]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/smp.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: [Config] CONFIG_RTL8723BS=m
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59 24#include <linux/scatterlist.h>
a4770e11 25#include <linux/crypto.h>
329d8230 26#include <crypto/algapi.h>
8c520a59 27#include <crypto/b128ops.h>
71af2f6b 28#include <crypto/hash.h>
8c520a59 29
eb492e01
AB		 30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
2b64d153 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
58771c1c 35#include "ecdh_helper.h"
ac4b7236 36#include "smp.h"
d22ef0bc 37
2fd36558
JH		 38#define SMP_DEV(hdev) \
39 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
40
c7a3d57d
JH		 41/* Low-level debug macros to be used for stuff that we don't want
42 * accidentially in dmesg, i.e. the values of the various crypto keys
43 * and the inputs & outputs of crypto functions.
44 */
45#ifdef DEBUG
46#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
47 ##__VA_ARGS__)
48#else
49#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
50 ##__VA_ARGS__)
51#endif
52
b28b4943 53#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 54
3b19146d
JH		 55/* Keys which are not distributed with Secure Connections */
56#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
57
17b02e62 58#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 59
d7a5a11d 60#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
a62da6f1 61 0x3f : 0x07)
0edb14de 62#define KEY_DIST_MASK 0x07
065a13e2 63
cbbbe3e2
JH		 64/* Maximum message length that can be passed to aes_cmac */
65#define CMAC_MSG_MAX 80
66
533e35d4
JH		 67enum {
68 SMP_FLAG_TK_VALID,
69 SMP_FLAG_CFM_PENDING,
70 SMP_FLAG_MITM_AUTH,
71 SMP_FLAG_COMPLETE,
72 SMP_FLAG_INITIATOR,
65668776 73 SMP_FLAG_SC,
d8f8edbe 74 SMP_FLAG_REMOTE_PK,
aeb7d461 75 SMP_FLAG_DEBUG_KEY,
38606f14 76 SMP_FLAG_WAIT_USER,
d3e54a87 77 SMP_FLAG_DHKEY_PENDING,
1a8bab4f
JH		 78 SMP_FLAG_REMOTE_OOB,
79 SMP_FLAG_LOCAL_OOB,
a62da6f1 80 SMP_FLAG_CT2,
533e35d4 81};
4bc58f51 82
88a479d9 83struct smp_dev {
60a27d65
MH		 84 /* Secure Connections OOB data */
85 u8 local_pk[64];
86 u8 local_sk[32];
fb334fee 87 u8 local_rand[16];
60a27d65
MH		 88 bool debug_key;
89
b1f663c9 90 u8 min_key_size;
2fd36558
JH		 91 u8 max_key_size;
92
a4770e11 93 struct crypto_cipher *tfm_aes;
71af2f6b 94 struct crypto_shash *tfm_cmac;
88a479d9
MH		 95};
96
4bc58f51 97struct smp_chan {
b68fda68
JH		 98 struct l2cap_conn *conn;
99 struct delayed_work security_timer;
b28b4943 100 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 101
4bc58f51
JH		 102 u8 preq[7]; /* SMP Pairing Request */
103 u8 prsp[7]; /* SMP Pairing Response */
104 u8 prnd[16]; /* SMP Pairing Random (local) */
105 u8 rrnd[16]; /* SMP Pairing Random (remote) */
106 u8 pcnf[16]; /* SMP Pairing Confirm */
107 u8 tk[16]; /* SMP Temporary Key */
882fafad
JH		 108 u8 rr[16]; /* Remote OOB ra/rb value */
109 u8 lr[16]; /* Local OOB ra/rb value */
4bc58f51
JH		 110 u8 enc_key_size;
111 u8 remote_key_dist;
112 bdaddr_t id_addr;
113 u8 id_addr_type;
114 u8 irk[16];
115 struct smp_csrk *csrk;
116 struct smp_csrk *slave_csrk;
117 struct smp_ltk *ltk;
118 struct smp_ltk *slave_ltk;
119 struct smp_irk *remote_irk;
6a77083a 120 u8 *link_key;
4a74d658 121 unsigned long flags;
783e0574 122 u8 method;
38606f14 123 u8 passkey_round;
6a7bd103 124
3b19146d
JH		 125 /* Secure Connections variables */
126 u8 local_pk[64];
127 u8 local_sk[32];
d8f8edbe
JH		 128 u8 remote_pk[64];
129 u8 dhkey[32];
760b018b 130 u8 mackey[16];
3b19146d 131
a4770e11 132 struct crypto_cipher *tfm_aes;
71af2f6b 133 struct crypto_shash *tfm_cmac;
4bc58f51
JH		 134};
135
aeb7d461
JH		 136/* These debug key values are defined in the SMP section of the core
137 * specification. debug_pk is the public debug key and debug_sk the
138 * private debug key.
139 */
140static const u8 debug_pk[64] = {
141 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
142 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
143 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
144 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
145
146 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
147 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
148 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
149 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
150};
151
152static const u8 debug_sk[32] = {
153 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
154 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
155 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
156 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
157};
158
8a2936f4 159static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 160{
8a2936f4 161 size_t i;
d22ef0bc 162
8a2936f4
JH		 163 for (i = 0; i < len; i++)
164 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 165}
166
06edf8de
JH		 167/* The following functions map to the LE SC SMP crypto functions
168 * AES-CMAC, f4, f5, f6, g2 and h6.
169 */
170
71af2f6b 171static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
cbbbe3e2
JH		 172 size_t len, u8 mac[16])
173{
174 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
71af2f6b 175 SHASH_DESC_ON_STACK(desc, tfm);
cbbbe3e2
JH		 176 int err;
177
178 if (len > CMAC_MSG_MAX)
179 return -EFBIG;
180
181 if (!tfm) {
182 BT_ERR("tfm %p", tfm);
183 return -EINVAL;
184 }
185
71af2f6b
HX		 186 desc->tfm = tfm;
187 desc->flags = 0;
cbbbe3e2
JH		 188
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
c7a3d57d
JH		 193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
cbbbe3e2 195
71af2f6b 196 err = crypto_shash_setkey(tfm, tmp, 16);
cbbbe3e2
JH		 197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
71af2f6b
HX		 202 err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
203 shash_desc_zero(desc);
cbbbe3e2 204 if (err) {
71af2f6b 205 BT_ERR("Hash computation error %d", err);
cbbbe3e2
JH		 206 return err;
207 }
208
209 swap_buf(mac_msb, mac, 16);
210
c7a3d57d 211 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 212
213 return 0;
214}
215
71af2f6b
HX		 216static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
217 const u8 v[32], const u8 x[16], u8 z, u8 res[16])
cbbbe3e2
JH		 218{
219 u8 m[65];
220 int err;
221
c7a3d57d
JH		 222 SMP_DBG("u %32phN", u);
223 SMP_DBG("v %32phN", v);
224 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 225
226 m[0] = z;
227 memcpy(m + 1, v, 32);
228 memcpy(m + 33, u, 32);
229
230 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
231 if (err)
232 return err;
233
c7a3d57d 234 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 235
236 return err;
237}
238
71af2f6b 239static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
4da50de8
JH		 240 const u8 n1[16], const u8 n2[16], const u8 a1[7],
241 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 242{
243 /* The btle, salt and length "magic" values are as defined in
244 * the SMP section of the Bluetooth core specification. In ASCII
245 * the btle value ends up being 'btle'. The salt is just a
246 * random number whereas length is the value 256 in little
247 * endian format.
248 */
249 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
250 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
251 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
252 const u8 length[2] = { 0x00, 0x01 };
253 u8 m[53], t[16];
254 int err;
255
c7a3d57d
JH		 256 SMP_DBG("w %32phN", w);
257 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
258 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 259
260 err = aes_cmac(tfm_cmac, salt, w, 32, t);
261 if (err)
262 return err;
263
c7a3d57d 264 SMP_DBG("t %16phN", t);
760b018b
JH		 265
266 memcpy(m, length, 2);
267 memcpy(m + 2, a2, 7);
268 memcpy(m + 9, a1, 7);
269 memcpy(m + 16, n2, 16);
270 memcpy(m + 32, n1, 16);
271 memcpy(m + 48, btle, 4);
272
273 m[52] = 0; /* Counter */
274
275 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
276 if (err)
277 return err;
278
c7a3d57d 279 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 280
281 m[52] = 1; /* Counter */
282
283 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
284 if (err)
285 return err;
286
c7a3d57d 287 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 288
289 return 0;
290}
291
71af2f6b 292static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
4da50de8 293 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 294 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
295 u8 res[16])
296{
297 u8 m[65];
298 int err;
299
c7a3d57d
JH		 300 SMP_DBG("w %16phN", w);
301 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
302 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 303
304 memcpy(m, a2, 7);
305 memcpy(m + 7, a1, 7);
306 memcpy(m + 14, io_cap, 3);
307 memcpy(m + 17, r, 16);
308 memcpy(m + 33, n2, 16);
309 memcpy(m + 49, n1, 16);
310
311 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
312 if (err)
313 return err;
314
203de21b 315 SMP_DBG("res %16phN", res);
760b018b
JH		 316
317 return err;
318}
319
71af2f6b 320static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
191dc7fe
JH		 321 const u8 x[16], const u8 y[16], u32 *val)
322{
323 u8 m[80], tmp[16];
324 int err;
325
c7a3d57d
JH		 326 SMP_DBG("u %32phN", u);
327 SMP_DBG("v %32phN", v);
328 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 329
330 memcpy(m, y, 16);
331 memcpy(m + 16, v, 32);
332 memcpy(m + 48, u, 32);
333
334 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
335 if (err)
336 return err;
337
338 *val = get_unaligned_le32(tmp);
339 *val %= 1000000;
340
c7a3d57d 341 SMP_DBG("val %06u", *val);
191dc7fe
JH		 342
343 return 0;
344}
345
71af2f6b 346static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
06edf8de
JH		 347 const u8 key_id[4], u8 res[16])
348{
349 int err;
350
351 SMP_DBG("w %16phN key_id %4phN", w, key_id);
352
353 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
354 if (err)
355 return err;
356
357 SMP_DBG("res %16phN", res);
358
359 return err;
360}
361
a62da6f1
JH		 362static int smp_h7(struct crypto_shash *tfm_cmac, const u8 w[16],
363 const u8 salt[16], u8 res[16])
364{
365 int err;
366
367 SMP_DBG("w %16phN salt %16phN", w, salt);
368
369 err = aes_cmac(tfm_cmac, salt, w, 16, res);
370 if (err)
371 return err;
372
373 SMP_DBG("res %16phN", res);
374
375 return err;
376}
377
06edf8de
JH		 378/* The following functions map to the legacy SMP crypto functions e, c1,
379 * s1 and ah.
380 */
381
a4770e11 382static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
d22ef0bc 383{
943a732a 384 uint8_t tmp[16], data[16];
201a5929 385 int err;
d22ef0bc 386
011c391a
JH		 387 SMP_DBG("k %16phN r %16phN", k, r);
388
7f376cd6 389 if (!tfm) {
d22ef0bc
AB		 390 BT_ERR("tfm %p", tfm);
391 return -EINVAL;
392 }
393
943a732a 394 /* The most significant octet of key corresponds to k[0] */
8a2936f4 395 swap_buf(k, tmp, 16);
943a732a 396
a4770e11 397 err = crypto_cipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 398 if (err) {
399 BT_ERR("cipher setkey failed: %d", err);
400 return err;
401 }
402
943a732a 403 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 404 swap_buf(r, data, 16);
943a732a 405
a4770e11 406 crypto_cipher_encrypt_one(tfm, data, data);
d22ef0bc 407
943a732a 408 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 409 swap_buf(data, r, 16);
943a732a 410
011c391a
JH		 411 SMP_DBG("r %16phN", r);
412
d22ef0bc
AB		 413 return err;
414}
415
a4770e11 416static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
06edf8de
JH		 417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 419{
06edf8de 420 u8 p1[16], p2[16];
6a77083a
JH		 421 int err;
422
011c391a
JH		 423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
06edf8de 427 memset(p1, 0, 16);
6a77083a 428
06edf8de
JH		 429 /* p1 = pres || preq || _rat || _iat */
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
011c391a 435 SMP_DBG("p1 %16phN", p1);
06edf8de
JH		 436
437 /* res = r XOR p1 */
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
6a77083a 444 return err;
06edf8de 445 }
6a77083a 446
011c391a
JH		 447 /* p2 = padding || ia || ra */
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
06edf8de
JH		 454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
a4770e11 465static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
06edf8de
JH		 466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467{
468 int err;
469
470 /* Just least significant octets from r1 and r2 are considered */
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
6a77083a
JH		 477
478 return err;
479}
480
a4770e11 481static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
cd082797 482 const u8 r[3], u8 res[3])
60478054 483{
943a732a 484 u8 _res[16];
60478054
JH		 485 int err;
486
487 /* r' = padding || r */
943a732a
JH		 488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
60478054 490
943a732a 491 err = smp_e(tfm, irk, _res);
60478054
JH		 492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497 /* The output of the random address function ah is:
c5080d42 498 * ah(k, r) = e(k, r') mod 2^24
60478054
JH		 499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
501 * result of ah.
502 */
943a732a 503 memcpy(res, _res, 3);
60478054
JH		 504
505 return 0;
506}
507
cd082797
JH		 508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
60478054 510{
defce9e8 511 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 512 struct smp_dev *smp;
60478054
JH		 513 u8 hash[3];
514 int err;
515
defce9e8
JH		 516 if (!chan || !chan->data)
517 return false;
518
88a479d9 519 smp = chan->data;
defce9e8 520
60478054
JH		 521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
88a479d9 523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 524 if (err)
525 return false;
526
329d8230 527 return !crypto_memneq(bdaddr->b, hash, 3);
60478054
JH		 528}
529
cd082797 530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 531{
defce9e8 532 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 533 struct smp_dev *smp;
b1e2b3ae
JH		 534 int err;
535
defce9e8
JH		 536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
88a479d9 539 smp = chan->data;
defce9e8 540
b1e2b3ae
JH		 541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
545
88a479d9 546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
60a27d65
MH		 555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
71653eb6
MH		 573 /* Seed private key with random number */
574 get_random_bytes(smp->local_sk, 32);
575
60a27d65 576 /* Generate local key pair for Secure Connections */
58771c1c 577 if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
60a27d65
MH		 578 return -EIO;
579
580 /* This is unlikely, but we need to check that
581 * we didn't accidentially generate a debug key.
582 */
329d8230 583 if (crypto_memneq(smp->local_sk, debug_sk, 32))
60a27d65
MH		 584 break;
585 }
586 smp->debug_key = false;
587 }
588
589 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
590 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
591 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
592
fb334fee 593 get_random_bytes(smp->local_rand, 16);
60a27d65
MH		 594
595 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
fb334fee 596 smp->local_rand, 0, hash);
60a27d65
MH		 597 if (err < 0)
598 return err;
599
fb334fee 600 memcpy(rand, smp->local_rand, 16);
60a27d65
MH		 601
602 return 0;
603}
604
5d88cc73 605static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 606{
5d88cc73 607 struct l2cap_chan *chan = conn->smp;
b68fda68 608 struct smp_chan *smp;
5d88cc73
JH		 609 struct kvec iv[2];
610 struct msghdr msg;
eb492e01 611
5d88cc73
JH		 612 if (!chan)
613 return;
eb492e01 614
5d88cc73 615 BT_DBG("code 0x%2.2x", code);
eb492e01 616
5d88cc73
JH		 617 iv[0].iov_base = &code;
618 iv[0].iov_len = 1;
eb492e01 619
5d88cc73
JH		 620 iv[1].iov_base = data;
621 iv[1].iov_len = len;
eb492e01 622
5d88cc73 623 memset(&msg, 0, sizeof(msg));
eb492e01 624
17836394 625 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 626
5d88cc73 627 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 628
b68fda68
JH		 629 if (!chan->data)
630 return;
631
632 smp = chan->data;
633
634 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 635 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 636}
637
d2eb9e10 638static u8 authreq_to_seclevel(u8 authreq)
2b64d153 639{
d2eb9e10
JH		 640 if (authreq & SMP_AUTH_MITM) {
641 if (authreq & SMP_AUTH_SC)
642 return BT_SECURITY_FIPS;
643 else
644 return BT_SECURITY_HIGH;
645 } else {
2b64d153 646 return BT_SECURITY_MEDIUM;
d2eb9e10 647 }
2b64d153
BG		 648}
649
650static __u8 seclevel_to_authreq(__u8 sec_level)
651{
652 switch (sec_level) {
d2eb9e10 653 case BT_SECURITY_FIPS:
2b64d153
BG		 654 case BT_SECURITY_HIGH:
655 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
656 case BT_SECURITY_MEDIUM:
657 return SMP_AUTH_BONDING;
658 default:
659 return SMP_AUTH_NONE;
660 }
661}
662
b8e66eac 663static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 664 struct smp_cmd_pairing *req,
665 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 666{
5d88cc73
JH		 667 struct l2cap_chan *chan = conn->smp;
668 struct smp_chan *smp = chan->data;
fd349c02
JH		 669 struct hci_conn *hcon = conn->hcon;
670 struct hci_dev *hdev = hcon->hdev;
02b05bd8 671 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 674 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
675 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 676 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 677 } else {
678 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 679 }
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 682 remote_dist |= SMP_DIST_ID_KEY;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 685 local_dist |= SMP_DIST_ID_KEY;
686
d7a5a11d 687 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 688 (authreq & SMP_AUTH_SC)) {
689 struct oob_data *oob_data;
690 u8 bdaddr_type;
691
d7a5a11d 692 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 693 local_dist |= SMP_DIST_LINK_KEY;
694 remote_dist |= SMP_DIST_LINK_KEY;
695 }
02b05bd8
JH		 696
697 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
698 bdaddr_type = BDADDR_LE_PUBLIC;
699 else
700 bdaddr_type = BDADDR_LE_RANDOM;
701
702 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
703 bdaddr_type);
4775a4ea 704 if (oob_data && oob_data->present) {
1a8bab4f 705 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
02b05bd8 706 oob_flag = SMP_OOB_PRESENT;
a29b0733 707 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8 708 memcpy(smp->pcnf, oob_data->hash256, 16);
bc07cd69
MH		 709 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
710 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
02b05bd8
JH		 711 }
712
df8e1a4c
JH		 713 } else {
714 authreq &= ~SMP_AUTH_SC;
715 }
716
54790f73
VCG		 717 if (rsp == NULL) {
718 req->io_capability = conn->hcon->io_capability;
02b05bd8 719 req->oob_flag = oob_flag;
2fd36558 720 req->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 721 req->init_key_dist = local_dist;
722 req->resp_key_dist = remote_dist;
0edb14de 723 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 724
725 smp->remote_key_dist = remote_dist;
54790f73
VCG		 726 return;
727 }
728
729 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 730 rsp->oob_flag = oob_flag;
2fd36558 731 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 732 rsp->init_key_dist = req->init_key_dist & remote_dist;
733 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 734 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 735
736 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 737}
738
3158c50c
VCG		 739static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
740{
5d88cc73 741 struct l2cap_chan *chan = conn->smp;
2fd36558 742 struct hci_dev *hdev = conn->hcon->hdev;
5d88cc73 743 struct smp_chan *smp = chan->data;
1c1def09 744
2fd36558
JH		 745 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
746 max_key_size < SMP_MIN_ENC_KEY_SIZE)
3158c50c
VCG		 747 return SMP_ENC_KEY_SIZE;
748
f7aa611a 749 smp->enc_key_size = max_key_size;
3158c50c
VCG		 750
751 return 0;
752}
753
6f48e260
JH		 754static void smp_chan_destroy(struct l2cap_conn *conn)
755{
756 struct l2cap_chan *chan = conn->smp;
757 struct smp_chan *smp = chan->data;
923e2414 758 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 759 bool complete;
760
761 BUG_ON(!smp);
762
763 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 764
6f48e260 765 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 766 mgmt_smp_complete(hcon, complete);
6f48e260 767
276812ec
MH		 768 kzfree(smp->csrk);
769 kzfree(smp->slave_csrk);
770 kzfree(smp->link_key);
6f48e260 771
a4770e11 772 crypto_free_cipher(smp->tfm_aes);
71af2f6b 773 crypto_free_shash(smp->tfm_cmac);
6f48e260 774
923e2414
JH		 775 /* Ensure that we don't leave any debug key around if debug key
776 * support hasn't been explicitly enabled.
777 */
778 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 779 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 780 list_del_rcu(&smp->ltk->list);
781 kfree_rcu(smp->ltk, rcu);
782 smp->ltk = NULL;
783 }
784
6f48e260
JH		 785 /* If pairing failed clean up any keys we might have */
786 if (!complete) {
787 if (smp->ltk) {
970d0f1b
JH		 788 list_del_rcu(&smp->ltk->list);
789 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 790 }
791
792 if (smp->slave_ltk) {
970d0f1b
JH		 793 list_del_rcu(&smp->slave_ltk->list);
794 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 795 }
796
797 if (smp->remote_irk) {
adae20cb
JH		 798 list_del_rcu(&smp->remote_irk->list);
799 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 800 }
801 }
802
803 chan->data = NULL;
276812ec 804 kzfree(smp);
923e2414 805 hci_conn_drop(hcon);
6f48e260
JH		 806}
807
84794e11 808static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 809{
bab73cb6 810 struct hci_conn *hcon = conn->hcon;
b68fda68 811 struct l2cap_chan *chan = conn->smp;
bab73cb6 812
84794e11 813 if (reason)
4f957a76 814 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 815 &reason);
4f957a76 816
e1e930f5 817 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 818
fc75cc86 819 if (chan->data)
f1c09c07 820 smp_chan_destroy(conn);
4f957a76
BG		 821}
822
2b64d153
BG		 823#define JUST_WORKS 0x00
824#define JUST_CFM 0x01
825#define REQ_PASSKEY 0x02
826#define CFM_PASSKEY 0x03
827#define REQ_OOB 0x04
5e3d3d9b 828#define DSP_PASSKEY 0x05
2b64d153
BG		 829#define OVERLAP 0xFF
830
831static const u8 gen_method[5][5] = {
832 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
833 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
834 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
835 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
836 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
837};
838
5e3d3d9b
JH		 839static const u8 sc_method[5][5] = {
840 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
841 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
843 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
844 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
845};
846
581370cc
JH		 847static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
848{
2bcd4003
JH		 849 /* If either side has unknown io_caps, use JUST_CFM (which gets
850 * converted later to JUST_WORKS if we're initiators.
851 */
581370cc
JH		 852 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
853 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 854 return JUST_CFM;
581370cc 855
5e3d3d9b
JH		 856 if (test_bit(SMP_FLAG_SC, &smp->flags))
857 return sc_method[remote_io][local_io];
858
581370cc
JH		 859 return gen_method[remote_io][local_io];
860}
861
2b64d153
BG		 862static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
863 u8 local_io, u8 remote_io)
864{
865 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 866 struct l2cap_chan *chan = conn->smp;
867 struct smp_chan *smp = chan->data;
2b64d153
BG		 868 u32 passkey = 0;
869 int ret = 0;
870
871 /* Initialize key for JUST WORKS */
872 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 873 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 874
875 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
876
2bcd4003
JH		 877 /* If neither side wants MITM, either "just" confirm an incoming
878 * request or use just-works for outgoing ones. The JUST_CFM
879 * will be converted to JUST_WORKS if necessary later in this
880 * function. If either side has MITM look up the method from the
881 * table.
882 */
581370cc 883 if (!(auth & SMP_AUTH_MITM))
783e0574 884 smp->method = JUST_CFM;
2b64d153 885 else
783e0574 886 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 887
a82505c7 888 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 889 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
890 &smp->flags))
891 smp->method = JUST_WORKS;
a82505c7 892
02f3e254 893 /* Don't bother user space with no IO capabilities */
783e0574
JH		 894 if (smp->method == JUST_CFM &&
895 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
896 smp->method = JUST_WORKS;
02f3e254 897
2b64d153 898 /* If Just Works, Continue with Zero TK */
783e0574 899 if (smp->method == JUST_WORKS) {
4a74d658 900 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 901 return 0;
902 }
903
19c5ce9c
JH		 904 /* If this function is used for SC -> legacy fallback we
905 * can only recover the just-works case.
906 */
907 if (test_bit(SMP_FLAG_SC, &smp->flags))
908 return -EINVAL;
909
2b64d153 910 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 911 if (smp->method != JUST_CFM) {
4a74d658 912 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 913 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
914 hcon->pending_sec_level = BT_SECURITY_HIGH;
915 }
2b64d153
BG		 916
917 /* If both devices have Keyoard-Display I/O, the master
918 * Confirms and the slave Enters the passkey.
919 */
783e0574 920 if (smp->method == OVERLAP) {
40bef302 921 if (hcon->role == HCI_ROLE_MASTER)
783e0574 922 smp->method = CFM_PASSKEY;
2b64d153 923 else
783e0574 924 smp->method = REQ_PASSKEY;
2b64d153
BG		 925 }
926
01ad34d2 927 /* Generate random passkey. */
783e0574 928 if (smp->method == CFM_PASSKEY) {
943a732a 929 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 930 get_random_bytes(&passkey, sizeof(passkey));
931 passkey %= 1000000;
943a732a 932 put_unaligned_le32(passkey, smp->tk);
2b64d153 933 BT_DBG("PassKey: %d", passkey);
4a74d658 934 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 935 }
936
783e0574 937 if (smp->method == REQ_PASSKEY)
ce39fb4e 938 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 939 hcon->type, hcon->dst_type);
783e0574 940 else if (smp->method == JUST_CFM)
4eb65e66
JH		 941 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
942 hcon->type, hcon->dst_type,
943 passkey, 1);
2b64d153 944 else
01ad34d2 945 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 946 hcon->type, hcon->dst_type,
39adbffe 947 passkey, 0);
2b64d153 948
2b64d153
BG		 949 return ret;
950}
951
1cc61144 952static u8 smp_confirm(struct smp_chan *smp)
8aab4757 953{
8aab4757 954 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 955 struct smp_cmd_pairing_confirm cp;
956 int ret;
8aab4757
VCG		 957
958 BT_DBG("conn %p", conn);
959
e491eaf3 960 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 961 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 962 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
963 cp.confirm_val);
1cc61144
JH		 964 if (ret)
965 return SMP_UNSPECIFIED;
8aab4757 966
4a74d658 967 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 968
8aab4757
VCG		 969 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
970
b28b4943
JH		 971 if (conn->hcon->out)
972 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
973 else
974 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
975
1cc61144 976 return 0;
8aab4757
VCG		 977}
978
861580a9 979static u8 smp_random(struct smp_chan *smp)
8aab4757 980{
8aab4757
VCG		 981 struct l2cap_conn *conn = smp->conn;
982 struct hci_conn *hcon = conn->hcon;
861580a9 983 u8 confirm[16];
8aab4757
VCG		 984 int ret;
985
ec70f36f 986 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 987 return SMP_UNSPECIFIED;
8aab4757
VCG		 988
989 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
990
e491eaf3 991 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 992 hcon->init_addr_type, &hcon->init_addr,
943a732a 993 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 994 if (ret)
995 return SMP_UNSPECIFIED;
8aab4757 996
329d8230 997 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
8aab4757 998 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 999 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 1000 }
1001
1002 if (hcon->out) {
fe39c7b2
MH		 1003 u8 stk[16];
1004 __le64 rand = 0;
1005 __le16 ediv = 0;
8aab4757 1006
e491eaf3 1007 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 1008
861580a9
JH		 1009 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1010 return SMP_UNSPECIFIED;
8aab4757 1011
8b76ce34 1012 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
f7aa611a 1013 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 1014 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 1015 } else {
fff3490f 1016 u8 stk[16], auth;
fe39c7b2
MH		 1017 __le64 rand = 0;
1018 __le16 ediv = 0;
8aab4757 1019
943a732a
JH		 1020 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1021 smp->prnd);
8aab4757 1022
e491eaf3 1023 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 1024
fff3490f
JH		 1025 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1026 auth = 1;
1027 else
1028 auth = 0;
1029
7d5843b7
JH		 1030 /* Even though there's no _SLAVE suffix this is the
1031 * slave STK we're adding for later lookup (the master
1032 * STK never needs to be stored).
1033 */
ce39fb4e 1034 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1035 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1036 }
1037
861580a9 1038 return 0;
8aab4757
VCG		 1039}
1040
44f1a7ab
JH		 1041static void smp_notify_keys(struct l2cap_conn *conn)
1042{
1043 struct l2cap_chan *chan = conn->smp;
1044 struct smp_chan *smp = chan->data;
1045 struct hci_conn *hcon = conn->hcon;
1046 struct hci_dev *hdev = hcon->hdev;
1047 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1048 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1049 bool persistent;
1050
cad20c27
JH		 1051 if (hcon->type == ACL_LINK) {
1052 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1053 persistent = false;
1054 else
1055 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1056 &hcon->flags);
1057 } else {
1058 /* The LTKs, IRKs and CSRKs should be persistent only if
1059 * both sides had the bonding bit set in their
1060 * authentication requests.
1061 */
1062 persistent = !!((req->auth_req & rsp->auth_req) &
1063 SMP_AUTH_BONDING);
1064 }
1065
44f1a7ab 1066 if (smp->remote_irk) {
cad20c27
JH		 1067 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1068
44f1a7ab
JH		 1069 /* Now that user space can be considered to know the
1070 * identity address track the connection based on it
b5ae344d 1071 * from now on (assuming this is an LE link).
44f1a7ab 1072 */
b5ae344d
JH		 1073 if (hcon->type == LE_LINK) {
1074 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1075 hcon->dst_type = smp->remote_irk->addr_type;
1076 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1077 }
44f1a7ab
JH		 1078 }
1079
44f1a7ab
JH		 1080 if (smp->csrk) {
1081 smp->csrk->bdaddr_type = hcon->dst_type;
1082 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1083 mgmt_new_csrk(hdev, smp->csrk, persistent);
1084 }
1085
1086 if (smp->slave_csrk) {
1087 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1088 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1089 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1090 }
1091
1092 if (smp->ltk) {
1093 smp->ltk->bdaddr_type = hcon->dst_type;
1094 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1095 mgmt_new_ltk(hdev, smp->ltk, persistent);
1096 }
1097
1098 if (smp->slave_ltk) {
1099 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1100 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1101 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1102 }
6a77083a
JH		 1103
1104 if (smp->link_key) {
e3befab9
JH		 1105 struct link_key *key;
1106 u8 type;
1107
1108 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1109 type = HCI_LK_DEBUG_COMBINATION;
1110 else if (hcon->sec_level == BT_SECURITY_FIPS)
1111 type = HCI_LK_AUTH_COMBINATION_P256;
1112 else
1113 type = HCI_LK_UNAUTH_COMBINATION_P256;
1114
1115 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1116 smp->link_key, type, 0, &persistent);
1117 if (key) {
1118 mgmt_new_link_key(hdev, key, persistent);
1119
1120 /* Don't keep debug keys around if the relevant
1121 * flag is not set.
1122 */
d7a5a11d 1123 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1124 key->type == HCI_LK_DEBUG_COMBINATION) {
1125 list_del_rcu(&key->list);
1126 kfree_rcu(key, rcu);
1127 }
1128 }
6a77083a
JH		 1129 }
1130}
1131
d3e54a87
JH		 1132static void sc_add_ltk(struct smp_chan *smp)
1133{
1134 struct hci_conn *hcon = smp->conn->hcon;
1135 u8 key_type, auth;
1136
1137 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1138 key_type = SMP_LTK_P256_DEBUG;
1139 else
1140 key_type = SMP_LTK_P256;
1141
1142 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1143 auth = 1;
1144 else
1145 auth = 0;
1146
d3e54a87
JH		 1147 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1148 key_type, auth, smp->tk, smp->enc_key_size,
1149 0, 0);
1150}
1151
6a77083a
JH		 1152static void sc_generate_link_key(struct smp_chan *smp)
1153{
a62da6f1 1154 /* From core spec. Spells out in ASCII as 'lebr'. */
6a77083a
JH		 1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
a62da6f1
JH		 1161 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1162 /* SALT = 0x00000000000000000000000000000000746D7031 */
1163 const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1164
1165 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
1166 kzfree(smp->link_key);
1167 smp->link_key = NULL;
1168 return;
1169 }
1170 } else {
1171 /* From core spec. Spells out in ASCII as 'tmp1'. */
1172 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1173
1174 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1175 kzfree(smp->link_key);
1176 smp->link_key = NULL;
1177 return;
1178 }
6a77083a
JH		 1179 }
1180
1181 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1182 kzfree(smp->link_key);
6a77083a
JH		 1183 smp->link_key = NULL;
1184 return;
1185 }
44f1a7ab
JH		 1186}
1187
b28b4943
JH		 1188static void smp_allow_key_dist(struct smp_chan *smp)
1189{
1190 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1191 * will be allowed in each PDU handler to ensure we receive
1192 * them in the correct order.
1193 */
1194 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1195 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1196 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1200}
1201
b5ae344d
JH		 1202static void sc_generate_ltk(struct smp_chan *smp)
1203{
a62da6f1 1204 /* From core spec. Spells out in ASCII as 'brle'. */
b5ae344d
JH		 1205 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1206 struct hci_conn *hcon = smp->conn->hcon;
1207 struct hci_dev *hdev = hcon->hdev;
1208 struct link_key *key;
1209
1210 key = hci_find_link_key(hdev, &hcon->dst);
1211 if (!key) {
1212 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1213 return;
1214 }
1215
1216 if (key->type == HCI_LK_DEBUG_COMBINATION)
1217 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1218
a62da6f1
JH		 1219 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1220 /* SALT = 0x00000000000000000000000000000000746D7032 */
1221 const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
1222
1223 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
1224 return;
1225 } else {
1226 /* From core spec. Spells out in ASCII as 'tmp2'. */
1227 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1228
1229 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1230 return;
1231 }
b5ae344d
JH		 1232
1233 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1234 return;
1235
1236 sc_add_ltk(smp);
1237}
1238
d6268e86 1239static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1240{
1241 struct smp_cmd_pairing *req, *rsp;
86d1407c 1242 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1243 struct hci_conn *hcon = conn->hcon;
1244 struct hci_dev *hdev = hcon->hdev;
1245 __u8 *keydist;
1246
1247 BT_DBG("conn %p", conn);
1248
44f1a7ab
JH		 1249 rsp = (void *) &smp->prsp[1];
1250
1251 /* The responder sends its keys first */
b28b4943
JH		 1252 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1253 smp_allow_key_dist(smp);
86d1407c 1254 return;
b28b4943 1255 }
44f1a7ab
JH		 1256
1257 req = (void *) &smp->preq[1];
1258
1259 if (hcon->out) {
1260 keydist = &rsp->init_key_dist;
1261 *keydist &= req->init_key_dist;
1262 } else {
1263 keydist = &rsp->resp_key_dist;
1264 *keydist &= req->resp_key_dist;
1265 }
1266
6a77083a 1267 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1268 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1269 sc_generate_link_key(smp);
b5ae344d
JH		 1270 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1271 sc_generate_ltk(smp);
6a77083a
JH		 1272
1273 /* Clear the keys which are generated but not distributed */
1274 *keydist &= ~SMP_SC_NO_DIST;
1275 }
1276
44f1a7ab
JH		 1277 BT_DBG("keydist 0x%x", *keydist);
1278
1279 if (*keydist & SMP_DIST_ENC_KEY) {
1280 struct smp_cmd_encrypt_info enc;
1281 struct smp_cmd_master_ident ident;
1282 struct smp_ltk *ltk;
1283 u8 authenticated;
1284 __le16 ediv;
1285 __le64 rand;
1286
1fc62c52
JH		 1287 /* Make sure we generate only the significant amount of
1288 * bytes based on the encryption key size, and set the rest
1289 * of the value to zeroes.
1290 */
1291 get_random_bytes(enc.ltk, smp->enc_key_size);
1292 memset(enc.ltk + smp->enc_key_size, 0,
1293 sizeof(enc.ltk) - smp->enc_key_size);
1294
44f1a7ab
JH		 1295 get_random_bytes(&ediv, sizeof(ediv));
1296 get_random_bytes(&rand, sizeof(rand));
1297
1298 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1299
1300 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1301 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1302 SMP_LTK_SLAVE, authenticated, enc.ltk,
1303 smp->enc_key_size, ediv, rand);
1304 smp->slave_ltk = ltk;
1305
1306 ident.ediv = ediv;
1307 ident.rand = rand;
1308
1309 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1310
1311 *keydist &= ~SMP_DIST_ENC_KEY;
1312 }
1313
1314 if (*keydist & SMP_DIST_ID_KEY) {
1315 struct smp_cmd_ident_addr_info addrinfo;
1316 struct smp_cmd_ident_info idinfo;
1317
1318 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1319
1320 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1321
1322 /* The hci_conn contains the local identity address
1323 * after the connection has been established.
1324 *
1325 * This is true even when the connection has been
1326 * established using a resolvable random address.
1327 */
1328 bacpy(&addrinfo.bdaddr, &hcon->src);
1329 addrinfo.addr_type = hcon->src_type;
1330
1331 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1332 &addrinfo);
1333
1334 *keydist &= ~SMP_DIST_ID_KEY;
1335 }
1336
1337 if (*keydist & SMP_DIST_SIGN) {
1338 struct smp_cmd_sign_info sign;
1339 struct smp_csrk *csrk;
1340
1341 /* Generate a new random key */
1342 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1343
1344 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1345 if (csrk) {
4cd3928a
JH		 1346 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1347 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1348 else
1349 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1350 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1351 }
1352 smp->slave_csrk = csrk;
1353
1354 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1355
1356 *keydist &= ~SMP_DIST_SIGN;
1357 }
1358
1359 /* If there are still keys to be received wait for them */
b28b4943
JH		 1360 if (smp->remote_key_dist & KEY_DIST_MASK) {
1361 smp_allow_key_dist(smp);
86d1407c 1362 return;
b28b4943 1363 }
44f1a7ab 1364
44f1a7ab
JH		 1365 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1366 smp_notify_keys(conn);
1367
1368 smp_chan_destroy(conn);
44f1a7ab
JH		 1369}
1370
b68fda68
JH		 1371static void smp_timeout(struct work_struct *work)
1372{
1373 struct smp_chan *smp = container_of(work, struct smp_chan,
1374 security_timer.work);
1375 struct l2cap_conn *conn = smp->conn;
1376
1377 BT_DBG("conn %p", conn);
1378
1e91c29e 1379 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1380}
1381
8aab4757
VCG		 1382static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1383{
5d88cc73 1384 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1385 struct smp_chan *smp;
1386
f1560463 1387 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1388 if (!smp)
8aab4757
VCG		 1389 return NULL;
1390
a4770e11 1391 smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
6a7bd103 1392 if (IS_ERR(smp->tfm_aes)) {
a4770e11 1393 BT_ERR("Unable to create AES crypto context");
276812ec 1394 kzfree(smp);
6a7bd103
JH		 1395 return NULL;
1396 }
1397
71af2f6b 1398 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
407cecf6
JH		 1399 if (IS_ERR(smp->tfm_cmac)) {
1400 BT_ERR("Unable to create CMAC crypto context");
a4770e11 1401 crypto_free_cipher(smp->tfm_aes);
276812ec 1402 kzfree(smp);
407cecf6
JH		 1403 return NULL;
1404 }
1405
8aab4757 1406 smp->conn = conn;
5d88cc73 1407 chan->data = smp;
8aab4757 1408
b28b4943
JH		 1409 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1410
b68fda68
JH		 1411 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1412
8aab4757
VCG		 1413 hci_conn_hold(conn->hcon);
1414
1415 return smp;
1416}
1417
760b018b
JH		 1418static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1419{
1420 struct hci_conn *hcon = smp->conn->hcon;
1421 u8 *na, *nb, a[7], b[7];
1422
1423 if (hcon->out) {
1424 na = smp->prnd;
1425 nb = smp->rrnd;
1426 } else {
1427 na = smp->rrnd;
1428 nb = smp->prnd;
1429 }
1430
1431 memcpy(a, &hcon->init_addr, 6);
1432 memcpy(b, &hcon->resp_addr, 6);
1433 a[6] = hcon->init_addr_type;
1434 b[6] = hcon->resp_addr_type;
1435
1436 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1437}
1438
38606f14 1439static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1440{
1441 struct hci_conn *hcon = smp->conn->hcon;
1442 struct smp_cmd_dhkey_check check;
1443 u8 a[7], b[7], *local_addr, *remote_addr;
1444 u8 io_cap[3], r[16];
1445
760b018b
JH		 1446 memcpy(a, &hcon->init_addr, 6);
1447 memcpy(b, &hcon->resp_addr, 6);
1448 a[6] = hcon->init_addr_type;
1449 b[6] = hcon->resp_addr_type;
1450
1451 if (hcon->out) {
1452 local_addr = a;
1453 remote_addr = b;
1454 memcpy(io_cap, &smp->preq[1], 3);
1455 } else {
1456 local_addr = b;
1457 remote_addr = a;
1458 memcpy(io_cap, &smp->prsp[1], 3);
1459 }
1460
dddd3059
JH		 1461 memset(r, 0, sizeof(r));
1462
1463 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1464 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1465
a29b0733
JH		 1466 if (smp->method == REQ_OOB)
1467 memcpy(r, smp->rr, 16);
1468
760b018b
JH		 1469 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1470 local_addr, remote_addr, check.e);
1471
1472 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1473}
1474
38606f14
JH		 1475static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1476{
1477 struct l2cap_conn *conn = smp->conn;
1478 struct hci_conn *hcon = conn->hcon;
1479 struct smp_cmd_pairing_confirm cfm;
1480 u8 r;
1481
1482 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1483 r |= 0x80;
1484
1485 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1486
1487 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1488 cfm.confirm_val))
1489 return SMP_UNSPECIFIED;
1490
1491 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1492
1493 return 0;
1494}
1495
1496static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1497{
1498 struct l2cap_conn *conn = smp->conn;
1499 struct hci_conn *hcon = conn->hcon;
1500 struct hci_dev *hdev = hcon->hdev;
1501 u8 cfm[16], r;
1502
1503 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1504 if (smp->passkey_round >= 20)
1505 return 0;
1506
1507 switch (smp_op) {
1508 case SMP_CMD_PAIRING_RANDOM:
1509 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1510 r |= 0x80;
1511
1512 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1513 smp->rrnd, r, cfm))
1514 return SMP_UNSPECIFIED;
1515
329d8230 1516 if (crypto_memneq(smp->pcnf, cfm, 16))
38606f14
JH		 1517 return SMP_CONFIRM_FAILED;
1518
1519 smp->passkey_round++;
1520
1521 if (smp->passkey_round == 20) {
1522 /* Generate MacKey and LTK */
1523 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1524 return SMP_UNSPECIFIED;
1525 }
1526
1527 /* The round is only complete when the initiator
1528 * receives pairing random.
1529 */
1530 if (!hcon->out) {
1531 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1532 sizeof(smp->prnd), smp->prnd);
d3e54a87 1533 if (smp->passkey_round == 20)
38606f14 1534 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1535 else
38606f14 1536 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1537 return 0;
1538 }
1539
1540 /* Start the next round */
1541 if (smp->passkey_round != 20)
1542 return sc_passkey_round(smp, 0);
1543
1544 /* Passkey rounds are complete - start DHKey Check */
1545 sc_dhkey_check(smp);
1546 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1547
1548 break;
1549
1550 case SMP_CMD_PAIRING_CONFIRM:
1551 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1552 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1553 return 0;
1554 }
1555
1556 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1557
1558 if (hcon->out) {
1559 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1560 sizeof(smp->prnd), smp->prnd);
1561 return 0;
1562 }
1563
1564 return sc_passkey_send_confirm(smp);
1565
1566 case SMP_CMD_PUBLIC_KEY:
1567 default:
1568 /* Initiating device starts the round */
1569 if (!hcon->out)
1570 return 0;
1571
1572 BT_DBG("%s Starting passkey round %u", hdev->name,
1573 smp->passkey_round + 1);
1574
1575 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1576
1577 return sc_passkey_send_confirm(smp);
1578 }
1579
1580 return 0;
1581}
1582
dddd3059
JH		 1583static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1584{
38606f14
JH		 1585 struct l2cap_conn *conn = smp->conn;
1586 struct hci_conn *hcon = conn->hcon;
1587 u8 smp_op;
1588
1589 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1590
dddd3059
JH		 1591 switch (mgmt_op) {
1592 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1593 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1594 return 0;
1595 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1596 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1597 return 0;
38606f14
JH		 1598 case MGMT_OP_USER_PASSKEY_REPLY:
1599 hcon->passkey_notify = le32_to_cpu(passkey);
1600 smp->passkey_round = 0;
1601
1602 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1603 smp_op = SMP_CMD_PAIRING_CONFIRM;
1604 else
1605 smp_op = 0;
1606
1607 if (sc_passkey_round(smp, smp_op))
1608 return -EIO;
1609
1610 return 0;
dddd3059
JH		 1611 }
1612
d3e54a87
JH		 1613 /* Initiator sends DHKey check first */
1614 if (hcon->out) {
1615 sc_dhkey_check(smp);
1616 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1617 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1618 sc_dhkey_check(smp);
1619 sc_add_ltk(smp);
1620 }
760b018b
JH		 1621
1622 return 0;
1623}
1624
2b64d153
BG		 1625int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1626{
b10e8017 1627 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1628 struct l2cap_chan *chan;
2b64d153
BG		 1629 struct smp_chan *smp;
1630 u32 value;
fc75cc86 1631 int err;
2b64d153
BG		 1632
1633 BT_DBG("");
1634
fc75cc86 1635 if (!conn)
2b64d153
BG		 1636 return -ENOTCONN;
1637
5d88cc73
JH		 1638 chan = conn->smp;
1639 if (!chan)
1640 return -ENOTCONN;
1641
fc75cc86
JH		 1642 l2cap_chan_lock(chan);
1643 if (!chan->data) {
1644 err = -ENOTCONN;
1645 goto unlock;
1646 }
1647
5d88cc73 1648 smp = chan->data;
2b64d153 1649
760b018b
JH		 1650 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1651 err = sc_user_reply(smp, mgmt_op, passkey);
1652 goto unlock;
1653 }
1654
2b64d153
BG		 1655 switch (mgmt_op) {
1656 case MGMT_OP_USER_PASSKEY_REPLY:
1657 value = le32_to_cpu(passkey);
943a732a 1658 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1659 BT_DBG("PassKey: %d", value);
943a732a 1660 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1661 /* Fall Through */
1662 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1663 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1664 break;
1665 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1666 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1667 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1668 err = 0;
1669 goto unlock;
2b64d153 1670 default:
84794e11 1671 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1672 err = -EOPNOTSUPP;
1673 goto unlock;
2b64d153
BG		 1674 }
1675
fc75cc86
JH		 1676 err = 0;
1677
2b64d153 1678 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1679 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1680 u8 rsp = smp_confirm(smp);
1681 if (rsp)
1682 smp_failure(conn, rsp);
1683 }
2b64d153 1684
fc75cc86
JH		 1685unlock:
1686 l2cap_chan_unlock(chan);
1687 return err;
2b64d153
BG		 1688}
1689
b5ae344d
JH		 1690static void build_bredr_pairing_cmd(struct smp_chan *smp,
1691 struct smp_cmd_pairing *req,
1692 struct smp_cmd_pairing *rsp)
1693{
1694 struct l2cap_conn *conn = smp->conn;
1695 struct hci_dev *hdev = conn->hcon->hdev;
1696 u8 local_dist = 0, remote_dist = 0;
1697
d7a5a11d 1698 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1699 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1700 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1701 }
1702
d7a5a11d 1703 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1704 remote_dist |= SMP_DIST_ID_KEY;
1705
d7a5a11d 1706 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1707 local_dist |= SMP_DIST_ID_KEY;
1708
1709 if (!rsp) {
1710 memset(req, 0, sizeof(*req));
1711
a62da6f1 1712 req->auth_req = SMP_AUTH_CT2;
b5ae344d
JH		 1713 req->init_key_dist = local_dist;
1714 req->resp_key_dist = remote_dist;
e3f6a257 1715 req->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1716
1717 smp->remote_key_dist = remote_dist;
1718
1719 return;
1720 }
1721
1722 memset(rsp, 0, sizeof(*rsp));
1723
a62da6f1 1724 rsp->auth_req = SMP_AUTH_CT2;
e3f6a257 1725 rsp->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1726 rsp->init_key_dist = req->init_key_dist & remote_dist;
1727 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1728
1729 smp->remote_key_dist = rsp->init_key_dist;
1730}
1731
da85e5e5 1732static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1733{
3158c50c 1734 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1735 struct l2cap_chan *chan = conn->smp;
b3c6410b 1736 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1737 struct smp_chan *smp;
c7262e71 1738 u8 key_size, auth, sec_level;
8aab4757 1739 int ret;
88ba43b6
AB		 1740
1741 BT_DBG("conn %p", conn);
1742
c46b98be 1743 if (skb->len < sizeof(*req))
38e4a915 1744 return SMP_INVALID_PARAMS;
c46b98be 1745
40bef302 1746 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1747 return SMP_CMD_NOTSUPP;
1748
fc75cc86 1749 if (!chan->data)
8aab4757 1750 smp = smp_chan_create(conn);
fc75cc86 1751 else
5d88cc73 1752 smp = chan->data;
8aab4757 1753
d08fd0e7
AE		 1754 if (!smp)
1755 return SMP_UNSPECIFIED;
d26a2345 1756
c05b9339 1757 /* We didn't start the pairing, so match remote */
0edb14de 1758 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1759
d7a5a11d 1760 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1761 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1762 return SMP_PAIRING_NOTSUPP;
1763
d7a5a11d 1764 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1765 return SMP_AUTH_REQUIREMENTS;
1766
1c1def09
VCG		 1767 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1768 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1769 skb_pull(skb, sizeof(*req));
88ba43b6 1770
cb06d366
JH		 1771 /* If the remote side's OOB flag is set it means it has
1772 * successfully received our local OOB data - therefore set the
1773 * flag to indicate that local OOB is in use.
1774 */
58428563
JH		 1775 if (req->oob_flag == SMP_OOB_PRESENT)
1776 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1777
b5ae344d
JH		 1778 /* SMP over BR/EDR requires special treatment */
1779 if (conn->hcon->type == ACL_LINK) {
1780 /* We must have a BR/EDR SC link */
08f63cc5 1781 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1782 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1783 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1784
1785 set_bit(SMP_FLAG_SC, &smp->flags);
1786
1787 build_bredr_pairing_cmd(smp, req, &rsp);
1788
a62da6f1
JH		 1789 if (req->auth_req & SMP_AUTH_CT2)
1790 set_bit(SMP_FLAG_CT2, &smp->flags);
1791
b5ae344d
JH		 1792 key_size = min(req->max_key_size, rsp.max_key_size);
1793 if (check_enc_key_size(conn, key_size))
1794 return SMP_ENC_KEY_SIZE;
1795
1796 /* Clear bits which are generated but not distributed */
1797 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1798
1799 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1800 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1801 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1802
1803 smp_distribute_keys(smp);
1804 return 0;
1805 }
1806
5e3d3d9b
JH		 1807 build_pairing_cmd(conn, req, &rsp, auth);
1808
a62da6f1 1809 if (rsp.auth_req & SMP_AUTH_SC) {
5e3d3d9b
JH		 1810 set_bit(SMP_FLAG_SC, &smp->flags);
1811
a62da6f1
JH		 1812 if (rsp.auth_req & SMP_AUTH_CT2)
1813 set_bit(SMP_FLAG_CT2, &smp->flags);
1814 }
1815
5be5e275 1816 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1817 sec_level = BT_SECURITY_MEDIUM;
1818 else
1819 sec_level = authreq_to_seclevel(auth);
1820
c7262e71
JH		 1821 if (sec_level > conn->hcon->pending_sec_level)
1822 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1823
49c922bb 1824 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1825 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1826 u8 method;
1827
1828 method = get_auth_method(smp, conn->hcon->io_capability,
1829 req->io_capability);
1830 if (method == JUST_WORKS || method == JUST_CFM)
1831 return SMP_AUTH_REQUIREMENTS;
1832 }
1833
3158c50c
VCG		 1834 key_size = min(req->max_key_size, rsp.max_key_size);
1835 if (check_enc_key_size(conn, key_size))
1836 return SMP_ENC_KEY_SIZE;
88ba43b6 1837
e84a6b13 1838 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1839
1c1def09
VCG		 1840 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1841 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1842
3158c50c 1843 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1844
1845 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1846
19c5ce9c
JH		 1847 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1848 * SC case, however some implementations incorrectly copy RFU auth
1849 * req bits from our security request, which may create a false
1850 * positive SC enablement.
1851 */
1852 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1853
3b19146d
JH		 1854 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1855 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1856 /* Clear bits which are generated but not distributed */
1857 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1858 /* Wait for Public Key from Initiating Device */
1859 return 0;
3b19146d 1860 }
da85e5e5 1861
2b64d153
BG		 1862 /* Request setup of TK */
1863 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1864 if (ret)
1865 return SMP_UNSPECIFIED;
1866
da85e5e5 1867 return 0;
88ba43b6
AB		 1868}
1869
3b19146d
JH		 1870static u8 sc_send_public_key(struct smp_chan *smp)
1871{
70157ef5
JH		 1872 struct hci_dev *hdev = smp->conn->hcon->hdev;
1873
3b19146d
JH		 1874 BT_DBG("");
1875
1a8bab4f 1876 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
33d0c030
MH		 1877 struct l2cap_chan *chan = hdev->smp_data;
1878 struct smp_dev *smp_dev;
1879
1880 if (!chan || !chan->data)
1881 return SMP_UNSPECIFIED;
1882
1883 smp_dev = chan->data;
1884
1885 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1886 memcpy(smp->local_sk, smp_dev->local_sk, 32);
fb334fee 1887 memcpy(smp->lr, smp_dev->local_rand, 16);
33d0c030
MH		 1888
1889 if (smp_dev->debug_key)
1890 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1891
1892 goto done;
1893 }
1894
d7a5a11d 1895 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1896 BT_DBG("Using debug keys");
1897 memcpy(smp->local_pk, debug_pk, 64);
1898 memcpy(smp->local_sk, debug_sk, 32);
1899 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1900 } else {
1901 while (true) {
71653eb6
MH		 1902 /* Seed private key with random number */
1903 get_random_bytes(smp->local_sk, 32);
1904
70157ef5 1905 /* Generate local key pair for Secure Connections */
58771c1c 1906 if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
70157ef5 1907 return SMP_UNSPECIFIED;
6c0dcc50 1908
70157ef5
JH		 1909 /* This is unlikely, but we need to check that
1910 * we didn't accidentially generate a debug key.
1911 */
329d8230 1912 if (crypto_memneq(smp->local_sk, debug_sk, 32))
70157ef5
JH		 1913 break;
1914 }
6c0dcc50 1915 }
3b19146d 1916
33d0c030 1917done:
c7a3d57d 1918 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
8e4e2ee5 1919 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
c7a3d57d 1920 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1921
1922 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1923
1924 return 0;
1925}
1926
da85e5e5 1927static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1928{
3158c50c 1929 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1930 struct l2cap_chan *chan = conn->smp;
1931 struct smp_chan *smp = chan->data;
0edb14de 1932 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1933 u8 key_size, auth;
7d24ddcc 1934 int ret;
88ba43b6
AB		 1935
1936 BT_DBG("conn %p", conn);
1937
c46b98be 1938 if (skb->len < sizeof(*rsp))
38e4a915 1939 return SMP_INVALID_PARAMS;
c46b98be 1940
40bef302 1941 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1942 return SMP_CMD_NOTSUPP;
1943
3158c50c
VCG		 1944 skb_pull(skb, sizeof(*rsp));
1945
1c1def09 1946 req = (void *) &smp->preq[1];
da85e5e5 1947
3158c50c
VCG		 1948 key_size = min(req->max_key_size, rsp->max_key_size);
1949 if (check_enc_key_size(conn, key_size))
1950 return SMP_ENC_KEY_SIZE;
1951
0edb14de 1952 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1953
d7a5a11d 1954 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1955 return SMP_AUTH_REQUIREMENTS;
1956
cb06d366
JH		 1957 /* If the remote side's OOB flag is set it means it has
1958 * successfully received our local OOB data - therefore set the
1959 * flag to indicate that local OOB is in use.
1960 */
58428563
JH		 1961 if (rsp->oob_flag == SMP_OOB_PRESENT)
1962 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1963
b5ae344d
JH		 1964 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1965 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1966
1967 /* Update remote key distribution in case the remote cleared
1968 * some bits that we had enabled in our request.
1969 */
1970 smp->remote_key_dist &= rsp->resp_key_dist;
1971
a62da6f1
JH		 1972 if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2))
1973 set_bit(SMP_FLAG_CT2, &smp->flags);
1974
b5ae344d
JH		 1975 /* For BR/EDR this means we're done and can start phase 3 */
1976 if (conn->hcon->type == ACL_LINK) {
1977 /* Clear bits which are generated but not distributed */
1978 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1979 smp_distribute_keys(smp);
1980 return 0;
1981 }
1982
65668776
JH		 1983 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1984 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1985 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1986 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1987
49c922bb 1988 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1989 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1990 u8 method;
1991
1992 method = get_auth_method(smp, req->io_capability,
1993 rsp->io_capability);
1994 if (method == JUST_WORKS || method == JUST_CFM)
1995 return SMP_AUTH_REQUIREMENTS;
1996 }
1997
e84a6b13 1998 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1999
fdcc4bec
JH		 2000 /* Update remote key distribution in case the remote cleared
2001 * some bits that we had enabled in our request.
2002 */
2003 smp->remote_key_dist &= rsp->resp_key_dist;
2004
3b19146d
JH		 2005 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2006 /* Clear bits which are generated but not distributed */
2007 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
2008 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
2009 return sc_send_public_key(smp);
2010 }
2011
c05b9339 2012 auth |= req->auth_req;
2b64d153 2013
476585ec 2014 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 2015 if (ret)
2016 return SMP_UNSPECIFIED;
2017
4a74d658 2018 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 2019
2020 /* Can't compose response until we have been confirmed */
4a74d658 2021 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2022 return smp_confirm(smp);
da85e5e5
VCG		 2023
2024 return 0;
88ba43b6
AB		 2025}
2026
dcee2b32
JH		 2027static u8 sc_check_confirm(struct smp_chan *smp)
2028{
2029 struct l2cap_conn *conn = smp->conn;
2030
2031 BT_DBG("");
2032
38606f14
JH		 2033 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2034 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2035
dcee2b32
JH		 2036 if (conn->hcon->out) {
2037 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2038 smp->prnd);
2039 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2040 }
2041
2042 return 0;
2043}
2044
19c5ce9c
JH		 2045/* Work-around for some implementations that incorrectly copy RFU bits
2046 * from our security request and thereby create the impression that
2047 * we're doing SC when in fact the remote doesn't support it.
2048 */
2049static int fixup_sc_false_positive(struct smp_chan *smp)
2050{
2051 struct l2cap_conn *conn = smp->conn;
2052 struct hci_conn *hcon = conn->hcon;
2053 struct hci_dev *hdev = hcon->hdev;
2054 struct smp_cmd_pairing *req, *rsp;
2055 u8 auth;
2056
2057 /* The issue is only observed when we're in slave role */
2058 if (hcon->out)
2059 return SMP_UNSPECIFIED;
2060
2061 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2062 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2063 return SMP_UNSPECIFIED;
2064 }
2065
2066 BT_ERR("Trying to fall back to legacy SMP");
2067
2068 req = (void *) &smp->preq[1];
2069 rsp = (void *) &smp->prsp[1];
2070
2071 /* Rebuild key dist flags which may have been cleared for SC */
2072 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2073
2074 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2075
2076 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2077 BT_ERR("Failed to fall back to legacy SMP");
2078 return SMP_UNSPECIFIED;
2079 }
2080
2081 clear_bit(SMP_FLAG_SC, &smp->flags);
2082
2083 return 0;
2084}
2085
da85e5e5 2086static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2087{
5d88cc73
JH		 2088 struct l2cap_chan *chan = conn->smp;
2089 struct smp_chan *smp = chan->data;
7d24ddcc 2090
88ba43b6
AB		 2091 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2092
c46b98be 2093 if (skb->len < sizeof(smp->pcnf))
38e4a915 2094 return SMP_INVALID_PARAMS;
c46b98be 2095
1c1def09
VCG		 2096 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2097 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 2098
19c5ce9c
JH		 2099 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2100 int ret;
2101
2102 /* Public Key exchange must happen before any other steps */
2103 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2104 return sc_check_confirm(smp);
2105
2106 BT_ERR("Unexpected SMP Pairing Confirm");
2107
2108 ret = fixup_sc_false_positive(smp);
2109 if (ret)
2110 return ret;
2111 }
dcee2b32 2112
b28b4943 2113 if (conn->hcon->out) {
943a732a
JH		 2114 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2115 smp->prnd);
b28b4943
JH		 2116 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2117 return 0;
2118 }
2119
2120 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2121 return smp_confirm(smp);
983f9814
MH		 2122
2123 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2124
2125 return 0;
88ba43b6
AB		 2126}
2127
da85e5e5 2128static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2129{
5d88cc73
JH		 2130 struct l2cap_chan *chan = conn->smp;
2131 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2132 struct hci_conn *hcon = conn->hcon;
2133 u8 *pkax, *pkbx, *na, *nb;
2134 u32 passkey;
2135 int err;
7d24ddcc 2136
8aab4757 2137 BT_DBG("conn %p", conn);
3158c50c 2138
c46b98be 2139 if (skb->len < sizeof(smp->rrnd))
38e4a915 2140 return SMP_INVALID_PARAMS;
c46b98be 2141
943a732a 2142 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2143 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2144
191dc7fe
JH		 2145 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2146 return smp_random(smp);
2147
580039e8
JH		 2148 if (hcon->out) {
2149 pkax = smp->local_pk;
2150 pkbx = smp->remote_pk;
2151 na = smp->prnd;
2152 nb = smp->rrnd;
2153 } else {
2154 pkax = smp->remote_pk;
2155 pkbx = smp->local_pk;
2156 na = smp->rrnd;
2157 nb = smp->prnd;
2158 }
2159
a29b0733
JH		 2160 if (smp->method == REQ_OOB) {
2161 if (!hcon->out)
2162 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2163 sizeof(smp->prnd), smp->prnd);
2164 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2165 goto mackey_and_ltk;
2166 }
2167
38606f14
JH		 2168 /* Passkey entry has special treatment */
2169 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2170 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2171
191dc7fe
JH		 2172 if (hcon->out) {
2173 u8 cfm[16];
2174
2175 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2176 smp->rrnd, 0, cfm);
2177 if (err)
2178 return SMP_UNSPECIFIED;
2179
329d8230 2180 if (crypto_memneq(smp->pcnf, cfm, 16))
191dc7fe 2181 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2182 } else {
2183 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2184 smp->prnd);
2185 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2186 }
2187
a29b0733 2188mackey_and_ltk:
760b018b
JH		 2189 /* Generate MacKey and LTK */
2190 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2191 if (err)
2192 return SMP_UNSPECIFIED;
2193
a29b0733 2194 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2195 if (hcon->out) {
38606f14 2196 sc_dhkey_check(smp);
dddd3059
JH		 2197 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2198 }
2199 return 0;
2200 }
2201
38606f14
JH		 2202 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2203 if (err)
2204 return SMP_UNSPECIFIED;
2205
2206 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2207 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2208 if (err)
2209 return SMP_UNSPECIFIED;
2210
38606f14
JH		 2211 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2212
191dc7fe 2213 return 0;
88ba43b6
AB		 2214}
2215
f81cd823 2216static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2217{
c9839a11 2218 struct smp_ltk *key;
988c5997
VCG		 2219 struct hci_conn *hcon = conn->hcon;
2220
f3a73d97 2221 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2222 if (!key)
f81cd823 2223 return false;
988c5997 2224
a6f7833c 2225 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2226 return false;
4dab7864 2227
51a8efd7 2228 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2229 return true;
988c5997 2230
8b76ce34 2231 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
c9839a11 2232 hcon->enc_key_size = key->enc_size;
988c5997 2233
fe59a05f
JH		 2234 /* We never store STKs for master role, so clear this flag */
2235 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2236
f81cd823 2237 return true;
988c5997 2238}
f1560463 2239
35dc6f83
JH		 2240bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2241 enum smp_key_pref key_pref)
854f4727
JH		 2242{
2243 if (sec_level == BT_SECURITY_LOW)
2244 return true;
2245
35dc6f83
JH		 2246 /* If we're encrypted with an STK but the caller prefers using
2247 * LTK claim insufficient security. This way we allow the
2248 * connection to be re-encrypted with an LTK, even if the LTK
2249 * provides the same level of security. Only exception is if we
2250 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2251 */
35dc6f83
JH		 2252 if (key_pref == SMP_USE_LTK &&
2253 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2254 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2255 return false;
2256
854f4727
JH		 2257 if (hcon->sec_level >= sec_level)
2258 return true;
2259
2260 return false;
2261}
2262
da85e5e5 2263static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2264{
2265 struct smp_cmd_security_req *rp = (void *) skb->data;
2266 struct smp_cmd_pairing cp;
f1cb9af5 2267 struct hci_conn *hcon = conn->hcon;
0edb14de 2268 struct hci_dev *hdev = hcon->hdev;
8aab4757 2269 struct smp_chan *smp;
c05b9339 2270 u8 sec_level, auth;
88ba43b6
AB		 2271
2272 BT_DBG("conn %p", conn);
2273
c46b98be 2274 if (skb->len < sizeof(*rp))
38e4a915 2275 return SMP_INVALID_PARAMS;
c46b98be 2276
40bef302 2277 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2278 return SMP_CMD_NOTSUPP;
2279
0edb14de 2280 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2281
d7a5a11d 2282 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2283 return SMP_AUTH_REQUIREMENTS;
2284
5be5e275 2285 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2286 sec_level = BT_SECURITY_MEDIUM;
2287 else
2288 sec_level = authreq_to_seclevel(auth);
2289
35dc6f83 2290 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2291 return 0;
2292
c7262e71
JH		 2293 if (sec_level > hcon->pending_sec_level)
2294 hcon->pending_sec_level = sec_level;
feb45eb5 2295
4dab7864 2296 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2297 return 0;
2298
8aab4757 2299 smp = smp_chan_create(conn);
c29d2444
JH		 2300 if (!smp)
2301 return SMP_UNSPECIFIED;
d26a2345 2302
d7a5a11d 2303 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2304 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2305 return SMP_PAIRING_NOTSUPP;
2306
88ba43b6 2307 skb_pull(skb, sizeof(*rp));
88ba43b6 2308
da85e5e5 2309 memset(&cp, 0, sizeof(cp));
c05b9339 2310 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2311
1c1def09
VCG		 2312 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2313 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2314
88ba43b6 2315 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2316 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2317
da85e5e5 2318 return 0;
88ba43b6
AB		 2319}
2320
cc110922 2321int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2322{
cc110922 2323 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2324 struct l2cap_chan *chan;
0a66cf20 2325 struct smp_chan *smp;
2b64d153 2326 __u8 authreq;
fc75cc86 2327 int ret;
eb492e01 2328
3a0259bb
VCG		 2329 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2330
0a66cf20
JH		 2331 /* This may be NULL if there's an unexpected disconnection */
2332 if (!conn)
2333 return 1;
2334
d7a5a11d 2335 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2336 return 1;
2337
35dc6f83 2338 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2339 return 1;
f1cb9af5 2340
c7262e71
JH		 2341 if (sec_level > hcon->pending_sec_level)
2342 hcon->pending_sec_level = sec_level;
2343
40bef302 2344 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2345 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2346 return 0;
d26a2345 2347
d8949aad
JH		 2348 chan = conn->smp;
2349 if (!chan) {
2350 BT_ERR("SMP security requested but not available");
2351 return 1;
2352 }
2353
fc75cc86
JH		 2354 l2cap_chan_lock(chan);
2355
2356 /* If SMP is already in progress ignore this request */
2357 if (chan->data) {
2358 ret = 0;
2359 goto unlock;
2360 }
d26a2345 2361
8aab4757 2362 smp = smp_chan_create(conn);
fc75cc86
JH		 2363 if (!smp) {
2364 ret = 1;
2365 goto unlock;
2366 }
2b64d153
BG		 2367
2368 authreq = seclevel_to_authreq(sec_level);
d26a2345 2369
a62da6f1 2370 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {
d2eb9e10 2371 authreq |= SMP_AUTH_SC;
a62da6f1
JH		 2372 if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))
2373 authreq |= SMP_AUTH_CT2;
2374 }
d2eb9e10 2375
79897d20
JH		 2376 /* Require MITM if IO Capability allows or the security level
2377 * requires it.
2e233644 2378 */
79897d20 2379 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2380 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2381 authreq |= SMP_AUTH_MITM;
2382
40bef302 2383 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2384 struct smp_cmd_pairing cp;
f01ead31 2385
2b64d153 2386 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2387 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2388 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2389
eb492e01 2390 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2391 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2392 } else {
2393 struct smp_cmd_security_req cp;
2b64d153 2394 cp.auth_req = authreq;
eb492e01 2395 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2396 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2397 }
2398
4a74d658 2399 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2400 ret = 0;
edca792c 2401
fc75cc86
JH		 2402unlock:
2403 l2cap_chan_unlock(chan);
2404 return ret;
eb492e01
AB		 2405}
2406
c81d555a
JH		 2407void smp_cancel_pairing(struct hci_conn *hcon)
2408{
2409 struct l2cap_conn *conn = hcon->l2cap_data;
2410 struct l2cap_chan *chan;
2411 struct smp_chan *smp;
2412
2413 if (!conn)
2414 return;
2415
2416 chan = conn->smp;
2417 if (!chan)
2418 return;
2419
2420 l2cap_chan_lock(chan);
2421
2422 smp = chan->data;
2423 if (smp) {
2424 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2425 smp_failure(conn, 0);
2426 else
2427 smp_failure(conn, SMP_UNSPECIFIED);
2428 }
2429
2430 l2cap_chan_unlock(chan);
2431}
2432
7034b911
VCG		 2433static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2434{
16b90839 2435 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2436 struct l2cap_chan *chan = conn->smp;
2437 struct smp_chan *smp = chan->data;
16b90839 2438
c46b98be
JH		 2439 BT_DBG("conn %p", conn);
2440
2441 if (skb->len < sizeof(*rp))
38e4a915 2442 return SMP_INVALID_PARAMS;
c46b98be 2443
b28b4943 2444 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2445
16b90839
VCG		 2446 skb_pull(skb, sizeof(*rp));
2447
1c1def09 2448 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2449
7034b911
VCG		 2450 return 0;
2451}
2452
2453static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2454{
16b90839 2455 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2456 struct l2cap_chan *chan = conn->smp;
2457 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2458 struct hci_dev *hdev = conn->hcon->hdev;
2459 struct hci_conn *hcon = conn->hcon;
23d0e128 2460 struct smp_ltk *ltk;
c9839a11 2461 u8 authenticated;
16b90839 2462
c46b98be
JH		 2463 BT_DBG("conn %p", conn);
2464
2465 if (skb->len < sizeof(*rp))
38e4a915 2466 return SMP_INVALID_PARAMS;
c46b98be 2467
9747a9f3
JH		 2468 /* Mark the information as received */
2469 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2470
b28b4943
JH		 2471 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2472 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2473 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2474 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2475
16b90839 2476 skb_pull(skb, sizeof(*rp));
7034b911 2477
ce39fb4e 2478 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2479 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2480 authenticated, smp->tk, smp->enc_key_size,
2481 rp->ediv, rp->rand);
2482 smp->ltk = ltk;
c6e81e9a 2483 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2484 smp_distribute_keys(smp);
7034b911
VCG		 2485
2486 return 0;
2487}
2488
fd349c02
JH		 2489static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2490{
2491 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2492 struct l2cap_chan *chan = conn->smp;
2493 struct smp_chan *smp = chan->data;
fd349c02
JH		 2494
2495 BT_DBG("");
2496
2497 if (skb->len < sizeof(*info))
38e4a915 2498 return SMP_INVALID_PARAMS;
fd349c02 2499
b28b4943 2500 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2501
fd349c02
JH		 2502 skb_pull(skb, sizeof(*info));
2503
2504 memcpy(smp->irk, info->irk, 16);
2505
2506 return 0;
2507}
2508
2509static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2510 struct sk_buff *skb)
2511{
2512 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2513 struct l2cap_chan *chan = conn->smp;
2514 struct smp_chan *smp = chan->data;
fd349c02
JH		 2515 struct hci_conn *hcon = conn->hcon;
2516 bdaddr_t rpa;
2517
2518 BT_DBG("");
2519
2520 if (skb->len < sizeof(*info))
38e4a915 2521 return SMP_INVALID_PARAMS;
fd349c02 2522
9747a9f3
JH		 2523 /* Mark the information as received */
2524 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2525
b28b4943
JH		 2526 if (smp->remote_key_dist & SMP_DIST_SIGN)
2527 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2528
fd349c02
JH		 2529 skb_pull(skb, sizeof(*info));
2530
a9a58f86
JH		 2531 /* Strictly speaking the Core Specification (4.1) allows sending
2532 * an empty address which would force us to rely on just the IRK
2533 * as "identity information". However, since such
2534 * implementations are not known of and in order to not over
2535 * complicate our implementation, simply pretend that we never
2536 * received an IRK for such a device.
e12af489
JH		 2537 *
2538 * The Identity Address must also be a Static Random or Public
2539 * Address, which hci_is_identity_address() checks for.
a9a58f86 2540 */
e12af489
JH		 2541 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2542 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2543 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2544 goto distribute;
a9a58f86
JH		 2545 }
2546
fd349c02
JH		 2547 bacpy(&smp->id_addr, &info->bdaddr);
2548 smp->id_addr_type = info->addr_type;
2549
2550 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2551 bacpy(&rpa, &hcon->dst);
2552 else
2553 bacpy(&rpa, BDADDR_ANY);
2554
23d0e128
JH		 2555 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2556 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2557
31dd624e 2558distribute:
c6e81e9a
JH		 2559 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2560 smp_distribute_keys(smp);
fd349c02
JH		 2561
2562 return 0;
2563}
2564
7ee4ea36
MH		 2565static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2566{
2567 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2568 struct l2cap_chan *chan = conn->smp;
2569 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2570 struct smp_csrk *csrk;
2571
2572 BT_DBG("conn %p", conn);
2573
2574 if (skb->len < sizeof(*rp))
38e4a915 2575 return SMP_INVALID_PARAMS;
7ee4ea36 2576
7ee4ea36
MH		 2577 /* Mark the information as received */
2578 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2579
2580 skb_pull(skb, sizeof(*rp));
2581
7ee4ea36
MH		 2582 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2583 if (csrk) {
4cd3928a
JH		 2584 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2585 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2586 else
2587 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2588 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2589 }
2590 smp->csrk = csrk;
d6268e86 2591 smp_distribute_keys(smp);
7ee4ea36
MH		 2592
2593 return 0;
2594}
2595
5e3d3d9b
JH		 2596static u8 sc_select_method(struct smp_chan *smp)
2597{
2598 struct l2cap_conn *conn = smp->conn;
2599 struct hci_conn *hcon = conn->hcon;
2600 struct smp_cmd_pairing *local, *remote;
2601 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2602
1a8bab4f
JH		 2603 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2604 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
a29b0733
JH		 2605 return REQ_OOB;
2606
5e3d3d9b
JH		 2607 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2608 * which are needed as inputs to some crypto functions. To get
2609 * the "struct smp_cmd_pairing" from them we need to skip the
2610 * first byte which contains the opcode.
2611 */
2612 if (hcon->out) {
2613 local = (void *) &smp->preq[1];
2614 remote = (void *) &smp->prsp[1];
2615 } else {
2616 local = (void *) &smp->prsp[1];
2617 remote = (void *) &smp->preq[1];
2618 }
2619
2620 local_io = local->io_capability;
2621 remote_io = remote->io_capability;
2622
2623 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2624 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2625
2626 /* If either side wants MITM, look up the method from the table,
2627 * otherwise use JUST WORKS.
2628 */
2629 if (local_mitm || remote_mitm)
2630 method = get_auth_method(smp, local_io, remote_io);
2631 else
2632 method = JUST_WORKS;
2633
2634 /* Don't confirm locally initiated pairing attempts */
2635 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2636 method = JUST_WORKS;
2637
2638 return method;
2639}
2640
d8f8edbe
JH		 2641static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2642{
2643 struct smp_cmd_public_key *key = (void *) skb->data;
2644 struct hci_conn *hcon = conn->hcon;
2645 struct l2cap_chan *chan = conn->smp;
2646 struct smp_chan *smp = chan->data;
5e3d3d9b 2647 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2648 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2649 int err;
2650
2651 BT_DBG("conn %p", conn);
2652
2653 if (skb->len < sizeof(*key))
2654 return SMP_INVALID_PARAMS;
2655
2656 memcpy(smp->remote_pk, key, 64);
2657
a8ca617c
JH		 2658 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2659 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2660 smp->rr, 0, cfm.confirm_val);
2661 if (err)
2662 return SMP_UNSPECIFIED;
2663
329d8230 2664 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
a8ca617c
JH		 2665 return SMP_CONFIRM_FAILED;
2666 }
2667
d8f8edbe
JH		 2668 /* Non-initiating device sends its public key after receiving
2669 * the key from the initiating device.
2670 */
2671 if (!hcon->out) {
2672 err = sc_send_public_key(smp);
2673 if (err)
2674 return err;
2675 }
2676
c7a3d57d 2677 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
e091526d 2678 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
d8f8edbe 2679
58771c1c 2680 if (!compute_ecdh_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
d8f8edbe
JH		 2681 return SMP_UNSPECIFIED;
2682
c7a3d57d 2683 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2684
2685 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2686
5e3d3d9b
JH		 2687 smp->method = sc_select_method(smp);
2688
2689 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2690
2691 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2692 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2693 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2694 else
2695 hcon->pending_sec_level = BT_SECURITY_FIPS;
2696
329d8230 2697 if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
aeb7d461
JH		 2698 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2699
38606f14
JH		 2700 if (smp->method == DSP_PASSKEY) {
2701 get_random_bytes(&hcon->passkey_notify,
2702 sizeof(hcon->passkey_notify));
2703 hcon->passkey_notify %= 1000000;
2704 hcon->passkey_entered = 0;
2705 smp->passkey_round = 0;
2706 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2707 hcon->dst_type,
2708 hcon->passkey_notify,
2709 hcon->passkey_entered))
2710 return SMP_UNSPECIFIED;
2711 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2712 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2713 }
2714
94ea7257 2715 if (smp->method == REQ_OOB) {
a29b0733
JH		 2716 if (hcon->out)
2717 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2718 sizeof(smp->prnd), smp->prnd);
2719
2720 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2721
2722 return 0;
2723 }
2724
38606f14
JH		 2725 if (hcon->out)
2726 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2727
2728 if (smp->method == REQ_PASSKEY) {
2729 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2730 hcon->dst_type))
2731 return SMP_UNSPECIFIED;
2732 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2733 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2734 return 0;
2735 }
2736
cbbbe3e2
JH		 2737 /* The Initiating device waits for the non-initiating device to
2738 * send the confirm value.
2739 */
2740 if (conn->hcon->out)
2741 return 0;
2742
2743 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2744 0, cfm.confirm_val);
2745 if (err)
2746 return SMP_UNSPECIFIED;
2747
2748 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2749 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2750
d8f8edbe
JH		 2751 return 0;
2752}
2753
6433a9a2
JH		 2754static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2755{
2756 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2757 struct l2cap_chan *chan = conn->smp;
2758 struct hci_conn *hcon = conn->hcon;
2759 struct smp_chan *smp = chan->data;
2760 u8 a[7], b[7], *local_addr, *remote_addr;
2761 u8 io_cap[3], r[16], e[16];
2762 int err;
2763
2764 BT_DBG("conn %p", conn);
2765
2766 if (skb->len < sizeof(*check))
2767 return SMP_INVALID_PARAMS;
2768
2769 memcpy(a, &hcon->init_addr, 6);
2770 memcpy(b, &hcon->resp_addr, 6);
2771 a[6] = hcon->init_addr_type;
2772 b[6] = hcon->resp_addr_type;
2773
2774 if (hcon->out) {
2775 local_addr = a;
2776 remote_addr = b;
2777 memcpy(io_cap, &smp->prsp[1], 3);
2778 } else {
2779 local_addr = b;
2780 remote_addr = a;
2781 memcpy(io_cap, &smp->preq[1], 3);
2782 }
2783
2784 memset(r, 0, sizeof(r));
2785
38606f14
JH		 2786 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2787 put_unaligned_le32(hcon->passkey_notify, r);
882fafad
JH		 2788 else if (smp->method == REQ_OOB)
2789 memcpy(r, smp->lr, 16);
38606f14 2790
6433a9a2
JH		 2791 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2792 io_cap, remote_addr, local_addr, e);
2793 if (err)
2794 return SMP_UNSPECIFIED;
2795
329d8230 2796 if (crypto_memneq(check->e, e, 16))
6433a9a2
JH		 2797 return SMP_DHKEY_CHECK_FAILED;
2798
d3e54a87
JH		 2799 if (!hcon->out) {
2800 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2801 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2802 return 0;
2803 }
d378a2d7 2804
d3e54a87
JH		 2805 /* Slave sends DHKey check as response to master */
2806 sc_dhkey_check(smp);
2807 }
d378a2d7 2808
d3e54a87 2809 sc_add_ltk(smp);
6433a9a2
JH		 2810
2811 if (hcon->out) {
8b76ce34 2812 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
6433a9a2
JH		 2813 hcon->enc_key_size = smp->enc_key_size;
2814 }
2815
2816 return 0;
2817}
2818
1408bb6e
JH		 2819static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2820 struct sk_buff *skb)
2821{
2822 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2823
2824 BT_DBG("value 0x%02x", kp->value);
2825
2826 return 0;
2827}
2828
4befb867 2829static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2830{
5d88cc73 2831 struct l2cap_conn *conn = chan->conn;
7b9899db 2832 struct hci_conn *hcon = conn->hcon;
b28b4943 2833 struct smp_chan *smp;
92381f5c 2834 __u8 code, reason;
eb492e01
AB		 2835 int err = 0;
2836
8ae9b984 2837 if (skb->len < 1)
92381f5c 2838 return -EILSEQ;
92381f5c 2839
d7a5a11d 2840 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2841 reason = SMP_PAIRING_NOTSUPP;
2842 goto done;
2843 }
2844
92381f5c 2845 code = skb->data[0];
eb492e01
AB		 2846 skb_pull(skb, sizeof(code));
2847
b28b4943
JH		 2848 smp = chan->data;
2849
2850 if (code > SMP_CMD_MAX)
2851 goto drop;
2852
24bd0bd9 2853 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2854 goto drop;
2855
2856 /* If we don't have a context the only allowed commands are
2857 * pairing request and security request.
8cf9fa12 2858 */
b28b4943
JH		 2859 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2860 goto drop;
8cf9fa12 2861
eb492e01
AB		 2862 switch (code) {
2863 case SMP_CMD_PAIRING_REQ:
da85e5e5 2864 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2865 break;
2866
2867 case SMP_CMD_PAIRING_FAIL:
84794e11 2868 smp_failure(conn, 0);
da85e5e5 2869 err = -EPERM;
eb492e01
AB		 2870 break;
2871
2872 case SMP_CMD_PAIRING_RSP:
da85e5e5 2873 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2874 break;
2875
2876 case SMP_CMD_SECURITY_REQ:
da85e5e5 2877 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2878 break;
2879
eb492e01 2880 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2881 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2882 break;
2883
eb492e01 2884 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2885 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2886 break;
2887
eb492e01 2888 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2889 reason = smp_cmd_encrypt_info(conn, skb);
2890 break;
2891
eb492e01 2892 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2893 reason = smp_cmd_master_ident(conn, skb);
2894 break;
2895
eb492e01 2896 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2897 reason = smp_cmd_ident_info(conn, skb);
2898 break;
2899
eb492e01 2900 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2901 reason = smp_cmd_ident_addr_info(conn, skb);
2902 break;
2903
eb492e01 2904 case SMP_CMD_SIGN_INFO:
7ee4ea36 2905 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2906 break;
2907
d8f8edbe
JH		 2908 case SMP_CMD_PUBLIC_KEY:
2909 reason = smp_cmd_public_key(conn, skb);
2910 break;
2911
6433a9a2
JH		 2912 case SMP_CMD_DHKEY_CHECK:
2913 reason = smp_cmd_dhkey_check(conn, skb);
2914 break;
2915
1408bb6e
JH		 2916 case SMP_CMD_KEYPRESS_NOTIFY:
2917 reason = smp_cmd_keypress_notify(conn, skb);
2918 break;
2919
eb492e01
AB		 2920 default:
2921 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2922 reason = SMP_CMD_NOTSUPP;
3a0259bb 2923 goto done;
eb492e01
AB		 2924 }
2925
3a0259bb 2926done:
9b7b18ef
JH		 2927 if (!err) {
2928 if (reason)
2929 smp_failure(conn, reason);
8ae9b984 2930 kfree_skb(skb);
9b7b18ef
JH		 2931 }
2932
eb492e01 2933 return err;
b28b4943
JH		 2934
2935drop:
2936 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2937 code, &hcon->dst);
2938 kfree_skb(skb);
2939 return 0;
eb492e01 2940}
7034b911 2941
70db83c4
JH		 2942static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2943{
2944 struct l2cap_conn *conn = chan->conn;
2945
2946 BT_DBG("chan %p", chan);
2947
fc75cc86 2948 if (chan->data)
5d88cc73 2949 smp_chan_destroy(conn);
5d88cc73 2950
70db83c4
JH		 2951 conn->smp = NULL;
2952 l2cap_chan_put(chan);
2953}
2954
b5ae344d
JH		 2955static void bredr_pairing(struct l2cap_chan *chan)
2956{
2957 struct l2cap_conn *conn = chan->conn;
2958 struct hci_conn *hcon = conn->hcon;
2959 struct hci_dev *hdev = hcon->hdev;
2960 struct smp_cmd_pairing req;
2961 struct smp_chan *smp;
2962
2963 BT_DBG("chan %p", chan);
2964
2965 /* Only new pairings are interesting */
2966 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2967 return;
2968
2969 /* Don't bother if we're not encrypted */
2970 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2971 return;
2972
2973 /* Only master may initiate SMP over BR/EDR */
2974 if (hcon->role != HCI_ROLE_MASTER)
2975 return;
2976
2977 /* Secure Connections support must be enabled */
d7a5a11d 2978 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 2979 return;
2980
2981 /* BR/EDR must use Secure Connections for SMP */
2982 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 2983 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 2984 return;
2985
2986 /* If our LE support is not enabled don't do anything */
d7a5a11d 2987 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 2988 return;
2989
2990 /* Don't bother if remote LE support is not enabled */
2991 if (!lmp_host_le_capable(hcon))
2992 return;
2993
2994 /* Remote must support SMP fixed chan for BR/EDR */
2995 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2996 return;
2997
2998 /* Don't bother if SMP is already ongoing */
2999 if (chan->data)
3000 return;
3001
3002 smp = smp_chan_create(conn);
3003 if (!smp) {
3004 BT_ERR("%s unable to create SMP context for BR/EDR",
3005 hdev->name);
3006 return;
3007 }
3008
3009 set_bit(SMP_FLAG_SC, &smp->flags);
3010
3011 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
3012
3013 /* Prepare and send the BR/EDR SMP Pairing Request */
3014 build_bredr_pairing_cmd(smp, &req, NULL);
3015
3016 smp->preq[0] = SMP_CMD_PAIRING_REQ;
3017 memcpy(&smp->preq[1], &req, sizeof(req));
3018
3019 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
3020 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
3021}
3022
44f1a7ab
JH		 3023static void smp_resume_cb(struct l2cap_chan *chan)
3024{
b68fda68 3025 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 3026 struct l2cap_conn *conn = chan->conn;
3027 struct hci_conn *hcon = conn->hcon;
3028
3029 BT_DBG("chan %p", chan);
3030
b5ae344d
JH		 3031 if (hcon->type == ACL_LINK) {
3032 bredr_pairing(chan);
ef8efe4b 3033 return;
b5ae344d 3034 }
ef8efe4b 3035
86d1407c
JH		 3036 if (!smp)
3037 return;
b68fda68 3038
84bc0db5
JH		 3039 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3040 return;
3041
86d1407c
JH		 3042 cancel_delayed_work(&smp->security_timer);
3043
d6268e86 3044 smp_distribute_keys(smp);
44f1a7ab
JH		 3045}
3046
70db83c4
JH		 3047static void smp_ready_cb(struct l2cap_chan *chan)
3048{
3049 struct l2cap_conn *conn = chan->conn;
b5ae344d 3050 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 3051
3052 BT_DBG("chan %p", chan);
3053
7883746b
JH		 3054 /* No need to call l2cap_chan_hold() here since we already own
3055 * the reference taken in smp_new_conn_cb(). This is just the
3056 * first time that we tie it to a specific pointer. The code in
3057 * l2cap_core.c ensures that there's no risk this function wont
3058 * get called if smp_new_conn_cb was previously called.
3059 */
70db83c4 3060 conn->smp = chan;
b5ae344d
JH		 3061
3062 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3063 bredr_pairing(chan);
70db83c4
JH		 3064}
3065
4befb867
JH		 3066static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3067{
3068 int err;
3069
3070 BT_DBG("chan %p", chan);
3071
3072 err = smp_sig_channel(chan, skb);
3073 if (err) {
b68fda68 3074 struct smp_chan *smp = chan->data;
4befb867 3075
b68fda68
JH		 3076 if (smp)
3077 cancel_delayed_work_sync(&smp->security_timer);
4befb867 3078
1e91c29e 3079 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 3080 }
3081
3082 return err;
3083}
3084
70db83c4
JH		 3085static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3086 unsigned long hdr_len,
3087 unsigned long len, int nb)
3088{
3089 struct sk_buff *skb;
3090
3091 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3092 if (!skb)
3093 return ERR_PTR(-ENOMEM);
3094
3095 skb->priority = HCI_PRIO_MAX;
a4368ff3 3096 bt_cb(skb)->l2cap.chan = chan;
70db83c4
JH		 3097
3098 return skb;
3099}
3100
3101static const struct l2cap_ops smp_chan_ops = {
3102 .name = "Security Manager",
3103 .ready = smp_ready_cb,
5d88cc73 3104 .recv = smp_recv_cb,
70db83c4
JH		 3105 .alloc_skb = smp_alloc_skb_cb,
3106 .teardown = smp_teardown_cb,
44f1a7ab 3107 .resume = smp_resume_cb,
70db83c4
JH		 3108
3109 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 3110 .state_change = l2cap_chan_no_state_change,
3111 .close = l2cap_chan_no_close,
3112 .defer = l2cap_chan_no_defer,
3113 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 3114 .set_shutdown = l2cap_chan_no_set_shutdown,
3115 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3116};
3117
3118static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3119{
3120 struct l2cap_chan *chan;
3121
3122 BT_DBG("pchan %p", pchan);
3123
3124 chan = l2cap_chan_create();
3125 if (!chan)
3126 return NULL;
3127
3128 chan->chan_type = pchan->chan_type;
3129 chan->ops = &smp_chan_ops;
3130 chan->scid = pchan->scid;
3131 chan->dcid = chan->scid;
3132 chan->imtu = pchan->imtu;
3133 chan->omtu = pchan->omtu;
3134 chan->mode = pchan->mode;
3135
abe84903
JH		 3136 /* Other L2CAP channels may request SMP routines in order to
3137 * change the security level. This means that the SMP channel
3138 * lock must be considered in its own category to avoid lockdep
3139 * warnings.
3140 */
3141 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3142
70db83c4
JH		 3143 BT_DBG("created chan %p", chan);
3144
3145 return chan;
3146}
3147
3148static const struct l2cap_ops smp_root_chan_ops = {
3149 .name = "Security Manager Root",
3150 .new_connection = smp_new_conn_cb,
3151
3152 /* None of these are implemented for the root channel */
3153 .close = l2cap_chan_no_close,
3154 .alloc_skb = l2cap_chan_no_alloc_skb,
3155 .recv = l2cap_chan_no_recv,
3156 .state_change = l2cap_chan_no_state_change,
3157 .teardown = l2cap_chan_no_teardown,
3158 .ready = l2cap_chan_no_ready,
3159 .defer = l2cap_chan_no_defer,
3160 .suspend = l2cap_chan_no_suspend,
3161 .resume = l2cap_chan_no_resume,
3162 .set_shutdown = l2cap_chan_no_set_shutdown,
3163 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3164};
3165
ef8efe4b 3166static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3167{
70db83c4 3168 struct l2cap_chan *chan;
88a479d9 3169 struct smp_dev *smp;
a4770e11 3170 struct crypto_cipher *tfm_aes;
71af2f6b 3171 struct crypto_shash *tfm_cmac;
70db83c4 3172
ef8efe4b 3173 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3174 smp = NULL;
ef8efe4b
JH		 3175 goto create_chan;
3176 }
711eafe3 3177
88a479d9
MH		 3178 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3179 if (!smp)
3180 return ERR_PTR(-ENOMEM);
3181
a4770e11 3182 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
defce9e8 3183 if (IS_ERR(tfm_aes)) {
a4770e11 3184 BT_ERR("Unable to create AES crypto context");
88a479d9 3185 kzfree(smp);
fe700771 3186 return ERR_CAST(tfm_aes);
711eafe3
JH		 3187 }
3188
71af2f6b 3189 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
6e2dc6d1
MH		 3190 if (IS_ERR(tfm_cmac)) {
3191 BT_ERR("Unable to create CMAC crypto context");
a4770e11 3192 crypto_free_cipher(tfm_aes);
6e2dc6d1
MH		 3193 kzfree(smp);
3194 return ERR_CAST(tfm_cmac);
3195 }
3196
88a479d9 3197 smp->tfm_aes = tfm_aes;
6e2dc6d1 3198 smp->tfm_cmac = tfm_cmac;
b1f663c9 3199 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
2fd36558 3200 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
88a479d9 3201
ef8efe4b 3202create_chan:
70db83c4
JH		 3203 chan = l2cap_chan_create();
3204 if (!chan) {
63511f6d 3205 if (smp) {
a4770e11 3206 crypto_free_cipher(smp->tfm_aes);
71af2f6b 3207 crypto_free_shash(smp->tfm_cmac);
63511f6d
MH		 3208 kzfree(smp);
3209 }
ef8efe4b 3210 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3211 }
3212
88a479d9 3213 chan->data = smp;
defce9e8 3214
ef8efe4b 3215 l2cap_add_scid(chan, cid);
70db83c4
JH		 3216
3217 l2cap_chan_set_defaults(chan);
3218
157029ba 3219 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3220 u8 bdaddr_type;
3221
3222 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3223
3224 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3225 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3226 else
3227 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3228 } else {
3229 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3230 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3231 }
3232
70db83c4
JH		 3233 chan->state = BT_LISTEN;
3234 chan->mode = L2CAP_MODE_BASIC;
3235 chan->imtu = L2CAP_DEFAULT_MTU;
3236 chan->ops = &smp_root_chan_ops;
3237
abe84903
JH		 3238 /* Set correct nesting level for a parent/listening channel */
3239 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3240
ef8efe4b 3241 return chan;
711eafe3
JH		 3242}
3243
ef8efe4b 3244static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3245{
88a479d9 3246 struct smp_dev *smp;
70db83c4 3247
ef8efe4b 3248 BT_DBG("chan %p", chan);
711eafe3 3249
88a479d9
MH		 3250 smp = chan->data;
3251 if (smp) {
defce9e8 3252 chan->data = NULL;
a4770e11 3253 crypto_free_cipher(smp->tfm_aes);
71af2f6b 3254 crypto_free_shash(smp->tfm_cmac);
88a479d9 3255 kzfree(smp);
711eafe3 3256 }
70db83c4 3257
70db83c4 3258 l2cap_chan_put(chan);
711eafe3 3259}
ef8efe4b 3260
300acfde
MH		 3261static ssize_t force_bredr_smp_read(struct file *file,
3262 char __user *user_buf,
3263 size_t count, loff_t *ppos)
3264{
3265 struct hci_dev *hdev = file->private_data;
3266 char buf[3];
3267
b7cb93e5 3268 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3269 buf[1] = '\n';
3270 buf[2] = '\0';
3271 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3272}
3273
3274static ssize_t force_bredr_smp_write(struct file *file,
3275 const char __user *user_buf,
3276 size_t count, loff_t *ppos)
3277{
3278 struct hci_dev *hdev = file->private_data;
3279 char buf[32];
3280 size_t buf_size = min(count, (sizeof(buf)-1));
3281 bool enable;
3282
3283 if (copy_from_user(buf, user_buf, buf_size))
3284 return -EFAULT;
3285
3286 buf[buf_size] = '\0';
3287 if (strtobool(buf, &enable))
3288 return -EINVAL;
3289
b7cb93e5 3290 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3291 return -EALREADY;
3292
3293 if (enable) {
3294 struct l2cap_chan *chan;
3295
3296 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3297 if (IS_ERR(chan))
3298 return PTR_ERR(chan);
3299
3300 hdev->smp_bredr_data = chan;
3301 } else {
3302 struct l2cap_chan *chan;
3303
3304 chan = hdev->smp_bredr_data;
3305 hdev->smp_bredr_data = NULL;
3306 smp_del_chan(chan);
3307 }
3308
b7cb93e5 3309 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3310
3311 return count;
3312}
3313
3314static const struct file_operations force_bredr_smp_fops = {
3315 .open = simple_open,
3316 .read = force_bredr_smp_read,
3317 .write = force_bredr_smp_write,
3318 .llseek = default_llseek,
3319};
3320
b1f663c9
JH		 3321static ssize_t le_min_key_size_read(struct file *file,
3322 char __user *user_buf,
3323 size_t count, loff_t *ppos)
3324{
3325 struct hci_dev *hdev = file->private_data;
3326 char buf[4];
3327
3328 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3329
3330 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3331}
3332
3333static ssize_t le_min_key_size_write(struct file *file,
3334 const char __user *user_buf,
3335 size_t count, loff_t *ppos)
3336{
3337 struct hci_dev *hdev = file->private_data;
3338 char buf[32];
3339 size_t buf_size = min(count, (sizeof(buf) - 1));
3340 u8 key_size;
3341
3342 if (copy_from_user(buf, user_buf, buf_size))
3343 return -EFAULT;
3344
3345 buf[buf_size] = '\0';
3346
3347 sscanf(buf, "%hhu", &key_size);
3348
3349 if (key_size > SMP_DEV(hdev)->max_key_size ||
3350 key_size < SMP_MIN_ENC_KEY_SIZE)
3351 return -EINVAL;
3352
3353 SMP_DEV(hdev)->min_key_size = key_size;
3354
3355 return count;
3356}
3357
3358static const struct file_operations le_min_key_size_fops = {
3359 .open = simple_open,
3360 .read = le_min_key_size_read,
3361 .write = le_min_key_size_write,
3362 .llseek = default_llseek,
3363};
3364
2fd36558
JH		 3365static ssize_t le_max_key_size_read(struct file *file,
3366 char __user *user_buf,
3367 size_t count, loff_t *ppos)
3368{
3369 struct hci_dev *hdev = file->private_data;
3370 char buf[4];
3371
3372 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3373
3374 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3375}
3376
3377static ssize_t le_max_key_size_write(struct file *file,
3378 const char __user *user_buf,
3379 size_t count, loff_t *ppos)
3380{
3381 struct hci_dev *hdev = file->private_data;
3382 char buf[32];
3383 size_t buf_size = min(count, (sizeof(buf) - 1));
3384 u8 key_size;
3385
3386 if (copy_from_user(buf, user_buf, buf_size))
3387 return -EFAULT;
3388
3389 buf[buf_size] = '\0';
3390
3391 sscanf(buf, "%hhu", &key_size);
3392
b1f663c9
JH		 3393 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3394 key_size < SMP_DEV(hdev)->min_key_size)
2fd36558
JH		 3395 return -EINVAL;
3396
3397 SMP_DEV(hdev)->max_key_size = key_size;
3398
3399 return count;
3400}
3401
3402static const struct file_operations le_max_key_size_fops = {
3403 .open = simple_open,
3404 .read = le_max_key_size_read,
3405 .write = le_max_key_size_write,
3406 .llseek = default_llseek,
3407};
3408
ef8efe4b
JH		 3409int smp_register(struct hci_dev *hdev)
3410{
3411 struct l2cap_chan *chan;
3412
3413 BT_DBG("%s", hdev->name);
3414
7e7ec445
MH		 3415 /* If the controller does not support Low Energy operation, then
3416 * there is also no need to register any SMP channel.
3417 */
3418 if (!lmp_le_capable(hdev))
3419 return 0;
3420
2b8df323
MH		 3421 if (WARN_ON(hdev->smp_data)) {
3422 chan = hdev->smp_data;
3423 hdev->smp_data = NULL;
3424 smp_del_chan(chan);
3425 }
3426
ef8efe4b
JH		 3427 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3428 if (IS_ERR(chan))
3429 return PTR_ERR(chan);
3430
3431 hdev->smp_data = chan;
3432
b1f663c9
JH		 3433 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3434 &le_min_key_size_fops);
2fd36558
JH		 3435 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3436 &le_max_key_size_fops);
3437
300acfde
MH		 3438 /* If the controller does not support BR/EDR Secure Connections
3439 * feature, then the BR/EDR SMP channel shall not be present.
3440 *
3441 * To test this with Bluetooth 4.0 controllers, create a debugfs
3442 * switch that allows forcing BR/EDR SMP support and accepting
3443 * cross-transport pairing on non-AES encrypted connections.
3444 */
3445 if (!lmp_sc_capable(hdev)) {
3446 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3447 hdev, &force_bredr_smp_fops);
83ebb9ec
SJ		 3448
3449 /* Flag can be already set here (due to power toggle) */
3450 if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3451 return 0;
300acfde 3452 }
ef8efe4b 3453
2b8df323
MH		 3454 if (WARN_ON(hdev->smp_bredr_data)) {
3455 chan = hdev->smp_bredr_data;
3456 hdev->smp_bredr_data = NULL;
3457 smp_del_chan(chan);
3458 }
3459
ef8efe4b
JH		 3460 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3461 if (IS_ERR(chan)) {
3462 int err = PTR_ERR(chan);
3463 chan = hdev->smp_data;
3464 hdev->smp_data = NULL;
3465 smp_del_chan(chan);
3466 return err;
3467 }
3468
3469 hdev->smp_bredr_data = chan;
3470
3471 return 0;
3472}
3473
3474void smp_unregister(struct hci_dev *hdev)
3475{
3476 struct l2cap_chan *chan;
3477
3478 if (hdev->smp_bredr_data) {
3479 chan = hdev->smp_bredr_data;
3480 hdev->smp_bredr_data = NULL;
3481 smp_del_chan(chan);
3482 }
3483
3484 if (hdev->smp_data) {
3485 chan = hdev->smp_data;
3486 hdev->smp_data = NULL;
3487 smp_del_chan(chan);
3488 }
3489}
0a2b0f04
JH		 3490
3491#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3492
71653eb6
MH		 3493static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
3494{
3495 int i;
3496
3497 for (i = 0; i < ndigits; i++)
3498 out[i] = __swab64(in[ndigits - 1 - i]);
3499}
3500
3501static int __init test_debug_key(void)
3502{
3503 u8 pk[64], sk[32];
3504
3505 swap_digits((u64 *)debug_sk, (u64 *)sk, 4);
3506
3507 if (!generate_ecdh_keys(pk, sk))
3508 return -EINVAL;
3509
329d8230 3510 if (crypto_memneq(sk, debug_sk, 32))
71653eb6
MH		 3511 return -EINVAL;
3512
329d8230 3513 if (crypto_memneq(pk, debug_pk, 64))
71653eb6
MH		 3514 return -EINVAL;
3515
3516 return 0;
3517}
3518
a4770e11 3519static int __init test_ah(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3520{
3521 const u8 irk[16] = {
3522 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3523 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3524 const u8 r[3] = { 0x94, 0x81, 0x70 };
3525 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3526 u8 res[3];
3527 int err;
3528
3529 err = smp_ah(tfm_aes, irk, r, res);
3530 if (err)
3531 return err;
3532
329d8230 3533 if (crypto_memneq(res, exp, 3))
cfc4198e
JH		 3534 return -EINVAL;
3535
3536 return 0;
3537}
3538
a4770e11 3539static int __init test_c1(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3540{
3541 const u8 k[16] = {
3542 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3543 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3544 const u8 r[16] = {
3545 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3546 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3547 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3548 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3549 const u8 _iat = 0x01;
3550 const u8 _rat = 0x00;
3551 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3552 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3553 const u8 exp[16] = {
3554 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3555 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3556 u8 res[16];
3557 int err;
3558
3559 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3560 if (err)
3561 return err;
3562
329d8230 3563 if (crypto_memneq(res, exp, 16))
cfc4198e
JH		 3564 return -EINVAL;
3565
3566 return 0;
3567}
3568
a4770e11 3569static int __init test_s1(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3570{
3571 const u8 k[16] = {
3572 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3573 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3574 const u8 r1[16] = {
3575 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3576 const u8 r2[16] = {
3577 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3578 const u8 exp[16] = {
3579 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3580 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3581 u8 res[16];
3582 int err;
3583
3584 err = smp_s1(tfm_aes, k, r1, r2, res);
3585 if (err)
3586 return err;
3587
329d8230 3588 if (crypto_memneq(res, exp, 16))
cfc4198e
JH		 3589 return -EINVAL;
3590
3591 return 0;
3592}
3593
71af2f6b 3594static int __init test_f4(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3595{
3596 const u8 u[32] = {
3597 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3598 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3599 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3600 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3601 const u8 v[32] = {
3602 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3603 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3604 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3605 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3606 const u8 x[16] = {
3607 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3608 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3609 const u8 z = 0x00;
3610 const u8 exp[16] = {
3611 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3612 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3613 u8 res[16];
3614 int err;
3615
3616 err = smp_f4(tfm_cmac, u, v, x, z, res);
3617 if (err)
3618 return err;
3619
329d8230 3620 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3621 return -EINVAL;
3622
3623 return 0;
3624}
3625
71af2f6b 3626static int __init test_f5(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3627{
3628 const u8 w[32] = {
3629 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3630 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3631 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3632 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3633 const u8 n1[16] = {
3634 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3635 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3636 const u8 n2[16] = {
3637 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3638 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3639 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3640 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3641 const u8 exp_ltk[16] = {
3642 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3643 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3644 const u8 exp_mackey[16] = {
3645 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3646 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3647 u8 mackey[16], ltk[16];
3648 int err;
3649
3650 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3651 if (err)
3652 return err;
3653
329d8230 3654 if (crypto_memneq(mackey, exp_mackey, 16))
fb2969a3
JH		 3655 return -EINVAL;
3656
329d8230 3657 if (crypto_memneq(ltk, exp_ltk, 16))
fb2969a3
JH		 3658 return -EINVAL;
3659
3660 return 0;
3661}
3662
71af2f6b 3663static int __init test_f6(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3664{
3665 const u8 w[16] = {
3666 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3667 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3668 const u8 n1[16] = {
3669 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3670 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3671 const u8 n2[16] = {
3672 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3673 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3674 const u8 r[16] = {
3675 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3676 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3677 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3678 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3679 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3680 const u8 exp[16] = {
3681 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3682 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3683 u8 res[16];
3684 int err;
3685
3686 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3687 if (err)
3688 return err;
3689
329d8230 3690 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3691 return -EINVAL;
3692
3693 return 0;
3694}
3695
71af2f6b 3696static int __init test_g2(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3697{
3698 const u8 u[32] = {
3699 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3700 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3701 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3702 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3703 const u8 v[32] = {
3704 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3705 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3706 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3707 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3708 const u8 x[16] = {
3709 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3710 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3711 const u8 y[16] = {
3712 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3713 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3714 const u32 exp_val = 0x2f9ed5ba % 1000000;
3715 u32 val;
3716 int err;
3717
3718 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3719 if (err)
3720 return err;
3721
3722 if (val != exp_val)
3723 return -EINVAL;
3724
3725 return 0;
3726}
3727
71af2f6b 3728static int __init test_h6(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3729{
3730 const u8 w[16] = {
3731 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3732 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3733 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3734 const u8 exp[16] = {
3735 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3736 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3737 u8 res[16];
3738 int err;
3739
3740 err = smp_h6(tfm_cmac, w, key_id, res);
3741 if (err)
3742 return err;
3743
329d8230 3744 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3745 return -EINVAL;
3746
3747 return 0;
3748}
3749
64dd374e
MH		 3750static char test_smp_buffer[32];
3751
3752static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3753 size_t count, loff_t *ppos)
3754{
3755 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3756 strlen(test_smp_buffer));
3757}
3758
3759static const struct file_operations test_smp_fops = {
3760 .open = simple_open,
3761 .read = test_smp_read,
3762 .llseek = default_llseek,
3763};
3764
a4770e11 3765static int __init run_selftests(struct crypto_cipher *tfm_aes,
71af2f6b 3766 struct crypto_shash *tfm_cmac)
0a2b0f04 3767{
255047b0
MH		 3768 ktime_t calltime, delta, rettime;
3769 unsigned long long duration;
cfc4198e
JH		 3770 int err;
3771
255047b0
MH		 3772 calltime = ktime_get();
3773
71653eb6
MH		 3774 err = test_debug_key();
3775 if (err) {
3776 BT_ERR("debug_key test failed");
3777 goto done;
3778 }
3779
cfc4198e
JH		 3780 err = test_ah(tfm_aes);
3781 if (err) {
3782 BT_ERR("smp_ah test failed");
64dd374e 3783 goto done;
cfc4198e
JH		 3784 }
3785
3786 err = test_c1(tfm_aes);
3787 if (err) {
3788 BT_ERR("smp_c1 test failed");
64dd374e 3789 goto done;
cfc4198e
JH		 3790 }
3791
3792 err = test_s1(tfm_aes);
3793 if (err) {
3794 BT_ERR("smp_s1 test failed");
64dd374e 3795 goto done;
cfc4198e
JH		 3796 }
3797
fb2969a3
JH		 3798 err = test_f4(tfm_cmac);
3799 if (err) {
3800 BT_ERR("smp_f4 test failed");
64dd374e 3801 goto done;
fb2969a3
JH		 3802 }
3803
3804 err = test_f5(tfm_cmac);
3805 if (err) {
3806 BT_ERR("smp_f5 test failed");
64dd374e 3807 goto done;
fb2969a3
JH		 3808 }
3809
3810 err = test_f6(tfm_cmac);
3811 if (err) {
3812 BT_ERR("smp_f6 test failed");
64dd374e 3813 goto done;
fb2969a3
JH		 3814 }
3815
3816 err = test_g2(tfm_cmac);
3817 if (err) {
3818 BT_ERR("smp_g2 test failed");
64dd374e 3819 goto done;
fb2969a3
JH		 3820 }
3821
3822 err = test_h6(tfm_cmac);
3823 if (err) {
3824 BT_ERR("smp_h6 test failed");
64dd374e 3825 goto done;
fb2969a3
JH		 3826 }
3827
255047b0
MH		 3828 rettime = ktime_get();
3829 delta = ktime_sub(rettime, calltime);
3830 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3831
5ced2464 3832 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04 3833
64dd374e
MH		 3834done:
3835 if (!err)
3836 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3837 "PASS (%llu usecs)\n", duration);
3838 else
3839 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3840
3841 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3842 &test_smp_fops);
3843
3844 return err;
0a2b0f04
JH		 3845}
3846
3847int __init bt_selftest_smp(void)
3848{
a4770e11 3849 struct crypto_cipher *tfm_aes;
71af2f6b 3850 struct crypto_shash *tfm_cmac;
0a2b0f04
JH		 3851 int err;
3852
a4770e11 3853 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
0a2b0f04 3854 if (IS_ERR(tfm_aes)) {
a4770e11 3855 BT_ERR("Unable to create AES crypto context");
0a2b0f04
JH		 3856 return PTR_ERR(tfm_aes);
3857 }
3858
71af2f6b 3859 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
0a2b0f04
JH		 3860 if (IS_ERR(tfm_cmac)) {
3861 BT_ERR("Unable to create CMAC crypto context");
a4770e11 3862 crypto_free_cipher(tfm_aes);
0a2b0f04
JH		 3863 return PTR_ERR(tfm_cmac);
3864 }
3865
3866 err = run_selftests(tfm_aes, tfm_cmac);
3867
71af2f6b 3868 crypto_free_shash(tfm_cmac);
a4770e11 3869 crypto_free_cipher(tfm_aes);
0a2b0f04
JH		 3870
3871 return err;
3872}
3873
3874#endif
Ubuntu Artful kernel mirror