blob: 5f2f97de295eb65fbdf2d042e35fc25d8a39369f [file] [log] [blame]
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
Marcel Holtmann300acfde2014-12-31 14:43:16 -080023#include <linux/debugfs.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030024#include <linux/scatterlist.h>
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +020025#include <crypto/aes.h>
Herbert Xu71af2f62016-01-24 21:18:30 +080026#include <crypto/hash.h>
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +030027#include <crypto/kpp.h>
Herbert Xu2defbea2023-08-22 17:26:25 +080028#include <crypto/utils.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030029
Anderson Brigliaeb492e02011-06-09 18:50:40 -030030#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
Brian Gix2b64d152011-12-21 16:12:12 -080033#include <net/bluetooth/mgmt.h>
Marcel Holtmannac4b7232013-10-10 14:54:16 -070034
Salvatore Benedetto58771c1c2017-04-24 13:13:20 +010035#include "ecdh_helper.h"
Marcel Holtmannac4b7232013-10-10 14:54:16 -070036#include "smp.h"
Anderson Brigliad22ef0b2011-06-09 18:50:44 -030037
Johan Hedberg2fd36552015-06-11 13:52:26 +030038#define SMP_DEV(hdev) \
39 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
40
Johan Hedbergc7a3d572014-12-01 22:03:16 +020041/* Low-level debug macros to be used for stuff that we don't want
Zheng Yongjun91641b72021-06-02 14:54:58 +080042 * accidentally in dmesg, i.e. the values of the various crypto keys
Johan Hedbergc7a3d572014-12-01 22:03:16 +020043 * and the inputs & outputs of crypto functions.
44 */
45#ifdef DEBUG
46#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
47 ##__VA_ARGS__)
48#else
49#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
50 ##__VA_ARGS__)
51#endif
52
Johan Hedbergb28b4942014-09-05 22:19:55 +030053#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
Johan Hedbergb28b4942014-09-05 22:19:55 +030054
Johan Hedberg3b191462014-06-06 10:50:15 +030055/* Keys which are not distributed with Secure Connections */
Meng Yuc29fb5f2021-03-23 14:22:56 +080056#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY)
Johan Hedberg3b191462014-06-06 10:50:15 +030057
Marcel Holtmann17b02e62012-03-01 14:32:37 -080058#define SMP_TIMEOUT msecs_to_jiffies(30000)
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -030059
Luiz Augusto von Dentzb8b23002023-03-08 16:16:31 -080060#define ID_ADDR_TIMEOUT msecs_to_jiffies(200)
61
Marcel Holtmannd7a5a112015-03-13 02:11:00 -070062#define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
Johan Hedberga62da6f2016-12-08 08:32:54 +020063 0x3f : 0x07)
Johan Hedberg0edb14d2014-05-26 13:29:28 +030064#define KEY_DIST_MASK 0x07
Johan Hedberg065a13e2012-10-11 16:26:06 +020065
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +030066/* Maximum message length that can be passed to aes_cmac */
67#define CMAC_MSG_MAX 80
68
Johan Hedberg533e35d2014-06-16 19:25:18 +030069enum {
70 SMP_FLAG_TK_VALID,
71 SMP_FLAG_CFM_PENDING,
72 SMP_FLAG_MITM_AUTH,
73 SMP_FLAG_COMPLETE,
74 SMP_FLAG_INITIATOR,
Johan Hedberg65668772014-05-16 11:03:34 +030075 SMP_FLAG_SC,
Johan Hedbergd8f8edb2014-06-06 11:09:28 +030076 SMP_FLAG_REMOTE_PK,
Johan Hedbergaeb7d462014-05-31 18:52:28 +030077 SMP_FLAG_DEBUG_KEY,
Johan Hedberg38606f12014-06-25 11:10:28 +030078 SMP_FLAG_WAIT_USER,
Johan Hedbergd3e54a82014-06-04 11:07:40 +030079 SMP_FLAG_DHKEY_PENDING,
Johan Hedberg1a8bab42015-03-16 11:45:44 +020080 SMP_FLAG_REMOTE_OOB,
81 SMP_FLAG_LOCAL_OOB,
Johan Hedberga62da6f2016-12-08 08:32:54 +020082 SMP_FLAG_CT2,
Johan Hedberg533e35d2014-06-16 19:25:18 +030083};
Johan Hedberg4bc58f52014-05-20 09:45:47 +030084
Marcel Holtmann88a479d2015-03-16 01:10:19 -070085struct smp_dev {
Marcel Holtmann60a27d62015-03-16 01:10:22 -070086 /* Secure Connections OOB data */
Johan Hedberg94f14e42018-09-11 14:10:12 +030087 bool local_oob;
Marcel Holtmann60a27d62015-03-16 01:10:22 -070088 u8 local_pk[64];
Marcel Holtmannfb334fe2015-03-16 12:34:57 -070089 u8 local_rand[16];
Marcel Holtmann60a27d62015-03-16 01:10:22 -070090 bool debug_key;
91
Herbert Xu71af2f62016-01-24 21:18:30 +080092 struct crypto_shash *tfm_cmac;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +030093 struct crypto_kpp *tfm_ecdh;
Marcel Holtmann88a479d2015-03-16 01:10:19 -070094};
95
Johan Hedberg4bc58f52014-05-20 09:45:47 +030096struct smp_chan {
Johan Hedbergb68fda62014-08-11 22:06:40 +030097 struct l2cap_conn *conn;
98 struct delayed_work security_timer;
Johan Hedbergb28b4942014-09-05 22:19:55 +030099 unsigned long allow_cmd; /* Bitmask of allowed commands */
Johan Hedbergb68fda62014-08-11 22:06:40 +0300100
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300101 u8 preq[7]; /* SMP Pairing Request */
102 u8 prsp[7]; /* SMP Pairing Response */
103 u8 prnd[16]; /* SMP Pairing Random (local) */
104 u8 rrnd[16]; /* SMP Pairing Random (remote) */
105 u8 pcnf[16]; /* SMP Pairing Confirm */
106 u8 tk[16]; /* SMP Temporary Key */
Johan Hedberg882fafa2015-03-16 11:45:43 +0200107 u8 rr[16]; /* Remote OOB ra/rb value */
108 u8 lr[16]; /* Local OOB ra/rb value */
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300109 u8 enc_key_size;
110 u8 remote_key_dist;
111 bdaddr_t id_addr;
112 u8 id_addr_type;
113 u8 irk[16];
114 struct smp_csrk *csrk;
Archie Pusakafad646e2021-05-31 16:37:25 +0800115 struct smp_csrk *responder_csrk;
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300116 struct smp_ltk *ltk;
Archie Pusakafad646e2021-05-31 16:37:25 +0800117 struct smp_ltk *responder_ltk;
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300118 struct smp_irk *remote_irk;
Johan Hedberg6a770832014-06-06 11:54:04 +0300119 u8 *link_key;
Johan Hedberg4a74d652014-05-20 09:45:50 +0300120 unsigned long flags;
Johan Hedberg783e0572014-05-31 18:48:26 +0300121 u8 method;
Johan Hedberg38606f12014-06-25 11:10:28 +0300122 u8 passkey_round;
Johan Hedberg6a7bd102014-06-27 14:23:03 +0300123
Johan Hedberg3b191462014-06-06 10:50:15 +0300124 /* Secure Connections variables */
125 u8 local_pk[64];
Johan Hedbergd8f8edb2014-06-06 11:09:28 +0300126 u8 remote_pk[64];
127 u8 dhkey[32];
Johan Hedberg760b0182014-06-06 11:44:05 +0300128 u8 mackey[16];
Johan Hedberg3b191462014-06-06 10:50:15 +0300129
Herbert Xu71af2f62016-01-24 21:18:30 +0800130 struct crypto_shash *tfm_cmac;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +0300131 struct crypto_kpp *tfm_ecdh;
Johan Hedberg4bc58f52014-05-20 09:45:47 +0300132};
133
Johan Hedbergaeb7d462014-05-31 18:52:28 +0300134/* These debug key values are defined in the SMP section of the core
135 * specification. debug_pk is the public debug key and debug_sk the
136 * private debug key.
137 */
138static const u8 debug_pk[64] = {
139 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
140 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
141 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
142 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
143
144 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
145 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
146 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
147 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
148};
149
150static const u8 debug_sk[32] = {
151 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
152 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
153 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
154 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
155};
156
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300157static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300158{
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300159 size_t i;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300160
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300161 for (i = 0; i < len; i++)
162 dst[len - 1 - i] = src[i];
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300163}
164
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200165/* The following functions map to the LE SC SMP crypto functions
166 * AES-CMAC, f4, f5, f6, g2 and h6.
167 */
168
Herbert Xu71af2f62016-01-24 21:18:30 +0800169static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300170 size_t len, u8 mac[16])
171{
172 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300173 int err;
174
175 if (len > CMAC_MSG_MAX)
176 return -EFBIG;
177
178 if (!tfm) {
179 BT_ERR("tfm %p", tfm);
180 return -EINVAL;
181 }
182
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300183 /* Swap key and message from LSB to MSB */
184 swap_buf(k, tmp, 16);
185 swap_buf(m, msg_msb, len);
186
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200187 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
188 SMP_DBG("key %16phN", k);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300189
Herbert Xu71af2f62016-01-24 21:18:30 +0800190 err = crypto_shash_setkey(tfm, tmp, 16);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300191 if (err) {
192 BT_ERR("cipher setkey failed: %d", err);
193 return err;
194 }
195
Eric Biggersec0bf6e2020-05-01 22:31:19 -0700196 err = crypto_shash_tfm_digest(tfm, msg_msb, len, mac_msb);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300197 if (err) {
Herbert Xu71af2f62016-01-24 21:18:30 +0800198 BT_ERR("Hash computation error %d", err);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300199 return err;
200 }
201
202 swap_buf(mac_msb, mac, 16);
203
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200204 SMP_DBG("mac %16phN", mac);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300205
206 return 0;
207}
208
Herbert Xu71af2f62016-01-24 21:18:30 +0800209static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
210 const u8 v[32], const u8 x[16], u8 z, u8 res[16])
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300211{
212 u8 m[65];
213 int err;
214
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200215 SMP_DBG("u %32phN", u);
216 SMP_DBG("v %32phN", v);
217 SMP_DBG("x %16phN z %02x", x, z);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300218
219 m[0] = z;
220 memcpy(m + 1, v, 32);
221 memcpy(m + 33, u, 32);
222
223 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
224 if (err)
225 return err;
226
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200227 SMP_DBG("res %16phN", res);
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300228
229 return err;
230}
231
Herbert Xu71af2f62016-01-24 21:18:30 +0800232static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
Johan Hedberg4da50de2014-12-29 12:04:10 +0200233 const u8 n1[16], const u8 n2[16], const u8 a1[7],
234 const u8 a2[7], u8 mackey[16], u8 ltk[16])
Johan Hedberg760b0182014-06-06 11:44:05 +0300235{
236 /* The btle, salt and length "magic" values are as defined in
237 * the SMP section of the Bluetooth core specification. In ASCII
238 * the btle value ends up being 'btle'. The salt is just a
239 * random number whereas length is the value 256 in little
240 * endian format.
241 */
242 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
243 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
244 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
245 const u8 length[2] = { 0x00, 0x01 };
246 u8 m[53], t[16];
247 int err;
248
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200249 SMP_DBG("w %32phN", w);
250 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
251 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300252
253 err = aes_cmac(tfm_cmac, salt, w, 32, t);
254 if (err)
255 return err;
256
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200257 SMP_DBG("t %16phN", t);
Johan Hedberg760b0182014-06-06 11:44:05 +0300258
259 memcpy(m, length, 2);
260 memcpy(m + 2, a2, 7);
261 memcpy(m + 9, a1, 7);
262 memcpy(m + 16, n2, 16);
263 memcpy(m + 32, n1, 16);
264 memcpy(m + 48, btle, 4);
265
266 m[52] = 0; /* Counter */
267
268 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
269 if (err)
270 return err;
271
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200272 SMP_DBG("mackey %16phN", mackey);
Johan Hedberg760b0182014-06-06 11:44:05 +0300273
274 m[52] = 1; /* Counter */
275
276 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
277 if (err)
278 return err;
279
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200280 SMP_DBG("ltk %16phN", ltk);
Johan Hedberg760b0182014-06-06 11:44:05 +0300281
282 return 0;
283}
284
Herbert Xu71af2f62016-01-24 21:18:30 +0800285static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg4da50de2014-12-29 12:04:10 +0200286 const u8 n1[16], const u8 n2[16], const u8 r[16],
Johan Hedberg760b0182014-06-06 11:44:05 +0300287 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
288 u8 res[16])
289{
290 u8 m[65];
291 int err;
292
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200293 SMP_DBG("w %16phN", w);
294 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
295 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
Johan Hedberg760b0182014-06-06 11:44:05 +0300296
297 memcpy(m, a2, 7);
298 memcpy(m + 7, a1, 7);
299 memcpy(m + 14, io_cap, 3);
300 memcpy(m + 17, r, 16);
301 memcpy(m + 33, n2, 16);
302 memcpy(m + 49, n1, 16);
303
304 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
305 if (err)
306 return err;
307
Marcel Holtmann203de212014-12-31 20:01:22 -0800308 SMP_DBG("res %16phN", res);
Johan Hedberg760b0182014-06-06 11:44:05 +0300309
310 return err;
311}
312
Herbert Xu71af2f62016-01-24 21:18:30 +0800313static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 v[32],
Johan Hedberg191dc7fe22014-06-06 11:39:49 +0300314 const u8 x[16], const u8 y[16], u32 *val)
315{
316 u8 m[80], tmp[16];
317 int err;
318
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200319 SMP_DBG("u %32phN", u);
320 SMP_DBG("v %32phN", v);
321 SMP_DBG("x %16phN y %16phN", x, y);
Johan Hedberg191dc7fe22014-06-06 11:39:49 +0300322
323 memcpy(m, y, 16);
324 memcpy(m + 16, v, 32);
325 memcpy(m + 48, u, 32);
326
327 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
328 if (err)
329 return err;
330
331 *val = get_unaligned_le32(tmp);
332 *val %= 1000000;
333
Johan Hedbergc7a3d572014-12-01 22:03:16 +0200334 SMP_DBG("val %06u", *val);
Johan Hedberg191dc7fe22014-06-06 11:39:49 +0300335
336 return 0;
337}
338
Herbert Xu71af2f62016-01-24 21:18:30 +0800339static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200340 const u8 key_id[4], u8 res[16])
341{
342 int err;
343
344 SMP_DBG("w %16phN key_id %4phN", w, key_id);
345
346 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
347 if (err)
348 return err;
349
350 SMP_DBG("res %16phN", res);
351
352 return err;
353}
354
Johan Hedberga62da6f2016-12-08 08:32:54 +0200355static int smp_h7(struct crypto_shash *tfm_cmac, const u8 w[16],
356 const u8 salt[16], u8 res[16])
357{
358 int err;
359
360 SMP_DBG("w %16phN salt %16phN", w, salt);
361
362 err = aes_cmac(tfm_cmac, salt, w, 16, res);
363 if (err)
364 return err;
365
366 SMP_DBG("res %16phN", res);
367
368 return err;
369}
370
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200371/* The following functions map to the legacy SMP crypto functions e, c1,
372 * s1 and ah.
373 */
374
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200375static int smp_e(const u8 *k, u8 *r)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300376{
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200377 struct crypto_aes_ctx ctx;
Johan Hedberg943a7322014-03-18 12:58:24 +0200378 uint8_t tmp[16], data[16];
Johan Hedberg201a5922013-12-02 10:49:04 +0200379 int err;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300380
Johan Hedberg011c3912015-05-19 21:06:04 +0300381 SMP_DBG("k %16phN r %16phN", k, r);
382
Johan Hedberg943a7322014-03-18 12:58:24 +0200383 /* The most significant octet of key corresponds to k[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300384 swap_buf(k, tmp, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200385
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200386 err = aes_expandkey(&ctx, tmp, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300387 if (err) {
388 BT_ERR("cipher setkey failed: %d", err);
389 return err;
390 }
391
Johan Hedberg943a7322014-03-18 12:58:24 +0200392 /* Most significant octet of plaintextData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300393 swap_buf(r, data, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200394
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200395 aes_encrypt(&ctx, data, data);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300396
Johan Hedberg943a7322014-03-18 12:58:24 +0200397 /* Most significant octet of encryptedData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300398 swap_buf(data, r, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200399
Johan Hedberg011c3912015-05-19 21:06:04 +0300400 SMP_DBG("r %16phN", r);
401
Meng Yuc29fb5f2021-03-23 14:22:56 +0800402 memzero_explicit(&ctx, sizeof(ctx));
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300403 return err;
404}
405
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200406static int smp_c1(const u8 k[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200407 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
408 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
409{
410 u8 p1[16], p2[16];
411 int err;
412
Johan Hedberg011c3912015-05-19 21:06:04 +0300413 SMP_DBG("k %16phN r %16phN", k, r);
414 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
415 SMP_DBG("preq %7phN pres %7phN", preq, pres);
416
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200417 memset(p1, 0, 16);
418
419 /* p1 = pres || preq || _rat || _iat */
420 p1[0] = _iat;
421 p1[1] = _rat;
422 memcpy(p1 + 2, preq, 7);
423 memcpy(p1 + 9, pres, 7);
424
Johan Hedberg011c3912015-05-19 21:06:04 +0300425 SMP_DBG("p1 %16phN", p1);
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200426
427 /* res = r XOR p1 */
Ard Biesheuvelef0bb5a2021-01-05 17:10:53 +0100428 crypto_xor_cpy(res, r, p1, sizeof(p1));
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200429
430 /* res = e(k, res) */
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200431 err = smp_e(k, res);
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200432 if (err) {
433 BT_ERR("Encrypt data error");
434 return err;
435 }
436
Johan Hedberg011c3912015-05-19 21:06:04 +0300437 /* p2 = padding || ia || ra */
438 memcpy(p2, ra, 6);
439 memcpy(p2 + 6, ia, 6);
440 memset(p2 + 12, 0, 4);
441
442 SMP_DBG("p2 %16phN", p2);
443
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200444 /* res = res XOR p2 */
Ard Biesheuvelef0bb5a2021-01-05 17:10:53 +0100445 crypto_xor(res, p2, sizeof(p2));
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200446
447 /* res = e(k, res) */
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200448 err = smp_e(k, res);
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200449 if (err)
450 BT_ERR("Encrypt data error");
451
452 return err;
453}
454
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200455static int smp_s1(const u8 k[16],
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200456 const u8 r1[16], const u8 r2[16], u8 _r[16])
Johan Hedberg6a770832014-06-06 11:54:04 +0300457{
458 int err;
459
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200460 /* Just least significant octets from r1 and r2 are considered */
461 memcpy(_r, r2, 8);
462 memcpy(_r + 8, r1, 8);
Johan Hedberg6a770832014-06-06 11:54:04 +0300463
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200464 err = smp_e(k, _r);
Johan Hedberg6a770832014-06-06 11:54:04 +0300465 if (err)
Johan Hedberg06edf8d2014-12-02 13:39:23 +0200466 BT_ERR("Encrypt data error");
Johan Hedberg6a770832014-06-06 11:54:04 +0300467
468 return err;
469}
470
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200471static int smp_ah(const u8 irk[16], const u8 r[3], u8 res[3])
Johan Hedberg60478052014-02-18 10:19:31 +0200472{
Johan Hedberg943a7322014-03-18 12:58:24 +0200473 u8 _res[16];
Johan Hedberg60478052014-02-18 10:19:31 +0200474 int err;
475
476 /* r' = padding || r */
Johan Hedberg943a7322014-03-18 12:58:24 +0200477 memcpy(_res, r, 3);
478 memset(_res + 3, 0, 13);
Johan Hedberg60478052014-02-18 10:19:31 +0200479
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200480 err = smp_e(irk, _res);
Johan Hedberg60478052014-02-18 10:19:31 +0200481 if (err) {
482 BT_ERR("Encrypt error");
483 return err;
484 }
485
486 /* The output of the random address function ah is:
Marcel Holtmannc5080d42015-09-04 17:08:18 +0200487 * ah(k, r) = e(k, r') mod 2^24
Johan Hedberg60478052014-02-18 10:19:31 +0200488 * The output of the security function e is then truncated to 24 bits
489 * by taking the least significant 24 bits of the output of e as the
490 * result of ah.
491 */
Johan Hedberg943a7322014-03-18 12:58:24 +0200492 memcpy(res, _res, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200493
494 return 0;
495}
496
Johan Hedbergcd082792014-12-02 13:37:41 +0200497bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
498 const bdaddr_t *bdaddr)
Johan Hedberg60478052014-02-18 10:19:31 +0200499{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300500 struct l2cap_chan *chan = hdev->smp_data;
Johan Hedberg60478052014-02-18 10:19:31 +0200501 u8 hash[3];
502 int err;
503
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300504 if (!chan || !chan->data)
505 return false;
506
Marcel Holtmann56860242020-05-06 09:57:50 +0200507 bt_dev_dbg(hdev, "RPA %pMR IRK %*phN", bdaddr, 16, irk);
Johan Hedberg60478052014-02-18 10:19:31 +0200508
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200509 err = smp_ah(irk, &bdaddr->b[3], hash);
Johan Hedberg60478052014-02-18 10:19:31 +0200510 if (err)
511 return false;
512
Jason A. Donenfeld329d8232017-06-10 04:59:11 +0200513 return !crypto_memneq(bdaddr->b, hash, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200514}
515
Johan Hedbergcd082792014-12-02 13:37:41 +0200516int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200517{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300518 struct l2cap_chan *chan = hdev->smp_data;
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200519 int err;
520
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300521 if (!chan || !chan->data)
522 return -EOPNOTSUPP;
523
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200524 get_random_bytes(&rpa->b[3], 3);
525
526 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
527 rpa->b[5] |= 0x40; /* Set second most significant bit */
528
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200529 err = smp_ah(irk, &rpa->b[3], rpa->b);
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200530 if (err < 0)
531 return err;
532
Marcel Holtmann56860242020-05-06 09:57:50 +0200533 bt_dev_dbg(hdev, "RPA %pMR", rpa);
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200534
535 return 0;
536}
537
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700538int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
539{
540 struct l2cap_chan *chan = hdev->smp_data;
541 struct smp_dev *smp;
542 int err;
543
544 if (!chan || !chan->data)
545 return -EOPNOTSUPP;
546
547 smp = chan->data;
548
549 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
Marcel Holtmann56860242020-05-06 09:57:50 +0200550 bt_dev_dbg(hdev, "Using debug keys");
Tudor Ambarusc0153b02017-09-28 17:14:55 +0300551 err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk);
552 if (err)
553 return err;
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700554 memcpy(smp->local_pk, debug_pk, 64);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700555 smp->debug_key = true;
556 } else {
557 while (true) {
Tudor Ambarusc0153b02017-09-28 17:14:55 +0300558 /* Generate key pair for Secure Connections */
559 err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk);
Tudor Ambarusa2976412017-09-28 17:14:52 +0300560 if (err)
561 return err;
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700562
563 /* This is unlikely, but we need to check that
Zheng Yongjun91641b72021-06-02 14:54:58 +0800564 * we didn't accidentally generate a debug key.
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700565 */
Tudor Ambarusc0153b02017-09-28 17:14:55 +0300566 if (crypto_memneq(smp->local_pk, debug_pk, 64))
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700567 break;
568 }
569 smp->debug_key = false;
570 }
571
572 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
573 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700574
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700575 get_random_bytes(smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700576
577 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700578 smp->local_rand, 0, hash);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700579 if (err < 0)
580 return err;
581
Marcel Holtmannfb334fe2015-03-16 12:34:57 -0700582 memcpy(rand, smp->local_rand, 16);
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700583
Johan Hedberg94f14e42018-09-11 14:10:12 +0300584 smp->local_oob = true;
585
Marcel Holtmann60a27d62015-03-16 01:10:22 -0700586 return 0;
587}
588
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300589static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
590{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300591 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300592 struct smp_chan *smp;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300593 struct kvec iv[2];
594 struct msghdr msg;
595
596 if (!chan)
597 return;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300598
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -0700599 bt_dev_dbg(conn->hcon->hdev, "code 0x%2.2x", code);
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300600
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300601 iv[0].iov_base = &code;
602 iv[0].iov_len = 1;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300603
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300604 iv[1].iov_base = data;
605 iv[1].iov_len = len;
606
607 memset(&msg, 0, sizeof(msg));
608
Al Virode4eda92022-09-15 20:25:47 -0400609 iov_iter_kvec(&msg.msg_iter, ITER_SOURCE, iv, 2, 1 + len);
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300610
611 l2cap_chan_send(chan, &msg, 1 + len);
Vinicius Costa Gomese2dcd112011-08-19 21:06:50 -0300612
Johan Hedbergb68fda62014-08-11 22:06:40 +0300613 if (!chan->data)
614 return;
615
616 smp = chan->data;
617
618 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg1b0921d2014-09-05 22:19:48 +0300619 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300620}
621
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300622static u8 authreq_to_seclevel(u8 authreq)
Brian Gix2b64d152011-12-21 16:12:12 -0800623{
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300624 if (authreq & SMP_AUTH_MITM) {
625 if (authreq & SMP_AUTH_SC)
626 return BT_SECURITY_FIPS;
627 else
628 return BT_SECURITY_HIGH;
629 } else {
Brian Gix2b64d152011-12-21 16:12:12 -0800630 return BT_SECURITY_MEDIUM;
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300631 }
Brian Gix2b64d152011-12-21 16:12:12 -0800632}
633
634static __u8 seclevel_to_authreq(__u8 sec_level)
635{
636 switch (sec_level) {
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300637 case BT_SECURITY_FIPS:
Brian Gix2b64d152011-12-21 16:12:12 -0800638 case BT_SECURITY_HIGH:
639 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
640 case BT_SECURITY_MEDIUM:
641 return SMP_AUTH_BONDING;
642 default:
643 return SMP_AUTH_NONE;
644 }
645}
646
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300647static void build_pairing_cmd(struct l2cap_conn *conn,
Marcel Holtmannf1560462013-10-13 05:43:25 -0700648 struct smp_cmd_pairing *req,
649 struct smp_cmd_pairing *rsp, __u8 authreq)
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300650{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300651 struct l2cap_chan *chan = conn->smp;
652 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200653 struct hci_conn *hcon = conn->hcon;
654 struct hci_dev *hdev = hcon->hdev;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100655 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300656
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700657 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -0700658 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
659 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300660 authreq |= SMP_AUTH_BONDING;
Brian Gix2b64d152011-12-21 16:12:12 -0800661 } else {
662 authreq &= ~SMP_AUTH_BONDING;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300663 }
664
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700665 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergfd349c02014-02-18 10:19:36 +0200666 remote_dist |= SMP_DIST_ID_KEY;
667
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700668 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedberg863efaf2014-02-22 19:06:32 +0200669 local_dist |= SMP_DIST_ID_KEY;
670
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700671 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100672 (authreq & SMP_AUTH_SC)) {
673 struct oob_data *oob_data;
674 u8 bdaddr_type;
675
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700676 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300677 local_dist |= SMP_DIST_LINK_KEY;
678 remote_dist |= SMP_DIST_LINK_KEY;
679 }
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100680
681 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
682 bdaddr_type = BDADDR_LE_PUBLIC;
683 else
684 bdaddr_type = BDADDR_LE_RANDOM;
685
686 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
687 bdaddr_type);
Marcel Holtmann4775a4e2015-01-31 00:15:52 -0800688 if (oob_data && oob_data->present) {
Johan Hedberg1a8bab42015-03-16 11:45:44 +0200689 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100690 oob_flag = SMP_OOB_PRESENT;
Johan Hedberga29b0732014-10-28 15:17:05 +0100691 memcpy(smp->rr, oob_data->rand256, 16);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100692 memcpy(smp->pcnf, oob_data->hash256, 16);
Marcel Holtmannbc07cd62015-03-16 12:34:56 -0700693 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
694 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100695 }
696
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300697 } else {
698 authreq &= ~SMP_AUTH_SC;
699 }
700
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300701 if (rsp == NULL) {
702 req->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100703 req->oob_flag = oob_flag;
Matias Karhumaa30d65e02018-09-28 21:54:30 +0300704 req->max_key_size = hdev->le_max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200705 req->init_key_dist = local_dist;
706 req->resp_key_dist = remote_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300707 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200708
709 smp->remote_key_dist = remote_dist;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300710 return;
711 }
712
713 rsp->io_capability = conn->hcon->io_capability;
Johan Hedberg02b05bd2014-10-26 21:19:10 +0100714 rsp->oob_flag = oob_flag;
Matias Karhumaa30d65e02018-09-28 21:54:30 +0300715 rsp->max_key_size = hdev->le_max_key_size;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200716 rsp->init_key_dist = req->init_key_dist & remote_dist;
717 rsp->resp_key_dist = req->resp_key_dist & local_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300718 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200719
720 smp->remote_key_dist = rsp->init_key_dist;
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300721}
722
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300723static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
724{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300725 struct l2cap_chan *chan = conn->smp;
Johan Hedberg2fd36552015-06-11 13:52:26 +0300726 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300727 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -0300728
Łukasz Rymanowski49c06c92020-05-13 10:18:53 +0200729 if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS &&
730 max_key_size != SMP_MAX_ENC_KEY_SIZE)
731 return SMP_ENC_KEY_SIZE;
732
Matias Karhumaa30d65e02018-09-28 21:54:30 +0300733 if (max_key_size > hdev->le_max_key_size ||
Johan Hedberg2fd36552015-06-11 13:52:26 +0300734 max_key_size < SMP_MIN_ENC_KEY_SIZE)
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300735 return SMP_ENC_KEY_SIZE;
736
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300737 smp->enc_key_size = max_key_size;
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300738
739 return 0;
740}
741
Johan Hedberg6f48e262014-08-11 22:06:44 +0300742static void smp_chan_destroy(struct l2cap_conn *conn)
743{
744 struct l2cap_chan *chan = conn->smp;
745 struct smp_chan *smp = chan->data;
Johan Hedberg923e2412014-12-03 12:43:39 +0200746 struct hci_conn *hcon = conn->hcon;
Johan Hedberg6f48e262014-08-11 22:06:44 +0300747 bool complete;
748
749 BUG_ON(!smp);
750
751 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300752
Johan Hedberg6f48e262014-08-11 22:06:44 +0300753 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
Johan Hedberg923e2412014-12-03 12:43:39 +0200754 mgmt_smp_complete(hcon, complete);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300755
Waiman Long453431a2020-08-06 23:18:13 -0700756 kfree_sensitive(smp->csrk);
Archie Pusakafad646e2021-05-31 16:37:25 +0800757 kfree_sensitive(smp->responder_csrk);
Waiman Long453431a2020-08-06 23:18:13 -0700758 kfree_sensitive(smp->link_key);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300759
Herbert Xu71af2f62016-01-24 21:18:30 +0800760 crypto_free_shash(smp->tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +0300761 crypto_free_kpp(smp->tfm_ecdh);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300762
Johan Hedberg923e2412014-12-03 12:43:39 +0200763 /* Ensure that we don't leave any debug key around if debug key
764 * support hasn't been explicitly enabled.
765 */
766 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700767 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
Johan Hedberg923e2412014-12-03 12:43:39 +0200768 list_del_rcu(&smp->ltk->list);
769 kfree_rcu(smp->ltk, rcu);
770 smp->ltk = NULL;
771 }
772
Johan Hedberg6f48e262014-08-11 22:06:44 +0300773 /* If pairing failed clean up any keys we might have */
774 if (!complete) {
775 if (smp->ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200776 list_del_rcu(&smp->ltk->list);
777 kfree_rcu(smp->ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300778 }
779
Archie Pusakafad646e2021-05-31 16:37:25 +0800780 if (smp->responder_ltk) {
781 list_del_rcu(&smp->responder_ltk->list);
782 kfree_rcu(smp->responder_ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300783 }
784
785 if (smp->remote_irk) {
Johan Hedbergadae20c2014-11-13 14:37:48 +0200786 list_del_rcu(&smp->remote_irk->list);
787 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300788 }
789 }
790
791 chan->data = NULL;
Waiman Long453431a2020-08-06 23:18:13 -0700792 kfree_sensitive(smp);
Johan Hedberg923e2412014-12-03 12:43:39 +0200793 hci_conn_drop(hcon);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300794}
795
Johan Hedberg84794e12013-11-06 11:24:57 +0200796static void smp_failure(struct l2cap_conn *conn, u8 reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800797{
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200798 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300799 struct l2cap_chan *chan = conn->smp;
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200800
Johan Hedberg84794e12013-11-06 11:24:57 +0200801 if (reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800802 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
Marcel Holtmannf1560462013-10-13 05:43:25 -0700803 &reason);
Brian Gix4f957a72011-11-23 08:28:36 -0800804
Johan Hedberge1e930f2014-09-08 17:09:49 -0700805 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300806
Johan Hedbergfc75cc82014-09-05 22:19:52 +0300807 if (chan->data)
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300808 smp_chan_destroy(conn);
Brian Gix4f957a72011-11-23 08:28:36 -0800809}
810
Brian Gix2b64d152011-12-21 16:12:12 -0800811#define JUST_WORKS 0x00
812#define JUST_CFM 0x01
813#define REQ_PASSKEY 0x02
814#define CFM_PASSKEY 0x03
815#define REQ_OOB 0x04
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300816#define DSP_PASSKEY 0x05
Brian Gix2b64d152011-12-21 16:12:12 -0800817#define OVERLAP 0xFF
818
819static const u8 gen_method[5][5] = {
820 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
821 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
822 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
823 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
824 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
825};
826
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300827static const u8 sc_method[5][5] = {
828 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
829 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
830 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
831 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
832 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
833};
834
Johan Hedberg581370c2014-06-17 13:07:38 +0300835static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
836{
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300837 /* If either side has unknown io_caps, use JUST_CFM (which gets
838 * converted later to JUST_WORKS if we're initiators.
839 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300840 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
841 remote_io > SMP_IO_KEYBOARD_DISPLAY)
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300842 return JUST_CFM;
Johan Hedberg581370c2014-06-17 13:07:38 +0300843
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300844 if (test_bit(SMP_FLAG_SC, &smp->flags))
845 return sc_method[remote_io][local_io];
846
Johan Hedberg581370c2014-06-17 13:07:38 +0300847 return gen_method[remote_io][local_io];
848}
849
Brian Gix2b64d152011-12-21 16:12:12 -0800850static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
851 u8 local_io, u8 remote_io)
852{
853 struct hci_conn *hcon = conn->hcon;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300854 struct l2cap_chan *chan = conn->smp;
855 struct smp_chan *smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -0800856 u32 passkey = 0;
Guenter Roeckd1d900f2020-04-06 11:54:38 -0700857 int ret;
Brian Gix2b64d152011-12-21 16:12:12 -0800858
859 /* Initialize key for JUST WORKS */
860 memset(smp->tk, 0, sizeof(smp->tk));
Johan Hedberg4a74d652014-05-20 09:45:50 +0300861 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800862
Kai Ye83b4b192021-06-03 15:41:05 +0800863 bt_dev_dbg(hcon->hdev, "auth:%u lcl:%u rem:%u", auth, local_io,
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -0700864 remote_io);
Brian Gix2b64d152011-12-21 16:12:12 -0800865
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300866 /* If neither side wants MITM, either "just" confirm an incoming
867 * request or use just-works for outgoing ones. The JUST_CFM
868 * will be converted to JUST_WORKS if necessary later in this
869 * function. If either side has MITM look up the method from the
870 * table.
871 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300872 if (!(auth & SMP_AUTH_MITM))
Johan Hedberg783e0572014-05-31 18:48:26 +0300873 smp->method = JUST_CFM;
Brian Gix2b64d152011-12-21 16:12:12 -0800874 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300875 smp->method = get_auth_method(smp, local_io, remote_io);
Brian Gix2b64d152011-12-21 16:12:12 -0800876
Johan Hedberga82505c2014-03-24 14:39:07 +0200877 /* Don't confirm locally initiated pairing attempts */
Johan Hedberg783e0572014-05-31 18:48:26 +0300878 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
879 &smp->flags))
880 smp->method = JUST_WORKS;
Johan Hedberga82505c2014-03-24 14:39:07 +0200881
Johan Hedberg02f3e252014-07-16 15:09:13 +0300882 /* Don't bother user space with no IO capabilities */
Johan Hedberg783e0572014-05-31 18:48:26 +0300883 if (smp->method == JUST_CFM &&
884 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
885 smp->method = JUST_WORKS;
Johan Hedberg02f3e252014-07-16 15:09:13 +0300886
Sonny Sasaka92516cd2020-03-27 17:34:23 -0700887 /* If Just Works, Continue with Zero TK and ask user-space for
888 * confirmation */
Johan Hedberg783e0572014-05-31 18:48:26 +0300889 if (smp->method == JUST_WORKS) {
Guenter Roeckd1d900f2020-04-06 11:54:38 -0700890 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
Sonny Sasaka92516cd2020-03-27 17:34:23 -0700891 hcon->type,
892 hcon->dst_type,
893 passkey, 1);
Guenter Roeckd1d900f2020-04-06 11:54:38 -0700894 if (ret)
895 return ret;
Sonny Sasaka92516cd2020-03-27 17:34:23 -0700896 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800897 return 0;
898 }
899
Johan Hedberg19c5ce92015-03-15 19:34:04 +0200900 /* If this function is used for SC -> legacy fallback we
901 * can only recover the just-works case.
902 */
903 if (test_bit(SMP_FLAG_SC, &smp->flags))
904 return -EINVAL;
905
Brian Gix2b64d152011-12-21 16:12:12 -0800906 /* Not Just Works/Confirm results in MITM Authentication */
Johan Hedberg783e0572014-05-31 18:48:26 +0300907 if (smp->method != JUST_CFM) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300908 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
Johan Hedberg5eb596f2014-09-18 11:26:32 +0300909 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
910 hcon->pending_sec_level = BT_SECURITY_HIGH;
911 }
Brian Gix2b64d152011-12-21 16:12:12 -0800912
Archie Pusaka74be5232021-06-04 16:26:25 +0800913 /* If both devices have Keyboard-Display I/O, the initiator
914 * Confirms and the responder Enters the passkey.
Brian Gix2b64d152011-12-21 16:12:12 -0800915 */
Johan Hedberg783e0572014-05-31 18:48:26 +0300916 if (smp->method == OVERLAP) {
Johan Hedberg40bef302014-07-16 11:42:27 +0300917 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg783e0572014-05-31 18:48:26 +0300918 smp->method = CFM_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800919 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300920 smp->method = REQ_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800921 }
922
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200923 /* Generate random passkey. */
Johan Hedberg783e0572014-05-31 18:48:26 +0300924 if (smp->method == CFM_PASSKEY) {
Johan Hedberg943a7322014-03-18 12:58:24 +0200925 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -0800926 get_random_bytes(&passkey, sizeof(passkey));
927 passkey %= 1000000;
Johan Hedberg943a7322014-03-18 12:58:24 +0200928 put_unaligned_le32(passkey, smp->tk);
Kai Ye83b4b192021-06-03 15:41:05 +0800929 bt_dev_dbg(hcon->hdev, "PassKey: %u", passkey);
Johan Hedberg4a74d652014-05-20 09:45:50 +0300930 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800931 }
932
Johan Hedberg783e0572014-05-31 18:48:26 +0300933 if (smp->method == REQ_PASSKEY)
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700934 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200935 hcon->type, hcon->dst_type);
Johan Hedberg783e0572014-05-31 18:48:26 +0300936 else if (smp->method == JUST_CFM)
Johan Hedberg4eb65e62014-03-24 14:39:05 +0200937 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
938 hcon->type, hcon->dst_type,
939 passkey, 1);
Brian Gix2b64d152011-12-21 16:12:12 -0800940 else
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200941 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200942 hcon->type, hcon->dst_type,
Johan Hedberg39adbff2014-03-20 08:18:14 +0200943 passkey, 0);
Brian Gix2b64d152011-12-21 16:12:12 -0800944
Brian Gix2b64d152011-12-21 16:12:12 -0800945 return ret;
946}
947
Johan Hedberg1cc61142014-05-20 09:45:52 +0300948static u8 smp_confirm(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300949{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300950 struct l2cap_conn *conn = smp->conn;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300951 struct smp_cmd_pairing_confirm cp;
952 int ret;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300953
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -0700954 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300955
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200956 ret = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200957 conn->hcon->init_addr_type, &conn->hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200958 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
959 cp.confirm_val);
Johan Hedberg1cc61142014-05-20 09:45:52 +0300960 if (ret)
961 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300962
Johan Hedberg4a74d652014-05-20 09:45:50 +0300963 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800964
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300965 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
966
Johan Hedbergb28b4942014-09-05 22:19:55 +0300967 if (conn->hcon->out)
968 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
969 else
970 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
971
Johan Hedberg1cc61142014-05-20 09:45:52 +0300972 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300973}
974
Johan Hedberg861580a2014-05-20 09:45:51 +0300975static u8 smp_random(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300976{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300977 struct l2cap_conn *conn = smp->conn;
978 struct hci_conn *hcon = conn->hcon;
Johan Hedberg861580a2014-05-20 09:45:51 +0300979 u8 confirm[16];
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300980 int ret;
981
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -0700982 bt_dev_dbg(conn->hcon->hdev, "conn %p %s", conn,
Archie Pusakafad646e2021-05-31 16:37:25 +0800983 conn->hcon->out ? "initiator" : "responder");
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300984
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +0200985 ret = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200986 hcon->init_addr_type, &hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200987 hcon->resp_addr_type, &hcon->resp_addr, confirm);
Johan Hedberg861580a2014-05-20 09:45:51 +0300988 if (ret)
989 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300990
Jason A. Donenfeld329d8232017-06-10 04:59:11 +0200991 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +0100992 bt_dev_err(hcon->hdev, "pairing failed "
993 "(confirmation values mismatch)");
Johan Hedberg861580a2014-05-20 09:45:51 +0300994 return SMP_CONFIRM_FAILED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300995 }
996
997 if (hcon->out) {
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -0800998 u8 stk[16];
999 __le64 rand = 0;
1000 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001001
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02001002 smp_s1(smp->tk, smp->rrnd, smp->prnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001003
Johan Hedberg861580a2014-05-20 09:45:51 +03001004 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1005 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001006
Johan Hedberg8b76ce32015-06-08 18:14:39 +03001007 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -03001008 hcon->enc_key_size = smp->enc_key_size;
Johan Hedbergfe59a052014-07-01 19:14:12 +03001009 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001010 } else {
Johan Hedbergfff34902014-06-10 15:19:50 +03001011 u8 stk[16], auth;
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -08001012 __le64 rand = 0;
1013 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001014
Johan Hedberg943a7322014-03-18 12:58:24 +02001015 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1016 smp->prnd);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001017
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02001018 smp_s1(smp->tk, smp->prnd, smp->rrnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001019
Johan Hedbergfff34902014-06-10 15:19:50 +03001020 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1021 auth = 1;
1022 else
1023 auth = 0;
1024
Archie Pusakafad646e2021-05-31 16:37:25 +08001025 /* Even though there's no _RESPONDER suffix this is the
1026 * responder STK we're adding for later lookup (the initiator
Johan Hedberg7d5843b72014-06-16 19:25:15 +03001027 * STK never needs to be stored).
1028 */
Marcel Holtmannce39fb42013-10-13 02:23:39 -07001029 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedberg2ceba532014-06-16 19:25:16 +03001030 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001031 }
1032
Johan Hedberg861580a2014-05-20 09:45:51 +03001033 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001034}
1035
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001036static void smp_notify_keys(struct l2cap_conn *conn)
1037{
1038 struct l2cap_chan *chan = conn->smp;
1039 struct smp_chan *smp = chan->data;
1040 struct hci_conn *hcon = conn->hcon;
1041 struct hci_dev *hdev = hcon->hdev;
1042 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1043 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1044 bool persistent;
1045
Johan Hedbergcad20c22015-10-12 13:36:19 +02001046 if (hcon->type == ACL_LINK) {
1047 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1048 persistent = false;
1049 else
1050 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1051 &hcon->flags);
1052 } else {
1053 /* The LTKs, IRKs and CSRKs should be persistent only if
1054 * both sides had the bonding bit set in their
1055 * authentication requests.
1056 */
1057 persistent = !!((req->auth_req & rsp->auth_req) &
1058 SMP_AUTH_BONDING);
1059 }
1060
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001061 if (smp->remote_irk) {
Johan Hedbergcad20c22015-10-12 13:36:19 +02001062 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1063
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001064 /* Now that user space can be considered to know the
1065 * identity address track the connection based on it
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001066 * from now on (assuming this is an LE link).
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001067 */
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001068 if (hcon->type == LE_LINK) {
1069 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1070 hcon->dst_type = smp->remote_irk->addr_type;
Luiz Augusto von Dentzb8b23002023-03-08 16:16:31 -08001071 /* Use a short delay to make sure the new address is
1072 * propagated _before_ the channels.
1073 */
1074 queue_delayed_work(hdev->workqueue,
1075 &conn->id_addr_timer,
1076 ID_ADDR_TIMEOUT);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001077 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001078 }
1079
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001080 if (smp->csrk) {
1081 smp->csrk->bdaddr_type = hcon->dst_type;
1082 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1083 mgmt_new_csrk(hdev, smp->csrk, persistent);
1084 }
1085
Archie Pusakafad646e2021-05-31 16:37:25 +08001086 if (smp->responder_csrk) {
1087 smp->responder_csrk->bdaddr_type = hcon->dst_type;
1088 bacpy(&smp->responder_csrk->bdaddr, &hcon->dst);
1089 mgmt_new_csrk(hdev, smp->responder_csrk, persistent);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001090 }
1091
1092 if (smp->ltk) {
1093 smp->ltk->bdaddr_type = hcon->dst_type;
1094 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1095 mgmt_new_ltk(hdev, smp->ltk, persistent);
1096 }
1097
Archie Pusakafad646e2021-05-31 16:37:25 +08001098 if (smp->responder_ltk) {
1099 smp->responder_ltk->bdaddr_type = hcon->dst_type;
1100 bacpy(&smp->responder_ltk->bdaddr, &hcon->dst);
1101 mgmt_new_ltk(hdev, smp->responder_ltk, persistent);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001102 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001103
1104 if (smp->link_key) {
Johan Hedberge3befab2014-06-01 16:33:39 +03001105 struct link_key *key;
1106 u8 type;
1107
1108 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1109 type = HCI_LK_DEBUG_COMBINATION;
1110 else if (hcon->sec_level == BT_SECURITY_FIPS)
1111 type = HCI_LK_AUTH_COMBINATION_P256;
1112 else
1113 type = HCI_LK_UNAUTH_COMBINATION_P256;
1114
1115 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1116 smp->link_key, type, 0, &persistent);
1117 if (key) {
1118 mgmt_new_link_key(hdev, key, persistent);
1119
1120 /* Don't keep debug keys around if the relevant
1121 * flag is not set.
1122 */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001123 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
Johan Hedberge3befab2014-06-01 16:33:39 +03001124 key->type == HCI_LK_DEBUG_COMBINATION) {
1125 list_del_rcu(&key->list);
1126 kfree_rcu(key, rcu);
1127 }
1128 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001129 }
1130}
1131
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001132static void sc_add_ltk(struct smp_chan *smp)
1133{
1134 struct hci_conn *hcon = smp->conn->hcon;
1135 u8 key_type, auth;
1136
1137 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1138 key_type = SMP_LTK_P256_DEBUG;
1139 else
1140 key_type = SMP_LTK_P256;
1141
1142 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1143 auth = 1;
1144 else
1145 auth = 0;
1146
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001147 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1148 key_type, auth, smp->tk, smp->enc_key_size,
1149 0, 0);
1150}
1151
Johan Hedberg6a770832014-06-06 11:54:04 +03001152static void sc_generate_link_key(struct smp_chan *smp)
1153{
Johan Hedberga62da6f2016-12-08 08:32:54 +02001154 /* From core spec. Spells out in ASCII as 'lebr'. */
Johan Hedberg6a770832014-06-06 11:54:04 +03001155 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1156
1157 smp->link_key = kzalloc(16, GFP_KERNEL);
1158 if (!smp->link_key)
1159 return;
1160
Johan Hedberga62da6f2016-12-08 08:32:54 +02001161 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
Christophe JAILLET151129d2020-01-27 23:36:09 +01001162 /* SALT = 0x000000000000000000000000746D7031 */
Johan Hedberga62da6f2016-12-08 08:32:54 +02001163 const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1164
1165 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
Waiman Long453431a2020-08-06 23:18:13 -07001166 kfree_sensitive(smp->link_key);
Johan Hedberga62da6f2016-12-08 08:32:54 +02001167 smp->link_key = NULL;
1168 return;
1169 }
1170 } else {
1171 /* From core spec. Spells out in ASCII as 'tmp1'. */
1172 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1173
1174 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
Waiman Long453431a2020-08-06 23:18:13 -07001175 kfree_sensitive(smp->link_key);
Johan Hedberga62da6f2016-12-08 08:32:54 +02001176 smp->link_key = NULL;
1177 return;
1178 }
Johan Hedberg6a770832014-06-06 11:54:04 +03001179 }
1180
1181 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
Waiman Long453431a2020-08-06 23:18:13 -07001182 kfree_sensitive(smp->link_key);
Johan Hedberg6a770832014-06-06 11:54:04 +03001183 smp->link_key = NULL;
1184 return;
1185 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001186}
1187
Johan Hedbergb28b4942014-09-05 22:19:55 +03001188static void smp_allow_key_dist(struct smp_chan *smp)
1189{
1190 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1191 * will be allowed in each PDU handler to ensure we receive
1192 * them in the correct order.
1193 */
1194 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1195 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1196 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1200}
1201
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001202static void sc_generate_ltk(struct smp_chan *smp)
1203{
Johan Hedberga62da6f2016-12-08 08:32:54 +02001204 /* From core spec. Spells out in ASCII as 'brle'. */
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001205 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1206 struct hci_conn *hcon = smp->conn->hcon;
1207 struct hci_dev *hdev = hcon->hdev;
1208 struct link_key *key;
1209
1210 key = hci_find_link_key(hdev, &hcon->dst);
1211 if (!key) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01001212 bt_dev_err(hdev, "no Link Key found to generate LTK");
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001213 return;
1214 }
1215
1216 if (key->type == HCI_LK_DEBUG_COMBINATION)
1217 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1218
Johan Hedberga62da6f2016-12-08 08:32:54 +02001219 if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
Christophe JAILLET151129d2020-01-27 23:36:09 +01001220 /* SALT = 0x000000000000000000000000746D7032 */
Johan Hedberga62da6f2016-12-08 08:32:54 +02001221 const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
1222
1223 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
1224 return;
1225 } else {
1226 /* From core spec. Spells out in ASCII as 'tmp2'. */
1227 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1228
1229 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1230 return;
1231 }
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001232
1233 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1234 return;
1235
1236 sc_add_ltk(smp);
1237}
1238
Johan Hedbergd6268e82014-09-05 22:19:51 +03001239static void smp_distribute_keys(struct smp_chan *smp)
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001240{
1241 struct smp_cmd_pairing *req, *rsp;
Johan Hedberg86d14072014-08-11 22:06:43 +03001242 struct l2cap_conn *conn = smp->conn;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001243 struct hci_conn *hcon = conn->hcon;
1244 struct hci_dev *hdev = hcon->hdev;
1245 __u8 *keydist;
1246
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001247 bt_dev_dbg(hdev, "conn %p", conn);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001248
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001249 rsp = (void *) &smp->prsp[1];
1250
1251 /* The responder sends its keys first */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001252 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1253 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001254 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001255 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001256
1257 req = (void *) &smp->preq[1];
1258
1259 if (hcon->out) {
1260 keydist = &rsp->init_key_dist;
1261 *keydist &= req->init_key_dist;
1262 } else {
1263 keydist = &rsp->resp_key_dist;
1264 *keydist &= req->resp_key_dist;
1265 }
1266
Johan Hedberg6a770832014-06-06 11:54:04 +03001267 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001268 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
Johan Hedberg6a770832014-06-06 11:54:04 +03001269 sc_generate_link_key(smp);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001270 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1271 sc_generate_ltk(smp);
Johan Hedberg6a770832014-06-06 11:54:04 +03001272
1273 /* Clear the keys which are generated but not distributed */
1274 *keydist &= ~SMP_SC_NO_DIST;
1275 }
1276
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001277 bt_dev_dbg(hdev, "keydist 0x%x", *keydist);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001278
1279 if (*keydist & SMP_DIST_ENC_KEY) {
1280 struct smp_cmd_encrypt_info enc;
Archie Pusakafad646e2021-05-31 16:37:25 +08001281 struct smp_cmd_initiator_ident ident;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001282 struct smp_ltk *ltk;
1283 u8 authenticated;
1284 __le16 ediv;
1285 __le64 rand;
1286
Johan Hedberg1fc62c52015-06-10 11:11:20 +03001287 /* Make sure we generate only the significant amount of
1288 * bytes based on the encryption key size, and set the rest
1289 * of the value to zeroes.
1290 */
1291 get_random_bytes(enc.ltk, smp->enc_key_size);
1292 memset(enc.ltk + smp->enc_key_size, 0,
1293 sizeof(enc.ltk) - smp->enc_key_size);
1294
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001295 get_random_bytes(&ediv, sizeof(ediv));
1296 get_random_bytes(&rand, sizeof(rand));
1297
1298 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1299
1300 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1301 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
Archie Pusakafad646e2021-05-31 16:37:25 +08001302 SMP_LTK_RESPONDER, authenticated, enc.ltk,
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001303 smp->enc_key_size, ediv, rand);
Archie Pusakafad646e2021-05-31 16:37:25 +08001304 smp->responder_ltk = ltk;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001305
1306 ident.ediv = ediv;
1307 ident.rand = rand;
1308
Archie Pusakafad646e2021-05-31 16:37:25 +08001309 smp_send_cmd(conn, SMP_CMD_INITIATOR_IDENT, sizeof(ident),
1310 &ident);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001311
1312 *keydist &= ~SMP_DIST_ENC_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_ID_KEY) {
1316 struct smp_cmd_ident_addr_info addrinfo;
1317 struct smp_cmd_ident_info idinfo;
1318
1319 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1320
1321 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1322
1323 /* The hci_conn contains the local identity address
1324 * after the connection has been established.
1325 *
1326 * This is true even when the connection has been
1327 * established using a resolvable random address.
1328 */
1329 bacpy(&addrinfo.bdaddr, &hcon->src);
1330 addrinfo.addr_type = hcon->src_type;
1331
1332 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1333 &addrinfo);
1334
1335 *keydist &= ~SMP_DIST_ID_KEY;
1336 }
1337
1338 if (*keydist & SMP_DIST_SIGN) {
1339 struct smp_cmd_sign_info sign;
1340 struct smp_csrk *csrk;
1341
1342 /* Generate a new random key */
1343 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1344
1345 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1346 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02001347 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1348 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1349 else
1350 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001351 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1352 }
Archie Pusakafad646e2021-05-31 16:37:25 +08001353 smp->responder_csrk = csrk;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001354
1355 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1356
1357 *keydist &= ~SMP_DIST_SIGN;
1358 }
1359
1360 /* If there are still keys to be received wait for them */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001361 if (smp->remote_key_dist & KEY_DIST_MASK) {
1362 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001363 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001364 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001365
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001366 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1367 smp_notify_keys(conn);
1368
1369 smp_chan_destroy(conn);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001370}
1371
Johan Hedbergb68fda62014-08-11 22:06:40 +03001372static void smp_timeout(struct work_struct *work)
1373{
1374 struct smp_chan *smp = container_of(work, struct smp_chan,
1375 security_timer.work);
1376 struct l2cap_conn *conn = smp->conn;
1377
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001378 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn);
Johan Hedbergb68fda62014-08-11 22:06:40 +03001379
Johan Hedberg1e91c292014-08-18 20:33:29 +03001380 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
Johan Hedbergb68fda62014-08-11 22:06:40 +03001381}
1382
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001383static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1384{
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001385 struct hci_conn *hcon = conn->hcon;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001386 struct l2cap_chan *chan = conn->smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001387 struct smp_chan *smp;
1388
Marcel Holtmannf1560462013-10-13 05:43:25 -07001389 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001390 if (!smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001391 return NULL;
1392
Herbert Xu71af2f62016-01-24 21:18:30 +08001393 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Johan Hedberg407cecf2014-05-02 14:19:47 +03001394 if (IS_ERR(smp->tfm_cmac)) {
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001395 bt_dev_err(hcon->hdev, "Unable to create CMAC crypto context");
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02001396 goto zfree_smp;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001397 }
1398
Meng Yu6763f5e2021-03-04 14:35:46 +08001399 smp->tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001400 if (IS_ERR(smp->tfm_ecdh)) {
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001401 bt_dev_err(hcon->hdev, "Unable to create ECDH crypto context");
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001402 goto free_shash;
Johan Hedberg407cecf2014-05-02 14:19:47 +03001403 }
1404
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001405 smp->conn = conn;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001406 chan->data = smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001407
Johan Hedbergb28b4942014-09-05 22:19:55 +03001408 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1409
Johan Hedbergb68fda62014-08-11 22:06:40 +03001410 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1411
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001412 hci_conn_hold(hcon);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001413
1414 return smp;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001415
1416free_shash:
1417 crypto_free_shash(smp->tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001418zfree_smp:
Waiman Long453431a2020-08-06 23:18:13 -07001419 kfree_sensitive(smp);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03001420 return NULL;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001421}
1422
Johan Hedberg760b0182014-06-06 11:44:05 +03001423static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1424{
1425 struct hci_conn *hcon = smp->conn->hcon;
1426 u8 *na, *nb, a[7], b[7];
1427
1428 if (hcon->out) {
1429 na = smp->prnd;
1430 nb = smp->rrnd;
1431 } else {
1432 na = smp->rrnd;
1433 nb = smp->prnd;
1434 }
1435
1436 memcpy(a, &hcon->init_addr, 6);
1437 memcpy(b, &hcon->resp_addr, 6);
1438 a[6] = hcon->init_addr_type;
1439 b[6] = hcon->resp_addr_type;
1440
1441 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1442}
1443
Johan Hedberg38606f12014-06-25 11:10:28 +03001444static void sc_dhkey_check(struct smp_chan *smp)
Johan Hedberg760b0182014-06-06 11:44:05 +03001445{
1446 struct hci_conn *hcon = smp->conn->hcon;
1447 struct smp_cmd_dhkey_check check;
1448 u8 a[7], b[7], *local_addr, *remote_addr;
1449 u8 io_cap[3], r[16];
1450
Johan Hedberg760b0182014-06-06 11:44:05 +03001451 memcpy(a, &hcon->init_addr, 6);
1452 memcpy(b, &hcon->resp_addr, 6);
1453 a[6] = hcon->init_addr_type;
1454 b[6] = hcon->resp_addr_type;
1455
1456 if (hcon->out) {
1457 local_addr = a;
1458 remote_addr = b;
1459 memcpy(io_cap, &smp->preq[1], 3);
1460 } else {
1461 local_addr = b;
1462 remote_addr = a;
1463 memcpy(io_cap, &smp->prsp[1], 3);
1464 }
1465
Johan Hedbergdddd3052014-06-01 15:38:09 +03001466 memset(r, 0, sizeof(r));
1467
1468 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
Johan Hedberg38606f12014-06-25 11:10:28 +03001469 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg760b0182014-06-06 11:44:05 +03001470
Johan Hedberga29b0732014-10-28 15:17:05 +01001471 if (smp->method == REQ_OOB)
1472 memcpy(r, smp->rr, 16);
1473
Johan Hedberg760b0182014-06-06 11:44:05 +03001474 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1475 local_addr, remote_addr, check.e);
1476
1477 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
Johan Hedbergdddd3052014-06-01 15:38:09 +03001478}
1479
Johan Hedberg38606f12014-06-25 11:10:28 +03001480static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1481{
1482 struct l2cap_conn *conn = smp->conn;
1483 struct hci_conn *hcon = conn->hcon;
1484 struct smp_cmd_pairing_confirm cfm;
1485 u8 r;
1486
1487 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1488 r |= 0x80;
1489
1490 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1491
1492 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1493 cfm.confirm_val))
1494 return SMP_UNSPECIFIED;
1495
1496 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1497
1498 return 0;
1499}
1500
1501static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1502{
1503 struct l2cap_conn *conn = smp->conn;
1504 struct hci_conn *hcon = conn->hcon;
1505 struct hci_dev *hdev = hcon->hdev;
1506 u8 cfm[16], r;
1507
1508 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1509 if (smp->passkey_round >= 20)
1510 return 0;
1511
1512 switch (smp_op) {
1513 case SMP_CMD_PAIRING_RANDOM:
1514 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1515 r |= 0x80;
1516
1517 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1518 smp->rrnd, r, cfm))
1519 return SMP_UNSPECIFIED;
1520
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02001521 if (crypto_memneq(smp->pcnf, cfm, 16))
Johan Hedberg38606f12014-06-25 11:10:28 +03001522 return SMP_CONFIRM_FAILED;
1523
1524 smp->passkey_round++;
1525
1526 if (smp->passkey_round == 20) {
1527 /* Generate MacKey and LTK */
1528 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1529 return SMP_UNSPECIFIED;
1530 }
1531
1532 /* The round is only complete when the initiator
1533 * receives pairing random.
1534 */
1535 if (!hcon->out) {
1536 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1537 sizeof(smp->prnd), smp->prnd);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001538 if (smp->passkey_round == 20)
Johan Hedberg38606f12014-06-25 11:10:28 +03001539 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001540 else
Johan Hedberg38606f12014-06-25 11:10:28 +03001541 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
Johan Hedberg38606f12014-06-25 11:10:28 +03001542 return 0;
1543 }
1544
1545 /* Start the next round */
1546 if (smp->passkey_round != 20)
1547 return sc_passkey_round(smp, 0);
1548
1549 /* Passkey rounds are complete - start DHKey Check */
1550 sc_dhkey_check(smp);
1551 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1552
1553 break;
1554
1555 case SMP_CMD_PAIRING_CONFIRM:
1556 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1557 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1558 return 0;
1559 }
1560
1561 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1562
1563 if (hcon->out) {
1564 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1565 sizeof(smp->prnd), smp->prnd);
1566 return 0;
1567 }
1568
1569 return sc_passkey_send_confirm(smp);
1570
1571 case SMP_CMD_PUBLIC_KEY:
1572 default:
1573 /* Initiating device starts the round */
1574 if (!hcon->out)
1575 return 0;
1576
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001577 bt_dev_dbg(hdev, "Starting passkey round %u",
1578 smp->passkey_round + 1);
Johan Hedberg38606f12014-06-25 11:10:28 +03001579
1580 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1581
1582 return sc_passkey_send_confirm(smp);
1583 }
1584
1585 return 0;
1586}
1587
Johan Hedbergdddd3052014-06-01 15:38:09 +03001588static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1589{
Johan Hedberg38606f12014-06-25 11:10:28 +03001590 struct l2cap_conn *conn = smp->conn;
1591 struct hci_conn *hcon = conn->hcon;
1592 u8 smp_op;
1593
1594 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1595
Johan Hedbergdddd3052014-06-01 15:38:09 +03001596 switch (mgmt_op) {
1597 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1598 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1599 return 0;
1600 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1601 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1602 return 0;
Johan Hedberg38606f12014-06-25 11:10:28 +03001603 case MGMT_OP_USER_PASSKEY_REPLY:
1604 hcon->passkey_notify = le32_to_cpu(passkey);
1605 smp->passkey_round = 0;
1606
1607 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1608 smp_op = SMP_CMD_PAIRING_CONFIRM;
1609 else
1610 smp_op = 0;
1611
1612 if (sc_passkey_round(smp, smp_op))
1613 return -EIO;
1614
1615 return 0;
Johan Hedbergdddd3052014-06-01 15:38:09 +03001616 }
1617
Johan Hedbergd3e54a82014-06-04 11:07:40 +03001618 /* Initiator sends DHKey check first */
1619 if (hcon->out) {
1620 sc_dhkey_check(smp);
1621 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1622 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1623 sc_dhkey_check(smp);
1624 sc_add_ltk(smp);
1625 }
Johan Hedberg760b0182014-06-06 11:44:05 +03001626
1627 return 0;
1628}
1629
Brian Gix2b64d152011-12-21 16:12:12 -08001630int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1631{
Johan Hedbergb10e8012014-06-27 14:23:07 +03001632 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001633 struct l2cap_chan *chan;
Brian Gix2b64d152011-12-21 16:12:12 -08001634 struct smp_chan *smp;
1635 u32 value;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001636 int err;
Brian Gix2b64d152011-12-21 16:12:12 -08001637
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001638 if (!conn)
Brian Gix2b64d152011-12-21 16:12:12 -08001639 return -ENOTCONN;
1640
Luiz Augusto von Dentz0ae8ef62021-03-29 10:27:04 -07001641 bt_dev_dbg(conn->hcon->hdev, "");
1642
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001643 chan = conn->smp;
1644 if (!chan)
1645 return -ENOTCONN;
1646
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001647 l2cap_chan_lock(chan);
1648 if (!chan->data) {
1649 err = -ENOTCONN;
1650 goto unlock;
1651 }
1652
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001653 smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -08001654
Johan Hedberg760b0182014-06-06 11:44:05 +03001655 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1656 err = sc_user_reply(smp, mgmt_op, passkey);
1657 goto unlock;
1658 }
1659
Brian Gix2b64d152011-12-21 16:12:12 -08001660 switch (mgmt_op) {
1661 case MGMT_OP_USER_PASSKEY_REPLY:
1662 value = le32_to_cpu(passkey);
Johan Hedberg943a7322014-03-18 12:58:24 +02001663 memset(smp->tk, 0, sizeof(smp->tk));
Kai Ye83b4b192021-06-03 15:41:05 +08001664 bt_dev_dbg(conn->hcon->hdev, "PassKey: %u", value);
Johan Hedberg943a7322014-03-18 12:58:24 +02001665 put_unaligned_le32(value, smp->tk);
Gustavo A. R. Silva19186c72020-07-08 15:18:23 -05001666 fallthrough;
Brian Gix2b64d152011-12-21 16:12:12 -08001667 case MGMT_OP_USER_CONFIRM_REPLY:
Johan Hedberg4a74d652014-05-20 09:45:50 +03001668 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001669 break;
1670 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1671 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
Johan Hedberg84794e12013-11-06 11:24:57 +02001672 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001673 err = 0;
1674 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001675 default:
Johan Hedberg84794e12013-11-06 11:24:57 +02001676 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001677 err = -EOPNOTSUPP;
1678 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001679 }
1680
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001681 err = 0;
1682
Brian Gix2b64d152011-12-21 16:12:12 -08001683 /* If it is our turn to send Pairing Confirm, do so now */
Johan Hedberg1cc61142014-05-20 09:45:52 +03001684 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1685 u8 rsp = smp_confirm(smp);
1686 if (rsp)
1687 smp_failure(conn, rsp);
1688 }
Brian Gix2b64d152011-12-21 16:12:12 -08001689
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001690unlock:
1691 l2cap_chan_unlock(chan);
1692 return err;
Brian Gix2b64d152011-12-21 16:12:12 -08001693}
1694
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001695static void build_bredr_pairing_cmd(struct smp_chan *smp,
1696 struct smp_cmd_pairing *req,
1697 struct smp_cmd_pairing *rsp)
1698{
1699 struct l2cap_conn *conn = smp->conn;
1700 struct hci_dev *hdev = conn->hcon->hdev;
1701 u8 local_dist = 0, remote_dist = 0;
1702
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001703 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001704 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1705 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1706 }
1707
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001708 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001709 remote_dist |= SMP_DIST_ID_KEY;
1710
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001711 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001712 local_dist |= SMP_DIST_ID_KEY;
1713
1714 if (!rsp) {
1715 memset(req, 0, sizeof(*req));
1716
Johan Hedberga62da6f2016-12-08 08:32:54 +02001717 req->auth_req = SMP_AUTH_CT2;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001718 req->init_key_dist = local_dist;
1719 req->resp_key_dist = remote_dist;
Johan Hedberge3f6a252015-06-11 13:52:30 +03001720 req->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001721
1722 smp->remote_key_dist = remote_dist;
1723
1724 return;
1725 }
1726
1727 memset(rsp, 0, sizeof(*rsp));
1728
Johan Hedberga62da6f2016-12-08 08:32:54 +02001729 rsp->auth_req = SMP_AUTH_CT2;
Johan Hedberge3f6a252015-06-11 13:52:30 +03001730 rsp->max_key_size = conn->hcon->enc_key_size;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001731 rsp->init_key_dist = req->init_key_dist & remote_dist;
1732 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1733
1734 smp->remote_key_dist = rsp->init_key_dist;
1735}
1736
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001737static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001738{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001739 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001740 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb3c64102014-07-10 11:02:07 +03001741 struct hci_dev *hdev = conn->hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001742 struct smp_chan *smp;
Johan Hedbergc7262e72014-06-17 13:07:37 +03001743 u8 key_size, auth, sec_level;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001744 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001745
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001746 bt_dev_dbg(hdev, "conn %p", conn);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001747
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001748 if (skb->len < sizeof(*req))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001749 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001750
Johan Hedberg40bef302014-07-16 11:42:27 +03001751 if (conn->hcon->role != HCI_ROLE_SLAVE)
Brian Gix2b64d152011-12-21 16:12:12 -08001752 return SMP_CMD_NOTSUPP;
1753
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001754 if (!chan->data)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001755 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001756 else
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001757 smp = chan->data;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001758
Andrei Emeltchenkod08fd0e2012-07-19 17:03:43 +03001759 if (!smp)
1760 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001761
Johan Hedbergc05b9332014-09-10 17:37:42 -07001762 /* We didn't start the pairing, so match remote */
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001763 auth = req->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001764
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001765 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07001766 (auth & SMP_AUTH_BONDING))
Johan Hedbergb3c64102014-07-10 11:02:07 +03001767 return SMP_PAIRING_NOTSUPP;
1768
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001769 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001770 return SMP_AUTH_REQUIREMENTS;
1771
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001772 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1773 memcpy(&smp->preq[1], req, sizeof(*req));
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001774 skb_pull(skb, sizeof(*req));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001775
Johan Hedbergcb06d362015-03-16 21:12:34 +02001776 /* If the remote side's OOB flag is set it means it has
1777 * successfully received our local OOB data - therefore set the
1778 * flag to indicate that local OOB is in use.
1779 */
Johan Hedberg94f14e42018-09-11 14:10:12 +03001780 if (req->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)
Johan Hedberg58428562015-03-16 11:45:45 +02001781 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1782
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001783 /* SMP over BR/EDR requires special treatment */
1784 if (conn->hcon->type == ACL_LINK) {
1785 /* We must have a BR/EDR SC link */
Marcel Holtmann08f63cc2014-12-07 16:19:12 +01001786 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07001787 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001788 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1789
1790 set_bit(SMP_FLAG_SC, &smp->flags);
1791
1792 build_bredr_pairing_cmd(smp, req, &rsp);
1793
Johan Hedberga62da6f2016-12-08 08:32:54 +02001794 if (req->auth_req & SMP_AUTH_CT2)
1795 set_bit(SMP_FLAG_CT2, &smp->flags);
1796
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001797 key_size = min(req->max_key_size, rsp.max_key_size);
1798 if (check_enc_key_size(conn, key_size))
1799 return SMP_ENC_KEY_SIZE;
1800
1801 /* Clear bits which are generated but not distributed */
1802 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1803
1804 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1805 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1806 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1807
1808 smp_distribute_keys(smp);
1809 return 0;
1810 }
1811
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03001812 build_pairing_cmd(conn, req, &rsp, auth);
1813
Johan Hedberga62da6f2016-12-08 08:32:54 +02001814 if (rsp.auth_req & SMP_AUTH_SC) {
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03001815 set_bit(SMP_FLAG_SC, &smp->flags);
1816
Johan Hedberga62da6f2016-12-08 08:32:54 +02001817 if (rsp.auth_req & SMP_AUTH_CT2)
1818 set_bit(SMP_FLAG_CT2, &smp->flags);
1819 }
1820
Johan Hedberg5be5e272014-09-10 17:58:54 -07001821 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07001822 sec_level = BT_SECURITY_MEDIUM;
1823 else
1824 sec_level = authreq_to_seclevel(auth);
1825
Johan Hedbergc7262e72014-06-17 13:07:37 +03001826 if (sec_level > conn->hcon->pending_sec_level)
1827 conn->hcon->pending_sec_level = sec_level;
Ido Yarivfdde0a22012-03-05 20:09:38 +02001828
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001829 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001830 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1831 u8 method;
1832
1833 method = get_auth_method(smp, conn->hcon->io_capability,
1834 req->io_capability);
1835 if (method == JUST_WORKS || method == JUST_CFM)
1836 return SMP_AUTH_REQUIREMENTS;
1837 }
1838
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001839 key_size = min(req->max_key_size, rsp.max_key_size);
1840 if (check_enc_key_size(conn, key_size))
1841 return SMP_ENC_KEY_SIZE;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001842
Johan Hedberge84a6b12013-12-02 10:49:03 +02001843 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001844
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001845 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1846 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001847
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001848 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
Johan Hedberg3b191462014-06-06 10:50:15 +03001849
1850 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1851
Johan Hedberg19c5ce92015-03-15 19:34:04 +02001852 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1853 * SC case, however some implementations incorrectly copy RFU auth
1854 * req bits from our security request, which may create a false
1855 * positive SC enablement.
1856 */
1857 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1858
Johan Hedberg3b191462014-06-06 10:50:15 +03001859 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1860 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1861 /* Clear bits which are generated but not distributed */
1862 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1863 /* Wait for Public Key from Initiating Device */
1864 return 0;
Johan Hedberg3b191462014-06-06 10:50:15 +03001865 }
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001866
Brian Gix2b64d152011-12-21 16:12:12 -08001867 /* Request setup of TK */
1868 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1869 if (ret)
1870 return SMP_UNSPECIFIED;
1871
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001872 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001873}
1874
Johan Hedberg3b191462014-06-06 10:50:15 +03001875static u8 sc_send_public_key(struct smp_chan *smp)
1876{
Johan Hedberg70157ef2014-06-24 15:22:59 +03001877 struct hci_dev *hdev = smp->conn->hcon->hdev;
1878
Marcel Holtmann56860242020-05-06 09:57:50 +02001879 bt_dev_dbg(hdev, "");
Johan Hedberg3b191462014-06-06 10:50:15 +03001880
Johan Hedberg1a8bab42015-03-16 11:45:44 +02001881 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001882 struct l2cap_chan *chan = hdev->smp_data;
1883 struct smp_dev *smp_dev;
1884
1885 if (!chan || !chan->data)
1886 return SMP_UNSPECIFIED;
1887
1888 smp_dev = chan->data;
1889
1890 memcpy(smp->local_pk, smp_dev->local_pk, 64);
Marcel Holtmannfb334fe2015-03-16 12:34:57 -07001891 memcpy(smp->lr, smp_dev->local_rand, 16);
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001892
1893 if (smp_dev->debug_key)
1894 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1895
1896 goto done;
1897 }
1898
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001899 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001900 bt_dev_dbg(hdev, "Using debug keys");
Tudor Ambarusc0153b02017-09-28 17:14:55 +03001901 if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk))
1902 return SMP_UNSPECIFIED;
Johan Hedberg70157ef2014-06-24 15:22:59 +03001903 memcpy(smp->local_pk, debug_pk, 64);
Johan Hedberg70157ef2014-06-24 15:22:59 +03001904 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1905 } else {
1906 while (true) {
Tudor Ambarusc0153b02017-09-28 17:14:55 +03001907 /* Generate key pair for Secure Connections */
1908 if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk))
Johan Hedberg70157ef2014-06-24 15:22:59 +03001909 return SMP_UNSPECIFIED;
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001910
Johan Hedberg70157ef2014-06-24 15:22:59 +03001911 /* This is unlikely, but we need to check that
Zheng Yongjun91641b72021-06-02 14:54:58 +08001912 * we didn't accidentally generate a debug key.
Johan Hedberg70157ef2014-06-24 15:22:59 +03001913 */
Tudor Ambarusc0153b02017-09-28 17:14:55 +03001914 if (crypto_memneq(smp->local_pk, debug_pk, 64))
Johan Hedberg70157ef2014-06-24 15:22:59 +03001915 break;
1916 }
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001917 }
Johan Hedberg3b191462014-06-06 10:50:15 +03001918
Marcel Holtmann33d0c032015-03-16 01:10:24 -07001919done:
Johan Hedbergc7a3d572014-12-01 22:03:16 +02001920 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
Marcel Holtmann8e4e2ee2015-03-16 01:10:25 -07001921 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
Johan Hedberg3b191462014-06-06 10:50:15 +03001922
1923 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1924
1925 return 0;
1926}
1927
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001928static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001929{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001930 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001931 struct l2cap_chan *chan = conn->smp;
1932 struct smp_chan *smp = chan->data;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001933 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg3a7dbfb2014-09-10 17:37:41 -07001934 u8 key_size, auth;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001935 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001936
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07001937 bt_dev_dbg(hdev, "conn %p", conn);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001938
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001939 if (skb->len < sizeof(*rsp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001940 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001941
Johan Hedberg40bef302014-07-16 11:42:27 +03001942 if (conn->hcon->role != HCI_ROLE_MASTER)
Brian Gix2b64d152011-12-21 16:12:12 -08001943 return SMP_CMD_NOTSUPP;
1944
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001945 skb_pull(skb, sizeof(*rsp));
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001946
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001947 req = (void *) &smp->preq[1];
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001948
1949 key_size = min(req->max_key_size, rsp->max_key_size);
1950 if (check_enc_key_size(conn, key_size))
1951 return SMP_ENC_KEY_SIZE;
1952
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001953 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001954
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001955 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07001956 return SMP_AUTH_REQUIREMENTS;
1957
Johan Hedbergcb06d362015-03-16 21:12:34 +02001958 /* If the remote side's OOB flag is set it means it has
1959 * successfully received our local OOB data - therefore set the
1960 * flag to indicate that local OOB is in use.
1961 */
Johan Hedberg94f14e42018-09-11 14:10:12 +03001962 if (rsp->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)
Johan Hedberg58428562015-03-16 11:45:45 +02001963 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1964
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001965 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1966 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1967
1968 /* Update remote key distribution in case the remote cleared
1969 * some bits that we had enabled in our request.
1970 */
1971 smp->remote_key_dist &= rsp->resp_key_dist;
1972
Johan Hedberga62da6f2016-12-08 08:32:54 +02001973 if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2))
1974 set_bit(SMP_FLAG_CT2, &smp->flags);
1975
Johan Hedbergb5ae3442014-08-14 12:34:26 +03001976 /* For BR/EDR this means we're done and can start phase 3 */
1977 if (conn->hcon->type == ACL_LINK) {
1978 /* Clear bits which are generated but not distributed */
1979 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1980 smp_distribute_keys(smp);
1981 return 0;
1982 }
1983
Johan Hedberg65668772014-05-16 11:03:34 +03001984 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1985 set_bit(SMP_FLAG_SC, &smp->flags);
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03001986 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1987 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
Johan Hedberg65668772014-05-16 11:03:34 +03001988
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001989 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001990 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1991 u8 method;
1992
1993 method = get_auth_method(smp, req->io_capability,
1994 rsp->io_capability);
1995 if (method == JUST_WORKS || method == JUST_CFM)
1996 return SMP_AUTH_REQUIREMENTS;
1997 }
1998
Johan Hedberge84a6b12013-12-02 10:49:03 +02001999 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002000
Johan Hedbergfdcc4be2014-03-14 10:53:50 +02002001 /* Update remote key distribution in case the remote cleared
2002 * some bits that we had enabled in our request.
2003 */
2004 smp->remote_key_dist &= rsp->resp_key_dist;
2005
Johan Hedberg3b191462014-06-06 10:50:15 +03002006 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2007 /* Clear bits which are generated but not distributed */
2008 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
2009 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
2010 return sc_send_public_key(smp);
2011 }
2012
Johan Hedbergc05b9332014-09-10 17:37:42 -07002013 auth |= req->auth_req;
Brian Gix2b64d152011-12-21 16:12:12 -08002014
Johan Hedberg476585e2012-06-06 18:54:15 +08002015 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
Brian Gix2b64d152011-12-21 16:12:12 -08002016 if (ret)
2017 return SMP_UNSPECIFIED;
2018
Johan Hedberg4a74d652014-05-20 09:45:50 +03002019 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08002020
2021 /* Can't compose response until we have been confirmed */
Johan Hedberg4a74d652014-05-20 09:45:50 +03002022 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03002023 return smp_confirm(smp);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002024
2025 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002026}
2027
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002028static u8 sc_check_confirm(struct smp_chan *smp)
2029{
2030 struct l2cap_conn *conn = smp->conn;
2031
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002032 bt_dev_dbg(conn->hcon->hdev, "");
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002033
Johan Hedberg38606f12014-06-25 11:10:28 +03002034 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2035 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2036
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002037 if (conn->hcon->out) {
2038 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2039 smp->prnd);
2040 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2041 }
2042
2043 return 0;
2044}
2045
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002046/* Work-around for some implementations that incorrectly copy RFU bits
2047 * from our security request and thereby create the impression that
2048 * we're doing SC when in fact the remote doesn't support it.
2049 */
2050static int fixup_sc_false_positive(struct smp_chan *smp)
2051{
2052 struct l2cap_conn *conn = smp->conn;
2053 struct hci_conn *hcon = conn->hcon;
2054 struct hci_dev *hdev = hcon->hdev;
2055 struct smp_cmd_pairing *req, *rsp;
2056 u8 auth;
2057
Archie Pusakafad646e2021-05-31 16:37:25 +08002058 /* The issue is only observed when we're in responder role */
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002059 if (hcon->out)
2060 return SMP_UNSPECIFIED;
2061
2062 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01002063 bt_dev_err(hdev, "refusing legacy fallback in SC-only mode");
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002064 return SMP_UNSPECIFIED;
2065 }
2066
Marcel Holtmann2064ee32017-10-30 10:42:59 +01002067 bt_dev_err(hdev, "trying to fall back to legacy SMP");
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002068
2069 req = (void *) &smp->preq[1];
2070 rsp = (void *) &smp->prsp[1];
2071
2072 /* Rebuild key dist flags which may have been cleared for SC */
2073 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2074
2075 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2076
2077 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01002078 bt_dev_err(hdev, "failed to fall back to legacy SMP");
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002079 return SMP_UNSPECIFIED;
2080 }
2081
2082 clear_bit(SMP_FLAG_SC, &smp->flags);
2083
2084 return 0;
2085}
2086
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002087static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002088{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002089 struct l2cap_chan *chan = conn->smp;
2090 struct smp_chan *smp = chan->data;
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002091 struct hci_conn *hcon = conn->hcon;
2092 struct hci_dev *hdev = hcon->hdev;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002093
Archie Pusakafad646e2021-05-31 16:37:25 +08002094 bt_dev_dbg(hdev, "conn %p %s", conn,
2095 hcon->out ? "initiator" : "responder");
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002096
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002097 if (skb->len < sizeof(smp->pcnf))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002098 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002099
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002100 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2101 skb_pull(skb, sizeof(smp->pcnf));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002102
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002103 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2104 int ret;
2105
2106 /* Public Key exchange must happen before any other steps */
2107 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2108 return sc_check_confirm(smp);
2109
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002110 bt_dev_err(hdev, "Unexpected SMP Pairing Confirm");
Johan Hedberg19c5ce92015-03-15 19:34:04 +02002111
2112 ret = fixup_sc_false_positive(smp);
2113 if (ret)
2114 return ret;
2115 }
Johan Hedbergdcee2b32014-06-06 11:36:38 +03002116
Johan Hedbergb28b4942014-09-05 22:19:55 +03002117 if (conn->hcon->out) {
Johan Hedberg943a7322014-03-18 12:58:24 +02002118 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2119 smp->prnd);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002120 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2121 return 0;
2122 }
2123
2124 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03002125 return smp_confirm(smp);
Marcel Holtmann983f9812015-03-11 17:47:40 -07002126
2127 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002128
2129 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002130}
2131
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002132static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002133{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002134 struct l2cap_chan *chan = conn->smp;
2135 struct smp_chan *smp = chan->data;
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002136 struct hci_conn *hcon = conn->hcon;
Howard Chungeed467b2020-02-20 11:17:29 +08002137 u8 *pkax, *pkbx, *na, *nb, confirm_hint;
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002138 u32 passkey;
2139 int err;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002140
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002141 bt_dev_dbg(hcon->hdev, "conn %p", conn);
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03002142
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002143 if (skb->len < sizeof(smp->rrnd))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002144 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002145
Johan Hedberg943a7322014-03-18 12:58:24 +02002146 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002147 skb_pull(skb, sizeof(smp->rrnd));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002148
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002149 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2150 return smp_random(smp);
2151
Johan Hedberg580039e2014-12-03 16:26:37 +02002152 if (hcon->out) {
2153 pkax = smp->local_pk;
2154 pkbx = smp->remote_pk;
2155 na = smp->prnd;
2156 nb = smp->rrnd;
2157 } else {
2158 pkax = smp->remote_pk;
2159 pkbx = smp->local_pk;
2160 na = smp->rrnd;
2161 nb = smp->prnd;
2162 }
2163
Johan Hedberga29b0732014-10-28 15:17:05 +01002164 if (smp->method == REQ_OOB) {
2165 if (!hcon->out)
2166 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2167 sizeof(smp->prnd), smp->prnd);
2168 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2169 goto mackey_and_ltk;
2170 }
2171
Johan Hedberg38606f12014-06-25 11:10:28 +03002172 /* Passkey entry has special treatment */
2173 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2174 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2175
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002176 if (hcon->out) {
2177 u8 cfm[16];
2178
2179 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2180 smp->rrnd, 0, cfm);
2181 if (err)
2182 return SMP_UNSPECIFIED;
2183
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02002184 if (crypto_memneq(smp->pcnf, cfm, 16))
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002185 return SMP_CONFIRM_FAILED;
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002186 } else {
2187 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2188 smp->prnd);
2189 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
Howard Chungcee5f202020-02-14 19:16:41 +08002190
2191 /* Only Just-Works pairing requires extra checks */
2192 if (smp->method != JUST_WORKS)
2193 goto mackey_and_ltk;
2194
2195 /* If there already exists long term key in local host, leave
2196 * the decision to user space since the remote device could
2197 * be legitimate or malicious.
2198 */
2199 if (hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2200 hcon->role)) {
Howard Chungeed467b2020-02-20 11:17:29 +08002201 /* Set passkey to 0. The value can be any number since
2202 * it'll be ignored anyway.
2203 */
2204 passkey = 0;
2205 confirm_hint = 1;
2206 goto confirm;
Howard Chungcee5f202020-02-14 19:16:41 +08002207 }
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002208 }
2209
Johan Hedberga29b0732014-10-28 15:17:05 +01002210mackey_and_ltk:
Johan Hedberg760b0182014-06-06 11:44:05 +03002211 /* Generate MacKey and LTK */
2212 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2213 if (err)
2214 return SMP_UNSPECIFIED;
2215
Sonny Sasakaffee2022020-04-06 11:04:02 -07002216 if (smp->method == REQ_OOB) {
Johan Hedbergdddd3052014-06-01 15:38:09 +03002217 if (hcon->out) {
Johan Hedberg38606f12014-06-25 11:10:28 +03002218 sc_dhkey_check(smp);
Johan Hedbergdddd3052014-06-01 15:38:09 +03002219 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2220 }
2221 return 0;
2222 }
2223
Johan Hedberg38606f12014-06-25 11:10:28 +03002224 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002225 if (err)
2226 return SMP_UNSPECIFIED;
2227
Howard Chungeed467b2020-02-20 11:17:29 +08002228 confirm_hint = 0;
2229
2230confirm:
Sonny Sasakaffee2022020-04-06 11:04:02 -07002231 if (smp->method == JUST_WORKS)
2232 confirm_hint = 1;
2233
Johan Hedberg38606f12014-06-25 11:10:28 +03002234 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
Howard Chungeed467b2020-02-20 11:17:29 +08002235 hcon->dst_type, passkey, confirm_hint);
Johan Hedberg38606f12014-06-25 11:10:28 +03002236 if (err)
2237 return SMP_UNSPECIFIED;
2238
2239 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2240
Johan Hedberg191dc7fe22014-06-06 11:39:49 +03002241 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002242}
2243
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002244static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002245{
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002246 struct smp_ltk *key;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002247 struct hci_conn *hcon = conn->hcon;
2248
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002249 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002250 if (!key)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002251 return false;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002252
Johan Hedberga6f78332014-09-10 17:37:45 -07002253 if (smp_ltk_sec_level(key) < sec_level)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002254 return false;
Johan Hedberg4dab7862012-06-07 14:58:37 +08002255
Johan Hedberg51a8efd2012-01-16 06:10:31 +02002256 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002257 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002258
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002259 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002260 hcon->enc_key_size = key->enc_size;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002261
Archie Pusakafad646e2021-05-31 16:37:25 +08002262 /* We never store STKs for initiator role, so clear this flag */
Johan Hedbergfe59a052014-07-01 19:14:12 +03002263 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2264
Marcel Holtmannf81cd822014-07-01 10:59:24 +02002265 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002266}
Marcel Holtmannf1560462013-10-13 05:43:25 -07002267
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002268bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2269 enum smp_key_pref key_pref)
Johan Hedberg854f4722014-07-01 18:40:20 +03002270{
2271 if (sec_level == BT_SECURITY_LOW)
2272 return true;
2273
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002274 /* If we're encrypted with an STK but the caller prefers using
2275 * LTK claim insufficient security. This way we allow the
2276 * connection to be re-encrypted with an LTK, even if the LTK
2277 * provides the same level of security. Only exception is if we
2278 * don't have an LTK (e.g. because of key distribution bits).
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002279 */
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002280 if (key_pref == SMP_USE_LTK &&
2281 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
Johan Hedbergf3a73d92014-05-29 15:02:59 +03002282 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
Johan Hedberg9ab65d602014-07-01 19:14:13 +03002283 return false;
2284
Johan Hedberg854f4722014-07-01 18:40:20 +03002285 if (hcon->sec_level >= sec_level)
2286 return true;
2287
2288 return false;
2289}
2290
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002291static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002292{
2293 struct smp_cmd_security_req *rp = (void *) skb->data;
2294 struct smp_cmd_pairing cp;
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002295 struct hci_conn *hcon = conn->hcon;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002296 struct hci_dev *hdev = hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002297 struct smp_chan *smp;
Johan Hedbergc05b9332014-09-10 17:37:42 -07002298 u8 sec_level, auth;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002299
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002300 bt_dev_dbg(hdev, "conn %p", conn);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002301
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002302 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002303 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002304
Johan Hedberg40bef302014-07-16 11:42:27 +03002305 if (hcon->role != HCI_ROLE_MASTER)
Johan Hedberg86ca9ea2013-11-05 11:30:39 +02002306 return SMP_CMD_NOTSUPP;
2307
Johan Hedberg0edb14d2014-05-26 13:29:28 +03002308 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07002309
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002310 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
Johan Hedberg903b71c2014-09-08 16:59:18 -07002311 return SMP_AUTH_REQUIREMENTS;
2312
Johan Hedberg5be5e272014-09-10 17:58:54 -07002313 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07002314 sec_level = BT_SECURITY_MEDIUM;
2315 else
2316 sec_level = authreq_to_seclevel(auth);
2317
Szymon Janc64e759f2018-02-26 15:41:53 +01002318 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
2319 /* If link is already encrypted with sufficient security we
2320 * still need refresh encryption as per Core Spec 5.0 Vol 3,
2321 * Part H 2.4.6
2322 */
2323 smp_ltk_encrypt(conn, hcon->sec_level);
Johan Hedberg854f4722014-07-01 18:40:20 +03002324 return 0;
Szymon Janc64e759f2018-02-26 15:41:53 +01002325 }
Johan Hedberg854f4722014-07-01 18:40:20 +03002326
Johan Hedbergc7262e72014-06-17 13:07:37 +03002327 if (sec_level > hcon->pending_sec_level)
2328 hcon->pending_sec_level = sec_level;
Vinicius Costa Gomesfeb45eb2011-08-25 20:02:35 -03002329
Johan Hedberg4dab7862012-06-07 14:58:37 +08002330 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03002331 return 0;
2332
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002333 smp = smp_chan_create(conn);
Johan Hedbergc29d2442014-06-16 19:25:14 +03002334 if (!smp)
2335 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002336
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002337 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07002338 (auth & SMP_AUTH_BONDING))
Johan Hedberg616d55b2014-07-29 14:18:48 +03002339 return SMP_PAIRING_NOTSUPP;
2340
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002341 skb_pull(skb, sizeof(*rp));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002342
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002343 memset(&cp, 0, sizeof(cp));
Johan Hedbergc05b9332014-09-10 17:37:42 -07002344 build_pairing_cmd(conn, &cp, NULL, auth);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002345
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002346 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2347 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002348
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002349 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002350 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002351
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002352 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002353}
2354
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002355int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002356{
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03002357 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedbergc68b7f12014-09-06 06:59:10 +03002358 struct l2cap_chan *chan;
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002359 struct smp_chan *smp;
Brian Gix2b64d152011-12-21 16:12:12 -08002360 __u8 authreq;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002361 int ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002362
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002363 bt_dev_dbg(hcon->hdev, "conn %p hcon %p level 0x%2.2x", conn, hcon,
2364 sec_level);
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002365
Johan Hedberg0a66cf22014-03-24 14:39:03 +02002366 /* This may be NULL if there's an unexpected disconnection */
2367 if (!conn)
2368 return 1;
2369
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002370 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002371 return 1;
2372
Johan Hedberg35dc6f82014-11-13 10:55:18 +02002373 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03002374 return 1;
2375
Johan Hedbergc7262e72014-06-17 13:07:37 +03002376 if (sec_level > hcon->pending_sec_level)
2377 hcon->pending_sec_level = sec_level;
2378
Johan Hedberg40bef302014-07-16 11:42:27 +03002379 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedbergc7262e72014-06-17 13:07:37 +03002380 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2381 return 0;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002382
Johan Hedbergd8949aa2015-09-04 12:22:46 +03002383 chan = conn->smp;
2384 if (!chan) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01002385 bt_dev_err(hcon->hdev, "security requested but not available");
Johan Hedbergd8949aa2015-09-04 12:22:46 +03002386 return 1;
2387 }
2388
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002389 l2cap_chan_lock(chan);
2390
2391 /* If SMP is already in progress ignore this request */
2392 if (chan->data) {
2393 ret = 0;
2394 goto unlock;
2395 }
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002396
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03002397 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002398 if (!smp) {
2399 ret = 1;
2400 goto unlock;
2401 }
Brian Gix2b64d152011-12-21 16:12:12 -08002402
2403 authreq = seclevel_to_authreq(sec_level);
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002404
Johan Hedberga62da6f2016-12-08 08:32:54 +02002405 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03002406 authreq |= SMP_AUTH_SC;
Johan Hedberga62da6f2016-12-08 08:32:54 +02002407 if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))
2408 authreq |= SMP_AUTH_CT2;
2409 }
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03002410
Archie Pusakac2aa30d2020-04-07 12:26:27 +08002411 /* Don't attempt to set MITM if setting is overridden by debugfs
2412 * Needed to pass certification test SM/MAS/PKE/BV-01-C
Johan Hedberg2e233642014-03-18 15:42:30 +02002413 */
Archie Pusakac2aa30d2020-04-07 12:26:27 +08002414 if (!hci_dev_test_flag(hcon->hdev, HCI_FORCE_NO_MITM)) {
2415 /* Require MITM if IO Capability allows or the security level
2416 * requires it.
2417 */
2418 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2419 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2420 authreq |= SMP_AUTH_MITM;
2421 }
Johan Hedberg2e233642014-03-18 15:42:30 +02002422
Johan Hedberg40bef302014-07-16 11:42:27 +03002423 if (hcon->role == HCI_ROLE_MASTER) {
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03002424 struct smp_cmd_pairing cp;
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002425
Brian Gix2b64d152011-12-21 16:12:12 -08002426 build_pairing_cmd(conn, &cp, NULL, authreq);
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002427 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2428 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03002429
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002430 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002431 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002432 } else {
2433 struct smp_cmd_security_req cp;
Brian Gix2b64d152011-12-21 16:12:12 -08002434 cp.auth_req = authreq;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002435 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002436 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002437 }
2438
Johan Hedberg4a74d652014-05-20 09:45:50 +03002439 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002440 ret = 0;
Johan Hedbergedca7922014-03-24 15:54:11 +02002441
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002442unlock:
2443 l2cap_chan_unlock(chan);
2444 return ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002445}
2446
Matias Karhumaacb28c302018-09-26 09:13:46 +03002447int smp_cancel_and_remove_pairing(struct hci_dev *hdev, bdaddr_t *bdaddr,
2448 u8 addr_type)
Johan Hedbergc81d5552015-10-22 09:38:35 +03002449{
Matias Karhumaacb28c302018-09-26 09:13:46 +03002450 struct hci_conn *hcon;
2451 struct l2cap_conn *conn;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002452 struct l2cap_chan *chan;
2453 struct smp_chan *smp;
Matias Karhumaacb28c302018-09-26 09:13:46 +03002454 int err;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002455
Matias Karhumaacb28c302018-09-26 09:13:46 +03002456 err = hci_remove_ltk(hdev, bdaddr, addr_type);
2457 hci_remove_irk(hdev, bdaddr, addr_type);
2458
2459 hcon = hci_conn_hash_lookup_le(hdev, bdaddr, addr_type);
2460 if (!hcon)
2461 goto done;
2462
2463 conn = hcon->l2cap_data;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002464 if (!conn)
Matias Karhumaacb28c302018-09-26 09:13:46 +03002465 goto done;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002466
2467 chan = conn->smp;
2468 if (!chan)
Matias Karhumaacb28c302018-09-26 09:13:46 +03002469 goto done;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002470
2471 l2cap_chan_lock(chan);
2472
2473 smp = chan->data;
2474 if (smp) {
Matias Karhumaacb28c302018-09-26 09:13:46 +03002475 /* Set keys to NULL to make sure smp_failure() does not try to
2476 * remove and free already invalidated rcu list entries. */
2477 smp->ltk = NULL;
Archie Pusakafad646e2021-05-31 16:37:25 +08002478 smp->responder_ltk = NULL;
Matias Karhumaacb28c302018-09-26 09:13:46 +03002479 smp->remote_irk = NULL;
2480
Johan Hedbergc81d5552015-10-22 09:38:35 +03002481 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2482 smp_failure(conn, 0);
2483 else
2484 smp_failure(conn, SMP_UNSPECIFIED);
Matias Karhumaacb28c302018-09-26 09:13:46 +03002485 err = 0;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002486 }
2487
2488 l2cap_chan_unlock(chan);
Matias Karhumaacb28c302018-09-26 09:13:46 +03002489
2490done:
2491 return err;
Johan Hedbergc81d5552015-10-22 09:38:35 +03002492}
2493
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002494static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2495{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002496 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002497 struct l2cap_chan *chan = conn->smp;
2498 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002499
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002500 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn);
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002501
2502 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002503 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002504
Alain Michaud600a8742020-01-07 00:43:17 +00002505 /* Pairing is aborted if any blocked keys are distributed */
2506 if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_LTK,
2507 rp->ltk)) {
2508 bt_dev_warn_ratelimited(conn->hcon->hdev,
2509 "LTK blocked for %pMR",
2510 &conn->hcon->dst);
2511 return SMP_INVALID_PARAMS;
2512 }
2513
Archie Pusakafad646e2021-05-31 16:37:25 +08002514 SMP_ALLOW_CMD(smp, SMP_CMD_INITIATOR_IDENT);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002515
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002516 skb_pull(skb, sizeof(*rp));
2517
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03002518 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002519
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002520 return 0;
2521}
2522
Archie Pusakafad646e2021-05-31 16:37:25 +08002523static int smp_cmd_initiator_ident(struct l2cap_conn *conn, struct sk_buff *skb)
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002524{
Archie Pusakafad646e2021-05-31 16:37:25 +08002525 struct smp_cmd_initiator_ident *rp = (void *)skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002526 struct l2cap_chan *chan = conn->smp;
2527 struct smp_chan *smp = chan->data;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002528 struct hci_dev *hdev = conn->hcon->hdev;
2529 struct hci_conn *hcon = conn->hcon;
Johan Hedberg23d0e122014-02-19 14:57:46 +02002530 struct smp_ltk *ltk;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03002531 u8 authenticated;
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002532
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002533 bt_dev_dbg(hdev, "conn %p", conn);
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002534
2535 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002536 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002537
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002538 /* Mark the information as received */
2539 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2540
Johan Hedbergb28b4942014-09-05 22:19:55 +03002541 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2542 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
Johan Hedberg196332f2014-09-09 16:21:46 -07002543 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2544 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002545
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002546 skb_pull(skb, sizeof(*rp));
2547
Marcel Holtmannce39fb42013-10-13 02:23:39 -07002548 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
Johan Hedberg2ceba532014-06-16 19:25:16 +03002549 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
Johan Hedberg23d0e122014-02-19 14:57:46 +02002550 authenticated, smp->tk, smp->enc_key_size,
2551 rp->ediv, rp->rand);
2552 smp->ltk = ltk;
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002553 if (!(smp->remote_key_dist & KEY_DIST_MASK))
Johan Hedbergd6268e82014-09-05 22:19:51 +03002554 smp_distribute_keys(smp);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002555
2556 return 0;
2557}
2558
Johan Hedbergfd349c02014-02-18 10:19:36 +02002559static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2560{
2561 struct smp_cmd_ident_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002562 struct l2cap_chan *chan = conn->smp;
2563 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002564
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002565 bt_dev_dbg(conn->hcon->hdev, "");
Johan Hedbergfd349c02014-02-18 10:19:36 +02002566
2567 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002568 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002569
Alain Michaud600a8742020-01-07 00:43:17 +00002570 /* Pairing is aborted if any blocked keys are distributed */
2571 if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2572 info->irk)) {
2573 bt_dev_warn_ratelimited(conn->hcon->hdev,
2574 "Identity key blocked for %pMR",
2575 &conn->hcon->dst);
2576 return SMP_INVALID_PARAMS;
2577 }
2578
Johan Hedbergb28b4942014-09-05 22:19:55 +03002579 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002580
Johan Hedbergfd349c02014-02-18 10:19:36 +02002581 skb_pull(skb, sizeof(*info));
2582
2583 memcpy(smp->irk, info->irk, 16);
2584
2585 return 0;
2586}
2587
2588static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2589 struct sk_buff *skb)
2590{
2591 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002592 struct l2cap_chan *chan = conn->smp;
2593 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002594 struct hci_conn *hcon = conn->hcon;
2595 bdaddr_t rpa;
2596
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002597 bt_dev_dbg(hcon->hdev, "");
Johan Hedbergfd349c02014-02-18 10:19:36 +02002598
2599 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002600 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002601
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002602 /* Mark the information as received */
2603 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2604
Johan Hedbergb28b4942014-09-05 22:19:55 +03002605 if (smp->remote_key_dist & SMP_DIST_SIGN)
2606 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2607
Johan Hedbergfd349c02014-02-18 10:19:36 +02002608 skb_pull(skb, sizeof(*info));
2609
Johan Hedberga9a58f82014-02-25 22:24:37 +02002610 /* Strictly speaking the Core Specification (4.1) allows sending
2611 * an empty address which would force us to rely on just the IRK
2612 * as "identity information". However, since such
2613 * implementations are not known of and in order to not over
2614 * complicate our implementation, simply pretend that we never
2615 * received an IRK for such a device.
Johan Hedberge12af4892015-01-14 20:51:37 +02002616 *
2617 * The Identity Address must also be a Static Random or Public
2618 * Address, which hci_is_identity_address() checks for.
Johan Hedberga9a58f82014-02-25 22:24:37 +02002619 */
Johan Hedberge12af4892015-01-14 20:51:37 +02002620 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2621 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01002622 bt_dev_err(hcon->hdev, "ignoring IRK with no identity address");
Johan Hedberg31dd6242014-06-27 14:23:02 +03002623 goto distribute;
Johan Hedberga9a58f82014-02-25 22:24:37 +02002624 }
2625
Szymon Janc1d87b882019-06-19 00:47:47 +02002626 /* Drop IRK if peer is using identity address during pairing but is
2627 * providing different address as identity information.
2628 *
2629 * Microsoft Surface Precision Mouse is known to have this bug.
2630 */
2631 if (hci_is_identity_address(&hcon->dst, hcon->dst_type) &&
2632 (bacmp(&info->bdaddr, &hcon->dst) ||
2633 info->addr_type != hcon->dst_type)) {
2634 bt_dev_err(hcon->hdev,
2635 "ignoring IRK with invalid identity address");
2636 goto distribute;
2637 }
2638
Johan Hedbergfd349c02014-02-18 10:19:36 +02002639 bacpy(&smp->id_addr, &info->bdaddr);
2640 smp->id_addr_type = info->addr_type;
2641
2642 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2643 bacpy(&rpa, &hcon->dst);
2644 else
2645 bacpy(&rpa, BDADDR_ANY);
2646
Johan Hedberg23d0e122014-02-19 14:57:46 +02002647 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2648 smp->id_addr_type, smp->irk, &rpa);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002649
Johan Hedberg31dd6242014-06-27 14:23:02 +03002650distribute:
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002651 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2652 smp_distribute_keys(smp);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002653
2654 return 0;
2655}
2656
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002657static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2658{
2659 struct smp_cmd_sign_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002660 struct l2cap_chan *chan = conn->smp;
2661 struct smp_chan *smp = chan->data;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002662 struct smp_csrk *csrk;
2663
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002664 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn);
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002665
2666 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002667 return SMP_INVALID_PARAMS;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002668
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002669 /* Mark the information as received */
2670 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2671
2672 skb_pull(skb, sizeof(*rp));
2673
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002674 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2675 if (csrk) {
Johan Hedberg4cd39282015-02-27 10:11:13 +02002676 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2677 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2678 else
2679 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002680 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2681 }
2682 smp->csrk = csrk;
Johan Hedbergd6268e82014-09-05 22:19:51 +03002683 smp_distribute_keys(smp);
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002684
2685 return 0;
2686}
2687
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002688static u8 sc_select_method(struct smp_chan *smp)
2689{
2690 struct l2cap_conn *conn = smp->conn;
2691 struct hci_conn *hcon = conn->hcon;
2692 struct smp_cmd_pairing *local, *remote;
2693 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2694
Johan Hedberg1a8bab42015-03-16 11:45:44 +02002695 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2696 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
Johan Hedberga29b0732014-10-28 15:17:05 +01002697 return REQ_OOB;
2698
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002699 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2700 * which are needed as inputs to some crypto functions. To get
2701 * the "struct smp_cmd_pairing" from them we need to skip the
2702 * first byte which contains the opcode.
2703 */
2704 if (hcon->out) {
2705 local = (void *) &smp->preq[1];
2706 remote = (void *) &smp->prsp[1];
2707 } else {
2708 local = (void *) &smp->prsp[1];
2709 remote = (void *) &smp->preq[1];
2710 }
2711
2712 local_io = local->io_capability;
2713 remote_io = remote->io_capability;
2714
2715 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2716 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2717
2718 /* If either side wants MITM, look up the method from the table,
2719 * otherwise use JUST WORKS.
2720 */
2721 if (local_mitm || remote_mitm)
2722 method = get_auth_method(smp, local_io, remote_io);
2723 else
2724 method = JUST_WORKS;
2725
2726 /* Don't confirm locally initiated pairing attempts */
2727 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2728 method = JUST_WORKS;
2729
2730 return method;
2731}
2732
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002733static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2734{
2735 struct smp_cmd_public_key *key = (void *) skb->data;
2736 struct hci_conn *hcon = conn->hcon;
2737 struct l2cap_chan *chan = conn->smp;
2738 struct smp_chan *smp = chan->data;
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002739 struct hci_dev *hdev = hcon->hdev;
Tudor Ambarusc0153b02017-09-28 17:14:55 +03002740 struct crypto_kpp *tfm_ecdh;
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002741 struct smp_cmd_pairing_confirm cfm;
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002742 int err;
2743
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002744 bt_dev_dbg(hdev, "conn %p", conn);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002745
2746 if (skb->len < sizeof(*key))
2747 return SMP_INVALID_PARAMS;
2748
Luiz Augusto von Dentz6d19628f2021-03-10 14:13:08 -08002749 /* Check if remote and local public keys are the same and debug key is
2750 * not in use.
2751 */
2752 if (!test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags) &&
2753 !crypto_memneq(key, smp->local_pk, 64)) {
2754 bt_dev_err(hdev, "Remote and local public keys are identical");
2755 return SMP_UNSPECIFIED;
2756 }
2757
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002758 memcpy(smp->remote_pk, key, 64);
2759
Johan Hedberga8ca6172015-03-16 18:12:57 +02002760 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2761 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2762 smp->rr, 0, cfm.confirm_val);
2763 if (err)
2764 return SMP_UNSPECIFIED;
2765
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02002766 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
Johan Hedberga8ca6172015-03-16 18:12:57 +02002767 return SMP_CONFIRM_FAILED;
2768 }
2769
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002770 /* Non-initiating device sends its public key after receiving
2771 * the key from the initiating device.
2772 */
2773 if (!hcon->out) {
2774 err = sc_send_public_key(smp);
2775 if (err)
2776 return err;
2777 }
2778
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002779 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
Marcel Holtmanne0915262015-03-16 12:34:55 -07002780 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002781
Tudor Ambarusc0153b02017-09-28 17:14:55 +03002782 /* Compute the shared secret on the same crypto tfm on which the private
2783 * key was set/generated.
2784 */
2785 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
Matias Karhumaa4ba51752018-09-11 14:10:13 +03002786 struct l2cap_chan *hchan = hdev->smp_data;
2787 struct smp_dev *smp_dev;
2788
2789 if (!hchan || !hchan->data)
2790 return SMP_UNSPECIFIED;
2791
2792 smp_dev = hchan->data;
Tudor Ambarusc0153b02017-09-28 17:14:55 +03002793
2794 tfm_ecdh = smp_dev->tfm_ecdh;
2795 } else {
2796 tfm_ecdh = smp->tfm_ecdh;
2797 }
2798
2799 if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey))
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002800 return SMP_UNSPECIFIED;
2801
Johan Hedbergc7a3d572014-12-01 22:03:16 +02002802 SMP_DBG("DHKey %32phN", smp->dhkey);
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002803
2804 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2805
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002806 smp->method = sc_select_method(smp);
2807
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002808 bt_dev_dbg(hdev, "selected method 0x%02x", smp->method);
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002809
2810 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2811 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2812 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2813 else
2814 hcon->pending_sec_level = BT_SECURITY_FIPS;
2815
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02002816 if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
Johan Hedbergaeb7d462014-05-31 18:52:28 +03002817 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2818
Johan Hedberg38606f12014-06-25 11:10:28 +03002819 if (smp->method == DSP_PASSKEY) {
2820 get_random_bytes(&hcon->passkey_notify,
2821 sizeof(hcon->passkey_notify));
2822 hcon->passkey_notify %= 1000000;
2823 hcon->passkey_entered = 0;
2824 smp->passkey_round = 0;
2825 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2826 hcon->dst_type,
2827 hcon->passkey_notify,
2828 hcon->passkey_entered))
2829 return SMP_UNSPECIFIED;
2830 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2831 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2832 }
2833
Johan Hedberg94ea7252015-03-16 11:45:46 +02002834 if (smp->method == REQ_OOB) {
Johan Hedberga29b0732014-10-28 15:17:05 +01002835 if (hcon->out)
2836 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2837 sizeof(smp->prnd), smp->prnd);
2838
2839 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2840
2841 return 0;
2842 }
2843
Johan Hedberg38606f12014-06-25 11:10:28 +03002844 if (hcon->out)
2845 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2846
2847 if (smp->method == REQ_PASSKEY) {
2848 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2849 hcon->dst_type))
2850 return SMP_UNSPECIFIED;
2851 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2852 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2853 return 0;
2854 }
2855
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002856 /* The Initiating device waits for the non-initiating device to
2857 * send the confirm value.
2858 */
2859 if (conn->hcon->out)
2860 return 0;
2861
2862 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2863 0, cfm.confirm_val);
2864 if (err)
2865 return SMP_UNSPECIFIED;
2866
2867 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2868 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2869
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002870 return 0;
2871}
2872
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002873static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2874{
2875 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2876 struct l2cap_chan *chan = conn->smp;
2877 struct hci_conn *hcon = conn->hcon;
2878 struct smp_chan *smp = chan->data;
2879 u8 a[7], b[7], *local_addr, *remote_addr;
2880 u8 io_cap[3], r[16], e[16];
2881 int err;
2882
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002883 bt_dev_dbg(hcon->hdev, "conn %p", conn);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002884
2885 if (skb->len < sizeof(*check))
2886 return SMP_INVALID_PARAMS;
2887
2888 memcpy(a, &hcon->init_addr, 6);
2889 memcpy(b, &hcon->resp_addr, 6);
2890 a[6] = hcon->init_addr_type;
2891 b[6] = hcon->resp_addr_type;
2892
2893 if (hcon->out) {
2894 local_addr = a;
2895 remote_addr = b;
2896 memcpy(io_cap, &smp->prsp[1], 3);
2897 } else {
2898 local_addr = b;
2899 remote_addr = a;
2900 memcpy(io_cap, &smp->preq[1], 3);
2901 }
2902
2903 memset(r, 0, sizeof(r));
2904
Johan Hedberg38606f12014-06-25 11:10:28 +03002905 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2906 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg882fafa2015-03-16 11:45:43 +02002907 else if (smp->method == REQ_OOB)
2908 memcpy(r, smp->lr, 16);
Johan Hedberg38606f12014-06-25 11:10:28 +03002909
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002910 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2911 io_cap, remote_addr, local_addr, e);
2912 if (err)
2913 return SMP_UNSPECIFIED;
2914
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02002915 if (crypto_memneq(check->e, e, 16))
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002916 return SMP_DHKEY_CHECK_FAILED;
2917
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002918 if (!hcon->out) {
2919 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2920 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2921 return 0;
2922 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002923
Archie Pusakafad646e2021-05-31 16:37:25 +08002924 /* Responder sends DHKey check as response to initiator */
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002925 sc_dhkey_check(smp);
2926 }
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002927
Johan Hedbergd3e54a82014-06-04 11:07:40 +03002928 sc_add_ltk(smp);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002929
2930 if (hcon->out) {
Johan Hedberg8b76ce32015-06-08 18:14:39 +03002931 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002932 hcon->enc_key_size = smp->enc_key_size;
2933 }
2934
2935 return 0;
2936}
2937
Johan Hedberg1408bb62014-06-04 22:45:57 +03002938static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2939 struct sk_buff *skb)
2940{
2941 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2942
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07002943 bt_dev_dbg(conn->hcon->hdev, "value 0x%02x", kp->value);
Johan Hedberg1408bb62014-06-04 22:45:57 +03002944
2945 return 0;
2946}
2947
Johan Hedberg4befb862014-08-11 22:06:38 +03002948static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002949{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002950 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002951 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002952 struct smp_chan *smp;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002953 __u8 code, reason;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002954 int err = 0;
2955
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002956 if (skb->len < 1)
Marcel Holtmann92381f52013-10-03 01:23:08 -07002957 return -EILSEQ;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002958
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07002959 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002960 reason = SMP_PAIRING_NOTSUPP;
2961 goto done;
2962 }
2963
Marcel Holtmann92381f52013-10-03 01:23:08 -07002964 code = skb->data[0];
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002965 skb_pull(skb, sizeof(code));
2966
Johan Hedbergb28b4942014-09-05 22:19:55 +03002967 smp = chan->data;
2968
2969 if (code > SMP_CMD_MAX)
2970 goto drop;
2971
Johan Hedberg24bd0bd2014-09-10 17:37:43 -07002972 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
Johan Hedbergb28b4942014-09-05 22:19:55 +03002973 goto drop;
2974
2975 /* If we don't have a context the only allowed commands are
2976 * pairing request and security request.
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002977 */
Johan Hedbergb28b4942014-09-05 22:19:55 +03002978 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2979 goto drop;
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002980
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002981 switch (code) {
2982 case SMP_CMD_PAIRING_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002983 reason = smp_cmd_pairing_req(conn, skb);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002984 break;
2985
2986 case SMP_CMD_PAIRING_FAIL:
Johan Hedberg84794e12013-11-06 11:24:57 +02002987 smp_failure(conn, 0);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002988 err = -EPERM;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002989 break;
2990
2991 case SMP_CMD_PAIRING_RSP:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002992 reason = smp_cmd_pairing_rsp(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002993 break;
2994
2995 case SMP_CMD_SECURITY_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002996 reason = smp_cmd_security_req(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002997 break;
2998
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002999 case SMP_CMD_PAIRING_CONFIRM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03003000 reason = smp_cmd_pairing_confirm(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03003001 break;
3002
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003003 case SMP_CMD_PAIRING_RANDOM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03003004 reason = smp_cmd_pairing_random(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03003005 break;
3006
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003007 case SMP_CMD_ENCRYPT_INFO:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03003008 reason = smp_cmd_encrypt_info(conn, skb);
3009 break;
3010
Archie Pusakafad646e2021-05-31 16:37:25 +08003011 case SMP_CMD_INITIATOR_IDENT:
3012 reason = smp_cmd_initiator_ident(conn, skb);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03003013 break;
3014
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003015 case SMP_CMD_IDENT_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02003016 reason = smp_cmd_ident_info(conn, skb);
3017 break;
3018
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003019 case SMP_CMD_IDENT_ADDR_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02003020 reason = smp_cmd_ident_addr_info(conn, skb);
3021 break;
3022
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003023 case SMP_CMD_SIGN_INFO:
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07003024 reason = smp_cmd_sign_info(conn, skb);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03003025 break;
3026
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03003027 case SMP_CMD_PUBLIC_KEY:
3028 reason = smp_cmd_public_key(conn, skb);
3029 break;
3030
Johan Hedberg6433a9a2014-06-06 11:47:30 +03003031 case SMP_CMD_DHKEY_CHECK:
3032 reason = smp_cmd_dhkey_check(conn, skb);
3033 break;
3034
Johan Hedberg1408bb62014-06-04 22:45:57 +03003035 case SMP_CMD_KEYPRESS_NOTIFY:
3036 reason = smp_cmd_keypress_notify(conn, skb);
3037 break;
3038
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003039 default:
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003040 bt_dev_dbg(hcon->hdev, "Unknown command code 0x%2.2x", code);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003041 reason = SMP_CMD_NOTSUPP;
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03003042 goto done;
3043 }
3044
3045done:
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03003046 if (!err) {
3047 if (reason)
3048 smp_failure(conn, reason);
Johan Hedberg8ae9b982014-08-11 22:06:39 +03003049 kfree_skb(skb);
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03003050 }
3051
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003052 return err;
Johan Hedbergb28b4942014-09-05 22:19:55 +03003053
3054drop:
Marcel Holtmann2064ee32017-10-30 10:42:59 +01003055 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR",
3056 code, &hcon->dst);
Johan Hedbergb28b4942014-09-05 22:19:55 +03003057 kfree_skb(skb);
3058 return 0;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03003059}
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03003060
Johan Hedberg70db83c2014-08-08 09:37:16 +03003061static void smp_teardown_cb(struct l2cap_chan *chan, int err)
3062{
3063 struct l2cap_conn *conn = chan->conn;
3064
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003065 bt_dev_dbg(conn->hcon->hdev, "chan %p", chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003066
Johan Hedbergfc75cc82014-09-05 22:19:52 +03003067 if (chan->data)
Johan Hedberg5d88cc72014-08-08 09:37:18 +03003068 smp_chan_destroy(conn);
Johan Hedberg5d88cc72014-08-08 09:37:18 +03003069
Johan Hedberg70db83c2014-08-08 09:37:16 +03003070 conn->smp = NULL;
3071 l2cap_chan_put(chan);
3072}
3073
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003074static void bredr_pairing(struct l2cap_chan *chan)
3075{
3076 struct l2cap_conn *conn = chan->conn;
3077 struct hci_conn *hcon = conn->hcon;
3078 struct hci_dev *hdev = hcon->hdev;
3079 struct smp_cmd_pairing req;
3080 struct smp_chan *smp;
3081
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003082 bt_dev_dbg(hdev, "chan %p", chan);
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003083
3084 /* Only new pairings are interesting */
3085 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
3086 return;
3087
3088 /* Don't bother if we're not encrypted */
3089 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3090 return;
3091
Archie Pusaka74be5232021-06-04 16:26:25 +08003092 /* Only initiator may initiate SMP over BR/EDR */
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003093 if (hcon->role != HCI_ROLE_MASTER)
3094 return;
3095
3096 /* Secure Connections support must be enabled */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07003097 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003098 return;
3099
3100 /* BR/EDR must use Secure Connections for SMP */
3101 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003102 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003103 return;
3104
3105 /* If our LE support is not enabled don't do anything */
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07003106 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003107 return;
3108
3109 /* Don't bother if remote LE support is not enabled */
3110 if (!lmp_host_le_capable(hcon))
3111 return;
3112
3113 /* Remote must support SMP fixed chan for BR/EDR */
3114 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
3115 return;
3116
3117 /* Don't bother if SMP is already ongoing */
3118 if (chan->data)
3119 return;
3120
3121 smp = smp_chan_create(conn);
3122 if (!smp) {
Marcel Holtmann2064ee32017-10-30 10:42:59 +01003123 bt_dev_err(hdev, "unable to create SMP context for BR/EDR");
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003124 return;
3125 }
3126
3127 set_bit(SMP_FLAG_SC, &smp->flags);
3128
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003129 bt_dev_dbg(hdev, "starting SMP over BR/EDR");
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003130
3131 /* Prepare and send the BR/EDR SMP Pairing Request */
3132 build_bredr_pairing_cmd(smp, &req, NULL);
3133
3134 smp->preq[0] = SMP_CMD_PAIRING_REQ;
3135 memcpy(&smp->preq[1], &req, sizeof(req));
3136
3137 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
3138 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
3139}
3140
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003141static void smp_resume_cb(struct l2cap_chan *chan)
3142{
Johan Hedbergb68fda62014-08-11 22:06:40 +03003143 struct smp_chan *smp = chan->data;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003144 struct l2cap_conn *conn = chan->conn;
3145 struct hci_conn *hcon = conn->hcon;
3146
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003147 bt_dev_dbg(hcon->hdev, "chan %p", chan);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003148
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003149 if (hcon->type == ACL_LINK) {
3150 bredr_pairing(chan);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003151 return;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003152 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003153
Johan Hedberg86d14072014-08-11 22:06:43 +03003154 if (!smp)
3155 return;
Johan Hedbergb68fda62014-08-11 22:06:40 +03003156
Johan Hedberg84bc0db2014-09-05 22:19:49 +03003157 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3158 return;
3159
Johan Hedberg86d14072014-08-11 22:06:43 +03003160 cancel_delayed_work(&smp->security_timer);
3161
Johan Hedbergd6268e82014-09-05 22:19:51 +03003162 smp_distribute_keys(smp);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003163}
3164
Johan Hedberg70db83c2014-08-08 09:37:16 +03003165static void smp_ready_cb(struct l2cap_chan *chan)
3166{
3167 struct l2cap_conn *conn = chan->conn;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003168 struct hci_conn *hcon = conn->hcon;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003169
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003170 bt_dev_dbg(hcon->hdev, "chan %p", chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003171
Johan Hedberg78837462015-11-11 21:47:12 +02003172 /* No need to call l2cap_chan_hold() here since we already own
3173 * the reference taken in smp_new_conn_cb(). This is just the
3174 * first time that we tie it to a specific pointer. The code in
3175 * l2cap_core.c ensures that there's no risk this function wont
3176 * get called if smp_new_conn_cb was previously called.
3177 */
Johan Hedberg70db83c2014-08-08 09:37:16 +03003178 conn->smp = chan;
Johan Hedbergb5ae3442014-08-14 12:34:26 +03003179
3180 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3181 bredr_pairing(chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003182}
3183
Johan Hedberg4befb862014-08-11 22:06:38 +03003184static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3185{
3186 int err;
3187
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003188 bt_dev_dbg(chan->conn->hcon->hdev, "chan %p", chan);
Johan Hedberg4befb862014-08-11 22:06:38 +03003189
3190 err = smp_sig_channel(chan, skb);
3191 if (err) {
Johan Hedbergb68fda62014-08-11 22:06:40 +03003192 struct smp_chan *smp = chan->data;
Johan Hedberg4befb862014-08-11 22:06:38 +03003193
Johan Hedbergb68fda62014-08-11 22:06:40 +03003194 if (smp)
3195 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg4befb862014-08-11 22:06:38 +03003196
Johan Hedberg1e91c292014-08-18 20:33:29 +03003197 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
Johan Hedberg4befb862014-08-11 22:06:38 +03003198 }
3199
3200 return err;
3201}
3202
Johan Hedberg70db83c2014-08-08 09:37:16 +03003203static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3204 unsigned long hdr_len,
3205 unsigned long len, int nb)
3206{
3207 struct sk_buff *skb;
3208
3209 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3210 if (!skb)
3211 return ERR_PTR(-ENOMEM);
3212
3213 skb->priority = HCI_PRIO_MAX;
Johan Hedberga4368ff2015-03-30 23:21:01 +03003214 bt_cb(skb)->l2cap.chan = chan;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003215
3216 return skb;
3217}
3218
3219static const struct l2cap_ops smp_chan_ops = {
3220 .name = "Security Manager",
3221 .ready = smp_ready_cb,
Johan Hedberg5d88cc72014-08-08 09:37:18 +03003222 .recv = smp_recv_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003223 .alloc_skb = smp_alloc_skb_cb,
3224 .teardown = smp_teardown_cb,
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03003225 .resume = smp_resume_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003226
3227 .new_connection = l2cap_chan_no_new_connection,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003228 .state_change = l2cap_chan_no_state_change,
3229 .close = l2cap_chan_no_close,
3230 .defer = l2cap_chan_no_defer,
3231 .suspend = l2cap_chan_no_suspend,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003232 .set_shutdown = l2cap_chan_no_set_shutdown,
3233 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003234};
3235
3236static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3237{
3238 struct l2cap_chan *chan;
3239
Luiz Augusto von Dentz995fca12021-06-14 10:46:44 -07003240 BT_DBG("pchan %p", pchan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003241
3242 chan = l2cap_chan_create();
3243 if (!chan)
3244 return NULL;
3245
3246 chan->chan_type = pchan->chan_type;
3247 chan->ops = &smp_chan_ops;
3248 chan->scid = pchan->scid;
3249 chan->dcid = chan->scid;
3250 chan->imtu = pchan->imtu;
3251 chan->omtu = pchan->omtu;
3252 chan->mode = pchan->mode;
3253
Johan Hedbergabe84902014-11-12 22:22:21 +02003254 /* Other L2CAP channels may request SMP routines in order to
3255 * change the security level. This means that the SMP channel
3256 * lock must be considered in its own category to avoid lockdep
3257 * warnings.
3258 */
3259 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3260
Luiz Augusto von Dentz995fca12021-06-14 10:46:44 -07003261 BT_DBG("created chan %p", chan);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003262
3263 return chan;
3264}
3265
3266static const struct l2cap_ops smp_root_chan_ops = {
3267 .name = "Security Manager Root",
3268 .new_connection = smp_new_conn_cb,
3269
3270 /* None of these are implemented for the root channel */
3271 .close = l2cap_chan_no_close,
3272 .alloc_skb = l2cap_chan_no_alloc_skb,
3273 .recv = l2cap_chan_no_recv,
3274 .state_change = l2cap_chan_no_state_change,
3275 .teardown = l2cap_chan_no_teardown,
3276 .ready = l2cap_chan_no_ready,
3277 .defer = l2cap_chan_no_defer,
3278 .suspend = l2cap_chan_no_suspend,
3279 .resume = l2cap_chan_no_resume,
3280 .set_shutdown = l2cap_chan_no_set_shutdown,
3281 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
Johan Hedberg70db83c2014-08-08 09:37:16 +03003282};
3283
Johan Hedbergef8efe42014-08-13 15:12:32 +03003284static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003285{
Johan Hedberg70db83c2014-08-08 09:37:16 +03003286 struct l2cap_chan *chan;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003287 struct smp_dev *smp;
Herbert Xu71af2f62016-01-24 21:18:30 +08003288 struct crypto_shash *tfm_cmac;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003289 struct crypto_kpp *tfm_ecdh;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003290
Johan Hedbergef8efe42014-08-13 15:12:32 +03003291 if (cid == L2CAP_CID_SMP_BREDR) {
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003292 smp = NULL;
Johan Hedbergef8efe42014-08-13 15:12:32 +03003293 goto create_chan;
3294 }
Johan Hedberg711eafe2014-08-08 09:32:52 +03003295
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003296 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3297 if (!smp)
3298 return ERR_PTR(-ENOMEM);
3299
Herbert Xu71af2f62016-01-24 21:18:30 +08003300 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Marcel Holtmann6e2dc6d12015-03-16 01:10:21 -07003301 if (IS_ERR(tfm_cmac)) {
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003302 bt_dev_err(hdev, "Unable to create CMAC crypto context");
Waiman Long453431a2020-08-06 23:18:13 -07003303 kfree_sensitive(smp);
Marcel Holtmann6e2dc6d12015-03-16 01:10:21 -07003304 return ERR_CAST(tfm_cmac);
3305 }
3306
Meng Yu6763f5e2021-03-04 14:35:46 +08003307 tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003308 if (IS_ERR(tfm_ecdh)) {
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003309 bt_dev_err(hdev, "Unable to create ECDH crypto context");
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003310 crypto_free_shash(tfm_cmac);
Waiman Long453431a2020-08-06 23:18:13 -07003311 kfree_sensitive(smp);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003312 return ERR_CAST(tfm_ecdh);
3313 }
3314
Johan Hedberg94f14e42018-09-11 14:10:12 +03003315 smp->local_oob = false;
Marcel Holtmann6e2dc6d12015-03-16 01:10:21 -07003316 smp->tfm_cmac = tfm_cmac;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003317 smp->tfm_ecdh = tfm_ecdh;
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003318
Johan Hedbergef8efe42014-08-13 15:12:32 +03003319create_chan:
Johan Hedberg70db83c2014-08-08 09:37:16 +03003320 chan = l2cap_chan_create();
3321 if (!chan) {
Marcel Holtmann63511f6d2015-03-17 11:38:24 -07003322 if (smp) {
Herbert Xu71af2f62016-01-24 21:18:30 +08003323 crypto_free_shash(smp->tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003324 crypto_free_kpp(smp->tfm_ecdh);
Waiman Long453431a2020-08-06 23:18:13 -07003325 kfree_sensitive(smp);
Marcel Holtmann63511f6d2015-03-17 11:38:24 -07003326 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003327 return ERR_PTR(-ENOMEM);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003328 }
3329
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003330 chan->data = smp;
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003331
Johan Hedbergef8efe42014-08-13 15:12:32 +03003332 l2cap_add_scid(chan, cid);
Johan Hedberg70db83c2014-08-08 09:37:16 +03003333
3334 l2cap_chan_set_defaults(chan);
3335
Marcel Holtmann157029b2015-01-14 15:43:09 -08003336 if (cid == L2CAP_CID_SMP) {
Johan Hedberg39e3e742015-02-20 13:48:24 +02003337 u8 bdaddr_type;
3338
3339 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3340
3341 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
Marcel Holtmann157029b2015-01-14 15:43:09 -08003342 chan->src_type = BDADDR_LE_PUBLIC;
Johan Hedberg39e3e742015-02-20 13:48:24 +02003343 else
3344 chan->src_type = BDADDR_LE_RANDOM;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003345 } else {
3346 bacpy(&chan->src, &hdev->bdaddr);
Johan Hedbergef8efe42014-08-13 15:12:32 +03003347 chan->src_type = BDADDR_BREDR;
Marcel Holtmann157029b2015-01-14 15:43:09 -08003348 }
3349
Johan Hedberg70db83c2014-08-08 09:37:16 +03003350 chan->state = BT_LISTEN;
3351 chan->mode = L2CAP_MODE_BASIC;
3352 chan->imtu = L2CAP_DEFAULT_MTU;
3353 chan->ops = &smp_root_chan_ops;
3354
Johan Hedbergabe84902014-11-12 22:22:21 +02003355 /* Set correct nesting level for a parent/listening channel */
3356 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3357
Johan Hedbergef8efe42014-08-13 15:12:32 +03003358 return chan;
Johan Hedberg711eafe2014-08-08 09:32:52 +03003359}
3360
Johan Hedbergef8efe42014-08-13 15:12:32 +03003361static void smp_del_chan(struct l2cap_chan *chan)
Johan Hedberg711eafe2014-08-08 09:32:52 +03003362{
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003363 struct smp_dev *smp;
Johan Hedberg70db83c2014-08-08 09:37:16 +03003364
Luiz Augusto von Dentz995fca12021-06-14 10:46:44 -07003365 BT_DBG("chan %p", chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003366
Marcel Holtmann88a479d2015-03-16 01:10:19 -07003367 smp = chan->data;
3368 if (smp) {
Johan Hedbergdefce9e2014-08-08 09:37:17 +03003369 chan->data = NULL;
Herbert Xu71af2f62016-01-24 21:18:30 +08003370 crypto_free_shash(smp->tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003371 crypto_free_kpp(smp->tfm_ecdh);
Waiman Long453431a2020-08-06 23:18:13 -07003372 kfree_sensitive(smp);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003373 }
Johan Hedberg70db83c2014-08-08 09:37:16 +03003374
Johan Hedberg70db83c2014-08-08 09:37:16 +03003375 l2cap_chan_put(chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03003376}
Johan Hedbergef8efe42014-08-13 15:12:32 +03003377
Claire Chang82493312020-09-29 16:03:24 +08003378int smp_force_bredr(struct hci_dev *hdev, bool enable)
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003379{
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003380 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003381 return -EALREADY;
3382
3383 if (enable) {
3384 struct l2cap_chan *chan;
3385
3386 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3387 if (IS_ERR(chan))
3388 return PTR_ERR(chan);
3389
3390 hdev->smp_bredr_data = chan;
3391 } else {
3392 struct l2cap_chan *chan;
3393
3394 chan = hdev->smp_bredr_data;
3395 hdev->smp_bredr_data = NULL;
3396 smp_del_chan(chan);
3397 }
3398
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07003399 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003400
Claire Chang82493312020-09-29 16:03:24 +08003401 return 0;
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003402}
3403
Johan Hedbergef8efe42014-08-13 15:12:32 +03003404int smp_register(struct hci_dev *hdev)
3405{
3406 struct l2cap_chan *chan;
3407
Luiz Augusto von Dentz2e1614f2021-03-15 14:39:29 -07003408 bt_dev_dbg(hdev, "");
Johan Hedbergef8efe42014-08-13 15:12:32 +03003409
Marcel Holtmann7e7ec442015-01-14 15:43:10 -08003410 /* If the controller does not support Low Energy operation, then
3411 * there is also no need to register any SMP channel.
3412 */
3413 if (!lmp_le_capable(hdev))
3414 return 0;
3415
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003416 if (WARN_ON(hdev->smp_data)) {
3417 chan = hdev->smp_data;
3418 hdev->smp_data = NULL;
3419 smp_del_chan(chan);
3420 }
3421
Johan Hedbergef8efe42014-08-13 15:12:32 +03003422 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3423 if (IS_ERR(chan))
3424 return PTR_ERR(chan);
3425
3426 hdev->smp_data = chan;
3427
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003428 if (!lmp_sc_capable(hdev)) {
Szymon Janc83ebb9e2016-09-09 20:24:40 +02003429 /* Flag can be already set here (due to power toggle) */
3430 if (!hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3431 return 0;
Marcel Holtmann300acfde2014-12-31 14:43:16 -08003432 }
Johan Hedbergef8efe42014-08-13 15:12:32 +03003433
Marcel Holtmann2b8df322015-01-15 08:04:21 -08003434 if (WARN_ON(hdev->smp_bredr_data)) {
3435 chan = hdev->smp_bredr_data;
3436 hdev->smp_bredr_data = NULL;
3437 smp_del_chan(chan);
3438 }
3439
Johan Hedbergef8efe42014-08-13 15:12:32 +03003440 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3441 if (IS_ERR(chan)) {
3442 int err = PTR_ERR(chan);
3443 chan = hdev->smp_data;
3444 hdev->smp_data = NULL;
3445 smp_del_chan(chan);
3446 return err;
3447 }
3448
3449 hdev->smp_bredr_data = chan;
3450
3451 return 0;
3452}
3453
3454void smp_unregister(struct hci_dev *hdev)
3455{
3456 struct l2cap_chan *chan;
3457
3458 if (hdev->smp_bredr_data) {
3459 chan = hdev->smp_bredr_data;
3460 hdev->smp_bredr_data = NULL;
3461 smp_del_chan(chan);
3462 }
3463
3464 if (hdev->smp_data) {
3465 chan = hdev->smp_data;
3466 hdev->smp_data = NULL;
3467 smp_del_chan(chan);
3468 }
3469}
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003470
3471#if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3472
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003473static int __init test_debug_key(struct crypto_kpp *tfm_ecdh)
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003474{
Tudor Ambarusc0153b02017-09-28 17:14:55 +03003475 u8 pk[64];
Tudor Ambarusa2976412017-09-28 17:14:52 +03003476 int err;
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003477
Tudor Ambarusc0153b02017-09-28 17:14:55 +03003478 err = set_ecdh_privkey(tfm_ecdh, debug_sk);
Tudor Ambarusa2976412017-09-28 17:14:52 +03003479 if (err)
3480 return err;
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003481
Tudor Ambarusc0153b02017-09-28 17:14:55 +03003482 err = generate_ecdh_public_key(tfm_ecdh, pk);
3483 if (err)
3484 return err;
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003485
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003486 if (crypto_memneq(pk, debug_pk, 64))
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003487 return -EINVAL;
3488
3489 return 0;
3490}
3491
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003492static int __init test_ah(void)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003493{
3494 const u8 irk[16] = {
3495 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3496 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3497 const u8 r[3] = { 0x94, 0x81, 0x70 };
3498 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3499 u8 res[3];
3500 int err;
3501
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003502 err = smp_ah(irk, r, res);
Johan Hedbergcfc41982014-12-30 09:50:40 +02003503 if (err)
3504 return err;
3505
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003506 if (crypto_memneq(res, exp, 3))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003507 return -EINVAL;
3508
3509 return 0;
3510}
3511
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003512static int __init test_c1(void)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003513{
3514 const u8 k[16] = {
3515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3517 const u8 r[16] = {
3518 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3519 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3520 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3521 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3522 const u8 _iat = 0x01;
3523 const u8 _rat = 0x00;
3524 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3525 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3526 const u8 exp[16] = {
3527 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3528 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3529 u8 res[16];
3530 int err;
3531
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003532 err = smp_c1(k, r, preq, pres, _iat, &ia, _rat, &ra, res);
Johan Hedbergcfc41982014-12-30 09:50:40 +02003533 if (err)
3534 return err;
3535
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003536 if (crypto_memneq(res, exp, 16))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003537 return -EINVAL;
3538
3539 return 0;
3540}
3541
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003542static int __init test_s1(void)
Johan Hedbergcfc41982014-12-30 09:50:40 +02003543{
3544 const u8 k[16] = {
3545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3547 const u8 r1[16] = {
3548 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3549 const u8 r2[16] = {
3550 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3551 const u8 exp[16] = {
3552 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3553 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3554 u8 res[16];
3555 int err;
3556
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003557 err = smp_s1(k, r1, r2, res);
Johan Hedbergcfc41982014-12-30 09:50:40 +02003558 if (err)
3559 return err;
3560
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003561 if (crypto_memneq(res, exp, 16))
Johan Hedbergcfc41982014-12-30 09:50:40 +02003562 return -EINVAL;
3563
3564 return 0;
3565}
3566
Herbert Xu71af2f62016-01-24 21:18:30 +08003567static int __init test_f4(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003568{
3569 const u8 u[32] = {
3570 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3571 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3572 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3573 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3574 const u8 v[32] = {
3575 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3576 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3577 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3578 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3579 const u8 x[16] = {
3580 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3581 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3582 const u8 z = 0x00;
3583 const u8 exp[16] = {
3584 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3585 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3586 u8 res[16];
3587 int err;
3588
3589 err = smp_f4(tfm_cmac, u, v, x, z, res);
3590 if (err)
3591 return err;
3592
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003593 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003594 return -EINVAL;
3595
3596 return 0;
3597}
3598
Herbert Xu71af2f62016-01-24 21:18:30 +08003599static int __init test_f5(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003600{
3601 const u8 w[32] = {
3602 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3603 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3604 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3605 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3606 const u8 n1[16] = {
3607 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3608 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3609 const u8 n2[16] = {
3610 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3611 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3612 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3613 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3614 const u8 exp_ltk[16] = {
3615 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3616 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3617 const u8 exp_mackey[16] = {
3618 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3619 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3620 u8 mackey[16], ltk[16];
3621 int err;
3622
3623 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3624 if (err)
3625 return err;
3626
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003627 if (crypto_memneq(mackey, exp_mackey, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003628 return -EINVAL;
3629
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003630 if (crypto_memneq(ltk, exp_ltk, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003631 return -EINVAL;
3632
3633 return 0;
3634}
3635
Herbert Xu71af2f62016-01-24 21:18:30 +08003636static int __init test_f6(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003637{
3638 const u8 w[16] = {
3639 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3640 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3641 const u8 n1[16] = {
3642 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3643 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3644 const u8 n2[16] = {
3645 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3646 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3647 const u8 r[16] = {
3648 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3649 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3650 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3651 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3652 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3653 const u8 exp[16] = {
3654 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3655 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3656 u8 res[16];
3657 int err;
3658
3659 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3660 if (err)
3661 return err;
3662
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003663 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003664 return -EINVAL;
3665
3666 return 0;
3667}
3668
Herbert Xu71af2f62016-01-24 21:18:30 +08003669static int __init test_g2(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003670{
3671 const u8 u[32] = {
3672 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3673 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3674 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3675 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3676 const u8 v[32] = {
3677 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3678 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3679 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3680 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3681 const u8 x[16] = {
3682 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3683 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3684 const u8 y[16] = {
3685 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3686 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3687 const u32 exp_val = 0x2f9ed5ba % 1000000;
3688 u32 val;
3689 int err;
3690
3691 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3692 if (err)
3693 return err;
3694
3695 if (val != exp_val)
3696 return -EINVAL;
3697
3698 return 0;
3699}
3700
Herbert Xu71af2f62016-01-24 21:18:30 +08003701static int __init test_h6(struct crypto_shash *tfm_cmac)
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003702{
3703 const u8 w[16] = {
3704 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3705 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3706 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3707 const u8 exp[16] = {
3708 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3709 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3710 u8 res[16];
3711 int err;
3712
3713 err = smp_h6(tfm_cmac, w, key_id, res);
3714 if (err)
3715 return err;
3716
Jason A. Donenfeld329d8232017-06-10 04:59:11 +02003717 if (crypto_memneq(res, exp, 16))
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003718 return -EINVAL;
3719
3720 return 0;
3721}
3722
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003723static char test_smp_buffer[32];
3724
3725static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3726 size_t count, loff_t *ppos)
3727{
3728 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3729 strlen(test_smp_buffer));
3730}
3731
3732static const struct file_operations test_smp_fops = {
3733 .open = simple_open,
3734 .read = test_smp_read,
3735 .llseek = default_llseek,
3736};
3737
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003738static int __init run_selftests(struct crypto_shash *tfm_cmac,
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003739 struct crypto_kpp *tfm_ecdh)
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003740{
Marcel Holtmann255047b2014-12-30 00:11:20 -08003741 ktime_t calltime, delta, rettime;
3742 unsigned long long duration;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003743 int err;
3744
Marcel Holtmann255047b2014-12-30 00:11:20 -08003745 calltime = ktime_get();
3746
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003747 err = test_debug_key(tfm_ecdh);
Marcel Holtmann71653eb2017-04-30 06:51:41 -07003748 if (err) {
3749 BT_ERR("debug_key test failed");
3750 goto done;
3751 }
3752
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003753 err = test_ah();
Johan Hedbergcfc41982014-12-30 09:50:40 +02003754 if (err) {
3755 BT_ERR("smp_ah test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003756 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003757 }
3758
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003759 err = test_c1();
Johan Hedbergcfc41982014-12-30 09:50:40 +02003760 if (err) {
3761 BT_ERR("smp_c1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003762 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003763 }
3764
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003765 err = test_s1();
Johan Hedbergcfc41982014-12-30 09:50:40 +02003766 if (err) {
3767 BT_ERR("smp_s1 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003768 goto done;
Johan Hedbergcfc41982014-12-30 09:50:40 +02003769 }
3770
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003771 err = test_f4(tfm_cmac);
3772 if (err) {
3773 BT_ERR("smp_f4 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003774 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003775 }
3776
3777 err = test_f5(tfm_cmac);
3778 if (err) {
3779 BT_ERR("smp_f5 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003780 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003781 }
3782
3783 err = test_f6(tfm_cmac);
3784 if (err) {
3785 BT_ERR("smp_f6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003786 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003787 }
3788
3789 err = test_g2(tfm_cmac);
3790 if (err) {
3791 BT_ERR("smp_g2 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003792 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003793 }
3794
3795 err = test_h6(tfm_cmac);
3796 if (err) {
3797 BT_ERR("smp_h6 test failed");
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003798 goto done;
Johan Hedbergfb2969a2014-12-30 09:50:41 +02003799 }
3800
Marcel Holtmann255047b2014-12-30 00:11:20 -08003801 rettime = ktime_get();
3802 delta = ktime_sub(rettime, calltime);
3803 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3804
Marcel Holtmann5ced2462015-01-12 23:09:48 -08003805 BT_INFO("SMP test passed in %llu usecs", duration);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003806
Marcel Holtmann64dd3742015-04-01 12:52:13 -07003807done:
3808 if (!err)
3809 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3810 "PASS (%llu usecs)\n", duration);
3811 else
3812 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3813
3814 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3815 &test_smp_fops);
3816
3817 return err;
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003818}
3819
3820int __init bt_selftest_smp(void)
3821{
Herbert Xu71af2f62016-01-24 21:18:30 +08003822 struct crypto_shash *tfm_cmac;
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003823 struct crypto_kpp *tfm_ecdh;
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003824 int err;
3825
Eric Biggers3d234b32018-11-14 12:21:11 -08003826 tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003827 if (IS_ERR(tfm_cmac)) {
3828 BT_ERR("Unable to create CMAC crypto context");
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003829 return PTR_ERR(tfm_cmac);
3830 }
3831
Meng Yu6763f5e2021-03-04 14:35:46 +08003832 tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003833 if (IS_ERR(tfm_ecdh)) {
3834 BT_ERR("Unable to create ECDH crypto context");
3835 crypto_free_shash(tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003836 return PTR_ERR(tfm_ecdh);
3837 }
3838
Ard Biesheuvel28a220aa2019-07-02 21:41:41 +02003839 err = run_selftests(tfm_cmac, tfm_ecdh);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003840
Herbert Xu71af2f62016-01-24 21:18:30 +08003841 crypto_free_shash(tfm_cmac);
Tudor Ambarus47eb2ac2017-09-28 17:14:51 +03003842 crypto_free_kpp(tfm_ecdh);
Johan Hedberg0a2b0f02014-12-30 09:50:39 +02003843
3844 return err;
3845}
3846
3847#endif