653 	struct hci_conn *hcon = conn->hcon;  in build_pairing_cmd()  local
654 	struct hci_dev *hdev = hcon->hdev;  in build_pairing_cmd()
681 		if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)  in build_pairing_cmd()
686 		oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,  in build_pairing_cmd()
702 		req->io_capability = conn->hcon->io_capability;  in build_pairing_cmd()
713 	rsp->io_capability = conn->hcon->io_capability;  in build_pairing_cmd()
726 	struct hci_dev *hdev = conn->hcon->hdev;  in check_enc_key_size()
729 	if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS &&  in check_enc_key_size()
746 	struct hci_conn *hcon = conn->hcon;  in smp_chan_destroy()  local
754 	mgmt_smp_complete(hcon, complete);  in smp_chan_destroy()
767 	    !hci_dev_test_flag(hcon->hdev, HCI_KEEP_DEBUG_KEYS)) {  in smp_chan_destroy()
793 	hci_conn_drop(hcon);  in smp_chan_destroy()
798 	struct hci_conn *hcon = conn->hcon;  in smp_failure()  local
805 	mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);  in smp_failure()
853 	struct hci_conn *hcon = conn->hcon;  in tk_request()  local
883 	    hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)  in tk_request()
889 		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,  in tk_request()
890 						hcon->type,  in tk_request()
891 						hcon->dst_type,  in tk_request()
908 		if (hcon->pending_sec_level < BT_SECURITY_HIGH)  in tk_request()
909 			hcon->pending_sec_level = BT_SECURITY_HIGH;  in tk_request()
916 		if (hcon->role == HCI_ROLE_MASTER)  in tk_request()
933 		ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,  in tk_request()
934 						hcon->type, hcon->dst_type);  in tk_request()
936 		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,  in tk_request()
937 						hcon->type, hcon->dst_type,  in tk_request()
940 		ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,  in tk_request()
941 						hcon->type, hcon->dst_type,  in tk_request()
956 		     conn->hcon->init_addr_type, &conn->hcon->init_addr,  in smp_confirm()
957 		     conn->hcon->resp_addr_type, &conn->hcon->resp_addr,  in smp_confirm()
966 	if (conn->hcon->out)  in smp_confirm()
977 	struct hci_conn *hcon = conn->hcon;  in smp_random()  local
981 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");  in smp_random()
984 		     hcon->init_addr_type, &hcon->init_addr,  in smp_random()
985 		     hcon->resp_addr_type, &hcon->resp_addr, confirm);  in smp_random()
990 		bt_dev_err(hcon->hdev, "pairing failed "  in smp_random()
995 	if (hcon->out) {  in smp_random()
1002 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))  in smp_random()
1005 		hci_le_start_enc(hcon, ediv, rand, stk, smp->enc_key_size);  in smp_random()
1006 		hcon->enc_key_size = smp->enc_key_size;  in smp_random()
1007 		set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);  in smp_random()
1018 		if (hcon->pending_sec_level == BT_SECURITY_HIGH)  in smp_random()
1027 		hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,  in smp_random()
1038 	struct hci_conn *hcon = conn->hcon;  in smp_notify_keys()  local
1039 	struct hci_dev *hdev = hcon->hdev;  in smp_notify_keys()
1044 	if (hcon->type == ACL_LINK) {  in smp_notify_keys()
1045 		if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)  in smp_notify_keys()
1049 					       &hcon->flags);  in smp_notify_keys()
1066 		if (hcon->type == LE_LINK) {  in smp_notify_keys()
1067 			bacpy(&hcon->dst, &smp->remote_irk->bdaddr);  in smp_notify_keys()
1068 			hcon->dst_type = smp->remote_irk->addr_type;  in smp_notify_keys()
1074 		smp->csrk->bdaddr_type = hcon->dst_type;  in smp_notify_keys()
1075 		bacpy(&smp->csrk->bdaddr, &hcon->dst);  in smp_notify_keys()
1080 		smp->slave_csrk->bdaddr_type = hcon->dst_type;  in smp_notify_keys()
1081 		bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);  in smp_notify_keys()
1086 		smp->ltk->bdaddr_type = hcon->dst_type;  in smp_notify_keys()
1087 		bacpy(&smp->ltk->bdaddr, &hcon->dst);  in smp_notify_keys()
1092 		smp->slave_ltk->bdaddr_type = hcon->dst_type;  in smp_notify_keys()
1093 		bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);  in smp_notify_keys()
1103 		else if (hcon->sec_level == BT_SECURITY_FIPS)  in smp_notify_keys()
1108 		key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,  in smp_notify_keys()
1127 	struct hci_conn *hcon = smp->conn->hcon;  in sc_add_ltk()  local
1135 	if (hcon->pending_sec_level == BT_SECURITY_FIPS)  in sc_add_ltk()
1140 	smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,  in sc_add_ltk()
1199 	struct hci_conn *hcon = smp->conn->hcon;  in sc_generate_ltk()  local
1200 	struct hci_dev *hdev = hcon->hdev;  in sc_generate_ltk()
1203 	key = hci_find_link_key(hdev, &hcon->dst);  in sc_generate_ltk()
1236 	struct hci_conn *hcon = conn->hcon;  in smp_distribute_keys()  local
1237 	struct hci_dev *hdev = hcon->hdev;  in smp_distribute_keys()
1245 	if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {  in smp_distribute_keys()
1252 	if (hcon->out) {  in smp_distribute_keys()
1261 		if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))  in smp_distribute_keys()
1263 		if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))  in smp_distribute_keys()
1293 		authenticated = hcon->sec_level == BT_SECURITY_HIGH;  in smp_distribute_keys()
1294 		ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,  in smp_distribute_keys()
1321 		bacpy(&addrinfo.bdaddr, &hcon->src);  in smp_distribute_keys()
1322 		addrinfo.addr_type = hcon->src_type;  in smp_distribute_keys()
1339 			if (hcon->sec_level > BT_SECURITY_MEDIUM)  in smp_distribute_keys()
1372 	hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);  in smp_timeout()
1403 	hci_conn_hold(conn->hcon);  in smp_chan_create()
1416 	struct hci_conn *hcon = smp->conn->hcon;  in sc_mackey_and_ltk()  local
1419 	if (hcon->out) {  in sc_mackey_and_ltk()
1427 	memcpy(a, &hcon->init_addr, 6);  in sc_mackey_and_ltk()
1428 	memcpy(b, &hcon->resp_addr, 6);  in sc_mackey_and_ltk()
1429 	a[6] = hcon->init_addr_type;  in sc_mackey_and_ltk()
1430 	b[6] = hcon->resp_addr_type;  in sc_mackey_and_ltk()
1437 	struct hci_conn *hcon = smp->conn->hcon;  in sc_dhkey_check()  local
1442 	memcpy(a, &hcon->init_addr, 6);  in sc_dhkey_check()
1443 	memcpy(b, &hcon->resp_addr, 6);  in sc_dhkey_check()
1444 	a[6] = hcon->init_addr_type;  in sc_dhkey_check()
1445 	b[6] = hcon->resp_addr_type;  in sc_dhkey_check()
1447 	if (hcon->out) {  in sc_dhkey_check()
1460 		put_unaligned_le32(hcon->passkey_notify, r);  in sc_dhkey_check()
1474 	struct hci_conn *hcon = conn->hcon;  in sc_passkey_send_confirm()  local
1478 	r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);  in sc_passkey_send_confirm()
1495 	struct hci_conn *hcon = conn->hcon;  in sc_passkey_round()  local
1496 	struct hci_dev *hdev = hcon->hdev;  in sc_passkey_round()
1505 		r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);  in sc_passkey_round()
1526 		if (!hcon->out) {  in sc_passkey_round()
1554 		if (hcon->out) {  in sc_passkey_round()
1565 		if (!hcon->out)  in sc_passkey_round()
1582 	struct hci_conn *hcon = conn->hcon;  in sc_user_reply()  local
1595 		hcon->passkey_notify = le32_to_cpu(passkey);  in sc_user_reply()
1610 	if (hcon->out) {  in sc_user_reply()
1621 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)  in smp_user_confirm_reply()  argument
1623 	struct l2cap_conn *conn = hcon->l2cap_data;  in smp_user_confirm_reply()
1691 	struct hci_dev *hdev = conn->hcon->hdev;  in build_bredr_pairing_cmd()
1711 		req->max_key_size    = conn->hcon->enc_key_size;  in build_bredr_pairing_cmd()
1721 	rsp->max_key_size    = conn->hcon->enc_key_size;  in build_bredr_pairing_cmd()
1732 	struct hci_dev *hdev = conn->hcon->hdev;  in smp_cmd_pairing_req()
1742 	if (conn->hcon->role != HCI_ROLE_SLAVE)  in smp_cmd_pairing_req()
1775 	if (conn->hcon->type == ACL_LINK) {  in smp_cmd_pairing_req()
1777 		if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&  in smp_cmd_pairing_req()
1812 	if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)  in smp_cmd_pairing_req()
1817 	if (sec_level > conn->hcon->pending_sec_level)  in smp_cmd_pairing_req()
1818 		conn->hcon->pending_sec_level = sec_level;  in smp_cmd_pairing_req()
1821 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {  in smp_cmd_pairing_req()
1824 		method = get_auth_method(smp, conn->hcon->io_capability,  in smp_cmd_pairing_req()
1868 	struct hci_dev *hdev = smp->conn->hcon->hdev;  in sc_send_public_key()
1924 	struct hci_dev *hdev = conn->hcon->hdev;  in smp_cmd_pairing_rsp()
1933 	if (conn->hcon->role != HCI_ROLE_MASTER)  in smp_cmd_pairing_rsp()
1968 	if (conn->hcon->type == ACL_LINK) {  in smp_cmd_pairing_rsp()
1977 	else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)  in smp_cmd_pairing_rsp()
1978 		conn->hcon->pending_sec_level = BT_SECURITY_HIGH;  in smp_cmd_pairing_rsp()
1981 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {  in smp_cmd_pairing_rsp()
2028 	if (conn->hcon->out) {  in sc_check_confirm()
2044 	struct hci_conn *hcon = conn->hcon;  in fixup_sc_false_positive()  local
2045 	struct hci_dev *hdev = hcon->hdev;  in fixup_sc_false_positive()
2050 	if (hcon->out)  in fixup_sc_false_positive()
2083 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");  in smp_cmd_pairing_confirm()
2105 	if (conn->hcon->out) {  in smp_cmd_pairing_confirm()
2124 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_pairing_random()  local
2140 	if (hcon->out) {  in smp_cmd_pairing_random()
2153 		if (!hcon->out)  in smp_cmd_pairing_random()
2164 	if (hcon->out) {  in smp_cmd_pairing_random()
2187 		if (hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,  in smp_cmd_pairing_random()
2188 				 hcon->role)) {  in smp_cmd_pairing_random()
2205 		if (hcon->out) {  in smp_cmd_pairing_random()
2222 	err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,  in smp_cmd_pairing_random()
2223 					hcon->dst_type, passkey, confirm_hint);  in smp_cmd_pairing_random()
2235 	struct hci_conn *hcon = conn->hcon;  in smp_ltk_encrypt()  local
2237 	key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);  in smp_ltk_encrypt()
2244 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))  in smp_ltk_encrypt()
2247 	hci_le_start_enc(hcon, key->ediv, key->rand, key->val, key->enc_size);  in smp_ltk_encrypt()
2248 	hcon->enc_key_size = key->enc_size;  in smp_ltk_encrypt()
2251 	clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);  in smp_ltk_encrypt()
2256 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,  in smp_sufficient_security()  argument
2269 	    test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&  in smp_sufficient_security()
2270 	    hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))  in smp_sufficient_security()
2273 	if (hcon->sec_level >= sec_level)  in smp_sufficient_security()
2283 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_security_req()  local
2284 	struct hci_dev *hdev = hcon->hdev;  in smp_cmd_security_req()
2293 	if (hcon->role != HCI_ROLE_MASTER)  in smp_cmd_security_req()
2301 	if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)  in smp_cmd_security_req()
2306 	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {  in smp_cmd_security_req()
2311 		smp_ltk_encrypt(conn, hcon->sec_level);  in smp_cmd_security_req()
2315 	if (sec_level > hcon->pending_sec_level)  in smp_cmd_security_req()
2316 		hcon->pending_sec_level = sec_level;  in smp_cmd_security_req()
2318 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))  in smp_cmd_security_req()
2343 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)  in smp_conn_security()  argument
2345 	struct l2cap_conn *conn = hcon->l2cap_data;  in smp_conn_security()
2351 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);  in smp_conn_security()
2357 	if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))  in smp_conn_security()
2360 	if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))  in smp_conn_security()
2363 	if (sec_level > hcon->pending_sec_level)  in smp_conn_security()
2364 		hcon->pending_sec_level = sec_level;  in smp_conn_security()
2366 	if (hcon->role == HCI_ROLE_MASTER)  in smp_conn_security()
2367 		if (smp_ltk_encrypt(conn, hcon->pending_sec_level))  in smp_conn_security()
2372 		bt_dev_err(hcon->hdev, "security requested but not available");  in smp_conn_security()
2392 	if (hci_dev_test_flag(hcon->hdev, HCI_SC_ENABLED)) {  in smp_conn_security()
2394 		if (hci_dev_test_flag(hcon->hdev, HCI_SSP_ENABLED))  in smp_conn_security()
2401 	if (!hci_dev_test_flag(hcon->hdev, HCI_FORCE_NO_MITM)) {  in smp_conn_security()
2405 		if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||  in smp_conn_security()
2406 		    hcon->pending_sec_level > BT_SECURITY_MEDIUM)  in smp_conn_security()
2410 	if (hcon->role == HCI_ROLE_MASTER) {  in smp_conn_security()
2437 	struct hci_conn *hcon;  in smp_cancel_and_remove_pairing()  local
2446 	hcon = hci_conn_hash_lookup_le(hdev, bdaddr, addr_type);  in smp_cancel_and_remove_pairing()
2447 	if (!hcon)  in smp_cancel_and_remove_pairing()
2450 	conn = hcon->l2cap_data;  in smp_cancel_and_remove_pairing()
2493 	if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_LTK,  in smp_cmd_encrypt_info()
2495 		bt_dev_warn_ratelimited(conn->hcon->hdev,  in smp_cmd_encrypt_info()
2497 					&conn->hcon->dst);  in smp_cmd_encrypt_info()
2515 	struct hci_dev *hdev = conn->hcon->hdev;  in smp_cmd_master_ident()
2516 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_master_ident()  local
2535 	authenticated = (hcon->sec_level == BT_SECURITY_HIGH);  in smp_cmd_master_ident()
2536 	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,  in smp_cmd_master_ident()
2558 	if (hci_is_blocked_key(conn->hcon->hdev, HCI_BLOCKED_KEY_TYPE_IRK,  in smp_cmd_ident_info()
2560 		bt_dev_warn_ratelimited(conn->hcon->hdev,  in smp_cmd_ident_info()
2562 					&conn->hcon->dst);  in smp_cmd_ident_info()
2581 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_ident_addr_info()  local
2609 		bt_dev_err(hcon->hdev, "ignoring IRK with no identity address");  in smp_cmd_ident_addr_info()
2618 	if (hci_is_identity_address(&hcon->dst, hcon->dst_type) &&  in smp_cmd_ident_addr_info()
2619 	    (bacmp(&info->bdaddr, &hcon->dst) ||  in smp_cmd_ident_addr_info()
2620 	     info->addr_type != hcon->dst_type)) {  in smp_cmd_ident_addr_info()
2621 		bt_dev_err(hcon->hdev,  in smp_cmd_ident_addr_info()
2629 	if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))  in smp_cmd_ident_addr_info()
2630 		bacpy(&rpa, &hcon->dst);  in smp_cmd_ident_addr_info()
2634 	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,  in smp_cmd_ident_addr_info()
2663 		if (conn->hcon->sec_level > BT_SECURITY_MEDIUM)  in smp_cmd_sign_info()
2678 	struct hci_conn *hcon = conn->hcon;  in sc_select_method()  local
2691 	if (hcon->out) {  in sc_select_method()
2723 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_public_key()  local
2726 	struct hci_dev *hdev = hcon->hdev;  in smp_cmd_public_key()
2760 	if (!hcon->out) {  in smp_cmd_public_key()
2799 		hcon->pending_sec_level = BT_SECURITY_MEDIUM;  in smp_cmd_public_key()
2801 		hcon->pending_sec_level = BT_SECURITY_FIPS;  in smp_cmd_public_key()
2807 		get_random_bytes(&hcon->passkey_notify,  in smp_cmd_public_key()
2808 				 sizeof(hcon->passkey_notify));  in smp_cmd_public_key()
2809 		hcon->passkey_notify %= 1000000;  in smp_cmd_public_key()
2810 		hcon->passkey_entered = 0;  in smp_cmd_public_key()
2812 		if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,  in smp_cmd_public_key()
2813 					     hcon->dst_type,  in smp_cmd_public_key()
2814 					     hcon->passkey_notify,  in smp_cmd_public_key()
2815 					     hcon->passkey_entered))  in smp_cmd_public_key()
2822 		if (hcon->out)  in smp_cmd_public_key()
2831 	if (hcon->out)  in smp_cmd_public_key()
2835 		if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,  in smp_cmd_public_key()
2836 					      hcon->dst_type))  in smp_cmd_public_key()
2846 	if (conn->hcon->out)  in smp_cmd_public_key()
2864 	struct hci_conn *hcon = conn->hcon;  in smp_cmd_dhkey_check()  local
2875 	memcpy(a, &hcon->init_addr, 6);  in smp_cmd_dhkey_check()
2876 	memcpy(b, &hcon->resp_addr, 6);  in smp_cmd_dhkey_check()
2877 	a[6] = hcon->init_addr_type;  in smp_cmd_dhkey_check()
2878 	b[6] = hcon->resp_addr_type;  in smp_cmd_dhkey_check()
2880 	if (hcon->out) {  in smp_cmd_dhkey_check()
2893 		put_unaligned_le32(hcon->passkey_notify, r);  in smp_cmd_dhkey_check()
2905 	if (!hcon->out) {  in smp_cmd_dhkey_check()
2917 	if (hcon->out) {  in smp_cmd_dhkey_check()
2918 		hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);  in smp_cmd_dhkey_check()
2919 		hcon->enc_key_size = smp->enc_key_size;  in smp_cmd_dhkey_check()
2938 	struct hci_conn *hcon = conn->hcon;  in smp_sig_channel()  local
2946 	if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) {  in smp_sig_channel()
3042 	bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR",  in smp_sig_channel()
3043 		   code, &hcon->dst);  in smp_sig_channel()
3064 	struct hci_conn *hcon = conn->hcon;  in bredr_pairing()  local
3065 	struct hci_dev *hdev = hcon->hdev;  in bredr_pairing()
3072 	if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))  in bredr_pairing()
3076 	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))  in bredr_pairing()
3080 	if (hcon->role != HCI_ROLE_MASTER)  in bredr_pairing()
3088 	if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&  in bredr_pairing()
3097 	if (!lmp_host_le_capable(hcon))  in bredr_pairing()
3132 	struct hci_conn *hcon = conn->hcon;  in smp_resume_cb()  local
3136 	if (hcon->type == ACL_LINK) {  in smp_resume_cb()
3144 	if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))  in smp_resume_cb()
3155 	struct hci_conn *hcon = conn->hcon;  in smp_ready_cb()  local
3167 	if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))  in smp_ready_cb()
3184 		hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);  in smp_recv_cb()