xref: /openbmc/linux/net/bluetooth/smp.c (revision c819e2cf)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26 
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31 
32 #include "ecc.h"
33 #include "smp.h"
34 
35 /* Low-level debug macros to be used for stuff that we don't want
36  * accidentially in dmesg, i.e. the values of the various crypto keys
37  * and the inputs & outputs of crypto functions.
38  */
39 #ifdef DEBUG
40 #define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
41 				 ##__VA_ARGS__)
42 #else
43 #define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
44 				    ##__VA_ARGS__)
45 #endif
46 
47 #define SMP_ALLOW_CMD(smp, code)	set_bit(code, &smp->allow_cmd)
48 
49 /* Keys which are not distributed with Secure Connections */
50 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
51 
52 #define SMP_TIMEOUT	msecs_to_jiffies(30000)
53 
54 #define AUTH_REQ_MASK(dev)	(test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
55 				 0x1f : 0x07)
56 #define KEY_DIST_MASK		0x07
57 
58 /* Maximum message length that can be passed to aes_cmac */
59 #define CMAC_MSG_MAX	80
60 
61 enum {
62 	SMP_FLAG_TK_VALID,
63 	SMP_FLAG_CFM_PENDING,
64 	SMP_FLAG_MITM_AUTH,
65 	SMP_FLAG_COMPLETE,
66 	SMP_FLAG_INITIATOR,
67 	SMP_FLAG_SC,
68 	SMP_FLAG_REMOTE_PK,
69 	SMP_FLAG_DEBUG_KEY,
70 	SMP_FLAG_WAIT_USER,
71 	SMP_FLAG_DHKEY_PENDING,
72 	SMP_FLAG_OOB,
73 };
74 
75 struct smp_chan {
76 	struct l2cap_conn	*conn;
77 	struct delayed_work	security_timer;
78 	unsigned long           allow_cmd; /* Bitmask of allowed commands */
79 
80 	u8		preq[7]; /* SMP Pairing Request */
81 	u8		prsp[7]; /* SMP Pairing Response */
82 	u8		prnd[16]; /* SMP Pairing Random (local) */
83 	u8		rrnd[16]; /* SMP Pairing Random (remote) */
84 	u8		pcnf[16]; /* SMP Pairing Confirm */
85 	u8		tk[16]; /* SMP Temporary Key */
86 	u8		rr[16];
87 	u8		enc_key_size;
88 	u8		remote_key_dist;
89 	bdaddr_t	id_addr;
90 	u8		id_addr_type;
91 	u8		irk[16];
92 	struct smp_csrk	*csrk;
93 	struct smp_csrk	*slave_csrk;
94 	struct smp_ltk	*ltk;
95 	struct smp_ltk	*slave_ltk;
96 	struct smp_irk	*remote_irk;
97 	u8		*link_key;
98 	unsigned long	flags;
99 	u8		method;
100 	u8		passkey_round;
101 
102 	/* Secure Connections variables */
103 	u8			local_pk[64];
104 	u8			local_sk[32];
105 	u8			remote_pk[64];
106 	u8			dhkey[32];
107 	u8			mackey[16];
108 
109 	struct crypto_blkcipher	*tfm_aes;
110 	struct crypto_hash	*tfm_cmac;
111 };
112 
113 /* These debug key values are defined in the SMP section of the core
114  * specification. debug_pk is the public debug key and debug_sk the
115  * private debug key.
116  */
117 static const u8 debug_pk[64] = {
118 		0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 		0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 		0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 		0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
122 
123 		0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 		0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 		0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 		0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
127 };
128 
129 static const u8 debug_sk[32] = {
130 		0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 		0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 		0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 		0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
134 };
135 
136 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
137 {
138 	size_t i;
139 
140 	for (i = 0; i < len; i++)
141 		dst[len - 1 - i] = src[i];
142 }
143 
144 /* The following functions map to the LE SC SMP crypto functions
145  * AES-CMAC, f4, f5, f6, g2 and h6.
146  */
147 
148 static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
149 		    size_t len, u8 mac[16])
150 {
151 	uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
152 	struct hash_desc desc;
153 	struct scatterlist sg;
154 	int err;
155 
156 	if (len > CMAC_MSG_MAX)
157 		return -EFBIG;
158 
159 	if (!tfm) {
160 		BT_ERR("tfm %p", tfm);
161 		return -EINVAL;
162 	}
163 
164 	desc.tfm = tfm;
165 	desc.flags = 0;
166 
167 	crypto_hash_init(&desc);
168 
169 	/* Swap key and message from LSB to MSB */
170 	swap_buf(k, tmp, 16);
171 	swap_buf(m, msg_msb, len);
172 
173 	SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
174 	SMP_DBG("key %16phN", k);
175 
176 	err = crypto_hash_setkey(tfm, tmp, 16);
177 	if (err) {
178 		BT_ERR("cipher setkey failed: %d", err);
179 		return err;
180 	}
181 
182 	sg_init_one(&sg, msg_msb, len);
183 
184 	err = crypto_hash_update(&desc, &sg, len);
185 	if (err) {
186 		BT_ERR("Hash update error %d", err);
187 		return err;
188 	}
189 
190 	err = crypto_hash_final(&desc, mac_msb);
191 	if (err) {
192 		BT_ERR("Hash final error %d", err);
193 		return err;
194 	}
195 
196 	swap_buf(mac_msb, mac, 16);
197 
198 	SMP_DBG("mac %16phN", mac);
199 
200 	return 0;
201 }
202 
203 static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
204 		  const u8 x[16], u8 z, u8 res[16])
205 {
206 	u8 m[65];
207 	int err;
208 
209 	SMP_DBG("u %32phN", u);
210 	SMP_DBG("v %32phN", v);
211 	SMP_DBG("x %16phN z %02x", x, z);
212 
213 	m[0] = z;
214 	memcpy(m + 1, v, 32);
215 	memcpy(m + 33, u, 32);
216 
217 	err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
218 	if (err)
219 		return err;
220 
221 	SMP_DBG("res %16phN", res);
222 
223 	return err;
224 }
225 
226 static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
227 		  u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
228 {
229 	/* The btle, salt and length "magic" values are as defined in
230 	 * the SMP section of the Bluetooth core specification. In ASCII
231 	 * the btle value ends up being 'btle'. The salt is just a
232 	 * random number whereas length is the value 256 in little
233 	 * endian format.
234 	 */
235 	const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
236 	const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
237 			      0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
238 	const u8 length[2] = { 0x00, 0x01 };
239 	u8 m[53], t[16];
240 	int err;
241 
242 	SMP_DBG("w %32phN", w);
243 	SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
244 	SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
245 
246 	err = aes_cmac(tfm_cmac, salt, w, 32, t);
247 	if (err)
248 		return err;
249 
250 	SMP_DBG("t %16phN", t);
251 
252 	memcpy(m, length, 2);
253 	memcpy(m + 2, a2, 7);
254 	memcpy(m + 9, a1, 7);
255 	memcpy(m + 16, n2, 16);
256 	memcpy(m + 32, n1, 16);
257 	memcpy(m + 48, btle, 4);
258 
259 	m[52] = 0; /* Counter */
260 
261 	err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
262 	if (err)
263 		return err;
264 
265 	SMP_DBG("mackey %16phN", mackey);
266 
267 	m[52] = 1; /* Counter */
268 
269 	err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
270 	if (err)
271 		return err;
272 
273 	SMP_DBG("ltk %16phN", ltk);
274 
275 	return 0;
276 }
277 
278 static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
279 		  const u8 n1[16], u8 n2[16], const u8 r[16],
280 		  const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
281 		  u8 res[16])
282 {
283 	u8 m[65];
284 	int err;
285 
286 	SMP_DBG("w %16phN", w);
287 	SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
288 	SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
289 
290 	memcpy(m, a2, 7);
291 	memcpy(m + 7, a1, 7);
292 	memcpy(m + 14, io_cap, 3);
293 	memcpy(m + 17, r, 16);
294 	memcpy(m + 33, n2, 16);
295 	memcpy(m + 49, n1, 16);
296 
297 	err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
298 	if (err)
299 		return err;
300 
301 	BT_DBG("res %16phN", res);
302 
303 	return err;
304 }
305 
306 static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
307 		  const u8 x[16], const u8 y[16], u32 *val)
308 {
309 	u8 m[80], tmp[16];
310 	int err;
311 
312 	SMP_DBG("u %32phN", u);
313 	SMP_DBG("v %32phN", v);
314 	SMP_DBG("x %16phN y %16phN", x, y);
315 
316 	memcpy(m, y, 16);
317 	memcpy(m + 16, v, 32);
318 	memcpy(m + 48, u, 32);
319 
320 	err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
321 	if (err)
322 		return err;
323 
324 	*val = get_unaligned_le32(tmp);
325 	*val %= 1000000;
326 
327 	SMP_DBG("val %06u", *val);
328 
329 	return 0;
330 }
331 
332 static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
333 		  const u8 key_id[4], u8 res[16])
334 {
335 	int err;
336 
337 	SMP_DBG("w %16phN key_id %4phN", w, key_id);
338 
339 	err = aes_cmac(tfm_cmac, w, key_id, 4, res);
340 	if (err)
341 		return err;
342 
343 	SMP_DBG("res %16phN", res);
344 
345 	return err;
346 }
347 
348 /* The following functions map to the legacy SMP crypto functions e, c1,
349  * s1 and ah.
350  */
351 
352 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
353 {
354 	struct blkcipher_desc desc;
355 	struct scatterlist sg;
356 	uint8_t tmp[16], data[16];
357 	int err;
358 
359 	if (!tfm) {
360 		BT_ERR("tfm %p", tfm);
361 		return -EINVAL;
362 	}
363 
364 	desc.tfm = tfm;
365 	desc.flags = 0;
366 
367 	/* The most significant octet of key corresponds to k[0] */
368 	swap_buf(k, tmp, 16);
369 
370 	err = crypto_blkcipher_setkey(tfm, tmp, 16);
371 	if (err) {
372 		BT_ERR("cipher setkey failed: %d", err);
373 		return err;
374 	}
375 
376 	/* Most significant octet of plaintextData corresponds to data[0] */
377 	swap_buf(r, data, 16);
378 
379 	sg_init_one(&sg, data, 16);
380 
381 	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
382 	if (err)
383 		BT_ERR("Encrypt data error %d", err);
384 
385 	/* Most significant octet of encryptedData corresponds to data[0] */
386 	swap_buf(data, r, 16);
387 
388 	return err;
389 }
390 
391 static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
392 		  const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
393 		  const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
394 {
395 	u8 p1[16], p2[16];
396 	int err;
397 
398 	memset(p1, 0, 16);
399 
400 	/* p1 = pres || preq || _rat || _iat */
401 	p1[0] = _iat;
402 	p1[1] = _rat;
403 	memcpy(p1 + 2, preq, 7);
404 	memcpy(p1 + 9, pres, 7);
405 
406 	/* p2 = padding || ia || ra */
407 	memcpy(p2, ra, 6);
408 	memcpy(p2 + 6, ia, 6);
409 	memset(p2 + 12, 0, 4);
410 
411 	/* res = r XOR p1 */
412 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
413 
414 	/* res = e(k, res) */
415 	err = smp_e(tfm_aes, k, res);
416 	if (err) {
417 		BT_ERR("Encrypt data error");
418 		return err;
419 	}
420 
421 	/* res = res XOR p2 */
422 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
423 
424 	/* res = e(k, res) */
425 	err = smp_e(tfm_aes, k, res);
426 	if (err)
427 		BT_ERR("Encrypt data error");
428 
429 	return err;
430 }
431 
432 static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
433 		  const u8 r1[16], const u8 r2[16], u8 _r[16])
434 {
435 	int err;
436 
437 	/* Just least significant octets from r1 and r2 are considered */
438 	memcpy(_r, r2, 8);
439 	memcpy(_r + 8, r1, 8);
440 
441 	err = smp_e(tfm_aes, k, _r);
442 	if (err)
443 		BT_ERR("Encrypt data error");
444 
445 	return err;
446 }
447 
448 static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
449 		  const u8 r[3], u8 res[3])
450 {
451 	u8 _res[16];
452 	int err;
453 
454 	/* r' = padding || r */
455 	memcpy(_res, r, 3);
456 	memset(_res + 3, 0, 13);
457 
458 	err = smp_e(tfm, irk, _res);
459 	if (err) {
460 		BT_ERR("Encrypt error");
461 		return err;
462 	}
463 
464 	/* The output of the random address function ah is:
465 	 *	ah(h, r) = e(k, r') mod 2^24
466 	 * The output of the security function e is then truncated to 24 bits
467 	 * by taking the least significant 24 bits of the output of e as the
468 	 * result of ah.
469 	 */
470 	memcpy(res, _res, 3);
471 
472 	return 0;
473 }
474 
475 bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
476 		     const bdaddr_t *bdaddr)
477 {
478 	struct l2cap_chan *chan = hdev->smp_data;
479 	struct crypto_blkcipher *tfm;
480 	u8 hash[3];
481 	int err;
482 
483 	if (!chan || !chan->data)
484 		return false;
485 
486 	tfm = chan->data;
487 
488 	BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
489 
490 	err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
491 	if (err)
492 		return false;
493 
494 	return !memcmp(bdaddr->b, hash, 3);
495 }
496 
497 int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
498 {
499 	struct l2cap_chan *chan = hdev->smp_data;
500 	struct crypto_blkcipher *tfm;
501 	int err;
502 
503 	if (!chan || !chan->data)
504 		return -EOPNOTSUPP;
505 
506 	tfm = chan->data;
507 
508 	get_random_bytes(&rpa->b[3], 3);
509 
510 	rpa->b[5] &= 0x3f;	/* Clear two most significant bits */
511 	rpa->b[5] |= 0x40;	/* Set second most significant bit */
512 
513 	err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
514 	if (err < 0)
515 		return err;
516 
517 	BT_DBG("RPA %pMR", rpa);
518 
519 	return 0;
520 }
521 
522 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
523 {
524 	struct l2cap_chan *chan = conn->smp;
525 	struct smp_chan *smp;
526 	struct kvec iv[2];
527 	struct msghdr msg;
528 
529 	if (!chan)
530 		return;
531 
532 	BT_DBG("code 0x%2.2x", code);
533 
534 	iv[0].iov_base = &code;
535 	iv[0].iov_len = 1;
536 
537 	iv[1].iov_base = data;
538 	iv[1].iov_len = len;
539 
540 	memset(&msg, 0, sizeof(msg));
541 
542 	iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
543 
544 	l2cap_chan_send(chan, &msg, 1 + len);
545 
546 	if (!chan->data)
547 		return;
548 
549 	smp = chan->data;
550 
551 	cancel_delayed_work_sync(&smp->security_timer);
552 	schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
553 }
554 
555 static u8 authreq_to_seclevel(u8 authreq)
556 {
557 	if (authreq & SMP_AUTH_MITM) {
558 		if (authreq & SMP_AUTH_SC)
559 			return BT_SECURITY_FIPS;
560 		else
561 			return BT_SECURITY_HIGH;
562 	} else {
563 		return BT_SECURITY_MEDIUM;
564 	}
565 }
566 
567 static __u8 seclevel_to_authreq(__u8 sec_level)
568 {
569 	switch (sec_level) {
570 	case BT_SECURITY_FIPS:
571 	case BT_SECURITY_HIGH:
572 		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
573 	case BT_SECURITY_MEDIUM:
574 		return SMP_AUTH_BONDING;
575 	default:
576 		return SMP_AUTH_NONE;
577 	}
578 }
579 
580 static void build_pairing_cmd(struct l2cap_conn *conn,
581 			      struct smp_cmd_pairing *req,
582 			      struct smp_cmd_pairing *rsp, __u8 authreq)
583 {
584 	struct l2cap_chan *chan = conn->smp;
585 	struct smp_chan *smp = chan->data;
586 	struct hci_conn *hcon = conn->hcon;
587 	struct hci_dev *hdev = hcon->hdev;
588 	u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
589 
590 	if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
591 		local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
592 		remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
593 		authreq |= SMP_AUTH_BONDING;
594 	} else {
595 		authreq &= ~SMP_AUTH_BONDING;
596 	}
597 
598 	if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
599 		remote_dist |= SMP_DIST_ID_KEY;
600 
601 	if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
602 		local_dist |= SMP_DIST_ID_KEY;
603 
604 	if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
605 	    (authreq & SMP_AUTH_SC)) {
606 		struct oob_data *oob_data;
607 		u8 bdaddr_type;
608 
609 		if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
610 			local_dist |= SMP_DIST_LINK_KEY;
611 			remote_dist |= SMP_DIST_LINK_KEY;
612 		}
613 
614 		if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
615 			bdaddr_type = BDADDR_LE_PUBLIC;
616 		else
617 			bdaddr_type = BDADDR_LE_RANDOM;
618 
619 		oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
620 						    bdaddr_type);
621 		if (oob_data) {
622 			set_bit(SMP_FLAG_OOB, &smp->flags);
623 			oob_flag = SMP_OOB_PRESENT;
624 			memcpy(smp->rr, oob_data->rand256, 16);
625 			memcpy(smp->pcnf, oob_data->hash256, 16);
626 		}
627 
628 	} else {
629 		authreq &= ~SMP_AUTH_SC;
630 	}
631 
632 	if (rsp == NULL) {
633 		req->io_capability = conn->hcon->io_capability;
634 		req->oob_flag = oob_flag;
635 		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
636 		req->init_key_dist = local_dist;
637 		req->resp_key_dist = remote_dist;
638 		req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
639 
640 		smp->remote_key_dist = remote_dist;
641 		return;
642 	}
643 
644 	rsp->io_capability = conn->hcon->io_capability;
645 	rsp->oob_flag = oob_flag;
646 	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
647 	rsp->init_key_dist = req->init_key_dist & remote_dist;
648 	rsp->resp_key_dist = req->resp_key_dist & local_dist;
649 	rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
650 
651 	smp->remote_key_dist = rsp->init_key_dist;
652 }
653 
654 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
655 {
656 	struct l2cap_chan *chan = conn->smp;
657 	struct smp_chan *smp = chan->data;
658 
659 	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
660 	    (max_key_size < SMP_MIN_ENC_KEY_SIZE))
661 		return SMP_ENC_KEY_SIZE;
662 
663 	smp->enc_key_size = max_key_size;
664 
665 	return 0;
666 }
667 
668 static void smp_chan_destroy(struct l2cap_conn *conn)
669 {
670 	struct l2cap_chan *chan = conn->smp;
671 	struct smp_chan *smp = chan->data;
672 	struct hci_conn *hcon = conn->hcon;
673 	bool complete;
674 
675 	BUG_ON(!smp);
676 
677 	cancel_delayed_work_sync(&smp->security_timer);
678 
679 	complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
680 	mgmt_smp_complete(hcon, complete);
681 
682 	kfree(smp->csrk);
683 	kfree(smp->slave_csrk);
684 	kfree(smp->link_key);
685 
686 	crypto_free_blkcipher(smp->tfm_aes);
687 	crypto_free_hash(smp->tfm_cmac);
688 
689 	/* Ensure that we don't leave any debug key around if debug key
690 	 * support hasn't been explicitly enabled.
691 	 */
692 	if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
693 	    !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
694 		list_del_rcu(&smp->ltk->list);
695 		kfree_rcu(smp->ltk, rcu);
696 		smp->ltk = NULL;
697 	}
698 
699 	/* If pairing failed clean up any keys we might have */
700 	if (!complete) {
701 		if (smp->ltk) {
702 			list_del_rcu(&smp->ltk->list);
703 			kfree_rcu(smp->ltk, rcu);
704 		}
705 
706 		if (smp->slave_ltk) {
707 			list_del_rcu(&smp->slave_ltk->list);
708 			kfree_rcu(smp->slave_ltk, rcu);
709 		}
710 
711 		if (smp->remote_irk) {
712 			list_del_rcu(&smp->remote_irk->list);
713 			kfree_rcu(smp->remote_irk, rcu);
714 		}
715 	}
716 
717 	chan->data = NULL;
718 	kfree(smp);
719 	hci_conn_drop(hcon);
720 }
721 
722 static void smp_failure(struct l2cap_conn *conn, u8 reason)
723 {
724 	struct hci_conn *hcon = conn->hcon;
725 	struct l2cap_chan *chan = conn->smp;
726 
727 	if (reason)
728 		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
729 			     &reason);
730 
731 	clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
732 	mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
733 
734 	if (chan->data)
735 		smp_chan_destroy(conn);
736 }
737 
738 #define JUST_WORKS	0x00
739 #define JUST_CFM	0x01
740 #define REQ_PASSKEY	0x02
741 #define CFM_PASSKEY	0x03
742 #define REQ_OOB		0x04
743 #define DSP_PASSKEY	0x05
744 #define OVERLAP		0xFF
745 
746 static const u8 gen_method[5][5] = {
747 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
748 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
749 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
750 	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
751 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
752 };
753 
754 static const u8 sc_method[5][5] = {
755 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
756 	{ JUST_WORKS,  CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
757 	{ DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
758 	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
759 	{ DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
760 };
761 
762 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
763 {
764 	/* If either side has unknown io_caps, use JUST_CFM (which gets
765 	 * converted later to JUST_WORKS if we're initiators.
766 	 */
767 	if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
768 	    remote_io > SMP_IO_KEYBOARD_DISPLAY)
769 		return JUST_CFM;
770 
771 	if (test_bit(SMP_FLAG_SC, &smp->flags))
772 		return sc_method[remote_io][local_io];
773 
774 	return gen_method[remote_io][local_io];
775 }
776 
777 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
778 						u8 local_io, u8 remote_io)
779 {
780 	struct hci_conn *hcon = conn->hcon;
781 	struct l2cap_chan *chan = conn->smp;
782 	struct smp_chan *smp = chan->data;
783 	u32 passkey = 0;
784 	int ret = 0;
785 
786 	/* Initialize key for JUST WORKS */
787 	memset(smp->tk, 0, sizeof(smp->tk));
788 	clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
789 
790 	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
791 
792 	/* If neither side wants MITM, either "just" confirm an incoming
793 	 * request or use just-works for outgoing ones. The JUST_CFM
794 	 * will be converted to JUST_WORKS if necessary later in this
795 	 * function. If either side has MITM look up the method from the
796 	 * table.
797 	 */
798 	if (!(auth & SMP_AUTH_MITM))
799 		smp->method = JUST_CFM;
800 	else
801 		smp->method = get_auth_method(smp, local_io, remote_io);
802 
803 	/* Don't confirm locally initiated pairing attempts */
804 	if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
805 						&smp->flags))
806 		smp->method = JUST_WORKS;
807 
808 	/* Don't bother user space with no IO capabilities */
809 	if (smp->method == JUST_CFM &&
810 	    hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
811 		smp->method = JUST_WORKS;
812 
813 	/* If Just Works, Continue with Zero TK */
814 	if (smp->method == JUST_WORKS) {
815 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
816 		return 0;
817 	}
818 
819 	/* Not Just Works/Confirm results in MITM Authentication */
820 	if (smp->method != JUST_CFM) {
821 		set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
822 		if (hcon->pending_sec_level < BT_SECURITY_HIGH)
823 			hcon->pending_sec_level = BT_SECURITY_HIGH;
824 	}
825 
826 	/* If both devices have Keyoard-Display I/O, the master
827 	 * Confirms and the slave Enters the passkey.
828 	 */
829 	if (smp->method == OVERLAP) {
830 		if (hcon->role == HCI_ROLE_MASTER)
831 			smp->method = CFM_PASSKEY;
832 		else
833 			smp->method = REQ_PASSKEY;
834 	}
835 
836 	/* Generate random passkey. */
837 	if (smp->method == CFM_PASSKEY) {
838 		memset(smp->tk, 0, sizeof(smp->tk));
839 		get_random_bytes(&passkey, sizeof(passkey));
840 		passkey %= 1000000;
841 		put_unaligned_le32(passkey, smp->tk);
842 		BT_DBG("PassKey: %d", passkey);
843 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
844 	}
845 
846 	if (smp->method == REQ_PASSKEY)
847 		ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
848 						hcon->type, hcon->dst_type);
849 	else if (smp->method == JUST_CFM)
850 		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
851 						hcon->type, hcon->dst_type,
852 						passkey, 1);
853 	else
854 		ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
855 						hcon->type, hcon->dst_type,
856 						passkey, 0);
857 
858 	return ret;
859 }
860 
861 static u8 smp_confirm(struct smp_chan *smp)
862 {
863 	struct l2cap_conn *conn = smp->conn;
864 	struct smp_cmd_pairing_confirm cp;
865 	int ret;
866 
867 	BT_DBG("conn %p", conn);
868 
869 	ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
870 		     conn->hcon->init_addr_type, &conn->hcon->init_addr,
871 		     conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
872 		     cp.confirm_val);
873 	if (ret)
874 		return SMP_UNSPECIFIED;
875 
876 	clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
877 
878 	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
879 
880 	if (conn->hcon->out)
881 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
882 	else
883 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
884 
885 	return 0;
886 }
887 
888 static u8 smp_random(struct smp_chan *smp)
889 {
890 	struct l2cap_conn *conn = smp->conn;
891 	struct hci_conn *hcon = conn->hcon;
892 	u8 confirm[16];
893 	int ret;
894 
895 	if (IS_ERR_OR_NULL(smp->tfm_aes))
896 		return SMP_UNSPECIFIED;
897 
898 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
899 
900 	ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
901 		     hcon->init_addr_type, &hcon->init_addr,
902 		     hcon->resp_addr_type, &hcon->resp_addr, confirm);
903 	if (ret)
904 		return SMP_UNSPECIFIED;
905 
906 	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
907 		BT_ERR("Pairing failed (confirmation values mismatch)");
908 		return SMP_CONFIRM_FAILED;
909 	}
910 
911 	if (hcon->out) {
912 		u8 stk[16];
913 		__le64 rand = 0;
914 		__le16 ediv = 0;
915 
916 		smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
917 
918 		memset(stk + smp->enc_key_size, 0,
919 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
920 
921 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
922 			return SMP_UNSPECIFIED;
923 
924 		hci_le_start_enc(hcon, ediv, rand, stk);
925 		hcon->enc_key_size = smp->enc_key_size;
926 		set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
927 	} else {
928 		u8 stk[16], auth;
929 		__le64 rand = 0;
930 		__le16 ediv = 0;
931 
932 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
933 			     smp->prnd);
934 
935 		smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
936 
937 		memset(stk + smp->enc_key_size, 0,
938 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
939 
940 		if (hcon->pending_sec_level == BT_SECURITY_HIGH)
941 			auth = 1;
942 		else
943 			auth = 0;
944 
945 		/* Even though there's no _SLAVE suffix this is the
946 		 * slave STK we're adding for later lookup (the master
947 		 * STK never needs to be stored).
948 		 */
949 		hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
950 			    SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
951 	}
952 
953 	return 0;
954 }
955 
956 static void smp_notify_keys(struct l2cap_conn *conn)
957 {
958 	struct l2cap_chan *chan = conn->smp;
959 	struct smp_chan *smp = chan->data;
960 	struct hci_conn *hcon = conn->hcon;
961 	struct hci_dev *hdev = hcon->hdev;
962 	struct smp_cmd_pairing *req = (void *) &smp->preq[1];
963 	struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
964 	bool persistent;
965 
966 	if (smp->remote_irk) {
967 		mgmt_new_irk(hdev, smp->remote_irk);
968 		/* Now that user space can be considered to know the
969 		 * identity address track the connection based on it
970 		 * from now on (assuming this is an LE link).
971 		 */
972 		if (hcon->type == LE_LINK) {
973 			bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
974 			hcon->dst_type = smp->remote_irk->addr_type;
975 			queue_work(hdev->workqueue, &conn->id_addr_update_work);
976 		}
977 
978 		/* When receiving an indentity resolving key for
979 		 * a remote device that does not use a resolvable
980 		 * private address, just remove the key so that
981 		 * it is possible to use the controller white
982 		 * list for scanning.
983 		 *
984 		 * Userspace will have been told to not store
985 		 * this key at this point. So it is safe to
986 		 * just remove it.
987 		 */
988 		if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
989 			list_del_rcu(&smp->remote_irk->list);
990 			kfree_rcu(smp->remote_irk, rcu);
991 			smp->remote_irk = NULL;
992 		}
993 	}
994 
995 	if (hcon->type == ACL_LINK) {
996 		if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
997 			persistent = false;
998 		else
999 			persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1000 					       &hcon->flags);
1001 	} else {
1002 		/* The LTKs and CSRKs should be persistent only if both sides
1003 		 * had the bonding bit set in their authentication requests.
1004 		 */
1005 		persistent = !!((req->auth_req & rsp->auth_req) &
1006 				SMP_AUTH_BONDING);
1007 	}
1008 
1009 
1010 	if (smp->csrk) {
1011 		smp->csrk->bdaddr_type = hcon->dst_type;
1012 		bacpy(&smp->csrk->bdaddr, &hcon->dst);
1013 		mgmt_new_csrk(hdev, smp->csrk, persistent);
1014 	}
1015 
1016 	if (smp->slave_csrk) {
1017 		smp->slave_csrk->bdaddr_type = hcon->dst_type;
1018 		bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1019 		mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1020 	}
1021 
1022 	if (smp->ltk) {
1023 		smp->ltk->bdaddr_type = hcon->dst_type;
1024 		bacpy(&smp->ltk->bdaddr, &hcon->dst);
1025 		mgmt_new_ltk(hdev, smp->ltk, persistent);
1026 	}
1027 
1028 	if (smp->slave_ltk) {
1029 		smp->slave_ltk->bdaddr_type = hcon->dst_type;
1030 		bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1031 		mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1032 	}
1033 
1034 	if (smp->link_key) {
1035 		struct link_key *key;
1036 		u8 type;
1037 
1038 		if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1039 			type = HCI_LK_DEBUG_COMBINATION;
1040 		else if (hcon->sec_level == BT_SECURITY_FIPS)
1041 			type = HCI_LK_AUTH_COMBINATION_P256;
1042 		else
1043 			type = HCI_LK_UNAUTH_COMBINATION_P256;
1044 
1045 		key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1046 				       smp->link_key, type, 0, &persistent);
1047 		if (key) {
1048 			mgmt_new_link_key(hdev, key, persistent);
1049 
1050 			/* Don't keep debug keys around if the relevant
1051 			 * flag is not set.
1052 			 */
1053 			if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1054 			    key->type == HCI_LK_DEBUG_COMBINATION) {
1055 				list_del_rcu(&key->list);
1056 				kfree_rcu(key, rcu);
1057 			}
1058 		}
1059 	}
1060 }
1061 
1062 static void sc_add_ltk(struct smp_chan *smp)
1063 {
1064 	struct hci_conn *hcon = smp->conn->hcon;
1065 	u8 key_type, auth;
1066 
1067 	if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1068 		key_type = SMP_LTK_P256_DEBUG;
1069 	else
1070 		key_type = SMP_LTK_P256;
1071 
1072 	if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1073 		auth = 1;
1074 	else
1075 		auth = 0;
1076 
1077 	memset(smp->tk + smp->enc_key_size, 0,
1078 	       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1079 
1080 	smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1081 			       key_type, auth, smp->tk, smp->enc_key_size,
1082 			       0, 0);
1083 }
1084 
1085 static void sc_generate_link_key(struct smp_chan *smp)
1086 {
1087 	/* These constants are as specified in the core specification.
1088 	 * In ASCII they spell out to 'tmp1' and 'lebr'.
1089 	 */
1090 	const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1091 	const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1092 
1093 	smp->link_key = kzalloc(16, GFP_KERNEL);
1094 	if (!smp->link_key)
1095 		return;
1096 
1097 	if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1098 		kfree(smp->link_key);
1099 		smp->link_key = NULL;
1100 		return;
1101 	}
1102 
1103 	if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1104 		kfree(smp->link_key);
1105 		smp->link_key = NULL;
1106 		return;
1107 	}
1108 }
1109 
1110 static void smp_allow_key_dist(struct smp_chan *smp)
1111 {
1112 	/* Allow the first expected phase 3 PDU. The rest of the PDUs
1113 	 * will be allowed in each PDU handler to ensure we receive
1114 	 * them in the correct order.
1115 	 */
1116 	if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1117 		SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1118 	else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1119 		SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1120 	else if (smp->remote_key_dist & SMP_DIST_SIGN)
1121 		SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1122 }
1123 
1124 static void sc_generate_ltk(struct smp_chan *smp)
1125 {
1126 	/* These constants are as specified in the core specification.
1127 	 * In ASCII they spell out to 'tmp2' and 'brle'.
1128 	 */
1129 	const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1130 	const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1131 	struct hci_conn *hcon = smp->conn->hcon;
1132 	struct hci_dev *hdev = hcon->hdev;
1133 	struct link_key *key;
1134 
1135 	key = hci_find_link_key(hdev, &hcon->dst);
1136 	if (!key) {
1137 		BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1138 		return;
1139 	}
1140 
1141 	if (key->type == HCI_LK_DEBUG_COMBINATION)
1142 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1143 
1144 	if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1145 		return;
1146 
1147 	if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1148 		return;
1149 
1150 	sc_add_ltk(smp);
1151 }
1152 
1153 static void smp_distribute_keys(struct smp_chan *smp)
1154 {
1155 	struct smp_cmd_pairing *req, *rsp;
1156 	struct l2cap_conn *conn = smp->conn;
1157 	struct hci_conn *hcon = conn->hcon;
1158 	struct hci_dev *hdev = hcon->hdev;
1159 	__u8 *keydist;
1160 
1161 	BT_DBG("conn %p", conn);
1162 
1163 	rsp = (void *) &smp->prsp[1];
1164 
1165 	/* The responder sends its keys first */
1166 	if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1167 		smp_allow_key_dist(smp);
1168 		return;
1169 	}
1170 
1171 	req = (void *) &smp->preq[1];
1172 
1173 	if (hcon->out) {
1174 		keydist = &rsp->init_key_dist;
1175 		*keydist &= req->init_key_dist;
1176 	} else {
1177 		keydist = &rsp->resp_key_dist;
1178 		*keydist &= req->resp_key_dist;
1179 	}
1180 
1181 	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1182 		if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1183 			sc_generate_link_key(smp);
1184 		if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1185 			sc_generate_ltk(smp);
1186 
1187 		/* Clear the keys which are generated but not distributed */
1188 		*keydist &= ~SMP_SC_NO_DIST;
1189 	}
1190 
1191 	BT_DBG("keydist 0x%x", *keydist);
1192 
1193 	if (*keydist & SMP_DIST_ENC_KEY) {
1194 		struct smp_cmd_encrypt_info enc;
1195 		struct smp_cmd_master_ident ident;
1196 		struct smp_ltk *ltk;
1197 		u8 authenticated;
1198 		__le16 ediv;
1199 		__le64 rand;
1200 
1201 		get_random_bytes(enc.ltk, sizeof(enc.ltk));
1202 		get_random_bytes(&ediv, sizeof(ediv));
1203 		get_random_bytes(&rand, sizeof(rand));
1204 
1205 		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1206 
1207 		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1208 		ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1209 				  SMP_LTK_SLAVE, authenticated, enc.ltk,
1210 				  smp->enc_key_size, ediv, rand);
1211 		smp->slave_ltk = ltk;
1212 
1213 		ident.ediv = ediv;
1214 		ident.rand = rand;
1215 
1216 		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1217 
1218 		*keydist &= ~SMP_DIST_ENC_KEY;
1219 	}
1220 
1221 	if (*keydist & SMP_DIST_ID_KEY) {
1222 		struct smp_cmd_ident_addr_info addrinfo;
1223 		struct smp_cmd_ident_info idinfo;
1224 
1225 		memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1226 
1227 		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1228 
1229 		/* The hci_conn contains the local identity address
1230 		 * after the connection has been established.
1231 		 *
1232 		 * This is true even when the connection has been
1233 		 * established using a resolvable random address.
1234 		 */
1235 		bacpy(&addrinfo.bdaddr, &hcon->src);
1236 		addrinfo.addr_type = hcon->src_type;
1237 
1238 		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1239 			     &addrinfo);
1240 
1241 		*keydist &= ~SMP_DIST_ID_KEY;
1242 	}
1243 
1244 	if (*keydist & SMP_DIST_SIGN) {
1245 		struct smp_cmd_sign_info sign;
1246 		struct smp_csrk *csrk;
1247 
1248 		/* Generate a new random key */
1249 		get_random_bytes(sign.csrk, sizeof(sign.csrk));
1250 
1251 		csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1252 		if (csrk) {
1253 			csrk->master = 0x00;
1254 			memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1255 		}
1256 		smp->slave_csrk = csrk;
1257 
1258 		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1259 
1260 		*keydist &= ~SMP_DIST_SIGN;
1261 	}
1262 
1263 	/* If there are still keys to be received wait for them */
1264 	if (smp->remote_key_dist & KEY_DIST_MASK) {
1265 		smp_allow_key_dist(smp);
1266 		return;
1267 	}
1268 
1269 	set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1270 	smp_notify_keys(conn);
1271 
1272 	smp_chan_destroy(conn);
1273 }
1274 
1275 static void smp_timeout(struct work_struct *work)
1276 {
1277 	struct smp_chan *smp = container_of(work, struct smp_chan,
1278 					    security_timer.work);
1279 	struct l2cap_conn *conn = smp->conn;
1280 
1281 	BT_DBG("conn %p", conn);
1282 
1283 	hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1284 }
1285 
1286 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1287 {
1288 	struct l2cap_chan *chan = conn->smp;
1289 	struct smp_chan *smp;
1290 
1291 	smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1292 	if (!smp)
1293 		return NULL;
1294 
1295 	smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1296 	if (IS_ERR(smp->tfm_aes)) {
1297 		BT_ERR("Unable to create ECB crypto context");
1298 		kfree(smp);
1299 		return NULL;
1300 	}
1301 
1302 	smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1303 	if (IS_ERR(smp->tfm_cmac)) {
1304 		BT_ERR("Unable to create CMAC crypto context");
1305 		crypto_free_blkcipher(smp->tfm_aes);
1306 		kfree(smp);
1307 		return NULL;
1308 	}
1309 
1310 	smp->conn = conn;
1311 	chan->data = smp;
1312 
1313 	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1314 
1315 	INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1316 
1317 	hci_conn_hold(conn->hcon);
1318 
1319 	return smp;
1320 }
1321 
1322 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1323 {
1324 	struct hci_conn *hcon = smp->conn->hcon;
1325 	u8 *na, *nb, a[7], b[7];
1326 
1327 	if (hcon->out) {
1328 		na   = smp->prnd;
1329 		nb   = smp->rrnd;
1330 	} else {
1331 		na   = smp->rrnd;
1332 		nb   = smp->prnd;
1333 	}
1334 
1335 	memcpy(a, &hcon->init_addr, 6);
1336 	memcpy(b, &hcon->resp_addr, 6);
1337 	a[6] = hcon->init_addr_type;
1338 	b[6] = hcon->resp_addr_type;
1339 
1340 	return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1341 }
1342 
1343 static void sc_dhkey_check(struct smp_chan *smp)
1344 {
1345 	struct hci_conn *hcon = smp->conn->hcon;
1346 	struct smp_cmd_dhkey_check check;
1347 	u8 a[7], b[7], *local_addr, *remote_addr;
1348 	u8 io_cap[3], r[16];
1349 
1350 	memcpy(a, &hcon->init_addr, 6);
1351 	memcpy(b, &hcon->resp_addr, 6);
1352 	a[6] = hcon->init_addr_type;
1353 	b[6] = hcon->resp_addr_type;
1354 
1355 	if (hcon->out) {
1356 		local_addr = a;
1357 		remote_addr = b;
1358 		memcpy(io_cap, &smp->preq[1], 3);
1359 	} else {
1360 		local_addr = b;
1361 		remote_addr = a;
1362 		memcpy(io_cap, &smp->prsp[1], 3);
1363 	}
1364 
1365 	memset(r, 0, sizeof(r));
1366 
1367 	if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1368 		put_unaligned_le32(hcon->passkey_notify, r);
1369 
1370 	if (smp->method == REQ_OOB)
1371 		memcpy(r, smp->rr, 16);
1372 
1373 	smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1374 	       local_addr, remote_addr, check.e);
1375 
1376 	smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1377 }
1378 
1379 static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1380 {
1381 	struct l2cap_conn *conn = smp->conn;
1382 	struct hci_conn *hcon = conn->hcon;
1383 	struct smp_cmd_pairing_confirm cfm;
1384 	u8 r;
1385 
1386 	r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1387 	r |= 0x80;
1388 
1389 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
1390 
1391 	if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1392 		   cfm.confirm_val))
1393 		return SMP_UNSPECIFIED;
1394 
1395 	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1396 
1397 	return 0;
1398 }
1399 
1400 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1401 {
1402 	struct l2cap_conn *conn = smp->conn;
1403 	struct hci_conn *hcon = conn->hcon;
1404 	struct hci_dev *hdev = hcon->hdev;
1405 	u8 cfm[16], r;
1406 
1407 	/* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1408 	if (smp->passkey_round >= 20)
1409 		return 0;
1410 
1411 	switch (smp_op) {
1412 	case SMP_CMD_PAIRING_RANDOM:
1413 		r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1414 		r |= 0x80;
1415 
1416 		if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1417 			   smp->rrnd, r, cfm))
1418 			return SMP_UNSPECIFIED;
1419 
1420 		if (memcmp(smp->pcnf, cfm, 16))
1421 			return SMP_CONFIRM_FAILED;
1422 
1423 		smp->passkey_round++;
1424 
1425 		if (smp->passkey_round == 20) {
1426 			/* Generate MacKey and LTK */
1427 			if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1428 				return SMP_UNSPECIFIED;
1429 		}
1430 
1431 		/* The round is only complete when the initiator
1432 		 * receives pairing random.
1433 		 */
1434 		if (!hcon->out) {
1435 			smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1436 				     sizeof(smp->prnd), smp->prnd);
1437 			if (smp->passkey_round == 20)
1438 				SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1439 			else
1440 				SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1441 			return 0;
1442 		}
1443 
1444 		/* Start the next round */
1445 		if (smp->passkey_round != 20)
1446 			return sc_passkey_round(smp, 0);
1447 
1448 		/* Passkey rounds are complete - start DHKey Check */
1449 		sc_dhkey_check(smp);
1450 		SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1451 
1452 		break;
1453 
1454 	case SMP_CMD_PAIRING_CONFIRM:
1455 		if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1456 			set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1457 			return 0;
1458 		}
1459 
1460 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1461 
1462 		if (hcon->out) {
1463 			smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1464 				     sizeof(smp->prnd), smp->prnd);
1465 			return 0;
1466 		}
1467 
1468 		return sc_passkey_send_confirm(smp);
1469 
1470 	case SMP_CMD_PUBLIC_KEY:
1471 	default:
1472 		/* Initiating device starts the round */
1473 		if (!hcon->out)
1474 			return 0;
1475 
1476 		BT_DBG("%s Starting passkey round %u", hdev->name,
1477 		       smp->passkey_round + 1);
1478 
1479 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1480 
1481 		return sc_passkey_send_confirm(smp);
1482 	}
1483 
1484 	return 0;
1485 }
1486 
1487 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1488 {
1489 	struct l2cap_conn *conn = smp->conn;
1490 	struct hci_conn *hcon = conn->hcon;
1491 	u8 smp_op;
1492 
1493 	clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1494 
1495 	switch (mgmt_op) {
1496 	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1497 		smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1498 		return 0;
1499 	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1500 		smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1501 		return 0;
1502 	case MGMT_OP_USER_PASSKEY_REPLY:
1503 		hcon->passkey_notify = le32_to_cpu(passkey);
1504 		smp->passkey_round = 0;
1505 
1506 		if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1507 			smp_op = SMP_CMD_PAIRING_CONFIRM;
1508 		else
1509 			smp_op = 0;
1510 
1511 		if (sc_passkey_round(smp, smp_op))
1512 			return -EIO;
1513 
1514 		return 0;
1515 	}
1516 
1517 	/* Initiator sends DHKey check first */
1518 	if (hcon->out) {
1519 		sc_dhkey_check(smp);
1520 		SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1521 	} else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1522 		sc_dhkey_check(smp);
1523 		sc_add_ltk(smp);
1524 	}
1525 
1526 	return 0;
1527 }
1528 
1529 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1530 {
1531 	struct l2cap_conn *conn = hcon->l2cap_data;
1532 	struct l2cap_chan *chan;
1533 	struct smp_chan *smp;
1534 	u32 value;
1535 	int err;
1536 
1537 	BT_DBG("");
1538 
1539 	if (!conn)
1540 		return -ENOTCONN;
1541 
1542 	chan = conn->smp;
1543 	if (!chan)
1544 		return -ENOTCONN;
1545 
1546 	l2cap_chan_lock(chan);
1547 	if (!chan->data) {
1548 		err = -ENOTCONN;
1549 		goto unlock;
1550 	}
1551 
1552 	smp = chan->data;
1553 
1554 	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1555 		err = sc_user_reply(smp, mgmt_op, passkey);
1556 		goto unlock;
1557 	}
1558 
1559 	switch (mgmt_op) {
1560 	case MGMT_OP_USER_PASSKEY_REPLY:
1561 		value = le32_to_cpu(passkey);
1562 		memset(smp->tk, 0, sizeof(smp->tk));
1563 		BT_DBG("PassKey: %d", value);
1564 		put_unaligned_le32(value, smp->tk);
1565 		/* Fall Through */
1566 	case MGMT_OP_USER_CONFIRM_REPLY:
1567 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1568 		break;
1569 	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1570 	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1571 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1572 		err = 0;
1573 		goto unlock;
1574 	default:
1575 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1576 		err = -EOPNOTSUPP;
1577 		goto unlock;
1578 	}
1579 
1580 	err = 0;
1581 
1582 	/* If it is our turn to send Pairing Confirm, do so now */
1583 	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1584 		u8 rsp = smp_confirm(smp);
1585 		if (rsp)
1586 			smp_failure(conn, rsp);
1587 	}
1588 
1589 unlock:
1590 	l2cap_chan_unlock(chan);
1591 	return err;
1592 }
1593 
1594 static void build_bredr_pairing_cmd(struct smp_chan *smp,
1595 				    struct smp_cmd_pairing *req,
1596 				    struct smp_cmd_pairing *rsp)
1597 {
1598 	struct l2cap_conn *conn = smp->conn;
1599 	struct hci_dev *hdev = conn->hcon->hdev;
1600 	u8 local_dist = 0, remote_dist = 0;
1601 
1602 	if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1603 		local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1604 		remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1605 	}
1606 
1607 	if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1608 		remote_dist |= SMP_DIST_ID_KEY;
1609 
1610 	if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1611 		local_dist |= SMP_DIST_ID_KEY;
1612 
1613 	if (!rsp) {
1614 		memset(req, 0, sizeof(*req));
1615 
1616 		req->init_key_dist   = local_dist;
1617 		req->resp_key_dist   = remote_dist;
1618 		req->max_key_size    = SMP_MAX_ENC_KEY_SIZE;
1619 
1620 		smp->remote_key_dist = remote_dist;
1621 
1622 		return;
1623 	}
1624 
1625 	memset(rsp, 0, sizeof(*rsp));
1626 
1627 	rsp->max_key_size    = SMP_MAX_ENC_KEY_SIZE;
1628 	rsp->init_key_dist   = req->init_key_dist & remote_dist;
1629 	rsp->resp_key_dist   = req->resp_key_dist & local_dist;
1630 
1631 	smp->remote_key_dist = rsp->init_key_dist;
1632 }
1633 
1634 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1635 {
1636 	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1637 	struct l2cap_chan *chan = conn->smp;
1638 	struct hci_dev *hdev = conn->hcon->hdev;
1639 	struct smp_chan *smp;
1640 	u8 key_size, auth, sec_level;
1641 	int ret;
1642 
1643 	BT_DBG("conn %p", conn);
1644 
1645 	if (skb->len < sizeof(*req))
1646 		return SMP_INVALID_PARAMS;
1647 
1648 	if (conn->hcon->role != HCI_ROLE_SLAVE)
1649 		return SMP_CMD_NOTSUPP;
1650 
1651 	if (!chan->data)
1652 		smp = smp_chan_create(conn);
1653 	else
1654 		smp = chan->data;
1655 
1656 	if (!smp)
1657 		return SMP_UNSPECIFIED;
1658 
1659 	/* We didn't start the pairing, so match remote */
1660 	auth = req->auth_req & AUTH_REQ_MASK(hdev);
1661 
1662 	if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
1663 	    (auth & SMP_AUTH_BONDING))
1664 		return SMP_PAIRING_NOTSUPP;
1665 
1666 	if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1667 		return SMP_AUTH_REQUIREMENTS;
1668 
1669 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
1670 	memcpy(&smp->preq[1], req, sizeof(*req));
1671 	skb_pull(skb, sizeof(*req));
1672 
1673 	/* SMP over BR/EDR requires special treatment */
1674 	if (conn->hcon->type == ACL_LINK) {
1675 		/* We must have a BR/EDR SC link */
1676 		if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1677 		    !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
1678 			return SMP_CROSS_TRANSP_NOT_ALLOWED;
1679 
1680 		set_bit(SMP_FLAG_SC, &smp->flags);
1681 
1682 		build_bredr_pairing_cmd(smp, req, &rsp);
1683 
1684 		key_size = min(req->max_key_size, rsp.max_key_size);
1685 		if (check_enc_key_size(conn, key_size))
1686 			return SMP_ENC_KEY_SIZE;
1687 
1688 		/* Clear bits which are generated but not distributed */
1689 		smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1690 
1691 		smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1692 		memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1693 		smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1694 
1695 		smp_distribute_keys(smp);
1696 		return 0;
1697 	}
1698 
1699 	build_pairing_cmd(conn, req, &rsp, auth);
1700 
1701 	if (rsp.auth_req & SMP_AUTH_SC)
1702 		set_bit(SMP_FLAG_SC, &smp->flags);
1703 
1704 	if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1705 		sec_level = BT_SECURITY_MEDIUM;
1706 	else
1707 		sec_level = authreq_to_seclevel(auth);
1708 
1709 	if (sec_level > conn->hcon->pending_sec_level)
1710 		conn->hcon->pending_sec_level = sec_level;
1711 
1712 	/* If we need MITM check that it can be achieved */
1713 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1714 		u8 method;
1715 
1716 		method = get_auth_method(smp, conn->hcon->io_capability,
1717 					 req->io_capability);
1718 		if (method == JUST_WORKS || method == JUST_CFM)
1719 			return SMP_AUTH_REQUIREMENTS;
1720 	}
1721 
1722 	key_size = min(req->max_key_size, rsp.max_key_size);
1723 	if (check_enc_key_size(conn, key_size))
1724 		return SMP_ENC_KEY_SIZE;
1725 
1726 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
1727 
1728 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1729 	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1730 
1731 	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1732 
1733 	clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1734 
1735 	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1736 		SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1737 		/* Clear bits which are generated but not distributed */
1738 		smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1739 		/* Wait for Public Key from Initiating Device */
1740 		return 0;
1741 	} else {
1742 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1743 	}
1744 
1745 	/* Request setup of TK */
1746 	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1747 	if (ret)
1748 		return SMP_UNSPECIFIED;
1749 
1750 	return 0;
1751 }
1752 
1753 static u8 sc_send_public_key(struct smp_chan *smp)
1754 {
1755 	struct hci_dev *hdev = smp->conn->hcon->hdev;
1756 
1757 	BT_DBG("");
1758 
1759 	if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1760 		BT_DBG("Using debug keys");
1761 		memcpy(smp->local_pk, debug_pk, 64);
1762 		memcpy(smp->local_sk, debug_sk, 32);
1763 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1764 	} else {
1765 		while (true) {
1766 			/* Generate local key pair for Secure Connections */
1767 			if (!ecc_make_key(smp->local_pk, smp->local_sk))
1768 				return SMP_UNSPECIFIED;
1769 
1770 			/* This is unlikely, but we need to check that
1771 			 * we didn't accidentially generate a debug key.
1772 			 */
1773 			if (memcmp(smp->local_sk, debug_sk, 32))
1774 				break;
1775 		}
1776 	}
1777 
1778 	SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1779 	SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1780 	SMP_DBG("Local Private Key:  %32phN", smp->local_sk);
1781 
1782 	smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1783 
1784 	return 0;
1785 }
1786 
1787 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1788 {
1789 	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1790 	struct l2cap_chan *chan = conn->smp;
1791 	struct smp_chan *smp = chan->data;
1792 	struct hci_dev *hdev = conn->hcon->hdev;
1793 	u8 key_size, auth;
1794 	int ret;
1795 
1796 	BT_DBG("conn %p", conn);
1797 
1798 	if (skb->len < sizeof(*rsp))
1799 		return SMP_INVALID_PARAMS;
1800 
1801 	if (conn->hcon->role != HCI_ROLE_MASTER)
1802 		return SMP_CMD_NOTSUPP;
1803 
1804 	skb_pull(skb, sizeof(*rsp));
1805 
1806 	req = (void *) &smp->preq[1];
1807 
1808 	key_size = min(req->max_key_size, rsp->max_key_size);
1809 	if (check_enc_key_size(conn, key_size))
1810 		return SMP_ENC_KEY_SIZE;
1811 
1812 	auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1813 
1814 	if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1815 		return SMP_AUTH_REQUIREMENTS;
1816 
1817 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1818 	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1819 
1820 	/* Update remote key distribution in case the remote cleared
1821 	 * some bits that we had enabled in our request.
1822 	 */
1823 	smp->remote_key_dist &= rsp->resp_key_dist;
1824 
1825 	/* For BR/EDR this means we're done and can start phase 3 */
1826 	if (conn->hcon->type == ACL_LINK) {
1827 		/* Clear bits which are generated but not distributed */
1828 		smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1829 		smp_distribute_keys(smp);
1830 		return 0;
1831 	}
1832 
1833 	if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1834 		set_bit(SMP_FLAG_SC, &smp->flags);
1835 	else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1836 		conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1837 
1838 	/* If we need MITM check that it can be achieved */
1839 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1840 		u8 method;
1841 
1842 		method = get_auth_method(smp, req->io_capability,
1843 					 rsp->io_capability);
1844 		if (method == JUST_WORKS || method == JUST_CFM)
1845 			return SMP_AUTH_REQUIREMENTS;
1846 	}
1847 
1848 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
1849 
1850 	/* Update remote key distribution in case the remote cleared
1851 	 * some bits that we had enabled in our request.
1852 	 */
1853 	smp->remote_key_dist &= rsp->resp_key_dist;
1854 
1855 	if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1856 		/* Clear bits which are generated but not distributed */
1857 		smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1858 		SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1859 		return sc_send_public_key(smp);
1860 	}
1861 
1862 	auth |= req->auth_req;
1863 
1864 	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1865 	if (ret)
1866 		return SMP_UNSPECIFIED;
1867 
1868 	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1869 
1870 	/* Can't compose response until we have been confirmed */
1871 	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1872 		return smp_confirm(smp);
1873 
1874 	return 0;
1875 }
1876 
1877 static u8 sc_check_confirm(struct smp_chan *smp)
1878 {
1879 	struct l2cap_conn *conn = smp->conn;
1880 
1881 	BT_DBG("");
1882 
1883 	/* Public Key exchange must happen before any other steps */
1884 	if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1885 		return SMP_UNSPECIFIED;
1886 
1887 	if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1888 		return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1889 
1890 	if (conn->hcon->out) {
1891 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1892 			     smp->prnd);
1893 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1894 	}
1895 
1896 	return 0;
1897 }
1898 
1899 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1900 {
1901 	struct l2cap_chan *chan = conn->smp;
1902 	struct smp_chan *smp = chan->data;
1903 
1904 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1905 
1906 	if (skb->len < sizeof(smp->pcnf))
1907 		return SMP_INVALID_PARAMS;
1908 
1909 	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1910 	skb_pull(skb, sizeof(smp->pcnf));
1911 
1912 	if (test_bit(SMP_FLAG_SC, &smp->flags))
1913 		return sc_check_confirm(smp);
1914 
1915 	if (conn->hcon->out) {
1916 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1917 			     smp->prnd);
1918 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1919 		return 0;
1920 	}
1921 
1922 	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1923 		return smp_confirm(smp);
1924 	else
1925 		set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1926 
1927 	return 0;
1928 }
1929 
1930 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1931 {
1932 	struct l2cap_chan *chan = conn->smp;
1933 	struct smp_chan *smp = chan->data;
1934 	struct hci_conn *hcon = conn->hcon;
1935 	u8 *pkax, *pkbx, *na, *nb;
1936 	u32 passkey;
1937 	int err;
1938 
1939 	BT_DBG("conn %p", conn);
1940 
1941 	if (skb->len < sizeof(smp->rrnd))
1942 		return SMP_INVALID_PARAMS;
1943 
1944 	memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1945 	skb_pull(skb, sizeof(smp->rrnd));
1946 
1947 	if (!test_bit(SMP_FLAG_SC, &smp->flags))
1948 		return smp_random(smp);
1949 
1950 	if (hcon->out) {
1951 		pkax = smp->local_pk;
1952 		pkbx = smp->remote_pk;
1953 		na   = smp->prnd;
1954 		nb   = smp->rrnd;
1955 	} else {
1956 		pkax = smp->remote_pk;
1957 		pkbx = smp->local_pk;
1958 		na   = smp->rrnd;
1959 		nb   = smp->prnd;
1960 	}
1961 
1962 	if (smp->method == REQ_OOB) {
1963 		if (!hcon->out)
1964 			smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1965 				     sizeof(smp->prnd), smp->prnd);
1966 		SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1967 		goto mackey_and_ltk;
1968 	}
1969 
1970 	/* Passkey entry has special treatment */
1971 	if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1972 		return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1973 
1974 	if (hcon->out) {
1975 		u8 cfm[16];
1976 
1977 		err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1978 			     smp->rrnd, 0, cfm);
1979 		if (err)
1980 			return SMP_UNSPECIFIED;
1981 
1982 		if (memcmp(smp->pcnf, cfm, 16))
1983 			return SMP_CONFIRM_FAILED;
1984 	} else {
1985 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1986 			     smp->prnd);
1987 		SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1988 	}
1989 
1990 mackey_and_ltk:
1991 	/* Generate MacKey and LTK */
1992 	err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1993 	if (err)
1994 		return SMP_UNSPECIFIED;
1995 
1996 	if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
1997 		if (hcon->out) {
1998 			sc_dhkey_check(smp);
1999 			SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2000 		}
2001 		return 0;
2002 	}
2003 
2004 	err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2005 	if (err)
2006 		return SMP_UNSPECIFIED;
2007 
2008 	err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2009 					hcon->dst_type, passkey, 0);
2010 	if (err)
2011 		return SMP_UNSPECIFIED;
2012 
2013 	set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2014 
2015 	return 0;
2016 }
2017 
2018 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
2019 {
2020 	struct smp_ltk *key;
2021 	struct hci_conn *hcon = conn->hcon;
2022 
2023 	key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
2024 	if (!key)
2025 		return false;
2026 
2027 	if (smp_ltk_sec_level(key) < sec_level)
2028 		return false;
2029 
2030 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
2031 		return true;
2032 
2033 	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2034 	hcon->enc_key_size = key->enc_size;
2035 
2036 	/* We never store STKs for master role, so clear this flag */
2037 	clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2038 
2039 	return true;
2040 }
2041 
2042 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2043 			     enum smp_key_pref key_pref)
2044 {
2045 	if (sec_level == BT_SECURITY_LOW)
2046 		return true;
2047 
2048 	/* If we're encrypted with an STK but the caller prefers using
2049 	 * LTK claim insufficient security. This way we allow the
2050 	 * connection to be re-encrypted with an LTK, even if the LTK
2051 	 * provides the same level of security. Only exception is if we
2052 	 * don't have an LTK (e.g. because of key distribution bits).
2053 	 */
2054 	if (key_pref == SMP_USE_LTK &&
2055 	    test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
2056 	    hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
2057 		return false;
2058 
2059 	if (hcon->sec_level >= sec_level)
2060 		return true;
2061 
2062 	return false;
2063 }
2064 
2065 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
2066 {
2067 	struct smp_cmd_security_req *rp = (void *) skb->data;
2068 	struct smp_cmd_pairing cp;
2069 	struct hci_conn *hcon = conn->hcon;
2070 	struct hci_dev *hdev = hcon->hdev;
2071 	struct smp_chan *smp;
2072 	u8 sec_level, auth;
2073 
2074 	BT_DBG("conn %p", conn);
2075 
2076 	if (skb->len < sizeof(*rp))
2077 		return SMP_INVALID_PARAMS;
2078 
2079 	if (hcon->role != HCI_ROLE_MASTER)
2080 		return SMP_CMD_NOTSUPP;
2081 
2082 	auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2083 
2084 	if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2085 		return SMP_AUTH_REQUIREMENTS;
2086 
2087 	if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
2088 		sec_level = BT_SECURITY_MEDIUM;
2089 	else
2090 		sec_level = authreq_to_seclevel(auth);
2091 
2092 	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2093 		return 0;
2094 
2095 	if (sec_level > hcon->pending_sec_level)
2096 		hcon->pending_sec_level = sec_level;
2097 
2098 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2099 		return 0;
2100 
2101 	smp = smp_chan_create(conn);
2102 	if (!smp)
2103 		return SMP_UNSPECIFIED;
2104 
2105 	if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
2106 	    (auth & SMP_AUTH_BONDING))
2107 		return SMP_PAIRING_NOTSUPP;
2108 
2109 	skb_pull(skb, sizeof(*rp));
2110 
2111 	memset(&cp, 0, sizeof(cp));
2112 	build_pairing_cmd(conn, &cp, NULL, auth);
2113 
2114 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
2115 	memcpy(&smp->preq[1], &cp, sizeof(cp));
2116 
2117 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2118 	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2119 
2120 	return 0;
2121 }
2122 
2123 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
2124 {
2125 	struct l2cap_conn *conn = hcon->l2cap_data;
2126 	struct l2cap_chan *chan;
2127 	struct smp_chan *smp;
2128 	__u8 authreq;
2129 	int ret;
2130 
2131 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2132 
2133 	/* This may be NULL if there's an unexpected disconnection */
2134 	if (!conn)
2135 		return 1;
2136 
2137 	chan = conn->smp;
2138 
2139 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2140 		return 1;
2141 
2142 	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
2143 		return 1;
2144 
2145 	if (sec_level > hcon->pending_sec_level)
2146 		hcon->pending_sec_level = sec_level;
2147 
2148 	if (hcon->role == HCI_ROLE_MASTER)
2149 		if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2150 			return 0;
2151 
2152 	l2cap_chan_lock(chan);
2153 
2154 	/* If SMP is already in progress ignore this request */
2155 	if (chan->data) {
2156 		ret = 0;
2157 		goto unlock;
2158 	}
2159 
2160 	smp = smp_chan_create(conn);
2161 	if (!smp) {
2162 		ret = 1;
2163 		goto unlock;
2164 	}
2165 
2166 	authreq = seclevel_to_authreq(sec_level);
2167 
2168 	if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2169 		authreq |= SMP_AUTH_SC;
2170 
2171 	/* Require MITM if IO Capability allows or the security level
2172 	 * requires it.
2173 	 */
2174 	if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2175 	    hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2176 		authreq |= SMP_AUTH_MITM;
2177 
2178 	if (hcon->role == HCI_ROLE_MASTER) {
2179 		struct smp_cmd_pairing cp;
2180 
2181 		build_pairing_cmd(conn, &cp, NULL, authreq);
2182 		smp->preq[0] = SMP_CMD_PAIRING_REQ;
2183 		memcpy(&smp->preq[1], &cp, sizeof(cp));
2184 
2185 		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
2186 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2187 	} else {
2188 		struct smp_cmd_security_req cp;
2189 		cp.auth_req = authreq;
2190 		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
2191 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
2192 	}
2193 
2194 	set_bit(SMP_FLAG_INITIATOR, &smp->flags);
2195 	ret = 0;
2196 
2197 unlock:
2198 	l2cap_chan_unlock(chan);
2199 	return ret;
2200 }
2201 
2202 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2203 {
2204 	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
2205 	struct l2cap_chan *chan = conn->smp;
2206 	struct smp_chan *smp = chan->data;
2207 
2208 	BT_DBG("conn %p", conn);
2209 
2210 	if (skb->len < sizeof(*rp))
2211 		return SMP_INVALID_PARAMS;
2212 
2213 	SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2214 
2215 	skb_pull(skb, sizeof(*rp));
2216 
2217 	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2218 
2219 	return 0;
2220 }
2221 
2222 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2223 {
2224 	struct smp_cmd_master_ident *rp = (void *) skb->data;
2225 	struct l2cap_chan *chan = conn->smp;
2226 	struct smp_chan *smp = chan->data;
2227 	struct hci_dev *hdev = conn->hcon->hdev;
2228 	struct hci_conn *hcon = conn->hcon;
2229 	struct smp_ltk *ltk;
2230 	u8 authenticated;
2231 
2232 	BT_DBG("conn %p", conn);
2233 
2234 	if (skb->len < sizeof(*rp))
2235 		return SMP_INVALID_PARAMS;
2236 
2237 	/* Mark the information as received */
2238 	smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2239 
2240 	if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2241 		SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2242 	else if (smp->remote_key_dist & SMP_DIST_SIGN)
2243 		SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2244 
2245 	skb_pull(skb, sizeof(*rp));
2246 
2247 	authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2248 	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2249 			  authenticated, smp->tk, smp->enc_key_size,
2250 			  rp->ediv, rp->rand);
2251 	smp->ltk = ltk;
2252 	if (!(smp->remote_key_dist & KEY_DIST_MASK))
2253 		smp_distribute_keys(smp);
2254 
2255 	return 0;
2256 }
2257 
2258 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2259 {
2260 	struct smp_cmd_ident_info *info = (void *) skb->data;
2261 	struct l2cap_chan *chan = conn->smp;
2262 	struct smp_chan *smp = chan->data;
2263 
2264 	BT_DBG("");
2265 
2266 	if (skb->len < sizeof(*info))
2267 		return SMP_INVALID_PARAMS;
2268 
2269 	SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2270 
2271 	skb_pull(skb, sizeof(*info));
2272 
2273 	memcpy(smp->irk, info->irk, 16);
2274 
2275 	return 0;
2276 }
2277 
2278 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2279 				   struct sk_buff *skb)
2280 {
2281 	struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2282 	struct l2cap_chan *chan = conn->smp;
2283 	struct smp_chan *smp = chan->data;
2284 	struct hci_conn *hcon = conn->hcon;
2285 	bdaddr_t rpa;
2286 
2287 	BT_DBG("");
2288 
2289 	if (skb->len < sizeof(*info))
2290 		return SMP_INVALID_PARAMS;
2291 
2292 	/* Mark the information as received */
2293 	smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2294 
2295 	if (smp->remote_key_dist & SMP_DIST_SIGN)
2296 		SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2297 
2298 	skb_pull(skb, sizeof(*info));
2299 
2300 	/* Strictly speaking the Core Specification (4.1) allows sending
2301 	 * an empty address which would force us to rely on just the IRK
2302 	 * as "identity information". However, since such
2303 	 * implementations are not known of and in order to not over
2304 	 * complicate our implementation, simply pretend that we never
2305 	 * received an IRK for such a device.
2306 	 */
2307 	if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2308 		BT_ERR("Ignoring IRK with no identity address");
2309 		goto distribute;
2310 	}
2311 
2312 	bacpy(&smp->id_addr, &info->bdaddr);
2313 	smp->id_addr_type = info->addr_type;
2314 
2315 	if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2316 		bacpy(&rpa, &hcon->dst);
2317 	else
2318 		bacpy(&rpa, BDADDR_ANY);
2319 
2320 	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2321 				      smp->id_addr_type, smp->irk, &rpa);
2322 
2323 distribute:
2324 	if (!(smp->remote_key_dist & KEY_DIST_MASK))
2325 		smp_distribute_keys(smp);
2326 
2327 	return 0;
2328 }
2329 
2330 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2331 {
2332 	struct smp_cmd_sign_info *rp = (void *) skb->data;
2333 	struct l2cap_chan *chan = conn->smp;
2334 	struct smp_chan *smp = chan->data;
2335 	struct smp_csrk *csrk;
2336 
2337 	BT_DBG("conn %p", conn);
2338 
2339 	if (skb->len < sizeof(*rp))
2340 		return SMP_INVALID_PARAMS;
2341 
2342 	/* Mark the information as received */
2343 	smp->remote_key_dist &= ~SMP_DIST_SIGN;
2344 
2345 	skb_pull(skb, sizeof(*rp));
2346 
2347 	csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2348 	if (csrk) {
2349 		csrk->master = 0x01;
2350 		memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2351 	}
2352 	smp->csrk = csrk;
2353 	smp_distribute_keys(smp);
2354 
2355 	return 0;
2356 }
2357 
2358 static u8 sc_select_method(struct smp_chan *smp)
2359 {
2360 	struct l2cap_conn *conn = smp->conn;
2361 	struct hci_conn *hcon = conn->hcon;
2362 	struct smp_cmd_pairing *local, *remote;
2363 	u8 local_mitm, remote_mitm, local_io, remote_io, method;
2364 
2365 	if (test_bit(SMP_FLAG_OOB, &smp->flags))
2366 		return REQ_OOB;
2367 
2368 	/* The preq/prsp contain the raw Pairing Request/Response PDUs
2369 	 * which are needed as inputs to some crypto functions. To get
2370 	 * the "struct smp_cmd_pairing" from them we need to skip the
2371 	 * first byte which contains the opcode.
2372 	 */
2373 	if (hcon->out) {
2374 		local = (void *) &smp->preq[1];
2375 		remote = (void *) &smp->prsp[1];
2376 	} else {
2377 		local = (void *) &smp->prsp[1];
2378 		remote = (void *) &smp->preq[1];
2379 	}
2380 
2381 	local_io = local->io_capability;
2382 	remote_io = remote->io_capability;
2383 
2384 	local_mitm = (local->auth_req & SMP_AUTH_MITM);
2385 	remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2386 
2387 	/* If either side wants MITM, look up the method from the table,
2388 	 * otherwise use JUST WORKS.
2389 	 */
2390 	if (local_mitm || remote_mitm)
2391 		method = get_auth_method(smp, local_io, remote_io);
2392 	else
2393 		method = JUST_WORKS;
2394 
2395 	/* Don't confirm locally initiated pairing attempts */
2396 	if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2397 		method = JUST_WORKS;
2398 
2399 	return method;
2400 }
2401 
2402 static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2403 {
2404 	struct smp_cmd_public_key *key = (void *) skb->data;
2405 	struct hci_conn *hcon = conn->hcon;
2406 	struct l2cap_chan *chan = conn->smp;
2407 	struct smp_chan *smp = chan->data;
2408 	struct hci_dev *hdev = hcon->hdev;
2409 	struct smp_cmd_pairing_confirm cfm;
2410 	int err;
2411 
2412 	BT_DBG("conn %p", conn);
2413 
2414 	if (skb->len < sizeof(*key))
2415 		return SMP_INVALID_PARAMS;
2416 
2417 	memcpy(smp->remote_pk, key, 64);
2418 
2419 	/* Non-initiating device sends its public key after receiving
2420 	 * the key from the initiating device.
2421 	 */
2422 	if (!hcon->out) {
2423 		err = sc_send_public_key(smp);
2424 		if (err)
2425 			return err;
2426 	}
2427 
2428 	SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2429 	SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2430 
2431 	if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2432 		return SMP_UNSPECIFIED;
2433 
2434 	SMP_DBG("DHKey %32phN", smp->dhkey);
2435 
2436 	set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2437 
2438 	smp->method = sc_select_method(smp);
2439 
2440 	BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2441 
2442 	/* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2443 	if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2444 		hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2445 	else
2446 		hcon->pending_sec_level = BT_SECURITY_FIPS;
2447 
2448 	if (!memcmp(debug_pk, smp->remote_pk, 64))
2449 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2450 
2451 	if (smp->method == DSP_PASSKEY) {
2452 		get_random_bytes(&hcon->passkey_notify,
2453 				 sizeof(hcon->passkey_notify));
2454 		hcon->passkey_notify %= 1000000;
2455 		hcon->passkey_entered = 0;
2456 		smp->passkey_round = 0;
2457 		if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2458 					     hcon->dst_type,
2459 					     hcon->passkey_notify,
2460 					     hcon->passkey_entered))
2461 			return SMP_UNSPECIFIED;
2462 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2463 		return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2464 	}
2465 
2466 	if (smp->method == REQ_OOB) {
2467 		err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2468 			     smp->rr, 0, cfm.confirm_val);
2469 		if (err)
2470 			return SMP_UNSPECIFIED;
2471 
2472 		if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2473 			return SMP_CONFIRM_FAILED;
2474 
2475 		if (hcon->out)
2476 			smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2477 				     sizeof(smp->prnd), smp->prnd);
2478 
2479 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2480 
2481 		return 0;
2482 	}
2483 
2484 	if (hcon->out)
2485 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2486 
2487 	if (smp->method == REQ_PASSKEY) {
2488 		if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2489 					      hcon->dst_type))
2490 			return SMP_UNSPECIFIED;
2491 		SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2492 		set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2493 		return 0;
2494 	}
2495 
2496 	/* The Initiating device waits for the non-initiating device to
2497 	 * send the confirm value.
2498 	 */
2499 	if (conn->hcon->out)
2500 		return 0;
2501 
2502 	err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2503 		     0, cfm.confirm_val);
2504 	if (err)
2505 		return SMP_UNSPECIFIED;
2506 
2507 	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2508 	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2509 
2510 	return 0;
2511 }
2512 
2513 static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2514 {
2515 	struct smp_cmd_dhkey_check *check = (void *) skb->data;
2516 	struct l2cap_chan *chan = conn->smp;
2517 	struct hci_conn *hcon = conn->hcon;
2518 	struct smp_chan *smp = chan->data;
2519 	u8 a[7], b[7], *local_addr, *remote_addr;
2520 	u8 io_cap[3], r[16], e[16];
2521 	int err;
2522 
2523 	BT_DBG("conn %p", conn);
2524 
2525 	if (skb->len < sizeof(*check))
2526 		return SMP_INVALID_PARAMS;
2527 
2528 	memcpy(a, &hcon->init_addr, 6);
2529 	memcpy(b, &hcon->resp_addr, 6);
2530 	a[6] = hcon->init_addr_type;
2531 	b[6] = hcon->resp_addr_type;
2532 
2533 	if (hcon->out) {
2534 		local_addr = a;
2535 		remote_addr = b;
2536 		memcpy(io_cap, &smp->prsp[1], 3);
2537 	} else {
2538 		local_addr = b;
2539 		remote_addr = a;
2540 		memcpy(io_cap, &smp->preq[1], 3);
2541 	}
2542 
2543 	memset(r, 0, sizeof(r));
2544 
2545 	if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2546 		put_unaligned_le32(hcon->passkey_notify, r);
2547 
2548 	err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2549 		     io_cap, remote_addr, local_addr, e);
2550 	if (err)
2551 		return SMP_UNSPECIFIED;
2552 
2553 	if (memcmp(check->e, e, 16))
2554 		return SMP_DHKEY_CHECK_FAILED;
2555 
2556 	if (!hcon->out) {
2557 		if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2558 			set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2559 			return 0;
2560 		}
2561 
2562 		/* Slave sends DHKey check as response to master */
2563 		sc_dhkey_check(smp);
2564 	}
2565 
2566 	sc_add_ltk(smp);
2567 
2568 	if (hcon->out) {
2569 		hci_le_start_enc(hcon, 0, 0, smp->tk);
2570 		hcon->enc_key_size = smp->enc_key_size;
2571 	}
2572 
2573 	return 0;
2574 }
2575 
2576 static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2577 				   struct sk_buff *skb)
2578 {
2579 	struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2580 
2581 	BT_DBG("value 0x%02x", kp->value);
2582 
2583 	return 0;
2584 }
2585 
2586 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2587 {
2588 	struct l2cap_conn *conn = chan->conn;
2589 	struct hci_conn *hcon = conn->hcon;
2590 	struct smp_chan *smp;
2591 	__u8 code, reason;
2592 	int err = 0;
2593 
2594 	if (skb->len < 1)
2595 		return -EILSEQ;
2596 
2597 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2598 		reason = SMP_PAIRING_NOTSUPP;
2599 		goto done;
2600 	}
2601 
2602 	code = skb->data[0];
2603 	skb_pull(skb, sizeof(code));
2604 
2605 	smp = chan->data;
2606 
2607 	if (code > SMP_CMD_MAX)
2608 		goto drop;
2609 
2610 	if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2611 		goto drop;
2612 
2613 	/* If we don't have a context the only allowed commands are
2614 	 * pairing request and security request.
2615 	 */
2616 	if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2617 		goto drop;
2618 
2619 	switch (code) {
2620 	case SMP_CMD_PAIRING_REQ:
2621 		reason = smp_cmd_pairing_req(conn, skb);
2622 		break;
2623 
2624 	case SMP_CMD_PAIRING_FAIL:
2625 		smp_failure(conn, 0);
2626 		err = -EPERM;
2627 		break;
2628 
2629 	case SMP_CMD_PAIRING_RSP:
2630 		reason = smp_cmd_pairing_rsp(conn, skb);
2631 		break;
2632 
2633 	case SMP_CMD_SECURITY_REQ:
2634 		reason = smp_cmd_security_req(conn, skb);
2635 		break;
2636 
2637 	case SMP_CMD_PAIRING_CONFIRM:
2638 		reason = smp_cmd_pairing_confirm(conn, skb);
2639 		break;
2640 
2641 	case SMP_CMD_PAIRING_RANDOM:
2642 		reason = smp_cmd_pairing_random(conn, skb);
2643 		break;
2644 
2645 	case SMP_CMD_ENCRYPT_INFO:
2646 		reason = smp_cmd_encrypt_info(conn, skb);
2647 		break;
2648 
2649 	case SMP_CMD_MASTER_IDENT:
2650 		reason = smp_cmd_master_ident(conn, skb);
2651 		break;
2652 
2653 	case SMP_CMD_IDENT_INFO:
2654 		reason = smp_cmd_ident_info(conn, skb);
2655 		break;
2656 
2657 	case SMP_CMD_IDENT_ADDR_INFO:
2658 		reason = smp_cmd_ident_addr_info(conn, skb);
2659 		break;
2660 
2661 	case SMP_CMD_SIGN_INFO:
2662 		reason = smp_cmd_sign_info(conn, skb);
2663 		break;
2664 
2665 	case SMP_CMD_PUBLIC_KEY:
2666 		reason = smp_cmd_public_key(conn, skb);
2667 		break;
2668 
2669 	case SMP_CMD_DHKEY_CHECK:
2670 		reason = smp_cmd_dhkey_check(conn, skb);
2671 		break;
2672 
2673 	case SMP_CMD_KEYPRESS_NOTIFY:
2674 		reason = smp_cmd_keypress_notify(conn, skb);
2675 		break;
2676 
2677 	default:
2678 		BT_DBG("Unknown command code 0x%2.2x", code);
2679 		reason = SMP_CMD_NOTSUPP;
2680 		goto done;
2681 	}
2682 
2683 done:
2684 	if (!err) {
2685 		if (reason)
2686 			smp_failure(conn, reason);
2687 		kfree_skb(skb);
2688 	}
2689 
2690 	return err;
2691 
2692 drop:
2693 	BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2694 	       code, &hcon->dst);
2695 	kfree_skb(skb);
2696 	return 0;
2697 }
2698 
2699 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2700 {
2701 	struct l2cap_conn *conn = chan->conn;
2702 
2703 	BT_DBG("chan %p", chan);
2704 
2705 	if (chan->data)
2706 		smp_chan_destroy(conn);
2707 
2708 	conn->smp = NULL;
2709 	l2cap_chan_put(chan);
2710 }
2711 
2712 static void bredr_pairing(struct l2cap_chan *chan)
2713 {
2714 	struct l2cap_conn *conn = chan->conn;
2715 	struct hci_conn *hcon = conn->hcon;
2716 	struct hci_dev *hdev = hcon->hdev;
2717 	struct smp_cmd_pairing req;
2718 	struct smp_chan *smp;
2719 
2720 	BT_DBG("chan %p", chan);
2721 
2722 	/* Only new pairings are interesting */
2723 	if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2724 		return;
2725 
2726 	/* Don't bother if we're not encrypted */
2727 	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2728 		return;
2729 
2730 	/* Only master may initiate SMP over BR/EDR */
2731 	if (hcon->role != HCI_ROLE_MASTER)
2732 		return;
2733 
2734 	/* Secure Connections support must be enabled */
2735 	if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2736 		return;
2737 
2738 	/* BR/EDR must use Secure Connections for SMP */
2739 	if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2740 	    !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2741 		return;
2742 
2743 	/* If our LE support is not enabled don't do anything */
2744 	if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2745 		return;
2746 
2747 	/* Don't bother if remote LE support is not enabled */
2748 	if (!lmp_host_le_capable(hcon))
2749 		return;
2750 
2751 	/* Remote must support SMP fixed chan for BR/EDR */
2752 	if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2753 		return;
2754 
2755 	/* Don't bother if SMP is already ongoing */
2756 	if (chan->data)
2757 		return;
2758 
2759 	smp = smp_chan_create(conn);
2760 	if (!smp) {
2761 		BT_ERR("%s unable to create SMP context for BR/EDR",
2762 		       hdev->name);
2763 		return;
2764 	}
2765 
2766 	set_bit(SMP_FLAG_SC, &smp->flags);
2767 
2768 	BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2769 
2770 	/* Prepare and send the BR/EDR SMP Pairing Request */
2771 	build_bredr_pairing_cmd(smp, &req, NULL);
2772 
2773 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
2774 	memcpy(&smp->preq[1], &req, sizeof(req));
2775 
2776 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2777 	SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2778 }
2779 
2780 static void smp_resume_cb(struct l2cap_chan *chan)
2781 {
2782 	struct smp_chan *smp = chan->data;
2783 	struct l2cap_conn *conn = chan->conn;
2784 	struct hci_conn *hcon = conn->hcon;
2785 
2786 	BT_DBG("chan %p", chan);
2787 
2788 	if (hcon->type == ACL_LINK) {
2789 		bredr_pairing(chan);
2790 		return;
2791 	}
2792 
2793 	if (!smp)
2794 		return;
2795 
2796 	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2797 		return;
2798 
2799 	cancel_delayed_work(&smp->security_timer);
2800 
2801 	smp_distribute_keys(smp);
2802 }
2803 
2804 static void smp_ready_cb(struct l2cap_chan *chan)
2805 {
2806 	struct l2cap_conn *conn = chan->conn;
2807 	struct hci_conn *hcon = conn->hcon;
2808 
2809 	BT_DBG("chan %p", chan);
2810 
2811 	conn->smp = chan;
2812 	l2cap_chan_hold(chan);
2813 
2814 	if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2815 		bredr_pairing(chan);
2816 }
2817 
2818 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2819 {
2820 	int err;
2821 
2822 	BT_DBG("chan %p", chan);
2823 
2824 	err = smp_sig_channel(chan, skb);
2825 	if (err) {
2826 		struct smp_chan *smp = chan->data;
2827 
2828 		if (smp)
2829 			cancel_delayed_work_sync(&smp->security_timer);
2830 
2831 		hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
2832 	}
2833 
2834 	return err;
2835 }
2836 
2837 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2838 					unsigned long hdr_len,
2839 					unsigned long len, int nb)
2840 {
2841 	struct sk_buff *skb;
2842 
2843 	skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2844 	if (!skb)
2845 		return ERR_PTR(-ENOMEM);
2846 
2847 	skb->priority = HCI_PRIO_MAX;
2848 	bt_cb(skb)->chan = chan;
2849 
2850 	return skb;
2851 }
2852 
2853 static const struct l2cap_ops smp_chan_ops = {
2854 	.name			= "Security Manager",
2855 	.ready			= smp_ready_cb,
2856 	.recv			= smp_recv_cb,
2857 	.alloc_skb		= smp_alloc_skb_cb,
2858 	.teardown		= smp_teardown_cb,
2859 	.resume			= smp_resume_cb,
2860 
2861 	.new_connection		= l2cap_chan_no_new_connection,
2862 	.state_change		= l2cap_chan_no_state_change,
2863 	.close			= l2cap_chan_no_close,
2864 	.defer			= l2cap_chan_no_defer,
2865 	.suspend		= l2cap_chan_no_suspend,
2866 	.set_shutdown		= l2cap_chan_no_set_shutdown,
2867 	.get_sndtimeo		= l2cap_chan_no_get_sndtimeo,
2868 };
2869 
2870 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2871 {
2872 	struct l2cap_chan *chan;
2873 
2874 	BT_DBG("pchan %p", pchan);
2875 
2876 	chan = l2cap_chan_create();
2877 	if (!chan)
2878 		return NULL;
2879 
2880 	chan->chan_type	= pchan->chan_type;
2881 	chan->ops	= &smp_chan_ops;
2882 	chan->scid	= pchan->scid;
2883 	chan->dcid	= chan->scid;
2884 	chan->imtu	= pchan->imtu;
2885 	chan->omtu	= pchan->omtu;
2886 	chan->mode	= pchan->mode;
2887 
2888 	/* Other L2CAP channels may request SMP routines in order to
2889 	 * change the security level. This means that the SMP channel
2890 	 * lock must be considered in its own category to avoid lockdep
2891 	 * warnings.
2892 	 */
2893 	atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2894 
2895 	BT_DBG("created chan %p", chan);
2896 
2897 	return chan;
2898 }
2899 
2900 static const struct l2cap_ops smp_root_chan_ops = {
2901 	.name			= "Security Manager Root",
2902 	.new_connection		= smp_new_conn_cb,
2903 
2904 	/* None of these are implemented for the root channel */
2905 	.close			= l2cap_chan_no_close,
2906 	.alloc_skb		= l2cap_chan_no_alloc_skb,
2907 	.recv			= l2cap_chan_no_recv,
2908 	.state_change		= l2cap_chan_no_state_change,
2909 	.teardown		= l2cap_chan_no_teardown,
2910 	.ready			= l2cap_chan_no_ready,
2911 	.defer			= l2cap_chan_no_defer,
2912 	.suspend		= l2cap_chan_no_suspend,
2913 	.resume			= l2cap_chan_no_resume,
2914 	.set_shutdown		= l2cap_chan_no_set_shutdown,
2915 	.get_sndtimeo		= l2cap_chan_no_get_sndtimeo,
2916 };
2917 
2918 static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
2919 {
2920 	struct l2cap_chan *chan;
2921 	struct crypto_blkcipher	*tfm_aes;
2922 
2923 	if (cid == L2CAP_CID_SMP_BREDR) {
2924 		tfm_aes = NULL;
2925 		goto create_chan;
2926 	}
2927 
2928 	tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2929 	if (IS_ERR(tfm_aes)) {
2930 		BT_ERR("Unable to create crypto context");
2931 		return ERR_CAST(tfm_aes);
2932 	}
2933 
2934 create_chan:
2935 	chan = l2cap_chan_create();
2936 	if (!chan) {
2937 		crypto_free_blkcipher(tfm_aes);
2938 		return ERR_PTR(-ENOMEM);
2939 	}
2940 
2941 	chan->data = tfm_aes;
2942 
2943 	l2cap_add_scid(chan, cid);
2944 
2945 	l2cap_chan_set_defaults(chan);
2946 
2947 	bacpy(&chan->src, &hdev->bdaddr);
2948 	if (cid == L2CAP_CID_SMP)
2949 		chan->src_type = BDADDR_LE_PUBLIC;
2950 	else
2951 		chan->src_type = BDADDR_BREDR;
2952 	chan->state = BT_LISTEN;
2953 	chan->mode = L2CAP_MODE_BASIC;
2954 	chan->imtu = L2CAP_DEFAULT_MTU;
2955 	chan->ops = &smp_root_chan_ops;
2956 
2957 	/* Set correct nesting level for a parent/listening channel */
2958 	atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2959 
2960 	return chan;
2961 }
2962 
2963 static void smp_del_chan(struct l2cap_chan *chan)
2964 {
2965 	struct crypto_blkcipher	*tfm_aes;
2966 
2967 	BT_DBG("chan %p", chan);
2968 
2969 	tfm_aes = chan->data;
2970 	if (tfm_aes) {
2971 		chan->data = NULL;
2972 		crypto_free_blkcipher(tfm_aes);
2973 	}
2974 
2975 	l2cap_chan_put(chan);
2976 }
2977 
2978 int smp_register(struct hci_dev *hdev)
2979 {
2980 	struct l2cap_chan *chan;
2981 
2982 	BT_DBG("%s", hdev->name);
2983 
2984 	chan = smp_add_cid(hdev, L2CAP_CID_SMP);
2985 	if (IS_ERR(chan))
2986 		return PTR_ERR(chan);
2987 
2988 	hdev->smp_data = chan;
2989 
2990 	if (!lmp_sc_capable(hdev) &&
2991 	    !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2992 		return 0;
2993 
2994 	chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
2995 	if (IS_ERR(chan)) {
2996 		int err = PTR_ERR(chan);
2997 		chan = hdev->smp_data;
2998 		hdev->smp_data = NULL;
2999 		smp_del_chan(chan);
3000 		return err;
3001 	}
3002 
3003 	hdev->smp_bredr_data = chan;
3004 
3005 	return 0;
3006 }
3007 
3008 void smp_unregister(struct hci_dev *hdev)
3009 {
3010 	struct l2cap_chan *chan;
3011 
3012 	if (hdev->smp_bredr_data) {
3013 		chan = hdev->smp_bredr_data;
3014 		hdev->smp_bredr_data = NULL;
3015 		smp_del_chan(chan);
3016 	}
3017 
3018 	if (hdev->smp_data) {
3019 		chan = hdev->smp_data;
3020 		hdev->smp_data = NULL;
3021 		smp_del_chan(chan);
3022 	}
3023 }
3024