2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
65 static inline void swap128(const u8 src[16], u8 dst[16])
68 for (i = 0; i < 16; i++)
72 static inline void swap56(const u8 src[7], u8 dst[7])
75 for (i = 0; i < 7; i++)
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
87 BT_ERR("tfm %p", tfm);
94 /* The most significant octet of key corresponds to k[0] */
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 BT_ERR("cipher setkey failed: %d", err);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg, data, 16);
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 BT_ERR("Encrypt data error %d", err);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 /* r' = padding || r */
125 memset(_res + 3, 0, 13);
127 err = smp_e(tfm, irk, _res);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res, _res, 3);
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
156 return !memcmp(bdaddr->b, hash, 3);
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
163 get_random_bytes(&rpa->b[3], 3);
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
172 BT_DBG("RPA %pMR", rpa);
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r + 8, r1, 8);
227 err = smp_e(tfm, k, _r);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
238 struct l2cap_hdr *lh;
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
256 memcpy(skb_put(skb, dlen), data, dlen);
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
265 BT_DBG("code 0x%2.2x", code);
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
277 static __u8 authreq_to_seclevel(__u8 authreq)
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
282 return BT_SECURITY_MEDIUM;
285 static __u8 seclevel_to_authreq(__u8 sec_level)
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
293 return SMP_AUTH_NONE;
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
311 authreq &= ~SMP_AUTH_BONDING;
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
328 smp->remote_key_dist = remote_dist;
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
339 smp->remote_key_dist = rsp->init_key_dist;
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
344 struct smp_chan *smp = conn->smp_chan;
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
350 smp->enc_key_size = max_key_size;
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
357 struct hci_conn *hcon = conn->hcon;
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
367 cancel_delayed_work_sync(&conn->security_timer);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
388 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
390 /* If either side has unknown io_caps, use JUST WORKS */
391 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
392 remote_io > SMP_IO_KEYBOARD_DISPLAY)
395 return gen_method[remote_io][local_io];
398 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
399 u8 local_io, u8 remote_io)
401 struct hci_conn *hcon = conn->hcon;
402 struct smp_chan *smp = conn->smp_chan;
407 /* Initialize key for JUST WORKS */
408 memset(smp->tk, 0, sizeof(smp->tk));
409 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
411 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
413 /* If neither side wants MITM, use JUST WORKS */
414 /* Otherwise, look up method from the table */
415 if (!(auth & SMP_AUTH_MITM))
418 method = get_auth_method(smp, local_io, remote_io);
420 /* If not bonding, don't ask user to confirm a Zero TK */
421 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
424 /* Don't confirm locally initiated pairing attempts */
425 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
428 /* If Just Works, Continue with Zero TK */
429 if (method == JUST_WORKS) {
430 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
434 /* Not Just Works/Confirm results in MITM Authentication */
435 if (method != JUST_CFM)
436 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
438 /* If both devices have Keyoard-Display I/O, the master
439 * Confirms and the slave Enters the passkey.
441 if (method == OVERLAP) {
442 if (hcon->link_mode & HCI_LM_MASTER)
443 method = CFM_PASSKEY;
445 method = REQ_PASSKEY;
448 /* Generate random passkey. */
449 if (method == CFM_PASSKEY) {
450 memset(smp->tk, 0, sizeof(smp->tk));
451 get_random_bytes(&passkey, sizeof(passkey));
453 put_unaligned_le32(passkey, smp->tk);
454 BT_DBG("PassKey: %d", passkey);
455 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
458 hci_dev_lock(hcon->hdev);
460 if (method == REQ_PASSKEY)
461 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type);
463 else if (method == JUST_CFM)
464 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
465 hcon->type, hcon->dst_type,
468 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
469 hcon->type, hcon->dst_type,
472 hci_dev_unlock(hcon->hdev);
477 static u8 smp_confirm(struct smp_chan *smp)
479 struct l2cap_conn *conn = smp->conn;
480 struct hci_dev *hdev = conn->hcon->hdev;
481 struct crypto_blkcipher *tfm = hdev->tfm_aes;
482 struct smp_cmd_pairing_confirm cp;
485 BT_DBG("conn %p", conn);
487 /* Prevent mutual access to hdev->tfm_aes */
490 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
491 conn->hcon->init_addr_type, &conn->hcon->init_addr,
492 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
495 hci_dev_unlock(hdev);
498 return SMP_UNSPECIFIED;
500 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
502 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
507 static u8 smp_random(struct smp_chan *smp)
509 struct l2cap_conn *conn = smp->conn;
510 struct hci_conn *hcon = conn->hcon;
511 struct hci_dev *hdev = hcon->hdev;
512 struct crypto_blkcipher *tfm = hdev->tfm_aes;
516 if (IS_ERR_OR_NULL(tfm))
517 return SMP_UNSPECIFIED;
519 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
521 /* Prevent mutual access to hdev->tfm_aes */
524 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
525 hcon->init_addr_type, &hcon->init_addr,
526 hcon->resp_addr_type, &hcon->resp_addr, confirm);
528 hci_dev_unlock(hdev);
531 return SMP_UNSPECIFIED;
533 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
534 BT_ERR("Pairing failed (confirmation values mismatch)");
535 return SMP_CONFIRM_FAILED;
543 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
545 memset(stk + smp->enc_key_size, 0,
546 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
548 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
549 return SMP_UNSPECIFIED;
551 hci_le_start_enc(hcon, ediv, rand, stk);
552 hcon->enc_key_size = smp->enc_key_size;
558 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
561 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
563 memset(stk + smp->enc_key_size, 0,
564 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
566 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
571 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
572 HCI_SMP_STK_SLAVE, auth, stk, smp->enc_key_size,
579 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
581 struct smp_chan *smp;
583 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
588 conn->smp_chan = smp;
589 conn->hcon->smp_conn = conn;
591 hci_conn_hold(conn->hcon);
596 void smp_chan_destroy(struct l2cap_conn *conn)
598 struct smp_chan *smp = conn->smp_chan;
603 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
604 mgmt_smp_complete(conn->hcon, complete);
607 kfree(smp->slave_csrk);
609 /* If pairing failed clean up any keys we might have */
612 list_del(&smp->ltk->list);
616 if (smp->slave_ltk) {
617 list_del(&smp->slave_ltk->list);
618 kfree(smp->slave_ltk);
621 if (smp->remote_irk) {
622 list_del(&smp->remote_irk->list);
623 kfree(smp->remote_irk);
628 conn->smp_chan = NULL;
629 conn->hcon->smp_conn = NULL;
630 hci_conn_drop(conn->hcon);
633 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
635 struct l2cap_conn *conn = hcon->smp_conn;
636 struct smp_chan *smp;
644 smp = conn->smp_chan;
647 case MGMT_OP_USER_PASSKEY_REPLY:
648 value = le32_to_cpu(passkey);
649 memset(smp->tk, 0, sizeof(smp->tk));
650 BT_DBG("PassKey: %d", value);
651 put_unaligned_le32(value, smp->tk);
653 case MGMT_OP_USER_CONFIRM_REPLY:
654 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
656 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
657 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
658 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
661 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
665 /* If it is our turn to send Pairing Confirm, do so now */
666 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
667 u8 rsp = smp_confirm(smp);
669 smp_failure(conn, rsp);
675 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
677 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
678 struct smp_chan *smp;
679 u8 key_size, auth, sec_level;
682 BT_DBG("conn %p", conn);
684 if (skb->len < sizeof(*req))
685 return SMP_INVALID_PARAMS;
687 if (conn->hcon->link_mode & HCI_LM_MASTER)
688 return SMP_CMD_NOTSUPP;
690 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
691 smp = smp_chan_create(conn);
693 smp = conn->smp_chan;
696 return SMP_UNSPECIFIED;
698 smp->preq[0] = SMP_CMD_PAIRING_REQ;
699 memcpy(&smp->preq[1], req, sizeof(*req));
700 skb_pull(skb, sizeof(*req));
702 /* We didn't start the pairing, so match remote */
703 auth = req->auth_req;
705 sec_level = authreq_to_seclevel(auth);
706 if (sec_level > conn->hcon->pending_sec_level)
707 conn->hcon->pending_sec_level = sec_level;
709 /* If we need MITM check that it can be acheived */
710 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
713 method = get_auth_method(smp, conn->hcon->io_capability,
715 if (method == JUST_WORKS || method == JUST_CFM)
716 return SMP_AUTH_REQUIREMENTS;
719 build_pairing_cmd(conn, req, &rsp, auth);
721 key_size = min(req->max_key_size, rsp.max_key_size);
722 if (check_enc_key_size(conn, key_size))
723 return SMP_ENC_KEY_SIZE;
725 get_random_bytes(smp->prnd, sizeof(smp->prnd));
727 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
728 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
730 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
732 /* Request setup of TK */
733 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
735 return SMP_UNSPECIFIED;
737 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
742 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
744 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
745 struct smp_chan *smp = conn->smp_chan;
746 u8 key_size, auth = SMP_AUTH_NONE;
749 BT_DBG("conn %p", conn);
751 if (skb->len < sizeof(*rsp))
752 return SMP_INVALID_PARAMS;
754 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
755 return SMP_CMD_NOTSUPP;
757 skb_pull(skb, sizeof(*rsp));
759 req = (void *) &smp->preq[1];
761 key_size = min(req->max_key_size, rsp->max_key_size);
762 if (check_enc_key_size(conn, key_size))
763 return SMP_ENC_KEY_SIZE;
765 /* If we need MITM check that it can be acheived */
766 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
769 method = get_auth_method(smp, req->io_capability,
771 if (method == JUST_WORKS || method == JUST_CFM)
772 return SMP_AUTH_REQUIREMENTS;
775 get_random_bytes(smp->prnd, sizeof(smp->prnd));
777 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
778 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
780 /* Update remote key distribution in case the remote cleared
781 * some bits that we had enabled in our request.
783 smp->remote_key_dist &= rsp->resp_key_dist;
785 if ((req->auth_req & SMP_AUTH_BONDING) &&
786 (rsp->auth_req & SMP_AUTH_BONDING))
787 auth = SMP_AUTH_BONDING;
789 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
791 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
793 return SMP_UNSPECIFIED;
795 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
797 /* Can't compose response until we have been confirmed */
798 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
799 return smp_confirm(smp);
804 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
806 struct smp_chan *smp = conn->smp_chan;
808 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
810 if (skb->len < sizeof(smp->pcnf))
811 return SMP_INVALID_PARAMS;
813 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
814 skb_pull(skb, sizeof(smp->pcnf));
817 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
819 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
820 return smp_confirm(smp);
822 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
827 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
829 struct smp_chan *smp = conn->smp_chan;
831 BT_DBG("conn %p", conn);
833 if (skb->len < sizeof(smp->rrnd))
834 return SMP_INVALID_PARAMS;
836 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
837 skb_pull(skb, sizeof(smp->rrnd));
839 return smp_random(smp);
842 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
845 struct hci_conn *hcon = conn->hcon;
847 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
852 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
855 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
858 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
859 hcon->enc_key_size = key->enc_size;
864 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
866 struct smp_cmd_security_req *rp = (void *) skb->data;
867 struct smp_cmd_pairing cp;
868 struct hci_conn *hcon = conn->hcon;
869 struct smp_chan *smp;
872 BT_DBG("conn %p", conn);
874 if (skb->len < sizeof(*rp))
875 return SMP_INVALID_PARAMS;
877 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
878 return SMP_CMD_NOTSUPP;
880 sec_level = authreq_to_seclevel(rp->auth_req);
881 if (sec_level > hcon->pending_sec_level)
882 hcon->pending_sec_level = sec_level;
884 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
887 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
890 smp = smp_chan_create(conn);
892 skb_pull(skb, sizeof(*rp));
894 memset(&cp, 0, sizeof(cp));
895 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
897 smp->preq[0] = SMP_CMD_PAIRING_REQ;
898 memcpy(&smp->preq[1], &cp, sizeof(cp));
900 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
902 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
907 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
909 if (sec_level == BT_SECURITY_LOW)
912 if (hcon->sec_level >= sec_level)
918 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
920 struct l2cap_conn *conn = hcon->l2cap_data;
921 struct smp_chan *smp;
924 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
926 /* This may be NULL if there's an unexpected disconnection */
930 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
933 if (smp_sufficient_security(hcon, sec_level))
936 if (sec_level > hcon->pending_sec_level)
937 hcon->pending_sec_level = sec_level;
939 if (hcon->link_mode & HCI_LM_MASTER)
940 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
943 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
946 smp = smp_chan_create(conn);
950 authreq = seclevel_to_authreq(sec_level);
952 /* Require MITM if IO Capability allows or the security level
955 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
956 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
957 authreq |= SMP_AUTH_MITM;
959 if (hcon->link_mode & HCI_LM_MASTER) {
960 struct smp_cmd_pairing cp;
962 build_pairing_cmd(conn, &cp, NULL, authreq);
963 smp->preq[0] = SMP_CMD_PAIRING_REQ;
964 memcpy(&smp->preq[1], &cp, sizeof(cp));
966 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
968 struct smp_cmd_security_req cp;
969 cp.auth_req = authreq;
970 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
973 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
978 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
980 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
981 struct smp_chan *smp = conn->smp_chan;
983 BT_DBG("conn %p", conn);
985 if (skb->len < sizeof(*rp))
986 return SMP_INVALID_PARAMS;
988 /* Ignore this PDU if it wasn't requested */
989 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
992 skb_pull(skb, sizeof(*rp));
994 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
999 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1001 struct smp_cmd_master_ident *rp = (void *) skb->data;
1002 struct smp_chan *smp = conn->smp_chan;
1003 struct hci_dev *hdev = conn->hcon->hdev;
1004 struct hci_conn *hcon = conn->hcon;
1005 struct smp_ltk *ltk;
1008 BT_DBG("conn %p", conn);
1010 if (skb->len < sizeof(*rp))
1011 return SMP_INVALID_PARAMS;
1013 /* Ignore this PDU if it wasn't requested */
1014 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1017 /* Mark the information as received */
1018 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1020 skb_pull(skb, sizeof(*rp));
1023 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1024 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
1025 authenticated, smp->tk, smp->enc_key_size,
1026 rp->ediv, rp->rand);
1028 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1029 smp_distribute_keys(conn);
1030 hci_dev_unlock(hdev);
1035 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1037 struct smp_cmd_ident_info *info = (void *) skb->data;
1038 struct smp_chan *smp = conn->smp_chan;
1042 if (skb->len < sizeof(*info))
1043 return SMP_INVALID_PARAMS;
1045 /* Ignore this PDU if it wasn't requested */
1046 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1049 skb_pull(skb, sizeof(*info));
1051 memcpy(smp->irk, info->irk, 16);
1056 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1057 struct sk_buff *skb)
1059 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1060 struct smp_chan *smp = conn->smp_chan;
1061 struct hci_conn *hcon = conn->hcon;
1066 if (skb->len < sizeof(*info))
1067 return SMP_INVALID_PARAMS;
1069 /* Ignore this PDU if it wasn't requested */
1070 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1073 /* Mark the information as received */
1074 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1076 skb_pull(skb, sizeof(*info));
1078 /* Strictly speaking the Core Specification (4.1) allows sending
1079 * an empty address which would force us to rely on just the IRK
1080 * as "identity information". However, since such
1081 * implementations are not known of and in order to not over
1082 * complicate our implementation, simply pretend that we never
1083 * received an IRK for such a device.
1085 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1086 BT_ERR("Ignoring IRK with no identity address");
1087 smp_distribute_keys(conn);
1091 bacpy(&smp->id_addr, &info->bdaddr);
1092 smp->id_addr_type = info->addr_type;
1094 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1095 bacpy(&rpa, &hcon->dst);
1097 bacpy(&rpa, BDADDR_ANY);
1099 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1100 smp->id_addr_type, smp->irk, &rpa);
1102 smp_distribute_keys(conn);
1107 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1109 struct smp_cmd_sign_info *rp = (void *) skb->data;
1110 struct smp_chan *smp = conn->smp_chan;
1111 struct hci_dev *hdev = conn->hcon->hdev;
1112 struct smp_csrk *csrk;
1114 BT_DBG("conn %p", conn);
1116 if (skb->len < sizeof(*rp))
1117 return SMP_INVALID_PARAMS;
1119 /* Ignore this PDU if it wasn't requested */
1120 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1123 /* Mark the information as received */
1124 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1126 skb_pull(skb, sizeof(*rp));
1129 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1131 csrk->master = 0x01;
1132 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1135 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1136 smp_distribute_keys(conn);
1137 hci_dev_unlock(hdev);
1142 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1144 struct hci_conn *hcon = conn->hcon;
1148 if (hcon->type != LE_LINK) {
1158 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1160 reason = SMP_PAIRING_NOTSUPP;
1164 code = skb->data[0];
1165 skb_pull(skb, sizeof(code));
1168 * The SMP context must be initialized for all other PDUs except
1169 * pairing and security requests. If we get any other PDU when
1170 * not initialized simply disconnect (done if this function
1171 * returns an error).
1173 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1175 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1181 case SMP_CMD_PAIRING_REQ:
1182 reason = smp_cmd_pairing_req(conn, skb);
1185 case SMP_CMD_PAIRING_FAIL:
1186 smp_failure(conn, 0);
1191 case SMP_CMD_PAIRING_RSP:
1192 reason = smp_cmd_pairing_rsp(conn, skb);
1195 case SMP_CMD_SECURITY_REQ:
1196 reason = smp_cmd_security_req(conn, skb);
1199 case SMP_CMD_PAIRING_CONFIRM:
1200 reason = smp_cmd_pairing_confirm(conn, skb);
1203 case SMP_CMD_PAIRING_RANDOM:
1204 reason = smp_cmd_pairing_random(conn, skb);
1207 case SMP_CMD_ENCRYPT_INFO:
1208 reason = smp_cmd_encrypt_info(conn, skb);
1211 case SMP_CMD_MASTER_IDENT:
1212 reason = smp_cmd_master_ident(conn, skb);
1215 case SMP_CMD_IDENT_INFO:
1216 reason = smp_cmd_ident_info(conn, skb);
1219 case SMP_CMD_IDENT_ADDR_INFO:
1220 reason = smp_cmd_ident_addr_info(conn, skb);
1223 case SMP_CMD_SIGN_INFO:
1224 reason = smp_cmd_sign_info(conn, skb);
1228 BT_DBG("Unknown command code 0x%2.2x", code);
1230 reason = SMP_CMD_NOTSUPP;
1237 smp_failure(conn, reason);
1243 static void smp_notify_keys(struct l2cap_conn *conn)
1245 struct smp_chan *smp = conn->smp_chan;
1246 struct hci_conn *hcon = conn->hcon;
1247 struct hci_dev *hdev = hcon->hdev;
1248 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1249 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1252 if (smp->remote_irk) {
1253 mgmt_new_irk(hdev, smp->remote_irk);
1254 /* Now that user space can be considered to know the
1255 * identity address track the connection based on it
1258 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1259 hcon->dst_type = smp->remote_irk->addr_type;
1260 l2cap_conn_update_id_addr(hcon);
1263 /* The LTKs and CSRKs should be persistent only if both sides
1264 * had the bonding bit set in their authentication requests.
1266 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1269 smp->csrk->bdaddr_type = hcon->dst_type;
1270 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1271 mgmt_new_csrk(hdev, smp->csrk, persistent);
1274 if (smp->slave_csrk) {
1275 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1276 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1277 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1281 smp->ltk->bdaddr_type = hcon->dst_type;
1282 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1283 mgmt_new_ltk(hdev, smp->ltk, persistent);
1286 if (smp->slave_ltk) {
1287 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1288 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1289 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1293 int smp_distribute_keys(struct l2cap_conn *conn)
1295 struct smp_cmd_pairing *req, *rsp;
1296 struct smp_chan *smp = conn->smp_chan;
1297 struct hci_conn *hcon = conn->hcon;
1298 struct hci_dev *hdev = hcon->hdev;
1301 BT_DBG("conn %p", conn);
1303 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1306 rsp = (void *) &smp->prsp[1];
1308 /* The responder sends its keys first */
1309 if (hcon->out && (smp->remote_key_dist & 0x07))
1312 req = (void *) &smp->preq[1];
1315 keydist = &rsp->init_key_dist;
1316 *keydist &= req->init_key_dist;
1318 keydist = &rsp->resp_key_dist;
1319 *keydist &= req->resp_key_dist;
1322 BT_DBG("keydist 0x%x", *keydist);
1324 if (*keydist & SMP_DIST_ENC_KEY) {
1325 struct smp_cmd_encrypt_info enc;
1326 struct smp_cmd_master_ident ident;
1327 struct smp_ltk *ltk;
1332 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1333 get_random_bytes(&ediv, sizeof(ediv));
1334 get_random_bytes(&rand, sizeof(rand));
1336 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1338 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1339 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1340 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1341 smp->enc_key_size, ediv, rand);
1342 smp->slave_ltk = ltk;
1347 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1349 *keydist &= ~SMP_DIST_ENC_KEY;
1352 if (*keydist & SMP_DIST_ID_KEY) {
1353 struct smp_cmd_ident_addr_info addrinfo;
1354 struct smp_cmd_ident_info idinfo;
1356 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1358 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1360 /* The hci_conn contains the local identity address
1361 * after the connection has been established.
1363 * This is true even when the connection has been
1364 * established using a resolvable random address.
1366 bacpy(&addrinfo.bdaddr, &hcon->src);
1367 addrinfo.addr_type = hcon->src_type;
1369 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1372 *keydist &= ~SMP_DIST_ID_KEY;
1375 if (*keydist & SMP_DIST_SIGN) {
1376 struct smp_cmd_sign_info sign;
1377 struct smp_csrk *csrk;
1379 /* Generate a new random key */
1380 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1382 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1384 csrk->master = 0x00;
1385 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1387 smp->slave_csrk = csrk;
1389 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1391 *keydist &= ~SMP_DIST_SIGN;
1394 /* If there are still keys to be received wait for them */
1395 if ((smp->remote_key_dist & 0x07))
1398 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1399 cancel_delayed_work_sync(&conn->security_timer);
1400 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1401 smp_notify_keys(conn);
1403 smp_chan_destroy(conn);
projects / firefly-linux-kernel-4.4.55.git / blob