Blame - net/bluetooth/smp.c - kernel/msm-4.19

blob: 14585edc94397c6f42e5f5fcee2f7f471019819e [file] [log] [blame]

Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	1	/*
				2	BlueZ - Bluetooth protocol stack for Linux
				3	Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
				4
				5	This program is free software; you can redistribute it and/or modify
				6	it under the terms of the GNU General Public License version 2 as
				7	published by the Free Software Foundation;
				8
				9	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
				10	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
				11	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
				12	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
				13	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
				14	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
				15	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
				16	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
				17
				18	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
				19	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
				20	SOFTWARE IS DISCLAIMED.
				21	*/
				22
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	23	#include <linux/debugfs.h>
Gustavo Padovan	8c520a5	2012-05-23 04:04:22 -0300	[diff] [blame]	24	#include <linux/scatterlist.h>
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	25	#include <linux/crypto.h>
Gustavo Padovan	8c520a5	2012-05-23 04:04:22 -0300	[diff] [blame]	26	#include <crypto/b128ops.h>
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	27	#include <crypto/hash.h>
Gustavo Padovan	8c520a5	2012-05-23 04:04:22 -0300	[diff] [blame]	28
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	29	#include <net/bluetooth/bluetooth.h>
				30	#include <net/bluetooth/hci_core.h>
				31	#include <net/bluetooth/l2cap.h>
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	32	#include <net/bluetooth/mgmt.h>
Marcel Holtmann	ac4b723	2013-10-10 14:54:16 -0700	[diff] [blame]	33
Salvatore Benedetto	58771c1c	2017-04-24 13:13:20 +0100	[diff] [blame]	34	#include "ecdh_helper.h"
Marcel Holtmann	ac4b723	2013-10-10 14:54:16 -0700	[diff] [blame]	35	#include "smp.h"
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	36
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	37	#define SMP_DEV(hdev) \
				38	((struct smp_dev )((struct l2cap_chan )((hdev)->smp_data))->data)
				39
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	40	/* Low-level debug macros to be used for stuff that we don't want
				41	* accidentially in dmesg, i.e. the values of the various crypto keys
				42	* and the inputs & outputs of crypto functions.
				43	*/
				44	#ifdef DEBUG
				45	#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
				46	##__VA_ARGS__)
				47	#else
				48	#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
				49	##__VA_ARGS__)
				50	#endif
				51
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	52	#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	53
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	54	/* Keys which are not distributed with Secure Connections */
				55	#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY \| SMP_DIST_LINK_KEY);
				56
Marcel Holtmann	17b02e6	2012-03-01 14:32:37 -0800	[diff] [blame]	57	#define SMP_TIMEOUT msecs_to_jiffies(30000)
Vinicius Costa Gomes	5d3de7d	2011-06-14 13:37:41 -0300	[diff] [blame]	58
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	59	#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	60	0x3f : 0x07)
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	61	#define KEY_DIST_MASK 0x07
Johan Hedberg	065a13e	2012-10-11 16:26:06 +0200	[diff] [blame]	62
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	63	/* Maximum message length that can be passed to aes_cmac */
				64	#define CMAC_MSG_MAX 80
				65
Johan Hedberg	533e35d	2014-06-16 19:25:18 +0300	[diff] [blame]	66	enum {
				67	SMP_FLAG_TK_VALID,
				68	SMP_FLAG_CFM_PENDING,
				69	SMP_FLAG_MITM_AUTH,
				70	SMP_FLAG_COMPLETE,
				71	SMP_FLAG_INITIATOR,
Johan Hedberg	6566877	2014-05-16 11:03:34 +0300	[diff] [blame]	72	SMP_FLAG_SC,
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	73	SMP_FLAG_REMOTE_PK,
Johan Hedberg	aeb7d46	2014-05-31 18:52:28 +0300	[diff] [blame]	74	SMP_FLAG_DEBUG_KEY,
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	75	SMP_FLAG_WAIT_USER,
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	76	SMP_FLAG_DHKEY_PENDING,
Johan Hedberg	1a8bab4	2015-03-16 11:45:44 +0200	[diff] [blame]	77	SMP_FLAG_REMOTE_OOB,
				78	SMP_FLAG_LOCAL_OOB,
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	79	SMP_FLAG_CT2,
Johan Hedberg	533e35d	2014-06-16 19:25:18 +0300	[diff] [blame]	80	};
Johan Hedberg	4bc58f5	2014-05-20 09:45:47 +0300	[diff] [blame]	81
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	82	struct smp_dev {
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	83	/* Secure Connections OOB data */
				84	u8 local_pk[64];
				85	u8 local_sk[32];
Marcel Holtmann	fb334fe	2015-03-16 12:34:57 -0700	[diff] [blame]	86	u8 local_rand[16];
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	87	bool debug_key;
				88
Johan Hedberg	b1f663c	2015-06-11 13:52:27 +0300	[diff] [blame]	89	u8 min_key_size;
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	90	u8 max_key_size;
				91
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	92	struct crypto_cipher *tfm_aes;
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	93	struct crypto_shash *tfm_cmac;
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	94	};
				95
Johan Hedberg	4bc58f5	2014-05-20 09:45:47 +0300	[diff] [blame]	96	struct smp_chan {
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	97	struct l2cap_conn *conn;
				98	struct delayed_work security_timer;
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	99	unsigned long allow_cmd; /* Bitmask of allowed commands */
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	100
Johan Hedberg	4bc58f5	2014-05-20 09:45:47 +0300	[diff] [blame]	101	u8 preq[7]; /* SMP Pairing Request */
				102	u8 prsp[7]; /* SMP Pairing Response */
				103	u8 prnd[16]; /* SMP Pairing Random (local) */
				104	u8 rrnd[16]; /* SMP Pairing Random (remote) */
				105	u8 pcnf[16]; /* SMP Pairing Confirm */
				106	u8 tk[16]; /* SMP Temporary Key */
Johan Hedberg	882fafa	2015-03-16 11:45:43 +0200	[diff] [blame]	107	u8 rr[16]; /* Remote OOB ra/rb value */
				108	u8 lr[16]; /* Local OOB ra/rb value */
Johan Hedberg	4bc58f5	2014-05-20 09:45:47 +0300	[diff] [blame]	109	u8 enc_key_size;
				110	u8 remote_key_dist;
				111	bdaddr_t id_addr;
				112	u8 id_addr_type;
				113	u8 irk[16];
				114	struct smp_csrk *csrk;
				115	struct smp_csrk *slave_csrk;
				116	struct smp_ltk *ltk;
				117	struct smp_ltk *slave_ltk;
				118	struct smp_irk *remote_irk;
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	119	u8 *link_key;
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	120	unsigned long flags;
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	121	u8 method;
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	122	u8 passkey_round;
Johan Hedberg	6a7bd10	2014-06-27 14:23:03 +0300	[diff] [blame]	123
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	124	/* Secure Connections variables */
				125	u8 local_pk[64];
				126	u8 local_sk[32];
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	127	u8 remote_pk[64];
				128	u8 dhkey[32];
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	129	u8 mackey[16];
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	130
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	131	struct crypto_cipher *tfm_aes;
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	132	struct crypto_shash *tfm_cmac;
Johan Hedberg	4bc58f5	2014-05-20 09:45:47 +0300	[diff] [blame]	133	};
				134
Johan Hedberg	aeb7d46	2014-05-31 18:52:28 +0300	[diff] [blame]	135	/* These debug key values are defined in the SMP section of the core
				136	* specification. debug_pk is the public debug key and debug_sk the
				137	* private debug key.
				138	*/
				139	static const u8 debug_pk[64] = {
				140	0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
				141	0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
				142	0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
				143	0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
				144
				145	0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
				146	0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
				147	0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
				148	0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
				149	};
				150
				151	static const u8 debug_sk[32] = {
				152	0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
				153	0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
				154	0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
				155	0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
				156	};
				157
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	158	static inline void swap_buf(const u8 src, u8 dst, size_t len)
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	159	{
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	160	size_t i;
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	161
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	162	for (i = 0; i < len; i++)
				163	dst[len - 1 - i] = src[i];
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	164	}
				165
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	166	/* The following functions map to the LE SC SMP crypto functions
				167	* AES-CMAC, f4, f5, f6, g2 and h6.
				168	*/
				169
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	170	static int aes_cmac(struct crypto_shash tfm, const u8 k[16], const u8 m,
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	171	size_t len, u8 mac[16])
				172	{
				173	uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	174	SHASH_DESC_ON_STACK(desc, tfm);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	175	int err;
				176
				177	if (len > CMAC_MSG_MAX)
				178	return -EFBIG;
				179
				180	if (!tfm) {
				181	BT_ERR("tfm %p", tfm);
				182	return -EINVAL;
				183	}
				184
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	185	desc->tfm = tfm;
				186	desc->flags = 0;
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	187
				188	/* Swap key and message from LSB to MSB */
				189	swap_buf(k, tmp, 16);
				190	swap_buf(m, msg_msb, len);
				191
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	192	SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
				193	SMP_DBG("key %16phN", k);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	194
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	195	err = crypto_shash_setkey(tfm, tmp, 16);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	196	if (err) {
				197	BT_ERR("cipher setkey failed: %d", err);
				198	return err;
				199	}
				200
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	201	err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
				202	shash_desc_zero(desc);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	203	if (err) {
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	204	BT_ERR("Hash computation error %d", err);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	205	return err;
				206	}
				207
				208	swap_buf(mac_msb, mac, 16);
				209
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	210	SMP_DBG("mac %16phN", mac);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	211
				212	return 0;
				213	}
				214
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	215	static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
				216	const u8 v[32], const u8 x[16], u8 z, u8 res[16])
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	217	{
				218	u8 m[65];
				219	int err;
				220
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	221	SMP_DBG("u %32phN", u);
				222	SMP_DBG("v %32phN", v);
				223	SMP_DBG("x %16phN z %02x", x, z);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	224
				225	m[0] = z;
				226	memcpy(m + 1, v, 32);
				227	memcpy(m + 33, u, 32);
				228
				229	err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
				230	if (err)
				231	return err;
				232
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	233	SMP_DBG("res %16phN", res);
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	234
				235	return err;
				236	}
				237
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	238	static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
Johan Hedberg	4da50de	2014-12-29 12:04:10 +0200	[diff] [blame]	239	const u8 n1[16], const u8 n2[16], const u8 a1[7],
				240	const u8 a2[7], u8 mackey[16], u8 ltk[16])
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	241	{
				242	/* The btle, salt and length "magic" values are as defined in
				243	* the SMP section of the Bluetooth core specification. In ASCII
				244	* the btle value ends up being 'btle'. The salt is just a
				245	* random number whereas length is the value 256 in little
				246	* endian format.
				247	*/
				248	const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
				249	const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
				250	0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
				251	const u8 length[2] = { 0x00, 0x01 };
				252	u8 m[53], t[16];
				253	int err;
				254
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	255	SMP_DBG("w %32phN", w);
				256	SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
				257	SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	258
				259	err = aes_cmac(tfm_cmac, salt, w, 32, t);
				260	if (err)
				261	return err;
				262
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	263	SMP_DBG("t %16phN", t);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	264
				265	memcpy(m, length, 2);
				266	memcpy(m + 2, a2, 7);
				267	memcpy(m + 9, a1, 7);
				268	memcpy(m + 16, n2, 16);
				269	memcpy(m + 32, n1, 16);
				270	memcpy(m + 48, btle, 4);
				271
				272	m[52] = 0; /* Counter */
				273
				274	err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
				275	if (err)
				276	return err;
				277
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	278	SMP_DBG("mackey %16phN", mackey);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	279
				280	m[52] = 1; /* Counter */
				281
				282	err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
				283	if (err)
				284	return err;
				285
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	286	SMP_DBG("ltk %16phN", ltk);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	287
				288	return 0;
				289	}
				290
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	291	static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg	4da50de	2014-12-29 12:04:10 +0200	[diff] [blame]	292	const u8 n1[16], const u8 n2[16], const u8 r[16],
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	293	const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
				294	u8 res[16])
				295	{
				296	u8 m[65];
				297	int err;
				298
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	299	SMP_DBG("w %16phN", w);
				300	SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
				301	SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	302
				303	memcpy(m, a2, 7);
				304	memcpy(m + 7, a1, 7);
				305	memcpy(m + 14, io_cap, 3);
				306	memcpy(m + 17, r, 16);
				307	memcpy(m + 33, n2, 16);
				308	memcpy(m + 49, n1, 16);
				309
				310	err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
				311	if (err)
				312	return err;
				313
Marcel Holtmann	203de21	2014-12-31 20:01:22 -0800	[diff] [blame]	314	SMP_DBG("res %16phN", res);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	315
				316	return err;
				317	}
				318
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	319	static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	320	const u8 x[16], const u8 y[16], u32 *val)
				321	{
				322	u8 m[80], tmp[16];
				323	int err;
				324
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	325	SMP_DBG("u %32phN", u);
				326	SMP_DBG("v %32phN", v);
				327	SMP_DBG("x %16phN y %16phN", x, y);
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	328
				329	memcpy(m, y, 16);
				330	memcpy(m + 16, v, 32);
				331	memcpy(m + 48, u, 32);
				332
				333	err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
				334	if (err)
				335	return err;
				336
				337	*val = get_unaligned_le32(tmp);
				338	*val %= 1000000;
				339
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	340	SMP_DBG("val %06u", *val);
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	341
				342	return 0;
				343	}
				344
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	345	static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	346	const u8 key_id[4], u8 res[16])
				347	{
				348	int err;
				349
				350	SMP_DBG("w %16phN key_id %4phN", w, key_id);
				351
				352	err = aes_cmac(tfm_cmac, w, key_id, 4, res);
				353	if (err)
				354	return err;
				355
				356	SMP_DBG("res %16phN", res);
				357
				358	return err;
				359	}
				360
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	361	static int smp_h7(struct crypto_shash *tfm_cmac, const u8 w[16],
				362	const u8 salt[16], u8 res[16])
				363	{
				364	int err;
				365
				366	SMP_DBG("w %16phN salt %16phN", w, salt);
				367
				368	err = aes_cmac(tfm_cmac, salt, w, 16, res);
				369	if (err)
				370	return err;
				371
				372	SMP_DBG("res %16phN", res);
				373
				374	return err;
				375	}
				376
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	377	/* The following functions map to the legacy SMP crypto functions e, c1,
				378	* s1 and ah.
				379	*/
				380
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	381	static int smp_e(struct crypto_cipher tfm, const u8 k, u8 *r)
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	382	{
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	383	uint8_t tmp[16], data[16];
Johan Hedberg	201a592	2013-12-02 10:49:04 +0200	[diff] [blame]	384	int err;
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	385
Johan Hedberg	011c391	2015-05-19 21:06:04 +0300	[diff] [blame]	386	SMP_DBG("k %16phN r %16phN", k, r);
				387
Johan Hedberg	7f376cd	2014-12-03 16:07:13 +0200	[diff] [blame]	388	if (!tfm) {
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	389	BT_ERR("tfm %p", tfm);
				390	return -EINVAL;
				391	}
				392
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	393	/* The most significant octet of key corresponds to k[0] */
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	394	swap_buf(k, tmp, 16);
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	395
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	396	err = crypto_cipher_setkey(tfm, tmp, 16);
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	397	if (err) {
				398	BT_ERR("cipher setkey failed: %d", err);
				399	return err;
				400	}
				401
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	402	/* Most significant octet of plaintextData corresponds to data[0] */
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	403	swap_buf(r, data, 16);
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	404
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	405	crypto_cipher_encrypt_one(tfm, data, data);
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	406
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	407	/* Most significant octet of encryptedData corresponds to data[0] */
Johan Hedberg	8a2936f	2014-06-16 19:25:19 +0300	[diff] [blame]	408	swap_buf(data, r, 16);
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	409
Johan Hedberg	011c391	2015-05-19 21:06:04 +0300	[diff] [blame]	410	SMP_DBG("r %16phN", r);
				411
Anderson Briglia	d22ef0b	2011-06-09 18:50:44 -0300	[diff] [blame]	412	return err;
				413	}
				414
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	415	static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	416	const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
				417	const bdaddr_t ia, u8 _rat, const bdaddr_t ra, u8 res[16])
				418	{
				419	u8 p1[16], p2[16];
				420	int err;
				421
Johan Hedberg	011c391	2015-05-19 21:06:04 +0300	[diff] [blame]	422	SMP_DBG("k %16phN r %16phN", k, r);
				423	SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
				424	SMP_DBG("preq %7phN pres %7phN", preq, pres);
				425
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	426	memset(p1, 0, 16);
				427
				428	/* p1 = pres \|\| preq \|\| _rat \|\| _iat */
				429	p1[0] = _iat;
				430	p1[1] = _rat;
				431	memcpy(p1 + 2, preq, 7);
				432	memcpy(p1 + 9, pres, 7);
				433
Johan Hedberg	011c391	2015-05-19 21:06:04 +0300	[diff] [blame]	434	SMP_DBG("p1 %16phN", p1);
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	435
				436	/* res = r XOR p1 */
				437	u128_xor((u128 ) res, (u128 ) r, (u128 *) p1);
				438
				439	/* res = e(k, res) */
				440	err = smp_e(tfm_aes, k, res);
				441	if (err) {
				442	BT_ERR("Encrypt data error");
				443	return err;
				444	}
				445
Johan Hedberg	011c391	2015-05-19 21:06:04 +0300	[diff] [blame]	446	/* p2 = padding \|\| ia \|\| ra */
				447	memcpy(p2, ra, 6);
				448	memcpy(p2 + 6, ia, 6);
				449	memset(p2 + 12, 0, 4);
				450
				451	SMP_DBG("p2 %16phN", p2);
				452
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	453	/* res = res XOR p2 */
				454	u128_xor((u128 ) res, (u128 ) res, (u128 *) p2);
				455
				456	/* res = e(k, res) */
				457	err = smp_e(tfm_aes, k, res);
				458	if (err)
				459	BT_ERR("Encrypt data error");
				460
				461	return err;
				462	}
				463
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	464	static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	465	const u8 r1[16], const u8 r2[16], u8 _r[16])
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	466	{
				467	int err;
				468
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	469	/* Just least significant octets from r1 and r2 are considered */
				470	memcpy(_r, r2, 8);
				471	memcpy(_r + 8, r1, 8);
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	472
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	473	err = smp_e(tfm_aes, k, _r);
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	474	if (err)
Johan Hedberg	06edf8d	2014-12-02 13:39:23 +0200	[diff] [blame]	475	BT_ERR("Encrypt data error");
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	476
				477	return err;
				478	}
				479
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	480	static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
Johan Hedberg	cd08279	2014-12-02 13:37:41 +0200	[diff] [blame]	481	const u8 r[3], u8 res[3])
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	482	{
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	483	u8 _res[16];
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	484	int err;
				485
				486	/* r' = padding \|\| r */
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	487	memcpy(_res, r, 3);
				488	memset(_res + 3, 0, 13);
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	489
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	490	err = smp_e(tfm, irk, _res);
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	491	if (err) {
				492	BT_ERR("Encrypt error");
				493	return err;
				494	}
				495
				496	/* The output of the random address function ah is:
Marcel Holtmann	c5080d4	2015-09-04 17:08:18 +0200	[diff] [blame]	497	* ah(k, r) = e(k, r') mod 2^24
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	498	* The output of the security function e is then truncated to 24 bits
				499	* by taking the least significant 24 bits of the output of e as the
				500	* result of ah.
				501	*/
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	502	memcpy(res, _res, 3);
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	503
				504	return 0;
				505	}
				506
Johan Hedberg	cd08279	2014-12-02 13:37:41 +0200	[diff] [blame]	507	bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
				508	const bdaddr_t *bdaddr)
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	509	{
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	510	struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	511	struct smp_dev *smp;
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	512	u8 hash[3];
				513	int err;
				514
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	515	if (!chan \|\| !chan->data)
				516	return false;
				517
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	518	smp = chan->data;
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	519
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	520	BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
				521
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	522	err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
Johan Hedberg	6047805	2014-02-18 10:19:31 +0200	[diff] [blame]	523	if (err)
				524	return false;
				525
				526	return !memcmp(bdaddr->b, hash, 3);
				527	}
				528
Johan Hedberg	cd08279	2014-12-02 13:37:41 +0200	[diff] [blame]	529	int smp_generate_rpa(struct hci_dev hdev, const u8 irk[16], bdaddr_t rpa)
Johan Hedberg	b1e2b3a	2014-02-23 19:42:19 +0200	[diff] [blame]	530	{
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	531	struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	532	struct smp_dev *smp;
Johan Hedberg	b1e2b3a	2014-02-23 19:42:19 +0200	[diff] [blame]	533	int err;
				534
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	535	if (!chan \|\| !chan->data)
				536	return -EOPNOTSUPP;
				537
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	538	smp = chan->data;
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	539
Johan Hedberg	b1e2b3a	2014-02-23 19:42:19 +0200	[diff] [blame]	540	get_random_bytes(&rpa->b[3], 3);
				541
				542	rpa->b[5] &= 0x3f; /* Clear two most significant bits */
				543	rpa->b[5] \|= 0x40; /* Set second most significant bit */
				544
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	545	err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
Johan Hedberg	b1e2b3a	2014-02-23 19:42:19 +0200	[diff] [blame]	546	if (err < 0)
				547	return err;
				548
				549	BT_DBG("RPA %pMR", rpa);
				550
				551	return 0;
				552	}
				553
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	554	int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
				555	{
				556	struct l2cap_chan *chan = hdev->smp_data;
				557	struct smp_dev *smp;
				558	int err;
				559
				560	if (!chan \|\| !chan->data)
				561	return -EOPNOTSUPP;
				562
				563	smp = chan->data;
				564
				565	if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
				566	BT_DBG("Using debug keys");
				567	memcpy(smp->local_pk, debug_pk, 64);
				568	memcpy(smp->local_sk, debug_sk, 32);
				569	smp->debug_key = true;
				570	} else {
				571	while (true) {
Marcel Holtmann	71653eb	2017-04-30 06:51:41 -0700	[diff] [blame]	572	/* Seed private key with random number */
				573	get_random_bytes(smp->local_sk, 32);
				574
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	575	/* Generate local key pair for Secure Connections */
Salvatore Benedetto	58771c1c	2017-04-24 13:13:20 +0100	[diff] [blame]	576	if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	577	return -EIO;
				578
				579	/* This is unlikely, but we need to check that
				580	* we didn't accidentially generate a debug key.
				581	*/
				582	if (memcmp(smp->local_sk, debug_sk, 32))
				583	break;
				584	}
				585	smp->debug_key = false;
				586	}
				587
				588	SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
				589	SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
				590	SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
				591
Marcel Holtmann	fb334fe	2015-03-16 12:34:57 -0700	[diff] [blame]	592	get_random_bytes(smp->local_rand, 16);
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	593
				594	err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
Marcel Holtmann	fb334fe	2015-03-16 12:34:57 -0700	[diff] [blame]	595	smp->local_rand, 0, hash);
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	596	if (err < 0)
				597	return err;
				598
Marcel Holtmann	fb334fe	2015-03-16 12:34:57 -0700	[diff] [blame]	599	memcpy(rand, smp->local_rand, 16);
Marcel Holtmann	60a27d6	2015-03-16 01:10:22 -0700	[diff] [blame]	600
				601	return 0;
				602	}
				603
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	604	static void smp_send_cmd(struct l2cap_conn conn, u8 code, u16 len, void data)
				605	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	606	struct l2cap_chan *chan = conn->smp;
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	607	struct smp_chan *smp;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	608	struct kvec iv[2];
				609	struct msghdr msg;
				610
				611	if (!chan)
				612	return;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	613
				614	BT_DBG("code 0x%2.2x", code);
				615
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	616	iv[0].iov_base = &code;
				617	iv[0].iov_len = 1;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	618
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	619	iv[1].iov_base = data;
				620	iv[1].iov_len = len;
				621
				622	memset(&msg, 0, sizeof(msg));
				623
Al Viro	1783639	2014-11-24 17:07:38 -0500	[diff] [blame]	624	iov_iter_kvec(&msg.msg_iter, WRITE \| ITER_KVEC, iv, 2, 1 + len);
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	625
				626	l2cap_chan_send(chan, &msg, 1 + len);
Vinicius Costa Gomes	e2dcd11	2011-08-19 21:06:50 -0300	[diff] [blame]	627
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	628	if (!chan->data)
				629	return;
				630
				631	smp = chan->data;
				632
				633	cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg	1b0921d	2014-09-05 22:19:48 +0300	[diff] [blame]	634	schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	635	}
				636
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	637	static u8 authreq_to_seclevel(u8 authreq)
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	638	{
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	639	if (authreq & SMP_AUTH_MITM) {
				640	if (authreq & SMP_AUTH_SC)
				641	return BT_SECURITY_FIPS;
				642	else
				643	return BT_SECURITY_HIGH;
				644	} else {
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	645	return BT_SECURITY_MEDIUM;
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	646	}
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	647	}
				648
				649	static __u8 seclevel_to_authreq(__u8 sec_level)
				650	{
				651	switch (sec_level) {
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	652	case BT_SECURITY_FIPS:
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	653	case BT_SECURITY_HIGH:
				654	return SMP_AUTH_MITM \| SMP_AUTH_BONDING;
				655	case BT_SECURITY_MEDIUM:
				656	return SMP_AUTH_BONDING;
				657	default:
				658	return SMP_AUTH_NONE;
				659	}
				660	}
				661
Vinicius Costa Gomes	b8e66ea	2011-06-09 18:50:52 -0300	[diff] [blame]	662	static void build_pairing_cmd(struct l2cap_conn *conn,
Marcel Holtmann	f156046	2013-10-13 05:43:25 -0700	[diff] [blame]	663	struct smp_cmd_pairing *req,
				664	struct smp_cmd_pairing *rsp, __u8 authreq)
Vinicius Costa Gomes	b8e66ea	2011-06-09 18:50:52 -0300	[diff] [blame]	665	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	666	struct l2cap_chan *chan = conn->smp;
				667	struct smp_chan *smp = chan->data;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	668	struct hci_conn *hcon = conn->hcon;
				669	struct hci_dev *hdev = hcon->hdev;
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	670	u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
Vinicius Costa Gomes	54790f7	2011-07-07 18:59:38 -0300	[diff] [blame]	671
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	672	if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	673	local_dist = SMP_DIST_ENC_KEY \| SMP_DIST_SIGN;
				674	remote_dist = SMP_DIST_ENC_KEY \| SMP_DIST_SIGN;
Vinicius Costa Gomes	54790f7	2011-07-07 18:59:38 -0300	[diff] [blame]	675	authreq \|= SMP_AUTH_BONDING;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	676	} else {
				677	authreq &= ~SMP_AUTH_BONDING;
Vinicius Costa Gomes	54790f7	2011-07-07 18:59:38 -0300	[diff] [blame]	678	}
				679
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	680	if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	681	remote_dist \|= SMP_DIST_ID_KEY;
				682
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	683	if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedberg	863efaf	2014-02-22 19:06:32 +0200	[diff] [blame]	684	local_dist \|= SMP_DIST_ID_KEY;
				685
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	686	if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	687	(authreq & SMP_AUTH_SC)) {
				688	struct oob_data *oob_data;
				689	u8 bdaddr_type;
				690
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	691	if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
Johan Hedberg	df8e1a4	2014-06-06 10:39:56 +0300	[diff] [blame]	692	local_dist \|= SMP_DIST_LINK_KEY;
				693	remote_dist \|= SMP_DIST_LINK_KEY;
				694	}
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	695
				696	if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
				697	bdaddr_type = BDADDR_LE_PUBLIC;
				698	else
				699	bdaddr_type = BDADDR_LE_RANDOM;
				700
				701	oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
				702	bdaddr_type);
Marcel Holtmann	4775a4e	2015-01-31 00:15:52 -0800	[diff] [blame]	703	if (oob_data && oob_data->present) {
Johan Hedberg	1a8bab4	2015-03-16 11:45:44 +0200	[diff] [blame]	704	set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	705	oob_flag = SMP_OOB_PRESENT;
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	706	memcpy(smp->rr, oob_data->rand256, 16);
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	707	memcpy(smp->pcnf, oob_data->hash256, 16);
Marcel Holtmann	bc07cd6	2015-03-16 12:34:56 -0700	[diff] [blame]	708	SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
				709	SMP_DBG("OOB Remote Random: %16phN", smp->rr);
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	710	}
				711
Johan Hedberg	df8e1a4	2014-06-06 10:39:56 +0300	[diff] [blame]	712	} else {
				713	authreq &= ~SMP_AUTH_SC;
				714	}
				715
Vinicius Costa Gomes	54790f7	2011-07-07 18:59:38 -0300	[diff] [blame]	716	if (rsp == NULL) {
				717	req->io_capability = conn->hcon->io_capability;
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	718	req->oob_flag = oob_flag;
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	719	req->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	720	req->init_key_dist = local_dist;
				721	req->resp_key_dist = remote_dist;
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	722	req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	723
				724	smp->remote_key_dist = remote_dist;
Vinicius Costa Gomes	54790f7	2011-07-07 18:59:38 -0300	[diff] [blame]	725	return;
				726	}
				727
				728	rsp->io_capability = conn->hcon->io_capability;
Johan Hedberg	02b05bd	2014-10-26 21:19:10 +0100	[diff] [blame]	729	rsp->oob_flag = oob_flag;
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	730	rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	731	rsp->init_key_dist = req->init_key_dist & remote_dist;
				732	rsp->resp_key_dist = req->resp_key_dist & local_dist;
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	733	rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	734
				735	smp->remote_key_dist = rsp->init_key_dist;
Vinicius Costa Gomes	b8e66ea	2011-06-09 18:50:52 -0300	[diff] [blame]	736	}
				737
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	738	static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
				739	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	740	struct l2cap_chan *chan = conn->smp;
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	741	struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	742	struct smp_chan *smp = chan->data;
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	743
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	744	if (max_key_size > SMP_DEV(hdev)->max_key_size \|\|
				745	max_key_size < SMP_MIN_ENC_KEY_SIZE)
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	746	return SMP_ENC_KEY_SIZE;
				747
Vinicius Costa Gomes	f7aa611	2012-01-30 19:29:12 -0300	[diff] [blame]	748	smp->enc_key_size = max_key_size;
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	749
				750	return 0;
				751	}
				752
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	753	static void smp_chan_destroy(struct l2cap_conn *conn)
				754	{
				755	struct l2cap_chan *chan = conn->smp;
				756	struct smp_chan *smp = chan->data;
Johan Hedberg	923e241	2014-12-03 12:43:39 +0200	[diff] [blame]	757	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	758	bool complete;
				759
				760	BUG_ON(!smp);
				761
				762	cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	763
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	764	complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
Johan Hedberg	923e241	2014-12-03 12:43:39 +0200	[diff] [blame]	765	mgmt_smp_complete(hcon, complete);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	766
Marcel Holtmann	276812e	2015-03-16 01:10:18 -0700	[diff] [blame]	767	kzfree(smp->csrk);
				768	kzfree(smp->slave_csrk);
				769	kzfree(smp->link_key);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	770
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	771	crypto_free_cipher(smp->tfm_aes);
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	772	crypto_free_shash(smp->tfm_cmac);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	773
Johan Hedberg	923e241	2014-12-03 12:43:39 +0200	[diff] [blame]	774	/* Ensure that we don't leave any debug key around if debug key
				775	* support hasn't been explicitly enabled.
				776	*/
				777	if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	778	!hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
Johan Hedberg	923e241	2014-12-03 12:43:39 +0200	[diff] [blame]	779	list_del_rcu(&smp->ltk->list);
				780	kfree_rcu(smp->ltk, rcu);
				781	smp->ltk = NULL;
				782	}
				783
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	784	/* If pairing failed clean up any keys we might have */
				785	if (!complete) {
				786	if (smp->ltk) {
Johan Hedberg	970d0f1	2014-11-13 14:37:47 +0200	[diff] [blame]	787	list_del_rcu(&smp->ltk->list);
				788	kfree_rcu(smp->ltk, rcu);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	789	}
				790
				791	if (smp->slave_ltk) {
Johan Hedberg	970d0f1	2014-11-13 14:37:47 +0200	[diff] [blame]	792	list_del_rcu(&smp->slave_ltk->list);
				793	kfree_rcu(smp->slave_ltk, rcu);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	794	}
				795
				796	if (smp->remote_irk) {
Johan Hedberg	adae20c	2014-11-13 14:37:48 +0200	[diff] [blame]	797	list_del_rcu(&smp->remote_irk->list);
				798	kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	799	}
				800	}
				801
				802	chan->data = NULL;
Marcel Holtmann	276812e	2015-03-16 01:10:18 -0700	[diff] [blame]	803	kzfree(smp);
Johan Hedberg	923e241	2014-12-03 12:43:39 +0200	[diff] [blame]	804	hci_conn_drop(hcon);
Johan Hedberg	6f48e26	2014-08-11 22:06:44 +0300	[diff] [blame]	805	}
				806
Johan Hedberg	84794e1	2013-11-06 11:24:57 +0200	[diff] [blame]	807	static void smp_failure(struct l2cap_conn *conn, u8 reason)
Brian Gix	4f957a7	2011-11-23 08:28:36 -0800	[diff] [blame]	808	{
Johan Hedberg	bab73cb	2012-02-09 16:07:29 +0200	[diff] [blame]	809	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	810	struct l2cap_chan *chan = conn->smp;
Johan Hedberg	bab73cb	2012-02-09 16:07:29 +0200	[diff] [blame]	811
Johan Hedberg	84794e1	2013-11-06 11:24:57 +0200	[diff] [blame]	812	if (reason)
Brian Gix	4f957a7	2011-11-23 08:28:36 -0800	[diff] [blame]	813	smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
Marcel Holtmann	f156046	2013-10-13 05:43:25 -0700	[diff] [blame]	814	&reason);
Brian Gix	4f957a7	2011-11-23 08:28:36 -0800	[diff] [blame]	815
Johan Hedberg	e1e930f	2014-09-08 17:09:49 -0700	[diff] [blame]	816	mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
Vinicius Costa Gomes	f1c09c0	2012-02-01 18:27:56 -0300	[diff] [blame]	817
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	818	if (chan->data)
Vinicius Costa Gomes	f1c09c0	2012-02-01 18:27:56 -0300	[diff] [blame]	819	smp_chan_destroy(conn);
Brian Gix	4f957a7	2011-11-23 08:28:36 -0800	[diff] [blame]	820	}
				821
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	822	#define JUST_WORKS 0x00
				823	#define JUST_CFM 0x01
				824	#define REQ_PASSKEY 0x02
				825	#define CFM_PASSKEY 0x03
				826	#define REQ_OOB 0x04
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	827	#define DSP_PASSKEY 0x05
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	828	#define OVERLAP 0xFF
				829
				830	static const u8 gen_method[5][5] = {
				831	{ JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
				832	{ JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
				833	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
				834	{ JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
				835	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
				836	};
				837
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	838	static const u8 sc_method[5][5] = {
				839	{ JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
				840	{ JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
				841	{ DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
				842	{ JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
				843	{ DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
				844	};
				845
Johan Hedberg	581370c	2014-06-17 13:07:38 +0300	[diff] [blame]	846	static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
				847	{
Johan Hedberg	2bcd400	2014-07-09 19:18:09 +0300	[diff] [blame]	848	/* If either side has unknown io_caps, use JUST_CFM (which gets
				849	* converted later to JUST_WORKS if we're initiators.
				850	*/
Johan Hedberg	581370c	2014-06-17 13:07:38 +0300	[diff] [blame]	851	if (local_io > SMP_IO_KEYBOARD_DISPLAY \|\|
				852	remote_io > SMP_IO_KEYBOARD_DISPLAY)
Johan Hedberg	2bcd400	2014-07-09 19:18:09 +0300	[diff] [blame]	853	return JUST_CFM;
Johan Hedberg	581370c	2014-06-17 13:07:38 +0300	[diff] [blame]	854
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	855	if (test_bit(SMP_FLAG_SC, &smp->flags))
				856	return sc_method[remote_io][local_io];
				857
Johan Hedberg	581370c	2014-06-17 13:07:38 +0300	[diff] [blame]	858	return gen_method[remote_io][local_io];
				859	}
				860
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	861	static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
				862	u8 local_io, u8 remote_io)
				863	{
				864	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	865	struct l2cap_chan *chan = conn->smp;
				866	struct smp_chan *smp = chan->data;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	867	u32 passkey = 0;
				868	int ret = 0;
				869
				870	/* Initialize key for JUST WORKS */
				871	memset(smp->tk, 0, sizeof(smp->tk));
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	872	clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	873
				874	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
				875
Johan Hedberg	2bcd400	2014-07-09 19:18:09 +0300	[diff] [blame]	876	/* If neither side wants MITM, either "just" confirm an incoming
				877	* request or use just-works for outgoing ones. The JUST_CFM
				878	* will be converted to JUST_WORKS if necessary later in this
				879	* function. If either side has MITM look up the method from the
				880	* table.
				881	*/
Johan Hedberg	581370c	2014-06-17 13:07:38 +0300	[diff] [blame]	882	if (!(auth & SMP_AUTH_MITM))
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	883	smp->method = JUST_CFM;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	884	else
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	885	smp->method = get_auth_method(smp, local_io, remote_io);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	886
Johan Hedberg	a82505c	2014-03-24 14:39:07 +0200	[diff] [blame]	887	/* Don't confirm locally initiated pairing attempts */
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	888	if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
				889	&smp->flags))
				890	smp->method = JUST_WORKS;
Johan Hedberg	a82505c	2014-03-24 14:39:07 +0200	[diff] [blame]	891
Johan Hedberg	02f3e25	2014-07-16 15:09:13 +0300	[diff] [blame]	892	/* Don't bother user space with no IO capabilities */
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	893	if (smp->method == JUST_CFM &&
				894	hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
				895	smp->method = JUST_WORKS;
Johan Hedberg	02f3e25	2014-07-16 15:09:13 +0300	[diff] [blame]	896
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	897	/* If Just Works, Continue with Zero TK */
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	898	if (smp->method == JUST_WORKS) {
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	899	set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	900	return 0;
				901	}
				902
Johan Hedberg	19c5ce9	2015-03-15 19:34:04 +0200	[diff] [blame]	903	/* If this function is used for SC -> legacy fallback we
				904	* can only recover the just-works case.
				905	*/
				906	if (test_bit(SMP_FLAG_SC, &smp->flags))
				907	return -EINVAL;
				908
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	909	/* Not Just Works/Confirm results in MITM Authentication */
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	910	if (smp->method != JUST_CFM) {
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	911	set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
Johan Hedberg	5eb596f	2014-09-18 11:26:32 +0300	[diff] [blame]	912	if (hcon->pending_sec_level < BT_SECURITY_HIGH)
				913	hcon->pending_sec_level = BT_SECURITY_HIGH;
				914	}
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	915
				916	/* If both devices have Keyoard-Display I/O, the master
				917	* Confirms and the slave Enters the passkey.
				918	*/
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	919	if (smp->method == OVERLAP) {
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	920	if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	921	smp->method = CFM_PASSKEY;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	922	else
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	923	smp->method = REQ_PASSKEY;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	924	}
				925
Johan Hedberg	01ad34d	2014-03-19 14:14:53 +0200	[diff] [blame]	926	/* Generate random passkey. */
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	927	if (smp->method == CFM_PASSKEY) {
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	928	memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	929	get_random_bytes(&passkey, sizeof(passkey));
				930	passkey %= 1000000;
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	931	put_unaligned_le32(passkey, smp->tk);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	932	BT_DBG("PassKey: %d", passkey);
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	933	set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	934	}
				935
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	936	if (smp->method == REQ_PASSKEY)
Marcel Holtmann	ce39fb4	2013-10-13 02:23:39 -0700	[diff] [blame]	937	ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
Johan Hedberg	272d90d	2012-02-09 15:26:12 +0200	[diff] [blame]	938	hcon->type, hcon->dst_type);
Johan Hedberg	783e057	2014-05-31 18:48:26 +0300	[diff] [blame]	939	else if (smp->method == JUST_CFM)
Johan Hedberg	4eb65e6	2014-03-24 14:39:05 +0200	[diff] [blame]	940	ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
				941	hcon->type, hcon->dst_type,
				942	passkey, 1);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	943	else
Johan Hedberg	01ad34d	2014-03-19 14:14:53 +0200	[diff] [blame]	944	ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
Johan Hedberg	272d90d	2012-02-09 15:26:12 +0200	[diff] [blame]	945	hcon->type, hcon->dst_type,
Johan Hedberg	39adbff	2014-03-20 08:18:14 +0200	[diff] [blame]	946	passkey, 0);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	947
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	948	return ret;
				949	}
				950
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	951	static u8 smp_confirm(struct smp_chan *smp)
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	952	{
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	953	struct l2cap_conn *conn = smp->conn;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	954	struct smp_cmd_pairing_confirm cp;
				955	int ret;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	956
				957	BT_DBG("conn %p", conn);
				958
Johan Hedberg	e491eaf	2014-10-25 21:15:37 +0200	[diff] [blame]	959	ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
Johan Hedberg	b1cd5fd	2014-02-28 12:54:17 +0200	[diff] [blame]	960	conn->hcon->init_addr_type, &conn->hcon->init_addr,
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	961	conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
				962	cp.confirm_val);
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	963	if (ret)
				964	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	965
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	966	clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	967
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	968	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
				969
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	970	if (conn->hcon->out)
				971	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				972	else
				973	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				974
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	975	return 0;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	976	}
				977
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	978	static u8 smp_random(struct smp_chan *smp)
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	979	{
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	980	struct l2cap_conn *conn = smp->conn;
				981	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	982	u8 confirm[16];
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	983	int ret;
				984
Johan Hedberg	ec70f36	2014-06-27 14:23:04 +0300	[diff] [blame]	985	if (IS_ERR_OR_NULL(smp->tfm_aes))
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	986	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	987
				988	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
				989
Johan Hedberg	e491eaf	2014-10-25 21:15:37 +0200	[diff] [blame]	990	ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
Johan Hedberg	b1cd5fd	2014-02-28 12:54:17 +0200	[diff] [blame]	991	hcon->init_addr_type, &hcon->init_addr,
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	992	hcon->resp_addr_type, &hcon->resp_addr, confirm);
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	993	if (ret)
				994	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	995
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	996	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
				997	BT_ERR("Pairing failed (confirmation values mismatch)");
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	998	return SMP_CONFIRM_FAILED;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	999	}
				1000
				1001	if (hcon->out) {
Marcel Holtmann	fe39c7b	2014-02-27 16:00:28 -0800	[diff] [blame]	1002	u8 stk[16];
				1003	__le64 rand = 0;
				1004	__le16 ediv = 0;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1005
Johan Hedberg	e491eaf	2014-10-25 21:15:37 +0200	[diff] [blame]	1006	smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1007
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	1008	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
				1009	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1010
Johan Hedberg	8b76ce3	2015-06-08 18:14:39 +0300	[diff] [blame]	1011	hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
Vinicius Costa Gomes	f7aa611	2012-01-30 19:29:12 -0300	[diff] [blame]	1012	hcon->enc_key_size = smp->enc_key_size;
Johan Hedberg	fe59a05	2014-07-01 19:14:12 +0300	[diff] [blame]	1013	set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1014	} else {
Johan Hedberg	fff3490	2014-06-10 15:19:50 +0300	[diff] [blame]	1015	u8 stk[16], auth;
Marcel Holtmann	fe39c7b	2014-02-27 16:00:28 -0800	[diff] [blame]	1016	__le64 rand = 0;
				1017	__le16 ediv = 0;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1018
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	1019	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
				1020	smp->prnd);
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1021
Johan Hedberg	e491eaf	2014-10-25 21:15:37 +0200	[diff] [blame]	1022	smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1023
Johan Hedberg	fff3490	2014-06-10 15:19:50 +0300	[diff] [blame]	1024	if (hcon->pending_sec_level == BT_SECURITY_HIGH)
				1025	auth = 1;
				1026	else
				1027	auth = 0;
				1028
Johan Hedberg	7d5843b	2014-06-16 19:25:15 +0300	[diff] [blame]	1029	/* Even though there's no _SLAVE suffix this is the
				1030	* slave STK we're adding for later lookup (the master
				1031	* STK never needs to be stored).
				1032	*/
Marcel Holtmann	ce39fb4	2013-10-13 02:23:39 -0700	[diff] [blame]	1033	hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedberg	2ceba53	2014-06-16 19:25:16 +0300	[diff] [blame]	1034	SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1035	}
				1036
Johan Hedberg	861580a	2014-05-20 09:45:51 +0300	[diff] [blame]	1037	return 0;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1038	}
				1039
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1040	static void smp_notify_keys(struct l2cap_conn *conn)
				1041	{
				1042	struct l2cap_chan *chan = conn->smp;
				1043	struct smp_chan *smp = chan->data;
				1044	struct hci_conn *hcon = conn->hcon;
				1045	struct hci_dev *hdev = hcon->hdev;
				1046	struct smp_cmd_pairing req = (void ) &smp->preq[1];
				1047	struct smp_cmd_pairing rsp = (void ) &smp->prsp[1];
				1048	bool persistent;
				1049
Johan Hedberg	cad20c2	2015-10-12 13:36:19 +0200	[diff] [blame]	1050	if (hcon->type == ACL_LINK) {
				1051	if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
				1052	persistent = false;
				1053	else
				1054	persistent = !test_bit(HCI_CONN_FLUSH_KEY,
				1055	&hcon->flags);
				1056	} else {
				1057	/* The LTKs, IRKs and CSRKs should be persistent only if
				1058	* both sides had the bonding bit set in their
				1059	* authentication requests.
				1060	*/
				1061	persistent = !!((req->auth_req & rsp->auth_req) &
				1062	SMP_AUTH_BONDING);
				1063	}
				1064
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1065	if (smp->remote_irk) {
Johan Hedberg	cad20c2	2015-10-12 13:36:19 +0200	[diff] [blame]	1066	mgmt_new_irk(hdev, smp->remote_irk, persistent);
				1067
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1068	/* Now that user space can be considered to know the
				1069	* identity address track the connection based on it
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1070	* from now on (assuming this is an LE link).
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1071	*/
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1072	if (hcon->type == LE_LINK) {
				1073	bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
				1074	hcon->dst_type = smp->remote_irk->addr_type;
				1075	queue_work(hdev->workqueue, &conn->id_addr_update_work);
				1076	}
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1077	}
				1078
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1079	if (smp->csrk) {
				1080	smp->csrk->bdaddr_type = hcon->dst_type;
				1081	bacpy(&smp->csrk->bdaddr, &hcon->dst);
				1082	mgmt_new_csrk(hdev, smp->csrk, persistent);
				1083	}
				1084
				1085	if (smp->slave_csrk) {
				1086	smp->slave_csrk->bdaddr_type = hcon->dst_type;
				1087	bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
				1088	mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
				1089	}
				1090
				1091	if (smp->ltk) {
				1092	smp->ltk->bdaddr_type = hcon->dst_type;
				1093	bacpy(&smp->ltk->bdaddr, &hcon->dst);
				1094	mgmt_new_ltk(hdev, smp->ltk, persistent);
				1095	}
				1096
				1097	if (smp->slave_ltk) {
				1098	smp->slave_ltk->bdaddr_type = hcon->dst_type;
				1099	bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
				1100	mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
				1101	}
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1102
				1103	if (smp->link_key) {
Johan Hedberg	e3befab	2014-06-01 16:33:39 +0300	[diff] [blame]	1104	struct link_key *key;
				1105	u8 type;
				1106
				1107	if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
				1108	type = HCI_LK_DEBUG_COMBINATION;
				1109	else if (hcon->sec_level == BT_SECURITY_FIPS)
				1110	type = HCI_LK_AUTH_COMBINATION_P256;
				1111	else
				1112	type = HCI_LK_UNAUTH_COMBINATION_P256;
				1113
				1114	key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
				1115	smp->link_key, type, 0, &persistent);
				1116	if (key) {
				1117	mgmt_new_link_key(hdev, key, persistent);
				1118
				1119	/* Don't keep debug keys around if the relevant
				1120	* flag is not set.
				1121	*/
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1122	if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
Johan Hedberg	e3befab	2014-06-01 16:33:39 +0300	[diff] [blame]	1123	key->type == HCI_LK_DEBUG_COMBINATION) {
				1124	list_del_rcu(&key->list);
				1125	kfree_rcu(key, rcu);
				1126	}
				1127	}
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1128	}
				1129	}
				1130
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	1131	static void sc_add_ltk(struct smp_chan *smp)
				1132	{
				1133	struct hci_conn *hcon = smp->conn->hcon;
				1134	u8 key_type, auth;
				1135
				1136	if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
				1137	key_type = SMP_LTK_P256_DEBUG;
				1138	else
				1139	key_type = SMP_LTK_P256;
				1140
				1141	if (hcon->pending_sec_level == BT_SECURITY_FIPS)
				1142	auth = 1;
				1143	else
				1144	auth = 0;
				1145
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	1146	smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
				1147	key_type, auth, smp->tk, smp->enc_key_size,
				1148	0, 0);
				1149	}
				1150
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1151	static void sc_generate_link_key(struct smp_chan *smp)
				1152	{
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1153	/* From core spec. Spells out in ASCII as 'lebr'. */
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1154	const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
				1155
				1156	smp->link_key = kzalloc(16, GFP_KERNEL);
				1157	if (!smp->link_key)
				1158	return;
				1159
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1160	if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
				1161	/* SALT = 0x00000000000000000000000000000000746D7031 */
				1162	const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
				1163
				1164	if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
				1165	kzfree(smp->link_key);
				1166	smp->link_key = NULL;
				1167	return;
				1168	}
				1169	} else {
				1170	/* From core spec. Spells out in ASCII as 'tmp1'. */
				1171	const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
				1172
				1173	if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
				1174	kzfree(smp->link_key);
				1175	smp->link_key = NULL;
				1176	return;
				1177	}
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1178	}
				1179
				1180	if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
Marcel Holtmann	276812e	2015-03-16 01:10:18 -0700	[diff] [blame]	1181	kzfree(smp->link_key);
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1182	smp->link_key = NULL;
				1183	return;
				1184	}
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1185	}
				1186
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1187	static void smp_allow_key_dist(struct smp_chan *smp)
				1188	{
				1189	/* Allow the first expected phase 3 PDU. The rest of the PDUs
				1190	* will be allowed in each PDU handler to ensure we receive
				1191	* them in the correct order.
				1192	*/
				1193	if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
				1194	SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
				1195	else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
				1196	SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
				1197	else if (smp->remote_key_dist & SMP_DIST_SIGN)
				1198	SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
				1199	}
				1200
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1201	static void sc_generate_ltk(struct smp_chan *smp)
				1202	{
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1203	/* From core spec. Spells out in ASCII as 'brle'. */
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1204	const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
				1205	struct hci_conn *hcon = smp->conn->hcon;
				1206	struct hci_dev *hdev = hcon->hdev;
				1207	struct link_key *key;
				1208
				1209	key = hci_find_link_key(hdev, &hcon->dst);
				1210	if (!key) {
				1211	BT_ERR("%s No Link Key found to generate LTK", hdev->name);
				1212	return;
				1213	}
				1214
				1215	if (key->type == HCI_LK_DEBUG_COMBINATION)
				1216	set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
				1217
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1218	if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
				1219	/* SALT = 0x00000000000000000000000000000000746D7032 */
				1220	const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
				1221
				1222	if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
				1223	return;
				1224	} else {
				1225	/* From core spec. Spells out in ASCII as 'tmp2'. */
				1226	const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
				1227
				1228	if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
				1229	return;
				1230	}
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1231
				1232	if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
				1233	return;
				1234
				1235	sc_add_ltk(smp);
				1236	}
				1237
Johan Hedberg	d6268e8	2014-09-05 22:19:51 +0300	[diff] [blame]	1238	static void smp_distribute_keys(struct smp_chan *smp)
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1239	{
				1240	struct smp_cmd_pairing req, rsp;
Johan Hedberg	86d1407	2014-08-11 22:06:43 +0300	[diff] [blame]	1241	struct l2cap_conn *conn = smp->conn;
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1242	struct hci_conn *hcon = conn->hcon;
				1243	struct hci_dev *hdev = hcon->hdev;
				1244	__u8 *keydist;
				1245
				1246	BT_DBG("conn %p", conn);
				1247
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1248	rsp = (void *) &smp->prsp[1];
				1249
				1250	/* The responder sends its keys first */
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1251	if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
				1252	smp_allow_key_dist(smp);
Johan Hedberg	86d1407	2014-08-11 22:06:43 +0300	[diff] [blame]	1253	return;
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1254	}
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1255
				1256	req = (void *) &smp->preq[1];
				1257
				1258	if (hcon->out) {
				1259	keydist = &rsp->init_key_dist;
				1260	*keydist &= req->init_key_dist;
				1261	} else {
				1262	keydist = &rsp->resp_key_dist;
				1263	*keydist &= req->resp_key_dist;
				1264	}
				1265
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1266	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1267	if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1268	sc_generate_link_key(smp);
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1269	if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
				1270	sc_generate_ltk(smp);
Johan Hedberg	6a77083	2014-06-06 11:54:04 +0300	[diff] [blame]	1271
				1272	/* Clear the keys which are generated but not distributed */
				1273	*keydist &= ~SMP_SC_NO_DIST;
				1274	}
				1275
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1276	BT_DBG("keydist 0x%x", *keydist);
				1277
				1278	if (*keydist & SMP_DIST_ENC_KEY) {
				1279	struct smp_cmd_encrypt_info enc;
				1280	struct smp_cmd_master_ident ident;
				1281	struct smp_ltk *ltk;
				1282	u8 authenticated;
				1283	__le16 ediv;
				1284	__le64 rand;
				1285
Johan Hedberg	1fc62c5	2015-06-10 11:11:20 +0300	[diff] [blame]	1286	/* Make sure we generate only the significant amount of
				1287	* bytes based on the encryption key size, and set the rest
				1288	* of the value to zeroes.
				1289	*/
				1290	get_random_bytes(enc.ltk, smp->enc_key_size);
				1291	memset(enc.ltk + smp->enc_key_size, 0,
				1292	sizeof(enc.ltk) - smp->enc_key_size);
				1293
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1294	get_random_bytes(&ediv, sizeof(ediv));
				1295	get_random_bytes(&rand, sizeof(rand));
				1296
				1297	smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
				1298
				1299	authenticated = hcon->sec_level == BT_SECURITY_HIGH;
				1300	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
				1301	SMP_LTK_SLAVE, authenticated, enc.ltk,
				1302	smp->enc_key_size, ediv, rand);
				1303	smp->slave_ltk = ltk;
				1304
				1305	ident.ediv = ediv;
				1306	ident.rand = rand;
				1307
				1308	smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
				1309
				1310	*keydist &= ~SMP_DIST_ENC_KEY;
				1311	}
				1312
				1313	if (*keydist & SMP_DIST_ID_KEY) {
				1314	struct smp_cmd_ident_addr_info addrinfo;
				1315	struct smp_cmd_ident_info idinfo;
				1316
				1317	memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
				1318
				1319	smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
				1320
				1321	/* The hci_conn contains the local identity address
				1322	* after the connection has been established.
				1323	*
				1324	* This is true even when the connection has been
				1325	* established using a resolvable random address.
				1326	*/
				1327	bacpy(&addrinfo.bdaddr, &hcon->src);
				1328	addrinfo.addr_type = hcon->src_type;
				1329
				1330	smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
				1331	&addrinfo);
				1332
				1333	*keydist &= ~SMP_DIST_ID_KEY;
				1334	}
				1335
				1336	if (*keydist & SMP_DIST_SIGN) {
				1337	struct smp_cmd_sign_info sign;
				1338	struct smp_csrk *csrk;
				1339
				1340	/* Generate a new random key */
				1341	get_random_bytes(sign.csrk, sizeof(sign.csrk));
				1342
				1343	csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
				1344	if (csrk) {
Johan Hedberg	4cd3928	2015-02-27 10:11:13 +0200	[diff] [blame]	1345	if (hcon->sec_level > BT_SECURITY_MEDIUM)
				1346	csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
				1347	else
				1348	csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1349	memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
				1350	}
				1351	smp->slave_csrk = csrk;
				1352
				1353	smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
				1354
				1355	*keydist &= ~SMP_DIST_SIGN;
				1356	}
				1357
				1358	/* If there are still keys to be received wait for them */
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1359	if (smp->remote_key_dist & KEY_DIST_MASK) {
				1360	smp_allow_key_dist(smp);
Johan Hedberg	86d1407	2014-08-11 22:06:43 +0300	[diff] [blame]	1361	return;
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1362	}
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1363
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1364	set_bit(SMP_FLAG_COMPLETE, &smp->flags);
				1365	smp_notify_keys(conn);
				1366
				1367	smp_chan_destroy(conn);
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	1368	}
				1369
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	1370	static void smp_timeout(struct work_struct *work)
				1371	{
				1372	struct smp_chan *smp = container_of(work, struct smp_chan,
				1373	security_timer.work);
				1374	struct l2cap_conn *conn = smp->conn;
				1375
				1376	BT_DBG("conn %p", conn);
				1377
Johan Hedberg	1e91c29	2014-08-18 20:33:29 +0300	[diff] [blame]	1378	hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	1379	}
				1380
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1381	static struct smp_chan smp_chan_create(struct l2cap_conn conn)
				1382	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1383	struct l2cap_chan *chan = conn->smp;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1384	struct smp_chan *smp;
				1385
Marcel Holtmann	f156046	2013-10-13 05:43:25 -0700	[diff] [blame]	1386	smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1387	if (!smp)
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1388	return NULL;
				1389
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	1390	smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg	6a7bd10	2014-06-27 14:23:03 +0300	[diff] [blame]	1391	if (IS_ERR(smp->tfm_aes)) {
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	1392	BT_ERR("Unable to create AES crypto context");
Marcel Holtmann	276812e	2015-03-16 01:10:18 -0700	[diff] [blame]	1393	kzfree(smp);
Johan Hedberg	6a7bd10	2014-06-27 14:23:03 +0300	[diff] [blame]	1394	return NULL;
				1395	}
				1396
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	1397	smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Johan Hedberg	407cecf	2014-05-02 14:19:47 +0300	[diff] [blame]	1398	if (IS_ERR(smp->tfm_cmac)) {
				1399	BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	1400	crypto_free_cipher(smp->tfm_aes);
Marcel Holtmann	276812e	2015-03-16 01:10:18 -0700	[diff] [blame]	1401	kzfree(smp);
Johan Hedberg	407cecf	2014-05-02 14:19:47 +0300	[diff] [blame]	1402	return NULL;
				1403	}
				1404
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1405	smp->conn = conn;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1406	chan->data = smp;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1407
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	1408	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
				1409
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	1410	INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
				1411
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1412	hci_conn_hold(conn->hcon);
				1413
				1414	return smp;
				1415	}
				1416
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1417	static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
				1418	{
				1419	struct hci_conn *hcon = smp->conn->hcon;
				1420	u8 na, nb, a[7], b[7];
				1421
				1422	if (hcon->out) {
				1423	na = smp->prnd;
				1424	nb = smp->rrnd;
				1425	} else {
				1426	na = smp->rrnd;
				1427	nb = smp->prnd;
				1428	}
				1429
				1430	memcpy(a, &hcon->init_addr, 6);
				1431	memcpy(b, &hcon->resp_addr, 6);
				1432	a[6] = hcon->init_addr_type;
				1433	b[6] = hcon->resp_addr_type;
				1434
				1435	return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
				1436	}
				1437
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1438	static void sc_dhkey_check(struct smp_chan *smp)
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1439	{
				1440	struct hci_conn *hcon = smp->conn->hcon;
				1441	struct smp_cmd_dhkey_check check;
				1442	u8 a[7], b[7], local_addr, remote_addr;
				1443	u8 io_cap[3], r[16];
				1444
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1445	memcpy(a, &hcon->init_addr, 6);
				1446	memcpy(b, &hcon->resp_addr, 6);
				1447	a[6] = hcon->init_addr_type;
				1448	b[6] = hcon->resp_addr_type;
				1449
				1450	if (hcon->out) {
				1451	local_addr = a;
				1452	remote_addr = b;
				1453	memcpy(io_cap, &smp->preq[1], 3);
				1454	} else {
				1455	local_addr = b;
				1456	remote_addr = a;
				1457	memcpy(io_cap, &smp->prsp[1], 3);
				1458	}
				1459
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	1460	memset(r, 0, sizeof(r));
				1461
				1462	if (smp->method == REQ_PASSKEY \|\| smp->method == DSP_PASSKEY)
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1463	put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1464
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	1465	if (smp->method == REQ_OOB)
				1466	memcpy(r, smp->rr, 16);
				1467
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1468	smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
				1469	local_addr, remote_addr, check.e);
				1470
				1471	smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	1472	}
				1473
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1474	static u8 sc_passkey_send_confirm(struct smp_chan *smp)
				1475	{
				1476	struct l2cap_conn *conn = smp->conn;
				1477	struct hci_conn *hcon = conn->hcon;
				1478	struct smp_cmd_pairing_confirm cfm;
				1479	u8 r;
				1480
				1481	r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
				1482	r \|= 0x80;
				1483
				1484	get_random_bytes(smp->prnd, sizeof(smp->prnd));
				1485
				1486	if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
				1487	cfm.confirm_val))
				1488	return SMP_UNSPECIFIED;
				1489
				1490	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
				1491
				1492	return 0;
				1493	}
				1494
				1495	static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
				1496	{
				1497	struct l2cap_conn *conn = smp->conn;
				1498	struct hci_conn *hcon = conn->hcon;
				1499	struct hci_dev *hdev = hcon->hdev;
				1500	u8 cfm[16], r;
				1501
				1502	/* Ignore the PDU if we've already done 20 rounds (0 - 19) */
				1503	if (smp->passkey_round >= 20)
				1504	return 0;
				1505
				1506	switch (smp_op) {
				1507	case SMP_CMD_PAIRING_RANDOM:
				1508	r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
				1509	r \|= 0x80;
				1510
				1511	if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
				1512	smp->rrnd, r, cfm))
				1513	return SMP_UNSPECIFIED;
				1514
				1515	if (memcmp(smp->pcnf, cfm, 16))
				1516	return SMP_CONFIRM_FAILED;
				1517
				1518	smp->passkey_round++;
				1519
				1520	if (smp->passkey_round == 20) {
				1521	/* Generate MacKey and LTK */
				1522	if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
				1523	return SMP_UNSPECIFIED;
				1524	}
				1525
				1526	/* The round is only complete when the initiator
				1527	* receives pairing random.
				1528	*/
				1529	if (!hcon->out) {
				1530	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
				1531	sizeof(smp->prnd), smp->prnd);
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	1532	if (smp->passkey_round == 20)
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1533	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	1534	else
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1535	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1536	return 0;
				1537	}
				1538
				1539	/* Start the next round */
				1540	if (smp->passkey_round != 20)
				1541	return sc_passkey_round(smp, 0);
				1542
				1543	/* Passkey rounds are complete - start DHKey Check */
				1544	sc_dhkey_check(smp);
				1545	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
				1546
				1547	break;
				1548
				1549	case SMP_CMD_PAIRING_CONFIRM:
				1550	if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
				1551	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
				1552	return 0;
				1553	}
				1554
				1555	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				1556
				1557	if (hcon->out) {
				1558	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
				1559	sizeof(smp->prnd), smp->prnd);
				1560	return 0;
				1561	}
				1562
				1563	return sc_passkey_send_confirm(smp);
				1564
				1565	case SMP_CMD_PUBLIC_KEY:
				1566	default:
				1567	/* Initiating device starts the round */
				1568	if (!hcon->out)
				1569	return 0;
				1570
				1571	BT_DBG("%s Starting passkey round %u", hdev->name,
				1572	smp->passkey_round + 1);
				1573
				1574	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				1575
				1576	return sc_passkey_send_confirm(smp);
				1577	}
				1578
				1579	return 0;
				1580	}
				1581
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	1582	static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
				1583	{
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1584	struct l2cap_conn *conn = smp->conn;
				1585	struct hci_conn *hcon = conn->hcon;
				1586	u8 smp_op;
				1587
				1588	clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
				1589
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	1590	switch (mgmt_op) {
				1591	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
				1592	smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
				1593	return 0;
				1594	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
				1595	smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
				1596	return 0;
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	1597	case MGMT_OP_USER_PASSKEY_REPLY:
				1598	hcon->passkey_notify = le32_to_cpu(passkey);
				1599	smp->passkey_round = 0;
				1600
				1601	if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
				1602	smp_op = SMP_CMD_PAIRING_CONFIRM;
				1603	else
				1604	smp_op = 0;
				1605
				1606	if (sc_passkey_round(smp, smp_op))
				1607	return -EIO;
				1608
				1609	return 0;
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	1610	}
				1611
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	1612	/* Initiator sends DHKey check first */
				1613	if (hcon->out) {
				1614	sc_dhkey_check(smp);
				1615	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
				1616	} else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
				1617	sc_dhkey_check(smp);
				1618	sc_add_ltk(smp);
				1619	}
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1620
				1621	return 0;
				1622	}
				1623
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1624	int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
				1625	{
Johan Hedberg	b10e801	2014-06-27 14:23:07 +0300	[diff] [blame]	1626	struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1627	struct l2cap_chan *chan;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1628	struct smp_chan *smp;
				1629	u32 value;
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1630	int err;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1631
				1632	BT_DBG("");
				1633
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1634	if (!conn)
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1635	return -ENOTCONN;
				1636
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1637	chan = conn->smp;
				1638	if (!chan)
				1639	return -ENOTCONN;
				1640
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1641	l2cap_chan_lock(chan);
				1642	if (!chan->data) {
				1643	err = -ENOTCONN;
				1644	goto unlock;
				1645	}
				1646
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1647	smp = chan->data;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1648
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	1649	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
				1650	err = sc_user_reply(smp, mgmt_op, passkey);
				1651	goto unlock;
				1652	}
				1653
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1654	switch (mgmt_op) {
				1655	case MGMT_OP_USER_PASSKEY_REPLY:
				1656	value = le32_to_cpu(passkey);
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	1657	memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1658	BT_DBG("PassKey: %d", value);
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	1659	put_unaligned_le32(value, smp->tk);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1660	/* Fall Through */
				1661	case MGMT_OP_USER_CONFIRM_REPLY:
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	1662	set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1663	break;
				1664	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
				1665	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
Johan Hedberg	84794e1	2013-11-06 11:24:57 +0200	[diff] [blame]	1666	smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1667	err = 0;
				1668	goto unlock;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1669	default:
Johan Hedberg	84794e1	2013-11-06 11:24:57 +0200	[diff] [blame]	1670	smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1671	err = -EOPNOTSUPP;
				1672	goto unlock;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1673	}
				1674
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1675	err = 0;
				1676
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1677	/* If it is our turn to send Pairing Confirm, do so now */
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	1678	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
				1679	u8 rsp = smp_confirm(smp);
				1680	if (rsp)
				1681	smp_failure(conn, rsp);
				1682	}
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1683
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1684	unlock:
				1685	l2cap_chan_unlock(chan);
				1686	return err;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1687	}
				1688
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1689	static void build_bredr_pairing_cmd(struct smp_chan *smp,
				1690	struct smp_cmd_pairing *req,
				1691	struct smp_cmd_pairing *rsp)
				1692	{
				1693	struct l2cap_conn *conn = smp->conn;
				1694	struct hci_dev *hdev = conn->hcon->hdev;
				1695	u8 local_dist = 0, remote_dist = 0;
				1696
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1697	if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1698	local_dist = SMP_DIST_ENC_KEY \| SMP_DIST_SIGN;
				1699	remote_dist = SMP_DIST_ENC_KEY \| SMP_DIST_SIGN;
				1700	}
				1701
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1702	if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1703	remote_dist \|= SMP_DIST_ID_KEY;
				1704
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1705	if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1706	local_dist \|= SMP_DIST_ID_KEY;
				1707
				1708	if (!rsp) {
				1709	memset(req, 0, sizeof(*req));
				1710
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1711	req->auth_req = SMP_AUTH_CT2;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1712	req->init_key_dist = local_dist;
				1713	req->resp_key_dist = remote_dist;
Johan Hedberg	e3f6a25	2015-06-11 13:52:30 +0300	[diff] [blame]	1714	req->max_key_size = conn->hcon->enc_key_size;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1715
				1716	smp->remote_key_dist = remote_dist;
				1717
				1718	return;
				1719	}
				1720
				1721	memset(rsp, 0, sizeof(*rsp));
				1722
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1723	rsp->auth_req = SMP_AUTH_CT2;
Johan Hedberg	e3f6a25	2015-06-11 13:52:30 +0300	[diff] [blame]	1724	rsp->max_key_size = conn->hcon->enc_key_size;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1725	rsp->init_key_dist = req->init_key_dist & remote_dist;
				1726	rsp->resp_key_dist = req->resp_key_dist & local_dist;
				1727
				1728	smp->remote_key_dist = rsp->init_key_dist;
				1729	}
				1730
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	1731	static u8 smp_cmd_pairing_req(struct l2cap_conn conn, struct sk_buff skb)
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1732	{
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1733	struct smp_cmd_pairing rsp, req = (void ) skb->data;
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1734	struct l2cap_chan *chan = conn->smp;
Johan Hedberg	b3c6410	2014-07-10 11:02:07 +0300	[diff] [blame]	1735	struct hci_dev *hdev = conn->hcon->hdev;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1736	struct smp_chan *smp;
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	1737	u8 key_size, auth, sec_level;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1738	int ret;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1739
				1740	BT_DBG("conn %p", conn);
				1741
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	1742	if (skb->len < sizeof(*req))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	1743	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	1744
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	1745	if (conn->hcon->role != HCI_ROLE_SLAVE)
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1746	return SMP_CMD_NOTSUPP;
				1747
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1748	if (!chan->data)
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1749	smp = smp_chan_create(conn);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	1750	else
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1751	smp = chan->data;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1752
Andrei Emeltchenko	d08fd0e	2012-07-19 17:03:43 +0300	[diff] [blame]	1753	if (!smp)
				1754	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	1755
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	1756	/* We didn't start the pairing, so match remote */
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	1757	auth = req->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	1758
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1759	if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	1760	(auth & SMP_AUTH_BONDING))
Johan Hedberg	b3c6410	2014-07-10 11:02:07 +0300	[diff] [blame]	1761	return SMP_PAIRING_NOTSUPP;
				1762
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1763	if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg	903b71c	2014-09-08 16:59:18 -0700	[diff] [blame]	1764	return SMP_AUTH_REQUIREMENTS;
				1765
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	1766	smp->preq[0] = SMP_CMD_PAIRING_REQ;
				1767	memcpy(&smp->preq[1], req, sizeof(*req));
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1768	skb_pull(skb, sizeof(*req));
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1769
Johan Hedberg	cb06d36	2015-03-16 21:12:34 +0200	[diff] [blame]	1770	/* If the remote side's OOB flag is set it means it has
				1771	* successfully received our local OOB data - therefore set the
				1772	* flag to indicate that local OOB is in use.
				1773	*/
Johan Hedberg	5842856	2015-03-16 11:45:45 +0200	[diff] [blame]	1774	if (req->oob_flag == SMP_OOB_PRESENT)
				1775	set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
				1776
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1777	/* SMP over BR/EDR requires special treatment */
				1778	if (conn->hcon->type == ACL_LINK) {
				1779	/* We must have a BR/EDR SC link */
Marcel Holtmann	08f63cc	2014-12-07 16:19:12 +0100	[diff] [blame]	1780	if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
Marcel Holtmann	b7cb93e	2015-03-13 10:20:35 -0700	[diff] [blame]	1781	!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1782	return SMP_CROSS_TRANSP_NOT_ALLOWED;
				1783
				1784	set_bit(SMP_FLAG_SC, &smp->flags);
				1785
				1786	build_bredr_pairing_cmd(smp, req, &rsp);
				1787
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1788	if (req->auth_req & SMP_AUTH_CT2)
				1789	set_bit(SMP_FLAG_CT2, &smp->flags);
				1790
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1791	key_size = min(req->max_key_size, rsp.max_key_size);
				1792	if (check_enc_key_size(conn, key_size))
				1793	return SMP_ENC_KEY_SIZE;
				1794
				1795	/* Clear bits which are generated but not distributed */
				1796	smp->remote_key_dist &= ~SMP_SC_NO_DIST;
				1797
				1798	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
				1799	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
				1800	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
				1801
				1802	smp_distribute_keys(smp);
				1803	return 0;
				1804	}
				1805
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	1806	build_pairing_cmd(conn, req, &rsp, auth);
				1807
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1808	if (rsp.auth_req & SMP_AUTH_SC) {
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	1809	set_bit(SMP_FLAG_SC, &smp->flags);
				1810
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1811	if (rsp.auth_req & SMP_AUTH_CT2)
				1812	set_bit(SMP_FLAG_CT2, &smp->flags);
				1813	}
				1814
Johan Hedberg	5be5e27	2014-09-10 17:58:54 -0700	[diff] [blame]	1815	if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg	1afc2a1	2014-09-10 17:37:44 -0700	[diff] [blame]	1816	sec_level = BT_SECURITY_MEDIUM;
				1817	else
				1818	sec_level = authreq_to_seclevel(auth);
				1819
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	1820	if (sec_level > conn->hcon->pending_sec_level)
				1821	conn->hcon->pending_sec_level = sec_level;
Ido Yariv	fdde0a2	2012-03-05 20:09:38 +0200	[diff] [blame]	1822
Stephen Hemminger	49c922b	2014-10-27 21:12:20 -0700	[diff] [blame]	1823	/* If we need MITM check that it can be achieved */
Johan Hedberg	2ed8f65	2014-06-17 13:07:39 +0300	[diff] [blame]	1824	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
				1825	u8 method;
				1826
				1827	method = get_auth_method(smp, conn->hcon->io_capability,
				1828	req->io_capability);
				1829	if (method == JUST_WORKS \|\| method == JUST_CFM)
				1830	return SMP_AUTH_REQUIREMENTS;
				1831	}
				1832
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1833	key_size = min(req->max_key_size, rsp.max_key_size);
				1834	if (check_enc_key_size(conn, key_size))
				1835	return SMP_ENC_KEY_SIZE;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1836
Johan Hedberg	e84a6b1	2013-12-02 10:49:03 +0200	[diff] [blame]	1837	get_random_bytes(smp->prnd, sizeof(smp->prnd));
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	1838
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	1839	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
				1840	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
Anderson Briglia	f01ead3	2011-06-09 18:50:45 -0300	[diff] [blame]	1841
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1842	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1843
				1844	clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
				1845
Johan Hedberg	19c5ce9	2015-03-15 19:34:04 +0200	[diff] [blame]	1846	/* Strictly speaking we shouldn't allow Pairing Confirm for the
				1847	* SC case, however some implementations incorrectly copy RFU auth
				1848	* req bits from our security request, which may create a false
				1849	* positive SC enablement.
				1850	*/
				1851	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				1852
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1853	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
				1854	SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
				1855	/* Clear bits which are generated but not distributed */
				1856	smp->remote_key_dist &= ~SMP_SC_NO_DIST;
				1857	/* Wait for Public Key from Initiating Device */
				1858	return 0;
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1859	}
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	1860
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1861	/* Request setup of TK */
				1862	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
				1863	if (ret)
				1864	return SMP_UNSPECIFIED;
				1865
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	1866	return 0;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1867	}
				1868
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1869	static u8 sc_send_public_key(struct smp_chan *smp)
				1870	{
Johan Hedberg	70157ef	2014-06-24 15:22:59 +0300	[diff] [blame]	1871	struct hci_dev *hdev = smp->conn->hcon->hdev;
				1872
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1873	BT_DBG("");
				1874
Johan Hedberg	1a8bab4	2015-03-16 11:45:44 +0200	[diff] [blame]	1875	if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
Marcel Holtmann	33d0c03	2015-03-16 01:10:24 -0700	[diff] [blame]	1876	struct l2cap_chan *chan = hdev->smp_data;
				1877	struct smp_dev *smp_dev;
				1878
				1879	if (!chan \|\| !chan->data)
				1880	return SMP_UNSPECIFIED;
				1881
				1882	smp_dev = chan->data;
				1883
				1884	memcpy(smp->local_pk, smp_dev->local_pk, 64);
				1885	memcpy(smp->local_sk, smp_dev->local_sk, 32);
Marcel Holtmann	fb334fe	2015-03-16 12:34:57 -0700	[diff] [blame]	1886	memcpy(smp->lr, smp_dev->local_rand, 16);
Marcel Holtmann	33d0c03	2015-03-16 01:10:24 -0700	[diff] [blame]	1887
				1888	if (smp_dev->debug_key)
				1889	set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
				1890
				1891	goto done;
				1892	}
				1893
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1894	if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
Johan Hedberg	70157ef	2014-06-24 15:22:59 +0300	[diff] [blame]	1895	BT_DBG("Using debug keys");
				1896	memcpy(smp->local_pk, debug_pk, 64);
				1897	memcpy(smp->local_sk, debug_sk, 32);
				1898	set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
				1899	} else {
				1900	while (true) {
Marcel Holtmann	71653eb	2017-04-30 06:51:41 -0700	[diff] [blame]	1901	/* Seed private key with random number */
				1902	get_random_bytes(smp->local_sk, 32);
				1903
Johan Hedberg	70157ef	2014-06-24 15:22:59 +0300	[diff] [blame]	1904	/* Generate local key pair for Secure Connections */
Salvatore Benedetto	58771c1c	2017-04-24 13:13:20 +0100	[diff] [blame]	1905	if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
Johan Hedberg	70157ef	2014-06-24 15:22:59 +0300	[diff] [blame]	1906	return SMP_UNSPECIFIED;
Johan Hedberg	6c0dcc5	2014-06-06 15:33:30 +0300	[diff] [blame]	1907
Johan Hedberg	70157ef	2014-06-24 15:22:59 +0300	[diff] [blame]	1908	/* This is unlikely, but we need to check that
				1909	* we didn't accidentially generate a debug key.
				1910	*/
				1911	if (memcmp(smp->local_sk, debug_sk, 32))
				1912	break;
				1913	}
Johan Hedberg	6c0dcc5	2014-06-06 15:33:30 +0300	[diff] [blame]	1914	}
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1915
Marcel Holtmann	33d0c03	2015-03-16 01:10:24 -0700	[diff] [blame]	1916	done:
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	1917	SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
Marcel Holtmann	8e4e2ee	2015-03-16 01:10:25 -0700	[diff] [blame]	1918	SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	1919	SMP_DBG("Local Private Key: %32phN", smp->local_sk);
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	1920
				1921	smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
				1922
				1923	return 0;
				1924	}
				1925
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	1926	static u8 smp_cmd_pairing_rsp(struct l2cap_conn conn, struct sk_buff skb)
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1927	{
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1928	struct smp_cmd_pairing req, rsp = (void *) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	1929	struct l2cap_chan *chan = conn->smp;
				1930	struct smp_chan *smp = chan->data;
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	1931	struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg	3a7dbfb	2014-09-10 17:37:41 -0700	[diff] [blame]	1932	u8 key_size, auth;
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	1933	int ret;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	1934
				1935	BT_DBG("conn %p", conn);
				1936
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	1937	if (skb->len < sizeof(*rsp))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	1938	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	1939
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	1940	if (conn->hcon->role != HCI_ROLE_MASTER)
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	1941	return SMP_CMD_NOTSUPP;
				1942
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1943	skb_pull(skb, sizeof(*rsp));
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	1944
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	1945	req = (void *) &smp->preq[1];
Vinicius Costa Gomes	3158c50	2011-06-14 13:37:42 -0300	[diff] [blame]	1946
				1947	key_size = min(req->max_key_size, rsp->max_key_size);
				1948	if (check_enc_key_size(conn, key_size))
				1949	return SMP_ENC_KEY_SIZE;
				1950
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	1951	auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	1952
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	1953	if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg	903b71c	2014-09-08 16:59:18 -0700	[diff] [blame]	1954	return SMP_AUTH_REQUIREMENTS;
				1955
Johan Hedberg	cb06d36	2015-03-16 21:12:34 +0200	[diff] [blame]	1956	/* If the remote side's OOB flag is set it means it has
				1957	* successfully received our local OOB data - therefore set the
				1958	* flag to indicate that local OOB is in use.
				1959	*/
Johan Hedberg	5842856	2015-03-16 11:45:45 +0200	[diff] [blame]	1960	if (rsp->oob_flag == SMP_OOB_PRESENT)
				1961	set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
				1962
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1963	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
				1964	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
				1965
				1966	/* Update remote key distribution in case the remote cleared
				1967	* some bits that we had enabled in our request.
				1968	*/
				1969	smp->remote_key_dist &= rsp->resp_key_dist;
				1970
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	1971	if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2))
				1972	set_bit(SMP_FLAG_CT2, &smp->flags);
				1973
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	1974	/* For BR/EDR this means we're done and can start phase 3 */
				1975	if (conn->hcon->type == ACL_LINK) {
				1976	/* Clear bits which are generated but not distributed */
				1977	smp->remote_key_dist &= ~SMP_SC_NO_DIST;
				1978	smp_distribute_keys(smp);
				1979	return 0;
				1980	}
				1981
Johan Hedberg	6566877	2014-05-16 11:03:34 +0300	[diff] [blame]	1982	if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
				1983	set_bit(SMP_FLAG_SC, &smp->flags);
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	1984	else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
				1985	conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
Johan Hedberg	6566877	2014-05-16 11:03:34 +0300	[diff] [blame]	1986
Stephen Hemminger	49c922b	2014-10-27 21:12:20 -0700	[diff] [blame]	1987	/* If we need MITM check that it can be achieved */
Johan Hedberg	2ed8f65	2014-06-17 13:07:39 +0300	[diff] [blame]	1988	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
				1989	u8 method;
				1990
				1991	method = get_auth_method(smp, req->io_capability,
				1992	rsp->io_capability);
				1993	if (method == JUST_WORKS \|\| method == JUST_CFM)
				1994	return SMP_AUTH_REQUIREMENTS;
				1995	}
				1996
Johan Hedberg	e84a6b1	2013-12-02 10:49:03 +0200	[diff] [blame]	1997	get_random_bytes(smp->prnd, sizeof(smp->prnd));
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	1998
Johan Hedberg	fdcc4be	2014-03-14 10:53:50 +0200	[diff] [blame]	1999	/* Update remote key distribution in case the remote cleared
				2000	* some bits that we had enabled in our request.
				2001	*/
				2002	smp->remote_key_dist &= rsp->resp_key_dist;
				2003
Johan Hedberg	3b19146	2014-06-06 10:50:15 +0300	[diff] [blame]	2004	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
				2005	/* Clear bits which are generated but not distributed */
				2006	smp->remote_key_dist &= ~SMP_SC_NO_DIST;
				2007	SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
				2008	return sc_send_public_key(smp);
				2009	}
				2010
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	2011	auth \|= req->auth_req;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2012
Johan Hedberg	476585e	2012-06-06 18:54:15 +0800	[diff] [blame]	2013	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2014	if (ret)
				2015	return SMP_UNSPECIFIED;
				2016
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	2017	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2018
				2019	/* Can't compose response until we have been confirmed */
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	2020	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	2021	return smp_confirm(smp);
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2022
				2023	return 0;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2024	}
				2025
Johan Hedberg	dcee2b3	2014-06-06 11:36:38 +0300	[diff] [blame]	2026	static u8 sc_check_confirm(struct smp_chan *smp)
				2027	{
				2028	struct l2cap_conn *conn = smp->conn;
				2029
				2030	BT_DBG("");
				2031
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2032	if (smp->method == REQ_PASSKEY \|\| smp->method == DSP_PASSKEY)
				2033	return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
				2034
Johan Hedberg	dcee2b3	2014-06-06 11:36:38 +0300	[diff] [blame]	2035	if (conn->hcon->out) {
				2036	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
				2037	smp->prnd);
				2038	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				2039	}
				2040
				2041	return 0;
				2042	}
				2043
Johan Hedberg	19c5ce9	2015-03-15 19:34:04 +0200	[diff] [blame]	2044	/* Work-around for some implementations that incorrectly copy RFU bits
				2045	* from our security request and thereby create the impression that
				2046	* we're doing SC when in fact the remote doesn't support it.
				2047	*/
				2048	static int fixup_sc_false_positive(struct smp_chan *smp)
				2049	{
				2050	struct l2cap_conn *conn = smp->conn;
				2051	struct hci_conn *hcon = conn->hcon;
				2052	struct hci_dev *hdev = hcon->hdev;
				2053	struct smp_cmd_pairing req, rsp;
				2054	u8 auth;
				2055
				2056	/* The issue is only observed when we're in slave role */
				2057	if (hcon->out)
				2058	return SMP_UNSPECIFIED;
				2059
				2060	if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
				2061	BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
				2062	return SMP_UNSPECIFIED;
				2063	}
				2064
				2065	BT_ERR("Trying to fall back to legacy SMP");
				2066
				2067	req = (void *) &smp->preq[1];
				2068	rsp = (void *) &smp->prsp[1];
				2069
				2070	/* Rebuild key dist flags which may have been cleared for SC */
				2071	smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
				2072
				2073	auth = req->auth_req & AUTH_REQ_MASK(hdev);
				2074
				2075	if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
				2076	BT_ERR("Failed to fall back to legacy SMP");
				2077	return SMP_UNSPECIFIED;
				2078	}
				2079
				2080	clear_bit(SMP_FLAG_SC, &smp->flags);
				2081
				2082	return 0;
				2083	}
				2084
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2085	static u8 smp_cmd_pairing_confirm(struct l2cap_conn conn, struct sk_buff skb)
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2086	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2087	struct l2cap_chan *chan = conn->smp;
				2088	struct smp_chan *smp = chan->data;
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	2089
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2090	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
				2091
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2092	if (skb->len < sizeof(smp->pcnf))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2093	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2094
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	2095	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
				2096	skb_pull(skb, sizeof(smp->pcnf));
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	2097
Johan Hedberg	19c5ce9	2015-03-15 19:34:04 +0200	[diff] [blame]	2098	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
				2099	int ret;
				2100
				2101	/* Public Key exchange must happen before any other steps */
				2102	if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
				2103	return sc_check_confirm(smp);
				2104
				2105	BT_ERR("Unexpected SMP Pairing Confirm");
				2106
				2107	ret = fixup_sc_false_positive(smp);
				2108	if (ret)
				2109	return ret;
				2110	}
Johan Hedberg	dcee2b3	2014-06-06 11:36:38 +0300	[diff] [blame]	2111
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2112	if (conn->hcon->out) {
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	2113	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
				2114	smp->prnd);
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2115	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				2116	return 0;
				2117	}
				2118
				2119	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg	1cc6114	2014-05-20 09:45:52 +0300	[diff] [blame]	2120	return smp_confirm(smp);
Marcel Holtmann	983f981	2015-03-11 17:47:40 -0700	[diff] [blame]	2121
				2122	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2123
				2124	return 0;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2125	}
				2126
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2127	static u8 smp_cmd_pairing_random(struct l2cap_conn conn, struct sk_buff skb)
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2128	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2129	struct l2cap_chan *chan = conn->smp;
				2130	struct smp_chan *smp = chan->data;
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2131	struct hci_conn *hcon = conn->hcon;
				2132	u8 pkax, pkbx, na, nb;
				2133	u32 passkey;
				2134	int err;
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	2135
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	2136	BT_DBG("conn %p", conn);
Anderson Briglia	7d24ddc	2011-06-09 18:50:46 -0300	[diff] [blame]	2137
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2138	if (skb->len < sizeof(smp->rrnd))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2139	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2140
Johan Hedberg	943a732	2014-03-18 12:58:24 +0200	[diff] [blame]	2141	memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	2142	skb_pull(skb, sizeof(smp->rrnd));
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2143
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2144	if (!test_bit(SMP_FLAG_SC, &smp->flags))
				2145	return smp_random(smp);
				2146
Johan Hedberg	580039e	2014-12-03 16:26:37 +0200	[diff] [blame]	2147	if (hcon->out) {
				2148	pkax = smp->local_pk;
				2149	pkbx = smp->remote_pk;
				2150	na = smp->prnd;
				2151	nb = smp->rrnd;
				2152	} else {
				2153	pkax = smp->remote_pk;
				2154	pkbx = smp->local_pk;
				2155	na = smp->rrnd;
				2156	nb = smp->prnd;
				2157	}
				2158
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	2159	if (smp->method == REQ_OOB) {
				2160	if (!hcon->out)
				2161	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
				2162	sizeof(smp->prnd), smp->prnd);
				2163	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
				2164	goto mackey_and_ltk;
				2165	}
				2166
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2167	/* Passkey entry has special treatment */
				2168	if (smp->method == REQ_PASSKEY \|\| smp->method == DSP_PASSKEY)
				2169	return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
				2170
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2171	if (hcon->out) {
				2172	u8 cfm[16];
				2173
				2174	err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
				2175	smp->rrnd, 0, cfm);
				2176	if (err)
				2177	return SMP_UNSPECIFIED;
				2178
				2179	if (memcmp(smp->pcnf, cfm, 16))
				2180	return SMP_CONFIRM_FAILED;
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2181	} else {
				2182	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
				2183	smp->prnd);
				2184	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2185	}
				2186
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	2187	mackey_and_ltk:
Johan Hedberg	760b018	2014-06-06 11:44:05 +0300	[diff] [blame]	2188	/* Generate MacKey and LTK */
				2189	err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
				2190	if (err)
				2191	return SMP_UNSPECIFIED;
				2192
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	2193	if (smp->method == JUST_WORKS \|\| smp->method == REQ_OOB) {
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	2194	if (hcon->out) {
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2195	sc_dhkey_check(smp);
Johan Hedberg	dddd305	2014-06-01 15:38:09 +0300	[diff] [blame]	2196	SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
				2197	}
				2198	return 0;
				2199	}
				2200
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2201	err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2202	if (err)
				2203	return SMP_UNSPECIFIED;
				2204
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2205	err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
				2206	hcon->dst_type, passkey, 0);
				2207	if (err)
				2208	return SMP_UNSPECIFIED;
				2209
				2210	set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
				2211
Johan Hedberg	191dc7f	2014-06-06 11:39:49 +0300	[diff] [blame]	2212	return 0;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2213	}
				2214
Marcel Holtmann	f81cd82	2014-07-01 10:59:24 +0200	[diff] [blame]	2215	static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2216	{
Vinicius Costa Gomes	c9839a1	2012-02-02 21:08:01 -0300	[diff] [blame]	2217	struct smp_ltk *key;
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2218	struct hci_conn *hcon = conn->hcon;
				2219
Johan Hedberg	f3a73d9	2014-05-29 15:02:59 +0300	[diff] [blame]	2220	key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2221	if (!key)
Marcel Holtmann	f81cd82	2014-07-01 10:59:24 +0200	[diff] [blame]	2222	return false;
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2223
Johan Hedberg	a6f7833	2014-09-10 17:37:45 -0700	[diff] [blame]	2224	if (smp_ltk_sec_level(key) < sec_level)
Marcel Holtmann	f81cd82	2014-07-01 10:59:24 +0200	[diff] [blame]	2225	return false;
Johan Hedberg	4dab786	2012-06-07 14:58:37 +0800	[diff] [blame]	2226
Johan Hedberg	51a8efd	2012-01-16 06:10:31 +0200	[diff] [blame]	2227	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
Marcel Holtmann	f81cd82	2014-07-01 10:59:24 +0200	[diff] [blame]	2228	return true;
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2229
Johan Hedberg	8b76ce3	2015-06-08 18:14:39 +0300	[diff] [blame]	2230	hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
Vinicius Costa Gomes	c9839a1	2012-02-02 21:08:01 -0300	[diff] [blame]	2231	hcon->enc_key_size = key->enc_size;
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2232
Johan Hedberg	fe59a05	2014-07-01 19:14:12 +0300	[diff] [blame]	2233	/* We never store STKs for master role, so clear this flag */
				2234	clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
				2235
Marcel Holtmann	f81cd82	2014-07-01 10:59:24 +0200	[diff] [blame]	2236	return true;
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2237	}
Marcel Holtmann	f156046	2013-10-13 05:43:25 -0700	[diff] [blame]	2238
Johan Hedberg	35dc6f8	2014-11-13 10:55:18 +0200	[diff] [blame]	2239	bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
				2240	enum smp_key_pref key_pref)
Johan Hedberg	854f472	2014-07-01 18:40:20 +0300	[diff] [blame]	2241	{
				2242	if (sec_level == BT_SECURITY_LOW)
				2243	return true;
				2244
Johan Hedberg	35dc6f8	2014-11-13 10:55:18 +0200	[diff] [blame]	2245	/* If we're encrypted with an STK but the caller prefers using
				2246	* LTK claim insufficient security. This way we allow the
				2247	* connection to be re-encrypted with an LTK, even if the LTK
				2248	* provides the same level of security. Only exception is if we
				2249	* don't have an LTK (e.g. because of key distribution bits).
Johan Hedberg	9ab65d60	2014-07-01 19:14:13 +0300	[diff] [blame]	2250	*/
Johan Hedberg	35dc6f8	2014-11-13 10:55:18 +0200	[diff] [blame]	2251	if (key_pref == SMP_USE_LTK &&
				2252	test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
Johan Hedberg	f3a73d9	2014-05-29 15:02:59 +0300	[diff] [blame]	2253	hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
Johan Hedberg	9ab65d60	2014-07-01 19:14:13 +0300	[diff] [blame]	2254	return false;
				2255
Johan Hedberg	854f472	2014-07-01 18:40:20 +0300	[diff] [blame]	2256	if (hcon->sec_level >= sec_level)
				2257	return true;
				2258
				2259	return false;
				2260	}
				2261
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2262	static u8 smp_cmd_security_req(struct l2cap_conn conn, struct sk_buff skb)
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2263	{
				2264	struct smp_cmd_security_req rp = (void ) skb->data;
				2265	struct smp_cmd_pairing cp;
Vinicius Costa Gomes	f1cb9af	2011-01-26 21:42:57 -0300	[diff] [blame]	2266	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	2267	struct hci_dev *hdev = hcon->hdev;
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	2268	struct smp_chan *smp;
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	2269	u8 sec_level, auth;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2270
				2271	BT_DBG("conn %p", conn);
				2272
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2273	if (skb->len < sizeof(*rp))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2274	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2275
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	2276	if (hcon->role != HCI_ROLE_MASTER)
Johan Hedberg	86ca9ea	2013-11-05 11:30:39 +0200	[diff] [blame]	2277	return SMP_CMD_NOTSUPP;
				2278
Johan Hedberg	0edb14d	2014-05-26 13:29:28 +0300	[diff] [blame]	2279	auth = rp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	2280
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2281	if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg	903b71c	2014-09-08 16:59:18 -0700	[diff] [blame]	2282	return SMP_AUTH_REQUIREMENTS;
				2283
Johan Hedberg	5be5e27	2014-09-10 17:58:54 -0700	[diff] [blame]	2284	if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg	1afc2a1	2014-09-10 17:37:44 -0700	[diff] [blame]	2285	sec_level = BT_SECURITY_MEDIUM;
				2286	else
				2287	sec_level = authreq_to_seclevel(auth);
				2288
Johan Hedberg	35dc6f8	2014-11-13 10:55:18 +0200	[diff] [blame]	2289	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Johan Hedberg	854f472	2014-07-01 18:40:20 +0300	[diff] [blame]	2290	return 0;
				2291
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	2292	if (sec_level > hcon->pending_sec_level)
				2293	hcon->pending_sec_level = sec_level;
Vinicius Costa Gomes	feb45eb	2011-08-25 20:02:35 -0300	[diff] [blame]	2294
Johan Hedberg	4dab786	2012-06-07 14:58:37 +0800	[diff] [blame]	2295	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
Vinicius Costa Gomes	988c599	2011-08-25 20:02:28 -0300	[diff] [blame]	2296	return 0;
				2297
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	2298	smp = smp_chan_create(conn);
Johan Hedberg	c29d244	2014-06-16 19:25:14 +0300	[diff] [blame]	2299	if (!smp)
				2300	return SMP_UNSPECIFIED;
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	2301
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2302	if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	2303	(auth & SMP_AUTH_BONDING))
Johan Hedberg	616d55b	2014-07-29 14:18:48 +0300	[diff] [blame]	2304	return SMP_PAIRING_NOTSUPP;
				2305
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2306	skb_pull(skb, sizeof(*rp));
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2307
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2308	memset(&cp, 0, sizeof(cp));
Johan Hedberg	c05b933	2014-09-10 17:37:42 -0700	[diff] [blame]	2309	build_pairing_cmd(conn, &cp, NULL, auth);
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2310
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	2311	smp->preq[0] = SMP_CMD_PAIRING_REQ;
				2312	memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Briglia	f01ead3	2011-06-09 18:50:45 -0300	[diff] [blame]	2313
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2314	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2315	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Vinicius Costa Gomes	f1cb9af	2011-01-26 21:42:57 -0300	[diff] [blame]	2316
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2317	return 0;
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2318	}
				2319
Vinicius Costa Gomes	cc11092	2012-08-23 21:32:43 -0300	[diff] [blame]	2320	int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2321	{
Vinicius Costa Gomes	cc11092	2012-08-23 21:32:43 -0300	[diff] [blame]	2322	struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg	c68b7f1	2014-09-06 06:59:10 +0300	[diff] [blame]	2323	struct l2cap_chan *chan;
Johan Hedberg	0a66cf2	2014-03-24 14:39:03 +0200	[diff] [blame]	2324	struct smp_chan *smp;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2325	__u8 authreq;
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2326	int ret;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2327
Vinicius Costa Gomes	3a0259b	2011-06-09 18:50:43 -0300	[diff] [blame]	2328	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
				2329
Johan Hedberg	0a66cf2	2014-03-24 14:39:03 +0200	[diff] [blame]	2330	/* This may be NULL if there's an unexpected disconnection */
				2331	if (!conn)
				2332	return 1;
				2333
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2334	if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
Andre Guedes	2e65c9d	2011-06-30 19:20:56 -0300	[diff] [blame]	2335	return 1;
				2336
Johan Hedberg	35dc6f8	2014-11-13 10:55:18 +0200	[diff] [blame]	2337	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Vinicius Costa Gomes	f1cb9af	2011-01-26 21:42:57 -0300	[diff] [blame]	2338	return 1;
				2339
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	2340	if (sec_level > hcon->pending_sec_level)
				2341	hcon->pending_sec_level = sec_level;
				2342
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	2343	if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	2344	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
				2345	return 0;
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	2346
Johan Hedberg	d8949aa	2015-09-04 12:22:46 +0300	[diff] [blame]	2347	chan = conn->smp;
				2348	if (!chan) {
				2349	BT_ERR("SMP security requested but not available");
				2350	return 1;
				2351	}
				2352
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2353	l2cap_chan_lock(chan);
				2354
				2355	/* If SMP is already in progress ignore this request */
				2356	if (chan->data) {
				2357	ret = 0;
				2358	goto unlock;
				2359	}
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	2360
Vinicius Costa Gomes	8aab475	2011-09-05 14:31:31 -0300	[diff] [blame]	2361	smp = smp_chan_create(conn);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2362	if (!smp) {
				2363	ret = 1;
				2364	goto unlock;
				2365	}
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2366
				2367	authreq = seclevel_to_authreq(sec_level);
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	2368
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	2369	if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	2370	authreq \|= SMP_AUTH_SC;
Johan Hedberg	a62da6f	2016-12-08 08:32:54 +0200	[diff] [blame]	2371	if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))
				2372	authreq \|= SMP_AUTH_CT2;
				2373	}
Johan Hedberg	d2eb9e1	2014-05-16 10:59:06 +0300	[diff] [blame]	2374
Johan Hedberg	79897d2	2014-06-01 09:45:24 +0300	[diff] [blame]	2375	/* Require MITM if IO Capability allows or the security level
				2376	* requires it.
Johan Hedberg	2e23364	2014-03-18 15:42:30 +0200	[diff] [blame]	2377	*/
Johan Hedberg	79897d2	2014-06-01 09:45:24 +0300	[diff] [blame]	2378	if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT \|\|
Johan Hedberg	c7262e7	2014-06-17 13:07:37 +0300	[diff] [blame]	2379	hcon->pending_sec_level > BT_SECURITY_MEDIUM)
Johan Hedberg	2e23364	2014-03-18 15:42:30 +0200	[diff] [blame]	2380	authreq \|= SMP_AUTH_MITM;
				2381
Johan Hedberg	40bef30	2014-07-16 11:42:27 +0300	[diff] [blame]	2382	if (hcon->role == HCI_ROLE_MASTER) {
Vinicius Costa Gomes	d26a234	2011-08-19 21:06:51 -0300	[diff] [blame]	2383	struct smp_cmd_pairing cp;
Anderson Briglia	f01ead3	2011-06-09 18:50:45 -0300	[diff] [blame]	2384
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2385	build_pairing_cmd(conn, &cp, NULL, authreq);
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	2386	smp->preq[0] = SMP_CMD_PAIRING_REQ;
				2387	memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Briglia	f01ead3	2011-06-09 18:50:45 -0300	[diff] [blame]	2388
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2389	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2390	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2391	} else {
				2392	struct smp_cmd_security_req cp;
Brian Gix	2b64d15	2011-12-21 16:12:12 -0800	[diff] [blame]	2393	cp.auth_req = authreq;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2394	smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2395	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2396	}
				2397
Johan Hedberg	4a74d65	2014-05-20 09:45:50 +0300	[diff] [blame]	2398	set_bit(SMP_FLAG_INITIATOR, &smp->flags);
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2399	ret = 0;
Johan Hedberg	edca792	2014-03-24 15:54:11 +0200	[diff] [blame]	2400
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2401	unlock:
				2402	l2cap_chan_unlock(chan);
				2403	return ret;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2404	}
				2405
Johan Hedberg	c81d555	2015-10-22 09:38:35 +0300	[diff] [blame]	2406	void smp_cancel_pairing(struct hci_conn *hcon)
				2407	{
				2408	struct l2cap_conn *conn = hcon->l2cap_data;
				2409	struct l2cap_chan *chan;
				2410	struct smp_chan *smp;
				2411
				2412	if (!conn)
				2413	return;
				2414
				2415	chan = conn->smp;
				2416	if (!chan)
				2417	return;
				2418
				2419	l2cap_chan_lock(chan);
				2420
				2421	smp = chan->data;
				2422	if (smp) {
				2423	if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
				2424	smp_failure(conn, 0);
				2425	else
				2426	smp_failure(conn, SMP_UNSPECIFIED);
				2427	}
				2428
				2429	l2cap_chan_unlock(chan);
				2430	}
				2431
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2432	static int smp_cmd_encrypt_info(struct l2cap_conn conn, struct sk_buff skb)
				2433	{
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2434	struct smp_cmd_encrypt_info rp = (void ) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2435	struct l2cap_chan *chan = conn->smp;
				2436	struct smp_chan *smp = chan->data;
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2437
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2438	BT_DBG("conn %p", conn);
				2439
				2440	if (skb->len < sizeof(*rp))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2441	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2442
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2443	SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
Johan Hedberg	6131ddc	2014-02-18 10:19:37 +0200	[diff] [blame]	2444
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2445	skb_pull(skb, sizeof(*rp));
				2446
Vinicius Costa Gomes	1c1def0	2011-09-05 14:31:30 -0300	[diff] [blame]	2447	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2448
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2449	return 0;
				2450	}
				2451
				2452	static int smp_cmd_master_ident(struct l2cap_conn conn, struct sk_buff skb)
				2453	{
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2454	struct smp_cmd_master_ident rp = (void ) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2455	struct l2cap_chan *chan = conn->smp;
				2456	struct smp_chan *smp = chan->data;
Vinicius Costa Gomes	c9839a1	2012-02-02 21:08:01 -0300	[diff] [blame]	2457	struct hci_dev *hdev = conn->hcon->hdev;
				2458	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	23d0e12	2014-02-19 14:57:46 +0200	[diff] [blame]	2459	struct smp_ltk *ltk;
Vinicius Costa Gomes	c9839a1	2012-02-02 21:08:01 -0300	[diff] [blame]	2460	u8 authenticated;
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2461
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2462	BT_DBG("conn %p", conn);
				2463
				2464	if (skb->len < sizeof(*rp))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2465	return SMP_INVALID_PARAMS;
Johan Hedberg	c46b98b	2014-02-18 10:19:29 +0200	[diff] [blame]	2466
Johan Hedberg	9747a9f	2014-02-26 23:33:43 +0200	[diff] [blame]	2467	/* Mark the information as received */
				2468	smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
				2469
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2470	if (smp->remote_key_dist & SMP_DIST_ID_KEY)
				2471	SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
Johan Hedberg	196332f	2014-09-09 16:21:46 -0700	[diff] [blame]	2472	else if (smp->remote_key_dist & SMP_DIST_SIGN)
				2473	SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2474
Vinicius Costa Gomes	16b9083	2011-07-07 18:59:39 -0300	[diff] [blame]	2475	skb_pull(skb, sizeof(*rp));
				2476
Marcel Holtmann	ce39fb4	2013-10-13 02:23:39 -0700	[diff] [blame]	2477	authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
Johan Hedberg	2ceba53	2014-06-16 19:25:16 +0300	[diff] [blame]	2478	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
Johan Hedberg	23d0e12	2014-02-19 14:57:46 +0200	[diff] [blame]	2479	authenticated, smp->tk, smp->enc_key_size,
				2480	rp->ediv, rp->rand);
				2481	smp->ltk = ltk;
Johan Hedberg	c6e81e9	2014-09-05 22:19:54 +0300	[diff] [blame]	2482	if (!(smp->remote_key_dist & KEY_DIST_MASK))
Johan Hedberg	d6268e8	2014-09-05 22:19:51 +0300	[diff] [blame]	2483	smp_distribute_keys(smp);
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2484
				2485	return 0;
				2486	}
				2487
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2488	static int smp_cmd_ident_info(struct l2cap_conn conn, struct sk_buff skb)
				2489	{
				2490	struct smp_cmd_ident_info info = (void ) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2491	struct l2cap_chan *chan = conn->smp;
				2492	struct smp_chan *smp = chan->data;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2493
				2494	BT_DBG("");
				2495
				2496	if (skb->len < sizeof(*info))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2497	return SMP_INVALID_PARAMS;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2498
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2499	SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
Johan Hedberg	6131ddc	2014-02-18 10:19:37 +0200	[diff] [blame]	2500
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2501	skb_pull(skb, sizeof(*info));
				2502
				2503	memcpy(smp->irk, info->irk, 16);
				2504
				2505	return 0;
				2506	}
				2507
				2508	static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
				2509	struct sk_buff *skb)
				2510	{
				2511	struct smp_cmd_ident_addr_info info = (void ) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2512	struct l2cap_chan *chan = conn->smp;
				2513	struct smp_chan *smp = chan->data;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2514	struct hci_conn *hcon = conn->hcon;
				2515	bdaddr_t rpa;
				2516
				2517	BT_DBG("");
				2518
				2519	if (skb->len < sizeof(*info))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2520	return SMP_INVALID_PARAMS;
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2521
Johan Hedberg	9747a9f	2014-02-26 23:33:43 +0200	[diff] [blame]	2522	/* Mark the information as received */
				2523	smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
				2524
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2525	if (smp->remote_key_dist & SMP_DIST_SIGN)
				2526	SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
				2527
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2528	skb_pull(skb, sizeof(*info));
				2529
Johan Hedberg	a9a58f8	2014-02-25 22:24:37 +0200	[diff] [blame]	2530	/* Strictly speaking the Core Specification (4.1) allows sending
				2531	* an empty address which would force us to rely on just the IRK
				2532	* as "identity information". However, since such
				2533	* implementations are not known of and in order to not over
				2534	* complicate our implementation, simply pretend that we never
				2535	* received an IRK for such a device.
Johan Hedberg	e12af48	2015-01-14 20:51:37 +0200	[diff] [blame]	2536	*
				2537	* The Identity Address must also be a Static Random or Public
				2538	* Address, which hci_is_identity_address() checks for.
Johan Hedberg	a9a58f8	2014-02-25 22:24:37 +0200	[diff] [blame]	2539	*/
Johan Hedberg	e12af48	2015-01-14 20:51:37 +0200	[diff] [blame]	2540	if (!bacmp(&info->bdaddr, BDADDR_ANY) \|\|
				2541	!hci_is_identity_address(&info->bdaddr, info->addr_type)) {
Johan Hedberg	a9a58f8	2014-02-25 22:24:37 +0200	[diff] [blame]	2542	BT_ERR("Ignoring IRK with no identity address");
Johan Hedberg	31dd624	2014-06-27 14:23:02 +0300	[diff] [blame]	2543	goto distribute;
Johan Hedberg	a9a58f8	2014-02-25 22:24:37 +0200	[diff] [blame]	2544	}
				2545
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2546	bacpy(&smp->id_addr, &info->bdaddr);
				2547	smp->id_addr_type = info->addr_type;
				2548
				2549	if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
				2550	bacpy(&rpa, &hcon->dst);
				2551	else
				2552	bacpy(&rpa, BDADDR_ANY);
				2553
Johan Hedberg	23d0e12	2014-02-19 14:57:46 +0200	[diff] [blame]	2554	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
				2555	smp->id_addr_type, smp->irk, &rpa);
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2556
Johan Hedberg	31dd624	2014-06-27 14:23:02 +0300	[diff] [blame]	2557	distribute:
Johan Hedberg	c6e81e9	2014-09-05 22:19:54 +0300	[diff] [blame]	2558	if (!(smp->remote_key_dist & KEY_DIST_MASK))
				2559	smp_distribute_keys(smp);
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2560
				2561	return 0;
				2562	}
				2563
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2564	static int smp_cmd_sign_info(struct l2cap_conn conn, struct sk_buff skb)
				2565	{
				2566	struct smp_cmd_sign_info rp = (void ) skb->data;
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2567	struct l2cap_chan *chan = conn->smp;
				2568	struct smp_chan *smp = chan->data;
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2569	struct smp_csrk *csrk;
				2570
				2571	BT_DBG("conn %p", conn);
				2572
				2573	if (skb->len < sizeof(*rp))
Johan Hedberg	38e4a91	2014-05-08 14:19:11 +0300	[diff] [blame]	2574	return SMP_INVALID_PARAMS;
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2575
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2576	/* Mark the information as received */
				2577	smp->remote_key_dist &= ~SMP_DIST_SIGN;
				2578
				2579	skb_pull(skb, sizeof(*rp));
				2580
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2581	csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
				2582	if (csrk) {
Johan Hedberg	4cd3928	2015-02-27 10:11:13 +0200	[diff] [blame]	2583	if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
				2584	csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
				2585	else
				2586	csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2587	memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
				2588	}
				2589	smp->csrk = csrk;
Johan Hedberg	d6268e8	2014-09-05 22:19:51 +0300	[diff] [blame]	2590	smp_distribute_keys(smp);
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2591
				2592	return 0;
				2593	}
				2594
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	2595	static u8 sc_select_method(struct smp_chan *smp)
				2596	{
				2597	struct l2cap_conn *conn = smp->conn;
				2598	struct hci_conn *hcon = conn->hcon;
				2599	struct smp_cmd_pairing local, remote;
				2600	u8 local_mitm, remote_mitm, local_io, remote_io, method;
				2601
Johan Hedberg	1a8bab4	2015-03-16 11:45:44 +0200	[diff] [blame]	2602	if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) \|\|
				2603	test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	2604	return REQ_OOB;
				2605
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	2606	/* The preq/prsp contain the raw Pairing Request/Response PDUs
				2607	* which are needed as inputs to some crypto functions. To get
				2608	* the "struct smp_cmd_pairing" from them we need to skip the
				2609	* first byte which contains the opcode.
				2610	*/
				2611	if (hcon->out) {
				2612	local = (void *) &smp->preq[1];
				2613	remote = (void *) &smp->prsp[1];
				2614	} else {
				2615	local = (void *) &smp->prsp[1];
				2616	remote = (void *) &smp->preq[1];
				2617	}
				2618
				2619	local_io = local->io_capability;
				2620	remote_io = remote->io_capability;
				2621
				2622	local_mitm = (local->auth_req & SMP_AUTH_MITM);
				2623	remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
				2624
				2625	/* If either side wants MITM, look up the method from the table,
				2626	* otherwise use JUST WORKS.
				2627	*/
				2628	if (local_mitm \|\| remote_mitm)
				2629	method = get_auth_method(smp, local_io, remote_io);
				2630	else
				2631	method = JUST_WORKS;
				2632
				2633	/* Don't confirm locally initiated pairing attempts */
				2634	if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
				2635	method = JUST_WORKS;
				2636
				2637	return method;
				2638	}
				2639
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2640	static int smp_cmd_public_key(struct l2cap_conn conn, struct sk_buff skb)
				2641	{
				2642	struct smp_cmd_public_key key = (void ) skb->data;
				2643	struct hci_conn *hcon = conn->hcon;
				2644	struct l2cap_chan *chan = conn->smp;
				2645	struct smp_chan *smp = chan->data;
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	2646	struct hci_dev *hdev = hcon->hdev;
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	2647	struct smp_cmd_pairing_confirm cfm;
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2648	int err;
				2649
				2650	BT_DBG("conn %p", conn);
				2651
				2652	if (skb->len < sizeof(*key))
				2653	return SMP_INVALID_PARAMS;
				2654
				2655	memcpy(smp->remote_pk, key, 64);
				2656
Johan Hedberg	a8ca617	2015-03-16 18:12:57 +0200	[diff] [blame]	2657	if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
				2658	err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
				2659	smp->rr, 0, cfm.confirm_val);
				2660	if (err)
				2661	return SMP_UNSPECIFIED;
				2662
				2663	if (memcmp(cfm.confirm_val, smp->pcnf, 16))
				2664	return SMP_CONFIRM_FAILED;
				2665	}
				2666
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2667	/* Non-initiating device sends its public key after receiving
				2668	* the key from the initiating device.
				2669	*/
				2670	if (!hcon->out) {
				2671	err = sc_send_public_key(smp);
				2672	if (err)
				2673	return err;
				2674	}
				2675
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	2676	SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
Marcel Holtmann	e091526	2015-03-16 12:34:55 -0700	[diff] [blame]	2677	SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2678
Salvatore Benedetto	58771c1c	2017-04-24 13:13:20 +0100	[diff] [blame]	2679	if (!compute_ecdh_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2680	return SMP_UNSPECIFIED;
				2681
Johan Hedberg	c7a3d57	2014-12-01 22:03:16 +0200	[diff] [blame]	2682	SMP_DBG("DHKey %32phN", smp->dhkey);
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2683
				2684	set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
				2685
Johan Hedberg	5e3d3d9	2014-05-31 18:51:02 +0300	[diff] [blame]	2686	smp->method = sc_select_method(smp);
				2687
				2688	BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
				2689
				2690	/* JUST_WORKS and JUST_CFM result in an unauthenticated key */
				2691	if (smp->method == JUST_WORKS \|\| smp->method == JUST_CFM)
				2692	hcon->pending_sec_level = BT_SECURITY_MEDIUM;
				2693	else
				2694	hcon->pending_sec_level = BT_SECURITY_FIPS;
				2695
Johan Hedberg	aeb7d46	2014-05-31 18:52:28 +0300	[diff] [blame]	2696	if (!memcmp(debug_pk, smp->remote_pk, 64))
				2697	set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
				2698
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2699	if (smp->method == DSP_PASSKEY) {
				2700	get_random_bytes(&hcon->passkey_notify,
				2701	sizeof(hcon->passkey_notify));
				2702	hcon->passkey_notify %= 1000000;
				2703	hcon->passkey_entered = 0;
				2704	smp->passkey_round = 0;
				2705	if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
				2706	hcon->dst_type,
				2707	hcon->passkey_notify,
				2708	hcon->passkey_entered))
				2709	return SMP_UNSPECIFIED;
				2710	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				2711	return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
				2712	}
				2713
Johan Hedberg	94ea725	2015-03-16 11:45:46 +0200	[diff] [blame]	2714	if (smp->method == REQ_OOB) {
Johan Hedberg	a29b073	2014-10-28 15:17:05 +0100	[diff] [blame]	2715	if (hcon->out)
				2716	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
				2717	sizeof(smp->prnd), smp->prnd);
				2718
				2719	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				2720
				2721	return 0;
				2722	}
				2723
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2724	if (hcon->out)
				2725	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				2726
				2727	if (smp->method == REQ_PASSKEY) {
				2728	if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
				2729	hcon->dst_type))
				2730	return SMP_UNSPECIFIED;
				2731	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
				2732	set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
				2733	return 0;
				2734	}
				2735
Johan Hedberg	cbbbe3e	2014-06-06 11:30:08 +0300	[diff] [blame]	2736	/* The Initiating device waits for the non-initiating device to
				2737	* send the confirm value.
				2738	*/
				2739	if (conn->hcon->out)
				2740	return 0;
				2741
				2742	err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
				2743	0, cfm.confirm_val);
				2744	if (err)
				2745	return SMP_UNSPECIFIED;
				2746
				2747	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
				2748	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
				2749
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2750	return 0;
				2751	}
				2752
Johan Hedberg	6433a9a	2014-06-06 11:47:30 +0300	[diff] [blame]	2753	static int smp_cmd_dhkey_check(struct l2cap_conn conn, struct sk_buff skb)
				2754	{
				2755	struct smp_cmd_dhkey_check check = (void ) skb->data;
				2756	struct l2cap_chan *chan = conn->smp;
				2757	struct hci_conn *hcon = conn->hcon;
				2758	struct smp_chan *smp = chan->data;
				2759	u8 a[7], b[7], local_addr, remote_addr;
				2760	u8 io_cap[3], r[16], e[16];
				2761	int err;
				2762
				2763	BT_DBG("conn %p", conn);
				2764
				2765	if (skb->len < sizeof(*check))
				2766	return SMP_INVALID_PARAMS;
				2767
				2768	memcpy(a, &hcon->init_addr, 6);
				2769	memcpy(b, &hcon->resp_addr, 6);
				2770	a[6] = hcon->init_addr_type;
				2771	b[6] = hcon->resp_addr_type;
				2772
				2773	if (hcon->out) {
				2774	local_addr = a;
				2775	remote_addr = b;
				2776	memcpy(io_cap, &smp->prsp[1], 3);
				2777	} else {
				2778	local_addr = b;
				2779	remote_addr = a;
				2780	memcpy(io_cap, &smp->preq[1], 3);
				2781	}
				2782
				2783	memset(r, 0, sizeof(r));
				2784
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2785	if (smp->method == REQ_PASSKEY \|\| smp->method == DSP_PASSKEY)
				2786	put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg	882fafa	2015-03-16 11:45:43 +0200	[diff] [blame]	2787	else if (smp->method == REQ_OOB)
				2788	memcpy(r, smp->lr, 16);
Johan Hedberg	38606f1	2014-06-25 11:10:28 +0300	[diff] [blame]	2789
Johan Hedberg	6433a9a	2014-06-06 11:47:30 +0300	[diff] [blame]	2790	err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
				2791	io_cap, remote_addr, local_addr, e);
				2792	if (err)
				2793	return SMP_UNSPECIFIED;
				2794
				2795	if (memcmp(check->e, e, 16))
				2796	return SMP_DHKEY_CHECK_FAILED;
				2797
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	2798	if (!hcon->out) {
				2799	if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
				2800	set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
				2801	return 0;
				2802	}
Johan Hedberg	d378a2d	2014-05-31 18:53:36 +0300	[diff] [blame]	2803
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	2804	/* Slave sends DHKey check as response to master */
				2805	sc_dhkey_check(smp);
				2806	}
Johan Hedberg	d378a2d	2014-05-31 18:53:36 +0300	[diff] [blame]	2807
Johan Hedberg	d3e54a8	2014-06-04 11:07:40 +0300	[diff] [blame]	2808	sc_add_ltk(smp);
Johan Hedberg	6433a9a	2014-06-06 11:47:30 +0300	[diff] [blame]	2809
				2810	if (hcon->out) {
Johan Hedberg	8b76ce3	2015-06-08 18:14:39 +0300	[diff] [blame]	2811	hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
Johan Hedberg	6433a9a	2014-06-06 11:47:30 +0300	[diff] [blame]	2812	hcon->enc_key_size = smp->enc_key_size;
				2813	}
				2814
				2815	return 0;
				2816	}
				2817
Johan Hedberg	1408bb6	2014-06-04 22:45:57 +0300	[diff] [blame]	2818	static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
				2819	struct sk_buff *skb)
				2820	{
				2821	struct smp_cmd_keypress_notify kp = (void ) skb->data;
				2822
				2823	BT_DBG("value 0x%02x", kp->value);
				2824
				2825	return 0;
				2826	}
				2827
Johan Hedberg	4befb86	2014-08-11 22:06:38 +0300	[diff] [blame]	2828	static int smp_sig_channel(struct l2cap_chan chan, struct sk_buff skb)
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2829	{
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2830	struct l2cap_conn *conn = chan->conn;
Marcel Holtmann	7b9899d	2013-10-03 00:00:57 -0700	[diff] [blame]	2831	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2832	struct smp_chan *smp;
Marcel Holtmann	92381f5	2013-10-03 01:23:08 -0700	[diff] [blame]	2833	__u8 code, reason;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2834	int err = 0;
				2835
Johan Hedberg	8ae9b98	2014-08-11 22:06:39 +0300	[diff] [blame]	2836	if (skb->len < 1)
Marcel Holtmann	92381f5	2013-10-03 01:23:08 -0700	[diff] [blame]	2837	return -EILSEQ;
Marcel Holtmann	92381f5	2013-10-03 01:23:08 -0700	[diff] [blame]	2838
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2839	if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
Andre Guedes	2e65c9d	2011-06-30 19:20:56 -0300	[diff] [blame]	2840	reason = SMP_PAIRING_NOTSUPP;
				2841	goto done;
				2842	}
				2843
Marcel Holtmann	92381f5	2013-10-03 01:23:08 -0700	[diff] [blame]	2844	code = skb->data[0];
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2845	skb_pull(skb, sizeof(code));
				2846
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2847	smp = chan->data;
				2848
				2849	if (code > SMP_CMD_MAX)
				2850	goto drop;
				2851
Johan Hedberg	24bd0bd	2014-09-10 17:37:43 -0700	[diff] [blame]	2852	if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2853	goto drop;
				2854
				2855	/* If we don't have a context the only allowed commands are
				2856	* pairing request and security request.
Johan Hedberg	8cf9fa1	2013-01-29 10:44:23 -0600	[diff] [blame]	2857	*/
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2858	if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
				2859	goto drop;
Johan Hedberg	8cf9fa1	2013-01-29 10:44:23 -0600	[diff] [blame]	2860
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2861	switch (code) {
				2862	case SMP_CMD_PAIRING_REQ:
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2863	reason = smp_cmd_pairing_req(conn, skb);
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2864	break;
				2865
				2866	case SMP_CMD_PAIRING_FAIL:
Johan Hedberg	84794e1	2013-11-06 11:24:57 +0200	[diff] [blame]	2867	smp_failure(conn, 0);
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2868	err = -EPERM;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2869	break;
				2870
				2871	case SMP_CMD_PAIRING_RSP:
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2872	reason = smp_cmd_pairing_rsp(conn, skb);
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2873	break;
				2874
				2875	case SMP_CMD_SECURITY_REQ:
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2876	reason = smp_cmd_security_req(conn, skb);
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2877	break;
				2878
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2879	case SMP_CMD_PAIRING_CONFIRM:
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2880	reason = smp_cmd_pairing_confirm(conn, skb);
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2881	break;
				2882
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2883	case SMP_CMD_PAIRING_RANDOM:
Vinicius Costa Gomes	da85e5e	2011-06-09 18:50:53 -0300	[diff] [blame]	2884	reason = smp_cmd_pairing_random(conn, skb);
Anderson Briglia	88ba43b	2011-06-09 18:50:42 -0300	[diff] [blame]	2885	break;
				2886
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2887	case SMP_CMD_ENCRYPT_INFO:
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2888	reason = smp_cmd_encrypt_info(conn, skb);
				2889	break;
				2890
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2891	case SMP_CMD_MASTER_IDENT:
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2892	reason = smp_cmd_master_ident(conn, skb);
				2893	break;
				2894
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2895	case SMP_CMD_IDENT_INFO:
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2896	reason = smp_cmd_ident_info(conn, skb);
				2897	break;
				2898
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2899	case SMP_CMD_IDENT_ADDR_INFO:
Johan Hedberg	fd349c0	2014-02-18 10:19:36 +0200	[diff] [blame]	2900	reason = smp_cmd_ident_addr_info(conn, skb);
				2901	break;
				2902
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2903	case SMP_CMD_SIGN_INFO:
Marcel Holtmann	7ee4ea3	2014-03-09 12:19:17 -0700	[diff] [blame]	2904	reason = smp_cmd_sign_info(conn, skb);
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2905	break;
				2906
Johan Hedberg	d8f8edb	2014-06-06 11:09:28 +0300	[diff] [blame]	2907	case SMP_CMD_PUBLIC_KEY:
				2908	reason = smp_cmd_public_key(conn, skb);
				2909	break;
				2910
Johan Hedberg	6433a9a	2014-06-06 11:47:30 +0300	[diff] [blame]	2911	case SMP_CMD_DHKEY_CHECK:
				2912	reason = smp_cmd_dhkey_check(conn, skb);
				2913	break;
				2914
Johan Hedberg	1408bb6	2014-06-04 22:45:57 +0300	[diff] [blame]	2915	case SMP_CMD_KEYPRESS_NOTIFY:
				2916	reason = smp_cmd_keypress_notify(conn, skb);
				2917	break;
				2918
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2919	default:
				2920	BT_DBG("Unknown command code 0x%2.2x", code);
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2921	reason = SMP_CMD_NOTSUPP;
Vinicius Costa Gomes	3a0259b	2011-06-09 18:50:43 -0300	[diff] [blame]	2922	goto done;
				2923	}
				2924
				2925	done:
Johan Hedberg	9b7b18e	2014-08-18 20:33:31 +0300	[diff] [blame]	2926	if (!err) {
				2927	if (reason)
				2928	smp_failure(conn, reason);
Johan Hedberg	8ae9b98	2014-08-11 22:06:39 +0300	[diff] [blame]	2929	kfree_skb(skb);
Johan Hedberg	9b7b18e	2014-08-18 20:33:31 +0300	[diff] [blame]	2930	}
				2931
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2932	return err;
Johan Hedberg	b28b494	2014-09-05 22:19:55 +0300	[diff] [blame]	2933
				2934	drop:
				2935	BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
				2936	code, &hcon->dst);
				2937	kfree_skb(skb);
				2938	return 0;
Anderson Briglia	eb492e0	2011-06-09 18:50:40 -0300	[diff] [blame]	2939	}
Vinicius Costa Gomes	7034b91	2011-07-07 18:59:34 -0300	[diff] [blame]	2940
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	2941	static void smp_teardown_cb(struct l2cap_chan *chan, int err)
				2942	{
				2943	struct l2cap_conn *conn = chan->conn;
				2944
				2945	BT_DBG("chan %p", chan);
				2946
Johan Hedberg	fc75cc8	2014-09-05 22:19:52 +0300	[diff] [blame]	2947	if (chan->data)
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2948	smp_chan_destroy(conn);
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	2949
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	2950	conn->smp = NULL;
				2951	l2cap_chan_put(chan);
				2952	}
				2953
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	2954	static void bredr_pairing(struct l2cap_chan *chan)
				2955	{
				2956	struct l2cap_conn *conn = chan->conn;
				2957	struct hci_conn *hcon = conn->hcon;
				2958	struct hci_dev *hdev = hcon->hdev;
				2959	struct smp_cmd_pairing req;
				2960	struct smp_chan *smp;
				2961
				2962	BT_DBG("chan %p", chan);
				2963
				2964	/* Only new pairings are interesting */
				2965	if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
				2966	return;
				2967
				2968	/* Don't bother if we're not encrypted */
				2969	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
				2970	return;
				2971
				2972	/* Only master may initiate SMP over BR/EDR */
				2973	if (hcon->role != HCI_ROLE_MASTER)
				2974	return;
				2975
				2976	/* Secure Connections support must be enabled */
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2977	if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	2978	return;
				2979
				2980	/* BR/EDR must use Secure Connections for SMP */
				2981	if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
Marcel Holtmann	b7cb93e	2015-03-13 10:20:35 -0700	[diff] [blame]	2982	!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	2983	return;
				2984
				2985	/* If our LE support is not enabled don't do anything */
Marcel Holtmann	d7a5a11	2015-03-13 02:11:00 -0700	[diff] [blame]	2986	if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	2987	return;
				2988
				2989	/* Don't bother if remote LE support is not enabled */
				2990	if (!lmp_host_le_capable(hcon))
				2991	return;
				2992
				2993	/* Remote must support SMP fixed chan for BR/EDR */
				2994	if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
				2995	return;
				2996
				2997	/* Don't bother if SMP is already ongoing */
				2998	if (chan->data)
				2999	return;
				3000
				3001	smp = smp_chan_create(conn);
				3002	if (!smp) {
				3003	BT_ERR("%s unable to create SMP context for BR/EDR",
				3004	hdev->name);
				3005	return;
				3006	}
				3007
				3008	set_bit(SMP_FLAG_SC, &smp->flags);
				3009
				3010	BT_DBG("%s starting SMP over BR/EDR", hdev->name);
				3011
				3012	/* Prepare and send the BR/EDR SMP Pairing Request */
				3013	build_bredr_pairing_cmd(smp, &req, NULL);
				3014
				3015	smp->preq[0] = SMP_CMD_PAIRING_REQ;
				3016	memcpy(&smp->preq[1], &req, sizeof(req));
				3017
				3018	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
				3019	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
				3020	}
				3021
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	3022	static void smp_resume_cb(struct l2cap_chan *chan)
				3023	{
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	3024	struct smp_chan *smp = chan->data;
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	3025	struct l2cap_conn *conn = chan->conn;
				3026	struct hci_conn *hcon = conn->hcon;
				3027
				3028	BT_DBG("chan %p", chan);
				3029
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	3030	if (hcon->type == ACL_LINK) {
				3031	bredr_pairing(chan);
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3032	return;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	3033	}
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3034
Johan Hedberg	86d1407	2014-08-11 22:06:43 +0300	[diff] [blame]	3035	if (!smp)
				3036	return;
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	3037
Johan Hedberg	84bc0db	2014-09-05 22:19:49 +0300	[diff] [blame]	3038	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
				3039	return;
				3040
Johan Hedberg	86d1407	2014-08-11 22:06:43 +0300	[diff] [blame]	3041	cancel_delayed_work(&smp->security_timer);
				3042
Johan Hedberg	d6268e8	2014-09-05 22:19:51 +0300	[diff] [blame]	3043	smp_distribute_keys(smp);
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	3044	}
				3045
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3046	static void smp_ready_cb(struct l2cap_chan *chan)
				3047	{
				3048	struct l2cap_conn *conn = chan->conn;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	3049	struct hci_conn *hcon = conn->hcon;
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3050
				3051	BT_DBG("chan %p", chan);
				3052
Johan Hedberg	7883746	2015-11-11 21:47:12 +0200	[diff] [blame]	3053	/* No need to call l2cap_chan_hold() here since we already own
				3054	* the reference taken in smp_new_conn_cb(). This is just the
				3055	* first time that we tie it to a specific pointer. The code in
				3056	* l2cap_core.c ensures that there's no risk this function wont
				3057	* get called if smp_new_conn_cb was previously called.
				3058	*/
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3059	conn->smp = chan;
Johan Hedberg	b5ae344	2014-08-14 12:34:26 +0300	[diff] [blame]	3060
				3061	if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
				3062	bredr_pairing(chan);
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3063	}
				3064
Johan Hedberg	4befb86	2014-08-11 22:06:38 +0300	[diff] [blame]	3065	static int smp_recv_cb(struct l2cap_chan chan, struct sk_buff skb)
				3066	{
				3067	int err;
				3068
				3069	BT_DBG("chan %p", chan);
				3070
				3071	err = smp_sig_channel(chan, skb);
				3072	if (err) {
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	3073	struct smp_chan *smp = chan->data;
Johan Hedberg	4befb86	2014-08-11 22:06:38 +0300	[diff] [blame]	3074
Johan Hedberg	b68fda6	2014-08-11 22:06:40 +0300	[diff] [blame]	3075	if (smp)
				3076	cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg	4befb86	2014-08-11 22:06:38 +0300	[diff] [blame]	3077
Johan Hedberg	1e91c29	2014-08-18 20:33:29 +0300	[diff] [blame]	3078	hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
Johan Hedberg	4befb86	2014-08-11 22:06:38 +0300	[diff] [blame]	3079	}
				3080
				3081	return err;
				3082	}
				3083
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3084	static struct sk_buff smp_alloc_skb_cb(struct l2cap_chan chan,
				3085	unsigned long hdr_len,
				3086	unsigned long len, int nb)
				3087	{
				3088	struct sk_buff *skb;
				3089
				3090	skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
				3091	if (!skb)
				3092	return ERR_PTR(-ENOMEM);
				3093
				3094	skb->priority = HCI_PRIO_MAX;
Johan Hedberg	a4368ff	2015-03-30 23:21:01 +0300	[diff] [blame]	3095	bt_cb(skb)->l2cap.chan = chan;
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3096
				3097	return skb;
				3098	}
				3099
				3100	static const struct l2cap_ops smp_chan_ops = {
				3101	.name = "Security Manager",
				3102	.ready = smp_ready_cb,
Johan Hedberg	5d88cc7	2014-08-08 09:37:18 +0300	[diff] [blame]	3103	.recv = smp_recv_cb,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3104	.alloc_skb = smp_alloc_skb_cb,
				3105	.teardown = smp_teardown_cb,
Johan Hedberg	44f1a7a	2014-08-11 22:06:36 +0300	[diff] [blame]	3106	.resume = smp_resume_cb,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3107
				3108	.new_connection = l2cap_chan_no_new_connection,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3109	.state_change = l2cap_chan_no_state_change,
				3110	.close = l2cap_chan_no_close,
				3111	.defer = l2cap_chan_no_defer,
				3112	.suspend = l2cap_chan_no_suspend,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3113	.set_shutdown = l2cap_chan_no_set_shutdown,
				3114	.get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3115	};
				3116
				3117	static inline struct l2cap_chan smp_new_conn_cb(struct l2cap_chan pchan)
				3118	{
				3119	struct l2cap_chan *chan;
				3120
				3121	BT_DBG("pchan %p", pchan);
				3122
				3123	chan = l2cap_chan_create();
				3124	if (!chan)
				3125	return NULL;
				3126
				3127	chan->chan_type = pchan->chan_type;
				3128	chan->ops = &smp_chan_ops;
				3129	chan->scid = pchan->scid;
				3130	chan->dcid = chan->scid;
				3131	chan->imtu = pchan->imtu;
				3132	chan->omtu = pchan->omtu;
				3133	chan->mode = pchan->mode;
				3134
Johan Hedberg	abe8490	2014-11-12 22:22:21 +0200	[diff] [blame]	3135	/* Other L2CAP channels may request SMP routines in order to
				3136	* change the security level. This means that the SMP channel
				3137	* lock must be considered in its own category to avoid lockdep
				3138	* warnings.
				3139	*/
				3140	atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
				3141
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3142	BT_DBG("created chan %p", chan);
				3143
				3144	return chan;
				3145	}
				3146
				3147	static const struct l2cap_ops smp_root_chan_ops = {
				3148	.name = "Security Manager Root",
				3149	.new_connection = smp_new_conn_cb,
				3150
				3151	/* None of these are implemented for the root channel */
				3152	.close = l2cap_chan_no_close,
				3153	.alloc_skb = l2cap_chan_no_alloc_skb,
				3154	.recv = l2cap_chan_no_recv,
				3155	.state_change = l2cap_chan_no_state_change,
				3156	.teardown = l2cap_chan_no_teardown,
				3157	.ready = l2cap_chan_no_ready,
				3158	.defer = l2cap_chan_no_defer,
				3159	.suspend = l2cap_chan_no_suspend,
				3160	.resume = l2cap_chan_no_resume,
				3161	.set_shutdown = l2cap_chan_no_set_shutdown,
				3162	.get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3163	};
				3164
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3165	static struct l2cap_chan smp_add_cid(struct hci_dev hdev, u16 cid)
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3166	{
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3167	struct l2cap_chan *chan;
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3168	struct smp_dev *smp;
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3169	struct crypto_cipher *tfm_aes;
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3170	struct crypto_shash *tfm_cmac;
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3171
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3172	if (cid == L2CAP_CID_SMP_BREDR) {
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3173	smp = NULL;
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3174	goto create_chan;
				3175	}
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3176
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3177	smp = kzalloc(sizeof(*smp), GFP_KERNEL);
				3178	if (!smp)
				3179	return ERR_PTR(-ENOMEM);
				3180
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3181	tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	3182	if (IS_ERR(tfm_aes)) {
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3183	BT_ERR("Unable to create AES crypto context");
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3184	kzfree(smp);
Fengguang Wu	fe70077	2014-12-08 03:04:38 +0800	[diff] [blame]	3185	return ERR_CAST(tfm_aes);
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3186	}
				3187
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3188	tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Marcel Holtmann	6e2dc6d	2015-03-16 01:10:21 -0700	[diff] [blame]	3189	if (IS_ERR(tfm_cmac)) {
				3190	BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3191	crypto_free_cipher(tfm_aes);
Marcel Holtmann	6e2dc6d	2015-03-16 01:10:21 -0700	[diff] [blame]	3192	kzfree(smp);
				3193	return ERR_CAST(tfm_cmac);
				3194	}
				3195
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3196	smp->tfm_aes = tfm_aes;
Marcel Holtmann	6e2dc6d	2015-03-16 01:10:21 -0700	[diff] [blame]	3197	smp->tfm_cmac = tfm_cmac;
Johan Hedberg	b1f663c	2015-06-11 13:52:27 +0300	[diff] [blame]	3198	smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	3199	smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3200
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3201	create_chan:
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3202	chan = l2cap_chan_create();
				3203	if (!chan) {
Marcel Holtmann	63511f6d	2015-03-17 11:38:24 -0700	[diff] [blame]	3204	if (smp) {
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3205	crypto_free_cipher(smp->tfm_aes);
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3206	crypto_free_shash(smp->tfm_cmac);
Marcel Holtmann	63511f6d	2015-03-17 11:38:24 -0700	[diff] [blame]	3207	kzfree(smp);
				3208	}
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3209	return ERR_PTR(-ENOMEM);
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3210	}
				3211
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3212	chan->data = smp;
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	3213
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3214	l2cap_add_scid(chan, cid);
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3215
				3216	l2cap_chan_set_defaults(chan);
				3217
Marcel Holtmann	157029b	2015-01-14 15:43:09 -0800	[diff] [blame]	3218	if (cid == L2CAP_CID_SMP) {
Johan Hedberg	39e3e74	2015-02-20 13:48:24 +0200	[diff] [blame]	3219	u8 bdaddr_type;
				3220
				3221	hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
				3222
				3223	if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
Marcel Holtmann	157029b	2015-01-14 15:43:09 -0800	[diff] [blame]	3224	chan->src_type = BDADDR_LE_PUBLIC;
Johan Hedberg	39e3e74	2015-02-20 13:48:24 +0200	[diff] [blame]	3225	else
				3226	chan->src_type = BDADDR_LE_RANDOM;
Marcel Holtmann	157029b	2015-01-14 15:43:09 -0800	[diff] [blame]	3227	} else {
				3228	bacpy(&chan->src, &hdev->bdaddr);
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3229	chan->src_type = BDADDR_BREDR;
Marcel Holtmann	157029b	2015-01-14 15:43:09 -0800	[diff] [blame]	3230	}
				3231
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3232	chan->state = BT_LISTEN;
				3233	chan->mode = L2CAP_MODE_BASIC;
				3234	chan->imtu = L2CAP_DEFAULT_MTU;
				3235	chan->ops = &smp_root_chan_ops;
				3236
Johan Hedberg	abe8490	2014-11-12 22:22:21 +0200	[diff] [blame]	3237	/* Set correct nesting level for a parent/listening channel */
				3238	atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
				3239
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3240	return chan;
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3241	}
				3242
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3243	static void smp_del_chan(struct l2cap_chan *chan)
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3244	{
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3245	struct smp_dev *smp;
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3246
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3247	BT_DBG("chan %p", chan);
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3248
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3249	smp = chan->data;
				3250	if (smp) {
Johan Hedberg	defce9e	2014-08-08 09:37:17 +0300	[diff] [blame]	3251	chan->data = NULL;
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3252	crypto_free_cipher(smp->tfm_aes);
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3253	crypto_free_shash(smp->tfm_cmac);
Marcel Holtmann	88a479d	2015-03-16 01:10:19 -0700	[diff] [blame]	3254	kzfree(smp);
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3255	}
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3256
Johan Hedberg	70db83c	2014-08-08 09:37:16 +0300	[diff] [blame]	3257	l2cap_chan_put(chan);
Johan Hedberg	711eafe	2014-08-08 09:32:52 +0300	[diff] [blame]	3258	}
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3259
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3260	static ssize_t force_bredr_smp_read(struct file *file,
				3261	char __user *user_buf,
				3262	size_t count, loff_t *ppos)
				3263	{
				3264	struct hci_dev *hdev = file->private_data;
				3265	char buf[3];
				3266
Marcel Holtmann	b7cb93e	2015-03-13 10:20:35 -0700	[diff] [blame]	3267	buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3268	buf[1] = '\n';
				3269	buf[2] = '\0';
				3270	return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
				3271	}
				3272
				3273	static ssize_t force_bredr_smp_write(struct file *file,
				3274	const char __user *user_buf,
				3275	size_t count, loff_t *ppos)
				3276	{
				3277	struct hci_dev *hdev = file->private_data;
				3278	char buf[32];
				3279	size_t buf_size = min(count, (sizeof(buf)-1));
				3280	bool enable;
				3281
				3282	if (copy_from_user(buf, user_buf, buf_size))
				3283	return -EFAULT;
				3284
				3285	buf[buf_size] = '\0';
				3286	if (strtobool(buf, &enable))
				3287	return -EINVAL;
				3288
Marcel Holtmann	b7cb93e	2015-03-13 10:20:35 -0700	[diff] [blame]	3289	if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3290	return -EALREADY;
				3291
				3292	if (enable) {
				3293	struct l2cap_chan *chan;
				3294
				3295	chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
				3296	if (IS_ERR(chan))
				3297	return PTR_ERR(chan);
				3298
				3299	hdev->smp_bredr_data = chan;
				3300	} else {
				3301	struct l2cap_chan *chan;
				3302
				3303	chan = hdev->smp_bredr_data;
				3304	hdev->smp_bredr_data = NULL;
				3305	smp_del_chan(chan);
				3306	}
				3307
Marcel Holtmann	b7cb93e	2015-03-13 10:20:35 -0700	[diff] [blame]	3308	hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3309
				3310	return count;
				3311	}
				3312
				3313	static const struct file_operations force_bredr_smp_fops = {
				3314	.open = simple_open,
				3315	.read = force_bredr_smp_read,
				3316	.write = force_bredr_smp_write,
				3317	.llseek = default_llseek,
				3318	};
				3319
Johan Hedberg	b1f663c	2015-06-11 13:52:27 +0300	[diff] [blame]	3320	static ssize_t le_min_key_size_read(struct file *file,
				3321	char __user *user_buf,
				3322	size_t count, loff_t *ppos)
				3323	{
				3324	struct hci_dev *hdev = file->private_data;
				3325	char buf[4];
				3326
				3327	snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
				3328
				3329	return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
				3330	}
				3331
				3332	static ssize_t le_min_key_size_write(struct file *file,
				3333	const char __user *user_buf,
				3334	size_t count, loff_t *ppos)
				3335	{
				3336	struct hci_dev *hdev = file->private_data;
				3337	char buf[32];
				3338	size_t buf_size = min(count, (sizeof(buf) - 1));
				3339	u8 key_size;
				3340
				3341	if (copy_from_user(buf, user_buf, buf_size))
				3342	return -EFAULT;
				3343
				3344	buf[buf_size] = '\0';
				3345
				3346	sscanf(buf, "%hhu", &key_size);
				3347
				3348	if (key_size > SMP_DEV(hdev)->max_key_size \|\|
				3349	key_size < SMP_MIN_ENC_KEY_SIZE)
				3350	return -EINVAL;
				3351
				3352	SMP_DEV(hdev)->min_key_size = key_size;
				3353
				3354	return count;
				3355	}
				3356
				3357	static const struct file_operations le_min_key_size_fops = {
				3358	.open = simple_open,
				3359	.read = le_min_key_size_read,
				3360	.write = le_min_key_size_write,
				3361	.llseek = default_llseek,
				3362	};
				3363
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	3364	static ssize_t le_max_key_size_read(struct file *file,
				3365	char __user *user_buf,
				3366	size_t count, loff_t *ppos)
				3367	{
				3368	struct hci_dev *hdev = file->private_data;
				3369	char buf[4];
				3370
				3371	snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
				3372
				3373	return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
				3374	}
				3375
				3376	static ssize_t le_max_key_size_write(struct file *file,
				3377	const char __user *user_buf,
				3378	size_t count, loff_t *ppos)
				3379	{
				3380	struct hci_dev *hdev = file->private_data;
				3381	char buf[32];
				3382	size_t buf_size = min(count, (sizeof(buf) - 1));
				3383	u8 key_size;
				3384
				3385	if (copy_from_user(buf, user_buf, buf_size))
				3386	return -EFAULT;
				3387
				3388	buf[buf_size] = '\0';
				3389
				3390	sscanf(buf, "%hhu", &key_size);
				3391
Johan Hedberg	b1f663c	2015-06-11 13:52:27 +0300	[diff] [blame]	3392	if (key_size > SMP_MAX_ENC_KEY_SIZE \|\|
				3393	key_size < SMP_DEV(hdev)->min_key_size)
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	3394	return -EINVAL;
				3395
				3396	SMP_DEV(hdev)->max_key_size = key_size;
				3397
				3398	return count;
				3399	}
				3400
				3401	static const struct file_operations le_max_key_size_fops = {
				3402	.open = simple_open,
				3403	.read = le_max_key_size_read,
				3404	.write = le_max_key_size_write,
				3405	.llseek = default_llseek,
				3406	};
				3407
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3408	int smp_register(struct hci_dev *hdev)
				3409	{
				3410	struct l2cap_chan *chan;
				3411
				3412	BT_DBG("%s", hdev->name);
				3413
Marcel Holtmann	7e7ec44	2015-01-14 15:43:10 -0800	[diff] [blame]	3414	/* If the controller does not support Low Energy operation, then
				3415	* there is also no need to register any SMP channel.
				3416	*/
				3417	if (!lmp_le_capable(hdev))
				3418	return 0;
				3419
Marcel Holtmann	2b8df32	2015-01-15 08:04:21 -0800	[diff] [blame]	3420	if (WARN_ON(hdev->smp_data)) {
				3421	chan = hdev->smp_data;
				3422	hdev->smp_data = NULL;
				3423	smp_del_chan(chan);
				3424	}
				3425
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3426	chan = smp_add_cid(hdev, L2CAP_CID_SMP);
				3427	if (IS_ERR(chan))
				3428	return PTR_ERR(chan);
				3429
				3430	hdev->smp_data = chan;
				3431
Johan Hedberg	b1f663c	2015-06-11 13:52:27 +0300	[diff] [blame]	3432	debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
				3433	&le_min_key_size_fops);
Johan Hedberg	2fd3655	2015-06-11 13:52:26 +0300	[diff] [blame]	3434	debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
				3435	&le_max_key_size_fops);
				3436
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3437	/* If the controller does not support BR/EDR Secure Connections
				3438	* feature, then the BR/EDR SMP channel shall not be present.
				3439	*
				3440	* To test this with Bluetooth 4.0 controllers, create a debugfs
				3441	* switch that allows forcing BR/EDR SMP support and accepting
				3442	* cross-transport pairing on non-AES encrypted connections.
				3443	*/
				3444	if (!lmp_sc_capable(hdev)) {
				3445	debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
				3446	hdev, &force_bredr_smp_fops);
Szymon Janc	83ebb9e	2016-09-09 20:24:40 +0200	[diff] [blame]	3447
				3448	/* Flag can be already set here (due to power toggle) */
				3449	if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
				3450	return 0;
Marcel Holtmann	300acfde	2014-12-31 14:43:16 -0800	[diff] [blame]	3451	}
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3452
Marcel Holtmann	2b8df32	2015-01-15 08:04:21 -0800	[diff] [blame]	3453	if (WARN_ON(hdev->smp_bredr_data)) {
				3454	chan = hdev->smp_bredr_data;
				3455	hdev->smp_bredr_data = NULL;
				3456	smp_del_chan(chan);
				3457	}
				3458
Johan Hedberg	ef8efe4	2014-08-13 15:12:32 +0300	[diff] [blame]	3459	chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
				3460	if (IS_ERR(chan)) {
				3461	int err = PTR_ERR(chan);
				3462	chan = hdev->smp_data;
				3463	hdev->smp_data = NULL;
				3464	smp_del_chan(chan);
				3465	return err;
				3466	}
				3467
				3468	hdev->smp_bredr_data = chan;
				3469
				3470	return 0;
				3471	}
				3472
				3473	void smp_unregister(struct hci_dev *hdev)
				3474	{
				3475	struct l2cap_chan *chan;
				3476
				3477	if (hdev->smp_bredr_data) {
				3478	chan = hdev->smp_bredr_data;
				3479	hdev->smp_bredr_data = NULL;
				3480	smp_del_chan(chan);
				3481	}
				3482
				3483	if (hdev->smp_data) {
				3484	chan = hdev->smp_data;
				3485	hdev->smp_data = NULL;
				3486	smp_del_chan(chan);
				3487	}
				3488	}
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3489
				3490	#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
				3491
Marcel Holtmann	71653eb	2017-04-30 06:51:41 -0700	[diff] [blame]	3492	static inline void swap_digits(u64 in, u64 out, unsigned int ndigits)
				3493	{
				3494	int i;
				3495
				3496	for (i = 0; i < ndigits; i++)
				3497	out[i] = __swab64(in[ndigits - 1 - i]);
				3498	}
				3499
				3500	static int __init test_debug_key(void)
				3501	{
				3502	u8 pk[64], sk[32];
				3503
				3504	swap_digits((u64 )debug_sk, (u64 )sk, 4);
				3505
				3506	if (!generate_ecdh_keys(pk, sk))
				3507	return -EINVAL;
				3508
				3509	if (memcmp(sk, debug_sk, 32))
				3510	return -EINVAL;
				3511
				3512	if (memcmp(pk, debug_pk, 64))
				3513	return -EINVAL;
				3514
				3515	return 0;
				3516	}
				3517
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3518	static int __init test_ah(struct crypto_cipher *tfm_aes)
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3519	{
				3520	const u8 irk[16] = {
				3521	0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
				3522	0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
				3523	const u8 r[3] = { 0x94, 0x81, 0x70 };
				3524	const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
				3525	u8 res[3];
				3526	int err;
				3527
				3528	err = smp_ah(tfm_aes, irk, r, res);
				3529	if (err)
				3530	return err;
				3531
				3532	if (memcmp(res, exp, 3))
				3533	return -EINVAL;
				3534
				3535	return 0;
				3536	}
				3537
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3538	static int __init test_c1(struct crypto_cipher *tfm_aes)
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3539	{
				3540	const u8 k[16] = {
				3541	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
				3542	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
				3543	const u8 r[16] = {
				3544	0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
				3545	0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
				3546	const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
				3547	const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
				3548	const u8 _iat = 0x01;
				3549	const u8 _rat = 0x00;
				3550	const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
				3551	const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
				3552	const u8 exp[16] = {
				3553	0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
				3554	0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
				3555	u8 res[16];
				3556	int err;
				3557
				3558	err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
				3559	if (err)
				3560	return err;
				3561
				3562	if (memcmp(res, exp, 16))
				3563	return -EINVAL;
				3564
				3565	return 0;
				3566	}
				3567
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3568	static int __init test_s1(struct crypto_cipher *tfm_aes)
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3569	{
				3570	const u8 k[16] = {
				3571	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
				3572	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
				3573	const u8 r1[16] = {
				3574	0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
				3575	const u8 r2[16] = {
				3576	0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
				3577	const u8 exp[16] = {
				3578	0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
				3579	0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
				3580	u8 res[16];
				3581	int err;
				3582
				3583	err = smp_s1(tfm_aes, k, r1, r2, res);
				3584	if (err)
				3585	return err;
				3586
				3587	if (memcmp(res, exp, 16))
				3588	return -EINVAL;
				3589
				3590	return 0;
				3591	}
				3592
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3593	static int __init test_f4(struct crypto_shash *tfm_cmac)
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3594	{
				3595	const u8 u[32] = {
				3596	0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
				3597	0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
				3598	0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
				3599	0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
				3600	const u8 v[32] = {
				3601	0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
				3602	0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
				3603	0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
				3604	0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
				3605	const u8 x[16] = {
				3606	0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
				3607	0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
				3608	const u8 z = 0x00;
				3609	const u8 exp[16] = {
				3610	0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
				3611	0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
				3612	u8 res[16];
				3613	int err;
				3614
				3615	err = smp_f4(tfm_cmac, u, v, x, z, res);
				3616	if (err)
				3617	return err;
				3618
				3619	if (memcmp(res, exp, 16))
				3620	return -EINVAL;
				3621
				3622	return 0;
				3623	}
				3624
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3625	static int __init test_f5(struct crypto_shash *tfm_cmac)
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3626	{
				3627	const u8 w[32] = {
				3628	0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
				3629	0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
				3630	0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
				3631	0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
				3632	const u8 n1[16] = {
				3633	0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
				3634	0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
				3635	const u8 n2[16] = {
				3636	0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
				3637	0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
				3638	const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
				3639	const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
				3640	const u8 exp_ltk[16] = {
				3641	0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
				3642	0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
				3643	const u8 exp_mackey[16] = {
				3644	0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
				3645	0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
				3646	u8 mackey[16], ltk[16];
				3647	int err;
				3648
				3649	err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
				3650	if (err)
				3651	return err;
				3652
				3653	if (memcmp(mackey, exp_mackey, 16))
				3654	return -EINVAL;
				3655
				3656	if (memcmp(ltk, exp_ltk, 16))
				3657	return -EINVAL;
				3658
				3659	return 0;
				3660	}
				3661
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3662	static int __init test_f6(struct crypto_shash *tfm_cmac)
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3663	{
				3664	const u8 w[16] = {
				3665	0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
				3666	0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
				3667	const u8 n1[16] = {
				3668	0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
				3669	0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
				3670	const u8 n2[16] = {
				3671	0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
				3672	0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
				3673	const u8 r[16] = {
				3674	0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
				3675	0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
				3676	const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
				3677	const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
				3678	const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
				3679	const u8 exp[16] = {
				3680	0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
				3681	0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
				3682	u8 res[16];
				3683	int err;
				3684
				3685	err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
				3686	if (err)
				3687	return err;
				3688
				3689	if (memcmp(res, exp, 16))
				3690	return -EINVAL;
				3691
				3692	return 0;
				3693	}
				3694
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3695	static int __init test_g2(struct crypto_shash *tfm_cmac)
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3696	{
				3697	const u8 u[32] = {
				3698	0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
				3699	0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
				3700	0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
				3701	0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
				3702	const u8 v[32] = {
				3703	0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
				3704	0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
				3705	0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
				3706	0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
				3707	const u8 x[16] = {
				3708	0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
				3709	0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
				3710	const u8 y[16] = {
				3711	0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
				3712	0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
				3713	const u32 exp_val = 0x2f9ed5ba % 1000000;
				3714	u32 val;
				3715	int err;
				3716
				3717	err = smp_g2(tfm_cmac, u, v, x, y, &val);
				3718	if (err)
				3719	return err;
				3720
				3721	if (val != exp_val)
				3722	return -EINVAL;
				3723
				3724	return 0;
				3725	}
				3726
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3727	static int __init test_h6(struct crypto_shash *tfm_cmac)
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3728	{
				3729	const u8 w[16] = {
				3730	0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
				3731	0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
				3732	const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
				3733	const u8 exp[16] = {
				3734	0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
				3735	0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
				3736	u8 res[16];
				3737	int err;
				3738
				3739	err = smp_h6(tfm_cmac, w, key_id, res);
				3740	if (err)
				3741	return err;
				3742
				3743	if (memcmp(res, exp, 16))
				3744	return -EINVAL;
				3745
				3746	return 0;
				3747	}
				3748
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3749	static char test_smp_buffer[32];
				3750
				3751	static ssize_t test_smp_read(struct file file, char __user user_buf,
				3752	size_t count, loff_t *ppos)
				3753	{
				3754	return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
				3755	strlen(test_smp_buffer));
				3756	}
				3757
				3758	static const struct file_operations test_smp_fops = {
				3759	.open = simple_open,
				3760	.read = test_smp_read,
				3761	.llseek = default_llseek,
				3762	};
				3763
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3764	static int __init run_selftests(struct crypto_cipher *tfm_aes,
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3765	struct crypto_shash *tfm_cmac)
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3766	{
Marcel Holtmann	255047b0	2014-12-30 00:11:20 -0800	[diff] [blame]	3767	ktime_t calltime, delta, rettime;
				3768	unsigned long long duration;
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3769	int err;
				3770
Marcel Holtmann	255047b0	2014-12-30 00:11:20 -0800	[diff] [blame]	3771	calltime = ktime_get();
				3772
Marcel Holtmann	71653eb	2017-04-30 06:51:41 -0700	[diff] [blame]	3773	err = test_debug_key();
				3774	if (err) {
				3775	BT_ERR("debug_key test failed");
				3776	goto done;
				3777	}
				3778
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3779	err = test_ah(tfm_aes);
				3780	if (err) {
				3781	BT_ERR("smp_ah test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3782	goto done;
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3783	}
				3784
				3785	err = test_c1(tfm_aes);
				3786	if (err) {
				3787	BT_ERR("smp_c1 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3788	goto done;
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3789	}
				3790
				3791	err = test_s1(tfm_aes);
				3792	if (err) {
				3793	BT_ERR("smp_s1 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3794	goto done;
Johan Hedberg	cfc4198	2014-12-30 09:50:40 +0200	[diff] [blame]	3795	}
				3796
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3797	err = test_f4(tfm_cmac);
				3798	if (err) {
				3799	BT_ERR("smp_f4 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3800	goto done;
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3801	}
				3802
				3803	err = test_f5(tfm_cmac);
				3804	if (err) {
				3805	BT_ERR("smp_f5 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3806	goto done;
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3807	}
				3808
				3809	err = test_f6(tfm_cmac);
				3810	if (err) {
				3811	BT_ERR("smp_f6 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3812	goto done;
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3813	}
				3814
				3815	err = test_g2(tfm_cmac);
				3816	if (err) {
				3817	BT_ERR("smp_g2 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3818	goto done;
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3819	}
				3820
				3821	err = test_h6(tfm_cmac);
				3822	if (err) {
				3823	BT_ERR("smp_h6 test failed");
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3824	goto done;
Johan Hedberg	fb2969a	2014-12-30 09:50:41 +0200	[diff] [blame]	3825	}
				3826
Marcel Holtmann	255047b0	2014-12-30 00:11:20 -0800	[diff] [blame]	3827	rettime = ktime_get();
				3828	delta = ktime_sub(rettime, calltime);
				3829	duration = (unsigned long long) ktime_to_ns(delta) >> 10;
				3830
Marcel Holtmann	5ced246	2015-01-12 23:09:48 -0800	[diff] [blame]	3831	BT_INFO("SMP test passed in %llu usecs", duration);
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3832
Marcel Holtmann	64dd374	2015-04-01 12:52:13 -0700	[diff] [blame]	3833	done:
				3834	if (!err)
				3835	snprintf(test_smp_buffer, sizeof(test_smp_buffer),
				3836	"PASS (%llu usecs)\n", duration);
				3837	else
				3838	snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
				3839
				3840	debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
				3841	&test_smp_fops);
				3842
				3843	return err;
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3844	}
				3845
				3846	int __init bt_selftest_smp(void)
				3847	{
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3848	struct crypto_cipher *tfm_aes;
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3849	struct crypto_shash *tfm_cmac;
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3850	int err;
				3851
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3852	tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3853	if (IS_ERR(tfm_aes)) {
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3854	BT_ERR("Unable to create AES crypto context");
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3855	return PTR_ERR(tfm_aes);
				3856	}
				3857
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3858	tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3859	if (IS_ERR(tfm_cmac)) {
				3860	BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3861	crypto_free_cipher(tfm_aes);
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3862	return PTR_ERR(tfm_cmac);
				3863	}
				3864
				3865	err = run_selftests(tfm_aes, tfm_cmac);
				3866
Herbert Xu	71af2f6	2016-01-24 21:18:30 +0800	[diff] [blame]	3867	crypto_free_shash(tfm_cmac);
Andy Lutomirski	a4770e1	2016-06-26 14:55:23 -0700	[diff] [blame]	3868	crypto_free_cipher(tfm_aes);
Johan Hedberg	0a2b0f0	2014-12-30 09:50:39 +0200	[diff] [blame]	3869
				3870	return err;
				3871	}
				3872
				3873	#endif