2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 #define SMP_DISALLOW_CMD(smp, code) clear_bit(code, &smp->allow_cmd)
37 #define SMP_TIMEOUT msecs_to_jiffies(30000)
39 #define AUTH_REQ_MASK 0x07
40 #define KEY_DIST_MASK 0x07
51 struct l2cap_conn
*conn
;
52 struct delayed_work security_timer
;
53 unsigned long allow_cmd
; /* Bitmask of allowed commands */
55 u8 preq
[7]; /* SMP Pairing Request */
56 u8 prsp
[7]; /* SMP Pairing Response */
57 u8 prnd
[16]; /* SMP Pairing Random (local) */
58 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
59 u8 pcnf
[16]; /* SMP Pairing Confirm */
60 u8 tk
[16]; /* SMP Temporary Key */
66 struct smp_csrk
*csrk
;
67 struct smp_csrk
*slave_csrk
;
69 struct smp_ltk
*slave_ltk
;
70 struct smp_irk
*remote_irk
;
73 struct crypto_blkcipher
*tfm_aes
;
76 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
80 for (i
= 0; i
< len
; i
++)
81 dst
[len
- 1 - i
] = src
[i
];
84 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
86 struct blkcipher_desc desc
;
87 struct scatterlist sg
;
88 uint8_t tmp
[16], data
[16];
92 BT_ERR("tfm %p", tfm
);
99 /* The most significant octet of key corresponds to k[0] */
100 swap_buf(k
, tmp
, 16);
102 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
104 BT_ERR("cipher setkey failed: %d", err
);
108 /* Most significant octet of plaintextData corresponds to data[0] */
109 swap_buf(r
, data
, 16);
111 sg_init_one(&sg
, data
, 16);
113 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
115 BT_ERR("Encrypt data error %d", err
);
117 /* Most significant octet of encryptedData corresponds to data[0] */
118 swap_buf(data
, r
, 16);
123 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
128 /* r' = padding || r */
130 memset(_res
+ 3, 0, 13);
132 err
= smp_e(tfm
, irk
, _res
);
134 BT_ERR("Encrypt error");
138 /* The output of the random address function ah is:
139 * ah(h, r) = e(k, r') mod 2^24
140 * The output of the security function e is then truncated to 24 bits
141 * by taking the least significant 24 bits of the output of e as the
144 memcpy(res
, _res
, 3);
149 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
151 struct l2cap_chan
*chan
= hdev
->smp_data
;
152 struct crypto_blkcipher
*tfm
;
156 if (!chan
|| !chan
->data
)
161 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
163 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
167 return !memcmp(bdaddr
->b
, hash
, 3);
170 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
172 struct l2cap_chan
*chan
= hdev
->smp_data
;
173 struct crypto_blkcipher
*tfm
;
176 if (!chan
|| !chan
->data
)
181 get_random_bytes(&rpa
->b
[3], 3);
183 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
184 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
186 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
190 BT_DBG("RPA %pMR", rpa
);
195 static int smp_c1(struct smp_chan
*smp
, u8 k
[16], u8 r
[16], u8 preq
[7],
196 u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
, bdaddr_t
*ra
,
199 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
203 BT_DBG("%s", hdev
->name
);
207 /* p1 = pres || preq || _rat || _iat */
210 memcpy(p1
+ 2, preq
, 7);
211 memcpy(p1
+ 9, pres
, 7);
213 /* p2 = padding || ia || ra */
215 memcpy(p2
+ 6, ia
, 6);
216 memset(p2
+ 12, 0, 4);
219 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
221 /* res = e(k, res) */
222 err
= smp_e(smp
->tfm_aes
, k
, res
);
224 BT_ERR("Encrypt data error");
228 /* res = res XOR p2 */
229 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
231 /* res = e(k, res) */
232 err
= smp_e(smp
->tfm_aes
, k
, res
);
234 BT_ERR("Encrypt data error");
239 static int smp_s1(struct smp_chan
*smp
, u8 k
[16], u8 r1
[16], u8 r2
[16],
242 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
245 BT_DBG("%s", hdev
->name
);
247 /* Just least significant octets from r1 and r2 are considered */
249 memcpy(_r
+ 8, r1
, 8);
251 err
= smp_e(smp
->tfm_aes
, k
, _r
);
253 BT_ERR("Encrypt data error");
258 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
260 struct l2cap_chan
*chan
= conn
->smp
;
261 struct smp_chan
*smp
;
268 BT_DBG("code 0x%2.2x", code
);
270 iv
[0].iov_base
= &code
;
273 iv
[1].iov_base
= data
;
276 memset(&msg
, 0, sizeof(msg
));
278 msg
.msg_iov
= (struct iovec
*) &iv
;
281 l2cap_chan_send(chan
, &msg
, 1 + len
);
288 cancel_delayed_work_sync(&smp
->security_timer
);
289 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
292 static __u8
authreq_to_seclevel(__u8 authreq
)
294 if (authreq
& SMP_AUTH_MITM
)
295 return BT_SECURITY_HIGH
;
297 return BT_SECURITY_MEDIUM
;
300 static __u8
seclevel_to_authreq(__u8 sec_level
)
303 case BT_SECURITY_HIGH
:
304 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
305 case BT_SECURITY_MEDIUM
:
306 return SMP_AUTH_BONDING
;
308 return SMP_AUTH_NONE
;
312 static void build_pairing_cmd(struct l2cap_conn
*conn
,
313 struct smp_cmd_pairing
*req
,
314 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
316 struct l2cap_chan
*chan
= conn
->smp
;
317 struct smp_chan
*smp
= chan
->data
;
318 struct hci_conn
*hcon
= conn
->hcon
;
319 struct hci_dev
*hdev
= hcon
->hdev
;
320 u8 local_dist
= 0, remote_dist
= 0;
322 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
323 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
324 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
325 authreq
|= SMP_AUTH_BONDING
;
327 authreq
&= ~SMP_AUTH_BONDING
;
330 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
331 remote_dist
|= SMP_DIST_ID_KEY
;
333 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
334 local_dist
|= SMP_DIST_ID_KEY
;
337 req
->io_capability
= conn
->hcon
->io_capability
;
338 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
339 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
340 req
->init_key_dist
= local_dist
;
341 req
->resp_key_dist
= remote_dist
;
342 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
344 smp
->remote_key_dist
= remote_dist
;
348 rsp
->io_capability
= conn
->hcon
->io_capability
;
349 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
350 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
351 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
352 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
353 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
355 smp
->remote_key_dist
= rsp
->init_key_dist
;
358 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
360 struct l2cap_chan
*chan
= conn
->smp
;
361 struct smp_chan
*smp
= chan
->data
;
363 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
364 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
365 return SMP_ENC_KEY_SIZE
;
367 smp
->enc_key_size
= max_key_size
;
372 static void smp_chan_destroy(struct l2cap_conn
*conn
)
374 struct l2cap_chan
*chan
= conn
->smp
;
375 struct smp_chan
*smp
= chan
->data
;
380 cancel_delayed_work_sync(&smp
->security_timer
);
382 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
383 mgmt_smp_complete(conn
->hcon
, complete
);
386 kfree(smp
->slave_csrk
);
388 crypto_free_blkcipher(smp
->tfm_aes
);
390 /* If pairing failed clean up any keys we might have */
393 list_del(&smp
->ltk
->list
);
397 if (smp
->slave_ltk
) {
398 list_del(&smp
->slave_ltk
->list
);
399 kfree(smp
->slave_ltk
);
402 if (smp
->remote_irk
) {
403 list_del(&smp
->remote_irk
->list
);
404 kfree(smp
->remote_irk
);
410 hci_conn_drop(conn
->hcon
);
413 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
415 struct hci_conn
*hcon
= conn
->hcon
;
416 struct l2cap_chan
*chan
= conn
->smp
;
419 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
422 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
423 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
426 smp_chan_destroy(conn
);
429 #define JUST_WORKS 0x00
430 #define JUST_CFM 0x01
431 #define REQ_PASSKEY 0x02
432 #define CFM_PASSKEY 0x03
436 static const u8 gen_method
[5][5] = {
437 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
438 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
439 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
440 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
441 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
444 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
446 /* If either side has unknown io_caps, use JUST_CFM (which gets
447 * converted later to JUST_WORKS if we're initiators.
449 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
450 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
453 return gen_method
[remote_io
][local_io
];
456 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
457 u8 local_io
, u8 remote_io
)
459 struct hci_conn
*hcon
= conn
->hcon
;
460 struct l2cap_chan
*chan
= conn
->smp
;
461 struct smp_chan
*smp
= chan
->data
;
466 /* Initialize key for JUST WORKS */
467 memset(smp
->tk
, 0, sizeof(smp
->tk
));
468 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
470 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
472 /* If neither side wants MITM, either "just" confirm an incoming
473 * request or use just-works for outgoing ones. The JUST_CFM
474 * will be converted to JUST_WORKS if necessary later in this
475 * function. If either side has MITM look up the method from the
478 if (!(auth
& SMP_AUTH_MITM
))
481 method
= get_auth_method(smp
, local_io
, remote_io
);
483 /* Don't confirm locally initiated pairing attempts */
484 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
487 /* Don't bother user space with no IO capabilities */
488 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
491 /* If Just Works, Continue with Zero TK */
492 if (method
== JUST_WORKS
) {
493 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
497 /* Not Just Works/Confirm results in MITM Authentication */
498 if (method
!= JUST_CFM
)
499 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
501 /* If both devices have Keyoard-Display I/O, the master
502 * Confirms and the slave Enters the passkey.
504 if (method
== OVERLAP
) {
505 if (hcon
->role
== HCI_ROLE_MASTER
)
506 method
= CFM_PASSKEY
;
508 method
= REQ_PASSKEY
;
511 /* Generate random passkey. */
512 if (method
== CFM_PASSKEY
) {
513 memset(smp
->tk
, 0, sizeof(smp
->tk
));
514 get_random_bytes(&passkey
, sizeof(passkey
));
516 put_unaligned_le32(passkey
, smp
->tk
);
517 BT_DBG("PassKey: %d", passkey
);
518 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
521 hci_dev_lock(hcon
->hdev
);
523 if (method
== REQ_PASSKEY
)
524 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
525 hcon
->type
, hcon
->dst_type
);
526 else if (method
== JUST_CFM
)
527 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
528 hcon
->type
, hcon
->dst_type
,
531 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
532 hcon
->type
, hcon
->dst_type
,
535 hci_dev_unlock(hcon
->hdev
);
540 static u8
smp_confirm(struct smp_chan
*smp
)
542 struct l2cap_conn
*conn
= smp
->conn
;
543 struct smp_cmd_pairing_confirm cp
;
546 BT_DBG("conn %p", conn
);
548 ret
= smp_c1(smp
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
549 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
550 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
553 return SMP_UNSPECIFIED
;
555 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
557 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
560 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
562 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
567 static u8
smp_random(struct smp_chan
*smp
)
569 struct l2cap_conn
*conn
= smp
->conn
;
570 struct hci_conn
*hcon
= conn
->hcon
;
574 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
575 return SMP_UNSPECIFIED
;
577 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
579 ret
= smp_c1(smp
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
580 hcon
->init_addr_type
, &hcon
->init_addr
,
581 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
583 return SMP_UNSPECIFIED
;
585 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
586 BT_ERR("Pairing failed (confirmation values mismatch)");
587 return SMP_CONFIRM_FAILED
;
595 smp_s1(smp
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
597 memset(stk
+ smp
->enc_key_size
, 0,
598 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
600 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
601 return SMP_UNSPECIFIED
;
603 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
604 hcon
->enc_key_size
= smp
->enc_key_size
;
605 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
611 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
614 smp_s1(smp
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
616 memset(stk
+ smp
->enc_key_size
, 0,
617 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
619 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
624 /* Even though there's no _SLAVE suffix this is the
625 * slave STK we're adding for later lookup (the master
626 * STK never needs to be stored).
628 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
629 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
635 static void smp_notify_keys(struct l2cap_conn
*conn
)
637 struct l2cap_chan
*chan
= conn
->smp
;
638 struct smp_chan
*smp
= chan
->data
;
639 struct hci_conn
*hcon
= conn
->hcon
;
640 struct hci_dev
*hdev
= hcon
->hdev
;
641 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
642 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
645 if (smp
->remote_irk
) {
646 mgmt_new_irk(hdev
, smp
->remote_irk
);
647 /* Now that user space can be considered to know the
648 * identity address track the connection based on it
651 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
652 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
653 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
655 /* When receiving an indentity resolving key for
656 * a remote device that does not use a resolvable
657 * private address, just remove the key so that
658 * it is possible to use the controller white
661 * Userspace will have been told to not store
662 * this key at this point. So it is safe to
665 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
666 list_del(&smp
->remote_irk
->list
);
667 kfree(smp
->remote_irk
);
668 smp
->remote_irk
= NULL
;
672 /* The LTKs and CSRKs should be persistent only if both sides
673 * had the bonding bit set in their authentication requests.
675 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
678 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
679 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
680 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
683 if (smp
->slave_csrk
) {
684 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
685 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
686 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
690 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
691 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
692 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
695 if (smp
->slave_ltk
) {
696 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
697 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
698 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
702 static void smp_allow_key_dist(struct smp_chan
*smp
)
704 /* Allow the first expected phase 3 PDU. The rest of the PDUs
705 * will be allowed in each PDU handler to ensure we receive
706 * them in the correct order.
708 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
709 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
710 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
711 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
712 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
713 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
716 static void smp_distribute_keys(struct smp_chan
*smp
)
718 struct smp_cmd_pairing
*req
, *rsp
;
719 struct l2cap_conn
*conn
= smp
->conn
;
720 struct hci_conn
*hcon
= conn
->hcon
;
721 struct hci_dev
*hdev
= hcon
->hdev
;
724 BT_DBG("conn %p", conn
);
726 rsp
= (void *) &smp
->prsp
[1];
728 /* The responder sends its keys first */
729 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
730 smp_allow_key_dist(smp
);
734 req
= (void *) &smp
->preq
[1];
737 keydist
= &rsp
->init_key_dist
;
738 *keydist
&= req
->init_key_dist
;
740 keydist
= &rsp
->resp_key_dist
;
741 *keydist
&= req
->resp_key_dist
;
744 BT_DBG("keydist 0x%x", *keydist
);
746 if (*keydist
& SMP_DIST_ENC_KEY
) {
747 struct smp_cmd_encrypt_info enc
;
748 struct smp_cmd_master_ident ident
;
754 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
755 get_random_bytes(&ediv
, sizeof(ediv
));
756 get_random_bytes(&rand
, sizeof(rand
));
758 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
760 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
761 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
762 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
763 smp
->enc_key_size
, ediv
, rand
);
764 smp
->slave_ltk
= ltk
;
769 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
771 *keydist
&= ~SMP_DIST_ENC_KEY
;
774 if (*keydist
& SMP_DIST_ID_KEY
) {
775 struct smp_cmd_ident_addr_info addrinfo
;
776 struct smp_cmd_ident_info idinfo
;
778 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
780 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
782 /* The hci_conn contains the local identity address
783 * after the connection has been established.
785 * This is true even when the connection has been
786 * established using a resolvable random address.
788 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
789 addrinfo
.addr_type
= hcon
->src_type
;
791 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
794 *keydist
&= ~SMP_DIST_ID_KEY
;
797 if (*keydist
& SMP_DIST_SIGN
) {
798 struct smp_cmd_sign_info sign
;
799 struct smp_csrk
*csrk
;
801 /* Generate a new random key */
802 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
804 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
807 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
809 smp
->slave_csrk
= csrk
;
811 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
813 *keydist
&= ~SMP_DIST_SIGN
;
816 /* If there are still keys to be received wait for them */
817 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
818 smp_allow_key_dist(smp
);
822 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
823 smp_notify_keys(conn
);
825 smp_chan_destroy(conn
);
828 static void smp_timeout(struct work_struct
*work
)
830 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
831 security_timer
.work
);
832 struct l2cap_conn
*conn
= smp
->conn
;
834 BT_DBG("conn %p", conn
);
836 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
839 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
841 struct l2cap_chan
*chan
= conn
->smp
;
842 struct smp_chan
*smp
;
844 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
848 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
849 if (IS_ERR(smp
->tfm_aes
)) {
850 BT_ERR("Unable to create ECB crypto context");
858 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
860 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
862 hci_conn_hold(conn
->hcon
);
867 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
869 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
870 struct l2cap_chan
*chan
;
871 struct smp_chan
*smp
;
884 l2cap_chan_lock(chan
);
893 case MGMT_OP_USER_PASSKEY_REPLY
:
894 value
= le32_to_cpu(passkey
);
895 memset(smp
->tk
, 0, sizeof(smp
->tk
));
896 BT_DBG("PassKey: %d", value
);
897 put_unaligned_le32(value
, smp
->tk
);
899 case MGMT_OP_USER_CONFIRM_REPLY
:
900 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
902 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
903 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
904 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
908 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
915 /* If it is our turn to send Pairing Confirm, do so now */
916 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
917 u8 rsp
= smp_confirm(smp
);
919 smp_failure(conn
, rsp
);
923 l2cap_chan_unlock(chan
);
927 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
929 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
930 struct l2cap_chan
*chan
= conn
->smp
;
931 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
932 struct smp_chan
*smp
;
933 u8 key_size
, auth
, sec_level
;
936 BT_DBG("conn %p", conn
);
938 if (skb
->len
< sizeof(*req
))
939 return SMP_INVALID_PARAMS
;
941 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
942 return SMP_CMD_NOTSUPP
;
945 smp
= smp_chan_create(conn
);
950 return SMP_UNSPECIFIED
;
952 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
953 (req
->auth_req
& SMP_AUTH_BONDING
))
954 return SMP_PAIRING_NOTSUPP
;
956 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
958 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
959 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
960 skb_pull(skb
, sizeof(*req
));
962 /* We didn't start the pairing, so match remote */
963 auth
= req
->auth_req
;
965 sec_level
= authreq_to_seclevel(auth
);
966 if (sec_level
> conn
->hcon
->pending_sec_level
)
967 conn
->hcon
->pending_sec_level
= sec_level
;
969 /* If we need MITM check that it can be acheived */
970 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
973 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
975 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
976 return SMP_AUTH_REQUIREMENTS
;
979 build_pairing_cmd(conn
, req
, &rsp
, auth
);
981 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
982 if (check_enc_key_size(conn
, key_size
))
983 return SMP_ENC_KEY_SIZE
;
985 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
987 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
988 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
990 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
991 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
993 /* Request setup of TK */
994 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
996 return SMP_UNSPECIFIED
;
1001 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1003 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1004 struct l2cap_chan
*chan
= conn
->smp
;
1005 struct smp_chan
*smp
= chan
->data
;
1006 u8 key_size
, auth
= SMP_AUTH_NONE
;
1009 BT_DBG("conn %p", conn
);
1011 if (skb
->len
< sizeof(*rsp
))
1012 return SMP_INVALID_PARAMS
;
1014 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1015 return SMP_CMD_NOTSUPP
;
1017 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1019 skb_pull(skb
, sizeof(*rsp
));
1021 req
= (void *) &smp
->preq
[1];
1023 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1024 if (check_enc_key_size(conn
, key_size
))
1025 return SMP_ENC_KEY_SIZE
;
1027 /* If we need MITM check that it can be acheived */
1028 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1031 method
= get_auth_method(smp
, req
->io_capability
,
1032 rsp
->io_capability
);
1033 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1034 return SMP_AUTH_REQUIREMENTS
;
1037 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1039 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1040 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1042 /* Update remote key distribution in case the remote cleared
1043 * some bits that we had enabled in our request.
1045 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1047 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
1048 (rsp
->auth_req
& SMP_AUTH_BONDING
))
1049 auth
= SMP_AUTH_BONDING
;
1051 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
1053 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1055 return SMP_UNSPECIFIED
;
1057 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1059 /* Can't compose response until we have been confirmed */
1060 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1061 return smp_confirm(smp
);
1066 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1068 struct l2cap_chan
*chan
= conn
->smp
;
1069 struct smp_chan
*smp
= chan
->data
;
1071 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1073 if (skb
->len
< sizeof(smp
->pcnf
))
1074 return SMP_INVALID_PARAMS
;
1076 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1078 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1079 skb_pull(skb
, sizeof(smp
->pcnf
));
1081 if (conn
->hcon
->out
) {
1082 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1084 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1088 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1089 return smp_confirm(smp
);
1091 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1096 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1098 struct l2cap_chan
*chan
= conn
->smp
;
1099 struct smp_chan
*smp
= chan
->data
;
1101 BT_DBG("conn %p", conn
);
1103 if (skb
->len
< sizeof(smp
->rrnd
))
1104 return SMP_INVALID_PARAMS
;
1106 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1108 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1109 skb_pull(skb
, sizeof(smp
->rrnd
));
1111 return smp_random(smp
);
1114 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1116 struct smp_ltk
*key
;
1117 struct hci_conn
*hcon
= conn
->hcon
;
1119 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1124 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
1127 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1130 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1131 hcon
->enc_key_size
= key
->enc_size
;
1133 /* We never store STKs for master role, so clear this flag */
1134 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1139 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
1141 if (sec_level
== BT_SECURITY_LOW
)
1144 /* If we're encrypted with an STK always claim insufficient
1145 * security. This way we allow the connection to be re-encrypted
1146 * with an LTK, even if the LTK provides the same level of
1147 * security. Only exception is if we don't have an LTK (e.g.
1148 * because of key distribution bits).
1150 if (test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1151 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1155 if (hcon
->sec_level
>= sec_level
)
1161 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1163 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1164 struct smp_cmd_pairing cp
;
1165 struct hci_conn
*hcon
= conn
->hcon
;
1166 struct smp_chan
*smp
;
1169 BT_DBG("conn %p", conn
);
1171 if (skb
->len
< sizeof(*rp
))
1172 return SMP_INVALID_PARAMS
;
1174 if (hcon
->role
!= HCI_ROLE_MASTER
)
1175 return SMP_CMD_NOTSUPP
;
1177 sec_level
= authreq_to_seclevel(rp
->auth_req
);
1178 if (smp_sufficient_security(hcon
, sec_level
))
1181 if (sec_level
> hcon
->pending_sec_level
)
1182 hcon
->pending_sec_level
= sec_level
;
1184 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1187 smp
= smp_chan_create(conn
);
1189 return SMP_UNSPECIFIED
;
1191 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1192 (rp
->auth_req
& SMP_AUTH_BONDING
))
1193 return SMP_PAIRING_NOTSUPP
;
1195 skb_pull(skb
, sizeof(*rp
));
1197 memset(&cp
, 0, sizeof(cp
));
1198 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
1200 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1201 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1203 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1204 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1209 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1211 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1212 struct l2cap_chan
*chan
;
1213 struct smp_chan
*smp
;
1217 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1219 /* This may be NULL if there's an unexpected disconnection */
1225 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1228 if (smp_sufficient_security(hcon
, sec_level
))
1231 if (sec_level
> hcon
->pending_sec_level
)
1232 hcon
->pending_sec_level
= sec_level
;
1234 if (hcon
->role
== HCI_ROLE_MASTER
)
1235 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1238 l2cap_chan_lock(chan
);
1240 /* If SMP is already in progress ignore this request */
1246 smp
= smp_chan_create(conn
);
1252 authreq
= seclevel_to_authreq(sec_level
);
1254 /* Require MITM if IO Capability allows or the security level
1257 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1258 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1259 authreq
|= SMP_AUTH_MITM
;
1261 if (hcon
->role
== HCI_ROLE_MASTER
) {
1262 struct smp_cmd_pairing cp
;
1264 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1265 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1266 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1268 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1269 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1271 struct smp_cmd_security_req cp
;
1272 cp
.auth_req
= authreq
;
1273 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1274 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1277 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1281 l2cap_chan_unlock(chan
);
1285 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1287 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1288 struct l2cap_chan
*chan
= conn
->smp
;
1289 struct smp_chan
*smp
= chan
->data
;
1291 BT_DBG("conn %p", conn
);
1293 if (skb
->len
< sizeof(*rp
))
1294 return SMP_INVALID_PARAMS
;
1296 SMP_DISALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
1297 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1299 skb_pull(skb
, sizeof(*rp
));
1301 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1306 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1308 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1309 struct l2cap_chan
*chan
= conn
->smp
;
1310 struct smp_chan
*smp
= chan
->data
;
1311 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1312 struct hci_conn
*hcon
= conn
->hcon
;
1313 struct smp_ltk
*ltk
;
1316 BT_DBG("conn %p", conn
);
1318 if (skb
->len
< sizeof(*rp
))
1319 return SMP_INVALID_PARAMS
;
1321 /* Mark the information as received */
1322 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1324 SMP_DISALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1325 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1326 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1328 skb_pull(skb
, sizeof(*rp
));
1331 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1332 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1333 authenticated
, smp
->tk
, smp
->enc_key_size
,
1334 rp
->ediv
, rp
->rand
);
1336 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1337 smp_distribute_keys(smp
);
1338 hci_dev_unlock(hdev
);
1343 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1345 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1346 struct l2cap_chan
*chan
= conn
->smp
;
1347 struct smp_chan
*smp
= chan
->data
;
1351 if (skb
->len
< sizeof(*info
))
1352 return SMP_INVALID_PARAMS
;
1354 SMP_DISALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1355 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1357 skb_pull(skb
, sizeof(*info
));
1359 memcpy(smp
->irk
, info
->irk
, 16);
1364 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1365 struct sk_buff
*skb
)
1367 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1368 struct l2cap_chan
*chan
= conn
->smp
;
1369 struct smp_chan
*smp
= chan
->data
;
1370 struct hci_conn
*hcon
= conn
->hcon
;
1375 if (skb
->len
< sizeof(*info
))
1376 return SMP_INVALID_PARAMS
;
1378 /* Mark the information as received */
1379 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1381 SMP_DISALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1382 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1383 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1385 skb_pull(skb
, sizeof(*info
));
1387 hci_dev_lock(hcon
->hdev
);
1389 /* Strictly speaking the Core Specification (4.1) allows sending
1390 * an empty address which would force us to rely on just the IRK
1391 * as "identity information". However, since such
1392 * implementations are not known of and in order to not over
1393 * complicate our implementation, simply pretend that we never
1394 * received an IRK for such a device.
1396 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1397 BT_ERR("Ignoring IRK with no identity address");
1401 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1402 smp
->id_addr_type
= info
->addr_type
;
1404 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1405 bacpy(&rpa
, &hcon
->dst
);
1407 bacpy(&rpa
, BDADDR_ANY
);
1409 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1410 smp
->id_addr_type
, smp
->irk
, &rpa
);
1413 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1414 smp_distribute_keys(smp
);
1416 hci_dev_unlock(hcon
->hdev
);
1421 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1423 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1424 struct l2cap_chan
*chan
= conn
->smp
;
1425 struct smp_chan
*smp
= chan
->data
;
1426 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1427 struct smp_csrk
*csrk
;
1429 BT_DBG("conn %p", conn
);
1431 if (skb
->len
< sizeof(*rp
))
1432 return SMP_INVALID_PARAMS
;
1434 /* Mark the information as received */
1435 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1437 SMP_DISALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1439 skb_pull(skb
, sizeof(*rp
));
1442 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1444 csrk
->master
= 0x01;
1445 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1448 smp_distribute_keys(smp
);
1449 hci_dev_unlock(hdev
);
1454 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1456 struct l2cap_conn
*conn
= chan
->conn
;
1457 struct hci_conn
*hcon
= conn
->hcon
;
1458 struct smp_chan
*smp
;
1462 if (hcon
->type
!= LE_LINK
) {
1470 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1471 reason
= SMP_PAIRING_NOTSUPP
;
1475 code
= skb
->data
[0];
1476 skb_pull(skb
, sizeof(code
));
1480 if (code
> SMP_CMD_MAX
)
1483 if (smp
&& !test_bit(code
, &smp
->allow_cmd
))
1486 /* If we don't have a context the only allowed commands are
1487 * pairing request and security request.
1489 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1493 case SMP_CMD_PAIRING_REQ
:
1494 reason
= smp_cmd_pairing_req(conn
, skb
);
1497 case SMP_CMD_PAIRING_FAIL
:
1498 smp_failure(conn
, 0);
1502 case SMP_CMD_PAIRING_RSP
:
1503 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1506 case SMP_CMD_SECURITY_REQ
:
1507 reason
= smp_cmd_security_req(conn
, skb
);
1510 case SMP_CMD_PAIRING_CONFIRM
:
1511 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1514 case SMP_CMD_PAIRING_RANDOM
:
1515 reason
= smp_cmd_pairing_random(conn
, skb
);
1518 case SMP_CMD_ENCRYPT_INFO
:
1519 reason
= smp_cmd_encrypt_info(conn
, skb
);
1522 case SMP_CMD_MASTER_IDENT
:
1523 reason
= smp_cmd_master_ident(conn
, skb
);
1526 case SMP_CMD_IDENT_INFO
:
1527 reason
= smp_cmd_ident_info(conn
, skb
);
1530 case SMP_CMD_IDENT_ADDR_INFO
:
1531 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1534 case SMP_CMD_SIGN_INFO
:
1535 reason
= smp_cmd_sign_info(conn
, skb
);
1539 BT_DBG("Unknown command code 0x%2.2x", code
);
1540 reason
= SMP_CMD_NOTSUPP
;
1547 smp_failure(conn
, reason
);
1554 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1560 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1562 struct l2cap_conn
*conn
= chan
->conn
;
1564 BT_DBG("chan %p", chan
);
1567 smp_chan_destroy(conn
);
1570 l2cap_chan_put(chan
);
1573 static void smp_resume_cb(struct l2cap_chan
*chan
)
1575 struct smp_chan
*smp
= chan
->data
;
1576 struct l2cap_conn
*conn
= chan
->conn
;
1577 struct hci_conn
*hcon
= conn
->hcon
;
1579 BT_DBG("chan %p", chan
);
1584 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1587 cancel_delayed_work(&smp
->security_timer
);
1589 smp_distribute_keys(smp
);
1592 static void smp_ready_cb(struct l2cap_chan
*chan
)
1594 struct l2cap_conn
*conn
= chan
->conn
;
1596 BT_DBG("chan %p", chan
);
1599 l2cap_chan_hold(chan
);
1602 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1606 BT_DBG("chan %p", chan
);
1608 err
= smp_sig_channel(chan
, skb
);
1610 struct smp_chan
*smp
= chan
->data
;
1613 cancel_delayed_work_sync(&smp
->security_timer
);
1615 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1621 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1622 unsigned long hdr_len
,
1623 unsigned long len
, int nb
)
1625 struct sk_buff
*skb
;
1627 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1629 return ERR_PTR(-ENOMEM
);
1631 skb
->priority
= HCI_PRIO_MAX
;
1632 bt_cb(skb
)->chan
= chan
;
1637 static const struct l2cap_ops smp_chan_ops
= {
1638 .name
= "Security Manager",
1639 .ready
= smp_ready_cb
,
1640 .recv
= smp_recv_cb
,
1641 .alloc_skb
= smp_alloc_skb_cb
,
1642 .teardown
= smp_teardown_cb
,
1643 .resume
= smp_resume_cb
,
1645 .new_connection
= l2cap_chan_no_new_connection
,
1646 .state_change
= l2cap_chan_no_state_change
,
1647 .close
= l2cap_chan_no_close
,
1648 .defer
= l2cap_chan_no_defer
,
1649 .suspend
= l2cap_chan_no_suspend
,
1650 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1651 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1652 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1655 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1657 struct l2cap_chan
*chan
;
1659 BT_DBG("pchan %p", pchan
);
1661 chan
= l2cap_chan_create();
1665 chan
->chan_type
= pchan
->chan_type
;
1666 chan
->ops
= &smp_chan_ops
;
1667 chan
->scid
= pchan
->scid
;
1668 chan
->dcid
= chan
->scid
;
1669 chan
->imtu
= pchan
->imtu
;
1670 chan
->omtu
= pchan
->omtu
;
1671 chan
->mode
= pchan
->mode
;
1673 BT_DBG("created chan %p", chan
);
1678 static const struct l2cap_ops smp_root_chan_ops
= {
1679 .name
= "Security Manager Root",
1680 .new_connection
= smp_new_conn_cb
,
1682 /* None of these are implemented for the root channel */
1683 .close
= l2cap_chan_no_close
,
1684 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1685 .recv
= l2cap_chan_no_recv
,
1686 .state_change
= l2cap_chan_no_state_change
,
1687 .teardown
= l2cap_chan_no_teardown
,
1688 .ready
= l2cap_chan_no_ready
,
1689 .defer
= l2cap_chan_no_defer
,
1690 .suspend
= l2cap_chan_no_suspend
,
1691 .resume
= l2cap_chan_no_resume
,
1692 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1693 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1694 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1697 int smp_register(struct hci_dev
*hdev
)
1699 struct l2cap_chan
*chan
;
1700 struct crypto_blkcipher
*tfm_aes
;
1702 BT_DBG("%s", hdev
->name
);
1704 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1705 if (IS_ERR(tfm_aes
)) {
1706 int err
= PTR_ERR(tfm_aes
);
1707 BT_ERR("Unable to create crypto context");
1711 chan
= l2cap_chan_create();
1713 crypto_free_blkcipher(tfm_aes
);
1717 chan
->data
= tfm_aes
;
1719 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1721 l2cap_chan_set_defaults(chan
);
1723 bacpy(&chan
->src
, &hdev
->bdaddr
);
1724 chan
->src_type
= BDADDR_LE_PUBLIC
;
1725 chan
->state
= BT_LISTEN
;
1726 chan
->mode
= L2CAP_MODE_BASIC
;
1727 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1728 chan
->ops
= &smp_root_chan_ops
;
1730 hdev
->smp_data
= chan
;
1735 void smp_unregister(struct hci_dev
*hdev
)
1737 struct l2cap_chan
*chan
= hdev
->smp_data
;
1738 struct crypto_blkcipher
*tfm_aes
;
1743 BT_DBG("%s chan %p", hdev
->name
, chan
);
1745 tfm_aes
= chan
->data
;
1748 crypto_free_blkcipher(tfm_aes
);
1751 hdev
->smp_data
= NULL
;
1752 l2cap_chan_put(chan
);