aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/smp.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/smp.c')
-rw-r--r--net/bluetooth/smp.c1543
1 files changed, 1412 insertions, 131 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 069b76e03b57..96bf16dcd9e9 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -29,14 +29,34 @@
29#include <net/bluetooth/l2cap.h> 29#include <net/bluetooth/l2cap.h>
30#include <net/bluetooth/mgmt.h> 30#include <net/bluetooth/mgmt.h>
31 31
32#include "ecc.h"
32#include "smp.h" 33#include "smp.h"
33 34
35/* Low-level debug macros to be used for stuff that we don't want
36 * accidentially in dmesg, i.e. the values of the various crypto keys
37 * and the inputs & outputs of crypto functions.
38 */
39#ifdef DEBUG
40#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
41 ##__VA_ARGS__)
42#else
43#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
44 ##__VA_ARGS__)
45#endif
46
34#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) 47#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 48
49/* Keys which are not distributed with Secure Connections */
50#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
51
36#define SMP_TIMEOUT msecs_to_jiffies(30000) 52#define SMP_TIMEOUT msecs_to_jiffies(30000)
37 53
38#define AUTH_REQ_MASK 0x07 54#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
39#define KEY_DIST_MASK 0x07 55 0x1f : 0x07)
56#define KEY_DIST_MASK 0x07
57
58/* Maximum message length that can be passed to aes_cmac */
59#define CMAC_MSG_MAX 80
40 60
41enum { 61enum {
42 SMP_FLAG_TK_VALID, 62 SMP_FLAG_TK_VALID,
@@ -44,6 +64,12 @@ enum {
44 SMP_FLAG_MITM_AUTH, 64 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE, 65 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR, 66 SMP_FLAG_INITIATOR,
67 SMP_FLAG_SC,
68 SMP_FLAG_REMOTE_PK,
69 SMP_FLAG_DEBUG_KEY,
70 SMP_FLAG_WAIT_USER,
71 SMP_FLAG_DHKEY_PENDING,
72 SMP_FLAG_OOB,
47}; 73};
48 74
49struct smp_chan { 75struct smp_chan {
@@ -57,6 +83,7 @@ struct smp_chan {
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */ 83 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */ 84 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */ 85 u8 tk[16]; /* SMP Temporary Key */
86 u8 rr[16];
60 u8 enc_key_size; 87 u8 enc_key_size;
61 u8 remote_key_dist; 88 u8 remote_key_dist;
62 bdaddr_t id_addr; 89 bdaddr_t id_addr;
@@ -67,9 +94,43 @@ struct smp_chan {
67 struct smp_ltk *ltk; 94 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk; 95 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk; 96 struct smp_irk *remote_irk;
97 u8 *link_key;
70 unsigned long flags; 98 unsigned long flags;
99 u8 method;
100 u8 passkey_round;
101
102 /* Secure Connections variables */
103 u8 local_pk[64];
104 u8 local_sk[32];
105 u8 remote_pk[64];
106 u8 dhkey[32];
107 u8 mackey[16];
71 108
72 struct crypto_blkcipher *tfm_aes; 109 struct crypto_blkcipher *tfm_aes;
110 struct crypto_hash *tfm_cmac;
111};
112
113/* These debug key values are defined in the SMP section of the core
114 * specification. debug_pk is the public debug key and debug_sk the
115 * private debug key.
116 */
117static const u8 debug_pk[64] = {
118 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
122
123 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
127};
128
129static const u8 debug_sk[32] = {
130 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
73}; 134};
74 135
75static inline void swap_buf(const u8 *src, u8 *dst, size_t len) 136static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
@@ -80,14 +141,22 @@ static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
80 dst[len - 1 - i] = src[i]; 141 dst[len - 1 - i] = src[i];
81} 142}
82 143
83static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 144/* The following functions map to the LE SC SMP crypto functions
145 * AES-CMAC, f4, f5, f6, g2 and h6.
146 */
147
148static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
149 size_t len, u8 mac[16])
84{ 150{
85 struct blkcipher_desc desc; 151 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
152 struct hash_desc desc;
86 struct scatterlist sg; 153 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err; 154 int err;
89 155
90 if (tfm == NULL) { 156 if (len > CMAC_MSG_MAX)
157 return -EFBIG;
158
159 if (!tfm) {
91 BT_ERR("tfm %p", tfm); 160 BT_ERR("tfm %p", tfm);
92 return -EINVAL; 161 return -EINVAL;
93 } 162 }
@@ -95,105 +164,233 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
95 desc.tfm = tfm; 164 desc.tfm = tfm;
96 desc.flags = 0; 165 desc.flags = 0;
97 166
98 /* The most significant octet of key corresponds to k[0] */ 167 crypto_hash_init(&desc);
168
169 /* Swap key and message from LSB to MSB */
99 swap_buf(k, tmp, 16); 170 swap_buf(k, tmp, 16);
171 swap_buf(m, msg_msb, len);
100 172
101 err = crypto_blkcipher_setkey(tfm, tmp, 16); 173 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
174 SMP_DBG("key %16phN", k);
175
176 err = crypto_hash_setkey(tfm, tmp, 16);
102 if (err) { 177 if (err) {
103 BT_ERR("cipher setkey failed: %d", err); 178 BT_ERR("cipher setkey failed: %d", err);
104 return err; 179 return err;
105 } 180 }
106 181
107 /* Most significant octet of plaintextData corresponds to data[0] */ 182 sg_init_one(&sg, msg_msb, len);
108 swap_buf(r, data, 16);
109 183
110 sg_init_one(&sg, data, 16); 184 err = crypto_hash_update(&desc, &sg, len);
185 if (err) {
186 BT_ERR("Hash update error %d", err);
187 return err;
188 }
111 189
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 190 err = crypto_hash_final(&desc, mac_msb);
191 if (err) {
192 BT_ERR("Hash final error %d", err);
193 return err;
194 }
195
196 swap_buf(mac_msb, mac, 16);
197
198 SMP_DBG("mac %16phN", mac);
199
200 return 0;
201}
202
203static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
204 const u8 x[16], u8 z, u8 res[16])
205{
206 u8 m[65];
207 int err;
208
209 SMP_DBG("u %32phN", u);
210 SMP_DBG("v %32phN", v);
211 SMP_DBG("x %16phN z %02x", x, z);
212
213 m[0] = z;
214 memcpy(m + 1, v, 32);
215 memcpy(m + 33, u, 32);
216
217 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
113 if (err) 218 if (err)
114 BT_ERR("Encrypt data error %d", err); 219 return err;
115 220
116 /* Most significant octet of encryptedData corresponds to data[0] */ 221 SMP_DBG("res %16phN", res);
117 swap_buf(data, r, 16);
118 222
119 return err; 223 return err;
120} 224}
121 225
122static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) 226static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
227 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
123{ 228{
124 u8 _res[16]; 229 /* The btle, salt and length "magic" values are as defined in
230 * the SMP section of the Bluetooth core specification. In ASCII
231 * the btle value ends up being 'btle'. The salt is just a
232 * random number whereas length is the value 256 in little
233 * endian format.
234 */
235 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
236 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
237 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
238 const u8 length[2] = { 0x00, 0x01 };
239 u8 m[53], t[16];
125 int err; 240 int err;
126 241
127 /* r' = padding || r */ 242 SMP_DBG("w %32phN", w);
128 memcpy(_res, r, 3); 243 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
129 memset(_res + 3, 0, 13); 244 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
130 245
131 err = smp_e(tfm, irk, _res); 246 err = aes_cmac(tfm_cmac, salt, w, 32, t);
132 if (err) { 247 if (err)
133 BT_ERR("Encrypt error");
134 return err; 248 return err;
135 }
136 249
137 /* The output of the random address function ah is: 250 SMP_DBG("t %16phN", t);
138 * ah(h, r) = e(k, r') mod 2^24 251
139 * The output of the security function e is then truncated to 24 bits 252 memcpy(m, length, 2);
140 * by taking the least significant 24 bits of the output of e as the 253 memcpy(m + 2, a2, 7);
141 * result of ah. 254 memcpy(m + 9, a1, 7);
142 */ 255 memcpy(m + 16, n2, 16);
143 memcpy(res, _res, 3); 256 memcpy(m + 32, n1, 16);
257 memcpy(m + 48, btle, 4);
258
259 m[52] = 0; /* Counter */
260
261 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
262 if (err)
263 return err;
264
265 SMP_DBG("mackey %16phN", mackey);
266
267 m[52] = 1; /* Counter */
268
269 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
270 if (err)
271 return err;
272
273 SMP_DBG("ltk %16phN", ltk);
144 274
145 return 0; 275 return 0;
146} 276}
147 277
148bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr) 278static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
279 const u8 n1[16], u8 n2[16], const u8 r[16],
280 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
281 u8 res[16])
149{ 282{
150 struct l2cap_chan *chan = hdev->smp_data; 283 u8 m[65];
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err; 284 int err;
154 285
155 if (!chan || !chan->data) 286 SMP_DBG("w %16phN", w);
156 return false; 287 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
288 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
157 289
158 tfm = chan->data; 290 memcpy(m, a2, 7);
291 memcpy(m + 7, a1, 7);
292 memcpy(m + 14, io_cap, 3);
293 memcpy(m + 17, r, 16);
294 memcpy(m + 33, n2, 16);
295 memcpy(m + 49, n1, 16);
159 296
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); 297 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
298 if (err)
299 return err;
161 300
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash); 301 BT_DBG("res %16phN", res);
302
303 return err;
304}
305
306static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
307 const u8 x[16], const u8 y[16], u32 *val)
308{
309 u8 m[80], tmp[16];
310 int err;
311
312 SMP_DBG("u %32phN", u);
313 SMP_DBG("v %32phN", v);
314 SMP_DBG("x %16phN y %16phN", x, y);
315
316 memcpy(m, y, 16);
317 memcpy(m + 16, v, 32);
318 memcpy(m + 48, u, 32);
319
320 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
163 if (err) 321 if (err)
164 return false; 322 return err;
165 323
166 return !memcmp(bdaddr->b, hash, 3); 324 *val = get_unaligned_le32(tmp);
325 *val %= 1000000;
326
327 SMP_DBG("val %06u", *val);
328
329 return 0;
167} 330}
168 331
169int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa) 332static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
333 const u8 key_id[4], u8 res[16])
170{ 334{
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err; 335 int err;
174 336
175 if (!chan || !chan->data) 337 SMP_DBG("w %16phN key_id %4phN", w, key_id);
176 return -EOPNOTSUPP;
177 338
178 tfm = chan->data; 339 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
340 if (err)
341 return err;
179 342
180 get_random_bytes(&rpa->b[3], 3); 343 SMP_DBG("res %16phN", res);
181 344
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */ 345 return err;
183 rpa->b[5] |= 0x40; /* Set second most significant bit */ 346}
184 347
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); 348/* The following functions map to the legacy SMP crypto functions e, c1,
186 if (err < 0) 349 * s1 and ah.
350 */
351
352static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
353{
354 struct blkcipher_desc desc;
355 struct scatterlist sg;
356 uint8_t tmp[16], data[16];
357 int err;
358
359 if (!tfm) {
360 BT_ERR("tfm %p", tfm);
361 return -EINVAL;
362 }
363
364 desc.tfm = tfm;
365 desc.flags = 0;
366
367 /* The most significant octet of key corresponds to k[0] */
368 swap_buf(k, tmp, 16);
369
370 err = crypto_blkcipher_setkey(tfm, tmp, 16);
371 if (err) {
372 BT_ERR("cipher setkey failed: %d", err);
187 return err; 373 return err;
374 }
188 375
189 BT_DBG("RPA %pMR", rpa); 376 /* Most significant octet of plaintextData corresponds to data[0] */
377 swap_buf(r, data, 16);
190 378
191 return 0; 379 sg_init_one(&sg, data, 16);
380
381 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
382 if (err)
383 BT_ERR("Encrypt data error %d", err);
384
385 /* Most significant octet of encryptedData corresponds to data[0] */
386 swap_buf(data, r, 16);
387
388 return err;
192} 389}
193 390
194static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16], 391static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, 392 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
196 bdaddr_t *ra, u8 res[16]) 393 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
197{ 394{
198 u8 p1[16], p2[16]; 395 u8 p1[16], p2[16];
199 int err; 396 int err;
@@ -232,8 +429,8 @@ static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
232 return err; 429 return err;
233} 430}
234 431
235static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16], 432static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
236 u8 r2[16], u8 _r[16]) 433 const u8 r1[16], const u8 r2[16], u8 _r[16])
237{ 434{
238 int err; 435 int err;
239 436
@@ -248,6 +445,80 @@ static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
248 return err; 445 return err;
249} 446}
250 447
448static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
449 const u8 r[3], u8 res[3])
450{
451 u8 _res[16];
452 int err;
453
454 /* r' = padding || r */
455 memcpy(_res, r, 3);
456 memset(_res + 3, 0, 13);
457
458 err = smp_e(tfm, irk, _res);
459 if (err) {
460 BT_ERR("Encrypt error");
461 return err;
462 }
463
464 /* The output of the random address function ah is:
465 * ah(h, r) = e(k, r') mod 2^24
466 * The output of the security function e is then truncated to 24 bits
467 * by taking the least significant 24 bits of the output of e as the
468 * result of ah.
469 */
470 memcpy(res, _res, 3);
471
472 return 0;
473}
474
475bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
476 const bdaddr_t *bdaddr)
477{
478 struct l2cap_chan *chan = hdev->smp_data;
479 struct crypto_blkcipher *tfm;
480 u8 hash[3];
481 int err;
482
483 if (!chan || !chan->data)
484 return false;
485
486 tfm = chan->data;
487
488 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
489
490 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
491 if (err)
492 return false;
493
494 return !memcmp(bdaddr->b, hash, 3);
495}
496
497int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
498{
499 struct l2cap_chan *chan = hdev->smp_data;
500 struct crypto_blkcipher *tfm;
501 int err;
502
503 if (!chan || !chan->data)
504 return -EOPNOTSUPP;
505
506 tfm = chan->data;
507
508 get_random_bytes(&rpa->b[3], 3);
509
510 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
511 rpa->b[5] |= 0x40; /* Set second most significant bit */
512
513 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
514 if (err < 0)
515 return err;
516
517 BT_DBG("RPA %pMR", rpa);
518
519 return 0;
520}
521
251static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 522static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252{ 523{
253 struct l2cap_chan *chan = conn->smp; 524 struct l2cap_chan *chan = conn->smp;
@@ -282,17 +553,22 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); 553 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283} 554}
284 555
285static __u8 authreq_to_seclevel(__u8 authreq) 556static u8 authreq_to_seclevel(u8 authreq)
286{ 557{
287 if (authreq & SMP_AUTH_MITM) 558 if (authreq & SMP_AUTH_MITM) {
288 return BT_SECURITY_HIGH; 559 if (authreq & SMP_AUTH_SC)
289 else 560 return BT_SECURITY_FIPS;
561 else
562 return BT_SECURITY_HIGH;
563 } else {
290 return BT_SECURITY_MEDIUM; 564 return BT_SECURITY_MEDIUM;
565 }
291} 566}
292 567
293static __u8 seclevel_to_authreq(__u8 sec_level) 568static __u8 seclevel_to_authreq(__u8 sec_level)
294{ 569{
295 switch (sec_level) { 570 switch (sec_level) {
571 case BT_SECURITY_FIPS:
296 case BT_SECURITY_HIGH: 572 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING; 573 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM: 574 case BT_SECURITY_MEDIUM:
@@ -310,7 +586,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
310 struct smp_chan *smp = chan->data; 586 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon; 587 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev; 588 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0; 589 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
314 590
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { 591 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 592 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
@@ -326,24 +602,52 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 602 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY; 603 local_dist |= SMP_DIST_ID_KEY;
328 604
605 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
606 (authreq & SMP_AUTH_SC)) {
607 struct oob_data *oob_data;
608 u8 bdaddr_type;
609
610 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
611 local_dist |= SMP_DIST_LINK_KEY;
612 remote_dist |= SMP_DIST_LINK_KEY;
613 }
614
615 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
616 bdaddr_type = BDADDR_LE_PUBLIC;
617 else
618 bdaddr_type = BDADDR_LE_RANDOM;
619
620 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
621 bdaddr_type);
622 if (oob_data) {
623 set_bit(SMP_FLAG_OOB, &smp->flags);
624 oob_flag = SMP_OOB_PRESENT;
625 memcpy(smp->rr, oob_data->rand256, 16);
626 memcpy(smp->pcnf, oob_data->hash256, 16);
627 }
628
629 } else {
630 authreq &= ~SMP_AUTH_SC;
631 }
632
329 if (rsp == NULL) { 633 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability; 634 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT; 635 req->oob_flag = oob_flag;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 636 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist; 637 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist; 638 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK); 639 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
336 640
337 smp->remote_key_dist = remote_dist; 641 smp->remote_key_dist = remote_dist;
338 return; 642 return;
339 } 643 }
340 644
341 rsp->io_capability = conn->hcon->io_capability; 645 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 646 rsp->oob_flag = oob_flag;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 647 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist; 648 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist; 649 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK); 650 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
347 651
348 smp->remote_key_dist = rsp->init_key_dist; 652 smp->remote_key_dist = rsp->init_key_dist;
349} 653}
@@ -366,6 +670,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
366{ 670{
367 struct l2cap_chan *chan = conn->smp; 671 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data; 672 struct smp_chan *smp = chan->data;
673 struct hci_conn *hcon = conn->hcon;
369 bool complete; 674 bool complete;
370 675
371 BUG_ON(!smp); 676 BUG_ON(!smp);
@@ -373,12 +678,24 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
373 cancel_delayed_work_sync(&smp->security_timer); 678 cancel_delayed_work_sync(&smp->security_timer);
374 679
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 680 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete); 681 mgmt_smp_complete(hcon, complete);
377 682
378 kfree(smp->csrk); 683 kfree(smp->csrk);
379 kfree(smp->slave_csrk); 684 kfree(smp->slave_csrk);
685 kfree(smp->link_key);
380 686
381 crypto_free_blkcipher(smp->tfm_aes); 687 crypto_free_blkcipher(smp->tfm_aes);
688 crypto_free_hash(smp->tfm_cmac);
689
690 /* Ensure that we don't leave any debug key around if debug key
691 * support hasn't been explicitly enabled.
692 */
693 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
694 !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
695 list_del_rcu(&smp->ltk->list);
696 kfree_rcu(smp->ltk, rcu);
697 smp->ltk = NULL;
698 }
382 699
383 /* If pairing failed clean up any keys we might have */ 700 /* If pairing failed clean up any keys we might have */
384 if (!complete) { 701 if (!complete) {
@@ -400,7 +717,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
400 717
401 chan->data = NULL; 718 chan->data = NULL;
402 kfree(smp); 719 kfree(smp);
403 hci_conn_drop(conn->hcon); 720 hci_conn_drop(hcon);
404} 721}
405 722
406static void smp_failure(struct l2cap_conn *conn, u8 reason) 723static void smp_failure(struct l2cap_conn *conn, u8 reason)
@@ -424,6 +741,7 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason)
424#define REQ_PASSKEY 0x02 741#define REQ_PASSKEY 0x02
425#define CFM_PASSKEY 0x03 742#define CFM_PASSKEY 0x03
426#define REQ_OOB 0x04 743#define REQ_OOB 0x04
744#define DSP_PASSKEY 0x05
427#define OVERLAP 0xFF 745#define OVERLAP 0xFF
428 746
429static const u8 gen_method[5][5] = { 747static const u8 gen_method[5][5] = {
@@ -434,6 +752,14 @@ static const u8 gen_method[5][5] = {
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 752 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435}; 753};
436 754
755static const u8 sc_method[5][5] = {
756 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
757 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
758 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
759 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
760 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
761};
762
437static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) 763static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438{ 764{
439 /* If either side has unknown io_caps, use JUST_CFM (which gets 765 /* If either side has unknown io_caps, use JUST_CFM (which gets
@@ -443,6 +769,9 @@ static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
443 remote_io > SMP_IO_KEYBOARD_DISPLAY) 769 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM; 770 return JUST_CFM;
445 771
772 if (test_bit(SMP_FLAG_SC, &smp->flags))
773 return sc_method[remote_io][local_io];
774
446 return gen_method[remote_io][local_io]; 775 return gen_method[remote_io][local_io];
447} 776}
448 777
@@ -452,7 +781,6 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
452 struct hci_conn *hcon = conn->hcon; 781 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp; 782 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data; 783 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0; 784 u32 passkey = 0;
457 int ret = 0; 785 int ret = 0;
458 786
@@ -469,26 +797,28 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
469 * table. 797 * table.
470 */ 798 */
471 if (!(auth & SMP_AUTH_MITM)) 799 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM; 800 smp->method = JUST_CFM;
473 else 801 else
474 method = get_auth_method(smp, local_io, remote_io); 802 smp->method = get_auth_method(smp, local_io, remote_io);
475 803
476 /* Don't confirm locally initiated pairing attempts */ 804 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 805 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
478 method = JUST_WORKS; 806 &smp->flags))
807 smp->method = JUST_WORKS;
479 808
480 /* Don't bother user space with no IO capabilities */ 809 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 810 if (smp->method == JUST_CFM &&
482 method = JUST_WORKS; 811 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
812 smp->method = JUST_WORKS;
483 813
484 /* If Just Works, Continue with Zero TK */ 814 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) { 815 if (smp->method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 816 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0; 817 return 0;
488 } 818 }
489 819
490 /* Not Just Works/Confirm results in MITM Authentication */ 820 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) { 821 if (smp->method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 822 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH) 823 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH; 824 hcon->pending_sec_level = BT_SECURITY_HIGH;
@@ -497,15 +827,15 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
497 /* If both devices have Keyoard-Display I/O, the master 827 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey. 828 * Confirms and the slave Enters the passkey.
499 */ 829 */
500 if (method == OVERLAP) { 830 if (smp->method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER) 831 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY; 832 smp->method = CFM_PASSKEY;
503 else 833 else
504 method = REQ_PASSKEY; 834 smp->method = REQ_PASSKEY;
505 } 835 }
506 836
507 /* Generate random passkey. */ 837 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) { 838 if (smp->method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk)); 839 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey)); 840 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000; 841 passkey %= 1000000;
@@ -514,10 +844,10 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 844 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 } 845 }
516 846
517 if (method == REQ_PASSKEY) 847 if (smp->method == REQ_PASSKEY)
518 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, 848 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
519 hcon->type, hcon->dst_type); 849 hcon->type, hcon->dst_type);
520 else if (method == JUST_CFM) 850 else if (smp->method == JUST_CFM)
521 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, 851 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type, 852 hcon->type, hcon->dst_type,
523 passkey, 1); 853 passkey, 1);
@@ -638,11 +968,13 @@ static void smp_notify_keys(struct l2cap_conn *conn)
638 mgmt_new_irk(hdev, smp->remote_irk); 968 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the 969 /* Now that user space can be considered to know the
640 * identity address track the connection based on it 970 * identity address track the connection based on it
641 * from now on. 971 * from now on (assuming this is an LE link).
642 */ 972 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 973 if (hcon->type == LE_LINK) {
644 hcon->dst_type = smp->remote_irk->addr_type; 974 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
645 queue_work(hdev->workqueue, &conn->id_addr_update_work); 975 hcon->dst_type = smp->remote_irk->addr_type;
976 queue_work(hdev->workqueue, &conn->id_addr_update_work);
977 }
646 978
647 /* When receiving an indentity resolving key for 979 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable 980 * a remote device that does not use a resolvable
@@ -661,10 +993,20 @@ static void smp_notify_keys(struct l2cap_conn *conn)
661 } 993 }
662 } 994 }
663 995
664 /* The LTKs and CSRKs should be persistent only if both sides 996 if (hcon->type == ACL_LINK) {
665 * had the bonding bit set in their authentication requests. 997 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
666 */ 998 persistent = false;
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING); 999 else
1000 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1001 &hcon->flags);
1002 } else {
1003 /* The LTKs and CSRKs should be persistent only if both sides
1004 * had the bonding bit set in their authentication requests.
1005 */
1006 persistent = !!((req->auth_req & rsp->auth_req) &
1007 SMP_AUTH_BONDING);
1008 }
1009
668 1010
669 if (smp->csrk) { 1011 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type; 1012 smp->csrk->bdaddr_type = hcon->dst_type;
@@ -689,6 +1031,81 @@ static void smp_notify_keys(struct l2cap_conn *conn)
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); 1031 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent); 1032 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 } 1033 }
1034
1035 if (smp->link_key) {
1036 struct link_key *key;
1037 u8 type;
1038
1039 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1040 type = HCI_LK_DEBUG_COMBINATION;
1041 else if (hcon->sec_level == BT_SECURITY_FIPS)
1042 type = HCI_LK_AUTH_COMBINATION_P256;
1043 else
1044 type = HCI_LK_UNAUTH_COMBINATION_P256;
1045
1046 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1047 smp->link_key, type, 0, &persistent);
1048 if (key) {
1049 mgmt_new_link_key(hdev, key, persistent);
1050
1051 /* Don't keep debug keys around if the relevant
1052 * flag is not set.
1053 */
1054 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1055 key->type == HCI_LK_DEBUG_COMBINATION) {
1056 list_del_rcu(&key->list);
1057 kfree_rcu(key, rcu);
1058 }
1059 }
1060 }
1061}
1062
1063static void sc_add_ltk(struct smp_chan *smp)
1064{
1065 struct hci_conn *hcon = smp->conn->hcon;
1066 u8 key_type, auth;
1067
1068 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1069 key_type = SMP_LTK_P256_DEBUG;
1070 else
1071 key_type = SMP_LTK_P256;
1072
1073 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1074 auth = 1;
1075 else
1076 auth = 0;
1077
1078 memset(smp->tk + smp->enc_key_size, 0,
1079 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1080
1081 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1082 key_type, auth, smp->tk, smp->enc_key_size,
1083 0, 0);
1084}
1085
1086static void sc_generate_link_key(struct smp_chan *smp)
1087{
1088 /* These constants are as specified in the core specification.
1089 * In ASCII they spell out to 'tmp1' and 'lebr'.
1090 */
1091 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1092 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1093
1094 smp->link_key = kzalloc(16, GFP_KERNEL);
1095 if (!smp->link_key)
1096 return;
1097
1098 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1099 kfree(smp->link_key);
1100 smp->link_key = NULL;
1101 return;
1102 }
1103
1104 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1105 kfree(smp->link_key);
1106 smp->link_key = NULL;
1107 return;
1108 }
692} 1109}
693 1110
694static void smp_allow_key_dist(struct smp_chan *smp) 1111static void smp_allow_key_dist(struct smp_chan *smp)
@@ -705,6 +1122,35 @@ static void smp_allow_key_dist(struct smp_chan *smp)
705 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 1122 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
706} 1123}
707 1124
1125static void sc_generate_ltk(struct smp_chan *smp)
1126{
1127 /* These constants are as specified in the core specification.
1128 * In ASCII they spell out to 'tmp2' and 'brle'.
1129 */
1130 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1131 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1132 struct hci_conn *hcon = smp->conn->hcon;
1133 struct hci_dev *hdev = hcon->hdev;
1134 struct link_key *key;
1135
1136 key = hci_find_link_key(hdev, &hcon->dst);
1137 if (!key) {
1138 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1139 return;
1140 }
1141
1142 if (key->type == HCI_LK_DEBUG_COMBINATION)
1143 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1144
1145 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1146 return;
1147
1148 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1149 return;
1150
1151 sc_add_ltk(smp);
1152}
1153
708static void smp_distribute_keys(struct smp_chan *smp) 1154static void smp_distribute_keys(struct smp_chan *smp)
709{ 1155{
710 struct smp_cmd_pairing *req, *rsp; 1156 struct smp_cmd_pairing *req, *rsp;
@@ -733,6 +1179,16 @@ static void smp_distribute_keys(struct smp_chan *smp)
733 *keydist &= req->resp_key_dist; 1179 *keydist &= req->resp_key_dist;
734 } 1180 }
735 1181
1182 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1183 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1184 sc_generate_link_key(smp);
1185 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1186 sc_generate_ltk(smp);
1187
1188 /* Clear the keys which are generated but not distributed */
1189 *keydist &= ~SMP_SC_NO_DIST;
1190 }
1191
736 BT_DBG("keydist 0x%x", *keydist); 1192 BT_DBG("keydist 0x%x", *keydist);
737 1193
738 if (*keydist & SMP_DIST_ENC_KEY) { 1194 if (*keydist & SMP_DIST_ENC_KEY) {
@@ -844,6 +1300,14 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
844 return NULL; 1300 return NULL;
845 } 1301 }
846 1302
1303 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1304 if (IS_ERR(smp->tfm_cmac)) {
1305 BT_ERR("Unable to create CMAC crypto context");
1306 crypto_free_blkcipher(smp->tfm_aes);
1307 kfree(smp);
1308 return NULL;
1309 }
1310
847 smp->conn = conn; 1311 smp->conn = conn;
848 chan->data = smp; 1312 chan->data = smp;
849 1313
@@ -856,6 +1320,213 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
856 return smp; 1320 return smp;
857} 1321}
858 1322
1323static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1324{
1325 struct hci_conn *hcon = smp->conn->hcon;
1326 u8 *na, *nb, a[7], b[7];
1327
1328 if (hcon->out) {
1329 na = smp->prnd;
1330 nb = smp->rrnd;
1331 } else {
1332 na = smp->rrnd;
1333 nb = smp->prnd;
1334 }
1335
1336 memcpy(a, &hcon->init_addr, 6);
1337 memcpy(b, &hcon->resp_addr, 6);
1338 a[6] = hcon->init_addr_type;
1339 b[6] = hcon->resp_addr_type;
1340
1341 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1342}
1343
1344static void sc_dhkey_check(struct smp_chan *smp)
1345{
1346 struct hci_conn *hcon = smp->conn->hcon;
1347 struct smp_cmd_dhkey_check check;
1348 u8 a[7], b[7], *local_addr, *remote_addr;
1349 u8 io_cap[3], r[16];
1350
1351 memcpy(a, &hcon->init_addr, 6);
1352 memcpy(b, &hcon->resp_addr, 6);
1353 a[6] = hcon->init_addr_type;
1354 b[6] = hcon->resp_addr_type;
1355
1356 if (hcon->out) {
1357 local_addr = a;
1358 remote_addr = b;
1359 memcpy(io_cap, &smp->preq[1], 3);
1360 } else {
1361 local_addr = b;
1362 remote_addr = a;
1363 memcpy(io_cap, &smp->prsp[1], 3);
1364 }
1365
1366 memset(r, 0, sizeof(r));
1367
1368 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1369 put_unaligned_le32(hcon->passkey_notify, r);
1370
1371 if (smp->method == REQ_OOB)
1372 memcpy(r, smp->rr, 16);
1373
1374 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1375 local_addr, remote_addr, check.e);
1376
1377 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1378}
1379
1380static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1381{
1382 struct l2cap_conn *conn = smp->conn;
1383 struct hci_conn *hcon = conn->hcon;
1384 struct smp_cmd_pairing_confirm cfm;
1385 u8 r;
1386
1387 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1388 r |= 0x80;
1389
1390 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1391
1392 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1393 cfm.confirm_val))
1394 return SMP_UNSPECIFIED;
1395
1396 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1397
1398 return 0;
1399}
1400
1401static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1402{
1403 struct l2cap_conn *conn = smp->conn;
1404 struct hci_conn *hcon = conn->hcon;
1405 struct hci_dev *hdev = hcon->hdev;
1406 u8 cfm[16], r;
1407
1408 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1409 if (smp->passkey_round >= 20)
1410 return 0;
1411
1412 switch (smp_op) {
1413 case SMP_CMD_PAIRING_RANDOM:
1414 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1415 r |= 0x80;
1416
1417 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1418 smp->rrnd, r, cfm))
1419 return SMP_UNSPECIFIED;
1420
1421 if (memcmp(smp->pcnf, cfm, 16))
1422 return SMP_CONFIRM_FAILED;
1423
1424 smp->passkey_round++;
1425
1426 if (smp->passkey_round == 20) {
1427 /* Generate MacKey and LTK */
1428 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1429 return SMP_UNSPECIFIED;
1430 }
1431
1432 /* The round is only complete when the initiator
1433 * receives pairing random.
1434 */
1435 if (!hcon->out) {
1436 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1437 sizeof(smp->prnd), smp->prnd);
1438 if (smp->passkey_round == 20)
1439 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1440 else
1441 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1442 return 0;
1443 }
1444
1445 /* Start the next round */
1446 if (smp->passkey_round != 20)
1447 return sc_passkey_round(smp, 0);
1448
1449 /* Passkey rounds are complete - start DHKey Check */
1450 sc_dhkey_check(smp);
1451 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1452
1453 break;
1454
1455 case SMP_CMD_PAIRING_CONFIRM:
1456 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1457 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1458 return 0;
1459 }
1460
1461 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1462
1463 if (hcon->out) {
1464 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1465 sizeof(smp->prnd), smp->prnd);
1466 return 0;
1467 }
1468
1469 return sc_passkey_send_confirm(smp);
1470
1471 case SMP_CMD_PUBLIC_KEY:
1472 default:
1473 /* Initiating device starts the round */
1474 if (!hcon->out)
1475 return 0;
1476
1477 BT_DBG("%s Starting passkey round %u", hdev->name,
1478 smp->passkey_round + 1);
1479
1480 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1481
1482 return sc_passkey_send_confirm(smp);
1483 }
1484
1485 return 0;
1486}
1487
1488static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1489{
1490 struct l2cap_conn *conn = smp->conn;
1491 struct hci_conn *hcon = conn->hcon;
1492 u8 smp_op;
1493
1494 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1495
1496 switch (mgmt_op) {
1497 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1498 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1499 return 0;
1500 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1501 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1502 return 0;
1503 case MGMT_OP_USER_PASSKEY_REPLY:
1504 hcon->passkey_notify = le32_to_cpu(passkey);
1505 smp->passkey_round = 0;
1506
1507 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1508 smp_op = SMP_CMD_PAIRING_CONFIRM;
1509 else
1510 smp_op = 0;
1511
1512 if (sc_passkey_round(smp, smp_op))
1513 return -EIO;
1514
1515 return 0;
1516 }
1517
1518 /* Initiator sends DHKey check first */
1519 if (hcon->out) {
1520 sc_dhkey_check(smp);
1521 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1522 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1523 sc_dhkey_check(smp);
1524 sc_add_ltk(smp);
1525 }
1526
1527 return 0;
1528}
1529
859int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 1530int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
860{ 1531{
861 struct l2cap_conn *conn = hcon->l2cap_data; 1532 struct l2cap_conn *conn = hcon->l2cap_data;
@@ -881,6 +1552,11 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
881 1552
882 smp = chan->data; 1553 smp = chan->data;
883 1554
1555 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1556 err = sc_user_reply(smp, mgmt_op, passkey);
1557 goto unlock;
1558 }
1559
884 switch (mgmt_op) { 1560 switch (mgmt_op) {
885 case MGMT_OP_USER_PASSKEY_REPLY: 1561 case MGMT_OP_USER_PASSKEY_REPLY:
886 value = le32_to_cpu(passkey); 1562 value = le32_to_cpu(passkey);
@@ -916,6 +1592,46 @@ unlock:
916 return err; 1592 return err;
917} 1593}
918 1594
1595static void build_bredr_pairing_cmd(struct smp_chan *smp,
1596 struct smp_cmd_pairing *req,
1597 struct smp_cmd_pairing *rsp)
1598{
1599 struct l2cap_conn *conn = smp->conn;
1600 struct hci_dev *hdev = conn->hcon->hdev;
1601 u8 local_dist = 0, remote_dist = 0;
1602
1603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1604 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1605 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1606 }
1607
1608 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1609 remote_dist |= SMP_DIST_ID_KEY;
1610
1611 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1612 local_dist |= SMP_DIST_ID_KEY;
1613
1614 if (!rsp) {
1615 memset(req, 0, sizeof(*req));
1616
1617 req->init_key_dist = local_dist;
1618 req->resp_key_dist = remote_dist;
1619 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1620
1621 smp->remote_key_dist = remote_dist;
1622
1623 return;
1624 }
1625
1626 memset(rsp, 0, sizeof(*rsp));
1627
1628 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1629 rsp->init_key_dist = req->init_key_dist & remote_dist;
1630 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1631
1632 smp->remote_key_dist = rsp->init_key_dist;
1633}
1634
919static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 1635static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
920{ 1636{
921 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 1637 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
@@ -942,16 +1658,49 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
942 return SMP_UNSPECIFIED; 1658 return SMP_UNSPECIFIED;
943 1659
944 /* We didn't start the pairing, so match remote */ 1660 /* We didn't start the pairing, so match remote */
945 auth = req->auth_req & AUTH_REQ_MASK; 1661 auth = req->auth_req & AUTH_REQ_MASK(hdev);
946 1662
947 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && 1663 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
948 (auth & SMP_AUTH_BONDING)) 1664 (auth & SMP_AUTH_BONDING))
949 return SMP_PAIRING_NOTSUPP; 1665 return SMP_PAIRING_NOTSUPP;
950 1666
1667 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1668 return SMP_AUTH_REQUIREMENTS;
1669
951 smp->preq[0] = SMP_CMD_PAIRING_REQ; 1670 smp->preq[0] = SMP_CMD_PAIRING_REQ;
952 memcpy(&smp->preq[1], req, sizeof(*req)); 1671 memcpy(&smp->preq[1], req, sizeof(*req));
953 skb_pull(skb, sizeof(*req)); 1672 skb_pull(skb, sizeof(*req));
954 1673
1674 /* SMP over BR/EDR requires special treatment */
1675 if (conn->hcon->type == ACL_LINK) {
1676 /* We must have a BR/EDR SC link */
1677 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags))
1678 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1679
1680 set_bit(SMP_FLAG_SC, &smp->flags);
1681
1682 build_bredr_pairing_cmd(smp, req, &rsp);
1683
1684 key_size = min(req->max_key_size, rsp.max_key_size);
1685 if (check_enc_key_size(conn, key_size))
1686 return SMP_ENC_KEY_SIZE;
1687
1688 /* Clear bits which are generated but not distributed */
1689 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1690
1691 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1692 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1693 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1694
1695 smp_distribute_keys(smp);
1696 return 0;
1697 }
1698
1699 build_pairing_cmd(conn, req, &rsp, auth);
1700
1701 if (rsp.auth_req & SMP_AUTH_SC)
1702 set_bit(SMP_FLAG_SC, &smp->flags);
1703
955 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 1704 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
956 sec_level = BT_SECURITY_MEDIUM; 1705 sec_level = BT_SECURITY_MEDIUM;
957 else 1706 else
@@ -970,8 +1719,6 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
970 return SMP_AUTH_REQUIREMENTS; 1719 return SMP_AUTH_REQUIREMENTS;
971 } 1720 }
972 1721
973 build_pairing_cmd(conn, req, &rsp, auth);
974
975 key_size = min(req->max_key_size, rsp.max_key_size); 1722 key_size = min(req->max_key_size, rsp.max_key_size);
976 if (check_enc_key_size(conn, key_size)) 1723 if (check_enc_key_size(conn, key_size))
977 return SMP_ENC_KEY_SIZE; 1724 return SMP_ENC_KEY_SIZE;
@@ -982,7 +1729,18 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
982 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1729 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
983 1730
984 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 1731 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 1732
1733 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1734
1735 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1736 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1737 /* Clear bits which are generated but not distributed */
1738 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1739 /* Wait for Public Key from Initiating Device */
1740 return 0;
1741 } else {
1742 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1743 }
986 1744
987 /* Request setup of TK */ 1745 /* Request setup of TK */
988 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 1746 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
@@ -992,11 +1750,46 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
992 return 0; 1750 return 0;
993} 1751}
994 1752
1753static u8 sc_send_public_key(struct smp_chan *smp)
1754{
1755 struct hci_dev *hdev = smp->conn->hcon->hdev;
1756
1757 BT_DBG("");
1758
1759 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1760 BT_DBG("Using debug keys");
1761 memcpy(smp->local_pk, debug_pk, 64);
1762 memcpy(smp->local_sk, debug_sk, 32);
1763 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1764 } else {
1765 while (true) {
1766 /* Generate local key pair for Secure Connections */
1767 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1768 return SMP_UNSPECIFIED;
1769
1770 /* This is unlikely, but we need to check that
1771 * we didn't accidentially generate a debug key.
1772 */
1773 if (memcmp(smp->local_sk, debug_sk, 32))
1774 break;
1775 }
1776 }
1777
1778 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1779 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1780 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1781
1782 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1783
1784 return 0;
1785}
1786
995static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 1787static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
996{ 1788{
997 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 1789 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
998 struct l2cap_chan *chan = conn->smp; 1790 struct l2cap_chan *chan = conn->smp;
999 struct smp_chan *smp = chan->data; 1791 struct smp_chan *smp = chan->data;
1792 struct hci_dev *hdev = conn->hcon->hdev;
1000 u8 key_size, auth; 1793 u8 key_size, auth;
1001 int ret; 1794 int ret;
1002 1795
@@ -1016,7 +1809,31 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1016 if (check_enc_key_size(conn, key_size)) 1809 if (check_enc_key_size(conn, key_size))
1017 return SMP_ENC_KEY_SIZE; 1810 return SMP_ENC_KEY_SIZE;
1018 1811
1019 auth = rsp->auth_req & AUTH_REQ_MASK; 1812 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1813
1814 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1815 return SMP_AUTH_REQUIREMENTS;
1816
1817 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1818 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1819
1820 /* Update remote key distribution in case the remote cleared
1821 * some bits that we had enabled in our request.
1822 */
1823 smp->remote_key_dist &= rsp->resp_key_dist;
1824
1825 /* For BR/EDR this means we're done and can start phase 3 */
1826 if (conn->hcon->type == ACL_LINK) {
1827 /* Clear bits which are generated but not distributed */
1828 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1829 smp_distribute_keys(smp);
1830 return 0;
1831 }
1832
1833 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1834 set_bit(SMP_FLAG_SC, &smp->flags);
1835 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1836 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1020 1837
1021 /* If we need MITM check that it can be achieved */ 1838 /* If we need MITM check that it can be achieved */
1022 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 1839 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
@@ -1030,14 +1847,18 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1030 1847
1031 get_random_bytes(smp->prnd, sizeof(smp->prnd)); 1848 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1032 1849
1033 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1034 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1035
1036 /* Update remote key distribution in case the remote cleared 1850 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request. 1851 * some bits that we had enabled in our request.
1038 */ 1852 */
1039 smp->remote_key_dist &= rsp->resp_key_dist; 1853 smp->remote_key_dist &= rsp->resp_key_dist;
1040 1854
1855 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1856 /* Clear bits which are generated but not distributed */
1857 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1858 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1859 return sc_send_public_key(smp);
1860 }
1861
1041 auth |= req->auth_req; 1862 auth |= req->auth_req;
1042 1863
1043 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 1864 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
@@ -1053,6 +1874,28 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1053 return 0; 1874 return 0;
1054} 1875}
1055 1876
1877static u8 sc_check_confirm(struct smp_chan *smp)
1878{
1879 struct l2cap_conn *conn = smp->conn;
1880
1881 BT_DBG("");
1882
1883 /* Public Key exchange must happen before any other steps */
1884 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1885 return SMP_UNSPECIFIED;
1886
1887 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1888 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1889
1890 if (conn->hcon->out) {
1891 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1892 smp->prnd);
1893 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1894 }
1895
1896 return 0;
1897}
1898
1056static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 1899static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1057{ 1900{
1058 struct l2cap_chan *chan = conn->smp; 1901 struct l2cap_chan *chan = conn->smp;
@@ -1066,6 +1909,9 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1066 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 1909 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1067 skb_pull(skb, sizeof(smp->pcnf)); 1910 skb_pull(skb, sizeof(smp->pcnf));
1068 1911
1912 if (test_bit(SMP_FLAG_SC, &smp->flags))
1913 return sc_check_confirm(smp);
1914
1069 if (conn->hcon->out) { 1915 if (conn->hcon->out) {
1070 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1916 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1071 smp->prnd); 1917 smp->prnd);
@@ -1085,6 +1931,10 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1085{ 1931{
1086 struct l2cap_chan *chan = conn->smp; 1932 struct l2cap_chan *chan = conn->smp;
1087 struct smp_chan *smp = chan->data; 1933 struct smp_chan *smp = chan->data;
1934 struct hci_conn *hcon = conn->hcon;
1935 u8 *pkax, *pkbx, *na, *nb;
1936 u32 passkey;
1937 int err;
1088 1938
1089 BT_DBG("conn %p", conn); 1939 BT_DBG("conn %p", conn);
1090 1940
@@ -1094,7 +1944,75 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1094 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 1944 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1095 skb_pull(skb, sizeof(smp->rrnd)); 1945 skb_pull(skb, sizeof(smp->rrnd));
1096 1946
1097 return smp_random(smp); 1947 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1948 return smp_random(smp);
1949
1950 if (hcon->out) {
1951 pkax = smp->local_pk;
1952 pkbx = smp->remote_pk;
1953 na = smp->prnd;
1954 nb = smp->rrnd;
1955 } else {
1956 pkax = smp->remote_pk;
1957 pkbx = smp->local_pk;
1958 na = smp->rrnd;
1959 nb = smp->prnd;
1960 }
1961
1962 if (smp->method == REQ_OOB) {
1963 if (!hcon->out)
1964 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1965 sizeof(smp->prnd), smp->prnd);
1966 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1967 goto mackey_and_ltk;
1968 }
1969
1970 /* Passkey entry has special treatment */
1971 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1972 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1973
1974 if (hcon->out) {
1975 u8 cfm[16];
1976
1977 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1978 smp->rrnd, 0, cfm);
1979 if (err)
1980 return SMP_UNSPECIFIED;
1981
1982 if (memcmp(smp->pcnf, cfm, 16))
1983 return SMP_CONFIRM_FAILED;
1984 } else {
1985 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1986 smp->prnd);
1987 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1988 }
1989
1990mackey_and_ltk:
1991 /* Generate MacKey and LTK */
1992 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1993 if (err)
1994 return SMP_UNSPECIFIED;
1995
1996 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
1997 if (hcon->out) {
1998 sc_dhkey_check(smp);
1999 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2000 }
2001 return 0;
2002 }
2003
2004 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2005 if (err)
2006 return SMP_UNSPECIFIED;
2007
2008 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2009 hcon->dst_type, passkey, 0);
2010 if (err)
2011 return SMP_UNSPECIFIED;
2012
2013 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2014
2015 return 0;
1098} 2016}
1099 2017
1100static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 2018static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
@@ -1102,8 +2020,7 @@ static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1102 struct smp_ltk *key; 2020 struct smp_ltk *key;
1103 struct hci_conn *hcon = conn->hcon; 2021 struct hci_conn *hcon = conn->hcon;
1104 2022
1105 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 2023 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
1106 hcon->role);
1107 if (!key) 2024 if (!key)
1108 return false; 2025 return false;
1109 2026
@@ -1136,8 +2053,7 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1136 */ 2053 */
1137 if (key_pref == SMP_USE_LTK && 2054 if (key_pref == SMP_USE_LTK &&
1138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && 2055 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1139 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 2056 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
1140 hcon->role))
1141 return false; 2057 return false;
1142 2058
1143 if (hcon->sec_level >= sec_level) 2059 if (hcon->sec_level >= sec_level)
@@ -1151,6 +2067,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1151 struct smp_cmd_security_req *rp = (void *) skb->data; 2067 struct smp_cmd_security_req *rp = (void *) skb->data;
1152 struct smp_cmd_pairing cp; 2068 struct smp_cmd_pairing cp;
1153 struct hci_conn *hcon = conn->hcon; 2069 struct hci_conn *hcon = conn->hcon;
2070 struct hci_dev *hdev = hcon->hdev;
1154 struct smp_chan *smp; 2071 struct smp_chan *smp;
1155 u8 sec_level, auth; 2072 u8 sec_level, auth;
1156 2073
@@ -1162,7 +2079,10 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1162 if (hcon->role != HCI_ROLE_MASTER) 2079 if (hcon->role != HCI_ROLE_MASTER)
1163 return SMP_CMD_NOTSUPP; 2080 return SMP_CMD_NOTSUPP;
1164 2081
1165 auth = rp->auth_req & AUTH_REQ_MASK; 2082 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2083
2084 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2085 return SMP_AUTH_REQUIREMENTS;
1166 2086
1167 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 2087 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1168 sec_level = BT_SECURITY_MEDIUM; 2088 sec_level = BT_SECURITY_MEDIUM;
@@ -1245,6 +2165,9 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1245 2165
1246 authreq = seclevel_to_authreq(sec_level); 2166 authreq = seclevel_to_authreq(sec_level);
1247 2167
2168 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2169 authreq |= SMP_AUTH_SC;
2170
1248 /* Require MITM if IO Capability allows or the security level 2171 /* Require MITM if IO Capability allows or the security level
1249 * requires it. 2172 * requires it.
1250 */ 2173 */
@@ -1432,6 +2355,234 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1432 return 0; 2355 return 0;
1433} 2356}
1434 2357
2358static u8 sc_select_method(struct smp_chan *smp)
2359{
2360 struct l2cap_conn *conn = smp->conn;
2361 struct hci_conn *hcon = conn->hcon;
2362 struct smp_cmd_pairing *local, *remote;
2363 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2364
2365 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2366 return REQ_OOB;
2367
2368 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2369 * which are needed as inputs to some crypto functions. To get
2370 * the "struct smp_cmd_pairing" from them we need to skip the
2371 * first byte which contains the opcode.
2372 */
2373 if (hcon->out) {
2374 local = (void *) &smp->preq[1];
2375 remote = (void *) &smp->prsp[1];
2376 } else {
2377 local = (void *) &smp->prsp[1];
2378 remote = (void *) &smp->preq[1];
2379 }
2380
2381 local_io = local->io_capability;
2382 remote_io = remote->io_capability;
2383
2384 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2385 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2386
2387 /* If either side wants MITM, look up the method from the table,
2388 * otherwise use JUST WORKS.
2389 */
2390 if (local_mitm || remote_mitm)
2391 method = get_auth_method(smp, local_io, remote_io);
2392 else
2393 method = JUST_WORKS;
2394
2395 /* Don't confirm locally initiated pairing attempts */
2396 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2397 method = JUST_WORKS;
2398
2399 return method;
2400}
2401
2402static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2403{
2404 struct smp_cmd_public_key *key = (void *) skb->data;
2405 struct hci_conn *hcon = conn->hcon;
2406 struct l2cap_chan *chan = conn->smp;
2407 struct smp_chan *smp = chan->data;
2408 struct hci_dev *hdev = hcon->hdev;
2409 struct smp_cmd_pairing_confirm cfm;
2410 int err;
2411
2412 BT_DBG("conn %p", conn);
2413
2414 if (skb->len < sizeof(*key))
2415 return SMP_INVALID_PARAMS;
2416
2417 memcpy(smp->remote_pk, key, 64);
2418
2419 /* Non-initiating device sends its public key after receiving
2420 * the key from the initiating device.
2421 */
2422 if (!hcon->out) {
2423 err = sc_send_public_key(smp);
2424 if (err)
2425 return err;
2426 }
2427
2428 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2429 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2430
2431 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2432 return SMP_UNSPECIFIED;
2433
2434 SMP_DBG("DHKey %32phN", smp->dhkey);
2435
2436 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2437
2438 smp->method = sc_select_method(smp);
2439
2440 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2441
2442 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2443 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2444 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2445 else
2446 hcon->pending_sec_level = BT_SECURITY_FIPS;
2447
2448 if (!memcmp(debug_pk, smp->remote_pk, 64))
2449 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2450
2451 if (smp->method == DSP_PASSKEY) {
2452 get_random_bytes(&hcon->passkey_notify,
2453 sizeof(hcon->passkey_notify));
2454 hcon->passkey_notify %= 1000000;
2455 hcon->passkey_entered = 0;
2456 smp->passkey_round = 0;
2457 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2458 hcon->dst_type,
2459 hcon->passkey_notify,
2460 hcon->passkey_entered))
2461 return SMP_UNSPECIFIED;
2462 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2463 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2464 }
2465
2466 if (smp->method == REQ_OOB) {
2467 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2468 smp->rr, 0, cfm.confirm_val);
2469 if (err)
2470 return SMP_UNSPECIFIED;
2471
2472 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2473 return SMP_CONFIRM_FAILED;
2474
2475 if (hcon->out)
2476 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2477 sizeof(smp->prnd), smp->prnd);
2478
2479 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2480
2481 return 0;
2482 }
2483
2484 if (hcon->out)
2485 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2486
2487 if (smp->method == REQ_PASSKEY) {
2488 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2489 hcon->dst_type))
2490 return SMP_UNSPECIFIED;
2491 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2492 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2493 return 0;
2494 }
2495
2496 /* The Initiating device waits for the non-initiating device to
2497 * send the confirm value.
2498 */
2499 if (conn->hcon->out)
2500 return 0;
2501
2502 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2503 0, cfm.confirm_val);
2504 if (err)
2505 return SMP_UNSPECIFIED;
2506
2507 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2508 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2509
2510 return 0;
2511}
2512
2513static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2514{
2515 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2516 struct l2cap_chan *chan = conn->smp;
2517 struct hci_conn *hcon = conn->hcon;
2518 struct smp_chan *smp = chan->data;
2519 u8 a[7], b[7], *local_addr, *remote_addr;
2520 u8 io_cap[3], r[16], e[16];
2521 int err;
2522
2523 BT_DBG("conn %p", conn);
2524
2525 if (skb->len < sizeof(*check))
2526 return SMP_INVALID_PARAMS;
2527
2528 memcpy(a, &hcon->init_addr, 6);
2529 memcpy(b, &hcon->resp_addr, 6);
2530 a[6] = hcon->init_addr_type;
2531 b[6] = hcon->resp_addr_type;
2532
2533 if (hcon->out) {
2534 local_addr = a;
2535 remote_addr = b;
2536 memcpy(io_cap, &smp->prsp[1], 3);
2537 } else {
2538 local_addr = b;
2539 remote_addr = a;
2540 memcpy(io_cap, &smp->preq[1], 3);
2541 }
2542
2543 memset(r, 0, sizeof(r));
2544
2545 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2546 put_unaligned_le32(hcon->passkey_notify, r);
2547
2548 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2549 io_cap, remote_addr, local_addr, e);
2550 if (err)
2551 return SMP_UNSPECIFIED;
2552
2553 if (memcmp(check->e, e, 16))
2554 return SMP_DHKEY_CHECK_FAILED;
2555
2556 if (!hcon->out) {
2557 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2558 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2559 return 0;
2560 }
2561
2562 /* Slave sends DHKey check as response to master */
2563 sc_dhkey_check(smp);
2564 }
2565
2566 sc_add_ltk(smp);
2567
2568 if (hcon->out) {
2569 hci_le_start_enc(hcon, 0, 0, smp->tk);
2570 hcon->enc_key_size = smp->enc_key_size;
2571 }
2572
2573 return 0;
2574}
2575
2576static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2577 struct sk_buff *skb)
2578{
2579 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2580
2581 BT_DBG("value 0x%02x", kp->value);
2582
2583 return 0;
2584}
2585
1435static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb) 2586static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1436{ 2587{
1437 struct l2cap_conn *conn = chan->conn; 2588 struct l2cap_conn *conn = chan->conn;
@@ -1440,11 +2591,6 @@ static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1440 __u8 code, reason; 2591 __u8 code, reason;
1441 int err = 0; 2592 int err = 0;
1442 2593
1443 if (hcon->type != LE_LINK) {
1444 kfree_skb(skb);
1445 return 0;
1446 }
1447
1448 if (skb->len < 1) 2594 if (skb->len < 1)
1449 return -EILSEQ; 2595 return -EILSEQ;
1450 2596
@@ -1516,6 +2662,18 @@ static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1516 reason = smp_cmd_sign_info(conn, skb); 2662 reason = smp_cmd_sign_info(conn, skb);
1517 break; 2663 break;
1518 2664
2665 case SMP_CMD_PUBLIC_KEY:
2666 reason = smp_cmd_public_key(conn, skb);
2667 break;
2668
2669 case SMP_CMD_DHKEY_CHECK:
2670 reason = smp_cmd_dhkey_check(conn, skb);
2671 break;
2672
2673 case SMP_CMD_KEYPRESS_NOTIFY:
2674 reason = smp_cmd_keypress_notify(conn, skb);
2675 break;
2676
1519 default: 2677 default:
1520 BT_DBG("Unknown command code 0x%2.2x", code); 2678 BT_DBG("Unknown command code 0x%2.2x", code);
1521 reason = SMP_CMD_NOTSUPP; 2679 reason = SMP_CMD_NOTSUPP;
@@ -1551,6 +2709,74 @@ static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1551 l2cap_chan_put(chan); 2709 l2cap_chan_put(chan);
1552} 2710}
1553 2711
2712static void bredr_pairing(struct l2cap_chan *chan)
2713{
2714 struct l2cap_conn *conn = chan->conn;
2715 struct hci_conn *hcon = conn->hcon;
2716 struct hci_dev *hdev = hcon->hdev;
2717 struct smp_cmd_pairing req;
2718 struct smp_chan *smp;
2719
2720 BT_DBG("chan %p", chan);
2721
2722 /* Only new pairings are interesting */
2723 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2724 return;
2725
2726 /* Don't bother if we're not encrypted */
2727 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2728 return;
2729
2730 /* Only master may initiate SMP over BR/EDR */
2731 if (hcon->role != HCI_ROLE_MASTER)
2732 return;
2733
2734 /* Secure Connections support must be enabled */
2735 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2736 return;
2737
2738 /* BR/EDR must use Secure Connections for SMP */
2739 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2740 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2741 return;
2742
2743 /* If our LE support is not enabled don't do anything */
2744 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2745 return;
2746
2747 /* Don't bother if remote LE support is not enabled */
2748 if (!lmp_host_le_capable(hcon))
2749 return;
2750
2751 /* Remote must support SMP fixed chan for BR/EDR */
2752 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2753 return;
2754
2755 /* Don't bother if SMP is already ongoing */
2756 if (chan->data)
2757 return;
2758
2759 smp = smp_chan_create(conn);
2760 if (!smp) {
2761 BT_ERR("%s unable to create SMP context for BR/EDR",
2762 hdev->name);
2763 return;
2764 }
2765
2766 set_bit(SMP_FLAG_SC, &smp->flags);
2767
2768 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2769
2770 /* Prepare and send the BR/EDR SMP Pairing Request */
2771 build_bredr_pairing_cmd(smp, &req, NULL);
2772
2773 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2774 memcpy(&smp->preq[1], &req, sizeof(req));
2775
2776 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2777 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2778}
2779
1554static void smp_resume_cb(struct l2cap_chan *chan) 2780static void smp_resume_cb(struct l2cap_chan *chan)
1555{ 2781{
1556 struct smp_chan *smp = chan->data; 2782 struct smp_chan *smp = chan->data;
@@ -1559,6 +2785,11 @@ static void smp_resume_cb(struct l2cap_chan *chan)
1559 2785
1560 BT_DBG("chan %p", chan); 2786 BT_DBG("chan %p", chan);
1561 2787
2788 if (hcon->type == ACL_LINK) {
2789 bredr_pairing(chan);
2790 return;
2791 }
2792
1562 if (!smp) 2793 if (!smp)
1563 return; 2794 return;
1564 2795
@@ -1573,11 +2804,15 @@ static void smp_resume_cb(struct l2cap_chan *chan)
1573static void smp_ready_cb(struct l2cap_chan *chan) 2804static void smp_ready_cb(struct l2cap_chan *chan)
1574{ 2805{
1575 struct l2cap_conn *conn = chan->conn; 2806 struct l2cap_conn *conn = chan->conn;
2807 struct hci_conn *hcon = conn->hcon;
1576 2808
1577 BT_DBG("chan %p", chan); 2809 BT_DBG("chan %p", chan);
1578 2810
1579 conn->smp = chan; 2811 conn->smp = chan;
1580 l2cap_chan_hold(chan); 2812 l2cap_chan_hold(chan);
2813
2814 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2815 bredr_pairing(chan);
1581} 2816}
1582 2817
1583static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 2818static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
@@ -1682,34 +2917,40 @@ static const struct l2cap_ops smp_root_chan_ops = {
1682 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 2917 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1683}; 2918};
1684 2919
1685int smp_register(struct hci_dev *hdev) 2920static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
1686{ 2921{
1687 struct l2cap_chan *chan; 2922 struct l2cap_chan *chan;
1688 struct crypto_blkcipher *tfm_aes; 2923 struct crypto_blkcipher *tfm_aes;
1689 2924
1690 BT_DBG("%s", hdev->name); 2925 if (cid == L2CAP_CID_SMP_BREDR) {
2926 tfm_aes = NULL;
2927 goto create_chan;
2928 }
1691 2929
1692 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); 2930 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1693 if (IS_ERR(tfm_aes)) { 2931 if (IS_ERR(tfm_aes)) {
1694 int err = PTR_ERR(tfm_aes);
1695 BT_ERR("Unable to create crypto context"); 2932 BT_ERR("Unable to create crypto context");
1696 return err; 2933 return ERR_PTR(PTR_ERR(tfm_aes));
1697 } 2934 }
1698 2935
2936create_chan:
1699 chan = l2cap_chan_create(); 2937 chan = l2cap_chan_create();
1700 if (!chan) { 2938 if (!chan) {
1701 crypto_free_blkcipher(tfm_aes); 2939 crypto_free_blkcipher(tfm_aes);
1702 return -ENOMEM; 2940 return ERR_PTR(-ENOMEM);
1703 } 2941 }
1704 2942
1705 chan->data = tfm_aes; 2943 chan->data = tfm_aes;
1706 2944
1707 l2cap_add_scid(chan, L2CAP_CID_SMP); 2945 l2cap_add_scid(chan, cid);
1708 2946
1709 l2cap_chan_set_defaults(chan); 2947 l2cap_chan_set_defaults(chan);
1710 2948
1711 bacpy(&chan->src, &hdev->bdaddr); 2949 bacpy(&chan->src, &hdev->bdaddr);
1712 chan->src_type = BDADDR_LE_PUBLIC; 2950 if (cid == L2CAP_CID_SMP)
2951 chan->src_type = BDADDR_LE_PUBLIC;
2952 else
2953 chan->src_type = BDADDR_BREDR;
1713 chan->state = BT_LISTEN; 2954 chan->state = BT_LISTEN;
1714 chan->mode = L2CAP_MODE_BASIC; 2955 chan->mode = L2CAP_MODE_BASIC;
1715 chan->imtu = L2CAP_DEFAULT_MTU; 2956 chan->imtu = L2CAP_DEFAULT_MTU;
@@ -1718,20 +2959,14 @@ int smp_register(struct hci_dev *hdev)
1718 /* Set correct nesting level for a parent/listening channel */ 2959 /* Set correct nesting level for a parent/listening channel */
1719 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 2960 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1720 2961
1721 hdev->smp_data = chan; 2962 return chan;
1722
1723 return 0;
1724} 2963}
1725 2964
1726void smp_unregister(struct hci_dev *hdev) 2965static void smp_del_chan(struct l2cap_chan *chan)
1727{ 2966{
1728 struct l2cap_chan *chan = hdev->smp_data; 2967 struct crypto_blkcipher *tfm_aes;
1729 struct crypto_blkcipher *tfm_aes;
1730
1731 if (!chan)
1732 return;
1733 2968
1734 BT_DBG("%s chan %p", hdev->name, chan); 2969 BT_DBG("chan %p", chan);
1735 2970
1736 tfm_aes = chan->data; 2971 tfm_aes = chan->data;
1737 if (tfm_aes) { 2972 if (tfm_aes) {
@@ -1739,6 +2974,52 @@ void smp_unregister(struct hci_dev *hdev)
1739 crypto_free_blkcipher(tfm_aes); 2974 crypto_free_blkcipher(tfm_aes);
1740 } 2975 }
1741 2976
1742 hdev->smp_data = NULL;
1743 l2cap_chan_put(chan); 2977 l2cap_chan_put(chan);
1744} 2978}
2979
2980int smp_register(struct hci_dev *hdev)
2981{
2982 struct l2cap_chan *chan;
2983
2984 BT_DBG("%s", hdev->name);
2985
2986 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
2987 if (IS_ERR(chan))
2988 return PTR_ERR(chan);
2989
2990 hdev->smp_data = chan;
2991
2992 if (!lmp_sc_capable(hdev) &&
2993 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2994 return 0;
2995
2996 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
2997 if (IS_ERR(chan)) {
2998 int err = PTR_ERR(chan);
2999 chan = hdev->smp_data;
3000 hdev->smp_data = NULL;
3001 smp_del_chan(chan);
3002 return err;
3003 }
3004
3005 hdev->smp_bredr_data = chan;
3006
3007 return 0;
3008}
3009
3010void smp_unregister(struct hci_dev *hdev)
3011{
3012 struct l2cap_chan *chan;
3013
3014 if (hdev->smp_bredr_data) {
3015 chan = hdev->smp_bredr_data;
3016 hdev->smp_bredr_data = NULL;
3017 smp_del_chan(chan);
3018 }
3019
3020 if (hdev->smp_data) {
3021 chan = hdev->smp_data;
3022 hdev->smp_data = NULL;
3023 smp_del_chan(chan);
3024 }
3025}
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-12 01:01:23 -0500