2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
65 static inline void swap128(const u8 src[16], u8 dst[16])
68 for (i = 0; i < 16; i++)
72 static inline void swap56(const u8 src[7], u8 dst[7])
75 for (i = 0; i < 7; i++)
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
87 BT_ERR("tfm %p", tfm);
94 /* The most significant octet of key corresponds to k[0] */
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 BT_ERR("cipher setkey failed: %d", err);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg, data, 16);
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 BT_ERR("Encrypt data error %d", err);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 /* r' = padding || r */
125 memset(_res + 3, 0, 13);
127 err = smp_e(tfm, irk, _res);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res, _res, 3);
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
156 return !memcmp(bdaddr->b, hash, 3);
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
163 get_random_bytes(&rpa->b[3], 3);
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
172 BT_DBG("RPA %pMR", rpa);
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r + 8, r1, 8);
227 err = smp_e(tfm, k, _r);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
238 struct l2cap_hdr *lh;
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
256 memcpy(skb_put(skb, dlen), data, dlen);
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
265 BT_DBG("code 0x%2.2x", code);
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
277 static __u8 authreq_to_seclevel(__u8 authreq)
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
282 return BT_SECURITY_MEDIUM;
285 static __u8 seclevel_to_authreq(__u8 sec_level)
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
293 return SMP_AUTH_NONE;
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
311 authreq &= ~SMP_AUTH_BONDING;
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
328 smp->remote_key_dist = remote_dist;
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
339 smp->remote_key_dist = rsp->init_key_dist;
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
344 struct smp_chan *smp = conn->smp_chan;
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
350 smp->enc_key_size = max_key_size;
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
357 struct hci_conn *hcon = conn->hcon;
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
367 cancel_delayed_work_sync(&conn->security_timer);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
388 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 u8 local_io, u8 remote_io)
391 struct hci_conn *hcon = conn->hcon;
392 struct smp_chan *smp = conn->smp_chan;
397 /* Initialize key for JUST WORKS */
398 memset(smp->tk, 0, sizeof(smp->tk));
399 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth & SMP_AUTH_MITM) ||
407 local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 remote_io > SMP_IO_KEYBOARD_DISPLAY)
411 method = gen_method[remote_io][local_io];
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
417 /* Don't confirm locally initiated pairing attempts */
418 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
421 /* If Just Works, Continue with Zero TK */
422 if (method == JUST_WORKS) {
423 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method != JUST_CFM)
429 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
434 if (method == OVERLAP) {
435 if (hcon->link_mode & HCI_LM_MASTER)
436 method = CFM_PASSKEY;
438 method = REQ_PASSKEY;
441 /* Generate random passkey. */
442 if (method == CFM_PASSKEY) {
443 memset(smp->tk, 0, sizeof(smp->tk));
444 get_random_bytes(&passkey, sizeof(passkey));
446 put_unaligned_le32(passkey, smp->tk);
447 BT_DBG("PassKey: %d", passkey);
448 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
451 hci_dev_lock(hcon->hdev);
453 if (method == REQ_PASSKEY)
454 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 hcon->type, hcon->dst_type);
456 else if (method == JUST_CFM)
457 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 hcon->type, hcon->dst_type,
461 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type,
465 hci_dev_unlock(hcon->hdev);
470 static u8 smp_confirm(struct smp_chan *smp)
472 struct l2cap_conn *conn = smp->conn;
473 struct hci_dev *hdev = conn->hcon->hdev;
474 struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 struct smp_cmd_pairing_confirm cp;
478 BT_DBG("conn %p", conn);
480 /* Prevent mutual access to hdev->tfm_aes */
483 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
484 conn->hcon->init_addr_type, &conn->hcon->init_addr,
485 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
488 hci_dev_unlock(hdev);
491 return SMP_UNSPECIFIED;
493 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
495 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
500 static u8 smp_random(struct smp_chan *smp)
502 struct l2cap_conn *conn = smp->conn;
503 struct hci_conn *hcon = conn->hcon;
504 struct hci_dev *hdev = hcon->hdev;
505 struct crypto_blkcipher *tfm = hdev->tfm_aes;
509 if (IS_ERR_OR_NULL(tfm))
510 return SMP_UNSPECIFIED;
512 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
514 /* Prevent mutual access to hdev->tfm_aes */
517 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
518 hcon->init_addr_type, &hcon->init_addr,
519 hcon->resp_addr_type, &hcon->resp_addr, confirm);
521 hci_dev_unlock(hdev);
524 return SMP_UNSPECIFIED;
526 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
527 BT_ERR("Pairing failed (confirmation values mismatch)");
528 return SMP_CONFIRM_FAILED;
536 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
538 memset(stk + smp->enc_key_size, 0,
539 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
541 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
542 return SMP_UNSPECIFIED;
544 hci_le_start_enc(hcon, ediv, rand, stk);
545 hcon->enc_key_size = smp->enc_key_size;
551 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
554 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
556 memset(stk + smp->enc_key_size, 0,
557 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
559 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
560 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
567 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
569 struct smp_chan *smp;
571 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
576 conn->smp_chan = smp;
577 conn->hcon->smp_conn = conn;
579 hci_conn_hold(conn->hcon);
584 void smp_chan_destroy(struct l2cap_conn *conn)
586 struct smp_chan *smp = conn->smp_chan;
591 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
592 mgmt_smp_complete(conn->hcon, complete);
595 kfree(smp->slave_csrk);
597 /* If pairing failed clean up any keys we might have */
600 list_del(&smp->ltk->list);
604 if (smp->slave_ltk) {
605 list_del(&smp->slave_ltk->list);
606 kfree(smp->slave_ltk);
609 if (smp->remote_irk) {
610 list_del(&smp->remote_irk->list);
611 kfree(smp->remote_irk);
616 conn->smp_chan = NULL;
617 conn->hcon->smp_conn = NULL;
618 hci_conn_drop(conn->hcon);
621 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
623 struct l2cap_conn *conn = hcon->smp_conn;
624 struct smp_chan *smp;
632 smp = conn->smp_chan;
635 case MGMT_OP_USER_PASSKEY_REPLY:
636 value = le32_to_cpu(passkey);
637 memset(smp->tk, 0, sizeof(smp->tk));
638 BT_DBG("PassKey: %d", value);
639 put_unaligned_le32(value, smp->tk);
641 case MGMT_OP_USER_CONFIRM_REPLY:
642 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
644 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
645 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
646 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
649 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
653 /* If it is our turn to send Pairing Confirm, do so now */
654 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
655 u8 rsp = smp_confirm(smp);
657 smp_failure(conn, rsp);
663 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
665 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
666 struct smp_chan *smp;
670 BT_DBG("conn %p", conn);
672 if (skb->len < sizeof(*req))
673 return SMP_INVALID_PARAMS;
675 if (conn->hcon->link_mode & HCI_LM_MASTER)
676 return SMP_CMD_NOTSUPP;
678 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
679 smp = smp_chan_create(conn);
681 smp = conn->smp_chan;
684 return SMP_UNSPECIFIED;
686 smp->preq[0] = SMP_CMD_PAIRING_REQ;
687 memcpy(&smp->preq[1], req, sizeof(*req));
688 skb_pull(skb, sizeof(*req));
690 /* We didn't start the pairing, so match remote */
691 auth = req->auth_req;
693 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
695 build_pairing_cmd(conn, req, &rsp, auth);
697 key_size = min(req->max_key_size, rsp.max_key_size);
698 if (check_enc_key_size(conn, key_size))
699 return SMP_ENC_KEY_SIZE;
701 get_random_bytes(smp->prnd, sizeof(smp->prnd));
703 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
704 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
706 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
708 /* Request setup of TK */
709 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
711 return SMP_UNSPECIFIED;
713 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
718 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
720 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
721 struct smp_chan *smp = conn->smp_chan;
722 u8 key_size, auth = SMP_AUTH_NONE;
725 BT_DBG("conn %p", conn);
727 if (skb->len < sizeof(*rsp))
728 return SMP_INVALID_PARAMS;
730 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
731 return SMP_CMD_NOTSUPP;
733 skb_pull(skb, sizeof(*rsp));
735 req = (void *) &smp->preq[1];
737 key_size = min(req->max_key_size, rsp->max_key_size);
738 if (check_enc_key_size(conn, key_size))
739 return SMP_ENC_KEY_SIZE;
741 get_random_bytes(smp->prnd, sizeof(smp->prnd));
743 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
744 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
746 /* Update remote key distribution in case the remote cleared
747 * some bits that we had enabled in our request.
749 smp->remote_key_dist &= rsp->resp_key_dist;
751 if ((req->auth_req & SMP_AUTH_BONDING) &&
752 (rsp->auth_req & SMP_AUTH_BONDING))
753 auth = SMP_AUTH_BONDING;
755 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
757 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
759 return SMP_UNSPECIFIED;
761 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
763 /* Can't compose response until we have been confirmed */
764 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
765 return smp_confirm(smp);
770 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
772 struct smp_chan *smp = conn->smp_chan;
774 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
776 if (skb->len < sizeof(smp->pcnf))
777 return SMP_INVALID_PARAMS;
779 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
780 skb_pull(skb, sizeof(smp->pcnf));
783 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
785 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
786 return smp_confirm(smp);
788 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
793 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
795 struct smp_chan *smp = conn->smp_chan;
797 BT_DBG("conn %p", conn);
799 if (skb->len < sizeof(smp->rrnd))
800 return SMP_INVALID_PARAMS;
802 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
803 skb_pull(skb, sizeof(smp->rrnd));
805 return smp_random(smp);
808 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
811 struct hci_conn *hcon = conn->hcon;
813 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
818 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
821 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
824 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
825 hcon->enc_key_size = key->enc_size;
830 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
832 struct smp_cmd_security_req *rp = (void *) skb->data;
833 struct smp_cmd_pairing cp;
834 struct hci_conn *hcon = conn->hcon;
835 struct smp_chan *smp;
837 BT_DBG("conn %p", conn);
839 if (skb->len < sizeof(*rp))
840 return SMP_INVALID_PARAMS;
842 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
843 return SMP_CMD_NOTSUPP;
845 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
847 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
850 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
853 smp = smp_chan_create(conn);
855 skb_pull(skb, sizeof(*rp));
857 memset(&cp, 0, sizeof(cp));
858 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
860 smp->preq[0] = SMP_CMD_PAIRING_REQ;
861 memcpy(&smp->preq[1], &cp, sizeof(cp));
863 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
865 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
870 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
872 if (sec_level == BT_SECURITY_LOW)
875 if (hcon->sec_level >= sec_level)
881 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
883 struct l2cap_conn *conn = hcon->l2cap_data;
884 struct smp_chan *smp;
887 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
889 /* This may be NULL if there's an unexpected disconnection */
893 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
896 if (smp_sufficient_security(hcon, sec_level))
899 if (hcon->link_mode & HCI_LM_MASTER)
900 if (smp_ltk_encrypt(conn, sec_level))
903 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
906 smp = smp_chan_create(conn);
910 authreq = seclevel_to_authreq(sec_level);
912 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
913 * flag is set we should also set it for the SMP request.
915 if ((hcon->auth_type & 0x01))
916 authreq |= SMP_AUTH_MITM;
918 if (hcon->link_mode & HCI_LM_MASTER) {
919 struct smp_cmd_pairing cp;
921 build_pairing_cmd(conn, &cp, NULL, authreq);
922 smp->preq[0] = SMP_CMD_PAIRING_REQ;
923 memcpy(&smp->preq[1], &cp, sizeof(cp));
925 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
927 struct smp_cmd_security_req cp;
928 cp.auth_req = authreq;
929 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
932 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
935 hcon->pending_sec_level = sec_level;
940 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
942 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
943 struct smp_chan *smp = conn->smp_chan;
945 BT_DBG("conn %p", conn);
947 if (skb->len < sizeof(*rp))
948 return SMP_INVALID_PARAMS;
950 /* Ignore this PDU if it wasn't requested */
951 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
954 skb_pull(skb, sizeof(*rp));
956 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
961 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
963 struct smp_cmd_master_ident *rp = (void *) skb->data;
964 struct smp_chan *smp = conn->smp_chan;
965 struct hci_dev *hdev = conn->hcon->hdev;
966 struct hci_conn *hcon = conn->hcon;
970 BT_DBG("conn %p", conn);
972 if (skb->len < sizeof(*rp))
973 return SMP_INVALID_PARAMS;
975 /* Ignore this PDU if it wasn't requested */
976 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
979 /* Mark the information as received */
980 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
982 skb_pull(skb, sizeof(*rp));
985 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
986 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
987 authenticated, smp->tk, smp->enc_key_size,
990 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
991 smp_distribute_keys(conn);
992 hci_dev_unlock(hdev);
997 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
999 struct smp_cmd_ident_info *info = (void *) skb->data;
1000 struct smp_chan *smp = conn->smp_chan;
1004 if (skb->len < sizeof(*info))
1005 return SMP_INVALID_PARAMS;
1007 /* Ignore this PDU if it wasn't requested */
1008 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1011 skb_pull(skb, sizeof(*info));
1013 memcpy(smp->irk, info->irk, 16);
1018 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1019 struct sk_buff *skb)
1021 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1022 struct smp_chan *smp = conn->smp_chan;
1023 struct hci_conn *hcon = conn->hcon;
1028 if (skb->len < sizeof(*info))
1029 return SMP_INVALID_PARAMS;
1031 /* Ignore this PDU if it wasn't requested */
1032 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1035 /* Mark the information as received */
1036 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1038 skb_pull(skb, sizeof(*info));
1040 /* Strictly speaking the Core Specification (4.1) allows sending
1041 * an empty address which would force us to rely on just the IRK
1042 * as "identity information". However, since such
1043 * implementations are not known of and in order to not over
1044 * complicate our implementation, simply pretend that we never
1045 * received an IRK for such a device.
1047 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1048 BT_ERR("Ignoring IRK with no identity address");
1049 smp_distribute_keys(conn);
1053 bacpy(&smp->id_addr, &info->bdaddr);
1054 smp->id_addr_type = info->addr_type;
1056 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1057 bacpy(&rpa, &hcon->dst);
1059 bacpy(&rpa, BDADDR_ANY);
1061 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1062 smp->id_addr_type, smp->irk, &rpa);
1064 smp_distribute_keys(conn);
1069 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1071 struct smp_cmd_sign_info *rp = (void *) skb->data;
1072 struct smp_chan *smp = conn->smp_chan;
1073 struct hci_dev *hdev = conn->hcon->hdev;
1074 struct smp_csrk *csrk;
1076 BT_DBG("conn %p", conn);
1078 if (skb->len < sizeof(*rp))
1079 return SMP_INVALID_PARAMS;
1081 /* Ignore this PDU if it wasn't requested */
1082 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1085 /* Mark the information as received */
1086 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1088 skb_pull(skb, sizeof(*rp));
1091 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1093 csrk->master = 0x01;
1094 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1097 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1098 smp_distribute_keys(conn);
1099 hci_dev_unlock(hdev);
1104 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1106 struct hci_conn *hcon = conn->hcon;
1110 if (hcon->type != LE_LINK) {
1120 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1122 reason = SMP_PAIRING_NOTSUPP;
1126 code = skb->data[0];
1127 skb_pull(skb, sizeof(code));
1130 * The SMP context must be initialized for all other PDUs except
1131 * pairing and security requests. If we get any other PDU when
1132 * not initialized simply disconnect (done if this function
1133 * returns an error).
1135 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1137 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1143 case SMP_CMD_PAIRING_REQ:
1144 reason = smp_cmd_pairing_req(conn, skb);
1147 case SMP_CMD_PAIRING_FAIL:
1148 smp_failure(conn, 0);
1153 case SMP_CMD_PAIRING_RSP:
1154 reason = smp_cmd_pairing_rsp(conn, skb);
1157 case SMP_CMD_SECURITY_REQ:
1158 reason = smp_cmd_security_req(conn, skb);
1161 case SMP_CMD_PAIRING_CONFIRM:
1162 reason = smp_cmd_pairing_confirm(conn, skb);
1165 case SMP_CMD_PAIRING_RANDOM:
1166 reason = smp_cmd_pairing_random(conn, skb);
1169 case SMP_CMD_ENCRYPT_INFO:
1170 reason = smp_cmd_encrypt_info(conn, skb);
1173 case SMP_CMD_MASTER_IDENT:
1174 reason = smp_cmd_master_ident(conn, skb);
1177 case SMP_CMD_IDENT_INFO:
1178 reason = smp_cmd_ident_info(conn, skb);
1181 case SMP_CMD_IDENT_ADDR_INFO:
1182 reason = smp_cmd_ident_addr_info(conn, skb);
1185 case SMP_CMD_SIGN_INFO:
1186 reason = smp_cmd_sign_info(conn, skb);
1190 BT_DBG("Unknown command code 0x%2.2x", code);
1192 reason = SMP_CMD_NOTSUPP;
1199 smp_failure(conn, reason);
1205 static void smp_notify_keys(struct l2cap_conn *conn)
1207 struct smp_chan *smp = conn->smp_chan;
1208 struct hci_conn *hcon = conn->hcon;
1209 struct hci_dev *hdev = hcon->hdev;
1210 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1211 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1214 if (smp->remote_irk) {
1215 mgmt_new_irk(hdev, smp->remote_irk);
1216 /* Now that user space can be considered to know the
1217 * identity address track the connection based on it
1220 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1221 hcon->dst_type = smp->remote_irk->addr_type;
1222 l2cap_conn_update_id_addr(hcon);
1225 /* The LTKs and CSRKs should be persistent only if both sides
1226 * had the bonding bit set in their authentication requests.
1228 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1231 smp->csrk->bdaddr_type = hcon->dst_type;
1232 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1233 mgmt_new_csrk(hdev, smp->csrk, persistent);
1236 if (smp->slave_csrk) {
1237 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1238 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1239 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1243 smp->ltk->bdaddr_type = hcon->dst_type;
1244 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1245 mgmt_new_ltk(hdev, smp->ltk, persistent);
1248 if (smp->slave_ltk) {
1249 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1250 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1251 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1255 int smp_distribute_keys(struct l2cap_conn *conn)
1257 struct smp_cmd_pairing *req, *rsp;
1258 struct smp_chan *smp = conn->smp_chan;
1259 struct hci_conn *hcon = conn->hcon;
1260 struct hci_dev *hdev = hcon->hdev;
1263 BT_DBG("conn %p", conn);
1265 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1268 rsp = (void *) &smp->prsp[1];
1270 /* The responder sends its keys first */
1271 if (hcon->out && (smp->remote_key_dist & 0x07))
1274 req = (void *) &smp->preq[1];
1277 keydist = &rsp->init_key_dist;
1278 *keydist &= req->init_key_dist;
1280 keydist = &rsp->resp_key_dist;
1281 *keydist &= req->resp_key_dist;
1284 BT_DBG("keydist 0x%x", *keydist);
1286 if (*keydist & SMP_DIST_ENC_KEY) {
1287 struct smp_cmd_encrypt_info enc;
1288 struct smp_cmd_master_ident ident;
1289 struct smp_ltk *ltk;
1294 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1295 get_random_bytes(&ediv, sizeof(ediv));
1296 get_random_bytes(&rand, sizeof(rand));
1298 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1300 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1301 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1302 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1303 smp->enc_key_size, ediv, rand);
1304 smp->slave_ltk = ltk;
1309 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1311 *keydist &= ~SMP_DIST_ENC_KEY;
1314 if (*keydist & SMP_DIST_ID_KEY) {
1315 struct smp_cmd_ident_addr_info addrinfo;
1316 struct smp_cmd_ident_info idinfo;
1318 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1320 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1322 /* The hci_conn contains the local identity address
1323 * after the connection has been established.
1325 * This is true even when the connection has been
1326 * established using a resolvable random address.
1328 bacpy(&addrinfo.bdaddr, &hcon->src);
1329 addrinfo.addr_type = hcon->src_type;
1331 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1334 *keydist &= ~SMP_DIST_ID_KEY;
1337 if (*keydist & SMP_DIST_SIGN) {
1338 struct smp_cmd_sign_info sign;
1339 struct smp_csrk *csrk;
1341 /* Generate a new random key */
1342 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1344 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1346 csrk->master = 0x00;
1347 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1349 smp->slave_csrk = csrk;
1351 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1353 *keydist &= ~SMP_DIST_SIGN;
1356 /* If there are still keys to be received wait for them */
1357 if ((smp->remote_key_dist & 0x07))
1360 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1361 cancel_delayed_work_sync(&conn->security_timer);
1362 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1363 smp_notify_keys(conn);
1365 smp_chan_destroy(conn);