write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/net/bluetooth/smp.c
..
..
@@ -23,6 +23,7 @@
23
23
 #include <linux/debugfs.h>
24
24
 #include <linux/scatterlist.h>
25
25
 #include <linux/crypto.h>
26
+#include <crypto/aes.h>
26
27
 #include <crypto/algapi.h>
27
28
 #include <crypto/b128ops.h>
28
29
 #include <crypto/hash.h>
..
..
@@ -88,7 +89,6 @@
88
89
 	u8			local_rand[16];
89
90
 	bool			debug_key;
90
91
 
91
-	struct crypto_cipher	*tfm_aes;
92
92
 	struct crypto_shash	*tfm_cmac;
93
93
 	struct crypto_kpp	*tfm_ecdh;
94
94
 };
..
..
@@ -127,7 +127,6 @@
127
127
 	u8			dhkey[32];
128
128
 	u8			mackey[16];
129
129
 
130
-	struct crypto_cipher	*tfm_aes;
131
130
 	struct crypto_shash	*tfm_cmac;
132
131
 	struct crypto_kpp	*tfm_ecdh;
133
132
 };
..
..
@@ -171,7 +170,6 @@
171
170
 		    size_t len, u8 mac[16])
172
171
 {
173
172
 	uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
174
-	SHASH_DESC_ON_STACK(desc, tfm);
175
173
 	int err;
176
174
 
177
175
 	if (len > CMAC_MSG_MAX)
..
..
@@ -181,9 +179,6 @@
181
179
 		BT_ERR("tfm %p", tfm);
182
180
 		return -EINVAL;
183
181
 	}
184
-
185
-	desc->tfm = tfm;
186
-	desc->flags = 0;
187
182
 
188
183
 	/* Swap key and message from LSB to MSB */
189
184
 	swap_buf(k, tmp, 16);
..
..
@@ -198,8 +193,7 @@
198
193
 		return err;
199
194
 	}
200
195
 
201
-	err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
202
-	shash_desc_zero(desc);
196
+	err = crypto_shash_tfm_digest(tfm, msg_msb, len, mac_msb);
203
197
 	if (err) {
204
198
 		BT_ERR("Hash computation error %d", err);
205
199
 		return err;
..
..
@@ -378,22 +372,18 @@
378
372
  * s1 and ah.
379
373
  */
380
374
 
381
-static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
375
+static int smp_e(const u8 *k, u8 *r)
382
376
 {
377
+	struct crypto_aes_ctx ctx;
383
378
 	uint8_t tmp[16], data[16];
384
379
 	int err;
385
380
 
386
381
 	SMP_DBG("k %16phN r %16phN", k, r);
387
382
 
388
-	if (!tfm) {
389
-		BT_ERR("tfm %p", tfm);
390
-		return -EINVAL;
391
-	}
392
-
393
383
 	/* The most significant octet of key corresponds to k[0] */
394
384
 	swap_buf(k, tmp, 16);
395
385
 
396
-	err = crypto_cipher_setkey(tfm, tmp, 16);
386
+	err = aes_expandkey(&ctx, tmp, 16);
397
387
 	if (err) {
398
388
 		BT_ERR("cipher setkey failed: %d", err);
399
389
 		return err;
..
..
@@ -402,17 +392,18 @@
402
392
 	/* Most significant octet of plaintextData corresponds to data[0] */
403
393
 	swap_buf(r, data, 16);
404
394
 
405
-	crypto_cipher_encrypt_one(tfm, data, data);
395
+	aes_encrypt(&ctx, data, data);
406
396
 
407
397
 	/* Most significant octet of encryptedData corresponds to data[0] */
408
398
 	swap_buf(data, r, 16);
409
399
 
410
400
 	SMP_DBG("r %16phN", r);
411
401
 
402
+	memzero_explicit(&ctx, sizeof (ctx));
412
403
 	return err;
413
404
 }
414
405
 
415
-static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
406
+static int smp_c1(const u8 k[16],
416
407
 		  const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
417
408
 		  const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
418
409
 {
..
..
@@ -437,7 +428,7 @@
437
428
 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
438
429
 
439
430
 	/* res = e(k, res) */
440
-	err = smp_e(tfm_aes, k, res);
431
+	err = smp_e(k, res);
441
432
 	if (err) {
442
433
 		BT_ERR("Encrypt data error");
443
434
 		return err;
..
..
@@ -454,14 +445,14 @@
454
445
 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
455
446
 
456
447
 	/* res = e(k, res) */
457
-	err = smp_e(tfm_aes, k, res);
448
+	err = smp_e(k, res);
458
449
 	if (err)
459
450
 		BT_ERR("Encrypt data error");
460
451
 
461
452
 	return err;
462
453
 }
463
454
 
464
-static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
455
+static int smp_s1(const u8 k[16],
465
456
 		  const u8 r1[16], const u8 r2[16], u8 _r[16])
466
457
 {
467
458
 	int err;
..
..
@@ -470,15 +461,14 @@
470
461
 	memcpy(_r, r2, 8);
471
462
 	memcpy(_r + 8, r1, 8);
472
463
 
473
-	err = smp_e(tfm_aes, k, _r);
464
+	err = smp_e(k, _r);
474
465
 	if (err)
475
466
 		BT_ERR("Encrypt data error");
476
467
 
477
468
 	return err;
478
469
 }
479
470
 
480
-static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
481
-		  const u8 r[3], u8 res[3])
471
+static int smp_ah(const u8 irk[16], const u8 r[3], u8 res[3])
482
472
 {
483
473
 	u8 _res[16];
484
474
 	int err;
..
..
@@ -487,7 +477,7 @@
487
477
 	memcpy(_res, r, 3);
488
478
 	memset(_res + 3, 0, 13);
489
479
 
490
-	err = smp_e(tfm, irk, _res);
480
+	err = smp_e(irk, _res);
491
481
 	if (err) {
492
482
 		BT_ERR("Encrypt error");
493
483
 		return err;
..
..
@@ -508,18 +498,15 @@
508
498
 		     const bdaddr_t *bdaddr)
509
499
 {
510
500
 	struct l2cap_chan *chan = hdev->smp_data;
511
-	struct smp_dev *smp;
512
501
 	u8 hash[3];
513
502
 	int err;
514
503
 
515
504
 	if (!chan || !chan->data)
516
505
 		return false;
517
506
 
518
-	smp = chan->data;
507
+	bt_dev_dbg(hdev, "RPA %pMR IRK %*phN", bdaddr, 16, irk);
519
508
 
520
-	BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
521
-
522
-	err = smp_ah(smp->tfm_aes, irk, &bdaddr->b[3], hash);
509
+	err = smp_ah(irk, &bdaddr->b[3], hash);
523
510
 	if (err)
524
511
 		return false;
525
512
 
..
..
@@ -529,24 +516,21 @@
529
516
 int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
530
517
 {
531
518
 	struct l2cap_chan *chan = hdev->smp_data;
532
-	struct smp_dev *smp;
533
519
 	int err;
534
520
 
535
521
 	if (!chan || !chan->data)
536
522
 		return -EOPNOTSUPP;
537
-
538
-	smp = chan->data;
539
523
 
540
524
 	get_random_bytes(&rpa->b[3], 3);
541
525
 
542
526
 	rpa->b[5] &= 0x3f;	/* Clear two most significant bits */
543
527
 	rpa->b[5] |= 0x40;	/* Set second most significant bit */
544
528
 
545
-	err = smp_ah(smp->tfm_aes, irk, &rpa->b[3], rpa->b);
529
+	err = smp_ah(irk, &rpa->b[3], rpa->b);
546
530
 	if (err < 0)
547
531
 		return err;
548
532
 
549
-	BT_DBG("RPA %pMR", rpa);
533
+	bt_dev_dbg(hdev, "RPA %pMR", rpa);
550
534
 
551
535
 	return 0;
552
536
 }
..
..
@@ -563,7 +547,7 @@
563
547
 	smp = chan->data;
564
548
 
565
549
 	if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) {
566
-		BT_DBG("Using debug keys");
550
+		bt_dev_dbg(hdev, "Using debug keys");
567
551
 		err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk);
568
552
 		if (err)
569
553
 			return err;
..
..
@@ -622,7 +606,7 @@
622
606
 
623
607
 	memset(&msg, 0, sizeof(msg));
624
608
 
625
-	iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, iv, 2, 1 + len);
609
+	iov_iter_kvec(&msg.msg_iter, WRITE, iv, 2, 1 + len);
626
610
 
627
611
 	l2cap_chan_send(chan, &msg, 1 + len);
628
612
 
..
..
@@ -742,6 +726,10 @@
742
726
 	struct hci_dev *hdev = conn->hcon->hdev;
743
727
 	struct smp_chan *smp = chan->data;
744
728
 
729
+	if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS &&
730
+	    max_key_size != SMP_MAX_ENC_KEY_SIZE)
731
+		return SMP_ENC_KEY_SIZE;
732
+
745
733
 	if (max_key_size > hdev->le_max_key_size ||
746
734
 	    max_key_size < SMP_MIN_ENC_KEY_SIZE)
747
735
 		return SMP_ENC_KEY_SIZE;
..
..
@@ -765,11 +753,10 @@
765
753
 	complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
766
754
 	mgmt_smp_complete(hcon, complete);
767
755
 
768
-	kzfree(smp->csrk);
769
-	kzfree(smp->slave_csrk);
770
-	kzfree(smp->link_key);
756
+	kfree_sensitive(smp->csrk);
757
+	kfree_sensitive(smp->slave_csrk);
758
+	kfree_sensitive(smp->link_key);
771
759
 
772
-	crypto_free_cipher(smp->tfm_aes);
773
760
 	crypto_free_shash(smp->tfm_cmac);
774
761
 	crypto_free_kpp(smp->tfm_ecdh);
775
762
 
..
..
@@ -802,7 +789,7 @@
802
789
 	}
803
790
 
804
791
 	chan->data = NULL;
805
-	kzfree(smp);
792
+	kfree_sensitive(smp);
806
793
 	hci_conn_drop(hcon);
807
794
 }
808
795
 
..
..
@@ -867,7 +854,7 @@
867
854
 	struct l2cap_chan *chan = conn->smp;
868
855
 	struct smp_chan *smp = chan->data;
869
856
 	u32 passkey = 0;
870
-	int ret = 0;
857
+	int ret;
871
858
 
872
859
 	/* Initialize key for JUST WORKS */
873
860
 	memset(smp->tk, 0, sizeof(smp->tk));
..
..
@@ -896,9 +883,16 @@
896
883
 	    hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
897
884
 		smp->method = JUST_WORKS;
898
885
 
899
-	/* If Just Works, Continue with Zero TK */
886
+	/* If Just Works, Continue with Zero TK and ask user-space for
887
+	 * confirmation */
900
888
 	if (smp->method == JUST_WORKS) {
901
-		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
889
+		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
890
+						hcon->type,
891
+						hcon->dst_type,
892
+						passkey, 1);
893
+		if (ret)
894
+			return ret;
895
+		set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
902
896
 		return 0;
903
897
 	}
904
898
 
..
..
@@ -915,8 +909,8 @@
915
909
 			hcon->pending_sec_level = BT_SECURITY_HIGH;
916
910
 	}
917
911
 
918
-	/* If both devices have Keyoard-Display I/O, the master
919
-	 * Confirms and the slave Enters the passkey.
912
+	/* If both devices have Keyboard-Display I/O, the initiator
913
+	 * Confirms and the responder Enters the passkey.
920
914
 	 */
921
915
 	if (smp->method == OVERLAP) {
922
916
 		if (hcon->role == HCI_ROLE_MASTER)
..
..
@@ -958,7 +952,7 @@
958
952
 
959
953
 	BT_DBG("conn %p", conn);
960
954
 
961
-	ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
955
+	ret = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp,
962
956
 		     conn->hcon->init_addr_type, &conn->hcon->init_addr,
963
957
 		     conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
964
958
 		     cp.confirm_val);
..
..
@@ -984,12 +978,9 @@
984
978
 	u8 confirm[16];
985
979
 	int ret;
986
980
 
987
-	if (IS_ERR_OR_NULL(smp->tfm_aes))
988
-		return SMP_UNSPECIFIED;
989
-
990
981
 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
991
982
 
992
-	ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
983
+	ret = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
993
984
 		     hcon->init_addr_type, &hcon->init_addr,
994
985
 		     hcon->resp_addr_type, &hcon->resp_addr, confirm);
995
986
 	if (ret)
..
..
@@ -1006,7 +997,7 @@
1006
997
 		__le64 rand = 0;
1007
998
 		__le16 ediv = 0;
1008
999
 
1009
-		smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
1000
+		smp_s1(smp->tk, smp->rrnd, smp->prnd, stk);
1010
1001
 
1011
1002
 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1012
1003
 			return SMP_UNSPECIFIED;
..
..
@@ -1022,7 +1013,7 @@
1022
1013
 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1023
1014
 			     smp->prnd);
1024
1015
 
1025
-		smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
1016
+		smp_s1(smp->tk, smp->prnd, smp->rrnd, stk);
1026
1017
 
1027
1018
 		if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1028
1019
 			auth = 1;
..
..
@@ -1161,11 +1152,11 @@
1161
1152
 		return;
1162
1153
 
1163
1154
 	if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1164
-		/* SALT = 0x00000000000000000000000000000000746D7031 */
1155
+		/* SALT = 0x000000000000000000000000746D7031 */
1165
1156
 		const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1166
1157
 
1167
1158
 		if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
1168
-			kzfree(smp->link_key);
1159
+			kfree_sensitive(smp->link_key);
1169
1160
 			smp->link_key = NULL;
1170
1161
 			return;
1171
1162
 		}
..
..
@@ -1174,14 +1165,14 @@
1174
1165
 		const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1175
1166
 
1176
1167
 		if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1177
-			kzfree(smp->link_key);
1168
+			kfree_sensitive(smp->link_key);
1178
1169
 			smp->link_key = NULL;
1179
1170
 			return;
1180
1171
 		}
1181
1172
 	}
1182
1173
 
1183
1174
 	if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1184
-		kzfree(smp->link_key);
1175
+		kfree_sensitive(smp->link_key);
1185
1176
 		smp->link_key = NULL;
1186
1177
 		return;
1187
1178
 	}
..
..
@@ -1219,7 +1210,7 @@
1219
1210
 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1220
1211
 
1221
1212
 	if (test_bit(SMP_FLAG_CT2, &smp->flags)) {
1222
-		/* SALT = 0x00000000000000000000000000000000746D7032 */
1213
+		/* SALT = 0x000000000000000000000000746D7032 */
1223
1214
 		const u8 salt[16] = { 0x32, 0x70, 0x6d, 0x74 };
1224
1215
 
1225
1216
 		if (smp_h7(smp->tfm_cmac, key->val, salt, smp->tk))
..
..
@@ -1390,19 +1381,13 @@
1390
1381
 	if (!smp)
1391
1382
 		return NULL;
1392
1383
 
1393
-	smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
1394
-	if (IS_ERR(smp->tfm_aes)) {
1395
-		BT_ERR("Unable to create AES crypto context");
1396
-		goto zfree_smp;
1397
-	}
1398
-
1399
1384
 	smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
1400
1385
 	if (IS_ERR(smp->tfm_cmac)) {
1401
1386
 		BT_ERR("Unable to create CMAC crypto context");
1402
-		goto free_cipher;
1387
+		goto zfree_smp;
1403
1388
 	}
1404
1389
 
1405
-	smp->tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
1390
+	smp->tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0);
1406
1391
 	if (IS_ERR(smp->tfm_ecdh)) {
1407
1392
 		BT_ERR("Unable to create ECDH crypto context");
1408
1393
 		goto free_shash;
..
..
@@ -1421,10 +1406,8 @@
1421
1406
 
1422
1407
 free_shash:
1423
1408
 	crypto_free_shash(smp->tfm_cmac);
1424
-free_cipher:
1425
-	crypto_free_cipher(smp->tfm_aes);
1426
1409
 zfree_smp:
1427
-	kzfree(smp);
1410
+	kfree_sensitive(smp);
1428
1411
 	return NULL;
1429
1412
 }
1430
1413
 
..
..
@@ -1671,7 +1654,7 @@
1671
1654
 		memset(smp->tk, 0, sizeof(smp->tk));
1672
1655
 		BT_DBG("PassKey: %d", value);
1673
1656
 		put_unaligned_le32(value, smp->tk);
1674
-		/* Fall Through */
1657
+		fallthrough;
1675
1658
 	case MGMT_OP_USER_CONFIRM_REPLY:
1676
1659
 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1677
1660
 		break;
..
..
@@ -1884,7 +1867,7 @@
1884
1867
 {
1885
1868
 	struct hci_dev *hdev = smp->conn->hcon->hdev;
1886
1869
 
1887
-	BT_DBG("");
1870
+	bt_dev_dbg(hdev, "");
1888
1871
 
1889
1872
 	if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) {
1890
1873
 		struct l2cap_chan *chan = hdev->smp_data;
..
..
@@ -2139,7 +2122,7 @@
2139
2122
 	struct l2cap_chan *chan = conn->smp;
2140
2123
 	struct smp_chan *smp = chan->data;
2141
2124
 	struct hci_conn *hcon = conn->hcon;
2142
-	u8 *pkax, *pkbx, *na, *nb;
2125
+	u8 *pkax, *pkbx, *na, *nb, confirm_hint;
2143
2126
 	u32 passkey;
2144
2127
 	int err;
2145
2128
 
..
..
@@ -2192,6 +2175,24 @@
2192
2175
 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2193
2176
 			     smp->prnd);
2194
2177
 		SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2178
+
2179
+		/* Only Just-Works pairing requires extra checks */
2180
+		if (smp->method != JUST_WORKS)
2181
+			goto mackey_and_ltk;
2182
+
2183
+		/* If there already exists long term key in local host, leave
2184
+		 * the decision to user space since the remote device could
2185
+		 * be legitimate or malicious.
2186
+		 */
2187
+		if (hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2188
+				 hcon->role)) {
2189
+			/* Set passkey to 0. The value can be any number since
2190
+			 * it'll be ignored anyway.
2191
+			 */
2192
+			passkey = 0;
2193
+			confirm_hint = 1;
2194
+			goto confirm;
2195
+		}
2195
2196
 	}
2196
2197
 
2197
2198
 mackey_and_ltk:
..
..
@@ -2200,7 +2201,7 @@
2200
2201
 	if (err)
2201
2202
 		return SMP_UNSPECIFIED;
2202
2203
 
2203
-	if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
2204
+	if (smp->method == REQ_OOB) {
2204
2205
 		if (hcon->out) {
2205
2206
 			sc_dhkey_check(smp);
2206
2207
 			SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
..
..
@@ -2212,8 +2213,14 @@
2212
2213
 	if (err)
2213
2214
 		return SMP_UNSPECIFIED;
2214
2215
 
2216
+	confirm_hint = 0;
2217
+
2218
+confirm:
2219
+	if (smp->method == JUST_WORKS)
2220
+		confirm_hint = 1;
2221
+
2215
2222
 	err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2216
-					hcon->dst_type, passkey, 0);
2223
+					hcon->dst_type, passkey, confirm_hint);
2217
2224
 	if (err)
2218
2225
 		return SMP_UNSPECIFIED;
2219
2226
 
..
..
@@ -2388,12 +2395,17 @@
2388
2395
 			authreq |= SMP_AUTH_CT2;
2389
2396
 	}
2390
2397
 
2391
-	/* Require MITM if IO Capability allows or the security level
2392
-	 * requires it.
2398
+	/* Don't attempt to set MITM if setting is overridden by debugfs
2399
+	 * Needed to pass certification test SM/MAS/PKE/BV-01-C
2393
2400
 	 */
2394
-	if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2395
-	    hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2396
-		authreq |= SMP_AUTH_MITM;
2401
+	if (!hci_dev_test_flag(hcon->hdev, HCI_FORCE_NO_MITM)) {
2402
+		/* Require MITM if IO Capability allows or the security level
2403
+		 * requires it.
2404
+		 */
2405
+		if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
2406
+		    hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2407
+			authreq |= SMP_AUTH_MITM;
2408
+	}
2397
2409
 
2398
2410
 	if (hcon->role == HCI_ROLE_MASTER) {
2399
2411
 		struct smp_cmd_pairing cp;
..
..
@@ -2477,6 +2489,15 @@
2477
2489
 	if (skb->len < sizeof(*rp))
2478
2490
 		return SMP_INVALID_PARAMS;
2479
2491
 
2492
+	/* Pairing is aborted if any blocked keys are distributed */
2493
+	if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_LTK,
2494
+			       rp->ltk)) {
2495
+		bt_dev_warn_ratelimited(conn->hcon->hdev,
2496
+					"LTK blocked for %pMR",
2497
+					&conn->hcon->dst);
2498
+		return SMP_INVALID_PARAMS;
2499
+	}
2500
+
2480
2501
 	SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2481
2502
 
2482
2503
 	skb_pull(skb, sizeof(*rp));
..
..
@@ -2532,6 +2553,15 @@
2532
2553
 
2533
2554
 	if (skb->len < sizeof(*info))
2534
2555
 		return SMP_INVALID_PARAMS;
2556
+
2557
+	/* Pairing is aborted if any blocked keys are distributed */
2558
+	if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2559
+			       info->irk)) {
2560
+		bt_dev_warn_ratelimited(conn->hcon->hdev,
2561
+					"Identity key blocked for %pMR",
2562
+					&conn->hcon->dst);
2563
+		return SMP_INVALID_PARAMS;
2564
+	}
2535
2565
 
2536
2566
 	SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2537
2567
 
..
..
@@ -3046,7 +3076,7 @@
3046
3076
 	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
3047
3077
 		return;
3048
3078
 
3049
-	/* Only master may initiate SMP over BR/EDR */
3079
+	/* Only initiator may initiate SMP over BR/EDR */
3050
3080
 	if (hcon->role != HCI_ROLE_MASTER)
3051
3081
 		return;
3052
3082
 
..
..
@@ -3242,7 +3272,6 @@
3242
3272
 {
3243
3273
 	struct l2cap_chan *chan;
3244
3274
 	struct smp_dev *smp;
3245
-	struct crypto_cipher *tfm_aes;
3246
3275
 	struct crypto_shash *tfm_cmac;
3247
3276
 	struct crypto_kpp *tfm_ecdh;
3248
3277
 
..
..
@@ -3255,32 +3284,22 @@
3255
3284
 	if (!smp)
3256
3285
 		return ERR_PTR(-ENOMEM);
3257
3286
 
3258
-	tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
3259
-	if (IS_ERR(tfm_aes)) {
3260
-		BT_ERR("Unable to create AES crypto context");
3261
-		kzfree(smp);
3262
-		return ERR_CAST(tfm_aes);
3263
-	}
3264
-
3265
3287
 	tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
3266
3288
 	if (IS_ERR(tfm_cmac)) {
3267
3289
 		BT_ERR("Unable to create CMAC crypto context");
3268
-		crypto_free_cipher(tfm_aes);
3269
-		kzfree(smp);
3290
+		kfree_sensitive(smp);
3270
3291
 		return ERR_CAST(tfm_cmac);
3271
3292
 	}
3272
3293
 
3273
-	tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
3294
+	tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0);
3274
3295
 	if (IS_ERR(tfm_ecdh)) {
3275
3296
 		BT_ERR("Unable to create ECDH crypto context");
3276
3297
 		crypto_free_shash(tfm_cmac);
3277
-		crypto_free_cipher(tfm_aes);
3278
-		kzfree(smp);
3298
+		kfree_sensitive(smp);
3279
3299
 		return ERR_CAST(tfm_ecdh);
3280
3300
 	}
3281
3301
 
3282
3302
 	smp->local_oob = false;
3283
-	smp->tfm_aes = tfm_aes;
3284
3303
 	smp->tfm_cmac = tfm_cmac;
3285
3304
 	smp->tfm_ecdh = tfm_ecdh;
3286
3305
 
..
..
@@ -3288,10 +3307,9 @@
3288
3307
 	chan = l2cap_chan_create();
3289
3308
 	if (!chan) {
3290
3309
 		if (smp) {
3291
-			crypto_free_cipher(smp->tfm_aes);
3292
3310
 			crypto_free_shash(smp->tfm_cmac);
3293
3311
 			crypto_free_kpp(smp->tfm_ecdh);
3294
-			kzfree(smp);
3312
+			kfree_sensitive(smp);
3295
3313
 		}
3296
3314
 		return ERR_PTR(-ENOMEM);
3297
3315
 	}
..
..
@@ -3336,10 +3354,9 @@
3336
3354
 	smp = chan->data;
3337
3355
 	if (smp) {
3338
3356
 		chan->data = NULL;
3339
-		crypto_free_cipher(smp->tfm_aes);
3340
3357
 		crypto_free_shash(smp->tfm_cmac);
3341
3358
 		crypto_free_kpp(smp->tfm_ecdh);
3342
-		kzfree(smp);
3359
+		kfree_sensitive(smp);
3343
3360
 	}
3344
3361
 
3345
3362
 	l2cap_chan_put(chan);
..
..
@@ -3401,94 +3418,6 @@
3401
3418
 	.llseek		= default_llseek,
3402
3419
 };
3403
3420
 
3404
-static ssize_t le_min_key_size_read(struct file *file,
3405
-				     char __user *user_buf,
3406
-				     size_t count, loff_t *ppos)
3407
-{
3408
-	struct hci_dev *hdev = file->private_data;
3409
-	char buf[4];
3410
-
3411
-	snprintf(buf, sizeof(buf), "%2u\n", hdev->le_min_key_size);
3412
-
3413
-	return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3414
-}
3415
-
3416
-static ssize_t le_min_key_size_write(struct file *file,
3417
-				      const char __user *user_buf,
3418
-				      size_t count, loff_t *ppos)
3419
-{
3420
-	struct hci_dev *hdev = file->private_data;
3421
-	char buf[32];
3422
-	size_t buf_size = min(count, (sizeof(buf) - 1));
3423
-	u8 key_size;
3424
-
3425
-	if (copy_from_user(buf, user_buf, buf_size))
3426
-		return -EFAULT;
3427
-
3428
-	buf[buf_size] = '\0';
3429
-
3430
-	sscanf(buf, "%hhu", &key_size);
3431
-
3432
-	if (key_size > hdev->le_max_key_size ||
3433
-	    key_size < SMP_MIN_ENC_KEY_SIZE)
3434
-		return -EINVAL;
3435
-
3436
-	hdev->le_min_key_size = key_size;
3437
-
3438
-	return count;
3439
-}
3440
-
3441
-static const struct file_operations le_min_key_size_fops = {
3442
-	.open		= simple_open,
3443
-	.read		= le_min_key_size_read,
3444
-	.write		= le_min_key_size_write,
3445
-	.llseek		= default_llseek,
3446
-};
3447
-
3448
-static ssize_t le_max_key_size_read(struct file *file,
3449
-				     char __user *user_buf,
3450
-				     size_t count, loff_t *ppos)
3451
-{
3452
-	struct hci_dev *hdev = file->private_data;
3453
-	char buf[4];
3454
-
3455
-	snprintf(buf, sizeof(buf), "%2u\n", hdev->le_max_key_size);
3456
-
3457
-	return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
3458
-}
3459
-
3460
-static ssize_t le_max_key_size_write(struct file *file,
3461
-				      const char __user *user_buf,
3462
-				      size_t count, loff_t *ppos)
3463
-{
3464
-	struct hci_dev *hdev = file->private_data;
3465
-	char buf[32];
3466
-	size_t buf_size = min(count, (sizeof(buf) - 1));
3467
-	u8 key_size;
3468
-
3469
-	if (copy_from_user(buf, user_buf, buf_size))
3470
-		return -EFAULT;
3471
-
3472
-	buf[buf_size] = '\0';
3473
-
3474
-	sscanf(buf, "%hhu", &key_size);
3475
-
3476
-	if (key_size > SMP_MAX_ENC_KEY_SIZE ||
3477
-	    key_size < hdev->le_min_key_size)
3478
-		return -EINVAL;
3479
-
3480
-	hdev->le_max_key_size = key_size;
3481
-
3482
-	return count;
3483
-}
3484
-
3485
-static const struct file_operations le_max_key_size_fops = {
3486
-	.open		= simple_open,
3487
-	.read		= le_max_key_size_read,
3488
-	.write		= le_max_key_size_write,
3489
-	.llseek		= default_llseek,
3490
-};
3491
-
3492
3421
 int smp_register(struct hci_dev *hdev)
3493
3422
 {
3494
3423
 	struct l2cap_chan *chan;
..
..
@@ -3512,11 +3441,6 @@
3512
3441
 		return PTR_ERR(chan);
3513
3442
 
3514
3443
 	hdev->smp_data = chan;
3515
-
3516
-	debugfs_create_file("le_min_key_size", 0644, hdev->debugfs, hdev,
3517
-			    &le_min_key_size_fops);
3518
-	debugfs_create_file("le_max_key_size", 0644, hdev->debugfs, hdev,
3519
-			    &le_max_key_size_fops);
3520
3444
 
3521
3445
 	/* If the controller does not support BR/EDR Secure Connections
3522
3446
 	 * feature, then the BR/EDR SMP channel shall not be present.
..
..
@@ -3592,7 +3516,7 @@
3592
3516
 	return 0;
3593
3517
 }
3594
3518
 
3595
-static int __init test_ah(struct crypto_cipher *tfm_aes)
3519
+static int __init test_ah(void)
3596
3520
 {
3597
3521
 	const u8 irk[16] = {
3598
3522
 			0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
..
..
@@ -3602,7 +3526,7 @@
3602
3526
 	u8 res[3];
3603
3527
 	int err;
3604
3528
 
3605
-	err = smp_ah(tfm_aes, irk, r, res);
3529
+	err = smp_ah(irk, r, res);
3606
3530
 	if (err)
3607
3531
 		return err;
3608
3532
 
..
..
@@ -3612,7 +3536,7 @@
3612
3536
 	return 0;
3613
3537
 }
3614
3538
 
3615
-static int __init test_c1(struct crypto_cipher *tfm_aes)
3539
+static int __init test_c1(void)
3616
3540
 {
3617
3541
 	const u8 k[16] = {
3618
3542
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
..
..
@@ -3632,7 +3556,7 @@
3632
3556
 	u8 res[16];
3633
3557
 	int err;
3634
3558
 
3635
-	err = smp_c1(tfm_aes, k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3559
+	err = smp_c1(k, r, preq, pres, _iat, &ia, _rat, &ra, res);
3636
3560
 	if (err)
3637
3561
 		return err;
3638
3562
 
..
..
@@ -3642,7 +3566,7 @@
3642
3566
 	return 0;
3643
3567
 }
3644
3568
 
3645
-static int __init test_s1(struct crypto_cipher *tfm_aes)
3569
+static int __init test_s1(void)
3646
3570
 {
3647
3571
 	const u8 k[16] = {
3648
3572
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
..
..
@@ -3657,7 +3581,7 @@
3657
3581
 	u8 res[16];
3658
3582
 	int err;
3659
3583
 
3660
-	err = smp_s1(tfm_aes, k, r1, r2, res);
3584
+	err = smp_s1(k, r1, r2, res);
3661
3585
 	if (err)
3662
3586
 		return err;
3663
3587
 
..
..
@@ -3838,8 +3762,7 @@
3838
3762
 	.llseek		= default_llseek,
3839
3763
 };
3840
3764
 
3841
-static int __init run_selftests(struct crypto_cipher *tfm_aes,
3842
-				struct crypto_shash *tfm_cmac,
3765
+static int __init run_selftests(struct crypto_shash *tfm_cmac,
3843
3766
 				struct crypto_kpp *tfm_ecdh)
3844
3767
 {
3845
3768
 	ktime_t calltime, delta, rettime;
..
..
@@ -3854,19 +3777,19 @@
3854
3777
 		goto done;
3855
3778
 	}
3856
3779
 
3857
-	err = test_ah(tfm_aes);
3780
+	err = test_ah();
3858
3781
 	if (err) {
3859
3782
 		BT_ERR("smp_ah test failed");
3860
3783
 		goto done;
3861
3784
 	}
3862
3785
 
3863
-	err = test_c1(tfm_aes);
3786
+	err = test_c1();
3864
3787
 	if (err) {
3865
3788
 		BT_ERR("smp_c1 test failed");
3866
3789
 		goto done;
3867
3790
 	}
3868
3791
 
3869
-	err = test_s1(tfm_aes);
3792
+	err = test_s1();
3870
3793
 	if (err) {
3871
3794
 		BT_ERR("smp_s1 test failed");
3872
3795
 		goto done;
..
..
@@ -3923,36 +3846,26 @@
3923
3846
 
3924
3847
 int __init bt_selftest_smp(void)
3925
3848
 {
3926
-	struct crypto_cipher *tfm_aes;
3927
3849
 	struct crypto_shash *tfm_cmac;
3928
3850
 	struct crypto_kpp *tfm_ecdh;
3929
3851
 	int err;
3930
3852
 
3931
-	tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
3932
-	if (IS_ERR(tfm_aes)) {
3933
-		BT_ERR("Unable to create AES crypto context");
3934
-		return PTR_ERR(tfm_aes);
3935
-	}
3936
-
3937
-	tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
3853
+	tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
3938
3854
 	if (IS_ERR(tfm_cmac)) {
3939
3855
 		BT_ERR("Unable to create CMAC crypto context");
3940
-		crypto_free_cipher(tfm_aes);
3941
3856
 		return PTR_ERR(tfm_cmac);
3942
3857
 	}
3943
3858
 
3944
-	tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
3859
+	tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0);
3945
3860
 	if (IS_ERR(tfm_ecdh)) {
3946
3861
 		BT_ERR("Unable to create ECDH crypto context");
3947
3862
 		crypto_free_shash(tfm_cmac);
3948
-		crypto_free_cipher(tfm_aes);
3949
3863
 		return PTR_ERR(tfm_ecdh);
3950
3864
 	}
3951
3865
 
3952
-	err = run_selftests(tfm_aes, tfm_cmac, tfm_ecdh);
3866
+	err = run_selftests(tfm_cmac, tfm_ecdh);
3953
3867
 
3954
3868
 	crypto_free_shash(tfm_cmac);
3955
-	crypto_free_cipher(tfm_aes);
3956
3869
 	crypto_free_kpp(tfm_ecdh);
3957
3870
 
3958
3871
 	return err;