2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(const u8 src[16], u8 dst[16])
41 for (i = 0; i < 16; i++)
45 static inline void swap56(const u8 src[7], u8 dst[7])
48 for (i = 0; i < 7; i++)
52 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
54 struct blkcipher_desc desc;
55 struct scatterlist sg;
59 BT_ERR("tfm %p", tfm);
66 err = crypto_blkcipher_setkey(tfm, k, 16);
68 BT_ERR("cipher setkey failed: %d", err);
72 sg_init_one(&sg, r, 16);
74 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
76 BT_ERR("Encrypt data error %d", err);
81 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
86 /* r' = padding || r */
93 err = smp_e(tfm, k, _res);
95 BT_ERR("Encrypt error");
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
112 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
120 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
124 return !memcmp(bdaddr->b, hash, 3);
127 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
131 get_random_bytes(&rpa->b[3], 3);
133 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
134 rpa->b[5] |= 0x40; /* Set second most significant bit */
136 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
140 BT_DBG("RPA %pMR", rpa);
145 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
146 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
147 u8 _rat, bdaddr_t *ra, u8 res[16])
154 /* p1 = pres || preq || _rat || _iat */
156 swap56(preq, p1 + 7);
162 /* p2 = padding || ia || ra */
163 baswap((bdaddr_t *) (p2 + 4), ia);
164 baswap((bdaddr_t *) (p2 + 10), ra);
167 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
169 /* res = e(k, res) */
170 err = smp_e(tfm, k, res);
172 BT_ERR("Encrypt data error");
176 /* res = res XOR p2 */
177 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
179 /* res = e(k, res) */
180 err = smp_e(tfm, k, res);
182 BT_ERR("Encrypt data error");
187 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
188 u8 r2[16], u8 _r[16])
192 /* Just least significant octets from r1 and r2 are considered */
193 memcpy(_r, r1 + 8, 8);
194 memcpy(_r + 8, r2 + 8, 8);
196 err = smp_e(tfm, k, _r);
198 BT_ERR("Encrypt data error");
203 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
204 u16 dlen, void *data)
207 struct l2cap_hdr *lh;
210 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
215 skb = bt_skb_alloc(len, GFP_ATOMIC);
219 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
220 lh->len = cpu_to_le16(sizeof(code) + dlen);
221 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
223 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
225 memcpy(skb_put(skb, dlen), data, dlen);
230 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
232 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
234 BT_DBG("code 0x%2.2x", code);
239 skb->priority = HCI_PRIO_MAX;
240 hci_send_acl(conn->hchan, skb, 0);
242 cancel_delayed_work_sync(&conn->security_timer);
243 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
246 static __u8 authreq_to_seclevel(__u8 authreq)
248 if (authreq & SMP_AUTH_MITM)
249 return BT_SECURITY_HIGH;
251 return BT_SECURITY_MEDIUM;
254 static __u8 seclevel_to_authreq(__u8 sec_level)
257 case BT_SECURITY_HIGH:
258 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
259 case BT_SECURITY_MEDIUM:
260 return SMP_AUTH_BONDING;
262 return SMP_AUTH_NONE;
266 static void build_pairing_cmd(struct l2cap_conn *conn,
267 struct smp_cmd_pairing *req,
268 struct smp_cmd_pairing *rsp, __u8 authreq)
270 struct smp_chan *smp = conn->smp_chan;
271 struct hci_conn *hcon = conn->hcon;
272 struct hci_dev *hdev = hcon->hdev;
273 u8 local_dist = 0, remote_dist = 0;
275 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
276 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
277 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
278 authreq |= SMP_AUTH_BONDING;
280 authreq &= ~SMP_AUTH_BONDING;
283 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
284 remote_dist |= SMP_DIST_ID_KEY;
286 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
287 local_dist |= SMP_DIST_ID_KEY;
290 req->io_capability = conn->hcon->io_capability;
291 req->oob_flag = SMP_OOB_NOT_PRESENT;
292 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
293 req->init_key_dist = local_dist;
294 req->resp_key_dist = remote_dist;
295 req->auth_req = (authreq & AUTH_REQ_MASK);
297 smp->remote_key_dist = remote_dist;
301 rsp->io_capability = conn->hcon->io_capability;
302 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
303 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
304 rsp->init_key_dist = req->init_key_dist & remote_dist;
305 rsp->resp_key_dist = req->resp_key_dist & local_dist;
306 rsp->auth_req = (authreq & AUTH_REQ_MASK);
308 smp->remote_key_dist = rsp->init_key_dist;
311 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
313 struct smp_chan *smp = conn->smp_chan;
315 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
316 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
317 return SMP_ENC_KEY_SIZE;
319 smp->enc_key_size = max_key_size;
324 static void smp_failure(struct l2cap_conn *conn, u8 reason)
326 struct hci_conn *hcon = conn->hcon;
329 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
332 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
333 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
334 HCI_ERROR_AUTH_FAILURE);
336 cancel_delayed_work_sync(&conn->security_timer);
338 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
339 smp_chan_destroy(conn);
342 #define JUST_WORKS 0x00
343 #define JUST_CFM 0x01
344 #define REQ_PASSKEY 0x02
345 #define CFM_PASSKEY 0x03
349 static const u8 gen_method[5][5] = {
350 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
351 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
352 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
353 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
354 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
357 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
358 u8 local_io, u8 remote_io)
360 struct hci_conn *hcon = conn->hcon;
361 struct smp_chan *smp = conn->smp_chan;
366 /* Initialize key for JUST WORKS */
367 memset(smp->tk, 0, sizeof(smp->tk));
368 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
370 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
372 /* If neither side wants MITM, use JUST WORKS */
373 /* If either side has unknown io_caps, use JUST WORKS */
374 /* Otherwise, look up method from the table */
375 if (!(auth & SMP_AUTH_MITM) ||
376 local_io > SMP_IO_KEYBOARD_DISPLAY ||
377 remote_io > SMP_IO_KEYBOARD_DISPLAY)
380 method = gen_method[remote_io][local_io];
382 /* If not bonding, don't ask user to confirm a Zero TK */
383 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
386 /* If Just Works, Continue with Zero TK */
387 if (method == JUST_WORKS) {
388 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
392 /* Not Just Works/Confirm results in MITM Authentication */
393 if (method != JUST_CFM)
394 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
396 /* If both devices have Keyoard-Display I/O, the master
397 * Confirms and the slave Enters the passkey.
399 if (method == OVERLAP) {
400 if (hcon->link_mode & HCI_LM_MASTER)
401 method = CFM_PASSKEY;
403 method = REQ_PASSKEY;
406 /* Generate random passkey. Not valid until confirmed. */
407 if (method == CFM_PASSKEY) {
410 memset(key, 0, sizeof(key));
411 get_random_bytes(&passkey, sizeof(passkey));
413 put_unaligned_le32(passkey, key);
414 swap128(key, smp->tk);
415 BT_DBG("PassKey: %d", passkey);
418 hci_dev_lock(hcon->hdev);
420 if (method == REQ_PASSKEY)
421 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
422 hcon->type, hcon->dst_type);
424 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
425 hcon->type, hcon->dst_type,
426 cpu_to_le32(passkey), 0);
428 hci_dev_unlock(hcon->hdev);
433 static void confirm_work(struct work_struct *work)
435 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
436 struct l2cap_conn *conn = smp->conn;
437 struct hci_dev *hdev = conn->hcon->hdev;
438 struct crypto_blkcipher *tfm = hdev->tfm_aes;
439 struct smp_cmd_pairing_confirm cp;
443 BT_DBG("conn %p", conn);
445 /* Prevent mutual access to hdev->tfm_aes */
448 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
449 conn->hcon->init_addr_type, &conn->hcon->init_addr,
450 conn->hcon->resp_addr_type, &conn->hcon->resp_addr, res);
452 hci_dev_unlock(hdev);
455 reason = SMP_UNSPECIFIED;
459 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
461 swap128(res, cp.confirm_val);
462 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
467 smp_failure(conn, reason);
470 static void random_work(struct work_struct *work)
472 struct smp_chan *smp = container_of(work, struct smp_chan, random);
473 struct l2cap_conn *conn = smp->conn;
474 struct hci_conn *hcon = conn->hcon;
475 struct hci_dev *hdev = hcon->hdev;
476 struct crypto_blkcipher *tfm = hdev->tfm_aes;
477 u8 reason, confirm[16], res[16], key[16];
480 if (IS_ERR_OR_NULL(tfm)) {
481 reason = SMP_UNSPECIFIED;
485 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
487 /* Prevent mutual access to hdev->tfm_aes */
490 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
491 hcon->init_addr_type, &hcon->init_addr,
492 hcon->resp_addr_type, &hcon->resp_addr, res);
494 hci_dev_unlock(hdev);
497 reason = SMP_UNSPECIFIED;
501 swap128(res, confirm);
503 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
504 BT_ERR("Pairing failed (confirmation values mismatch)");
505 reason = SMP_CONFIRM_FAILED;
514 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
517 memset(stk + smp->enc_key_size, 0,
518 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
520 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
521 reason = SMP_UNSPECIFIED;
525 hci_le_start_enc(hcon, ediv, rand, stk);
526 hcon->enc_key_size = smp->enc_key_size;
532 swap128(smp->prnd, r);
533 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
535 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
538 memset(stk + smp->enc_key_size, 0,
539 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
541 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
542 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
549 smp_failure(conn, reason);
552 static void smp_reencrypt(struct work_struct *work)
554 struct smp_chan *smp = container_of(work, struct smp_chan,
556 struct l2cap_conn *conn = smp->conn;
557 struct hci_conn *hcon = conn->hcon;
558 struct smp_ltk *ltk = smp->ltk;
562 hci_le_start_enc(hcon, ltk->ediv, ltk->rand, ltk->val);
563 hcon->enc_key_size = ltk->enc_size;
566 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
568 struct smp_chan *smp;
570 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
574 INIT_WORK(&smp->confirm, confirm_work);
575 INIT_WORK(&smp->random, random_work);
576 INIT_DELAYED_WORK(&smp->reencrypt, smp_reencrypt);
579 conn->smp_chan = smp;
580 conn->hcon->smp_conn = conn;
582 hci_conn_hold(conn->hcon);
587 void smp_chan_destroy(struct l2cap_conn *conn)
589 struct smp_chan *smp = conn->smp_chan;
594 cancel_delayed_work_sync(&smp->reencrypt);
596 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
597 mgmt_smp_complete(conn->hcon, complete);
600 kfree(smp->slave_csrk);
602 /* If pairing failed clean up any keys we might have */
605 list_del(&smp->ltk->list);
609 if (smp->slave_ltk) {
610 list_del(&smp->slave_ltk->list);
611 kfree(smp->slave_ltk);
614 if (smp->remote_irk) {
615 list_del(&smp->remote_irk->list);
616 kfree(smp->remote_irk);
621 conn->smp_chan = NULL;
622 conn->hcon->smp_conn = NULL;
623 hci_conn_drop(conn->hcon);
626 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
628 struct l2cap_conn *conn = hcon->smp_conn;
629 struct smp_chan *smp;
638 smp = conn->smp_chan;
641 case MGMT_OP_USER_PASSKEY_REPLY:
642 value = le32_to_cpu(passkey);
643 memset(key, 0, sizeof(key));
644 BT_DBG("PassKey: %d", value);
645 put_unaligned_le32(value, key);
646 swap128(key, smp->tk);
648 case MGMT_OP_USER_CONFIRM_REPLY:
649 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
651 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
652 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
653 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
656 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
660 /* If it is our turn to send Pairing Confirm, do so now */
661 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
662 queue_work(hcon->hdev->workqueue, &smp->confirm);
667 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
669 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
670 struct smp_chan *smp;
672 u8 auth = SMP_AUTH_NONE;
675 BT_DBG("conn %p", conn);
677 if (skb->len < sizeof(*req))
678 return SMP_UNSPECIFIED;
680 if (conn->hcon->link_mode & HCI_LM_MASTER)
681 return SMP_CMD_NOTSUPP;
683 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
684 smp = smp_chan_create(conn);
686 smp = conn->smp_chan;
689 return SMP_UNSPECIFIED;
691 smp->preq[0] = SMP_CMD_PAIRING_REQ;
692 memcpy(&smp->preq[1], req, sizeof(*req));
693 skb_pull(skb, sizeof(*req));
695 /* We didn't start the pairing, so match remote */
696 if (req->auth_req & SMP_AUTH_BONDING)
697 auth = req->auth_req;
699 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
701 build_pairing_cmd(conn, req, &rsp, auth);
703 key_size = min(req->max_key_size, rsp.max_key_size);
704 if (check_enc_key_size(conn, key_size))
705 return SMP_ENC_KEY_SIZE;
707 get_random_bytes(smp->prnd, sizeof(smp->prnd));
709 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
710 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
712 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
714 /* Request setup of TK */
715 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
717 return SMP_UNSPECIFIED;
722 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
724 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
725 struct smp_chan *smp = conn->smp_chan;
726 struct hci_dev *hdev = conn->hcon->hdev;
727 u8 key_size, auth = SMP_AUTH_NONE;
730 BT_DBG("conn %p", conn);
732 if (skb->len < sizeof(*rsp))
733 return SMP_UNSPECIFIED;
735 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
736 return SMP_CMD_NOTSUPP;
738 skb_pull(skb, sizeof(*rsp));
740 req = (void *) &smp->preq[1];
742 key_size = min(req->max_key_size, rsp->max_key_size);
743 if (check_enc_key_size(conn, key_size))
744 return SMP_ENC_KEY_SIZE;
746 get_random_bytes(smp->prnd, sizeof(smp->prnd));
748 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
749 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
751 /* Update remote key distribution in case the remote cleared
752 * some bits that we had enabled in our request.
754 smp->remote_key_dist &= rsp->resp_key_dist;
756 if ((req->auth_req & SMP_AUTH_BONDING) &&
757 (rsp->auth_req & SMP_AUTH_BONDING))
758 auth = SMP_AUTH_BONDING;
760 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
762 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
764 return SMP_UNSPECIFIED;
766 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
768 /* Can't compose response until we have been confirmed */
769 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
772 queue_work(hdev->workqueue, &smp->confirm);
777 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
779 struct smp_chan *smp = conn->smp_chan;
780 struct hci_dev *hdev = conn->hcon->hdev;
782 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
784 if (skb->len < sizeof(smp->pcnf))
785 return SMP_UNSPECIFIED;
787 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
788 skb_pull(skb, sizeof(smp->pcnf));
790 if (conn->hcon->out) {
793 swap128(smp->prnd, random);
794 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
796 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
797 queue_work(hdev->workqueue, &smp->confirm);
799 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
805 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
807 struct smp_chan *smp = conn->smp_chan;
808 struct hci_dev *hdev = conn->hcon->hdev;
810 BT_DBG("conn %p", conn);
812 if (skb->len < sizeof(smp->rrnd))
813 return SMP_UNSPECIFIED;
815 swap128(skb->data, smp->rrnd);
816 skb_pull(skb, sizeof(smp->rrnd));
818 queue_work(hdev->workqueue, &smp->random);
823 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
826 struct hci_conn *hcon = conn->hcon;
828 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
833 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
836 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
839 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
840 hcon->enc_key_size = key->enc_size;
845 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
847 struct smp_cmd_security_req *rp = (void *) skb->data;
848 struct smp_cmd_pairing cp;
849 struct hci_conn *hcon = conn->hcon;
850 struct smp_chan *smp;
852 BT_DBG("conn %p", conn);
854 if (skb->len < sizeof(*rp))
855 return SMP_UNSPECIFIED;
857 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
858 return SMP_CMD_NOTSUPP;
860 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
862 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
865 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
868 smp = smp_chan_create(conn);
870 skb_pull(skb, sizeof(*rp));
872 memset(&cp, 0, sizeof(cp));
873 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
875 smp->preq[0] = SMP_CMD_PAIRING_REQ;
876 memcpy(&smp->preq[1], &cp, sizeof(cp));
878 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
883 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
885 if (sec_level == BT_SECURITY_LOW)
888 if (hcon->sec_level >= sec_level)
894 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
896 struct l2cap_conn *conn = hcon->l2cap_data;
897 struct smp_chan *smp = conn->smp_chan;
900 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
902 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
905 if (smp_sufficient_security(hcon, sec_level))
908 if (hcon->link_mode & HCI_LM_MASTER)
909 if (smp_ltk_encrypt(conn, sec_level))
912 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
915 smp = smp_chan_create(conn);
919 authreq = seclevel_to_authreq(sec_level);
921 if (hcon->link_mode & HCI_LM_MASTER) {
922 struct smp_cmd_pairing cp;
924 build_pairing_cmd(conn, &cp, NULL, authreq);
925 smp->preq[0] = SMP_CMD_PAIRING_REQ;
926 memcpy(&smp->preq[1], &cp, sizeof(cp));
928 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
930 struct smp_cmd_security_req cp;
931 cp.auth_req = authreq;
932 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
936 hcon->pending_sec_level = sec_level;
941 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
943 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
944 struct smp_chan *smp = conn->smp_chan;
946 BT_DBG("conn %p", conn);
948 if (skb->len < sizeof(*rp))
949 return SMP_UNSPECIFIED;
951 /* Ignore this PDU if it wasn't requested */
952 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
955 skb_pull(skb, sizeof(*rp));
957 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
962 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
964 struct smp_cmd_master_ident *rp = (void *) skb->data;
965 struct smp_chan *smp = conn->smp_chan;
966 struct hci_dev *hdev = conn->hcon->hdev;
967 struct hci_conn *hcon = conn->hcon;
971 BT_DBG("conn %p", conn);
973 if (skb->len < sizeof(*rp))
974 return SMP_UNSPECIFIED;
976 /* Ignore this PDU if it wasn't requested */
977 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
980 /* Mark the information as received */
981 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
983 skb_pull(skb, sizeof(*rp));
986 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
987 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
988 authenticated, smp->tk, smp->enc_key_size,
991 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
992 smp_distribute_keys(conn);
993 hci_dev_unlock(hdev);
998 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1000 struct smp_cmd_ident_info *info = (void *) skb->data;
1001 struct smp_chan *smp = conn->smp_chan;
1005 if (skb->len < sizeof(*info))
1006 return SMP_UNSPECIFIED;
1008 /* Ignore this PDU if it wasn't requested */
1009 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1012 skb_pull(skb, sizeof(*info));
1014 memcpy(smp->irk, info->irk, 16);
1019 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1020 struct sk_buff *skb)
1022 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1023 struct smp_chan *smp = conn->smp_chan;
1024 struct hci_conn *hcon = conn->hcon;
1029 if (skb->len < sizeof(*info))
1030 return SMP_UNSPECIFIED;
1032 /* Ignore this PDU if it wasn't requested */
1033 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1036 /* Mark the information as received */
1037 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1039 skb_pull(skb, sizeof(*info));
1041 /* Strictly speaking the Core Specification (4.1) allows sending
1042 * an empty address which would force us to rely on just the IRK
1043 * as "identity information". However, since such
1044 * implementations are not known of and in order to not over
1045 * complicate our implementation, simply pretend that we never
1046 * received an IRK for such a device.
1048 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1049 BT_ERR("Ignoring IRK with no identity address");
1050 smp_distribute_keys(conn);
1054 bacpy(&smp->id_addr, &info->bdaddr);
1055 smp->id_addr_type = info->addr_type;
1057 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1058 bacpy(&rpa, &hcon->dst);
1060 bacpy(&rpa, BDADDR_ANY);
1062 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1063 smp->id_addr_type, smp->irk, &rpa);
1065 /* Track the connection based on the Identity Address from now on */
1066 bacpy(&hcon->dst, &smp->id_addr);
1067 hcon->dst_type = smp->id_addr_type;
1069 l2cap_conn_update_id_addr(hcon);
1071 smp_distribute_keys(conn);
1076 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1078 struct smp_cmd_sign_info *rp = (void *) skb->data;
1079 struct smp_chan *smp = conn->smp_chan;
1080 struct hci_dev *hdev = conn->hcon->hdev;
1081 struct smp_csrk *csrk;
1083 BT_DBG("conn %p", conn);
1085 if (skb->len < sizeof(*rp))
1086 return SMP_UNSPECIFIED;
1088 /* Ignore this PDU if it wasn't requested */
1089 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1092 /* Mark the information as received */
1093 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1095 skb_pull(skb, sizeof(*rp));
1098 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1100 csrk->master = 0x01;
1101 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1104 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1105 smp_distribute_keys(conn);
1106 hci_dev_unlock(hdev);
1111 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1113 struct hci_conn *hcon = conn->hcon;
1117 if (hcon->type != LE_LINK) {
1127 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1129 reason = SMP_PAIRING_NOTSUPP;
1133 code = skb->data[0];
1134 skb_pull(skb, sizeof(code));
1137 * The SMP context must be initialized for all other PDUs except
1138 * pairing and security requests. If we get any other PDU when
1139 * not initialized simply disconnect (done if this function
1140 * returns an error).
1142 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1144 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1150 case SMP_CMD_PAIRING_REQ:
1151 reason = smp_cmd_pairing_req(conn, skb);
1154 case SMP_CMD_PAIRING_FAIL:
1155 smp_failure(conn, 0);
1160 case SMP_CMD_PAIRING_RSP:
1161 reason = smp_cmd_pairing_rsp(conn, skb);
1164 case SMP_CMD_SECURITY_REQ:
1165 reason = smp_cmd_security_req(conn, skb);
1168 case SMP_CMD_PAIRING_CONFIRM:
1169 reason = smp_cmd_pairing_confirm(conn, skb);
1172 case SMP_CMD_PAIRING_RANDOM:
1173 reason = smp_cmd_pairing_random(conn, skb);
1176 case SMP_CMD_ENCRYPT_INFO:
1177 reason = smp_cmd_encrypt_info(conn, skb);
1180 case SMP_CMD_MASTER_IDENT:
1181 reason = smp_cmd_master_ident(conn, skb);
1184 case SMP_CMD_IDENT_INFO:
1185 reason = smp_cmd_ident_info(conn, skb);
1188 case SMP_CMD_IDENT_ADDR_INFO:
1189 reason = smp_cmd_ident_addr_info(conn, skb);
1192 case SMP_CMD_SIGN_INFO:
1193 reason = smp_cmd_sign_info(conn, skb);
1197 BT_DBG("Unknown command code 0x%2.2x", code);
1199 reason = SMP_CMD_NOTSUPP;
1206 smp_failure(conn, reason);
1212 static void smp_notify_keys(struct l2cap_conn *conn)
1214 struct smp_chan *smp = conn->smp_chan;
1215 struct hci_conn *hcon = conn->hcon;
1216 struct hci_dev *hdev = hcon->hdev;
1217 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1218 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1221 if (smp->remote_irk)
1222 mgmt_new_irk(hdev, smp->remote_irk);
1224 /* The LTKs and CSRKs should be persistent only if both sides
1225 * had the bonding bit set in their authentication requests.
1227 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1230 smp->csrk->bdaddr_type = hcon->dst_type;
1231 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1232 mgmt_new_csrk(hdev, smp->csrk, persistent);
1235 if (smp->slave_csrk) {
1236 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1237 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1238 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1242 smp->ltk->bdaddr_type = hcon->dst_type;
1243 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1244 mgmt_new_ltk(hdev, smp->ltk, persistent);
1247 if (smp->slave_ltk) {
1248 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1249 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1250 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1254 int smp_distribute_keys(struct l2cap_conn *conn)
1256 struct smp_cmd_pairing *req, *rsp;
1257 struct smp_chan *smp = conn->smp_chan;
1258 struct hci_conn *hcon = conn->hcon;
1259 struct hci_dev *hdev = hcon->hdev;
1263 BT_DBG("conn %p", conn);
1265 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1268 rsp = (void *) &smp->prsp[1];
1270 /* The responder sends its keys first */
1271 if (hcon->out && (smp->remote_key_dist & 0x07))
1274 req = (void *) &smp->preq[1];
1277 keydist = &rsp->init_key_dist;
1278 *keydist &= req->init_key_dist;
1280 keydist = &rsp->resp_key_dist;
1281 *keydist &= req->resp_key_dist;
1284 BT_DBG("keydist 0x%x", *keydist);
1286 if (*keydist & SMP_DIST_ENC_KEY) {
1287 struct smp_cmd_encrypt_info enc;
1288 struct smp_cmd_master_ident ident;
1289 struct smp_ltk *ltk;
1294 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1295 get_random_bytes(&ediv, sizeof(ediv));
1296 get_random_bytes(&rand, sizeof(rand));
1298 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1300 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1301 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1302 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1303 smp->enc_key_size, ediv, rand);
1304 smp->slave_ltk = ltk;
1309 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1311 *keydist &= ~SMP_DIST_ENC_KEY;
1314 if (*keydist & SMP_DIST_ID_KEY) {
1315 struct smp_cmd_ident_addr_info addrinfo;
1316 struct smp_cmd_ident_info idinfo;
1318 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1320 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1322 /* The hci_conn contains the local identity address
1323 * after the connection has been established.
1325 * This is true even when the connection has been
1326 * established using a resolvable random address.
1328 bacpy(&addrinfo.bdaddr, &hcon->src);
1329 addrinfo.addr_type = hcon->src_type;
1331 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1334 *keydist &= ~SMP_DIST_ID_KEY;
1337 if (*keydist & SMP_DIST_SIGN) {
1338 struct smp_cmd_sign_info sign;
1339 struct smp_csrk *csrk;
1341 /* Generate a new random key */
1342 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1344 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1346 csrk->master = 0x00;
1347 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1349 smp->slave_csrk = csrk;
1351 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1353 *keydist &= ~SMP_DIST_SIGN;
1356 /* If there are still keys to be received wait for them */
1357 if ((smp->remote_key_dist & 0x07))
1360 /* Check if we should try to re-encrypt the link with the LTK.
1361 * SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've
1362 * already tried this (in which case we shouldn't try again).
1364 * The request will trigger an encryption key refresh event
1365 * which will cause a call to auth_cfm and eventually lead to
1366 * l2cap_core.c calling this smp_distribute_keys function again
1367 * and thereby completing the process.
1370 ltk_encrypt = !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT,
1373 ltk_encrypt = false;
1375 /* Re-encrypt the link with LTK if possible */
1376 if (ltk_encrypt && hcon->out) {
1377 queue_delayed_work(hdev->req_workqueue, &smp->reencrypt,
1378 SMP_REENCRYPT_TIMEOUT);
1380 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1381 cancel_delayed_work_sync(&conn->security_timer);
1382 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1383 smp_notify_keys(conn);
1384 smp_chan_destroy(conn);
projects / firefly-linux-kernel-4.4.55.git / blob