Lines Matching full:smp
36 #include "smp.h"
53 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) argument
101 u8 preq[7]; /* SMP Pairing Request */
102 u8 prsp[7]; /* SMP Pairing Response */
103 u8 prnd[16]; /* SMP Pairing Random (local) */
104 u8 rrnd[16]; /* SMP Pairing Random (remote) */
105 u8 pcnf[16]; /* SMP Pairing Confirm */
106 u8 tk[16]; /* SMP Temporary Key */
134 /* These debug key values are defined in the SMP section of the core
165 /* The following functions map to the LE SC SMP crypto functions
237 * the SMP section of the Bluetooth core specification. In ASCII in smp_f5()
371 /* The following functions map to the legacy SMP crypto functions e, c1,
541 struct smp_dev *smp; in smp_generate_oob() local
547 smp = chan->data; in smp_generate_oob()
551 err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk); in smp_generate_oob()
554 memcpy(smp->local_pk, debug_pk, 64); in smp_generate_oob()
555 smp->debug_key = true; in smp_generate_oob()
559 err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk); in smp_generate_oob()
566 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in smp_generate_oob()
569 smp->debug_key = false; in smp_generate_oob()
572 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk); in smp_generate_oob()
573 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32); in smp_generate_oob()
575 get_random_bytes(smp->local_rand, 16); in smp_generate_oob()
577 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk, in smp_generate_oob()
578 smp->local_rand, 0, hash); in smp_generate_oob()
582 memcpy(rand, smp->local_rand, 16); in smp_generate_oob()
584 smp->local_oob = true; in smp_generate_oob()
591 struct l2cap_chan *chan = conn->smp; in smp_send_cmd()
592 struct smp_chan *smp; in smp_send_cmd() local
616 smp = chan->data; in smp_send_cmd()
618 cancel_delayed_work_sync(&smp->security_timer); in smp_send_cmd()
619 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); in smp_send_cmd()
651 struct l2cap_chan *chan = conn->smp; in build_pairing_cmd()
652 struct smp_chan *smp = chan->data; in build_pairing_cmd() local
689 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags); in build_pairing_cmd()
691 memcpy(smp->rr, oob_data->rand256, 16); in build_pairing_cmd()
692 memcpy(smp->pcnf, oob_data->hash256, 16); in build_pairing_cmd()
693 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf); in build_pairing_cmd()
694 SMP_DBG("OOB Remote Random: %16phN", smp->rr); in build_pairing_cmd()
709 smp->remote_key_dist = remote_dist; in build_pairing_cmd()
720 smp->remote_key_dist = rsp->init_key_dist; in build_pairing_cmd()
725 struct l2cap_chan *chan = conn->smp; in check_enc_key_size()
727 struct smp_chan *smp = chan->data; in check_enc_key_size() local
737 smp->enc_key_size = max_key_size; in check_enc_key_size()
744 struct l2cap_chan *chan = conn->smp; in smp_chan_destroy()
745 struct smp_chan *smp = chan->data; in smp_chan_destroy() local
749 BUG_ON(!smp); in smp_chan_destroy()
751 cancel_delayed_work_sync(&smp->security_timer); in smp_chan_destroy()
753 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_chan_destroy()
756 kfree_sensitive(smp->csrk); in smp_chan_destroy()
757 kfree_sensitive(smp->responder_csrk); in smp_chan_destroy()
758 kfree_sensitive(smp->link_key); in smp_chan_destroy()
760 crypto_free_shash(smp->tfm_cmac); in smp_chan_destroy()
761 crypto_free_kpp(smp->tfm_ecdh); in smp_chan_destroy()
766 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG && in smp_chan_destroy()
768 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
769 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
770 smp->ltk = NULL; in smp_chan_destroy()
775 if (smp->ltk) { in smp_chan_destroy()
776 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
777 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
780 if (smp->responder_ltk) { in smp_chan_destroy()
781 list_del_rcu(&smp->responder_ltk->list); in smp_chan_destroy()
782 kfree_rcu(smp->responder_ltk, rcu); in smp_chan_destroy()
785 if (smp->remote_irk) { in smp_chan_destroy()
786 list_del_rcu(&smp->remote_irk->list); in smp_chan_destroy()
787 kfree_rcu(smp->remote_irk, rcu); in smp_chan_destroy()
792 kfree_sensitive(smp); in smp_chan_destroy()
799 struct l2cap_chan *chan = conn->smp; in smp_failure()
835 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) in get_auth_method() argument
844 if (test_bit(SMP_FLAG_SC, &smp->flags)) in get_auth_method()
854 struct l2cap_chan *chan = conn->smp; in tk_request()
855 struct smp_chan *smp = chan->data; in tk_request() local
860 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
861 clear_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
873 smp->method = JUST_CFM; in tk_request()
875 smp->method = get_auth_method(smp, local_io, remote_io); in tk_request()
878 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, in tk_request()
879 &smp->flags)) in tk_request()
880 smp->method = JUST_WORKS; in tk_request()
883 if (smp->method == JUST_CFM && in tk_request()
885 smp->method = JUST_WORKS; in tk_request()
889 if (smp->method == JUST_WORKS) { in tk_request()
896 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in tk_request()
903 if (test_bit(SMP_FLAG_SC, &smp->flags)) in tk_request()
907 if (smp->method != JUST_CFM) { in tk_request()
908 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); in tk_request()
916 if (smp->method == OVERLAP) { in tk_request()
917 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in tk_request()
918 smp->method = CFM_PASSKEY; in tk_request()
920 smp->method = REQ_PASSKEY; in tk_request()
924 if (smp->method == CFM_PASSKEY) { in tk_request()
925 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
928 put_unaligned_le32(passkey, smp->tk); in tk_request()
930 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
933 if (smp->method == REQ_PASSKEY) in tk_request()
936 else if (smp->method == JUST_CFM) in tk_request()
948 static u8 smp_confirm(struct smp_chan *smp) in smp_confirm() argument
950 struct l2cap_conn *conn = smp->conn; in smp_confirm()
956 ret = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp, in smp_confirm()
963 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_confirm()
965 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); in smp_confirm()
967 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_confirm()
968 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_confirm()
970 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_confirm()
975 static u8 smp_random(struct smp_chan *smp) in smp_random() argument
977 struct l2cap_conn *conn = smp->conn; in smp_random()
983 test_bit(SMP_FLAG_INITIATOR, &smp->flags) ? "initiator" : in smp_random()
986 ret = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp, in smp_random()
992 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) { in smp_random()
998 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_random()
1003 smp_s1(smp->tk, smp->rrnd, smp->prnd, stk); in smp_random()
1008 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size); in smp_random()
1009 hcon->enc_key_size = smp->enc_key_size; in smp_random()
1016 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_random()
1017 smp->prnd); in smp_random()
1019 smp_s1(smp->tk, smp->prnd, smp->rrnd, stk); in smp_random()
1021 auth = test_bit(SMP_FLAG_MITM_AUTH, &smp->flags) ? 1 : 0; in smp_random()
1028 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); in smp_random()
1036 struct l2cap_chan *chan = conn->smp; in smp_notify_keys()
1037 struct smp_chan *smp = chan->data; in smp_notify_keys() local
1040 struct smp_cmd_pairing *req = (void *) &smp->preq[1]; in smp_notify_keys()
1041 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; in smp_notify_keys()
1059 if (smp->remote_irk) { in smp_notify_keys()
1060 mgmt_new_irk(hdev, smp->remote_irk, persistent); in smp_notify_keys()
1067 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); in smp_notify_keys()
1068 hcon->dst_type = smp->remote_irk->addr_type; in smp_notify_keys()
1078 if (smp->csrk) { in smp_notify_keys()
1079 smp->csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1080 bacpy(&smp->csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1081 mgmt_new_csrk(hdev, smp->csrk, persistent); in smp_notify_keys()
1084 if (smp->responder_csrk) { in smp_notify_keys()
1085 smp->responder_csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1086 bacpy(&smp->responder_csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1087 mgmt_new_csrk(hdev, smp->responder_csrk, persistent); in smp_notify_keys()
1090 if (smp->ltk) { in smp_notify_keys()
1091 smp->ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1092 bacpy(&smp->ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1093 mgmt_new_ltk(hdev, smp->ltk, persistent); in smp_notify_keys()
1096 if (smp->responder_ltk) { in smp_notify_keys()
1097 smp->responder_ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1098 bacpy(&smp->responder_ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1099 mgmt_new_ltk(hdev, smp->responder_ltk, persistent); in smp_notify_keys()
1102 if (smp->link_key) { in smp_notify_keys()
1106 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in smp_notify_keys()
1113 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, in smp_notify_keys()
1114 smp->link_key, type, 0, &persistent); in smp_notify_keys()
1130 static void sc_add_ltk(struct smp_chan *smp) in sc_add_ltk() argument
1132 struct hci_conn *hcon = smp->conn->hcon; in sc_add_ltk()
1135 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in sc_add_ltk()
1145 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, in sc_add_ltk()
1146 key_type, auth, smp->tk, smp->enc_key_size, in sc_add_ltk()
1150 static void sc_generate_link_key(struct smp_chan *smp) in sc_generate_link_key() argument
1155 smp->link_key = kzalloc(16, GFP_KERNEL); in sc_generate_link_key()
1156 if (!smp->link_key) in sc_generate_link_key()
1159 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_link_key()
1163 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) { in sc_generate_link_key()
1164 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1165 smp->link_key = NULL; in sc_generate_link_key()
1172 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) { in sc_generate_link_key()
1173 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1174 smp->link_key = NULL; in sc_generate_link_key()
1179 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) { in sc_generate_link_key()
1180 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1181 smp->link_key = NULL; in sc_generate_link_key()
1186 static void smp_allow_key_dist(struct smp_chan *smp) in smp_allow_key_dist() argument
1192 if (smp->remote_key_dist & SMP_DIST_ENC_KEY) in smp_allow_key_dist()
1193 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO); in smp_allow_key_dist()
1194 else if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_allow_key_dist()
1195 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); in smp_allow_key_dist()
1196 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_allow_key_dist()
1197 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_allow_key_dist()
1200 static void sc_generate_ltk(struct smp_chan *smp) in sc_generate_ltk() argument
1204 struct hci_conn *hcon = smp->conn->hcon; in sc_generate_ltk()
1215 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_generate_ltk()
1217 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_ltk()
1221 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk)) in sc_generate_ltk()
1227 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk)) in sc_generate_ltk()
1231 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk)) in sc_generate_ltk()
1234 sc_add_ltk(smp); in sc_generate_ltk()
1237 static void smp_distribute_keys(struct smp_chan *smp) in smp_distribute_keys() argument
1240 struct l2cap_conn *conn = smp->conn; in smp_distribute_keys()
1247 rsp = (void *) &smp->prsp[1]; in smp_distribute_keys()
1250 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags) && in smp_distribute_keys()
1251 (smp->remote_key_dist & KEY_DIST_MASK)) { in smp_distribute_keys()
1252 smp_allow_key_dist(smp); in smp_distribute_keys()
1256 req = (void *) &smp->preq[1]; in smp_distribute_keys()
1258 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_distribute_keys()
1266 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_distribute_keys()
1268 sc_generate_link_key(smp); in smp_distribute_keys()
1270 sc_generate_ltk(smp); in smp_distribute_keys()
1290 get_random_bytes(enc.ltk, smp->enc_key_size); in smp_distribute_keys()
1291 memset(enc.ltk + smp->enc_key_size, 0, in smp_distribute_keys()
1292 sizeof(enc.ltk) - smp->enc_key_size); in smp_distribute_keys()
1302 smp->enc_key_size, ediv, rand); in smp_distribute_keys()
1303 smp->responder_ltk = ltk; in smp_distribute_keys()
1352 smp->responder_csrk = csrk; in smp_distribute_keys()
1360 if (smp->remote_key_dist & KEY_DIST_MASK) { in smp_distribute_keys()
1361 smp_allow_key_dist(smp); in smp_distribute_keys()
1365 set_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_distribute_keys()
1373 struct smp_chan *smp = container_of(work, struct smp_chan, in smp_timeout() local
1375 struct l2cap_conn *conn = smp->conn; in smp_timeout()
1385 struct l2cap_chan *chan = conn->smp; in smp_chan_create()
1386 struct smp_chan *smp; in smp_chan_create() local
1388 smp = kzalloc_obj(*smp, GFP_ATOMIC); in smp_chan_create()
1389 if (!smp) in smp_chan_create()
1392 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0); in smp_chan_create()
1393 if (IS_ERR(smp->tfm_cmac)) { in smp_chan_create()
1398 smp->tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0); in smp_chan_create()
1399 if (IS_ERR(smp->tfm_ecdh)) { in smp_chan_create()
1404 smp->conn = conn; in smp_chan_create()
1405 chan->data = smp; in smp_chan_create()
1407 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL); in smp_chan_create()
1409 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout); in smp_chan_create()
1413 return smp; in smp_chan_create()
1416 crypto_free_shash(smp->tfm_cmac); in smp_chan_create()
1418 kfree_sensitive(smp); in smp_chan_create()
1422 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16]) in sc_mackey_and_ltk() argument
1424 struct hci_conn *hcon = smp->conn->hcon; in sc_mackey_and_ltk()
1427 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_mackey_and_ltk()
1428 na = smp->prnd; in sc_mackey_and_ltk()
1429 nb = smp->rrnd; in sc_mackey_and_ltk()
1431 na = smp->rrnd; in sc_mackey_and_ltk()
1432 nb = smp->prnd; in sc_mackey_and_ltk()
1440 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk); in sc_mackey_and_ltk()
1443 static void sc_dhkey_check(struct smp_chan *smp) in sc_dhkey_check() argument
1445 struct hci_conn *hcon = smp->conn->hcon; in sc_dhkey_check()
1455 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_dhkey_check()
1458 memcpy(io_cap, &smp->preq[1], 3); in sc_dhkey_check()
1462 memcpy(io_cap, &smp->prsp[1], 3); in sc_dhkey_check()
1467 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_dhkey_check()
1470 if (smp->method == REQ_OOB) in sc_dhkey_check()
1471 memcpy(r, smp->rr, 16); in sc_dhkey_check()
1473 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap, in sc_dhkey_check()
1476 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check); in sc_dhkey_check()
1479 static u8 sc_passkey_send_confirm(struct smp_chan *smp) in sc_passkey_send_confirm() argument
1481 struct l2cap_conn *conn = smp->conn; in sc_passkey_send_confirm()
1486 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_send_confirm()
1489 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in sc_passkey_send_confirm()
1491 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r, in sc_passkey_send_confirm()
1500 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op) in sc_passkey_round() argument
1502 struct l2cap_conn *conn = smp->conn; in sc_passkey_round()
1508 if (smp->passkey_round >= 20) in sc_passkey_round()
1513 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_round()
1516 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in sc_passkey_round()
1517 smp->rrnd, r, cfm)) in sc_passkey_round()
1520 if (crypto_memneq(smp->pcnf, cfm, 16)) in sc_passkey_round()
1523 smp->passkey_round++; in sc_passkey_round()
1525 if (smp->passkey_round == 20) { in sc_passkey_round()
1527 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk)) in sc_passkey_round()
1534 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_passkey_round()
1536 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1537 if (smp->passkey_round == 20) in sc_passkey_round()
1538 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_passkey_round()
1540 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in sc_passkey_round()
1545 if (smp->passkey_round != 20) in sc_passkey_round()
1546 return sc_passkey_round(smp, 0); in sc_passkey_round()
1549 sc_dhkey_check(smp); in sc_passkey_round()
1550 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_passkey_round()
1555 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in sc_passkey_round()
1556 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in sc_passkey_round()
1560 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in sc_passkey_round()
1562 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_passkey_round()
1564 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1568 return sc_passkey_send_confirm(smp); in sc_passkey_round()
1573 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in sc_passkey_round()
1577 smp->passkey_round + 1); in sc_passkey_round()
1579 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in sc_passkey_round()
1581 return sc_passkey_send_confirm(smp); in sc_passkey_round()
1587 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey) in sc_user_reply() argument
1589 struct l2cap_conn *conn = smp->conn; in sc_user_reply()
1593 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags); in sc_user_reply()
1597 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED); in sc_user_reply()
1600 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED); in sc_user_reply()
1604 smp->passkey_round = 0; in sc_user_reply()
1606 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) in sc_user_reply()
1611 if (sc_passkey_round(smp, smp_op)) in sc_user_reply()
1618 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_user_reply()
1619 sc_dhkey_check(smp); in sc_user_reply()
1620 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_user_reply()
1621 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) { in sc_user_reply()
1622 sc_dhkey_check(smp); in sc_user_reply()
1623 sc_add_ltk(smp); in sc_user_reply()
1633 struct smp_chan *smp; in smp_user_confirm_reply() local
1642 chan = conn->smp; in smp_user_confirm_reply()
1652 smp = chan->data; in smp_user_confirm_reply()
1654 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_user_confirm_reply()
1655 err = sc_user_reply(smp, mgmt_op, passkey); in smp_user_confirm_reply()
1662 memset(smp->tk, 0, sizeof(smp->tk)); in smp_user_confirm_reply()
1664 put_unaligned_le32(value, smp->tk); in smp_user_confirm_reply()
1667 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in smp_user_confirm_reply()
1683 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { in smp_user_confirm_reply()
1684 u8 rsp = smp_confirm(smp); in smp_user_confirm_reply()
1694 static void build_bredr_pairing_cmd(struct smp_chan *smp, in build_bredr_pairing_cmd() argument
1698 struct l2cap_conn *conn = smp->conn; in build_bredr_pairing_cmd()
1721 smp->remote_key_dist = remote_dist; in build_bredr_pairing_cmd()
1733 smp->remote_key_dist = rsp->init_key_dist; in build_bredr_pairing_cmd()
1739 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_req()
1741 struct smp_chan *smp = chan->data; in smp_cmd_pairing_req() local
1750 if (smp && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_pairing_req()
1753 if (!smp) { in smp_cmd_pairing_req()
1754 smp = smp_chan_create(conn); in smp_cmd_pairing_req()
1755 if (!smp) in smp_cmd_pairing_req()
1769 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_cmd_pairing_req()
1770 memcpy(&smp->preq[1], req, sizeof(*req)); in smp_cmd_pairing_req()
1778 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_req()
1780 /* SMP over BR/EDR requires special treatment */ in smp_cmd_pairing_req()
1787 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1789 build_bredr_pairing_cmd(smp, req, &rsp); in smp_cmd_pairing_req()
1792 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1799 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1801 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1802 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1805 smp_distribute_keys(smp); in smp_cmd_pairing_req()
1812 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1815 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1830 method = get_auth_method(smp, conn->hcon->io_capability, in smp_cmd_pairing_req()
1844 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_req()
1846 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1847 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1851 clear_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_cmd_pairing_req()
1858 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_pairing_req()
1860 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_req()
1861 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_pairing_req()
1863 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1876 static u8 sc_send_public_key(struct smp_chan *smp) in sc_send_public_key() argument
1878 struct hci_dev *hdev = smp->conn->hcon->hdev; in sc_send_public_key()
1882 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in sc_send_public_key()
1891 memcpy(smp->local_pk, smp_dev->local_pk, 64); in sc_send_public_key()
1892 memcpy(smp->lr, smp_dev->local_rand, 16); in sc_send_public_key()
1895 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1902 if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk)) in sc_send_public_key()
1904 memcpy(smp->local_pk, debug_pk, 64); in sc_send_public_key()
1905 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1909 if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk)) in sc_send_public_key()
1915 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in sc_send_public_key()
1921 SMP_DBG("Local Public Key X: %32phN", smp->local_pk); in sc_send_public_key()
1922 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32); in sc_send_public_key()
1924 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); in sc_send_public_key()
1932 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_rsp()
1933 struct smp_chan *smp = chan->data; in smp_cmd_pairing_rsp() local
1943 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_pairing_rsp()
1948 req = (void *) &smp->preq[1]; in smp_cmd_pairing_rsp()
1964 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_rsp()
1966 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_rsp()
1967 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); in smp_cmd_pairing_rsp()
1972 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
1975 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_rsp()
1980 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
1981 smp_distribute_keys(smp); in smp_cmd_pairing_rsp()
1986 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_rsp()
1994 method = get_auth_method(smp, req->io_capability, in smp_cmd_pairing_rsp()
2000 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_rsp()
2005 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
2007 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_rsp()
2009 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
2010 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_pairing_rsp()
2011 return sc_send_public_key(smp); in smp_cmd_pairing_rsp()
2020 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_rsp()
2023 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_rsp()
2024 return smp_confirm(smp); in smp_cmd_pairing_rsp()
2029 static u8 sc_check_confirm(struct smp_chan *smp) in sc_check_confirm() argument
2031 struct l2cap_conn *conn = smp->conn; in sc_check_confirm()
2035 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_check_confirm()
2036 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM); in sc_check_confirm()
2038 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_check_confirm()
2039 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in sc_check_confirm()
2040 smp->prnd); in sc_check_confirm()
2041 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in sc_check_confirm()
2051 static int fixup_sc_false_positive(struct smp_chan *smp) in fixup_sc_false_positive() argument
2053 struct l2cap_conn *conn = smp->conn; in fixup_sc_false_positive()
2060 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in fixup_sc_false_positive()
2068 bt_dev_err(hdev, "trying to fall back to legacy SMP"); in fixup_sc_false_positive()
2070 req = (void *) &smp->preq[1]; in fixup_sc_false_positive()
2071 rsp = (void *) &smp->prsp[1]; in fixup_sc_false_positive()
2074 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist); in fixup_sc_false_positive()
2079 bt_dev_err(hdev, "failed to fall back to legacy SMP"); in fixup_sc_false_positive()
2083 clear_bit(SMP_FLAG_SC, &smp->flags); in fixup_sc_false_positive()
2090 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_confirm()
2091 struct smp_chan *smp = chan->data; in smp_cmd_pairing_confirm() local
2096 test_bit(SMP_FLAG_INITIATOR, &smp->flags) ? "initiator" : in smp_cmd_pairing_confirm()
2099 if (skb->len < sizeof(smp->pcnf)) in smp_cmd_pairing_confirm()
2102 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2103 skb_pull(skb, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2105 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_confirm()
2109 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags)) in smp_cmd_pairing_confirm()
2110 return sc_check_confirm(smp); in smp_cmd_pairing_confirm()
2112 bt_dev_err(hdev, "Unexpected SMP Pairing Confirm"); in smp_cmd_pairing_confirm()
2114 ret = fixup_sc_false_positive(smp); in smp_cmd_pairing_confirm()
2119 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_pairing_confirm()
2120 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_confirm()
2121 smp->prnd); in smp_cmd_pairing_confirm()
2122 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_pairing_confirm()
2126 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_confirm()
2127 return smp_confirm(smp); in smp_cmd_pairing_confirm()
2129 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_confirm()
2136 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_random()
2137 struct smp_chan *smp = chan->data; in smp_cmd_pairing_random() local
2145 if (skb->len < sizeof(smp->rrnd)) in smp_cmd_pairing_random()
2148 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2149 skb_pull(skb, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2151 if (!test_bit(SMP_FLAG_SC, &smp->flags)) in smp_cmd_pairing_random()
2152 return smp_random(smp); in smp_cmd_pairing_random()
2154 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_pairing_random()
2155 pkax = smp->local_pk; in smp_cmd_pairing_random()
2156 pkbx = smp->remote_pk; in smp_cmd_pairing_random()
2157 na = smp->prnd; in smp_cmd_pairing_random()
2158 nb = smp->rrnd; in smp_cmd_pairing_random()
2160 pkax = smp->remote_pk; in smp_cmd_pairing_random()
2161 pkbx = smp->local_pk; in smp_cmd_pairing_random()
2162 na = smp->rrnd; in smp_cmd_pairing_random()
2163 nb = smp->prnd; in smp_cmd_pairing_random()
2166 if (smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2167 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_pairing_random()
2169 sizeof(smp->prnd), smp->prnd); in smp_cmd_pairing_random()
2170 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2175 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_pairing_random()
2176 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_pairing_random()
2178 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_pairing_random()
2181 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in smp_cmd_pairing_random()
2182 smp->rrnd, 0, cfm); in smp_cmd_pairing_random()
2186 if (crypto_memneq(smp->pcnf, cfm, 16)) in smp_cmd_pairing_random()
2189 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_random()
2190 smp->prnd); in smp_cmd_pairing_random()
2191 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2196 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk); in smp_cmd_pairing_random()
2200 if (smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2201 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_pairing_random()
2202 sc_dhkey_check(smp); in smp_cmd_pairing_random()
2203 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2208 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey); in smp_cmd_pairing_random()
2217 confirm_hint = smp->method == JUST_WORKS ? 1 : 0; in smp_cmd_pairing_random()
2224 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_pairing_random()
2276 static void smp_send_pairing_req(struct smp_chan *smp, __u8 auth) in smp_send_pairing_req() argument
2280 if (smp->conn->hcon->type == ACL_LINK) in smp_send_pairing_req()
2281 build_bredr_pairing_cmd(smp, &cp, NULL); in smp_send_pairing_req()
2283 build_pairing_cmd(smp->conn, &cp, NULL, auth); in smp_send_pairing_req()
2285 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_send_pairing_req()
2286 memcpy(&smp->preq[1], &cp, sizeof(cp)); in smp_send_pairing_req()
2288 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); in smp_send_pairing_req()
2289 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); in smp_send_pairing_req()
2291 set_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_send_pairing_req()
2299 struct smp_chan *smp; in smp_cmd_security_req() local
2335 smp = smp_chan_create(conn); in smp_cmd_security_req()
2336 if (!smp) in smp_cmd_security_req()
2345 smp_send_pairing_req(smp, auth); in smp_cmd_security_req()
2350 static void smp_send_security_req(struct smp_chan *smp, __u8 auth) in smp_send_security_req() argument
2355 smp_send_cmd(smp->conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); in smp_send_security_req()
2356 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ); in smp_send_security_req()
2358 clear_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_send_security_req()
2365 struct smp_chan *smp; in smp_conn_security() local
2389 chan = conn->smp; in smp_conn_security()
2397 /* If SMP is already in progress ignore this request */ in smp_conn_security()
2403 smp = smp_chan_create(conn); in smp_conn_security()
2404 if (!smp) { in smp_conn_security()
2430 smp_send_pairing_req(smp, authreq); in smp_conn_security()
2432 smp_send_security_req(smp, authreq); in smp_conn_security()
2447 struct smp_chan *smp; in smp_cancel_and_remove_pairing() local
2461 chan = conn->smp; in smp_cancel_and_remove_pairing()
2467 smp = chan->data; in smp_cancel_and_remove_pairing()
2468 if (smp) { in smp_cancel_and_remove_pairing()
2471 smp->ltk = NULL; in smp_cancel_and_remove_pairing()
2472 smp->responder_ltk = NULL; in smp_cancel_and_remove_pairing()
2473 smp->remote_irk = NULL; in smp_cancel_and_remove_pairing()
2475 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags)) in smp_cancel_and_remove_pairing()
2491 struct l2cap_chan *chan = conn->smp; in smp_cmd_encrypt_info()
2492 struct smp_chan *smp = chan->data; in smp_cmd_encrypt_info() local
2508 SMP_ALLOW_CMD(smp, SMP_CMD_INITIATOR_IDENT); in smp_cmd_encrypt_info()
2512 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); in smp_cmd_encrypt_info()
2520 struct l2cap_chan *chan = conn->smp; in smp_cmd_initiator_ident()
2521 struct smp_chan *smp = chan->data; in smp_cmd_initiator_ident() local
2533 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; in smp_cmd_initiator_ident()
2535 if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_cmd_initiator_ident()
2536 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); in smp_cmd_initiator_ident()
2537 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_initiator_ident()
2538 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_cmd_initiator_ident()
2544 authenticated, smp->tk, smp->enc_key_size, in smp_cmd_initiator_ident()
2546 smp->ltk = ltk; in smp_cmd_initiator_ident()
2547 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_initiator_ident()
2548 smp_distribute_keys(smp); in smp_cmd_initiator_ident()
2556 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_info()
2557 struct smp_chan *smp = chan->data; in smp_cmd_ident_info() local
2573 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO); in smp_cmd_ident_info()
2577 memcpy(smp->irk, info->irk, 16); in smp_cmd_ident_info()
2586 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_addr_info()
2587 struct smp_chan *smp = chan->data; in smp_cmd_ident_addr_info() local
2597 smp->remote_key_dist &= ~SMP_DIST_ID_KEY; in smp_cmd_ident_addr_info()
2599 if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_ident_addr_info()
2600 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_cmd_ident_addr_info()
2633 bacpy(&smp->id_addr, &info->bdaddr); in smp_cmd_ident_addr_info()
2634 smp->id_addr_type = info->addr_type; in smp_cmd_ident_addr_info()
2641 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, in smp_cmd_ident_addr_info()
2642 smp->id_addr_type, smp->irk, &rpa); in smp_cmd_ident_addr_info()
2645 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_ident_addr_info()
2646 smp_distribute_keys(smp); in smp_cmd_ident_addr_info()
2654 struct l2cap_chan *chan = conn->smp; in smp_cmd_sign_info()
2655 struct smp_chan *smp = chan->data; in smp_cmd_sign_info() local
2664 smp->remote_key_dist &= ~SMP_DIST_SIGN; in smp_cmd_sign_info()
2676 smp->csrk = csrk; in smp_cmd_sign_info()
2677 smp_distribute_keys(smp); in smp_cmd_sign_info()
2682 static u8 sc_select_method(struct smp_chan *smp) in sc_select_method() argument
2687 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) || in sc_select_method()
2688 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) in sc_select_method()
2696 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in sc_select_method()
2697 local = (void *) &smp->preq[1]; in sc_select_method()
2698 remote = (void *) &smp->prsp[1]; in sc_select_method()
2700 local = (void *) &smp->prsp[1]; in sc_select_method()
2701 remote = (void *) &smp->preq[1]; in sc_select_method()
2714 method = get_auth_method(smp, local_io, remote_io); in sc_select_method()
2719 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in sc_select_method()
2729 struct l2cap_chan *chan = conn->smp; in smp_cmd_public_key()
2730 struct smp_chan *smp = chan->data; in smp_cmd_public_key() local
2744 if (!test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags) && in smp_cmd_public_key()
2745 !crypto_memneq(key, smp->local_pk, 64)) { in smp_cmd_public_key()
2750 memcpy(smp->remote_pk, key, 64); in smp_cmd_public_key()
2752 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) { in smp_cmd_public_key()
2753 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk, in smp_cmd_public_key()
2754 smp->rr, 0, cfm.confirm_val); in smp_cmd_public_key()
2758 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16)) in smp_cmd_public_key()
2765 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_public_key()
2766 err = sc_send_public_key(smp); in smp_cmd_public_key()
2771 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk); in smp_cmd_public_key()
2772 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32); in smp_cmd_public_key()
2777 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in smp_cmd_public_key()
2788 tfm_ecdh = smp->tfm_ecdh; in smp_cmd_public_key()
2791 if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey)) in smp_cmd_public_key()
2794 SMP_DBG("DHKey %32phN", smp->dhkey); in smp_cmd_public_key()
2796 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags); in smp_cmd_public_key()
2798 smp->method = sc_select_method(smp); in smp_cmd_public_key()
2800 bt_dev_dbg(hdev, "selected method 0x%02x", smp->method); in smp_cmd_public_key()
2803 if (smp->method == JUST_WORKS || smp->method == JUST_CFM) in smp_cmd_public_key()
2808 if (!crypto_memneq(debug_pk, smp->remote_pk, 64)) in smp_cmd_public_key()
2809 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in smp_cmd_public_key()
2811 if (smp->method == DSP_PASSKEY) { in smp_cmd_public_key()
2816 smp->passkey_round = 0; in smp_cmd_public_key()
2822 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2823 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_public_key()
2826 if (smp->method == REQ_OOB) { in smp_cmd_public_key()
2827 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_public_key()
2829 sizeof(smp->prnd), smp->prnd); in smp_cmd_public_key()
2831 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_public_key()
2836 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_public_key()
2837 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2839 if (smp->method == REQ_PASSKEY) { in smp_cmd_public_key()
2843 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2844 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_public_key()
2851 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in smp_cmd_public_key()
2854 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, in smp_cmd_public_key()
2860 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_public_key()
2868 struct l2cap_chan *chan = conn->smp; in smp_cmd_dhkey_check()
2870 struct smp_chan *smp = chan->data; in smp_cmd_dhkey_check() local
2885 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_dhkey_check()
2888 memcpy(io_cap, &smp->prsp[1], 3); in smp_cmd_dhkey_check()
2892 memcpy(io_cap, &smp->preq[1], 3); in smp_cmd_dhkey_check()
2897 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_dhkey_check()
2899 else if (smp->method == REQ_OOB) in smp_cmd_dhkey_check()
2900 memcpy(r, smp->lr, 16); in smp_cmd_dhkey_check()
2902 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, in smp_cmd_dhkey_check()
2910 if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_dhkey_check()
2911 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in smp_cmd_dhkey_check()
2912 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags); in smp_cmd_dhkey_check()
2917 sc_dhkey_check(smp); in smp_cmd_dhkey_check()
2920 sc_add_ltk(smp); in smp_cmd_dhkey_check()
2922 if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) { in smp_cmd_dhkey_check()
2923 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size); in smp_cmd_dhkey_check()
2924 hcon->enc_key_size = smp->enc_key_size; in smp_cmd_dhkey_check()
2944 struct smp_chan *smp; in smp_sig_channel() local
2959 smp = chan->data; in smp_sig_channel()
2964 if (smp && !test_and_clear_bit(code, &smp->allow_cmd)) { in smp_sig_channel()
2987 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ) in smp_sig_channel()
3064 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR", in smp_sig_channel()
3079 conn->smp = NULL; in smp_teardown_cb()
3088 struct smp_chan *smp; in bredr_pairing() local
3100 /* Only initiator may initiate SMP over BR/EDR */ in bredr_pairing()
3108 /* BR/EDR must use Secure Connections for SMP */ in bredr_pairing()
3121 /* Remote must support SMP fixed chan for BR/EDR */ in bredr_pairing()
3125 /* Don't bother if SMP is already ongoing */ in bredr_pairing()
3129 smp = smp_chan_create(conn); in bredr_pairing()
3130 if (!smp) { in bredr_pairing()
3131 bt_dev_err(hdev, "unable to create SMP context for BR/EDR"); in bredr_pairing()
3135 set_bit(SMP_FLAG_SC, &smp->flags); in bredr_pairing()
3137 bt_dev_dbg(hdev, "starting SMP over BR/EDR"); in bredr_pairing()
3139 smp_send_pairing_req(smp, 0x00); in bredr_pairing()
3144 struct smp_chan *smp = chan->data; in smp_resume_cb() local
3155 if (!smp) in smp_resume_cb()
3161 cancel_delayed_work(&smp->security_timer); in smp_resume_cb()
3163 smp_distribute_keys(smp); in smp_resume_cb()
3179 conn->smp = chan; in smp_ready_cb()
3193 struct smp_chan *smp = chan->data; in smp_recv_cb() local
3195 if (smp) in smp_recv_cb()
3196 cancel_delayed_work_sync(&smp->security_timer); in smp_recv_cb()
3255 /* Other L2CAP channels may request SMP routines in order to in smp_new_conn_cb()
3256 * change the security level. This means that the SMP channel in smp_new_conn_cb()
3288 struct smp_dev *smp; in smp_add_cid() local
3293 smp = NULL; in smp_add_cid()
3297 smp = kzalloc_obj(*smp); in smp_add_cid()
3298 if (!smp) in smp_add_cid()
3304 kfree_sensitive(smp); in smp_add_cid()
3312 kfree_sensitive(smp); in smp_add_cid()
3316 smp->local_oob = false; in smp_add_cid()
3317 smp->tfm_cmac = tfm_cmac; in smp_add_cid()
3318 smp->tfm_ecdh = tfm_ecdh; in smp_add_cid()
3323 if (smp) { in smp_add_cid()
3324 crypto_free_shash(smp->tfm_cmac); in smp_add_cid()
3325 crypto_free_kpp(smp->tfm_ecdh); in smp_add_cid()
3326 kfree_sensitive(smp); in smp_add_cid()
3331 chan->data = smp; in smp_add_cid()
3364 struct smp_dev *smp; in smp_del_chan() local
3368 smp = chan->data; in smp_del_chan()
3369 if (smp) { in smp_del_chan()
3371 crypto_free_shash(smp->tfm_cmac); in smp_del_chan()
3372 crypto_free_kpp(smp->tfm_ecdh); in smp_del_chan()
3373 kfree_sensitive(smp); in smp_del_chan()
3412 * there is also no need to register any SMP channel. in smp_register()
3806 BT_INFO("SMP test passed in %llu usecs", duration); in run_selftests()