tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Bluetooth: Move SMP crypto functions to a workqueue

The function crypto_blkcipher_setkey() called by smp_e()
can sleep, so all the crypto work has to be moved to
hci_dev workqueue.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

authored by

Vinicius Costa Gomes and committed by
Gustavo F. Padovan 8aab4757 1c1def09

+185 -103
+8 -1
include/net/bluetooth/smp.h
··· 116 116 #define SMP_MAX_ENC_KEY_SIZE 16 117 117 118 118 struct smp_chan { 119 + struct l2cap_conn *conn; 119 120 u8 preq[7]; /* SMP Pairing Request */ 120 121 u8 prsp[7]; /* SMP Pairing Response */ 121 - u8 prnd[16]; /* SMP Pairing Random */ 122 + u8 prnd[16]; /* SMP Pairing Random (local) */ 123 + u8 rrnd[16]; /* SMP Pairing Random (remote) */ 122 124 u8 pcnf[16]; /* SMP Pairing Confirm */ 123 125 u8 tk[16]; /* SMP Temporary Key */ 124 126 u8 smp_key_size; 125 127 struct crypto_blkcipher *tfm; 128 + struct work_struct confirm; 129 + struct work_struct random; 130 + 126 131 }; 127 132 128 133 /* SMP Commands */ 129 134 int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level); 130 135 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb); 131 136 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force); 137 + 138 + void smp_chan_destroy(struct l2cap_conn *conn); 132 139 133 140 #endif /* __SMP_H */
+1 -1
net/bluetooth/l2cap_core.c
··· 991 991 992 992 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) { 993 993 del_timer(&conn->security_timer); 994 - hci_conn_put(hcon); 994 + smp_chan_destroy(conn); 995 995 } 996 996 997 997 hcon->l2cap_data = NULL;
+176 -101
net/bluetooth/smp.c
··· 243 243 return 0; 244 244 } 245 245 246 + static void confirm_work(struct work_struct *work) 247 + { 248 + struct smp_chan *smp = container_of(work, struct smp_chan, confirm); 249 + struct l2cap_conn *conn = smp->conn; 250 + struct crypto_blkcipher *tfm; 251 + struct smp_cmd_pairing_confirm cp; 252 + int ret; 253 + u8 res[16], reason; 254 + 255 + BT_DBG("conn %p", conn); 256 + 257 + tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 258 + if (IS_ERR(tfm)) { 259 + reason = SMP_UNSPECIFIED; 260 + goto error; 261 + } 262 + 263 + smp->tfm = tfm; 264 + 265 + if (conn->hcon->out) 266 + ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0, 267 + conn->src, conn->hcon->dst_type, conn->dst, 268 + res); 269 + else 270 + ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 271 + conn->hcon->dst_type, conn->dst, 0, conn->src, 272 + res); 273 + if (ret) { 274 + reason = SMP_UNSPECIFIED; 275 + goto error; 276 + } 277 + 278 + swap128(res, cp.confirm_val); 279 + smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 280 + 281 + return; 282 + 283 + error: 284 + smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason); 285 + smp_chan_destroy(conn); 286 + } 287 + 288 + static void random_work(struct work_struct *work) 289 + { 290 + struct smp_chan *smp = container_of(work, struct smp_chan, random); 291 + struct l2cap_conn *conn = smp->conn; 292 + struct hci_conn *hcon = conn->hcon; 293 + struct crypto_blkcipher *tfm = smp->tfm; 294 + u8 reason, confirm[16], res[16], key[16]; 295 + int ret; 296 + 297 + if (IS_ERR_OR_NULL(tfm)) { 298 + reason = SMP_UNSPECIFIED; 299 + goto error; 300 + } 301 + 302 + BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 303 + 304 + if (hcon->out) 305 + ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0, 306 + conn->src, hcon->dst_type, conn->dst, 307 + res); 308 + else 309 + ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 310 + hcon->dst_type, conn->dst, 0, conn->src, 311 + res); 312 + if (ret) { 313 + reason = SMP_UNSPECIFIED; 314 + goto error; 315 + } 316 + 317 + swap128(res, confirm); 318 + 319 + if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 320 + BT_ERR("Pairing failed (confirmation values mismatch)"); 321 + reason = SMP_CONFIRM_FAILED; 322 + goto error; 323 + } 324 + 325 + if (hcon->out) { 326 + u8 stk[16], rand[8]; 327 + __le16 ediv; 328 + 329 + memset(rand, 0, sizeof(rand)); 330 + ediv = 0; 331 + 332 + smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key); 333 + swap128(key, stk); 334 + 335 + memset(stk + smp->smp_key_size, 0, 336 + SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 337 + 338 + if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) { 339 + reason = SMP_UNSPECIFIED; 340 + goto error; 341 + } 342 + 343 + hci_le_start_enc(hcon, ediv, rand, stk); 344 + hcon->enc_key_size = smp->smp_key_size; 345 + } else { 346 + u8 stk[16], r[16], rand[8]; 347 + __le16 ediv; 348 + 349 + memset(rand, 0, sizeof(rand)); 350 + ediv = 0; 351 + 352 + swap128(smp->prnd, r); 353 + smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); 354 + 355 + smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key); 356 + swap128(key, stk); 357 + 358 + memset(stk + smp->smp_key_size, 0, 359 + SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 360 + 361 + hci_add_ltk(hcon->hdev, 0, conn->dst, smp->smp_key_size, 362 + ediv, rand, stk); 363 + } 364 + 365 + return; 366 + 367 + error: 368 + smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason); 369 + smp_chan_destroy(conn); 370 + } 371 + 372 + static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 373 + { 374 + struct smp_chan *smp; 375 + 376 + smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC); 377 + if (!smp) 378 + return NULL; 379 + 380 + INIT_WORK(&smp->confirm, confirm_work); 381 + INIT_WORK(&smp->random, random_work); 382 + 383 + smp->conn = conn; 384 + conn->smp_chan = smp; 385 + 386 + hci_conn_hold(conn->hcon); 387 + 388 + return smp; 389 + } 390 + 391 + void smp_chan_destroy(struct l2cap_conn *conn) 392 + { 393 + kfree(conn->smp_chan); 394 + hci_conn_put(conn->hcon); 395 + } 396 + 246 397 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 247 398 { 248 399 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 249 - struct smp_chan *smp = conn->smp_chan; 400 + struct smp_chan *smp; 250 401 u8 key_size; 402 + int ret; 251 403 252 404 BT_DBG("conn %p", conn); 253 405 254 406 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 255 - hci_conn_hold(conn->hcon); 407 + smp = smp_chan_create(conn); 408 + 409 + smp = conn->smp_chan; 256 410 257 411 smp->preq[0] = SMP_CMD_PAIRING_REQ; 258 412 memcpy(&smp->preq[1], req, sizeof(*req)); ··· 425 271 /* Just works */ 426 272 memset(smp->tk, 0, sizeof(smp->tk)); 427 273 274 + ret = smp_rand(smp->prnd); 275 + if (ret) 276 + return SMP_UNSPECIFIED; 277 + 428 278 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 429 279 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 430 280 ··· 440 282 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 441 283 { 442 284 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 443 - struct smp_cmd_pairing_confirm cp; 444 285 struct smp_chan *smp = conn->smp_chan; 445 - struct crypto_blkcipher *tfm = smp->tfm; 446 - 286 + struct hci_dev *hdev = conn->hcon->hdev; 287 + u8 key_size; 447 288 int ret; 448 - u8 res[16], key_size; 449 289 450 290 BT_DBG("conn %p", conn); 451 291 ··· 461 305 /* Just works */ 462 306 memset(smp->tk, 0, sizeof(smp->tk)); 463 307 464 - smp->prsp[0] = SMP_CMD_PAIRING_RSP; 465 - memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 466 - 467 308 ret = smp_rand(smp->prnd); 468 309 if (ret) 469 310 return SMP_UNSPECIFIED; 470 311 471 - ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0, 472 - conn->src, conn->hcon->dst_type, conn->dst, res); 473 - if (ret) 474 - return SMP_UNSPECIFIED; 312 + smp->prsp[0] = SMP_CMD_PAIRING_RSP; 313 + memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 475 314 476 - swap128(res, cp.confirm_val); 477 - 478 - smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 315 + queue_work(hdev->workqueue, &smp->confirm); 479 316 480 317 return 0; 481 318 } ··· 476 327 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 477 328 { 478 329 struct smp_chan *smp = conn->smp_chan; 479 - struct crypto_blkcipher *tfm = smp->tfm; 330 + struct hci_dev *hdev = conn->hcon->hdev; 480 331 481 332 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 482 333 ··· 490 341 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), 491 342 random); 492 343 } else { 493 - struct smp_cmd_pairing_confirm cp; 494 - int ret; 495 - u8 res[16]; 496 - 497 - ret = smp_rand(smp->prnd); 498 - if (ret) 499 - return SMP_UNSPECIFIED; 500 - 501 - ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 502 - conn->hcon->dst_type, conn->dst, 503 - 0, conn->src, res); 504 - if (ret) 505 - return SMP_CONFIRM_FAILED; 506 - 507 - swap128(res, cp.confirm_val); 508 - 509 - smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 344 + queue_work(hdev->workqueue, &smp->confirm); 510 345 } 511 346 512 347 return 0; ··· 498 365 499 366 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 500 367 { 501 - struct hci_conn *hcon = conn->hcon; 502 368 struct smp_chan *smp = conn->smp_chan; 503 - struct crypto_blkcipher *tfm = smp->tfm; 504 - int ret; 505 - u8 key[16], res[16], random[16], confirm[16]; 369 + struct hci_dev *hdev = conn->hcon->hdev; 506 370 507 - swap128(skb->data, random); 508 - skb_pull(skb, sizeof(random)); 371 + BT_DBG("conn %p", conn); 509 372 510 - if (conn->hcon->out) 511 - ret = smp_c1(tfm, smp->tk, random, smp->preq, smp->prsp, 0, 512 - conn->src, conn->hcon->dst_type, conn->dst, 513 - res); 514 - else 515 - ret = smp_c1(tfm, smp->tk, random, smp->preq, smp->prsp, 516 - conn->hcon->dst_type, conn->dst, 0, conn->src, 517 - res); 518 - if (ret) 519 - return SMP_UNSPECIFIED; 373 + swap128(skb->data, smp->rrnd); 374 + skb_pull(skb, sizeof(smp->rrnd)); 520 375 521 - BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 522 - 523 - swap128(res, confirm); 524 - 525 - if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 526 - BT_ERR("Pairing failed (confirmation values mismatch)"); 527 - return SMP_CONFIRM_FAILED; 528 - } 529 - 530 - if (conn->hcon->out) { 531 - u8 stk[16], rand[8]; 532 - __le16 ediv; 533 - 534 - memset(rand, 0, sizeof(rand)); 535 - ediv = 0; 536 - 537 - smp_s1(tfm, smp->tk, random, smp->prnd, key); 538 - swap128(key, stk); 539 - 540 - memset(stk + smp->smp_key_size, 0, 541 - SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 542 - 543 - if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) 544 - return SMP_UNSPECIFIED; 545 - 546 - hci_le_start_enc(hcon, ediv, rand, stk); 547 - hcon->enc_key_size = smp->smp_key_size; 548 - } else { 549 - u8 stk[16], r[16], rand[8]; 550 - __le16 ediv; 551 - 552 - memset(rand, 0, sizeof(rand)); 553 - ediv = 0; 554 - 555 - swap128(smp->prnd, r); 556 - smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); 557 - 558 - smp_s1(tfm, smp->tk, smp->prnd, random, key); 559 - swap128(key, stk); 560 - 561 - memset(stk + smp->smp_key_size, 0, 562 - SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 563 - 564 - hci_add_ltk(conn->hcon->hdev, 0, conn->dst, smp->smp_key_size, 565 - ediv, rand, stk); 566 - } 376 + queue_work(hdev->workqueue, &smp->random); 567 377 568 378 return 0; 569 379 } ··· 516 440 struct smp_cmd_security_req *rp = (void *) skb->data; 517 441 struct smp_cmd_pairing cp; 518 442 struct hci_conn *hcon = conn->hcon; 519 - struct smp_chan *smp = conn->smp_chan; 443 + struct smp_chan *smp; 520 444 521 445 BT_DBG("conn %p", conn); 522 446 523 447 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) 524 448 return 0; 525 449 526 - hci_conn_hold(hcon); 450 + smp = smp_chan_create(conn); 527 451 528 452 skb_pull(skb, sizeof(*rp)); 529 453 ··· 578 502 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) 579 503 return 0; 580 504 581 - /* While SMP is going on */ 582 - hci_conn_hold(hcon); 505 + smp = smp_chan_create(conn); 583 506 584 507 authreq = seclevel_to_authreq(sec_level); 585 508 ··· 785 710 if (conn->hcon->out || force) { 786 711 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend); 787 712 del_timer(&conn->security_timer); 788 - hci_conn_put(conn->hcon); 713 + smp_chan_destroy(conn); 789 714 } 790 715 791 716 return 0;