1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#include <linux/debugfs.h>
24#include <linux/scatterlist.h>
25#include <linux/crypto.h>
26#include <crypto/algapi.h>
27#include <crypto/b128ops.h>
28#include <crypto/hash.h>
29#include <crypto/kpp.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "ecdh_helper.h"
37#include "smp.h"
38
39#define SMP_DEV(hdev) \
40 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
41
42
43
44
45
46#ifdef DEBUG
47#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49#else
50#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
51 ##__VA_ARGS__)
52#endif
53
54#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
55
56
57#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
58
59#define SMP_TIMEOUT msecs_to_jiffies(30000)
60
61#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
62 0x3f : 0x07)
63#define KEY_DIST_MASK 0x07
64
65
66#define CMAC_MSG_MAX 80
67
68enum {
69 SMP_FLAG_TK_VALID,
70 SMP_FLAG_CFM_PENDING,
71 SMP_FLAG_MITM_AUTH,
72 SMP_FLAG_COMPLETE,
73 SMP_FLAG_INITIATOR,
74 SMP_FLAG_SC,
75 SMP_FLAG_REMOTE_PK,
76 SMP_FLAG_DEBUG_KEY,
77 SMP_FLAG_WAIT_USER,
78 SMP_FLAG_DHKEY_PENDING,
79 SMP_FLAG_REMOTE_OOB,
80 SMP_FLAG_LOCAL_OOB,
81 SMP_FLAG_CT2,
82};
83
84struct smp_dev {
85
86 bool local_oob;
87 u8 local_pk[64];
88 u8 local_rand[16];
89 bool debug_key;
90
91 struct crypto_cipher *tfm_aes;
92 struct crypto_shash *tfm_cmac;
93 struct crypto_kpp *tfm_ecdh;
94};
95
96struct smp_chan {
97 struct l2cap_conn *conn;
98 struct delayed_work security_timer;
99 unsigned long allow_cmd;
100
101 u8 preq[7];
102 u8 prsp[7];
103 u8 prnd[16];
104 u8 rrnd[16];
105 u8 pcnf[16];
106 u8 tk[16];
107 u8 rr[16];
108 u8 lr[16];
109 u8 enc_key_size;
110 u8 remote_key_dist;
111 bdaddr_t id_addr;
112 u8 id_addr_type;
113 u8 irk[16];
114 struct smp_csrk *csrk;
115 struct smp_csrk *slave_csrk;
116 struct smp_ltk *ltk;
117 struct smp_ltk *slave_ltk;
118 struct smp_irk *remote_irk;
119 u8 *link_key;
120 unsigned long flags;
121 u8 method;
122 u8 passkey_round;
123
124
125 u8 local_pk[64];
126 u8 remote_pk[64];
127 u8 dhkey[32];
128 u8 mackey[16];
129
130 struct crypto_cipher *tfm_aes;
131 struct crypto_shash *tfm_cmac;
132 struct crypto_kpp *tfm_ecdh;
133};
134
135
136
137
138
139static const u8 debug_pk[64] = {
140 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
141 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
142 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
143 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
144
145 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
146 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
147 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
148 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
149};
150
151static const u8 debug_sk[32] = {
152 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
153 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
154 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
155 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
156};
157
158static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
159{
160 size_t i;
161
162 for (i = 0; i < len; i++)
163 dst[len - 1 - i] = src[i];
164}
165
166
167
168
169
170static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
171 size_t len, u8 mac[16])
172{
173 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
174 SHASH_DESC_ON_STACK(desc, tfm);
175 int err;
176
177 if (len > CMAC_MSG_MAX)
178 return -EFBIG;
179
180 if (!tfm) {
181 BT_ERR("tfm %p", tfm);
182 return -EINVAL;
183 }
184
185 desc->tfm = tfm;
186
187
188 swap_buf(k, tmp, 16);
189 swap_buf(m, msg_msb, len);
190
191 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
192 SMP_DBG("key %16phN", k);
193
194 err = crypto_shash_setkey(tfm, tmp, 16);
195 if (err) {
196 BT_ERR("cipher setkey failed: %d", err);
197 return err;
198 }
199
200 err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
201 shash_desc_zero(desc);
202 if (err) {
203 BT_ERR("Hash computation error %d", err);
204 return err;
205 }
206
207 swap_buf(mac_msb, mac, 16);
208
209 SMP_DBG("mac %16phN", mac);
210
211 return 0;
212}
213
214static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
215 const u8 v[32], const u8 x[16], u8 z, u8 res[16])
216{
217 u8 m[65];
218 int err;
219
220 SMP_DBG("u %32phN", u);
221 SMP_DBG("v %32phN", v);
222 SMP_DBG("x %16phN z %02x", x, z);
223
224 m[0] = z;
225 memcpy(m + 1, v, 32);
226 memcpy(m + 33, u, 32);
227
228 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
229 if (err)
230 return err;
231
232 SMP_DBG("res %16phN", res);
233
234 return err;
235}
236
237static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
238 const u8 n1[16], const u8 n2[16], const u8 a1[7],
239 const u8 a2[7], u8 mackey[16], u8 ltk[16])
240{
241
242
243
244
245
246
247 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
248 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
249 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
250 const u8 length[2] = { 0x00, 0x01 };
251 u8 m[53], t[16];
252 int err;
253
254 SMP_DBG("w %32phN", w);
255 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
256 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
257
258 err = aes_cmac(tfm_cmac, salt, w, 32, t);
259 if (err)
260 return err;
261
262 SMP_DBG("t %16phN", t);
263
264 memcpy(m, length, 2);
265 memcpy(m + 2, a2, 7);
266 memcpy(m + 9, a1, 7);
267 memcpy(m + 16, n2, 16);
268 memcpy(m + 32, n1, 16);
269 memcpy(m + 48, btle, 4);
270
271 m[52] = 0;
272
273 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
274 if (err)
275 return err;
276
277 SMP_DBG("mackey %16phN", mackey);
278
279 m[52] = 1;
280
281 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
282 if (err)
283 return err;
284
285 SMP_DBG("ltk %16phN", ltk);
286
287 return 0;
288}
289
290static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
291 const u8 n1[16], const u8 n2[16], const u8 r[16],
292 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
293 u8 res[16])
294{
295 u8 m[65];
296 int err;
297
298 SMP_DBG("w %16phN", w);
299 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
300 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
301
302 memcpy(m, a2, 7);
303 memcpy(m + 7, a1, 7);
304 memcpy(m + 14, io_cap, 3);
305 memcpy(m + 17, r, 16);
306 memcpy(m + 33, n2, 16);
307 memcpy(m + 49, n1, 16);
308
309 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
310 if (err)
311 return err;
312
313 SMP_DBG("res %16phN", res);
314
315 return err;
316}
317
318static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
319 const u8 x[16], const u8 y[16], u32 *val)
320{
321 u8 m[80], tmp[16];
322 int err;
323
324 SMP_DBG("u %32phN", u);
325 SMP_DBG("v %32phN", v);
326 SMP_DBG("x %16phN y %16phN", x, y);
327
328 memcpy(m, y, 16);
329 memcpy(m + 16, v, 32);
330 memcpy(m + 48, u, 32);
331
332 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
333 if (err)
334 return err;
335
336 *val = get_unaligned_le32(tmp);
337 *val %= 1000000;
338
339 SMP_DBG("val %06u", *val);
340
341 return 0;
342}
343
344static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
345 const u8 key_id[4], u8 res[16])
346{
347 int err;
348
349 SMP_DBG("w %16phN key_id %4phN", w, key_id);
350
351 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
352 if (err)
353 return err;
354
355 SMP_DBG("res %16phN", res);
356
357 return err;
358}
359
360static int smp_h7(struct crypto_shash *tfm_cmac, const u8 w[16],
361 const u8 salt[16], u8 res[16])
362{
363 int err;
364
365 SMP_DBG("w %16phN salt %16phN", w, salt);
366
367 err = aes_cmac(tfm_cmac, salt, w, 16, res);
368 if (err)
369 return err;
370
371 SMP_DBG("res %16phN", res);
372
373 return err;
374}
375
376
377
378
379
380static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
381{
382 uint8_t tmp[16], data[16];
383 int err;
384
385 SMP_DBG("k %16phN r %16phN", k, r);
386
387 if (!tfm) {
388 BT_ERR("tfm %p", tfm);
389 return -EINVAL;
390 }
391
392
393 swap_buf(k, tmp, 16);
394
395 err = crypto_cipher_setkey(tfm, tmp, 16);
396 if (err) {
397 BT_ERR("cipher setkey failed: %d", err);
398 return err;
399 }
400
401
402 swap_buf(r, data, 16);
403
404 crypto_cipher_encrypt_one(tfm, data, data);
405
406
407 swap_buf(data, r, 16);
408
409 SMP_DBG("r %16phN", r);
410
411 return err;
412}
413
414static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
415 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
416 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
417{
418 u8 p1[16], p2[16];
419 int err;
420
421 SMP_DBG("k %16phN r %16phN", k, r);
422 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
423 SMP_DBG("preq %7phN pres %7phN", preq, pres);
424
425 memset(p1, 0, 16);
426
427
428 p1[0] = _iat;
429 p1[1] = _rat;
430 memcpy(p1 + 2, preq, 7);
431 memcpy(p1 + 9, pres, 7);
432
433 SMP_DBG("p1 %16phN", p1);
434
435
436 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
437
438
439 err = smp_e(tfm_aes, k, res);
440 if (err) {
441 BT_ERR("Encrypt data error");
442 return err;
443 }
444
445
446 memcpy(p2, ra, 6);
447 memcpy(p2 + 6, ia, 6);
448 memset(p2 + 12, 0, 4);
449
450 SMP_DBG("p2 %16phN", p2);
451
452
453 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
454
455
456 err = smp_e(tfm_aes, k, res);
457 if (err)
458 BT_ERR("Encrypt data error");
459
460 return err;
461}
462
463static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
464 const u8 r1[16], const u8 r2[16], u8 _r[16])
465{
466 int err;
467
468
469 memcpy(_r, r2, 8);
470 memcpy(_r + 8, r1, 8);
471
472 err = smp_e(tfm_aes, k, _r);
473 if (err)
474 BT_ERR("Encrypt data error");
475
476 return err;
477}
478
479static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
480 const u8 r[3], u8 res[3])
481{
482 u8 _res[16];
483 int err;
484
485
486 memcpy(_res, r, 3);
487 memset(_res + 3, 0, 13);
488
489 err = smp_e(tfm, irk, _res);
490 if (err) {
491 BT_ERR("Encrypt error");
492 return err;
493 }
494
495
496
497
498
499
500
501 memcpy(res, _res, 3);
502
503 return 0;
504}
505
506bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
507 const bdaddr_t *bdaddr)
508{
509 struct l2cap_chan *chan = hdev->smp_data;
510 struct smp_dev *smp;
511 u8 hash[3];
512 int err;
513
514 if (!chan || !chan->data)
515 return false;
516
517 smp = chan->data;
518
519 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
520
521 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
522 if (err)
523 return false;
524
525 return !crypto_memneq(bdaddr->b, hash, 3);
526}
527
528int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
529{
530 struct l2cap_chan *chan = hdev->smp_data;
531 struct smp_dev *smp;
532 int err;
533
534 if (!chan || !chan->data)
535 return -EOPNOTSUPP;
536
537 smp = chan->data;
538
539 get_random_bytes(&rpa->b[3], 3);
540
541 rpa->b[5] &= 0x3f;
542 rpa->b[5] |= 0x40;
543
544 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
545 if (err < 0)
546 return err;
547
548 BT_DBG("RPA %pMR", rpa);
549
550 return 0;
551}
552
553int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
554{
555 struct l2cap_chan *chan = hdev->smp_data;
556 struct smp_dev *smp;
557 int err;
558
559 if (!chan || !chan->data)
560 return -EOPNOTSUPP;
561
562 smp = chan->data;
563
564 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
565 BT_DBG("Using debug keys");
566 err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk);
567 if (err)
568 return err;
569 memcpy(smp->local_pk, debug_pk, 64);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573
574 err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk);
575 if (err)
576 return err;
577
578
579
580
581 if (crypto_memneq(smp->local_pk, debug_pk, 64))
582 break;
583 }
584 smp->debug_key = false;
585 }
586
587 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
588 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
589
590 get_random_bytes(smp->local_rand, 16);
591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
593 smp->local_rand, 0, hash);
594 if (err < 0)
595 return err;
596
597 memcpy(rand, smp->local_rand, 16);
598
599 smp->local_oob = true;
600
601 return 0;
602}
603
604static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
605{
606 struct l2cap_chan *chan = conn->smp;
607 struct smp_chan *smp;
608 struct kvec iv[2];
609 struct msghdr msg;
610
611 if (!chan)
612 return;
613
614 BT_DBG("code 0x%2.2x", code);
615
616 iv[0].iov_base = &code;
617 iv[0].iov_len = 1;
618
619 iv[1].iov_base = data;
620 iv[1].iov_len = len;
621
622 memset(&msg, 0, sizeof(msg));
623
624 iov_iter_kvec(&msg.msg_iter, WRITE, iv, 2, 1 + len);
625
626 l2cap_chan_send(chan, &msg, 1 + len);
627
628 if (!chan->data)
629 return;
630
631 smp = chan->data;
632
633 cancel_delayed_work_sync(&smp->security_timer);
634 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
635}
636
637static u8 authreq_to_seclevel(u8 authreq)
638{
639 if (authreq & SMP_AUTH_MITM) {
640 if (authreq & SMP_AUTH_SC)
641 return BT_SECURITY_FIPS;
642 else
643 return BT_SECURITY_HIGH;
644 } else {
645 return BT_SECURITY_MEDIUM;
646 }
647}
648
649static __u8 seclevel_to_authreq(__u8 sec_level)
650{
651 switch (sec_level) {
652 case BT_SECURITY_FIPS:
653 case BT_SECURITY_HIGH:
654 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
655 case BT_SECURITY_MEDIUM:
656 return SMP_AUTH_BONDING;
657 default:
658 return SMP_AUTH_NONE;
659 }
660}
661
662static void build_pairing_cmd(struct l2cap_conn *conn,
663 struct smp_cmd_pairing *req,
664 struct smp_cmd_pairing *rsp, __u8 authreq)
665{
666 struct l2cap_chan *chan = conn->smp;
667 struct smp_chan *smp = chan->data;
668 struct hci_conn *hcon = conn->hcon;
669 struct hci_dev *hdev = hcon->hdev;
670 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
671
672 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
673 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
674 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
675 authreq |= SMP_AUTH_BONDING;
676 } else {
677 authreq &= ~SMP_AUTH_BONDING;
678 }
679
680 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
681 remote_dist |= SMP_DIST_ID_KEY;
682
683 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
684 local_dist |= SMP_DIST_ID_KEY;
685
686 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
687 (authreq & SMP_AUTH_SC)) {
688 struct oob_data *oob_data;
689 u8 bdaddr_type;
690
691 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
692 local_dist |= SMP_DIST_LINK_KEY;
693 remote_dist |= SMP_DIST_LINK_KEY;
694 }
695
696 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
697 bdaddr_type = BDADDR_LE_PUBLIC;
698 else
699 bdaddr_type = BDADDR_LE_RANDOM;
700
701 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
702 bdaddr_type);
703 if (oob_data && oob_data->present) {
704 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
705 oob_flag = SMP_OOB_PRESENT;
706 memcpy(smp->rr, oob_data->rand256, 16);
707 memcpy(smp->pcnf, oob_data->hash256, 16);
708 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
709 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
710 }
711
712 } else {
713 authreq &= ~SMP_AUTH_SC;
714 }
715
716 if (rsp == NULL) {
717 req->io_capability = conn->hcon->io_capability;
718 req->oob_flag = oob_flag;
719 req->max_key_size = hdev->le_max_key_size;
720 req->init_key_dist = local_dist;
721 req->resp_key_dist = remote_dist;
722 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
723
724 smp->remote_key_dist = remote_dist;
725 return;
726 }
727
728 rsp->io_capability = conn->hcon->io_capability;
729 rsp->oob_flag = oob_flag;
730 rsp->max_key_size = hdev->le_max_key_size;
731 rsp->init_key_dist = req->init_key_dist & remote_dist;
732 rsp->resp_key_dist = req->resp_key_dist & local_dist;
733 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
734
735 smp->remote_key_dist = rsp->init_key_dist;
736}
737
738static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
739{
740 struct l2cap_chan *chan = conn->smp;
741 struct hci_dev *hdev = conn->hcon->hdev;
742 struct smp_chan *smp = chan->data;
743
744 if (max_key_size > hdev->le_max_key_size ||
745 max_key_size < SMP_MIN_ENC_KEY_SIZE)
746 return SMP_ENC_KEY_SIZE;
747
748 smp->enc_key_size = max_key_size;
749
750 return 0;
751}
752
753static void smp_chan_destroy(struct l2cap_conn *conn)
754{
755 struct l2cap_chan *chan = conn->smp;
756 struct smp_chan *smp = chan->data;
757 struct hci_conn *hcon = conn->hcon;
758 bool complete;
759
760 BUG_ON(!smp);
761
762 cancel_delayed_work_sync(&smp->security_timer);
763
764 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
765 mgmt_smp_complete(hcon, complete);
766
767 kzfree(smp->csrk);
768 kzfree(smp->slave_csrk);
769 kzfree(smp->link_key);
770
771 crypto_free_cipher(smp->tfm_aes);
772 crypto_free_shash(smp->tfm_cmac);
773 crypto_free_kpp(smp->tfm_ecdh);
774
775
776
777
778 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
779 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
780 list_del_rcu(&smp->ltk->list);
781 kfree_rcu(smp->ltk, rcu);
782 smp->ltk = NULL;
783 }
784
785
786 if (!complete) {
787 if (smp->ltk) {
788 list_del_rcu(&smp->ltk->list);
789 kfree_rcu(smp->ltk, rcu);
790 }
791
792 if (smp->slave_ltk) {
793 list_del_rcu(&smp->slave_ltk->list);
794 kfree_rcu(smp->slave_ltk, rcu);
795 }
796
797 if (smp->remote_irk) {
798 list_del_rcu(&smp->remote_irk->list);
799 kfree_rcu(smp->remote_irk, rcu);
800 }
801 }
802
803 chan->data = NULL;
804 kzfree(smp);
805 hci_conn_drop(hcon);
806}
807
808static void smp_failure(struct l2cap_conn *conn, u8 reason)
809{
810 struct hci_conn *hcon = conn->hcon;
811 struct l2cap_chan *chan = conn->smp;
812
813 if (reason)
814 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
815 &reason);
816
817 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
818
819 if (chan->data)
820 smp_chan_destroy(conn);
821}
822
823#define JUST_WORKS 0x00
824#define JUST_CFM 0x01
825#define REQ_PASSKEY 0x02
826#define CFM_PASSKEY 0x03
827#define REQ_OOB 0x04
828#define DSP_PASSKEY 0x05
829#define OVERLAP 0xFF
830
831static const u8 gen_method[5][5] = {
832 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
833 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
834 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
835 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
836 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
837};
838
839static const u8 sc_method[5][5] = {
840 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
841 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
843 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
844 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
845};
846
847static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
848{
849
850
851
852 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
853 remote_io > SMP_IO_KEYBOARD_DISPLAY)
854 return JUST_CFM;
855
856 if (test_bit(SMP_FLAG_SC, &smp->flags))
857 return sc_method[remote_io][local_io];
858
859 return gen_method[remote_io][local_io];
860}
861
862static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
863 u8 local_io, u8 remote_io)
864{
865 struct hci_conn *hcon = conn->hcon;
866 struct l2cap_chan *chan = conn->smp;
867 struct smp_chan *smp = chan->data;
868 u32 passkey = 0;
869 int ret = 0;
870
871
872 memset(smp->tk, 0, sizeof(smp->tk));
873 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
874
875 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
876
877
878
879
880
881
882
883 if (!(auth & SMP_AUTH_MITM))
884 smp->method = JUST_CFM;
885 else
886 smp->method = get_auth_method(smp, local_io, remote_io);
887
888
889 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
890 &smp->flags))
891 smp->method = JUST_WORKS;
892
893
894 if (smp->method == JUST_CFM &&
895 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
896 smp->method = JUST_WORKS;
897
898
899 if (smp->method == JUST_WORKS) {
900 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
901 return 0;
902 }
903
904
905
906
907 if (test_bit(SMP_FLAG_SC, &smp->flags))
908 return -EINVAL;
909
910
911 if (smp->method != JUST_CFM) {
912 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
913 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
914 hcon->pending_sec_level = BT_SECURITY_HIGH;
915 }
916
917
918
919
920 if (smp->method == OVERLAP) {
921 if (hcon->role == HCI_ROLE_MASTER)
922 smp->method = CFM_PASSKEY;
923 else
924 smp->method = REQ_PASSKEY;
925 }
926
927
928 if (smp->method == CFM_PASSKEY) {
929 memset(smp->tk, 0, sizeof(smp->tk));
930 get_random_bytes(&passkey, sizeof(passkey));
931 passkey %= 1000000;
932 put_unaligned_le32(passkey, smp->tk);
933 BT_DBG("PassKey: %d", passkey);
934 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
935 }
936
937 if (smp->method == REQ_PASSKEY)
938 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type);
940 else if (smp->method == JUST_CFM)
941 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
942 hcon->type, hcon->dst_type,
943 passkey, 1);
944 else
945 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
946 hcon->type, hcon->dst_type,
947 passkey, 0);
948
949 return ret;
950}
951
952static u8 smp_confirm(struct smp_chan *smp)
953{
954 struct l2cap_conn *conn = smp->conn;
955 struct smp_cmd_pairing_confirm cp;
956 int ret;
957
958 BT_DBG("conn %p", conn);
959
960 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
961 conn->hcon->init_addr_type, &conn->hcon->init_addr,
962 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
963 cp.confirm_val);
964 if (ret)
965 return SMP_UNSPECIFIED;
966
967 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
968
969 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
970
971 if (conn->hcon->out)
972 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
973 else
974 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
975
976 return 0;
977}
978
979static u8 smp_random(struct smp_chan *smp)
980{
981 struct l2cap_conn *conn = smp->conn;
982 struct hci_conn *hcon = conn->hcon;
983 u8 confirm[16];
984 int ret;
985
986 if (IS_ERR_OR_NULL(smp->tfm_aes))
987 return SMP_UNSPECIFIED;
988
989 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
990
991 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
992 hcon->init_addr_type, &hcon->init_addr,
993 hcon->resp_addr_type, &hcon->resp_addr, confirm);
994 if (ret)
995 return SMP_UNSPECIFIED;
996
997 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
998 bt_dev_err(hcon->hdev, "pairing failed "
999 "(confirmation values mismatch)");
1000 return SMP_CONFIRM_FAILED;
1001 }
1002
1003 if (hcon->out) {
1004 u8 stk[16];
1005 __le64 rand = 0;
1006 __le16 ediv = 0;
1007
1008 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1009
1010 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1011 return SMP_UNSPECIFIED;
1012
1013 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
1014 hcon->enc_key_size = smp->enc_key_size;
1015 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1016 } else {
1017 u8 stk[16], auth;
1018 __le64 rand = 0;
1019 __le16 ediv = 0;
1020
1021 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1022 smp->prnd);
1023
1024 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1025
1026 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1027 auth = 1;
1028 else
1029 auth = 0;
1030
1031
1032
1033
1034
1035 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1036 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
1037 }
1038
1039 return 0;
1040}
1041
1042static void smp_notify_keys(struct l2cap_conn *conn)
1043{
1044 struct l2cap_chan *chan = conn->smp;
1045 struct smp_chan *smp = chan->data;
1046 struct hci_conn *hcon = conn->hcon;
1047 struct hci_dev *hdev = hcon->hdev;
1048 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1049 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1050 bool persistent;
1051
1052 if (hcon->type == ACL_LINK) {
1053 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1054 persistent = false;
1055 else
1056 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1057 &hcon->flags);
1058 } else {
1059
1060
1061
1062
1063 persistent = !!((req->auth_req & rsp->auth_req) &
1064 SMP_AUTH_BONDING);
1065 }
1066
1067 if (smp->remote_irk) {
1068 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1069
1070
1071
1072
1073
1074 if (hcon->type == LE_LINK) {
1075 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1076 hcon->dst_type = smp->remote_irk->addr_type;
1077 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1078 }
1079 }
1080
1081 if (smp->csrk) {
1082 smp->csrk->bdaddr_type = hcon->dst_type;
1083 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1084 mgmt_new_csrk(hdev, smp->csrk, persistent);
1085 }
1086
1087 if (smp->slave_csrk) {
1088 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1089 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1090 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1091 }
1092
1093 if (smp->ltk) {
1094 smp->ltk->bdaddr_type = hcon->dst_type;
1095 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1096 mgmt_new_ltk(hdev, smp->ltk, persistent);
1097 }
1098
1099 if (smp->slave_ltk) {
1100 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1101 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1102 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1103 }
1104
1105 if (smp->link_key) {
1106 struct link_key *key;
1107 u8 type;
1108
1109 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1110 type = HCI_LK_DEBUG_COMBINATION;
1111 else if (hcon->sec_level == BT_SECURITY_FIPS)
1112 type = HCI_LK_AUTH_COMBINATION_P256;
1113 else
1114 type = HCI_LK_UNAUTH_COMBINATION_P256;
1115
1116 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1117 smp->link_key, type, 0, &persistent);
1118 if (key) {
1119 mgmt_new_link_key(hdev, key, persistent);
1120
1121
1122
1123
1124 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
1125 key->type == HCI_LK_DEBUG_COMBINATION) {
1126 list_del_rcu(&key->list);
1127 kfree_rcu(key, rcu);
1128 }
1129 }
1130 }
1131}
1132
1133static void sc_add_ltk(struct smp_chan *smp)
1134{
1135 struct hci_conn *hcon = smp->conn->hcon;
1136 u8 key_type, auth;
1137
1138 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1139 key_type = SMP_LTK_P256_DEBUG;
1140 else
1141 key_type = SMP_LTK_P256;
1142
1143 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1144 auth = 1;
1145 else
1146 auth = 0;
1147
1148 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1149 key_type, auth, smp->tk, smp->enc_key_size,
1150 0, 0);
1151}
1152
1153static void sc_generate_link_key(struct smp_chan *smp)
1154{
1155
1156 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1157
1158 smp->link_key = kzalloc(16, GFP_KERNEL);
1159 if (!smp->link_key)
1160 return;
1161
1162 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1163
1164 const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1165
1166 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
1167 kzfree(smp->link_key);
1168 smp->link_key = NULL;
1169 return;
1170 }
1171 } else {
1172
1173 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1174
1175 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1176 kzfree(smp->link_key);
1177 smp->link_key = NULL;
1178 return;
1179 }
1180 }
1181
1182 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1183 kzfree(smp->link_key);
1184 smp->link_key = NULL;
1185 return;
1186 }
1187}
1188
1189static void smp_allow_key_dist(struct smp_chan *smp)
1190{
1191
1192
1193
1194
1195 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1196 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1197 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1198 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1199 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1200 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1201}
1202
1203static void sc_generate_ltk(struct smp_chan *smp)
1204{
1205
1206 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1207 struct hci_conn *hcon = smp->conn->hcon;
1208 struct hci_dev *hdev = hcon->hdev;
1209 struct link_key *key;
1210
1211 key = hci_find_link_key(hdev, &hcon->dst);
1212 if (!key) {
1213 bt_dev_err(hdev, "no Link Key found to generate LTK");
1214 return;
1215 }
1216
1217 if (key->type == HCI_LK_DEBUG_COMBINATION)
1218 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1219
1220 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1221
1222 const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
1223
1224 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
1225 return;
1226 } else {
1227
1228 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1229
1230 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1231 return;
1232 }
1233
1234 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1235 return;
1236
1237 sc_add_ltk(smp);
1238}
1239
1240static void smp_distribute_keys(struct smp_chan *smp)
1241{
1242 struct smp_cmd_pairing *req, *rsp;
1243 struct l2cap_conn *conn = smp->conn;
1244 struct hci_conn *hcon = conn->hcon;
1245 struct hci_dev *hdev = hcon->hdev;
1246 __u8 *keydist;
1247
1248 BT_DBG("conn %p", conn);
1249
1250 rsp = (void *) &smp->prsp[1];
1251
1252
1253 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1254 smp_allow_key_dist(smp);
1255 return;
1256 }
1257
1258 req = (void *) &smp->preq[1];
1259
1260 if (hcon->out) {
1261 keydist = &rsp->init_key_dist;
1262 *keydist &= req->init_key_dist;
1263 } else {
1264 keydist = &rsp->resp_key_dist;
1265 *keydist &= req->resp_key_dist;
1266 }
1267
1268 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1269 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1270 sc_generate_link_key(smp);
1271 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1272 sc_generate_ltk(smp);
1273
1274
1275 *keydist &= ~SMP_SC_NO_DIST;
1276 }
1277
1278 BT_DBG("keydist 0x%x", *keydist);
1279
1280 if (*keydist & SMP_DIST_ENC_KEY) {
1281 struct smp_cmd_encrypt_info enc;
1282 struct smp_cmd_master_ident ident;
1283 struct smp_ltk *ltk;
1284 u8 authenticated;
1285 __le16 ediv;
1286 __le64 rand;
1287
1288
1289
1290
1291
1292 get_random_bytes(enc.ltk, smp->enc_key_size);
1293 memset(enc.ltk + smp->enc_key_size, 0,
1294 sizeof(enc.ltk) - smp->enc_key_size);
1295
1296 get_random_bytes(&ediv, sizeof(ediv));
1297 get_random_bytes(&rand, sizeof(rand));
1298
1299 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1300
1301 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1302 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1303 SMP_LTK_SLAVE, authenticated, enc.ltk,
1304 smp->enc_key_size, ediv, rand);
1305 smp->slave_ltk = ltk;
1306
1307 ident.ediv = ediv;
1308 ident.rand = rand;
1309
1310 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1311
1312 *keydist &= ~SMP_DIST_ENC_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_ID_KEY) {
1316 struct smp_cmd_ident_addr_info addrinfo;
1317 struct smp_cmd_ident_info idinfo;
1318
1319 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1320
1321 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1322
1323
1324
1325
1326
1327
1328
1329 bacpy(&addrinfo.bdaddr, &hcon->src);
1330 addrinfo.addr_type = hcon->src_type;
1331
1332 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1333 &addrinfo);
1334
1335 *keydist &= ~SMP_DIST_ID_KEY;
1336 }
1337
1338 if (*keydist & SMP_DIST_SIGN) {
1339 struct smp_cmd_sign_info sign;
1340 struct smp_csrk *csrk;
1341
1342
1343 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1344
1345 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1346 if (csrk) {
1347 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1348 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1349 else
1350 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
1351 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1352 }
1353 smp->slave_csrk = csrk;
1354
1355 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1356
1357 *keydist &= ~SMP_DIST_SIGN;
1358 }
1359
1360
1361 if (smp->remote_key_dist & KEY_DIST_MASK) {
1362 smp_allow_key_dist(smp);
1363 return;
1364 }
1365
1366 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1367 smp_notify_keys(conn);
1368
1369 smp_chan_destroy(conn);
1370}
1371
1372static void smp_timeout(struct work_struct *work)
1373{
1374 struct smp_chan *smp = container_of(work, struct smp_chan,
1375 security_timer.work);
1376 struct l2cap_conn *conn = smp->conn;
1377
1378 BT_DBG("conn %p", conn);
1379
1380 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1381}
1382
1383static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1384{
1385 struct l2cap_chan *chan = conn->smp;
1386 struct smp_chan *smp;
1387
1388 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1389 if (!smp)
1390 return NULL;
1391
1392 smp->tfm_aes = crypto_alloc_cipher("aes", 0, 0);
1393 if (IS_ERR(smp->tfm_aes)) {
1394 BT_ERR("Unable to create AES crypto context");
1395 goto zfree_smp;
1396 }
1397
1398 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
1399 if (IS_ERR(smp->tfm_cmac)) {
1400 BT_ERR("Unable to create CMAC crypto context");
1401 goto free_cipher;
1402 }
1403
1404 smp->tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
1405 if (IS_ERR(smp->tfm_ecdh)) {
1406 BT_ERR("Unable to create ECDH crypto context");
1407 goto free_shash;
1408 }
1409
1410 smp->conn = conn;
1411 chan->data = smp;
1412
1413 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1414
1415 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1416
1417 hci_conn_hold(conn->hcon);
1418
1419 return smp;
1420
1421free_shash:
1422 crypto_free_shash(smp->tfm_cmac);
1423free_cipher:
1424 crypto_free_cipher(smp->tfm_aes);
1425zfree_smp:
1426 kzfree(smp);
1427 return NULL;
1428}
1429
1430static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1431{
1432 struct hci_conn *hcon = smp->conn->hcon;
1433 u8 *na, *nb, a[7], b[7];
1434
1435 if (hcon->out) {
1436 na = smp->prnd;
1437 nb = smp->rrnd;
1438 } else {
1439 na = smp->rrnd;
1440 nb = smp->prnd;
1441 }
1442
1443 memcpy(a, &hcon->init_addr, 6);
1444 memcpy(b, &hcon->resp_addr, 6);
1445 a[6] = hcon->init_addr_type;
1446 b[6] = hcon->resp_addr_type;
1447
1448 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1449}
1450
1451static void sc_dhkey_check(struct smp_chan *smp)
1452{
1453 struct hci_conn *hcon = smp->conn->hcon;
1454 struct smp_cmd_dhkey_check check;
1455 u8 a[7], b[7], *local_addr, *remote_addr;
1456 u8 io_cap[3], r[16];
1457
1458 memcpy(a, &hcon->init_addr, 6);
1459 memcpy(b, &hcon->resp_addr, 6);
1460 a[6] = hcon->init_addr_type;
1461 b[6] = hcon->resp_addr_type;
1462
1463 if (hcon->out) {
1464 local_addr = a;
1465 remote_addr = b;
1466 memcpy(io_cap, &smp->preq[1], 3);
1467 } else {
1468 local_addr = b;
1469 remote_addr = a;
1470 memcpy(io_cap, &smp->prsp[1], 3);
1471 }
1472
1473 memset(r, 0, sizeof(r));
1474
1475 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1476 put_unaligned_le32(hcon->passkey_notify, r);
1477
1478 if (smp->method == REQ_OOB)
1479 memcpy(r, smp->rr, 16);
1480
1481 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1482 local_addr, remote_addr, check.e);
1483
1484 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1485}
1486
1487static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1488{
1489 struct l2cap_conn *conn = smp->conn;
1490 struct hci_conn *hcon = conn->hcon;
1491 struct smp_cmd_pairing_confirm cfm;
1492 u8 r;
1493
1494 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1495 r |= 0x80;
1496
1497 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1498
1499 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1500 cfm.confirm_val))
1501 return SMP_UNSPECIFIED;
1502
1503 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1504
1505 return 0;
1506}
1507
1508static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1509{
1510 struct l2cap_conn *conn = smp->conn;
1511 struct hci_conn *hcon = conn->hcon;
1512 struct hci_dev *hdev = hcon->hdev;
1513 u8 cfm[16], r;
1514
1515
1516 if (smp->passkey_round >= 20)
1517 return 0;
1518
1519 switch (smp_op) {
1520 case SMP_CMD_PAIRING_RANDOM:
1521 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1522 r |= 0x80;
1523
1524 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1525 smp->rrnd, r, cfm))
1526 return SMP_UNSPECIFIED;
1527
1528 if (crypto_memneq(smp->pcnf, cfm, 16))
1529 return SMP_CONFIRM_FAILED;
1530
1531 smp->passkey_round++;
1532
1533 if (smp->passkey_round == 20) {
1534
1535 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1536 return SMP_UNSPECIFIED;
1537 }
1538
1539
1540
1541
1542 if (!hcon->out) {
1543 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1544 sizeof(smp->prnd), smp->prnd);
1545 if (smp->passkey_round == 20)
1546 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1547 else
1548 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1549 return 0;
1550 }
1551
1552
1553 if (smp->passkey_round != 20)
1554 return sc_passkey_round(smp, 0);
1555
1556
1557 sc_dhkey_check(smp);
1558 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1559
1560 break;
1561
1562 case SMP_CMD_PAIRING_CONFIRM:
1563 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1564 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1565 return 0;
1566 }
1567
1568 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1569
1570 if (hcon->out) {
1571 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1572 sizeof(smp->prnd), smp->prnd);
1573 return 0;
1574 }
1575
1576 return sc_passkey_send_confirm(smp);
1577
1578 case SMP_CMD_PUBLIC_KEY:
1579 default:
1580
1581 if (!hcon->out)
1582 return 0;
1583
1584 BT_DBG("%s Starting passkey round %u", hdev->name,
1585 smp->passkey_round + 1);
1586
1587 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1588
1589 return sc_passkey_send_confirm(smp);
1590 }
1591
1592 return 0;
1593}
1594
1595static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1596{
1597 struct l2cap_conn *conn = smp->conn;
1598 struct hci_conn *hcon = conn->hcon;
1599 u8 smp_op;
1600
1601 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1602
1603 switch (mgmt_op) {
1604 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1605 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1606 return 0;
1607 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1608 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1609 return 0;
1610 case MGMT_OP_USER_PASSKEY_REPLY:
1611 hcon->passkey_notify = le32_to_cpu(passkey);
1612 smp->passkey_round = 0;
1613
1614 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1615 smp_op = SMP_CMD_PAIRING_CONFIRM;
1616 else
1617 smp_op = 0;
1618
1619 if (sc_passkey_round(smp, smp_op))
1620 return -EIO;
1621
1622 return 0;
1623 }
1624
1625
1626 if (hcon->out) {
1627 sc_dhkey_check(smp);
1628 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1629 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1630 sc_dhkey_check(smp);
1631 sc_add_ltk(smp);
1632 }
1633
1634 return 0;
1635}
1636
1637int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1638{
1639 struct l2cap_conn *conn = hcon->l2cap_data;
1640 struct l2cap_chan *chan;
1641 struct smp_chan *smp;
1642 u32 value;
1643 int err;
1644
1645 BT_DBG("");
1646
1647 if (!conn)
1648 return -ENOTCONN;
1649
1650 chan = conn->smp;
1651 if (!chan)
1652 return -ENOTCONN;
1653
1654 l2cap_chan_lock(chan);
1655 if (!chan->data) {
1656 err = -ENOTCONN;
1657 goto unlock;
1658 }
1659
1660 smp = chan->data;
1661
1662 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1663 err = sc_user_reply(smp, mgmt_op, passkey);
1664 goto unlock;
1665 }
1666
1667 switch (mgmt_op) {
1668 case MGMT_OP_USER_PASSKEY_REPLY:
1669 value = le32_to_cpu(passkey);
1670 memset(smp->tk, 0, sizeof(smp->tk));
1671 BT_DBG("PassKey: %d", value);
1672 put_unaligned_le32(value, smp->tk);
1673
1674 case MGMT_OP_USER_CONFIRM_REPLY:
1675 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1676 break;
1677 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1678 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1679 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1680 err = 0;
1681 goto unlock;
1682 default:
1683 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1684 err = -EOPNOTSUPP;
1685 goto unlock;
1686 }
1687
1688 err = 0;
1689
1690
1691 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1692 u8 rsp = smp_confirm(smp);
1693 if (rsp)
1694 smp_failure(conn, rsp);
1695 }
1696
1697unlock:
1698 l2cap_chan_unlock(chan);
1699 return err;
1700}
1701
1702static void build_bredr_pairing_cmd(struct smp_chan *smp,
1703 struct smp_cmd_pairing *req,
1704 struct smp_cmd_pairing *rsp)
1705{
1706 struct l2cap_conn *conn = smp->conn;
1707 struct hci_dev *hdev = conn->hcon->hdev;
1708 u8 local_dist = 0, remote_dist = 0;
1709
1710 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
1711 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1712 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1713 }
1714
1715 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
1716 remote_dist |= SMP_DIST_ID_KEY;
1717
1718 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
1719 local_dist |= SMP_DIST_ID_KEY;
1720
1721 if (!rsp) {
1722 memset(req, 0, sizeof(*req));
1723
1724 req->auth_req = SMP_AUTH_CT2;
1725 req->init_key_dist = local_dist;
1726 req->resp_key_dist = remote_dist;
1727 req->max_key_size = conn->hcon->enc_key_size;
1728
1729 smp->remote_key_dist = remote_dist;
1730
1731 return;
1732 }
1733
1734 memset(rsp, 0, sizeof(*rsp));
1735
1736 rsp->auth_req = SMP_AUTH_CT2;
1737 rsp->max_key_size = conn->hcon->enc_key_size;
1738 rsp->init_key_dist = req->init_key_dist & remote_dist;
1739 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1740
1741 smp->remote_key_dist = rsp->init_key_dist;
1742}
1743
1744static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1745{
1746 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1747 struct l2cap_chan *chan = conn->smp;
1748 struct hci_dev *hdev = conn->hcon->hdev;
1749 struct smp_chan *smp;
1750 u8 key_size, auth, sec_level;
1751 int ret;
1752
1753 BT_DBG("conn %p", conn);
1754
1755 if (skb->len < sizeof(*req))
1756 return SMP_INVALID_PARAMS;
1757
1758 if (conn->hcon->role != HCI_ROLE_SLAVE)
1759 return SMP_CMD_NOTSUPP;
1760
1761 if (!chan->data)
1762 smp = smp_chan_create(conn);
1763 else
1764 smp = chan->data;
1765
1766 if (!smp)
1767 return SMP_UNSPECIFIED;
1768
1769
1770 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1771
1772 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
1773 (auth & SMP_AUTH_BONDING))
1774 return SMP_PAIRING_NOTSUPP;
1775
1776 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1777 return SMP_AUTH_REQUIREMENTS;
1778
1779 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1780 memcpy(&smp->preq[1], req, sizeof(*req));
1781 skb_pull(skb, sizeof(*req));
1782
1783
1784
1785
1786
1787 if (req->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)
1788 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1789
1790
1791 if (conn->hcon->type == ACL_LINK) {
1792
1793 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1794 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
1795 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1796
1797 set_bit(SMP_FLAG_SC, &smp->flags);
1798
1799 build_bredr_pairing_cmd(smp, req, &rsp);
1800
1801 if (req->auth_req & SMP_AUTH_CT2)
1802 set_bit(SMP_FLAG_CT2, &smp->flags);
1803
1804 key_size = min(req->max_key_size, rsp.max_key_size);
1805 if (check_enc_key_size(conn, key_size))
1806 return SMP_ENC_KEY_SIZE;
1807
1808
1809 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1810
1811 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1812 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1813 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1814
1815 smp_distribute_keys(smp);
1816 return 0;
1817 }
1818
1819 build_pairing_cmd(conn, req, &rsp, auth);
1820
1821 if (rsp.auth_req & SMP_AUTH_SC) {
1822 set_bit(SMP_FLAG_SC, &smp->flags);
1823
1824 if (rsp.auth_req & SMP_AUTH_CT2)
1825 set_bit(SMP_FLAG_CT2, &smp->flags);
1826 }
1827
1828 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1829 sec_level = BT_SECURITY_MEDIUM;
1830 else
1831 sec_level = authreq_to_seclevel(auth);
1832
1833 if (sec_level > conn->hcon->pending_sec_level)
1834 conn->hcon->pending_sec_level = sec_level;
1835
1836
1837 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1838 u8 method;
1839
1840 method = get_auth_method(smp, conn->hcon->io_capability,
1841 req->io_capability);
1842 if (method == JUST_WORKS || method == JUST_CFM)
1843 return SMP_AUTH_REQUIREMENTS;
1844 }
1845
1846 key_size = min(req->max_key_size, rsp.max_key_size);
1847 if (check_enc_key_size(conn, key_size))
1848 return SMP_ENC_KEY_SIZE;
1849
1850 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1851
1852 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1853 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1854
1855 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1856
1857 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1858
1859
1860
1861
1862
1863
1864 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1865
1866 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1867 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1868
1869 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1870
1871 return 0;
1872 }
1873
1874
1875 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1876 if (ret)
1877 return SMP_UNSPECIFIED;
1878
1879 return 0;
1880}
1881
1882static u8 sc_send_public_key(struct smp_chan *smp)
1883{
1884 struct hci_dev *hdev = smp->conn->hcon->hdev;
1885
1886 BT_DBG("");
1887
1888 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1889 struct l2cap_chan *chan = hdev->smp_data;
1890 struct smp_dev *smp_dev;
1891
1892 if (!chan || !chan->data)
1893 return SMP_UNSPECIFIED;
1894
1895 smp_dev = chan->data;
1896
1897 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1898 memcpy(smp->lr, smp_dev->local_rand, 16);
1899
1900 if (smp_dev->debug_key)
1901 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1902
1903 goto done;
1904 }
1905
1906 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
1907 BT_DBG("Using debug keys");
1908 if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk))
1909 return SMP_UNSPECIFIED;
1910 memcpy(smp->local_pk, debug_pk, 64);
1911 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1912 } else {
1913 while (true) {
1914
1915 if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk))
1916 return SMP_UNSPECIFIED;
1917
1918
1919
1920
1921 if (crypto_memneq(smp->local_pk, debug_pk, 64))
1922 break;
1923 }
1924 }
1925
1926done:
1927 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1928 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
1929
1930 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1931
1932 return 0;
1933}
1934
1935static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1936{
1937 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1938 struct l2cap_chan *chan = conn->smp;
1939 struct smp_chan *smp = chan->data;
1940 struct hci_dev *hdev = conn->hcon->hdev;
1941 u8 key_size, auth;
1942 int ret;
1943
1944 BT_DBG("conn %p", conn);
1945
1946 if (skb->len < sizeof(*rsp))
1947 return SMP_INVALID_PARAMS;
1948
1949 if (conn->hcon->role != HCI_ROLE_MASTER)
1950 return SMP_CMD_NOTSUPP;
1951
1952 skb_pull(skb, sizeof(*rsp));
1953
1954 req = (void *) &smp->preq[1];
1955
1956 key_size = min(req->max_key_size, rsp->max_key_size);
1957 if (check_enc_key_size(conn, key_size))
1958 return SMP_ENC_KEY_SIZE;
1959
1960 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1961
1962 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1963 return SMP_AUTH_REQUIREMENTS;
1964
1965
1966
1967
1968
1969 if (rsp->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)
1970 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1971
1972 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1973 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1974
1975
1976
1977
1978 smp->remote_key_dist &= rsp->resp_key_dist;
1979
1980 if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2))
1981 set_bit(SMP_FLAG_CT2, &smp->flags);
1982
1983
1984 if (conn->hcon->type == ACL_LINK) {
1985
1986 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1987 smp_distribute_keys(smp);
1988 return 0;
1989 }
1990
1991 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1992 set_bit(SMP_FLAG_SC, &smp->flags);
1993 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1994 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1995
1996
1997 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1998 u8 method;
1999
2000 method = get_auth_method(smp, req->io_capability,
2001 rsp->io_capability);
2002 if (method == JUST_WORKS || method == JUST_CFM)
2003 return SMP_AUTH_REQUIREMENTS;
2004 }
2005
2006 get_random_bytes(smp->prnd, sizeof(smp->prnd));
2007
2008
2009
2010
2011 smp->remote_key_dist &= rsp->resp_key_dist;
2012
2013 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2014
2015 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
2016 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
2017 return sc_send_public_key(smp);
2018 }
2019
2020 auth |= req->auth_req;
2021
2022 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2023 if (ret)
2024 return SMP_UNSPECIFIED;
2025
2026 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2027
2028
2029 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2030 return smp_confirm(smp);
2031
2032 return 0;
2033}
2034
2035static u8 sc_check_confirm(struct smp_chan *smp)
2036{
2037 struct l2cap_conn *conn = smp->conn;
2038
2039 BT_DBG("");
2040
2041 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2042 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2043
2044 if (conn->hcon->out) {
2045 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2046 smp->prnd);
2047 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2048 }
2049
2050 return 0;
2051}
2052
2053
2054
2055
2056
2057static int fixup_sc_false_positive(struct smp_chan *smp)
2058{
2059 struct l2cap_conn *conn = smp->conn;
2060 struct hci_conn *hcon = conn->hcon;
2061 struct hci_dev *hdev = hcon->hdev;
2062 struct smp_cmd_pairing *req, *rsp;
2063 u8 auth;
2064
2065
2066 if (hcon->out)
2067 return SMP_UNSPECIFIED;
2068
2069 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2070 bt_dev_err(hdev, "refusing legacy fallback in SC-only mode");
2071 return SMP_UNSPECIFIED;
2072 }
2073
2074 bt_dev_err(hdev, "trying to fall back to legacy SMP");
2075
2076 req = (void *) &smp->preq[1];
2077 rsp = (void *) &smp->prsp[1];
2078
2079
2080 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2081
2082 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2083
2084 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2085 bt_dev_err(hdev, "failed to fall back to legacy SMP");
2086 return SMP_UNSPECIFIED;
2087 }
2088
2089 clear_bit(SMP_FLAG_SC, &smp->flags);
2090
2091 return 0;
2092}
2093
2094static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
2095{
2096 struct l2cap_chan *chan = conn->smp;
2097 struct smp_chan *smp = chan->data;
2098
2099 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2100
2101 if (skb->len < sizeof(smp->pcnf))
2102 return SMP_INVALID_PARAMS;
2103
2104 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2105 skb_pull(skb, sizeof(smp->pcnf));
2106
2107 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2108 int ret;
2109
2110
2111 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2112 return sc_check_confirm(smp);
2113
2114 BT_ERR("Unexpected SMP Pairing Confirm");
2115
2116 ret = fixup_sc_false_positive(smp);
2117 if (ret)
2118 return ret;
2119 }
2120
2121 if (conn->hcon->out) {
2122 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2123 smp->prnd);
2124 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2125 return 0;
2126 }
2127
2128 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2129 return smp_confirm(smp);
2130
2131 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2132
2133 return 0;
2134}
2135
2136static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
2137{
2138 struct l2cap_chan *chan = conn->smp;
2139 struct smp_chan *smp = chan->data;
2140 struct hci_conn *hcon = conn->hcon;
2141 u8 *pkax, *pkbx, *na, *nb;
2142 u32 passkey;
2143 int err;
2144
2145 BT_DBG("conn %p", conn);
2146
2147 if (skb->len < sizeof(smp->rrnd))
2148 return SMP_INVALID_PARAMS;
2149
2150 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
2151 skb_pull(skb, sizeof(smp->rrnd));
2152
2153 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2154 return smp_random(smp);
2155
2156 if (hcon->out) {
2157 pkax = smp->local_pk;
2158 pkbx = smp->remote_pk;
2159 na = smp->prnd;
2160 nb = smp->rrnd;
2161 } else {
2162 pkax = smp->remote_pk;
2163 pkbx = smp->local_pk;
2164 na = smp->rrnd;
2165 nb = smp->prnd;
2166 }
2167
2168 if (smp->method == REQ_OOB) {
2169 if (!hcon->out)
2170 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2171 sizeof(smp->prnd), smp->prnd);
2172 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2173 goto mackey_and_ltk;
2174 }
2175
2176
2177 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2178 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2179
2180 if (hcon->out) {
2181 u8 cfm[16];
2182
2183 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2184 smp->rrnd, 0, cfm);
2185 if (err)
2186 return SMP_UNSPECIFIED;
2187
2188 if (crypto_memneq(smp->pcnf, cfm, 16))
2189 return SMP_CONFIRM_FAILED;
2190 } else {
2191 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2192 smp->prnd);
2193 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2194 }
2195
2196mackey_and_ltk:
2197
2198 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2199 if (err)
2200 return SMP_UNSPECIFIED;
2201
2202 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2203 if (hcon->out) {
2204 sc_dhkey_check(smp);
2205 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2206 }
2207 return 0;
2208 }
2209
2210 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2211 if (err)
2212 return SMP_UNSPECIFIED;
2213
2214 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2215 hcon->dst_type, passkey, 0);
2216 if (err)
2217 return SMP_UNSPECIFIED;
2218
2219 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2220
2221 return 0;
2222}
2223
2224static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2225{
2226 struct smp_ltk *key;
2227 struct hci_conn *hcon = conn->hcon;
2228
2229 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2230 if (!key)
2231 return false;
2232
2233 if (smp_ltk_sec_level(key) < sec_level)
2234 return false;
2235
2236 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2237 return true;
2238
2239 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
2240 hcon->enc_key_size = key->enc_size;
2241
2242
2243 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2244
2245 return true;
2246}
2247
2248bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2249 enum smp_key_pref key_pref)
2250{
2251 if (sec_level == BT_SECURITY_LOW)
2252 return true;
2253
2254
2255
2256
2257
2258
2259
2260 if (key_pref == SMP_USE_LTK &&
2261 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2262 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2263 return false;
2264
2265 if (hcon->sec_level >= sec_level)
2266 return true;
2267
2268 return false;
2269}
2270
2271static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2272{
2273 struct smp_cmd_security_req *rp = (void *) skb->data;
2274 struct smp_cmd_pairing cp;
2275 struct hci_conn *hcon = conn->hcon;
2276 struct hci_dev *hdev = hcon->hdev;
2277 struct smp_chan *smp;
2278 u8 sec_level, auth;
2279
2280 BT_DBG("conn %p", conn);
2281
2282 if (skb->len < sizeof(*rp))
2283 return SMP_INVALID_PARAMS;
2284
2285 if (hcon->role != HCI_ROLE_MASTER)
2286 return SMP_CMD_NOTSUPP;
2287
2288 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2289
2290 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
2291 return SMP_AUTH_REQUIREMENTS;
2292
2293 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2294 sec_level = BT_SECURITY_MEDIUM;
2295 else
2296 sec_level = authreq_to_seclevel(auth);
2297
2298 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
2299
2300
2301
2302
2303 smp_ltk_encrypt(conn, hcon->sec_level);
2304 return 0;
2305 }
2306
2307 if (sec_level > hcon->pending_sec_level)
2308 hcon->pending_sec_level = sec_level;
2309
2310 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2311 return 0;
2312
2313 smp = smp_chan_create(conn);
2314 if (!smp)
2315 return SMP_UNSPECIFIED;
2316
2317 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2318 (auth & SMP_AUTH_BONDING))
2319 return SMP_PAIRING_NOTSUPP;
2320
2321 skb_pull(skb, sizeof(*rp));
2322
2323 memset(&cp, 0, sizeof(cp));
2324 build_pairing_cmd(conn, &cp, NULL, auth);
2325
2326 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2327 memcpy(&smp->preq[1], &cp, sizeof(cp));
2328
2329 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2330 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2331
2332 return 0;
2333}
2334
2335int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2336{
2337 struct l2cap_conn *conn = hcon->l2cap_data;
2338 struct l2cap_chan *chan;
2339 struct smp_chan *smp;
2340 __u8 authreq;
2341 int ret;
2342
2343 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2344
2345
2346 if (!conn)
2347 return 1;
2348
2349 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2350 return 1;
2351
2352 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2353 return 1;
2354
2355 if (sec_level > hcon->pending_sec_level)
2356 hcon->pending_sec_level = sec_level;
2357
2358 if (hcon->role == HCI_ROLE_MASTER)
2359 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2360 return 0;
2361
2362 chan = conn->smp;
2363 if (!chan) {
2364 bt_dev_err(hcon->hdev, "security requested but not available");
2365 return 1;
2366 }
2367
2368 l2cap_chan_lock(chan);
2369
2370
2371 if (chan->data) {
2372 ret = 0;
2373 goto unlock;
2374 }
2375
2376 smp = smp_chan_create(conn);
2377 if (!smp) {
2378 ret = 1;
2379 goto unlock;
2380 }
2381
2382 authreq = seclevel_to_authreq(sec_level);
2383
2384 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {
2385 authreq |= SMP_AUTH_SC;
2386 if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))
2387 authreq |= SMP_AUTH_CT2;
2388 }
2389
2390
2391
2392
2393 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2394 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2395 authreq |= SMP_AUTH_MITM;
2396
2397 if (hcon->role == HCI_ROLE_MASTER) {
2398 struct smp_cmd_pairing cp;
2399
2400 build_pairing_cmd(conn, &cp, NULL, authreq);
2401 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2402 memcpy(&smp->preq[1], &cp, sizeof(cp));
2403
2404 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2405 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2406 } else {
2407 struct smp_cmd_security_req cp;
2408 cp.auth_req = authreq;
2409 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2410 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2411 }
2412
2413 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2414 ret = 0;
2415
2416unlock:
2417 l2cap_chan_unlock(chan);
2418 return ret;
2419}
2420
2421int smp_cancel_and_remove_pairing(struct hci_dev *hdev, bdaddr_t *bdaddr,
2422 u8 addr_type)
2423{
2424 struct hci_conn *hcon;
2425 struct l2cap_conn *conn;
2426 struct l2cap_chan *chan;
2427 struct smp_chan *smp;
2428 int err;
2429
2430 err = hci_remove_ltk(hdev, bdaddr, addr_type);
2431 hci_remove_irk(hdev, bdaddr, addr_type);
2432
2433 hcon = hci_conn_hash_lookup_le(hdev, bdaddr, addr_type);
2434 if (!hcon)
2435 goto done;
2436
2437 conn = hcon->l2cap_data;
2438 if (!conn)
2439 goto done;
2440
2441 chan = conn->smp;
2442 if (!chan)
2443 goto done;
2444
2445 l2cap_chan_lock(chan);
2446
2447 smp = chan->data;
2448 if (smp) {
2449
2450
2451 smp->ltk = NULL;
2452 smp->slave_ltk = NULL;
2453 smp->remote_irk = NULL;
2454
2455 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2456 smp_failure(conn, 0);
2457 else
2458 smp_failure(conn, SMP_UNSPECIFIED);
2459 err = 0;
2460 }
2461
2462 l2cap_chan_unlock(chan);
2463
2464done:
2465 return err;
2466}
2467
2468static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2469{
2470 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2471 struct l2cap_chan *chan = conn->smp;
2472 struct smp_chan *smp = chan->data;
2473
2474 BT_DBG("conn %p", conn);
2475
2476 if (skb->len < sizeof(*rp))
2477 return SMP_INVALID_PARAMS;
2478
2479 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2480
2481 skb_pull(skb, sizeof(*rp));
2482
2483 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2484
2485 return 0;
2486}
2487
2488static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2489{
2490 struct smp_cmd_master_ident *rp = (void *) skb->data;
2491 struct l2cap_chan *chan = conn->smp;
2492 struct smp_chan *smp = chan->data;
2493 struct hci_dev *hdev = conn->hcon->hdev;
2494 struct hci_conn *hcon = conn->hcon;
2495 struct smp_ltk *ltk;
2496 u8 authenticated;
2497
2498 BT_DBG("conn %p", conn);
2499
2500 if (skb->len < sizeof(*rp))
2501 return SMP_INVALID_PARAMS;
2502
2503
2504 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2505
2506 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2507 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2508 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2509 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2510
2511 skb_pull(skb, sizeof(*rp));
2512
2513 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2514 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2515 authenticated, smp->tk, smp->enc_key_size,
2516 rp->ediv, rp->rand);
2517 smp->ltk = ltk;
2518 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2519 smp_distribute_keys(smp);
2520
2521 return 0;
2522}
2523
2524static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2525{
2526 struct smp_cmd_ident_info *info = (void *) skb->data;
2527 struct l2cap_chan *chan = conn->smp;
2528 struct smp_chan *smp = chan->data;
2529
2530 BT_DBG("");
2531
2532 if (skb->len < sizeof(*info))
2533 return SMP_INVALID_PARAMS;
2534
2535 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2536
2537 skb_pull(skb, sizeof(*info));
2538
2539 memcpy(smp->irk, info->irk, 16);
2540
2541 return 0;
2542}
2543
2544static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2545 struct sk_buff *skb)
2546{
2547 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2548 struct l2cap_chan *chan = conn->smp;
2549 struct smp_chan *smp = chan->data;
2550 struct hci_conn *hcon = conn->hcon;
2551 bdaddr_t rpa;
2552
2553 BT_DBG("");
2554
2555 if (skb->len < sizeof(*info))
2556 return SMP_INVALID_PARAMS;
2557
2558
2559 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2560
2561 if (smp->remote_key_dist & SMP_DIST_SIGN)
2562 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2563
2564 skb_pull(skb, sizeof(*info));
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2577 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
2578 bt_dev_err(hcon->hdev, "ignoring IRK with no identity address");
2579 goto distribute;
2580 }
2581
2582 bacpy(&smp->id_addr, &info->bdaddr);
2583 smp->id_addr_type = info->addr_type;
2584
2585 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2586 bacpy(&rpa, &hcon->dst);
2587 else
2588 bacpy(&rpa, BDADDR_ANY);
2589
2590 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2591 smp->id_addr_type, smp->irk, &rpa);
2592
2593distribute:
2594 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2595 smp_distribute_keys(smp);
2596
2597 return 0;
2598}
2599
2600static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2601{
2602 struct smp_cmd_sign_info *rp = (void *) skb->data;
2603 struct l2cap_chan *chan = conn->smp;
2604 struct smp_chan *smp = chan->data;
2605 struct smp_csrk *csrk;
2606
2607 BT_DBG("conn %p", conn);
2608
2609 if (skb->len < sizeof(*rp))
2610 return SMP_INVALID_PARAMS;
2611
2612
2613 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2614
2615 skb_pull(skb, sizeof(*rp));
2616
2617 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2618 if (csrk) {
2619 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2620 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2621 else
2622 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
2623 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2624 }
2625 smp->csrk = csrk;
2626 smp_distribute_keys(smp);
2627
2628 return 0;
2629}
2630
2631static u8 sc_select_method(struct smp_chan *smp)
2632{
2633 struct l2cap_conn *conn = smp->conn;
2634 struct hci_conn *hcon = conn->hcon;
2635 struct smp_cmd_pairing *local, *remote;
2636 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2637
2638 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2639 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
2640 return REQ_OOB;
2641
2642
2643
2644
2645
2646
2647 if (hcon->out) {
2648 local = (void *) &smp->preq[1];
2649 remote = (void *) &smp->prsp[1];
2650 } else {
2651 local = (void *) &smp->prsp[1];
2652 remote = (void *) &smp->preq[1];
2653 }
2654
2655 local_io = local->io_capability;
2656 remote_io = remote->io_capability;
2657
2658 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2659 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2660
2661
2662
2663
2664 if (local_mitm || remote_mitm)
2665 method = get_auth_method(smp, local_io, remote_io);
2666 else
2667 method = JUST_WORKS;
2668
2669
2670 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2671 method = JUST_WORKS;
2672
2673 return method;
2674}
2675
2676static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2677{
2678 struct smp_cmd_public_key *key = (void *) skb->data;
2679 struct hci_conn *hcon = conn->hcon;
2680 struct l2cap_chan *chan = conn->smp;
2681 struct smp_chan *smp = chan->data;
2682 struct hci_dev *hdev = hcon->hdev;
2683 struct crypto_kpp *tfm_ecdh;
2684 struct smp_cmd_pairing_confirm cfm;
2685 int err;
2686
2687 BT_DBG("conn %p", conn);
2688
2689 if (skb->len < sizeof(*key))
2690 return SMP_INVALID_PARAMS;
2691
2692 memcpy(smp->remote_pk, key, 64);
2693
2694 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2695 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2696 smp->rr, 0, cfm.confirm_val);
2697 if (err)
2698 return SMP_UNSPECIFIED;
2699
2700 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
2701 return SMP_CONFIRM_FAILED;
2702 }
2703
2704
2705
2706
2707 if (!hcon->out) {
2708 err = sc_send_public_key(smp);
2709 if (err)
2710 return err;
2711 }
2712
2713 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2714 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
2715
2716
2717
2718
2719 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
2720 struct l2cap_chan *hchan = hdev->smp_data;
2721 struct smp_dev *smp_dev;
2722
2723 if (!hchan || !hchan->data)
2724 return SMP_UNSPECIFIED;
2725
2726 smp_dev = hchan->data;
2727
2728 tfm_ecdh = smp_dev->tfm_ecdh;
2729 } else {
2730 tfm_ecdh = smp->tfm_ecdh;
2731 }
2732
2733 if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey))
2734 return SMP_UNSPECIFIED;
2735
2736 SMP_DBG("DHKey %32phN", smp->dhkey);
2737
2738 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2739
2740 smp->method = sc_select_method(smp);
2741
2742 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2743
2744
2745 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2746 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2747 else
2748 hcon->pending_sec_level = BT_SECURITY_FIPS;
2749
2750 if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
2751 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2752
2753 if (smp->method == DSP_PASSKEY) {
2754 get_random_bytes(&hcon->passkey_notify,
2755 sizeof(hcon->passkey_notify));
2756 hcon->passkey_notify %= 1000000;
2757 hcon->passkey_entered = 0;
2758 smp->passkey_round = 0;
2759 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2760 hcon->dst_type,
2761 hcon->passkey_notify,
2762 hcon->passkey_entered))
2763 return SMP_UNSPECIFIED;
2764 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2765 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2766 }
2767
2768 if (smp->method == REQ_OOB) {
2769 if (hcon->out)
2770 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2771 sizeof(smp->prnd), smp->prnd);
2772
2773 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2774
2775 return 0;
2776 }
2777
2778 if (hcon->out)
2779 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2780
2781 if (smp->method == REQ_PASSKEY) {
2782 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2783 hcon->dst_type))
2784 return SMP_UNSPECIFIED;
2785 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2786 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2787 return 0;
2788 }
2789
2790
2791
2792
2793 if (conn->hcon->out)
2794 return 0;
2795
2796 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2797 0, cfm.confirm_val);
2798 if (err)
2799 return SMP_UNSPECIFIED;
2800
2801 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2802 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2803
2804 return 0;
2805}
2806
2807static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2808{
2809 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2810 struct l2cap_chan *chan = conn->smp;
2811 struct hci_conn *hcon = conn->hcon;
2812 struct smp_chan *smp = chan->data;
2813 u8 a[7], b[7], *local_addr, *remote_addr;
2814 u8 io_cap[3], r[16], e[16];
2815 int err;
2816
2817 BT_DBG("conn %p", conn);
2818
2819 if (skb->len < sizeof(*check))
2820 return SMP_INVALID_PARAMS;
2821
2822 memcpy(a, &hcon->init_addr, 6);
2823 memcpy(b, &hcon->resp_addr, 6);
2824 a[6] = hcon->init_addr_type;
2825 b[6] = hcon->resp_addr_type;
2826
2827 if (hcon->out) {
2828 local_addr = a;
2829 remote_addr = b;
2830 memcpy(io_cap, &smp->prsp[1], 3);
2831 } else {
2832 local_addr = b;
2833 remote_addr = a;
2834 memcpy(io_cap, &smp->preq[1], 3);
2835 }
2836
2837 memset(r, 0, sizeof(r));
2838
2839 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2840 put_unaligned_le32(hcon->passkey_notify, r);
2841 else if (smp->method == REQ_OOB)
2842 memcpy(r, smp->lr, 16);
2843
2844 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2845 io_cap, remote_addr, local_addr, e);
2846 if (err)
2847 return SMP_UNSPECIFIED;
2848
2849 if (crypto_memneq(check->e, e, 16))
2850 return SMP_DHKEY_CHECK_FAILED;
2851
2852 if (!hcon->out) {
2853 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2854 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2855 return 0;
2856 }
2857
2858
2859 sc_dhkey_check(smp);
2860 }
2861
2862 sc_add_ltk(smp);
2863
2864 if (hcon->out) {
2865 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
2866 hcon->enc_key_size = smp->enc_key_size;
2867 }
2868
2869 return 0;
2870}
2871
2872static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2873 struct sk_buff *skb)
2874{
2875 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2876
2877 BT_DBG("value 0x%02x", kp->value);
2878
2879 return 0;
2880}
2881
2882static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2883{
2884 struct l2cap_conn *conn = chan->conn;
2885 struct hci_conn *hcon = conn->hcon;
2886 struct smp_chan *smp;
2887 __u8 code, reason;
2888 int err = 0;
2889
2890 if (skb->len < 1)
2891 return -EILSEQ;
2892
2893 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2894 reason = SMP_PAIRING_NOTSUPP;
2895 goto done;
2896 }
2897
2898 code = skb->data[0];
2899 skb_pull(skb, sizeof(code));
2900
2901 smp = chan->data;
2902
2903 if (code > SMP_CMD_MAX)
2904 goto drop;
2905
2906 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2907 goto drop;
2908
2909
2910
2911
2912 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2913 goto drop;
2914
2915 switch (code) {
2916 case SMP_CMD_PAIRING_REQ:
2917 reason = smp_cmd_pairing_req(conn, skb);
2918 break;
2919
2920 case SMP_CMD_PAIRING_FAIL:
2921 smp_failure(conn, 0);
2922 err = -EPERM;
2923 break;
2924
2925 case SMP_CMD_PAIRING_RSP:
2926 reason = smp_cmd_pairing_rsp(conn, skb);
2927 break;
2928
2929 case SMP_CMD_SECURITY_REQ:
2930 reason = smp_cmd_security_req(conn, skb);
2931 break;
2932
2933 case SMP_CMD_PAIRING_CONFIRM:
2934 reason = smp_cmd_pairing_confirm(conn, skb);
2935 break;
2936
2937 case SMP_CMD_PAIRING_RANDOM:
2938 reason = smp_cmd_pairing_random(conn, skb);
2939 break;
2940
2941 case SMP_CMD_ENCRYPT_INFO:
2942 reason = smp_cmd_encrypt_info(conn, skb);
2943 break;
2944
2945 case SMP_CMD_MASTER_IDENT:
2946 reason = smp_cmd_master_ident(conn, skb);
2947 break;
2948
2949 case SMP_CMD_IDENT_INFO:
2950 reason = smp_cmd_ident_info(conn, skb);
2951 break;
2952
2953 case SMP_CMD_IDENT_ADDR_INFO:
2954 reason = smp_cmd_ident_addr_info(conn, skb);
2955 break;
2956
2957 case SMP_CMD_SIGN_INFO:
2958 reason = smp_cmd_sign_info(conn, skb);
2959 break;
2960
2961 case SMP_CMD_PUBLIC_KEY:
2962 reason = smp_cmd_public_key(conn, skb);
2963 break;
2964
2965 case SMP_CMD_DHKEY_CHECK:
2966 reason = smp_cmd_dhkey_check(conn, skb);
2967 break;
2968
2969 case SMP_CMD_KEYPRESS_NOTIFY:
2970 reason = smp_cmd_keypress_notify(conn, skb);
2971 break;
2972
2973 default:
2974 BT_DBG("Unknown command code 0x%2.2x", code);
2975 reason = SMP_CMD_NOTSUPP;
2976 goto done;
2977 }
2978
2979done:
2980 if (!err) {
2981 if (reason)
2982 smp_failure(conn, reason);
2983 kfree_skb(skb);
2984 }
2985
2986 return err;
2987
2988drop:
2989 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR",
2990 code, &hcon->dst);
2991 kfree_skb(skb);
2992 return 0;
2993}
2994
2995static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2996{
2997 struct l2cap_conn *conn = chan->conn;
2998
2999 BT_DBG("chan %p", chan);
3000
3001 if (chan->data)
3002 smp_chan_destroy(conn);
3003
3004 conn->smp = NULL;
3005 l2cap_chan_put(chan);
3006}
3007
3008static void bredr_pairing(struct l2cap_chan *chan)
3009{
3010 struct l2cap_conn *conn = chan->conn;
3011 struct hci_conn *hcon = conn->hcon;
3012 struct hci_dev *hdev = hcon->hdev;
3013 struct smp_cmd_pairing req;
3014 struct smp_chan *smp;
3015
3016 BT_DBG("chan %p", chan);
3017
3018
3019 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
3020 return;
3021
3022
3023 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3024 return;
3025
3026
3027 if (hcon->role != HCI_ROLE_MASTER)
3028 return;
3029
3030
3031 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
3032 return;
3033
3034
3035 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
3036 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3037 return;
3038
3039
3040 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
3041 return;
3042
3043
3044 if (!lmp_host_le_capable(hcon))
3045 return;
3046
3047
3048 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
3049 return;
3050
3051
3052 if (chan->data)
3053 return;
3054
3055 smp = smp_chan_create(conn);
3056 if (!smp) {
3057 bt_dev_err(hdev, "unable to create SMP context for BR/EDR");
3058 return;
3059 }
3060
3061 set_bit(SMP_FLAG_SC, &smp->flags);
3062
3063 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
3064
3065
3066 build_bredr_pairing_cmd(smp, &req, NULL);
3067
3068 smp->preq[0] = SMP_CMD_PAIRING_REQ;
3069 memcpy(&smp->preq[1], &req, sizeof(req));
3070
3071 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
3072 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
3073}
3074
3075static void smp_resume_cb(struct l2cap_chan *chan)
3076{
3077 struct smp_chan *smp = chan->data;
3078 struct l2cap_conn *conn = chan->conn;
3079 struct hci_conn *hcon = conn->hcon;
3080
3081 BT_DBG("chan %p", chan);
3082
3083 if (hcon->type == ACL_LINK) {
3084 bredr_pairing(chan);
3085 return;
3086 }
3087
3088 if (!smp)
3089 return;
3090
3091 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3092 return;
3093
3094 cancel_delayed_work(&smp->security_timer);
3095
3096 smp_distribute_keys(smp);
3097}
3098
3099static void smp_ready_cb(struct l2cap_chan *chan)
3100{
3101 struct l2cap_conn *conn = chan->conn;
3102 struct hci_conn *hcon = conn->hcon;
3103
3104 BT_DBG("chan %p", chan);
3105
3106
3107
3108
3109
3110
3111
3112 conn->smp = chan;
3113
3114 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3115 bredr_pairing(chan);
3116}
3117
3118static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3119{
3120 int err;
3121
3122 BT_DBG("chan %p", chan);
3123
3124 err = smp_sig_channel(chan, skb);
3125 if (err) {
3126 struct smp_chan *smp = chan->data;
3127
3128 if (smp)
3129 cancel_delayed_work_sync(&smp->security_timer);
3130
3131 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
3132 }
3133
3134 return err;
3135}
3136
3137static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3138 unsigned long hdr_len,
3139 unsigned long len, int nb)
3140{
3141 struct sk_buff *skb;
3142
3143 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3144 if (!skb)
3145 return ERR_PTR(-ENOMEM);
3146
3147 skb->priority = HCI_PRIO_MAX;
3148 bt_cb(skb)->l2cap.chan = chan;
3149
3150 return skb;
3151}
3152
3153static const struct l2cap_ops smp_chan_ops = {
3154 .name = "Security Manager",
3155 .ready = smp_ready_cb,
3156 .recv = smp_recv_cb,
3157 .alloc_skb = smp_alloc_skb_cb,
3158 .teardown = smp_teardown_cb,
3159 .resume = smp_resume_cb,
3160
3161 .new_connection = l2cap_chan_no_new_connection,
3162 .state_change = l2cap_chan_no_state_change,
3163 .close = l2cap_chan_no_close,
3164 .defer = l2cap_chan_no_defer,
3165 .suspend = l2cap_chan_no_suspend,
3166 .set_shutdown = l2cap_chan_no_set_shutdown,
3167 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3168};
3169
3170static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3171{
3172 struct l2cap_chan *chan;
3173
3174 BT_DBG("pchan %p", pchan);
3175
3176 chan = l2cap_chan_create();
3177 if (!chan)
3178 return NULL;
3179
3180 chan->chan_type = pchan->chan_type;
3181 chan->ops = &smp_chan_ops;
3182 chan->scid = pchan->scid;
3183 chan->dcid = chan->scid;
3184 chan->imtu = pchan->imtu;
3185 chan->omtu = pchan->omtu;
3186 chan->mode = pchan->mode;
3187
3188
3189
3190
3191
3192
3193 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3194
3195 BT_DBG("created chan %p", chan);
3196
3197 return chan;
3198}
3199
3200static const struct l2cap_ops smp_root_chan_ops = {
3201 .name = "Security Manager Root",
3202 .new_connection = smp_new_conn_cb,
3203
3204
3205 .close = l2cap_chan_no_close,
3206 .alloc_skb = l2cap_chan_no_alloc_skb,
3207 .recv = l2cap_chan_no_recv,
3208 .state_change = l2cap_chan_no_state_change,
3209 .teardown = l2cap_chan_no_teardown,
3210 .ready = l2cap_chan_no_ready,
3211 .defer = l2cap_chan_no_defer,
3212 .suspend = l2cap_chan_no_suspend,
3213 .resume = l2cap_chan_no_resume,
3214 .set_shutdown = l2cap_chan_no_set_shutdown,
3215 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3216};
3217
3218static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
3219{
3220 struct l2cap_chan *chan;
3221 struct smp_dev *smp;
3222 struct crypto_cipher *tfm_aes;
3223 struct crypto_shash *tfm_cmac;
3224 struct crypto_kpp *tfm_ecdh;
3225
3226 if (cid == L2CAP_CID_SMP_BREDR) {
3227 smp = NULL;
3228 goto create_chan;
3229 }
3230
3231 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3232 if (!smp)
3233 return ERR_PTR(-ENOMEM);
3234
3235 tfm_aes = crypto_alloc_cipher("aes", 0, 0);
3236 if (IS_ERR(tfm_aes)) {
3237 BT_ERR("Unable to create AES crypto context");
3238 kzfree(smp);
3239 return ERR_CAST(tfm_aes);
3240 }
3241
3242 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
3243 if (IS_ERR(tfm_cmac)) {
3244 BT_ERR("Unable to create CMAC crypto context");
3245 crypto_free_cipher(tfm_aes);
3246 kzfree(smp);
3247 return ERR_CAST(tfm_cmac);
3248 }
3249
3250 tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
3251 if (IS_ERR(tfm_ecdh)) {
3252 BT_ERR("Unable to create ECDH crypto context");
3253 crypto_free_shash(tfm_cmac);
3254 crypto_free_cipher(tfm_aes);
3255 kzfree(smp);
3256 return ERR_CAST(tfm_ecdh);
3257 }
3258
3259 smp->local_oob = false;
3260 smp->tfm_aes = tfm_aes;
3261 smp->tfm_cmac = tfm_cmac;
3262 smp->tfm_ecdh = tfm_ecdh;
3263
3264create_chan:
3265 chan = l2cap_chan_create();
3266 if (!chan) {
3267 if (smp) {
3268 crypto_free_cipher(smp->tfm_aes);
3269 crypto_free_shash(smp->tfm_cmac);
3270 crypto_free_kpp(smp->tfm_ecdh);
3271 kzfree(smp);
3272 }
3273 return ERR_PTR(-ENOMEM);
3274 }
3275
3276 chan->data = smp;
3277
3278 l2cap_add_scid(chan, cid);
3279
3280 l2cap_chan_set_defaults(chan);
3281
3282 if (cid == L2CAP_CID_SMP) {
3283 u8 bdaddr_type;
3284
3285 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3286
3287 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
3288 chan->src_type = BDADDR_LE_PUBLIC;
3289 else
3290 chan->src_type = BDADDR_LE_RANDOM;
3291 } else {
3292 bacpy(&chan->src, &hdev->bdaddr);
3293 chan->src_type = BDADDR_BREDR;
3294 }
3295
3296 chan->state = BT_LISTEN;
3297 chan->mode = L2CAP_MODE_BASIC;
3298 chan->imtu = L2CAP_DEFAULT_MTU;
3299 chan->ops = &smp_root_chan_ops;
3300
3301
3302 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3303
3304 return chan;
3305}
3306
3307static void smp_del_chan(struct l2cap_chan *chan)
3308{
3309 struct smp_dev *smp;
3310
3311 BT_DBG("chan %p", chan);
3312
3313 smp = chan->data;
3314 if (smp) {
3315 chan->data = NULL;
3316 crypto_free_cipher(smp->tfm_aes);
3317 crypto_free_shash(smp->tfm_cmac);
3318 crypto_free_kpp(smp->tfm_ecdh);
3319 kzfree(smp);
3320 }
3321
3322 l2cap_chan_put(chan);
3323}
3324
3325static ssize_t force_bredr_smp_read(struct file *file,
3326 char __user *user_buf,
3327 size_t count, loff_t *ppos)
3328{
3329 struct hci_dev *hdev = file->private_data;
3330 char buf[3];
3331
3332 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
3333 buf[1] = '\n';
3334 buf[2] = '\0';
3335 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3336}
3337
3338static ssize_t force_bredr_smp_write(struct file *file,
3339 const char __user *user_buf,
3340 size_t count, loff_t *ppos)
3341{
3342 struct hci_dev *hdev = file->private_data;
3343 bool enable;
3344 int err;
3345
3346 err = kstrtobool_from_user(user_buf, count, &enable);
3347 if (err)
3348 return err;
3349
3350 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3351 return -EALREADY;
3352
3353 if (enable) {
3354 struct l2cap_chan *chan;
3355
3356 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3357 if (IS_ERR(chan))
3358 return PTR_ERR(chan);
3359
3360 hdev->smp_bredr_data = chan;
3361 } else {
3362 struct l2cap_chan *chan;
3363
3364 chan = hdev->smp_bredr_data;
3365 hdev->smp_bredr_data = NULL;
3366 smp_del_chan(chan);
3367 }
3368
3369 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
3370
3371 return count;
3372}
3373
3374static const struct file_operations force_bredr_smp_fops = {
3375 .open = simple_open,
3376 .read = force_bredr_smp_read,
3377 .write = force_bredr_smp_write,
3378 .llseek = default_llseek,
3379};
3380
3381static ssize_t le_min_key_size_read(struct file *file,
3382 char __user *user_buf,
3383 size_t count, loff_t *ppos)
3384{
3385 struct hci_dev *hdev = file->private_data;
3386 char buf[4];
3387
3388 snprintf(buf, sizeof(buf), "%2u\n", hdev->le_min_key_size);
3389
3390 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3391}
3392
3393static ssize_t le_min_key_size_write(struct file *file,
3394 const char __user *user_buf,
3395 size_t count, loff_t *ppos)
3396{
3397 struct hci_dev *hdev = file->private_data;
3398 char buf[32];
3399 size_t buf_size = min(count, (sizeof(buf) - 1));
3400 u8 key_size;
3401
3402 if (copy_from_user(buf, user_buf, buf_size))
3403 return -EFAULT;
3404
3405 buf[buf_size] = '\0';
3406
3407 sscanf(buf, "%hhu", &key_size);
3408
3409 if (key_size > hdev->le_max_key_size ||
3410 key_size < SMP_MIN_ENC_KEY_SIZE)
3411 return -EINVAL;
3412
3413 hdev->le_min_key_size = key_size;
3414
3415 return count;
3416}
3417
3418static const struct file_operations le_min_key_size_fops = {
3419 .open = simple_open,
3420 .read = le_min_key_size_read,
3421 .write = le_min_key_size_write,
3422 .llseek = default_llseek,
3423};
3424
3425static ssize_t le_max_key_size_read(struct file *file,
3426 char __user *user_buf,
3427 size_t count, loff_t *ppos)
3428{
3429 struct hci_dev *hdev = file->private_data;
3430 char buf[4];
3431
3432 snprintf(buf, sizeof(buf), "%2u\n", hdev->le_max_key_size);
3433
3434 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3435}
3436
3437static ssize_t le_max_key_size_write(struct file *file,
3438 const char __user *user_buf,
3439 size_t count, loff_t *ppos)
3440{
3441 struct hci_dev *hdev = file->private_data;
3442 char buf[32];
3443 size_t buf_size = min(count, (sizeof(buf) - 1));
3444 u8 key_size;
3445
3446 if (copy_from_user(buf, user_buf, buf_size))
3447 return -EFAULT;
3448
3449 buf[buf_size] = '\0';
3450
3451 sscanf(buf, "%hhu", &key_size);
3452
3453 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3454 key_size < hdev->le_min_key_size)
3455 return -EINVAL;
3456
3457 hdev->le_max_key_size = key_size;
3458
3459 return count;
3460}
3461
3462static const struct file_operations le_max_key_size_fops = {
3463 .open = simple_open,
3464 .read = le_max_key_size_read,
3465 .write = le_max_key_size_write,
3466 .llseek = default_llseek,
3467};
3468
3469int smp_register(struct hci_dev *hdev)
3470{
3471 struct l2cap_chan *chan;
3472
3473 BT_DBG("%s", hdev->name);
3474
3475
3476
3477
3478 if (!lmp_le_capable(hdev))
3479 return 0;
3480
3481 if (WARN_ON(hdev->smp_data)) {
3482 chan = hdev->smp_data;
3483 hdev->smp_data = NULL;
3484 smp_del_chan(chan);
3485 }
3486
3487 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3488 if (IS_ERR(chan))
3489 return PTR_ERR(chan);
3490
3491 hdev->smp_data = chan;
3492
3493 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3494 &le_min_key_size_fops);
3495 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3496 &le_max_key_size_fops);
3497
3498
3499
3500
3501
3502
3503
3504
3505 if (!lmp_sc_capable(hdev)) {
3506 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3507 hdev, &force_bredr_smp_fops);
3508
3509
3510 if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3511 return 0;
3512 }
3513
3514 if (WARN_ON(hdev->smp_bredr_data)) {
3515 chan = hdev->smp_bredr_data;
3516 hdev->smp_bredr_data = NULL;
3517 smp_del_chan(chan);
3518 }
3519
3520 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3521 if (IS_ERR(chan)) {
3522 int err = PTR_ERR(chan);
3523 chan = hdev->smp_data;
3524 hdev->smp_data = NULL;
3525 smp_del_chan(chan);
3526 return err;
3527 }
3528
3529 hdev->smp_bredr_data = chan;
3530
3531 return 0;
3532}
3533
3534void smp_unregister(struct hci_dev *hdev)
3535{
3536 struct l2cap_chan *chan;
3537
3538 if (hdev->smp_bredr_data) {
3539 chan = hdev->smp_bredr_data;
3540 hdev->smp_bredr_data = NULL;
3541 smp_del_chan(chan);
3542 }
3543
3544 if (hdev->smp_data) {
3545 chan = hdev->smp_data;
3546 hdev->smp_data = NULL;
3547 smp_del_chan(chan);
3548 }
3549}
3550
3551#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3552
3553static int __init test_debug_key(struct crypto_kpp *tfm_ecdh)
3554{
3555 u8 pk[64];
3556 int err;
3557
3558 err = set_ecdh_privkey(tfm_ecdh, debug_sk);
3559 if (err)
3560 return err;
3561
3562 err = generate_ecdh_public_key(tfm_ecdh, pk);
3563 if (err)
3564 return err;
3565
3566 if (crypto_memneq(pk, debug_pk, 64))
3567 return -EINVAL;
3568
3569 return 0;
3570}
3571
3572static int __init test_ah(struct crypto_cipher *tfm_aes)
3573{
3574 const u8 irk[16] = {
3575 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3576 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3577 const u8 r[3] = { 0x94, 0x81, 0x70 };
3578 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3579 u8 res[3];
3580 int err;
3581
3582 err = smp_ah(tfm_aes, irk, r, res);
3583 if (err)
3584 return err;
3585
3586 if (crypto_memneq(res, exp, 3))
3587 return -EINVAL;
3588
3589 return 0;
3590}
3591
3592static int __init test_c1(struct crypto_cipher *tfm_aes)
3593{
3594 const u8 k[16] = {
3595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3597 const u8 r[16] = {
3598 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3599 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3600 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3601 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3602 const u8 _iat = 0x01;
3603 const u8 _rat = 0x00;
3604 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3605 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3606 const u8 exp[16] = {
3607 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3608 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3609 u8 res[16];
3610 int err;
3611
3612 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3613 if (err)
3614 return err;
3615
3616 if (crypto_memneq(res, exp, 16))
3617 return -EINVAL;
3618
3619 return 0;
3620}
3621
3622static int __init test_s1(struct crypto_cipher *tfm_aes)
3623{
3624 const u8 k[16] = {
3625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3626 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3627 const u8 r1[16] = {
3628 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3629 const u8 r2[16] = {
3630 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3631 const u8 exp[16] = {
3632 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3633 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3634 u8 res[16];
3635 int err;
3636
3637 err = smp_s1(tfm_aes, k, r1, r2, res);
3638 if (err)
3639 return err;
3640
3641 if (crypto_memneq(res, exp, 16))
3642 return -EINVAL;
3643
3644 return 0;
3645}
3646
3647static int __init test_f4(struct crypto_shash *tfm_cmac)
3648{
3649 const u8 u[32] = {
3650 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3651 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3652 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3653 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3654 const u8 v[32] = {
3655 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3656 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3657 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3658 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3659 const u8 x[16] = {
3660 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3661 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3662 const u8 z = 0x00;
3663 const u8 exp[16] = {
3664 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3665 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3666 u8 res[16];
3667 int err;
3668
3669 err = smp_f4(tfm_cmac, u, v, x, z, res);
3670 if (err)
3671 return err;
3672
3673 if (crypto_memneq(res, exp, 16))
3674 return -EINVAL;
3675
3676 return 0;
3677}
3678
3679static int __init test_f5(struct crypto_shash *tfm_cmac)
3680{
3681 const u8 w[32] = {
3682 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3683 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3684 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3685 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3686 const u8 n1[16] = {
3687 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3688 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3689 const u8 n2[16] = {
3690 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3691 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3692 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3693 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3694 const u8 exp_ltk[16] = {
3695 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3696 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3697 const u8 exp_mackey[16] = {
3698 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3699 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3700 u8 mackey[16], ltk[16];
3701 int err;
3702
3703 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3704 if (err)
3705 return err;
3706
3707 if (crypto_memneq(mackey, exp_mackey, 16))
3708 return -EINVAL;
3709
3710 if (crypto_memneq(ltk, exp_ltk, 16))
3711 return -EINVAL;
3712
3713 return 0;
3714}
3715
3716static int __init test_f6(struct crypto_shash *tfm_cmac)
3717{
3718 const u8 w[16] = {
3719 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3720 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3721 const u8 n1[16] = {
3722 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3723 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3724 const u8 n2[16] = {
3725 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3726 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3727 const u8 r[16] = {
3728 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3729 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3730 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3731 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3732 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3733 const u8 exp[16] = {
3734 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3735 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3736 u8 res[16];
3737 int err;
3738
3739 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3740 if (err)
3741 return err;
3742
3743 if (crypto_memneq(res, exp, 16))
3744 return -EINVAL;
3745
3746 return 0;
3747}
3748
3749static int __init test_g2(struct crypto_shash *tfm_cmac)
3750{
3751 const u8 u[32] = {
3752 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3753 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3754 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3755 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3756 const u8 v[32] = {
3757 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3758 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3759 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3760 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3761 const u8 x[16] = {
3762 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3763 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3764 const u8 y[16] = {
3765 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3766 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3767 const u32 exp_val = 0x2f9ed5ba % 1000000;
3768 u32 val;
3769 int err;
3770
3771 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3772 if (err)
3773 return err;
3774
3775 if (val != exp_val)
3776 return -EINVAL;
3777
3778 return 0;
3779}
3780
3781static int __init test_h6(struct crypto_shash *tfm_cmac)
3782{
3783 const u8 w[16] = {
3784 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3785 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3786 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3787 const u8 exp[16] = {
3788 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3789 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3790 u8 res[16];
3791 int err;
3792
3793 err = smp_h6(tfm_cmac, w, key_id, res);
3794 if (err)
3795 return err;
3796
3797 if (crypto_memneq(res, exp, 16))
3798 return -EINVAL;
3799
3800 return 0;
3801}
3802
3803static char test_smp_buffer[32];
3804
3805static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3806 size_t count, loff_t *ppos)
3807{
3808 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3809 strlen(test_smp_buffer));
3810}
3811
3812static const struct file_operations test_smp_fops = {
3813 .open = simple_open,
3814 .read = test_smp_read,
3815 .llseek = default_llseek,
3816};
3817
3818static int __init run_selftests(struct crypto_cipher *tfm_aes,
3819 struct crypto_shash *tfm_cmac,
3820 struct crypto_kpp *tfm_ecdh)
3821{
3822 ktime_t calltime, delta, rettime;
3823 unsigned long long duration;
3824 int err;
3825
3826 calltime = ktime_get();
3827
3828 err = test_debug_key(tfm_ecdh);
3829 if (err) {
3830 BT_ERR("debug_key test failed");
3831 goto done;
3832 }
3833
3834 err = test_ah(tfm_aes);
3835 if (err) {
3836 BT_ERR("smp_ah test failed");
3837 goto done;
3838 }
3839
3840 err = test_c1(tfm_aes);
3841 if (err) {
3842 BT_ERR("smp_c1 test failed");
3843 goto done;
3844 }
3845
3846 err = test_s1(tfm_aes);
3847 if (err) {
3848 BT_ERR("smp_s1 test failed");
3849 goto done;
3850 }
3851
3852 err = test_f4(tfm_cmac);
3853 if (err) {
3854 BT_ERR("smp_f4 test failed");
3855 goto done;
3856 }
3857
3858 err = test_f5(tfm_cmac);
3859 if (err) {
3860 BT_ERR("smp_f5 test failed");
3861 goto done;
3862 }
3863
3864 err = test_f6(tfm_cmac);
3865 if (err) {
3866 BT_ERR("smp_f6 test failed");
3867 goto done;
3868 }
3869
3870 err = test_g2(tfm_cmac);
3871 if (err) {
3872 BT_ERR("smp_g2 test failed");
3873 goto done;
3874 }
3875
3876 err = test_h6(tfm_cmac);
3877 if (err) {
3878 BT_ERR("smp_h6 test failed");
3879 goto done;
3880 }
3881
3882 rettime = ktime_get();
3883 delta = ktime_sub(rettime, calltime);
3884 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3885
3886 BT_INFO("SMP test passed in %llu usecs", duration);
3887
3888done:
3889 if (!err)
3890 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3891 "PASS (%llu usecs)\n", duration);
3892 else
3893 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3894
3895 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3896 &test_smp_fops);
3897
3898 return err;
3899}
3900
3901int __init bt_selftest_smp(void)
3902{
3903 struct crypto_cipher *tfm_aes;
3904 struct crypto_shash *tfm_cmac;
3905 struct crypto_kpp *tfm_ecdh;
3906 int err;
3907
3908 tfm_aes = crypto_alloc_cipher("aes", 0, 0);
3909 if (IS_ERR(tfm_aes)) {
3910 BT_ERR("Unable to create AES crypto context");
3911 return PTR_ERR(tfm_aes);
3912 }
3913
3914 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
3915 if (IS_ERR(tfm_cmac)) {
3916 BT_ERR("Unable to create CMAC crypto context");
3917 crypto_free_cipher(tfm_aes);
3918 return PTR_ERR(tfm_cmac);
3919 }
3920
3921 tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
3922 if (IS_ERR(tfm_ecdh)) {
3923 BT_ERR("Unable to create ECDH crypto context");
3924 crypto_free_shash(tfm_cmac);
3925 crypto_free_cipher(tfm_aes);
3926 return PTR_ERR(tfm_ecdh);
3927 }
3928
3929 err = run_selftests(tfm_aes, tfm_cmac, tfm_ecdh);
3930
3931 crypto_free_shash(tfm_cmac);
3932 crypto_free_cipher(tfm_aes);
3933 crypto_free_kpp(tfm_ecdh);
3934
3935 return err;
3936}
3937
3938#endif
3939