2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/debugfs.h>
24 #include <linux/crypto.h>
25 #include <linux/scatterlist.h>
26 #include <crypto/b128ops.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31 #include <net/bluetooth/mgmt.h>
36 #define SMP_DEV(hdev) \
37 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
39 /* Low-level debug macros to be used for stuff that we don't want
40 * accidentially in dmesg, i.e. the values of the various crypto keys
41 * and the inputs & outputs of crypto functions.
44 #define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
47 #define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
51 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
53 /* Keys which are not distributed with Secure Connections */
54 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
56 #define SMP_TIMEOUT msecs_to_jiffies(30000)
58 #define AUTH_REQ_MASK(dev) (hci_dev_test_flag(dev, HCI_SC_ENABLED) ? \
60 #define KEY_DIST_MASK 0x07
62 /* Maximum message length that can be passed to aes_cmac */
63 #define CMAC_MSG_MAX 80
75 SMP_FLAG_DHKEY_PENDING,
81 /* Secure Connections OOB data */
90 struct crypto_blkcipher *tfm_aes;
91 struct crypto_hash *tfm_cmac;
95 struct l2cap_conn *conn;
96 struct delayed_work security_timer;
97 unsigned long allow_cmd; /* Bitmask of allowed commands */
99 u8 preq[7]; /* SMP Pairing Request */
100 u8 prsp[7]; /* SMP Pairing Response */
101 u8 prnd[16]; /* SMP Pairing Random (local) */
102 u8 rrnd[16]; /* SMP Pairing Random (remote) */
103 u8 pcnf[16]; /* SMP Pairing Confirm */
104 u8 tk[16]; /* SMP Temporary Key */
105 u8 rr[16]; /* Remote OOB ra/rb value */
106 u8 lr[16]; /* Local OOB ra/rb value */
112 struct smp_csrk *csrk;
113 struct smp_csrk *slave_csrk;
115 struct smp_ltk *slave_ltk;
116 struct smp_irk *remote_irk;
122 /* Secure Connections variables */
129 struct crypto_blkcipher *tfm_aes;
130 struct crypto_hash *tfm_cmac;
133 /* These debug key values are defined in the SMP section of the core
134 * specification. debug_pk is the public debug key and debug_sk the
137 static const u8 debug_pk[64] = {
138 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
139 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
140 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
141 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
143 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
144 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
145 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
146 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
149 static const u8 debug_sk[32] = {
150 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
151 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
152 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
153 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
156 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
160 for (i = 0; i < len; i++)
161 dst[len - 1 - i] = src[i];
164 /* The following functions map to the LE SC SMP crypto functions
165 * AES-CMAC, f4, f5, f6, g2 and h6.
168 static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
169 size_t len, u8 mac[16])
171 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
172 struct hash_desc desc;
173 struct scatterlist sg;
176 if (len > CMAC_MSG_MAX)
180 BT_ERR("tfm %p", tfm);
187 crypto_hash_init(&desc);
189 /* Swap key and message from LSB to MSB */
190 swap_buf(k, tmp, 16);
191 swap_buf(m, msg_msb, len);
193 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
194 SMP_DBG("key %16phN", k);
196 err = crypto_hash_setkey(tfm, tmp, 16);
198 BT_ERR("cipher setkey failed: %d", err);
202 sg_init_one(&sg, msg_msb, len);
204 err = crypto_hash_update(&desc, &sg, len);
206 BT_ERR("Hash update error %d", err);
210 err = crypto_hash_final(&desc, mac_msb);
212 BT_ERR("Hash final error %d", err);
216 swap_buf(mac_msb, mac, 16);
218 SMP_DBG("mac %16phN", mac);
223 static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
224 const u8 x[16], u8 z, u8 res[16])
229 SMP_DBG("u %32phN", u);
230 SMP_DBG("v %32phN", v);
231 SMP_DBG("x %16phN z %02x", x, z);
234 memcpy(m + 1, v, 32);
235 memcpy(m + 33, u, 32);
237 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
241 SMP_DBG("res %16phN", res);
246 static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
247 const u8 n1[16], const u8 n2[16], const u8 a1[7],
248 const u8 a2[7], u8 mackey[16], u8 ltk[16])
250 /* The btle, salt and length "magic" values are as defined in
251 * the SMP section of the Bluetooth core specification. In ASCII
252 * the btle value ends up being 'btle'. The salt is just a
253 * random number whereas length is the value 256 in little
256 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
257 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
258 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
259 const u8 length[2] = { 0x00, 0x01 };
263 SMP_DBG("w %32phN", w);
264 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
265 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
267 err = aes_cmac(tfm_cmac, salt, w, 32, t);
271 SMP_DBG("t %16phN", t);
273 memcpy(m, length, 2);
274 memcpy(m + 2, a2, 7);
275 memcpy(m + 9, a1, 7);
276 memcpy(m + 16, n2, 16);
277 memcpy(m + 32, n1, 16);
278 memcpy(m + 48, btle, 4);
280 m[52] = 0; /* Counter */
282 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
286 SMP_DBG("mackey %16phN", mackey);
288 m[52] = 1; /* Counter */
290 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
294 SMP_DBG("ltk %16phN", ltk);
299 static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
300 const u8 n1[16], const u8 n2[16], const u8 r[16],
301 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
307 SMP_DBG("w %16phN", w);
308 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
309 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
312 memcpy(m + 7, a1, 7);
313 memcpy(m + 14, io_cap, 3);
314 memcpy(m + 17, r, 16);
315 memcpy(m + 33, n2, 16);
316 memcpy(m + 49, n1, 16);
318 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
322 SMP_DBG("res %16phN", res);
327 static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
328 const u8 x[16], const u8 y[16], u32 *val)
333 SMP_DBG("u %32phN", u);
334 SMP_DBG("v %32phN", v);
335 SMP_DBG("x %16phN y %16phN", x, y);
338 memcpy(m + 16, v, 32);
339 memcpy(m + 48, u, 32);
341 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
345 *val = get_unaligned_le32(tmp);
348 SMP_DBG("val %06u", *val);
353 static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
358 SMP_DBG("w %16phN key_id %4phN", w, key_id);
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
364 SMP_DBG("res %16phN", res);
369 /* The following functions map to the legacy SMP crypto functions e, c1,
373 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
375 struct blkcipher_desc desc;
376 struct scatterlist sg;
377 uint8_t tmp[16], data[16];
380 SMP_DBG("k %16phN r %16phN", k, r);
383 BT_ERR("tfm %p", tfm);
390 /* The most significant octet of key corresponds to k[0] */
391 swap_buf(k, tmp, 16);
393 err = crypto_blkcipher_setkey(tfm, tmp, 16);
395 BT_ERR("cipher setkey failed: %d", err);
399 /* Most significant octet of plaintextData corresponds to data[0] */
400 swap_buf(r, data, 16);
402 sg_init_one(&sg, data, 16);
404 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
406 BT_ERR("Encrypt data error %d", err);
408 /* Most significant octet of encryptedData corresponds to data[0] */
409 swap_buf(data, r, 16);
411 SMP_DBG("r %16phN", r);
416 static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
417 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
418 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
423 SMP_DBG("k %16phN r %16phN", k, r);
424 SMP_DBG("iat %u ia %6phN rat %u ra %6phN", _iat, ia, _rat, ra);
425 SMP_DBG("preq %7phN pres %7phN", preq, pres);
429 /* p1 = pres || preq || _rat || _iat */
432 memcpy(p1 + 2, preq, 7);
433 memcpy(p1 + 9, pres, 7);
435 SMP_DBG("p1 %16phN", p1);
438 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
440 /* res = e(k, res) */
441 err = smp_e(tfm_aes, k, res);
443 BT_ERR("Encrypt data error");
447 /* p2 = padding || ia || ra */
449 memcpy(p2 + 6, ia, 6);
450 memset(p2 + 12, 0, 4);
452 SMP_DBG("p2 %16phN", p2);
454 /* res = res XOR p2 */
455 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
457 /* res = e(k, res) */
458 err = smp_e(tfm_aes, k, res);
460 BT_ERR("Encrypt data error");
465 static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
466 const u8 r1[16], const u8 r2[16], u8 _r[16])
470 /* Just least significant octets from r1 and r2 are considered */
472 memcpy(_r + 8, r1, 8);
474 err = smp_e(tfm_aes, k, _r);
476 BT_ERR("Encrypt data error");
481 static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
482 const u8 r[3], u8 res[3])
487 /* r' = padding || r */
489 memset(_res + 3, 0, 13);
491 err = smp_e(tfm, irk, _res);
493 BT_ERR("Encrypt error");
497 /* The output of the random address function ah is:
498 * ah(k, r) = e(k, r') mod 2^24
499 * The output of the security function e is then truncated to 24 bits
500 * by taking the least significant 24 bits of the output of e as the
503 memcpy(res, _res, 3);
508 bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
509 const bdaddr_t *bdaddr)
511 struct l2cap_chan *chan = hdev->smp_data;
516 if (!chan || !chan->data)
521 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
523 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
527 return !memcmp(bdaddr->b, hash, 3);
530 int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
532 struct l2cap_chan *chan = hdev->smp_data;
536 if (!chan || !chan->data)
541 get_random_bytes(&rpa->b[3], 3);
543 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
544 rpa->b[5] |= 0x40; /* Set second most significant bit */
546 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
550 BT_DBG("RPA %pMR", rpa);
555 int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16])
557 struct l2cap_chan *chan = hdev->smp_data;
561 if (!chan || !chan->data)
566 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
567 BT_DBG("Using debug keys");
568 memcpy(smp->local_pk, debug_pk, 64);
569 memcpy(smp->local_sk, debug_sk, 32);
570 smp->debug_key = true;
573 /* Generate local key pair for Secure Connections */
574 if (!ecc_make_key(smp->local_pk, smp->local_sk))
577 /* This is unlikely, but we need to check that
578 * we didn't accidentially generate a debug key.
580 if (memcmp(smp->local_sk, debug_sk, 32))
583 smp->debug_key = false;
586 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk);
587 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
588 SMP_DBG("OOB Private Key: %32phN", smp->local_sk);
590 get_random_bytes(smp->local_rand, 16);
592 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
593 smp->local_rand, 0, hash);
597 memcpy(rand, smp->local_rand, 16);
602 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
604 struct l2cap_chan *chan = conn->smp;
605 struct smp_chan *smp;
612 BT_DBG("code 0x%2.2x", code);
614 iv[0].iov_base = &code;
617 iv[1].iov_base = data;
620 memset(&msg, 0, sizeof(msg));
622 iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
624 l2cap_chan_send(chan, &msg, 1 + len);
631 cancel_delayed_work_sync(&smp->security_timer);
632 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
635 static u8 authreq_to_seclevel(u8 authreq)
637 if (authreq & SMP_AUTH_MITM) {
638 if (authreq & SMP_AUTH_SC)
639 return BT_SECURITY_FIPS;
641 return BT_SECURITY_HIGH;
643 return BT_SECURITY_MEDIUM;
647 static __u8 seclevel_to_authreq(__u8 sec_level)
650 case BT_SECURITY_FIPS:
651 case BT_SECURITY_HIGH:
652 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
653 case BT_SECURITY_MEDIUM:
654 return SMP_AUTH_BONDING;
656 return SMP_AUTH_NONE;
660 static void build_pairing_cmd(struct l2cap_conn *conn,
661 struct smp_cmd_pairing *req,
662 struct smp_cmd_pairing *rsp, __u8 authreq)
664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
668 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
670 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
671 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
672 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
673 authreq |= SMP_AUTH_BONDING;
675 authreq &= ~SMP_AUTH_BONDING;
678 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
679 remote_dist |= SMP_DIST_ID_KEY;
681 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
682 local_dist |= SMP_DIST_ID_KEY;
684 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
685 (authreq & SMP_AUTH_SC)) {
686 struct oob_data *oob_data;
689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
690 local_dist |= SMP_DIST_LINK_KEY;
691 remote_dist |= SMP_DIST_LINK_KEY;
694 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
695 bdaddr_type = BDADDR_LE_PUBLIC;
697 bdaddr_type = BDADDR_LE_RANDOM;
699 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
701 if (oob_data && oob_data->present) {
702 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags);
703 oob_flag = SMP_OOB_PRESENT;
704 memcpy(smp->rr, oob_data->rand256, 16);
705 memcpy(smp->pcnf, oob_data->hash256, 16);
706 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf);
707 SMP_DBG("OOB Remote Random: %16phN", smp->rr);
711 authreq &= ~SMP_AUTH_SC;
715 req->io_capability = conn->hcon->io_capability;
716 req->oob_flag = oob_flag;
717 req->max_key_size = SMP_DEV(hdev)->max_key_size;
718 req->init_key_dist = local_dist;
719 req->resp_key_dist = remote_dist;
720 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
722 smp->remote_key_dist = remote_dist;
726 rsp->io_capability = conn->hcon->io_capability;
727 rsp->oob_flag = oob_flag;
728 rsp->max_key_size = SMP_DEV(hdev)->max_key_size;
729 rsp->init_key_dist = req->init_key_dist & remote_dist;
730 rsp->resp_key_dist = req->resp_key_dist & local_dist;
731 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
733 smp->remote_key_dist = rsp->init_key_dist;
736 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
738 struct l2cap_chan *chan = conn->smp;
739 struct hci_dev *hdev = conn->hcon->hdev;
740 struct smp_chan *smp = chan->data;
742 if (max_key_size > SMP_DEV(hdev)->max_key_size ||
743 max_key_size < SMP_MIN_ENC_KEY_SIZE)
744 return SMP_ENC_KEY_SIZE;
746 smp->enc_key_size = max_key_size;
751 static void smp_chan_destroy(struct l2cap_conn *conn)
753 struct l2cap_chan *chan = conn->smp;
754 struct smp_chan *smp = chan->data;
755 struct hci_conn *hcon = conn->hcon;
760 cancel_delayed_work_sync(&smp->security_timer);
762 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
763 mgmt_smp_complete(hcon, complete);
766 kzfree(smp->slave_csrk);
767 kzfree(smp->link_key);
769 crypto_free_blkcipher(smp->tfm_aes);
770 crypto_free_hash(smp->tfm_cmac);
772 /* Ensure that we don't leave any debug key around if debug key
773 * support hasn't been explicitly enabled.
775 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
776 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {
777 list_del_rcu(&smp->ltk->list);
778 kfree_rcu(smp->ltk, rcu);
782 /* If pairing failed clean up any keys we might have */
785 list_del_rcu(&smp->ltk->list);
786 kfree_rcu(smp->ltk, rcu);
789 if (smp->slave_ltk) {
790 list_del_rcu(&smp->slave_ltk->list);
791 kfree_rcu(smp->slave_ltk, rcu);
794 if (smp->remote_irk) {
795 list_del_rcu(&smp->remote_irk->list);
796 kfree_rcu(smp->remote_irk, rcu);
805 static void smp_failure(struct l2cap_conn *conn, u8 reason)
807 struct hci_conn *hcon = conn->hcon;
808 struct l2cap_chan *chan = conn->smp;
811 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
814 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
817 smp_chan_destroy(conn);
820 #define JUST_WORKS 0x00
821 #define JUST_CFM 0x01
822 #define REQ_PASSKEY 0x02
823 #define CFM_PASSKEY 0x03
825 #define DSP_PASSKEY 0x05
828 static const u8 gen_method[5][5] = {
829 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
830 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
831 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
832 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
833 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
836 static const u8 sc_method[5][5] = {
837 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
838 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
839 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
840 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
841 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
844 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
846 /* If either side has unknown io_caps, use JUST_CFM (which gets
847 * converted later to JUST_WORKS if we're initiators.
849 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
850 remote_io > SMP_IO_KEYBOARD_DISPLAY)
853 if (test_bit(SMP_FLAG_SC, &smp->flags))
854 return sc_method[remote_io][local_io];
856 return gen_method[remote_io][local_io];
859 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
860 u8 local_io, u8 remote_io)
862 struct hci_conn *hcon = conn->hcon;
863 struct l2cap_chan *chan = conn->smp;
864 struct smp_chan *smp = chan->data;
868 /* Initialize key for JUST WORKS */
869 memset(smp->tk, 0, sizeof(smp->tk));
870 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
872 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
874 /* If neither side wants MITM, either "just" confirm an incoming
875 * request or use just-works for outgoing ones. The JUST_CFM
876 * will be converted to JUST_WORKS if necessary later in this
877 * function. If either side has MITM look up the method from the
880 if (!(auth & SMP_AUTH_MITM))
881 smp->method = JUST_CFM;
883 smp->method = get_auth_method(smp, local_io, remote_io);
885 /* Don't confirm locally initiated pairing attempts */
886 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
888 smp->method = JUST_WORKS;
890 /* Don't bother user space with no IO capabilities */
891 if (smp->method == JUST_CFM &&
892 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
893 smp->method = JUST_WORKS;
895 /* If Just Works, Continue with Zero TK */
896 if (smp->method == JUST_WORKS) {
897 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
901 /* If this function is used for SC -> legacy fallback we
902 * can only recover the just-works case.
904 if (test_bit(SMP_FLAG_SC, &smp->flags))
907 /* Not Just Works/Confirm results in MITM Authentication */
908 if (smp->method != JUST_CFM) {
909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
910 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
911 hcon->pending_sec_level = BT_SECURITY_HIGH;
914 /* If both devices have Keyoard-Display I/O, the master
915 * Confirms and the slave Enters the passkey.
917 if (smp->method == OVERLAP) {
918 if (hcon->role == HCI_ROLE_MASTER)
919 smp->method = CFM_PASSKEY;
921 smp->method = REQ_PASSKEY;
924 /* Generate random passkey. */
925 if (smp->method == CFM_PASSKEY) {
926 memset(smp->tk, 0, sizeof(smp->tk));
927 get_random_bytes(&passkey, sizeof(passkey));
929 put_unaligned_le32(passkey, smp->tk);
930 BT_DBG("PassKey: %d", passkey);
931 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
934 if (smp->method == REQ_PASSKEY)
935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
936 hcon->type, hcon->dst_type);
937 else if (smp->method == JUST_CFM)
938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
939 hcon->type, hcon->dst_type,
942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
943 hcon->type, hcon->dst_type,
949 static u8 smp_confirm(struct smp_chan *smp)
951 struct l2cap_conn *conn = smp->conn;
952 struct smp_cmd_pairing_confirm cp;
955 BT_DBG("conn %p", conn);
957 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
958 conn->hcon->init_addr_type, &conn->hcon->init_addr,
959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
962 return SMP_UNSPECIFIED;
964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
969 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
971 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
976 static u8 smp_random(struct smp_chan *smp)
978 struct l2cap_conn *conn = smp->conn;
979 struct hci_conn *hcon = conn->hcon;
983 if (IS_ERR_OR_NULL(smp->tfm_aes))
984 return SMP_UNSPECIFIED;
986 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
988 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
989 hcon->init_addr_type, &hcon->init_addr,
990 hcon->resp_addr_type, &hcon->resp_addr, confirm);
992 return SMP_UNSPECIFIED;
994 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
995 BT_ERR("Pairing failed (confirmation values mismatch)");
996 return SMP_CONFIRM_FAILED;
1004 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1006 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1007 return SMP_UNSPECIFIED;
1009 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);
1010 hcon->enc_key_size = smp->enc_key_size;
1011 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1017 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1020 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1022 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1027 /* Even though there's no _SLAVE suffix this is the
1028 * slave STK we're adding for later lookup (the master
1029 * STK never needs to be stored).
1031 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1032 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
1038 static void smp_notify_keys(struct l2cap_conn *conn)
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042 struct hci_conn *hcon = conn->hcon;
1043 struct hci_dev *hdev = hcon->hdev;
1044 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1045 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1048 if (hcon->type == ACL_LINK) {
1049 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
1052 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1055 /* The LTKs, IRKs and CSRKs should be persistent only if
1056 * both sides had the bonding bit set in their
1057 * authentication requests.
1059 persistent = !!((req->auth_req & rsp->auth_req) &
1063 if (smp->remote_irk) {
1064 mgmt_new_irk(hdev, smp->remote_irk, persistent);
1066 /* Now that user space can be considered to know the
1067 * identity address track the connection based on it
1068 * from now on (assuming this is an LE link).
1070 if (hcon->type == LE_LINK) {
1071 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1072 hcon->dst_type = smp->remote_irk->addr_type;
1073 queue_work(hdev->workqueue, &conn->id_addr_update_work);
1076 /* When receiving an indentity resolving key for
1077 * a remote device that does not use a resolvable
1078 * private address, just remove the key so that
1079 * it is possible to use the controller white
1080 * list for scanning.
1082 * Userspace will have been told to not store
1083 * this key at this point. So it is safe to
1086 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1087 list_del_rcu(&smp->remote_irk->list);
1088 kfree_rcu(smp->remote_irk, rcu);
1089 smp->remote_irk = NULL;
1094 smp->csrk->bdaddr_type = hcon->dst_type;
1095 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1096 mgmt_new_csrk(hdev, smp->csrk, persistent);
1099 if (smp->slave_csrk) {
1100 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1101 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1102 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1106 smp->ltk->bdaddr_type = hcon->dst_type;
1107 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1108 mgmt_new_ltk(hdev, smp->ltk, persistent);
1111 if (smp->slave_ltk) {
1112 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1113 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1114 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1117 if (smp->link_key) {
1118 struct link_key *key;
1121 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1122 type = HCI_LK_DEBUG_COMBINATION;
1123 else if (hcon->sec_level == BT_SECURITY_FIPS)
1124 type = HCI_LK_AUTH_COMBINATION_P256;
1126 type = HCI_LK_UNAUTH_COMBINATION_P256;
1128 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1129 smp->link_key, type, 0, &persistent);
1131 mgmt_new_link_key(hdev, key, persistent);
1133 /* Don't keep debug keys around if the relevant
1136 if (!hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS) &&
1137 key->type == HCI_LK_DEBUG_COMBINATION) {
1138 list_del_rcu(&key->list);
1139 kfree_rcu(key, rcu);
1145 static void sc_add_ltk(struct smp_chan *smp)
1147 struct hci_conn *hcon = smp->conn->hcon;
1150 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1151 key_type = SMP_LTK_P256_DEBUG;
1153 key_type = SMP_LTK_P256;
1155 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1160 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1161 key_type, auth, smp->tk, smp->enc_key_size,
1165 static void sc_generate_link_key(struct smp_chan *smp)
1167 /* These constants are as specified in the core specification.
1168 * In ASCII they spell out to 'tmp1' and 'lebr'.
1170 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1171 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1173 smp->link_key = kzalloc(16, GFP_KERNEL);
1177 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1178 kzfree(smp->link_key);
1179 smp->link_key = NULL;
1183 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1184 kzfree(smp->link_key);
1185 smp->link_key = NULL;
1190 static void smp_allow_key_dist(struct smp_chan *smp)
1192 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1193 * will be allowed in each PDU handler to ensure we receive
1194 * them in the correct order.
1196 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1197 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1198 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1199 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1200 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1201 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1204 static void sc_generate_ltk(struct smp_chan *smp)
1206 /* These constants are as specified in the core specification.
1207 * In ASCII they spell out to 'tmp2' and 'brle'.
1209 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1210 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1211 struct hci_conn *hcon = smp->conn->hcon;
1212 struct hci_dev *hdev = hcon->hdev;
1213 struct link_key *key;
1215 key = hci_find_link_key(hdev, &hcon->dst);
1217 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1221 if (key->type == HCI_LK_DEBUG_COMBINATION)
1222 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1224 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1227 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1233 static void smp_distribute_keys(struct smp_chan *smp)
1235 struct smp_cmd_pairing *req, *rsp;
1236 struct l2cap_conn *conn = smp->conn;
1237 struct hci_conn *hcon = conn->hcon;
1238 struct hci_dev *hdev = hcon->hdev;
1241 BT_DBG("conn %p", conn);
1243 rsp = (void *) &smp->prsp[1];
1245 /* The responder sends its keys first */
1246 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1247 smp_allow_key_dist(smp);
1251 req = (void *) &smp->preq[1];
1254 keydist = &rsp->init_key_dist;
1255 *keydist &= req->init_key_dist;
1257 keydist = &rsp->resp_key_dist;
1258 *keydist &= req->resp_key_dist;
1261 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1262 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1263 sc_generate_link_key(smp);
1264 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1265 sc_generate_ltk(smp);
1267 /* Clear the keys which are generated but not distributed */
1268 *keydist &= ~SMP_SC_NO_DIST;
1271 BT_DBG("keydist 0x%x", *keydist);
1273 if (*keydist & SMP_DIST_ENC_KEY) {
1274 struct smp_cmd_encrypt_info enc;
1275 struct smp_cmd_master_ident ident;
1276 struct smp_ltk *ltk;
1281 /* Make sure we generate only the significant amount of
1282 * bytes based on the encryption key size, and set the rest
1283 * of the value to zeroes.
1285 get_random_bytes(enc.ltk, smp->enc_key_size);
1286 memset(enc.ltk + smp->enc_key_size, 0,
1287 sizeof(enc.ltk) - smp->enc_key_size);
1289 get_random_bytes(&ediv, sizeof(ediv));
1290 get_random_bytes(&rand, sizeof(rand));
1292 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1294 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1295 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1296 SMP_LTK_SLAVE, authenticated, enc.ltk,
1297 smp->enc_key_size, ediv, rand);
1298 smp->slave_ltk = ltk;
1303 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1305 *keydist &= ~SMP_DIST_ENC_KEY;
1308 if (*keydist & SMP_DIST_ID_KEY) {
1309 struct smp_cmd_ident_addr_info addrinfo;
1310 struct smp_cmd_ident_info idinfo;
1312 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1314 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1316 /* The hci_conn contains the local identity address
1317 * after the connection has been established.
1319 * This is true even when the connection has been
1320 * established using a resolvable random address.
1322 bacpy(&addrinfo.bdaddr, &hcon->src);
1323 addrinfo.addr_type = hcon->src_type;
1325 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1328 *keydist &= ~SMP_DIST_ID_KEY;
1331 if (*keydist & SMP_DIST_SIGN) {
1332 struct smp_cmd_sign_info sign;
1333 struct smp_csrk *csrk;
1335 /* Generate a new random key */
1336 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1338 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1340 if (hcon->sec_level > BT_SECURITY_MEDIUM)
1341 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED;
1343 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED;
1344 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1346 smp->slave_csrk = csrk;
1348 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1350 *keydist &= ~SMP_DIST_SIGN;
1353 /* If there are still keys to be received wait for them */
1354 if (smp->remote_key_dist & KEY_DIST_MASK) {
1355 smp_allow_key_dist(smp);
1359 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1360 smp_notify_keys(conn);
1362 smp_chan_destroy(conn);
1365 static void smp_timeout(struct work_struct *work)
1367 struct smp_chan *smp = container_of(work, struct smp_chan,
1368 security_timer.work);
1369 struct l2cap_conn *conn = smp->conn;
1371 BT_DBG("conn %p", conn);
1373 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1376 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1378 struct l2cap_chan *chan = conn->smp;
1379 struct smp_chan *smp;
1381 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1385 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1386 if (IS_ERR(smp->tfm_aes)) {
1387 BT_ERR("Unable to create ECB crypto context");
1392 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1393 if (IS_ERR(smp->tfm_cmac)) {
1394 BT_ERR("Unable to create CMAC crypto context");
1395 crypto_free_blkcipher(smp->tfm_aes);
1403 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1405 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1407 hci_conn_hold(conn->hcon);
1412 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1414 struct hci_conn *hcon = smp->conn->hcon;
1415 u8 *na, *nb, a[7], b[7];
1425 memcpy(a, &hcon->init_addr, 6);
1426 memcpy(b, &hcon->resp_addr, 6);
1427 a[6] = hcon->init_addr_type;
1428 b[6] = hcon->resp_addr_type;
1430 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1433 static void sc_dhkey_check(struct smp_chan *smp)
1435 struct hci_conn *hcon = smp->conn->hcon;
1436 struct smp_cmd_dhkey_check check;
1437 u8 a[7], b[7], *local_addr, *remote_addr;
1438 u8 io_cap[3], r[16];
1440 memcpy(a, &hcon->init_addr, 6);
1441 memcpy(b, &hcon->resp_addr, 6);
1442 a[6] = hcon->init_addr_type;
1443 b[6] = hcon->resp_addr_type;
1448 memcpy(io_cap, &smp->preq[1], 3);
1452 memcpy(io_cap, &smp->prsp[1], 3);
1455 memset(r, 0, sizeof(r));
1457 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1458 put_unaligned_le32(hcon->passkey_notify, r);
1460 if (smp->method == REQ_OOB)
1461 memcpy(r, smp->rr, 16);
1463 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1464 local_addr, remote_addr, check.e);
1466 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1469 static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1471 struct l2cap_conn *conn = smp->conn;
1472 struct hci_conn *hcon = conn->hcon;
1473 struct smp_cmd_pairing_confirm cfm;
1476 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1479 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1481 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1483 return SMP_UNSPECIFIED;
1485 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1490 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1492 struct l2cap_conn *conn = smp->conn;
1493 struct hci_conn *hcon = conn->hcon;
1494 struct hci_dev *hdev = hcon->hdev;
1497 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1498 if (smp->passkey_round >= 20)
1502 case SMP_CMD_PAIRING_RANDOM:
1503 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1506 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1508 return SMP_UNSPECIFIED;
1510 if (memcmp(smp->pcnf, cfm, 16))
1511 return SMP_CONFIRM_FAILED;
1513 smp->passkey_round++;
1515 if (smp->passkey_round == 20) {
1516 /* Generate MacKey and LTK */
1517 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1518 return SMP_UNSPECIFIED;
1521 /* The round is only complete when the initiator
1522 * receives pairing random.
1525 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1526 sizeof(smp->prnd), smp->prnd);
1527 if (smp->passkey_round == 20)
1528 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1530 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1534 /* Start the next round */
1535 if (smp->passkey_round != 20)
1536 return sc_passkey_round(smp, 0);
1538 /* Passkey rounds are complete - start DHKey Check */
1539 sc_dhkey_check(smp);
1540 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1544 case SMP_CMD_PAIRING_CONFIRM:
1545 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1546 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1550 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1553 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1554 sizeof(smp->prnd), smp->prnd);
1558 return sc_passkey_send_confirm(smp);
1560 case SMP_CMD_PUBLIC_KEY:
1562 /* Initiating device starts the round */
1566 BT_DBG("%s Starting passkey round %u", hdev->name,
1567 smp->passkey_round + 1);
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1571 return sc_passkey_send_confirm(smp);
1577 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1579 struct l2cap_conn *conn = smp->conn;
1580 struct hci_conn *hcon = conn->hcon;
1583 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1586 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1587 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1589 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1590 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1592 case MGMT_OP_USER_PASSKEY_REPLY:
1593 hcon->passkey_notify = le32_to_cpu(passkey);
1594 smp->passkey_round = 0;
1596 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1597 smp_op = SMP_CMD_PAIRING_CONFIRM;
1601 if (sc_passkey_round(smp, smp_op))
1607 /* Initiator sends DHKey check first */
1609 sc_dhkey_check(smp);
1610 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1611 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1612 sc_dhkey_check(smp);
1619 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1621 struct l2cap_conn *conn = hcon->l2cap_data;
1622 struct l2cap_chan *chan;
1623 struct smp_chan *smp;
1636 l2cap_chan_lock(chan);
1644 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1645 err = sc_user_reply(smp, mgmt_op, passkey);
1650 case MGMT_OP_USER_PASSKEY_REPLY:
1651 value = le32_to_cpu(passkey);
1652 memset(smp->tk, 0, sizeof(smp->tk));
1653 BT_DBG("PassKey: %d", value);
1654 put_unaligned_le32(value, smp->tk);
1656 case MGMT_OP_USER_CONFIRM_REPLY:
1657 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1659 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1660 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1661 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1665 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1672 /* If it is our turn to send Pairing Confirm, do so now */
1673 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1674 u8 rsp = smp_confirm(smp);
1676 smp_failure(conn, rsp);
1680 l2cap_chan_unlock(chan);
1684 static void build_bredr_pairing_cmd(struct smp_chan *smp,
1685 struct smp_cmd_pairing *req,
1686 struct smp_cmd_pairing *rsp)
1688 struct l2cap_conn *conn = smp->conn;
1689 struct hci_dev *hdev = conn->hcon->hdev;
1690 u8 local_dist = 0, remote_dist = 0;
1692 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) {
1693 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1694 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1697 if (hci_dev_test_flag(hdev, HCI_RPA_RESOLVING))
1698 remote_dist |= SMP_DIST_ID_KEY;
1700 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
1701 local_dist |= SMP_DIST_ID_KEY;
1704 memset(req, 0, sizeof(*req));
1706 req->init_key_dist = local_dist;
1707 req->resp_key_dist = remote_dist;
1708 req->max_key_size = conn->hcon->enc_key_size;
1710 smp->remote_key_dist = remote_dist;
1715 memset(rsp, 0, sizeof(*rsp));
1717 rsp->max_key_size = conn->hcon->enc_key_size;
1718 rsp->init_key_dist = req->init_key_dist & remote_dist;
1719 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1721 smp->remote_key_dist = rsp->init_key_dist;
1724 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1726 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1727 struct l2cap_chan *chan = conn->smp;
1728 struct hci_dev *hdev = conn->hcon->hdev;
1729 struct smp_chan *smp;
1730 u8 key_size, auth, sec_level;
1733 BT_DBG("conn %p", conn);
1735 if (skb->len < sizeof(*req))
1736 return SMP_INVALID_PARAMS;
1738 if (conn->hcon->role != HCI_ROLE_SLAVE)
1739 return SMP_CMD_NOTSUPP;
1742 smp = smp_chan_create(conn);
1747 return SMP_UNSPECIFIED;
1749 /* We didn't start the pairing, so match remote */
1750 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1752 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
1753 (auth & SMP_AUTH_BONDING))
1754 return SMP_PAIRING_NOTSUPP;
1756 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1757 return SMP_AUTH_REQUIREMENTS;
1759 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1760 memcpy(&smp->preq[1], req, sizeof(*req));
1761 skb_pull(skb, sizeof(*req));
1763 /* If the remote side's OOB flag is set it means it has
1764 * successfully received our local OOB data - therefore set the
1765 * flag to indicate that local OOB is in use.
1767 if (req->oob_flag == SMP_OOB_PRESENT)
1768 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1770 /* SMP over BR/EDR requires special treatment */
1771 if (conn->hcon->type == ACL_LINK) {
1772 /* We must have a BR/EDR SC link */
1773 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1774 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
1775 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1777 set_bit(SMP_FLAG_SC, &smp->flags);
1779 build_bredr_pairing_cmd(smp, req, &rsp);
1781 key_size = min(req->max_key_size, rsp.max_key_size);
1782 if (check_enc_key_size(conn, key_size))
1783 return SMP_ENC_KEY_SIZE;
1785 /* Clear bits which are generated but not distributed */
1786 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1788 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1789 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1790 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1792 smp_distribute_keys(smp);
1796 build_pairing_cmd(conn, req, &rsp, auth);
1798 if (rsp.auth_req & SMP_AUTH_SC)
1799 set_bit(SMP_FLAG_SC, &smp->flags);
1801 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1802 sec_level = BT_SECURITY_MEDIUM;
1804 sec_level = authreq_to_seclevel(auth);
1806 if (sec_level > conn->hcon->pending_sec_level)
1807 conn->hcon->pending_sec_level = sec_level;
1809 /* If we need MITM check that it can be achieved */
1810 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1813 method = get_auth_method(smp, conn->hcon->io_capability,
1814 req->io_capability);
1815 if (method == JUST_WORKS || method == JUST_CFM)
1816 return SMP_AUTH_REQUIREMENTS;
1819 key_size = min(req->max_key_size, rsp.max_key_size);
1820 if (check_enc_key_size(conn, key_size))
1821 return SMP_ENC_KEY_SIZE;
1823 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1825 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1826 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1828 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1830 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1832 /* Strictly speaking we shouldn't allow Pairing Confirm for the
1833 * SC case, however some implementations incorrectly copy RFU auth
1834 * req bits from our security request, which may create a false
1835 * positive SC enablement.
1837 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1839 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1840 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1841 /* Clear bits which are generated but not distributed */
1842 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1843 /* Wait for Public Key from Initiating Device */
1847 /* Request setup of TK */
1848 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1850 return SMP_UNSPECIFIED;
1855 static u8 sc_send_public_key(struct smp_chan *smp)
1857 struct hci_dev *hdev = smp->conn->hcon->hdev;
1861 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1862 struct l2cap_chan *chan = hdev->smp_data;
1863 struct smp_dev *smp_dev;
1865 if (!chan || !chan->data)
1866 return SMP_UNSPECIFIED;
1868 smp_dev = chan->data;
1870 memcpy(smp->local_pk, smp_dev->local_pk, 64);
1871 memcpy(smp->local_sk, smp_dev->local_sk, 32);
1872 memcpy(smp->lr, smp_dev->local_rand, 16);
1874 if (smp_dev->debug_key)
1875 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1880 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
1881 BT_DBG("Using debug keys");
1882 memcpy(smp->local_pk, debug_pk, 64);
1883 memcpy(smp->local_sk, debug_sk, 32);
1884 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1887 /* Generate local key pair for Secure Connections */
1888 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1889 return SMP_UNSPECIFIED;
1891 /* This is unlikely, but we need to check that
1892 * we didn't accidentially generate a debug key.
1894 if (memcmp(smp->local_sk, debug_sk, 32))
1900 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1901 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32);
1902 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1904 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1909 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1911 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1912 struct l2cap_chan *chan = conn->smp;
1913 struct smp_chan *smp = chan->data;
1914 struct hci_dev *hdev = conn->hcon->hdev;
1918 BT_DBG("conn %p", conn);
1920 if (skb->len < sizeof(*rsp))
1921 return SMP_INVALID_PARAMS;
1923 if (conn->hcon->role != HCI_ROLE_MASTER)
1924 return SMP_CMD_NOTSUPP;
1926 skb_pull(skb, sizeof(*rsp));
1928 req = (void *) &smp->preq[1];
1930 key_size = min(req->max_key_size, rsp->max_key_size);
1931 if (check_enc_key_size(conn, key_size))
1932 return SMP_ENC_KEY_SIZE;
1934 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1936 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
1937 return SMP_AUTH_REQUIREMENTS;
1939 /* If the remote side's OOB flag is set it means it has
1940 * successfully received our local OOB data - therefore set the
1941 * flag to indicate that local OOB is in use.
1943 if (rsp->oob_flag == SMP_OOB_PRESENT)
1944 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);
1946 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1947 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1949 /* Update remote key distribution in case the remote cleared
1950 * some bits that we had enabled in our request.
1952 smp->remote_key_dist &= rsp->resp_key_dist;
1954 /* For BR/EDR this means we're done and can start phase 3 */
1955 if (conn->hcon->type == ACL_LINK) {
1956 /* Clear bits which are generated but not distributed */
1957 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1958 smp_distribute_keys(smp);
1962 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1963 set_bit(SMP_FLAG_SC, &smp->flags);
1964 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1965 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1967 /* If we need MITM check that it can be achieved */
1968 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1971 method = get_auth_method(smp, req->io_capability,
1972 rsp->io_capability);
1973 if (method == JUST_WORKS || method == JUST_CFM)
1974 return SMP_AUTH_REQUIREMENTS;
1977 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1979 /* Update remote key distribution in case the remote cleared
1980 * some bits that we had enabled in our request.
1982 smp->remote_key_dist &= rsp->resp_key_dist;
1984 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1985 /* Clear bits which are generated but not distributed */
1986 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1987 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1988 return sc_send_public_key(smp);
1991 auth |= req->auth_req;
1993 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1995 return SMP_UNSPECIFIED;
1997 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1999 /* Can't compose response until we have been confirmed */
2000 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2001 return smp_confirm(smp);
2006 static u8 sc_check_confirm(struct smp_chan *smp)
2008 struct l2cap_conn *conn = smp->conn;
2012 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2013 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
2015 if (conn->hcon->out) {
2016 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2018 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2024 /* Work-around for some implementations that incorrectly copy RFU bits
2025 * from our security request and thereby create the impression that
2026 * we're doing SC when in fact the remote doesn't support it.
2028 static int fixup_sc_false_positive(struct smp_chan *smp)
2030 struct l2cap_conn *conn = smp->conn;
2031 struct hci_conn *hcon = conn->hcon;
2032 struct hci_dev *hdev = hcon->hdev;
2033 struct smp_cmd_pairing *req, *rsp;
2036 /* The issue is only observed when we're in slave role */
2038 return SMP_UNSPECIFIED;
2040 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
2041 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode");
2042 return SMP_UNSPECIFIED;
2045 BT_ERR("Trying to fall back to legacy SMP");
2047 req = (void *) &smp->preq[1];
2048 rsp = (void *) &smp->prsp[1];
2050 /* Rebuild key dist flags which may have been cleared for SC */
2051 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist);
2053 auth = req->auth_req & AUTH_REQ_MASK(hdev);
2055 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) {
2056 BT_ERR("Failed to fall back to legacy SMP");
2057 return SMP_UNSPECIFIED;
2060 clear_bit(SMP_FLAG_SC, &smp->flags);
2065 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
2067 struct l2cap_chan *chan = conn->smp;
2068 struct smp_chan *smp = chan->data;
2070 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
2072 if (skb->len < sizeof(smp->pcnf))
2073 return SMP_INVALID_PARAMS;
2075 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
2076 skb_pull(skb, sizeof(smp->pcnf));
2078 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
2081 /* Public Key exchange must happen before any other steps */
2082 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
2083 return sc_check_confirm(smp);
2085 BT_ERR("Unexpected SMP Pairing Confirm");
2087 ret = fixup_sc_false_positive(smp);
2092 if (conn->hcon->out) {
2093 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2095 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2099 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
2100 return smp_confirm(smp);
2102 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2107 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
2109 struct l2cap_chan *chan = conn->smp;
2110 struct smp_chan *smp = chan->data;
2111 struct hci_conn *hcon = conn->hcon;
2112 u8 *pkax, *pkbx, *na, *nb;
2116 BT_DBG("conn %p", conn);
2118 if (skb->len < sizeof(smp->rrnd))
2119 return SMP_INVALID_PARAMS;
2121 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
2122 skb_pull(skb, sizeof(smp->rrnd));
2124 if (!test_bit(SMP_FLAG_SC, &smp->flags))
2125 return smp_random(smp);
2128 pkax = smp->local_pk;
2129 pkbx = smp->remote_pk;
2133 pkax = smp->remote_pk;
2134 pkbx = smp->local_pk;
2139 if (smp->method == REQ_OOB) {
2141 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2142 sizeof(smp->prnd), smp->prnd);
2143 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2144 goto mackey_and_ltk;
2147 /* Passkey entry has special treatment */
2148 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2149 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
2154 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
2157 return SMP_UNSPECIFIED;
2159 if (memcmp(smp->pcnf, cfm, 16))
2160 return SMP_CONFIRM_FAILED;
2162 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2164 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2168 /* Generate MacKey and LTK */
2169 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
2171 return SMP_UNSPECIFIED;
2173 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2175 sc_dhkey_check(smp);
2176 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2181 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2183 return SMP_UNSPECIFIED;
2185 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2186 hcon->dst_type, passkey, 0);
2188 return SMP_UNSPECIFIED;
2190 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2195 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2197 struct smp_ltk *key;
2198 struct hci_conn *hcon = conn->hcon;
2200 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2204 if (smp_ltk_sec_level(key) < sec_level)
2207 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2210 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);
2211 hcon->enc_key_size = key->enc_size;
2213 /* We never store STKs for master role, so clear this flag */
2214 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2219 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2220 enum smp_key_pref key_pref)
2222 if (sec_level == BT_SECURITY_LOW)
2225 /* If we're encrypted with an STK but the caller prefers using
2226 * LTK claim insufficient security. This way we allow the
2227 * connection to be re-encrypted with an LTK, even if the LTK
2228 * provides the same level of security. Only exception is if we
2229 * don't have an LTK (e.g. because of key distribution bits).
2231 if (key_pref == SMP_USE_LTK &&
2232 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2233 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2236 if (hcon->sec_level >= sec_level)
2242 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2244 struct smp_cmd_security_req *rp = (void *) skb->data;
2245 struct smp_cmd_pairing cp;
2246 struct hci_conn *hcon = conn->hcon;
2247 struct hci_dev *hdev = hcon->hdev;
2248 struct smp_chan *smp;
2251 BT_DBG("conn %p", conn);
2253 if (skb->len < sizeof(*rp))
2254 return SMP_INVALID_PARAMS;
2256 if (hcon->role != HCI_ROLE_MASTER)
2257 return SMP_CMD_NOTSUPP;
2259 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2261 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && !(auth & SMP_AUTH_SC))
2262 return SMP_AUTH_REQUIREMENTS;
2264 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2265 sec_level = BT_SECURITY_MEDIUM;
2267 sec_level = authreq_to_seclevel(auth);
2269 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2272 if (sec_level > hcon->pending_sec_level)
2273 hcon->pending_sec_level = sec_level;
2275 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2278 smp = smp_chan_create(conn);
2280 return SMP_UNSPECIFIED;
2282 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
2283 (auth & SMP_AUTH_BONDING))
2284 return SMP_PAIRING_NOTSUPP;
2286 skb_pull(skb, sizeof(*rp));
2288 memset(&cp, 0, sizeof(cp));
2289 build_pairing_cmd(conn, &cp, NULL, auth);
2291 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2292 memcpy(&smp->preq[1], &cp, sizeof(cp));
2294 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2295 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2300 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2302 struct l2cap_conn *conn = hcon->l2cap_data;
2303 struct l2cap_chan *chan;
2304 struct smp_chan *smp;
2308 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2310 /* This may be NULL if there's an unexpected disconnection */
2314 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
2317 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2320 if (sec_level > hcon->pending_sec_level)
2321 hcon->pending_sec_level = sec_level;
2323 if (hcon->role == HCI_ROLE_MASTER)
2324 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2329 BT_ERR("SMP security requested but not available");
2333 l2cap_chan_lock(chan);
2335 /* If SMP is already in progress ignore this request */
2341 smp = smp_chan_create(conn);
2347 authreq = seclevel_to_authreq(sec_level);
2349 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED))
2350 authreq |= SMP_AUTH_SC;
2352 /* Require MITM if IO Capability allows or the security level
2355 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2356 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2357 authreq |= SMP_AUTH_MITM;
2359 if (hcon->role == HCI_ROLE_MASTER) {
2360 struct smp_cmd_pairing cp;
2362 build_pairing_cmd(conn, &cp, NULL, authreq);
2363 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2364 memcpy(&smp->preq[1], &cp, sizeof(cp));
2366 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2367 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2369 struct smp_cmd_security_req cp;
2370 cp.auth_req = authreq;
2371 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2372 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2375 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2379 l2cap_chan_unlock(chan);
2383 void smp_cancel_pairing(struct hci_conn *hcon)
2385 struct l2cap_conn *conn = hcon->l2cap_data;
2386 struct l2cap_chan *chan;
2387 struct smp_chan *smp;
2396 l2cap_chan_lock(chan);
2400 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags))
2401 smp_failure(conn, 0);
2403 smp_failure(conn, SMP_UNSPECIFIED);
2406 l2cap_chan_unlock(chan);
2409 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2411 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2412 struct l2cap_chan *chan = conn->smp;
2413 struct smp_chan *smp = chan->data;
2415 BT_DBG("conn %p", conn);
2417 if (skb->len < sizeof(*rp))
2418 return SMP_INVALID_PARAMS;
2420 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2422 skb_pull(skb, sizeof(*rp));
2424 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2429 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2431 struct smp_cmd_master_ident *rp = (void *) skb->data;
2432 struct l2cap_chan *chan = conn->smp;
2433 struct smp_chan *smp = chan->data;
2434 struct hci_dev *hdev = conn->hcon->hdev;
2435 struct hci_conn *hcon = conn->hcon;
2436 struct smp_ltk *ltk;
2439 BT_DBG("conn %p", conn);
2441 if (skb->len < sizeof(*rp))
2442 return SMP_INVALID_PARAMS;
2444 /* Mark the information as received */
2445 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2447 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2448 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2449 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2450 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2452 skb_pull(skb, sizeof(*rp));
2454 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2455 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2456 authenticated, smp->tk, smp->enc_key_size,
2457 rp->ediv, rp->rand);
2459 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2460 smp_distribute_keys(smp);
2465 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2467 struct smp_cmd_ident_info *info = (void *) skb->data;
2468 struct l2cap_chan *chan = conn->smp;
2469 struct smp_chan *smp = chan->data;
2473 if (skb->len < sizeof(*info))
2474 return SMP_INVALID_PARAMS;
2476 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2478 skb_pull(skb, sizeof(*info));
2480 memcpy(smp->irk, info->irk, 16);
2485 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2486 struct sk_buff *skb)
2488 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2489 struct l2cap_chan *chan = conn->smp;
2490 struct smp_chan *smp = chan->data;
2491 struct hci_conn *hcon = conn->hcon;
2496 if (skb->len < sizeof(*info))
2497 return SMP_INVALID_PARAMS;
2499 /* Mark the information as received */
2500 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2502 if (smp->remote_key_dist & SMP_DIST_SIGN)
2503 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2505 skb_pull(skb, sizeof(*info));
2507 /* Strictly speaking the Core Specification (4.1) allows sending
2508 * an empty address which would force us to rely on just the IRK
2509 * as "identity information". However, since such
2510 * implementations are not known of and in order to not over
2511 * complicate our implementation, simply pretend that we never
2512 * received an IRK for such a device.
2514 * The Identity Address must also be a Static Random or Public
2515 * Address, which hci_is_identity_address() checks for.
2517 if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
2518 !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
2519 BT_ERR("Ignoring IRK with no identity address");
2523 bacpy(&smp->id_addr, &info->bdaddr);
2524 smp->id_addr_type = info->addr_type;
2526 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2527 bacpy(&rpa, &hcon->dst);
2529 bacpy(&rpa, BDADDR_ANY);
2531 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2532 smp->id_addr_type, smp->irk, &rpa);
2535 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2536 smp_distribute_keys(smp);
2541 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2543 struct smp_cmd_sign_info *rp = (void *) skb->data;
2544 struct l2cap_chan *chan = conn->smp;
2545 struct smp_chan *smp = chan->data;
2546 struct smp_csrk *csrk;
2548 BT_DBG("conn %p", conn);
2550 if (skb->len < sizeof(*rp))
2551 return SMP_INVALID_PARAMS;
2553 /* Mark the information as received */
2554 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2556 skb_pull(skb, sizeof(*rp));
2558 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2560 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)
2561 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED;
2563 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED;
2564 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2567 smp_distribute_keys(smp);
2572 static u8 sc_select_method(struct smp_chan *smp)
2574 struct l2cap_conn *conn = smp->conn;
2575 struct hci_conn *hcon = conn->hcon;
2576 struct smp_cmd_pairing *local, *remote;
2577 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2579 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) ||
2580 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags))
2583 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2584 * which are needed as inputs to some crypto functions. To get
2585 * the "struct smp_cmd_pairing" from them we need to skip the
2586 * first byte which contains the opcode.
2589 local = (void *) &smp->preq[1];
2590 remote = (void *) &smp->prsp[1];
2592 local = (void *) &smp->prsp[1];
2593 remote = (void *) &smp->preq[1];
2596 local_io = local->io_capability;
2597 remote_io = remote->io_capability;
2599 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2600 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2602 /* If either side wants MITM, look up the method from the table,
2603 * otherwise use JUST WORKS.
2605 if (local_mitm || remote_mitm)
2606 method = get_auth_method(smp, local_io, remote_io);
2608 method = JUST_WORKS;
2610 /* Don't confirm locally initiated pairing attempts */
2611 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2612 method = JUST_WORKS;
2617 static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2619 struct smp_cmd_public_key *key = (void *) skb->data;
2620 struct hci_conn *hcon = conn->hcon;
2621 struct l2cap_chan *chan = conn->smp;
2622 struct smp_chan *smp = chan->data;
2623 struct hci_dev *hdev = hcon->hdev;
2624 struct smp_cmd_pairing_confirm cfm;
2627 BT_DBG("conn %p", conn);
2629 if (skb->len < sizeof(*key))
2630 return SMP_INVALID_PARAMS;
2632 memcpy(smp->remote_pk, key, 64);
2634 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
2635 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2636 smp->rr, 0, cfm.confirm_val);
2638 return SMP_UNSPECIFIED;
2640 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2641 return SMP_CONFIRM_FAILED;
2644 /* Non-initiating device sends its public key after receiving
2645 * the key from the initiating device.
2648 err = sc_send_public_key(smp);
2653 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2654 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32);
2656 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2657 return SMP_UNSPECIFIED;
2659 SMP_DBG("DHKey %32phN", smp->dhkey);
2661 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2663 smp->method = sc_select_method(smp);
2665 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2667 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2668 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2669 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2671 hcon->pending_sec_level = BT_SECURITY_FIPS;
2673 if (!memcmp(debug_pk, smp->remote_pk, 64))
2674 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2676 if (smp->method == DSP_PASSKEY) {
2677 get_random_bytes(&hcon->passkey_notify,
2678 sizeof(hcon->passkey_notify));
2679 hcon->passkey_notify %= 1000000;
2680 hcon->passkey_entered = 0;
2681 smp->passkey_round = 0;
2682 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2684 hcon->passkey_notify,
2685 hcon->passkey_entered))
2686 return SMP_UNSPECIFIED;
2687 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2688 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2691 if (smp->method == REQ_OOB) {
2693 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2694 sizeof(smp->prnd), smp->prnd);
2696 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2702 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2704 if (smp->method == REQ_PASSKEY) {
2705 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2707 return SMP_UNSPECIFIED;
2708 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2709 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2713 /* The Initiating device waits for the non-initiating device to
2714 * send the confirm value.
2716 if (conn->hcon->out)
2719 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2720 0, cfm.confirm_val);
2722 return SMP_UNSPECIFIED;
2724 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2725 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2730 static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2732 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2733 struct l2cap_chan *chan = conn->smp;
2734 struct hci_conn *hcon = conn->hcon;
2735 struct smp_chan *smp = chan->data;
2736 u8 a[7], b[7], *local_addr, *remote_addr;
2737 u8 io_cap[3], r[16], e[16];
2740 BT_DBG("conn %p", conn);
2742 if (skb->len < sizeof(*check))
2743 return SMP_INVALID_PARAMS;
2745 memcpy(a, &hcon->init_addr, 6);
2746 memcpy(b, &hcon->resp_addr, 6);
2747 a[6] = hcon->init_addr_type;
2748 b[6] = hcon->resp_addr_type;
2753 memcpy(io_cap, &smp->prsp[1], 3);
2757 memcpy(io_cap, &smp->preq[1], 3);
2760 memset(r, 0, sizeof(r));
2762 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2763 put_unaligned_le32(hcon->passkey_notify, r);
2764 else if (smp->method == REQ_OOB)
2765 memcpy(r, smp->lr, 16);
2767 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2768 io_cap, remote_addr, local_addr, e);
2770 return SMP_UNSPECIFIED;
2772 if (memcmp(check->e, e, 16))
2773 return SMP_DHKEY_CHECK_FAILED;
2776 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2777 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2781 /* Slave sends DHKey check as response to master */
2782 sc_dhkey_check(smp);
2788 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
2789 hcon->enc_key_size = smp->enc_key_size;
2795 static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2796 struct sk_buff *skb)
2798 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2800 BT_DBG("value 0x%02x", kp->value);
2805 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2807 struct l2cap_conn *conn = chan->conn;
2808 struct hci_conn *hcon = conn->hcon;
2809 struct smp_chan *smp;
2816 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {
2817 reason = SMP_PAIRING_NOTSUPP;
2821 code = skb->data[0];
2822 skb_pull(skb, sizeof(code));
2826 if (code > SMP_CMD_MAX)
2829 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2832 /* If we don't have a context the only allowed commands are
2833 * pairing request and security request.
2835 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2839 case SMP_CMD_PAIRING_REQ:
2840 reason = smp_cmd_pairing_req(conn, skb);
2843 case SMP_CMD_PAIRING_FAIL:
2844 smp_failure(conn, 0);
2848 case SMP_CMD_PAIRING_RSP:
2849 reason = smp_cmd_pairing_rsp(conn, skb);
2852 case SMP_CMD_SECURITY_REQ:
2853 reason = smp_cmd_security_req(conn, skb);
2856 case SMP_CMD_PAIRING_CONFIRM:
2857 reason = smp_cmd_pairing_confirm(conn, skb);
2860 case SMP_CMD_PAIRING_RANDOM:
2861 reason = smp_cmd_pairing_random(conn, skb);
2864 case SMP_CMD_ENCRYPT_INFO:
2865 reason = smp_cmd_encrypt_info(conn, skb);
2868 case SMP_CMD_MASTER_IDENT:
2869 reason = smp_cmd_master_ident(conn, skb);
2872 case SMP_CMD_IDENT_INFO:
2873 reason = smp_cmd_ident_info(conn, skb);
2876 case SMP_CMD_IDENT_ADDR_INFO:
2877 reason = smp_cmd_ident_addr_info(conn, skb);
2880 case SMP_CMD_SIGN_INFO:
2881 reason = smp_cmd_sign_info(conn, skb);
2884 case SMP_CMD_PUBLIC_KEY:
2885 reason = smp_cmd_public_key(conn, skb);
2888 case SMP_CMD_DHKEY_CHECK:
2889 reason = smp_cmd_dhkey_check(conn, skb);
2892 case SMP_CMD_KEYPRESS_NOTIFY:
2893 reason = smp_cmd_keypress_notify(conn, skb);
2897 BT_DBG("Unknown command code 0x%2.2x", code);
2898 reason = SMP_CMD_NOTSUPP;
2905 smp_failure(conn, reason);
2912 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2918 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2920 struct l2cap_conn *conn = chan->conn;
2922 BT_DBG("chan %p", chan);
2925 smp_chan_destroy(conn);
2928 l2cap_chan_put(chan);
2931 static void bredr_pairing(struct l2cap_chan *chan)
2933 struct l2cap_conn *conn = chan->conn;
2934 struct hci_conn *hcon = conn->hcon;
2935 struct hci_dev *hdev = hcon->hdev;
2936 struct smp_cmd_pairing req;
2937 struct smp_chan *smp;
2939 BT_DBG("chan %p", chan);
2941 /* Only new pairings are interesting */
2942 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2945 /* Don't bother if we're not encrypted */
2946 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2949 /* Only master may initiate SMP over BR/EDR */
2950 if (hcon->role != HCI_ROLE_MASTER)
2953 /* Secure Connections support must be enabled */
2954 if (!hci_dev_test_flag(hdev, HCI_SC_ENABLED))
2957 /* BR/EDR must use Secure Connections for SMP */
2958 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2959 !hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
2962 /* If our LE support is not enabled don't do anything */
2963 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2966 /* Don't bother if remote LE support is not enabled */
2967 if (!lmp_host_le_capable(hcon))
2970 /* Remote must support SMP fixed chan for BR/EDR */
2971 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2974 /* Don't bother if SMP is already ongoing */
2978 smp = smp_chan_create(conn);
2980 BT_ERR("%s unable to create SMP context for BR/EDR",
2985 set_bit(SMP_FLAG_SC, &smp->flags);
2987 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2989 /* Prepare and send the BR/EDR SMP Pairing Request */
2990 build_bredr_pairing_cmd(smp, &req, NULL);
2992 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2993 memcpy(&smp->preq[1], &req, sizeof(req));
2995 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2996 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2999 static void smp_resume_cb(struct l2cap_chan *chan)
3001 struct smp_chan *smp = chan->data;
3002 struct l2cap_conn *conn = chan->conn;
3003 struct hci_conn *hcon = conn->hcon;
3005 BT_DBG("chan %p", chan);
3007 if (hcon->type == ACL_LINK) {
3008 bredr_pairing(chan);
3015 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3018 cancel_delayed_work(&smp->security_timer);
3020 smp_distribute_keys(smp);
3023 static void smp_ready_cb(struct l2cap_chan *chan)
3025 struct l2cap_conn *conn = chan->conn;
3026 struct hci_conn *hcon = conn->hcon;
3028 BT_DBG("chan %p", chan);
3031 l2cap_chan_hold(chan);
3033 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3034 bredr_pairing(chan);
3037 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
3041 BT_DBG("chan %p", chan);
3043 err = smp_sig_channel(chan, skb);
3045 struct smp_chan *smp = chan->data;
3048 cancel_delayed_work_sync(&smp->security_timer);
3050 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
3056 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
3057 unsigned long hdr_len,
3058 unsigned long len, int nb)
3060 struct sk_buff *skb;
3062 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
3064 return ERR_PTR(-ENOMEM);
3066 skb->priority = HCI_PRIO_MAX;
3067 bt_cb(skb)->l2cap.chan = chan;
3072 static const struct l2cap_ops smp_chan_ops = {
3073 .name = "Security Manager",
3074 .ready = smp_ready_cb,
3075 .recv = smp_recv_cb,
3076 .alloc_skb = smp_alloc_skb_cb,
3077 .teardown = smp_teardown_cb,
3078 .resume = smp_resume_cb,
3080 .new_connection = l2cap_chan_no_new_connection,
3081 .state_change = l2cap_chan_no_state_change,
3082 .close = l2cap_chan_no_close,
3083 .defer = l2cap_chan_no_defer,
3084 .suspend = l2cap_chan_no_suspend,
3085 .set_shutdown = l2cap_chan_no_set_shutdown,
3086 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3089 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
3091 struct l2cap_chan *chan;
3093 BT_DBG("pchan %p", pchan);
3095 chan = l2cap_chan_create();
3099 chan->chan_type = pchan->chan_type;
3100 chan->ops = &smp_chan_ops;
3101 chan->scid = pchan->scid;
3102 chan->dcid = chan->scid;
3103 chan->imtu = pchan->imtu;
3104 chan->omtu = pchan->omtu;
3105 chan->mode = pchan->mode;
3107 /* Other L2CAP channels may request SMP routines in order to
3108 * change the security level. This means that the SMP channel
3109 * lock must be considered in its own category to avoid lockdep
3112 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
3114 BT_DBG("created chan %p", chan);
3119 static const struct l2cap_ops smp_root_chan_ops = {
3120 .name = "Security Manager Root",
3121 .new_connection = smp_new_conn_cb,
3123 /* None of these are implemented for the root channel */
3124 .close = l2cap_chan_no_close,
3125 .alloc_skb = l2cap_chan_no_alloc_skb,
3126 .recv = l2cap_chan_no_recv,
3127 .state_change = l2cap_chan_no_state_change,
3128 .teardown = l2cap_chan_no_teardown,
3129 .ready = l2cap_chan_no_ready,
3130 .defer = l2cap_chan_no_defer,
3131 .suspend = l2cap_chan_no_suspend,
3132 .resume = l2cap_chan_no_resume,
3133 .set_shutdown = l2cap_chan_no_set_shutdown,
3134 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
3137 static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
3139 struct l2cap_chan *chan;
3140 struct smp_dev *smp;
3141 struct crypto_blkcipher *tfm_aes;
3142 struct crypto_hash *tfm_cmac;
3144 if (cid == L2CAP_CID_SMP_BREDR) {
3149 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
3151 return ERR_PTR(-ENOMEM);
3153 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3154 if (IS_ERR(tfm_aes)) {
3155 BT_ERR("Unable to create ECB crypto context");
3157 return ERR_CAST(tfm_aes);
3160 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3161 if (IS_ERR(tfm_cmac)) {
3162 BT_ERR("Unable to create CMAC crypto context");
3163 crypto_free_blkcipher(tfm_aes);
3165 return ERR_CAST(tfm_cmac);
3168 smp->tfm_aes = tfm_aes;
3169 smp->tfm_cmac = tfm_cmac;
3170 smp->min_key_size = SMP_MIN_ENC_KEY_SIZE;
3171 smp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
3174 chan = l2cap_chan_create();
3177 crypto_free_blkcipher(smp->tfm_aes);
3178 crypto_free_hash(smp->tfm_cmac);
3181 return ERR_PTR(-ENOMEM);
3186 l2cap_add_scid(chan, cid);
3188 l2cap_chan_set_defaults(chan);
3190 if (cid == L2CAP_CID_SMP) {
3193 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type);
3195 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
3196 chan->src_type = BDADDR_LE_PUBLIC;
3198 chan->src_type = BDADDR_LE_RANDOM;
3200 bacpy(&chan->src, &hdev->bdaddr);
3201 chan->src_type = BDADDR_BREDR;
3204 chan->state = BT_LISTEN;
3205 chan->mode = L2CAP_MODE_BASIC;
3206 chan->imtu = L2CAP_DEFAULT_MTU;
3207 chan->ops = &smp_root_chan_ops;
3209 /* Set correct nesting level for a parent/listening channel */
3210 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
3215 static void smp_del_chan(struct l2cap_chan *chan)
3217 struct smp_dev *smp;
3219 BT_DBG("chan %p", chan);
3225 crypto_free_blkcipher(smp->tfm_aes);
3227 crypto_free_hash(smp->tfm_cmac);
3231 l2cap_chan_put(chan);
3234 static ssize_t force_bredr_smp_read(struct file *file,
3235 char __user *user_buf,
3236 size_t count, loff_t *ppos)
3238 struct hci_dev *hdev = file->private_data;
3241 buf[0] = hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP) ? 'Y': 'N';
3244 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3247 static ssize_t force_bredr_smp_write(struct file *file,
3248 const char __user *user_buf,
3249 size_t count, loff_t *ppos)
3251 struct hci_dev *hdev = file->private_data;
3253 size_t buf_size = min(count, (sizeof(buf)-1));
3256 if (copy_from_user(buf, user_buf, buf_size))
3259 buf[buf_size] = '\0';
3260 if (strtobool(buf, &enable))
3263 if (enable == hci_dev_test_flag(hdev, HCI_FORCE_BREDR_SMP))
3267 struct l2cap_chan *chan;
3269 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3271 return PTR_ERR(chan);
3273 hdev->smp_bredr_data = chan;
3275 struct l2cap_chan *chan;
3277 chan = hdev->smp_bredr_data;
3278 hdev->smp_bredr_data = NULL;
3282 hci_dev_change_flag(hdev, HCI_FORCE_BREDR_SMP);
3287 static const struct file_operations force_bredr_smp_fops = {
3288 .open = simple_open,
3289 .read = force_bredr_smp_read,
3290 .write = force_bredr_smp_write,
3291 .llseek = default_llseek,
3294 static ssize_t le_min_key_size_read(struct file *file,
3295 char __user *user_buf,
3296 size_t count, loff_t *ppos)
3298 struct hci_dev *hdev = file->private_data;
3301 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->min_key_size);
3303 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3306 static ssize_t le_min_key_size_write(struct file *file,
3307 const char __user *user_buf,
3308 size_t count, loff_t *ppos)
3310 struct hci_dev *hdev = file->private_data;
3312 size_t buf_size = min(count, (sizeof(buf) - 1));
3315 if (copy_from_user(buf, user_buf, buf_size))
3318 buf[buf_size] = '\0';
3320 sscanf(buf, "%hhu", &key_size);
3322 if (key_size > SMP_DEV(hdev)->max_key_size ||
3323 key_size < SMP_MIN_ENC_KEY_SIZE)
3326 SMP_DEV(hdev)->min_key_size = key_size;
3331 static const struct file_operations le_min_key_size_fops = {
3332 .open = simple_open,
3333 .read = le_min_key_size_read,
3334 .write = le_min_key_size_write,
3335 .llseek = default_llseek,
3338 static ssize_t le_max_key_size_read(struct file *file,
3339 char __user *user_buf,
3340 size_t count, loff_t *ppos)
3342 struct hci_dev *hdev = file->private_data;
3345 snprintf(buf, sizeof(buf), "%2u\n", SMP_DEV(hdev)->max_key_size);
3347 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3350 static ssize_t le_max_key_size_write(struct file *file,
3351 const char __user *user_buf,
3352 size_t count, loff_t *ppos)
3354 struct hci_dev *hdev = file->private_data;
3356 size_t buf_size = min(count, (sizeof(buf) - 1));
3359 if (copy_from_user(buf, user_buf, buf_size))
3362 buf[buf_size] = '\0';
3364 sscanf(buf, "%hhu", &key_size);
3366 if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3367 key_size < SMP_DEV(hdev)->min_key_size)
3370 SMP_DEV(hdev)->max_key_size = key_size;
3375 static const struct file_operations le_max_key_size_fops = {
3376 .open = simple_open,
3377 .read = le_max_key_size_read,
3378 .write = le_max_key_size_write,
3379 .llseek = default_llseek,
3382 int smp_register(struct hci_dev *hdev)
3384 struct l2cap_chan *chan;
3386 BT_DBG("%s", hdev->name);
3388 /* If the controller does not support Low Energy operation, then
3389 * there is also no need to register any SMP channel.
3391 if (!lmp_le_capable(hdev))
3394 if (WARN_ON(hdev->smp_data)) {
3395 chan = hdev->smp_data;
3396 hdev->smp_data = NULL;
3400 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
3402 return PTR_ERR(chan);
3404 hdev->smp_data = chan;
3406 debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3407 &le_min_key_size_fops);
3408 debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3409 &le_max_key_size_fops);
3411 /* If the controller does not support BR/EDR Secure Connections
3412 * feature, then the BR/EDR SMP channel shall not be present.
3414 * To test this with Bluetooth 4.0 controllers, create a debugfs
3415 * switch that allows forcing BR/EDR SMP support and accepting
3416 * cross-transport pairing on non-AES encrypted connections.
3418 if (!lmp_sc_capable(hdev)) {
3419 debugfs_create_file("force_bredr_smp", 0644, hdev->debugfs,
3420 hdev, &force_bredr_smp_fops);
3424 if (WARN_ON(hdev->smp_bredr_data)) {
3425 chan = hdev->smp_bredr_data;
3426 hdev->smp_bredr_data = NULL;
3430 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
3432 int err = PTR_ERR(chan);
3433 chan = hdev->smp_data;
3434 hdev->smp_data = NULL;
3439 hdev->smp_bredr_data = chan;
3444 void smp_unregister(struct hci_dev *hdev)
3446 struct l2cap_chan *chan;
3448 if (hdev->smp_bredr_data) {
3449 chan = hdev->smp_bredr_data;
3450 hdev->smp_bredr_data = NULL;
3454 if (hdev->smp_data) {
3455 chan = hdev->smp_data;
3456 hdev->smp_data = NULL;
3461 #if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
3463 static int __init test_ah(struct crypto_blkcipher *tfm_aes)
3465 const u8 irk[16] = {
3466 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3467 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3468 const u8 r[3] = { 0x94, 0x81, 0x70 };
3469 const u8 exp[3] = { 0xaa, 0xfb, 0x0d };
3473 err = smp_ah(tfm_aes, irk, r, res);
3477 if (memcmp(res, exp, 3))
3483 static int __init test_c1(struct crypto_blkcipher *tfm_aes)
3486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3489 0xe0, 0x2e, 0x70, 0xc6, 0x4e, 0x27, 0x88, 0x63,
3490 0x0e, 0x6f, 0xad, 0x56, 0x21, 0xd5, 0x83, 0x57 };
3491 const u8 preq[7] = { 0x01, 0x01, 0x00, 0x00, 0x10, 0x07, 0x07 };
3492 const u8 pres[7] = { 0x02, 0x03, 0x00, 0x00, 0x08, 0x00, 0x05 };
3493 const u8 _iat = 0x01;
3494 const u8 _rat = 0x00;
3495 const bdaddr_t ra = { { 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1 } };
3496 const bdaddr_t ia = { { 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1 } };
3497 const u8 exp[16] = {
3498 0x86, 0x3b, 0xf1, 0xbe, 0xc5, 0x4d, 0xa7, 0xd2,
3499 0xea, 0x88, 0x89, 0x87, 0xef, 0x3f, 0x1e, 0x1e };
3503 err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3507 if (memcmp(res, exp, 16))
3513 static int __init test_s1(struct crypto_blkcipher *tfm_aes)
3516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3519 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
3521 0x00, 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99 };
3522 const u8 exp[16] = {
3523 0x62, 0xa0, 0x6d, 0x79, 0xae, 0x16, 0x42, 0x5b,
3524 0x9b, 0xf4, 0xb0, 0xe8, 0xf0, 0xe1, 0x1f, 0x9a };
3528 err = smp_s1(tfm_aes, k, r1, r2, res);
3532 if (memcmp(res, exp, 16))
3538 static int __init test_f4(struct crypto_hash *tfm_cmac)
3541 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3542 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3543 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3544 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3546 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3547 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3548 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3549 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3551 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3552 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3554 const u8 exp[16] = {
3555 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
3556 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
3560 err = smp_f4(tfm_cmac, u, v, x, z, res);
3564 if (memcmp(res, exp, 16))
3570 static int __init test_f5(struct crypto_hash *tfm_cmac)
3573 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
3574 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
3575 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3576 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3578 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3579 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3581 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3582 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3583 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3584 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3585 const u8 exp_ltk[16] = {
3586 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05, 0x98,
3587 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79, 0x86, 0x69 };
3588 const u8 exp_mackey[16] = {
3589 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3590 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3591 u8 mackey[16], ltk[16];
3594 err = smp_f5(tfm_cmac, w, n1, n2, a1, a2, mackey, ltk);
3598 if (memcmp(mackey, exp_mackey, 16))
3601 if (memcmp(ltk, exp_ltk, 16))
3607 static int __init test_f6(struct crypto_hash *tfm_cmac)
3610 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
3611 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
3613 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3614 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3616 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3617 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3619 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
3620 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
3621 const u8 io_cap[3] = { 0x02, 0x01, 0x01 };
3622 const u8 a1[7] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56, 0x00 };
3623 const u8 a2[7] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7, 0x00 };
3624 const u8 exp[16] = {
3625 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
3626 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
3630 err = smp_f6(tfm_cmac, w, n1, n2, r, io_cap, a1, a2, res);
3634 if (memcmp(res, exp, 16))
3640 static int __init test_g2(struct crypto_hash *tfm_cmac)
3643 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
3644 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
3645 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
3646 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
3648 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
3649 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
3650 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
3651 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
3653 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
3654 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
3656 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
3657 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
3658 const u32 exp_val = 0x2f9ed5ba % 1000000;
3662 err = smp_g2(tfm_cmac, u, v, x, y, &val);
3672 static int __init test_h6(struct crypto_hash *tfm_cmac)
3675 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
3676 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
3677 const u8 key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
3678 const u8 exp[16] = {
3679 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
3680 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d };
3684 err = smp_h6(tfm_cmac, w, key_id, res);
3688 if (memcmp(res, exp, 16))
3694 static char test_smp_buffer[32];
3696 static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3697 size_t count, loff_t *ppos)
3699 return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3700 strlen(test_smp_buffer));
3703 static const struct file_operations test_smp_fops = {
3704 .open = simple_open,
3705 .read = test_smp_read,
3706 .llseek = default_llseek,
3709 static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3710 struct crypto_hash *tfm_cmac)
3712 ktime_t calltime, delta, rettime;
3713 unsigned long long duration;
3716 calltime = ktime_get();
3718 err = test_ah(tfm_aes);
3720 BT_ERR("smp_ah test failed");
3724 err = test_c1(tfm_aes);
3726 BT_ERR("smp_c1 test failed");
3730 err = test_s1(tfm_aes);
3732 BT_ERR("smp_s1 test failed");
3736 err = test_f4(tfm_cmac);
3738 BT_ERR("smp_f4 test failed");
3742 err = test_f5(tfm_cmac);
3744 BT_ERR("smp_f5 test failed");
3748 err = test_f6(tfm_cmac);
3750 BT_ERR("smp_f6 test failed");
3754 err = test_g2(tfm_cmac);
3756 BT_ERR("smp_g2 test failed");
3760 err = test_h6(tfm_cmac);
3762 BT_ERR("smp_h6 test failed");
3766 rettime = ktime_get();
3767 delta = ktime_sub(rettime, calltime);
3768 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
3770 BT_INFO("SMP test passed in %llu usecs", duration);
3774 snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3775 "PASS (%llu usecs)\n", duration);
3777 snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3779 debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3785 int __init bt_selftest_smp(void)
3787 struct crypto_blkcipher *tfm_aes;
3788 struct crypto_hash *tfm_cmac;
3791 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
3792 if (IS_ERR(tfm_aes)) {
3793 BT_ERR("Unable to create ECB crypto context");
3794 return PTR_ERR(tfm_aes);
3797 tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3798 if (IS_ERR(tfm_cmac)) {
3799 BT_ERR("Unable to create CMAC crypto context");
3800 crypto_free_blkcipher(tfm_aes);
3801 return PTR_ERR(tfm_cmac);
3804 err = run_selftests(tfm_aes, tfm_cmac);
3806 crypto_free_hash(tfm_cmac);
3807 crypto_free_blkcipher(tfm_aes);
projects / karo-tx-linux.git / blob