2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn
*conn
;
46 u8 preq
[7]; /* SMP Pairing Request */
47 u8 prsp
[7]; /* SMP Pairing Response */
48 u8 prnd
[16]; /* SMP Pairing Random (local) */
49 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf
[16]; /* SMP Pairing Confirm */
51 u8 tk
[16]; /* SMP Temporary Key */
57 struct smp_csrk
*csrk
;
58 struct smp_csrk
*slave_csrk
;
60 struct smp_ltk
*slave_ltk
;
61 struct smp_irk
*remote_irk
;
65 static inline void swap128(const u8 src
[16], u8 dst
[16])
68 for (i
= 0; i
< 16; i
++)
72 static inline void swap56(const u8 src
[7], u8 dst
[7])
75 for (i
= 0; i
< 7; i
++)
79 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
81 struct blkcipher_desc desc
;
82 struct scatterlist sg
;
83 uint8_t tmp
[16], data
[16];
87 BT_ERR("tfm %p", tfm
);
94 /* The most significant octet of key corresponds to k[0] */
97 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
99 BT_ERR("cipher setkey failed: %d", err
);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg
, data
, 16);
108 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
110 BT_ERR("Encrypt data error %d", err
);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
123 /* r' = padding || r */
125 memset(_res
+ 3, 0, 13);
127 err
= smp_e(tfm
, irk
, _res
);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res
, _res
, 3);
144 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
152 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
156 return !memcmp(bdaddr
->b
, hash
, 3);
159 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
163 get_random_bytes(&rpa
->b
[3], 3);
165 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
166 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
168 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
172 BT_DBG("RPA %pMR", rpa
);
177 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
178 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
179 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1
+ 2, preq
, 7);
190 memcpy(p1
+ 9, pres
, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2
+ 6, ia
, 6);
195 memset(p2
+ 12, 0, 4);
198 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
200 /* res = e(k, res) */
201 err
= smp_e(tfm
, k
, res
);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
210 /* res = e(k, res) */
211 err
= smp_e(tfm
, k
, res
);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
219 u8 r2
[16], u8 _r
[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r
+ 8, r1
, 8);
227 err
= smp_e(tfm
, k
, _r
);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
235 u16 dlen
, void *data
)
238 struct l2cap_hdr
*lh
;
241 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
246 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
250 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
251 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
252 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
254 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
256 memcpy(skb_put(skb
, dlen
), data
, dlen
);
261 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
263 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
265 BT_DBG("code 0x%2.2x", code
);
270 skb
->priority
= HCI_PRIO_MAX
;
271 hci_send_acl(conn
->hchan
, skb
, 0);
273 cancel_delayed_work_sync(&conn
->security_timer
);
274 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
277 static __u8
authreq_to_seclevel(__u8 authreq
)
279 if (authreq
& SMP_AUTH_MITM
)
280 return BT_SECURITY_HIGH
;
282 return BT_SECURITY_MEDIUM
;
285 static __u8
seclevel_to_authreq(__u8 sec_level
)
288 case BT_SECURITY_HIGH
:
289 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
290 case BT_SECURITY_MEDIUM
:
291 return SMP_AUTH_BONDING
;
293 return SMP_AUTH_NONE
;
297 static void build_pairing_cmd(struct l2cap_conn
*conn
,
298 struct smp_cmd_pairing
*req
,
299 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
301 struct smp_chan
*smp
= conn
->smp_chan
;
302 struct hci_conn
*hcon
= conn
->hcon
;
303 struct hci_dev
*hdev
= hcon
->hdev
;
304 u8 local_dist
= 0, remote_dist
= 0;
306 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
307 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
308 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
309 authreq
|= SMP_AUTH_BONDING
;
311 authreq
&= ~SMP_AUTH_BONDING
;
314 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
315 remote_dist
|= SMP_DIST_ID_KEY
;
317 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
318 local_dist
|= SMP_DIST_ID_KEY
;
321 req
->io_capability
= conn
->hcon
->io_capability
;
322 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
323 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
324 req
->init_key_dist
= local_dist
;
325 req
->resp_key_dist
= remote_dist
;
326 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
328 smp
->remote_key_dist
= remote_dist
;
332 rsp
->io_capability
= conn
->hcon
->io_capability
;
333 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
334 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
335 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
336 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
337 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
339 smp
->remote_key_dist
= rsp
->init_key_dist
;
342 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
344 struct smp_chan
*smp
= conn
->smp_chan
;
346 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
347 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
348 return SMP_ENC_KEY_SIZE
;
350 smp
->enc_key_size
= max_key_size
;
355 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
357 struct hci_conn
*hcon
= conn
->hcon
;
360 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
363 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
364 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
365 HCI_ERROR_AUTH_FAILURE
);
367 cancel_delayed_work_sync(&conn
->security_timer
);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
370 smp_chan_destroy(conn
);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method
[5][5] = {
381 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
382 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
383 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
384 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
385 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
388 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
389 u8 local_io
, u8 remote_io
)
391 struct hci_conn
*hcon
= conn
->hcon
;
392 struct smp_chan
*smp
= conn
->smp_chan
;
397 /* Initialize key for JUST WORKS */
398 memset(smp
->tk
, 0, sizeof(smp
->tk
));
399 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth
& SMP_AUTH_MITM
) ||
407 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
408 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
411 method
= gen_method
[remote_io
][local_io
];
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
417 /* Don't confirm locally initiated pairing attempts */
418 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
421 /* If Just Works, Continue with Zero TK */
422 if (method
== JUST_WORKS
) {
423 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method
!= JUST_CFM
)
429 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
434 if (method
== OVERLAP
) {
435 if (hcon
->link_mode
& HCI_LM_MASTER
)
436 method
= CFM_PASSKEY
;
438 method
= REQ_PASSKEY
;
441 /* Generate random passkey. */
442 if (method
== CFM_PASSKEY
) {
443 memset(smp
->tk
, 0, sizeof(smp
->tk
));
444 get_random_bytes(&passkey
, sizeof(passkey
));
446 put_unaligned_le32(passkey
, smp
->tk
);
447 BT_DBG("PassKey: %d", passkey
);
448 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
451 hci_dev_lock(hcon
->hdev
);
453 if (method
== REQ_PASSKEY
)
454 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
455 hcon
->type
, hcon
->dst_type
);
456 else if (method
== JUST_CFM
)
457 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
458 hcon
->type
, hcon
->dst_type
,
461 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
462 hcon
->type
, hcon
->dst_type
,
465 hci_dev_unlock(hcon
->hdev
);
470 static u8
smp_confirm(struct smp_chan
*smp
)
472 struct l2cap_conn
*conn
= smp
->conn
;
473 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
474 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
475 struct smp_cmd_pairing_confirm cp
;
478 BT_DBG("conn %p", conn
);
480 /* Prevent mutual access to hdev->tfm_aes */
483 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
484 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
485 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
488 hci_dev_unlock(hdev
);
491 return SMP_UNSPECIFIED
;
493 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
495 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
500 static u8
smp_random(struct smp_chan
*smp
)
502 struct l2cap_conn
*conn
= smp
->conn
;
503 struct hci_conn
*hcon
= conn
->hcon
;
504 struct hci_dev
*hdev
= hcon
->hdev
;
505 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
509 if (IS_ERR_OR_NULL(tfm
))
510 return SMP_UNSPECIFIED
;
512 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
514 /* Prevent mutual access to hdev->tfm_aes */
517 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
518 hcon
->init_addr_type
, &hcon
->init_addr
,
519 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
521 hci_dev_unlock(hdev
);
524 return SMP_UNSPECIFIED
;
526 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
527 BT_ERR("Pairing failed (confirmation values mismatch)");
528 return SMP_CONFIRM_FAILED
;
536 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
538 memset(stk
+ smp
->enc_key_size
, 0,
539 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
541 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
542 return SMP_UNSPECIFIED
;
544 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
545 hcon
->enc_key_size
= smp
->enc_key_size
;
551 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
554 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
556 memset(stk
+ smp
->enc_key_size
, 0,
557 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
559 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
560 HCI_SMP_STK_SLAVE
, 0, stk
, smp
->enc_key_size
,
567 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
569 struct smp_chan
*smp
;
571 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
576 conn
->smp_chan
= smp
;
577 conn
->hcon
->smp_conn
= conn
;
579 hci_conn_hold(conn
->hcon
);
584 void smp_chan_destroy(struct l2cap_conn
*conn
)
586 struct smp_chan
*smp
= conn
->smp_chan
;
591 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
592 mgmt_smp_complete(conn
->hcon
, complete
);
595 kfree(smp
->slave_csrk
);
597 /* If pairing failed clean up any keys we might have */
600 list_del(&smp
->ltk
->list
);
604 if (smp
->slave_ltk
) {
605 list_del(&smp
->slave_ltk
->list
);
606 kfree(smp
->slave_ltk
);
609 if (smp
->remote_irk
) {
610 list_del(&smp
->remote_irk
->list
);
611 kfree(smp
->remote_irk
);
616 conn
->smp_chan
= NULL
;
617 conn
->hcon
->smp_conn
= NULL
;
618 hci_conn_drop(conn
->hcon
);
621 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
623 struct l2cap_conn
*conn
= hcon
->smp_conn
;
624 struct smp_chan
*smp
;
632 smp
= conn
->smp_chan
;
635 case MGMT_OP_USER_PASSKEY_REPLY
:
636 value
= le32_to_cpu(passkey
);
637 memset(smp
->tk
, 0, sizeof(smp
->tk
));
638 BT_DBG("PassKey: %d", value
);
639 put_unaligned_le32(value
, smp
->tk
);
641 case MGMT_OP_USER_CONFIRM_REPLY
:
642 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
644 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
645 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
646 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
649 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
653 /* If it is our turn to send Pairing Confirm, do so now */
654 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
655 u8 rsp
= smp_confirm(smp
);
657 smp_failure(conn
, rsp
);
663 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
665 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
666 struct smp_chan
*smp
;
670 BT_DBG("conn %p", conn
);
672 if (skb
->len
< sizeof(*req
))
673 return SMP_INVALID_PARAMS
;
675 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
676 return SMP_CMD_NOTSUPP
;
678 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
679 smp
= smp_chan_create(conn
);
681 smp
= conn
->smp_chan
;
684 return SMP_UNSPECIFIED
;
686 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
687 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
688 skb_pull(skb
, sizeof(*req
));
690 /* We didn't start the pairing, so match remote */
691 auth
= req
->auth_req
;
693 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
695 build_pairing_cmd(conn
, req
, &rsp
, auth
);
697 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
698 if (check_enc_key_size(conn
, key_size
))
699 return SMP_ENC_KEY_SIZE
;
701 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
703 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
704 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
706 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
708 /* Request setup of TK */
709 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
711 return SMP_UNSPECIFIED
;
713 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
718 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
720 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
721 struct smp_chan
*smp
= conn
->smp_chan
;
722 u8 key_size
, auth
= SMP_AUTH_NONE
;
725 BT_DBG("conn %p", conn
);
727 if (skb
->len
< sizeof(*rsp
))
728 return SMP_INVALID_PARAMS
;
730 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
731 return SMP_CMD_NOTSUPP
;
733 skb_pull(skb
, sizeof(*rsp
));
735 req
= (void *) &smp
->preq
[1];
737 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
738 if (check_enc_key_size(conn
, key_size
))
739 return SMP_ENC_KEY_SIZE
;
741 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
743 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
744 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
746 /* Update remote key distribution in case the remote cleared
747 * some bits that we had enabled in our request.
749 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
751 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
752 (rsp
->auth_req
& SMP_AUTH_BONDING
))
753 auth
= SMP_AUTH_BONDING
;
755 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
757 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
759 return SMP_UNSPECIFIED
;
761 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
763 /* Can't compose response until we have been confirmed */
764 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
765 return smp_confirm(smp
);
770 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
772 struct smp_chan
*smp
= conn
->smp_chan
;
774 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
776 if (skb
->len
< sizeof(smp
->pcnf
))
777 return SMP_INVALID_PARAMS
;
779 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
780 skb_pull(skb
, sizeof(smp
->pcnf
));
783 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
785 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
786 return smp_confirm(smp
);
788 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
793 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
795 struct smp_chan
*smp
= conn
->smp_chan
;
797 BT_DBG("conn %p", conn
);
799 if (skb
->len
< sizeof(smp
->rrnd
))
800 return SMP_INVALID_PARAMS
;
802 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
803 skb_pull(skb
, sizeof(smp
->rrnd
));
805 return smp_random(smp
);
808 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
811 struct hci_conn
*hcon
= conn
->hcon
;
813 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
818 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
821 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
824 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
825 hcon
->enc_key_size
= key
->enc_size
;
830 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
832 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
833 struct smp_cmd_pairing cp
;
834 struct hci_conn
*hcon
= conn
->hcon
;
835 struct smp_chan
*smp
;
837 BT_DBG("conn %p", conn
);
839 if (skb
->len
< sizeof(*rp
))
840 return SMP_INVALID_PARAMS
;
842 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
843 return SMP_CMD_NOTSUPP
;
845 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
847 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
850 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
853 smp
= smp_chan_create(conn
);
855 skb_pull(skb
, sizeof(*rp
));
857 memset(&cp
, 0, sizeof(cp
));
858 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
860 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
861 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
863 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
865 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
870 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
872 if (sec_level
== BT_SECURITY_LOW
)
875 if (hcon
->sec_level
>= sec_level
)
881 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
883 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
884 struct smp_chan
*smp
;
887 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
889 /* This may be NULL if there's an unexpected disconnection */
893 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
896 if (smp_sufficient_security(hcon
, sec_level
))
899 if (hcon
->link_mode
& HCI_LM_MASTER
)
900 if (smp_ltk_encrypt(conn
, sec_level
))
903 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
906 smp
= smp_chan_create(conn
);
910 authreq
= seclevel_to_authreq(sec_level
);
912 /* Require MITM if IO Capability allows or the security level
915 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
916 sec_level
> BT_SECURITY_MEDIUM
)
917 authreq
|= SMP_AUTH_MITM
;
919 if (hcon
->link_mode
& HCI_LM_MASTER
) {
920 struct smp_cmd_pairing cp
;
922 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
923 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
924 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
926 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
928 struct smp_cmd_security_req cp
;
929 cp
.auth_req
= authreq
;
930 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
933 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
936 hcon
->pending_sec_level
= sec_level
;
941 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
943 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
944 struct smp_chan
*smp
= conn
->smp_chan
;
946 BT_DBG("conn %p", conn
);
948 if (skb
->len
< sizeof(*rp
))
949 return SMP_INVALID_PARAMS
;
951 /* Ignore this PDU if it wasn't requested */
952 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
955 skb_pull(skb
, sizeof(*rp
));
957 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
962 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
964 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
965 struct smp_chan
*smp
= conn
->smp_chan
;
966 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
967 struct hci_conn
*hcon
= conn
->hcon
;
971 BT_DBG("conn %p", conn
);
973 if (skb
->len
< sizeof(*rp
))
974 return SMP_INVALID_PARAMS
;
976 /* Ignore this PDU if it wasn't requested */
977 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
980 /* Mark the information as received */
981 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
983 skb_pull(skb
, sizeof(*rp
));
986 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
987 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
,
988 authenticated
, smp
->tk
, smp
->enc_key_size
,
991 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
992 smp_distribute_keys(conn
);
993 hci_dev_unlock(hdev
);
998 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1000 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1001 struct smp_chan
*smp
= conn
->smp_chan
;
1005 if (skb
->len
< sizeof(*info
))
1006 return SMP_INVALID_PARAMS
;
1008 /* Ignore this PDU if it wasn't requested */
1009 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1012 skb_pull(skb
, sizeof(*info
));
1014 memcpy(smp
->irk
, info
->irk
, 16);
1019 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1020 struct sk_buff
*skb
)
1022 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1023 struct smp_chan
*smp
= conn
->smp_chan
;
1024 struct hci_conn
*hcon
= conn
->hcon
;
1029 if (skb
->len
< sizeof(*info
))
1030 return SMP_INVALID_PARAMS
;
1032 /* Ignore this PDU if it wasn't requested */
1033 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1036 /* Mark the information as received */
1037 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1039 skb_pull(skb
, sizeof(*info
));
1041 /* Strictly speaking the Core Specification (4.1) allows sending
1042 * an empty address which would force us to rely on just the IRK
1043 * as "identity information". However, since such
1044 * implementations are not known of and in order to not over
1045 * complicate our implementation, simply pretend that we never
1046 * received an IRK for such a device.
1048 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1049 BT_ERR("Ignoring IRK with no identity address");
1050 smp_distribute_keys(conn
);
1054 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1055 smp
->id_addr_type
= info
->addr_type
;
1057 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1058 bacpy(&rpa
, &hcon
->dst
);
1060 bacpy(&rpa
, BDADDR_ANY
);
1062 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1063 smp
->id_addr_type
, smp
->irk
, &rpa
);
1065 smp_distribute_keys(conn
);
1070 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1072 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1073 struct smp_chan
*smp
= conn
->smp_chan
;
1074 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1075 struct smp_csrk
*csrk
;
1077 BT_DBG("conn %p", conn
);
1079 if (skb
->len
< sizeof(*rp
))
1080 return SMP_INVALID_PARAMS
;
1082 /* Ignore this PDU if it wasn't requested */
1083 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1086 /* Mark the information as received */
1087 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1089 skb_pull(skb
, sizeof(*rp
));
1092 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1094 csrk
->master
= 0x01;
1095 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1098 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1099 smp_distribute_keys(conn
);
1100 hci_dev_unlock(hdev
);
1105 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1107 struct hci_conn
*hcon
= conn
->hcon
;
1111 if (hcon
->type
!= LE_LINK
) {
1121 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1123 reason
= SMP_PAIRING_NOTSUPP
;
1127 code
= skb
->data
[0];
1128 skb_pull(skb
, sizeof(code
));
1131 * The SMP context must be initialized for all other PDUs except
1132 * pairing and security requests. If we get any other PDU when
1133 * not initialized simply disconnect (done if this function
1134 * returns an error).
1136 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1138 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1144 case SMP_CMD_PAIRING_REQ
:
1145 reason
= smp_cmd_pairing_req(conn
, skb
);
1148 case SMP_CMD_PAIRING_FAIL
:
1149 smp_failure(conn
, 0);
1154 case SMP_CMD_PAIRING_RSP
:
1155 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1158 case SMP_CMD_SECURITY_REQ
:
1159 reason
= smp_cmd_security_req(conn
, skb
);
1162 case SMP_CMD_PAIRING_CONFIRM
:
1163 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1166 case SMP_CMD_PAIRING_RANDOM
:
1167 reason
= smp_cmd_pairing_random(conn
, skb
);
1170 case SMP_CMD_ENCRYPT_INFO
:
1171 reason
= smp_cmd_encrypt_info(conn
, skb
);
1174 case SMP_CMD_MASTER_IDENT
:
1175 reason
= smp_cmd_master_ident(conn
, skb
);
1178 case SMP_CMD_IDENT_INFO
:
1179 reason
= smp_cmd_ident_info(conn
, skb
);
1182 case SMP_CMD_IDENT_ADDR_INFO
:
1183 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1186 case SMP_CMD_SIGN_INFO
:
1187 reason
= smp_cmd_sign_info(conn
, skb
);
1191 BT_DBG("Unknown command code 0x%2.2x", code
);
1193 reason
= SMP_CMD_NOTSUPP
;
1200 smp_failure(conn
, reason
);
1206 static void smp_notify_keys(struct l2cap_conn
*conn
)
1208 struct smp_chan
*smp
= conn
->smp_chan
;
1209 struct hci_conn
*hcon
= conn
->hcon
;
1210 struct hci_dev
*hdev
= hcon
->hdev
;
1211 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1212 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1215 if (smp
->remote_irk
) {
1216 mgmt_new_irk(hdev
, smp
->remote_irk
);
1217 /* Now that user space can be considered to know the
1218 * identity address track the connection based on it
1221 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1222 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1223 l2cap_conn_update_id_addr(hcon
);
1226 /* The LTKs and CSRKs should be persistent only if both sides
1227 * had the bonding bit set in their authentication requests.
1229 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
1232 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1233 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1234 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1237 if (smp
->slave_csrk
) {
1238 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1239 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1240 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1244 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1245 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1246 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1249 if (smp
->slave_ltk
) {
1250 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1251 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1252 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1256 int smp_distribute_keys(struct l2cap_conn
*conn
)
1258 struct smp_cmd_pairing
*req
, *rsp
;
1259 struct smp_chan
*smp
= conn
->smp_chan
;
1260 struct hci_conn
*hcon
= conn
->hcon
;
1261 struct hci_dev
*hdev
= hcon
->hdev
;
1264 BT_DBG("conn %p", conn
);
1266 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1269 rsp
= (void *) &smp
->prsp
[1];
1271 /* The responder sends its keys first */
1272 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1275 req
= (void *) &smp
->preq
[1];
1278 keydist
= &rsp
->init_key_dist
;
1279 *keydist
&= req
->init_key_dist
;
1281 keydist
= &rsp
->resp_key_dist
;
1282 *keydist
&= req
->resp_key_dist
;
1285 BT_DBG("keydist 0x%x", *keydist
);
1287 if (*keydist
& SMP_DIST_ENC_KEY
) {
1288 struct smp_cmd_encrypt_info enc
;
1289 struct smp_cmd_master_ident ident
;
1290 struct smp_ltk
*ltk
;
1295 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1296 get_random_bytes(&ediv
, sizeof(ediv
));
1297 get_random_bytes(&rand
, sizeof(rand
));
1299 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1301 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1302 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1303 HCI_SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1304 smp
->enc_key_size
, ediv
, rand
);
1305 smp
->slave_ltk
= ltk
;
1310 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1312 *keydist
&= ~SMP_DIST_ENC_KEY
;
1315 if (*keydist
& SMP_DIST_ID_KEY
) {
1316 struct smp_cmd_ident_addr_info addrinfo
;
1317 struct smp_cmd_ident_info idinfo
;
1319 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1321 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1323 /* The hci_conn contains the local identity address
1324 * after the connection has been established.
1326 * This is true even when the connection has been
1327 * established using a resolvable random address.
1329 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1330 addrinfo
.addr_type
= hcon
->src_type
;
1332 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1335 *keydist
&= ~SMP_DIST_ID_KEY
;
1338 if (*keydist
& SMP_DIST_SIGN
) {
1339 struct smp_cmd_sign_info sign
;
1340 struct smp_csrk
*csrk
;
1342 /* Generate a new random key */
1343 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1345 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1347 csrk
->master
= 0x00;
1348 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1350 smp
->slave_csrk
= csrk
;
1352 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1354 *keydist
&= ~SMP_DIST_SIGN
;
1357 /* If there are still keys to be received wait for them */
1358 if ((smp
->remote_key_dist
& 0x07))
1361 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1362 cancel_delayed_work_sync(&conn
->security_timer
);
1363 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1364 smp_notify_keys(conn
);
1366 smp_chan_destroy(conn
);