1 /**
2 * @file smp.c
3 * Security Manager Protocol implementation
4 */
5
6 /*
7 * Copyright (c) 2017 Nordic Semiconductor ASA
8 * Copyright (c) 2015-2016 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <errno.h>
14 #include <stddef.h>
15 #include <string.h>
16
17 #include <zephyr/bluetooth/bluetooth.h>
18 #include <zephyr/bluetooth/buf.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/hci.h>
21 #include <zephyr/debug/stack.h>
22 #include <zephyr/kernel.h>
23 #include <zephyr/net/buf.h>
24 #include <zephyr/sys/__assert.h>
25 #include <zephyr/sys/atomic.h>
26 #include <zephyr/sys/byteorder.h>
27 #include <zephyr/sys/check.h>
28 #include <zephyr/sys/util.h>
29
30
31 #include "common/bt_str.h"
32
33 #include "crypto/bt_crypto.h"
34
35 #include "hci_core.h"
36 #include "ecc.h"
37 #include "keys.h"
38 #include "conn_internal.h"
39 #include "l2cap_internal.h"
40 #include "smp.h"
41
42 #define LOG_LEVEL CONFIG_BT_SMP_LOG_LEVEL
43 #include <zephyr/logging/log.h>
44 LOG_MODULE_REGISTER(bt_smp);
45
46 #define SMP_TIMEOUT K_SECONDS(30)
47
48 #if defined(CONFIG_BT_SIGNING)
49 #define SIGN_DIST BT_SMP_DIST_SIGN
50 #else
51 #define SIGN_DIST 0
52 #endif
53
54 #if defined(CONFIG_BT_PRIVACY)
55 #define ID_DIST BT_SMP_DIST_ID_KEY
56 #else
57 #define ID_DIST 0
58 #endif
59
60 #if defined(CONFIG_BT_CLASSIC)
61 #define LINK_DIST BT_SMP_DIST_LINK_KEY
62 #else
63 #define LINK_DIST 0
64 #endif
65
66 #define RECV_KEYS (BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_ID_KEY | SIGN_DIST |\
67 LINK_DIST)
68 #define SEND_KEYS (BT_SMP_DIST_ENC_KEY | ID_DIST | SIGN_DIST | LINK_DIST)
69
70 #define RECV_KEYS_SC (RECV_KEYS & ~(BT_SMP_DIST_ENC_KEY))
71 #define SEND_KEYS_SC (SEND_KEYS & ~(BT_SMP_DIST_ENC_KEY))
72
73 #define BR_RECV_KEYS_SC (RECV_KEYS & ~(LINK_DIST))
74 #define BR_SEND_KEYS_SC (SEND_KEYS & ~(LINK_DIST))
75
76 #define BT_SMP_AUTH_MASK 0x07
77
78 #if defined(CONFIG_BT_BONDABLE)
79 #define BT_SMP_AUTH_BONDING_FLAGS BT_SMP_AUTH_BONDING
80 #else
81 #define BT_SMP_AUTH_BONDING_FLAGS 0
82 #endif /* CONFIG_BT_BONDABLE */
83
84 #if defined(CONFIG_BT_CLASSIC)
85
86 #define BT_SMP_AUTH_MASK_SC 0x2f
87 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
88 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2)
89 #else
90 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2 |\
91 BT_SMP_AUTH_SC)
92 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
93
94 #else
95
96 #define BT_SMP_AUTH_MASK_SC 0x0f
97 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
98 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS)
99 #else
100 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_SC)
101 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
102
103 #endif /* CONFIG_BT_CLASSIC */
104
105 enum pairing_method {
106 JUST_WORKS, /* JustWorks pairing */
107 PASSKEY_INPUT, /* Passkey Entry input */
108 PASSKEY_DISPLAY, /* Passkey Entry display */
109 PASSKEY_CONFIRM, /* Passkey confirm */
110 PASSKEY_ROLE, /* Passkey Entry depends on role */
111 LE_SC_OOB, /* LESC Out of Band */
112 LEGACY_OOB, /* Legacy Out of Band */
113 };
114
115 enum {
116 SMP_FLAG_CFM_DELAYED, /* if confirm should be send when TK is valid */
117 SMP_FLAG_ENC_PENDING, /* if waiting for an encryption change event */
118 SMP_FLAG_KEYS_DISTR, /* if keys distribution phase is in progress */
119 SMP_FLAG_PAIRING, /* if pairing is in progress */
120 SMP_FLAG_TIMEOUT, /* if SMP timeout occurred */
121 SMP_FLAG_SC, /* if LE Secure Connections is used */
122 SMP_FLAG_PKEY_SEND, /* if should send Public Key when available */
123 SMP_FLAG_DHKEY_PENDING, /* if waiting for local DHKey */
124 SMP_FLAG_DHKEY_GEN, /* if generating DHKey */
125 SMP_FLAG_DHKEY_SEND, /* if should generate and send DHKey Check */
126 SMP_FLAG_USER, /* if waiting for user input */
127 SMP_FLAG_DISPLAY, /* if display_passkey() callback was called */
128 SMP_FLAG_OOB_PENDING, /* if waiting for OOB data */
129 SMP_FLAG_BOND, /* if bonding */
130 SMP_FLAG_SC_DEBUG_KEY, /* if Secure Connection are using debug key */
131 SMP_FLAG_SEC_REQ, /* if Security Request was sent/received */
132 SMP_FLAG_DHCHECK_WAIT, /* if waiting for remote DHCheck (as periph) */
133 SMP_FLAG_DERIVE_LK, /* if Link Key should be derived */
134 SMP_FLAG_BR_CONNECTED, /* if BR/EDR channel is connected */
135 SMP_FLAG_BR_PAIR, /* if should start BR/EDR pairing */
136 SMP_FLAG_CT2, /* if should use H7 for keys derivation */
137
138 /* Total number of flags - must be at the end */
139 SMP_NUM_FLAGS,
140 };
141
142 /* SMP channel specific context */
143 struct bt_smp {
144 /* Commands that remote is allowed to send */
145 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
146
147 /* Flags for SMP state machine */
148 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
149
150 /* Type of method used for pairing */
151 uint8_t method;
152
153 /* Pairing Request PDU */
154 uint8_t preq[7];
155
156 /* Pairing Response PDU */
157 uint8_t prsp[7];
158
159 /* Pairing Confirm PDU */
160 uint8_t pcnf[16];
161
162 /* Local random number */
163 uint8_t prnd[16];
164
165 /* Remote random number */
166 uint8_t rrnd[16];
167
168 /* Temporary key */
169 uint8_t tk[16];
170
171 /* Remote Public Key for LE SC */
172 uint8_t pkey[BT_PUB_KEY_LEN];
173
174 /* DHKey */
175 uint8_t dhkey[BT_DH_KEY_LEN];
176
177 /* Remote DHKey check */
178 uint8_t e[16];
179
180 /* MacKey */
181 uint8_t mackey[16];
182
183 /* LE SC passkey */
184 uint32_t passkey;
185
186 /* LE SC passkey round */
187 uint8_t passkey_round;
188
189 /* LE SC local OOB data */
190 const struct bt_le_oob_sc_data *oobd_local;
191
192 /* LE SC remote OOB data */
193 const struct bt_le_oob_sc_data *oobd_remote;
194
195 /* Local key distribution */
196 uint8_t local_dist;
197
198 /* Remote key distribution */
199 uint8_t remote_dist;
200
201 /* The channel this context is associated with.
202 * This marks the beginning of the part of the structure that will not
203 * be memset to zero in init.
204 */
205 struct bt_l2cap_le_chan chan;
206
207 /* Delayed work for timeout handling */
208 struct k_work_delayable work;
209
210 /* Used Bluetooth authentication callbacks. */
211 atomic_ptr_t auth_cb;
212
213 /* Bondable flag */
214 atomic_t bondable;
215 };
216
217 static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
218
219 #define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
220 fixed_passkey != BT_PASSKEY_INVALID && \
221 (smp)->method == PASSKEY_DISPLAY)
222
223 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
224 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
225 static const uint8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
226 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
227 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
228 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
229 PASSKEY_DISPLAY },
230 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
231 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
232 PASSKEY_ROLE },
233 };
234 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
235
236 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
237 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
238 static const uint8_t gen_method_sc[5 /* remote */][5 /* local */] = {
239 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
240 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
241 PASSKEY_CONFIRM },
242 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
243 PASSKEY_DISPLAY },
244 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
245 { PASSKEY_DISPLAY, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
246 PASSKEY_CONFIRM },
247 };
248 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
249
250 #if defined(CONFIG_BT_CLASSIC)
251 /* SMP over BR/EDR channel specific context */
252 struct bt_smp_br {
253 /* Commands that remote is allowed to send */
254 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
255
256 /* Flags for SMP state machine */
257 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
258
259 /* Local key distribution */
260 uint8_t local_dist;
261
262 /* Remote key distribution */
263 uint8_t remote_dist;
264
265 /* Encryption Key Size used for connection */
266 uint8_t enc_key_size;
267
268 /* The channel this context is associated with.
269 * This marks the beginning of the part of the structure that will not
270 * be memset to zero in init.
271 */
272 struct bt_l2cap_br_chan chan;
273
274 /* Delayed work for timeout handling */
275 struct k_work_delayable work;
276 };
277
278 static struct bt_smp_br bt_smp_br_pool[CONFIG_BT_MAX_CONN];
279 #endif /* CONFIG_BT_CLASSIC */
280
281 static struct bt_smp bt_smp_pool[CONFIG_BT_MAX_CONN];
282 static bool bondable = IS_ENABLED(CONFIG_BT_BONDABLE);
283 static bool sc_oobd_present;
284 static bool legacy_oobd_present;
285 static bool sc_supported;
286 static const uint8_t *sc_public_key;
287 static K_SEM_DEFINE(sc_local_pkey_ready, 0, 1);
288
289 /* Pointer to internal data is used to mark that callbacks of given SMP channel are not initialized.
290 * Value of NULL represents no authentication capabilities and cannot be used for that purpose.
291 */
292 #define BT_SMP_AUTH_CB_UNINITIALIZED ((atomic_ptr_val_t)bt_smp_pool)
293
294 /* Value used to mark that per-connection bondable flag is not initialized.
295 * Value false/true represent if flag is cleared or set and cannot be used for that purpose.
296 */
297 #define BT_SMP_BONDABLE_UNINITIALIZED ((atomic_val_t)-1)
298
le_sc_supported(void)299 static bool le_sc_supported(void)
300 {
301 /*
302 * If controller based ECC is to be used it must support
303 * "LE Read Local P-256 Public Key" and "LE Generate DH Key" commands.
304 * Otherwise LE SC are not supported.
305 */
306 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
307 return false;
308 }
309
310 return BT_CMD_TEST(bt_dev.supported_commands, 34, 1) &&
311 BT_CMD_TEST(bt_dev.supported_commands, 34, 2);
312 }
313
latch_auth_cb(struct bt_smp * smp)314 static const struct bt_conn_auth_cb *latch_auth_cb(struct bt_smp *smp)
315 {
316 (void)atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED,
317 (atomic_ptr_val_t)bt_auth);
318
319 return atomic_ptr_get(&smp->auth_cb);
320 }
321
latch_bondable(struct bt_smp * smp)322 static bool latch_bondable(struct bt_smp *smp)
323 {
324 (void)atomic_cas(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED, (atomic_val_t)bondable);
325
326 return atomic_get(&smp->bondable);
327 }
328
get_io_capa(struct bt_smp * smp)329 static uint8_t get_io_capa(struct bt_smp *smp)
330 {
331 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
332
333 if (!smp_auth_cb) {
334 goto no_callbacks;
335 }
336
337 /* Passkey Confirmation is valid only for LE SC */
338 if (smp_auth_cb->passkey_display && smp_auth_cb->passkey_entry &&
339 (smp_auth_cb->passkey_confirm || !sc_supported)) {
340 return BT_SMP_IO_KEYBOARD_DISPLAY;
341 }
342
343 /* DisplayYesNo is useful only for LE SC */
344 if (sc_supported && smp_auth_cb->passkey_display &&
345 smp_auth_cb->passkey_confirm) {
346 return BT_SMP_IO_DISPLAY_YESNO;
347 }
348
349 if (smp_auth_cb->passkey_entry) {
350 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
351 fixed_passkey != BT_PASSKEY_INVALID) {
352 return BT_SMP_IO_KEYBOARD_DISPLAY;
353 } else {
354 return BT_SMP_IO_KEYBOARD_ONLY;
355 }
356 }
357
358 if (smp_auth_cb->passkey_display) {
359 return BT_SMP_IO_DISPLAY_ONLY;
360 }
361
362 no_callbacks:
363 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
364 fixed_passkey != BT_PASSKEY_INVALID) {
365 return BT_SMP_IO_DISPLAY_ONLY;
366 } else {
367 return BT_SMP_IO_NO_INPUT_OUTPUT;
368 }
369 }
370
371 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
372 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io);
373 #endif
374
smp_keys_check(struct bt_conn * conn)375 static bool smp_keys_check(struct bt_conn *conn)
376 {
377 if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
378 return false;
379 }
380
381 if (!conn->le.keys) {
382 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
383 conn->id, &conn->le.dst);
384 if (!conn->le.keys) {
385 conn->le.keys = bt_keys_find(BT_KEYS_LTK,
386 conn->id,
387 &conn->le.dst);
388 }
389 }
390
391 if (!conn->le.keys ||
392 !(conn->le.keys->keys & (BT_KEYS_LTK | BT_KEYS_LTK_P256))) {
393 return false;
394 }
395
396 if (conn->required_sec_level >= BT_SECURITY_L3 &&
397 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
398 return false;
399 }
400
401 if (conn->required_sec_level >= BT_SECURITY_L4 &&
402 !((conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
403 (conn->le.keys->keys & BT_KEYS_LTK_P256) &&
404 (conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE))) {
405 return false;
406 }
407
408 return true;
409 }
410
get_pair_method(struct bt_smp * smp,uint8_t remote_io)411 static uint8_t get_pair_method(struct bt_smp *smp, uint8_t remote_io)
412 {
413 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
414 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
415 return legacy_get_pair_method(smp, remote_io);
416 }
417 #endif
418
419 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
420 struct bt_smp_pairing *req, *rsp;
421
422 req = (struct bt_smp_pairing *)&smp->preq[1];
423 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
424
425 if ((req->auth_req & rsp->auth_req) & BT_SMP_AUTH_SC) {
426 /* if one side has OOB data use OOB */
427 if ((req->oob_flag | rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
428 return LE_SC_OOB;
429 }
430 }
431
432 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
433 return JUST_WORKS;
434 }
435
436 /* if none side requires MITM use JustWorks */
437 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
438 return JUST_WORKS;
439 }
440
441 return gen_method_sc[remote_io][get_io_capa(smp)];
442 #else
443 return JUST_WORKS;
444 #endif
445 }
446
security_err_get(uint8_t smp_err)447 static enum bt_security_err security_err_get(uint8_t smp_err)
448 {
449 switch (smp_err) {
450 case BT_SMP_ERR_PASSKEY_ENTRY_FAILED:
451 case BT_SMP_ERR_DHKEY_CHECK_FAILED:
452 case BT_SMP_ERR_NUMERIC_COMP_FAILED:
453 case BT_SMP_ERR_CONFIRM_FAILED:
454 return BT_SECURITY_ERR_AUTH_FAIL;
455 case BT_SMP_ERR_OOB_NOT_AVAIL:
456 return BT_SECURITY_ERR_OOB_NOT_AVAILABLE;
457 case BT_SMP_ERR_AUTH_REQUIREMENTS:
458 case BT_SMP_ERR_ENC_KEY_SIZE:
459 return BT_SECURITY_ERR_AUTH_REQUIREMENT;
460 case BT_SMP_ERR_PAIRING_NOTSUPP:
461 case BT_SMP_ERR_CMD_NOTSUPP:
462 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
463 case BT_SMP_ERR_REPEATED_ATTEMPTS:
464 case BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS:
465 case BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED:
466 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
467 case BT_SMP_ERR_INVALID_PARAMS:
468 return BT_SECURITY_ERR_INVALID_PARAM;
469 case BT_SMP_ERR_KEY_REJECTED:
470 return BT_SECURITY_ERR_KEY_REJECTED;
471 case BT_SMP_ERR_UNSPECIFIED:
472 default:
473 return BT_SECURITY_ERR_UNSPECIFIED;
474 }
475 }
476
477 #if defined(CONFIG_BT_SECURITY_ERR_TO_STR)
bt_security_err_to_str(enum bt_security_err err)478 const char *bt_security_err_to_str(enum bt_security_err err)
479 {
480 #define SEC_ERR(err) [err] = #err
481
482 const char * const mapping_table[] = {
483 SEC_ERR(BT_SECURITY_ERR_SUCCESS),
484 SEC_ERR(BT_SECURITY_ERR_AUTH_FAIL),
485 SEC_ERR(BT_SECURITY_ERR_PIN_OR_KEY_MISSING),
486 SEC_ERR(BT_SECURITY_ERR_OOB_NOT_AVAILABLE),
487 SEC_ERR(BT_SECURITY_ERR_AUTH_REQUIREMENT),
488 SEC_ERR(BT_SECURITY_ERR_PAIR_NOT_SUPPORTED),
489 SEC_ERR(BT_SECURITY_ERR_PAIR_NOT_ALLOWED),
490 SEC_ERR(BT_SECURITY_ERR_INVALID_PARAM),
491 SEC_ERR(BT_SECURITY_ERR_KEY_REJECTED),
492 SEC_ERR(BT_SECURITY_ERR_UNSPECIFIED),
493 };
494
495 if (err < ARRAY_SIZE(mapping_table) && mapping_table[err]) {
496 return mapping_table[err];
497 } else {
498 return "(unknown)";
499 }
500
501 #undef SEC_ERR
502 }
503 #endif /* CONFIG_BT_SECURITY_ERR_TO_STR */
504
smp_err_get(enum bt_security_err auth_err)505 static uint8_t smp_err_get(enum bt_security_err auth_err)
506 {
507 switch (auth_err) {
508 case BT_SECURITY_ERR_OOB_NOT_AVAILABLE:
509 return BT_SMP_ERR_OOB_NOT_AVAIL;
510
511 case BT_SECURITY_ERR_AUTH_FAIL:
512 case BT_SECURITY_ERR_AUTH_REQUIREMENT:
513 return BT_SMP_ERR_AUTH_REQUIREMENTS;
514
515 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
516 return BT_SMP_ERR_PAIRING_NOTSUPP;
517
518 case BT_SECURITY_ERR_INVALID_PARAM:
519 return BT_SMP_ERR_INVALID_PARAMS;
520
521 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
522 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
523 case BT_SECURITY_ERR_UNSPECIFIED:
524 return BT_SMP_ERR_UNSPECIFIED;
525 default:
526 return 0;
527 }
528 }
529
530 #if defined(CONFIG_BT_SMP_ERR_TO_STR)
bt_smp_err_to_str(uint8_t smp_err)531 const char *bt_smp_err_to_str(uint8_t smp_err)
532 {
533 #define SMP_ERR(err) [err] = #err
534
535 const char * const mapping_table[] = {
536 SMP_ERR(BT_SMP_ERR_SUCCESS),
537 SMP_ERR(BT_SMP_ERR_PASSKEY_ENTRY_FAILED),
538 SMP_ERR(BT_SMP_ERR_OOB_NOT_AVAIL),
539 SMP_ERR(BT_SMP_ERR_AUTH_REQUIREMENTS),
540 SMP_ERR(BT_SMP_ERR_CONFIRM_FAILED),
541 SMP_ERR(BT_SMP_ERR_PAIRING_NOTSUPP),
542 SMP_ERR(BT_SMP_ERR_ENC_KEY_SIZE),
543 SMP_ERR(BT_SMP_ERR_CMD_NOTSUPP),
544 SMP_ERR(BT_SMP_ERR_UNSPECIFIED),
545 SMP_ERR(BT_SMP_ERR_REPEATED_ATTEMPTS),
546 SMP_ERR(BT_SMP_ERR_INVALID_PARAMS),
547 SMP_ERR(BT_SMP_ERR_DHKEY_CHECK_FAILED),
548 SMP_ERR(BT_SMP_ERR_NUMERIC_COMP_FAILED),
549 SMP_ERR(BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS),
550 SMP_ERR(BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED),
551 SMP_ERR(BT_SMP_ERR_KEY_REJECTED),
552 };
553
554 if (smp_err < ARRAY_SIZE(mapping_table) && mapping_table[smp_err]) {
555 return mapping_table[smp_err];
556 } else {
557 return "(unknown)";
558 }
559
560 #undef SMP_ERR
561 }
562 #endif /* CONFIG_BT_SMP_ERR_TO_STR */
563
smp_create_pdu(struct bt_smp * smp,uint8_t op,size_t len)564 static struct net_buf *smp_create_pdu(struct bt_smp *smp, uint8_t op, size_t len)
565 {
566 struct bt_smp_hdr *hdr;
567 struct net_buf *buf;
568 k_timeout_t timeout;
569
570 /* Don't if session had already timed out */
571 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
572 timeout = K_NO_WAIT;
573 } else {
574 timeout = SMP_TIMEOUT;
575 }
576
577 /* Use smaller timeout if returning an error since that could be
578 * caused by lack of buffers.
579 */
580 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
581 if (!buf) {
582 /* If it was not possible to allocate a buffer within the
583 * timeout marked it as timed out.
584 */
585 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
586 return NULL;
587 }
588
589 hdr = net_buf_add(buf, sizeof(*hdr));
590 hdr->code = op;
591
592 return buf;
593 }
594
get_encryption_key_size(struct bt_smp * smp)595 static uint8_t get_encryption_key_size(struct bt_smp *smp)
596 {
597 struct bt_smp_pairing *req, *rsp;
598
599 req = (struct bt_smp_pairing *)&smp->preq[1];
600 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
601
602 /*
603 * The smaller value of the initiating and responding devices maximum
604 * encryption key length parameters shall be used as the encryption key
605 * size.
606 */
607 return MIN(req->max_key_size, rsp->max_key_size);
608 }
609
610 /* Check that if a new pairing procedure with an existing bond will not lower
611 * the established security level of the bond.
612 */
update_keys_check(struct bt_smp * smp,struct bt_keys * keys)613 static bool update_keys_check(struct bt_smp *smp, struct bt_keys *keys)
614 {
615 if (IS_ENABLED(CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY) &&
616 !atomic_test_bit(smp->flags, SMP_FLAG_SC) &&
617 smp->method != LEGACY_OOB) {
618 return false;
619 }
620
621 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) &&
622 smp->method != LEGACY_OOB) {
623 return false;
624 }
625
626 if (!keys ||
627 !(keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
628 return true;
629 }
630
631 if (keys->enc_size > get_encryption_key_size(smp)) {
632 return false;
633 }
634
635 if ((keys->keys & BT_KEYS_LTK_P256) &&
636 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
637 return false;
638 }
639
640 if ((keys->flags & BT_KEYS_AUTHENTICATED) &&
641 smp->method == JUST_WORKS) {
642 return false;
643 }
644
645 if (!IS_ENABLED(CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE) &&
646 (!(keys->flags & BT_KEYS_AUTHENTICATED)
647 && smp->method == JUST_WORKS)) {
648 if (!IS_ENABLED(CONFIG_BT_ID_ALLOW_UNAUTH_OVERWRITE) ||
649 (keys->id == smp->chan.chan.conn->id)) {
650 return false;
651 }
652 }
653
654 return true;
655 }
656
657 #ifndef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
update_debug_keys_check(struct bt_smp * smp)658 static bool update_debug_keys_check(struct bt_smp *smp)
659 {
660 struct bt_conn *conn = smp->chan.chan.conn;
661
662 if (!conn->le.keys) {
663 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
664 }
665
666 if (!conn->le.keys ||
667 !(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
668 return true;
669 }
670
671 if (conn->le.keys->flags & BT_KEYS_DEBUG) {
672 return true;
673 }
674
675 return false;
676 }
677 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
678
679 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_SIGNING) || \
680 !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
681 /* For TX callbacks */
682 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status);
683 #if defined(CONFIG_BT_CLASSIC)
684 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status);
685 #endif
686
smp_check_complete(struct bt_conn * conn,uint8_t dist_complete)687 static void smp_check_complete(struct bt_conn *conn, uint8_t dist_complete)
688 {
689 struct bt_l2cap_chan *chan;
690
691 if (conn->type == BT_CONN_TYPE_LE) {
692 struct bt_smp *smp;
693
694 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_SMP);
695 __ASSERT(chan, "No SMP channel found");
696
697 smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
698 smp->local_dist &= ~dist_complete;
699
700 /* if all keys were distributed, pairing is done */
701 if (!smp->local_dist && !smp->remote_dist) {
702 smp_pairing_complete(smp, 0);
703 }
704
705 return;
706 }
707
708 #if defined(CONFIG_BT_CLASSIC)
709 if (conn->type == BT_CONN_TYPE_BR) {
710 struct bt_smp_br *smp;
711
712 chan = bt_l2cap_br_lookup_tx_cid(conn, BT_L2CAP_CID_BR_SMP);
713 __ASSERT(chan, "No SMP channel found");
714
715 smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
716 smp->local_dist &= ~dist_complete;
717
718 /* if all keys were distributed, pairing is done */
719 if (!smp->local_dist && !smp->remote_dist) {
720 smp_pairing_br_complete(smp, 0);
721 }
722 }
723 #endif
724 }
725 #endif
726
727 #if defined(CONFIG_BT_PRIVACY)
smp_id_sent(struct bt_conn * conn,void * user_data,int err)728 static void smp_id_sent(struct bt_conn *conn, void *user_data, int err)
729 {
730 if (!err) {
731 smp_check_complete(conn, BT_SMP_DIST_ID_KEY);
732 }
733 }
734 #endif /* CONFIG_BT_PRIVACY */
735
736 #if defined(CONFIG_BT_SIGNING)
smp_sign_info_sent(struct bt_conn * conn,void * user_data,int err)737 static void smp_sign_info_sent(struct bt_conn *conn, void *user_data, int err)
738 {
739 if (!err) {
740 smp_check_complete(conn, BT_SMP_DIST_SIGN);
741 }
742 }
743 #endif /* CONFIG_BT_SIGNING */
744
745 #if defined(CONFIG_BT_CLASSIC)
sc_derive_link_key(struct bt_smp * smp)746 static void sc_derive_link_key(struct bt_smp *smp)
747 {
748 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
749 static const uint8_t lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
750 struct bt_conn *conn = smp->chan.chan.conn;
751 struct bt_keys_link_key *link_key;
752 uint8_t ilk[16];
753
754 LOG_DBG("");
755
756 /* TODO handle errors? */
757
758 /*
759 * At this point remote device identity is known so we can use
760 * destination address here
761 */
762 link_key = bt_keys_get_link_key(&conn->le.dst.a);
763 if (!link_key) {
764 return;
765 }
766
767 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
768 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
769 static const uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74,
770 0x00, 0x00, 0x00, 0x00,
771 0x00, 0x00, 0x00, 0x00,
772 0x00, 0x00, 0x00, 0x00 };
773
774 if (bt_crypto_h7(salt, conn->le.keys->ltk.val, ilk)) {
775 bt_keys_link_key_clear(link_key);
776 return;
777 }
778 } else {
779 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
780 static const uint8_t tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
781
782 if (bt_crypto_h6(conn->le.keys->ltk.val, tmp1, ilk)) {
783 bt_keys_link_key_clear(link_key);
784 return;
785 }
786 }
787
788 if (bt_crypto_h6(ilk, lebr, link_key->val)) {
789 bt_keys_link_key_clear(link_key);
790 }
791
792 link_key->flags |= BT_LINK_KEY_SC;
793
794 if (conn->le.keys->flags & BT_KEYS_AUTHENTICATED) {
795 link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
796 } else {
797 link_key->flags &= ~BT_LINK_KEY_AUTHENTICATED;
798 }
799 }
800
smp_br_reset(struct bt_smp_br * smp)801 static void smp_br_reset(struct bt_smp_br *smp)
802 {
803 /* Clear flags first in case canceling of timeout fails. The SMP context
804 * shall be marked as timed out in that case.
805 */
806 atomic_set(smp->flags, 0);
807
808 /* If canceling fails the timeout handler will set the timeout flag and
809 * mark the it as timed out. No new pairing procedures shall be started
810 * on this connection if that happens.
811 */
812 (void)k_work_cancel_delayable(&smp->work);
813
814 atomic_set(smp->allowed_cmds, 0);
815
816 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
817 }
818
smp_pairing_br_complete(struct bt_smp_br * smp,uint8_t status)819 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status)
820 {
821 struct bt_conn *conn = smp->chan.chan.conn;
822 struct bt_keys *keys;
823 bt_addr_le_t addr;
824
825 LOG_DBG("status 0x%x", status);
826
827 /* For dualmode devices LE address is same as BR/EDR address
828 * and is of public type.
829 */
830 bt_addr_copy(&addr.a, &conn->br.dst);
831 addr.type = BT_ADDR_LE_PUBLIC;
832 keys = bt_keys_find_addr(conn->id, &addr);
833
834 if (status) {
835 struct bt_conn_auth_info_cb *listener, *next;
836
837 if (keys) {
838 bt_keys_clear(keys);
839 }
840
841 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
842 next, node) {
843 if (listener->pairing_failed) {
844 listener->pairing_failed(smp->chan.chan.conn,
845 security_err_get(status));
846 }
847 }
848 } else {
849 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
850 struct bt_conn_auth_info_cb *listener, *next;
851
852 if (bond_flag && keys) {
853 bt_keys_store(keys);
854 }
855
856 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
857 next, node) {
858 if (listener->pairing_complete) {
859 listener->pairing_complete(smp->chan.chan.conn,
860 bond_flag);
861 }
862 }
863 }
864
865 smp_br_reset(smp);
866 }
867
smp_br_timeout(struct k_work * work)868 static void smp_br_timeout(struct k_work *work)
869 {
870 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
871 struct bt_smp_br *smp = CONTAINER_OF(dwork, struct bt_smp_br, work);
872
873 LOG_ERR("SMP Timeout");
874
875 smp_pairing_br_complete(smp, BT_SMP_ERR_UNSPECIFIED);
876 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
877 }
878
smp_br_send(struct bt_smp_br * smp,struct net_buf * buf,bt_conn_tx_cb_t cb)879 static void smp_br_send(struct bt_smp_br *smp, struct net_buf *buf,
880 bt_conn_tx_cb_t cb)
881 {
882 int err = bt_l2cap_br_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf, cb, NULL);
883
884 if (err) {
885 if (err == -ENOBUFS) {
886 LOG_ERR("Ran out of TX buffers or contexts.");
887 }
888
889 net_buf_unref(buf);
890 return;
891 }
892
893 k_work_reschedule(&smp->work, SMP_TIMEOUT);
894 }
895
bt_smp_br_connected(struct bt_l2cap_chan * chan)896 static void bt_smp_br_connected(struct bt_l2cap_chan *chan)
897 {
898 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
899
900 LOG_DBG("chan %p cid 0x%04x", chan,
901 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
902
903 atomic_set_bit(smp->flags, SMP_FLAG_BR_CONNECTED);
904
905 /*
906 * if this flag is set it means pairing was requested before channel
907 * was connected
908 */
909 if (atomic_test_bit(smp->flags, SMP_FLAG_BR_PAIR)) {
910 bt_smp_br_send_pairing_req(chan->conn);
911 }
912 }
913
bt_smp_br_disconnected(struct bt_l2cap_chan * chan)914 static void bt_smp_br_disconnected(struct bt_l2cap_chan *chan)
915 {
916 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
917
918 LOG_DBG("chan %p cid 0x%04x", chan,
919 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
920
921 /* Channel disconnected callback is always called from a work handler
922 * so canceling of the timeout work should always succeed.
923 */
924 (void)k_work_cancel_delayable(&smp->work);
925
926 (void)memset(smp, 0, sizeof(*smp));
927 }
928
smp_br_init(struct bt_smp_br * smp)929 static void smp_br_init(struct bt_smp_br *smp)
930 {
931 /* Initialize SMP context excluding L2CAP channel context and anything
932 * else declared after.
933 */
934 (void)memset(smp, 0, offsetof(struct bt_smp_br, chan));
935
936 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
937 }
938
smp_br_derive_ltk(struct bt_smp_br * smp)939 static void smp_br_derive_ltk(struct bt_smp_br *smp)
940 {
941 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
942 static const uint8_t brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
943 struct bt_conn *conn = smp->chan.chan.conn;
944 struct bt_keys_link_key *link_key = conn->br.link_key;
945 struct bt_keys *keys;
946 bt_addr_le_t addr;
947 uint8_t ilk[16];
948
949 LOG_DBG("");
950
951 if (!link_key) {
952 return;
953 }
954
955 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) && conn->encrypt != 0x02) {
956 LOG_WRN("Using P192 Link Key for P256 LTK derivation");
957 }
958
959 /*
960 * For dualmode devices LE address is same as BR/EDR address and is of
961 * public type.
962 */
963 bt_addr_copy(&addr.a, &conn->br.dst);
964 addr.type = BT_ADDR_LE_PUBLIC;
965
966 keys = bt_keys_get_type(BT_KEYS_LTK_P256, conn->id, &addr);
967 if (!keys) {
968 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
969 return;
970 }
971
972 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
973 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
974 static const uint8_t salt[16] = { 0x32, 0x70, 0x6d, 0x74,
975 0x00, 0x00, 0x00, 0x00,
976 0x00, 0x00, 0x00, 0x00,
977 0x00, 0x00, 0x00, 0x00 };
978
979 if (bt_crypto_h7(salt, link_key->val, ilk)) {
980 bt_keys_link_key_clear(link_key);
981 return;
982 }
983 } else {
984 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
985 static const uint8_t tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
986
987 if (bt_crypto_h6(link_key->val, tmp2, ilk)) {
988 bt_keys_clear(keys);
989 return;
990 }
991 }
992
993 if (bt_crypto_h6(ilk, brle, keys->ltk.val)) {
994 bt_keys_clear(keys);
995 return;
996 }
997
998 (void)memset(keys->ltk.ediv, 0, sizeof(keys->ltk.ediv));
999 (void)memset(keys->ltk.rand, 0, sizeof(keys->ltk.rand));
1000 keys->enc_size = smp->enc_key_size;
1001
1002 if (link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
1003 keys->flags |= BT_KEYS_AUTHENTICATED;
1004 } else {
1005 keys->flags &= ~BT_KEYS_AUTHENTICATED;
1006 }
1007
1008 LOG_DBG("LTK derived from LinkKey");
1009 }
1010
smp_br_create_pdu(struct bt_smp_br * smp,uint8_t op,size_t len)1011 static struct net_buf *smp_br_create_pdu(struct bt_smp_br *smp, uint8_t op,
1012 size_t len)
1013 {
1014 struct bt_smp_hdr *hdr;
1015 struct net_buf *buf;
1016 k_timeout_t timeout;
1017
1018 /* Don't if session had already timed out */
1019 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1020 timeout = K_NO_WAIT;
1021 } else {
1022 timeout = SMP_TIMEOUT;
1023 }
1024
1025 /* Use smaller timeout if returning an error since that could be
1026 * caused by lack of buffers.
1027 */
1028 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
1029 if (!buf) {
1030 /* If it was not possible to allocate a buffer within the
1031 * timeout marked it as timed out.
1032 */
1033 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1034 return NULL;
1035 }
1036
1037 hdr = net_buf_add(buf, sizeof(*hdr));
1038 hdr->code = op;
1039
1040 return buf;
1041 }
1042
smp_br_distribute_keys(struct bt_smp_br * smp)1043 static void smp_br_distribute_keys(struct bt_smp_br *smp)
1044 {
1045 struct bt_conn *conn = smp->chan.chan.conn;
1046 struct bt_keys *keys;
1047 bt_addr_le_t addr;
1048
1049 /*
1050 * For dualmode devices LE address is same as BR/EDR address and is of
1051 * public type.
1052 */
1053 bt_addr_copy(&addr.a, &conn->br.dst);
1054 addr.type = BT_ADDR_LE_PUBLIC;
1055
1056 keys = bt_keys_get_addr(conn->id, &addr);
1057 if (!keys) {
1058 LOG_ERR("No keys space for %s", bt_addr_le_str(&addr));
1059 return;
1060 }
1061
1062 #if defined(CONFIG_BT_PRIVACY)
1063 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
1064 struct bt_smp_ident_info *id_info;
1065 struct bt_smp_ident_addr_info *id_addr_info;
1066 struct net_buf *buf;
1067
1068 smp->local_dist &= ~BT_SMP_DIST_ID_KEY;
1069
1070 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
1071 sizeof(*id_info));
1072 if (!buf) {
1073 LOG_ERR("Unable to allocate Ident Info buffer");
1074 return;
1075 }
1076
1077 id_info = net_buf_add(buf, sizeof(*id_info));
1078 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
1079
1080 smp_br_send(smp, buf, NULL);
1081
1082 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
1083 sizeof(*id_addr_info));
1084 if (!buf) {
1085 LOG_ERR("Unable to allocate Ident Addr Info buffer");
1086 return;
1087 }
1088
1089 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
1090 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
1091
1092 smp_br_send(smp, buf, smp_id_sent);
1093 }
1094 #endif /* CONFIG_BT_PRIVACY */
1095
1096 #if defined(CONFIG_BT_SIGNING)
1097 if (smp->local_dist & BT_SMP_DIST_SIGN) {
1098 struct bt_smp_signing_info *info;
1099 struct net_buf *buf;
1100
1101 smp->local_dist &= ~BT_SMP_DIST_SIGN;
1102
1103 buf = smp_br_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
1104 sizeof(*info));
1105 if (!buf) {
1106 LOG_ERR("Unable to allocate Signing Info buffer");
1107 return;
1108 }
1109
1110 info = net_buf_add(buf, sizeof(*info));
1111
1112 if (bt_rand(info->csrk, sizeof(info->csrk))) {
1113 LOG_ERR("Unable to get random bytes");
1114 return;
1115 }
1116
1117 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
1118 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
1119 memcpy(keys->local_csrk.val, info->csrk, 16);
1120 keys->local_csrk.cnt = 0U;
1121 }
1122
1123 smp_br_send(smp, buf, smp_sign_info_sent);
1124 }
1125 #endif /* CONFIG_BT_SIGNING */
1126 }
1127
smp_br_pairing_allowed(struct bt_smp_br * smp)1128 static bool smp_br_pairing_allowed(struct bt_smp_br *smp)
1129 {
1130 if (smp->chan.chan.conn->encrypt == 0x02) {
1131 return true;
1132 }
1133
1134 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) &&
1135 smp->chan.chan.conn->encrypt == 0x01) {
1136 LOG_WRN("Allowing BR/EDR SMP with P-192 key");
1137 return true;
1138 }
1139
1140 return false;
1141 }
1142
smp_br_pairing_req(struct bt_smp_br * smp,struct net_buf * buf)1143 static uint8_t smp_br_pairing_req(struct bt_smp_br *smp, struct net_buf *buf)
1144 {
1145 struct bt_smp_pairing *req = (void *)buf->data;
1146 struct bt_conn *conn = smp->chan.chan.conn;
1147 struct bt_smp_pairing *rsp;
1148 struct net_buf *rsp_buf;
1149 uint8_t max_key_size;
1150
1151 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1152 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1153 req->io_capability, req->oob_flag, req->auth_req,
1154 req->max_key_size, req->init_key_dist, req->resp_key_dist);
1155
1156 /*
1157 * If a Pairing Request is received over the BR/EDR transport when
1158 * either cross-transport key derivation/generation is not supported or
1159 * the BR/EDR transport is not encrypted using a Link Key generated
1160 * using P256, a Pairing Failed shall be sent with the error code
1161 * "Cross-transport Key Derivation/Generation not allowed" (0x0E)."
1162 */
1163 if (!smp_br_pairing_allowed(smp)) {
1164 return BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED;
1165 }
1166
1167 max_key_size = bt_conn_enc_key_size(conn);
1168 if (!max_key_size) {
1169 LOG_DBG("Invalid encryption key size");
1170 return BT_SMP_ERR_UNSPECIFIED;
1171 }
1172
1173 if (req->max_key_size != max_key_size) {
1174 return BT_SMP_ERR_ENC_KEY_SIZE;
1175 }
1176
1177 rsp_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
1178 if (!rsp_buf) {
1179 return BT_SMP_ERR_UNSPECIFIED;
1180 }
1181
1182 smp_br_init(smp);
1183 smp->enc_key_size = max_key_size;
1184
1185 /*
1186 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1187 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1188 * Request/Response PDU shall be set to zero on transmission, and
1189 * ignored on reception.
1190 */
1191 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
1192
1193 rsp->auth_req = 0x00;
1194 rsp->io_capability = 0x00;
1195 rsp->oob_flag = 0x00;
1196 rsp->max_key_size = max_key_size;
1197 rsp->init_key_dist = (req->init_key_dist & BR_RECV_KEYS_SC);
1198 rsp->resp_key_dist = (req->resp_key_dist & BR_RECV_KEYS_SC);
1199
1200 smp->local_dist = rsp->resp_key_dist;
1201 smp->remote_dist = rsp->init_key_dist;
1202
1203 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1204 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1205 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1206 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1207
1208 smp_br_send(smp, rsp_buf, NULL);
1209
1210 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1211
1212 /* derive LTK if requested and clear distribution bits */
1213 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1214 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1215 smp_br_derive_ltk(smp);
1216 }
1217 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1218 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1219
1220 /* BR/EDR acceptor is like LE Peripheral and distributes keys first */
1221 smp_br_distribute_keys(smp);
1222
1223 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1224 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1225 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1226 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1227 }
1228
1229 /* if all keys were distributed, pairing is done */
1230 if (!smp->local_dist && !smp->remote_dist) {
1231 smp_pairing_br_complete(smp, 0);
1232 }
1233
1234 return 0;
1235 }
1236
smp_br_pairing_rsp(struct bt_smp_br * smp,struct net_buf * buf)1237 static uint8_t smp_br_pairing_rsp(struct bt_smp_br *smp, struct net_buf *buf)
1238 {
1239 struct bt_smp_pairing *rsp = (void *)buf->data;
1240 struct bt_conn *conn = smp->chan.chan.conn;
1241 uint8_t max_key_size;
1242
1243 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1244 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1245 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1246 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1247
1248 max_key_size = bt_conn_enc_key_size(conn);
1249 if (!max_key_size) {
1250 LOG_DBG("Invalid encryption key size");
1251 return BT_SMP_ERR_UNSPECIFIED;
1252 }
1253
1254 if (rsp->max_key_size != max_key_size) {
1255 return BT_SMP_ERR_ENC_KEY_SIZE;
1256 }
1257
1258 smp->local_dist &= rsp->init_key_dist;
1259 smp->remote_dist &= rsp->resp_key_dist;
1260
1261 smp->local_dist &= SEND_KEYS_SC;
1262 smp->remote_dist &= RECV_KEYS_SC;
1263
1264 /* Peripheral distributes its keys first */
1265
1266 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1267 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1268 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1269 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1270 }
1271
1272 /* derive LTK if requested and clear distribution bits */
1273 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1274 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1275 smp_br_derive_ltk(smp);
1276 }
1277 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1278 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1279
1280 /* Pairing acceptor distributes it's keys first */
1281 if (smp->remote_dist) {
1282 return 0;
1283 }
1284
1285 smp_br_distribute_keys(smp);
1286
1287 /* if all keys were distributed, pairing is done */
1288 if (!smp->local_dist && !smp->remote_dist) {
1289 smp_pairing_br_complete(smp, 0);
1290 }
1291
1292 return 0;
1293 }
1294
smp_br_pairing_failed(struct bt_smp_br * smp,struct net_buf * buf)1295 static uint8_t smp_br_pairing_failed(struct bt_smp_br *smp, struct net_buf *buf)
1296 {
1297 struct bt_smp_pairing_fail *req = (void *)buf->data;
1298
1299 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
1300
1301 smp_pairing_br_complete(smp, req->reason);
1302 smp_br_reset(smp);
1303
1304 /* return no error to avoid sending Pairing Failed in response */
1305 return 0;
1306 }
1307
smp_br_ident_info(struct bt_smp_br * smp,struct net_buf * buf)1308 static uint8_t smp_br_ident_info(struct bt_smp_br *smp, struct net_buf *buf)
1309 {
1310 struct bt_smp_ident_info *req = (void *)buf->data;
1311 struct bt_conn *conn = smp->chan.chan.conn;
1312 struct bt_keys *keys;
1313 bt_addr_le_t addr;
1314
1315 LOG_DBG("");
1316
1317 /* TODO should we resolve LE address if matching RPA is connected? */
1318
1319 /*
1320 * For dualmode devices LE address is same as BR/EDR address and is of
1321 * public type.
1322 */
1323 bt_addr_copy(&addr.a, &conn->br.dst);
1324 addr.type = BT_ADDR_LE_PUBLIC;
1325
1326 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &addr);
1327 if (!keys) {
1328 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1329 return BT_SMP_ERR_UNSPECIFIED;
1330 }
1331
1332 memcpy(keys->irk.val, req->irk, sizeof(keys->irk.val));
1333
1334 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
1335
1336 return 0;
1337 }
1338
smp_br_ident_addr_info(struct bt_smp_br * smp,struct net_buf * buf)1339 static uint8_t smp_br_ident_addr_info(struct bt_smp_br *smp,
1340 struct net_buf *buf)
1341 {
1342 struct bt_conn *conn = smp->chan.chan.conn;
1343 struct bt_smp_ident_addr_info *req = (void *)buf->data;
1344 bt_addr_le_t addr;
1345
1346 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
1347
1348 /*
1349 * For dual mode device identity address must be same as BR/EDR address
1350 * and be of public type. So if received one doesn't match BR/EDR
1351 * address we fail.
1352 */
1353
1354 bt_addr_copy(&addr.a, &conn->br.dst);
1355 addr.type = BT_ADDR_LE_PUBLIC;
1356
1357 if (!bt_addr_le_eq(&addr, &req->addr)) {
1358 return BT_SMP_ERR_UNSPECIFIED;
1359 }
1360
1361 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
1362
1363 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1364 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1365 }
1366
1367 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1368 smp_br_distribute_keys(smp);
1369 }
1370
1371 /* if all keys were distributed, pairing is done */
1372 if (!smp->local_dist && !smp->remote_dist) {
1373 smp_pairing_br_complete(smp, 0);
1374 }
1375
1376 return 0;
1377 }
1378
1379 #if defined(CONFIG_BT_SIGNING)
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1380 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1381 {
1382 struct bt_smp_signing_info *req = (void *)buf->data;
1383 struct bt_conn *conn = smp->chan.chan.conn;
1384 struct bt_keys *keys;
1385 bt_addr_le_t addr;
1386
1387 LOG_DBG("");
1388
1389 /*
1390 * For dualmode devices LE address is same as BR/EDR address and is of
1391 * public type.
1392 */
1393 bt_addr_copy(&addr.a, &conn->br.dst);
1394 addr.type = BT_ADDR_LE_PUBLIC;
1395
1396 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id, &addr);
1397 if (!keys) {
1398 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1399 return BT_SMP_ERR_UNSPECIFIED;
1400 }
1401
1402 memcpy(keys->remote_csrk.val, req->csrk, sizeof(keys->remote_csrk.val));
1403
1404 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
1405
1406 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1407 smp_br_distribute_keys(smp);
1408 }
1409
1410 /* if all keys were distributed, pairing is done */
1411 if (!smp->local_dist && !smp->remote_dist) {
1412 smp_pairing_br_complete(smp, 0);
1413 }
1414
1415 return 0;
1416 }
1417 #else
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1418 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1419 {
1420 return BT_SMP_ERR_CMD_NOTSUPP;
1421 }
1422 #endif /* CONFIG_BT_SIGNING */
1423
1424 static const struct {
1425 uint8_t (*func)(struct bt_smp_br *smp, struct net_buf *buf);
1426 uint8_t expect_len;
1427 } br_handlers[] = {
1428 { }, /* No op-code defined for 0x00 */
1429 { smp_br_pairing_req, sizeof(struct bt_smp_pairing) },
1430 { smp_br_pairing_rsp, sizeof(struct bt_smp_pairing) },
1431 { }, /* pairing confirm not used over BR/EDR */
1432 { }, /* pairing random not used over BR/EDR */
1433 { smp_br_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
1434 { }, /* encrypt info not used over BR/EDR */
1435 { }, /* central ident not used over BR/EDR */
1436 { smp_br_ident_info, sizeof(struct bt_smp_ident_info) },
1437 { smp_br_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
1438 { smp_br_signing_info, sizeof(struct bt_smp_signing_info) },
1439 /* security request not used over BR/EDR */
1440 /* public key not used over BR/EDR */
1441 /* DHKey check not used over BR/EDR */
1442 };
1443
smp_br_error(struct bt_smp_br * smp,uint8_t reason)1444 static int smp_br_error(struct bt_smp_br *smp, uint8_t reason)
1445 {
1446 struct bt_smp_pairing_fail *rsp;
1447 struct net_buf *buf;
1448
1449 /* reset context and report */
1450 smp_br_reset(smp);
1451
1452 buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1453 if (!buf) {
1454 return -ENOBUFS;
1455 }
1456
1457 rsp = net_buf_add(buf, sizeof(*rsp));
1458 rsp->reason = reason;
1459
1460 /*
1461 * SMP timer is not restarted for PairingFailed so don't use
1462 * smp_br_send
1463 */
1464 if (bt_l2cap_br_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf,
1465 NULL, NULL)) {
1466 net_buf_unref(buf);
1467 }
1468
1469 return 0;
1470 }
1471
bt_smp_br_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1472 static int bt_smp_br_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1473 {
1474 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
1475 struct bt_smp_hdr *hdr;
1476 uint8_t err;
1477
1478 if (buf->len < sizeof(*hdr)) {
1479 LOG_ERR("Too small SMP PDU received");
1480 return 0;
1481 }
1482
1483 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1484 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
1485
1486 /*
1487 * If SMP timeout occurred "no further SMP commands shall be sent over
1488 * the L2CAP Security Manager Channel. A new SM procedure shall only be
1489 * performed when a new physical link has been established."
1490 */
1491 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1492 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
1493 return 0;
1494 }
1495
1496 if (hdr->code >= ARRAY_SIZE(br_handlers) ||
1497 !br_handlers[hdr->code].func) {
1498 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
1499 smp_br_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
1500 return 0;
1501 }
1502
1503 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
1504 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
1505 smp_br_error(smp, BT_SMP_ERR_UNSPECIFIED);
1506 return 0;
1507 }
1508
1509 if (buf->len != br_handlers[hdr->code].expect_len) {
1510 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
1511 smp_br_error(smp, BT_SMP_ERR_INVALID_PARAMS);
1512 return 0;
1513 }
1514
1515 err = br_handlers[hdr->code].func(smp, buf);
1516 if (err) {
1517 smp_br_error(smp, err);
1518 }
1519
1520 return 0;
1521 }
1522
br_sc_supported(void)1523 static bool br_sc_supported(void)
1524 {
1525 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR)) {
1526 LOG_WRN("Enabling BR/EDR SMP without BR/EDR SC support");
1527 return true;
1528 }
1529
1530 return BT_FEAT_SC(bt_dev.features);
1531 }
1532
bt_smp_br_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)1533 static int bt_smp_br_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
1534 {
1535 static const struct bt_l2cap_chan_ops ops = {
1536 .connected = bt_smp_br_connected,
1537 .disconnected = bt_smp_br_disconnected,
1538 .recv = bt_smp_br_recv,
1539 };
1540 int i;
1541
1542 /* Check BR/EDR SC is supported */
1543 if (!br_sc_supported()) {
1544 return -ENOTSUP;
1545 }
1546
1547 LOG_DBG("conn %p handle %u", conn, conn->handle);
1548
1549 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
1550 struct bt_smp_br *smp = &bt_smp_br_pool[i];
1551
1552 if (smp->chan.chan.conn) {
1553 continue;
1554 }
1555
1556 smp->chan.chan.ops = &ops;
1557
1558 *chan = &smp->chan.chan;
1559
1560 k_work_init_delayable(&smp->work, smp_br_timeout);
1561 smp_br_reset(smp);
1562
1563 return 0;
1564 }
1565
1566 LOG_ERR("No available SMP context for conn %p", conn);
1567
1568 return -ENOMEM;
1569 }
1570
smp_br_chan_get(struct bt_conn * conn)1571 static struct bt_smp_br *smp_br_chan_get(struct bt_conn *conn)
1572 {
1573 struct bt_l2cap_chan *chan;
1574
1575 chan = bt_l2cap_br_lookup_rx_cid(conn, BT_L2CAP_CID_BR_SMP);
1576 if (!chan) {
1577 LOG_ERR("Unable to find SMP channel");
1578 return NULL;
1579 }
1580
1581 return CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
1582 }
1583
bt_smp_br_send_pairing_req(struct bt_conn * conn)1584 int bt_smp_br_send_pairing_req(struct bt_conn *conn)
1585 {
1586 struct bt_smp_pairing *req;
1587 struct net_buf *req_buf;
1588 uint8_t max_key_size;
1589 struct bt_smp_br *smp;
1590
1591 smp = smp_br_chan_get(conn);
1592 if (!smp) {
1593 return -ENOTCONN;
1594 }
1595
1596 /* SMP Timeout */
1597 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1598 return -EIO;
1599 }
1600
1601 /* pairing is in progress */
1602 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1603 return -EBUSY;
1604 }
1605
1606 /* check if we are allowed to start SMP over BR/EDR */
1607 if (!smp_br_pairing_allowed(smp)) {
1608 return 0;
1609 }
1610
1611 /* Channel not yet connected, will start pairing once connected */
1612 if (!atomic_test_bit(smp->flags, SMP_FLAG_BR_CONNECTED)) {
1613 atomic_set_bit(smp->flags, SMP_FLAG_BR_PAIR);
1614 return 0;
1615 }
1616
1617 max_key_size = bt_conn_enc_key_size(conn);
1618 if (!max_key_size) {
1619 LOG_DBG("Invalid encryption key size");
1620 return -EIO;
1621 }
1622
1623 smp_br_init(smp);
1624 smp->enc_key_size = max_key_size;
1625
1626 req_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
1627 if (!req_buf) {
1628 return -ENOBUFS;
1629 }
1630
1631 req = net_buf_add(req_buf, sizeof(*req));
1632
1633 /*
1634 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1635 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1636 * Request/Response PDU shall be set to zero on transmission, and
1637 * ignored on reception.
1638 */
1639
1640 req->auth_req = 0x00;
1641 req->io_capability = 0x00;
1642 req->oob_flag = 0x00;
1643 req->max_key_size = max_key_size;
1644 req->init_key_dist = BR_SEND_KEYS_SC;
1645 req->resp_key_dist = BR_RECV_KEYS_SC;
1646
1647 smp_br_send(smp, req_buf, NULL);
1648
1649 smp->local_dist = BR_SEND_KEYS_SC;
1650 smp->remote_dist = BR_RECV_KEYS_SC;
1651
1652 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
1653
1654 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1655
1656 return 0;
1657 }
1658 #endif /* CONFIG_BT_CLASSIC */
1659
smp_reset(struct bt_smp * smp)1660 static void smp_reset(struct bt_smp *smp)
1661 {
1662 struct bt_conn *conn = smp->chan.chan.conn;
1663
1664 /* Clear flags first in case canceling of timeout fails. The SMP context
1665 * shall be marked as timed out in that case.
1666 */
1667 atomic_set(smp->flags, 0);
1668
1669 /* If canceling fails the timeout handler will set the timeout flag and
1670 * mark the it as timed out. No new pairing procedures shall be started
1671 * on this connection if that happens.
1672 */
1673 (void)k_work_cancel_delayable(&smp->work);
1674
1675 smp->method = JUST_WORKS;
1676 atomic_set(smp->allowed_cmds, 0);
1677
1678 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1679 conn->role == BT_HCI_ROLE_CENTRAL) {
1680 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
1681 return;
1682 }
1683
1684 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
1685 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
1686 }
1687 }
1688
hci_err_get(enum bt_security_err err)1689 static uint8_t hci_err_get(enum bt_security_err err)
1690 {
1691 switch (err) {
1692 case BT_SECURITY_ERR_SUCCESS:
1693 return BT_HCI_ERR_SUCCESS;
1694 case BT_SECURITY_ERR_AUTH_FAIL:
1695 return BT_HCI_ERR_AUTH_FAIL;
1696 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
1697 return BT_HCI_ERR_PIN_OR_KEY_MISSING;
1698 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
1699 return BT_HCI_ERR_PAIRING_NOT_SUPPORTED;
1700 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
1701 return BT_HCI_ERR_PAIRING_NOT_ALLOWED;
1702 case BT_SECURITY_ERR_INVALID_PARAM:
1703 return BT_HCI_ERR_INVALID_PARAM;
1704 default:
1705 return BT_HCI_ERR_UNSPECIFIED;
1706 }
1707 }
1708
1709 /* Note: This function not only does set the status but also calls smp_reset
1710 * at the end which clears any flags previously set.
1711 */
smp_pairing_complete(struct bt_smp * smp,uint8_t status)1712 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status)
1713 {
1714 struct bt_conn *conn = smp->chan.chan.conn;
1715
1716 LOG_DBG("got status 0x%x", status);
1717
1718 if (conn->le.keys == NULL) {
1719 /* We can get here if the application calls `bt_unpair` in the
1720 * `security_changed` callback.
1721 */
1722 LOG_WRN("The in-progress pairing has been deleted!");
1723 status = BT_SMP_ERR_UNSPECIFIED;
1724 }
1725
1726 if (!status) {
1727 #if defined(CONFIG_BT_CLASSIC)
1728 /*
1729 * Don't derive if Debug Keys are used.
1730 * TODO should we allow this if BR/EDR is already connected?
1731 */
1732 if (atomic_test_bit(smp->flags, SMP_FLAG_DERIVE_LK) &&
1733 (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) ||
1734 IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS))) {
1735 sc_derive_link_key(smp);
1736 }
1737 #endif /* CONFIG_BT_CLASSIC */
1738 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
1739 struct bt_conn_auth_info_cb *listener, *next;
1740
1741 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
1742 bt_keys_show_sniffer_info(conn->le.keys, NULL);
1743 }
1744
1745 if (bond_flag && conn->le.keys) {
1746 bt_keys_store(conn->le.keys);
1747 }
1748
1749 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
1750 next, node) {
1751 if (listener->pairing_complete) {
1752 listener->pairing_complete(conn, bond_flag);
1753 }
1754 }
1755 } else {
1756 enum bt_security_err security_err = security_err_get(status);
1757
1758 /* Clear the key pool entry in case of pairing failure if the
1759 * keys already existed before the pairing procedure or the
1760 * pairing failed during key distribution.
1761 */
1762 if (conn->le.keys &&
1763 (!conn->le.keys->enc_size ||
1764 atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR))) {
1765 bt_keys_clear(conn->le.keys);
1766 conn->le.keys = NULL;
1767 }
1768
1769 if (!atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
1770 bt_conn_security_changed(conn,
1771 hci_err_get(security_err),
1772 security_err);
1773 }
1774
1775 /* Check SMP_FLAG_PAIRING as bt_conn_security_changed may
1776 * have called the pairing_failed callback already.
1777 */
1778 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1779 struct bt_conn_auth_info_cb *listener, *next;
1780
1781 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs,
1782 listener, next,
1783 node) {
1784 if (listener->pairing_failed) {
1785 listener->pairing_failed(conn, security_err);
1786 }
1787 }
1788 }
1789 }
1790
1791 smp_reset(smp);
1792
1793 if (conn->state == BT_CONN_CONNECTED && conn->sec_level != conn->required_sec_level) {
1794 bt_smp_start_security(conn);
1795 }
1796 }
1797
smp_timeout(struct k_work * work)1798 static void smp_timeout(struct k_work *work)
1799 {
1800 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
1801 struct bt_smp *smp = CONTAINER_OF(dwork, struct bt_smp, work);
1802
1803 LOG_ERR("SMP Timeout");
1804
1805 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
1806
1807 /* smp_pairing_complete clears flags so setting timeout flag must come
1808 * after it.
1809 */
1810 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1811 }
1812
smp_send(struct bt_smp * smp,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)1813 static void smp_send(struct bt_smp *smp, struct net_buf *buf,
1814 bt_conn_tx_cb_t cb, void *user_data)
1815 {
1816 __ASSERT_NO_MSG(user_data == NULL);
1817
1818 int err = bt_l2cap_send_pdu(&smp->chan, buf, cb, NULL);
1819
1820 if (err) {
1821 if (err == -ENOBUFS) {
1822 LOG_ERR("Ran out of TX buffers or contexts.");
1823 }
1824
1825 net_buf_unref(buf);
1826 return;
1827 }
1828
1829 k_work_reschedule(&smp->work, SMP_TIMEOUT);
1830 }
1831
smp_error(struct bt_smp * smp,uint8_t reason)1832 static int smp_error(struct bt_smp *smp, uint8_t reason)
1833 {
1834 struct bt_smp_pairing_fail *rsp;
1835 struct net_buf *buf;
1836 bool remote_already_completed;
1837
1838 /* By spec, SMP "pairing process" completes successfully when the last
1839 * key to distribute is acknowledged at link-layer.
1840 */
1841 remote_already_completed = (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR) &&
1842 !smp->local_dist && !smp->remote_dist);
1843
1844 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
1845 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
1846 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
1847 /* reset context and report */
1848 smp_pairing_complete(smp, reason);
1849 }
1850
1851 if (remote_already_completed) {
1852 LOG_WRN("SMP does not allow a pairing failure at this point. Known issue. "
1853 "Disconnecting instead.");
1854 /* We are probably here because we are, as a peripheral, rejecting a pairing based
1855 * on the central's identity address information, but that was the last key to
1856 * be transmitted. In that case, the pairing process is already completed.
1857 * The SMP protocol states that the pairing process is completed the moment the
1858 * peripheral link-layer confirmed the reception of the PDU with the last key.
1859 */
1860 bt_conn_disconnect(smp->chan.chan.conn, BT_HCI_ERR_AUTH_FAIL);
1861 return 0;
1862 }
1863
1864 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1865 if (!buf) {
1866 return -ENOBUFS;
1867 }
1868
1869 rsp = net_buf_add(buf, sizeof(*rsp));
1870 rsp->reason = reason;
1871
1872 /* SMP timer is not restarted for PairingFailed so don't use smp_send */
1873 if (bt_l2cap_send_pdu(&smp->chan, buf, NULL, NULL)) {
1874 net_buf_unref(buf);
1875 }
1876
1877 return 0;
1878 }
1879
smp_send_pairing_random(struct bt_smp * smp)1880 static uint8_t smp_send_pairing_random(struct bt_smp *smp)
1881 {
1882 struct bt_smp_pairing_random *req;
1883 struct net_buf *rsp_buf;
1884
1885 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
1886 if (!rsp_buf) {
1887 return BT_SMP_ERR_UNSPECIFIED;
1888 }
1889
1890 req = net_buf_add(rsp_buf, sizeof(*req));
1891 memcpy(req->val, smp->prnd, sizeof(req->val));
1892
1893 smp_send(smp, rsp_buf, NULL, NULL);
1894
1895 return 0;
1896 }
1897
1898 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_c1(const uint8_t k[16],const uint8_t r[16],const uint8_t preq[7],const uint8_t pres[7],const bt_addr_le_t * ia,const bt_addr_le_t * ra,uint8_t enc_data[16])1899 static int smp_c1(const uint8_t k[16], const uint8_t r[16],
1900 const uint8_t preq[7], const uint8_t pres[7],
1901 const bt_addr_le_t *ia, const bt_addr_le_t *ra,
1902 uint8_t enc_data[16])
1903 {
1904 uint8_t p1[16], p2[16];
1905 int err;
1906
1907 LOG_DBG("k %s", bt_hex(k, 16));
1908 LOG_DBG("r %s", bt_hex(r, 16));
1909 LOG_DBG("ia %s", bt_addr_le_str(ia));
1910 LOG_DBG("ra %s", bt_addr_le_str(ra));
1911 LOG_DBG("preq %s", bt_hex(preq, 7));
1912 LOG_DBG("pres %s", bt_hex(pres, 7));
1913
1914 /* pres, preq, rat and iat are concatenated to generate p1 */
1915 p1[0] = ia->type;
1916 p1[1] = ra->type;
1917 memcpy(p1 + 2, preq, 7);
1918 memcpy(p1 + 9, pres, 7);
1919
1920 LOG_DBG("p1 %s", bt_hex(p1, 16));
1921
1922 /* c1 = e(k, e(k, r XOR p1) XOR p2) */
1923
1924 /* Using enc_data as temporary output buffer */
1925 mem_xor_128(enc_data, r, p1);
1926
1927 err = bt_encrypt_le(k, enc_data, enc_data);
1928 if (err) {
1929 return err;
1930 }
1931
1932 /* ra is concatenated with ia and padding to generate p2 */
1933 memcpy(p2, ra->a.val, 6);
1934 memcpy(p2 + 6, ia->a.val, 6);
1935 (void)memset(p2 + 12, 0, 4);
1936
1937 LOG_DBG("p2 %s", bt_hex(p2, 16));
1938
1939 mem_xor_128(enc_data, p2, enc_data);
1940
1941 return bt_encrypt_le(k, enc_data, enc_data);
1942 }
1943 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
1944
smp_send_pairing_confirm(struct bt_smp * smp)1945 static uint8_t smp_send_pairing_confirm(struct bt_smp *smp)
1946 {
1947 struct bt_smp_pairing_confirm *req;
1948 struct net_buf *buf;
1949 uint8_t r;
1950
1951 switch (smp->method) {
1952 case PASSKEY_CONFIRM:
1953 case JUST_WORKS:
1954 r = 0U;
1955 break;
1956 case PASSKEY_DISPLAY:
1957 case PASSKEY_INPUT:
1958 /*
1959 * In the Passkey Entry protocol, the most significant
1960 * bit of Z is set equal to one and the least
1961 * significant bit is made up from one bit of the
1962 * passkey e.g. if the passkey bit is 1, then Z = 0x81
1963 * and if the passkey bit is 0, then Z = 0x80.
1964 */
1965 r = (smp->passkey >> smp->passkey_round) & 0x01;
1966 r |= 0x80;
1967 break;
1968 default:
1969 LOG_ERR("Unknown pairing method (%u)", smp->method);
1970 return BT_SMP_ERR_UNSPECIFIED;
1971 }
1972
1973 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
1974 if (!buf) {
1975 return BT_SMP_ERR_UNSPECIFIED;
1976 }
1977
1978 req = net_buf_add(buf, sizeof(*req));
1979
1980 if (bt_crypto_f4(sc_public_key, smp->pkey, smp->prnd, r, req->val)) {
1981 net_buf_unref(buf);
1982 return BT_SMP_ERR_UNSPECIFIED;
1983 }
1984
1985 smp_send(smp, buf, NULL, NULL);
1986
1987 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
1988
1989 return 0;
1990 }
1991
1992 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_ident_sent(struct bt_conn * conn,void * user_data,int err)1993 static void smp_ident_sent(struct bt_conn *conn, void *user_data, int err)
1994 {
1995 if (!err) {
1996 smp_check_complete(conn, BT_SMP_DIST_ENC_KEY);
1997 }
1998 }
1999
legacy_distribute_keys(struct bt_smp * smp)2000 static void legacy_distribute_keys(struct bt_smp *smp)
2001 {
2002 struct bt_conn *conn = smp->chan.chan.conn;
2003 struct bt_keys *keys = conn->le.keys;
2004
2005 if (smp->local_dist & BT_SMP_DIST_ENC_KEY) {
2006 struct bt_smp_encrypt_info *info;
2007 struct bt_smp_central_ident *ident;
2008 struct net_buf *buf;
2009 /* Use struct to get randomness in single call to bt_rand */
2010 struct {
2011 uint8_t key[16];
2012 uint8_t rand[8];
2013 uint8_t ediv[2];
2014 } rand;
2015
2016 if (bt_rand((void *)&rand, sizeof(rand))) {
2017 LOG_ERR("Unable to get random bytes");
2018 return;
2019 }
2020
2021 buf = smp_create_pdu(smp, BT_SMP_CMD_ENCRYPT_INFO,
2022 sizeof(*info));
2023 if (!buf) {
2024 LOG_ERR("Unable to allocate Encrypt Info buffer");
2025 return;
2026 }
2027
2028 info = net_buf_add(buf, sizeof(*info));
2029
2030 /* distributed only enc_size bytes of key */
2031 memcpy(info->ltk, rand.key, keys->enc_size);
2032 if (keys->enc_size < sizeof(info->ltk)) {
2033 (void)memset(info->ltk + keys->enc_size, 0,
2034 sizeof(info->ltk) - keys->enc_size);
2035 }
2036
2037 smp_send(smp, buf, NULL, NULL);
2038
2039 buf = smp_create_pdu(smp, BT_SMP_CMD_CENTRAL_IDENT,
2040 sizeof(*ident));
2041 if (!buf) {
2042 LOG_ERR("Unable to allocate Central Ident buffer");
2043 return;
2044 }
2045
2046 ident = net_buf_add(buf, sizeof(*ident));
2047 memcpy(ident->rand, rand.rand, sizeof(ident->rand));
2048 memcpy(ident->ediv, rand.ediv, sizeof(ident->ediv));
2049
2050 smp_send(smp, buf, smp_ident_sent, NULL);
2051
2052 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2053 bt_keys_add_type(keys, BT_KEYS_PERIPH_LTK);
2054
2055 memcpy(keys->periph_ltk.val, rand.key,
2056 sizeof(keys->periph_ltk.val));
2057 memcpy(keys->periph_ltk.rand, rand.rand,
2058 sizeof(keys->periph_ltk.rand));
2059 memcpy(keys->periph_ltk.ediv, rand.ediv,
2060 sizeof(keys->periph_ltk.ediv));
2061 }
2062 }
2063 }
2064 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2065
bt_smp_distribute_keys(struct bt_smp * smp)2066 static uint8_t bt_smp_distribute_keys(struct bt_smp *smp)
2067 {
2068 struct bt_conn *conn = smp->chan.chan.conn;
2069 struct bt_keys *keys = conn->le.keys;
2070
2071 if (!keys) {
2072 LOG_ERR("No keys space for %s", bt_addr_le_str(&conn->le.dst));
2073 return BT_SMP_ERR_UNSPECIFIED;
2074 }
2075
2076 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2077 /* Distribute legacy pairing specific keys */
2078 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2079 legacy_distribute_keys(smp);
2080 }
2081 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2082
2083 #if defined(CONFIG_BT_PRIVACY)
2084 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
2085 struct bt_smp_ident_info *id_info;
2086 struct bt_smp_ident_addr_info *id_addr_info;
2087 struct net_buf *buf;
2088
2089 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
2090 sizeof(*id_info));
2091 if (!buf) {
2092 LOG_ERR("Unable to allocate Ident Info buffer");
2093 return BT_SMP_ERR_UNSPECIFIED;
2094 }
2095
2096 id_info = net_buf_add(buf, sizeof(*id_info));
2097 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
2098
2099 smp_send(smp, buf, NULL, NULL);
2100
2101 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
2102 sizeof(*id_addr_info));
2103 if (!buf) {
2104 LOG_ERR("Unable to allocate Ident Addr Info buffer");
2105 return BT_SMP_ERR_UNSPECIFIED;
2106 }
2107
2108 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
2109 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
2110
2111 smp_send(smp, buf, smp_id_sent, NULL);
2112 }
2113 #endif /* CONFIG_BT_PRIVACY */
2114
2115 #if defined(CONFIG_BT_SIGNING)
2116 if (smp->local_dist & BT_SMP_DIST_SIGN) {
2117 struct bt_smp_signing_info *info;
2118 struct net_buf *buf;
2119
2120 buf = smp_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
2121 sizeof(*info));
2122 if (!buf) {
2123 LOG_ERR("Unable to allocate Signing Info buffer");
2124 return BT_SMP_ERR_UNSPECIFIED;
2125 }
2126
2127 info = net_buf_add(buf, sizeof(*info));
2128
2129 if (bt_rand(info->csrk, sizeof(info->csrk))) {
2130 return BT_SMP_ERR_UNSPECIFIED;
2131 }
2132
2133 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2134 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
2135 memcpy(keys->local_csrk.val, info->csrk, 16);
2136 keys->local_csrk.cnt = 0U;
2137 }
2138
2139 smp_send(smp, buf, smp_sign_info_sent, NULL);
2140 }
2141 #endif /* CONFIG_BT_SIGNING */
2142
2143 return 0;
2144 }
2145
2146 #if defined(CONFIG_BT_PERIPHERAL)
send_pairing_rsp(struct bt_smp * smp)2147 static uint8_t send_pairing_rsp(struct bt_smp *smp)
2148 {
2149 struct bt_smp_pairing *rsp;
2150 struct net_buf *rsp_buf;
2151
2152 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
2153 if (!rsp_buf) {
2154 return BT_SMP_ERR_UNSPECIFIED;
2155 }
2156
2157 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
2158 memcpy(rsp, smp->prsp + 1, sizeof(*rsp));
2159
2160 smp_send(smp, rsp_buf, NULL, NULL);
2161
2162 return 0;
2163 }
2164 #endif /* CONFIG_BT_PERIPHERAL */
2165
smp_pairing_accept_query(struct bt_smp * smp,struct bt_smp_pairing * pairing)2166 static uint8_t smp_pairing_accept_query(struct bt_smp *smp, struct bt_smp_pairing *pairing)
2167 {
2168 #if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
2169 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2170 struct bt_conn *conn = smp->chan.chan.conn;
2171
2172 if (smp_auth_cb && smp_auth_cb->pairing_accept) {
2173 const struct bt_conn_pairing_feat feat = {
2174 .io_capability = pairing->io_capability,
2175 .oob_data_flag = pairing->oob_flag,
2176 .auth_req = pairing->auth_req,
2177 .max_enc_key_size = pairing->max_key_size,
2178 .init_key_dist = pairing->init_key_dist,
2179 .resp_key_dist = pairing->resp_key_dist
2180 };
2181
2182 return smp_err_get(smp_auth_cb->pairing_accept(conn, &feat));
2183 }
2184 #endif /* CONFIG_BT_SMP_APP_PAIRING_ACCEPT */
2185 return 0;
2186 }
2187
2188 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_s1(const uint8_t k[16],const uint8_t r1[16],const uint8_t r2[16],uint8_t out[16])2189 static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
2190 const uint8_t r2[16], uint8_t out[16])
2191 {
2192 /* The most significant 64-bits of r1 are discarded to generate
2193 * r1' and the most significant 64-bits of r2 are discarded to
2194 * generate r2'.
2195 * r1' is concatenated with r2' to generate r' which is used as
2196 * the 128-bit input parameter plaintextData to security function e:
2197 *
2198 * r' = r1' || r2'
2199 */
2200 memcpy(out, r2, 8);
2201 memcpy(out + 8, r1, 8);
2202
2203 /* s1(k, r1 , r2) = e(k, r') */
2204 return bt_encrypt_le(k, out, out);
2205 }
2206
legacy_get_pair_method(struct bt_smp * smp,uint8_t remote_io)2207 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io)
2208 {
2209 struct bt_smp_pairing *req, *rsp;
2210 uint8_t method;
2211
2212 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
2213 return JUST_WORKS;
2214 }
2215
2216 req = (struct bt_smp_pairing *)&smp->preq[1];
2217 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2218
2219 /* if both sides have OOB data use OOB */
2220 if ((req->oob_flag & rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
2221 return LEGACY_OOB;
2222 }
2223
2224 /* if none side requires MITM use JustWorks */
2225 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
2226 return JUST_WORKS;
2227 }
2228
2229 method = gen_method_legacy[remote_io][get_io_capa(smp)];
2230
2231 /* if both sides have KeyboardDisplay capabilities, initiator displays
2232 * and responder inputs
2233 */
2234 if (method == PASSKEY_ROLE) {
2235 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2236 method = PASSKEY_DISPLAY;
2237 } else {
2238 method = PASSKEY_INPUT;
2239 }
2240 }
2241
2242 return method;
2243 }
2244
legacy_request_tk(struct bt_smp * smp)2245 static uint8_t legacy_request_tk(struct bt_smp *smp)
2246 {
2247 struct bt_conn *conn = smp->chan.chan.conn;
2248 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2249 struct bt_keys *keys;
2250 uint32_t passkey;
2251
2252 /*
2253 * Fail if we have keys that are stronger than keys that will be
2254 * distributed in new pairing. This is to avoid replacing authenticated
2255 * keys with unauthenticated ones.
2256 */
2257 keys = bt_keys_find_addr(conn->id, &conn->le.dst);
2258 if (keys && (keys->flags & BT_KEYS_AUTHENTICATED) &&
2259 smp->method == JUST_WORKS) {
2260 LOG_ERR("JustWorks failed, authenticated keys present");
2261 return BT_SMP_ERR_UNSPECIFIED;
2262 }
2263
2264 switch (smp->method) {
2265 case LEGACY_OOB:
2266 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
2267 struct bt_conn_oob_info info = {
2268 .type = BT_CONN_OOB_LE_LEGACY,
2269 };
2270
2271 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2272 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
2273 } else {
2274 return BT_SMP_ERR_OOB_NOT_AVAIL;
2275 }
2276
2277 break;
2278 case PASSKEY_DISPLAY:
2279 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
2280 fixed_passkey != BT_PASSKEY_INVALID) {
2281 passkey = fixed_passkey;
2282 } else {
2283 if (bt_rand(&passkey, sizeof(passkey))) {
2284 return BT_SMP_ERR_UNSPECIFIED;
2285 }
2286
2287 passkey %= 1000000;
2288 }
2289
2290 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
2291 LOG_INF("Legacy passkey %u", passkey);
2292 }
2293
2294 if (smp_auth_cb && smp_auth_cb->passkey_display) {
2295 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
2296 smp_auth_cb->passkey_display(conn, passkey);
2297 }
2298
2299 sys_put_le32(passkey, smp->tk);
2300
2301 break;
2302 case PASSKEY_INPUT:
2303 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2304 smp_auth_cb->passkey_entry(conn);
2305 break;
2306 case JUST_WORKS:
2307 break;
2308 default:
2309 LOG_ERR("Unknown pairing method (%u)", smp->method);
2310 return BT_SMP_ERR_UNSPECIFIED;
2311 }
2312
2313 return 0;
2314 }
2315
legacy_send_pairing_confirm(struct bt_smp * smp)2316 static uint8_t legacy_send_pairing_confirm(struct bt_smp *smp)
2317 {
2318 struct bt_conn *conn = smp->chan.chan.conn;
2319 struct bt_smp_pairing_confirm *req;
2320 struct net_buf *buf;
2321
2322 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2323 if (!buf) {
2324 return BT_SMP_ERR_UNSPECIFIED;
2325 }
2326
2327 req = net_buf_add(buf, sizeof(*req));
2328
2329 if (smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
2330 &conn->le.init_addr, &conn->le.resp_addr, req->val)) {
2331 net_buf_unref(buf);
2332 return BT_SMP_ERR_UNSPECIFIED;
2333 }
2334
2335 smp_send(smp, buf, NULL, NULL);
2336
2337 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2338
2339 return 0;
2340 }
2341
2342 #if defined(CONFIG_BT_PERIPHERAL)
legacy_pairing_req(struct bt_smp * smp)2343 static uint8_t legacy_pairing_req(struct bt_smp *smp)
2344 {
2345 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2346 uint8_t ret;
2347
2348 LOG_DBG("");
2349
2350 ret = legacy_request_tk(smp);
2351 if (ret) {
2352 return ret;
2353 }
2354
2355 /* ask for consent if pairing is not due to sending SecReq*/
2356 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2357 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2358 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2359 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2360 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2361 return 0;
2362 }
2363
2364 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2365 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2366 return send_pairing_rsp(smp);
2367 }
2368 #endif /* CONFIG_BT_PERIPHERAL */
2369
legacy_pairing_random(struct bt_smp * smp)2370 static uint8_t legacy_pairing_random(struct bt_smp *smp)
2371 {
2372 struct bt_conn *conn = smp->chan.chan.conn;
2373 uint8_t tmp[16];
2374 int err;
2375
2376 LOG_DBG("");
2377
2378 /* calculate confirmation */
2379 err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
2380 &conn->le.init_addr, &conn->le.resp_addr, tmp);
2381 if (err) {
2382 return BT_SMP_ERR_UNSPECIFIED;
2383 }
2384
2385 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
2386 LOG_DBG("cfm %s", bt_hex(tmp, 16));
2387
2388 if (memcmp(smp->pcnf, tmp, sizeof(smp->pcnf))) {
2389 return BT_SMP_ERR_CONFIRM_FAILED;
2390 }
2391
2392 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2393 conn->role == BT_HCI_ROLE_CENTRAL) {
2394 uint8_t ediv[2], rand[8];
2395
2396 /* No need to store central STK */
2397 err = smp_s1(smp->tk, smp->rrnd, smp->prnd, tmp);
2398 if (err) {
2399 return BT_SMP_ERR_UNSPECIFIED;
2400 }
2401
2402 /* Rand and EDiv are 0 for the STK */
2403 (void)memset(ediv, 0, sizeof(ediv));
2404 (void)memset(rand, 0, sizeof(rand));
2405 if (bt_conn_le_start_encryption(conn, rand, ediv, tmp,
2406 get_encryption_key_size(smp))) {
2407 LOG_ERR("Failed to start encryption");
2408 return BT_SMP_ERR_UNSPECIFIED;
2409 }
2410
2411 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2412
2413 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
2414 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
2415 atomic_set_bit(smp->allowed_cmds,
2416 BT_SMP_CMD_ENCRYPT_INFO);
2417 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2418 atomic_set_bit(smp->allowed_cmds,
2419 BT_SMP_CMD_IDENT_INFO);
2420 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2421 atomic_set_bit(smp->allowed_cmds,
2422 BT_SMP_CMD_SIGNING_INFO);
2423 }
2424 }
2425
2426 return 0;
2427 }
2428
2429 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2430 err = smp_s1(smp->tk, smp->prnd, smp->rrnd, tmp);
2431 if (err) {
2432 LOG_ERR("Calculate STK failed");
2433 return BT_SMP_ERR_UNSPECIFIED;
2434 }
2435
2436 memcpy(smp->tk, tmp, sizeof(smp->tk));
2437 LOG_DBG("generated STK %s", bt_hex(smp->tk, 16));
2438
2439 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2440
2441 return smp_send_pairing_random(smp);
2442 }
2443
2444 return 0;
2445 }
2446
legacy_pairing_confirm(struct bt_smp * smp)2447 static uint8_t legacy_pairing_confirm(struct bt_smp *smp)
2448 {
2449 LOG_DBG("");
2450
2451 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2452 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2453 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2454 return legacy_send_pairing_confirm(smp);
2455 }
2456
2457 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2458 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2459 atomic_set_bit(smp->allowed_cmds,
2460 BT_SMP_CMD_PAIRING_RANDOM);
2461 return legacy_send_pairing_confirm(smp);
2462 }
2463
2464 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2465 }
2466
2467 return 0;
2468 }
2469
legacy_user_tk_entry(struct bt_smp * smp)2470 static void legacy_user_tk_entry(struct bt_smp *smp)
2471 {
2472 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
2473 return;
2474 }
2475
2476 /* if confirm failed ie. due to invalid passkey, cancel pairing */
2477 if (legacy_pairing_confirm(smp)) {
2478 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
2479 return;
2480 }
2481
2482 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2483 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2484 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2485 return;
2486 }
2487
2488 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2489 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
2490 }
2491 }
2492
legacy_passkey_entry(struct bt_smp * smp,unsigned int passkey)2493 static void legacy_passkey_entry(struct bt_smp *smp, unsigned int passkey)
2494 {
2495 passkey = sys_cpu_to_le32(passkey);
2496 memcpy(smp->tk, &passkey, sizeof(passkey));
2497
2498 legacy_user_tk_entry(smp);
2499 }
2500
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2501 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2502 {
2503 LOG_DBG("");
2504
2505 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2506 struct bt_smp_encrypt_info *req = (void *)buf->data;
2507 struct bt_conn *conn = smp->chan.chan.conn;
2508 struct bt_keys *keys;
2509
2510 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2511 if (!keys) {
2512 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2513 return BT_SMP_ERR_UNSPECIFIED;
2514 }
2515
2516 memcpy(keys->ltk.val, req->ltk, 16);
2517 }
2518
2519 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_CENTRAL_IDENT);
2520
2521 return 0;
2522 }
2523
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2524 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2525 {
2526 struct bt_conn *conn = smp->chan.chan.conn;
2527 uint8_t err;
2528
2529 LOG_DBG("");
2530
2531 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2532 struct bt_smp_central_ident *req = (void *)buf->data;
2533 struct bt_keys *keys;
2534
2535 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2536 if (!keys) {
2537 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2538 return BT_SMP_ERR_UNSPECIFIED;
2539 }
2540
2541 memcpy(keys->ltk.ediv, req->ediv, sizeof(keys->ltk.ediv));
2542 memcpy(keys->ltk.rand, req->rand, sizeof(req->rand));
2543 }
2544
2545 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
2546
2547 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2548 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
2549 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2550 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
2551 }
2552
2553 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2554 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
2555 err = bt_smp_distribute_keys(smp);
2556 if (err) {
2557 return err;
2558 }
2559 }
2560
2561 /* if all keys were distributed, pairing is done */
2562 if (!smp->local_dist && !smp->remote_dist) {
2563 smp_pairing_complete(smp, 0);
2564 }
2565
2566 return 0;
2567 }
2568
2569 #if defined(CONFIG_BT_CENTRAL)
legacy_pairing_rsp(struct bt_smp * smp)2570 static uint8_t legacy_pairing_rsp(struct bt_smp *smp)
2571 {
2572 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2573 uint8_t ret;
2574
2575 LOG_DBG("");
2576
2577 ret = legacy_request_tk(smp);
2578 if (ret) {
2579 return ret;
2580 }
2581
2582 /* ask for consent if this is due to received SecReq */
2583 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2584 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2585 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2586 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2587 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2588 return 0;
2589 }
2590
2591 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2592 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2593 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2594 return legacy_send_pairing_confirm(smp);
2595 }
2596
2597 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2598
2599 return 0;
2600 }
2601 #endif /* CONFIG_BT_CENTRAL */
2602 #else
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2603 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2604 {
2605 return BT_SMP_ERR_CMD_NOTSUPP;
2606 }
2607
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2608 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2609 {
2610 return BT_SMP_ERR_CMD_NOTSUPP;
2611 }
2612 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2613
smp_init(struct bt_smp * smp)2614 static int smp_init(struct bt_smp *smp)
2615 {
2616 /* Initialize SMP context excluding L2CAP channel context and anything
2617 * else declared after.
2618 */
2619 (void)memset(smp, 0, offsetof(struct bt_smp, chan));
2620
2621 /* Generate local random number */
2622 if (bt_rand(smp->prnd, 16)) {
2623 return BT_SMP_ERR_UNSPECIFIED;
2624 }
2625
2626 LOG_DBG("prnd %s", bt_hex(smp->prnd, 16));
2627
2628 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
2629
2630 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
2631 sc_public_key = bt_pub_key_get();
2632 #endif
2633
2634 return 0;
2635 }
2636
bt_set_bondable(bool enable)2637 void bt_set_bondable(bool enable)
2638 {
2639 bondable = enable;
2640 }
2641
bt_le_oob_set_sc_flag(bool enable)2642 void bt_le_oob_set_sc_flag(bool enable)
2643 {
2644 sc_oobd_present = enable;
2645 }
2646
bt_le_oob_set_legacy_flag(bool enable)2647 void bt_le_oob_set_legacy_flag(bool enable)
2648 {
2649 legacy_oobd_present = enable;
2650 }
2651
get_auth(struct bt_smp * smp,uint8_t auth)2652 static uint8_t get_auth(struct bt_smp *smp, uint8_t auth)
2653 {
2654 struct bt_conn *conn = smp->chan.chan.conn;
2655
2656 if (sc_supported) {
2657 auth &= BT_SMP_AUTH_MASK_SC;
2658 } else {
2659 auth &= BT_SMP_AUTH_MASK;
2660 }
2661
2662 if ((get_io_capa(smp) == BT_SMP_IO_NO_INPUT_OUTPUT) ||
2663 (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
2664 (conn->required_sec_level < BT_SECURITY_L3))) {
2665 auth &= ~(BT_SMP_AUTH_MITM);
2666 } else {
2667 auth |= BT_SMP_AUTH_MITM;
2668 }
2669
2670 if (latch_bondable(smp)) {
2671 auth |= BT_SMP_AUTH_BONDING;
2672 } else {
2673 auth &= ~BT_SMP_AUTH_BONDING;
2674 }
2675
2676 if (IS_ENABLED(CONFIG_BT_PASSKEY_KEYPRESS)) {
2677 auth |= BT_SMP_AUTH_KEYPRESS;
2678 } else {
2679 auth &= ~BT_SMP_AUTH_KEYPRESS;
2680 }
2681
2682 return auth;
2683 }
2684
remote_sec_level_reachable(struct bt_smp * smp)2685 static uint8_t remote_sec_level_reachable(struct bt_smp *smp)
2686 {
2687 bt_security_t sec = smp->chan.chan.conn->required_sec_level;
2688
2689 if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY)) {
2690 sec = BT_SECURITY_L4;
2691 }
2692 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
2693 sec = BT_SECURITY_L3;
2694 }
2695
2696 switch (sec) {
2697 case BT_SECURITY_L1:
2698 case BT_SECURITY_L2:
2699 return 0;
2700
2701 case BT_SECURITY_L4:
2702 if (get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) {
2703 return BT_SMP_ERR_ENC_KEY_SIZE;
2704 }
2705
2706 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2707 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2708 }
2709 __fallthrough;
2710 case BT_SECURITY_L3:
2711 if (smp->method == JUST_WORKS) {
2712 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2713 }
2714
2715 return 0;
2716 default:
2717 return BT_SMP_ERR_UNSPECIFIED;
2718 }
2719 }
2720
sec_level_reachable(struct bt_smp * smp)2721 static bool sec_level_reachable(struct bt_smp *smp)
2722 {
2723 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2724
2725 switch (smp->chan.chan.conn->required_sec_level) {
2726 case BT_SECURITY_L1:
2727 case BT_SECURITY_L2:
2728 return true;
2729 case BT_SECURITY_L3:
2730 return get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2731 (smp_auth_cb && smp_auth_cb->oob_data_request);
2732 case BT_SECURITY_L4:
2733 return (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2734 (smp_auth_cb && smp_auth_cb->oob_data_request)) && sc_supported;
2735 default:
2736 return false;
2737 }
2738 }
2739
smp_chan_get(struct bt_conn * conn)2740 static struct bt_smp *smp_chan_get(struct bt_conn *conn)
2741 {
2742 struct bt_l2cap_chan *chan;
2743
2744 chan = bt_l2cap_le_lookup_rx_cid(conn, BT_L2CAP_CID_SMP);
2745 if (!chan) {
2746 LOG_ERR("Unable to find SMP channel");
2747 return NULL;
2748 }
2749
2750 return CONTAINER_OF(chan, struct bt_smp, chan.chan);
2751 }
2752
bt_smp_request_ltk(struct bt_conn * conn,uint64_t rand,uint16_t ediv,uint8_t * ltk)2753 bool bt_smp_request_ltk(struct bt_conn *conn, uint64_t rand, uint16_t ediv, uint8_t *ltk)
2754 {
2755 struct bt_smp *smp;
2756 uint8_t enc_size;
2757
2758 smp = smp_chan_get(conn);
2759 if (!smp) {
2760 return false;
2761 }
2762
2763 /*
2764 * Both legacy STK and LE SC LTK have rand and ediv equal to zero.
2765 * If pairing is in progress use the TK for encryption.
2766 */
2767 if (ediv == 0U && rand == 0U &&
2768 atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) &&
2769 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2770 enc_size = get_encryption_key_size(smp);
2771
2772 /*
2773 * We keep both legacy STK and LE SC LTK in TK.
2774 * Also use only enc_size bytes of key for encryption.
2775 */
2776 memcpy(ltk, smp->tk, enc_size);
2777 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2778 (void)memset(ltk + enc_size, 0,
2779 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2780 }
2781
2782 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2783 return true;
2784 }
2785
2786 if (!conn->le.keys) {
2787 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
2788 &conn->le.dst);
2789 if (!conn->le.keys) {
2790 conn->le.keys = bt_keys_find(BT_KEYS_PERIPH_LTK,
2791 conn->id, &conn->le.dst);
2792 }
2793 }
2794
2795 if (ediv == 0U && rand == 0U &&
2796 conn->le.keys && (conn->le.keys->keys & BT_KEYS_LTK_P256)) {
2797 enc_size = conn->le.keys->enc_size;
2798
2799 memcpy(ltk, conn->le.keys->ltk.val, enc_size);
2800 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2801 (void)memset(ltk + enc_size, 0,
2802 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2803 }
2804
2805 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2806 return true;
2807 }
2808
2809 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2810 if (conn->le.keys && (conn->le.keys->keys & BT_KEYS_PERIPH_LTK) &&
2811 !memcmp(conn->le.keys->periph_ltk.rand, &rand, 8) &&
2812 !memcmp(conn->le.keys->periph_ltk.ediv, &ediv, 2)) {
2813 enc_size = conn->le.keys->enc_size;
2814
2815 memcpy(ltk, conn->le.keys->periph_ltk.val, enc_size);
2816 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2817 (void)memset(ltk + enc_size, 0,
2818 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2819 }
2820
2821 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2822 return true;
2823 }
2824 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2825
2826 if (atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2827 /* Notify higher level that security failed if security was
2828 * initiated by peripheral.
2829 */
2830 bt_conn_security_changed(conn, BT_HCI_ERR_PIN_OR_KEY_MISSING,
2831 BT_SECURITY_ERR_PIN_OR_KEY_MISSING);
2832 }
2833
2834 smp_reset(smp);
2835 return false;
2836 }
2837
2838 #if defined(CONFIG_BT_PERIPHERAL)
smp_send_security_req(struct bt_conn * conn)2839 static int smp_send_security_req(struct bt_conn *conn)
2840 {
2841 struct bt_smp *smp;
2842 struct bt_smp_security_request *req;
2843 struct net_buf *req_buf;
2844 int err;
2845
2846 LOG_DBG("");
2847 smp = smp_chan_get(conn);
2848 if (!smp) {
2849 return -ENOTCONN;
2850 }
2851
2852 /* SMP Timeout */
2853 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
2854 return -EIO;
2855 }
2856
2857 /* pairing is in progress */
2858 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
2859 return -EBUSY;
2860 }
2861
2862 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2863 return -EBUSY;
2864 }
2865
2866 /* early verify if required sec level if reachable */
2867 if (!(sec_level_reachable(smp) || smp_keys_check(conn))) {
2868 return -EINVAL;
2869 }
2870
2871 if (!conn->le.keys) {
2872 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2873 if (!conn->le.keys) {
2874 return -ENOMEM;
2875 }
2876 }
2877
2878 if (smp_init(smp) != 0) {
2879 return -ENOBUFS;
2880 }
2881
2882 req_buf = smp_create_pdu(smp, BT_SMP_CMD_SECURITY_REQUEST,
2883 sizeof(*req));
2884 if (!req_buf) {
2885 return -ENOBUFS;
2886 }
2887
2888 req = net_buf_add(req_buf, sizeof(*req));
2889 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
2890
2891 /* SMP timer is not restarted for SecRequest so don't use smp_send */
2892 err = bt_l2cap_send_pdu(&smp->chan, req_buf, NULL, NULL);
2893 if (err) {
2894 net_buf_unref(req_buf);
2895 return err;
2896 }
2897
2898 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
2899 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
2900
2901 return 0;
2902 }
2903
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)2904 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
2905 {
2906 struct bt_conn *conn = smp->chan.chan.conn;
2907 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2908
2909 struct bt_smp_pairing *req = (void *)buf->data;
2910 struct bt_smp_pairing *rsp;
2911 uint8_t err;
2912
2913 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
2914 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
2915 req->io_capability, req->oob_flag, req->auth_req,
2916 req->max_key_size, req->init_key_dist, req->resp_key_dist);
2917
2918 if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
2919 (req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
2920 return BT_SMP_ERR_ENC_KEY_SIZE;
2921 }
2922
2923 if (!conn->le.keys) {
2924 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2925 if (!conn->le.keys) {
2926 LOG_DBG("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2927 return BT_SMP_ERR_UNSPECIFIED;
2928 }
2929 }
2930
2931 /* If we already sent a security request then the SMP context
2932 * is already initialized.
2933 */
2934 if (!atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2935 int ret = smp_init(smp);
2936
2937 if (ret) {
2938 return ret;
2939 }
2940 }
2941
2942 /* Store req for later use */
2943 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
2944 memcpy(smp->preq + 1, req, sizeof(*req));
2945
2946 /* create rsp, it will be used later on */
2947 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
2948 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2949
2950 rsp->auth_req = get_auth(smp, req->auth_req);
2951 rsp->io_capability = get_io_capa(smp);
2952 rsp->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
2953 rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
2954 rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);
2955
2956 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
2957 (req->auth_req & BT_SMP_AUTH_SC)) {
2958 atomic_set_bit(smp->flags, SMP_FLAG_SC);
2959
2960 rsp->init_key_dist &= RECV_KEYS_SC;
2961 rsp->resp_key_dist &= SEND_KEYS_SC;
2962 }
2963
2964 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2965 rsp->oob_flag = sc_oobd_present ? BT_SMP_OOB_PRESENT :
2966 BT_SMP_OOB_NOT_PRESENT;
2967 } else {
2968 rsp->oob_flag = legacy_oobd_present ? BT_SMP_OOB_PRESENT :
2969 BT_SMP_OOB_NOT_PRESENT;
2970 }
2971
2972 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
2973 (req->auth_req & BT_SMP_AUTH_CT2)) {
2974 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
2975 }
2976
2977 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
2978 (req->auth_req & BT_SMP_AUTH_BONDING)) {
2979 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
2980 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
2981 /* Reject pairing req if not both intend to bond */
2982 LOG_DBG("Bonding required");
2983 return BT_SMP_ERR_UNSPECIFIED;
2984 } else {
2985 rsp->init_key_dist = 0;
2986 rsp->resp_key_dist = 0;
2987 }
2988
2989 smp->local_dist = rsp->resp_key_dist;
2990 smp->remote_dist = rsp->init_key_dist;
2991
2992 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
2993
2994 smp->method = get_pair_method(smp, req->io_capability);
2995
2996 if (!update_keys_check(smp, conn->le.keys)) {
2997 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2998 }
2999
3000 err = remote_sec_level_reachable(smp);
3001 if (err) {
3002 return err;
3003 }
3004
3005 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3006 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3007 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3008 #else
3009 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3010 err = smp_pairing_accept_query(smp, req);
3011 if (err) {
3012 return err;
3013 }
3014 }
3015
3016 return legacy_pairing_req(smp);
3017 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3018 }
3019
3020 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3021 err = smp_pairing_accept_query(smp, req);
3022 if (err) {
3023 return err;
3024 }
3025 }
3026
3027 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3028 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3029 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3030 smp_auth_cb && smp_auth_cb->pairing_confirm) {
3031 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3032 smp_auth_cb->pairing_confirm(conn);
3033 return 0;
3034 }
3035
3036 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3037
3038 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3039 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3040 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
3041 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
3042
3043 return send_pairing_rsp(smp);
3044 }
3045 #else
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)3046 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
3047 {
3048 return BT_SMP_ERR_CMD_NOTSUPP;
3049 }
3050 #endif /* CONFIG_BT_PERIPHERAL */
3051
sc_send_public_key(struct bt_smp * smp)3052 static uint8_t sc_send_public_key(struct bt_smp *smp)
3053 {
3054 struct bt_smp_public_key *req;
3055 struct net_buf *req_buf;
3056
3057 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PUBLIC_KEY, sizeof(*req));
3058 if (!req_buf) {
3059 return BT_SMP_ERR_UNSPECIFIED;
3060 }
3061
3062 req = net_buf_add(req_buf, sizeof(*req));
3063
3064 memcpy(req->x, sc_public_key, sizeof(req->x));
3065 memcpy(req->y, &sc_public_key[32], sizeof(req->y));
3066
3067 smp_send(smp, req_buf, NULL, NULL);
3068
3069 if (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS)) {
3070 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
3071 }
3072
3073 return 0;
3074 }
3075
3076 #if defined(CONFIG_BT_CENTRAL)
smp_send_pairing_req(struct bt_conn * conn)3077 static int smp_send_pairing_req(struct bt_conn *conn)
3078 {
3079 struct bt_smp *smp;
3080 struct bt_smp_pairing *req;
3081 struct net_buf *req_buf;
3082
3083 LOG_DBG("");
3084
3085 smp = smp_chan_get(conn);
3086 if (!smp) {
3087 return -ENOTCONN;
3088 }
3089
3090 /* SMP Timeout */
3091 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
3092 return -EIO;
3093 }
3094
3095 /* A higher security level is requested during the key distribution
3096 * phase, once pairing is complete a new pairing procedure will start.
3097 */
3098 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
3099 return 0;
3100 }
3101
3102 /* pairing is in progress */
3103 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
3104 return -EBUSY;
3105 }
3106
3107 /* Encryption is in progress */
3108 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
3109 return -EBUSY;
3110 }
3111
3112 /* early verify if required sec level if reachable */
3113 if (!sec_level_reachable(smp)) {
3114 return -EINVAL;
3115 }
3116
3117 if (!conn->le.keys) {
3118 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
3119 if (!conn->le.keys) {
3120 return -ENOMEM;
3121 }
3122 }
3123
3124 if (smp_init(smp)) {
3125 return -ENOBUFS;
3126 }
3127
3128 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
3129 if (!req_buf) {
3130 return -ENOBUFS;
3131 }
3132
3133 req = net_buf_add(req_buf, sizeof(*req));
3134
3135 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
3136 req->io_capability = get_io_capa(smp);
3137
3138 /* At this point is it unknown if pairing will be legacy or LE SC so
3139 * set OOB flag if any OOB data is present and assume to peer device
3140 * provides OOB data that will match it's pairing type.
3141 */
3142 req->oob_flag = (legacy_oobd_present || sc_oobd_present) ?
3143 BT_SMP_OOB_PRESENT : BT_SMP_OOB_NOT_PRESENT;
3144
3145 req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3146
3147 if (req->auth_req & BT_SMP_AUTH_BONDING) {
3148 req->init_key_dist = SEND_KEYS;
3149 req->resp_key_dist = RECV_KEYS;
3150 } else {
3151 req->init_key_dist = 0;
3152 req->resp_key_dist = 0;
3153 }
3154
3155 smp->local_dist = req->init_key_dist;
3156 smp->remote_dist = req->resp_key_dist;
3157
3158 /* Store req for later use */
3159 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3160 memcpy(smp->preq + 1, req, sizeof(*req));
3161
3162 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3163 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3164 req->io_capability, req->oob_flag, req->auth_req,
3165 req->max_key_size, req->init_key_dist, req->resp_key_dist);
3166
3167 smp_send(smp, req_buf, NULL, NULL);
3168
3169 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
3170 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3171 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3172
3173 return 0;
3174 }
3175
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3176 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3177 {
3178 struct bt_conn *conn = smp->chan.chan.conn;
3179 struct bt_smp_pairing *rsp = (void *)buf->data;
3180 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3181 uint8_t err;
3182
3183 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3184 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3185 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
3186 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
3187
3188 if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
3189 (rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
3190 return BT_SMP_ERR_ENC_KEY_SIZE;
3191 }
3192
3193 smp->local_dist &= rsp->init_key_dist;
3194 smp->remote_dist &= rsp->resp_key_dist;
3195
3196 /* Store rsp for later use */
3197 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3198 memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
3199
3200 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3201 (req->auth_req & BT_SMP_AUTH_SC)) {
3202 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3203 }
3204
3205 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3206 (req->auth_req & BT_SMP_AUTH_CT2)) {
3207 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3208 }
3209
3210 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3211 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3212 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3213 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3214 /* Reject pairing req if not both intend to bond */
3215 LOG_DBG("Bonding required");
3216 return BT_SMP_ERR_UNSPECIFIED;
3217 } else {
3218 smp->local_dist = 0;
3219 smp->remote_dist = 0;
3220 }
3221
3222 smp->method = get_pair_method(smp, rsp->io_capability);
3223
3224 if (!update_keys_check(smp, conn->le.keys)) {
3225 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3226 }
3227
3228 err = remote_sec_level_reachable(smp);
3229 if (err) {
3230 return err;
3231 }
3232
3233 /* the OR operation evaluated by "if" statement below seems redundant
3234 * when CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY is enabled, because in
3235 * that case the SMP_FLAG_SC will always be set to false. But it's
3236 * needed in order to inform the compiler that the inside of the "if"
3237 * is the return point for CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY enabled
3238 * builds. This avoids compiler warnings regarding the code after the
3239 * "if" statement, that would happen for builds with
3240 * CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY enabled
3241 */
3242 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) ||
3243 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3244 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3245 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3246 #else
3247 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3248 err = smp_pairing_accept_query(smp, rsp);
3249 if (err) {
3250 return err;
3251 }
3252 }
3253
3254 return legacy_pairing_rsp(smp);
3255 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3256 }
3257
3258 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3259
3260 smp->local_dist &= SEND_KEYS_SC;
3261 smp->remote_dist &= RECV_KEYS_SC;
3262
3263 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3264 err = smp_pairing_accept_query(smp, rsp);
3265 if (err) {
3266 return err;
3267 }
3268 }
3269
3270 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3271 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3272 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3273 smp_auth_cb && smp_auth_cb->pairing_confirm) {
3274 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3275 smp_auth_cb->pairing_confirm(conn);
3276 return 0;
3277 }
3278
3279 if (!sc_public_key) {
3280 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
3281 return 0;
3282 }
3283
3284 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3285 atomic_clear_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3286
3287 return sc_send_public_key(smp);
3288 }
3289 #else
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3290 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3291 {
3292 return BT_SMP_ERR_CMD_NOTSUPP;
3293 }
3294 #endif /* CONFIG_BT_CENTRAL */
3295
smp_pairing_confirm(struct bt_smp * smp,struct net_buf * buf)3296 static uint8_t smp_pairing_confirm(struct bt_smp *smp, struct net_buf *buf)
3297 {
3298 struct bt_smp_pairing_confirm *req = (void *)buf->data;
3299
3300 LOG_DBG("");
3301
3302 atomic_clear_bit(smp->flags, SMP_FLAG_DISPLAY);
3303
3304 memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));
3305
3306 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3307 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3308 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3309 return smp_send_pairing_random(smp);
3310 }
3311
3312 if (!IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3313 return 0;
3314 }
3315
3316 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3317 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3318 return legacy_pairing_confirm(smp);
3319 }
3320 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3321
3322 switch (smp->method) {
3323 case PASSKEY_DISPLAY:
3324 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3325 return smp_send_pairing_confirm(smp);
3326 case PASSKEY_INPUT:
3327 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3328 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
3329 return 0;
3330 }
3331
3332 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3333 return smp_send_pairing_confirm(smp);
3334 case JUST_WORKS:
3335 case PASSKEY_CONFIRM:
3336 default:
3337 LOG_ERR("Unknown pairing method (%u)", smp->method);
3338 return BT_SMP_ERR_UNSPECIFIED;
3339 }
3340 }
3341
sc_smp_send_dhkey_check(struct bt_smp * smp,const uint8_t * e)3342 static uint8_t sc_smp_send_dhkey_check(struct bt_smp *smp, const uint8_t *e)
3343 {
3344 struct bt_smp_dhkey_check *req;
3345 struct net_buf *buf;
3346
3347 LOG_DBG("");
3348
3349 buf = smp_create_pdu(smp, BT_SMP_DHKEY_CHECK, sizeof(*req));
3350 if (!buf) {
3351 return BT_SMP_ERR_UNSPECIFIED;
3352 }
3353
3354 req = net_buf_add(buf, sizeof(*req));
3355 memcpy(req->e, e, sizeof(req->e));
3356
3357 smp_send(smp, buf, NULL, NULL);
3358
3359 return 0;
3360 }
3361
3362 #if defined(CONFIG_BT_CENTRAL)
compute_and_send_central_dhcheck(struct bt_smp * smp)3363 static uint8_t compute_and_send_central_dhcheck(struct bt_smp *smp)
3364 {
3365 uint8_t e[16], r[16];
3366
3367 (void)memset(r, 0, sizeof(r));
3368
3369 switch (smp->method) {
3370 case JUST_WORKS:
3371 case PASSKEY_CONFIRM:
3372 break;
3373 case PASSKEY_DISPLAY:
3374 case PASSKEY_INPUT:
3375 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3376 break;
3377 case LE_SC_OOB:
3378 if (smp->oobd_remote) {
3379 memcpy(r, smp->oobd_remote->r, sizeof(r));
3380 }
3381 break;
3382 default:
3383 LOG_ERR("Unknown pairing method (%u)", smp->method);
3384 return BT_SMP_ERR_UNSPECIFIED;
3385 }
3386
3387 /* calculate LTK and mackey */
3388 if (bt_crypto_f5(smp->dhkey, smp->prnd, smp->rrnd, &smp->chan.chan.conn->le.init_addr,
3389 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3390 LOG_ERR("Calculate LTK failed");
3391 return BT_SMP_ERR_UNSPECIFIED;
3392 }
3393 /* calculate local DHKey check */
3394 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->preq[1],
3395 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3396 e)) {
3397 LOG_ERR("Calculate local DHKey check failed");
3398 return BT_SMP_ERR_UNSPECIFIED;
3399 }
3400
3401 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3402 return sc_smp_send_dhkey_check(smp, e);
3403 }
3404 #endif /* CONFIG_BT_CENTRAL */
3405
3406 #if defined(CONFIG_BT_PERIPHERAL)
compute_and_check_and_send_periph_dhcheck(struct bt_smp * smp)3407 static uint8_t compute_and_check_and_send_periph_dhcheck(struct bt_smp *smp)
3408 {
3409 uint8_t re[16], e[16], r[16];
3410 uint8_t err;
3411
3412 (void)memset(r, 0, sizeof(r));
3413
3414 switch (smp->method) {
3415 case JUST_WORKS:
3416 case PASSKEY_CONFIRM:
3417 break;
3418 case PASSKEY_DISPLAY:
3419 case PASSKEY_INPUT:
3420 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3421 break;
3422 case LE_SC_OOB:
3423 if (smp->oobd_remote) {
3424 memcpy(r, smp->oobd_remote->r, sizeof(r));
3425 }
3426 break;
3427 default:
3428 LOG_ERR("Unknown pairing method (%u)", smp->method);
3429 return BT_SMP_ERR_UNSPECIFIED;
3430 }
3431
3432 /* calculate LTK and mackey */
3433 if (bt_crypto_f5(smp->dhkey, smp->rrnd, smp->prnd, &smp->chan.chan.conn->le.init_addr,
3434 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3435 LOG_ERR("Calculate LTK failed");
3436 return BT_SMP_ERR_UNSPECIFIED;
3437 }
3438
3439 /* calculate local DHKey check */
3440 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->prsp[1],
3441 &smp->chan.chan.conn->le.resp_addr, &smp->chan.chan.conn->le.init_addr,
3442 e)) {
3443 LOG_ERR("Calculate local DHKey check failed");
3444 return BT_SMP_ERR_UNSPECIFIED;
3445 }
3446
3447 if (smp->method == LE_SC_OOB) {
3448 if (smp->oobd_local) {
3449 memcpy(r, smp->oobd_local->r, sizeof(r));
3450 } else {
3451 memset(r, 0, sizeof(r));
3452 }
3453 }
3454
3455 /* calculate remote DHKey check */
3456 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->preq[1],
3457 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3458 re)) {
3459 LOG_ERR("Calculate remote DHKey check failed");
3460 return BT_SMP_ERR_UNSPECIFIED;
3461 }
3462
3463 /* compare received E with calculated remote */
3464 if (memcmp(smp->e, re, 16)) {
3465 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3466 }
3467
3468 /* send local e */
3469 err = sc_smp_send_dhkey_check(smp, e);
3470 if (err) {
3471 return err;
3472 }
3473
3474 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
3475 return 0;
3476 }
3477 #endif /* CONFIG_BT_PERIPHERAL */
3478
3479 static void bt_smp_dhkey_ready(const uint8_t *dhkey);
smp_dhkey_generate(struct bt_smp * smp)3480 static uint8_t smp_dhkey_generate(struct bt_smp *smp)
3481 {
3482 int err;
3483
3484 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3485 err = bt_dh_key_gen(smp->pkey, bt_smp_dhkey_ready);
3486 if (err) {
3487 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3488
3489 LOG_ERR("Failed to generate DHKey");
3490 return BT_SMP_ERR_UNSPECIFIED;
3491 }
3492
3493 return 0;
3494 }
3495
smp_dhkey_ready(struct bt_smp * smp,const uint8_t * dhkey)3496 static uint8_t smp_dhkey_ready(struct bt_smp *smp, const uint8_t *dhkey)
3497 {
3498 if (!dhkey) {
3499 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3500 }
3501
3502 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
3503 memcpy(smp->dhkey, dhkey, BT_DH_KEY_LEN);
3504
3505 /* wait for user passkey confirmation */
3506 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3507 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3508 return 0;
3509 }
3510
3511 /* wait for remote DHKey Check */
3512 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
3513 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3514 return 0;
3515 }
3516
3517 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
3518 #if defined(CONFIG_BT_CENTRAL)
3519 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3520 return compute_and_send_central_dhcheck(smp);
3521 }
3522
3523 #endif /* CONFIG_BT_CENTRAL */
3524
3525 #if defined(CONFIG_BT_PERIPHERAL)
3526 return compute_and_check_and_send_periph_dhcheck(smp);
3527 #endif /* CONFIG_BT_PERIPHERAL */
3528 }
3529
3530 return 0;
3531 }
3532
smp_find(int flag)3533 static struct bt_smp *smp_find(int flag)
3534 {
3535 for (int i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
3536 if (atomic_test_bit(bt_smp_pool[i].flags, flag)) {
3537 return &bt_smp_pool[i];
3538 }
3539 }
3540
3541 return NULL;
3542 }
3543
bt_smp_dhkey_ready(const uint8_t * dhkey)3544 static void bt_smp_dhkey_ready(const uint8_t *dhkey)
3545 {
3546 LOG_DBG("%p", (void *)dhkey);
3547 int err;
3548
3549 struct bt_smp *smp = smp_find(SMP_FLAG_DHKEY_GEN);
3550 if (smp) {
3551 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3552 err = smp_dhkey_ready(smp, dhkey);
3553 if (err) {
3554 smp_error(smp, err);
3555 }
3556 }
3557
3558 err = 0;
3559 do {
3560 smp = smp_find(SMP_FLAG_DHKEY_PENDING);
3561 if (smp) {
3562 err = smp_dhkey_generate(smp);
3563 if (err) {
3564 smp_error(smp, err);
3565 }
3566 }
3567 } while (smp && err);
3568 }
3569
sc_smp_check_confirm(struct bt_smp * smp)3570 static uint8_t sc_smp_check_confirm(struct bt_smp *smp)
3571 {
3572 uint8_t cfm[16];
3573 uint8_t r;
3574
3575 switch (smp->method) {
3576 case LE_SC_OOB:
3577 return 0;
3578 case PASSKEY_CONFIRM:
3579 case JUST_WORKS:
3580 r = 0U;
3581 break;
3582 case PASSKEY_DISPLAY:
3583 case PASSKEY_INPUT:
3584 /*
3585 * In the Passkey Entry protocol, the most significant
3586 * bit of Z is set equal to one and the least
3587 * significant bit is made up from one bit of the
3588 * passkey e.g. if the passkey bit is 1, then Z = 0x81
3589 * and if the passkey bit is 0, then Z = 0x80.
3590 */
3591 r = (smp->passkey >> smp->passkey_round) & 0x01;
3592 r |= 0x80;
3593 break;
3594 default:
3595 LOG_ERR("Unknown pairing method (%u)", smp->method);
3596 return BT_SMP_ERR_UNSPECIFIED;
3597 }
3598
3599 if (bt_crypto_f4(smp->pkey, sc_public_key, smp->rrnd, r, cfm)) {
3600 LOG_ERR("Calculate confirm failed");
3601 return BT_SMP_ERR_UNSPECIFIED;
3602 }
3603
3604 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
3605 LOG_DBG("cfm %s", bt_hex(cfm, 16));
3606
3607 if (memcmp(smp->pcnf, cfm, 16)) {
3608 return BT_SMP_ERR_CONFIRM_FAILED;
3609 }
3610
3611 return 0;
3612 }
3613
3614 #ifndef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
le_sc_oob_data_req_check(struct bt_smp * smp)3615 static bool le_sc_oob_data_req_check(struct bt_smp *smp)
3616 {
3617 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3618
3619 return ((req->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3620 }
3621
le_sc_oob_data_rsp_check(struct bt_smp * smp)3622 static bool le_sc_oob_data_rsp_check(struct bt_smp *smp)
3623 {
3624 struct bt_smp_pairing *rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3625
3626 return ((rsp->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3627 }
3628
le_sc_oob_config_set(struct bt_smp * smp,struct bt_conn_oob_info * info)3629 static void le_sc_oob_config_set(struct bt_smp *smp,
3630 struct bt_conn_oob_info *info)
3631 {
3632 bool req_oob_present = le_sc_oob_data_req_check(smp);
3633 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
3634 int oob_config = BT_CONN_OOB_NO_DATA;
3635
3636 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3637 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3638 oob_config = req_oob_present ? BT_CONN_OOB_REMOTE_ONLY :
3639 BT_CONN_OOB_NO_DATA;
3640
3641 if (rsp_oob_present) {
3642 oob_config = (oob_config == BT_CONN_OOB_REMOTE_ONLY) ?
3643 BT_CONN_OOB_BOTH_PEERS :
3644 BT_CONN_OOB_LOCAL_ONLY;
3645 }
3646 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3647 oob_config = req_oob_present ? BT_CONN_OOB_LOCAL_ONLY :
3648 BT_CONN_OOB_NO_DATA;
3649
3650 if (rsp_oob_present) {
3651 oob_config = (oob_config == BT_CONN_OOB_LOCAL_ONLY) ?
3652 BT_CONN_OOB_BOTH_PEERS :
3653 BT_CONN_OOB_REMOTE_ONLY;
3654 }
3655 }
3656
3657 info->lesc.oob_config = oob_config;
3658 }
3659 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
3660
smp_pairing_random(struct bt_smp * smp,struct net_buf * buf)3661 static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
3662 {
3663 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3664 struct bt_smp_pairing_random *req = (void *)buf->data;
3665 uint32_t passkey;
3666 uint8_t err;
3667
3668 LOG_DBG("");
3669
3670 memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
3671
3672 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3673 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3674 return legacy_pairing_random(smp);
3675 }
3676 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3677
3678 #if defined(CONFIG_BT_CENTRAL)
3679 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3680 err = sc_smp_check_confirm(smp);
3681 if (err) {
3682 return err;
3683 }
3684
3685 switch (smp->method) {
3686 case PASSKEY_CONFIRM:
3687 /* compare passkey before calculating LTK */
3688 if (bt_crypto_g2(sc_public_key, smp->pkey, smp->prnd, smp->rrnd,
3689 &passkey)) {
3690 return BT_SMP_ERR_UNSPECIFIED;
3691 }
3692
3693 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3694 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3695 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3696 return 0;
3697 case JUST_WORKS:
3698 break;
3699 case LE_SC_OOB:
3700 break;
3701 case PASSKEY_DISPLAY:
3702 case PASSKEY_INPUT:
3703 smp->passkey_round++;
3704 if (smp->passkey_round == 20U) {
3705 break;
3706 }
3707
3708 if (bt_rand(smp->prnd, 16)) {
3709 return BT_SMP_ERR_UNSPECIFIED;
3710 }
3711
3712 atomic_set_bit(smp->allowed_cmds,
3713 BT_SMP_CMD_PAIRING_CONFIRM);
3714 return smp_send_pairing_confirm(smp);
3715 default:
3716 LOG_ERR("Unknown pairing method (%u)", smp->method);
3717 return BT_SMP_ERR_UNSPECIFIED;
3718 }
3719
3720 /* wait for DHKey being generated */
3721 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
3722 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3723 return 0;
3724 }
3725
3726 return compute_and_send_central_dhcheck(smp);
3727 }
3728 #endif /* CONFIG_BT_CENTRAL */
3729
3730 #if defined(CONFIG_BT_PERIPHERAL)
3731 switch (smp->method) {
3732 case PASSKEY_CONFIRM:
3733 if (bt_crypto_g2(smp->pkey, sc_public_key, smp->rrnd, smp->prnd, &passkey)) {
3734 return BT_SMP_ERR_UNSPECIFIED;
3735 }
3736
3737 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3738 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3739 break;
3740 case JUST_WORKS:
3741 break;
3742 case PASSKEY_DISPLAY:
3743 case PASSKEY_INPUT:
3744 err = sc_smp_check_confirm(smp);
3745 if (err) {
3746 return err;
3747 }
3748
3749 atomic_set_bit(smp->allowed_cmds,
3750 BT_SMP_CMD_PAIRING_CONFIRM);
3751 err = smp_send_pairing_random(smp);
3752 if (err) {
3753 return err;
3754 }
3755
3756 smp->passkey_round++;
3757 if (smp->passkey_round == 20U) {
3758 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3759 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3760 return 0;
3761 }
3762
3763 if (bt_rand(smp->prnd, 16)) {
3764 return BT_SMP_ERR_UNSPECIFIED;
3765 }
3766
3767 return 0;
3768 case LE_SC_OOB:
3769 /* Step 6: Select random N */
3770 if (bt_rand(smp->prnd, 16)) {
3771 return BT_SMP_ERR_UNSPECIFIED;
3772 }
3773
3774 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
3775 struct bt_conn_oob_info info = {
3776 .type = BT_CONN_OOB_LE_SC,
3777 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
3778 };
3779
3780 le_sc_oob_config_set(smp, &info);
3781
3782 smp->oobd_local = NULL;
3783 smp->oobd_remote = NULL;
3784
3785 atomic_set_bit(smp->flags, SMP_FLAG_OOB_PENDING);
3786 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
3787
3788 return 0;
3789 } else {
3790 return BT_SMP_ERR_OOB_NOT_AVAIL;
3791 }
3792 default:
3793 LOG_ERR("Unknown pairing method (%u)", smp->method);
3794 return BT_SMP_ERR_UNSPECIFIED;
3795 }
3796
3797 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3798 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3799 return smp_send_pairing_random(smp);
3800 #else
3801 return BT_SMP_ERR_PAIRING_NOTSUPP;
3802 #endif /* CONFIG_BT_PERIPHERAL */
3803 }
3804
smp_pairing_failed(struct bt_smp * smp,struct net_buf * buf)3805 static uint8_t smp_pairing_failed(struct bt_smp *smp, struct net_buf *buf)
3806 {
3807 struct bt_conn *conn = smp->chan.chan.conn;
3808 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3809 struct bt_smp_pairing_fail *req = (void *)buf->data;
3810
3811 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
3812
3813 if (atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER) ||
3814 atomic_test_and_clear_bit(smp->flags, SMP_FLAG_DISPLAY)) {
3815 if (smp_auth_cb && smp_auth_cb->cancel) {
3816 smp_auth_cb->cancel(conn);
3817 }
3818 }
3819
3820 smp_pairing_complete(smp, req->reason);
3821
3822 /* return no error to avoid sending Pairing Failed in response */
3823 return 0;
3824 }
3825
smp_ident_info(struct bt_smp * smp,struct net_buf * buf)3826 static uint8_t smp_ident_info(struct bt_smp *smp, struct net_buf *buf)
3827 {
3828 LOG_DBG("");
3829
3830 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3831 struct bt_smp_ident_info *req = (void *)buf->data;
3832 struct bt_conn *conn = smp->chan.chan.conn;
3833 struct bt_keys *keys;
3834
3835 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3836 if (!keys) {
3837 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3838 return BT_SMP_ERR_UNSPECIFIED;
3839 }
3840
3841 memcpy(keys->irk.val, req->irk, 16);
3842 }
3843
3844 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
3845
3846 return 0;
3847 }
3848
smp_id_add_replace(struct bt_smp * smp,struct bt_keys * new_bond)3849 static uint8_t smp_id_add_replace(struct bt_smp *smp, struct bt_keys *new_bond)
3850 {
3851 struct bt_keys *conflict;
3852
3853 /* Sanity check: It does not make sense to finalize a bond before we
3854 * have the remote identity.
3855 */
3856 __ASSERT_NO_MSG(!(smp->remote_dist & BT_SMP_DIST_ID_KEY));
3857
3858 conflict = bt_id_find_conflict(new_bond);
3859 if (conflict) {
3860 LOG_DBG("New bond conflicts with a bond on id %d.", conflict->id);
3861 }
3862
3863 if (conflict && !IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3864 LOG_WRN("Refusing new pairing. The old bond must be unpaired first.");
3865 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3866 }
3867
3868 if (conflict && IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3869 bool trust_ok;
3870 int unpair_err;
3871
3872 trust_ok = update_keys_check(smp, conflict);
3873 if (!trust_ok) {
3874 LOG_WRN("Refusing new pairing. The old bond has more trust.");
3875 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3876 }
3877
3878 LOG_DBG("Un-pairing old conflicting bond and finalizing new.");
3879
3880 unpair_err = bt_unpair(conflict->id, &conflict->addr);
3881 __ASSERT_NO_MSG(!unpair_err);
3882 }
3883
3884 __ASSERT_NO_MSG(!bt_id_find_conflict(new_bond));
3885 bt_id_add(new_bond);
3886 return 0;
3887 }
3888
3889 struct addr_match {
3890 const bt_addr_le_t *rpa;
3891 const bt_addr_le_t *id_addr;
3892 };
3893
convert_to_id_on_match(struct bt_conn * conn,void * data)3894 static void convert_to_id_on_match(struct bt_conn *conn, void *data)
3895 {
3896 struct addr_match *addr_match = data;
3897
3898 if (bt_addr_le_eq(&conn->le.dst, addr_match->rpa)) {
3899 bt_addr_le_copy(&conn->le.dst, addr_match->id_addr);
3900 }
3901 }
3902
smp_ident_addr_info(struct bt_smp * smp,struct net_buf * buf)3903 static uint8_t smp_ident_addr_info(struct bt_smp *smp, struct net_buf *buf)
3904 {
3905 struct bt_conn *conn = smp->chan.chan.conn;
3906 struct bt_smp_ident_addr_info *req = (void *)buf->data;
3907 uint8_t err;
3908
3909 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
3910
3911 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
3912
3913 if (!bt_addr_le_is_identity(&req->addr)) {
3914 LOG_ERR("Invalid identity %s", bt_addr_le_str(&req->addr));
3915 LOG_ERR(" for %s", bt_addr_le_str(&conn->le.dst));
3916 return BT_SMP_ERR_INVALID_PARAMS;
3917 }
3918
3919 if (!bt_addr_le_eq(&conn->le.dst, &req->addr)) {
3920 struct bt_keys *keys = bt_keys_find_addr(conn->id, &req->addr);
3921
3922 if (keys) {
3923 if (!update_keys_check(smp, keys)) {
3924 return BT_SMP_ERR_UNSPECIFIED;
3925 }
3926
3927 bt_keys_clear(keys);
3928 }
3929 }
3930
3931 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3932 const bt_addr_le_t *dst;
3933 struct bt_keys *keys;
3934
3935 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3936 if (!keys) {
3937 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3938 return BT_SMP_ERR_UNSPECIFIED;
3939 }
3940
3941 /*
3942 * We can't use conn->dst here as this might already contain
3943 * identity address known from previous pairing. Since all keys
3944 * are cleared on re-pairing we wouldn't store IRK distributed
3945 * in new pairing.
3946 */
3947 if (conn->role == BT_HCI_ROLE_CENTRAL) {
3948 dst = &conn->le.resp_addr;
3949 } else {
3950 dst = &conn->le.init_addr;
3951 }
3952
3953 if (bt_addr_le_is_rpa(dst)) {
3954 /* always update last use RPA */
3955 bt_addr_copy(&keys->irk.rpa, &dst->a);
3956
3957 /*
3958 * Update connection address and notify about identity
3959 * resolved only if connection wasn't already reported
3960 * with identity address. This may happen if IRK was
3961 * present before ie. due to re-pairing.
3962 */
3963 if (!bt_addr_le_is_identity(&conn->le.dst)) {
3964 struct addr_match addr_match = {
3965 .rpa = &conn->le.dst,
3966 .id_addr = &req->addr,
3967 };
3968
3969 bt_conn_foreach(BT_CONN_TYPE_LE,
3970 convert_to_id_on_match,
3971 &addr_match);
3972 bt_addr_le_copy(&keys->addr, &req->addr);
3973
3974 bt_conn_identity_resolved(conn);
3975 }
3976 }
3977
3978 err = smp_id_add_replace(smp, keys);
3979 if (err) {
3980 return err;
3981 }
3982 }
3983
3984 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
3985 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
3986 }
3987
3988 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3989 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
3990 err = bt_smp_distribute_keys(smp);
3991 if (err) {
3992 return err;
3993 }
3994 }
3995
3996 /* if all keys were distributed, pairing is done */
3997 if (!smp->local_dist && !smp->remote_dist) {
3998 smp_pairing_complete(smp, 0);
3999 }
4000
4001 return 0;
4002 }
4003
4004 #if defined(CONFIG_BT_SIGNING)
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)4005 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
4006 {
4007 struct bt_conn *conn = smp->chan.chan.conn;
4008 uint8_t err;
4009
4010 LOG_DBG("");
4011
4012 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
4013 struct bt_smp_signing_info *req = (void *)buf->data;
4014 struct bt_keys *keys;
4015
4016 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id,
4017 &conn->le.dst);
4018 if (!keys) {
4019 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
4020 return BT_SMP_ERR_UNSPECIFIED;
4021 }
4022
4023 memcpy(keys->remote_csrk.val, req->csrk,
4024 sizeof(keys->remote_csrk.val));
4025 }
4026
4027 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
4028
4029 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4030 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
4031 err = bt_smp_distribute_keys(smp);
4032 if (err) {
4033 return err;
4034 }
4035 }
4036
4037 /* if all keys were distributed, pairing is done */
4038 if (!smp->local_dist && !smp->remote_dist) {
4039 smp_pairing_complete(smp, 0);
4040 }
4041
4042 return 0;
4043 }
4044 #else
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)4045 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
4046 {
4047 return BT_SMP_ERR_CMD_NOTSUPP;
4048 }
4049 #endif /* CONFIG_BT_SIGNING */
4050
4051 #if defined(CONFIG_BT_CENTRAL)
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4052 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4053 {
4054 struct bt_conn *conn = smp->chan.chan.conn;
4055 struct bt_smp_security_request *req = (void *)buf->data;
4056 uint8_t auth;
4057
4058 LOG_DBG("");
4059
4060 /* A higher security level is requested during the key distribution
4061 * phase, once pairing is complete a new pairing procedure will start.
4062 */
4063 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
4064 return 0;
4065 }
4066
4067 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4068 /* We have already started pairing process */
4069 return 0;
4070 }
4071
4072 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4073 /* We have already started encryption procedure */
4074 return 0;
4075 }
4076
4077 if (sc_supported) {
4078 auth = req->auth_req & BT_SMP_AUTH_MASK_SC;
4079 } else {
4080 auth = req->auth_req & BT_SMP_AUTH_MASK;
4081 }
4082
4083 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
4084 !(auth & BT_SMP_AUTH_SC)) {
4085 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4086 }
4087
4088 if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED) &&
4089 !(latch_bondable(smp) && (auth & BT_SMP_AUTH_BONDING))) {
4090 /* Reject security req if not both intend to bond */
4091 LOG_DBG("Bonding required");
4092 return BT_SMP_ERR_UNSPECIFIED;
4093 }
4094
4095 if (conn->le.keys) {
4096 /* Make sure we have an LTK to encrypt with */
4097 if (!(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
4098 goto pair;
4099 }
4100 } else {
4101 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
4102 &conn->le.dst);
4103 if (!conn->le.keys) {
4104 conn->le.keys = bt_keys_find(BT_KEYS_LTK, conn->id,
4105 &conn->le.dst);
4106 }
4107 }
4108
4109 if (!conn->le.keys) {
4110 goto pair;
4111 }
4112
4113 /* if MITM required key must be authenticated */
4114 if ((auth & BT_SMP_AUTH_MITM) &&
4115 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
4116 if (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT) {
4117 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4118 goto pair;
4119 }
4120
4121 LOG_WRN("Unsupported auth requirements: 0x%x, repairing", auth);
4122 goto pair;
4123 }
4124
4125 /* if LE SC required and no p256 key present repair */
4126 if ((auth & BT_SMP_AUTH_SC) &&
4127 !(conn->le.keys->keys & BT_KEYS_LTK_P256)) {
4128 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4129 goto pair;
4130 }
4131
4132 if (bt_conn_le_start_encryption(conn, conn->le.keys->ltk.rand,
4133 conn->le.keys->ltk.ediv,
4134 conn->le.keys->ltk.val,
4135 conn->le.keys->enc_size) < 0) {
4136 LOG_ERR("Failed to start encryption");
4137 return BT_SMP_ERR_UNSPECIFIED;
4138 }
4139
4140 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4141
4142 return 0;
4143 pair:
4144 if (smp_send_pairing_req(conn) < 0) {
4145 return BT_SMP_ERR_UNSPECIFIED;
4146 }
4147
4148 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
4149
4150 return 0;
4151 }
4152 #else
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4153 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4154 {
4155 return BT_SMP_ERR_CMD_NOTSUPP;
4156 }
4157 #endif /* CONFIG_BT_CENTRAL */
4158
4159 #ifndef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
generate_dhkey(struct bt_smp * smp)4160 static uint8_t generate_dhkey(struct bt_smp *smp)
4161 {
4162 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
4163 return BT_SMP_ERR_UNSPECIFIED;
4164 }
4165
4166 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
4167 if (!smp_find(SMP_FLAG_DHKEY_GEN)) {
4168 return smp_dhkey_generate(smp);
4169 }
4170
4171 return 0;
4172 }
4173
display_passkey(struct bt_smp * smp)4174 static uint8_t display_passkey(struct bt_smp *smp)
4175 {
4176 struct bt_conn *conn = smp->chan.chan.conn;
4177 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4178
4179 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
4180 fixed_passkey != BT_PASSKEY_INVALID) {
4181 smp->passkey = fixed_passkey;
4182 } else {
4183 if (bt_rand(&smp->passkey, sizeof(smp->passkey))) {
4184 return BT_SMP_ERR_UNSPECIFIED;
4185 }
4186
4187 smp->passkey %= 1000000;
4188 }
4189
4190 smp->passkey_round = 0U;
4191
4192 if (smp_auth_cb && smp_auth_cb->passkey_display) {
4193 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
4194 smp_auth_cb->passkey_display(conn, smp->passkey);
4195 }
4196
4197 smp->passkey = sys_cpu_to_le32(smp->passkey);
4198
4199 return 0;
4200 }
4201 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
4202
4203 #if defined(CONFIG_BT_PERIPHERAL)
smp_public_key_periph(struct bt_smp * smp)4204 static uint8_t smp_public_key_periph(struct bt_smp *smp)
4205 {
4206 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4207 uint8_t err;
4208
4209 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4210 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4211 /* Deny public key with identitcal X coordinate unless it is the
4212 * debug public key.
4213 */
4214 LOG_WRN("Remote public key rejected");
4215 return BT_SMP_ERR_UNSPECIFIED;
4216 }
4217
4218 err = sc_send_public_key(smp);
4219 if (err) {
4220 return err;
4221 }
4222
4223 switch (smp->method) {
4224 case PASSKEY_CONFIRM:
4225 case JUST_WORKS:
4226 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4227
4228 err = smp_send_pairing_confirm(smp);
4229 if (err) {
4230 return err;
4231 }
4232 break;
4233 case PASSKEY_DISPLAY:
4234 err = display_passkey(smp);
4235 if (err) {
4236 return err;
4237 }
4238
4239 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4240 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4241 break;
4242 case PASSKEY_INPUT:
4243 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4244 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4245 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4246 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4247 break;
4248 case LE_SC_OOB:
4249 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4250 break;
4251 default:
4252 LOG_ERR("Unknown pairing method (%u)", smp->method);
4253 return BT_SMP_ERR_UNSPECIFIED;
4254 }
4255
4256 return generate_dhkey(smp);
4257 }
4258 #endif /* CONFIG_BT_PERIPHERAL */
4259
4260 #ifdef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4261 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4262 {
4263 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4264 }
4265 #else
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4266 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4267 {
4268 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4269 struct bt_smp_public_key *req = (void *)buf->data;
4270 uint8_t err;
4271
4272 LOG_DBG("");
4273
4274 memcpy(smp->pkey, req->x, BT_PUB_KEY_COORD_LEN);
4275 memcpy(&smp->pkey[BT_PUB_KEY_COORD_LEN], req->y, BT_PUB_KEY_COORD_LEN);
4276
4277 /* mark key as debug if remote is using it */
4278 if (bt_pub_key_is_debug(smp->pkey)) {
4279 LOG_INF("Remote is using Debug Public key");
4280 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
4281
4282 /* Don't allow a bond established without debug key to be
4283 * updated using LTK generated from debug key.
4284 */
4285 if (!update_debug_keys_check(smp)) {
4286 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4287 }
4288 }
4289
4290 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4291 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4292 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4293 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4294 /* Deny public key with identitcal X coordinate unless
4295 * it is the debug public key.
4296 */
4297 LOG_WRN("Remote public key rejected");
4298 return BT_SMP_ERR_UNSPECIFIED;
4299 }
4300
4301 switch (smp->method) {
4302 case PASSKEY_CONFIRM:
4303 case JUST_WORKS:
4304 atomic_set_bit(smp->allowed_cmds,
4305 BT_SMP_CMD_PAIRING_CONFIRM);
4306 break;
4307 case PASSKEY_DISPLAY:
4308 err = display_passkey(smp);
4309 if (err) {
4310 return err;
4311 }
4312
4313 atomic_set_bit(smp->allowed_cmds,
4314 BT_SMP_CMD_PAIRING_CONFIRM);
4315
4316 atomic_set_bit(smp->allowed_cmds,
4317 BT_SMP_KEYPRESS_NOTIFICATION);
4318
4319 err = smp_send_pairing_confirm(smp);
4320 if (err) {
4321 return err;
4322 }
4323 break;
4324 case PASSKEY_INPUT:
4325 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4326 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4327
4328 atomic_set_bit(smp->allowed_cmds,
4329 BT_SMP_KEYPRESS_NOTIFICATION);
4330
4331 break;
4332 case LE_SC_OOB:
4333 /* Step 6: Select random N */
4334 if (bt_rand(smp->prnd, 16)) {
4335 return BT_SMP_ERR_UNSPECIFIED;
4336 }
4337
4338 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
4339 struct bt_conn_oob_info info = {
4340 .type = BT_CONN_OOB_LE_SC,
4341 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
4342 };
4343
4344 le_sc_oob_config_set(smp, &info);
4345
4346 smp->oobd_local = NULL;
4347 smp->oobd_remote = NULL;
4348
4349 atomic_set_bit(smp->flags,
4350 SMP_FLAG_OOB_PENDING);
4351 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
4352 } else {
4353 return BT_SMP_ERR_OOB_NOT_AVAIL;
4354 }
4355 break;
4356 default:
4357 LOG_ERR("Unknown pairing method (%u)", smp->method);
4358 return BT_SMP_ERR_UNSPECIFIED;
4359 }
4360
4361 return generate_dhkey(smp);
4362 }
4363
4364 #if defined(CONFIG_BT_PERIPHERAL)
4365 if (!sc_public_key) {
4366 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
4367 return 0;
4368 }
4369
4370 err = smp_public_key_periph(smp);
4371 if (err) {
4372 return err;
4373 }
4374 #endif /* CONFIG_BT_PERIPHERAL */
4375
4376 return 0;
4377 }
4378 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
4379
smp_dhkey_check(struct bt_smp * smp,struct net_buf * buf)4380 static uint8_t smp_dhkey_check(struct bt_smp *smp, struct net_buf *buf)
4381 {
4382 struct bt_smp_dhkey_check *req = (void *)buf->data;
4383
4384 LOG_DBG("");
4385
4386 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4387 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4388 uint8_t e[16], r[16], enc_size;
4389 uint8_t ediv[2], rand[8];
4390
4391 (void)memset(r, 0, sizeof(r));
4392
4393 switch (smp->method) {
4394 case JUST_WORKS:
4395 case PASSKEY_CONFIRM:
4396 break;
4397 case PASSKEY_DISPLAY:
4398 case PASSKEY_INPUT:
4399 memcpy(r, &smp->passkey, sizeof(smp->passkey));
4400 break;
4401 case LE_SC_OOB:
4402 if (smp->oobd_local) {
4403 memcpy(r, smp->oobd_local->r, sizeof(r));
4404 }
4405 break;
4406 default:
4407 LOG_ERR("Unknown pairing method (%u)", smp->method);
4408 return BT_SMP_ERR_UNSPECIFIED;
4409 }
4410
4411 /* calculate remote DHKey check for comparison */
4412 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->prsp[1],
4413 &smp->chan.chan.conn->le.resp_addr,
4414 &smp->chan.chan.conn->le.init_addr, e)) {
4415 return BT_SMP_ERR_UNSPECIFIED;
4416 }
4417
4418 if (memcmp(e, req->e, 16)) {
4419 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
4420 }
4421
4422 enc_size = get_encryption_key_size(smp);
4423
4424 /* Rand and EDiv are 0 */
4425 (void)memset(ediv, 0, sizeof(ediv));
4426 (void)memset(rand, 0, sizeof(rand));
4427 if (bt_conn_le_start_encryption(smp->chan.chan.conn, rand, ediv,
4428 smp->tk, enc_size) < 0) {
4429 LOG_ERR("Failed to start encryption");
4430 return BT_SMP_ERR_UNSPECIFIED;
4431 }
4432
4433 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4434
4435 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
4436 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4437 atomic_set_bit(smp->allowed_cmds,
4438 BT_SMP_CMD_IDENT_INFO);
4439 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4440 atomic_set_bit(smp->allowed_cmds,
4441 BT_SMP_CMD_SIGNING_INFO);
4442 }
4443 }
4444
4445 return 0;
4446 }
4447
4448 #if defined(CONFIG_BT_PERIPHERAL)
4449 if (smp->chan.chan.conn->role == BT_HCI_ROLE_PERIPHERAL) {
4450 atomic_clear_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
4451 memcpy(smp->e, req->e, sizeof(smp->e));
4452
4453 /* wait for DHKey being generated */
4454 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
4455 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4456 return 0;
4457 }
4458
4459 /* waiting for user to confirm passkey */
4460 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
4461 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4462 return 0;
4463 }
4464
4465 return compute_and_check_and_send_periph_dhcheck(smp);
4466 }
4467 #endif /* CONFIG_BT_PERIPHERAL */
4468
4469 return 0;
4470 }
4471
4472 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4473 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4474 {
4475 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4476 struct bt_conn *conn = smp->chan.chan.conn;
4477 struct bt_smp_keypress_notif *notif = (void *)buf->data;
4478 enum bt_conn_auth_keypress type = notif->type;
4479
4480 LOG_DBG("Keypress from conn %u, type %u", bt_conn_index(conn), type);
4481
4482 /* For now, keypress notifications are always accepted. In the future we
4483 * should be smarter about this. We might also want to enforce something
4484 * about the 'start' and 'end' messages.
4485 */
4486 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4487
4488 if (!IN_RANGE(type,
4489 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
4490 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
4491 LOG_WRN("Received unknown keypress event type %u. Discarding.", type);
4492 return BT_SMP_ERR_INVALID_PARAMS;
4493 }
4494
4495 /* Reset SMP timeout, like the spec says. */
4496 k_work_reschedule(&smp->work, SMP_TIMEOUT);
4497
4498 if (smp_auth_cb->passkey_display_keypress) {
4499 smp_auth_cb->passkey_display_keypress(conn, type);
4500 }
4501
4502 return 0;
4503 }
4504 #else
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4505 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4506 {
4507 ARG_UNUSED(smp);
4508 ARG_UNUSED(buf);
4509
4510 LOG_DBG("");
4511
4512 /* Ignore packets until keypress notifications are fully supported. */
4513 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4514 return 0;
4515 }
4516 #endif
4517
4518 static const struct {
4519 uint8_t (*func)(struct bt_smp *smp, struct net_buf *buf);
4520 uint8_t expect_len;
4521 } handlers[] = {
4522 { }, /* No op-code defined for 0x00 */
4523 { smp_pairing_req, sizeof(struct bt_smp_pairing) },
4524 { smp_pairing_rsp, sizeof(struct bt_smp_pairing) },
4525 { smp_pairing_confirm, sizeof(struct bt_smp_pairing_confirm) },
4526 { smp_pairing_random, sizeof(struct bt_smp_pairing_random) },
4527 { smp_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
4528 { smp_encrypt_info, sizeof(struct bt_smp_encrypt_info) },
4529 { smp_central_ident, sizeof(struct bt_smp_central_ident) },
4530 { smp_ident_info, sizeof(struct bt_smp_ident_info) },
4531 { smp_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
4532 { smp_signing_info, sizeof(struct bt_smp_signing_info) },
4533 { smp_security_request, sizeof(struct bt_smp_security_request) },
4534 { smp_public_key, sizeof(struct bt_smp_public_key) },
4535 { smp_dhkey_check, sizeof(struct bt_smp_dhkey_check) },
4536 { smp_keypress_notif, sizeof(struct bt_smp_keypress_notif) },
4537 };
4538
is_in_pairing_procedure(struct bt_smp * smp)4539 static bool is_in_pairing_procedure(struct bt_smp *smp)
4540 {
4541 return atomic_test_bit(smp->flags, SMP_FLAG_PAIRING);
4542 }
4543
bt_smp_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)4544 static int bt_smp_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
4545 {
4546 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4547 struct bt_smp_hdr *hdr;
4548 uint8_t err;
4549
4550 if (buf->len < sizeof(*hdr)) {
4551 LOG_ERR("Too small SMP PDU received");
4552 return 0;
4553 }
4554
4555 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4556 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
4557
4558 /*
4559 * If SMP timeout occurred "no further SMP commands shall be sent over
4560 * the L2CAP Security Manager Channel. A new SM procedure shall only be
4561 * performed when a new physical link has been established."
4562 */
4563 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
4564 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
4565 return 0;
4566 }
4567
4568 /*
4569 * Bluetooth Core Specification Version 5.2, Vol 3, Part H, page 1667:
4570 * If a packet is received with a Code that is reserved for future use
4571 * it shall be ignored.
4572 */
4573 if (hdr->code >= ARRAY_SIZE(handlers)) {
4574 LOG_WRN("Received reserved SMP code 0x%02x", hdr->code);
4575 return 0;
4576 }
4577
4578 if (!handlers[hdr->code].func) {
4579 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
4580 smp_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
4581 return 0;
4582 }
4583
4584 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
4585 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
4586 /* Do not send errors outside of pairing procedure. */
4587 if (is_in_pairing_procedure(smp)) {
4588 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
4589 }
4590 return 0;
4591 }
4592
4593 if (buf->len != handlers[hdr->code].expect_len) {
4594 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
4595 smp_error(smp, BT_SMP_ERR_INVALID_PARAMS);
4596 return 0;
4597 }
4598
4599 err = handlers[hdr->code].func(smp, buf);
4600 if (err) {
4601 smp_error(smp, err);
4602 }
4603
4604 return 0;
4605 }
4606
bt_smp_pkey_ready(const uint8_t * pkey)4607 static void bt_smp_pkey_ready(const uint8_t *pkey)
4608 {
4609 int i;
4610
4611 LOG_DBG("");
4612
4613 sc_public_key = pkey;
4614
4615 if (!pkey) {
4616 LOG_WRN("Public key not available");
4617 return;
4618 }
4619
4620 k_sem_give(&sc_local_pkey_ready);
4621
4622 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
4623 struct bt_smp *smp = &bt_smp_pool[i];
4624 uint8_t err;
4625
4626 if (!atomic_test_bit(smp->flags, SMP_FLAG_PKEY_SEND)) {
4627 continue;
4628 }
4629
4630 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4631 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4632 err = sc_send_public_key(smp);
4633 if (err) {
4634 smp_error(smp, err);
4635 }
4636
4637 atomic_set_bit(smp->allowed_cmds,
4638 BT_SMP_CMD_PUBLIC_KEY);
4639 continue;
4640 }
4641
4642 #if defined(CONFIG_BT_PERIPHERAL)
4643 err = smp_public_key_periph(smp);
4644 if (err) {
4645 smp_error(smp, err);
4646 }
4647 #endif /* CONFIG_BT_PERIPHERAL */
4648 }
4649 }
4650
bt_smp_connected(struct bt_l2cap_chan * chan)4651 static void bt_smp_connected(struct bt_l2cap_chan *chan)
4652 {
4653 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4654
4655 LOG_DBG("chan %p cid 0x%04x", chan,
4656 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4657
4658 k_work_init_delayable(&smp->work, smp_timeout);
4659 smp_reset(smp);
4660
4661 atomic_ptr_set(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED);
4662 atomic_set(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED);
4663 }
4664
bt_smp_disconnected(struct bt_l2cap_chan * chan)4665 static void bt_smp_disconnected(struct bt_l2cap_chan *chan)
4666 {
4667 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4668 struct bt_keys *keys = chan->conn->le.keys;
4669
4670 LOG_DBG("chan %p cid 0x%04x", chan,
4671 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4672
4673 /* Channel disconnected callback is always called from a work handler
4674 * so canceling of the timeout work should always succeed.
4675 */
4676 (void)k_work_cancel_delayable(&smp->work);
4677
4678 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
4679 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
4680 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
4681 /* reset context and report */
4682 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
4683 }
4684
4685 if (keys) {
4686 /*
4687 * If debug keys were used for pairing remove them.
4688 * No keys indicate no bonding so free keys storage.
4689 */
4690 if (!keys->keys || (!IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS) &&
4691 (keys->flags & BT_KEYS_DEBUG))) {
4692 bt_keys_clear(keys);
4693 }
4694 }
4695
4696 (void)memset(smp, 0, sizeof(*smp));
4697 }
4698
bt_smp_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)4699 static void bt_smp_encrypt_change(struct bt_l2cap_chan *chan,
4700 uint8_t hci_status)
4701 {
4702 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4703 struct bt_conn *conn = chan->conn;
4704
4705 LOG_DBG("chan %p conn %p handle %u encrypt 0x%02x hci status 0x%02x %s", chan, conn,
4706 conn->handle, conn->encrypt, hci_status, bt_hci_err_to_str(hci_status));
4707
4708 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4709 /* We where not waiting for encryption procedure.
4710 * This happens when encrypt change is called to notify that
4711 * security has failed before starting encryption.
4712 */
4713 return;
4714 }
4715
4716 if (hci_status) {
4717 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4718 uint8_t smp_err = smp_err_get(
4719 bt_security_err_get(hci_status));
4720
4721 /* Fail as if it happened during key distribution */
4722 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4723 smp_pairing_complete(smp, smp_err);
4724 }
4725
4726 return;
4727 }
4728
4729 if (!conn->encrypt) {
4730 return;
4731 }
4732
4733 /* We were waiting for encryption but with no pairing in progress.
4734 * This can happen if paired peripheral sent Security Request and we
4735 * enabled encryption.
4736 */
4737 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4738 smp_reset(smp);
4739 return;
4740 }
4741
4742 /* derive BR/EDR LinkKey if supported by both sides */
4743 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
4744 if ((smp->local_dist & BT_SMP_DIST_LINK_KEY) &&
4745 (smp->remote_dist & BT_SMP_DIST_LINK_KEY)) {
4746 /*
4747 * Link Key will be derived after key distribution to
4748 * make sure remote device identity is known
4749 */
4750 atomic_set_bit(smp->flags, SMP_FLAG_DERIVE_LK);
4751 }
4752 /*
4753 * Those are used as pairing finished indicator so generated
4754 * but not distributed keys must be cleared here.
4755 */
4756 smp->local_dist &= ~BT_SMP_DIST_LINK_KEY;
4757 smp->remote_dist &= ~BT_SMP_DIST_LINK_KEY;
4758 }
4759
4760 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
4761 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
4762 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4763 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
4764 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4765 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
4766 }
4767
4768 /* This is the last point that is common for all code paths in the
4769 * pairing process (during which we still have the option to send
4770 * Pairing Failed). That makes it convenient to update the RL here. We
4771 * want to update the RL during the pairing process so that we can fail
4772 * it in case there is a conflict with an existing bond.
4773 *
4774 * We can do the update here only if the peer does not intend to send us
4775 * any identity information. In this case we already have everything
4776 * that goes into the RL.
4777 *
4778 * We need an entry in the RL despite the remote not using privacy. This
4779 * is because we are using privacy locally and need to associate correct
4780 * local IRK with the peer.
4781 *
4782 * If the peer does intend to send us identity information, we must wait
4783 * for that information to enter it in the RL. In that case, we call
4784 * `smp_id_add_replace` not here, but later. If neither we nor the peer
4785 * are using privacy, there is no need for an entry in the RL.
4786 */
4787 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4788 IS_ENABLED(CONFIG_BT_PRIVACY) &&
4789 conn->role == BT_HCI_ROLE_CENTRAL &&
4790 !(smp->remote_dist & BT_SMP_DIST_ID_KEY)) {
4791 uint8_t smp_err;
4792
4793 smp_err = smp_id_add_replace(smp, conn->le.keys);
4794 if (smp_err) {
4795 smp_pairing_complete(smp, smp_err);
4796 }
4797 }
4798
4799 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4800
4801 /* Peripheral distributes it's keys first */
4802 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4803 conn->role == BT_HCI_ROLE_CENTRAL && smp->remote_dist) {
4804 return;
4805 }
4806
4807 if (IS_ENABLED(CONFIG_BT_TESTING)) {
4808 /* Avoid the HCI-USB race condition where HCI data and
4809 * HCI events can be re-ordered, and pairing information appears
4810 * to be sent unencrypted.
4811 */
4812 k_sleep(K_MSEC(100));
4813 }
4814
4815 if (bt_smp_distribute_keys(smp)) {
4816 return;
4817 }
4818
4819 /* if all keys were distributed, pairing is done */
4820 if (!smp->local_dist && !smp->remote_dist) {
4821 smp_pairing_complete(smp, 0);
4822 }
4823 }
4824
4825 #if defined(CONFIG_BT_SIGNING) || defined(CONFIG_BT_SMP_SELFTEST)
4826 /* Sign message using msg as a buffer, len is a size of the message,
4827 * msg buffer contains message itself, 32 bit count and signature,
4828 * so total buffer size is len + 4 + 8 octets.
4829 * API is Little Endian to make it suitable for Bluetooth.
4830 */
smp_sign_buf(const uint8_t * key,uint8_t * msg,uint16_t len)4831 static int smp_sign_buf(const uint8_t *key, uint8_t *msg, uint16_t len)
4832 {
4833 uint8_t *m = msg;
4834 uint32_t cnt = UNALIGNED_GET((uint32_t *)&msg[len]);
4835 uint8_t *sig = msg + len;
4836 uint8_t key_s[16], tmp[16];
4837 int err;
4838
4839 LOG_DBG("Signing msg %s len %u key %s", bt_hex(msg, len), len, bt_hex(key, 16));
4840
4841 sys_mem_swap(m, len + sizeof(cnt));
4842 sys_memcpy_swap(key_s, key, 16);
4843
4844 err = bt_crypto_aes_cmac(key_s, m, len + sizeof(cnt), tmp);
4845 if (err) {
4846 LOG_ERR("Data signing failed");
4847 return err;
4848 }
4849
4850 sys_mem_swap(tmp, sizeof(tmp));
4851 memcpy(tmp + 4, &cnt, sizeof(cnt));
4852
4853 /* Swap original message back */
4854 sys_mem_swap(m, len + sizeof(cnt));
4855
4856 memcpy(sig, tmp + 4, 12);
4857
4858 LOG_DBG("sig %s", bt_hex(sig, 12));
4859
4860 return 0;
4861 }
4862 #endif
4863
4864 #if defined(CONFIG_BT_SIGNING)
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4865 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4866 {
4867 struct bt_keys *keys;
4868 uint8_t sig[12];
4869 uint32_t cnt;
4870 int err;
4871
4872 /* Store signature incl. count */
4873 memcpy(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig));
4874
4875 keys = bt_keys_find(BT_KEYS_REMOTE_CSRK, conn->id, &conn->le.dst);
4876 if (!keys) {
4877 LOG_ERR("Unable to find Remote CSRK for %s", bt_addr_le_str(&conn->le.dst));
4878 return -ENOENT;
4879 }
4880
4881 /* Copy signing count */
4882 cnt = sys_cpu_to_le32(keys->remote_csrk.cnt);
4883 memcpy(net_buf_tail(buf) - sizeof(sig), &cnt, sizeof(cnt));
4884
4885 LOG_DBG("Sign data len %zu key %s count %u", buf->len - sizeof(sig),
4886 bt_hex(keys->remote_csrk.val, 16), keys->remote_csrk.cnt);
4887
4888 err = smp_sign_buf(keys->remote_csrk.val, buf->data,
4889 buf->len - sizeof(sig));
4890 if (err) {
4891 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
4892 return -EIO;
4893 }
4894
4895 if (memcmp(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig))) {
4896 LOG_ERR("Unable to verify signature for %s", bt_addr_le_str(&conn->le.dst));
4897 return -EBADMSG;
4898 }
4899
4900 keys->remote_csrk.cnt++;
4901
4902 return 0;
4903 }
4904
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4905 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4906 {
4907 struct bt_keys *keys;
4908 uint32_t cnt;
4909 int err;
4910
4911 keys = bt_keys_find(BT_KEYS_LOCAL_CSRK, conn->id, &conn->le.dst);
4912 if (!keys) {
4913 LOG_ERR("Unable to find local CSRK for %s", bt_addr_le_str(&conn->le.dst));
4914 return -ENOENT;
4915 }
4916
4917 /* Reserve space for data signature */
4918 net_buf_add(buf, 12);
4919
4920 /* Copy signing count */
4921 cnt = sys_cpu_to_le32(keys->local_csrk.cnt);
4922 memcpy(net_buf_tail(buf) - 12, &cnt, sizeof(cnt));
4923
4924 LOG_DBG("Sign data len %u key %s count %u", buf->len, bt_hex(keys->local_csrk.val, 16),
4925 keys->local_csrk.cnt);
4926
4927 err = smp_sign_buf(keys->local_csrk.val, buf->data, buf->len - 12);
4928 if (err) {
4929 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
4930 return -EIO;
4931 }
4932
4933 keys->local_csrk.cnt++;
4934
4935 return 0;
4936 }
4937 #else
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4938 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4939 {
4940 return -ENOTSUP;
4941 }
4942
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4943 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4944 {
4945 return -ENOTSUP;
4946 }
4947 #endif /* CONFIG_BT_SIGNING */
4948
smp_d1(const uint8_t * key,uint16_t d,uint16_t r,uint8_t res[16])4949 static int smp_d1(const uint8_t *key, uint16_t d, uint16_t r, uint8_t res[16])
4950 {
4951 int err;
4952
4953 LOG_DBG("key %s d %u r %u", bt_hex(key, 16), d, r);
4954
4955 sys_put_le16(d, &res[0]);
4956 sys_put_le16(r, &res[2]);
4957 memset(&res[4], 0, 16 - 4);
4958
4959 err = bt_encrypt_le(key, res, res);
4960 if (err) {
4961 return err;
4962 }
4963
4964 LOG_DBG("res %s", bt_hex(res, 16));
4965 return 0;
4966 }
4967
bt_smp_irk_get(uint8_t * ir,uint8_t * irk)4968 int bt_smp_irk_get(uint8_t *ir, uint8_t *irk)
4969 {
4970 uint8_t invalid_ir[16] = { 0 };
4971
4972 if (!memcmp(ir, invalid_ir, 16)) {
4973 return -EINVAL;
4974 }
4975
4976 return smp_d1(ir, 1, 0, irk);
4977 }
4978
4979 #if defined(CONFIG_BT_SMP_SELFTEST)
4980 /* Test vectors are taken from RFC 4493
4981 * https://tools.ietf.org/html/rfc4493
4982 * Same mentioned in the Bluetooth Spec.
4983 */
4984 static const uint8_t key[] = {
4985 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
4986 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
4987 };
4988
4989 static const uint8_t M[] = {
4990 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
4991 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
4992 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
4993 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
4994 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
4995 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
4996 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
4997 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
4998 };
4999
aes_test(const char * prefix,const uint8_t * in_key,const uint8_t * m,uint16_t len,const uint8_t * mac)5000 static int aes_test(const char *prefix, const uint8_t *in_key, const uint8_t *m,
5001 uint16_t len, const uint8_t *mac)
5002 {
5003 uint8_t out[16];
5004
5005 LOG_DBG("%s: AES CMAC of message with len %u", prefix, len);
5006
5007 bt_crypto_aes_cmac(in_key, m, len, out);
5008 if (!memcmp(out, mac, 16)) {
5009 LOG_DBG("%s: Success", prefix);
5010 } else {
5011 LOG_ERR("%s: Failed", prefix);
5012 return -1;
5013 }
5014
5015 return 0;
5016 }
5017
smp_aes_cmac_test(void)5018 static int smp_aes_cmac_test(void)
5019 {
5020 uint8_t mac1[] = {
5021 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
5022 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
5023 };
5024 uint8_t mac2[] = {
5025 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
5026 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
5027 };
5028 uint8_t mac3[] = {
5029 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
5030 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
5031 };
5032 uint8_t mac4[] = {
5033 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
5034 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
5035 };
5036 int err;
5037
5038 err = aes_test("Test aes-cmac0", key, M, 0, mac1);
5039 if (err) {
5040 return err;
5041 }
5042
5043 err = aes_test("Test aes-cmac16", key, M, 16, mac2);
5044 if (err) {
5045 return err;
5046 }
5047
5048 err = aes_test("Test aes-cmac40", key, M, 40, mac3);
5049 if (err) {
5050 return err;
5051 }
5052
5053 err = aes_test("Test aes-cmac64", key, M, 64, mac4);
5054 if (err) {
5055 return err;
5056 }
5057
5058 return 0;
5059 }
5060
sign_test(const char * prefix,const uint8_t * sign_key,const uint8_t * m,uint16_t len,const uint8_t * sig)5061 static int sign_test(const char *prefix, const uint8_t *sign_key, const uint8_t *m,
5062 uint16_t len, const uint8_t *sig)
5063 {
5064 uint8_t msg[len + sizeof(uint32_t) + 8];
5065 uint8_t orig[len + sizeof(uint32_t) + 8];
5066 uint8_t *out = msg + len;
5067 int err;
5068
5069 LOG_DBG("%s: Sign message with len %u", prefix, len);
5070
5071 (void)memset(msg, 0, sizeof(msg));
5072 memcpy(msg, m, len);
5073 (void)memset(msg + len, 0, sizeof(uint32_t));
5074
5075 memcpy(orig, msg, sizeof(msg));
5076
5077 err = smp_sign_buf(sign_key, msg, len);
5078 if (err) {
5079 return err;
5080 }
5081
5082 /* Check original message */
5083 if (!memcmp(msg, orig, len + sizeof(uint32_t))) {
5084 LOG_DBG("%s: Original message intact", prefix);
5085 } else {
5086 LOG_ERR("%s: Original message modified", prefix);
5087 LOG_DBG("%s: orig %s", prefix, bt_hex(orig, sizeof(orig)));
5088 LOG_DBG("%s: msg %s", prefix, bt_hex(msg, sizeof(msg)));
5089 return -1;
5090 }
5091
5092 if (!memcmp(out, sig, 12)) {
5093 LOG_DBG("%s: Success", prefix);
5094 } else {
5095 LOG_ERR("%s: Failed", prefix);
5096 return -1;
5097 }
5098
5099 return 0;
5100 }
5101
smp_sign_test(void)5102 static int smp_sign_test(void)
5103 {
5104 const uint8_t sig1[] = {
5105 0x00, 0x00, 0x00, 0x00, 0xb3, 0xa8, 0x59, 0x41,
5106 0x27, 0xeb, 0xc2, 0xc0
5107 };
5108 const uint8_t sig2[] = {
5109 0x00, 0x00, 0x00, 0x00, 0x27, 0x39, 0x74, 0xf4,
5110 0x39, 0x2a, 0x23, 0x2a
5111 };
5112 const uint8_t sig3[] = {
5113 0x00, 0x00, 0x00, 0x00, 0xb7, 0xca, 0x94, 0xab,
5114 0x87, 0xc7, 0x82, 0x18
5115 };
5116 const uint8_t sig4[] = {
5117 0x00, 0x00, 0x00, 0x00, 0x44, 0xe1, 0xe6, 0xce,
5118 0x1d, 0xf5, 0x13, 0x68
5119 };
5120 uint8_t key_s[16];
5121 int err;
5122
5123 /* Use the same key as aes-cmac but swap bytes */
5124 sys_memcpy_swap(key_s, key, 16);
5125
5126 err = sign_test("Test sign0", key_s, M, 0, sig1);
5127 if (err) {
5128 return err;
5129 }
5130
5131 err = sign_test("Test sign16", key_s, M, 16, sig2);
5132 if (err) {
5133 return err;
5134 }
5135
5136 err = sign_test("Test sign40", key_s, M, 40, sig3);
5137 if (err) {
5138 return err;
5139 }
5140
5141 err = sign_test("Test sign64", key_s, M, 64, sig4);
5142 if (err) {
5143 return err;
5144 }
5145
5146 return 0;
5147 }
5148
smp_f4_test(void)5149 static int smp_f4_test(void)
5150 {
5151 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5152 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5153 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5154 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5155 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5156 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5157 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5158 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5159 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5160 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5161 uint8_t z = 0x00;
5162 uint8_t exp[16] = { 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
5163 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
5164 uint8_t res[16];
5165 int err;
5166
5167 err = bt_crypto_f4(u, v, x, z, res);
5168 if (err) {
5169 return err;
5170 }
5171
5172 if (memcmp(res, exp, 16)) {
5173 return -EINVAL;
5174 }
5175
5176 return 0;
5177 }
5178
smp_f5_test(void)5179 static int smp_f5_test(void)
5180 {
5181 uint8_t w[32] = { 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
5182 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
5183 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5184 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5185 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5186 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5187 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5188 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5189 bt_addr_le_t a1 = { .type = 0x00,
5190 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5191 bt_addr_le_t a2 = { .type = 0x00,
5192 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5193 uint8_t exp_ltk[16] = { 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05,
5194 0x98, 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79,
5195 0x86, 0x69 };
5196 uint8_t exp_mackey[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f,
5197 0xfd, 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1,
5198 0x65, 0x29 };
5199 uint8_t mackey[16], ltk[16];
5200 int err;
5201
5202 err = bt_crypto_f5(w, n1, n2, &a1, &a2, mackey, ltk);
5203 if (err) {
5204 return err;
5205 }
5206
5207 if (memcmp(mackey, exp_mackey, 16) || memcmp(ltk, exp_ltk, 16)) {
5208 return -EINVAL;
5209 }
5210
5211 return 0;
5212 }
5213
smp_f6_test(void)5214 static int smp_f6_test(void)
5215 {
5216 uint8_t w[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
5217 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
5218 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5219 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5220 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5221 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5222 uint8_t r[16] = { 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
5223 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
5224 uint8_t io_cap[3] = { 0x02, 0x01, 0x01 };
5225 bt_addr_le_t a1 = { .type = 0x00,
5226 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5227 bt_addr_le_t a2 = { .type = 0x00,
5228 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5229 uint8_t exp[16] = { 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
5230 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
5231 uint8_t res[16];
5232 int err;
5233
5234 err = bt_crypto_f6(w, n1, n2, r, io_cap, &a1, &a2, res);
5235 if (err)
5236 return err;
5237
5238 if (memcmp(res, exp, 16))
5239 return -EINVAL;
5240
5241 return 0;
5242 }
5243
smp_g2_test(void)5244 static int smp_g2_test(void)
5245 {
5246 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5247 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5248 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5249 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5250 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5251 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5252 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5253 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5254 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5255 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5256 uint8_t y[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5257 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5258 uint32_t exp_val = 0x2f9ed5ba % 1000000;
5259 uint32_t val;
5260 int err;
5261
5262 err = bt_crypto_g2(u, v, x, y, &val);
5263 if (err) {
5264 return err;
5265 }
5266
5267 if (val != exp_val) {
5268 return -EINVAL;
5269 }
5270
5271 return 0;
5272 }
5273
5274 #if defined(CONFIG_BT_CLASSIC)
smp_h6_test(void)5275 static int smp_h6_test(void)
5276 {
5277 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5278 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5279 uint8_t key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
5280 uint8_t exp_res[16] = { 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
5281 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d};
5282 uint8_t res[16];
5283 int err;
5284
5285 err = bt_crypto_h6(w, key_id, res);
5286 if (err) {
5287 return err;
5288 }
5289
5290 if (memcmp(res, exp_res, 16)) {
5291 return -EINVAL;
5292 }
5293
5294 return 0;
5295 }
5296
smp_h7_test(void)5297 static int smp_h7_test(void)
5298 {
5299 uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74, 0x00, 0x00, 0x00, 0x00,
5300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
5301 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5302 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5303 uint8_t exp_res[16] = { 0x11, 0x70, 0xa5, 0x75, 0x2a, 0x8c, 0x99, 0xd2,
5304 0xec, 0xc0, 0xa3, 0xc6, 0x97, 0x35, 0x17, 0xfb};
5305 uint8_t res[16];
5306 int err;
5307
5308 err = bt_crypto_h7(salt, w, res);
5309 if (err) {
5310 return err;
5311 }
5312
5313 if (memcmp(res, exp_res, 16)) {
5314 return -EINVAL;
5315 }
5316
5317 return 0;
5318 }
5319 #endif /* CONFIG_BT_CLASSIC */
5320
smp_h8_test(void)5321 static int smp_h8_test(void)
5322 {
5323 uint8_t k[16] = {0xec, 0x02, 0x34, 0xa3, 0x57, 0xc8, 0xad, 0x05,
5324 0x34, 0x10, 0x10, 0xa6, 0x0a, 0x39, 0x7d, 0x9b};
5325 uint8_t s[16] = {0x15, 0x36, 0xd1, 0x8d, 0xe3, 0xd2, 0x0d, 0xf9,
5326 0x9b, 0x70, 0x44, 0xc1, 0x2f, 0x9e, 0xd5, 0xba};
5327 uint8_t key_id[4] = {0xcc, 0x03, 0x01, 0x48};
5328
5329 uint8_t exp_res[16] = {0xe5, 0xe5, 0xbe, 0xba, 0xae, 0x72, 0x28, 0xe7,
5330 0x22, 0xa3, 0x89, 0x04, 0xed, 0x35, 0x0f, 0x6d};
5331 uint8_t res[16];
5332 int err;
5333
5334 err = bt_crypto_h8(k, s, key_id, res);
5335 if (err) {
5336 return err;
5337 }
5338
5339 if (memcmp(res, exp_res, 16)) {
5340 return -EINVAL;
5341 }
5342
5343 return 0;
5344 }
5345
smp_self_test(void)5346 static int smp_self_test(void)
5347 {
5348 int err;
5349
5350 err = smp_aes_cmac_test();
5351 if (err) {
5352 LOG_ERR("SMP AES-CMAC self tests failed");
5353 return err;
5354 }
5355
5356 err = smp_sign_test();
5357 if (err) {
5358 LOG_ERR("SMP signing self tests failed");
5359 return err;
5360 }
5361
5362 err = smp_f4_test();
5363 if (err) {
5364 LOG_ERR("SMP f4 self test failed");
5365 return err;
5366 }
5367
5368 err = smp_f5_test();
5369 if (err) {
5370 LOG_ERR("SMP f5 self test failed");
5371 return err;
5372 }
5373
5374 err = smp_f6_test();
5375 if (err) {
5376 LOG_ERR("SMP f6 self test failed");
5377 return err;
5378 }
5379
5380 err = smp_g2_test();
5381 if (err) {
5382 LOG_ERR("SMP g2 self test failed");
5383 return err;
5384 }
5385
5386 #if defined(CONFIG_BT_CLASSIC)
5387 err = smp_h6_test();
5388 if (err) {
5389 LOG_ERR("SMP h6 self test failed");
5390 return err;
5391 }
5392
5393 err = smp_h7_test();
5394 if (err) {
5395 LOG_ERR("SMP h7 self test failed");
5396 return err;
5397 }
5398 #endif /* CONFIG_BT_CLASSIC */
5399 err = smp_h8_test();
5400 if (err) {
5401 LOG_ERR("SMP h8 self test failed");
5402 return err;
5403 }
5404
5405 return 0;
5406 }
5407 #else
smp_self_test(void)5408 static inline int smp_self_test(void)
5409 {
5410 return 0;
5411 }
5412 #endif
5413
5414 #if defined(CONFIG_BT_BONDABLE_PER_CONNECTION)
bt_conn_set_bondable(struct bt_conn * conn,bool enable)5415 int bt_conn_set_bondable(struct bt_conn *conn, bool enable)
5416 {
5417 struct bt_smp *smp;
5418
5419 smp = smp_chan_get(conn);
5420 if (!smp) {
5421 return -EINVAL;
5422 }
5423
5424 if (atomic_cas(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED, (atomic_val_t)enable)) {
5425 return 0;
5426 } else {
5427 return -EALREADY;
5428 }
5429 }
5430 #endif
5431
bt_smp_auth_cb_overlay(struct bt_conn * conn,const struct bt_conn_auth_cb * cb)5432 int bt_smp_auth_cb_overlay(struct bt_conn *conn, const struct bt_conn_auth_cb *cb)
5433 {
5434 struct bt_smp *smp;
5435
5436 smp = smp_chan_get(conn);
5437 if (!smp) {
5438 return -EINVAL;
5439 }
5440
5441 if (atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED, (atomic_ptr_val_t)cb)) {
5442 return 0;
5443 } else {
5444 return -EALREADY;
5445 }
5446 }
5447
5448 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_send_keypress_notif(struct bt_smp * smp,uint8_t type)5449 static int smp_send_keypress_notif(struct bt_smp *smp, uint8_t type)
5450 {
5451 struct bt_smp_keypress_notif *req;
5452 struct net_buf *buf;
5453
5454 buf = smp_create_pdu(smp, BT_SMP_KEYPRESS_NOTIFICATION, sizeof(*req));
5455 if (!buf) {
5456 return -ENOMEM;
5457 }
5458
5459 req = net_buf_add(buf, sizeof(*req));
5460 req->type = type;
5461
5462 smp_send(smp, buf, NULL, NULL);
5463
5464 return 0;
5465 }
5466 #endif
5467
5468 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
bt_smp_auth_keypress_notify(struct bt_conn * conn,enum bt_conn_auth_keypress type)5469 int bt_smp_auth_keypress_notify(struct bt_conn *conn, enum bt_conn_auth_keypress type)
5470 {
5471 struct bt_smp *smp;
5472
5473 smp = smp_chan_get(conn);
5474 if (!smp) {
5475 return -EINVAL;
5476 }
5477
5478 CHECKIF(!IN_RANGE(type,
5479 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
5480 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
5481 LOG_ERR("Refusing to send unknown event type %u", type);
5482 return -EINVAL;
5483 }
5484
5485 if (smp->method != PASSKEY_INPUT ||
5486 !atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
5487 LOG_ERR("Refusing to send keypress: Not waiting for passkey input.");
5488 return -EINVAL;
5489 }
5490
5491 return smp_send_keypress_notif(smp, type);
5492 }
5493 #endif
5494
bt_smp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)5495 int bt_smp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
5496 {
5497 struct bt_smp *smp;
5498 uint8_t err;
5499
5500 smp = smp_chan_get(conn);
5501 if (!smp) {
5502 return -EINVAL;
5503 }
5504
5505 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5506 return -EINVAL;
5507 }
5508
5509 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
5510 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5511 legacy_passkey_entry(smp, passkey);
5512 return 0;
5513 }
5514 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5515
5516 smp->passkey = sys_cpu_to_le32(passkey);
5517
5518 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5519 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5520 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
5521 err = smp_send_pairing_confirm(smp);
5522 if (err) {
5523 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5524 return 0;
5525 }
5526 return 0;
5527 }
5528
5529 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
5530 atomic_test_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
5531 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5532 err = smp_send_pairing_confirm(smp);
5533 if (err) {
5534 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5535 return 0;
5536 }
5537 }
5538
5539 return 0;
5540 }
5541
bt_smp_auth_passkey_confirm(struct bt_conn * conn)5542 int bt_smp_auth_passkey_confirm(struct bt_conn *conn)
5543 {
5544 struct bt_smp *smp;
5545
5546 smp = smp_chan_get(conn);
5547 if (!smp) {
5548 return -EINVAL;
5549 }
5550
5551 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5552 return -EINVAL;
5553 }
5554
5555 /* wait for DHKey being generated */
5556 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
5557 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5558 return 0;
5559 }
5560
5561 /* wait for remote DHKey Check */
5562 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
5563 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5564 return 0;
5565 }
5566
5567 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
5568 uint8_t err;
5569
5570 #if defined(CONFIG_BT_CENTRAL)
5571 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5572 err = compute_and_send_central_dhcheck(smp);
5573 if (err) {
5574 smp_error(smp, err);
5575 }
5576 return 0;
5577 }
5578 #endif /* CONFIG_BT_CENTRAL */
5579
5580 #if defined(CONFIG_BT_PERIPHERAL)
5581 err = compute_and_check_and_send_periph_dhcheck(smp);
5582 if (err) {
5583 smp_error(smp, err);
5584 }
5585 #endif /* CONFIG_BT_PERIPHERAL */
5586 }
5587
5588 return 0;
5589 }
5590
5591 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_le_oob_set_tk(struct bt_conn * conn,const uint8_t * tk)5592 int bt_smp_le_oob_set_tk(struct bt_conn *conn, const uint8_t *tk)
5593 {
5594 struct bt_smp *smp;
5595
5596 smp = smp_chan_get(conn);
5597 if (!smp || !tk) {
5598 return -EINVAL;
5599 }
5600
5601 LOG_DBG("%s", bt_hex(tk, 16));
5602
5603 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5604 return -EINVAL;
5605 }
5606
5607 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5608 uint8_t oob[16];
5609
5610 sys_memcpy_swap(oob, tk, 16);
5611 LOG_INF("Legacy OOB data 0x%s", bt_hex(oob, 16));
5612 }
5613
5614 memcpy(smp->tk, tk, 16*sizeof(uint8_t));
5615
5616 legacy_user_tk_entry(smp);
5617
5618 return 0;
5619 }
5620 #endif /* !defined(CONFIG_BT_SMP_SC_PAIR_ONLY) */
5621
bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data * le_sc_oob)5622 int bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data *le_sc_oob)
5623 {
5624 int err;
5625
5626 if (!le_sc_supported()) {
5627 return -ENOTSUP;
5628 }
5629
5630 if (!sc_public_key) {
5631 err = k_sem_take(&sc_local_pkey_ready, K_FOREVER);
5632 if (err) {
5633 return err;
5634 }
5635 }
5636
5637 if (IS_ENABLED(CONFIG_BT_OOB_DATA_FIXED)) {
5638 uint8_t rand_num[] = {
5639 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5640 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5641 };
5642
5643 memcpy(le_sc_oob->r, rand_num, sizeof(le_sc_oob->r));
5644 } else {
5645 err = bt_rand(le_sc_oob->r, 16);
5646 if (err) {
5647 return err;
5648 }
5649 }
5650
5651 err = bt_crypto_f4(sc_public_key, sc_public_key, le_sc_oob->r, 0,
5652 le_sc_oob->c);
5653 if (err) {
5654 return err;
5655 }
5656
5657 return 0;
5658 }
5659
5660 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
le_sc_oob_data_check(struct bt_smp * smp,bool oobd_local_present,bool oobd_remote_present)5661 static bool le_sc_oob_data_check(struct bt_smp *smp, bool oobd_local_present,
5662 bool oobd_remote_present)
5663 {
5664 bool req_oob_present = le_sc_oob_data_req_check(smp);
5665 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
5666
5667 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5668 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5669 if ((req_oob_present != oobd_remote_present) &&
5670 (rsp_oob_present != oobd_local_present)) {
5671 return false;
5672 }
5673 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5674 if ((req_oob_present != oobd_local_present) &&
5675 (rsp_oob_present != oobd_remote_present)) {
5676 return false;
5677 }
5678 }
5679
5680 return true;
5681 }
5682
le_sc_oob_pairing_continue(struct bt_smp * smp)5683 static int le_sc_oob_pairing_continue(struct bt_smp *smp)
5684 {
5685 if (smp->oobd_remote) {
5686 int err;
5687 uint8_t c[16];
5688
5689 err = bt_crypto_f4(smp->pkey, smp->pkey, smp->oobd_remote->r, 0, c);
5690 if (err) {
5691 return err;
5692 }
5693
5694 bool match = (memcmp(c, smp->oobd_remote->c, sizeof(c)) == 0);
5695
5696 if (!match) {
5697 smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5698 return 0;
5699 }
5700 }
5701
5702 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5703 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5704 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5705 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5706 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
5707 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
5708 }
5709
5710 return smp_send_pairing_random(smp);
5711 }
5712
bt_smp_le_oob_set_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data * oobd_local,const struct bt_le_oob_sc_data * oobd_remote)5713 int bt_smp_le_oob_set_sc_data(struct bt_conn *conn,
5714 const struct bt_le_oob_sc_data *oobd_local,
5715 const struct bt_le_oob_sc_data *oobd_remote)
5716 {
5717 struct bt_smp *smp;
5718
5719 smp = smp_chan_get(conn);
5720 if (!smp) {
5721 return -EINVAL;
5722 }
5723
5724 if (!le_sc_oob_data_check(smp, (oobd_local != NULL),
5725 (oobd_remote != NULL))) {
5726 return -EINVAL;
5727 }
5728
5729 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_OOB_PENDING)) {
5730 return -EINVAL;
5731 }
5732
5733 smp->oobd_local = oobd_local;
5734 smp->oobd_remote = oobd_remote;
5735
5736 return le_sc_oob_pairing_continue(smp);
5737 }
5738
bt_smp_le_oob_get_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data ** oobd_local,const struct bt_le_oob_sc_data ** oobd_remote)5739 int bt_smp_le_oob_get_sc_data(struct bt_conn *conn,
5740 const struct bt_le_oob_sc_data **oobd_local,
5741 const struct bt_le_oob_sc_data **oobd_remote)
5742 {
5743 struct bt_smp *smp;
5744
5745 smp = smp_chan_get(conn);
5746 if (!smp) {
5747 return -EINVAL;
5748 }
5749
5750 if (!smp->oobd_local && !smp->oobd_remote) {
5751 return -ESRCH;
5752 }
5753
5754 if (oobd_local) {
5755 *oobd_local = smp->oobd_local;
5756 }
5757
5758 if (oobd_remote) {
5759 *oobd_remote = smp->oobd_remote;
5760 }
5761
5762 return 0;
5763 }
5764 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
5765
bt_smp_auth_cancel(struct bt_conn * conn)5766 int bt_smp_auth_cancel(struct bt_conn *conn)
5767 {
5768 struct bt_smp *smp;
5769
5770 smp = smp_chan_get(conn);
5771 if (!smp) {
5772 return -EINVAL;
5773 }
5774
5775 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5776 return -EINVAL;
5777 }
5778
5779 LOG_DBG("");
5780
5781 switch (smp->method) {
5782 case PASSKEY_INPUT:
5783 case PASSKEY_DISPLAY:
5784 return smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5785 case PASSKEY_CONFIRM:
5786 return smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5787 case LE_SC_OOB:
5788 case LEGACY_OOB:
5789 return smp_error(smp, BT_SMP_ERR_OOB_NOT_AVAIL);
5790 case JUST_WORKS:
5791 return smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5792 default:
5793 LOG_ERR("Unknown pairing method (%u)", smp->method);
5794 return 0;
5795 }
5796 }
5797
5798 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5799 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5800 {
5801 struct bt_smp *smp;
5802
5803 smp = smp_chan_get(conn);
5804 if (!smp) {
5805 return -EINVAL;
5806 }
5807
5808 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5809 return -EINVAL;
5810 }
5811
5812 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5813 conn->role == BT_CONN_ROLE_CENTRAL) {
5814 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5815 atomic_set_bit(smp->allowed_cmds,
5816 BT_SMP_CMD_PAIRING_CONFIRM);
5817 return legacy_send_pairing_confirm(smp);
5818 }
5819
5820 if (!sc_public_key) {
5821 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
5822 return 0;
5823 }
5824
5825 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5826 return sc_send_public_key(smp);
5827 }
5828
5829 #if defined(CONFIG_BT_PERIPHERAL)
5830 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5831 atomic_set_bit(smp->allowed_cmds,
5832 BT_SMP_CMD_PAIRING_CONFIRM);
5833 return send_pairing_rsp(smp);
5834 }
5835
5836 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5837 if (send_pairing_rsp(smp)) {
5838 return -EIO;
5839 }
5840 #endif /* CONFIG_BT_PERIPHERAL */
5841
5842 return 0;
5843 }
5844 #else
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5845 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5846 {
5847 /* confirm_pairing will never be called in LE SC only mode */
5848 return -EINVAL;
5849 }
5850 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5851
5852 #if defined(CONFIG_BT_FIXED_PASSKEY)
bt_passkey_set(unsigned int passkey)5853 int bt_passkey_set(unsigned int passkey)
5854 {
5855 if (passkey == BT_PASSKEY_INVALID) {
5856 fixed_passkey = BT_PASSKEY_INVALID;
5857 return 0;
5858 }
5859
5860 if (passkey > 999999) {
5861 return -EINVAL;
5862 }
5863
5864 fixed_passkey = passkey;
5865 return 0;
5866 }
5867 #endif /* CONFIG_BT_FIXED_PASSKEY */
5868
bt_smp_start_security(struct bt_conn * conn)5869 int bt_smp_start_security(struct bt_conn *conn)
5870 {
5871 switch (conn->role) {
5872 #if defined(CONFIG_BT_CENTRAL)
5873 case BT_HCI_ROLE_CENTRAL:
5874 {
5875 int err;
5876 struct bt_smp *smp;
5877
5878 smp = smp_chan_get(conn);
5879 if (!smp) {
5880 return -ENOTCONN;
5881 }
5882
5883 /* pairing is in progress */
5884 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5885 return -EBUSY;
5886 }
5887
5888 /* Encryption is in progress */
5889 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
5890 return -EBUSY;
5891 }
5892
5893 if (!smp_keys_check(conn)) {
5894 return smp_send_pairing_req(conn);
5895 }
5896
5897 /* LE SC LTK and legacy central LTK are stored in same place */
5898 err = bt_conn_le_start_encryption(conn,
5899 conn->le.keys->ltk.rand,
5900 conn->le.keys->ltk.ediv,
5901 conn->le.keys->ltk.val,
5902 conn->le.keys->enc_size);
5903 if (err) {
5904 return err;
5905 }
5906
5907 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
5908 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
5909 return 0;
5910 }
5911 #endif /* CONFIG_BT_CENTRAL && CONFIG_BT_SMP */
5912 #if defined(CONFIG_BT_PERIPHERAL)
5913 case BT_HCI_ROLE_PERIPHERAL:
5914 return smp_send_security_req(conn);
5915 #endif /* CONFIG_BT_PERIPHERAL && CONFIG_BT_SMP */
5916 default:
5917 return -EINVAL;
5918 }
5919 }
5920
bt_smp_update_keys(struct bt_conn * conn)5921 void bt_smp_update_keys(struct bt_conn *conn)
5922 {
5923 struct bt_smp *smp;
5924
5925 smp = smp_chan_get(conn);
5926 if (!smp) {
5927 return;
5928 }
5929
5930 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5931 return;
5932 }
5933
5934 /*
5935 * If link was successfully encrypted cleanup old keys as from now on
5936 * only keys distributed in this pairing or LTK from LE SC will be used.
5937 */
5938 if (conn->le.keys) {
5939 bt_keys_clear(conn->le.keys);
5940 }
5941
5942 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
5943 if (!conn->le.keys) {
5944 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
5945 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5946 return;
5947 }
5948
5949 /* mark keys as debug */
5950 if (atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY)) {
5951 conn->le.keys->flags |= BT_KEYS_DEBUG;
5952 }
5953
5954 /*
5955 * store key type deducted from pairing method used
5956 * it is important to store it since type is used to determine
5957 * security level upon encryption
5958 */
5959 switch (smp->method) {
5960 case LE_SC_OOB:
5961 case LEGACY_OOB:
5962 conn->le.keys->flags |= BT_KEYS_OOB;
5963 /* fallthrough */
5964 case PASSKEY_DISPLAY:
5965 case PASSKEY_INPUT:
5966 case PASSKEY_CONFIRM:
5967 conn->le.keys->flags |= BT_KEYS_AUTHENTICATED;
5968 break;
5969 case JUST_WORKS:
5970 default:
5971 /* unauthenticated key, clear it */
5972 conn->le.keys->flags &= ~BT_KEYS_OOB;
5973 conn->le.keys->flags &= ~BT_KEYS_AUTHENTICATED;
5974 break;
5975 }
5976
5977 conn->le.keys->enc_size = get_encryption_key_size(smp);
5978
5979 /*
5980 * Store LTK if LE SC is used, this is safe since LE SC is mutually
5981 * exclusive with legacy pairing. Other keys are added on keys
5982 * distribution.
5983 */
5984 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5985 conn->le.keys->flags |= BT_KEYS_SC;
5986
5987 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
5988 bt_keys_add_type(conn->le.keys, BT_KEYS_LTK_P256);
5989 memcpy(conn->le.keys->ltk.val, smp->tk,
5990 sizeof(conn->le.keys->ltk.val));
5991 (void)memset(conn->le.keys->ltk.rand, 0,
5992 sizeof(conn->le.keys->ltk.rand));
5993 (void)memset(conn->le.keys->ltk.ediv, 0,
5994 sizeof(conn->le.keys->ltk.ediv));
5995 } else if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5996 uint8_t ltk[16];
5997
5998 sys_memcpy_swap(ltk, smp->tk, conn->le.keys->enc_size);
5999 LOG_INF("SC LTK: 0x%s (No bonding)", bt_hex(ltk, conn->le.keys->enc_size));
6000 }
6001 } else {
6002 conn->le.keys->flags &= ~BT_KEYS_SC;
6003 }
6004 }
6005
bt_smp_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)6006 static int bt_smp_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
6007 {
6008 int i;
6009 static const struct bt_l2cap_chan_ops ops = {
6010 .connected = bt_smp_connected,
6011 .disconnected = bt_smp_disconnected,
6012 .encrypt_change = bt_smp_encrypt_change,
6013 .recv = bt_smp_recv,
6014 };
6015
6016 LOG_DBG("conn %p handle %u", conn, conn->handle);
6017
6018 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
6019 struct bt_smp *smp = &bt_smp_pool[i];
6020
6021 if (smp->chan.chan.conn) {
6022 continue;
6023 }
6024
6025 smp->chan.chan.ops = &ops;
6026
6027 *chan = &smp->chan.chan;
6028
6029 return 0;
6030 }
6031
6032 LOG_ERR("No available SMP context for conn %p", conn);
6033
6034 return -ENOMEM;
6035 }
6036
6037 BT_L2CAP_CHANNEL_DEFINE(smp_fixed_chan, BT_L2CAP_CID_SMP, bt_smp_accept, NULL);
6038 #if defined(CONFIG_BT_CLASSIC)
6039 BT_L2CAP_BR_CHANNEL_DEFINE(smp_br_fixed_chan, BT_L2CAP_CID_BR_SMP,
6040 bt_smp_br_accept);
6041 #endif /* CONFIG_BT_CLASSIC */
6042
bt_smp_init(void)6043 int bt_smp_init(void)
6044 {
6045 static struct bt_pub_key_cb pub_key_cb = {
6046 .func = bt_smp_pkey_ready,
6047 };
6048
6049 sc_supported = le_sc_supported();
6050 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) && !sc_supported) {
6051 LOG_ERR("SC Pair Only Mode selected but LE SC not supported");
6052 return -ENOENT;
6053 }
6054
6055 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
6056 LOG_WRN("BT_SMP_USB_HCI_CTLR_WORKAROUND is enabled, which "
6057 "exposes a security vulnerability!");
6058 }
6059
6060 LOG_DBG("LE SC %s", sc_supported ? "enabled" : "disabled");
6061
6062 if (!IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
6063 bt_pub_key_gen(&pub_key_cb);
6064 }
6065
6066 return smp_self_test();
6067 }
6068
