Lines Matching +full:y +full:- +full:rp
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
40 ((struct smp_dev *)((struct l2cap_chan *)((hdev)->smp_data))->data)
42 /* Low-level debug macros to be used for stuff that we don't want
54 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
163 dst[len - 1 - i] = src[i]; in swap_buf()
167 * AES-CMAC, f4, f5, f6, g2 and h6.
177 return -EFBIG; in aes_cmac()
181 return -EINVAL; in aes_cmac()
315 const u8 x[16], const u8 y[16], u32 *val) in smp_g2()
322 SMP_DBG("x %16phN y %16phN", x, y); in smp_g2()
324 memcpy(m, y, 16); in smp_g2()
501 struct l2cap_chan *chan = hdev->smp_data; in smp_irk_matches()
505 if (!chan || !chan->data) in smp_irk_matches()
510 err = smp_ah(irk, &bdaddr->b[3], hash); in smp_irk_matches()
514 return !crypto_memneq(bdaddr->b, hash, 3); in smp_irk_matches()
519 struct l2cap_chan *chan = hdev->smp_data; in smp_generate_rpa()
522 if (!chan || !chan->data) in smp_generate_rpa()
523 return -EOPNOTSUPP; in smp_generate_rpa()
525 get_random_bytes(&rpa->b[3], 3); in smp_generate_rpa()
527 rpa->b[5] &= 0x3f; /* Clear two most significant bits */ in smp_generate_rpa()
528 rpa->b[5] |= 0x40; /* Set second most significant bit */ in smp_generate_rpa()
530 err = smp_ah(irk, &rpa->b[3], rpa->b); in smp_generate_rpa()
541 struct l2cap_chan *chan = hdev->smp_data; in smp_generate_oob()
545 if (!chan || !chan->data) in smp_generate_oob()
546 return -EOPNOTSUPP; in smp_generate_oob()
548 smp = chan->data; in smp_generate_oob()
552 err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk); in smp_generate_oob()
555 memcpy(smp->local_pk, debug_pk, 64); in smp_generate_oob()
556 smp->debug_key = true; in smp_generate_oob()
560 err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk); in smp_generate_oob()
567 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in smp_generate_oob()
570 smp->debug_key = false; in smp_generate_oob()
573 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk); in smp_generate_oob()
574 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32); in smp_generate_oob()
576 get_random_bytes(smp->local_rand, 16); in smp_generate_oob()
578 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk, in smp_generate_oob()
579 smp->local_rand, 0, hash); in smp_generate_oob()
583 memcpy(rand, smp->local_rand, 16); in smp_generate_oob()
585 smp->local_oob = true; in smp_generate_oob()
592 struct l2cap_chan *chan = conn->smp; in smp_send_cmd()
600 bt_dev_dbg(conn->hcon->hdev, "code 0x%2.2x", code); in smp_send_cmd()
614 if (!chan->data) in smp_send_cmd()
617 smp = chan->data; in smp_send_cmd()
619 cancel_delayed_work_sync(&smp->security_timer); in smp_send_cmd()
620 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); in smp_send_cmd()
652 struct l2cap_chan *chan = conn->smp; in build_pairing_cmd()
653 struct smp_chan *smp = chan->data; in build_pairing_cmd()
654 struct hci_conn *hcon = conn->hcon; in build_pairing_cmd()
655 struct hci_dev *hdev = hcon->hdev; in build_pairing_cmd()
682 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC) in build_pairing_cmd()
687 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst, in build_pairing_cmd()
689 if (oob_data && oob_data->present) { in build_pairing_cmd()
690 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags); in build_pairing_cmd()
692 memcpy(smp->rr, oob_data->rand256, 16); in build_pairing_cmd()
693 memcpy(smp->pcnf, oob_data->hash256, 16); in build_pairing_cmd()
694 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf); in build_pairing_cmd()
695 SMP_DBG("OOB Remote Random: %16phN", smp->rr); in build_pairing_cmd()
703 req->io_capability = conn->hcon->io_capability; in build_pairing_cmd()
704 req->oob_flag = oob_flag; in build_pairing_cmd()
705 req->max_key_size = hdev->le_max_key_size; in build_pairing_cmd()
706 req->init_key_dist = local_dist; in build_pairing_cmd()
707 req->resp_key_dist = remote_dist; in build_pairing_cmd()
708 req->auth_req = (authreq & AUTH_REQ_MASK(hdev)); in build_pairing_cmd()
710 smp->remote_key_dist = remote_dist; in build_pairing_cmd()
714 rsp->io_capability = conn->hcon->io_capability; in build_pairing_cmd()
715 rsp->oob_flag = oob_flag; in build_pairing_cmd()
716 rsp->max_key_size = hdev->le_max_key_size; in build_pairing_cmd()
717 rsp->init_key_dist = req->init_key_dist & remote_dist; in build_pairing_cmd()
718 rsp->resp_key_dist = req->resp_key_dist & local_dist; in build_pairing_cmd()
719 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev)); in build_pairing_cmd()
721 smp->remote_key_dist = rsp->init_key_dist; in build_pairing_cmd()
726 struct l2cap_chan *chan = conn->smp; in check_enc_key_size()
727 struct hci_dev *hdev = conn->hcon->hdev; in check_enc_key_size()
728 struct smp_chan *smp = chan->data; in check_enc_key_size()
730 if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS && in check_enc_key_size()
734 if (max_key_size > hdev->le_max_key_size || in check_enc_key_size()
738 smp->enc_key_size = max_key_size; in check_enc_key_size()
745 struct l2cap_chan *chan = conn->smp; in smp_chan_destroy()
746 struct smp_chan *smp = chan->data; in smp_chan_destroy()
747 struct hci_conn *hcon = conn->hcon; in smp_chan_destroy()
752 cancel_delayed_work_sync(&smp->security_timer); in smp_chan_destroy()
754 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_chan_destroy()
757 kfree_sensitive(smp->csrk); in smp_chan_destroy()
758 kfree_sensitive(smp->responder_csrk); in smp_chan_destroy()
759 kfree_sensitive(smp->link_key); in smp_chan_destroy()
761 crypto_free_shash(smp->tfm_cmac); in smp_chan_destroy()
762 crypto_free_kpp(smp->tfm_ecdh); in smp_chan_destroy()
767 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG && in smp_chan_destroy()
768 !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) { in smp_chan_destroy()
769 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
770 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
771 smp->ltk = NULL; in smp_chan_destroy()
776 if (smp->ltk) { in smp_chan_destroy()
777 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
778 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
781 if (smp->responder_ltk) { in smp_chan_destroy()
782 list_del_rcu(&smp->responder_ltk->list); in smp_chan_destroy()
783 kfree_rcu(smp->responder_ltk, rcu); in smp_chan_destroy()
786 if (smp->remote_irk) { in smp_chan_destroy()
787 list_del_rcu(&smp->remote_irk->list); in smp_chan_destroy()
788 kfree_rcu(smp->remote_irk, rcu); in smp_chan_destroy()
792 chan->data = NULL; in smp_chan_destroy()
799 struct hci_conn *hcon = conn->hcon; in smp_failure()
800 struct l2cap_chan *chan = conn->smp; in smp_failure()
808 if (chan->data) in smp_failure()
845 if (test_bit(SMP_FLAG_SC, &smp->flags)) in get_auth_method()
854 struct hci_conn *hcon = conn->hcon; in tk_request()
855 struct l2cap_chan *chan = conn->smp; in tk_request()
856 struct smp_chan *smp = chan->data; in tk_request()
861 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
862 clear_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
864 bt_dev_dbg(hcon->hdev, "auth:%u lcl:%u rem:%u", auth, local_io, in tk_request()
868 * request or use just-works for outgoing ones. The JUST_CFM in tk_request()
874 smp->method = JUST_CFM; in tk_request()
876 smp->method = get_auth_method(smp, local_io, remote_io); in tk_request()
879 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, in tk_request()
880 &smp->flags)) in tk_request()
881 smp->method = JUST_WORKS; in tk_request()
884 if (smp->method == JUST_CFM && in tk_request()
885 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) in tk_request()
886 smp->method = JUST_WORKS; in tk_request()
888 /* If Just Works, Continue with Zero TK and ask user-space for in tk_request()
890 if (smp->method == JUST_WORKS) { in tk_request()
891 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, in tk_request()
892 hcon->type, in tk_request()
893 hcon->dst_type, in tk_request()
897 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in tk_request()
901 /* If this function is used for SC -> legacy fallback we in tk_request()
902 * can only recover the just-works case. in tk_request()
904 if (test_bit(SMP_FLAG_SC, &smp->flags)) in tk_request()
905 return -EINVAL; in tk_request()
908 if (smp->method != JUST_CFM) { in tk_request()
909 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); in tk_request()
910 if (hcon->pending_sec_level < BT_SECURITY_HIGH) in tk_request()
911 hcon->pending_sec_level = BT_SECURITY_HIGH; in tk_request()
914 /* If both devices have Keyboard-Display I/O, the initiator in tk_request()
917 if (smp->method == OVERLAP) { in tk_request()
918 if (hcon->role == HCI_ROLE_MASTER) in tk_request()
919 smp->method = CFM_PASSKEY; in tk_request()
921 smp->method = REQ_PASSKEY; in tk_request()
925 if (smp->method == CFM_PASSKEY) { in tk_request()
926 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
929 put_unaligned_le32(passkey, smp->tk); in tk_request()
930 bt_dev_dbg(hcon->hdev, "PassKey: %u", passkey); in tk_request()
931 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
934 if (smp->method == REQ_PASSKEY) in tk_request()
935 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, in tk_request()
936 hcon->type, hcon->dst_type); in tk_request()
937 else if (smp->method == JUST_CFM) in tk_request()
938 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, in tk_request()
939 hcon->type, hcon->dst_type, in tk_request()
942 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst, in tk_request()
943 hcon->type, hcon->dst_type, in tk_request()
951 struct l2cap_conn *conn = smp->conn; in smp_confirm()
955 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn); in smp_confirm()
957 ret = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp, in smp_confirm()
958 conn->hcon->init_addr_type, &conn->hcon->init_addr, in smp_confirm()
959 conn->hcon->resp_addr_type, &conn->hcon->resp_addr, in smp_confirm()
964 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_confirm()
966 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); in smp_confirm()
968 if (conn->hcon->out) in smp_confirm()
978 struct l2cap_conn *conn = smp->conn; in smp_random()
979 struct hci_conn *hcon = conn->hcon; in smp_random()
983 bt_dev_dbg(conn->hcon->hdev, "conn %p %s", conn, in smp_random()
984 conn->hcon->out ? "initiator" : "responder"); in smp_random()
986 ret = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp, in smp_random()
987 hcon->init_addr_type, &hcon->init_addr, in smp_random()
988 hcon->resp_addr_type, &hcon->resp_addr, confirm); in smp_random()
992 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) { in smp_random()
993 bt_dev_err(hcon->hdev, "pairing failed " in smp_random()
998 if (hcon->out) { in smp_random()
1003 smp_s1(smp->tk, smp->rrnd, smp->prnd, stk); in smp_random()
1005 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) in smp_random()
1008 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size); in smp_random()
1009 hcon->enc_key_size = smp->enc_key_size; in smp_random()
1010 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); in smp_random()
1016 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_random()
1017 smp->prnd); in smp_random()
1019 smp_s1(smp->tk, smp->prnd, smp->rrnd, stk); in smp_random()
1021 if (hcon->pending_sec_level == BT_SECURITY_HIGH) in smp_random()
1030 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, in smp_random()
1031 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); in smp_random()
1039 struct l2cap_chan *chan = conn->smp; in smp_notify_keys()
1040 struct smp_chan *smp = chan->data; in smp_notify_keys()
1041 struct hci_conn *hcon = conn->hcon; in smp_notify_keys()
1042 struct hci_dev *hdev = hcon->hdev; in smp_notify_keys()
1043 struct smp_cmd_pairing *req = (void *) &smp->preq[1]; in smp_notify_keys()
1044 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; in smp_notify_keys()
1047 if (hcon->type == ACL_LINK) { in smp_notify_keys()
1048 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION) in smp_notify_keys()
1052 &hcon->flags); in smp_notify_keys()
1058 persistent = !!((req->auth_req & rsp->auth_req) & in smp_notify_keys()
1062 if (smp->remote_irk) { in smp_notify_keys()
1063 mgmt_new_irk(hdev, smp->remote_irk, persistent); in smp_notify_keys()
1069 if (hcon->type == LE_LINK) { in smp_notify_keys()
1070 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); in smp_notify_keys()
1071 hcon->dst_type = smp->remote_irk->addr_type; in smp_notify_keys()
1075 queue_delayed_work(hdev->workqueue, in smp_notify_keys()
1076 &conn->id_addr_timer, in smp_notify_keys()
1081 if (smp->csrk) { in smp_notify_keys()
1082 smp->csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1083 bacpy(&smp->csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1084 mgmt_new_csrk(hdev, smp->csrk, persistent); in smp_notify_keys()
1087 if (smp->responder_csrk) { in smp_notify_keys()
1088 smp->responder_csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1089 bacpy(&smp->responder_csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1090 mgmt_new_csrk(hdev, smp->responder_csrk, persistent); in smp_notify_keys()
1093 if (smp->ltk) { in smp_notify_keys()
1094 smp->ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1095 bacpy(&smp->ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1096 mgmt_new_ltk(hdev, smp->ltk, persistent); in smp_notify_keys()
1099 if (smp->responder_ltk) { in smp_notify_keys()
1100 smp->responder_ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1101 bacpy(&smp->responder_ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1102 mgmt_new_ltk(hdev, smp->responder_ltk, persistent); in smp_notify_keys()
1105 if (smp->link_key) { in smp_notify_keys()
1109 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in smp_notify_keys()
1111 else if (hcon->sec_level == BT_SECURITY_FIPS) in smp_notify_keys()
1116 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, in smp_notify_keys()
1117 smp->link_key, type, 0, &persistent); in smp_notify_keys()
1125 key->type == HCI_LK_DEBUG_COMBINATION) { in smp_notify_keys()
1126 list_del_rcu(&key->list); in smp_notify_keys()
1135 struct hci_conn *hcon = smp->conn->hcon; in sc_add_ltk()
1138 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in sc_add_ltk()
1143 if (hcon->pending_sec_level == BT_SECURITY_FIPS) in sc_add_ltk()
1148 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, in sc_add_ltk()
1149 key_type, auth, smp->tk, smp->enc_key_size, in sc_add_ltk()
1158 smp->link_key = kzalloc(16, GFP_KERNEL); in sc_generate_link_key()
1159 if (!smp->link_key) in sc_generate_link_key()
1162 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_link_key()
1166 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) { in sc_generate_link_key()
1167 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1168 smp->link_key = NULL; in sc_generate_link_key()
1175 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) { in sc_generate_link_key()
1176 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1177 smp->link_key = NULL; in sc_generate_link_key()
1182 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) { in sc_generate_link_key()
1183 kfree_sensitive(smp->link_key); in sc_generate_link_key()
1184 smp->link_key = NULL; in sc_generate_link_key()
1195 if (smp->remote_key_dist & SMP_DIST_ENC_KEY) in smp_allow_key_dist()
1197 else if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_allow_key_dist()
1199 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_allow_key_dist()
1207 struct hci_conn *hcon = smp->conn->hcon; in sc_generate_ltk()
1208 struct hci_dev *hdev = hcon->hdev; in sc_generate_ltk()
1211 key = hci_find_link_key(hdev, &hcon->dst); in sc_generate_ltk()
1217 if (key->type == HCI_LK_DEBUG_COMBINATION) in sc_generate_ltk()
1218 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_generate_ltk()
1220 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_ltk()
1224 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk)) in sc_generate_ltk()
1230 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk)) in sc_generate_ltk()
1234 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk)) in sc_generate_ltk()
1243 struct l2cap_conn *conn = smp->conn; in smp_distribute_keys()
1244 struct hci_conn *hcon = conn->hcon; in smp_distribute_keys()
1245 struct hci_dev *hdev = hcon->hdev; in smp_distribute_keys()
1250 rsp = (void *) &smp->prsp[1]; in smp_distribute_keys()
1253 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) { in smp_distribute_keys()
1258 req = (void *) &smp->preq[1]; in smp_distribute_keys()
1260 if (hcon->out) { in smp_distribute_keys()
1261 keydist = &rsp->init_key_dist; in smp_distribute_keys()
1262 *keydist &= req->init_key_dist; in smp_distribute_keys()
1264 keydist = &rsp->resp_key_dist; in smp_distribute_keys()
1265 *keydist &= req->resp_key_dist; in smp_distribute_keys()
1268 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_distribute_keys()
1269 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY)) in smp_distribute_keys()
1271 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY)) in smp_distribute_keys()
1292 get_random_bytes(enc.ltk, smp->enc_key_size); in smp_distribute_keys()
1293 memset(enc.ltk + smp->enc_key_size, 0, in smp_distribute_keys()
1294 sizeof(enc.ltk) - smp->enc_key_size); in smp_distribute_keys()
1301 authenticated = hcon->sec_level == BT_SECURITY_HIGH; in smp_distribute_keys()
1302 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, in smp_distribute_keys()
1304 smp->enc_key_size, ediv, rand); in smp_distribute_keys()
1305 smp->responder_ltk = ltk; in smp_distribute_keys()
1320 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk)); in smp_distribute_keys()
1330 bacpy(&addrinfo.bdaddr, &hcon->src); in smp_distribute_keys()
1331 addrinfo.addr_type = hcon->src_type; in smp_distribute_keys()
1348 if (hcon->sec_level > BT_SECURITY_MEDIUM) in smp_distribute_keys()
1349 csrk->type = MGMT_CSRK_LOCAL_AUTHENTICATED; in smp_distribute_keys()
1351 csrk->type = MGMT_CSRK_LOCAL_UNAUTHENTICATED; in smp_distribute_keys()
1352 memcpy(csrk->val, sign.csrk, sizeof(csrk->val)); in smp_distribute_keys()
1354 smp->responder_csrk = csrk; in smp_distribute_keys()
1362 if (smp->remote_key_dist & KEY_DIST_MASK) { in smp_distribute_keys()
1367 set_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_distribute_keys()
1377 struct l2cap_conn *conn = smp->conn; in smp_timeout()
1379 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn); in smp_timeout()
1381 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM); in smp_timeout()
1386 struct hci_conn *hcon = conn->hcon; in smp_chan_create()
1387 struct l2cap_chan *chan = conn->smp; in smp_chan_create()
1394 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0); in smp_chan_create()
1395 if (IS_ERR(smp->tfm_cmac)) { in smp_chan_create()
1396 bt_dev_err(hcon->hdev, "Unable to create CMAC crypto context"); in smp_chan_create()
1400 smp->tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0); in smp_chan_create()
1401 if (IS_ERR(smp->tfm_ecdh)) { in smp_chan_create()
1402 bt_dev_err(hcon->hdev, "Unable to create ECDH crypto context"); in smp_chan_create()
1406 smp->conn = conn; in smp_chan_create()
1407 chan->data = smp; in smp_chan_create()
1411 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout); in smp_chan_create()
1418 crypto_free_shash(smp->tfm_cmac); in smp_chan_create()
1426 struct hci_conn *hcon = smp->conn->hcon; in sc_mackey_and_ltk()
1429 if (hcon->out) { in sc_mackey_and_ltk()
1430 na = smp->prnd; in sc_mackey_and_ltk()
1431 nb = smp->rrnd; in sc_mackey_and_ltk()
1433 na = smp->rrnd; in sc_mackey_and_ltk()
1434 nb = smp->prnd; in sc_mackey_and_ltk()
1437 memcpy(a, &hcon->init_addr, 6); in sc_mackey_and_ltk()
1438 memcpy(b, &hcon->resp_addr, 6); in sc_mackey_and_ltk()
1439 a[6] = hcon->init_addr_type; in sc_mackey_and_ltk()
1440 b[6] = hcon->resp_addr_type; in sc_mackey_and_ltk()
1442 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk); in sc_mackey_and_ltk()
1447 struct hci_conn *hcon = smp->conn->hcon; in sc_dhkey_check()
1452 memcpy(a, &hcon->init_addr, 6); in sc_dhkey_check()
1453 memcpy(b, &hcon->resp_addr, 6); in sc_dhkey_check()
1454 a[6] = hcon->init_addr_type; in sc_dhkey_check()
1455 b[6] = hcon->resp_addr_type; in sc_dhkey_check()
1457 if (hcon->out) { in sc_dhkey_check()
1460 memcpy(io_cap, &smp->preq[1], 3); in sc_dhkey_check()
1464 memcpy(io_cap, &smp->prsp[1], 3); in sc_dhkey_check()
1469 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_dhkey_check()
1470 put_unaligned_le32(hcon->passkey_notify, r); in sc_dhkey_check()
1472 if (smp->method == REQ_OOB) in sc_dhkey_check()
1473 memcpy(r, smp->rr, 16); in sc_dhkey_check()
1475 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap, in sc_dhkey_check()
1478 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check); in sc_dhkey_check()
1483 struct l2cap_conn *conn = smp->conn; in sc_passkey_send_confirm()
1484 struct hci_conn *hcon = conn->hcon; in sc_passkey_send_confirm()
1488 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_send_confirm()
1491 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in sc_passkey_send_confirm()
1493 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r, in sc_passkey_send_confirm()
1504 struct l2cap_conn *conn = smp->conn; in sc_passkey_round()
1505 struct hci_conn *hcon = conn->hcon; in sc_passkey_round()
1506 struct hci_dev *hdev = hcon->hdev; in sc_passkey_round()
1509 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */ in sc_passkey_round()
1510 if (smp->passkey_round >= 20) in sc_passkey_round()
1515 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_round()
1518 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in sc_passkey_round()
1519 smp->rrnd, r, cfm)) in sc_passkey_round()
1522 if (crypto_memneq(smp->pcnf, cfm, 16)) in sc_passkey_round()
1525 smp->passkey_round++; in sc_passkey_round()
1527 if (smp->passkey_round == 20) { in sc_passkey_round()
1529 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk)) in sc_passkey_round()
1536 if (!hcon->out) { in sc_passkey_round()
1538 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1539 if (smp->passkey_round == 20) in sc_passkey_round()
1547 if (smp->passkey_round != 20) in sc_passkey_round()
1550 /* Passkey rounds are complete - start DHKey Check */ in sc_passkey_round()
1557 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in sc_passkey_round()
1558 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in sc_passkey_round()
1564 if (hcon->out) { in sc_passkey_round()
1566 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1575 if (!hcon->out) in sc_passkey_round()
1579 smp->passkey_round + 1); in sc_passkey_round()
1591 struct l2cap_conn *conn = smp->conn; in sc_user_reply()
1592 struct hci_conn *hcon = conn->hcon; in sc_user_reply()
1595 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags); in sc_user_reply()
1599 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED); in sc_user_reply()
1602 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED); in sc_user_reply()
1605 hcon->passkey_notify = le32_to_cpu(passkey); in sc_user_reply()
1606 smp->passkey_round = 0; in sc_user_reply()
1608 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) in sc_user_reply()
1614 return -EIO; in sc_user_reply()
1620 if (hcon->out) { in sc_user_reply()
1623 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) { in sc_user_reply()
1633 struct l2cap_conn *conn = hcon->l2cap_data; in smp_user_confirm_reply()
1640 return -ENOTCONN; in smp_user_confirm_reply()
1642 bt_dev_dbg(conn->hcon->hdev, ""); in smp_user_confirm_reply()
1644 chan = conn->smp; in smp_user_confirm_reply()
1646 return -ENOTCONN; in smp_user_confirm_reply()
1649 if (!chan->data) { in smp_user_confirm_reply()
1650 err = -ENOTCONN; in smp_user_confirm_reply()
1654 smp = chan->data; in smp_user_confirm_reply()
1656 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_user_confirm_reply()
1664 memset(smp->tk, 0, sizeof(smp->tk)); in smp_user_confirm_reply()
1665 bt_dev_dbg(conn->hcon->hdev, "PassKey: %u", value); in smp_user_confirm_reply()
1666 put_unaligned_le32(value, smp->tk); in smp_user_confirm_reply()
1669 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in smp_user_confirm_reply()
1678 err = -EOPNOTSUPP; in smp_user_confirm_reply()
1685 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { in smp_user_confirm_reply()
1700 struct l2cap_conn *conn = smp->conn; in build_bredr_pairing_cmd()
1701 struct hci_dev *hdev = conn->hcon->hdev; in build_bredr_pairing_cmd()
1718 req->auth_req = SMP_AUTH_CT2; in build_bredr_pairing_cmd()
1719 req->init_key_dist = local_dist; in build_bredr_pairing_cmd()
1720 req->resp_key_dist = remote_dist; in build_bredr_pairing_cmd()
1721 req->max_key_size = conn->hcon->enc_key_size; in build_bredr_pairing_cmd()
1723 smp->remote_key_dist = remote_dist; in build_bredr_pairing_cmd()
1730 rsp->auth_req = SMP_AUTH_CT2; in build_bredr_pairing_cmd()
1731 rsp->max_key_size = conn->hcon->enc_key_size; in build_bredr_pairing_cmd()
1732 rsp->init_key_dist = req->init_key_dist & remote_dist; in build_bredr_pairing_cmd()
1733 rsp->resp_key_dist = req->resp_key_dist & local_dist; in build_bredr_pairing_cmd()
1735 smp->remote_key_dist = rsp->init_key_dist; in build_bredr_pairing_cmd()
1740 struct smp_cmd_pairing rsp, *req = (void *) skb->data; in smp_cmd_pairing_req()
1741 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_req()
1742 struct hci_dev *hdev = conn->hcon->hdev; in smp_cmd_pairing_req()
1749 if (skb->len < sizeof(*req)) in smp_cmd_pairing_req()
1752 if (conn->hcon->role != HCI_ROLE_SLAVE) in smp_cmd_pairing_req()
1755 if (!chan->data) in smp_cmd_pairing_req()
1758 smp = chan->data; in smp_cmd_pairing_req()
1764 auth = req->auth_req & AUTH_REQ_MASK(hdev); in smp_cmd_pairing_req()
1773 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_cmd_pairing_req()
1774 memcpy(&smp->preq[1], req, sizeof(*req)); in smp_cmd_pairing_req()
1778 * successfully received our local OOB data - therefore set the in smp_cmd_pairing_req()
1781 if (req->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob) in smp_cmd_pairing_req()
1782 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_req()
1785 if (conn->hcon->type == ACL_LINK) { in smp_cmd_pairing_req()
1787 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) && in smp_cmd_pairing_req()
1791 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1795 if (req->auth_req & SMP_AUTH_CT2) in smp_cmd_pairing_req()
1796 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1798 key_size = min(req->max_key_size, rsp.max_key_size); in smp_cmd_pairing_req()
1803 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1805 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1806 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1816 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1819 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1822 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) in smp_cmd_pairing_req()
1827 if (sec_level > conn->hcon->pending_sec_level) in smp_cmd_pairing_req()
1828 conn->hcon->pending_sec_level = sec_level; in smp_cmd_pairing_req()
1831 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { in smp_cmd_pairing_req()
1834 method = get_auth_method(smp, conn->hcon->io_capability, in smp_cmd_pairing_req()
1835 req->io_capability); in smp_cmd_pairing_req()
1840 key_size = min(req->max_key_size, rsp.max_key_size); in smp_cmd_pairing_req()
1844 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_req()
1846 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1847 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1851 clear_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_cmd_pairing_req()
1860 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_req()
1863 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1869 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); in smp_cmd_pairing_req()
1878 struct hci_dev *hdev = smp->conn->hcon->hdev; in sc_send_public_key()
1882 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in sc_send_public_key()
1883 struct l2cap_chan *chan = hdev->smp_data; in sc_send_public_key()
1886 if (!chan || !chan->data) in sc_send_public_key()
1889 smp_dev = chan->data; in sc_send_public_key()
1891 memcpy(smp->local_pk, smp_dev->local_pk, 64); in sc_send_public_key()
1892 memcpy(smp->lr, smp_dev->local_rand, 16); in sc_send_public_key()
1894 if (smp_dev->debug_key) in sc_send_public_key()
1895 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1902 if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk)) in sc_send_public_key()
1904 memcpy(smp->local_pk, debug_pk, 64); in sc_send_public_key()
1905 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1909 if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk)) in sc_send_public_key()
1915 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in sc_send_public_key()
1921 SMP_DBG("Local Public Key X: %32phN", smp->local_pk); in sc_send_public_key()
1922 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32); in sc_send_public_key()
1924 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); in sc_send_public_key()
1931 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; in smp_cmd_pairing_rsp()
1932 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_rsp()
1933 struct smp_chan *smp = chan->data; in smp_cmd_pairing_rsp()
1934 struct hci_dev *hdev = conn->hcon->hdev; in smp_cmd_pairing_rsp()
1940 if (skb->len < sizeof(*rsp)) in smp_cmd_pairing_rsp()
1943 if (conn->hcon->role != HCI_ROLE_MASTER) in smp_cmd_pairing_rsp()
1948 req = (void *) &smp->preq[1]; in smp_cmd_pairing_rsp()
1950 key_size = min(req->max_key_size, rsp->max_key_size); in smp_cmd_pairing_rsp()
1954 auth = rsp->auth_req & AUTH_REQ_MASK(hdev); in smp_cmd_pairing_rsp()
1960 * successfully received our local OOB data - therefore set the in smp_cmd_pairing_rsp()
1963 if (rsp->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob) in smp_cmd_pairing_rsp()
1964 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_rsp()
1966 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_rsp()
1967 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); in smp_cmd_pairing_rsp()
1972 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
1974 if ((req->auth_req & SMP_AUTH_CT2) && (auth & SMP_AUTH_CT2)) in smp_cmd_pairing_rsp()
1975 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_rsp()
1978 if (conn->hcon->type == ACL_LINK) { in smp_cmd_pairing_rsp()
1980 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
1985 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC)) in smp_cmd_pairing_rsp()
1986 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_rsp()
1987 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH) in smp_cmd_pairing_rsp()
1988 conn->hcon->pending_sec_level = BT_SECURITY_HIGH; in smp_cmd_pairing_rsp()
1991 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { in smp_cmd_pairing_rsp()
1994 method = get_auth_method(smp, req->io_capability, in smp_cmd_pairing_rsp()
1995 rsp->io_capability); in smp_cmd_pairing_rsp()
2000 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_rsp()
2005 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
2007 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_rsp()
2009 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
2014 auth |= req->auth_req; in smp_cmd_pairing_rsp()
2016 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); in smp_cmd_pairing_rsp()
2020 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_rsp()
2023 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_rsp()
2031 struct l2cap_conn *conn = smp->conn; in sc_check_confirm()
2033 bt_dev_dbg(conn->hcon->hdev, ""); in sc_check_confirm()
2035 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_check_confirm()
2038 if (conn->hcon->out) { in sc_check_confirm()
2039 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in sc_check_confirm()
2040 smp->prnd); in sc_check_confirm()
2047 /* Work-around for some implementations that incorrectly copy RFU bits
2053 struct l2cap_conn *conn = smp->conn; in fixup_sc_false_positive()
2054 struct hci_conn *hcon = conn->hcon; in fixup_sc_false_positive()
2055 struct hci_dev *hdev = hcon->hdev; in fixup_sc_false_positive()
2060 if (hcon->out) in fixup_sc_false_positive()
2064 bt_dev_err(hdev, "refusing legacy fallback in SC-only mode"); in fixup_sc_false_positive()
2070 req = (void *) &smp->preq[1]; in fixup_sc_false_positive()
2071 rsp = (void *) &smp->prsp[1]; in fixup_sc_false_positive()
2074 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist); in fixup_sc_false_positive()
2076 auth = req->auth_req & AUTH_REQ_MASK(hdev); in fixup_sc_false_positive()
2078 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) { in fixup_sc_false_positive()
2083 clear_bit(SMP_FLAG_SC, &smp->flags); in fixup_sc_false_positive()
2090 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_confirm()
2091 struct smp_chan *smp = chan->data; in smp_cmd_pairing_confirm()
2092 struct hci_conn *hcon = conn->hcon; in smp_cmd_pairing_confirm()
2093 struct hci_dev *hdev = hcon->hdev; in smp_cmd_pairing_confirm()
2096 hcon->out ? "initiator" : "responder"); in smp_cmd_pairing_confirm()
2098 if (skb->len < sizeof(smp->pcnf)) in smp_cmd_pairing_confirm()
2101 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2102 skb_pull(skb, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2104 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_confirm()
2108 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags)) in smp_cmd_pairing_confirm()
2118 if (conn->hcon->out) { in smp_cmd_pairing_confirm()
2119 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_confirm()
2120 smp->prnd); in smp_cmd_pairing_confirm()
2125 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_confirm()
2128 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_confirm()
2135 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_random()
2136 struct smp_chan *smp = chan->data; in smp_cmd_pairing_random()
2137 struct hci_conn *hcon = conn->hcon; in smp_cmd_pairing_random()
2142 bt_dev_dbg(hcon->hdev, "conn %p", conn); in smp_cmd_pairing_random()
2144 if (skb->len < sizeof(smp->rrnd)) in smp_cmd_pairing_random()
2147 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2148 skb_pull(skb, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2150 if (!test_bit(SMP_FLAG_SC, &smp->flags)) in smp_cmd_pairing_random()
2153 if (hcon->out) { in smp_cmd_pairing_random()
2154 pkax = smp->local_pk; in smp_cmd_pairing_random()
2155 pkbx = smp->remote_pk; in smp_cmd_pairing_random()
2156 na = smp->prnd; in smp_cmd_pairing_random()
2157 nb = smp->rrnd; in smp_cmd_pairing_random()
2159 pkax = smp->remote_pk; in smp_cmd_pairing_random()
2160 pkbx = smp->local_pk; in smp_cmd_pairing_random()
2161 na = smp->rrnd; in smp_cmd_pairing_random()
2162 nb = smp->prnd; in smp_cmd_pairing_random()
2165 if (smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2166 if (!hcon->out) in smp_cmd_pairing_random()
2168 sizeof(smp->prnd), smp->prnd); in smp_cmd_pairing_random()
2174 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_pairing_random()
2177 if (hcon->out) { in smp_cmd_pairing_random()
2180 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in smp_cmd_pairing_random()
2181 smp->rrnd, 0, cfm); in smp_cmd_pairing_random()
2185 if (crypto_memneq(smp->pcnf, cfm, 16)) in smp_cmd_pairing_random()
2188 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_random()
2189 smp->prnd); in smp_cmd_pairing_random()
2192 /* Only Just-Works pairing requires extra checks */ in smp_cmd_pairing_random()
2193 if (smp->method != JUST_WORKS) in smp_cmd_pairing_random()
2200 if (hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, in smp_cmd_pairing_random()
2201 hcon->role)) { in smp_cmd_pairing_random()
2213 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk); in smp_cmd_pairing_random()
2217 if (smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2218 if (hcon->out) { in smp_cmd_pairing_random()
2225 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey); in smp_cmd_pairing_random()
2232 if (smp->method == JUST_WORKS) in smp_cmd_pairing_random()
2235 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type, in smp_cmd_pairing_random()
2236 hcon->dst_type, passkey, confirm_hint); in smp_cmd_pairing_random()
2240 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_pairing_random()
2248 struct hci_conn *hcon = conn->hcon; in smp_ltk_encrypt()
2250 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role); in smp_ltk_encrypt()
2257 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) in smp_ltk_encrypt()
2260 hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size); in smp_ltk_encrypt()
2261 hcon->enc_key_size = key->enc_size; in smp_ltk_encrypt()
2264 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); in smp_ltk_encrypt()
2277 * connection to be re-encrypted with an LTK, even if the LTK in smp_sufficient_security()
2282 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && in smp_sufficient_security()
2283 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role)) in smp_sufficient_security()
2286 if (hcon->sec_level >= sec_level) in smp_sufficient_security()
2294 struct smp_cmd_security_req *rp = (void *) skb->data; in smp_cmd_security_req() local
2296 struct hci_conn *hcon = conn->hcon; in smp_cmd_security_req()
2297 struct hci_dev *hdev = hcon->hdev; in smp_cmd_security_req()
2303 if (skb->len < sizeof(*rp)) in smp_cmd_security_req()
2306 if (hcon->role != HCI_ROLE_MASTER) in smp_cmd_security_req()
2309 auth = rp->auth_req & AUTH_REQ_MASK(hdev); in smp_cmd_security_req()
2314 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) in smp_cmd_security_req()
2324 smp_ltk_encrypt(conn, hcon->sec_level); in smp_cmd_security_req()
2328 if (sec_level > hcon->pending_sec_level) in smp_cmd_security_req()
2329 hcon->pending_sec_level = sec_level; in smp_cmd_security_req()
2331 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) in smp_cmd_security_req()
2342 skb_pull(skb, sizeof(*rp)); in smp_cmd_security_req()
2347 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_cmd_security_req()
2348 memcpy(&smp->preq[1], &cp, sizeof(cp)); in smp_cmd_security_req()
2358 struct l2cap_conn *conn = hcon->l2cap_data; in smp_conn_security()
2364 bt_dev_dbg(hcon->hdev, "conn %p hcon %p level 0x%2.2x", conn, hcon, in smp_conn_security()
2371 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) in smp_conn_security()
2377 if (sec_level > hcon->pending_sec_level) in smp_conn_security()
2378 hcon->pending_sec_level = sec_level; in smp_conn_security()
2380 if (hcon->role == HCI_ROLE_MASTER) in smp_conn_security()
2381 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) in smp_conn_security()
2384 chan = conn->smp; in smp_conn_security()
2386 bt_dev_err(hcon->hdev, "security requested but not available"); in smp_conn_security()
2393 if (chan->data) { in smp_conn_security()
2406 if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) { in smp_conn_security()
2408 if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED)) in smp_conn_security()
2413 * Needed to pass certification test SM/MAS/PKE/BV-01-C in smp_conn_security()
2415 if (!hci_dev_test_flag(hcon->hdev, HCI_FORCE_NO_MITM)) { in smp_conn_security()
2419 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || in smp_conn_security()
2420 hcon->pending_sec_level > BT_SECURITY_MEDIUM) in smp_conn_security()
2424 if (hcon->role == HCI_ROLE_MASTER) { in smp_conn_security()
2428 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_conn_security()
2429 memcpy(&smp->preq[1], &cp, sizeof(cp)); in smp_conn_security()
2440 set_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_conn_security()
2464 conn = hcon->l2cap_data; in smp_cancel_and_remove_pairing()
2468 chan = conn->smp; in smp_cancel_and_remove_pairing()
2474 smp = chan->data; in smp_cancel_and_remove_pairing()
2478 smp->ltk = NULL; in smp_cancel_and_remove_pairing()
2479 smp->responder_ltk = NULL; in smp_cancel_and_remove_pairing()
2480 smp->remote_irk = NULL; in smp_cancel_and_remove_pairing()
2482 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags)) in smp_cancel_and_remove_pairing()
2497 struct smp_cmd_encrypt_info *rp = (void *) skb->data; in smp_cmd_encrypt_info() local
2498 struct l2cap_chan *chan = conn->smp; in smp_cmd_encrypt_info()
2499 struct smp_chan *smp = chan->data; in smp_cmd_encrypt_info()
2501 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn); in smp_cmd_encrypt_info()
2503 if (skb->len < sizeof(*rp)) in smp_cmd_encrypt_info()
2507 if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_LTK, in smp_cmd_encrypt_info()
2508 rp->ltk)) { in smp_cmd_encrypt_info()
2509 bt_dev_warn_ratelimited(conn->hcon->hdev, in smp_cmd_encrypt_info()
2511 &conn->hcon->dst); in smp_cmd_encrypt_info()
2517 skb_pull(skb, sizeof(*rp)); in smp_cmd_encrypt_info()
2519 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); in smp_cmd_encrypt_info()
2526 struct smp_cmd_initiator_ident *rp = (void *)skb->data; in smp_cmd_initiator_ident() local
2527 struct l2cap_chan *chan = conn->smp; in smp_cmd_initiator_ident()
2528 struct smp_chan *smp = chan->data; in smp_cmd_initiator_ident()
2529 struct hci_dev *hdev = conn->hcon->hdev; in smp_cmd_initiator_ident()
2530 struct hci_conn *hcon = conn->hcon; in smp_cmd_initiator_ident()
2536 if (skb->len < sizeof(*rp)) in smp_cmd_initiator_ident()
2540 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; in smp_cmd_initiator_ident()
2542 if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_cmd_initiator_ident()
2544 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_initiator_ident()
2547 skb_pull(skb, sizeof(*rp)); in smp_cmd_initiator_ident()
2549 authenticated = (hcon->sec_level == BT_SECURITY_HIGH); in smp_cmd_initiator_ident()
2550 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK, in smp_cmd_initiator_ident()
2551 authenticated, smp->tk, smp->enc_key_size, in smp_cmd_initiator_ident()
2552 rp->ediv, rp->rand); in smp_cmd_initiator_ident()
2553 smp->ltk = ltk; in smp_cmd_initiator_ident()
2554 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_initiator_ident()
2562 struct smp_cmd_ident_info *info = (void *) skb->data; in smp_cmd_ident_info()
2563 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_info()
2564 struct smp_chan *smp = chan->data; in smp_cmd_ident_info()
2566 bt_dev_dbg(conn->hcon->hdev, ""); in smp_cmd_ident_info()
2568 if (skb->len < sizeof(*info)) in smp_cmd_ident_info()
2572 if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_IRK, in smp_cmd_ident_info()
2573 info->irk)) { in smp_cmd_ident_info()
2574 bt_dev_warn_ratelimited(conn->hcon->hdev, in smp_cmd_ident_info()
2576 &conn->hcon->dst); in smp_cmd_ident_info()
2584 memcpy(smp->irk, info->irk, 16); in smp_cmd_ident_info()
2592 struct smp_cmd_ident_addr_info *info = (void *) skb->data; in smp_cmd_ident_addr_info()
2593 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_addr_info()
2594 struct smp_chan *smp = chan->data; in smp_cmd_ident_addr_info()
2595 struct hci_conn *hcon = conn->hcon; in smp_cmd_ident_addr_info()
2598 bt_dev_dbg(hcon->hdev, ""); in smp_cmd_ident_addr_info()
2600 if (skb->len < sizeof(*info)) in smp_cmd_ident_addr_info()
2604 smp->remote_key_dist &= ~SMP_DIST_ID_KEY; in smp_cmd_ident_addr_info()
2606 if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_ident_addr_info()
2621 if (!bacmp(&info->bdaddr, BDADDR_ANY) || in smp_cmd_ident_addr_info()
2622 !hci_is_identity_address(&info->bdaddr, info->addr_type)) { in smp_cmd_ident_addr_info()
2623 bt_dev_err(hcon->hdev, "ignoring IRK with no identity address"); in smp_cmd_ident_addr_info()
2632 if (hci_is_identity_address(&hcon->dst, hcon->dst_type) && in smp_cmd_ident_addr_info()
2633 (bacmp(&info->bdaddr, &hcon->dst) || in smp_cmd_ident_addr_info()
2634 info->addr_type != hcon->dst_type)) { in smp_cmd_ident_addr_info()
2635 bt_dev_err(hcon->hdev, in smp_cmd_ident_addr_info()
2640 bacpy(&smp->id_addr, &info->bdaddr); in smp_cmd_ident_addr_info()
2641 smp->id_addr_type = info->addr_type; in smp_cmd_ident_addr_info()
2643 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) in smp_cmd_ident_addr_info()
2644 bacpy(&rpa, &hcon->dst); in smp_cmd_ident_addr_info()
2648 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, in smp_cmd_ident_addr_info()
2649 smp->id_addr_type, smp->irk, &rpa); in smp_cmd_ident_addr_info()
2652 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_ident_addr_info()
2660 struct smp_cmd_sign_info *rp = (void *) skb->data; in smp_cmd_sign_info() local
2661 struct l2cap_chan *chan = conn->smp; in smp_cmd_sign_info()
2662 struct smp_chan *smp = chan->data; in smp_cmd_sign_info()
2665 bt_dev_dbg(conn->hcon->hdev, "conn %p", conn); in smp_cmd_sign_info()
2667 if (skb->len < sizeof(*rp)) in smp_cmd_sign_info()
2671 smp->remote_key_dist &= ~SMP_DIST_SIGN; in smp_cmd_sign_info()
2673 skb_pull(skb, sizeof(*rp)); in smp_cmd_sign_info()
2677 if (conn->hcon->sec_level > BT_SECURITY_MEDIUM) in smp_cmd_sign_info()
2678 csrk->type = MGMT_CSRK_REMOTE_AUTHENTICATED; in smp_cmd_sign_info()
2680 csrk->type = MGMT_CSRK_REMOTE_UNAUTHENTICATED; in smp_cmd_sign_info()
2681 memcpy(csrk->val, rp->csrk, sizeof(csrk->val)); in smp_cmd_sign_info()
2683 smp->csrk = csrk; in smp_cmd_sign_info()
2691 struct l2cap_conn *conn = smp->conn; in sc_select_method()
2692 struct hci_conn *hcon = conn->hcon; in sc_select_method()
2696 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) || in sc_select_method()
2697 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) in sc_select_method()
2705 if (hcon->out) { in sc_select_method()
2706 local = (void *) &smp->preq[1]; in sc_select_method()
2707 remote = (void *) &smp->prsp[1]; in sc_select_method()
2709 local = (void *) &smp->prsp[1]; in sc_select_method()
2710 remote = (void *) &smp->preq[1]; in sc_select_method()
2713 local_io = local->io_capability; in sc_select_method()
2714 remote_io = remote->io_capability; in sc_select_method()
2716 local_mitm = (local->auth_req & SMP_AUTH_MITM); in sc_select_method()
2717 remote_mitm = (remote->auth_req & SMP_AUTH_MITM); in sc_select_method()
2728 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in sc_select_method()
2736 struct smp_cmd_public_key *key = (void *) skb->data; in smp_cmd_public_key()
2737 struct hci_conn *hcon = conn->hcon; in smp_cmd_public_key()
2738 struct l2cap_chan *chan = conn->smp; in smp_cmd_public_key()
2739 struct smp_chan *smp = chan->data; in smp_cmd_public_key()
2740 struct hci_dev *hdev = hcon->hdev; in smp_cmd_public_key()
2747 if (skb->len < sizeof(*key)) in smp_cmd_public_key()
2753 if (!test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags) && in smp_cmd_public_key()
2754 !crypto_memneq(key, smp->local_pk, 64)) { in smp_cmd_public_key()
2759 memcpy(smp->remote_pk, key, 64); in smp_cmd_public_key()
2761 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) { in smp_cmd_public_key()
2762 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk, in smp_cmd_public_key()
2763 smp->rr, 0, cfm.confirm_val); in smp_cmd_public_key()
2767 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16)) in smp_cmd_public_key()
2771 /* Non-initiating device sends its public key after receiving in smp_cmd_public_key()
2774 if (!hcon->out) { in smp_cmd_public_key()
2780 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk); in smp_cmd_public_key()
2781 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32); in smp_cmd_public_key()
2786 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in smp_cmd_public_key()
2787 struct l2cap_chan *hchan = hdev->smp_data; in smp_cmd_public_key()
2790 if (!hchan || !hchan->data) in smp_cmd_public_key()
2793 smp_dev = hchan->data; in smp_cmd_public_key()
2795 tfm_ecdh = smp_dev->tfm_ecdh; in smp_cmd_public_key()
2797 tfm_ecdh = smp->tfm_ecdh; in smp_cmd_public_key()
2800 if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey)) in smp_cmd_public_key()
2803 SMP_DBG("DHKey %32phN", smp->dhkey); in smp_cmd_public_key()
2805 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags); in smp_cmd_public_key()
2807 smp->method = sc_select_method(smp); in smp_cmd_public_key()
2809 bt_dev_dbg(hdev, "selected method 0x%02x", smp->method); in smp_cmd_public_key()
2812 if (smp->method == JUST_WORKS || smp->method == JUST_CFM) in smp_cmd_public_key()
2813 hcon->pending_sec_level = BT_SECURITY_MEDIUM; in smp_cmd_public_key()
2815 hcon->pending_sec_level = BT_SECURITY_FIPS; in smp_cmd_public_key()
2817 if (!crypto_memneq(debug_pk, smp->remote_pk, 64)) in smp_cmd_public_key()
2818 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in smp_cmd_public_key()
2820 if (smp->method == DSP_PASSKEY) { in smp_cmd_public_key()
2821 get_random_bytes(&hcon->passkey_notify, in smp_cmd_public_key()
2822 sizeof(hcon->passkey_notify)); in smp_cmd_public_key()
2823 hcon->passkey_notify %= 1000000; in smp_cmd_public_key()
2824 hcon->passkey_entered = 0; in smp_cmd_public_key()
2825 smp->passkey_round = 0; in smp_cmd_public_key()
2826 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type, in smp_cmd_public_key()
2827 hcon->dst_type, in smp_cmd_public_key()
2828 hcon->passkey_notify, in smp_cmd_public_key()
2829 hcon->passkey_entered)) in smp_cmd_public_key()
2835 if (smp->method == REQ_OOB) { in smp_cmd_public_key()
2836 if (hcon->out) in smp_cmd_public_key()
2838 sizeof(smp->prnd), smp->prnd); in smp_cmd_public_key()
2845 if (hcon->out) in smp_cmd_public_key()
2848 if (smp->method == REQ_PASSKEY) { in smp_cmd_public_key()
2849 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type, in smp_cmd_public_key()
2850 hcon->dst_type)) in smp_cmd_public_key()
2853 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_public_key()
2857 /* The Initiating device waits for the non-initiating device to in smp_cmd_public_key()
2860 if (conn->hcon->out) in smp_cmd_public_key()
2863 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, in smp_cmd_public_key()
2876 struct smp_cmd_dhkey_check *check = (void *) skb->data; in smp_cmd_dhkey_check()
2877 struct l2cap_chan *chan = conn->smp; in smp_cmd_dhkey_check()
2878 struct hci_conn *hcon = conn->hcon; in smp_cmd_dhkey_check()
2879 struct smp_chan *smp = chan->data; in smp_cmd_dhkey_check()
2884 bt_dev_dbg(hcon->hdev, "conn %p", conn); in smp_cmd_dhkey_check()
2886 if (skb->len < sizeof(*check)) in smp_cmd_dhkey_check()
2889 memcpy(a, &hcon->init_addr, 6); in smp_cmd_dhkey_check()
2890 memcpy(b, &hcon->resp_addr, 6); in smp_cmd_dhkey_check()
2891 a[6] = hcon->init_addr_type; in smp_cmd_dhkey_check()
2892 b[6] = hcon->resp_addr_type; in smp_cmd_dhkey_check()
2894 if (hcon->out) { in smp_cmd_dhkey_check()
2897 memcpy(io_cap, &smp->prsp[1], 3); in smp_cmd_dhkey_check()
2901 memcpy(io_cap, &smp->preq[1], 3); in smp_cmd_dhkey_check()
2906 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_dhkey_check()
2907 put_unaligned_le32(hcon->passkey_notify, r); in smp_cmd_dhkey_check()
2908 else if (smp->method == REQ_OOB) in smp_cmd_dhkey_check()
2909 memcpy(r, smp->lr, 16); in smp_cmd_dhkey_check()
2911 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, in smp_cmd_dhkey_check()
2916 if (crypto_memneq(check->e, e, 16)) in smp_cmd_dhkey_check()
2919 if (!hcon->out) { in smp_cmd_dhkey_check()
2920 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in smp_cmd_dhkey_check()
2921 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags); in smp_cmd_dhkey_check()
2931 if (hcon->out) { in smp_cmd_dhkey_check()
2932 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size); in smp_cmd_dhkey_check()
2933 hcon->enc_key_size = smp->enc_key_size; in smp_cmd_dhkey_check()
2942 struct smp_cmd_keypress_notify *kp = (void *) skb->data; in smp_cmd_keypress_notify()
2944 bt_dev_dbg(conn->hcon->hdev, "value 0x%02x", kp->value); in smp_cmd_keypress_notify()
2951 struct l2cap_conn *conn = chan->conn; in smp_sig_channel()
2952 struct hci_conn *hcon = conn->hcon; in smp_sig_channel()
2957 if (skb->len < 1) in smp_sig_channel()
2958 return -EILSEQ; in smp_sig_channel()
2960 if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) { in smp_sig_channel()
2965 code = skb->data[0]; in smp_sig_channel()
2968 smp = chan->data; in smp_sig_channel()
2973 if (smp && !test_and_clear_bit(code, &smp->allow_cmd)) in smp_sig_channel()
2989 err = -EPERM; in smp_sig_channel()
3041 bt_dev_dbg(hcon->hdev, "Unknown command code 0x%2.2x", code); in smp_sig_channel()
3056 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR", in smp_sig_channel()
3057 code, &hcon->dst); in smp_sig_channel()
3064 struct l2cap_conn *conn = chan->conn; in smp_teardown_cb()
3066 bt_dev_dbg(conn->hcon->hdev, "chan %p", chan); in smp_teardown_cb()
3068 if (chan->data) in smp_teardown_cb()
3071 conn->smp = NULL; in smp_teardown_cb()
3077 struct l2cap_conn *conn = chan->conn; in bredr_pairing()
3078 struct hci_conn *hcon = conn->hcon; in bredr_pairing()
3079 struct hci_dev *hdev = hcon->hdev; in bredr_pairing()
3086 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags)) in bredr_pairing()
3090 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) in bredr_pairing()
3094 if (hcon->role != HCI_ROLE_MASTER) in bredr_pairing()
3102 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) && in bredr_pairing()
3115 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR)) in bredr_pairing()
3119 if (chan->data) in bredr_pairing()
3128 set_bit(SMP_FLAG_SC, &smp->flags); in bredr_pairing()
3135 smp->preq[0] = SMP_CMD_PAIRING_REQ; in bredr_pairing()
3136 memcpy(&smp->preq[1], &req, sizeof(req)); in bredr_pairing()
3144 struct smp_chan *smp = chan->data; in smp_resume_cb()
3145 struct l2cap_conn *conn = chan->conn; in smp_resume_cb()
3146 struct hci_conn *hcon = conn->hcon; in smp_resume_cb()
3148 bt_dev_dbg(hcon->hdev, "chan %p", chan); in smp_resume_cb()
3150 if (hcon->type == ACL_LINK) { in smp_resume_cb()
3158 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) in smp_resume_cb()
3161 cancel_delayed_work(&smp->security_timer); in smp_resume_cb()
3168 struct l2cap_conn *conn = chan->conn; in smp_ready_cb()
3169 struct hci_conn *hcon = conn->hcon; in smp_ready_cb()
3171 bt_dev_dbg(hcon->hdev, "chan %p", chan); in smp_ready_cb()
3179 conn->smp = chan; in smp_ready_cb()
3181 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) in smp_ready_cb()
3189 bt_dev_dbg(chan->conn->hcon->hdev, "chan %p", chan); in smp_recv_cb()
3193 struct smp_chan *smp = chan->data; in smp_recv_cb()
3196 cancel_delayed_work_sync(&smp->security_timer); in smp_recv_cb()
3198 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE); in smp_recv_cb()
3212 return ERR_PTR(-ENOMEM); in smp_alloc_skb_cb()
3214 skb->priority = HCI_PRIO_MAX; in smp_alloc_skb_cb()
3215 bt_cb(skb)->l2cap.chan = chan; in smp_alloc_skb_cb()
3247 chan->chan_type = pchan->chan_type; in smp_new_conn_cb()
3248 chan->ops = &smp_chan_ops; in smp_new_conn_cb()
3249 chan->scid = pchan->scid; in smp_new_conn_cb()
3250 chan->dcid = chan->scid; in smp_new_conn_cb()
3251 chan->imtu = pchan->imtu; in smp_new_conn_cb()
3252 chan->omtu = pchan->omtu; in smp_new_conn_cb()
3253 chan->mode = pchan->mode; in smp_new_conn_cb()
3260 atomic_set(&chan->nesting, L2CAP_NESTING_SMP); in smp_new_conn_cb()
3299 return ERR_PTR(-ENOMEM); in smp_add_cid()
3308 tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0); in smp_add_cid()
3316 smp->local_oob = false; in smp_add_cid()
3317 smp->tfm_cmac = tfm_cmac; in smp_add_cid()
3318 smp->tfm_ecdh = tfm_ecdh; in smp_add_cid()
3324 crypto_free_shash(smp->tfm_cmac); in smp_add_cid()
3325 crypto_free_kpp(smp->tfm_ecdh); in smp_add_cid()
3328 return ERR_PTR(-ENOMEM); in smp_add_cid()
3331 chan->data = smp; in smp_add_cid()
3340 hci_copy_identity_address(hdev, &chan->src, &bdaddr_type); in smp_add_cid()
3343 chan->src_type = BDADDR_LE_PUBLIC; in smp_add_cid()
3345 chan->src_type = BDADDR_LE_RANDOM; in smp_add_cid()
3347 bacpy(&chan->src, &hdev->bdaddr); in smp_add_cid()
3348 chan->src_type = BDADDR_BREDR; in smp_add_cid()
3351 chan->state = BT_LISTEN; in smp_add_cid()
3352 chan->mode = L2CAP_MODE_BASIC; in smp_add_cid()
3353 chan->imtu = L2CAP_DEFAULT_MTU; in smp_add_cid()
3354 chan->ops = &smp_root_chan_ops; in smp_add_cid()
3357 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); in smp_add_cid()
3368 smp = chan->data; in smp_del_chan()
3370 chan->data = NULL; in smp_del_chan()
3371 crypto_free_shash(smp->tfm_cmac); in smp_del_chan()
3372 crypto_free_kpp(smp->tfm_ecdh); in smp_del_chan()
3382 return -EALREADY; in smp_force_bredr()
3391 hdev->smp_bredr_data = chan; in smp_force_bredr()
3395 chan = hdev->smp_bredr_data; in smp_force_bredr()
3396 hdev->smp_bredr_data = NULL; in smp_force_bredr()
3417 if (WARN_ON(hdev->smp_data)) { in smp_register()
3418 chan = hdev->smp_data; in smp_register()
3419 hdev->smp_data = NULL; in smp_register()
3427 hdev->smp_data = chan; in smp_register()
3435 if (WARN_ON(hdev->smp_bredr_data)) { in smp_register()
3436 chan = hdev->smp_bredr_data; in smp_register()
3437 hdev->smp_bredr_data = NULL; in smp_register()
3444 chan = hdev->smp_data; in smp_register()
3445 hdev->smp_data = NULL; in smp_register()
3450 hdev->smp_bredr_data = chan; in smp_register()
3459 if (hdev->smp_bredr_data) { in smp_unregister()
3460 chan = hdev->smp_bredr_data; in smp_unregister()
3461 hdev->smp_bredr_data = NULL; in smp_unregister()
3465 if (hdev->smp_data) { in smp_unregister()
3466 chan = hdev->smp_data; in smp_unregister()
3467 hdev->smp_data = NULL; in smp_unregister()
3488 return -EINVAL; in test_debug_key()
3508 return -EINVAL; in test_ah()
3538 return -EINVAL; in test_c1()
3563 return -EINVAL; in test_s1()
3595 return -EINVAL; in test_f4()
3629 return -EINVAL; in test_f5()
3632 return -EINVAL; in test_f5()
3665 return -EINVAL; in test_f6()
3685 const u8 y[16] = { in test_g2() local
3692 err = smp_g2(tfm_cmac, u, v, x, y, &val); in test_g2()
3697 return -EINVAL; in test_g2()
3719 return -EINVAL; in test_h6()
3833 tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0); in bt_selftest_smp()