projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
percpu-refcount: add helpers for ->percpu_count accesses
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
43
44 struct smp_chan {
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
52 u8 enc_key_size;
53 u8 remote_key_dist;
54 bdaddr_t id_addr;
55 u8 id_addr_type;
56 u8 irk[16];
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
59 struct smp_ltk *ltk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
62 unsigned long flags;
63 };
64
65 static inline void swap128(const u8 src[16], u8 dst[16])
66 {
67 int i;
68 for (i = 0; i < 16; i++)
69 dst[15 - i] = src[i];
70 }
71
72 static inline void swap56(const u8 src[7], u8 dst[7])
73 {
74 int i;
75 for (i = 0; i < 7; i++)
76 dst[6 - i] = src[i];
77 }
78
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
80 {
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
84 int err;
85
86 if (tfm == NULL) {
87 BT_ERR("tfm %p", tfm);
88 return -EINVAL;
89 }
90
91 desc.tfm = tfm;
92 desc.flags = 0;
93
94 /* The most significant octet of key corresponds to k[0] */
95 swap128(k, tmp);
96
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
98 if (err) {
99 BT_ERR("cipher setkey failed: %d", err);
100 return err;
101 }
102
103 /* Most significant octet of plaintextData corresponds to data[0] */
104 swap128(r, data);
105
106 sg_init_one(&sg, data, 16);
107
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
109 if (err)
110 BT_ERR("Encrypt data error %d", err);
111
112 /* Most significant octet of encryptedData corresponds to data[0] */
113 swap128(data, r);
114
115 return err;
116 }
117
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
119 {
120 u8 _res[16];
121 int err;
122
123 /* r' = padding || r */
124 memcpy(_res, r, 3);
125 memset(_res + 3, 0, 13);
126
127 err = smp_e(tfm, irk, _res);
128 if (err) {
129 BT_ERR("Encrypt error");
130 return err;
131 }
132
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
137 * result of ah.
138 */
139 memcpy(res, _res, 3);
140
141 return 0;
142 }
143
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
145 bdaddr_t *bdaddr)
146 {
147 u8 hash[3];
148 int err;
149
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
151
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
153 if (err)
154 return false;
155
156 return !memcmp(bdaddr->b, hash, 3);
157 }
158
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
160 {
161 int err;
162
163 get_random_bytes(&rpa->b[3], 3);
164
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
167
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
169 if (err < 0)
170 return err;
171
172 BT_DBG("RPA %pMR", rpa);
173
174 return 0;
175 }
176
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
180 {
181 u8 p1[16], p2[16];
182 int err;
183
184 memset(p1, 0, 16);
185
186 /* p1 = pres || preq || _rat || _iat */
187 p1[0] = _iat;
188 p1[1] = _rat;
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
191
192 /* p2 = padding || ia || ra */
193 memcpy(p2, ra, 6);
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
196
197 /* res = r XOR p1 */
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
199
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
202 if (err) {
203 BT_ERR("Encrypt data error");
204 return err;
205 }
206
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
209
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
212 if (err)
213 BT_ERR("Encrypt data error");
214
215 return err;
216 }
217
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
220 {
221 int err;
222
223 /* Just least significant octets from r1 and r2 are considered */
224 memcpy(_r, r2, 8);
225 memcpy(_r + 8, r1, 8);
226
227 err = smp_e(tfm, k, _r);
228 if (err)
229 BT_ERR("Encrypt data error");
230
231 return err;
232 }
233
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
236 {
237 struct sk_buff *skb;
238 struct l2cap_hdr *lh;
239 int len;
240
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
242
243 if (len > conn->mtu)
244 return NULL;
245
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
247 if (!skb)
248 return NULL;
249
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
253
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
255
256 memcpy(skb_put(skb, dlen), data, dlen);
257
258 return skb;
259 }
260
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
262 {
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
264
265 BT_DBG("code 0x%2.2x", code);
266
267 if (!skb)
268 return;
269
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
272
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
275 }
276
277 static __u8 authreq_to_seclevel(__u8 authreq)
278 {
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
281 else
282 return BT_SECURITY_MEDIUM;
283 }
284
285 static __u8 seclevel_to_authreq(__u8 sec_level)
286 {
287 switch (sec_level) {
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
292 default:
293 return SMP_AUTH_NONE;
294 }
295 }
296
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
300 {
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
305
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
310 } else {
311 authreq &= ~SMP_AUTH_BONDING;
312 }
313
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
316
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
319
320 if (rsp == NULL) {
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
327
328 smp->remote_key_dist = remote_dist;
329 return;
330 }
331
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
338
339 smp->remote_key_dist = rsp->init_key_dist;
340 }
341
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
343 {
344 struct smp_chan *smp = conn->smp_chan;
345
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
349
350 smp->enc_key_size = max_key_size;
351
352 return 0;
353 }
354
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
356 {
357 struct hci_conn *hcon = conn->hcon;
358
359 if (reason)
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
361 &reason);
362
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
366
367 cancel_delayed_work_sync(&conn->security_timer);
368
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
371 }
372
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
377 #define REQ_OOB 0x04
378 #define OVERLAP 0xFF
379
380 static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
386 };
387
388 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 u8 local_io, u8 remote_io)
390 {
391 struct hci_conn *hcon = conn->hcon;
392 struct smp_chan *smp = conn->smp_chan;
393 u8 method;
394 u32 passkey = 0;
395 int ret = 0;
396
397 /* Initialize key for JUST WORKS */
398 memset(smp->tk, 0, sizeof(smp->tk));
399 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
400
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
402
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth & SMP_AUTH_MITM) ||
407 local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 remote_io > SMP_IO_KEYBOARD_DISPLAY)
409 method = JUST_WORKS;
410 else
411 method = gen_method[remote_io][local_io];
412
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
415 method = JUST_WORKS;
416
417 /* Don't confirm locally initiated pairing attempts */
418 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
419 method = JUST_WORKS;
420
421 /* If Just Works, Continue with Zero TK */
422 if (method == JUST_WORKS) {
423 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
424 return 0;
425 }
426
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method != JUST_CFM)
429 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
430
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
433 */
434 if (method == OVERLAP) {
435 if (hcon->link_mode & HCI_LM_MASTER)
436 method = CFM_PASSKEY;
437 else
438 method = REQ_PASSKEY;
439 }
440
441 /* Generate random passkey. */
442 if (method == CFM_PASSKEY) {
443 memset(smp->tk, 0, sizeof(smp->tk));
444 get_random_bytes(&passkey, sizeof(passkey));
445 passkey %= 1000000;
446 put_unaligned_le32(passkey, smp->tk);
447 BT_DBG("PassKey: %d", passkey);
448 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
449 }
450
451 hci_dev_lock(hcon->hdev);
452
453 if (method == REQ_PASSKEY)
454 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 hcon->type, hcon->dst_type);
456 else if (method == JUST_CFM)
457 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 hcon->type, hcon->dst_type,
459 passkey, 1);
460 else
461 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type,
463 passkey, 0);
464
465 hci_dev_unlock(hcon->hdev);
466
467 return ret;
468 }
469
470 static u8 smp_confirm(struct smp_chan *smp)
471 {
472 struct l2cap_conn *conn = smp->conn;
473 struct hci_dev *hdev = conn->hcon->hdev;
474 struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 struct smp_cmd_pairing_confirm cp;
476 int ret;
477
478 BT_DBG("conn %p", conn);
479
480 /* Prevent mutual access to hdev->tfm_aes */
481 hci_dev_lock(hdev);
482
483 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
484 conn->hcon->init_addr_type, &conn->hcon->init_addr,
485 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
486 cp.confirm_val);
487
488 hci_dev_unlock(hdev);
489
490 if (ret)
491 return SMP_UNSPECIFIED;
492
493 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
494
495 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
496
497 return 0;
498 }
499
500 static u8 smp_random(struct smp_chan *smp)
501 {
502 struct l2cap_conn *conn = smp->conn;
503 struct hci_conn *hcon = conn->hcon;
504 struct hci_dev *hdev = hcon->hdev;
505 struct crypto_blkcipher *tfm = hdev->tfm_aes;
506 u8 confirm[16];
507 int ret;
508
509 if (IS_ERR_OR_NULL(tfm))
510 return SMP_UNSPECIFIED;
511
512 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
513
514 /* Prevent mutual access to hdev->tfm_aes */
515 hci_dev_lock(hdev);
516
517 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
518 hcon->init_addr_type, &hcon->init_addr,
519 hcon->resp_addr_type, &hcon->resp_addr, confirm);
520
521 hci_dev_unlock(hdev);
522
523 if (ret)
524 return SMP_UNSPECIFIED;
525
526 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
527 BT_ERR("Pairing failed (confirmation values mismatch)");
528 return SMP_CONFIRM_FAILED;
529 }
530
531 if (hcon->out) {
532 u8 stk[16];
533 __le64 rand = 0;
534 __le16 ediv = 0;
535
536 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
537
538 memset(stk + smp->enc_key_size, 0,
539 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
540
541 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
542 return SMP_UNSPECIFIED;
543
544 hci_le_start_enc(hcon, ediv, rand, stk);
545 hcon->enc_key_size = smp->enc_key_size;
546 } else {
547 u8 stk[16];
548 __le64 rand = 0;
549 __le16 ediv = 0;
550
551 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
552 smp->prnd);
553
554 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
555
556 memset(stk + smp->enc_key_size, 0,
557 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
558
559 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
560 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
561 ediv, rand);
562 }
563
564 return 0;
565 }
566
567 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
568 {
569 struct smp_chan *smp;
570
571 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
572 if (!smp)
573 return NULL;
574
575 smp->conn = conn;
576 conn->smp_chan = smp;
577 conn->hcon->smp_conn = conn;
578
579 hci_conn_hold(conn->hcon);
580
581 return smp;
582 }
583
584 void smp_chan_destroy(struct l2cap_conn *conn)
585 {
586 struct smp_chan *smp = conn->smp_chan;
587 bool complete;
588
589 BUG_ON(!smp);
590
591 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
592 mgmt_smp_complete(conn->hcon, complete);
593
594 kfree(smp->csrk);
595 kfree(smp->slave_csrk);
596
597 /* If pairing failed clean up any keys we might have */
598 if (!complete) {
599 if (smp->ltk) {
600 list_del(&smp->ltk->list);
601 kfree(smp->ltk);
602 }
603
604 if (smp->slave_ltk) {
605 list_del(&smp->slave_ltk->list);
606 kfree(smp->slave_ltk);
607 }
608
609 if (smp->remote_irk) {
610 list_del(&smp->remote_irk->list);
611 kfree(smp->remote_irk);
612 }
613 }
614
615 kfree(smp);
616 conn->smp_chan = NULL;
617 conn->hcon->smp_conn = NULL;
618 hci_conn_drop(conn->hcon);
619 }
620
621 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
622 {
623 struct l2cap_conn *conn = hcon->smp_conn;
624 struct smp_chan *smp;
625 u32 value;
626
627 BT_DBG("");
628
629 if (!conn)
630 return -ENOTCONN;
631
632 smp = conn->smp_chan;
633
634 switch (mgmt_op) {
635 case MGMT_OP_USER_PASSKEY_REPLY:
636 value = le32_to_cpu(passkey);
637 memset(smp->tk, 0, sizeof(smp->tk));
638 BT_DBG("PassKey: %d", value);
639 put_unaligned_le32(value, smp->tk);
640 /* Fall Through */
641 case MGMT_OP_USER_CONFIRM_REPLY:
642 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
643 break;
644 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
645 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
646 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
647 return 0;
648 default:
649 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
650 return -EOPNOTSUPP;
651 }
652
653 /* If it is our turn to send Pairing Confirm, do so now */
654 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
655 u8 rsp = smp_confirm(smp);
656 if (rsp)
657 smp_failure(conn, rsp);
658 }
659
660 return 0;
661 }
662
663 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
664 {
665 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
666 struct smp_chan *smp;
667 u8 key_size, auth;
668 int ret;
669
670 BT_DBG("conn %p", conn);
671
672 if (skb->len < sizeof(*req))
673 return SMP_INVALID_PARAMS;
674
675 if (conn->hcon->link_mode & HCI_LM_MASTER)
676 return SMP_CMD_NOTSUPP;
677
678 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
679 smp = smp_chan_create(conn);
680 else
681 smp = conn->smp_chan;
682
683 if (!smp)
684 return SMP_UNSPECIFIED;
685
686 smp->preq[0] = SMP_CMD_PAIRING_REQ;
687 memcpy(&smp->preq[1], req, sizeof(*req));
688 skb_pull(skb, sizeof(*req));
689
690 /* We didn't start the pairing, so match remote */
691 auth = req->auth_req;
692
693 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
694
695 build_pairing_cmd(conn, req, &rsp, auth);
696
697 key_size = min(req->max_key_size, rsp.max_key_size);
698 if (check_enc_key_size(conn, key_size))
699 return SMP_ENC_KEY_SIZE;
700
701 get_random_bytes(smp->prnd, sizeof(smp->prnd));
702
703 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
704 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
705
706 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
707
708 /* Request setup of TK */
709 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
710 if (ret)
711 return SMP_UNSPECIFIED;
712
713 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
714
715 return 0;
716 }
717
718 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
719 {
720 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
721 struct smp_chan *smp = conn->smp_chan;
722 u8 key_size, auth = SMP_AUTH_NONE;
723 int ret;
724
725 BT_DBG("conn %p", conn);
726
727 if (skb->len < sizeof(*rsp))
728 return SMP_INVALID_PARAMS;
729
730 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
731 return SMP_CMD_NOTSUPP;
732
733 skb_pull(skb, sizeof(*rsp));
734
735 req = (void *) &smp->preq[1];
736
737 key_size = min(req->max_key_size, rsp->max_key_size);
738 if (check_enc_key_size(conn, key_size))
739 return SMP_ENC_KEY_SIZE;
740
741 get_random_bytes(smp->prnd, sizeof(smp->prnd));
742
743 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
744 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
745
746 /* Update remote key distribution in case the remote cleared
747 * some bits that we had enabled in our request.
748 */
749 smp->remote_key_dist &= rsp->resp_key_dist;
750
751 if ((req->auth_req & SMP_AUTH_BONDING) &&
752 (rsp->auth_req & SMP_AUTH_BONDING))
753 auth = SMP_AUTH_BONDING;
754
755 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
756
757 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
758 if (ret)
759 return SMP_UNSPECIFIED;
760
761 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
762
763 /* Can't compose response until we have been confirmed */
764 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
765 return smp_confirm(smp);
766
767 return 0;
768 }
769
770 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
771 {
772 struct smp_chan *smp = conn->smp_chan;
773
774 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
775
776 if (skb->len < sizeof(smp->pcnf))
777 return SMP_INVALID_PARAMS;
778
779 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
780 skb_pull(skb, sizeof(smp->pcnf));
781
782 if (conn->hcon->out)
783 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
784 smp->prnd);
785 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
786 return smp_confirm(smp);
787 else
788 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
789
790 return 0;
791 }
792
793 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
794 {
795 struct smp_chan *smp = conn->smp_chan;
796
797 BT_DBG("conn %p", conn);
798
799 if (skb->len < sizeof(smp->rrnd))
800 return SMP_INVALID_PARAMS;
801
802 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
803 skb_pull(skb, sizeof(smp->rrnd));
804
805 return smp_random(smp);
806 }
807
808 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
809 {
810 struct smp_ltk *key;
811 struct hci_conn *hcon = conn->hcon;
812
813 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
814 hcon->out);
815 if (!key)
816 return 0;
817
818 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
819 return 0;
820
821 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
822 return 1;
823
824 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
825 hcon->enc_key_size = key->enc_size;
826
827 return 1;
828 }
829
830 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
831 {
832 struct smp_cmd_security_req *rp = (void *) skb->data;
833 struct smp_cmd_pairing cp;
834 struct hci_conn *hcon = conn->hcon;
835 struct smp_chan *smp;
836
837 BT_DBG("conn %p", conn);
838
839 if (skb->len < sizeof(*rp))
840 return SMP_INVALID_PARAMS;
841
842 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
843 return SMP_CMD_NOTSUPP;
844
845 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
846
847 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
848 return 0;
849
850 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
851 return 0;
852
853 smp = smp_chan_create(conn);
854
855 skb_pull(skb, sizeof(*rp));
856
857 memset(&cp, 0, sizeof(cp));
858 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
859
860 smp->preq[0] = SMP_CMD_PAIRING_REQ;
861 memcpy(&smp->preq[1], &cp, sizeof(cp));
862
863 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
864
865 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
866
867 return 0;
868 }
869
870 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
871 {
872 if (sec_level == BT_SECURITY_LOW)
873 return true;
874
875 if (hcon->sec_level >= sec_level)
876 return true;
877
878 return false;
879 }
880
881 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
882 {
883 struct l2cap_conn *conn = hcon->l2cap_data;
884 struct smp_chan *smp;
885 __u8 authreq;
886
887 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
888
889 /* This may be NULL if there's an unexpected disconnection */
890 if (!conn)
891 return 1;
892
893 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
894 return 1;
895
896 if (smp_sufficient_security(hcon, sec_level))
897 return 1;
898
899 if (hcon->link_mode & HCI_LM_MASTER)
900 if (smp_ltk_encrypt(conn, sec_level))
901 goto done;
902
903 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
904 return 0;
905
906 smp = smp_chan_create(conn);
907 if (!smp)
908 return 1;
909
910 authreq = seclevel_to_authreq(sec_level);
911
912 /* Require MITM if IO Capability allows or the security level
913 * requires it.
914 */
915 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
916 sec_level > BT_SECURITY_MEDIUM)
917 authreq |= SMP_AUTH_MITM;
918
919 if (hcon->link_mode & HCI_LM_MASTER) {
920 struct smp_cmd_pairing cp;
921
922 build_pairing_cmd(conn, &cp, NULL, authreq);
923 smp->preq[0] = SMP_CMD_PAIRING_REQ;
924 memcpy(&smp->preq[1], &cp, sizeof(cp));
925
926 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
927 } else {
928 struct smp_cmd_security_req cp;
929 cp.auth_req = authreq;
930 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
931 }
932
933 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
934
935 done:
936 hcon->pending_sec_level = sec_level;
937
938 return 0;
939 }
940
941 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
942 {
943 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
944 struct smp_chan *smp = conn->smp_chan;
945
946 BT_DBG("conn %p", conn);
947
948 if (skb->len < sizeof(*rp))
949 return SMP_INVALID_PARAMS;
950
951 /* Ignore this PDU if it wasn't requested */
952 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
953 return 0;
954
955 skb_pull(skb, sizeof(*rp));
956
957 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
958
959 return 0;
960 }
961
962 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
963 {
964 struct smp_cmd_master_ident *rp = (void *) skb->data;
965 struct smp_chan *smp = conn->smp_chan;
966 struct hci_dev *hdev = conn->hcon->hdev;
967 struct hci_conn *hcon = conn->hcon;
968 struct smp_ltk *ltk;
969 u8 authenticated;
970
971 BT_DBG("conn %p", conn);
972
973 if (skb->len < sizeof(*rp))
974 return SMP_INVALID_PARAMS;
975
976 /* Ignore this PDU if it wasn't requested */
977 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
978 return 0;
979
980 /* Mark the information as received */
981 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
982
983 skb_pull(skb, sizeof(*rp));
984
985 hci_dev_lock(hdev);
986 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
987 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
988 authenticated, smp->tk, smp->enc_key_size,
989 rp->ediv, rp->rand);
990 smp->ltk = ltk;
991 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
992 smp_distribute_keys(conn);
993 hci_dev_unlock(hdev);
994
995 return 0;
996 }
997
998 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
999 {
1000 struct smp_cmd_ident_info *info = (void *) skb->data;
1001 struct smp_chan *smp = conn->smp_chan;
1002
1003 BT_DBG("");
1004
1005 if (skb->len < sizeof(*info))
1006 return SMP_INVALID_PARAMS;
1007
1008 /* Ignore this PDU if it wasn't requested */
1009 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1010 return 0;
1011
1012 skb_pull(skb, sizeof(*info));
1013
1014 memcpy(smp->irk, info->irk, 16);
1015
1016 return 0;
1017 }
1018
1019 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1020 struct sk_buff *skb)
1021 {
1022 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1023 struct smp_chan *smp = conn->smp_chan;
1024 struct hci_conn *hcon = conn->hcon;
1025 bdaddr_t rpa;
1026
1027 BT_DBG("");
1028
1029 if (skb->len < sizeof(*info))
1030 return SMP_INVALID_PARAMS;
1031
1032 /* Ignore this PDU if it wasn't requested */
1033 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1034 return 0;
1035
1036 /* Mark the information as received */
1037 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1038
1039 skb_pull(skb, sizeof(*info));
1040
1041 /* Strictly speaking the Core Specification (4.1) allows sending
1042 * an empty address which would force us to rely on just the IRK
1043 * as "identity information". However, since such
1044 * implementations are not known of and in order to not over
1045 * complicate our implementation, simply pretend that we never
1046 * received an IRK for such a device.
1047 */
1048 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1049 BT_ERR("Ignoring IRK with no identity address");
1050 smp_distribute_keys(conn);
1051 return 0;
1052 }
1053
1054 bacpy(&smp->id_addr, &info->bdaddr);
1055 smp->id_addr_type = info->addr_type;
1056
1057 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1058 bacpy(&rpa, &hcon->dst);
1059 else
1060 bacpy(&rpa, BDADDR_ANY);
1061
1062 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1063 smp->id_addr_type, smp->irk, &rpa);
1064
1065 smp_distribute_keys(conn);
1066
1067 return 0;
1068 }
1069
1070 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1071 {
1072 struct smp_cmd_sign_info *rp = (void *) skb->data;
1073 struct smp_chan *smp = conn->smp_chan;
1074 struct hci_dev *hdev = conn->hcon->hdev;
1075 struct smp_csrk *csrk;
1076
1077 BT_DBG("conn %p", conn);
1078
1079 if (skb->len < sizeof(*rp))
1080 return SMP_INVALID_PARAMS;
1081
1082 /* Ignore this PDU if it wasn't requested */
1083 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1084 return 0;
1085
1086 /* Mark the information as received */
1087 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1088
1089 skb_pull(skb, sizeof(*rp));
1090
1091 hci_dev_lock(hdev);
1092 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1093 if (csrk) {
1094 csrk->master = 0x01;
1095 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1096 }
1097 smp->csrk = csrk;
1098 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1099 smp_distribute_keys(conn);
1100 hci_dev_unlock(hdev);
1101
1102 return 0;
1103 }
1104
1105 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1106 {
1107 struct hci_conn *hcon = conn->hcon;
1108 __u8 code, reason;
1109 int err = 0;
1110
1111 if (hcon->type != LE_LINK) {
1112 kfree_skb(skb);
1113 return 0;
1114 }
1115
1116 if (skb->len < 1) {
1117 kfree_skb(skb);
1118 return -EILSEQ;
1119 }
1120
1121 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1122 err = -ENOTSUPP;
1123 reason = SMP_PAIRING_NOTSUPP;
1124 goto done;
1125 }
1126
1127 code = skb->data[0];
1128 skb_pull(skb, sizeof(code));
1129
1130 /*
1131 * The SMP context must be initialized for all other PDUs except
1132 * pairing and security requests. If we get any other PDU when
1133 * not initialized simply disconnect (done if this function
1134 * returns an error).
1135 */
1136 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1137 !conn->smp_chan) {
1138 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1139 kfree_skb(skb);
1140 return -ENOTSUPP;
1141 }
1142
1143 switch (code) {
1144 case SMP_CMD_PAIRING_REQ:
1145 reason = smp_cmd_pairing_req(conn, skb);
1146 break;
1147
1148 case SMP_CMD_PAIRING_FAIL:
1149 smp_failure(conn, 0);
1150 reason = 0;
1151 err = -EPERM;
1152 break;
1153
1154 case SMP_CMD_PAIRING_RSP:
1155 reason = smp_cmd_pairing_rsp(conn, skb);
1156 break;
1157
1158 case SMP_CMD_SECURITY_REQ:
1159 reason = smp_cmd_security_req(conn, skb);
1160 break;
1161
1162 case SMP_CMD_PAIRING_CONFIRM:
1163 reason = smp_cmd_pairing_confirm(conn, skb);
1164 break;
1165
1166 case SMP_CMD_PAIRING_RANDOM:
1167 reason = smp_cmd_pairing_random(conn, skb);
1168 break;
1169
1170 case SMP_CMD_ENCRYPT_INFO:
1171 reason = smp_cmd_encrypt_info(conn, skb);
1172 break;
1173
1174 case SMP_CMD_MASTER_IDENT:
1175 reason = smp_cmd_master_ident(conn, skb);
1176 break;
1177
1178 case SMP_CMD_IDENT_INFO:
1179 reason = smp_cmd_ident_info(conn, skb);
1180 break;
1181
1182 case SMP_CMD_IDENT_ADDR_INFO:
1183 reason = smp_cmd_ident_addr_info(conn, skb);
1184 break;
1185
1186 case SMP_CMD_SIGN_INFO:
1187 reason = smp_cmd_sign_info(conn, skb);
1188 break;
1189
1190 default:
1191 BT_DBG("Unknown command code 0x%2.2x", code);
1192
1193 reason = SMP_CMD_NOTSUPP;
1194 err = -EOPNOTSUPP;
1195 goto done;
1196 }
1197
1198 done:
1199 if (reason)
1200 smp_failure(conn, reason);
1201
1202 kfree_skb(skb);
1203 return err;
1204 }
1205
1206 static void smp_notify_keys(struct l2cap_conn *conn)
1207 {
1208 struct smp_chan *smp = conn->smp_chan;
1209 struct hci_conn *hcon = conn->hcon;
1210 struct hci_dev *hdev = hcon->hdev;
1211 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1212 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1213 bool persistent;
1214
1215 if (smp->remote_irk) {
1216 mgmt_new_irk(hdev, smp->remote_irk);
1217 /* Now that user space can be considered to know the
1218 * identity address track the connection based on it
1219 * from now on.
1220 */
1221 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1222 hcon->dst_type = smp->remote_irk->addr_type;
1223 l2cap_conn_update_id_addr(hcon);
1224 }
1225
1226 /* The LTKs and CSRKs should be persistent only if both sides
1227 * had the bonding bit set in their authentication requests.
1228 */
1229 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1230
1231 if (smp->csrk) {
1232 smp->csrk->bdaddr_type = hcon->dst_type;
1233 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1234 mgmt_new_csrk(hdev, smp->csrk, persistent);
1235 }
1236
1237 if (smp->slave_csrk) {
1238 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1239 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1240 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1241 }
1242
1243 if (smp->ltk) {
1244 smp->ltk->bdaddr_type = hcon->dst_type;
1245 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1246 mgmt_new_ltk(hdev, smp->ltk, persistent);
1247 }
1248
1249 if (smp->slave_ltk) {
1250 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1251 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1252 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1253 }
1254 }
1255
1256 int smp_distribute_keys(struct l2cap_conn *conn)
1257 {
1258 struct smp_cmd_pairing *req, *rsp;
1259 struct smp_chan *smp = conn->smp_chan;
1260 struct hci_conn *hcon = conn->hcon;
1261 struct hci_dev *hdev = hcon->hdev;
1262 __u8 *keydist;
1263
1264 BT_DBG("conn %p", conn);
1265
1266 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1267 return 0;
1268
1269 rsp = (void *) &smp->prsp[1];
1270
1271 /* The responder sends its keys first */
1272 if (hcon->out && (smp->remote_key_dist & 0x07))
1273 return 0;
1274
1275 req = (void *) &smp->preq[1];
1276
1277 if (hcon->out) {
1278 keydist = &rsp->init_key_dist;
1279 *keydist &= req->init_key_dist;
1280 } else {
1281 keydist = &rsp->resp_key_dist;
1282 *keydist &= req->resp_key_dist;
1283 }
1284
1285 BT_DBG("keydist 0x%x", *keydist);
1286
1287 if (*keydist & SMP_DIST_ENC_KEY) {
1288 struct smp_cmd_encrypt_info enc;
1289 struct smp_cmd_master_ident ident;
1290 struct smp_ltk *ltk;
1291 u8 authenticated;
1292 __le16 ediv;
1293 __le64 rand;
1294
1295 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1296 get_random_bytes(&ediv, sizeof(ediv));
1297 get_random_bytes(&rand, sizeof(rand));
1298
1299 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1300
1301 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1302 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1303 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1304 smp->enc_key_size, ediv, rand);
1305 smp->slave_ltk = ltk;
1306
1307 ident.ediv = ediv;
1308 ident.rand = rand;
1309
1310 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1311
1312 *keydist &= ~SMP_DIST_ENC_KEY;
1313 }
1314
1315 if (*keydist & SMP_DIST_ID_KEY) {
1316 struct smp_cmd_ident_addr_info addrinfo;
1317 struct smp_cmd_ident_info idinfo;
1318
1319 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1320
1321 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1322
1323 /* The hci_conn contains the local identity address
1324 * after the connection has been established.
1325 *
1326 * This is true even when the connection has been
1327 * established using a resolvable random address.
1328 */
1329 bacpy(&addrinfo.bdaddr, &hcon->src);
1330 addrinfo.addr_type = hcon->src_type;
1331
1332 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1333 &addrinfo);
1334
1335 *keydist &= ~SMP_DIST_ID_KEY;
1336 }
1337
1338 if (*keydist & SMP_DIST_SIGN) {
1339 struct smp_cmd_sign_info sign;
1340 struct smp_csrk *csrk;
1341
1342 /* Generate a new random key */
1343 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1344
1345 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1346 if (csrk) {
1347 csrk->master = 0x00;
1348 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1349 }
1350 smp->slave_csrk = csrk;
1351
1352 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1353
1354 *keydist &= ~SMP_DIST_SIGN;
1355 }
1356
1357 /* If there are still keys to be received wait for them */
1358 if ((smp->remote_key_dist & 0x07))
1359 return 0;
1360
1361 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1362 cancel_delayed_work_sync(&conn->security_timer);
1363 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1364 smp_notify_keys(conn);
1365
1366 smp_chan_destroy(conn);
1367
1368 return 0;
1369 }
Linux kernel - Deliverables
This page took 0.059432 seconds and 5 git commands to generate.