projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix locking of the SMP context
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 struct delayed_work security_timer;
49
50 u8 preq[7]; /* SMP Pairing Request */
51 u8 prsp[7]; /* SMP Pairing Response */
52 u8 prnd[16]; /* SMP Pairing Random (local) */
53 u8 rrnd[16]; /* SMP Pairing Random (remote) */
54 u8 pcnf[16]; /* SMP Pairing Confirm */
55 u8 tk[16]; /* SMP Temporary Key */
56 u8 enc_key_size;
57 u8 remote_key_dist;
58 bdaddr_t id_addr;
59 u8 id_addr_type;
60 u8 irk[16];
61 struct smp_csrk *csrk;
62 struct smp_csrk *slave_csrk;
63 struct smp_ltk *ltk;
64 struct smp_ltk *slave_ltk;
65 struct smp_irk *remote_irk;
66 unsigned long flags;
67
68 struct crypto_blkcipher *tfm_aes;
69 };
70
71 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
72 {
73 size_t i;
74
75 for (i = 0; i < len; i++)
76 dst[len - 1 - i] = src[i];
77 }
78
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
80 {
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
84 int err;
85
86 if (tfm == NULL) {
87 BT_ERR("tfm %p", tfm);
88 return -EINVAL;
89 }
90
91 desc.tfm = tfm;
92 desc.flags = 0;
93
94 /* The most significant octet of key corresponds to k[0] */
95 swap_buf(k, tmp, 16);
96
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
98 if (err) {
99 BT_ERR("cipher setkey failed: %d", err);
100 return err;
101 }
102
103 /* Most significant octet of plaintextData corresponds to data[0] */
104 swap_buf(r, data, 16);
105
106 sg_init_one(&sg, data, 16);
107
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
109 if (err)
110 BT_ERR("Encrypt data error %d", err);
111
112 /* Most significant octet of encryptedData corresponds to data[0] */
113 swap_buf(data, r, 16);
114
115 return err;
116 }
117
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
119 {
120 u8 _res[16];
121 int err;
122
123 /* r' = padding || r */
124 memcpy(_res, r, 3);
125 memset(_res + 3, 0, 13);
126
127 err = smp_e(tfm, irk, _res);
128 if (err) {
129 BT_ERR("Encrypt error");
130 return err;
131 }
132
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
137 * result of ah.
138 */
139 memcpy(res, _res, 3);
140
141 return 0;
142 }
143
144 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
145 {
146 struct l2cap_chan *chan = hdev->smp_data;
147 struct crypto_blkcipher *tfm;
148 u8 hash[3];
149 int err;
150
151 if (!chan || !chan->data)
152 return false;
153
154 tfm = chan->data;
155
156 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
157
158 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
159 if (err)
160 return false;
161
162 return !memcmp(bdaddr->b, hash, 3);
163 }
164
165 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
166 {
167 struct l2cap_chan *chan = hdev->smp_data;
168 struct crypto_blkcipher *tfm;
169 int err;
170
171 if (!chan || !chan->data)
172 return -EOPNOTSUPP;
173
174 tfm = chan->data;
175
176 get_random_bytes(&rpa->b[3], 3);
177
178 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
179 rpa->b[5] |= 0x40; /* Set second most significant bit */
180
181 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
182 if (err < 0)
183 return err;
184
185 BT_DBG("RPA %pMR", rpa);
186
187 return 0;
188 }
189
190 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
191 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
192 u8 res[16])
193 {
194 struct hci_dev *hdev = smp->conn->hcon->hdev;
195 u8 p1[16], p2[16];
196 int err;
197
198 BT_DBG("%s", hdev->name);
199
200 memset(p1, 0, 16);
201
202 /* p1 = pres || preq || _rat || _iat */
203 p1[0] = _iat;
204 p1[1] = _rat;
205 memcpy(p1 + 2, preq, 7);
206 memcpy(p1 + 9, pres, 7);
207
208 /* p2 = padding || ia || ra */
209 memcpy(p2, ra, 6);
210 memcpy(p2 + 6, ia, 6);
211 memset(p2 + 12, 0, 4);
212
213 /* res = r XOR p1 */
214 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
215
216 /* res = e(k, res) */
217 err = smp_e(smp->tfm_aes, k, res);
218 if (err) {
219 BT_ERR("Encrypt data error");
220 return err;
221 }
222
223 /* res = res XOR p2 */
224 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
225
226 /* res = e(k, res) */
227 err = smp_e(smp->tfm_aes, k, res);
228 if (err)
229 BT_ERR("Encrypt data error");
230
231 return err;
232 }
233
234 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
235 u8 _r[16])
236 {
237 struct hci_dev *hdev = smp->conn->hcon->hdev;
238 int err;
239
240 BT_DBG("%s", hdev->name);
241
242 /* Just least significant octets from r1 and r2 are considered */
243 memcpy(_r, r2, 8);
244 memcpy(_r + 8, r1, 8);
245
246 err = smp_e(smp->tfm_aes, k, _r);
247 if (err)
248 BT_ERR("Encrypt data error");
249
250 return err;
251 }
252
253 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
254 {
255 struct l2cap_chan *chan = conn->smp;
256 struct smp_chan *smp;
257 struct kvec iv[2];
258 struct msghdr msg;
259
260 if (!chan)
261 return;
262
263 BT_DBG("code 0x%2.2x", code);
264
265 iv[0].iov_base = &code;
266 iv[0].iov_len = 1;
267
268 iv[1].iov_base = data;
269 iv[1].iov_len = len;
270
271 memset(&msg, 0, sizeof(msg));
272
273 msg.msg_iov = (struct iovec *) &iv;
274 msg.msg_iovlen = 2;
275
276 l2cap_chan_send(chan, &msg, 1 + len);
277
278 if (!chan->data)
279 return;
280
281 smp = chan->data;
282
283 cancel_delayed_work_sync(&smp->security_timer);
284 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
285 }
286
287 static __u8 authreq_to_seclevel(__u8 authreq)
288 {
289 if (authreq & SMP_AUTH_MITM)
290 return BT_SECURITY_HIGH;
291 else
292 return BT_SECURITY_MEDIUM;
293 }
294
295 static __u8 seclevel_to_authreq(__u8 sec_level)
296 {
297 switch (sec_level) {
298 case BT_SECURITY_HIGH:
299 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
300 case BT_SECURITY_MEDIUM:
301 return SMP_AUTH_BONDING;
302 default:
303 return SMP_AUTH_NONE;
304 }
305 }
306
307 static void build_pairing_cmd(struct l2cap_conn *conn,
308 struct smp_cmd_pairing *req,
309 struct smp_cmd_pairing *rsp, __u8 authreq)
310 {
311 struct l2cap_chan *chan = conn->smp;
312 struct smp_chan *smp = chan->data;
313 struct hci_conn *hcon = conn->hcon;
314 struct hci_dev *hdev = hcon->hdev;
315 u8 local_dist = 0, remote_dist = 0;
316
317 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
318 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
319 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
320 authreq |= SMP_AUTH_BONDING;
321 } else {
322 authreq &= ~SMP_AUTH_BONDING;
323 }
324
325 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
326 remote_dist |= SMP_DIST_ID_KEY;
327
328 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
329 local_dist |= SMP_DIST_ID_KEY;
330
331 if (rsp == NULL) {
332 req->io_capability = conn->hcon->io_capability;
333 req->oob_flag = SMP_OOB_NOT_PRESENT;
334 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 req->init_key_dist = local_dist;
336 req->resp_key_dist = remote_dist;
337 req->auth_req = (authreq & AUTH_REQ_MASK);
338
339 smp->remote_key_dist = remote_dist;
340 return;
341 }
342
343 rsp->io_capability = conn->hcon->io_capability;
344 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
345 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
346 rsp->init_key_dist = req->init_key_dist & remote_dist;
347 rsp->resp_key_dist = req->resp_key_dist & local_dist;
348 rsp->auth_req = (authreq & AUTH_REQ_MASK);
349
350 smp->remote_key_dist = rsp->init_key_dist;
351 }
352
353 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
354 {
355 struct l2cap_chan *chan = conn->smp;
356 struct smp_chan *smp = chan->data;
357
358 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
359 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
360 return SMP_ENC_KEY_SIZE;
361
362 smp->enc_key_size = max_key_size;
363
364 return 0;
365 }
366
367 static void smp_chan_destroy(struct l2cap_conn *conn)
368 {
369 struct l2cap_chan *chan = conn->smp;
370 struct smp_chan *smp = chan->data;
371 bool complete;
372
373 BUG_ON(!smp);
374
375 cancel_delayed_work_sync(&smp->security_timer);
376
377 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
378 mgmt_smp_complete(conn->hcon, complete);
379
380 kfree(smp->csrk);
381 kfree(smp->slave_csrk);
382
383 crypto_free_blkcipher(smp->tfm_aes);
384
385 /* If pairing failed clean up any keys we might have */
386 if (!complete) {
387 if (smp->ltk) {
388 list_del(&smp->ltk->list);
389 kfree(smp->ltk);
390 }
391
392 if (smp->slave_ltk) {
393 list_del(&smp->slave_ltk->list);
394 kfree(smp->slave_ltk);
395 }
396
397 if (smp->remote_irk) {
398 list_del(&smp->remote_irk->list);
399 kfree(smp->remote_irk);
400 }
401 }
402
403 chan->data = NULL;
404 kfree(smp);
405 hci_conn_drop(conn->hcon);
406 }
407
408 static void smp_failure(struct l2cap_conn *conn, u8 reason)
409 {
410 struct hci_conn *hcon = conn->hcon;
411 struct l2cap_chan *chan = conn->smp;
412
413 if (reason)
414 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
415 &reason);
416
417 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
418 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
419 HCI_ERROR_AUTH_FAILURE);
420
421 if (chan->data)
422 smp_chan_destroy(conn);
423 }
424
425 #define JUST_WORKS 0x00
426 #define JUST_CFM 0x01
427 #define REQ_PASSKEY 0x02
428 #define CFM_PASSKEY 0x03
429 #define REQ_OOB 0x04
430 #define OVERLAP 0xFF
431
432 static const u8 gen_method[5][5] = {
433 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
434 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
435 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
436 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
437 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
438 };
439
440 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
441 {
442 /* If either side has unknown io_caps, use JUST_CFM (which gets
443 * converted later to JUST_WORKS if we're initiators.
444 */
445 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
446 remote_io > SMP_IO_KEYBOARD_DISPLAY)
447 return JUST_CFM;
448
449 return gen_method[remote_io][local_io];
450 }
451
452 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
453 u8 local_io, u8 remote_io)
454 {
455 struct hci_conn *hcon = conn->hcon;
456 struct l2cap_chan *chan = conn->smp;
457 struct smp_chan *smp = chan->data;
458 u8 method;
459 u32 passkey = 0;
460 int ret = 0;
461
462 /* Initialize key for JUST WORKS */
463 memset(smp->tk, 0, sizeof(smp->tk));
464 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
465
466 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
467
468 /* If neither side wants MITM, either "just" confirm an incoming
469 * request or use just-works for outgoing ones. The JUST_CFM
470 * will be converted to JUST_WORKS if necessary later in this
471 * function. If either side has MITM look up the method from the
472 * table.
473 */
474 if (!(auth & SMP_AUTH_MITM))
475 method = JUST_CFM;
476 else
477 method = get_auth_method(smp, local_io, remote_io);
478
479 /* Don't confirm locally initiated pairing attempts */
480 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
481 method = JUST_WORKS;
482
483 /* Don't bother user space with no IO capabilities */
484 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
485 method = JUST_WORKS;
486
487 /* If Just Works, Continue with Zero TK */
488 if (method == JUST_WORKS) {
489 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
490 return 0;
491 }
492
493 /* Not Just Works/Confirm results in MITM Authentication */
494 if (method != JUST_CFM)
495 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
496
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
499 */
500 if (method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY;
503 else
504 method = REQ_PASSKEY;
505 }
506
507 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000;
512 put_unaligned_le32(passkey, smp->tk);
513 BT_DBG("PassKey: %d", passkey);
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 }
516
517 hci_dev_lock(hcon->hdev);
518
519 if (method == REQ_PASSKEY)
520 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
521 hcon->type, hcon->dst_type);
522 else if (method == JUST_CFM)
523 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
524 hcon->type, hcon->dst_type,
525 passkey, 1);
526 else
527 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
528 hcon->type, hcon->dst_type,
529 passkey, 0);
530
531 hci_dev_unlock(hcon->hdev);
532
533 return ret;
534 }
535
536 static u8 smp_confirm(struct smp_chan *smp)
537 {
538 struct l2cap_conn *conn = smp->conn;
539 struct smp_cmd_pairing_confirm cp;
540 int ret;
541
542 BT_DBG("conn %p", conn);
543
544 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
545 conn->hcon->init_addr_type, &conn->hcon->init_addr,
546 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
547 cp.confirm_val);
548 if (ret)
549 return SMP_UNSPECIFIED;
550
551 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
552
553 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
554
555 return 0;
556 }
557
558 static u8 smp_random(struct smp_chan *smp)
559 {
560 struct l2cap_conn *conn = smp->conn;
561 struct hci_conn *hcon = conn->hcon;
562 u8 confirm[16];
563 int ret;
564
565 if (IS_ERR_OR_NULL(smp->tfm_aes))
566 return SMP_UNSPECIFIED;
567
568 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
569
570 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
571 hcon->init_addr_type, &hcon->init_addr,
572 hcon->resp_addr_type, &hcon->resp_addr, confirm);
573 if (ret)
574 return SMP_UNSPECIFIED;
575
576 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
577 BT_ERR("Pairing failed (confirmation values mismatch)");
578 return SMP_CONFIRM_FAILED;
579 }
580
581 if (hcon->out) {
582 u8 stk[16];
583 __le64 rand = 0;
584 __le16 ediv = 0;
585
586 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
587
588 memset(stk + smp->enc_key_size, 0,
589 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
590
591 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
592 return SMP_UNSPECIFIED;
593
594 hci_le_start_enc(hcon, ediv, rand, stk);
595 hcon->enc_key_size = smp->enc_key_size;
596 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
597 } else {
598 u8 stk[16], auth;
599 __le64 rand = 0;
600 __le16 ediv = 0;
601
602 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
603 smp->prnd);
604
605 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
606
607 memset(stk + smp->enc_key_size, 0,
608 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
609
610 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
611 auth = 1;
612 else
613 auth = 0;
614
615 /* Even though there's no _SLAVE suffix this is the
616 * slave STK we're adding for later lookup (the master
617 * STK never needs to be stored).
618 */
619 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
620 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
621 }
622
623 return 0;
624 }
625
626 static void smp_notify_keys(struct l2cap_conn *conn)
627 {
628 struct l2cap_chan *chan = conn->smp;
629 struct smp_chan *smp = chan->data;
630 struct hci_conn *hcon = conn->hcon;
631 struct hci_dev *hdev = hcon->hdev;
632 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
633 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
634 bool persistent;
635
636 if (smp->remote_irk) {
637 mgmt_new_irk(hdev, smp->remote_irk);
638 /* Now that user space can be considered to know the
639 * identity address track the connection based on it
640 * from now on.
641 */
642 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
643 hcon->dst_type = smp->remote_irk->addr_type;
644 queue_work(hdev->workqueue, &conn->id_addr_update_work);
645
646 /* When receiving an indentity resolving key for
647 * a remote device that does not use a resolvable
648 * private address, just remove the key so that
649 * it is possible to use the controller white
650 * list for scanning.
651 *
652 * Userspace will have been told to not store
653 * this key at this point. So it is safe to
654 * just remove it.
655 */
656 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
657 list_del(&smp->remote_irk->list);
658 kfree(smp->remote_irk);
659 smp->remote_irk = NULL;
660 }
661 }
662
663 /* The LTKs and CSRKs should be persistent only if both sides
664 * had the bonding bit set in their authentication requests.
665 */
666 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
667
668 if (smp->csrk) {
669 smp->csrk->bdaddr_type = hcon->dst_type;
670 bacpy(&smp->csrk->bdaddr, &hcon->dst);
671 mgmt_new_csrk(hdev, smp->csrk, persistent);
672 }
673
674 if (smp->slave_csrk) {
675 smp->slave_csrk->bdaddr_type = hcon->dst_type;
676 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
677 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
678 }
679
680 if (smp->ltk) {
681 smp->ltk->bdaddr_type = hcon->dst_type;
682 bacpy(&smp->ltk->bdaddr, &hcon->dst);
683 mgmt_new_ltk(hdev, smp->ltk, persistent);
684 }
685
686 if (smp->slave_ltk) {
687 smp->slave_ltk->bdaddr_type = hcon->dst_type;
688 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
689 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
690 }
691 }
692
693 static void smp_distribute_keys(struct smp_chan *smp)
694 {
695 struct smp_cmd_pairing *req, *rsp;
696 struct l2cap_conn *conn = smp->conn;
697 struct hci_conn *hcon = conn->hcon;
698 struct hci_dev *hdev = hcon->hdev;
699 __u8 *keydist;
700
701 BT_DBG("conn %p", conn);
702
703 rsp = (void *) &smp->prsp[1];
704
705 /* The responder sends its keys first */
706 if (hcon->out && (smp->remote_key_dist & 0x07))
707 return;
708
709 req = (void *) &smp->preq[1];
710
711 if (hcon->out) {
712 keydist = &rsp->init_key_dist;
713 *keydist &= req->init_key_dist;
714 } else {
715 keydist = &rsp->resp_key_dist;
716 *keydist &= req->resp_key_dist;
717 }
718
719 BT_DBG("keydist 0x%x", *keydist);
720
721 if (*keydist & SMP_DIST_ENC_KEY) {
722 struct smp_cmd_encrypt_info enc;
723 struct smp_cmd_master_ident ident;
724 struct smp_ltk *ltk;
725 u8 authenticated;
726 __le16 ediv;
727 __le64 rand;
728
729 get_random_bytes(enc.ltk, sizeof(enc.ltk));
730 get_random_bytes(&ediv, sizeof(ediv));
731 get_random_bytes(&rand, sizeof(rand));
732
733 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
734
735 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
736 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
737 SMP_LTK_SLAVE, authenticated, enc.ltk,
738 smp->enc_key_size, ediv, rand);
739 smp->slave_ltk = ltk;
740
741 ident.ediv = ediv;
742 ident.rand = rand;
743
744 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
745
746 *keydist &= ~SMP_DIST_ENC_KEY;
747 }
748
749 if (*keydist & SMP_DIST_ID_KEY) {
750 struct smp_cmd_ident_addr_info addrinfo;
751 struct smp_cmd_ident_info idinfo;
752
753 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
754
755 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
756
757 /* The hci_conn contains the local identity address
758 * after the connection has been established.
759 *
760 * This is true even when the connection has been
761 * established using a resolvable random address.
762 */
763 bacpy(&addrinfo.bdaddr, &hcon->src);
764 addrinfo.addr_type = hcon->src_type;
765
766 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
767 &addrinfo);
768
769 *keydist &= ~SMP_DIST_ID_KEY;
770 }
771
772 if (*keydist & SMP_DIST_SIGN) {
773 struct smp_cmd_sign_info sign;
774 struct smp_csrk *csrk;
775
776 /* Generate a new random key */
777 get_random_bytes(sign.csrk, sizeof(sign.csrk));
778
779 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
780 if (csrk) {
781 csrk->master = 0x00;
782 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
783 }
784 smp->slave_csrk = csrk;
785
786 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
787
788 *keydist &= ~SMP_DIST_SIGN;
789 }
790
791 /* If there are still keys to be received wait for them */
792 if ((smp->remote_key_dist & 0x07))
793 return;
794
795 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
796 smp_notify_keys(conn);
797
798 smp_chan_destroy(conn);
799 }
800
801 static void smp_timeout(struct work_struct *work)
802 {
803 struct smp_chan *smp = container_of(work, struct smp_chan,
804 security_timer.work);
805 struct l2cap_conn *conn = smp->conn;
806
807 BT_DBG("conn %p", conn);
808
809 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
810 }
811
812 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
813 {
814 struct l2cap_chan *chan = conn->smp;
815 struct smp_chan *smp;
816
817 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
818 if (!smp)
819 return NULL;
820
821 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
822 if (IS_ERR(smp->tfm_aes)) {
823 BT_ERR("Unable to create ECB crypto context");
824 kfree(smp);
825 return NULL;
826 }
827
828 smp->conn = conn;
829 chan->data = smp;
830
831 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
832
833 hci_conn_hold(conn->hcon);
834
835 return smp;
836 }
837
838 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
839 {
840 struct l2cap_conn *conn = hcon->l2cap_data;
841 struct l2cap_chan *chan;
842 struct smp_chan *smp;
843 u32 value;
844 int err;
845
846 BT_DBG("");
847
848 if (!conn)
849 return -ENOTCONN;
850
851 chan = conn->smp;
852 if (!chan)
853 return -ENOTCONN;
854
855 l2cap_chan_lock(chan);
856 if (!chan->data) {
857 err = -ENOTCONN;
858 goto unlock;
859 }
860
861 smp = chan->data;
862
863 switch (mgmt_op) {
864 case MGMT_OP_USER_PASSKEY_REPLY:
865 value = le32_to_cpu(passkey);
866 memset(smp->tk, 0, sizeof(smp->tk));
867 BT_DBG("PassKey: %d", value);
868 put_unaligned_le32(value, smp->tk);
869 /* Fall Through */
870 case MGMT_OP_USER_CONFIRM_REPLY:
871 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
872 break;
873 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
874 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
875 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
876 err = 0;
877 goto unlock;
878 default:
879 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
880 err = -EOPNOTSUPP;
881 goto unlock;
882 }
883
884 err = 0;
885
886 /* If it is our turn to send Pairing Confirm, do so now */
887 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
888 u8 rsp = smp_confirm(smp);
889 if (rsp)
890 smp_failure(conn, rsp);
891 }
892
893 unlock:
894 l2cap_chan_unlock(chan);
895 return err;
896 }
897
898 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
899 {
900 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
901 struct l2cap_chan *chan = conn->smp;
902 struct hci_dev *hdev = conn->hcon->hdev;
903 struct smp_chan *smp;
904 u8 key_size, auth, sec_level;
905 int ret;
906
907 BT_DBG("conn %p", conn);
908
909 if (skb->len < sizeof(*req))
910 return SMP_INVALID_PARAMS;
911
912 if (conn->hcon->role != HCI_ROLE_SLAVE)
913 return SMP_CMD_NOTSUPP;
914
915 if (!chan->data)
916 smp = smp_chan_create(conn);
917 else
918 smp = chan->data;
919
920 if (!smp)
921 return SMP_UNSPECIFIED;
922
923 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
924 (req->auth_req & SMP_AUTH_BONDING))
925 return SMP_PAIRING_NOTSUPP;
926
927 smp->preq[0] = SMP_CMD_PAIRING_REQ;
928 memcpy(&smp->preq[1], req, sizeof(*req));
929 skb_pull(skb, sizeof(*req));
930
931 /* We didn't start the pairing, so match remote */
932 auth = req->auth_req;
933
934 sec_level = authreq_to_seclevel(auth);
935 if (sec_level > conn->hcon->pending_sec_level)
936 conn->hcon->pending_sec_level = sec_level;
937
938 /* If we need MITM check that it can be acheived */
939 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
940 u8 method;
941
942 method = get_auth_method(smp, conn->hcon->io_capability,
943 req->io_capability);
944 if (method == JUST_WORKS || method == JUST_CFM)
945 return SMP_AUTH_REQUIREMENTS;
946 }
947
948 build_pairing_cmd(conn, req, &rsp, auth);
949
950 key_size = min(req->max_key_size, rsp.max_key_size);
951 if (check_enc_key_size(conn, key_size))
952 return SMP_ENC_KEY_SIZE;
953
954 get_random_bytes(smp->prnd, sizeof(smp->prnd));
955
956 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
957 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
958
959 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
960
961 /* Request setup of TK */
962 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
963 if (ret)
964 return SMP_UNSPECIFIED;
965
966 return 0;
967 }
968
969 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
970 {
971 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
972 struct l2cap_chan *chan = conn->smp;
973 struct smp_chan *smp = chan->data;
974 u8 key_size, auth = SMP_AUTH_NONE;
975 int ret;
976
977 BT_DBG("conn %p", conn);
978
979 if (skb->len < sizeof(*rsp))
980 return SMP_INVALID_PARAMS;
981
982 if (conn->hcon->role != HCI_ROLE_MASTER)
983 return SMP_CMD_NOTSUPP;
984
985 skb_pull(skb, sizeof(*rsp));
986
987 req = (void *) &smp->preq[1];
988
989 key_size = min(req->max_key_size, rsp->max_key_size);
990 if (check_enc_key_size(conn, key_size))
991 return SMP_ENC_KEY_SIZE;
992
993 /* If we need MITM check that it can be acheived */
994 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
995 u8 method;
996
997 method = get_auth_method(smp, req->io_capability,
998 rsp->io_capability);
999 if (method == JUST_WORKS || method == JUST_CFM)
1000 return SMP_AUTH_REQUIREMENTS;
1001 }
1002
1003 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1004
1005 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1006 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1007
1008 /* Update remote key distribution in case the remote cleared
1009 * some bits that we had enabled in our request.
1010 */
1011 smp->remote_key_dist &= rsp->resp_key_dist;
1012
1013 if ((req->auth_req & SMP_AUTH_BONDING) &&
1014 (rsp->auth_req & SMP_AUTH_BONDING))
1015 auth = SMP_AUTH_BONDING;
1016
1017 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1018
1019 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1020 if (ret)
1021 return SMP_UNSPECIFIED;
1022
1023 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1024
1025 /* Can't compose response until we have been confirmed */
1026 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1027 return smp_confirm(smp);
1028
1029 return 0;
1030 }
1031
1032 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1033 {
1034 struct l2cap_chan *chan = conn->smp;
1035 struct smp_chan *smp = chan->data;
1036
1037 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1038
1039 if (skb->len < sizeof(smp->pcnf))
1040 return SMP_INVALID_PARAMS;
1041
1042 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1043 skb_pull(skb, sizeof(smp->pcnf));
1044
1045 if (conn->hcon->out)
1046 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1047 smp->prnd);
1048 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1049 return smp_confirm(smp);
1050 else
1051 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1052
1053 return 0;
1054 }
1055
1056 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1057 {
1058 struct l2cap_chan *chan = conn->smp;
1059 struct smp_chan *smp = chan->data;
1060
1061 BT_DBG("conn %p", conn);
1062
1063 if (skb->len < sizeof(smp->rrnd))
1064 return SMP_INVALID_PARAMS;
1065
1066 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1067 skb_pull(skb, sizeof(smp->rrnd));
1068
1069 return smp_random(smp);
1070 }
1071
1072 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1073 {
1074 struct smp_ltk *key;
1075 struct hci_conn *hcon = conn->hcon;
1076
1077 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1078 hcon->role);
1079 if (!key)
1080 return false;
1081
1082 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1083 return false;
1084
1085 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1086 return true;
1087
1088 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1089 hcon->enc_key_size = key->enc_size;
1090
1091 /* We never store STKs for master role, so clear this flag */
1092 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1093
1094 return true;
1095 }
1096
1097 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1098 {
1099 if (sec_level == BT_SECURITY_LOW)
1100 return true;
1101
1102 /* If we're encrypted with an STK always claim insufficient
1103 * security. This way we allow the connection to be re-encrypted
1104 * with an LTK, even if the LTK provides the same level of
1105 * security. Only exception is if we don't have an LTK (e.g.
1106 * because of key distribution bits).
1107 */
1108 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1109 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1110 hcon->role))
1111 return false;
1112
1113 if (hcon->sec_level >= sec_level)
1114 return true;
1115
1116 return false;
1117 }
1118
1119 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1120 {
1121 struct smp_cmd_security_req *rp = (void *) skb->data;
1122 struct smp_cmd_pairing cp;
1123 struct hci_conn *hcon = conn->hcon;
1124 struct l2cap_chan *chan = conn->smp;
1125 struct smp_chan *smp;
1126 u8 sec_level;
1127
1128 BT_DBG("conn %p", conn);
1129
1130 if (skb->len < sizeof(*rp))
1131 return SMP_INVALID_PARAMS;
1132
1133 if (hcon->role != HCI_ROLE_MASTER)
1134 return SMP_CMD_NOTSUPP;
1135
1136 sec_level = authreq_to_seclevel(rp->auth_req);
1137 if (smp_sufficient_security(hcon, sec_level))
1138 return 0;
1139
1140 if (sec_level > hcon->pending_sec_level)
1141 hcon->pending_sec_level = sec_level;
1142
1143 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1144 return 0;
1145
1146 /* If SMP is already in progress ignore this request */
1147 if (chan->data)
1148 return 0;
1149
1150 smp = smp_chan_create(conn);
1151 if (!smp)
1152 return SMP_UNSPECIFIED;
1153
1154 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1155 (rp->auth_req & SMP_AUTH_BONDING))
1156 return SMP_PAIRING_NOTSUPP;
1157
1158 skb_pull(skb, sizeof(*rp));
1159
1160 memset(&cp, 0, sizeof(cp));
1161 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1162
1163 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1164 memcpy(&smp->preq[1], &cp, sizeof(cp));
1165
1166 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1167
1168 return 0;
1169 }
1170
1171 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1172 {
1173 struct l2cap_conn *conn = hcon->l2cap_data;
1174 struct l2cap_chan *chan = conn->smp;
1175 struct smp_chan *smp;
1176 __u8 authreq;
1177 int ret;
1178
1179 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1180
1181 /* This may be NULL if there's an unexpected disconnection */
1182 if (!conn)
1183 return 1;
1184
1185 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1186 return 1;
1187
1188 if (smp_sufficient_security(hcon, sec_level))
1189 return 1;
1190
1191 if (sec_level > hcon->pending_sec_level)
1192 hcon->pending_sec_level = sec_level;
1193
1194 if (hcon->role == HCI_ROLE_MASTER)
1195 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1196 return 0;
1197
1198 l2cap_chan_lock(chan);
1199
1200 /* If SMP is already in progress ignore this request */
1201 if (chan->data) {
1202 ret = 0;
1203 goto unlock;
1204 }
1205
1206 smp = smp_chan_create(conn);
1207 if (!smp) {
1208 ret = 1;
1209 goto unlock;
1210 }
1211
1212 authreq = seclevel_to_authreq(sec_level);
1213
1214 /* Require MITM if IO Capability allows or the security level
1215 * requires it.
1216 */
1217 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1218 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1219 authreq |= SMP_AUTH_MITM;
1220
1221 if (hcon->role == HCI_ROLE_MASTER) {
1222 struct smp_cmd_pairing cp;
1223
1224 build_pairing_cmd(conn, &cp, NULL, authreq);
1225 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1226 memcpy(&smp->preq[1], &cp, sizeof(cp));
1227
1228 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1229 } else {
1230 struct smp_cmd_security_req cp;
1231 cp.auth_req = authreq;
1232 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1233 }
1234
1235 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1236 ret = 0;
1237
1238 unlock:
1239 l2cap_chan_unlock(chan);
1240 return ret;
1241 }
1242
1243 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1244 {
1245 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1246 struct l2cap_chan *chan = conn->smp;
1247 struct smp_chan *smp = chan->data;
1248
1249 BT_DBG("conn %p", conn);
1250
1251 if (skb->len < sizeof(*rp))
1252 return SMP_INVALID_PARAMS;
1253
1254 /* Ignore this PDU if it wasn't requested */
1255 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1256 return 0;
1257
1258 skb_pull(skb, sizeof(*rp));
1259
1260 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1261
1262 return 0;
1263 }
1264
1265 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1266 {
1267 struct smp_cmd_master_ident *rp = (void *) skb->data;
1268 struct l2cap_chan *chan = conn->smp;
1269 struct smp_chan *smp = chan->data;
1270 struct hci_dev *hdev = conn->hcon->hdev;
1271 struct hci_conn *hcon = conn->hcon;
1272 struct smp_ltk *ltk;
1273 u8 authenticated;
1274
1275 BT_DBG("conn %p", conn);
1276
1277 if (skb->len < sizeof(*rp))
1278 return SMP_INVALID_PARAMS;
1279
1280 /* Ignore this PDU if it wasn't requested */
1281 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1282 return 0;
1283
1284 /* Mark the information as received */
1285 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1286
1287 skb_pull(skb, sizeof(*rp));
1288
1289 hci_dev_lock(hdev);
1290 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1291 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1292 authenticated, smp->tk, smp->enc_key_size,
1293 rp->ediv, rp->rand);
1294 smp->ltk = ltk;
1295 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1296 smp_distribute_keys(smp);
1297 hci_dev_unlock(hdev);
1298
1299 return 0;
1300 }
1301
1302 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1303 {
1304 struct smp_cmd_ident_info *info = (void *) skb->data;
1305 struct l2cap_chan *chan = conn->smp;
1306 struct smp_chan *smp = chan->data;
1307
1308 BT_DBG("");
1309
1310 if (skb->len < sizeof(*info))
1311 return SMP_INVALID_PARAMS;
1312
1313 /* Ignore this PDU if it wasn't requested */
1314 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1315 return 0;
1316
1317 skb_pull(skb, sizeof(*info));
1318
1319 memcpy(smp->irk, info->irk, 16);
1320
1321 return 0;
1322 }
1323
1324 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1325 struct sk_buff *skb)
1326 {
1327 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1328 struct l2cap_chan *chan = conn->smp;
1329 struct smp_chan *smp = chan->data;
1330 struct hci_conn *hcon = conn->hcon;
1331 bdaddr_t rpa;
1332
1333 BT_DBG("");
1334
1335 if (skb->len < sizeof(*info))
1336 return SMP_INVALID_PARAMS;
1337
1338 /* Ignore this PDU if it wasn't requested */
1339 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1340 return 0;
1341
1342 /* Mark the information as received */
1343 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1344
1345 skb_pull(skb, sizeof(*info));
1346
1347 hci_dev_lock(hcon->hdev);
1348
1349 /* Strictly speaking the Core Specification (4.1) allows sending
1350 * an empty address which would force us to rely on just the IRK
1351 * as "identity information". However, since such
1352 * implementations are not known of and in order to not over
1353 * complicate our implementation, simply pretend that we never
1354 * received an IRK for such a device.
1355 */
1356 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1357 BT_ERR("Ignoring IRK with no identity address");
1358 goto distribute;
1359 }
1360
1361 bacpy(&smp->id_addr, &info->bdaddr);
1362 smp->id_addr_type = info->addr_type;
1363
1364 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1365 bacpy(&rpa, &hcon->dst);
1366 else
1367 bacpy(&rpa, BDADDR_ANY);
1368
1369 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1370 smp->id_addr_type, smp->irk, &rpa);
1371
1372 distribute:
1373 smp_distribute_keys(smp);
1374
1375 hci_dev_unlock(hcon->hdev);
1376
1377 return 0;
1378 }
1379
1380 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1381 {
1382 struct smp_cmd_sign_info *rp = (void *) skb->data;
1383 struct l2cap_chan *chan = conn->smp;
1384 struct smp_chan *smp = chan->data;
1385 struct hci_dev *hdev = conn->hcon->hdev;
1386 struct smp_csrk *csrk;
1387
1388 BT_DBG("conn %p", conn);
1389
1390 if (skb->len < sizeof(*rp))
1391 return SMP_INVALID_PARAMS;
1392
1393 /* Ignore this PDU if it wasn't requested */
1394 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1395 return 0;
1396
1397 /* Mark the information as received */
1398 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1399
1400 skb_pull(skb, sizeof(*rp));
1401
1402 hci_dev_lock(hdev);
1403 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1404 if (csrk) {
1405 csrk->master = 0x01;
1406 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1407 }
1408 smp->csrk = csrk;
1409 smp_distribute_keys(smp);
1410 hci_dev_unlock(hdev);
1411
1412 return 0;
1413 }
1414
1415 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1416 {
1417 struct l2cap_conn *conn = chan->conn;
1418 struct hci_conn *hcon = conn->hcon;
1419 __u8 code, reason;
1420 int err = 0;
1421
1422 if (hcon->type != LE_LINK) {
1423 kfree_skb(skb);
1424 return 0;
1425 }
1426
1427 if (skb->len < 1)
1428 return -EILSEQ;
1429
1430 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1431 reason = SMP_PAIRING_NOTSUPP;
1432 goto done;
1433 }
1434
1435 code = skb->data[0];
1436 skb_pull(skb, sizeof(code));
1437
1438 /*
1439 * The SMP context must be initialized for all other PDUs except
1440 * pairing and security requests. If we get any other PDU when
1441 * not initialized simply disconnect (done if this function
1442 * returns an error).
1443 */
1444 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1445 !chan->data) {
1446 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1447 err = -EOPNOTSUPP;
1448 goto done;
1449 }
1450
1451 switch (code) {
1452 case SMP_CMD_PAIRING_REQ:
1453 reason = smp_cmd_pairing_req(conn, skb);
1454 break;
1455
1456 case SMP_CMD_PAIRING_FAIL:
1457 smp_failure(conn, 0);
1458 err = -EPERM;
1459 break;
1460
1461 case SMP_CMD_PAIRING_RSP:
1462 reason = smp_cmd_pairing_rsp(conn, skb);
1463 break;
1464
1465 case SMP_CMD_SECURITY_REQ:
1466 reason = smp_cmd_security_req(conn, skb);
1467 break;
1468
1469 case SMP_CMD_PAIRING_CONFIRM:
1470 reason = smp_cmd_pairing_confirm(conn, skb);
1471 break;
1472
1473 case SMP_CMD_PAIRING_RANDOM:
1474 reason = smp_cmd_pairing_random(conn, skb);
1475 break;
1476
1477 case SMP_CMD_ENCRYPT_INFO:
1478 reason = smp_cmd_encrypt_info(conn, skb);
1479 break;
1480
1481 case SMP_CMD_MASTER_IDENT:
1482 reason = smp_cmd_master_ident(conn, skb);
1483 break;
1484
1485 case SMP_CMD_IDENT_INFO:
1486 reason = smp_cmd_ident_info(conn, skb);
1487 break;
1488
1489 case SMP_CMD_IDENT_ADDR_INFO:
1490 reason = smp_cmd_ident_addr_info(conn, skb);
1491 break;
1492
1493 case SMP_CMD_SIGN_INFO:
1494 reason = smp_cmd_sign_info(conn, skb);
1495 break;
1496
1497 default:
1498 BT_DBG("Unknown command code 0x%2.2x", code);
1499 reason = SMP_CMD_NOTSUPP;
1500 goto done;
1501 }
1502
1503 done:
1504 if (!err) {
1505 if (reason)
1506 smp_failure(conn, reason);
1507 kfree_skb(skb);
1508 }
1509
1510 return err;
1511 }
1512
1513 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1514 {
1515 struct l2cap_conn *conn = chan->conn;
1516
1517 BT_DBG("chan %p", chan);
1518
1519 if (chan->data)
1520 smp_chan_destroy(conn);
1521
1522 conn->smp = NULL;
1523 l2cap_chan_put(chan);
1524 }
1525
1526 static void smp_resume_cb(struct l2cap_chan *chan)
1527 {
1528 struct smp_chan *smp = chan->data;
1529 struct l2cap_conn *conn = chan->conn;
1530 struct hci_conn *hcon = conn->hcon;
1531
1532 BT_DBG("chan %p", chan);
1533
1534 if (!smp)
1535 return;
1536
1537 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1538 return;
1539
1540 cancel_delayed_work(&smp->security_timer);
1541
1542 smp_distribute_keys(smp);
1543 }
1544
1545 static void smp_ready_cb(struct l2cap_chan *chan)
1546 {
1547 struct l2cap_conn *conn = chan->conn;
1548
1549 BT_DBG("chan %p", chan);
1550
1551 conn->smp = chan;
1552 l2cap_chan_hold(chan);
1553 }
1554
1555 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1556 {
1557 int err;
1558
1559 BT_DBG("chan %p", chan);
1560
1561 err = smp_sig_channel(chan, skb);
1562 if (err) {
1563 struct smp_chan *smp = chan->data;
1564
1565 if (smp)
1566 cancel_delayed_work_sync(&smp->security_timer);
1567
1568 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1569 }
1570
1571 return err;
1572 }
1573
1574 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1575 unsigned long hdr_len,
1576 unsigned long len, int nb)
1577 {
1578 struct sk_buff *skb;
1579
1580 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1581 if (!skb)
1582 return ERR_PTR(-ENOMEM);
1583
1584 skb->priority = HCI_PRIO_MAX;
1585 bt_cb(skb)->chan = chan;
1586
1587 return skb;
1588 }
1589
1590 static const struct l2cap_ops smp_chan_ops = {
1591 .name = "Security Manager",
1592 .ready = smp_ready_cb,
1593 .recv = smp_recv_cb,
1594 .alloc_skb = smp_alloc_skb_cb,
1595 .teardown = smp_teardown_cb,
1596 .resume = smp_resume_cb,
1597
1598 .new_connection = l2cap_chan_no_new_connection,
1599 .state_change = l2cap_chan_no_state_change,
1600 .close = l2cap_chan_no_close,
1601 .defer = l2cap_chan_no_defer,
1602 .suspend = l2cap_chan_no_suspend,
1603 .set_shutdown = l2cap_chan_no_set_shutdown,
1604 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1605 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1606 };
1607
1608 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1609 {
1610 struct l2cap_chan *chan;
1611
1612 BT_DBG("pchan %p", pchan);
1613
1614 chan = l2cap_chan_create();
1615 if (!chan)
1616 return NULL;
1617
1618 chan->chan_type = pchan->chan_type;
1619 chan->ops = &smp_chan_ops;
1620 chan->scid = pchan->scid;
1621 chan->dcid = chan->scid;
1622 chan->imtu = pchan->imtu;
1623 chan->omtu = pchan->omtu;
1624 chan->mode = pchan->mode;
1625
1626 BT_DBG("created chan %p", chan);
1627
1628 return chan;
1629 }
1630
1631 static const struct l2cap_ops smp_root_chan_ops = {
1632 .name = "Security Manager Root",
1633 .new_connection = smp_new_conn_cb,
1634
1635 /* None of these are implemented for the root channel */
1636 .close = l2cap_chan_no_close,
1637 .alloc_skb = l2cap_chan_no_alloc_skb,
1638 .recv = l2cap_chan_no_recv,
1639 .state_change = l2cap_chan_no_state_change,
1640 .teardown = l2cap_chan_no_teardown,
1641 .ready = l2cap_chan_no_ready,
1642 .defer = l2cap_chan_no_defer,
1643 .suspend = l2cap_chan_no_suspend,
1644 .resume = l2cap_chan_no_resume,
1645 .set_shutdown = l2cap_chan_no_set_shutdown,
1646 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1647 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1648 };
1649
1650 int smp_register(struct hci_dev *hdev)
1651 {
1652 struct l2cap_chan *chan;
1653 struct crypto_blkcipher *tfm_aes;
1654
1655 BT_DBG("%s", hdev->name);
1656
1657 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1658 if (IS_ERR(tfm_aes)) {
1659 int err = PTR_ERR(tfm_aes);
1660 BT_ERR("Unable to create crypto context");
1661 return err;
1662 }
1663
1664 chan = l2cap_chan_create();
1665 if (!chan) {
1666 crypto_free_blkcipher(tfm_aes);
1667 return -ENOMEM;
1668 }
1669
1670 chan->data = tfm_aes;
1671
1672 l2cap_add_scid(chan, L2CAP_CID_SMP);
1673
1674 l2cap_chan_set_defaults(chan);
1675
1676 bacpy(&chan->src, &hdev->bdaddr);
1677 chan->src_type = BDADDR_LE_PUBLIC;
1678 chan->state = BT_LISTEN;
1679 chan->mode = L2CAP_MODE_BASIC;
1680 chan->imtu = L2CAP_DEFAULT_MTU;
1681 chan->ops = &smp_root_chan_ops;
1682
1683 hdev->smp_data = chan;
1684
1685 return 0;
1686 }
1687
1688 void smp_unregister(struct hci_dev *hdev)
1689 {
1690 struct l2cap_chan *chan = hdev->smp_data;
1691 struct crypto_blkcipher *tfm_aes;
1692
1693 if (!chan)
1694 return;
1695
1696 BT_DBG("%s chan %p", hdev->name, chan);
1697
1698 tfm_aes = chan->data;
1699 if (tfm_aes) {
1700 chan->data = NULL;
1701 crypto_free_blkcipher(tfm_aes);
1702 }
1703
1704 hdev->smp_data = NULL;
1705 l2cap_chan_put(chan);
1706 }
Linux kernel - Deliverables
This page took 0.095152 seconds and 5 git commands to generate.