1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#include <linux/debugfs.h>
24#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
31#include <net/bluetooth/mgmt.h>
32
33#include "ecc.h"
34#include "smp.h"
35
36#define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
38
39
40
41
42
43#ifdef DEBUG
44#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#else
47#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49#endif
50
51#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
52
53
54#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
55
56#define SMP_TIMEOUT msecs_to_jiffies(30000)
57
58#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
59 0x1f : 0x07)
60#define KEY_DIST_MASK 0x07
61
62
63#define CMAC_MSG_MAX 80
64
65enum {
66 SMP_FLAG_TK_VALID,
67 SMP_FLAG_CFM_PENDING,
68 SMP_FLAG_MITM_AUTH,
69 SMP_FLAG_COMPLETE,
70 SMP_FLAG_INITIATOR,
71 SMP_FLAG_SC,
72 SMP_FLAG_REMOTE_PK,
73 SMP_FLAG_DEBUG_KEY,
74 SMP_FLAG_WAIT_USER,
75 SMP_FLAG_DHKEY_PENDING,
76 SMP_FLAG_REMOTE_OOB,
77 SMP_FLAG_LOCAL_OOB,
78};
79
80struct smp_dev {
81
82 u8 local_pk[64];
83 u8 local_sk[32];
84 u8 local_rand[16];
85 bool debug_key;
86
87 u8 min_key_size;
88 u8 max_key_size;
89
90 struct crypto_blkcipher *tfm_aes;
91 struct crypto_hash *tfm_cmac;
92};
93
94struct smp_chan {
95 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
97 unsigned long allow_cmd;
98
99 u8 preq[7];
100 u8 prsp[7];
101 u8 prnd[16];
102 u8 rrnd[16];
103 u8 pcnf[16];
104 u8 tk[16];
105 u8 rr[16];
106 u8 lr[16];
107 u8 enc_key_size;
108 u8 remote_key_dist;
109 bdaddr_t id_addr;
110 u8 id_addr_type;
111 u8 irk[16];
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
114 struct smp_ltk *ltk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
117 u8 *link_key;
118 unsigned long flags;
119 u8 method;
120 u8 passkey_round;
121
122
123 u8 local_pk[64];
124 u8 local_sk[32];
125 u8 remote_pk[64];
126 u8 dhkey[32];
127 u8 mackey[16];
128
129 struct crypto_blkcipher *tfm_aes;
130 struct crypto_hash *tfm_cmac;
131};
132
133
134
135
136
137static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
142
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
147};
148
149static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
154};
155
156static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
157{
158 size_t i;
159
160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
162}
163
164
165
166
167
168static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
170{
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
174 int err;
175
176 if (len > CMAC_MSG_MAX)
177 return -EFBIG;
178
179 if (!tfm) {
180 BT_ERR("tfm %p", tfm);
181 return -EINVAL;
182 }
183
184 desc.tfm = tfm;
185 desc.flags = 0;
186
187 crypto_hash_init(&desc);
188
189
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
195
196 err = crypto_hash_setkey(tfm, tmp, 16);
197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
202 sg_init_one(&sg, msg_msb, len);
203
204 err = crypto_hash_update(&desc, &sg, len);
205 if (err) {
206 BT_ERR("Hash update error %d", err);
207 return err;
208 }
209
210 err = crypto_hash_final(&desc, mac_msb);
211 if (err) {
212 BT_ERR("Hash final error %d", err);
213 return err;
214 }
215
216 swap_buf(mac_msb, mac, 16);
217
218 SMP_DBG("mac %16phN", mac);
219
220 return 0;
221}
222
223static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
225{
226 u8 m[65];
227 int err;
228
229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
232
233 m[0] = z;
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
236
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
238 if (err)
239 return err;
240
241 SMP_DBG("res %16phN", res);
242
243 return err;
244}
245
246static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
249{
250
251
252
253
254
255
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
260 u8 m[53], t[16];
261 int err;
262
263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
266
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
268 if (err)
269 return err;
270
271 SMP_DBG("t %16phN", t);
272
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
279
280 m[52] = 0;
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
283 if (err)
284 return err;
285
286 SMP_DBG("mackey %16phN", mackey);
287
288 m[52] = 1;
289
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
291 if (err)
292 return err;
293
294 SMP_DBG("ltk %16phN", ltk);
295
296 return 0;
297}
298
299static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
300 const u8 n1[16], const u8 n2[16], const u8 r[16],
301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
302 u8 res[16])
303{
304 u8 m[65];
305 int err;
306
307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
310
311 memcpy(m, a2, 7);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
317
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
319 if (err)
320 return err;
321
322 SMP_DBG("res %16phN", res);
323
324 return err;
325}
326
327static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
329{
330 u8 m[80], tmp[16];
331 int err;
332
333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
336
337 memcpy(m, y, 16);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
340
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
342 if (err)
343 return err;
344
345 *val = get_unaligned_le32(tmp);
346 *val %= 1000000;
347
348 SMP_DBG("val %06u", *val);
349
350 return 0;
351}
352
353static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355{
356 int err;
357
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 SMP_DBG("res %16phN", res);
365
366 return err;
367}
368
369
370
371
372
373static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
374{
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
377 uint8_t tmp[16], data[16];
378 int err;
379
380 SMP_DBG("k %16phN r %16phN", k, r);
381
382 if (!tfm) {
383 BT_ERR("tfm %p", tfm);
384 return -EINVAL;
385 }
386
387 desc.tfm = tfm;
388 desc.flags = 0;
389
390
391 swap_buf(k, tmp, 16);
392
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
394 if (err) {
395 BT_ERR("cipher setkey failed: %d", err);
396 return err;
397 }
398
399
400 swap_buf(r, data, 16);
401
402 sg_init_one(&sg, data, 16);
403
404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
405 if (err)
406 BT_ERR("Encrypt data error %d", err);
407
408
409 swap_buf(data, r, 16);
410
411 SMP_DBG("r %16phN", r);
412
413 return err;
414}
415
416static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
419{
420 u8 p1[16], p2[16];
421 int err;
422
423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
427 memset(p1, 0, 16);
428
429
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
435 SMP_DBG("p1 %16phN", p1);
436
437
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
444 return err;
445 }
446
447
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
454
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
465static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467{
468 int err;
469
470
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
477
478 return err;
479}
480
481static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
483{
484 u8 _res[16];
485 int err;
486
487
488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
490
491 err = smp_e(tfm, irk, _res);
492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497
498
499
500
501
502
503 memcpy(res, _res, 3);
504
505 return 0;
506}
507
508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
510{
511 struct l2cap_chan *chan = hdev->smp_data;
512 struct smp_dev *smp;
513 u8 hash[3];
514 int err;
515
516 if (!chan || !chan->data)
517 return false;
518
519 smp = chan->data;
520
521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
524 if (err)
525 return false;
526
527 return !memcmp(bdaddr->b, hash, 3);
528}
529
530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
531{
532 struct l2cap_chan *chan = hdev->smp_data;
533 struct smp_dev *smp;
534 int err;
535
536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
539 smp = chan->data;
540
541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f;
544 rpa->b[5] |= 0x40;
545
546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
575 return -EIO;
576
577
578
579
580 if (memcmp(smp->local_sk, debug_sk, 32))
581 break;
582 }
583 smp->debug_key = false;
584 }
585
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
589
590 get_random_bytes(smp->local_rand, 16);
591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
593 smp->local_rand, 0, hash);
594 if (err < 0)
595 return err;
596
597 memcpy(rand, smp->local_rand, 16);
598
599 return 0;
600}
601
602static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
603{
604 struct l2cap_chan *chan = conn->smp;
605 struct smp_chan *smp;
606 struct kvec iv[2];
607 struct msghdr msg;
608
609 if (!chan)
610 return;
611
612 BT_DBG("code 0x%2.2x", code);
613
614 iv[0].iov_base = &code;
615 iv[0].iov_len = 1;
616
617 iv[1].iov_base = data;
618 iv[1].iov_len = len;
619
620 memset(&msg, 0, sizeof(msg));
621
622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
623
624 l2cap_chan_send(chan, &msg, 1 + len);
625
626 if (!chan->data)
627 return;
628
629 smp = chan->data;
630
631 cancel_delayed_work_sync(&smp->security_timer);
632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
633}
634
635static u8 authreq_to_seclevel(u8 authreq)
636{
637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
640 else
641 return BT_SECURITY_HIGH;
642 } else {
643 return BT_SECURITY_MEDIUM;
644 }
645}
646
647static __u8 seclevel_to_authreq(__u8 sec_level)
648{
649 switch (sec_level) {
650 case BT_SECURITY_FIPS:
651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
655 default:
656 return SMP_AUTH_NONE;
657 }
658}
659
660static void build_pairing_cmd(struct l2cap_conn *conn,
661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
663{
664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
669
670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
673 authreq |= SMP_AUTH_BONDING;
674 } else {
675 authreq &= ~SMP_AUTH_BONDING;
676 }
677
678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
679 remote_dist |= SMP_DIST_ID_KEY;
680
681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
682 local_dist |= SMP_DIST_ID_KEY;
683
684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
687 u8 bdaddr_type;
688
689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
692 }
693
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
696 else
697 bdaddr_type = BDADDR_LE_RANDOM;
698
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
700 bdaddr_type);
701 if (oob_data && oob_data->present) {
702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
703 oob_flag = SMP_OOB_PRESENT;
704 memcpy(smp->rr, oob_data->rand256, 16);
705 memcpy(smp->pcnf, oob_data->hash256, 16);
706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
708 }
709
710 } else {
711 authreq &= ~SMP_AUTH_SC;
712 }
713
714 if (rsp == NULL) {
715 req->io_capability = conn->hcon->io_capability;
716 req->oob_flag = oob_flag;
717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
721
722 smp->remote_key_dist = remote_dist;
723 return;
724 }
725
726 rsp->io_capability = conn->hcon->io_capability;
727 rsp->oob_flag = oob_flag;
728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
732
733 smp->remote_key_dist = rsp->init_key_dist;
734}
735
736static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
737{
738 struct l2cap_chan *chan = conn->smp;
739 struct hci_dev *hdev = conn->hcon->hdev;
740 struct smp_chan *smp = chan->data;
741
742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
744 return SMP_ENC_KEY_SIZE;
745
746 smp->enc_key_size = max_key_size;
747
748 return 0;
749}
750
751static void smp_chan_destroy(struct l2cap_conn *conn)
752{
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
755 struct hci_conn *hcon = conn->hcon;
756 bool complete;
757
758 BUG_ON(!smp);
759
760 cancel_delayed_work_sync(&smp->security_timer);
761
762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
763 mgmt_smp_complete(hcon, complete);
764
765 kzfree(smp->csrk);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
768
769 crypto_free_blkcipher(smp->tfm_aes);
770 crypto_free_hash(smp->tfm_cmac);
771
772
773
774
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
779 smp->ltk = NULL;
780 }
781
782
783 if (!complete) {
784 if (smp->ltk) {
785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
787 }
788
789 if (smp->slave_ltk) {
790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
792 }
793
794 if (smp->remote_irk) {
795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
797 }
798 }
799
800 chan->data = NULL;
801 kzfree(smp);
802 hci_conn_drop(hcon);
803}
804
805static void smp_failure(struct l2cap_conn *conn, u8 reason)
806{
807 struct hci_conn *hcon = conn->hcon;
808 struct l2cap_chan *chan = conn->smp;
809
810 if (reason)
811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
812 &reason);
813
814 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
815
816 if (chan->data)
817 smp_chan_destroy(conn);
818}
819
820#define JUST_WORKS 0x00
821#define JUST_CFM 0x01
822#define REQ_PASSKEY 0x02
823#define CFM_PASSKEY 0x03
824#define REQ_OOB 0x04
825#define DSP_PASSKEY 0x05
826#define OVERLAP 0xFF
827
828static const u8 gen_method[5][5] = {
829 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
832 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
833 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
834};
835
836static const u8 sc_method[5][5] = {
837 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
838 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
839 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
840 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
841 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842};
843
844static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
845{
846
847
848
849 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
850 remote_io > SMP_IO_KEYBOARD_DISPLAY)
851 return JUST_CFM;
852
853 if (test_bit(SMP_FLAG_SC, &smp->flags))
854 return sc_method[remote_io][local_io];
855
856 return gen_method[remote_io][local_io];
857}
858
859static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
860 u8 local_io, u8 remote_io)
861{
862 struct hci_conn *hcon = conn->hcon;
863 struct l2cap_chan *chan = conn->smp;
864 struct smp_chan *smp = chan->data;
865 u32 passkey = 0;
866 int ret = 0;
867
868
869 memset(smp->tk, 0, sizeof(smp->tk));
870 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
871
872 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
873
874
875
876
877
878
879
880 if (!(auth & SMP_AUTH_MITM))
881 smp->method = JUST_CFM;
882 else
883 smp->method = get_auth_method(smp, local_io, remote_io);
884
885
886 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
887 &smp->flags))
888 smp->method = JUST_WORKS;
889
890
891 if (smp->method == JUST_CFM &&
892 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
893 smp->method = JUST_WORKS;
894
895
896 if (smp->method == JUST_WORKS) {
897 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
898 return 0;
899 }
900
901
902
903
904 if (test_bit(SMP_FLAG_SC, &smp->flags))
905 return -EINVAL;
906
907
908 if (smp->method != JUST_CFM) {
909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
910 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
911 hcon->pending_sec_level = BT_SECURITY_HIGH;
912 }
913
914
915
916
917 if (smp->method == OVERLAP) {
918 if (hcon->role == HCI_ROLE_MASTER)
919 smp->method = CFM_PASSKEY;
920 else
921 smp->method = REQ_PASSKEY;
922 }
923
924
925 if (smp->method == CFM_PASSKEY) {
926 memset(smp->tk, 0, sizeof(smp->tk));
927 get_random_bytes(&passkey, sizeof(passkey));
928 passkey %= 1000000;
929 put_unaligned_le32(passkey, smp->tk);
930 BT_DBG("PassKey: %d", passkey);
931 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
932 }
933
934 if (smp->method == REQ_PASSKEY)
935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
936 hcon->type, hcon->dst_type);
937 else if (smp->method == JUST_CFM)
938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type,
940 passkey, 1);
941 else
942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
943 hcon->type, hcon->dst_type,
944 passkey, 0);
945
946 return ret;
947}
948
949static u8 smp_confirm(struct smp_chan *smp)
950{
951 struct l2cap_conn *conn = smp->conn;
952 struct smp_cmd_pairing_confirm cp;
953 int ret;
954
955 BT_DBG("conn %p", conn);
956
957 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
958 conn->hcon->init_addr_type, &conn->hcon->init_addr,
959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
960 cp.confirm_val);
961 if (ret)
962 return SMP_UNSPECIFIED;
963
964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
965
966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
967
968 if (conn->hcon->out)
969 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
970 else
971 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
972
973 return 0;
974}
975
976static u8 smp_random(struct smp_chan *smp)
977{
978 struct l2cap_conn *conn = smp->conn;
979 struct hci_conn *hcon = conn->hcon;
980 u8 confirm[16];
981 int ret;
982
983 if (IS_ERR_OR_NULL(smp->tfm_aes))
984 return SMP_UNSPECIFIED;
985
986 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
987
988 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
989 hcon->init_addr_type, &hcon->init_addr,
990 hcon->resp_addr_type, &hcon->resp_addr, confirm);
991 if (ret)
992 return SMP_UNSPECIFIED;
993
994 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
995 BT_ERR("Pairing failed (confirmation values mismatch)");
996 return SMP_CONFIRM_FAILED;
997 }
998
999 if (hcon->out) {
1000 u8 stk[16];
1001 __le64 rand = 0;
1002 __le16 ediv = 0;
1003
1004 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1005
1006 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1007 return SMP_UNSPECIFIED;
1008
1009 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
1010 hcon->enc_key_size = smp->enc_key_size;
1011 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1012 } else {
1013 u8 stk[16], auth;
1014 __le64 rand = 0;
1015 __le16 ediv = 0;
1016
1017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1018 smp->prnd);
1019
1020 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1021
1022 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1023 auth = 1;
1024 else
1025 auth = 0;
1026
1027
1028
1029
1030
1031 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1032 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
1033 }
1034
1035 return 0;
1036}
1037
1038static void smp_notify_keys(struct l2cap_conn *conn)
1039{
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042 struct hci_conn *hcon = conn->hcon;
1043 struct hci_dev *hdev = hcon->hdev;
1044 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1045 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1046 bool persistent;
1047
1048 if (hcon->type == ACL_LINK) {
1049 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1050 persistent = false;
1051 else
1052 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1053 &hcon->flags);
1054 } else {
1055
1056
1057
1058
1059 persistent = !!((req->auth_req & rsp->auth_req) &
1060 SMP_AUTH_BONDING);
1061 }
1062
1063 if (smp->remote_irk) {
1064 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1065
1066
1067
1068
1069
1070 if (hcon->type == LE_LINK) {
1071 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1072 hcon->dst_type = smp->remote_irk->addr_type;
1073 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1074 }
1075 }
1076
1077 if (smp->csrk) {
1078 smp->csrk->bdaddr_type = hcon->dst_type;
1079 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1080 mgmt_new_csrk(hdev, smp->csrk, persistent);
1081 }
1082
1083 if (smp->slave_csrk) {
1084 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1085 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1086 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1087 }
1088
1089 if (smp->ltk) {
1090 smp->ltk->bdaddr_type = hcon->dst_type;
1091 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1092 mgmt_new_ltk(hdev, smp->ltk, persistent);
1093 }
1094
1095 if (smp->slave_ltk) {
1096 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1097 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1098 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1099 }
1100
1101 if (smp->link_key) {
1102 struct link_key *key;
1103 u8 type;
1104
1105 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1106 type = HCI_LK_DEBUG_COMBINATION;
1107 else if (hcon->sec_level == BT_SECURITY_FIPS)
1108 type = HCI_LK_AUTH_COMBINATION_P256;
1109 else
1110 type = HCI_LK_UNAUTH_COMBINATION_P256;
1111
1112 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1113 smp->link_key, type, 0, &persistent);
1114 if (key) {
1115 mgmt_new_link_key(hdev, key, persistent);
1116
1117
1118
1119
1120 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
1121 key->type == HCI_LK_DEBUG_COMBINATION) {
1122 list_del_rcu(&key->list);
1123 kfree_rcu(key, rcu);
1124 }
1125 }
1126 }
1127}
1128
1129static void sc_add_ltk(struct smp_chan *smp)
1130{
1131 struct hci_conn *hcon = smp->conn->hcon;
1132 u8 key_type, auth;
1133
1134 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1135 key_type = SMP_LTK_P256_DEBUG;
1136 else
1137 key_type = SMP_LTK_P256;
1138
1139 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1140 auth = 1;
1141 else
1142 auth = 0;
1143
1144 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1145 key_type, auth, smp->tk, smp->enc_key_size,
1146 0, 0);
1147}
1148
1149static void sc_generate_link_key(struct smp_chan *smp)
1150{
1151
1152
1153
1154 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
1161 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1162 kzfree(smp->link_key);
1163 smp->link_key = NULL;
1164 return;
1165 }
1166
1167 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1168 kzfree(smp->link_key);
1169 smp->link_key = NULL;
1170 return;
1171 }
1172}
1173
1174static void smp_allow_key_dist(struct smp_chan *smp)
1175{
1176
1177
1178
1179
1180 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1181 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1182 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1183 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1184 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1185 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1186}
1187
1188static void sc_generate_ltk(struct smp_chan *smp)
1189{
1190
1191
1192
1193 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1194 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1195 struct hci_conn *hcon = smp->conn->hcon;
1196 struct hci_dev *hdev = hcon->hdev;
1197 struct link_key *key;
1198
1199 key = hci_find_link_key(hdev, &hcon->dst);
1200 if (!key) {
1201 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1202 return;
1203 }
1204
1205 if (key->type == HCI_LK_DEBUG_COMBINATION)
1206 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1207
1208 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1209 return;
1210
1211 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1212 return;
1213
1214 sc_add_ltk(smp);
1215}
1216
1217static void smp_distribute_keys(struct smp_chan *smp)
1218{
1219 struct smp_cmd_pairing *req, *rsp;
1220 struct l2cap_conn *conn = smp->conn;
1221 struct hci_conn *hcon = conn->hcon;
1222 struct hci_dev *hdev = hcon->hdev;
1223 __u8 *keydist;
1224
1225 BT_DBG("conn %p", conn);
1226
1227 rsp = (void *) &smp->prsp[1];
1228
1229
1230 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1231 smp_allow_key_dist(smp);
1232 return;
1233 }
1234
1235 req = (void *) &smp->preq[1];
1236
1237 if (hcon->out) {
1238 keydist = &rsp->init_key_dist;
1239 *keydist &= req->init_key_dist;
1240 } else {
1241 keydist = &rsp->resp_key_dist;
1242 *keydist &= req->resp_key_dist;
1243 }
1244
1245 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1246 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1247 sc_generate_link_key(smp);
1248 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1249 sc_generate_ltk(smp);
1250
1251
1252 *keydist &= ~SMP_SC_NO_DIST;
1253 }
1254
1255 BT_DBG("keydist 0x%x", *keydist);
1256
1257 if (*keydist & SMP_DIST_ENC_KEY) {
1258 struct smp_cmd_encrypt_info enc;
1259 struct smp_cmd_master_ident ident;
1260 struct smp_ltk *ltk;
1261 u8 authenticated;
1262 __le16 ediv;
1263 __le64 rand;
1264
1265
1266
1267
1268
1269 get_random_bytes(enc.ltk, smp->enc_key_size);
1270 memset(enc.ltk + smp->enc_key_size, 0,
1271 sizeof(enc.ltk) - smp->enc_key_size);
1272
1273 get_random_bytes(&ediv, sizeof(ediv));
1274 get_random_bytes(&rand, sizeof(rand));
1275
1276 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1277
1278 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1279 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1280 SMP_LTK_SLAVE, authenticated, enc.ltk,
1281 smp->enc_key_size, ediv, rand);
1282 smp->slave_ltk = ltk;
1283
1284 ident.ediv = ediv;
1285 ident.rand = rand;
1286
1287 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1288
1289 *keydist &= ~SMP_DIST_ENC_KEY;
1290 }
1291
1292 if (*keydist & SMP_DIST_ID_KEY) {
1293 struct smp_cmd_ident_addr_info addrinfo;
1294 struct smp_cmd_ident_info idinfo;
1295
1296 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1297
1298 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1299
1300
1301
1302
1303
1304
1305
1306 bacpy(&addrinfo.bdaddr, &hcon->src);
1307 addrinfo.addr_type = hcon->src_type;
1308
1309 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1310 &addrinfo);
1311
1312 *keydist &= ~SMP_DIST_ID_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_SIGN) {
1316 struct smp_cmd_sign_info sign;
1317 struct smp_csrk *csrk;
1318
1319
1320 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1321
1322 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1323 if (csrk) {
1324 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1325 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1326 else
1327 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
1328 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1329 }
1330 smp->slave_csrk = csrk;
1331
1332 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1333
1334 *keydist &= ~SMP_DIST_SIGN;
1335 }
1336
1337
1338 if (smp->remote_key_dist & KEY_DIST_MASK) {
1339 smp_allow_key_dist(smp);
1340 return;
1341 }
1342
1343 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1344 smp_notify_keys(conn);
1345
1346 smp_chan_destroy(conn);
1347}
1348
1349static void smp_timeout(struct work_struct *work)
1350{
1351 struct smp_chan *smp = container_of(work, struct smp_chan,
1352 security_timer.work);
1353 struct l2cap_conn *conn = smp->conn;
1354
1355 BT_DBG("conn %p", conn);
1356
1357 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1358}
1359
1360static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1361{
1362 struct l2cap_chan *chan = conn->smp;
1363 struct smp_chan *smp;
1364
1365 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1366 if (!smp)
1367 return NULL;
1368
1369 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1370 if (IS_ERR(smp->tfm_aes)) {
1371 BT_ERR("Unable to create ECB crypto context");
1372 kzfree(smp);
1373 return NULL;
1374 }
1375
1376 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1377 if (IS_ERR(smp->tfm_cmac)) {
1378 BT_ERR("Unable to create CMAC crypto context");
1379 crypto_free_blkcipher(smp->tfm_aes);
1380 kzfree(smp);
1381 return NULL;
1382 }
1383
1384 smp->conn = conn;
1385 chan->data = smp;
1386
1387 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1388
1389 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1390
1391 hci_conn_hold(conn->hcon);
1392
1393 return smp;
1394}
1395
1396static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1397{
1398 struct hci_conn *hcon = smp->conn->hcon;
1399 u8 *na, *nb, a[7], b[7];
1400
1401 if (hcon->out) {
1402 na = smp->prnd;
1403 nb = smp->rrnd;
1404 } else {
1405 na = smp->rrnd;
1406 nb = smp->prnd;
1407 }
1408
1409 memcpy(a, &hcon->init_addr, 6);
1410 memcpy(b, &hcon->resp_addr, 6);
1411 a[6] = hcon->init_addr_type;
1412 b[6] = hcon->resp_addr_type;
1413
1414 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1415}
1416
1417static void sc_dhkey_check(struct smp_chan *smp)
1418{
1419 struct hci_conn *hcon = smp->conn->hcon;
1420 struct smp_cmd_dhkey_check check;
1421 u8 a[7], b[7], *local_addr, *remote_addr;
1422 u8 io_cap[3], r[16];
1423
1424 memcpy(a, &hcon->init_addr, 6);
1425 memcpy(b, &hcon->resp_addr, 6);
1426 a[6] = hcon->init_addr_type;
1427 b[6] = hcon->resp_addr_type;
1428
1429 if (hcon->out) {
1430 local_addr = a;
1431 remote_addr = b;
1432 memcpy(io_cap, &smp->preq[1], 3);
1433 } else {
1434 local_addr = b;
1435 remote_addr = a;
1436 memcpy(io_cap, &smp->prsp[1], 3);
1437 }
1438
1439 memset(r, 0, sizeof(r));
1440
1441 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1442 put_unaligned_le32(hcon->passkey_notify, r);
1443
1444 if (smp->method == REQ_OOB)
1445 memcpy(r, smp->rr, 16);
1446
1447 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1448 local_addr, remote_addr, check.e);
1449
1450 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1451}
1452
1453static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1454{
1455 struct l2cap_conn *conn = smp->conn;
1456 struct hci_conn *hcon = conn->hcon;
1457 struct smp_cmd_pairing_confirm cfm;
1458 u8 r;
1459
1460 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1461 r |= 0x80;
1462
1463 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1464
1465 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1466 cfm.confirm_val))
1467 return SMP_UNSPECIFIED;
1468
1469 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1470
1471 return 0;
1472}
1473
1474static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1475{
1476 struct l2cap_conn *conn = smp->conn;
1477 struct hci_conn *hcon = conn->hcon;
1478 struct hci_dev *hdev = hcon->hdev;
1479 u8 cfm[16], r;
1480
1481
1482 if (smp->passkey_round >= 20)
1483 return 0;
1484
1485 switch (smp_op) {
1486 case SMP_CMD_PAIRING_RANDOM:
1487 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1488 r |= 0x80;
1489
1490 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1491 smp->rrnd, r, cfm))
1492 return SMP_UNSPECIFIED;
1493
1494 if (memcmp(smp->pcnf, cfm, 16))
1495 return SMP_CONFIRM_FAILED;
1496
1497 smp->passkey_round++;
1498
1499 if (smp->passkey_round == 20) {
1500
1501 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1502 return SMP_UNSPECIFIED;
1503 }
1504
1505
1506
1507
1508 if (!hcon->out) {
1509 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1510 sizeof(smp->prnd), smp->prnd);
1511 if (smp->passkey_round == 20)
1512 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1513 else
1514 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1515 return 0;
1516 }
1517
1518
1519 if (smp->passkey_round != 20)
1520 return sc_passkey_round(smp, 0);
1521
1522
1523 sc_dhkey_check(smp);
1524 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1525
1526 break;
1527
1528 case SMP_CMD_PAIRING_CONFIRM:
1529 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1530 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1531 return 0;
1532 }
1533
1534 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1535
1536 if (hcon->out) {
1537 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1538 sizeof(smp->prnd), smp->prnd);
1539 return 0;
1540 }
1541
1542 return sc_passkey_send_confirm(smp);
1543
1544 case SMP_CMD_PUBLIC_KEY:
1545 default:
1546
1547 if (!hcon->out)
1548 return 0;
1549
1550 BT_DBG("%s Starting passkey round %u", hdev->name,
1551 smp->passkey_round + 1);
1552
1553 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1554
1555 return sc_passkey_send_confirm(smp);
1556 }
1557
1558 return 0;
1559}
1560
1561static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1562{
1563 struct l2cap_conn *conn = smp->conn;
1564 struct hci_conn *hcon = conn->hcon;
1565 u8 smp_op;
1566
1567 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1568
1569 switch (mgmt_op) {
1570 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1571 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1572 return 0;
1573 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1574 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1575 return 0;
1576 case MGMT_OP_USER_PASSKEY_REPLY:
1577 hcon->passkey_notify = le32_to_cpu(passkey);
1578 smp->passkey_round = 0;
1579
1580 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1581 smp_op = SMP_CMD_PAIRING_CONFIRM;
1582 else
1583 smp_op = 0;
1584
1585 if (sc_passkey_round(smp, smp_op))
1586 return -EIO;
1587
1588 return 0;
1589 }
1590
1591
1592 if (hcon->out) {
1593 sc_dhkey_check(smp);
1594 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1595 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1596 sc_dhkey_check(smp);
1597 sc_add_ltk(smp);
1598 }
1599
1600 return 0;
1601}
1602
1603int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1604{
1605 struct l2cap_conn *conn = hcon->l2cap_data;
1606 struct l2cap_chan *chan;
1607 struct smp_chan *smp;
1608 u32 value;
1609 int err;
1610
1611 BT_DBG("");
1612
1613 if (!conn)
1614 return -ENOTCONN;
1615
1616 chan = conn->smp;
1617 if (!chan)
1618 return -ENOTCONN;
1619
1620 l2cap_chan_lock(chan);
1621 if (!chan->data) {
1622 err = -ENOTCONN;
1623 goto unlock;
1624 }
1625
1626 smp = chan->data;
1627
1628 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1629 err = sc_user_reply(smp, mgmt_op, passkey);
1630 goto unlock;
1631 }
1632
1633 switch (mgmt_op) {
1634 case MGMT_OP_USER_PASSKEY_REPLY:
1635 value = le32_to_cpu(passkey);
1636 memset(smp->tk, 0, sizeof(smp->tk));
1637 BT_DBG("PassKey: %d", value);
1638 put_unaligned_le32(value, smp->tk);
1639
1640 case MGMT_OP_USER_CONFIRM_REPLY:
1641 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1642 break;
1643 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1644 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1645 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1646 err = 0;
1647 goto unlock;
1648 default:
1649 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1650 err = -EOPNOTSUPP;
1651 goto unlock;
1652 }
1653
1654 err = 0;
1655
1656
1657 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1658 u8 rsp = smp_confirm(smp);
1659 if (rsp)
1660 smp_failure(conn, rsp);
1661 }
1662
1663unlock:
1664 l2cap_chan_unlock(chan);
1665 return err;
1666}
1667
1668static void build_bredr_pairing_cmd(struct smp_chan *smp,
1669 struct smp_cmd_pairing *req,
1670 struct smp_cmd_pairing *rsp)
1671{
1672 struct l2cap_conn *conn = smp->conn;
1673 struct hci_dev *hdev = conn->hcon->hdev;
1674 u8 local_dist = 0, remote_dist = 0;
1675
1676 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
1677 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1678 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1679 }
1680
1681 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
1682 remote_dist |= SMP_DIST_ID_KEY;
1683
1684 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
1685 local_dist |= SMP_DIST_ID_KEY;
1686
1687 if (!rsp) {
1688 memset(req, 0, sizeof(*req));
1689
1690 req->init_key_dist = local_dist;
1691 req->resp_key_dist = remote_dist;
1692 req->max_key_size = conn->hcon->enc_key_size;
1693
1694 smp->remote_key_dist = remote_dist;
1695
1696 return;
1697 }
1698
1699 memset(rsp, 0, sizeof(*rsp));
1700
1701 rsp->max_key_size = conn->hcon->enc_key_size;
1702 rsp->init_key_dist = req->init_key_dist & remote_dist;
1703 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1704
1705 smp->remote_key_dist = rsp->init_key_dist;
1706}
1707
1708static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1709{
1710 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1711 struct l2cap_chan *chan = conn->smp;
1712 struct hci_dev *hdev = conn->hcon->hdev;
1713 struct smp_chan *smp;
1714 u8 key_size, auth, sec_level;
1715 int ret;
1716
1717 BT_DBG("conn %p", conn);
1718
1719 if (skb->len < sizeof(*req))
1720 return SMP_INVALID_PARAMS;
1721
1722 if (conn->hcon->role != HCI_ROLE_SLAVE)
1723 return SMP_CMD_NOTSUPP;
1724
1725 if (!chan->data)
1726 smp = smp_chan_create(conn);
1727 else
1728 smp = chan->data;
1729
1730 if (!smp)
1731 return SMP_UNSPECIFIED;
1732
1733
1734 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1735
1736 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
1737 (auth & SMP_AUTH_BONDING))
1738 return SMP_PAIRING_NOTSUPP;
1739
1740 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1741 return SMP_AUTH_REQUIREMENTS;
1742
1743 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1744 memcpy(&smp->preq[1], req, sizeof(*req));
1745 skb_pull(skb, sizeof(*req));
1746
1747
1748
1749
1750
1751 if (req->oob_flag == SMP_OOB_PRESENT)
1752 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1753
1754
1755 if (conn->hcon->type == ACL_LINK) {
1756
1757 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1758 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
1759 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1760
1761 set_bit(SMP_FLAG_SC, &smp->flags);
1762
1763 build_bredr_pairing_cmd(smp, req, &rsp);
1764
1765 key_size = min(req->max_key_size, rsp.max_key_size);
1766 if (check_enc_key_size(conn, key_size))
1767 return SMP_ENC_KEY_SIZE;
1768
1769
1770 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1771
1772 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1773 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1774 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1775
1776 smp_distribute_keys(smp);
1777 return 0;
1778 }
1779
1780 build_pairing_cmd(conn, req, &rsp, auth);
1781
1782 if (rsp.auth_req & SMP_AUTH_SC)
1783 set_bit(SMP_FLAG_SC, &smp->flags);
1784
1785 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1786 sec_level = BT_SECURITY_MEDIUM;
1787 else
1788 sec_level = authreq_to_seclevel(auth);
1789
1790 if (sec_level > conn->hcon->pending_sec_level)
1791 conn->hcon->pending_sec_level = sec_level;
1792
1793
1794 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1795 u8 method;
1796
1797 method = get_auth_method(smp, conn->hcon->io_capability,
1798 req->io_capability);
1799 if (method == JUST_WORKS || method == JUST_CFM)
1800 return SMP_AUTH_REQUIREMENTS;
1801 }
1802
1803 key_size = min(req->max_key_size, rsp.max_key_size);
1804 if (check_enc_key_size(conn, key_size))
1805 return SMP_ENC_KEY_SIZE;
1806
1807 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1808
1809 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1810 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1811
1812 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1813
1814 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1815
1816
1817
1818
1819
1820
1821 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1822
1823 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1824 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1825
1826 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1827
1828 return 0;
1829 }
1830
1831
1832 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1833 if (ret)
1834 return SMP_UNSPECIFIED;
1835
1836 return 0;
1837}
1838
1839static u8 sc_send_public_key(struct smp_chan *smp)
1840{
1841 struct hci_dev *hdev = smp->conn->hcon->hdev;
1842
1843 BT_DBG("");
1844
1845 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1846 struct l2cap_chan *chan = hdev->smp_data;
1847 struct smp_dev *smp_dev;
1848
1849 if (!chan || !chan->data)
1850 return SMP_UNSPECIFIED;
1851
1852 smp_dev = chan->data;
1853
1854 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1855 memcpy(smp->local_sk, smp_dev->local_sk, 32);
1856 memcpy(smp->lr, smp_dev->local_rand, 16);
1857
1858 if (smp_dev->debug_key)
1859 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1860
1861 goto done;
1862 }
1863
1864 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
1865 BT_DBG("Using debug keys");
1866 memcpy(smp->local_pk, debug_pk, 64);
1867 memcpy(smp->local_sk, debug_sk, 32);
1868 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1869 } else {
1870 while (true) {
1871
1872 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1873 return SMP_UNSPECIFIED;
1874
1875
1876
1877
1878 if (memcmp(smp->local_sk, debug_sk, 32))
1879 break;
1880 }
1881 }
1882
1883done:
1884 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1885 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
1886 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1887
1888 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1889
1890 return 0;
1891}
1892
1893static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1894{
1895 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1896 struct l2cap_chan *chan = conn->smp;
1897 struct smp_chan *smp = chan->data;
1898 struct hci_dev *hdev = conn->hcon->hdev;
1899 u8 key_size, auth;
1900 int ret;
1901
1902 BT_DBG("conn %p", conn);
1903
1904 if (skb->len < sizeof(*rsp))
1905 return SMP_INVALID_PARAMS;
1906
1907 if (conn->hcon->role != HCI_ROLE_MASTER)
1908 return SMP_CMD_NOTSUPP;
1909
1910 skb_pull(skb, sizeof(*rsp));
1911
1912 req = (void *) &smp->preq[1];
1913
1914 key_size = min(req->max_key_size, rsp->max_key_size);
1915 if (check_enc_key_size(conn, key_size))
1916 return SMP_ENC_KEY_SIZE;
1917
1918 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1919
1920 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1921 return SMP_AUTH_REQUIREMENTS;
1922
1923
1924
1925
1926
1927 if (rsp->oob_flag == SMP_OOB_PRESENT)
1928 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1929
1930 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1931 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1932
1933
1934
1935
1936 smp->remote_key_dist &= rsp->resp_key_dist;
1937
1938
1939 if (conn->hcon->type == ACL_LINK) {
1940
1941 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1942 smp_distribute_keys(smp);
1943 return 0;
1944 }
1945
1946 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1947 set_bit(SMP_FLAG_SC, &smp->flags);
1948 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1949 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1950
1951
1952 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1953 u8 method;
1954
1955 method = get_auth_method(smp, req->io_capability,
1956 rsp->io_capability);
1957 if (method == JUST_WORKS || method == JUST_CFM)
1958 return SMP_AUTH_REQUIREMENTS;
1959 }
1960
1961 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1962
1963
1964
1965
1966 smp->remote_key_dist &= rsp->resp_key_dist;
1967
1968 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1969
1970 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1971 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1972 return sc_send_public_key(smp);
1973 }
1974
1975 auth |= req->auth_req;
1976
1977 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1978 if (ret)
1979 return SMP_UNSPECIFIED;
1980
1981 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1982
1983
1984 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1985 return smp_confirm(smp);
1986
1987 return 0;
1988}
1989
1990static u8 sc_check_confirm(struct smp_chan *smp)
1991{
1992 struct l2cap_conn *conn = smp->conn;
1993
1994 BT_DBG("");
1995
1996 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1997 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1998
1999 if (conn->hcon->out) {
2000 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2001 smp->prnd);
2002 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2003 }
2004
2005 return 0;
2006}
2007
2008
2009
2010
2011
2012static int fixup_sc_false_positive(struct smp_chan *smp)
2013{
2014 struct l2cap_conn *conn = smp->conn;
2015 struct hci_conn *hcon = conn->hcon;
2016 struct hci_dev *hdev = hcon->hdev;
2017 struct smp_cmd_pairing *req, *rsp;
2018 u8 auth;
2019
2020
2021 if (hcon->out)
2022 return SMP_UNSPECIFIED;
2023
2024 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2025 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2026 return SMP_UNSPECIFIED;
2027 }
2028
2029 BT_ERR("Trying to fall back to legacy SMP");
2030
2031 req = (void *) &smp->preq[1];
2032 rsp = (void *) &smp->prsp[1];
2033
2034
2035 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2036
2037 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2038
2039 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2040 BT_ERR("Failed to fall back to legacy SMP");
2041 return SMP_UNSPECIFIED;
2042 }
2043
2044 clear_bit(SMP_FLAG_SC, &smp->flags);
2045
2046 return 0;
2047}
2048
2049static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
2050{
2051 struct l2cap_chan *chan = conn->smp;
2052 struct smp_chan *smp = chan->data;
2053
2054 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2055
2056 if (skb->len < sizeof(smp->pcnf))
2057 return SMP_INVALID_PARAMS;
2058
2059 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2060 skb_pull(skb, sizeof(smp->pcnf));
2061
2062 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2063 int ret;
2064
2065
2066 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2067 return sc_check_confirm(smp);
2068
2069 BT_ERR("Unexpected SMP Pairing Confirm");
2070
2071 ret = fixup_sc_false_positive(smp);
2072 if (ret)
2073 return ret;
2074 }
2075
2076 if (conn->hcon->out) {
2077 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2078 smp->prnd);
2079 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2080 return 0;
2081 }
2082
2083 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2084 return smp_confirm(smp);
2085
2086 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2087
2088 return 0;
2089}
2090
2091static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
2092{
2093 struct l2cap_chan *chan = conn->smp;
2094 struct smp_chan *smp = chan->data;
2095 struct hci_conn *hcon = conn->hcon;
2096 u8 *pkax, *pkbx, *na, *nb;
2097 u32 passkey;
2098 int err;
2099
2100 BT_DBG("conn %p", conn);
2101
2102 if (skb->len < sizeof(smp->rrnd))
2103 return SMP_INVALID_PARAMS;
2104
2105 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
2106 skb_pull(skb, sizeof(smp->rrnd));
2107
2108 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2109 return smp_random(smp);
2110
2111 if (hcon->out) {
2112 pkax = smp->local_pk;
2113 pkbx = smp->remote_pk;
2114 na = smp->prnd;
2115 nb = smp->rrnd;
2116 } else {
2117 pkax = smp->remote_pk;
2118 pkbx = smp->local_pk;
2119 na = smp->rrnd;
2120 nb = smp->prnd;
2121 }
2122
2123 if (smp->method == REQ_OOB) {
2124 if (!hcon->out)
2125 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2126 sizeof(smp->prnd), smp->prnd);
2127 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2128 goto mackey_and_ltk;
2129 }
2130
2131
2132 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2133 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2134
2135 if (hcon->out) {
2136 u8 cfm[16];
2137
2138 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2139 smp->rrnd, 0, cfm);
2140 if (err)
2141 return SMP_UNSPECIFIED;
2142
2143 if (memcmp(smp->pcnf, cfm, 16))
2144 return SMP_CONFIRM_FAILED;
2145 } else {
2146 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2147 smp->prnd);
2148 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2149 }
2150
2151mackey_and_ltk:
2152
2153 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2154 if (err)
2155 return SMP_UNSPECIFIED;
2156
2157 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2158 if (hcon->out) {
2159 sc_dhkey_check(smp);
2160 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2161 }
2162 return 0;
2163 }
2164
2165 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2166 if (err)
2167 return SMP_UNSPECIFIED;
2168
2169 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2170 hcon->dst_type, passkey, 0);
2171 if (err)
2172 return SMP_UNSPECIFIED;
2173
2174 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2175
2176 return 0;
2177}
2178
2179static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2180{
2181 struct smp_ltk *key;
2182 struct hci_conn *hcon = conn->hcon;
2183
2184 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2185 if (!key)
2186 return false;
2187
2188 if (smp_ltk_sec_level(key) < sec_level)
2189 return false;
2190
2191 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2192 return true;
2193
2194 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
2195 hcon->enc_key_size = key->enc_size;
2196
2197
2198 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2199
2200 return true;
2201}
2202
2203bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2204 enum smp_key_pref key_pref)
2205{
2206 if (sec_level == BT_SECURITY_LOW)
2207 return true;
2208
2209
2210
2211
2212
2213
2214
2215 if (key_pref == SMP_USE_LTK &&
2216 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2217 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2218 return false;
2219
2220 if (hcon->sec_level >= sec_level)
2221 return true;
2222
2223 return false;
2224}
2225
2226static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2227{
2228 struct smp_cmd_security_req *rp = (void *) skb->data;
2229 struct smp_cmd_pairing cp;
2230 struct hci_conn *hcon = conn->hcon;
2231 struct hci_dev *hdev = hcon->hdev;
2232 struct smp_chan *smp;
2233 u8 sec_level, auth;
2234
2235 BT_DBG("conn %p", conn);
2236
2237 if (skb->len < sizeof(*rp))
2238 return SMP_INVALID_PARAMS;
2239
2240 if (hcon->role != HCI_ROLE_MASTER)
2241 return SMP_CMD_NOTSUPP;
2242
2243 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2244
2245 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
2246 return SMP_AUTH_REQUIREMENTS;
2247
2248 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2249 sec_level = BT_SECURITY_MEDIUM;
2250 else
2251 sec_level = authreq_to_seclevel(auth);
2252
2253 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2254 return 0;
2255
2256 if (sec_level > hcon->pending_sec_level)
2257 hcon->pending_sec_level = sec_level;
2258
2259 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2260 return 0;
2261
2262 smp = smp_chan_create(conn);
2263 if (!smp)
2264 return SMP_UNSPECIFIED;
2265
2266 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2267 (auth & SMP_AUTH_BONDING))
2268 return SMP_PAIRING_NOTSUPP;
2269
2270 skb_pull(skb, sizeof(*rp));
2271
2272 memset(&cp, 0, sizeof(cp));
2273 build_pairing_cmd(conn, &cp, NULL, auth);
2274
2275 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2276 memcpy(&smp->preq[1], &cp, sizeof(cp));
2277
2278 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2279 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2280
2281 return 0;
2282}
2283
2284int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2285{
2286 struct l2cap_conn *conn = hcon->l2cap_data;
2287 struct l2cap_chan *chan;
2288 struct smp_chan *smp;
2289 __u8 authreq;
2290 int ret;
2291
2292 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2293
2294
2295 if (!conn)
2296 return 1;
2297
2298 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2299 return 1;
2300
2301 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2302 return 1;
2303
2304 if (sec_level > hcon->pending_sec_level)
2305 hcon->pending_sec_level = sec_level;
2306
2307 if (hcon->role == HCI_ROLE_MASTER)
2308 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2309 return 0;
2310
2311 chan = conn->smp;
2312 if (!chan) {
2313 BT_ERR("SMP security requested but not available");
2314 return 1;
2315 }
2316
2317 l2cap_chan_lock(chan);
2318
2319
2320 if (chan->data) {
2321 ret = 0;
2322 goto unlock;
2323 }
2324
2325 smp = smp_chan_create(conn);
2326 if (!smp) {
2327 ret = 1;
2328 goto unlock;
2329 }
2330
2331 authreq = seclevel_to_authreq(sec_level);
2332
2333 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
2334 authreq |= SMP_AUTH_SC;
2335
2336
2337
2338
2339 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2340 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2341 authreq |= SMP_AUTH_MITM;
2342
2343 if (hcon->role == HCI_ROLE_MASTER) {
2344 struct smp_cmd_pairing cp;
2345
2346 build_pairing_cmd(conn, &cp, NULL, authreq);
2347 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2348 memcpy(&smp->preq[1], &cp, sizeof(cp));
2349
2350 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2351 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2352 } else {
2353 struct smp_cmd_security_req cp;
2354 cp.auth_req = authreq;
2355 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2356 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2357 }
2358
2359 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2360 ret = 0;
2361
2362unlock:
2363 l2cap_chan_unlock(chan);
2364 return ret;
2365}
2366
2367void smp_cancel_pairing(struct hci_conn *hcon)
2368{
2369 struct l2cap_conn *conn = hcon->l2cap_data;
2370 struct l2cap_chan *chan;
2371 struct smp_chan *smp;
2372
2373 if (!conn)
2374 return;
2375
2376 chan = conn->smp;
2377 if (!chan)
2378 return;
2379
2380 l2cap_chan_lock(chan);
2381
2382 smp = chan->data;
2383 if (smp) {
2384 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2385 smp_failure(conn, 0);
2386 else
2387 smp_failure(conn, SMP_UNSPECIFIED);
2388 }
2389
2390 l2cap_chan_unlock(chan);
2391}
2392
2393static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2394{
2395 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2396 struct l2cap_chan *chan = conn->smp;
2397 struct smp_chan *smp = chan->data;
2398
2399 BT_DBG("conn %p", conn);
2400
2401 if (skb->len < sizeof(*rp))
2402 return SMP_INVALID_PARAMS;
2403
2404 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2405
2406 skb_pull(skb, sizeof(*rp));
2407
2408 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2409
2410 return 0;
2411}
2412
2413static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2414{
2415 struct smp_cmd_master_ident *rp = (void *) skb->data;
2416 struct l2cap_chan *chan = conn->smp;
2417 struct smp_chan *smp = chan->data;
2418 struct hci_dev *hdev = conn->hcon->hdev;
2419 struct hci_conn *hcon = conn->hcon;
2420 struct smp_ltk *ltk;
2421 u8 authenticated;
2422
2423 BT_DBG("conn %p", conn);
2424
2425 if (skb->len < sizeof(*rp))
2426 return SMP_INVALID_PARAMS;
2427
2428
2429 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2430
2431 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2432 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2433 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2434 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2435
2436 skb_pull(skb, sizeof(*rp));
2437
2438 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2439 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2440 authenticated, smp->tk, smp->enc_key_size,
2441 rp->ediv, rp->rand);
2442 smp->ltk = ltk;
2443 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2444 smp_distribute_keys(smp);
2445
2446 return 0;
2447}
2448
2449static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2450{
2451 struct smp_cmd_ident_info *info = (void *) skb->data;
2452 struct l2cap_chan *chan = conn->smp;
2453 struct smp_chan *smp = chan->data;
2454
2455 BT_DBG("");
2456
2457 if (skb->len < sizeof(*info))
2458 return SMP_INVALID_PARAMS;
2459
2460 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2461
2462 skb_pull(skb, sizeof(*info));
2463
2464 memcpy(smp->irk, info->irk, 16);
2465
2466 return 0;
2467}
2468
2469static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2470 struct sk_buff *skb)
2471{
2472 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2473 struct l2cap_chan *chan = conn->smp;
2474 struct smp_chan *smp = chan->data;
2475 struct hci_conn *hcon = conn->hcon;
2476 bdaddr_t rpa;
2477
2478 BT_DBG("");
2479
2480 if (skb->len < sizeof(*info))
2481 return SMP_INVALID_PARAMS;
2482
2483
2484 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2485
2486 if (smp->remote_key_dist & SMP_DIST_SIGN)
2487 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2488
2489 skb_pull(skb, sizeof(*info));
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2502 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
2503 BT_ERR("Ignoring IRK with no identity address");
2504 goto distribute;
2505 }
2506
2507 bacpy(&smp->id_addr, &info->bdaddr);
2508 smp->id_addr_type = info->addr_type;
2509
2510 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2511 bacpy(&rpa, &hcon->dst);
2512 else
2513 bacpy(&rpa, BDADDR_ANY);
2514
2515 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2516 smp->id_addr_type, smp->irk, &rpa);
2517
2518distribute:
2519 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2520 smp_distribute_keys(smp);
2521
2522 return 0;
2523}
2524
2525static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2526{
2527 struct smp_cmd_sign_info *rp = (void *) skb->data;
2528 struct l2cap_chan *chan = conn->smp;
2529 struct smp_chan *smp = chan->data;
2530 struct smp_csrk *csrk;
2531
2532 BT_DBG("conn %p", conn);
2533
2534 if (skb->len < sizeof(*rp))
2535 return SMP_INVALID_PARAMS;
2536
2537
2538 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2539
2540 skb_pull(skb, sizeof(*rp));
2541
2542 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2543 if (csrk) {
2544 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2545 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2546 else
2547 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
2548 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2549 }
2550 smp->csrk = csrk;
2551 smp_distribute_keys(smp);
2552
2553 return 0;
2554}
2555
2556static u8 sc_select_method(struct smp_chan *smp)
2557{
2558 struct l2cap_conn *conn = smp->conn;
2559 struct hci_conn *hcon = conn->hcon;
2560 struct smp_cmd_pairing *local, *remote;
2561 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2562
2563 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2564 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
2565 return REQ_OOB;
2566
2567
2568
2569
2570
2571
2572 if (hcon->out) {
2573 local = (void *) &smp->preq[1];
2574 remote = (void *) &smp->prsp[1];
2575 } else {
2576 local = (void *) &smp->prsp[1];
2577 remote = (void *) &smp->preq[1];
2578 }
2579
2580 local_io = local->io_capability;
2581 remote_io = remote->io_capability;
2582
2583 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2584 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2585
2586
2587
2588
2589 if (local_mitm || remote_mitm)
2590 method = get_auth_method(smp, local_io, remote_io);
2591 else
2592 method = JUST_WORKS;
2593
2594
2595 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2596 method = JUST_WORKS;
2597
2598 return method;
2599}
2600
2601static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2602{
2603 struct smp_cmd_public_key *key = (void *) skb->data;
2604 struct hci_conn *hcon = conn->hcon;
2605 struct l2cap_chan *chan = conn->smp;
2606 struct smp_chan *smp = chan->data;
2607 struct hci_dev *hdev = hcon->hdev;
2608 struct smp_cmd_pairing_confirm cfm;
2609 int err;
2610
2611 BT_DBG("conn %p", conn);
2612
2613 if (skb->len < sizeof(*key))
2614 return SMP_INVALID_PARAMS;
2615
2616 memcpy(smp->remote_pk, key, 64);
2617
2618 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2619 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2620 smp->rr, 0, cfm.confirm_val);
2621 if (err)
2622 return SMP_UNSPECIFIED;
2623
2624 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2625 return SMP_CONFIRM_FAILED;
2626 }
2627
2628
2629
2630
2631 if (!hcon->out) {
2632 err = sc_send_public_key(smp);
2633 if (err)
2634 return err;
2635 }
2636
2637 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2638 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
2639
2640 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2641 return SMP_UNSPECIFIED;
2642
2643 SMP_DBG("DHKey %32phN", smp->dhkey);
2644
2645 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2646
2647 smp->method = sc_select_method(smp);
2648
2649 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2650
2651
2652 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2653 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2654 else
2655 hcon->pending_sec_level = BT_SECURITY_FIPS;
2656
2657 if (!memcmp(debug_pk, smp->remote_pk, 64))
2658 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2659
2660 if (smp->method == DSP_PASSKEY) {
2661 get_random_bytes(&hcon->passkey_notify,
2662 sizeof(hcon->passkey_notify));
2663 hcon->passkey_notify %= 1000000;
2664 hcon->passkey_entered = 0;
2665 smp->passkey_round = 0;
2666 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2667 hcon->dst_type,
2668 hcon->passkey_notify,
2669 hcon->passkey_entered))
2670 return SMP_UNSPECIFIED;
2671 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2672 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2673 }
2674
2675 if (smp->method == REQ_OOB) {
2676 if (hcon->out)
2677 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2678 sizeof(smp->prnd), smp->prnd);
2679
2680 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2681
2682 return 0;
2683 }
2684
2685 if (hcon->out)
2686 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2687
2688 if (smp->method == REQ_PASSKEY) {
2689 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2690 hcon->dst_type))
2691 return SMP_UNSPECIFIED;
2692 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2693 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2694 return 0;
2695 }
2696
2697
2698
2699
2700 if (conn->hcon->out)
2701 return 0;
2702
2703 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2704 0, cfm.confirm_val);
2705 if (err)
2706 return SMP_UNSPECIFIED;
2707
2708 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2709 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2710
2711 return 0;
2712}
2713
2714static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2715{
2716 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2717 struct l2cap_chan *chan = conn->smp;
2718 struct hci_conn *hcon = conn->hcon;
2719 struct smp_chan *smp = chan->data;
2720 u8 a[7], b[7], *local_addr, *remote_addr;
2721 u8 io_cap[3], r[16], e[16];
2722 int err;
2723
2724 BT_DBG("conn %p", conn);
2725
2726 if (skb->len < sizeof(*check))
2727 return SMP_INVALID_PARAMS;
2728
2729 memcpy(a, &hcon->init_addr, 6);
2730 memcpy(b, &hcon->resp_addr, 6);
2731 a[6] = hcon->init_addr_type;
2732 b[6] = hcon->resp_addr_type;
2733
2734 if (hcon->out) {
2735 local_addr = a;
2736 remote_addr = b;
2737 memcpy(io_cap, &smp->prsp[1], 3);
2738 } else {
2739 local_addr = b;
2740 remote_addr = a;
2741 memcpy(io_cap, &smp->preq[1], 3);
2742 }
2743
2744 memset(r, 0, sizeof(r));
2745
2746 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2747 put_unaligned_le32(hcon->passkey_notify, r);
2748 else if (smp->method == REQ_OOB)
2749 memcpy(r, smp->lr, 16);
2750
2751 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2752 io_cap, remote_addr, local_addr, e);
2753 if (err)
2754 return SMP_UNSPECIFIED;
2755
2756 if (memcmp(check->e, e, 16))
2757 return SMP_DHKEY_CHECK_FAILED;
2758
2759 if (!hcon->out) {
2760 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2761 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2762 return 0;
2763 }
2764
2765
2766 sc_dhkey_check(smp);
2767 }
2768
2769 sc_add_ltk(smp);
2770
2771 if (hcon->out) {
2772 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
2773 hcon->enc_key_size = smp->enc_key_size;
2774 }
2775
2776 return 0;
2777}
2778
2779static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2780 struct sk_buff *skb)
2781{
2782 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2783
2784 BT_DBG("value 0x%02x", kp->value);
2785
2786 return 0;
2787}
2788
2789static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2790{
2791 struct l2cap_conn *conn = chan->conn;
2792 struct hci_conn *hcon = conn->hcon;
2793 struct smp_chan *smp;
2794 __u8 code, reason;
2795 int err = 0;
2796
2797 if (skb->len < 1)
2798 return -EILSEQ;
2799
2800 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2801 reason = SMP_PAIRING_NOTSUPP;
2802 goto done;
2803 }
2804
2805 code = skb->data[0];
2806 skb_pull(skb, sizeof(code));
2807
2808 smp = chan->data;
2809
2810 if (code > SMP_CMD_MAX)
2811 goto drop;
2812
2813 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2814 goto drop;
2815
2816
2817
2818
2819 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2820 goto drop;
2821
2822 switch (code) {
2823 case SMP_CMD_PAIRING_REQ:
2824 reason = smp_cmd_pairing_req(conn, skb);
2825 break;
2826
2827 case SMP_CMD_PAIRING_FAIL:
2828 smp_failure(conn, 0);
2829 err = -EPERM;
2830 break;
2831
2832 case SMP_CMD_PAIRING_RSP:
2833 reason = smp_cmd_pairing_rsp(conn, skb);
2834 break;
2835
2836 case SMP_CMD_SECURITY_REQ:
2837 reason = smp_cmd_security_req(conn, skb);
2838 break;
2839
2840 case SMP_CMD_PAIRING_CONFIRM:
2841 reason = smp_cmd_pairing_confirm(conn, skb);
2842 break;
2843
2844 case SMP_CMD_PAIRING_RANDOM:
2845 reason = smp_cmd_pairing_random(conn, skb);
2846 break;
2847
2848 case SMP_CMD_ENCRYPT_INFO:
2849 reason = smp_cmd_encrypt_info(conn, skb);
2850 break;
2851
2852 case SMP_CMD_MASTER_IDENT:
2853 reason = smp_cmd_master_ident(conn, skb);
2854 break;
2855
2856 case SMP_CMD_IDENT_INFO:
2857 reason = smp_cmd_ident_info(conn, skb);
2858 break;
2859
2860 case SMP_CMD_IDENT_ADDR_INFO:
2861 reason = smp_cmd_ident_addr_info(conn, skb);
2862 break;
2863
2864 case SMP_CMD_SIGN_INFO:
2865 reason = smp_cmd_sign_info(conn, skb);
2866 break;
2867
2868 case SMP_CMD_PUBLIC_KEY:
2869 reason = smp_cmd_public_key(conn, skb);
2870 break;
2871
2872 case SMP_CMD_DHKEY_CHECK:
2873 reason = smp_cmd_dhkey_check(conn, skb);
2874 break;
2875
2876 case SMP_CMD_KEYPRESS_NOTIFY:
2877 reason = smp_cmd_keypress_notify(conn, skb);
2878 break;
2879
2880 default:
2881 BT_DBG("Unknown command code 0x%2.2x", code);
2882 reason = SMP_CMD_NOTSUPP;
2883 goto done;
2884 }
2885
2886done:
2887 if (!err) {
2888 if (reason)
2889 smp_failure(conn, reason);
2890 kfree_skb(skb);
2891 }
2892
2893 return err;
2894
2895drop:
2896 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2897 code, &hcon->dst);
2898 kfree_skb(skb);
2899 return 0;
2900}
2901
2902static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2903{
2904 struct l2cap_conn *conn = chan->conn;
2905
2906 BT_DBG("chan %p", chan);
2907
2908 if (chan->data)
2909 smp_chan_destroy(conn);
2910
2911 conn->smp = NULL;
2912 l2cap_chan_put(chan);
2913}
2914
2915static void bredr_pairing(struct l2cap_chan *chan)
2916{
2917 struct l2cap_conn *conn = chan->conn;
2918 struct hci_conn *hcon = conn->hcon;
2919 struct hci_dev *hdev = hcon->hdev;
2920 struct smp_cmd_pairing req;
2921 struct smp_chan *smp;
2922
2923 BT_DBG("chan %p", chan);
2924
2925
2926 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2927 return;
2928
2929
2930 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2931 return;
2932
2933
2934 if (hcon->role != HCI_ROLE_MASTER)
2935 return;
2936
2937
2938 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
2939 return;
2940
2941
2942 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2943 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
2944 return;
2945
2946
2947 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2948 return;
2949
2950
2951 if (!lmp_host_le_capable(hcon))
2952 return;
2953
2954
2955 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2956 return;
2957
2958
2959 if (chan->data)
2960 return;
2961
2962 smp = smp_chan_create(conn);
2963 if (!smp) {
2964 BT_ERR("%s unable to create SMP context for BR/EDR",
2965 hdev->name);
2966 return;
2967 }
2968
2969 set_bit(SMP_FLAG_SC, &smp->flags);
2970
2971 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2972
2973
2974 build_bredr_pairing_cmd(smp, &req, NULL);
2975
2976 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2977 memcpy(&smp->preq[1], &req, sizeof(req));
2978
2979 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2980 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2981}
2982
2983static void smp_resume_cb(struct l2cap_chan *chan)
2984{
2985 struct smp_chan *smp = chan->data;
2986 struct l2cap_conn *conn = chan->conn;
2987 struct hci_conn *hcon = conn->hcon;
2988
2989 BT_DBG("chan %p", chan);
2990
2991 if (hcon->type == ACL_LINK) {
2992 bredr_pairing(chan);
2993 return;
2994 }
2995
2996 if (!smp)
2997 return;
2998
2999 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3000 return;
3001
3002 cancel_delayed_work(&smp->security_timer);
3003
3004 smp_distribute_keys(smp);
3005}
3006
3007static void smp_ready_cb(struct l2cap_chan *chan)
3008{
3009 struct l2cap_conn *conn = chan->conn;
3010 struct hci_conn *hcon = conn->hcon;
3011
3012 BT_DBG("chan %p", chan);
3013
3014
3015
3016
3017
3018
3019
3020 conn->smp = chan;
3021
3022 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3023 bredr_pairing(chan);
3024}
3025
3026static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3027{
3028 int err;
3029
3030 BT_DBG("chan %p", chan);
3031
3032 err = smp_sig_channel(chan, skb);
3033 if (err) {
3034 struct smp_chan *smp = chan->data;
3035
3036 if (smp)
3037 cancel_delayed_work_sync(&smp->security_timer);
3038
3039 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
3040 }
3041
3042 return err;
3043}
3044
3045static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3046 unsigned long hdr_len,
3047 unsigned long len, int nb)
3048{
3049 struct sk_buff *skb;
3050
3051 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3052 if (!skb)
3053 return ERR_PTR(-ENOMEM);
3054
3055 skb->priority = HCI_PRIO_MAX;
3056 bt_cb(skb)->l2cap.chan = chan;
3057
3058 return skb;
3059}
3060
3061static const struct l2cap_ops smp_chan_ops = {
3062 .name = "Security Manager",
3063 .ready = smp_ready_cb,
3064 .recv = smp_recv_cb,
3065 .alloc_skb = smp_alloc_skb_cb,
3066 .teardown = smp_teardown_cb,
3067 .resume = smp_resume_cb,
3068
3069 .new_connection = l2cap_chan_no_new_connection,
3070 .state_change = l2cap_chan_no_state_change,
3071 .close = l2cap_chan_no_close,
3072 .defer = l2cap_chan_no_defer,
3073 .suspend = l2cap_chan_no_suspend,
3074 .set_shutdown = l2cap_chan_no_set_shutdown,
3075 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3076};
3077
3078static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3079{
3080 struct l2cap_chan *chan;
3081
3082 BT_DBG("pchan %p", pchan);
3083
3084 chan = l2cap_chan_create();
3085 if (!chan)
3086 return NULL;
3087
3088 chan->chan_type = pchan->chan_type;
3089 chan->ops = &smp_chan_ops;
3090 chan->scid = pchan->scid;
3091 chan->dcid = chan->scid;
3092 chan->imtu = pchan->imtu;
3093 chan->omtu = pchan->omtu;
3094 chan->mode = pchan->mode;
3095
3096
3097
3098
3099
3100
3101 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3102
3103 BT_DBG("created chan %p", chan);
3104
3105 return chan;
3106}
3107
3108static const struct l2cap_ops smp_root_chan_ops = {
3109 .name = "Security Manager Root",
3110 .new_connection = smp_new_conn_cb,
3111
3112
3113 .close = l2cap_chan_no_close,
3114 .alloc_skb = l2cap_chan_no_alloc_skb,
3115 .recv = l2cap_chan_no_recv,
3116 .state_change = l2cap_chan_no_state_change,
3117 .teardown = l2cap_chan_no_teardown,
3118 .ready = l2cap_chan_no_ready,
3119 .defer = l2cap_chan_no_defer,
3120 .suspend = l2cap_chan_no_suspend,
3121 .resume = l2cap_chan_no_resume,
3122 .set_shutdown = l2cap_chan_no_set_shutdown,
3123 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3124};
3125
3126static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
3127{
3128 struct l2cap_chan *chan;
3129 struct smp_dev *smp;
3130 struct crypto_blkcipher *tfm_aes;
3131 struct crypto_hash *tfm_cmac;
3132
3133 if (cid == L2CAP_CID_SMP_BREDR) {
3134 smp = NULL;
3135 goto create_chan;
3136 }
3137
3138 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3139 if (!smp)
3140 return ERR_PTR(-ENOMEM);
3141
3142 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3143 if (IS_ERR(tfm_aes)) {
3144 BT_ERR("Unable to create ECB crypto context");
3145 kzfree(smp);
3146 return ERR_CAST(tfm_aes);
3147 }
3148
3149 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3150 if (IS_ERR(tfm_cmac)) {
3151 BT_ERR("Unable to create CMAC crypto context");
3152 crypto_free_blkcipher(tfm_aes);
3153 kzfree(smp);
3154 return ERR_CAST(tfm_cmac);
3155 }
3156
3157 smp->tfm_aes = tfm_aes;
3158 smp->tfm_cmac = tfm_cmac;
3159 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
3160 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
3161
3162create_chan:
3163 chan = l2cap_chan_create();
3164 if (!chan) {
3165 if (smp) {
3166 crypto_free_blkcipher(smp->tfm_aes);
3167 crypto_free_hash(smp->tfm_cmac);
3168 kzfree(smp);
3169 }
3170 return ERR_PTR(-ENOMEM);
3171 }
3172
3173 chan->data = smp;
3174
3175 l2cap_add_scid(chan, cid);
3176
3177 l2cap_chan_set_defaults(chan);
3178
3179 if (cid == L2CAP_CID_SMP) {
3180 u8 bdaddr_type;
3181
3182 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3183
3184 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
3185 chan->src_type = BDADDR_LE_PUBLIC;
3186 else
3187 chan->src_type = BDADDR_LE_RANDOM;
3188 } else {
3189 bacpy(&chan->src, &hdev->bdaddr);
3190 chan->src_type = BDADDR_BREDR;
3191 }
3192
3193 chan->state = BT_LISTEN;
3194 chan->mode = L2CAP_MODE_BASIC;
3195 chan->imtu = L2CAP_DEFAULT_MTU;
3196 chan->ops = &smp_root_chan_ops;
3197
3198
3199 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3200
3201 return chan;
3202}
3203
3204static void smp_del_chan(struct l2cap_chan *chan)
3205{
3206 struct smp_dev *smp;
3207
3208 BT_DBG("chan %p", chan);
3209
3210 smp = chan->data;
3211 if (smp) {
3212 chan->data = NULL;
3213 if (smp->tfm_aes)
3214 crypto_free_blkcipher(smp->tfm_aes);
3215 if (smp->tfm_cmac)
3216 crypto_free_hash(smp->tfm_cmac);
3217 kzfree(smp);
3218 }
3219
3220 l2cap_chan_put(chan);
3221}
3222
3223static ssize_t force_bredr_smp_read(struct file *file,
3224 char __user *user_buf,
3225 size_t count, loff_t *ppos)
3226{
3227 struct hci_dev *hdev = file->private_data;
3228 char buf[3];
3229
3230 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
3231 buf[1] = '\n';
3232 buf[2] = '\0';
3233 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3234}
3235
3236static ssize_t force_bredr_smp_write(struct file *file,
3237 const char __user *user_buf,
3238 size_t count, loff_t *ppos)
3239{
3240 struct hci_dev *hdev = file->private_data;
3241 char buf[32];
3242 size_t buf_size = min(count, (sizeof(buf)-1));
3243 bool enable;
3244
3245 if (copy_from_user(buf, user_buf, buf_size))
3246 return -EFAULT;
3247
3248 buf[buf_size] = '\0';
3249 if (strtobool(buf, &enable))
3250 return -EINVAL;
3251
3252 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3253 return -EALREADY;
3254
3255 if (enable) {
3256 struct l2cap_chan *chan;
3257
3258 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3259 if (IS_ERR(chan))
3260 return PTR_ERR(chan);
3261
3262 hdev->smp_bredr_data = chan;
3263 } else {
3264 struct l2cap_chan *chan;
3265
3266 chan = hdev->smp_bredr_data;
3267 hdev->smp_bredr_data = NULL;
3268 smp_del_chan(chan);
3269 }
3270
3271 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
3272
3273 return count;
3274}
3275
3276static const struct file_operations force_bredr_smp_fops = {
3277 .open = simple_open,
3278 .read = force_bredr_smp_read,
3279 .write = force_bredr_smp_write,
3280 .llseek = default_llseek,
3281};
3282
3283static ssize_t le_min_key_size_read(struct file *file,
3284 char __user *user_buf,
3285 size_t count, loff_t *ppos)
3286{
3287 struct hci_dev *hdev = file->private_data;
3288 char buf[4];
3289
3290 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3291
3292 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3293}
3294
3295static ssize_t le_min_key_size_write(struct file *file,
3296 const char __user *user_buf,
3297 size_t count, loff_t *ppos)
3298{
3299 struct hci_dev *hdev = file->private_data;
3300 char buf[32];
3301 size_t buf_size = min(count, (sizeof(buf) - 1));
3302 u8 key_size;
3303
3304 if (copy_from_user(buf, user_buf, buf_size))
3305 return -EFAULT;
3306
3307 buf[buf_size] = '\0';
3308
3309 sscanf(buf, "%hhu", &key_size);
3310
3311 if (key_size > SMP_DEV(hdev)->max_key_size ||
3312 key_size < SMP_MIN_ENC_KEY_SIZE)
3313 return -EINVAL;
3314
3315 SMP_DEV(hdev)->min_key_size = key_size;
3316
3317 return count;
3318}
3319
3320static const struct file_operations le_min_key_size_fops = {
3321 .open = simple_open,
3322 .read = le_min_key_size_read,
3323 .write = le_min_key_size_write,
3324 .llseek = default_llseek,
3325};
3326
3327static ssize_t le_max_key_size_read(struct file *file,
3328 char __user *user_buf,
3329 size_t count, loff_t *ppos)
3330{
3331 struct hci_dev *hdev = file->private_data;
3332 char buf[4];
3333
3334 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3335
3336 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3337}
3338
3339static ssize_t le_max_key_size_write(struct file *file,
3340 const char __user *user_buf,
3341 size_t count, loff_t *ppos)
3342{
3343 struct hci_dev *hdev = file->private_data;
3344 char buf[32];
3345 size_t buf_size = min(count, (sizeof(buf) - 1));
3346 u8 key_size;
3347
3348 if (copy_from_user(buf, user_buf, buf_size))
3349 return -EFAULT;
3350
3351 buf[buf_size] = '\0';
3352
3353 sscanf(buf, "%hhu", &key_size);
3354
3355 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3356 key_size < SMP_DEV(hdev)->min_key_size)
3357 return -EINVAL;
3358
3359 SMP_DEV(hdev)->max_key_size = key_size;
3360
3361 return count;
3362}
3363
3364static const struct file_operations le_max_key_size_fops = {
3365 .open = simple_open,
3366 .read = le_max_key_size_read,
3367 .write = le_max_key_size_write,
3368 .llseek = default_llseek,
3369};
3370
3371int smp_register(struct hci_dev *hdev)
3372{
3373 struct l2cap_chan *chan;
3374
3375 BT_DBG("%s", hdev->name);
3376
3377
3378
3379
3380 if (!lmp_le_capable(hdev))
3381 return 0;
3382
3383 if (WARN_ON(hdev->smp_data)) {
3384 chan = hdev->smp_data;
3385 hdev->smp_data = NULL;
3386 smp_del_chan(chan);
3387 }
3388
3389 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3390 if (IS_ERR(chan))
3391 return PTR_ERR(chan);
3392
3393 hdev->smp_data = chan;
3394
3395 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3396 &le_min_key_size_fops);
3397 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3398 &le_max_key_size_fops);
3399
3400
3401
3402
3403
3404
3405
3406
3407 if (!lmp_sc_capable(hdev)) {
3408 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3409 hdev, &force_bredr_smp_fops);
3410 return 0;
3411 }
3412
3413 if (WARN_ON(hdev->smp_bredr_data)) {
3414 chan = hdev->smp_bredr_data;
3415 hdev->smp_bredr_data = NULL;
3416 smp_del_chan(chan);
3417 }
3418
3419 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3420 if (IS_ERR(chan)) {
3421 int err = PTR_ERR(chan);
3422 chan = hdev->smp_data;
3423 hdev->smp_data = NULL;
3424 smp_del_chan(chan);
3425 return err;
3426 }
3427
3428 hdev->smp_bredr_data = chan;
3429
3430 return 0;
3431}
3432
3433void smp_unregister(struct hci_dev *hdev)
3434{
3435 struct l2cap_chan *chan;
3436
3437 if (hdev->smp_bredr_data) {
3438 chan = hdev->smp_bredr_data;
3439 hdev->smp_bredr_data = NULL;
3440 smp_del_chan(chan);
3441 }
3442
3443 if (hdev->smp_data) {
3444 chan = hdev->smp_data;
3445 hdev->smp_data = NULL;
3446 smp_del_chan(chan);
3447 }
3448}
3449
3450#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3451
3452static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3453{
3454 const u8 irk[16] = {
3455 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3456 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3457 const u8 r[3] = { 0x94, 0x81, 0x70 };
3458 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3459 u8 res[3];
3460 int err;
3461
3462 err = smp_ah(tfm_aes, irk, r, res);
3463 if (err)
3464 return err;
3465
3466 if (memcmp(res, exp, 3))
3467 return -EINVAL;
3468
3469 return 0;
3470}
3471
3472static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3473{
3474 const u8 k[16] = {
3475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3477 const u8 r[16] = {
3478 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3479 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3480 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3481 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3482 const u8 _iat = 0x01;
3483 const u8 _rat = 0x00;
3484 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3485 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3486 const u8 exp[16] = {
3487 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3488 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3489 u8 res[16];
3490 int err;
3491
3492 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3493 if (err)
3494 return err;
3495
3496 if (memcmp(res, exp, 16))
3497 return -EINVAL;
3498
3499 return 0;
3500}
3501
3502static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3503{
3504 const u8 k[16] = {
3505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3507 const u8 r1[16] = {
3508 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3509 const u8 r2[16] = {
3510 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3511 const u8 exp[16] = {
3512 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3513 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3514 u8 res[16];
3515 int err;
3516
3517 err = smp_s1(tfm_aes, k, r1, r2, res);
3518 if (err)
3519 return err;
3520
3521 if (memcmp(res, exp, 16))
3522 return -EINVAL;
3523
3524 return 0;
3525}
3526
3527static int __init test_f4(struct crypto_hash *tfm_cmac)
3528{
3529 const u8 u[32] = {
3530 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3531 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3532 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3533 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3534 const u8 v[32] = {
3535 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3536 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3537 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3538 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3539 const u8 x[16] = {
3540 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3541 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3542 const u8 z = 0x00;
3543 const u8 exp[16] = {
3544 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3545 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3546 u8 res[16];
3547 int err;
3548
3549 err = smp_f4(tfm_cmac, u, v, x, z, res);
3550 if (err)
3551 return err;
3552
3553 if (memcmp(res, exp, 16))
3554 return -EINVAL;
3555
3556 return 0;
3557}
3558
3559static int __init test_f5(struct crypto_hash *tfm_cmac)
3560{
3561 const u8 w[32] = {
3562 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3563 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3564 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3565 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3566 const u8 n1[16] = {
3567 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3568 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3569 const u8 n2[16] = {
3570 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3571 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3572 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3573 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3574 const u8 exp_ltk[16] = {
3575 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3576 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3577 const u8 exp_mackey[16] = {
3578 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3579 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3580 u8 mackey[16], ltk[16];
3581 int err;
3582
3583 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3584 if (err)
3585 return err;
3586
3587 if (memcmp(mackey, exp_mackey, 16))
3588 return -EINVAL;
3589
3590 if (memcmp(ltk, exp_ltk, 16))
3591 return -EINVAL;
3592
3593 return 0;
3594}
3595
3596static int __init test_f6(struct crypto_hash *tfm_cmac)
3597{
3598 const u8 w[16] = {
3599 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3600 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3601 const u8 n1[16] = {
3602 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3603 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3604 const u8 n2[16] = {
3605 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3606 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3607 const u8 r[16] = {
3608 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3609 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3610 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3611 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3612 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3613 const u8 exp[16] = {
3614 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3615 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3616 u8 res[16];
3617 int err;
3618
3619 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3620 if (err)
3621 return err;
3622
3623 if (memcmp(res, exp, 16))
3624 return -EINVAL;
3625
3626 return 0;
3627}
3628
3629static int __init test_g2(struct crypto_hash *tfm_cmac)
3630{
3631 const u8 u[32] = {
3632 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3633 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3634 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3635 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3636 const u8 v[32] = {
3637 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3638 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3639 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3640 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3641 const u8 x[16] = {
3642 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3643 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3644 const u8 y[16] = {
3645 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3646 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3647 const u32 exp_val = 0x2f9ed5ba % 1000000;
3648 u32 val;
3649 int err;
3650
3651 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3652 if (err)
3653 return err;
3654
3655 if (val != exp_val)
3656 return -EINVAL;
3657
3658 return 0;
3659}
3660
3661static int __init test_h6(struct crypto_hash *tfm_cmac)
3662{
3663 const u8 w[16] = {
3664 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3665 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3666 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3667 const u8 exp[16] = {
3668 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3669 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3670 u8 res[16];
3671 int err;
3672
3673 err = smp_h6(tfm_cmac, w, key_id, res);
3674 if (err)
3675 return err;
3676
3677 if (memcmp(res, exp, 16))
3678 return -EINVAL;
3679
3680 return 0;
3681}
3682
3683static char test_smp_buffer[32];
3684
3685static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3686 size_t count, loff_t *ppos)
3687{
3688 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3689 strlen(test_smp_buffer));
3690}
3691
3692static const struct file_operations test_smp_fops = {
3693 .open = simple_open,
3694 .read = test_smp_read,
3695 .llseek = default_llseek,
3696};
3697
3698static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3699 struct crypto_hash *tfm_cmac)
3700{
3701 ktime_t calltime, delta, rettime;
3702 unsigned long long duration;
3703 int err;
3704
3705 calltime = ktime_get();
3706
3707 err = test_ah(tfm_aes);
3708 if (err) {
3709 BT_ERR("smp_ah test failed");
3710 goto done;
3711 }
3712
3713 err = test_c1(tfm_aes);
3714 if (err) {
3715 BT_ERR("smp_c1 test failed");
3716 goto done;
3717 }
3718
3719 err = test_s1(tfm_aes);
3720 if (err) {
3721 BT_ERR("smp_s1 test failed");
3722 goto done;
3723 }
3724
3725 err = test_f4(tfm_cmac);
3726 if (err) {
3727 BT_ERR("smp_f4 test failed");
3728 goto done;
3729 }
3730
3731 err = test_f5(tfm_cmac);
3732 if (err) {
3733 BT_ERR("smp_f5 test failed");
3734 goto done;
3735 }
3736
3737 err = test_f6(tfm_cmac);
3738 if (err) {
3739 BT_ERR("smp_f6 test failed");
3740 goto done;
3741 }
3742
3743 err = test_g2(tfm_cmac);
3744 if (err) {
3745 BT_ERR("smp_g2 test failed");
3746 goto done;
3747 }
3748
3749 err = test_h6(tfm_cmac);
3750 if (err) {
3751 BT_ERR("smp_h6 test failed");
3752 goto done;
3753 }
3754
3755 rettime = ktime_get();
3756 delta = ktime_sub(rettime, calltime);
3757 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3758
3759 BT_INFO("SMP test passed in %llu usecs", duration);
3760
3761done:
3762 if (!err)
3763 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3764 "PASS (%llu usecs)\n", duration);
3765 else
3766 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3767
3768 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3769 &test_smp_fops);
3770
3771 return err;
3772}
3773
3774int __init bt_selftest_smp(void)
3775{
3776 struct crypto_blkcipher *tfm_aes;
3777 struct crypto_hash *tfm_cmac;
3778 int err;
3779
3780 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3781 if (IS_ERR(tfm_aes)) {
3782 BT_ERR("Unable to create ECB crypto context");
3783 return PTR_ERR(tfm_aes);
3784 }
3785
3786 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3787 if (IS_ERR(tfm_cmac)) {
3788 BT_ERR("Unable to create CMAC crypto context");
3789 crypto_free_blkcipher(tfm_aes);
3790 return PTR_ERR(tfm_cmac);
3791 }
3792
3793 err = run_selftests(tfm_aes, tfm_cmac);
3794
3795 crypto_free_hash(tfm_cmac);
3796 crypto_free_blkcipher(tfm_aes);
3797
3798 return err;
3799}
3800
3801#endif
3802
