projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
defconfig: exynos9610: Re-add dropped Wi-Fi AP options lost
[GitHub/LineageOS/android_kernel_motorola_exynos9610.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
300acfde 23#include <linux/debugfs.h>
8c520a59 24#include <linux/scatterlist.h>
a4770e11 25#include <linux/crypto.h>
329d8230 26#include <crypto/algapi.h>
8c520a59 27#include <crypto/b128ops.h>
71af2f6b 28#include <crypto/hash.h>
8c520a59 29
eb492e01
AB		 30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
2b64d153 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
58771c1c 35#include "ecdh_helper.h"
ac4b7236 36#include "smp.h"
d22ef0bc 37
2fd36558
JH		 38#define SMP_DEV(hdev) \
39 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
40
c7a3d57d
JH		 41/* Low-level debug macros to be used for stuff that we don't want
42 * accidentially in dmesg, i.e. the values of the various crypto keys
43 * and the inputs & outputs of crypto functions.
44 */
45#ifdef DEBUG
46#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
47 ##__VA_ARGS__)
48#else
49#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
50 ##__VA_ARGS__)
51#endif
52
b28b4943 53#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 54
3b19146d
JH		 55/* Keys which are not distributed with Secure Connections */
56#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
57
17b02e62 58#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 59
d7a5a11d 60#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
a62da6f1 61 0x3f : 0x07)
0edb14de 62#define KEY_DIST_MASK 0x07
065a13e2 63
cbbbe3e2
JH		 64/* Maximum message length that can be passed to aes_cmac */
65#define CMAC_MSG_MAX 80
66
533e35d4
JH		 67enum {
68 SMP_FLAG_TK_VALID,
69 SMP_FLAG_CFM_PENDING,
70 SMP_FLAG_MITM_AUTH,
71 SMP_FLAG_COMPLETE,
72 SMP_FLAG_INITIATOR,
65668776 73 SMP_FLAG_SC,
d8f8edbe 74 SMP_FLAG_REMOTE_PK,
aeb7d461 75 SMP_FLAG_DEBUG_KEY,
38606f14 76 SMP_FLAG_WAIT_USER,
d3e54a87 77 SMP_FLAG_DHKEY_PENDING,
1a8bab4f
JH		 78 SMP_FLAG_REMOTE_OOB,
79 SMP_FLAG_LOCAL_OOB,
a62da6f1 80 SMP_FLAG_CT2,
533e35d4 81};
4bc58f51 82
88a479d9 83struct smp_dev {
60a27d65
MH		 84 /* Secure Connections OOB data */
85 u8 local_pk[64];
86 u8 local_sk[32];
fb334fee 87 u8 local_rand[16];
60a27d65
MH		 88 bool debug_key;
89
b1f663c9 90 u8 min_key_size;
2fd36558
JH		 91 u8 max_key_size;
92
a4770e11 93 struct crypto_cipher *tfm_aes;
71af2f6b 94 struct crypto_shash *tfm_cmac;
88a479d9
MH		 95};
96
4bc58f51 97struct smp_chan {
b68fda68
JH		 98 struct l2cap_conn *conn;
99 struct delayed_work security_timer;
b28b4943 100 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 101
4bc58f51
JH		 102 u8 preq[7]; /* SMP Pairing Request */
103 u8 prsp[7]; /* SMP Pairing Response */
104 u8 prnd[16]; /* SMP Pairing Random (local) */
105 u8 rrnd[16]; /* SMP Pairing Random (remote) */
106 u8 pcnf[16]; /* SMP Pairing Confirm */
107 u8 tk[16]; /* SMP Temporary Key */
882fafad
JH		 108 u8 rr[16]; /* Remote OOB ra/rb value */
109 u8 lr[16]; /* Local OOB ra/rb value */
4bc58f51
JH		 110 u8 enc_key_size;
111 u8 remote_key_dist;
112 bdaddr_t id_addr;
113 u8 id_addr_type;
114 u8 irk[16];
115 struct smp_csrk *csrk;
116 struct smp_csrk *slave_csrk;
117 struct smp_ltk *ltk;
118 struct smp_ltk *slave_ltk;
119 struct smp_irk *remote_irk;
6a77083a 120 u8 *link_key;
4a74d658 121 unsigned long flags;
783e0574 122 u8 method;
38606f14 123 u8 passkey_round;
6a7bd103 124
3b19146d
JH		 125 /* Secure Connections variables */
126 u8 local_pk[64];
127 u8 local_sk[32];
d8f8edbe
JH		 128 u8 remote_pk[64];
129 u8 dhkey[32];
760b018b 130 u8 mackey[16];
3b19146d 131
a4770e11 132 struct crypto_cipher *tfm_aes;
71af2f6b 133 struct crypto_shash *tfm_cmac;
4bc58f51
JH		 134};
135
aeb7d461
JH		 136/* These debug key values are defined in the SMP section of the core
137 * specification. debug_pk is the public debug key and debug_sk the
138 * private debug key.
139 */
140static const u8 debug_pk[64] = {
141 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
142 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
143 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
144 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
145
146 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
147 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
148 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
149 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
150};
151
152static const u8 debug_sk[32] = {
153 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
154 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
155 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
156 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
157};
158
8a2936f4 159static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 160{
8a2936f4 161 size_t i;
d22ef0bc 162
8a2936f4
JH		 163 for (i = 0; i < len; i++)
164 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 165}
166
06edf8de
JH		 167/* The following functions map to the LE SC SMP crypto functions
168 * AES-CMAC, f4, f5, f6, g2 and h6.
169 */
170
71af2f6b 171static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
cbbbe3e2
JH		 172 size_t len, u8 mac[16])
173{
174 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
71af2f6b 175 SHASH_DESC_ON_STACK(desc, tfm);
cbbbe3e2
JH		 176 int err;
177
178 if (len > CMAC_MSG_MAX)
179 return -EFBIG;
180
181 if (!tfm) {
182 BT_ERR("tfm %p", tfm);
183 return -EINVAL;
184 }
185
71af2f6b
HX		 186 desc->tfm = tfm;
187 desc->flags = 0;
cbbbe3e2
JH		 188
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
192
c7a3d57d
JH		 193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
cbbbe3e2 195
71af2f6b 196 err = crypto_shash_setkey(tfm, tmp, 16);
cbbbe3e2
JH		 197 if (err) {
198 BT_ERR("cipher setkey failed: %d", err);
199 return err;
200 }
201
71af2f6b
HX		 202 err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
203 shash_desc_zero(desc);
cbbbe3e2 204 if (err) {
71af2f6b 205 BT_ERR("Hash computation error %d", err);
cbbbe3e2
JH		 206 return err;
207 }
208
209 swap_buf(mac_msb, mac, 16);
210
c7a3d57d 211 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 212
213 return 0;
214}
215
71af2f6b
HX		 216static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
217 const u8 v[32], const u8 x[16], u8 z, u8 res[16])
cbbbe3e2
JH		 218{
219 u8 m[65];
220 int err;
221
c7a3d57d
JH		 222 SMP_DBG("u %32phN", u);
223 SMP_DBG("v %32phN", v);
224 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 225
226 m[0] = z;
227 memcpy(m + 1, v, 32);
228 memcpy(m + 33, u, 32);
229
230 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
231 if (err)
232 return err;
233
c7a3d57d 234 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 235
236 return err;
237}
238
71af2f6b 239static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
4da50de8
JH		 240 const u8 n1[16], const u8 n2[16], const u8 a1[7],
241 const u8 a2[7], u8 mackey[16], u8 ltk[16])
760b018b
JH		 242{
243 /* The btle, salt and length "magic" values are as defined in
244 * the SMP section of the Bluetooth core specification. In ASCII
245 * the btle value ends up being 'btle'. The salt is just a
246 * random number whereas length is the value 256 in little
247 * endian format.
248 */
249 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
250 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
251 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
252 const u8 length[2] = { 0x00, 0x01 };
253 u8 m[53], t[16];
254 int err;
255
c7a3d57d
JH		 256 SMP_DBG("w %32phN", w);
257 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
258 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 259
260 err = aes_cmac(tfm_cmac, salt, w, 32, t);
261 if (err)
262 return err;
263
c7a3d57d 264 SMP_DBG("t %16phN", t);
760b018b
JH		 265
266 memcpy(m, length, 2);
267 memcpy(m + 2, a2, 7);
268 memcpy(m + 9, a1, 7);
269 memcpy(m + 16, n2, 16);
270 memcpy(m + 32, n1, 16);
271 memcpy(m + 48, btle, 4);
272
273 m[52] = 0; /* Counter */
274
275 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
276 if (err)
277 return err;
278
c7a3d57d 279 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 280
281 m[52] = 1; /* Counter */
282
283 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
284 if (err)
285 return err;
286
c7a3d57d 287 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 288
289 return 0;
290}
291
71af2f6b 292static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
4da50de8 293 const u8 n1[16], const u8 n2[16], const u8 r[16],
760b018b
JH		 294 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
295 u8 res[16])
296{
297 u8 m[65];
298 int err;
299
c7a3d57d
JH		 300 SMP_DBG("w %16phN", w);
301 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
302 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 303
304 memcpy(m, a2, 7);
305 memcpy(m + 7, a1, 7);
306 memcpy(m + 14, io_cap, 3);
307 memcpy(m + 17, r, 16);
308 memcpy(m + 33, n2, 16);
309 memcpy(m + 49, n1, 16);
310
311 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
312 if (err)
313 return err;
314
203de21b 315 SMP_DBG("res %16phN", res);
760b018b
JH		 316
317 return err;
318}
319
71af2f6b 320static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
191dc7fe
JH		 321 const u8 x[16], const u8 y[16], u32 *val)
322{
323 u8 m[80], tmp[16];
324 int err;
325
c7a3d57d
JH		 326 SMP_DBG("u %32phN", u);
327 SMP_DBG("v %32phN", v);
328 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 329
330 memcpy(m, y, 16);
331 memcpy(m + 16, v, 32);
332 memcpy(m + 48, u, 32);
333
334 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
335 if (err)
336 return err;
337
338 *val = get_unaligned_le32(tmp);
339 *val %= 1000000;
340
c7a3d57d 341 SMP_DBG("val %06u", *val);
191dc7fe
JH		 342
343 return 0;
344}
345
71af2f6b 346static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
06edf8de
JH		 347 const u8 key_id[4], u8 res[16])
348{
349 int err;
350
351 SMP_DBG("w %16phN key_id %4phN", w, key_id);
352
353 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
354 if (err)
355 return err;
356
357 SMP_DBG("res %16phN", res);
358
359 return err;
360}
361
a62da6f1
JH		 362static int smp_h7(struct crypto_shash *tfm_cmac, const u8 w[16],
363 const u8 salt[16], u8 res[16])
364{
365 int err;
366
367 SMP_DBG("w %16phN salt %16phN", w, salt);
368
369 err = aes_cmac(tfm_cmac, salt, w, 16, res);
370 if (err)
371 return err;
372
373 SMP_DBG("res %16phN", res);
374
375 return err;
376}
377
06edf8de
JH		 378/* The following functions map to the legacy SMP crypto functions e, c1,
379 * s1 and ah.
380 */
381
a4770e11 382static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
d22ef0bc 383{
943a732a 384 uint8_t tmp[16], data[16];
201a5929 385 int err;
d22ef0bc 386
011c391a
JH		 387 SMP_DBG("k %16phN r %16phN", k, r);
388
7f376cd6 389 if (!tfm) {
d22ef0bc
AB		 390 BT_ERR("tfm %p", tfm);
391 return -EINVAL;
392 }
393
943a732a 394 /* The most significant octet of key corresponds to k[0] */
8a2936f4 395 swap_buf(k, tmp, 16);
943a732a 396
a4770e11 397 err = crypto_cipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 398 if (err) {
399 BT_ERR("cipher setkey failed: %d", err);
400 return err;
401 }
402
943a732a 403 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 404 swap_buf(r, data, 16);
943a732a 405
a4770e11 406 crypto_cipher_encrypt_one(tfm, data, data);
d22ef0bc 407
943a732a 408 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 409 swap_buf(data, r, 16);
943a732a 410
011c391a
JH		 411 SMP_DBG("r %16phN", r);
412
d22ef0bc
AB		 413 return err;
414}
415
a4770e11 416static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
06edf8de
JH		 417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 419{
06edf8de 420 u8 p1[16], p2[16];
6a77083a
JH		 421 int err;
422
011c391a
JH		 423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
426
06edf8de 427 memset(p1, 0, 16);
6a77083a 428
06edf8de
JH		 429 /* p1 = pres || preq || _rat || _iat */
430 p1[0] = _iat;
431 p1[1] = _rat;
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
434
011c391a 435 SMP_DBG("p1 %16phN", p1);
06edf8de
JH		 436
437 /* res = r XOR p1 */
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
439
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
442 if (err) {
443 BT_ERR("Encrypt data error");
6a77083a 444 return err;
06edf8de 445 }
6a77083a 446
011c391a
JH		 447 /* p2 = padding || ia || ra */
448 memcpy(p2, ra, 6);
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
451
452 SMP_DBG("p2 %16phN", p2);
453
06edf8de
JH		 454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
456
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
459 if (err)
460 BT_ERR("Encrypt data error");
461
462 return err;
463}
464
a4770e11 465static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
06edf8de
JH		 466 const u8 r1[16], const u8 r2[16], u8 _r[16])
467{
468 int err;
469
470 /* Just least significant octets from r1 and r2 are considered */
471 memcpy(_r, r2, 8);
472 memcpy(_r + 8, r1, 8);
473
474 err = smp_e(tfm_aes, k, _r);
475 if (err)
476 BT_ERR("Encrypt data error");
6a77083a
JH		 477
478 return err;
479}
480
a4770e11 481static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
cd082797 482 const u8 r[3], u8 res[3])
60478054 483{
943a732a 484 u8 _res[16];
60478054
JH		 485 int err;
486
487 /* r' = padding || r */
943a732a
JH		 488 memcpy(_res, r, 3);
489 memset(_res + 3, 0, 13);
60478054 490
943a732a 491 err = smp_e(tfm, irk, _res);
60478054
JH		 492 if (err) {
493 BT_ERR("Encrypt error");
494 return err;
495 }
496
497 /* The output of the random address function ah is:
c5080d42 498 * ah(k, r) = e(k, r') mod 2^24
60478054
JH		 499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
501 * result of ah.
502 */
943a732a 503 memcpy(res, _res, 3);
60478054
JH		 504
505 return 0;
506}
507
cd082797
JH		 508bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
60478054 510{
defce9e8 511 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 512 struct smp_dev *smp;
60478054
JH		 513 u8 hash[3];
514 int err;
515
defce9e8
JH		 516 if (!chan || !chan->data)
517 return false;
518
88a479d9 519 smp = chan->data;
defce9e8 520
60478054
JH		 521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
522
88a479d9 523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
60478054
JH		 524 if (err)
525 return false;
526
329d8230 527 return !crypto_memneq(bdaddr->b, hash, 3);
60478054
JH		 528}
529
cd082797 530int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 531{
defce9e8 532 struct l2cap_chan *chan = hdev->smp_data;
88a479d9 533 struct smp_dev *smp;
b1e2b3ae
JH		 534 int err;
535
defce9e8
JH		 536 if (!chan || !chan->data)
537 return -EOPNOTSUPP;
538
88a479d9 539 smp = chan->data;
defce9e8 540
b1e2b3ae
JH		 541 get_random_bytes(&rpa->b[3], 3);
542
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
545
88a479d9 546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
b1e2b3ae
JH		 547 if (err < 0)
548 return err;
549
550 BT_DBG("RPA %pMR", rpa);
551
552 return 0;
553}
554
60a27d65
MH		 555int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
556{
557 struct l2cap_chan *chan = hdev->smp_data;
558 struct smp_dev *smp;
559 int err;
560
561 if (!chan || !chan->data)
562 return -EOPNOTSUPP;
563
564 smp = chan->data;
565
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
571 } else {
572 while (true) {
71653eb6
MH		 573 /* Seed private key with random number */
574 get_random_bytes(smp->local_sk, 32);
575
60a27d65 576 /* Generate local key pair for Secure Connections */
58771c1c 577 if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
60a27d65
MH		 578 return -EIO;
579
580 /* This is unlikely, but we need to check that
581 * we didn't accidentially generate a debug key.
582 */
329d8230 583 if (crypto_memneq(smp->local_sk, debug_sk, 32))
60a27d65
MH		 584 break;
585 }
586 smp->debug_key = false;
587 }
588
589 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
590 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
591 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
592
fb334fee 593 get_random_bytes(smp->local_rand, 16);
60a27d65
MH		 594
595 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
fb334fee 596 smp->local_rand, 0, hash);
60a27d65
MH		 597 if (err < 0)
598 return err;
599
fb334fee 600 memcpy(rand, smp->local_rand, 16);
60a27d65
MH		 601
602 return 0;
603}
604
5d88cc73 605static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 606{
5d88cc73 607 struct l2cap_chan *chan = conn->smp;
b68fda68 608 struct smp_chan *smp;
5d88cc73
JH		 609 struct kvec iv[2];
610 struct msghdr msg;
eb492e01 611
5d88cc73
JH		 612 if (!chan)
613 return;
eb492e01 614
5d88cc73 615 BT_DBG("code 0x%2.2x", code);
eb492e01 616
5d88cc73
JH		 617 iv[0].iov_base = &code;
618 iv[0].iov_len = 1;
eb492e01 619
5d88cc73
JH		 620 iv[1].iov_base = data;
621 iv[1].iov_len = len;
eb492e01 622
5d88cc73 623 memset(&msg, 0, sizeof(msg));
eb492e01 624
17836394 625 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
eb492e01 626
5d88cc73 627 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 628
b68fda68
JH		 629 if (!chan->data)
630 return;
631
632 smp = chan->data;
633
634 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 635 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 636}
637
d2eb9e10 638static u8 authreq_to_seclevel(u8 authreq)
2b64d153 639{
d2eb9e10
JH		 640 if (authreq & SMP_AUTH_MITM) {
641 if (authreq & SMP_AUTH_SC)
642 return BT_SECURITY_FIPS;
643 else
644 return BT_SECURITY_HIGH;
645 } else {
2b64d153 646 return BT_SECURITY_MEDIUM;
d2eb9e10 647 }
2b64d153
BG		 648}
649
650static __u8 seclevel_to_authreq(__u8 sec_level)
651{
652 switch (sec_level) {
d2eb9e10 653 case BT_SECURITY_FIPS:
2b64d153
BG		 654 case BT_SECURITY_HIGH:
655 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
656 case BT_SECURITY_MEDIUM:
657 return SMP_AUTH_BONDING;
658 default:
659 return SMP_AUTH_NONE;
660 }
661}
662
b8e66eac 663static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 664 struct smp_cmd_pairing *req,
665 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 666{
5d88cc73
JH		 667 struct l2cap_chan *chan = conn->smp;
668 struct smp_chan *smp = chan->data;
fd349c02
JH		 669 struct hci_conn *hcon = conn->hcon;
670 struct hci_dev *hdev = hcon->hdev;
02b05bd8 671 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
7ee4ea36
MH		 674 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
675 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 676 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 677 } else {
678 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 679 }
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
fd349c02
JH		 682 remote_dist |= SMP_DIST_ID_KEY;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
863efaf2
JH		 685 local_dist |= SMP_DIST_ID_KEY;
686
d7a5a11d 687 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
02b05bd8
JH		 688 (authreq & SMP_AUTH_SC)) {
689 struct oob_data *oob_data;
690 u8 bdaddr_type;
691
d7a5a11d 692 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
df8e1a4c
JH		 693 local_dist |= SMP_DIST_LINK_KEY;
694 remote_dist |= SMP_DIST_LINK_KEY;
695 }
02b05bd8
JH		 696
697 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
698 bdaddr_type = BDADDR_LE_PUBLIC;
699 else
700 bdaddr_type = BDADDR_LE_RANDOM;
701
702 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
703 bdaddr_type);
4775a4ea 704 if (oob_data && oob_data->present) {
1a8bab4f 705 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
02b05bd8 706 oob_flag = SMP_OOB_PRESENT;
a29b0733 707 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8 708 memcpy(smp->pcnf, oob_data->hash256, 16);
bc07cd69
MH		 709 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
710 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
02b05bd8
JH		 711 }
712
df8e1a4c
JH		 713 } else {
714 authreq &= ~SMP_AUTH_SC;
715 }
716
54790f73
VCG		 717 if (rsp == NULL) {
718 req->io_capability = conn->hcon->io_capability;
02b05bd8 719 req->oob_flag = oob_flag;
2fd36558 720 req->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 721 req->init_key_dist = local_dist;
722 req->resp_key_dist = remote_dist;
0edb14de 723 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 724
725 smp->remote_key_dist = remote_dist;
54790f73
VCG		 726 return;
727 }
728
729 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 730 rsp->oob_flag = oob_flag;
2fd36558 731 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
fd349c02
JH		 732 rsp->init_key_dist = req->init_key_dist & remote_dist;
733 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 734 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 735
736 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 737}
738
3158c50c
VCG		 739static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
740{
5d88cc73 741 struct l2cap_chan *chan = conn->smp;
2fd36558 742 struct hci_dev *hdev = conn->hcon->hdev;
5d88cc73 743 struct smp_chan *smp = chan->data;
1c1def09 744
2fd36558
JH		 745 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
746 max_key_size < SMP_MIN_ENC_KEY_SIZE)
3158c50c
VCG		 747 return SMP_ENC_KEY_SIZE;
748
f7aa611a 749 smp->enc_key_size = max_key_size;
3158c50c
VCG		 750
751 return 0;
752}
753
6f48e260
JH		 754static void smp_chan_destroy(struct l2cap_conn *conn)
755{
756 struct l2cap_chan *chan = conn->smp;
757 struct smp_chan *smp = chan->data;
923e2414 758 struct hci_conn *hcon = conn->hcon;
6f48e260
JH		 759 bool complete;
760
761 BUG_ON(!smp);
762
763 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 764
6f48e260 765 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
923e2414 766 mgmt_smp_complete(hcon, complete);
6f48e260 767
276812ec
MH		 768 kzfree(smp->csrk);
769 kzfree(smp->slave_csrk);
770 kzfree(smp->link_key);
6f48e260 771
a4770e11 772 crypto_free_cipher(smp->tfm_aes);
71af2f6b 773 crypto_free_shash(smp->tfm_cmac);
6f48e260 774
923e2414
JH		 775 /* Ensure that we don't leave any debug key around if debug key
776 * support hasn't been explicitly enabled.
777 */
778 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
d7a5a11d 779 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
923e2414
JH		 780 list_del_rcu(&smp->ltk->list);
781 kfree_rcu(smp->ltk, rcu);
782 smp->ltk = NULL;
783 }
784
6f48e260
JH		 785 /* If pairing failed clean up any keys we might have */
786 if (!complete) {
787 if (smp->ltk) {
970d0f1b
JH		 788 list_del_rcu(&smp->ltk->list);
789 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 790 }
791
792 if (smp->slave_ltk) {
970d0f1b
JH		 793 list_del_rcu(&smp->slave_ltk->list);
794 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 795 }
796
797 if (smp->remote_irk) {
adae20cb
JH		 798 list_del_rcu(&smp->remote_irk->list);
799 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 800 }
801 }
802
803 chan->data = NULL;
276812ec 804 kzfree(smp);
923e2414 805 hci_conn_drop(hcon);
6f48e260
JH		 806}
807
84794e11 808static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 809{
bab73cb6 810 struct hci_conn *hcon = conn->hcon;
b68fda68 811 struct l2cap_chan *chan = conn->smp;
bab73cb6 812
84794e11 813 if (reason)
4f957a76 814 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 815 &reason);
4f957a76 816
e1e930f5 817 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 818
fc75cc86 819 if (chan->data)
f1c09c07 820 smp_chan_destroy(conn);
4f957a76
BG		 821}
822
2b64d153
BG		 823#define JUST_WORKS 0x00
824#define JUST_CFM 0x01
825#define REQ_PASSKEY 0x02
826#define CFM_PASSKEY 0x03
827#define REQ_OOB 0x04
5e3d3d9b 828#define DSP_PASSKEY 0x05
2b64d153
BG		 829#define OVERLAP 0xFF
830
831static const u8 gen_method[5][5] = {
832 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
833 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
834 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
835 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
836 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
837};
838
5e3d3d9b
JH		 839static const u8 sc_method[5][5] = {
840 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
841 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
842 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
843 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
844 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
845};
846
581370cc
JH		 847static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
848{
2bcd4003
JH		 849 /* If either side has unknown io_caps, use JUST_CFM (which gets
850 * converted later to JUST_WORKS if we're initiators.
851 */
581370cc
JH		 852 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
853 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 854 return JUST_CFM;
581370cc 855
5e3d3d9b
JH		 856 if (test_bit(SMP_FLAG_SC, &smp->flags))
857 return sc_method[remote_io][local_io];
858
581370cc
JH		 859 return gen_method[remote_io][local_io];
860}
861
2b64d153
BG		 862static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
863 u8 local_io, u8 remote_io)
864{
865 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 866 struct l2cap_chan *chan = conn->smp;
867 struct smp_chan *smp = chan->data;
2b64d153
BG		 868 u32 passkey = 0;
869 int ret = 0;
870
871 /* Initialize key for JUST WORKS */
872 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 873 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 874
875 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
876
2bcd4003
JH		 877 /* If neither side wants MITM, either "just" confirm an incoming
878 * request or use just-works for outgoing ones. The JUST_CFM
879 * will be converted to JUST_WORKS if necessary later in this
880 * function. If either side has MITM look up the method from the
881 * table.
882 */
581370cc 883 if (!(auth & SMP_AUTH_MITM))
783e0574 884 smp->method = JUST_CFM;
2b64d153 885 else
783e0574 886 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 887
a82505c7 888 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 889 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
890 &smp->flags))
891 smp->method = JUST_WORKS;
a82505c7 892
02f3e254 893 /* Don't bother user space with no IO capabilities */
783e0574
JH		 894 if (smp->method == JUST_CFM &&
895 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
896 smp->method = JUST_WORKS;
02f3e254 897
2b64d153 898 /* If Just Works, Continue with Zero TK */
783e0574 899 if (smp->method == JUST_WORKS) {
4a74d658 900 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 901 return 0;
902 }
903
19c5ce9c
JH		 904 /* If this function is used for SC -> legacy fallback we
905 * can only recover the just-works case.
906 */
907 if (test_bit(SMP_FLAG_SC, &smp->flags))
908 return -EINVAL;
909
2b64d153 910 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 911 if (smp->method != JUST_CFM) {
4a74d658 912 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 913 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
914 hcon->pending_sec_level = BT_SECURITY_HIGH;
915 }
2b64d153
BG		 916
917 /* If both devices have Keyoard-Display I/O, the master
918 * Confirms and the slave Enters the passkey.
919 */
783e0574 920 if (smp->method == OVERLAP) {
40bef302 921 if (hcon->role == HCI_ROLE_MASTER)
783e0574 922 smp->method = CFM_PASSKEY;
2b64d153 923 else
783e0574 924 smp->method = REQ_PASSKEY;
2b64d153
BG		 925 }
926
01ad34d2 927 /* Generate random passkey. */
783e0574 928 if (smp->method == CFM_PASSKEY) {
943a732a 929 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 930 get_random_bytes(&passkey, sizeof(passkey));
931 passkey %= 1000000;
943a732a 932 put_unaligned_le32(passkey, smp->tk);
2b64d153 933 BT_DBG("PassKey: %d", passkey);
4a74d658 934 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 935 }
936
783e0574 937 if (smp->method == REQ_PASSKEY)
ce39fb4e 938 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 939 hcon->type, hcon->dst_type);
783e0574 940 else if (smp->method == JUST_CFM)
4eb65e66
JH		 941 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
942 hcon->type, hcon->dst_type,
943 passkey, 1);
2b64d153 944 else
01ad34d2 945 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 946 hcon->type, hcon->dst_type,
39adbffe 947 passkey, 0);
2b64d153 948
2b64d153
BG		 949 return ret;
950}
951
1cc61144 952static u8 smp_confirm(struct smp_chan *smp)
8aab4757 953{
8aab4757 954 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 955 struct smp_cmd_pairing_confirm cp;
956 int ret;
8aab4757
VCG		 957
958 BT_DBG("conn %p", conn);
959
e491eaf3 960 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 961 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 962 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
963 cp.confirm_val);
1cc61144
JH		 964 if (ret)
965 return SMP_UNSPECIFIED;
8aab4757 966
4a74d658 967 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 968
8aab4757
VCG		 969 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
970
b28b4943
JH		 971 if (conn->hcon->out)
972 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
973 else
974 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
975
1cc61144 976 return 0;
8aab4757
VCG		 977}
978
861580a9 979static u8 smp_random(struct smp_chan *smp)
8aab4757 980{
8aab4757
VCG		 981 struct l2cap_conn *conn = smp->conn;
982 struct hci_conn *hcon = conn->hcon;
861580a9 983 u8 confirm[16];
8aab4757
VCG		 984 int ret;
985
ec70f36f 986 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 987 return SMP_UNSPECIFIED;
8aab4757
VCG		 988
989 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
990
e491eaf3 991 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 992 hcon->init_addr_type, &hcon->init_addr,
943a732a 993 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 994 if (ret)
995 return SMP_UNSPECIFIED;
8aab4757 996
329d8230 997 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
8aab4757 998 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 999 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 1000 }
1001
1002 if (hcon->out) {
fe39c7b2
MH		 1003 u8 stk[16];
1004 __le64 rand = 0;
1005 __le16 ediv = 0;
8aab4757 1006
e491eaf3 1007 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 1008
861580a9
JH		 1009 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1010 return SMP_UNSPECIFIED;
8aab4757 1011
8b76ce34 1012 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
f7aa611a 1013 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 1014 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 1015 } else {
fff3490f 1016 u8 stk[16], auth;
fe39c7b2
MH		 1017 __le64 rand = 0;
1018 __le16 ediv = 0;
8aab4757 1019
943a732a
JH		 1020 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1021 smp->prnd);
8aab4757 1022
e491eaf3 1023 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 1024
fff3490f
JH		 1025 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1026 auth = 1;
1027 else
1028 auth = 0;
1029
7d5843b7
JH		 1030 /* Even though there's no _SLAVE suffix this is the
1031 * slave STK we're adding for later lookup (the master
1032 * STK never needs to be stored).
1033 */
ce39fb4e 1034 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 1035 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 1036 }
1037
861580a9 1038 return 0;
8aab4757
VCG		 1039}
1040
44f1a7ab
JH		 1041static void smp_notify_keys(struct l2cap_conn *conn)
1042{
1043 struct l2cap_chan *chan = conn->smp;
1044 struct smp_chan *smp = chan->data;
1045 struct hci_conn *hcon = conn->hcon;
1046 struct hci_dev *hdev = hcon->hdev;
1047 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1048 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1049 bool persistent;
1050
cad20c27
JH		 1051 if (hcon->type == ACL_LINK) {
1052 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1053 persistent = false;
1054 else
1055 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1056 &hcon->flags);
1057 } else {
1058 /* The LTKs, IRKs and CSRKs should be persistent only if
1059 * both sides had the bonding bit set in their
1060 * authentication requests.
1061 */
1062 persistent = !!((req->auth_req & rsp->auth_req) &
1063 SMP_AUTH_BONDING);
1064 }
1065
44f1a7ab 1066 if (smp->remote_irk) {
cad20c27
JH		 1067 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1068
44f1a7ab
JH		 1069 /* Now that user space can be considered to know the
1070 * identity address track the connection based on it
b5ae344d 1071 * from now on (assuming this is an LE link).
44f1a7ab 1072 */
b5ae344d
JH		 1073 if (hcon->type == LE_LINK) {
1074 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1075 hcon->dst_type = smp->remote_irk->addr_type;
1076 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1077 }
44f1a7ab
JH		 1078 }
1079
44f1a7ab
JH		 1080 if (smp->csrk) {
1081 smp->csrk->bdaddr_type = hcon->dst_type;
1082 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1083 mgmt_new_csrk(hdev, smp->csrk, persistent);
1084 }
1085
1086 if (smp->slave_csrk) {
1087 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1088 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1089 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1090 }
1091
1092 if (smp->ltk) {
1093 smp->ltk->bdaddr_type = hcon->dst_type;
1094 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1095 mgmt_new_ltk(hdev, smp->ltk, persistent);
1096 }
1097
1098 if (smp->slave_ltk) {
1099 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1100 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1101 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1102 }
6a77083a
JH		 1103
1104 if (smp->link_key) {
e3befab9
JH		 1105 struct link_key *key;
1106 u8 type;
1107
1108 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1109 type = HCI_LK_DEBUG_COMBINATION;
1110 else if (hcon->sec_level == BT_SECURITY_FIPS)
1111 type = HCI_LK_AUTH_COMBINATION_P256;
1112 else
1113 type = HCI_LK_UNAUTH_COMBINATION_P256;
1114
1115 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1116 smp->link_key, type, 0, &persistent);
1117 if (key) {
1118 mgmt_new_link_key(hdev, key, persistent);
1119
1120 /* Don't keep debug keys around if the relevant
1121 * flag is not set.
1122 */
d7a5a11d 1123 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
e3befab9
JH		 1124 key->type == HCI_LK_DEBUG_COMBINATION) {
1125 list_del_rcu(&key->list);
1126 kfree_rcu(key, rcu);
1127 }
1128 }
6a77083a
JH		 1129 }
1130}
1131
d3e54a87
JH		 1132static void sc_add_ltk(struct smp_chan *smp)
1133{
1134 struct hci_conn *hcon = smp->conn->hcon;
1135 u8 key_type, auth;
1136
1137 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1138 key_type = SMP_LTK_P256_DEBUG;
1139 else
1140 key_type = SMP_LTK_P256;
1141
1142 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1143 auth = 1;
1144 else
1145 auth = 0;
1146
d3e54a87
JH		 1147 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1148 key_type, auth, smp->tk, smp->enc_key_size,
1149 0, 0);
1150}
1151
6a77083a
JH		 1152static void sc_generate_link_key(struct smp_chan *smp)
1153{
a62da6f1 1154 /* From core spec. Spells out in ASCII as 'lebr'. */
6a77083a
JH		 1155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
a62da6f1
JH		 1161 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1162 /* SALT = 0x00000000000000000000000000000000746D7031 */
1163 const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1164
1165 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
1166 kzfree(smp->link_key);
1167 smp->link_key = NULL;
1168 return;
1169 }
1170 } else {
1171 /* From core spec. Spells out in ASCII as 'tmp1'. */
1172 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1173
1174 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1175 kzfree(smp->link_key);
1176 smp->link_key = NULL;
1177 return;
1178 }
6a77083a
JH		 1179 }
1180
1181 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
276812ec 1182 kzfree(smp->link_key);
6a77083a
JH		 1183 smp->link_key = NULL;
1184 return;
1185 }
44f1a7ab
JH		 1186}
1187
b28b4943
JH		 1188static void smp_allow_key_dist(struct smp_chan *smp)
1189{
1190 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1191 * will be allowed in each PDU handler to ensure we receive
1192 * them in the correct order.
1193 */
1194 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1195 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1196 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1200}
1201
b5ae344d
JH		 1202static void sc_generate_ltk(struct smp_chan *smp)
1203{
a62da6f1 1204 /* From core spec. Spells out in ASCII as 'brle'. */
b5ae344d
JH		 1205 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1206 struct hci_conn *hcon = smp->conn->hcon;
1207 struct hci_dev *hdev = hcon->hdev;
1208 struct link_key *key;
1209
1210 key = hci_find_link_key(hdev, &hcon->dst);
1211 if (!key) {
1212 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1213 return;
1214 }
1215
1216 if (key->type == HCI_LK_DEBUG_COMBINATION)
1217 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1218
a62da6f1
JH		 1219 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1220 /* SALT = 0x00000000000000000000000000000000746D7032 */
1221 const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
1222
1223 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
1224 return;
1225 } else {
1226 /* From core spec. Spells out in ASCII as 'tmp2'. */
1227 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1228
1229 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1230 return;
1231 }
b5ae344d
JH		 1232
1233 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1234 return;
1235
1236 sc_add_ltk(smp);
1237}
1238
d6268e86 1239static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1240{
1241 struct smp_cmd_pairing *req, *rsp;
86d1407c 1242 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1243 struct hci_conn *hcon = conn->hcon;
1244 struct hci_dev *hdev = hcon->hdev;
1245 __u8 *keydist;
1246
1247 BT_DBG("conn %p", conn);
1248
44f1a7ab
JH		 1249 rsp = (void *) &smp->prsp[1];
1250
1251 /* The responder sends its keys first */
b28b4943
JH		 1252 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1253 smp_allow_key_dist(smp);
86d1407c 1254 return;
b28b4943 1255 }
44f1a7ab
JH		 1256
1257 req = (void *) &smp->preq[1];
1258
1259 if (hcon->out) {
1260 keydist = &rsp->init_key_dist;
1261 *keydist &= req->init_key_dist;
1262 } else {
1263 keydist = &rsp->resp_key_dist;
1264 *keydist &= req->resp_key_dist;
1265 }
1266
6a77083a 1267 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1268 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1269 sc_generate_link_key(smp);
b5ae344d
JH		 1270 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1271 sc_generate_ltk(smp);
6a77083a
JH		 1272
1273 /* Clear the keys which are generated but not distributed */
1274 *keydist &= ~SMP_SC_NO_DIST;
1275 }
1276
44f1a7ab
JH		 1277 BT_DBG("keydist 0x%x", *keydist);
1278
1279 if (*keydist & SMP_DIST_ENC_KEY) {
1280 struct smp_cmd_encrypt_info enc;
1281 struct smp_cmd_master_ident ident;
1282 struct smp_ltk *ltk;
1283 u8 authenticated;
1284 __le16 ediv;
1285 __le64 rand;
1286
1fc62c52
JH		 1287 /* Make sure we generate only the significant amount of
1288 * bytes based on the encryption key size, and set the rest
1289 * of the value to zeroes.
1290 */
1291 get_random_bytes(enc.ltk, smp->enc_key_size);
1292 memset(enc.ltk + smp->enc_key_size, 0,
1293 sizeof(enc.ltk) - smp->enc_key_size);
1294
44f1a7ab
JH		 1295 get_random_bytes(&ediv, sizeof(ediv));
1296 get_random_bytes(&rand, sizeof(rand));
1297
1298 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1299
1300 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1301 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1302 SMP_LTK_SLAVE, authenticated, enc.ltk,
1303 smp->enc_key_size, ediv, rand);
1304 smp->slave_ltk = ltk;
1305
1306 ident.ediv = ediv;
1307 ident.rand = rand;
1308
1309 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1310
1311 *keydist &= ~SMP_DIST_ENC_KEY;
1312 }
1313
1314 if (*keydist & SMP_DIST_ID_KEY) {
1315 struct smp_cmd_ident_addr_info addrinfo;
1316 struct smp_cmd_ident_info idinfo;
1317
1318 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1319
1320 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1321
1322 /* The hci_conn contains the local identity address
1323 * after the connection has been established.
1324 *
1325 * This is true even when the connection has been
1326 * established using a resolvable random address.
1327 */
1328 bacpy(&addrinfo.bdaddr, &hcon->src);
1329 addrinfo.addr_type = hcon->src_type;
1330
1331 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1332 &addrinfo);
1333
1334 *keydist &= ~SMP_DIST_ID_KEY;
1335 }
1336
1337 if (*keydist & SMP_DIST_SIGN) {
1338 struct smp_cmd_sign_info sign;
1339 struct smp_csrk *csrk;
1340
1341 /* Generate a new random key */
1342 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1343
1344 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1345 if (csrk) {
4cd3928a
JH		 1346 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1347 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1348 else
1349 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
44f1a7ab
JH		 1350 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1351 }
1352 smp->slave_csrk = csrk;
1353
1354 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1355
1356 *keydist &= ~SMP_DIST_SIGN;
1357 }
1358
1359 /* If there are still keys to be received wait for them */
b28b4943
JH		 1360 if (smp->remote_key_dist & KEY_DIST_MASK) {
1361 smp_allow_key_dist(smp);
86d1407c 1362 return;
b28b4943 1363 }
44f1a7ab 1364
44f1a7ab
JH		 1365 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1366 smp_notify_keys(conn);
1367
1368 smp_chan_destroy(conn);
44f1a7ab
JH		 1369}
1370
b68fda68
JH		 1371static void smp_timeout(struct work_struct *work)
1372{
1373 struct smp_chan *smp = container_of(work, struct smp_chan,
1374 security_timer.work);
1375 struct l2cap_conn *conn = smp->conn;
1376
1377 BT_DBG("conn %p", conn);
1378
1e91c29e 1379 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1380}
1381
8aab4757
VCG		 1382static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1383{
5d88cc73 1384 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1385 struct smp_chan *smp;
1386
f1560463 1387 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1388 if (!smp)
8aab4757
VCG		 1389 return NULL;
1390
a4770e11 1391 smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
6a7bd103 1392 if (IS_ERR(smp->tfm_aes)) {
a4770e11 1393 BT_ERR("Unable to create AES crypto context");
276812ec 1394 kzfree(smp);
6a7bd103
JH		 1395 return NULL;
1396 }
1397
71af2f6b 1398 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
407cecf6
JH		 1399 if (IS_ERR(smp->tfm_cmac)) {
1400 BT_ERR("Unable to create CMAC crypto context");
a4770e11 1401 crypto_free_cipher(smp->tfm_aes);
276812ec 1402 kzfree(smp);
407cecf6
JH		 1403 return NULL;
1404 }
1405
8aab4757 1406 smp->conn = conn;
5d88cc73 1407 chan->data = smp;
8aab4757 1408
b28b4943
JH		 1409 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1410
b68fda68
JH		 1411 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1412
8aab4757
VCG		 1413 hci_conn_hold(conn->hcon);
1414
1415 return smp;
1416}
1417
760b018b
JH		 1418static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1419{
1420 struct hci_conn *hcon = smp->conn->hcon;
1421 u8 *na, *nb, a[7], b[7];
1422
1423 if (hcon->out) {
1424 na = smp->prnd;
1425 nb = smp->rrnd;
1426 } else {
1427 na = smp->rrnd;
1428 nb = smp->prnd;
1429 }
1430
1431 memcpy(a, &hcon->init_addr, 6);
1432 memcpy(b, &hcon->resp_addr, 6);
1433 a[6] = hcon->init_addr_type;
1434 b[6] = hcon->resp_addr_type;
1435
1436 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1437}
1438
38606f14 1439static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1440{
1441 struct hci_conn *hcon = smp->conn->hcon;
1442 struct smp_cmd_dhkey_check check;
1443 u8 a[7], b[7], *local_addr, *remote_addr;
1444 u8 io_cap[3], r[16];
1445
760b018b
JH		 1446 memcpy(a, &hcon->init_addr, 6);
1447 memcpy(b, &hcon->resp_addr, 6);
1448 a[6] = hcon->init_addr_type;
1449 b[6] = hcon->resp_addr_type;
1450
1451 if (hcon->out) {
1452 local_addr = a;
1453 remote_addr = b;
1454 memcpy(io_cap, &smp->preq[1], 3);
1455 } else {
1456 local_addr = b;
1457 remote_addr = a;
1458 memcpy(io_cap, &smp->prsp[1], 3);
1459 }
1460
dddd3059
JH		 1461 memset(r, 0, sizeof(r));
1462
1463 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1464 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1465
a29b0733
JH		 1466 if (smp->method == REQ_OOB)
1467 memcpy(r, smp->rr, 16);
1468
760b018b
JH		 1469 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1470 local_addr, remote_addr, check.e);
1471
1472 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1473}
1474
38606f14
JH		 1475static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1476{
1477 struct l2cap_conn *conn = smp->conn;
1478 struct hci_conn *hcon = conn->hcon;
1479 struct smp_cmd_pairing_confirm cfm;
1480 u8 r;
1481
1482 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1483 r |= 0x80;
1484
1485 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1486
1487 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1488 cfm.confirm_val))
1489 return SMP_UNSPECIFIED;
1490
1491 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1492
1493 return 0;
1494}
1495
1496static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1497{
1498 struct l2cap_conn *conn = smp->conn;
1499 struct hci_conn *hcon = conn->hcon;
1500 struct hci_dev *hdev = hcon->hdev;
1501 u8 cfm[16], r;
1502
1503 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1504 if (smp->passkey_round >= 20)
1505 return 0;
1506
1507 switch (smp_op) {
1508 case SMP_CMD_PAIRING_RANDOM:
1509 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1510 r |= 0x80;
1511
1512 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1513 smp->rrnd, r, cfm))
1514 return SMP_UNSPECIFIED;
1515
329d8230 1516 if (crypto_memneq(smp->pcnf, cfm, 16))
38606f14
JH		 1517 return SMP_CONFIRM_FAILED;
1518
1519 smp->passkey_round++;
1520
1521 if (smp->passkey_round == 20) {
1522 /* Generate MacKey and LTK */
1523 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1524 return SMP_UNSPECIFIED;
1525 }
1526
1527 /* The round is only complete when the initiator
1528 * receives pairing random.
1529 */
1530 if (!hcon->out) {
1531 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1532 sizeof(smp->prnd), smp->prnd);
d3e54a87 1533 if (smp->passkey_round == 20)
38606f14 1534 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1535 else
38606f14 1536 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1537 return 0;
1538 }
1539
1540 /* Start the next round */
1541 if (smp->passkey_round != 20)
1542 return sc_passkey_round(smp, 0);
1543
1544 /* Passkey rounds are complete - start DHKey Check */
1545 sc_dhkey_check(smp);
1546 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1547
1548 break;
1549
1550 case SMP_CMD_PAIRING_CONFIRM:
1551 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1552 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1553 return 0;
1554 }
1555
1556 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1557
1558 if (hcon->out) {
1559 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1560 sizeof(smp->prnd), smp->prnd);
1561 return 0;
1562 }
1563
1564 return sc_passkey_send_confirm(smp);
1565
1566 case SMP_CMD_PUBLIC_KEY:
1567 default:
1568 /* Initiating device starts the round */
1569 if (!hcon->out)
1570 return 0;
1571
1572 BT_DBG("%s Starting passkey round %u", hdev->name,
1573 smp->passkey_round + 1);
1574
1575 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1576
1577 return sc_passkey_send_confirm(smp);
1578 }
1579
1580 return 0;
1581}
1582
dddd3059
JH		 1583static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1584{
38606f14
JH		 1585 struct l2cap_conn *conn = smp->conn;
1586 struct hci_conn *hcon = conn->hcon;
1587 u8 smp_op;
1588
1589 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1590
dddd3059
JH		 1591 switch (mgmt_op) {
1592 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1593 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1594 return 0;
1595 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1596 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1597 return 0;
38606f14
JH		 1598 case MGMT_OP_USER_PASSKEY_REPLY:
1599 hcon->passkey_notify = le32_to_cpu(passkey);
1600 smp->passkey_round = 0;
1601
1602 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1603 smp_op = SMP_CMD_PAIRING_CONFIRM;
1604 else
1605 smp_op = 0;
1606
1607 if (sc_passkey_round(smp, smp_op))
1608 return -EIO;
1609
1610 return 0;
dddd3059
JH		 1611 }
1612
d3e54a87
JH		 1613 /* Initiator sends DHKey check first */
1614 if (hcon->out) {
1615 sc_dhkey_check(smp);
1616 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1617 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1618 sc_dhkey_check(smp);
1619 sc_add_ltk(smp);
1620 }
760b018b
JH		 1621
1622 return 0;
1623}
1624
2b64d153
BG		 1625int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1626{
b10e8017 1627 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1628 struct l2cap_chan *chan;
2b64d153
BG		 1629 struct smp_chan *smp;
1630 u32 value;
fc75cc86 1631 int err;
2b64d153
BG		 1632
1633 BT_DBG("");
1634
fc75cc86 1635 if (!conn)
2b64d153
BG		 1636 return -ENOTCONN;
1637
5d88cc73
JH		 1638 chan = conn->smp;
1639 if (!chan)
1640 return -ENOTCONN;
1641
fc75cc86
JH		 1642 l2cap_chan_lock(chan);
1643 if (!chan->data) {
1644 err = -ENOTCONN;
1645 goto unlock;
1646 }
1647
5d88cc73 1648 smp = chan->data;
2b64d153 1649
760b018b
JH		 1650 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1651 err = sc_user_reply(smp, mgmt_op, passkey);
1652 goto unlock;
1653 }
1654
2b64d153
BG		 1655 switch (mgmt_op) {
1656 case MGMT_OP_USER_PASSKEY_REPLY:
1657 value = le32_to_cpu(passkey);
943a732a 1658 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1659 BT_DBG("PassKey: %d", value);
943a732a 1660 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1661 /* Fall Through */
1662 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1663 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1664 break;
1665 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1666 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1667 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1668 err = 0;
1669 goto unlock;
2b64d153 1670 default:
84794e11 1671 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1672 err = -EOPNOTSUPP;
1673 goto unlock;
2b64d153
BG		 1674 }
1675
fc75cc86
JH		 1676 err = 0;
1677
2b64d153 1678 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1679 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1680 u8 rsp = smp_confirm(smp);
1681 if (rsp)
1682 smp_failure(conn, rsp);
1683 }
2b64d153 1684
fc75cc86
JH		 1685unlock:
1686 l2cap_chan_unlock(chan);
1687 return err;
2b64d153
BG		 1688}
1689
b5ae344d
JH		 1690static void build_bredr_pairing_cmd(struct smp_chan *smp,
1691 struct smp_cmd_pairing *req,
1692 struct smp_cmd_pairing *rsp)
1693{
1694 struct l2cap_conn *conn = smp->conn;
1695 struct hci_dev *hdev = conn->hcon->hdev;
1696 u8 local_dist = 0, remote_dist = 0;
1697
d7a5a11d 1698 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
b5ae344d
JH		 1699 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1700 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1701 }
1702
d7a5a11d 1703 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
b5ae344d
JH		 1704 remote_dist |= SMP_DIST_ID_KEY;
1705
d7a5a11d 1706 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
b5ae344d
JH		 1707 local_dist |= SMP_DIST_ID_KEY;
1708
1709 if (!rsp) {
1710 memset(req, 0, sizeof(*req));
1711
a62da6f1 1712 req->auth_req = SMP_AUTH_CT2;
b5ae344d
JH		 1713 req->init_key_dist = local_dist;
1714 req->resp_key_dist = remote_dist;
e3f6a257 1715 req->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1716
1717 smp->remote_key_dist = remote_dist;
1718
1719 return;
1720 }
1721
1722 memset(rsp, 0, sizeof(*rsp));
1723
a62da6f1 1724 rsp->auth_req = SMP_AUTH_CT2;
e3f6a257 1725 rsp->max_key_size = conn->hcon->enc_key_size;
b5ae344d
JH		 1726 rsp->init_key_dist = req->init_key_dist & remote_dist;
1727 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1728
1729 smp->remote_key_dist = rsp->init_key_dist;
1730}
1731
da85e5e5 1732static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1733{
3158c50c 1734 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1735 struct l2cap_chan *chan = conn->smp;
b3c6410b 1736 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1737 struct smp_chan *smp;
c7262e71 1738 u8 key_size, auth, sec_level;
8aab4757 1739 int ret;
88ba43b6
AB		 1740
1741 BT_DBG("conn %p", conn);
1742
c46b98be 1743 if (skb->len < sizeof(*req))
38e4a915 1744 return SMP_INVALID_PARAMS;
c46b98be 1745
40bef302 1746 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1747 return SMP_CMD_NOTSUPP;
1748
fc75cc86 1749 if (!chan->data)
8aab4757 1750 smp = smp_chan_create(conn);
fc75cc86 1751 else
5d88cc73 1752 smp = chan->data;
8aab4757 1753
d08fd0e7
AE		 1754 if (!smp)
1755 return SMP_UNSPECIFIED;
d26a2345 1756
c05b9339 1757 /* We didn't start the pairing, so match remote */
0edb14de 1758 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1759
d7a5a11d 1760 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 1761 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1762 return SMP_PAIRING_NOTSUPP;
1763
d7a5a11d 1764 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1765 return SMP_AUTH_REQUIREMENTS;
1766
1c1def09
VCG		 1767 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1768 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1769 skb_pull(skb, sizeof(*req));
88ba43b6 1770
cb06d366
JH		 1771 /* If the remote side's OOB flag is set it means it has
1772 * successfully received our local OOB data - therefore set the
1773 * flag to indicate that local OOB is in use.
1774 */
58428563
JH		 1775 if (req->oob_flag == SMP_OOB_PRESENT)
1776 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1777
b5ae344d
JH		 1778 /* SMP over BR/EDR requires special treatment */
1779 if (conn->hcon->type == ACL_LINK) {
1780 /* We must have a BR/EDR SC link */
08f63cc5 1781 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
b7cb93e5 1782 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 1783 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1784
1785 set_bit(SMP_FLAG_SC, &smp->flags);
1786
1787 build_bredr_pairing_cmd(smp, req, &rsp);
1788
a62da6f1
JH		 1789 if (req->auth_req & SMP_AUTH_CT2)
1790 set_bit(SMP_FLAG_CT2, &smp->flags);
1791
b5ae344d
JH		 1792 key_size = min(req->max_key_size, rsp.max_key_size);
1793 if (check_enc_key_size(conn, key_size))
1794 return SMP_ENC_KEY_SIZE;
1795
1796 /* Clear bits which are generated but not distributed */
1797 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1798
1799 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1800 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1801 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1802
1803 smp_distribute_keys(smp);
1804 return 0;
1805 }
1806
5e3d3d9b
JH		 1807 build_pairing_cmd(conn, req, &rsp, auth);
1808
a62da6f1 1809 if (rsp.auth_req & SMP_AUTH_SC) {
5e3d3d9b
JH		 1810 set_bit(SMP_FLAG_SC, &smp->flags);
1811
a62da6f1
JH		 1812 if (rsp.auth_req & SMP_AUTH_CT2)
1813 set_bit(SMP_FLAG_CT2, &smp->flags);
1814 }
1815
5be5e275 1816 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1817 sec_level = BT_SECURITY_MEDIUM;
1818 else
1819 sec_level = authreq_to_seclevel(auth);
1820
c7262e71
JH		 1821 if (sec_level > conn->hcon->pending_sec_level)
1822 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1823
49c922bb 1824 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1825 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1826 u8 method;
1827
1828 method = get_auth_method(smp, conn->hcon->io_capability,
1829 req->io_capability);
1830 if (method == JUST_WORKS || method == JUST_CFM)
1831 return SMP_AUTH_REQUIREMENTS;
1832 }
1833
3158c50c
VCG		 1834 key_size = min(req->max_key_size, rsp.max_key_size);
1835 if (check_enc_key_size(conn, key_size))
1836 return SMP_ENC_KEY_SIZE;
88ba43b6 1837
e84a6b13 1838 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1839
1c1def09
VCG		 1840 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1841 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1842
3158c50c 1843 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1844
1845 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1846
19c5ce9c
JH		 1847 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1848 * SC case, however some implementations incorrectly copy RFU auth
1849 * req bits from our security request, which may create a false
1850 * positive SC enablement.
1851 */
1852 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1853
3b19146d
JH		 1854 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1855 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1856 /* Clear bits which are generated but not distributed */
1857 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1858 /* Wait for Public Key from Initiating Device */
1859 return 0;
3b19146d 1860 }
da85e5e5 1861
2b64d153
BG		 1862 /* Request setup of TK */
1863 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1864 if (ret)
1865 return SMP_UNSPECIFIED;
1866
da85e5e5 1867 return 0;
88ba43b6
AB		 1868}
1869
3b19146d
JH		 1870static u8 sc_send_public_key(struct smp_chan *smp)
1871{
70157ef5
JH		 1872 struct hci_dev *hdev = smp->conn->hcon->hdev;
1873
3b19146d
JH		 1874 BT_DBG("");
1875
1a8bab4f 1876 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
33d0c030
MH		 1877 struct l2cap_chan *chan = hdev->smp_data;
1878 struct smp_dev *smp_dev;
1879
1880 if (!chan || !chan->data)
1881 return SMP_UNSPECIFIED;
1882
1883 smp_dev = chan->data;
1884
1885 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1886 memcpy(smp->local_sk, smp_dev->local_sk, 32);
fb334fee 1887 memcpy(smp->lr, smp_dev->local_rand, 16);
33d0c030
MH		 1888
1889 if (smp_dev->debug_key)
1890 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1891
1892 goto done;
1893 }
1894
d7a5a11d 1895 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
70157ef5
JH		 1896 BT_DBG("Using debug keys");
1897 memcpy(smp->local_pk, debug_pk, 64);
1898 memcpy(smp->local_sk, debug_sk, 32);
1899 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1900 } else {
1901 while (true) {
71653eb6
MH		 1902 /* Seed private key with random number */
1903 get_random_bytes(smp->local_sk, 32);
1904
70157ef5 1905 /* Generate local key pair for Secure Connections */
58771c1c 1906 if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
70157ef5 1907 return SMP_UNSPECIFIED;
6c0dcc50 1908
70157ef5
JH		 1909 /* This is unlikely, but we need to check that
1910 * we didn't accidentially generate a debug key.
1911 */
329d8230 1912 if (crypto_memneq(smp->local_sk, debug_sk, 32))
70157ef5
JH		 1913 break;
1914 }
6c0dcc50 1915 }
3b19146d 1916
33d0c030 1917done:
c7a3d57d 1918 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
8e4e2ee5 1919 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
c7a3d57d 1920 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1921
1922 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1923
1924 return 0;
1925}
1926
da85e5e5 1927static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1928{
3158c50c 1929 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1930 struct l2cap_chan *chan = conn->smp;
1931 struct smp_chan *smp = chan->data;
0edb14de 1932 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1933 u8 key_size, auth;
7d24ddcc 1934 int ret;
88ba43b6
AB		 1935
1936 BT_DBG("conn %p", conn);
1937
c46b98be 1938 if (skb->len < sizeof(*rsp))
38e4a915 1939 return SMP_INVALID_PARAMS;
c46b98be 1940
40bef302 1941 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1942 return SMP_CMD_NOTSUPP;
1943
3158c50c
VCG		 1944 skb_pull(skb, sizeof(*rsp));
1945
1c1def09 1946 req = (void *) &smp->preq[1];
da85e5e5 1947
3158c50c
VCG		 1948 key_size = min(req->max_key_size, rsp->max_key_size);
1949 if (check_enc_key_size(conn, key_size))
1950 return SMP_ENC_KEY_SIZE;
1951
0edb14de 1952 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1953
d7a5a11d 1954 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 1955 return SMP_AUTH_REQUIREMENTS;
1956
cb06d366
JH		 1957 /* If the remote side's OOB flag is set it means it has
1958 * successfully received our local OOB data - therefore set the
1959 * flag to indicate that local OOB is in use.
1960 */
58428563
JH		 1961 if (rsp->oob_flag == SMP_OOB_PRESENT)
1962 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1963
b5ae344d
JH		 1964 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1965 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1966
1967 /* Update remote key distribution in case the remote cleared
1968 * some bits that we had enabled in our request.
1969 */
1970 smp->remote_key_dist &= rsp->resp_key_dist;
1971
a62da6f1
JH		 1972 if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2))
1973 set_bit(SMP_FLAG_CT2, &smp->flags);
1974
b5ae344d
JH		 1975 /* For BR/EDR this means we're done and can start phase 3 */
1976 if (conn->hcon->type == ACL_LINK) {
1977 /* Clear bits which are generated but not distributed */
1978 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1979 smp_distribute_keys(smp);
1980 return 0;
1981 }
1982
65668776
JH		 1983 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1984 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1985 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1986 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1987
49c922bb 1988 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1989 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1990 u8 method;
1991
1992 method = get_auth_method(smp, req->io_capability,
1993 rsp->io_capability);
1994 if (method == JUST_WORKS || method == JUST_CFM)
1995 return SMP_AUTH_REQUIREMENTS;
1996 }
1997
e84a6b13 1998 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1999
fdcc4bec
JH		 2000 /* Update remote key distribution in case the remote cleared
2001 * some bits that we had enabled in our request.
2002 */
2003 smp->remote_key_dist &= rsp->resp_key_dist;
2004
3b19146d
JH		 2005 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2006 /* Clear bits which are generated but not distributed */
2007 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
2008 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
2009 return sc_send_public_key(smp);
2010 }
2011
c05b9339 2012 auth |= req->auth_req;
2b64d153 2013
476585ec 2014 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 2015 if (ret)
2016 return SMP_UNSPECIFIED;
2017
4a74d658 2018 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 2019
2020 /* Can't compose response until we have been confirmed */
4a74d658 2021 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2022 return smp_confirm(smp);
da85e5e5
VCG		 2023
2024 return 0;
88ba43b6
AB		 2025}
2026
dcee2b32
JH		 2027static u8 sc_check_confirm(struct smp_chan *smp)
2028{
2029 struct l2cap_conn *conn = smp->conn;
2030
2031 BT_DBG("");
2032
38606f14
JH		 2033 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2034 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2035
dcee2b32
JH		 2036 if (conn->hcon->out) {
2037 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2038 smp->prnd);
2039 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2040 }
2041
2042 return 0;
2043}
2044
19c5ce9c
JH		 2045/* Work-around for some implementations that incorrectly copy RFU bits
2046 * from our security request and thereby create the impression that
2047 * we're doing SC when in fact the remote doesn't support it.
2048 */
2049static int fixup_sc_false_positive(struct smp_chan *smp)
2050{
2051 struct l2cap_conn *conn = smp->conn;
2052 struct hci_conn *hcon = conn->hcon;
2053 struct hci_dev *hdev = hcon->hdev;
2054 struct smp_cmd_pairing *req, *rsp;
2055 u8 auth;
2056
2057 /* The issue is only observed when we're in slave role */
2058 if (hcon->out)
2059 return SMP_UNSPECIFIED;
2060
2061 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2062 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2063 return SMP_UNSPECIFIED;
2064 }
2065
2066 BT_ERR("Trying to fall back to legacy SMP");
2067
2068 req = (void *) &smp->preq[1];
2069 rsp = (void *) &smp->prsp[1];
2070
2071 /* Rebuild key dist flags which may have been cleared for SC */
2072 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2073
2074 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2075
2076 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2077 BT_ERR("Failed to fall back to legacy SMP");
2078 return SMP_UNSPECIFIED;
2079 }
2080
2081 clear_bit(SMP_FLAG_SC, &smp->flags);
2082
2083 return 0;
2084}
2085
da85e5e5 2086static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2087{
5d88cc73
JH		 2088 struct l2cap_chan *chan = conn->smp;
2089 struct smp_chan *smp = chan->data;
7d24ddcc 2090
88ba43b6
AB		 2091 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2092
c46b98be 2093 if (skb->len < sizeof(smp->pcnf))
38e4a915 2094 return SMP_INVALID_PARAMS;
c46b98be 2095
1c1def09
VCG		 2096 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2097 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 2098
19c5ce9c
JH		 2099 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2100 int ret;
2101
2102 /* Public Key exchange must happen before any other steps */
2103 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2104 return sc_check_confirm(smp);
2105
2106 BT_ERR("Unexpected SMP Pairing Confirm");
2107
2108 ret = fixup_sc_false_positive(smp);
2109 if (ret)
2110 return ret;
2111 }
dcee2b32 2112
b28b4943 2113 if (conn->hcon->out) {
943a732a
JH		 2114 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2115 smp->prnd);
b28b4943
JH		 2116 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2117 return 0;
2118 }
2119
2120 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 2121 return smp_confirm(smp);
983f9814
MH		 2122
2123 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 2124
2125 return 0;
88ba43b6
AB		 2126}
2127
da85e5e5 2128static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 2129{
5d88cc73
JH		 2130 struct l2cap_chan *chan = conn->smp;
2131 struct smp_chan *smp = chan->data;
191dc7fe
JH		 2132 struct hci_conn *hcon = conn->hcon;
2133 u8 *pkax, *pkbx, *na, *nb;
2134 u32 passkey;
2135 int err;
7d24ddcc 2136
8aab4757 2137 BT_DBG("conn %p", conn);
3158c50c 2138
c46b98be 2139 if (skb->len < sizeof(smp->rrnd))
38e4a915 2140 return SMP_INVALID_PARAMS;
c46b98be 2141
943a732a 2142 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 2143 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 2144
191dc7fe
JH		 2145 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2146 return smp_random(smp);
2147
580039e8
JH		 2148 if (hcon->out) {
2149 pkax = smp->local_pk;
2150 pkbx = smp->remote_pk;
2151 na = smp->prnd;
2152 nb = smp->rrnd;
2153 } else {
2154 pkax = smp->remote_pk;
2155 pkbx = smp->local_pk;
2156 na = smp->rrnd;
2157 nb = smp->prnd;
2158 }
2159
a29b0733
JH		 2160 if (smp->method == REQ_OOB) {
2161 if (!hcon->out)
2162 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2163 sizeof(smp->prnd), smp->prnd);
2164 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2165 goto mackey_and_ltk;
2166 }
2167
38606f14
JH		 2168 /* Passkey entry has special treatment */
2169 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2170 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2171
191dc7fe
JH		 2172 if (hcon->out) {
2173 u8 cfm[16];
2174
2175 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2176 smp->rrnd, 0, cfm);
2177 if (err)
2178 return SMP_UNSPECIFIED;
2179
329d8230 2180 if (crypto_memneq(smp->pcnf, cfm, 16))
191dc7fe 2181 return SMP_CONFIRM_FAILED;
191dc7fe
JH		 2182 } else {
2183 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2184 smp->prnd);
2185 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
191dc7fe
JH		 2186 }
2187
a29b0733 2188mackey_and_ltk:
760b018b
JH		 2189 /* Generate MacKey and LTK */
2190 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2191 if (err)
2192 return SMP_UNSPECIFIED;
2193
a29b0733 2194 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 2195 if (hcon->out) {
38606f14 2196 sc_dhkey_check(smp);
dddd3059
JH		 2197 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2198 }
2199 return 0;
2200 }
2201
38606f14
JH		 2202 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2203 if (err)
2204 return SMP_UNSPECIFIED;
2205
2206 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2207 hcon->dst_type, passkey, 0);
191dc7fe
JH		 2208 if (err)
2209 return SMP_UNSPECIFIED;
2210
38606f14
JH		 2211 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2212
191dc7fe 2213 return 0;
88ba43b6
AB		 2214}
2215
f81cd823 2216static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2217{
c9839a11 2218 struct smp_ltk *key;
988c5997
VCG		 2219 struct hci_conn *hcon = conn->hcon;
2220
f3a73d97 2221 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2222 if (!key)
f81cd823 2223 return false;
988c5997 2224
a6f7833c 2225 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2226 return false;
4dab7864 2227
51a8efd7 2228 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2229 return true;
988c5997 2230
8b76ce34 2231 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
c9839a11 2232 hcon->enc_key_size = key->enc_size;
988c5997 2233
fe59a05f
JH		 2234 /* We never store STKs for master role, so clear this flag */
2235 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2236
f81cd823 2237 return true;
988c5997 2238}
f1560463 2239
35dc6f83
JH		 2240bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2241 enum smp_key_pref key_pref)
854f4727
JH		 2242{
2243 if (sec_level == BT_SECURITY_LOW)
2244 return true;
2245
35dc6f83
JH		 2246 /* If we're encrypted with an STK but the caller prefers using
2247 * LTK claim insufficient security. This way we allow the
2248 * connection to be re-encrypted with an LTK, even if the LTK
2249 * provides the same level of security. Only exception is if we
2250 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2251 */
35dc6f83
JH		 2252 if (key_pref == SMP_USE_LTK &&
2253 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2254 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2255 return false;
2256
854f4727
JH		 2257 if (hcon->sec_level >= sec_level)
2258 return true;
2259
2260 return false;
2261}
2262
da85e5e5 2263static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2264{
2265 struct smp_cmd_security_req *rp = (void *) skb->data;
2266 struct smp_cmd_pairing cp;
f1cb9af5 2267 struct hci_conn *hcon = conn->hcon;
0edb14de 2268 struct hci_dev *hdev = hcon->hdev;
8aab4757 2269 struct smp_chan *smp;
c05b9339 2270 u8 sec_level, auth;
88ba43b6
AB		 2271
2272 BT_DBG("conn %p", conn);
2273
c46b98be 2274 if (skb->len < sizeof(*rp))
38e4a915 2275 return SMP_INVALID_PARAMS;
c46b98be 2276
40bef302 2277 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2278 return SMP_CMD_NOTSUPP;
2279
0edb14de 2280 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2281
d7a5a11d 2282 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
903b71c7
JH		 2283 return SMP_AUTH_REQUIREMENTS;
2284
5be5e275 2285 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2286 sec_level = BT_SECURITY_MEDIUM;
2287 else
2288 sec_level = authreq_to_seclevel(auth);
2289
87a97ab1
SJ		 2290 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
2291 /* If link is already encrypted with sufficient security we
2292 * still need refresh encryption as per Core Spec 5.0 Vol 3,
2293 * Part H 2.4.6
2294 */
2295 smp_ltk_encrypt(conn, hcon->sec_level);
854f4727 2296 return 0;
87a97ab1 2297 }
854f4727 2298
c7262e71
JH		 2299 if (sec_level > hcon->pending_sec_level)
2300 hcon->pending_sec_level = sec_level;
feb45eb5 2301
4dab7864 2302 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2303 return 0;
2304
8aab4757 2305 smp = smp_chan_create(conn);
c29d2444
JH		 2306 if (!smp)
2307 return SMP_UNSPECIFIED;
d26a2345 2308
d7a5a11d 2309 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
c05b9339 2310 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2311 return SMP_PAIRING_NOTSUPP;
2312
88ba43b6 2313 skb_pull(skb, sizeof(*rp));
88ba43b6 2314
da85e5e5 2315 memset(&cp, 0, sizeof(cp));
c05b9339 2316 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2317
1c1def09
VCG		 2318 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2319 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2320
88ba43b6 2321 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2322 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2323
da85e5e5 2324 return 0;
88ba43b6
AB		 2325}
2326
cc110922 2327int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2328{
cc110922 2329 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2330 struct l2cap_chan *chan;
0a66cf20 2331 struct smp_chan *smp;
2b64d153 2332 __u8 authreq;
fc75cc86 2333 int ret;
eb492e01 2334
3a0259bb
VCG		 2335 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2336
0a66cf20
JH		 2337 /* This may be NULL if there's an unexpected disconnection */
2338 if (!conn)
2339 return 1;
2340
d7a5a11d 2341 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2e65c9d2
AG		 2342 return 1;
2343
35dc6f83 2344 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2345 return 1;
f1cb9af5 2346
c7262e71
JH		 2347 if (sec_level > hcon->pending_sec_level)
2348 hcon->pending_sec_level = sec_level;
2349
40bef302 2350 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2351 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2352 return 0;
d26a2345 2353
d8949aad
JH		 2354 chan = conn->smp;
2355 if (!chan) {
2356 BT_ERR("SMP security requested but not available");
2357 return 1;
2358 }
2359
fc75cc86
JH		 2360 l2cap_chan_lock(chan);
2361
2362 /* If SMP is already in progress ignore this request */
2363 if (chan->data) {
2364 ret = 0;
2365 goto unlock;
2366 }
d26a2345 2367
8aab4757 2368 smp = smp_chan_create(conn);
fc75cc86
JH		 2369 if (!smp) {
2370 ret = 1;
2371 goto unlock;
2372 }
2b64d153
BG		 2373
2374 authreq = seclevel_to_authreq(sec_level);
d26a2345 2375
a62da6f1 2376 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {
d2eb9e10 2377 authreq |= SMP_AUTH_SC;
a62da6f1
JH		 2378 if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))
2379 authreq |= SMP_AUTH_CT2;
2380 }
d2eb9e10 2381
79897d20
JH		 2382 /* Require MITM if IO Capability allows or the security level
2383 * requires it.
2e233644 2384 */
79897d20 2385 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2386 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2387 authreq |= SMP_AUTH_MITM;
2388
40bef302 2389 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2390 struct smp_cmd_pairing cp;
f01ead31 2391
2b64d153 2392 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2393 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2394 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2395
eb492e01 2396 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2397 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2398 } else {
2399 struct smp_cmd_security_req cp;
2b64d153 2400 cp.auth_req = authreq;
eb492e01 2401 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2402 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2403 }
2404
4a74d658 2405 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2406 ret = 0;
edca792c 2407
fc75cc86
JH		 2408unlock:
2409 l2cap_chan_unlock(chan);
2410 return ret;
eb492e01
AB		 2411}
2412
0f8a689c
MK		 2413int smp_cancel_and_remove_pairing(struct hci_dev *hdev, bdaddr_t *bdaddr,
2414 u8 addr_type)
c81d555a 2415{
0f8a689c
MK		 2416 struct hci_conn *hcon;
2417 struct l2cap_conn *conn;
c81d555a
JH		 2418 struct l2cap_chan *chan;
2419 struct smp_chan *smp;
0f8a689c
MK		 2420 int err;
2421
2422 err = hci_remove_ltk(hdev, bdaddr, addr_type);
2423 hci_remove_irk(hdev, bdaddr, addr_type);
2424
2425 hcon = hci_conn_hash_lookup_le(hdev, bdaddr, addr_type);
2426 if (!hcon)
2427 goto done;
c81d555a 2428
0f8a689c 2429 conn = hcon->l2cap_data;
c81d555a 2430 if (!conn)
0f8a689c 2431 goto done;
c81d555a
JH		 2432
2433 chan = conn->smp;
2434 if (!chan)
0f8a689c 2435 goto done;
c81d555a
JH		 2436
2437 l2cap_chan_lock(chan);
2438
2439 smp = chan->data;
2440 if (smp) {
0f8a689c
MK		 2441 /* Set keys to NULL to make sure smp_failure() does not try to
2442 * remove and free already invalidated rcu list entries. */
2443 smp->ltk = NULL;
2444 smp->slave_ltk = NULL;
2445 smp->remote_irk = NULL;
2446
c81d555a
JH		 2447 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2448 smp_failure(conn, 0);
2449 else
2450 smp_failure(conn, SMP_UNSPECIFIED);
0f8a689c 2451 err = 0;
c81d555a
JH		 2452 }
2453
2454 l2cap_chan_unlock(chan);
0f8a689c
MK		 2455
2456done:
2457 return err;
c81d555a
JH		 2458}
2459
7034b911
VCG		 2460static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2461{
16b90839 2462 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2463 struct l2cap_chan *chan = conn->smp;
2464 struct smp_chan *smp = chan->data;
16b90839 2465
c46b98be
JH		 2466 BT_DBG("conn %p", conn);
2467
2468 if (skb->len < sizeof(*rp))
38e4a915 2469 return SMP_INVALID_PARAMS;
c46b98be 2470
b28b4943 2471 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2472
16b90839
VCG		 2473 skb_pull(skb, sizeof(*rp));
2474
1c1def09 2475 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2476
7034b911
VCG		 2477 return 0;
2478}
2479
2480static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2481{
16b90839 2482 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2483 struct l2cap_chan *chan = conn->smp;
2484 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2485 struct hci_dev *hdev = conn->hcon->hdev;
2486 struct hci_conn *hcon = conn->hcon;
23d0e128 2487 struct smp_ltk *ltk;
c9839a11 2488 u8 authenticated;
16b90839 2489
c46b98be
JH		 2490 BT_DBG("conn %p", conn);
2491
2492 if (skb->len < sizeof(*rp))
38e4a915 2493 return SMP_INVALID_PARAMS;
c46b98be 2494
9747a9f3
JH		 2495 /* Mark the information as received */
2496 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2497
b28b4943
JH		 2498 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2499 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2500 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2501 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2502
16b90839 2503 skb_pull(skb, sizeof(*rp));
7034b911 2504
ce39fb4e 2505 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2506 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2507 authenticated, smp->tk, smp->enc_key_size,
2508 rp->ediv, rp->rand);
2509 smp->ltk = ltk;
c6e81e9a 2510 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2511 smp_distribute_keys(smp);
7034b911
VCG		 2512
2513 return 0;
2514}
2515
fd349c02
JH		 2516static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2517{
2518 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2519 struct l2cap_chan *chan = conn->smp;
2520 struct smp_chan *smp = chan->data;
fd349c02
JH		 2521
2522 BT_DBG("");
2523
2524 if (skb->len < sizeof(*info))
38e4a915 2525 return SMP_INVALID_PARAMS;
fd349c02 2526
b28b4943 2527 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2528
fd349c02
JH		 2529 skb_pull(skb, sizeof(*info));
2530
2531 memcpy(smp->irk, info->irk, 16);
2532
2533 return 0;
2534}
2535
2536static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2537 struct sk_buff *skb)
2538{
2539 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2540 struct l2cap_chan *chan = conn->smp;
2541 struct smp_chan *smp = chan->data;
fd349c02
JH		 2542 struct hci_conn *hcon = conn->hcon;
2543 bdaddr_t rpa;
2544
2545 BT_DBG("");
2546
2547 if (skb->len < sizeof(*info))
38e4a915 2548 return SMP_INVALID_PARAMS;
fd349c02 2549
9747a9f3
JH		 2550 /* Mark the information as received */
2551 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2552
b28b4943
JH		 2553 if (smp->remote_key_dist & SMP_DIST_SIGN)
2554 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2555
fd349c02
JH		 2556 skb_pull(skb, sizeof(*info));
2557
a9a58f86
JH		 2558 /* Strictly speaking the Core Specification (4.1) allows sending
2559 * an empty address which would force us to rely on just the IRK
2560 * as "identity information". However, since such
2561 * implementations are not known of and in order to not over
2562 * complicate our implementation, simply pretend that we never
2563 * received an IRK for such a device.
e12af489
JH		 2564 *
2565 * The Identity Address must also be a Static Random or Public
2566 * Address, which hci_is_identity_address() checks for.
a9a58f86 2567 */
e12af489
JH		 2568 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2569 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
a9a58f86 2570 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2571 goto distribute;
a9a58f86
JH		 2572 }
2573
fd349c02
JH		 2574 bacpy(&smp->id_addr, &info->bdaddr);
2575 smp->id_addr_type = info->addr_type;
2576
2577 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2578 bacpy(&rpa, &hcon->dst);
2579 else
2580 bacpy(&rpa, BDADDR_ANY);
2581
23d0e128
JH		 2582 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2583 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2584
31dd624e 2585distribute:
c6e81e9a
JH		 2586 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2587 smp_distribute_keys(smp);
fd349c02
JH		 2588
2589 return 0;
2590}
2591
7ee4ea36
MH		 2592static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2593{
2594 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2595 struct l2cap_chan *chan = conn->smp;
2596 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2597 struct smp_csrk *csrk;
2598
2599 BT_DBG("conn %p", conn);
2600
2601 if (skb->len < sizeof(*rp))
38e4a915 2602 return SMP_INVALID_PARAMS;
7ee4ea36 2603
7ee4ea36
MH		 2604 /* Mark the information as received */
2605 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2606
2607 skb_pull(skb, sizeof(*rp));
2608
7ee4ea36
MH		 2609 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2610 if (csrk) {
4cd3928a
JH		 2611 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2612 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2613 else
2614 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
7ee4ea36
MH		 2615 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2616 }
2617 smp->csrk = csrk;
d6268e86 2618 smp_distribute_keys(smp);
7ee4ea36
MH		 2619
2620 return 0;
2621}
2622
5e3d3d9b
JH		 2623static u8 sc_select_method(struct smp_chan *smp)
2624{
2625 struct l2cap_conn *conn = smp->conn;
2626 struct hci_conn *hcon = conn->hcon;
2627 struct smp_cmd_pairing *local, *remote;
2628 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2629
1a8bab4f
JH		 2630 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2631 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
a29b0733
JH		 2632 return REQ_OOB;
2633
5e3d3d9b
JH		 2634 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2635 * which are needed as inputs to some crypto functions. To get
2636 * the "struct smp_cmd_pairing" from them we need to skip the
2637 * first byte which contains the opcode.
2638 */
2639 if (hcon->out) {
2640 local = (void *) &smp->preq[1];
2641 remote = (void *) &smp->prsp[1];
2642 } else {
2643 local = (void *) &smp->prsp[1];
2644 remote = (void *) &smp->preq[1];
2645 }
2646
2647 local_io = local->io_capability;
2648 remote_io = remote->io_capability;
2649
2650 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2651 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2652
2653 /* If either side wants MITM, look up the method from the table,
2654 * otherwise use JUST WORKS.
2655 */
2656 if (local_mitm || remote_mitm)
2657 method = get_auth_method(smp, local_io, remote_io);
2658 else
2659 method = JUST_WORKS;
2660
2661 /* Don't confirm locally initiated pairing attempts */
2662 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2663 method = JUST_WORKS;
2664
2665 return method;
2666}
2667
d8f8edbe
JH		 2668static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2669{
2670 struct smp_cmd_public_key *key = (void *) skb->data;
2671 struct hci_conn *hcon = conn->hcon;
2672 struct l2cap_chan *chan = conn->smp;
2673 struct smp_chan *smp = chan->data;
5e3d3d9b 2674 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2675 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2676 int err;
2677
2678 BT_DBG("conn %p", conn);
2679
2680 if (skb->len < sizeof(*key))
2681 return SMP_INVALID_PARAMS;
2682
2683 memcpy(smp->remote_pk, key, 64);
2684
a8ca617c
JH		 2685 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2686 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2687 smp->rr, 0, cfm.confirm_val);
2688 if (err)
2689 return SMP_UNSPECIFIED;
2690
329d8230 2691 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
a8ca617c
JH		 2692 return SMP_CONFIRM_FAILED;
2693 }
2694
d8f8edbe
JH		 2695 /* Non-initiating device sends its public key after receiving
2696 * the key from the initiating device.
2697 */
2698 if (!hcon->out) {
2699 err = sc_send_public_key(smp);
2700 if (err)
2701 return err;
2702 }
2703
c7a3d57d 2704 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
e091526d 2705 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
d8f8edbe 2706
58771c1c 2707 if (!compute_ecdh_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
d8f8edbe
JH		 2708 return SMP_UNSPECIFIED;
2709
c7a3d57d 2710 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2711
2712 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2713
5e3d3d9b
JH		 2714 smp->method = sc_select_method(smp);
2715
2716 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2717
2718 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2719 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2720 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2721 else
2722 hcon->pending_sec_level = BT_SECURITY_FIPS;
2723
329d8230 2724 if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
aeb7d461
JH		 2725 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2726
38606f14
JH		 2727 if (smp->method == DSP_PASSKEY) {
2728 get_random_bytes(&hcon->passkey_notify,
2729 sizeof(hcon->passkey_notify));
2730 hcon->passkey_notify %= 1000000;
2731 hcon->passkey_entered = 0;
2732 smp->passkey_round = 0;
2733 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2734 hcon->dst_type,
2735 hcon->passkey_notify,
2736 hcon->passkey_entered))
2737 return SMP_UNSPECIFIED;
2738 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2739 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2740 }
2741
94ea7257 2742 if (smp->method == REQ_OOB) {
a29b0733
JH		 2743 if (hcon->out)
2744 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2745 sizeof(smp->prnd), smp->prnd);
2746
2747 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2748
2749 return 0;
2750 }
2751
38606f14
JH		 2752 if (hcon->out)
2753 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2754
2755 if (smp->method == REQ_PASSKEY) {
2756 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2757 hcon->dst_type))
2758 return SMP_UNSPECIFIED;
2759 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2760 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2761 return 0;
2762 }
2763
cbbbe3e2
JH		 2764 /* The Initiating device waits for the non-initiating device to
2765 * send the confirm value.
2766 */
2767 if (conn->hcon->out)
2768 return 0;
2769
2770 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2771 0, cfm.confirm_val);
2772 if (err)
2773 return SMP_UNSPECIFIED;
2774
2775 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2776 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2777
d8f8edbe
JH		 2778 return 0;
2779}
2780
6433a9a2
JH		 2781static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2782{
2783 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2784 struct l2cap_chan *chan = conn->smp;
2785 struct hci_conn *hcon = conn->hcon;
2786 struct smp_chan *smp = chan->data;
2787 u8 a[7], b[7], *local_addr, *remote_addr;
2788 u8 io_cap[3], r[16], e[16];
2789 int err;
2790
2791 BT_DBG("conn %p", conn);
2792
2793 if (skb->len < sizeof(*check))
2794 return SMP_INVALID_PARAMS;
2795
2796 memcpy(a, &hcon->init_addr, 6);
2797 memcpy(b, &hcon->resp_addr, 6);
2798 a[6] = hcon->init_addr_type;
2799 b[6] = hcon->resp_addr_type;
2800
2801 if (hcon->out) {
2802 local_addr = a;
2803 remote_addr = b;
2804 memcpy(io_cap, &smp->prsp[1], 3);
2805 } else {
2806 local_addr = b;
2807 remote_addr = a;
2808 memcpy(io_cap, &smp->preq[1], 3);
2809 }
2810
2811 memset(r, 0, sizeof(r));
2812
38606f14
JH		 2813 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2814 put_unaligned_le32(hcon->passkey_notify, r);
882fafad
JH		 2815 else if (smp->method == REQ_OOB)
2816 memcpy(r, smp->lr, 16);
38606f14 2817
6433a9a2
JH		 2818 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2819 io_cap, remote_addr, local_addr, e);
2820 if (err)
2821 return SMP_UNSPECIFIED;
2822
329d8230 2823 if (crypto_memneq(check->e, e, 16))
6433a9a2
JH		 2824 return SMP_DHKEY_CHECK_FAILED;
2825
d3e54a87
JH		 2826 if (!hcon->out) {
2827 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2828 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2829 return 0;
2830 }
d378a2d7 2831
d3e54a87
JH		 2832 /* Slave sends DHKey check as response to master */
2833 sc_dhkey_check(smp);
2834 }
d378a2d7 2835
d3e54a87 2836 sc_add_ltk(smp);
6433a9a2
JH		 2837
2838 if (hcon->out) {
8b76ce34 2839 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
6433a9a2
JH		 2840 hcon->enc_key_size = smp->enc_key_size;
2841 }
2842
2843 return 0;
2844}
2845
1408bb6e
JH		 2846static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2847 struct sk_buff *skb)
2848{
2849 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2850
2851 BT_DBG("value 0x%02x", kp->value);
2852
2853 return 0;
2854}
2855
4befb867 2856static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2857{
5d88cc73 2858 struct l2cap_conn *conn = chan->conn;
7b9899db 2859 struct hci_conn *hcon = conn->hcon;
b28b4943 2860 struct smp_chan *smp;
92381f5c 2861 __u8 code, reason;
eb492e01
AB		 2862 int err = 0;
2863
8ae9b984 2864 if (skb->len < 1)
92381f5c 2865 return -EILSEQ;
92381f5c 2866
d7a5a11d 2867 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2e65c9d2
AG		 2868 reason = SMP_PAIRING_NOTSUPP;
2869 goto done;
2870 }
2871
92381f5c 2872 code = skb->data[0];
eb492e01
AB		 2873 skb_pull(skb, sizeof(code));
2874
b28b4943
JH		 2875 smp = chan->data;
2876
2877 if (code > SMP_CMD_MAX)
2878 goto drop;
2879
24bd0bd9 2880 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2881 goto drop;
2882
2883 /* If we don't have a context the only allowed commands are
2884 * pairing request and security request.
8cf9fa12 2885 */
b28b4943
JH		 2886 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2887 goto drop;
8cf9fa12 2888
eb492e01
AB		 2889 switch (code) {
2890 case SMP_CMD_PAIRING_REQ:
da85e5e5 2891 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2892 break;
2893
2894 case SMP_CMD_PAIRING_FAIL:
84794e11 2895 smp_failure(conn, 0);
da85e5e5 2896 err = -EPERM;
eb492e01
AB		 2897 break;
2898
2899 case SMP_CMD_PAIRING_RSP:
da85e5e5 2900 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2901 break;
2902
2903 case SMP_CMD_SECURITY_REQ:
da85e5e5 2904 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2905 break;
2906
eb492e01 2907 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2908 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2909 break;
2910
eb492e01 2911 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2912 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2913 break;
2914
eb492e01 2915 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2916 reason = smp_cmd_encrypt_info(conn, skb);
2917 break;
2918
eb492e01 2919 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2920 reason = smp_cmd_master_ident(conn, skb);
2921 break;
2922
eb492e01 2923 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2924 reason = smp_cmd_ident_info(conn, skb);
2925 break;
2926
eb492e01 2927 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2928 reason = smp_cmd_ident_addr_info(conn, skb);
2929 break;
2930
eb492e01 2931 case SMP_CMD_SIGN_INFO:
7ee4ea36 2932 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2933 break;
2934
d8f8edbe
JH		 2935 case SMP_CMD_PUBLIC_KEY:
2936 reason = smp_cmd_public_key(conn, skb);
2937 break;
2938
6433a9a2
JH		 2939 case SMP_CMD_DHKEY_CHECK:
2940 reason = smp_cmd_dhkey_check(conn, skb);
2941 break;
2942
1408bb6e
JH		 2943 case SMP_CMD_KEYPRESS_NOTIFY:
2944 reason = smp_cmd_keypress_notify(conn, skb);
2945 break;
2946
eb492e01
AB		 2947 default:
2948 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2949 reason = SMP_CMD_NOTSUPP;
3a0259bb 2950 goto done;
eb492e01
AB		 2951 }
2952
3a0259bb 2953done:
9b7b18ef
JH		 2954 if (!err) {
2955 if (reason)
2956 smp_failure(conn, reason);
8ae9b984 2957 kfree_skb(skb);
9b7b18ef
JH		 2958 }
2959
eb492e01 2960 return err;
b28b4943
JH		 2961
2962drop:
2963 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2964 code, &hcon->dst);
2965 kfree_skb(skb);
2966 return 0;
eb492e01 2967}
7034b911 2968
70db83c4
JH		 2969static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2970{
2971 struct l2cap_conn *conn = chan->conn;
2972
2973 BT_DBG("chan %p", chan);
2974
fc75cc86 2975 if (chan->data)
5d88cc73 2976 smp_chan_destroy(conn);
5d88cc73 2977
70db83c4
JH		 2978 conn->smp = NULL;
2979 l2cap_chan_put(chan);
2980}
2981
b5ae344d
JH		 2982static void bredr_pairing(struct l2cap_chan *chan)
2983{
2984 struct l2cap_conn *conn = chan->conn;
2985 struct hci_conn *hcon = conn->hcon;
2986 struct hci_dev *hdev = hcon->hdev;
2987 struct smp_cmd_pairing req;
2988 struct smp_chan *smp;
2989
2990 BT_DBG("chan %p", chan);
2991
2992 /* Only new pairings are interesting */
2993 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2994 return;
2995
2996 /* Don't bother if we're not encrypted */
2997 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2998 return;
2999
3000 /* Only master may initiate SMP over BR/EDR */
3001 if (hcon->role != HCI_ROLE_MASTER)
3002 return;
3003
3004 /* Secure Connections support must be enabled */
d7a5a11d 3005 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
b5ae344d
JH		 3006 return;
3007
3008 /* BR/EDR must use Secure Connections for SMP */
3009 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
b7cb93e5 3010 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
b5ae344d
JH		 3011 return;
3012
3013 /* If our LE support is not enabled don't do anything */
d7a5a11d 3014 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
b5ae344d
JH		 3015 return;
3016
3017 /* Don't bother if remote LE support is not enabled */
3018 if (!lmp_host_le_capable(hcon))
3019 return;
3020
3021 /* Remote must support SMP fixed chan for BR/EDR */
3022 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
3023 return;
3024
3025 /* Don't bother if SMP is already ongoing */
3026 if (chan->data)
3027 return;
3028
3029 smp = smp_chan_create(conn);
3030 if (!smp) {
3031 BT_ERR("%s unable to create SMP context for BR/EDR",
3032 hdev->name);
3033 return;
3034 }
3035
3036 set_bit(SMP_FLAG_SC, &smp->flags);
3037
3038 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
3039
3040 /* Prepare and send the BR/EDR SMP Pairing Request */
3041 build_bredr_pairing_cmd(smp, &req, NULL);
3042
3043 smp->preq[0] = SMP_CMD_PAIRING_REQ;
3044 memcpy(&smp->preq[1], &req, sizeof(req));
3045
3046 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
3047 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
3048}
3049
44f1a7ab
JH		 3050static void smp_resume_cb(struct l2cap_chan *chan)
3051{
b68fda68 3052 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 3053 struct l2cap_conn *conn = chan->conn;
3054 struct hci_conn *hcon = conn->hcon;
3055
3056 BT_DBG("chan %p", chan);
3057
b5ae344d
JH		 3058 if (hcon->type == ACL_LINK) {
3059 bredr_pairing(chan);
ef8efe4b 3060 return;
b5ae344d 3061 }
ef8efe4b 3062
86d1407c
JH		 3063 if (!smp)
3064 return;
b68fda68 3065
84bc0db5
JH		 3066 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3067 return;
3068
86d1407c
JH		 3069 cancel_delayed_work(&smp->security_timer);
3070
d6268e86 3071 smp_distribute_keys(smp);
44f1a7ab
JH		 3072}
3073
70db83c4
JH		 3074static void smp_ready_cb(struct l2cap_chan *chan)
3075{
3076 struct l2cap_conn *conn = chan->conn;
b5ae344d 3077 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 3078
3079 BT_DBG("chan %p", chan);
3080
7883746b
JH		 3081 /* No need to call l2cap_chan_hold() here since we already own
3082 * the reference taken in smp_new_conn_cb(). This is just the
3083 * first time that we tie it to a specific pointer. The code in
3084 * l2cap_core.c ensures that there's no risk this function wont
3085 * get called if smp_new_conn_cb was previously called.
3086 */
70db83c4 3087 conn->smp = chan;
b5ae344d
JH		 3088
3089 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3090 bredr_pairing(chan);
70db83c4
JH		 3091}
3092
4befb867
JH		 3093static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3094{
3095 int err;
3096
3097 BT_DBG("chan %p", chan);
3098
3099 err = smp_sig_channel(chan, skb);
3100 if (err) {
b68fda68 3101 struct smp_chan *smp = chan->data;
4befb867 3102
b68fda68
JH		 3103 if (smp)
3104 cancel_delayed_work_sync(&smp->security_timer);
4befb867 3105
1e91c29e 3106 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 3107 }
3108
3109 return err;
3110}
3111
70db83c4
JH		 3112static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3113 unsigned long hdr_len,
3114 unsigned long len, int nb)
3115{
3116 struct sk_buff *skb;
3117
3118 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3119 if (!skb)
3120 return ERR_PTR(-ENOMEM);
3121
3122 skb->priority = HCI_PRIO_MAX;
a4368ff3 3123 bt_cb(skb)->l2cap.chan = chan;
70db83c4
JH		 3124
3125 return skb;
3126}
3127
3128static const struct l2cap_ops smp_chan_ops = {
3129 .name = "Security Manager",
3130 .ready = smp_ready_cb,
5d88cc73 3131 .recv = smp_recv_cb,
70db83c4
JH		 3132 .alloc_skb = smp_alloc_skb_cb,
3133 .teardown = smp_teardown_cb,
44f1a7ab 3134 .resume = smp_resume_cb,
70db83c4
JH		 3135
3136 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 3137 .state_change = l2cap_chan_no_state_change,
3138 .close = l2cap_chan_no_close,
3139 .defer = l2cap_chan_no_defer,
3140 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 3141 .set_shutdown = l2cap_chan_no_set_shutdown,
3142 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3143};
3144
3145static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3146{
3147 struct l2cap_chan *chan;
3148
3149 BT_DBG("pchan %p", pchan);
3150
3151 chan = l2cap_chan_create();
3152 if (!chan)
3153 return NULL;
3154
3155 chan->chan_type = pchan->chan_type;
3156 chan->ops = &smp_chan_ops;
3157 chan->scid = pchan->scid;
3158 chan->dcid = chan->scid;
3159 chan->imtu = pchan->imtu;
3160 chan->omtu = pchan->omtu;
3161 chan->mode = pchan->mode;
3162
abe84903
JH		 3163 /* Other L2CAP channels may request SMP routines in order to
3164 * change the security level. This means that the SMP channel
3165 * lock must be considered in its own category to avoid lockdep
3166 * warnings.
3167 */
3168 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3169
70db83c4
JH		 3170 BT_DBG("created chan %p", chan);
3171
3172 return chan;
3173}
3174
3175static const struct l2cap_ops smp_root_chan_ops = {
3176 .name = "Security Manager Root",
3177 .new_connection = smp_new_conn_cb,
3178
3179 /* None of these are implemented for the root channel */
3180 .close = l2cap_chan_no_close,
3181 .alloc_skb = l2cap_chan_no_alloc_skb,
3182 .recv = l2cap_chan_no_recv,
3183 .state_change = l2cap_chan_no_state_change,
3184 .teardown = l2cap_chan_no_teardown,
3185 .ready = l2cap_chan_no_ready,
3186 .defer = l2cap_chan_no_defer,
3187 .suspend = l2cap_chan_no_suspend,
3188 .resume = l2cap_chan_no_resume,
3189 .set_shutdown = l2cap_chan_no_set_shutdown,
3190 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
70db83c4
JH		 3191};
3192
ef8efe4b 3193static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 3194{
70db83c4 3195 struct l2cap_chan *chan;
88a479d9 3196 struct smp_dev *smp;
a4770e11 3197 struct crypto_cipher *tfm_aes;
71af2f6b 3198 struct crypto_shash *tfm_cmac;
70db83c4 3199
ef8efe4b 3200 if (cid == L2CAP_CID_SMP_BREDR) {
88a479d9 3201 smp = NULL;
ef8efe4b
JH		 3202 goto create_chan;
3203 }
711eafe3 3204
88a479d9
MH		 3205 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3206 if (!smp)
3207 return ERR_PTR(-ENOMEM);
3208
a4770e11 3209 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
defce9e8 3210 if (IS_ERR(tfm_aes)) {
a4770e11 3211 BT_ERR("Unable to create AES crypto context");
88a479d9 3212 kzfree(smp);
fe700771 3213 return ERR_CAST(tfm_aes);
711eafe3
JH		 3214 }
3215
71af2f6b 3216 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
6e2dc6d1
MH		 3217 if (IS_ERR(tfm_cmac)) {
3218 BT_ERR("Unable to create CMAC crypto context");
a4770e11 3219 crypto_free_cipher(tfm_aes);
6e2dc6d1
MH		 3220 kzfree(smp);
3221 return ERR_CAST(tfm_cmac);
3222 }
3223
88a479d9 3224 smp->tfm_aes = tfm_aes;
6e2dc6d1 3225 smp->tfm_cmac = tfm_cmac;
b1f663c9 3226 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
2fd36558 3227 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
88a479d9 3228
ef8efe4b 3229create_chan:
70db83c4
JH		 3230 chan = l2cap_chan_create();
3231 if (!chan) {
63511f6d 3232 if (smp) {
a4770e11 3233 crypto_free_cipher(smp->tfm_aes);
71af2f6b 3234 crypto_free_shash(smp->tfm_cmac);
63511f6d
MH		 3235 kzfree(smp);
3236 }
ef8efe4b 3237 return ERR_PTR(-ENOMEM);
70db83c4
JH		 3238 }
3239
88a479d9 3240 chan->data = smp;
defce9e8 3241
ef8efe4b 3242 l2cap_add_scid(chan, cid);
70db83c4
JH		 3243
3244 l2cap_chan_set_defaults(chan);
3245
157029ba 3246 if (cid == L2CAP_CID_SMP) {
39e3e744
JH		 3247 u8 bdaddr_type;
3248
3249 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3250
3251 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
157029ba 3252 chan->src_type = BDADDR_LE_PUBLIC;
39e3e744
JH		 3253 else
3254 chan->src_type = BDADDR_LE_RANDOM;
157029ba
MH		 3255 } else {
3256 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b 3257 chan->src_type = BDADDR_BREDR;
157029ba
MH		 3258 }
3259
70db83c4
JH		 3260 chan->state = BT_LISTEN;
3261 chan->mode = L2CAP_MODE_BASIC;
3262 chan->imtu = L2CAP_DEFAULT_MTU;
3263 chan->ops = &smp_root_chan_ops;
3264
abe84903
JH		 3265 /* Set correct nesting level for a parent/listening channel */
3266 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3267
ef8efe4b 3268 return chan;
711eafe3
JH		 3269}
3270
ef8efe4b 3271static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 3272{
88a479d9 3273 struct smp_dev *smp;
70db83c4 3274
ef8efe4b 3275 BT_DBG("chan %p", chan);
711eafe3 3276
88a479d9
MH		 3277 smp = chan->data;
3278 if (smp) {
defce9e8 3279 chan->data = NULL;
a4770e11 3280 crypto_free_cipher(smp->tfm_aes);
71af2f6b 3281 crypto_free_shash(smp->tfm_cmac);
88a479d9 3282 kzfree(smp);
711eafe3 3283 }
70db83c4 3284
70db83c4 3285 l2cap_chan_put(chan);
711eafe3 3286}
ef8efe4b 3287
300acfde
MH		 3288static ssize_t force_bredr_smp_read(struct file *file,
3289 char __user *user_buf,
3290 size_t count, loff_t *ppos)
3291{
3292 struct hci_dev *hdev = file->private_data;
3293 char buf[3];
3294
b7cb93e5 3295 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
300acfde
MH		 3296 buf[1] = '\n';
3297 buf[2] = '\0';
3298 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3299}
3300
3301static ssize_t force_bredr_smp_write(struct file *file,
3302 const char __user *user_buf,
3303 size_t count, loff_t *ppos)
3304{
3305 struct hci_dev *hdev = file->private_data;
3306 char buf[32];
3307 size_t buf_size = min(count, (sizeof(buf)-1));
3308 bool enable;
3309
3310 if (copy_from_user(buf, user_buf, buf_size))
3311 return -EFAULT;
3312
3313 buf[buf_size] = '\0';
3314 if (strtobool(buf, &enable))
3315 return -EINVAL;
3316
b7cb93e5 3317 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
300acfde
MH		 3318 return -EALREADY;
3319
3320 if (enable) {
3321 struct l2cap_chan *chan;
3322
3323 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3324 if (IS_ERR(chan))
3325 return PTR_ERR(chan);
3326
3327 hdev->smp_bredr_data = chan;
3328 } else {
3329 struct l2cap_chan *chan;
3330
3331 chan = hdev->smp_bredr_data;
3332 hdev->smp_bredr_data = NULL;
3333 smp_del_chan(chan);
3334 }
3335
b7cb93e5 3336 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
300acfde
MH		 3337
3338 return count;
3339}
3340
3341static const struct file_operations force_bredr_smp_fops = {
3342 .open = simple_open,
3343 .read = force_bredr_smp_read,
3344 .write = force_bredr_smp_write,
3345 .llseek = default_llseek,
3346};
3347
b1f663c9
JH		 3348static ssize_t le_min_key_size_read(struct file *file,
3349 char __user *user_buf,
3350 size_t count, loff_t *ppos)
3351{
3352 struct hci_dev *hdev = file->private_data;
3353 char buf[4];
3354
3355 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3356
3357 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3358}
3359
3360static ssize_t le_min_key_size_write(struct file *file,
3361 const char __user *user_buf,
3362 size_t count, loff_t *ppos)
3363{
3364 struct hci_dev *hdev = file->private_data;
3365 char buf[32];
3366 size_t buf_size = min(count, (sizeof(buf) - 1));
3367 u8 key_size;
3368
3369 if (copy_from_user(buf, user_buf, buf_size))
3370 return -EFAULT;
3371
3372 buf[buf_size] = '\0';
3373
3374 sscanf(buf, "%hhu", &key_size);
3375
3376 if (key_size > SMP_DEV(hdev)->max_key_size ||
3377 key_size < SMP_MIN_ENC_KEY_SIZE)
3378 return -EINVAL;
3379
3380 SMP_DEV(hdev)->min_key_size = key_size;
3381
3382 return count;
3383}
3384
3385static const struct file_operations le_min_key_size_fops = {
3386 .open = simple_open,
3387 .read = le_min_key_size_read,
3388 .write = le_min_key_size_write,
3389 .llseek = default_llseek,
3390};
3391
2fd36558
JH		 3392static ssize_t le_max_key_size_read(struct file *file,
3393 char __user *user_buf,
3394 size_t count, loff_t *ppos)
3395{
3396 struct hci_dev *hdev = file->private_data;
3397 char buf[4];
3398
3399 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3400
3401 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3402}
3403
3404static ssize_t le_max_key_size_write(struct file *file,
3405 const char __user *user_buf,
3406 size_t count, loff_t *ppos)
3407{
3408 struct hci_dev *hdev = file->private_data;
3409 char buf[32];
3410 size_t buf_size = min(count, (sizeof(buf) - 1));
3411 u8 key_size;
3412
3413 if (copy_from_user(buf, user_buf, buf_size))
3414 return -EFAULT;
3415
3416 buf[buf_size] = '\0';
3417
3418 sscanf(buf, "%hhu", &key_size);
3419
b1f663c9
JH		 3420 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3421 key_size < SMP_DEV(hdev)->min_key_size)
2fd36558
JH		 3422 return -EINVAL;
3423
3424 SMP_DEV(hdev)->max_key_size = key_size;
3425
3426 return count;
3427}
3428
3429static const struct file_operations le_max_key_size_fops = {
3430 .open = simple_open,
3431 .read = le_max_key_size_read,
3432 .write = le_max_key_size_write,
3433 .llseek = default_llseek,
3434};
3435
ef8efe4b
JH		 3436int smp_register(struct hci_dev *hdev)
3437{
3438 struct l2cap_chan *chan;
3439
3440 BT_DBG("%s", hdev->name);
3441
7e7ec445
MH		 3442 /* If the controller does not support Low Energy operation, then
3443 * there is also no need to register any SMP channel.
3444 */
3445 if (!lmp_le_capable(hdev))
3446 return 0;
3447
2b8df323
MH		 3448 if (WARN_ON(hdev->smp_data)) {
3449 chan = hdev->smp_data;
3450 hdev->smp_data = NULL;
3451 smp_del_chan(chan);
3452 }
3453
ef8efe4b
JH		 3454 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3455 if (IS_ERR(chan))
3456 return PTR_ERR(chan);
3457
3458 hdev->smp_data = chan;
3459
b1f663c9
JH		 3460 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3461 &le_min_key_size_fops);
2fd36558
JH		 3462 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3463 &le_max_key_size_fops);
3464
300acfde
MH		 3465 /* If the controller does not support BR/EDR Secure Connections
3466 * feature, then the BR/EDR SMP channel shall not be present.
3467 *
3468 * To test this with Bluetooth 4.0 controllers, create a debugfs
3469 * switch that allows forcing BR/EDR SMP support and accepting
3470 * cross-transport pairing on non-AES encrypted connections.
3471 */
3472 if (!lmp_sc_capable(hdev)) {
3473 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3474 hdev, &force_bredr_smp_fops);
83ebb9ec
SJ		 3475
3476 /* Flag can be already set here (due to power toggle) */
3477 if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3478 return 0;
300acfde 3479 }
ef8efe4b 3480
2b8df323
MH		 3481 if (WARN_ON(hdev->smp_bredr_data)) {
3482 chan = hdev->smp_bredr_data;
3483 hdev->smp_bredr_data = NULL;
3484 smp_del_chan(chan);
3485 }
3486
ef8efe4b
JH		 3487 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3488 if (IS_ERR(chan)) {
3489 int err = PTR_ERR(chan);
3490 chan = hdev->smp_data;
3491 hdev->smp_data = NULL;
3492 smp_del_chan(chan);
3493 return err;
3494 }
3495
3496 hdev->smp_bredr_data = chan;
3497
3498 return 0;
3499}
3500
3501void smp_unregister(struct hci_dev *hdev)
3502{
3503 struct l2cap_chan *chan;
3504
3505 if (hdev->smp_bredr_data) {
3506 chan = hdev->smp_bredr_data;
3507 hdev->smp_bredr_data = NULL;
3508 smp_del_chan(chan);
3509 }
3510
3511 if (hdev->smp_data) {
3512 chan = hdev->smp_data;
3513 hdev->smp_data = NULL;
3514 smp_del_chan(chan);
3515 }
3516}
0a2b0f04
JH		 3517
3518#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3519
71653eb6
MH		 3520static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
3521{
3522 int i;
3523
3524 for (i = 0; i < ndigits; i++)
3525 out[i] = __swab64(in[ndigits - 1 - i]);
3526}
3527
3528static int __init test_debug_key(void)
3529{
3530 u8 pk[64], sk[32];
3531
3532 swap_digits((u64 *)debug_sk, (u64 *)sk, 4);
3533
3534 if (!generate_ecdh_keys(pk, sk))
3535 return -EINVAL;
3536
329d8230 3537 if (crypto_memneq(sk, debug_sk, 32))
71653eb6
MH		 3538 return -EINVAL;
3539
329d8230 3540 if (crypto_memneq(pk, debug_pk, 64))
71653eb6
MH		 3541 return -EINVAL;
3542
3543 return 0;
3544}
3545
a4770e11 3546static int __init test_ah(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3547{
3548 const u8 irk[16] = {
3549 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3550 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3551 const u8 r[3] = { 0x94, 0x81, 0x70 };
3552 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3553 u8 res[3];
3554 int err;
3555
3556 err = smp_ah(tfm_aes, irk, r, res);
3557 if (err)
3558 return err;
3559
329d8230 3560 if (crypto_memneq(res, exp, 3))
cfc4198e
JH		 3561 return -EINVAL;
3562
3563 return 0;
3564}
3565
a4770e11 3566static int __init test_c1(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3567{
3568 const u8 k[16] = {
3569 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3570 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3571 const u8 r[16] = {
3572 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3573 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3574 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3575 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3576 const u8 _iat = 0x01;
3577 const u8 _rat = 0x00;
3578 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3579 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3580 const u8 exp[16] = {
3581 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3582 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3583 u8 res[16];
3584 int err;
3585
3586 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3587 if (err)
3588 return err;
3589
329d8230 3590 if (crypto_memneq(res, exp, 16))
cfc4198e
JH		 3591 return -EINVAL;
3592
3593 return 0;
3594}
3595
a4770e11 3596static int __init test_s1(struct crypto_cipher *tfm_aes)
cfc4198e
JH		 3597{
3598 const u8 k[16] = {
3599 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3600 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3601 const u8 r1[16] = {
3602 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3603 const u8 r2[16] = {
3604 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3605 const u8 exp[16] = {
3606 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3607 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3608 u8 res[16];
3609 int err;
3610
3611 err = smp_s1(tfm_aes, k, r1, r2, res);
3612 if (err)
3613 return err;
3614
329d8230 3615 if (crypto_memneq(res, exp, 16))
cfc4198e
JH		 3616 return -EINVAL;
3617
3618 return 0;
3619}
3620
71af2f6b 3621static int __init test_f4(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3622{
3623 const u8 u[32] = {
3624 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3625 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3626 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3627 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3628 const u8 v[32] = {
3629 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3630 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3631 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3632 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3633 const u8 x[16] = {
3634 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3635 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3636 const u8 z = 0x00;
3637 const u8 exp[16] = {
3638 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3639 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3640 u8 res[16];
3641 int err;
3642
3643 err = smp_f4(tfm_cmac, u, v, x, z, res);
3644 if (err)
3645 return err;
3646
329d8230 3647 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3648 return -EINVAL;
3649
3650 return 0;
3651}
3652
71af2f6b 3653static int __init test_f5(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3654{
3655 const u8 w[32] = {
3656 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3657 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3658 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3659 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3660 const u8 n1[16] = {
3661 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3662 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3663 const u8 n2[16] = {
3664 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3665 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3666 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3667 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3668 const u8 exp_ltk[16] = {
3669 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3670 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3671 const u8 exp_mackey[16] = {
3672 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3673 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3674 u8 mackey[16], ltk[16];
3675 int err;
3676
3677 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3678 if (err)
3679 return err;
3680
329d8230 3681 if (crypto_memneq(mackey, exp_mackey, 16))
fb2969a3
JH		 3682 return -EINVAL;
3683
329d8230 3684 if (crypto_memneq(ltk, exp_ltk, 16))
fb2969a3
JH		 3685 return -EINVAL;
3686
3687 return 0;
3688}
3689
71af2f6b 3690static int __init test_f6(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3691{
3692 const u8 w[16] = {
3693 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3694 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3695 const u8 n1[16] = {
3696 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3697 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3698 const u8 n2[16] = {
3699 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3700 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3701 const u8 r[16] = {
3702 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3703 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3704 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3705 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3706 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3707 const u8 exp[16] = {
3708 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3709 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3710 u8 res[16];
3711 int err;
3712
3713 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3714 if (err)
3715 return err;
3716
329d8230 3717 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3718 return -EINVAL;
3719
3720 return 0;
3721}
3722
71af2f6b 3723static int __init test_g2(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3724{
3725 const u8 u[32] = {
3726 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3727 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3728 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3729 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3730 const u8 v[32] = {
3731 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3732 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3733 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3734 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3735 const u8 x[16] = {
3736 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3737 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3738 const u8 y[16] = {
3739 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3740 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3741 const u32 exp_val = 0x2f9ed5ba % 1000000;
3742 u32 val;
3743 int err;
3744
3745 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3746 if (err)
3747 return err;
3748
3749 if (val != exp_val)
3750 return -EINVAL;
3751
3752 return 0;
3753}
3754
71af2f6b 3755static int __init test_h6(struct crypto_shash *tfm_cmac)
fb2969a3
JH		 3756{
3757 const u8 w[16] = {
3758 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3759 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3760 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3761 const u8 exp[16] = {
3762 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3763 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3764 u8 res[16];
3765 int err;
3766
3767 err = smp_h6(tfm_cmac, w, key_id, res);
3768 if (err)
3769 return err;
3770
329d8230 3771 if (crypto_memneq(res, exp, 16))
fb2969a3
JH		 3772 return -EINVAL;
3773
3774 return 0;
3775}
3776
64dd374e
MH		 3777static char test_smp_buffer[32];
3778
3779static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3780 size_t count, loff_t *ppos)
3781{
3782 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3783 strlen(test_smp_buffer));
3784}
3785
3786static const struct file_operations test_smp_fops = {
3787 .open = simple_open,
3788 .read = test_smp_read,
3789 .llseek = default_llseek,
3790};
3791
a4770e11 3792static int __init run_selftests(struct crypto_cipher *tfm_aes,
71af2f6b 3793 struct crypto_shash *tfm_cmac)
0a2b0f04 3794{
255047b0
MH		 3795 ktime_t calltime, delta, rettime;
3796 unsigned long long duration;
cfc4198e
JH		 3797 int err;
3798
255047b0
MH		 3799 calltime = ktime_get();
3800
71653eb6
MH		 3801 err = test_debug_key();
3802 if (err) {
3803 BT_ERR("debug_key test failed");
3804 goto done;
3805 }
3806
cfc4198e
JH		 3807 err = test_ah(tfm_aes);
3808 if (err) {
3809 BT_ERR("smp_ah test failed");
64dd374e 3810 goto done;
cfc4198e
JH		 3811 }
3812
3813 err = test_c1(tfm_aes);
3814 if (err) {
3815 BT_ERR("smp_c1 test failed");
64dd374e 3816 goto done;
cfc4198e
JH		 3817 }
3818
3819 err = test_s1(tfm_aes);
3820 if (err) {
3821 BT_ERR("smp_s1 test failed");
64dd374e 3822 goto done;
cfc4198e
JH		 3823 }
3824
fb2969a3
JH		 3825 err = test_f4(tfm_cmac);
3826 if (err) {
3827 BT_ERR("smp_f4 test failed");
64dd374e 3828 goto done;
fb2969a3
JH		 3829 }
3830
3831 err = test_f5(tfm_cmac);
3832 if (err) {
3833 BT_ERR("smp_f5 test failed");
64dd374e 3834 goto done;
fb2969a3
JH		 3835 }
3836
3837 err = test_f6(tfm_cmac);
3838 if (err) {
3839 BT_ERR("smp_f6 test failed");
64dd374e 3840 goto done;
fb2969a3
JH		 3841 }
3842
3843 err = test_g2(tfm_cmac);
3844 if (err) {
3845 BT_ERR("smp_g2 test failed");
64dd374e 3846 goto done;
fb2969a3
JH		 3847 }
3848
3849 err = test_h6(tfm_cmac);
3850 if (err) {
3851 BT_ERR("smp_h6 test failed");
64dd374e 3852 goto done;
fb2969a3
JH		 3853 }
3854
255047b0
MH		 3855 rettime = ktime_get();
3856 delta = ktime_sub(rettime, calltime);
3857 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3858
5ced2464 3859 BT_INFO("SMP test passed in %llu usecs", duration);
0a2b0f04 3860
64dd374e
MH		 3861done:
3862 if (!err)
3863 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3864 "PASS (%llu usecs)\n", duration);
3865 else
3866 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3867
3868 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3869 &test_smp_fops);
3870
3871 return err;
0a2b0f04
JH		 3872}
3873
3874int __init bt_selftest_smp(void)
3875{
a4770e11 3876 struct crypto_cipher *tfm_aes;
71af2f6b 3877 struct crypto_shash *tfm_cmac;
0a2b0f04
JH		 3878 int err;
3879
a4770e11 3880 tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
0a2b0f04 3881 if (IS_ERR(tfm_aes)) {
a4770e11 3882 BT_ERR("Unable to create AES crypto context");
0a2b0f04
JH		 3883 return PTR_ERR(tfm_aes);
3884 }
3885
71af2f6b 3886 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
0a2b0f04
JH		 3887 if (IS_ERR(tfm_cmac)) {
3888 BT_ERR("Unable to create CMAC crypto context");
a4770e11 3889 crypto_free_cipher(tfm_aes);
0a2b0f04
JH		 3890 return PTR_ERR(tfm_cmac);
3891 }
3892
3893 err = run_selftests(tfm_aes, tfm_cmac);
3894
71af2f6b 3895 crypto_free_shash(tfm_cmac);
a4770e11 3896 crypto_free_cipher(tfm_aes);
0a2b0f04
JH		 3897
3898 return err;
3899}
3900
3901#endif