2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
65 static inline void swap128(const u8 src[16], u8 dst[16])
68 for (i = 0; i < 16; i++)
72 static inline void swap56(const u8 src[7], u8 dst[7])
75 for (i = 0; i < 7; i++)
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
87 BT_ERR("tfm %p", tfm);
94 /* The most significant octet of key corresponds to k[0] */
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 BT_ERR("cipher setkey failed: %d", err);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg, data, 16);
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 BT_ERR("Encrypt data error %d", err);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 /* r' = padding || r */
125 memset(_res + 3, 0, 13);
127 err = smp_e(tfm, irk, _res);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res, _res, 3);
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
156 return !memcmp(bdaddr->b, hash, 3);
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
163 get_random_bytes(&rpa->b[3], 3);
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
172 BT_DBG("RPA %pMR", rpa);
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r + 8, r1, 8);
227 err = smp_e(tfm, k, _r);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
238 struct l2cap_hdr *lh;
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
256 memcpy(skb_put(skb, dlen), data, dlen);
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
265 BT_DBG("code 0x%2.2x", code);
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
277 static __u8 authreq_to_seclevel(__u8 authreq)
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
282 return BT_SECURITY_MEDIUM;
285 static __u8 seclevel_to_authreq(__u8 sec_level)
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
293 return SMP_AUTH_NONE;
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
311 authreq &= ~SMP_AUTH_BONDING;
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
328 smp->remote_key_dist = remote_dist;
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
339 smp->remote_key_dist = rsp->init_key_dist;
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
344 struct smp_chan *smp = conn->smp_chan;
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
350 smp->enc_key_size = max_key_size;
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
357 struct hci_conn *hcon = conn->hcon;
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
367 cancel_delayed_work_sync(&conn->security_timer);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
388 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 u8 local_io, u8 remote_io)
391 struct hci_conn *hcon = conn->hcon;
392 struct smp_chan *smp = conn->smp_chan;
397 /* Initialize key for JUST WORKS */
398 memset(smp->tk, 0, sizeof(smp->tk));
399 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth & SMP_AUTH_MITM) ||
407 local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 remote_io > SMP_IO_KEYBOARD_DISPLAY)
411 method = gen_method[remote_io][local_io];
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
417 /* Don't confirm locally initiated pairing attempts */
418 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
421 /* If Just Works, Continue with Zero TK */
422 if (method == JUST_WORKS) {
423 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method != JUST_CFM)
429 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
434 if (method == OVERLAP) {
435 if (hcon->link_mode & HCI_LM_MASTER)
436 method = CFM_PASSKEY;
438 method = REQ_PASSKEY;
441 /* Generate random passkey. */
442 if (method == CFM_PASSKEY) {
443 memset(smp->tk, 0, sizeof(smp->tk));
444 get_random_bytes(&passkey, sizeof(passkey));
446 put_unaligned_le32(passkey, smp->tk);
447 BT_DBG("PassKey: %d", passkey);
448 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
451 hci_dev_lock(hcon->hdev);
453 if (method == REQ_PASSKEY)
454 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 hcon->type, hcon->dst_type);
456 else if (method == JUST_CFM)
457 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 hcon->type, hcon->dst_type,
461 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type,
465 hci_dev_unlock(hcon->hdev);
470 static void smp_confirm(struct smp_chan *smp)
472 struct l2cap_conn *conn = smp->conn;
473 struct hci_dev *hdev = conn->hcon->hdev;
474 struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 struct smp_cmd_pairing_confirm cp;
479 BT_DBG("conn %p", conn);
481 /* Prevent mutual access to hdev->tfm_aes */
484 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
485 conn->hcon->init_addr_type, &conn->hcon->init_addr,
486 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
489 hci_dev_unlock(hdev);
492 reason = SMP_UNSPECIFIED;
496 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
498 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
503 smp_failure(conn, reason);
506 static void smp_random(struct smp_chan *smp)
508 struct l2cap_conn *conn = smp->conn;
509 struct hci_conn *hcon = conn->hcon;
510 struct hci_dev *hdev = hcon->hdev;
511 struct crypto_blkcipher *tfm = hdev->tfm_aes;
512 u8 reason, confirm[16];
515 if (IS_ERR_OR_NULL(tfm)) {
516 reason = SMP_UNSPECIFIED;
520 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
522 /* Prevent mutual access to hdev->tfm_aes */
525 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
526 hcon->init_addr_type, &hcon->init_addr,
527 hcon->resp_addr_type, &hcon->resp_addr, confirm);
529 hci_dev_unlock(hdev);
532 reason = SMP_UNSPECIFIED;
536 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
537 BT_ERR("Pairing failed (confirmation values mismatch)");
538 reason = SMP_CONFIRM_FAILED;
547 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
549 memset(stk + smp->enc_key_size, 0,
550 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
552 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
553 reason = SMP_UNSPECIFIED;
557 hci_le_start_enc(hcon, ediv, rand, stk);
558 hcon->enc_key_size = smp->enc_key_size;
564 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
567 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
569 memset(stk + smp->enc_key_size, 0,
570 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
572 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
573 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
580 smp_failure(conn, reason);
583 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
585 struct smp_chan *smp;
587 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
592 conn->smp_chan = smp;
593 conn->hcon->smp_conn = conn;
595 hci_conn_hold(conn->hcon);
600 void smp_chan_destroy(struct l2cap_conn *conn)
602 struct smp_chan *smp = conn->smp_chan;
607 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
608 mgmt_smp_complete(conn->hcon, complete);
611 kfree(smp->slave_csrk);
613 /* If pairing failed clean up any keys we might have */
616 list_del(&smp->ltk->list);
620 if (smp->slave_ltk) {
621 list_del(&smp->slave_ltk->list);
622 kfree(smp->slave_ltk);
625 if (smp->remote_irk) {
626 list_del(&smp->remote_irk->list);
627 kfree(smp->remote_irk);
632 conn->smp_chan = NULL;
633 conn->hcon->smp_conn = NULL;
634 hci_conn_drop(conn->hcon);
637 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
639 struct l2cap_conn *conn = hcon->smp_conn;
640 struct smp_chan *smp;
648 smp = conn->smp_chan;
651 case MGMT_OP_USER_PASSKEY_REPLY:
652 value = le32_to_cpu(passkey);
653 memset(smp->tk, 0, sizeof(smp->tk));
654 BT_DBG("PassKey: %d", value);
655 put_unaligned_le32(value, smp->tk);
657 case MGMT_OP_USER_CONFIRM_REPLY:
658 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
660 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
661 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
662 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
665 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
669 /* If it is our turn to send Pairing Confirm, do so now */
670 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
676 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
678 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
679 struct smp_chan *smp;
683 BT_DBG("conn %p", conn);
685 if (skb->len < sizeof(*req))
686 return SMP_INVALID_PARAMS;
688 if (conn->hcon->link_mode & HCI_LM_MASTER)
689 return SMP_CMD_NOTSUPP;
691 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
692 smp = smp_chan_create(conn);
694 smp = conn->smp_chan;
697 return SMP_UNSPECIFIED;
699 smp->preq[0] = SMP_CMD_PAIRING_REQ;
700 memcpy(&smp->preq[1], req, sizeof(*req));
701 skb_pull(skb, sizeof(*req));
703 /* We didn't start the pairing, so match remote */
704 auth = req->auth_req;
706 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
708 build_pairing_cmd(conn, req, &rsp, auth);
710 key_size = min(req->max_key_size, rsp.max_key_size);
711 if (check_enc_key_size(conn, key_size))
712 return SMP_ENC_KEY_SIZE;
714 get_random_bytes(smp->prnd, sizeof(smp->prnd));
716 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
717 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
719 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
721 /* Request setup of TK */
722 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
724 return SMP_UNSPECIFIED;
726 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
731 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
733 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
734 struct smp_chan *smp = conn->smp_chan;
735 u8 key_size, auth = SMP_AUTH_NONE;
738 BT_DBG("conn %p", conn);
740 if (skb->len < sizeof(*rsp))
741 return SMP_INVALID_PARAMS;
743 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
744 return SMP_CMD_NOTSUPP;
746 skb_pull(skb, sizeof(*rsp));
748 req = (void *) &smp->preq[1];
750 key_size = min(req->max_key_size, rsp->max_key_size);
751 if (check_enc_key_size(conn, key_size))
752 return SMP_ENC_KEY_SIZE;
754 get_random_bytes(smp->prnd, sizeof(smp->prnd));
756 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
757 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
759 /* Update remote key distribution in case the remote cleared
760 * some bits that we had enabled in our request.
762 smp->remote_key_dist &= rsp->resp_key_dist;
764 if ((req->auth_req & SMP_AUTH_BONDING) &&
765 (rsp->auth_req & SMP_AUTH_BONDING))
766 auth = SMP_AUTH_BONDING;
768 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
770 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
772 return SMP_UNSPECIFIED;
774 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
776 /* Can't compose response until we have been confirmed */
777 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
783 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
785 struct smp_chan *smp = conn->smp_chan;
787 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
789 if (skb->len < sizeof(smp->pcnf))
790 return SMP_INVALID_PARAMS;
792 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
793 skb_pull(skb, sizeof(smp->pcnf));
796 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
798 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
801 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
806 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
808 struct smp_chan *smp = conn->smp_chan;
810 BT_DBG("conn %p", conn);
812 if (skb->len < sizeof(smp->rrnd))
813 return SMP_INVALID_PARAMS;
815 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
816 skb_pull(skb, sizeof(smp->rrnd));
823 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
826 struct hci_conn *hcon = conn->hcon;
828 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
833 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
836 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
839 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
840 hcon->enc_key_size = key->enc_size;
845 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
847 struct smp_cmd_security_req *rp = (void *) skb->data;
848 struct smp_cmd_pairing cp;
849 struct hci_conn *hcon = conn->hcon;
850 struct smp_chan *smp;
852 BT_DBG("conn %p", conn);
854 if (skb->len < sizeof(*rp))
855 return SMP_INVALID_PARAMS;
857 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
858 return SMP_CMD_NOTSUPP;
860 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
862 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
865 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
868 smp = smp_chan_create(conn);
870 skb_pull(skb, sizeof(*rp));
872 memset(&cp, 0, sizeof(cp));
873 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
875 smp->preq[0] = SMP_CMD_PAIRING_REQ;
876 memcpy(&smp->preq[1], &cp, sizeof(cp));
878 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
880 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
885 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
887 if (sec_level == BT_SECURITY_LOW)
890 if (hcon->sec_level >= sec_level)
896 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
898 struct l2cap_conn *conn = hcon->l2cap_data;
899 struct smp_chan *smp;
902 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
904 /* This may be NULL if there's an unexpected disconnection */
908 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
911 if (smp_sufficient_security(hcon, sec_level))
914 if (hcon->link_mode & HCI_LM_MASTER)
915 if (smp_ltk_encrypt(conn, sec_level))
918 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
921 smp = smp_chan_create(conn);
925 authreq = seclevel_to_authreq(sec_level);
927 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
928 * flag is set we should also set it for the SMP request.
930 if ((hcon->auth_type & 0x01))
931 authreq |= SMP_AUTH_MITM;
933 if (hcon->link_mode & HCI_LM_MASTER) {
934 struct smp_cmd_pairing cp;
936 build_pairing_cmd(conn, &cp, NULL, authreq);
937 smp->preq[0] = SMP_CMD_PAIRING_REQ;
938 memcpy(&smp->preq[1], &cp, sizeof(cp));
940 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
942 struct smp_cmd_security_req cp;
943 cp.auth_req = authreq;
944 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
947 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
950 hcon->pending_sec_level = sec_level;
955 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
957 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
958 struct smp_chan *smp = conn->smp_chan;
960 BT_DBG("conn %p", conn);
962 if (skb->len < sizeof(*rp))
963 return SMP_INVALID_PARAMS;
965 /* Ignore this PDU if it wasn't requested */
966 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
969 skb_pull(skb, sizeof(*rp));
971 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
976 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
978 struct smp_cmd_master_ident *rp = (void *) skb->data;
979 struct smp_chan *smp = conn->smp_chan;
980 struct hci_dev *hdev = conn->hcon->hdev;
981 struct hci_conn *hcon = conn->hcon;
985 BT_DBG("conn %p", conn);
987 if (skb->len < sizeof(*rp))
988 return SMP_INVALID_PARAMS;
990 /* Ignore this PDU if it wasn't requested */
991 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
994 /* Mark the information as received */
995 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
997 skb_pull(skb, sizeof(*rp));
1000 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1001 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
1002 authenticated, smp->tk, smp->enc_key_size,
1003 rp->ediv, rp->rand);
1005 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1006 smp_distribute_keys(conn);
1007 hci_dev_unlock(hdev);
1012 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1014 struct smp_cmd_ident_info *info = (void *) skb->data;
1015 struct smp_chan *smp = conn->smp_chan;
1019 if (skb->len < sizeof(*info))
1020 return SMP_INVALID_PARAMS;
1022 /* Ignore this PDU if it wasn't requested */
1023 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1026 skb_pull(skb, sizeof(*info));
1028 memcpy(smp->irk, info->irk, 16);
1033 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1034 struct sk_buff *skb)
1036 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1037 struct smp_chan *smp = conn->smp_chan;
1038 struct hci_conn *hcon = conn->hcon;
1043 if (skb->len < sizeof(*info))
1044 return SMP_INVALID_PARAMS;
1046 /* Ignore this PDU if it wasn't requested */
1047 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1050 /* Mark the information as received */
1051 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1053 skb_pull(skb, sizeof(*info));
1055 /* Strictly speaking the Core Specification (4.1) allows sending
1056 * an empty address which would force us to rely on just the IRK
1057 * as "identity information". However, since such
1058 * implementations are not known of and in order to not over
1059 * complicate our implementation, simply pretend that we never
1060 * received an IRK for such a device.
1062 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1063 BT_ERR("Ignoring IRK with no identity address");
1064 smp_distribute_keys(conn);
1068 bacpy(&smp->id_addr, &info->bdaddr);
1069 smp->id_addr_type = info->addr_type;
1071 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1072 bacpy(&rpa, &hcon->dst);
1074 bacpy(&rpa, BDADDR_ANY);
1076 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1077 smp->id_addr_type, smp->irk, &rpa);
1079 smp_distribute_keys(conn);
1084 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1086 struct smp_cmd_sign_info *rp = (void *) skb->data;
1087 struct smp_chan *smp = conn->smp_chan;
1088 struct hci_dev *hdev = conn->hcon->hdev;
1089 struct smp_csrk *csrk;
1091 BT_DBG("conn %p", conn);
1093 if (skb->len < sizeof(*rp))
1094 return SMP_INVALID_PARAMS;
1096 /* Ignore this PDU if it wasn't requested */
1097 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1100 /* Mark the information as received */
1101 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1103 skb_pull(skb, sizeof(*rp));
1106 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1108 csrk->master = 0x01;
1109 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1112 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1113 smp_distribute_keys(conn);
1114 hci_dev_unlock(hdev);
1119 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1121 struct hci_conn *hcon = conn->hcon;
1125 if (hcon->type != LE_LINK) {
1135 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1137 reason = SMP_PAIRING_NOTSUPP;
1141 code = skb->data[0];
1142 skb_pull(skb, sizeof(code));
1145 * The SMP context must be initialized for all other PDUs except
1146 * pairing and security requests. If we get any other PDU when
1147 * not initialized simply disconnect (done if this function
1148 * returns an error).
1150 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1152 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1158 case SMP_CMD_PAIRING_REQ:
1159 reason = smp_cmd_pairing_req(conn, skb);
1162 case SMP_CMD_PAIRING_FAIL:
1163 smp_failure(conn, 0);
1168 case SMP_CMD_PAIRING_RSP:
1169 reason = smp_cmd_pairing_rsp(conn, skb);
1172 case SMP_CMD_SECURITY_REQ:
1173 reason = smp_cmd_security_req(conn, skb);
1176 case SMP_CMD_PAIRING_CONFIRM:
1177 reason = smp_cmd_pairing_confirm(conn, skb);
1180 case SMP_CMD_PAIRING_RANDOM:
1181 reason = smp_cmd_pairing_random(conn, skb);
1184 case SMP_CMD_ENCRYPT_INFO:
1185 reason = smp_cmd_encrypt_info(conn, skb);
1188 case SMP_CMD_MASTER_IDENT:
1189 reason = smp_cmd_master_ident(conn, skb);
1192 case SMP_CMD_IDENT_INFO:
1193 reason = smp_cmd_ident_info(conn, skb);
1196 case SMP_CMD_IDENT_ADDR_INFO:
1197 reason = smp_cmd_ident_addr_info(conn, skb);
1200 case SMP_CMD_SIGN_INFO:
1201 reason = smp_cmd_sign_info(conn, skb);
1205 BT_DBG("Unknown command code 0x%2.2x", code);
1207 reason = SMP_CMD_NOTSUPP;
1214 smp_failure(conn, reason);
1220 static void smp_notify_keys(struct l2cap_conn *conn)
1222 struct smp_chan *smp = conn->smp_chan;
1223 struct hci_conn *hcon = conn->hcon;
1224 struct hci_dev *hdev = hcon->hdev;
1225 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1226 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1229 if (smp->remote_irk) {
1230 mgmt_new_irk(hdev, smp->remote_irk);
1231 /* Now that user space can be considered to know the
1232 * identity address track the connection based on it
1235 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1236 hcon->dst_type = smp->remote_irk->addr_type;
1237 l2cap_conn_update_id_addr(hcon);
1240 /* The LTKs and CSRKs should be persistent only if both sides
1241 * had the bonding bit set in their authentication requests.
1243 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1246 smp->csrk->bdaddr_type = hcon->dst_type;
1247 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1248 mgmt_new_csrk(hdev, smp->csrk, persistent);
1251 if (smp->slave_csrk) {
1252 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1253 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1254 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1258 smp->ltk->bdaddr_type = hcon->dst_type;
1259 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1260 mgmt_new_ltk(hdev, smp->ltk, persistent);
1263 if (smp->slave_ltk) {
1264 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1265 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1266 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1270 int smp_distribute_keys(struct l2cap_conn *conn)
1272 struct smp_cmd_pairing *req, *rsp;
1273 struct smp_chan *smp = conn->smp_chan;
1274 struct hci_conn *hcon = conn->hcon;
1275 struct hci_dev *hdev = hcon->hdev;
1278 BT_DBG("conn %p", conn);
1280 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1283 rsp = (void *) &smp->prsp[1];
1285 /* The responder sends its keys first */
1286 if (hcon->out && (smp->remote_key_dist & 0x07))
1289 req = (void *) &smp->preq[1];
1292 keydist = &rsp->init_key_dist;
1293 *keydist &= req->init_key_dist;
1295 keydist = &rsp->resp_key_dist;
1296 *keydist &= req->resp_key_dist;
1299 BT_DBG("keydist 0x%x", *keydist);
1301 if (*keydist & SMP_DIST_ENC_KEY) {
1302 struct smp_cmd_encrypt_info enc;
1303 struct smp_cmd_master_ident ident;
1304 struct smp_ltk *ltk;
1309 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1310 get_random_bytes(&ediv, sizeof(ediv));
1311 get_random_bytes(&rand, sizeof(rand));
1313 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1315 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1316 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1317 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1318 smp->enc_key_size, ediv, rand);
1319 smp->slave_ltk = ltk;
1324 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1326 *keydist &= ~SMP_DIST_ENC_KEY;
1329 if (*keydist & SMP_DIST_ID_KEY) {
1330 struct smp_cmd_ident_addr_info addrinfo;
1331 struct smp_cmd_ident_info idinfo;
1333 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1335 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1337 /* The hci_conn contains the local identity address
1338 * after the connection has been established.
1340 * This is true even when the connection has been
1341 * established using a resolvable random address.
1343 bacpy(&addrinfo.bdaddr, &hcon->src);
1344 addrinfo.addr_type = hcon->src_type;
1346 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1349 *keydist &= ~SMP_DIST_ID_KEY;
1352 if (*keydist & SMP_DIST_SIGN) {
1353 struct smp_cmd_sign_info sign;
1354 struct smp_csrk *csrk;
1356 /* Generate a new random key */
1357 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1359 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1361 csrk->master = 0x00;
1362 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1364 smp->slave_csrk = csrk;
1366 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1368 *keydist &= ~SMP_DIST_SIGN;
1371 /* If there are still keys to be received wait for them */
1372 if ((smp->remote_key_dist & 0x07))
1375 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1376 cancel_delayed_work_sync(&conn->security_timer);
1377 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1378 smp_notify_keys(conn);
1380 smp_chan_destroy(conn);