1 /**
2 * @file smp.c
3 * Security Manager Protocol implementation
4 */
5
6 /*
7 * Copyright (c) 2017-2025 Nordic Semiconductor ASA
8 * Copyright (c) 2015-2016 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <errno.h>
14 #include <stddef.h>
15 #include <string.h>
16
17 #include <zephyr/bluetooth/bluetooth.h>
18 #include <zephyr/bluetooth/buf.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/hci.h>
21 #include <zephyr/debug/stack.h>
22 #include <zephyr/kernel.h>
23 #include <zephyr/net_buf.h>
24 #include <zephyr/sys/__assert.h>
25 #include <zephyr/sys/atomic.h>
26 #include <zephyr/sys/byteorder.h>
27 #include <zephyr/sys/check.h>
28 #include <zephyr/sys/util.h>
29
30
31 #include "common/bt_str.h"
32
33 #include "crypto/bt_crypto.h"
34
35 #include "hci_core.h"
36 #include "ecc.h"
37 #include "keys.h"
38 #include "conn_internal.h"
39 #include "l2cap_internal.h"
40 #include "smp.h"
41
42 #define LOG_LEVEL CONFIG_BT_SMP_LOG_LEVEL
43 #include <zephyr/logging/log.h>
44 LOG_MODULE_REGISTER(bt_smp);
45
46 #define SMP_TIMEOUT K_SECONDS(30)
47
48 #if defined(CONFIG_BT_SIGNING)
49 #define SIGN_DIST BT_SMP_DIST_SIGN
50 #else
51 #define SIGN_DIST 0
52 #endif
53
54 #if defined(CONFIG_BT_PRIVACY)
55 #define ID_DIST BT_SMP_DIST_ID_KEY
56 #else
57 #define ID_DIST 0
58 #endif
59
60 #if defined(CONFIG_BT_CLASSIC)
61 #define LINK_DIST BT_SMP_DIST_LINK_KEY
62 #else
63 #define LINK_DIST 0
64 #endif
65
66 #define RECV_KEYS (BT_SMP_DIST_ENC_KEY | BT_SMP_DIST_ID_KEY | SIGN_DIST |\
67 LINK_DIST)
68 #define SEND_KEYS (BT_SMP_DIST_ENC_KEY | ID_DIST | SIGN_DIST | LINK_DIST)
69
70 #define RECV_KEYS_SC (RECV_KEYS & ~(BT_SMP_DIST_ENC_KEY))
71 #define SEND_KEYS_SC (SEND_KEYS & ~(BT_SMP_DIST_ENC_KEY))
72
73 #define BR_RECV_KEYS_SC (RECV_KEYS & ~(LINK_DIST))
74 #define BR_SEND_KEYS_SC (SEND_KEYS & ~(LINK_DIST))
75
76 #define BT_SMP_AUTH_MASK 0x07
77
78 #if defined(CONFIG_BT_BONDABLE)
79 #define BT_SMP_AUTH_BONDING_FLAGS BT_SMP_AUTH_BONDING
80 #else
81 #define BT_SMP_AUTH_BONDING_FLAGS 0
82 #endif /* CONFIG_BT_BONDABLE */
83
84 #if defined(CONFIG_BT_CLASSIC)
85
86 #define BT_SMP_AUTH_MASK_SC 0x2f
87 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
88 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2)
89 #else
90 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_CT2 |\
91 BT_SMP_AUTH_SC)
92 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
93
94 #else
95
96 #define BT_SMP_AUTH_MASK_SC 0x0f
97 #if defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
98 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS)
99 #else
100 #define BT_SMP_AUTH_DEFAULT (BT_SMP_AUTH_BONDING_FLAGS | BT_SMP_AUTH_SC)
101 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
102
103 #endif /* CONFIG_BT_CLASSIC */
104
105 enum pairing_method {
106 JUST_WORKS, /* JustWorks pairing */
107 PASSKEY_INPUT, /* Passkey Entry input */
108 PASSKEY_DISPLAY, /* Passkey Entry display */
109 PASSKEY_CONFIRM, /* Passkey confirm */
110 PASSKEY_ROLE, /* Passkey Entry depends on role */
111 LE_SC_OOB, /* LESC Out of Band */
112 LEGACY_OOB, /* Legacy Out of Band */
113 };
114
115 enum {
116 SMP_FLAG_CFM_DELAYED, /* if confirm should be send when TK is valid */
117 SMP_FLAG_ENC_PENDING, /* if waiting for an encryption change event */
118 SMP_FLAG_KEYS_DISTR, /* if keys distribution phase is in progress */
119 SMP_FLAG_PAIRING, /* if pairing is in progress */
120 SMP_FLAG_TIMEOUT, /* if SMP timeout occurred */
121 SMP_FLAG_SC, /* if LE Secure Connections is used */
122 SMP_FLAG_PKEY_SEND, /* if should send Public Key when available */
123 SMP_FLAG_DHKEY_PENDING, /* if waiting for local DHKey */
124 SMP_FLAG_DHKEY_GEN, /* if generating DHKey */
125 SMP_FLAG_DHKEY_SEND, /* if should generate and send DHKey Check */
126 SMP_FLAG_USER, /* if waiting for user input */
127 SMP_FLAG_DISPLAY, /* if display_passkey() callback was called */
128 SMP_FLAG_OOB_PENDING, /* if waiting for OOB data */
129 SMP_FLAG_BOND, /* if bonding */
130 SMP_FLAG_SC_DEBUG_KEY, /* if Secure Connection are using debug key */
131 SMP_FLAG_SEC_REQ, /* if Security Request was sent/received */
132 SMP_FLAG_DHCHECK_WAIT, /* if waiting for remote DHCheck (as periph) */
133 SMP_FLAG_DERIVE_LK, /* if Link Key should be derived */
134 SMP_FLAG_BR_CONNECTED, /* if BR/EDR channel is connected */
135 SMP_FLAG_BR_PAIR, /* if should start BR/EDR pairing */
136 SMP_FLAG_CT2, /* if should use H7 for keys derivation */
137
138 /* Total number of flags - must be at the end */
139 SMP_NUM_FLAGS,
140 };
141
142 /* SMP channel specific context */
143 struct bt_smp {
144 /* Commands that remote is allowed to send */
145 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
146
147 /* Flags for SMP state machine */
148 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
149
150 /* Type of method used for pairing */
151 uint8_t method;
152
153 /* Pairing Request PDU */
154 uint8_t preq[7];
155
156 /* Pairing Response PDU */
157 uint8_t prsp[7];
158
159 /* Pairing Confirm PDU */
160 uint8_t pcnf[16];
161
162 /* Local random number */
163 uint8_t prnd[16];
164
165 /* Remote random number */
166 uint8_t rrnd[16];
167
168 /* Temporary key */
169 uint8_t tk[16];
170
171 /* Remote Public Key for LE SC */
172 uint8_t pkey[BT_PUB_KEY_LEN];
173
174 /* DHKey */
175 uint8_t dhkey[BT_DH_KEY_LEN];
176
177 /* Remote DHKey check */
178 uint8_t e[16];
179
180 /* MacKey */
181 uint8_t mackey[16];
182
183 /* LE SC passkey */
184 uint32_t passkey;
185
186 /* LE SC passkey round */
187 uint8_t passkey_round;
188
189 /* LE SC local OOB data */
190 const struct bt_le_oob_sc_data *oobd_local;
191
192 /* LE SC remote OOB data */
193 const struct bt_le_oob_sc_data *oobd_remote;
194
195 /* Local key distribution */
196 uint8_t local_dist;
197
198 /* Remote key distribution */
199 uint8_t remote_dist;
200
201 /* The channel this context is associated with.
202 * This marks the beginning of the part of the structure that will not
203 * be memset to zero in init.
204 */
205 struct bt_l2cap_le_chan chan;
206
207 /* Delayed work for timeout handling */
208 struct k_work_delayable work;
209
210 /* Used Bluetooth authentication callbacks. */
211 atomic_ptr_t auth_cb;
212
213 /* Bondable flag */
214 atomic_t bondable;
215 };
216
217 static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
218
219 #define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
220 fixed_passkey != BT_PASSKEY_INVALID && \
221 (smp)->method == PASSKEY_DISPLAY)
222
223 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
224 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
225 static const uint8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
226 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
227 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
228 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
229 PASSKEY_DISPLAY },
230 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
231 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
232 PASSKEY_ROLE },
233 };
234 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
235
236 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
237 /* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
238 static const uint8_t gen_method_sc[5 /* remote */][5 /* local */] = {
239 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
240 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
241 PASSKEY_CONFIRM },
242 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
243 PASSKEY_DISPLAY },
244 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
245 { PASSKEY_DISPLAY, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS,
246 PASSKEY_CONFIRM },
247 };
248 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
249
250 #if defined(CONFIG_BT_CLASSIC)
251 /* SMP over BR/EDR channel specific context */
252 struct bt_smp_br {
253 /* Commands that remote is allowed to send */
254 ATOMIC_DEFINE(allowed_cmds, BT_SMP_NUM_CMDS);
255
256 /* Flags for SMP state machine */
257 ATOMIC_DEFINE(flags, SMP_NUM_FLAGS);
258
259 /* Local key distribution */
260 uint8_t local_dist;
261
262 /* Remote key distribution */
263 uint8_t remote_dist;
264
265 /* Encryption Key Size used for connection */
266 uint8_t enc_key_size;
267
268 /* The channel this context is associated with.
269 * This marks the beginning of the part of the structure that will not
270 * be memset to zero in init.
271 */
272 struct bt_l2cap_br_chan chan;
273
274 /* Delayed work for timeout handling */
275 struct k_work_delayable work;
276 };
277
278 static struct bt_smp_br bt_smp_br_pool[CONFIG_BT_MAX_CONN];
279 #endif /* CONFIG_BT_CLASSIC */
280
281 static struct bt_smp bt_smp_pool[CONFIG_BT_MAX_CONN];
282 static bool bondable = IS_ENABLED(CONFIG_BT_BONDABLE);
283 static bool sc_oobd_present;
284 static bool legacy_oobd_present;
285 static bool sc_supported;
286 static const uint8_t *sc_public_key;
287
288 static void bt_smp_pkey_ready(const uint8_t *pkey);
289 static struct {
290 struct k_mutex lock;
291 struct k_condvar condvar;
292 struct bt_pub_key_cb cb;
293 } pub_key_gen = {
294 .lock = Z_MUTEX_INITIALIZER(pub_key_gen.lock),
295 .condvar = Z_CONDVAR_INITIALIZER(pub_key_gen.condvar),
296 .cb = {
297 .func = bt_smp_pkey_ready,
298 },
299 };
300
301 /* Pointer to internal data is used to mark that callbacks of given SMP channel are not initialized.
302 * Value of NULL represents no authentication capabilities and cannot be used for that purpose.
303 */
304 #define BT_SMP_AUTH_CB_UNINITIALIZED ((atomic_ptr_val_t)bt_smp_pool)
305
306 /* Value used to mark that per-connection bondable flag is not initialized.
307 * Value false/true represent if flag is cleared or set and cannot be used for that purpose.
308 */
309 #define BT_SMP_BONDABLE_UNINITIALIZED ((atomic_val_t)-1)
310
le_sc_supported(void)311 static bool le_sc_supported(void)
312 {
313 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
314 return false;
315 }
316
317 return IS_ENABLED(CONFIG_BT_ECC);
318 }
319
latch_auth_cb(struct bt_smp * smp)320 static const struct bt_conn_auth_cb *latch_auth_cb(struct bt_smp *smp)
321 {
322 (void)atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED,
323 (atomic_ptr_val_t)bt_auth);
324
325 return atomic_ptr_get(&smp->auth_cb);
326 }
327
latch_bondable(struct bt_smp * smp)328 static bool latch_bondable(struct bt_smp *smp)
329 {
330 (void)atomic_cas(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED, (atomic_val_t)bondable);
331
332 return atomic_get(&smp->bondable);
333 }
334
get_io_capa(struct bt_smp * smp)335 static uint8_t get_io_capa(struct bt_smp *smp)
336 {
337 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
338
339 if (!smp_auth_cb) {
340 goto no_callbacks;
341 }
342
343 /* Passkey Confirmation is valid only for LE SC */
344 if (smp_auth_cb->passkey_display && smp_auth_cb->passkey_entry &&
345 (smp_auth_cb->passkey_confirm || !sc_supported)) {
346 return BT_SMP_IO_KEYBOARD_DISPLAY;
347 }
348
349 /* DisplayYesNo is useful only for LE SC */
350 if (sc_supported && smp_auth_cb->passkey_display &&
351 smp_auth_cb->passkey_confirm) {
352 return BT_SMP_IO_DISPLAY_YESNO;
353 }
354
355 if (smp_auth_cb->passkey_entry) {
356 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
357 fixed_passkey != BT_PASSKEY_INVALID) {
358 return BT_SMP_IO_KEYBOARD_DISPLAY;
359 } else {
360 return BT_SMP_IO_KEYBOARD_ONLY;
361 }
362 }
363
364 if (smp_auth_cb->passkey_display) {
365 return BT_SMP_IO_DISPLAY_ONLY;
366 }
367
368 no_callbacks:
369 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
370 fixed_passkey != BT_PASSKEY_INVALID) {
371 return BT_SMP_IO_DISPLAY_ONLY;
372 } else {
373 return BT_SMP_IO_NO_INPUT_OUTPUT;
374 }
375 }
376
377 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
378 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io);
379 #endif
380
smp_keys_check(struct bt_conn * conn)381 static bool smp_keys_check(struct bt_conn *conn)
382 {
383 if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
384 return false;
385 }
386
387 if (!conn->le.keys) {
388 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
389 conn->id, &conn->le.dst);
390 if (!conn->le.keys) {
391 conn->le.keys = bt_keys_find(BT_KEYS_LTK,
392 conn->id,
393 &conn->le.dst);
394 }
395 }
396
397 if (!conn->le.keys ||
398 !(conn->le.keys->keys & (BT_KEYS_LTK | BT_KEYS_LTK_P256))) {
399 return false;
400 }
401
402 if (conn->required_sec_level >= BT_SECURITY_L3 &&
403 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
404 return false;
405 }
406
407 if (conn->required_sec_level >= BT_SECURITY_L4 &&
408 !((conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
409 (conn->le.keys->keys & BT_KEYS_LTK_P256) &&
410 (conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE))) {
411 return false;
412 }
413
414 return true;
415 }
416
get_pair_method(struct bt_smp * smp,uint8_t remote_io)417 static uint8_t get_pair_method(struct bt_smp *smp, uint8_t remote_io)
418 {
419 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
420 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
421 return legacy_get_pair_method(smp, remote_io);
422 }
423 #endif
424
425 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
426 struct bt_smp_pairing *req, *rsp;
427
428 req = (struct bt_smp_pairing *)&smp->preq[1];
429 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
430
431 if ((req->auth_req & rsp->auth_req) & BT_SMP_AUTH_SC) {
432 /* if one side has OOB data use OOB */
433 if ((req->oob_flag | rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
434 return LE_SC_OOB;
435 }
436 }
437
438 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
439 return JUST_WORKS;
440 }
441
442 /* if none side requires MITM use JustWorks */
443 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
444 return JUST_WORKS;
445 }
446
447 return gen_method_sc[remote_io][get_io_capa(smp)];
448 #else
449 return JUST_WORKS;
450 #endif
451 }
452
security_err_get(uint8_t smp_err)453 static enum bt_security_err security_err_get(uint8_t smp_err)
454 {
455 switch (smp_err) {
456 case BT_SMP_ERR_PASSKEY_ENTRY_FAILED:
457 case BT_SMP_ERR_DHKEY_CHECK_FAILED:
458 case BT_SMP_ERR_NUMERIC_COMP_FAILED:
459 case BT_SMP_ERR_CONFIRM_FAILED:
460 return BT_SECURITY_ERR_AUTH_FAIL;
461 case BT_SMP_ERR_OOB_NOT_AVAIL:
462 return BT_SECURITY_ERR_OOB_NOT_AVAILABLE;
463 case BT_SMP_ERR_AUTH_REQUIREMENTS:
464 case BT_SMP_ERR_ENC_KEY_SIZE:
465 return BT_SECURITY_ERR_AUTH_REQUIREMENT;
466 case BT_SMP_ERR_PAIRING_NOTSUPP:
467 case BT_SMP_ERR_CMD_NOTSUPP:
468 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
469 case BT_SMP_ERR_REPEATED_ATTEMPTS:
470 case BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS:
471 case BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED:
472 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
473 case BT_SMP_ERR_INVALID_PARAMS:
474 return BT_SECURITY_ERR_INVALID_PARAM;
475 case BT_SMP_ERR_KEY_REJECTED:
476 return BT_SECURITY_ERR_KEY_REJECTED;
477 case BT_SMP_ERR_UNSPECIFIED:
478 default:
479 return BT_SECURITY_ERR_UNSPECIFIED;
480 }
481 }
482
483 #if defined(CONFIG_BT_SECURITY_ERR_TO_STR)
bt_security_err_to_str(enum bt_security_err err)484 const char *bt_security_err_to_str(enum bt_security_err err)
485 {
486 #define SEC_ERR(err) [err] = #err
487
488 const char * const mapping_table[] = {
489 SEC_ERR(BT_SECURITY_ERR_SUCCESS),
490 SEC_ERR(BT_SECURITY_ERR_AUTH_FAIL),
491 SEC_ERR(BT_SECURITY_ERR_PIN_OR_KEY_MISSING),
492 SEC_ERR(BT_SECURITY_ERR_OOB_NOT_AVAILABLE),
493 SEC_ERR(BT_SECURITY_ERR_AUTH_REQUIREMENT),
494 SEC_ERR(BT_SECURITY_ERR_PAIR_NOT_SUPPORTED),
495 SEC_ERR(BT_SECURITY_ERR_PAIR_NOT_ALLOWED),
496 SEC_ERR(BT_SECURITY_ERR_INVALID_PARAM),
497 SEC_ERR(BT_SECURITY_ERR_KEY_REJECTED),
498 SEC_ERR(BT_SECURITY_ERR_UNSPECIFIED),
499 };
500
501 if (err < ARRAY_SIZE(mapping_table) && mapping_table[err]) {
502 return mapping_table[err];
503 } else {
504 return "(unknown)";
505 }
506
507 #undef SEC_ERR
508 }
509 #endif /* CONFIG_BT_SECURITY_ERR_TO_STR */
510
smp_err_get(enum bt_security_err auth_err)511 static uint8_t smp_err_get(enum bt_security_err auth_err)
512 {
513 switch (auth_err) {
514 case BT_SECURITY_ERR_OOB_NOT_AVAILABLE:
515 return BT_SMP_ERR_OOB_NOT_AVAIL;
516
517 case BT_SECURITY_ERR_AUTH_FAIL:
518 case BT_SECURITY_ERR_AUTH_REQUIREMENT:
519 return BT_SMP_ERR_AUTH_REQUIREMENTS;
520
521 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
522 return BT_SMP_ERR_PAIRING_NOTSUPP;
523
524 case BT_SECURITY_ERR_INVALID_PARAM:
525 return BT_SMP_ERR_INVALID_PARAMS;
526
527 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
528 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
529 case BT_SECURITY_ERR_UNSPECIFIED:
530 return BT_SMP_ERR_UNSPECIFIED;
531 default:
532 return 0;
533 }
534 }
535
536 #if defined(CONFIG_BT_SMP_ERR_TO_STR)
bt_smp_err_to_str(uint8_t smp_err)537 const char *bt_smp_err_to_str(uint8_t smp_err)
538 {
539 #define SMP_ERR(err) [err] = #err
540
541 const char * const mapping_table[] = {
542 SMP_ERR(BT_SMP_ERR_SUCCESS),
543 SMP_ERR(BT_SMP_ERR_PASSKEY_ENTRY_FAILED),
544 SMP_ERR(BT_SMP_ERR_OOB_NOT_AVAIL),
545 SMP_ERR(BT_SMP_ERR_AUTH_REQUIREMENTS),
546 SMP_ERR(BT_SMP_ERR_CONFIRM_FAILED),
547 SMP_ERR(BT_SMP_ERR_PAIRING_NOTSUPP),
548 SMP_ERR(BT_SMP_ERR_ENC_KEY_SIZE),
549 SMP_ERR(BT_SMP_ERR_CMD_NOTSUPP),
550 SMP_ERR(BT_SMP_ERR_UNSPECIFIED),
551 SMP_ERR(BT_SMP_ERR_REPEATED_ATTEMPTS),
552 SMP_ERR(BT_SMP_ERR_INVALID_PARAMS),
553 SMP_ERR(BT_SMP_ERR_DHKEY_CHECK_FAILED),
554 SMP_ERR(BT_SMP_ERR_NUMERIC_COMP_FAILED),
555 SMP_ERR(BT_SMP_ERR_BREDR_PAIRING_IN_PROGRESS),
556 SMP_ERR(BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED),
557 SMP_ERR(BT_SMP_ERR_KEY_REJECTED),
558 };
559
560 if (smp_err < ARRAY_SIZE(mapping_table) && mapping_table[smp_err]) {
561 return mapping_table[smp_err];
562 } else {
563 return "(unknown)";
564 }
565
566 #undef SMP_ERR
567 }
568 #endif /* CONFIG_BT_SMP_ERR_TO_STR */
569
smp_create_pdu(struct bt_smp * smp,uint8_t op,size_t len)570 static struct net_buf *smp_create_pdu(struct bt_smp *smp, uint8_t op, size_t len)
571 {
572 struct bt_smp_hdr *hdr;
573 struct net_buf *buf;
574 k_timeout_t timeout;
575
576 /* Don't if session had already timed out */
577 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
578 timeout = K_NO_WAIT;
579 } else {
580 timeout = SMP_TIMEOUT;
581 }
582
583 /* Use smaller timeout if returning an error since that could be
584 * caused by lack of buffers.
585 */
586 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
587 if (!buf) {
588 /* If it was not possible to allocate a buffer within the
589 * timeout marked it as timed out.
590 */
591 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
592 return NULL;
593 }
594
595 hdr = net_buf_add(buf, sizeof(*hdr));
596 hdr->code = op;
597
598 return buf;
599 }
600
get_encryption_key_size(struct bt_smp * smp)601 static uint8_t get_encryption_key_size(struct bt_smp *smp)
602 {
603 struct bt_smp_pairing *req, *rsp;
604
605 req = (struct bt_smp_pairing *)&smp->preq[1];
606 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
607
608 /*
609 * The smaller value of the initiating and responding devices maximum
610 * encryption key length parameters shall be used as the encryption key
611 * size.
612 */
613 return MIN(req->max_key_size, rsp->max_key_size);
614 }
615
616 /* Check that if a new pairing procedure with an existing bond will not lower
617 * the established security level of the bond.
618 */
update_keys_check(struct bt_smp * smp,struct bt_keys * keys)619 static bool update_keys_check(struct bt_smp *smp, struct bt_keys *keys)
620 {
621 if (IS_ENABLED(CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY) &&
622 !atomic_test_bit(smp->flags, SMP_FLAG_SC) &&
623 smp->method != LEGACY_OOB) {
624 return false;
625 }
626
627 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) &&
628 smp->method != LEGACY_OOB) {
629 return false;
630 }
631
632 if (!keys ||
633 !(keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
634 return true;
635 }
636
637 if (keys->enc_size > get_encryption_key_size(smp)) {
638 return false;
639 }
640
641 if ((keys->keys & BT_KEYS_LTK_P256) &&
642 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
643 return false;
644 }
645
646 if ((keys->flags & BT_KEYS_AUTHENTICATED) &&
647 smp->method == JUST_WORKS) {
648 return false;
649 }
650
651 if (!IS_ENABLED(CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE) &&
652 (!(keys->flags & BT_KEYS_AUTHENTICATED)
653 && smp->method == JUST_WORKS)) {
654 if (!IS_ENABLED(CONFIG_BT_ID_ALLOW_UNAUTH_OVERWRITE) ||
655 (keys->id == smp->chan.chan.conn->id)) {
656 return false;
657 }
658 }
659
660 return true;
661 }
662
663 #ifndef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
update_debug_keys_check(struct bt_smp * smp)664 static bool update_debug_keys_check(struct bt_smp *smp)
665 {
666 struct bt_conn *conn = smp->chan.chan.conn;
667
668 if (!conn->le.keys) {
669 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
670 }
671
672 if (!conn->le.keys ||
673 !(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
674 return true;
675 }
676
677 if (conn->le.keys->flags & BT_KEYS_DEBUG) {
678 return true;
679 }
680
681 return false;
682 }
683 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
684
685 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_SIGNING) || \
686 !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
687 /* For TX callbacks */
688 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status);
689 #if defined(CONFIG_BT_CLASSIC)
690 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status);
691 #endif
692
smp_check_complete(struct bt_conn * conn,uint8_t dist_complete)693 static void smp_check_complete(struct bt_conn *conn, uint8_t dist_complete)
694 {
695 struct bt_l2cap_chan *chan;
696
697 if (conn->type == BT_CONN_TYPE_LE) {
698 struct bt_smp *smp;
699
700 chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_SMP);
701 __ASSERT(chan, "No SMP channel found");
702
703 smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
704 smp->local_dist &= ~dist_complete;
705
706 /* if all keys were distributed, pairing is done */
707 if (!smp->local_dist && !smp->remote_dist) {
708 smp_pairing_complete(smp, 0);
709 }
710
711 return;
712 }
713
714 #if defined(CONFIG_BT_CLASSIC)
715 if (conn->type == BT_CONN_TYPE_BR) {
716 struct bt_smp_br *smp;
717
718 chan = bt_l2cap_br_lookup_tx_cid(conn, BT_L2CAP_CID_BR_SMP);
719 __ASSERT(chan, "No SMP channel found");
720
721 smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
722 smp->local_dist &= ~dist_complete;
723
724 /* if all keys were distributed, pairing is done */
725 if (!smp->local_dist && !smp->remote_dist) {
726 smp_pairing_br_complete(smp, 0);
727 }
728 }
729 #endif
730 }
731 #endif
732
733 #if defined(CONFIG_BT_PRIVACY)
smp_id_sent(struct bt_conn * conn,void * user_data,int err)734 static void smp_id_sent(struct bt_conn *conn, void *user_data, int err)
735 {
736 if (!err) {
737 smp_check_complete(conn, BT_SMP_DIST_ID_KEY);
738 }
739 }
740 #endif /* CONFIG_BT_PRIVACY */
741
742 #if defined(CONFIG_BT_SIGNING)
smp_sign_info_sent(struct bt_conn * conn,void * user_data,int err)743 static void smp_sign_info_sent(struct bt_conn *conn, void *user_data, int err)
744 {
745 if (!err) {
746 smp_check_complete(conn, BT_SMP_DIST_SIGN);
747 }
748 }
749 #endif /* CONFIG_BT_SIGNING */
750
751 #if defined(CONFIG_BT_CLASSIC)
sc_derive_link_key(struct bt_smp * smp)752 static void sc_derive_link_key(struct bt_smp *smp)
753 {
754 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
755 static const uint8_t lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
756 struct bt_conn *conn = smp->chan.chan.conn;
757 struct bt_keys_link_key *link_key;
758 uint8_t ilk[16];
759
760 LOG_DBG("");
761
762 /* TODO handle errors? */
763
764 /*
765 * At this point remote device identity is known so we can use
766 * destination address here
767 */
768 link_key = bt_keys_get_link_key(&conn->le.dst.a);
769 if (!link_key) {
770 return;
771 }
772
773 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
774 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
775 static const uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74,
776 0x00, 0x00, 0x00, 0x00,
777 0x00, 0x00, 0x00, 0x00,
778 0x00, 0x00, 0x00, 0x00 };
779
780 if (bt_crypto_h7(salt, conn->le.keys->ltk.val, ilk)) {
781 bt_keys_link_key_clear(link_key);
782 return;
783 }
784 } else {
785 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.4 */
786 static const uint8_t tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
787
788 if (bt_crypto_h6(conn->le.keys->ltk.val, tmp1, ilk)) {
789 bt_keys_link_key_clear(link_key);
790 return;
791 }
792 }
793
794 if (bt_crypto_h6(ilk, lebr, link_key->val)) {
795 bt_keys_link_key_clear(link_key);
796 }
797
798 link_key->flags |= BT_LINK_KEY_SC;
799
800 if (conn->le.keys->flags & BT_KEYS_AUTHENTICATED) {
801 link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
802 } else {
803 link_key->flags &= ~BT_LINK_KEY_AUTHENTICATED;
804 }
805 }
806
smp_br_reset(struct bt_smp_br * smp)807 static void smp_br_reset(struct bt_smp_br *smp)
808 {
809 /* Clear flags first in case canceling of timeout fails. The SMP context
810 * shall be marked as timed out in that case.
811 */
812 atomic_set(smp->flags, 0);
813
814 /* If canceling fails the timeout handler will set the timeout flag and
815 * mark the it as timed out. No new pairing procedures shall be started
816 * on this connection if that happens.
817 */
818 (void)k_work_cancel_delayable(&smp->work);
819
820 atomic_set(smp->allowed_cmds, 0);
821
822 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
823 }
824
smp_pairing_br_complete(struct bt_smp_br * smp,uint8_t status)825 static void smp_pairing_br_complete(struct bt_smp_br *smp, uint8_t status)
826 {
827 struct bt_conn *conn = smp->chan.chan.conn;
828 struct bt_keys *keys;
829 bt_addr_le_t addr;
830
831 LOG_DBG("status 0x%x", status);
832
833 /* For dualmode devices LE address is same as BR/EDR address
834 * and is of public type.
835 */
836 bt_addr_copy(&addr.a, &conn->br.dst);
837 addr.type = BT_ADDR_LE_PUBLIC;
838 keys = bt_keys_find_addr(conn->id, &addr);
839
840 if (status) {
841 struct bt_conn_auth_info_cb *listener, *next;
842
843 if (keys) {
844 bt_keys_clear(keys);
845 }
846
847 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
848 next, node) {
849 if (listener->pairing_failed) {
850 listener->pairing_failed(smp->chan.chan.conn,
851 security_err_get(status));
852 }
853 }
854 } else {
855 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
856 struct bt_conn_auth_info_cb *listener, *next;
857
858 if (bond_flag && keys) {
859 bt_keys_store(keys);
860 }
861
862 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
863 next, node) {
864 if (listener->pairing_complete) {
865 listener->pairing_complete(smp->chan.chan.conn,
866 bond_flag);
867 }
868 }
869 }
870
871 smp_br_reset(smp);
872 }
873
smp_br_timeout(struct k_work * work)874 static void smp_br_timeout(struct k_work *work)
875 {
876 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
877 struct bt_smp_br *smp = CONTAINER_OF(dwork, struct bt_smp_br, work);
878
879 LOG_ERR("SMP Timeout");
880
881 smp_pairing_br_complete(smp, BT_SMP_ERR_UNSPECIFIED);
882 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
883 }
884
smp_br_send(struct bt_smp_br * smp,struct net_buf * buf,bt_conn_tx_cb_t cb)885 static void smp_br_send(struct bt_smp_br *smp, struct net_buf *buf,
886 bt_conn_tx_cb_t cb)
887 {
888 int err = bt_l2cap_br_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf, cb, NULL);
889
890 if (err) {
891 if (err == -ENOBUFS) {
892 LOG_ERR("Ran out of TX buffers or contexts.");
893 }
894
895 net_buf_unref(buf);
896 return;
897 }
898
899 k_work_reschedule(&smp->work, SMP_TIMEOUT);
900 }
901
bt_smp_br_connected(struct bt_l2cap_chan * chan)902 static void bt_smp_br_connected(struct bt_l2cap_chan *chan)
903 {
904 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
905
906 LOG_DBG("chan %p cid 0x%04x", chan,
907 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
908
909 atomic_set_bit(smp->flags, SMP_FLAG_BR_CONNECTED);
910
911 /*
912 * if this flag is set it means pairing was requested before channel
913 * was connected
914 */
915 if (atomic_test_bit(smp->flags, SMP_FLAG_BR_PAIR)) {
916 bt_smp_br_send_pairing_req(chan->conn);
917 }
918 }
919
bt_smp_br_disconnected(struct bt_l2cap_chan * chan)920 static void bt_smp_br_disconnected(struct bt_l2cap_chan *chan)
921 {
922 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
923
924 LOG_DBG("chan %p cid 0x%04x", chan,
925 CONTAINER_OF(chan, struct bt_l2cap_br_chan, chan)->tx.cid);
926
927 /* Channel disconnected callback is always called from a work handler
928 * so canceling of the timeout work should always succeed.
929 */
930 (void)k_work_cancel_delayable(&smp->work);
931
932 (void)memset(smp, 0, sizeof(*smp));
933 }
934
smp_br_init(struct bt_smp_br * smp)935 static void smp_br_init(struct bt_smp_br *smp)
936 {
937 /* Initialize SMP context excluding L2CAP channel context and anything
938 * else declared after.
939 */
940 (void)memset(smp, 0, offsetof(struct bt_smp_br, chan));
941
942 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
943 }
944
smp_br_derive_ltk(struct bt_smp_br * smp)945 static void smp_br_derive_ltk(struct bt_smp_br *smp)
946 {
947 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
948 static const uint8_t brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
949 struct bt_conn *conn = smp->chan.chan.conn;
950 struct bt_keys_link_key *link_key = conn->br.link_key;
951 struct bt_keys *keys;
952 bt_addr_le_t addr;
953 uint8_t ilk[16];
954
955 LOG_DBG("");
956
957 if (!link_key) {
958 return;
959 }
960
961 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) &&
962 conn->encrypt != BT_HCI_ENCRYPTION_ON_BR_AES_CCM) {
963 LOG_WRN("Using P192 Link Key for P256 LTK derivation");
964 }
965
966 /*
967 * For dualmode devices LE address is same as BR/EDR address and is of
968 * public type.
969 */
970 bt_addr_copy(&addr.a, &conn->br.dst);
971 addr.type = BT_ADDR_LE_PUBLIC;
972
973 keys = bt_keys_get_type(BT_KEYS_LTK_P256, conn->id, &addr);
974 if (!keys) {
975 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
976 return;
977 }
978
979 if (atomic_test_bit(smp->flags, SMP_FLAG_CT2)) {
980 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
981 static const uint8_t salt[16] = { 0x32, 0x70, 0x6d, 0x74,
982 0x00, 0x00, 0x00, 0x00,
983 0x00, 0x00, 0x00, 0x00,
984 0x00, 0x00, 0x00, 0x00 };
985
986 if (bt_crypto_h7(salt, link_key->val, ilk)) {
987 bt_keys_link_key_clear(link_key);
988 return;
989 }
990 } else {
991 /* constants as specified in Core Spec Vol.3 Part H 2.4.2.5 */
992 static const uint8_t tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
993
994 if (bt_crypto_h6(link_key->val, tmp2, ilk)) {
995 bt_keys_clear(keys);
996 return;
997 }
998 }
999
1000 if (bt_crypto_h6(ilk, brle, keys->ltk.val)) {
1001 bt_keys_clear(keys);
1002 return;
1003 }
1004
1005 (void)memset(keys->ltk.ediv, 0, sizeof(keys->ltk.ediv));
1006 (void)memset(keys->ltk.rand, 0, sizeof(keys->ltk.rand));
1007 keys->enc_size = smp->enc_key_size;
1008
1009 if (link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
1010 keys->flags |= BT_KEYS_AUTHENTICATED;
1011 } else {
1012 keys->flags &= ~BT_KEYS_AUTHENTICATED;
1013 }
1014
1015 LOG_DBG("LTK derived from LinkKey");
1016 }
1017
smp_br_create_pdu(struct bt_smp_br * smp,uint8_t op,size_t len)1018 static struct net_buf *smp_br_create_pdu(struct bt_smp_br *smp, uint8_t op,
1019 size_t len)
1020 {
1021 struct bt_smp_hdr *hdr;
1022 struct net_buf *buf;
1023 k_timeout_t timeout;
1024
1025 /* Don't if session had already timed out */
1026 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1027 timeout = K_NO_WAIT;
1028 } else {
1029 timeout = SMP_TIMEOUT;
1030 }
1031
1032 /* Use smaller timeout if returning an error since that could be
1033 * caused by lack of buffers.
1034 */
1035 buf = bt_l2cap_create_pdu_timeout(NULL, 0, timeout);
1036 if (!buf) {
1037 /* If it was not possible to allocate a buffer within the
1038 * timeout marked it as timed out.
1039 */
1040 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1041 return NULL;
1042 }
1043
1044 hdr = net_buf_add(buf, sizeof(*hdr));
1045 hdr->code = op;
1046
1047 return buf;
1048 }
1049
smp_br_distribute_keys(struct bt_smp_br * smp)1050 static void smp_br_distribute_keys(struct bt_smp_br *smp)
1051 {
1052 struct bt_conn *conn = smp->chan.chan.conn;
1053 struct bt_keys *keys;
1054 bt_addr_le_t addr;
1055
1056 /*
1057 * For dualmode devices LE address is same as BR/EDR address and is of
1058 * public type.
1059 */
1060 bt_addr_copy(&addr.a, &conn->br.dst);
1061 addr.type = BT_ADDR_LE_PUBLIC;
1062
1063 keys = bt_keys_get_addr(conn->id, &addr);
1064 if (!keys) {
1065 LOG_ERR("No keys space for %s", bt_addr_le_str(&addr));
1066 return;
1067 }
1068
1069 #if defined(CONFIG_BT_PRIVACY)
1070 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
1071 struct bt_smp_ident_info *id_info;
1072 struct bt_smp_ident_addr_info *id_addr_info;
1073 struct net_buf *buf;
1074
1075 smp->local_dist &= ~BT_SMP_DIST_ID_KEY;
1076
1077 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
1078 sizeof(*id_info));
1079 if (!buf) {
1080 LOG_ERR("Unable to allocate Ident Info buffer");
1081 return;
1082 }
1083
1084 id_info = net_buf_add(buf, sizeof(*id_info));
1085 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
1086
1087 smp_br_send(smp, buf, NULL);
1088
1089 buf = smp_br_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
1090 sizeof(*id_addr_info));
1091 if (!buf) {
1092 LOG_ERR("Unable to allocate Ident Addr Info buffer");
1093 return;
1094 }
1095
1096 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
1097 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
1098
1099 smp_br_send(smp, buf, smp_id_sent);
1100 }
1101 #endif /* CONFIG_BT_PRIVACY */
1102
1103 #if defined(CONFIG_BT_SIGNING)
1104 if (smp->local_dist & BT_SMP_DIST_SIGN) {
1105 struct bt_smp_signing_info *info;
1106 struct net_buf *buf;
1107
1108 smp->local_dist &= ~BT_SMP_DIST_SIGN;
1109
1110 buf = smp_br_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
1111 sizeof(*info));
1112 if (!buf) {
1113 LOG_ERR("Unable to allocate Signing Info buffer");
1114 return;
1115 }
1116
1117 info = net_buf_add(buf, sizeof(*info));
1118
1119 if (bt_rand(info->csrk, sizeof(info->csrk))) {
1120 LOG_ERR("Unable to get random bytes");
1121 return;
1122 }
1123
1124 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
1125 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
1126 memcpy(keys->local_csrk.val, info->csrk, 16);
1127 keys->local_csrk.cnt = 0U;
1128 }
1129
1130 smp_br_send(smp, buf, smp_sign_info_sent);
1131 }
1132 #endif /* CONFIG_BT_SIGNING */
1133 }
1134
smp_br_pairing_allowed(struct bt_smp_br * smp)1135 static bool smp_br_pairing_allowed(struct bt_smp_br *smp)
1136 {
1137 bt_addr_le_t addr;
1138 struct bt_conn *conn;
1139 struct bt_keys_link_key *key;
1140 bool le_bonded;
1141
1142 if (!smp->chan.chan.conn) {
1143 return false;
1144 }
1145
1146 conn = smp->chan.chan.conn;
1147
1148 addr.type = BT_ADDR_LE_PUBLIC;
1149 bt_addr_copy(&addr.a, &conn->br.dst);
1150 le_bonded = bt_le_bond_exists(BT_ID_DEFAULT, &addr);
1151
1152 key = bt_keys_find_link_key(&conn->br.dst);
1153 if (!key) {
1154 return false;
1155 }
1156
1157 /**
1158 * Core v6.0, Vol 3, Part C, 14.1 Cross-transport key derivation
1159 *
1160 * If an LE LTK already exists and the BR/EDR link key is weaker in either strength
1161 * or MITM protection, then neither device shall generate an LE LTK using cross-transport
1162 * key derivation from a BR/EDR link key.
1163 */
1164 if (le_bonded && !(key->flags & BT_LINK_KEY_AUTHENTICATED)) {
1165 return false;
1166 }
1167
1168 if (conn->encrypt == BT_HCI_ENCRYPTION_ON_BR_AES_CCM) {
1169 return true;
1170 }
1171
1172 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR) && conn->encrypt == BT_HCI_ENCRYPTION_ON_BR_E0) {
1173 LOG_WRN("Allowing BR/EDR SMP with P-192 key");
1174 return true;
1175 }
1176
1177 return false;
1178 }
1179
smp_br_pairing_req(struct bt_smp_br * smp,struct net_buf * buf)1180 static uint8_t smp_br_pairing_req(struct bt_smp_br *smp, struct net_buf *buf)
1181 {
1182 struct bt_smp_pairing *req = (void *)buf->data;
1183 struct bt_conn *conn = smp->chan.chan.conn;
1184 struct bt_smp_pairing *rsp;
1185 struct net_buf *rsp_buf;
1186 uint8_t max_key_size;
1187
1188 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1189 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1190 req->io_capability, req->oob_flag, req->auth_req,
1191 req->max_key_size, req->init_key_dist, req->resp_key_dist);
1192
1193 /*
1194 * If a Pairing Request is received over the BR/EDR transport when
1195 * either cross-transport key derivation/generation is not supported or
1196 * the BR/EDR transport is not encrypted using a Link Key generated
1197 * using P256, a Pairing Failed shall be sent with the error code
1198 * "Cross-transport Key Derivation/Generation not allowed" (0x0E)."
1199 */
1200 if (!smp_br_pairing_allowed(smp)) {
1201 return BT_SMP_ERR_CROSS_TRANSP_NOT_ALLOWED;
1202 }
1203
1204 max_key_size = bt_conn_enc_key_size(conn);
1205 if (!max_key_size) {
1206 LOG_DBG("Invalid encryption key size");
1207 return BT_SMP_ERR_UNSPECIFIED;
1208 }
1209
1210 if (req->max_key_size != max_key_size) {
1211 return BT_SMP_ERR_ENC_KEY_SIZE;
1212 }
1213
1214 rsp_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
1215 if (!rsp_buf) {
1216 return BT_SMP_ERR_UNSPECIFIED;
1217 }
1218
1219 smp_br_init(smp);
1220 smp->enc_key_size = max_key_size;
1221
1222 /*
1223 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1224 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1225 * Request/Response PDU shall be set to zero on transmission, and
1226 * ignored on reception.
1227 */
1228 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
1229
1230 rsp->auth_req = BT_SMP_AUTH_CT2;
1231 rsp->io_capability = 0x00;
1232 rsp->oob_flag = 0x00;
1233 rsp->max_key_size = max_key_size;
1234 rsp->init_key_dist = (req->init_key_dist & BR_RECV_KEYS_SC);
1235 rsp->resp_key_dist = (req->resp_key_dist & BR_RECV_KEYS_SC);
1236
1237 smp->local_dist = rsp->resp_key_dist;
1238 smp->remote_dist = rsp->init_key_dist;
1239
1240 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1241 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1242 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1243 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1244
1245 smp_br_send(smp, rsp_buf, NULL);
1246
1247 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1248
1249 /* If CT2 bit is set both side, set CT2 flag */
1250 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
1251 (req->auth_req & BT_SMP_AUTH_CT2)) {
1252 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
1253 }
1254
1255 /* derive LTK if requested and clear distribution bits */
1256 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1257 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1258 smp_br_derive_ltk(smp);
1259 }
1260 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1261 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1262
1263 /* BR/EDR acceptor is like LE Peripheral and distributes keys first */
1264 smp_br_distribute_keys(smp);
1265
1266 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1267 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1268 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1269 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1270 }
1271
1272 /* if all keys were distributed, pairing is done */
1273 if (!smp->local_dist && !smp->remote_dist) {
1274 smp_pairing_br_complete(smp, 0);
1275 }
1276
1277 return 0;
1278 }
1279
smp_br_pairing_rsp(struct bt_smp_br * smp,struct net_buf * buf)1280 static uint8_t smp_br_pairing_rsp(struct bt_smp_br *smp, struct net_buf *buf)
1281 {
1282 struct bt_smp_pairing *rsp = (void *)buf->data;
1283 struct bt_conn *conn = smp->chan.chan.conn;
1284 uint8_t max_key_size;
1285
1286 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
1287 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
1288 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
1289 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
1290
1291 max_key_size = bt_conn_enc_key_size(conn);
1292 if (!max_key_size) {
1293 LOG_DBG("Invalid encryption key size");
1294 return BT_SMP_ERR_UNSPECIFIED;
1295 }
1296
1297 if (rsp->max_key_size != max_key_size) {
1298 return BT_SMP_ERR_ENC_KEY_SIZE;
1299 }
1300
1301 smp->local_dist &= rsp->init_key_dist;
1302 smp->remote_dist &= rsp->resp_key_dist;
1303
1304 smp->local_dist &= BR_SEND_KEYS_SC;
1305 smp->remote_dist &= BR_RECV_KEYS_SC;
1306
1307 /* Peripheral distributes its keys first */
1308
1309 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
1310 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
1311 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1312 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1313 }
1314
1315 /*
1316 * CT2 flag is set in pairing req by bt_smp_br_send_pairing_req.
1317 * If CT2 bit is set both side, set CT2 flag.
1318 */
1319 if (rsp->auth_req & BT_SMP_AUTH_CT2) {
1320 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
1321 }
1322
1323 /* derive LTK if requested and clear distribution bits */
1324 if ((smp->local_dist & BT_SMP_DIST_ENC_KEY) &&
1325 (smp->remote_dist & BT_SMP_DIST_ENC_KEY)) {
1326 smp_br_derive_ltk(smp);
1327 }
1328 smp->local_dist &= ~BT_SMP_DIST_ENC_KEY;
1329 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
1330
1331 /* Pairing acceptor distributes it's keys first */
1332 if (smp->remote_dist) {
1333 return 0;
1334 }
1335
1336 smp_br_distribute_keys(smp);
1337
1338 /* if all keys were distributed, pairing is done */
1339 if (!smp->local_dist && !smp->remote_dist) {
1340 smp_pairing_br_complete(smp, 0);
1341 }
1342
1343 return 0;
1344 }
1345
smp_br_pairing_failed(struct bt_smp_br * smp,struct net_buf * buf)1346 static uint8_t smp_br_pairing_failed(struct bt_smp_br *smp, struct net_buf *buf)
1347 {
1348 struct bt_smp_pairing_fail *req = (void *)buf->data;
1349
1350 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
1351
1352 smp_pairing_br_complete(smp, req->reason);
1353 smp_br_reset(smp);
1354
1355 /* return no error to avoid sending Pairing Failed in response */
1356 return 0;
1357 }
1358
smp_br_ident_info(struct bt_smp_br * smp,struct net_buf * buf)1359 static uint8_t smp_br_ident_info(struct bt_smp_br *smp, struct net_buf *buf)
1360 {
1361 struct bt_smp_ident_info *req = (void *)buf->data;
1362 struct bt_conn *conn = smp->chan.chan.conn;
1363 struct bt_keys *keys;
1364 bt_addr_le_t addr;
1365
1366 LOG_DBG("");
1367
1368 /* TODO should we resolve LE address if matching RPA is connected? */
1369
1370 /*
1371 * For dualmode devices LE address is same as BR/EDR address and is of
1372 * public type.
1373 */
1374 bt_addr_copy(&addr.a, &conn->br.dst);
1375 addr.type = BT_ADDR_LE_PUBLIC;
1376
1377 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &addr);
1378 if (!keys) {
1379 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1380 return BT_SMP_ERR_UNSPECIFIED;
1381 }
1382
1383 memcpy(keys->irk.val, req->irk, sizeof(keys->irk.val));
1384
1385 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
1386
1387 return 0;
1388 }
1389
smp_br_ident_addr_info(struct bt_smp_br * smp,struct net_buf * buf)1390 static uint8_t smp_br_ident_addr_info(struct bt_smp_br *smp,
1391 struct net_buf *buf)
1392 {
1393 struct bt_conn *conn = smp->chan.chan.conn;
1394 struct bt_smp_ident_addr_info *req = (void *)buf->data;
1395 bt_addr_le_t addr;
1396
1397 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
1398
1399 /*
1400 * For dual mode device identity address must be same as BR/EDR address
1401 * and be of public type. So if received one doesn't match BR/EDR
1402 * address we fail.
1403 */
1404
1405 bt_addr_copy(&addr.a, &conn->br.dst);
1406 addr.type = BT_ADDR_LE_PUBLIC;
1407
1408 if (!bt_addr_le_eq(&addr, &req->addr)) {
1409 return BT_SMP_ERR_UNSPECIFIED;
1410 }
1411
1412 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
1413
1414 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
1415 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
1416 }
1417
1418 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1419 smp_br_distribute_keys(smp);
1420 }
1421
1422 /* if all keys were distributed, pairing is done */
1423 if (!smp->local_dist && !smp->remote_dist) {
1424 smp_pairing_br_complete(smp, 0);
1425 }
1426
1427 return 0;
1428 }
1429
1430 #if defined(CONFIG_BT_SIGNING)
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1431 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1432 {
1433 struct bt_smp_signing_info *req = (void *)buf->data;
1434 struct bt_conn *conn = smp->chan.chan.conn;
1435 struct bt_keys *keys;
1436 bt_addr_le_t addr;
1437
1438 LOG_DBG("");
1439
1440 /*
1441 * For dualmode devices LE address is same as BR/EDR address and is of
1442 * public type.
1443 */
1444 bt_addr_copy(&addr.a, &conn->br.dst);
1445 addr.type = BT_ADDR_LE_PUBLIC;
1446
1447 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id, &addr);
1448 if (!keys) {
1449 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&addr));
1450 return BT_SMP_ERR_UNSPECIFIED;
1451 }
1452
1453 memcpy(keys->remote_csrk.val, req->csrk, sizeof(keys->remote_csrk.val));
1454
1455 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
1456
1457 if (conn->role == BT_CONN_ROLE_CENTRAL && !smp->remote_dist) {
1458 smp_br_distribute_keys(smp);
1459 }
1460
1461 /* if all keys were distributed, pairing is done */
1462 if (!smp->local_dist && !smp->remote_dist) {
1463 smp_pairing_br_complete(smp, 0);
1464 }
1465
1466 return 0;
1467 }
1468 #else
smp_br_signing_info(struct bt_smp_br * smp,struct net_buf * buf)1469 static uint8_t smp_br_signing_info(struct bt_smp_br *smp, struct net_buf *buf)
1470 {
1471 return BT_SMP_ERR_CMD_NOTSUPP;
1472 }
1473 #endif /* CONFIG_BT_SIGNING */
1474
1475 static const struct {
1476 uint8_t (*func)(struct bt_smp_br *smp, struct net_buf *buf);
1477 uint8_t expect_len;
1478 } br_handlers[] = {
1479 { }, /* No op-code defined for 0x00 */
1480 { smp_br_pairing_req, sizeof(struct bt_smp_pairing) },
1481 { smp_br_pairing_rsp, sizeof(struct bt_smp_pairing) },
1482 { }, /* pairing confirm not used over BR/EDR */
1483 { }, /* pairing random not used over BR/EDR */
1484 { smp_br_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
1485 { }, /* encrypt info not used over BR/EDR */
1486 { }, /* central ident not used over BR/EDR */
1487 { smp_br_ident_info, sizeof(struct bt_smp_ident_info) },
1488 { smp_br_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
1489 { smp_br_signing_info, sizeof(struct bt_smp_signing_info) },
1490 /* security request not used over BR/EDR */
1491 /* public key not used over BR/EDR */
1492 /* DHKey check not used over BR/EDR */
1493 };
1494
smp_br_error(struct bt_smp_br * smp,uint8_t reason)1495 static int smp_br_error(struct bt_smp_br *smp, uint8_t reason)
1496 {
1497 struct bt_smp_pairing_fail *rsp;
1498 struct net_buf *buf;
1499
1500 /* reset context and report */
1501 smp_br_reset(smp);
1502
1503 buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1504 if (!buf) {
1505 return -ENOBUFS;
1506 }
1507
1508 rsp = net_buf_add(buf, sizeof(*rsp));
1509 rsp->reason = reason;
1510
1511 /*
1512 * SMP timer is not restarted for PairingFailed so don't use
1513 * smp_br_send
1514 */
1515 if (bt_l2cap_br_send_cb(smp->chan.chan.conn, BT_L2CAP_CID_BR_SMP, buf,
1516 NULL, NULL)) {
1517 net_buf_unref(buf);
1518 }
1519
1520 return 0;
1521 }
1522
bt_smp_br_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1523 static int bt_smp_br_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1524 {
1525 struct bt_smp_br *smp = CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
1526 struct bt_smp_hdr *hdr;
1527 uint8_t err;
1528
1529 if (buf->len < sizeof(*hdr)) {
1530 LOG_ERR("Too small SMP PDU received");
1531 return 0;
1532 }
1533
1534 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1535 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
1536
1537 /*
1538 * If SMP timeout occurred "no further SMP commands shall be sent over
1539 * the L2CAP Security Manager Channel. A new SM procedure shall only be
1540 * performed when a new physical link has been established."
1541 */
1542 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1543 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
1544 return 0;
1545 }
1546
1547 if (hdr->code >= ARRAY_SIZE(br_handlers) ||
1548 !br_handlers[hdr->code].func) {
1549 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
1550 smp_br_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
1551 return 0;
1552 }
1553
1554 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
1555 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
1556 smp_br_error(smp, BT_SMP_ERR_UNSPECIFIED);
1557 return 0;
1558 }
1559
1560 if (buf->len != br_handlers[hdr->code].expect_len) {
1561 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
1562 smp_br_error(smp, BT_SMP_ERR_INVALID_PARAMS);
1563 return 0;
1564 }
1565
1566 err = br_handlers[hdr->code].func(smp, buf);
1567 if (err) {
1568 smp_br_error(smp, err);
1569 }
1570
1571 return 0;
1572 }
1573
br_sc_supported(void)1574 static bool br_sc_supported(void)
1575 {
1576 if (IS_ENABLED(CONFIG_BT_SMP_FORCE_BREDR)) {
1577 LOG_WRN("Enabling BR/EDR SMP without BR/EDR SC support");
1578 return true;
1579 }
1580
1581 return BT_FEAT_SC(bt_dev.features);
1582 }
1583
bt_smp_br_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)1584 static int bt_smp_br_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
1585 {
1586 static const struct bt_l2cap_chan_ops ops = {
1587 .connected = bt_smp_br_connected,
1588 .disconnected = bt_smp_br_disconnected,
1589 .recv = bt_smp_br_recv,
1590 };
1591 int i;
1592
1593 /* Check BR/EDR SC is supported */
1594 if (!br_sc_supported()) {
1595 return -ENOTSUP;
1596 }
1597
1598 LOG_DBG("conn %p handle %u", conn, conn->handle);
1599
1600 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
1601 struct bt_smp_br *smp = &bt_smp_br_pool[i];
1602
1603 if (smp->chan.chan.conn) {
1604 continue;
1605 }
1606
1607 smp->chan.chan.ops = &ops;
1608
1609 *chan = &smp->chan.chan;
1610
1611 k_work_init_delayable(&smp->work, smp_br_timeout);
1612 smp_br_reset(smp);
1613
1614 return 0;
1615 }
1616
1617 LOG_ERR("No available SMP context for conn %p", conn);
1618
1619 return -ENOMEM;
1620 }
1621
smp_br_chan_get(struct bt_conn * conn)1622 static struct bt_smp_br *smp_br_chan_get(struct bt_conn *conn)
1623 {
1624 struct bt_l2cap_chan *chan;
1625
1626 chan = bt_l2cap_br_lookup_rx_cid(conn, BT_L2CAP_CID_BR_SMP);
1627 if (!chan) {
1628 LOG_ERR("Unable to find SMP channel");
1629 return NULL;
1630 }
1631
1632 return CONTAINER_OF(chan, struct bt_smp_br, chan.chan);
1633 }
1634
bt_smp_br_send_pairing_req(struct bt_conn * conn)1635 int bt_smp_br_send_pairing_req(struct bt_conn *conn)
1636 {
1637 struct bt_smp_pairing *req;
1638 struct net_buf *req_buf;
1639 uint8_t max_key_size;
1640 struct bt_smp_br *smp;
1641 uint8_t remote_fixed_chan;
1642
1643 remote_fixed_chan = bt_l2cap_br_get_remote_fixed_chan(conn);
1644 if (!(remote_fixed_chan & BIT(BT_L2CAP_CID_BR_SMP))) {
1645 return -ENOTSUP;
1646 }
1647
1648 smp = smp_br_chan_get(conn);
1649 if (!smp) {
1650 return -ENOTCONN;
1651 }
1652
1653 /* SMP Timeout */
1654 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
1655 return -EIO;
1656 }
1657
1658 /* pairing is in progress */
1659 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1660 return -EBUSY;
1661 }
1662
1663 /* check if we are allowed to start SMP over BR/EDR */
1664 if (!smp_br_pairing_allowed(smp)) {
1665 return 0;
1666 }
1667
1668 /* Channel not yet connected, will start pairing once connected */
1669 if (!atomic_test_bit(smp->flags, SMP_FLAG_BR_CONNECTED)) {
1670 atomic_set_bit(smp->flags, SMP_FLAG_BR_PAIR);
1671 return 0;
1672 }
1673
1674 max_key_size = bt_conn_enc_key_size(conn);
1675 if (!max_key_size) {
1676 LOG_DBG("Invalid encryption key size");
1677 return -EIO;
1678 }
1679
1680 smp_br_init(smp);
1681 smp->enc_key_size = max_key_size;
1682
1683 req_buf = smp_br_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
1684 if (!req_buf) {
1685 return -ENOBUFS;
1686 }
1687
1688 req = net_buf_add(req_buf, sizeof(*req));
1689
1690 /*
1691 * If Secure Connections pairing has been initiated over BR/EDR, the IO
1692 * Capability, OOB data flag and Auth Req fields of the SM Pairing
1693 * Request/Response PDU shall be set to zero on transmission, and
1694 * ignored on reception.
1695 */
1696
1697 req->auth_req = BT_SMP_AUTH_CT2;
1698 req->io_capability = 0x00;
1699 req->oob_flag = 0x00;
1700 req->max_key_size = max_key_size;
1701 req->init_key_dist = BR_SEND_KEYS_SC;
1702 req->resp_key_dist = BR_RECV_KEYS_SC;
1703
1704 smp_br_send(smp, req_buf, NULL);
1705
1706 smp->local_dist = BR_SEND_KEYS_SC;
1707 smp->remote_dist = BR_RECV_KEYS_SC;
1708
1709 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
1710
1711 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
1712
1713 return 0;
1714 }
1715 #endif /* CONFIG_BT_CLASSIC */
1716
smp_reset(struct bt_smp * smp)1717 static void smp_reset(struct bt_smp *smp)
1718 {
1719 struct bt_conn *conn = smp->chan.chan.conn;
1720
1721 /* Clear flags first in case canceling of timeout fails. The SMP context
1722 * shall be marked as timed out in that case.
1723 */
1724 atomic_set(smp->flags, 0);
1725
1726 /* If canceling fails the timeout handler will set the timeout flag and
1727 * mark the it as timed out. No new pairing procedures shall be started
1728 * on this connection if that happens.
1729 */
1730 (void)k_work_cancel_delayable(&smp->work);
1731
1732 smp->method = JUST_WORKS;
1733 atomic_set(smp->allowed_cmds, 0);
1734
1735 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1736 conn->role == BT_HCI_ROLE_CENTRAL) {
1737 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
1738 return;
1739 }
1740
1741 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
1742 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
1743 }
1744 }
1745
hci_err_get(enum bt_security_err err)1746 static uint8_t hci_err_get(enum bt_security_err err)
1747 {
1748 switch (err) {
1749 case BT_SECURITY_ERR_SUCCESS:
1750 return BT_HCI_ERR_SUCCESS;
1751 case BT_SECURITY_ERR_AUTH_FAIL:
1752 return BT_HCI_ERR_AUTH_FAIL;
1753 case BT_SECURITY_ERR_PIN_OR_KEY_MISSING:
1754 return BT_HCI_ERR_PIN_OR_KEY_MISSING;
1755 case BT_SECURITY_ERR_PAIR_NOT_SUPPORTED:
1756 return BT_HCI_ERR_PAIRING_NOT_SUPPORTED;
1757 case BT_SECURITY_ERR_PAIR_NOT_ALLOWED:
1758 return BT_HCI_ERR_PAIRING_NOT_ALLOWED;
1759 case BT_SECURITY_ERR_INVALID_PARAM:
1760 return BT_HCI_ERR_INVALID_PARAM;
1761 default:
1762 return BT_HCI_ERR_UNSPECIFIED;
1763 }
1764 }
1765
1766 /* Note: This function not only does set the status but also calls smp_reset
1767 * at the end which clears any flags previously set.
1768 */
smp_pairing_complete(struct bt_smp * smp,uint8_t status)1769 static void smp_pairing_complete(struct bt_smp *smp, uint8_t status)
1770 {
1771 struct bt_conn *conn = smp->chan.chan.conn;
1772
1773 LOG_DBG("got status 0x%x", status);
1774
1775 if (conn->le.keys == NULL) {
1776 /* We can get here if the application calls `bt_unpair` in the
1777 * `security_changed` callback.
1778 */
1779 LOG_WRN("The in-progress pairing has been deleted!");
1780 status = BT_SMP_ERR_UNSPECIFIED;
1781 }
1782
1783 if (!status) {
1784 #if defined(CONFIG_BT_CLASSIC)
1785 /*
1786 * Don't derive if Debug Keys are used.
1787 * TODO should we allow this if BR/EDR is already connected?
1788 */
1789 if (atomic_test_bit(smp->flags, SMP_FLAG_DERIVE_LK) &&
1790 (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) ||
1791 IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS))) {
1792 sc_derive_link_key(smp);
1793 }
1794 #endif /* CONFIG_BT_CLASSIC */
1795 bool bond_flag = atomic_test_bit(smp->flags, SMP_FLAG_BOND);
1796 struct bt_conn_auth_info_cb *listener, *next;
1797
1798 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
1799 bt_keys_show_sniffer_info(conn->le.keys, NULL);
1800 }
1801
1802 if (bond_flag && conn->le.keys) {
1803 bt_keys_store(conn->le.keys);
1804 }
1805
1806 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
1807 next, node) {
1808 if (listener->pairing_complete) {
1809 listener->pairing_complete(conn, bond_flag);
1810 }
1811 }
1812 } else {
1813 enum bt_security_err security_err = security_err_get(status);
1814
1815 /* Clear the key pool entry in case of pairing failure if the
1816 * keys already existed before the pairing procedure or the
1817 * pairing failed during key distribution.
1818 */
1819 if (conn->le.keys &&
1820 (!conn->le.keys->enc_size ||
1821 atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR))) {
1822 bt_keys_clear(conn->le.keys);
1823 conn->le.keys = NULL;
1824 }
1825
1826 if (!atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
1827 bt_conn_security_changed(conn,
1828 hci_err_get(security_err),
1829 security_err);
1830 }
1831
1832 /* Check SMP_FLAG_PAIRING as bt_conn_security_changed may
1833 * have called the pairing_failed callback already.
1834 */
1835 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
1836 struct bt_conn_auth_info_cb *listener, *next;
1837
1838 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs,
1839 listener, next,
1840 node) {
1841 if (listener->pairing_failed) {
1842 listener->pairing_failed(conn, security_err);
1843 }
1844 }
1845 }
1846 }
1847
1848 smp_reset(smp);
1849
1850 if (conn->state == BT_CONN_CONNECTED && conn->sec_level != conn->required_sec_level) {
1851 bt_smp_start_security(conn);
1852 }
1853 }
1854
smp_timeout(struct k_work * work)1855 static void smp_timeout(struct k_work *work)
1856 {
1857 struct k_work_delayable *dwork = k_work_delayable_from_work(work);
1858 struct bt_smp *smp = CONTAINER_OF(dwork, struct bt_smp, work);
1859
1860 LOG_ERR("SMP Timeout");
1861
1862 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
1863
1864 /* smp_pairing_complete clears flags so setting timeout flag must come
1865 * after it.
1866 */
1867 atomic_set_bit(smp->flags, SMP_FLAG_TIMEOUT);
1868 }
1869
smp_send(struct bt_smp * smp,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)1870 static void smp_send(struct bt_smp *smp, struct net_buf *buf,
1871 bt_conn_tx_cb_t cb, void *user_data)
1872 {
1873 __ASSERT_NO_MSG(user_data == NULL);
1874
1875 int err = bt_l2cap_send_pdu(&smp->chan, buf, cb, NULL);
1876
1877 if (err) {
1878 if (err == -ENOBUFS) {
1879 LOG_ERR("Ran out of TX buffers or contexts.");
1880 }
1881
1882 net_buf_unref(buf);
1883 return;
1884 }
1885
1886 k_work_reschedule(&smp->work, SMP_TIMEOUT);
1887 }
1888
smp_error(struct bt_smp * smp,uint8_t reason)1889 static int smp_error(struct bt_smp *smp, uint8_t reason)
1890 {
1891 struct bt_smp_pairing_fail *rsp;
1892 struct net_buf *buf;
1893 bool remote_already_completed;
1894
1895 /* By spec, SMP "pairing process" completes successfully when the last
1896 * key to distribute is acknowledged at link-layer.
1897 */
1898 remote_already_completed = (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR) &&
1899 !smp->local_dist && !smp->remote_dist);
1900
1901 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
1902 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
1903 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
1904 /* reset context and report */
1905 smp_pairing_complete(smp, reason);
1906 }
1907
1908 if (remote_already_completed) {
1909 LOG_WRN("SMP does not allow a pairing failure at this point. Known issue. "
1910 "Disconnecting instead.");
1911 /* We are probably here because we are, as a peripheral, rejecting a pairing based
1912 * on the central's identity address information, but that was the last key to
1913 * be transmitted. In that case, the pairing process is already completed.
1914 * The SMP protocol states that the pairing process is completed the moment the
1915 * peripheral link-layer confirmed the reception of the PDU with the last key.
1916 */
1917 bt_conn_disconnect(smp->chan.chan.conn, BT_HCI_ERR_AUTH_FAIL);
1918 return 0;
1919 }
1920
1921 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
1922 if (!buf) {
1923 return -ENOBUFS;
1924 }
1925
1926 rsp = net_buf_add(buf, sizeof(*rsp));
1927 rsp->reason = reason;
1928
1929 /* SMP timer is not restarted for PairingFailed so don't use smp_send */
1930 if (bt_l2cap_send_pdu(&smp->chan, buf, NULL, NULL)) {
1931 net_buf_unref(buf);
1932 }
1933
1934 return 0;
1935 }
1936
smp_send_pairing_random(struct bt_smp * smp)1937 static uint8_t smp_send_pairing_random(struct bt_smp *smp)
1938 {
1939 struct bt_smp_pairing_random *req;
1940 struct net_buf *rsp_buf;
1941
1942 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
1943 if (!rsp_buf) {
1944 return BT_SMP_ERR_UNSPECIFIED;
1945 }
1946
1947 req = net_buf_add(rsp_buf, sizeof(*req));
1948 memcpy(req->val, smp->prnd, sizeof(req->val));
1949
1950 smp_send(smp, rsp_buf, NULL, NULL);
1951
1952 return 0;
1953 }
1954
1955 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_c1(const uint8_t k[16],const uint8_t r[16],const uint8_t preq[7],const uint8_t pres[7],const bt_addr_le_t * ia,const bt_addr_le_t * ra,uint8_t enc_data[16])1956 static int smp_c1(const uint8_t k[16], const uint8_t r[16],
1957 const uint8_t preq[7], const uint8_t pres[7],
1958 const bt_addr_le_t *ia, const bt_addr_le_t *ra,
1959 uint8_t enc_data[16])
1960 {
1961 uint8_t p1[16], p2[16];
1962 int err;
1963
1964 LOG_DBG("k %s", bt_hex(k, 16));
1965 LOG_DBG("r %s", bt_hex(r, 16));
1966 LOG_DBG("ia %s", bt_addr_le_str(ia));
1967 LOG_DBG("ra %s", bt_addr_le_str(ra));
1968 LOG_DBG("preq %s", bt_hex(preq, 7));
1969 LOG_DBG("pres %s", bt_hex(pres, 7));
1970
1971 /* pres, preq, rat and iat are concatenated to generate p1 */
1972 p1[0] = ia->type;
1973 p1[1] = ra->type;
1974 memcpy(p1 + 2, preq, 7);
1975 memcpy(p1 + 9, pres, 7);
1976
1977 LOG_DBG("p1 %s", bt_hex(p1, 16));
1978
1979 /* c1 = e(k, e(k, r XOR p1) XOR p2) */
1980
1981 /* Using enc_data as temporary output buffer */
1982 mem_xor_128(enc_data, r, p1);
1983
1984 err = bt_encrypt_le(k, enc_data, enc_data);
1985 if (err) {
1986 return err;
1987 }
1988
1989 /* ra is concatenated with ia and padding to generate p2 */
1990 memcpy(p2, ra->a.val, 6);
1991 memcpy(p2 + 6, ia->a.val, 6);
1992 (void)memset(p2 + 12, 0, 4);
1993
1994 LOG_DBG("p2 %s", bt_hex(p2, 16));
1995
1996 mem_xor_128(enc_data, p2, enc_data);
1997
1998 return bt_encrypt_le(k, enc_data, enc_data);
1999 }
2000 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2001
smp_send_pairing_confirm(struct bt_smp * smp)2002 static uint8_t smp_send_pairing_confirm(struct bt_smp *smp)
2003 {
2004 struct bt_smp_pairing_confirm *req;
2005 struct net_buf *buf;
2006 uint8_t r;
2007
2008 switch (smp->method) {
2009 case PASSKEY_CONFIRM:
2010 case JUST_WORKS:
2011 r = 0U;
2012 break;
2013 case PASSKEY_DISPLAY:
2014 case PASSKEY_INPUT:
2015 /*
2016 * In the Passkey Entry protocol, the most significant
2017 * bit of Z is set equal to one and the least
2018 * significant bit is made up from one bit of the
2019 * passkey e.g. if the passkey bit is 1, then Z = 0x81
2020 * and if the passkey bit is 0, then Z = 0x80.
2021 */
2022 r = (smp->passkey >> smp->passkey_round) & 0x01;
2023 r |= 0x80;
2024 break;
2025 default:
2026 LOG_ERR("Unknown pairing method (%u)", smp->method);
2027 return BT_SMP_ERR_UNSPECIFIED;
2028 }
2029
2030 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2031 if (!buf) {
2032 return BT_SMP_ERR_UNSPECIFIED;
2033 }
2034
2035 req = net_buf_add(buf, sizeof(*req));
2036
2037 if (bt_crypto_f4(sc_public_key, smp->pkey, smp->prnd, r, req->val)) {
2038 net_buf_unref(buf);
2039 return BT_SMP_ERR_UNSPECIFIED;
2040 }
2041
2042 smp_send(smp, buf, NULL, NULL);
2043
2044 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2045
2046 return 0;
2047 }
2048
2049 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_ident_sent(struct bt_conn * conn,void * user_data,int err)2050 static void smp_ident_sent(struct bt_conn *conn, void *user_data, int err)
2051 {
2052 if (!err) {
2053 smp_check_complete(conn, BT_SMP_DIST_ENC_KEY);
2054 }
2055 }
2056
legacy_distribute_keys(struct bt_smp * smp)2057 static void legacy_distribute_keys(struct bt_smp *smp)
2058 {
2059 struct bt_conn *conn = smp->chan.chan.conn;
2060 struct bt_keys *keys = conn->le.keys;
2061
2062 if (smp->local_dist & BT_SMP_DIST_ENC_KEY) {
2063 struct bt_smp_encrypt_info *info;
2064 struct bt_smp_central_ident *ident;
2065 struct net_buf *buf;
2066 /* Use struct to get randomness in single call to bt_rand */
2067 struct {
2068 uint8_t key[16];
2069 uint8_t rand[8];
2070 uint8_t ediv[2];
2071 } rand;
2072
2073 if (bt_rand((void *)&rand, sizeof(rand))) {
2074 LOG_ERR("Unable to get random bytes");
2075 return;
2076 }
2077
2078 buf = smp_create_pdu(smp, BT_SMP_CMD_ENCRYPT_INFO,
2079 sizeof(*info));
2080 if (!buf) {
2081 LOG_ERR("Unable to allocate Encrypt Info buffer");
2082 return;
2083 }
2084
2085 info = net_buf_add(buf, sizeof(*info));
2086
2087 /* distributed only enc_size bytes of key */
2088 memcpy(info->ltk, rand.key, keys->enc_size);
2089 if (keys->enc_size < sizeof(info->ltk)) {
2090 (void)memset(info->ltk + keys->enc_size, 0,
2091 sizeof(info->ltk) - keys->enc_size);
2092 }
2093
2094 smp_send(smp, buf, NULL, NULL);
2095
2096 buf = smp_create_pdu(smp, BT_SMP_CMD_CENTRAL_IDENT,
2097 sizeof(*ident));
2098 if (!buf) {
2099 LOG_ERR("Unable to allocate Central Ident buffer");
2100 return;
2101 }
2102
2103 ident = net_buf_add(buf, sizeof(*ident));
2104 memcpy(ident->rand, rand.rand, sizeof(ident->rand));
2105 memcpy(ident->ediv, rand.ediv, sizeof(ident->ediv));
2106
2107 smp_send(smp, buf, smp_ident_sent, NULL);
2108
2109 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2110 bt_keys_add_type(keys, BT_KEYS_PERIPH_LTK);
2111
2112 memcpy(keys->periph_ltk.val, rand.key,
2113 sizeof(keys->periph_ltk.val));
2114 memcpy(keys->periph_ltk.rand, rand.rand,
2115 sizeof(keys->periph_ltk.rand));
2116 memcpy(keys->periph_ltk.ediv, rand.ediv,
2117 sizeof(keys->periph_ltk.ediv));
2118 }
2119 }
2120 }
2121 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2122
bt_smp_distribute_keys(struct bt_smp * smp)2123 static uint8_t bt_smp_distribute_keys(struct bt_smp *smp)
2124 {
2125 struct bt_conn *conn = smp->chan.chan.conn;
2126 struct bt_keys *keys = conn->le.keys;
2127
2128 if (!keys) {
2129 LOG_ERR("No keys space for %s", bt_addr_le_str(&conn->le.dst));
2130 return BT_SMP_ERR_UNSPECIFIED;
2131 }
2132
2133 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2134 /* Distribute legacy pairing specific keys */
2135 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2136 legacy_distribute_keys(smp);
2137 }
2138 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2139
2140 #if defined(CONFIG_BT_PRIVACY)
2141 if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
2142 struct bt_smp_ident_info *id_info;
2143 struct bt_smp_ident_addr_info *id_addr_info;
2144 struct net_buf *buf;
2145
2146 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_INFO,
2147 sizeof(*id_info));
2148 if (!buf) {
2149 LOG_ERR("Unable to allocate Ident Info buffer");
2150 return BT_SMP_ERR_UNSPECIFIED;
2151 }
2152
2153 id_info = net_buf_add(buf, sizeof(*id_info));
2154 memcpy(id_info->irk, bt_dev.irk[conn->id], 16);
2155
2156 smp_send(smp, buf, NULL, NULL);
2157
2158 buf = smp_create_pdu(smp, BT_SMP_CMD_IDENT_ADDR_INFO,
2159 sizeof(*id_addr_info));
2160 if (!buf) {
2161 LOG_ERR("Unable to allocate Ident Addr Info buffer");
2162 return BT_SMP_ERR_UNSPECIFIED;
2163 }
2164
2165 id_addr_info = net_buf_add(buf, sizeof(*id_addr_info));
2166 bt_addr_le_copy(&id_addr_info->addr, &bt_dev.id_addr[conn->id]);
2167
2168 smp_send(smp, buf, smp_id_sent, NULL);
2169 }
2170 #endif /* CONFIG_BT_PRIVACY */
2171
2172 #if defined(CONFIG_BT_SIGNING)
2173 if (smp->local_dist & BT_SMP_DIST_SIGN) {
2174 struct bt_smp_signing_info *info;
2175 struct net_buf *buf;
2176
2177 buf = smp_create_pdu(smp, BT_SMP_CMD_SIGNING_INFO,
2178 sizeof(*info));
2179 if (!buf) {
2180 LOG_ERR("Unable to allocate Signing Info buffer");
2181 return BT_SMP_ERR_UNSPECIFIED;
2182 }
2183
2184 info = net_buf_add(buf, sizeof(*info));
2185
2186 if (bt_rand(info->csrk, sizeof(info->csrk))) {
2187 return BT_SMP_ERR_UNSPECIFIED;
2188 }
2189
2190 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2191 bt_keys_add_type(keys, BT_KEYS_LOCAL_CSRK);
2192 memcpy(keys->local_csrk.val, info->csrk, 16);
2193 keys->local_csrk.cnt = 0U;
2194 }
2195
2196 smp_send(smp, buf, smp_sign_info_sent, NULL);
2197 }
2198 #endif /* CONFIG_BT_SIGNING */
2199
2200 return 0;
2201 }
2202
2203 #if defined(CONFIG_BT_PERIPHERAL)
send_pairing_rsp(struct bt_smp * smp)2204 static uint8_t send_pairing_rsp(struct bt_smp *smp)
2205 {
2206 struct bt_smp_pairing *rsp;
2207 struct net_buf *rsp_buf;
2208
2209 rsp_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
2210 if (!rsp_buf) {
2211 return BT_SMP_ERR_UNSPECIFIED;
2212 }
2213
2214 rsp = net_buf_add(rsp_buf, sizeof(*rsp));
2215 memcpy(rsp, smp->prsp + 1, sizeof(*rsp));
2216
2217 smp_send(smp, rsp_buf, NULL, NULL);
2218
2219 return 0;
2220 }
2221 #endif /* CONFIG_BT_PERIPHERAL */
2222
smp_pairing_accept_query(struct bt_smp * smp,struct bt_smp_pairing * pairing)2223 static uint8_t smp_pairing_accept_query(struct bt_smp *smp, struct bt_smp_pairing *pairing)
2224 {
2225 #if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
2226 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2227 struct bt_conn *conn = smp->chan.chan.conn;
2228
2229 if (smp_auth_cb && smp_auth_cb->pairing_accept) {
2230 const struct bt_conn_pairing_feat feat = {
2231 .io_capability = pairing->io_capability,
2232 .oob_data_flag = pairing->oob_flag,
2233 .auth_req = pairing->auth_req,
2234 .max_enc_key_size = pairing->max_key_size,
2235 .init_key_dist = pairing->init_key_dist,
2236 .resp_key_dist = pairing->resp_key_dist
2237 };
2238
2239 return smp_err_get(smp_auth_cb->pairing_accept(conn, &feat));
2240 }
2241 #endif /* CONFIG_BT_SMP_APP_PAIRING_ACCEPT */
2242 return 0;
2243 }
2244
2245 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
smp_s1(const uint8_t k[16],const uint8_t r1[16],const uint8_t r2[16],uint8_t out[16])2246 static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
2247 const uint8_t r2[16], uint8_t out[16])
2248 {
2249 /* The most significant 64-bits of r1 are discarded to generate
2250 * r1' and the most significant 64-bits of r2 are discarded to
2251 * generate r2'.
2252 * r1' is concatenated with r2' to generate r' which is used as
2253 * the 128-bit input parameter plaintextData to security function e:
2254 *
2255 * r' = r1' || r2'
2256 */
2257 memcpy(out, r2, 8);
2258 memcpy(out + 8, r1, 8);
2259
2260 /* s1(k, r1 , r2) = e(k, r') */
2261 return bt_encrypt_le(k, out, out);
2262 }
2263
legacy_get_pair_method(struct bt_smp * smp,uint8_t remote_io)2264 static uint8_t legacy_get_pair_method(struct bt_smp *smp, uint8_t remote_io)
2265 {
2266 struct bt_smp_pairing *req, *rsp;
2267 uint8_t method;
2268
2269 if (remote_io > BT_SMP_IO_KEYBOARD_DISPLAY) {
2270 return JUST_WORKS;
2271 }
2272
2273 req = (struct bt_smp_pairing *)&smp->preq[1];
2274 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
2275
2276 /* if both sides have OOB data use OOB */
2277 if ((req->oob_flag & rsp->oob_flag) & BT_SMP_OOB_DATA_MASK) {
2278 return LEGACY_OOB;
2279 }
2280
2281 /* if none side requires MITM use JustWorks */
2282 if (!((req->auth_req | rsp->auth_req) & BT_SMP_AUTH_MITM)) {
2283 return JUST_WORKS;
2284 }
2285
2286 method = gen_method_legacy[remote_io][get_io_capa(smp)];
2287
2288 /* if both sides have KeyboardDisplay capabilities, initiator displays
2289 * and responder inputs
2290 */
2291 if (method == PASSKEY_ROLE) {
2292 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2293 method = PASSKEY_DISPLAY;
2294 } else {
2295 method = PASSKEY_INPUT;
2296 }
2297 }
2298
2299 return method;
2300 }
2301
legacy_request_tk(struct bt_smp * smp)2302 static uint8_t legacy_request_tk(struct bt_smp *smp)
2303 {
2304 struct bt_conn *conn = smp->chan.chan.conn;
2305 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2306 struct bt_keys *keys;
2307 uint32_t passkey;
2308
2309 /*
2310 * Fail if we have keys that are stronger than keys that will be
2311 * distributed in new pairing. This is to avoid replacing authenticated
2312 * keys with unauthenticated ones.
2313 */
2314 keys = bt_keys_find_addr(conn->id, &conn->le.dst);
2315 if (keys && (keys->flags & BT_KEYS_AUTHENTICATED) &&
2316 smp->method == JUST_WORKS) {
2317 LOG_ERR("JustWorks failed, authenticated keys present");
2318 return BT_SMP_ERR_UNSPECIFIED;
2319 }
2320
2321 switch (smp->method) {
2322 case LEGACY_OOB:
2323 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
2324 struct bt_conn_oob_info info = {
2325 .type = BT_CONN_OOB_LE_LEGACY,
2326 };
2327
2328 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2329 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
2330 } else {
2331 return BT_SMP_ERR_OOB_NOT_AVAIL;
2332 }
2333
2334 break;
2335 case PASSKEY_DISPLAY:
2336 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
2337 fixed_passkey != BT_PASSKEY_INVALID) {
2338 passkey = fixed_passkey;
2339 } else {
2340 if (bt_rand(&passkey, sizeof(passkey))) {
2341 return BT_SMP_ERR_UNSPECIFIED;
2342 }
2343
2344 passkey %= 1000000;
2345 }
2346
2347 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
2348 LOG_INF("Legacy passkey %u", passkey);
2349 }
2350
2351 if (smp_auth_cb && smp_auth_cb->passkey_display) {
2352 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
2353 smp_auth_cb->passkey_display(conn, passkey);
2354 }
2355
2356 sys_put_le32(passkey, smp->tk);
2357
2358 break;
2359 case PASSKEY_INPUT:
2360 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2361 smp_auth_cb->passkey_entry(conn);
2362 break;
2363 case JUST_WORKS:
2364 break;
2365 default:
2366 LOG_ERR("Unknown pairing method (%u)", smp->method);
2367 return BT_SMP_ERR_UNSPECIFIED;
2368 }
2369
2370 return 0;
2371 }
2372
legacy_send_pairing_confirm(struct bt_smp * smp)2373 static uint8_t legacy_send_pairing_confirm(struct bt_smp *smp)
2374 {
2375 struct bt_conn *conn = smp->chan.chan.conn;
2376 struct bt_smp_pairing_confirm *req;
2377 struct net_buf *buf;
2378
2379 buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
2380 if (!buf) {
2381 return BT_SMP_ERR_UNSPECIFIED;
2382 }
2383
2384 req = net_buf_add(buf, sizeof(*req));
2385
2386 if (smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
2387 &conn->le.init_addr, &conn->le.resp_addr, req->val)) {
2388 net_buf_unref(buf);
2389 return BT_SMP_ERR_UNSPECIFIED;
2390 }
2391
2392 smp_send(smp, buf, NULL, NULL);
2393
2394 atomic_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2395
2396 return 0;
2397 }
2398
2399 #if defined(CONFIG_BT_PERIPHERAL)
legacy_pairing_req(struct bt_smp * smp)2400 static uint8_t legacy_pairing_req(struct bt_smp *smp)
2401 {
2402 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2403 uint8_t ret;
2404
2405 LOG_DBG("");
2406
2407 ret = legacy_request_tk(smp);
2408 if (ret) {
2409 return ret;
2410 }
2411
2412 /* ask for consent if pairing is not due to sending SecReq*/
2413 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2414 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2415 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2416 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2417 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2418 return 0;
2419 }
2420
2421 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2422 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2423 return send_pairing_rsp(smp);
2424 }
2425 #endif /* CONFIG_BT_PERIPHERAL */
2426
legacy_pairing_random(struct bt_smp * smp)2427 static uint8_t legacy_pairing_random(struct bt_smp *smp)
2428 {
2429 struct bt_conn *conn = smp->chan.chan.conn;
2430 uint8_t tmp[16];
2431 int err;
2432
2433 LOG_DBG("");
2434
2435 /* calculate confirmation */
2436 err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
2437 &conn->le.init_addr, &conn->le.resp_addr, tmp);
2438 if (err) {
2439 return BT_SMP_ERR_UNSPECIFIED;
2440 }
2441
2442 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
2443 LOG_DBG("cfm %s", bt_hex(tmp, 16));
2444
2445 if (memcmp(smp->pcnf, tmp, sizeof(smp->pcnf))) {
2446 return BT_SMP_ERR_CONFIRM_FAILED;
2447 }
2448
2449 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2450 conn->role == BT_HCI_ROLE_CENTRAL) {
2451 uint8_t ediv[2], rand[8];
2452
2453 /* No need to store central STK */
2454 err = smp_s1(smp->tk, smp->rrnd, smp->prnd, tmp);
2455 if (err) {
2456 return BT_SMP_ERR_UNSPECIFIED;
2457 }
2458
2459 /* Rand and EDiv are 0 for the STK */
2460 (void)memset(ediv, 0, sizeof(ediv));
2461 (void)memset(rand, 0, sizeof(rand));
2462 if (bt_conn_le_start_encryption(conn, rand, ediv, tmp,
2463 get_encryption_key_size(smp))) {
2464 LOG_ERR("Failed to start encryption");
2465 return BT_SMP_ERR_UNSPECIFIED;
2466 }
2467
2468 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2469
2470 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
2471 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
2472 atomic_set_bit(smp->allowed_cmds,
2473 BT_SMP_CMD_ENCRYPT_INFO);
2474 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2475 atomic_set_bit(smp->allowed_cmds,
2476 BT_SMP_CMD_IDENT_INFO);
2477 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2478 atomic_set_bit(smp->allowed_cmds,
2479 BT_SMP_CMD_SIGNING_INFO);
2480 }
2481 }
2482
2483 return 0;
2484 }
2485
2486 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2487 err = smp_s1(smp->tk, smp->prnd, smp->rrnd, tmp);
2488 if (err) {
2489 LOG_ERR("Calculate STK failed");
2490 return BT_SMP_ERR_UNSPECIFIED;
2491 }
2492
2493 memcpy(smp->tk, tmp, sizeof(smp->tk));
2494 LOG_DBG("generated STK %s", bt_hex(smp->tk, 16));
2495
2496 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2497
2498 return smp_send_pairing_random(smp);
2499 }
2500
2501 return 0;
2502 }
2503
legacy_pairing_confirm(struct bt_smp * smp)2504 static uint8_t legacy_pairing_confirm(struct bt_smp *smp)
2505 {
2506 LOG_DBG("");
2507
2508 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2509 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2510 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2511 return legacy_send_pairing_confirm(smp);
2512 }
2513
2514 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2515 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2516 atomic_set_bit(smp->allowed_cmds,
2517 BT_SMP_CMD_PAIRING_RANDOM);
2518 return legacy_send_pairing_confirm(smp);
2519 }
2520
2521 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2522 }
2523
2524 return 0;
2525 }
2526
legacy_user_tk_entry(struct bt_smp * smp)2527 static void legacy_user_tk_entry(struct bt_smp *smp)
2528 {
2529 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
2530 return;
2531 }
2532
2533 /* if confirm failed ie. due to invalid passkey, cancel pairing */
2534 if (legacy_pairing_confirm(smp)) {
2535 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
2536 return;
2537 }
2538
2539 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2540 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
2541 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2542 return;
2543 }
2544
2545 if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
2546 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
2547 }
2548 }
2549
legacy_passkey_entry(struct bt_smp * smp,unsigned int passkey)2550 static void legacy_passkey_entry(struct bt_smp *smp, unsigned int passkey)
2551 {
2552 passkey = sys_cpu_to_le32(passkey);
2553 memcpy(smp->tk, &passkey, sizeof(passkey));
2554
2555 legacy_user_tk_entry(smp);
2556 }
2557
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2558 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2559 {
2560 LOG_DBG("");
2561
2562 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2563 struct bt_smp_encrypt_info *req = (void *)buf->data;
2564 struct bt_conn *conn = smp->chan.chan.conn;
2565 struct bt_keys *keys;
2566
2567 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2568 if (!keys) {
2569 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2570 return BT_SMP_ERR_UNSPECIFIED;
2571 }
2572
2573 memcpy(keys->ltk.val, req->ltk, 16);
2574 }
2575
2576 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_CENTRAL_IDENT);
2577
2578 return 0;
2579 }
2580
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2581 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2582 {
2583 struct bt_conn *conn = smp->chan.chan.conn;
2584 uint8_t err;
2585
2586 LOG_DBG("");
2587
2588 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
2589 struct bt_smp_central_ident *req = (void *)buf->data;
2590 struct bt_keys *keys;
2591
2592 keys = bt_keys_get_type(BT_KEYS_LTK, conn->id, &conn->le.dst);
2593 if (!keys) {
2594 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2595 return BT_SMP_ERR_UNSPECIFIED;
2596 }
2597
2598 memcpy(keys->ltk.ediv, req->ediv, sizeof(keys->ltk.ediv));
2599 memcpy(keys->ltk.rand, req->rand, sizeof(req->rand));
2600 }
2601
2602 smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
2603
2604 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
2605 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
2606 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
2607 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
2608 }
2609
2610 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
2611 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
2612 err = bt_smp_distribute_keys(smp);
2613 if (err) {
2614 return err;
2615 }
2616 }
2617
2618 /* if all keys were distributed, pairing is done */
2619 if (!smp->local_dist && !smp->remote_dist) {
2620 smp_pairing_complete(smp, 0);
2621 }
2622
2623 return 0;
2624 }
2625
2626 #if defined(CONFIG_BT_CENTRAL)
legacy_pairing_rsp(struct bt_smp * smp)2627 static uint8_t legacy_pairing_rsp(struct bt_smp *smp)
2628 {
2629 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2630 uint8_t ret;
2631
2632 LOG_DBG("");
2633
2634 ret = legacy_request_tk(smp);
2635 if (ret) {
2636 return ret;
2637 }
2638
2639 /* ask for consent if this is due to received SecReq */
2640 if ((DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
2641 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
2642 smp_auth_cb && smp_auth_cb->pairing_confirm) {
2643 atomic_set_bit(smp->flags, SMP_FLAG_USER);
2644 smp_auth_cb->pairing_confirm(smp->chan.chan.conn);
2645 return 0;
2646 }
2647
2648 if (!atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
2649 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
2650 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
2651 return legacy_send_pairing_confirm(smp);
2652 }
2653
2654 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
2655
2656 return 0;
2657 }
2658 #endif /* CONFIG_BT_CENTRAL */
2659 #else
smp_encrypt_info(struct bt_smp * smp,struct net_buf * buf)2660 static uint8_t smp_encrypt_info(struct bt_smp *smp, struct net_buf *buf)
2661 {
2662 return BT_SMP_ERR_CMD_NOTSUPP;
2663 }
2664
smp_central_ident(struct bt_smp * smp,struct net_buf * buf)2665 static uint8_t smp_central_ident(struct bt_smp *smp, struct net_buf *buf)
2666 {
2667 return BT_SMP_ERR_CMD_NOTSUPP;
2668 }
2669 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2670
smp_init(struct bt_smp * smp)2671 static int smp_init(struct bt_smp *smp)
2672 {
2673 /* Initialize SMP context excluding L2CAP channel context and anything
2674 * else declared after.
2675 */
2676 (void)memset(smp, 0, offsetof(struct bt_smp, chan));
2677
2678 /* Generate local random number */
2679 if (bt_rand(smp->prnd, 16)) {
2680 return BT_SMP_ERR_UNSPECIFIED;
2681 }
2682
2683 LOG_DBG("prnd %s", bt_hex(smp->prnd, 16));
2684
2685 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
2686
2687 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
2688 sc_public_key = bt_pub_key_get();
2689 #endif
2690
2691 return 0;
2692 }
2693
bt_set_bondable(bool enable)2694 void bt_set_bondable(bool enable)
2695 {
2696 bondable = enable;
2697 }
2698
bt_get_bondable(void)2699 bool bt_get_bondable(void)
2700 {
2701 return bondable;
2702 }
2703
bt_le_oob_set_sc_flag(bool enable)2704 void bt_le_oob_set_sc_flag(bool enable)
2705 {
2706 sc_oobd_present = enable;
2707 }
2708
bt_le_oob_set_legacy_flag(bool enable)2709 void bt_le_oob_set_legacy_flag(bool enable)
2710 {
2711 legacy_oobd_present = enable;
2712 }
2713
get_auth(struct bt_smp * smp,uint8_t auth)2714 static uint8_t get_auth(struct bt_smp *smp, uint8_t auth)
2715 {
2716 struct bt_conn *conn = smp->chan.chan.conn;
2717
2718 if (sc_supported) {
2719 auth &= BT_SMP_AUTH_MASK_SC;
2720 } else {
2721 auth &= BT_SMP_AUTH_MASK;
2722 }
2723
2724 if ((get_io_capa(smp) == BT_SMP_IO_NO_INPUT_OUTPUT) ||
2725 (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
2726 (conn->required_sec_level < BT_SECURITY_L3))) {
2727 auth &= ~(BT_SMP_AUTH_MITM);
2728 } else {
2729 auth |= BT_SMP_AUTH_MITM;
2730 }
2731
2732 if (latch_bondable(smp)) {
2733 auth |= BT_SMP_AUTH_BONDING;
2734 } else {
2735 auth &= ~BT_SMP_AUTH_BONDING;
2736 }
2737
2738 if (IS_ENABLED(CONFIG_BT_PASSKEY_KEYPRESS)) {
2739 auth |= BT_SMP_AUTH_KEYPRESS;
2740 } else {
2741 auth &= ~BT_SMP_AUTH_KEYPRESS;
2742 }
2743
2744 #if defined(CONFIG_BT_CLASSIC)
2745 auth |= BT_SMP_AUTH_CT2;
2746 #endif /* CONFIG_BT_CLASSIC */
2747
2748 return auth;
2749 }
2750
remote_sec_level_reachable(struct bt_smp * smp)2751 static uint8_t remote_sec_level_reachable(struct bt_smp *smp)
2752 {
2753 bt_security_t sec = smp->chan.chan.conn->required_sec_level;
2754
2755 if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY)) {
2756 sec = BT_SECURITY_L4;
2757 }
2758 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
2759 sec = BT_SECURITY_L3;
2760 }
2761
2762 switch (sec) {
2763 case BT_SECURITY_L1:
2764 case BT_SECURITY_L2:
2765 return 0;
2766
2767 case BT_SECURITY_L4:
2768 if (get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) {
2769 return BT_SMP_ERR_ENC_KEY_SIZE;
2770 }
2771
2772 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
2773 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2774 }
2775 __fallthrough;
2776 case BT_SECURITY_L3:
2777 if (smp->method == JUST_WORKS) {
2778 return BT_SMP_ERR_AUTH_REQUIREMENTS;
2779 }
2780
2781 return 0;
2782 default:
2783 return BT_SMP_ERR_UNSPECIFIED;
2784 }
2785 }
2786
sec_level_reachable(struct bt_smp * smp)2787 static bool sec_level_reachable(struct bt_smp *smp)
2788 {
2789 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2790
2791 switch (smp->chan.chan.conn->required_sec_level) {
2792 case BT_SECURITY_L1:
2793 case BT_SECURITY_L2:
2794 return true;
2795 case BT_SECURITY_L3:
2796 return get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2797 (smp_auth_cb && smp_auth_cb->oob_data_request);
2798 case BT_SECURITY_L4:
2799 return (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT ||
2800 (smp_auth_cb && smp_auth_cb->oob_data_request)) && sc_supported;
2801 default:
2802 return false;
2803 }
2804 }
2805
smp_chan_get(struct bt_conn * conn)2806 static struct bt_smp *smp_chan_get(struct bt_conn *conn)
2807 {
2808 struct bt_l2cap_chan *chan;
2809
2810 chan = bt_l2cap_le_lookup_rx_cid(conn, BT_L2CAP_CID_SMP);
2811 if (!chan) {
2812 LOG_ERR("Unable to find SMP channel");
2813 return NULL;
2814 }
2815
2816 return CONTAINER_OF(chan, struct bt_smp, chan.chan);
2817 }
2818
bt_smp_request_ltk(struct bt_conn * conn,uint64_t rand,uint16_t ediv,uint8_t * ltk)2819 bool bt_smp_request_ltk(struct bt_conn *conn, uint64_t rand, uint16_t ediv, uint8_t *ltk)
2820 {
2821 struct bt_smp *smp;
2822 uint8_t enc_size;
2823
2824 smp = smp_chan_get(conn);
2825 if (!smp) {
2826 return false;
2827 }
2828
2829 /*
2830 * Both legacy STK and LE SC LTK have rand and ediv equal to zero.
2831 * If pairing is in progress use the TK for encryption.
2832 */
2833 if (ediv == 0U && rand == 0U &&
2834 atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) &&
2835 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2836 enc_size = get_encryption_key_size(smp);
2837
2838 /*
2839 * We keep both legacy STK and LE SC LTK in TK.
2840 * Also use only enc_size bytes of key for encryption.
2841 */
2842 memcpy(ltk, smp->tk, enc_size);
2843 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2844 (void)memset(ltk + enc_size, 0,
2845 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2846 }
2847
2848 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2849 return true;
2850 }
2851
2852 if (!conn->le.keys) {
2853 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
2854 &conn->le.dst);
2855 if (!conn->le.keys) {
2856 conn->le.keys = bt_keys_find(BT_KEYS_PERIPH_LTK,
2857 conn->id, &conn->le.dst);
2858 }
2859 }
2860
2861 if (ediv == 0U && rand == 0U &&
2862 conn->le.keys && (conn->le.keys->keys & BT_KEYS_LTK_P256)) {
2863 enc_size = conn->le.keys->enc_size;
2864
2865 memcpy(ltk, conn->le.keys->ltk.val, enc_size);
2866 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2867 (void)memset(ltk + enc_size, 0,
2868 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2869 }
2870
2871 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2872 return true;
2873 }
2874
2875 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
2876 if (conn->le.keys && (conn->le.keys->keys & BT_KEYS_PERIPH_LTK) &&
2877 !memcmp(conn->le.keys->periph_ltk.rand, &rand, 8) &&
2878 !memcmp(conn->le.keys->periph_ltk.ediv, &ediv, 2)) {
2879 enc_size = conn->le.keys->enc_size;
2880
2881 memcpy(ltk, conn->le.keys->periph_ltk.val, enc_size);
2882 if (enc_size < BT_SMP_MAX_ENC_KEY_SIZE) {
2883 (void)memset(ltk + enc_size, 0,
2884 BT_SMP_MAX_ENC_KEY_SIZE - enc_size);
2885 }
2886
2887 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
2888 return true;
2889 }
2890 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
2891
2892 if (atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
2893 /* Notify higher level that security failed if security was
2894 * initiated by peripheral.
2895 */
2896 bt_conn_security_changed(conn, BT_HCI_ERR_PIN_OR_KEY_MISSING,
2897 BT_SECURITY_ERR_PIN_OR_KEY_MISSING);
2898 }
2899
2900 smp_reset(smp);
2901 return false;
2902 }
2903
2904 #if defined(CONFIG_BT_PERIPHERAL)
smp_send_security_req(struct bt_conn * conn)2905 static int smp_send_security_req(struct bt_conn *conn)
2906 {
2907 struct bt_smp *smp;
2908 struct bt_smp_security_request *req;
2909 struct net_buf *req_buf;
2910 int err;
2911
2912 LOG_DBG("");
2913 smp = smp_chan_get(conn);
2914 if (!smp) {
2915 return -ENOTCONN;
2916 }
2917
2918 /* SMP Timeout */
2919 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
2920 return -EIO;
2921 }
2922
2923 /* pairing is in progress */
2924 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
2925 return -EBUSY;
2926 }
2927
2928 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
2929 return -EBUSY;
2930 }
2931
2932 /* early verify if required sec level if reachable */
2933 if (!(sec_level_reachable(smp) || smp_keys_check(conn))) {
2934 return -EINVAL;
2935 }
2936
2937 if (!conn->le.keys) {
2938 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2939 if (!conn->le.keys) {
2940 return -ENOMEM;
2941 }
2942 }
2943
2944 if (smp_init(smp) != 0) {
2945 return -ENOBUFS;
2946 }
2947
2948 req_buf = smp_create_pdu(smp, BT_SMP_CMD_SECURITY_REQUEST,
2949 sizeof(*req));
2950 if (!req_buf) {
2951 return -ENOBUFS;
2952 }
2953
2954 req = net_buf_add(req_buf, sizeof(*req));
2955 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
2956
2957 /* SMP timer is not restarted for SecRequest so don't use smp_send */
2958 err = bt_l2cap_send_pdu(&smp->chan, req_buf, NULL, NULL);
2959 if (err) {
2960 net_buf_unref(req_buf);
2961 return err;
2962 }
2963
2964 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
2965 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
2966
2967 return 0;
2968 }
2969
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)2970 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
2971 {
2972 struct bt_conn *conn = smp->chan.chan.conn;
2973 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
2974
2975 struct bt_smp_pairing *req = (void *)buf->data;
2976 struct bt_smp_pairing *rsp;
2977 uint8_t err;
2978
2979 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
2980 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
2981 req->io_capability, req->oob_flag, req->auth_req,
2982 req->max_key_size, req->init_key_dist, req->resp_key_dist);
2983
2984 if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
2985 (req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
2986 return BT_SMP_ERR_ENC_KEY_SIZE;
2987 }
2988
2989 if (!conn->le.keys) {
2990 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
2991 if (!conn->le.keys) {
2992 LOG_DBG("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
2993 return BT_SMP_ERR_UNSPECIFIED;
2994 }
2995 }
2996
2997 /* If we already sent a security request then the SMP context
2998 * is already initialized.
2999 */
3000 if (!atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
3001 int ret = smp_init(smp);
3002
3003 if (ret) {
3004 return ret;
3005 }
3006 }
3007
3008 /* Store req for later use */
3009 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3010 memcpy(smp->preq + 1, req, sizeof(*req));
3011
3012 /* create rsp, it will be used later on */
3013 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3014 rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3015
3016 rsp->auth_req = get_auth(smp, req->auth_req);
3017 rsp->io_capability = get_io_capa(smp);
3018 rsp->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3019 rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
3020 rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);
3021
3022 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3023 (req->auth_req & BT_SMP_AUTH_SC)) {
3024 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3025
3026 rsp->init_key_dist &= RECV_KEYS_SC;
3027 rsp->resp_key_dist &= SEND_KEYS_SC;
3028 }
3029
3030 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3031 rsp->oob_flag = sc_oobd_present ? BT_SMP_OOB_PRESENT :
3032 BT_SMP_OOB_NOT_PRESENT;
3033 } else {
3034 rsp->oob_flag = legacy_oobd_present ? BT_SMP_OOB_PRESENT :
3035 BT_SMP_OOB_NOT_PRESENT;
3036 }
3037
3038 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3039 (req->auth_req & BT_SMP_AUTH_CT2)) {
3040 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3041 }
3042
3043 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3044 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3045 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3046 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3047 /* Reject pairing req if not both intend to bond */
3048 LOG_DBG("Bonding required");
3049 return BT_SMP_ERR_UNSPECIFIED;
3050 } else {
3051 rsp->init_key_dist = 0;
3052 rsp->resp_key_dist = 0;
3053 }
3054
3055 smp->local_dist = rsp->resp_key_dist;
3056 smp->remote_dist = rsp->init_key_dist;
3057
3058 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3059
3060 smp->method = get_pair_method(smp, req->io_capability);
3061
3062 if (!update_keys_check(smp, conn->le.keys)) {
3063 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3064 }
3065
3066 err = remote_sec_level_reachable(smp);
3067 if (err) {
3068 return err;
3069 }
3070
3071 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3072 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3073 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3074 #else
3075 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3076 err = smp_pairing_accept_query(smp, req);
3077 if (err) {
3078 return err;
3079 }
3080 }
3081
3082 return legacy_pairing_req(smp);
3083 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3084 }
3085
3086 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3087 err = smp_pairing_accept_query(smp, req);
3088 if (err) {
3089 return err;
3090 }
3091 }
3092
3093 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3094 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3095 !atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3096 smp_auth_cb && smp_auth_cb->pairing_confirm) {
3097 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3098 smp_auth_cb->pairing_confirm(conn);
3099 return 0;
3100 }
3101
3102 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3103
3104 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3105 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3106 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
3107 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
3108
3109 return send_pairing_rsp(smp);
3110 }
3111 #else
smp_pairing_req(struct bt_smp * smp,struct net_buf * buf)3112 static uint8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
3113 {
3114 return BT_SMP_ERR_CMD_NOTSUPP;
3115 }
3116 #endif /* CONFIG_BT_PERIPHERAL */
3117
sc_send_public_key(struct bt_smp * smp)3118 static uint8_t sc_send_public_key(struct bt_smp *smp)
3119 {
3120 struct bt_smp_public_key *req;
3121 struct net_buf *req_buf;
3122
3123 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PUBLIC_KEY, sizeof(*req));
3124 if (!req_buf) {
3125 return BT_SMP_ERR_UNSPECIFIED;
3126 }
3127
3128 req = net_buf_add(req_buf, sizeof(*req));
3129
3130 memcpy(req->x, sc_public_key, sizeof(req->x));
3131 memcpy(req->y, &sc_public_key[32], sizeof(req->y));
3132
3133 smp_send(smp, req_buf, NULL, NULL);
3134
3135 if (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS)) {
3136 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
3137 }
3138
3139 return 0;
3140 }
3141
3142 #if defined(CONFIG_BT_CENTRAL)
smp_send_pairing_req(struct bt_conn * conn)3143 static int smp_send_pairing_req(struct bt_conn *conn)
3144 {
3145 struct bt_smp *smp;
3146 struct bt_smp_pairing *req;
3147 struct net_buf *req_buf;
3148
3149 LOG_DBG("");
3150
3151 smp = smp_chan_get(conn);
3152 if (!smp) {
3153 return -ENOTCONN;
3154 }
3155
3156 /* SMP Timeout */
3157 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
3158 return -EIO;
3159 }
3160
3161 /* A higher security level is requested during the key distribution
3162 * phase, once pairing is complete a new pairing procedure will start.
3163 */
3164 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
3165 return 0;
3166 }
3167
3168 /* pairing is in progress */
3169 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
3170 return -EBUSY;
3171 }
3172
3173 /* Encryption is in progress */
3174 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
3175 return -EBUSY;
3176 }
3177
3178 /* early verify if required sec level if reachable */
3179 if (!sec_level_reachable(smp)) {
3180 return -EINVAL;
3181 }
3182
3183 if (!conn->le.keys) {
3184 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
3185 if (!conn->le.keys) {
3186 return -ENOMEM;
3187 }
3188 }
3189
3190 if (smp_init(smp)) {
3191 return -ENOBUFS;
3192 }
3193
3194 req_buf = smp_create_pdu(smp, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
3195 if (!req_buf) {
3196 return -ENOBUFS;
3197 }
3198
3199 req = net_buf_add(req_buf, sizeof(*req));
3200
3201 req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);
3202 req->io_capability = get_io_capa(smp);
3203
3204 /* At this point is it unknown if pairing will be legacy or LE SC so
3205 * set OOB flag if any OOB data is present and assume to peer device
3206 * provides OOB data that will match it's pairing type.
3207 */
3208 req->oob_flag = (legacy_oobd_present || sc_oobd_present) ?
3209 BT_SMP_OOB_PRESENT : BT_SMP_OOB_NOT_PRESENT;
3210
3211 req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
3212
3213 if (req->auth_req & BT_SMP_AUTH_BONDING) {
3214 req->init_key_dist = SEND_KEYS;
3215 req->resp_key_dist = RECV_KEYS;
3216 } else {
3217 req->init_key_dist = 0;
3218 req->resp_key_dist = 0;
3219 }
3220
3221 smp->local_dist = req->init_key_dist;
3222 smp->remote_dist = req->resp_key_dist;
3223
3224 /* Store req for later use */
3225 smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
3226 memcpy(smp->preq + 1, req, sizeof(*req));
3227
3228 LOG_DBG("req: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3229 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3230 req->io_capability, req->oob_flag, req->auth_req,
3231 req->max_key_size, req->init_key_dist, req->resp_key_dist);
3232
3233 smp_send(smp, req_buf, NULL, NULL);
3234
3235 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
3236 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3237 atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
3238
3239 return 0;
3240 }
3241
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3242 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3243 {
3244 struct bt_conn *conn = smp->chan.chan.conn;
3245 struct bt_smp_pairing *rsp = (void *)buf->data;
3246 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3247 uint8_t err;
3248
3249 LOG_DBG("rsp: io_capability 0x%02X, oob_flag 0x%02X, auth_req 0x%02X, "
3250 "max_key_size 0x%02X, init_key_dist 0x%02X, resp_key_dist 0x%02X",
3251 rsp->io_capability, rsp->oob_flag, rsp->auth_req,
3252 rsp->max_key_size, rsp->init_key_dist, rsp->resp_key_dist);
3253
3254 if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
3255 (rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
3256 return BT_SMP_ERR_ENC_KEY_SIZE;
3257 }
3258
3259 smp->local_dist &= rsp->init_key_dist;
3260 smp->remote_dist &= rsp->resp_key_dist;
3261
3262 /* Store rsp for later use */
3263 smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
3264 memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
3265
3266 if ((rsp->auth_req & BT_SMP_AUTH_SC) &&
3267 (req->auth_req & BT_SMP_AUTH_SC)) {
3268 atomic_set_bit(smp->flags, SMP_FLAG_SC);
3269 }
3270
3271 if ((rsp->auth_req & BT_SMP_AUTH_CT2) &&
3272 (req->auth_req & BT_SMP_AUTH_CT2)) {
3273 atomic_set_bit(smp->flags, SMP_FLAG_CT2);
3274 }
3275
3276 if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
3277 (req->auth_req & BT_SMP_AUTH_BONDING)) {
3278 atomic_set_bit(smp->flags, SMP_FLAG_BOND);
3279 } else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
3280 /* Reject pairing req if not both intend to bond */
3281 LOG_DBG("Bonding required");
3282 return BT_SMP_ERR_UNSPECIFIED;
3283 } else {
3284 smp->local_dist = 0;
3285 smp->remote_dist = 0;
3286 }
3287
3288 smp->method = get_pair_method(smp, rsp->io_capability);
3289
3290 if (!update_keys_check(smp, conn->le.keys)) {
3291 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3292 }
3293
3294 err = remote_sec_level_reachable(smp);
3295 if (err) {
3296 return err;
3297 }
3298
3299 /* the OR operation evaluated by "if" statement below seems redundant
3300 * when CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY is enabled, because in
3301 * that case the SMP_FLAG_SC will always be set to false. But it's
3302 * needed in order to inform the compiler that the inside of the "if"
3303 * is the return point for CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY enabled
3304 * builds. This avoids compiler warnings regarding the code after the
3305 * "if" statement, that would happen for builds with
3306 * CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY enabled
3307 */
3308 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) ||
3309 !atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3310 #if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3311 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3312 #else
3313 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3314 err = smp_pairing_accept_query(smp, rsp);
3315 if (err) {
3316 return err;
3317 }
3318 }
3319
3320 return legacy_pairing_rsp(smp);
3321 #endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
3322 }
3323
3324 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3325
3326 smp->local_dist &= SEND_KEYS_SC;
3327 smp->remote_dist &= RECV_KEYS_SC;
3328
3329 if (IS_ENABLED(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)) {
3330 err = smp_pairing_accept_query(smp, rsp);
3331 if (err) {
3332 return err;
3333 }
3334 }
3335
3336 if (!IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
3337 (DISPLAY_FIXED(smp) || smp->method == JUST_WORKS) &&
3338 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ) &&
3339 smp_auth_cb && smp_auth_cb->pairing_confirm) {
3340 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3341 smp_auth_cb->pairing_confirm(conn);
3342 return 0;
3343 }
3344
3345 if (!sc_public_key) {
3346 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
3347 return 0;
3348 }
3349
3350 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
3351 atomic_clear_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
3352
3353 return sc_send_public_key(smp);
3354 }
3355 #else
smp_pairing_rsp(struct bt_smp * smp,struct net_buf * buf)3356 static uint8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
3357 {
3358 return BT_SMP_ERR_CMD_NOTSUPP;
3359 }
3360 #endif /* CONFIG_BT_CENTRAL */
3361
smp_pairing_confirm(struct bt_smp * smp,struct net_buf * buf)3362 static uint8_t smp_pairing_confirm(struct bt_smp *smp, struct net_buf *buf)
3363 {
3364 struct bt_smp_pairing_confirm *req = (void *)buf->data;
3365
3366 LOG_DBG("");
3367
3368 atomic_clear_bit(smp->flags, SMP_FLAG_DISPLAY);
3369
3370 memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));
3371
3372 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3373 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3374 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3375 return smp_send_pairing_random(smp);
3376 }
3377
3378 if (!IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3379 return 0;
3380 }
3381
3382 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3383 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3384 return legacy_pairing_confirm(smp);
3385 }
3386 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3387
3388 switch (smp->method) {
3389 case PASSKEY_DISPLAY:
3390 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3391 return smp_send_pairing_confirm(smp);
3392 case PASSKEY_INPUT:
3393 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3394 atomic_set_bit(smp->flags, SMP_FLAG_CFM_DELAYED);
3395 return 0;
3396 }
3397
3398 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
3399 return smp_send_pairing_confirm(smp);
3400 case JUST_WORKS:
3401 case PASSKEY_CONFIRM:
3402 default:
3403 LOG_ERR("Unknown pairing method (%u)", smp->method);
3404 return BT_SMP_ERR_UNSPECIFIED;
3405 }
3406 }
3407
sc_smp_send_dhkey_check(struct bt_smp * smp,const uint8_t * e)3408 static uint8_t sc_smp_send_dhkey_check(struct bt_smp *smp, const uint8_t *e)
3409 {
3410 struct bt_smp_dhkey_check *req;
3411 struct net_buf *buf;
3412
3413 LOG_DBG("");
3414
3415 buf = smp_create_pdu(smp, BT_SMP_DHKEY_CHECK, sizeof(*req));
3416 if (!buf) {
3417 return BT_SMP_ERR_UNSPECIFIED;
3418 }
3419
3420 req = net_buf_add(buf, sizeof(*req));
3421 memcpy(req->e, e, sizeof(req->e));
3422
3423 smp_send(smp, buf, NULL, NULL);
3424
3425 return 0;
3426 }
3427
3428 #if defined(CONFIG_BT_CENTRAL)
compute_and_send_central_dhcheck(struct bt_smp * smp)3429 static uint8_t compute_and_send_central_dhcheck(struct bt_smp *smp)
3430 {
3431 uint8_t e[16], r[16];
3432
3433 (void)memset(r, 0, sizeof(r));
3434
3435 switch (smp->method) {
3436 case JUST_WORKS:
3437 case PASSKEY_CONFIRM:
3438 break;
3439 case PASSKEY_DISPLAY:
3440 case PASSKEY_INPUT:
3441 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3442 break;
3443 case LE_SC_OOB:
3444 if (smp->oobd_remote) {
3445 memcpy(r, smp->oobd_remote->r, sizeof(r));
3446 }
3447 break;
3448 default:
3449 LOG_ERR("Unknown pairing method (%u)", smp->method);
3450 return BT_SMP_ERR_UNSPECIFIED;
3451 }
3452
3453 /* calculate LTK and mackey */
3454 if (bt_crypto_f5(smp->dhkey, smp->prnd, smp->rrnd, &smp->chan.chan.conn->le.init_addr,
3455 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3456 LOG_ERR("Calculate LTK failed");
3457 return BT_SMP_ERR_UNSPECIFIED;
3458 }
3459 /* calculate local DHKey check */
3460 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->preq[1],
3461 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3462 e)) {
3463 LOG_ERR("Calculate local DHKey check failed");
3464 return BT_SMP_ERR_UNSPECIFIED;
3465 }
3466
3467 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3468 return sc_smp_send_dhkey_check(smp, e);
3469 }
3470 #endif /* CONFIG_BT_CENTRAL */
3471
3472 #if defined(CONFIG_BT_PERIPHERAL)
compute_and_check_and_send_periph_dhcheck(struct bt_smp * smp)3473 static uint8_t compute_and_check_and_send_periph_dhcheck(struct bt_smp *smp)
3474 {
3475 uint8_t re[16], e[16], r[16];
3476 uint8_t err;
3477
3478 (void)memset(r, 0, sizeof(r));
3479
3480 switch (smp->method) {
3481 case JUST_WORKS:
3482 case PASSKEY_CONFIRM:
3483 break;
3484 case PASSKEY_DISPLAY:
3485 case PASSKEY_INPUT:
3486 memcpy(r, &smp->passkey, sizeof(smp->passkey));
3487 break;
3488 case LE_SC_OOB:
3489 if (smp->oobd_remote) {
3490 memcpy(r, smp->oobd_remote->r, sizeof(r));
3491 }
3492 break;
3493 default:
3494 LOG_ERR("Unknown pairing method (%u)", smp->method);
3495 return BT_SMP_ERR_UNSPECIFIED;
3496 }
3497
3498 /* calculate LTK and mackey */
3499 if (bt_crypto_f5(smp->dhkey, smp->rrnd, smp->prnd, &smp->chan.chan.conn->le.init_addr,
3500 &smp->chan.chan.conn->le.resp_addr, smp->mackey, smp->tk)) {
3501 LOG_ERR("Calculate LTK failed");
3502 return BT_SMP_ERR_UNSPECIFIED;
3503 }
3504
3505 /* calculate local DHKey check */
3506 if (bt_crypto_f6(smp->mackey, smp->prnd, smp->rrnd, r, &smp->prsp[1],
3507 &smp->chan.chan.conn->le.resp_addr, &smp->chan.chan.conn->le.init_addr,
3508 e)) {
3509 LOG_ERR("Calculate local DHKey check failed");
3510 return BT_SMP_ERR_UNSPECIFIED;
3511 }
3512
3513 if (smp->method == LE_SC_OOB) {
3514 if (smp->oobd_local) {
3515 memcpy(r, smp->oobd_local->r, sizeof(r));
3516 } else {
3517 memset(r, 0, sizeof(r));
3518 }
3519 }
3520
3521 /* calculate remote DHKey check */
3522 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->preq[1],
3523 &smp->chan.chan.conn->le.init_addr, &smp->chan.chan.conn->le.resp_addr,
3524 re)) {
3525 LOG_ERR("Calculate remote DHKey check failed");
3526 return BT_SMP_ERR_UNSPECIFIED;
3527 }
3528
3529 /* compare received E with calculated remote */
3530 if (memcmp(smp->e, re, 16)) {
3531 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3532 }
3533
3534 /* send local e */
3535 err = sc_smp_send_dhkey_check(smp, e);
3536 if (err) {
3537 return err;
3538 }
3539
3540 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
3541 return 0;
3542 }
3543 #endif /* CONFIG_BT_PERIPHERAL */
3544
3545 static void bt_smp_dhkey_ready(const uint8_t *dhkey);
smp_dhkey_generate(struct bt_smp * smp)3546 static uint8_t smp_dhkey_generate(struct bt_smp *smp)
3547 {
3548 int err;
3549
3550 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3551 err = bt_dh_key_gen(smp->pkey, bt_smp_dhkey_ready);
3552 if (err) {
3553 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3554
3555 LOG_ERR("Failed to generate DHKey");
3556 return BT_SMP_ERR_UNSPECIFIED;
3557 }
3558
3559 return 0;
3560 }
3561
smp_dhkey_ready(struct bt_smp * smp,const uint8_t * dhkey)3562 static uint8_t smp_dhkey_ready(struct bt_smp *smp, const uint8_t *dhkey)
3563 {
3564 if (!dhkey) {
3565 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
3566 }
3567
3568 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
3569 memcpy(smp->dhkey, dhkey, BT_DH_KEY_LEN);
3570
3571 /* wait for user passkey confirmation */
3572 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
3573 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3574 return 0;
3575 }
3576
3577 /* wait for remote DHKey Check */
3578 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
3579 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3580 return 0;
3581 }
3582
3583 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
3584 #if defined(CONFIG_BT_CENTRAL)
3585 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3586 return compute_and_send_central_dhcheck(smp);
3587 }
3588
3589 #endif /* CONFIG_BT_CENTRAL */
3590
3591 #if defined(CONFIG_BT_PERIPHERAL)
3592 return compute_and_check_and_send_periph_dhcheck(smp);
3593 #endif /* CONFIG_BT_PERIPHERAL */
3594 }
3595
3596 return 0;
3597 }
3598
smp_find(int flag)3599 static struct bt_smp *smp_find(int flag)
3600 {
3601 for (int i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
3602 if (atomic_test_bit(bt_smp_pool[i].flags, flag)) {
3603 return &bt_smp_pool[i];
3604 }
3605 }
3606
3607 return NULL;
3608 }
3609
bt_smp_dhkey_ready(const uint8_t * dhkey)3610 static void bt_smp_dhkey_ready(const uint8_t *dhkey)
3611 {
3612 LOG_DBG("%p", (void *)dhkey);
3613 int err;
3614
3615 struct bt_smp *smp = smp_find(SMP_FLAG_DHKEY_GEN);
3616 if (smp) {
3617 atomic_clear_bit(smp->flags, SMP_FLAG_DHKEY_GEN);
3618 err = smp_dhkey_ready(smp, dhkey);
3619 if (err) {
3620 smp_error(smp, err);
3621 }
3622 }
3623
3624 err = 0;
3625 do {
3626 smp = smp_find(SMP_FLAG_DHKEY_PENDING);
3627 if (smp) {
3628 err = smp_dhkey_generate(smp);
3629 if (err) {
3630 smp_error(smp, err);
3631 }
3632 }
3633 } while (smp && err);
3634 }
3635
sc_smp_check_confirm(struct bt_smp * smp)3636 static uint8_t sc_smp_check_confirm(struct bt_smp *smp)
3637 {
3638 uint8_t cfm[16];
3639 uint8_t r;
3640
3641 switch (smp->method) {
3642 case LE_SC_OOB:
3643 return 0;
3644 case PASSKEY_CONFIRM:
3645 case JUST_WORKS:
3646 r = 0U;
3647 break;
3648 case PASSKEY_DISPLAY:
3649 case PASSKEY_INPUT:
3650 /*
3651 * In the Passkey Entry protocol, the most significant
3652 * bit of Z is set equal to one and the least
3653 * significant bit is made up from one bit of the
3654 * passkey e.g. if the passkey bit is 1, then Z = 0x81
3655 * and if the passkey bit is 0, then Z = 0x80.
3656 */
3657 r = (smp->passkey >> smp->passkey_round) & 0x01;
3658 r |= 0x80;
3659 break;
3660 default:
3661 LOG_ERR("Unknown pairing method (%u)", smp->method);
3662 return BT_SMP_ERR_UNSPECIFIED;
3663 }
3664
3665 if (bt_crypto_f4(smp->pkey, sc_public_key, smp->rrnd, r, cfm)) {
3666 LOG_ERR("Calculate confirm failed");
3667 return BT_SMP_ERR_UNSPECIFIED;
3668 }
3669
3670 LOG_DBG("pcnf %s", bt_hex(smp->pcnf, 16));
3671 LOG_DBG("cfm %s", bt_hex(cfm, 16));
3672
3673 if (memcmp(smp->pcnf, cfm, 16)) {
3674 return BT_SMP_ERR_CONFIRM_FAILED;
3675 }
3676
3677 return 0;
3678 }
3679
le_sc_oob_data_req_check(struct bt_smp * smp)3680 static bool le_sc_oob_data_req_check(struct bt_smp *smp)
3681 {
3682 struct bt_smp_pairing *req = (struct bt_smp_pairing *)&smp->preq[1];
3683
3684 return ((req->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3685 }
3686
le_sc_oob_data_rsp_check(struct bt_smp * smp)3687 static bool le_sc_oob_data_rsp_check(struct bt_smp *smp)
3688 {
3689 struct bt_smp_pairing *rsp = (struct bt_smp_pairing *)&smp->prsp[1];
3690
3691 return ((rsp->oob_flag & BT_SMP_OOB_DATA_MASK) == BT_SMP_OOB_PRESENT);
3692 }
3693
le_sc_oob_config_set(struct bt_smp * smp,struct bt_conn_oob_info * info)3694 __maybe_unused static void le_sc_oob_config_set(struct bt_smp *smp,
3695 struct bt_conn_oob_info *info)
3696 {
3697 bool req_oob_present = le_sc_oob_data_req_check(smp);
3698 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
3699 int oob_config = BT_CONN_OOB_NO_DATA;
3700
3701 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
3702 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3703 oob_config = req_oob_present ? BT_CONN_OOB_REMOTE_ONLY :
3704 BT_CONN_OOB_NO_DATA;
3705
3706 if (rsp_oob_present) {
3707 oob_config = (oob_config == BT_CONN_OOB_REMOTE_ONLY) ?
3708 BT_CONN_OOB_BOTH_PEERS :
3709 BT_CONN_OOB_LOCAL_ONLY;
3710 }
3711 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
3712 oob_config = req_oob_present ? BT_CONN_OOB_LOCAL_ONLY :
3713 BT_CONN_OOB_NO_DATA;
3714
3715 if (rsp_oob_present) {
3716 oob_config = (oob_config == BT_CONN_OOB_LOCAL_ONLY) ?
3717 BT_CONN_OOB_BOTH_PEERS :
3718 BT_CONN_OOB_REMOTE_ONLY;
3719 }
3720 }
3721
3722 info->lesc.oob_config = oob_config;
3723 }
3724
smp_pairing_random(struct bt_smp * smp,struct net_buf * buf)3725 static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
3726 {
3727 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3728 struct bt_smp_pairing_random *req = (void *)buf->data;
3729 uint32_t passkey;
3730 uint8_t err;
3731
3732 LOG_DBG("");
3733
3734 memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
3735
3736 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
3737 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
3738 return legacy_pairing_random(smp);
3739 }
3740 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
3741
3742 #if defined(CONFIG_BT_CENTRAL)
3743 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
3744 err = sc_smp_check_confirm(smp);
3745 if (err) {
3746 return err;
3747 }
3748
3749 switch (smp->method) {
3750 case PASSKEY_CONFIRM:
3751 /* compare passkey before calculating LTK */
3752 if (bt_crypto_g2(sc_public_key, smp->pkey, smp->prnd, smp->rrnd,
3753 &passkey)) {
3754 return BT_SMP_ERR_UNSPECIFIED;
3755 }
3756
3757 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3758 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3759 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3760 return 0;
3761 case JUST_WORKS:
3762 break;
3763 case LE_SC_OOB:
3764 break;
3765 case PASSKEY_DISPLAY:
3766 case PASSKEY_INPUT:
3767 smp->passkey_round++;
3768 if (smp->passkey_round == 20U) {
3769 break;
3770 }
3771
3772 if (bt_rand(smp->prnd, 16)) {
3773 return BT_SMP_ERR_UNSPECIFIED;
3774 }
3775
3776 atomic_set_bit(smp->allowed_cmds,
3777 BT_SMP_CMD_PAIRING_CONFIRM);
3778 return smp_send_pairing_confirm(smp);
3779 default:
3780 LOG_ERR("Unknown pairing method (%u)", smp->method);
3781 return BT_SMP_ERR_UNSPECIFIED;
3782 }
3783
3784 /* wait for DHKey being generated */
3785 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
3786 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
3787 return 0;
3788 }
3789
3790 return compute_and_send_central_dhcheck(smp);
3791 }
3792 #endif /* CONFIG_BT_CENTRAL */
3793
3794 #if defined(CONFIG_BT_PERIPHERAL)
3795 switch (smp->method) {
3796 case PASSKEY_CONFIRM:
3797 if (bt_crypto_g2(smp->pkey, sc_public_key, smp->rrnd, smp->prnd, &passkey)) {
3798 return BT_SMP_ERR_UNSPECIFIED;
3799 }
3800
3801 atomic_set_bit(smp->flags, SMP_FLAG_USER);
3802 smp_auth_cb->passkey_confirm(smp->chan.chan.conn, passkey);
3803 break;
3804 case JUST_WORKS:
3805 break;
3806 case PASSKEY_DISPLAY:
3807 case PASSKEY_INPUT:
3808 err = sc_smp_check_confirm(smp);
3809 if (err) {
3810 return err;
3811 }
3812
3813 atomic_set_bit(smp->allowed_cmds,
3814 BT_SMP_CMD_PAIRING_CONFIRM);
3815 err = smp_send_pairing_random(smp);
3816 if (err) {
3817 return err;
3818 }
3819
3820 smp->passkey_round++;
3821 if (smp->passkey_round == 20U) {
3822 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3823 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3824 return 0;
3825 }
3826
3827 if (bt_rand(smp->prnd, 16)) {
3828 return BT_SMP_ERR_UNSPECIFIED;
3829 }
3830
3831 return 0;
3832 case LE_SC_OOB:
3833 /* Step 6: Select random N */
3834 if (bt_rand(smp->prnd, 16)) {
3835 return BT_SMP_ERR_UNSPECIFIED;
3836 }
3837
3838 if (!IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) && smp_auth_cb &&
3839 smp_auth_cb->oob_data_request) {
3840 struct bt_conn_oob_info info = {
3841 .type = BT_CONN_OOB_LE_SC,
3842 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
3843 };
3844
3845 le_sc_oob_config_set(smp, &info);
3846
3847 smp->oobd_local = NULL;
3848 smp->oobd_remote = NULL;
3849
3850 atomic_set_bit(smp->flags, SMP_FLAG_OOB_PENDING);
3851 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
3852
3853 return 0;
3854 } else {
3855 return BT_SMP_ERR_OOB_NOT_AVAIL;
3856 }
3857 default:
3858 LOG_ERR("Unknown pairing method (%u)", smp->method);
3859 return BT_SMP_ERR_UNSPECIFIED;
3860 }
3861
3862 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
3863 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
3864 return smp_send_pairing_random(smp);
3865 #else
3866 return BT_SMP_ERR_PAIRING_NOTSUPP;
3867 #endif /* CONFIG_BT_PERIPHERAL */
3868 }
3869
smp_pairing_failed(struct bt_smp * smp,struct net_buf * buf)3870 static uint8_t smp_pairing_failed(struct bt_smp *smp, struct net_buf *buf)
3871 {
3872 struct bt_conn *conn = smp->chan.chan.conn;
3873 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
3874 struct bt_smp_pairing_fail *req = (void *)buf->data;
3875
3876 LOG_ERR("pairing failed (peer reason 0x%x)", req->reason);
3877
3878 if (atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER) ||
3879 atomic_test_and_clear_bit(smp->flags, SMP_FLAG_DISPLAY)) {
3880 if (smp_auth_cb && smp_auth_cb->cancel) {
3881 smp_auth_cb->cancel(conn);
3882 }
3883 }
3884
3885 smp_pairing_complete(smp, req->reason);
3886
3887 /* return no error to avoid sending Pairing Failed in response */
3888 return 0;
3889 }
3890
smp_ident_info(struct bt_smp * smp,struct net_buf * buf)3891 static uint8_t smp_ident_info(struct bt_smp *smp, struct net_buf *buf)
3892 {
3893 LOG_DBG("");
3894
3895 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3896 struct bt_smp_ident_info *req = (void *)buf->data;
3897 struct bt_conn *conn = smp->chan.chan.conn;
3898 struct bt_keys *keys;
3899
3900 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
3901 if (!keys) {
3902 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
3903 return BT_SMP_ERR_UNSPECIFIED;
3904 }
3905
3906 memcpy(keys->irk.val, req->irk, 16);
3907 }
3908
3909 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
3910
3911 return 0;
3912 }
3913
smp_id_add_replace(struct bt_smp * smp,struct bt_keys * new_bond)3914 static uint8_t smp_id_add_replace(struct bt_smp *smp, struct bt_keys *new_bond)
3915 {
3916 struct bt_keys *conflict;
3917
3918 /* Sanity check: It does not make sense to finalize a bond before we
3919 * have the remote identity.
3920 */
3921 __ASSERT_NO_MSG(!(smp->remote_dist & BT_SMP_DIST_ID_KEY));
3922
3923 conflict = bt_id_find_conflict(new_bond);
3924 if (conflict) {
3925 LOG_DBG("New bond conflicts with a bond on id %d.", conflict->id);
3926 }
3927
3928 if (conflict && !IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3929 LOG_WRN("Refusing new pairing. The old bond must be unpaired first.");
3930 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3931 }
3932
3933 if (conflict && IS_ENABLED(CONFIG_BT_ID_UNPAIR_MATCHING_BONDS)) {
3934 bool trust_ok;
3935 int unpair_err;
3936
3937 trust_ok = update_keys_check(smp, conflict);
3938 if (!trust_ok) {
3939 LOG_WRN("Refusing new pairing. The old bond has more trust.");
3940 return BT_SMP_ERR_AUTH_REQUIREMENTS;
3941 }
3942
3943 LOG_DBG("Un-pairing old conflicting bond and finalizing new.");
3944
3945 unpair_err = bt_unpair(conflict->id, &conflict->addr);
3946 __ASSERT_NO_MSG(!unpair_err);
3947 }
3948
3949 __ASSERT_NO_MSG(!bt_id_find_conflict(new_bond));
3950 bt_id_add(new_bond);
3951 return 0;
3952 }
3953
3954 struct addr_match {
3955 const bt_addr_le_t *rpa;
3956 const bt_addr_le_t *id_addr;
3957 };
3958
convert_to_id_on_match(struct bt_conn * conn,void * data)3959 static void convert_to_id_on_match(struct bt_conn *conn, void *data)
3960 {
3961 struct addr_match *addr_match = data;
3962
3963 if (bt_addr_le_eq(&conn->le.dst, addr_match->rpa)) {
3964 bt_addr_le_copy(&conn->le.dst, addr_match->id_addr);
3965 }
3966 }
3967
smp_ident_addr_info(struct bt_smp * smp,struct net_buf * buf)3968 static uint8_t smp_ident_addr_info(struct bt_smp *smp, struct net_buf *buf)
3969 {
3970 struct bt_conn *conn = smp->chan.chan.conn;
3971 struct bt_smp_ident_addr_info *req = (void *)buf->data;
3972 uint8_t err;
3973
3974 LOG_DBG("identity %s", bt_addr_le_str(&req->addr));
3975
3976 smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
3977
3978 if (!bt_addr_le_is_identity(&req->addr)) {
3979 LOG_ERR("Invalid identity %s", bt_addr_le_str(&req->addr));
3980 LOG_ERR(" for %s", bt_addr_le_str(&conn->le.dst));
3981 return BT_SMP_ERR_INVALID_PARAMS;
3982 }
3983
3984 if (!bt_addr_le_eq(&conn->le.dst, &req->addr)) {
3985 struct bt_keys *keys = bt_keys_find_addr(conn->id, &req->addr);
3986
3987 if (keys) {
3988 if (!update_keys_check(smp, keys)) {
3989 return BT_SMP_ERR_UNSPECIFIED;
3990 }
3991
3992 bt_keys_clear(keys);
3993 }
3994 }
3995
3996 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
3997 const bt_addr_le_t *dst;
3998 struct bt_keys *keys;
3999
4000 keys = bt_keys_get_type(BT_KEYS_IRK, conn->id, &conn->le.dst);
4001 if (!keys) {
4002 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
4003 return BT_SMP_ERR_UNSPECIFIED;
4004 }
4005
4006 /*
4007 * We can't use conn->dst here as this might already contain
4008 * identity address known from previous pairing. Since all keys
4009 * are cleared on re-pairing we wouldn't store IRK distributed
4010 * in new pairing.
4011 */
4012 if (conn->role == BT_HCI_ROLE_CENTRAL) {
4013 dst = &conn->le.resp_addr;
4014 } else {
4015 dst = &conn->le.init_addr;
4016 }
4017
4018 if (bt_addr_le_is_rpa(dst)) {
4019 /* always update last use RPA */
4020 bt_addr_copy(&keys->irk.rpa, &dst->a);
4021
4022 /*
4023 * Update connection address and notify about identity
4024 * resolved only if connection wasn't already reported
4025 * with identity address. This may happen if IRK was
4026 * present before ie. due to re-pairing.
4027 */
4028 if (!bt_addr_le_is_identity(&conn->le.dst)) {
4029 struct addr_match addr_match = {
4030 .rpa = &conn->le.dst,
4031 .id_addr = &req->addr,
4032 };
4033
4034 bt_conn_foreach(BT_CONN_TYPE_LE,
4035 convert_to_id_on_match,
4036 &addr_match);
4037 bt_addr_le_copy(&keys->addr, &req->addr);
4038
4039 bt_conn_identity_resolved(conn);
4040 }
4041 }
4042
4043 err = smp_id_add_replace(smp, keys);
4044 if (err) {
4045 return err;
4046 }
4047 }
4048
4049 if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4050 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
4051 }
4052
4053 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4054 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
4055 err = bt_smp_distribute_keys(smp);
4056 if (err) {
4057 return err;
4058 }
4059 }
4060
4061 /* if all keys were distributed, pairing is done */
4062 if (!smp->local_dist && !smp->remote_dist) {
4063 smp_pairing_complete(smp, 0);
4064 }
4065
4066 return 0;
4067 }
4068
4069 #if defined(CONFIG_BT_SIGNING)
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)4070 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
4071 {
4072 struct bt_conn *conn = smp->chan.chan.conn;
4073 uint8_t err;
4074
4075 LOG_DBG("");
4076
4077 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
4078 struct bt_smp_signing_info *req = (void *)buf->data;
4079 struct bt_keys *keys;
4080
4081 keys = bt_keys_get_type(BT_KEYS_REMOTE_CSRK, conn->id,
4082 &conn->le.dst);
4083 if (!keys) {
4084 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
4085 return BT_SMP_ERR_UNSPECIFIED;
4086 }
4087
4088 memcpy(keys->remote_csrk.val, req->csrk,
4089 sizeof(keys->remote_csrk.val));
4090 }
4091
4092 smp->remote_dist &= ~BT_SMP_DIST_SIGN;
4093
4094 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4095 conn->role == BT_HCI_ROLE_CENTRAL && !smp->remote_dist) {
4096 err = bt_smp_distribute_keys(smp);
4097 if (err) {
4098 return err;
4099 }
4100 }
4101
4102 /* if all keys were distributed, pairing is done */
4103 if (!smp->local_dist && !smp->remote_dist) {
4104 smp_pairing_complete(smp, 0);
4105 }
4106
4107 return 0;
4108 }
4109 #else
smp_signing_info(struct bt_smp * smp,struct net_buf * buf)4110 static uint8_t smp_signing_info(struct bt_smp *smp, struct net_buf *buf)
4111 {
4112 return BT_SMP_ERR_CMD_NOTSUPP;
4113 }
4114 #endif /* CONFIG_BT_SIGNING */
4115
4116 #if defined(CONFIG_BT_CENTRAL)
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4117 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4118 {
4119 struct bt_conn *conn = smp->chan.chan.conn;
4120 struct bt_smp_security_request *req = (void *)buf->data;
4121 uint8_t auth;
4122
4123 LOG_DBG("");
4124
4125 /* A higher security level is requested during the key distribution
4126 * phase, once pairing is complete a new pairing procedure will start.
4127 */
4128 if (atomic_test_bit(smp->flags, SMP_FLAG_KEYS_DISTR)) {
4129 return 0;
4130 }
4131
4132 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4133 /* We have already started pairing process */
4134 return 0;
4135 }
4136
4137 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4138 /* We have already started encryption procedure */
4139 return 0;
4140 }
4141
4142 if (sc_supported) {
4143 auth = req->auth_req & BT_SMP_AUTH_MASK_SC;
4144 } else {
4145 auth = req->auth_req & BT_SMP_AUTH_MASK;
4146 }
4147
4148 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) &&
4149 !(auth & BT_SMP_AUTH_SC)) {
4150 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4151 }
4152
4153 if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED) &&
4154 !(latch_bondable(smp) && (auth & BT_SMP_AUTH_BONDING))) {
4155 /* Reject security req if not both intend to bond */
4156 LOG_DBG("Bonding required");
4157 return BT_SMP_ERR_UNSPECIFIED;
4158 }
4159
4160 if (conn->le.keys) {
4161 /* Make sure we have an LTK to encrypt with */
4162 if (!(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {
4163 goto pair;
4164 }
4165 } else {
4166 conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id,
4167 &conn->le.dst);
4168 if (!conn->le.keys) {
4169 conn->le.keys = bt_keys_find(BT_KEYS_LTK, conn->id,
4170 &conn->le.dst);
4171 }
4172 }
4173
4174 if (!conn->le.keys) {
4175 goto pair;
4176 }
4177
4178 /* if MITM required key must be authenticated */
4179 if ((auth & BT_SMP_AUTH_MITM) &&
4180 !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
4181 if (get_io_capa(smp) != BT_SMP_IO_NO_INPUT_OUTPUT) {
4182 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4183 goto pair;
4184 }
4185
4186 LOG_WRN("Unsupported auth requirements: 0x%x, repairing", auth);
4187 goto pair;
4188 }
4189
4190 /* if LE SC required and no p256 key present repair */
4191 if ((auth & BT_SMP_AUTH_SC) &&
4192 !(conn->le.keys->keys & BT_KEYS_LTK_P256)) {
4193 LOG_INF("New auth requirements: 0x%x, repairing", auth);
4194 goto pair;
4195 }
4196
4197 if (bt_conn_le_start_encryption(conn, conn->le.keys->ltk.rand,
4198 conn->le.keys->ltk.ediv,
4199 conn->le.keys->ltk.val,
4200 conn->le.keys->enc_size) < 0) {
4201 LOG_ERR("Failed to start encryption");
4202 return BT_SMP_ERR_UNSPECIFIED;
4203 }
4204
4205 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4206
4207 return 0;
4208 pair:
4209 if (smp_send_pairing_req(conn) < 0) {
4210 return BT_SMP_ERR_UNSPECIFIED;
4211 }
4212
4213 atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
4214
4215 return 0;
4216 }
4217 #else
smp_security_request(struct bt_smp * smp,struct net_buf * buf)4218 static uint8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
4219 {
4220 return BT_SMP_ERR_CMD_NOTSUPP;
4221 }
4222 #endif /* CONFIG_BT_CENTRAL */
4223
generate_dhkey(struct bt_smp * smp)4224 __maybe_unused static uint8_t generate_dhkey(struct bt_smp *smp)
4225 {
4226 if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
4227 return BT_SMP_ERR_UNSPECIFIED;
4228 }
4229
4230 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_PENDING);
4231 if (!smp_find(SMP_FLAG_DHKEY_GEN)) {
4232 return smp_dhkey_generate(smp);
4233 }
4234
4235 return 0;
4236 }
4237
display_passkey(struct bt_smp * smp)4238 __maybe_unused static uint8_t display_passkey(struct bt_smp *smp)
4239 {
4240 struct bt_conn *conn = smp->chan.chan.conn;
4241 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4242
4243 if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
4244 fixed_passkey != BT_PASSKEY_INVALID) {
4245 smp->passkey = fixed_passkey;
4246 } else {
4247 if (bt_rand(&smp->passkey, sizeof(smp->passkey))) {
4248 return BT_SMP_ERR_UNSPECIFIED;
4249 }
4250
4251 smp->passkey %= 1000000;
4252 }
4253
4254 smp->passkey_round = 0U;
4255
4256 if (smp_auth_cb && smp_auth_cb->passkey_display) {
4257 atomic_set_bit(smp->flags, SMP_FLAG_DISPLAY);
4258 smp_auth_cb->passkey_display(conn, smp->passkey);
4259 }
4260
4261 smp->passkey = sys_cpu_to_le32(smp->passkey);
4262
4263 return 0;
4264 }
4265
4266 #if defined(CONFIG_BT_PERIPHERAL)
smp_public_key_periph(struct bt_smp * smp)4267 static uint8_t smp_public_key_periph(struct bt_smp *smp)
4268 {
4269 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4270 uint8_t err;
4271
4272 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4273 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4274 /* Deny public key with identitcal X coordinate unless it is the
4275 * debug public key.
4276 */
4277 LOG_WRN("Remote public key rejected");
4278 return BT_SMP_ERR_UNSPECIFIED;
4279 }
4280
4281 err = sc_send_public_key(smp);
4282 if (err) {
4283 return err;
4284 }
4285
4286 switch (smp->method) {
4287 case PASSKEY_CONFIRM:
4288 case JUST_WORKS:
4289 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4290
4291 err = smp_send_pairing_confirm(smp);
4292 if (err) {
4293 return err;
4294 }
4295 break;
4296 case PASSKEY_DISPLAY:
4297 err = display_passkey(smp);
4298 if (err) {
4299 return err;
4300 }
4301
4302 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4303 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4304 break;
4305 case PASSKEY_INPUT:
4306 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
4307 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4308 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4309 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4310 break;
4311 case LE_SC_OOB:
4312 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
4313 break;
4314 default:
4315 LOG_ERR("Unknown pairing method (%u)", smp->method);
4316 return BT_SMP_ERR_UNSPECIFIED;
4317 }
4318
4319 return generate_dhkey(smp);
4320 }
4321 #endif /* CONFIG_BT_PERIPHERAL */
4322
4323 #ifdef CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4324 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4325 {
4326 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4327 }
4328 #else
smp_public_key(struct bt_smp * smp,struct net_buf * buf)4329 static uint8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
4330 {
4331 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4332 struct bt_smp_public_key *req = (void *)buf->data;
4333 uint8_t err;
4334
4335 LOG_DBG("");
4336
4337 memcpy(smp->pkey, req->x, BT_PUB_KEY_COORD_LEN);
4338 memcpy(&smp->pkey[BT_PUB_KEY_COORD_LEN], req->y, BT_PUB_KEY_COORD_LEN);
4339
4340 /* mark key as debug if remote is using it */
4341 if (bt_pub_key_is_debug(smp->pkey)) {
4342 LOG_INF("Remote is using Debug Public key");
4343 atomic_set_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY);
4344
4345 /* Don't allow a bond established without debug key to be
4346 * updated using LTK generated from debug key.
4347 */
4348 if (!update_debug_keys_check(smp)) {
4349 return BT_SMP_ERR_AUTH_REQUIREMENTS;
4350 }
4351 } else if (!bt_pub_key_is_valid(smp->pkey)) {
4352 LOG_WRN("Received invalid public key");
4353 return BT_SMP_ERR_INVALID_PARAMS;
4354 }
4355
4356 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4357 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4358 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY) &&
4359 memcmp(smp->pkey, sc_public_key, BT_PUB_KEY_COORD_LEN) == 0) {
4360 /* Deny public key with identitcal X coordinate unless
4361 * it is the debug public key.
4362 */
4363 LOG_WRN("Remote public key rejected");
4364 return BT_SMP_ERR_UNSPECIFIED;
4365 }
4366
4367 switch (smp->method) {
4368 case PASSKEY_CONFIRM:
4369 case JUST_WORKS:
4370 atomic_set_bit(smp->allowed_cmds,
4371 BT_SMP_CMD_PAIRING_CONFIRM);
4372 break;
4373 case PASSKEY_DISPLAY:
4374 err = display_passkey(smp);
4375 if (err) {
4376 return err;
4377 }
4378
4379 atomic_set_bit(smp->allowed_cmds,
4380 BT_SMP_CMD_PAIRING_CONFIRM);
4381
4382 atomic_set_bit(smp->allowed_cmds,
4383 BT_SMP_KEYPRESS_NOTIFICATION);
4384
4385 err = smp_send_pairing_confirm(smp);
4386 if (err) {
4387 return err;
4388 }
4389 break;
4390 case PASSKEY_INPUT:
4391 atomic_set_bit(smp->flags, SMP_FLAG_USER);
4392 smp_auth_cb->passkey_entry(smp->chan.chan.conn);
4393
4394 atomic_set_bit(smp->allowed_cmds,
4395 BT_SMP_KEYPRESS_NOTIFICATION);
4396
4397 break;
4398 case LE_SC_OOB:
4399 /* Step 6: Select random N */
4400 if (bt_rand(smp->prnd, 16)) {
4401 return BT_SMP_ERR_UNSPECIFIED;
4402 }
4403
4404 if (smp_auth_cb && smp_auth_cb->oob_data_request) {
4405 struct bt_conn_oob_info info = {
4406 .type = BT_CONN_OOB_LE_SC,
4407 .lesc.oob_config = BT_CONN_OOB_NO_DATA,
4408 };
4409
4410 le_sc_oob_config_set(smp, &info);
4411
4412 smp->oobd_local = NULL;
4413 smp->oobd_remote = NULL;
4414
4415 atomic_set_bit(smp->flags,
4416 SMP_FLAG_OOB_PENDING);
4417 smp_auth_cb->oob_data_request(smp->chan.chan.conn, &info);
4418 } else {
4419 return BT_SMP_ERR_OOB_NOT_AVAIL;
4420 }
4421 break;
4422 default:
4423 LOG_ERR("Unknown pairing method (%u)", smp->method);
4424 return BT_SMP_ERR_UNSPECIFIED;
4425 }
4426
4427 return generate_dhkey(smp);
4428 }
4429
4430 #if defined(CONFIG_BT_PERIPHERAL)
4431 if (!sc_public_key) {
4432 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
4433 return 0;
4434 }
4435
4436 err = smp_public_key_periph(smp);
4437 if (err) {
4438 return err;
4439 }
4440 #endif /* CONFIG_BT_PERIPHERAL */
4441
4442 return 0;
4443 }
4444 #endif /* CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
4445
smp_dhkey_check(struct bt_smp * smp,struct net_buf * buf)4446 static uint8_t smp_dhkey_check(struct bt_smp *smp, struct net_buf *buf)
4447 {
4448 struct bt_smp_dhkey_check *req = (void *)buf->data;
4449
4450 LOG_DBG("");
4451
4452 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4453 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4454 uint8_t e[16], r[16], enc_size;
4455 uint8_t ediv[2], rand[8];
4456
4457 (void)memset(r, 0, sizeof(r));
4458
4459 switch (smp->method) {
4460 case JUST_WORKS:
4461 case PASSKEY_CONFIRM:
4462 break;
4463 case PASSKEY_DISPLAY:
4464 case PASSKEY_INPUT:
4465 memcpy(r, &smp->passkey, sizeof(smp->passkey));
4466 break;
4467 case LE_SC_OOB:
4468 if (smp->oobd_local) {
4469 memcpy(r, smp->oobd_local->r, sizeof(r));
4470 }
4471 break;
4472 default:
4473 LOG_ERR("Unknown pairing method (%u)", smp->method);
4474 return BT_SMP_ERR_UNSPECIFIED;
4475 }
4476
4477 /* calculate remote DHKey check for comparison */
4478 if (bt_crypto_f6(smp->mackey, smp->rrnd, smp->prnd, r, &smp->prsp[1],
4479 &smp->chan.chan.conn->le.resp_addr,
4480 &smp->chan.chan.conn->le.init_addr, e)) {
4481 return BT_SMP_ERR_UNSPECIFIED;
4482 }
4483
4484 if (memcmp(e, req->e, 16)) {
4485 return BT_SMP_ERR_DHKEY_CHECK_FAILED;
4486 }
4487
4488 enc_size = get_encryption_key_size(smp);
4489
4490 /* Rand and EDiv are 0 */
4491 (void)memset(ediv, 0, sizeof(ediv));
4492 (void)memset(rand, 0, sizeof(rand));
4493 if (bt_conn_le_start_encryption(smp->chan.chan.conn, rand, ediv,
4494 smp->tk, enc_size) < 0) {
4495 LOG_ERR("Failed to start encryption");
4496 return BT_SMP_ERR_UNSPECIFIED;
4497 }
4498
4499 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
4500
4501 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
4502 if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4503 atomic_set_bit(smp->allowed_cmds,
4504 BT_SMP_CMD_IDENT_INFO);
4505 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4506 atomic_set_bit(smp->allowed_cmds,
4507 BT_SMP_CMD_SIGNING_INFO);
4508 }
4509 }
4510
4511 return 0;
4512 }
4513
4514 #if defined(CONFIG_BT_PERIPHERAL)
4515 if (smp->chan.chan.conn->role == BT_HCI_ROLE_PERIPHERAL) {
4516 atomic_clear_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
4517 memcpy(smp->e, req->e, sizeof(smp->e));
4518
4519 /* wait for DHKey being generated */
4520 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
4521 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4522 return 0;
4523 }
4524
4525 /* waiting for user to confirm passkey */
4526 if (atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
4527 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
4528 return 0;
4529 }
4530
4531 return compute_and_check_and_send_periph_dhcheck(smp);
4532 }
4533 #endif /* CONFIG_BT_PERIPHERAL */
4534
4535 return 0;
4536 }
4537
4538 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4539 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4540 {
4541 const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
4542 struct bt_conn *conn = smp->chan.chan.conn;
4543 struct bt_smp_keypress_notif *notif = (void *)buf->data;
4544 enum bt_conn_auth_keypress type = notif->type;
4545
4546 LOG_DBG("Keypress from conn %u, type %u", bt_conn_index(conn), type);
4547
4548 /* For now, keypress notifications are always accepted. In the future we
4549 * should be smarter about this. We might also want to enforce something
4550 * about the 'start' and 'end' messages.
4551 */
4552 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4553
4554 if (!IN_RANGE(type,
4555 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
4556 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
4557 LOG_WRN("Received unknown keypress event type %u. Discarding.", type);
4558 return BT_SMP_ERR_INVALID_PARAMS;
4559 }
4560
4561 /* Reset SMP timeout, like the spec says. */
4562 k_work_reschedule(&smp->work, SMP_TIMEOUT);
4563
4564 if (smp_auth_cb->passkey_display_keypress) {
4565 smp_auth_cb->passkey_display_keypress(conn, type);
4566 }
4567
4568 return 0;
4569 }
4570 #else
smp_keypress_notif(struct bt_smp * smp,struct net_buf * buf)4571 static uint8_t smp_keypress_notif(struct bt_smp *smp, struct net_buf *buf)
4572 {
4573 ARG_UNUSED(smp);
4574 ARG_UNUSED(buf);
4575
4576 LOG_DBG("");
4577
4578 /* Ignore packets until keypress notifications are fully supported. */
4579 atomic_set_bit(smp->allowed_cmds, BT_SMP_KEYPRESS_NOTIFICATION);
4580 return 0;
4581 }
4582 #endif
4583
4584 static const struct {
4585 uint8_t (*func)(struct bt_smp *smp, struct net_buf *buf);
4586 uint8_t expect_len;
4587 } handlers[] = {
4588 { }, /* No op-code defined for 0x00 */
4589 { smp_pairing_req, sizeof(struct bt_smp_pairing) },
4590 { smp_pairing_rsp, sizeof(struct bt_smp_pairing) },
4591 { smp_pairing_confirm, sizeof(struct bt_smp_pairing_confirm) },
4592 { smp_pairing_random, sizeof(struct bt_smp_pairing_random) },
4593 { smp_pairing_failed, sizeof(struct bt_smp_pairing_fail) },
4594 { smp_encrypt_info, sizeof(struct bt_smp_encrypt_info) },
4595 { smp_central_ident, sizeof(struct bt_smp_central_ident) },
4596 { smp_ident_info, sizeof(struct bt_smp_ident_info) },
4597 { smp_ident_addr_info, sizeof(struct bt_smp_ident_addr_info) },
4598 { smp_signing_info, sizeof(struct bt_smp_signing_info) },
4599 { smp_security_request, sizeof(struct bt_smp_security_request) },
4600 { smp_public_key, sizeof(struct bt_smp_public_key) },
4601 { smp_dhkey_check, sizeof(struct bt_smp_dhkey_check) },
4602 { smp_keypress_notif, sizeof(struct bt_smp_keypress_notif) },
4603 };
4604
is_in_pairing_procedure(struct bt_smp * smp)4605 static bool is_in_pairing_procedure(struct bt_smp *smp)
4606 {
4607 return atomic_test_bit(smp->flags, SMP_FLAG_PAIRING);
4608 }
4609
bt_smp_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)4610 static int bt_smp_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
4611 {
4612 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4613 struct bt_smp_hdr *hdr;
4614 uint8_t err;
4615
4616 if (buf->len < sizeof(*hdr)) {
4617 LOG_ERR("Too small SMP PDU received");
4618 return 0;
4619 }
4620
4621 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4622 LOG_DBG("Received SMP code 0x%02x len %u", hdr->code, buf->len);
4623
4624 /*
4625 * If SMP timeout occurred "no further SMP commands shall be sent over
4626 * the L2CAP Security Manager Channel. A new SM procedure shall only be
4627 * performed when a new physical link has been established."
4628 */
4629 if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
4630 LOG_WRN("SMP command (code 0x%02x) received after timeout", hdr->code);
4631 return 0;
4632 }
4633
4634 /*
4635 * Bluetooth Core Specification Version 5.2, Vol 3, Part H, page 1667:
4636 * If a packet is received with a Code that is reserved for future use
4637 * it shall be ignored.
4638 */
4639 if (hdr->code >= ARRAY_SIZE(handlers)) {
4640 LOG_WRN("Received reserved SMP code 0x%02x", hdr->code);
4641 return 0;
4642 }
4643
4644 if (!handlers[hdr->code].func) {
4645 LOG_WRN("Unhandled SMP code 0x%02x", hdr->code);
4646 smp_error(smp, BT_SMP_ERR_CMD_NOTSUPP);
4647 return 0;
4648 }
4649
4650 if (!atomic_test_and_clear_bit(smp->allowed_cmds, hdr->code)) {
4651 LOG_WRN("Unexpected SMP code 0x%02x", hdr->code);
4652 /* Do not send errors outside of pairing procedure. */
4653 if (is_in_pairing_procedure(smp)) {
4654 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
4655 }
4656 return 0;
4657 }
4658
4659 if (buf->len != handlers[hdr->code].expect_len) {
4660 LOG_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code);
4661 smp_error(smp, BT_SMP_ERR_INVALID_PARAMS);
4662 return 0;
4663 }
4664
4665 err = handlers[hdr->code].func(smp, buf);
4666 if (err) {
4667 smp_error(smp, err);
4668 }
4669
4670 return 0;
4671 }
4672
pub_key_ready_notify(void)4673 static void pub_key_ready_notify(void)
4674 {
4675 int err;
4676
4677 ARG_UNUSED(err);
4678
4679 err = k_mutex_lock(&pub_key_gen.lock, K_FOREVER);
4680 __ASSERT_NO_MSG(err == 0);
4681
4682 (void)k_condvar_broadcast(&pub_key_gen.condvar);
4683
4684 err = k_mutex_unlock(&pub_key_gen.lock);
4685 __ASSERT_NO_MSG(err == 0);
4686 }
4687
bt_smp_pkey_ready(const uint8_t * pkey)4688 static void bt_smp_pkey_ready(const uint8_t *pkey)
4689 {
4690 int i;
4691
4692 LOG_DBG("");
4693
4694 sc_public_key = pkey;
4695
4696 pub_key_ready_notify();
4697
4698 if (!pkey) {
4699 LOG_WRN("Public key not available");
4700 return;
4701 }
4702
4703 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
4704 struct bt_smp *smp = &bt_smp_pool[i];
4705 uint8_t err;
4706
4707 if (!atomic_test_bit(smp->flags, SMP_FLAG_PKEY_SEND)) {
4708 continue;
4709 }
4710
4711 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4712 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
4713 err = sc_send_public_key(smp);
4714 if (err) {
4715 smp_error(smp, err);
4716 }
4717
4718 atomic_set_bit(smp->allowed_cmds,
4719 BT_SMP_CMD_PUBLIC_KEY);
4720 continue;
4721 }
4722
4723 #if defined(CONFIG_BT_PERIPHERAL)
4724 err = smp_public_key_periph(smp);
4725 if (err) {
4726 smp_error(smp, err);
4727 }
4728 #endif /* CONFIG_BT_PERIPHERAL */
4729 }
4730 }
4731
bt_smp_connected(struct bt_l2cap_chan * chan)4732 static void bt_smp_connected(struct bt_l2cap_chan *chan)
4733 {
4734 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4735
4736 LOG_DBG("chan %p cid 0x%04x", chan,
4737 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4738
4739 k_work_init_delayable(&smp->work, smp_timeout);
4740 smp_reset(smp);
4741
4742 atomic_ptr_set(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED);
4743 atomic_set(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED);
4744 }
4745
bt_smp_disconnected(struct bt_l2cap_chan * chan)4746 static void bt_smp_disconnected(struct bt_l2cap_chan *chan)
4747 {
4748 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4749 struct bt_keys *keys = chan->conn->le.keys;
4750
4751 LOG_DBG("chan %p cid 0x%04x", chan,
4752 CONTAINER_OF(chan, struct bt_l2cap_le_chan, chan)->tx.cid);
4753
4754 /* Channel disconnected callback is always called from a work handler
4755 * so canceling of the timeout work should always succeed.
4756 */
4757 (void)k_work_cancel_delayable(&smp->work);
4758
4759 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING) ||
4760 atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING) ||
4761 atomic_test_bit(smp->flags, SMP_FLAG_SEC_REQ)) {
4762 /* reset context and report */
4763 smp_pairing_complete(smp, BT_SMP_ERR_UNSPECIFIED);
4764 }
4765
4766 if (keys) {
4767 /*
4768 * If debug keys were used for pairing remove them.
4769 * No keys indicate no bonding so free keys storage.
4770 */
4771 if (!keys->keys || (!IS_ENABLED(CONFIG_BT_STORE_DEBUG_KEYS) &&
4772 (keys->flags & BT_KEYS_DEBUG))) {
4773 bt_keys_clear(keys);
4774 }
4775 }
4776
4777 (void)memset(smp, 0, sizeof(*smp));
4778 }
4779
bt_smp_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)4780 static void bt_smp_encrypt_change(struct bt_l2cap_chan *chan,
4781 uint8_t hci_status)
4782 {
4783 struct bt_smp *smp = CONTAINER_OF(chan, struct bt_smp, chan.chan);
4784 struct bt_conn *conn = chan->conn;
4785
4786 LOG_DBG("chan %p conn %p handle %u encrypt 0x%02x hci status 0x%02x %s", chan, conn,
4787 conn->handle, conn->encrypt, hci_status, bt_hci_err_to_str(hci_status));
4788
4789 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
4790 /* We where not waiting for encryption procedure.
4791 * This happens when encrypt change is called to notify that
4792 * security has failed before starting encryption.
4793 */
4794 return;
4795 }
4796
4797 if (hci_status) {
4798 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4799 uint8_t smp_err = smp_err_get(
4800 bt_security_err_get(hci_status));
4801
4802 /* Fail as if it happened during key distribution */
4803 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4804 smp_pairing_complete(smp, smp_err);
4805 }
4806
4807 return;
4808 }
4809
4810 if (!conn->encrypt) {
4811 return;
4812 }
4813
4814 /* We were waiting for encryption but with no pairing in progress.
4815 * This can happen if paired peripheral sent Security Request and we
4816 * enabled encryption.
4817 */
4818 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
4819 smp_reset(smp);
4820 return;
4821 }
4822
4823 /* derive BR/EDR LinkKey if supported by both sides */
4824 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
4825 if ((smp->local_dist & BT_SMP_DIST_LINK_KEY) &&
4826 (smp->remote_dist & BT_SMP_DIST_LINK_KEY)) {
4827 /*
4828 * Link Key will be derived after key distribution to
4829 * make sure remote device identity is known
4830 */
4831 atomic_set_bit(smp->flags, SMP_FLAG_DERIVE_LK);
4832 }
4833 /*
4834 * Those are used as pairing finished indicator so generated
4835 * but not distributed keys must be cleared here.
4836 */
4837 smp->local_dist &= ~BT_SMP_DIST_LINK_KEY;
4838 smp->remote_dist &= ~BT_SMP_DIST_LINK_KEY;
4839 }
4840
4841 if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
4842 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
4843 } else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
4844 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
4845 } else if (smp->remote_dist & BT_SMP_DIST_SIGN) {
4846 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SIGNING_INFO);
4847 }
4848
4849 /* This is the last point that is common for all code paths in the
4850 * pairing process (during which we still have the option to send
4851 * Pairing Failed). That makes it convenient to update the RL here. We
4852 * want to update the RL during the pairing process so that we can fail
4853 * it in case there is a conflict with an existing bond.
4854 *
4855 * We can do the update here only if the peer does not intend to send us
4856 * any identity information. In this case we already have everything
4857 * that goes into the RL.
4858 *
4859 * We need an entry in the RL despite the remote not using privacy. This
4860 * is because we are using privacy locally and need to associate correct
4861 * local IRK with the peer.
4862 *
4863 * If the peer does intend to send us identity information, we must wait
4864 * for that information to enter it in the RL. In that case, we call
4865 * `smp_id_add_replace` not here, but later. If neither we nor the peer
4866 * are using privacy, there is no need for an entry in the RL.
4867 */
4868 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4869 IS_ENABLED(CONFIG_BT_PRIVACY) &&
4870 conn->role == BT_HCI_ROLE_CENTRAL &&
4871 !(smp->remote_dist & BT_SMP_DIST_ID_KEY)) {
4872 uint8_t smp_err;
4873
4874 smp_err = smp_id_add_replace(smp, conn->le.keys);
4875 if (smp_err) {
4876 smp_pairing_complete(smp, smp_err);
4877 }
4878 }
4879
4880 atomic_set_bit(smp->flags, SMP_FLAG_KEYS_DISTR);
4881
4882 /* Peripheral distributes it's keys first */
4883 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
4884 conn->role == BT_HCI_ROLE_CENTRAL && smp->remote_dist) {
4885 return;
4886 }
4887
4888 if (IS_ENABLED(CONFIG_BT_TESTING)) {
4889 /* Avoid the HCI-USB race condition where HCI data and
4890 * HCI events can be re-ordered, and pairing information appears
4891 * to be sent unencrypted.
4892 */
4893 k_sleep(K_MSEC(100));
4894 }
4895
4896 if (bt_smp_distribute_keys(smp)) {
4897 return;
4898 }
4899
4900 /* if all keys were distributed, pairing is done */
4901 if (!smp->local_dist && !smp->remote_dist) {
4902 smp_pairing_complete(smp, 0);
4903 }
4904 }
4905
4906 #if defined(CONFIG_BT_SIGNING) || defined(CONFIG_BT_SMP_SELFTEST)
4907 /* Sign message using msg as a buffer, len is a size of the message,
4908 * msg buffer contains message itself, 32 bit count and signature,
4909 * so total buffer size is len + 4 + 8 octets.
4910 * API is Little Endian to make it suitable for Bluetooth.
4911 */
smp_sign_buf(const uint8_t * key,uint8_t * msg,uint16_t len)4912 static int smp_sign_buf(const uint8_t *key, uint8_t *msg, uint16_t len)
4913 {
4914 uint8_t *m = msg;
4915 uint32_t cnt = UNALIGNED_GET((uint32_t *)&msg[len]);
4916 uint8_t *sig = msg + len;
4917 uint8_t key_s[16], tmp[16];
4918 int err;
4919
4920 LOG_DBG("Signing msg %s len %u key %s", bt_hex(msg, len), len, bt_hex(key, 16));
4921
4922 sys_mem_swap(m, len + sizeof(cnt));
4923 sys_memcpy_swap(key_s, key, 16);
4924
4925 err = bt_crypto_aes_cmac(key_s, m, len + sizeof(cnt), tmp);
4926 if (err) {
4927 LOG_ERR("Data signing failed");
4928 return err;
4929 }
4930
4931 sys_mem_swap(tmp, sizeof(tmp));
4932 memcpy(tmp + 4, &cnt, sizeof(cnt));
4933
4934 /* Swap original message back */
4935 sys_mem_swap(m, len + sizeof(cnt));
4936
4937 memcpy(sig, tmp + 4, 12);
4938
4939 LOG_DBG("sig %s", bt_hex(sig, 12));
4940
4941 return 0;
4942 }
4943 #endif
4944
4945 #if defined(CONFIG_BT_SIGNING)
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)4946 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
4947 {
4948 struct bt_keys *keys;
4949 uint8_t sig[12];
4950 uint32_t cnt;
4951 int err;
4952
4953 /* Store signature incl. count */
4954 memcpy(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig));
4955
4956 keys = bt_keys_find(BT_KEYS_REMOTE_CSRK, conn->id, &conn->le.dst);
4957 if (!keys) {
4958 LOG_ERR("Unable to find Remote CSRK for %s", bt_addr_le_str(&conn->le.dst));
4959 return -ENOENT;
4960 }
4961
4962 /* Copy signing count */
4963 cnt = sys_cpu_to_le32(keys->remote_csrk.cnt);
4964 memcpy(net_buf_tail(buf) - sizeof(sig), &cnt, sizeof(cnt));
4965
4966 LOG_DBG("Sign data len %zu key %s count %u", buf->len - sizeof(sig),
4967 bt_hex(keys->remote_csrk.val, 16), keys->remote_csrk.cnt);
4968
4969 err = smp_sign_buf(keys->remote_csrk.val, buf->data,
4970 buf->len - sizeof(sig));
4971 if (err) {
4972 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
4973 return -EIO;
4974 }
4975
4976 if (memcmp(sig, net_buf_tail(buf) - sizeof(sig), sizeof(sig))) {
4977 LOG_ERR("Unable to verify signature for %s", bt_addr_le_str(&conn->le.dst));
4978 return -EBADMSG;
4979 }
4980
4981 keys->remote_csrk.cnt++;
4982
4983 return 0;
4984 }
4985
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)4986 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
4987 {
4988 struct bt_keys *keys;
4989 uint32_t cnt;
4990 int err;
4991
4992 keys = bt_keys_find(BT_KEYS_LOCAL_CSRK, conn->id, &conn->le.dst);
4993 if (!keys) {
4994 LOG_ERR("Unable to find local CSRK for %s", bt_addr_le_str(&conn->le.dst));
4995 return -ENOENT;
4996 }
4997
4998 /* Reserve space for data signature */
4999 net_buf_add(buf, 12);
5000
5001 /* Copy signing count */
5002 cnt = sys_cpu_to_le32(keys->local_csrk.cnt);
5003 memcpy(net_buf_tail(buf) - 12, &cnt, sizeof(cnt));
5004
5005 LOG_DBG("Sign data len %u key %s count %u", buf->len, bt_hex(keys->local_csrk.val, 16),
5006 keys->local_csrk.cnt);
5007
5008 err = smp_sign_buf(keys->local_csrk.val, buf->data, buf->len - 12);
5009 if (err) {
5010 LOG_ERR("Unable to create signature for %s", bt_addr_le_str(&conn->le.dst));
5011 return -EIO;
5012 }
5013
5014 keys->local_csrk.cnt++;
5015
5016 return 0;
5017 }
5018 #else
bt_smp_sign_verify(struct bt_conn * conn,struct net_buf * buf)5019 int bt_smp_sign_verify(struct bt_conn *conn, struct net_buf *buf)
5020 {
5021 return -ENOTSUP;
5022 }
5023
bt_smp_sign(struct bt_conn * conn,struct net_buf * buf)5024 int bt_smp_sign(struct bt_conn *conn, struct net_buf *buf)
5025 {
5026 return -ENOTSUP;
5027 }
5028 #endif /* CONFIG_BT_SIGNING */
5029
smp_d1(const uint8_t * key,uint16_t d,uint16_t r,uint8_t res[16])5030 static int smp_d1(const uint8_t *key, uint16_t d, uint16_t r, uint8_t res[16])
5031 {
5032 int err;
5033
5034 LOG_DBG("key %s d %u r %u", bt_hex(key, 16), d, r);
5035
5036 sys_put_le16(d, &res[0]);
5037 sys_put_le16(r, &res[2]);
5038 memset(&res[4], 0, 16 - 4);
5039
5040 err = bt_encrypt_le(key, res, res);
5041 if (err) {
5042 return err;
5043 }
5044
5045 LOG_DBG("res %s", bt_hex(res, 16));
5046 return 0;
5047 }
5048
bt_smp_irk_get(uint8_t * ir,uint8_t * irk)5049 int bt_smp_irk_get(uint8_t *ir, uint8_t *irk)
5050 {
5051 uint8_t invalid_ir[16] = { 0 };
5052
5053 if (!memcmp(ir, invalid_ir, 16)) {
5054 return -EINVAL;
5055 }
5056
5057 return smp_d1(ir, 1, 0, irk);
5058 }
5059
5060 #if defined(CONFIG_BT_SMP_SELFTEST)
5061 /* Test vectors are taken from RFC 4493
5062 * https://tools.ietf.org/html/rfc4493
5063 * Same mentioned in the Bluetooth Spec.
5064 */
5065 static const uint8_t key[] = {
5066 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
5067 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
5068 };
5069
5070 static const uint8_t M[] = {
5071 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
5072 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
5073 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
5074 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
5075 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
5076 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
5077 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
5078 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
5079 };
5080
aes_test(const char * prefix,const uint8_t * in_key,const uint8_t * m,uint16_t len,const uint8_t * mac)5081 static int aes_test(const char *prefix, const uint8_t *in_key, const uint8_t *m,
5082 uint16_t len, const uint8_t *mac)
5083 {
5084 uint8_t out[16];
5085
5086 LOG_DBG("%s: AES CMAC of message with len %u", prefix, len);
5087
5088 bt_crypto_aes_cmac(in_key, m, len, out);
5089 if (!memcmp(out, mac, 16)) {
5090 LOG_DBG("%s: Success", prefix);
5091 } else {
5092 LOG_ERR("%s: Failed", prefix);
5093 return -1;
5094 }
5095
5096 return 0;
5097 }
5098
smp_aes_cmac_test(void)5099 static int smp_aes_cmac_test(void)
5100 {
5101 uint8_t mac1[] = {
5102 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
5103 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
5104 };
5105 uint8_t mac2[] = {
5106 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
5107 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
5108 };
5109 uint8_t mac3[] = {
5110 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
5111 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
5112 };
5113 uint8_t mac4[] = {
5114 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
5115 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
5116 };
5117 int err;
5118
5119 err = aes_test("Test aes-cmac0", key, M, 0, mac1);
5120 if (err) {
5121 return err;
5122 }
5123
5124 err = aes_test("Test aes-cmac16", key, M, 16, mac2);
5125 if (err) {
5126 return err;
5127 }
5128
5129 err = aes_test("Test aes-cmac40", key, M, 40, mac3);
5130 if (err) {
5131 return err;
5132 }
5133
5134 err = aes_test("Test aes-cmac64", key, M, 64, mac4);
5135 if (err) {
5136 return err;
5137 }
5138
5139 return 0;
5140 }
5141
sign_test(const char * prefix,const uint8_t * sign_key,const uint8_t * m,uint16_t len,const uint8_t * sig)5142 static int sign_test(const char *prefix, const uint8_t *sign_key, const uint8_t *m,
5143 uint16_t len, const uint8_t *sig)
5144 {
5145 uint8_t msg[len + sizeof(uint32_t) + 8];
5146 uint8_t orig[len + sizeof(uint32_t) + 8];
5147 uint8_t *out = msg + len;
5148 int err;
5149
5150 LOG_DBG("%s: Sign message with len %u", prefix, len);
5151
5152 (void)memset(msg, 0, sizeof(msg));
5153 memcpy(msg, m, len);
5154 (void)memset(msg + len, 0, sizeof(uint32_t));
5155
5156 memcpy(orig, msg, sizeof(msg));
5157
5158 err = smp_sign_buf(sign_key, msg, len);
5159 if (err) {
5160 return err;
5161 }
5162
5163 /* Check original message */
5164 if (!memcmp(msg, orig, len + sizeof(uint32_t))) {
5165 LOG_DBG("%s: Original message intact", prefix);
5166 } else {
5167 LOG_ERR("%s: Original message modified", prefix);
5168 LOG_DBG("%s: orig %s", prefix, bt_hex(orig, sizeof(orig)));
5169 LOG_DBG("%s: msg %s", prefix, bt_hex(msg, sizeof(msg)));
5170 return -1;
5171 }
5172
5173 if (!memcmp(out, sig, 12)) {
5174 LOG_DBG("%s: Success", prefix);
5175 } else {
5176 LOG_ERR("%s: Failed", prefix);
5177 return -1;
5178 }
5179
5180 return 0;
5181 }
5182
smp_sign_test(void)5183 static int smp_sign_test(void)
5184 {
5185 const uint8_t sig1[] = {
5186 0x00, 0x00, 0x00, 0x00, 0xb3, 0xa8, 0x59, 0x41,
5187 0x27, 0xeb, 0xc2, 0xc0
5188 };
5189 const uint8_t sig2[] = {
5190 0x00, 0x00, 0x00, 0x00, 0x27, 0x39, 0x74, 0xf4,
5191 0x39, 0x2a, 0x23, 0x2a
5192 };
5193 const uint8_t sig3[] = {
5194 0x00, 0x00, 0x00, 0x00, 0xb7, 0xca, 0x94, 0xab,
5195 0x87, 0xc7, 0x82, 0x18
5196 };
5197 const uint8_t sig4[] = {
5198 0x00, 0x00, 0x00, 0x00, 0x44, 0xe1, 0xe6, 0xce,
5199 0x1d, 0xf5, 0x13, 0x68
5200 };
5201 uint8_t key_s[16];
5202 int err;
5203
5204 /* Use the same key as aes-cmac but swap bytes */
5205 sys_memcpy_swap(key_s, key, 16);
5206
5207 err = sign_test("Test sign0", key_s, M, 0, sig1);
5208 if (err) {
5209 return err;
5210 }
5211
5212 err = sign_test("Test sign16", key_s, M, 16, sig2);
5213 if (err) {
5214 return err;
5215 }
5216
5217 err = sign_test("Test sign40", key_s, M, 40, sig3);
5218 if (err) {
5219 return err;
5220 }
5221
5222 err = sign_test("Test sign64", key_s, M, 64, sig4);
5223 if (err) {
5224 return err;
5225 }
5226
5227 return 0;
5228 }
5229
smp_f4_test(void)5230 static int smp_f4_test(void)
5231 {
5232 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5233 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5234 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5235 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5236 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5237 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5238 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5239 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5240 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5241 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5242 uint8_t z = 0x00;
5243 uint8_t exp[16] = { 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
5244 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
5245 uint8_t res[16];
5246 int err;
5247
5248 err = bt_crypto_f4(u, v, x, z, res);
5249 if (err) {
5250 return err;
5251 }
5252
5253 if (memcmp(res, exp, 16)) {
5254 return -EINVAL;
5255 }
5256
5257 return 0;
5258 }
5259
smp_f5_test(void)5260 static int smp_f5_test(void)
5261 {
5262 uint8_t w[32] = { 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
5263 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
5264 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5265 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5266 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5267 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5268 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5269 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5270 bt_addr_le_t a1 = { .type = 0x00,
5271 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5272 bt_addr_le_t a2 = { .type = 0x00,
5273 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5274 uint8_t exp_ltk[16] = { 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05,
5275 0x98, 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79,
5276 0x86, 0x69 };
5277 uint8_t exp_mackey[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f,
5278 0xfd, 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1,
5279 0x65, 0x29 };
5280 uint8_t mackey[16], ltk[16];
5281 int err;
5282
5283 err = bt_crypto_f5(w, n1, n2, &a1, &a2, mackey, ltk);
5284 if (err) {
5285 return err;
5286 }
5287
5288 if (memcmp(mackey, exp_mackey, 16) || memcmp(ltk, exp_ltk, 16)) {
5289 return -EINVAL;
5290 }
5291
5292 return 0;
5293 }
5294
smp_f6_test(void)5295 static int smp_f6_test(void)
5296 {
5297 uint8_t w[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
5298 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
5299 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5300 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5301 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5302 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5303 uint8_t r[16] = { 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
5304 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
5305 uint8_t io_cap[3] = { 0x02, 0x01, 0x01 };
5306 bt_addr_le_t a1 = { .type = 0x00,
5307 .a.val = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 } };
5308 bt_addr_le_t a2 = { .type = 0x00,
5309 .a.val = {0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 } };
5310 uint8_t exp[16] = { 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
5311 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
5312 uint8_t res[16];
5313 int err;
5314
5315 err = bt_crypto_f6(w, n1, n2, r, io_cap, &a1, &a2, res);
5316 if (err) {
5317 return err;
5318 }
5319
5320 if (memcmp(res, exp, 16)) {
5321 return -EINVAL;
5322 }
5323
5324 return 0;
5325 }
5326
smp_g2_test(void)5327 static int smp_g2_test(void)
5328 {
5329 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
5330 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
5331 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
5332 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
5333 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
5334 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
5335 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
5336 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
5337 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
5338 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
5339 uint8_t y[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
5340 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
5341 uint32_t exp_val = 0x2f9ed5ba % 1000000;
5342 uint32_t val;
5343 int err;
5344
5345 err = bt_crypto_g2(u, v, x, y, &val);
5346 if (err) {
5347 return err;
5348 }
5349
5350 if (val != exp_val) {
5351 return -EINVAL;
5352 }
5353
5354 return 0;
5355 }
5356
5357 #if defined(CONFIG_BT_CLASSIC)
smp_h6_test(void)5358 static int smp_h6_test(void)
5359 {
5360 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5361 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5362 uint8_t key_id[4] = { 0x72, 0x62, 0x65, 0x6c };
5363 uint8_t exp_res[16] = { 0x99, 0x63, 0xb1, 0x80, 0xe2, 0xa9, 0xd3, 0xe8,
5364 0x1c, 0xc9, 0x6d, 0xe7, 0x02, 0xe1, 0x9a, 0x2d};
5365 uint8_t res[16];
5366 int err;
5367
5368 err = bt_crypto_h6(w, key_id, res);
5369 if (err) {
5370 return err;
5371 }
5372
5373 if (memcmp(res, exp_res, 16)) {
5374 return -EINVAL;
5375 }
5376
5377 return 0;
5378 }
5379
smp_h7_test(void)5380 static int smp_h7_test(void)
5381 {
5382 uint8_t salt[16] = { 0x31, 0x70, 0x6d, 0x74, 0x00, 0x00, 0x00, 0x00,
5383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
5384 uint8_t w[16] = { 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
5385 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
5386 uint8_t exp_res[16] = { 0x11, 0x70, 0xa5, 0x75, 0x2a, 0x8c, 0x99, 0xd2,
5387 0xec, 0xc0, 0xa3, 0xc6, 0x97, 0x35, 0x17, 0xfb};
5388 uint8_t res[16];
5389 int err;
5390
5391 err = bt_crypto_h7(salt, w, res);
5392 if (err) {
5393 return err;
5394 }
5395
5396 if (memcmp(res, exp_res, 16)) {
5397 return -EINVAL;
5398 }
5399
5400 return 0;
5401 }
5402 #endif /* CONFIG_BT_CLASSIC */
5403
smp_h8_test(void)5404 static int smp_h8_test(void)
5405 {
5406 uint8_t k[16] = {0xec, 0x02, 0x34, 0xa3, 0x57, 0xc8, 0xad, 0x05,
5407 0x34, 0x10, 0x10, 0xa6, 0x0a, 0x39, 0x7d, 0x9b};
5408 uint8_t s[16] = {0x15, 0x36, 0xd1, 0x8d, 0xe3, 0xd2, 0x0d, 0xf9,
5409 0x9b, 0x70, 0x44, 0xc1, 0x2f, 0x9e, 0xd5, 0xba};
5410 uint8_t key_id[4] = {0xcc, 0x03, 0x01, 0x48};
5411
5412 uint8_t exp_res[16] = {0xe5, 0xe5, 0xbe, 0xba, 0xae, 0x72, 0x28, 0xe7,
5413 0x22, 0xa3, 0x89, 0x04, 0xed, 0x35, 0x0f, 0x6d};
5414 uint8_t res[16];
5415 int err;
5416
5417 err = bt_crypto_h8(k, s, key_id, res);
5418 if (err) {
5419 return err;
5420 }
5421
5422 if (memcmp(res, exp_res, 16)) {
5423 return -EINVAL;
5424 }
5425
5426 return 0;
5427 }
5428
smp_self_test(void)5429 static int smp_self_test(void)
5430 {
5431 int err;
5432
5433 err = smp_aes_cmac_test();
5434 if (err) {
5435 LOG_ERR("SMP AES-CMAC self tests failed");
5436 return err;
5437 }
5438
5439 err = smp_sign_test();
5440 if (err) {
5441 LOG_ERR("SMP signing self tests failed");
5442 return err;
5443 }
5444
5445 err = smp_f4_test();
5446 if (err) {
5447 LOG_ERR("SMP f4 self test failed");
5448 return err;
5449 }
5450
5451 err = smp_f5_test();
5452 if (err) {
5453 LOG_ERR("SMP f5 self test failed");
5454 return err;
5455 }
5456
5457 err = smp_f6_test();
5458 if (err) {
5459 LOG_ERR("SMP f6 self test failed");
5460 return err;
5461 }
5462
5463 err = smp_g2_test();
5464 if (err) {
5465 LOG_ERR("SMP g2 self test failed");
5466 return err;
5467 }
5468
5469 #if defined(CONFIG_BT_CLASSIC)
5470 err = smp_h6_test();
5471 if (err) {
5472 LOG_ERR("SMP h6 self test failed");
5473 return err;
5474 }
5475
5476 err = smp_h7_test();
5477 if (err) {
5478 LOG_ERR("SMP h7 self test failed");
5479 return err;
5480 }
5481 #endif /* CONFIG_BT_CLASSIC */
5482 err = smp_h8_test();
5483 if (err) {
5484 LOG_ERR("SMP h8 self test failed");
5485 return err;
5486 }
5487
5488 return 0;
5489 }
5490 #else
smp_self_test(void)5491 static inline int smp_self_test(void)
5492 {
5493 return 0;
5494 }
5495 #endif
5496
5497 #if defined(CONFIG_BT_BONDABLE_PER_CONNECTION)
bt_conn_set_bondable(struct bt_conn * conn,bool enable)5498 int bt_conn_set_bondable(struct bt_conn *conn, bool enable)
5499 {
5500 struct bt_smp *smp;
5501
5502 if (!bt_conn_is_type(conn, BT_CONN_TYPE_LE | BT_CONN_TYPE_BR)) {
5503 LOG_DBG("Invalid connection type: %u for %p", conn->type, conn);
5504 return -EINVAL;
5505 }
5506
5507 if (IS_ENABLED(CONFIG_BT_CLASSIC) && (conn->type == BT_CONN_TYPE_BR)) {
5508 if (enable && atomic_test_and_set_bit(conn->flags, BT_CONN_BR_BONDABLE)) {
5509 return -EALREADY;
5510 }
5511 if (!enable && !atomic_test_and_clear_bit(conn->flags, BT_CONN_BR_BONDABLE)) {
5512 return -EALREADY;
5513 }
5514 return 0;
5515 }
5516
5517 smp = smp_chan_get(conn);
5518 if (!smp) {
5519 return -EINVAL;
5520 }
5521
5522 if (atomic_cas(&smp->bondable, BT_SMP_BONDABLE_UNINITIALIZED, (atomic_val_t)enable)) {
5523 return 0;
5524 } else {
5525 return -EALREADY;
5526 }
5527 }
5528 #endif
5529
bt_smp_auth_cb_overlay(struct bt_conn * conn,const struct bt_conn_auth_cb * cb)5530 int bt_smp_auth_cb_overlay(struct bt_conn *conn, const struct bt_conn_auth_cb *cb)
5531 {
5532 struct bt_smp *smp;
5533
5534 smp = smp_chan_get(conn);
5535 if (!smp) {
5536 return -EINVAL;
5537 }
5538
5539 if (atomic_ptr_cas(&smp->auth_cb, BT_SMP_AUTH_CB_UNINITIALIZED, (atomic_ptr_val_t)cb)) {
5540 return 0;
5541 } else {
5542 return -EALREADY;
5543 }
5544 }
5545
5546 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
smp_send_keypress_notif(struct bt_smp * smp,uint8_t type)5547 static int smp_send_keypress_notif(struct bt_smp *smp, uint8_t type)
5548 {
5549 struct bt_smp_keypress_notif *req;
5550 struct net_buf *buf;
5551
5552 buf = smp_create_pdu(smp, BT_SMP_KEYPRESS_NOTIFICATION, sizeof(*req));
5553 if (!buf) {
5554 return -ENOMEM;
5555 }
5556
5557 req = net_buf_add(buf, sizeof(*req));
5558 req->type = type;
5559
5560 smp_send(smp, buf, NULL, NULL);
5561
5562 return 0;
5563 }
5564 #endif
5565
5566 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
bt_smp_auth_keypress_notify(struct bt_conn * conn,enum bt_conn_auth_keypress type)5567 int bt_smp_auth_keypress_notify(struct bt_conn *conn, enum bt_conn_auth_keypress type)
5568 {
5569 struct bt_smp *smp;
5570
5571 smp = smp_chan_get(conn);
5572 if (!smp) {
5573 return -EINVAL;
5574 }
5575
5576 CHECKIF(!IN_RANGE(type,
5577 BT_CONN_AUTH_KEYPRESS_ENTRY_STARTED,
5578 BT_CONN_AUTH_KEYPRESS_ENTRY_COMPLETED)) {
5579 LOG_ERR("Refusing to send unknown event type %u", type);
5580 return -EINVAL;
5581 }
5582
5583 if (smp->method != PASSKEY_INPUT ||
5584 !atomic_test_bit(smp->flags, SMP_FLAG_USER)) {
5585 LOG_ERR("Refusing to send keypress: Not waiting for passkey input.");
5586 return -EINVAL;
5587 }
5588
5589 return smp_send_keypress_notif(smp, type);
5590 }
5591 #endif
5592
bt_smp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)5593 int bt_smp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
5594 {
5595 struct bt_smp *smp;
5596 uint8_t err;
5597
5598 smp = smp_chan_get(conn);
5599 if (!smp) {
5600 return -EINVAL;
5601 }
5602
5603 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5604 return -EINVAL;
5605 }
5606
5607 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
5608 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5609 legacy_passkey_entry(smp, passkey);
5610 return 0;
5611 }
5612 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5613
5614 smp->passkey = sys_cpu_to_le32(passkey);
5615
5616 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5617 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5618 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
5619 err = smp_send_pairing_confirm(smp);
5620 if (err) {
5621 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5622 return 0;
5623 }
5624 return 0;
5625 }
5626
5627 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
5628 atomic_test_bit(smp->flags, SMP_FLAG_CFM_DELAYED)) {
5629 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5630 err = smp_send_pairing_confirm(smp);
5631 if (err) {
5632 smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5633 return 0;
5634 }
5635 }
5636
5637 return 0;
5638 }
5639
bt_smp_auth_passkey_confirm(struct bt_conn * conn)5640 int bt_smp_auth_passkey_confirm(struct bt_conn *conn)
5641 {
5642 struct bt_smp *smp;
5643
5644 smp = smp_chan_get(conn);
5645 if (!smp) {
5646 return -EINVAL;
5647 }
5648
5649 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5650 return -EINVAL;
5651 }
5652
5653 /* wait for DHKey being generated */
5654 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_PENDING)) {
5655 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5656 return 0;
5657 }
5658
5659 /* wait for remote DHKey Check */
5660 if (atomic_test_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT)) {
5661 atomic_set_bit(smp->flags, SMP_FLAG_DHKEY_SEND);
5662 return 0;
5663 }
5664
5665 if (atomic_test_bit(smp->flags, SMP_FLAG_DHKEY_SEND)) {
5666 uint8_t err;
5667
5668 #if defined(CONFIG_BT_CENTRAL)
5669 if (smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5670 err = compute_and_send_central_dhcheck(smp);
5671 if (err) {
5672 smp_error(smp, err);
5673 }
5674 return 0;
5675 }
5676 #endif /* CONFIG_BT_CENTRAL */
5677
5678 #if defined(CONFIG_BT_PERIPHERAL)
5679 err = compute_and_check_and_send_periph_dhcheck(smp);
5680 if (err) {
5681 smp_error(smp, err);
5682 }
5683 #endif /* CONFIG_BT_PERIPHERAL */
5684 }
5685
5686 return 0;
5687 }
5688
5689 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_le_oob_set_tk(struct bt_conn * conn,const uint8_t * tk)5690 int bt_smp_le_oob_set_tk(struct bt_conn *conn, const uint8_t *tk)
5691 {
5692 struct bt_smp *smp;
5693
5694 smp = smp_chan_get(conn);
5695 if (!smp || !tk) {
5696 return -EINVAL;
5697 }
5698
5699 LOG_DBG("%s", bt_hex(tk, 16));
5700
5701 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5702 return -EINVAL;
5703 }
5704
5705 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
5706 uint8_t oob[16];
5707
5708 sys_memcpy_swap(oob, tk, 16);
5709 LOG_INF("Legacy OOB data 0x%s", bt_hex(oob, 16));
5710 }
5711
5712 memcpy(smp->tk, tk, 16*sizeof(uint8_t));
5713
5714 legacy_user_tk_entry(smp);
5715
5716 return 0;
5717 }
5718 #endif /* !defined(CONFIG_BT_SMP_SC_PAIR_ONLY) */
5719
bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data * le_sc_oob)5720 int bt_smp_le_oob_generate_sc_data(struct bt_le_oob_sc_data *le_sc_oob)
5721 {
5722 int err;
5723
5724 if (!le_sc_supported()) {
5725 return -ENOTSUP;
5726 }
5727
5728 if (!sc_public_key) {
5729 /* Public key request has not been finished yet, or finished, but generation failed.
5730 * Retrying.
5731 */
5732 err = k_mutex_lock(&pub_key_gen.lock, K_FOREVER);
5733 __ASSERT_NO_MSG(err == 0);
5734
5735 err = bt_pub_key_gen(&pub_key_gen.cb);
5736 if (err && err != -EALREADY) {
5737 LOG_WRN("Public key re-generation request failed (%d)", err);
5738
5739 int mutex_err;
5740
5741 mutex_err = k_mutex_unlock(&pub_key_gen.lock);
5742 __ASSERT_NO_MSG(mutex_err == 0);
5743
5744 return err;
5745 }
5746
5747 /* 30 seconds is an arbitrary number. Increase if fails earlier on certain
5748 * platforms.
5749 */
5750 err = k_condvar_wait(&pub_key_gen.condvar,
5751 &pub_key_gen.lock,
5752 K_SECONDS(30));
5753 if (err) {
5754 LOG_WRN("Public key generation timeout");
5755 return err;
5756 }
5757
5758 err = k_mutex_unlock(&pub_key_gen.lock);
5759 __ASSERT_NO_MSG(err == 0);
5760
5761 /* Public key has been re-requested but generation failed. */
5762 if (!sc_public_key) {
5763 return -EAGAIN;
5764 }
5765 }
5766
5767 if (IS_ENABLED(CONFIG_BT_OOB_DATA_FIXED)) {
5768 uint8_t rand_num[] = {
5769 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5770 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
5771 };
5772
5773 memcpy(le_sc_oob->r, rand_num, sizeof(le_sc_oob->r));
5774 } else {
5775 err = bt_rand(le_sc_oob->r, 16);
5776 if (err) {
5777 return err;
5778 }
5779 }
5780
5781 err = bt_crypto_f4(sc_public_key, sc_public_key, le_sc_oob->r, 0,
5782 le_sc_oob->c);
5783 if (err) {
5784 return err;
5785 }
5786
5787 return 0;
5788 }
5789
5790 #if !defined(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)
le_sc_oob_data_check(struct bt_smp * smp,bool oobd_local_present,bool oobd_remote_present)5791 static bool le_sc_oob_data_check(struct bt_smp *smp, bool oobd_local_present,
5792 bool oobd_remote_present)
5793 {
5794 bool req_oob_present = le_sc_oob_data_req_check(smp);
5795 bool rsp_oob_present = le_sc_oob_data_rsp_check(smp);
5796
5797 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5798 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5799 if ((req_oob_present != oobd_remote_present) &&
5800 (rsp_oob_present != oobd_local_present)) {
5801 return false;
5802 }
5803 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5804 if ((req_oob_present != oobd_local_present) &&
5805 (rsp_oob_present != oobd_remote_present)) {
5806 return false;
5807 }
5808 }
5809
5810 return true;
5811 }
5812
le_sc_oob_pairing_continue(struct bt_smp * smp)5813 static int le_sc_oob_pairing_continue(struct bt_smp *smp)
5814 {
5815 if (smp->oobd_remote) {
5816 int err;
5817 uint8_t c[16];
5818
5819 err = bt_crypto_f4(smp->pkey, smp->pkey, smp->oobd_remote->r, 0, c);
5820 if (err) {
5821 return err;
5822 }
5823
5824 bool match = (memcmp(c, smp->oobd_remote->c, sizeof(c)) == 0);
5825
5826 if (!match) {
5827 smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5828 return 0;
5829 }
5830 }
5831
5832 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5833 smp->chan.chan.conn->role == BT_HCI_ROLE_CENTRAL) {
5834 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
5835 } else if (IS_ENABLED(CONFIG_BT_PERIPHERAL)) {
5836 atomic_set_bit(smp->allowed_cmds, BT_SMP_DHKEY_CHECK);
5837 atomic_set_bit(smp->flags, SMP_FLAG_DHCHECK_WAIT);
5838 }
5839
5840 return smp_send_pairing_random(smp);
5841 }
5842
bt_smp_le_oob_set_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data * oobd_local,const struct bt_le_oob_sc_data * oobd_remote)5843 int bt_smp_le_oob_set_sc_data(struct bt_conn *conn,
5844 const struct bt_le_oob_sc_data *oobd_local,
5845 const struct bt_le_oob_sc_data *oobd_remote)
5846 {
5847 struct bt_smp *smp;
5848
5849 smp = smp_chan_get(conn);
5850 if (!smp) {
5851 return -EINVAL;
5852 }
5853
5854 if (!le_sc_oob_data_check(smp, (oobd_local != NULL),
5855 (oobd_remote != NULL))) {
5856 return -EINVAL;
5857 }
5858
5859 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_OOB_PENDING)) {
5860 return -EINVAL;
5861 }
5862
5863 smp->oobd_local = oobd_local;
5864 smp->oobd_remote = oobd_remote;
5865
5866 return le_sc_oob_pairing_continue(smp);
5867 }
5868
bt_smp_le_oob_get_sc_data(struct bt_conn * conn,const struct bt_le_oob_sc_data ** oobd_local,const struct bt_le_oob_sc_data ** oobd_remote)5869 int bt_smp_le_oob_get_sc_data(struct bt_conn *conn,
5870 const struct bt_le_oob_sc_data **oobd_local,
5871 const struct bt_le_oob_sc_data **oobd_remote)
5872 {
5873 struct bt_smp *smp;
5874
5875 smp = smp_chan_get(conn);
5876 if (!smp) {
5877 return -EINVAL;
5878 }
5879
5880 if (!smp->oobd_local && !smp->oobd_remote) {
5881 return -ESRCH;
5882 }
5883
5884 if (oobd_local) {
5885 *oobd_local = smp->oobd_local;
5886 }
5887
5888 if (oobd_remote) {
5889 *oobd_remote = smp->oobd_remote;
5890 }
5891
5892 return 0;
5893 }
5894 #endif /* !CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY */
5895
bt_smp_auth_cancel(struct bt_conn * conn)5896 int bt_smp_auth_cancel(struct bt_conn *conn)
5897 {
5898 struct bt_smp *smp;
5899
5900 smp = smp_chan_get(conn);
5901 if (!smp) {
5902 return -EINVAL;
5903 }
5904
5905 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5906 return -EINVAL;
5907 }
5908
5909 LOG_DBG("");
5910
5911 switch (smp->method) {
5912 case PASSKEY_INPUT:
5913 case PASSKEY_DISPLAY:
5914 return smp_error(smp, BT_SMP_ERR_PASSKEY_ENTRY_FAILED);
5915 case PASSKEY_CONFIRM:
5916 return smp_error(smp, BT_SMP_ERR_CONFIRM_FAILED);
5917 case LE_SC_OOB:
5918 case LEGACY_OOB:
5919 return smp_error(smp, BT_SMP_ERR_OOB_NOT_AVAIL);
5920 case JUST_WORKS:
5921 return smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
5922 default:
5923 LOG_ERR("Unknown pairing method (%u)", smp->method);
5924 return 0;
5925 }
5926 }
5927
5928 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5929 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5930 {
5931 struct bt_smp *smp;
5932
5933 smp = smp_chan_get(conn);
5934 if (!smp) {
5935 return -EINVAL;
5936 }
5937
5938 if (!atomic_test_and_clear_bit(smp->flags, SMP_FLAG_USER)) {
5939 return -EINVAL;
5940 }
5941
5942 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
5943 conn->role == BT_CONN_ROLE_CENTRAL) {
5944 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5945 atomic_set_bit(smp->allowed_cmds,
5946 BT_SMP_CMD_PAIRING_CONFIRM);
5947 return legacy_send_pairing_confirm(smp);
5948 }
5949
5950 if (!sc_public_key) {
5951 atomic_set_bit(smp->flags, SMP_FLAG_PKEY_SEND);
5952 return 0;
5953 }
5954
5955 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5956 return sc_send_public_key(smp);
5957 }
5958
5959 #if defined(CONFIG_BT_PERIPHERAL)
5960 if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
5961 atomic_set_bit(smp->allowed_cmds,
5962 BT_SMP_CMD_PAIRING_CONFIRM);
5963 return send_pairing_rsp(smp);
5964 }
5965
5966 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PUBLIC_KEY);
5967 if (send_pairing_rsp(smp)) {
5968 return -EIO;
5969 }
5970 #endif /* CONFIG_BT_PERIPHERAL */
5971
5972 return 0;
5973 }
5974 #else
bt_smp_auth_pairing_confirm(struct bt_conn * conn)5975 int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
5976 {
5977 /* confirm_pairing will never be called in LE SC only mode */
5978 return -EINVAL;
5979 }
5980 #endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
5981
5982 #if defined(CONFIG_BT_FIXED_PASSKEY)
bt_passkey_set(unsigned int passkey)5983 int bt_passkey_set(unsigned int passkey)
5984 {
5985 if (passkey == BT_PASSKEY_INVALID) {
5986 fixed_passkey = BT_PASSKEY_INVALID;
5987 return 0;
5988 }
5989
5990 if (passkey > 999999) {
5991 return -EINVAL;
5992 }
5993
5994 fixed_passkey = passkey;
5995 return 0;
5996 }
5997 #endif /* CONFIG_BT_FIXED_PASSKEY */
5998
bt_smp_start_security(struct bt_conn * conn)5999 int bt_smp_start_security(struct bt_conn *conn)
6000 {
6001 switch (conn->role) {
6002 #if defined(CONFIG_BT_CENTRAL)
6003 case BT_HCI_ROLE_CENTRAL:
6004 {
6005 int err;
6006 struct bt_smp *smp;
6007
6008 smp = smp_chan_get(conn);
6009 if (!smp) {
6010 return -ENOTCONN;
6011 }
6012
6013 /* pairing is in progress */
6014 if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
6015 return -EBUSY;
6016 }
6017
6018 /* Encryption is in progress */
6019 if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
6020 return -EBUSY;
6021 }
6022
6023 if (!smp_keys_check(conn)) {
6024 return smp_send_pairing_req(conn);
6025 }
6026
6027 /* LE SC LTK and legacy central LTK are stored in same place */
6028 err = bt_conn_le_start_encryption(conn,
6029 conn->le.keys->ltk.rand,
6030 conn->le.keys->ltk.ediv,
6031 conn->le.keys->ltk.val,
6032 conn->le.keys->enc_size);
6033 if (err) {
6034 return err;
6035 }
6036
6037 atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
6038 atomic_set_bit(smp->flags, SMP_FLAG_ENC_PENDING);
6039 return 0;
6040 }
6041 #endif /* CONFIG_BT_CENTRAL && CONFIG_BT_SMP */
6042 #if defined(CONFIG_BT_PERIPHERAL)
6043 case BT_HCI_ROLE_PERIPHERAL:
6044 return smp_send_security_req(conn);
6045 #endif /* CONFIG_BT_PERIPHERAL && CONFIG_BT_SMP */
6046 default:
6047 return -EINVAL;
6048 }
6049 }
6050
bt_smp_update_keys(struct bt_conn * conn)6051 void bt_smp_update_keys(struct bt_conn *conn)
6052 {
6053 struct bt_smp *smp;
6054
6055 smp = smp_chan_get(conn);
6056 if (!smp) {
6057 return;
6058 }
6059
6060 if (!atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
6061 return;
6062 }
6063
6064 /*
6065 * If link was successfully encrypted cleanup old keys as from now on
6066 * only keys distributed in this pairing or LTK from LE SC will be used.
6067 */
6068 if (conn->le.keys) {
6069 bt_keys_clear(conn->le.keys);
6070 }
6071
6072 conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
6073 if (!conn->le.keys) {
6074 LOG_ERR("Unable to get keys for %s", bt_addr_le_str(&conn->le.dst));
6075 smp_error(smp, BT_SMP_ERR_UNSPECIFIED);
6076 return;
6077 }
6078
6079 /* mark keys as debug */
6080 if (atomic_test_bit(smp->flags, SMP_FLAG_SC_DEBUG_KEY)) {
6081 conn->le.keys->flags |= BT_KEYS_DEBUG;
6082 }
6083
6084 /*
6085 * store key type deducted from pairing method used
6086 * it is important to store it since type is used to determine
6087 * security level upon encryption
6088 */
6089 switch (smp->method) {
6090 case LE_SC_OOB:
6091 case LEGACY_OOB:
6092 conn->le.keys->flags |= BT_KEYS_OOB;
6093 /* fallthrough */
6094 case PASSKEY_DISPLAY:
6095 case PASSKEY_INPUT:
6096 case PASSKEY_CONFIRM:
6097 conn->le.keys->flags |= BT_KEYS_AUTHENTICATED;
6098 break;
6099 case JUST_WORKS:
6100 default:
6101 /* unauthenticated key, clear it */
6102 conn->le.keys->flags &= ~BT_KEYS_OOB;
6103 conn->le.keys->flags &= ~BT_KEYS_AUTHENTICATED;
6104 break;
6105 }
6106
6107 conn->le.keys->enc_size = get_encryption_key_size(smp);
6108
6109 /*
6110 * Store LTK if LE SC is used, this is safe since LE SC is mutually
6111 * exclusive with legacy pairing. Other keys are added on keys
6112 * distribution.
6113 */
6114 if (atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
6115 conn->le.keys->flags |= BT_KEYS_SC;
6116
6117 if (atomic_test_bit(smp->flags, SMP_FLAG_BOND)) {
6118 bt_keys_add_type(conn->le.keys, BT_KEYS_LTK_P256);
6119 memcpy(conn->le.keys->ltk.val, smp->tk,
6120 sizeof(conn->le.keys->ltk.val));
6121 (void)memset(conn->le.keys->ltk.rand, 0,
6122 sizeof(conn->le.keys->ltk.rand));
6123 (void)memset(conn->le.keys->ltk.ediv, 0,
6124 sizeof(conn->le.keys->ltk.ediv));
6125 } else if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
6126 uint8_t ltk[16];
6127
6128 sys_memcpy_swap(ltk, smp->tk, conn->le.keys->enc_size);
6129 LOG_INF("SC LTK: 0x%s (No bonding)", bt_hex(ltk, conn->le.keys->enc_size));
6130 }
6131 } else {
6132 conn->le.keys->flags &= ~BT_KEYS_SC;
6133 }
6134 }
6135
bt_smp_accept(struct bt_conn * conn,struct bt_l2cap_chan ** chan)6136 static int bt_smp_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
6137 {
6138 int i;
6139 static const struct bt_l2cap_chan_ops ops = {
6140 .connected = bt_smp_connected,
6141 .disconnected = bt_smp_disconnected,
6142 .encrypt_change = bt_smp_encrypt_change,
6143 .recv = bt_smp_recv,
6144 };
6145
6146 LOG_DBG("conn %p handle %u", conn, conn->handle);
6147
6148 for (i = 0; i < ARRAY_SIZE(bt_smp_pool); i++) {
6149 struct bt_smp *smp = &bt_smp_pool[i];
6150
6151 if (smp->chan.chan.conn) {
6152 continue;
6153 }
6154
6155 smp->chan.chan.ops = &ops;
6156
6157 *chan = &smp->chan.chan;
6158
6159 return 0;
6160 }
6161
6162 LOG_ERR("No available SMP context for conn %p", conn);
6163
6164 return -ENOMEM;
6165 }
6166
6167 BT_L2CAP_CHANNEL_DEFINE(smp_fixed_chan, BT_L2CAP_CID_SMP, bt_smp_accept, NULL);
6168 #if defined(CONFIG_BT_CLASSIC)
6169 BT_L2CAP_BR_CHANNEL_DEFINE(smp_br_fixed_chan, BT_L2CAP_CID_BR_SMP,
6170 bt_smp_br_accept);
6171 #endif /* CONFIG_BT_CLASSIC */
6172
bt_smp_init(void)6173 int bt_smp_init(void)
6174 {
6175 sc_supported = le_sc_supported();
6176 if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) && !sc_supported) {
6177 LOG_ERR("SC Pair Only Mode selected but LE SC not supported");
6178 return -ENOENT;
6179 }
6180
6181 if (IS_ENABLED(CONFIG_BT_SMP_USB_HCI_CTLR_WORKAROUND)) {
6182 LOG_WRN("BT_SMP_USB_HCI_CTLR_WORKAROUND is enabled, which "
6183 "exposes a security vulnerability!");
6184 }
6185
6186 LOG_DBG("LE SC %s", sc_supported ? "enabled" : "disabled");
6187
6188 if (!IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY)) {
6189 bt_pub_key_gen(&pub_key_gen.cb);
6190 }
6191
6192 return smp_self_test();
6193 }
6194
