1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#include <linux/debugfs.h>
24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
31#include <net/bluetooth/mgmt.h>
32
33#include "ecc.h"
34#include "smp.h"
35
36#define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
38
39
40
41
42
43#ifdef DEBUG
44#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#else
47#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49#endif
50
51#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
52
53
54#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
55
56#define SMP_TIMEOUT msecs_to_jiffies(30000)
57
58#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
59 0x1f : 0x07)
60#define KEY_DIST_MASK 0x07
61
62
63#define CMAC_MSG_MAX 80
64
65enum {
66 SMP_FLAG_TK_VALID,
67 SMP_FLAG_CFM_PENDING,
68 SMP_FLAG_MITM_AUTH,
69 SMP_FLAG_COMPLETE,
70 SMP_FLAG_INITIATOR,
71 SMP_FLAG_SC,
72 SMP_FLAG_REMOTE_PK,
73 SMP_FLAG_DEBUG_KEY,
74 SMP_FLAG_WAIT_USER,
75 SMP_FLAG_DHKEY_PENDING,
76 SMP_FLAG_REMOTE_OOB,
77 SMP_FLAG_LOCAL_OOB,
78};
79
80struct smp_dev {
81
82 u8 local_pk[64];
83 u8 local_sk[32];
84 u8 local_rand[16];
85 bool debug_key;
86
87 u8 min_key_size;
88 u8 max_key_size;
89
90 struct crypto_blkcipher *tfm_aes;
91 struct crypto_hash *tfm_cmac;
92};
93
94struct smp_chan {
95 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
97 unsigned long allow_cmd;
98
99 u8 preq[7];
100 u8 prsp[7];
101 u8 prnd[16];
102 u8 rrnd[16];
103 u8 pcnf[16];
104 u8 tk[16];
105 u8 rr[16];
106 u8 lr[16];
107 u8 enc_key_size;
108 u8 remote_key_dist;
109 bdaddr_t id_addr;
110 u8 id_addr_type;
111 u8 irk[16];
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
114 struct smp_ltk *ltk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
117 u8 *link_key;
118 unsigned long flags;
119 u8 method;
120 u8 passkey_round;
121
122
123 u8 local_pk[64];
124 u8 local_sk[32];
125 u8 remote_pk[64];
126 u8 dhkey[32];
127 u8 mackey[16];
128
129 struct crypto_blkcipher *tfm_aes;
130 struct crypto_hash *tfm_cmac;
131};
132
133
134
135
136
137static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
142
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
147};
148
149static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
154};
155
156static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
157{
158 size_t i;
159
160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
162}
163
164
165
166
167
168static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
170{
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
174 int err;
175
176 if (len > CMAC_MSG_MAX)
177 return -EFBIG;
178
179 if (!tfm) {
180 BT_ERR("tfm %p", tfm);
181 return -EINVAL;
182 }
183
184 desc.tfm = tfm;
185 desc.flags = 0;
186
187 crypto_hash_init(&desc);
188
189
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
195
196 err = crypto_hash_setkey(tfm, tmp, 16);
197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
202 sg_init_one(&sg, msg_msb, len);
203
204 err = crypto_hash_update(&desc, &sg, len);
205 if (err) {
206 BT_ERR("Hash update error %d", err);
207 return err;
208 }
209
210 err = crypto_hash_final(&desc, mac_msb);
211 if (err) {
212 BT_ERR("Hash final error %d", err);
213 return err;
214 }
215
216 swap_buf(mac_msb, mac, 16);
217
218 SMP_DBG("mac %16phN", mac);
219
220 return 0;
221}
222
223static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
225{
226 u8 m[65];
227 int err;
228
229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
232
233 m[0] = z;
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
236
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
238 if (err)
239 return err;
240
241 SMP_DBG("res %16phN", res);
242
243 return err;
244}
245
246static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
249{
250
251
252
253
254
255
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
260 u8 m[53], t[16];
261 int err;
262
263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
266
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
268 if (err)
269 return err;
270
271 SMP_DBG("t %16phN", t);
272
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
279
280 m[52] = 0;
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
283 if (err)
284 return err;
285
286 SMP_DBG("mackey %16phN", mackey);
287
288 m[52] = 1;
289
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
291 if (err)
292 return err;
293
294 SMP_DBG("ltk %16phN", ltk);
295
296 return 0;
297}
298
299static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
300 const u8 n1[16], const u8 n2[16], const u8 r[16],
301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
302 u8 res[16])
303{
304 u8 m[65];
305 int err;
306
307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
310
311 memcpy(m, a2, 7);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
317
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
319 if (err)
320 return err;
321
322 SMP_DBG("res %16phN", res);
323
324 return err;
325}
326
327static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
329{
330 u8 m[80], tmp[16];
331 int err;
332
333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
336
337 memcpy(m, y, 16);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
340
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
342 if (err)
343 return err;
344
345 *val = get_unaligned_le32(tmp);
346 *val %= 1000000;
347
348 SMP_DBG("val %06u", *val);
349
350 return 0;
351}
352
353static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355{
356 int err;
357
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 SMP_DBG("res %16phN", res);
365
366 return err;
367}
368
369
370
371
372
373static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
374{
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
377 uint8_t tmp[16], data[16];
378 int err;
379
380 SMP_DBG("k %16phN r %16phN", k, r);
381
382 if (!tfm) {
383 BT_ERR("tfm %p", tfm);
384 return -EINVAL;
385 }
386
387 desc.tfm = tfm;
388 desc.flags = 0;
389
390
391 swap_buf(k, tmp, 16);
392
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
394 if (err) {
395 BT_ERR("cipher setkey failed: %d", err);
396 return err;
397 }
398
399
400 swap_buf(r, data, 16);
401
402 sg_init_one(&sg, data, 16);
403
404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
405 if (err)
406 BT_ERR("Encrypt data error %d", err);
407
408
409 swap_buf(data, r, 16);
410
411 SMP_DBG("r %16phN", r);
412
413 return err;
414}
415
416static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
419{
420 u8 p1[16], p2[16];
421 int err;
422
423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
427 memset(p1, 0, 16);
428
429
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
435 SMP_DBG("p1 %16phN", p1);
436
437
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
444 return err;
445 }
446
447
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
454
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
465static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467{
468 int err;
469
470
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
477
478 return err;
479}
480
481static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
483{
484 u8 _res[16];
485 int err;
486
487
488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
490
491 err = smp_e(tfm, irk, _res);
492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497
498
499
500
501
502
503 memcpy(res, _res, 3);
504
505 return 0;
506}
507
508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
510{
511 struct l2cap_chan *chan = hdev->smp_data;
512 struct smp_dev *smp;
513 u8 hash[3];
514 int err;
515
516 if (!chan || !chan->data)
517 return false;
518
519 smp = chan->data;
520
521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
524 if (err)
525 return false;
526
527 return !memcmp(bdaddr->b, hash, 3);
528}
529
530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
531{
532 struct l2cap_chan *chan = hdev->smp_data;
533 struct smp_dev *smp;
534 int err;
535
536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
539 smp = chan->data;
540
541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f;
544 rpa->b[5] |= 0x40;
545
546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
575 return -EIO;
576
577
578
579
580 if (memcmp(smp->local_sk, debug_sk, 32))
581 break;
582 }
583 smp->debug_key = false;
584 }
585
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
589
590 get_random_bytes(smp->local_rand, 16);
591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
593 smp->local_rand, 0, hash);
594 if (err < 0)
595 return err;
596
597 memcpy(rand, smp->local_rand, 16);
598
599 return 0;
600}
601
602static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
603{
604 struct l2cap_chan *chan = conn->smp;
605 struct smp_chan *smp;
606 struct kvec iv[2];
607 struct msghdr msg;
608
609 if (!chan)
610 return;
611
612 BT_DBG("code 0x%2.2x", code);
613
614 iv[0].iov_base = &code;
615 iv[0].iov_len = 1;
616
617 iv[1].iov_base = data;
618 iv[1].iov_len = len;
619
620 memset(&msg, 0, sizeof(msg));
621
622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
623
624 l2cap_chan_send(chan, &msg, 1 + len);
625
626 if (!chan->data)
627 return;
628
629 smp = chan->data;
630
631 cancel_delayed_work_sync(&smp->security_timer);
632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
633}
634
635static u8 authreq_to_seclevel(u8 authreq)
636{
637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
640 else
641 return BT_SECURITY_HIGH;
642 } else {
643 return BT_SECURITY_MEDIUM;
644 }
645}
646
647static __u8 seclevel_to_authreq(__u8 sec_level)
648{
649 switch (sec_level) {
650 case BT_SECURITY_FIPS:
651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
655 default:
656 return SMP_AUTH_NONE;
657 }
658}
659
660static void build_pairing_cmd(struct l2cap_conn *conn,
661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
663{
664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
669
670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
673 authreq |= SMP_AUTH_BONDING;
674 } else {
675 authreq &= ~SMP_AUTH_BONDING;
676 }
677
678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
679 remote_dist |= SMP_DIST_ID_KEY;
680
681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
682 local_dist |= SMP_DIST_ID_KEY;
683
684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
687 u8 bdaddr_type;
688
689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
692 }
693
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
696 else
697 bdaddr_type = BDADDR_LE_RANDOM;
698
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
700 bdaddr_type);
701 if (oob_data && oob_data->present) {
702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
703 oob_flag = SMP_OOB_PRESENT;
704 memcpy(smp->rr, oob_data->rand256, 16);
705 memcpy(smp->pcnf, oob_data->hash256, 16);
706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
708 }
709
710 } else {
711 authreq &= ~SMP_AUTH_SC;
712 }
713
714 if (rsp == NULL) {
715 req->io_capability = conn->hcon->io_capability;
716 req->oob_flag = oob_flag;
717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
721
722 smp->remote_key_dist = remote_dist;
723 return;
724 }
725
726 rsp->io_capability = conn->hcon->io_capability;
727 rsp->oob_flag = oob_flag;
728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
732
733 smp->remote_key_dist = rsp->init_key_dist;
734}
735
736static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
737{
738 struct l2cap_chan *chan = conn->smp;
739 struct hci_dev *hdev = conn->hcon->hdev;
740 struct smp_chan *smp = chan->data;
741
742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
744 return SMP_ENC_KEY_SIZE;
745
746 smp->enc_key_size = max_key_size;
747
748 return 0;
749}
750
751static void smp_chan_destroy(struct l2cap_conn *conn)
752{
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
755 struct hci_conn *hcon = conn->hcon;
756 bool complete;
757
758 BUG_ON(!smp);
759
760 cancel_delayed_work_sync(&smp->security_timer);
761
762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
763 mgmt_smp_complete(hcon, complete);
764
765 kzfree(smp->csrk);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
768
769 crypto_free_blkcipher(smp->tfm_aes);
770 crypto_free_hash(smp->tfm_cmac);
771
772
773
774
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
779 smp->ltk = NULL;
780 }
781
782
783 if (!complete) {
784 if (smp->ltk) {
785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
787 }
788
789 if (smp->slave_ltk) {
790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
792 }
793
794 if (smp->remote_irk) {
795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
797 }
798 }
799
800 chan->data = NULL;
801 kzfree(smp);
802 hci_conn_drop(hcon);
803}
804
805static void smp_failure(struct l2cap_conn *conn, u8 reason)
806{
807 struct hci_conn *hcon = conn->hcon;
808 struct l2cap_chan *chan = conn->smp;
809
810 if (reason)
811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
812 &reason);
813
814 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
815
816 if (chan->data)
817 smp_chan_destroy(conn);
818}
819
820#define JUST_WORKS 0x00
821#define JUST_CFM 0x01
822#define REQ_PASSKEY 0x02
823#define CFM_PASSKEY 0x03
824#define REQ_OOB 0x04
825#define DSP_PASSKEY 0x05
826#define OVERLAP 0xFF
827
828static const u8 gen_method[5][5] = {
829 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
832 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
833 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
834};
835
836static const u8 sc_method[5][5] = {
837 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
838 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
839 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
840 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
841 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842};
843
844static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
845{
846
847
848
849 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
850 remote_io > SMP_IO_KEYBOARD_DISPLAY)
851 return JUST_CFM;
852
853 if (test_bit(SMP_FLAG_SC, &smp->flags))
854 return sc_method[remote_io][local_io];
855
856 return gen_method[remote_io][local_io];
857}
858
859static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
860 u8 local_io, u8 remote_io)
861{
862 struct hci_conn *hcon = conn->hcon;
863 struct l2cap_chan *chan = conn->smp;
864 struct smp_chan *smp = chan->data;
865 u32 passkey = 0;
866 int ret = 0;
867
868
869 memset(smp->tk, 0, sizeof(smp->tk));
870 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
871
872 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
873
874
875
876
877
878
879
880 if (!(auth & SMP_AUTH_MITM))
881 smp->method = JUST_CFM;
882 else
883 smp->method = get_auth_method(smp, local_io, remote_io);
884
885
886 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
887 &smp->flags))
888 smp->method = JUST_WORKS;
889
890
891 if (smp->method == JUST_CFM &&
892 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
893 smp->method = JUST_WORKS;
894
895
896 if (smp->method == JUST_WORKS) {
897 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
898 return 0;
899 }
900
901
902
903
904 if (test_bit(SMP_FLAG_SC, &smp->flags))
905 return -EINVAL;
906
907
908 if (smp->method != JUST_CFM) {
909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
910 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
911 hcon->pending_sec_level = BT_SECURITY_HIGH;
912 }
913
914
915
916
917 if (smp->method == OVERLAP) {
918 if (hcon->role == HCI_ROLE_MASTER)
919 smp->method = CFM_PASSKEY;
920 else
921 smp->method = REQ_PASSKEY;
922 }
923
924
925 if (smp->method == CFM_PASSKEY) {
926 memset(smp->tk, 0, sizeof(smp->tk));
927 get_random_bytes(&passkey, sizeof(passkey));
928 passkey %= 1000000;
929 put_unaligned_le32(passkey, smp->tk);
930 BT_DBG("PassKey: %d", passkey);
931 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
932 }
933
934 if (smp->method == REQ_PASSKEY)
935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
936 hcon->type, hcon->dst_type);
937 else if (smp->method == JUST_CFM)
938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type,
940 passkey, 1);
941 else
942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
943 hcon->type, hcon->dst_type,
944 passkey, 0);
945
946 return ret;
947}
948
949static u8 smp_confirm(struct smp_chan *smp)
950{
951 struct l2cap_conn *conn = smp->conn;
952 struct smp_cmd_pairing_confirm cp;
953 int ret;
954
955 BT_DBG("conn %p", conn);
956
957 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
958 conn->hcon->init_addr_type, &conn->hcon->init_addr,
959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
960 cp.confirm_val);
961 if (ret)
962 return SMP_UNSPECIFIED;
963
964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
965
966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
967
968 if (conn->hcon->out)
969 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
970 else
971 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
972
973 return 0;
974}
975
976static u8 smp_random(struct smp_chan *smp)
977{
978 struct l2cap_conn *conn = smp->conn;
979 struct hci_conn *hcon = conn->hcon;
980 u8 confirm[16];
981 int ret;
982
983 if (IS_ERR_OR_NULL(smp->tfm_aes))
984 return SMP_UNSPECIFIED;
985
986 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
987
988 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
989 hcon->init_addr_type, &hcon->init_addr,
990 hcon->resp_addr_type, &hcon->resp_addr, confirm);
991 if (ret)
992 return SMP_UNSPECIFIED;
993
994 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
995 BT_ERR("Pairing failed (confirmation values mismatch)");
996 return SMP_CONFIRM_FAILED;
997 }
998
999 if (hcon->out) {
1000 u8 stk[16];
1001 __le64 rand = 0;
1002 __le16 ediv = 0;
1003
1004 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1005
1006 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1007 return SMP_UNSPECIFIED;
1008
1009 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
1010 hcon->enc_key_size = smp->enc_key_size;
1011 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1012 } else {
1013 u8 stk[16], auth;
1014 __le64 rand = 0;
1015 __le16 ediv = 0;
1016
1017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1018 smp->prnd);
1019
1020 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1021
1022 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1023 auth = 1;
1024 else
1025 auth = 0;
1026
1027
1028
1029
1030
1031 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1032 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
1033 }
1034
1035 return 0;
1036}
1037
1038static void smp_notify_keys(struct l2cap_conn *conn)
1039{
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042 struct hci_conn *hcon = conn->hcon;
1043 struct hci_dev *hdev = hcon->hdev;
1044 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1045 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1046 bool persistent;
1047
1048 if (hcon->type == ACL_LINK) {
1049 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1050 persistent = false;
1051 else
1052 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1053 &hcon->flags);
1054 } else {
1055
1056
1057
1058
1059 persistent = !!((req->auth_req & rsp->auth_req) &
1060 SMP_AUTH_BONDING);
1061 }
1062
1063 if (smp->remote_irk) {
1064 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1065
1066
1067
1068
1069
1070 if (hcon->type == LE_LINK) {
1071 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1072 hcon->dst_type = smp->remote_irk->addr_type;
1073 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1074 }
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1087 list_del_rcu(&smp->remote_irk->list);
1088 kfree_rcu(smp->remote_irk, rcu);
1089 smp->remote_irk = NULL;
1090 }
1091 }
1092
1093 if (smp->csrk) {
1094 smp->csrk->bdaddr_type = hcon->dst_type;
1095 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1096 mgmt_new_csrk(hdev, smp->csrk, persistent);
1097 }
1098
1099 if (smp->slave_csrk) {
1100 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1101 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1102 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1103 }
1104
1105 if (smp->ltk) {
1106 smp->ltk->bdaddr_type = hcon->dst_type;
1107 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1108 mgmt_new_ltk(hdev, smp->ltk, persistent);
1109 }
1110
1111 if (smp->slave_ltk) {
1112 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1113 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1114 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1115 }
1116
1117 if (smp->link_key) {
1118 struct link_key *key;
1119 u8 type;
1120
1121 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1122 type = HCI_LK_DEBUG_COMBINATION;
1123 else if (hcon->sec_level == BT_SECURITY_FIPS)
1124 type = HCI_LK_AUTH_COMBINATION_P256;
1125 else
1126 type = HCI_LK_UNAUTH_COMBINATION_P256;
1127
1128 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1129 smp->link_key, type, 0, &persistent);
1130 if (key) {
1131 mgmt_new_link_key(hdev, key, persistent);
1132
1133
1134
1135
1136 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
1137 key->type == HCI_LK_DEBUG_COMBINATION) {
1138 list_del_rcu(&key->list);
1139 kfree_rcu(key, rcu);
1140 }
1141 }
1142 }
1143}
1144
1145static void sc_add_ltk(struct smp_chan *smp)
1146{
1147 struct hci_conn *hcon = smp->conn->hcon;
1148 u8 key_type, auth;
1149
1150 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1151 key_type = SMP_LTK_P256_DEBUG;
1152 else
1153 key_type = SMP_LTK_P256;
1154
1155 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1156 auth = 1;
1157 else
1158 auth = 0;
1159
1160 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1161 key_type, auth, smp->tk, smp->enc_key_size,
1162 0, 0);
1163}
1164
1165static void sc_generate_link_key(struct smp_chan *smp)
1166{
1167
1168
1169
1170 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1171 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1172
1173 smp->link_key = kzalloc(16, GFP_KERNEL);
1174 if (!smp->link_key)
1175 return;
1176
1177 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1178 kzfree(smp->link_key);
1179 smp->link_key = NULL;
1180 return;
1181 }
1182
1183 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1184 kzfree(smp->link_key);
1185 smp->link_key = NULL;
1186 return;
1187 }
1188}
1189
1190static void smp_allow_key_dist(struct smp_chan *smp)
1191{
1192
1193
1194
1195
1196 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1200 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1201 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1202}
1203
1204static void sc_generate_ltk(struct smp_chan *smp)
1205{
1206
1207
1208
1209 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1210 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1211 struct hci_conn *hcon = smp->conn->hcon;
1212 struct hci_dev *hdev = hcon->hdev;
1213 struct link_key *key;
1214
1215 key = hci_find_link_key(hdev, &hcon->dst);
1216 if (!key) {
1217 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1218 return;
1219 }
1220
1221 if (key->type == HCI_LK_DEBUG_COMBINATION)
1222 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1223
1224 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1225 return;
1226
1227 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1228 return;
1229
1230 sc_add_ltk(smp);
1231}
1232
1233static void smp_distribute_keys(struct smp_chan *smp)
1234{
1235 struct smp_cmd_pairing *req, *rsp;
1236 struct l2cap_conn *conn = smp->conn;
1237 struct hci_conn *hcon = conn->hcon;
1238 struct hci_dev *hdev = hcon->hdev;
1239 __u8 *keydist;
1240
1241 BT_DBG("conn %p", conn);
1242
1243 rsp = (void *) &smp->prsp[1];
1244
1245
1246 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1247 smp_allow_key_dist(smp);
1248 return;
1249 }
1250
1251 req = (void *) &smp->preq[1];
1252
1253 if (hcon->out) {
1254 keydist = &rsp->init_key_dist;
1255 *keydist &= req->init_key_dist;
1256 } else {
1257 keydist = &rsp->resp_key_dist;
1258 *keydist &= req->resp_key_dist;
1259 }
1260
1261 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1262 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1263 sc_generate_link_key(smp);
1264 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1265 sc_generate_ltk(smp);
1266
1267
1268 *keydist &= ~SMP_SC_NO_DIST;
1269 }
1270
1271 BT_DBG("keydist 0x%x", *keydist);
1272
1273 if (*keydist & SMP_DIST_ENC_KEY) {
1274 struct smp_cmd_encrypt_info enc;
1275 struct smp_cmd_master_ident ident;
1276 struct smp_ltk *ltk;
1277 u8 authenticated;
1278 __le16 ediv;
1279 __le64 rand;
1280
1281
1282
1283
1284
1285 get_random_bytes(enc.ltk, smp->enc_key_size);
1286 memset(enc.ltk + smp->enc_key_size, 0,
1287 sizeof(enc.ltk) - smp->enc_key_size);
1288
1289 get_random_bytes(&ediv, sizeof(ediv));
1290 get_random_bytes(&rand, sizeof(rand));
1291
1292 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1293
1294 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1295 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1296 SMP_LTK_SLAVE, authenticated, enc.ltk,
1297 smp->enc_key_size, ediv, rand);
1298 smp->slave_ltk = ltk;
1299
1300 ident.ediv = ediv;
1301 ident.rand = rand;
1302
1303 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1304
1305 *keydist &= ~SMP_DIST_ENC_KEY;
1306 }
1307
1308 if (*keydist & SMP_DIST_ID_KEY) {
1309 struct smp_cmd_ident_addr_info addrinfo;
1310 struct smp_cmd_ident_info idinfo;
1311
1312 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1313
1314 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1315
1316
1317
1318
1319
1320
1321
1322 bacpy(&addrinfo.bdaddr, &hcon->src);
1323 addrinfo.addr_type = hcon->src_type;
1324
1325 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1326 &addrinfo);
1327
1328 *keydist &= ~SMP_DIST_ID_KEY;
1329 }
1330
1331 if (*keydist & SMP_DIST_SIGN) {
1332 struct smp_cmd_sign_info sign;
1333 struct smp_csrk *csrk;
1334
1335
1336 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1337
1338 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1339 if (csrk) {
1340 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1341 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1342 else
1343 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
1344 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1345 }
1346 smp->slave_csrk = csrk;
1347
1348 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1349
1350 *keydist &= ~SMP_DIST_SIGN;
1351 }
1352
1353
1354 if (smp->remote_key_dist & KEY_DIST_MASK) {
1355 smp_allow_key_dist(smp);
1356 return;
1357 }
1358
1359 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1360 smp_notify_keys(conn);
1361
1362 smp_chan_destroy(conn);
1363}
1364
1365static void smp_timeout(struct work_struct *work)
1366{
1367 struct smp_chan *smp = container_of(work, struct smp_chan,
1368 security_timer.work);
1369 struct l2cap_conn *conn = smp->conn;
1370
1371 BT_DBG("conn %p", conn);
1372
1373 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1374}
1375
1376static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1377{
1378 struct l2cap_chan *chan = conn->smp;
1379 struct smp_chan *smp;
1380
1381 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1382 if (!smp)
1383 return NULL;
1384
1385 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1386 if (IS_ERR(smp->tfm_aes)) {
1387 BT_ERR("Unable to create ECB crypto context");
1388 kzfree(smp);
1389 return NULL;
1390 }
1391
1392 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1393 if (IS_ERR(smp->tfm_cmac)) {
1394 BT_ERR("Unable to create CMAC crypto context");
1395 crypto_free_blkcipher(smp->tfm_aes);
1396 kzfree(smp);
1397 return NULL;
1398 }
1399
1400 smp->conn = conn;
1401 chan->data = smp;
1402
1403 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1404
1405 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1406
1407 hci_conn_hold(conn->hcon);
1408
1409 return smp;
1410}
1411
1412static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1413{
1414 struct hci_conn *hcon = smp->conn->hcon;
1415 u8 *na, *nb, a[7], b[7];
1416
1417 if (hcon->out) {
1418 na = smp->prnd;
1419 nb = smp->rrnd;
1420 } else {
1421 na = smp->rrnd;
1422 nb = smp->prnd;
1423 }
1424
1425 memcpy(a, &hcon->init_addr, 6);
1426 memcpy(b, &hcon->resp_addr, 6);
1427 a[6] = hcon->init_addr_type;
1428 b[6] = hcon->resp_addr_type;
1429
1430 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1431}
1432
1433static void sc_dhkey_check(struct smp_chan *smp)
1434{
1435 struct hci_conn *hcon = smp->conn->hcon;
1436 struct smp_cmd_dhkey_check check;
1437 u8 a[7], b[7], *local_addr, *remote_addr;
1438 u8 io_cap[3], r[16];
1439
1440 memcpy(a, &hcon->init_addr, 6);
1441 memcpy(b, &hcon->resp_addr, 6);
1442 a[6] = hcon->init_addr_type;
1443 b[6] = hcon->resp_addr_type;
1444
1445 if (hcon->out) {
1446 local_addr = a;
1447 remote_addr = b;
1448 memcpy(io_cap, &smp->preq[1], 3);
1449 } else {
1450 local_addr = b;
1451 remote_addr = a;
1452 memcpy(io_cap, &smp->prsp[1], 3);
1453 }
1454
1455 memset(r, 0, sizeof(r));
1456
1457 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1458 put_unaligned_le32(hcon->passkey_notify, r);
1459
1460 if (smp->method == REQ_OOB)
1461 memcpy(r, smp->rr, 16);
1462
1463 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1464 local_addr, remote_addr, check.e);
1465
1466 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1467}
1468
1469static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1470{
1471 struct l2cap_conn *conn = smp->conn;
1472 struct hci_conn *hcon = conn->hcon;
1473 struct smp_cmd_pairing_confirm cfm;
1474 u8 r;
1475
1476 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1477 r |= 0x80;
1478
1479 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1480
1481 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1482 cfm.confirm_val))
1483 return SMP_UNSPECIFIED;
1484
1485 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1486
1487 return 0;
1488}
1489
1490static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1491{
1492 struct l2cap_conn *conn = smp->conn;
1493 struct hci_conn *hcon = conn->hcon;
1494 struct hci_dev *hdev = hcon->hdev;
1495 u8 cfm[16], r;
1496
1497
1498 if (smp->passkey_round >= 20)
1499 return 0;
1500
1501 switch (smp_op) {
1502 case SMP_CMD_PAIRING_RANDOM:
1503 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1504 r |= 0x80;
1505
1506 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1507 smp->rrnd, r, cfm))
1508 return SMP_UNSPECIFIED;
1509
1510 if (memcmp(smp->pcnf, cfm, 16))
1511 return SMP_CONFIRM_FAILED;
1512
1513 smp->passkey_round++;
1514
1515 if (smp->passkey_round == 20) {
1516
1517 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1518 return SMP_UNSPECIFIED;
1519 }
1520
1521
1522
1523
1524 if (!hcon->out) {
1525 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1526 sizeof(smp->prnd), smp->prnd);
1527 if (smp->passkey_round == 20)
1528 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1529 else
1530 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1531 return 0;
1532 }
1533
1534
1535 if (smp->passkey_round != 20)
1536 return sc_passkey_round(smp, 0);
1537
1538
1539 sc_dhkey_check(smp);
1540 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1541
1542 break;
1543
1544 case SMP_CMD_PAIRING_CONFIRM:
1545 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1546 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1547 return 0;
1548 }
1549
1550 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1551
1552 if (hcon->out) {
1553 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1554 sizeof(smp->prnd), smp->prnd);
1555 return 0;
1556 }
1557
1558 return sc_passkey_send_confirm(smp);
1559
1560 case SMP_CMD_PUBLIC_KEY:
1561 default:
1562
1563 if (!hcon->out)
1564 return 0;
1565
1566 BT_DBG("%s Starting passkey round %u", hdev->name,
1567 smp->passkey_round + 1);
1568
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1570
1571 return sc_passkey_send_confirm(smp);
1572 }
1573
1574 return 0;
1575}
1576
1577static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1578{
1579 struct l2cap_conn *conn = smp->conn;
1580 struct hci_conn *hcon = conn->hcon;
1581 u8 smp_op;
1582
1583 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1584
1585 switch (mgmt_op) {
1586 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1587 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1588 return 0;
1589 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1590 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1591 return 0;
1592 case MGMT_OP_USER_PASSKEY_REPLY:
1593 hcon->passkey_notify = le32_to_cpu(passkey);
1594 smp->passkey_round = 0;
1595
1596 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1597 smp_op = SMP_CMD_PAIRING_CONFIRM;
1598 else
1599 smp_op = 0;
1600
1601 if (sc_passkey_round(smp, smp_op))
1602 return -EIO;
1603
1604 return 0;
1605 }
1606
1607
1608 if (hcon->out) {
1609 sc_dhkey_check(smp);
1610 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1611 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1612 sc_dhkey_check(smp);
1613 sc_add_ltk(smp);
1614 }
1615
1616 return 0;
1617}
1618
1619int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1620{
1621 struct l2cap_conn *conn = hcon->l2cap_data;
1622 struct l2cap_chan *chan;
1623 struct smp_chan *smp;
1624 u32 value;
1625 int err;
1626
1627 BT_DBG("");
1628
1629 if (!conn)
1630 return -ENOTCONN;
1631
1632 chan = conn->smp;
1633 if (!chan)
1634 return -ENOTCONN;
1635
1636 l2cap_chan_lock(chan);
1637 if (!chan->data) {
1638 err = -ENOTCONN;
1639 goto unlock;
1640 }
1641
1642 smp = chan->data;
1643
1644 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1645 err = sc_user_reply(smp, mgmt_op, passkey);
1646 goto unlock;
1647 }
1648
1649 switch (mgmt_op) {
1650 case MGMT_OP_USER_PASSKEY_REPLY:
1651 value = le32_to_cpu(passkey);
1652 memset(smp->tk, 0, sizeof(smp->tk));
1653 BT_DBG("PassKey: %d", value);
1654 put_unaligned_le32(value, smp->tk);
1655
1656 case MGMT_OP_USER_CONFIRM_REPLY:
1657 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1658 break;
1659 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1660 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1661 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1662 err = 0;
1663 goto unlock;
1664 default:
1665 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1666 err = -EOPNOTSUPP;
1667 goto unlock;
1668 }
1669
1670 err = 0;
1671
1672
1673 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1674 u8 rsp = smp_confirm(smp);
1675 if (rsp)
1676 smp_failure(conn, rsp);
1677 }
1678
1679unlock:
1680 l2cap_chan_unlock(chan);
1681 return err;
1682}
1683
1684static void build_bredr_pairing_cmd(struct smp_chan *smp,
1685 struct smp_cmd_pairing *req,
1686 struct smp_cmd_pairing *rsp)
1687{
1688 struct l2cap_conn *conn = smp->conn;
1689 struct hci_dev *hdev = conn->hcon->hdev;
1690 u8 local_dist = 0, remote_dist = 0;
1691
1692 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
1693 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1694 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1695 }
1696
1697 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
1698 remote_dist |= SMP_DIST_ID_KEY;
1699
1700 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
1701 local_dist |= SMP_DIST_ID_KEY;
1702
1703 if (!rsp) {
1704 memset(req, 0, sizeof(*req));
1705
1706 req->init_key_dist = local_dist;
1707 req->resp_key_dist = remote_dist;
1708 req->max_key_size = conn->hcon->enc_key_size;
1709
1710 smp->remote_key_dist = remote_dist;
1711
1712 return;
1713 }
1714
1715 memset(rsp, 0, sizeof(*rsp));
1716
1717 rsp->max_key_size = conn->hcon->enc_key_size;
1718 rsp->init_key_dist = req->init_key_dist & remote_dist;
1719 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1720
1721 smp->remote_key_dist = rsp->init_key_dist;
1722}
1723
1724static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1725{
1726 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1727 struct l2cap_chan *chan = conn->smp;
1728 struct hci_dev *hdev = conn->hcon->hdev;
1729 struct smp_chan *smp;
1730 u8 key_size, auth, sec_level;
1731 int ret;
1732
1733 BT_DBG("conn %p", conn);
1734
1735 if (skb->len < sizeof(*req))
1736 return SMP_INVALID_PARAMS;
1737
1738 if (conn->hcon->role != HCI_ROLE_SLAVE)
1739 return SMP_CMD_NOTSUPP;
1740
1741 if (!chan->data)
1742 smp = smp_chan_create(conn);
1743 else
1744 smp = chan->data;
1745
1746 if (!smp)
1747 return SMP_UNSPECIFIED;
1748
1749
1750 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1751
1752 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
1753 (auth & SMP_AUTH_BONDING))
1754 return SMP_PAIRING_NOTSUPP;
1755
1756 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1757 return SMP_AUTH_REQUIREMENTS;
1758
1759 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1760 memcpy(&smp->preq[1], req, sizeof(*req));
1761 skb_pull(skb, sizeof(*req));
1762
1763
1764
1765
1766
1767 if (req->oob_flag == SMP_OOB_PRESENT)
1768 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1769
1770
1771 if (conn->hcon->type == ACL_LINK) {
1772
1773 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1774 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
1775 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1776
1777 set_bit(SMP_FLAG_SC, &smp->flags);
1778
1779 build_bredr_pairing_cmd(smp, req, &rsp);
1780
1781 key_size = min(req->max_key_size, rsp.max_key_size);
1782 if (check_enc_key_size(conn, key_size))
1783 return SMP_ENC_KEY_SIZE;
1784
1785
1786 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1787
1788 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1789 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1790 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1791
1792 smp_distribute_keys(smp);
1793 return 0;
1794 }
1795
1796 build_pairing_cmd(conn, req, &rsp, auth);
1797
1798 if (rsp.auth_req & SMP_AUTH_SC)
1799 set_bit(SMP_FLAG_SC, &smp->flags);
1800
1801 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1802 sec_level = BT_SECURITY_MEDIUM;
1803 else
1804 sec_level = authreq_to_seclevel(auth);
1805
1806 if (sec_level > conn->hcon->pending_sec_level)
1807 conn->hcon->pending_sec_level = sec_level;
1808
1809
1810 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1811 u8 method;
1812
1813 method = get_auth_method(smp, conn->hcon->io_capability,
1814 req->io_capability);
1815 if (method == JUST_WORKS || method == JUST_CFM)
1816 return SMP_AUTH_REQUIREMENTS;
1817 }
1818
1819 key_size = min(req->max_key_size, rsp.max_key_size);
1820 if (check_enc_key_size(conn, key_size))
1821 return SMP_ENC_KEY_SIZE;
1822
1823 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1824
1825 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1826 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1827
1828 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1829
1830 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1831
1832
1833
1834
1835
1836
1837 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1838
1839 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1840 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1841
1842 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1843
1844 return 0;
1845 }
1846
1847
1848 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1849 if (ret)
1850 return SMP_UNSPECIFIED;
1851
1852 return 0;
1853}
1854
1855static u8 sc_send_public_key(struct smp_chan *smp)
1856{
1857 struct hci_dev *hdev = smp->conn->hcon->hdev;
1858
1859 BT_DBG("");
1860
1861 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1862 struct l2cap_chan *chan = hdev->smp_data;
1863 struct smp_dev *smp_dev;
1864
1865 if (!chan || !chan->data)
1866 return SMP_UNSPECIFIED;
1867
1868 smp_dev = chan->data;
1869
1870 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1871 memcpy(smp->local_sk, smp_dev->local_sk, 32);
1872 memcpy(smp->lr, smp_dev->local_rand, 16);
1873
1874 if (smp_dev->debug_key)
1875 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1876
1877 goto done;
1878 }
1879
1880 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
1881 BT_DBG("Using debug keys");
1882 memcpy(smp->local_pk, debug_pk, 64);
1883 memcpy(smp->local_sk, debug_sk, 32);
1884 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1885 } else {
1886 while (true) {
1887
1888 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1889 return SMP_UNSPECIFIED;
1890
1891
1892
1893
1894 if (memcmp(smp->local_sk, debug_sk, 32))
1895 break;
1896 }
1897 }
1898
1899done:
1900 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1901 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
1902 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1903
1904 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1905
1906 return 0;
1907}
1908
1909static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1910{
1911 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1912 struct l2cap_chan *chan = conn->smp;
1913 struct smp_chan *smp = chan->data;
1914 struct hci_dev *hdev = conn->hcon->hdev;
1915 u8 key_size, auth;
1916 int ret;
1917
1918 BT_DBG("conn %p", conn);
1919
1920 if (skb->len < sizeof(*rsp))
1921 return SMP_INVALID_PARAMS;
1922
1923 if (conn->hcon->role != HCI_ROLE_MASTER)
1924 return SMP_CMD_NOTSUPP;
1925
1926 skb_pull(skb, sizeof(*rsp));
1927
1928 req = (void *) &smp->preq[1];
1929
1930 key_size = min(req->max_key_size, rsp->max_key_size);
1931 if (check_enc_key_size(conn, key_size))
1932 return SMP_ENC_KEY_SIZE;
1933
1934 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1935
1936 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1937 return SMP_AUTH_REQUIREMENTS;
1938
1939
1940
1941
1942
1943 if (rsp->oob_flag == SMP_OOB_PRESENT)
1944 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1945
1946 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1947 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1948
1949
1950
1951
1952 smp->remote_key_dist &= rsp->resp_key_dist;
1953
1954
1955 if (conn->hcon->type == ACL_LINK) {
1956
1957 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1958 smp_distribute_keys(smp);
1959 return 0;
1960 }
1961
1962 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1963 set_bit(SMP_FLAG_SC, &smp->flags);
1964 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1965 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1966
1967
1968 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1969 u8 method;
1970
1971 method = get_auth_method(smp, req->io_capability,
1972 rsp->io_capability);
1973 if (method == JUST_WORKS || method == JUST_CFM)
1974 return SMP_AUTH_REQUIREMENTS;
1975 }
1976
1977 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1978
1979
1980
1981
1982 smp->remote_key_dist &= rsp->resp_key_dist;
1983
1984 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1985
1986 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1987 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1988 return sc_send_public_key(smp);
1989 }
1990
1991 auth |= req->auth_req;
1992
1993 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1994 if (ret)
1995 return SMP_UNSPECIFIED;
1996
1997 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1998
1999
2000 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2001 return smp_confirm(smp);
2002
2003 return 0;
2004}
2005
2006static u8 sc_check_confirm(struct smp_chan *smp)
2007{
2008 struct l2cap_conn *conn = smp->conn;
2009
2010 BT_DBG("");
2011
2012 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2013 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2014
2015 if (conn->hcon->out) {
2016 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2017 smp->prnd);
2018 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2019 }
2020
2021 return 0;
2022}
2023
2024
2025
2026
2027
2028static int fixup_sc_false_positive(struct smp_chan *smp)
2029{
2030 struct l2cap_conn *conn = smp->conn;
2031 struct hci_conn *hcon = conn->hcon;
2032 struct hci_dev *hdev = hcon->hdev;
2033 struct smp_cmd_pairing *req, *rsp;
2034 u8 auth;
2035
2036
2037 if (hcon->out)
2038 return SMP_UNSPECIFIED;
2039
2040 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2041 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2042 return SMP_UNSPECIFIED;
2043 }
2044
2045 BT_ERR("Trying to fall back to legacy SMP");
2046
2047 req = (void *) &smp->preq[1];
2048 rsp = (void *) &smp->prsp[1];
2049
2050
2051 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2052
2053 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2054
2055 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2056 BT_ERR("Failed to fall back to legacy SMP");
2057 return SMP_UNSPECIFIED;
2058 }
2059
2060 clear_bit(SMP_FLAG_SC, &smp->flags);
2061
2062 return 0;
2063}
2064
2065static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
2066{
2067 struct l2cap_chan *chan = conn->smp;
2068 struct smp_chan *smp = chan->data;
2069
2070 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2071
2072 if (skb->len < sizeof(smp->pcnf))
2073 return SMP_INVALID_PARAMS;
2074
2075 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2076 skb_pull(skb, sizeof(smp->pcnf));
2077
2078 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2079 int ret;
2080
2081
2082 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2083 return sc_check_confirm(smp);
2084
2085 BT_ERR("Unexpected SMP Pairing Confirm");
2086
2087 ret = fixup_sc_false_positive(smp);
2088 if (ret)
2089 return ret;
2090 }
2091
2092 if (conn->hcon->out) {
2093 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2094 smp->prnd);
2095 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2096 return 0;
2097 }
2098
2099 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2100 return smp_confirm(smp);
2101
2102 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2103
2104 return 0;
2105}
2106
2107static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
2108{
2109 struct l2cap_chan *chan = conn->smp;
2110 struct smp_chan *smp = chan->data;
2111 struct hci_conn *hcon = conn->hcon;
2112 u8 *pkax, *pkbx, *na, *nb;
2113 u32 passkey;
2114 int err;
2115
2116 BT_DBG("conn %p", conn);
2117
2118 if (skb->len < sizeof(smp->rrnd))
2119 return SMP_INVALID_PARAMS;
2120
2121 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
2122 skb_pull(skb, sizeof(smp->rrnd));
2123
2124 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2125 return smp_random(smp);
2126
2127 if (hcon->out) {
2128 pkax = smp->local_pk;
2129 pkbx = smp->remote_pk;
2130 na = smp->prnd;
2131 nb = smp->rrnd;
2132 } else {
2133 pkax = smp->remote_pk;
2134 pkbx = smp->local_pk;
2135 na = smp->rrnd;
2136 nb = smp->prnd;
2137 }
2138
2139 if (smp->method == REQ_OOB) {
2140 if (!hcon->out)
2141 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2142 sizeof(smp->prnd), smp->prnd);
2143 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2144 goto mackey_and_ltk;
2145 }
2146
2147
2148 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2149 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2150
2151 if (hcon->out) {
2152 u8 cfm[16];
2153
2154 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2155 smp->rrnd, 0, cfm);
2156 if (err)
2157 return SMP_UNSPECIFIED;
2158
2159 if (memcmp(smp->pcnf, cfm, 16))
2160 return SMP_CONFIRM_FAILED;
2161 } else {
2162 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2163 smp->prnd);
2164 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2165 }
2166
2167mackey_and_ltk:
2168
2169 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2170 if (err)
2171 return SMP_UNSPECIFIED;
2172
2173 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2174 if (hcon->out) {
2175 sc_dhkey_check(smp);
2176 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2177 }
2178 return 0;
2179 }
2180
2181 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2182 if (err)
2183 return SMP_UNSPECIFIED;
2184
2185 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2186 hcon->dst_type, passkey, 0);
2187 if (err)
2188 return SMP_UNSPECIFIED;
2189
2190 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2191
2192 return 0;
2193}
2194
2195static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2196{
2197 struct smp_ltk *key;
2198 struct hci_conn *hcon = conn->hcon;
2199
2200 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2201 if (!key)
2202 return false;
2203
2204 if (smp_ltk_sec_level(key) < sec_level)
2205 return false;
2206
2207 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2208 return true;
2209
2210 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
2211 hcon->enc_key_size = key->enc_size;
2212
2213
2214 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2215
2216 return true;
2217}
2218
2219bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2220 enum smp_key_pref key_pref)
2221{
2222 if (sec_level == BT_SECURITY_LOW)
2223 return true;
2224
2225
2226
2227
2228
2229
2230
2231 if (key_pref == SMP_USE_LTK &&
2232 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2233 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2234 return false;
2235
2236 if (hcon->sec_level >= sec_level)
2237 return true;
2238
2239 return false;
2240}
2241
2242static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2243{
2244 struct smp_cmd_security_req *rp = (void *) skb->data;
2245 struct smp_cmd_pairing cp;
2246 struct hci_conn *hcon = conn->hcon;
2247 struct hci_dev *hdev = hcon->hdev;
2248 struct smp_chan *smp;
2249 u8 sec_level, auth;
2250
2251 BT_DBG("conn %p", conn);
2252
2253 if (skb->len < sizeof(*rp))
2254 return SMP_INVALID_PARAMS;
2255
2256 if (hcon->role != HCI_ROLE_MASTER)
2257 return SMP_CMD_NOTSUPP;
2258
2259 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2260
2261 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
2262 return SMP_AUTH_REQUIREMENTS;
2263
2264 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2265 sec_level = BT_SECURITY_MEDIUM;
2266 else
2267 sec_level = authreq_to_seclevel(auth);
2268
2269 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2270 return 0;
2271
2272 if (sec_level > hcon->pending_sec_level)
2273 hcon->pending_sec_level = sec_level;
2274
2275 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2276 return 0;
2277
2278 smp = smp_chan_create(conn);
2279 if (!smp)
2280 return SMP_UNSPECIFIED;
2281
2282 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2283 (auth & SMP_AUTH_BONDING))
2284 return SMP_PAIRING_NOTSUPP;
2285
2286 skb_pull(skb, sizeof(*rp));
2287
2288 memset(&cp, 0, sizeof(cp));
2289 build_pairing_cmd(conn, &cp, NULL, auth);
2290
2291 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2292 memcpy(&smp->preq[1], &cp, sizeof(cp));
2293
2294 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2295 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2296
2297 return 0;
2298}
2299
2300int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2301{
2302 struct l2cap_conn *conn = hcon->l2cap_data;
2303 struct l2cap_chan *chan;
2304 struct smp_chan *smp;
2305 __u8 authreq;
2306 int ret;
2307
2308 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2309
2310
2311 if (!conn)
2312 return 1;
2313
2314 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2315 return 1;
2316
2317 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2318 return 1;
2319
2320 if (sec_level > hcon->pending_sec_level)
2321 hcon->pending_sec_level = sec_level;
2322
2323 if (hcon->role == HCI_ROLE_MASTER)
2324 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2325 return 0;
2326
2327 chan = conn->smp;
2328 if (!chan) {
2329 BT_ERR("SMP security requested but not available");
2330 return 1;
2331 }
2332
2333 l2cap_chan_lock(chan);
2334
2335
2336 if (chan->data) {
2337 ret = 0;
2338 goto unlock;
2339 }
2340
2341 smp = smp_chan_create(conn);
2342 if (!smp) {
2343 ret = 1;
2344 goto unlock;
2345 }
2346
2347 authreq = seclevel_to_authreq(sec_level);
2348
2349 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
2350 authreq |= SMP_AUTH_SC;
2351
2352
2353
2354
2355 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2356 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2357 authreq |= SMP_AUTH_MITM;
2358
2359 if (hcon->role == HCI_ROLE_MASTER) {
2360 struct smp_cmd_pairing cp;
2361
2362 build_pairing_cmd(conn, &cp, NULL, authreq);
2363 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2364 memcpy(&smp->preq[1], &cp, sizeof(cp));
2365
2366 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2367 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2368 } else {
2369 struct smp_cmd_security_req cp;
2370 cp.auth_req = authreq;
2371 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2372 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2373 }
2374
2375 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2376 ret = 0;
2377
2378unlock:
2379 l2cap_chan_unlock(chan);
2380 return ret;
2381}
2382
2383void smp_cancel_pairing(struct hci_conn *hcon)
2384{
2385 struct l2cap_conn *conn = hcon->l2cap_data;
2386 struct l2cap_chan *chan;
2387 struct smp_chan *smp;
2388
2389 if (!conn)
2390 return;
2391
2392 chan = conn->smp;
2393 if (!chan)
2394 return;
2395
2396 l2cap_chan_lock(chan);
2397
2398 smp = chan->data;
2399 if (smp) {
2400 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2401 smp_failure(conn, 0);
2402 else
2403 smp_failure(conn, SMP_UNSPECIFIED);
2404 }
2405
2406 l2cap_chan_unlock(chan);
2407}
2408
2409static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2410{
2411 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2412 struct l2cap_chan *chan = conn->smp;
2413 struct smp_chan *smp = chan->data;
2414
2415 BT_DBG("conn %p", conn);
2416
2417 if (skb->len < sizeof(*rp))
2418 return SMP_INVALID_PARAMS;
2419
2420 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2421
2422 skb_pull(skb, sizeof(*rp));
2423
2424 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2425
2426 return 0;
2427}
2428
2429static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2430{
2431 struct smp_cmd_master_ident *rp = (void *) skb->data;
2432 struct l2cap_chan *chan = conn->smp;
2433 struct smp_chan *smp = chan->data;
2434 struct hci_dev *hdev = conn->hcon->hdev;
2435 struct hci_conn *hcon = conn->hcon;
2436 struct smp_ltk *ltk;
2437 u8 authenticated;
2438
2439 BT_DBG("conn %p", conn);
2440
2441 if (skb->len < sizeof(*rp))
2442 return SMP_INVALID_PARAMS;
2443
2444
2445 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2446
2447 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2448 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2449 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2450 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2451
2452 skb_pull(skb, sizeof(*rp));
2453
2454 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2455 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2456 authenticated, smp->tk, smp->enc_key_size,
2457 rp->ediv, rp->rand);
2458 smp->ltk = ltk;
2459 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2460 smp_distribute_keys(smp);
2461
2462 return 0;
2463}
2464
2465static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2466{
2467 struct smp_cmd_ident_info *info = (void *) skb->data;
2468 struct l2cap_chan *chan = conn->smp;
2469 struct smp_chan *smp = chan->data;
2470
2471 BT_DBG("");
2472
2473 if (skb->len < sizeof(*info))
2474 return SMP_INVALID_PARAMS;
2475
2476 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2477
2478 skb_pull(skb, sizeof(*info));
2479
2480 memcpy(smp->irk, info->irk, 16);
2481
2482 return 0;
2483}
2484
2485static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2486 struct sk_buff *skb)
2487{
2488 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2489 struct l2cap_chan *chan = conn->smp;
2490 struct smp_chan *smp = chan->data;
2491 struct hci_conn *hcon = conn->hcon;
2492 bdaddr_t rpa;
2493
2494 BT_DBG("");
2495
2496 if (skb->len < sizeof(*info))
2497 return SMP_INVALID_PARAMS;
2498
2499
2500 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2501
2502 if (smp->remote_key_dist & SMP_DIST_SIGN)
2503 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2504
2505 skb_pull(skb, sizeof(*info));
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2518 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
2519 BT_ERR("Ignoring IRK with no identity address");
2520 goto distribute;
2521 }
2522
2523 bacpy(&smp->id_addr, &info->bdaddr);
2524 smp->id_addr_type = info->addr_type;
2525
2526 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2527 bacpy(&rpa, &hcon->dst);
2528 else
2529 bacpy(&rpa, BDADDR_ANY);
2530
2531 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2532 smp->id_addr_type, smp->irk, &rpa);
2533
2534distribute:
2535 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2536 smp_distribute_keys(smp);
2537
2538 return 0;
2539}
2540
2541static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2542{
2543 struct smp_cmd_sign_info *rp = (void *) skb->data;
2544 struct l2cap_chan *chan = conn->smp;
2545 struct smp_chan *smp = chan->data;
2546 struct smp_csrk *csrk;
2547
2548 BT_DBG("conn %p", conn);
2549
2550 if (skb->len < sizeof(*rp))
2551 return SMP_INVALID_PARAMS;
2552
2553
2554 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2555
2556 skb_pull(skb, sizeof(*rp));
2557
2558 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2559 if (csrk) {
2560 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2561 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2562 else
2563 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
2564 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2565 }
2566 smp->csrk = csrk;
2567 smp_distribute_keys(smp);
2568
2569 return 0;
2570}
2571
2572static u8 sc_select_method(struct smp_chan *smp)
2573{
2574 struct l2cap_conn *conn = smp->conn;
2575 struct hci_conn *hcon = conn->hcon;
2576 struct smp_cmd_pairing *local, *remote;
2577 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2578
2579 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2580 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
2581 return REQ_OOB;
2582
2583
2584
2585
2586
2587
2588 if (hcon->out) {
2589 local = (void *) &smp->preq[1];
2590 remote = (void *) &smp->prsp[1];
2591 } else {
2592 local = (void *) &smp->prsp[1];
2593 remote = (void *) &smp->preq[1];
2594 }
2595
2596 local_io = local->io_capability;
2597 remote_io = remote->io_capability;
2598
2599 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2600 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2601
2602
2603
2604
2605 if (local_mitm || remote_mitm)
2606 method = get_auth_method(smp, local_io, remote_io);
2607 else
2608 method = JUST_WORKS;
2609
2610
2611 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2612 method = JUST_WORKS;
2613
2614 return method;
2615}
2616
2617static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2618{
2619 struct smp_cmd_public_key *key = (void *) skb->data;
2620 struct hci_conn *hcon = conn->hcon;
2621 struct l2cap_chan *chan = conn->smp;
2622 struct smp_chan *smp = chan->data;
2623 struct hci_dev *hdev = hcon->hdev;
2624 struct smp_cmd_pairing_confirm cfm;
2625 int err;
2626
2627 BT_DBG("conn %p", conn);
2628
2629 if (skb->len < sizeof(*key))
2630 return SMP_INVALID_PARAMS;
2631
2632 memcpy(smp->remote_pk, key, 64);
2633
2634 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2635 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2636 smp->rr, 0, cfm.confirm_val);
2637 if (err)
2638 return SMP_UNSPECIFIED;
2639
2640 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2641 return SMP_CONFIRM_FAILED;
2642 }
2643
2644
2645
2646
2647 if (!hcon->out) {
2648 err = sc_send_public_key(smp);
2649 if (err)
2650 return err;
2651 }
2652
2653 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2654 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
2655
2656 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2657 return SMP_UNSPECIFIED;
2658
2659 SMP_DBG("DHKey %32phN", smp->dhkey);
2660
2661 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2662
2663 smp->method = sc_select_method(smp);
2664
2665 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2666
2667
2668 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2669 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2670 else
2671 hcon->pending_sec_level = BT_SECURITY_FIPS;
2672
2673 if (!memcmp(debug_pk, smp->remote_pk, 64))
2674 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2675
2676 if (smp->method == DSP_PASSKEY) {
2677 get_random_bytes(&hcon->passkey_notify,
2678 sizeof(hcon->passkey_notify));
2679 hcon->passkey_notify %= 1000000;
2680 hcon->passkey_entered = 0;
2681 smp->passkey_round = 0;
2682 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2683 hcon->dst_type,
2684 hcon->passkey_notify,
2685 hcon->passkey_entered))
2686 return SMP_UNSPECIFIED;
2687 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2688 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2689 }
2690
2691 if (smp->method == REQ_OOB) {
2692 if (hcon->out)
2693 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2694 sizeof(smp->prnd), smp->prnd);
2695
2696 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2697
2698 return 0;
2699 }
2700
2701 if (hcon->out)
2702 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2703
2704 if (smp->method == REQ_PASSKEY) {
2705 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2706 hcon->dst_type))
2707 return SMP_UNSPECIFIED;
2708 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2709 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2710 return 0;
2711 }
2712
2713
2714
2715
2716 if (conn->hcon->out)
2717 return 0;
2718
2719 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2720 0, cfm.confirm_val);
2721 if (err)
2722 return SMP_UNSPECIFIED;
2723
2724 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2725 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2726
2727 return 0;
2728}
2729
2730static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2731{
2732 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2733 struct l2cap_chan *chan = conn->smp;
2734 struct hci_conn *hcon = conn->hcon;
2735 struct smp_chan *smp = chan->data;
2736 u8 a[7], b[7], *local_addr, *remote_addr;
2737 u8 io_cap[3], r[16], e[16];
2738 int err;
2739
2740 BT_DBG("conn %p", conn);
2741
2742 if (skb->len < sizeof(*check))
2743 return SMP_INVALID_PARAMS;
2744
2745 memcpy(a, &hcon->init_addr, 6);
2746 memcpy(b, &hcon->resp_addr, 6);
2747 a[6] = hcon->init_addr_type;
2748 b[6] = hcon->resp_addr_type;
2749
2750 if (hcon->out) {
2751 local_addr = a;
2752 remote_addr = b;
2753 memcpy(io_cap, &smp->prsp[1], 3);
2754 } else {
2755 local_addr = b;
2756 remote_addr = a;
2757 memcpy(io_cap, &smp->preq[1], 3);
2758 }
2759
2760 memset(r, 0, sizeof(r));
2761
2762 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2763 put_unaligned_le32(hcon->passkey_notify, r);
2764 else if (smp->method == REQ_OOB)
2765 memcpy(r, smp->lr, 16);
2766
2767 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2768 io_cap, remote_addr, local_addr, e);
2769 if (err)
2770 return SMP_UNSPECIFIED;
2771
2772 if (memcmp(check->e, e, 16))
2773 return SMP_DHKEY_CHECK_FAILED;
2774
2775 if (!hcon->out) {
2776 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2777 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2778 return 0;
2779 }
2780
2781
2782 sc_dhkey_check(smp);
2783 }
2784
2785 sc_add_ltk(smp);
2786
2787 if (hcon->out) {
2788 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
2789 hcon->enc_key_size = smp->enc_key_size;
2790 }
2791
2792 return 0;
2793}
2794
2795static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2796 struct sk_buff *skb)
2797{
2798 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2799
2800 BT_DBG("value 0x%02x", kp->value);
2801
2802 return 0;
2803}
2804
2805static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2806{
2807 struct l2cap_conn *conn = chan->conn;
2808 struct hci_conn *hcon = conn->hcon;
2809 struct smp_chan *smp;
2810 __u8 code, reason;
2811 int err = 0;
2812
2813 if (skb->len < 1)
2814 return -EILSEQ;
2815
2816 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2817 reason = SMP_PAIRING_NOTSUPP;
2818 goto done;
2819 }
2820
2821 code = skb->data[0];
2822 skb_pull(skb, sizeof(code));
2823
2824 smp = chan->data;
2825
2826 if (code > SMP_CMD_MAX)
2827 goto drop;
2828
2829 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2830 goto drop;
2831
2832
2833
2834
2835 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2836 goto drop;
2837
2838 switch (code) {
2839 case SMP_CMD_PAIRING_REQ:
2840 reason = smp_cmd_pairing_req(conn, skb);
2841 break;
2842
2843 case SMP_CMD_PAIRING_FAIL:
2844 smp_failure(conn, 0);
2845 err = -EPERM;
2846 break;
2847
2848 case SMP_CMD_PAIRING_RSP:
2849 reason = smp_cmd_pairing_rsp(conn, skb);
2850 break;
2851
2852 case SMP_CMD_SECURITY_REQ:
2853 reason = smp_cmd_security_req(conn, skb);
2854 break;
2855
2856 case SMP_CMD_PAIRING_CONFIRM:
2857 reason = smp_cmd_pairing_confirm(conn, skb);
2858 break;
2859
2860 case SMP_CMD_PAIRING_RANDOM:
2861 reason = smp_cmd_pairing_random(conn, skb);
2862 break;
2863
2864 case SMP_CMD_ENCRYPT_INFO:
2865 reason = smp_cmd_encrypt_info(conn, skb);
2866 break;
2867
2868 case SMP_CMD_MASTER_IDENT:
2869 reason = smp_cmd_master_ident(conn, skb);
2870 break;
2871
2872 case SMP_CMD_IDENT_INFO:
2873 reason = smp_cmd_ident_info(conn, skb);
2874 break;
2875
2876 case SMP_CMD_IDENT_ADDR_INFO:
2877 reason = smp_cmd_ident_addr_info(conn, skb);
2878 break;
2879
2880 case SMP_CMD_SIGN_INFO:
2881 reason = smp_cmd_sign_info(conn, skb);
2882 break;
2883
2884 case SMP_CMD_PUBLIC_KEY:
2885 reason = smp_cmd_public_key(conn, skb);
2886 break;
2887
2888 case SMP_CMD_DHKEY_CHECK:
2889 reason = smp_cmd_dhkey_check(conn, skb);
2890 break;
2891
2892 case SMP_CMD_KEYPRESS_NOTIFY:
2893 reason = smp_cmd_keypress_notify(conn, skb);
2894 break;
2895
2896 default:
2897 BT_DBG("Unknown command code 0x%2.2x", code);
2898 reason = SMP_CMD_NOTSUPP;
2899 goto done;
2900 }
2901
2902done:
2903 if (!err) {
2904 if (reason)
2905 smp_failure(conn, reason);
2906 kfree_skb(skb);
2907 }
2908
2909 return err;
2910
2911drop:
2912 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2913 code, &hcon->dst);
2914 kfree_skb(skb);
2915 return 0;
2916}
2917
2918static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2919{
2920 struct l2cap_conn *conn = chan->conn;
2921
2922 BT_DBG("chan %p", chan);
2923
2924 if (chan->data)
2925 smp_chan_destroy(conn);
2926
2927 conn->smp = NULL;
2928 l2cap_chan_put(chan);
2929}
2930
2931static void bredr_pairing(struct l2cap_chan *chan)
2932{
2933 struct l2cap_conn *conn = chan->conn;
2934 struct hci_conn *hcon = conn->hcon;
2935 struct hci_dev *hdev = hcon->hdev;
2936 struct smp_cmd_pairing req;
2937 struct smp_chan *smp;
2938
2939 BT_DBG("chan %p", chan);
2940
2941
2942 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2943 return;
2944
2945
2946 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2947 return;
2948
2949
2950 if (hcon->role != HCI_ROLE_MASTER)
2951 return;
2952
2953
2954 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
2955 return;
2956
2957
2958 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2959 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
2960 return;
2961
2962
2963 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2964 return;
2965
2966
2967 if (!lmp_host_le_capable(hcon))
2968 return;
2969
2970
2971 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2972 return;
2973
2974
2975 if (chan->data)
2976 return;
2977
2978 smp = smp_chan_create(conn);
2979 if (!smp) {
2980 BT_ERR("%s unable to create SMP context for BR/EDR",
2981 hdev->name);
2982 return;
2983 }
2984
2985 set_bit(SMP_FLAG_SC, &smp->flags);
2986
2987 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2988
2989
2990 build_bredr_pairing_cmd(smp, &req, NULL);
2991
2992 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2993 memcpy(&smp->preq[1], &req, sizeof(req));
2994
2995 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2996 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2997}
2998
2999static void smp_resume_cb(struct l2cap_chan *chan)
3000{
3001 struct smp_chan *smp = chan->data;
3002 struct l2cap_conn *conn = chan->conn;
3003 struct hci_conn *hcon = conn->hcon;
3004
3005 BT_DBG("chan %p", chan);
3006
3007 if (hcon->type == ACL_LINK) {
3008 bredr_pairing(chan);
3009 return;
3010 }
3011
3012 if (!smp)
3013 return;
3014
3015 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3016 return;
3017
3018 cancel_delayed_work(&smp->security_timer);
3019
3020 smp_distribute_keys(smp);
3021}
3022
3023static void smp_ready_cb(struct l2cap_chan *chan)
3024{
3025 struct l2cap_conn *conn = chan->conn;
3026 struct hci_conn *hcon = conn->hcon;
3027
3028 BT_DBG("chan %p", chan);
3029
3030
3031
3032
3033
3034
3035
3036 conn->smp = chan;
3037
3038 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3039 bredr_pairing(chan);
3040}
3041
3042static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3043{
3044 int err;
3045
3046 BT_DBG("chan %p", chan);
3047
3048 err = smp_sig_channel(chan, skb);
3049 if (err) {
3050 struct smp_chan *smp = chan->data;
3051
3052 if (smp)
3053 cancel_delayed_work_sync(&smp->security_timer);
3054
3055 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
3056 }
3057
3058 return err;
3059}
3060
3061static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3062 unsigned long hdr_len,
3063 unsigned long len, int nb)
3064{
3065 struct sk_buff *skb;
3066
3067 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3068 if (!skb)
3069 return ERR_PTR(-ENOMEM);
3070
3071 skb->priority = HCI_PRIO_MAX;
3072 bt_cb(skb)->l2cap.chan = chan;
3073
3074 return skb;
3075}
3076
3077static const struct l2cap_ops smp_chan_ops = {
3078 .name = "Security Manager",
3079 .ready = smp_ready_cb,
3080 .recv = smp_recv_cb,
3081 .alloc_skb = smp_alloc_skb_cb,
3082 .teardown = smp_teardown_cb,
3083 .resume = smp_resume_cb,
3084
3085 .new_connection = l2cap_chan_no_new_connection,
3086 .state_change = l2cap_chan_no_state_change,
3087 .close = l2cap_chan_no_close,
3088 .defer = l2cap_chan_no_defer,
3089 .suspend = l2cap_chan_no_suspend,
3090 .set_shutdown = l2cap_chan_no_set_shutdown,
3091 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3092};
3093
3094static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3095{
3096 struct l2cap_chan *chan;
3097
3098 BT_DBG("pchan %p", pchan);
3099
3100 chan = l2cap_chan_create();
3101 if (!chan)
3102 return NULL;
3103
3104 chan->chan_type = pchan->chan_type;
3105 chan->ops = &smp_chan_ops;
3106 chan->scid = pchan->scid;
3107 chan->dcid = chan->scid;
3108 chan->imtu = pchan->imtu;
3109 chan->omtu = pchan->omtu;
3110 chan->mode = pchan->mode;
3111
3112
3113
3114
3115
3116
3117 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3118
3119 BT_DBG("created chan %p", chan);
3120
3121 return chan;
3122}
3123
3124static const struct l2cap_ops smp_root_chan_ops = {
3125 .name = "Security Manager Root",
3126 .new_connection = smp_new_conn_cb,
3127
3128
3129 .close = l2cap_chan_no_close,
3130 .alloc_skb = l2cap_chan_no_alloc_skb,
3131 .recv = l2cap_chan_no_recv,
3132 .state_change = l2cap_chan_no_state_change,
3133 .teardown = l2cap_chan_no_teardown,
3134 .ready = l2cap_chan_no_ready,
3135 .defer = l2cap_chan_no_defer,
3136 .suspend = l2cap_chan_no_suspend,
3137 .resume = l2cap_chan_no_resume,
3138 .set_shutdown = l2cap_chan_no_set_shutdown,
3139 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3140};
3141
3142static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
3143{
3144 struct l2cap_chan *chan;
3145 struct smp_dev *smp;
3146 struct crypto_blkcipher *tfm_aes;
3147 struct crypto_hash *tfm_cmac;
3148
3149 if (cid == L2CAP_CID_SMP_BREDR) {
3150 smp = NULL;
3151 goto create_chan;
3152 }
3153
3154 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3155 if (!smp)
3156 return ERR_PTR(-ENOMEM);
3157
3158 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3159 if (IS_ERR(tfm_aes)) {
3160 BT_ERR("Unable to create ECB crypto context");
3161 kzfree(smp);
3162 return ERR_CAST(tfm_aes);
3163 }
3164
3165 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3166 if (IS_ERR(tfm_cmac)) {
3167 BT_ERR("Unable to create CMAC crypto context");
3168 crypto_free_blkcipher(tfm_aes);
3169 kzfree(smp);
3170 return ERR_CAST(tfm_cmac);
3171 }
3172
3173 smp->tfm_aes = tfm_aes;
3174 smp->tfm_cmac = tfm_cmac;
3175 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
3176 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
3177
3178create_chan:
3179 chan = l2cap_chan_create();
3180 if (!chan) {
3181 if (smp) {
3182 crypto_free_blkcipher(smp->tfm_aes);
3183 crypto_free_hash(smp->tfm_cmac);
3184 kzfree(smp);
3185 }
3186 return ERR_PTR(-ENOMEM);
3187 }
3188
3189 chan->data = smp;
3190
3191 l2cap_add_scid(chan, cid);
3192
3193 l2cap_chan_set_defaults(chan);
3194
3195 if (cid == L2CAP_CID_SMP) {
3196 u8 bdaddr_type;
3197
3198 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3199
3200 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
3201 chan->src_type = BDADDR_LE_PUBLIC;
3202 else
3203 chan->src_type = BDADDR_LE_RANDOM;
3204 } else {
3205 bacpy(&chan->src, &hdev->bdaddr);
3206 chan->src_type = BDADDR_BREDR;
3207 }
3208
3209 chan->state = BT_LISTEN;
3210 chan->mode = L2CAP_MODE_BASIC;
3211 chan->imtu = L2CAP_DEFAULT_MTU;
3212 chan->ops = &smp_root_chan_ops;
3213
3214
3215 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3216
3217 return chan;
3218}
3219
3220static void smp_del_chan(struct l2cap_chan *chan)
3221{
3222 struct smp_dev *smp;
3223
3224 BT_DBG("chan %p", chan);
3225
3226 smp = chan->data;
3227 if (smp) {
3228 chan->data = NULL;
3229 if (smp->tfm_aes)
3230 crypto_free_blkcipher(smp->tfm_aes);
3231 if (smp->tfm_cmac)
3232 crypto_free_hash(smp->tfm_cmac);
3233 kzfree(smp);
3234 }
3235
3236 l2cap_chan_put(chan);
3237}
3238
3239static ssize_t force_bredr_smp_read(struct file *file,
3240 char __user *user_buf,
3241 size_t count, loff_t *ppos)
3242{
3243 struct hci_dev *hdev = file->private_data;
3244 char buf[3];
3245
3246 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
3247 buf[1] = '\n';
3248 buf[2] = '\0';
3249 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3250}
3251
3252static ssize_t force_bredr_smp_write(struct file *file,
3253 const char __user *user_buf,
3254 size_t count, loff_t *ppos)
3255{
3256 struct hci_dev *hdev = file->private_data;
3257 char buf[32];
3258 size_t buf_size = min(count, (sizeof(buf)-1));
3259 bool enable;
3260
3261 if (copy_from_user(buf, user_buf, buf_size))
3262 return -EFAULT;
3263
3264 buf[buf_size] = '\0';
3265 if (strtobool(buf, &enable))
3266 return -EINVAL;
3267
3268 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3269 return -EALREADY;
3270
3271 if (enable) {
3272 struct l2cap_chan *chan;
3273
3274 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3275 if (IS_ERR(chan))
3276 return PTR_ERR(chan);
3277
3278 hdev->smp_bredr_data = chan;
3279 } else {
3280 struct l2cap_chan *chan;
3281
3282 chan = hdev->smp_bredr_data;
3283 hdev->smp_bredr_data = NULL;
3284 smp_del_chan(chan);
3285 }
3286
3287 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
3288
3289 return count;
3290}
3291
3292static const struct file_operations force_bredr_smp_fops = {
3293 .open = simple_open,
3294 .read = force_bredr_smp_read,
3295 .write = force_bredr_smp_write,
3296 .llseek = default_llseek,
3297};
3298
3299static ssize_t le_min_key_size_read(struct file *file,
3300 char __user *user_buf,
3301 size_t count, loff_t *ppos)
3302{
3303 struct hci_dev *hdev = file->private_data;
3304 char buf[4];
3305
3306 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3307
3308 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3309}
3310
3311static ssize_t le_min_key_size_write(struct file *file,
3312 const char __user *user_buf,
3313 size_t count, loff_t *ppos)
3314{
3315 struct hci_dev *hdev = file->private_data;
3316 char buf[32];
3317 size_t buf_size = min(count, (sizeof(buf) - 1));
3318 u8 key_size;
3319
3320 if (copy_from_user(buf, user_buf, buf_size))
3321 return -EFAULT;
3322
3323 buf[buf_size] = '\0';
3324
3325 sscanf(buf, "%hhu", &key_size);
3326
3327 if (key_size > SMP_DEV(hdev)->max_key_size ||
3328 key_size < SMP_MIN_ENC_KEY_SIZE)
3329 return -EINVAL;
3330
3331 SMP_DEV(hdev)->min_key_size = key_size;
3332
3333 return count;
3334}
3335
3336static const struct file_operations le_min_key_size_fops = {
3337 .open = simple_open,
3338 .read = le_min_key_size_read,
3339 .write = le_min_key_size_write,
3340 .llseek = default_llseek,
3341};
3342
3343static ssize_t le_max_key_size_read(struct file *file,
3344 char __user *user_buf,
3345 size_t count, loff_t *ppos)
3346{
3347 struct hci_dev *hdev = file->private_data;
3348 char buf[4];
3349
3350 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3351
3352 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3353}
3354
3355static ssize_t le_max_key_size_write(struct file *file,
3356 const char __user *user_buf,
3357 size_t count, loff_t *ppos)
3358{
3359 struct hci_dev *hdev = file->private_data;
3360 char buf[32];
3361 size_t buf_size = min(count, (sizeof(buf) - 1));
3362 u8 key_size;
3363
3364 if (copy_from_user(buf, user_buf, buf_size))
3365 return -EFAULT;
3366
3367 buf[buf_size] = '\0';
3368
3369 sscanf(buf, "%hhu", &key_size);
3370
3371 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3372 key_size < SMP_DEV(hdev)->min_key_size)
3373 return -EINVAL;
3374
3375 SMP_DEV(hdev)->max_key_size = key_size;
3376
3377 return count;
3378}
3379
3380static const struct file_operations le_max_key_size_fops = {
3381 .open = simple_open,
3382 .read = le_max_key_size_read,
3383 .write = le_max_key_size_write,
3384 .llseek = default_llseek,
3385};
3386
3387int smp_register(struct hci_dev *hdev)
3388{
3389 struct l2cap_chan *chan;
3390
3391 BT_DBG("%s", hdev->name);
3392
3393
3394
3395
3396 if (!lmp_le_capable(hdev))
3397 return 0;
3398
3399 if (WARN_ON(hdev->smp_data)) {
3400 chan = hdev->smp_data;
3401 hdev->smp_data = NULL;
3402 smp_del_chan(chan);
3403 }
3404
3405 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3406 if (IS_ERR(chan))
3407 return PTR_ERR(chan);
3408
3409 hdev->smp_data = chan;
3410
3411 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3412 &le_min_key_size_fops);
3413 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3414 &le_max_key_size_fops);
3415
3416
3417
3418
3419
3420
3421
3422
3423 if (!lmp_sc_capable(hdev)) {
3424 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3425 hdev, &force_bredr_smp_fops);
3426 return 0;
3427 }
3428
3429 if (WARN_ON(hdev->smp_bredr_data)) {
3430 chan = hdev->smp_bredr_data;
3431 hdev->smp_bredr_data = NULL;
3432 smp_del_chan(chan);
3433 }
3434
3435 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3436 if (IS_ERR(chan)) {
3437 int err = PTR_ERR(chan);
3438 chan = hdev->smp_data;
3439 hdev->smp_data = NULL;
3440 smp_del_chan(chan);
3441 return err;
3442 }
3443
3444 hdev->smp_bredr_data = chan;
3445
3446 return 0;
3447}
3448
3449void smp_unregister(struct hci_dev *hdev)
3450{
3451 struct l2cap_chan *chan;
3452
3453 if (hdev->smp_bredr_data) {
3454 chan = hdev->smp_bredr_data;
3455 hdev->smp_bredr_data = NULL;
3456 smp_del_chan(chan);
3457 }
3458
3459 if (hdev->smp_data) {
3460 chan = hdev->smp_data;
3461 hdev->smp_data = NULL;
3462 smp_del_chan(chan);
3463 }
3464}
3465
3466#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3467
3468static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3469{
3470 const u8 irk[16] = {
3471 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3472 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3473 const u8 r[3] = { 0x94, 0x81, 0x70 };
3474 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3475 u8 res[3];
3476 int err;
3477
3478 err = smp_ah(tfm_aes, irk, r, res);
3479 if (err)
3480 return err;
3481
3482 if (memcmp(res, exp, 3))
3483 return -EINVAL;
3484
3485 return 0;
3486}
3487
3488static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3489{
3490 const u8 k[16] = {
3491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3492 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3493 const u8 r[16] = {
3494 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3495 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3496 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3497 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3498 const u8 _iat = 0x01;
3499 const u8 _rat = 0x00;
3500 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3501 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3502 const u8 exp[16] = {
3503 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3504 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3505 u8 res[16];
3506 int err;
3507
3508 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3509 if (err)
3510 return err;
3511
3512 if (memcmp(res, exp, 16))
3513 return -EINVAL;
3514
3515 return 0;
3516}
3517
3518static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3519{
3520 const u8 k[16] = {
3521 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3522 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3523 const u8 r1[16] = {
3524 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3525 const u8 r2[16] = {
3526 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3527 const u8 exp[16] = {
3528 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3529 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3530 u8 res[16];
3531 int err;
3532
3533 err = smp_s1(tfm_aes, k, r1, r2, res);
3534 if (err)
3535 return err;
3536
3537 if (memcmp(res, exp, 16))
3538 return -EINVAL;
3539
3540 return 0;
3541}
3542
3543static int __init test_f4(struct crypto_hash *tfm_cmac)
3544{
3545 const u8 u[32] = {
3546 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3547 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3548 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3549 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3550 const u8 v[32] = {
3551 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3552 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3553 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3554 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3555 const u8 x[16] = {
3556 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3557 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3558 const u8 z = 0x00;
3559 const u8 exp[16] = {
3560 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3561 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3562 u8 res[16];
3563 int err;
3564
3565 err = smp_f4(tfm_cmac, u, v, x, z, res);
3566 if (err)
3567 return err;
3568
3569 if (memcmp(res, exp, 16))
3570 return -EINVAL;
3571
3572 return 0;
3573}
3574
3575static int __init test_f5(struct crypto_hash *tfm_cmac)
3576{
3577 const u8 w[32] = {
3578 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3579 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3580 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3581 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3582 const u8 n1[16] = {
3583 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3584 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3585 const u8 n2[16] = {
3586 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3587 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3588 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3589 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3590 const u8 exp_ltk[16] = {
3591 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3592 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3593 const u8 exp_mackey[16] = {
3594 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3595 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3596 u8 mackey[16], ltk[16];
3597 int err;
3598
3599 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3600 if (err)
3601 return err;
3602
3603 if (memcmp(mackey, exp_mackey, 16))
3604 return -EINVAL;
3605
3606 if (memcmp(ltk, exp_ltk, 16))
3607 return -EINVAL;
3608
3609 return 0;
3610}
3611
3612static int __init test_f6(struct crypto_hash *tfm_cmac)
3613{
3614 const u8 w[16] = {
3615 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3616 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3617 const u8 n1[16] = {
3618 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3619 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3620 const u8 n2[16] = {
3621 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3622 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3623 const u8 r[16] = {
3624 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3625 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3626 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3627 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3628 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3629 const u8 exp[16] = {
3630 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3631 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3632 u8 res[16];
3633 int err;
3634
3635 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3636 if (err)
3637 return err;
3638
3639 if (memcmp(res, exp, 16))
3640 return -EINVAL;
3641
3642 return 0;
3643}
3644
3645static int __init test_g2(struct crypto_hash *tfm_cmac)
3646{
3647 const u8 u[32] = {
3648 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3649 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3650 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3651 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3652 const u8 v[32] = {
3653 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3654 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3655 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3656 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3657 const u8 x[16] = {
3658 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3659 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3660 const u8 y[16] = {
3661 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3662 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3663 const u32 exp_val = 0x2f9ed5ba % 1000000;
3664 u32 val;
3665 int err;
3666
3667 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3668 if (err)
3669 return err;
3670
3671 if (val != exp_val)
3672 return -EINVAL;
3673
3674 return 0;
3675}
3676
3677static int __init test_h6(struct crypto_hash *tfm_cmac)
3678{
3679 const u8 w[16] = {
3680 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3681 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3682 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3683 const u8 exp[16] = {
3684 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3685 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3686 u8 res[16];
3687 int err;
3688
3689 err = smp_h6(tfm_cmac, w, key_id, res);
3690 if (err)
3691 return err;
3692
3693 if (memcmp(res, exp, 16))
3694 return -EINVAL;
3695
3696 return 0;
3697}
3698
3699static char test_smp_buffer[32];
3700
3701static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3702 size_t count, loff_t *ppos)
3703{
3704 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3705 strlen(test_smp_buffer));
3706}
3707
3708static const struct file_operations test_smp_fops = {
3709 .open = simple_open,
3710 .read = test_smp_read,
3711 .llseek = default_llseek,
3712};
3713
3714static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3715 struct crypto_hash *tfm_cmac)
3716{
3717 ktime_t calltime, delta, rettime;
3718 unsigned long long duration;
3719 int err;
3720
3721 calltime = ktime_get();
3722
3723 err = test_ah(tfm_aes);
3724 if (err) {
3725 BT_ERR("smp_ah test failed");
3726 goto done;
3727 }
3728
3729 err = test_c1(tfm_aes);
3730 if (err) {
3731 BT_ERR("smp_c1 test failed");
3732 goto done;
3733 }
3734
3735 err = test_s1(tfm_aes);
3736 if (err) {
3737 BT_ERR("smp_s1 test failed");
3738 goto done;
3739 }
3740
3741 err = test_f4(tfm_cmac);
3742 if (err) {
3743 BT_ERR("smp_f4 test failed");
3744 goto done;
3745 }
3746
3747 err = test_f5(tfm_cmac);
3748 if (err) {
3749 BT_ERR("smp_f5 test failed");
3750 goto done;
3751 }
3752
3753 err = test_f6(tfm_cmac);
3754 if (err) {
3755 BT_ERR("smp_f6 test failed");
3756 goto done;
3757 }
3758
3759 err = test_g2(tfm_cmac);
3760 if (err) {
3761 BT_ERR("smp_g2 test failed");
3762 goto done;
3763 }
3764
3765 err = test_h6(tfm_cmac);
3766 if (err) {
3767 BT_ERR("smp_h6 test failed");
3768 goto done;
3769 }
3770
3771 rettime = ktime_get();
3772 delta = ktime_sub(rettime, calltime);
3773 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3774
3775 BT_INFO("SMP test passed in %llu usecs", duration);
3776
3777done:
3778 if (!err)
3779 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3780 "PASS (%llu usecs)\n", duration);
3781 else
3782 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3783
3784 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3785 &test_smp_fops);
3786
3787 return err;
3788}
3789
3790int __init bt_selftest_smp(void)
3791{
3792 struct crypto_blkcipher *tfm_aes;
3793 struct crypto_hash *tfm_cmac;
3794 int err;
3795
3796 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3797 if (IS_ERR(tfm_aes)) {
3798 BT_ERR("Unable to create ECB crypto context");
3799 return PTR_ERR(tfm_aes);
3800 }
3801
3802 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3803 if (IS_ERR(tfm_cmac)) {
3804 BT_ERR("Unable to create CMAC crypto context");
3805 crypto_free_blkcipher(tfm_aes);
3806 return PTR_ERR(tfm_cmac);
3807 }
3808
3809 err = run_selftests(tfm_aes, tfm_cmac);
3810
3811 crypto_free_hash(tfm_cmac);
3812 crypto_free_blkcipher(tfm_aes);
3813
3814 return err;
3815}
3816
3817#endif
3818
