selftest.c 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310
  1. /*
  2. BlueZ - Bluetooth protocol stack for Linux
  3. Copyright (C) 2014 Intel Corporation
  4. This program is free software; you can redistribute it and/or modify
  5. it under the terms of the GNU General Public License version 2 as
  6. published by the Free Software Foundation;
  7. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  8. OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  9. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  10. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  11. CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  12. WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13. ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14. OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15. ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  16. COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  17. SOFTWARE IS DISCLAIMED.
  18. */
  19. #include <linux/debugfs.h>
  20. #include <net/bluetooth/bluetooth.h>
  21. #include <net/bluetooth/hci_core.h>
  22. #include "ecdh_helper.h"
  23. #include "smp.h"
  24. #include "selftest.h"
  25. #if IS_ENABLED(CONFIG_BT_SELFTEST_ECDH)
  26. static const u8 priv_a_1[32] __initconst = {
  27. 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
  28. 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
  29. 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
  30. 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
  31. };
  32. static const u8 priv_b_1[32] __initconst = {
  33. 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
  34. 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
  35. 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
  36. 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55,
  37. };
  38. static const u8 pub_a_1[64] __initconst = {
  39. 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
  40. 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
  41. 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
  42. 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
  43. 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
  44. 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
  45. 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
  46. 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
  47. };
  48. static const u8 pub_b_1[64] __initconst = {
  49. 0x90, 0xa1, 0xaa, 0x2f, 0xb2, 0x77, 0x90, 0x55,
  50. 0x9f, 0xa6, 0x15, 0x86, 0xfd, 0x8a, 0xb5, 0x47,
  51. 0x00, 0x4c, 0x9e, 0xf1, 0x84, 0x22, 0x59, 0x09,
  52. 0x96, 0x1d, 0xaf, 0x1f, 0xf0, 0xf0, 0xa1, 0x1e,
  53. 0x4a, 0x21, 0xb1, 0x15, 0xf9, 0xaf, 0x89, 0x5f,
  54. 0x76, 0x36, 0x8e, 0xe2, 0x30, 0x11, 0x2d, 0x47,
  55. 0x60, 0x51, 0xb8, 0x9a, 0x3a, 0x70, 0x56, 0x73,
  56. 0x37, 0xad, 0x9d, 0x42, 0x3e, 0xf3, 0x55, 0x4c,
  57. };
  58. static const u8 dhkey_1[32] __initconst = {
  59. 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
  60. 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
  61. 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
  62. 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec,
  63. };
  64. static const u8 priv_a_2[32] __initconst = {
  65. 0x63, 0x76, 0x45, 0xd0, 0xf7, 0x73, 0xac, 0xb7,
  66. 0xff, 0xdd, 0x03, 0x72, 0xb9, 0x72, 0x85, 0xb4,
  67. 0x41, 0xb6, 0x5d, 0x0c, 0x5d, 0x54, 0x84, 0x60,
  68. 0x1a, 0xa3, 0x9a, 0x3c, 0x69, 0x16, 0xa5, 0x06,
  69. };
  70. static const u8 priv_b_2[32] __initconst = {
  71. 0xba, 0x30, 0x55, 0x50, 0x19, 0xa2, 0xca, 0xa3,
  72. 0xa5, 0x29, 0x08, 0xc6, 0xb5, 0x03, 0x88, 0x7e,
  73. 0x03, 0x2b, 0x50, 0x73, 0xd4, 0x2e, 0x50, 0x97,
  74. 0x64, 0xcd, 0x72, 0x0d, 0x67, 0xa0, 0x9a, 0x52,
  75. };
  76. static const u8 pub_a_2[64] __initconst = {
  77. 0xdd, 0x78, 0x5c, 0x74, 0x03, 0x9b, 0x7e, 0x98,
  78. 0xcb, 0x94, 0x87, 0x4a, 0xad, 0xfa, 0xf8, 0xd5,
  79. 0x43, 0x3e, 0x5c, 0xaf, 0xea, 0xb5, 0x4c, 0xf4,
  80. 0x9e, 0x80, 0x79, 0x57, 0x7b, 0xa4, 0x31, 0x2c,
  81. 0x4f, 0x5d, 0x71, 0x43, 0x77, 0x43, 0xf8, 0xea,
  82. 0xd4, 0x3e, 0xbd, 0x17, 0x91, 0x10, 0x21, 0xd0,
  83. 0x1f, 0x87, 0x43, 0x8e, 0x40, 0xe2, 0x52, 0xcd,
  84. 0xbe, 0xdf, 0x98, 0x38, 0x18, 0x12, 0x95, 0x91,
  85. };
  86. static const u8 pub_b_2[64] __initconst = {
  87. 0xcc, 0x00, 0x65, 0xe1, 0xf5, 0x6c, 0x0d, 0xcf,
  88. 0xec, 0x96, 0x47, 0x20, 0x66, 0xc9, 0xdb, 0x84,
  89. 0x81, 0x75, 0xa8, 0x4d, 0xc0, 0xdf, 0xc7, 0x9d,
  90. 0x1b, 0x3f, 0x3d, 0xf2, 0x3f, 0xe4, 0x65, 0xf4,
  91. 0x79, 0xb2, 0xec, 0xd8, 0xca, 0x55, 0xa1, 0xa8,
  92. 0x43, 0x4d, 0x6b, 0xca, 0x10, 0xb0, 0xc2, 0x01,
  93. 0xc2, 0x33, 0x4e, 0x16, 0x24, 0xc4, 0xef, 0xee,
  94. 0x99, 0xd8, 0xbb, 0xbc, 0x48, 0xd0, 0x01, 0x02,
  95. };
  96. static const u8 dhkey_2[32] __initconst = {
  97. 0x69, 0xeb, 0x21, 0x32, 0xf2, 0xc6, 0x05, 0x41,
  98. 0x60, 0x19, 0xcd, 0x5e, 0x94, 0xe1, 0xe6, 0x5f,
  99. 0x33, 0x07, 0xe3, 0x38, 0x4b, 0x68, 0xe5, 0x62,
  100. 0x3f, 0x88, 0x6d, 0x2f, 0x3a, 0x84, 0x85, 0xab,
  101. };
  102. static const u8 priv_a_3[32] __initconst = {
  103. 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
  104. 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
  105. 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
  106. 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
  107. };
  108. static const u8 pub_a_3[64] __initconst = {
  109. 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
  110. 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
  111. 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
  112. 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
  113. 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
  114. 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
  115. 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
  116. 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
  117. };
  118. static const u8 dhkey_3[32] __initconst = {
  119. 0x2d, 0xab, 0x00, 0x48, 0xcb, 0xb3, 0x7b, 0xda,
  120. 0x55, 0x7b, 0x8b, 0x72, 0xa8, 0x57, 0x87, 0xc3,
  121. 0x87, 0x27, 0x99, 0x32, 0xfc, 0x79, 0x5f, 0xae,
  122. 0x7c, 0x1c, 0xf9, 0x49, 0xe6, 0xd7, 0xaa, 0x70,
  123. };
  124. static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32],
  125. const u8 priv_b[32], const u8 pub_a[64],
  126. const u8 pub_b[64], const u8 dhkey[32])
  127. {
  128. u8 *tmp, *dhkey_a, *dhkey_b;
  129. int ret;
  130. tmp = kmalloc(64, GFP_KERNEL);
  131. if (!tmp)
  132. return -EINVAL;
  133. dhkey_a = &tmp[0];
  134. dhkey_b = &tmp[32];
  135. ret = set_ecdh_privkey(tfm, priv_a);
  136. if (ret)
  137. goto out;
  138. ret = compute_ecdh_secret(tfm, pub_b, dhkey_a);
  139. if (ret)
  140. goto out;
  141. if (memcmp(dhkey_a, dhkey, 32)) {
  142. ret = -EINVAL;
  143. goto out;
  144. }
  145. ret = set_ecdh_privkey(tfm, priv_b);
  146. if (ret)
  147. goto out;
  148. ret = compute_ecdh_secret(tfm, pub_a, dhkey_b);
  149. if (ret)
  150. goto out;
  151. if (memcmp(dhkey_b, dhkey, 32))
  152. ret = -EINVAL;
  153. /* fall through*/
  154. out:
  155. kfree(tmp);
  156. return ret;
  157. }
  158. static char test_ecdh_buffer[32];
  159. static ssize_t test_ecdh_read(struct file *file, char __user *user_buf,
  160. size_t count, loff_t *ppos)
  161. {
  162. return simple_read_from_buffer(user_buf, count, ppos, test_ecdh_buffer,
  163. strlen(test_ecdh_buffer));
  164. }
  165. static const struct file_operations test_ecdh_fops = {
  166. .open = simple_open,
  167. .read = test_ecdh_read,
  168. .llseek = default_llseek,
  169. };
  170. static int __init test_ecdh(void)
  171. {
  172. struct crypto_kpp *tfm;
  173. ktime_t calltime, delta, rettime;
  174. unsigned long long duration = 0;
  175. int err;
  176. calltime = ktime_get();
  177. tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0);
  178. if (IS_ERR(tfm)) {
  179. BT_ERR("Unable to create ECDH crypto context");
  180. err = PTR_ERR(tfm);
  181. goto done;
  182. }
  183. err = test_ecdh_sample(tfm, priv_a_1, priv_b_1, pub_a_1, pub_b_1,
  184. dhkey_1);
  185. if (err) {
  186. BT_ERR("ECDH sample 1 failed");
  187. goto done;
  188. }
  189. err = test_ecdh_sample(tfm, priv_a_2, priv_b_2, pub_a_2, pub_b_2,
  190. dhkey_2);
  191. if (err) {
  192. BT_ERR("ECDH sample 2 failed");
  193. goto done;
  194. }
  195. err = test_ecdh_sample(tfm, priv_a_3, priv_a_3, pub_a_3, pub_a_3,
  196. dhkey_3);
  197. if (err) {
  198. BT_ERR("ECDH sample 3 failed");
  199. goto done;
  200. }
  201. crypto_free_kpp(tfm);
  202. rettime = ktime_get();
  203. delta = ktime_sub(rettime, calltime);
  204. duration = (unsigned long long) ktime_to_ns(delta) >> 10;
  205. BT_INFO("ECDH test passed in %llu usecs", duration);
  206. done:
  207. if (!err)
  208. snprintf(test_ecdh_buffer, sizeof(test_ecdh_buffer),
  209. "PASS (%llu usecs)\n", duration);
  210. else
  211. snprintf(test_ecdh_buffer, sizeof(test_ecdh_buffer), "FAIL\n");
  212. debugfs_create_file("selftest_ecdh", 0444, bt_debugfs, NULL,
  213. &test_ecdh_fops);
  214. return err;
  215. }
  216. #else
  217. static inline int test_ecdh(void)
  218. {
  219. return 0;
  220. }
  221. #endif
  222. static int __init run_selftest(void)
  223. {
  224. int err;
  225. BT_INFO("Starting self testing");
  226. err = test_ecdh();
  227. if (err)
  228. goto done;
  229. err = bt_selftest_smp();
  230. done:
  231. BT_INFO("Finished self testing");
  232. return err;
  233. }
  234. #if IS_MODULE(CONFIG_BT)
  235. /* This is run when CONFIG_BT_SELFTEST=y and CONFIG_BT=m and is just a
  236. * wrapper to allow running this at module init.
  237. *
  238. * If CONFIG_BT_SELFTEST=n, then this code is not compiled at all.
  239. */
  240. int __init bt_selftest(void)
  241. {
  242. return run_selftest();
  243. }
  244. #else
  245. /* This is run when CONFIG_BT_SELFTEST=y and CONFIG_BT=y and is run
  246. * via late_initcall() as last item in the initialization sequence.
  247. *
  248. * If CONFIG_BT_SELFTEST=n, then this code is not compiled at all.
  249. */
  250. static int __init bt_selftest_init(void)
  251. {
  252. return run_selftest();
  253. }
  254. late_initcall(bt_selftest_init);
  255. #endif