2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(u8 src[16], u8 dst[16])
41 for (i = 0; i < 16; i++)
45 static inline void swap56(u8 src[7], u8 dst[7])
48 for (i = 0; i < 7; i++)
52 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
54 struct blkcipher_desc desc;
55 struct scatterlist sg;
59 BT_ERR("tfm %p", tfm);
66 err = crypto_blkcipher_setkey(tfm, k, 16);
68 BT_ERR("cipher setkey failed: %d", err);
72 sg_init_one(&sg, r, 16);
74 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
76 BT_ERR("Encrypt data error %d", err);
81 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
86 /* r' = padding || r */
93 err = smp_e(tfm, k, _res);
95 BT_ERR("Encrypt error");
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
112 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
120 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
124 return !memcmp(bdaddr->b, hash, 3);
127 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
131 get_random_bytes(&rpa->b[3], 3);
133 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
134 rpa->b[5] |= 0x40; /* Set second most significant bit */
136 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
140 BT_DBG("RPA %pMR", rpa);
145 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
146 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
147 u8 _rat, bdaddr_t *ra, u8 res[16])
154 /* p1 = pres || preq || _rat || _iat */
156 swap56(preq, p1 + 7);
162 /* p2 = padding || ia || ra */
163 baswap((bdaddr_t *) (p2 + 4), ia);
164 baswap((bdaddr_t *) (p2 + 10), ra);
167 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
169 /* res = e(k, res) */
170 err = smp_e(tfm, k, res);
172 BT_ERR("Encrypt data error");
176 /* res = res XOR p2 */
177 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
179 /* res = e(k, res) */
180 err = smp_e(tfm, k, res);
182 BT_ERR("Encrypt data error");
187 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
188 u8 r2[16], u8 _r[16])
192 /* Just least significant octets from r1 and r2 are considered */
193 memcpy(_r, r1 + 8, 8);
194 memcpy(_r + 8, r2 + 8, 8);
196 err = smp_e(tfm, k, _r);
198 BT_ERR("Encrypt data error");
203 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
204 u16 dlen, void *data)
207 struct l2cap_hdr *lh;
210 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
215 skb = bt_skb_alloc(len, GFP_ATOMIC);
219 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
220 lh->len = cpu_to_le16(sizeof(code) + dlen);
221 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
223 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
225 memcpy(skb_put(skb, dlen), data, dlen);
230 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
232 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
234 BT_DBG("code 0x%2.2x", code);
239 skb->priority = HCI_PRIO_MAX;
240 hci_send_acl(conn->hchan, skb, 0);
242 cancel_delayed_work_sync(&conn->security_timer);
243 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
246 static __u8 authreq_to_seclevel(__u8 authreq)
248 if (authreq & SMP_AUTH_MITM)
249 return BT_SECURITY_HIGH;
251 return BT_SECURITY_MEDIUM;
254 static __u8 seclevel_to_authreq(__u8 sec_level)
257 case BT_SECURITY_HIGH:
258 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
259 case BT_SECURITY_MEDIUM:
260 return SMP_AUTH_BONDING;
262 return SMP_AUTH_NONE;
266 static void build_pairing_cmd(struct l2cap_conn *conn,
267 struct smp_cmd_pairing *req,
268 struct smp_cmd_pairing *rsp, __u8 authreq)
270 struct smp_chan *smp = conn->smp_chan;
271 struct hci_conn *hcon = conn->hcon;
272 struct hci_dev *hdev = hcon->hdev;
273 u8 local_dist = 0, remote_dist = 0;
275 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
276 local_dist = SMP_DIST_ENC_KEY;
277 remote_dist = SMP_DIST_ENC_KEY;
278 authreq |= SMP_AUTH_BONDING;
280 authreq &= ~SMP_AUTH_BONDING;
283 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
284 remote_dist |= SMP_DIST_ID_KEY;
286 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
287 local_dist |= SMP_DIST_ID_KEY;
290 req->io_capability = conn->hcon->io_capability;
291 req->oob_flag = SMP_OOB_NOT_PRESENT;
292 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
293 req->init_key_dist = local_dist;
294 req->resp_key_dist = remote_dist;
295 req->auth_req = (authreq & AUTH_REQ_MASK);
297 smp->remote_key_dist = remote_dist;
301 rsp->io_capability = conn->hcon->io_capability;
302 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
303 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
304 rsp->init_key_dist = req->init_key_dist & remote_dist;
305 rsp->resp_key_dist = req->resp_key_dist & local_dist;
306 rsp->auth_req = (authreq & AUTH_REQ_MASK);
308 smp->remote_key_dist = rsp->init_key_dist;
311 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
313 struct smp_chan *smp = conn->smp_chan;
315 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
316 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
317 return SMP_ENC_KEY_SIZE;
319 smp->enc_key_size = max_key_size;
324 static void smp_failure(struct l2cap_conn *conn, u8 reason)
326 struct hci_conn *hcon = conn->hcon;
329 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
332 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
333 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
334 HCI_ERROR_AUTH_FAILURE);
336 cancel_delayed_work_sync(&conn->security_timer);
338 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
339 smp_chan_destroy(conn);
342 #define JUST_WORKS 0x00
343 #define JUST_CFM 0x01
344 #define REQ_PASSKEY 0x02
345 #define CFM_PASSKEY 0x03
349 static const u8 gen_method[5][5] = {
350 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
351 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
352 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
353 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
354 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
357 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
358 u8 local_io, u8 remote_io)
360 struct hci_conn *hcon = conn->hcon;
361 struct smp_chan *smp = conn->smp_chan;
366 /* Initialize key for JUST WORKS */
367 memset(smp->tk, 0, sizeof(smp->tk));
368 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
370 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
372 /* If neither side wants MITM, use JUST WORKS */
373 /* If either side has unknown io_caps, use JUST WORKS */
374 /* Otherwise, look up method from the table */
375 if (!(auth & SMP_AUTH_MITM) ||
376 local_io > SMP_IO_KEYBOARD_DISPLAY ||
377 remote_io > SMP_IO_KEYBOARD_DISPLAY)
380 method = gen_method[remote_io][local_io];
382 /* If not bonding, don't ask user to confirm a Zero TK */
383 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
386 /* If Just Works, Continue with Zero TK */
387 if (method == JUST_WORKS) {
388 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
392 /* Not Just Works/Confirm results in MITM Authentication */
393 if (method != JUST_CFM)
394 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
396 /* If both devices have Keyoard-Display I/O, the master
397 * Confirms and the slave Enters the passkey.
399 if (method == OVERLAP) {
400 if (hcon->link_mode & HCI_LM_MASTER)
401 method = CFM_PASSKEY;
403 method = REQ_PASSKEY;
406 /* Generate random passkey. Not valid until confirmed. */
407 if (method == CFM_PASSKEY) {
410 memset(key, 0, sizeof(key));
411 get_random_bytes(&passkey, sizeof(passkey));
413 put_unaligned_le32(passkey, key);
414 swap128(key, smp->tk);
415 BT_DBG("PassKey: %d", passkey);
418 hci_dev_lock(hcon->hdev);
420 if (method == REQ_PASSKEY)
421 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
422 hcon->type, hcon->dst_type);
424 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
425 hcon->type, hcon->dst_type,
426 cpu_to_le32(passkey), 0);
428 hci_dev_unlock(hcon->hdev);
433 static void confirm_work(struct work_struct *work)
435 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
436 struct l2cap_conn *conn = smp->conn;
437 struct hci_dev *hdev = conn->hcon->hdev;
438 struct crypto_blkcipher *tfm = hdev->tfm_aes;
439 struct smp_cmd_pairing_confirm cp;
443 BT_DBG("conn %p", conn);
445 /* Prevent mutual access to hdev->tfm_aes */
449 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
450 conn->hcon->src_type, &conn->hcon->src,
451 conn->hcon->dst_type, &conn->hcon->dst, res);
453 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
454 conn->hcon->dst_type, &conn->hcon->dst,
455 conn->hcon->src_type, &conn->hcon->src, res);
457 hci_dev_unlock(hdev);
460 reason = SMP_UNSPECIFIED;
464 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
466 swap128(res, cp.confirm_val);
467 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
472 smp_failure(conn, reason);
475 static void random_work(struct work_struct *work)
477 struct smp_chan *smp = container_of(work, struct smp_chan, random);
478 struct l2cap_conn *conn = smp->conn;
479 struct hci_conn *hcon = conn->hcon;
480 struct hci_dev *hdev = hcon->hdev;
481 struct crypto_blkcipher *tfm = hdev->tfm_aes;
482 u8 reason, confirm[16], res[16], key[16];
485 if (IS_ERR_OR_NULL(tfm)) {
486 reason = SMP_UNSPECIFIED;
490 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
492 /* Prevent mutual access to hdev->tfm_aes */
496 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
497 hcon->src_type, &hcon->src,
498 hcon->dst_type, &hcon->dst, res);
500 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
501 hcon->dst_type, &hcon->dst,
502 hcon->src_type, &hcon->src, res);
504 hci_dev_unlock(hdev);
507 reason = SMP_UNSPECIFIED;
511 swap128(res, confirm);
513 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
514 BT_ERR("Pairing failed (confirmation values mismatch)");
515 reason = SMP_CONFIRM_FAILED;
524 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
527 memset(stk + smp->enc_key_size, 0,
528 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
530 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
531 reason = SMP_UNSPECIFIED;
535 hci_le_start_enc(hcon, ediv, rand, stk);
536 hcon->enc_key_size = smp->enc_key_size;
542 swap128(smp->prnd, r);
543 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
545 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
548 memset(stk + smp->enc_key_size, 0,
549 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
551 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
552 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
559 smp_failure(conn, reason);
562 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
564 struct smp_chan *smp;
566 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
570 INIT_WORK(&smp->confirm, confirm_work);
571 INIT_WORK(&smp->random, random_work);
574 conn->smp_chan = smp;
575 conn->hcon->smp_conn = conn;
577 hci_conn_hold(conn->hcon);
582 void smp_chan_destroy(struct l2cap_conn *conn)
584 struct smp_chan *smp = conn->smp_chan;
589 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
590 mgmt_smp_complete(conn->hcon, complete);
593 conn->smp_chan = NULL;
594 conn->hcon->smp_conn = NULL;
595 hci_conn_drop(conn->hcon);
598 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
600 struct l2cap_conn *conn = hcon->smp_conn;
601 struct smp_chan *smp;
610 smp = conn->smp_chan;
613 case MGMT_OP_USER_PASSKEY_REPLY:
614 value = le32_to_cpu(passkey);
615 memset(key, 0, sizeof(key));
616 BT_DBG("PassKey: %d", value);
617 put_unaligned_le32(value, key);
618 swap128(key, smp->tk);
620 case MGMT_OP_USER_CONFIRM_REPLY:
621 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
623 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
624 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
625 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
628 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
632 /* If it is our turn to send Pairing Confirm, do so now */
633 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
634 queue_work(hcon->hdev->workqueue, &smp->confirm);
639 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
641 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
642 struct smp_chan *smp;
644 u8 auth = SMP_AUTH_NONE;
647 BT_DBG("conn %p", conn);
649 if (skb->len < sizeof(*req))
650 return SMP_UNSPECIFIED;
652 if (conn->hcon->link_mode & HCI_LM_MASTER)
653 return SMP_CMD_NOTSUPP;
655 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
656 smp = smp_chan_create(conn);
658 smp = conn->smp_chan;
661 return SMP_UNSPECIFIED;
663 smp->preq[0] = SMP_CMD_PAIRING_REQ;
664 memcpy(&smp->preq[1], req, sizeof(*req));
665 skb_pull(skb, sizeof(*req));
667 /* We didn't start the pairing, so match remote */
668 if (req->auth_req & SMP_AUTH_BONDING)
669 auth = req->auth_req;
671 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
673 build_pairing_cmd(conn, req, &rsp, auth);
675 key_size = min(req->max_key_size, rsp.max_key_size);
676 if (check_enc_key_size(conn, key_size))
677 return SMP_ENC_KEY_SIZE;
679 get_random_bytes(smp->prnd, sizeof(smp->prnd));
681 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
682 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
684 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
686 /* Request setup of TK */
687 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
689 return SMP_UNSPECIFIED;
694 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
696 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
697 struct smp_chan *smp = conn->smp_chan;
698 struct hci_dev *hdev = conn->hcon->hdev;
699 u8 key_size, auth = SMP_AUTH_NONE;
702 BT_DBG("conn %p", conn);
704 if (skb->len < sizeof(*rsp))
705 return SMP_UNSPECIFIED;
707 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
708 return SMP_CMD_NOTSUPP;
710 skb_pull(skb, sizeof(*rsp));
712 req = (void *) &smp->preq[1];
714 key_size = min(req->max_key_size, rsp->max_key_size);
715 if (check_enc_key_size(conn, key_size))
716 return SMP_ENC_KEY_SIZE;
718 get_random_bytes(smp->prnd, sizeof(smp->prnd));
720 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
721 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
723 if ((req->auth_req & SMP_AUTH_BONDING) &&
724 (rsp->auth_req & SMP_AUTH_BONDING))
725 auth = SMP_AUTH_BONDING;
727 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
729 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
731 return SMP_UNSPECIFIED;
733 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
735 /* Can't compose response until we have been confirmed */
736 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
739 queue_work(hdev->workqueue, &smp->confirm);
744 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
746 struct smp_chan *smp = conn->smp_chan;
747 struct hci_dev *hdev = conn->hcon->hdev;
749 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
751 if (skb->len < sizeof(smp->pcnf))
752 return SMP_UNSPECIFIED;
754 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
755 skb_pull(skb, sizeof(smp->pcnf));
757 if (conn->hcon->out) {
760 swap128(smp->prnd, random);
761 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
763 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
764 queue_work(hdev->workqueue, &smp->confirm);
766 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
772 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
774 struct smp_chan *smp = conn->smp_chan;
775 struct hci_dev *hdev = conn->hcon->hdev;
777 BT_DBG("conn %p", conn);
779 if (skb->len < sizeof(smp->rrnd))
780 return SMP_UNSPECIFIED;
782 swap128(skb->data, smp->rrnd);
783 skb_pull(skb, sizeof(smp->rrnd));
785 queue_work(hdev->workqueue, &smp->random);
790 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
793 struct hci_conn *hcon = conn->hcon;
795 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
800 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
803 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
806 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
807 hcon->enc_key_size = key->enc_size;
812 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
814 struct smp_cmd_security_req *rp = (void *) skb->data;
815 struct smp_cmd_pairing cp;
816 struct hci_conn *hcon = conn->hcon;
817 struct smp_chan *smp;
819 BT_DBG("conn %p", conn);
821 if (skb->len < sizeof(*rp))
822 return SMP_UNSPECIFIED;
824 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
825 return SMP_CMD_NOTSUPP;
827 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
829 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
832 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
835 smp = smp_chan_create(conn);
837 skb_pull(skb, sizeof(*rp));
839 memset(&cp, 0, sizeof(cp));
840 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
842 smp->preq[0] = SMP_CMD_PAIRING_REQ;
843 memcpy(&smp->preq[1], &cp, sizeof(cp));
845 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
850 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
852 if (sec_level == BT_SECURITY_LOW)
855 if (hcon->sec_level >= sec_level)
861 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
863 struct l2cap_conn *conn = hcon->l2cap_data;
864 struct smp_chan *smp = conn->smp_chan;
867 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
869 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
872 if (smp_sufficient_security(hcon, sec_level))
875 if (hcon->link_mode & HCI_LM_MASTER)
876 if (smp_ltk_encrypt(conn, sec_level))
879 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
882 smp = smp_chan_create(conn);
886 authreq = seclevel_to_authreq(sec_level);
888 if (hcon->link_mode & HCI_LM_MASTER) {
889 struct smp_cmd_pairing cp;
891 build_pairing_cmd(conn, &cp, NULL, authreq);
892 smp->preq[0] = SMP_CMD_PAIRING_REQ;
893 memcpy(&smp->preq[1], &cp, sizeof(cp));
895 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
897 struct smp_cmd_security_req cp;
898 cp.auth_req = authreq;
899 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
903 hcon->pending_sec_level = sec_level;
908 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
910 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
911 struct smp_chan *smp = conn->smp_chan;
913 BT_DBG("conn %p", conn);
915 if (skb->len < sizeof(*rp))
916 return SMP_UNSPECIFIED;
918 /* Ignore this PDU if it wasn't requested */
919 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
922 skb_pull(skb, sizeof(*rp));
924 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
929 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
931 struct smp_cmd_master_ident *rp = (void *) skb->data;
932 struct smp_chan *smp = conn->smp_chan;
933 struct hci_dev *hdev = conn->hcon->hdev;
934 struct hci_conn *hcon = conn->hcon;
938 BT_DBG("conn %p", conn);
940 if (skb->len < sizeof(*rp))
941 return SMP_UNSPECIFIED;
943 /* Ignore this PDU if it wasn't requested */
944 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
947 /* Mark the information as received */
948 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
950 skb_pull(skb, sizeof(*rp));
953 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
954 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
955 authenticated, smp->tk, smp->enc_key_size,
958 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
959 smp_distribute_keys(conn);
960 hci_dev_unlock(hdev);
965 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
967 struct smp_cmd_ident_info *info = (void *) skb->data;
968 struct smp_chan *smp = conn->smp_chan;
972 if (skb->len < sizeof(*info))
973 return SMP_UNSPECIFIED;
975 /* Ignore this PDU if it wasn't requested */
976 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
979 skb_pull(skb, sizeof(*info));
981 memcpy(smp->irk, info->irk, 16);
986 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
989 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
990 struct smp_chan *smp = conn->smp_chan;
991 struct hci_conn *hcon = conn->hcon;
996 if (skb->len < sizeof(*info))
997 return SMP_UNSPECIFIED;
999 /* Ignore this PDU if it wasn't requested */
1000 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1003 /* Mark the information as received */
1004 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1006 skb_pull(skb, sizeof(*info));
1008 /* Strictly speaking the Core Specification (4.1) allows sending
1009 * an empty address which would force us to rely on just the IRK
1010 * as "identity information". However, since such
1011 * implementations are not known of and in order to not over
1012 * complicate our implementation, simply pretend that we never
1013 * received an IRK for such a device.
1015 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1016 BT_ERR("Ignoring IRK with no identity address");
1017 smp_distribute_keys(conn);
1021 bacpy(&smp->id_addr, &info->bdaddr);
1022 smp->id_addr_type = info->addr_type;
1024 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1025 bacpy(&rpa, &hcon->dst);
1027 bacpy(&rpa, BDADDR_ANY);
1029 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1030 smp->id_addr_type, smp->irk, &rpa);
1032 /* Track the connection based on the Identity Address from now on */
1033 bacpy(&hcon->dst, &smp->id_addr);
1034 hcon->dst_type = smp->id_addr_type;
1036 l2cap_conn_update_id_addr(hcon);
1038 smp_distribute_keys(conn);
1043 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1045 struct hci_conn *hcon = conn->hcon;
1049 if (hcon->type != LE_LINK) {
1059 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1061 reason = SMP_PAIRING_NOTSUPP;
1065 code = skb->data[0];
1066 skb_pull(skb, sizeof(code));
1069 * The SMP context must be initialized for all other PDUs except
1070 * pairing and security requests. If we get any other PDU when
1071 * not initialized simply disconnect (done if this function
1072 * returns an error).
1074 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1076 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1082 case SMP_CMD_PAIRING_REQ:
1083 reason = smp_cmd_pairing_req(conn, skb);
1086 case SMP_CMD_PAIRING_FAIL:
1087 smp_failure(conn, 0);
1092 case SMP_CMD_PAIRING_RSP:
1093 reason = smp_cmd_pairing_rsp(conn, skb);
1096 case SMP_CMD_SECURITY_REQ:
1097 reason = smp_cmd_security_req(conn, skb);
1100 case SMP_CMD_PAIRING_CONFIRM:
1101 reason = smp_cmd_pairing_confirm(conn, skb);
1104 case SMP_CMD_PAIRING_RANDOM:
1105 reason = smp_cmd_pairing_random(conn, skb);
1108 case SMP_CMD_ENCRYPT_INFO:
1109 reason = smp_cmd_encrypt_info(conn, skb);
1112 case SMP_CMD_MASTER_IDENT:
1113 reason = smp_cmd_master_ident(conn, skb);
1116 case SMP_CMD_IDENT_INFO:
1117 reason = smp_cmd_ident_info(conn, skb);
1120 case SMP_CMD_IDENT_ADDR_INFO:
1121 reason = smp_cmd_ident_addr_info(conn, skb);
1124 case SMP_CMD_SIGN_INFO:
1130 BT_DBG("Unknown command code 0x%2.2x", code);
1132 reason = SMP_CMD_NOTSUPP;
1139 smp_failure(conn, reason);
1145 static void smp_notify_keys(struct l2cap_conn *conn)
1147 struct smp_chan *smp = conn->smp_chan;
1148 struct hci_conn *hcon = conn->hcon;
1149 struct hci_dev *hdev = hcon->hdev;
1151 if (smp->remote_irk)
1152 mgmt_new_irk(hdev, smp->remote_irk);
1155 smp->ltk->bdaddr_type = hcon->dst_type;
1156 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1157 mgmt_new_ltk(hdev, smp->ltk);
1160 if (smp->slave_ltk) {
1161 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1162 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1163 mgmt_new_ltk(hdev, smp->slave_ltk);
1167 int smp_distribute_keys(struct l2cap_conn *conn)
1169 struct smp_cmd_pairing *req, *rsp;
1170 struct smp_chan *smp = conn->smp_chan;
1171 struct hci_conn *hcon = conn->hcon;
1172 struct hci_dev *hdev = hcon->hdev;
1175 BT_DBG("conn %p", conn);
1177 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1180 rsp = (void *) &smp->prsp[1];
1182 /* The responder sends its keys first */
1183 if (hcon->out && (smp->remote_key_dist & 0x07))
1186 req = (void *) &smp->preq[1];
1189 keydist = &rsp->init_key_dist;
1190 *keydist &= req->init_key_dist;
1192 keydist = &rsp->resp_key_dist;
1193 *keydist &= req->resp_key_dist;
1196 BT_DBG("keydist 0x%x", *keydist);
1198 if (*keydist & SMP_DIST_ENC_KEY) {
1199 struct smp_cmd_encrypt_info enc;
1200 struct smp_cmd_master_ident ident;
1201 struct smp_ltk *ltk;
1206 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1207 get_random_bytes(&ediv, sizeof(ediv));
1208 get_random_bytes(&rand, sizeof(rand));
1210 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1212 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1213 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1214 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1215 smp->enc_key_size, ediv, rand);
1216 smp->slave_ltk = ltk;
1221 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1223 *keydist &= ~SMP_DIST_ENC_KEY;
1226 if (*keydist & SMP_DIST_ID_KEY) {
1227 struct smp_cmd_ident_addr_info addrinfo;
1228 struct smp_cmd_ident_info idinfo;
1230 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1232 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1234 /* The hci_conn contains the local identity address
1235 * after the connection has been established.
1237 * This is true even when the connection has been
1238 * established using a resolvable random address.
1240 bacpy(&addrinfo.bdaddr, &hcon->src);
1241 addrinfo.addr_type = hcon->src_type;
1243 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1246 *keydist &= ~SMP_DIST_ID_KEY;
1249 if (*keydist & SMP_DIST_SIGN) {
1250 struct smp_cmd_sign_info sign;
1252 /* Send a dummy key */
1253 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1255 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1257 *keydist &= ~SMP_DIST_SIGN;
1260 /* If there are still keys to be received wait for them */
1261 if ((smp->remote_key_dist & 0x07))
1264 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1265 cancel_delayed_work_sync(&conn->security_timer);
1266 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1267 smp_notify_keys(conn);
1269 smp_chan_destroy(conn);