Bluetooth: Introduce SMP_DBG macro for low-level debuging
The various inputs & outputs of the crypto functions as well as the values of the ECDH keys can be considered security sensitive. They should therefore not end up in dmesg by mistake. This patch introduces a new SMP_DBG macro which requires explicit compilation with -DDEBUG to be enabled. All crypto related data logs now use this macro instead of BT_DBG. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Родитель
a29b073351
Коммит
c7a3d57db6
|
@ -32,6 +32,18 @@
|
||||||
#include "ecc.h"
|
#include "ecc.h"
|
||||||
#include "smp.h"
|
#include "smp.h"
|
||||||
|
|
||||||
|
/* Low-level debug macros to be used for stuff that we don't want
|
||||||
|
* accidentially in dmesg, i.e. the values of the various crypto keys
|
||||||
|
* and the inputs & outputs of crypto functions.
|
||||||
|
*/
|
||||||
|
#ifdef DEBUG
|
||||||
|
#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
|
||||||
|
##__VA_ARGS__)
|
||||||
|
#else
|
||||||
|
#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
|
||||||
|
##__VA_ARGS__)
|
||||||
|
#endif
|
||||||
|
|
||||||
#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
|
#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
|
||||||
|
|
||||||
/* Keys which are not distributed with Secure Connections */
|
/* Keys which are not distributed with Secure Connections */
|
||||||
|
@ -154,8 +166,8 @@ static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
|
||||||
swap_buf(k, tmp, 16);
|
swap_buf(k, tmp, 16);
|
||||||
swap_buf(m, msg_msb, len);
|
swap_buf(m, msg_msb, len);
|
||||||
|
|
||||||
BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
|
SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
|
||||||
BT_DBG("key %16phN", k);
|
SMP_DBG("key %16phN", k);
|
||||||
|
|
||||||
err = crypto_hash_setkey(tfm, tmp, 16);
|
err = crypto_hash_setkey(tfm, tmp, 16);
|
||||||
if (err) {
|
if (err) {
|
||||||
|
@ -179,7 +191,7 @@ static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
|
||||||
|
|
||||||
swap_buf(mac_msb, mac, 16);
|
swap_buf(mac_msb, mac, 16);
|
||||||
|
|
||||||
BT_DBG("mac %16phN", mac);
|
SMP_DBG("mac %16phN", mac);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -190,9 +202,9 @@ static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
|
||||||
u8 m[65];
|
u8 m[65];
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
BT_DBG("u %32phN", u);
|
SMP_DBG("u %32phN", u);
|
||||||
BT_DBG("v %32phN", v);
|
SMP_DBG("v %32phN", v);
|
||||||
BT_DBG("x %16phN z %02x", x, z);
|
SMP_DBG("x %16phN z %02x", x, z);
|
||||||
|
|
||||||
m[0] = z;
|
m[0] = z;
|
||||||
memcpy(m + 1, v, 32);
|
memcpy(m + 1, v, 32);
|
||||||
|
@ -202,7 +214,7 @@ static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
BT_DBG("res %16phN", res);
|
SMP_DBG("res %16phN", res);
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
@ -223,15 +235,15 @@ static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
|
||||||
u8 m[53], t[16];
|
u8 m[53], t[16];
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
BT_DBG("w %32phN", w);
|
SMP_DBG("w %32phN", w);
|
||||||
BT_DBG("n1 %16phN n2 %16phN", n1, n2);
|
SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
|
||||||
BT_DBG("a1 %7phN a2 %7phN", a1, a2);
|
SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
|
||||||
|
|
||||||
err = aes_cmac(tfm_cmac, salt, w, 32, t);
|
err = aes_cmac(tfm_cmac, salt, w, 32, t);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
BT_DBG("t %16phN", t);
|
SMP_DBG("t %16phN", t);
|
||||||
|
|
||||||
memcpy(m, length, 2);
|
memcpy(m, length, 2);
|
||||||
memcpy(m + 2, a2, 7);
|
memcpy(m + 2, a2, 7);
|
||||||
|
@ -246,7 +258,7 @@ static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
BT_DBG("mackey %16phN", mackey);
|
SMP_DBG("mackey %16phN", mackey);
|
||||||
|
|
||||||
m[52] = 1; /* Counter */
|
m[52] = 1; /* Counter */
|
||||||
|
|
||||||
|
@ -254,7 +266,7 @@ static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
BT_DBG("ltk %16phN", ltk);
|
SMP_DBG("ltk %16phN", ltk);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -267,9 +279,9 @@ static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
|
||||||
u8 m[65];
|
u8 m[65];
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
BT_DBG("w %16phN", w);
|
SMP_DBG("w %16phN", w);
|
||||||
BT_DBG("n1 %16phN n2 %16phN", n1, n2);
|
SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
|
||||||
BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
|
SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
|
||||||
|
|
||||||
memcpy(m, a2, 7);
|
memcpy(m, a2, 7);
|
||||||
memcpy(m + 7, a1, 7);
|
memcpy(m + 7, a1, 7);
|
||||||
|
@ -293,9 +305,9 @@ static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
|
||||||
u8 m[80], tmp[16];
|
u8 m[80], tmp[16];
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
BT_DBG("u %32phN", u);
|
SMP_DBG("u %32phN", u);
|
||||||
BT_DBG("v %32phN", v);
|
SMP_DBG("v %32phN", v);
|
||||||
BT_DBG("x %16phN y %16phN", x, y);
|
SMP_DBG("x %16phN y %16phN", x, y);
|
||||||
|
|
||||||
memcpy(m, y, 16);
|
memcpy(m, y, 16);
|
||||||
memcpy(m + 16, v, 32);
|
memcpy(m + 16, v, 32);
|
||||||
|
@ -308,7 +320,7 @@ static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
|
||||||
*val = get_unaligned_le32(tmp);
|
*val = get_unaligned_le32(tmp);
|
||||||
*val %= 1000000;
|
*val %= 1000000;
|
||||||
|
|
||||||
BT_DBG("val %06u", *val);
|
SMP_DBG("val %06u", *val);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -357,13 +369,13 @@ static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
BT_DBG("w %16phN key_id %4phN", w, key_id);
|
SMP_DBG("w %16phN key_id %4phN", w, key_id);
|
||||||
|
|
||||||
err = aes_cmac(tfm_cmac, w, key_id, 4, res);
|
err = aes_cmac(tfm_cmac, w, key_id, 4, res);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
BT_DBG("res %16phN", res);
|
SMP_DBG("res %16phN", res);
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
@ -1742,9 +1754,9 @@ static u8 sc_send_public_key(struct smp_chan *smp)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
BT_DBG("Local Public Key X: %32phN", smp->local_pk);
|
SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
|
||||||
BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
|
SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
|
||||||
BT_DBG("Local Private Key: %32phN", smp->local_sk);
|
SMP_DBG("Local Private Key: %32phN", smp->local_sk);
|
||||||
|
|
||||||
smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
|
smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
|
||||||
|
|
||||||
|
@ -2390,13 +2402,13 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
|
SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
|
||||||
BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
|
SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
|
||||||
|
|
||||||
if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
|
if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
|
||||||
return SMP_UNSPECIFIED;
|
return SMP_UNSPECIFIED;
|
||||||
|
|
||||||
BT_DBG("DHKey %32phN", smp->dhkey);
|
SMP_DBG("DHKey %32phN", smp->dhkey);
|
||||||
|
|
||||||
set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
|
set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче