Lines Matching full:smp
37 #include "smp.h"
54 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) argument
101 u8 preq[7]; /* SMP Pairing Request */
102 u8 prsp[7]; /* SMP Pairing Response */
103 u8 prnd[16]; /* SMP Pairing Random (local) */
104 u8 rrnd[16]; /* SMP Pairing Random (remote) */
105 u8 pcnf[16]; /* SMP Pairing Confirm */
106 u8 tk[16]; /* SMP Temporary Key */
135 /* These debug key values are defined in the SMP section of the core
166 /* The following functions map to the LE SC SMP crypto functions
243 * the SMP section of the Bluetooth core specification. In ASCII in smp_f5()
377 /* The following functions map to the legacy SMP crypto functions e, c1,
511 struct smp_dev *smp; in smp_irk_matches() local
518 smp = chan->data; in smp_irk_matches()
522 err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash); in smp_irk_matches()
532 struct smp_dev *smp; in smp_generate_rpa() local
538 smp = chan->data; in smp_generate_rpa()
545 err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b); in smp_generate_rpa()
557 struct smp_dev *smp; in smp_generate_oob() local
563 smp = chan->data; in smp_generate_oob()
567 err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk); in smp_generate_oob()
570 memcpy(smp->local_pk, debug_pk, 64); in smp_generate_oob()
571 smp->debug_key = true; in smp_generate_oob()
575 err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk); in smp_generate_oob()
582 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in smp_generate_oob()
585 smp->debug_key = false; in smp_generate_oob()
588 SMP_DBG("OOB Public Key X: %32phN", smp->local_pk); in smp_generate_oob()
589 SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32); in smp_generate_oob()
591 get_random_bytes(smp->local_rand, 16); in smp_generate_oob()
593 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk, in smp_generate_oob()
594 smp->local_rand, 0, hash); in smp_generate_oob()
598 memcpy(rand, smp->local_rand, 16); in smp_generate_oob()
600 smp->local_oob = true; in smp_generate_oob()
607 struct l2cap_chan *chan = conn->smp; in smp_send_cmd()
608 struct smp_chan *smp; in smp_send_cmd() local
632 smp = chan->data; in smp_send_cmd()
634 cancel_delayed_work_sync(&smp->security_timer); in smp_send_cmd()
635 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); in smp_send_cmd()
667 struct l2cap_chan *chan = conn->smp; in build_pairing_cmd()
668 struct smp_chan *smp = chan->data; in build_pairing_cmd() local
705 set_bit(SMP_FLAG_REMOTE_OOB, &smp->flags); in build_pairing_cmd()
707 memcpy(smp->rr, oob_data->rand256, 16); in build_pairing_cmd()
708 memcpy(smp->pcnf, oob_data->hash256, 16); in build_pairing_cmd()
709 SMP_DBG("OOB Remote Confirmation: %16phN", smp->pcnf); in build_pairing_cmd()
710 SMP_DBG("OOB Remote Random: %16phN", smp->rr); in build_pairing_cmd()
725 smp->remote_key_dist = remote_dist; in build_pairing_cmd()
736 smp->remote_key_dist = rsp->init_key_dist; in build_pairing_cmd()
741 struct l2cap_chan *chan = conn->smp; in check_enc_key_size()
743 struct smp_chan *smp = chan->data; in check_enc_key_size() local
749 smp->enc_key_size = max_key_size; in check_enc_key_size()
756 struct l2cap_chan *chan = conn->smp; in smp_chan_destroy()
757 struct smp_chan *smp = chan->data; in smp_chan_destroy() local
761 BUG_ON(!smp); in smp_chan_destroy()
763 cancel_delayed_work_sync(&smp->security_timer); in smp_chan_destroy()
765 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_chan_destroy()
768 kzfree(smp->csrk); in smp_chan_destroy()
769 kzfree(smp->slave_csrk); in smp_chan_destroy()
770 kzfree(smp->link_key); in smp_chan_destroy()
772 crypto_free_cipher(smp->tfm_aes); in smp_chan_destroy()
773 crypto_free_shash(smp->tfm_cmac); in smp_chan_destroy()
774 crypto_free_kpp(smp->tfm_ecdh); in smp_chan_destroy()
779 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG && in smp_chan_destroy()
781 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
782 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
783 smp->ltk = NULL; in smp_chan_destroy()
788 if (smp->ltk) { in smp_chan_destroy()
789 list_del_rcu(&smp->ltk->list); in smp_chan_destroy()
790 kfree_rcu(smp->ltk, rcu); in smp_chan_destroy()
793 if (smp->slave_ltk) { in smp_chan_destroy()
794 list_del_rcu(&smp->slave_ltk->list); in smp_chan_destroy()
795 kfree_rcu(smp->slave_ltk, rcu); in smp_chan_destroy()
798 if (smp->remote_irk) { in smp_chan_destroy()
799 list_del_rcu(&smp->remote_irk->list); in smp_chan_destroy()
800 kfree_rcu(smp->remote_irk, rcu); in smp_chan_destroy()
805 kzfree(smp); in smp_chan_destroy()
812 struct l2cap_chan *chan = conn->smp; in smp_failure()
848 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) in get_auth_method() argument
857 if (test_bit(SMP_FLAG_SC, &smp->flags)) in get_auth_method()
867 struct l2cap_chan *chan = conn->smp; in tk_request()
868 struct smp_chan *smp = chan->data; in tk_request() local
873 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
874 clear_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
885 smp->method = JUST_CFM; in tk_request()
887 smp->method = get_auth_method(smp, local_io, remote_io); in tk_request()
890 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, in tk_request()
891 &smp->flags)) in tk_request()
892 smp->method = JUST_WORKS; in tk_request()
895 if (smp->method == JUST_CFM && in tk_request()
897 smp->method = JUST_WORKS; in tk_request()
900 if (smp->method == JUST_WORKS) { in tk_request()
901 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
908 if (test_bit(SMP_FLAG_SC, &smp->flags)) in tk_request()
912 if (smp->method != JUST_CFM) { in tk_request()
913 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); in tk_request()
921 if (smp->method == OVERLAP) { in tk_request()
923 smp->method = CFM_PASSKEY; in tk_request()
925 smp->method = REQ_PASSKEY; in tk_request()
929 if (smp->method == CFM_PASSKEY) { in tk_request()
930 memset(smp->tk, 0, sizeof(smp->tk)); in tk_request()
933 put_unaligned_le32(passkey, smp->tk); in tk_request()
935 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in tk_request()
938 if (smp->method == REQ_PASSKEY) in tk_request()
941 else if (smp->method == JUST_CFM) in tk_request()
953 static u8 smp_confirm(struct smp_chan *smp) in smp_confirm() argument
955 struct l2cap_conn *conn = smp->conn; in smp_confirm()
961 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp, in smp_confirm()
968 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_confirm()
970 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); in smp_confirm()
973 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_confirm()
975 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_confirm()
980 static u8 smp_random(struct smp_chan *smp) in smp_random() argument
982 struct l2cap_conn *conn = smp->conn; in smp_random()
987 if (IS_ERR_OR_NULL(smp->tfm_aes)) in smp_random()
992 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp, in smp_random()
998 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) { in smp_random()
1009 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk); in smp_random()
1014 hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size); in smp_random()
1015 hcon->enc_key_size = smp->enc_key_size; in smp_random()
1022 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_random()
1023 smp->prnd); in smp_random()
1025 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk); in smp_random()
1037 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); in smp_random()
1045 struct l2cap_chan *chan = conn->smp; in smp_notify_keys()
1046 struct smp_chan *smp = chan->data; in smp_notify_keys() local
1049 struct smp_cmd_pairing *req = (void *) &smp->preq[1]; in smp_notify_keys()
1050 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; in smp_notify_keys()
1068 if (smp->remote_irk) { in smp_notify_keys()
1069 mgmt_new_irk(hdev, smp->remote_irk, persistent); in smp_notify_keys()
1076 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); in smp_notify_keys()
1077 hcon->dst_type = smp->remote_irk->addr_type; in smp_notify_keys()
1082 if (smp->csrk) { in smp_notify_keys()
1083 smp->csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1084 bacpy(&smp->csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1085 mgmt_new_csrk(hdev, smp->csrk, persistent); in smp_notify_keys()
1088 if (smp->slave_csrk) { in smp_notify_keys()
1089 smp->slave_csrk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1090 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst); in smp_notify_keys()
1091 mgmt_new_csrk(hdev, smp->slave_csrk, persistent); in smp_notify_keys()
1094 if (smp->ltk) { in smp_notify_keys()
1095 smp->ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1096 bacpy(&smp->ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1097 mgmt_new_ltk(hdev, smp->ltk, persistent); in smp_notify_keys()
1100 if (smp->slave_ltk) { in smp_notify_keys()
1101 smp->slave_ltk->bdaddr_type = hcon->dst_type; in smp_notify_keys()
1102 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); in smp_notify_keys()
1103 mgmt_new_ltk(hdev, smp->slave_ltk, persistent); in smp_notify_keys()
1106 if (smp->link_key) { in smp_notify_keys()
1110 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in smp_notify_keys()
1117 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, in smp_notify_keys()
1118 smp->link_key, type, 0, &persistent); in smp_notify_keys()
1134 static void sc_add_ltk(struct smp_chan *smp) in sc_add_ltk() argument
1136 struct hci_conn *hcon = smp->conn->hcon; in sc_add_ltk()
1139 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) in sc_add_ltk()
1149 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, in sc_add_ltk()
1150 key_type, auth, smp->tk, smp->enc_key_size, in sc_add_ltk()
1154 static void sc_generate_link_key(struct smp_chan *smp) in sc_generate_link_key() argument
1159 smp->link_key = kzalloc(16, GFP_KERNEL); in sc_generate_link_key()
1160 if (!smp->link_key) in sc_generate_link_key()
1163 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_link_key()
1167 if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) { in sc_generate_link_key()
1168 kzfree(smp->link_key); in sc_generate_link_key()
1169 smp->link_key = NULL; in sc_generate_link_key()
1176 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) { in sc_generate_link_key()
1177 kzfree(smp->link_key); in sc_generate_link_key()
1178 smp->link_key = NULL; in sc_generate_link_key()
1183 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) { in sc_generate_link_key()
1184 kzfree(smp->link_key); in sc_generate_link_key()
1185 smp->link_key = NULL; in sc_generate_link_key()
1190 static void smp_allow_key_dist(struct smp_chan *smp) in smp_allow_key_dist() argument
1196 if (smp->remote_key_dist & SMP_DIST_ENC_KEY) in smp_allow_key_dist()
1197 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO); in smp_allow_key_dist()
1198 else if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_allow_key_dist()
1199 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); in smp_allow_key_dist()
1200 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_allow_key_dist()
1201 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_allow_key_dist()
1204 static void sc_generate_ltk(struct smp_chan *smp) in sc_generate_ltk() argument
1208 struct hci_conn *hcon = smp->conn->hcon; in sc_generate_ltk()
1219 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_generate_ltk()
1221 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { in sc_generate_ltk()
1225 if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk)) in sc_generate_ltk()
1231 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk)) in sc_generate_ltk()
1235 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk)) in sc_generate_ltk()
1238 sc_add_ltk(smp); in sc_generate_ltk()
1241 static void smp_distribute_keys(struct smp_chan *smp) in smp_distribute_keys() argument
1244 struct l2cap_conn *conn = smp->conn; in smp_distribute_keys()
1251 rsp = (void *) &smp->prsp[1]; in smp_distribute_keys()
1254 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) { in smp_distribute_keys()
1255 smp_allow_key_dist(smp); in smp_distribute_keys()
1259 req = (void *) &smp->preq[1]; in smp_distribute_keys()
1269 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_distribute_keys()
1271 sc_generate_link_key(smp); in smp_distribute_keys()
1273 sc_generate_ltk(smp); in smp_distribute_keys()
1293 get_random_bytes(enc.ltk, smp->enc_key_size); in smp_distribute_keys()
1294 memset(enc.ltk + smp->enc_key_size, 0, in smp_distribute_keys()
1295 sizeof(enc.ltk) - smp->enc_key_size); in smp_distribute_keys()
1305 smp->enc_key_size, ediv, rand); in smp_distribute_keys()
1306 smp->slave_ltk = ltk; in smp_distribute_keys()
1354 smp->slave_csrk = csrk; in smp_distribute_keys()
1362 if (smp->remote_key_dist & KEY_DIST_MASK) { in smp_distribute_keys()
1363 smp_allow_key_dist(smp); in smp_distribute_keys()
1367 set_bit(SMP_FLAG_COMPLETE, &smp->flags); in smp_distribute_keys()
1375 struct smp_chan *smp = container_of(work, struct smp_chan, in smp_timeout() local
1377 struct l2cap_conn *conn = smp->conn; in smp_timeout()
1386 struct l2cap_chan *chan = conn->smp; in smp_chan_create()
1387 struct smp_chan *smp; in smp_chan_create() local
1389 smp = kzalloc(sizeof(*smp), GFP_ATOMIC); in smp_chan_create()
1390 if (!smp) in smp_chan_create()
1393 smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); in smp_chan_create()
1394 if (IS_ERR(smp->tfm_aes)) { in smp_chan_create()
1399 smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0); in smp_chan_create()
1400 if (IS_ERR(smp->tfm_cmac)) { in smp_chan_create()
1405 smp->tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); in smp_chan_create()
1406 if (IS_ERR(smp->tfm_ecdh)) { in smp_chan_create()
1411 smp->conn = conn; in smp_chan_create()
1412 chan->data = smp; in smp_chan_create()
1414 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL); in smp_chan_create()
1416 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout); in smp_chan_create()
1420 return smp; in smp_chan_create()
1423 crypto_free_shash(smp->tfm_cmac); in smp_chan_create()
1425 crypto_free_cipher(smp->tfm_aes); in smp_chan_create()
1427 kzfree(smp); in smp_chan_create()
1431 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16]) in sc_mackey_and_ltk() argument
1433 struct hci_conn *hcon = smp->conn->hcon; in sc_mackey_and_ltk()
1437 na = smp->prnd; in sc_mackey_and_ltk()
1438 nb = smp->rrnd; in sc_mackey_and_ltk()
1440 na = smp->rrnd; in sc_mackey_and_ltk()
1441 nb = smp->prnd; in sc_mackey_and_ltk()
1449 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk); in sc_mackey_and_ltk()
1452 static void sc_dhkey_check(struct smp_chan *smp) in sc_dhkey_check() argument
1454 struct hci_conn *hcon = smp->conn->hcon; in sc_dhkey_check()
1467 memcpy(io_cap, &smp->preq[1], 3); in sc_dhkey_check()
1471 memcpy(io_cap, &smp->prsp[1], 3); in sc_dhkey_check()
1476 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_dhkey_check()
1479 if (smp->method == REQ_OOB) in sc_dhkey_check()
1480 memcpy(r, smp->rr, 16); in sc_dhkey_check()
1482 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap, in sc_dhkey_check()
1485 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check); in sc_dhkey_check()
1488 static u8 sc_passkey_send_confirm(struct smp_chan *smp) in sc_passkey_send_confirm() argument
1490 struct l2cap_conn *conn = smp->conn; in sc_passkey_send_confirm()
1495 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_send_confirm()
1498 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in sc_passkey_send_confirm()
1500 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r, in sc_passkey_send_confirm()
1509 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op) in sc_passkey_round() argument
1511 struct l2cap_conn *conn = smp->conn; in sc_passkey_round()
1517 if (smp->passkey_round >= 20) in sc_passkey_round()
1522 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); in sc_passkey_round()
1525 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in sc_passkey_round()
1526 smp->rrnd, r, cfm)) in sc_passkey_round()
1529 if (crypto_memneq(smp->pcnf, cfm, 16)) in sc_passkey_round()
1532 smp->passkey_round++; in sc_passkey_round()
1534 if (smp->passkey_round == 20) { in sc_passkey_round()
1536 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk)) in sc_passkey_round()
1545 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1546 if (smp->passkey_round == 20) in sc_passkey_round()
1547 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_passkey_round()
1549 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in sc_passkey_round()
1554 if (smp->passkey_round != 20) in sc_passkey_round()
1555 return sc_passkey_round(smp, 0); in sc_passkey_round()
1558 sc_dhkey_check(smp); in sc_passkey_round()
1559 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_passkey_round()
1564 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in sc_passkey_round()
1565 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in sc_passkey_round()
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in sc_passkey_round()
1573 sizeof(smp->prnd), smp->prnd); in sc_passkey_round()
1577 return sc_passkey_send_confirm(smp); in sc_passkey_round()
1586 smp->passkey_round + 1); in sc_passkey_round()
1588 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in sc_passkey_round()
1590 return sc_passkey_send_confirm(smp); in sc_passkey_round()
1596 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey) in sc_user_reply() argument
1598 struct l2cap_conn *conn = smp->conn; in sc_user_reply()
1602 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags); in sc_user_reply()
1606 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED); in sc_user_reply()
1609 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED); in sc_user_reply()
1613 smp->passkey_round = 0; in sc_user_reply()
1615 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) in sc_user_reply()
1620 if (sc_passkey_round(smp, smp_op)) in sc_user_reply()
1628 sc_dhkey_check(smp); in sc_user_reply()
1629 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in sc_user_reply()
1630 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) { in sc_user_reply()
1631 sc_dhkey_check(smp); in sc_user_reply()
1632 sc_add_ltk(smp); in sc_user_reply()
1642 struct smp_chan *smp; in smp_user_confirm_reply() local
1651 chan = conn->smp; in smp_user_confirm_reply()
1661 smp = chan->data; in smp_user_confirm_reply()
1663 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_user_confirm_reply()
1664 err = sc_user_reply(smp, mgmt_op, passkey); in smp_user_confirm_reply()
1671 memset(smp->tk, 0, sizeof(smp->tk)); in smp_user_confirm_reply()
1673 put_unaligned_le32(value, smp->tk); in smp_user_confirm_reply()
1676 set_bit(SMP_FLAG_TK_VALID, &smp->flags); in smp_user_confirm_reply()
1692 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { in smp_user_confirm_reply()
1693 u8 rsp = smp_confirm(smp); in smp_user_confirm_reply()
1703 static void build_bredr_pairing_cmd(struct smp_chan *smp, in build_bredr_pairing_cmd() argument
1707 struct l2cap_conn *conn = smp->conn; in build_bredr_pairing_cmd()
1730 smp->remote_key_dist = remote_dist; in build_bredr_pairing_cmd()
1742 smp->remote_key_dist = rsp->init_key_dist; in build_bredr_pairing_cmd()
1748 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_req()
1750 struct smp_chan *smp; in smp_cmd_pairing_req() local
1763 smp = smp_chan_create(conn); in smp_cmd_pairing_req()
1765 smp = chan->data; in smp_cmd_pairing_req()
1767 if (!smp) in smp_cmd_pairing_req()
1780 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_cmd_pairing_req()
1781 memcpy(&smp->preq[1], req, sizeof(*req)); in smp_cmd_pairing_req()
1789 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_req()
1791 /* SMP over BR/EDR requires special treatment */ in smp_cmd_pairing_req()
1798 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1800 build_bredr_pairing_cmd(smp, req, &rsp); in smp_cmd_pairing_req()
1803 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1810 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1812 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1813 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1816 smp_distribute_keys(smp); in smp_cmd_pairing_req()
1823 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_req()
1826 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_req()
1841 method = get_auth_method(smp, conn->hcon->io_capability, in smp_cmd_pairing_req()
1851 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_req()
1853 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_req()
1854 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); in smp_cmd_pairing_req()
1858 clear_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_cmd_pairing_req()
1865 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_pairing_req()
1867 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_req()
1868 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_pairing_req()
1870 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_req()
1883 static u8 sc_send_public_key(struct smp_chan *smp) in sc_send_public_key() argument
1885 struct hci_dev *hdev = smp->conn->hcon->hdev; in sc_send_public_key()
1889 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in sc_send_public_key()
1898 memcpy(smp->local_pk, smp_dev->local_pk, 64); in sc_send_public_key()
1899 memcpy(smp->lr, smp_dev->local_rand, 16); in sc_send_public_key()
1902 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1909 if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk)) in sc_send_public_key()
1911 memcpy(smp->local_pk, debug_pk, 64); in sc_send_public_key()
1912 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in sc_send_public_key()
1916 if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk)) in sc_send_public_key()
1922 if (crypto_memneq(smp->local_pk, debug_pk, 64)) in sc_send_public_key()
1928 SMP_DBG("Local Public Key X: %32phN", smp->local_pk); in sc_send_public_key()
1929 SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32); in sc_send_public_key()
1931 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); in sc_send_public_key()
1939 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_rsp()
1940 struct smp_chan *smp = chan->data; in smp_cmd_pairing_rsp() local
1955 req = (void *) &smp->preq[1]; in smp_cmd_pairing_rsp()
1971 set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); in smp_cmd_pairing_rsp()
1973 smp->prsp[0] = SMP_CMD_PAIRING_RSP; in smp_cmd_pairing_rsp()
1974 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); in smp_cmd_pairing_rsp()
1979 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
1982 set_bit(SMP_FLAG_CT2, &smp->flags); in smp_cmd_pairing_rsp()
1987 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
1988 smp_distribute_keys(smp); in smp_cmd_pairing_rsp()
1993 set_bit(SMP_FLAG_SC, &smp->flags); in smp_cmd_pairing_rsp()
2001 method = get_auth_method(smp, req->io_capability, in smp_cmd_pairing_rsp()
2007 get_random_bytes(smp->prnd, sizeof(smp->prnd)); in smp_cmd_pairing_rsp()
2012 smp->remote_key_dist &= rsp->resp_key_dist; in smp_cmd_pairing_rsp()
2014 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_rsp()
2016 smp->remote_key_dist &= ~SMP_SC_NO_DIST; in smp_cmd_pairing_rsp()
2017 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_pairing_rsp()
2018 return sc_send_public_key(smp); in smp_cmd_pairing_rsp()
2027 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_rsp()
2030 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_rsp()
2031 return smp_confirm(smp); in smp_cmd_pairing_rsp()
2036 static u8 sc_check_confirm(struct smp_chan *smp) in sc_check_confirm() argument
2038 struct l2cap_conn *conn = smp->conn; in sc_check_confirm()
2042 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in sc_check_confirm()
2043 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM); in sc_check_confirm()
2046 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in sc_check_confirm()
2047 smp->prnd); in sc_check_confirm()
2048 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in sc_check_confirm()
2058 static int fixup_sc_false_positive(struct smp_chan *smp) in fixup_sc_false_positive() argument
2060 struct l2cap_conn *conn = smp->conn; in fixup_sc_false_positive()
2075 bt_dev_err(hdev, "trying to fall back to legacy SMP"); in fixup_sc_false_positive()
2077 req = (void *) &smp->preq[1]; in fixup_sc_false_positive()
2078 rsp = (void *) &smp->prsp[1]; in fixup_sc_false_positive()
2081 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist); in fixup_sc_false_positive()
2086 bt_dev_err(hdev, "failed to fall back to legacy SMP"); in fixup_sc_false_positive()
2090 clear_bit(SMP_FLAG_SC, &smp->flags); in fixup_sc_false_positive()
2097 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_confirm()
2098 struct smp_chan *smp = chan->data; in smp_cmd_pairing_confirm() local
2102 if (skb->len < sizeof(smp->pcnf)) in smp_cmd_pairing_confirm()
2105 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2106 skb_pull(skb, sizeof(smp->pcnf)); in smp_cmd_pairing_confirm()
2108 if (test_bit(SMP_FLAG_SC, &smp->flags)) { in smp_cmd_pairing_confirm()
2112 if (test_bit(SMP_FLAG_REMOTE_PK, &smp->flags)) in smp_cmd_pairing_confirm()
2113 return sc_check_confirm(smp); in smp_cmd_pairing_confirm()
2115 BT_ERR("Unexpected SMP Pairing Confirm"); in smp_cmd_pairing_confirm()
2117 ret = fixup_sc_false_positive(smp); in smp_cmd_pairing_confirm()
2123 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_confirm()
2124 smp->prnd); in smp_cmd_pairing_confirm()
2125 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_pairing_confirm()
2129 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) in smp_cmd_pairing_confirm()
2130 return smp_confirm(smp); in smp_cmd_pairing_confirm()
2132 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); in smp_cmd_pairing_confirm()
2139 struct l2cap_chan *chan = conn->smp; in smp_cmd_pairing_random()
2140 struct smp_chan *smp = chan->data; in smp_cmd_pairing_random() local
2148 if (skb->len < sizeof(smp->rrnd)) in smp_cmd_pairing_random()
2151 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2152 skb_pull(skb, sizeof(smp->rrnd)); in smp_cmd_pairing_random()
2154 if (!test_bit(SMP_FLAG_SC, &smp->flags)) in smp_cmd_pairing_random()
2155 return smp_random(smp); in smp_cmd_pairing_random()
2158 pkax = smp->local_pk; in smp_cmd_pairing_random()
2159 pkbx = smp->remote_pk; in smp_cmd_pairing_random()
2160 na = smp->prnd; in smp_cmd_pairing_random()
2161 nb = smp->rrnd; in smp_cmd_pairing_random()
2163 pkax = smp->remote_pk; in smp_cmd_pairing_random()
2164 pkbx = smp->local_pk; in smp_cmd_pairing_random()
2165 na = smp->rrnd; in smp_cmd_pairing_random()
2166 nb = smp->prnd; in smp_cmd_pairing_random()
2169 if (smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2172 sizeof(smp->prnd), smp->prnd); in smp_cmd_pairing_random()
2173 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2178 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_pairing_random()
2179 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_pairing_random()
2184 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, in smp_cmd_pairing_random()
2185 smp->rrnd, 0, cfm); in smp_cmd_pairing_random()
2189 if (crypto_memneq(smp->pcnf, cfm, 16)) in smp_cmd_pairing_random()
2192 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), in smp_cmd_pairing_random()
2193 smp->prnd); in smp_cmd_pairing_random()
2194 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2199 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk); in smp_cmd_pairing_random()
2203 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) { in smp_cmd_pairing_random()
2205 sc_dhkey_check(smp); in smp_cmd_pairing_random()
2206 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); in smp_cmd_pairing_random()
2211 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey); in smp_cmd_pairing_random()
2220 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_pairing_random()
2278 struct smp_chan *smp; in smp_cmd_security_req() local
2314 smp = smp_chan_create(conn); in smp_cmd_security_req()
2315 if (!smp) in smp_cmd_security_req()
2327 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_cmd_security_req()
2328 memcpy(&smp->preq[1], &cp, sizeof(cp)); in smp_cmd_security_req()
2331 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); in smp_cmd_security_req()
2340 struct smp_chan *smp; in smp_conn_security() local
2363 chan = conn->smp; in smp_conn_security()
2371 /* If SMP is already in progress ignore this request */ in smp_conn_security()
2377 smp = smp_chan_create(conn); in smp_conn_security()
2378 if (!smp) { in smp_conn_security()
2402 smp->preq[0] = SMP_CMD_PAIRING_REQ; in smp_conn_security()
2403 memcpy(&smp->preq[1], &cp, sizeof(cp)); in smp_conn_security()
2406 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); in smp_conn_security()
2411 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ); in smp_conn_security()
2414 set_bit(SMP_FLAG_INITIATOR, &smp->flags); in smp_conn_security()
2428 struct smp_chan *smp; in smp_cancel_and_remove_pairing() local
2442 chan = conn->smp; in smp_cancel_and_remove_pairing()
2448 smp = chan->data; in smp_cancel_and_remove_pairing()
2449 if (smp) { in smp_cancel_and_remove_pairing()
2452 smp->ltk = NULL; in smp_cancel_and_remove_pairing()
2453 smp->slave_ltk = NULL; in smp_cancel_and_remove_pairing()
2454 smp->remote_irk = NULL; in smp_cancel_and_remove_pairing()
2456 if (test_bit(SMP_FLAG_COMPLETE, &smp->flags)) in smp_cancel_and_remove_pairing()
2472 struct l2cap_chan *chan = conn->smp; in smp_cmd_encrypt_info()
2473 struct smp_chan *smp = chan->data; in smp_cmd_encrypt_info() local
2480 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT); in smp_cmd_encrypt_info()
2484 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); in smp_cmd_encrypt_info()
2492 struct l2cap_chan *chan = conn->smp; in smp_cmd_master_ident()
2493 struct smp_chan *smp = chan->data; in smp_cmd_master_ident() local
2505 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; in smp_cmd_master_ident()
2507 if (smp->remote_key_dist & SMP_DIST_ID_KEY) in smp_cmd_master_ident()
2508 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); in smp_cmd_master_ident()
2509 else if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_master_ident()
2510 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_cmd_master_ident()
2516 authenticated, smp->tk, smp->enc_key_size, in smp_cmd_master_ident()
2518 smp->ltk = ltk; in smp_cmd_master_ident()
2519 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_master_ident()
2520 smp_distribute_keys(smp); in smp_cmd_master_ident()
2528 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_info()
2529 struct smp_chan *smp = chan->data; in smp_cmd_ident_info() local
2536 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO); in smp_cmd_ident_info()
2540 memcpy(smp->irk, info->irk, 16); in smp_cmd_ident_info()
2549 struct l2cap_chan *chan = conn->smp; in smp_cmd_ident_addr_info()
2550 struct smp_chan *smp = chan->data; in smp_cmd_ident_addr_info() local
2560 smp->remote_key_dist &= ~SMP_DIST_ID_KEY; in smp_cmd_ident_addr_info()
2562 if (smp->remote_key_dist & SMP_DIST_SIGN) in smp_cmd_ident_addr_info()
2563 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); in smp_cmd_ident_addr_info()
2596 bacpy(&smp->id_addr, &info->bdaddr); in smp_cmd_ident_addr_info()
2597 smp->id_addr_type = info->addr_type; in smp_cmd_ident_addr_info()
2604 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, in smp_cmd_ident_addr_info()
2605 smp->id_addr_type, smp->irk, &rpa); in smp_cmd_ident_addr_info()
2608 if (!(smp->remote_key_dist & KEY_DIST_MASK)) in smp_cmd_ident_addr_info()
2609 smp_distribute_keys(smp); in smp_cmd_ident_addr_info()
2617 struct l2cap_chan *chan = conn->smp; in smp_cmd_sign_info()
2618 struct smp_chan *smp = chan->data; in smp_cmd_sign_info() local
2627 smp->remote_key_dist &= ~SMP_DIST_SIGN; in smp_cmd_sign_info()
2639 smp->csrk = csrk; in smp_cmd_sign_info()
2640 smp_distribute_keys(smp); in smp_cmd_sign_info()
2645 static u8 sc_select_method(struct smp_chan *smp) in sc_select_method() argument
2647 struct l2cap_conn *conn = smp->conn; in sc_select_method()
2652 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags) || in sc_select_method()
2653 test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) in sc_select_method()
2662 local = (void *) &smp->preq[1]; in sc_select_method()
2663 remote = (void *) &smp->prsp[1]; in sc_select_method()
2665 local = (void *) &smp->prsp[1]; in sc_select_method()
2666 remote = (void *) &smp->preq[1]; in sc_select_method()
2679 method = get_auth_method(smp, local_io, remote_io); in sc_select_method()
2684 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) in sc_select_method()
2694 struct l2cap_chan *chan = conn->smp; in smp_cmd_public_key()
2695 struct smp_chan *smp = chan->data; in smp_cmd_public_key() local
2709 if (!test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags) && in smp_cmd_public_key()
2710 !crypto_memneq(key, smp->local_pk, 64)) { in smp_cmd_public_key()
2715 memcpy(smp->remote_pk, key, 64); in smp_cmd_public_key()
2717 if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) { in smp_cmd_public_key()
2718 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk, in smp_cmd_public_key()
2719 smp->rr, 0, cfm.confirm_val); in smp_cmd_public_key()
2723 if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16)) in smp_cmd_public_key()
2731 err = sc_send_public_key(smp); in smp_cmd_public_key()
2736 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk); in smp_cmd_public_key()
2737 SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32); in smp_cmd_public_key()
2742 if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { in smp_cmd_public_key()
2753 tfm_ecdh = smp->tfm_ecdh; in smp_cmd_public_key()
2756 if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey)) in smp_cmd_public_key()
2759 SMP_DBG("DHKey %32phN", smp->dhkey); in smp_cmd_public_key()
2761 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags); in smp_cmd_public_key()
2763 smp->method = sc_select_method(smp); in smp_cmd_public_key()
2765 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method); in smp_cmd_public_key()
2768 if (smp->method == JUST_WORKS || smp->method == JUST_CFM) in smp_cmd_public_key()
2773 if (!crypto_memneq(debug_pk, smp->remote_pk, 64)) in smp_cmd_public_key()
2774 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); in smp_cmd_public_key()
2776 if (smp->method == DSP_PASSKEY) { in smp_cmd_public_key()
2781 smp->passkey_round = 0; in smp_cmd_public_key()
2787 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2788 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY); in smp_cmd_public_key()
2791 if (smp->method == REQ_OOB) { in smp_cmd_public_key()
2794 sizeof(smp->prnd), smp->prnd); in smp_cmd_public_key()
2796 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_public_key()
2802 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2804 if (smp->method == REQ_PASSKEY) { in smp_cmd_public_key()
2808 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); in smp_cmd_public_key()
2809 set_bit(SMP_FLAG_WAIT_USER, &smp->flags); in smp_cmd_public_key()
2819 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, in smp_cmd_public_key()
2825 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); in smp_cmd_public_key()
2833 struct l2cap_chan *chan = conn->smp; in smp_cmd_dhkey_check()
2835 struct smp_chan *smp = chan->data; in smp_cmd_dhkey_check() local
2853 memcpy(io_cap, &smp->prsp[1], 3); in smp_cmd_dhkey_check()
2857 memcpy(io_cap, &smp->preq[1], 3); in smp_cmd_dhkey_check()
2862 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) in smp_cmd_dhkey_check()
2864 else if (smp->method == REQ_OOB) in smp_cmd_dhkey_check()
2865 memcpy(r, smp->lr, 16); in smp_cmd_dhkey_check()
2867 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, in smp_cmd_dhkey_check()
2876 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { in smp_cmd_dhkey_check()
2877 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags); in smp_cmd_dhkey_check()
2882 sc_dhkey_check(smp); in smp_cmd_dhkey_check()
2885 sc_add_ltk(smp); in smp_cmd_dhkey_check()
2888 hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size); in smp_cmd_dhkey_check()
2889 hcon->enc_key_size = smp->enc_key_size; in smp_cmd_dhkey_check()
2909 struct smp_chan *smp; in smp_sig_channel() local
2924 smp = chan->data; in smp_sig_channel()
2929 if (smp && !test_and_clear_bit(code, &smp->allow_cmd)) in smp_sig_channel()
2935 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ) in smp_sig_channel()
3012 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR", in smp_sig_channel()
3027 conn->smp = NULL; in smp_teardown_cb()
3037 struct smp_chan *smp; in bredr_pairing() local
3049 /* Only master may initiate SMP over BR/EDR */ in bredr_pairing()
3057 /* BR/EDR must use Secure Connections for SMP */ in bredr_pairing()
3070 /* Remote must support SMP fixed chan for BR/EDR */ in bredr_pairing()
3074 /* Don't bother if SMP is already ongoing */ in bredr_pairing()
3078 smp = smp_chan_create(conn); in bredr_pairing()
3079 if (!smp) { in bredr_pairing()
3080 bt_dev_err(hdev, "unable to create SMP context for BR/EDR"); in bredr_pairing()
3084 set_bit(SMP_FLAG_SC, &smp->flags); in bredr_pairing()
3086 BT_DBG("%s starting SMP over BR/EDR", hdev->name); in bredr_pairing()
3088 /* Prepare and send the BR/EDR SMP Pairing Request */ in bredr_pairing()
3089 build_bredr_pairing_cmd(smp, &req, NULL); in bredr_pairing()
3091 smp->preq[0] = SMP_CMD_PAIRING_REQ; in bredr_pairing()
3092 memcpy(&smp->preq[1], &req, sizeof(req)); in bredr_pairing()
3095 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); in bredr_pairing()
3100 struct smp_chan *smp = chan->data; in smp_resume_cb() local
3111 if (!smp) in smp_resume_cb()
3117 cancel_delayed_work(&smp->security_timer); in smp_resume_cb()
3119 smp_distribute_keys(smp); in smp_resume_cb()
3135 conn->smp = chan; in smp_ready_cb()
3149 struct smp_chan *smp = chan->data; in smp_recv_cb() local
3151 if (smp) in smp_recv_cb()
3152 cancel_delayed_work_sync(&smp->security_timer); in smp_recv_cb()
3211 /* Other L2CAP channels may request SMP routines in order to in smp_new_conn_cb()
3212 * change the security level. This means that the SMP channel in smp_new_conn_cb()
3244 struct smp_dev *smp; in smp_add_cid() local
3250 smp = NULL; in smp_add_cid()
3254 smp = kzalloc(sizeof(*smp), GFP_KERNEL); in smp_add_cid()
3255 if (!smp) in smp_add_cid()
3261 kzfree(smp); in smp_add_cid()
3269 kzfree(smp); in smp_add_cid()
3278 kzfree(smp); in smp_add_cid()
3282 smp->local_oob = false; in smp_add_cid()
3283 smp->tfm_aes = tfm_aes; in smp_add_cid()
3284 smp->tfm_cmac = tfm_cmac; in smp_add_cid()
3285 smp->tfm_ecdh = tfm_ecdh; in smp_add_cid()
3290 if (smp) { in smp_add_cid()
3291 crypto_free_cipher(smp->tfm_aes); in smp_add_cid()
3292 crypto_free_shash(smp->tfm_cmac); in smp_add_cid()
3293 crypto_free_kpp(smp->tfm_ecdh); in smp_add_cid()
3294 kzfree(smp); in smp_add_cid()
3299 chan->data = smp; in smp_add_cid()
3332 struct smp_dev *smp; in smp_del_chan() local
3336 smp = chan->data; in smp_del_chan()
3337 if (smp) { in smp_del_chan()
3339 crypto_free_cipher(smp->tfm_aes); in smp_del_chan()
3340 crypto_free_shash(smp->tfm_cmac); in smp_del_chan()
3341 crypto_free_kpp(smp->tfm_ecdh); in smp_del_chan()
3342 kzfree(smp); in smp_del_chan()
3499 * there is also no need to register any SMP channel. in smp_register()
3522 * feature, then the BR/EDR SMP channel shall not be present. in smp_register()
3525 * switch that allows forcing BR/EDR SMP support and accepting in smp_register()
3909 BT_INFO("SMP test passed in %llu usecs", duration); in run_selftests()