1 /**
2 * @file smp.c
3 * Security Manager Protocol implementation
4 */
5
6 /*
7 * Copyright (c) 2017 Nordic Semiconductor ASA
8 * Copyright (c) 2015-2016 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <zephyr.h>
14 #include <stddef.h>
15 #include <errno.h>
16 #include <string.h>
17 #include <sys/atomic.h>
18 #include <sys/util.h>
19 #include <sys/byteorder.h>
20 #include <debug/stack.h>
21
22 #include <net/buf.h>
23 #include <bluetooth/hci.h>
24 #include <bluetooth/bluetooth.h>
25 #include <bluetooth/conn.h>
26 #include <bluetooth/buf.h>
27
28 #include <tinycrypt/constants.h>
29 #include <tinycrypt/aes.h>
30 #include <tinycrypt/utils.h>
31 #include <tinycrypt/cmac_mode.h>
32
33 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_SMP)
34 #define LOG_MODULE_NAME bt_smp
35 #include "common/log.h"
36
37 #include "hci_core.h"
38 #include "ecc.h"
39 #include "keys.h"
40 #include "conn_internal.h"
41 #include "l2cap_internal.h"
42 #include "smp.h"
43
44 #define SMP_TIMEOUT K_SECONDS(30)
45
46 #if defined(CONFIG_BT_SIGNING)
47 #define SIGN_DIST BT_SMP_DIST_SIGN
48 #else
49 #define SIGN_DIST 0
50 #endif
51
52 #if defined(CONFIG_BT_PRIVACY)
53 #define ID_DIST BT_SMP_DIST_ID_KEY
54 #else
55 #define ID_DIST 0
56 #endif
57
58 #if defined(CONFIG_BT_BREDR)
59 #define LINK_DIST BT_SMP_DIST_LINK_KEY
60 #else
61 #define LINK_DIST 0
62 #endif
63
64 #define RECV_KEYS (BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_ID_KEY | SIGN_DIST |\
65 LINK_DIST)
66 #define SEND_KEYS (BT_SMP_DIST_ENC_KEY | ID_DIST | SIGN_DIST | LINK_DIST)
67
68 #define RECV_KEYS_SC (RECV_KEYS & ~(BT_SMP_DIST_ENC_KEY))
69 #define SEND_KEYS_SC (SEND_KEYS & ~(BT_SMP_DIST_ENC_KEY))
70
71 #define BR_RECV_KEYS_SC (RECV_KEYS & ~(LINK_DIST))
72 #define BR_SEND_KEYS_SC (SEND_KEYS & ~(LINK_DIST))
73
74 #define BT_SMP_AUTH_MASK 0x07
75
76 #if defined(CONFIG_BT_BONDABLE)
77 #define BT_SMP_AUTH_BONDING_FLAGS BT_SMP_AUTH_BONDING
78 #else
79 #define BT_SMP_AUTH_BONDING_FLAGS 0
80 #endif /* CONFIG_BT_BONDABLE */
81
82 #if defined(CONFIG_BT_BREDR)
83
84 #define BT_SMP_AUTH_MASK_SC 0x2f
85 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
86 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2)
87 #else
88 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2 |\
89 BT_SMP_AUTH_SC)
90 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
91
92 #else
93
94 #define BT_SMP_AUTH_MASK_SC 0x0f
95 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
96 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS)
97 #else
98 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_SC)
99 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
100
101 #endif /* CONFIG_BT_BREDR */
102
103 enum pairing_method {
104 JUST_WORKS, /* JustWorks pairing */
105 PASSKEY_INPUT, /* Passkey Entry input */
106 PASSKEY_DISPLAY, /* Passkey Entry display */
107 PASSKEY_CONFIRM, /* Passkey confirm */
108 PASSKEY_ROLE, /* Passkey Entry depends on role */
109 LE_SC_OOB, /* LESC Out of Band */
110 LEGACY_OOB, /* Legacy Out of Band */
111 };
112
113 enum {
114 SMP_FLAG_CFM_DELAYED, /* if confirm should be send when TK is valid */
115 SMP_FLAG_ENC_PENDING, /* if waiting for an encryption change event */
116 SMP_FLAG_KEYS_DISTR, /* if keys distribution phase is in progress */
117 SMP_FLAG_PAIRING, /* if pairing is in progress */
118 SMP_FLAG_TIMEOUT, /* if SMP timeout occurred */
119 SMP_FLAG_SC, /* if LE Secure Connections is used */
120 SMP_FLAG_PKEY_SEND, /* if should send Public Key when available */
121 SMP_FLAG_DHKEY_PENDING, /* if waiting for local DHKey */
122 SMP_FLAG_DHKEY_GEN, /* if generating DHKey */
123 SMP_FLAG_DHKEY_SEND, /* if should generate and send DHKey Check */
124 SMP_FLAG_USER, /* if waiting for user input */
125 SMP_FLAG_DISPLAY, /* if display_passkey() callback was called */
126 SMP_FLAG_OOB_PENDING, /* if waiting for OOB data */
127 SMP_FLAG_BOND, /* if bonding */
128 SMP_FLAG_SC_DEBUG_KEY, /* if Secure Connection are using debug key */
129 SMP_FLAG_SEC_REQ, /* if Security Request was sent/received */
130 SMP_FLAG_DHCHECK_WAIT, /* if waiting for remote DHCheck (as periph) */
131 SMP_FLAG_DERIVE_LK, /* if Link Key should be derived */
132 SMP_FLAG_BR_CONNECTED, /* if BR/EDR channel is connected */
133 SMP_FLAG_BR_PAIR, /* if should start BR/EDR pairing */
134 SMP_FLAG_CT2, /* if should use H7 for keys derivation */
135
136 /* Total number of flags - must be at the end */
137 SMP_NUM_FLAGS,
138 };
139
140 /* SMP channel specific context */
141 struct bt_smp {
142 /* Commands that remote is allowed to send */
143 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
144
145 /* Flags for SMP state machine */
146 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
147
148 /* Type of method used for pairing */
149 uint8_t method;
150
151 /* Pairing Request PDU */
152 uint8_t preq[7];
153
154 /* Pairing Response PDU */
155 uint8_t prsp[7];
156
157 /* Pairing Confirm PDU */
158 uint8_t pcnf[16];
159
160 /* Local random number */
161 uint8_t prnd[16];
162
163 /* Remote random number */
164 uint8_t rrnd[16];
165
166 /* Temporary key */
167 uint8_t tk[16];
168
169 /* Remote Public Key for LE SC */
170 uint8_t pkey[BT_PUB_KEY_LEN];
171
172 /* DHKey */
173 uint8_t dhkey[BT_DH_KEY_LEN];
174
175 /* Remote DHKey check */
176 uint8_t e[16];
177
178 /* MacKey */
179 uint8_t mackey[16];
180
181 /* LE SC passkey */
182 uint32_t passkey;
183
184 /* LE SC passkey round */
185 uint8_t passkey_round;
186
187 /* LE SC local OOB data */
188 const struct bt_le_oob_sc_data *oobd_local;
189
190 /* LE SC remote OOB data */
191 const struct bt_le_oob_sc_data *oobd_remote;
192
193 /* Local key distribution */
194 uint8_t local_dist;
195
196 /* Remote key distribution */
197 uint8_t remote_dist;
198
199 /* The channel this context is associated with.
200 * This marks the beginning of the part of the structure that will not
201 * be memset to zero in init.
202 */
203 struct bt_l2cap_le_chan chan;
204
205 /* Delayed work for timeout handling */
206 struct k_work_delayable work;
207 };
208
209 static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
210
211 #define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
212 fixed_passkey != BT_PASSKEY_INVALID && \
213 (smp)->method == PASSKEY_DISPLAY)
214
215 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
216 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
217 static const uint8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
218 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
219 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
220 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
221 PASSKEY_DISPLAY },
222 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
223 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
224 PASSKEY_ROLE },
225 };
226 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
227
228 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
229 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
230 static const uint8_t gen_method_sc[5 /* remote */][5 /* local */] = {
231 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
232 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
233 PASSKEY_CONFIRM },
234 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
235 PASSKEY_DISPLAY },
236 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
237 { PASSKEY_DISPLAY, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
238 PASSKEY_CONFIRM },
239 };
240 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
241
242 #if defined(CONFIG_BT_BREDR)
243 /* SMP over BR/EDR channel specific context */
244 struct bt_smp_br {
245 /* Commands that remote is allowed to send */
246 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
247
248 /* Flags for SMP state machine */
249 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
250
251 /* Local key distribution */
252 uint8_t local_dist;
253
254 /* Remote key distribution */
255 uint8_t remote_dist;
256
257 /* Encryption Key Size used for connection */
258 uint8_t enc_key_size;
259
260 /* The channel this context is associated with.
261 * This marks the beginning of the part of the structure that will not
262 * be memset to zero in init.
263 */
264 struct bt_l2cap_br_chan chan;
265
266 /* Delayed work for timeout handling */
267 struct k_work_delayable work;
268 };
269
270 static struct bt_smp_br bt_smp_br_pool[CONFIG_BT_MAX_CONN];
271 #endif /* CONFIG_BT_BREDR */
272
273 static struct bt_smp bt_smp_pool[CONFIG_BT_MAX_CONN];
274 static bool bondable = IS_ENABLED(CONFIG_BT_BONDABLE);
275 static bool oobd_present;
276 static bool sc_supported;
277 static const uint8_t *sc_public_key;
278 static K_SEM_DEFINE(sc_local_pkey_ready, 0, 1);
279
le_sc_supported(void)280 static bool le_sc_supported(void)
281 {
282 /*
283 * If controller based ECC is to be used it must support
284 * "LE Read Local P-256 Public Key" and "LE Generate DH Key" commands.
285 * Otherwise LE SC are not supported.
286 */
287 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
288 return false;
289 }
290
291 return BT_CMD_TEST(bt_dev.supported_commands, 34, 1) &&
292 BT_CMD_TEST(bt_dev.supported_commands, 34, 2);
293 }
294
get_io_capa(void)295 static uint8_t get_io_capa(void)
296 {
297 if (!bt_auth) {
298 goto no_callbacks;
299 }
300
301 /* Passkey Confirmation is valid only for LE SC */
302 if (bt_auth->passkey_display && bt_auth->passkey_entry &&
303 (bt_auth->passkey_confirm || !sc_supported)) {
304 return BT_SMP_IO_KEYBOARD_DISPLAY;
305 }
306
307 /* DisplayYesNo is useful only for LE SC */
308 if (sc_supported && bt_auth->passkey_display &&
309 bt_auth->passkey_confirm) {
310 return BT_SMP_IO_DISPLAY_YESNO;
311 }
312
313 if (bt_auth->passkey_entry) {
314 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
315 fixed_passkey != BT_PASSKEY_INVALID) {
316 return BT_SMP_IO_KEYBOARD_DISPLAY;
317 } else {
318 return BT_SMP_IO_KEYBOARD_ONLY;
319 }
320 }
321
322 if (bt_auth->passkey_display) {
323 return BT_SMP_IO_DISPLAY_ONLY;
324 }
325
326 no_callbacks:
327 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
328 fixed_passkey != BT_PASSKEY_INVALID) {
329 return BT_SMP_IO_DISPLAY_ONLY;
330 } else {
331 return BT_SMP_IO_NO_INPUT_OUTPUT;
332 }
333 }
334
335 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
336 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io);
337 #endif
338
smp_keys_check(struct bt_conn * conn)339 static bool smp_keys_check(struct bt_conn *conn)
340 {
341 if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
342 return false;
343 }
344
345 if (!conn->le.keys) {
346 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
347 conn->id, &conn->le.dst);
348 if (!conn->le.keys) {
349 conn->le.keys = bt_keys_find(BT_KEYS_LTK,
350 conn->id,
351 &conn->le.dst);
352 }
353 }
354
355 if (!conn->le.keys ||
356 !(conn->le.keys->keys & (BT_KEYS_LTK | BT_KEYS_LTK_P256))) {
357 return false;
358 }
359
360 if (conn->required_sec_level > BT_SECURITY_L2 &&
361 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
362 return false;
363 }
364
365 if (conn->required_sec_level > BT_SECURITY_L3 &&
366 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
367 !(conn->le.keys->keys & BT_KEYS_LTK_P256) &&
368 !(conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE)) {
369 return false;
370 }
371
372 return true;
373 }
374
get_pair_method(struct bt_smp * smp,uint8_t remote_io)375 static uint8_t get_pair_method(struct bt_smp *smp, uint8_t remote_io)
376 {
377 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
378 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
379 return legacy_get_pair_method(smp, remote_io);
380 }
381 #endif
382
383 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
384 struct bt_smp_pairing *req, *rsp;
385
386 req = (struct bt_smp_pairing *)&smp->preq[1];
387 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
388
389 if ((req->auth_req & rsp->auth_req) & BT_SMP_AUTH_SC) {
390 /* if one side has OOB data use OOB */
391 if ((req->oob_flag | rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
392 return LE_SC_OOB;
393 }
394 }
395
396 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
397 return JUST_WORKS;
398 }
399
400 /* if none side requires MITM use JustWorks */
401 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
402 return JUST_WORKS;
403 }
404
405 return gen_method_sc[remote_io][get_io_capa()];
406 #else
407 return JUST_WORKS;
408 #endif
409 }
410
security_err_get(uint8_t smp_err)411 static enum bt_security_err security_err_get(uint8_t smp_err)
412 {
413 switch (smp_err) {
414 case BT_SMP_ERR_PASSKEY_ENTRY_FAILED:
415 case BT_SMP_ERR_DHKEY_CHECK_FAILED:
416 case BT_SMP_ERR_NUMERIC_COMP_FAILED:
417 case BT_SMP_ERR_CONFIRM_FAILED:
418 return BT_SECURITY_ERR_AUTH_FAIL;
419 case BT_SMP_ERR_OOB_NOT_AVAIL:
420 return BT_SECURITY_ERR_OOB_NOT_AVAILABLE;
421 case BT_SMP_ERR_AUTH_REQUIREMENTS:
422 case BT_SMP_ERR_ENC_KEY_SIZE:
423 return BT_SECURITY_ERR_AUTH_REQUIREMENT;
424 case BT_SMP_ERR_PAIRING_NOTSUPP:
425 case BT_SMP_ERR_CMD_NOTSUPP:
426 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
427 case BT_SMP_ERR_REPEATED_ATTEMPTS:
428 case BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS:
429 case BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED:
430 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
431 case BT_SMP_ERR_INVALID_PARAMS:
432 return BT_SECURITY_ERR_INVALID_PARAM;
433 case BT_SMP_ERR_KEY_REJECTED:
434 return BT_SECURITY_ERR_KEY_REJECTED;
435 case BT_SMP_ERR_UNSPECIFIED:
436 default:
437 return BT_SECURITY_ERR_UNSPECIFIED;
438 }
439 }
440
smp_err_get(enum bt_security_err auth_err)441 static uint8_t smp_err_get(enum bt_security_err auth_err)
442 {
443 switch (auth_err) {
444 case BT_SECURITY_ERR_OOB_NOT_AVAILABLE:
445 return BT_SMP_ERR_OOB_NOT_AVAIL;
446
447 case BT_SECURITY_ERR_AUTH_FAIL:
448 case BT_SECURITY_ERR_AUTH_REQUIREMENT:
449 return BT_SMP_ERR_AUTH_REQUIREMENTS;
450
451 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
452 return BT_SMP_ERR_PAIRING_NOTSUPP;
453
454 case BT_SECURITY_ERR_INVALID_PARAM:
455 return BT_SMP_ERR_INVALID_PARAMS;
456
457 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
458 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
459 case BT_SECURITY_ERR_UNSPECIFIED:
460 return BT_SMP_ERR_UNSPECIFIED;
461 default:
462 return 0;
463 }
464 }
465
smp_create_pdu(struct bt_smp * smp,uint8_t op,size_t len)466 static struct net_buf *smp_create_pdu(struct bt_smp *smp, uint8_t op, size_t len)
467 {
468 struct bt_smp_hdr *hdr;
469 struct net_buf *buf;
470 k_timeout_t timeout;
471
472 /* Don't if session had already timed out */
473 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
474 timeout = K_NO_WAIT;
475 } else {
476 timeout = SMP_TIMEOUT;
477 }
478
479 /* Use smaller timeout if returning an error since that could be
480 * caused by lack of buffers.
481 */
482 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
483 if (!buf) {
484 /* If it was not possible to allocate a buffer within the
485 * timeout marked it as timed out.
486 */
487 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
488 return NULL;
489 }
490
491 hdr = net_buf_add(buf, sizeof(*hdr));
492 hdr->code = op;
493
494 return buf;
495 }
496
497 /* Cypher based Message Authentication Code (CMAC) with AES 128 bit
498 *
499 * Input : key ( 128-bit key )
500 * : in ( message to be authenticated )
501 * : len ( length of the message in octets )
502 * Output : out ( message authentication code )
503 */
bt_smp_aes_cmac(const uint8_t * key,const uint8_t * in,size_t len,uint8_t * out)504 static int bt_smp_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len,
505 uint8_t *out)
506 {
507 struct tc_aes_key_sched_struct sched;
508 struct tc_cmac_struct state;
509
510 if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
511 return -EIO;
512 }
513
514 if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) {
515 return -EIO;
516 }
517
518 if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) {
519 return -EIO;
520 }
521
522 return 0;
523 }
524
smp_d1(const uint8_t * key,uint16_t d,uint16_t r,uint8_t res[16])525 static int smp_d1(const uint8_t *key, uint16_t d, uint16_t r, uint8_t res[16])
526 {
527 int err;
528
529 BT_DBG("key %s d %u r %u", bt_hex(key, 16), d, r);
530
531 sys_put_le16(d, &res[0]);
532 sys_put_le16(r, &res[2]);
533 memset(&res[4], 0, 16 - 4);
534
535 err = bt_encrypt_le(key, res, res);
536 if (err) {
537 return err;
538 }
539
540 BT_DBG("res %s", bt_hex(res, 16));
541 return 0;
542 }
543
smp_f4(const uint8_t * u,const uint8_t * v,const uint8_t * x,uint8_t z,uint8_t res[16])544 static int smp_f4(const uint8_t *u, const uint8_t *v, const uint8_t *x,
545 uint8_t z, uint8_t res[16])
546 {
547 uint8_t xs[16];
548 uint8_t m[65];
549 int err;
550
551 BT_DBG("u %s", bt_hex(u, 32));
552 BT_DBG("v %s", bt_hex(v, 32));
553 BT_DBG("x %s z 0x%x", bt_hex(x, 16), z);
554
555 /*
556 * U, V and Z are concatenated and used as input m to the function
557 * AES-CMAC and X is used as the key k.
558 *
559 * Core Spec 4.2 Vol 3 Part H 2.2.5
560 *
561 * note:
562 * bt_smp_aes_cmac uses BE data and smp_f4 accept LE so we swap
563 */
564 sys_memcpy_swap(m, u, 32);
565 sys_memcpy_swap(m + 32, v, 32);
566 m[64] = z;
567
568 sys_memcpy_swap(xs, x, 16);
569
570 err = bt_smp_aes_cmac(xs, m, sizeof(m), res);
571 if (err) {
572 return err;
573 }
574
575 sys_mem_swap(res, 16);
576
577 BT_DBG("res %s", bt_hex(res, 16));
578
579 return err;
580 }
581
smp_f5(const uint8_t * w,const uint8_t * n1,const uint8_t * n2,const bt_addr_le_t * a1,const bt_addr_le_t * a2,uint8_t * mackey,uint8_t * ltk)582 static int smp_f5(const uint8_t *w, const uint8_t *n1, const uint8_t *n2,
583 const bt_addr_le_t *a1, const bt_addr_le_t *a2, uint8_t *mackey,
584 uint8_t *ltk)
585 {
586 static const uint8_t salt[16] = { 0x6c, 0x88, 0x83, 0x91, 0xaa, 0xf5,
587 0xa5, 0x38, 0x60, 0x37, 0x0b, 0xdb,
588 0x5a, 0x60, 0x83, 0xbe };
589 uint8_t m[53] = { 0x00, /* counter */
590 0x62, 0x74, 0x6c, 0x65, /* keyID */
591 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /*n1*/
592 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
593 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /*2*/
594 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a1 */
596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a2 */
597 0x01, 0x00 /* length */ };
598 uint8_t t[16], ws[32];
599 int err;
600
601 BT_DBG("w %s", bt_hex(w, 32));
602 BT_DBG("n1 %s", bt_hex(n1, 16));
603 BT_DBG("n2 %s", bt_hex(n2, 16));
604
605 sys_memcpy_swap(ws, w, 32);
606
607 err = bt_smp_aes_cmac(salt, ws, 32, t);
608 if (err) {
609 return err;
610 }
611
612 BT_DBG("t %s", bt_hex(t, 16));
613
614 sys_memcpy_swap(m + 5, n1, 16);
615 sys_memcpy_swap(m + 21, n2, 16);
616 m[37] = a1->type;
617 sys_memcpy_swap(m + 38, a1->a.val, 6);
618 m[44] = a2->type;
619 sys_memcpy_swap(m + 45, a2->a.val, 6);
620
621 err = bt_smp_aes_cmac(t, m, sizeof(m), mackey);
622 if (err) {
623 return err;
624 }
625
626 BT_DBG("mackey %1s", bt_hex(mackey, 16));
627
628 sys_mem_swap(mackey, 16);
629
630 /* counter for ltk is 1 */
631 m[0] = 0x01;
632
633 err = bt_smp_aes_cmac(t, m, sizeof(m), ltk);
634 if (err) {
635 return err;
636 }
637
638 BT_DBG("ltk %s", bt_hex(ltk, 16));
639
640 sys_mem_swap(ltk, 16);
641
642 return 0;
643 }
644
smp_f6(const uint8_t * w,const uint8_t * n1,const uint8_t * n2,const uint8_t * r,const uint8_t * iocap,const bt_addr_le_t * a1,const bt_addr_le_t * a2,uint8_t * check)645 static int smp_f6(const uint8_t *w, const uint8_t *n1, const uint8_t *n2,
646 const uint8_t *r, const uint8_t *iocap, const bt_addr_le_t *a1,
647 const bt_addr_le_t *a2, uint8_t *check)
648 {
649 uint8_t ws[16];
650 uint8_t m[65];
651 int err;
652
653 BT_DBG("w %s", bt_hex(w, 16));
654 BT_DBG("n1 %s", bt_hex(n1, 16));
655 BT_DBG("n2 %s", bt_hex(n2, 16));
656 BT_DBG("r %s", bt_hex(r, 16));
657 BT_DBG("io_cap %s", bt_hex(iocap, 3));
658 BT_DBG("a1 %s", bt_hex(a1, 7));
659 BT_DBG("a2 %s", bt_hex(a2, 7));
660
661 sys_memcpy_swap(m, n1, 16);
662 sys_memcpy_swap(m + 16, n2, 16);
663 sys_memcpy_swap(m + 32, r, 16);
664 sys_memcpy_swap(m + 48, iocap, 3);
665
666 m[51] = a1->type;
667 memcpy(m + 52, a1->a.val, 6);
668 sys_memcpy_swap(m + 52, a1->a.val, 6);
669
670 m[58] = a2->type;
671 memcpy(m + 59, a2->a.val, 6);
672 sys_memcpy_swap(m + 59, a2->a.val, 6);
673
674 sys_memcpy_swap(ws, w, 16);
675
676 err = bt_smp_aes_cmac(ws, m, sizeof(m), check);
677 if (err) {
678 return err;
679 }
680
681 BT_DBG("res %s", bt_hex(check, 16));
682
683 sys_mem_swap(check, 16);
684
685 return 0;
686 }
687
smp_g2(const uint8_t u[32],const uint8_t v[32],const uint8_t x[16],const uint8_t y[16],uint32_t * passkey)688 static int smp_g2(const uint8_t u[32], const uint8_t v[32],
689 const uint8_t x[16], const uint8_t y[16], uint32_t *passkey)
690 {
691 uint8_t m[80], xs[16];
692 int err;
693
694 BT_DBG("u %s", bt_hex(u, 32));
695 BT_DBG("v %s", bt_hex(v, 32));
696 BT_DBG("x %s", bt_hex(x, 16));
697 BT_DBG("y %s", bt_hex(y, 16));
698
699 sys_memcpy_swap(m, u, 32);
700 sys_memcpy_swap(m + 32, v, 32);
701 sys_memcpy_swap(m + 64, y, 16);
702
703 sys_memcpy_swap(xs, x, 16);
704
705 /* reuse xs (key) as buffer for result */
706 err = bt_smp_aes_cmac(xs, m, sizeof(m), xs);
707 if (err) {
708 return err;
709 }
710 BT_DBG("res %s", bt_hex(xs, 16));
711
712 memcpy(passkey, xs + 12, 4);
713 *passkey = sys_be32_to_cpu(*passkey) % 1000000;
714
715 BT_DBG("passkey %u", *passkey);
716
717 return 0;
718 }
719
get_encryption_key_size(struct bt_smp * smp)720 static uint8_t get_encryption_key_size(struct bt_smp *smp)
721 {
722 struct bt_smp_pairing *req, *rsp;
723
724 req = (struct bt_smp_pairing *)&smp->preq[1];
725 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
726
727 /*
728 * The smaller value of the initiating and responding devices maximum
729 * encryption key length parameters shall be used as the encryption key
730 * size.
731 */
732 return MIN(req->max_key_size, rsp->max_key_size);
733 }
734
735 /* Check that if a new pairing procedure with an existing bond will not lower
736 * the established security level of the bond.
737 */
update_keys_check(struct bt_smp * smp,struct bt_keys * keys)738 static bool update_keys_check(struct bt_smp *smp, struct bt_keys *keys)
739 {
740 if (IS_ENABLED(CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY) &&
741 !atomic_test_bit(smp->flags, SMP_FLAG_SC) &&
742 smp->method != LEGACY_OOB) {
743 return false;
744 }
745
746 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) &&
747 smp->method != LEGACY_OOB) {
748 return false;
749 }
750
751 if (!keys ||
752 !(keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
753 return true;
754 }
755
756 if (keys->enc_size > get_encryption_key_size(smp)) {
757 return false;
758 }
759
760 if ((keys->keys & BT_KEYS_LTK_P256) &&
761 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
762 return false;
763 }
764
765 if ((keys->flags & BT_KEYS_AUTHENTICATED) &&
766 smp->method == JUST_WORKS) {
767 return false;
768 }
769
770 if (!IS_ENABLED(CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE) &&
771 (!(keys->flags & BT_KEYS_AUTHENTICATED)
772 && smp->method == JUST_WORKS)) {
773 return false;
774 }
775
776 return true;
777 }
778
update_debug_keys_check(struct bt_smp * smp)779 static bool update_debug_keys_check(struct bt_smp *smp)
780 {
781 struct bt_conn *conn = smp->chan.chan.conn;
782
783 if (!conn->le.keys) {
784 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
785 }
786
787 if (!conn->le.keys ||
788 !(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
789 return true;
790 }
791
792 if (conn->le.keys->flags & BT_KEYS_DEBUG) {
793 return true;
794 }
795
796 return false;
797 }
798
799 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_SIGNING) || \
800 !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
801 /* For TX callbacks */
802 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status);
803 #if defined(CONFIG_BT_BREDR)
804 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status);
805 #endif
806
smp_check_complete(struct bt_conn * conn,uint8_t dist_complete)807 static void smp_check_complete(struct bt_conn *conn, uint8_t dist_complete)
808 {
809 struct bt_l2cap_chan *chan;
810
811 if (conn->type == BT_CONN_TYPE_LE) {
812 struct bt_smp *smp;
813
814 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_SMP);
815 __ASSERT(chan, "No SMP channel found");
816
817 smp = CONTAINER_OF(chan, struct bt_smp, chan);
818 smp->local_dist &= ~dist_complete;
819
820 /* if all keys were distributed, pairing is done */
821 if (!smp->local_dist && !smp->remote_dist) {
822 smp_pairing_complete(smp, 0);
823 }
824
825 return;
826 }
827
828 #if defined(CONFIG_BT_BREDR)
829 if (conn->type == BT_CONN_TYPE_BR) {
830 struct bt_smp_br *smp;
831
832 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_BR_SMP);
833 __ASSERT(chan, "No SMP channel found");
834
835 smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
836 smp->local_dist &= ~dist_complete;
837
838 /* if all keys were distributed, pairing is done */
839 if (!smp->local_dist && !smp->remote_dist) {
840 smp_pairing_br_complete(smp, 0);
841 }
842 }
843 #endif
844 }
845 #endif
846
847 #if defined(CONFIG_BT_PRIVACY)
smp_id_sent(struct bt_conn * conn,void * user_data)848 static void smp_id_sent(struct bt_conn *conn, void *user_data)
849 {
850 smp_check_complete(conn, BT_SMP_DIST_ID_KEY);
851 }
852 #endif /* CONFIG_BT_PRIVACY */
853
854 #if defined(CONFIG_BT_SIGNING)
smp_sign_info_sent(struct bt_conn * conn,void * user_data)855 static void smp_sign_info_sent(struct bt_conn *conn, void *user_data)
856 {
857 smp_check_complete(conn, BT_SMP_DIST_SIGN);
858 }
859 #endif /* CONFIG_BT_SIGNING */
860
861 #if defined(CONFIG_BT_BREDR)
smp_h6(const uint8_t w[16],const uint8_t key_id[4],uint8_t res[16])862 static int smp_h6(const uint8_t w[16], const uint8_t key_id[4], uint8_t res[16])
863 {
864 uint8_t ws[16];
865 uint8_t key_id_s[4];
866 int err;
867
868 BT_DBG("w %s", bt_hex(w, 16));
869 BT_DBG("key_id %s", bt_hex(key_id, 4));
870
871 sys_memcpy_swap(ws, w, 16);
872 sys_memcpy_swap(key_id_s, key_id, 4);
873
874 err = bt_smp_aes_cmac(ws, key_id_s, 4, res);
875 if (err) {
876 return err;
877 }
878
879 BT_DBG("res %s", bt_hex(res, 16));
880
881 sys_mem_swap(res, 16);
882
883 return 0;
884 }
885
smp_h7(const uint8_t salt[16],const uint8_t w[16],uint8_t res[16])886 static int smp_h7(const uint8_t salt[16], const uint8_t w[16], uint8_t res[16])
887 {
888 uint8_t ws[16];
889 uint8_t salt_s[16];
890 int err;
891
892 BT_DBG("w %s", bt_hex(w, 16));
893 BT_DBG("salt %s", bt_hex(salt, 16));
894
895 sys_memcpy_swap(ws, w, 16);
896 sys_memcpy_swap(salt_s, salt, 16);
897
898 err = bt_smp_aes_cmac(salt_s, ws, 16, res);
899 if (err) {
900 return err;
901 }
902
903 BT_DBG("res %s", bt_hex(res, 16));
904
905 sys_mem_swap(res, 16);
906
907 return 0;
908 }
909
sc_derive_link_key(struct bt_smp * smp)910 static void sc_derive_link_key(struct bt_smp *smp)
911 {
912 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
913 static const uint8_t lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
914 struct bt_conn *conn = smp->chan.chan.conn;
915 struct bt_keys_link_key *link_key;
916 uint8_t ilk[16];
917
918 BT_DBG("");
919
920 /* TODO handle errors? */
921
922 /*
923 * At this point remote device identity is known so we can use
924 * destination address here
925 */
926 link_key = bt_keys_get_link_key(&conn->le.dst.a);
927 if (!link_key) {
928 return;
929 }
930
931 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
932 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
933 static const uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74,
934 0x00, 0x00, 0x00, 0x00,
935 0x00, 0x00, 0x00, 0x00,
936 0x00, 0x00, 0x00, 0x00 };
937
938 if (smp_h7(salt, conn->le.keys->ltk.val, ilk)) {
939 bt_keys_link_key_clear(link_key);
940 return;
941 }
942 } else {
943 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
944 static const uint8_t tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
945
946 if (smp_h6(conn->le.keys->ltk.val, tmp1, ilk)) {
947 bt_keys_link_key_clear(link_key);
948 return;
949 }
950 }
951
952 if (smp_h6(ilk, lebr, link_key->val)) {
953 bt_keys_link_key_clear(link_key);
954 }
955
956 link_key->flags |= BT_LINK_KEY_SC;
957
958 if (conn->le.keys->flags & BT_KEYS_AUTHENTICATED) {
959 link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
960 } else {
961 link_key->flags &= ~BT_LINK_KEY_AUTHENTICATED;
962 }
963 }
964
smp_br_reset(struct bt_smp_br * smp)965 static void smp_br_reset(struct bt_smp_br *smp)
966 {
967 /* Clear flags first in case canceling of timeout fails. The SMP context
968 * shall be marked as timed out in that case.
969 */
970 atomic_set(smp->flags, 0);
971
972 /* If canceling fails the timeout handler will set the timeout flag and
973 * mark the it as timed out. No new pairing procedures shall be started
974 * on this connection if that happens.
975 */
976 (void)k_work_cancel_delayable(&smp->work);
977
978 atomic_set(smp->allowed_cmds, 0);
979
980 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
981 }
982
smp_pairing_br_complete(struct bt_smp_br * smp,uint8_t status)983 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status)
984 {
985 struct bt_conn *conn = smp->chan.chan.conn;
986 struct bt_keys *keys;
987 bt_addr_le_t addr;
988
989 BT_DBG("status 0x%x", status);
990
991 /* For dualmode devices LE address is same as BR/EDR address
992 * and is of public type.
993 */
994 bt_addr_copy(&addr.a, &conn->br.dst);
995 addr.type = BT_ADDR_LE_PUBLIC;
996 keys = bt_keys_find_addr(conn->id, &addr);
997
998 if (status) {
999 if (keys) {
1000 bt_keys_clear(keys);
1001 }
1002
1003 if (bt_auth && bt_auth->pairing_failed) {
1004 bt_auth->pairing_failed(smp->chan.chan.conn,
1005 security_err_get(status));
1006 }
1007 } else {
1008 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
1009
1010 if (bond_flag && keys) {
1011 bt_keys_store(keys);
1012 }
1013
1014 if (bt_auth && bt_auth->pairing_complete) {
1015 bt_auth->pairing_complete(smp->chan.chan.conn,
1016 bond_flag);
1017 }
1018 }
1019
1020 smp_br_reset(smp);
1021 }
1022
smp_br_timeout(struct k_work * work)1023 static void smp_br_timeout(struct k_work *work)
1024 {
1025 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
1026 struct bt_smp_br *smp = CONTAINER_OF(dwork, struct bt_smp_br, work);
1027
1028 BT_ERR("SMP Timeout");
1029
1030 smp_pairing_br_complete(smp, BT_SMP_ERR_UNSPECIFIED);
1031 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1032 }
1033
smp_br_send(struct bt_smp_br * smp,struct net_buf * buf,bt_conn_tx_cb_t cb)1034 static void smp_br_send(struct bt_smp_br *smp, struct net_buf *buf,
1035 bt_conn_tx_cb_t cb)
1036 {
1037 if (bt_l2cap_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf, cb, NULL)) {
1038 net_buf_unref(buf);
1039 return;
1040 }
1041
1042 k_work_reschedule(&smp->work, SMP_TIMEOUT);
1043 }
1044
bt_smp_br_connected(struct bt_l2cap_chan * chan)1045 static void bt_smp_br_connected(struct bt_l2cap_chan *chan)
1046 {
1047 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
1048
1049 BT_DBG("chan %p cid 0x%04x", chan,
1050 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
1051
1052 atomic_set_bit(smp->flags, SMP_FLAG_BR_CONNECTED);
1053
1054 /*
1055 * if this flag is set it means pairing was requested before channel
1056 * was connected
1057 */
1058 if (atomic_test_bit(smp->flags, SMP_FLAG_BR_PAIR)) {
1059 bt_smp_br_send_pairing_req(chan->conn);
1060 }
1061 }
1062
bt_smp_br_disconnected(struct bt_l2cap_chan * chan)1063 static void bt_smp_br_disconnected(struct bt_l2cap_chan *chan)
1064 {
1065 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
1066
1067 BT_DBG("chan %p cid 0x%04x", chan,
1068 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
1069
1070 /* Channel disconnected callback is always called from a work handler
1071 * so canceling of the timeout work should always succeed.
1072 */
1073 (void)k_work_cancel_delayable(&smp->work);
1074
1075 (void)memset(smp, 0, sizeof(*smp));
1076 }
1077
smp_br_init(struct bt_smp_br * smp)1078 static void smp_br_init(struct bt_smp_br *smp)
1079 {
1080 /* Initialize SMP context exluding L2CAP channel context and anything
1081 * else declared after.
1082 */
1083 (void)memset(smp, 0, offsetof(struct bt_smp_br, chan));
1084
1085 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
1086 }
1087
smp_br_derive_ltk(struct bt_smp_br * smp)1088 static void smp_br_derive_ltk(struct bt_smp_br *smp)
1089 {
1090 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
1091 static const uint8_t brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1092 struct bt_conn *conn = smp->chan.chan.conn;
1093 struct bt_keys_link_key *link_key = conn->br.link_key;
1094 struct bt_keys *keys;
1095 bt_addr_le_t addr;
1096 uint8_t ilk[16];
1097
1098 BT_DBG("");
1099
1100 if (!link_key) {
1101 return;
1102 }
1103
1104 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) && conn->encrypt != 0x02) {
1105 BT_WARN("Using P192 Link Key for P256 LTK derivation");
1106 }
1107
1108 /*
1109 * For dualmode devices LE address is same as BR/EDR address and is of
1110 * public type.
1111 */
1112 bt_addr_copy(&addr.a, &conn->br.dst);
1113 addr.type = BT_ADDR_LE_PUBLIC;
1114
1115 keys = bt_keys_get_type(BT_KEYS_LTK_P256, conn->id, &addr);
1116 if (!keys) {
1117 BT_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1118 return;
1119 }
1120
1121 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
1122 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
1123 static const uint8_t salt[16] = { 0x32, 0x70, 0x6d, 0x74,
1124 0x00, 0x00, 0x00, 0x00,
1125 0x00, 0x00, 0x00, 0x00,
1126 0x00, 0x00, 0x00, 0x00 };
1127
1128 if (smp_h7(salt, link_key->val, ilk)) {
1129 bt_keys_link_key_clear(link_key);
1130 return;
1131 }
1132 } else {
1133 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
1134 static const uint8_t tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1135
1136 if (smp_h6(link_key->val, tmp2, ilk)) {
1137 bt_keys_clear(keys);
1138 return;
1139 }
1140 }
1141
1142 if (smp_h6(ilk, brle, keys->ltk.val)) {
1143 bt_keys_clear(keys);
1144 return;
1145 }
1146
1147 (void)memset(keys->ltk.ediv, 0, sizeof(keys->ltk.ediv));
1148 (void)memset(keys->ltk.rand, 0, sizeof(keys->ltk.rand));
1149 keys->enc_size = smp->enc_key_size;
1150
1151 if (link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
1152 keys->flags |= BT_KEYS_AUTHENTICATED;
1153 } else {
1154 keys->flags &= ~BT_KEYS_AUTHENTICATED;
1155 }
1156
1157 BT_DBG("LTK derived from LinkKey");
1158 }
1159
smp_br_create_pdu(struct bt_smp_br * smp,uint8_t op,size_t len)1160 static struct net_buf *smp_br_create_pdu(struct bt_smp_br *smp, uint8_t op,
1161 size_t len)
1162 {
1163 struct bt_smp_hdr *hdr;
1164 struct net_buf *buf;
1165 k_timeout_t timeout;
1166
1167 /* Don't if session had already timed out */
1168 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1169 timeout = K_NO_WAIT;
1170 } else {
1171 timeout = SMP_TIMEOUT;
1172 }
1173
1174 /* Use smaller timeout if returning an error since that could be
1175 * caused by lack of buffers.
1176 */
1177 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
1178 if (!buf) {
1179 /* If it was not possible to allocate a buffer within the
1180 * timeout marked it as timed out.
1181 */
1182 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1183 return NULL;
1184 }
1185
1186 hdr = net_buf_add(buf, sizeof(*hdr));
1187 hdr->code = op;
1188
1189 return buf;
1190 }
1191
smp_br_distribute_keys(struct bt_smp_br * smp)1192 static void smp_br_distribute_keys(struct bt_smp_br *smp)
1193 {
1194 struct bt_conn *conn = smp->chan.chan.conn;
1195 struct bt_keys *keys;
1196 bt_addr_le_t addr;
1197
1198 /*
1199 * For dualmode devices LE address is same as BR/EDR address and is of
1200 * public type.
1201 */
1202 bt_addr_copy(&addr.a, &conn->br.dst);
1203 addr.type = BT_ADDR_LE_PUBLIC;
1204
1205 keys = bt_keys_get_addr(conn->id, &addr);
1206 if (!keys) {
1207 BT_ERR("No keys space for %s", bt_addr_le_str(&addr));
1208 return;
1209 }
1210
1211 #if defined(CONFIG_BT_PRIVACY)
1212 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
1213 struct bt_smp_ident_info *id_info;
1214 struct bt_smp_ident_addr_info *id_addr_info;
1215 struct net_buf *buf;
1216
1217 smp->local_dist &= ~BT_SMP_DIST_ID_KEY;
1218
1219 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
1220 sizeof(*id_info));
1221 if (!buf) {
1222 BT_ERR("Unable to allocate Ident Info buffer");
1223 return;
1224 }
1225
1226 id_info = net_buf_add(buf, sizeof(*id_info));
1227 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
1228
1229 smp_br_send(smp, buf, NULL);
1230
1231 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
1232 sizeof(*id_addr_info));
1233 if (!buf) {
1234 BT_ERR("Unable to allocate Ident Addr Info buffer");
1235 return;
1236 }
1237
1238 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
1239 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
1240
1241 smp_br_send(smp, buf, smp_id_sent);
1242 }
1243 #endif /* CONFIG_BT_PRIVACY */
1244
1245 #if defined(CONFIG_BT_SIGNING)
1246 if (smp->local_dist & BT_SMP_DIST_SIGN) {
1247 struct bt_smp_signing_info *info;
1248 struct net_buf *buf;
1249
1250 smp->local_dist &= ~BT_SMP_DIST_SIGN;
1251
1252 buf = smp_br_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
1253 sizeof(*info));
1254 if (!buf) {
1255 BT_ERR("Unable to allocate Signing Info buffer");
1256 return;
1257 }
1258
1259 info = net_buf_add(buf, sizeof(*info));
1260
1261 if (bt_rand(info->csrk, sizeof(info->csrk))) {
1262 BT_ERR("Unable to get random bytes");
1263 return;
1264 }
1265
1266 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
1267 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
1268 memcpy(keys->local_csrk.val, info->csrk, 16);
1269 keys->local_csrk.cnt = 0U;
1270 }
1271
1272 smp_br_send(smp, buf, smp_sign_info_sent);
1273 }
1274 #endif /* CONFIG_BT_SIGNING */
1275 }
1276
smp_br_pairing_allowed(struct bt_smp_br * smp)1277 static bool smp_br_pairing_allowed(struct bt_smp_br *smp)
1278 {
1279 if (smp->chan.chan.conn->encrypt == 0x02) {
1280 return true;
1281 }
1282
1283 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) &&
1284 smp->chan.chan.conn->encrypt == 0x01) {
1285 BT_WARN("Allowing BR/EDR SMP with P-192 key");
1286 return true;
1287 }
1288
1289 return false;
1290 }
1291
smp_br_pairing_req(struct bt_smp_br * smp,struct net_buf * buf)1292 static uint8_t smp_br_pairing_req(struct bt_smp_br *smp, struct net_buf *buf)
1293 {
1294 struct bt_smp_pairing *req = (void *)buf->data;
1295 struct bt_conn *conn = smp->chan.chan.conn;
1296 struct bt_smp_pairing *rsp;
1297 struct net_buf *rsp_buf;
1298 uint8_t max_key_size;
1299
1300 BT_DBG("");
1301
1302 /*
1303 * If a Pairing Request is received over the BR/EDR transport when
1304 * either cross-transport key derivation/generation is not supported or
1305 * the BR/EDR transport is not encrypted using a Link Key generated
1306 * using P256, a Pairing Failed shall be sent with the error code
1307 * "Cross-transport Key Derivation/Generation not allowed" (0x0E)."
1308 */
1309 if (!smp_br_pairing_allowed(smp)) {
1310 return BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED;
1311 }
1312
1313 max_key_size = bt_conn_enc_key_size(conn);
1314 if (!max_key_size) {
1315 BT_DBG("Invalid encryption key size");
1316 return BT_SMP_ERR_UNSPECIFIED;
1317 }
1318
1319 if (req->max_key_size != max_key_size) {
1320 return BT_SMP_ERR_ENC_KEY_SIZE;
1321 }
1322
1323 rsp_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
1324 if (!rsp_buf) {
1325 return BT_SMP_ERR_UNSPECIFIED;
1326 }
1327
1328 smp_br_init(smp);
1329 smp->enc_key_size = max_key_size;
1330
1331 /*
1332 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1333 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1334 * Request/Response PDU shall be set to zero on transmission, and
1335 * ignored on reception.
1336 */
1337 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
1338
1339 rsp->auth_req = 0x00;
1340 rsp->io_capability = 0x00;
1341 rsp->oob_flag = 0x00;
1342 rsp->max_key_size = max_key_size;
1343 rsp->init_key_dist = (req->init_key_dist & BR_RECV_KEYS_SC);
1344 rsp->resp_key_dist = (req->resp_key_dist & BR_RECV_KEYS_SC);
1345
1346 smp->local_dist = rsp->resp_key_dist;
1347 smp->remote_dist = rsp->init_key_dist;
1348
1349 smp_br_send(smp, rsp_buf, NULL);
1350
1351 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1352
1353 /* derive LTK if requested and clear distribution bits */
1354 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1355 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1356 smp_br_derive_ltk(smp);
1357 }
1358 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1359 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1360
1361 /* BR/EDR acceptor is like LE Peripheral and distributes keys first */
1362 smp_br_distribute_keys(smp);
1363
1364 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1365 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1366 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1367 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1368 }
1369
1370 /* if all keys were distributed, pairing is done */
1371 if (!smp->local_dist && !smp->remote_dist) {
1372 smp_pairing_br_complete(smp, 0);
1373 }
1374
1375 return 0;
1376 }
1377
smp_br_pairing_rsp(struct bt_smp_br * smp,struct net_buf * buf)1378 static uint8_t smp_br_pairing_rsp(struct bt_smp_br *smp, struct net_buf *buf)
1379 {
1380 struct bt_smp_pairing *rsp = (void *)buf->data;
1381 struct bt_conn *conn = smp->chan.chan.conn;
1382 uint8_t max_key_size;
1383
1384 BT_DBG("");
1385
1386 max_key_size = bt_conn_enc_key_size(conn);
1387 if (!max_key_size) {
1388 BT_DBG("Invalid encryption key size");
1389 return BT_SMP_ERR_UNSPECIFIED;
1390 }
1391
1392 if (rsp->max_key_size != max_key_size) {
1393 return BT_SMP_ERR_ENC_KEY_SIZE;
1394 }
1395
1396 smp->local_dist &= rsp->init_key_dist;
1397 smp->remote_dist &= rsp->resp_key_dist;
1398
1399 smp->local_dist &= SEND_KEYS_SC;
1400 smp->remote_dist &= RECV_KEYS_SC;
1401
1402 /* Peripheral distributes its keys first */
1403
1404 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1405 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1406 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1407 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1408 }
1409
1410 /* derive LTK if requested and clear distribution bits */
1411 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1412 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1413 smp_br_derive_ltk(smp);
1414 }
1415 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1416 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1417
1418 /* Pairing acceptor distributes it's keys first */
1419 if (smp->remote_dist) {
1420 return 0;
1421 }
1422
1423 smp_br_distribute_keys(smp);
1424
1425 /* if all keys were distributed, pairing is done */
1426 if (!smp->local_dist && !smp->remote_dist) {
1427 smp_pairing_br_complete(smp, 0);
1428 }
1429
1430 return 0;
1431 }
1432
smp_br_pairing_failed(struct bt_smp_br * smp,struct net_buf * buf)1433 static uint8_t smp_br_pairing_failed(struct bt_smp_br *smp, struct net_buf *buf)
1434 {
1435 struct bt_smp_pairing_fail *req = (void *)buf->data;
1436
1437 BT_ERR("reason 0x%x", req->reason);
1438
1439 smp_pairing_br_complete(smp, req->reason);
1440 smp_br_reset(smp);
1441
1442 /* return no error to avoid sending Pairing Failed in response */
1443 return 0;
1444 }
1445
smp_br_ident_info(struct bt_smp_br * smp,struct net_buf * buf)1446 static uint8_t smp_br_ident_info(struct bt_smp_br *smp, struct net_buf *buf)
1447 {
1448 struct bt_smp_ident_info *req = (void *)buf->data;
1449 struct bt_conn *conn = smp->chan.chan.conn;
1450 struct bt_keys *keys;
1451 bt_addr_le_t addr;
1452
1453 BT_DBG("");
1454
1455 /* TODO should we resolve LE address if matching RPA is connected? */
1456
1457 /*
1458 * For dualmode devices LE address is same as BR/EDR address and is of
1459 * public type.
1460 */
1461 bt_addr_copy(&addr.a, &conn->br.dst);
1462 addr.type = BT_ADDR_LE_PUBLIC;
1463
1464 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &addr);
1465 if (!keys) {
1466 BT_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1467 return BT_SMP_ERR_UNSPECIFIED;
1468 }
1469
1470 memcpy(keys->irk.val, req->irk, sizeof(keys->irk.val));
1471
1472 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
1473
1474 return 0;
1475 }
1476
smp_br_ident_addr_info(struct bt_smp_br * smp,struct net_buf * buf)1477 static uint8_t smp_br_ident_addr_info(struct bt_smp_br *smp,
1478 struct net_buf *buf)
1479 {
1480 struct bt_conn *conn = smp->chan.chan.conn;
1481 struct bt_smp_ident_addr_info *req = (void *)buf->data;
1482 bt_addr_le_t addr;
1483
1484 BT_DBG("identity %s", bt_addr_le_str(&req->addr));
1485
1486 /*
1487 * For dual mode device identity address must be same as BR/EDR address
1488 * and be of public type. So if received one doesn't match BR/EDR
1489 * address we fail.
1490 */
1491
1492 bt_addr_copy(&addr.a, &conn->br.dst);
1493 addr.type = BT_ADDR_LE_PUBLIC;
1494
1495 if (bt_addr_le_cmp(&addr, &req->addr)) {
1496 return BT_SMP_ERR_UNSPECIFIED;
1497 }
1498
1499 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
1500
1501 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1502 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1503 }
1504
1505 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1506 smp_br_distribute_keys(smp);
1507 }
1508
1509 /* if all keys were distributed, pairing is done */
1510 if (!smp->local_dist && !smp->remote_dist) {
1511 smp_pairing_br_complete(smp, 0);
1512 }
1513
1514 return 0;
1515 }
1516
1517 #if defined(CONFIG_BT_SIGNING)
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1518 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1519 {
1520 struct bt_smp_signing_info *req = (void *)buf->data;
1521 struct bt_conn *conn = smp->chan.chan.conn;
1522 struct bt_keys *keys;
1523 bt_addr_le_t addr;
1524
1525 BT_DBG("");
1526
1527 /*
1528 * For dualmode devices LE address is same as BR/EDR address and is of
1529 * public type.
1530 */
1531 bt_addr_copy(&addr.a, &conn->br.dst);
1532 addr.type = BT_ADDR_LE_PUBLIC;
1533
1534 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id, &addr);
1535 if (!keys) {
1536 BT_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1537 return BT_SMP_ERR_UNSPECIFIED;
1538 }
1539
1540 memcpy(keys->remote_csrk.val, req->csrk, sizeof(keys->remote_csrk.val));
1541
1542 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
1543
1544 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1545 smp_br_distribute_keys(smp);
1546 }
1547
1548 /* if all keys were distributed, pairing is done */
1549 if (!smp->local_dist && !smp->remote_dist) {
1550 smp_pairing_br_complete(smp, 0);
1551 }
1552
1553 return 0;
1554 }
1555 #else
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1556 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1557 {
1558 return BT_SMP_ERR_CMD_NOTSUPP;
1559 }
1560 #endif /* CONFIG_BT_SIGNING */
1561
1562 static const struct {
1563 uint8_t (*func)(struct bt_smp_br *smp, struct net_buf *buf);
1564 uint8_t expect_len;
1565 } br_handlers[] = {
1566 { }, /* No op-code defined for 0x00 */
1567 { smp_br_pairing_req, sizeof(struct bt_smp_pairing) },
1568 { smp_br_pairing_rsp, sizeof(struct bt_smp_pairing) },
1569 { }, /* pairing confirm not used over BR/EDR */
1570 { }, /* pairing random not used over BR/EDR */
1571 { smp_br_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
1572 { }, /* encrypt info not used over BR/EDR */
1573 { }, /* central ident not used over BR/EDR */
1574 { smp_br_ident_info, sizeof(struct bt_smp_ident_info) },
1575 { smp_br_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
1576 { smp_br_signing_info, sizeof(struct bt_smp_signing_info) },
1577 /* security request not used over BR/EDR */
1578 /* public key not used over BR/EDR */
1579 /* DHKey check not used over BR/EDR */
1580 };
1581
smp_br_error(struct bt_smp_br * smp,uint8_t reason)1582 static int smp_br_error(struct bt_smp_br *smp, uint8_t reason)
1583 {
1584 struct bt_smp_pairing_fail *rsp;
1585 struct net_buf *buf;
1586
1587 /* reset context and report */
1588 smp_br_reset(smp);
1589
1590 buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1591 if (!buf) {
1592 return -ENOBUFS;
1593 }
1594
1595 rsp = net_buf_add(buf, sizeof(*rsp));
1596 rsp->reason = reason;
1597
1598 /*
1599 * SMP timer is not restarted for PairingFailed so don't use
1600 * smp_br_send
1601 */
1602 if (bt_l2cap_send(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf)) {
1603 net_buf_unref(buf);
1604 }
1605
1606 return 0;
1607 }
1608
bt_smp_br_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1609 static int bt_smp_br_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1610 {
1611 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan);
1612 struct bt_smp_hdr *hdr;
1613 uint8_t err;
1614
1615 if (buf->len < sizeof(*hdr)) {
1616 BT_ERR("Too small SMP PDU received");
1617 return 0;
1618 }
1619
1620 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1621 BT_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
1622
1623 /*
1624 * If SMP timeout occurred "no further SMP commands shall be sent over
1625 * the L2CAP Security Manager Channel. A new SM procedure shall only be
1626 * performed when a new physical link has been established."
1627 */
1628 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1629 BT_WARN("SMP command (code 0x%02x) received after timeout",
1630 hdr->code);
1631 return 0;
1632 }
1633
1634 if (hdr->code >= ARRAY_SIZE(br_handlers) ||
1635 !br_handlers[hdr->code].func) {
1636 BT_WARN("Unhandled SMP code 0x%02x", hdr->code);
1637 smp_br_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
1638 return 0;
1639 }
1640
1641 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
1642 BT_WARN("Unexpected SMP code 0x%02x", hdr->code);
1643 smp_br_error(smp, BT_SMP_ERR_UNSPECIFIED);
1644 return 0;
1645 }
1646
1647 if (buf->len != br_handlers[hdr->code].expect_len) {
1648 BT_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
1649 smp_br_error(smp, BT_SMP_ERR_INVALID_PARAMS);
1650 return 0;
1651 }
1652
1653 err = br_handlers[hdr->code].func(smp, buf);
1654 if (err) {
1655 smp_br_error(smp, err);
1656 }
1657
1658 return 0;
1659 }
1660
br_sc_supported(void)1661 static bool br_sc_supported(void)
1662 {
1663 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR)) {
1664 BT_WARN("Enabling BR/EDR SMP without BR/EDR SC support");
1665 return true;
1666 }
1667
1668 return BT_FEAT_SC(bt_dev.features);
1669 }
1670
bt_smp_br_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)1671 static int bt_smp_br_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
1672 {
1673 static const struct bt_l2cap_chan_ops ops = {
1674 .connected = bt_smp_br_connected,
1675 .disconnected = bt_smp_br_disconnected,
1676 .recv = bt_smp_br_recv,
1677 };
1678 int i;
1679
1680 /* Check BR/EDR SC is supported */
1681 if (!br_sc_supported()) {
1682 return -ENOTSUP;
1683 }
1684
1685 BT_DBG("conn %p handle %u", conn, conn->handle);
1686
1687 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
1688 struct bt_smp_br *smp = &bt_smp_br_pool[i];
1689
1690 if (smp->chan.chan.conn) {
1691 continue;
1692 }
1693
1694 smp->chan.chan.ops = &ops;
1695
1696 *chan = &smp->chan.chan;
1697
1698 k_work_init_delayable(&smp->work, smp_br_timeout);
1699 smp_br_reset(smp);
1700
1701 return 0;
1702 }
1703
1704 BT_ERR("No available SMP context for conn %p", conn);
1705
1706 return -ENOMEM;
1707 }
1708
smp_br_chan_get(struct bt_conn * conn)1709 static struct bt_smp_br *smp_br_chan_get(struct bt_conn *conn)
1710 {
1711 struct bt_l2cap_chan *chan;
1712
1713 chan = bt_l2cap_br_lookup_rx_cid(conn, BT_L2CAP_CID_BR_SMP);
1714 if (!chan) {
1715 BT_ERR("Unable to find SMP channel");
1716 return NULL;
1717 }
1718
1719 return CONTAINER_OF(chan, struct bt_smp_br, chan);
1720 }
1721
bt_smp_br_send_pairing_req(struct bt_conn * conn)1722 int bt_smp_br_send_pairing_req(struct bt_conn *conn)
1723 {
1724 struct bt_smp_pairing *req;
1725 struct net_buf *req_buf;
1726 uint8_t max_key_size;
1727 struct bt_smp_br *smp;
1728
1729 smp = smp_br_chan_get(conn);
1730 if (!smp) {
1731 return -ENOTCONN;
1732 }
1733
1734 /* SMP Timeout */
1735 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1736 return -EIO;
1737 }
1738
1739 /* pairing is in progress */
1740 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1741 return -EBUSY;
1742 }
1743
1744 /* check if we are allowed to start SMP over BR/EDR */
1745 if (!smp_br_pairing_allowed(smp)) {
1746 return 0;
1747 }
1748
1749 /* Channel not yet connected, will start pairing once connected */
1750 if (!atomic_test_bit(smp->flags, SMP_FLAG_BR_CONNECTED)) {
1751 atomic_set_bit(smp->flags, SMP_FLAG_BR_PAIR);
1752 return 0;
1753 }
1754
1755 max_key_size = bt_conn_enc_key_size(conn);
1756 if (!max_key_size) {
1757 BT_DBG("Invalid encryption key size");
1758 return -EIO;
1759 }
1760
1761 smp_br_init(smp);
1762 smp->enc_key_size = max_key_size;
1763
1764 req_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
1765 if (!req_buf) {
1766 return -ENOBUFS;
1767 }
1768
1769 req = net_buf_add(req_buf, sizeof(*req));
1770
1771 /*
1772 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1773 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1774 * Request/Response PDU shall be set to zero on transmission, and
1775 * ignored on reception.
1776 */
1777
1778 req->auth_req = 0x00;
1779 req->io_capability = 0x00;
1780 req->oob_flag = 0x00;
1781 req->max_key_size = max_key_size;
1782 req->init_key_dist = BR_SEND_KEYS_SC;
1783 req->resp_key_dist = BR_RECV_KEYS_SC;
1784
1785 smp_br_send(smp, req_buf, NULL);
1786
1787 smp->local_dist = BR_SEND_KEYS_SC;
1788 smp->remote_dist = BR_RECV_KEYS_SC;
1789
1790 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
1791
1792 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1793
1794 return 0;
1795 }
1796 #endif /* CONFIG_BT_BREDR */
1797
smp_reset(struct bt_smp * smp)1798 static void smp_reset(struct bt_smp *smp)
1799 {
1800 struct bt_conn *conn = smp->chan.chan.conn;
1801
1802 /* Clear flags first in case canceling of timeout fails. The SMP context
1803 * shall be marked as timed out in that case.
1804 */
1805 atomic_set(smp->flags, 0);
1806
1807 /* If canceling fails the timeout handler will set the timeout flag and
1808 * mark the it as timed out. No new pairing procedures shall be started
1809 * on this connection if that happens.
1810 */
1811 (void)k_work_cancel_delayable(&smp->work);
1812
1813 smp->method = JUST_WORKS;
1814 atomic_set(smp->allowed_cmds, 0);
1815
1816 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1817 conn->role == BT_HCI_ROLE_CENTRAL) {
1818 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
1819 return;
1820 }
1821
1822 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
1823 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
1824 }
1825 }
1826
hci_err_get(enum bt_security_err err)1827 static uint8_t hci_err_get(enum bt_security_err err)
1828 {
1829 switch (err) {
1830 case BT_SECURITY_ERR_SUCCESS:
1831 return BT_HCI_ERR_SUCCESS;
1832 case BT_SECURITY_ERR_AUTH_FAIL:
1833 return BT_HCI_ERR_AUTH_FAIL;
1834 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
1835 return BT_HCI_ERR_PIN_OR_KEY_MISSING;
1836 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
1837 return BT_HCI_ERR_PAIRING_NOT_SUPPORTED;
1838 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
1839 return BT_HCI_ERR_PAIRING_NOT_ALLOWED;
1840 case BT_SECURITY_ERR_INVALID_PARAM:
1841 return BT_HCI_ERR_INVALID_PARAM;
1842 default:
1843 return BT_HCI_ERR_UNSPECIFIED;
1844 }
1845 }
1846
1847 /* Note: This function not only does set the status but also calls smp_reset
1848 * at the end which clears any flags previously set.
1849 */
smp_pairing_complete(struct bt_smp * smp,uint8_t status)1850 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status)
1851 {
1852 struct bt_conn *conn = smp->chan.chan.conn;
1853
1854 BT_DBG("status 0x%x", status);
1855
1856 if (!status) {
1857 #if defined(CONFIG_BT_BREDR)
1858 /*
1859 * Don't derive if Debug Keys are used.
1860 * TODO should we allow this if BR/EDR is already connected?
1861 */
1862 if (atomic_test_bit(smp->flags, SMP_FLAG_DERIVE_LK) &&
1863 (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) ||
1864 IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS))) {
1865 sc_derive_link_key(smp);
1866 }
1867 #endif /* CONFIG_BT_BREDR */
1868 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
1869
1870 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
1871 bt_keys_show_sniffer_info(conn->le.keys, NULL);
1872 }
1873
1874 if (bond_flag) {
1875 bt_keys_store(conn->le.keys);
1876 }
1877
1878 if (bt_auth && bt_auth->pairing_complete) {
1879 bt_auth->pairing_complete(conn, bond_flag);
1880 }
1881 } else {
1882 enum bt_security_err security_err = security_err_get(status);
1883
1884 /* Clear the key pool entry in case of pairing failure if the
1885 * keys already existed before the pairing procedure or the
1886 * pairing failed during key distribution.
1887 */
1888 if (conn->le.keys &&
1889 (!conn->le.keys->enc_size ||
1890 atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR))) {
1891 bt_keys_clear(conn->le.keys);
1892 conn->le.keys = NULL;
1893 }
1894
1895 if (!atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
1896 bt_conn_security_changed(conn,
1897 hci_err_get(security_err),
1898 security_err);
1899 }
1900
1901 /* Check SMP_FLAG_PAIRING as bt_conn_security_changed may
1902 * have called the pairing_failed callback already.
1903 */
1904 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) &&
1905 bt_auth && bt_auth->pairing_failed) {
1906 bt_auth->pairing_failed(conn, security_err);
1907 }
1908 }
1909
1910 smp_reset(smp);
1911
1912 if (conn->sec_level != conn->required_sec_level) {
1913 bt_smp_start_security(conn);
1914 }
1915 }
1916
smp_timeout(struct k_work * work)1917 static void smp_timeout(struct k_work *work)
1918 {
1919 struct bt_smp *smp = CONTAINER_OF(work, struct bt_smp, work);
1920
1921 BT_ERR("SMP Timeout");
1922
1923 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
1924
1925 /* smp_pairing_complete clears flags so setting timeout flag must come
1926 * after it.
1927 */
1928 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1929 }
1930
smp_send(struct bt_smp * smp,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)1931 static void smp_send(struct bt_smp *smp, struct net_buf *buf,
1932 bt_conn_tx_cb_t cb, void *user_data)
1933 {
1934 if (bt_l2cap_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf, cb, NULL)) {
1935 net_buf_unref(buf);
1936 return;
1937 }
1938
1939 k_work_reschedule(&smp->work, SMP_TIMEOUT);
1940 }
1941
smp_error(struct bt_smp * smp,uint8_t reason)1942 static int smp_error(struct bt_smp *smp, uint8_t reason)
1943 {
1944 struct bt_smp_pairing_fail *rsp;
1945 struct net_buf *buf;
1946
1947 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
1948 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
1949 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
1950 /* reset context and report */
1951 smp_pairing_complete(smp, reason);
1952 }
1953
1954 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1955 if (!buf) {
1956 return -ENOBUFS;
1957 }
1958
1959 rsp = net_buf_add(buf, sizeof(*rsp));
1960 rsp->reason = reason;
1961
1962 /* SMP timer is not restarted for PairingFailed so don't use smp_send */
1963 if (bt_l2cap_send(smp->chan.chan.conn, BT_L2CAP_CID_SMP, buf)) {
1964 net_buf_unref(buf);
1965 }
1966
1967 return 0;
1968 }
1969
smp_send_pairing_random(struct bt_smp * smp)1970 static uint8_t smp_send_pairing_random(struct bt_smp *smp)
1971 {
1972 struct bt_smp_pairing_random *req;
1973 struct net_buf *rsp_buf;
1974
1975 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
1976 if (!rsp_buf) {
1977 return BT_SMP_ERR_UNSPECIFIED;
1978 }
1979
1980 req = net_buf_add(rsp_buf, sizeof(*req));
1981 memcpy(req->val, smp->prnd, sizeof(req->val));
1982
1983 smp_send(smp, rsp_buf, NULL, NULL);
1984
1985 return 0;
1986 }
1987
1988 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
xor_128(const uint8_t p[16],const uint8_t q[16],uint8_t r[16])1989 static void xor_128(const uint8_t p[16], const uint8_t q[16], uint8_t r[16])
1990 {
1991 size_t len = 16;
1992
1993 while (len--) {
1994 *r++ = *p++ ^ *q++;
1995 }
1996 }
1997
smp_c1(const uint8_t k[16],const uint8_t r[16],const uint8_t preq[7],const uint8_t pres[7],const bt_addr_le_t * ia,const bt_addr_le_t * ra,uint8_t enc_data[16])1998 static int smp_c1(const uint8_t k[16], const uint8_t r[16],
1999 const uint8_t preq[7], const uint8_t pres[7],
2000 const bt_addr_le_t *ia, const bt_addr_le_t *ra,
2001 uint8_t enc_data[16])
2002 {
2003 uint8_t p1[16], p2[16];
2004 int err;
2005
2006 BT_DBG("k %s", bt_hex(k, 16));
2007 BT_DBG("r %s", bt_hex(r, 16));
2008 BT_DBG("ia %s", bt_addr_le_str(ia));
2009 BT_DBG("ra %s", bt_addr_le_str(ra));
2010 BT_DBG("preq %s", bt_hex(preq, 7));
2011 BT_DBG("pres %s", bt_hex(pres, 7));
2012
2013 /* pres, preq, rat and iat are concatenated to generate p1 */
2014 p1[0] = ia->type;
2015 p1[1] = ra->type;
2016 memcpy(p1 + 2, preq, 7);
2017 memcpy(p1 + 9, pres, 7);
2018
2019 BT_DBG("p1 %s", bt_hex(p1, 16));
2020
2021 /* c1 = e(k, e(k, r XOR p1) XOR p2) */
2022
2023 /* Using enc_data as temporary output buffer */
2024 xor_128(r, p1, enc_data);
2025
2026 err = bt_encrypt_le(k, enc_data, enc_data);
2027 if (err) {
2028 return err;
2029 }
2030
2031 /* ra is concatenated with ia and padding to generate p2 */
2032 memcpy(p2, ra->a.val, 6);
2033 memcpy(p2 + 6, ia->a.val, 6);
2034 (void)memset(p2 + 12, 0, 4);
2035
2036 BT_DBG("p2 %s", bt_hex(p2, 16));
2037
2038 xor_128(enc_data, p2, enc_data);
2039
2040 return bt_encrypt_le(k, enc_data, enc_data);
2041 }
2042 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2043
smp_send_pairing_confirm(struct bt_smp * smp)2044 static uint8_t smp_send_pairing_confirm(struct bt_smp *smp)
2045 {
2046 struct bt_smp_pairing_confirm *req;
2047 struct net_buf *buf;
2048 uint8_t r;
2049
2050 switch (smp->method) {
2051 case PASSKEY_CONFIRM:
2052 case JUST_WORKS:
2053 r = 0U;
2054 break;
2055 case PASSKEY_DISPLAY:
2056 case PASSKEY_INPUT:
2057 /*
2058 * In the Passkey Entry protocol, the most significant
2059 * bit of Z is set equal to one and the least
2060 * significant bit is made up from one bit of the
2061 * passkey e.g. if the passkey bit is 1, then Z = 0x81
2062 * and if the passkey bit is 0, then Z = 0x80.
2063 */
2064 r = (smp->passkey >> smp->passkey_round) & 0x01;
2065 r |= 0x80;
2066 break;
2067 default:
2068 BT_ERR("Unknown pairing method (%u)", smp->method);
2069 return BT_SMP_ERR_UNSPECIFIED;
2070 }
2071
2072 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2073 if (!buf) {
2074 return BT_SMP_ERR_UNSPECIFIED;
2075 }
2076
2077 req = net_buf_add(buf, sizeof(*req));
2078
2079 if (smp_f4(sc_public_key, smp->pkey, smp->prnd, r, req->val)) {
2080 net_buf_unref(buf);
2081 return BT_SMP_ERR_UNSPECIFIED;
2082 }
2083
2084 smp_send(smp, buf, NULL, NULL);
2085
2086 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2087
2088 return 0;
2089 }
2090
2091 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_ident_sent(struct bt_conn * conn,void * user_data)2092 static void smp_ident_sent(struct bt_conn *conn, void *user_data)
2093 {
2094 smp_check_complete(conn, BT_SMP_DIST_ENC_KEY);
2095 }
2096
legacy_distribute_keys(struct bt_smp * smp)2097 static void legacy_distribute_keys(struct bt_smp *smp)
2098 {
2099 struct bt_conn *conn = smp->chan.chan.conn;
2100 struct bt_keys *keys = conn->le.keys;
2101
2102 if (smp->local_dist & BT_SMP_DIST_ENC_KEY) {
2103 struct bt_smp_encrypt_info *info;
2104 struct bt_smp_central_ident *ident;
2105 struct net_buf *buf;
2106 /* Use struct to get randomness in single call to bt_rand */
2107 struct {
2108 uint8_t key[16];
2109 uint8_t rand[8];
2110 uint8_t ediv[2];
2111 } rand;
2112
2113 if (bt_rand((void *)&rand, sizeof(rand))) {
2114 BT_ERR("Unable to get random bytes");
2115 return;
2116 }
2117
2118 buf = smp_create_pdu(smp, BT_SMP_CMD_ENCRYPT_INFO,
2119 sizeof(*info));
2120 if (!buf) {
2121 BT_ERR("Unable to allocate Encrypt Info buffer");
2122 return;
2123 }
2124
2125 info = net_buf_add(buf, sizeof(*info));
2126
2127 /* distributed only enc_size bytes of key */
2128 memcpy(info->ltk, rand.key, keys->enc_size);
2129 if (keys->enc_size < sizeof(info->ltk)) {
2130 (void)memset(info->ltk + keys->enc_size, 0,
2131 sizeof(info->ltk) - keys->enc_size);
2132 }
2133
2134 smp_send(smp, buf, NULL, NULL);
2135
2136 buf = smp_create_pdu(smp, BT_SMP_CMD_CENTRAL_IDENT,
2137 sizeof(*ident));
2138 if (!buf) {
2139 BT_ERR("Unable to allocate Central Ident buffer");
2140 return;
2141 }
2142
2143 ident = net_buf_add(buf, sizeof(*ident));
2144 memcpy(ident->rand, rand.rand, sizeof(ident->rand));
2145 memcpy(ident->ediv, rand.ediv, sizeof(ident->ediv));
2146
2147 smp_send(smp, buf, smp_ident_sent, NULL);
2148
2149 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2150 bt_keys_add_type(keys, BT_KEYS_PERIPH_LTK);
2151
2152 memcpy(keys->periph_ltk.val, rand.key,
2153 sizeof(keys->periph_ltk.val));
2154 memcpy(keys->periph_ltk.rand, rand.rand,
2155 sizeof(keys->periph_ltk.rand));
2156 memcpy(keys->periph_ltk.ediv, rand.ediv,
2157 sizeof(keys->periph_ltk.ediv));
2158 }
2159 }
2160 }
2161 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2162
bt_smp_distribute_keys(struct bt_smp * smp)2163 static uint8_t bt_smp_distribute_keys(struct bt_smp *smp)
2164 {
2165 struct bt_conn *conn = smp->chan.chan.conn;
2166 struct bt_keys *keys = conn->le.keys;
2167
2168 if (!keys) {
2169 BT_ERR("No keys space for %s", bt_addr_le_str(&conn->le.dst));
2170 return BT_SMP_ERR_UNSPECIFIED;
2171 }
2172
2173 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2174 /* Distribute legacy pairing specific keys */
2175 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2176 legacy_distribute_keys(smp);
2177 }
2178 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2179
2180 #if defined(CONFIG_BT_PRIVACY)
2181 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
2182 struct bt_smp_ident_info *id_info;
2183 struct bt_smp_ident_addr_info *id_addr_info;
2184 struct net_buf *buf;
2185
2186 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
2187 sizeof(*id_info));
2188 if (!buf) {
2189 BT_ERR("Unable to allocate Ident Info buffer");
2190 return BT_SMP_ERR_UNSPECIFIED;
2191 }
2192
2193 id_info = net_buf_add(buf, sizeof(*id_info));
2194 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
2195
2196 smp_send(smp, buf, NULL, NULL);
2197
2198 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
2199 sizeof(*id_addr_info));
2200 if (!buf) {
2201 BT_ERR("Unable to allocate Ident Addr Info buffer");
2202 return BT_SMP_ERR_UNSPECIFIED;
2203 }
2204
2205 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
2206 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
2207
2208 smp_send(smp, buf, smp_id_sent, NULL);
2209 }
2210 #endif /* CONFIG_BT_PRIVACY */
2211
2212 #if defined(CONFIG_BT_SIGNING)
2213 if (smp->local_dist & BT_SMP_DIST_SIGN) {
2214 struct bt_smp_signing_info *info;
2215 struct net_buf *buf;
2216
2217 buf = smp_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
2218 sizeof(*info));
2219 if (!buf) {
2220 BT_ERR("Unable to allocate Signing Info buffer");
2221 return BT_SMP_ERR_UNSPECIFIED;
2222 }
2223
2224 info = net_buf_add(buf, sizeof(*info));
2225
2226 if (bt_rand(info->csrk, sizeof(info->csrk))) {
2227 return BT_SMP_ERR_UNSPECIFIED;
2228 }
2229
2230 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2231 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
2232 memcpy(keys->local_csrk.val, info->csrk, 16);
2233 keys->local_csrk.cnt = 0U;
2234 }
2235
2236 smp_send(smp, buf, smp_sign_info_sent, NULL);
2237 }
2238 #endif /* CONFIG_BT_SIGNING */
2239
2240 return 0;
2241 }
2242
2243 #if defined(CONFIG_BT_PERIPHERAL)
send_pairing_rsp(struct bt_smp * smp)2244 static uint8_t send_pairing_rsp(struct bt_smp *smp)
2245 {
2246 struct bt_smp_pairing *rsp;
2247 struct net_buf *rsp_buf;
2248
2249 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
2250 if (!rsp_buf) {
2251 return BT_SMP_ERR_UNSPECIFIED;
2252 }
2253
2254 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
2255 memcpy(rsp, smp->prsp + 1, sizeof(*rsp));
2256
2257 smp_send(smp, rsp_buf, NULL, NULL);
2258
2259 return 0;
2260 }
2261 #endif /* CONFIG_BT_PERIPHERAL */
2262
smp_pairing_accept_query(struct bt_conn * conn,struct bt_smp_pairing * pairing)2263 static uint8_t smp_pairing_accept_query(struct bt_conn *conn,
2264 struct bt_smp_pairing *pairing)
2265 {
2266 #if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
2267 if (bt_auth && bt_auth->pairing_accept) {
2268 const struct bt_conn_pairing_feat feat = {
2269 .io_capability = pairing->io_capability,
2270 .oob_data_flag = pairing->oob_flag,
2271 .auth_req = pairing->auth_req,
2272 .max_enc_key_size = pairing->max_key_size,
2273 .init_key_dist = pairing->init_key_dist,
2274 .resp_key_dist = pairing->resp_key_dist
2275 };
2276
2277 return smp_err_get(bt_auth->pairing_accept(conn, &feat));
2278 }
2279 #endif /* CONFIG_BT_SMP_APP_PAIRING_ACCEPT */
2280 return 0;
2281 }
2282
2283 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_s1(const uint8_t k[16],const uint8_t r1[16],const uint8_t r2[16],uint8_t out[16])2284 static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
2285 const uint8_t r2[16], uint8_t out[16])
2286 {
2287 /* The most significant 64-bits of r1 are discarded to generate
2288 * r1' and the most significant 64-bits of r2 are discarded to
2289 * generate r2'.
2290 * r1' is concatenated with r2' to generate r' which is used as
2291 * the 128-bit input parameter plaintextData to security function e:
2292 *
2293 * r' = r1' || r2'
2294 */
2295 memcpy(out, r2, 8);
2296 memcpy(out + 8, r1, 8);
2297
2298 /* s1(k, r1 , r2) = e(k, r') */
2299 return bt_encrypt_le(k, out, out);
2300 }
2301
legacy_get_pair_method(struct bt_smp * smp,uint8_t remote_io)2302 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io)
2303 {
2304 struct bt_smp_pairing *req, *rsp;
2305 uint8_t method;
2306
2307 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
2308 return JUST_WORKS;
2309 }
2310
2311 req = (struct bt_smp_pairing *)&smp->preq[1];
2312 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2313
2314 /* if both sides have OOB data use OOB */
2315 if ((req->oob_flag & rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
2316 return LEGACY_OOB;
2317 }
2318
2319 /* if none side requires MITM use JustWorks */
2320 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
2321 return JUST_WORKS;
2322 }
2323
2324 method = gen_method_legacy[remote_io][get_io_capa()];
2325
2326 /* if both sides have KeyboardDisplay capabilities, initiator displays
2327 * and responder inputs
2328 */
2329 if (method == PASSKEY_ROLE) {
2330 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2331 method = PASSKEY_DISPLAY;
2332 } else {
2333 method = PASSKEY_INPUT;
2334 }
2335 }
2336
2337 return method;
2338 }
2339
legacy_request_tk(struct bt_smp * smp)2340 static uint8_t legacy_request_tk(struct bt_smp *smp)
2341 {
2342 struct bt_conn *conn = smp->chan.chan.conn;
2343 struct bt_keys *keys;
2344 uint32_t passkey;
2345
2346 /*
2347 * Fail if we have keys that are stronger than keys that will be
2348 * distributed in new pairing. This is to avoid replacing authenticated
2349 * keys with unauthenticated ones.
2350 */
2351 keys = bt_keys_find_addr(conn->id, &conn->le.dst);
2352 if (keys && (keys->flags & BT_KEYS_AUTHENTICATED) &&
2353 smp->method == JUST_WORKS) {
2354 BT_ERR("JustWorks failed, authenticated keys present");
2355 return BT_SMP_ERR_UNSPECIFIED;
2356 }
2357
2358 switch (smp->method) {
2359 case LEGACY_OOB:
2360 if (bt_auth && bt_auth->oob_data_request) {
2361 struct bt_conn_oob_info info = {
2362 .type = BT_CONN_OOB_LE_LEGACY,
2363 };
2364
2365 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2366 bt_auth->oob_data_request(smp->chan.chan.conn, &info);
2367 } else {
2368 return BT_SMP_ERR_OOB_NOT_AVAIL;
2369 }
2370
2371 break;
2372 case PASSKEY_DISPLAY:
2373 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
2374 fixed_passkey != BT_PASSKEY_INVALID) {
2375 passkey = fixed_passkey;
2376 } else {
2377 if (bt_rand(&passkey, sizeof(passkey))) {
2378 return BT_SMP_ERR_UNSPECIFIED;
2379 }
2380
2381 passkey %= 1000000;
2382 }
2383
2384 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
2385 BT_INFO("Legacy passkey %u", passkey);
2386 }
2387
2388 if (bt_auth && bt_auth->passkey_display) {
2389 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
2390 bt_auth->passkey_display(conn, passkey);
2391 }
2392
2393 sys_put_le32(passkey, smp->tk);
2394
2395 break;
2396 case PASSKEY_INPUT:
2397 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2398 bt_auth->passkey_entry(conn);
2399 break;
2400 case JUST_WORKS:
2401 break;
2402 default:
2403 BT_ERR("Unknown pairing method (%u)", smp->method);
2404 return BT_SMP_ERR_UNSPECIFIED;
2405 }
2406
2407 return 0;
2408 }
2409
legacy_send_pairing_confirm(struct bt_smp * smp)2410 static uint8_t legacy_send_pairing_confirm(struct bt_smp *smp)
2411 {
2412 struct bt_conn *conn = smp->chan.chan.conn;
2413 struct bt_smp_pairing_confirm *req;
2414 struct net_buf *buf;
2415
2416 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2417 if (!buf) {
2418 return BT_SMP_ERR_UNSPECIFIED;
2419 }
2420
2421 req = net_buf_add(buf, sizeof(*req));
2422
2423 if (smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
2424 &conn->le.init_addr, &conn->le.resp_addr, req->val)) {
2425 net_buf_unref(buf);
2426 return BT_SMP_ERR_UNSPECIFIED;
2427 }
2428
2429 smp_send(smp, buf, NULL, NULL);
2430
2431 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2432
2433 return 0;
2434 }
2435
2436 #if defined(CONFIG_BT_PERIPHERAL)
legacy_pairing_req(struct bt_smp * smp)2437 static uint8_t legacy_pairing_req(struct bt_smp *smp)
2438 {
2439 uint8_t ret;
2440
2441 BT_DBG("");
2442
2443 ret = legacy_request_tk(smp);
2444 if (ret) {
2445 return ret;
2446 }
2447
2448 /* ask for consent if pairing is not due to sending SecReq*/
2449 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2450 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2451 bt_auth && bt_auth->pairing_confirm) {
2452 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2453 bt_auth->pairing_confirm(smp->chan.chan.conn);
2454 return 0;
2455 }
2456
2457 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2458 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2459 return send_pairing_rsp(smp);
2460 }
2461 #endif /* CONFIG_BT_PERIPHERAL */
2462
legacy_pairing_random(struct bt_smp * smp)2463 static uint8_t legacy_pairing_random(struct bt_smp *smp)
2464 {
2465 struct bt_conn *conn = smp->chan.chan.conn;
2466 uint8_t tmp[16];
2467 int err;
2468
2469 BT_DBG("");
2470
2471 /* calculate confirmation */
2472 err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
2473 &conn->le.init_addr, &conn->le.resp_addr, tmp);
2474 if (err) {
2475 return BT_SMP_ERR_UNSPECIFIED;
2476 }
2477
2478 BT_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
2479 BT_DBG("cfm %s", bt_hex(tmp, 16));
2480
2481 if (memcmp(smp->pcnf, tmp, sizeof(smp->pcnf))) {
2482 return BT_SMP_ERR_CONFIRM_FAILED;
2483 }
2484
2485 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2486 conn->role == BT_HCI_ROLE_CENTRAL) {
2487 uint8_t ediv[2], rand[8];
2488
2489 /* No need to store central STK */
2490 err = smp_s1(smp->tk, smp->rrnd, smp->prnd, tmp);
2491 if (err) {
2492 return BT_SMP_ERR_UNSPECIFIED;
2493 }
2494
2495 /* Rand and EDiv are 0 for the STK */
2496 (void)memset(ediv, 0, sizeof(ediv));
2497 (void)memset(rand, 0, sizeof(rand));
2498 if (bt_conn_le_start_encryption(conn, rand, ediv, tmp,
2499 get_encryption_key_size(smp))) {
2500 BT_ERR("Failed to start encryption");
2501 return BT_SMP_ERR_UNSPECIFIED;
2502 }
2503
2504 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2505
2506 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
2507 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
2508 atomic_set_bit(smp->allowed_cmds,
2509 BT_SMP_CMD_ENCRYPT_INFO);
2510 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2511 atomic_set_bit(smp->allowed_cmds,
2512 BT_SMP_CMD_IDENT_INFO);
2513 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2514 atomic_set_bit(smp->allowed_cmds,
2515 BT_SMP_CMD_SIGNING_INFO);
2516 }
2517 }
2518
2519 return 0;
2520 }
2521
2522 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2523 err = smp_s1(smp->tk, smp->prnd, smp->rrnd, tmp);
2524 if (err) {
2525 BT_ERR("Calculate STK failed");
2526 return BT_SMP_ERR_UNSPECIFIED;
2527 }
2528
2529 memcpy(smp->tk, tmp, sizeof(smp->tk));
2530 BT_DBG("generated STK %s", bt_hex(smp->tk, 16));
2531
2532 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2533
2534 return smp_send_pairing_random(smp);
2535 }
2536
2537 return 0;
2538 }
2539
legacy_pairing_confirm(struct bt_smp * smp)2540 static uint8_t legacy_pairing_confirm(struct bt_smp *smp)
2541 {
2542 BT_DBG("");
2543
2544 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2545 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2546 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2547 return legacy_send_pairing_confirm(smp);
2548 }
2549
2550 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2551 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2552 atomic_set_bit(smp->allowed_cmds,
2553 BT_SMP_CMD_PAIRING_RANDOM);
2554 return legacy_send_pairing_confirm(smp);
2555 }
2556
2557 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2558 }
2559
2560 return 0;
2561 }
2562
legacy_user_tk_entry(struct bt_smp * smp)2563 static void legacy_user_tk_entry(struct bt_smp *smp)
2564 {
2565 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
2566 return;
2567 }
2568
2569 /* if confirm failed ie. due to invalid passkey, cancel pairing */
2570 if (legacy_pairing_confirm(smp)) {
2571 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
2572 return;
2573 }
2574
2575 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2576 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2577 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2578 return;
2579 }
2580
2581 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2582 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
2583 }
2584 }
2585
legacy_passkey_entry(struct bt_smp * smp,unsigned int passkey)2586 static void legacy_passkey_entry(struct bt_smp *smp, unsigned int passkey)
2587 {
2588 passkey = sys_cpu_to_le32(passkey);
2589 memcpy(smp->tk, &passkey, sizeof(passkey));
2590
2591 legacy_user_tk_entry(smp);
2592 }
2593
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2594 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2595 {
2596 BT_DBG("");
2597
2598 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2599 struct bt_smp_encrypt_info *req = (void *)buf->data;
2600 struct bt_conn *conn = smp->chan.chan.conn;
2601 struct bt_keys *keys;
2602
2603 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2604 if (!keys) {
2605 BT_ERR("Unable to get keys for %s",
2606 bt_addr_le_str(&conn->le.dst));
2607 return BT_SMP_ERR_UNSPECIFIED;
2608 }
2609
2610 memcpy(keys->ltk.val, req->ltk, 16);
2611 }
2612
2613 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_CENTRAL_IDENT);
2614
2615 return 0;
2616 }
2617
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2618 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2619 {
2620 struct bt_conn *conn = smp->chan.chan.conn;
2621 uint8_t err;
2622
2623 BT_DBG("");
2624
2625 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2626 struct bt_smp_central_ident *req = (void *)buf->data;
2627 struct bt_keys *keys;
2628
2629 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2630 if (!keys) {
2631 BT_ERR("Unable to get keys for %s",
2632 bt_addr_le_str(&conn->le.dst));
2633 return BT_SMP_ERR_UNSPECIFIED;
2634 }
2635
2636 memcpy(keys->ltk.ediv, req->ediv, sizeof(keys->ltk.ediv));
2637 memcpy(keys->ltk.rand, req->rand, sizeof(req->rand));
2638 }
2639
2640 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
2641
2642 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2643 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
2644 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2645 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
2646 }
2647
2648 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2649 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
2650 err = bt_smp_distribute_keys(smp);
2651 if (err) {
2652 return err;
2653 }
2654 }
2655
2656 /* if all keys were distributed, pairing is done */
2657 if (!smp->local_dist && !smp->remote_dist) {
2658 smp_pairing_complete(smp, 0);
2659 }
2660
2661 return 0;
2662 }
2663
2664 #if defined(CONFIG_BT_CENTRAL)
legacy_pairing_rsp(struct bt_smp * smp)2665 static uint8_t legacy_pairing_rsp(struct bt_smp *smp)
2666 {
2667 uint8_t ret;
2668
2669 BT_DBG("");
2670
2671 ret = legacy_request_tk(smp);
2672 if (ret) {
2673 return ret;
2674 }
2675
2676 /* ask for consent if this is due to received SecReq */
2677 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2678 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2679 bt_auth && bt_auth->pairing_confirm) {
2680 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2681 bt_auth->pairing_confirm(smp->chan.chan.conn);
2682 return 0;
2683 }
2684
2685 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2686 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2687 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2688 return legacy_send_pairing_confirm(smp);
2689 }
2690
2691 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2692
2693 return 0;
2694 }
2695 #endif /* CONFIG_BT_CENTRAL */
2696 #else
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2697 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2698 {
2699 return BT_SMP_ERR_CMD_NOTSUPP;
2700 }
2701
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2702 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2703 {
2704 return BT_SMP_ERR_CMD_NOTSUPP;
2705 }
2706 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2707
smp_init(struct bt_smp * smp)2708 static int smp_init(struct bt_smp *smp)
2709 {
2710 /* Initialize SMP context exluding L2CAP channel context and anything
2711 * else declared after.
2712 */
2713 (void)memset(smp, 0, offsetof(struct bt_smp, chan));
2714
2715 /* Generate local random number */
2716 if (bt_rand(smp->prnd, 16)) {
2717 return BT_SMP_ERR_UNSPECIFIED;
2718 }
2719
2720 BT_DBG("prnd %s", bt_hex(smp->prnd, 16));
2721
2722 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
2723
2724 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
2725 sc_public_key = bt_pub_key_get();
2726 #endif
2727
2728 return 0;
2729 }
2730
bt_set_bondable(bool enable)2731 void bt_set_bondable(bool enable)
2732 {
2733 bondable = enable;
2734 }
2735
bt_set_oob_data_flag(bool enable)2736 void bt_set_oob_data_flag(bool enable)
2737 {
2738 oobd_present = enable;
2739 }
2740
get_auth(struct bt_conn * conn,uint8_t auth)2741 static uint8_t get_auth(struct bt_conn *conn, uint8_t auth)
2742 {
2743 if (sc_supported) {
2744 auth &= BT_SMP_AUTH_MASK_SC;
2745 } else {
2746 auth &= BT_SMP_AUTH_MASK;
2747 }
2748
2749 if ((get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) ||
2750 (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
2751 (conn->required_sec_level < BT_SECURITY_L3))) {
2752 auth &= ~(BT_SMP_AUTH_MITM);
2753 } else {
2754 auth |= BT_SMP_AUTH_MITM;
2755 }
2756
2757 if (bondable) {
2758 auth |= BT_SMP_AUTH_BONDING;
2759 } else {
2760 auth &= ~BT_SMP_AUTH_BONDING;
2761 }
2762
2763 return auth;
2764 }
2765
remote_sec_level_reachable(struct bt_smp * smp)2766 static uint8_t remote_sec_level_reachable(struct bt_smp *smp)
2767 {
2768 bt_security_t sec = smp->chan.chan.conn->required_sec_level;
2769
2770 if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY)) {
2771 sec = BT_SECURITY_L4;
2772 }
2773 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
2774 sec = BT_SECURITY_L3;
2775 }
2776
2777 switch (sec) {
2778 case BT_SECURITY_L1:
2779 case BT_SECURITY_L2:
2780 return 0;
2781
2782 case BT_SECURITY_L4:
2783 if (get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) {
2784 return BT_SMP_ERR_ENC_KEY_SIZE;
2785 }
2786
2787 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2788 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2789 }
2790 __fallthrough;
2791 case BT_SECURITY_L3:
2792 if (smp->method == JUST_WORKS) {
2793 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2794 }
2795
2796 return 0;
2797 default:
2798 return BT_SMP_ERR_UNSPECIFIED;
2799 }
2800 }
2801
sec_level_reachable(struct bt_conn * conn)2802 static bool sec_level_reachable(struct bt_conn *conn)
2803 {
2804 switch (conn->required_sec_level) {
2805 case BT_SECURITY_L1:
2806 case BT_SECURITY_L2:
2807 return true;
2808 case BT_SECURITY_L3:
2809 return get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT ||
2810 (bt_auth && bt_auth->oob_data_request);
2811 case BT_SECURITY_L4:
2812 return (get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT ||
2813 (bt_auth && bt_auth->oob_data_request)) && sc_supported;
2814 default:
2815 return false;
2816 }
2817 }
2818
smp_chan_get(struct bt_conn * conn)2819 static struct bt_smp *smp_chan_get(struct bt_conn *conn)
2820 {
2821 struct bt_l2cap_chan *chan;
2822
2823 chan = bt_l2cap_le_lookup_rx_cid(conn, BT_L2CAP_CID_SMP);
2824 if (!chan) {
2825 BT_ERR("Unable to find SMP channel");
2826 return NULL;
2827 }
2828
2829 return CONTAINER_OF(chan, struct bt_smp, chan);
2830 }
2831
bt_smp_request_ltk(struct bt_conn * conn,uint64_t rand,uint16_t ediv,uint8_t * ltk)2832 bool bt_smp_request_ltk(struct bt_conn *conn, uint64_t rand, uint16_t ediv, uint8_t *ltk)
2833 {
2834 struct bt_smp *smp;
2835 uint8_t enc_size;
2836
2837 smp = smp_chan_get(conn);
2838 if (!smp) {
2839 return false;
2840 }
2841
2842 /*
2843 * Both legacy STK and LE SC LTK have rand and ediv equal to zero.
2844 * If pairing is in progress use the TK for encryption.
2845 */
2846 if (ediv == 0U && rand == 0U &&
2847 atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) &&
2848 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2849 enc_size = get_encryption_key_size(smp);
2850
2851 /*
2852 * We keep both legacy STK and LE SC LTK in TK.
2853 * Also use only enc_size bytes of key for encryption.
2854 */
2855 memcpy(ltk, smp->tk, enc_size);
2856 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2857 (void)memset(ltk + enc_size, 0,
2858 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2859 }
2860
2861 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2862 return true;
2863 }
2864
2865 if (!conn->le.keys) {
2866 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
2867 &conn->le.dst);
2868 if (!conn->le.keys) {
2869 conn->le.keys = bt_keys_find(BT_KEYS_PERIPH_LTK,
2870 conn->id, &conn->le.dst);
2871 }
2872 }
2873
2874 if (ediv == 0U && rand == 0U &&
2875 conn->le.keys && (conn->le.keys->keys & BT_KEYS_LTK_P256)) {
2876 enc_size = conn->le.keys->enc_size;
2877
2878 memcpy(ltk, conn->le.keys->ltk.val, enc_size);
2879 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2880 (void)memset(ltk + enc_size, 0,
2881 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2882 }
2883
2884 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2885 return true;
2886 }
2887
2888 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2889 if (conn->le.keys && (conn->le.keys->keys & BT_KEYS_PERIPH_LTK) &&
2890 !memcmp(conn->le.keys->periph_ltk.rand, &rand, 8) &&
2891 !memcmp(conn->le.keys->periph_ltk.ediv, &ediv, 2)) {
2892 enc_size = conn->le.keys->enc_size;
2893
2894 memcpy(ltk, conn->le.keys->periph_ltk.val, enc_size);
2895 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2896 (void)memset(ltk + enc_size, 0,
2897 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2898 }
2899
2900 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2901 return true;
2902 }
2903 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2904
2905 if (atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2906 /* Notify higher level that security failed if security was
2907 * initiated by peripheral.
2908 */
2909 bt_conn_security_changed(conn, BT_HCI_ERR_PIN_OR_KEY_MISSING,
2910 BT_SECURITY_ERR_PIN_OR_KEY_MISSING);
2911 }
2912
2913 smp_reset(smp);
2914 return false;
2915 }
2916
2917 #if defined(CONFIG_BT_PERIPHERAL)
smp_send_security_req(struct bt_conn * conn)2918 static int smp_send_security_req(struct bt_conn *conn)
2919 {
2920 struct bt_smp *smp;
2921 struct bt_smp_security_request *req;
2922 struct net_buf *req_buf;
2923 int err;
2924
2925 BT_DBG("");
2926 smp = smp_chan_get(conn);
2927 if (!smp) {
2928 return -ENOTCONN;
2929 }
2930
2931 /* SMP Timeout */
2932 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
2933 return -EIO;
2934 }
2935
2936 /* pairing is in progress */
2937 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
2938 return -EBUSY;
2939 }
2940
2941 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2942 return -EBUSY;
2943 }
2944
2945 /* early verify if required sec level if reachable */
2946 if (!(sec_level_reachable(conn) || smp_keys_check(conn))) {
2947 return -EINVAL;
2948 }
2949
2950 if (!conn->le.keys) {
2951 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2952 if (!conn->le.keys) {
2953 return -ENOMEM;
2954 }
2955 }
2956
2957 if (smp_init(smp) != 0) {
2958 return -ENOBUFS;
2959 }
2960
2961 req_buf = smp_create_pdu(smp, BT_SMP_CMD_SECURITY_REQUEST,
2962 sizeof(*req));
2963 if (!req_buf) {
2964 return -ENOBUFS;
2965 }
2966
2967 req = net_buf_add(req_buf, sizeof(*req));
2968 req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);
2969
2970 /* SMP timer is not restarted for SecRequest so don't use smp_send */
2971 err = bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
2972 if (err) {
2973 net_buf_unref(req_buf);
2974 return err;
2975 }
2976
2977 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
2978 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
2979
2980 return 0;
2981 }
2982
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)2983 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
2984 {
2985 struct bt_conn *conn = smp->chan.chan.conn;
2986 struct bt_smp_pairing *req = (void *)buf->data;
2987 struct bt_smp_pairing *rsp;
2988 uint8_t err;
2989
2990 BT_DBG("");
2991
2992 if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
2993 (req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
2994 return BT_SMP_ERR_ENC_KEY_SIZE;
2995 }
2996
2997 if (!conn->le.keys) {
2998 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2999 if (!conn->le.keys) {
3000 BT_DBG("Unable to get keys for %s",
3001 bt_addr_le_str(&conn->le.dst));
3002 return BT_SMP_ERR_UNSPECIFIED;
3003 }
3004 }
3005
3006 /* If we already sent a security request then the SMP context
3007 * is already initialized.
3008 */
3009 if (!atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
3010 int ret = smp_init(smp);
3011
3012 if (ret) {
3013 return ret;
3014 }
3015 }
3016
3017 /* Store req for later use */
3018 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3019 memcpy(smp->preq + 1, req, sizeof(*req));
3020
3021 /* create rsp, it will be used later on */
3022 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3023 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3024
3025 rsp->auth_req = get_auth(conn, req->auth_req);
3026 rsp->io_capability = get_io_capa();
3027 rsp->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
3028 BT_SMP_OOB_NOT_PRESENT;
3029 rsp->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3030 rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
3031 rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);
3032
3033 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3034 (req->auth_req & BT_SMP_AUTH_SC)) {
3035 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3036
3037 rsp->init_key_dist &= RECV_KEYS_SC;
3038 rsp->resp_key_dist &= SEND_KEYS_SC;
3039 }
3040
3041 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3042 (req->auth_req & BT_SMP_AUTH_CT2)) {
3043 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3044 }
3045
3046 smp->local_dist = rsp->resp_key_dist;
3047 smp->remote_dist = rsp->init_key_dist;
3048
3049 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3050 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3051 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3052 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3053 /* Reject pairing req if not both intend to bond */
3054 BT_DBG("Bonding required");
3055 return BT_SMP_ERR_UNSPECIFIED;
3056 }
3057
3058 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3059
3060 smp->method = get_pair_method(smp, req->io_capability);
3061
3062 if (!update_keys_check(smp, conn->le.keys)) {
3063 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3064 }
3065
3066 err = remote_sec_level_reachable(smp);
3067 if (err) {
3068 return err;
3069 }
3070
3071 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3072 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3073 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3074 #else
3075 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3076 err = smp_pairing_accept_query(conn, req);
3077 if (err) {
3078 return err;
3079 }
3080 }
3081
3082 return legacy_pairing_req(smp);
3083 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3084 }
3085
3086 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3087 err = smp_pairing_accept_query(conn, req);
3088 if (err) {
3089 return err;
3090 }
3091 }
3092
3093 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3094 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3095 bt_auth && bt_auth->pairing_confirm) {
3096 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3097 bt_auth->pairing_confirm(conn);
3098 return 0;
3099 }
3100
3101 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3102 return send_pairing_rsp(smp);
3103 }
3104 #else
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)3105 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
3106 {
3107 return BT_SMP_ERR_CMD_NOTSUPP;
3108 }
3109 #endif /* CONFIG_BT_PERIPHERAL */
3110
sc_send_public_key(struct bt_smp * smp)3111 static uint8_t sc_send_public_key(struct bt_smp *smp)
3112 {
3113 struct bt_smp_public_key *req;
3114 struct net_buf *req_buf;
3115
3116 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PUBLIC_KEY, sizeof(*req));
3117 if (!req_buf) {
3118 return BT_SMP_ERR_UNSPECIFIED;
3119 }
3120
3121 req = net_buf_add(req_buf, sizeof(*req));
3122
3123 memcpy(req->x, sc_public_key, sizeof(req->x));
3124 memcpy(req->y, &sc_public_key[32], sizeof(req->y));
3125
3126 smp_send(smp, req_buf, NULL, NULL);
3127
3128 if (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS)) {
3129 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
3130 }
3131
3132 return 0;
3133 }
3134
3135 #if defined(CONFIG_BT_CENTRAL)
smp_send_pairing_req(struct bt_conn * conn)3136 static int smp_send_pairing_req(struct bt_conn *conn)
3137 {
3138 struct bt_smp *smp;
3139 struct bt_smp_pairing *req;
3140 struct net_buf *req_buf;
3141
3142 BT_DBG("");
3143
3144 smp = smp_chan_get(conn);
3145 if (!smp) {
3146 return -ENOTCONN;
3147 }
3148
3149 /* SMP Timeout */
3150 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
3151 return -EIO;
3152 }
3153
3154 /* A higher security level is requested during the key distribution
3155 * phase, once pairing is complete a new pairing procedure will start.
3156 */
3157 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
3158 return 0;
3159 }
3160
3161 /* pairing is in progress */
3162 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
3163 return -EBUSY;
3164 }
3165
3166 /* Encryption is in progress */
3167 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
3168 return -EBUSY;
3169 }
3170
3171 /* early verify if required sec level if reachable */
3172 if (!sec_level_reachable(conn)) {
3173 return -EINVAL;
3174 }
3175
3176 if (!conn->le.keys) {
3177 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
3178 if (!conn->le.keys) {
3179 return -ENOMEM;
3180 }
3181 }
3182
3183 if (smp_init(smp)) {
3184 return -ENOBUFS;
3185 }
3186
3187 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
3188 if (!req_buf) {
3189 return -ENOBUFS;
3190 }
3191
3192 req = net_buf_add(req_buf, sizeof(*req));
3193
3194 req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);
3195 req->io_capability = get_io_capa();
3196 req->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
3197 BT_SMP_OOB_NOT_PRESENT;
3198 req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3199 req->init_key_dist = SEND_KEYS;
3200 req->resp_key_dist = RECV_KEYS;
3201
3202 smp->local_dist = SEND_KEYS;
3203 smp->remote_dist = RECV_KEYS;
3204
3205 /* Store req for later use */
3206 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3207 memcpy(smp->preq + 1, req, sizeof(*req));
3208
3209 smp_send(smp, req_buf, NULL, NULL);
3210
3211 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
3212 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3213 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3214
3215 return 0;
3216 }
3217
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3218 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3219 {
3220 struct bt_conn *conn = smp->chan.chan.conn;
3221 struct bt_smp_pairing *rsp = (void *)buf->data;
3222 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3223 uint8_t err;
3224
3225 BT_DBG("");
3226
3227 if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
3228 (rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
3229 return BT_SMP_ERR_ENC_KEY_SIZE;
3230 }
3231
3232 smp->local_dist &= rsp->init_key_dist;
3233 smp->remote_dist &= rsp->resp_key_dist;
3234
3235 /* Store rsp for later use */
3236 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3237 memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
3238
3239 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3240 (req->auth_req & BT_SMP_AUTH_SC)) {
3241 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3242 }
3243
3244 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3245 (req->auth_req & BT_SMP_AUTH_CT2)) {
3246 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3247 }
3248
3249 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3250 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3251 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3252 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3253 /* Reject pairing req if not both intend to bond */
3254 BT_DBG("Bonding required");
3255 return BT_SMP_ERR_UNSPECIFIED;
3256 }
3257
3258 smp->method = get_pair_method(smp, rsp->io_capability);
3259
3260 if (!update_keys_check(smp, conn->le.keys)) {
3261 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3262 }
3263
3264 err = remote_sec_level_reachable(smp);
3265 if (err) {
3266 return err;
3267 }
3268
3269 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3270 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3271 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3272 #else
3273 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3274 err = smp_pairing_accept_query(conn, rsp);
3275 if (err) {
3276 return err;
3277 }
3278 }
3279
3280 return legacy_pairing_rsp(smp);
3281 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3282 }
3283
3284 smp->local_dist &= SEND_KEYS_SC;
3285 smp->remote_dist &= RECV_KEYS_SC;
3286
3287 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3288 err = smp_pairing_accept_query(conn, rsp);
3289 if (err) {
3290 return err;
3291 }
3292 }
3293
3294 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3295 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3296 bt_auth && bt_auth->pairing_confirm) {
3297 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3298 bt_auth->pairing_confirm(conn);
3299 return 0;
3300 }
3301
3302 if (!sc_public_key) {
3303 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
3304 return 0;
3305 }
3306
3307 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3308 atomic_clear_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3309
3310 return sc_send_public_key(smp);
3311 }
3312 #else
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3313 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3314 {
3315 return BT_SMP_ERR_CMD_NOTSUPP;
3316 }
3317 #endif /* CONFIG_BT_CENTRAL */
3318
smp_pairing_confirm(struct bt_smp * smp,struct net_buf * buf)3319 static uint8_t smp_pairing_confirm(struct bt_smp *smp, struct net_buf *buf)
3320 {
3321 struct bt_smp_pairing_confirm *req = (void *)buf->data;
3322
3323 BT_DBG("");
3324
3325 atomic_clear_bit(smp->flags, SMP_FLAG_DISPLAY);
3326
3327 memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));
3328
3329 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3330 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3331 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3332 return smp_send_pairing_random(smp);
3333 }
3334
3335 if (!IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3336 return 0;
3337 }
3338
3339 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3340 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3341 return legacy_pairing_confirm(smp);
3342 }
3343 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3344
3345 switch (smp->method) {
3346 case PASSKEY_DISPLAY:
3347 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3348 return smp_send_pairing_confirm(smp);
3349 case PASSKEY_INPUT:
3350 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3351 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
3352 return 0;
3353 }
3354
3355 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3356 return smp_send_pairing_confirm(smp);
3357 case JUST_WORKS:
3358 case PASSKEY_CONFIRM:
3359 default:
3360 BT_ERR("Unknown pairing method (%u)", smp->method);
3361 return BT_SMP_ERR_UNSPECIFIED;
3362 }
3363 }
3364
sc_smp_send_dhkey_check(struct bt_smp * smp,const uint8_t * e)3365 static uint8_t sc_smp_send_dhkey_check(struct bt_smp *smp, const uint8_t *e)
3366 {
3367 struct bt_smp_dhkey_check *req;
3368 struct net_buf *buf;
3369
3370 BT_DBG("");
3371
3372 buf = smp_create_pdu(smp, BT_SMP_DHKEY_CHECK, sizeof(*req));
3373 if (!buf) {
3374 return BT_SMP_ERR_UNSPECIFIED;
3375 }
3376
3377 req = net_buf_add(buf, sizeof(*req));
3378 memcpy(req->e, e, sizeof(req->e));
3379
3380 smp_send(smp, buf, NULL, NULL);
3381
3382 return 0;
3383 }
3384
3385 #if defined(CONFIG_BT_CENTRAL)
compute_and_send_central_dhcheck(struct bt_smp * smp)3386 static uint8_t compute_and_send_central_dhcheck(struct bt_smp *smp)
3387 {
3388 uint8_t e[16], r[16];
3389
3390 (void)memset(r, 0, sizeof(r));
3391
3392 switch (smp->method) {
3393 case JUST_WORKS:
3394 case PASSKEY_CONFIRM:
3395 break;
3396 case PASSKEY_DISPLAY:
3397 case PASSKEY_INPUT:
3398 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3399 break;
3400 case LE_SC_OOB:
3401 if (smp->oobd_remote) {
3402 memcpy(r, smp->oobd_remote->r, sizeof(r));
3403 }
3404 break;
3405 default:
3406 BT_ERR("Unknown pairing method (%u)", smp->method);
3407 return BT_SMP_ERR_UNSPECIFIED;
3408 }
3409
3410 /* calculate LTK and mackey */
3411 if (smp_f5(smp->dhkey, smp->prnd, smp->rrnd,
3412 &smp->chan.chan.conn->le.init_addr,
3413 &smp->chan.chan.conn->le.resp_addr, smp->mackey,
3414 smp->tk)) {
3415 BT_ERR("Calculate LTK failed");
3416 return BT_SMP_ERR_UNSPECIFIED;
3417 }
3418 /* calculate local DHKey check */
3419 if (smp_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->preq[1],
3420 &smp->chan.chan.conn->le.init_addr,
3421 &smp->chan.chan.conn->le.resp_addr, e)) {
3422 BT_ERR("Calculate local DHKey check failed");
3423 return BT_SMP_ERR_UNSPECIFIED;
3424 }
3425
3426 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3427 return sc_smp_send_dhkey_check(smp, e);
3428 }
3429 #endif /* CONFIG_BT_CENTRAL */
3430
3431 #if defined(CONFIG_BT_PERIPHERAL)
compute_and_check_and_send_periph_dhcheck(struct bt_smp * smp)3432 static uint8_t compute_and_check_and_send_periph_dhcheck(struct bt_smp *smp)
3433 {
3434 uint8_t re[16], e[16], r[16];
3435 uint8_t err;
3436
3437 (void)memset(r, 0, sizeof(r));
3438
3439 switch (smp->method) {
3440 case JUST_WORKS:
3441 case PASSKEY_CONFIRM:
3442 break;
3443 case PASSKEY_DISPLAY:
3444 case PASSKEY_INPUT:
3445 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3446 break;
3447 case LE_SC_OOB:
3448 if (smp->oobd_remote) {
3449 memcpy(r, smp->oobd_remote->r, sizeof(r));
3450 }
3451 break;
3452 default:
3453 BT_ERR("Unknown pairing method (%u)", smp->method);
3454 return BT_SMP_ERR_UNSPECIFIED;
3455 }
3456
3457 /* calculate LTK and mackey */
3458 if (smp_f5(smp->dhkey, smp->rrnd, smp->prnd,
3459 &smp->chan.chan.conn->le.init_addr,
3460 &smp->chan.chan.conn->le.resp_addr, smp->mackey,
3461 smp->tk)) {
3462 BT_ERR("Calculate LTK failed");
3463 return BT_SMP_ERR_UNSPECIFIED;
3464 }
3465
3466 /* calculate local DHKey check */
3467 if (smp_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->prsp[1],
3468 &smp->chan.chan.conn->le.resp_addr,
3469 &smp->chan.chan.conn->le.init_addr, e)) {
3470 BT_ERR("Calculate local DHKey check failed");
3471 return BT_SMP_ERR_UNSPECIFIED;
3472 }
3473
3474 if (smp->method == LE_SC_OOB) {
3475 if (smp->oobd_local) {
3476 memcpy(r, smp->oobd_local->r, sizeof(r));
3477 } else {
3478 memset(r, 0, sizeof(r));
3479 }
3480 }
3481
3482 /* calculate remote DHKey check */
3483 if (smp_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->preq[1],
3484 &smp->chan.chan.conn->le.init_addr,
3485 &smp->chan.chan.conn->le.resp_addr, re)) {
3486 BT_ERR("Calculate remote DHKey check failed");
3487 return BT_SMP_ERR_UNSPECIFIED;
3488 }
3489
3490 /* compare received E with calculated remote */
3491 if (memcmp(smp->e, re, 16)) {
3492 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3493 }
3494
3495 /* send local e */
3496 err = sc_smp_send_dhkey_check(smp, e);
3497 if (err) {
3498 return err;
3499 }
3500
3501 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
3502 return 0;
3503 }
3504 #endif /* CONFIG_BT_PERIPHERAL */
3505
3506 static void bt_smp_dhkey_ready(const uint8_t *dhkey);
smp_dhkey_generate(struct bt_smp * smp)3507 static uint8_t smp_dhkey_generate(struct bt_smp *smp)
3508 {
3509 int err;
3510
3511 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3512 err = bt_dh_key_gen(smp->pkey, bt_smp_dhkey_ready);
3513 if (err) {
3514 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3515
3516 BT_ERR("Failed to generate DHKey");
3517 return BT_SMP_ERR_UNSPECIFIED;
3518 }
3519
3520 return 0;
3521 }
3522
smp_dhkey_ready(struct bt_smp * smp,const uint8_t * dhkey)3523 static uint8_t smp_dhkey_ready(struct bt_smp *smp, const uint8_t *dhkey)
3524 {
3525 if (!dhkey) {
3526 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3527 }
3528
3529 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
3530 memcpy(smp->dhkey, dhkey, BT_DH_KEY_LEN);
3531
3532 /* wait for user passkey confirmation */
3533 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3534 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3535 return 0;
3536 }
3537
3538 /* wait for remote DHKey Check */
3539 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
3540 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3541 return 0;
3542 }
3543
3544 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
3545 #if defined(CONFIG_BT_CENTRAL)
3546 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3547 return compute_and_send_central_dhcheck(smp);
3548 }
3549
3550 #endif /* CONFIG_BT_CENTRAL */
3551
3552 #if defined(CONFIG_BT_PERIPHERAL)
3553 return compute_and_check_and_send_periph_dhcheck(smp);
3554 #endif /* CONFIG_BT_PERIPHERAL */
3555 }
3556
3557 return 0;
3558 }
3559
smp_find(int flag)3560 static struct bt_smp *smp_find(int flag)
3561 {
3562 for (int i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
3563 if (atomic_test_bit(bt_smp_pool[i].flags, flag)) {
3564 return &bt_smp_pool[i];
3565 }
3566 }
3567
3568 return NULL;
3569 }
3570
bt_smp_dhkey_ready(const uint8_t * dhkey)3571 static void bt_smp_dhkey_ready(const uint8_t *dhkey)
3572 {
3573 BT_DBG("%p", dhkey);
3574 int err;
3575
3576 struct bt_smp *smp = smp_find(SMP_FLAG_DHKEY_GEN);
3577 if (smp) {
3578 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3579 err = smp_dhkey_ready(smp, dhkey);
3580 if (err) {
3581 smp_error(smp, err);
3582 }
3583 }
3584
3585 err = 0;
3586 do {
3587 smp = smp_find(SMP_FLAG_DHKEY_PENDING);
3588 if (smp) {
3589 err = smp_dhkey_generate(smp);
3590 if (err) {
3591 smp_error(smp, err);
3592 }
3593 }
3594 } while (smp && err);
3595 }
3596
sc_smp_check_confirm(struct bt_smp * smp)3597 static uint8_t sc_smp_check_confirm(struct bt_smp *smp)
3598 {
3599 uint8_t cfm[16];
3600 uint8_t r;
3601
3602 switch (smp->method) {
3603 case LE_SC_OOB:
3604 return 0;
3605 case PASSKEY_CONFIRM:
3606 case JUST_WORKS:
3607 r = 0U;
3608 break;
3609 case PASSKEY_DISPLAY:
3610 case PASSKEY_INPUT:
3611 /*
3612 * In the Passkey Entry protocol, the most significant
3613 * bit of Z is set equal to one and the least
3614 * significant bit is made up from one bit of the
3615 * passkey e.g. if the passkey bit is 1, then Z = 0x81
3616 * and if the passkey bit is 0, then Z = 0x80.
3617 */
3618 r = (smp->passkey >> smp->passkey_round) & 0x01;
3619 r |= 0x80;
3620 break;
3621 default:
3622 BT_ERR("Unknown pairing method (%u)", smp->method);
3623 return BT_SMP_ERR_UNSPECIFIED;
3624 }
3625
3626 if (smp_f4(smp->pkey, sc_public_key, smp->rrnd, r, cfm)) {
3627 BT_ERR("Calculate confirm failed");
3628 return BT_SMP_ERR_UNSPECIFIED;
3629 }
3630
3631 BT_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
3632 BT_DBG("cfm %s", bt_hex(cfm, 16));
3633
3634 if (memcmp(smp->pcnf, cfm, 16)) {
3635 return BT_SMP_ERR_CONFIRM_FAILED;
3636 }
3637
3638 return 0;
3639 }
3640
le_sc_oob_data_req_check(struct bt_smp * smp)3641 static bool le_sc_oob_data_req_check(struct bt_smp *smp)
3642 {
3643 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3644
3645 return ((req->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3646 }
3647
le_sc_oob_data_rsp_check(struct bt_smp * smp)3648 static bool le_sc_oob_data_rsp_check(struct bt_smp *smp)
3649 {
3650 struct bt_smp_pairing *rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3651
3652 return ((rsp->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3653 }
3654
le_sc_oob_config_set(struct bt_smp * smp,struct bt_conn_oob_info * info)3655 static void le_sc_oob_config_set(struct bt_smp *smp,
3656 struct bt_conn_oob_info *info)
3657 {
3658 bool req_oob_present = le_sc_oob_data_req_check(smp);
3659 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
3660 int oob_config = BT_CONN_OOB_NO_DATA;
3661
3662 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3663 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3664 oob_config = req_oob_present ? BT_CONN_OOB_REMOTE_ONLY :
3665 BT_CONN_OOB_NO_DATA;
3666
3667 if (rsp_oob_present) {
3668 oob_config = (oob_config == BT_CONN_OOB_REMOTE_ONLY) ?
3669 BT_CONN_OOB_BOTH_PEERS :
3670 BT_CONN_OOB_LOCAL_ONLY;
3671 }
3672 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3673 oob_config = req_oob_present ? BT_CONN_OOB_LOCAL_ONLY :
3674 BT_CONN_OOB_NO_DATA;
3675
3676 if (rsp_oob_present) {
3677 oob_config = (oob_config == BT_CONN_OOB_LOCAL_ONLY) ?
3678 BT_CONN_OOB_BOTH_PEERS :
3679 BT_CONN_OOB_REMOTE_ONLY;
3680 }
3681 }
3682
3683 info->lesc.oob_config = oob_config;
3684 }
3685
smp_pairing_random(struct bt_smp * smp,struct net_buf * buf)3686 static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
3687 {
3688 struct bt_smp_pairing_random *req = (void *)buf->data;
3689 uint32_t passkey;
3690 uint8_t err;
3691
3692 BT_DBG("");
3693
3694 memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
3695
3696 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3697 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3698 return legacy_pairing_random(smp);
3699 }
3700 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3701
3702 #if defined(CONFIG_BT_CENTRAL)
3703 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3704 err = sc_smp_check_confirm(smp);
3705 if (err) {
3706 return err;
3707 }
3708
3709 switch (smp->method) {
3710 case PASSKEY_CONFIRM:
3711 /* compare passkey before calculating LTK */
3712 if (smp_g2(sc_public_key, smp->pkey, smp->prnd,
3713 smp->rrnd, &passkey)) {
3714 return BT_SMP_ERR_UNSPECIFIED;
3715 }
3716
3717 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3718 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3719 bt_auth->passkey_confirm(smp->chan.chan.conn, passkey);
3720 return 0;
3721 case JUST_WORKS:
3722 break;
3723 case LE_SC_OOB:
3724 break;
3725 case PASSKEY_DISPLAY:
3726 case PASSKEY_INPUT:
3727 smp->passkey_round++;
3728 if (smp->passkey_round == 20U) {
3729 break;
3730 }
3731
3732 if (bt_rand(smp->prnd, 16)) {
3733 return BT_SMP_ERR_UNSPECIFIED;
3734 }
3735
3736 atomic_set_bit(smp->allowed_cmds,
3737 BT_SMP_CMD_PAIRING_CONFIRM);
3738 return smp_send_pairing_confirm(smp);
3739 default:
3740 BT_ERR("Unknown pairing method (%u)", smp->method);
3741 return BT_SMP_ERR_UNSPECIFIED;
3742 }
3743
3744 /* wait for DHKey being generated */
3745 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
3746 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3747 return 0;
3748 }
3749
3750 return compute_and_send_central_dhcheck(smp);
3751 }
3752 #endif /* CONFIG_BT_CENTRAL */
3753
3754 #if defined(CONFIG_BT_PERIPHERAL)
3755 switch (smp->method) {
3756 case PASSKEY_CONFIRM:
3757 if (smp_g2(smp->pkey, sc_public_key, smp->rrnd, smp->prnd,
3758 &passkey)) {
3759 return BT_SMP_ERR_UNSPECIFIED;
3760 }
3761
3762 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3763 bt_auth->passkey_confirm(smp->chan.chan.conn, passkey);
3764 break;
3765 case JUST_WORKS:
3766 break;
3767 case PASSKEY_DISPLAY:
3768 case PASSKEY_INPUT:
3769 err = sc_smp_check_confirm(smp);
3770 if (err) {
3771 return err;
3772 }
3773
3774 atomic_set_bit(smp->allowed_cmds,
3775 BT_SMP_CMD_PAIRING_CONFIRM);
3776 err = smp_send_pairing_random(smp);
3777 if (err) {
3778 return err;
3779 }
3780
3781 smp->passkey_round++;
3782 if (smp->passkey_round == 20U) {
3783 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3784 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3785 return 0;
3786 }
3787
3788 if (bt_rand(smp->prnd, 16)) {
3789 return BT_SMP_ERR_UNSPECIFIED;
3790 }
3791
3792 return 0;
3793 case LE_SC_OOB:
3794 /* Step 6: Select random N */
3795 if (bt_rand(smp->prnd, 16)) {
3796 return BT_SMP_ERR_UNSPECIFIED;
3797 }
3798
3799 if (bt_auth && bt_auth->oob_data_request) {
3800 struct bt_conn_oob_info info = {
3801 .type = BT_CONN_OOB_LE_SC,
3802 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
3803 };
3804
3805 le_sc_oob_config_set(smp, &info);
3806
3807 smp->oobd_local = NULL;
3808 smp->oobd_remote = NULL;
3809
3810 atomic_set_bit(smp->flags, SMP_FLAG_OOB_PENDING);
3811 bt_auth->oob_data_request(smp->chan.chan.conn, &info);
3812
3813 return 0;
3814 } else {
3815 return BT_SMP_ERR_OOB_NOT_AVAIL;
3816 }
3817 default:
3818 BT_ERR("Unknown pairing method (%u)", smp->method);
3819 return BT_SMP_ERR_UNSPECIFIED;
3820 }
3821
3822 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3823 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3824 return smp_send_pairing_random(smp);
3825 #else
3826 return BT_SMP_ERR_PAIRING_NOTSUPP;
3827 #endif /* CONFIG_BT_PERIPHERAL */
3828 }
3829
smp_pairing_failed(struct bt_smp * smp,struct net_buf * buf)3830 static uint8_t smp_pairing_failed(struct bt_smp *smp, struct net_buf *buf)
3831 {
3832 struct bt_conn *conn = smp->chan.chan.conn;
3833 struct bt_smp_pairing_fail *req = (void *)buf->data;
3834
3835 BT_ERR("reason 0x%x", req->reason);
3836
3837 if (atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER) ||
3838 atomic_test_and_clear_bit(smp->flags, SMP_FLAG_DISPLAY)) {
3839 if (bt_auth && bt_auth->cancel) {
3840 bt_auth->cancel(conn);
3841 }
3842 }
3843
3844 smp_pairing_complete(smp, req->reason);
3845
3846 /* return no error to avoid sending Pairing Failed in response */
3847 return 0;
3848 }
3849
smp_ident_info(struct bt_smp * smp,struct net_buf * buf)3850 static uint8_t smp_ident_info(struct bt_smp *smp, struct net_buf *buf)
3851 {
3852 BT_DBG("");
3853
3854 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3855 struct bt_smp_ident_info *req = (void *)buf->data;
3856 struct bt_conn *conn = smp->chan.chan.conn;
3857 struct bt_keys *keys;
3858
3859 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3860 if (!keys) {
3861 BT_ERR("Unable to get keys for %s",
3862 bt_addr_le_str(&conn->le.dst));
3863 return BT_SMP_ERR_UNSPECIFIED;
3864 }
3865
3866 memcpy(keys->irk.val, req->irk, 16);
3867 }
3868
3869 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
3870
3871 return 0;
3872 }
3873
smp_ident_addr_info(struct bt_smp * smp,struct net_buf * buf)3874 static uint8_t smp_ident_addr_info(struct bt_smp *smp, struct net_buf *buf)
3875 {
3876 struct bt_conn *conn = smp->chan.chan.conn;
3877 struct bt_smp_ident_addr_info *req = (void *)buf->data;
3878 uint8_t err;
3879
3880 BT_DBG("identity %s", bt_addr_le_str(&req->addr));
3881
3882 if (!bt_addr_le_is_identity(&req->addr)) {
3883 BT_ERR("Invalid identity %s", bt_addr_le_str(&req->addr));
3884 BT_ERR(" for %s", bt_addr_le_str(&conn->le.dst));
3885 return BT_SMP_ERR_INVALID_PARAMS;
3886 }
3887
3888 if (bt_addr_le_cmp(&conn->le.dst, &req->addr) != 0) {
3889 struct bt_keys *keys = bt_keys_find_addr(conn->id, &req->addr);
3890
3891 if (keys) {
3892 if (!update_keys_check(smp, keys)) {
3893 return BT_SMP_ERR_UNSPECIFIED;
3894 }
3895
3896 bt_keys_clear(keys);
3897 }
3898 }
3899
3900 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3901 const bt_addr_le_t *dst;
3902 struct bt_keys *keys;
3903
3904 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3905 if (!keys) {
3906 BT_ERR("Unable to get keys for %s",
3907 bt_addr_le_str(&conn->le.dst));
3908 return BT_SMP_ERR_UNSPECIFIED;
3909 }
3910
3911 /*
3912 * We can't use conn->dst here as this might already contain
3913 * identity address known from previous pairing. Since all keys
3914 * are cleared on re-pairing we wouldn't store IRK distributed
3915 * in new pairing.
3916 */
3917 if (conn->role == BT_HCI_ROLE_CENTRAL) {
3918 dst = &conn->le.resp_addr;
3919 } else {
3920 dst = &conn->le.init_addr;
3921 }
3922
3923 if (bt_addr_le_is_rpa(dst)) {
3924 /* always update last use RPA */
3925 bt_addr_copy(&keys->irk.rpa, &dst->a);
3926
3927 /*
3928 * Update connection address and notify about identity
3929 * resolved only if connection wasn't already reported
3930 * with identity address. This may happen if IRK was
3931 * present before ie. due to re-pairing.
3932 */
3933 if (!bt_addr_le_is_identity(&conn->le.dst)) {
3934 bt_addr_le_copy(&keys->addr, &req->addr);
3935 bt_addr_le_copy(&conn->le.dst, &req->addr);
3936
3937 bt_conn_identity_resolved(conn);
3938 }
3939 }
3940
3941 bt_id_add(keys);
3942 }
3943
3944 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
3945
3946 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
3947 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
3948 }
3949
3950 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3951 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
3952 err = bt_smp_distribute_keys(smp);
3953 if (err) {
3954 return err;
3955 }
3956 }
3957
3958 /* if all keys were distributed, pairing is done */
3959 if (!smp->local_dist && !smp->remote_dist) {
3960 smp_pairing_complete(smp, 0);
3961 }
3962
3963 return 0;
3964 }
3965
3966 #if defined(CONFIG_BT_SIGNING)
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)3967 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
3968 {
3969 struct bt_conn *conn = smp->chan.chan.conn;
3970 uint8_t err;
3971
3972 BT_DBG("");
3973
3974 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3975 struct bt_smp_signing_info *req = (void *)buf->data;
3976 struct bt_keys *keys;
3977
3978 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id,
3979 &conn->le.dst);
3980 if (!keys) {
3981 BT_ERR("Unable to get keys for %s",
3982 bt_addr_le_str(&conn->le.dst));
3983 return BT_SMP_ERR_UNSPECIFIED;
3984 }
3985
3986 memcpy(keys->remote_csrk.val, req->csrk,
3987 sizeof(keys->remote_csrk.val));
3988 }
3989
3990 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
3991
3992 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3993 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
3994 err = bt_smp_distribute_keys(smp);
3995 if (err) {
3996 return err;
3997 }
3998 }
3999
4000 /* if all keys were distributed, pairing is done */
4001 if (!smp->local_dist && !smp->remote_dist) {
4002 smp_pairing_complete(smp, 0);
4003 }
4004
4005 return 0;
4006 }
4007 #else
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)4008 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
4009 {
4010 return BT_SMP_ERR_CMD_NOTSUPP;
4011 }
4012 #endif /* CONFIG_BT_SIGNING */
4013
4014 #if defined(CONFIG_BT_CENTRAL)
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4015 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4016 {
4017 struct bt_conn *conn = smp->chan.chan.conn;
4018 struct bt_smp_security_request *req = (void *)buf->data;
4019 uint8_t auth;
4020
4021 BT_DBG("");
4022
4023 /* A higher security level is requested during the key distribution
4024 * phase, once pairing is complete a new pairing procedure will start.
4025 */
4026 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
4027 return 0;
4028 }
4029
4030 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4031 /* We have already started pairing process */
4032 return 0;
4033 }
4034
4035 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4036 /* We have already started encryption procedure */
4037 return 0;
4038 }
4039
4040 if (sc_supported) {
4041 auth = req->auth_req & BT_SMP_AUTH_MASK_SC;
4042 } else {
4043 auth = req->auth_req & BT_SMP_AUTH_MASK;
4044 }
4045
4046 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
4047 !(auth & BT_SMP_AUTH_SC)) {
4048 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4049 }
4050
4051 if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED) &&
4052 !(bondable && (auth & BT_SMP_AUTH_BONDING))) {
4053 /* Reject security req if not both intend to bond */
4054 BT_DBG("Bonding required");
4055 return BT_SMP_ERR_UNSPECIFIED;
4056 }
4057
4058 if (conn->le.keys) {
4059 /* Make sure we have an LTK to encrypt with */
4060 if (!(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
4061 goto pair;
4062 }
4063 } else {
4064 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
4065 &conn->le.dst);
4066 if (!conn->le.keys) {
4067 conn->le.keys = bt_keys_find(BT_KEYS_LTK, conn->id,
4068 &conn->le.dst);
4069 }
4070 }
4071
4072 if (!conn->le.keys) {
4073 goto pair;
4074 }
4075
4076 /* if MITM required key must be authenticated */
4077 if ((auth & BT_SMP_AUTH_MITM) &&
4078 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
4079 if (get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT) {
4080 BT_INFO("New auth requirements: 0x%x, repairing",
4081 auth);
4082 goto pair;
4083 }
4084
4085 BT_WARN("Unsupported auth requirements: 0x%x, repairing",
4086 auth);
4087 goto pair;
4088 }
4089
4090 /* if LE SC required and no p256 key present repair */
4091 if ((auth & BT_SMP_AUTH_SC) &&
4092 !(conn->le.keys->keys & BT_KEYS_LTK_P256)) {
4093 BT_INFO("New auth requirements: 0x%x, repairing", auth);
4094 goto pair;
4095 }
4096
4097 if (bt_conn_le_start_encryption(conn, conn->le.keys->ltk.rand,
4098 conn->le.keys->ltk.ediv,
4099 conn->le.keys->ltk.val,
4100 conn->le.keys->enc_size) < 0) {
4101 BT_ERR("Failed to start encryption");
4102 return BT_SMP_ERR_UNSPECIFIED;
4103 }
4104
4105 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4106
4107 return 0;
4108 pair:
4109 if (smp_send_pairing_req(conn) < 0) {
4110 return BT_SMP_ERR_UNSPECIFIED;
4111 }
4112
4113 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
4114
4115 return 0;
4116 }
4117 #else
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4118 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4119 {
4120 return BT_SMP_ERR_CMD_NOTSUPP;
4121 }
4122 #endif /* CONFIG_BT_CENTRAL */
4123
generate_dhkey(struct bt_smp * smp)4124 static uint8_t generate_dhkey(struct bt_smp *smp)
4125 {
4126 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
4127 return BT_SMP_ERR_UNSPECIFIED;
4128 }
4129
4130 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
4131 if (!smp_find(SMP_FLAG_DHKEY_GEN)) {
4132 return smp_dhkey_generate(smp);
4133 }
4134
4135 return 0;
4136 }
4137
display_passkey(struct bt_smp * smp)4138 static uint8_t display_passkey(struct bt_smp *smp)
4139 {
4140 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
4141 fixed_passkey != BT_PASSKEY_INVALID) {
4142 smp->passkey = fixed_passkey;
4143 } else {
4144 if (bt_rand(&smp->passkey, sizeof(smp->passkey))) {
4145 return BT_SMP_ERR_UNSPECIFIED;
4146 }
4147
4148 smp->passkey %= 1000000;
4149 }
4150
4151 smp->passkey_round = 0U;
4152
4153 if (bt_auth && bt_auth->passkey_display) {
4154 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
4155 bt_auth->passkey_display(smp->chan.chan.conn, smp->passkey);
4156 }
4157
4158 smp->passkey = sys_cpu_to_le32(smp->passkey);
4159
4160 return 0;
4161 }
4162
4163 #if defined(CONFIG_BT_PERIPHERAL)
smp_public_key_periph(struct bt_smp * smp)4164 static uint8_t smp_public_key_periph(struct bt_smp *smp)
4165 {
4166 uint8_t err;
4167
4168 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4169 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4170 /* Deny public key with identitcal X coordinate unless it is the
4171 * debug public key.
4172 */
4173 BT_WARN("Remote public key rejected");
4174 return BT_SMP_ERR_UNSPECIFIED;
4175 }
4176
4177 err = sc_send_public_key(smp);
4178 if (err) {
4179 return err;
4180 }
4181
4182 switch (smp->method) {
4183 case PASSKEY_CONFIRM:
4184 case JUST_WORKS:
4185 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4186
4187 err = smp_send_pairing_confirm(smp);
4188 if (err) {
4189 return err;
4190 }
4191 break;
4192 case PASSKEY_DISPLAY:
4193 err = display_passkey(smp);
4194 if (err) {
4195 return err;
4196 }
4197
4198 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4199 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4200 break;
4201 case PASSKEY_INPUT:
4202 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4203 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4204 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4205 bt_auth->passkey_entry(smp->chan.chan.conn);
4206 break;
4207 case LE_SC_OOB:
4208 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4209 break;
4210 default:
4211 BT_ERR("Unknown pairing method (%u)", smp->method);
4212 return BT_SMP_ERR_UNSPECIFIED;
4213 }
4214
4215 return generate_dhkey(smp);
4216 }
4217 #endif /* CONFIG_BT_PERIPHERAL */
4218
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4219 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4220 {
4221 struct bt_smp_public_key *req = (void *)buf->data;
4222 uint8_t err;
4223
4224 BT_DBG("");
4225
4226 memcpy(smp->pkey, req->x, BT_PUB_KEY_COORD_LEN);
4227 memcpy(&smp->pkey[BT_PUB_KEY_COORD_LEN], req->y, BT_PUB_KEY_COORD_LEN);
4228
4229 /* mark key as debug if remote is using it */
4230 if (bt_pub_key_is_debug(smp->pkey)) {
4231 BT_INFO("Remote is using Debug Public key");
4232 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
4233
4234 /* Don't allow a bond established without debug key to be
4235 * updated using LTK generated from debug key.
4236 */
4237 if (!update_debug_keys_check(smp)) {
4238 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4239 }
4240 }
4241
4242 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4243 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4244 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4245 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4246 /* Deny public key with identitcal X coordinate unless
4247 * it is the debug public key.
4248 */
4249 BT_WARN("Remote public key rejected");
4250 return BT_SMP_ERR_UNSPECIFIED;
4251 }
4252
4253 switch (smp->method) {
4254 case PASSKEY_CONFIRM:
4255 case JUST_WORKS:
4256 atomic_set_bit(smp->allowed_cmds,
4257 BT_SMP_CMD_PAIRING_CONFIRM);
4258 break;
4259 case PASSKEY_DISPLAY:
4260 err = display_passkey(smp);
4261 if (err) {
4262 return err;
4263 }
4264
4265 atomic_set_bit(smp->allowed_cmds,
4266 BT_SMP_CMD_PAIRING_CONFIRM);
4267
4268 atomic_set_bit(smp->allowed_cmds,
4269 BT_SMP_KEYPRESS_NOTIFICATION);
4270
4271 err = smp_send_pairing_confirm(smp);
4272 if (err) {
4273 return err;
4274 }
4275 break;
4276 case PASSKEY_INPUT:
4277 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4278 bt_auth->passkey_entry(smp->chan.chan.conn);
4279
4280 atomic_set_bit(smp->allowed_cmds,
4281 BT_SMP_KEYPRESS_NOTIFICATION);
4282
4283 break;
4284 case LE_SC_OOB:
4285 /* Step 6: Select random N */
4286 if (bt_rand(smp->prnd, 16)) {
4287 return BT_SMP_ERR_UNSPECIFIED;
4288 }
4289
4290 if (bt_auth && bt_auth->oob_data_request) {
4291 struct bt_conn_oob_info info = {
4292 .type = BT_CONN_OOB_LE_SC,
4293 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
4294 };
4295
4296 le_sc_oob_config_set(smp, &info);
4297
4298 smp->oobd_local = NULL;
4299 smp->oobd_remote = NULL;
4300
4301 atomic_set_bit(smp->flags,
4302 SMP_FLAG_OOB_PENDING);
4303 bt_auth->oob_data_request(smp->chan.chan.conn,
4304 &info);
4305 } else {
4306 return BT_SMP_ERR_OOB_NOT_AVAIL;
4307 }
4308 break;
4309 default:
4310 BT_ERR("Unknown pairing method (%u)", smp->method);
4311 return BT_SMP_ERR_UNSPECIFIED;
4312 }
4313
4314 return generate_dhkey(smp);
4315 }
4316
4317 #if defined(CONFIG_BT_PERIPHERAL)
4318 if (!sc_public_key) {
4319 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
4320 return 0;
4321 }
4322
4323 err = smp_public_key_periph(smp);
4324 if (err) {
4325 return err;
4326 }
4327 #endif /* CONFIG_BT_PERIPHERAL */
4328
4329 return 0;
4330 }
4331
smp_dhkey_check(struct bt_smp * smp,struct net_buf * buf)4332 static uint8_t smp_dhkey_check(struct bt_smp *smp, struct net_buf *buf)
4333 {
4334 struct bt_smp_dhkey_check *req = (void *)buf->data;
4335
4336 BT_DBG("");
4337
4338 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4339 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4340 uint8_t e[16], r[16], enc_size;
4341 uint8_t ediv[2], rand[8];
4342
4343 (void)memset(r, 0, sizeof(r));
4344
4345 switch (smp->method) {
4346 case JUST_WORKS:
4347 case PASSKEY_CONFIRM:
4348 break;
4349 case PASSKEY_DISPLAY:
4350 case PASSKEY_INPUT:
4351 memcpy(r, &smp->passkey, sizeof(smp->passkey));
4352 break;
4353 case LE_SC_OOB:
4354 if (smp->oobd_local) {
4355 memcpy(r, smp->oobd_local->r, sizeof(r));
4356 }
4357 break;
4358 default:
4359 BT_ERR("Unknown pairing method (%u)", smp->method);
4360 return BT_SMP_ERR_UNSPECIFIED;
4361 }
4362
4363 /* calculate remote DHKey check for comparison */
4364 if (smp_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->prsp[1],
4365 &smp->chan.chan.conn->le.resp_addr,
4366 &smp->chan.chan.conn->le.init_addr, e)) {
4367 return BT_SMP_ERR_UNSPECIFIED;
4368 }
4369
4370 if (memcmp(e, req->e, 16)) {
4371 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
4372 }
4373
4374 enc_size = get_encryption_key_size(smp);
4375
4376 /* Rand and EDiv are 0 */
4377 (void)memset(ediv, 0, sizeof(ediv));
4378 (void)memset(rand, 0, sizeof(rand));
4379 if (bt_conn_le_start_encryption(smp->chan.chan.conn, rand, ediv,
4380 smp->tk, enc_size) < 0) {
4381 BT_ERR("Failed to start encryption");
4382 return BT_SMP_ERR_UNSPECIFIED;
4383 }
4384
4385 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4386
4387 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
4388 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4389 atomic_set_bit(smp->allowed_cmds,
4390 BT_SMP_CMD_IDENT_INFO);
4391 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4392 atomic_set_bit(smp->allowed_cmds,
4393 BT_SMP_CMD_SIGNING_INFO);
4394 }
4395 }
4396
4397 return 0;
4398 }
4399
4400 #if defined(CONFIG_BT_PERIPHERAL)
4401 if (smp->chan.chan.conn->role == BT_HCI_ROLE_PERIPHERAL) {
4402 atomic_clear_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
4403 memcpy(smp->e, req->e, sizeof(smp->e));
4404
4405 /* wait for DHKey being generated */
4406 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
4407 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4408 return 0;
4409 }
4410
4411 /* waiting for user to confirm passkey */
4412 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
4413 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4414 return 0;
4415 }
4416
4417 return compute_and_check_and_send_periph_dhcheck(smp);
4418 }
4419 #endif /* CONFIG_BT_PERIPHERAL */
4420
4421 return 0;
4422 }
4423
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4424 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4425 {
4426 ARG_UNUSED(smp);
4427 ARG_UNUSED(buf);
4428
4429 BT_DBG("");
4430
4431 /* Ignore packets until keypress notifications are fully supported. */
4432 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4433 return 0;
4434 }
4435
4436 static const struct {
4437 uint8_t (*func)(struct bt_smp *smp, struct net_buf *buf);
4438 uint8_t expect_len;
4439 } handlers[] = {
4440 { }, /* No op-code defined for 0x00 */
4441 { smp_pairing_req, sizeof(struct bt_smp_pairing) },
4442 { smp_pairing_rsp, sizeof(struct bt_smp_pairing) },
4443 { smp_pairing_confirm, sizeof(struct bt_smp_pairing_confirm) },
4444 { smp_pairing_random, sizeof(struct bt_smp_pairing_random) },
4445 { smp_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
4446 { smp_encrypt_info, sizeof(struct bt_smp_encrypt_info) },
4447 { smp_central_ident, sizeof(struct bt_smp_central_ident) },
4448 { smp_ident_info, sizeof(struct bt_smp_ident_info) },
4449 { smp_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
4450 { smp_signing_info, sizeof(struct bt_smp_signing_info) },
4451 { smp_security_request, sizeof(struct bt_smp_security_request) },
4452 { smp_public_key, sizeof(struct bt_smp_public_key) },
4453 { smp_dhkey_check, sizeof(struct bt_smp_dhkey_check) },
4454 { smp_keypress_notif, sizeof(struct bt_smp_keypress_notif) },
4455 };
4456
bt_smp_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)4457 static int bt_smp_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
4458 {
4459 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4460 struct bt_smp_hdr *hdr;
4461 uint8_t err;
4462
4463 if (buf->len < sizeof(*hdr)) {
4464 BT_ERR("Too small SMP PDU received");
4465 return 0;
4466 }
4467
4468 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4469 BT_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
4470
4471 /*
4472 * If SMP timeout occurred "no further SMP commands shall be sent over
4473 * the L2CAP Security Manager Channel. A new SM procedure shall only be
4474 * performed when a new physical link has been established."
4475 */
4476 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
4477 BT_WARN("SMP command (code 0x%02x) received after timeout",
4478 hdr->code);
4479 return 0;
4480 }
4481
4482 /*
4483 * Bluetooth Core Specification Version 5.2, Vol 3, Part H, page 1667:
4484 * If a packet is received with a Code that is reserved for future use
4485 * it shall be ignored.
4486 */
4487 if (hdr->code >= ARRAY_SIZE(handlers)) {
4488 BT_WARN("Received reserved SMP code 0x%02x", hdr->code);
4489 return 0;
4490 }
4491
4492 if (!handlers[hdr->code].func) {
4493 BT_WARN("Unhandled SMP code 0x%02x", hdr->code);
4494 smp_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
4495 return 0;
4496 }
4497
4498 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
4499 BT_WARN("Unexpected SMP code 0x%02x", hdr->code);
4500 /* Don't send error responses to error PDUs */
4501 if (hdr->code != BT_SMP_CMD_PAIRING_FAIL) {
4502 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
4503 }
4504 return 0;
4505 }
4506
4507 if (buf->len != handlers[hdr->code].expect_len) {
4508 BT_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
4509 smp_error(smp, BT_SMP_ERR_INVALID_PARAMS);
4510 return 0;
4511 }
4512
4513 err = handlers[hdr->code].func(smp, buf);
4514 if (err) {
4515 smp_error(smp, err);
4516 }
4517
4518 return 0;
4519 }
4520
bt_smp_pkey_ready(const uint8_t * pkey)4521 static void bt_smp_pkey_ready(const uint8_t *pkey)
4522 {
4523 int i;
4524
4525 BT_DBG("");
4526
4527 sc_public_key = pkey;
4528
4529 if (!pkey) {
4530 BT_WARN("Public key not available");
4531 return;
4532 }
4533
4534 k_sem_give(&sc_local_pkey_ready);
4535
4536 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
4537 struct bt_smp *smp = &bt_smp_pool[i];
4538 uint8_t err;
4539
4540 if (!atomic_test_bit(smp->flags, SMP_FLAG_PKEY_SEND)) {
4541 continue;
4542 }
4543
4544 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4545 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4546 err = sc_send_public_key(smp);
4547 if (err) {
4548 smp_error(smp, err);
4549 }
4550
4551 atomic_set_bit(smp->allowed_cmds,
4552 BT_SMP_CMD_PUBLIC_KEY);
4553 continue;
4554 }
4555
4556 #if defined(CONFIG_BT_PERIPHERAL)
4557 err = smp_public_key_periph(smp);
4558 if (err) {
4559 smp_error(smp, err);
4560 }
4561 #endif /* CONFIG_BT_PERIPHERAL */
4562 }
4563 }
4564
bt_smp_connected(struct bt_l2cap_chan * chan)4565 static void bt_smp_connected(struct bt_l2cap_chan *chan)
4566 {
4567 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4568
4569 BT_DBG("chan %p cid 0x%04x", chan,
4570 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4571
4572 k_work_init_delayable(&smp->work, smp_timeout);
4573 smp_reset(smp);
4574 }
4575
bt_smp_disconnected(struct bt_l2cap_chan * chan)4576 static void bt_smp_disconnected(struct bt_l2cap_chan *chan)
4577 {
4578 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4579 struct bt_keys *keys = chan->conn->le.keys;
4580
4581 BT_DBG("chan %p cid 0x%04x", chan,
4582 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4583
4584 /* Channel disconnected callback is always called from a work handler
4585 * so canceling of the timeout work should always succeed.
4586 */
4587 (void)k_work_cancel_delayable(&smp->work);
4588
4589 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
4590 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
4591 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
4592 /* reset context and report */
4593 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
4594 }
4595
4596 if (keys) {
4597 /*
4598 * If debug keys were used for pairing remove them.
4599 * No keys indicate no bonding so free keys storage.
4600 */
4601 if (!keys->keys || (!IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS) &&
4602 (keys->flags & BT_KEYS_DEBUG))) {
4603 bt_keys_clear(keys);
4604 }
4605 }
4606
4607 (void)memset(smp, 0, sizeof(*smp));
4608 }
4609
bt_smp_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)4610 static void bt_smp_encrypt_change(struct bt_l2cap_chan *chan,
4611 uint8_t hci_status)
4612 {
4613 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan);
4614 struct bt_conn *conn = chan->conn;
4615
4616 BT_DBG("chan %p conn %p handle %u encrypt 0x%02x hci status 0x%02x",
4617 chan, conn, conn->handle, conn->encrypt, hci_status);
4618
4619 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4620 /* We where not waiting for encryption procedure.
4621 * This happens when encrypt change is called to notify that
4622 * security has failed before starting encryption.
4623 */
4624 return;
4625 }
4626
4627 if (hci_status) {
4628 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4629 uint8_t smp_err = smp_err_get(
4630 bt_security_err_get(hci_status));
4631
4632 /* Fail as if it happened during key distribution */
4633 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4634 smp_pairing_complete(smp, smp_err);
4635 }
4636
4637 return;
4638 }
4639
4640 if (!conn->encrypt) {
4641 return;
4642 }
4643
4644 /* We were waiting for encryption but with no pairing in progress.
4645 * This can happen if paired peripheral sent Security Request and we
4646 * enabled encryption.
4647 */
4648 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4649 smp_reset(smp);
4650 return;
4651 }
4652
4653 /* derive BR/EDR LinkKey if supported by both sides */
4654 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
4655 if ((smp->local_dist & BT_SMP_DIST_LINK_KEY) &&
4656 (smp->remote_dist & BT_SMP_DIST_LINK_KEY)) {
4657 /*
4658 * Link Key will be derived after key distribution to
4659 * make sure remote device identity is known
4660 */
4661 atomic_set_bit(smp->flags, SMP_FLAG_DERIVE_LK);
4662 }
4663 /*
4664 * Those are used as pairing finished indicator so generated
4665 * but not distributed keys must be cleared here.
4666 */
4667 smp->local_dist &= ~BT_SMP_DIST_LINK_KEY;
4668 smp->remote_dist &= ~BT_SMP_DIST_LINK_KEY;
4669 }
4670
4671 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
4672 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
4673 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4674 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
4675 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4676 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
4677 }
4678
4679 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4680 IS_ENABLED(CONFIG_BT_PRIVACY) &&
4681 !(smp->remote_dist & BT_SMP_DIST_ID_KEY)) {
4682 /* To resolve directed advertising we need our local IRK
4683 * in the controllers resolving list, add it now since the
4684 * peer has no identity key.
4685 */
4686 bt_id_add(conn->le.keys);
4687 }
4688
4689 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4690
4691 /* Peripheral distributes it's keys first */
4692 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4693 conn->role == BT_HCI_ROLE_CENTRAL && smp->remote_dist) {
4694 return;
4695 }
4696
4697 if (IS_ENABLED(CONFIG_BT_TESTING)) {
4698 /* Avoid the HCI-USB race condition where HCI data and
4699 * HCI events can be re-ordered, and pairing information appears
4700 * to be sent unencrypted.
4701 */
4702 k_sleep(K_MSEC(100));
4703 }
4704
4705 if (bt_smp_distribute_keys(smp)) {
4706 return;
4707 }
4708
4709 /* if all keys were distributed, pairing is done */
4710 if (!smp->local_dist && !smp->remote_dist) {
4711 smp_pairing_complete(smp, 0);
4712 }
4713 }
4714
4715 #if defined(CONFIG_BT_SIGNING) || defined(CONFIG_BT_SMP_SELFTEST)
4716 /* Sign message using msg as a buffer, len is a size of the message,
4717 * msg buffer contains message itself, 32 bit count and signature,
4718 * so total buffer size is len + 4 + 8 octets.
4719 * API is Little Endian to make it suitable for Bluetooth.
4720 */
smp_sign_buf(const uint8_t * key,uint8_t * msg,uint16_t len)4721 static int smp_sign_buf(const uint8_t *key, uint8_t *msg, uint16_t len)
4722 {
4723 uint8_t *m = msg;
4724 uint32_t cnt = UNALIGNED_GET((uint32_t *)&msg[len]);
4725 uint8_t *sig = msg + len;
4726 uint8_t key_s[16], tmp[16];
4727 int err;
4728
4729 BT_DBG("Signing msg %s len %u key %s", bt_hex(msg, len), len,
4730 bt_hex(key, 16));
4731
4732 sys_mem_swap(m, len + sizeof(cnt));
4733 sys_memcpy_swap(key_s, key, 16);
4734
4735 err = bt_smp_aes_cmac(key_s, m, len + sizeof(cnt), tmp);
4736 if (err) {
4737 BT_ERR("Data signing failed");
4738 return err;
4739 }
4740
4741 sys_mem_swap(tmp, sizeof(tmp));
4742 memcpy(tmp + 4, &cnt, sizeof(cnt));
4743
4744 /* Swap original message back */
4745 sys_mem_swap(m, len + sizeof(cnt));
4746
4747 memcpy(sig, tmp + 4, 12);
4748
4749 BT_DBG("sig %s", bt_hex(sig, 12));
4750
4751 return 0;
4752 }
4753 #endif
4754
4755 #if defined(CONFIG_BT_SIGNING)
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4756 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4757 {
4758 struct bt_keys *keys;
4759 uint8_t sig[12];
4760 uint32_t cnt;
4761 int err;
4762
4763 /* Store signature incl. count */
4764 memcpy(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig));
4765
4766 keys = bt_keys_find(BT_KEYS_REMOTE_CSRK, conn->id, &conn->le.dst);
4767 if (!keys) {
4768 BT_ERR("Unable to find Remote CSRK for %s",
4769 bt_addr_le_str(&conn->le.dst));
4770 return -ENOENT;
4771 }
4772
4773 /* Copy signing count */
4774 cnt = sys_cpu_to_le32(keys->remote_csrk.cnt);
4775 memcpy(net_buf_tail(buf) - sizeof(sig), &cnt, sizeof(cnt));
4776
4777 BT_DBG("Sign data len %zu key %s count %u", buf->len - sizeof(sig),
4778 bt_hex(keys->remote_csrk.val, 16), keys->remote_csrk.cnt);
4779
4780 err = smp_sign_buf(keys->remote_csrk.val, buf->data,
4781 buf->len - sizeof(sig));
4782 if (err) {
4783 BT_ERR("Unable to create signature for %s",
4784 bt_addr_le_str(&conn->le.dst));
4785 return -EIO;
4786 }
4787
4788 if (memcmp(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig))) {
4789 BT_ERR("Unable to verify signature for %s",
4790 bt_addr_le_str(&conn->le.dst));
4791 return -EBADMSG;
4792 }
4793
4794 keys->remote_csrk.cnt++;
4795
4796 return 0;
4797 }
4798
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4799 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4800 {
4801 struct bt_keys *keys;
4802 uint32_t cnt;
4803 int err;
4804
4805 keys = bt_keys_find(BT_KEYS_LOCAL_CSRK, conn->id, &conn->le.dst);
4806 if (!keys) {
4807 BT_ERR("Unable to find local CSRK for %s",
4808 bt_addr_le_str(&conn->le.dst));
4809 return -ENOENT;
4810 }
4811
4812 /* Reserve space for data signature */
4813 net_buf_add(buf, 12);
4814
4815 /* Copy signing count */
4816 cnt = sys_cpu_to_le32(keys->local_csrk.cnt);
4817 memcpy(net_buf_tail(buf) - 12, &cnt, sizeof(cnt));
4818
4819 BT_DBG("Sign data len %u key %s count %u", buf->len,
4820 bt_hex(keys->local_csrk.val, 16), keys->local_csrk.cnt);
4821
4822 err = smp_sign_buf(keys->local_csrk.val, buf->data, buf->len - 12);
4823 if (err) {
4824 BT_ERR("Unable to create signature for %s",
4825 bt_addr_le_str(&conn->le.dst));
4826 return -EIO;
4827 }
4828
4829 keys->local_csrk.cnt++;
4830
4831 return 0;
4832 }
4833 #else
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4834 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4835 {
4836 return -ENOTSUP;
4837 }
4838
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4839 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4840 {
4841 return -ENOTSUP;
4842 }
4843 #endif /* CONFIG_BT_SIGNING */
4844
bt_smp_irk_get(uint8_t * ir,uint8_t * irk)4845 int bt_smp_irk_get(uint8_t *ir, uint8_t *irk)
4846 {
4847 uint8_t invalid_ir[16] = { 0 };
4848
4849 if (!memcmp(ir, invalid_ir, 16)) {
4850 return -EINVAL;
4851 }
4852
4853 return smp_d1(ir, 1, 0, irk);
4854 }
4855
4856 #if defined(CONFIG_BT_SMP_SELFTEST)
4857 /* Test vectors are taken from RFC 4493
4858 * https://tools.ietf.org/html/rfc4493
4859 * Same mentioned in the Bluetooth Spec.
4860 */
4861 static const uint8_t key[] = {
4862 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
4863 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
4864 };
4865
4866 static const uint8_t M[] = {
4867 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
4868 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
4869 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
4870 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
4871 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
4872 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
4873 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
4874 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
4875 };
4876
aes_test(const char * prefix,const uint8_t * key,const uint8_t * m,uint16_t len,const uint8_t * mac)4877 static int aes_test(const char *prefix, const uint8_t *key, const uint8_t *m,
4878 uint16_t len, const uint8_t *mac)
4879 {
4880 uint8_t out[16];
4881
4882 BT_DBG("%s: AES CMAC of message with len %u", prefix, len);
4883
4884 bt_smp_aes_cmac(key, m, len, out);
4885 if (!memcmp(out, mac, 16)) {
4886 BT_DBG("%s: Success", prefix);
4887 } else {
4888 BT_ERR("%s: Failed", prefix);
4889 return -1;
4890 }
4891
4892 return 0;
4893 }
4894
smp_aes_cmac_test(void)4895 static int smp_aes_cmac_test(void)
4896 {
4897 uint8_t mac1[] = {
4898 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
4899 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
4900 };
4901 uint8_t mac2[] = {
4902 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
4903 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
4904 };
4905 uint8_t mac3[] = {
4906 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
4907 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
4908 };
4909 uint8_t mac4[] = {
4910 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
4911 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
4912 };
4913 int err;
4914
4915 err = aes_test("Test aes-cmac0", key, M, 0, mac1);
4916 if (err) {
4917 return err;
4918 }
4919
4920 err = aes_test("Test aes-cmac16", key, M, 16, mac2);
4921 if (err) {
4922 return err;
4923 }
4924
4925 err = aes_test("Test aes-cmac40", key, M, 40, mac3);
4926 if (err) {
4927 return err;
4928 }
4929
4930 err = aes_test("Test aes-cmac64", key, M, 64, mac4);
4931 if (err) {
4932 return err;
4933 }
4934
4935 return 0;
4936 }
4937
sign_test(const char * prefix,const uint8_t * key,const uint8_t * m,uint16_t len,const uint8_t * sig)4938 static int sign_test(const char *prefix, const uint8_t *key, const uint8_t *m,
4939 uint16_t len, const uint8_t *sig)
4940 {
4941 uint8_t msg[len + sizeof(uint32_t) + 8];
4942 uint8_t orig[len + sizeof(uint32_t) + 8];
4943 uint8_t *out = msg + len;
4944 int err;
4945
4946 BT_DBG("%s: Sign message with len %u", prefix, len);
4947
4948 (void)memset(msg, 0, sizeof(msg));
4949 memcpy(msg, m, len);
4950 (void)memset(msg + len, 0, sizeof(uint32_t));
4951
4952 memcpy(orig, msg, sizeof(msg));
4953
4954 err = smp_sign_buf(key, msg, len);
4955 if (err) {
4956 return err;
4957 }
4958
4959 /* Check original message */
4960 if (!memcmp(msg, orig, len + sizeof(uint32_t))) {
4961 BT_DBG("%s: Original message intact", prefix);
4962 } else {
4963 BT_ERR("%s: Original message modified", prefix);
4964 BT_DBG("%s: orig %s", prefix, bt_hex(orig, sizeof(orig)));
4965 BT_DBG("%s: msg %s", prefix, bt_hex(msg, sizeof(msg)));
4966 return -1;
4967 }
4968
4969 if (!memcmp(out, sig, 12)) {
4970 BT_DBG("%s: Success", prefix);
4971 } else {
4972 BT_ERR("%s: Failed", prefix);
4973 return -1;
4974 }
4975
4976 return 0;
4977 }
4978
smp_sign_test(void)4979 static int smp_sign_test(void)
4980 {
4981 const uint8_t sig1[] = {
4982 0x00, 0x00, 0x00, 0x00, 0xb3, 0xa8, 0x59, 0x41,
4983 0x27, 0xeb, 0xc2, 0xc0
4984 };
4985 const uint8_t sig2[] = {
4986 0x00, 0x00, 0x00, 0x00, 0x27, 0x39, 0x74, 0xf4,
4987 0x39, 0x2a, 0x23, 0x2a
4988 };
4989 const uint8_t sig3[] = {
4990 0x00, 0x00, 0x00, 0x00, 0xb7, 0xca, 0x94, 0xab,
4991 0x87, 0xc7, 0x82, 0x18
4992 };
4993 const uint8_t sig4[] = {
4994 0x00, 0x00, 0x00, 0x00, 0x44, 0xe1, 0xe6, 0xce,
4995 0x1d, 0xf5, 0x13, 0x68
4996 };
4997 uint8_t key_s[16];
4998 int err;
4999
5000 /* Use the same key as aes-cmac but swap bytes */
5001 sys_memcpy_swap(key_s, key, 16);
5002
5003 err = sign_test("Test sign0", key_s, M, 0, sig1);
5004 if (err) {
5005 return err;
5006 }
5007
5008 err = sign_test("Test sign16", key_s, M, 16, sig2);
5009 if (err) {
5010 return err;
5011 }
5012
5013 err = sign_test("Test sign40", key_s, M, 40, sig3);
5014 if (err) {
5015 return err;
5016 }
5017
5018 err = sign_test("Test sign64", key_s, M, 64, sig4);
5019 if (err) {
5020 return err;
5021 }
5022
5023 return 0;
5024 }
5025
smp_f4_test(void)5026 static int smp_f4_test(void)
5027 {
5028 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5029 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5030 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5031 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5032 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5033 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5034 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5035 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5036 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5037 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5038 uint8_t z = 0x00;
5039 uint8_t exp[16] = { 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
5040 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
5041 uint8_t res[16];
5042 int err;
5043
5044 err = smp_f4(u, v, x, z, res);
5045 if (err) {
5046 return err;
5047 }
5048
5049 if (memcmp(res, exp, 16)) {
5050 return -EINVAL;
5051 }
5052
5053 return 0;
5054 }
5055
smp_f5_test(void)5056 static int smp_f5_test(void)
5057 {
5058 uint8_t w[32] = { 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
5059 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
5060 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5061 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5062 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5063 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5064 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5065 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5066 bt_addr_le_t a1 = { .type = 0x00,
5067 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5068 bt_addr_le_t a2 = { .type = 0x00,
5069 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5070 uint8_t exp_ltk[16] = { 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05,
5071 0x98, 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79,
5072 0x86, 0x69 };
5073 uint8_t exp_mackey[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f,
5074 0xfd, 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1,
5075 0x65, 0x29 };
5076 uint8_t mackey[16], ltk[16];
5077 int err;
5078
5079 err = smp_f5(w, n1, n2, &a1, &a2, mackey, ltk);
5080 if (err) {
5081 return err;
5082 }
5083
5084 if (memcmp(mackey, exp_mackey, 16) || memcmp(ltk, exp_ltk, 16)) {
5085 return -EINVAL;
5086 }
5087
5088 return 0;
5089 }
5090
smp_f6_test(void)5091 static int smp_f6_test(void)
5092 {
5093 uint8_t w[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
5094 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
5095 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5096 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5097 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5098 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5099 uint8_t r[16] = { 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
5100 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
5101 uint8_t io_cap[3] = { 0x02, 0x01, 0x01 };
5102 bt_addr_le_t a1 = { .type = 0x00,
5103 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5104 bt_addr_le_t a2 = { .type = 0x00,
5105 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5106 uint8_t exp[16] = { 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
5107 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
5108 uint8_t res[16];
5109 int err;
5110
5111 err = smp_f6(w, n1, n2, r, io_cap, &a1, &a2, res);
5112 if (err)
5113 return err;
5114
5115 if (memcmp(res, exp, 16))
5116 return -EINVAL;
5117
5118 return 0;
5119 }
5120
smp_g2_test(void)5121 static int smp_g2_test(void)
5122 {
5123 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5124 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5125 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5126 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5127 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5128 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5129 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5130 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5131 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5132 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5133 uint8_t y[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5134 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5135 uint32_t exp_val = 0x2f9ed5ba % 1000000;
5136 uint32_t val;
5137 int err;
5138
5139 err = smp_g2(u, v, x, y, &val);
5140 if (err) {
5141 return err;
5142 }
5143
5144 if (val != exp_val) {
5145 return -EINVAL;
5146 }
5147
5148 return 0;
5149 }
5150
5151 #if defined(CONFIG_BT_BREDR)
smp_h6_test(void)5152 static int smp_h6_test(void)
5153 {
5154 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5155 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5156 uint8_t key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
5157 uint8_t exp_res[16] = { 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
5158 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d};
5159 uint8_t res[16];
5160 int err;
5161
5162 err = smp_h6(w, key_id, res);
5163 if (err) {
5164 return err;
5165 }
5166
5167 if (memcmp(res, exp_res, 16)) {
5168 return -EINVAL;
5169 }
5170
5171 return 0;
5172 }
5173
smp_h7_test(void)5174 static int smp_h7_test(void)
5175 {
5176 uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74, 0x00, 0x00, 0x00, 0x00,
5177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
5178 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5179 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5180 uint8_t exp_res[16] = { 0x11, 0x70, 0xa5, 0x75, 0x2a, 0x8c, 0x99, 0xd2,
5181 0xec, 0xc0, 0xa3, 0xc6, 0x97, 0x35, 0x17, 0xfb};
5182 uint8_t res[16];
5183 int err;
5184
5185 err = smp_h7(salt, w, res);
5186 if (err) {
5187 return err;
5188 }
5189
5190 if (memcmp(res, exp_res, 16)) {
5191 return -EINVAL;
5192 }
5193
5194 return 0;
5195 }
5196 #endif /* CONFIG_BT_BREDR */
5197
smp_self_test(void)5198 static int smp_self_test(void)
5199 {
5200 int err;
5201
5202 err = smp_aes_cmac_test();
5203 if (err) {
5204 BT_ERR("SMP AES-CMAC self tests failed");
5205 return err;
5206 }
5207
5208 err = smp_sign_test();
5209 if (err) {
5210 BT_ERR("SMP signing self tests failed");
5211 return err;
5212 }
5213
5214 err = smp_f4_test();
5215 if (err) {
5216 BT_ERR("SMP f4 self test failed");
5217 return err;
5218 }
5219
5220 err = smp_f5_test();
5221 if (err) {
5222 BT_ERR("SMP f5 self test failed");
5223 return err;
5224 }
5225
5226 err = smp_f6_test();
5227 if (err) {
5228 BT_ERR("SMP f6 self test failed");
5229 return err;
5230 }
5231
5232 err = smp_g2_test();
5233 if (err) {
5234 BT_ERR("SMP g2 self test failed");
5235 return err;
5236 }
5237
5238 #if defined(CONFIG_BT_BREDR)
5239 err = smp_h6_test();
5240 if (err) {
5241 BT_ERR("SMP h6 self test failed");
5242 return err;
5243 }
5244
5245 err = smp_h7_test();
5246 if (err) {
5247 BT_ERR("SMP h7 self test failed");
5248 return err;
5249 }
5250 #endif /* CONFIG_BT_BREDR */
5251
5252 return 0;
5253 }
5254 #else
smp_self_test(void)5255 static inline int smp_self_test(void)
5256 {
5257 return 0;
5258 }
5259 #endif
5260
bt_smp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)5261 int bt_smp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
5262 {
5263 struct bt_smp *smp;
5264 uint8_t err;
5265
5266 smp = smp_chan_get(conn);
5267 if (!smp) {
5268 return -EINVAL;
5269 }
5270
5271 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5272 return -EINVAL;
5273 }
5274
5275 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
5276 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5277 legacy_passkey_entry(smp, passkey);
5278 return 0;
5279 }
5280 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5281
5282 smp->passkey = sys_cpu_to_le32(passkey);
5283
5284 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5285 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5286 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
5287 err = smp_send_pairing_confirm(smp);
5288 if (err) {
5289 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5290 return 0;
5291 }
5292 return 0;
5293 }
5294
5295 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
5296 atomic_test_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
5297 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5298 err = smp_send_pairing_confirm(smp);
5299 if (err) {
5300 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5301 return 0;
5302 }
5303 }
5304
5305 return 0;
5306 }
5307
bt_smp_auth_passkey_confirm(struct bt_conn * conn)5308 int bt_smp_auth_passkey_confirm(struct bt_conn *conn)
5309 {
5310 struct bt_smp *smp;
5311
5312 smp = smp_chan_get(conn);
5313 if (!smp) {
5314 return -EINVAL;
5315 }
5316
5317 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5318 return -EINVAL;
5319 }
5320
5321 /* wait for DHKey being generated */
5322 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
5323 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5324 return 0;
5325 }
5326
5327 /* wait for remote DHKey Check */
5328 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
5329 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5330 return 0;
5331 }
5332
5333 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
5334 uint8_t err;
5335
5336 #if defined(CONFIG_BT_CENTRAL)
5337 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5338 err = compute_and_send_central_dhcheck(smp);
5339 if (err) {
5340 smp_error(smp, err);
5341 }
5342 return 0;
5343 }
5344 #endif /* CONFIG_BT_CENTRAL */
5345
5346 #if defined(CONFIG_BT_PERIPHERAL)
5347 err = compute_and_check_and_send_periph_dhcheck(smp);
5348 if (err) {
5349 smp_error(smp, err);
5350 }
5351 #endif /* CONFIG_BT_PERIPHERAL */
5352 }
5353
5354 return 0;
5355 }
5356
5357 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_le_oob_set_tk(struct bt_conn * conn,const uint8_t * tk)5358 int bt_smp_le_oob_set_tk(struct bt_conn *conn, const uint8_t *tk)
5359 {
5360 struct bt_smp *smp;
5361
5362 smp = smp_chan_get(conn);
5363 if (!smp || !tk) {
5364 return -EINVAL;
5365 }
5366
5367 BT_DBG("%s", bt_hex(tk, 16));
5368
5369 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5370 return -EINVAL;
5371 }
5372
5373 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5374 uint8_t oob[16];
5375
5376 sys_memcpy_swap(oob, tk, 16);
5377 BT_INFO("Legacy OOB data 0x%s", bt_hex(oob, 16));
5378 }
5379
5380 memcpy(smp->tk, tk, 16*sizeof(uint8_t));
5381
5382 legacy_user_tk_entry(smp);
5383
5384 return 0;
5385 }
5386 #endif /* !defined(CONFIG_BT_SMP_SC_PAIR_ONLY) */
5387
bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data * le_sc_oob)5388 int bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data *le_sc_oob)
5389 {
5390 int err;
5391
5392 if (!le_sc_supported()) {
5393 return -ENOTSUP;
5394 }
5395
5396 if (!sc_public_key) {
5397 err = k_sem_take(&sc_local_pkey_ready, K_FOREVER);
5398 if (err) {
5399 return err;
5400 }
5401 }
5402
5403 if (IS_ENABLED(CONFIG_BT_OOB_DATA_FIXED)) {
5404 uint8_t rand_num[] = {
5405 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5406 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5407 };
5408
5409 memcpy(le_sc_oob->r, rand_num, sizeof(le_sc_oob->r));
5410 } else {
5411 err = bt_rand(le_sc_oob->r, 16);
5412 if (err) {
5413 return err;
5414 }
5415 }
5416
5417 err = smp_f4(sc_public_key, sc_public_key, le_sc_oob->r, 0,
5418 le_sc_oob->c);
5419 if (err) {
5420 return err;
5421 }
5422
5423 return 0;
5424 }
5425
5426 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
le_sc_oob_data_check(struct bt_smp * smp,bool oobd_local_present,bool oobd_remote_present)5427 static bool le_sc_oob_data_check(struct bt_smp *smp, bool oobd_local_present,
5428 bool oobd_remote_present)
5429 {
5430 bool req_oob_present = le_sc_oob_data_req_check(smp);
5431 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
5432
5433 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5434 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5435 if ((req_oob_present != oobd_remote_present) &&
5436 (rsp_oob_present != oobd_local_present)) {
5437 return false;
5438 }
5439 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5440 if ((req_oob_present != oobd_local_present) &&
5441 (rsp_oob_present != oobd_remote_present)) {
5442 return false;
5443 }
5444 }
5445
5446 return true;
5447 }
5448
le_sc_oob_pairing_continue(struct bt_smp * smp)5449 static int le_sc_oob_pairing_continue(struct bt_smp *smp)
5450 {
5451 if (smp->oobd_remote) {
5452 int err;
5453 uint8_t c[16];
5454
5455 err = smp_f4(smp->pkey, smp->pkey, smp->oobd_remote->r, 0, c);
5456 if (err) {
5457 return err;
5458 }
5459
5460 bool match = (memcmp(c, smp->oobd_remote->c, sizeof(c)) == 0);
5461
5462 if (!match) {
5463 smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5464 return 0;
5465 }
5466 }
5467
5468 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5469 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5470 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5471 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5472 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
5473 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
5474 }
5475
5476 return smp_send_pairing_random(smp);
5477 }
5478
bt_smp_le_oob_set_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data * oobd_local,const struct bt_le_oob_sc_data * oobd_remote)5479 int bt_smp_le_oob_set_sc_data(struct bt_conn *conn,
5480 const struct bt_le_oob_sc_data *oobd_local,
5481 const struct bt_le_oob_sc_data *oobd_remote)
5482 {
5483 struct bt_smp *smp;
5484
5485 smp = smp_chan_get(conn);
5486 if (!smp) {
5487 return -EINVAL;
5488 }
5489
5490 if (!le_sc_oob_data_check(smp, (oobd_local != NULL),
5491 (oobd_remote != NULL))) {
5492 return -EINVAL;
5493 }
5494
5495 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_OOB_PENDING)) {
5496 return -EINVAL;
5497 }
5498
5499 smp->oobd_local = oobd_local;
5500 smp->oobd_remote = oobd_remote;
5501
5502 return le_sc_oob_pairing_continue(smp);
5503 }
5504
bt_smp_le_oob_get_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data ** oobd_local,const struct bt_le_oob_sc_data ** oobd_remote)5505 int bt_smp_le_oob_get_sc_data(struct bt_conn *conn,
5506 const struct bt_le_oob_sc_data **oobd_local,
5507 const struct bt_le_oob_sc_data **oobd_remote)
5508 {
5509 struct bt_smp *smp;
5510
5511 smp = smp_chan_get(conn);
5512 if (!smp) {
5513 return -EINVAL;
5514 }
5515
5516 if (!smp->oobd_local && !smp->oobd_remote) {
5517 return -ESRCH;
5518 }
5519
5520 if (oobd_local) {
5521 *oobd_local = smp->oobd_local;
5522 }
5523
5524 if (oobd_remote) {
5525 *oobd_remote = smp->oobd_remote;
5526 }
5527
5528 return 0;
5529 }
5530 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
5531
bt_smp_auth_cancel(struct bt_conn * conn)5532 int bt_smp_auth_cancel(struct bt_conn *conn)
5533 {
5534 struct bt_smp *smp;
5535
5536 smp = smp_chan_get(conn);
5537 if (!smp) {
5538 return -EINVAL;
5539 }
5540
5541 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5542 return -EINVAL;
5543 }
5544
5545 BT_DBG("");
5546
5547 switch (smp->method) {
5548 case PASSKEY_INPUT:
5549 case PASSKEY_DISPLAY:
5550 return smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5551 case PASSKEY_CONFIRM:
5552 return smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5553 case LE_SC_OOB:
5554 case LEGACY_OOB:
5555 return smp_error(smp, BT_SMP_ERR_OOB_NOT_AVAIL);
5556 case JUST_WORKS:
5557 return smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5558 default:
5559 BT_ERR("Unknown pairing method (%u)", smp->method);
5560 return 0;
5561 }
5562 }
5563
5564 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5565 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5566 {
5567 struct bt_smp *smp;
5568
5569 smp = smp_chan_get(conn);
5570 if (!smp) {
5571 return -EINVAL;
5572 }
5573
5574 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5575 return -EINVAL;
5576 }
5577
5578 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5579 conn->role == BT_CONN_ROLE_CENTRAL) {
5580 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5581 atomic_set_bit(smp->allowed_cmds,
5582 BT_SMP_CMD_PAIRING_CONFIRM);
5583 return legacy_send_pairing_confirm(smp);
5584 }
5585
5586 if (!sc_public_key) {
5587 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
5588 return 0;
5589 }
5590
5591 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5592 return sc_send_public_key(smp);
5593 }
5594
5595 #if defined(CONFIG_BT_PERIPHERAL)
5596 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5597 atomic_set_bit(smp->allowed_cmds,
5598 BT_SMP_CMD_PAIRING_CONFIRM);
5599 return send_pairing_rsp(smp);
5600 }
5601
5602 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5603 if (send_pairing_rsp(smp)) {
5604 return -EIO;
5605 }
5606 #endif /* CONFIG_BT_PERIPHERAL */
5607
5608 return 0;
5609 }
5610 #else
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5611 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5612 {
5613 /* confirm_pairing will never be called in LE SC only mode */
5614 return -EINVAL;
5615 }
5616 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5617
5618 #if defined(CONFIG_BT_FIXED_PASSKEY)
bt_passkey_set(unsigned int passkey)5619 int bt_passkey_set(unsigned int passkey)
5620 {
5621 if (passkey == BT_PASSKEY_INVALID) {
5622 fixed_passkey = BT_PASSKEY_INVALID;
5623 return 0;
5624 }
5625
5626 if (passkey > 999999) {
5627 return -EINVAL;
5628 }
5629
5630 fixed_passkey = passkey;
5631 return 0;
5632 }
5633 #endif /* CONFIG_BT_FIXED_PASSKEY */
5634
bt_smp_start_security(struct bt_conn * conn)5635 int bt_smp_start_security(struct bt_conn *conn)
5636 {
5637 switch (conn->role) {
5638 #if defined(CONFIG_BT_CENTRAL)
5639 case BT_HCI_ROLE_CENTRAL:
5640 {
5641 int err;
5642 struct bt_smp *smp;
5643
5644 smp = smp_chan_get(conn);
5645 if (!smp) {
5646 return -ENOTCONN;
5647 }
5648
5649 /* pairing is in progress */
5650 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5651 return -EBUSY;
5652 }
5653
5654 /* Encryption is in progress */
5655 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
5656 return -EBUSY;
5657 }
5658
5659 if (!smp_keys_check(conn)) {
5660 return smp_send_pairing_req(conn);
5661 }
5662
5663 /* LE SC LTK and legacy central LTK are stored in same place */
5664 err = bt_conn_le_start_encryption(conn,
5665 conn->le.keys->ltk.rand,
5666 conn->le.keys->ltk.ediv,
5667 conn->le.keys->ltk.val,
5668 conn->le.keys->enc_size);
5669 if (err) {
5670 return err;
5671 }
5672
5673 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
5674 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
5675 return 0;
5676 }
5677 #endif /* CONFIG_BT_CENTRAL && CONFIG_BT_SMP */
5678 #if defined(CONFIG_BT_PERIPHERAL)
5679 case BT_HCI_ROLE_PERIPHERAL:
5680 return smp_send_security_req(conn);
5681 #endif /* CONFIG_BT_PERIPHERAL && CONFIG_BT_SMP */
5682 default:
5683 return -EINVAL;
5684 }
5685 }
5686
bt_smp_update_keys(struct bt_conn * conn)5687 void bt_smp_update_keys(struct bt_conn *conn)
5688 {
5689 struct bt_smp *smp;
5690
5691 smp = smp_chan_get(conn);
5692 if (!smp) {
5693 return;
5694 }
5695
5696 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
5697 return;
5698 }
5699
5700 /*
5701 * If link was successfully encrypted cleanup old keys as from now on
5702 * only keys distributed in this pairing or LTK from LE SC will be used.
5703 */
5704 if (conn->le.keys) {
5705 bt_keys_clear(conn->le.keys);
5706 }
5707
5708 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
5709 if (!conn->le.keys) {
5710 BT_ERR("Unable to get keys for %s",
5711 bt_addr_le_str(&conn->le.dst));
5712 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5713 return;
5714 }
5715
5716 /* mark keys as debug */
5717 if (atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY)) {
5718 conn->le.keys->flags |= BT_KEYS_DEBUG;
5719 }
5720
5721 /*
5722 * store key type deducted from pairing method used
5723 * it is important to store it since type is used to determine
5724 * security level upon encryption
5725 */
5726 switch (smp->method) {
5727 case PASSKEY_DISPLAY:
5728 case PASSKEY_INPUT:
5729 case PASSKEY_CONFIRM:
5730 case LE_SC_OOB:
5731 case LEGACY_OOB:
5732 conn->le.keys->flags |= BT_KEYS_AUTHENTICATED;
5733 break;
5734 case JUST_WORKS:
5735 default:
5736 /* unauthenticated key, clear it */
5737 conn->le.keys->flags &= ~BT_KEYS_AUTHENTICATED;
5738 break;
5739 }
5740
5741 conn->le.keys->enc_size = get_encryption_key_size(smp);
5742
5743 /*
5744 * Store LTK if LE SC is used, this is safe since LE SC is mutually
5745 * exclusive with legacy pairing. Other keys are added on keys
5746 * distribution.
5747 */
5748 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5749 conn->le.keys->flags |= BT_KEYS_SC;
5750
5751 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
5752 bt_keys_add_type(conn->le.keys, BT_KEYS_LTK_P256);
5753 memcpy(conn->le.keys->ltk.val, smp->tk,
5754 sizeof(conn->le.keys->ltk.val));
5755 (void)memset(conn->le.keys->ltk.rand, 0,
5756 sizeof(conn->le.keys->ltk.rand));
5757 (void)memset(conn->le.keys->ltk.ediv, 0,
5758 sizeof(conn->le.keys->ltk.ediv));
5759 }
5760 } else {
5761 conn->le.keys->flags &= ~BT_KEYS_SC;
5762 }
5763 }
5764
bt_smp_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)5765 static int bt_smp_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
5766 {
5767 int i;
5768 static const struct bt_l2cap_chan_ops ops = {
5769 .connected = bt_smp_connected,
5770 .disconnected = bt_smp_disconnected,
5771 .encrypt_change = bt_smp_encrypt_change,
5772 .recv = bt_smp_recv,
5773 };
5774
5775 BT_DBG("conn %p handle %u", conn, conn->handle);
5776
5777 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
5778 struct bt_smp *smp = &bt_smp_pool[i];
5779
5780 if (smp->chan.chan.conn) {
5781 continue;
5782 }
5783
5784 smp->chan.chan.ops = &ops;
5785
5786 *chan = &smp->chan.chan;
5787
5788 return 0;
5789 }
5790
5791 BT_ERR("No available SMP context for conn %p", conn);
5792
5793 return -ENOMEM;
5794 }
5795
5796 BT_L2CAP_CHANNEL_DEFINE(smp_fixed_chan, BT_L2CAP_CID_SMP, bt_smp_accept, NULL);
5797 #if defined(CONFIG_BT_BREDR)
5798 BT_L2CAP_CHANNEL_DEFINE(smp_br_fixed_chan, BT_L2CAP_CID_BR_SMP,
5799 bt_smp_br_accept, NULL);
5800 #endif /* CONFIG_BT_BREDR */
5801
bt_smp_init(void)5802 int bt_smp_init(void)
5803 {
5804 static struct bt_pub_key_cb pub_key_cb = {
5805 .func = bt_smp_pkey_ready,
5806 };
5807
5808 sc_supported = le_sc_supported();
5809 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) && !sc_supported) {
5810 BT_ERR("SC Pair Only Mode selected but LE SC not supported");
5811 return -ENOENT;
5812 }
5813
5814 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
5815 BT_WARN("BT_SMP_USB_HCI_CTLR_WORKAROUND is enabled, which "
5816 "exposes a security vulnerability!");
5817 }
5818
5819 BT_DBG("LE SC %s", sc_supported ? "enabled" : "disabled");
5820
5821 if (!IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
5822 bt_pub_key_gen(&pub_key_cb);
5823 }
5824
5825 return smp_self_test();
5826 }
5827
