blob: 1abfbcd8090a56793d00aa022a4a4128ff984b2b [file] [log] [blame]
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
Marcel Holtmann300acfde2014-12-31 14:43:16 -080023#include <linux/debugfs.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030024#include <linux/scatterlist.h>
Andy Lutomirskia4770e12016-06-26 14:55:23 -070025#include <linux/crypto.h>
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +020026#include <crypto/algapi.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030027#include <crypto/b128ops.h>
Herbert Xu71af2f62016-01-24 21:18:30 +080028#include <crypto/hash.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030029
Anderson Brigliaeb492e02011-06-09 18:50:40 -030030#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
Brian Gix2b64d152011-12-21 16:12:12 -080033#include <net/bluetooth/mgmt.h>
Marcel Holtmannac4b7232013-10-10 14:54:16 -070034
Johan Hedberg3b191462014-06-06 10:50:15 +030035#include "ecc.h"
Marcel Holtmannac4b7232013-10-10 14:54:16 -070036#include "smp.h"
Anderson Brigliad22ef0b2011-06-09 18:50:44 -030037
Johan Hedberg2fd36552015-06-11 13:52:26 +030038#define SMP_DEV(hdev) \
39 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
40
Johan Hedbergc7a3d572014-12-01 22:03:16 +020041/* Low-level debug macros to be used for stuff that we don't want
42 * accidentially in dmesg, i.e. the values of the various crypto keys
43 * and the inputs & outputs of crypto functions.
44 */
45#ifdef DEBUG
46#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
47 ##__VA_ARGS__)
48#else
49#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
50 ##__VA_ARGS__)
51#endif
52
Johan Hedbergb28b4942014-09-05 22:19:55 +030053#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
Johan Hedbergb28b4942014-09-05 22:19:55 +030054
Johan Hedberg3b191462014-06-06 10:50:15 +030055/* Keys which are not distributed with Secure Connections */
56#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
57
Marcel Holtmann17b02e62012-03-01 14:32:37 -080058#define SMP_TIMEOUT msecs_to_jiffies(30000)
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -030059
Marcel Holtmannd7a5a112015-03-13 02:11:00 -070060#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
Johan Hedberg0edb14d2014-05-26 13:29:28 +030061 0x1f : 0x07)
62#define KEY_DIST_MASK 0x07
Johan Hedberg065a13e2012-10-11 16:26:06 +020063
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +030064/* Maximum message length that can be passed to aes_cmac */
65#define CMAC_MSG_MAX 80
66
Johan Hedberg533e35d2014-06-16 19:25:18 +030067enum {
68 SMP_FLAG_TK_VALID,
69 SMP_FLAG_CFM_PENDING,
70 SMP_FLAG_MITM_AUTH,
71 SMP_FLAG_COMPLETE,
72 SMP_FLAG_INITIATOR,
Johan Hedberg65668772014-05-16 11:03:34 +030073 SMP_FLAG_SC,
Johan Hedbergd8f8edb2014-06-06 11:09:28 +030074 SMP_FLAG_REMOTE_PK,
Johan Hedbergaeb7d462014-05-31 18:52:28 +030075 SMP_FLAG_DEBUG_KEY,
Johan Hedberg38606f12014-06-25 11:10:28 +030076 SMP_FLAG_WAIT_USER,
Johan Hedbergd3e54a82014-06-04 11:07:40 +030077 SMP_FLAG_DHKEY_PENDING,
Johan Hedberg1a8bab42015-03-16 11:45:44 +020078 SMP_FLAG_REMOTE_OOB,
79 SMP_FLAG_LOCAL_OOB,
Johan Hedberg533e35d2014-06-16 19:25:18 +030080};
Johan Hedberg4bc58f52014-05-20 09:45:47 +030081
Marcel Holtmann88a479d2015-03-16 01:10:19 -070082struct smp_dev {
Marcel Holtmann60a27d62015-03-16 01:10:22 -070083 /* Secure Connections OOB data */
84 u8 local_pk[64];
85 u8 local_sk[32];
Marcel Holtmannfb334fe2015-03-16 12:34:57 -070086 u8 local_rand[16];
Marcel Holtmann60a27d62015-03-16 01:10:22 -070087 bool debug_key;
88
Johan Hedbergb1f663c2015-06-11 13:52:27 +030089 u8 min_key_size;
Johan Hedberg2fd36552015-06-11 13:52:26 +030090 u8 max_key_size;
91
Andy Lutomirskia4770e12016-06-26 14:55:23 -070092 struct crypto_cipher *tfm_aes;
Herbert Xu71af2f62016-01-24 21:18:30 +080093 struct crypto_shash *tfm_cmac;
Marcel Holtmann88a479d2015-03-16 01:10:19 -070094};
95
Johan Hedberg4bc58f52014-05-20 09:45:47 +030096struct smp_chan {
Johan Hedbergb68fda62014-08-11 22:06:40 +030097 struct l2cap_conn *conn;
98 struct delayed_work security_timer;
Johan Hedbergb28b4942014-09-05 22:19:55 +030099 unsigned long allow_cmd; /* Bitmask of allowed commands */
Johan Hedbergb68fda62014-08-11 22:06:40 +0300100
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300101 u8 preq[7]; /* SMP Pairing Request */
102 u8 prsp[7]; /* SMP Pairing Response */
103 u8 prnd[16]; /* SMP Pairing Random (local) */
104 u8 rrnd[16]; /* SMP Pairing Random (remote) */
105 u8 pcnf[16]; /* SMP Pairing Confirm */
106 u8 tk[16]; /* SMP Temporary Key */
Johan Hedberg882fafa2015-03-16 11:45:43 +0200107 u8 rr[16]; /* Remote OOB ra/rb value */
108 u8 lr[16]; /* Local OOB ra/rb value */
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300109 u8 enc_key_size;
110 u8 remote_key_dist;
111 bdaddr_t id_addr;
112 u8 id_addr_type;
113 u8 irk[16];
114 struct smp_csrk *csrk;
115 struct smp_csrk *slave_csrk;
116 struct smp_ltk *ltk;
117 struct smp_ltk *slave_ltk;
118 struct smp_irk *remote_irk;
Johan Hedberg6a770832014-06-06 11:54:04 +0300119 u8 *link_key;
Johan Hedberg4a74d652014-05-20 09:45:50 +0300120 unsigned long flags;
Johan Hedberg783e0572014-05-31 18:48:26 +0300121 u8 method;
Johan Hedberg38606f12014-06-25 11:10:28 +0300122 u8 passkey_round;
Johan Hedberg6a7bd102014-06-27 14:23:03 +0300123
Johan Hedberg3b191462014-06-06 10:50:15 +0300124 /* Secure Connections variables */
125 u8 local_pk[64];
126 u8 local_sk[32];
Johan Hedbergd8f8edb2014-06-06 11:09:28 +0300127 u8 remote_pk[64];
128 u8 dhkey[32];
Johan Hedberg760b0182014-06-06 11:44:05 +0300129 u8 mackey[16];
Johan Hedberg3b191462014-06-06 10:50:15 +0300130
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700131 struct crypto_cipher *tfm_aes;
Herbert Xu71af2f62016-01-24 21:18:30 +0800132 struct crypto_shash *tfm_cmac;
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300133};
134
Johan Hedbergaeb7d462014-05-31 18:52:28 +0300135/* These debug key values are defined in the SMP section of the core
136 * specification. debug_pk is the public debug key and debug_sk the
137 * private debug key.
138 */
139static const u8 debug_pk[64] = {
140 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
141 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
142 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
143 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
144
145 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
146 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
147 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
148 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
149};
150
151static const u8 debug_sk[32] = {
152 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
153 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
154 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
155 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
156};
157
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300158static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300159{
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300160 size_t i;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300161
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300162 for (i = 0; i < len; i++)
163 dst[len - 1 - i] = src[i];
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300164}
165
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200166/* The following functions map to the LE SC SMP crypto functions
167 * AES-CMAC, f4, f5, f6, g2 and h6.
168 */
169
Herbert Xu71af2f62016-01-24 21:18:30 +0800170static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300171 size_t len, u8 mac[16])
172{
173 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
Herbert Xu71af2f62016-01-24 21:18:30 +0800174 SHASH_DESC_ON_STACK(desc, tfm);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300175 int err;
176
177 if (len > CMAC_MSG_MAX)
178 return -EFBIG;
179
180 if (!tfm) {
181 BT_ERR("tfm %p", tfm);
182 return -EINVAL;
183 }
184
Herbert Xu71af2f62016-01-24 21:18:30 +0800185 desc->tfm = tfm;
186 desc->flags = 0;
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300187
188 /* Swap key and message from LSB to MSB */
189 swap_buf(k, tmp, 16);
190 swap_buf(m, msg_msb, len);
191
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200192 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
193 SMP_DBG("key %16phN", k);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300194
Herbert Xu71af2f62016-01-24 21:18:30 +0800195 err = crypto_shash_setkey(tfm, tmp, 16);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300196 if (err) {
197 BT_ERR("cipher setkey failed: %d", err);
198 return err;
199 }
200
Herbert Xu71af2f62016-01-24 21:18:30 +0800201 err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
202 shash_desc_zero(desc);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300203 if (err) {
Herbert Xu71af2f62016-01-24 21:18:30 +0800204 BT_ERR("Hash computation error %d", err);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300205 return err;
206 }
207
208 swap_buf(mac_msb, mac, 16);
209
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200210 SMP_DBG("mac %16phN", mac);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300211
212 return 0;
213}
214
Herbert Xu71af2f62016-01-24 21:18:30 +0800215static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
216 const u8 v[32], const u8 x[16], u8 z, u8 res[16])
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300217{
218 u8 m[65];
219 int err;
220
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200221 SMP_DBG("u %32phN", u);
222 SMP_DBG("v %32phN", v);
223 SMP_DBG("x %16phN z %02x", x, z);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300224
225 m[0] = z;
226 memcpy(m + 1, v, 32);
227 memcpy(m + 33, u, 32);
228
229 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
230 if (err)
231 return err;
232
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200233 SMP_DBG("res %16phN", res);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300234
235 return err;
236}
237
Herbert Xu71af2f62016-01-24 21:18:30 +0800238static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
Johan Hedberg4da50de2014-12-29 12:04:10 +0200239 const u8 n1[16], const u8 n2[16], const u8 a1[7],
240 const u8 a2[7], u8 mackey[16], u8 ltk[16])
Johan Hedberg760b0182014-06-06 11:44:05 +0300241{
242 /* The btle, salt and length "magic" values are as defined in
243 * the SMP section of the Bluetooth core specification. In ASCII
244 * the btle value ends up being 'btle'. The salt is just a
245 * random number whereas length is the value 256 in little
246 * endian format.
247 */
248 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
249 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
250 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
251 const u8 length[2] = { 0x00, 0x01 };
252 u8 m[53], t[16];
253 int err;
254
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200255 SMP_DBG("w %32phN", w);
256 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
257 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300258
259 err = aes_cmac(tfm_cmac, salt, w, 32, t);
260 if (err)
261 return err;
262
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200263 SMP_DBG("t %16phN", t);
Johan Hedberg760b0182014-06-06 11:44:05 +0300264
265 memcpy(m, length, 2);
266 memcpy(m + 2, a2, 7);
267 memcpy(m + 9, a1, 7);
268 memcpy(m + 16, n2, 16);
269 memcpy(m + 32, n1, 16);
270 memcpy(m + 48, btle, 4);
271
272 m[52] = 0; /* Counter */
273
274 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
275 if (err)
276 return err;
277
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200278 SMP_DBG("mackey %16phN", mackey);
Johan Hedberg760b0182014-06-06 11:44:05 +0300279
280 m[52] = 1; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
283 if (err)
284 return err;
285
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200286 SMP_DBG("ltk %16phN", ltk);
Johan Hedberg760b0182014-06-06 11:44:05 +0300287
288 return 0;
289}
290
Herbert Xu71af2f62016-01-24 21:18:30 +0800291static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg4da50de2014-12-29 12:04:10 +0200292 const u8 n1[16], const u8 n2[16], const u8 r[16],
Johan Hedberg760b0182014-06-06 11:44:05 +0300293 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
294 u8 res[16])
295{
296 u8 m[65];
297 int err;
298
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200299 SMP_DBG("w %16phN", w);
300 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
301 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300302
303 memcpy(m, a2, 7);
304 memcpy(m + 7, a1, 7);
305 memcpy(m + 14, io_cap, 3);
306 memcpy(m + 17, r, 16);
307 memcpy(m + 33, n2, 16);
308 memcpy(m + 49, n1, 16);
309
310 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
311 if (err)
312 return err;
313
Marcel Holtmann203de212014-12-31 20:01:22 -0800314 SMP_DBG("res %16phN", res);
Johan Hedberg760b0182014-06-06 11:44:05 +0300315
316 return err;
317}
318
Herbert Xu71af2f62016-01-24 21:18:30 +0800319static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300320 const u8 x[16], const u8 y[16], u32 *val)
321{
322 u8 m[80], tmp[16];
323 int err;
324
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200325 SMP_DBG("u %32phN", u);
326 SMP_DBG("v %32phN", v);
327 SMP_DBG("x %16phN y %16phN", x, y);
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300328
329 memcpy(m, y, 16);
330 memcpy(m + 16, v, 32);
331 memcpy(m + 48, u, 32);
332
333 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
334 if (err)
335 return err;
336
337 *val = get_unaligned_le32(tmp);
338 *val %= 1000000;
339
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200340 SMP_DBG("val %06u", *val);
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300341
342 return 0;
343}
344
Herbert Xu71af2f62016-01-24 21:18:30 +0800345static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200346 const u8 key_id[4], u8 res[16])
347{
348 int err;
349
350 SMP_DBG("w %16phN key_id %4phN", w, key_id);
351
352 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
353 if (err)
354 return err;
355
356 SMP_DBG("res %16phN", res);
357
358 return err;
359}
360
361/* The following functions map to the legacy SMP crypto functions e, c1,
362 * s1 and ah.
363 */
364
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700365static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300366{
Johan Hedberg943a7322014-03-18 12:58:24 +0200367 uint8_t tmp[16], data[16];
Johan Hedberg201a5922013-12-02 10:49:04 +0200368 int err;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300369
Johan Hedberg011c3912015-05-19 21:06:04 +0300370 SMP_DBG("k %16phN r %16phN", k, r);
371
Johan Hedberg7f376cd2014-12-03 16:07:13 +0200372 if (!tfm) {
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300373 BT_ERR("tfm %p", tfm);
374 return -EINVAL;
375 }
376
Johan Hedberg943a7322014-03-18 12:58:24 +0200377 /* The most significant octet of key corresponds to k[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300378 swap_buf(k, tmp, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200379
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700380 err = crypto_cipher_setkey(tfm, tmp, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300381 if (err) {
382 BT_ERR("cipher setkey failed: %d", err);
383 return err;
384 }
385
Johan Hedberg943a7322014-03-18 12:58:24 +0200386 /* Most significant octet of plaintextData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300387 swap_buf(r, data, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200388
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700389 crypto_cipher_encrypt_one(tfm, data, data);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300390
Johan Hedberg943a7322014-03-18 12:58:24 +0200391 /* Most significant octet of encryptedData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300392 swap_buf(data, r, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200393
Johan Hedberg011c3912015-05-19 21:06:04 +0300394 SMP_DBG("r %16phN", r);
395
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300396 return err;
397}
398
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700399static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200400 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
401 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
402{
403 u8 p1[16], p2[16];
404 int err;
405
Johan Hedberg011c3912015-05-19 21:06:04 +0300406 SMP_DBG("k %16phN r %16phN", k, r);
407 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
408 SMP_DBG("preq %7phN pres %7phN", preq, pres);
409
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200410 memset(p1, 0, 16);
411
412 /* p1 = pres || preq || _rat || _iat */
413 p1[0] = _iat;
414 p1[1] = _rat;
415 memcpy(p1 + 2, preq, 7);
416 memcpy(p1 + 9, pres, 7);
417
Johan Hedberg011c3912015-05-19 21:06:04 +0300418 SMP_DBG("p1 %16phN", p1);
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200419
420 /* res = r XOR p1 */
421 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
422
423 /* res = e(k, res) */
424 err = smp_e(tfm_aes, k, res);
425 if (err) {
426 BT_ERR("Encrypt data error");
427 return err;
428 }
429
Johan Hedberg011c3912015-05-19 21:06:04 +0300430 /* p2 = padding || ia || ra */
431 memcpy(p2, ra, 6);
432 memcpy(p2 + 6, ia, 6);
433 memset(p2 + 12, 0, 4);
434
435 SMP_DBG("p2 %16phN", p2);
436
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200437 /* res = res XOR p2 */
438 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err)
443 BT_ERR("Encrypt data error");
444
445 return err;
446}
447
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700448static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200449 const u8 r1[16], const u8 r2[16], u8 _r[16])
Johan Hedberg6a770832014-06-06 11:54:04 +0300450{
451 int err;
452
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200453 /* Just least significant octets from r1 and r2 are considered */
454 memcpy(_r, r2, 8);
455 memcpy(_r + 8, r1, 8);
Johan Hedberg6a770832014-06-06 11:54:04 +0300456
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200457 err = smp_e(tfm_aes, k, _r);
Johan Hedberg6a770832014-06-06 11:54:04 +0300458 if (err)
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200459 BT_ERR("Encrypt data error");
Johan Hedberg6a770832014-06-06 11:54:04 +0300460
461 return err;
462}
463
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700464static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
Johan Hedbergcd082792014-12-02 13:37:41 +0200465 const u8 r[3], u8 res[3])
Johan Hedberg60478052014-02-18 10:19:31 +0200466{
Johan Hedberg943a7322014-03-18 12:58:24 +0200467 u8 _res[16];
Johan Hedberg60478052014-02-18 10:19:31 +0200468 int err;
469
470 /* r' = padding || r */
Johan Hedberg943a7322014-03-18 12:58:24 +0200471 memcpy(_res, r, 3);
472 memset(_res + 3, 0, 13);
Johan Hedberg60478052014-02-18 10:19:31 +0200473
Johan Hedberg943a7322014-03-18 12:58:24 +0200474 err = smp_e(tfm, irk, _res);
Johan Hedberg60478052014-02-18 10:19:31 +0200475 if (err) {
476 BT_ERR("Encrypt error");
477 return err;
478 }
479
480 /* The output of the random address function ah is:
Marcel Holtmannc5080d42015-09-04 17:08:18 +0200481 * ah(k, r) = e(k, r') mod 2^24
Johan Hedberg60478052014-02-18 10:19:31 +0200482 * The output of the security function e is then truncated to 24 bits
483 * by taking the least significant 24 bits of the output of e as the
484 * result of ah.
485 */
Johan Hedberg943a7322014-03-18 12:58:24 +0200486 memcpy(res, _res, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200487
488 return 0;
489}
490
Johan Hedbergcd082792014-12-02 13:37:41 +0200491bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
492 const bdaddr_t *bdaddr)
Johan Hedberg60478052014-02-18 10:19:31 +0200493{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300494 struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700495 struct smp_dev *smp;
Johan Hedberg60478052014-02-18 10:19:31 +0200496 u8 hash[3];
497 int err;
498
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300499 if (!chan || !chan->data)
500 return false;
501
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700502 smp = chan->data;
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300503
Johan Hedberg60478052014-02-18 10:19:31 +0200504 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
505
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700506 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
Johan Hedberg60478052014-02-18 10:19:31 +0200507 if (err)
508 return false;
509
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +0200510 return !crypto_memneq(bdaddr->b, hash, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200511}
512
Johan Hedbergcd082792014-12-02 13:37:41 +0200513int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200514{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300515 struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700516 struct smp_dev *smp;
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200517 int err;
518
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300519 if (!chan || !chan->data)
520 return -EOPNOTSUPP;
521
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700522 smp = chan->data;
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300523
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200524 get_random_bytes(&rpa->b[3], 3);
525
526 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
527 rpa->b[5] |= 0x40; /* Set second most significant bit */
528
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700529 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200530 if (err < 0)
531 return err;
532
533 BT_DBG("RPA %pMR", rpa);
534
535 return 0;
536}
537
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700538int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
539{
540 struct l2cap_chan *chan = hdev->smp_data;
541 struct smp_dev *smp;
542 int err;
543
544 if (!chan || !chan->data)
545 return -EOPNOTSUPP;
546
547 smp = chan->data;
548
549 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
550 BT_DBG("Using debug keys");
551 memcpy(smp->local_pk, debug_pk, 64);
552 memcpy(smp->local_sk, debug_sk, 32);
553 smp->debug_key = true;
554 } else {
555 while (true) {
556 /* Generate local key pair for Secure Connections */
557 if (!ecc_make_key(smp->local_pk, smp->local_sk))
558 return -EIO;
559
560 /* This is unlikely, but we need to check that
561 * we didn't accidentially generate a debug key.
562 */
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +0200563 if (crypto_memneq(smp->local_sk, debug_sk, 32))
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700564 break;
565 }
566 smp->debug_key = false;
567 }
568
569 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
570 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
571 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
572
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700573 get_random_bytes(smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700574
575 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700576 smp->local_rand, 0, hash);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700577 if (err < 0)
578 return err;
579
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700580 memcpy(rand, smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700581
582 return 0;
583}
584
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300585static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
586{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300587 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300588 struct smp_chan *smp;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300589 struct kvec iv[2];
590 struct msghdr msg;
591
592 if (!chan)
593 return;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300594
595 BT_DBG("code 0x%2.2x", code);
596
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300597 iv[0].iov_base = &code;
598 iv[0].iov_len = 1;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300599
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300600 iv[1].iov_base = data;
601 iv[1].iov_len = len;
602
603 memset(&msg, 0, sizeof(msg));
604
Al Viro17836392014-11-24 17:07:38 -0500605 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300606
607 l2cap_chan_send(chan, &msg, 1 + len);
Vinicius Costa Gomese2dcd112011-08-19 21:06:50 -0300608
Johan Hedbergb68fda62014-08-11 22:06:40 +0300609 if (!chan->data)
610 return;
611
612 smp = chan->data;
613
614 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg1b0921d2014-09-05 22:19:48 +0300615 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300616}
617
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300618static u8 authreq_to_seclevel(u8 authreq)
Brian Gix2b64d152011-12-21 16:12:12 -0800619{
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300620 if (authreq & SMP_AUTH_MITM) {
621 if (authreq & SMP_AUTH_SC)
622 return BT_SECURITY_FIPS;
623 else
624 return BT_SECURITY_HIGH;
625 } else {
Brian Gix2b64d152011-12-21 16:12:12 -0800626 return BT_SECURITY_MEDIUM;
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300627 }
Brian Gix2b64d152011-12-21 16:12:12 -0800628}
629
630static __u8 seclevel_to_authreq(__u8 sec_level)
631{
632 switch (sec_level) {
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300633 case BT_SECURITY_FIPS:
Brian Gix2b64d152011-12-21 16:12:12 -0800634 case BT_SECURITY_HIGH:
635 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
636 case BT_SECURITY_MEDIUM:
637 return SMP_AUTH_BONDING;
638 default:
639 return SMP_AUTH_NONE;
640 }
641}
642
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300643static void build_pairing_cmd(struct l2cap_conn *conn,
Marcel Holtmannf1560462013-10-13 05:43:25 -0700644 struct smp_cmd_pairing *req,
645 struct smp_cmd_pairing *rsp, __u8 authreq)
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300646{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300647 struct l2cap_chan *chan = conn->smp;
648 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200649 struct hci_conn *hcon = conn->hcon;
650 struct hci_dev *hdev = hcon->hdev;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100651 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300652
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700653 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -0700654 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
655 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300656 authreq |= SMP_AUTH_BONDING;
Brian Gix2b64d152011-12-21 16:12:12 -0800657 } else {
658 authreq &= ~SMP_AUTH_BONDING;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300659 }
660
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700661 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergfd349c02014-02-18 10:19:36 +0200662 remote_dist |= SMP_DIST_ID_KEY;
663
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700664 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedberg863efaf2014-02-22 19:06:32 +0200665 local_dist |= SMP_DIST_ID_KEY;
666
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700667 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100668 (authreq & SMP_AUTH_SC)) {
669 struct oob_data *oob_data;
670 u8 bdaddr_type;
671
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700672 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300673 local_dist |= SMP_DIST_LINK_KEY;
674 remote_dist |= SMP_DIST_LINK_KEY;
675 }
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100676
677 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
678 bdaddr_type = BDADDR_LE_PUBLIC;
679 else
680 bdaddr_type = BDADDR_LE_RANDOM;
681
682 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
683 bdaddr_type);
Marcel Holtmann4775a4e2015-01-31 00:15:52 -0800684 if (oob_data && oob_data->present) {
Johan Hedberg1a8bab42015-03-16 11:45:44 +0200685 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100686 oob_flag = SMP_OOB_PRESENT;
Johan Hedberga29b0732014-10-28 15:17:05 +0100687 memcpy(smp->rr, oob_data->rand256, 16);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100688 memcpy(smp->pcnf, oob_data->hash256, 16);
Marcel Holtmannbc07cd62015-03-16 12:34:56 -0700689 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
690 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100691 }
692
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300693 } else {
694 authreq &= ~SMP_AUTH_SC;
695 }
696
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300697 if (rsp == NULL) {
698 req->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100699 req->oob_flag = oob_flag;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300700 req->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200701 req->init_key_dist = local_dist;
702 req->resp_key_dist = remote_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300703 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200704
705 smp->remote_key_dist = remote_dist;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300706 return;
707 }
708
709 rsp->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100710 rsp->oob_flag = oob_flag;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300711 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200712 rsp->init_key_dist = req->init_key_dist & remote_dist;
713 rsp->resp_key_dist = req->resp_key_dist & local_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300714 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200715
716 smp->remote_key_dist = rsp->init_key_dist;
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300717}
718
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300719static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
720{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300721 struct l2cap_chan *chan = conn->smp;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300722 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300723 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -0300724
Johan Hedberg2fd36552015-06-11 13:52:26 +0300725 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
726 max_key_size < SMP_MIN_ENC_KEY_SIZE)
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300727 return SMP_ENC_KEY_SIZE;
728
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300729 smp->enc_key_size = max_key_size;
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300730
731 return 0;
732}
733
Johan Hedberg6f48e262014-08-11 22:06:44 +0300734static void smp_chan_destroy(struct l2cap_conn *conn)
735{
736 struct l2cap_chan *chan = conn->smp;
737 struct smp_chan *smp = chan->data;
Johan Hedberg923e2412014-12-03 12:43:39 +0200738 struct hci_conn *hcon = conn->hcon;
Johan Hedberg6f48e262014-08-11 22:06:44 +0300739 bool complete;
740
741 BUG_ON(!smp);
742
743 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300744
Johan Hedberg6f48e262014-08-11 22:06:44 +0300745 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
Johan Hedberg923e2412014-12-03 12:43:39 +0200746 mgmt_smp_complete(hcon, complete);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300747
Marcel Holtmann276812e2015-03-16 01:10:18 -0700748 kzfree(smp->csrk);
749 kzfree(smp->slave_csrk);
750 kzfree(smp->link_key);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300751
Andy Lutomirskia4770e12016-06-26 14:55:23 -0700752 crypto_free_cipher(smp->tfm_aes);
Herbert Xu71af2f62016-01-24 21:18:30 +0800753 crypto_free_shash(smp->tfm_cmac);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300754
Johan Hedberg923e2412014-12-03 12:43:39 +0200755 /* Ensure that we don't leave any debug key around if debug key
756 * support hasn't been explicitly enabled.
757 */
758 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700759 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
Johan Hedberg923e2412014-12-03 12:43:39 +0200760 list_del_rcu(&smp->ltk->list);
761 kfree_rcu(smp->ltk, rcu);
762 smp->ltk = NULL;
763 }
764
Johan Hedberg6f48e262014-08-11 22:06:44 +0300765 /* If pairing failed clean up any keys we might have */
766 if (!complete) {
767 if (smp->ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200768 list_del_rcu(&smp->ltk->list);
769 kfree_rcu(smp->ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300770 }
771
772 if (smp->slave_ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200773 list_del_rcu(&smp->slave_ltk->list);
774 kfree_rcu(smp->slave_ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300775 }
776
777 if (smp->remote_irk) {
Johan Hedbergadae20c2014-11-13 14:37:48 +0200778 list_del_rcu(&smp->remote_irk->list);
779 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300780 }
781 }
782
783 chan->data = NULL;
Marcel Holtmann276812e2015-03-16 01:10:18 -0700784 kzfree(smp);
Johan Hedberg923e2412014-12-03 12:43:39 +0200785 hci_conn_drop(hcon);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300786}
787
Johan Hedberg84794e12013-11-06 11:24:57 +0200788static void smp_failure(struct l2cap_conn *conn, u8 reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800789{
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200790 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300791 struct l2cap_chan *chan = conn->smp;
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200792
Johan Hedberg84794e12013-11-06 11:24:57 +0200793 if (reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800794 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
Marcel Holtmannf1560462013-10-13 05:43:25 -0700795 &reason);
Brian Gix4f957a72011-11-23 08:28:36 -0800796
Johan Hedberge1e930f2014-09-08 17:09:49 -0700797 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300798
Johan Hedbergfc75cc82014-09-05 22:19:52 +0300799 if (chan->data)
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300800 smp_chan_destroy(conn);
Brian Gix4f957a72011-11-23 08:28:36 -0800801}
802
Brian Gix2b64d152011-12-21 16:12:12 -0800803#define JUST_WORKS 0x00
804#define JUST_CFM 0x01
805#define REQ_PASSKEY 0x02
806#define CFM_PASSKEY 0x03
807#define REQ_OOB 0x04
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300808#define DSP_PASSKEY 0x05
Brian Gix2b64d152011-12-21 16:12:12 -0800809#define OVERLAP 0xFF
810
811static const u8 gen_method[5][5] = {
812 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
813 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
814 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
815 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
816 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
817};
818
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300819static const u8 sc_method[5][5] = {
820 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
821 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
822 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
823 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
824 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
825};
826
Johan Hedberg581370c2014-06-17 13:07:38 +0300827static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
828{
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300829 /* If either side has unknown io_caps, use JUST_CFM (which gets
830 * converted later to JUST_WORKS if we're initiators.
831 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300832 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
833 remote_io > SMP_IO_KEYBOARD_DISPLAY)
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300834 return JUST_CFM;
Johan Hedberg581370c2014-06-17 13:07:38 +0300835
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300836 if (test_bit(SMP_FLAG_SC, &smp->flags))
837 return sc_method[remote_io][local_io];
838
Johan Hedberg581370c2014-06-17 13:07:38 +0300839 return gen_method[remote_io][local_io];
840}
841
Brian Gix2b64d152011-12-21 16:12:12 -0800842static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
843 u8 local_io, u8 remote_io)
844{
845 struct hci_conn *hcon = conn->hcon;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300846 struct l2cap_chan *chan = conn->smp;
847 struct smp_chan *smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -0800848 u32 passkey = 0;
849 int ret = 0;
850
851 /* Initialize key for JUST WORKS */
852 memset(smp->tk, 0, sizeof(smp->tk));
Johan Hedberg4a74d652014-05-20 09:45:50 +0300853 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800854
855 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
856
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300857 /* If neither side wants MITM, either "just" confirm an incoming
858 * request or use just-works for outgoing ones. The JUST_CFM
859 * will be converted to JUST_WORKS if necessary later in this
860 * function. If either side has MITM look up the method from the
861 * table.
862 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300863 if (!(auth & SMP_AUTH_MITM))
Johan Hedberg783e0572014-05-31 18:48:26 +0300864 smp->method = JUST_CFM;
Brian Gix2b64d152011-12-21 16:12:12 -0800865 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300866 smp->method = get_auth_method(smp, local_io, remote_io);
Brian Gix2b64d152011-12-21 16:12:12 -0800867
Johan Hedberga82505c2014-03-24 14:39:07 +0200868 /* Don't confirm locally initiated pairing attempts */
Johan Hedberg783e0572014-05-31 18:48:26 +0300869 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
870 &smp->flags))
871 smp->method = JUST_WORKS;
Johan Hedberga82505c2014-03-24 14:39:07 +0200872
Johan Hedberg02f3e252014-07-16 15:09:13 +0300873 /* Don't bother user space with no IO capabilities */
Johan Hedberg783e0572014-05-31 18:48:26 +0300874 if (smp->method == JUST_CFM &&
875 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
876 smp->method = JUST_WORKS;
Johan Hedberg02f3e252014-07-16 15:09:13 +0300877
Brian Gix2b64d152011-12-21 16:12:12 -0800878 /* If Just Works, Continue with Zero TK */
Johan Hedberg783e0572014-05-31 18:48:26 +0300879 if (smp->method == JUST_WORKS) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300880 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800881 return 0;
882 }
883
Johan Hedberg19c5ce92015-03-15 19:34:04 +0200884 /* If this function is used for SC -> legacy fallback we
885 * can only recover the just-works case.
886 */
887 if (test_bit(SMP_FLAG_SC, &smp->flags))
888 return -EINVAL;
889
Brian Gix2b64d152011-12-21 16:12:12 -0800890 /* Not Just Works/Confirm results in MITM Authentication */
Johan Hedberg783e0572014-05-31 18:48:26 +0300891 if (smp->method != JUST_CFM) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300892 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
Johan Hedberg5eb596f2014-09-18 11:26:32 +0300893 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
894 hcon->pending_sec_level = BT_SECURITY_HIGH;
895 }
Brian Gix2b64d152011-12-21 16:12:12 -0800896
897 /* If both devices have Keyoard-Display I/O, the master
898 * Confirms and the slave Enters the passkey.
899 */
Johan Hedberg783e0572014-05-31 18:48:26 +0300900 if (smp->method == OVERLAP) {
Johan Hedberg40bef302014-07-16 11:42:27 +0300901 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg783e0572014-05-31 18:48:26 +0300902 smp->method = CFM_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800903 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300904 smp->method = REQ_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800905 }
906
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200907 /* Generate random passkey. */
Johan Hedberg783e0572014-05-31 18:48:26 +0300908 if (smp->method == CFM_PASSKEY) {
Johan Hedberg943a7322014-03-18 12:58:24 +0200909 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -0800910 get_random_bytes(&passkey, sizeof(passkey));
911 passkey %= 1000000;
Johan Hedberg943a7322014-03-18 12:58:24 +0200912 put_unaligned_le32(passkey, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -0800913 BT_DBG("PassKey: %d", passkey);
Johan Hedberg4a74d652014-05-20 09:45:50 +0300914 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800915 }
916
Johan Hedberg783e0572014-05-31 18:48:26 +0300917 if (smp->method == REQ_PASSKEY)
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700918 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200919 hcon->type, hcon->dst_type);
Johan Hedberg783e0572014-05-31 18:48:26 +0300920 else if (smp->method == JUST_CFM)
Johan Hedberg4eb65e62014-03-24 14:39:05 +0200921 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
922 hcon->type, hcon->dst_type,
923 passkey, 1);
Brian Gix2b64d152011-12-21 16:12:12 -0800924 else
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200925 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200926 hcon->type, hcon->dst_type,
Johan Hedberg39adbff2014-03-20 08:18:14 +0200927 passkey, 0);
Brian Gix2b64d152011-12-21 16:12:12 -0800928
Brian Gix2b64d152011-12-21 16:12:12 -0800929 return ret;
930}
931
Johan Hedberg1cc61142014-05-20 09:45:52 +0300932static u8 smp_confirm(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300933{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300934 struct l2cap_conn *conn = smp->conn;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300935 struct smp_cmd_pairing_confirm cp;
936 int ret;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300937
938 BT_DBG("conn %p", conn);
939
Johan Hedberge491eaf2014-10-25 21:15:37 +0200940 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200941 conn->hcon->init_addr_type, &conn->hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200942 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
943 cp.confirm_val);
Johan Hedberg1cc61142014-05-20 09:45:52 +0300944 if (ret)
945 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300946
Johan Hedberg4a74d652014-05-20 09:45:50 +0300947 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800948
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300949 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
950
Johan Hedbergb28b4942014-09-05 22:19:55 +0300951 if (conn->hcon->out)
952 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
953 else
954 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
955
Johan Hedberg1cc61142014-05-20 09:45:52 +0300956 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300957}
958
Johan Hedberg861580a2014-05-20 09:45:51 +0300959static u8 smp_random(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300960{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300961 struct l2cap_conn *conn = smp->conn;
962 struct hci_conn *hcon = conn->hcon;
Johan Hedberg861580a2014-05-20 09:45:51 +0300963 u8 confirm[16];
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300964 int ret;
965
Johan Hedbergec70f362014-06-27 14:23:04 +0300966 if (IS_ERR_OR_NULL(smp->tfm_aes))
Johan Hedberg861580a2014-05-20 09:45:51 +0300967 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300968
969 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
970
Johan Hedberge491eaf2014-10-25 21:15:37 +0200971 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200972 hcon->init_addr_type, &hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200973 hcon->resp_addr_type, &hcon->resp_addr, confirm);
Johan Hedberg861580a2014-05-20 09:45:51 +0300974 if (ret)
975 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300976
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +0200977 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300978 BT_ERR("Pairing failed (confirmation values mismatch)");
Johan Hedberg861580a2014-05-20 09:45:51 +0300979 return SMP_CONFIRM_FAILED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300980 }
981
982 if (hcon->out) {
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -0800983 u8 stk[16];
984 __le64 rand = 0;
985 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300986
Johan Hedberge491eaf2014-10-25 21:15:37 +0200987 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300988
Johan Hedberg861580a2014-05-20 09:45:51 +0300989 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
990 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300991
Johan Hedberg8b76ce32015-06-08 18:14:39 +0300992 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300993 hcon->enc_key_size = smp->enc_key_size;
Johan Hedbergfe59a052014-07-01 19:14:12 +0300994 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300995 } else {
Johan Hedbergfff34902014-06-10 15:19:50 +0300996 u8 stk[16], auth;
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -0800997 __le64 rand = 0;
998 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300999
Johan Hedberg943a7322014-03-18 12:58:24 +02001000 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1001 smp->prnd);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001002
Johan Hedberge491eaf2014-10-25 21:15:37 +02001003 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001004
Johan Hedbergfff34902014-06-10 15:19:50 +03001005 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1006 auth = 1;
1007 else
1008 auth = 0;
1009
Johan Hedberg7d5843b2014-06-16 19:25:15 +03001010 /* Even though there's no _SLAVE suffix this is the
1011 * slave STK we're adding for later lookup (the master
1012 * STK never needs to be stored).
1013 */
Marcel Holtmannce39fb42013-10-13 02:23:39 -07001014 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedberg2ceba532014-06-16 19:25:16 +03001015 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001016 }
1017
Johan Hedberg861580a2014-05-20 09:45:51 +03001018 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001019}
1020
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001021static void smp_notify_keys(struct l2cap_conn *conn)
1022{
1023 struct l2cap_chan *chan = conn->smp;
1024 struct smp_chan *smp = chan->data;
1025 struct hci_conn *hcon = conn->hcon;
1026 struct hci_dev *hdev = hcon->hdev;
1027 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1028 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1029 bool persistent;
1030
Johan Hedbergcad20c22015-10-12 13:36:19 +02001031 if (hcon->type == ACL_LINK) {
1032 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1033 persistent = false;
1034 else
1035 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1036 &hcon->flags);
1037 } else {
1038 /* The LTKs, IRKs and CSRKs should be persistent only if
1039 * both sides had the bonding bit set in their
1040 * authentication requests.
1041 */
1042 persistent = !!((req->auth_req & rsp->auth_req) &
1043 SMP_AUTH_BONDING);
1044 }
1045
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001046 if (smp->remote_irk) {
Johan Hedbergcad20c22015-10-12 13:36:19 +02001047 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1048
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001049 /* Now that user space can be considered to know the
1050 * identity address track the connection based on it
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001051 * from now on (assuming this is an LE link).
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001052 */
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001053 if (hcon->type == LE_LINK) {
1054 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1055 hcon->dst_type = smp->remote_irk->addr_type;
1056 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1057 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001058 }
1059
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001060 if (smp->csrk) {
1061 smp->csrk->bdaddr_type = hcon->dst_type;
1062 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1063 mgmt_new_csrk(hdev, smp->csrk, persistent);
1064 }
1065
1066 if (smp->slave_csrk) {
1067 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1068 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1069 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1070 }
1071
1072 if (smp->ltk) {
1073 smp->ltk->bdaddr_type = hcon->dst_type;
1074 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1075 mgmt_new_ltk(hdev, smp->ltk, persistent);
1076 }
1077
1078 if (smp->slave_ltk) {
1079 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1080 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1081 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1082 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001083
1084 if (smp->link_key) {
Johan Hedberge3befab2014-06-01 16:33:39 +03001085 struct link_key *key;
1086 u8 type;
1087
1088 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1089 type = HCI_LK_DEBUG_COMBINATION;
1090 else if (hcon->sec_level == BT_SECURITY_FIPS)
1091 type = HCI_LK_AUTH_COMBINATION_P256;
1092 else
1093 type = HCI_LK_UNAUTH_COMBINATION_P256;
1094
1095 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1096 smp->link_key, type, 0, &persistent);
1097 if (key) {
1098 mgmt_new_link_key(hdev, key, persistent);
1099
1100 /* Don't keep debug keys around if the relevant
1101 * flag is not set.
1102 */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001103 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
Johan Hedberge3befab2014-06-01 16:33:39 +03001104 key->type == HCI_LK_DEBUG_COMBINATION) {
1105 list_del_rcu(&key->list);
1106 kfree_rcu(key, rcu);
1107 }
1108 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001109 }
1110}
1111
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001112static void sc_add_ltk(struct smp_chan *smp)
1113{
1114 struct hci_conn *hcon = smp->conn->hcon;
1115 u8 key_type, auth;
1116
1117 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1118 key_type = SMP_LTK_P256_DEBUG;
1119 else
1120 key_type = SMP_LTK_P256;
1121
1122 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1123 auth = 1;
1124 else
1125 auth = 0;
1126
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001127 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1128 key_type, auth, smp->tk, smp->enc_key_size,
1129 0, 0);
1130}
1131
Johan Hedberg6a770832014-06-06 11:54:04 +03001132static void sc_generate_link_key(struct smp_chan *smp)
1133{
1134 /* These constants are as specified in the core specification.
1135 * In ASCII they spell out to 'tmp1' and 'lebr'.
1136 */
1137 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1138 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1139
1140 smp->link_key = kzalloc(16, GFP_KERNEL);
1141 if (!smp->link_key)
1142 return;
1143
1144 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
Marcel Holtmann276812e2015-03-16 01:10:18 -07001145 kzfree(smp->link_key);
Johan Hedberg6a770832014-06-06 11:54:04 +03001146 smp->link_key = NULL;
1147 return;
1148 }
1149
1150 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
Marcel Holtmann276812e2015-03-16 01:10:18 -07001151 kzfree(smp->link_key);
Johan Hedberg6a770832014-06-06 11:54:04 +03001152 smp->link_key = NULL;
1153 return;
1154 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001155}
1156
Johan Hedbergb28b4942014-09-05 22:19:55 +03001157static void smp_allow_key_dist(struct smp_chan *smp)
1158{
1159 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1160 * will be allowed in each PDU handler to ensure we receive
1161 * them in the correct order.
1162 */
1163 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1164 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1165 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1166 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1167 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1168 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1169}
1170
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001171static void sc_generate_ltk(struct smp_chan *smp)
1172{
1173 /* These constants are as specified in the core specification.
1174 * In ASCII they spell out to 'tmp2' and 'brle'.
1175 */
1176 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1177 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1178 struct hci_conn *hcon = smp->conn->hcon;
1179 struct hci_dev *hdev = hcon->hdev;
1180 struct link_key *key;
1181
1182 key = hci_find_link_key(hdev, &hcon->dst);
1183 if (!key) {
1184 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1185 return;
1186 }
1187
1188 if (key->type == HCI_LK_DEBUG_COMBINATION)
1189 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1190
1191 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1192 return;
1193
1194 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1195 return;
1196
1197 sc_add_ltk(smp);
1198}
1199
Johan Hedbergd6268e82014-09-05 22:19:51 +03001200static void smp_distribute_keys(struct smp_chan *smp)
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001201{
1202 struct smp_cmd_pairing *req, *rsp;
Johan Hedberg86d14072014-08-11 22:06:43 +03001203 struct l2cap_conn *conn = smp->conn;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001204 struct hci_conn *hcon = conn->hcon;
1205 struct hci_dev *hdev = hcon->hdev;
1206 __u8 *keydist;
1207
1208 BT_DBG("conn %p", conn);
1209
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001210 rsp = (void *) &smp->prsp[1];
1211
1212 /* The responder sends its keys first */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001213 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1214 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001215 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001216 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001217
1218 req = (void *) &smp->preq[1];
1219
1220 if (hcon->out) {
1221 keydist = &rsp->init_key_dist;
1222 *keydist &= req->init_key_dist;
1223 } else {
1224 keydist = &rsp->resp_key_dist;
1225 *keydist &= req->resp_key_dist;
1226 }
1227
Johan Hedberg6a770832014-06-06 11:54:04 +03001228 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001229 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
Johan Hedberg6a770832014-06-06 11:54:04 +03001230 sc_generate_link_key(smp);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001231 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1232 sc_generate_ltk(smp);
Johan Hedberg6a770832014-06-06 11:54:04 +03001233
1234 /* Clear the keys which are generated but not distributed */
1235 *keydist &= ~SMP_SC_NO_DIST;
1236 }
1237
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001238 BT_DBG("keydist 0x%x", *keydist);
1239
1240 if (*keydist & SMP_DIST_ENC_KEY) {
1241 struct smp_cmd_encrypt_info enc;
1242 struct smp_cmd_master_ident ident;
1243 struct smp_ltk *ltk;
1244 u8 authenticated;
1245 __le16 ediv;
1246 __le64 rand;
1247
Johan Hedberg1fc62c52015-06-10 11:11:20 +03001248 /* Make sure we generate only the significant amount of
1249 * bytes based on the encryption key size, and set the rest
1250 * of the value to zeroes.
1251 */
1252 get_random_bytes(enc.ltk, smp->enc_key_size);
1253 memset(enc.ltk + smp->enc_key_size, 0,
1254 sizeof(enc.ltk) - smp->enc_key_size);
1255
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001256 get_random_bytes(&ediv, sizeof(ediv));
1257 get_random_bytes(&rand, sizeof(rand));
1258
1259 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1260
1261 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1262 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1263 SMP_LTK_SLAVE, authenticated, enc.ltk,
1264 smp->enc_key_size, ediv, rand);
1265 smp->slave_ltk = ltk;
1266
1267 ident.ediv = ediv;
1268 ident.rand = rand;
1269
1270 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1271
1272 *keydist &= ~SMP_DIST_ENC_KEY;
1273 }
1274
1275 if (*keydist & SMP_DIST_ID_KEY) {
1276 struct smp_cmd_ident_addr_info addrinfo;
1277 struct smp_cmd_ident_info idinfo;
1278
1279 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1280
1281 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1282
1283 /* The hci_conn contains the local identity address
1284 * after the connection has been established.
1285 *
1286 * This is true even when the connection has been
1287 * established using a resolvable random address.
1288 */
1289 bacpy(&addrinfo.bdaddr, &hcon->src);
1290 addrinfo.addr_type = hcon->src_type;
1291
1292 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1293 &addrinfo);
1294
1295 *keydist &= ~SMP_DIST_ID_KEY;
1296 }
1297
1298 if (*keydist & SMP_DIST_SIGN) {
1299 struct smp_cmd_sign_info sign;
1300 struct smp_csrk *csrk;
1301
1302 /* Generate a new random key */
1303 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1304
1305 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1306 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02001307 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1308 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1309 else
1310 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001311 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1312 }
1313 smp->slave_csrk = csrk;
1314
1315 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1316
1317 *keydist &= ~SMP_DIST_SIGN;
1318 }
1319
1320 /* If there are still keys to be received wait for them */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001321 if (smp->remote_key_dist & KEY_DIST_MASK) {
1322 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001323 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001324 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001325
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001326 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1327 smp_notify_keys(conn);
1328
1329 smp_chan_destroy(conn);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001330}
1331
Johan Hedbergb68fda62014-08-11 22:06:40 +03001332static void smp_timeout(struct work_struct *work)
1333{
1334 struct smp_chan *smp = container_of(work, struct smp_chan,
1335 security_timer.work);
1336 struct l2cap_conn *conn = smp->conn;
1337
1338 BT_DBG("conn %p", conn);
1339
Johan Hedberg1e91c292014-08-18 20:33:29 +03001340 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
Johan Hedbergb68fda62014-08-11 22:06:40 +03001341}
1342
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001343static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1344{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001345 struct l2cap_chan *chan = conn->smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001346 struct smp_chan *smp;
1347
Marcel Holtmannf1560462013-10-13 05:43:25 -07001348 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001349 if (!smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001350 return NULL;
1351
Andy Lutomirskia4770e12016-06-26 14:55:23 -07001352 smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg6a7bd102014-06-27 14:23:03 +03001353 if (IS_ERR(smp->tfm_aes)) {
Andy Lutomirskia4770e12016-06-26 14:55:23 -07001354 BT_ERR("Unable to create AES crypto context");
Marcel Holtmann276812e2015-03-16 01:10:18 -07001355 kzfree(smp);
Johan Hedberg6a7bd102014-06-27 14:23:03 +03001356 return NULL;
1357 }
1358
Herbert Xu71af2f62016-01-24 21:18:30 +08001359 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Johan Hedberg407cecf2014-05-02 14:19:47 +03001360 if (IS_ERR(smp->tfm_cmac)) {
1361 BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirskia4770e12016-06-26 14:55:23 -07001362 crypto_free_cipher(smp->tfm_aes);
Marcel Holtmann276812e2015-03-16 01:10:18 -07001363 kzfree(smp);
Johan Hedberg407cecf2014-05-02 14:19:47 +03001364 return NULL;
1365 }
1366
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001367 smp->conn = conn;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001368 chan->data = smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001369
Johan Hedbergb28b4942014-09-05 22:19:55 +03001370 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1371
Johan Hedbergb68fda62014-08-11 22:06:40 +03001372 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1373
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001374 hci_conn_hold(conn->hcon);
1375
1376 return smp;
1377}
1378
Johan Hedberg760b0182014-06-06 11:44:05 +03001379static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1380{
1381 struct hci_conn *hcon = smp->conn->hcon;
1382 u8 *na, *nb, a[7], b[7];
1383
1384 if (hcon->out) {
1385 na = smp->prnd;
1386 nb = smp->rrnd;
1387 } else {
1388 na = smp->rrnd;
1389 nb = smp->prnd;
1390 }
1391
1392 memcpy(a, &hcon->init_addr, 6);
1393 memcpy(b, &hcon->resp_addr, 6);
1394 a[6] = hcon->init_addr_type;
1395 b[6] = hcon->resp_addr_type;
1396
1397 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1398}
1399
Johan Hedberg38606f12014-06-25 11:10:28 +03001400static void sc_dhkey_check(struct smp_chan *smp)
Johan Hedberg760b0182014-06-06 11:44:05 +03001401{
1402 struct hci_conn *hcon = smp->conn->hcon;
1403 struct smp_cmd_dhkey_check check;
1404 u8 a[7], b[7], *local_addr, *remote_addr;
1405 u8 io_cap[3], r[16];
1406
Johan Hedberg760b0182014-06-06 11:44:05 +03001407 memcpy(a, &hcon->init_addr, 6);
1408 memcpy(b, &hcon->resp_addr, 6);
1409 a[6] = hcon->init_addr_type;
1410 b[6] = hcon->resp_addr_type;
1411
1412 if (hcon->out) {
1413 local_addr = a;
1414 remote_addr = b;
1415 memcpy(io_cap, &smp->preq[1], 3);
1416 } else {
1417 local_addr = b;
1418 remote_addr = a;
1419 memcpy(io_cap, &smp->prsp[1], 3);
1420 }
1421
Johan Hedbergdddd3052014-06-01 15:38:09 +03001422 memset(r, 0, sizeof(r));
1423
1424 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
Johan Hedberg38606f12014-06-25 11:10:28 +03001425 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg760b0182014-06-06 11:44:05 +03001426
Johan Hedberga29b0732014-10-28 15:17:05 +01001427 if (smp->method == REQ_OOB)
1428 memcpy(r, smp->rr, 16);
1429
Johan Hedberg760b0182014-06-06 11:44:05 +03001430 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1431 local_addr, remote_addr, check.e);
1432
1433 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
Johan Hedbergdddd3052014-06-01 15:38:09 +03001434}
1435
Johan Hedberg38606f12014-06-25 11:10:28 +03001436static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1437{
1438 struct l2cap_conn *conn = smp->conn;
1439 struct hci_conn *hcon = conn->hcon;
1440 struct smp_cmd_pairing_confirm cfm;
1441 u8 r;
1442
1443 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1444 r |= 0x80;
1445
1446 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1447
1448 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1449 cfm.confirm_val))
1450 return SMP_UNSPECIFIED;
1451
1452 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1453
1454 return 0;
1455}
1456
1457static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1458{
1459 struct l2cap_conn *conn = smp->conn;
1460 struct hci_conn *hcon = conn->hcon;
1461 struct hci_dev *hdev = hcon->hdev;
1462 u8 cfm[16], r;
1463
1464 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1465 if (smp->passkey_round >= 20)
1466 return 0;
1467
1468 switch (smp_op) {
1469 case SMP_CMD_PAIRING_RANDOM:
1470 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1471 r |= 0x80;
1472
1473 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1474 smp->rrnd, r, cfm))
1475 return SMP_UNSPECIFIED;
1476
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02001477 if (crypto_memneq(smp->pcnf, cfm, 16))
Johan Hedberg38606f12014-06-25 11:10:28 +03001478 return SMP_CONFIRM_FAILED;
1479
1480 smp->passkey_round++;
1481
1482 if (smp->passkey_round == 20) {
1483 /* Generate MacKey and LTK */
1484 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1485 return SMP_UNSPECIFIED;
1486 }
1487
1488 /* The round is only complete when the initiator
1489 * receives pairing random.
1490 */
1491 if (!hcon->out) {
1492 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1493 sizeof(smp->prnd), smp->prnd);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001494 if (smp->passkey_round == 20)
Johan Hedberg38606f12014-06-25 11:10:28 +03001495 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001496 else
Johan Hedberg38606f12014-06-25 11:10:28 +03001497 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
Johan Hedberg38606f12014-06-25 11:10:28 +03001498 return 0;
1499 }
1500
1501 /* Start the next round */
1502 if (smp->passkey_round != 20)
1503 return sc_passkey_round(smp, 0);
1504
1505 /* Passkey rounds are complete - start DHKey Check */
1506 sc_dhkey_check(smp);
1507 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1508
1509 break;
1510
1511 case SMP_CMD_PAIRING_CONFIRM:
1512 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1513 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1514 return 0;
1515 }
1516
1517 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1518
1519 if (hcon->out) {
1520 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1521 sizeof(smp->prnd), smp->prnd);
1522 return 0;
1523 }
1524
1525 return sc_passkey_send_confirm(smp);
1526
1527 case SMP_CMD_PUBLIC_KEY:
1528 default:
1529 /* Initiating device starts the round */
1530 if (!hcon->out)
1531 return 0;
1532
1533 BT_DBG("%s Starting passkey round %u", hdev->name,
1534 smp->passkey_round + 1);
1535
1536 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1537
1538 return sc_passkey_send_confirm(smp);
1539 }
1540
1541 return 0;
1542}
1543
Johan Hedbergdddd3052014-06-01 15:38:09 +03001544static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1545{
Johan Hedberg38606f12014-06-25 11:10:28 +03001546 struct l2cap_conn *conn = smp->conn;
1547 struct hci_conn *hcon = conn->hcon;
1548 u8 smp_op;
1549
1550 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1551
Johan Hedbergdddd3052014-06-01 15:38:09 +03001552 switch (mgmt_op) {
1553 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1554 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1555 return 0;
1556 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1557 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1558 return 0;
Johan Hedberg38606f12014-06-25 11:10:28 +03001559 case MGMT_OP_USER_PASSKEY_REPLY:
1560 hcon->passkey_notify = le32_to_cpu(passkey);
1561 smp->passkey_round = 0;
1562
1563 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1564 smp_op = SMP_CMD_PAIRING_CONFIRM;
1565 else
1566 smp_op = 0;
1567
1568 if (sc_passkey_round(smp, smp_op))
1569 return -EIO;
1570
1571 return 0;
Johan Hedbergdddd3052014-06-01 15:38:09 +03001572 }
1573
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001574 /* Initiator sends DHKey check first */
1575 if (hcon->out) {
1576 sc_dhkey_check(smp);
1577 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1578 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1579 sc_dhkey_check(smp);
1580 sc_add_ltk(smp);
1581 }
Johan Hedberg760b0182014-06-06 11:44:05 +03001582
1583 return 0;
1584}
1585
Brian Gix2b64d152011-12-21 16:12:12 -08001586int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1587{
Johan Hedbergb10e8012014-06-27 14:23:07 +03001588 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001589 struct l2cap_chan *chan;
Brian Gix2b64d152011-12-21 16:12:12 -08001590 struct smp_chan *smp;
1591 u32 value;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001592 int err;
Brian Gix2b64d152011-12-21 16:12:12 -08001593
1594 BT_DBG("");
1595
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001596 if (!conn)
Brian Gix2b64d152011-12-21 16:12:12 -08001597 return -ENOTCONN;
1598
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001599 chan = conn->smp;
1600 if (!chan)
1601 return -ENOTCONN;
1602
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001603 l2cap_chan_lock(chan);
1604 if (!chan->data) {
1605 err = -ENOTCONN;
1606 goto unlock;
1607 }
1608
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001609 smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -08001610
Johan Hedberg760b0182014-06-06 11:44:05 +03001611 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1612 err = sc_user_reply(smp, mgmt_op, passkey);
1613 goto unlock;
1614 }
1615
Brian Gix2b64d152011-12-21 16:12:12 -08001616 switch (mgmt_op) {
1617 case MGMT_OP_USER_PASSKEY_REPLY:
1618 value = le32_to_cpu(passkey);
Johan Hedberg943a7322014-03-18 12:58:24 +02001619 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -08001620 BT_DBG("PassKey: %d", value);
Johan Hedberg943a7322014-03-18 12:58:24 +02001621 put_unaligned_le32(value, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -08001622 /* Fall Through */
1623 case MGMT_OP_USER_CONFIRM_REPLY:
Johan Hedberg4a74d652014-05-20 09:45:50 +03001624 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001625 break;
1626 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1627 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
Johan Hedberg84794e12013-11-06 11:24:57 +02001628 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001629 err = 0;
1630 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001631 default:
Johan Hedberg84794e12013-11-06 11:24:57 +02001632 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001633 err = -EOPNOTSUPP;
1634 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001635 }
1636
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001637 err = 0;
1638
Brian Gix2b64d152011-12-21 16:12:12 -08001639 /* If it is our turn to send Pairing Confirm, do so now */
Johan Hedberg1cc61142014-05-20 09:45:52 +03001640 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1641 u8 rsp = smp_confirm(smp);
1642 if (rsp)
1643 smp_failure(conn, rsp);
1644 }
Brian Gix2b64d152011-12-21 16:12:12 -08001645
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001646unlock:
1647 l2cap_chan_unlock(chan);
1648 return err;
Brian Gix2b64d152011-12-21 16:12:12 -08001649}
1650
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001651static void build_bredr_pairing_cmd(struct smp_chan *smp,
1652 struct smp_cmd_pairing *req,
1653 struct smp_cmd_pairing *rsp)
1654{
1655 struct l2cap_conn *conn = smp->conn;
1656 struct hci_dev *hdev = conn->hcon->hdev;
1657 u8 local_dist = 0, remote_dist = 0;
1658
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001659 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001660 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1661 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1662 }
1663
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001664 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001665 remote_dist |= SMP_DIST_ID_KEY;
1666
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001667 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001668 local_dist |= SMP_DIST_ID_KEY;
1669
1670 if (!rsp) {
1671 memset(req, 0, sizeof(*req));
1672
1673 req->init_key_dist = local_dist;
1674 req->resp_key_dist = remote_dist;
Johan Hedberge3f6a252015-06-11 13:52:30 +03001675 req->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001676
1677 smp->remote_key_dist = remote_dist;
1678
1679 return;
1680 }
1681
1682 memset(rsp, 0, sizeof(*rsp));
1683
Johan Hedberge3f6a252015-06-11 13:52:30 +03001684 rsp->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001685 rsp->init_key_dist = req->init_key_dist & remote_dist;
1686 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1687
1688 smp->remote_key_dist = rsp->init_key_dist;
1689}
1690
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001691static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001692{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001693 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001694 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb3c64102014-07-10 11:02:07 +03001695 struct hci_dev *hdev = conn->hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001696 struct smp_chan *smp;
Johan Hedbergc7262e72014-06-17 13:07:37 +03001697 u8 key_size, auth, sec_level;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001698 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001699
1700 BT_DBG("conn %p", conn);
1701
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001702 if (skb->len < sizeof(*req))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001703 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001704
Johan Hedberg40bef302014-07-16 11:42:27 +03001705 if (conn->hcon->role != HCI_ROLE_SLAVE)
Brian Gix2b64d152011-12-21 16:12:12 -08001706 return SMP_CMD_NOTSUPP;
1707
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001708 if (!chan->data)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001709 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001710 else
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001711 smp = chan->data;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001712
Andrei Emeltchenkod08fd0e2012-07-19 17:03:43 +03001713 if (!smp)
1714 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001715
Johan Hedbergc05b9332014-09-10 17:37:42 -07001716 /* We didn't start the pairing, so match remote */
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001717 auth = req->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001718
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001719 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07001720 (auth & SMP_AUTH_BONDING))
Johan Hedbergb3c64102014-07-10 11:02:07 +03001721 return SMP_PAIRING_NOTSUPP;
1722
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001723 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001724 return SMP_AUTH_REQUIREMENTS;
1725
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001726 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1727 memcpy(&smp->preq[1], req, sizeof(*req));
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001728 skb_pull(skb, sizeof(*req));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001729
Johan Hedbergcb06d362015-03-16 21:12:34 +02001730 /* If the remote side's OOB flag is set it means it has
1731 * successfully received our local OOB data - therefore set the
1732 * flag to indicate that local OOB is in use.
1733 */
Johan Hedberg58428562015-03-16 11:45:45 +02001734 if (req->oob_flag == SMP_OOB_PRESENT)
1735 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1736
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001737 /* SMP over BR/EDR requires special treatment */
1738 if (conn->hcon->type == ACL_LINK) {
1739 /* We must have a BR/EDR SC link */
Marcel Holtmann08f63cc2014-12-07 16:19:12 +01001740 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07001741 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001742 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1743
1744 set_bit(SMP_FLAG_SC, &smp->flags);
1745
1746 build_bredr_pairing_cmd(smp, req, &rsp);
1747
1748 key_size = min(req->max_key_size, rsp.max_key_size);
1749 if (check_enc_key_size(conn, key_size))
1750 return SMP_ENC_KEY_SIZE;
1751
1752 /* Clear bits which are generated but not distributed */
1753 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1754
1755 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1756 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1757 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1758
1759 smp_distribute_keys(smp);
1760 return 0;
1761 }
1762
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03001763 build_pairing_cmd(conn, req, &rsp, auth);
1764
1765 if (rsp.auth_req & SMP_AUTH_SC)
1766 set_bit(SMP_FLAG_SC, &smp->flags);
1767
Johan Hedberg5be5e272014-09-10 17:58:54 -07001768 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07001769 sec_level = BT_SECURITY_MEDIUM;
1770 else
1771 sec_level = authreq_to_seclevel(auth);
1772
Johan Hedbergc7262e72014-06-17 13:07:37 +03001773 if (sec_level > conn->hcon->pending_sec_level)
1774 conn->hcon->pending_sec_level = sec_level;
Ido Yarivfdde0a22012-03-05 20:09:38 +02001775
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001776 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001777 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1778 u8 method;
1779
1780 method = get_auth_method(smp, conn->hcon->io_capability,
1781 req->io_capability);
1782 if (method == JUST_WORKS || method == JUST_CFM)
1783 return SMP_AUTH_REQUIREMENTS;
1784 }
1785
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001786 key_size = min(req->max_key_size, rsp.max_key_size);
1787 if (check_enc_key_size(conn, key_size))
1788 return SMP_ENC_KEY_SIZE;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001789
Johan Hedberge84a6b12013-12-02 10:49:03 +02001790 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001791
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001792 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1793 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001794
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001795 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
Johan Hedberg3b191462014-06-06 10:50:15 +03001796
1797 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1798
Johan Hedberg19c5ce92015-03-15 19:34:04 +02001799 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1800 * SC case, however some implementations incorrectly copy RFU auth
1801 * req bits from our security request, which may create a false
1802 * positive SC enablement.
1803 */
1804 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1805
Johan Hedberg3b191462014-06-06 10:50:15 +03001806 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1807 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1808 /* Clear bits which are generated but not distributed */
1809 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1810 /* Wait for Public Key from Initiating Device */
1811 return 0;
Johan Hedberg3b191462014-06-06 10:50:15 +03001812 }
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001813
Brian Gix2b64d152011-12-21 16:12:12 -08001814 /* Request setup of TK */
1815 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1816 if (ret)
1817 return SMP_UNSPECIFIED;
1818
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001819 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001820}
1821
Johan Hedberg3b191462014-06-06 10:50:15 +03001822static u8 sc_send_public_key(struct smp_chan *smp)
1823{
Johan Hedberg70157ef2014-06-24 15:22:59 +03001824 struct hci_dev *hdev = smp->conn->hcon->hdev;
1825
Johan Hedberg3b191462014-06-06 10:50:15 +03001826 BT_DBG("");
1827
Johan Hedberg1a8bab42015-03-16 11:45:44 +02001828 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001829 struct l2cap_chan *chan = hdev->smp_data;
1830 struct smp_dev *smp_dev;
1831
1832 if (!chan || !chan->data)
1833 return SMP_UNSPECIFIED;
1834
1835 smp_dev = chan->data;
1836
1837 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1838 memcpy(smp->local_sk, smp_dev->local_sk, 32);
Marcel Holtmannfb334fe2015-03-16 12:34:57 -07001839 memcpy(smp->lr, smp_dev->local_rand, 16);
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001840
1841 if (smp_dev->debug_key)
1842 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1843
1844 goto done;
1845 }
1846
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001847 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
Johan Hedberg70157ef2014-06-24 15:22:59 +03001848 BT_DBG("Using debug keys");
1849 memcpy(smp->local_pk, debug_pk, 64);
1850 memcpy(smp->local_sk, debug_sk, 32);
1851 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1852 } else {
1853 while (true) {
1854 /* Generate local key pair for Secure Connections */
1855 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1856 return SMP_UNSPECIFIED;
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001857
Johan Hedberg70157ef2014-06-24 15:22:59 +03001858 /* This is unlikely, but we need to check that
1859 * we didn't accidentially generate a debug key.
1860 */
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02001861 if (crypto_memneq(smp->local_sk, debug_sk, 32))
Johan Hedberg70157ef2014-06-24 15:22:59 +03001862 break;
1863 }
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001864 }
Johan Hedberg3b191462014-06-06 10:50:15 +03001865
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001866done:
Johan Hedbergc7a3d572014-12-01 22:03:16 +02001867 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
Marcel Holtmann8e4e2ee2015-03-16 01:10:25 -07001868 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
Johan Hedbergc7a3d572014-12-01 22:03:16 +02001869 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
Johan Hedberg3b191462014-06-06 10:50:15 +03001870
1871 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1872
1873 return 0;
1874}
1875
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001876static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001877{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001878 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001879 struct l2cap_chan *chan = conn->smp;
1880 struct smp_chan *smp = chan->data;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001881 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg3a7dbfb2014-09-10 17:37:41 -07001882 u8 key_size, auth;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001883 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001884
1885 BT_DBG("conn %p", conn);
1886
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001887 if (skb->len < sizeof(*rsp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001888 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001889
Johan Hedberg40bef302014-07-16 11:42:27 +03001890 if (conn->hcon->role != HCI_ROLE_MASTER)
Brian Gix2b64d152011-12-21 16:12:12 -08001891 return SMP_CMD_NOTSUPP;
1892
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001893 skb_pull(skb, sizeof(*rsp));
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001894
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001895 req = (void *) &smp->preq[1];
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001896
1897 key_size = min(req->max_key_size, rsp->max_key_size);
1898 if (check_enc_key_size(conn, key_size))
1899 return SMP_ENC_KEY_SIZE;
1900
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001901 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001902
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001903 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001904 return SMP_AUTH_REQUIREMENTS;
1905
Johan Hedbergcb06d362015-03-16 21:12:34 +02001906 /* If the remote side's OOB flag is set it means it has
1907 * successfully received our local OOB data - therefore set the
1908 * flag to indicate that local OOB is in use.
1909 */
Johan Hedberg58428562015-03-16 11:45:45 +02001910 if (rsp->oob_flag == SMP_OOB_PRESENT)
1911 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1912
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001913 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1914 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1915
1916 /* Update remote key distribution in case the remote cleared
1917 * some bits that we had enabled in our request.
1918 */
1919 smp->remote_key_dist &= rsp->resp_key_dist;
1920
1921 /* For BR/EDR this means we're done and can start phase 3 */
1922 if (conn->hcon->type == ACL_LINK) {
1923 /* Clear bits which are generated but not distributed */
1924 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1925 smp_distribute_keys(smp);
1926 return 0;
1927 }
1928
Johan Hedberg65668772014-05-16 11:03:34 +03001929 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1930 set_bit(SMP_FLAG_SC, &smp->flags);
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03001931 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1932 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
Johan Hedberg65668772014-05-16 11:03:34 +03001933
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001934 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001935 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1936 u8 method;
1937
1938 method = get_auth_method(smp, req->io_capability,
1939 rsp->io_capability);
1940 if (method == JUST_WORKS || method == JUST_CFM)
1941 return SMP_AUTH_REQUIREMENTS;
1942 }
1943
Johan Hedberge84a6b12013-12-02 10:49:03 +02001944 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001945
Johan Hedbergfdcc4be2014-03-14 10:53:50 +02001946 /* Update remote key distribution in case the remote cleared
1947 * some bits that we had enabled in our request.
1948 */
1949 smp->remote_key_dist &= rsp->resp_key_dist;
1950
Johan Hedberg3b191462014-06-06 10:50:15 +03001951 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1952 /* Clear bits which are generated but not distributed */
1953 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1954 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1955 return sc_send_public_key(smp);
1956 }
1957
Johan Hedbergc05b9332014-09-10 17:37:42 -07001958 auth |= req->auth_req;
Brian Gix2b64d152011-12-21 16:12:12 -08001959
Johan Hedberg476585e2012-06-06 18:54:15 +08001960 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
Brian Gix2b64d152011-12-21 16:12:12 -08001961 if (ret)
1962 return SMP_UNSPECIFIED;
1963
Johan Hedberg4a74d652014-05-20 09:45:50 +03001964 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001965
1966 /* Can't compose response until we have been confirmed */
Johan Hedberg4a74d652014-05-20 09:45:50 +03001967 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03001968 return smp_confirm(smp);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001969
1970 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001971}
1972
Johan Hedbergdcee2b32014-06-06 11:36:38 +03001973static u8 sc_check_confirm(struct smp_chan *smp)
1974{
1975 struct l2cap_conn *conn = smp->conn;
1976
1977 BT_DBG("");
1978
Johan Hedberg38606f12014-06-25 11:10:28 +03001979 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1980 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1981
Johan Hedbergdcee2b32014-06-06 11:36:38 +03001982 if (conn->hcon->out) {
1983 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1984 smp->prnd);
1985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1986 }
1987
1988 return 0;
1989}
1990
Johan Hedberg19c5ce92015-03-15 19:34:04 +02001991/* Work-around for some implementations that incorrectly copy RFU bits
1992 * from our security request and thereby create the impression that
1993 * we're doing SC when in fact the remote doesn't support it.
1994 */
1995static int fixup_sc_false_positive(struct smp_chan *smp)
1996{
1997 struct l2cap_conn *conn = smp->conn;
1998 struct hci_conn *hcon = conn->hcon;
1999 struct hci_dev *hdev = hcon->hdev;
2000 struct smp_cmd_pairing *req, *rsp;
2001 u8 auth;
2002
2003 /* The issue is only observed when we're in slave role */
2004 if (hcon->out)
2005 return SMP_UNSPECIFIED;
2006
2007 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2008 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2009 return SMP_UNSPECIFIED;
2010 }
2011
2012 BT_ERR("Trying to fall back to legacy SMP");
2013
2014 req = (void *) &smp->preq[1];
2015 rsp = (void *) &smp->prsp[1];
2016
2017 /* Rebuild key dist flags which may have been cleared for SC */
2018 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2019
2020 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2021
2022 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2023 BT_ERR("Failed to fall back to legacy SMP");
2024 return SMP_UNSPECIFIED;
2025 }
2026
2027 clear_bit(SMP_FLAG_SC, &smp->flags);
2028
2029 return 0;
2030}
2031
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002032static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002033{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002034 struct l2cap_chan *chan = conn->smp;
2035 struct smp_chan *smp = chan->data;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002036
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002037 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2038
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002039 if (skb->len < sizeof(smp->pcnf))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002040 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002041
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002042 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2043 skb_pull(skb, sizeof(smp->pcnf));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002044
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002045 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2046 int ret;
2047
2048 /* Public Key exchange must happen before any other steps */
2049 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2050 return sc_check_confirm(smp);
2051
2052 BT_ERR("Unexpected SMP Pairing Confirm");
2053
2054 ret = fixup_sc_false_positive(smp);
2055 if (ret)
2056 return ret;
2057 }
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002058
Johan Hedbergb28b4942014-09-05 22:19:55 +03002059 if (conn->hcon->out) {
Johan Hedberg943a7322014-03-18 12:58:24 +02002060 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2061 smp->prnd);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002062 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2063 return 0;
2064 }
2065
2066 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03002067 return smp_confirm(smp);
Marcel Holtmann983f9812015-03-11 17:47:40 -07002068
2069 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002070
2071 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002072}
2073
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002074static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002075{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002076 struct l2cap_chan *chan = conn->smp;
2077 struct smp_chan *smp = chan->data;
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002078 struct hci_conn *hcon = conn->hcon;
2079 u8 *pkax, *pkbx, *na, *nb;
2080 u32 passkey;
2081 int err;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002082
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002083 BT_DBG("conn %p", conn);
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002084
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002085 if (skb->len < sizeof(smp->rrnd))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002086 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002087
Johan Hedberg943a7322014-03-18 12:58:24 +02002088 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002089 skb_pull(skb, sizeof(smp->rrnd));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002090
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002091 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2092 return smp_random(smp);
2093
Johan Hedberg580039e2014-12-03 16:26:37 +02002094 if (hcon->out) {
2095 pkax = smp->local_pk;
2096 pkbx = smp->remote_pk;
2097 na = smp->prnd;
2098 nb = smp->rrnd;
2099 } else {
2100 pkax = smp->remote_pk;
2101 pkbx = smp->local_pk;
2102 na = smp->rrnd;
2103 nb = smp->prnd;
2104 }
2105
Johan Hedberga29b0732014-10-28 15:17:05 +01002106 if (smp->method == REQ_OOB) {
2107 if (!hcon->out)
2108 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2109 sizeof(smp->prnd), smp->prnd);
2110 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2111 goto mackey_and_ltk;
2112 }
2113
Johan Hedberg38606f12014-06-25 11:10:28 +03002114 /* Passkey entry has special treatment */
2115 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2116 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2117
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002118 if (hcon->out) {
2119 u8 cfm[16];
2120
2121 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2122 smp->rrnd, 0, cfm);
2123 if (err)
2124 return SMP_UNSPECIFIED;
2125
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02002126 if (crypto_memneq(smp->pcnf, cfm, 16))
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002127 return SMP_CONFIRM_FAILED;
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002128 } else {
2129 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2130 smp->prnd);
2131 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002132 }
2133
Johan Hedberga29b0732014-10-28 15:17:05 +01002134mackey_and_ltk:
Johan Hedberg760b0182014-06-06 11:44:05 +03002135 /* Generate MacKey and LTK */
2136 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2137 if (err)
2138 return SMP_UNSPECIFIED;
2139
Johan Hedberga29b0732014-10-28 15:17:05 +01002140 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
Johan Hedbergdddd3052014-06-01 15:38:09 +03002141 if (hcon->out) {
Johan Hedberg38606f12014-06-25 11:10:28 +03002142 sc_dhkey_check(smp);
Johan Hedbergdddd3052014-06-01 15:38:09 +03002143 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2144 }
2145 return 0;
2146 }
2147
Johan Hedberg38606f12014-06-25 11:10:28 +03002148 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002149 if (err)
2150 return SMP_UNSPECIFIED;
2151
Johan Hedberg38606f12014-06-25 11:10:28 +03002152 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2153 hcon->dst_type, passkey, 0);
2154 if (err)
2155 return SMP_UNSPECIFIED;
2156
2157 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2158
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002159 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002160}
2161
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002162static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002163{
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002164 struct smp_ltk *key;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002165 struct hci_conn *hcon = conn->hcon;
2166
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002167 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002168 if (!key)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002169 return false;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002170
Johan Hedberga6f78332014-09-10 17:37:45 -07002171 if (smp_ltk_sec_level(key) < sec_level)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002172 return false;
Johan Hedberg4dab7862012-06-07 14:58:37 +08002173
Johan Hedberg51a8efd2012-01-16 06:10:31 +02002174 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002175 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002176
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002177 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002178 hcon->enc_key_size = key->enc_size;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002179
Johan Hedbergfe59a052014-07-01 19:14:12 +03002180 /* We never store STKs for master role, so clear this flag */
2181 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2182
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002183 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002184}
Marcel Holtmannf1560462013-10-13 05:43:25 -07002185
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002186bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2187 enum smp_key_pref key_pref)
Johan Hedberg854f4722014-07-01 18:40:20 +03002188{
2189 if (sec_level == BT_SECURITY_LOW)
2190 return true;
2191
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002192 /* If we're encrypted with an STK but the caller prefers using
2193 * LTK claim insufficient security. This way we allow the
2194 * connection to be re-encrypted with an LTK, even if the LTK
2195 * provides the same level of security. Only exception is if we
2196 * don't have an LTK (e.g. because of key distribution bits).
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002197 */
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002198 if (key_pref == SMP_USE_LTK &&
2199 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002200 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002201 return false;
2202
Johan Hedberg854f4722014-07-01 18:40:20 +03002203 if (hcon->sec_level >= sec_level)
2204 return true;
2205
2206 return false;
2207}
2208
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002209static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002210{
2211 struct smp_cmd_security_req *rp = (void *) skb->data;
2212 struct smp_cmd_pairing cp;
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002213 struct hci_conn *hcon = conn->hcon;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002214 struct hci_dev *hdev = hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002215 struct smp_chan *smp;
Johan Hedbergc05b9332014-09-10 17:37:42 -07002216 u8 sec_level, auth;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002217
2218 BT_DBG("conn %p", conn);
2219
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002220 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002221 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002222
Johan Hedberg40bef302014-07-16 11:42:27 +03002223 if (hcon->role != HCI_ROLE_MASTER)
Johan Hedberg86ca9ea2013-11-05 11:30:39 +02002224 return SMP_CMD_NOTSUPP;
2225
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002226 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07002227
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002228 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07002229 return SMP_AUTH_REQUIREMENTS;
2230
Johan Hedberg5be5e272014-09-10 17:58:54 -07002231 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07002232 sec_level = BT_SECURITY_MEDIUM;
2233 else
2234 sec_level = authreq_to_seclevel(auth);
2235
Szymon Janc24382a62018-02-26 15:41:53 +01002236 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
2237 /* If link is already encrypted with sufficient security we
2238 * still need refresh encryption as per Core Spec 5.0 Vol 3,
2239 * Part H 2.4.6
2240 */
2241 smp_ltk_encrypt(conn, hcon->sec_level);
Johan Hedberg854f4722014-07-01 18:40:20 +03002242 return 0;
Szymon Janc24382a62018-02-26 15:41:53 +01002243 }
Johan Hedberg854f4722014-07-01 18:40:20 +03002244
Johan Hedbergc7262e72014-06-17 13:07:37 +03002245 if (sec_level > hcon->pending_sec_level)
2246 hcon->pending_sec_level = sec_level;
Vinicius Costa Gomesfeb45eb2011-08-25 20:02:35 -03002247
Johan Hedberg4dab7862012-06-07 14:58:37 +08002248 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002249 return 0;
2250
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002251 smp = smp_chan_create(conn);
Johan Hedbergc29d2442014-06-16 19:25:14 +03002252 if (!smp)
2253 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002254
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002255 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07002256 (auth & SMP_AUTH_BONDING))
Johan Hedberg616d55b2014-07-29 14:18:48 +03002257 return SMP_PAIRING_NOTSUPP;
2258
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002259 skb_pull(skb, sizeof(*rp));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002260
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002261 memset(&cp, 0, sizeof(cp));
Johan Hedbergc05b9332014-09-10 17:37:42 -07002262 build_pairing_cmd(conn, &cp, NULL, auth);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002263
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002264 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2265 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002266
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002267 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002269
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002270 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002271}
2272
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002273int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002274{
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002275 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedbergc68b7f12014-09-06 06:59:10 +03002276 struct l2cap_chan *chan;
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002277 struct smp_chan *smp;
Brian Gix2b64d152011-12-21 16:12:12 -08002278 __u8 authreq;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002279 int ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002280
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002281 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2282
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002283 /* This may be NULL if there's an unexpected disconnection */
2284 if (!conn)
2285 return 1;
2286
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002287 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002288 return 1;
2289
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002290 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002291 return 1;
2292
Johan Hedbergc7262e72014-06-17 13:07:37 +03002293 if (sec_level > hcon->pending_sec_level)
2294 hcon->pending_sec_level = sec_level;
2295
Johan Hedberg40bef302014-07-16 11:42:27 +03002296 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedbergc7262e72014-06-17 13:07:37 +03002297 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2298 return 0;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002299
Johan Hedbergd8949aa2015-09-04 12:22:46 +03002300 chan = conn->smp;
2301 if (!chan) {
2302 BT_ERR("SMP security requested but not available");
2303 return 1;
2304 }
2305
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002306 l2cap_chan_lock(chan);
2307
2308 /* If SMP is already in progress ignore this request */
2309 if (chan->data) {
2310 ret = 0;
2311 goto unlock;
2312 }
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002313
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002314 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002315 if (!smp) {
2316 ret = 1;
2317 goto unlock;
2318 }
Brian Gix2b64d152011-12-21 16:12:12 -08002319
2320 authreq = seclevel_to_authreq(sec_level);
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002321
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002322 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03002323 authreq |= SMP_AUTH_SC;
2324
Johan Hedberg79897d22014-06-01 09:45:24 +03002325 /* Require MITM if IO Capability allows or the security level
2326 * requires it.
Johan Hedberg2e233642014-03-18 15:42:30 +02002327 */
Johan Hedberg79897d22014-06-01 09:45:24 +03002328 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
Johan Hedbergc7262e72014-06-17 13:07:37 +03002329 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
Johan Hedberg2e233642014-03-18 15:42:30 +02002330 authreq |= SMP_AUTH_MITM;
2331
Johan Hedberg40bef302014-07-16 11:42:27 +03002332 if (hcon->role == HCI_ROLE_MASTER) {
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002333 struct smp_cmd_pairing cp;
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002334
Brian Gix2b64d152011-12-21 16:12:12 -08002335 build_pairing_cmd(conn, &cp, NULL, authreq);
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002336 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2337 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002338
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002339 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002340 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002341 } else {
2342 struct smp_cmd_security_req cp;
Brian Gix2b64d152011-12-21 16:12:12 -08002343 cp.auth_req = authreq;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002344 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002345 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002346 }
2347
Johan Hedberg4a74d652014-05-20 09:45:50 +03002348 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002349 ret = 0;
Johan Hedbergedca7922014-03-24 15:54:11 +02002350
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002351unlock:
2352 l2cap_chan_unlock(chan);
2353 return ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002354}
2355
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002356int smp_cancel_and_remove_pairing(struct hci_dev *hdev, bdaddr_t *bdaddr,
2357 u8 addr_type)
Johan Hedbergc81d5552015-10-22 09:38:35 +03002358{
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002359 struct hci_conn *hcon;
2360 struct l2cap_conn *conn;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002361 struct l2cap_chan *chan;
2362 struct smp_chan *smp;
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002363 int err;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002364
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002365 err = hci_remove_ltk(hdev, bdaddr, addr_type);
2366 hci_remove_irk(hdev, bdaddr, addr_type);
2367
2368 hcon = hci_conn_hash_lookup_le(hdev, bdaddr, addr_type);
2369 if (!hcon)
2370 goto done;
2371
2372 conn = hcon->l2cap_data;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002373 if (!conn)
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002374 goto done;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002375
2376 chan = conn->smp;
2377 if (!chan)
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002378 goto done;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002379
2380 l2cap_chan_lock(chan);
2381
2382 smp = chan->data;
2383 if (smp) {
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002384 /* Set keys to NULL to make sure smp_failure() does not try to
2385 * remove and free already invalidated rcu list entries. */
2386 smp->ltk = NULL;
2387 smp->slave_ltk = NULL;
2388 smp->remote_irk = NULL;
2389
Johan Hedbergc81d5552015-10-22 09:38:35 +03002390 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2391 smp_failure(conn, 0);
2392 else
2393 smp_failure(conn, SMP_UNSPECIFIED);
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002394 err = 0;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002395 }
2396
2397 l2cap_chan_unlock(chan);
Matias Karhumaa83e158f2018-09-26 09:13:46 +03002398
2399done:
2400 return err;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002401}
2402
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002403static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2404{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002405 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002406 struct l2cap_chan *chan = conn->smp;
2407 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002408
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002409 BT_DBG("conn %p", conn);
2410
2411 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002412 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002413
Johan Hedbergb28b4942014-09-05 22:19:55 +03002414 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002415
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002416 skb_pull(skb, sizeof(*rp));
2417
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002418 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002419
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002420 return 0;
2421}
2422
2423static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2424{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002425 struct smp_cmd_master_ident *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002426 struct l2cap_chan *chan = conn->smp;
2427 struct smp_chan *smp = chan->data;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002428 struct hci_dev *hdev = conn->hcon->hdev;
2429 struct hci_conn *hcon = conn->hcon;
Johan Hedberg23d0e122014-02-19 14:57:46 +02002430 struct smp_ltk *ltk;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002431 u8 authenticated;
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002432
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002433 BT_DBG("conn %p", conn);
2434
2435 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002436 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002437
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002438 /* Mark the information as received */
2439 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2440
Johan Hedbergb28b4942014-09-05 22:19:55 +03002441 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2442 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
Johan Hedberg196332f2014-09-09 16:21:46 -07002443 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2444 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002445
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002446 skb_pull(skb, sizeof(*rp));
2447
Marcel Holtmannce39fb42013-10-13 02:23:39 -07002448 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
Johan Hedberg2ceba532014-06-16 19:25:16 +03002449 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
Johan Hedberg23d0e122014-02-19 14:57:46 +02002450 authenticated, smp->tk, smp->enc_key_size,
2451 rp->ediv, rp->rand);
2452 smp->ltk = ltk;
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002453 if (!(smp->remote_key_dist & KEY_DIST_MASK))
Johan Hedbergd6268e82014-09-05 22:19:51 +03002454 smp_distribute_keys(smp);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002455
2456 return 0;
2457}
2458
Johan Hedbergfd349c02014-02-18 10:19:36 +02002459static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2460{
2461 struct smp_cmd_ident_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002462 struct l2cap_chan *chan = conn->smp;
2463 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002464
2465 BT_DBG("");
2466
2467 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002468 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002469
Johan Hedbergb28b4942014-09-05 22:19:55 +03002470 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002471
Johan Hedbergfd349c02014-02-18 10:19:36 +02002472 skb_pull(skb, sizeof(*info));
2473
2474 memcpy(smp->irk, info->irk, 16);
2475
2476 return 0;
2477}
2478
2479static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2480 struct sk_buff *skb)
2481{
2482 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002483 struct l2cap_chan *chan = conn->smp;
2484 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002485 struct hci_conn *hcon = conn->hcon;
2486 bdaddr_t rpa;
2487
2488 BT_DBG("");
2489
2490 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002491 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002492
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002493 /* Mark the information as received */
2494 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2495
Johan Hedbergb28b4942014-09-05 22:19:55 +03002496 if (smp->remote_key_dist & SMP_DIST_SIGN)
2497 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2498
Johan Hedbergfd349c02014-02-18 10:19:36 +02002499 skb_pull(skb, sizeof(*info));
2500
Johan Hedberga9a58f82014-02-25 22:24:37 +02002501 /* Strictly speaking the Core Specification (4.1) allows sending
2502 * an empty address which would force us to rely on just the IRK
2503 * as "identity information". However, since such
2504 * implementations are not known of and in order to not over
2505 * complicate our implementation, simply pretend that we never
2506 * received an IRK for such a device.
Johan Hedberge12af482015-01-14 20:51:37 +02002507 *
2508 * The Identity Address must also be a Static Random or Public
2509 * Address, which hci_is_identity_address() checks for.
Johan Hedberga9a58f82014-02-25 22:24:37 +02002510 */
Johan Hedberge12af482015-01-14 20:51:37 +02002511 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2512 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
Johan Hedberga9a58f82014-02-25 22:24:37 +02002513 BT_ERR("Ignoring IRK with no identity address");
Johan Hedberg31dd6242014-06-27 14:23:02 +03002514 goto distribute;
Johan Hedberga9a58f82014-02-25 22:24:37 +02002515 }
2516
Johan Hedbergfd349c02014-02-18 10:19:36 +02002517 bacpy(&smp->id_addr, &info->bdaddr);
2518 smp->id_addr_type = info->addr_type;
2519
2520 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2521 bacpy(&rpa, &hcon->dst);
2522 else
2523 bacpy(&rpa, BDADDR_ANY);
2524
Johan Hedberg23d0e122014-02-19 14:57:46 +02002525 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2526 smp->id_addr_type, smp->irk, &rpa);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002527
Johan Hedberg31dd6242014-06-27 14:23:02 +03002528distribute:
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002529 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2530 smp_distribute_keys(smp);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002531
2532 return 0;
2533}
2534
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002535static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2536{
2537 struct smp_cmd_sign_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002538 struct l2cap_chan *chan = conn->smp;
2539 struct smp_chan *smp = chan->data;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002540 struct smp_csrk *csrk;
2541
2542 BT_DBG("conn %p", conn);
2543
2544 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002545 return SMP_INVALID_PARAMS;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002546
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002547 /* Mark the information as received */
2548 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2549
2550 skb_pull(skb, sizeof(*rp));
2551
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002552 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2553 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02002554 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2555 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2556 else
2557 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002558 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2559 }
2560 smp->csrk = csrk;
Johan Hedbergd6268e82014-09-05 22:19:51 +03002561 smp_distribute_keys(smp);
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002562
2563 return 0;
2564}
2565
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002566static u8 sc_select_method(struct smp_chan *smp)
2567{
2568 struct l2cap_conn *conn = smp->conn;
2569 struct hci_conn *hcon = conn->hcon;
2570 struct smp_cmd_pairing *local, *remote;
2571 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2572
Johan Hedberg1a8bab42015-03-16 11:45:44 +02002573 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2574 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
Johan Hedberga29b0732014-10-28 15:17:05 +01002575 return REQ_OOB;
2576
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002577 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2578 * which are needed as inputs to some crypto functions. To get
2579 * the "struct smp_cmd_pairing" from them we need to skip the
2580 * first byte which contains the opcode.
2581 */
2582 if (hcon->out) {
2583 local = (void *) &smp->preq[1];
2584 remote = (void *) &smp->prsp[1];
2585 } else {
2586 local = (void *) &smp->prsp[1];
2587 remote = (void *) &smp->preq[1];
2588 }
2589
2590 local_io = local->io_capability;
2591 remote_io = remote->io_capability;
2592
2593 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2594 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2595
2596 /* If either side wants MITM, look up the method from the table,
2597 * otherwise use JUST WORKS.
2598 */
2599 if (local_mitm || remote_mitm)
2600 method = get_auth_method(smp, local_io, remote_io);
2601 else
2602 method = JUST_WORKS;
2603
2604 /* Don't confirm locally initiated pairing attempts */
2605 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2606 method = JUST_WORKS;
2607
2608 return method;
2609}
2610
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002611static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2612{
2613 struct smp_cmd_public_key *key = (void *) skb->data;
2614 struct hci_conn *hcon = conn->hcon;
2615 struct l2cap_chan *chan = conn->smp;
2616 struct smp_chan *smp = chan->data;
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002617 struct hci_dev *hdev = hcon->hdev;
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002618 struct smp_cmd_pairing_confirm cfm;
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002619 int err;
2620
2621 BT_DBG("conn %p", conn);
2622
2623 if (skb->len < sizeof(*key))
2624 return SMP_INVALID_PARAMS;
2625
2626 memcpy(smp->remote_pk, key, 64);
2627
Johan Hedberga8ca6172015-03-16 18:12:57 +02002628 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2629 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2630 smp->rr, 0, cfm.confirm_val);
2631 if (err)
2632 return SMP_UNSPECIFIED;
2633
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02002634 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
Johan Hedberga8ca6172015-03-16 18:12:57 +02002635 return SMP_CONFIRM_FAILED;
2636 }
2637
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002638 /* Non-initiating device sends its public key after receiving
2639 * the key from the initiating device.
2640 */
2641 if (!hcon->out) {
2642 err = sc_send_public_key(smp);
2643 if (err)
2644 return err;
2645 }
2646
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002647 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
Marcel Holtmanne0915262015-03-16 12:34:55 -07002648 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002649
2650 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2651 return SMP_UNSPECIFIED;
2652
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002653 SMP_DBG("DHKey %32phN", smp->dhkey);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002654
2655 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2656
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002657 smp->method = sc_select_method(smp);
2658
2659 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2660
2661 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2662 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2663 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2664 else
2665 hcon->pending_sec_level = BT_SECURITY_FIPS;
2666
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02002667 if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
Johan Hedbergaeb7d462014-05-31 18:52:28 +03002668 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2669
Johan Hedberg38606f12014-06-25 11:10:28 +03002670 if (smp->method == DSP_PASSKEY) {
2671 get_random_bytes(&hcon->passkey_notify,
2672 sizeof(hcon->passkey_notify));
2673 hcon->passkey_notify %= 1000000;
2674 hcon->passkey_entered = 0;
2675 smp->passkey_round = 0;
2676 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2677 hcon->dst_type,
2678 hcon->passkey_notify,
2679 hcon->passkey_entered))
2680 return SMP_UNSPECIFIED;
2681 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2682 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2683 }
2684
Johan Hedberg94ea7252015-03-16 11:45:46 +02002685 if (smp->method == REQ_OOB) {
Johan Hedberga29b0732014-10-28 15:17:05 +01002686 if (hcon->out)
2687 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2688 sizeof(smp->prnd), smp->prnd);
2689
2690 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2691
2692 return 0;
2693 }
2694
Johan Hedberg38606f12014-06-25 11:10:28 +03002695 if (hcon->out)
2696 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2697
2698 if (smp->method == REQ_PASSKEY) {
2699 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2700 hcon->dst_type))
2701 return SMP_UNSPECIFIED;
2702 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2703 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2704 return 0;
2705 }
2706
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002707 /* The Initiating device waits for the non-initiating device to
2708 * send the confirm value.
2709 */
2710 if (conn->hcon->out)
2711 return 0;
2712
2713 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2714 0, cfm.confirm_val);
2715 if (err)
2716 return SMP_UNSPECIFIED;
2717
2718 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2719 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2720
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002721 return 0;
2722}
2723
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002724static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2725{
2726 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2727 struct l2cap_chan *chan = conn->smp;
2728 struct hci_conn *hcon = conn->hcon;
2729 struct smp_chan *smp = chan->data;
2730 u8 a[7], b[7], *local_addr, *remote_addr;
2731 u8 io_cap[3], r[16], e[16];
2732 int err;
2733
2734 BT_DBG("conn %p", conn);
2735
2736 if (skb->len < sizeof(*check))
2737 return SMP_INVALID_PARAMS;
2738
2739 memcpy(a, &hcon->init_addr, 6);
2740 memcpy(b, &hcon->resp_addr, 6);
2741 a[6] = hcon->init_addr_type;
2742 b[6] = hcon->resp_addr_type;
2743
2744 if (hcon->out) {
2745 local_addr = a;
2746 remote_addr = b;
2747 memcpy(io_cap, &smp->prsp[1], 3);
2748 } else {
2749 local_addr = b;
2750 remote_addr = a;
2751 memcpy(io_cap, &smp->preq[1], 3);
2752 }
2753
2754 memset(r, 0, sizeof(r));
2755
Johan Hedberg38606f12014-06-25 11:10:28 +03002756 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2757 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg882fafa2015-03-16 11:45:43 +02002758 else if (smp->method == REQ_OOB)
2759 memcpy(r, smp->lr, 16);
Johan Hedberg38606f12014-06-25 11:10:28 +03002760
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002761 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2762 io_cap, remote_addr, local_addr, e);
2763 if (err)
2764 return SMP_UNSPECIFIED;
2765
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02002766 if (crypto_memneq(check->e, e, 16))
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002767 return SMP_DHKEY_CHECK_FAILED;
2768
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002769 if (!hcon->out) {
2770 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2771 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2772 return 0;
2773 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002774
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002775 /* Slave sends DHKey check as response to master */
2776 sc_dhkey_check(smp);
2777 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002778
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002779 sc_add_ltk(smp);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002780
2781 if (hcon->out) {
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002782 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002783 hcon->enc_key_size = smp->enc_key_size;
2784 }
2785
2786 return 0;
2787}
2788
Johan Hedberg1408bb62014-06-04 22:45:57 +03002789static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2790 struct sk_buff *skb)
2791{
2792 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2793
2794 BT_DBG("value 0x%02x", kp->value);
2795
2796 return 0;
2797}
2798
Johan Hedberg4befb862014-08-11 22:06:38 +03002799static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002800{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002801 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002802 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002803 struct smp_chan *smp;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002804 __u8 code, reason;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002805 int err = 0;
2806
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002807 if (skb->len < 1)
Marcel Holtmann92381f52013-10-03 01:23:08 -07002808 return -EILSEQ;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002809
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002810 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002811 reason = SMP_PAIRING_NOTSUPP;
2812 goto done;
2813 }
2814
Marcel Holtmann92381f52013-10-03 01:23:08 -07002815 code = skb->data[0];
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002816 skb_pull(skb, sizeof(code));
2817
Johan Hedbergb28b4942014-09-05 22:19:55 +03002818 smp = chan->data;
2819
2820 if (code > SMP_CMD_MAX)
2821 goto drop;
2822
Johan Hedberg24bd0bd2014-09-10 17:37:43 -07002823 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
Johan Hedbergb28b4942014-09-05 22:19:55 +03002824 goto drop;
2825
2826 /* If we don't have a context the only allowed commands are
2827 * pairing request and security request.
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002828 */
Johan Hedbergb28b4942014-09-05 22:19:55 +03002829 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2830 goto drop;
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002831
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002832 switch (code) {
2833 case SMP_CMD_PAIRING_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002834 reason = smp_cmd_pairing_req(conn, skb);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002835 break;
2836
2837 case SMP_CMD_PAIRING_FAIL:
Johan Hedberg84794e12013-11-06 11:24:57 +02002838 smp_failure(conn, 0);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002839 err = -EPERM;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002840 break;
2841
2842 case SMP_CMD_PAIRING_RSP:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002843 reason = smp_cmd_pairing_rsp(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002844 break;
2845
2846 case SMP_CMD_SECURITY_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002847 reason = smp_cmd_security_req(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002848 break;
2849
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002850 case SMP_CMD_PAIRING_CONFIRM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002851 reason = smp_cmd_pairing_confirm(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002852 break;
2853
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002854 case SMP_CMD_PAIRING_RANDOM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002855 reason = smp_cmd_pairing_random(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002856 break;
2857
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002858 case SMP_CMD_ENCRYPT_INFO:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002859 reason = smp_cmd_encrypt_info(conn, skb);
2860 break;
2861
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002862 case SMP_CMD_MASTER_IDENT:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002863 reason = smp_cmd_master_ident(conn, skb);
2864 break;
2865
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002866 case SMP_CMD_IDENT_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002867 reason = smp_cmd_ident_info(conn, skb);
2868 break;
2869
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002870 case SMP_CMD_IDENT_ADDR_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002871 reason = smp_cmd_ident_addr_info(conn, skb);
2872 break;
2873
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002874 case SMP_CMD_SIGN_INFO:
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002875 reason = smp_cmd_sign_info(conn, skb);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002876 break;
2877
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002878 case SMP_CMD_PUBLIC_KEY:
2879 reason = smp_cmd_public_key(conn, skb);
2880 break;
2881
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002882 case SMP_CMD_DHKEY_CHECK:
2883 reason = smp_cmd_dhkey_check(conn, skb);
2884 break;
2885
Johan Hedberg1408bb62014-06-04 22:45:57 +03002886 case SMP_CMD_KEYPRESS_NOTIFY:
2887 reason = smp_cmd_keypress_notify(conn, skb);
2888 break;
2889
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002890 default:
2891 BT_DBG("Unknown command code 0x%2.2x", code);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002892 reason = SMP_CMD_NOTSUPP;
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002893 goto done;
2894 }
2895
2896done:
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002897 if (!err) {
2898 if (reason)
2899 smp_failure(conn, reason);
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002900 kfree_skb(skb);
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002901 }
2902
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002903 return err;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002904
2905drop:
2906 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2907 code, &hcon->dst);
2908 kfree_skb(skb);
2909 return 0;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002910}
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002911
Johan Hedberg70db83c2014-08-08 09:37:16 +03002912static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2913{
2914 struct l2cap_conn *conn = chan->conn;
2915
2916 BT_DBG("chan %p", chan);
2917
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002918 if (chan->data)
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002919 smp_chan_destroy(conn);
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002920
Johan Hedberg70db83c2014-08-08 09:37:16 +03002921 conn->smp = NULL;
2922 l2cap_chan_put(chan);
2923}
2924
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002925static void bredr_pairing(struct l2cap_chan *chan)
2926{
2927 struct l2cap_conn *conn = chan->conn;
2928 struct hci_conn *hcon = conn->hcon;
2929 struct hci_dev *hdev = hcon->hdev;
2930 struct smp_cmd_pairing req;
2931 struct smp_chan *smp;
2932
2933 BT_DBG("chan %p", chan);
2934
2935 /* Only new pairings are interesting */
2936 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2937 return;
2938
2939 /* Don't bother if we're not encrypted */
2940 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2941 return;
2942
2943 /* Only master may initiate SMP over BR/EDR */
2944 if (hcon->role != HCI_ROLE_MASTER)
2945 return;
2946
2947 /* Secure Connections support must be enabled */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002948 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002949 return;
2950
2951 /* BR/EDR must use Secure Connections for SMP */
2952 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07002953 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002954 return;
2955
2956 /* If our LE support is not enabled don't do anything */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002957 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002958 return;
2959
2960 /* Don't bother if remote LE support is not enabled */
2961 if (!lmp_host_le_capable(hcon))
2962 return;
2963
2964 /* Remote must support SMP fixed chan for BR/EDR */
2965 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2966 return;
2967
2968 /* Don't bother if SMP is already ongoing */
2969 if (chan->data)
2970 return;
2971
2972 smp = smp_chan_create(conn);
2973 if (!smp) {
2974 BT_ERR("%s unable to create SMP context for BR/EDR",
2975 hdev->name);
2976 return;
2977 }
2978
2979 set_bit(SMP_FLAG_SC, &smp->flags);
2980
2981 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2982
2983 /* Prepare and send the BR/EDR SMP Pairing Request */
2984 build_bredr_pairing_cmd(smp, &req, NULL);
2985
2986 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2987 memcpy(&smp->preq[1], &req, sizeof(req));
2988
2989 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2990 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2991}
2992
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002993static void smp_resume_cb(struct l2cap_chan *chan)
2994{
Johan Hedbergb68fda62014-08-11 22:06:40 +03002995 struct smp_chan *smp = chan->data;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002996 struct l2cap_conn *conn = chan->conn;
2997 struct hci_conn *hcon = conn->hcon;
2998
2999 BT_DBG("chan %p", chan);
3000
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003001 if (hcon->type == ACL_LINK) {
3002 bredr_pairing(chan);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003003 return;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003004 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003005
Johan Hedberg86d14072014-08-11 22:06:43 +03003006 if (!smp)
3007 return;
Johan Hedbergb68fda62014-08-11 22:06:40 +03003008
Johan Hedberg84bc0db2014-09-05 22:19:49 +03003009 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3010 return;
3011
Johan Hedberg86d14072014-08-11 22:06:43 +03003012 cancel_delayed_work(&smp->security_timer);
3013
Johan Hedbergd6268e82014-09-05 22:19:51 +03003014 smp_distribute_keys(smp);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003015}
3016
Johan Hedberg70db83c2014-08-08 09:37:16 +03003017static void smp_ready_cb(struct l2cap_chan *chan)
3018{
3019 struct l2cap_conn *conn = chan->conn;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003020 struct hci_conn *hcon = conn->hcon;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003021
3022 BT_DBG("chan %p", chan);
3023
Johan Hedberg78837462015-11-11 21:47:12 +02003024 /* No need to call l2cap_chan_hold() here since we already own
3025 * the reference taken in smp_new_conn_cb(). This is just the
3026 * first time that we tie it to a specific pointer. The code in
3027 * l2cap_core.c ensures that there's no risk this function wont
3028 * get called if smp_new_conn_cb was previously called.
3029 */
Johan Hedberg70db83c2014-08-08 09:37:16 +03003030 conn->smp = chan;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003031
3032 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3033 bredr_pairing(chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003034}
3035
Johan Hedberg4befb862014-08-11 22:06:38 +03003036static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3037{
3038 int err;
3039
3040 BT_DBG("chan %p", chan);
3041
3042 err = smp_sig_channel(chan, skb);
3043 if (err) {
Johan Hedbergb68fda62014-08-11 22:06:40 +03003044 struct smp_chan *smp = chan->data;
Johan Hedberg4befb862014-08-11 22:06:38 +03003045
Johan Hedbergb68fda62014-08-11 22:06:40 +03003046 if (smp)
3047 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg4befb862014-08-11 22:06:38 +03003048
Johan Hedberg1e91c292014-08-18 20:33:29 +03003049 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
Johan Hedberg4befb862014-08-11 22:06:38 +03003050 }
3051
3052 return err;
3053}
3054
Johan Hedberg70db83c2014-08-08 09:37:16 +03003055static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3056 unsigned long hdr_len,
3057 unsigned long len, int nb)
3058{
3059 struct sk_buff *skb;
3060
3061 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3062 if (!skb)
3063 return ERR_PTR(-ENOMEM);
3064
3065 skb->priority = HCI_PRIO_MAX;
Johan Hedberga4368ff2015-03-30 23:21:01 +03003066 bt_cb(skb)->l2cap.chan = chan;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003067
3068 return skb;
3069}
3070
3071static const struct l2cap_ops smp_chan_ops = {
3072 .name = "Security Manager",
3073 .ready = smp_ready_cb,
Johan Hedberg5d88cc72014-08-08 09:37:18 +03003074 .recv = smp_recv_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003075 .alloc_skb = smp_alloc_skb_cb,
3076 .teardown = smp_teardown_cb,
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003077 .resume = smp_resume_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003078
3079 .new_connection = l2cap_chan_no_new_connection,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003080 .state_change = l2cap_chan_no_state_change,
3081 .close = l2cap_chan_no_close,
3082 .defer = l2cap_chan_no_defer,
3083 .suspend = l2cap_chan_no_suspend,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003084 .set_shutdown = l2cap_chan_no_set_shutdown,
3085 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003086};
3087
3088static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3089{
3090 struct l2cap_chan *chan;
3091
3092 BT_DBG("pchan %p", pchan);
3093
3094 chan = l2cap_chan_create();
3095 if (!chan)
3096 return NULL;
3097
3098 chan->chan_type = pchan->chan_type;
3099 chan->ops = &smp_chan_ops;
3100 chan->scid = pchan->scid;
3101 chan->dcid = chan->scid;
3102 chan->imtu = pchan->imtu;
3103 chan->omtu = pchan->omtu;
3104 chan->mode = pchan->mode;
3105
Johan Hedbergabe84902014-11-12 22:22:21 +02003106 /* Other L2CAP channels may request SMP routines in order to
3107 * change the security level. This means that the SMP channel
3108 * lock must be considered in its own category to avoid lockdep
3109 * warnings.
3110 */
3111 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3112
Johan Hedberg70db83c2014-08-08 09:37:16 +03003113 BT_DBG("created chan %p", chan);
3114
3115 return chan;
3116}
3117
3118static const struct l2cap_ops smp_root_chan_ops = {
3119 .name = "Security Manager Root",
3120 .new_connection = smp_new_conn_cb,
3121
3122 /* None of these are implemented for the root channel */
3123 .close = l2cap_chan_no_close,
3124 .alloc_skb = l2cap_chan_no_alloc_skb,
3125 .recv = l2cap_chan_no_recv,
3126 .state_change = l2cap_chan_no_state_change,
3127 .teardown = l2cap_chan_no_teardown,
3128 .ready = l2cap_chan_no_ready,
3129 .defer = l2cap_chan_no_defer,
3130 .suspend = l2cap_chan_no_suspend,
3131 .resume = l2cap_chan_no_resume,
3132 .set_shutdown = l2cap_chan_no_set_shutdown,
3133 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003134};
3135
Johan Hedbergef8efe42014-08-13 15:12:32 +03003136static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003137{
Johan Hedberg70db83c2014-08-08 09:37:16 +03003138 struct l2cap_chan *chan;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003139 struct smp_dev *smp;
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003140 struct crypto_cipher *tfm_aes;
Herbert Xu71af2f62016-01-24 21:18:30 +08003141 struct crypto_shash *tfm_cmac;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003142
Johan Hedbergef8efe42014-08-13 15:12:32 +03003143 if (cid == L2CAP_CID_SMP_BREDR) {
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003144 smp = NULL;
Johan Hedbergef8efe42014-08-13 15:12:32 +03003145 goto create_chan;
3146 }
Johan Hedberg711eafe2014-08-08 09:32:52 +03003147
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003148 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3149 if (!smp)
3150 return ERR_PTR(-ENOMEM);
3151
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003152 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003153 if (IS_ERR(tfm_aes)) {
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003154 BT_ERR("Unable to create AES crypto context");
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003155 kzfree(smp);
Fengguang Wufe700772014-12-08 03:04:38 +08003156 return ERR_CAST(tfm_aes);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003157 }
3158
Herbert Xu71af2f62016-01-24 21:18:30 +08003159 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003160 if (IS_ERR(tfm_cmac)) {
3161 BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003162 crypto_free_cipher(tfm_aes);
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003163 kzfree(smp);
3164 return ERR_CAST(tfm_cmac);
3165 }
3166
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003167 smp->tfm_aes = tfm_aes;
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003168 smp->tfm_cmac = tfm_cmac;
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003169 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
Johan Hedberg2fd36552015-06-11 13:52:26 +03003170 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003171
Johan Hedbergef8efe42014-08-13 15:12:32 +03003172create_chan:
Johan Hedberg70db83c2014-08-08 09:37:16 +03003173 chan = l2cap_chan_create();
3174 if (!chan) {
Marcel Holtmann63511f6d2015-03-17 11:38:24 -07003175 if (smp) {
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003176 crypto_free_cipher(smp->tfm_aes);
Herbert Xu71af2f62016-01-24 21:18:30 +08003177 crypto_free_shash(smp->tfm_cmac);
Marcel Holtmann63511f6d2015-03-17 11:38:24 -07003178 kzfree(smp);
3179 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003180 return ERR_PTR(-ENOMEM);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003181 }
3182
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003183 chan->data = smp;
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003184
Johan Hedbergef8efe42014-08-13 15:12:32 +03003185 l2cap_add_scid(chan, cid);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003186
3187 l2cap_chan_set_defaults(chan);
3188
Marcel Holtmann157029b2015-01-14 15:43:09 -08003189 if (cid == L2CAP_CID_SMP) {
Johan Hedberg39e3e742015-02-20 13:48:24 +02003190 u8 bdaddr_type;
3191
3192 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3193
3194 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
Marcel Holtmann157029b2015-01-14 15:43:09 -08003195 chan->src_type = BDADDR_LE_PUBLIC;
Johan Hedberg39e3e742015-02-20 13:48:24 +02003196 else
3197 chan->src_type = BDADDR_LE_RANDOM;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003198 } else {
3199 bacpy(&chan->src, &hdev->bdaddr);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003200 chan->src_type = BDADDR_BREDR;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003201 }
3202
Johan Hedberg70db83c2014-08-08 09:37:16 +03003203 chan->state = BT_LISTEN;
3204 chan->mode = L2CAP_MODE_BASIC;
3205 chan->imtu = L2CAP_DEFAULT_MTU;
3206 chan->ops = &smp_root_chan_ops;
3207
Johan Hedbergabe84902014-11-12 22:22:21 +02003208 /* Set correct nesting level for a parent/listening channel */
3209 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3210
Johan Hedbergef8efe42014-08-13 15:12:32 +03003211 return chan;
Johan Hedberg711eafe2014-08-08 09:32:52 +03003212}
3213
Johan Hedbergef8efe42014-08-13 15:12:32 +03003214static void smp_del_chan(struct l2cap_chan *chan)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003215{
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003216 struct smp_dev *smp;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003217
Johan Hedbergef8efe42014-08-13 15:12:32 +03003218 BT_DBG("chan %p", chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003219
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003220 smp = chan->data;
3221 if (smp) {
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003222 chan->data = NULL;
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003223 crypto_free_cipher(smp->tfm_aes);
Herbert Xu71af2f62016-01-24 21:18:30 +08003224 crypto_free_shash(smp->tfm_cmac);
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003225 kzfree(smp);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003226 }
Johan Hedberg70db83c2014-08-08 09:37:16 +03003227
Johan Hedberg70db83c2014-08-08 09:37:16 +03003228 l2cap_chan_put(chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003229}
Johan Hedbergef8efe42014-08-13 15:12:32 +03003230
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003231static ssize_t force_bredr_smp_read(struct file *file,
3232 char __user *user_buf,
3233 size_t count, loff_t *ppos)
3234{
3235 struct hci_dev *hdev = file->private_data;
3236 char buf[3];
3237
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003238 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003239 buf[1] = '\n';
3240 buf[2] = '\0';
3241 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3242}
3243
3244static ssize_t force_bredr_smp_write(struct file *file,
3245 const char __user *user_buf,
3246 size_t count, loff_t *ppos)
3247{
3248 struct hci_dev *hdev = file->private_data;
3249 char buf[32];
3250 size_t buf_size = min(count, (sizeof(buf)-1));
3251 bool enable;
3252
3253 if (copy_from_user(buf, user_buf, buf_size))
3254 return -EFAULT;
3255
3256 buf[buf_size] = '\0';
3257 if (strtobool(buf, &enable))
3258 return -EINVAL;
3259
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003260 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003261 return -EALREADY;
3262
3263 if (enable) {
3264 struct l2cap_chan *chan;
3265
3266 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3267 if (IS_ERR(chan))
3268 return PTR_ERR(chan);
3269
3270 hdev->smp_bredr_data = chan;
3271 } else {
3272 struct l2cap_chan *chan;
3273
3274 chan = hdev->smp_bredr_data;
3275 hdev->smp_bredr_data = NULL;
3276 smp_del_chan(chan);
3277 }
3278
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003279 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003280
3281 return count;
3282}
3283
3284static const struct file_operations force_bredr_smp_fops = {
3285 .open = simple_open,
3286 .read = force_bredr_smp_read,
3287 .write = force_bredr_smp_write,
3288 .llseek = default_llseek,
3289};
3290
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003291static ssize_t le_min_key_size_read(struct file *file,
3292 char __user *user_buf,
3293 size_t count, loff_t *ppos)
3294{
3295 struct hci_dev *hdev = file->private_data;
3296 char buf[4];
3297
3298 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3299
3300 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3301}
3302
3303static ssize_t le_min_key_size_write(struct file *file,
3304 const char __user *user_buf,
3305 size_t count, loff_t *ppos)
3306{
3307 struct hci_dev *hdev = file->private_data;
3308 char buf[32];
3309 size_t buf_size = min(count, (sizeof(buf) - 1));
3310 u8 key_size;
3311
3312 if (copy_from_user(buf, user_buf, buf_size))
3313 return -EFAULT;
3314
3315 buf[buf_size] = '\0';
3316
3317 sscanf(buf, "%hhu", &key_size);
3318
3319 if (key_size > SMP_DEV(hdev)->max_key_size ||
3320 key_size < SMP_MIN_ENC_KEY_SIZE)
3321 return -EINVAL;
3322
3323 SMP_DEV(hdev)->min_key_size = key_size;
3324
3325 return count;
3326}
3327
3328static const struct file_operations le_min_key_size_fops = {
3329 .open = simple_open,
3330 .read = le_min_key_size_read,
3331 .write = le_min_key_size_write,
3332 .llseek = default_llseek,
3333};
3334
Johan Hedberg2fd36552015-06-11 13:52:26 +03003335static ssize_t le_max_key_size_read(struct file *file,
3336 char __user *user_buf,
3337 size_t count, loff_t *ppos)
3338{
3339 struct hci_dev *hdev = file->private_data;
3340 char buf[4];
3341
3342 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3343
3344 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3345}
3346
3347static ssize_t le_max_key_size_write(struct file *file,
3348 const char __user *user_buf,
3349 size_t count, loff_t *ppos)
3350{
3351 struct hci_dev *hdev = file->private_data;
3352 char buf[32];
3353 size_t buf_size = min(count, (sizeof(buf) - 1));
3354 u8 key_size;
3355
3356 if (copy_from_user(buf, user_buf, buf_size))
3357 return -EFAULT;
3358
3359 buf[buf_size] = '\0';
3360
3361 sscanf(buf, "%hhu", &key_size);
3362
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003363 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3364 key_size < SMP_DEV(hdev)->min_key_size)
Johan Hedberg2fd36552015-06-11 13:52:26 +03003365 return -EINVAL;
3366
3367 SMP_DEV(hdev)->max_key_size = key_size;
3368
3369 return count;
3370}
3371
3372static const struct file_operations le_max_key_size_fops = {
3373 .open = simple_open,
3374 .read = le_max_key_size_read,
3375 .write = le_max_key_size_write,
3376 .llseek = default_llseek,
3377};
3378
Johan Hedbergef8efe42014-08-13 15:12:32 +03003379int smp_register(struct hci_dev *hdev)
3380{
3381 struct l2cap_chan *chan;
3382
3383 BT_DBG("%s", hdev->name);
3384
Marcel Holtmann7e7ec442015-01-14 15:43:10 -08003385 /* If the controller does not support Low Energy operation, then
3386 * there is also no need to register any SMP channel.
3387 */
3388 if (!lmp_le_capable(hdev))
3389 return 0;
3390
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003391 if (WARN_ON(hdev->smp_data)) {
3392 chan = hdev->smp_data;
3393 hdev->smp_data = NULL;
3394 smp_del_chan(chan);
3395 }
3396
Johan Hedbergef8efe42014-08-13 15:12:32 +03003397 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3398 if (IS_ERR(chan))
3399 return PTR_ERR(chan);
3400
3401 hdev->smp_data = chan;
3402
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003403 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3404 &le_min_key_size_fops);
Johan Hedberg2fd36552015-06-11 13:52:26 +03003405 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3406 &le_max_key_size_fops);
3407
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003408 /* If the controller does not support BR/EDR Secure Connections
3409 * feature, then the BR/EDR SMP channel shall not be present.
3410 *
3411 * To test this with Bluetooth 4.0 controllers, create a debugfs
3412 * switch that allows forcing BR/EDR SMP support and accepting
3413 * cross-transport pairing on non-AES encrypted connections.
3414 */
3415 if (!lmp_sc_capable(hdev)) {
3416 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3417 hdev, &force_bredr_smp_fops);
Szymon Janc83ebb9e2016-09-09 20:24:40 +02003418
3419 /* Flag can be already set here (due to power toggle) */
3420 if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3421 return 0;
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003422 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003423
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003424 if (WARN_ON(hdev->smp_bredr_data)) {
3425 chan = hdev->smp_bredr_data;
3426 hdev->smp_bredr_data = NULL;
3427 smp_del_chan(chan);
3428 }
3429
Johan Hedbergef8efe42014-08-13 15:12:32 +03003430 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3431 if (IS_ERR(chan)) {
3432 int err = PTR_ERR(chan);
3433 chan = hdev->smp_data;
3434 hdev->smp_data = NULL;
3435 smp_del_chan(chan);
3436 return err;
3437 }
3438
3439 hdev->smp_bredr_data = chan;
3440
3441 return 0;
3442}
3443
3444void smp_unregister(struct hci_dev *hdev)
3445{
3446 struct l2cap_chan *chan;
3447
3448 if (hdev->smp_bredr_data) {
3449 chan = hdev->smp_bredr_data;
3450 hdev->smp_bredr_data = NULL;
3451 smp_del_chan(chan);
3452 }
3453
3454 if (hdev->smp_data) {
3455 chan = hdev->smp_data;
3456 hdev->smp_data = NULL;
3457 smp_del_chan(chan);
3458 }
3459}
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003460
3461#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3462
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003463static int __init test_ah(struct crypto_cipher *tfm_aes)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003464{
3465 const u8 irk[16] = {
3466 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3467 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3468 const u8 r[3] = { 0x94, 0x81, 0x70 };
3469 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3470 u8 res[3];
3471 int err;
3472
3473 err = smp_ah(tfm_aes, irk, r, res);
3474 if (err)
3475 return err;
3476
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003477 if (crypto_memneq(res, exp, 3))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003478 return -EINVAL;
3479
3480 return 0;
3481}
3482
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003483static int __init test_c1(struct crypto_cipher *tfm_aes)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003484{
3485 const u8 k[16] = {
3486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3488 const u8 r[16] = {
3489 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3490 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3491 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3492 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3493 const u8 _iat = 0x01;
3494 const u8 _rat = 0x00;
3495 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3496 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3497 const u8 exp[16] = {
3498 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3499 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3500 u8 res[16];
3501 int err;
3502
3503 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3504 if (err)
3505 return err;
3506
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003507 if (crypto_memneq(res, exp, 16))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003508 return -EINVAL;
3509
3510 return 0;
3511}
3512
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003513static int __init test_s1(struct crypto_cipher *tfm_aes)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003514{
3515 const u8 k[16] = {
3516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3518 const u8 r1[16] = {
3519 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3520 const u8 r2[16] = {
3521 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3522 const u8 exp[16] = {
3523 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3524 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3525 u8 res[16];
3526 int err;
3527
3528 err = smp_s1(tfm_aes, k, r1, r2, res);
3529 if (err)
3530 return err;
3531
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003532 if (crypto_memneq(res, exp, 16))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003533 return -EINVAL;
3534
3535 return 0;
3536}
3537
Herbert Xu71af2f62016-01-24 21:18:30 +08003538static int __init test_f4(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003539{
3540 const u8 u[32] = {
3541 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3542 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3543 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3544 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3545 const u8 v[32] = {
3546 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3547 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3548 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3549 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3550 const u8 x[16] = {
3551 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3552 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3553 const u8 z = 0x00;
3554 const u8 exp[16] = {
3555 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3556 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3557 u8 res[16];
3558 int err;
3559
3560 err = smp_f4(tfm_cmac, u, v, x, z, res);
3561 if (err)
3562 return err;
3563
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003564 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003565 return -EINVAL;
3566
3567 return 0;
3568}
3569
Herbert Xu71af2f62016-01-24 21:18:30 +08003570static int __init test_f5(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003571{
3572 const u8 w[32] = {
3573 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3574 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3575 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3576 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3577 const u8 n1[16] = {
3578 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3579 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3580 const u8 n2[16] = {
3581 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3582 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3583 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3584 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3585 const u8 exp_ltk[16] = {
3586 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3587 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3588 const u8 exp_mackey[16] = {
3589 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3590 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3591 u8 mackey[16], ltk[16];
3592 int err;
3593
3594 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3595 if (err)
3596 return err;
3597
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003598 if (crypto_memneq(mackey, exp_mackey, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003599 return -EINVAL;
3600
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003601 if (crypto_memneq(ltk, exp_ltk, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003602 return -EINVAL;
3603
3604 return 0;
3605}
3606
Herbert Xu71af2f62016-01-24 21:18:30 +08003607static int __init test_f6(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003608{
3609 const u8 w[16] = {
3610 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3611 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3612 const u8 n1[16] = {
3613 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3614 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3615 const u8 n2[16] = {
3616 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3617 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3618 const u8 r[16] = {
3619 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3620 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3621 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3622 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3623 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3624 const u8 exp[16] = {
3625 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3626 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3627 u8 res[16];
3628 int err;
3629
3630 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3631 if (err)
3632 return err;
3633
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003634 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003635 return -EINVAL;
3636
3637 return 0;
3638}
3639
Herbert Xu71af2f62016-01-24 21:18:30 +08003640static int __init test_g2(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003641{
3642 const u8 u[32] = {
3643 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3644 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3645 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3646 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3647 const u8 v[32] = {
3648 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3649 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3650 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3651 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3652 const u8 x[16] = {
3653 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3654 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3655 const u8 y[16] = {
3656 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3657 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3658 const u32 exp_val = 0x2f9ed5ba % 1000000;
3659 u32 val;
3660 int err;
3661
3662 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3663 if (err)
3664 return err;
3665
3666 if (val != exp_val)
3667 return -EINVAL;
3668
3669 return 0;
3670}
3671
Herbert Xu71af2f62016-01-24 21:18:30 +08003672static int __init test_h6(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003673{
3674 const u8 w[16] = {
3675 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3676 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3677 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3678 const u8 exp[16] = {
3679 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3680 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3681 u8 res[16];
3682 int err;
3683
3684 err = smp_h6(tfm_cmac, w, key_id, res);
3685 if (err)
3686 return err;
3687
Jason A. Donenfeld3da27a9d2017-06-10 04:59:11 +02003688 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003689 return -EINVAL;
3690
3691 return 0;
3692}
3693
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003694static char test_smp_buffer[32];
3695
3696static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3697 size_t count, loff_t *ppos)
3698{
3699 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3700 strlen(test_smp_buffer));
3701}
3702
3703static const struct file_operations test_smp_fops = {
3704 .open = simple_open,
3705 .read = test_smp_read,
3706 .llseek = default_llseek,
3707};
3708
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003709static int __init run_selftests(struct crypto_cipher *tfm_aes,
Herbert Xu71af2f62016-01-24 21:18:30 +08003710 struct crypto_shash *tfm_cmac)
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003711{
Marcel Holtmann255047b2014-12-30 00:11:20 -08003712 ktime_t calltime, delta, rettime;
3713 unsigned long long duration;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003714 int err;
3715
Marcel Holtmann255047b2014-12-30 00:11:20 -08003716 calltime = ktime_get();
3717
Johan Hedbergcfc41982014-12-30 09:50:40 +02003718 err = test_ah(tfm_aes);
3719 if (err) {
3720 BT_ERR("smp_ah test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003721 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003722 }
3723
3724 err = test_c1(tfm_aes);
3725 if (err) {
3726 BT_ERR("smp_c1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003727 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003728 }
3729
3730 err = test_s1(tfm_aes);
3731 if (err) {
3732 BT_ERR("smp_s1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003733 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003734 }
3735
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003736 err = test_f4(tfm_cmac);
3737 if (err) {
3738 BT_ERR("smp_f4 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003739 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003740 }
3741
3742 err = test_f5(tfm_cmac);
3743 if (err) {
3744 BT_ERR("smp_f5 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003745 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003746 }
3747
3748 err = test_f6(tfm_cmac);
3749 if (err) {
3750 BT_ERR("smp_f6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003751 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003752 }
3753
3754 err = test_g2(tfm_cmac);
3755 if (err) {
3756 BT_ERR("smp_g2 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003757 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003758 }
3759
3760 err = test_h6(tfm_cmac);
3761 if (err) {
3762 BT_ERR("smp_h6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003763 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003764 }
3765
Marcel Holtmann255047b2014-12-30 00:11:20 -08003766 rettime = ktime_get();
3767 delta = ktime_sub(rettime, calltime);
3768 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3769
Marcel Holtmann5ced2462015-01-12 23:09:48 -08003770 BT_INFO("SMP test passed in %llu usecs", duration);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003771
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003772done:
3773 if (!err)
3774 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3775 "PASS (%llu usecs)\n", duration);
3776 else
3777 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3778
3779 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3780 &test_smp_fops);
3781
3782 return err;
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003783}
3784
3785int __init bt_selftest_smp(void)
3786{
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003787 struct crypto_cipher *tfm_aes;
Herbert Xu71af2f62016-01-24 21:18:30 +08003788 struct crypto_shash *tfm_cmac;
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003789 int err;
3790
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003791 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003792 if (IS_ERR(tfm_aes)) {
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003793 BT_ERR("Unable to create AES crypto context");
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003794 return PTR_ERR(tfm_aes);
3795 }
3796
Herbert Xu71af2f62016-01-24 21:18:30 +08003797 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003798 if (IS_ERR(tfm_cmac)) {
3799 BT_ERR("Unable to create CMAC crypto context");
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003800 crypto_free_cipher(tfm_aes);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003801 return PTR_ERR(tfm_cmac);
3802 }
3803
3804 err = run_selftests(tfm_aes, tfm_cmac);
3805
Herbert Xu71af2f62016-01-24 21:18:30 +08003806 crypto_free_shash(tfm_cmac);
Andy Lutomirskia4770e12016-06-26 14:55:23 -07003807 crypto_free_cipher(tfm_aes);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003808
3809 return err;
3810}
3811
3812#endif