2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/debugfs.h>
24 #include <linux/crypto.h>
25 #include <linux/scatterlist.h>
26 #include <crypto/b128ops.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Low-level debug macros to be used for stuff that we don't want
37 * accidentially in dmesg, i.e. the values of the various crypto keys
38 * and the inputs & outputs of crypto functions.
41 #define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
44 #define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
50 /* Keys which are not distributed with Secure Connections */
51 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
53 #define SMP_TIMEOUT msecs_to_jiffies(30000)
55 #define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
57 #define KEY_DIST_MASK 0x07
59 /* Maximum message length that can be passed to aes_cmac */
60 #define CMAC_MSG_MAX 80
72 SMP_FLAG_DHKEY_PENDING
,
77 /* Secure Connections OOB data */
83 struct crypto_blkcipher
*tfm_aes
;
84 struct crypto_hash
*tfm_cmac
;
88 struct l2cap_conn
*conn
;
89 struct delayed_work security_timer
;
90 unsigned long allow_cmd
; /* Bitmask of allowed commands */
92 u8 preq
[7]; /* SMP Pairing Request */
93 u8 prsp
[7]; /* SMP Pairing Response */
94 u8 prnd
[16]; /* SMP Pairing Random (local) */
95 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
96 u8 pcnf
[16]; /* SMP Pairing Confirm */
97 u8 tk
[16]; /* SMP Temporary Key */
98 u8 rr
[16]; /* Remote OOB ra/rb value */
99 u8 lr
[16]; /* Local OOB ra/rb value */
105 struct smp_csrk
*csrk
;
106 struct smp_csrk
*slave_csrk
;
108 struct smp_ltk
*slave_ltk
;
109 struct smp_irk
*remote_irk
;
115 /* Secure Connections variables */
122 struct crypto_blkcipher
*tfm_aes
;
123 struct crypto_hash
*tfm_cmac
;
126 /* These debug key values are defined in the SMP section of the core
127 * specification. debug_pk is the public debug key and debug_sk the
130 static const u8 debug_pk
[64] = {
131 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
132 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
133 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
134 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
136 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
137 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
138 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
139 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
142 static const u8 debug_sk
[32] = {
143 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
144 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
145 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
146 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
149 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
153 for (i
= 0; i
< len
; i
++)
154 dst
[len
- 1 - i
] = src
[i
];
157 /* The following functions map to the LE SC SMP crypto functions
158 * AES-CMAC, f4, f5, f6, g2 and h6.
161 static int aes_cmac(struct crypto_hash
*tfm
, const u8 k
[16], const u8
*m
,
162 size_t len
, u8 mac
[16])
164 uint8_t tmp
[16], mac_msb
[16], msg_msb
[CMAC_MSG_MAX
];
165 struct hash_desc desc
;
166 struct scatterlist sg
;
169 if (len
> CMAC_MSG_MAX
)
173 BT_ERR("tfm %p", tfm
);
180 crypto_hash_init(&desc
);
182 /* Swap key and message from LSB to MSB */
183 swap_buf(k
, tmp
, 16);
184 swap_buf(m
, msg_msb
, len
);
186 SMP_DBG("msg (len %zu) %*phN", len
, (int) len
, m
);
187 SMP_DBG("key %16phN", k
);
189 err
= crypto_hash_setkey(tfm
, tmp
, 16);
191 BT_ERR("cipher setkey failed: %d", err
);
195 sg_init_one(&sg
, msg_msb
, len
);
197 err
= crypto_hash_update(&desc
, &sg
, len
);
199 BT_ERR("Hash update error %d", err
);
203 err
= crypto_hash_final(&desc
, mac_msb
);
205 BT_ERR("Hash final error %d", err
);
209 swap_buf(mac_msb
, mac
, 16);
211 SMP_DBG("mac %16phN", mac
);
216 static int smp_f4(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
217 const u8 x
[16], u8 z
, u8 res
[16])
222 SMP_DBG("u %32phN", u
);
223 SMP_DBG("v %32phN", v
);
224 SMP_DBG("x %16phN z %02x", x
, z
);
227 memcpy(m
+ 1, v
, 32);
228 memcpy(m
+ 33, u
, 32);
230 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), res
);
234 SMP_DBG("res %16phN", res
);
239 static int smp_f5(struct crypto_hash
*tfm_cmac
, const u8 w
[32],
240 const u8 n1
[16], const u8 n2
[16], const u8 a1
[7],
241 const u8 a2
[7], u8 mackey
[16], u8 ltk
[16])
243 /* The btle, salt and length "magic" values are as defined in
244 * the SMP section of the Bluetooth core specification. In ASCII
245 * the btle value ends up being 'btle'. The salt is just a
246 * random number whereas length is the value 256 in little
249 const u8 btle
[4] = { 0x65, 0x6c, 0x74, 0x62 };
250 const u8 salt
[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
251 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
252 const u8 length
[2] = { 0x00, 0x01 };
256 SMP_DBG("w %32phN", w
);
257 SMP_DBG("n1 %16phN n2 %16phN", n1
, n2
);
258 SMP_DBG("a1 %7phN a2 %7phN", a1
, a2
);
260 err
= aes_cmac(tfm_cmac
, salt
, w
, 32, t
);
264 SMP_DBG("t %16phN", t
);
266 memcpy(m
, length
, 2);
267 memcpy(m
+ 2, a2
, 7);
268 memcpy(m
+ 9, a1
, 7);
269 memcpy(m
+ 16, n2
, 16);
270 memcpy(m
+ 32, n1
, 16);
271 memcpy(m
+ 48, btle
, 4);
273 m
[52] = 0; /* Counter */
275 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), mackey
);
279 SMP_DBG("mackey %16phN", mackey
);
281 m
[52] = 1; /* Counter */
283 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), ltk
);
287 SMP_DBG("ltk %16phN", ltk
);
292 static int smp_f6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
293 const u8 n1
[16], const u8 n2
[16], const u8 r
[16],
294 const u8 io_cap
[3], const u8 a1
[7], const u8 a2
[7],
300 SMP_DBG("w %16phN", w
);
301 SMP_DBG("n1 %16phN n2 %16phN", n1
, n2
);
302 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r
, io_cap
, a1
, a2
);
305 memcpy(m
+ 7, a1
, 7);
306 memcpy(m
+ 14, io_cap
, 3);
307 memcpy(m
+ 17, r
, 16);
308 memcpy(m
+ 33, n2
, 16);
309 memcpy(m
+ 49, n1
, 16);
311 err
= aes_cmac(tfm_cmac
, w
, m
, sizeof(m
), res
);
315 SMP_DBG("res %16phN", res
);
320 static int smp_g2(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
321 const u8 x
[16], const u8 y
[16], u32
*val
)
326 SMP_DBG("u %32phN", u
);
327 SMP_DBG("v %32phN", v
);
328 SMP_DBG("x %16phN y %16phN", x
, y
);
331 memcpy(m
+ 16, v
, 32);
332 memcpy(m
+ 48, u
, 32);
334 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), tmp
);
338 *val
= get_unaligned_le32(tmp
);
341 SMP_DBG("val %06u", *val
);
346 static int smp_h6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
347 const u8 key_id
[4], u8 res
[16])
351 SMP_DBG("w %16phN key_id %4phN", w
, key_id
);
353 err
= aes_cmac(tfm_cmac
, w
, key_id
, 4, res
);
357 SMP_DBG("res %16phN", res
);
362 /* The following functions map to the legacy SMP crypto functions e, c1,
366 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
368 struct blkcipher_desc desc
;
369 struct scatterlist sg
;
370 uint8_t tmp
[16], data
[16];
374 BT_ERR("tfm %p", tfm
);
381 /* The most significant octet of key corresponds to k[0] */
382 swap_buf(k
, tmp
, 16);
384 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
386 BT_ERR("cipher setkey failed: %d", err
);
390 /* Most significant octet of plaintextData corresponds to data[0] */
391 swap_buf(r
, data
, 16);
393 sg_init_one(&sg
, data
, 16);
395 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
397 BT_ERR("Encrypt data error %d", err
);
399 /* Most significant octet of encryptedData corresponds to data[0] */
400 swap_buf(data
, r
, 16);
405 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, const u8 k
[16],
406 const u8 r
[16], const u8 preq
[7], const u8 pres
[7], u8 _iat
,
407 const bdaddr_t
*ia
, u8 _rat
, const bdaddr_t
*ra
, u8 res
[16])
414 /* p1 = pres || preq || _rat || _iat */
417 memcpy(p1
+ 2, preq
, 7);
418 memcpy(p1
+ 9, pres
, 7);
420 /* p2 = padding || ia || ra */
422 memcpy(p2
+ 6, ia
, 6);
423 memset(p2
+ 12, 0, 4);
426 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
428 /* res = e(k, res) */
429 err
= smp_e(tfm_aes
, k
, res
);
431 BT_ERR("Encrypt data error");
435 /* res = res XOR p2 */
436 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
438 /* res = e(k, res) */
439 err
= smp_e(tfm_aes
, k
, res
);
441 BT_ERR("Encrypt data error");
446 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, const u8 k
[16],
447 const u8 r1
[16], const u8 r2
[16], u8 _r
[16])
451 /* Just least significant octets from r1 and r2 are considered */
453 memcpy(_r
+ 8, r1
, 8);
455 err
= smp_e(tfm_aes
, k
, _r
);
457 BT_ERR("Encrypt data error");
462 static int smp_ah(struct crypto_blkcipher
*tfm
, const u8 irk
[16],
463 const u8 r
[3], u8 res
[3])
468 /* r' = padding || r */
470 memset(_res
+ 3, 0, 13);
472 err
= smp_e(tfm
, irk
, _res
);
474 BT_ERR("Encrypt error");
478 /* The output of the random address function ah is:
479 * ah(h, r) = e(k, r') mod 2^24
480 * The output of the security function e is then truncated to 24 bits
481 * by taking the least significant 24 bits of the output of e as the
484 memcpy(res
, _res
, 3);
489 bool smp_irk_matches(struct hci_dev
*hdev
, const u8 irk
[16],
490 const bdaddr_t
*bdaddr
)
492 struct l2cap_chan
*chan
= hdev
->smp_data
;
497 if (!chan
|| !chan
->data
)
502 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
504 err
= smp_ah(smp
->tfm_aes
, irk
, &bdaddr
->b
[3], hash
);
508 return !memcmp(bdaddr
->b
, hash
, 3);
511 int smp_generate_rpa(struct hci_dev
*hdev
, const u8 irk
[16], bdaddr_t
*rpa
)
513 struct l2cap_chan
*chan
= hdev
->smp_data
;
517 if (!chan
|| !chan
->data
)
522 get_random_bytes(&rpa
->b
[3], 3);
524 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
525 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
527 err
= smp_ah(smp
->tfm_aes
, irk
, &rpa
->b
[3], rpa
->b
);
531 BT_DBG("RPA %pMR", rpa
);
536 int smp_generate_oob(struct hci_dev
*hdev
, u8 hash
[16], u8 rand
[16])
538 struct l2cap_chan
*chan
= hdev
->smp_data
;
542 if (!chan
|| !chan
->data
)
547 if (hci_dev_test_flag(hdev
, HCI_USE_DEBUG_KEYS
)) {
548 BT_DBG("Using debug keys");
549 memcpy(smp
->local_pk
, debug_pk
, 64);
550 memcpy(smp
->local_sk
, debug_sk
, 32);
551 smp
->debug_key
= true;
554 /* Generate local key pair for Secure Connections */
555 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
558 /* This is unlikely, but we need to check that
559 * we didn't accidentially generate a debug key.
561 if (memcmp(smp
->local_sk
, debug_sk
, 32))
564 smp
->debug_key
= false;
567 SMP_DBG("OOB Public Key X: %32phN", smp
->local_pk
);
568 SMP_DBG("OOB Public Key Y: %32phN", smp
->local_pk
+ 32);
569 SMP_DBG("OOB Private Key: %32phN", smp
->local_sk
);
571 get_random_bytes(smp
->local_rr
, 16);
573 err
= smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->local_pk
,
574 smp
->local_rr
, 0, hash
);
578 memcpy(rand
, smp
->local_rr
, 16);
583 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
585 struct l2cap_chan
*chan
= conn
->smp
;
586 struct smp_chan
*smp
;
593 BT_DBG("code 0x%2.2x", code
);
595 iv
[0].iov_base
= &code
;
598 iv
[1].iov_base
= data
;
601 memset(&msg
, 0, sizeof(msg
));
603 iov_iter_kvec(&msg
.msg_iter
, WRITE
| ITER_KVEC
, iv
, 2, 1 + len
);
605 l2cap_chan_send(chan
, &msg
, 1 + len
);
612 cancel_delayed_work_sync(&smp
->security_timer
);
613 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
616 static u8
authreq_to_seclevel(u8 authreq
)
618 if (authreq
& SMP_AUTH_MITM
) {
619 if (authreq
& SMP_AUTH_SC
)
620 return BT_SECURITY_FIPS
;
622 return BT_SECURITY_HIGH
;
624 return BT_SECURITY_MEDIUM
;
628 static __u8
seclevel_to_authreq(__u8 sec_level
)
631 case BT_SECURITY_FIPS
:
632 case BT_SECURITY_HIGH
:
633 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
634 case BT_SECURITY_MEDIUM
:
635 return SMP_AUTH_BONDING
;
637 return SMP_AUTH_NONE
;
641 static void build_pairing_cmd(struct l2cap_conn
*conn
,
642 struct smp_cmd_pairing
*req
,
643 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
645 struct l2cap_chan
*chan
= conn
->smp
;
646 struct smp_chan
*smp
= chan
->data
;
647 struct hci_conn
*hcon
= conn
->hcon
;
648 struct hci_dev
*hdev
= hcon
->hdev
;
649 u8 local_dist
= 0, remote_dist
= 0, oob_flag
= SMP_OOB_NOT_PRESENT
;
651 if (hci_dev_test_flag(hdev
, HCI_BONDABLE
)) {
652 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
653 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
654 authreq
|= SMP_AUTH_BONDING
;
656 authreq
&= ~SMP_AUTH_BONDING
;
659 if (hci_dev_test_flag(hdev
, HCI_RPA_RESOLVING
))
660 remote_dist
|= SMP_DIST_ID_KEY
;
662 if (hci_dev_test_flag(hdev
, HCI_PRIVACY
))
663 local_dist
|= SMP_DIST_ID_KEY
;
665 if (hci_dev_test_flag(hdev
, HCI_SC_ENABLED
) &&
666 (authreq
& SMP_AUTH_SC
)) {
667 struct oob_data
*oob_data
;
670 if (hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
)) {
671 local_dist
|= SMP_DIST_LINK_KEY
;
672 remote_dist
|= SMP_DIST_LINK_KEY
;
675 if (hcon
->dst_type
== ADDR_LE_DEV_PUBLIC
)
676 bdaddr_type
= BDADDR_LE_PUBLIC
;
678 bdaddr_type
= BDADDR_LE_RANDOM
;
680 oob_data
= hci_find_remote_oob_data(hdev
, &hcon
->dst
,
682 if (oob_data
&& oob_data
->present
) {
683 set_bit(SMP_FLAG_OOB
, &smp
->flags
);
684 oob_flag
= SMP_OOB_PRESENT
;
685 memcpy(smp
->rr
, oob_data
->rand256
, 16);
686 memcpy(smp
->pcnf
, oob_data
->hash256
, 16);
690 authreq
&= ~SMP_AUTH_SC
;
694 req
->io_capability
= conn
->hcon
->io_capability
;
695 req
->oob_flag
= oob_flag
;
696 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
697 req
->init_key_dist
= local_dist
;
698 req
->resp_key_dist
= remote_dist
;
699 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
701 smp
->remote_key_dist
= remote_dist
;
705 rsp
->io_capability
= conn
->hcon
->io_capability
;
706 rsp
->oob_flag
= oob_flag
;
707 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
708 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
709 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
710 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
712 smp
->remote_key_dist
= rsp
->init_key_dist
;
715 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
717 struct l2cap_chan
*chan
= conn
->smp
;
718 struct smp_chan
*smp
= chan
->data
;
720 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
721 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
722 return SMP_ENC_KEY_SIZE
;
724 smp
->enc_key_size
= max_key_size
;
729 static void smp_chan_destroy(struct l2cap_conn
*conn
)
731 struct l2cap_chan
*chan
= conn
->smp
;
732 struct smp_chan
*smp
= chan
->data
;
733 struct hci_conn
*hcon
= conn
->hcon
;
738 cancel_delayed_work_sync(&smp
->security_timer
);
740 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
741 mgmt_smp_complete(hcon
, complete
);
744 kzfree(smp
->slave_csrk
);
745 kzfree(smp
->link_key
);
747 crypto_free_blkcipher(smp
->tfm_aes
);
748 crypto_free_hash(smp
->tfm_cmac
);
750 /* Ensure that we don't leave any debug key around if debug key
751 * support hasn't been explicitly enabled.
753 if (smp
->ltk
&& smp
->ltk
->type
== SMP_LTK_P256_DEBUG
&&
754 !hci_dev_test_flag(hcon
->hdev
, HCI_KEEP_DEBUG_KEYS
)) {
755 list_del_rcu(&smp
->ltk
->list
);
756 kfree_rcu(smp
->ltk
, rcu
);
760 /* If pairing failed clean up any keys we might have */
763 list_del_rcu(&smp
->ltk
->list
);
764 kfree_rcu(smp
->ltk
, rcu
);
767 if (smp
->slave_ltk
) {
768 list_del_rcu(&smp
->slave_ltk
->list
);
769 kfree_rcu(smp
->slave_ltk
, rcu
);
772 if (smp
->remote_irk
) {
773 list_del_rcu(&smp
->remote_irk
->list
);
774 kfree_rcu(smp
->remote_irk
, rcu
);
783 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
785 struct hci_conn
*hcon
= conn
->hcon
;
786 struct l2cap_chan
*chan
= conn
->smp
;
789 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
792 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
793 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
796 smp_chan_destroy(conn
);
799 #define JUST_WORKS 0x00
800 #define JUST_CFM 0x01
801 #define REQ_PASSKEY 0x02
802 #define CFM_PASSKEY 0x03
804 #define DSP_PASSKEY 0x05
807 static const u8 gen_method
[5][5] = {
808 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
809 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
810 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
811 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
812 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
815 static const u8 sc_method
[5][5] = {
816 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
817 { JUST_WORKS
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
818 { DSP_PASSKEY
, DSP_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, DSP_PASSKEY
},
819 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
820 { DSP_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
823 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
825 /* If either side has unknown io_caps, use JUST_CFM (which gets
826 * converted later to JUST_WORKS if we're initiators.
828 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
829 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
832 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
833 return sc_method
[remote_io
][local_io
];
835 return gen_method
[remote_io
][local_io
];
838 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
839 u8 local_io
, u8 remote_io
)
841 struct hci_conn
*hcon
= conn
->hcon
;
842 struct l2cap_chan
*chan
= conn
->smp
;
843 struct smp_chan
*smp
= chan
->data
;
847 /* Initialize key for JUST WORKS */
848 memset(smp
->tk
, 0, sizeof(smp
->tk
));
849 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
851 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
853 /* If neither side wants MITM, either "just" confirm an incoming
854 * request or use just-works for outgoing ones. The JUST_CFM
855 * will be converted to JUST_WORKS if necessary later in this
856 * function. If either side has MITM look up the method from the
859 if (!(auth
& SMP_AUTH_MITM
))
860 smp
->method
= JUST_CFM
;
862 smp
->method
= get_auth_method(smp
, local_io
, remote_io
);
864 /* Don't confirm locally initiated pairing attempts */
865 if (smp
->method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
,
867 smp
->method
= JUST_WORKS
;
869 /* Don't bother user space with no IO capabilities */
870 if (smp
->method
== JUST_CFM
&&
871 hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
872 smp
->method
= JUST_WORKS
;
874 /* If Just Works, Continue with Zero TK */
875 if (smp
->method
== JUST_WORKS
) {
876 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
880 /* Not Just Works/Confirm results in MITM Authentication */
881 if (smp
->method
!= JUST_CFM
) {
882 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
883 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
884 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
887 /* If both devices have Keyoard-Display I/O, the master
888 * Confirms and the slave Enters the passkey.
890 if (smp
->method
== OVERLAP
) {
891 if (hcon
->role
== HCI_ROLE_MASTER
)
892 smp
->method
= CFM_PASSKEY
;
894 smp
->method
= REQ_PASSKEY
;
897 /* Generate random passkey. */
898 if (smp
->method
== CFM_PASSKEY
) {
899 memset(smp
->tk
, 0, sizeof(smp
->tk
));
900 get_random_bytes(&passkey
, sizeof(passkey
));
902 put_unaligned_le32(passkey
, smp
->tk
);
903 BT_DBG("PassKey: %d", passkey
);
904 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
907 if (smp
->method
== REQ_PASSKEY
)
908 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
909 hcon
->type
, hcon
->dst_type
);
910 else if (smp
->method
== JUST_CFM
)
911 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
912 hcon
->type
, hcon
->dst_type
,
915 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
916 hcon
->type
, hcon
->dst_type
,
922 static u8
smp_confirm(struct smp_chan
*smp
)
924 struct l2cap_conn
*conn
= smp
->conn
;
925 struct smp_cmd_pairing_confirm cp
;
928 BT_DBG("conn %p", conn
);
930 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
931 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
932 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
935 return SMP_UNSPECIFIED
;
937 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
939 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
942 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
944 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
949 static u8
smp_random(struct smp_chan
*smp
)
951 struct l2cap_conn
*conn
= smp
->conn
;
952 struct hci_conn
*hcon
= conn
->hcon
;
956 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
957 return SMP_UNSPECIFIED
;
959 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
961 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
962 hcon
->init_addr_type
, &hcon
->init_addr
,
963 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
965 return SMP_UNSPECIFIED
;
967 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
968 BT_ERR("Pairing failed (confirmation values mismatch)");
969 return SMP_CONFIRM_FAILED
;
977 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
979 memset(stk
+ smp
->enc_key_size
, 0,
980 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
982 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
983 return SMP_UNSPECIFIED
;
985 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
986 hcon
->enc_key_size
= smp
->enc_key_size
;
987 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
993 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
996 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
998 memset(stk
+ smp
->enc_key_size
, 0,
999 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
1001 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
1006 /* Even though there's no _SLAVE suffix this is the
1007 * slave STK we're adding for later lookup (the master
1008 * STK never needs to be stored).
1010 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1011 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
1017 static void smp_notify_keys(struct l2cap_conn
*conn
)
1019 struct l2cap_chan
*chan
= conn
->smp
;
1020 struct smp_chan
*smp
= chan
->data
;
1021 struct hci_conn
*hcon
= conn
->hcon
;
1022 struct hci_dev
*hdev
= hcon
->hdev
;
1023 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1024 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1027 if (smp
->remote_irk
) {
1028 mgmt_new_irk(hdev
, smp
->remote_irk
);
1029 /* Now that user space can be considered to know the
1030 * identity address track the connection based on it
1031 * from now on (assuming this is an LE link).
1033 if (hcon
->type
== LE_LINK
) {
1034 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1035 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1036 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
1039 /* When receiving an indentity resolving key for
1040 * a remote device that does not use a resolvable
1041 * private address, just remove the key so that
1042 * it is possible to use the controller white
1043 * list for scanning.
1045 * Userspace will have been told to not store
1046 * this key at this point. So it is safe to
1049 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
1050 list_del_rcu(&smp
->remote_irk
->list
);
1051 kfree_rcu(smp
->remote_irk
, rcu
);
1052 smp
->remote_irk
= NULL
;
1056 if (hcon
->type
== ACL_LINK
) {
1057 if (hcon
->key_type
== HCI_LK_DEBUG_COMBINATION
)
1060 persistent
= !test_bit(HCI_CONN_FLUSH_KEY
,
1063 /* The LTKs and CSRKs should be persistent only if both sides
1064 * had the bonding bit set in their authentication requests.
1066 persistent
= !!((req
->auth_req
& rsp
->auth_req
) &
1072 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1073 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1074 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1077 if (smp
->slave_csrk
) {
1078 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1079 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1080 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1084 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1085 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1086 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1089 if (smp
->slave_ltk
) {
1090 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1091 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1092 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1095 if (smp
->link_key
) {
1096 struct link_key
*key
;
1099 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1100 type
= HCI_LK_DEBUG_COMBINATION
;
1101 else if (hcon
->sec_level
== BT_SECURITY_FIPS
)
1102 type
= HCI_LK_AUTH_COMBINATION_P256
;
1104 type
= HCI_LK_UNAUTH_COMBINATION_P256
;
1106 key
= hci_add_link_key(hdev
, smp
->conn
->hcon
, &hcon
->dst
,
1107 smp
->link_key
, type
, 0, &persistent
);
1109 mgmt_new_link_key(hdev
, key
, persistent
);
1111 /* Don't keep debug keys around if the relevant
1114 if (!hci_dev_test_flag(hdev
, HCI_KEEP_DEBUG_KEYS
) &&
1115 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
1116 list_del_rcu(&key
->list
);
1117 kfree_rcu(key
, rcu
);
1123 static void sc_add_ltk(struct smp_chan
*smp
)
1125 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1128 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1129 key_type
= SMP_LTK_P256_DEBUG
;
1131 key_type
= SMP_LTK_P256
;
1133 if (hcon
->pending_sec_level
== BT_SECURITY_FIPS
)
1138 memset(smp
->tk
+ smp
->enc_key_size
, 0,
1139 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
1141 smp
->ltk
= hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1142 key_type
, auth
, smp
->tk
, smp
->enc_key_size
,
1146 static void sc_generate_link_key(struct smp_chan
*smp
)
1148 /* These constants are as specified in the core specification.
1149 * In ASCII they spell out to 'tmp1' and 'lebr'.
1151 const u8 tmp1
[4] = { 0x31, 0x70, 0x6d, 0x74 };
1152 const u8 lebr
[4] = { 0x72, 0x62, 0x65, 0x6c };
1154 smp
->link_key
= kzalloc(16, GFP_KERNEL
);
1158 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, tmp1
, smp
->link_key
)) {
1159 kzfree(smp
->link_key
);
1160 smp
->link_key
= NULL
;
1164 if (smp_h6(smp
->tfm_cmac
, smp
->link_key
, lebr
, smp
->link_key
)) {
1165 kzfree(smp
->link_key
);
1166 smp
->link_key
= NULL
;
1171 static void smp_allow_key_dist(struct smp_chan
*smp
)
1173 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1174 * will be allowed in each PDU handler to ensure we receive
1175 * them in the correct order.
1177 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
1178 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
1179 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1180 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1181 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1182 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1185 static void sc_generate_ltk(struct smp_chan
*smp
)
1187 /* These constants are as specified in the core specification.
1188 * In ASCII they spell out to 'tmp2' and 'brle'.
1190 const u8 tmp2
[4] = { 0x32, 0x70, 0x6d, 0x74 };
1191 const u8 brle
[4] = { 0x65, 0x6c, 0x72, 0x62 };
1192 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1193 struct hci_dev
*hdev
= hcon
->hdev
;
1194 struct link_key
*key
;
1196 key
= hci_find_link_key(hdev
, &hcon
->dst
);
1198 BT_ERR("%s No Link Key found to generate LTK", hdev
->name
);
1202 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
1203 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1205 if (smp_h6(smp
->tfm_cmac
, key
->val
, tmp2
, smp
->tk
))
1208 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, brle
, smp
->tk
))
1214 static void smp_distribute_keys(struct smp_chan
*smp
)
1216 struct smp_cmd_pairing
*req
, *rsp
;
1217 struct l2cap_conn
*conn
= smp
->conn
;
1218 struct hci_conn
*hcon
= conn
->hcon
;
1219 struct hci_dev
*hdev
= hcon
->hdev
;
1222 BT_DBG("conn %p", conn
);
1224 rsp
= (void *) &smp
->prsp
[1];
1226 /* The responder sends its keys first */
1227 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
1228 smp_allow_key_dist(smp
);
1232 req
= (void *) &smp
->preq
[1];
1235 keydist
= &rsp
->init_key_dist
;
1236 *keydist
&= req
->init_key_dist
;
1238 keydist
= &rsp
->resp_key_dist
;
1239 *keydist
&= req
->resp_key_dist
;
1242 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1243 if (hcon
->type
== LE_LINK
&& (*keydist
& SMP_DIST_LINK_KEY
))
1244 sc_generate_link_key(smp
);
1245 if (hcon
->type
== ACL_LINK
&& (*keydist
& SMP_DIST_ENC_KEY
))
1246 sc_generate_ltk(smp
);
1248 /* Clear the keys which are generated but not distributed */
1249 *keydist
&= ~SMP_SC_NO_DIST
;
1252 BT_DBG("keydist 0x%x", *keydist
);
1254 if (*keydist
& SMP_DIST_ENC_KEY
) {
1255 struct smp_cmd_encrypt_info enc
;
1256 struct smp_cmd_master_ident ident
;
1257 struct smp_ltk
*ltk
;
1262 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1263 get_random_bytes(&ediv
, sizeof(ediv
));
1264 get_random_bytes(&rand
, sizeof(rand
));
1266 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1268 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1269 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1270 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1271 smp
->enc_key_size
, ediv
, rand
);
1272 smp
->slave_ltk
= ltk
;
1277 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1279 *keydist
&= ~SMP_DIST_ENC_KEY
;
1282 if (*keydist
& SMP_DIST_ID_KEY
) {
1283 struct smp_cmd_ident_addr_info addrinfo
;
1284 struct smp_cmd_ident_info idinfo
;
1286 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1288 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1290 /* The hci_conn contains the local identity address
1291 * after the connection has been established.
1293 * This is true even when the connection has been
1294 * established using a resolvable random address.
1296 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1297 addrinfo
.addr_type
= hcon
->src_type
;
1299 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1302 *keydist
&= ~SMP_DIST_ID_KEY
;
1305 if (*keydist
& SMP_DIST_SIGN
) {
1306 struct smp_cmd_sign_info sign
;
1307 struct smp_csrk
*csrk
;
1309 /* Generate a new random key */
1310 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1312 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1314 if (hcon
->sec_level
> BT_SECURITY_MEDIUM
)
1315 csrk
->type
= MGMT_CSRK_LOCAL_AUTHENTICATED
;
1317 csrk
->type
= MGMT_CSRK_LOCAL_UNAUTHENTICATED
;
1318 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1320 smp
->slave_csrk
= csrk
;
1322 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1324 *keydist
&= ~SMP_DIST_SIGN
;
1327 /* If there are still keys to be received wait for them */
1328 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
1329 smp_allow_key_dist(smp
);
1333 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1334 smp_notify_keys(conn
);
1336 smp_chan_destroy(conn
);
1339 static void smp_timeout(struct work_struct
*work
)
1341 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
1342 security_timer
.work
);
1343 struct l2cap_conn
*conn
= smp
->conn
;
1345 BT_DBG("conn %p", conn
);
1347 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
1350 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
1352 struct l2cap_chan
*chan
= conn
->smp
;
1353 struct smp_chan
*smp
;
1355 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
1359 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1360 if (IS_ERR(smp
->tfm_aes
)) {
1361 BT_ERR("Unable to create ECB crypto context");
1366 smp
->tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
1367 if (IS_ERR(smp
->tfm_cmac
)) {
1368 BT_ERR("Unable to create CMAC crypto context");
1369 crypto_free_blkcipher(smp
->tfm_aes
);
1377 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
1379 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
1381 hci_conn_hold(conn
->hcon
);
1386 static int sc_mackey_and_ltk(struct smp_chan
*smp
, u8 mackey
[16], u8 ltk
[16])
1388 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1389 u8
*na
, *nb
, a
[7], b
[7];
1399 memcpy(a
, &hcon
->init_addr
, 6);
1400 memcpy(b
, &hcon
->resp_addr
, 6);
1401 a
[6] = hcon
->init_addr_type
;
1402 b
[6] = hcon
->resp_addr_type
;
1404 return smp_f5(smp
->tfm_cmac
, smp
->dhkey
, na
, nb
, a
, b
, mackey
, ltk
);
1407 static void sc_dhkey_check(struct smp_chan
*smp
)
1409 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1410 struct smp_cmd_dhkey_check check
;
1411 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
1412 u8 io_cap
[3], r
[16];
1414 memcpy(a
, &hcon
->init_addr
, 6);
1415 memcpy(b
, &hcon
->resp_addr
, 6);
1416 a
[6] = hcon
->init_addr_type
;
1417 b
[6] = hcon
->resp_addr_type
;
1422 memcpy(io_cap
, &smp
->preq
[1], 3);
1426 memcpy(io_cap
, &smp
->prsp
[1], 3);
1429 memset(r
, 0, sizeof(r
));
1431 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1432 put_unaligned_le32(hcon
->passkey_notify
, r
);
1434 if (smp
->method
== REQ_OOB
)
1435 memcpy(r
, smp
->rr
, 16);
1437 smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->prnd
, smp
->rrnd
, r
, io_cap
,
1438 local_addr
, remote_addr
, check
.e
);
1440 smp_send_cmd(smp
->conn
, SMP_CMD_DHKEY_CHECK
, sizeof(check
), &check
);
1443 static u8
sc_passkey_send_confirm(struct smp_chan
*smp
)
1445 struct l2cap_conn
*conn
= smp
->conn
;
1446 struct hci_conn
*hcon
= conn
->hcon
;
1447 struct smp_cmd_pairing_confirm cfm
;
1450 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1453 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1455 if (smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
, r
,
1457 return SMP_UNSPECIFIED
;
1459 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
1464 static u8
sc_passkey_round(struct smp_chan
*smp
, u8 smp_op
)
1466 struct l2cap_conn
*conn
= smp
->conn
;
1467 struct hci_conn
*hcon
= conn
->hcon
;
1468 struct hci_dev
*hdev
= hcon
->hdev
;
1471 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1472 if (smp
->passkey_round
>= 20)
1476 case SMP_CMD_PAIRING_RANDOM
:
1477 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1480 if (smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1482 return SMP_UNSPECIFIED
;
1484 if (memcmp(smp
->pcnf
, cfm
, 16))
1485 return SMP_CONFIRM_FAILED
;
1487 smp
->passkey_round
++;
1489 if (smp
->passkey_round
== 20) {
1490 /* Generate MacKey and LTK */
1491 if (sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
))
1492 return SMP_UNSPECIFIED
;
1495 /* The round is only complete when the initiator
1496 * receives pairing random.
1499 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1500 sizeof(smp
->prnd
), smp
->prnd
);
1501 if (smp
->passkey_round
== 20)
1502 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1504 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1508 /* Start the next round */
1509 if (smp
->passkey_round
!= 20)
1510 return sc_passkey_round(smp
, 0);
1512 /* Passkey rounds are complete - start DHKey Check */
1513 sc_dhkey_check(smp
);
1514 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1518 case SMP_CMD_PAIRING_CONFIRM
:
1519 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
1520 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1524 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1527 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1528 sizeof(smp
->prnd
), smp
->prnd
);
1532 return sc_passkey_send_confirm(smp
);
1534 case SMP_CMD_PUBLIC_KEY
:
1536 /* Initiating device starts the round */
1540 BT_DBG("%s Starting passkey round %u", hdev
->name
,
1541 smp
->passkey_round
+ 1);
1543 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1545 return sc_passkey_send_confirm(smp
);
1551 static int sc_user_reply(struct smp_chan
*smp
, u16 mgmt_op
, __le32 passkey
)
1553 struct l2cap_conn
*conn
= smp
->conn
;
1554 struct hci_conn
*hcon
= conn
->hcon
;
1557 clear_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
1560 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1561 smp_failure(smp
->conn
, SMP_PASSKEY_ENTRY_FAILED
);
1563 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1564 smp_failure(smp
->conn
, SMP_NUMERIC_COMP_FAILED
);
1566 case MGMT_OP_USER_PASSKEY_REPLY
:
1567 hcon
->passkey_notify
= le32_to_cpu(passkey
);
1568 smp
->passkey_round
= 0;
1570 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
))
1571 smp_op
= SMP_CMD_PAIRING_CONFIRM
;
1575 if (sc_passkey_round(smp
, smp_op
))
1581 /* Initiator sends DHKey check first */
1583 sc_dhkey_check(smp
);
1584 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1585 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
)) {
1586 sc_dhkey_check(smp
);
1593 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
1595 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1596 struct l2cap_chan
*chan
;
1597 struct smp_chan
*smp
;
1610 l2cap_chan_lock(chan
);
1618 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1619 err
= sc_user_reply(smp
, mgmt_op
, passkey
);
1624 case MGMT_OP_USER_PASSKEY_REPLY
:
1625 value
= le32_to_cpu(passkey
);
1626 memset(smp
->tk
, 0, sizeof(smp
->tk
));
1627 BT_DBG("PassKey: %d", value
);
1628 put_unaligned_le32(value
, smp
->tk
);
1630 case MGMT_OP_USER_CONFIRM_REPLY
:
1631 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
1633 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1634 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1635 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1639 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1646 /* If it is our turn to send Pairing Confirm, do so now */
1647 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
1648 u8 rsp
= smp_confirm(smp
);
1650 smp_failure(conn
, rsp
);
1654 l2cap_chan_unlock(chan
);
1658 static void build_bredr_pairing_cmd(struct smp_chan
*smp
,
1659 struct smp_cmd_pairing
*req
,
1660 struct smp_cmd_pairing
*rsp
)
1662 struct l2cap_conn
*conn
= smp
->conn
;
1663 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1664 u8 local_dist
= 0, remote_dist
= 0;
1666 if (hci_dev_test_flag(hdev
, HCI_BONDABLE
)) {
1667 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1668 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1671 if (hci_dev_test_flag(hdev
, HCI_RPA_RESOLVING
))
1672 remote_dist
|= SMP_DIST_ID_KEY
;
1674 if (hci_dev_test_flag(hdev
, HCI_PRIVACY
))
1675 local_dist
|= SMP_DIST_ID_KEY
;
1678 memset(req
, 0, sizeof(*req
));
1680 req
->init_key_dist
= local_dist
;
1681 req
->resp_key_dist
= remote_dist
;
1682 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1684 smp
->remote_key_dist
= remote_dist
;
1689 memset(rsp
, 0, sizeof(*rsp
));
1691 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1692 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
1693 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
1695 smp
->remote_key_dist
= rsp
->init_key_dist
;
1698 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1700 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
1701 struct l2cap_chan
*chan
= conn
->smp
;
1702 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1703 struct smp_chan
*smp
;
1704 u8 key_size
, auth
, sec_level
;
1707 BT_DBG("conn %p", conn
);
1709 if (skb
->len
< sizeof(*req
))
1710 return SMP_INVALID_PARAMS
;
1712 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
1713 return SMP_CMD_NOTSUPP
;
1716 smp
= smp_chan_create(conn
);
1721 return SMP_UNSPECIFIED
;
1723 /* We didn't start the pairing, so match remote */
1724 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
1726 if (!hci_dev_test_flag(hdev
, HCI_BONDABLE
) &&
1727 (auth
& SMP_AUTH_BONDING
))
1728 return SMP_PAIRING_NOTSUPP
;
1730 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
) && !(auth
& SMP_AUTH_SC
))
1731 return SMP_AUTH_REQUIREMENTS
;
1733 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1734 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
1735 skb_pull(skb
, sizeof(*req
));
1737 /* SMP over BR/EDR requires special treatment */
1738 if (conn
->hcon
->type
== ACL_LINK
) {
1739 /* We must have a BR/EDR SC link */
1740 if (!test_bit(HCI_CONN_AES_CCM
, &conn
->hcon
->flags
) &&
1741 !hci_dev_test_flag(hdev
, HCI_FORCE_BREDR_SMP
))
1742 return SMP_CROSS_TRANSP_NOT_ALLOWED
;
1744 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1746 build_bredr_pairing_cmd(smp
, req
, &rsp
);
1748 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1749 if (check_enc_key_size(conn
, key_size
))
1750 return SMP_ENC_KEY_SIZE
;
1752 /* Clear bits which are generated but not distributed */
1753 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1755 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1756 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1757 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1759 smp_distribute_keys(smp
);
1763 build_pairing_cmd(conn
, req
, &rsp
, auth
);
1765 if (rsp
.auth_req
& SMP_AUTH_SC
)
1766 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1768 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1769 sec_level
= BT_SECURITY_MEDIUM
;
1771 sec_level
= authreq_to_seclevel(auth
);
1773 if (sec_level
> conn
->hcon
->pending_sec_level
)
1774 conn
->hcon
->pending_sec_level
= sec_level
;
1776 /* If we need MITM check that it can be achieved */
1777 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1780 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
1781 req
->io_capability
);
1782 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1783 return SMP_AUTH_REQUIREMENTS
;
1786 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1787 if (check_enc_key_size(conn
, key_size
))
1788 return SMP_ENC_KEY_SIZE
;
1790 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1792 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1793 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1795 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1797 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1799 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1800 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1801 /* Clear bits which are generated but not distributed */
1802 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1803 /* Wait for Public Key from Initiating Device */
1807 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1809 /* Request setup of TK */
1810 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1812 return SMP_UNSPECIFIED
;
1817 static u8
sc_send_public_key(struct smp_chan
*smp
)
1819 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
1823 if (test_bit(SMP_FLAG_OOB
, &smp
->flags
)) {
1824 struct l2cap_chan
*chan
= hdev
->smp_data
;
1825 struct smp_dev
*smp_dev
;
1827 if (!chan
|| !chan
->data
)
1828 return SMP_UNSPECIFIED
;
1830 smp_dev
= chan
->data
;
1832 memcpy(smp
->local_pk
, smp_dev
->local_pk
, 64);
1833 memcpy(smp
->local_sk
, smp_dev
->local_sk
, 32);
1834 memcpy(smp
->lr
, smp_dev
->local_rr
, 16);
1836 if (smp_dev
->debug_key
)
1837 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1842 if (hci_dev_test_flag(hdev
, HCI_USE_DEBUG_KEYS
)) {
1843 BT_DBG("Using debug keys");
1844 memcpy(smp
->local_pk
, debug_pk
, 64);
1845 memcpy(smp
->local_sk
, debug_sk
, 32);
1846 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1849 /* Generate local key pair for Secure Connections */
1850 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
1851 return SMP_UNSPECIFIED
;
1853 /* This is unlikely, but we need to check that
1854 * we didn't accidentially generate a debug key.
1856 if (memcmp(smp
->local_sk
, debug_sk
, 32))
1862 SMP_DBG("Local Public Key X: %32phN", smp
->local_pk
);
1863 SMP_DBG("Local Public Key Y: %32phN", smp
->local_pk
+ 32);
1864 SMP_DBG("Local Private Key: %32phN", smp
->local_sk
);
1866 smp_send_cmd(smp
->conn
, SMP_CMD_PUBLIC_KEY
, 64, smp
->local_pk
);
1871 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1873 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1874 struct l2cap_chan
*chan
= conn
->smp
;
1875 struct smp_chan
*smp
= chan
->data
;
1876 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1880 BT_DBG("conn %p", conn
);
1882 if (skb
->len
< sizeof(*rsp
))
1883 return SMP_INVALID_PARAMS
;
1885 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1886 return SMP_CMD_NOTSUPP
;
1888 skb_pull(skb
, sizeof(*rsp
));
1890 req
= (void *) &smp
->preq
[1];
1892 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1893 if (check_enc_key_size(conn
, key_size
))
1894 return SMP_ENC_KEY_SIZE
;
1896 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1898 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
) && !(auth
& SMP_AUTH_SC
))
1899 return SMP_AUTH_REQUIREMENTS
;
1901 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1902 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1904 /* Update remote key distribution in case the remote cleared
1905 * some bits that we had enabled in our request.
1907 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1909 /* For BR/EDR this means we're done and can start phase 3 */
1910 if (conn
->hcon
->type
== ACL_LINK
) {
1911 /* Clear bits which are generated but not distributed */
1912 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1913 smp_distribute_keys(smp
);
1917 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1918 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1919 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1920 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1922 /* If we need MITM check that it can be achieved */
1923 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1926 method
= get_auth_method(smp
, req
->io_capability
,
1927 rsp
->io_capability
);
1928 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1929 return SMP_AUTH_REQUIREMENTS
;
1932 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1934 /* Update remote key distribution in case the remote cleared
1935 * some bits that we had enabled in our request.
1937 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1939 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1940 /* Clear bits which are generated but not distributed */
1941 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1942 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1943 return sc_send_public_key(smp
);
1946 auth
|= req
->auth_req
;
1948 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1950 return SMP_UNSPECIFIED
;
1952 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1954 /* Can't compose response until we have been confirmed */
1955 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1956 return smp_confirm(smp
);
1961 static u8
sc_check_confirm(struct smp_chan
*smp
)
1963 struct l2cap_conn
*conn
= smp
->conn
;
1967 /* Public Key exchange must happen before any other steps */
1968 if (!test_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
))
1969 return SMP_UNSPECIFIED
;
1971 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1972 return sc_passkey_round(smp
, SMP_CMD_PAIRING_CONFIRM
);
1974 if (conn
->hcon
->out
) {
1975 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1977 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1983 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1985 struct l2cap_chan
*chan
= conn
->smp
;
1986 struct smp_chan
*smp
= chan
->data
;
1988 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1990 if (skb
->len
< sizeof(smp
->pcnf
))
1991 return SMP_INVALID_PARAMS
;
1993 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1994 skb_pull(skb
, sizeof(smp
->pcnf
));
1996 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
1997 return sc_check_confirm(smp
);
1999 if (conn
->hcon
->out
) {
2000 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
2002 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2006 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
2007 return smp_confirm(smp
);
2009 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
2014 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2016 struct l2cap_chan
*chan
= conn
->smp
;
2017 struct smp_chan
*smp
= chan
->data
;
2018 struct hci_conn
*hcon
= conn
->hcon
;
2019 u8
*pkax
, *pkbx
, *na
, *nb
;
2023 BT_DBG("conn %p", conn
);
2025 if (skb
->len
< sizeof(smp
->rrnd
))
2026 return SMP_INVALID_PARAMS
;
2028 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
2029 skb_pull(skb
, sizeof(smp
->rrnd
));
2031 if (!test_bit(SMP_FLAG_SC
, &smp
->flags
))
2032 return smp_random(smp
);
2035 pkax
= smp
->local_pk
;
2036 pkbx
= smp
->remote_pk
;
2040 pkax
= smp
->remote_pk
;
2041 pkbx
= smp
->local_pk
;
2046 if (smp
->method
== REQ_OOB
) {
2048 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
2049 sizeof(smp
->prnd
), smp
->prnd
);
2050 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
2051 goto mackey_and_ltk
;
2054 /* Passkey entry has special treatment */
2055 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
2056 return sc_passkey_round(smp
, SMP_CMD_PAIRING_RANDOM
);
2061 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
2064 return SMP_UNSPECIFIED
;
2066 if (memcmp(smp
->pcnf
, cfm
, 16))
2067 return SMP_CONFIRM_FAILED
;
2069 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
2071 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
2075 /* Generate MacKey and LTK */
2076 err
= sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
);
2078 return SMP_UNSPECIFIED
;
2080 if (smp
->method
== JUST_WORKS
|| smp
->method
== REQ_OOB
) {
2082 sc_dhkey_check(smp
);
2083 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
2088 err
= smp_g2(smp
->tfm_cmac
, pkax
, pkbx
, na
, nb
, &passkey
);
2090 return SMP_UNSPECIFIED
;
2092 err
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
, hcon
->type
,
2093 hcon
->dst_type
, passkey
, 0);
2095 return SMP_UNSPECIFIED
;
2097 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
2102 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
2104 struct smp_ltk
*key
;
2105 struct hci_conn
*hcon
= conn
->hcon
;
2107 key
= hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
);
2111 if (smp_ltk_sec_level(key
) < sec_level
)
2114 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
2117 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
2118 hcon
->enc_key_size
= key
->enc_size
;
2120 /* We never store STKs for master role, so clear this flag */
2121 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
2126 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
2127 enum smp_key_pref key_pref
)
2129 if (sec_level
== BT_SECURITY_LOW
)
2132 /* If we're encrypted with an STK but the caller prefers using
2133 * LTK claim insufficient security. This way we allow the
2134 * connection to be re-encrypted with an LTK, even if the LTK
2135 * provides the same level of security. Only exception is if we
2136 * don't have an LTK (e.g. because of key distribution bits).
2138 if (key_pref
== SMP_USE_LTK
&&
2139 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
2140 hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
))
2143 if (hcon
->sec_level
>= sec_level
)
2149 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2151 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
2152 struct smp_cmd_pairing cp
;
2153 struct hci_conn
*hcon
= conn
->hcon
;
2154 struct hci_dev
*hdev
= hcon
->hdev
;
2155 struct smp_chan
*smp
;
2158 BT_DBG("conn %p", conn
);
2160 if (skb
->len
< sizeof(*rp
))
2161 return SMP_INVALID_PARAMS
;
2163 if (hcon
->role
!= HCI_ROLE_MASTER
)
2164 return SMP_CMD_NOTSUPP
;
2166 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
2168 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
) && !(auth
& SMP_AUTH_SC
))
2169 return SMP_AUTH_REQUIREMENTS
;
2171 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
2172 sec_level
= BT_SECURITY_MEDIUM
;
2174 sec_level
= authreq_to_seclevel(auth
);
2176 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2179 if (sec_level
> hcon
->pending_sec_level
)
2180 hcon
->pending_sec_level
= sec_level
;
2182 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2185 smp
= smp_chan_create(conn
);
2187 return SMP_UNSPECIFIED
;
2189 if (!hci_dev_test_flag(hdev
, HCI_BONDABLE
) &&
2190 (auth
& SMP_AUTH_BONDING
))
2191 return SMP_PAIRING_NOTSUPP
;
2193 skb_pull(skb
, sizeof(*rp
));
2195 memset(&cp
, 0, sizeof(cp
));
2196 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
2198 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2199 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2201 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2202 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2207 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
2209 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
2210 struct l2cap_chan
*chan
;
2211 struct smp_chan
*smp
;
2215 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
2217 /* This may be NULL if there's an unexpected disconnection */
2223 if (!hci_dev_test_flag(hcon
->hdev
, HCI_LE_ENABLED
))
2226 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2229 if (sec_level
> hcon
->pending_sec_level
)
2230 hcon
->pending_sec_level
= sec_level
;
2232 if (hcon
->role
== HCI_ROLE_MASTER
)
2233 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2236 l2cap_chan_lock(chan
);
2238 /* If SMP is already in progress ignore this request */
2244 smp
= smp_chan_create(conn
);
2250 authreq
= seclevel_to_authreq(sec_level
);
2252 if (hci_dev_test_flag(hcon
->hdev
, HCI_SC_ENABLED
))
2253 authreq
|= SMP_AUTH_SC
;
2255 /* Require MITM if IO Capability allows or the security level
2258 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
2259 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
2260 authreq
|= SMP_AUTH_MITM
;
2262 if (hcon
->role
== HCI_ROLE_MASTER
) {
2263 struct smp_cmd_pairing cp
;
2265 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
2266 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2267 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2269 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2270 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2272 struct smp_cmd_security_req cp
;
2273 cp
.auth_req
= authreq
;
2274 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
2275 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
2278 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
2282 l2cap_chan_unlock(chan
);
2286 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2288 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
2289 struct l2cap_chan
*chan
= conn
->smp
;
2290 struct smp_chan
*smp
= chan
->data
;
2292 BT_DBG("conn %p", conn
);
2294 if (skb
->len
< sizeof(*rp
))
2295 return SMP_INVALID_PARAMS
;
2297 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
2299 skb_pull(skb
, sizeof(*rp
));
2301 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
2306 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2308 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
2309 struct l2cap_chan
*chan
= conn
->smp
;
2310 struct smp_chan
*smp
= chan
->data
;
2311 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
2312 struct hci_conn
*hcon
= conn
->hcon
;
2313 struct smp_ltk
*ltk
;
2316 BT_DBG("conn %p", conn
);
2318 if (skb
->len
< sizeof(*rp
))
2319 return SMP_INVALID_PARAMS
;
2321 /* Mark the information as received */
2322 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
2324 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
2325 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
2326 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2327 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2329 skb_pull(skb
, sizeof(*rp
));
2331 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
2332 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
2333 authenticated
, smp
->tk
, smp
->enc_key_size
,
2334 rp
->ediv
, rp
->rand
);
2336 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2337 smp_distribute_keys(smp
);
2342 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2344 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
2345 struct l2cap_chan
*chan
= conn
->smp
;
2346 struct smp_chan
*smp
= chan
->data
;
2350 if (skb
->len
< sizeof(*info
))
2351 return SMP_INVALID_PARAMS
;
2353 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
2355 skb_pull(skb
, sizeof(*info
));
2357 memcpy(smp
->irk
, info
->irk
, 16);
2362 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
2363 struct sk_buff
*skb
)
2365 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
2366 struct l2cap_chan
*chan
= conn
->smp
;
2367 struct smp_chan
*smp
= chan
->data
;
2368 struct hci_conn
*hcon
= conn
->hcon
;
2373 if (skb
->len
< sizeof(*info
))
2374 return SMP_INVALID_PARAMS
;
2376 /* Mark the information as received */
2377 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
2379 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2380 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2382 skb_pull(skb
, sizeof(*info
));
2384 /* Strictly speaking the Core Specification (4.1) allows sending
2385 * an empty address which would force us to rely on just the IRK
2386 * as "identity information". However, since such
2387 * implementations are not known of and in order to not over
2388 * complicate our implementation, simply pretend that we never
2389 * received an IRK for such a device.
2391 * The Identity Address must also be a Static Random or Public
2392 * Address, which hci_is_identity_address() checks for.
2394 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
) ||
2395 !hci_is_identity_address(&info
->bdaddr
, info
->addr_type
)) {
2396 BT_ERR("Ignoring IRK with no identity address");
2400 bacpy(&smp
->id_addr
, &info
->bdaddr
);
2401 smp
->id_addr_type
= info
->addr_type
;
2403 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
2404 bacpy(&rpa
, &hcon
->dst
);
2406 bacpy(&rpa
, BDADDR_ANY
);
2408 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
2409 smp
->id_addr_type
, smp
->irk
, &rpa
);
2412 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2413 smp_distribute_keys(smp
);
2418 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2420 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
2421 struct l2cap_chan
*chan
= conn
->smp
;
2422 struct smp_chan
*smp
= chan
->data
;
2423 struct smp_csrk
*csrk
;
2425 BT_DBG("conn %p", conn
);
2427 if (skb
->len
< sizeof(*rp
))
2428 return SMP_INVALID_PARAMS
;
2430 /* Mark the information as received */
2431 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
2433 skb_pull(skb
, sizeof(*rp
));
2435 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
2437 if (conn
->hcon
->sec_level
> BT_SECURITY_MEDIUM
)
2438 csrk
->type
= MGMT_CSRK_REMOTE_AUTHENTICATED
;
2440 csrk
->type
= MGMT_CSRK_REMOTE_UNAUTHENTICATED
;
2441 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
2444 smp_distribute_keys(smp
);
2449 static u8
sc_select_method(struct smp_chan
*smp
)
2451 struct l2cap_conn
*conn
= smp
->conn
;
2452 struct hci_conn
*hcon
= conn
->hcon
;
2453 struct smp_cmd_pairing
*local
, *remote
;
2454 u8 local_mitm
, remote_mitm
, local_io
, remote_io
, method
;
2456 if (test_bit(SMP_FLAG_OOB
, &smp
->flags
))
2459 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2460 * which are needed as inputs to some crypto functions. To get
2461 * the "struct smp_cmd_pairing" from them we need to skip the
2462 * first byte which contains the opcode.
2465 local
= (void *) &smp
->preq
[1];
2466 remote
= (void *) &smp
->prsp
[1];
2468 local
= (void *) &smp
->prsp
[1];
2469 remote
= (void *) &smp
->preq
[1];
2472 local_io
= local
->io_capability
;
2473 remote_io
= remote
->io_capability
;
2475 local_mitm
= (local
->auth_req
& SMP_AUTH_MITM
);
2476 remote_mitm
= (remote
->auth_req
& SMP_AUTH_MITM
);
2478 /* If either side wants MITM, look up the method from the table,
2479 * otherwise use JUST WORKS.
2481 if (local_mitm
|| remote_mitm
)
2482 method
= get_auth_method(smp
, local_io
, remote_io
);
2484 method
= JUST_WORKS
;
2486 /* Don't confirm locally initiated pairing attempts */
2487 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
2488 method
= JUST_WORKS
;
2493 static int smp_cmd_public_key(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2495 struct smp_cmd_public_key
*key
= (void *) skb
->data
;
2496 struct hci_conn
*hcon
= conn
->hcon
;
2497 struct l2cap_chan
*chan
= conn
->smp
;
2498 struct smp_chan
*smp
= chan
->data
;
2499 struct hci_dev
*hdev
= hcon
->hdev
;
2500 struct smp_cmd_pairing_confirm cfm
;
2503 BT_DBG("conn %p", conn
);
2505 if (skb
->len
< sizeof(*key
))
2506 return SMP_INVALID_PARAMS
;
2508 memcpy(smp
->remote_pk
, key
, 64);
2510 /* Non-initiating device sends its public key after receiving
2511 * the key from the initiating device.
2514 err
= sc_send_public_key(smp
);
2519 SMP_DBG("Remote Public Key X: %32phN", smp
->remote_pk
);
2520 SMP_DBG("Remote Public Key Y: %32phN", &smp
->remote_pk
[32]);
2522 if (!ecdh_shared_secret(smp
->remote_pk
, smp
->local_sk
, smp
->dhkey
))
2523 return SMP_UNSPECIFIED
;
2525 SMP_DBG("DHKey %32phN", smp
->dhkey
);
2527 set_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
);
2529 smp
->method
= sc_select_method(smp
);
2531 BT_DBG("%s selected method 0x%02x", hdev
->name
, smp
->method
);
2533 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2534 if (smp
->method
== JUST_WORKS
|| smp
->method
== JUST_CFM
)
2535 hcon
->pending_sec_level
= BT_SECURITY_MEDIUM
;
2537 hcon
->pending_sec_level
= BT_SECURITY_FIPS
;
2539 if (!memcmp(debug_pk
, smp
->remote_pk
, 64))
2540 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
2542 if (smp
->method
== DSP_PASSKEY
) {
2543 get_random_bytes(&hcon
->passkey_notify
,
2544 sizeof(hcon
->passkey_notify
));
2545 hcon
->passkey_notify
%= 1000000;
2546 hcon
->passkey_entered
= 0;
2547 smp
->passkey_round
= 0;
2548 if (mgmt_user_passkey_notify(hdev
, &hcon
->dst
, hcon
->type
,
2550 hcon
->passkey_notify
,
2551 hcon
->passkey_entered
))
2552 return SMP_UNSPECIFIED
;
2553 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2554 return sc_passkey_round(smp
, SMP_CMD_PUBLIC_KEY
);
2557 if (smp
->method
== REQ_OOB
) {
2558 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->remote_pk
,
2559 smp
->rr
, 0, cfm
.confirm_val
);
2561 return SMP_UNSPECIFIED
;
2563 if (memcmp(cfm
.confirm_val
, smp
->pcnf
, 16))
2564 return SMP_CONFIRM_FAILED
;
2567 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
2568 sizeof(smp
->prnd
), smp
->prnd
);
2570 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2576 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2578 if (smp
->method
== REQ_PASSKEY
) {
2579 if (mgmt_user_passkey_request(hdev
, &hcon
->dst
, hcon
->type
,
2581 return SMP_UNSPECIFIED
;
2582 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2583 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
2587 /* The Initiating device waits for the non-initiating device to
2588 * send the confirm value.
2590 if (conn
->hcon
->out
)
2593 err
= smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
,
2594 0, cfm
.confirm_val
);
2596 return SMP_UNSPECIFIED
;
2598 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
2599 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2604 static int smp_cmd_dhkey_check(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2606 struct smp_cmd_dhkey_check
*check
= (void *) skb
->data
;
2607 struct l2cap_chan
*chan
= conn
->smp
;
2608 struct hci_conn
*hcon
= conn
->hcon
;
2609 struct smp_chan
*smp
= chan
->data
;
2610 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
2611 u8 io_cap
[3], r
[16], e
[16];
2614 BT_DBG("conn %p", conn
);
2616 if (skb
->len
< sizeof(*check
))
2617 return SMP_INVALID_PARAMS
;
2619 memcpy(a
, &hcon
->init_addr
, 6);
2620 memcpy(b
, &hcon
->resp_addr
, 6);
2621 a
[6] = hcon
->init_addr_type
;
2622 b
[6] = hcon
->resp_addr_type
;
2627 memcpy(io_cap
, &smp
->prsp
[1], 3);
2631 memcpy(io_cap
, &smp
->preq
[1], 3);
2634 memset(r
, 0, sizeof(r
));
2636 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
2637 put_unaligned_le32(hcon
->passkey_notify
, r
);
2638 else if (smp
->method
== REQ_OOB
)
2639 memcpy(r
, smp
->lr
, 16);
2641 err
= smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->rrnd
, smp
->prnd
, r
,
2642 io_cap
, remote_addr
, local_addr
, e
);
2644 return SMP_UNSPECIFIED
;
2646 if (memcmp(check
->e
, e
, 16))
2647 return SMP_DHKEY_CHECK_FAILED
;
2650 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
2651 set_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
);
2655 /* Slave sends DHKey check as response to master */
2656 sc_dhkey_check(smp
);
2662 hci_le_start_enc(hcon
, 0, 0, smp
->tk
);
2663 hcon
->enc_key_size
= smp
->enc_key_size
;
2669 static int smp_cmd_keypress_notify(struct l2cap_conn
*conn
,
2670 struct sk_buff
*skb
)
2672 struct smp_cmd_keypress_notify
*kp
= (void *) skb
->data
;
2674 BT_DBG("value 0x%02x", kp
->value
);
2679 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2681 struct l2cap_conn
*conn
= chan
->conn
;
2682 struct hci_conn
*hcon
= conn
->hcon
;
2683 struct smp_chan
*smp
;
2690 if (!hci_dev_test_flag(hcon
->hdev
, HCI_LE_ENABLED
)) {
2691 reason
= SMP_PAIRING_NOTSUPP
;
2695 code
= skb
->data
[0];
2696 skb_pull(skb
, sizeof(code
));
2700 if (code
> SMP_CMD_MAX
)
2703 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
2706 /* If we don't have a context the only allowed commands are
2707 * pairing request and security request.
2709 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
2713 case SMP_CMD_PAIRING_REQ
:
2714 reason
= smp_cmd_pairing_req(conn
, skb
);
2717 case SMP_CMD_PAIRING_FAIL
:
2718 smp_failure(conn
, 0);
2722 case SMP_CMD_PAIRING_RSP
:
2723 reason
= smp_cmd_pairing_rsp(conn
, skb
);
2726 case SMP_CMD_SECURITY_REQ
:
2727 reason
= smp_cmd_security_req(conn
, skb
);
2730 case SMP_CMD_PAIRING_CONFIRM
:
2731 reason
= smp_cmd_pairing_confirm(conn
, skb
);
2734 case SMP_CMD_PAIRING_RANDOM
:
2735 reason
= smp_cmd_pairing_random(conn
, skb
);
2738 case SMP_CMD_ENCRYPT_INFO
:
2739 reason
= smp_cmd_encrypt_info(conn
, skb
);
2742 case SMP_CMD_MASTER_IDENT
:
2743 reason
= smp_cmd_master_ident(conn
, skb
);
2746 case SMP_CMD_IDENT_INFO
:
2747 reason
= smp_cmd_ident_info(conn
, skb
);
2750 case SMP_CMD_IDENT_ADDR_INFO
:
2751 reason
= smp_cmd_ident_addr_info(conn
, skb
);
2754 case SMP_CMD_SIGN_INFO
:
2755 reason
= smp_cmd_sign_info(conn
, skb
);
2758 case SMP_CMD_PUBLIC_KEY
:
2759 reason
= smp_cmd_public_key(conn
, skb
);
2762 case SMP_CMD_DHKEY_CHECK
:
2763 reason
= smp_cmd_dhkey_check(conn
, skb
);
2766 case SMP_CMD_KEYPRESS_NOTIFY
:
2767 reason
= smp_cmd_keypress_notify(conn
, skb
);
2771 BT_DBG("Unknown command code 0x%2.2x", code
);
2772 reason
= SMP_CMD_NOTSUPP
;
2779 smp_failure(conn
, reason
);
2786 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
2792 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
2794 struct l2cap_conn
*conn
= chan
->conn
;
2796 BT_DBG("chan %p", chan
);
2799 smp_chan_destroy(conn
);
2802 l2cap_chan_put(chan
);
2805 static void bredr_pairing(struct l2cap_chan
*chan
)
2807 struct l2cap_conn
*conn
= chan
->conn
;
2808 struct hci_conn
*hcon
= conn
->hcon
;
2809 struct hci_dev
*hdev
= hcon
->hdev
;
2810 struct smp_cmd_pairing req
;
2811 struct smp_chan
*smp
;
2813 BT_DBG("chan %p", chan
);
2815 /* Only new pairings are interesting */
2816 if (!test_bit(HCI_CONN_NEW_LINK_KEY
, &hcon
->flags
))
2819 /* Don't bother if we're not encrypted */
2820 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2823 /* Only master may initiate SMP over BR/EDR */
2824 if (hcon
->role
!= HCI_ROLE_MASTER
)
2827 /* Secure Connections support must be enabled */
2828 if (!hci_dev_test_flag(hdev
, HCI_SC_ENABLED
))
2831 /* BR/EDR must use Secure Connections for SMP */
2832 if (!test_bit(HCI_CONN_AES_CCM
, &hcon
->flags
) &&
2833 !hci_dev_test_flag(hdev
, HCI_FORCE_BREDR_SMP
))
2836 /* If our LE support is not enabled don't do anything */
2837 if (!hci_dev_test_flag(hdev
, HCI_LE_ENABLED
))
2840 /* Don't bother if remote LE support is not enabled */
2841 if (!lmp_host_le_capable(hcon
))
2844 /* Remote must support SMP fixed chan for BR/EDR */
2845 if (!(conn
->remote_fixed_chan
& L2CAP_FC_SMP_BREDR
))
2848 /* Don't bother if SMP is already ongoing */
2852 smp
= smp_chan_create(conn
);
2854 BT_ERR("%s unable to create SMP context for BR/EDR",
2859 set_bit(SMP_FLAG_SC
, &smp
->flags
);
2861 BT_DBG("%s starting SMP over BR/EDR", hdev
->name
);
2863 /* Prepare and send the BR/EDR SMP Pairing Request */
2864 build_bredr_pairing_cmd(smp
, &req
, NULL
);
2866 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2867 memcpy(&smp
->preq
[1], &req
, sizeof(req
));
2869 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(req
), &req
);
2870 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2873 static void smp_resume_cb(struct l2cap_chan
*chan
)
2875 struct smp_chan
*smp
= chan
->data
;
2876 struct l2cap_conn
*conn
= chan
->conn
;
2877 struct hci_conn
*hcon
= conn
->hcon
;
2879 BT_DBG("chan %p", chan
);
2881 if (hcon
->type
== ACL_LINK
) {
2882 bredr_pairing(chan
);
2889 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2892 cancel_delayed_work(&smp
->security_timer
);
2894 smp_distribute_keys(smp
);
2897 static void smp_ready_cb(struct l2cap_chan
*chan
)
2899 struct l2cap_conn
*conn
= chan
->conn
;
2900 struct hci_conn
*hcon
= conn
->hcon
;
2902 BT_DBG("chan %p", chan
);
2905 l2cap_chan_hold(chan
);
2907 if (hcon
->type
== ACL_LINK
&& test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2908 bredr_pairing(chan
);
2911 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2915 BT_DBG("chan %p", chan
);
2917 err
= smp_sig_channel(chan
, skb
);
2919 struct smp_chan
*smp
= chan
->data
;
2922 cancel_delayed_work_sync(&smp
->security_timer
);
2924 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
2930 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
2931 unsigned long hdr_len
,
2932 unsigned long len
, int nb
)
2934 struct sk_buff
*skb
;
2936 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
2938 return ERR_PTR(-ENOMEM
);
2940 skb
->priority
= HCI_PRIO_MAX
;
2941 bt_cb(skb
)->chan
= chan
;
2946 static const struct l2cap_ops smp_chan_ops
= {
2947 .name
= "Security Manager",
2948 .ready
= smp_ready_cb
,
2949 .recv
= smp_recv_cb
,
2950 .alloc_skb
= smp_alloc_skb_cb
,
2951 .teardown
= smp_teardown_cb
,
2952 .resume
= smp_resume_cb
,
2954 .new_connection
= l2cap_chan_no_new_connection
,
2955 .state_change
= l2cap_chan_no_state_change
,
2956 .close
= l2cap_chan_no_close
,
2957 .defer
= l2cap_chan_no_defer
,
2958 .suspend
= l2cap_chan_no_suspend
,
2959 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2960 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2963 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
2965 struct l2cap_chan
*chan
;
2967 BT_DBG("pchan %p", pchan
);
2969 chan
= l2cap_chan_create();
2973 chan
->chan_type
= pchan
->chan_type
;
2974 chan
->ops
= &smp_chan_ops
;
2975 chan
->scid
= pchan
->scid
;
2976 chan
->dcid
= chan
->scid
;
2977 chan
->imtu
= pchan
->imtu
;
2978 chan
->omtu
= pchan
->omtu
;
2979 chan
->mode
= pchan
->mode
;
2981 /* Other L2CAP channels may request SMP routines in order to
2982 * change the security level. This means that the SMP channel
2983 * lock must be considered in its own category to avoid lockdep
2986 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
2988 BT_DBG("created chan %p", chan
);
2993 static const struct l2cap_ops smp_root_chan_ops
= {
2994 .name
= "Security Manager Root",
2995 .new_connection
= smp_new_conn_cb
,
2997 /* None of these are implemented for the root channel */
2998 .close
= l2cap_chan_no_close
,
2999 .alloc_skb
= l2cap_chan_no_alloc_skb
,
3000 .recv
= l2cap_chan_no_recv
,
3001 .state_change
= l2cap_chan_no_state_change
,
3002 .teardown
= l2cap_chan_no_teardown
,
3003 .ready
= l2cap_chan_no_ready
,
3004 .defer
= l2cap_chan_no_defer
,
3005 .suspend
= l2cap_chan_no_suspend
,
3006 .resume
= l2cap_chan_no_resume
,
3007 .set_shutdown
= l2cap_chan_no_set_shutdown
,
3008 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
3011 static struct l2cap_chan
*smp_add_cid(struct hci_dev
*hdev
, u16 cid
)
3013 struct l2cap_chan
*chan
;
3014 struct smp_dev
*smp
;
3015 struct crypto_blkcipher
*tfm_aes
;
3016 struct crypto_hash
*tfm_cmac
;
3018 if (cid
== L2CAP_CID_SMP_BREDR
) {
3023 smp
= kzalloc(sizeof(*smp
), GFP_KERNEL
);
3025 return ERR_PTR(-ENOMEM
);
3027 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
3028 if (IS_ERR(tfm_aes
)) {
3029 BT_ERR("Unable to create ECB crypto context");
3031 return ERR_CAST(tfm_aes
);
3034 tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
3035 if (IS_ERR(tfm_cmac
)) {
3036 BT_ERR("Unable to create CMAC crypto context");
3037 crypto_free_blkcipher(tfm_aes
);
3039 return ERR_CAST(tfm_cmac
);
3042 smp
->tfm_aes
= tfm_aes
;
3043 smp
->tfm_cmac
= tfm_cmac
;
3046 chan
= l2cap_chan_create();
3048 crypto_free_blkcipher(smp
->tfm_aes
);
3049 crypto_free_hash(smp
->tfm_cmac
);
3051 return ERR_PTR(-ENOMEM
);
3056 l2cap_add_scid(chan
, cid
);
3058 l2cap_chan_set_defaults(chan
);
3060 if (cid
== L2CAP_CID_SMP
) {
3063 hci_copy_identity_address(hdev
, &chan
->src
, &bdaddr_type
);
3065 if (bdaddr_type
== ADDR_LE_DEV_PUBLIC
)
3066 chan
->src_type
= BDADDR_LE_PUBLIC
;
3068 chan
->src_type
= BDADDR_LE_RANDOM
;
3070 bacpy(&chan
->src
, &hdev
->bdaddr
);
3071 chan
->src_type
= BDADDR_BREDR
;
3074 chan
->state
= BT_LISTEN
;
3075 chan
->mode
= L2CAP_MODE_BASIC
;
3076 chan
->imtu
= L2CAP_DEFAULT_MTU
;
3077 chan
->ops
= &smp_root_chan_ops
;
3079 /* Set correct nesting level for a parent/listening channel */
3080 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
3085 static void smp_del_chan(struct l2cap_chan
*chan
)
3087 struct smp_dev
*smp
;
3089 BT_DBG("chan %p", chan
);
3095 crypto_free_blkcipher(smp
->tfm_aes
);
3097 crypto_free_hash(smp
->tfm_cmac
);
3101 l2cap_chan_put(chan
);
3104 static ssize_t
force_bredr_smp_read(struct file
*file
,
3105 char __user
*user_buf
,
3106 size_t count
, loff_t
*ppos
)
3108 struct hci_dev
*hdev
= file
->private_data
;
3111 buf
[0] = hci_dev_test_flag(hdev
, HCI_FORCE_BREDR_SMP
) ? 'Y': 'N';
3114 return simple_read_from_buffer(user_buf
, count
, ppos
, buf
, 2);
3117 static ssize_t
force_bredr_smp_write(struct file
*file
,
3118 const char __user
*user_buf
,
3119 size_t count
, loff_t
*ppos
)
3121 struct hci_dev
*hdev
= file
->private_data
;
3123 size_t buf_size
= min(count
, (sizeof(buf
)-1));
3126 if (copy_from_user(buf
, user_buf
, buf_size
))
3129 buf
[buf_size
] = '\0';
3130 if (strtobool(buf
, &enable
))
3133 if (enable
== hci_dev_test_flag(hdev
, HCI_FORCE_BREDR_SMP
))
3137 struct l2cap_chan
*chan
;
3139 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP_BREDR
);
3141 return PTR_ERR(chan
);
3143 hdev
->smp_bredr_data
= chan
;
3145 struct l2cap_chan
*chan
;
3147 chan
= hdev
->smp_bredr_data
;
3148 hdev
->smp_bredr_data
= NULL
;
3152 hci_dev_change_flag(hdev
, HCI_FORCE_BREDR_SMP
);
3157 static const struct file_operations force_bredr_smp_fops
= {
3158 .open
= simple_open
,
3159 .read
= force_bredr_smp_read
,
3160 .write
= force_bredr_smp_write
,
3161 .llseek
= default_llseek
,
3164 int smp_register(struct hci_dev
*hdev
)
3166 struct l2cap_chan
*chan
;
3168 BT_DBG("%s", hdev
->name
);
3170 /* If the controller does not support Low Energy operation, then
3171 * there is also no need to register any SMP channel.
3173 if (!lmp_le_capable(hdev
))
3176 if (WARN_ON(hdev
->smp_data
)) {
3177 chan
= hdev
->smp_data
;
3178 hdev
->smp_data
= NULL
;
3182 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP
);
3184 return PTR_ERR(chan
);
3186 hdev
->smp_data
= chan
;
3188 /* If the controller does not support BR/EDR Secure Connections
3189 * feature, then the BR/EDR SMP channel shall not be present.
3191 * To test this with Bluetooth 4.0 controllers, create a debugfs
3192 * switch that allows forcing BR/EDR SMP support and accepting
3193 * cross-transport pairing on non-AES encrypted connections.
3195 if (!lmp_sc_capable(hdev
)) {
3196 debugfs_create_file("force_bredr_smp", 0644, hdev
->debugfs
,
3197 hdev
, &force_bredr_smp_fops
);
3201 if (WARN_ON(hdev
->smp_bredr_data
)) {
3202 chan
= hdev
->smp_bredr_data
;
3203 hdev
->smp_bredr_data
= NULL
;
3207 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP_BREDR
);
3209 int err
= PTR_ERR(chan
);
3210 chan
= hdev
->smp_data
;
3211 hdev
->smp_data
= NULL
;
3216 hdev
->smp_bredr_data
= chan
;
3221 void smp_unregister(struct hci_dev
*hdev
)
3223 struct l2cap_chan
*chan
;
3225 if (hdev
->smp_bredr_data
) {
3226 chan
= hdev
->smp_bredr_data
;
3227 hdev
->smp_bredr_data
= NULL
;
3231 if (hdev
->smp_data
) {
3232 chan
= hdev
->smp_data
;
3233 hdev
->smp_data
= NULL
;
3238 #if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3240 static int __init
test_ah(struct crypto_blkcipher
*tfm_aes
)
3242 const u8 irk
[16] = {
3243 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3244 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3245 const u8 r
[3] = { 0x94, 0x81, 0x70 };
3246 const u8 exp
[3] = { 0xaa, 0xfb, 0x0d };
3250 err
= smp_ah(tfm_aes
, irk
, r
, res
);
3254 if (memcmp(res
, exp
, 3))
3260 static int __init
test_c1(struct crypto_blkcipher
*tfm_aes
)
3263 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3264 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3266 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3267 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3268 const u8 preq
[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3269 const u8 pres
[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3270 const u8 _iat
= 0x01;
3271 const u8 _rat
= 0x00;
3272 const bdaddr_t ra
= { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3273 const bdaddr_t ia
= { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3274 const u8 exp
[16] = {
3275 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3276 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3280 err
= smp_c1(tfm_aes
, k
, r
, preq
, pres
, _iat
, &ia
, _rat
, &ra
, res
);
3284 if (memcmp(res
, exp
, 16))
3290 static int __init
test_s1(struct crypto_blkcipher
*tfm_aes
)
3293 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3296 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3298 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3299 const u8 exp
[16] = {
3300 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3301 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3305 err
= smp_s1(tfm_aes
, k
, r1
, r2
, res
);
3309 if (memcmp(res
, exp
, 16))
3315 static int __init
test_f4(struct crypto_hash
*tfm_cmac
)
3318 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3319 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3320 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3321 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3323 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3324 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3325 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3326 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3328 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3329 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3331 const u8 exp
[16] = {
3332 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3333 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3337 err
= smp_f4(tfm_cmac
, u
, v
, x
, z
, res
);
3341 if (memcmp(res
, exp
, 16))
3347 static int __init
test_f5(struct crypto_hash
*tfm_cmac
)
3350 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3351 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3352 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3353 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3355 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3356 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3358 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3359 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3360 const u8 a1
[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3361 const u8 a2
[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3362 const u8 exp_ltk
[16] = {
3363 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3364 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3365 const u8 exp_mackey
[16] = {
3366 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3367 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3368 u8 mackey
[16], ltk
[16];
3371 err
= smp_f5(tfm_cmac
, w
, n1
, n2
, a1
, a2
, mackey
, ltk
);
3375 if (memcmp(mackey
, exp_mackey
, 16))
3378 if (memcmp(ltk
, exp_ltk
, 16))
3384 static int __init
test_f6(struct crypto_hash
*tfm_cmac
)
3387 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3388 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3390 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3391 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3393 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3394 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3396 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3397 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3398 const u8 io_cap
[3] = { 0x02, 0x01, 0x01 };
3399 const u8 a1
[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3400 const u8 a2
[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3401 const u8 exp
[16] = {
3402 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3403 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3407 err
= smp_f6(tfm_cmac
, w
, n1
, n2
, r
, io_cap
, a1
, a2
, res
);
3411 if (memcmp(res
, exp
, 16))
3417 static int __init
test_g2(struct crypto_hash
*tfm_cmac
)
3420 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3421 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3422 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3423 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3425 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3426 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3427 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3428 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3430 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3431 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3433 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3434 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3435 const u32 exp_val
= 0x2f9ed5ba % 1000000;
3439 err
= smp_g2(tfm_cmac
, u
, v
, x
, y
, &val
);
3449 static int __init
test_h6(struct crypto_hash
*tfm_cmac
)
3452 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3453 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3454 const u8 key_id
[4] = { 0x72, 0x62, 0x65, 0x6c };
3455 const u8 exp
[16] = {
3456 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3457 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3461 err
= smp_h6(tfm_cmac
, w
, key_id
, res
);
3465 if (memcmp(res
, exp
, 16))
3471 static int __init
run_selftests(struct crypto_blkcipher
*tfm_aes
,
3472 struct crypto_hash
*tfm_cmac
)
3474 ktime_t calltime
, delta
, rettime
;
3475 unsigned long long duration
;
3478 calltime
= ktime_get();
3480 err
= test_ah(tfm_aes
);
3482 BT_ERR("smp_ah test failed");
3486 err
= test_c1(tfm_aes
);
3488 BT_ERR("smp_c1 test failed");
3492 err
= test_s1(tfm_aes
);
3494 BT_ERR("smp_s1 test failed");
3498 err
= test_f4(tfm_cmac
);
3500 BT_ERR("smp_f4 test failed");
3504 err
= test_f5(tfm_cmac
);
3506 BT_ERR("smp_f5 test failed");
3510 err
= test_f6(tfm_cmac
);
3512 BT_ERR("smp_f6 test failed");
3516 err
= test_g2(tfm_cmac
);
3518 BT_ERR("smp_g2 test failed");
3522 err
= test_h6(tfm_cmac
);
3524 BT_ERR("smp_h6 test failed");
3528 rettime
= ktime_get();
3529 delta
= ktime_sub(rettime
, calltime
);
3530 duration
= (unsigned long long) ktime_to_ns(delta
) >> 10;
3532 BT_INFO("SMP test passed in %llu usecs", duration
);
3537 int __init
bt_selftest_smp(void)
3539 struct crypto_blkcipher
*tfm_aes
;
3540 struct crypto_hash
*tfm_cmac
;
3543 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
3544 if (IS_ERR(tfm_aes
)) {
3545 BT_ERR("Unable to create ECB crypto context");
3546 return PTR_ERR(tfm_aes
);
3549 tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
3550 if (IS_ERR(tfm_cmac
)) {
3551 BT_ERR("Unable to create CMAC crypto context");
3552 crypto_free_blkcipher(tfm_aes
);
3553 return PTR_ERR(tfm_cmac
);
3556 err
= run_selftests(tfm_aes
, tfm_cmac
);
3558 crypto_free_hash(tfm_cmac
);
3559 crypto_free_blkcipher(tfm_aes
);