blob: ad82324f710f0f97427a51c632e5a8aebfaba292 [file] [log] [blame]
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
Marcel Holtmann300acfde2014-12-31 14:43:16 -080023#include <linux/debugfs.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030024#include <linux/crypto.h>
25#include <linux/scatterlist.h>
26#include <crypto/b128ops.h>
27
Anderson Brigliaeb492e02011-06-09 18:50:40 -030028#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/l2cap.h>
Brian Gix2b64d152011-12-21 16:12:12 -080031#include <net/bluetooth/mgmt.h>
Marcel Holtmannac4b7232013-10-10 14:54:16 -070032
Johan Hedberg3b191462014-06-06 10:50:15 +030033#include "ecc.h"
Marcel Holtmannac4b7232013-10-10 14:54:16 -070034#include "smp.h"
Anderson Brigliad22ef0b2011-06-09 18:50:44 -030035
Johan Hedberg2fd36552015-06-11 13:52:26 +030036#define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
38
Johan Hedbergc7a3d572014-12-01 22:03:16 +020039/* Low-level debug macros to be used for stuff that we don't want
40 * accidentially in dmesg, i.e. the values of the various crypto keys
41 * and the inputs & outputs of crypto functions.
42 */
43#ifdef DEBUG
44#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
45 ##__VA_ARGS__)
46#else
47#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
48 ##__VA_ARGS__)
49#endif
50
Johan Hedbergb28b4942014-09-05 22:19:55 +030051#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
Johan Hedbergb28b4942014-09-05 22:19:55 +030052
Johan Hedberg3b191462014-06-06 10:50:15 +030053/* Keys which are not distributed with Secure Connections */
54#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
55
Marcel Holtmann17b02e62012-03-01 14:32:37 -080056#define SMP_TIMEOUT msecs_to_jiffies(30000)
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -030057
Marcel Holtmannd7a5a112015-03-13 02:11:00 -070058#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
Johan Hedberg0edb14d2014-05-26 13:29:28 +030059 0x1f : 0x07)
60#define KEY_DIST_MASK 0x07
Johan Hedberg065a13e2012-10-11 16:26:06 +020061
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +030062/* Maximum message length that can be passed to aes_cmac */
63#define CMAC_MSG_MAX 80
64
Johan Hedberg533e35d2014-06-16 19:25:18 +030065enum {
66 SMP_FLAG_TK_VALID,
67 SMP_FLAG_CFM_PENDING,
68 SMP_FLAG_MITM_AUTH,
69 SMP_FLAG_COMPLETE,
70 SMP_FLAG_INITIATOR,
Johan Hedberg65668772014-05-16 11:03:34 +030071 SMP_FLAG_SC,
Johan Hedbergd8f8edb2014-06-06 11:09:28 +030072 SMP_FLAG_REMOTE_PK,
Johan Hedbergaeb7d462014-05-31 18:52:28 +030073 SMP_FLAG_DEBUG_KEY,
Johan Hedberg38606f12014-06-25 11:10:28 +030074 SMP_FLAG_WAIT_USER,
Johan Hedbergd3e54a82014-06-04 11:07:40 +030075 SMP_FLAG_DHKEY_PENDING,
Johan Hedberg1a8bab42015-03-16 11:45:44 +020076 SMP_FLAG_REMOTE_OOB,
77 SMP_FLAG_LOCAL_OOB,
Johan Hedberg533e35d2014-06-16 19:25:18 +030078};
Johan Hedberg4bc58f52014-05-20 09:45:47 +030079
Marcel Holtmann88a479d2015-03-16 01:10:19 -070080struct smp_dev {
Marcel Holtmann60a27d62015-03-16 01:10:22 -070081 /* Secure Connections OOB data */
82 u8 local_pk[64];
83 u8 local_sk[32];
Marcel Holtmannfb334fe2015-03-16 12:34:57 -070084 u8 local_rand[16];
Marcel Holtmann60a27d62015-03-16 01:10:22 -070085 bool debug_key;
86
Johan Hedbergb1f663c2015-06-11 13:52:27 +030087 u8 min_key_size;
Johan Hedberg2fd36552015-06-11 13:52:26 +030088 u8 max_key_size;
89
Marcel Holtmann88a479d2015-03-16 01:10:19 -070090 struct crypto_blkcipher *tfm_aes;
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -070091 struct crypto_hash *tfm_cmac;
Marcel Holtmann88a479d2015-03-16 01:10:19 -070092};
93
Johan Hedberg4bc58f52014-05-20 09:45:47 +030094struct smp_chan {
Johan Hedbergb68fda62014-08-11 22:06:40 +030095 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
Johan Hedbergb28b4942014-09-05 22:19:55 +030097 unsigned long allow_cmd; /* Bitmask of allowed commands */
Johan Hedbergb68fda62014-08-11 22:06:40 +030098
Johan Hedberg4bc58f52014-05-20 09:45:47 +030099 u8 preq[7]; /* SMP Pairing Request */
100 u8 prsp[7]; /* SMP Pairing Response */
101 u8 prnd[16]; /* SMP Pairing Random (local) */
102 u8 rrnd[16]; /* SMP Pairing Random (remote) */
103 u8 pcnf[16]; /* SMP Pairing Confirm */
104 u8 tk[16]; /* SMP Temporary Key */
Johan Hedberg882fafa2015-03-16 11:45:43 +0200105 u8 rr[16]; /* Remote OOB ra/rb value */
106 u8 lr[16]; /* Local OOB ra/rb value */
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300107 u8 enc_key_size;
108 u8 remote_key_dist;
109 bdaddr_t id_addr;
110 u8 id_addr_type;
111 u8 irk[16];
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
114 struct smp_ltk *ltk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
Johan Hedberg6a770832014-06-06 11:54:04 +0300117 u8 *link_key;
Johan Hedberg4a74d652014-05-20 09:45:50 +0300118 unsigned long flags;
Johan Hedberg783e0572014-05-31 18:48:26 +0300119 u8 method;
Johan Hedberg38606f12014-06-25 11:10:28 +0300120 u8 passkey_round;
Johan Hedberg6a7bd102014-06-27 14:23:03 +0300121
Johan Hedberg3b191462014-06-06 10:50:15 +0300122 /* Secure Connections variables */
123 u8 local_pk[64];
124 u8 local_sk[32];
Johan Hedbergd8f8edb2014-06-06 11:09:28 +0300125 u8 remote_pk[64];
126 u8 dhkey[32];
Johan Hedberg760b0182014-06-06 11:44:05 +0300127 u8 mackey[16];
Johan Hedberg3b191462014-06-06 10:50:15 +0300128
Johan Hedberg6a7bd102014-06-27 14:23:03 +0300129 struct crypto_blkcipher *tfm_aes;
Johan Hedberg407cecf2014-05-02 14:19:47 +0300130 struct crypto_hash *tfm_cmac;
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300131};
132
Johan Hedbergaeb7d462014-05-31 18:52:28 +0300133/* These debug key values are defined in the SMP section of the core
134 * specification. debug_pk is the public debug key and debug_sk the
135 * private debug key.
136 */
137static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
142
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
147};
148
149static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
154};
155
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300156static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300157{
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300158 size_t i;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300159
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300162}
163
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200164/* The following functions map to the LE SC SMP crypto functions
165 * AES-CMAC, f4, f5, f6, g2 and h6.
166 */
167
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300168static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
170{
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
174 int err;
175
176 if (len > CMAC_MSG_MAX)
177 return -EFBIG;
178
179 if (!tfm) {
180 BT_ERR("tfm %p", tfm);
181 return -EINVAL;
182 }
183
184 desc.tfm = tfm;
185 desc.flags = 0;
186
187 crypto_hash_init(&desc);
188
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300195
196 err = crypto_hash_setkey(tfm, tmp, 16);
197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
202 sg_init_one(&sg, msg_msb, len);
203
204 err = crypto_hash_update(&desc, &sg, len);
205 if (err) {
206 BT_ERR("Hash update error %d", err);
207 return err;
208 }
209
210 err = crypto_hash_final(&desc, mac_msb);
211 if (err) {
212 BT_ERR("Hash final error %d", err);
213 return err;
214 }
215
216 swap_buf(mac_msb, mac, 16);
217
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200218 SMP_DBG("mac %16phN", mac);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300219
220 return 0;
221}
222
223static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
225{
226 u8 m[65];
227 int err;
228
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300232
233 m[0] = z;
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
236
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
238 if (err)
239 return err;
240
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200241 SMP_DBG("res %16phN", res);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300242
243 return err;
244}
245
Johan Hedberg4da50de2014-12-29 12:04:10 +0200246static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
Johan Hedberg760b0182014-06-06 11:44:05 +0300249{
250 /* The btle, salt and length "magic" values are as defined in
251 * the SMP section of the Bluetooth core specification. In ASCII
252 * the btle value ends up being 'btle'. The salt is just a
253 * random number whereas length is the value 256 in little
254 * endian format.
255 */
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
260 u8 m[53], t[16];
261 int err;
262
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300266
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
268 if (err)
269 return err;
270
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200271 SMP_DBG("t %16phN", t);
Johan Hedberg760b0182014-06-06 11:44:05 +0300272
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
279
280 m[52] = 0; /* Counter */
281
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
283 if (err)
284 return err;
285
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200286 SMP_DBG("mackey %16phN", mackey);
Johan Hedberg760b0182014-06-06 11:44:05 +0300287
288 m[52] = 1; /* Counter */
289
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
291 if (err)
292 return err;
293
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200294 SMP_DBG("ltk %16phN", ltk);
Johan Hedberg760b0182014-06-06 11:44:05 +0300295
296 return 0;
297}
298
299static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
Johan Hedberg4da50de2014-12-29 12:04:10 +0200300 const u8 n1[16], const u8 n2[16], const u8 r[16],
Johan Hedberg760b0182014-06-06 11:44:05 +0300301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
302 u8 res[16])
303{
304 u8 m[65];
305 int err;
306
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300310
311 memcpy(m, a2, 7);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
317
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
319 if (err)
320 return err;
321
Marcel Holtmann203de212014-12-31 20:01:22 -0800322 SMP_DBG("res %16phN", res);
Johan Hedberg760b0182014-06-06 11:44:05 +0300323
324 return err;
325}
326
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300327static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
329{
330 u8 m[80], tmp[16];
331 int err;
332
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300336
337 memcpy(m, y, 16);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
340
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
342 if (err)
343 return err;
344
345 *val = get_unaligned_le32(tmp);
346 *val %= 1000000;
347
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200348 SMP_DBG("val %06u", *val);
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300349
350 return 0;
351}
352
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200353static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355{
356 int err;
357
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 SMP_DBG("res %16phN", res);
365
366 return err;
367}
368
369/* The following functions map to the legacy SMP crypto functions e, c1,
370 * s1 and ah.
371 */
372
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300373static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
374{
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
Johan Hedberg943a7322014-03-18 12:58:24 +0200377 uint8_t tmp[16], data[16];
Johan Hedberg201a5922013-12-02 10:49:04 +0200378 int err;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300379
Johan Hedberg011c3912015-05-19 21:06:04 +0300380 SMP_DBG("k %16phN r %16phN", k, r);
381
Johan Hedberg7f376cd2014-12-03 16:07:13 +0200382 if (!tfm) {
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300383 BT_ERR("tfm %p", tfm);
384 return -EINVAL;
385 }
386
387 desc.tfm = tfm;
388 desc.flags = 0;
389
Johan Hedberg943a7322014-03-18 12:58:24 +0200390 /* The most significant octet of key corresponds to k[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300391 swap_buf(k, tmp, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200392
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300394 if (err) {
395 BT_ERR("cipher setkey failed: %d", err);
396 return err;
397 }
398
Johan Hedberg943a7322014-03-18 12:58:24 +0200399 /* Most significant octet of plaintextData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300400 swap_buf(r, data, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200401
402 sg_init_one(&sg, data, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300403
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
405 if (err)
406 BT_ERR("Encrypt data error %d", err);
407
Johan Hedberg943a7322014-03-18 12:58:24 +0200408 /* Most significant octet of encryptedData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300409 swap_buf(data, r, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200410
Johan Hedberg011c3912015-05-19 21:06:04 +0300411 SMP_DBG("r %16phN", r);
412
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300413 return err;
414}
415
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200416static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
419{
420 u8 p1[16], p2[16];
421 int err;
422
Johan Hedberg011c3912015-05-19 21:06:04 +0300423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200427 memset(p1, 0, 16);
428
429 /* p1 = pres || preq || _rat || _iat */
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
Johan Hedberg011c3912015-05-19 21:06:04 +0300435 SMP_DBG("p1 %16phN", p1);
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200436
437 /* res = r XOR p1 */
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
444 return err;
445 }
446
Johan Hedberg011c3912015-05-19 21:06:04 +0300447 /* p2 = padding || ia || ra */
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
465static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
Johan Hedberg6a770832014-06-06 11:54:04 +0300467{
468 int err;
469
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200470 /* Just least significant octets from r1 and r2 are considered */
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
Johan Hedberg6a770832014-06-06 11:54:04 +0300473
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200474 err = smp_e(tfm_aes, k, _r);
Johan Hedberg6a770832014-06-06 11:54:04 +0300475 if (err)
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200476 BT_ERR("Encrypt data error");
Johan Hedberg6a770832014-06-06 11:54:04 +0300477
478 return err;
479}
480
Johan Hedbergcd082792014-12-02 13:37:41 +0200481static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
Johan Hedberg60478052014-02-18 10:19:31 +0200483{
Johan Hedberg943a7322014-03-18 12:58:24 +0200484 u8 _res[16];
Johan Hedberg60478052014-02-18 10:19:31 +0200485 int err;
486
487 /* r' = padding || r */
Johan Hedberg943a7322014-03-18 12:58:24 +0200488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
Johan Hedberg60478052014-02-18 10:19:31 +0200490
Johan Hedberg943a7322014-03-18 12:58:24 +0200491 err = smp_e(tfm, irk, _res);
Johan Hedberg60478052014-02-18 10:19:31 +0200492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497 /* The output of the random address function ah is:
498 * ah(h, r) = e(k, r') mod 2^24
499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
501 * result of ah.
502 */
Johan Hedberg943a7322014-03-18 12:58:24 +0200503 memcpy(res, _res, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200504
505 return 0;
506}
507
Johan Hedbergcd082792014-12-02 13:37:41 +0200508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
Johan Hedberg60478052014-02-18 10:19:31 +0200510{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300511 struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700512 struct smp_dev *smp;
Johan Hedberg60478052014-02-18 10:19:31 +0200513 u8 hash[3];
514 int err;
515
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300516 if (!chan || !chan->data)
517 return false;
518
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700519 smp = chan->data;
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300520
Johan Hedberg60478052014-02-18 10:19:31 +0200521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
Johan Hedberg60478052014-02-18 10:19:31 +0200524 if (err)
525 return false;
526
527 return !memcmp(bdaddr->b, hash, 3);
528}
529
Johan Hedbergcd082792014-12-02 13:37:41 +0200530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200531{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300532 struct l2cap_chan *chan = hdev->smp_data;
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700533 struct smp_dev *smp;
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200534 int err;
535
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700539 smp = chan->data;
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300540
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
545
Marcel Holtmann88a479d2015-03-16 01:10:19 -0700546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
573 /* Generate local key pair for Secure Connections */
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
575 return -EIO;
576
577 /* This is unlikely, but we need to check that
578 * we didn't accidentially generate a debug key.
579 */
580 if (memcmp(smp->local_sk, debug_sk, 32))
581 break;
582 }
583 smp->debug_key = false;
584 }
585
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
589
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700590 get_random_bytes(smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700591
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700593 smp->local_rand, 0, hash);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700594 if (err < 0)
595 return err;
596
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700597 memcpy(rand, smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700598
599 return 0;
600}
601
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300602static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
603{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300604 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300605 struct smp_chan *smp;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300606 struct kvec iv[2];
607 struct msghdr msg;
608
609 if (!chan)
610 return;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300611
612 BT_DBG("code 0x%2.2x", code);
613
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300614 iv[0].iov_base = &code;
615 iv[0].iov_len = 1;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300616
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300617 iv[1].iov_base = data;
618 iv[1].iov_len = len;
619
620 memset(&msg, 0, sizeof(msg));
621
Al Viro17836392014-11-24 17:07:38 -0500622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300623
624 l2cap_chan_send(chan, &msg, 1 + len);
Vinicius Costa Gomese2dcd112011-08-19 21:06:50 -0300625
Johan Hedbergb68fda62014-08-11 22:06:40 +0300626 if (!chan->data)
627 return;
628
629 smp = chan->data;
630
631 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg1b0921d2014-09-05 22:19:48 +0300632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300633}
634
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300635static u8 authreq_to_seclevel(u8 authreq)
Brian Gix2b64d152011-12-21 16:12:12 -0800636{
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
640 else
641 return BT_SECURITY_HIGH;
642 } else {
Brian Gix2b64d152011-12-21 16:12:12 -0800643 return BT_SECURITY_MEDIUM;
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300644 }
Brian Gix2b64d152011-12-21 16:12:12 -0800645}
646
647static __u8 seclevel_to_authreq(__u8 sec_level)
648{
649 switch (sec_level) {
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300650 case BT_SECURITY_FIPS:
Brian Gix2b64d152011-12-21 16:12:12 -0800651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
655 default:
656 return SMP_AUTH_NONE;
657 }
658}
659
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300660static void build_pairing_cmd(struct l2cap_conn *conn,
Marcel Holtmannf1560462013-10-13 05:43:25 -0700661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300663{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300669
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -0700671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300673 authreq |= SMP_AUTH_BONDING;
Brian Gix2b64d152011-12-21 16:12:12 -0800674 } else {
675 authreq &= ~SMP_AUTH_BONDING;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300676 }
677
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergfd349c02014-02-18 10:19:36 +0200679 remote_dist |= SMP_DIST_ID_KEY;
680
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedberg863efaf2014-02-22 19:06:32 +0200682 local_dist |= SMP_DIST_ID_KEY;
683
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
687 u8 bdaddr_type;
688
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
692 }
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100693
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
696 else
697 bdaddr_type = BDADDR_LE_RANDOM;
698
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
700 bdaddr_type);
Marcel Holtmann4775a4e2015-01-31 00:15:52 -0800701 if (oob_data && oob_data->present) {
Johan Hedberg1a8bab42015-03-16 11:45:44 +0200702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100703 oob_flag = SMP_OOB_PRESENT;
Johan Hedberga29b0732014-10-28 15:17:05 +0100704 memcpy(smp->rr, oob_data->rand256, 16);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100705 memcpy(smp->pcnf, oob_data->hash256, 16);
Marcel Holtmannbc07cd62015-03-16 12:34:56 -0700706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100708 }
709
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300710 } else {
711 authreq &= ~SMP_AUTH_SC;
712 }
713
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300714 if (rsp == NULL) {
715 req->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100716 req->oob_flag = oob_flag;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200721
722 smp->remote_key_dist = remote_dist;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300723 return;
724 }
725
726 rsp->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100727 rsp->oob_flag = oob_flag;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200732
733 smp->remote_key_dist = rsp->init_key_dist;
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300734}
735
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300736static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
737{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300738 struct l2cap_chan *chan = conn->smp;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300739 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300740 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -0300741
Johan Hedberg2fd36552015-06-11 13:52:26 +0300742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300744 return SMP_ENC_KEY_SIZE;
745
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300746 smp->enc_key_size = max_key_size;
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300747
748 return 0;
749}
750
Johan Hedberg6f48e262014-08-11 22:06:44 +0300751static void smp_chan_destroy(struct l2cap_conn *conn)
752{
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
Johan Hedberg923e2412014-12-03 12:43:39 +0200755 struct hci_conn *hcon = conn->hcon;
Johan Hedberg6f48e262014-08-11 22:06:44 +0300756 bool complete;
757
758 BUG_ON(!smp);
759
760 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300761
Johan Hedberg6f48e262014-08-11 22:06:44 +0300762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
Johan Hedberg923e2412014-12-03 12:43:39 +0200763 mgmt_smp_complete(hcon, complete);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300764
Marcel Holtmann276812e2015-03-16 01:10:18 -0700765 kzfree(smp->csrk);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300768
769 crypto_free_blkcipher(smp->tfm_aes);
Johan Hedberg407cecf2014-05-02 14:19:47 +0300770 crypto_free_hash(smp->tfm_cmac);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300771
Johan Hedberg923e2412014-12-03 12:43:39 +0200772 /* Ensure that we don't leave any debug key around if debug key
773 * support hasn't been explicitly enabled.
774 */
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
Johan Hedberg923e2412014-12-03 12:43:39 +0200777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
779 smp->ltk = NULL;
780 }
781
Johan Hedberg6f48e262014-08-11 22:06:44 +0300782 /* If pairing failed clean up any keys we might have */
783 if (!complete) {
784 if (smp->ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300787 }
788
789 if (smp->slave_ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300792 }
793
794 if (smp->remote_irk) {
Johan Hedbergadae20c2014-11-13 14:37:48 +0200795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300797 }
798 }
799
800 chan->data = NULL;
Marcel Holtmann276812e2015-03-16 01:10:18 -0700801 kzfree(smp);
Johan Hedberg923e2412014-12-03 12:43:39 +0200802 hci_conn_drop(hcon);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300803}
804
Johan Hedberg84794e12013-11-06 11:24:57 +0200805static void smp_failure(struct l2cap_conn *conn, u8 reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800806{
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200807 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300808 struct l2cap_chan *chan = conn->smp;
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200809
Johan Hedberg84794e12013-11-06 11:24:57 +0200810 if (reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
Marcel Holtmannf1560462013-10-13 05:43:25 -0700812 &reason);
Brian Gix4f957a72011-11-23 08:28:36 -0800813
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700814 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
Johan Hedberge1e930f2014-09-08 17:09:49 -0700815 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300816
Johan Hedbergfc75cc82014-09-05 22:19:52 +0300817 if (chan->data)
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300818 smp_chan_destroy(conn);
Brian Gix4f957a72011-11-23 08:28:36 -0800819}
820
Brian Gix2b64d152011-12-21 16:12:12 -0800821#define JUST_WORKS 0x00
822#define JUST_CFM 0x01
823#define REQ_PASSKEY 0x02
824#define CFM_PASSKEY 0x03
825#define REQ_OOB 0x04
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300826#define DSP_PASSKEY 0x05
Brian Gix2b64d152011-12-21 16:12:12 -0800827#define OVERLAP 0xFF
828
829static const u8 gen_method[5][5] = {
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
832 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
833 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
834 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
835};
836
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300837static const u8 sc_method[5][5] = {
838 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
839 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
840 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
841 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
842 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
843};
844
Johan Hedberg581370c2014-06-17 13:07:38 +0300845static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
846{
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300847 /* If either side has unknown io_caps, use JUST_CFM (which gets
848 * converted later to JUST_WORKS if we're initiators.
849 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300850 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
851 remote_io > SMP_IO_KEYBOARD_DISPLAY)
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300852 return JUST_CFM;
Johan Hedberg581370c2014-06-17 13:07:38 +0300853
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300854 if (test_bit(SMP_FLAG_SC, &smp->flags))
855 return sc_method[remote_io][local_io];
856
Johan Hedberg581370c2014-06-17 13:07:38 +0300857 return gen_method[remote_io][local_io];
858}
859
Brian Gix2b64d152011-12-21 16:12:12 -0800860static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
861 u8 local_io, u8 remote_io)
862{
863 struct hci_conn *hcon = conn->hcon;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300864 struct l2cap_chan *chan = conn->smp;
865 struct smp_chan *smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -0800866 u32 passkey = 0;
867 int ret = 0;
868
869 /* Initialize key for JUST WORKS */
870 memset(smp->tk, 0, sizeof(smp->tk));
Johan Hedberg4a74d652014-05-20 09:45:50 +0300871 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800872
873 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
874
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300875 /* If neither side wants MITM, either "just" confirm an incoming
876 * request or use just-works for outgoing ones. The JUST_CFM
877 * will be converted to JUST_WORKS if necessary later in this
878 * function. If either side has MITM look up the method from the
879 * table.
880 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300881 if (!(auth & SMP_AUTH_MITM))
Johan Hedberg783e0572014-05-31 18:48:26 +0300882 smp->method = JUST_CFM;
Brian Gix2b64d152011-12-21 16:12:12 -0800883 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300884 smp->method = get_auth_method(smp, local_io, remote_io);
Brian Gix2b64d152011-12-21 16:12:12 -0800885
Johan Hedberga82505c2014-03-24 14:39:07 +0200886 /* Don't confirm locally initiated pairing attempts */
Johan Hedberg783e0572014-05-31 18:48:26 +0300887 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
888 &smp->flags))
889 smp->method = JUST_WORKS;
Johan Hedberga82505c2014-03-24 14:39:07 +0200890
Johan Hedberg02f3e252014-07-16 15:09:13 +0300891 /* Don't bother user space with no IO capabilities */
Johan Hedberg783e0572014-05-31 18:48:26 +0300892 if (smp->method == JUST_CFM &&
893 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
894 smp->method = JUST_WORKS;
Johan Hedberg02f3e252014-07-16 15:09:13 +0300895
Brian Gix2b64d152011-12-21 16:12:12 -0800896 /* If Just Works, Continue with Zero TK */
Johan Hedberg783e0572014-05-31 18:48:26 +0300897 if (smp->method == JUST_WORKS) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300898 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800899 return 0;
900 }
901
Johan Hedberg19c5ce92015-03-15 19:34:04 +0200902 /* If this function is used for SC -> legacy fallback we
903 * can only recover the just-works case.
904 */
905 if (test_bit(SMP_FLAG_SC, &smp->flags))
906 return -EINVAL;
907
Brian Gix2b64d152011-12-21 16:12:12 -0800908 /* Not Just Works/Confirm results in MITM Authentication */
Johan Hedberg783e0572014-05-31 18:48:26 +0300909 if (smp->method != JUST_CFM) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300910 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
Johan Hedberg5eb596f2014-09-18 11:26:32 +0300911 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
912 hcon->pending_sec_level = BT_SECURITY_HIGH;
913 }
Brian Gix2b64d152011-12-21 16:12:12 -0800914
915 /* If both devices have Keyoard-Display I/O, the master
916 * Confirms and the slave Enters the passkey.
917 */
Johan Hedberg783e0572014-05-31 18:48:26 +0300918 if (smp->method == OVERLAP) {
Johan Hedberg40bef302014-07-16 11:42:27 +0300919 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg783e0572014-05-31 18:48:26 +0300920 smp->method = CFM_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800921 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300922 smp->method = REQ_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800923 }
924
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200925 /* Generate random passkey. */
Johan Hedberg783e0572014-05-31 18:48:26 +0300926 if (smp->method == CFM_PASSKEY) {
Johan Hedberg943a7322014-03-18 12:58:24 +0200927 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -0800928 get_random_bytes(&passkey, sizeof(passkey));
929 passkey %= 1000000;
Johan Hedberg943a7322014-03-18 12:58:24 +0200930 put_unaligned_le32(passkey, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -0800931 BT_DBG("PassKey: %d", passkey);
Johan Hedberg4a74d652014-05-20 09:45:50 +0300932 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800933 }
934
Johan Hedberg783e0572014-05-31 18:48:26 +0300935 if (smp->method == REQ_PASSKEY)
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700936 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200937 hcon->type, hcon->dst_type);
Johan Hedberg783e0572014-05-31 18:48:26 +0300938 else if (smp->method == JUST_CFM)
Johan Hedberg4eb65e62014-03-24 14:39:05 +0200939 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
940 hcon->type, hcon->dst_type,
941 passkey, 1);
Brian Gix2b64d152011-12-21 16:12:12 -0800942 else
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200943 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200944 hcon->type, hcon->dst_type,
Johan Hedberg39adbff2014-03-20 08:18:14 +0200945 passkey, 0);
Brian Gix2b64d152011-12-21 16:12:12 -0800946
Brian Gix2b64d152011-12-21 16:12:12 -0800947 return ret;
948}
949
Johan Hedberg1cc61142014-05-20 09:45:52 +0300950static u8 smp_confirm(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300951{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300952 struct l2cap_conn *conn = smp->conn;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300953 struct smp_cmd_pairing_confirm cp;
954 int ret;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300955
956 BT_DBG("conn %p", conn);
957
Johan Hedberge491eaf2014-10-25 21:15:37 +0200958 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200959 conn->hcon->init_addr_type, &conn->hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200960 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
961 cp.confirm_val);
Johan Hedberg1cc61142014-05-20 09:45:52 +0300962 if (ret)
963 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300964
Johan Hedberg4a74d652014-05-20 09:45:50 +0300965 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800966
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300967 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
968
Johan Hedbergb28b4942014-09-05 22:19:55 +0300969 if (conn->hcon->out)
970 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
971 else
972 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
973
Johan Hedberg1cc61142014-05-20 09:45:52 +0300974 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300975}
976
Johan Hedberg861580a2014-05-20 09:45:51 +0300977static u8 smp_random(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300978{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300979 struct l2cap_conn *conn = smp->conn;
980 struct hci_conn *hcon = conn->hcon;
Johan Hedberg861580a2014-05-20 09:45:51 +0300981 u8 confirm[16];
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300982 int ret;
983
Johan Hedbergec70f362014-06-27 14:23:04 +0300984 if (IS_ERR_OR_NULL(smp->tfm_aes))
Johan Hedberg861580a2014-05-20 09:45:51 +0300985 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300986
987 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
988
Johan Hedberge491eaf2014-10-25 21:15:37 +0200989 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200990 hcon->init_addr_type, &hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200991 hcon->resp_addr_type, &hcon->resp_addr, confirm);
Johan Hedberg861580a2014-05-20 09:45:51 +0300992 if (ret)
993 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300994
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300995 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
996 BT_ERR("Pairing failed (confirmation values mismatch)");
Johan Hedberg861580a2014-05-20 09:45:51 +0300997 return SMP_CONFIRM_FAILED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300998 }
999
1000 if (hcon->out) {
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -08001001 u8 stk[16];
1002 __le64 rand = 0;
1003 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001004
Johan Hedberge491eaf2014-10-25 21:15:37 +02001005 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001006
Johan Hedberg861580a2014-05-20 09:45:51 +03001007 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1008 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001009
Johan Hedberg8b76ce32015-06-08 18:14:39 +03001010 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -03001011 hcon->enc_key_size = smp->enc_key_size;
Johan Hedbergfe59a052014-07-01 19:14:12 +03001012 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001013 } else {
Johan Hedbergfff34902014-06-10 15:19:50 +03001014 u8 stk[16], auth;
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -08001015 __le64 rand = 0;
1016 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001017
Johan Hedberg943a7322014-03-18 12:58:24 +02001018 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1019 smp->prnd);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001020
Johan Hedberge491eaf2014-10-25 21:15:37 +02001021 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001022
Johan Hedbergfff34902014-06-10 15:19:50 +03001023 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1024 auth = 1;
1025 else
1026 auth = 0;
1027
Johan Hedberg7d5843b2014-06-16 19:25:15 +03001028 /* Even though there's no _SLAVE suffix this is the
1029 * slave STK we're adding for later lookup (the master
1030 * STK never needs to be stored).
1031 */
Marcel Holtmannce39fb42013-10-13 02:23:39 -07001032 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedberg2ceba532014-06-16 19:25:16 +03001033 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001034 }
1035
Johan Hedberg861580a2014-05-20 09:45:51 +03001036 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001037}
1038
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001039static void smp_notify_keys(struct l2cap_conn *conn)
1040{
1041 struct l2cap_chan *chan = conn->smp;
1042 struct smp_chan *smp = chan->data;
1043 struct hci_conn *hcon = conn->hcon;
1044 struct hci_dev *hdev = hcon->hdev;
1045 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1046 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1047 bool persistent;
1048
1049 if (smp->remote_irk) {
1050 mgmt_new_irk(hdev, smp->remote_irk);
1051 /* Now that user space can be considered to know the
1052 * identity address track the connection based on it
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001053 * from now on (assuming this is an LE link).
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001054 */
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001055 if (hcon->type == LE_LINK) {
1056 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1057 hcon->dst_type = smp->remote_irk->addr_type;
1058 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1059 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001060
1061 /* When receiving an indentity resolving key for
1062 * a remote device that does not use a resolvable
1063 * private address, just remove the key so that
1064 * it is possible to use the controller white
1065 * list for scanning.
1066 *
1067 * Userspace will have been told to not store
1068 * this key at this point. So it is safe to
1069 * just remove it.
1070 */
1071 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
Johan Hedbergadae20c2014-11-13 14:37:48 +02001072 list_del_rcu(&smp->remote_irk->list);
1073 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001074 smp->remote_irk = NULL;
1075 }
1076 }
1077
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001078 if (hcon->type == ACL_LINK) {
1079 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1080 persistent = false;
1081 else
1082 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1083 &hcon->flags);
1084 } else {
1085 /* The LTKs and CSRKs should be persistent only if both sides
1086 * had the bonding bit set in their authentication requests.
1087 */
1088 persistent = !!((req->auth_req & rsp->auth_req) &
1089 SMP_AUTH_BONDING);
1090 }
1091
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001092
1093 if (smp->csrk) {
1094 smp->csrk->bdaddr_type = hcon->dst_type;
1095 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1096 mgmt_new_csrk(hdev, smp->csrk, persistent);
1097 }
1098
1099 if (smp->slave_csrk) {
1100 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1101 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1102 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1103 }
1104
1105 if (smp->ltk) {
1106 smp->ltk->bdaddr_type = hcon->dst_type;
1107 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1108 mgmt_new_ltk(hdev, smp->ltk, persistent);
1109 }
1110
1111 if (smp->slave_ltk) {
1112 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1113 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1114 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1115 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001116
1117 if (smp->link_key) {
Johan Hedberge3befab2014-06-01 16:33:39 +03001118 struct link_key *key;
1119 u8 type;
1120
1121 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1122 type = HCI_LK_DEBUG_COMBINATION;
1123 else if (hcon->sec_level == BT_SECURITY_FIPS)
1124 type = HCI_LK_AUTH_COMBINATION_P256;
1125 else
1126 type = HCI_LK_UNAUTH_COMBINATION_P256;
1127
1128 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1129 smp->link_key, type, 0, &persistent);
1130 if (key) {
1131 mgmt_new_link_key(hdev, key, persistent);
1132
1133 /* Don't keep debug keys around if the relevant
1134 * flag is not set.
1135 */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001136 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
Johan Hedberge3befab2014-06-01 16:33:39 +03001137 key->type == HCI_LK_DEBUG_COMBINATION) {
1138 list_del_rcu(&key->list);
1139 kfree_rcu(key, rcu);
1140 }
1141 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001142 }
1143}
1144
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001145static void sc_add_ltk(struct smp_chan *smp)
1146{
1147 struct hci_conn *hcon = smp->conn->hcon;
1148 u8 key_type, auth;
1149
1150 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1151 key_type = SMP_LTK_P256_DEBUG;
1152 else
1153 key_type = SMP_LTK_P256;
1154
1155 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1156 auth = 1;
1157 else
1158 auth = 0;
1159
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001160 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1161 key_type, auth, smp->tk, smp->enc_key_size,
1162 0, 0);
1163}
1164
Johan Hedberg6a770832014-06-06 11:54:04 +03001165static void sc_generate_link_key(struct smp_chan *smp)
1166{
1167 /* These constants are as specified in the core specification.
1168 * In ASCII they spell out to 'tmp1' and 'lebr'.
1169 */
1170 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1171 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1172
1173 smp->link_key = kzalloc(16, GFP_KERNEL);
1174 if (!smp->link_key)
1175 return;
1176
1177 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
Marcel Holtmann276812e2015-03-16 01:10:18 -07001178 kzfree(smp->link_key);
Johan Hedberg6a770832014-06-06 11:54:04 +03001179 smp->link_key = NULL;
1180 return;
1181 }
1182
1183 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
Marcel Holtmann276812e2015-03-16 01:10:18 -07001184 kzfree(smp->link_key);
Johan Hedberg6a770832014-06-06 11:54:04 +03001185 smp->link_key = NULL;
1186 return;
1187 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001188}
1189
Johan Hedbergb28b4942014-09-05 22:19:55 +03001190static void smp_allow_key_dist(struct smp_chan *smp)
1191{
1192 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1193 * will be allowed in each PDU handler to ensure we receive
1194 * them in the correct order.
1195 */
1196 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1200 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1201 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1202}
1203
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001204static void sc_generate_ltk(struct smp_chan *smp)
1205{
1206 /* These constants are as specified in the core specification.
1207 * In ASCII they spell out to 'tmp2' and 'brle'.
1208 */
1209 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1210 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1211 struct hci_conn *hcon = smp->conn->hcon;
1212 struct hci_dev *hdev = hcon->hdev;
1213 struct link_key *key;
1214
1215 key = hci_find_link_key(hdev, &hcon->dst);
1216 if (!key) {
1217 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1218 return;
1219 }
1220
1221 if (key->type == HCI_LK_DEBUG_COMBINATION)
1222 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1223
1224 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1225 return;
1226
1227 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1228 return;
1229
1230 sc_add_ltk(smp);
1231}
1232
Johan Hedbergd6268e82014-09-05 22:19:51 +03001233static void smp_distribute_keys(struct smp_chan *smp)
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001234{
1235 struct smp_cmd_pairing *req, *rsp;
Johan Hedberg86d14072014-08-11 22:06:43 +03001236 struct l2cap_conn *conn = smp->conn;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001237 struct hci_conn *hcon = conn->hcon;
1238 struct hci_dev *hdev = hcon->hdev;
1239 __u8 *keydist;
1240
1241 BT_DBG("conn %p", conn);
1242
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001243 rsp = (void *) &smp->prsp[1];
1244
1245 /* The responder sends its keys first */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001246 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1247 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001248 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001249 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001250
1251 req = (void *) &smp->preq[1];
1252
1253 if (hcon->out) {
1254 keydist = &rsp->init_key_dist;
1255 *keydist &= req->init_key_dist;
1256 } else {
1257 keydist = &rsp->resp_key_dist;
1258 *keydist &= req->resp_key_dist;
1259 }
1260
Johan Hedberg6a770832014-06-06 11:54:04 +03001261 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001262 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
Johan Hedberg6a770832014-06-06 11:54:04 +03001263 sc_generate_link_key(smp);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001264 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1265 sc_generate_ltk(smp);
Johan Hedberg6a770832014-06-06 11:54:04 +03001266
1267 /* Clear the keys which are generated but not distributed */
1268 *keydist &= ~SMP_SC_NO_DIST;
1269 }
1270
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001271 BT_DBG("keydist 0x%x", *keydist);
1272
1273 if (*keydist & SMP_DIST_ENC_KEY) {
1274 struct smp_cmd_encrypt_info enc;
1275 struct smp_cmd_master_ident ident;
1276 struct smp_ltk *ltk;
1277 u8 authenticated;
1278 __le16 ediv;
1279 __le64 rand;
1280
Johan Hedberg1fc62c52015-06-10 11:11:20 +03001281 /* Make sure we generate only the significant amount of
1282 * bytes based on the encryption key size, and set the rest
1283 * of the value to zeroes.
1284 */
1285 get_random_bytes(enc.ltk, smp->enc_key_size);
1286 memset(enc.ltk + smp->enc_key_size, 0,
1287 sizeof(enc.ltk) - smp->enc_key_size);
1288
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001289 get_random_bytes(&ediv, sizeof(ediv));
1290 get_random_bytes(&rand, sizeof(rand));
1291
1292 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1293
1294 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1295 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1296 SMP_LTK_SLAVE, authenticated, enc.ltk,
1297 smp->enc_key_size, ediv, rand);
1298 smp->slave_ltk = ltk;
1299
1300 ident.ediv = ediv;
1301 ident.rand = rand;
1302
1303 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1304
1305 *keydist &= ~SMP_DIST_ENC_KEY;
1306 }
1307
1308 if (*keydist & SMP_DIST_ID_KEY) {
1309 struct smp_cmd_ident_addr_info addrinfo;
1310 struct smp_cmd_ident_info idinfo;
1311
1312 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1313
1314 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1315
1316 /* The hci_conn contains the local identity address
1317 * after the connection has been established.
1318 *
1319 * This is true even when the connection has been
1320 * established using a resolvable random address.
1321 */
1322 bacpy(&addrinfo.bdaddr, &hcon->src);
1323 addrinfo.addr_type = hcon->src_type;
1324
1325 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1326 &addrinfo);
1327
1328 *keydist &= ~SMP_DIST_ID_KEY;
1329 }
1330
1331 if (*keydist & SMP_DIST_SIGN) {
1332 struct smp_cmd_sign_info sign;
1333 struct smp_csrk *csrk;
1334
1335 /* Generate a new random key */
1336 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1337
1338 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1339 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02001340 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1341 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1342 else
1343 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001344 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1345 }
1346 smp->slave_csrk = csrk;
1347
1348 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1349
1350 *keydist &= ~SMP_DIST_SIGN;
1351 }
1352
1353 /* If there are still keys to be received wait for them */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001354 if (smp->remote_key_dist & KEY_DIST_MASK) {
1355 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001356 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001357 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001358
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001359 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1360 smp_notify_keys(conn);
1361
1362 smp_chan_destroy(conn);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001363}
1364
Johan Hedbergb68fda62014-08-11 22:06:40 +03001365static void smp_timeout(struct work_struct *work)
1366{
1367 struct smp_chan *smp = container_of(work, struct smp_chan,
1368 security_timer.work);
1369 struct l2cap_conn *conn = smp->conn;
1370
1371 BT_DBG("conn %p", conn);
1372
Johan Hedberg1e91c292014-08-18 20:33:29 +03001373 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
Johan Hedbergb68fda62014-08-11 22:06:40 +03001374}
1375
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001376static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1377{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001378 struct l2cap_chan *chan = conn->smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001379 struct smp_chan *smp;
1380
Marcel Holtmannf1560462013-10-13 05:43:25 -07001381 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001382 if (!smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001383 return NULL;
1384
Johan Hedberg6a7bd102014-06-27 14:23:03 +03001385 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1386 if (IS_ERR(smp->tfm_aes)) {
1387 BT_ERR("Unable to create ECB crypto context");
Marcel Holtmann276812e2015-03-16 01:10:18 -07001388 kzfree(smp);
Johan Hedberg6a7bd102014-06-27 14:23:03 +03001389 return NULL;
1390 }
1391
Johan Hedberg407cecf2014-05-02 14:19:47 +03001392 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1393 if (IS_ERR(smp->tfm_cmac)) {
1394 BT_ERR("Unable to create CMAC crypto context");
1395 crypto_free_blkcipher(smp->tfm_aes);
Marcel Holtmann276812e2015-03-16 01:10:18 -07001396 kzfree(smp);
Johan Hedberg407cecf2014-05-02 14:19:47 +03001397 return NULL;
1398 }
1399
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001400 smp->conn = conn;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001401 chan->data = smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001402
Johan Hedbergb28b4942014-09-05 22:19:55 +03001403 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1404
Johan Hedbergb68fda62014-08-11 22:06:40 +03001405 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1406
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001407 hci_conn_hold(conn->hcon);
1408
1409 return smp;
1410}
1411
Johan Hedberg760b0182014-06-06 11:44:05 +03001412static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1413{
1414 struct hci_conn *hcon = smp->conn->hcon;
1415 u8 *na, *nb, a[7], b[7];
1416
1417 if (hcon->out) {
1418 na = smp->prnd;
1419 nb = smp->rrnd;
1420 } else {
1421 na = smp->rrnd;
1422 nb = smp->prnd;
1423 }
1424
1425 memcpy(a, &hcon->init_addr, 6);
1426 memcpy(b, &hcon->resp_addr, 6);
1427 a[6] = hcon->init_addr_type;
1428 b[6] = hcon->resp_addr_type;
1429
1430 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1431}
1432
Johan Hedberg38606f12014-06-25 11:10:28 +03001433static void sc_dhkey_check(struct smp_chan *smp)
Johan Hedberg760b0182014-06-06 11:44:05 +03001434{
1435 struct hci_conn *hcon = smp->conn->hcon;
1436 struct smp_cmd_dhkey_check check;
1437 u8 a[7], b[7], *local_addr, *remote_addr;
1438 u8 io_cap[3], r[16];
1439
Johan Hedberg760b0182014-06-06 11:44:05 +03001440 memcpy(a, &hcon->init_addr, 6);
1441 memcpy(b, &hcon->resp_addr, 6);
1442 a[6] = hcon->init_addr_type;
1443 b[6] = hcon->resp_addr_type;
1444
1445 if (hcon->out) {
1446 local_addr = a;
1447 remote_addr = b;
1448 memcpy(io_cap, &smp->preq[1], 3);
1449 } else {
1450 local_addr = b;
1451 remote_addr = a;
1452 memcpy(io_cap, &smp->prsp[1], 3);
1453 }
1454
Johan Hedbergdddd3052014-06-01 15:38:09 +03001455 memset(r, 0, sizeof(r));
1456
1457 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
Johan Hedberg38606f12014-06-25 11:10:28 +03001458 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg760b0182014-06-06 11:44:05 +03001459
Johan Hedberga29b0732014-10-28 15:17:05 +01001460 if (smp->method == REQ_OOB)
1461 memcpy(r, smp->rr, 16);
1462
Johan Hedberg760b0182014-06-06 11:44:05 +03001463 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1464 local_addr, remote_addr, check.e);
1465
1466 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
Johan Hedbergdddd3052014-06-01 15:38:09 +03001467}
1468
Johan Hedberg38606f12014-06-25 11:10:28 +03001469static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1470{
1471 struct l2cap_conn *conn = smp->conn;
1472 struct hci_conn *hcon = conn->hcon;
1473 struct smp_cmd_pairing_confirm cfm;
1474 u8 r;
1475
1476 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1477 r |= 0x80;
1478
1479 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1480
1481 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1482 cfm.confirm_val))
1483 return SMP_UNSPECIFIED;
1484
1485 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1486
1487 return 0;
1488}
1489
1490static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1491{
1492 struct l2cap_conn *conn = smp->conn;
1493 struct hci_conn *hcon = conn->hcon;
1494 struct hci_dev *hdev = hcon->hdev;
1495 u8 cfm[16], r;
1496
1497 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1498 if (smp->passkey_round >= 20)
1499 return 0;
1500
1501 switch (smp_op) {
1502 case SMP_CMD_PAIRING_RANDOM:
1503 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1504 r |= 0x80;
1505
1506 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1507 smp->rrnd, r, cfm))
1508 return SMP_UNSPECIFIED;
1509
1510 if (memcmp(smp->pcnf, cfm, 16))
1511 return SMP_CONFIRM_FAILED;
1512
1513 smp->passkey_round++;
1514
1515 if (smp->passkey_round == 20) {
1516 /* Generate MacKey and LTK */
1517 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1518 return SMP_UNSPECIFIED;
1519 }
1520
1521 /* The round is only complete when the initiator
1522 * receives pairing random.
1523 */
1524 if (!hcon->out) {
1525 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1526 sizeof(smp->prnd), smp->prnd);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001527 if (smp->passkey_round == 20)
Johan Hedberg38606f12014-06-25 11:10:28 +03001528 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001529 else
Johan Hedberg38606f12014-06-25 11:10:28 +03001530 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
Johan Hedberg38606f12014-06-25 11:10:28 +03001531 return 0;
1532 }
1533
1534 /* Start the next round */
1535 if (smp->passkey_round != 20)
1536 return sc_passkey_round(smp, 0);
1537
1538 /* Passkey rounds are complete - start DHKey Check */
1539 sc_dhkey_check(smp);
1540 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1541
1542 break;
1543
1544 case SMP_CMD_PAIRING_CONFIRM:
1545 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1546 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1547 return 0;
1548 }
1549
1550 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1551
1552 if (hcon->out) {
1553 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1554 sizeof(smp->prnd), smp->prnd);
1555 return 0;
1556 }
1557
1558 return sc_passkey_send_confirm(smp);
1559
1560 case SMP_CMD_PUBLIC_KEY:
1561 default:
1562 /* Initiating device starts the round */
1563 if (!hcon->out)
1564 return 0;
1565
1566 BT_DBG("%s Starting passkey round %u", hdev->name,
1567 smp->passkey_round + 1);
1568
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1570
1571 return sc_passkey_send_confirm(smp);
1572 }
1573
1574 return 0;
1575}
1576
Johan Hedbergdddd3052014-06-01 15:38:09 +03001577static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1578{
Johan Hedberg38606f12014-06-25 11:10:28 +03001579 struct l2cap_conn *conn = smp->conn;
1580 struct hci_conn *hcon = conn->hcon;
1581 u8 smp_op;
1582
1583 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1584
Johan Hedbergdddd3052014-06-01 15:38:09 +03001585 switch (mgmt_op) {
1586 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1587 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1588 return 0;
1589 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1590 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1591 return 0;
Johan Hedberg38606f12014-06-25 11:10:28 +03001592 case MGMT_OP_USER_PASSKEY_REPLY:
1593 hcon->passkey_notify = le32_to_cpu(passkey);
1594 smp->passkey_round = 0;
1595
1596 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1597 smp_op = SMP_CMD_PAIRING_CONFIRM;
1598 else
1599 smp_op = 0;
1600
1601 if (sc_passkey_round(smp, smp_op))
1602 return -EIO;
1603
1604 return 0;
Johan Hedbergdddd3052014-06-01 15:38:09 +03001605 }
1606
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001607 /* Initiator sends DHKey check first */
1608 if (hcon->out) {
1609 sc_dhkey_check(smp);
1610 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1611 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1612 sc_dhkey_check(smp);
1613 sc_add_ltk(smp);
1614 }
Johan Hedberg760b0182014-06-06 11:44:05 +03001615
1616 return 0;
1617}
1618
Brian Gix2b64d152011-12-21 16:12:12 -08001619int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1620{
Johan Hedbergb10e8012014-06-27 14:23:07 +03001621 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001622 struct l2cap_chan *chan;
Brian Gix2b64d152011-12-21 16:12:12 -08001623 struct smp_chan *smp;
1624 u32 value;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001625 int err;
Brian Gix2b64d152011-12-21 16:12:12 -08001626
1627 BT_DBG("");
1628
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001629 if (!conn)
Brian Gix2b64d152011-12-21 16:12:12 -08001630 return -ENOTCONN;
1631
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001632 chan = conn->smp;
1633 if (!chan)
1634 return -ENOTCONN;
1635
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001636 l2cap_chan_lock(chan);
1637 if (!chan->data) {
1638 err = -ENOTCONN;
1639 goto unlock;
1640 }
1641
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001642 smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -08001643
Johan Hedberg760b0182014-06-06 11:44:05 +03001644 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1645 err = sc_user_reply(smp, mgmt_op, passkey);
1646 goto unlock;
1647 }
1648
Brian Gix2b64d152011-12-21 16:12:12 -08001649 switch (mgmt_op) {
1650 case MGMT_OP_USER_PASSKEY_REPLY:
1651 value = le32_to_cpu(passkey);
Johan Hedberg943a7322014-03-18 12:58:24 +02001652 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -08001653 BT_DBG("PassKey: %d", value);
Johan Hedberg943a7322014-03-18 12:58:24 +02001654 put_unaligned_le32(value, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -08001655 /* Fall Through */
1656 case MGMT_OP_USER_CONFIRM_REPLY:
Johan Hedberg4a74d652014-05-20 09:45:50 +03001657 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001658 break;
1659 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1660 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
Johan Hedberg84794e12013-11-06 11:24:57 +02001661 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001662 err = 0;
1663 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001664 default:
Johan Hedberg84794e12013-11-06 11:24:57 +02001665 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001666 err = -EOPNOTSUPP;
1667 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001668 }
1669
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001670 err = 0;
1671
Brian Gix2b64d152011-12-21 16:12:12 -08001672 /* If it is our turn to send Pairing Confirm, do so now */
Johan Hedberg1cc61142014-05-20 09:45:52 +03001673 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1674 u8 rsp = smp_confirm(smp);
1675 if (rsp)
1676 smp_failure(conn, rsp);
1677 }
Brian Gix2b64d152011-12-21 16:12:12 -08001678
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001679unlock:
1680 l2cap_chan_unlock(chan);
1681 return err;
Brian Gix2b64d152011-12-21 16:12:12 -08001682}
1683
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001684static void build_bredr_pairing_cmd(struct smp_chan *smp,
1685 struct smp_cmd_pairing *req,
1686 struct smp_cmd_pairing *rsp)
1687{
1688 struct l2cap_conn *conn = smp->conn;
1689 struct hci_dev *hdev = conn->hcon->hdev;
1690 u8 local_dist = 0, remote_dist = 0;
1691
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001692 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001693 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1694 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1695 }
1696
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001697 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001698 remote_dist |= SMP_DIST_ID_KEY;
1699
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001700 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001701 local_dist |= SMP_DIST_ID_KEY;
1702
1703 if (!rsp) {
1704 memset(req, 0, sizeof(*req));
1705
1706 req->init_key_dist = local_dist;
1707 req->resp_key_dist = remote_dist;
Johan Hedberge3f6a252015-06-11 13:52:30 +03001708 req->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001709
1710 smp->remote_key_dist = remote_dist;
1711
1712 return;
1713 }
1714
1715 memset(rsp, 0, sizeof(*rsp));
1716
Johan Hedberge3f6a252015-06-11 13:52:30 +03001717 rsp->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001718 rsp->init_key_dist = req->init_key_dist & remote_dist;
1719 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1720
1721 smp->remote_key_dist = rsp->init_key_dist;
1722}
1723
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001724static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001725{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001726 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001727 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb3c64102014-07-10 11:02:07 +03001728 struct hci_dev *hdev = conn->hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001729 struct smp_chan *smp;
Johan Hedbergc7262e72014-06-17 13:07:37 +03001730 u8 key_size, auth, sec_level;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001731 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001732
1733 BT_DBG("conn %p", conn);
1734
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001735 if (skb->len < sizeof(*req))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001736 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001737
Johan Hedberg40bef302014-07-16 11:42:27 +03001738 if (conn->hcon->role != HCI_ROLE_SLAVE)
Brian Gix2b64d152011-12-21 16:12:12 -08001739 return SMP_CMD_NOTSUPP;
1740
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001741 if (!chan->data)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001742 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001743 else
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001744 smp = chan->data;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001745
Andrei Emeltchenkod08fd0e2012-07-19 17:03:43 +03001746 if (!smp)
1747 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001748
Johan Hedbergc05b9332014-09-10 17:37:42 -07001749 /* We didn't start the pairing, so match remote */
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001750 auth = req->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001751
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001752 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07001753 (auth & SMP_AUTH_BONDING))
Johan Hedbergb3c64102014-07-10 11:02:07 +03001754 return SMP_PAIRING_NOTSUPP;
1755
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001756 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001757 return SMP_AUTH_REQUIREMENTS;
1758
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001759 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1760 memcpy(&smp->preq[1], req, sizeof(*req));
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001761 skb_pull(skb, sizeof(*req));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001762
Johan Hedbergcb06d362015-03-16 21:12:34 +02001763 /* If the remote side's OOB flag is set it means it has
1764 * successfully received our local OOB data - therefore set the
1765 * flag to indicate that local OOB is in use.
1766 */
Johan Hedberg58428562015-03-16 11:45:45 +02001767 if (req->oob_flag == SMP_OOB_PRESENT)
1768 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1769
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001770 /* SMP over BR/EDR requires special treatment */
1771 if (conn->hcon->type == ACL_LINK) {
1772 /* We must have a BR/EDR SC link */
Marcel Holtmann08f63cc2014-12-07 16:19:12 +01001773 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07001774 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001775 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1776
1777 set_bit(SMP_FLAG_SC, &smp->flags);
1778
1779 build_bredr_pairing_cmd(smp, req, &rsp);
1780
1781 key_size = min(req->max_key_size, rsp.max_key_size);
1782 if (check_enc_key_size(conn, key_size))
1783 return SMP_ENC_KEY_SIZE;
1784
1785 /* Clear bits which are generated but not distributed */
1786 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1787
1788 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1789 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1790 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1791
1792 smp_distribute_keys(smp);
1793 return 0;
1794 }
1795
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03001796 build_pairing_cmd(conn, req, &rsp, auth);
1797
1798 if (rsp.auth_req & SMP_AUTH_SC)
1799 set_bit(SMP_FLAG_SC, &smp->flags);
1800
Johan Hedberg5be5e272014-09-10 17:58:54 -07001801 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07001802 sec_level = BT_SECURITY_MEDIUM;
1803 else
1804 sec_level = authreq_to_seclevel(auth);
1805
Johan Hedbergc7262e72014-06-17 13:07:37 +03001806 if (sec_level > conn->hcon->pending_sec_level)
1807 conn->hcon->pending_sec_level = sec_level;
Ido Yarivfdde0a22012-03-05 20:09:38 +02001808
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001809 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001810 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1811 u8 method;
1812
1813 method = get_auth_method(smp, conn->hcon->io_capability,
1814 req->io_capability);
1815 if (method == JUST_WORKS || method == JUST_CFM)
1816 return SMP_AUTH_REQUIREMENTS;
1817 }
1818
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001819 key_size = min(req->max_key_size, rsp.max_key_size);
1820 if (check_enc_key_size(conn, key_size))
1821 return SMP_ENC_KEY_SIZE;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001822
Johan Hedberge84a6b12013-12-02 10:49:03 +02001823 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001824
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001825 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1826 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001827
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001828 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
Johan Hedberg3b191462014-06-06 10:50:15 +03001829
1830 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1831
Johan Hedberg19c5ce92015-03-15 19:34:04 +02001832 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1833 * SC case, however some implementations incorrectly copy RFU auth
1834 * req bits from our security request, which may create a false
1835 * positive SC enablement.
1836 */
1837 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1838
Johan Hedberg3b191462014-06-06 10:50:15 +03001839 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1840 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1841 /* Clear bits which are generated but not distributed */
1842 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1843 /* Wait for Public Key from Initiating Device */
1844 return 0;
Johan Hedberg3b191462014-06-06 10:50:15 +03001845 }
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001846
Brian Gix2b64d152011-12-21 16:12:12 -08001847 /* Request setup of TK */
1848 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1849 if (ret)
1850 return SMP_UNSPECIFIED;
1851
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001852 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001853}
1854
Johan Hedberg3b191462014-06-06 10:50:15 +03001855static u8 sc_send_public_key(struct smp_chan *smp)
1856{
Johan Hedberg70157ef2014-06-24 15:22:59 +03001857 struct hci_dev *hdev = smp->conn->hcon->hdev;
1858
Johan Hedberg3b191462014-06-06 10:50:15 +03001859 BT_DBG("");
1860
Johan Hedberg1a8bab42015-03-16 11:45:44 +02001861 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001862 struct l2cap_chan *chan = hdev->smp_data;
1863 struct smp_dev *smp_dev;
1864
1865 if (!chan || !chan->data)
1866 return SMP_UNSPECIFIED;
1867
1868 smp_dev = chan->data;
1869
1870 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1871 memcpy(smp->local_sk, smp_dev->local_sk, 32);
Marcel Holtmannfb334fe2015-03-16 12:34:57 -07001872 memcpy(smp->lr, smp_dev->local_rand, 16);
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001873
1874 if (smp_dev->debug_key)
1875 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1876
1877 goto done;
1878 }
1879
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001880 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
Johan Hedberg70157ef2014-06-24 15:22:59 +03001881 BT_DBG("Using debug keys");
1882 memcpy(smp->local_pk, debug_pk, 64);
1883 memcpy(smp->local_sk, debug_sk, 32);
1884 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1885 } else {
1886 while (true) {
1887 /* Generate local key pair for Secure Connections */
1888 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1889 return SMP_UNSPECIFIED;
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001890
Johan Hedberg70157ef2014-06-24 15:22:59 +03001891 /* This is unlikely, but we need to check that
1892 * we didn't accidentially generate a debug key.
1893 */
1894 if (memcmp(smp->local_sk, debug_sk, 32))
1895 break;
1896 }
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001897 }
Johan Hedberg3b191462014-06-06 10:50:15 +03001898
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001899done:
Johan Hedbergc7a3d572014-12-01 22:03:16 +02001900 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
Marcel Holtmann8e4e2ee2015-03-16 01:10:25 -07001901 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
Johan Hedbergc7a3d572014-12-01 22:03:16 +02001902 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
Johan Hedberg3b191462014-06-06 10:50:15 +03001903
1904 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1905
1906 return 0;
1907}
1908
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001909static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001910{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001911 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001912 struct l2cap_chan *chan = conn->smp;
1913 struct smp_chan *smp = chan->data;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001914 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg3a7dbfb2014-09-10 17:37:41 -07001915 u8 key_size, auth;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001916 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001917
1918 BT_DBG("conn %p", conn);
1919
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001920 if (skb->len < sizeof(*rsp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001921 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001922
Johan Hedberg40bef302014-07-16 11:42:27 +03001923 if (conn->hcon->role != HCI_ROLE_MASTER)
Brian Gix2b64d152011-12-21 16:12:12 -08001924 return SMP_CMD_NOTSUPP;
1925
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001926 skb_pull(skb, sizeof(*rsp));
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001927
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001928 req = (void *) &smp->preq[1];
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001929
1930 key_size = min(req->max_key_size, rsp->max_key_size);
1931 if (check_enc_key_size(conn, key_size))
1932 return SMP_ENC_KEY_SIZE;
1933
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001934 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001935
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001936 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001937 return SMP_AUTH_REQUIREMENTS;
1938
Johan Hedbergcb06d362015-03-16 21:12:34 +02001939 /* If the remote side's OOB flag is set it means it has
1940 * successfully received our local OOB data - therefore set the
1941 * flag to indicate that local OOB is in use.
1942 */
Johan Hedberg58428562015-03-16 11:45:45 +02001943 if (rsp->oob_flag == SMP_OOB_PRESENT)
1944 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1945
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001946 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1947 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1948
1949 /* Update remote key distribution in case the remote cleared
1950 * some bits that we had enabled in our request.
1951 */
1952 smp->remote_key_dist &= rsp->resp_key_dist;
1953
1954 /* For BR/EDR this means we're done and can start phase 3 */
1955 if (conn->hcon->type == ACL_LINK) {
1956 /* Clear bits which are generated but not distributed */
1957 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1958 smp_distribute_keys(smp);
1959 return 0;
1960 }
1961
Johan Hedberg65668772014-05-16 11:03:34 +03001962 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1963 set_bit(SMP_FLAG_SC, &smp->flags);
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03001964 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1965 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
Johan Hedberg65668772014-05-16 11:03:34 +03001966
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001967 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001968 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1969 u8 method;
1970
1971 method = get_auth_method(smp, req->io_capability,
1972 rsp->io_capability);
1973 if (method == JUST_WORKS || method == JUST_CFM)
1974 return SMP_AUTH_REQUIREMENTS;
1975 }
1976
Johan Hedberge84a6b12013-12-02 10:49:03 +02001977 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001978
Johan Hedbergfdcc4be2014-03-14 10:53:50 +02001979 /* Update remote key distribution in case the remote cleared
1980 * some bits that we had enabled in our request.
1981 */
1982 smp->remote_key_dist &= rsp->resp_key_dist;
1983
Johan Hedberg3b191462014-06-06 10:50:15 +03001984 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1985 /* Clear bits which are generated but not distributed */
1986 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1987 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1988 return sc_send_public_key(smp);
1989 }
1990
Johan Hedbergc05b9332014-09-10 17:37:42 -07001991 auth |= req->auth_req;
Brian Gix2b64d152011-12-21 16:12:12 -08001992
Johan Hedberg476585e2012-06-06 18:54:15 +08001993 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
Brian Gix2b64d152011-12-21 16:12:12 -08001994 if (ret)
1995 return SMP_UNSPECIFIED;
1996
Johan Hedberg4a74d652014-05-20 09:45:50 +03001997 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001998
1999 /* Can't compose response until we have been confirmed */
Johan Hedberg4a74d652014-05-20 09:45:50 +03002000 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03002001 return smp_confirm(smp);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002002
2003 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002004}
2005
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002006static u8 sc_check_confirm(struct smp_chan *smp)
2007{
2008 struct l2cap_conn *conn = smp->conn;
2009
2010 BT_DBG("");
2011
Johan Hedberg38606f12014-06-25 11:10:28 +03002012 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2013 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2014
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002015 if (conn->hcon->out) {
2016 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2017 smp->prnd);
2018 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2019 }
2020
2021 return 0;
2022}
2023
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002024/* Work-around for some implementations that incorrectly copy RFU bits
2025 * from our security request and thereby create the impression that
2026 * we're doing SC when in fact the remote doesn't support it.
2027 */
2028static int fixup_sc_false_positive(struct smp_chan *smp)
2029{
2030 struct l2cap_conn *conn = smp->conn;
2031 struct hci_conn *hcon = conn->hcon;
2032 struct hci_dev *hdev = hcon->hdev;
2033 struct smp_cmd_pairing *req, *rsp;
2034 u8 auth;
2035
2036 /* The issue is only observed when we're in slave role */
2037 if (hcon->out)
2038 return SMP_UNSPECIFIED;
2039
2040 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2041 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2042 return SMP_UNSPECIFIED;
2043 }
2044
2045 BT_ERR("Trying to fall back to legacy SMP");
2046
2047 req = (void *) &smp->preq[1];
2048 rsp = (void *) &smp->prsp[1];
2049
2050 /* Rebuild key dist flags which may have been cleared for SC */
2051 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2052
2053 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2054
2055 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2056 BT_ERR("Failed to fall back to legacy SMP");
2057 return SMP_UNSPECIFIED;
2058 }
2059
2060 clear_bit(SMP_FLAG_SC, &smp->flags);
2061
2062 return 0;
2063}
2064
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002065static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002066{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002067 struct l2cap_chan *chan = conn->smp;
2068 struct smp_chan *smp = chan->data;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002069
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002070 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2071
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002072 if (skb->len < sizeof(smp->pcnf))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002073 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002074
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002075 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2076 skb_pull(skb, sizeof(smp->pcnf));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002077
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002078 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2079 int ret;
2080
2081 /* Public Key exchange must happen before any other steps */
2082 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2083 return sc_check_confirm(smp);
2084
2085 BT_ERR("Unexpected SMP Pairing Confirm");
2086
2087 ret = fixup_sc_false_positive(smp);
2088 if (ret)
2089 return ret;
2090 }
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002091
Johan Hedbergb28b4942014-09-05 22:19:55 +03002092 if (conn->hcon->out) {
Johan Hedberg943a7322014-03-18 12:58:24 +02002093 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2094 smp->prnd);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002095 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2096 return 0;
2097 }
2098
2099 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03002100 return smp_confirm(smp);
Marcel Holtmann983f9812015-03-11 17:47:40 -07002101
2102 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002103
2104 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002105}
2106
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002107static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002108{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002109 struct l2cap_chan *chan = conn->smp;
2110 struct smp_chan *smp = chan->data;
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002111 struct hci_conn *hcon = conn->hcon;
2112 u8 *pkax, *pkbx, *na, *nb;
2113 u32 passkey;
2114 int err;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002115
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002116 BT_DBG("conn %p", conn);
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002117
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002118 if (skb->len < sizeof(smp->rrnd))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002119 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002120
Johan Hedberg943a7322014-03-18 12:58:24 +02002121 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002122 skb_pull(skb, sizeof(smp->rrnd));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002123
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002124 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2125 return smp_random(smp);
2126
Johan Hedberg580039e2014-12-03 16:26:37 +02002127 if (hcon->out) {
2128 pkax = smp->local_pk;
2129 pkbx = smp->remote_pk;
2130 na = smp->prnd;
2131 nb = smp->rrnd;
2132 } else {
2133 pkax = smp->remote_pk;
2134 pkbx = smp->local_pk;
2135 na = smp->rrnd;
2136 nb = smp->prnd;
2137 }
2138
Johan Hedberga29b0732014-10-28 15:17:05 +01002139 if (smp->method == REQ_OOB) {
2140 if (!hcon->out)
2141 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2142 sizeof(smp->prnd), smp->prnd);
2143 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2144 goto mackey_and_ltk;
2145 }
2146
Johan Hedberg38606f12014-06-25 11:10:28 +03002147 /* Passkey entry has special treatment */
2148 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2149 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2150
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002151 if (hcon->out) {
2152 u8 cfm[16];
2153
2154 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2155 smp->rrnd, 0, cfm);
2156 if (err)
2157 return SMP_UNSPECIFIED;
2158
2159 if (memcmp(smp->pcnf, cfm, 16))
2160 return SMP_CONFIRM_FAILED;
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002161 } else {
2162 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2163 smp->prnd);
2164 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002165 }
2166
Johan Hedberga29b0732014-10-28 15:17:05 +01002167mackey_and_ltk:
Johan Hedberg760b0182014-06-06 11:44:05 +03002168 /* Generate MacKey and LTK */
2169 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2170 if (err)
2171 return SMP_UNSPECIFIED;
2172
Johan Hedberga29b0732014-10-28 15:17:05 +01002173 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
Johan Hedbergdddd3052014-06-01 15:38:09 +03002174 if (hcon->out) {
Johan Hedberg38606f12014-06-25 11:10:28 +03002175 sc_dhkey_check(smp);
Johan Hedbergdddd3052014-06-01 15:38:09 +03002176 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2177 }
2178 return 0;
2179 }
2180
Johan Hedberg38606f12014-06-25 11:10:28 +03002181 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002182 if (err)
2183 return SMP_UNSPECIFIED;
2184
Johan Hedberg38606f12014-06-25 11:10:28 +03002185 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2186 hcon->dst_type, passkey, 0);
2187 if (err)
2188 return SMP_UNSPECIFIED;
2189
2190 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2191
Johan Hedberg191dc7f2014-06-06 11:39:49 +03002192 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002193}
2194
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002195static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002196{
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002197 struct smp_ltk *key;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002198 struct hci_conn *hcon = conn->hcon;
2199
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002200 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002201 if (!key)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002202 return false;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002203
Johan Hedberga6f78332014-09-10 17:37:45 -07002204 if (smp_ltk_sec_level(key) < sec_level)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002205 return false;
Johan Hedberg4dab7862012-06-07 14:58:37 +08002206
Johan Hedberg51a8efd2012-01-16 06:10:31 +02002207 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002208 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002209
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002210 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002211 hcon->enc_key_size = key->enc_size;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002212
Johan Hedbergfe59a052014-07-01 19:14:12 +03002213 /* We never store STKs for master role, so clear this flag */
2214 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2215
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002216 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002217}
Marcel Holtmannf1560462013-10-13 05:43:25 -07002218
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002219bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2220 enum smp_key_pref key_pref)
Johan Hedberg854f4722014-07-01 18:40:20 +03002221{
2222 if (sec_level == BT_SECURITY_LOW)
2223 return true;
2224
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002225 /* If we're encrypted with an STK but the caller prefers using
2226 * LTK claim insufficient security. This way we allow the
2227 * connection to be re-encrypted with an LTK, even if the LTK
2228 * provides the same level of security. Only exception is if we
2229 * don't have an LTK (e.g. because of key distribution bits).
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002230 */
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002231 if (key_pref == SMP_USE_LTK &&
2232 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002233 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002234 return false;
2235
Johan Hedberg854f4722014-07-01 18:40:20 +03002236 if (hcon->sec_level >= sec_level)
2237 return true;
2238
2239 return false;
2240}
2241
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002242static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002243{
2244 struct smp_cmd_security_req *rp = (void *) skb->data;
2245 struct smp_cmd_pairing cp;
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002246 struct hci_conn *hcon = conn->hcon;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002247 struct hci_dev *hdev = hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002248 struct smp_chan *smp;
Johan Hedbergc05b9332014-09-10 17:37:42 -07002249 u8 sec_level, auth;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002250
2251 BT_DBG("conn %p", conn);
2252
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002253 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002254 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002255
Johan Hedberg40bef302014-07-16 11:42:27 +03002256 if (hcon->role != HCI_ROLE_MASTER)
Johan Hedberg86ca9ea2013-11-05 11:30:39 +02002257 return SMP_CMD_NOTSUPP;
2258
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002259 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07002260
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002261 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07002262 return SMP_AUTH_REQUIREMENTS;
2263
Johan Hedberg5be5e272014-09-10 17:58:54 -07002264 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07002265 sec_level = BT_SECURITY_MEDIUM;
2266 else
2267 sec_level = authreq_to_seclevel(auth);
2268
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002269 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Johan Hedberg854f4722014-07-01 18:40:20 +03002270 return 0;
2271
Johan Hedbergc7262e72014-06-17 13:07:37 +03002272 if (sec_level > hcon->pending_sec_level)
2273 hcon->pending_sec_level = sec_level;
Vinicius Costa Gomesfeb45eb2011-08-25 20:02:35 -03002274
Johan Hedberg4dab7862012-06-07 14:58:37 +08002275 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002276 return 0;
2277
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002278 smp = smp_chan_create(conn);
Johan Hedbergc29d2442014-06-16 19:25:14 +03002279 if (!smp)
2280 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002281
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002282 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07002283 (auth & SMP_AUTH_BONDING))
Johan Hedberg616d55b2014-07-29 14:18:48 +03002284 return SMP_PAIRING_NOTSUPP;
2285
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002286 skb_pull(skb, sizeof(*rp));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002287
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002288 memset(&cp, 0, sizeof(cp));
Johan Hedbergc05b9332014-09-10 17:37:42 -07002289 build_pairing_cmd(conn, &cp, NULL, auth);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002290
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002291 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2292 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002293
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002294 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002295 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002296
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002297 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002298}
2299
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002300int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002301{
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002302 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedbergc68b7f12014-09-06 06:59:10 +03002303 struct l2cap_chan *chan;
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002304 struct smp_chan *smp;
Brian Gix2b64d152011-12-21 16:12:12 -08002305 __u8 authreq;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002306 int ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002307
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002308 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2309
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002310 /* This may be NULL if there's an unexpected disconnection */
2311 if (!conn)
2312 return 1;
2313
Johan Hedbergc68b7f12014-09-06 06:59:10 +03002314 chan = conn->smp;
Johan Hedberg25ba2652015-07-20 20:31:25 +03002315 if (!chan) {
2316 BT_ERR("SMP security requested but not available");
2317 return 1;
2318 }
Johan Hedbergc68b7f12014-09-06 06:59:10 +03002319
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002320 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002321 return 1;
2322
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002323 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002324 return 1;
2325
Johan Hedbergc7262e72014-06-17 13:07:37 +03002326 if (sec_level > hcon->pending_sec_level)
2327 hcon->pending_sec_level = sec_level;
2328
Johan Hedberg40bef302014-07-16 11:42:27 +03002329 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedbergc7262e72014-06-17 13:07:37 +03002330 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2331 return 0;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002332
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002333 l2cap_chan_lock(chan);
2334
2335 /* If SMP is already in progress ignore this request */
2336 if (chan->data) {
2337 ret = 0;
2338 goto unlock;
2339 }
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002340
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002341 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002342 if (!smp) {
2343 ret = 1;
2344 goto unlock;
2345 }
Brian Gix2b64d152011-12-21 16:12:12 -08002346
2347 authreq = seclevel_to_authreq(sec_level);
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002348
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002349 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03002350 authreq |= SMP_AUTH_SC;
2351
Johan Hedberg79897d22014-06-01 09:45:24 +03002352 /* Require MITM if IO Capability allows or the security level
2353 * requires it.
Johan Hedberg2e233642014-03-18 15:42:30 +02002354 */
Johan Hedberg79897d22014-06-01 09:45:24 +03002355 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
Johan Hedbergc7262e72014-06-17 13:07:37 +03002356 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
Johan Hedberg2e233642014-03-18 15:42:30 +02002357 authreq |= SMP_AUTH_MITM;
2358
Johan Hedberg40bef302014-07-16 11:42:27 +03002359 if (hcon->role == HCI_ROLE_MASTER) {
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002360 struct smp_cmd_pairing cp;
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002361
Brian Gix2b64d152011-12-21 16:12:12 -08002362 build_pairing_cmd(conn, &cp, NULL, authreq);
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002363 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2364 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002365
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002366 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002367 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002368 } else {
2369 struct smp_cmd_security_req cp;
Brian Gix2b64d152011-12-21 16:12:12 -08002370 cp.auth_req = authreq;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002371 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002372 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002373 }
2374
Johan Hedberg4a74d652014-05-20 09:45:50 +03002375 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002376 ret = 0;
Johan Hedbergedca7922014-03-24 15:54:11 +02002377
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002378unlock:
2379 l2cap_chan_unlock(chan);
2380 return ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002381}
2382
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002383static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2384{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002385 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002386 struct l2cap_chan *chan = conn->smp;
2387 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002388
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002389 BT_DBG("conn %p", conn);
2390
2391 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002392 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002393
Johan Hedbergb28b4942014-09-05 22:19:55 +03002394 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002395
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002396 skb_pull(skb, sizeof(*rp));
2397
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002398 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002399
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002400 return 0;
2401}
2402
2403static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2404{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002405 struct smp_cmd_master_ident *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002406 struct l2cap_chan *chan = conn->smp;
2407 struct smp_chan *smp = chan->data;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002408 struct hci_dev *hdev = conn->hcon->hdev;
2409 struct hci_conn *hcon = conn->hcon;
Johan Hedberg23d0e122014-02-19 14:57:46 +02002410 struct smp_ltk *ltk;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002411 u8 authenticated;
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002412
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002413 BT_DBG("conn %p", conn);
2414
2415 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002416 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002417
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002418 /* Mark the information as received */
2419 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2420
Johan Hedbergb28b4942014-09-05 22:19:55 +03002421 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2422 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
Johan Hedberg196332f2014-09-09 16:21:46 -07002423 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2424 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002425
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002426 skb_pull(skb, sizeof(*rp));
2427
Marcel Holtmannce39fb42013-10-13 02:23:39 -07002428 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
Johan Hedberg2ceba532014-06-16 19:25:16 +03002429 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
Johan Hedberg23d0e122014-02-19 14:57:46 +02002430 authenticated, smp->tk, smp->enc_key_size,
2431 rp->ediv, rp->rand);
2432 smp->ltk = ltk;
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002433 if (!(smp->remote_key_dist & KEY_DIST_MASK))
Johan Hedbergd6268e82014-09-05 22:19:51 +03002434 smp_distribute_keys(smp);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002435
2436 return 0;
2437}
2438
Johan Hedbergfd349c02014-02-18 10:19:36 +02002439static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2440{
2441 struct smp_cmd_ident_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002442 struct l2cap_chan *chan = conn->smp;
2443 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002444
2445 BT_DBG("");
2446
2447 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002448 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002449
Johan Hedbergb28b4942014-09-05 22:19:55 +03002450 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002451
Johan Hedbergfd349c02014-02-18 10:19:36 +02002452 skb_pull(skb, sizeof(*info));
2453
2454 memcpy(smp->irk, info->irk, 16);
2455
2456 return 0;
2457}
2458
2459static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2460 struct sk_buff *skb)
2461{
2462 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002463 struct l2cap_chan *chan = conn->smp;
2464 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002465 struct hci_conn *hcon = conn->hcon;
2466 bdaddr_t rpa;
2467
2468 BT_DBG("");
2469
2470 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002471 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002472
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002473 /* Mark the information as received */
2474 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2475
Johan Hedbergb28b4942014-09-05 22:19:55 +03002476 if (smp->remote_key_dist & SMP_DIST_SIGN)
2477 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2478
Johan Hedbergfd349c02014-02-18 10:19:36 +02002479 skb_pull(skb, sizeof(*info));
2480
Johan Hedberga9a58f82014-02-25 22:24:37 +02002481 /* Strictly speaking the Core Specification (4.1) allows sending
2482 * an empty address which would force us to rely on just the IRK
2483 * as "identity information". However, since such
2484 * implementations are not known of and in order to not over
2485 * complicate our implementation, simply pretend that we never
2486 * received an IRK for such a device.
Johan Hedberge12af482015-01-14 20:51:37 +02002487 *
2488 * The Identity Address must also be a Static Random or Public
2489 * Address, which hci_is_identity_address() checks for.
Johan Hedberga9a58f82014-02-25 22:24:37 +02002490 */
Johan Hedberge12af482015-01-14 20:51:37 +02002491 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2492 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
Johan Hedberga9a58f82014-02-25 22:24:37 +02002493 BT_ERR("Ignoring IRK with no identity address");
Johan Hedberg31dd6242014-06-27 14:23:02 +03002494 goto distribute;
Johan Hedberga9a58f82014-02-25 22:24:37 +02002495 }
2496
Johan Hedbergfd349c02014-02-18 10:19:36 +02002497 bacpy(&smp->id_addr, &info->bdaddr);
2498 smp->id_addr_type = info->addr_type;
2499
2500 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2501 bacpy(&rpa, &hcon->dst);
2502 else
2503 bacpy(&rpa, BDADDR_ANY);
2504
Johan Hedberg23d0e122014-02-19 14:57:46 +02002505 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2506 smp->id_addr_type, smp->irk, &rpa);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002507
Johan Hedberg31dd6242014-06-27 14:23:02 +03002508distribute:
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002509 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2510 smp_distribute_keys(smp);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002511
2512 return 0;
2513}
2514
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002515static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2516{
2517 struct smp_cmd_sign_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002518 struct l2cap_chan *chan = conn->smp;
2519 struct smp_chan *smp = chan->data;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002520 struct smp_csrk *csrk;
2521
2522 BT_DBG("conn %p", conn);
2523
2524 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002525 return SMP_INVALID_PARAMS;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002526
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002527 /* Mark the information as received */
2528 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2529
2530 skb_pull(skb, sizeof(*rp));
2531
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002532 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2533 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02002534 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2535 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2536 else
2537 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002538 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2539 }
2540 smp->csrk = csrk;
Johan Hedbergd6268e82014-09-05 22:19:51 +03002541 smp_distribute_keys(smp);
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002542
2543 return 0;
2544}
2545
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002546static u8 sc_select_method(struct smp_chan *smp)
2547{
2548 struct l2cap_conn *conn = smp->conn;
2549 struct hci_conn *hcon = conn->hcon;
2550 struct smp_cmd_pairing *local, *remote;
2551 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2552
Johan Hedberg1a8bab42015-03-16 11:45:44 +02002553 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2554 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
Johan Hedberga29b0732014-10-28 15:17:05 +01002555 return REQ_OOB;
2556
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002557 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2558 * which are needed as inputs to some crypto functions. To get
2559 * the "struct smp_cmd_pairing" from them we need to skip the
2560 * first byte which contains the opcode.
2561 */
2562 if (hcon->out) {
2563 local = (void *) &smp->preq[1];
2564 remote = (void *) &smp->prsp[1];
2565 } else {
2566 local = (void *) &smp->prsp[1];
2567 remote = (void *) &smp->preq[1];
2568 }
2569
2570 local_io = local->io_capability;
2571 remote_io = remote->io_capability;
2572
2573 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2574 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2575
2576 /* If either side wants MITM, look up the method from the table,
2577 * otherwise use JUST WORKS.
2578 */
2579 if (local_mitm || remote_mitm)
2580 method = get_auth_method(smp, local_io, remote_io);
2581 else
2582 method = JUST_WORKS;
2583
2584 /* Don't confirm locally initiated pairing attempts */
2585 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2586 method = JUST_WORKS;
2587
2588 return method;
2589}
2590
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002591static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2592{
2593 struct smp_cmd_public_key *key = (void *) skb->data;
2594 struct hci_conn *hcon = conn->hcon;
2595 struct l2cap_chan *chan = conn->smp;
2596 struct smp_chan *smp = chan->data;
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002597 struct hci_dev *hdev = hcon->hdev;
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002598 struct smp_cmd_pairing_confirm cfm;
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002599 int err;
2600
2601 BT_DBG("conn %p", conn);
2602
2603 if (skb->len < sizeof(*key))
2604 return SMP_INVALID_PARAMS;
2605
2606 memcpy(smp->remote_pk, key, 64);
2607
Johan Hedberga8ca6172015-03-16 18:12:57 +02002608 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2609 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2610 smp->rr, 0, cfm.confirm_val);
2611 if (err)
2612 return SMP_UNSPECIFIED;
2613
2614 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2615 return SMP_CONFIRM_FAILED;
2616 }
2617
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002618 /* Non-initiating device sends its public key after receiving
2619 * the key from the initiating device.
2620 */
2621 if (!hcon->out) {
2622 err = sc_send_public_key(smp);
2623 if (err)
2624 return err;
2625 }
2626
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002627 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
Marcel Holtmanne0915262015-03-16 12:34:55 -07002628 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002629
2630 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2631 return SMP_UNSPECIFIED;
2632
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002633 SMP_DBG("DHKey %32phN", smp->dhkey);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002634
2635 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2636
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002637 smp->method = sc_select_method(smp);
2638
2639 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2640
2641 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2642 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2643 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2644 else
2645 hcon->pending_sec_level = BT_SECURITY_FIPS;
2646
Johan Hedbergaeb7d462014-05-31 18:52:28 +03002647 if (!memcmp(debug_pk, smp->remote_pk, 64))
2648 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2649
Johan Hedberg38606f12014-06-25 11:10:28 +03002650 if (smp->method == DSP_PASSKEY) {
2651 get_random_bytes(&hcon->passkey_notify,
2652 sizeof(hcon->passkey_notify));
2653 hcon->passkey_notify %= 1000000;
2654 hcon->passkey_entered = 0;
2655 smp->passkey_round = 0;
2656 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2657 hcon->dst_type,
2658 hcon->passkey_notify,
2659 hcon->passkey_entered))
2660 return SMP_UNSPECIFIED;
2661 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2662 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2663 }
2664
Johan Hedberg94ea7252015-03-16 11:45:46 +02002665 if (smp->method == REQ_OOB) {
Johan Hedberga29b0732014-10-28 15:17:05 +01002666 if (hcon->out)
2667 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2668 sizeof(smp->prnd), smp->prnd);
2669
2670 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2671
2672 return 0;
2673 }
2674
Johan Hedberg38606f12014-06-25 11:10:28 +03002675 if (hcon->out)
2676 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2677
2678 if (smp->method == REQ_PASSKEY) {
2679 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2680 hcon->dst_type))
2681 return SMP_UNSPECIFIED;
2682 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2683 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2684 return 0;
2685 }
2686
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002687 /* The Initiating device waits for the non-initiating device to
2688 * send the confirm value.
2689 */
2690 if (conn->hcon->out)
2691 return 0;
2692
2693 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2694 0, cfm.confirm_val);
2695 if (err)
2696 return SMP_UNSPECIFIED;
2697
2698 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2699 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2700
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002701 return 0;
2702}
2703
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002704static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2705{
2706 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2707 struct l2cap_chan *chan = conn->smp;
2708 struct hci_conn *hcon = conn->hcon;
2709 struct smp_chan *smp = chan->data;
2710 u8 a[7], b[7], *local_addr, *remote_addr;
2711 u8 io_cap[3], r[16], e[16];
2712 int err;
2713
2714 BT_DBG("conn %p", conn);
2715
2716 if (skb->len < sizeof(*check))
2717 return SMP_INVALID_PARAMS;
2718
2719 memcpy(a, &hcon->init_addr, 6);
2720 memcpy(b, &hcon->resp_addr, 6);
2721 a[6] = hcon->init_addr_type;
2722 b[6] = hcon->resp_addr_type;
2723
2724 if (hcon->out) {
2725 local_addr = a;
2726 remote_addr = b;
2727 memcpy(io_cap, &smp->prsp[1], 3);
2728 } else {
2729 local_addr = b;
2730 remote_addr = a;
2731 memcpy(io_cap, &smp->preq[1], 3);
2732 }
2733
2734 memset(r, 0, sizeof(r));
2735
Johan Hedberg38606f12014-06-25 11:10:28 +03002736 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2737 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg882fafa2015-03-16 11:45:43 +02002738 else if (smp->method == REQ_OOB)
2739 memcpy(r, smp->lr, 16);
Johan Hedberg38606f12014-06-25 11:10:28 +03002740
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002741 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2742 io_cap, remote_addr, local_addr, e);
2743 if (err)
2744 return SMP_UNSPECIFIED;
2745
2746 if (memcmp(check->e, e, 16))
2747 return SMP_DHKEY_CHECK_FAILED;
2748
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002749 if (!hcon->out) {
2750 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2751 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2752 return 0;
2753 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002754
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002755 /* Slave sends DHKey check as response to master */
2756 sc_dhkey_check(smp);
2757 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002758
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002759 sc_add_ltk(smp);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002760
2761 if (hcon->out) {
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002762 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002763 hcon->enc_key_size = smp->enc_key_size;
2764 }
2765
2766 return 0;
2767}
2768
Johan Hedberg1408bb62014-06-04 22:45:57 +03002769static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2770 struct sk_buff *skb)
2771{
2772 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2773
2774 BT_DBG("value 0x%02x", kp->value);
2775
2776 return 0;
2777}
2778
Johan Hedberg4befb862014-08-11 22:06:38 +03002779static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002780{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002781 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002782 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002783 struct smp_chan *smp;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002784 __u8 code, reason;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002785 int err = 0;
2786
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002787 if (skb->len < 1)
Marcel Holtmann92381f52013-10-03 01:23:08 -07002788 return -EILSEQ;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002789
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002790 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002791 reason = SMP_PAIRING_NOTSUPP;
2792 goto done;
2793 }
2794
Marcel Holtmann92381f52013-10-03 01:23:08 -07002795 code = skb->data[0];
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002796 skb_pull(skb, sizeof(code));
2797
Johan Hedbergb28b4942014-09-05 22:19:55 +03002798 smp = chan->data;
2799
2800 if (code > SMP_CMD_MAX)
2801 goto drop;
2802
Johan Hedberg24bd0bd2014-09-10 17:37:43 -07002803 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
Johan Hedbergb28b4942014-09-05 22:19:55 +03002804 goto drop;
2805
2806 /* If we don't have a context the only allowed commands are
2807 * pairing request and security request.
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002808 */
Johan Hedbergb28b4942014-09-05 22:19:55 +03002809 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2810 goto drop;
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002811
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002812 switch (code) {
2813 case SMP_CMD_PAIRING_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002814 reason = smp_cmd_pairing_req(conn, skb);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002815 break;
2816
2817 case SMP_CMD_PAIRING_FAIL:
Johan Hedberg84794e12013-11-06 11:24:57 +02002818 smp_failure(conn, 0);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002819 err = -EPERM;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002820 break;
2821
2822 case SMP_CMD_PAIRING_RSP:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002823 reason = smp_cmd_pairing_rsp(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002824 break;
2825
2826 case SMP_CMD_SECURITY_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002827 reason = smp_cmd_security_req(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002828 break;
2829
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002830 case SMP_CMD_PAIRING_CONFIRM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002831 reason = smp_cmd_pairing_confirm(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002832 break;
2833
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002834 case SMP_CMD_PAIRING_RANDOM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002835 reason = smp_cmd_pairing_random(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002836 break;
2837
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002838 case SMP_CMD_ENCRYPT_INFO:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002839 reason = smp_cmd_encrypt_info(conn, skb);
2840 break;
2841
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002842 case SMP_CMD_MASTER_IDENT:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002843 reason = smp_cmd_master_ident(conn, skb);
2844 break;
2845
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002846 case SMP_CMD_IDENT_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002847 reason = smp_cmd_ident_info(conn, skb);
2848 break;
2849
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002850 case SMP_CMD_IDENT_ADDR_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002851 reason = smp_cmd_ident_addr_info(conn, skb);
2852 break;
2853
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002854 case SMP_CMD_SIGN_INFO:
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002855 reason = smp_cmd_sign_info(conn, skb);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002856 break;
2857
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002858 case SMP_CMD_PUBLIC_KEY:
2859 reason = smp_cmd_public_key(conn, skb);
2860 break;
2861
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002862 case SMP_CMD_DHKEY_CHECK:
2863 reason = smp_cmd_dhkey_check(conn, skb);
2864 break;
2865
Johan Hedberg1408bb62014-06-04 22:45:57 +03002866 case SMP_CMD_KEYPRESS_NOTIFY:
2867 reason = smp_cmd_keypress_notify(conn, skb);
2868 break;
2869
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002870 default:
2871 BT_DBG("Unknown command code 0x%2.2x", code);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002872 reason = SMP_CMD_NOTSUPP;
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002873 goto done;
2874 }
2875
2876done:
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002877 if (!err) {
2878 if (reason)
2879 smp_failure(conn, reason);
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002880 kfree_skb(skb);
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002881 }
2882
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002883 return err;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002884
2885drop:
2886 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2887 code, &hcon->dst);
2888 kfree_skb(skb);
2889 return 0;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002890}
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002891
Johan Hedberg70db83c2014-08-08 09:37:16 +03002892static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2893{
2894 struct l2cap_conn *conn = chan->conn;
2895
2896 BT_DBG("chan %p", chan);
2897
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002898 if (chan->data)
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002899 smp_chan_destroy(conn);
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002900
Johan Hedberg70db83c2014-08-08 09:37:16 +03002901 conn->smp = NULL;
2902 l2cap_chan_put(chan);
2903}
2904
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002905static void bredr_pairing(struct l2cap_chan *chan)
2906{
2907 struct l2cap_conn *conn = chan->conn;
2908 struct hci_conn *hcon = conn->hcon;
2909 struct hci_dev *hdev = hcon->hdev;
2910 struct smp_cmd_pairing req;
2911 struct smp_chan *smp;
2912
2913 BT_DBG("chan %p", chan);
2914
2915 /* Only new pairings are interesting */
2916 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2917 return;
2918
2919 /* Don't bother if we're not encrypted */
2920 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2921 return;
2922
2923 /* Only master may initiate SMP over BR/EDR */
2924 if (hcon->role != HCI_ROLE_MASTER)
2925 return;
2926
2927 /* Secure Connections support must be enabled */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002928 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002929 return;
2930
2931 /* BR/EDR must use Secure Connections for SMP */
2932 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07002933 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002934 return;
2935
2936 /* If our LE support is not enabled don't do anything */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002937 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002938 return;
2939
2940 /* Don't bother if remote LE support is not enabled */
2941 if (!lmp_host_le_capable(hcon))
2942 return;
2943
2944 /* Remote must support SMP fixed chan for BR/EDR */
2945 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2946 return;
2947
2948 /* Don't bother if SMP is already ongoing */
2949 if (chan->data)
2950 return;
2951
2952 smp = smp_chan_create(conn);
2953 if (!smp) {
2954 BT_ERR("%s unable to create SMP context for BR/EDR",
2955 hdev->name);
2956 return;
2957 }
2958
2959 set_bit(SMP_FLAG_SC, &smp->flags);
2960
2961 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2962
2963 /* Prepare and send the BR/EDR SMP Pairing Request */
2964 build_bredr_pairing_cmd(smp, &req, NULL);
2965
2966 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2967 memcpy(&smp->preq[1], &req, sizeof(req));
2968
2969 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2970 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2971}
2972
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002973static void smp_resume_cb(struct l2cap_chan *chan)
2974{
Johan Hedbergb68fda62014-08-11 22:06:40 +03002975 struct smp_chan *smp = chan->data;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002976 struct l2cap_conn *conn = chan->conn;
2977 struct hci_conn *hcon = conn->hcon;
2978
2979 BT_DBG("chan %p", chan);
2980
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002981 if (hcon->type == ACL_LINK) {
2982 bredr_pairing(chan);
Johan Hedbergef8efe42014-08-13 15:12:32 +03002983 return;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03002984 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03002985
Johan Hedberg86d14072014-08-11 22:06:43 +03002986 if (!smp)
2987 return;
Johan Hedbergb68fda62014-08-11 22:06:40 +03002988
Johan Hedberg84bc0db2014-09-05 22:19:49 +03002989 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2990 return;
2991
Johan Hedberg86d14072014-08-11 22:06:43 +03002992 cancel_delayed_work(&smp->security_timer);
2993
Johan Hedbergd6268e82014-09-05 22:19:51 +03002994 smp_distribute_keys(smp);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002995}
2996
Johan Hedberg70db83c2014-08-08 09:37:16 +03002997static void smp_ready_cb(struct l2cap_chan *chan)
2998{
2999 struct l2cap_conn *conn = chan->conn;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003000 struct hci_conn *hcon = conn->hcon;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003001
3002 BT_DBG("chan %p", chan);
3003
3004 conn->smp = chan;
3005 l2cap_chan_hold(chan);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003006
3007 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3008 bredr_pairing(chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003009}
3010
Johan Hedberg4befb862014-08-11 22:06:38 +03003011static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3012{
3013 int err;
3014
3015 BT_DBG("chan %p", chan);
3016
3017 err = smp_sig_channel(chan, skb);
3018 if (err) {
Johan Hedbergb68fda62014-08-11 22:06:40 +03003019 struct smp_chan *smp = chan->data;
Johan Hedberg4befb862014-08-11 22:06:38 +03003020
Johan Hedbergb68fda62014-08-11 22:06:40 +03003021 if (smp)
3022 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg4befb862014-08-11 22:06:38 +03003023
Johan Hedberg1e91c292014-08-18 20:33:29 +03003024 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
Johan Hedberg4befb862014-08-11 22:06:38 +03003025 }
3026
3027 return err;
3028}
3029
Johan Hedberg70db83c2014-08-08 09:37:16 +03003030static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3031 unsigned long hdr_len,
3032 unsigned long len, int nb)
3033{
3034 struct sk_buff *skb;
3035
3036 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3037 if (!skb)
3038 return ERR_PTR(-ENOMEM);
3039
3040 skb->priority = HCI_PRIO_MAX;
Johan Hedberga4368ff2015-03-30 23:21:01 +03003041 bt_cb(skb)->l2cap.chan = chan;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003042
3043 return skb;
3044}
3045
3046static const struct l2cap_ops smp_chan_ops = {
3047 .name = "Security Manager",
3048 .ready = smp_ready_cb,
Johan Hedberg5d88cc72014-08-08 09:37:18 +03003049 .recv = smp_recv_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003050 .alloc_skb = smp_alloc_skb_cb,
3051 .teardown = smp_teardown_cb,
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003052 .resume = smp_resume_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003053
3054 .new_connection = l2cap_chan_no_new_connection,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003055 .state_change = l2cap_chan_no_state_change,
3056 .close = l2cap_chan_no_close,
3057 .defer = l2cap_chan_no_defer,
3058 .suspend = l2cap_chan_no_suspend,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003059 .set_shutdown = l2cap_chan_no_set_shutdown,
3060 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003061};
3062
3063static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3064{
3065 struct l2cap_chan *chan;
3066
3067 BT_DBG("pchan %p", pchan);
3068
3069 chan = l2cap_chan_create();
3070 if (!chan)
3071 return NULL;
3072
3073 chan->chan_type = pchan->chan_type;
3074 chan->ops = &smp_chan_ops;
3075 chan->scid = pchan->scid;
3076 chan->dcid = chan->scid;
3077 chan->imtu = pchan->imtu;
3078 chan->omtu = pchan->omtu;
3079 chan->mode = pchan->mode;
3080
Johan Hedbergabe84902014-11-12 22:22:21 +02003081 /* Other L2CAP channels may request SMP routines in order to
3082 * change the security level. This means that the SMP channel
3083 * lock must be considered in its own category to avoid lockdep
3084 * warnings.
3085 */
3086 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3087
Johan Hedberg70db83c2014-08-08 09:37:16 +03003088 BT_DBG("created chan %p", chan);
3089
3090 return chan;
3091}
3092
3093static const struct l2cap_ops smp_root_chan_ops = {
3094 .name = "Security Manager Root",
3095 .new_connection = smp_new_conn_cb,
3096
3097 /* None of these are implemented for the root channel */
3098 .close = l2cap_chan_no_close,
3099 .alloc_skb = l2cap_chan_no_alloc_skb,
3100 .recv = l2cap_chan_no_recv,
3101 .state_change = l2cap_chan_no_state_change,
3102 .teardown = l2cap_chan_no_teardown,
3103 .ready = l2cap_chan_no_ready,
3104 .defer = l2cap_chan_no_defer,
3105 .suspend = l2cap_chan_no_suspend,
3106 .resume = l2cap_chan_no_resume,
3107 .set_shutdown = l2cap_chan_no_set_shutdown,
3108 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003109};
3110
Johan Hedbergef8efe42014-08-13 15:12:32 +03003111static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003112{
Johan Hedberg70db83c2014-08-08 09:37:16 +03003113 struct l2cap_chan *chan;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003114 struct smp_dev *smp;
3115 struct crypto_blkcipher *tfm_aes;
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003116 struct crypto_hash *tfm_cmac;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003117
Johan Hedbergef8efe42014-08-13 15:12:32 +03003118 if (cid == L2CAP_CID_SMP_BREDR) {
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003119 smp = NULL;
Johan Hedbergef8efe42014-08-13 15:12:32 +03003120 goto create_chan;
3121 }
Johan Hedberg711eafe2014-08-08 09:32:52 +03003122
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003123 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3124 if (!smp)
3125 return ERR_PTR(-ENOMEM);
3126
3127 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003128 if (IS_ERR(tfm_aes)) {
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003129 BT_ERR("Unable to create ECB crypto context");
3130 kzfree(smp);
Fengguang Wufe700772014-12-08 03:04:38 +08003131 return ERR_CAST(tfm_aes);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003132 }
3133
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003134 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3135 if (IS_ERR(tfm_cmac)) {
3136 BT_ERR("Unable to create CMAC crypto context");
3137 crypto_free_blkcipher(tfm_aes);
3138 kzfree(smp);
3139 return ERR_CAST(tfm_cmac);
3140 }
3141
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003142 smp->tfm_aes = tfm_aes;
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003143 smp->tfm_cmac = tfm_cmac;
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003144 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
Johan Hedberg2fd36552015-06-11 13:52:26 +03003145 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003146
Johan Hedbergef8efe42014-08-13 15:12:32 +03003147create_chan:
Johan Hedberg70db83c2014-08-08 09:37:16 +03003148 chan = l2cap_chan_create();
3149 if (!chan) {
Marcel Holtmann63511f6d2015-03-17 11:38:24 -07003150 if (smp) {
3151 crypto_free_blkcipher(smp->tfm_aes);
3152 crypto_free_hash(smp->tfm_cmac);
3153 kzfree(smp);
3154 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003155 return ERR_PTR(-ENOMEM);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003156 }
3157
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003158 chan->data = smp;
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003159
Johan Hedbergef8efe42014-08-13 15:12:32 +03003160 l2cap_add_scid(chan, cid);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003161
3162 l2cap_chan_set_defaults(chan);
3163
Marcel Holtmann157029b2015-01-14 15:43:09 -08003164 if (cid == L2CAP_CID_SMP) {
Johan Hedberg39e3e742015-02-20 13:48:24 +02003165 u8 bdaddr_type;
3166
3167 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3168
3169 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
Marcel Holtmann157029b2015-01-14 15:43:09 -08003170 chan->src_type = BDADDR_LE_PUBLIC;
Johan Hedberg39e3e742015-02-20 13:48:24 +02003171 else
3172 chan->src_type = BDADDR_LE_RANDOM;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003173 } else {
3174 bacpy(&chan->src, &hdev->bdaddr);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003175 chan->src_type = BDADDR_BREDR;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003176 }
3177
Johan Hedberg70db83c2014-08-08 09:37:16 +03003178 chan->state = BT_LISTEN;
3179 chan->mode = L2CAP_MODE_BASIC;
3180 chan->imtu = L2CAP_DEFAULT_MTU;
3181 chan->ops = &smp_root_chan_ops;
3182
Johan Hedbergabe84902014-11-12 22:22:21 +02003183 /* Set correct nesting level for a parent/listening channel */
3184 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3185
Johan Hedbergef8efe42014-08-13 15:12:32 +03003186 return chan;
Johan Hedberg711eafe2014-08-08 09:32:52 +03003187}
3188
Johan Hedbergef8efe42014-08-13 15:12:32 +03003189static void smp_del_chan(struct l2cap_chan *chan)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003190{
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003191 struct smp_dev *smp;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003192
Johan Hedbergef8efe42014-08-13 15:12:32 +03003193 BT_DBG("chan %p", chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003194
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003195 smp = chan->data;
3196 if (smp) {
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003197 chan->data = NULL;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003198 if (smp->tfm_aes)
3199 crypto_free_blkcipher(smp->tfm_aes);
Marcel Holtmann6e2dc6d2015-03-16 01:10:21 -07003200 if (smp->tfm_cmac)
3201 crypto_free_hash(smp->tfm_cmac);
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003202 kzfree(smp);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003203 }
Johan Hedberg70db83c2014-08-08 09:37:16 +03003204
Johan Hedberg70db83c2014-08-08 09:37:16 +03003205 l2cap_chan_put(chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003206}
Johan Hedbergef8efe42014-08-13 15:12:32 +03003207
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003208static ssize_t force_bredr_smp_read(struct file *file,
3209 char __user *user_buf,
3210 size_t count, loff_t *ppos)
3211{
3212 struct hci_dev *hdev = file->private_data;
3213 char buf[3];
3214
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003215 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003216 buf[1] = '\n';
3217 buf[2] = '\0';
3218 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3219}
3220
3221static ssize_t force_bredr_smp_write(struct file *file,
3222 const char __user *user_buf,
3223 size_t count, loff_t *ppos)
3224{
3225 struct hci_dev *hdev = file->private_data;
3226 char buf[32];
3227 size_t buf_size = min(count, (sizeof(buf)-1));
3228 bool enable;
3229
3230 if (copy_from_user(buf, user_buf, buf_size))
3231 return -EFAULT;
3232
3233 buf[buf_size] = '\0';
3234 if (strtobool(buf, &enable))
3235 return -EINVAL;
3236
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003237 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003238 return -EALREADY;
3239
3240 if (enable) {
3241 struct l2cap_chan *chan;
3242
3243 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3244 if (IS_ERR(chan))
3245 return PTR_ERR(chan);
3246
3247 hdev->smp_bredr_data = chan;
3248 } else {
3249 struct l2cap_chan *chan;
3250
3251 chan = hdev->smp_bredr_data;
3252 hdev->smp_bredr_data = NULL;
3253 smp_del_chan(chan);
3254 }
3255
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003256 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003257
3258 return count;
3259}
3260
3261static const struct file_operations force_bredr_smp_fops = {
3262 .open = simple_open,
3263 .read = force_bredr_smp_read,
3264 .write = force_bredr_smp_write,
3265 .llseek = default_llseek,
3266};
3267
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003268static ssize_t le_min_key_size_read(struct file *file,
3269 char __user *user_buf,
3270 size_t count, loff_t *ppos)
3271{
3272 struct hci_dev *hdev = file->private_data;
3273 char buf[4];
3274
3275 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3276
3277 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3278}
3279
3280static ssize_t le_min_key_size_write(struct file *file,
3281 const char __user *user_buf,
3282 size_t count, loff_t *ppos)
3283{
3284 struct hci_dev *hdev = file->private_data;
3285 char buf[32];
3286 size_t buf_size = min(count, (sizeof(buf) - 1));
3287 u8 key_size;
3288
3289 if (copy_from_user(buf, user_buf, buf_size))
3290 return -EFAULT;
3291
3292 buf[buf_size] = '\0';
3293
3294 sscanf(buf, "%hhu", &key_size);
3295
3296 if (key_size > SMP_DEV(hdev)->max_key_size ||
3297 key_size < SMP_MIN_ENC_KEY_SIZE)
3298 return -EINVAL;
3299
3300 SMP_DEV(hdev)->min_key_size = key_size;
3301
3302 return count;
3303}
3304
3305static const struct file_operations le_min_key_size_fops = {
3306 .open = simple_open,
3307 .read = le_min_key_size_read,
3308 .write = le_min_key_size_write,
3309 .llseek = default_llseek,
3310};
3311
Johan Hedberg2fd36552015-06-11 13:52:26 +03003312static ssize_t le_max_key_size_read(struct file *file,
3313 char __user *user_buf,
3314 size_t count, loff_t *ppos)
3315{
3316 struct hci_dev *hdev = file->private_data;
3317 char buf[4];
3318
3319 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3320
3321 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3322}
3323
3324static ssize_t le_max_key_size_write(struct file *file,
3325 const char __user *user_buf,
3326 size_t count, loff_t *ppos)
3327{
3328 struct hci_dev *hdev = file->private_data;
3329 char buf[32];
3330 size_t buf_size = min(count, (sizeof(buf) - 1));
3331 u8 key_size;
3332
3333 if (copy_from_user(buf, user_buf, buf_size))
3334 return -EFAULT;
3335
3336 buf[buf_size] = '\0';
3337
3338 sscanf(buf, "%hhu", &key_size);
3339
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003340 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3341 key_size < SMP_DEV(hdev)->min_key_size)
Johan Hedberg2fd36552015-06-11 13:52:26 +03003342 return -EINVAL;
3343
3344 SMP_DEV(hdev)->max_key_size = key_size;
3345
3346 return count;
3347}
3348
3349static const struct file_operations le_max_key_size_fops = {
3350 .open = simple_open,
3351 .read = le_max_key_size_read,
3352 .write = le_max_key_size_write,
3353 .llseek = default_llseek,
3354};
3355
Johan Hedbergef8efe42014-08-13 15:12:32 +03003356int smp_register(struct hci_dev *hdev)
3357{
3358 struct l2cap_chan *chan;
3359
3360 BT_DBG("%s", hdev->name);
3361
Marcel Holtmann7e7ec442015-01-14 15:43:10 -08003362 /* If the controller does not support Low Energy operation, then
3363 * there is also no need to register any SMP channel.
3364 */
3365 if (!lmp_le_capable(hdev))
3366 return 0;
3367
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003368 if (WARN_ON(hdev->smp_data)) {
3369 chan = hdev->smp_data;
3370 hdev->smp_data = NULL;
3371 smp_del_chan(chan);
3372 }
3373
Johan Hedbergef8efe42014-08-13 15:12:32 +03003374 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3375 if (IS_ERR(chan))
3376 return PTR_ERR(chan);
3377
3378 hdev->smp_data = chan;
3379
Johan Hedbergb1f663c2015-06-11 13:52:27 +03003380 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3381 &le_min_key_size_fops);
Johan Hedberg2fd36552015-06-11 13:52:26 +03003382 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3383 &le_max_key_size_fops);
3384
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003385 /* If the controller does not support BR/EDR Secure Connections
3386 * feature, then the BR/EDR SMP channel shall not be present.
3387 *
3388 * To test this with Bluetooth 4.0 controllers, create a debugfs
3389 * switch that allows forcing BR/EDR SMP support and accepting
3390 * cross-transport pairing on non-AES encrypted connections.
3391 */
3392 if (!lmp_sc_capable(hdev)) {
3393 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3394 hdev, &force_bredr_smp_fops);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003395 return 0;
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003396 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003397
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003398 if (WARN_ON(hdev->smp_bredr_data)) {
3399 chan = hdev->smp_bredr_data;
3400 hdev->smp_bredr_data = NULL;
3401 smp_del_chan(chan);
3402 }
3403
Johan Hedbergef8efe42014-08-13 15:12:32 +03003404 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3405 if (IS_ERR(chan)) {
3406 int err = PTR_ERR(chan);
3407 chan = hdev->smp_data;
3408 hdev->smp_data = NULL;
3409 smp_del_chan(chan);
3410 return err;
3411 }
3412
3413 hdev->smp_bredr_data = chan;
3414
3415 return 0;
3416}
3417
3418void smp_unregister(struct hci_dev *hdev)
3419{
3420 struct l2cap_chan *chan;
3421
3422 if (hdev->smp_bredr_data) {
3423 chan = hdev->smp_bredr_data;
3424 hdev->smp_bredr_data = NULL;
3425 smp_del_chan(chan);
3426 }
3427
3428 if (hdev->smp_data) {
3429 chan = hdev->smp_data;
3430 hdev->smp_data = NULL;
3431 smp_del_chan(chan);
3432 }
3433}
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003434
3435#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3436
Johan Hedbergcfc41982014-12-30 09:50:40 +02003437static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3438{
3439 const u8 irk[16] = {
3440 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3441 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3442 const u8 r[3] = { 0x94, 0x81, 0x70 };
3443 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3444 u8 res[3];
3445 int err;
3446
3447 err = smp_ah(tfm_aes, irk, r, res);
3448 if (err)
3449 return err;
3450
3451 if (memcmp(res, exp, 3))
3452 return -EINVAL;
3453
3454 return 0;
3455}
3456
3457static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3458{
3459 const u8 k[16] = {
3460 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3461 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3462 const u8 r[16] = {
3463 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3464 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3465 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3466 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3467 const u8 _iat = 0x01;
3468 const u8 _rat = 0x00;
3469 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3470 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3471 const u8 exp[16] = {
3472 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3473 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3474 u8 res[16];
3475 int err;
3476
3477 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3478 if (err)
3479 return err;
3480
3481 if (memcmp(res, exp, 16))
3482 return -EINVAL;
3483
3484 return 0;
3485}
3486
3487static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3488{
3489 const u8 k[16] = {
3490 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3492 const u8 r1[16] = {
3493 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3494 const u8 r2[16] = {
3495 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3496 const u8 exp[16] = {
3497 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3498 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3499 u8 res[16];
3500 int err;
3501
3502 err = smp_s1(tfm_aes, k, r1, r2, res);
3503 if (err)
3504 return err;
3505
3506 if (memcmp(res, exp, 16))
3507 return -EINVAL;
3508
3509 return 0;
3510}
3511
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003512static int __init test_f4(struct crypto_hash *tfm_cmac)
3513{
3514 const u8 u[32] = {
3515 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3516 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3517 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3518 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3519 const u8 v[32] = {
3520 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3521 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3522 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3523 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3524 const u8 x[16] = {
3525 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3526 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3527 const u8 z = 0x00;
3528 const u8 exp[16] = {
3529 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3530 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3531 u8 res[16];
3532 int err;
3533
3534 err = smp_f4(tfm_cmac, u, v, x, z, res);
3535 if (err)
3536 return err;
3537
3538 if (memcmp(res, exp, 16))
3539 return -EINVAL;
3540
3541 return 0;
3542}
3543
3544static int __init test_f5(struct crypto_hash *tfm_cmac)
3545{
3546 const u8 w[32] = {
3547 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3548 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3549 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3550 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3551 const u8 n1[16] = {
3552 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3553 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3554 const u8 n2[16] = {
3555 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3556 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3557 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3558 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3559 const u8 exp_ltk[16] = {
3560 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3561 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3562 const u8 exp_mackey[16] = {
3563 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3564 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3565 u8 mackey[16], ltk[16];
3566 int err;
3567
3568 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3569 if (err)
3570 return err;
3571
3572 if (memcmp(mackey, exp_mackey, 16))
3573 return -EINVAL;
3574
3575 if (memcmp(ltk, exp_ltk, 16))
3576 return -EINVAL;
3577
3578 return 0;
3579}
3580
3581static int __init test_f6(struct crypto_hash *tfm_cmac)
3582{
3583 const u8 w[16] = {
3584 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3585 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3586 const u8 n1[16] = {
3587 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3588 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3589 const u8 n2[16] = {
3590 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3591 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3592 const u8 r[16] = {
3593 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3594 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3595 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3596 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3597 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3598 const u8 exp[16] = {
3599 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3600 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3601 u8 res[16];
3602 int err;
3603
3604 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3605 if (err)
3606 return err;
3607
3608 if (memcmp(res, exp, 16))
3609 return -EINVAL;
3610
3611 return 0;
3612}
3613
3614static int __init test_g2(struct crypto_hash *tfm_cmac)
3615{
3616 const u8 u[32] = {
3617 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3618 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3619 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3620 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3621 const u8 v[32] = {
3622 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3623 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3624 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3625 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3626 const u8 x[16] = {
3627 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3628 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3629 const u8 y[16] = {
3630 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3631 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3632 const u32 exp_val = 0x2f9ed5ba % 1000000;
3633 u32 val;
3634 int err;
3635
3636 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3637 if (err)
3638 return err;
3639
3640 if (val != exp_val)
3641 return -EINVAL;
3642
3643 return 0;
3644}
3645
3646static int __init test_h6(struct crypto_hash *tfm_cmac)
3647{
3648 const u8 w[16] = {
3649 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3650 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3651 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3652 const u8 exp[16] = {
3653 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3654 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3655 u8 res[16];
3656 int err;
3657
3658 err = smp_h6(tfm_cmac, w, key_id, res);
3659 if (err)
3660 return err;
3661
3662 if (memcmp(res, exp, 16))
3663 return -EINVAL;
3664
3665 return 0;
3666}
3667
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003668static char test_smp_buffer[32];
3669
3670static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3671 size_t count, loff_t *ppos)
3672{
3673 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3674 strlen(test_smp_buffer));
3675}
3676
3677static const struct file_operations test_smp_fops = {
3678 .open = simple_open,
3679 .read = test_smp_read,
3680 .llseek = default_llseek,
3681};
3682
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003683static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3684 struct crypto_hash *tfm_cmac)
3685{
Marcel Holtmann255047b2014-12-30 00:11:20 -08003686 ktime_t calltime, delta, rettime;
3687 unsigned long long duration;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003688 int err;
3689
Marcel Holtmann255047b2014-12-30 00:11:20 -08003690 calltime = ktime_get();
3691
Johan Hedbergcfc41982014-12-30 09:50:40 +02003692 err = test_ah(tfm_aes);
3693 if (err) {
3694 BT_ERR("smp_ah test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003695 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003696 }
3697
3698 err = test_c1(tfm_aes);
3699 if (err) {
3700 BT_ERR("smp_c1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003701 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003702 }
3703
3704 err = test_s1(tfm_aes);
3705 if (err) {
3706 BT_ERR("smp_s1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003707 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003708 }
3709
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003710 err = test_f4(tfm_cmac);
3711 if (err) {
3712 BT_ERR("smp_f4 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003713 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003714 }
3715
3716 err = test_f5(tfm_cmac);
3717 if (err) {
3718 BT_ERR("smp_f5 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003719 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003720 }
3721
3722 err = test_f6(tfm_cmac);
3723 if (err) {
3724 BT_ERR("smp_f6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003725 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003726 }
3727
3728 err = test_g2(tfm_cmac);
3729 if (err) {
3730 BT_ERR("smp_g2 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003731 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003732 }
3733
3734 err = test_h6(tfm_cmac);
3735 if (err) {
3736 BT_ERR("smp_h6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003737 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003738 }
3739
Marcel Holtmann255047b2014-12-30 00:11:20 -08003740 rettime = ktime_get();
3741 delta = ktime_sub(rettime, calltime);
3742 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3743
Marcel Holtmann5ced2462015-01-12 23:09:48 -08003744 BT_INFO("SMP test passed in %llu usecs", duration);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003745
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003746done:
3747 if (!err)
3748 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3749 "PASS (%llu usecs)\n", duration);
3750 else
3751 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3752
3753 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3754 &test_smp_fops);
3755
3756 return err;
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003757}
3758
3759int __init bt_selftest_smp(void)
3760{
3761 struct crypto_blkcipher *tfm_aes;
3762 struct crypto_hash *tfm_cmac;
3763 int err;
3764
3765 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3766 if (IS_ERR(tfm_aes)) {
3767 BT_ERR("Unable to create ECB crypto context");
3768 return PTR_ERR(tfm_aes);
3769 }
3770
3771 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3772 if (IS_ERR(tfm_cmac)) {
3773 BT_ERR("Unable to create CMAC crypto context");
3774 crypto_free_blkcipher(tfm_aes);
3775 return PTR_ERR(tfm_cmac);
3776 }
3777
3778 err = run_selftests(tfm_aes, tfm_cmac);
3779
3780 crypto_free_hash(tfm_cmac);
3781 crypto_free_blkcipher(tfm_aes);
3782
3783 return err;
3784}
3785
3786#endif