projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix mgmt pairing failure when authentication fails
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 #define SMP_DISALLOW_CMD(smp, code) clear_bit(code, &smp->allow_cmd)
36
37 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38
39 #define AUTH_REQ_MASK 0x07
40 #define KEY_DIST_MASK 0x07
41
42 enum {
43 SMP_FLAG_TK_VALID,
44 SMP_FLAG_CFM_PENDING,
45 SMP_FLAG_MITM_AUTH,
46 SMP_FLAG_COMPLETE,
47 SMP_FLAG_INITIATOR,
48 };
49
50 struct smp_chan {
51 struct l2cap_conn *conn;
52 struct delayed_work security_timer;
53 unsigned long allow_cmd; /* Bitmask of allowed commands */
54
55 u8 preq[7]; /* SMP Pairing Request */
56 u8 prsp[7]; /* SMP Pairing Response */
57 u8 prnd[16]; /* SMP Pairing Random (local) */
58 u8 rrnd[16]; /* SMP Pairing Random (remote) */
59 u8 pcnf[16]; /* SMP Pairing Confirm */
60 u8 tk[16]; /* SMP Temporary Key */
61 u8 enc_key_size;
62 u8 remote_key_dist;
63 bdaddr_t id_addr;
64 u8 id_addr_type;
65 u8 irk[16];
66 struct smp_csrk *csrk;
67 struct smp_csrk *slave_csrk;
68 struct smp_ltk *ltk;
69 struct smp_ltk *slave_ltk;
70 struct smp_irk *remote_irk;
71 unsigned long flags;
72
73 struct crypto_blkcipher *tfm_aes;
74 };
75
76 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
77 {
78 size_t i;
79
80 for (i = 0; i < len; i++)
81 dst[len - 1 - i] = src[i];
82 }
83
84 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
85 {
86 struct blkcipher_desc desc;
87 struct scatterlist sg;
88 uint8_t tmp[16], data[16];
89 int err;
90
91 if (tfm == NULL) {
92 BT_ERR("tfm %p", tfm);
93 return -EINVAL;
94 }
95
96 desc.tfm = tfm;
97 desc.flags = 0;
98
99 /* The most significant octet of key corresponds to k[0] */
100 swap_buf(k, tmp, 16);
101
102 err = crypto_blkcipher_setkey(tfm, tmp, 16);
103 if (err) {
104 BT_ERR("cipher setkey failed: %d", err);
105 return err;
106 }
107
108 /* Most significant octet of plaintextData corresponds to data[0] */
109 swap_buf(r, data, 16);
110
111 sg_init_one(&sg, data, 16);
112
113 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
114 if (err)
115 BT_ERR("Encrypt data error %d", err);
116
117 /* Most significant octet of encryptedData corresponds to data[0] */
118 swap_buf(data, r, 16);
119
120 return err;
121 }
122
123 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
124 {
125 u8 _res[16];
126 int err;
127
128 /* r' = padding || r */
129 memcpy(_res, r, 3);
130 memset(_res + 3, 0, 13);
131
132 err = smp_e(tfm, irk, _res);
133 if (err) {
134 BT_ERR("Encrypt error");
135 return err;
136 }
137
138 /* The output of the random address function ah is:
139 * ah(h, r) = e(k, r') mod 2^24
140 * The output of the security function e is then truncated to 24 bits
141 * by taking the least significant 24 bits of the output of e as the
142 * result of ah.
143 */
144 memcpy(res, _res, 3);
145
146 return 0;
147 }
148
149 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
150 {
151 struct l2cap_chan *chan = hdev->smp_data;
152 struct crypto_blkcipher *tfm;
153 u8 hash[3];
154 int err;
155
156 if (!chan || !chan->data)
157 return false;
158
159 tfm = chan->data;
160
161 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
162
163 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
164 if (err)
165 return false;
166
167 return !memcmp(bdaddr->b, hash, 3);
168 }
169
170 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
171 {
172 struct l2cap_chan *chan = hdev->smp_data;
173 struct crypto_blkcipher *tfm;
174 int err;
175
176 if (!chan || !chan->data)
177 return -EOPNOTSUPP;
178
179 tfm = chan->data;
180
181 get_random_bytes(&rpa->b[3], 3);
182
183 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
184 rpa->b[5] |= 0x40; /* Set second most significant bit */
185
186 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
187 if (err < 0)
188 return err;
189
190 BT_DBG("RPA %pMR", rpa);
191
192 return 0;
193 }
194
195 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
196 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
197 u8 res[16])
198 {
199 struct hci_dev *hdev = smp->conn->hcon->hdev;
200 u8 p1[16], p2[16];
201 int err;
202
203 BT_DBG("%s", hdev->name);
204
205 memset(p1, 0, 16);
206
207 /* p1 = pres || preq || _rat || _iat */
208 p1[0] = _iat;
209 p1[1] = _rat;
210 memcpy(p1 + 2, preq, 7);
211 memcpy(p1 + 9, pres, 7);
212
213 /* p2 = padding || ia || ra */
214 memcpy(p2, ra, 6);
215 memcpy(p2 + 6, ia, 6);
216 memset(p2 + 12, 0, 4);
217
218 /* res = r XOR p1 */
219 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
220
221 /* res = e(k, res) */
222 err = smp_e(smp->tfm_aes, k, res);
223 if (err) {
224 BT_ERR("Encrypt data error");
225 return err;
226 }
227
228 /* res = res XOR p2 */
229 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
230
231 /* res = e(k, res) */
232 err = smp_e(smp->tfm_aes, k, res);
233 if (err)
234 BT_ERR("Encrypt data error");
235
236 return err;
237 }
238
239 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
240 u8 _r[16])
241 {
242 struct hci_dev *hdev = smp->conn->hcon->hdev;
243 int err;
244
245 BT_DBG("%s", hdev->name);
246
247 /* Just least significant octets from r1 and r2 are considered */
248 memcpy(_r, r2, 8);
249 memcpy(_r + 8, r1, 8);
250
251 err = smp_e(smp->tfm_aes, k, _r);
252 if (err)
253 BT_ERR("Encrypt data error");
254
255 return err;
256 }
257
258 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
259 {
260 struct l2cap_chan *chan = conn->smp;
261 struct smp_chan *smp;
262 struct kvec iv[2];
263 struct msghdr msg;
264
265 if (!chan)
266 return;
267
268 BT_DBG("code 0x%2.2x", code);
269
270 iv[0].iov_base = &code;
271 iv[0].iov_len = 1;
272
273 iv[1].iov_base = data;
274 iv[1].iov_len = len;
275
276 memset(&msg, 0, sizeof(msg));
277
278 msg.msg_iov = (struct iovec *) &iv;
279 msg.msg_iovlen = 2;
280
281 l2cap_chan_send(chan, &msg, 1 + len);
282
283 if (!chan->data)
284 return;
285
286 smp = chan->data;
287
288 cancel_delayed_work_sync(&smp->security_timer);
289 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
290 }
291
292 static __u8 authreq_to_seclevel(__u8 authreq)
293 {
294 if (authreq & SMP_AUTH_MITM)
295 return BT_SECURITY_HIGH;
296 else
297 return BT_SECURITY_MEDIUM;
298 }
299
300 static __u8 seclevel_to_authreq(__u8 sec_level)
301 {
302 switch (sec_level) {
303 case BT_SECURITY_HIGH:
304 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
305 case BT_SECURITY_MEDIUM:
306 return SMP_AUTH_BONDING;
307 default:
308 return SMP_AUTH_NONE;
309 }
310 }
311
312 static void build_pairing_cmd(struct l2cap_conn *conn,
313 struct smp_cmd_pairing *req,
314 struct smp_cmd_pairing *rsp, __u8 authreq)
315 {
316 struct l2cap_chan *chan = conn->smp;
317 struct smp_chan *smp = chan->data;
318 struct hci_conn *hcon = conn->hcon;
319 struct hci_dev *hdev = hcon->hdev;
320 u8 local_dist = 0, remote_dist = 0;
321
322 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
323 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
325 authreq |= SMP_AUTH_BONDING;
326 } else {
327 authreq &= ~SMP_AUTH_BONDING;
328 }
329
330 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
331 remote_dist |= SMP_DIST_ID_KEY;
332
333 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
334 local_dist |= SMP_DIST_ID_KEY;
335
336 if (rsp == NULL) {
337 req->io_capability = conn->hcon->io_capability;
338 req->oob_flag = SMP_OOB_NOT_PRESENT;
339 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
340 req->init_key_dist = local_dist;
341 req->resp_key_dist = remote_dist;
342 req->auth_req = (authreq & AUTH_REQ_MASK);
343
344 smp->remote_key_dist = remote_dist;
345 return;
346 }
347
348 rsp->io_capability = conn->hcon->io_capability;
349 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
350 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
351 rsp->init_key_dist = req->init_key_dist & remote_dist;
352 rsp->resp_key_dist = req->resp_key_dist & local_dist;
353 rsp->auth_req = (authreq & AUTH_REQ_MASK);
354
355 smp->remote_key_dist = rsp->init_key_dist;
356 }
357
358 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
359 {
360 struct l2cap_chan *chan = conn->smp;
361 struct smp_chan *smp = chan->data;
362
363 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
364 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
365 return SMP_ENC_KEY_SIZE;
366
367 smp->enc_key_size = max_key_size;
368
369 return 0;
370 }
371
372 static void smp_chan_destroy(struct l2cap_conn *conn)
373 {
374 struct l2cap_chan *chan = conn->smp;
375 struct smp_chan *smp = chan->data;
376 bool complete;
377
378 BUG_ON(!smp);
379
380 cancel_delayed_work_sync(&smp->security_timer);
381
382 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
383 mgmt_smp_complete(conn->hcon, complete);
384
385 kfree(smp->csrk);
386 kfree(smp->slave_csrk);
387
388 crypto_free_blkcipher(smp->tfm_aes);
389
390 /* If pairing failed clean up any keys we might have */
391 if (!complete) {
392 if (smp->ltk) {
393 list_del(&smp->ltk->list);
394 kfree(smp->ltk);
395 }
396
397 if (smp->slave_ltk) {
398 list_del(&smp->slave_ltk->list);
399 kfree(smp->slave_ltk);
400 }
401
402 if (smp->remote_irk) {
403 list_del(&smp->remote_irk->list);
404 kfree(smp->remote_irk);
405 }
406 }
407
408 chan->data = NULL;
409 kfree(smp);
410 hci_conn_drop(conn->hcon);
411 }
412
413 static void smp_failure(struct l2cap_conn *conn, u8 reason)
414 {
415 struct hci_conn *hcon = conn->hcon;
416 struct l2cap_chan *chan = conn->smp;
417
418 if (reason)
419 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
420 &reason);
421
422 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
423 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
424
425 if (chan->data)
426 smp_chan_destroy(conn);
427 }
428
429 #define JUST_WORKS 0x00
430 #define JUST_CFM 0x01
431 #define REQ_PASSKEY 0x02
432 #define CFM_PASSKEY 0x03
433 #define REQ_OOB 0x04
434 #define OVERLAP 0xFF
435
436 static const u8 gen_method[5][5] = {
437 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
438 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
439 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
440 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
441 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
442 };
443
444 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
445 {
446 /* If either side has unknown io_caps, use JUST_CFM (which gets
447 * converted later to JUST_WORKS if we're initiators.
448 */
449 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
450 remote_io > SMP_IO_KEYBOARD_DISPLAY)
451 return JUST_CFM;
452
453 return gen_method[remote_io][local_io];
454 }
455
456 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
457 u8 local_io, u8 remote_io)
458 {
459 struct hci_conn *hcon = conn->hcon;
460 struct l2cap_chan *chan = conn->smp;
461 struct smp_chan *smp = chan->data;
462 u8 method;
463 u32 passkey = 0;
464 int ret = 0;
465
466 /* Initialize key for JUST WORKS */
467 memset(smp->tk, 0, sizeof(smp->tk));
468 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
469
470 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
471
472 /* If neither side wants MITM, either "just" confirm an incoming
473 * request or use just-works for outgoing ones. The JUST_CFM
474 * will be converted to JUST_WORKS if necessary later in this
475 * function. If either side has MITM look up the method from the
476 * table.
477 */
478 if (!(auth & SMP_AUTH_MITM))
479 method = JUST_CFM;
480 else
481 method = get_auth_method(smp, local_io, remote_io);
482
483 /* Don't confirm locally initiated pairing attempts */
484 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
485 method = JUST_WORKS;
486
487 /* Don't bother user space with no IO capabilities */
488 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
489 method = JUST_WORKS;
490
491 /* If Just Works, Continue with Zero TK */
492 if (method == JUST_WORKS) {
493 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
494 return 0;
495 }
496
497 /* Not Just Works/Confirm results in MITM Authentication */
498 if (method != JUST_CFM)
499 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
500
501 /* If both devices have Keyoard-Display I/O, the master
502 * Confirms and the slave Enters the passkey.
503 */
504 if (method == OVERLAP) {
505 if (hcon->role == HCI_ROLE_MASTER)
506 method = CFM_PASSKEY;
507 else
508 method = REQ_PASSKEY;
509 }
510
511 /* Generate random passkey. */
512 if (method == CFM_PASSKEY) {
513 memset(smp->tk, 0, sizeof(smp->tk));
514 get_random_bytes(&passkey, sizeof(passkey));
515 passkey %= 1000000;
516 put_unaligned_le32(passkey, smp->tk);
517 BT_DBG("PassKey: %d", passkey);
518 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
519 }
520
521 hci_dev_lock(hcon->hdev);
522
523 if (method == REQ_PASSKEY)
524 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
525 hcon->type, hcon->dst_type);
526 else if (method == JUST_CFM)
527 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
528 hcon->type, hcon->dst_type,
529 passkey, 1);
530 else
531 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
532 hcon->type, hcon->dst_type,
533 passkey, 0);
534
535 hci_dev_unlock(hcon->hdev);
536
537 return ret;
538 }
539
540 static u8 smp_confirm(struct smp_chan *smp)
541 {
542 struct l2cap_conn *conn = smp->conn;
543 struct smp_cmd_pairing_confirm cp;
544 int ret;
545
546 BT_DBG("conn %p", conn);
547
548 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
549 conn->hcon->init_addr_type, &conn->hcon->init_addr,
550 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
551 cp.confirm_val);
552 if (ret)
553 return SMP_UNSPECIFIED;
554
555 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
556
557 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
558
559 if (conn->hcon->out)
560 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
561 else
562 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
563
564 return 0;
565 }
566
567 static u8 smp_random(struct smp_chan *smp)
568 {
569 struct l2cap_conn *conn = smp->conn;
570 struct hci_conn *hcon = conn->hcon;
571 u8 confirm[16];
572 int ret;
573
574 if (IS_ERR_OR_NULL(smp->tfm_aes))
575 return SMP_UNSPECIFIED;
576
577 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
578
579 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
580 hcon->init_addr_type, &hcon->init_addr,
581 hcon->resp_addr_type, &hcon->resp_addr, confirm);
582 if (ret)
583 return SMP_UNSPECIFIED;
584
585 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
586 BT_ERR("Pairing failed (confirmation values mismatch)");
587 return SMP_CONFIRM_FAILED;
588 }
589
590 if (hcon->out) {
591 u8 stk[16];
592 __le64 rand = 0;
593 __le16 ediv = 0;
594
595 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
596
597 memset(stk + smp->enc_key_size, 0,
598 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
599
600 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
601 return SMP_UNSPECIFIED;
602
603 hci_le_start_enc(hcon, ediv, rand, stk);
604 hcon->enc_key_size = smp->enc_key_size;
605 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
606 } else {
607 u8 stk[16], auth;
608 __le64 rand = 0;
609 __le16 ediv = 0;
610
611 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
612 smp->prnd);
613
614 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
615
616 memset(stk + smp->enc_key_size, 0,
617 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
618
619 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
620 auth = 1;
621 else
622 auth = 0;
623
624 /* Even though there's no _SLAVE suffix this is the
625 * slave STK we're adding for later lookup (the master
626 * STK never needs to be stored).
627 */
628 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
629 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
630 }
631
632 return 0;
633 }
634
635 static void smp_notify_keys(struct l2cap_conn *conn)
636 {
637 struct l2cap_chan *chan = conn->smp;
638 struct smp_chan *smp = chan->data;
639 struct hci_conn *hcon = conn->hcon;
640 struct hci_dev *hdev = hcon->hdev;
641 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
642 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
643 bool persistent;
644
645 if (smp->remote_irk) {
646 mgmt_new_irk(hdev, smp->remote_irk);
647 /* Now that user space can be considered to know the
648 * identity address track the connection based on it
649 * from now on.
650 */
651 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
652 hcon->dst_type = smp->remote_irk->addr_type;
653 queue_work(hdev->workqueue, &conn->id_addr_update_work);
654
655 /* When receiving an indentity resolving key for
656 * a remote device that does not use a resolvable
657 * private address, just remove the key so that
658 * it is possible to use the controller white
659 * list for scanning.
660 *
661 * Userspace will have been told to not store
662 * this key at this point. So it is safe to
663 * just remove it.
664 */
665 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
666 list_del(&smp->remote_irk->list);
667 kfree(smp->remote_irk);
668 smp->remote_irk = NULL;
669 }
670 }
671
672 /* The LTKs and CSRKs should be persistent only if both sides
673 * had the bonding bit set in their authentication requests.
674 */
675 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
676
677 if (smp->csrk) {
678 smp->csrk->bdaddr_type = hcon->dst_type;
679 bacpy(&smp->csrk->bdaddr, &hcon->dst);
680 mgmt_new_csrk(hdev, smp->csrk, persistent);
681 }
682
683 if (smp->slave_csrk) {
684 smp->slave_csrk->bdaddr_type = hcon->dst_type;
685 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
686 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
687 }
688
689 if (smp->ltk) {
690 smp->ltk->bdaddr_type = hcon->dst_type;
691 bacpy(&smp->ltk->bdaddr, &hcon->dst);
692 mgmt_new_ltk(hdev, smp->ltk, persistent);
693 }
694
695 if (smp->slave_ltk) {
696 smp->slave_ltk->bdaddr_type = hcon->dst_type;
697 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
698 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
699 }
700 }
701
702 static void smp_allow_key_dist(struct smp_chan *smp)
703 {
704 /* Allow the first expected phase 3 PDU. The rest of the PDUs
705 * will be allowed in each PDU handler to ensure we receive
706 * them in the correct order.
707 */
708 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
709 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
710 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
711 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
712 else if (smp->remote_key_dist & SMP_DIST_SIGN)
713 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
714 }
715
716 static void smp_distribute_keys(struct smp_chan *smp)
717 {
718 struct smp_cmd_pairing *req, *rsp;
719 struct l2cap_conn *conn = smp->conn;
720 struct hci_conn *hcon = conn->hcon;
721 struct hci_dev *hdev = hcon->hdev;
722 __u8 *keydist;
723
724 BT_DBG("conn %p", conn);
725
726 rsp = (void *) &smp->prsp[1];
727
728 /* The responder sends its keys first */
729 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
730 smp_allow_key_dist(smp);
731 return;
732 }
733
734 req = (void *) &smp->preq[1];
735
736 if (hcon->out) {
737 keydist = &rsp->init_key_dist;
738 *keydist &= req->init_key_dist;
739 } else {
740 keydist = &rsp->resp_key_dist;
741 *keydist &= req->resp_key_dist;
742 }
743
744 BT_DBG("keydist 0x%x", *keydist);
745
746 if (*keydist & SMP_DIST_ENC_KEY) {
747 struct smp_cmd_encrypt_info enc;
748 struct smp_cmd_master_ident ident;
749 struct smp_ltk *ltk;
750 u8 authenticated;
751 __le16 ediv;
752 __le64 rand;
753
754 get_random_bytes(enc.ltk, sizeof(enc.ltk));
755 get_random_bytes(&ediv, sizeof(ediv));
756 get_random_bytes(&rand, sizeof(rand));
757
758 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
759
760 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
761 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
762 SMP_LTK_SLAVE, authenticated, enc.ltk,
763 smp->enc_key_size, ediv, rand);
764 smp->slave_ltk = ltk;
765
766 ident.ediv = ediv;
767 ident.rand = rand;
768
769 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
770
771 *keydist &= ~SMP_DIST_ENC_KEY;
772 }
773
774 if (*keydist & SMP_DIST_ID_KEY) {
775 struct smp_cmd_ident_addr_info addrinfo;
776 struct smp_cmd_ident_info idinfo;
777
778 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
779
780 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
781
782 /* The hci_conn contains the local identity address
783 * after the connection has been established.
784 *
785 * This is true even when the connection has been
786 * established using a resolvable random address.
787 */
788 bacpy(&addrinfo.bdaddr, &hcon->src);
789 addrinfo.addr_type = hcon->src_type;
790
791 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
792 &addrinfo);
793
794 *keydist &= ~SMP_DIST_ID_KEY;
795 }
796
797 if (*keydist & SMP_DIST_SIGN) {
798 struct smp_cmd_sign_info sign;
799 struct smp_csrk *csrk;
800
801 /* Generate a new random key */
802 get_random_bytes(sign.csrk, sizeof(sign.csrk));
803
804 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
805 if (csrk) {
806 csrk->master = 0x00;
807 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
808 }
809 smp->slave_csrk = csrk;
810
811 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
812
813 *keydist &= ~SMP_DIST_SIGN;
814 }
815
816 /* If there are still keys to be received wait for them */
817 if (smp->remote_key_dist & KEY_DIST_MASK) {
818 smp_allow_key_dist(smp);
819 return;
820 }
821
822 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
823 smp_notify_keys(conn);
824
825 smp_chan_destroy(conn);
826 }
827
828 static void smp_timeout(struct work_struct *work)
829 {
830 struct smp_chan *smp = container_of(work, struct smp_chan,
831 security_timer.work);
832 struct l2cap_conn *conn = smp->conn;
833
834 BT_DBG("conn %p", conn);
835
836 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
837 }
838
839 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
840 {
841 struct l2cap_chan *chan = conn->smp;
842 struct smp_chan *smp;
843
844 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
845 if (!smp)
846 return NULL;
847
848 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
849 if (IS_ERR(smp->tfm_aes)) {
850 BT_ERR("Unable to create ECB crypto context");
851 kfree(smp);
852 return NULL;
853 }
854
855 smp->conn = conn;
856 chan->data = smp;
857
858 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
859
860 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
861
862 hci_conn_hold(conn->hcon);
863
864 return smp;
865 }
866
867 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
868 {
869 struct l2cap_conn *conn = hcon->l2cap_data;
870 struct l2cap_chan *chan;
871 struct smp_chan *smp;
872 u32 value;
873 int err;
874
875 BT_DBG("");
876
877 if (!conn)
878 return -ENOTCONN;
879
880 chan = conn->smp;
881 if (!chan)
882 return -ENOTCONN;
883
884 l2cap_chan_lock(chan);
885 if (!chan->data) {
886 err = -ENOTCONN;
887 goto unlock;
888 }
889
890 smp = chan->data;
891
892 switch (mgmt_op) {
893 case MGMT_OP_USER_PASSKEY_REPLY:
894 value = le32_to_cpu(passkey);
895 memset(smp->tk, 0, sizeof(smp->tk));
896 BT_DBG("PassKey: %d", value);
897 put_unaligned_le32(value, smp->tk);
898 /* Fall Through */
899 case MGMT_OP_USER_CONFIRM_REPLY:
900 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
901 break;
902 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
903 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
904 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
905 err = 0;
906 goto unlock;
907 default:
908 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
909 err = -EOPNOTSUPP;
910 goto unlock;
911 }
912
913 err = 0;
914
915 /* If it is our turn to send Pairing Confirm, do so now */
916 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
917 u8 rsp = smp_confirm(smp);
918 if (rsp)
919 smp_failure(conn, rsp);
920 }
921
922 unlock:
923 l2cap_chan_unlock(chan);
924 return err;
925 }
926
927 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
928 {
929 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
930 struct l2cap_chan *chan = conn->smp;
931 struct hci_dev *hdev = conn->hcon->hdev;
932 struct smp_chan *smp;
933 u8 key_size, auth, sec_level;
934 int ret;
935
936 BT_DBG("conn %p", conn);
937
938 if (skb->len < sizeof(*req))
939 return SMP_INVALID_PARAMS;
940
941 if (conn->hcon->role != HCI_ROLE_SLAVE)
942 return SMP_CMD_NOTSUPP;
943
944 if (!chan->data)
945 smp = smp_chan_create(conn);
946 else
947 smp = chan->data;
948
949 if (!smp)
950 return SMP_UNSPECIFIED;
951
952 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
953 (req->auth_req & SMP_AUTH_BONDING))
954 return SMP_PAIRING_NOTSUPP;
955
956 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
957
958 smp->preq[0] = SMP_CMD_PAIRING_REQ;
959 memcpy(&smp->preq[1], req, sizeof(*req));
960 skb_pull(skb, sizeof(*req));
961
962 /* We didn't start the pairing, so match remote */
963 auth = req->auth_req;
964
965 sec_level = authreq_to_seclevel(auth);
966 if (sec_level > conn->hcon->pending_sec_level)
967 conn->hcon->pending_sec_level = sec_level;
968
969 /* If we need MITM check that it can be acheived */
970 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
971 u8 method;
972
973 method = get_auth_method(smp, conn->hcon->io_capability,
974 req->io_capability);
975 if (method == JUST_WORKS || method == JUST_CFM)
976 return SMP_AUTH_REQUIREMENTS;
977 }
978
979 build_pairing_cmd(conn, req, &rsp, auth);
980
981 key_size = min(req->max_key_size, rsp.max_key_size);
982 if (check_enc_key_size(conn, key_size))
983 return SMP_ENC_KEY_SIZE;
984
985 get_random_bytes(smp->prnd, sizeof(smp->prnd));
986
987 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
988 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
989
990 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
991 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
992
993 /* Request setup of TK */
994 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
995 if (ret)
996 return SMP_UNSPECIFIED;
997
998 return 0;
999 }
1000
1001 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1002 {
1003 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1004 struct l2cap_chan *chan = conn->smp;
1005 struct smp_chan *smp = chan->data;
1006 u8 key_size, auth = SMP_AUTH_NONE;
1007 int ret;
1008
1009 BT_DBG("conn %p", conn);
1010
1011 if (skb->len < sizeof(*rsp))
1012 return SMP_INVALID_PARAMS;
1013
1014 if (conn->hcon->role != HCI_ROLE_MASTER)
1015 return SMP_CMD_NOTSUPP;
1016
1017 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1018
1019 skb_pull(skb, sizeof(*rsp));
1020
1021 req = (void *) &smp->preq[1];
1022
1023 key_size = min(req->max_key_size, rsp->max_key_size);
1024 if (check_enc_key_size(conn, key_size))
1025 return SMP_ENC_KEY_SIZE;
1026
1027 /* If we need MITM check that it can be acheived */
1028 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1029 u8 method;
1030
1031 method = get_auth_method(smp, req->io_capability,
1032 rsp->io_capability);
1033 if (method == JUST_WORKS || method == JUST_CFM)
1034 return SMP_AUTH_REQUIREMENTS;
1035 }
1036
1037 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1038
1039 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1040 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1041
1042 /* Update remote key distribution in case the remote cleared
1043 * some bits that we had enabled in our request.
1044 */
1045 smp->remote_key_dist &= rsp->resp_key_dist;
1046
1047 if ((req->auth_req & SMP_AUTH_BONDING) &&
1048 (rsp->auth_req & SMP_AUTH_BONDING))
1049 auth = SMP_AUTH_BONDING;
1050
1051 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1052
1053 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1054 if (ret)
1055 return SMP_UNSPECIFIED;
1056
1057 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1058
1059 /* Can't compose response until we have been confirmed */
1060 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1061 return smp_confirm(smp);
1062
1063 return 0;
1064 }
1065
1066 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1067 {
1068 struct l2cap_chan *chan = conn->smp;
1069 struct smp_chan *smp = chan->data;
1070
1071 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1072
1073 if (skb->len < sizeof(smp->pcnf))
1074 return SMP_INVALID_PARAMS;
1075
1076 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1077
1078 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1079 skb_pull(skb, sizeof(smp->pcnf));
1080
1081 if (conn->hcon->out) {
1082 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1083 smp->prnd);
1084 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1085 return 0;
1086 }
1087
1088 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1089 return smp_confirm(smp);
1090 else
1091 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1092
1093 return 0;
1094 }
1095
1096 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1097 {
1098 struct l2cap_chan *chan = conn->smp;
1099 struct smp_chan *smp = chan->data;
1100
1101 BT_DBG("conn %p", conn);
1102
1103 if (skb->len < sizeof(smp->rrnd))
1104 return SMP_INVALID_PARAMS;
1105
1106 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1107
1108 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1109 skb_pull(skb, sizeof(smp->rrnd));
1110
1111 return smp_random(smp);
1112 }
1113
1114 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1115 {
1116 struct smp_ltk *key;
1117 struct hci_conn *hcon = conn->hcon;
1118
1119 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1120 hcon->role);
1121 if (!key)
1122 return false;
1123
1124 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1125 return false;
1126
1127 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1128 return true;
1129
1130 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1131 hcon->enc_key_size = key->enc_size;
1132
1133 /* We never store STKs for master role, so clear this flag */
1134 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1135
1136 return true;
1137 }
1138
1139 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1140 {
1141 if (sec_level == BT_SECURITY_LOW)
1142 return true;
1143
1144 /* If we're encrypted with an STK always claim insufficient
1145 * security. This way we allow the connection to be re-encrypted
1146 * with an LTK, even if the LTK provides the same level of
1147 * security. Only exception is if we don't have an LTK (e.g.
1148 * because of key distribution bits).
1149 */
1150 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1151 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1152 hcon->role))
1153 return false;
1154
1155 if (hcon->sec_level >= sec_level)
1156 return true;
1157
1158 return false;
1159 }
1160
1161 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1162 {
1163 struct smp_cmd_security_req *rp = (void *) skb->data;
1164 struct smp_cmd_pairing cp;
1165 struct hci_conn *hcon = conn->hcon;
1166 struct smp_chan *smp;
1167 u8 sec_level;
1168
1169 BT_DBG("conn %p", conn);
1170
1171 if (skb->len < sizeof(*rp))
1172 return SMP_INVALID_PARAMS;
1173
1174 if (hcon->role != HCI_ROLE_MASTER)
1175 return SMP_CMD_NOTSUPP;
1176
1177 sec_level = authreq_to_seclevel(rp->auth_req);
1178 if (smp_sufficient_security(hcon, sec_level))
1179 return 0;
1180
1181 if (sec_level > hcon->pending_sec_level)
1182 hcon->pending_sec_level = sec_level;
1183
1184 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1185 return 0;
1186
1187 smp = smp_chan_create(conn);
1188 if (!smp)
1189 return SMP_UNSPECIFIED;
1190
1191 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1192 (rp->auth_req & SMP_AUTH_BONDING))
1193 return SMP_PAIRING_NOTSUPP;
1194
1195 skb_pull(skb, sizeof(*rp));
1196
1197 memset(&cp, 0, sizeof(cp));
1198 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1199
1200 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1201 memcpy(&smp->preq[1], &cp, sizeof(cp));
1202
1203 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1204 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1205
1206 return 0;
1207 }
1208
1209 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1210 {
1211 struct l2cap_conn *conn = hcon->l2cap_data;
1212 struct l2cap_chan *chan;
1213 struct smp_chan *smp;
1214 __u8 authreq;
1215 int ret;
1216
1217 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1218
1219 /* This may be NULL if there's an unexpected disconnection */
1220 if (!conn)
1221 return 1;
1222
1223 chan = conn->smp;
1224
1225 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1226 return 1;
1227
1228 if (smp_sufficient_security(hcon, sec_level))
1229 return 1;
1230
1231 if (sec_level > hcon->pending_sec_level)
1232 hcon->pending_sec_level = sec_level;
1233
1234 if (hcon->role == HCI_ROLE_MASTER)
1235 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1236 return 0;
1237
1238 l2cap_chan_lock(chan);
1239
1240 /* If SMP is already in progress ignore this request */
1241 if (chan->data) {
1242 ret = 0;
1243 goto unlock;
1244 }
1245
1246 smp = smp_chan_create(conn);
1247 if (!smp) {
1248 ret = 1;
1249 goto unlock;
1250 }
1251
1252 authreq = seclevel_to_authreq(sec_level);
1253
1254 /* Require MITM if IO Capability allows or the security level
1255 * requires it.
1256 */
1257 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1258 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1259 authreq |= SMP_AUTH_MITM;
1260
1261 if (hcon->role == HCI_ROLE_MASTER) {
1262 struct smp_cmd_pairing cp;
1263
1264 build_pairing_cmd(conn, &cp, NULL, authreq);
1265 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1266 memcpy(&smp->preq[1], &cp, sizeof(cp));
1267
1268 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1269 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1270 } else {
1271 struct smp_cmd_security_req cp;
1272 cp.auth_req = authreq;
1273 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1274 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1275 }
1276
1277 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1278 ret = 0;
1279
1280 unlock:
1281 l2cap_chan_unlock(chan);
1282 return ret;
1283 }
1284
1285 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1286 {
1287 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1288 struct l2cap_chan *chan = conn->smp;
1289 struct smp_chan *smp = chan->data;
1290
1291 BT_DBG("conn %p", conn);
1292
1293 if (skb->len < sizeof(*rp))
1294 return SMP_INVALID_PARAMS;
1295
1296 SMP_DISALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1297 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1298
1299 skb_pull(skb, sizeof(*rp));
1300
1301 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1302
1303 return 0;
1304 }
1305
1306 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1307 {
1308 struct smp_cmd_master_ident *rp = (void *) skb->data;
1309 struct l2cap_chan *chan = conn->smp;
1310 struct smp_chan *smp = chan->data;
1311 struct hci_dev *hdev = conn->hcon->hdev;
1312 struct hci_conn *hcon = conn->hcon;
1313 struct smp_ltk *ltk;
1314 u8 authenticated;
1315
1316 BT_DBG("conn %p", conn);
1317
1318 if (skb->len < sizeof(*rp))
1319 return SMP_INVALID_PARAMS;
1320
1321 /* Mark the information as received */
1322 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1323
1324 SMP_DISALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1325 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1326 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1327
1328 skb_pull(skb, sizeof(*rp));
1329
1330 hci_dev_lock(hdev);
1331 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1332 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1333 authenticated, smp->tk, smp->enc_key_size,
1334 rp->ediv, rp->rand);
1335 smp->ltk = ltk;
1336 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1337 smp_distribute_keys(smp);
1338 hci_dev_unlock(hdev);
1339
1340 return 0;
1341 }
1342
1343 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1344 {
1345 struct smp_cmd_ident_info *info = (void *) skb->data;
1346 struct l2cap_chan *chan = conn->smp;
1347 struct smp_chan *smp = chan->data;
1348
1349 BT_DBG("");
1350
1351 if (skb->len < sizeof(*info))
1352 return SMP_INVALID_PARAMS;
1353
1354 SMP_DISALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1355 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1356
1357 skb_pull(skb, sizeof(*info));
1358
1359 memcpy(smp->irk, info->irk, 16);
1360
1361 return 0;
1362 }
1363
1364 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1365 struct sk_buff *skb)
1366 {
1367 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1368 struct l2cap_chan *chan = conn->smp;
1369 struct smp_chan *smp = chan->data;
1370 struct hci_conn *hcon = conn->hcon;
1371 bdaddr_t rpa;
1372
1373 BT_DBG("");
1374
1375 if (skb->len < sizeof(*info))
1376 return SMP_INVALID_PARAMS;
1377
1378 /* Mark the information as received */
1379 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1380
1381 SMP_DISALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1382 if (smp->remote_key_dist & SMP_DIST_SIGN)
1383 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1384
1385 skb_pull(skb, sizeof(*info));
1386
1387 hci_dev_lock(hcon->hdev);
1388
1389 /* Strictly speaking the Core Specification (4.1) allows sending
1390 * an empty address which would force us to rely on just the IRK
1391 * as "identity information". However, since such
1392 * implementations are not known of and in order to not over
1393 * complicate our implementation, simply pretend that we never
1394 * received an IRK for such a device.
1395 */
1396 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1397 BT_ERR("Ignoring IRK with no identity address");
1398 goto distribute;
1399 }
1400
1401 bacpy(&smp->id_addr, &info->bdaddr);
1402 smp->id_addr_type = info->addr_type;
1403
1404 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1405 bacpy(&rpa, &hcon->dst);
1406 else
1407 bacpy(&rpa, BDADDR_ANY);
1408
1409 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1410 smp->id_addr_type, smp->irk, &rpa);
1411
1412 distribute:
1413 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1414 smp_distribute_keys(smp);
1415
1416 hci_dev_unlock(hcon->hdev);
1417
1418 return 0;
1419 }
1420
1421 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1422 {
1423 struct smp_cmd_sign_info *rp = (void *) skb->data;
1424 struct l2cap_chan *chan = conn->smp;
1425 struct smp_chan *smp = chan->data;
1426 struct hci_dev *hdev = conn->hcon->hdev;
1427 struct smp_csrk *csrk;
1428
1429 BT_DBG("conn %p", conn);
1430
1431 if (skb->len < sizeof(*rp))
1432 return SMP_INVALID_PARAMS;
1433
1434 /* Mark the information as received */
1435 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1436
1437 SMP_DISALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1438
1439 skb_pull(skb, sizeof(*rp));
1440
1441 hci_dev_lock(hdev);
1442 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1443 if (csrk) {
1444 csrk->master = 0x01;
1445 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1446 }
1447 smp->csrk = csrk;
1448 smp_distribute_keys(smp);
1449 hci_dev_unlock(hdev);
1450
1451 return 0;
1452 }
1453
1454 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1455 {
1456 struct l2cap_conn *conn = chan->conn;
1457 struct hci_conn *hcon = conn->hcon;
1458 struct smp_chan *smp;
1459 __u8 code, reason;
1460 int err = 0;
1461
1462 if (hcon->type != LE_LINK) {
1463 kfree_skb(skb);
1464 return 0;
1465 }
1466
1467 if (skb->len < 1)
1468 return -EILSEQ;
1469
1470 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1471 reason = SMP_PAIRING_NOTSUPP;
1472 goto done;
1473 }
1474
1475 code = skb->data[0];
1476 skb_pull(skb, sizeof(code));
1477
1478 smp = chan->data;
1479
1480 if (code > SMP_CMD_MAX)
1481 goto drop;
1482
1483 if (smp && !test_bit(code, &smp->allow_cmd))
1484 goto drop;
1485
1486 /* If we don't have a context the only allowed commands are
1487 * pairing request and security request.
1488 */
1489 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1490 goto drop;
1491
1492 switch (code) {
1493 case SMP_CMD_PAIRING_REQ:
1494 reason = smp_cmd_pairing_req(conn, skb);
1495 break;
1496
1497 case SMP_CMD_PAIRING_FAIL:
1498 smp_failure(conn, 0);
1499 err = -EPERM;
1500 break;
1501
1502 case SMP_CMD_PAIRING_RSP:
1503 reason = smp_cmd_pairing_rsp(conn, skb);
1504 break;
1505
1506 case SMP_CMD_SECURITY_REQ:
1507 reason = smp_cmd_security_req(conn, skb);
1508 break;
1509
1510 case SMP_CMD_PAIRING_CONFIRM:
1511 reason = smp_cmd_pairing_confirm(conn, skb);
1512 break;
1513
1514 case SMP_CMD_PAIRING_RANDOM:
1515 reason = smp_cmd_pairing_random(conn, skb);
1516 break;
1517
1518 case SMP_CMD_ENCRYPT_INFO:
1519 reason = smp_cmd_encrypt_info(conn, skb);
1520 break;
1521
1522 case SMP_CMD_MASTER_IDENT:
1523 reason = smp_cmd_master_ident(conn, skb);
1524 break;
1525
1526 case SMP_CMD_IDENT_INFO:
1527 reason = smp_cmd_ident_info(conn, skb);
1528 break;
1529
1530 case SMP_CMD_IDENT_ADDR_INFO:
1531 reason = smp_cmd_ident_addr_info(conn, skb);
1532 break;
1533
1534 case SMP_CMD_SIGN_INFO:
1535 reason = smp_cmd_sign_info(conn, skb);
1536 break;
1537
1538 default:
1539 BT_DBG("Unknown command code 0x%2.2x", code);
1540 reason = SMP_CMD_NOTSUPP;
1541 goto done;
1542 }
1543
1544 done:
1545 if (!err) {
1546 if (reason)
1547 smp_failure(conn, reason);
1548 kfree_skb(skb);
1549 }
1550
1551 return err;
1552
1553 drop:
1554 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1555 code, &hcon->dst);
1556 kfree_skb(skb);
1557 return 0;
1558 }
1559
1560 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1561 {
1562 struct l2cap_conn *conn = chan->conn;
1563
1564 BT_DBG("chan %p", chan);
1565
1566 if (chan->data)
1567 smp_chan_destroy(conn);
1568
1569 conn->smp = NULL;
1570 l2cap_chan_put(chan);
1571 }
1572
1573 static void smp_resume_cb(struct l2cap_chan *chan)
1574 {
1575 struct smp_chan *smp = chan->data;
1576 struct l2cap_conn *conn = chan->conn;
1577 struct hci_conn *hcon = conn->hcon;
1578
1579 BT_DBG("chan %p", chan);
1580
1581 if (!smp)
1582 return;
1583
1584 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1585 return;
1586
1587 cancel_delayed_work(&smp->security_timer);
1588
1589 smp_distribute_keys(smp);
1590 }
1591
1592 static void smp_ready_cb(struct l2cap_chan *chan)
1593 {
1594 struct l2cap_conn *conn = chan->conn;
1595
1596 BT_DBG("chan %p", chan);
1597
1598 conn->smp = chan;
1599 l2cap_chan_hold(chan);
1600 }
1601
1602 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1603 {
1604 int err;
1605
1606 BT_DBG("chan %p", chan);
1607
1608 err = smp_sig_channel(chan, skb);
1609 if (err) {
1610 struct smp_chan *smp = chan->data;
1611
1612 if (smp)
1613 cancel_delayed_work_sync(&smp->security_timer);
1614
1615 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1616 }
1617
1618 return err;
1619 }
1620
1621 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1622 unsigned long hdr_len,
1623 unsigned long len, int nb)
1624 {
1625 struct sk_buff *skb;
1626
1627 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1628 if (!skb)
1629 return ERR_PTR(-ENOMEM);
1630
1631 skb->priority = HCI_PRIO_MAX;
1632 bt_cb(skb)->chan = chan;
1633
1634 return skb;
1635 }
1636
1637 static const struct l2cap_ops smp_chan_ops = {
1638 .name = "Security Manager",
1639 .ready = smp_ready_cb,
1640 .recv = smp_recv_cb,
1641 .alloc_skb = smp_alloc_skb_cb,
1642 .teardown = smp_teardown_cb,
1643 .resume = smp_resume_cb,
1644
1645 .new_connection = l2cap_chan_no_new_connection,
1646 .state_change = l2cap_chan_no_state_change,
1647 .close = l2cap_chan_no_close,
1648 .defer = l2cap_chan_no_defer,
1649 .suspend = l2cap_chan_no_suspend,
1650 .set_shutdown = l2cap_chan_no_set_shutdown,
1651 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1652 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1653 };
1654
1655 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1656 {
1657 struct l2cap_chan *chan;
1658
1659 BT_DBG("pchan %p", pchan);
1660
1661 chan = l2cap_chan_create();
1662 if (!chan)
1663 return NULL;
1664
1665 chan->chan_type = pchan->chan_type;
1666 chan->ops = &smp_chan_ops;
1667 chan->scid = pchan->scid;
1668 chan->dcid = chan->scid;
1669 chan->imtu = pchan->imtu;
1670 chan->omtu = pchan->omtu;
1671 chan->mode = pchan->mode;
1672
1673 BT_DBG("created chan %p", chan);
1674
1675 return chan;
1676 }
1677
1678 static const struct l2cap_ops smp_root_chan_ops = {
1679 .name = "Security Manager Root",
1680 .new_connection = smp_new_conn_cb,
1681
1682 /* None of these are implemented for the root channel */
1683 .close = l2cap_chan_no_close,
1684 .alloc_skb = l2cap_chan_no_alloc_skb,
1685 .recv = l2cap_chan_no_recv,
1686 .state_change = l2cap_chan_no_state_change,
1687 .teardown = l2cap_chan_no_teardown,
1688 .ready = l2cap_chan_no_ready,
1689 .defer = l2cap_chan_no_defer,
1690 .suspend = l2cap_chan_no_suspend,
1691 .resume = l2cap_chan_no_resume,
1692 .set_shutdown = l2cap_chan_no_set_shutdown,
1693 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1694 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1695 };
1696
1697 int smp_register(struct hci_dev *hdev)
1698 {
1699 struct l2cap_chan *chan;
1700 struct crypto_blkcipher *tfm_aes;
1701
1702 BT_DBG("%s", hdev->name);
1703
1704 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1705 if (IS_ERR(tfm_aes)) {
1706 int err = PTR_ERR(tfm_aes);
1707 BT_ERR("Unable to create crypto context");
1708 return err;
1709 }
1710
1711 chan = l2cap_chan_create();
1712 if (!chan) {
1713 crypto_free_blkcipher(tfm_aes);
1714 return -ENOMEM;
1715 }
1716
1717 chan->data = tfm_aes;
1718
1719 l2cap_add_scid(chan, L2CAP_CID_SMP);
1720
1721 l2cap_chan_set_defaults(chan);
1722
1723 bacpy(&chan->src, &hdev->bdaddr);
1724 chan->src_type = BDADDR_LE_PUBLIC;
1725 chan->state = BT_LISTEN;
1726 chan->mode = L2CAP_MODE_BASIC;
1727 chan->imtu = L2CAP_DEFAULT_MTU;
1728 chan->ops = &smp_root_chan_ops;
1729
1730 hdev->smp_data = chan;
1731
1732 return 0;
1733 }
1734
1735 void smp_unregister(struct hci_dev *hdev)
1736 {
1737 struct l2cap_chan *chan = hdev->smp_data;
1738 struct crypto_blkcipher *tfm_aes;
1739
1740 if (!chan)
1741 return;
1742
1743 BT_DBG("%s chan %p", hdev->name, chan);
1744
1745 tfm_aes = chan->data;
1746 if (tfm_aes) {
1747 chan->data = NULL;
1748 crypto_free_blkcipher(tfm_aes);
1749 }
1750
1751 hdev->smp_data = NULL;
1752 l2cap_chan_put(chan);
1753 }
Linux kernel - Deliverables
This page took 0.108828 seconds and 5 git commands to generate.