diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/smp.c | 48 |
1 files changed, 19 insertions, 29 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 39ca9616d2de..2566a3e43bb5 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -172,13 +172,16 @@ int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa) | |||
| 172 | return 0; | 172 | return 0; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], | 175 | static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7], |
| 176 | u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, | 176 | u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra, |
| 177 | u8 _rat, bdaddr_t *ra, u8 res[16]) | 177 | u8 res[16]) |
| 178 | { | 178 | { |
| 179 | struct hci_dev *hdev = smp->conn->hcon->hdev; | ||
| 179 | u8 p1[16], p2[16]; | 180 | u8 p1[16], p2[16]; |
| 180 | int err; | 181 | int err; |
| 181 | 182 | ||
| 183 | BT_DBG("%s", hdev->name); | ||
| 184 | |||
| 182 | memset(p1, 0, 16); | 185 | memset(p1, 0, 16); |
| 183 | 186 | ||
| 184 | /* p1 = pres || preq || _rat || _iat */ | 187 | /* p1 = pres || preq || _rat || _iat */ |
| @@ -196,7 +199,7 @@ static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], | |||
| 196 | u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); | 199 | u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); |
| 197 | 200 | ||
| 198 | /* res = e(k, res) */ | 201 | /* res = e(k, res) */ |
| 199 | err = smp_e(tfm, k, res); | 202 | err = smp_e(smp->tfm_aes, k, res); |
| 200 | if (err) { | 203 | if (err) { |
| 201 | BT_ERR("Encrypt data error"); | 204 | BT_ERR("Encrypt data error"); |
| 202 | return err; | 205 | return err; |
| @@ -206,23 +209,26 @@ static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], | |||
| 206 | u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); | 209 | u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); |
| 207 | 210 | ||
| 208 | /* res = e(k, res) */ | 211 | /* res = e(k, res) */ |
| 209 | err = smp_e(tfm, k, res); | 212 | err = smp_e(smp->tfm_aes, k, res); |
| 210 | if (err) | 213 | if (err) |
| 211 | BT_ERR("Encrypt data error"); | 214 | BT_ERR("Encrypt data error"); |
| 212 | 215 | ||
| 213 | return err; | 216 | return err; |
| 214 | } | 217 | } |
| 215 | 218 | ||
| 216 | static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16], | 219 | static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16], |
| 217 | u8 r2[16], u8 _r[16]) | 220 | u8 _r[16]) |
| 218 | { | 221 | { |
| 222 | struct hci_dev *hdev = smp->conn->hcon->hdev; | ||
| 219 | int err; | 223 | int err; |
| 220 | 224 | ||
| 225 | BT_DBG("%s", hdev->name); | ||
| 226 | |||
| 221 | /* Just least significant octets from r1 and r2 are considered */ | 227 | /* Just least significant octets from r1 and r2 are considered */ |
| 222 | memcpy(_r, r2, 8); | 228 | memcpy(_r, r2, 8); |
| 223 | memcpy(_r + 8, r1, 8); | 229 | memcpy(_r + 8, r1, 8); |
| 224 | 230 | ||
| 225 | err = smp_e(tfm, k, _r); | 231 | err = smp_e(smp->tfm_aes, k, _r); |
| 226 | if (err) | 232 | if (err) |
| 227 | BT_ERR("Encrypt data error"); | 233 | BT_ERR("Encrypt data error"); |
| 228 | 234 | ||
| @@ -475,23 +481,15 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, | |||
| 475 | static u8 smp_confirm(struct smp_chan *smp) | 481 | static u8 smp_confirm(struct smp_chan *smp) |
| 476 | { | 482 | { |
| 477 | struct l2cap_conn *conn = smp->conn; | 483 | struct l2cap_conn *conn = smp->conn; |
| 478 | struct hci_dev *hdev = conn->hcon->hdev; | ||
| 479 | struct crypto_blkcipher *tfm = hdev->tfm_aes; | ||
| 480 | struct smp_cmd_pairing_confirm cp; | 484 | struct smp_cmd_pairing_confirm cp; |
| 481 | int ret; | 485 | int ret; |
| 482 | 486 | ||
| 483 | BT_DBG("conn %p", conn); | 487 | BT_DBG("conn %p", conn); |
| 484 | 488 | ||
| 485 | /* Prevent mutual access to hdev->tfm_aes */ | 489 | ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp, |
| 486 | hci_dev_lock(hdev); | ||
| 487 | |||
| 488 | ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, | ||
| 489 | conn->hcon->init_addr_type, &conn->hcon->init_addr, | 490 | conn->hcon->init_addr_type, &conn->hcon->init_addr, |
| 490 | conn->hcon->resp_addr_type, &conn->hcon->resp_addr, | 491 | conn->hcon->resp_addr_type, &conn->hcon->resp_addr, |
| 491 | cp.confirm_val); | 492 | cp.confirm_val); |
| 492 | |||
| 493 | hci_dev_unlock(hdev); | ||
| 494 | |||
| 495 | if (ret) | 493 | if (ret) |
| 496 | return SMP_UNSPECIFIED; | 494 | return SMP_UNSPECIFIED; |
| 497 | 495 | ||
| @@ -506,25 +504,17 @@ static u8 smp_random(struct smp_chan *smp) | |||
| 506 | { | 504 | { |
| 507 | struct l2cap_conn *conn = smp->conn; | 505 | struct l2cap_conn *conn = smp->conn; |
| 508 | struct hci_conn *hcon = conn->hcon; | 506 | struct hci_conn *hcon = conn->hcon; |
| 509 | struct hci_dev *hdev = hcon->hdev; | ||
| 510 | struct crypto_blkcipher *tfm = hdev->tfm_aes; | ||
| 511 | u8 confirm[16]; | 507 | u8 confirm[16]; |
| 512 | int ret; | 508 | int ret; |
| 513 | 509 | ||
| 514 | if (IS_ERR_OR_NULL(tfm)) | 510 | if (IS_ERR_OR_NULL(smp->tfm_aes)) |
| 515 | return SMP_UNSPECIFIED; | 511 | return SMP_UNSPECIFIED; |
| 516 | 512 | ||
| 517 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); | 513 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); |
| 518 | 514 | ||
| 519 | /* Prevent mutual access to hdev->tfm_aes */ | 515 | ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp, |
| 520 | hci_dev_lock(hdev); | ||
| 521 | |||
| 522 | ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, | ||
| 523 | hcon->init_addr_type, &hcon->init_addr, | 516 | hcon->init_addr_type, &hcon->init_addr, |
| 524 | hcon->resp_addr_type, &hcon->resp_addr, confirm); | 517 | hcon->resp_addr_type, &hcon->resp_addr, confirm); |
| 525 | |||
| 526 | hci_dev_unlock(hdev); | ||
| 527 | |||
| 528 | if (ret) | 518 | if (ret) |
| 529 | return SMP_UNSPECIFIED; | 519 | return SMP_UNSPECIFIED; |
| 530 | 520 | ||
| @@ -538,7 +528,7 @@ static u8 smp_random(struct smp_chan *smp) | |||
| 538 | __le64 rand = 0; | 528 | __le64 rand = 0; |
| 539 | __le16 ediv = 0; | 529 | __le16 ediv = 0; |
| 540 | 530 | ||
| 541 | smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk); | 531 | smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk); |
| 542 | 532 | ||
| 543 | memset(stk + smp->enc_key_size, 0, | 533 | memset(stk + smp->enc_key_size, 0, |
| 544 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); | 534 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); |
| @@ -556,7 +546,7 @@ static u8 smp_random(struct smp_chan *smp) | |||
| 556 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), | 546 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), |
| 557 | smp->prnd); | 547 | smp->prnd); |
| 558 | 548 | ||
| 559 | smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk); | 549 | smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk); |
| 560 | 550 | ||
| 561 | memset(stk + smp->enc_key_size, 0, | 551 | memset(stk + smp->enc_key_size, 0, |
| 562 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); | 552 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); |