Commit Graph

262 Commits

Author SHA1 Message Date
Marcel Holtmann 4775a4ea14 Bluetooth: Fix OOB data present value for SMP pairing
Before setting the OOB data present flag with SMP pairing, check the
newly introduced present tracking that actual OOB data values have
been provided. The existence of remote OOB data structure does not
actually mean that the correct data values are available.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-31 21:26:14 +01:00
Marcel Holtmann 2b8df32395 Bluetooth: Add paranoid check for existing LE and BR/EDR SMP channels
When the SMP channels have been already registered, then print out a
clear WARN_ON message that something went wrong. Also unregister the
existing channels in this case before trying to register new ones.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-15 21:59:38 +02:00
Marcel Holtmann 7e7ec44564 Bluetooth: Don't register any SMP channel if LE is not supported
When LE features are not supported, then do not bother registering any
kind of SMP channel.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-15 12:54:30 +02:00
Marcel Holtmann 157029ba30 Bluetooth: Fix LE SMP channel source address and source address type
The source address and source address type of the LE SMP channel can
either be the public address of the controller or the static random
address configured by the host.

Right now the public address is used for the LE SMP channel and
obviously that is not correct if the controller operates with the
configured static random address.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-15 12:54:30 +02:00
Johan Hedberg e12af489b9 Bluetooth: Fix valid Identity Address check
According to the Bluetooth core specification valid identity addresses
are either Public Device Addresses or Static Random Addresses. IRKs
received with any other type of address should be discarded since we
cannot assume to know the permanent identity of the peer device.

This patch fixes a missing check for the Identity Address when receiving
the Identity Address Information SMP PDU.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17+
2015-01-14 22:48:06 +01:00
Marcel Holtmann 5ced24644b Bluetooth: Use %llu for printing duration details of selftests
The duration variable for the selftests is unsigned long long and with
that use %llu instead of %lld when printing the results.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-14 10:02:45 +02:00
Marcel Holtmann 203de21bf6 Bluetooth: Fix for a leftover debug of pairing credentials
One of the LE Secure Connections security credentials was still using
the BT_DBG instead of SMP_DBG.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-02 22:22:04 +01:00
Marcel Holtmann 300acfdec9 Bluetooth: Introduce force_bredr_smp debugfs option for testing
Testing cross-transport pairing that starts on BR/EDR is only valid when
using a controller with BR/EDR Secure Connections. Devices will indicate
this by providing BR/EDR SMP fixed channel over L2CAP. To allow testing
of this feature on Bluetooth 4.0 controller or controllers without the
BR/EDR Secure Connections features, introduce a force_bredr_smp debugfs
option that allows faking the required AES connection.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-01-02 22:22:03 +01:00
Marcel Holtmann 255047b0dc Bluetooth: Add timing information to SMP test case runs
After successful completion of the SMP test cases, print the time it
took to run them.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-12-30 10:32:08 +02:00
Johan Hedberg fb2969a3a9 Bluetooth: Add LE Secure Connections tests for SMP
This patch adds SMP self-tests for the Secure Connections crypto
functions. The sample data has been taken from the core specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-30 08:54:34 +01:00
Johan Hedberg cfc4198e71 Bluetooth: Add legacy SMP tests
This patch adds self-tests for legacy SMP crypto functions. The sample
data has been taken from the core specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-30 08:54:33 +01:00
Johan Hedberg 0a2b0f0452 Bluetooth: Add skeleton for SMP self-tests
This patch adds the initial skeleton and kernel config option for SMP
self-tests.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-30 08:54:33 +01:00
Johan Hedberg 4da50de895 Bluetooth: Fix const declarations for smp_f5 and smp_f6
These SMP crypto functions should have all their input parameters
declared as const. This patch fixes the parameters that were missing the
const declaration.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-30 07:30:18 +01:00
John W. Linville a463e9c57a Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2014-12-15 13:23:09 -05:00
David S. Miller 6e5f59aacb Merge branch 'for-davem-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
More iov_iter work for the networking from Al Viro.

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-10 13:17:23 -05:00
Al Viro 17836394e5 first fruits - kill l2cap ->memcpy_fromiovec()
Just use copy_from_iter().  That's what this method is trying to do
in all cases, in a very convoluted fashion.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-12-09 16:29:10 -05:00
Al Viro c0371da604 put iov_iter into msghdr
Note that the code _using_ ->msg_iter at that point will be very
unhappy with anything other than unshifted iovec-backed iov_iter.
We still need to convert users to proper primitives.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-12-09 16:29:03 -05:00
Fengguang Wu fe70077197 Bluetooth: fix err_cast.cocci warnings
net/bluetooth/smp.c:2650:9-16: WARNING: ERR_CAST can be used with tfm_aes

Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...))

Generated by: scripts/coccinelle/api/err_cast.cocci

Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-09 08:06:51 +01:00
Marcel Holtmann 08f63cc502 Bluetooth: Check for force_lesc_support before rejecting SMP over BR/EDR
The SMP over BR/EDR requests for cross-transport pairing should also
accepted when the debugfs setting force_lesc_support has been enabled.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-12-07 20:03:58 +02:00
Johan Hedberg 580039e838 Bluetooth: Fix false-positive "uninitialized" compiler warning
Some gcc versions don't seem to be able to properly track the flow of
the smp_cmd_pairing_random() function and end up causing the following
types of (false-positive) warnings:

 smp.c:1995:6: warning: ‘nb’ may be used uninitialized in this function [-Wmaybe-uninitialized]
   err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
 smp.c:1995:6: warning: ‘na’ may be used uninitialized in this function [-Wmaybe-uninitialized]
   err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
       ^
 smp.c:1995:6: warning: ‘pkbx’ may be used uninitialized in this function [-Wmaybe-uninitialized]
   err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
       ^
 smp.c:1995:6: warning: ‘pkax’ may be used uninitialized in this function [-Wmaybe-uninitialized]
   err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);

This patch fixes the issue by moving the pkax/pkbx and na/nb
initialization earlier in the function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:22 +01:00
Johan Hedberg 7f376cd6dc Bluetooth: Fix minor coding style issue in smp.c
The convention for checking for NULL pointers is !ptr and not
ptr == NULL. This patch fixes such an occurrence in smp.c.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:22 +01:00
Johan Hedberg 923e24143e Bluetooth: Fix SMP debug key handling
We need to keep debug keys around at least until the point that they are
used - otherwise e.g. slave role behavior wouldn't work as there'd be no
key to be looked up. The correct behavior should therefore be to return
any stored keys but when we clean up the SMP context to remove the key
from the hdev list if keeping debug keys around hasn't been requestsed.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:22 +01:00
Johan Hedberg 06edf8deb5 Bluetooth: Organize SMP crypto functions to logical sections
This patch organizes the various SMP crypto functions so that the LE SC
functions appear in one section and the legacy SMP functions in a
separate one.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:22 +01:00
Johan Hedberg cd08279762 Bluetooth: Fix missing const declarations in SMP functions
Several SMP functions take read-only data. This patch fixes the
declaration of these parameters to use the const specifier as
appropriate.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:21 +01:00
Johan Hedberg c7a3d57db6 Bluetooth: Introduce SMP_DBG macro for low-level debuging
The various inputs & outputs of the crypto functions as well as the
values of the ECDH keys can be considered security sensitive. They
should therefore not end up in dmesg by mistake. This patch introduces a
new SMP_DBG macro which requires explicit compilation with -DDEBUG to be
enabled. All crypto related data logs now use this macro instead of
BT_DBG.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:21 +01:00
Johan Hedberg a29b073351 Bluetooth: Add basic LE SC OOB support for remote OOB data
This patch adds basic OOB pairing support when we've received the remote
OOB data. This includes tracking the remote r value (in smp->rr) as well
as doing the appropriate f4() call when needed. Previously the OOB rand
would have been stored in smp->rrnd however these are actually two
independent values so we need separate variables for them. Na/Nb in the
spec maps to smp->prnd/rrnd and ra/rb maps to smp->rr with smp->pr to
come once local OOB data is supported.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:21 +01:00
Johan Hedberg 02b05bd8b0 Bluetooth: Set SMP OOB flag if OOB data is available
If we have OOB data available for the remote device in question we
should set the OOB flag appropriately in the SMP pairing request or
response.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:21 +01:00
Johan Hedberg 903b71c78d Bluetooth: Add SC-only mode support for SMP
When Secure Connections-only mode is enabled we should reject any
pairing command that does not have Secure Connections set in the
authentication requirements. This patch adds the appropriate logic for
this to the command handlers of Pairing Request/Response and Security
Request.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:20 +01:00
Johan Hedberg b5ae344d4c Bluetooth: Add full SMP BR/EDR support
When doing SMP over BR/EDR some of the routines can be shared with the
LE functionality whereas others needs to be split into their own BR/EDR
specific branches. This patch implements the split of BR/EDR specific
SMP code from the LE-only code, making sure SMP over BR/EDR works as
specified.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:20 +01:00
Johan Hedberg ef8efe4bf8 Bluetooth: Add skeleton for BR/EDR SMP channel
This patch adds the very basic code for creating and destroying SMP
L2CAP channels for BR/EDR connections.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:20 +01:00
Johan Hedberg 70157ef539 Bluetooth: Use debug keys for SMP when HCI_USE_DEBUG_KEYS is set
The HCI_USE_DEBUG_KEYS flag is intended to force our side to always use
debug keys for pairing. This means both BR/EDR SSP as well as SMP with
LE Secure Connections. This patch updates the SMP code to use the debug
keys instead of generating a random local key pair when the flag is set.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg 1408bb6efb Bluetooth: Add dummy handler for LE SC keypress notification
Since we don not actively try to clear the keypress notification bit we
might get these PDUs. To avoid failing the pairing process add a simple
dummy handler for these for now.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg d3e54a876e Bluetooth: Fix DHKey Check sending order for slave role
According to the LE SC specification the initiating device sends its
DHKey check first and the non-initiating devices sends its DHKey check
as a response to this. It's also important that the non-initiating
device doesn't send the response if it's still waiting for user input.
In order to synchronize all this a new flag is added.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg 38606f1418 Bluetooth: Add passkey entry support for LE SC
The passkey entry mechanism involves either both sides requesting the
user for a passkey, or one side requesting the passkey while the other
one displays it. The behavior as far as SMP PDUs are concerned are
considerably different from numeric comparison and therefore requires
several new functions to handle it.

In essence passkey entry involves both sides gradually committing to
each bit of the passkey which involves 20 rounds of pairing confirm and
pairing random PDUS being sent in both directions.

This patch adds a new smp->passkey_round variable to track the current
round of the passkey commitment and reuses the variables already present
in struct hci_conn for the passkey and entered key count.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg e3befab970 Bluetooth: Fix BR/EDR Link Key type when derived through LE SC
We need to set the correct Link Key type based on the properties of the
LE SC pairing that it was derived from. If debug keys were used the type
should be a debug key, and the authenticated vs unauthenticated
information should be set on what kind of security level was reached.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg dddd3059e3 Bluetooth: Add support for SC just-works pairing
If the just-works method was chosen we shouldn't send anything to user
space but simply proceed with sending the DHKey Check PDU. This patch
adds the necessary code for it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:19 +01:00
Johan Hedberg d378a2d776 Bluetooth: Set correct LTK type and authentication for SC
After generating the LTK we should set the correct type (normal SC or
debug) and authentication information for it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg 6c0dcc5014 Bluetooth: Add check for accidentally generating a debug key
It is very unlikely, but to have a 100% guarantee of the generated key
type we need to reject any keys which happen to match the debug key.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg aeb7d461f9 Bluetooth: Detect SMP SC debug keys
We need to be able to detect if the remote side used a debug key for the
pairing. This patch adds the debug key defines and sets a flag to
indicate that a debug key was used. The debug private key (debug_sk) is
also added in this patch but will only be used in a subsequent patch
when local debug key support is implemented.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg 5e3d3d9b3c Bluetooth: Add selection of the SC authentication method
This patch adds code to select the authentication method for Secure
Connections based on the local and remote capabilities. A new
DSP_PASSKEY method is also added for displaying the passkey - something
that is not part of legacy SMP pairing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg 783e057462 Bluetooth: Track authentication method in SMP context
For Secure Connections we'll select the authentication method as soon as
we receive the public key, but only use it later (both when actually
triggering the method as well as when determining the quality of the
resulting LTK). Store the method therefore in the SMP context.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg 6a77083af5 Bluetooth: Add support for LE SC key generation
As the last step of the LE SC pairing process it's time to generate and
distribute keys. The generation part is unique to LE SC and so this
patch adds a dedicated function for it. We also clear the distribution
bits for keys which are not distributed with LE SC, so that the code
shared with legacy SMP will not go ahead and try to distribute them.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:18 +01:00
Johan Hedberg 6433a9a2c4 Bluetooth: Add support for LE SC DHKey check PDU
Once we receive the DHKey check PDU it's time to first verify that the
value is correct and then proceed with encrypting the link.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg 760b018b6c Bluetooth: Add support for handling LE SC user response
With LE SC, once the user has responded to the numeric comparison it's
time to send DHKey check values in both directions. The DHKey check
value is generated using new smp_f5 and smp_f6 cryptographic functions.
The smp_f5 function is responsible for generating the LTK and the MacKey
values whereas the smp_f6 function takes the MacKey as input and
generates the DHKey Check value.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg 191dc7fe2d Bluetooth: Add support for LE SC numeric comparison
After the Pairing Confirm and Random PDUs have been exchanged in LE SC
it's time to generate a numeric comparison value using a new smp_g2
cryptographic function (which also builds on AES-CMAC). This patch adds
the smp_g2 implementation and updates the Pairing Random PDU handler to
proceed with the value genration and user confirmation.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg dcee2b3221 Bluetooth: Add LE SC support for responding to Pairing Confirm PDU
When LE SC is being used we should always respond to it by sending our
local random number. This patch adds a convenience function for it which
also contains a check for the pre-requisite public key exchange
completion

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg cbbbe3e242 Bluetooth: Add support for sending LE SC Confirm value
Once the public key exchange is complete the next step is for the
non-initiating device to send a SMP Pairing Confirm PDU to the
initiating device. This requires the use of a new smp_f4 confirm value
generation function which in turn builds on the AES-CMAC cryptographic
function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg d8f8edbe93 Bluetooth: Add handler function for receiving LE SC public key
This patch adds a handler function for the LE SC SMP Public Key PDU.
When we receive the key we proceed with generating the shared DHKey
value from the remote public key and local private key.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg 3b19146d23 Bluetooth: Add basic support for sending our LE SC public key
When the initial pairing request & response PDUs have been exchanged and
both have had the LE SC bit set the next step is to generate a ECDH
key pair and to send the public key to the remote side. This patch adds
basic support for generating the key pair and sending the public key
using the new Public Key SMP PDU. It is the initiating device that sends
the public key first and the non-initiating device responds by sending
its public key respectively (in a subsequent patch).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:17 +01:00
Johan Hedberg 407cecf6c7 Bluetooth: Add basic support for AES-CMAC
Most of the LE Secure Connections SMP crypto functions build on top of
the AES-CMAC function. This patch adds access to AES-CMAC in the kernel
crypto subsystem by allocating a crypto_hash handle for it in a similar
way that we have one for AES-CBC.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-12-03 16:51:16 +01:00