Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C327FC43387 for ; Fri, 18 Jan 2019 13:52:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8C49C2086D for ; Fri, 18 Jan 2019 13:52:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XC3PhFnW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727559AbfARNwF (ORCPT ); Fri, 18 Jan 2019 08:52:05 -0500 Received: from mail-pg1-f176.google.com ([209.85.215.176]:42982 "EHLO mail-pg1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727134AbfARNwF (ORCPT ); Fri, 18 Jan 2019 08:52:05 -0500 Received: by mail-pg1-f176.google.com with SMTP id d72so6087438pga.9 for ; Fri, 18 Jan 2019 05:52:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=aErJFSXgX5/ISerHxNZlQP570UcVdtJg+gAsEZ2XPms=; b=XC3PhFnWjTFiq8X9rarmTkMx2ttmHUjKElIY1yc3YI/svLr2iH56Y4tenpGXBNomLu grfWz2uInuucwUmka+7lY1rLbEPP0kLZg9BPYfnaCUxcBzYz512b3123EPTWaD3kWDoT bOj/FUCgWCjWeegwbvJggCqbeMwJwnf6Ix4EylcyZ4zVRCikcaFUXgGXLSb06h03xd1f 4S/95qWYIzoeRJa9s9kLlvowe6+pyEkrj1CIz9SYTPQxJLTECDgTnWLUdjly25SPpxq3 5wkrP71Kfids64uSx8V2iPZLShJsXgqw0Ade2SJy+HuaJmVzix0I8WlZL6eUq0kKhNvq HaXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=aErJFSXgX5/ISerHxNZlQP570UcVdtJg+gAsEZ2XPms=; b=H2QHRDi/ukusA6wslRa8hComYcOxmm/hPuDbOKr9YeW+pOGNypIh9SKyXZB6s3NG8Q ytZqxcb9YEp5+yMnOJNUFTM0Z5pLvByCrIZLJU4I29M3DEuuZvl6A+T96XCkNikSmTo+ Yz7sNq8QxemhGxoDNnv/XxCW1kjCPifVqzgUeMKvNKmH0+RDywzCqgCg48gDvIJxPfwK kje9OS1RQkg0kWZGBO6nV9U5SXF4XaVYlClpM5i1m29ycHrNeN+iNjBn7W4FtGKKHdLH BGeXAH+iQi02Oi94vqquByITcqlckUi5YuTyevmfNQBeMI1Nhr2+e7rfn/xh6DoI/d8z A+cg== X-Gm-Message-State: AJcUuke7XWy5m3AKOjg17WXdh0OpCIETW2CKOmBz4EnuARX9Q4Ac6YiQ 4UGOz2B6IK3TdH+YpPXjSd7d30RmHgWw0aly8WI= X-Google-Smtp-Source: ALg8bN5PQIySSX5sOscyiv7TVhJsoVFBiIMDU7aOG7giJRbnC3kN17ZH/2KXwfasmfEJySZI0lSWdlWh2MpJfZxKNvQ= X-Received: by 2002:a65:55ca:: with SMTP id k10mr17574086pgs.448.1547819523513; Fri, 18 Jan 2019 05:52:03 -0800 (PST) MIME-Version: 1.0 References: <49999069-238D-4FBE-8F38-3762788A67C1@holtmann.org> <82ABD3A9-290C-4291-A84D-C4C2DE62CD17@holtmann.org> In-Reply-To: <82ABD3A9-290C-4291-A84D-C4C2DE62CD17@holtmann.org> From: Emil Lenngren Date: Fri, 18 Jan 2019 08:51:10 -0500 Message-ID: Subject: Re: Bluetooth ECDH selftest failed (endianness issue?) To: Marcel Holtmann Cc: Andrey Batyiev , Johan Hedberg , Bluez mailing list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi, Den fre 18 jan. 2019 kl 04:44 skrev Marcel Holtmann : > > Hi Andrey, > > >> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann = wrote: > >> I think that our ECDH code was endian safe, but then it got changed at= some point to use standard crypto and maybe something went wrong there. Ca= n just provide the btmon -w trace.log for the SMP pairing so that I can hav= e a look at the binary trace. > > > > I found out that if I change "swap_digits" method in > > "net/bluetooth/ecdh_helper.c" to > > > > static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) > > { > > int i; > > > > for (i =3D 0; i < ndigits; i++) > > out[i] =3D in[ndigits - 1 - i]; > > } > > > > then BLE pairing on big-endian become operational. I'm not sure what > > proper fix should be: is it a problem with crypto API usage or a > > problem with crypto itself? > > if the kernel ECC and ECDH crypto already swaps for us, then we don=E2=80= =99t need to do it again. So all the swap_digits most likely can be removed= from net/bluetooth/. > > Regards > > Marcel > The Bluetooth standard is a bit strange. It assumes the AES standard is big endian (although it is really just defined on a byte level), but since Bluetooth is little-endian everywhere, all AES 128-bit values must be reversed when a standard AES library is used. In particular, SMP reverses the AES values. So the swap_digits should be kept. /Emil