Bluetooth ECDH selftest failed (endianness issue?)

Bluetooth ECDH selftest failed (endianness issue?)

[Andrey Batyiev]

Hello everyone,

I'm trying to pair my MIPS based router with a phone (using bluez),
without success.
I have turned on debugging features of bluetooth kernel module and I
got this in dmesg:

[  234.481526] Bluetooth: Core ver 2.22
[  234.485231] Bluetooth: Starting self testing
[  234.525375] Bluetooth: ECDH sample 1 failed
[  234.529728] Bluetooth: Finished self testing

Also, I checked hcidump, and it seems that SMP "Pairing confirm"
command got rejected by the phone with an error ("Reason: Unspecified
Reason (0x08)").
As far as I understand, ECDH computation is involved in a pairing process.

However, my Linux desktop is able to successfully pair to the phone
(Ubuntu 18.04) via the same dongle, using same version of bluez.

The huge difference between my desktop and router is endianness:
router is big-endian, while desktop is little-endian. Maybe, that's
the case?

I'm not sure how to debug this, could you please advise?

Router specs:
CPU: QCA9531 (MIPS_24KC, big-endian)
Distro: OpenWRT git master
Linux: 4.14.88
BlueZ: 5.49
Bluetooth dongle: CSR8510 A10

Thanks,
  Andrey

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Marcel Holtmann]

Hi Andrey,

> I'm trying to pair my MIPS based router with a phone (using bluez),
> without success.
> I have turned on debugging features of bluetooth kernel module and I
> got this in dmesg:
> 
> [  234.481526] Bluetooth: Core ver 2.22
> [  234.485231] Bluetooth: Starting self testing
> [  234.525375] Bluetooth: ECDH sample 1 failed
> [  234.529728] Bluetooth: Finished self testing
> 
> Also, I checked hcidump, and it seems that SMP "Pairing confirm"
> command got rejected by the phone with an error ("Reason: Unspecified
> Reason (0x08)").
> As far as I understand, ECDH computation is involved in a pairing process.

I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.

Regards

Marcel

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Andrey Batyiev]

[-- Attachment #1: Type: text/plain, Size: 426 bytes --]

Hello Marcel,

On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.

Binary trace from the MIPS system is attached. Hope it helps.

Thanks,
   Andrey

[-- Attachment #2: trace.log --]
[-- Type: text/x-log, Size: 6696 bytes --]

btsnoop\0\0\0\0\x01\0\0\aÑ\0\0\0\x1d\0\0\0\x1dÿÿ\0\f\0\0\0\0\0â\Bë'ÝÆLinux version 4.14.88 (mips)\0\0\0\0!\0\0\0!ÿÿ\0\f\0\0\0\0\0â\Bë'ÝÓBluetooth subsystem version 2.22\0\0\0\0\x10\0\0\0\x10\0\0\0\0\0\0\0\0\0â\Bë'ÝÖ\0\x01\x13qÚ}\x1a\0hci0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\b\0\0\0\0\0â\Bë'ÝØ\0\0\0\b\0\0\0\b\0\0\0
\0\0\0\0\0â\Bë'ÝÛ\x13qÚ}\x1a\0
\0\0\0\0\x1e\0\0\0\x1eÿÿ\0\x0e\0\0\0\0\0â\Bë'Ýß\x01\0\0\0\x02\0\x01\x0e\0\x01\0\0\0\x10bluetoothd\0\0\0\0\0\0\0\0\0\x1e\0\0\0\x1eÿÿ\0\x0e\0\0\0\0\0â\Bë'Þ\x15\x02\0\0\0\x02\0\x01\x0e\0\x01\0\0\0\x10btmon\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x15\0\0\0\x15\0\0\0\x03\0\0\0\0\0â\Bì:"\v>\x13\x01\0E\0\x01\x01$tiäI}\x18\0\0\0H\0\x05\0\0\0\x13\0\0\0\x13\0\0\0\x11\0\0\0\0\0â\Bì:"N\x02\0\0\0\v\0$tiäI}\x02\0\0\0\0\0\0\0\0\0\x13\0\0\0\x13\0\0\0\x11\0\0\0\0\0â\Bì:"N\x01\0\0\0\v\0$tiäI}\x02\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\Bì:±rE\0\a\0\x03\0\x04\0\x02\x05\x02\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì;'ÚE \v\0\a\0:\0	\x05\x02\0\0\0\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì;+Ö\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\Bì;,\x02E \a\0\x03\0\x04\0\x02¹\0\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\Bì;3,E\0\a\0\x03\0\x04\0\x03\x05\x02\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\Bì;\x06E \a\0\x03\0\x04\0\x03¹\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì;žÍE\0\v\0\a\0\x04\0\x10\x01\0ÿÿ\0(\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì<\x123E \v\0\a\0\x04\0\x10\x01\0ÿÿ\0(\0\0\0\x16\0\0\0\x16\0\0\0\x04\0\0\0\0\0â\Bì<\x14\x11E\0\x12\0\x0e\0\x04\0\x11\x06\x01\0\x05\0\0\x18\x06\0	\0\x01\x18\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì<\x169\x13\x05\x01E\0\x01\0\0\0\0\x16\0\0\0\x16\0\0\0\x05\0\0\0\0\0â\Bì<‡hE \x12\0\x0e\0\x04\0\x11\x06\x01\0\x05\0\0\x18\x06\0	\0\x01\x18\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì<‰\x1aE\0\v\0\a\0\x04\0\x10
\0ÿÿ\0(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì<‹i\x13\x05\x01E\0\x01\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì<ü™E \v\0\a\0\x04\0\x10
\0ÿÿ\0(\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\Bì<þjE\0	\0\x05\0\x04\0\x01\x10
\0
\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì=\0™\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\Bì=qÇE ^[\0*\0\x04\0\x11\x14
\0\x0e\0fC®\x10yHø¥‘E´»x\x1eaÐ\x0f\0\0\0\x17\0\0\0\x17\0\0\0\x05\0\0\0\0\0â\Bì=qæE\x10\x13\0\0\x13\0®\x04]ÜCӐ“BEgIà€¤Ÿ\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì=s{E\0\v\0\a\0\x04\0\x10\x14\0ÿÿ\0(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì=uÈ\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì=}„\x13\x05\x01E\0\x01\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì=æ÷E \v\0\a\0\x04\0\b\x06\0	\0\x03(\0\0\0\x11\0\0\0\x11\0\0\0\x04\0\0\0\0\0â\Bì=èãE\0\r\0	\0\x04\0	\a\a\0 \b\0\x05*\0\0\0\x1c\0\0\0\x1c\0\0\0\x05\0\0\0\0\0â\Bì>\(E \x18\0\x14\0\x04\0\x11\x06\x14\0\x17\0\x0f\x18\x18\0\x1d\0\x05\x18\x1e\0"\0
\x18\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì>]ÞE\0\v\0\a\0\x04\0\x10#\0ÿÿ\0(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì>`*\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\Bì>ÑXE 	\0\x05\0\x04\0\x04	\0	\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì>Ñ¿\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x04\0\0\0\0\0â\Bì>ÓiE\0
\0\x06\0\x04\0\x05\x01	\0\x02)\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\Bì?FˆE ^[\0*\0\x04\0\x11\x14#\0,\0Ð\0-\x12\x1eK\x0f¤™Nε1ô\x05y-\0\0\0\x17\0\0\0\x17\0\0\0\x05\0\0\0\0\0â\Bì?F­E\x10\x13\0\08\0ÜøU­\x02ÅôŽ:C6\x0f+PÓ‰\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì?HJE\0\v\0\a\0\x04\0\x109\0ÿÿ\0(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì?J‰\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì?RD\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\Bì?»¶E 	\0\x05\0\x04\0\x12	\0\x02\0\0\0\0	\0\0\0	\0\0\0\x04\0\0\0\0\0â\Bì?½ïE\0\x05\0\x01\0\x04\0\x13\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\Bì@0çE 	\0\x05\0\x04\0\x01\x109\0
\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì@4DE\0\v\0\a\0\x04\0\x10\x01\0ÿÿ\x01(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì@4Þ\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì@©ü\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\BìAyE 	\0\x05\0\x04\0\x01\x108\0
\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìA’BE\0\v\0\a\0\x04\0\b\x01\08\0\x02(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìA”z\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\BìBzÓE 	\0\x05\0\x04\0\x01\b8\0
\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìB|ŽE\0\v\0\a\0\x04\0\b\x01\08\0\x03(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìB~Ú\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìCe6E ^[\0\x17\0\x04\0	\a\x02\0\x02\x03\0\0*\x04\0\x02\x05\0\x01*\a\0 \b\0\x05*\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìCfÖE\0\v\0\a\0\x04\0\b\b\08\0\x03(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìCi8\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìDO–E ^[\0,\0\x04\0	\x15\v\0˜\f\0I\0Ù'îTí„‘L7šlUg†\0\0\0\x19\0\0\0\x19\0\0\0\x05\0\0\0\0\0â\BìDO¶E\x10\x15\0\x10\0˜\x11\0ÌãIÅ{§z‘ÍC™[±­\v¯\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìDQXE\0\v\0\a\0\x04\0\b\x11\08\0\x03(\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìDS™\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìE9ùE ^[\0%\0\x04\0	\a\x15\0\x12\x16\0\x19*\x19\0\x12\x1a\0+*\x1c\0\x02\x1d\0\x0f*\0\0\0\x12\0\0\0\x12\0\0\0\x05\0\0\0\0\0â\BìE:)E\x10\x0e\0\x1f\0\x02 \0)*!\0\x02"\0$*\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìE:l\x13\x05\x01E\0\x01\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìE;õE\0\v\0\a\0\x04\0\b"\08\0\x03(\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìF$ZE ^[\0€\0\x04\0	\x15$\0ˆ%\0ÙÙªý½›!˜¨IáEóØÑi\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìF$€E\x10^[\0'\0\x10(\0½\x1d¢™æ%XŒÙB\x01c\r\x12¿Ÿ*\0\x10+\0û\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìF(U\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìF(‚E\x10^[\0{|Îj³D¾µKÖ$éÆê".\0˜/\0ÂQÊ÷V\x0eß\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\BìF,4E\x10^[\0¸ŠJ±W؁<›2\0˜3\0\x02Á–º’»\fš\x1fA€Î\0\0\0\x1c\0\0\0\x1c\0\0\0\x05\0\0\0\0\0â\BìF,YE\x10\x18\0«|/6\0Š7\0×Õ»p¨£«¦ØF«#Œó²Æ\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\BìF-åE\0\v\0\a\0\x04\0\b7\08\0\x03(\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\BìG\x0e¶E 	\0\x05\0\x04\0\x01\b8\0
\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìG\x12±\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìG\x14=E\0	\0\x05\0\x04\0\x04	\0	\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìGù\x18E 
\0\x06\0\x04\0\x05\x01	\0\x02)\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìGû9E\0	\0\x05\0\x04\0\x04\r\0\x0e\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìGý\x16\x13\x05\x01E\0\x01\0\0\0\0\x12\0\0\0\x12\0\0\0\x05\0\0\0\0\0â\BìHãtE \x0e\0
\0\x04\0\x05\x01\r\0\0)\x0e\0\x02)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìHåE\0\a\0\x03\0\x04\0
\r\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìHçv\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìIÍ×E \a\0\x03\0\x04\0\v\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìIÏËE\0	\0\x05\0\x04\0\x04\x12\0\x13\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìIÑØ\x13\x05\x01E\0\x01\0\0\0\0\x12\0\0\0\x12\0\0\0\x05\0\0\0\0\0â\BìJ¸3E \x0e\0
\0\x04\0\x05\x01\x12\0\0)\x13\0\x02)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìJºcE\0\a\0\x03\0\x04\0
\x12\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìJ¼6\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìK¢•E \a\0\x03\0\x04\0\v\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìK¤ŒE\0	\0\x05\0\x04\0\x04\x17\0\x17\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìK¦™\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìLâ\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìM\x02%E 
\0\x06\0\x04\0\x05\x01\x17\0\x02)\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìM\x04VE\0	\0\x05\0\x04\0\x04^[\0^[\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìMìˆE 
\0\x06\0\x04\0\x05\x01^[\0\x02)\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìMîÝE\0	\0\x05\0\x04\0\x04&\0&\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìMð†\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìNÖäE 
\0\x06\0\x04\0\x05\x01&\0\0)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìNØúE\0\a\0\x03\0\x04\0
&\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìNÚæ\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìOÁGE \a\0\x03\0\x04\0\v\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìOÃ7E\0	\0\x05\0\x04\0\x04)\0)\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìOÅI\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìP«£E 
\0\x06\0\x04\0\x05\x01)\0\x02)\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìP­ËE\0	\0\x05\0\x04\0\x04,\0,\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìP¯¦\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìQ–\bE 
\0\x06\0\x04\0\x05\x01,\0\x02)\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìQ˜'E\0	\0\x05\0\x04\0\x040\01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìQš\a\x13\x05\x01E\0\x01\0\0\0\0\x12\0\0\0\x12\0\0\0\x05\0\0\0\0\0â\BìR€gE \x0e\0
\0\x04\0\x05\x010\0\0)1\0\x02)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìR‚E\0\a\0\x03\0\x04\0
0\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìR„e\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìSjÃE \a\0\x03\0\x04\0\v\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìSl±E\0	\0\x05\0\x04\0\x044\05\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìSnË\x13\x05\x01E\0\x01\0\0\0\0\x12\0\0\0\x12\0\0\0\x05\0\0\0\0\0â\BìTU(E \x0e\0
\0\x04\0\x05\x014\0\0)5\0\x02)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìTWNE\0\a\0\x03\0\x04\0
4\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìTY%\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìU?ƒE \a\0\x03\0\x04\0\v\x01\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìUAuE\0	\0\x05\0\x04\0\x048\08\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìUC‰\x13\x05\x01E\0\x01\0\0\0\0\x0e\0\0\0\x0e\0\0\0\x05\0\0\0\0\0â\BìV)æE 
\0\x06\0\x04\0\x05\x018\0\0)\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìV,\0E\0\a\0\x03\0\x04\0
8\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìV-æ\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìW\x14CE \a\0\x03\0\x04\0\v\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìW\x18B\x13\x05\x01E\0\x01\0\0\0\0e\0\0\0eÿÿ\0\r\0\0\0\0\0â\BìW„\x18\x04\vbluetoothd\0Can't store services for private addressed device /org/bluez/hci0/dev_7D_49_E4_69_74_24\0\0\0\0d\0\0\0dÿÿ\0\r\0\0\0\0\0â\BìWí\x04\vbluetoothd\0Can't store GATT db for private addressed device /org/bluez/hci0/dev_7D_49_E4_69_74_24\0\0\0\0\r\0\0\0\r\0\0\0\x04\0\0\0\0\0â\BìW•æE\0	\0\x05\0\x04\0\x12	\0\x02\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìXsè\x13\x05\x01E\0\x01\0\0\0\0	\0\0\0	\0\0\0\x05\0\0\0\0\0â\BìXt\x19E \x05\0\x01\0\x04\0\x13\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìY\x01\aE\0\a\0\x03\0\x04\0
\x03\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìYÓ\x7f\x13\x05\x01E\0\x01\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\BìYÓ²E \v\0\a\0\x04\0\viPhone\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìYÙÛE\0\a\0\x03\0\x04\0
\x05\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\BìZ½Ý\x13\x05\x01E\0\x01\0\0\0\0\v\0\0\0\v\0\0\0\x05\0\0\0\0\0â\BìZ¾\x0eE \a\0\x03\0\x04\0\v@\0\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\BìZÄ9E\0\a\0\x03\0\x04\0
\x16\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì[¨9\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\Bì[¨dE 	\0\x05\0\x04\0\x01
\x16\0\x05\0\0\0
\0\0\0
\0\0\0\x04\0\0\0\0\0â\Bì[­¤E\0\x06\0\x02\0\x06\0\v	\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì\\x1dkE \v\0\a\0\x04\0\b\x01\0\x05\0\0*\0\0\0\x10\0\0\0\x10\0\0\0\x04\0\0\0\0\0â\Bì\":E\0\f\0\b\0\x04\0	\x06\x03\0Test\0\0\0\v\0\0\0\v\0\0\0\x04\0\0\0\0\0â\Bì\%`E\0\a\0\x03\0\x04\0
\x16\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x05\0\0\0\0\0â\Bì\’‰E \v\0\a\0\x06\0\x01\x04\0	\x10\x03\x03\0\0\0\x0f\0\0\0\x0f\0\0\0\x04\0\0\0\0\0â\Bì\“
E\0\v\0\a\0\x06\0\x02\x03\0	\x10\x03\x01\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì\–Š\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì\žL\x13\x05\x01E\0\x01\0\0\0\0\r\0\0\0\r\0\0\0\x05\0\0\0\0\0â\Bì]\a¸E 	\0\x05\0\x04\0\x01
\x16\0\x05\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì]\v´\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bì]|ì\x13\x05\x01E\0\x01\0\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\Bí\x0fŽÕE ^[\0A\0\x06\0\fŒ"µSÓ:ŽŸÎŸìãæ\x1a\x04\x04³ÊèFAÁ\0\0\0\x1f\0\0\0\x1f\0\0\0\x05\0\0\0\0\0â\Bí\x0f’ÖE\x10^[\0Á…©çyíè\x1cÓ3ÓàqÃf¨{\x17……ú(?Ïýï \0\0\0\x13\0\0\0\x13\0\0\0\x05\0\0\0\0\0â\Bí\x0f’þE\x10\x0f\0&áßü]š`’/\x18½àEµ\0\0\0I\0\0\0I\0\0\0\x04\0\0\0\0\0â\Bí\x10\x1e‚E\0E\0A\0\x06\0\fD€Kôý¡³\fÒ›šn$	h¤\x01^[rnø“+^[çCfœE\x7f\x18ø)¥—¦¯ì¶ßrRÏØŠø¬=8ÂÜ\x01æá8³{\x03aõb¨Íx\0\0\0\x19\0\0\0\x19\0\0\0\x04\0\0\0\0\0â\Bí\x10\x1e±E\0\x15\0\x11\0\x06\0\x03o¢w1Wî\x0f0¾ÛâM¤Åû=\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bí\x10„ò\x13\x05\x01E\0\x01\0\0\0\0\a\0\0\0\a\0\0\0\x03\0\0\0\0\0â\Bí\x10îo\x13\x05\x01E\0\x01\0\0\0\0
\0\0\0
\0\0\0\x05\0\0\0\0\0â\Bí\x10î•E \x06\0\x02\0\x06\0\x05\b\0\0\0\x0e\0\0\0\x0e\0\0\0\x11\0\0\0\0\0â\Bí\x10îä\x02\0\0\0\x11\0$tiäI}\x02\x05\0\0\0\x0e\0\0\0\x0e\0\0\0\x11\0\0\0\0\0â\Bí\x10îä\x01\0\0\0\x11\0$tiäI}\x02\x05\0\0\0
\0\0\0
\0\0\0\x05\0\0\0\0\0â\Bí\x10î E \x06\0\x02\0\x06\0\x05\b\0\0\0\x06\0\0\0\x06\0\0\0\x02\0\0\0\0\0â\Bí\x10ï\x1e\x06\x04\x03E\0\x05\0\0\0\x06\0\0\0\x06\0\0\0\x03\0\0\0\0\0â\Bí\x11\x03Ó\x0f\x04\0\x01\x06\x04\0\0\0\x06\0\0\0\x06\0\0\0\x03\0\0\0\0\0â\Bí\x11ܳ\x05\x04\0E\0\x16\0\0\0\x0e\0\0\0\x0e\0\0\0\x11\0\0\0\0\0â\Bí\x11Ý\b\x02\0\0\0\f\0$tiäI}\x02\x02\0\0\0\x0e\0\0\0\x0e\0\0\0\x11\0\0\0\0\0â\Bí\x11Ý\b\x01\0\0\0\f\0$tiäI}\x02\x02\0\0\0\x12\0\0\0\x12\0\0\0\x02\0\0\0\0\0â\Bí\x1a¶á\x06 \x0f\0\b\0\b\0\0\0\0\0\0\0\0\0\a\0\0\0\0\x06\0\0\0\x06\0\0\0\x03\0\0\0\0\0â\Bí\x1aºY\x0e\x04\x01\x06 \0\0\0\0\x04\0\0\0\x04\0\0\0\x02\0\0\0\0\0â\Bí\x1aºÃ
 \x01\x01\0\0\0\x06\0\0\0\x06\0\0\0\x03\0\0\0\0\0â\Bí\x1aÂ\x19\x0e\x04\x01
 \0

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Andrey Batyiev]

Hello Marcel,

> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.

I found out that if I change "swap_digits" method in
"net/bluetooth/ecdh_helper.c" to

static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
{
int i;

for (i = 0; i < ndigits; i++)
        out[i] = in[ndigits - 1 - i];
}

then BLE pairing on big-endian become operational. I'm not sure what
proper fix should be: is it a problem with crypto API usage or a
problem with crypto itself?

Thanks,
   Andrey

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Marcel Holtmann]

Hi Andrey,

>> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
>> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.
> 
> I found out that if I change "swap_digits" method in
> "net/bluetooth/ecdh_helper.c" to
> 
> static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
> {
> int i;
> 
> for (i = 0; i < ndigits; i++)
>        out[i] = in[ndigits - 1 - i];
> }
> 
> then BLE pairing on big-endian become operational. I'm not sure what
> proper fix should be: is it a problem with crypto API usage or a
> problem with crypto itself?

if the kernel ECC and ECDH crypto already swaps for us, then we don’t need to do it again. So all the swap_digits most likely can be removed from net/bluetooth/.

Regards

Marcel

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Emil Lenngren]

Hi,

Den fre 18 jan. 2019 kl 04:44 skrev Marcel Holtmann <marcel@holtmann.org>:
>
> Hi Andrey,
>
> >> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
> >> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.
> >
> > I found out that if I change "swap_digits" method in
> > "net/bluetooth/ecdh_helper.c" to
> >
> > static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
> > {
> > int i;
> >
> > for (i = 0; i < ndigits; i++)
> >        out[i] = in[ndigits - 1 - i];
> > }
> >
> > then BLE pairing on big-endian become operational. I'm not sure what
> > proper fix should be: is it a problem with crypto API usage or a
> > problem with crypto itself?
>
> if the kernel ECC and ECDH crypto already swaps for us, then we don’t need to do it again. So all the swap_digits most likely can be removed from net/bluetooth/.
>
> Regards
>
> Marcel
>

The Bluetooth standard is a bit strange. It assumes the AES standard
is big endian (although it is really just defined on a byte level),
but since Bluetooth is little-endian everywhere, all AES 128-bit
values must be reversed when a standard AES library is used. In
particular, SMP reverses the AES values. So the swap_digits should be
kept.

/Emil

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Marcel Holtmann]

Hi Emil,

>>>> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
>>>> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.
>>> 
>>> I found out that if I change "swap_digits" method in
>>> "net/bluetooth/ecdh_helper.c" to
>>> 
>>> static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
>>> {
>>> int i;
>>> 
>>> for (i = 0; i < ndigits; i++)
>>>       out[i] = in[ndigits - 1 - i];
>>> }
>>> 
>>> then BLE pairing on big-endian become operational. I'm not sure what
>>> proper fix should be: is it a problem with crypto API usage or a
>>> problem with crypto itself?
>> 
>> if the kernel ECC and ECDH crypto already swaps for us, then we don’t need to do it again. So all the swap_digits most likely can be removed from net/bluetooth/.
>> 
>> Regards
>> 
>> Marcel
>> 
> 
> The Bluetooth standard is a bit strange. It assumes the AES standard
> is big endian (although it is really just defined on a byte level),
> but since Bluetooth is little-endian everywhere, all AES 128-bit
> values must be reversed when a standard AES library is used. In
> particular, SMP reverses the AES values. So the swap_digits should be
> kept.

so you are saying just reversing is needed, but not swapping? But then this is no longer swap_digits, it is just a reverse. What do you want us to do in this case now?

Regards

Marcel

Re: Bluetooth ECDH selftest failed (endianness issue?)

[Emil Lenngren]

Hi Andrey and Marcel,

Den mån 21 jan. 2019 kl 15:53 skrev Marcel Holtmann <marcel@holtmann.org>:
>
> Hi Emil,
>
> >>>> On Sat, Dec 29, 2018 at 9:35 AM Marcel Holtmann <marcel@holtmann.org> wrote:
> >>>> I think that our ECDH code was endian safe, but then it got changed at some point to use standard crypto and maybe something went wrong there. Can just provide the btmon -w trace.log for the SMP pairing so that I can have a look at the binary trace.
> >>>
> >>> I found out that if I change "swap_digits" method in
> >>> "net/bluetooth/ecdh_helper.c" to
> >>>
> >>> static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
> >>> {
> >>> int i;
> >>>
> >>> for (i = 0; i < ndigits; i++)
> >>>       out[i] = in[ndigits - 1 - i];
> >>> }
> >>>
> >>> then BLE pairing on big-endian become operational. I'm not sure what
> >>> proper fix should be: is it a problem with crypto API usage or a
> >>> problem with crypto itself?
> >>
> >> if the kernel ECC and ECDH crypto already swaps for us, then we don’t need to do it again. So all the swap_digits most likely can be removed from net/bluetooth/.
> >>
> >> Regards
> >>
> >> Marcel
> >>
> >
> > The Bluetooth standard is a bit strange. It assumes the AES standard
> > is big endian (although it is really just defined on a byte level),
> > but since Bluetooth is little-endian everywhere, all AES 128-bit
> > values must be reversed when a standard AES library is used. In
> > particular, SMP reverses the AES values. So the swap_digits should be
> > kept.
>
> so you are saying just reversing is needed, but not swapping? But then this is no longer swap_digits, it is just a reverse. What do you want us to do in this case now?

First, I was a bit too quick. This is not about AES but about
NIST-ECDH. Nevertheless, the kernel API seems to assume big endian
order of the values regardless of platform, per the NIST
specification.

By looking some more into the kernel ECDH code, the Bluetooth code is
not the buggy one. Instead the ECDH kernel code turns out to be wrong.
The function ecc_swap_digits in crypto/ecc.c looks like the following:

static inline void ecc_swap_digits(const u64 *in, u64 *out,
unsigned int ndigits)
{
    int i;
    for (i = 0; i < ndigits; i++)
        out[i] = __swab64(in[ndigits - 1 - i]);
}

It is basically used to load a pointer-casted byte buffer into an
internal little endian representation of u64 values and vice versa. So
it works on little endian platforms but will fail on big endian
platforms. Applying your patch here is the correct thing to do, and
not in the Bluetooth code. But instead of using no swap for big endian
and __swab64 for little endian platforms, simply use the be64_to_cpu
helper.

/Emil