2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(const u8 src[16], u8 dst[16])
41 for (i = 0; i < 16; i++)
45 static inline void swap56(const u8 src[7], u8 dst[7])
48 for (i = 0; i < 7; i++)
52 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
54 struct blkcipher_desc desc;
55 struct scatterlist sg;
56 uint8_t tmp[16], data[16];
60 BT_ERR("tfm %p", tfm);
67 /* The most significant octet of key corresponds to k[0] */
70 err = crypto_blkcipher_setkey(tfm, tmp, 16);
72 BT_ERR("cipher setkey failed: %d", err);
76 /* Most significant octet of plaintextData corresponds to data[0] */
79 sg_init_one(&sg, data, 16);
81 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
83 BT_ERR("Encrypt data error %d", err);
85 /* Most significant octet of encryptedData corresponds to data[0] */
91 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
96 /* r' = padding || r */
98 memset(_res + 3, 0, 13);
100 err = smp_e(tfm, irk, _res);
102 BT_ERR("Encrypt error");
106 /* The output of the random address function ah is:
107 * ah(h, r) = e(k, r') mod 2^24
108 * The output of the security function e is then truncated to 24 bits
109 * by taking the least significant 24 bits of the output of e as the
112 memcpy(res, _res, 3);
117 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
123 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
125 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
129 return !memcmp(bdaddr->b, hash, 3);
132 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
136 get_random_bytes(&rpa->b[3], 3);
138 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
139 rpa->b[5] |= 0x40; /* Set second most significant bit */
141 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
145 BT_DBG("RPA %pMR", rpa);
150 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
151 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
152 u8 _rat, bdaddr_t *ra, u8 res[16])
159 /* p1 = pres || preq || _rat || _iat */
162 memcpy(p1 + 2, preq, 7);
163 memcpy(p1 + 9, pres, 7);
165 /* p2 = padding || ia || ra */
167 memcpy(p2 + 6, ia, 6);
168 memset(p2 + 12, 0, 4);
171 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
173 /* res = e(k, res) */
174 err = smp_e(tfm, k, res);
176 BT_ERR("Encrypt data error");
180 /* res = res XOR p2 */
181 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
183 /* res = e(k, res) */
184 err = smp_e(tfm, k, res);
186 BT_ERR("Encrypt data error");
191 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
192 u8 r2[16], u8 _r[16])
196 /* Just least significant octets from r1 and r2 are considered */
198 memcpy(_r + 8, r1, 8);
200 err = smp_e(tfm, k, _r);
202 BT_ERR("Encrypt data error");
207 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
208 u16 dlen, void *data)
211 struct l2cap_hdr *lh;
214 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
219 skb = bt_skb_alloc(len, GFP_ATOMIC);
223 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
224 lh->len = cpu_to_le16(sizeof(code) + dlen);
225 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
227 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
229 memcpy(skb_put(skb, dlen), data, dlen);
234 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
236 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
238 BT_DBG("code 0x%2.2x", code);
243 skb->priority = HCI_PRIO_MAX;
244 hci_send_acl(conn->hchan, skb, 0);
246 cancel_delayed_work_sync(&conn->security_timer);
247 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
250 static __u8 authreq_to_seclevel(__u8 authreq)
252 if (authreq & SMP_AUTH_MITM)
253 return BT_SECURITY_HIGH;
255 return BT_SECURITY_MEDIUM;
258 static __u8 seclevel_to_authreq(__u8 sec_level)
261 case BT_SECURITY_HIGH:
262 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
263 case BT_SECURITY_MEDIUM:
264 return SMP_AUTH_BONDING;
266 return SMP_AUTH_NONE;
270 static void build_pairing_cmd(struct l2cap_conn *conn,
271 struct smp_cmd_pairing *req,
272 struct smp_cmd_pairing *rsp, __u8 authreq)
274 struct smp_chan *smp = conn->smp_chan;
275 struct hci_conn *hcon = conn->hcon;
276 struct hci_dev *hdev = hcon->hdev;
277 u8 local_dist = 0, remote_dist = 0;
279 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
280 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
281 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
282 authreq |= SMP_AUTH_BONDING;
284 authreq &= ~SMP_AUTH_BONDING;
287 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
288 remote_dist |= SMP_DIST_ID_KEY;
290 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
291 local_dist |= SMP_DIST_ID_KEY;
294 req->io_capability = conn->hcon->io_capability;
295 req->oob_flag = SMP_OOB_NOT_PRESENT;
296 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
297 req->init_key_dist = local_dist;
298 req->resp_key_dist = remote_dist;
299 req->auth_req = (authreq & AUTH_REQ_MASK);
301 smp->remote_key_dist = remote_dist;
305 rsp->io_capability = conn->hcon->io_capability;
306 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
307 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
308 rsp->init_key_dist = req->init_key_dist & remote_dist;
309 rsp->resp_key_dist = req->resp_key_dist & local_dist;
310 rsp->auth_req = (authreq & AUTH_REQ_MASK);
312 smp->remote_key_dist = rsp->init_key_dist;
315 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
317 struct smp_chan *smp = conn->smp_chan;
319 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
320 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
321 return SMP_ENC_KEY_SIZE;
323 smp->enc_key_size = max_key_size;
328 static void smp_failure(struct l2cap_conn *conn, u8 reason)
330 struct hci_conn *hcon = conn->hcon;
333 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
336 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
337 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
338 HCI_ERROR_AUTH_FAILURE);
340 cancel_delayed_work_sync(&conn->security_timer);
342 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
343 smp_chan_destroy(conn);
346 #define JUST_WORKS 0x00
347 #define JUST_CFM 0x01
348 #define REQ_PASSKEY 0x02
349 #define CFM_PASSKEY 0x03
353 static const u8 gen_method[5][5] = {
354 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
355 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
356 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
357 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
358 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
361 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
362 u8 local_io, u8 remote_io)
364 struct hci_conn *hcon = conn->hcon;
365 struct smp_chan *smp = conn->smp_chan;
370 /* Initialize key for JUST WORKS */
371 memset(smp->tk, 0, sizeof(smp->tk));
372 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
374 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
376 /* If neither side wants MITM, use JUST WORKS */
377 /* If either side has unknown io_caps, use JUST WORKS */
378 /* Otherwise, look up method from the table */
379 if (!(auth & SMP_AUTH_MITM) ||
380 local_io > SMP_IO_KEYBOARD_DISPLAY ||
381 remote_io > SMP_IO_KEYBOARD_DISPLAY)
384 method = gen_method[remote_io][local_io];
386 /* If not bonding, don't ask user to confirm a Zero TK */
387 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
390 /* If Just Works, Continue with Zero TK */
391 if (method == JUST_WORKS) {
392 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
396 /* Not Just Works/Confirm results in MITM Authentication */
397 if (method != JUST_CFM)
398 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
400 /* If both devices have Keyoard-Display I/O, the master
401 * Confirms and the slave Enters the passkey.
403 if (method == OVERLAP) {
404 if (hcon->link_mode & HCI_LM_MASTER)
405 method = CFM_PASSKEY;
407 method = REQ_PASSKEY;
410 /* Generate random passkey. */
411 if (method == CFM_PASSKEY) {
412 memset(smp->tk, 0, sizeof(smp->tk));
413 get_random_bytes(&passkey, sizeof(passkey));
415 put_unaligned_le32(passkey, smp->tk);
416 BT_DBG("PassKey: %d", passkey);
417 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
420 hci_dev_lock(hcon->hdev);
422 if (method == REQ_PASSKEY)
423 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
424 hcon->type, hcon->dst_type);
425 else if (method == JUST_CFM)
426 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
427 hcon->type, hcon->dst_type,
430 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
431 hcon->type, hcon->dst_type,
434 hci_dev_unlock(hcon->hdev);
439 static void confirm_work(struct work_struct *work)
441 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
442 struct l2cap_conn *conn = smp->conn;
443 struct hci_dev *hdev = conn->hcon->hdev;
444 struct crypto_blkcipher *tfm = hdev->tfm_aes;
445 struct smp_cmd_pairing_confirm cp;
449 BT_DBG("conn %p", conn);
451 /* Prevent mutual access to hdev->tfm_aes */
454 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
455 conn->hcon->init_addr_type, &conn->hcon->init_addr,
456 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
459 hci_dev_unlock(hdev);
462 reason = SMP_UNSPECIFIED;
466 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
468 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
473 smp_failure(conn, reason);
476 static void random_work(struct work_struct *work)
478 struct smp_chan *smp = container_of(work, struct smp_chan, random);
479 struct l2cap_conn *conn = smp->conn;
480 struct hci_conn *hcon = conn->hcon;
481 struct hci_dev *hdev = hcon->hdev;
482 struct crypto_blkcipher *tfm = hdev->tfm_aes;
483 u8 reason, confirm[16];
486 if (IS_ERR_OR_NULL(tfm)) {
487 reason = SMP_UNSPECIFIED;
491 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
493 /* Prevent mutual access to hdev->tfm_aes */
496 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
497 hcon->init_addr_type, &hcon->init_addr,
498 hcon->resp_addr_type, &hcon->resp_addr, confirm);
500 hci_dev_unlock(hdev);
503 reason = SMP_UNSPECIFIED;
507 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
508 BT_ERR("Pairing failed (confirmation values mismatch)");
509 reason = SMP_CONFIRM_FAILED;
518 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
520 memset(stk + smp->enc_key_size, 0,
521 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
523 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
524 reason = SMP_UNSPECIFIED;
528 hci_le_start_enc(hcon, ediv, rand, stk);
529 hcon->enc_key_size = smp->enc_key_size;
535 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
538 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
540 memset(stk + smp->enc_key_size, 0,
541 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
543 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
544 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
551 smp_failure(conn, reason);
554 static void smp_reencrypt(struct work_struct *work)
556 struct smp_chan *smp = container_of(work, struct smp_chan,
558 struct l2cap_conn *conn = smp->conn;
559 struct hci_conn *hcon = conn->hcon;
560 struct smp_ltk *ltk = smp->ltk;
564 hci_le_start_enc(hcon, ltk->ediv, ltk->rand, ltk->val);
565 hcon->enc_key_size = ltk->enc_size;
568 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
570 struct smp_chan *smp;
572 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
576 INIT_WORK(&smp->confirm, confirm_work);
577 INIT_WORK(&smp->random, random_work);
578 INIT_DELAYED_WORK(&smp->reencrypt, smp_reencrypt);
581 conn->smp_chan = smp;
582 conn->hcon->smp_conn = conn;
584 hci_conn_hold(conn->hcon);
589 void smp_chan_destroy(struct l2cap_conn *conn)
591 struct smp_chan *smp = conn->smp_chan;
596 cancel_delayed_work_sync(&smp->reencrypt);
598 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
599 mgmt_smp_complete(conn->hcon, complete);
602 kfree(smp->slave_csrk);
604 /* If pairing failed clean up any keys we might have */
607 list_del(&smp->ltk->list);
611 if (smp->slave_ltk) {
612 list_del(&smp->slave_ltk->list);
613 kfree(smp->slave_ltk);
616 if (smp->remote_irk) {
617 list_del(&smp->remote_irk->list);
618 kfree(smp->remote_irk);
623 conn->smp_chan = NULL;
624 conn->hcon->smp_conn = NULL;
625 hci_conn_drop(conn->hcon);
628 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
630 struct l2cap_conn *conn = hcon->smp_conn;
631 struct smp_chan *smp;
639 smp = conn->smp_chan;
642 case MGMT_OP_USER_PASSKEY_REPLY:
643 value = le32_to_cpu(passkey);
644 memset(smp->tk, 0, sizeof(smp->tk));
645 BT_DBG("PassKey: %d", value);
646 put_unaligned_le32(value, smp->tk);
648 case MGMT_OP_USER_CONFIRM_REPLY:
649 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
651 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
652 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
653 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
656 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
660 /* If it is our turn to send Pairing Confirm, do so now */
661 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
662 queue_work(hcon->hdev->workqueue, &smp->confirm);
667 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
669 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
670 struct smp_chan *smp;
672 u8 auth = SMP_AUTH_NONE;
675 BT_DBG("conn %p", conn);
677 if (skb->len < sizeof(*req))
678 return SMP_UNSPECIFIED;
680 if (conn->hcon->link_mode & HCI_LM_MASTER)
681 return SMP_CMD_NOTSUPP;
683 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
684 smp = smp_chan_create(conn);
686 smp = conn->smp_chan;
689 return SMP_UNSPECIFIED;
691 smp->preq[0] = SMP_CMD_PAIRING_REQ;
692 memcpy(&smp->preq[1], req, sizeof(*req));
693 skb_pull(skb, sizeof(*req));
695 /* We didn't start the pairing, so match remote */
696 if (req->auth_req & SMP_AUTH_BONDING)
697 auth = req->auth_req;
699 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
701 build_pairing_cmd(conn, req, &rsp, auth);
703 key_size = min(req->max_key_size, rsp.max_key_size);
704 if (check_enc_key_size(conn, key_size))
705 return SMP_ENC_KEY_SIZE;
707 get_random_bytes(smp->prnd, sizeof(smp->prnd));
709 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
710 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
712 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
714 /* Request setup of TK */
715 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
717 return SMP_UNSPECIFIED;
719 clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
724 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
726 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
727 struct smp_chan *smp = conn->smp_chan;
728 struct hci_dev *hdev = conn->hcon->hdev;
729 u8 key_size, auth = SMP_AUTH_NONE;
732 BT_DBG("conn %p", conn);
734 if (skb->len < sizeof(*rsp))
735 return SMP_UNSPECIFIED;
737 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
738 return SMP_CMD_NOTSUPP;
740 skb_pull(skb, sizeof(*rsp));
742 req = (void *) &smp->preq[1];
744 key_size = min(req->max_key_size, rsp->max_key_size);
745 if (check_enc_key_size(conn, key_size))
746 return SMP_ENC_KEY_SIZE;
748 get_random_bytes(smp->prnd, sizeof(smp->prnd));
750 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
751 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
753 /* Update remote key distribution in case the remote cleared
754 * some bits that we had enabled in our request.
756 smp->remote_key_dist &= rsp->resp_key_dist;
758 if ((req->auth_req & SMP_AUTH_BONDING) &&
759 (rsp->auth_req & SMP_AUTH_BONDING))
760 auth = SMP_AUTH_BONDING;
762 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
764 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
766 return SMP_UNSPECIFIED;
768 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
770 /* Can't compose response until we have been confirmed */
771 if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
772 queue_work(hdev->workqueue, &smp->confirm);
777 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
779 struct smp_chan *smp = conn->smp_chan;
780 struct hci_dev *hdev = conn->hcon->hdev;
782 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
784 if (skb->len < sizeof(smp->pcnf))
785 return SMP_UNSPECIFIED;
787 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
788 skb_pull(skb, sizeof(smp->pcnf));
791 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
793 else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
794 queue_work(hdev->workqueue, &smp->confirm);
796 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
801 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
803 struct smp_chan *smp = conn->smp_chan;
804 struct hci_dev *hdev = conn->hcon->hdev;
806 BT_DBG("conn %p", conn);
808 if (skb->len < sizeof(smp->rrnd))
809 return SMP_UNSPECIFIED;
811 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
812 skb_pull(skb, sizeof(smp->rrnd));
814 queue_work(hdev->workqueue, &smp->random);
819 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
822 struct hci_conn *hcon = conn->hcon;
824 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
829 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
832 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
835 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
836 hcon->enc_key_size = key->enc_size;
841 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
843 struct smp_cmd_security_req *rp = (void *) skb->data;
844 struct smp_cmd_pairing cp;
845 struct hci_conn *hcon = conn->hcon;
846 struct smp_chan *smp;
848 BT_DBG("conn %p", conn);
850 if (skb->len < sizeof(*rp))
851 return SMP_UNSPECIFIED;
853 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
854 return SMP_CMD_NOTSUPP;
856 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
858 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
861 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
864 smp = smp_chan_create(conn);
866 skb_pull(skb, sizeof(*rp));
868 memset(&cp, 0, sizeof(cp));
869 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
871 smp->preq[0] = SMP_CMD_PAIRING_REQ;
872 memcpy(&smp->preq[1], &cp, sizeof(cp));
874 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
876 clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
881 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
883 if (sec_level == BT_SECURITY_LOW)
886 if (hcon->sec_level >= sec_level)
892 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
894 struct l2cap_conn *conn = hcon->l2cap_data;
895 struct smp_chan *smp;
898 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
900 /* This may be NULL if there's an unexpected disconnection */
904 smp = conn->smp_chan;
906 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
909 if (smp_sufficient_security(hcon, sec_level))
912 if (hcon->link_mode & HCI_LM_MASTER)
913 if (smp_ltk_encrypt(conn, sec_level))
916 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
919 smp = smp_chan_create(conn);
923 authreq = seclevel_to_authreq(sec_level);
925 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
926 * flag is set we should also set it for the SMP request.
928 if ((hcon->auth_type & 0x01))
929 authreq |= SMP_AUTH_MITM;
931 if (hcon->link_mode & HCI_LM_MASTER) {
932 struct smp_cmd_pairing cp;
934 build_pairing_cmd(conn, &cp, NULL, authreq);
935 smp->preq[0] = SMP_CMD_PAIRING_REQ;
936 memcpy(&smp->preq[1], &cp, sizeof(cp));
938 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
940 struct smp_cmd_security_req cp;
941 cp.auth_req = authreq;
942 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
946 set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
948 hcon->pending_sec_level = sec_level;
953 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
955 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
956 struct smp_chan *smp = conn->smp_chan;
958 BT_DBG("conn %p", conn);
960 if (skb->len < sizeof(*rp))
961 return SMP_UNSPECIFIED;
963 /* Ignore this PDU if it wasn't requested */
964 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
967 skb_pull(skb, sizeof(*rp));
969 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
974 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
976 struct smp_cmd_master_ident *rp = (void *) skb->data;
977 struct smp_chan *smp = conn->smp_chan;
978 struct hci_dev *hdev = conn->hcon->hdev;
979 struct hci_conn *hcon = conn->hcon;
983 BT_DBG("conn %p", conn);
985 if (skb->len < sizeof(*rp))
986 return SMP_UNSPECIFIED;
988 /* Ignore this PDU if it wasn't requested */
989 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
992 /* Mark the information as received */
993 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
995 skb_pull(skb, sizeof(*rp));
998 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
999 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
1000 authenticated, smp->tk, smp->enc_key_size,
1001 rp->ediv, rp->rand);
1003 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1004 smp_distribute_keys(conn);
1005 hci_dev_unlock(hdev);
1010 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1012 struct smp_cmd_ident_info *info = (void *) skb->data;
1013 struct smp_chan *smp = conn->smp_chan;
1017 if (skb->len < sizeof(*info))
1018 return SMP_UNSPECIFIED;
1020 /* Ignore this PDU if it wasn't requested */
1021 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1024 skb_pull(skb, sizeof(*info));
1026 memcpy(smp->irk, info->irk, 16);
1031 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1032 struct sk_buff *skb)
1034 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1035 struct smp_chan *smp = conn->smp_chan;
1036 struct hci_conn *hcon = conn->hcon;
1041 if (skb->len < sizeof(*info))
1042 return SMP_UNSPECIFIED;
1044 /* Ignore this PDU if it wasn't requested */
1045 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1048 /* Mark the information as received */
1049 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1051 skb_pull(skb, sizeof(*info));
1053 /* Strictly speaking the Core Specification (4.1) allows sending
1054 * an empty address which would force us to rely on just the IRK
1055 * as "identity information". However, since such
1056 * implementations are not known of and in order to not over
1057 * complicate our implementation, simply pretend that we never
1058 * received an IRK for such a device.
1060 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1061 BT_ERR("Ignoring IRK with no identity address");
1062 smp_distribute_keys(conn);
1066 bacpy(&smp->id_addr, &info->bdaddr);
1067 smp->id_addr_type = info->addr_type;
1069 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1070 bacpy(&rpa, &hcon->dst);
1072 bacpy(&rpa, BDADDR_ANY);
1074 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1075 smp->id_addr_type, smp->irk, &rpa);
1077 smp_distribute_keys(conn);
1082 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1084 struct smp_cmd_sign_info *rp = (void *) skb->data;
1085 struct smp_chan *smp = conn->smp_chan;
1086 struct hci_dev *hdev = conn->hcon->hdev;
1087 struct smp_csrk *csrk;
1089 BT_DBG("conn %p", conn);
1091 if (skb->len < sizeof(*rp))
1092 return SMP_UNSPECIFIED;
1094 /* Ignore this PDU if it wasn't requested */
1095 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1098 /* Mark the information as received */
1099 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1101 skb_pull(skb, sizeof(*rp));
1104 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1106 csrk->master = 0x01;
1107 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1110 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1111 smp_distribute_keys(conn);
1112 hci_dev_unlock(hdev);
1117 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1119 struct hci_conn *hcon = conn->hcon;
1123 if (hcon->type != LE_LINK) {
1133 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1135 reason = SMP_PAIRING_NOTSUPP;
1139 code = skb->data[0];
1140 skb_pull(skb, sizeof(code));
1143 * The SMP context must be initialized for all other PDUs except
1144 * pairing and security requests. If we get any other PDU when
1145 * not initialized simply disconnect (done if this function
1146 * returns an error).
1148 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1150 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1156 case SMP_CMD_PAIRING_REQ:
1157 reason = smp_cmd_pairing_req(conn, skb);
1160 case SMP_CMD_PAIRING_FAIL:
1161 smp_failure(conn, 0);
1166 case SMP_CMD_PAIRING_RSP:
1167 reason = smp_cmd_pairing_rsp(conn, skb);
1170 case SMP_CMD_SECURITY_REQ:
1171 reason = smp_cmd_security_req(conn, skb);
1174 case SMP_CMD_PAIRING_CONFIRM:
1175 reason = smp_cmd_pairing_confirm(conn, skb);
1178 case SMP_CMD_PAIRING_RANDOM:
1179 reason = smp_cmd_pairing_random(conn, skb);
1182 case SMP_CMD_ENCRYPT_INFO:
1183 reason = smp_cmd_encrypt_info(conn, skb);
1186 case SMP_CMD_MASTER_IDENT:
1187 reason = smp_cmd_master_ident(conn, skb);
1190 case SMP_CMD_IDENT_INFO:
1191 reason = smp_cmd_ident_info(conn, skb);
1194 case SMP_CMD_IDENT_ADDR_INFO:
1195 reason = smp_cmd_ident_addr_info(conn, skb);
1198 case SMP_CMD_SIGN_INFO:
1199 reason = smp_cmd_sign_info(conn, skb);
1203 BT_DBG("Unknown command code 0x%2.2x", code);
1205 reason = SMP_CMD_NOTSUPP;
1212 smp_failure(conn, reason);
1218 static void smp_notify_keys(struct l2cap_conn *conn)
1220 struct smp_chan *smp = conn->smp_chan;
1221 struct hci_conn *hcon = conn->hcon;
1222 struct hci_dev *hdev = hcon->hdev;
1223 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1224 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1227 if (smp->remote_irk) {
1228 mgmt_new_irk(hdev, smp->remote_irk);
1229 /* Now that user space can be considered to know the
1230 * identity address track the connection based on it
1233 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1234 hcon->dst_type = smp->remote_irk->addr_type;
1235 l2cap_conn_update_id_addr(hcon);
1238 /* The LTKs and CSRKs should be persistent only if both sides
1239 * had the bonding bit set in their authentication requests.
1241 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1244 smp->csrk->bdaddr_type = hcon->dst_type;
1245 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1246 mgmt_new_csrk(hdev, smp->csrk, persistent);
1249 if (smp->slave_csrk) {
1250 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1251 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1252 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1256 smp->ltk->bdaddr_type = hcon->dst_type;
1257 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1258 mgmt_new_ltk(hdev, smp->ltk, persistent);
1261 if (smp->slave_ltk) {
1262 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1263 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1264 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1268 int smp_distribute_keys(struct l2cap_conn *conn)
1270 struct smp_cmd_pairing *req, *rsp;
1271 struct smp_chan *smp = conn->smp_chan;
1272 struct hci_conn *hcon = conn->hcon;
1273 struct hci_dev *hdev = hcon->hdev;
1277 BT_DBG("conn %p", conn);
1279 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1282 rsp = (void *) &smp->prsp[1];
1284 /* The responder sends its keys first */
1285 if (hcon->out && (smp->remote_key_dist & 0x07))
1288 req = (void *) &smp->preq[1];
1291 keydist = &rsp->init_key_dist;
1292 *keydist &= req->init_key_dist;
1294 keydist = &rsp->resp_key_dist;
1295 *keydist &= req->resp_key_dist;
1298 BT_DBG("keydist 0x%x", *keydist);
1300 if (*keydist & SMP_DIST_ENC_KEY) {
1301 struct smp_cmd_encrypt_info enc;
1302 struct smp_cmd_master_ident ident;
1303 struct smp_ltk *ltk;
1308 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1309 get_random_bytes(&ediv, sizeof(ediv));
1310 get_random_bytes(&rand, sizeof(rand));
1312 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1314 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1315 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1316 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1317 smp->enc_key_size, ediv, rand);
1318 smp->slave_ltk = ltk;
1323 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1325 *keydist &= ~SMP_DIST_ENC_KEY;
1328 if (*keydist & SMP_DIST_ID_KEY) {
1329 struct smp_cmd_ident_addr_info addrinfo;
1330 struct smp_cmd_ident_info idinfo;
1332 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1334 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1336 /* The hci_conn contains the local identity address
1337 * after the connection has been established.
1339 * This is true even when the connection has been
1340 * established using a resolvable random address.
1342 bacpy(&addrinfo.bdaddr, &hcon->src);
1343 addrinfo.addr_type = hcon->src_type;
1345 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1348 *keydist &= ~SMP_DIST_ID_KEY;
1351 if (*keydist & SMP_DIST_SIGN) {
1352 struct smp_cmd_sign_info sign;
1353 struct smp_csrk *csrk;
1355 /* Generate a new random key */
1356 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1358 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1360 csrk->master = 0x00;
1361 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1363 smp->slave_csrk = csrk;
1365 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1367 *keydist &= ~SMP_DIST_SIGN;
1370 /* If there are still keys to be received wait for them */
1371 if ((smp->remote_key_dist & 0x07))
1374 /* Check if we should try to re-encrypt the link with the LTK.
1375 * SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've
1376 * already tried this (in which case we shouldn't try again).
1378 * The request will trigger an encryption key refresh event
1379 * which will cause a call to auth_cfm and eventually lead to
1380 * l2cap_core.c calling this smp_distribute_keys function again
1381 * and thereby completing the process.
1384 ltk_encrypt = !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT,
1387 ltk_encrypt = false;
1389 /* Re-encrypt the link with LTK if possible */
1390 if (ltk_encrypt && hcon->out) {
1391 queue_delayed_work(hdev->req_workqueue, &smp->reencrypt,
1392 SMP_REENCRYPT_TIMEOUT);
1394 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1395 cancel_delayed_work_sync(&conn->security_timer);
1396 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1397 smp_notify_keys(conn);
1398 smp_chan_destroy(conn);
projects / firefly-linux-kernel-4.4.55.git / blob