conn->hcon;
1222 struct hci_dev *hdev = hcon->hdev;
1223 __u8 *keydist;
1224
1225 BT_DBG("conn %p", conn);
1226
1227 rsp = (void *) &smp->prsp[1];
1228
1229 /* The responder sends its keys first */
1230 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1231 smp_allow_key_dist(smp);
1232 return;
1233 }
1234
1235 req = (void *) &smp->preq[1];
1236
1237 if (hcon->out) {
1238 keydist = &rsp->init_key_dist;
1239 *keydist &= req->init_key_dist;
1240 } else {
1241 keydist = &rsp->resp_key_dist;
1242 *keydist &= req->resp_key_dist;
1243 }
1244
1245 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1246 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1247 sc_generate_link_key(smp);
1248 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1249 sc_generate_ltk(smp);
1250
1251 /* Clear the keys which are generated but not distributed */
1252 *keydist &= ~SMP_SC_NO_DIST;
1253 }
1254
1255 BT_DBG("keydist 0x%x", *keydist);
1256
1257 if (*keydist & SMP_DIST_ENC_KEY) {
1258 struct smp_cmd_encrypt_info enc;
1259 struct smp_cmd_master_ident ident;
1260 struct smp_ltk *ltk;
1261 u8 authenticated;
1262 __le16 ediv;
1263 __le64 rand;
1264
1265 /* Make sure we generate only the significant amount of
1266 * bytes based on the encryption key size, and set the rest
1267 * of the value to zeroes.
1268 */
1269 get_random_bytes(enc.ltk, smp->enc_key_size);
1270 memset(enc.ltk + smp->enc_key_size, 0,
1271 sizeof(enc.ltk) - smp->enc_key_size);
1272
1273 get_random_bytes(&ediv, sizeof(ediv));
1274 get_random_bytes(&rand, sizeof(rand));
1275
1276 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1277
1278 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1279 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1280 SMP_LTK_SLAVE, authenticated, enc.ltk,
1281 smp->enc_key_size, ediv, rand);
1282 smp->slave_ltk = ltk;
1283
1284 ident.ediv = ediv;
1285 ident.rand = rand;
1286
1287 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1288
1289 *keydist &= ~SMP_DIST_ENC_KEY;
1290 }
1291
1292 if (*keydist & SMP_DIST_ID_KEY) {
1293 struct smp_cmd_ident_addr_info addrinfo;
1294 struct smp_cmd_ident_info idinfo;
1295
1296 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1297
1298 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1299
1300 /* The hci_conn contains the local identity address
1301 * after the connection has been established.
1302 *
1303 * This is true even when the connection has been
1304 * established using a resolvable random address.
1305 */
1306 bacpy(&addrinfo.bdaddr, &hcon->src);
1307 addrinfo.addr_type = hcon->src_type;
1308
1309 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1310 &addrinfo);
1311
1312 *keydist &= ~SMP_DIST_ID_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_SIGN) {
1316 struct smp_cmd_sign_info sign;
1317 struct smp_csrk *csrk;
1318
1319 /* Generate a new random key */
1320 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1321
1322 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1323 if (csrk) {
1324 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1325 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1326 else
1327 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
1328 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1329 }
1330 smp->slave_csrk = csrk;
1331
1332 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1333
1334 *keydist &= ~SMP_DIST_SIGN;
1335 }
1336
1337 /* If there are still keys to be received wait for them */
1338 if (smp->remote_key_dist & KEY_DIST_MASK) {
1339 smp_allow_key_dist(smp);
1340 return;
1341 }
1342
1343 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1344 smp_notify_keys(conn);
1345
1346 smp_chan_destroy(conn);
1347 }
1348
1349 static void smp_timeout(struct work_struct *work)
1350 {
1351 struct smp_chan *smp = container_of(work, struct smp_chan,
1352 security_timer.work);
1353 struct l2cap_conn *conn = smp->conn;
1354
1355 BT_DBG("conn %p", conn);
1356
1357 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1358 }
1359
1360 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1361 {
1362 struct l2cap_chan *chan = conn->smp;
1363 struct smp_chan *smp;
1364
1365 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1366 if (!smp)
1367 return NULL;
1368
1369 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1370 if (IS_ERR(smp->tfm_aes)) {
1371 BT_ERR("Unable to create ECB crypto context");
1372 kzfree(smp);
1373 return NULL;
1374 }
1375
1376 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1377 if (IS_ERR(smp->tfm_cmac)) {
1378 BT_ERR("Unable to create CMAC crypto context");
1379 crypto_free_blkcipher(smp->tfm_aes);
1380 kzfree(smp);
1381 return NULL;
1382 }
1383
1384 smp->conn = conn;
1385 chan->data = smp;
1386
1387 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1388
1389 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1390
1391 hci_conn_hold(conn->hcon);
1392
1393 return smp;
1394 }
1395
1396 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1397 {
1398 struct hci_conn *hcon = smp->conn->hcon;
1399 u8 *na, *nb, a[7], b[7];
1400
1401 if (hcon->out) {
1402 na = smp->prnd;
1403 nb = smp->rrnd;
1404 } else {
1405 na = smp->rrnd;
1406 nb = smp->prnd;
1407 }
1408
1409 memcpy(a, &hcon->init_addr, 6);
1410 memcpy(b, &hcon->resp_addr, 6);
1411 a[6] = hcon->init_addr_type;
1412 b[6] = hcon->resp_addr_type;
1413
1414 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1415 }
1416
1417 static void sc_dhkey_check(struct smp_chan *smp)
1418 {
1419 struct hci_conn *hcon = smp->conn->hcon;
1420 struct smp_cmd_dhkey_check check;
1421 u8 a[7], b[7], *local_addr, *remote_addr;
1422 u8 io_cap[3], r[16];
1423
1424 memcpy(a, &hcon->init_addr, 6);
1425 memcpy(b, &hcon->resp_addr, 6);
1426 a[6] = hcon->init_addr_type;
1427 b[6] = hcon->resp_addr_type;
1428
1429 if (hcon->out) {
1430 local_addr = a;
1431 remote_addr = b;
1432 memcpy(io_cap, &smp->preq[1], 3);
1433 } else {
1434 local_addr = b;
1435 remote_addr = a;
1436 memcpy(io_cap, &smp->prsp[1], 3);
1437 }
1438
1439 memset(r, 0, sizeof(r));
1440
1441 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1442 put_unaligned_le32(hcon->passkey_notify, r);
1443
1444 if (smp->method == REQ_OOB)
1445 memcpy(r, smp->rr, 16);
1446
1447 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1448 local_addr, remote_addr, check.e);
1449
1450 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1451 }
1452
1453 static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1454 {
1455 struct l2cap_conn *conn = smp->conn;
1456 struct hci_conn *hcon = conn->hcon;
1457 struct smp_cmd_pairing_confirm cfm;
1458 u8 r;
1459
1460 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1461 r |= 0x80;
1462
1463 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1464
1465 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1466 cfm.confirm_val))
1467 return SMP_UNSPECIFIED;
1468
1469 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1470
1471 return 0;
1472 }
1473
1474 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1475 {
1476 struct l2cap_conn *conn = smp->conn;
1477 struct hci_conn *hcon = conn->hcon;
1478 struct hci_dev *hdev = hcon->hdev;
1479 u8 cfm[16], r;
1480
1481 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1482 if (smp->passkey_round >= 20)
1483 return 0;
1484
1485 switch (smp_op) {
1486 case SMP_CMD_PAIRING_RANDOM:
1487 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1488 r |= 0x80;
1489
1490 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1491 smp->rrnd, r, cfm))
1492 return SMP_UNSPECIFIED;
1493
1494 if (memcmp(smp->pcnf, cfm, 16))
1495 return SMP_CONFIRM_FAILED;
1496
1497 smp->passkey_round++;
1498
1499 if (smp->passkey_round == 20) {
1500 /* Generate MacKey and LTK */
1501 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1502 return SMP_UNSPECIFIED;
1503 }
1504
1505 /* The round is only complete when the initiator
1506 * receives pairing random.
1507 */
1508 if (!hcon->out) {
1509 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1510 sizeof(smp->prnd), smp->prnd);
1511 if (smp->passkey_round == 20)
1512 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1513 else
1514 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1515 return 0;
1516 }
1517
1518 /* Start the next round */
1519 if (smp->passkey_round != 20)
1520 return sc_passkey_round(smp, 0);
1521
1522 /* Passkey rounds are complete - start DHKey Check */
1523 sc_dhkey_check(smp);
1524 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1525
1526 break;
1527
1528 case SMP_CMD_PAIRING_CONFIRM:
1529 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1530 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1531 return 0;
1532 }
1533
1534 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1535
1536 if (hcon->out) {
1537 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1538 sizeof(smp->prnd), smp->prnd);
1539 return 0;
1540 }
1541
1542 return sc_passkey_send_confirm(smp);
1543
1544 case SMP_CMD_PUBLIC_KEY:
1545 default:
1546 /* Initiating device starts the round */
1547 if (!hcon->out)
1548 return 0;
1549
1550 BT_DBG("%s Starting passkey round %u", hdev->name,
1551 smp->passkey_round + 1);
1552
1553 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1554
1555 return sc_passkey_send_confirm(smp);
1556 }
1557
1558 return 0;
1559 }
1560
1561 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1562 {
1563 struct l2cap_conn *conn = smp->conn;
1564 struct hci_conn *hcon = conn->hcon;
1565 u8 smp_op;
1566
1567 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1568
1569 switch (mgmt_op) {
1570 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1571 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1572 return 0;
1573 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1574 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1575 return 0;
1576 case MGMT_OP_USER_PASSKEY_REPLY:
1577 hcon->passkey_notify = le32_to_cpu(passkey);
1578 smp->passkey_round = 0;
1579
1580 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1581 smp_op = SMP_CMD_PAIRING_CONFIRM;
1582 else
1583 smp_op = 0;
1584
1585 if (sc_passkey_round(smp, smp_op))
1586 return -EIO;
1587
1588 return 0;
1589 }
1590
1591 /* Initiator sends DHKey check first */
1592 if (hcon->out) {
1593 sc_dhkey_check(smp);
1594 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1595 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1596 sc_dhkey_check(smp);
1597 sc_add_ltk(smp);
1598 }
1599
1600 return 0;
1601 }
1602
1603 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1604 {
1605 struct l2cap_conn *conn = hcon->l2cap_data;
1606 struct l2cap_chan *chan;
1607 struct smp_chan *smp;
1608 u32 value;
1609 int err;
1610
1611 BT_DBG("");
1612
1613 if (!conn)
1614 return -ENOTCONN;
1615
1616 chan = conn->smp;
1617 if (!chan)
1618 return -ENOTCONN;
1619
1620 l2cap_chan_lock(chan);
1621 if (!chan->data) {
1622 err = -ENOTCONN;
1623 goto unlock;
1624 }
1625
1626 smp = chan->data;
1627
1628 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1629 err = sc_user_reply(smp, mgmt_op, passkey);
1630 goto unlock;
1631 }
1632
1633 switch (mgmt_op) {
1634 case MGMT_OP_USER_PASSKEY_REPLY:
1635 value = le32_to_cpu(passkey);
1636 memset(smp->tk, 0, sizeof(smp->tk));
1637 BT_DBG("PassKey: %d", value);
1638 put_unaligned_le32(value, smp->tk);
1639 /* Fall Through */
1640 case MGMT_OP_USER_CONFIRM_REPLY:
1641 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1642 break;
1643 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1644 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1645 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1646 err = 0;
1647 goto unlock;
1648 default:
1649 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1650 err = -EOPNOTSUPP;
1651 goto unlock;
1652 }
1653
1654 err = 0;
1655
1656 /* If it is our turn to send Pairing Confirm, do so now */
1657 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1658 u8 rsp = smp_confirm(smp);
1659 if (rsp)
1660 smp_failure(conn, rsp);
1661 }
1662
1663 unlock:
1664 l2cap_chan_unlock(chan);
1665 return err;
1666 }
1667
1668 static void build_bredr_pairing_cmd(struct smp_chan *smp,
1669 struct smp_cmd_pairing *req,
1670 struct smp_cmd_pairing *rsp)
1671 {
1672 struct l2cap_conn *conn = smp->conn;
1673 struct hci_dev *hdev = conn->hcon->hdev;
1674 u8 local_dist = 0, remote_dist = 0;
1675
1676 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
1677 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1678 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1679 }
1680
1681 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
1682 remote_dist |= SMP_DIST_ID_KEY;
1683
1684 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
1685 local_dist |= SMP_DIST_ID_KEY;
1686
1687 if (!rsp) {
1688 memset(req, 0, sizeof(*req));
1689
1690 req->init_key_dist = local_dist;
1691 req->resp_key_dist = remote_dist;
1692 req->max_key_size = conn->hcon->enc_key_size;
1693
1694 smp->remote_key_dist = remote_dist;
1695
1696 return;
1697 }
1698
1699 memset(rsp, 0, sizeof(*rsp));
1700
1701 rsp->max_key_size = conn->hcon->enc_key_size;
1702 rsp->init_key_dist = req->init_key_dist & remote_dist;
1703 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1704
1705 smp->remote_key_dist = rsp->init_key_dist;
1706 }
1707
1708 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1709 {
1710 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1711 struct l2cap_chan *chan = conn->smp;
1712 struct hci_dev *hdev = conn->hcon->hdev;
1713 struct smp_chan *smp;
1714 u8 key_size, auth, sec_level;
1715 int ret;
1716
1717 BT_DBG("conn %p", conn);
1718
1719 if (skb->len < sizeof(*req))
1720 return SMP_INVALID_PARAMS;
1721
1722 if (conn->hcon->role != HCI_ROLE_SLAVE)
1723 return SMP_CMD_NOTSUPP;
1724
1725 if (!chan->data)
1726 smp = smp_chan_create(conn);
1727 else
1728 smp = chan->data;
1729
1730 if (!smp)
1731 return SMP_UNSPECIFIED;
1732
1733 /* We didn't start the pairing, so match remote */
1734 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1735
1736 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
1737 (auth & SMP_AUTH_BONDING))
1738 return SMP_PAIRING_NOTSUPP;
1739
1740 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1741 return SMP_AUTH_REQUIREMENTS;
1742
1743 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1744 memcpy(&smp->preq[1], req, sizeof(*req));
1745 skb_pull(skb, sizeof(*req));
1746
1747 /* If the remote side's OOB flag is set it means it has
1748 * successfully received our local OOB data - therefore set the
1749 * flag to indicate that local OOB is in use.
1750 */
1751 if (req->oob_flag == SMP_OOB_PRESENT)
1752 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1753
1754 /* SMP over BR/EDR requires special treatment */
1755 if (conn->hcon->type == ACL_LINK) {
1756 /* We must have a BR/EDR SC link */
1757 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1758 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
1759 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1760
1761 set_bit(SMP_FLAG_SC, &smp->flags);
1762
1763 build_bredr_pairing_cmd(smp, req, &rsp);
1764
1765 key_size = min(req->max_key_size, rsp.max_key_size);
1766 if (check_enc_key_size(conn, key_size))
1767 return SMP_ENC_KEY_SIZE;
1768
1769 /* Clear bits which are generated but not distributed */
1770 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1771
1772 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1773 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1774 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1775
1776 smp_distribute_keys(smp);
1777 return 0;
1778 }
1779
1780 build_pairing_cmd(conn, req, &rsp, auth);
1781
1782 if (rsp.auth_req & SMP_AUTH_SC)
1783 set_bit(SMP_FLAG_SC, &smp->flags);
1784
1785 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1786 sec_level = BT_SECURITY_MEDIUM;
1787 else
1788 sec_level = authreq_to_seclevel(auth);
1789
1790 if (sec_level > conn->hcon->pending_sec_level)
1791 conn->hcon->pending_sec_level = sec_level;
1792
1793 /* If we need MITM check that it can be achieved */
1794 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1795 u8 method;
1796
1797 method = get_auth_method(smp, conn->hcon->io_capability,
1798 req->io_capability);
1799 if (method == JUST_WORKS || method == JUST_CFM)
1800 return SMP_AUTH_REQUIREMENTS;
1801 }
1802
1803 key_size = min(req->max_key_size, rsp.max_key_size);
1804 if (check_enc_key_size(conn, key_size))
1805 return SMP_ENC_KEY_SIZE;
1806
1807 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1808
1809 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1810 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1811
1812 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1813
1814 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1815
1816 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1817 * SC case, however some implementations incorrectly copy RFU auth
1818 * req bits from our security request, which may create a false
1819 * positive SC enablement.
1820 */
1821 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1822
1823 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1824 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1825 /* Clear bits which are generated but not distributed */
1826 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1827 /* Wait for Public Key from Initiating Device */
1828 return 0;
1829 }
1830
1831 /* Request setup of TK */
1832 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1833 if (ret)
1834 return SMP_UNSPECIFIED;
1835
1836 return 0;
1837 }
1838
1839 static u8 sc_send_public_key(struct smp_chan *smp)
1840 {
1841 struct hci_dev *hdev = smp->conn->hcon->hdev;
1842
1843 BT_DBG("");
1844
1845 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1846 struct l2cap_chan *chan = hdev->smp_data;
1847 struct smp_dev *smp_dev;
1848
1849 if (!chan || !chan->data)
1850 return SMP_UNSPECIFIED;
1851
1852 smp_dev = chan->data;
1853
1854 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1855 memcpy(smp->local_sk, smp_dev->local_sk, 32);
1856 memcpy(smp->lr, smp_dev->local_rand, 16);
1857
1858 if (smp_dev->debug_key)
1859 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1860
1861 goto done;
1862 }
1863
1864 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
1865 BT_DBG("Using debug keys");
1866 memcpy(smp->local_pk, debug_pk, 64);
1867 memcpy(smp->local_sk, debug_sk, 32);
1868 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1869 } else {
1870 while (true) {
1871 /* Generate local key pair for Secure Connections */
1872 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1873 return SMP_UNSPECIFIED;
1874
1875 /* This is unlikely, but we need to check that
1876 * we didn't accidentially generate a debug key.
1877 */
1878 if (memcmp(smp->local_sk, debug_sk, 32))
1879 break;
1880 }
1881 }
1882
1883 done:
1884 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1885 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
1886 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1887
1888 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1889
1890 return 0;
1891 }
1892
1893 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1894 {
1895 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1896 struct l2cap_chan *chan = conn->smp;
1897 struct smp_chan *smp = chan->data;
1898 struct hci_dev *hdev = conn->hcon->hdev;
1899 u8 key_size, auth;
1900 int ret;
1901
1902 BT_DBG("conn %p", conn);
1903
1904 if (skb->len < sizeof(*rsp))
1905 return SMP_INVALID_PARAMS;
1906
1907 if (conn->hcon->role != HCI_ROLE_MASTER)
1908 return SMP_CMD_NOTSUPP;
1909
1910 skb_pull(skb, sizeof(*rsp));
1911
1912 req = (void *) &smp->preq[1];
1913
1914 key_size = min(req->max_key_size, rsp->max_key_size);
1915 if (check_enc_key_size(conn, key_size))
1916 return SMP_ENC_KEY_SIZE;
1917
1918 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1919
1920 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1921 return SMP_AUTH_REQUIREMENTS;
1922
1923 /* If the remote side's OOB flag is set it means it has
1924 * successfully received our local OOB data - therefore set the
1925 * flag to indicate that local OOB is in use.
1926 */
1927 if (rsp->oob_flag == SMP_OOB_PRESENT)
1928 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1929
1930 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1931 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1932
1933 /* Update remote key distribution in case the remote cleared
1934 * some bits that we had enabled in our request.
1935 */
1936 smp->remote_key_dist &= rsp->resp_key_dist;
1937
1938 /* For BR/EDR this means we're done and can start phase 3 */
1939 if (conn->hcon->type == ACL_LINK) {
1940 /* Clear bits which are generated but not distributed */
1941 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1942 smp_distribute_keys(smp);
1943 return 0;
1944 }
1945
1946 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1947 set_bit(SMP_FLAG_SC, &smp->flags);
1948 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1949 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1950
1951 /* If we need MITM check that it can be achieved */
1952 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1953 u8 method;
1954
1955 method = get_auth_method(smp, req->io_capability,
1956 rsp->io_capability);
1957 if (method == JUST_WORKS || method == JUST_CFM)
1958 return SMP_AUTH_REQUIREMENTS;
1959 }
1960
1961 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1962
1963 /* Update remote key distribution in case the remote cleared
1964 * some bits that we had enabled in our request.
1965 */
1966 smp->remote_key_dist &= rsp->resp_key_dist;
1967
1968 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1969 /* Clear bits which are generated but not distributed */
1970 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1971 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1972 return sc_send_public_key(smp);
1973 }
1974
1975 auth |= req->auth_req;
1976
1977 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1978 if (ret)
1979 return SMP_UNSPECIFIED;
1980
1981 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1982
1983 /* Can't compose response until we have been confirmed */
1984 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1985 return smp_confirm(smp);
1986
1987 return 0;
1988 }
1989
1990 static u8 sc_check_confirm(struct smp_chan *smp)
1991 {
1992 struct l2cap_conn *conn = smp->conn;
1993
1994 BT_DBG("");
1995
1996 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1997 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1998
1999 if (conn->hcon->out) {
2000 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2001 smp->prnd);
2002 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2003 }
2004
2005 return 0;
2006 }
2007
2008 /* Work-around for some implementations that incorrectly copy RFU bits
2009 * from our security request and thereby create the impression that
2010 * we're doing SC when in fact the remote doesn't support it.
2011 */
2012 static int fixup_sc_false_positive(struct smp_chan *smp)
2013 {
2014 struct l2cap_conn *conn = smp->conn;
2015 struct hci_conn *hcon = conn->hcon;
2016 struct hci_dev *hdev = hcon->hdev;
2017 struct smp_cmd_pairing *req, *rsp;
2018 u8 auth;
2019
2020 /* The issue is only observed when we're in slave role */
2021 if (hcon->out)
2022 return SMP_UNSPECIFIED;
2023
2024 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2025 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2026 return SMP_UNSPECIFIED;
2027 }
2028
2029 BT_ERR("Trying to fall back to legacy SMP");
2030
2031 req = (void *) &smp->preq[1];
2032 rsp = (void *) &smp->prsp[1];
2033
2034 /* Rebuild key dist flags which may have been cleared for SC */
2035 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2036
2037 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2038
2039 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2040 BT_ERR("Failed to fall back to legacy SMP");
2041 return SMP_UNSPECIFIED;
2042 }
2043
2044 clear_bit(SMP_FLAG_SC, &smp->flags);
2045
2046 return 0;
2047 }
2048
2049 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
2050 {
2051 struct l2cap_chan *chan = conn->smp;
2052 struct smp_chan *smp = chan->data;
2053
2054 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2055
2056 if (skb->len < sizeof(smp->pcnf))
2057 return SMP_INVALID_PARAMS;
2058
2059 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2060 skb_pull(skb, sizeof(smp->pcnf));
2061
2062 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2063 int ret;
2064
2065 /* Public Key exchange must happen before any other steps */
2066 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2067 return sc_check_confirm(smp);
2068
2069 BT_ERR("Unexpected SMP Pairing Confirm");
2070
2071 ret = fixup_sc_false_positive(smp);
2072 if (ret)
2073 return ret;
2074 }
2075
2076 if (conn->hcon->out) {
2077 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2078 smp->prnd);
2079 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2080 return 0;
2081 }
2082
2083 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2084 return smp_confirm(smp);
2085
2086 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2087
2088 return 0;
2089 }
2090
2091 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
2092 {
2093 struct l2cap_chan *chan = conn->smp;
2094 struct smp_chan *smp = chan->data;
2095 struct hci_conn *hcon = conn->hcon;
2096 u8 *pkax, *pkbx, *na, *nb;
2097 u32 passkey;
2098 int err;
2099
2100 BT_DBG("conn %p", conn);
2101
2102 if (skb->len < sizeof(smp->rrnd))
2103 return SMP_INVALID_PARAMS;
2104
2105 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
2106 skb_pull(skb, sizeof(smp->rrnd));
2107
2108 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2109 return smp_random(smp);
2110
2111 if (hcon->out) {
2112 pkax = smp->local_pk;
2113 pkbx = smp->remote_pk;
2114 na = smp->prnd;
2115 nb = smp->rrnd;
2116 } else {
2117 pkax = smp->remote_pk;
2118 pkbx = smp->local_pk;
2119 na = smp->rrnd;
2120 nb = smp->prnd;
2121 }
2122
2123 if (smp->method == REQ_OOB) {
2124 if (!hcon->out)
2125 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2126 sizeof(smp->prnd), smp->prnd);
2127 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2128 goto mackey_and_ltk;
2129 }
2130
2131 /* Passkey entry has special treatment */
2132 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2133 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2134
2135 if (hcon->out) {
2136 u8 cfm[16];
2137
2138 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2139 smp->rrnd, 0, cfm);
2140 if (err)
2141 return SMP_UNSPECIFIED;
2142
2143 if (memcmp(smp->pcnf, cfm, 16))
2144 return SMP_CONFIRM_FAILED;
2145 } else {
2146 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2147 smp->prnd);
2148 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2149 }
2150
2151 mackey_and_ltk:
2152 /* Generate MacKey and LTK */
2153 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2154 if (err)
2155 return SMP_UNSPECIFIED;
2156
2157 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2158 if (hcon->out) {
2159 sc_dhkey_check(smp);
2160 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2161 }
2162 return 0;
2163 }
2164
2165 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2166 if (err)
2167 return SMP_UNSPECIFIED;
2168
2169 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2170 hcon->dst_type, passkey, 0);
2171 if (err)
2172 return SMP_UNSPECIFIED;
2173
2174 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2175
2176 return 0;
2177 }
2178
2179 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2180 {
2181 struct smp_ltk *key;
2182 struct hci_conn *hcon = conn->hcon;
2183
2184 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2185 if (!key)
2186 return false;
2187
2188 if (smp_ltk_sec_level(key) < sec_level)
2189 return false;
2190
2191 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2192 return true;
2193
2194 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
2195 hcon->enc_key_size = key->enc_size;
2196
2197 /* We never store STKs for master role, so clear this flag */
2198 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2199
2200 return true;
2201 }
2202
2203 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2204 enum smp_key_pref key_pref)
2205 {
2206 if (sec_level == BT_SECURITY_LOW)
2207 return true;
2208
2209 /* If we're encrypted with an STK but the caller prefers using
2210 * LTK claim insufficient security. This way we allow the
2211 * connection to be re-encrypted with an LTK, even if the LTK
2212 * provides the same level of security. Only exception is if we
2213 * don't have an LTK (e.g. because of key distribution bits).
2214 */
2215 if (key_pref == SMP_USE_LTK &&
2216 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2217 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2218 return false;
2219
2220 if (hcon->sec_level >= sec_level)
2221 return true;
2222
2223 return false;
2224 }
2225
2226 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2227 {
2228 struct smp_cmd_security_req *rp = (void *) skb->data;
2229 struct smp_cmd_pairing cp;
2230 struct hci_conn *hcon = conn->hcon;
2231 struct hci_dev *hdev = hcon->hdev;
2232 struct smp_chan *smp;
2233 u8 sec_level, auth;
2234
2235 BT_DBG("conn %p", conn);
2236
2237 if (skb->len < sizeof(*rp))
2238 return SMP_INVALID_PARAMS;
2239
2240 if (hcon->role != HCI_ROLE_MASTER)
2241 return SMP_CMD_NOTSUPP;
2242
2243 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2244
2245 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
2246 return SMP_AUTH_REQUIREMENTS;
2247
2248 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2249 sec_level = BT_SECURITY_MEDIUM;
2250 else
2251 sec_level = authreq_to_seclevel(auth);
2252
2253 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2254 return 0;
2255
2256 if (sec_level > hcon->pending_sec_level)
2257 hcon->pending_sec_level = sec_level;
2258
2259 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2260 return 0;
2261
2262 smp = smp_chan_create(conn);
2263 if (!smp)
2264 return SMP_UNSPECIFIED;
2265
2266 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2267 (auth & SMP_AUTH_BONDING))
2268 return SMP_PAIRING_NOTSUPP;
2269
2270 skb_pull(skb, sizeof(*rp));
2271
2272 memset(&cp, 0, sizeof(cp));
2273 build_pairing_cmd(conn, &cp, NULL, auth);
2274
2275 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2276 memcpy(&smp->preq[1], &cp, sizeof(cp));
2277
2278 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2279 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2280
2281 return 0;
2282 }
2283
2284 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2285 {
2286 struct l2cap_conn *conn = hcon->l2cap_data;
2287 struct l2cap_chan *chan;
2288 struct smp_chan *smp;
2289 __u8 authreq;
2290 int ret;
2291
2292 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2293
2294 /* This may be NULL if there's an unexpected disconnection */
2295 if (!conn)
2296 return 1;
2297
2298 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2299 return 1;
2300
2301 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2302 return 1;
2303
2304 if (sec_level > hcon->pending_sec_level)
2305 hcon->pending_sec_level = sec_level;
2306
2307 if (hcon->role == HCI_ROLE_MASTER)
2308 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2309 return 0;
2310
2311 chan = conn->smp;
2312 if (!chan) {
2313 BT_ERR("SMP security requested but not available");
2314 return 1;
2315 }
2316
2317 l2cap_chan_lock(chan);
2318
2319 /* If SMP is already in progress ignore this request */
2320 if (chan->data) {
2321 ret = 0;
2322 goto unlock;
2323 }
2324
2325 smp = smp_chan_create(conn);
2326 if (!smp) {
2327 ret = 1;
2328 goto unlock;
2329 }
2330
2331 authreq = seclevel_to_authreq(sec_level);
2332
2333 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
2334 authreq |= SMP_AUTH_SC;
2335
2336 /* Require MITM if IO Capability allows or the security level
2337 * requires it.
2338 */
2339 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2340 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2341 authreq |= SMP_AUTH_MITM;
2342
2343 if (hcon->role == HCI_ROLE_MASTER) {
2344 struct smp_cmd_pairing cp;
2345
2346 build_pairing_cmd(conn, &cp, NULL, authreq);
2347 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2348 memcpy(&smp->preq[1], &cp, sizeof(cp));
2349
2350 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2351 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2352 } else {
2353 struct smp_cmd_security_req cp;
2354 cp.auth_req = authreq;
2355 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2356 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2357 }
2358
2359 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2360 ret = 0;
2361
2362 unlock:
2363 l2cap_chan_unlock(chan);
2364 return ret;
2365 }
2366
2367 void smp_cancel_pairing(struct hci_conn *hcon)
2368 {
2369 struct l2cap_conn *conn = hcon->l2cap_data;
2370 struct l2cap_chan *chan;
2371 struct smp_chan *smp;
2372
2373 if (!conn)
2374 return;
2375
2376 chan = conn->smp;
2377 if (!chan)
2378 return;
2379
2380 l2cap_chan_lock(chan);
2381
2382 smp = chan->data;
2383 if (smp) {
2384 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2385 smp_failure(conn, 0);
2386 else
2387 smp_failure(conn, SMP_UNSPECIFIED);
2388 }
2389
2390 l2cap_chan_unlock(chan);
2391 }
2392
2393 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2394 {
2395 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2396 struct l2cap_chan *chan = conn->smp;
2397 struct smp_chan *smp = chan->data;
2398
2399 BT_DBG("conn %p", conn);
2400
2401 if (skb->len < sizeof(*rp))
2402 return SMP_INVALID_PARAMS;
2403
2404 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2405
2406 skb_pull(skb, sizeof(*rp));
2407
2408 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2409
2410 return 0;
2411 }
2412
2413 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2414 {
2415 struct smp_cmd_master_ident *rp = (void *) skb->data;
2416 struct l2cap_chan *chan = conn->smp;
2417 struct smp_chan *smp = chan->data;
2418 struct hci_dev *hdev = conn->hcon->hdev;
2419 struct hci_conn *hcon = conn->hcon;
2420 struct smp_ltk *ltk;
2421 u8 authenticated;
2422
2423 BT_DBG("conn %p", conn);
2424
2425 if (skb->len < sizeof(*rp))
2426 return SMP_INVALID_PARAMS;
2427
2428 /* Mark the information as received */
2429 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2430
2431 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2432 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2433 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2434 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2435
2436 skb_pull(skb, sizeof(*rp));
2437
2438 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2439 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2440 authenticated, smp->tk, smp->enc_key_size,
2441 rp->ediv, rp->rand);
2442 smp->ltk = ltk;
2443 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2444 smp_distribute_keys(smp);
2445
2446 return 0;
2447 }
2448
2449 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2450 {
2451 struct smp_cmd_ident_info *info = (void *) skb->data;
2452 struct l2cap_chan *chan = conn->smp;
2453 struct smp_chan *smp = chan->data;
2454
2455 BT_DBG("");
2456
2457 if (skb->len < sizeof(*info))
2458 return SMP_INVALID_PARAMS;
2459
2460 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2461
2462 skb_pull(skb, sizeof(*info));
2463
2464 memcpy(smp->irk, info->irk, 16);
2465
2466 return 0;
2467 }
2468
2469 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2470 struct sk_buff *skb)
2471 {
2472 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2473 struct l2cap_chan *chan = conn->smp;
2474 struct smp_chan *smp = chan->data;
2475 struct hci_conn *hcon = conn->hcon;
2476 bdaddr_t rpa;
2477
2478 BT_DBG("");
2479
2480 if (skb->len < sizeof(*info))
2481 return SMP_INVALID_PARAMS;
2482
2483 /* Mark the information as received */
2484 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2485
2486 if (smp->remote_key_dist & SMP_DIST_SIGN)
2487 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2488
2489 skb_pull(skb, sizeof(*info));
2490
2491 /* Strictly speaking the Core Specification (4.1) allows sending
2492 * an empty address which would force us to rely on just the IRK
2493 * as "identity information". However, since such
2494 * implementations are not known of and in order to not over
2495 * complicate our implementation, simply pretend that we never
2496 * received an IRK for such a device.
2497 *
2498 * The Identity Address must also be a Static Random or Public
2499 * Address, which hci_is_identity_address() checks for.
2500 */
2501 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2502 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
2503 BT_ERR("Ignoring IRK with no identity address");
2504 goto distribute;
2505 }
2506
2507 bacpy(&smp->id_addr, &info->bdaddr);
2508 smp->id_addr_type = info->addr_type;
2509
2510 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2511 bacpy(&rpa, &hcon->dst);
2512 else
2513 bacpy(&rpa, BDADDR_ANY);
2514
2515 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2516 smp->id_addr_type, smp->irk, &rpa);
2517
2518 distribute:
2519 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2520 smp_distribute_keys(smp);
2521
2522 return 0;
2523 }
2524
2525 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2526 {
2527 struct smp_cmd_sign_info *rp = (void *) skb->data;
2528 struct l2cap_chan *chan = conn->smp;
2529 struct smp_chan *smp = chan->data;
2530 struct smp_csrk *csrk;
2531
2532 BT_DBG("conn %p", conn);
2533
2534 if (skb->len < sizeof(*rp))
2535 return SMP_INVALID_PARAMS;
2536
2537 /* Mark the information as received */
2538 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2539
2540 skb_pull(skb, sizeof(*rp));
2541
2542 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2543 if (csrk) {
2544 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2545 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2546 else
2547 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
2548 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2549 }
2550 smp->csrk = csrk;
2551 smp_distribute_keys(smp);
2552
2553 return 0;
2554 }
2555
2556 static u8 sc_select_method(struct smp_chan *smp)
2557 {
2558 struct l2cap_conn *conn = smp->conn;
2559 struct hci_conn *hcon = conn->hcon;
2560 struct smp_cmd_pairing *local, *remote;
2561 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2562
2563 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2564 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
2565 return REQ_OOB;
2566
2567 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2568 * which are needed as inputs to some crypto functions. To get
2569 * the "struct smp_cmd_pairing" from them we need to skip the
2570 * first byte which contains the opcode.
2571 */
2572 if (hcon->out) {
2573 local = (void *) &smp->preq[1];
2574 remote = (void *) &smp->prsp[1];
2575 } else {
2576 local = (void *) &smp->prsp[1];
2577 remote = (void *) &smp->preq[1];
2578 }
2579
2580 local_io = local->io_capability;
2581 remote_io = remote->io_capability;
2582
2583 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2584 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2585
2586 /* If either side wants MITM, look up the method from the table,
2587 * otherwise use JUST WORKS.
2588 */
2589 if (local_mitm || remote_mitm)
2590 method = get_auth_method(smp, local_io, remote_io);
2591 else
2592 method = JUST_WORKS;
2593
2594 /* Don't confirm locally initiated pairing attempts */
2595 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2596 method = JUST_WORKS;
2597
2598 return method;
2599 }
2600
2601 static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2602 {
2603 struct smp_cmd_public_key *key = (void *) skb->data;
2604 struct hci_conn *hcon = conn->hcon;
2605 struct l2cap_chan *chan = conn->smp;
2606 struct smp_chan *smp = chan->data;
2607 struct hci_dev *hdev = hcon->hdev;
2608 struct smp_cmd_pairing_confirm cfm;
2609 int err;
2610
2611 BT_DBG("conn %p", conn);
2612
2613 if (skb->len < sizeof(*key))
2614 return SMP_INVALID_PARAMS;
2615
2616 memcpy(smp->remote_pk, key, 64);
2617
2618 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2619 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2620 smp->rr, 0, cfm.confirm_val);
2621 if (err)
2622 return SMP_UNSPECIFIED;
2623
2624 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2625 return SMP_CONFIRM_FAILED;
2626 }
2627
2628 /* Non-initiating device sends its public key after receiving
2629 * the key from the initiating device.
2630 */
2631 if (!hcon->out) {
2632 err = sc_send_public_key(smp);
2633 if (err)
2634 return err;
2635 }
2636
2637 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2638 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
2639
2640 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2641 return SMP_UNSPECIFIED;
2642
2643 SMP_DBG("DHKey %32phN", smp->dhkey);
2644
2645 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2646
2647 smp->method = sc_select_method(smp);
2648
2649 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2650
2651 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2652 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2653 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2654 else
2655 hcon->pending_sec_level = BT_SECURITY_FIPS;
2656
2657 if (!memcmp(debug_pk, smp->remote_pk, 64))
2658 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2659
2660 if (smp->method == DSP_PASSKEY) {
2661 get_random_bytes(&hcon->passkey_notify,
2662 sizeof(hcon->passkey_notify));
2663 hcon->passkey_notify %= 1000000;
2664 hcon->passkey_entered = 0;
2665 smp->passkey_round = 0;
2666 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2667 hcon->dst_type,
2668 hcon->passkey_notify,
2669 hcon->passkey_entered))
2670 return SMP_UNSPECIFIED;
2671 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2672 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2673 }
2674
2675 if (smp->method == REQ_OOB) {
2676 if (hcon->out)
2677 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2678 sizeof(smp->prnd), smp->prnd);
2679
2680 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2681
2682 return 0;
2683 }
2684
2685 if (hcon->out)
2686 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2687
2688 if (smp->method == REQ_PASSKEY) {
2689 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2690 hcon->dst_type))
2691 return SMP_UNSPECIFIED;
2692 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2693 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2694 return 0;
2695 }
2696
2697 /* The Initiating device waits for the non-initiating device to
2698 * send the confirm value.
2699 */
2700 if (conn->hcon->out)
2701 return 0;
2702
2703 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2704 0, cfm.confirm_val);
2705 if (err)
2706 return SMP_UNSPECIFIED;
2707
2708 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2709 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2710
2711 return 0;
2712 }
2713
2714 static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2715 {
2716 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2717 struct l2cap_chan *chan = conn->smp;
2718 struct hci_conn *hcon = conn->hcon;
2719 struct smp_chan *smp = chan->data;
2720 u8 a[7], b[7], *local_addr, *remote_addr;
2721 u8 io_cap[3], r[16], e[16];
2722 int err;
2723
2724 BT_DBG("conn %p", conn);
2725
2726 if (skb->len < sizeof(*check))
2727 return SMP_INVALID_PARAMS;
2728
2729 memcpy(a, &hcon->init_addr, 6);
2730 memcpy(b, &hcon->resp_addr, 6);
2731 a[6] = hcon->init_addr_type;
2732 b[6] = hcon->resp_addr_type;
2733
2734 if (hcon->out) {
2735 local_addr = a;
2736 remote_addr = b;
2737 memcpy(io_cap, &smp->prsp[1], 3);
2738 } else {
2739 local_addr = b;
2740 remote_addr = a;
2741 memcpy(io_cap, &smp->preq[1], 3);
2742 }
2743
2744 memset(r, 0, sizeof(r));
2745
2746 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2747 put_unaligned_le32(hcon->passkey_notify, r);
2748 else if (smp->method == REQ_OOB)
2749 memcpy(r, smp->lr, 16);
2750
2751 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2752 io_cap, remote_addr, local_addr, e);
2753 if (err)
2754 return SMP_UNSPECIFIED;
2755
2756 if (memcmp(check->e, e, 16))
2757 return SMP_DHKEY_CHECK_FAILED;
2758
2759 if (!hcon->out) {
2760 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2761 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2762 return 0;
2763 }
2764
2765 /* Slave sends DHKey check as response to master */
2766 sc_dhkey_check(smp);
2767 }
2768
2769 sc_add_ltk(smp);
2770
2771 if (hcon->out) {
2772 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
2773 hcon->enc_key_size = smp->enc_key_size;
2774 }
2775
2776 return 0;
2777 }
2778
2779 static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2780 struct sk_buff *skb)
2781 {
2782 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2783
2784 BT_DBG("value 0x%02x", kp->value);
2785
2786 return 0;
2787 }
2788
2789 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2790 {
2791 struct l2cap_conn *conn = chan->conn;
2792 struct hci_conn *hcon = conn->hcon;
2793 struct smp_chan *smp;
2794 __u8 code, reason;
2795 int err = 0;
2796
2797 if (skb->len < 1)
2798 return -EILSEQ;
2799
2800 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2801 reason = SMP_PAIRING_NOTSUPP;
2802 goto done;
2803 }
2804
2805 code = skb->data[0];
2806 skb_pull(skb, sizeof(code));
2807
2808 smp = chan->data;
2809
2810 if (code > SMP_CMD_MAX)
2811 goto drop;
2812
2813 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2814 goto drop;
2815
2816 /* If we don't have a context the only allowed commands are
2817 * pairing request and security request.
2818 */
2819 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2820 goto drop;
2821
2822 switch (code) {
2823 case SMP_CMD_PAIRING_REQ:
2824 reason = smp_cmd_pairing_req(conn, skb);
2825 break;
2826
2827 case SMP_CMD_PAIRING_FAIL:
2828 smp_failure(conn, 0);
2829 err = -EPERM;
2830 break;
2831
2832 case SMP_CMD_PAIRING_RSP:
2833 reason = smp_cmd_pairing_rsp(conn, skb);
2834 break;
2835
2836 case SMP_CMD_SECURITY_REQ:
2837 reason = smp_cmd_security_req(conn, skb);
2838 break;
2839
2840 case SMP_CMD_PAIRING_CONFIRM:
2841 reason = smp_cmd_pairing_confirm(conn, skb);
2842 break;
2843
2844 case SMP_CMD_PAIRING_RANDOM:
2845 reason = smp_cmd_pairing_random(conn, skb);
2846 break;
2847
2848 case SMP_CMD_ENCRYPT_INFO:
2849 reason = smp_cmd_encrypt_info(conn, skb);
2850 break;
2851
2852 case SMP_CMD_MASTER_IDENT:
2853 reason = smp_cmd_master_ident(conn, skb);
2854 break;
2855
2856 case SMP_CMD_IDENT_INFO:
2857 reason = smp_cmd_ident_info(conn, skb);
2858 break;
2859
2860 case SMP_CMD_IDENT_ADDR_INFO:
2861 reason = smp_cmd_ident_addr_info(conn, skb);
2862 break;
2863
2864 case SMP_CMD_SIGN_INFO:
2865 reason = smp_cmd_sign_info(conn, skb);
2866 break;
2867
2868 case SMP_CMD_PUBLIC_KEY:
2869 reason = smp_cmd_public_key(conn, skb);
2870 break;
2871
2872 case SMP_CMD_DHKEY_CHECK:
2873 reason = smp_cmd_dhkey_check(conn, skb);
2874 break;
2875
2876 case SMP_CMD_KEYPRESS_NOTIFY:
2877 reason = smp_cmd_keypress_notify(conn, skb);
2878 break;
2879
2880 default:
2881 BT_DBG("Unknown command code 0x%2.2x", code);
2882 reason = SMP_CMD_NOTSUPP;
2883 goto done;
2884 }
2885
2886 done:
2887 if (!err) {
2888 if (reason)
2889 smp_failure(conn, reason);
2890 kfree_skb(skb);
2891 }
2892
2893 return err;
2894
2895 drop:
2896 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2897 code, &hcon->dst);
2898 kfree_skb(skb);
2899 return 0;
2900 }
2901
2902 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2903 {
2904 struct l2cap_conn *conn = chan->conn;
2905
2906 BT_DBG("chan %p", chan);
2907
2908 if (chan->data)
2909 smp_chan_destroy(conn);
2910
2911 conn->smp = NULL;
2912 l2cap_chan_put(chan);
2913 }
2914
2915 static void bredr_pairing(struct l2cap_chan *chan)
2916 {
2917 struct l2cap_conn *conn = chan->conn;
2918 struct hci_conn *hcon = conn->hcon;
2919 struct hci_dev *hdev = hcon->hdev;
2920 struct smp_cmd_pairing req;
2921 struct smp_chan *smp;
2922
2923 BT_DBG("chan %p", chan);
2924
2925 /* Only new pairings are interesting */
2926 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2927 return;
2928
2929 /* Don't bother if we're not encrypted */
2930 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2931 return;
2932
2933 /* Only master may initiate SMP over BR/EDR */
2934 if (hcon->role != HCI_ROLE_MASTER)
2935 return;
2936
2937 /* Secure Connections support must be enabled */
2938 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
2939 return;
2940
2941 /* BR/EDR must use Secure Connections for SMP */
2942 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2943 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
2944 return;
2945
2946 /* If our LE support is not enabled don't do anything */
2947 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2948 return;
2949
2950 /* Don't bother if remote LE support is not enabled */
2951 if (!lmp_host_le_capable(hcon))
2952 return;
2953
2954 /* Remote must support SMP fixed chan for BR/EDR */
2955 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2956 return;
2957
2958 /* Don't bother if SMP is already ongoing */
2959 if (chan->data)
2960 return;
2961
2962 smp = smp_chan_create(conn);
2963 if (!smp) {
2964 BT_ERR("%s unable to create SMP context for BR/EDR",
2965 hdev->name);
2966 return;
2967 }
2968
2969 set_bit(SMP_FLAG_SC, &smp->flags);
2970
2971 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2972
2973 /* Prepare and send the BR/EDR SMP Pairing Request */
2974 build_bredr_pairing_cmd(smp, &req, NULL);
2975
2976 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2977 memcpy(&smp->preq[1], &req, sizeof(req));
2978
2979 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2980 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2981 }
2982
2983 static void smp_resume_cb(struct l2cap_chan *chan)
2984 {
2985 struct smp_chan *smp = chan->data;
2986 struct l2cap_conn *conn = chan->conn;
2987 struct hci_conn *hcon = conn->hcon;
2988
2989 BT_DBG("chan %p", chan);
2990
2991 if (hcon->type == ACL_LINK) {
2992 bredr_pairing(chan);
2993 return;
2994 }
2995
2996 if (!smp)
2997 return;
2998
2999 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3000 return;
3001
3002 cancel_delayed_work(&smp->security_timer);
3003
3004 smp_distribute_keys(smp);
3005 }
3006
3007 static void smp_ready_cb(struct l2cap_chan *chan)
3008 {
3009 struct l2cap_conn *conn = chan->conn;
3010 struct hci_conn *hcon = conn->hcon;
3011
3012 BT_DBG("chan %p", chan);
3013
3014 /* No need to call l2cap_chan_hold() here since we already own
3015 * the reference taken in smp_new_conn_cb(). This is just the
3016 * first time that we tie it to a specific pointer. The code in
3017 * l2cap_core.c ensures that there's no risk this function wont
3018 * get called if smp_new_conn_cb was previously called.
3019 */
3020 conn->smp = chan;
3021
3022 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3023 bredr_pairing(chan);
3024 }
3025
3026 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3027 {
3028 int err;
3029
3030 BT_DBG("chan %p", chan);
3031
3032 err = smp_sig_channel(chan, skb);
3033 if (err) {
3034 struct smp_chan *smp = chan->data;
3035
3036 if (smp)
3037 cancel_delayed_work_sync(&smp->security_timer);
3038
3039 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
3040 }
3041
3042 return err;
3043 }
3044
3045 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3046 unsigned long hdr_len,
3047 unsigned long len, int nb)
3048 {
3049 struct sk_buff *skb;
3050
3051 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3052 if (!skb)
3053 return ERR_PTR(-ENOMEM);
3054
3055 skb->priority = HCI_PRIO_MAX;
3056 bt_cb(skb)->l2cap.chan = chan;
3057
3058 return skb;
3059 }
3060
3061 static const struct l2cap_ops smp_chan_ops = {
3062 .name = "Security Manager",
3063 .ready = smp_ready_cb,
3064 .recv = smp_recv_cb,
3065 .alloc_skb = smp_alloc_skb_cb,
3066 .teardown = smp_teardown_cb,
3067 .resume = smp_resume_cb,
3068
3069 .new_connection = l2cap_chan_no_new_connection,
3070 .state_change = l2cap_chan_no_state_change,
3071 .close = l2cap_chan_no_close,
3072 .defer = l2cap_chan_no_defer,
3073 .suspend = l2cap_chan_no_suspend,
3074 .set_shutdown = l2cap_chan_no_set_shutdown,
3075 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3076 };
3077
3078 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3079 {
3080 struct l2cap_chan *chan;
3081
3082 BT_DBG("pchan %p", pchan);
3083
3084 chan = l2cap_chan_create();
3085 if (!chan)
3086 return NULL;
3087
3088 chan->chan_type = pchan->chan_type;
3089 chan->ops = &smp_chan_ops;
3090 chan->scid = pchan->scid;
3091 chan->dcid = chan->scid;
3092 chan->imtu = pchan->imtu;
3093 chan->omtu = pchan->omtu;
3094 chan->mode = pchan->mode;
3095
3096 /* Other L2CAP channels may request SMP routines in order to
3097 * change the security level. This means that the SMP channel
3098 * lock must be considered in its own category to avoid lockdep
3099 * warnings.
3100 */
3101 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3102
3103 BT_DBG("created chan %p", chan);
3104
3105 return chan;
3106 }
3107
3108 static const struct l2cap_ops smp_root_chan_ops = {
3109 .name = "Security Manager Root",
3110 .new_connection = smp_new_conn_cb,
3111
3112 /* None of these are implemented for the root channel */
3113 .close = l2cap_chan_no_close,
3114 .alloc_skb = l2cap_chan_no_alloc_skb,
3115 .recv = l2cap_chan_no_recv,
3116 .state_change = l2cap_chan_no_state_change,
3117 .teardown = l2cap_chan_no_teardown,
3118 .ready = l2cap_chan_no_ready,
3119 .defer = l2cap_chan_no_defer,
3120 .suspend = l2cap_chan_no_suspend,
3121 .resume = l2cap_chan_no_resume,
3122 .set_shutdown = l2cap_chan_no_set_shutdown,
3123 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3124 };
3125
3126 static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
3127 {
3128 struct l2cap_chan *chan;
3129 struct smp_dev *smp;
3130 struct crypto_blkcipher *tfm_aes;
3131 struct crypto_hash *tfm_cmac;
3132
3133 if (cid == L2CAP_CID_SMP_BREDR) {
3134 smp = NULL;
3135 goto create_chan;
3136 }
3137
3138 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3139 if (!smp)
3140 return ERR_PTR(-ENOMEM);
3141
3142 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3143 if (IS_ERR(tfm_aes)) {
3144 BT_ERR("Unable to create ECB crypto context");
3145 kzfree(smp);
3146 return ERR_CAST(tfm_aes);
3147 }
3148
3149 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3150 if (IS_ERR(tfm_cmac)) {
3151 BT_ERR("Unable to create CMAC crypto context");
3152 crypto_free_blkcipher(tfm_aes);
3153 kzfree(smp);
3154 return ERR_CAST(tfm_cmac);
3155 }
3156
3157 smp->tfm_aes = tfm_aes;
3158 smp->tfm_cmac = tfm_cmac;
3159 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
3160 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
3161
3162 create_chan:
3163 chan = l2cap_chan_create();
3164 if (!chan) {
3165 if (smp) {
3166 crypto_free_blkcipher(smp->tfm_aes);
3167 crypto_free_hash(smp->tfm_cmac);
3168 kzfree(smp);
3169 }
3170 return ERR_PTR(-ENOMEM);
3171 }
3172
3173 chan->data = smp;
3174
3175 l2cap_add_scid(chan, cid);
3176
3177 l2cap_chan_set_defaults(chan);
3178
3179 if (cid == L2CAP_CID_SMP) {
3180 u8 bdaddr_type;
3181
3182 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3183
3184 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
3185 chan->src_type = BDADDR_LE_PUBLIC;
3186 else
3187 chan->src_type = BDADDR_LE_RANDOM;
3188 } else {
3189 bacpy(&chan->src, &hdev->bdaddr);
3190 chan->src_type = BDADDR_BREDR;
3191 }
3192
3193 chan->state = BT_LISTEN;
3194 chan->mode = L2CAP_MODE_BASIC;
3195 chan->imtu = L2CAP_DEFAULT_MTU;
3196 chan->ops = &smp_root_chan_ops;
3197
3198 /* Set correct nesting level for a parent/listening channel */
3199 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3200
3201 return chan;
3202 }
3203
3204 static void smp_del_chan(struct l2cap_chan *chan)
3205 {
3206 struct smp_dev *smp;
3207
3208 BT_DBG("chan %p", chan);
3209
3210 smp = chan->data;
3211 if (smp) {
3212 chan->data = NULL;
3213 if (smp->tfm_aes)
3214 crypto_free_blkcipher(smp->tfm_aes);
3215 if (smp->tfm_cmac)
3216 crypto_free_hash(smp->tfm_cmac);
3217 kzfree(smp);
3218 }
3219
3220 l2cap_chan_put(chan);
3221 }
3222
3223 static ssize_t force_bredr_smp_read(struct file *file,
3224 char __user *user_buf,
3225 size_t count, loff_t *ppos)
3226 {
3227 struct hci_dev *hdev = file->private_data;
3228 char buf[3];
3229
3230 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
3231 buf[1] = '\n';
3232 buf[2] = '\0';
3233 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3234 }
3235
3236 static ssize_t force_bredr_smp_write(struct file *file,
3237 const char __user *user_buf,
3238 size_t count, loff_t *ppos)
3239 {
3240 struct hci_dev *hdev = file->private_data;
3241 char buf[32];
3242 size_t buf_size = min(count, (sizeof(buf)-1));
3243 bool enable;
3244
3245 if (copy_from_user(buf, user_buf, buf_size))
3246 return -EFAULT;
3247
3248 buf[buf_size] = '\0';
3249 if (strtobool(buf, &enable))
3250 return -EINVAL;
3251
3252 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3253 return -EALREADY;
3254
3255 if (enable) {
3256 struct l2cap_chan *chan;
3257
3258 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3259 if (IS_ERR(chan))
3260 return PTR_ERR(chan);
3261
3262 hdev->smp_bredr_data = chan;
3263 } else {
3264 struct l2cap_chan *chan;
3265
3266 chan = hdev->smp_bredr_data;
3267 hdev->smp_bredr_data = NULL;
3268 smp_del_chan(chan);
3269 }
3270
3271 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
3272
3273 return count;
3274 }
3275
3276 static const struct file_operations force_bredr_smp_fops = {
3277 .open = simple_open,
3278 .read = force_bredr_smp_read,
3279 .write = force_bredr_smp_write,
3280 .llseek = default_llseek,
3281 };
3282
3283 static ssize_t le_min_key_size_read(struct file *file,
3284 char __user *user_buf,
3285 size_t count, loff_t *ppos)
3286 {
3287 struct hci_dev *hdev = file->private_data;
3288 char buf[4];
3289
3290 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3291
3292 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3293 }
3294
3295 static ssize_t le_min_key_size_write(struct file *file,
3296 const char __user *user_buf,
3297 size_t count, loff_t *ppos)
3298 {
3299 struct hci_dev *hdev = file->private_data;
3300 char buf[32];
3301 size_t buf_size = min(count, (sizeof(buf) - 1));
3302 u8 key_size;
3303
3304 if (copy_from_user(buf, user_buf, buf_size))
3305 return -EFAULT;
3306
3307 buf[buf_size] = '\0';
3308
3309 sscanf(buf, "%hhu", &key_size);
3310
3311 if (key_size > SMP_DEV(hdev)->max_key_size ||
3312 key_size < SMP_MIN_ENC_KEY_SIZE)
3313 return -EINVAL;
3314
3315 SMP_DEV(hdev)->min_key_size = key_size;
3316
3317 return count;
3318 }
3319
3320 static const struct file_operations le_min_key_size_fops = {
3321 .open = simple_open,
3322 .read = le_min_key_size_read,
3323 .write = le_min_key_size_write,
3324 .llseek = default_llseek,
3325 };
3326
3327 static ssize_t le_max_key_size_read(struct file *file,
3328 char __user *user_buf,
3329 size_t count, loff_t *ppos)
3330 {
3331 struct hci_dev *hdev = file->private_data;
3332 char buf[4];
3333
3334 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3335
3336 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3337 }
3338
3339 static ssize_t le_max_key_size_write(struct file *file,
3340 const char __user *user_buf,
3341 size_t count, loff_t *ppos)
3342 {
3343 struct hci_dev *hdev = file->private_data;
3344 char buf[32];
3345 size_t buf_size = min(count, (sizeof(buf) - 1));
3346 u8 key_size;
3347
3348 if (copy_from_user(buf, user_buf, buf_size))
3349 return -EFAULT;
3350
3351 buf[buf_size] = '\0';
3352
3353 sscanf(buf, "%hhu", &key_size);
3354
3355 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3356 key_size < SMP_DEV(hdev)->min_key_size)
3357 return -EINVAL;
3358
3359 SMP_DEV(hdev)->max_key_size = key_size;
3360
3361 return count;
3362 }
3363
3364 static const struct file_operations le_max_key_size_fops = {
3365 .open = simple_open,
3366 .read = le_max_key_size_read,
3367 .write = le_max_key_size_write,
3368 .llseek = default_llseek,
3369 };
3370
3371 int smp_register(struct hci_dev *hdev)
3372 {
3373 struct l2cap_chan *chan;
3374
3375 BT_DBG("%s", hdev->name);
3376
3377 /* If the controller does not support Low Energy operation, then
3378 * there is also no need to register any SMP channel.
3379 */
3380 if (!lmp_le_capable(hdev))
3381 return 0;
3382
3383 if (WARN_ON(hdev->smp_data)) {
3384 chan = hdev->smp_data;
3385 hdev->smp_data = NULL;
3386 smp_del_chan(chan);
3387 }
3388
3389 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3390 if (IS_ERR(chan))
3391 return PTR_ERR(chan);
3392
3393 hdev->smp_data = chan;
3394
3395 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3396 &le_min_key_size_fops);
3397 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3398 &le_max_key_size_fops);
3399
3400 /* If the controller does not support BR/EDR Secure Connections
3401 * feature, then the BR/EDR SMP channel shall not be present.
3402 *
3403 * To test this with Bluetooth 4.0 controllers, create a debugfs
3404 * switch that allows forcing BR/EDR SMP support and accepting
3405 * cross-transport pairing on non-AES encrypted connections.
3406 */
3407 if (!lmp_sc_capable(hdev)) {
3408 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3409 hdev, &force_bredr_smp_fops);
3410 return 0;
3411 }
3412
3413 if (WARN_ON(hdev->smp_bredr_data)) {
3414 chan = hdev->smp_bredr_data;
3415 hdev->smp_bredr_data = NULL;
3416 smp_del_chan(chan);
3417 }
3418
3419 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3420 if (IS_ERR(chan)) {
3421 int err = PTR_ERR(chan);
3422 chan = hdev->smp_data;
3423 hdev->smp_data = NULL;
3424 smp_del_chan(chan);
3425 return err;
3426 }
3427
3428 hdev->smp_bredr_data = chan;
3429
3430 return 0;
3431 }
3432
3433 void smp_unregister(struct hci_dev *hdev)
3434 {
3435 struct l2cap_chan *chan;
3436
3437 if (hdev->smp_bredr_data) {
3438 chan = hdev->smp_bredr_data;
3439 hdev->smp_bredr_data = NULL;
3440 smp_del_chan(chan);
3441 }
3442
3443 if (hdev->smp_data) {
3444 chan = hdev->smp_data;
3445 hdev->smp_data = NULL;
3446 smp_del_chan(chan);
3447 }
3448 }
3449
3450 #if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3451
3452 static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3453 {
3454 const u8 irk[16] = {
3455 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3456 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3457 const u8 r[3] = { 0x94, 0x81, 0x70 };
3458 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3459 u8 res[3];
3460 int err;
3461
3462 err = smp_ah(tfm_aes, irk, r, res);
3463 if (err)
3464 return err;
3465
3466 if (memcmp(res, exp, 3))
3467 return -EINVAL;
3468
3469 return 0;
3470 }
3471
3472 static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3473 {
3474 const u8 k[16] = {
3475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3477 const u8 r[16] = {
3478 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3479 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3480 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3481 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3482 const u8 _iat = 0x01;
3483 const u8 _rat = 0x00;
3484 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3485 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3486 const u8 exp[16] = {
3487 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3488 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3489 u8 res[16];
3490 int err;
3491
3492 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3493 if (err)
3494 return err;
3495
3496 if (memcmp(res, exp, 16))
3497 return -EINVAL;
3498
3499 return 0;
3500 }
3501
3502 static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3503 {
3504 const u8 k[16] = {
3505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3507 const u8 r1[16] = {
3508 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3509 const u8 r2[16] = {
3510 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3511 const u8 exp[16] = {
3512 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3513 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3514 u8 res[16];
3515 int err;
3516
3517 err = smp_s1(tfm_aes, k, r1, r2, res);
3518 if (err)
3519 return err;
3520
3521 if (memcmp(res, exp, 16))
3522 return -EINVAL;
3523
3524 return 0;
3525 }
3526
3527 static int __init test_f4(struct crypto_hash *tfm_cmac)
3528 {
3529 const u8 u[32] = {
3530 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3531 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3532 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3533 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3534 const u8 v[32] = {
3535 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3536 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3537 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3538 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3539 const u8 x[16] = {
3540 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3541 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3542 const u8 z = 0x00;
3543 const u8 exp[16] = {
3544 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3545 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3546 u8 res[16];
3547 int err;
3548
3549 err = smp_f4(tfm_cmac, u, v, x, z, res);
3550 if (err)
3551 return err;
3552
3553 if (memcmp(res, exp, 16))
3554 return -EINVAL;
3555
3556 return 0;
3557 }
3558
3559 static int __init test_f5(struct crypto_hash *tfm_cmac)
3560 {
3561 const u8 w[32] = {
3562 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3563 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3564 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3565 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3566 const u8 n1[16] = {
3567 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3568 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3569 const u8 n2[16] = {
3570 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3571 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3572 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3573 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3574 const u8 exp_ltk[16] = {
3575 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3576 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3577 const u8 exp_mackey[16] = {
3578 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3579 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3580 u8 mackey[16], ltk[16];
3581 int err;
3582
3583 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3584 if (err)
3585 return err;
3586
3587 if (memcmp(mackey, exp_mackey, 16))
3588 return -EINVAL;
3589
3590 if (memcmp(ltk, exp_ltk, 16))
3591 return -EINVAL;
3592
3593 return 0;
3594 }
3595
3596 static int __init test_f6(struct crypto_hash *tfm_cmac)
3597 {
3598 const u8 w[16] = {
3599 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3600 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3601 const u8 n1[16] = {
3602 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3603 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3604 const u8 n2[16] = {
3605 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3606 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3607 const u8 r[16] = {
3608 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3609 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3610 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3611 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3612 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3613 const u8 exp[16] = {
3614 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3615 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3616 u8 res[16];
3617 int err;
3618
3619 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3620 if (err)
3621 return err;
3622
3623 if (memcmp(res, exp, 16))
3624 return -EINVAL;
3625
3626 return 0;
3627 }
3628
3629 static int __init test_g2(struct crypto_hash *tfm_cmac)
3630 {
3631 const u8 u[32] = {
3632 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3633 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3634 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3635 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3636 const u8 v[32] = {
3637 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3638 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3639 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3640 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3641 const u8 x[16] = {
3642 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3643 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3644 const u8 y[16] = {
3645 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3646 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3647 const u32 exp_val = 0x2f9ed5ba % 1000000;
3648 u32 val;
3649 int err;
3650
3651 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3652 if (err)
3653 return err;
3654
3655 if (val != exp_val)
3656 return -EINVAL;
3657
3658 return 0;
3659 }
3660
3661 static int __init test_h6(struct crypto_hash *tfm_cmac)
3662 {
3663 const u8 w[16] = {
3664 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3665 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3666 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3667 const u8 exp[16] = {
3668 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3669 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3670 u8 res[16];
3671 int err;
3672
3673 err = smp_h6(tfm_cmac, w, key_id, res);
3674 if (err)
3675 return err;
3676
3677 if (memcmp(res, exp, 16))
3678 return -EINVAL;
3679
3680 return 0;
3681 }
3682
3683 static char test_smp_buffer[32];
3684
3685 static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3686 size_t count, loff_t *ppos)
3687 {
3688 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3689 strlen(test_smp_buffer));
3690 }
3691
3692 static const struct file_operations test_smp_fops = {
3693 .open = simple_open,
3694 .read = test_smp_read,
3695 .llseek = default_llseek,
3696 };
3697
3698 static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3699 struct crypto_hash *tfm_cmac)
3700 {
3701 ktime_t calltime, delta, rettime;
3702 unsigned long long duration;
3703 int err;
3704
3705 calltime = ktime_get();
3706
3707 err = test_ah(tfm_aes);
3708 if (err) {
3709 BT_ERR("smp_ah test failed");
3710 goto done;
3711 }
3712
3713 err = test_c1(tfm_aes);
3714 if (err) {
3715 BT_ERR("smp_c1 test failed");
3716 goto done;
3717 }
3718
3719 err = test_s1(tfm_aes);
3720 if (err) {
3721 BT_ERR("smp_s1 test failed");
3722 goto done;
3723 }
3724
3725 err = test_f4(tfm_cmac);
3726 if (err) {
3727 BT_ERR("smp_f4 test failed");
3728 goto done;
3729 }
3730
3731 err = test_f5(tfm_cmac);
3732 if (err) {
3733 BT_ERR("smp_f5 test failed");
3734 goto done;
3735 }
3736
3737 err = test_f6(tfm_cmac);
3738 if (err) {
3739 BT_ERR("smp_f6 test failed");
3740 goto done;
3741 }
3742
3743 err = test_g2(tfm_cmac);
3744 if (err) {
3745 BT_ERR("smp_g2 test failed");
3746 goto done;
3747 }
3748
3749 err = test_h6(tfm_cmac);
3750 if (err) {
3751 BT_ERR("smp_h6 test failed");
3752 goto done;
3753 }
3754
3755 rettime = ktime_get();
3756 delta = ktime_sub(rettime, calltime);
3757 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3758
3759 BT_INFO("SMP test passed in %llu usecs", duration);
3760
3761 done:
3762 if (!err)
3763 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3764 "PASS (%llu usecs)\n", duration);
3765 else
3766 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3767
3768 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3769 &test_smp_fops);
3770
3771 return err;
3772 }
3773
3774 int __init bt_selftest_smp(void)
3775 {
3776 struct crypto_blkcipher *tfm_aes;
3777 struct crypto_hash *tfm_cmac;
3778 int err;
3779
3780 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3781 if (IS_ERR(tfm_aes)) {
3782 BT_ERR("Unable to create ECB crypto context");
3783 return PTR_ERR(tfm_aes);
3784 }
3785
3786 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3787 if (IS_ERR(tfm_cmac)) {
3788 BT_ERR("Unable to create CMAC crypto context");
3789 crypto_free_blkcipher(tfm_aes);
3790 return PTR_ERR(tfm_cmac);
3791 }
3792
3793 err = run_selftests(tfm_aes, tfm_cmac);
3794
3795 crypto_free_hash(tfm_cmac);
3796 crypto_free_blkcipher(tfm_aes);
3797
3798 return err;
3799 }
3800
3801 #endif
Linux kernel - Deliverables
This page took 0.13973 seconds and 6 git commands to generate.