2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(const u8 src[16], u8 dst[16])
41 for (i = 0; i < 16; i++)
45 static inline void swap56(const u8 src[7], u8 dst[7])
48 for (i = 0; i < 7; i++)
52 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
54 struct blkcipher_desc desc;
55 struct scatterlist sg;
56 uint8_t tmp[16], data[16];
60 BT_ERR("tfm %p", tfm);
67 /* The most significant octet of key corresponds to k[0] */
70 err = crypto_blkcipher_setkey(tfm, tmp, 16);
72 BT_ERR("cipher setkey failed: %d", err);
76 /* Most significant octet of plaintextData corresponds to data[0] */
79 sg_init_one(&sg, data, 16);
81 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
83 BT_ERR("Encrypt data error %d", err);
85 /* Most significant octet of encryptedData corresponds to data[0] */
91 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
96 /* r' = padding || r */
98 memset(_res + 3, 0, 13);
100 err = smp_e(tfm, irk, _res);
102 BT_ERR("Encrypt error");
106 /* The output of the random address function ah is:
107 * ah(h, r) = e(k, r') mod 2^24
108 * The output of the security function e is then truncated to 24 bits
109 * by taking the least significant 24 bits of the output of e as the
112 memcpy(res, _res, 3);
117 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
123 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
125 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
129 return !memcmp(bdaddr->b, hash, 3);
132 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
136 get_random_bytes(&rpa->b[3], 3);
138 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
139 rpa->b[5] |= 0x40; /* Set second most significant bit */
141 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
145 BT_DBG("RPA %pMR", rpa);
150 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
151 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
152 u8 _rat, bdaddr_t *ra, u8 res[16])
159 /* p1 = pres || preq || _rat || _iat */
162 memcpy(p1 + 2, preq, 7);
163 memcpy(p1 + 9, pres, 7);
165 /* p2 = padding || ia || ra */
167 memcpy(p2 + 6, ia, 6);
168 memset(p2 + 12, 0, 4);
171 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
173 /* res = e(k, res) */
174 err = smp_e(tfm, k, res);
176 BT_ERR("Encrypt data error");
180 /* res = res XOR p2 */
181 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
183 /* res = e(k, res) */
184 err = smp_e(tfm, k, res);
186 BT_ERR("Encrypt data error");
191 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
192 u8 r2[16], u8 _r[16])
196 /* Just least significant octets from r1 and r2 are considered */
198 memcpy(_r + 8, r1, 8);
200 err = smp_e(tfm, k, _r);
202 BT_ERR("Encrypt data error");
207 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
208 u16 dlen, void *data)
211 struct l2cap_hdr *lh;
214 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
219 skb = bt_skb_alloc(len, GFP_ATOMIC);
223 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
224 lh->len = cpu_to_le16(sizeof(code) + dlen);
225 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
227 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
229 memcpy(skb_put(skb, dlen), data, dlen);
234 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
236 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
238 BT_DBG("code 0x%2.2x", code);
243 skb->priority = HCI_PRIO_MAX;
244 hci_send_acl(conn->hchan, skb, 0);
246 cancel_delayed_work_sync(&conn->security_timer);
247 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
250 static __u8 authreq_to_seclevel(__u8 authreq)
252 if (authreq & SMP_AUTH_MITM)
253 return BT_SECURITY_HIGH;
255 return BT_SECURITY_MEDIUM;
258 static __u8 seclevel_to_authreq(__u8 sec_level)
261 case BT_SECURITY_HIGH:
262 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
263 case BT_SECURITY_MEDIUM:
264 return SMP_AUTH_BONDING;
266 return SMP_AUTH_NONE;
270 static void build_pairing_cmd(struct l2cap_conn *conn,
271 struct smp_cmd_pairing *req,
272 struct smp_cmd_pairing *rsp, __u8 authreq)
274 struct smp_chan *smp = conn->smp_chan;
275 struct hci_conn *hcon = conn->hcon;
276 struct hci_dev *hdev = hcon->hdev;
277 u8 local_dist = 0, remote_dist = 0;
279 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
280 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
281 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
282 authreq |= SMP_AUTH_BONDING;
284 authreq &= ~SMP_AUTH_BONDING;
287 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
288 remote_dist |= SMP_DIST_ID_KEY;
290 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
291 local_dist |= SMP_DIST_ID_KEY;
294 req->io_capability = conn->hcon->io_capability;
295 req->oob_flag = SMP_OOB_NOT_PRESENT;
296 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
297 req->init_key_dist = local_dist;
298 req->resp_key_dist = remote_dist;
299 req->auth_req = (authreq & AUTH_REQ_MASK);
301 smp->remote_key_dist = remote_dist;
305 rsp->io_capability = conn->hcon->io_capability;
306 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
307 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
308 rsp->init_key_dist = req->init_key_dist & remote_dist;
309 rsp->resp_key_dist = req->resp_key_dist & local_dist;
310 rsp->auth_req = (authreq & AUTH_REQ_MASK);
312 smp->remote_key_dist = rsp->init_key_dist;
315 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
317 struct smp_chan *smp = conn->smp_chan;
319 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
320 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
321 return SMP_ENC_KEY_SIZE;
323 smp->enc_key_size = max_key_size;
328 static void smp_failure(struct l2cap_conn *conn, u8 reason)
330 struct hci_conn *hcon = conn->hcon;
333 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
336 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
337 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
338 HCI_ERROR_AUTH_FAILURE);
340 cancel_delayed_work_sync(&conn->security_timer);
342 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
343 smp_chan_destroy(conn);
346 #define JUST_WORKS 0x00
347 #define JUST_CFM 0x01
348 #define REQ_PASSKEY 0x02
349 #define CFM_PASSKEY 0x03
353 static const u8 gen_method[5][5] = {
354 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
355 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
356 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
357 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
358 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
361 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
362 u8 local_io, u8 remote_io)
364 struct hci_conn *hcon = conn->hcon;
365 struct smp_chan *smp = conn->smp_chan;
370 /* Initialize key for JUST WORKS */
371 memset(smp->tk, 0, sizeof(smp->tk));
372 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
374 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
376 /* If neither side wants MITM, use JUST WORKS */
377 /* If either side has unknown io_caps, use JUST WORKS */
378 /* Otherwise, look up method from the table */
379 if (!(auth & SMP_AUTH_MITM) ||
380 local_io > SMP_IO_KEYBOARD_DISPLAY ||
381 remote_io > SMP_IO_KEYBOARD_DISPLAY)
384 method = gen_method[remote_io][local_io];
386 /* If not bonding, don't ask user to confirm a Zero TK */
387 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
390 /* Don't confirm locally initiated pairing attempts */
391 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
395 /* If Just Works, Continue with Zero TK */
396 if (method == JUST_WORKS) {
397 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
401 /* Not Just Works/Confirm results in MITM Authentication */
402 if (method != JUST_CFM)
403 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
405 /* If both devices have Keyoard-Display I/O, the master
406 * Confirms and the slave Enters the passkey.
408 if (method == OVERLAP) {
409 if (hcon->link_mode & HCI_LM_MASTER)
410 method = CFM_PASSKEY;
412 method = REQ_PASSKEY;
415 /* Generate random passkey. */
416 if (method == CFM_PASSKEY) {
417 memset(smp->tk, 0, sizeof(smp->tk));
418 get_random_bytes(&passkey, sizeof(passkey));
420 put_unaligned_le32(passkey, smp->tk);
421 BT_DBG("PassKey: %d", passkey);
422 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
425 hci_dev_lock(hcon->hdev);
427 if (method == REQ_PASSKEY)
428 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
429 hcon->type, hcon->dst_type);
430 else if (method == JUST_CFM)
431 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
432 hcon->type, hcon->dst_type,
435 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
436 hcon->type, hcon->dst_type,
439 hci_dev_unlock(hcon->hdev);
444 static void confirm_work(struct work_struct *work)
446 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
447 struct l2cap_conn *conn = smp->conn;
448 struct hci_dev *hdev = conn->hcon->hdev;
449 struct crypto_blkcipher *tfm = hdev->tfm_aes;
450 struct smp_cmd_pairing_confirm cp;
454 BT_DBG("conn %p", conn);
456 /* Prevent mutual access to hdev->tfm_aes */
459 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
460 conn->hcon->init_addr_type, &conn->hcon->init_addr,
461 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
464 hci_dev_unlock(hdev);
467 reason = SMP_UNSPECIFIED;
471 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
473 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
478 smp_failure(conn, reason);
481 static void random_work(struct work_struct *work)
483 struct smp_chan *smp = container_of(work, struct smp_chan, random);
484 struct l2cap_conn *conn = smp->conn;
485 struct hci_conn *hcon = conn->hcon;
486 struct hci_dev *hdev = hcon->hdev;
487 struct crypto_blkcipher *tfm = hdev->tfm_aes;
488 u8 reason, confirm[16];
491 if (IS_ERR_OR_NULL(tfm)) {
492 reason = SMP_UNSPECIFIED;
496 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
498 /* Prevent mutual access to hdev->tfm_aes */
501 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
502 hcon->init_addr_type, &hcon->init_addr,
503 hcon->resp_addr_type, &hcon->resp_addr, confirm);
505 hci_dev_unlock(hdev);
508 reason = SMP_UNSPECIFIED;
512 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
513 BT_ERR("Pairing failed (confirmation values mismatch)");
514 reason = SMP_CONFIRM_FAILED;
523 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
525 memset(stk + smp->enc_key_size, 0,
526 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
528 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
529 reason = SMP_UNSPECIFIED;
533 hci_le_start_enc(hcon, ediv, rand, stk);
534 hcon->enc_key_size = smp->enc_key_size;
540 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
543 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
545 memset(stk + smp->enc_key_size, 0,
546 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
548 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
549 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
556 smp_failure(conn, reason);
559 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
561 struct smp_chan *smp;
563 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
567 INIT_WORK(&smp->confirm, confirm_work);
568 INIT_WORK(&smp->random, random_work);
571 conn->smp_chan = smp;
572 conn->hcon->smp_conn = conn;
574 hci_conn_hold(conn->hcon);
579 void smp_chan_destroy(struct l2cap_conn *conn)
581 struct smp_chan *smp = conn->smp_chan;
586 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
587 mgmt_smp_complete(conn->hcon, complete);
590 kfree(smp->slave_csrk);
592 /* If pairing failed clean up any keys we might have */
595 list_del(&smp->ltk->list);
599 if (smp->slave_ltk) {
600 list_del(&smp->slave_ltk->list);
601 kfree(smp->slave_ltk);
604 if (smp->remote_irk) {
605 list_del(&smp->remote_irk->list);
606 kfree(smp->remote_irk);
611 conn->smp_chan = NULL;
612 conn->hcon->smp_conn = NULL;
613 hci_conn_drop(conn->hcon);
616 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
618 struct l2cap_conn *conn = hcon->smp_conn;
619 struct smp_chan *smp;
627 smp = conn->smp_chan;
630 case MGMT_OP_USER_PASSKEY_REPLY:
631 value = le32_to_cpu(passkey);
632 memset(smp->tk, 0, sizeof(smp->tk));
633 BT_DBG("PassKey: %d", value);
634 put_unaligned_le32(value, smp->tk);
636 case MGMT_OP_USER_CONFIRM_REPLY:
637 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
639 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
640 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
641 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
644 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
648 /* If it is our turn to send Pairing Confirm, do so now */
649 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
650 queue_work(hcon->hdev->workqueue, &smp->confirm);
655 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
657 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
658 struct smp_chan *smp;
660 u8 auth = SMP_AUTH_NONE;
663 BT_DBG("conn %p", conn);
665 if (skb->len < sizeof(*req))
666 return SMP_UNSPECIFIED;
668 if (conn->hcon->link_mode & HCI_LM_MASTER)
669 return SMP_CMD_NOTSUPP;
671 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
672 smp = smp_chan_create(conn);
674 smp = conn->smp_chan;
677 return SMP_UNSPECIFIED;
679 smp->preq[0] = SMP_CMD_PAIRING_REQ;
680 memcpy(&smp->preq[1], req, sizeof(*req));
681 skb_pull(skb, sizeof(*req));
683 /* We didn't start the pairing, so match remote */
684 if (req->auth_req & SMP_AUTH_BONDING)
685 auth = req->auth_req;
687 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
689 build_pairing_cmd(conn, req, &rsp, auth);
691 key_size = min(req->max_key_size, rsp.max_key_size);
692 if (check_enc_key_size(conn, key_size))
693 return SMP_ENC_KEY_SIZE;
695 get_random_bytes(smp->prnd, sizeof(smp->prnd));
697 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
698 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
700 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
702 /* Request setup of TK */
703 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
705 return SMP_UNSPECIFIED;
707 clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
712 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
714 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
715 struct smp_chan *smp = conn->smp_chan;
716 struct hci_dev *hdev = conn->hcon->hdev;
717 u8 key_size, auth = SMP_AUTH_NONE;
720 BT_DBG("conn %p", conn);
722 if (skb->len < sizeof(*rsp))
723 return SMP_UNSPECIFIED;
725 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
726 return SMP_CMD_NOTSUPP;
728 skb_pull(skb, sizeof(*rsp));
730 req = (void *) &smp->preq[1];
732 key_size = min(req->max_key_size, rsp->max_key_size);
733 if (check_enc_key_size(conn, key_size))
734 return SMP_ENC_KEY_SIZE;
736 get_random_bytes(smp->prnd, sizeof(smp->prnd));
738 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
739 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
741 /* Update remote key distribution in case the remote cleared
742 * some bits that we had enabled in our request.
744 smp->remote_key_dist &= rsp->resp_key_dist;
746 if ((req->auth_req & SMP_AUTH_BONDING) &&
747 (rsp->auth_req & SMP_AUTH_BONDING))
748 auth = SMP_AUTH_BONDING;
750 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
752 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
754 return SMP_UNSPECIFIED;
756 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
758 /* Can't compose response until we have been confirmed */
759 if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
760 queue_work(hdev->workqueue, &smp->confirm);
765 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
767 struct smp_chan *smp = conn->smp_chan;
768 struct hci_dev *hdev = conn->hcon->hdev;
770 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
772 if (skb->len < sizeof(smp->pcnf))
773 return SMP_UNSPECIFIED;
775 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
776 skb_pull(skb, sizeof(smp->pcnf));
779 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
781 else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
782 queue_work(hdev->workqueue, &smp->confirm);
784 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
789 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
791 struct smp_chan *smp = conn->smp_chan;
792 struct hci_dev *hdev = conn->hcon->hdev;
794 BT_DBG("conn %p", conn);
796 if (skb->len < sizeof(smp->rrnd))
797 return SMP_UNSPECIFIED;
799 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
800 skb_pull(skb, sizeof(smp->rrnd));
802 queue_work(hdev->workqueue, &smp->random);
807 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
810 struct hci_conn *hcon = conn->hcon;
812 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
817 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
820 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
823 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
824 hcon->enc_key_size = key->enc_size;
829 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
831 struct smp_cmd_security_req *rp = (void *) skb->data;
832 struct smp_cmd_pairing cp;
833 struct hci_conn *hcon = conn->hcon;
834 struct smp_chan *smp;
836 BT_DBG("conn %p", conn);
838 if (skb->len < sizeof(*rp))
839 return SMP_UNSPECIFIED;
841 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
842 return SMP_CMD_NOTSUPP;
844 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
846 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
849 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
852 smp = smp_chan_create(conn);
854 skb_pull(skb, sizeof(*rp));
856 memset(&cp, 0, sizeof(cp));
857 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
859 smp->preq[0] = SMP_CMD_PAIRING_REQ;
860 memcpy(&smp->preq[1], &cp, sizeof(cp));
862 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
864 clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
869 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
871 if (sec_level == BT_SECURITY_LOW)
874 if (hcon->sec_level >= sec_level)
880 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
882 struct l2cap_conn *conn = hcon->l2cap_data;
883 struct smp_chan *smp;
886 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
888 /* This may be NULL if there's an unexpected disconnection */
892 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
895 if (smp_sufficient_security(hcon, sec_level))
898 if (hcon->link_mode & HCI_LM_MASTER)
899 if (smp_ltk_encrypt(conn, sec_level))
902 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
905 smp = smp_chan_create(conn);
909 authreq = seclevel_to_authreq(sec_level);
911 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
912 * flag is set we should also set it for the SMP request.
914 if ((hcon->auth_type & 0x01))
915 authreq |= SMP_AUTH_MITM;
917 if (hcon->link_mode & HCI_LM_MASTER) {
918 struct smp_cmd_pairing cp;
920 build_pairing_cmd(conn, &cp, NULL, authreq);
921 smp->preq[0] = SMP_CMD_PAIRING_REQ;
922 memcpy(&smp->preq[1], &cp, sizeof(cp));
924 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
926 struct smp_cmd_security_req cp;
927 cp.auth_req = authreq;
928 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
931 set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
934 hcon->pending_sec_level = sec_level;
939 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
941 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
942 struct smp_chan *smp = conn->smp_chan;
944 BT_DBG("conn %p", conn);
946 if (skb->len < sizeof(*rp))
947 return SMP_UNSPECIFIED;
949 /* Ignore this PDU if it wasn't requested */
950 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
953 skb_pull(skb, sizeof(*rp));
955 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
960 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
962 struct smp_cmd_master_ident *rp = (void *) skb->data;
963 struct smp_chan *smp = conn->smp_chan;
964 struct hci_dev *hdev = conn->hcon->hdev;
965 struct hci_conn *hcon = conn->hcon;
969 BT_DBG("conn %p", conn);
971 if (skb->len < sizeof(*rp))
972 return SMP_UNSPECIFIED;
974 /* Ignore this PDU if it wasn't requested */
975 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
978 /* Mark the information as received */
979 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
981 skb_pull(skb, sizeof(*rp));
984 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
985 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
986 authenticated, smp->tk, smp->enc_key_size,
989 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
990 smp_distribute_keys(conn);
991 hci_dev_unlock(hdev);
996 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
998 struct smp_cmd_ident_info *info = (void *) skb->data;
999 struct smp_chan *smp = conn->smp_chan;
1003 if (skb->len < sizeof(*info))
1004 return SMP_UNSPECIFIED;
1006 /* Ignore this PDU if it wasn't requested */
1007 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1010 skb_pull(skb, sizeof(*info));
1012 memcpy(smp->irk, info->irk, 16);
1017 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1018 struct sk_buff *skb)
1020 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1021 struct smp_chan *smp = conn->smp_chan;
1022 struct hci_conn *hcon = conn->hcon;
1027 if (skb->len < sizeof(*info))
1028 return SMP_UNSPECIFIED;
1030 /* Ignore this PDU if it wasn't requested */
1031 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1034 /* Mark the information as received */
1035 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1037 skb_pull(skb, sizeof(*info));
1039 /* Strictly speaking the Core Specification (4.1) allows sending
1040 * an empty address which would force us to rely on just the IRK
1041 * as "identity information". However, since such
1042 * implementations are not known of and in order to not over
1043 * complicate our implementation, simply pretend that we never
1044 * received an IRK for such a device.
1046 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1047 BT_ERR("Ignoring IRK with no identity address");
1048 smp_distribute_keys(conn);
1052 bacpy(&smp->id_addr, &info->bdaddr);
1053 smp->id_addr_type = info->addr_type;
1055 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1056 bacpy(&rpa, &hcon->dst);
1058 bacpy(&rpa, BDADDR_ANY);
1060 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1061 smp->id_addr_type, smp->irk, &rpa);
1063 smp_distribute_keys(conn);
1068 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1070 struct smp_cmd_sign_info *rp = (void *) skb->data;
1071 struct smp_chan *smp = conn->smp_chan;
1072 struct hci_dev *hdev = conn->hcon->hdev;
1073 struct smp_csrk *csrk;
1075 BT_DBG("conn %p", conn);
1077 if (skb->len < sizeof(*rp))
1078 return SMP_UNSPECIFIED;
1080 /* Ignore this PDU if it wasn't requested */
1081 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1084 /* Mark the information as received */
1085 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1087 skb_pull(skb, sizeof(*rp));
1090 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1092 csrk->master = 0x01;
1093 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1096 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1097 smp_distribute_keys(conn);
1098 hci_dev_unlock(hdev);
1103 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1105 struct hci_conn *hcon = conn->hcon;
1109 if (hcon->type != LE_LINK) {
1119 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1121 reason = SMP_PAIRING_NOTSUPP;
1125 code = skb->data[0];
1126 skb_pull(skb, sizeof(code));
1129 * The SMP context must be initialized for all other PDUs except
1130 * pairing and security requests. If we get any other PDU when
1131 * not initialized simply disconnect (done if this function
1132 * returns an error).
1134 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1136 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1142 case SMP_CMD_PAIRING_REQ:
1143 reason = smp_cmd_pairing_req(conn, skb);
1146 case SMP_CMD_PAIRING_FAIL:
1147 smp_failure(conn, 0);
1152 case SMP_CMD_PAIRING_RSP:
1153 reason = smp_cmd_pairing_rsp(conn, skb);
1156 case SMP_CMD_SECURITY_REQ:
1157 reason = smp_cmd_security_req(conn, skb);
1160 case SMP_CMD_PAIRING_CONFIRM:
1161 reason = smp_cmd_pairing_confirm(conn, skb);
1164 case SMP_CMD_PAIRING_RANDOM:
1165 reason = smp_cmd_pairing_random(conn, skb);
1168 case SMP_CMD_ENCRYPT_INFO:
1169 reason = smp_cmd_encrypt_info(conn, skb);
1172 case SMP_CMD_MASTER_IDENT:
1173 reason = smp_cmd_master_ident(conn, skb);
1176 case SMP_CMD_IDENT_INFO:
1177 reason = smp_cmd_ident_info(conn, skb);
1180 case SMP_CMD_IDENT_ADDR_INFO:
1181 reason = smp_cmd_ident_addr_info(conn, skb);
1184 case SMP_CMD_SIGN_INFO:
1185 reason = smp_cmd_sign_info(conn, skb);
1189 BT_DBG("Unknown command code 0x%2.2x", code);
1191 reason = SMP_CMD_NOTSUPP;
1198 smp_failure(conn, reason);
1204 static void smp_notify_keys(struct l2cap_conn *conn)
1206 struct smp_chan *smp = conn->smp_chan;
1207 struct hci_conn *hcon = conn->hcon;
1208 struct hci_dev *hdev = hcon->hdev;
1209 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1210 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1213 if (smp->remote_irk) {
1214 mgmt_new_irk(hdev, smp->remote_irk);
1215 /* Now that user space can be considered to know the
1216 * identity address track the connection based on it
1219 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1220 hcon->dst_type = smp->remote_irk->addr_type;
1221 l2cap_conn_update_id_addr(hcon);
1224 /* The LTKs and CSRKs should be persistent only if both sides
1225 * had the bonding bit set in their authentication requests.
1227 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1230 smp->csrk->bdaddr_type = hcon->dst_type;
1231 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1232 mgmt_new_csrk(hdev, smp->csrk, persistent);
1235 if (smp->slave_csrk) {
1236 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1237 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1238 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1242 smp->ltk->bdaddr_type = hcon->dst_type;
1243 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1244 mgmt_new_ltk(hdev, smp->ltk, persistent);
1247 if (smp->slave_ltk) {
1248 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1249 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1250 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1254 int smp_distribute_keys(struct l2cap_conn *conn)
1256 struct smp_cmd_pairing *req, *rsp;
1257 struct smp_chan *smp = conn->smp_chan;
1258 struct hci_conn *hcon = conn->hcon;
1259 struct hci_dev *hdev = hcon->hdev;
1262 BT_DBG("conn %p", conn);
1264 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1267 rsp = (void *) &smp->prsp[1];
1269 /* The responder sends its keys first */
1270 if (hcon->out && (smp->remote_key_dist & 0x07))
1273 req = (void *) &smp->preq[1];
1276 keydist = &rsp->init_key_dist;
1277 *keydist &= req->init_key_dist;
1279 keydist = &rsp->resp_key_dist;
1280 *keydist &= req->resp_key_dist;
1283 BT_DBG("keydist 0x%x", *keydist);
1285 if (*keydist & SMP_DIST_ENC_KEY) {
1286 struct smp_cmd_encrypt_info enc;
1287 struct smp_cmd_master_ident ident;
1288 struct smp_ltk *ltk;
1293 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1294 get_random_bytes(&ediv, sizeof(ediv));
1295 get_random_bytes(&rand, sizeof(rand));
1297 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1299 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1300 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1301 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1302 smp->enc_key_size, ediv, rand);
1303 smp->slave_ltk = ltk;
1308 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1310 *keydist &= ~SMP_DIST_ENC_KEY;
1313 if (*keydist & SMP_DIST_ID_KEY) {
1314 struct smp_cmd_ident_addr_info addrinfo;
1315 struct smp_cmd_ident_info idinfo;
1317 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1319 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1321 /* The hci_conn contains the local identity address
1322 * after the connection has been established.
1324 * This is true even when the connection has been
1325 * established using a resolvable random address.
1327 bacpy(&addrinfo.bdaddr, &hcon->src);
1328 addrinfo.addr_type = hcon->src_type;
1330 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1333 *keydist &= ~SMP_DIST_ID_KEY;
1336 if (*keydist & SMP_DIST_SIGN) {
1337 struct smp_cmd_sign_info sign;
1338 struct smp_csrk *csrk;
1340 /* Generate a new random key */
1341 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1343 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1345 csrk->master = 0x00;
1346 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1348 smp->slave_csrk = csrk;
1350 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1352 *keydist &= ~SMP_DIST_SIGN;
1355 /* If there are still keys to be received wait for them */
1356 if ((smp->remote_key_dist & 0x07))
1359 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1360 cancel_delayed_work_sync(&conn->security_timer);
1361 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1362 smp_notify_keys(conn);
1364 smp_chan_destroy(conn);