2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
29 #include <crypto/b128ops.h>
31 #define SMP_TIMEOUT 30000 /* 30 seconds */
33 static inline void swap128(u8 src[16], u8 dst[16])
36 for (i = 0; i < 16; i++)
40 static inline void swap56(u8 src[7], u8 dst[7])
43 for (i = 0; i < 7; i++)
47 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
49 struct blkcipher_desc desc;
50 struct scatterlist sg;
52 unsigned char iv[128];
55 BT_ERR("tfm %p", tfm);
62 err = crypto_blkcipher_setkey(tfm, k, 16);
64 BT_ERR("cipher setkey failed: %d", err);
68 sg_init_one(&sg, r, 16);
70 iv_len = crypto_blkcipher_ivsize(tfm);
72 memset(&iv, 0xff, iv_len);
73 crypto_blkcipher_set_iv(tfm, iv, iv_len);
76 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
78 BT_ERR("Encrypt data error %d", err);
83 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
84 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
85 u8 _rat, bdaddr_t *ra, u8 res[16])
92 /* p1 = pres || preq || _rat || _iat */
100 /* p2 = padding || ia || ra */
101 baswap((bdaddr_t *) (p2 + 4), ia);
102 baswap((bdaddr_t *) (p2 + 10), ra);
105 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
107 /* res = e(k, res) */
108 err = smp_e(tfm, k, res);
110 BT_ERR("Encrypt data error");
114 /* res = res XOR p2 */
115 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
117 /* res = e(k, res) */
118 err = smp_e(tfm, k, res);
120 BT_ERR("Encrypt data error");
125 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
126 u8 r1[16], u8 r2[16], u8 _r[16])
130 /* Just least significant octets from r1 and r2 are considered */
131 memcpy(_r, r1 + 8, 8);
132 memcpy(_r + 8, r2 + 8, 8);
134 err = smp_e(tfm, k, _r);
136 BT_ERR("Encrypt data error");
141 static int smp_rand(u8 *buf)
143 get_random_bytes(buf, 16);
148 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
149 u16 dlen, void *data)
152 struct l2cap_hdr *lh;
155 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
160 skb = bt_skb_alloc(len, GFP_ATOMIC);
164 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
165 lh->len = cpu_to_le16(sizeof(code) + dlen);
166 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
168 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
170 memcpy(skb_put(skb, dlen), data, dlen);
175 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
177 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
179 BT_DBG("code 0x%2.2x", code);
184 hci_send_acl(conn->hcon, skb, 0);
187 static __u8 seclevel_to_authreq(__u8 level)
190 case BT_SECURITY_HIGH:
191 /* Right now we don't support bonding */
192 return SMP_AUTH_MITM;
195 return SMP_AUTH_NONE;
199 static void build_pairing_cmd(struct l2cap_conn *conn,
200 struct smp_cmd_pairing *cmd, __u8 authreq)
202 cmd->io_capability = conn->hcon->io_capability;
203 cmd->oob_flag = SMP_OOB_NOT_PRESENT;
204 cmd->max_key_size = SMP_MAX_ENC_KEY_SIZE;
205 cmd->init_key_dist = 0x00;
206 cmd->resp_key_dist = 0x00;
207 cmd->auth_req = authreq;
210 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
212 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
213 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
214 return SMP_ENC_KEY_SIZE;
216 conn->smp_key_size = max_key_size;
221 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
223 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
226 BT_DBG("conn %p", conn);
228 conn->preq[0] = SMP_CMD_PAIRING_REQ;
229 memcpy(&conn->preq[1], req, sizeof(*req));
230 skb_pull(skb, sizeof(*req));
233 return SMP_OOB_NOT_AVAIL;
235 /* We didn't start the pairing, so no requirements */
236 build_pairing_cmd(conn, &rsp, SMP_AUTH_NONE);
238 key_size = min(req->max_key_size, rsp.max_key_size);
239 if (check_enc_key_size(conn, key_size))
240 return SMP_ENC_KEY_SIZE;
243 memset(conn->tk, 0, sizeof(conn->tk));
245 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
246 memcpy(&conn->prsp[1], &rsp, sizeof(rsp));
248 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
250 mod_timer(&conn->security_timer, jiffies +
251 msecs_to_jiffies(SMP_TIMEOUT));
256 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
258 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
259 struct smp_cmd_pairing_confirm cp;
260 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
262 u8 res[16], key_size;
264 BT_DBG("conn %p", conn);
266 skb_pull(skb, sizeof(*rsp));
268 req = (void *) &conn->preq[1];
270 key_size = min(req->max_key_size, rsp->max_key_size);
271 if (check_enc_key_size(conn, key_size))
272 return SMP_ENC_KEY_SIZE;
275 return SMP_OOB_NOT_AVAIL;
278 memset(conn->tk, 0, sizeof(conn->tk));
280 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
281 memcpy(&conn->prsp[1], rsp, sizeof(*rsp));
283 ret = smp_rand(conn->prnd);
285 return SMP_UNSPECIFIED;
287 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0,
288 conn->src, conn->hcon->dst_type, conn->dst, res);
290 return SMP_UNSPECIFIED;
292 swap128(res, cp.confirm_val);
294 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
299 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
301 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
303 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
305 memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf));
306 skb_pull(skb, sizeof(conn->pcnf));
308 if (conn->hcon->out) {
311 swap128(conn->prnd, random);
312 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
315 struct smp_cmd_pairing_confirm cp;
319 ret = smp_rand(conn->prnd);
321 return SMP_UNSPECIFIED;
323 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp,
324 conn->hcon->dst_type, conn->dst,
327 return SMP_CONFIRM_FAILED;
329 swap128(res, cp.confirm_val);
331 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
334 mod_timer(&conn->security_timer, jiffies +
335 msecs_to_jiffies(SMP_TIMEOUT));
340 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
342 struct hci_conn *hcon = conn->hcon;
343 struct crypto_blkcipher *tfm = hcon->hdev->tfm;
345 u8 key[16], res[16], random[16], confirm[16];
347 swap128(skb->data, random);
348 skb_pull(skb, sizeof(random));
350 memset(hcon->ltk, 0, sizeof(hcon->ltk));
353 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0,
354 conn->src, conn->hcon->dst_type, conn->dst,
357 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp,
358 conn->hcon->dst_type, conn->dst, 0, conn->src,
361 return SMP_UNSPECIFIED;
363 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
365 swap128(res, confirm);
367 if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) {
368 BT_ERR("Pairing failed (confirmation values mismatch)");
369 return SMP_CONFIRM_FAILED;
372 if (conn->hcon->out) {
376 smp_s1(tfm, conn->tk, random, conn->prnd, key);
377 swap128(key, hcon->ltk);
379 memset(hcon->ltk + conn->smp_key_size, 0,
380 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
382 memset(rand, 0, sizeof(rand));
384 hci_le_start_enc(hcon, ediv, rand, hcon->ltk);
388 swap128(conn->prnd, r);
389 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
391 smp_s1(tfm, conn->tk, conn->prnd, random, key);
392 swap128(key, hcon->ltk);
394 memset(hcon->ltk + conn->smp_key_size, 0,
395 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
401 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
403 struct smp_cmd_security_req *rp = (void *) skb->data;
404 struct smp_cmd_pairing cp;
405 struct hci_conn *hcon = conn->hcon;
407 BT_DBG("conn %p", conn);
409 if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
412 skb_pull(skb, sizeof(*rp));
414 memset(&cp, 0, sizeof(cp));
415 build_pairing_cmd(conn, &cp, rp->auth_req);
417 conn->preq[0] = SMP_CMD_PAIRING_REQ;
418 memcpy(&conn->preq[1], &cp, sizeof(cp));
420 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
422 mod_timer(&conn->security_timer, jiffies +
423 msecs_to_jiffies(SMP_TIMEOUT));
425 set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
430 int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
432 struct hci_conn *hcon = conn->hcon;
435 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
437 if (IS_ERR(hcon->hdev->tfm))
440 if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
443 if (sec_level == BT_SECURITY_LOW)
446 if (hcon->sec_level >= sec_level)
449 authreq = seclevel_to_authreq(sec_level);
451 if (hcon->link_mode & HCI_LM_MASTER) {
452 struct smp_cmd_pairing cp;
454 build_pairing_cmd(conn, &cp, authreq);
455 conn->preq[0] = SMP_CMD_PAIRING_REQ;
456 memcpy(&conn->preq[1], &cp, sizeof(cp));
458 mod_timer(&conn->security_timer, jiffies +
459 msecs_to_jiffies(SMP_TIMEOUT));
461 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
463 struct smp_cmd_security_req cp;
464 cp.auth_req = authreq;
465 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
468 hcon->pending_sec_level = sec_level;
469 set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
474 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
476 __u8 code = skb->data[0];
480 if (IS_ERR(conn->hcon->hdev->tfm)) {
481 err = PTR_ERR(conn->hcon->hdev->tfm);
482 reason = SMP_PAIRING_NOTSUPP;
486 skb_pull(skb, sizeof(code));
489 case SMP_CMD_PAIRING_REQ:
490 reason = smp_cmd_pairing_req(conn, skb);
493 case SMP_CMD_PAIRING_FAIL:
498 case SMP_CMD_PAIRING_RSP:
499 reason = smp_cmd_pairing_rsp(conn, skb);
502 case SMP_CMD_SECURITY_REQ:
503 reason = smp_cmd_security_req(conn, skb);
506 case SMP_CMD_PAIRING_CONFIRM:
507 reason = smp_cmd_pairing_confirm(conn, skb);
510 case SMP_CMD_PAIRING_RANDOM:
511 reason = smp_cmd_pairing_random(conn, skb);
514 case SMP_CMD_ENCRYPT_INFO:
515 case SMP_CMD_MASTER_IDENT:
516 case SMP_CMD_IDENT_INFO:
517 case SMP_CMD_IDENT_ADDR_INFO:
518 case SMP_CMD_SIGN_INFO:
520 BT_DBG("Unknown command code 0x%2.2x", code);
522 reason = SMP_CMD_NOTSUPP;
529 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),