1 /**
2 * @file smp.c
3 * Security Manager Protocol implementation
4 */
5
6 /*
7 * Copyright (c) 2017 Nordic Semiconductor ASA
8 * Copyright (c) 2015-2016 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <errno.h>
14 #include <stddef.h>
15 #include <string.h>
16
17 #include <zephyr/bluetooth/bluetooth.h>
18 #include <zephyr/bluetooth/buf.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/hci.h>
21 #include <zephyr/debug/stack.h>
22 #include <zephyr/kernel.h>
23 #include <zephyr/net/buf.h>
24 #include <zephyr/sys/__assert.h>
25 #include <zephyr/sys/atomic.h>
26 #include <zephyr/sys/byteorder.h>
27 #include <zephyr/sys/check.h>
28 #include <zephyr/sys/util.h>
29
30
31 #include "common/bt_str.h"
32
33 #include "crypto/bt_crypto.h"
34
35 #include "hci_core.h"
36 #include "ecc.h"
37 #include "keys.h"
38 #include "conn_internal.h"
39 #include "l2cap_internal.h"
40 #include "smp.h"
41
42 #define LOG_LEVEL CONFIG_BT_SMP_LOG_LEVEL
43 #include <zephyr/logging/log.h>
44 LOG_MODULE_REGISTER(bt_smp);
45
46 #define SMP_TIMEOUT K_SECONDS(30)
47
48 #if defined(CONFIG_BT_SIGNING)
49 #define SIGN_DIST BT_SMP_DIST_SIGN
50 #else
51 #define SIGN_DIST 0
52 #endif
53
54 #if defined(CONFIG_BT_PRIVACY)
55 #define ID_DIST BT_SMP_DIST_ID_KEY
56 #else
57 #define ID_DIST 0
58 #endif
59
60 #if defined(CONFIG_BT_BREDR)
61 #define LINK_DIST BT_SMP_DIST_LINK_KEY
62 #else
63 #define LINK_DIST 0
64 #endif
65
66 #define RECV_KEYS (BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_ID_KEY | SIGN_DIST |\
67 LINK_DIST)
68 #define SEND_KEYS (BT_SMP_DIST_ENC_KEY | ID_DIST | SIGN_DIST | LINK_DIST)
69
70 #define RECV_KEYS_SC (RECV_KEYS & ~(BT_SMP_DIST_ENC_KEY))
71 #define SEND_KEYS_SC (SEND_KEYS & ~(BT_SMP_DIST_ENC_KEY))
72
73 #define BR_RECV_KEYS_SC (RECV_KEYS & ~(LINK_DIST))
74 #define BR_SEND_KEYS_SC (SEND_KEYS & ~(LINK_DIST))
75
76 #define BT_SMP_AUTH_MASK 0x07
77
78 #if defined(CONFIG_BT_BONDABLE)
79 #define BT_SMP_AUTH_BONDING_FLAGS BT_SMP_AUTH_BONDING
80 #else
81 #define BT_SMP_AUTH_BONDING_FLAGS 0
82 #endif /* CONFIG_BT_BONDABLE */
83
84 #if defined(CONFIG_BT_BREDR)
85
86 #define BT_SMP_AUTH_MASK_SC 0x2f
87 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
88 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2)
89 #else
90 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2 |\
91 BT_SMP_AUTH_SC)
92 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
93
94 #else
95
96 #define BT_SMP_AUTH_MASK_SC 0x0f
97 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
98 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS)
99 #else
100 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_SC)
101 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
102
103 #endif /* CONFIG_BT_BREDR */
104
105 enum pairing_method {
106 JUST_WORKS, /* JustWorks pairing */
107 PASSKEY_INPUT, /* Passkey Entry input */
108 PASSKEY_DISPLAY, /* Passkey Entry display */
109 PASSKEY_CONFIRM, /* Passkey confirm */
110 PASSKEY_ROLE, /* Passkey Entry depends on role */
111 LE_SC_OOB, /* LESC Out of Band */
112 LEGACY_OOB, /* Legacy Out of Band */
113 };
114
115 enum {
116 SMP_FLAG_CFM_DELAYED, /* if confirm should be send when TK is valid */
117 SMP_FLAG_ENC_PENDING, /* if waiting for an encryption change event */
118 SMP_FLAG_KEYS_DISTR, /* if keys distribution phase is in progress */
119 SMP_FLAG_PAIRING, /* if pairing is in progress */
120 SMP_FLAG_TIMEOUT, /* if SMP timeout occurred */
121 SMP_FLAG_SC, /* if LE Secure Connections is used */
122 SMP_FLAG_PKEY_SEND, /* if should send Public Key when available */
123 SMP_FLAG_DHKEY_PENDING, /* if waiting for local DHKey */
124 SMP_FLAG_DHKEY_GEN, /* if generating DHKey */
125 SMP_FLAG_DHKEY_SEND, /* if should generate and send DHKey Check */
126 SMP_FLAG_USER, /* if waiting for user input */
127 SMP_FLAG_DISPLAY, /* if display_passkey() callback was called */
128 SMP_FLAG_OOB_PENDING, /* if waiting for OOB data */
129 SMP_FLAG_BOND, /* if bonding */
130 SMP_FLAG_SC_DEBUG_KEY, /* if Secure Connection are using debug key */
131 SMP_FLAG_SEC_REQ, /* if Security Request was sent/received */
132 SMP_FLAG_DHCHECK_WAIT, /* if waiting for remote DHCheck (as periph) */
133 SMP_FLAG_DERIVE_LK, /* if Link Key should be derived */
134 SMP_FLAG_BR_CONNECTED, /* if BR/EDR channel is connected */
135 SMP_FLAG_BR_PAIR, /* if should start BR/EDR pairing */
136 SMP_FLAG_CT2, /* if should use H7 for keys derivation */
137
138 /* Total number of flags - must be at the end */
139 SMP_NUM_FLAGS,
140 };
141
142 /* SMP channel specific context */
143 struct bt_smp {
144 /* Commands that remote is allowed to send */
145 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
146
147 /* Flags for SMP state machine */
148 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
149
150 /* Type of method used for pairing */
151 uint8_t method;
152
153 /* Pairing Request PDU */
154 uint8_t preq[7];
155
156 /* Pairing Response PDU */
157 uint8_t prsp[7];
158
159 /* Pairing Confirm PDU */
160 uint8_t pcnf[16];
161
162 /* Local random number */
163 uint8_t prnd[16];
164
165 /* Remote random number */
166 uint8_t rrnd[16];
167
168 /* Temporary key */
169 uint8_t tk[16];
170
171 /* Remote Public Key for LE SC */
172 uint8_t pkey[BT_PUB_KEY_LEN];
173
174 /* DHKey */
175 uint8_t dhkey[BT_DH_KEY_LEN];
176
177 /* Remote DHKey check */
178 uint8_t e[16];
179
180 /* MacKey */
181 uint8_t mackey[16];
182
183 /* LE SC passkey */
184 uint32_t passkey;
185
186 /* LE SC passkey round */
187 uint8_t passkey_round;
188
189 /* LE SC local OOB data */
190 const struct bt_le_oob_sc_data *oobd_local;
191
192 /* LE SC remote OOB data */
193 const struct bt_le_oob_sc_data *oobd_remote;
194
195 /* Local key distribution */
196 uint8_t local_dist;
197
198 /* Remote key distribution */
199 uint8_t remote_dist;
200
201 /* The channel this context is associated with.
202 * This marks the beginning of the part of the structure that will not
203 * be memset to zero in init.
204 */
205 struct bt_l2cap_le_chan chan;
206
207 /* Delayed work for timeout handling */
208 struct k_work_delayable work;
209
210 /* Used Bluetooth authentication callbacks. */
211 atomic_ptr_t auth_cb;
212 };
213
214 static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
215
216 #define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
217 fixed_passkey != BT_PASSKEY_INVALID && \
218 (smp)->method == PASSKEY_DISPLAY)
219
220 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
221 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
222 static const uint8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
223 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
224 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
225 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
226 PASSKEY_DISPLAY },
227 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
228 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
229 PASSKEY_ROLE },
230 };
231 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
232
233 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
234 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
235 static const uint8_t gen_method_sc[5 /* remote */][5 /* local */] = {
236 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
237 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
238 PASSKEY_CONFIRM },
239 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
240 PASSKEY_DISPLAY },
241 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
242 { PASSKEY_DISPLAY, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
243 PASSKEY_CONFIRM },
244 };
245 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
246
247 #if defined(CONFIG_BT_BREDR)
248 /* SMP over BR/EDR channel specific context */
249 struct bt_smp_br {
250 /* Commands that remote is allowed to send */
251 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
252
253 /* Flags for SMP state machine */
254 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
255
256 /* Local key distribution */
257 uint8_t local_dist;
258
259 /* Remote key distribution */
260 uint8_t remote_dist;
261
262 /* Encryption Key Size used for connection */
263 uint8_t enc_key_size;
264
265 /* The channel this context is associated with.
266 * This marks the beginning of the part of the structure that will not
267 * be memset to zero in init.
268 */
269 struct bt_l2cap_br_chan chan;
270
271 /* Delayed work for timeout handling */
272 struct k_work_delayable work;
273 };
274
275 static struct bt_smp_br bt_smp_br_pool[CONFIG_BT_MAX_CONN];
276 #endif /* CONFIG_BT_BREDR */
277
278 static struct bt_smp bt_smp_pool[CONFIG_BT_MAX_CONN];
279 static bool bondable = IS_ENABLED(CONFIG_BT_BONDABLE);
280 static bool sc_oobd_present;
281 static bool legacy_oobd_present;
282 static bool sc_supported;
283 static const uint8_t *sc_public_key;
284 static K_SEM_DEFINE(sc_local_pkey_ready, 0, 1);
285
286 /* Pointer to internal data is used to mark that callbacks of given SMP channel are not initialized.
287 * Value of NULL represents no authenticaiton capabilities and cannot be used for that purpose.
288 */
289 #define BT_SMP_AUTH_CB_UNINITIALIZED ((atomic_ptr_val_t)bt_smp_pool)
290
le_sc_supported(void)291 static bool le_sc_supported(void)
292 {
293 /*
294 * If controller based ECC is to be used it must support
295 * "LE Read Local P-256 Public Key" and "LE Generate DH Key" commands.
296 * Otherwise LE SC are not supported.
297 */
298 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
299 return false;
300 }
301
302 return BT_CMD_TEST(bt_dev.supported_commands, 34, 1) &&
303 BT_CMD_TEST(bt_dev.supported_commands, 34, 2);
304 }
305
latch_auth_cb(struct bt_smp * smp)306 static const struct bt_conn_auth_cb *latch_auth_cb(struct bt_smp *smp)
307 {
308 atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED, (atomic_ptr_val_t)bt_auth);
309
310 return atomic_ptr_get(&smp->auth_cb);
311 }
312
get_io_capa(struct bt_smp * smp)313 static uint8_t get_io_capa(struct bt_smp *smp)
314 {
315 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
316
317 if (!smp_auth_cb) {
318 goto no_callbacks;
319 }
320
321 /* Passkey Confirmation is valid only for LE SC */
322 if (smp_auth_cb->passkey_display && smp_auth_cb->passkey_entry &&
323 (smp_auth_cb->passkey_confirm || !sc_supported)) {
324 return BT_SMP_IO_KEYBOARD_DISPLAY;
325 }
326
327 /* DisplayYesNo is useful only for LE SC */
328 if (sc_supported && smp_auth_cb->passkey_display &&
329 smp_auth_cb->passkey_confirm) {
330 return BT_SMP_IO_DISPLAY_YESNO;
331 }
332
333 if (smp_auth_cb->passkey_entry) {
334 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
335 fixed_passkey != BT_PASSKEY_INVALID) {
336 return BT_SMP_IO_KEYBOARD_DISPLAY;
337 } else {
338 return BT_SMP_IO_KEYBOARD_ONLY;
339 }
340 }
341
342 if (smp_auth_cb->passkey_display) {
343 return BT_SMP_IO_DISPLAY_ONLY;
344 }
345
346 no_callbacks:
347 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
348 fixed_passkey != BT_PASSKEY_INVALID) {
349 return BT_SMP_IO_DISPLAY_ONLY;
350 } else {
351 return BT_SMP_IO_NO_INPUT_OUTPUT;
352 }
353 }
354
355 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
356 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io);
357 #endif
358
smp_keys_check(struct bt_conn * conn)359 static bool smp_keys_check(struct bt_conn *conn)
360 {
361 if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
362 return false;
363 }
364
365 if (!conn->le.keys) {
366 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
367 conn->id, &conn->le.dst);
368 if (!conn->le.keys) {
369 conn->le.keys = bt_keys_find(BT_KEYS_LTK,
370 conn->id,
371 &conn->le.dst);
372 }
373 }
374
375 if (!conn->le.keys ||
376 !(conn->le.keys->keys & (BT_KEYS_LTK | BT_KEYS_LTK_P256))) {
377 return false;
378 }
379
380 if (conn->required_sec_level >= BT_SECURITY_L3 &&
381 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
382 return false;
383 }
384
385 if (conn->required_sec_level >= BT_SECURITY_L4 &&
386 !((conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
387 (conn->le.keys->keys & BT_KEYS_LTK_P256) &&
388 (conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE))) {
389 return false;
390 }
391
392 return true;
393 }
394
get_pair_method(struct bt_smp * smp,uint8_t remote_io)395 static uint8_t get_pair_method(struct bt_smp *smp, uint8_t remote_io)
396 {
397 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
398 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
399 return legacy_get_pair_method(smp, remote_io);
400 }
401 #endif
402
403 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
404 struct bt_smp_pairing *req, *rsp;
405
406 req = (struct bt_smp_pairing *)&smp->preq[1];
407 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
408
409 if ((req->auth_req & rsp->auth_req) & BT_SMP_AUTH_SC) {
410 /* if one side has OOB data use OOB */
411 if ((req->oob_flag | rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
412 return LE_SC_OOB;
413 }
414 }
415
416 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
417 return JUST_WORKS;
418 }
419
420 /* if none side requires MITM use JustWorks */
421 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
422 return JUST_WORKS;
423 }
424
425 return gen_method_sc[remote_io][get_io_capa(smp)];
426 #else
427 return JUST_WORKS;
428 #endif
429 }
430
security_err_get(uint8_t smp_err)431 static enum bt_security_err security_err_get(uint8_t smp_err)
432 {
433 switch (smp_err) {
434 case BT_SMP_ERR_PASSKEY_ENTRY_FAILED:
435 case BT_SMP_ERR_DHKEY_CHECK_FAILED:
436 case BT_SMP_ERR_NUMERIC_COMP_FAILED:
437 case BT_SMP_ERR_CONFIRM_FAILED:
438 return BT_SECURITY_ERR_AUTH_FAIL;
439 case BT_SMP_ERR_OOB_NOT_AVAIL:
440 return BT_SECURITY_ERR_OOB_NOT_AVAILABLE;
441 case BT_SMP_ERR_AUTH_REQUIREMENTS:
442 case BT_SMP_ERR_ENC_KEY_SIZE:
443 return BT_SECURITY_ERR_AUTH_REQUIREMENT;
444 case BT_SMP_ERR_PAIRING_NOTSUPP:
445 case BT_SMP_ERR_CMD_NOTSUPP:
446 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
447 case BT_SMP_ERR_REPEATED_ATTEMPTS:
448 case BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS:
449 case BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED:
450 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
451 case BT_SMP_ERR_INVALID_PARAMS:
452 return BT_SECURITY_ERR_INVALID_PARAM;
453 case BT_SMP_ERR_KEY_REJECTED:
454 return BT_SECURITY_ERR_KEY_REJECTED;
455 case BT_SMP_ERR_UNSPECIFIED:
456 default:
457 return BT_SECURITY_ERR_UNSPECIFIED;
458 }
459 }
460
smp_err_get(enum bt_security_err auth_err)461 static uint8_t smp_err_get(enum bt_security_err auth_err)
462 {
463 switch (auth_err) {
464 case BT_SECURITY_ERR_OOB_NOT_AVAILABLE:
465 return BT_SMP_ERR_OOB_NOT_AVAIL;
466
467 case BT_SECURITY_ERR_AUTH_FAIL:
468 case BT_SECURITY_ERR_AUTH_REQUIREMENT:
469 return BT_SMP_ERR_AUTH_REQUIREMENTS;
470
471 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
472 return BT_SMP_ERR_PAIRING_NOTSUPP;
473
474 case BT_SECURITY_ERR_INVALID_PARAM:
475 return BT_SMP_ERR_INVALID_PARAMS;
476
477 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
478 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
479 case BT_SECURITY_ERR_UNSPECIFIED:
480 return BT_SMP_ERR_UNSPECIFIED;
481 default:
482 return 0;
483 }
484 }
485
smp_create_pdu(struct bt_smp * smp,uint8_t op,size_t len)486 static struct net_buf *smp_create_pdu(struct bt_smp *smp, uint8_t op, size_t len)
487 {
488 struct bt_smp_hdr *hdr;
489 struct net_buf *buf;
490 k_timeout_t timeout;
491
492 /* Don't if session had already timed out */
493 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
494 timeout = K_NO_WAIT;
495 } else {
496 timeout = SMP_TIMEOUT;
497 }
498
499 /* Use smaller timeout if returning an error since that could be
500 * caused by lack of buffers.
501 */
502 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
503 if (!buf) {
504 /* If it was not possible to allocate a buffer within the
505 * timeout marked it as timed out.
506 */
507 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
508 return NULL;
509 }
510
511 hdr = net_buf_add(buf, sizeof(*hdr));
512 hdr->code = op;
513
514 return buf;
515 }
516
get_encryption_key_size(struct bt_smp * smp)517 static uint8_t get_encryption_key_size(struct bt_smp *smp)
518 {
519 struct bt_smp_pairing *req, *rsp;
520
521 req = (struct bt_smp_pairing *)&smp->preq[1];
522 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
523
524 /*
525 * The smaller value of the initiating and responding devices maximum
526 * encryption key length parameters shall be used as the encryption key
527 * size.
528 */
529 return MIN(req->max_key_size, rsp->max_key_size);
530 }
531
532 /* Check that if a new pairing procedure with an existing bond will not lower
533 * the established security level of the bond.
534 */
update_keys_check(struct bt_smp * smp,struct bt_keys * keys)535 static bool update_keys_check(struct bt_smp *smp, struct bt_keys *keys)
536 {
537 if (IS_ENABLED(CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY) &&
538 !atomic_test_bit(smp->flags, SMP_FLAG_SC) &&
539 smp->method != LEGACY_OOB) {
540 return false;
541 }
542
543 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) &&
544 smp->method != LEGACY_OOB) {
545 return false;
546 }
547
548 if (!keys ||
549 !(keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
550 return true;
551 }
552
553 if (keys->enc_size > get_encryption_key_size(smp)) {
554 return false;
555 }
556
557 if ((keys->keys & BT_KEYS_LTK_P256) &&
558 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
559 return false;
560 }
561
562 if ((keys->flags & BT_KEYS_AUTHENTICATED) &&
563 smp->method == JUST_WORKS) {
564 return false;
565 }
566
567 if (!IS_ENABLED(CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE) &&
568 (!(keys->flags & BT_KEYS_AUTHENTICATED)
569 && smp->method == JUST_WORKS)) {
570 if (!IS_ENABLED(CONFIG_BT_ID_ALLOW_UNAUTH_OVERWRITE) ||
571 (keys->id == smp->chan.chan.conn->id)) {
572 return false;
573 }
574 }
575
576 return true;
577 }
578
update_debug_keys_check(struct bt_smp * smp)579 static bool update_debug_keys_check(struct bt_smp *smp)
580 {
581 struct bt_conn *conn = smp->chan.chan.conn;
582
583 if (!conn->le.keys) {
584 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
585 }
586
587 if (!conn->le.keys ||
588 !(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
589 return true;
590 }
591
592 if (conn->le.keys->flags & BT_KEYS_DEBUG) {
593 return true;
594 }
595
596 return false;
597 }
598
599 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_SIGNING) || \
600 !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
601 /* For TX callbacks */
602 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status);
603 #if defined(CONFIG_BT_BREDR)
604 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status);
605 #endif
606
smp_check_complete(struct bt_conn * conn,uint8_t dist_complete)607 static void smp_check_complete(struct bt_conn *conn, uint8_t dist_complete)
608 {
609 struct bt_l2cap_chan *chan;
610
611 if (conn->type == BT_CONN_TYPE_LE) {
612 struct bt_smp *smp;
613
614 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_SMP);
615 __ASSERT(chan, "No SMP channel found");
616
617 smp = CONTAINER_OF(chan, struct bt_smp, chan);
618 smp->local_dist &= ~dist_complete;
619
620 /* if all keys were distributed, pairing is done */
621 if (!smp->local_dist && !smp->remote_dist) {
622 smp_pairing_complete(smp, 0);
623 }
624
625 return;
626 }
627
628 #if defined(CONFIG_BT_BREDR)
629 if (conn->type == BT_CONN_TYPE_BR) {
630 struct bt_smp_br *smp;
631
632 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_BR_SMP);
633 __ASSERT(chan, "No SMP channel found");
634
635 smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
636 smp->local_dist &= ~dist_complete;
637
638 /* if all keys were distributed, pairing is done */
639 if (!smp->local_dist && !smp->remote_dist) {
640 smp_pairing_br_complete(smp, 0);
641 }
642 }
643 #endif
644 }
645 #endif
646
647 #if defined(CONFIG_BT_PRIVACY)
smp_id_sent(struct bt_conn * conn,void * user_data,int err)648 static void smp_id_sent(struct bt_conn *conn, void *user_data, int err)
649 {
650 if (!err) {
651 smp_check_complete(conn, BT_SMP_DIST_ID_KEY);
652 }
653 }
654 #endif /* CONFIG_BT_PRIVACY */
655
656 #if defined(CONFIG_BT_SIGNING)
smp_sign_info_sent(struct bt_conn * conn,void * user_data,int err)657 static void smp_sign_info_sent(struct bt_conn *conn, void *user_data, int err)
658 {
659 if (!err) {
660 smp_check_complete(conn, BT_SMP_DIST_SIGN);
661 }
662 }
663 #endif /* CONFIG_BT_SIGNING */
664
665 #if defined(CONFIG_BT_BREDR)
sc_derive_link_key(struct bt_smp * smp)666 static void sc_derive_link_key(struct bt_smp *smp)
667 {
668 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
669 static const uint8_t lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
670 struct bt_conn *conn = smp->chan.chan.conn;
671 struct bt_keys_link_key *link_key;
672 uint8_t ilk[16];
673
674 LOG_DBG("");
675
676 /* TODO handle errors? */
677
678 /*
679 * At this point remote device identity is known so we can use
680 * destination address here
681 */
682 link_key = bt_keys_get_link_key(&conn->le.dst.a);
683 if (!link_key) {
684 return;
685 }
686
687 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
688 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
689 static const uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74,
690 0x00, 0x00, 0x00, 0x00,
691 0x00, 0x00, 0x00, 0x00,
692 0x00, 0x00, 0x00, 0x00 };
693
694 if (bt_crypto_h7(salt, conn->le.keys->ltk.val, ilk)) {
695 bt_keys_link_key_clear(link_key);
696 return;
697 }
698 } else {
699 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
700 static const uint8_t tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
701
702 if (bt_crypto_h6(conn->le.keys->ltk.val, tmp1, ilk)) {
703 bt_keys_link_key_clear(link_key);
704 return;
705 }
706 }
707
708 if (bt_crypto_h6(ilk, lebr, link_key->val)) {
709 bt_keys_link_key_clear(link_key);
710 }
711
712 link_key->flags |= BT_LINK_KEY_SC;
713
714 if (conn->le.keys->flags & BT_KEYS_AUTHENTICATED) {
715 link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
716 } else {
717 link_key->flags &= ~BT_LINK_KEY_AUTHENTICATED;
718 }
719 }
720
smp_br_reset(struct bt_smp_br * smp)721 static void smp_br_reset(struct bt_smp_br *smp)
722 {
723 /* Clear flags first in case canceling of timeout fails. The SMP context
724 * shall be marked as timed out in that case.
725 */
726 atomic_set(smp->flags, 0);
727
728 /* If canceling fails the timeout handler will set the timeout flag and
729 * mark the it as timed out. No new pairing procedures shall be started
730 * on this connection if that happens.
731 */
732 (void)k_work_cancel_delayable(&smp->work);
733
734 atomic_set(smp->allowed_cmds, 0);
735
736 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
737 }
738
smp_pairing_br_complete(struct bt_smp_br * smp,uint8_t status)739 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status)
740 {
741 struct bt_conn *conn = smp->chan.chan.conn;
742 struct bt_keys *keys;
743 bt_addr_le_t addr;
744
745 LOG_DBG("status 0x%x", status);
746
747 /* For dualmode devices LE address is same as BR/EDR address
748 * and is of public type.
749 */
750 bt_addr_copy(&addr.a, &conn->br.dst);
751 addr.type = BT_ADDR_LE_PUBLIC;
752 keys = bt_keys_find_addr(conn->id, &addr);
753
754 if (status) {
755 struct bt_conn_auth_info_cb *listener, *next;
756
757 if (keys) {
758 bt_keys_clear(keys);
759 }
760
761 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
762 next, node) {
763 if (listener->pairing_failed) {
764 listener->pairing_failed(smp->chan.chan.conn,
765 security_err_get(status));
766 }
767 }
768 } else {
769 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
770 struct bt_conn_auth_info_cb *listener, *next;
771
772 if (bond_flag && keys) {
773 bt_keys_store(keys);
774 }
775
776 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
777 next, node) {
778 if (listener->pairing_complete) {
779 listener->pairing_complete(smp->chan.chan.conn,
780 bond_flag);
781 }
782 }
783 }
784
785 smp_br_reset(smp);
786 }
787
smp_br_timeout(struct k_work * work)788 static void smp_br_timeout(struct k_work *work)
789 {
790 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
791 struct bt_smp_br *smp = CONTAINER_OF(dwork, struct bt_smp_br, work);
792
793 LOG_ERR("SMP Timeout");
794
795 smp_pairing_br_complete(smp, BT_SMP_ERR_UNSPECIFIED);
796 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
797 }
798
smp_br_send(struct bt_smp_br * smp,struct net_buf * buf,bt_conn_tx_cb_t cb)799 static void smp_br_send(struct bt_smp_br *smp, struct net_buf *buf,
800 bt_conn_tx_cb_t cb)
801 {
802 int err = bt_l2cap_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf, cb, NULL);
803
804 if (err) {
805 if (err == -ENOBUFS) {
806 LOG_ERR("Ran out of TX buffers or contexts.");
807 }
808
809 net_buf_unref(buf);
810 return;
811 }
812
813 k_work_reschedule(&smp->work, SMP_TIMEOUT);
814 }
815
bt_smp_br_connected(struct bt_l2cap_chan * chan)816 static void bt_smp_br_connected(struct bt_l2cap_chan *chan)
817 {
818 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
819
820 LOG_DBG("chan %p cid 0x%04x", chan,
821 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
822
823 atomic_set_bit(smp->flags, SMP_FLAG_BR_CONNECTED);
824
825 /*
826 * if this flag is set it means pairing was requested before channel
827 * was connected
828 */
829 if (atomic_test_bit(smp->flags, SMP_FLAG_BR_PAIR)) {
830 bt_smp_br_send_pairing_req(chan->conn);
831 }
832 }
833
bt_smp_br_disconnected(struct bt_l2cap_chan * chan)834 static void bt_smp_br_disconnected(struct bt_l2cap_chan *chan)
835 {
836 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
837
838 LOG_DBG("chan %p cid 0x%04x", chan,
839 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
840
841 /* Channel disconnected callback is always called from a work handler
842 * so canceling of the timeout work should always succeed.
843 */
844 (void)k_work_cancel_delayable(&smp->work);
845
846 (void)memset(smp, 0, sizeof(*smp));
847 }
848
smp_br_init(struct bt_smp_br * smp)849 static void smp_br_init(struct bt_smp_br *smp)
850 {
851 /* Initialize SMP context exluding L2CAP channel context and anything
852 * else declared after.
853 */
854 (void)memset(smp, 0, offsetof(struct bt_smp_br, chan));
855
856 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
857 }
858
smp_br_derive_ltk(struct bt_smp_br * smp)859 static void smp_br_derive_ltk(struct bt_smp_br *smp)
860 {
861 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
862 static const uint8_t brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
863 struct bt_conn *conn = smp->chan.chan.conn;
864 struct bt_keys_link_key *link_key = conn->br.link_key;
865 struct bt_keys *keys;
866 bt_addr_le_t addr;
867 uint8_t ilk[16];
868
869 LOG_DBG("");
870
871 if (!link_key) {
872 return;
873 }
874
875 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) && conn->encrypt != 0x02) {
876 LOG_WRN("Using P192 Link Key for P256 LTK derivation");
877 }
878
879 /*
880 * For dualmode devices LE address is same as BR/EDR address and is of
881 * public type.
882 */
883 bt_addr_copy(&addr.a, &conn->br.dst);
884 addr.type = BT_ADDR_LE_PUBLIC;
885
886 keys = bt_keys_get_type(BT_KEYS_LTK_P256, conn->id, &addr);
887 if (!keys) {
888 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
889 return;
890 }
891
892 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
893 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
894 static const uint8_t salt[16] = { 0x32, 0x70, 0x6d, 0x74,
895 0x00, 0x00, 0x00, 0x00,
896 0x00, 0x00, 0x00, 0x00,
897 0x00, 0x00, 0x00, 0x00 };
898
899 if (bt_crypto_h7(salt, link_key->val, ilk)) {
900 bt_keys_link_key_clear(link_key);
901 return;
902 }
903 } else {
904 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
905 static const uint8_t tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
906
907 if (bt_crypto_h6(link_key->val, tmp2, ilk)) {
908 bt_keys_clear(keys);
909 return;
910 }
911 }
912
913 if (bt_crypto_h6(ilk, brle, keys->ltk.val)) {
914 bt_keys_clear(keys);
915 return;
916 }
917
918 (void)memset(keys->ltk.ediv, 0, sizeof(keys->ltk.ediv));
919 (void)memset(keys->ltk.rand, 0, sizeof(keys->ltk.rand));
920 keys->enc_size = smp->enc_key_size;
921
922 if (link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
923 keys->flags |= BT_KEYS_AUTHENTICATED;
924 } else {
925 keys->flags &= ~BT_KEYS_AUTHENTICATED;
926 }
927
928 LOG_DBG("LTK derived from LinkKey");
929 }
930
smp_br_create_pdu(struct bt_smp_br * smp,uint8_t op,size_t len)931 static struct net_buf *smp_br_create_pdu(struct bt_smp_br *smp, uint8_t op,
932 size_t len)
933 {
934 struct bt_smp_hdr *hdr;
935 struct net_buf *buf;
936 k_timeout_t timeout;
937
938 /* Don't if session had already timed out */
939 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
940 timeout = K_NO_WAIT;
941 } else {
942 timeout = SMP_TIMEOUT;
943 }
944
945 /* Use smaller timeout if returning an error since that could be
946 * caused by lack of buffers.
947 */
948 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
949 if (!buf) {
950 /* If it was not possible to allocate a buffer within the
951 * timeout marked it as timed out.
952 */
953 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
954 return NULL;
955 }
956
957 hdr = net_buf_add(buf, sizeof(*hdr));
958 hdr->code = op;
959
960 return buf;
961 }
962
smp_br_distribute_keys(struct bt_smp_br * smp)963 static void smp_br_distribute_keys(struct bt_smp_br *smp)
964 {
965 struct bt_conn *conn = smp->chan.chan.conn;
966 struct bt_keys *keys;
967 bt_addr_le_t addr;
968
969 /*
970 * For dualmode devices LE address is same as BR/EDR address and is of
971 * public type.
972 */
973 bt_addr_copy(&addr.a, &conn->br.dst);
974 addr.type = BT_ADDR_LE_PUBLIC;
975
976 keys = bt_keys_get_addr(conn->id, &addr);
977 if (!keys) {
978 LOG_ERR("No keys space for %s", bt_addr_le_str(&addr));
979 return;
980 }
981
982 #if defined(CONFIG_BT_PRIVACY)
983 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
984 struct bt_smp_ident_info *id_info;
985 struct bt_smp_ident_addr_info *id_addr_info;
986 struct net_buf *buf;
987
988 smp->local_dist &= ~BT_SMP_DIST_ID_KEY;
989
990 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
991 sizeof(*id_info));
992 if (!buf) {
993 LOG_ERR("Unable to allocate Ident Info buffer");
994 return;
995 }
996
997 id_info = net_buf_add(buf, sizeof(*id_info));
998 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
999
1000 smp_br_send(smp, buf, NULL);
1001
1002 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
1003 sizeof(*id_addr_info));
1004 if (!buf) {
1005 LOG_ERR("Unable to allocate Ident Addr Info buffer");
1006 return;
1007 }
1008
1009 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
1010 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
1011
1012 smp_br_send(smp, buf, smp_id_sent);
1013 }
1014 #endif /* CONFIG_BT_PRIVACY */
1015
1016 #if defined(CONFIG_BT_SIGNING)
1017 if (smp->local_dist & BT_SMP_DIST_SIGN) {
1018 struct bt_smp_signing_info *info;
1019 struct net_buf *buf;
1020
1021 smp->local_dist &= ~BT_SMP_DIST_SIGN;
1022
1023 buf = smp_br_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
1024 sizeof(*info));
1025 if (!buf) {
1026 LOG_ERR("Unable to allocate Signing Info buffer");
1027 return;
1028 }
1029
1030 info = net_buf_add(buf, sizeof(*info));
1031
1032 if (bt_rand(info->csrk, sizeof(info->csrk))) {
1033 LOG_ERR("Unable to get random bytes");
1034 return;
1035 }
1036
1037 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
1038 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
1039 memcpy(keys->local_csrk.val, info->csrk, 16);
1040 keys->local_csrk.cnt = 0U;
1041 }
1042
1043 smp_br_send(smp, buf, smp_sign_info_sent);
1044 }
1045 #endif /* CONFIG_BT_SIGNING */
1046 }
1047
smp_br_pairing_allowed(struct bt_smp_br * smp)1048 static bool smp_br_pairing_allowed(struct bt_smp_br *smp)
1049 {
1050 if (smp->chan.chan.conn->encrypt == 0x02) {
1051 return true;
1052 }
1053
1054 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) &&
1055 smp->chan.chan.conn->encrypt == 0x01) {
1056 LOG_WRN("Allowing BR/EDR SMP with P-192 key");
1057 return true;
1058 }
1059
1060 return false;
1061 }
1062
smp_br_pairing_req(struct bt_smp_br * smp,struct net_buf * buf)1063 static uint8_t smp_br_pairing_req(struct bt_smp_br *smp, struct net_buf *buf)
1064 {
1065 struct bt_smp_pairing *req = (void *)buf->data;
1066 struct bt_conn *conn = smp->chan.chan.conn;
1067 struct bt_smp_pairing *rsp;
1068 struct net_buf *rsp_buf;
1069 uint8_t max_key_size;
1070
1071 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1072 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1073 req->io_capability, req->oob_flag, req->auth_req,
1074 req->max_key_size, req->init_key_dist, req->resp_key_dist);
1075
1076 /*
1077 * If a Pairing Request is received over the BR/EDR transport when
1078 * either cross-transport key derivation/generation is not supported or
1079 * the BR/EDR transport is not encrypted using a Link Key generated
1080 * using P256, a Pairing Failed shall be sent with the error code
1081 * "Cross-transport Key Derivation/Generation not allowed" (0x0E)."
1082 */
1083 if (!smp_br_pairing_allowed(smp)) {
1084 return BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED;
1085 }
1086
1087 max_key_size = bt_conn_enc_key_size(conn);
1088 if (!max_key_size) {
1089 LOG_DBG("Invalid encryption key size");
1090 return BT_SMP_ERR_UNSPECIFIED;
1091 }
1092
1093 if (req->max_key_size != max_key_size) {
1094 return BT_SMP_ERR_ENC_KEY_SIZE;
1095 }
1096
1097 rsp_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
1098 if (!rsp_buf) {
1099 return BT_SMP_ERR_UNSPECIFIED;
1100 }
1101
1102 smp_br_init(smp);
1103 smp->enc_key_size = max_key_size;
1104
1105 /*
1106 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1107 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1108 * Request/Response PDU shall be set to zero on transmission, and
1109 * ignored on reception.
1110 */
1111 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
1112
1113 rsp->auth_req = 0x00;
1114 rsp->io_capability = 0x00;
1115 rsp->oob_flag = 0x00;
1116 rsp->max_key_size = max_key_size;
1117 rsp->init_key_dist = (req->init_key_dist & BR_RECV_KEYS_SC);
1118 rsp->resp_key_dist = (req->resp_key_dist & BR_RECV_KEYS_SC);
1119
1120 smp->local_dist = rsp->resp_key_dist;
1121 smp->remote_dist = rsp->init_key_dist;
1122
1123 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1124 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1125 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1126 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1127
1128 smp_br_send(smp, rsp_buf, NULL);
1129
1130 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1131
1132 /* derive LTK if requested and clear distribution bits */
1133 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1134 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1135 smp_br_derive_ltk(smp);
1136 }
1137 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1138 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1139
1140 /* BR/EDR acceptor is like LE Peripheral and distributes keys first */
1141 smp_br_distribute_keys(smp);
1142
1143 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1144 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1145 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1146 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1147 }
1148
1149 /* if all keys were distributed, pairing is done */
1150 if (!smp->local_dist && !smp->remote_dist) {
1151 smp_pairing_br_complete(smp, 0);
1152 }
1153
1154 return 0;
1155 }
1156
smp_br_pairing_rsp(struct bt_smp_br * smp,struct net_buf * buf)1157 static uint8_t smp_br_pairing_rsp(struct bt_smp_br *smp, struct net_buf *buf)
1158 {
1159 struct bt_smp_pairing *rsp = (void *)buf->data;
1160 struct bt_conn *conn = smp->chan.chan.conn;
1161 uint8_t max_key_size;
1162
1163 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1164 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1165 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1166 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1167
1168 max_key_size = bt_conn_enc_key_size(conn);
1169 if (!max_key_size) {
1170 LOG_DBG("Invalid encryption key size");
1171 return BT_SMP_ERR_UNSPECIFIED;
1172 }
1173
1174 if (rsp->max_key_size != max_key_size) {
1175 return BT_SMP_ERR_ENC_KEY_SIZE;
1176 }
1177
1178 smp->local_dist &= rsp->init_key_dist;
1179 smp->remote_dist &= rsp->resp_key_dist;
1180
1181 smp->local_dist &= SEND_KEYS_SC;
1182 smp->remote_dist &= RECV_KEYS_SC;
1183
1184 /* Peripheral distributes its keys first */
1185
1186 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1187 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1188 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1189 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1190 }
1191
1192 /* derive LTK if requested and clear distribution bits */
1193 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1194 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1195 smp_br_derive_ltk(smp);
1196 }
1197 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1198 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1199
1200 /* Pairing acceptor distributes it's keys first */
1201 if (smp->remote_dist) {
1202 return 0;
1203 }
1204
1205 smp_br_distribute_keys(smp);
1206
1207 /* if all keys were distributed, pairing is done */
1208 if (!smp->local_dist && !smp->remote_dist) {
1209 smp_pairing_br_complete(smp, 0);
1210 }
1211
1212 return 0;
1213 }
1214
smp_br_pairing_failed(struct bt_smp_br * smp,struct net_buf * buf)1215 static uint8_t smp_br_pairing_failed(struct bt_smp_br *smp, struct net_buf *buf)
1216 {
1217 struct bt_smp_pairing_fail *req = (void *)buf->data;
1218
1219 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
1220
1221 smp_pairing_br_complete(smp, req->reason);
1222 smp_br_reset(smp);
1223
1224 /* return no error to avoid sending Pairing Failed in response */
1225 return 0;
1226 }
1227
smp_br_ident_info(struct bt_smp_br * smp,struct net_buf * buf)1228 static uint8_t smp_br_ident_info(struct bt_smp_br *smp, struct net_buf *buf)
1229 {
1230 struct bt_smp_ident_info *req = (void *)buf->data;
1231 struct bt_conn *conn = smp->chan.chan.conn;
1232 struct bt_keys *keys;
1233 bt_addr_le_t addr;
1234
1235 LOG_DBG("");
1236
1237 /* TODO should we resolve LE address if matching RPA is connected? */
1238
1239 /*
1240 * For dualmode devices LE address is same as BR/EDR address and is of
1241 * public type.
1242 */
1243 bt_addr_copy(&addr.a, &conn->br.dst);
1244 addr.type = BT_ADDR_LE_PUBLIC;
1245
1246 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &addr);
1247 if (!keys) {
1248 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1249 return BT_SMP_ERR_UNSPECIFIED;
1250 }
1251
1252 memcpy(keys->irk.val, req->irk, sizeof(keys->irk.val));
1253
1254 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
1255
1256 return 0;
1257 }
1258
smp_br_ident_addr_info(struct bt_smp_br * smp,struct net_buf * buf)1259 static uint8_t smp_br_ident_addr_info(struct bt_smp_br *smp,
1260 struct net_buf *buf)
1261 {
1262 struct bt_conn *conn = smp->chan.chan.conn;
1263 struct bt_smp_ident_addr_info *req = (void *)buf->data;
1264 bt_addr_le_t addr;
1265
1266 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
1267
1268 /*
1269 * For dual mode device identity address must be same as BR/EDR address
1270 * and be of public type. So if received one doesn't match BR/EDR
1271 * address we fail.
1272 */
1273
1274 bt_addr_copy(&addr.a, &conn->br.dst);
1275 addr.type = BT_ADDR_LE_PUBLIC;
1276
1277 if (!bt_addr_le_eq(&addr, &req->addr)) {
1278 return BT_SMP_ERR_UNSPECIFIED;
1279 }
1280
1281 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
1282
1283 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1284 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1285 }
1286
1287 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1288 smp_br_distribute_keys(smp);
1289 }
1290
1291 /* if all keys were distributed, pairing is done */
1292 if (!smp->local_dist && !smp->remote_dist) {
1293 smp_pairing_br_complete(smp, 0);
1294 }
1295
1296 return 0;
1297 }
1298
1299 #if defined(CONFIG_BT_SIGNING)
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1300 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1301 {
1302 struct bt_smp_signing_info *req = (void *)buf->data;
1303 struct bt_conn *conn = smp->chan.chan.conn;
1304 struct bt_keys *keys;
1305 bt_addr_le_t addr;
1306
1307 LOG_DBG("");
1308
1309 /*
1310 * For dualmode devices LE address is same as BR/EDR address and is of
1311 * public type.
1312 */
1313 bt_addr_copy(&addr.a, &conn->br.dst);
1314 addr.type = BT_ADDR_LE_PUBLIC;
1315
1316 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id, &addr);
1317 if (!keys) {
1318 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1319 return BT_SMP_ERR_UNSPECIFIED;
1320 }
1321
1322 memcpy(keys->remote_csrk.val, req->csrk, sizeof(keys->remote_csrk.val));
1323
1324 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
1325
1326 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1327 smp_br_distribute_keys(smp);
1328 }
1329
1330 /* if all keys were distributed, pairing is done */
1331 if (!smp->local_dist && !smp->remote_dist) {
1332 smp_pairing_br_complete(smp, 0);
1333 }
1334
1335 return 0;
1336 }
1337 #else
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1338 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1339 {
1340 return BT_SMP_ERR_CMD_NOTSUPP;
1341 }
1342 #endif /* CONFIG_BT_SIGNING */
1343
1344 static const struct {
1345 uint8_t (*func)(struct bt_smp_br *smp, struct net_buf *buf);
1346 uint8_t expect_len;
1347 } br_handlers[] = {
1348 { }, /* No op-code defined for 0x00 */
1349 { smp_br_pairing_req, sizeof(struct bt_smp_pairing) },
1350 { smp_br_pairing_rsp, sizeof(struct bt_smp_pairing) },
1351 { }, /* pairing confirm not used over BR/EDR */
1352 { }, /* pairing random not used over BR/EDR */
1353 { smp_br_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
1354 { }, /* encrypt info not used over BR/EDR */
1355 { }, /* central ident not used over BR/EDR */
1356 { smp_br_ident_info, sizeof(struct bt_smp_ident_info) },
1357 { smp_br_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
1358 { smp_br_signing_info, sizeof(struct bt_smp_signing_info) },
1359 /* security request not used over BR/EDR */
1360 /* public key not used over BR/EDR */
1361 /* DHKey check not used over BR/EDR */
1362 };
1363
smp_br_error(struct bt_smp_br * smp,uint8_t reason)1364 static int smp_br_error(struct bt_smp_br *smp, uint8_t reason)
1365 {
1366 struct bt_smp_pairing_fail *rsp;
1367 struct net_buf *buf;
1368
1369 /* reset context and report */
1370 smp_br_reset(smp);
1371
1372 buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1373 if (!buf) {
1374 return -ENOBUFS;
1375 }
1376
1377 rsp = net_buf_add(buf, sizeof(*rsp));
1378 rsp->reason = reason;
1379
1380 /*
1381 * SMP timer is not restarted for PairingFailed so don't use
1382 * smp_br_send
1383 */
1384 if (bt_l2cap_send(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf)) {
1385 net_buf_unref(buf);
1386 }
1387
1388 return 0;
1389 }
1390
bt_smp_br_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1391 static int bt_smp_br_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1392 {
1393 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
1394 struct bt_smp_hdr *hdr;
1395 uint8_t err;
1396
1397 if (buf->len < sizeof(*hdr)) {
1398 LOG_ERR("Too small SMP PDU received");
1399 return 0;
1400 }
1401
1402 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1403 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
1404
1405 /*
1406 * If SMP timeout occurred "no further SMP commands shall be sent over
1407 * the L2CAP Security Manager Channel. A new SM procedure shall only be
1408 * performed when a new physical link has been established."
1409 */
1410 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1411 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
1412 return 0;
1413 }
1414
1415 if (hdr->code >= ARRAY_SIZE(br_handlers) ||
1416 !br_handlers[hdr->code].func) {
1417 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
1418 smp_br_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
1419 return 0;
1420 }
1421
1422 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
1423 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
1424 smp_br_error(smp, BT_SMP_ERR_UNSPECIFIED);
1425 return 0;
1426 }
1427
1428 if (buf->len != br_handlers[hdr->code].expect_len) {
1429 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
1430 smp_br_error(smp, BT_SMP_ERR_INVALID_PARAMS);
1431 return 0;
1432 }
1433
1434 err = br_handlers[hdr->code].func(smp, buf);
1435 if (err) {
1436 smp_br_error(smp, err);
1437 }
1438
1439 return 0;
1440 }
1441
br_sc_supported(void)1442 static bool br_sc_supported(void)
1443 {
1444 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR)) {
1445 LOG_WRN("Enabling BR/EDR SMP without BR/EDR SC support");
1446 return true;
1447 }
1448
1449 return BT_FEAT_SC(bt_dev.features);
1450 }
1451
bt_smp_br_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)1452 static int bt_smp_br_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
1453 {
1454 static const struct bt_l2cap_chan_ops ops = {
1455 .connected = bt_smp_br_connected,
1456 .disconnected = bt_smp_br_disconnected,
1457 .recv = bt_smp_br_recv,
1458 };
1459 int i;
1460
1461 /* Check BR/EDR SC is supported */
1462 if (!br_sc_supported()) {
1463 return -ENOTSUP;
1464 }
1465
1466 LOG_DBG("conn %p handle %u", conn, conn->handle);
1467
1468 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
1469 struct bt_smp_br *smp = &bt_smp_br_pool[i];
1470
1471 if (smp->chan.chan.conn) {
1472 continue;
1473 }
1474
1475 smp->chan.chan.ops = &ops;
1476
1477 *chan = &smp->chan.chan;
1478
1479 k_work_init_delayable(&smp->work, smp_br_timeout);
1480 smp_br_reset(smp);
1481
1482 return 0;
1483 }
1484
1485 LOG_ERR("No available SMP context for conn %p", conn);
1486
1487 return -ENOMEM;
1488 }
1489
smp_br_chan_get(struct bt_conn * conn)1490 static struct bt_smp_br *smp_br_chan_get(struct bt_conn *conn)
1491 {
1492 struct bt_l2cap_chan *chan;
1493
1494 chan = bt_l2cap_br_lookup_rx_cid(conn, BT_L2CAP_CID_BR_SMP);
1495 if (!chan) {
1496 LOG_ERR("Unable to find SMP channel");
1497 return NULL;
1498 }
1499
1500 return CONTAINER_OF(chan, struct bt_smp_br, chan);
1501 }
1502
bt_smp_br_send_pairing_req(struct bt_conn * conn)1503 int bt_smp_br_send_pairing_req(struct bt_conn *conn)
1504 {
1505 struct bt_smp_pairing *req;
1506 struct net_buf *req_buf;
1507 uint8_t max_key_size;
1508 struct bt_smp_br *smp;
1509
1510 smp = smp_br_chan_get(conn);
1511 if (!smp) {
1512 return -ENOTCONN;
1513 }
1514
1515 /* SMP Timeout */
1516 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1517 return -EIO;
1518 }
1519
1520 /* pairing is in progress */
1521 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1522 return -EBUSY;
1523 }
1524
1525 /* check if we are allowed to start SMP over BR/EDR */
1526 if (!smp_br_pairing_allowed(smp)) {
1527 return 0;
1528 }
1529
1530 /* Channel not yet connected, will start pairing once connected */
1531 if (!atomic_test_bit(smp->flags, SMP_FLAG_BR_CONNECTED)) {
1532 atomic_set_bit(smp->flags, SMP_FLAG_BR_PAIR);
1533 return 0;
1534 }
1535
1536 max_key_size = bt_conn_enc_key_size(conn);
1537 if (!max_key_size) {
1538 LOG_DBG("Invalid encryption key size");
1539 return -EIO;
1540 }
1541
1542 smp_br_init(smp);
1543 smp->enc_key_size = max_key_size;
1544
1545 req_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
1546 if (!req_buf) {
1547 return -ENOBUFS;
1548 }
1549
1550 req = net_buf_add(req_buf, sizeof(*req));
1551
1552 /*
1553 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1554 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1555 * Request/Response PDU shall be set to zero on transmission, and
1556 * ignored on reception.
1557 */
1558
1559 req->auth_req = 0x00;
1560 req->io_capability = 0x00;
1561 req->oob_flag = 0x00;
1562 req->max_key_size = max_key_size;
1563 req->init_key_dist = BR_SEND_KEYS_SC;
1564 req->resp_key_dist = BR_RECV_KEYS_SC;
1565
1566 smp_br_send(smp, req_buf, NULL);
1567
1568 smp->local_dist = BR_SEND_KEYS_SC;
1569 smp->remote_dist = BR_RECV_KEYS_SC;
1570
1571 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
1572
1573 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1574
1575 return 0;
1576 }
1577 #endif /* CONFIG_BT_BREDR */
1578
smp_reset(struct bt_smp * smp)1579 static void smp_reset(struct bt_smp *smp)
1580 {
1581 struct bt_conn *conn = smp->chan.chan.conn;
1582
1583 /* Clear flags first in case canceling of timeout fails. The SMP context
1584 * shall be marked as timed out in that case.
1585 */
1586 atomic_set(smp->flags, 0);
1587
1588 /* If canceling fails the timeout handler will set the timeout flag and
1589 * mark the it as timed out. No new pairing procedures shall be started
1590 * on this connection if that happens.
1591 */
1592 (void)k_work_cancel_delayable(&smp->work);
1593
1594 smp->method = JUST_WORKS;
1595 atomic_set(smp->allowed_cmds, 0);
1596
1597 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1598 conn->role == BT_HCI_ROLE_CENTRAL) {
1599 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
1600 return;
1601 }
1602
1603 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
1604 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
1605 }
1606 }
1607
hci_err_get(enum bt_security_err err)1608 static uint8_t hci_err_get(enum bt_security_err err)
1609 {
1610 switch (err) {
1611 case BT_SECURITY_ERR_SUCCESS:
1612 return BT_HCI_ERR_SUCCESS;
1613 case BT_SECURITY_ERR_AUTH_FAIL:
1614 return BT_HCI_ERR_AUTH_FAIL;
1615 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
1616 return BT_HCI_ERR_PIN_OR_KEY_MISSING;
1617 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
1618 return BT_HCI_ERR_PAIRING_NOT_SUPPORTED;
1619 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
1620 return BT_HCI_ERR_PAIRING_NOT_ALLOWED;
1621 case BT_SECURITY_ERR_INVALID_PARAM:
1622 return BT_HCI_ERR_INVALID_PARAM;
1623 default:
1624 return BT_HCI_ERR_UNSPECIFIED;
1625 }
1626 }
1627
1628 /* Note: This function not only does set the status but also calls smp_reset
1629 * at the end which clears any flags previously set.
1630 */
smp_pairing_complete(struct bt_smp * smp,uint8_t status)1631 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status)
1632 {
1633 struct bt_conn *conn = smp->chan.chan.conn;
1634
1635 LOG_DBG("status 0x%x", status);
1636
1637 if (!status) {
1638 #if defined(CONFIG_BT_BREDR)
1639 /*
1640 * Don't derive if Debug Keys are used.
1641 * TODO should we allow this if BR/EDR is already connected?
1642 */
1643 if (atomic_test_bit(smp->flags, SMP_FLAG_DERIVE_LK) &&
1644 (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) ||
1645 IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS))) {
1646 sc_derive_link_key(smp);
1647 }
1648 #endif /* CONFIG_BT_BREDR */
1649 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
1650 struct bt_conn_auth_info_cb *listener, *next;
1651
1652 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
1653 bt_keys_show_sniffer_info(conn->le.keys, NULL);
1654 }
1655
1656 if (bond_flag) {
1657 bt_keys_store(conn->le.keys);
1658 }
1659
1660 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
1661 next, node) {
1662 if (listener->pairing_complete) {
1663 listener->pairing_complete(conn, bond_flag);
1664 }
1665 }
1666 } else {
1667 enum bt_security_err security_err = security_err_get(status);
1668
1669 /* Clear the key pool entry in case of pairing failure if the
1670 * keys already existed before the pairing procedure or the
1671 * pairing failed during key distribution.
1672 */
1673 if (conn->le.keys &&
1674 (!conn->le.keys->enc_size ||
1675 atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR))) {
1676 bt_keys_clear(conn->le.keys);
1677 conn->le.keys = NULL;
1678 }
1679
1680 if (!atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
1681 bt_conn_security_changed(conn,
1682 hci_err_get(security_err),
1683 security_err);
1684 }
1685
1686 /* Check SMP_FLAG_PAIRING as bt_conn_security_changed may
1687 * have called the pairing_failed callback already.
1688 */
1689 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1690 struct bt_conn_auth_info_cb *listener, *next;
1691
1692 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs,
1693 listener, next,
1694 node) {
1695 if (listener->pairing_failed) {
1696 listener->pairing_failed(conn, security_err);
1697 }
1698 }
1699 }
1700 }
1701
1702 smp_reset(smp);
1703
1704 if (conn->sec_level != conn->required_sec_level) {
1705 bt_smp_start_security(conn);
1706 }
1707 }
1708
smp_timeout(struct k_work * work)1709 static void smp_timeout(struct k_work *work)
1710 {
1711 struct bt_smp *smp = CONTAINER_OF(work, struct bt_smp, work);
1712
1713 LOG_ERR("SMP Timeout");
1714
1715 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
1716
1717 /* smp_pairing_complete clears flags so setting timeout flag must come
1718 * after it.
1719 */
1720 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1721 }
1722
smp_send(struct bt_smp * smp,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)1723 static void smp_send(struct bt_smp *smp, struct net_buf *buf,
1724 bt_conn_tx_cb_t cb, void *user_data)
1725 {
1726 int err = bt_l2cap_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf, cb, NULL);
1727
1728 if (err) {
1729 if (err == -ENOBUFS) {
1730 LOG_ERR("Ran out of TX buffers or contexts.");
1731 }
1732
1733 net_buf_unref(buf);
1734 return;
1735 }
1736
1737 k_work_reschedule(&smp->work, SMP_TIMEOUT);
1738 }
1739
smp_error(struct bt_smp * smp,uint8_t reason)1740 static int smp_error(struct bt_smp *smp, uint8_t reason)
1741 {
1742 struct bt_smp_pairing_fail *rsp;
1743 struct net_buf *buf;
1744 bool remote_already_completed;
1745
1746 /* By spec, SMP "pairing process" completes successfully when the last
1747 * key to distribute is acknowledged at link-layer.
1748 */
1749 remote_already_completed = (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR) &&
1750 !smp->local_dist && !smp->remote_dist);
1751
1752 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
1753 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
1754 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
1755 /* reset context and report */
1756 smp_pairing_complete(smp, reason);
1757 }
1758
1759 if (remote_already_completed) {
1760 LOG_WRN("SMP does not allow a pairing failure at this point. Known issue. "
1761 "Disconnecting instead.");
1762 /* We are probably here because we are, as a peripheral, rejecting a pairing based
1763 * on the central's identity address information, but that was the last key to
1764 * be transmitted. In that case, the pairing process is already completed.
1765 * The SMP protocol states that the pairing process is completed the moment the
1766 * peripheral link-layer confirmed the reception of the PDU with the last key.
1767 */
1768 bt_conn_disconnect(smp->chan.chan.conn, BT_HCI_ERR_AUTH_FAIL);
1769 return 0;
1770 }
1771
1772 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1773 if (!buf) {
1774 return -ENOBUFS;
1775 }
1776
1777 rsp = net_buf_add(buf, sizeof(*rsp));
1778 rsp->reason = reason;
1779
1780 /* SMP timer is not restarted for PairingFailed so don't use smp_send */
1781 if (bt_l2cap_send(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf)) {
1782 net_buf_unref(buf);
1783 }
1784
1785 return 0;
1786 }
1787
smp_send_pairing_random(struct bt_smp * smp)1788 static uint8_t smp_send_pairing_random(struct bt_smp *smp)
1789 {
1790 struct bt_smp_pairing_random *req;
1791 struct net_buf *rsp_buf;
1792
1793 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
1794 if (!rsp_buf) {
1795 return BT_SMP_ERR_UNSPECIFIED;
1796 }
1797
1798 req = net_buf_add(rsp_buf, sizeof(*req));
1799 memcpy(req->val, smp->prnd, sizeof(req->val));
1800
1801 smp_send(smp, rsp_buf, NULL, NULL);
1802
1803 return 0;
1804 }
1805
1806 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
xor_128(const uint8_t p[16],const uint8_t q[16],uint8_t r[16])1807 static void xor_128(const uint8_t p[16], const uint8_t q[16], uint8_t r[16])
1808 {
1809 size_t len = 16;
1810
1811 while (len--) {
1812 *r++ = *p++ ^ *q++;
1813 }
1814 }
1815
smp_c1(const uint8_t k[16],const uint8_t r[16],const uint8_t preq[7],const uint8_t pres[7],const bt_addr_le_t * ia,const bt_addr_le_t * ra,uint8_t enc_data[16])1816 static int smp_c1(const uint8_t k[16], const uint8_t r[16],
1817 const uint8_t preq[7], const uint8_t pres[7],
1818 const bt_addr_le_t *ia, const bt_addr_le_t *ra,
1819 uint8_t enc_data[16])
1820 {
1821 uint8_t p1[16], p2[16];
1822 int err;
1823
1824 LOG_DBG("k %s", bt_hex(k, 16));
1825 LOG_DBG("r %s", bt_hex(r, 16));
1826 LOG_DBG("ia %s", bt_addr_le_str(ia));
1827 LOG_DBG("ra %s", bt_addr_le_str(ra));
1828 LOG_DBG("preq %s", bt_hex(preq, 7));
1829 LOG_DBG("pres %s", bt_hex(pres, 7));
1830
1831 /* pres, preq, rat and iat are concatenated to generate p1 */
1832 p1[0] = ia->type;
1833 p1[1] = ra->type;
1834 memcpy(p1 + 2, preq, 7);
1835 memcpy(p1 + 9, pres, 7);
1836
1837 LOG_DBG("p1 %s", bt_hex(p1, 16));
1838
1839 /* c1 = e(k, e(k, r XOR p1) XOR p2) */
1840
1841 /* Using enc_data as temporary output buffer */
1842 xor_128(r, p1, enc_data);
1843
1844 err = bt_encrypt_le(k, enc_data, enc_data);
1845 if (err) {
1846 return err;
1847 }
1848
1849 /* ra is concatenated with ia and padding to generate p2 */
1850 memcpy(p2, ra->a.val, 6);
1851 memcpy(p2 + 6, ia->a.val, 6);
1852 (void)memset(p2 + 12, 0, 4);
1853
1854 LOG_DBG("p2 %s", bt_hex(p2, 16));
1855
1856 xor_128(enc_data, p2, enc_data);
1857
1858 return bt_encrypt_le(k, enc_data, enc_data);
1859 }
1860 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
1861
smp_send_pairing_confirm(struct bt_smp * smp)1862 static uint8_t smp_send_pairing_confirm(struct bt_smp *smp)
1863 {
1864 struct bt_smp_pairing_confirm *req;
1865 struct net_buf *buf;
1866 uint8_t r;
1867
1868 switch (smp->method) {
1869 case PASSKEY_CONFIRM:
1870 case JUST_WORKS:
1871 r = 0U;
1872 break;
1873 case PASSKEY_DISPLAY:
1874 case PASSKEY_INPUT:
1875 /*
1876 * In the Passkey Entry protocol, the most significant
1877 * bit of Z is set equal to one and the least
1878 * significant bit is made up from one bit of the
1879 * passkey e.g. if the passkey bit is 1, then Z = 0x81
1880 * and if the passkey bit is 0, then Z = 0x80.
1881 */
1882 r = (smp->passkey >> smp->passkey_round) & 0x01;
1883 r |= 0x80;
1884 break;
1885 default:
1886 LOG_ERR("Unknown pairing method (%u)", smp->method);
1887 return BT_SMP_ERR_UNSPECIFIED;
1888 }
1889
1890 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
1891 if (!buf) {
1892 return BT_SMP_ERR_UNSPECIFIED;
1893 }
1894
1895 req = net_buf_add(buf, sizeof(*req));
1896
1897 if (bt_crypto_f4(sc_public_key, smp->pkey, smp->prnd, r, req->val)) {
1898 net_buf_unref(buf);
1899 return BT_SMP_ERR_UNSPECIFIED;
1900 }
1901
1902 smp_send(smp, buf, NULL, NULL);
1903
1904 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
1905
1906 return 0;
1907 }
1908
1909 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_ident_sent(struct bt_conn * conn,void * user_data,int err)1910 static void smp_ident_sent(struct bt_conn *conn, void *user_data, int err)
1911 {
1912 if (!err) {
1913 smp_check_complete(conn, BT_SMP_DIST_ENC_KEY);
1914 }
1915 }
1916
legacy_distribute_keys(struct bt_smp * smp)1917 static void legacy_distribute_keys(struct bt_smp *smp)
1918 {
1919 struct bt_conn *conn = smp->chan.chan.conn;
1920 struct bt_keys *keys = conn->le.keys;
1921
1922 if (smp->local_dist & BT_SMP_DIST_ENC_KEY) {
1923 struct bt_smp_encrypt_info *info;
1924 struct bt_smp_central_ident *ident;
1925 struct net_buf *buf;
1926 /* Use struct to get randomness in single call to bt_rand */
1927 struct {
1928 uint8_t key[16];
1929 uint8_t rand[8];
1930 uint8_t ediv[2];
1931 } rand;
1932
1933 if (bt_rand((void *)&rand, sizeof(rand))) {
1934 LOG_ERR("Unable to get random bytes");
1935 return;
1936 }
1937
1938 buf = smp_create_pdu(smp, BT_SMP_CMD_ENCRYPT_INFO,
1939 sizeof(*info));
1940 if (!buf) {
1941 LOG_ERR("Unable to allocate Encrypt Info buffer");
1942 return;
1943 }
1944
1945 info = net_buf_add(buf, sizeof(*info));
1946
1947 /* distributed only enc_size bytes of key */
1948 memcpy(info->ltk, rand.key, keys->enc_size);
1949 if (keys->enc_size < sizeof(info->ltk)) {
1950 (void)memset(info->ltk + keys->enc_size, 0,
1951 sizeof(info->ltk) - keys->enc_size);
1952 }
1953
1954 smp_send(smp, buf, NULL, NULL);
1955
1956 buf = smp_create_pdu(smp, BT_SMP_CMD_CENTRAL_IDENT,
1957 sizeof(*ident));
1958 if (!buf) {
1959 LOG_ERR("Unable to allocate Central Ident buffer");
1960 return;
1961 }
1962
1963 ident = net_buf_add(buf, sizeof(*ident));
1964 memcpy(ident->rand, rand.rand, sizeof(ident->rand));
1965 memcpy(ident->ediv, rand.ediv, sizeof(ident->ediv));
1966
1967 smp_send(smp, buf, smp_ident_sent, NULL);
1968
1969 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
1970 bt_keys_add_type(keys, BT_KEYS_PERIPH_LTK);
1971
1972 memcpy(keys->periph_ltk.val, rand.key,
1973 sizeof(keys->periph_ltk.val));
1974 memcpy(keys->periph_ltk.rand, rand.rand,
1975 sizeof(keys->periph_ltk.rand));
1976 memcpy(keys->periph_ltk.ediv, rand.ediv,
1977 sizeof(keys->periph_ltk.ediv));
1978 }
1979 }
1980 }
1981 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
1982
bt_smp_distribute_keys(struct bt_smp * smp)1983 static uint8_t bt_smp_distribute_keys(struct bt_smp *smp)
1984 {
1985 struct bt_conn *conn = smp->chan.chan.conn;
1986 struct bt_keys *keys = conn->le.keys;
1987
1988 if (!keys) {
1989 LOG_ERR("No keys space for %s", bt_addr_le_str(&conn->le.dst));
1990 return BT_SMP_ERR_UNSPECIFIED;
1991 }
1992
1993 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
1994 /* Distribute legacy pairing specific keys */
1995 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
1996 legacy_distribute_keys(smp);
1997 }
1998 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
1999
2000 #if defined(CONFIG_BT_PRIVACY)
2001 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
2002 struct bt_smp_ident_info *id_info;
2003 struct bt_smp_ident_addr_info *id_addr_info;
2004 struct net_buf *buf;
2005
2006 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
2007 sizeof(*id_info));
2008 if (!buf) {
2009 LOG_ERR("Unable to allocate Ident Info buffer");
2010 return BT_SMP_ERR_UNSPECIFIED;
2011 }
2012
2013 id_info = net_buf_add(buf, sizeof(*id_info));
2014 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
2015
2016 smp_send(smp, buf, NULL, NULL);
2017
2018 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
2019 sizeof(*id_addr_info));
2020 if (!buf) {
2021 LOG_ERR("Unable to allocate Ident Addr Info buffer");
2022 return BT_SMP_ERR_UNSPECIFIED;
2023 }
2024
2025 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
2026 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
2027
2028 smp_send(smp, buf, smp_id_sent, NULL);
2029 }
2030 #endif /* CONFIG_BT_PRIVACY */
2031
2032 #if defined(CONFIG_BT_SIGNING)
2033 if (smp->local_dist & BT_SMP_DIST_SIGN) {
2034 struct bt_smp_signing_info *info;
2035 struct net_buf *buf;
2036
2037 buf = smp_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
2038 sizeof(*info));
2039 if (!buf) {
2040 LOG_ERR("Unable to allocate Signing Info buffer");
2041 return BT_SMP_ERR_UNSPECIFIED;
2042 }
2043
2044 info = net_buf_add(buf, sizeof(*info));
2045
2046 if (bt_rand(info->csrk, sizeof(info->csrk))) {
2047 return BT_SMP_ERR_UNSPECIFIED;
2048 }
2049
2050 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2051 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
2052 memcpy(keys->local_csrk.val, info->csrk, 16);
2053 keys->local_csrk.cnt = 0U;
2054 }
2055
2056 smp_send(smp, buf, smp_sign_info_sent, NULL);
2057 }
2058 #endif /* CONFIG_BT_SIGNING */
2059
2060 return 0;
2061 }
2062
2063 #if defined(CONFIG_BT_PERIPHERAL)
send_pairing_rsp(struct bt_smp * smp)2064 static uint8_t send_pairing_rsp(struct bt_smp *smp)
2065 {
2066 struct bt_smp_pairing *rsp;
2067 struct net_buf *rsp_buf;
2068
2069 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
2070 if (!rsp_buf) {
2071 return BT_SMP_ERR_UNSPECIFIED;
2072 }
2073
2074 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
2075 memcpy(rsp, smp->prsp + 1, sizeof(*rsp));
2076
2077 smp_send(smp, rsp_buf, NULL, NULL);
2078
2079 return 0;
2080 }
2081 #endif /* CONFIG_BT_PERIPHERAL */
2082
smp_pairing_accept_query(struct bt_smp * smp,struct bt_smp_pairing * pairing)2083 static uint8_t smp_pairing_accept_query(struct bt_smp *smp, struct bt_smp_pairing *pairing)
2084 {
2085 #if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
2086 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2087 struct bt_conn *conn = smp->chan.chan.conn;
2088
2089 if (smp_auth_cb && smp_auth_cb->pairing_accept) {
2090 const struct bt_conn_pairing_feat feat = {
2091 .io_capability = pairing->io_capability,
2092 .oob_data_flag = pairing->oob_flag,
2093 .auth_req = pairing->auth_req,
2094 .max_enc_key_size = pairing->max_key_size,
2095 .init_key_dist = pairing->init_key_dist,
2096 .resp_key_dist = pairing->resp_key_dist
2097 };
2098
2099 return smp_err_get(smp_auth_cb->pairing_accept(conn, &feat));
2100 }
2101 #endif /* CONFIG_BT_SMP_APP_PAIRING_ACCEPT */
2102 return 0;
2103 }
2104
2105 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_s1(const uint8_t k[16],const uint8_t r1[16],const uint8_t r2[16],uint8_t out[16])2106 static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
2107 const uint8_t r2[16], uint8_t out[16])
2108 {
2109 /* The most significant 64-bits of r1 are discarded to generate
2110 * r1' and the most significant 64-bits of r2 are discarded to
2111 * generate r2'.
2112 * r1' is concatenated with r2' to generate r' which is used as
2113 * the 128-bit input parameter plaintextData to security function e:
2114 *
2115 * r' = r1' || r2'
2116 */
2117 memcpy(out, r2, 8);
2118 memcpy(out + 8, r1, 8);
2119
2120 /* s1(k, r1 , r2) = e(k, r') */
2121 return bt_encrypt_le(k, out, out);
2122 }
2123
legacy_get_pair_method(struct bt_smp * smp,uint8_t remote_io)2124 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io)
2125 {
2126 struct bt_smp_pairing *req, *rsp;
2127 uint8_t method;
2128
2129 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
2130 return JUST_WORKS;
2131 }
2132
2133 req = (struct bt_smp_pairing *)&smp->preq[1];
2134 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2135
2136 /* if both sides have OOB data use OOB */
2137 if ((req->oob_flag & rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
2138 return LEGACY_OOB;
2139 }
2140
2141 /* if none side requires MITM use JustWorks */
2142 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
2143 return JUST_WORKS;
2144 }
2145
2146 method = gen_method_legacy[remote_io][get_io_capa(smp)];
2147
2148 /* if both sides have KeyboardDisplay capabilities, initiator displays
2149 * and responder inputs
2150 */
2151 if (method == PASSKEY_ROLE) {
2152 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2153 method = PASSKEY_DISPLAY;
2154 } else {
2155 method = PASSKEY_INPUT;
2156 }
2157 }
2158
2159 return method;
2160 }
2161
legacy_request_tk(struct bt_smp * smp)2162 static uint8_t legacy_request_tk(struct bt_smp *smp)
2163 {
2164 struct bt_conn *conn = smp->chan.chan.conn;
2165 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2166 struct bt_keys *keys;
2167 uint32_t passkey;
2168
2169 /*
2170 * Fail if we have keys that are stronger than keys that will be
2171 * distributed in new pairing. This is to avoid replacing authenticated
2172 * keys with unauthenticated ones.
2173 */
2174 keys = bt_keys_find_addr(conn->id, &conn->le.dst);
2175 if (keys && (keys->flags & BT_KEYS_AUTHENTICATED) &&
2176 smp->method == JUST_WORKS) {
2177 LOG_ERR("JustWorks failed, authenticated keys present");
2178 return BT_SMP_ERR_UNSPECIFIED;
2179 }
2180
2181 switch (smp->method) {
2182 case LEGACY_OOB:
2183 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
2184 struct bt_conn_oob_info info = {
2185 .type = BT_CONN_OOB_LE_LEGACY,
2186 };
2187
2188 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2189 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
2190 } else {
2191 return BT_SMP_ERR_OOB_NOT_AVAIL;
2192 }
2193
2194 break;
2195 case PASSKEY_DISPLAY:
2196 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
2197 fixed_passkey != BT_PASSKEY_INVALID) {
2198 passkey = fixed_passkey;
2199 } else {
2200 if (bt_rand(&passkey, sizeof(passkey))) {
2201 return BT_SMP_ERR_UNSPECIFIED;
2202 }
2203
2204 passkey %= 1000000;
2205 }
2206
2207 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
2208 LOG_INF("Legacy passkey %u", passkey);
2209 }
2210
2211 if (smp_auth_cb && smp_auth_cb->passkey_display) {
2212 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
2213 smp_auth_cb->passkey_display(conn, passkey);
2214 }
2215
2216 sys_put_le32(passkey, smp->tk);
2217
2218 break;
2219 case PASSKEY_INPUT:
2220 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2221 smp_auth_cb->passkey_entry(conn);
2222 break;
2223 case JUST_WORKS:
2224 break;
2225 default:
2226 LOG_ERR("Unknown pairing method (%u)", smp->method);
2227 return BT_SMP_ERR_UNSPECIFIED;
2228 }
2229
2230 return 0;
2231 }
2232
legacy_send_pairing_confirm(struct bt_smp * smp)2233 static uint8_t legacy_send_pairing_confirm(struct bt_smp *smp)
2234 {
2235 struct bt_conn *conn = smp->chan.chan.conn;
2236 struct bt_smp_pairing_confirm *req;
2237 struct net_buf *buf;
2238
2239 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2240 if (!buf) {
2241 return BT_SMP_ERR_UNSPECIFIED;
2242 }
2243
2244 req = net_buf_add(buf, sizeof(*req));
2245
2246 if (smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
2247 &conn->le.init_addr, &conn->le.resp_addr, req->val)) {
2248 net_buf_unref(buf);
2249 return BT_SMP_ERR_UNSPECIFIED;
2250 }
2251
2252 smp_send(smp, buf, NULL, NULL);
2253
2254 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2255
2256 return 0;
2257 }
2258
2259 #if defined(CONFIG_BT_PERIPHERAL)
legacy_pairing_req(struct bt_smp * smp)2260 static uint8_t legacy_pairing_req(struct bt_smp *smp)
2261 {
2262 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2263 uint8_t ret;
2264
2265 LOG_DBG("");
2266
2267 ret = legacy_request_tk(smp);
2268 if (ret) {
2269 return ret;
2270 }
2271
2272 /* ask for consent if pairing is not due to sending SecReq*/
2273 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2274 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2275 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2276 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2277 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2278 return 0;
2279 }
2280
2281 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2282 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2283 return send_pairing_rsp(smp);
2284 }
2285 #endif /* CONFIG_BT_PERIPHERAL */
2286
legacy_pairing_random(struct bt_smp * smp)2287 static uint8_t legacy_pairing_random(struct bt_smp *smp)
2288 {
2289 struct bt_conn *conn = smp->chan.chan.conn;
2290 uint8_t tmp[16];
2291 int err;
2292
2293 LOG_DBG("");
2294
2295 /* calculate confirmation */
2296 err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
2297 &conn->le.init_addr, &conn->le.resp_addr, tmp);
2298 if (err) {
2299 return BT_SMP_ERR_UNSPECIFIED;
2300 }
2301
2302 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
2303 LOG_DBG("cfm %s", bt_hex(tmp, 16));
2304
2305 if (memcmp(smp->pcnf, tmp, sizeof(smp->pcnf))) {
2306 return BT_SMP_ERR_CONFIRM_FAILED;
2307 }
2308
2309 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2310 conn->role == BT_HCI_ROLE_CENTRAL) {
2311 uint8_t ediv[2], rand[8];
2312
2313 /* No need to store central STK */
2314 err = smp_s1(smp->tk, smp->rrnd, smp->prnd, tmp);
2315 if (err) {
2316 return BT_SMP_ERR_UNSPECIFIED;
2317 }
2318
2319 /* Rand and EDiv are 0 for the STK */
2320 (void)memset(ediv, 0, sizeof(ediv));
2321 (void)memset(rand, 0, sizeof(rand));
2322 if (bt_conn_le_start_encryption(conn, rand, ediv, tmp,
2323 get_encryption_key_size(smp))) {
2324 LOG_ERR("Failed to start encryption");
2325 return BT_SMP_ERR_UNSPECIFIED;
2326 }
2327
2328 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2329
2330 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
2331 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
2332 atomic_set_bit(smp->allowed_cmds,
2333 BT_SMP_CMD_ENCRYPT_INFO);
2334 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2335 atomic_set_bit(smp->allowed_cmds,
2336 BT_SMP_CMD_IDENT_INFO);
2337 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2338 atomic_set_bit(smp->allowed_cmds,
2339 BT_SMP_CMD_SIGNING_INFO);
2340 }
2341 }
2342
2343 return 0;
2344 }
2345
2346 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2347 err = smp_s1(smp->tk, smp->prnd, smp->rrnd, tmp);
2348 if (err) {
2349 LOG_ERR("Calculate STK failed");
2350 return BT_SMP_ERR_UNSPECIFIED;
2351 }
2352
2353 memcpy(smp->tk, tmp, sizeof(smp->tk));
2354 LOG_DBG("generated STK %s", bt_hex(smp->tk, 16));
2355
2356 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2357
2358 return smp_send_pairing_random(smp);
2359 }
2360
2361 return 0;
2362 }
2363
legacy_pairing_confirm(struct bt_smp * smp)2364 static uint8_t legacy_pairing_confirm(struct bt_smp *smp)
2365 {
2366 LOG_DBG("");
2367
2368 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2369 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2370 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2371 return legacy_send_pairing_confirm(smp);
2372 }
2373
2374 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2375 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2376 atomic_set_bit(smp->allowed_cmds,
2377 BT_SMP_CMD_PAIRING_RANDOM);
2378 return legacy_send_pairing_confirm(smp);
2379 }
2380
2381 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2382 }
2383
2384 return 0;
2385 }
2386
legacy_user_tk_entry(struct bt_smp * smp)2387 static void legacy_user_tk_entry(struct bt_smp *smp)
2388 {
2389 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
2390 return;
2391 }
2392
2393 /* if confirm failed ie. due to invalid passkey, cancel pairing */
2394 if (legacy_pairing_confirm(smp)) {
2395 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
2396 return;
2397 }
2398
2399 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2400 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2401 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2402 return;
2403 }
2404
2405 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2406 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
2407 }
2408 }
2409
legacy_passkey_entry(struct bt_smp * smp,unsigned int passkey)2410 static void legacy_passkey_entry(struct bt_smp *smp, unsigned int passkey)
2411 {
2412 passkey = sys_cpu_to_le32(passkey);
2413 memcpy(smp->tk, &passkey, sizeof(passkey));
2414
2415 legacy_user_tk_entry(smp);
2416 }
2417
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2418 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2419 {
2420 LOG_DBG("");
2421
2422 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2423 struct bt_smp_encrypt_info *req = (void *)buf->data;
2424 struct bt_conn *conn = smp->chan.chan.conn;
2425 struct bt_keys *keys;
2426
2427 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2428 if (!keys) {
2429 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2430 return BT_SMP_ERR_UNSPECIFIED;
2431 }
2432
2433 memcpy(keys->ltk.val, req->ltk, 16);
2434 }
2435
2436 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_CENTRAL_IDENT);
2437
2438 return 0;
2439 }
2440
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2441 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2442 {
2443 struct bt_conn *conn = smp->chan.chan.conn;
2444 uint8_t err;
2445
2446 LOG_DBG("");
2447
2448 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2449 struct bt_smp_central_ident *req = (void *)buf->data;
2450 struct bt_keys *keys;
2451
2452 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2453 if (!keys) {
2454 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2455 return BT_SMP_ERR_UNSPECIFIED;
2456 }
2457
2458 memcpy(keys->ltk.ediv, req->ediv, sizeof(keys->ltk.ediv));
2459 memcpy(keys->ltk.rand, req->rand, sizeof(req->rand));
2460 }
2461
2462 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
2463
2464 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2465 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
2466 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2467 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
2468 }
2469
2470 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2471 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
2472 err = bt_smp_distribute_keys(smp);
2473 if (err) {
2474 return err;
2475 }
2476 }
2477
2478 /* if all keys were distributed, pairing is done */
2479 if (!smp->local_dist && !smp->remote_dist) {
2480 smp_pairing_complete(smp, 0);
2481 }
2482
2483 return 0;
2484 }
2485
2486 #if defined(CONFIG_BT_CENTRAL)
legacy_pairing_rsp(struct bt_smp * smp)2487 static uint8_t legacy_pairing_rsp(struct bt_smp *smp)
2488 {
2489 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2490 uint8_t ret;
2491
2492 LOG_DBG("");
2493
2494 ret = legacy_request_tk(smp);
2495 if (ret) {
2496 return ret;
2497 }
2498
2499 /* ask for consent if this is due to received SecReq */
2500 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2501 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2502 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2503 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2504 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2505 return 0;
2506 }
2507
2508 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2509 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2510 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2511 return legacy_send_pairing_confirm(smp);
2512 }
2513
2514 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2515
2516 return 0;
2517 }
2518 #endif /* CONFIG_BT_CENTRAL */
2519 #else
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2520 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2521 {
2522 return BT_SMP_ERR_CMD_NOTSUPP;
2523 }
2524
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2525 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2526 {
2527 return BT_SMP_ERR_CMD_NOTSUPP;
2528 }
2529 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2530
smp_init(struct bt_smp * smp)2531 static int smp_init(struct bt_smp *smp)
2532 {
2533 /* Initialize SMP context exluding L2CAP channel context and anything
2534 * else declared after.
2535 */
2536 (void)memset(smp, 0, offsetof(struct bt_smp, chan));
2537
2538 /* Generate local random number */
2539 if (bt_rand(smp->prnd, 16)) {
2540 return BT_SMP_ERR_UNSPECIFIED;
2541 }
2542
2543 LOG_DBG("prnd %s", bt_hex(smp->prnd, 16));
2544
2545 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
2546
2547 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
2548 sc_public_key = bt_pub_key_get();
2549 #endif
2550
2551 return 0;
2552 }
2553
bt_set_bondable(bool enable)2554 void bt_set_bondable(bool enable)
2555 {
2556 bondable = enable;
2557 }
2558
bt_le_oob_set_sc_flag(bool enable)2559 void bt_le_oob_set_sc_flag(bool enable)
2560 {
2561 sc_oobd_present = enable;
2562 }
2563
bt_le_oob_set_legacy_flag(bool enable)2564 void bt_le_oob_set_legacy_flag(bool enable)
2565 {
2566 legacy_oobd_present = enable;
2567 }
2568
get_auth(struct bt_smp * smp,uint8_t auth)2569 static uint8_t get_auth(struct bt_smp *smp, uint8_t auth)
2570 {
2571 struct bt_conn *conn = smp->chan.chan.conn;
2572
2573 if (sc_supported) {
2574 auth &= BT_SMP_AUTH_MASK_SC;
2575 } else {
2576 auth &= BT_SMP_AUTH_MASK;
2577 }
2578
2579 if ((get_io_capa(smp) == BT_SMP_IO_NO_INPUT_OUTPUT) ||
2580 (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
2581 (conn->required_sec_level < BT_SECURITY_L3))) {
2582 auth &= ~(BT_SMP_AUTH_MITM);
2583 } else {
2584 auth |= BT_SMP_AUTH_MITM;
2585 }
2586
2587 if (bondable) {
2588 auth |= BT_SMP_AUTH_BONDING;
2589 } else {
2590 auth &= ~BT_SMP_AUTH_BONDING;
2591 }
2592
2593 if (IS_ENABLED(CONFIG_BT_PASSKEY_KEYPRESS)) {
2594 auth |= BT_SMP_AUTH_KEYPRESS;
2595 } else {
2596 auth &= ~BT_SMP_AUTH_KEYPRESS;
2597 }
2598
2599 return auth;
2600 }
2601
remote_sec_level_reachable(struct bt_smp * smp)2602 static uint8_t remote_sec_level_reachable(struct bt_smp *smp)
2603 {
2604 bt_security_t sec = smp->chan.chan.conn->required_sec_level;
2605
2606 if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY)) {
2607 sec = BT_SECURITY_L4;
2608 }
2609 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
2610 sec = BT_SECURITY_L3;
2611 }
2612
2613 switch (sec) {
2614 case BT_SECURITY_L1:
2615 case BT_SECURITY_L2:
2616 return 0;
2617
2618 case BT_SECURITY_L4:
2619 if (get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) {
2620 return BT_SMP_ERR_ENC_KEY_SIZE;
2621 }
2622
2623 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2624 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2625 }
2626 __fallthrough;
2627 case BT_SECURITY_L3:
2628 if (smp->method == JUST_WORKS) {
2629 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2630 }
2631
2632 return 0;
2633 default:
2634 return BT_SMP_ERR_UNSPECIFIED;
2635 }
2636 }
2637
sec_level_reachable(struct bt_smp * smp)2638 static bool sec_level_reachable(struct bt_smp *smp)
2639 {
2640 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2641
2642 switch (smp->chan.chan.conn->required_sec_level) {
2643 case BT_SECURITY_L1:
2644 case BT_SECURITY_L2:
2645 return true;
2646 case BT_SECURITY_L3:
2647 return get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2648 (smp_auth_cb && smp_auth_cb->oob_data_request);
2649 case BT_SECURITY_L4:
2650 return (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2651 (smp_auth_cb && smp_auth_cb->oob_data_request)) && sc_supported;
2652 default:
2653 return false;
2654 }
2655 }
2656
smp_chan_get(struct bt_conn * conn)2657 static struct bt_smp *smp_chan_get(struct bt_conn *conn)
2658 {
2659 struct bt_l2cap_chan *chan;
2660
2661 chan = bt_l2cap_le_lookup_rx_cid(conn, BT_L2CAP_CID_SMP);
2662 if (!chan) {
2663 LOG_ERR("Unable to find SMP channel");
2664 return NULL;
2665 }
2666
2667 return CONTAINER_OF(chan, struct bt_smp, chan);
2668 }
2669
bt_smp_request_ltk(struct bt_conn * conn,uint64_t rand,uint16_t ediv,uint8_t * ltk)2670 bool bt_smp_request_ltk(struct bt_conn *conn, uint64_t rand, uint16_t ediv, uint8_t *ltk)
2671 {
2672 struct bt_smp *smp;
2673 uint8_t enc_size;
2674
2675 smp = smp_chan_get(conn);
2676 if (!smp) {
2677 return false;
2678 }
2679
2680 /*
2681 * Both legacy STK and LE SC LTK have rand and ediv equal to zero.
2682 * If pairing is in progress use the TK for encryption.
2683 */
2684 if (ediv == 0U && rand == 0U &&
2685 atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) &&
2686 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2687 enc_size = get_encryption_key_size(smp);
2688
2689 /*
2690 * We keep both legacy STK and LE SC LTK in TK.
2691 * Also use only enc_size bytes of key for encryption.
2692 */
2693 memcpy(ltk, smp->tk, enc_size);
2694 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2695 (void)memset(ltk + enc_size, 0,
2696 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2697 }
2698
2699 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2700 return true;
2701 }
2702
2703 if (!conn->le.keys) {
2704 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
2705 &conn->le.dst);
2706 if (!conn->le.keys) {
2707 conn->le.keys = bt_keys_find(BT_KEYS_PERIPH_LTK,
2708 conn->id, &conn->le.dst);
2709 }
2710 }
2711
2712 if (ediv == 0U && rand == 0U &&
2713 conn->le.keys && (conn->le.keys->keys & BT_KEYS_LTK_P256)) {
2714 enc_size = conn->le.keys->enc_size;
2715
2716 memcpy(ltk, conn->le.keys->ltk.val, enc_size);
2717 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2718 (void)memset(ltk + enc_size, 0,
2719 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2720 }
2721
2722 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2723 return true;
2724 }
2725
2726 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2727 if (conn->le.keys && (conn->le.keys->keys & BT_KEYS_PERIPH_LTK) &&
2728 !memcmp(conn->le.keys->periph_ltk.rand, &rand, 8) &&
2729 !memcmp(conn->le.keys->periph_ltk.ediv, &ediv, 2)) {
2730 enc_size = conn->le.keys->enc_size;
2731
2732 memcpy(ltk, conn->le.keys->periph_ltk.val, enc_size);
2733 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2734 (void)memset(ltk + enc_size, 0,
2735 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2736 }
2737
2738 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2739 return true;
2740 }
2741 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2742
2743 if (atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2744 /* Notify higher level that security failed if security was
2745 * initiated by peripheral.
2746 */
2747 bt_conn_security_changed(conn, BT_HCI_ERR_PIN_OR_KEY_MISSING,
2748 BT_SECURITY_ERR_PIN_OR_KEY_MISSING);
2749 }
2750
2751 smp_reset(smp);
2752 return false;
2753 }
2754
2755 #if defined(CONFIG_BT_PERIPHERAL)
smp_send_security_req(struct bt_conn * conn)2756 static int smp_send_security_req(struct bt_conn *conn)
2757 {
2758 struct bt_smp *smp;
2759 struct bt_smp_security_request *req;
2760 struct net_buf *req_buf;
2761 int err;
2762
2763 LOG_DBG("");
2764 smp = smp_chan_get(conn);
2765 if (!smp) {
2766 return -ENOTCONN;
2767 }
2768
2769 /* SMP Timeout */
2770 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
2771 return -EIO;
2772 }
2773
2774 /* pairing is in progress */
2775 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
2776 return -EBUSY;
2777 }
2778
2779 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2780 return -EBUSY;
2781 }
2782
2783 /* early verify if required sec level if reachable */
2784 if (!(sec_level_reachable(smp) || smp_keys_check(conn))) {
2785 return -EINVAL;
2786 }
2787
2788 if (!conn->le.keys) {
2789 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2790 if (!conn->le.keys) {
2791 return -ENOMEM;
2792 }
2793 }
2794
2795 if (smp_init(smp) != 0) {
2796 return -ENOBUFS;
2797 }
2798
2799 req_buf = smp_create_pdu(smp, BT_SMP_CMD_SECURITY_REQUEST,
2800 sizeof(*req));
2801 if (!req_buf) {
2802 return -ENOBUFS;
2803 }
2804
2805 req = net_buf_add(req_buf, sizeof(*req));
2806 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
2807
2808 /* SMP timer is not restarted for SecRequest so don't use smp_send */
2809 err = bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
2810 if (err) {
2811 net_buf_unref(req_buf);
2812 return err;
2813 }
2814
2815 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
2816 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
2817
2818 return 0;
2819 }
2820
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)2821 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
2822 {
2823 struct bt_conn *conn = smp->chan.chan.conn;
2824 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2825
2826 struct bt_smp_pairing *req = (void *)buf->data;
2827 struct bt_smp_pairing *rsp;
2828 uint8_t err;
2829
2830 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
2831 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
2832 req->io_capability, req->oob_flag, req->auth_req,
2833 req->max_key_size, req->init_key_dist, req->resp_key_dist);
2834
2835 if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
2836 (req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
2837 return BT_SMP_ERR_ENC_KEY_SIZE;
2838 }
2839
2840 if (!conn->le.keys) {
2841 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2842 if (!conn->le.keys) {
2843 LOG_DBG("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2844 return BT_SMP_ERR_UNSPECIFIED;
2845 }
2846 }
2847
2848 /* If we already sent a security request then the SMP context
2849 * is already initialized.
2850 */
2851 if (!atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2852 int ret = smp_init(smp);
2853
2854 if (ret) {
2855 return ret;
2856 }
2857 }
2858
2859 /* Store req for later use */
2860 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
2861 memcpy(smp->preq + 1, req, sizeof(*req));
2862
2863 /* create rsp, it will be used later on */
2864 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
2865 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2866
2867 rsp->auth_req = get_auth(smp, req->auth_req);
2868 rsp->io_capability = get_io_capa(smp);
2869 rsp->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
2870 rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
2871 rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);
2872
2873 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
2874 (req->auth_req & BT_SMP_AUTH_SC)) {
2875 atomic_set_bit(smp->flags, SMP_FLAG_SC);
2876
2877 rsp->init_key_dist &= RECV_KEYS_SC;
2878 rsp->resp_key_dist &= SEND_KEYS_SC;
2879 }
2880
2881 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2882 rsp->oob_flag = sc_oobd_present ? BT_SMP_OOB_PRESENT :
2883 BT_SMP_OOB_NOT_PRESENT;
2884 } else {
2885 rsp->oob_flag = legacy_oobd_present ? BT_SMP_OOB_PRESENT :
2886 BT_SMP_OOB_NOT_PRESENT;
2887 }
2888
2889 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
2890 (req->auth_req & BT_SMP_AUTH_CT2)) {
2891 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
2892 }
2893
2894 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
2895 (req->auth_req & BT_SMP_AUTH_BONDING)) {
2896 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
2897 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
2898 /* Reject pairing req if not both intend to bond */
2899 LOG_DBG("Bonding required");
2900 return BT_SMP_ERR_UNSPECIFIED;
2901 } else {
2902 rsp->init_key_dist = 0;
2903 rsp->resp_key_dist = 0;
2904 }
2905
2906 smp->local_dist = rsp->resp_key_dist;
2907 smp->remote_dist = rsp->init_key_dist;
2908
2909 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
2910
2911 smp->method = get_pair_method(smp, req->io_capability);
2912
2913 if (!update_keys_check(smp, conn->le.keys)) {
2914 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2915 }
2916
2917 err = remote_sec_level_reachable(smp);
2918 if (err) {
2919 return err;
2920 }
2921
2922 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2923 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2924 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2925 #else
2926 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
2927 err = smp_pairing_accept_query(smp, req);
2928 if (err) {
2929 return err;
2930 }
2931 }
2932
2933 return legacy_pairing_req(smp);
2934 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
2935 }
2936
2937 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
2938 err = smp_pairing_accept_query(smp, req);
2939 if (err) {
2940 return err;
2941 }
2942 }
2943
2944 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
2945 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2946 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2947 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2948 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2949 smp_auth_cb->pairing_confirm(conn);
2950 return 0;
2951 }
2952
2953 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
2954
2955 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
2956 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
2957 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
2958 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
2959
2960 return send_pairing_rsp(smp);
2961 }
2962 #else
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)2963 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
2964 {
2965 return BT_SMP_ERR_CMD_NOTSUPP;
2966 }
2967 #endif /* CONFIG_BT_PERIPHERAL */
2968
sc_send_public_key(struct bt_smp * smp)2969 static uint8_t sc_send_public_key(struct bt_smp *smp)
2970 {
2971 struct bt_smp_public_key *req;
2972 struct net_buf *req_buf;
2973
2974 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PUBLIC_KEY, sizeof(*req));
2975 if (!req_buf) {
2976 return BT_SMP_ERR_UNSPECIFIED;
2977 }
2978
2979 req = net_buf_add(req_buf, sizeof(*req));
2980
2981 memcpy(req->x, sc_public_key, sizeof(req->x));
2982 memcpy(req->y, &sc_public_key[32], sizeof(req->y));
2983
2984 smp_send(smp, req_buf, NULL, NULL);
2985
2986 if (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS)) {
2987 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
2988 }
2989
2990 return 0;
2991 }
2992
2993 #if defined(CONFIG_BT_CENTRAL)
smp_send_pairing_req(struct bt_conn * conn)2994 static int smp_send_pairing_req(struct bt_conn *conn)
2995 {
2996 struct bt_smp *smp;
2997 struct bt_smp_pairing *req;
2998 struct net_buf *req_buf;
2999
3000 LOG_DBG("");
3001
3002 smp = smp_chan_get(conn);
3003 if (!smp) {
3004 return -ENOTCONN;
3005 }
3006
3007 /* SMP Timeout */
3008 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
3009 return -EIO;
3010 }
3011
3012 /* A higher security level is requested during the key distribution
3013 * phase, once pairing is complete a new pairing procedure will start.
3014 */
3015 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
3016 return 0;
3017 }
3018
3019 /* pairing is in progress */
3020 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
3021 return -EBUSY;
3022 }
3023
3024 /* Encryption is in progress */
3025 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
3026 return -EBUSY;
3027 }
3028
3029 /* early verify if required sec level if reachable */
3030 if (!sec_level_reachable(smp)) {
3031 return -EINVAL;
3032 }
3033
3034 if (!conn->le.keys) {
3035 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
3036 if (!conn->le.keys) {
3037 return -ENOMEM;
3038 }
3039 }
3040
3041 if (smp_init(smp)) {
3042 return -ENOBUFS;
3043 }
3044
3045 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
3046 if (!req_buf) {
3047 return -ENOBUFS;
3048 }
3049
3050 req = net_buf_add(req_buf, sizeof(*req));
3051
3052 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
3053 req->io_capability = get_io_capa(smp);
3054
3055 /* At this point is it unknown if pairing will be legacy or LE SC so
3056 * set OOB flag if any OOB data is present and assume to peer device
3057 * provides OOB data that will match it's pairing type.
3058 */
3059 req->oob_flag = (legacy_oobd_present || sc_oobd_present) ?
3060 BT_SMP_OOB_PRESENT : BT_SMP_OOB_NOT_PRESENT;
3061
3062 req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3063
3064 if (req->auth_req & BT_SMP_AUTH_BONDING) {
3065 req->init_key_dist = SEND_KEYS;
3066 req->resp_key_dist = RECV_KEYS;
3067 } else {
3068 req->init_key_dist = 0;
3069 req->resp_key_dist = 0;
3070 }
3071
3072 smp->local_dist = req->init_key_dist;
3073 smp->remote_dist = req->resp_key_dist;
3074
3075 /* Store req for later use */
3076 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3077 memcpy(smp->preq + 1, req, sizeof(*req));
3078
3079 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3080 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3081 req->io_capability, req->oob_flag, req->auth_req,
3082 req->max_key_size, req->init_key_dist, req->resp_key_dist);
3083
3084 smp_send(smp, req_buf, NULL, NULL);
3085
3086 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
3087 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3088 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3089
3090 return 0;
3091 }
3092
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3093 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3094 {
3095 struct bt_conn *conn = smp->chan.chan.conn;
3096 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3097 struct bt_smp_pairing *rsp = (void *)buf->data;
3098 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3099 uint8_t err;
3100
3101 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3102 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3103 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
3104 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
3105
3106 if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
3107 (rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
3108 return BT_SMP_ERR_ENC_KEY_SIZE;
3109 }
3110
3111 smp->local_dist &= rsp->init_key_dist;
3112 smp->remote_dist &= rsp->resp_key_dist;
3113
3114 /* Store rsp for later use */
3115 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3116 memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
3117
3118 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3119 (req->auth_req & BT_SMP_AUTH_SC)) {
3120 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3121 }
3122
3123 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3124 (req->auth_req & BT_SMP_AUTH_CT2)) {
3125 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3126 }
3127
3128 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3129 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3130 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3131 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3132 /* Reject pairing req if not both intend to bond */
3133 LOG_DBG("Bonding required");
3134 return BT_SMP_ERR_UNSPECIFIED;
3135 } else {
3136 smp->local_dist = 0;
3137 smp->remote_dist = 0;
3138 }
3139
3140 smp->method = get_pair_method(smp, rsp->io_capability);
3141
3142 if (!update_keys_check(smp, conn->le.keys)) {
3143 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3144 }
3145
3146 err = remote_sec_level_reachable(smp);
3147 if (err) {
3148 return err;
3149 }
3150
3151 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3152 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3153 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3154 #else
3155 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3156 err = smp_pairing_accept_query(smp, rsp);
3157 if (err) {
3158 return err;
3159 }
3160 }
3161
3162 return legacy_pairing_rsp(smp);
3163 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3164 }
3165
3166 smp->local_dist &= SEND_KEYS_SC;
3167 smp->remote_dist &= RECV_KEYS_SC;
3168
3169 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3170 err = smp_pairing_accept_query(smp, rsp);
3171 if (err) {
3172 return err;
3173 }
3174 }
3175
3176 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3177 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3178 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3179 smp_auth_cb && smp_auth_cb->pairing_confirm) {
3180 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3181 smp_auth_cb->pairing_confirm(conn);
3182 return 0;
3183 }
3184
3185 if (!sc_public_key) {
3186 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
3187 return 0;
3188 }
3189
3190 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3191 atomic_clear_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3192
3193 return sc_send_public_key(smp);
3194 }
3195 #else
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3196 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3197 {
3198 return BT_SMP_ERR_CMD_NOTSUPP;
3199 }
3200 #endif /* CONFIG_BT_CENTRAL */
3201
smp_pairing_confirm(struct bt_smp * smp,struct net_buf * buf)3202 static uint8_t smp_pairing_confirm(struct bt_smp *smp, struct net_buf *buf)
3203 {
3204 struct bt_smp_pairing_confirm *req = (void *)buf->data;
3205
3206 LOG_DBG("");
3207
3208 atomic_clear_bit(smp->flags, SMP_FLAG_DISPLAY);
3209
3210 memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));
3211
3212 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3213 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3214 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3215 return smp_send_pairing_random(smp);
3216 }
3217
3218 if (!IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3219 return 0;
3220 }
3221
3222 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3223 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3224 return legacy_pairing_confirm(smp);
3225 }
3226 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3227
3228 switch (smp->method) {
3229 case PASSKEY_DISPLAY:
3230 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3231 return smp_send_pairing_confirm(smp);
3232 case PASSKEY_INPUT:
3233 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3234 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
3235 return 0;
3236 }
3237
3238 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3239 return smp_send_pairing_confirm(smp);
3240 case JUST_WORKS:
3241 case PASSKEY_CONFIRM:
3242 default:
3243 LOG_ERR("Unknown pairing method (%u)", smp->method);
3244 return BT_SMP_ERR_UNSPECIFIED;
3245 }
3246 }
3247
sc_smp_send_dhkey_check(struct bt_smp * smp,const uint8_t * e)3248 static uint8_t sc_smp_send_dhkey_check(struct bt_smp *smp, const uint8_t *e)
3249 {
3250 struct bt_smp_dhkey_check *req;
3251 struct net_buf *buf;
3252
3253 LOG_DBG("");
3254
3255 buf = smp_create_pdu(smp, BT_SMP_DHKEY_CHECK, sizeof(*req));
3256 if (!buf) {
3257 return BT_SMP_ERR_UNSPECIFIED;
3258 }
3259
3260 req = net_buf_add(buf, sizeof(*req));
3261 memcpy(req->e, e, sizeof(req->e));
3262
3263 smp_send(smp, buf, NULL, NULL);
3264
3265 return 0;
3266 }
3267
3268 #if defined(CONFIG_BT_CENTRAL)
compute_and_send_central_dhcheck(struct bt_smp * smp)3269 static uint8_t compute_and_send_central_dhcheck(struct bt_smp *smp)
3270 {
3271 uint8_t e[16], r[16];
3272
3273 (void)memset(r, 0, sizeof(r));
3274
3275 switch (smp->method) {
3276 case JUST_WORKS:
3277 case PASSKEY_CONFIRM:
3278 break;
3279 case PASSKEY_DISPLAY:
3280 case PASSKEY_INPUT:
3281 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3282 break;
3283 case LE_SC_OOB:
3284 if (smp->oobd_remote) {
3285 memcpy(r, smp->oobd_remote->r, sizeof(r));
3286 }
3287 break;
3288 default:
3289 LOG_ERR("Unknown pairing method (%u)", smp->method);
3290 return BT_SMP_ERR_UNSPECIFIED;
3291 }
3292
3293 /* calculate LTK and mackey */
3294 if (bt_crypto_f5(smp->dhkey, smp->prnd, smp->rrnd, &smp->chan.chan.conn->le.init_addr,
3295 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3296 LOG_ERR("Calculate LTK failed");
3297 return BT_SMP_ERR_UNSPECIFIED;
3298 }
3299 /* calculate local DHKey check */
3300 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->preq[1],
3301 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3302 e)) {
3303 LOG_ERR("Calculate local DHKey check failed");
3304 return BT_SMP_ERR_UNSPECIFIED;
3305 }
3306
3307 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3308 return sc_smp_send_dhkey_check(smp, e);
3309 }
3310 #endif /* CONFIG_BT_CENTRAL */
3311
3312 #if defined(CONFIG_BT_PERIPHERAL)
compute_and_check_and_send_periph_dhcheck(struct bt_smp * smp)3313 static uint8_t compute_and_check_and_send_periph_dhcheck(struct bt_smp *smp)
3314 {
3315 uint8_t re[16], e[16], r[16];
3316 uint8_t err;
3317
3318 (void)memset(r, 0, sizeof(r));
3319
3320 switch (smp->method) {
3321 case JUST_WORKS:
3322 case PASSKEY_CONFIRM:
3323 break;
3324 case PASSKEY_DISPLAY:
3325 case PASSKEY_INPUT:
3326 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3327 break;
3328 case LE_SC_OOB:
3329 if (smp->oobd_remote) {
3330 memcpy(r, smp->oobd_remote->r, sizeof(r));
3331 }
3332 break;
3333 default:
3334 LOG_ERR("Unknown pairing method (%u)", smp->method);
3335 return BT_SMP_ERR_UNSPECIFIED;
3336 }
3337
3338 /* calculate LTK and mackey */
3339 if (bt_crypto_f5(smp->dhkey, smp->rrnd, smp->prnd, &smp->chan.chan.conn->le.init_addr,
3340 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3341 LOG_ERR("Calculate LTK failed");
3342 return BT_SMP_ERR_UNSPECIFIED;
3343 }
3344
3345 /* calculate local DHKey check */
3346 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->prsp[1],
3347 &smp->chan.chan.conn->le.resp_addr, &smp->chan.chan.conn->le.init_addr,
3348 e)) {
3349 LOG_ERR("Calculate local DHKey check failed");
3350 return BT_SMP_ERR_UNSPECIFIED;
3351 }
3352
3353 if (smp->method == LE_SC_OOB) {
3354 if (smp->oobd_local) {
3355 memcpy(r, smp->oobd_local->r, sizeof(r));
3356 } else {
3357 memset(r, 0, sizeof(r));
3358 }
3359 }
3360
3361 /* calculate remote DHKey check */
3362 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->preq[1],
3363 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3364 re)) {
3365 LOG_ERR("Calculate remote DHKey check failed");
3366 return BT_SMP_ERR_UNSPECIFIED;
3367 }
3368
3369 /* compare received E with calculated remote */
3370 if (memcmp(smp->e, re, 16)) {
3371 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3372 }
3373
3374 /* send local e */
3375 err = sc_smp_send_dhkey_check(smp, e);
3376 if (err) {
3377 return err;
3378 }
3379
3380 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
3381 return 0;
3382 }
3383 #endif /* CONFIG_BT_PERIPHERAL */
3384
3385 static void bt_smp_dhkey_ready(const uint8_t *dhkey);
smp_dhkey_generate(struct bt_smp * smp)3386 static uint8_t smp_dhkey_generate(struct bt_smp *smp)
3387 {
3388 int err;
3389
3390 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3391 err = bt_dh_key_gen(smp->pkey, bt_smp_dhkey_ready);
3392 if (err) {
3393 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3394
3395 LOG_ERR("Failed to generate DHKey");
3396 return BT_SMP_ERR_UNSPECIFIED;
3397 }
3398
3399 return 0;
3400 }
3401
smp_dhkey_ready(struct bt_smp * smp,const uint8_t * dhkey)3402 static uint8_t smp_dhkey_ready(struct bt_smp *smp, const uint8_t *dhkey)
3403 {
3404 if (!dhkey) {
3405 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3406 }
3407
3408 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
3409 memcpy(smp->dhkey, dhkey, BT_DH_KEY_LEN);
3410
3411 /* wait for user passkey confirmation */
3412 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3413 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3414 return 0;
3415 }
3416
3417 /* wait for remote DHKey Check */
3418 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
3419 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3420 return 0;
3421 }
3422
3423 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
3424 #if defined(CONFIG_BT_CENTRAL)
3425 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3426 return compute_and_send_central_dhcheck(smp);
3427 }
3428
3429 #endif /* CONFIG_BT_CENTRAL */
3430
3431 #if defined(CONFIG_BT_PERIPHERAL)
3432 return compute_and_check_and_send_periph_dhcheck(smp);
3433 #endif /* CONFIG_BT_PERIPHERAL */
3434 }
3435
3436 return 0;
3437 }
3438
smp_find(int flag)3439 static struct bt_smp *smp_find(int flag)
3440 {
3441 for (int i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
3442 if (atomic_test_bit(bt_smp_pool[i].flags, flag)) {
3443 return &bt_smp_pool[i];
3444 }
3445 }
3446
3447 return NULL;
3448 }
3449
bt_smp_dhkey_ready(const uint8_t * dhkey)3450 static void bt_smp_dhkey_ready(const uint8_t *dhkey)
3451 {
3452 LOG_DBG("%p", (void *)dhkey);
3453 int err;
3454
3455 struct bt_smp *smp = smp_find(SMP_FLAG_DHKEY_GEN);
3456 if (smp) {
3457 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3458 err = smp_dhkey_ready(smp, dhkey);
3459 if (err) {
3460 smp_error(smp, err);
3461 }
3462 }
3463
3464 err = 0;
3465 do {
3466 smp = smp_find(SMP_FLAG_DHKEY_PENDING);
3467 if (smp) {
3468 err = smp_dhkey_generate(smp);
3469 if (err) {
3470 smp_error(smp, err);
3471 }
3472 }
3473 } while (smp && err);
3474 }
3475
sc_smp_check_confirm(struct bt_smp * smp)3476 static uint8_t sc_smp_check_confirm(struct bt_smp *smp)
3477 {
3478 uint8_t cfm[16];
3479 uint8_t r;
3480
3481 switch (smp->method) {
3482 case LE_SC_OOB:
3483 return 0;
3484 case PASSKEY_CONFIRM:
3485 case JUST_WORKS:
3486 r = 0U;
3487 break;
3488 case PASSKEY_DISPLAY:
3489 case PASSKEY_INPUT:
3490 /*
3491 * In the Passkey Entry protocol, the most significant
3492 * bit of Z is set equal to one and the least
3493 * significant bit is made up from one bit of the
3494 * passkey e.g. if the passkey bit is 1, then Z = 0x81
3495 * and if the passkey bit is 0, then Z = 0x80.
3496 */
3497 r = (smp->passkey >> smp->passkey_round) & 0x01;
3498 r |= 0x80;
3499 break;
3500 default:
3501 LOG_ERR("Unknown pairing method (%u)", smp->method);
3502 return BT_SMP_ERR_UNSPECIFIED;
3503 }
3504
3505 if (bt_crypto_f4(smp->pkey, sc_public_key, smp->rrnd, r, cfm)) {
3506 LOG_ERR("Calculate confirm failed");
3507 return BT_SMP_ERR_UNSPECIFIED;
3508 }
3509
3510 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
3511 LOG_DBG("cfm %s", bt_hex(cfm, 16));
3512
3513 if (memcmp(smp->pcnf, cfm, 16)) {
3514 return BT_SMP_ERR_CONFIRM_FAILED;
3515 }
3516
3517 return 0;
3518 }
3519
le_sc_oob_data_req_check(struct bt_smp * smp)3520 static bool le_sc_oob_data_req_check(struct bt_smp *smp)
3521 {
3522 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3523
3524 return ((req->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3525 }
3526
le_sc_oob_data_rsp_check(struct bt_smp * smp)3527 static bool le_sc_oob_data_rsp_check(struct bt_smp *smp)
3528 {
3529 struct bt_smp_pairing *rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3530
3531 return ((rsp->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3532 }
3533
le_sc_oob_config_set(struct bt_smp * smp,struct bt_conn_oob_info * info)3534 static void le_sc_oob_config_set(struct bt_smp *smp,
3535 struct bt_conn_oob_info *info)
3536 {
3537 bool req_oob_present = le_sc_oob_data_req_check(smp);
3538 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
3539 int oob_config = BT_CONN_OOB_NO_DATA;
3540
3541 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3542 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3543 oob_config = req_oob_present ? BT_CONN_OOB_REMOTE_ONLY :
3544 BT_CONN_OOB_NO_DATA;
3545
3546 if (rsp_oob_present) {
3547 oob_config = (oob_config == BT_CONN_OOB_REMOTE_ONLY) ?
3548 BT_CONN_OOB_BOTH_PEERS :
3549 BT_CONN_OOB_LOCAL_ONLY;
3550 }
3551 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3552 oob_config = req_oob_present ? BT_CONN_OOB_LOCAL_ONLY :
3553 BT_CONN_OOB_NO_DATA;
3554
3555 if (rsp_oob_present) {
3556 oob_config = (oob_config == BT_CONN_OOB_LOCAL_ONLY) ?
3557 BT_CONN_OOB_BOTH_PEERS :
3558 BT_CONN_OOB_REMOTE_ONLY;
3559 }
3560 }
3561
3562 info->lesc.oob_config = oob_config;
3563 }
3564
smp_pairing_random(struct bt_smp * smp,struct net_buf * buf)3565 static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
3566 {
3567 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3568 struct bt_smp_pairing_random *req = (void *)buf->data;
3569 uint32_t passkey;
3570 uint8_t err;
3571
3572 LOG_DBG("");
3573
3574 memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
3575
3576 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3577 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3578 return legacy_pairing_random(smp);
3579 }
3580 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3581
3582 #if defined(CONFIG_BT_CENTRAL)
3583 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3584 err = sc_smp_check_confirm(smp);
3585 if (err) {
3586 return err;
3587 }
3588
3589 switch (smp->method) {
3590 case PASSKEY_CONFIRM:
3591 /* compare passkey before calculating LTK */
3592 if (bt_crypto_g2(sc_public_key, smp->pkey, smp->prnd, smp->rrnd,
3593 &passkey)) {
3594 return BT_SMP_ERR_UNSPECIFIED;
3595 }
3596
3597 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3598 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3599 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3600 return 0;
3601 case JUST_WORKS:
3602 break;
3603 case LE_SC_OOB:
3604 break;
3605 case PASSKEY_DISPLAY:
3606 case PASSKEY_INPUT:
3607 smp->passkey_round++;
3608 if (smp->passkey_round == 20U) {
3609 break;
3610 }
3611
3612 if (bt_rand(smp->prnd, 16)) {
3613 return BT_SMP_ERR_UNSPECIFIED;
3614 }
3615
3616 atomic_set_bit(smp->allowed_cmds,
3617 BT_SMP_CMD_PAIRING_CONFIRM);
3618 return smp_send_pairing_confirm(smp);
3619 default:
3620 LOG_ERR("Unknown pairing method (%u)", smp->method);
3621 return BT_SMP_ERR_UNSPECIFIED;
3622 }
3623
3624 /* wait for DHKey being generated */
3625 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
3626 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3627 return 0;
3628 }
3629
3630 return compute_and_send_central_dhcheck(smp);
3631 }
3632 #endif /* CONFIG_BT_CENTRAL */
3633
3634 #if defined(CONFIG_BT_PERIPHERAL)
3635 switch (smp->method) {
3636 case PASSKEY_CONFIRM:
3637 if (bt_crypto_g2(smp->pkey, sc_public_key, smp->rrnd, smp->prnd, &passkey)) {
3638 return BT_SMP_ERR_UNSPECIFIED;
3639 }
3640
3641 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3642 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3643 break;
3644 case JUST_WORKS:
3645 break;
3646 case PASSKEY_DISPLAY:
3647 case PASSKEY_INPUT:
3648 err = sc_smp_check_confirm(smp);
3649 if (err) {
3650 return err;
3651 }
3652
3653 atomic_set_bit(smp->allowed_cmds,
3654 BT_SMP_CMD_PAIRING_CONFIRM);
3655 err = smp_send_pairing_random(smp);
3656 if (err) {
3657 return err;
3658 }
3659
3660 smp->passkey_round++;
3661 if (smp->passkey_round == 20U) {
3662 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3663 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3664 return 0;
3665 }
3666
3667 if (bt_rand(smp->prnd, 16)) {
3668 return BT_SMP_ERR_UNSPECIFIED;
3669 }
3670
3671 return 0;
3672 case LE_SC_OOB:
3673 /* Step 6: Select random N */
3674 if (bt_rand(smp->prnd, 16)) {
3675 return BT_SMP_ERR_UNSPECIFIED;
3676 }
3677
3678 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
3679 struct bt_conn_oob_info info = {
3680 .type = BT_CONN_OOB_LE_SC,
3681 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
3682 };
3683
3684 le_sc_oob_config_set(smp, &info);
3685
3686 smp->oobd_local = NULL;
3687 smp->oobd_remote = NULL;
3688
3689 atomic_set_bit(smp->flags, SMP_FLAG_OOB_PENDING);
3690 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
3691
3692 return 0;
3693 } else {
3694 return BT_SMP_ERR_OOB_NOT_AVAIL;
3695 }
3696 default:
3697 LOG_ERR("Unknown pairing method (%u)", smp->method);
3698 return BT_SMP_ERR_UNSPECIFIED;
3699 }
3700
3701 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3702 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3703 return smp_send_pairing_random(smp);
3704 #else
3705 return BT_SMP_ERR_PAIRING_NOTSUPP;
3706 #endif /* CONFIG_BT_PERIPHERAL */
3707 }
3708
smp_pairing_failed(struct bt_smp * smp,struct net_buf * buf)3709 static uint8_t smp_pairing_failed(struct bt_smp *smp, struct net_buf *buf)
3710 {
3711 struct bt_conn *conn = smp->chan.chan.conn;
3712 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3713 struct bt_smp_pairing_fail *req = (void *)buf->data;
3714
3715 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
3716
3717 if (atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER) ||
3718 atomic_test_and_clear_bit(smp->flags, SMP_FLAG_DISPLAY)) {
3719 if (smp_auth_cb && smp_auth_cb->cancel) {
3720 smp_auth_cb->cancel(conn);
3721 }
3722 }
3723
3724 smp_pairing_complete(smp, req->reason);
3725
3726 /* return no error to avoid sending Pairing Failed in response */
3727 return 0;
3728 }
3729
smp_ident_info(struct bt_smp * smp,struct net_buf * buf)3730 static uint8_t smp_ident_info(struct bt_smp *smp, struct net_buf *buf)
3731 {
3732 LOG_DBG("");
3733
3734 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3735 struct bt_smp_ident_info *req = (void *)buf->data;
3736 struct bt_conn *conn = smp->chan.chan.conn;
3737 struct bt_keys *keys;
3738
3739 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3740 if (!keys) {
3741 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3742 return BT_SMP_ERR_UNSPECIFIED;
3743 }
3744
3745 memcpy(keys->irk.val, req->irk, 16);
3746 }
3747
3748 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
3749
3750 return 0;
3751 }
3752
smp_id_add_replace(struct bt_smp * smp,struct bt_keys * new_bond)3753 static uint8_t smp_id_add_replace(struct bt_smp *smp, struct bt_keys *new_bond)
3754 {
3755 struct bt_keys *conflict;
3756
3757 /* Sanity check: It does not make sense to finalize a bond before we
3758 * have the remote identity.
3759 */
3760 __ASSERT_NO_MSG(!(smp->remote_dist & BT_SMP_DIST_ID_KEY));
3761
3762 conflict = bt_id_find_conflict(new_bond);
3763 if (conflict) {
3764 LOG_DBG("New bond conflicts with a bond on id %d.", conflict->id);
3765 }
3766
3767 if (conflict && !IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3768 LOG_WRN("Refusing new pairing. The old bond must be unpaired first.");
3769 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3770 }
3771
3772 if (conflict && IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3773 bool trust_ok;
3774 int unpair_err;
3775
3776 trust_ok = update_keys_check(smp, conflict);
3777 if (!trust_ok) {
3778 LOG_WRN("Refusing new pairing. The old bond has more trust.");
3779 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3780 }
3781
3782 LOG_DBG("Un-pairing old conflicting bond and finalizing new.");
3783
3784 unpair_err = bt_unpair(conflict->id, &conflict->addr);
3785 __ASSERT_NO_MSG(!unpair_err);
3786 }
3787
3788 __ASSERT_NO_MSG(!bt_id_find_conflict(new_bond));
3789 bt_id_add(new_bond);
3790 return 0;
3791 }
3792
smp_ident_addr_info(struct bt_smp * smp,struct net_buf * buf)3793 static uint8_t smp_ident_addr_info(struct bt_smp *smp, struct net_buf *buf)
3794 {
3795 struct bt_conn *conn = smp->chan.chan.conn;
3796 struct bt_smp_ident_addr_info *req = (void *)buf->data;
3797 uint8_t err;
3798
3799 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
3800
3801 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
3802
3803 if (!bt_addr_le_is_identity(&req->addr)) {
3804 LOG_ERR("Invalid identity %s", bt_addr_le_str(&req->addr));
3805 LOG_ERR(" for %s", bt_addr_le_str(&conn->le.dst));
3806 return BT_SMP_ERR_INVALID_PARAMS;
3807 }
3808
3809 if (!bt_addr_le_eq(&conn->le.dst, &req->addr)) {
3810 struct bt_keys *keys = bt_keys_find_addr(conn->id, &req->addr);
3811
3812 if (keys) {
3813 if (!update_keys_check(smp, keys)) {
3814 return BT_SMP_ERR_UNSPECIFIED;
3815 }
3816
3817 bt_keys_clear(keys);
3818 }
3819 }
3820
3821 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3822 const bt_addr_le_t *dst;
3823 struct bt_keys *keys;
3824
3825 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3826 if (!keys) {
3827 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3828 return BT_SMP_ERR_UNSPECIFIED;
3829 }
3830
3831 /*
3832 * We can't use conn->dst here as this might already contain
3833 * identity address known from previous pairing. Since all keys
3834 * are cleared on re-pairing we wouldn't store IRK distributed
3835 * in new pairing.
3836 */
3837 if (conn->role == BT_HCI_ROLE_CENTRAL) {
3838 dst = &conn->le.resp_addr;
3839 } else {
3840 dst = &conn->le.init_addr;
3841 }
3842
3843 if (bt_addr_le_is_rpa(dst)) {
3844 /* always update last use RPA */
3845 bt_addr_copy(&keys->irk.rpa, &dst->a);
3846
3847 /*
3848 * Update connection address and notify about identity
3849 * resolved only if connection wasn't already reported
3850 * with identity address. This may happen if IRK was
3851 * present before ie. due to re-pairing.
3852 */
3853 if (!bt_addr_le_is_identity(&conn->le.dst)) {
3854 bt_addr_le_copy(&keys->addr, &req->addr);
3855 bt_addr_le_copy(&conn->le.dst, &req->addr);
3856
3857 bt_conn_identity_resolved(conn);
3858 }
3859 }
3860
3861 err = smp_id_add_replace(smp, keys);
3862 if (err) {
3863 return err;
3864 }
3865 }
3866
3867 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
3868 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
3869 }
3870
3871 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3872 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
3873 err = bt_smp_distribute_keys(smp);
3874 if (err) {
3875 return err;
3876 }
3877 }
3878
3879 /* if all keys were distributed, pairing is done */
3880 if (!smp->local_dist && !smp->remote_dist) {
3881 smp_pairing_complete(smp, 0);
3882 }
3883
3884 return 0;
3885 }
3886
3887 #if defined(CONFIG_BT_SIGNING)
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)3888 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
3889 {
3890 struct bt_conn *conn = smp->chan.chan.conn;
3891 uint8_t err;
3892
3893 LOG_DBG("");
3894
3895 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3896 struct bt_smp_signing_info *req = (void *)buf->data;
3897 struct bt_keys *keys;
3898
3899 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id,
3900 &conn->le.dst);
3901 if (!keys) {
3902 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3903 return BT_SMP_ERR_UNSPECIFIED;
3904 }
3905
3906 memcpy(keys->remote_csrk.val, req->csrk,
3907 sizeof(keys->remote_csrk.val));
3908 }
3909
3910 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
3911
3912 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3913 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
3914 err = bt_smp_distribute_keys(smp);
3915 if (err) {
3916 return err;
3917 }
3918 }
3919
3920 /* if all keys were distributed, pairing is done */
3921 if (!smp->local_dist && !smp->remote_dist) {
3922 smp_pairing_complete(smp, 0);
3923 }
3924
3925 return 0;
3926 }
3927 #else
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)3928 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
3929 {
3930 return BT_SMP_ERR_CMD_NOTSUPP;
3931 }
3932 #endif /* CONFIG_BT_SIGNING */
3933
3934 #if defined(CONFIG_BT_CENTRAL)
smp_security_request(struct bt_smp * smp,struct net_buf * buf)3935 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
3936 {
3937 struct bt_conn *conn = smp->chan.chan.conn;
3938 struct bt_smp_security_request *req = (void *)buf->data;
3939 uint8_t auth;
3940
3941 LOG_DBG("");
3942
3943 /* A higher security level is requested during the key distribution
3944 * phase, once pairing is complete a new pairing procedure will start.
3945 */
3946 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
3947 return 0;
3948 }
3949
3950 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
3951 /* We have already started pairing process */
3952 return 0;
3953 }
3954
3955 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
3956 /* We have already started encryption procedure */
3957 return 0;
3958 }
3959
3960 if (sc_supported) {
3961 auth = req->auth_req & BT_SMP_AUTH_MASK_SC;
3962 } else {
3963 auth = req->auth_req & BT_SMP_AUTH_MASK;
3964 }
3965
3966 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3967 !(auth & BT_SMP_AUTH_SC)) {
3968 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3969 }
3970
3971 if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED) &&
3972 !(bondable && (auth & BT_SMP_AUTH_BONDING))) {
3973 /* Reject security req if not both intend to bond */
3974 LOG_DBG("Bonding required");
3975 return BT_SMP_ERR_UNSPECIFIED;
3976 }
3977
3978 if (conn->le.keys) {
3979 /* Make sure we have an LTK to encrypt with */
3980 if (!(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
3981 goto pair;
3982 }
3983 } else {
3984 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
3985 &conn->le.dst);
3986 if (!conn->le.keys) {
3987 conn->le.keys = bt_keys_find(BT_KEYS_LTK, conn->id,
3988 &conn->le.dst);
3989 }
3990 }
3991
3992 if (!conn->le.keys) {
3993 goto pair;
3994 }
3995
3996 /* if MITM required key must be authenticated */
3997 if ((auth & BT_SMP_AUTH_MITM) &&
3998 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
3999 if (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT) {
4000 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4001 goto pair;
4002 }
4003
4004 LOG_WRN("Unsupported auth requirements: 0x%x, repairing", auth);
4005 goto pair;
4006 }
4007
4008 /* if LE SC required and no p256 key present repair */
4009 if ((auth & BT_SMP_AUTH_SC) &&
4010 !(conn->le.keys->keys & BT_KEYS_LTK_P256)) {
4011 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4012 goto pair;
4013 }
4014
4015 if (bt_conn_le_start_encryption(conn, conn->le.keys->ltk.rand,
4016 conn->le.keys->ltk.ediv,
4017 conn->le.keys->ltk.val,
4018 conn->le.keys->enc_size) < 0) {
4019 LOG_ERR("Failed to start encryption");
4020 return BT_SMP_ERR_UNSPECIFIED;
4021 }
4022
4023 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4024
4025 return 0;
4026 pair:
4027 if (smp_send_pairing_req(conn) < 0) {
4028 return BT_SMP_ERR_UNSPECIFIED;
4029 }
4030
4031 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
4032
4033 return 0;
4034 }
4035 #else
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4036 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4037 {
4038 return BT_SMP_ERR_CMD_NOTSUPP;
4039 }
4040 #endif /* CONFIG_BT_CENTRAL */
4041
generate_dhkey(struct bt_smp * smp)4042 static uint8_t generate_dhkey(struct bt_smp *smp)
4043 {
4044 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
4045 return BT_SMP_ERR_UNSPECIFIED;
4046 }
4047
4048 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
4049 if (!smp_find(SMP_FLAG_DHKEY_GEN)) {
4050 return smp_dhkey_generate(smp);
4051 }
4052
4053 return 0;
4054 }
4055
display_passkey(struct bt_smp * smp)4056 static uint8_t display_passkey(struct bt_smp *smp)
4057 {
4058 struct bt_conn *conn = smp->chan.chan.conn;
4059 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4060
4061 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
4062 fixed_passkey != BT_PASSKEY_INVALID) {
4063 smp->passkey = fixed_passkey;
4064 } else {
4065 if (bt_rand(&smp->passkey, sizeof(smp->passkey))) {
4066 return BT_SMP_ERR_UNSPECIFIED;
4067 }
4068
4069 smp->passkey %= 1000000;
4070 }
4071
4072 smp->passkey_round = 0U;
4073
4074 if (smp_auth_cb && smp_auth_cb->passkey_display) {
4075 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
4076 smp_auth_cb->passkey_display(conn, smp->passkey);
4077 }
4078
4079 smp->passkey = sys_cpu_to_le32(smp->passkey);
4080
4081 return 0;
4082 }
4083
4084 #if defined(CONFIG_BT_PERIPHERAL)
smp_public_key_periph(struct bt_smp * smp)4085 static uint8_t smp_public_key_periph(struct bt_smp *smp)
4086 {
4087 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4088 uint8_t err;
4089
4090 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4091 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4092 /* Deny public key with identitcal X coordinate unless it is the
4093 * debug public key.
4094 */
4095 LOG_WRN("Remote public key rejected");
4096 return BT_SMP_ERR_UNSPECIFIED;
4097 }
4098
4099 err = sc_send_public_key(smp);
4100 if (err) {
4101 return err;
4102 }
4103
4104 switch (smp->method) {
4105 case PASSKEY_CONFIRM:
4106 case JUST_WORKS:
4107 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4108
4109 err = smp_send_pairing_confirm(smp);
4110 if (err) {
4111 return err;
4112 }
4113 break;
4114 case PASSKEY_DISPLAY:
4115 err = display_passkey(smp);
4116 if (err) {
4117 return err;
4118 }
4119
4120 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4121 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4122 break;
4123 case PASSKEY_INPUT:
4124 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4125 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4126 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4127 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4128 break;
4129 case LE_SC_OOB:
4130 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4131 break;
4132 default:
4133 LOG_ERR("Unknown pairing method (%u)", smp->method);
4134 return BT_SMP_ERR_UNSPECIFIED;
4135 }
4136
4137 return generate_dhkey(smp);
4138 }
4139 #endif /* CONFIG_BT_PERIPHERAL */
4140
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4141 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4142 {
4143 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4144 struct bt_smp_public_key *req = (void *)buf->data;
4145 uint8_t err;
4146
4147 LOG_DBG("");
4148
4149 memcpy(smp->pkey, req->x, BT_PUB_KEY_COORD_LEN);
4150 memcpy(&smp->pkey[BT_PUB_KEY_COORD_LEN], req->y, BT_PUB_KEY_COORD_LEN);
4151
4152 /* mark key as debug if remote is using it */
4153 if (bt_pub_key_is_debug(smp->pkey)) {
4154 LOG_INF("Remote is using Debug Public key");
4155 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
4156
4157 /* Don't allow a bond established without debug key to be
4158 * updated using LTK generated from debug key.
4159 */
4160 if (!update_debug_keys_check(smp)) {
4161 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4162 }
4163 }
4164
4165 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4166 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4167 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4168 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4169 /* Deny public key with identitcal X coordinate unless
4170 * it is the debug public key.
4171 */
4172 LOG_WRN("Remote public key rejected");
4173 return BT_SMP_ERR_UNSPECIFIED;
4174 }
4175
4176 switch (smp->method) {
4177 case PASSKEY_CONFIRM:
4178 case JUST_WORKS:
4179 atomic_set_bit(smp->allowed_cmds,
4180 BT_SMP_CMD_PAIRING_CONFIRM);
4181 break;
4182 case PASSKEY_DISPLAY:
4183 err = display_passkey(smp);
4184 if (err) {
4185 return err;
4186 }
4187
4188 atomic_set_bit(smp->allowed_cmds,
4189 BT_SMP_CMD_PAIRING_CONFIRM);
4190
4191 atomic_set_bit(smp->allowed_cmds,
4192 BT_SMP_KEYPRESS_NOTIFICATION);
4193
4194 err = smp_send_pairing_confirm(smp);
4195 if (err) {
4196 return err;
4197 }
4198 break;
4199 case PASSKEY_INPUT:
4200 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4201 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4202
4203 atomic_set_bit(smp->allowed_cmds,
4204 BT_SMP_KEYPRESS_NOTIFICATION);
4205
4206 break;
4207 case LE_SC_OOB:
4208 /* Step 6: Select random N */
4209 if (bt_rand(smp->prnd, 16)) {
4210 return BT_SMP_ERR_UNSPECIFIED;
4211 }
4212
4213 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
4214 struct bt_conn_oob_info info = {
4215 .type = BT_CONN_OOB_LE_SC,
4216 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
4217 };
4218
4219 le_sc_oob_config_set(smp, &info);
4220
4221 smp->oobd_local = NULL;
4222 smp->oobd_remote = NULL;
4223
4224 atomic_set_bit(smp->flags,
4225 SMP_FLAG_OOB_PENDING);
4226 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
4227 } else {
4228 return BT_SMP_ERR_OOB_NOT_AVAIL;
4229 }
4230 break;
4231 default:
4232 LOG_ERR("Unknown pairing method (%u)", smp->method);
4233 return BT_SMP_ERR_UNSPECIFIED;
4234 }
4235
4236 return generate_dhkey(smp);
4237 }
4238
4239 #if defined(CONFIG_BT_PERIPHERAL)
4240 if (!sc_public_key) {
4241 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
4242 return 0;
4243 }
4244
4245 err = smp_public_key_periph(smp);
4246 if (err) {
4247 return err;
4248 }
4249 #endif /* CONFIG_BT_PERIPHERAL */
4250
4251 return 0;
4252 }
4253
smp_dhkey_check(struct bt_smp * smp,struct net_buf * buf)4254 static uint8_t smp_dhkey_check(struct bt_smp *smp, struct net_buf *buf)
4255 {
4256 struct bt_smp_dhkey_check *req = (void *)buf->data;
4257
4258 LOG_DBG("");
4259
4260 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4261 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4262 uint8_t e[16], r[16], enc_size;
4263 uint8_t ediv[2], rand[8];
4264
4265 (void)memset(r, 0, sizeof(r));
4266
4267 switch (smp->method) {
4268 case JUST_WORKS:
4269 case PASSKEY_CONFIRM:
4270 break;
4271 case PASSKEY_DISPLAY:
4272 case PASSKEY_INPUT:
4273 memcpy(r, &smp->passkey, sizeof(smp->passkey));
4274 break;
4275 case LE_SC_OOB:
4276 if (smp->oobd_local) {
4277 memcpy(r, smp->oobd_local->r, sizeof(r));
4278 }
4279 break;
4280 default:
4281 LOG_ERR("Unknown pairing method (%u)", smp->method);
4282 return BT_SMP_ERR_UNSPECIFIED;
4283 }
4284
4285 /* calculate remote DHKey check for comparison */
4286 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->prsp[1],
4287 &smp->chan.chan.conn->le.resp_addr,
4288 &smp->chan.chan.conn->le.init_addr, e)) {
4289 return BT_SMP_ERR_UNSPECIFIED;
4290 }
4291
4292 if (memcmp(e, req->e, 16)) {
4293 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
4294 }
4295
4296 enc_size = get_encryption_key_size(smp);
4297
4298 /* Rand and EDiv are 0 */
4299 (void)memset(ediv, 0, sizeof(ediv));
4300 (void)memset(rand, 0, sizeof(rand));
4301 if (bt_conn_le_start_encryption(smp->chan.chan.conn, rand, ediv,
4302 smp->tk, enc_size) < 0) {
4303 LOG_ERR("Failed to start encryption");
4304 return BT_SMP_ERR_UNSPECIFIED;
4305 }
4306
4307 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4308
4309 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
4310 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4311 atomic_set_bit(smp->allowed_cmds,
4312 BT_SMP_CMD_IDENT_INFO);
4313 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4314 atomic_set_bit(smp->allowed_cmds,
4315 BT_SMP_CMD_SIGNING_INFO);
4316 }
4317 }
4318
4319 return 0;
4320 }
4321
4322 #if defined(CONFIG_BT_PERIPHERAL)
4323 if (smp->chan.chan.conn->role == BT_HCI_ROLE_PERIPHERAL) {
4324 atomic_clear_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
4325 memcpy(smp->e, req->e, sizeof(smp->e));
4326
4327 /* wait for DHKey being generated */
4328 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
4329 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4330 return 0;
4331 }
4332
4333 /* waiting for user to confirm passkey */
4334 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
4335 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4336 return 0;
4337 }
4338
4339 return compute_and_check_and_send_periph_dhcheck(smp);
4340 }
4341 #endif /* CONFIG_BT_PERIPHERAL */
4342
4343 return 0;
4344 }
4345
4346 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4347 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4348 {
4349 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4350 struct bt_conn *conn = smp->chan.chan.conn;
4351 struct bt_smp_keypress_notif *notif = (void *)buf->data;
4352 enum bt_conn_auth_keypress type = notif->type;
4353
4354 LOG_DBG("Keypress from conn %u, type %u", bt_conn_index(conn), type);
4355
4356 /* For now, keypress notifications are always accepted. In the future we
4357 * should be smarter about this. We might also want to enforce something
4358 * about the 'start' and 'end' messages.
4359 */
4360 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4361
4362 if (!IN_RANGE(type,
4363 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
4364 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
4365 LOG_WRN("Received unknown keypress event type %u. Discarding.", type);
4366 return BT_SMP_ERR_INVALID_PARAMS;
4367 }
4368
4369 /* Reset SMP timeout, like the spec says. */
4370 k_work_reschedule(&smp->work, SMP_TIMEOUT);
4371
4372 if (smp_auth_cb->passkey_display_keypress) {
4373 smp_auth_cb->passkey_display_keypress(conn, type);
4374 }
4375
4376 return 0;
4377 }
4378 #else
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4379 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4380 {
4381 ARG_UNUSED(smp);
4382 ARG_UNUSED(buf);
4383
4384 LOG_DBG("");
4385
4386 /* Ignore packets until keypress notifications are fully supported. */
4387 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4388 return 0;
4389 }
4390 #endif
4391
4392 static const struct {
4393 uint8_t (*func)(struct bt_smp *smp, struct net_buf *buf);
4394 uint8_t expect_len;
4395 } handlers[] = {
4396 { }, /* No op-code defined for 0x00 */
4397 { smp_pairing_req, sizeof(struct bt_smp_pairing) },
4398 { smp_pairing_rsp, sizeof(struct bt_smp_pairing) },
4399 { smp_pairing_confirm, sizeof(struct bt_smp_pairing_confirm) },
4400 { smp_pairing_random, sizeof(struct bt_smp_pairing_random) },
4401 { smp_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
4402 { smp_encrypt_info, sizeof(struct bt_smp_encrypt_info) },
4403 { smp_central_ident, sizeof(struct bt_smp_central_ident) },
4404 { smp_ident_info, sizeof(struct bt_smp_ident_info) },
4405 { smp_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
4406 { smp_signing_info, sizeof(struct bt_smp_signing_info) },
4407 { smp_security_request, sizeof(struct bt_smp_security_request) },
4408 { smp_public_key, sizeof(struct bt_smp_public_key) },
4409 { smp_dhkey_check, sizeof(struct bt_smp_dhkey_check) },
4410 { smp_keypress_notif, sizeof(struct bt_smp_keypress_notif) },
4411 };
4412
is_in_pairing_procedure(struct bt_smp * smp)4413 static bool is_in_pairing_procedure(struct bt_smp *smp)
4414 {
4415 return atomic_test_bit(smp->flags, SMP_FLAG_PAIRING);
4416 }
4417
bt_smp_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)4418 static int bt_smp_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
4419 {
4420 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4421 struct bt_smp_hdr *hdr;
4422 uint8_t err;
4423
4424 if (buf->len < sizeof(*hdr)) {
4425 LOG_ERR("Too small SMP PDU received");
4426 return 0;
4427 }
4428
4429 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4430 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
4431
4432 /*
4433 * If SMP timeout occurred "no further SMP commands shall be sent over
4434 * the L2CAP Security Manager Channel. A new SM procedure shall only be
4435 * performed when a new physical link has been established."
4436 */
4437 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
4438 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
4439 return 0;
4440 }
4441
4442 /*
4443 * Bluetooth Core Specification Version 5.2, Vol 3, Part H, page 1667:
4444 * If a packet is received with a Code that is reserved for future use
4445 * it shall be ignored.
4446 */
4447 if (hdr->code >= ARRAY_SIZE(handlers)) {
4448 LOG_WRN("Received reserved SMP code 0x%02x", hdr->code);
4449 return 0;
4450 }
4451
4452 if (!handlers[hdr->code].func) {
4453 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
4454 smp_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
4455 return 0;
4456 }
4457
4458 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
4459 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
4460 /* Do not send errors outside of pairing procedure. */
4461 if (is_in_pairing_procedure(smp)) {
4462 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
4463 }
4464 return 0;
4465 }
4466
4467 if (buf->len != handlers[hdr->code].expect_len) {
4468 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
4469 smp_error(smp, BT_SMP_ERR_INVALID_PARAMS);
4470 return 0;
4471 }
4472
4473 err = handlers[hdr->code].func(smp, buf);
4474 if (err) {
4475 smp_error(smp, err);
4476 }
4477
4478 return 0;
4479 }
4480
bt_smp_pkey_ready(const uint8_t * pkey)4481 static void bt_smp_pkey_ready(const uint8_t *pkey)
4482 {
4483 int i;
4484
4485 LOG_DBG("");
4486
4487 sc_public_key = pkey;
4488
4489 if (!pkey) {
4490 LOG_WRN("Public key not available");
4491 return;
4492 }
4493
4494 k_sem_give(&sc_local_pkey_ready);
4495
4496 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
4497 struct bt_smp *smp = &bt_smp_pool[i];
4498 uint8_t err;
4499
4500 if (!atomic_test_bit(smp->flags, SMP_FLAG_PKEY_SEND)) {
4501 continue;
4502 }
4503
4504 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4505 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4506 err = sc_send_public_key(smp);
4507 if (err) {
4508 smp_error(smp, err);
4509 }
4510
4511 atomic_set_bit(smp->allowed_cmds,
4512 BT_SMP_CMD_PUBLIC_KEY);
4513 continue;
4514 }
4515
4516 #if defined(CONFIG_BT_PERIPHERAL)
4517 err = smp_public_key_periph(smp);
4518 if (err) {
4519 smp_error(smp, err);
4520 }
4521 #endif /* CONFIG_BT_PERIPHERAL */
4522 }
4523 }
4524
bt_smp_connected(struct bt_l2cap_chan * chan)4525 static void bt_smp_connected(struct bt_l2cap_chan *chan)
4526 {
4527 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4528
4529 LOG_DBG("chan %p cid 0x%04x", chan,
4530 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4531
4532 k_work_init_delayable(&smp->work, smp_timeout);
4533 smp_reset(smp);
4534
4535 atomic_ptr_set(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED);
4536 }
4537
bt_smp_disconnected(struct bt_l2cap_chan * chan)4538 static void bt_smp_disconnected(struct bt_l2cap_chan *chan)
4539 {
4540 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4541 struct bt_keys *keys = chan->conn->le.keys;
4542
4543 LOG_DBG("chan %p cid 0x%04x", chan,
4544 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4545
4546 /* Channel disconnected callback is always called from a work handler
4547 * so canceling of the timeout work should always succeed.
4548 */
4549 (void)k_work_cancel_delayable(&smp->work);
4550
4551 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
4552 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
4553 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
4554 /* reset context and report */
4555 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
4556 }
4557
4558 if (keys) {
4559 /*
4560 * If debug keys were used for pairing remove them.
4561 * No keys indicate no bonding so free keys storage.
4562 */
4563 if (!keys->keys || (!IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS) &&
4564 (keys->flags & BT_KEYS_DEBUG))) {
4565 bt_keys_clear(keys);
4566 }
4567 }
4568
4569 (void)memset(smp, 0, sizeof(*smp));
4570 }
4571
bt_smp_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)4572 static void bt_smp_encrypt_change(struct bt_l2cap_chan *chan,
4573 uint8_t hci_status)
4574 {
4575 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4576 struct bt_conn *conn = chan->conn;
4577
4578 LOG_DBG("chan %p conn %p handle %u encrypt 0x%02x hci status 0x%02x", chan, conn,
4579 conn->handle, conn->encrypt, hci_status);
4580
4581 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4582 /* We where not waiting for encryption procedure.
4583 * This happens when encrypt change is called to notify that
4584 * security has failed before starting encryption.
4585 */
4586 return;
4587 }
4588
4589 if (hci_status) {
4590 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4591 uint8_t smp_err = smp_err_get(
4592 bt_security_err_get(hci_status));
4593
4594 /* Fail as if it happened during key distribution */
4595 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4596 smp_pairing_complete(smp, smp_err);
4597 }
4598
4599 return;
4600 }
4601
4602 if (!conn->encrypt) {
4603 return;
4604 }
4605
4606 /* We were waiting for encryption but with no pairing in progress.
4607 * This can happen if paired peripheral sent Security Request and we
4608 * enabled encryption.
4609 */
4610 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4611 smp_reset(smp);
4612 return;
4613 }
4614
4615 /* derive BR/EDR LinkKey if supported by both sides */
4616 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
4617 if ((smp->local_dist & BT_SMP_DIST_LINK_KEY) &&
4618 (smp->remote_dist & BT_SMP_DIST_LINK_KEY)) {
4619 /*
4620 * Link Key will be derived after key distribution to
4621 * make sure remote device identity is known
4622 */
4623 atomic_set_bit(smp->flags, SMP_FLAG_DERIVE_LK);
4624 }
4625 /*
4626 * Those are used as pairing finished indicator so generated
4627 * but not distributed keys must be cleared here.
4628 */
4629 smp->local_dist &= ~BT_SMP_DIST_LINK_KEY;
4630 smp->remote_dist &= ~BT_SMP_DIST_LINK_KEY;
4631 }
4632
4633 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
4634 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
4635 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4636 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
4637 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4638 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
4639 }
4640
4641 /* This is the last point that is common for all code paths in the
4642 * pairing process (during which we still have the option to send
4643 * Pairing Failed). That makes it convenient to update the RL here. We
4644 * want to update the RL during the pairing process so that we can fail
4645 * it in case there is a conflict with an existing bond.
4646 *
4647 * We can do the update here only if the peer does not intend to send us
4648 * any identity information. In this case we already have everything
4649 * that goes into the RL.
4650 *
4651 * We need an entry in the RL despite the remote not using privacy. This
4652 * is because we are using privacy locally and need to associate correct
4653 * local IRK with the peer.
4654 *
4655 * If the peer does intend to send us identity information, we must wait
4656 * for that information to enter it in the RL. In that case, we call
4657 * `smp_id_add_replace` not here, but later. If neither we nor the peer
4658 * are using privacy, there is no need for an entry in the RL.
4659 */
4660 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4661 IS_ENABLED(CONFIG_BT_PRIVACY) &&
4662 !(smp->remote_dist & BT_SMP_DIST_ID_KEY)) {
4663 uint8_t smp_err;
4664
4665 smp_err = smp_id_add_replace(smp, conn->le.keys);
4666 if (smp_err) {
4667 smp_pairing_complete(smp, smp_err);
4668 }
4669 }
4670
4671 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4672
4673 /* Peripheral distributes it's keys first */
4674 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4675 conn->role == BT_HCI_ROLE_CENTRAL && smp->remote_dist) {
4676 return;
4677 }
4678
4679 if (IS_ENABLED(CONFIG_BT_TESTING)) {
4680 /* Avoid the HCI-USB race condition where HCI data and
4681 * HCI events can be re-ordered, and pairing information appears
4682 * to be sent unencrypted.
4683 */
4684 k_sleep(K_MSEC(100));
4685 }
4686
4687 if (bt_smp_distribute_keys(smp)) {
4688 return;
4689 }
4690
4691 /* if all keys were distributed, pairing is done */
4692 if (!smp->local_dist && !smp->remote_dist) {
4693 smp_pairing_complete(smp, 0);
4694 }
4695 }
4696
4697 #if defined(CONFIG_BT_SIGNING) || defined(CONFIG_BT_SMP_SELFTEST)
4698 /* Sign message using msg as a buffer, len is a size of the message,
4699 * msg buffer contains message itself, 32 bit count and signature,
4700 * so total buffer size is len + 4 + 8 octets.
4701 * API is Little Endian to make it suitable for Bluetooth.
4702 */
smp_sign_buf(const uint8_t * key,uint8_t * msg,uint16_t len)4703 static int smp_sign_buf(const uint8_t *key, uint8_t *msg, uint16_t len)
4704 {
4705 uint8_t *m = msg;
4706 uint32_t cnt = UNALIGNED_GET((uint32_t *)&msg[len]);
4707 uint8_t *sig = msg + len;
4708 uint8_t key_s[16], tmp[16];
4709 int err;
4710
4711 LOG_DBG("Signing msg %s len %u key %s", bt_hex(msg, len), len, bt_hex(key, 16));
4712
4713 sys_mem_swap(m, len + sizeof(cnt));
4714 sys_memcpy_swap(key_s, key, 16);
4715
4716 err = bt_crypto_aes_cmac(key_s, m, len + sizeof(cnt), tmp);
4717 if (err) {
4718 LOG_ERR("Data signing failed");
4719 return err;
4720 }
4721
4722 sys_mem_swap(tmp, sizeof(tmp));
4723 memcpy(tmp + 4, &cnt, sizeof(cnt));
4724
4725 /* Swap original message back */
4726 sys_mem_swap(m, len + sizeof(cnt));
4727
4728 memcpy(sig, tmp + 4, 12);
4729
4730 LOG_DBG("sig %s", bt_hex(sig, 12));
4731
4732 return 0;
4733 }
4734 #endif
4735
4736 #if defined(CONFIG_BT_SIGNING)
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4737 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4738 {
4739 struct bt_keys *keys;
4740 uint8_t sig[12];
4741 uint32_t cnt;
4742 int err;
4743
4744 /* Store signature incl. count */
4745 memcpy(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig));
4746
4747 keys = bt_keys_find(BT_KEYS_REMOTE_CSRK, conn->id, &conn->le.dst);
4748 if (!keys) {
4749 LOG_ERR("Unable to find Remote CSRK for %s", bt_addr_le_str(&conn->le.dst));
4750 return -ENOENT;
4751 }
4752
4753 /* Copy signing count */
4754 cnt = sys_cpu_to_le32(keys->remote_csrk.cnt);
4755 memcpy(net_buf_tail(buf) - sizeof(sig), &cnt, sizeof(cnt));
4756
4757 LOG_DBG("Sign data len %zu key %s count %u", buf->len - sizeof(sig),
4758 bt_hex(keys->remote_csrk.val, 16), keys->remote_csrk.cnt);
4759
4760 err = smp_sign_buf(keys->remote_csrk.val, buf->data,
4761 buf->len - sizeof(sig));
4762 if (err) {
4763 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
4764 return -EIO;
4765 }
4766
4767 if (memcmp(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig))) {
4768 LOG_ERR("Unable to verify signature for %s", bt_addr_le_str(&conn->le.dst));
4769 return -EBADMSG;
4770 }
4771
4772 keys->remote_csrk.cnt++;
4773
4774 return 0;
4775 }
4776
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4777 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4778 {
4779 struct bt_keys *keys;
4780 uint32_t cnt;
4781 int err;
4782
4783 keys = bt_keys_find(BT_KEYS_LOCAL_CSRK, conn->id, &conn->le.dst);
4784 if (!keys) {
4785 LOG_ERR("Unable to find local CSRK for %s", bt_addr_le_str(&conn->le.dst));
4786 return -ENOENT;
4787 }
4788
4789 /* Reserve space for data signature */
4790 net_buf_add(buf, 12);
4791
4792 /* Copy signing count */
4793 cnt = sys_cpu_to_le32(keys->local_csrk.cnt);
4794 memcpy(net_buf_tail(buf) - 12, &cnt, sizeof(cnt));
4795
4796 LOG_DBG("Sign data len %u key %s count %u", buf->len, bt_hex(keys->local_csrk.val, 16),
4797 keys->local_csrk.cnt);
4798
4799 err = smp_sign_buf(keys->local_csrk.val, buf->data, buf->len - 12);
4800 if (err) {
4801 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
4802 return -EIO;
4803 }
4804
4805 keys->local_csrk.cnt++;
4806
4807 return 0;
4808 }
4809 #else
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4810 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4811 {
4812 return -ENOTSUP;
4813 }
4814
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4815 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4816 {
4817 return -ENOTSUP;
4818 }
4819 #endif /* CONFIG_BT_SIGNING */
4820
smp_d1(const uint8_t * key,uint16_t d,uint16_t r,uint8_t res[16])4821 static int smp_d1(const uint8_t *key, uint16_t d, uint16_t r, uint8_t res[16])
4822 {
4823 int err;
4824
4825 LOG_DBG("key %s d %u r %u", bt_hex(key, 16), d, r);
4826
4827 sys_put_le16(d, &res[0]);
4828 sys_put_le16(r, &res[2]);
4829 memset(&res[4], 0, 16 - 4);
4830
4831 err = bt_encrypt_le(key, res, res);
4832 if (err) {
4833 return err;
4834 }
4835
4836 LOG_DBG("res %s", bt_hex(res, 16));
4837 return 0;
4838 }
4839
bt_smp_irk_get(uint8_t * ir,uint8_t * irk)4840 int bt_smp_irk_get(uint8_t *ir, uint8_t *irk)
4841 {
4842 uint8_t invalid_ir[16] = { 0 };
4843
4844 if (!memcmp(ir, invalid_ir, 16)) {
4845 return -EINVAL;
4846 }
4847
4848 return smp_d1(ir, 1, 0, irk);
4849 }
4850
4851 #if defined(CONFIG_BT_SMP_SELFTEST)
4852 /* Test vectors are taken from RFC 4493
4853 * https://tools.ietf.org/html/rfc4493
4854 * Same mentioned in the Bluetooth Spec.
4855 */
4856 static const uint8_t key[] = {
4857 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
4858 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
4859 };
4860
4861 static const uint8_t M[] = {
4862 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
4863 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
4864 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
4865 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
4866 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
4867 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
4868 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
4869 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
4870 };
4871
aes_test(const char * prefix,const uint8_t * key,const uint8_t * m,uint16_t len,const uint8_t * mac)4872 static int aes_test(const char *prefix, const uint8_t *key, const uint8_t *m,
4873 uint16_t len, const uint8_t *mac)
4874 {
4875 uint8_t out[16];
4876
4877 LOG_DBG("%s: AES CMAC of message with len %u", prefix, len);
4878
4879 bt_crypto_aes_cmac(key, m, len, out);
4880 if (!memcmp(out, mac, 16)) {
4881 LOG_DBG("%s: Success", prefix);
4882 } else {
4883 LOG_ERR("%s: Failed", prefix);
4884 return -1;
4885 }
4886
4887 return 0;
4888 }
4889
smp_aes_cmac_test(void)4890 static int smp_aes_cmac_test(void)
4891 {
4892 uint8_t mac1[] = {
4893 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
4894 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
4895 };
4896 uint8_t mac2[] = {
4897 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
4898 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
4899 };
4900 uint8_t mac3[] = {
4901 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
4902 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
4903 };
4904 uint8_t mac4[] = {
4905 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
4906 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
4907 };
4908 int err;
4909
4910 err = aes_test("Test aes-cmac0", key, M, 0, mac1);
4911 if (err) {
4912 return err;
4913 }
4914
4915 err = aes_test("Test aes-cmac16", key, M, 16, mac2);
4916 if (err) {
4917 return err;
4918 }
4919
4920 err = aes_test("Test aes-cmac40", key, M, 40, mac3);
4921 if (err) {
4922 return err;
4923 }
4924
4925 err = aes_test("Test aes-cmac64", key, M, 64, mac4);
4926 if (err) {
4927 return err;
4928 }
4929
4930 return 0;
4931 }
4932
sign_test(const char * prefix,const uint8_t * key,const uint8_t * m,uint16_t len,const uint8_t * sig)4933 static int sign_test(const char *prefix, const uint8_t *key, const uint8_t *m,
4934 uint16_t len, const uint8_t *sig)
4935 {
4936 uint8_t msg[len + sizeof(uint32_t) + 8];
4937 uint8_t orig[len + sizeof(uint32_t) + 8];
4938 uint8_t *out = msg + len;
4939 int err;
4940
4941 LOG_DBG("%s: Sign message with len %u", prefix, len);
4942
4943 (void)memset(msg, 0, sizeof(msg));
4944 memcpy(msg, m, len);
4945 (void)memset(msg + len, 0, sizeof(uint32_t));
4946
4947 memcpy(orig, msg, sizeof(msg));
4948
4949 err = smp_sign_buf(key, msg, len);
4950 if (err) {
4951 return err;
4952 }
4953
4954 /* Check original message */
4955 if (!memcmp(msg, orig, len + sizeof(uint32_t))) {
4956 LOG_DBG("%s: Original message intact", prefix);
4957 } else {
4958 LOG_ERR("%s: Original message modified", prefix);
4959 LOG_DBG("%s: orig %s", prefix, bt_hex(orig, sizeof(orig)));
4960 LOG_DBG("%s: msg %s", prefix, bt_hex(msg, sizeof(msg)));
4961 return -1;
4962 }
4963
4964 if (!memcmp(out, sig, 12)) {
4965 LOG_DBG("%s: Success", prefix);
4966 } else {
4967 LOG_ERR("%s: Failed", prefix);
4968 return -1;
4969 }
4970
4971 return 0;
4972 }
4973
smp_sign_test(void)4974 static int smp_sign_test(void)
4975 {
4976 const uint8_t sig1[] = {
4977 0x00, 0x00, 0x00, 0x00, 0xb3, 0xa8, 0x59, 0x41,
4978 0x27, 0xeb, 0xc2, 0xc0
4979 };
4980 const uint8_t sig2[] = {
4981 0x00, 0x00, 0x00, 0x00, 0x27, 0x39, 0x74, 0xf4,
4982 0x39, 0x2a, 0x23, 0x2a
4983 };
4984 const uint8_t sig3[] = {
4985 0x00, 0x00, 0x00, 0x00, 0xb7, 0xca, 0x94, 0xab,
4986 0x87, 0xc7, 0x82, 0x18
4987 };
4988 const uint8_t sig4[] = {
4989 0x00, 0x00, 0x00, 0x00, 0x44, 0xe1, 0xe6, 0xce,
4990 0x1d, 0xf5, 0x13, 0x68
4991 };
4992 uint8_t key_s[16];
4993 int err;
4994
4995 /* Use the same key as aes-cmac but swap bytes */
4996 sys_memcpy_swap(key_s, key, 16);
4997
4998 err = sign_test("Test sign0", key_s, M, 0, sig1);
4999 if (err) {
5000 return err;
5001 }
5002
5003 err = sign_test("Test sign16", key_s, M, 16, sig2);
5004 if (err) {
5005 return err;
5006 }
5007
5008 err = sign_test("Test sign40", key_s, M, 40, sig3);
5009 if (err) {
5010 return err;
5011 }
5012
5013 err = sign_test("Test sign64", key_s, M, 64, sig4);
5014 if (err) {
5015 return err;
5016 }
5017
5018 return 0;
5019 }
5020
smp_f4_test(void)5021 static int smp_f4_test(void)
5022 {
5023 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5024 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5025 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5026 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5027 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5028 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5029 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5030 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5031 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5032 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5033 uint8_t z = 0x00;
5034 uint8_t exp[16] = { 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
5035 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
5036 uint8_t res[16];
5037 int err;
5038
5039 err = bt_crypto_f4(u, v, x, z, res);
5040 if (err) {
5041 return err;
5042 }
5043
5044 if (memcmp(res, exp, 16)) {
5045 return -EINVAL;
5046 }
5047
5048 return 0;
5049 }
5050
smp_f5_test(void)5051 static int smp_f5_test(void)
5052 {
5053 uint8_t w[32] = { 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
5054 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
5055 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5056 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5057 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5058 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5059 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5060 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5061 bt_addr_le_t a1 = { .type = 0x00,
5062 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5063 bt_addr_le_t a2 = { .type = 0x00,
5064 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5065 uint8_t exp_ltk[16] = { 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05,
5066 0x98, 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79,
5067 0x86, 0x69 };
5068 uint8_t exp_mackey[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f,
5069 0xfd, 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1,
5070 0x65, 0x29 };
5071 uint8_t mackey[16], ltk[16];
5072 int err;
5073
5074 err = bt_crypto_f5(w, n1, n2, &a1, &a2, mackey, ltk);
5075 if (err) {
5076 return err;
5077 }
5078
5079 if (memcmp(mackey, exp_mackey, 16) || memcmp(ltk, exp_ltk, 16)) {
5080 return -EINVAL;
5081 }
5082
5083 return 0;
5084 }
5085
smp_f6_test(void)5086 static int smp_f6_test(void)
5087 {
5088 uint8_t w[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
5089 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
5090 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5091 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5092 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5093 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5094 uint8_t r[16] = { 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
5095 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
5096 uint8_t io_cap[3] = { 0x02, 0x01, 0x01 };
5097 bt_addr_le_t a1 = { .type = 0x00,
5098 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5099 bt_addr_le_t a2 = { .type = 0x00,
5100 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5101 uint8_t exp[16] = { 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
5102 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
5103 uint8_t res[16];
5104 int err;
5105
5106 err = bt_crypto_f6(w, n1, n2, r, io_cap, &a1, &a2, res);
5107 if (err)
5108 return err;
5109
5110 if (memcmp(res, exp, 16))
5111 return -EINVAL;
5112
5113 return 0;
5114 }
5115
smp_g2_test(void)5116 static int smp_g2_test(void)
5117 {
5118 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5122 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5123 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5124 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5125 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5126 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5127 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5128 uint8_t y[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5129 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5130 uint32_t exp_val = 0x2f9ed5ba % 1000000;
5131 uint32_t val;
5132 int err;
5133
5134 err = bt_crypto_g2(u, v, x, y, &val);
5135 if (err) {
5136 return err;
5137 }
5138
5139 if (val != exp_val) {
5140 return -EINVAL;
5141 }
5142
5143 return 0;
5144 }
5145
5146 #if defined(CONFIG_BT_BREDR)
smp_h6_test(void)5147 static int smp_h6_test(void)
5148 {
5149 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5150 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5151 uint8_t key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
5152 uint8_t exp_res[16] = { 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
5153 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d};
5154 uint8_t res[16];
5155 int err;
5156
5157 err = bt_crypto_h6(w, key_id, res);
5158 if (err) {
5159 return err;
5160 }
5161
5162 if (memcmp(res, exp_res, 16)) {
5163 return -EINVAL;
5164 }
5165
5166 return 0;
5167 }
5168
smp_h7_test(void)5169 static int smp_h7_test(void)
5170 {
5171 uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74, 0x00, 0x00, 0x00, 0x00,
5172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
5173 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5174 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5175 uint8_t exp_res[16] = { 0x11, 0x70, 0xa5, 0x75, 0x2a, 0x8c, 0x99, 0xd2,
5176 0xec, 0xc0, 0xa3, 0xc6, 0x97, 0x35, 0x17, 0xfb};
5177 uint8_t res[16];
5178 int err;
5179
5180 err = bt_crypto_h7(salt, w, res);
5181 if (err) {
5182 return err;
5183 }
5184
5185 if (memcmp(res, exp_res, 16)) {
5186 return -EINVAL;
5187 }
5188
5189 return 0;
5190 }
5191 #endif /* CONFIG_BT_BREDR */
5192
smp_h8_test(void)5193 static int smp_h8_test(void)
5194 {
5195 uint8_t k[16] = {0xec, 0x02, 0x34, 0xa3, 0x57, 0xc8, 0xad, 0x05,
5196 0x34, 0x10, 0x10, 0xa6, 0x0a, 0x39, 0x7d, 0x9b};
5197 uint8_t s[16] = {0x15, 0x36, 0xd1, 0x8d, 0xe3, 0xd2, 0x0d, 0xf9,
5198 0x9b, 0x70, 0x44, 0xc1, 0x2f, 0x9e, 0xd5, 0xba};
5199 uint8_t key_id[4] = {0xcc, 0x03, 0x01, 0x48};
5200
5201 uint8_t exp_res[16] = {0xe5, 0xe5, 0xbe, 0xba, 0xae, 0x72, 0x28, 0xe7,
5202 0x22, 0xa3, 0x89, 0x04, 0xed, 0x35, 0x0f, 0x6d};
5203 uint8_t res[16];
5204 int err;
5205
5206 err = bt_crypto_h8(k, s, key_id, res);
5207 if (err) {
5208 return err;
5209 }
5210
5211 if (memcmp(res, exp_res, 16)) {
5212 return -EINVAL;
5213 }
5214
5215 return 0;
5216 }
5217
smp_self_test(void)5218 static int smp_self_test(void)
5219 {
5220 int err;
5221
5222 err = smp_aes_cmac_test();
5223 if (err) {
5224 LOG_ERR("SMP AES-CMAC self tests failed");
5225 return err;
5226 }
5227
5228 err = smp_sign_test();
5229 if (err) {
5230 LOG_ERR("SMP signing self tests failed");
5231 return err;
5232 }
5233
5234 err = smp_f4_test();
5235 if (err) {
5236 LOG_ERR("SMP f4 self test failed");
5237 return err;
5238 }
5239
5240 err = smp_f5_test();
5241 if (err) {
5242 LOG_ERR("SMP f5 self test failed");
5243 return err;
5244 }
5245
5246 err = smp_f6_test();
5247 if (err) {
5248 LOG_ERR("SMP f6 self test failed");
5249 return err;
5250 }
5251
5252 err = smp_g2_test();
5253 if (err) {
5254 LOG_ERR("SMP g2 self test failed");
5255 return err;
5256 }
5257
5258 #if defined(CONFIG_BT_BREDR)
5259 err = smp_h6_test();
5260 if (err) {
5261 LOG_ERR("SMP h6 self test failed");
5262 return err;
5263 }
5264
5265 err = smp_h7_test();
5266 if (err) {
5267 LOG_ERR("SMP h7 self test failed");
5268 return err;
5269 }
5270 #endif /* CONFIG_BT_BREDR */
5271 err = smp_h8_test();
5272 if (err) {
5273 LOG_ERR("SMP h8 self test failed");
5274 return err;
5275 }
5276
5277 return 0;
5278 }
5279 #else
smp_self_test(void)5280 static inline int smp_self_test(void)
5281 {
5282 return 0;
5283 }
5284 #endif
5285
bt_smp_auth_cb_overlay(struct bt_conn * conn,const struct bt_conn_auth_cb * cb)5286 int bt_smp_auth_cb_overlay(struct bt_conn *conn, const struct bt_conn_auth_cb *cb)
5287 {
5288 struct bt_smp *smp;
5289
5290 smp = smp_chan_get(conn);
5291 if (!smp) {
5292 return -EINVAL;
5293 }
5294
5295 if (atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED, (atomic_ptr_val_t)cb)) {
5296 return 0;
5297 } else {
5298 return -EALREADY;
5299 }
5300 }
5301
5302 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_send_keypress_notif(struct bt_smp * smp,uint8_t type)5303 static int smp_send_keypress_notif(struct bt_smp *smp, uint8_t type)
5304 {
5305 struct bt_smp_keypress_notif *req;
5306 struct net_buf *buf;
5307
5308 buf = smp_create_pdu(smp, BT_SMP_KEYPRESS_NOTIFICATION, sizeof(*req));
5309 if (!buf) {
5310 return -ENOMEM;
5311 }
5312
5313 req = net_buf_add(buf, sizeof(*req));
5314 req->type = type;
5315
5316 smp_send(smp, buf, NULL, NULL);
5317
5318 return 0;
5319 }
5320 #endif
5321
5322 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
bt_smp_auth_keypress_notify(struct bt_conn * conn,enum bt_conn_auth_keypress type)5323 int bt_smp_auth_keypress_notify(struct bt_conn *conn, enum bt_conn_auth_keypress type)
5324 {
5325 struct bt_smp *smp;
5326
5327 smp = smp_chan_get(conn);
5328 if (!smp) {
5329 return -EINVAL;
5330 }
5331
5332 CHECKIF(!IN_RANGE(type,
5333 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
5334 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
5335 LOG_ERR("Refusing to send unknown event type %u", type);
5336 return -EINVAL;
5337 }
5338
5339 if (smp->method != PASSKEY_INPUT ||
5340 !atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
5341 LOG_ERR("Refusing to send keypress: Not waiting for passkey input.");
5342 return -EINVAL;
5343 }
5344
5345 return smp_send_keypress_notif(smp, type);
5346 }
5347 #endif
5348
bt_smp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)5349 int bt_smp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
5350 {
5351 struct bt_smp *smp;
5352 uint8_t err;
5353
5354 smp = smp_chan_get(conn);
5355 if (!smp) {
5356 return -EINVAL;
5357 }
5358
5359 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5360 return -EINVAL;
5361 }
5362
5363 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
5364 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5365 legacy_passkey_entry(smp, passkey);
5366 return 0;
5367 }
5368 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5369
5370 smp->passkey = sys_cpu_to_le32(passkey);
5371
5372 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5373 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5374 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
5375 err = smp_send_pairing_confirm(smp);
5376 if (err) {
5377 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5378 return 0;
5379 }
5380 return 0;
5381 }
5382
5383 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
5384 atomic_test_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
5385 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5386 err = smp_send_pairing_confirm(smp);
5387 if (err) {
5388 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5389 return 0;
5390 }
5391 }
5392
5393 return 0;
5394 }
5395
bt_smp_auth_passkey_confirm(struct bt_conn * conn)5396 int bt_smp_auth_passkey_confirm(struct bt_conn *conn)
5397 {
5398 struct bt_smp *smp;
5399
5400 smp = smp_chan_get(conn);
5401 if (!smp) {
5402 return -EINVAL;
5403 }
5404
5405 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5406 return -EINVAL;
5407 }
5408
5409 /* wait for DHKey being generated */
5410 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
5411 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5412 return 0;
5413 }
5414
5415 /* wait for remote DHKey Check */
5416 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
5417 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5418 return 0;
5419 }
5420
5421 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
5422 uint8_t err;
5423
5424 #if defined(CONFIG_BT_CENTRAL)
5425 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5426 err = compute_and_send_central_dhcheck(smp);
5427 if (err) {
5428 smp_error(smp, err);
5429 }
5430 return 0;
5431 }
5432 #endif /* CONFIG_BT_CENTRAL */
5433
5434 #if defined(CONFIG_BT_PERIPHERAL)
5435 err = compute_and_check_and_send_periph_dhcheck(smp);
5436 if (err) {
5437 smp_error(smp, err);
5438 }
5439 #endif /* CONFIG_BT_PERIPHERAL */
5440 }
5441
5442 return 0;
5443 }
5444
5445 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_le_oob_set_tk(struct bt_conn * conn,const uint8_t * tk)5446 int bt_smp_le_oob_set_tk(struct bt_conn *conn, const uint8_t *tk)
5447 {
5448 struct bt_smp *smp;
5449
5450 smp = smp_chan_get(conn);
5451 if (!smp || !tk) {
5452 return -EINVAL;
5453 }
5454
5455 LOG_DBG("%s", bt_hex(tk, 16));
5456
5457 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5458 return -EINVAL;
5459 }
5460
5461 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5462 uint8_t oob[16];
5463
5464 sys_memcpy_swap(oob, tk, 16);
5465 LOG_INF("Legacy OOB data 0x%s", bt_hex(oob, 16));
5466 }
5467
5468 memcpy(smp->tk, tk, 16*sizeof(uint8_t));
5469
5470 legacy_user_tk_entry(smp);
5471
5472 return 0;
5473 }
5474 #endif /* !defined(CONFIG_BT_SMP_SC_PAIR_ONLY) */
5475
bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data * le_sc_oob)5476 int bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data *le_sc_oob)
5477 {
5478 int err;
5479
5480 if (!le_sc_supported()) {
5481 return -ENOTSUP;
5482 }
5483
5484 if (!sc_public_key) {
5485 err = k_sem_take(&sc_local_pkey_ready, K_FOREVER);
5486 if (err) {
5487 return err;
5488 }
5489 }
5490
5491 if (IS_ENABLED(CONFIG_BT_OOB_DATA_FIXED)) {
5492 uint8_t rand_num[] = {
5493 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5494 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5495 };
5496
5497 memcpy(le_sc_oob->r, rand_num, sizeof(le_sc_oob->r));
5498 } else {
5499 err = bt_rand(le_sc_oob->r, 16);
5500 if (err) {
5501 return err;
5502 }
5503 }
5504
5505 err = bt_crypto_f4(sc_public_key, sc_public_key, le_sc_oob->r, 0,
5506 le_sc_oob->c);
5507 if (err) {
5508 return err;
5509 }
5510
5511 return 0;
5512 }
5513
5514 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
le_sc_oob_data_check(struct bt_smp * smp,bool oobd_local_present,bool oobd_remote_present)5515 static bool le_sc_oob_data_check(struct bt_smp *smp, bool oobd_local_present,
5516 bool oobd_remote_present)
5517 {
5518 bool req_oob_present = le_sc_oob_data_req_check(smp);
5519 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
5520
5521 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5522 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5523 if ((req_oob_present != oobd_remote_present) &&
5524 (rsp_oob_present != oobd_local_present)) {
5525 return false;
5526 }
5527 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5528 if ((req_oob_present != oobd_local_present) &&
5529 (rsp_oob_present != oobd_remote_present)) {
5530 return false;
5531 }
5532 }
5533
5534 return true;
5535 }
5536
le_sc_oob_pairing_continue(struct bt_smp * smp)5537 static int le_sc_oob_pairing_continue(struct bt_smp *smp)
5538 {
5539 if (smp->oobd_remote) {
5540 int err;
5541 uint8_t c[16];
5542
5543 err = bt_crypto_f4(smp->pkey, smp->pkey, smp->oobd_remote->r, 0, c);
5544 if (err) {
5545 return err;
5546 }
5547
5548 bool match = (memcmp(c, smp->oobd_remote->c, sizeof(c)) == 0);
5549
5550 if (!match) {
5551 smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5552 return 0;
5553 }
5554 }
5555
5556 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5557 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5558 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5559 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5560 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
5561 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
5562 }
5563
5564 return smp_send_pairing_random(smp);
5565 }
5566
bt_smp_le_oob_set_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data * oobd_local,const struct bt_le_oob_sc_data * oobd_remote)5567 int bt_smp_le_oob_set_sc_data(struct bt_conn *conn,
5568 const struct bt_le_oob_sc_data *oobd_local,
5569 const struct bt_le_oob_sc_data *oobd_remote)
5570 {
5571 struct bt_smp *smp;
5572
5573 smp = smp_chan_get(conn);
5574 if (!smp) {
5575 return -EINVAL;
5576 }
5577
5578 if (!le_sc_oob_data_check(smp, (oobd_local != NULL),
5579 (oobd_remote != NULL))) {
5580 return -EINVAL;
5581 }
5582
5583 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_OOB_PENDING)) {
5584 return -EINVAL;
5585 }
5586
5587 smp->oobd_local = oobd_local;
5588 smp->oobd_remote = oobd_remote;
5589
5590 return le_sc_oob_pairing_continue(smp);
5591 }
5592
bt_smp_le_oob_get_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data ** oobd_local,const struct bt_le_oob_sc_data ** oobd_remote)5593 int bt_smp_le_oob_get_sc_data(struct bt_conn *conn,
5594 const struct bt_le_oob_sc_data **oobd_local,
5595 const struct bt_le_oob_sc_data **oobd_remote)
5596 {
5597 struct bt_smp *smp;
5598
5599 smp = smp_chan_get(conn);
5600 if (!smp) {
5601 return -EINVAL;
5602 }
5603
5604 if (!smp->oobd_local && !smp->oobd_remote) {
5605 return -ESRCH;
5606 }
5607
5608 if (oobd_local) {
5609 *oobd_local = smp->oobd_local;
5610 }
5611
5612 if (oobd_remote) {
5613 *oobd_remote = smp->oobd_remote;
5614 }
5615
5616 return 0;
5617 }
5618 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
5619
bt_smp_auth_cancel(struct bt_conn * conn)5620 int bt_smp_auth_cancel(struct bt_conn *conn)
5621 {
5622 struct bt_smp *smp;
5623
5624 smp = smp_chan_get(conn);
5625 if (!smp) {
5626 return -EINVAL;
5627 }
5628
5629 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5630 return -EINVAL;
5631 }
5632
5633 LOG_DBG("");
5634
5635 switch (smp->method) {
5636 case PASSKEY_INPUT:
5637 case PASSKEY_DISPLAY:
5638 return smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5639 case PASSKEY_CONFIRM:
5640 return smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5641 case LE_SC_OOB:
5642 case LEGACY_OOB:
5643 return smp_error(smp, BT_SMP_ERR_OOB_NOT_AVAIL);
5644 case JUST_WORKS:
5645 return smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5646 default:
5647 LOG_ERR("Unknown pairing method (%u)", smp->method);
5648 return 0;
5649 }
5650 }
5651
5652 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5653 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5654 {
5655 struct bt_smp *smp;
5656
5657 smp = smp_chan_get(conn);
5658 if (!smp) {
5659 return -EINVAL;
5660 }
5661
5662 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5663 return -EINVAL;
5664 }
5665
5666 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5667 conn->role == BT_CONN_ROLE_CENTRAL) {
5668 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5669 atomic_set_bit(smp->allowed_cmds,
5670 BT_SMP_CMD_PAIRING_CONFIRM);
5671 return legacy_send_pairing_confirm(smp);
5672 }
5673
5674 if (!sc_public_key) {
5675 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
5676 return 0;
5677 }
5678
5679 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5680 return sc_send_public_key(smp);
5681 }
5682
5683 #if defined(CONFIG_BT_PERIPHERAL)
5684 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5685 atomic_set_bit(smp->allowed_cmds,
5686 BT_SMP_CMD_PAIRING_CONFIRM);
5687 return send_pairing_rsp(smp);
5688 }
5689
5690 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5691 if (send_pairing_rsp(smp)) {
5692 return -EIO;
5693 }
5694 #endif /* CONFIG_BT_PERIPHERAL */
5695
5696 return 0;
5697 }
5698 #else
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5699 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5700 {
5701 /* confirm_pairing will never be called in LE SC only mode */
5702 return -EINVAL;
5703 }
5704 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5705
5706 #if defined(CONFIG_BT_FIXED_PASSKEY)
bt_passkey_set(unsigned int passkey)5707 int bt_passkey_set(unsigned int passkey)
5708 {
5709 if (passkey == BT_PASSKEY_INVALID) {
5710 fixed_passkey = BT_PASSKEY_INVALID;
5711 return 0;
5712 }
5713
5714 if (passkey > 999999) {
5715 return -EINVAL;
5716 }
5717
5718 fixed_passkey = passkey;
5719 return 0;
5720 }
5721 #endif /* CONFIG_BT_FIXED_PASSKEY */
5722
bt_smp_start_security(struct bt_conn * conn)5723 int bt_smp_start_security(struct bt_conn *conn)
5724 {
5725 switch (conn->role) {
5726 #if defined(CONFIG_BT_CENTRAL)
5727 case BT_HCI_ROLE_CENTRAL:
5728 {
5729 int err;
5730 struct bt_smp *smp;
5731
5732 smp = smp_chan_get(conn);
5733 if (!smp) {
5734 return -ENOTCONN;
5735 }
5736
5737 /* pairing is in progress */
5738 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5739 return -EBUSY;
5740 }
5741
5742 /* Encryption is in progress */
5743 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
5744 return -EBUSY;
5745 }
5746
5747 if (!smp_keys_check(conn)) {
5748 return smp_send_pairing_req(conn);
5749 }
5750
5751 /* LE SC LTK and legacy central LTK are stored in same place */
5752 err = bt_conn_le_start_encryption(conn,
5753 conn->le.keys->ltk.rand,
5754 conn->le.keys->ltk.ediv,
5755 conn->le.keys->ltk.val,
5756 conn->le.keys->enc_size);
5757 if (err) {
5758 return err;
5759 }
5760
5761 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
5762 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
5763 return 0;
5764 }
5765 #endif /* CONFIG_BT_CENTRAL && CONFIG_BT_SMP */
5766 #if defined(CONFIG_BT_PERIPHERAL)
5767 case BT_HCI_ROLE_PERIPHERAL:
5768 return smp_send_security_req(conn);
5769 #endif /* CONFIG_BT_PERIPHERAL && CONFIG_BT_SMP */
5770 default:
5771 return -EINVAL;
5772 }
5773 }
5774
bt_smp_update_keys(struct bt_conn * conn)5775 void bt_smp_update_keys(struct bt_conn *conn)
5776 {
5777 struct bt_smp *smp;
5778
5779 smp = smp_chan_get(conn);
5780 if (!smp) {
5781 return;
5782 }
5783
5784 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5785 return;
5786 }
5787
5788 /*
5789 * If link was successfully encrypted cleanup old keys as from now on
5790 * only keys distributed in this pairing or LTK from LE SC will be used.
5791 */
5792 if (conn->le.keys) {
5793 bt_keys_clear(conn->le.keys);
5794 }
5795
5796 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
5797 if (!conn->le.keys) {
5798 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
5799 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5800 return;
5801 }
5802
5803 /* mark keys as debug */
5804 if (atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY)) {
5805 conn->le.keys->flags |= BT_KEYS_DEBUG;
5806 }
5807
5808 /*
5809 * store key type deducted from pairing method used
5810 * it is important to store it since type is used to determine
5811 * security level upon encryption
5812 */
5813 switch (smp->method) {
5814 case LE_SC_OOB:
5815 case LEGACY_OOB:
5816 conn->le.keys->flags |= BT_KEYS_OOB;
5817 /* fallthrough */
5818 case PASSKEY_DISPLAY:
5819 case PASSKEY_INPUT:
5820 case PASSKEY_CONFIRM:
5821 conn->le.keys->flags |= BT_KEYS_AUTHENTICATED;
5822 break;
5823 case JUST_WORKS:
5824 default:
5825 /* unauthenticated key, clear it */
5826 conn->le.keys->flags &= ~BT_KEYS_OOB;
5827 conn->le.keys->flags &= ~BT_KEYS_AUTHENTICATED;
5828 break;
5829 }
5830
5831 conn->le.keys->enc_size = get_encryption_key_size(smp);
5832
5833 /*
5834 * Store LTK if LE SC is used, this is safe since LE SC is mutually
5835 * exclusive with legacy pairing. Other keys are added on keys
5836 * distribution.
5837 */
5838 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5839 conn->le.keys->flags |= BT_KEYS_SC;
5840
5841 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
5842 bt_keys_add_type(conn->le.keys, BT_KEYS_LTK_P256);
5843 memcpy(conn->le.keys->ltk.val, smp->tk,
5844 sizeof(conn->le.keys->ltk.val));
5845 (void)memset(conn->le.keys->ltk.rand, 0,
5846 sizeof(conn->le.keys->ltk.rand));
5847 (void)memset(conn->le.keys->ltk.ediv, 0,
5848 sizeof(conn->le.keys->ltk.ediv));
5849 } else if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5850 uint8_t ltk[16];
5851
5852 sys_memcpy_swap(ltk, smp->tk, conn->le.keys->enc_size);
5853 LOG_INF("SC LTK: 0x%s (No bonding)", bt_hex(ltk, conn->le.keys->enc_size));
5854 }
5855 } else {
5856 conn->le.keys->flags &= ~BT_KEYS_SC;
5857 }
5858 }
5859
bt_smp_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)5860 static int bt_smp_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
5861 {
5862 int i;
5863 static const struct bt_l2cap_chan_ops ops = {
5864 .connected = bt_smp_connected,
5865 .disconnected = bt_smp_disconnected,
5866 .encrypt_change = bt_smp_encrypt_change,
5867 .recv = bt_smp_recv,
5868 };
5869
5870 LOG_DBG("conn %p handle %u", conn, conn->handle);
5871
5872 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
5873 struct bt_smp *smp = &bt_smp_pool[i];
5874
5875 if (smp->chan.chan.conn) {
5876 continue;
5877 }
5878
5879 smp->chan.chan.ops = &ops;
5880
5881 *chan = &smp->chan.chan;
5882
5883 return 0;
5884 }
5885
5886 LOG_ERR("No available SMP context for conn %p", conn);
5887
5888 return -ENOMEM;
5889 }
5890
5891 BT_L2CAP_CHANNEL_DEFINE(smp_fixed_chan, BT_L2CAP_CID_SMP, bt_smp_accept, NULL);
5892 #if defined(CONFIG_BT_BREDR)
5893 BT_L2CAP_CHANNEL_DEFINE(smp_br_fixed_chan, BT_L2CAP_CID_BR_SMP,
5894 bt_smp_br_accept, NULL);
5895 #endif /* CONFIG_BT_BREDR */
5896
bt_smp_init(void)5897 int bt_smp_init(void)
5898 {
5899 static struct bt_pub_key_cb pub_key_cb = {
5900 .func = bt_smp_pkey_ready,
5901 };
5902
5903 sc_supported = le_sc_supported();
5904 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) && !sc_supported) {
5905 LOG_ERR("SC Pair Only Mode selected but LE SC not supported");
5906 return -ENOENT;
5907 }
5908
5909 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
5910 LOG_WRN("BT_SMP_USB_HCI_CTLR_WORKAROUND is enabled, which "
5911 "exposes a security vulnerability!");
5912 }
5913
5914 LOG_DBG("LE SC %s", sc_supported ? "enabled" : "disabled");
5915
5916 if (!IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
5917 bt_pub_key_gen(&pub_key_cb);
5918 }
5919
5920 return smp_self_test();
5921 }
5922
