2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
65 static inline void swap128(const u8 src[16], u8 dst[16])
68 for (i = 0; i < 16; i++)
72 static inline void swap56(const u8 src[7], u8 dst[7])
75 for (i = 0; i < 7; i++)
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
87 BT_ERR("tfm %p", tfm);
94 /* The most significant octet of key corresponds to k[0] */
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 BT_ERR("cipher setkey failed: %d", err);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg, data, 16);
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 BT_ERR("Encrypt data error %d", err);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 /* r' = padding || r */
125 memset(_res + 3, 0, 13);
127 err = smp_e(tfm, irk, _res);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res, _res, 3);
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
156 return !memcmp(bdaddr->b, hash, 3);
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
163 get_random_bytes(&rpa->b[3], 3);
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
172 BT_DBG("RPA %pMR", rpa);
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r + 8, r1, 8);
227 err = smp_e(tfm, k, _r);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
238 struct l2cap_hdr *lh;
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
256 memcpy(skb_put(skb, dlen), data, dlen);
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
265 BT_DBG("code 0x%2.2x", code);
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
277 static __u8 authreq_to_seclevel(__u8 authreq)
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
282 return BT_SECURITY_MEDIUM;
285 static __u8 seclevel_to_authreq(__u8 sec_level)
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
293 return SMP_AUTH_NONE;
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
311 authreq &= ~SMP_AUTH_BONDING;
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
328 smp->remote_key_dist = remote_dist;
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
339 smp->remote_key_dist = rsp->init_key_dist;
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
344 struct smp_chan *smp = conn->smp_chan;
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
350 smp->enc_key_size = max_key_size;
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
357 struct hci_conn *hcon = conn->hcon;
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
367 cancel_delayed_work_sync(&conn->security_timer);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
388 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 u8 local_io, u8 remote_io)
391 struct hci_conn *hcon = conn->hcon;
392 struct smp_chan *smp = conn->smp_chan;
397 /* Initialize key for JUST WORKS */
398 memset(smp->tk, 0, sizeof(smp->tk));
399 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth & SMP_AUTH_MITM) ||
407 local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 remote_io > SMP_IO_KEYBOARD_DISPLAY)
411 method = gen_method[remote_io][local_io];
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
417 /* Don't confirm locally initiated pairing attempts */
418 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
421 /* If Just Works, Continue with Zero TK */
422 if (method == JUST_WORKS) {
423 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method != JUST_CFM)
429 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
434 if (method == OVERLAP) {
435 if (hcon->link_mode & HCI_LM_MASTER)
436 method = CFM_PASSKEY;
438 method = REQ_PASSKEY;
441 /* Generate random passkey. */
442 if (method == CFM_PASSKEY) {
443 memset(smp->tk, 0, sizeof(smp->tk));
444 get_random_bytes(&passkey, sizeof(passkey));
446 put_unaligned_le32(passkey, smp->tk);
447 BT_DBG("PassKey: %d", passkey);
448 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
451 hci_dev_lock(hcon->hdev);
453 if (method == REQ_PASSKEY)
454 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 hcon->type, hcon->dst_type);
456 else if (method == JUST_CFM)
457 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 hcon->type, hcon->dst_type,
461 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type,
465 hci_dev_unlock(hcon->hdev);
470 static u8 smp_confirm(struct smp_chan *smp)
472 struct l2cap_conn *conn = smp->conn;
473 struct hci_dev *hdev = conn->hcon->hdev;
474 struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 struct smp_cmd_pairing_confirm cp;
478 BT_DBG("conn %p", conn);
480 /* Prevent mutual access to hdev->tfm_aes */
483 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
484 conn->hcon->init_addr_type, &conn->hcon->init_addr,
485 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
488 hci_dev_unlock(hdev);
491 return SMP_UNSPECIFIED;
493 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
495 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
500 static u8 smp_random(struct smp_chan *smp)
502 struct l2cap_conn *conn = smp->conn;
503 struct hci_conn *hcon = conn->hcon;
504 struct hci_dev *hdev = hcon->hdev;
505 struct crypto_blkcipher *tfm = hdev->tfm_aes;
509 if (IS_ERR_OR_NULL(tfm))
510 return SMP_UNSPECIFIED;
512 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
514 /* Prevent mutual access to hdev->tfm_aes */
517 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
518 hcon->init_addr_type, &hcon->init_addr,
519 hcon->resp_addr_type, &hcon->resp_addr, confirm);
521 hci_dev_unlock(hdev);
524 return SMP_UNSPECIFIED;
526 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
527 BT_ERR("Pairing failed (confirmation values mismatch)");
528 return SMP_CONFIRM_FAILED;
536 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
538 memset(stk + smp->enc_key_size, 0,
539 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
541 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
542 return SMP_UNSPECIFIED;
544 hci_le_start_enc(hcon, ediv, rand, stk);
545 hcon->enc_key_size = smp->enc_key_size;
551 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
554 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
556 memset(stk + smp->enc_key_size, 0,
557 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
559 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
564 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
565 HCI_SMP_STK_SLAVE, auth, stk, smp->enc_key_size,
572 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
574 struct smp_chan *smp;
576 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
581 conn->smp_chan = smp;
582 conn->hcon->smp_conn = conn;
584 hci_conn_hold(conn->hcon);
589 void smp_chan_destroy(struct l2cap_conn *conn)
591 struct smp_chan *smp = conn->smp_chan;
596 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
597 mgmt_smp_complete(conn->hcon, complete);
600 kfree(smp->slave_csrk);
602 /* If pairing failed clean up any keys we might have */
605 list_del(&smp->ltk->list);
609 if (smp->slave_ltk) {
610 list_del(&smp->slave_ltk->list);
611 kfree(smp->slave_ltk);
614 if (smp->remote_irk) {
615 list_del(&smp->remote_irk->list);
616 kfree(smp->remote_irk);
621 conn->smp_chan = NULL;
622 conn->hcon->smp_conn = NULL;
623 hci_conn_drop(conn->hcon);
626 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
628 struct l2cap_conn *conn = hcon->smp_conn;
629 struct smp_chan *smp;
637 smp = conn->smp_chan;
640 case MGMT_OP_USER_PASSKEY_REPLY:
641 value = le32_to_cpu(passkey);
642 memset(smp->tk, 0, sizeof(smp->tk));
643 BT_DBG("PassKey: %d", value);
644 put_unaligned_le32(value, smp->tk);
646 case MGMT_OP_USER_CONFIRM_REPLY:
647 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
649 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
651 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
654 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
658 /* If it is our turn to send Pairing Confirm, do so now */
659 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
660 u8 rsp = smp_confirm(smp);
662 smp_failure(conn, rsp);
668 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
670 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
671 struct smp_chan *smp;
675 BT_DBG("conn %p", conn);
677 if (skb->len < sizeof(*req))
678 return SMP_INVALID_PARAMS;
680 if (conn->hcon->link_mode & HCI_LM_MASTER)
681 return SMP_CMD_NOTSUPP;
683 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
684 smp = smp_chan_create(conn);
686 smp = conn->smp_chan;
689 return SMP_UNSPECIFIED;
691 smp->preq[0] = SMP_CMD_PAIRING_REQ;
692 memcpy(&smp->preq[1], req, sizeof(*req));
693 skb_pull(skb, sizeof(*req));
695 /* We didn't start the pairing, so match remote */
696 auth = req->auth_req;
698 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
700 build_pairing_cmd(conn, req, &rsp, auth);
702 key_size = min(req->max_key_size, rsp.max_key_size);
703 if (check_enc_key_size(conn, key_size))
704 return SMP_ENC_KEY_SIZE;
706 get_random_bytes(smp->prnd, sizeof(smp->prnd));
708 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
709 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
711 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
713 /* Request setup of TK */
714 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
716 return SMP_UNSPECIFIED;
718 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
723 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
725 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
726 struct smp_chan *smp = conn->smp_chan;
727 u8 key_size, auth = SMP_AUTH_NONE;
730 BT_DBG("conn %p", conn);
732 if (skb->len < sizeof(*rsp))
733 return SMP_INVALID_PARAMS;
735 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
736 return SMP_CMD_NOTSUPP;
738 skb_pull(skb, sizeof(*rsp));
740 req = (void *) &smp->preq[1];
742 key_size = min(req->max_key_size, rsp->max_key_size);
743 if (check_enc_key_size(conn, key_size))
744 return SMP_ENC_KEY_SIZE;
746 get_random_bytes(smp->prnd, sizeof(smp->prnd));
748 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
749 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
751 /* Update remote key distribution in case the remote cleared
752 * some bits that we had enabled in our request.
754 smp->remote_key_dist &= rsp->resp_key_dist;
756 if ((req->auth_req & SMP_AUTH_BONDING) &&
757 (rsp->auth_req & SMP_AUTH_BONDING))
758 auth = SMP_AUTH_BONDING;
760 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
762 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
764 return SMP_UNSPECIFIED;
766 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
768 /* Can't compose response until we have been confirmed */
769 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
770 return smp_confirm(smp);
775 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
777 struct smp_chan *smp = conn->smp_chan;
779 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
781 if (skb->len < sizeof(smp->pcnf))
782 return SMP_INVALID_PARAMS;
784 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
785 skb_pull(skb, sizeof(smp->pcnf));
788 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
790 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
791 return smp_confirm(smp);
793 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
798 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
800 struct smp_chan *smp = conn->smp_chan;
802 BT_DBG("conn %p", conn);
804 if (skb->len < sizeof(smp->rrnd))
805 return SMP_INVALID_PARAMS;
807 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
808 skb_pull(skb, sizeof(smp->rrnd));
810 return smp_random(smp);
813 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
816 struct hci_conn *hcon = conn->hcon;
818 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
823 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
826 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
829 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
830 hcon->enc_key_size = key->enc_size;
835 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
837 struct smp_cmd_security_req *rp = (void *) skb->data;
838 struct smp_cmd_pairing cp;
839 struct hci_conn *hcon = conn->hcon;
840 struct smp_chan *smp;
842 BT_DBG("conn %p", conn);
844 if (skb->len < sizeof(*rp))
845 return SMP_INVALID_PARAMS;
847 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
848 return SMP_CMD_NOTSUPP;
850 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
852 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
855 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
858 smp = smp_chan_create(conn);
860 skb_pull(skb, sizeof(*rp));
862 memset(&cp, 0, sizeof(cp));
863 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
865 smp->preq[0] = SMP_CMD_PAIRING_REQ;
866 memcpy(&smp->preq[1], &cp, sizeof(cp));
868 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
870 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
875 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
877 if (sec_level == BT_SECURITY_LOW)
880 if (hcon->sec_level >= sec_level)
886 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
888 struct l2cap_conn *conn = hcon->l2cap_data;
889 struct smp_chan *smp;
892 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
894 /* This may be NULL if there's an unexpected disconnection */
898 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
901 if (smp_sufficient_security(hcon, sec_level))
904 if (hcon->link_mode & HCI_LM_MASTER)
905 if (smp_ltk_encrypt(conn, sec_level))
908 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
911 smp = smp_chan_create(conn);
915 authreq = seclevel_to_authreq(sec_level);
917 /* Require MITM if IO Capability allows or the security level
920 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
921 sec_level > BT_SECURITY_MEDIUM)
922 authreq |= SMP_AUTH_MITM;
924 if (hcon->link_mode & HCI_LM_MASTER) {
925 struct smp_cmd_pairing cp;
927 build_pairing_cmd(conn, &cp, NULL, authreq);
928 smp->preq[0] = SMP_CMD_PAIRING_REQ;
929 memcpy(&smp->preq[1], &cp, sizeof(cp));
931 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
933 struct smp_cmd_security_req cp;
934 cp.auth_req = authreq;
935 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
938 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
941 hcon->pending_sec_level = sec_level;
946 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
948 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
949 struct smp_chan *smp = conn->smp_chan;
951 BT_DBG("conn %p", conn);
953 if (skb->len < sizeof(*rp))
954 return SMP_INVALID_PARAMS;
956 /* Ignore this PDU if it wasn't requested */
957 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
960 skb_pull(skb, sizeof(*rp));
962 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
967 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
969 struct smp_cmd_master_ident *rp = (void *) skb->data;
970 struct smp_chan *smp = conn->smp_chan;
971 struct hci_dev *hdev = conn->hcon->hdev;
972 struct hci_conn *hcon = conn->hcon;
976 BT_DBG("conn %p", conn);
978 if (skb->len < sizeof(*rp))
979 return SMP_INVALID_PARAMS;
981 /* Ignore this PDU if it wasn't requested */
982 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
985 /* Mark the information as received */
986 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
988 skb_pull(skb, sizeof(*rp));
991 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
992 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
993 authenticated, smp->tk, smp->enc_key_size,
996 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
997 smp_distribute_keys(conn);
998 hci_dev_unlock(hdev);
1003 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1005 struct smp_cmd_ident_info *info = (void *) skb->data;
1006 struct smp_chan *smp = conn->smp_chan;
1010 if (skb->len < sizeof(*info))
1011 return SMP_INVALID_PARAMS;
1013 /* Ignore this PDU if it wasn't requested */
1014 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1017 skb_pull(skb, sizeof(*info));
1019 memcpy(smp->irk, info->irk, 16);
1024 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1025 struct sk_buff *skb)
1027 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1028 struct smp_chan *smp = conn->smp_chan;
1029 struct hci_conn *hcon = conn->hcon;
1034 if (skb->len < sizeof(*info))
1035 return SMP_INVALID_PARAMS;
1037 /* Ignore this PDU if it wasn't requested */
1038 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1041 /* Mark the information as received */
1042 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1044 skb_pull(skb, sizeof(*info));
1046 /* Strictly speaking the Core Specification (4.1) allows sending
1047 * an empty address which would force us to rely on just the IRK
1048 * as "identity information". However, since such
1049 * implementations are not known of and in order to not over
1050 * complicate our implementation, simply pretend that we never
1051 * received an IRK for such a device.
1053 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1054 BT_ERR("Ignoring IRK with no identity address");
1055 smp_distribute_keys(conn);
1059 bacpy(&smp->id_addr, &info->bdaddr);
1060 smp->id_addr_type = info->addr_type;
1062 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1063 bacpy(&rpa, &hcon->dst);
1065 bacpy(&rpa, BDADDR_ANY);
1067 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1068 smp->id_addr_type, smp->irk, &rpa);
1070 smp_distribute_keys(conn);
1075 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1077 struct smp_cmd_sign_info *rp = (void *) skb->data;
1078 struct smp_chan *smp = conn->smp_chan;
1079 struct hci_dev *hdev = conn->hcon->hdev;
1080 struct smp_csrk *csrk;
1082 BT_DBG("conn %p", conn);
1084 if (skb->len < sizeof(*rp))
1085 return SMP_INVALID_PARAMS;
1087 /* Ignore this PDU if it wasn't requested */
1088 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1091 /* Mark the information as received */
1092 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1094 skb_pull(skb, sizeof(*rp));
1097 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1099 csrk->master = 0x01;
1100 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1103 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1104 smp_distribute_keys(conn);
1105 hci_dev_unlock(hdev);
1110 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1112 struct hci_conn *hcon = conn->hcon;
1116 if (hcon->type != LE_LINK) {
1126 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1128 reason = SMP_PAIRING_NOTSUPP;
1132 code = skb->data[0];
1133 skb_pull(skb, sizeof(code));
1136 * The SMP context must be initialized for all other PDUs except
1137 * pairing and security requests. If we get any other PDU when
1138 * not initialized simply disconnect (done if this function
1139 * returns an error).
1141 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1143 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1149 case SMP_CMD_PAIRING_REQ:
1150 reason = smp_cmd_pairing_req(conn, skb);
1153 case SMP_CMD_PAIRING_FAIL:
1154 smp_failure(conn, 0);
1159 case SMP_CMD_PAIRING_RSP:
1160 reason = smp_cmd_pairing_rsp(conn, skb);
1163 case SMP_CMD_SECURITY_REQ:
1164 reason = smp_cmd_security_req(conn, skb);
1167 case SMP_CMD_PAIRING_CONFIRM:
1168 reason = smp_cmd_pairing_confirm(conn, skb);
1171 case SMP_CMD_PAIRING_RANDOM:
1172 reason = smp_cmd_pairing_random(conn, skb);
1175 case SMP_CMD_ENCRYPT_INFO:
1176 reason = smp_cmd_encrypt_info(conn, skb);
1179 case SMP_CMD_MASTER_IDENT:
1180 reason = smp_cmd_master_ident(conn, skb);
1183 case SMP_CMD_IDENT_INFO:
1184 reason = smp_cmd_ident_info(conn, skb);
1187 case SMP_CMD_IDENT_ADDR_INFO:
1188 reason = smp_cmd_ident_addr_info(conn, skb);
1191 case SMP_CMD_SIGN_INFO:
1192 reason = smp_cmd_sign_info(conn, skb);
1196 BT_DBG("Unknown command code 0x%2.2x", code);
1198 reason = SMP_CMD_NOTSUPP;
1205 smp_failure(conn, reason);
1211 static void smp_notify_keys(struct l2cap_conn *conn)
1213 struct smp_chan *smp = conn->smp_chan;
1214 struct hci_conn *hcon = conn->hcon;
1215 struct hci_dev *hdev = hcon->hdev;
1216 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1217 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1220 if (smp->remote_irk) {
1221 mgmt_new_irk(hdev, smp->remote_irk);
1222 /* Now that user space can be considered to know the
1223 * identity address track the connection based on it
1226 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1227 hcon->dst_type = smp->remote_irk->addr_type;
1228 l2cap_conn_update_id_addr(hcon);
1231 /* The LTKs and CSRKs should be persistent only if both sides
1232 * had the bonding bit set in their authentication requests.
1234 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1237 smp->csrk->bdaddr_type = hcon->dst_type;
1238 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1239 mgmt_new_csrk(hdev, smp->csrk, persistent);
1242 if (smp->slave_csrk) {
1243 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1244 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1245 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1249 smp->ltk->bdaddr_type = hcon->dst_type;
1250 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1251 mgmt_new_ltk(hdev, smp->ltk, persistent);
1254 if (smp->slave_ltk) {
1255 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1256 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1257 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1261 int smp_distribute_keys(struct l2cap_conn *conn)
1263 struct smp_cmd_pairing *req, *rsp;
1264 struct smp_chan *smp = conn->smp_chan;
1265 struct hci_conn *hcon = conn->hcon;
1266 struct hci_dev *hdev = hcon->hdev;
1269 BT_DBG("conn %p", conn);
1271 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1274 rsp = (void *) &smp->prsp[1];
1276 /* The responder sends its keys first */
1277 if (hcon->out && (smp->remote_key_dist & 0x07))
1280 req = (void *) &smp->preq[1];
1283 keydist = &rsp->init_key_dist;
1284 *keydist &= req->init_key_dist;
1286 keydist = &rsp->resp_key_dist;
1287 *keydist &= req->resp_key_dist;
1290 BT_DBG("keydist 0x%x", *keydist);
1292 if (*keydist & SMP_DIST_ENC_KEY) {
1293 struct smp_cmd_encrypt_info enc;
1294 struct smp_cmd_master_ident ident;
1295 struct smp_ltk *ltk;
1300 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1301 get_random_bytes(&ediv, sizeof(ediv));
1302 get_random_bytes(&rand, sizeof(rand));
1304 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1306 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1307 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1308 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1309 smp->enc_key_size, ediv, rand);
1310 smp->slave_ltk = ltk;
1315 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1317 *keydist &= ~SMP_DIST_ENC_KEY;
1320 if (*keydist & SMP_DIST_ID_KEY) {
1321 struct smp_cmd_ident_addr_info addrinfo;
1322 struct smp_cmd_ident_info idinfo;
1324 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1326 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1328 /* The hci_conn contains the local identity address
1329 * after the connection has been established.
1331 * This is true even when the connection has been
1332 * established using a resolvable random address.
1334 bacpy(&addrinfo.bdaddr, &hcon->src);
1335 addrinfo.addr_type = hcon->src_type;
1337 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1340 *keydist &= ~SMP_DIST_ID_KEY;
1343 if (*keydist & SMP_DIST_SIGN) {
1344 struct smp_cmd_sign_info sign;
1345 struct smp_csrk *csrk;
1347 /* Generate a new random key */
1348 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1350 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1352 csrk->master = 0x00;
1353 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1355 smp->slave_csrk = csrk;
1357 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1359 *keydist &= ~SMP_DIST_SIGN;
1362 /* If there are still keys to be received wait for them */
1363 if ((smp->remote_key_dist & 0x07))
1366 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1367 cancel_delayed_work_sync(&conn->security_timer);
1368 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1369 smp_notify_keys(conn);
1371 smp_chan_destroy(conn);