projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add skeleton for SMP self-tests
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
196 bdaddr_t *ra, u8 res[16])
197 {
198 u8 p1[16], p2[16];
199 int err;
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
236 u8 r2[16], u8 _r[16])
237 {
238 int err;
239
240 /* Just least significant octets from r1 and r2 are considered */
241 memcpy(_r, r2, 8);
242 memcpy(_r + 8, r1, 8);
243
244 err = smp_e(tfm_aes, k, _r);
245 if (err)
246 BT_ERR("Encrypt data error");
247
248 return err;
249 }
250
251 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252 {
253 struct l2cap_chan *chan = conn->smp;
254 struct smp_chan *smp;
255 struct kvec iv[2];
256 struct msghdr msg;
257
258 if (!chan)
259 return;
260
261 BT_DBG("code 0x%2.2x", code);
262
263 iv[0].iov_base = &code;
264 iv[0].iov_len = 1;
265
266 iv[1].iov_base = data;
267 iv[1].iov_len = len;
268
269 memset(&msg, 0, sizeof(msg));
270
271 msg.msg_iov = (struct iovec *) &iv;
272 msg.msg_iovlen = 2;
273
274 l2cap_chan_send(chan, &msg, 1 + len);
275
276 if (!chan->data)
277 return;
278
279 smp = chan->data;
280
281 cancel_delayed_work_sync(&smp->security_timer);
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283 }
284
285 static __u8 authreq_to_seclevel(__u8 authreq)
286 {
287 if (authreq & SMP_AUTH_MITM)
288 return BT_SECURITY_HIGH;
289 else
290 return BT_SECURITY_MEDIUM;
291 }
292
293 static __u8 seclevel_to_authreq(__u8 sec_level)
294 {
295 switch (sec_level) {
296 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM:
299 return SMP_AUTH_BONDING;
300 default:
301 return SMP_AUTH_NONE;
302 }
303 }
304
305 static void build_pairing_cmd(struct l2cap_conn *conn,
306 struct smp_cmd_pairing *req,
307 struct smp_cmd_pairing *rsp, __u8 authreq)
308 {
309 struct l2cap_chan *chan = conn->smp;
310 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0;
314
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
317 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
318 authreq |= SMP_AUTH_BONDING;
319 } else {
320 authreq &= ~SMP_AUTH_BONDING;
321 }
322
323 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
324 remote_dist |= SMP_DIST_ID_KEY;
325
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY;
328
329 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK);
336
337 smp->remote_key_dist = remote_dist;
338 return;
339 }
340
341 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK);
347
348 smp->remote_key_dist = rsp->init_key_dist;
349 }
350
351 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
352 {
353 struct l2cap_chan *chan = conn->smp;
354 struct smp_chan *smp = chan->data;
355
356 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
357 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
358 return SMP_ENC_KEY_SIZE;
359
360 smp->enc_key_size = max_key_size;
361
362 return 0;
363 }
364
365 static void smp_chan_destroy(struct l2cap_conn *conn)
366 {
367 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data;
369 bool complete;
370
371 BUG_ON(!smp);
372
373 cancel_delayed_work_sync(&smp->security_timer);
374
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete);
377
378 kfree(smp->csrk);
379 kfree(smp->slave_csrk);
380
381 crypto_free_blkcipher(smp->tfm_aes);
382
383 /* If pairing failed clean up any keys we might have */
384 if (!complete) {
385 if (smp->ltk) {
386 list_del(&smp->ltk->list);
387 kfree(smp->ltk);
388 }
389
390 if (smp->slave_ltk) {
391 list_del(&smp->slave_ltk->list);
392 kfree(smp->slave_ltk);
393 }
394
395 if (smp->remote_irk) {
396 list_del(&smp->remote_irk->list);
397 kfree(smp->remote_irk);
398 }
399 }
400
401 chan->data = NULL;
402 kfree(smp);
403 hci_conn_drop(conn->hcon);
404 }
405
406 static void smp_failure(struct l2cap_conn *conn, u8 reason)
407 {
408 struct hci_conn *hcon = conn->hcon;
409 struct l2cap_chan *chan = conn->smp;
410
411 if (reason)
412 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
413 &reason);
414
415 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
416 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
417
418 if (chan->data)
419 smp_chan_destroy(conn);
420 }
421
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
426 #define REQ_OOB 0x04
427 #define OVERLAP 0xFF
428
429 static const u8 gen_method[5][5] = {
430 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
431 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
432 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
433 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435 };
436
437 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438 {
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
441 */
442 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
443 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM;
445
446 return gen_method[remote_io][local_io];
447 }
448
449 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
450 u8 local_io, u8 remote_io)
451 {
452 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0;
457 int ret = 0;
458
459 /* Initialize key for JUST WORKS */
460 memset(smp->tk, 0, sizeof(smp->tk));
461 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
462
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
464
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
469 * table.
470 */
471 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM;
473 else
474 method = get_auth_method(smp, local_io, remote_io);
475
476 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
478 method = JUST_WORKS;
479
480 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
482 method = JUST_WORKS;
483
484 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0;
488 }
489
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH;
495 }
496
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
499 */
500 if (method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY;
503 else
504 method = REQ_PASSKEY;
505 }
506
507 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000;
512 put_unaligned_le32(passkey, smp->tk);
513 BT_DBG("PassKey: %d", passkey);
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 }
516
517 hci_dev_lock(hcon->hdev);
518
519 if (method == REQ_PASSKEY)
520 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
521 hcon->type, hcon->dst_type);
522 else if (method == JUST_CFM)
523 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
524 hcon->type, hcon->dst_type,
525 passkey, 1);
526 else
527 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
528 hcon->type, hcon->dst_type,
529 passkey, 0);
530
531 hci_dev_unlock(hcon->hdev);
532
533 return ret;
534 }
535
536 static u8 smp_confirm(struct smp_chan *smp)
537 {
538 struct l2cap_conn *conn = smp->conn;
539 struct smp_cmd_pairing_confirm cp;
540 int ret;
541
542 BT_DBG("conn %p", conn);
543
544 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
545 conn->hcon->init_addr_type, &conn->hcon->init_addr,
546 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
547 cp.confirm_val);
548 if (ret)
549 return SMP_UNSPECIFIED;
550
551 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
552
553 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
554
555 if (conn->hcon->out)
556 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
557 else
558 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
559
560 return 0;
561 }
562
563 static u8 smp_random(struct smp_chan *smp)
564 {
565 struct l2cap_conn *conn = smp->conn;
566 struct hci_conn *hcon = conn->hcon;
567 u8 confirm[16];
568 int ret;
569
570 if (IS_ERR_OR_NULL(smp->tfm_aes))
571 return SMP_UNSPECIFIED;
572
573 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
574
575 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
576 hcon->init_addr_type, &hcon->init_addr,
577 hcon->resp_addr_type, &hcon->resp_addr, confirm);
578 if (ret)
579 return SMP_UNSPECIFIED;
580
581 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
582 BT_ERR("Pairing failed (confirmation values mismatch)");
583 return SMP_CONFIRM_FAILED;
584 }
585
586 if (hcon->out) {
587 u8 stk[16];
588 __le64 rand = 0;
589 __le16 ediv = 0;
590
591 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
592
593 memset(stk + smp->enc_key_size, 0,
594 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
595
596 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
597 return SMP_UNSPECIFIED;
598
599 hci_le_start_enc(hcon, ediv, rand, stk);
600 hcon->enc_key_size = smp->enc_key_size;
601 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
602 } else {
603 u8 stk[16], auth;
604 __le64 rand = 0;
605 __le16 ediv = 0;
606
607 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
608 smp->prnd);
609
610 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
611
612 memset(stk + smp->enc_key_size, 0,
613 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
614
615 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
616 auth = 1;
617 else
618 auth = 0;
619
620 /* Even though there's no _SLAVE suffix this is the
621 * slave STK we're adding for later lookup (the master
622 * STK never needs to be stored).
623 */
624 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
625 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
626 }
627
628 return 0;
629 }
630
631 static void smp_notify_keys(struct l2cap_conn *conn)
632 {
633 struct l2cap_chan *chan = conn->smp;
634 struct smp_chan *smp = chan->data;
635 struct hci_conn *hcon = conn->hcon;
636 struct hci_dev *hdev = hcon->hdev;
637 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
638 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
639 bool persistent;
640
641 if (smp->remote_irk) {
642 mgmt_new_irk(hdev, smp->remote_irk);
643 /* Now that user space can be considered to know the
644 * identity address track the connection based on it
645 * from now on.
646 */
647 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
648 hcon->dst_type = smp->remote_irk->addr_type;
649 queue_work(hdev->workqueue, &conn->id_addr_update_work);
650
651 /* When receiving an indentity resolving key for
652 * a remote device that does not use a resolvable
653 * private address, just remove the key so that
654 * it is possible to use the controller white
655 * list for scanning.
656 *
657 * Userspace will have been told to not store
658 * this key at this point. So it is safe to
659 * just remove it.
660 */
661 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
662 list_del(&smp->remote_irk->list);
663 kfree(smp->remote_irk);
664 smp->remote_irk = NULL;
665 }
666 }
667
668 /* The LTKs and CSRKs should be persistent only if both sides
669 * had the bonding bit set in their authentication requests.
670 */
671 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
672
673 if (smp->csrk) {
674 smp->csrk->bdaddr_type = hcon->dst_type;
675 bacpy(&smp->csrk->bdaddr, &hcon->dst);
676 mgmt_new_csrk(hdev, smp->csrk, persistent);
677 }
678
679 if (smp->slave_csrk) {
680 smp->slave_csrk->bdaddr_type = hcon->dst_type;
681 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
682 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
683 }
684
685 if (smp->ltk) {
686 smp->ltk->bdaddr_type = hcon->dst_type;
687 bacpy(&smp->ltk->bdaddr, &hcon->dst);
688 mgmt_new_ltk(hdev, smp->ltk, persistent);
689 }
690
691 if (smp->slave_ltk) {
692 smp->slave_ltk->bdaddr_type = hcon->dst_type;
693 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
694 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
695 }
696 }
697
698 static void smp_allow_key_dist(struct smp_chan *smp)
699 {
700 /* Allow the first expected phase 3 PDU. The rest of the PDUs
701 * will be allowed in each PDU handler to ensure we receive
702 * them in the correct order.
703 */
704 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
705 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
706 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
707 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
708 else if (smp->remote_key_dist & SMP_DIST_SIGN)
709 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
710 }
711
712 static void smp_distribute_keys(struct smp_chan *smp)
713 {
714 struct smp_cmd_pairing *req, *rsp;
715 struct l2cap_conn *conn = smp->conn;
716 struct hci_conn *hcon = conn->hcon;
717 struct hci_dev *hdev = hcon->hdev;
718 __u8 *keydist;
719
720 BT_DBG("conn %p", conn);
721
722 rsp = (void *) &smp->prsp[1];
723
724 /* The responder sends its keys first */
725 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
726 smp_allow_key_dist(smp);
727 return;
728 }
729
730 req = (void *) &smp->preq[1];
731
732 if (hcon->out) {
733 keydist = &rsp->init_key_dist;
734 *keydist &= req->init_key_dist;
735 } else {
736 keydist = &rsp->resp_key_dist;
737 *keydist &= req->resp_key_dist;
738 }
739
740 BT_DBG("keydist 0x%x", *keydist);
741
742 if (*keydist & SMP_DIST_ENC_KEY) {
743 struct smp_cmd_encrypt_info enc;
744 struct smp_cmd_master_ident ident;
745 struct smp_ltk *ltk;
746 u8 authenticated;
747 __le16 ediv;
748 __le64 rand;
749
750 get_random_bytes(enc.ltk, sizeof(enc.ltk));
751 get_random_bytes(&ediv, sizeof(ediv));
752 get_random_bytes(&rand, sizeof(rand));
753
754 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
755
756 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
757 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
758 SMP_LTK_SLAVE, authenticated, enc.ltk,
759 smp->enc_key_size, ediv, rand);
760 smp->slave_ltk = ltk;
761
762 ident.ediv = ediv;
763 ident.rand = rand;
764
765 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
766
767 *keydist &= ~SMP_DIST_ENC_KEY;
768 }
769
770 if (*keydist & SMP_DIST_ID_KEY) {
771 struct smp_cmd_ident_addr_info addrinfo;
772 struct smp_cmd_ident_info idinfo;
773
774 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
775
776 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
777
778 /* The hci_conn contains the local identity address
779 * after the connection has been established.
780 *
781 * This is true even when the connection has been
782 * established using a resolvable random address.
783 */
784 bacpy(&addrinfo.bdaddr, &hcon->src);
785 addrinfo.addr_type = hcon->src_type;
786
787 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
788 &addrinfo);
789
790 *keydist &= ~SMP_DIST_ID_KEY;
791 }
792
793 if (*keydist & SMP_DIST_SIGN) {
794 struct smp_cmd_sign_info sign;
795 struct smp_csrk *csrk;
796
797 /* Generate a new random key */
798 get_random_bytes(sign.csrk, sizeof(sign.csrk));
799
800 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
801 if (csrk) {
802 csrk->master = 0x00;
803 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
804 }
805 smp->slave_csrk = csrk;
806
807 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
808
809 *keydist &= ~SMP_DIST_SIGN;
810 }
811
812 /* If there are still keys to be received wait for them */
813 if (smp->remote_key_dist & KEY_DIST_MASK) {
814 smp_allow_key_dist(smp);
815 return;
816 }
817
818 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
819 smp_notify_keys(conn);
820
821 smp_chan_destroy(conn);
822 }
823
824 static void smp_timeout(struct work_struct *work)
825 {
826 struct smp_chan *smp = container_of(work, struct smp_chan,
827 security_timer.work);
828 struct l2cap_conn *conn = smp->conn;
829
830 BT_DBG("conn %p", conn);
831
832 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
833 }
834
835 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
836 {
837 struct l2cap_chan *chan = conn->smp;
838 struct smp_chan *smp;
839
840 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
841 if (!smp)
842 return NULL;
843
844 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
845 if (IS_ERR(smp->tfm_aes)) {
846 BT_ERR("Unable to create ECB crypto context");
847 kfree(smp);
848 return NULL;
849 }
850
851 smp->conn = conn;
852 chan->data = smp;
853
854 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
855
856 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
857
858 hci_conn_hold(conn->hcon);
859
860 return smp;
861 }
862
863 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
864 {
865 struct l2cap_conn *conn = hcon->l2cap_data;
866 struct l2cap_chan *chan;
867 struct smp_chan *smp;
868 u32 value;
869 int err;
870
871 BT_DBG("");
872
873 if (!conn)
874 return -ENOTCONN;
875
876 chan = conn->smp;
877 if (!chan)
878 return -ENOTCONN;
879
880 l2cap_chan_lock(chan);
881 if (!chan->data) {
882 err = -ENOTCONN;
883 goto unlock;
884 }
885
886 smp = chan->data;
887
888 switch (mgmt_op) {
889 case MGMT_OP_USER_PASSKEY_REPLY:
890 value = le32_to_cpu(passkey);
891 memset(smp->tk, 0, sizeof(smp->tk));
892 BT_DBG("PassKey: %d", value);
893 put_unaligned_le32(value, smp->tk);
894 /* Fall Through */
895 case MGMT_OP_USER_CONFIRM_REPLY:
896 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
897 break;
898 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
899 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
900 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
901 err = 0;
902 goto unlock;
903 default:
904 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
905 err = -EOPNOTSUPP;
906 goto unlock;
907 }
908
909 err = 0;
910
911 /* If it is our turn to send Pairing Confirm, do so now */
912 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
913 u8 rsp = smp_confirm(smp);
914 if (rsp)
915 smp_failure(conn, rsp);
916 }
917
918 unlock:
919 l2cap_chan_unlock(chan);
920 return err;
921 }
922
923 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
924 {
925 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
926 struct l2cap_chan *chan = conn->smp;
927 struct hci_dev *hdev = conn->hcon->hdev;
928 struct smp_chan *smp;
929 u8 key_size, auth, sec_level;
930 int ret;
931
932 BT_DBG("conn %p", conn);
933
934 if (skb->len < sizeof(*req))
935 return SMP_INVALID_PARAMS;
936
937 if (conn->hcon->role != HCI_ROLE_SLAVE)
938 return SMP_CMD_NOTSUPP;
939
940 if (!chan->data)
941 smp = smp_chan_create(conn);
942 else
943 smp = chan->data;
944
945 if (!smp)
946 return SMP_UNSPECIFIED;
947
948 /* We didn't start the pairing, so match remote */
949 auth = req->auth_req & AUTH_REQ_MASK;
950
951 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
952 (auth & SMP_AUTH_BONDING))
953 return SMP_PAIRING_NOTSUPP;
954
955 smp->preq[0] = SMP_CMD_PAIRING_REQ;
956 memcpy(&smp->preq[1], req, sizeof(*req));
957 skb_pull(skb, sizeof(*req));
958
959 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
960 sec_level = BT_SECURITY_MEDIUM;
961 else
962 sec_level = authreq_to_seclevel(auth);
963
964 if (sec_level > conn->hcon->pending_sec_level)
965 conn->hcon->pending_sec_level = sec_level;
966
967 /* If we need MITM check that it can be acheived */
968 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
969 u8 method;
970
971 method = get_auth_method(smp, conn->hcon->io_capability,
972 req->io_capability);
973 if (method == JUST_WORKS || method == JUST_CFM)
974 return SMP_AUTH_REQUIREMENTS;
975 }
976
977 build_pairing_cmd(conn, req, &rsp, auth);
978
979 key_size = min(req->max_key_size, rsp.max_key_size);
980 if (check_enc_key_size(conn, key_size))
981 return SMP_ENC_KEY_SIZE;
982
983 get_random_bytes(smp->prnd, sizeof(smp->prnd));
984
985 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
986 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
987
988 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
989 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
990
991 /* Request setup of TK */
992 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
993 if (ret)
994 return SMP_UNSPECIFIED;
995
996 return 0;
997 }
998
999 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1000 {
1001 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1002 struct l2cap_chan *chan = conn->smp;
1003 struct smp_chan *smp = chan->data;
1004 u8 key_size, auth;
1005 int ret;
1006
1007 BT_DBG("conn %p", conn);
1008
1009 if (skb->len < sizeof(*rsp))
1010 return SMP_INVALID_PARAMS;
1011
1012 if (conn->hcon->role != HCI_ROLE_MASTER)
1013 return SMP_CMD_NOTSUPP;
1014
1015 skb_pull(skb, sizeof(*rsp));
1016
1017 req = (void *) &smp->preq[1];
1018
1019 key_size = min(req->max_key_size, rsp->max_key_size);
1020 if (check_enc_key_size(conn, key_size))
1021 return SMP_ENC_KEY_SIZE;
1022
1023 auth = rsp->auth_req & AUTH_REQ_MASK;
1024
1025 /* If we need MITM check that it can be acheived */
1026 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1027 u8 method;
1028
1029 method = get_auth_method(smp, req->io_capability,
1030 rsp->io_capability);
1031 if (method == JUST_WORKS || method == JUST_CFM)
1032 return SMP_AUTH_REQUIREMENTS;
1033 }
1034
1035 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1036
1037 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1038 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1039
1040 /* Update remote key distribution in case the remote cleared
1041 * some bits that we had enabled in our request.
1042 */
1043 smp->remote_key_dist &= rsp->resp_key_dist;
1044
1045 auth |= req->auth_req;
1046
1047 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1048 if (ret)
1049 return SMP_UNSPECIFIED;
1050
1051 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1052
1053 /* Can't compose response until we have been confirmed */
1054 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1055 return smp_confirm(smp);
1056
1057 return 0;
1058 }
1059
1060 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1061 {
1062 struct l2cap_chan *chan = conn->smp;
1063 struct smp_chan *smp = chan->data;
1064
1065 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1066
1067 if (skb->len < sizeof(smp->pcnf))
1068 return SMP_INVALID_PARAMS;
1069
1070 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1071 skb_pull(skb, sizeof(smp->pcnf));
1072
1073 if (conn->hcon->out) {
1074 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1075 smp->prnd);
1076 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1077 return 0;
1078 }
1079
1080 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1081 return smp_confirm(smp);
1082 else
1083 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1084
1085 return 0;
1086 }
1087
1088 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1089 {
1090 struct l2cap_chan *chan = conn->smp;
1091 struct smp_chan *smp = chan->data;
1092
1093 BT_DBG("conn %p", conn);
1094
1095 if (skb->len < sizeof(smp->rrnd))
1096 return SMP_INVALID_PARAMS;
1097
1098 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1099 skb_pull(skb, sizeof(smp->rrnd));
1100
1101 return smp_random(smp);
1102 }
1103
1104 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1105 {
1106 struct smp_ltk *key;
1107 struct hci_conn *hcon = conn->hcon;
1108
1109 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1110 hcon->role);
1111 if (!key)
1112 return false;
1113
1114 if (smp_ltk_sec_level(key) < sec_level)
1115 return false;
1116
1117 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1118 return true;
1119
1120 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1121 hcon->enc_key_size = key->enc_size;
1122
1123 /* We never store STKs for master role, so clear this flag */
1124 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1125
1126 return true;
1127 }
1128
1129 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1130 {
1131 if (sec_level == BT_SECURITY_LOW)
1132 return true;
1133
1134 /* If we're encrypted with an STK always claim insufficient
1135 * security. This way we allow the connection to be re-encrypted
1136 * with an LTK, even if the LTK provides the same level of
1137 * security. Only exception is if we don't have an LTK (e.g.
1138 * because of key distribution bits).
1139 */
1140 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1141 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1142 hcon->role))
1143 return false;
1144
1145 if (hcon->sec_level >= sec_level)
1146 return true;
1147
1148 return false;
1149 }
1150
1151 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1152 {
1153 struct smp_cmd_security_req *rp = (void *) skb->data;
1154 struct smp_cmd_pairing cp;
1155 struct hci_conn *hcon = conn->hcon;
1156 struct smp_chan *smp;
1157 u8 sec_level, auth;
1158
1159 BT_DBG("conn %p", conn);
1160
1161 if (skb->len < sizeof(*rp))
1162 return SMP_INVALID_PARAMS;
1163
1164 if (hcon->role != HCI_ROLE_MASTER)
1165 return SMP_CMD_NOTSUPP;
1166
1167 auth = rp->auth_req & AUTH_REQ_MASK;
1168
1169 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1170 sec_level = BT_SECURITY_MEDIUM;
1171 else
1172 sec_level = authreq_to_seclevel(auth);
1173
1174 if (smp_sufficient_security(hcon, sec_level))
1175 return 0;
1176
1177 if (sec_level > hcon->pending_sec_level)
1178 hcon->pending_sec_level = sec_level;
1179
1180 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1181 return 0;
1182
1183 smp = smp_chan_create(conn);
1184 if (!smp)
1185 return SMP_UNSPECIFIED;
1186
1187 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1188 (auth & SMP_AUTH_BONDING))
1189 return SMP_PAIRING_NOTSUPP;
1190
1191 skb_pull(skb, sizeof(*rp));
1192
1193 memset(&cp, 0, sizeof(cp));
1194 build_pairing_cmd(conn, &cp, NULL, auth);
1195
1196 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1197 memcpy(&smp->preq[1], &cp, sizeof(cp));
1198
1199 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1200 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1201
1202 return 0;
1203 }
1204
1205 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1206 {
1207 struct l2cap_conn *conn = hcon->l2cap_data;
1208 struct l2cap_chan *chan;
1209 struct smp_chan *smp;
1210 __u8 authreq;
1211 int ret;
1212
1213 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1214
1215 /* This may be NULL if there's an unexpected disconnection */
1216 if (!conn)
1217 return 1;
1218
1219 chan = conn->smp;
1220
1221 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1222 return 1;
1223
1224 if (smp_sufficient_security(hcon, sec_level))
1225 return 1;
1226
1227 if (sec_level > hcon->pending_sec_level)
1228 hcon->pending_sec_level = sec_level;
1229
1230 if (hcon->role == HCI_ROLE_MASTER)
1231 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1232 return 0;
1233
1234 l2cap_chan_lock(chan);
1235
1236 /* If SMP is already in progress ignore this request */
1237 if (chan->data) {
1238 ret = 0;
1239 goto unlock;
1240 }
1241
1242 smp = smp_chan_create(conn);
1243 if (!smp) {
1244 ret = 1;
1245 goto unlock;
1246 }
1247
1248 authreq = seclevel_to_authreq(sec_level);
1249
1250 /* Require MITM if IO Capability allows or the security level
1251 * requires it.
1252 */
1253 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1254 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1255 authreq |= SMP_AUTH_MITM;
1256
1257 if (hcon->role == HCI_ROLE_MASTER) {
1258 struct smp_cmd_pairing cp;
1259
1260 build_pairing_cmd(conn, &cp, NULL, authreq);
1261 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1262 memcpy(&smp->preq[1], &cp, sizeof(cp));
1263
1264 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1265 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1266 } else {
1267 struct smp_cmd_security_req cp;
1268 cp.auth_req = authreq;
1269 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1270 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1271 }
1272
1273 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1274 ret = 0;
1275
1276 unlock:
1277 l2cap_chan_unlock(chan);
1278 return ret;
1279 }
1280
1281 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1282 {
1283 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1284 struct l2cap_chan *chan = conn->smp;
1285 struct smp_chan *smp = chan->data;
1286
1287 BT_DBG("conn %p", conn);
1288
1289 if (skb->len < sizeof(*rp))
1290 return SMP_INVALID_PARAMS;
1291
1292 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1293
1294 skb_pull(skb, sizeof(*rp));
1295
1296 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1297
1298 return 0;
1299 }
1300
1301 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1302 {
1303 struct smp_cmd_master_ident *rp = (void *) skb->data;
1304 struct l2cap_chan *chan = conn->smp;
1305 struct smp_chan *smp = chan->data;
1306 struct hci_dev *hdev = conn->hcon->hdev;
1307 struct hci_conn *hcon = conn->hcon;
1308 struct smp_ltk *ltk;
1309 u8 authenticated;
1310
1311 BT_DBG("conn %p", conn);
1312
1313 if (skb->len < sizeof(*rp))
1314 return SMP_INVALID_PARAMS;
1315
1316 /* Mark the information as received */
1317 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1318
1319 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1320 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1321 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1322 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1323
1324 skb_pull(skb, sizeof(*rp));
1325
1326 hci_dev_lock(hdev);
1327 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1328 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1329 authenticated, smp->tk, smp->enc_key_size,
1330 rp->ediv, rp->rand);
1331 smp->ltk = ltk;
1332 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1333 smp_distribute_keys(smp);
1334 hci_dev_unlock(hdev);
1335
1336 return 0;
1337 }
1338
1339 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1340 {
1341 struct smp_cmd_ident_info *info = (void *) skb->data;
1342 struct l2cap_chan *chan = conn->smp;
1343 struct smp_chan *smp = chan->data;
1344
1345 BT_DBG("");
1346
1347 if (skb->len < sizeof(*info))
1348 return SMP_INVALID_PARAMS;
1349
1350 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1351
1352 skb_pull(skb, sizeof(*info));
1353
1354 memcpy(smp->irk, info->irk, 16);
1355
1356 return 0;
1357 }
1358
1359 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1360 struct sk_buff *skb)
1361 {
1362 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1363 struct l2cap_chan *chan = conn->smp;
1364 struct smp_chan *smp = chan->data;
1365 struct hci_conn *hcon = conn->hcon;
1366 bdaddr_t rpa;
1367
1368 BT_DBG("");
1369
1370 if (skb->len < sizeof(*info))
1371 return SMP_INVALID_PARAMS;
1372
1373 /* Mark the information as received */
1374 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1375
1376 if (smp->remote_key_dist & SMP_DIST_SIGN)
1377 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1378
1379 skb_pull(skb, sizeof(*info));
1380
1381 hci_dev_lock(hcon->hdev);
1382
1383 /* Strictly speaking the Core Specification (4.1) allows sending
1384 * an empty address which would force us to rely on just the IRK
1385 * as "identity information". However, since such
1386 * implementations are not known of and in order to not over
1387 * complicate our implementation, simply pretend that we never
1388 * received an IRK for such a device.
1389 */
1390 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1391 BT_ERR("Ignoring IRK with no identity address");
1392 goto distribute;
1393 }
1394
1395 bacpy(&smp->id_addr, &info->bdaddr);
1396 smp->id_addr_type = info->addr_type;
1397
1398 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1399 bacpy(&rpa, &hcon->dst);
1400 else
1401 bacpy(&rpa, BDADDR_ANY);
1402
1403 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1404 smp->id_addr_type, smp->irk, &rpa);
1405
1406 distribute:
1407 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1408 smp_distribute_keys(smp);
1409
1410 hci_dev_unlock(hcon->hdev);
1411
1412 return 0;
1413 }
1414
1415 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1416 {
1417 struct smp_cmd_sign_info *rp = (void *) skb->data;
1418 struct l2cap_chan *chan = conn->smp;
1419 struct smp_chan *smp = chan->data;
1420 struct hci_dev *hdev = conn->hcon->hdev;
1421 struct smp_csrk *csrk;
1422
1423 BT_DBG("conn %p", conn);
1424
1425 if (skb->len < sizeof(*rp))
1426 return SMP_INVALID_PARAMS;
1427
1428 /* Mark the information as received */
1429 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1430
1431 skb_pull(skb, sizeof(*rp));
1432
1433 hci_dev_lock(hdev);
1434 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1435 if (csrk) {
1436 csrk->master = 0x01;
1437 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1438 }
1439 smp->csrk = csrk;
1440 smp_distribute_keys(smp);
1441 hci_dev_unlock(hdev);
1442
1443 return 0;
1444 }
1445
1446 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1447 {
1448 struct l2cap_conn *conn = chan->conn;
1449 struct hci_conn *hcon = conn->hcon;
1450 struct smp_chan *smp;
1451 __u8 code, reason;
1452 int err = 0;
1453
1454 if (hcon->type != LE_LINK) {
1455 kfree_skb(skb);
1456 return 0;
1457 }
1458
1459 if (skb->len < 1)
1460 return -EILSEQ;
1461
1462 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1463 reason = SMP_PAIRING_NOTSUPP;
1464 goto done;
1465 }
1466
1467 code = skb->data[0];
1468 skb_pull(skb, sizeof(code));
1469
1470 smp = chan->data;
1471
1472 if (code > SMP_CMD_MAX)
1473 goto drop;
1474
1475 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1476 goto drop;
1477
1478 /* If we don't have a context the only allowed commands are
1479 * pairing request and security request.
1480 */
1481 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1482 goto drop;
1483
1484 switch (code) {
1485 case SMP_CMD_PAIRING_REQ:
1486 reason = smp_cmd_pairing_req(conn, skb);
1487 break;
1488
1489 case SMP_CMD_PAIRING_FAIL:
1490 smp_failure(conn, 0);
1491 err = -EPERM;
1492 break;
1493
1494 case SMP_CMD_PAIRING_RSP:
1495 reason = smp_cmd_pairing_rsp(conn, skb);
1496 break;
1497
1498 case SMP_CMD_SECURITY_REQ:
1499 reason = smp_cmd_security_req(conn, skb);
1500 break;
1501
1502 case SMP_CMD_PAIRING_CONFIRM:
1503 reason = smp_cmd_pairing_confirm(conn, skb);
1504 break;
1505
1506 case SMP_CMD_PAIRING_RANDOM:
1507 reason = smp_cmd_pairing_random(conn, skb);
1508 break;
1509
1510 case SMP_CMD_ENCRYPT_INFO:
1511 reason = smp_cmd_encrypt_info(conn, skb);
1512 break;
1513
1514 case SMP_CMD_MASTER_IDENT:
1515 reason = smp_cmd_master_ident(conn, skb);
1516 break;
1517
1518 case SMP_CMD_IDENT_INFO:
1519 reason = smp_cmd_ident_info(conn, skb);
1520 break;
1521
1522 case SMP_CMD_IDENT_ADDR_INFO:
1523 reason = smp_cmd_ident_addr_info(conn, skb);
1524 break;
1525
1526 case SMP_CMD_SIGN_INFO:
1527 reason = smp_cmd_sign_info(conn, skb);
1528 break;
1529
1530 default:
1531 BT_DBG("Unknown command code 0x%2.2x", code);
1532 reason = SMP_CMD_NOTSUPP;
1533 goto done;
1534 }
1535
1536 done:
1537 if (!err) {
1538 if (reason)
1539 smp_failure(conn, reason);
1540 kfree_skb(skb);
1541 }
1542
1543 return err;
1544
1545 drop:
1546 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1547 code, &hcon->dst);
1548 kfree_skb(skb);
1549 return 0;
1550 }
1551
1552 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1553 {
1554 struct l2cap_conn *conn = chan->conn;
1555
1556 BT_DBG("chan %p", chan);
1557
1558 if (chan->data)
1559 smp_chan_destroy(conn);
1560
1561 conn->smp = NULL;
1562 l2cap_chan_put(chan);
1563 }
1564
1565 static void smp_resume_cb(struct l2cap_chan *chan)
1566 {
1567 struct smp_chan *smp = chan->data;
1568 struct l2cap_conn *conn = chan->conn;
1569 struct hci_conn *hcon = conn->hcon;
1570
1571 BT_DBG("chan %p", chan);
1572
1573 if (!smp)
1574 return;
1575
1576 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1577 return;
1578
1579 cancel_delayed_work(&smp->security_timer);
1580
1581 smp_distribute_keys(smp);
1582 }
1583
1584 static void smp_ready_cb(struct l2cap_chan *chan)
1585 {
1586 struct l2cap_conn *conn = chan->conn;
1587
1588 BT_DBG("chan %p", chan);
1589
1590 conn->smp = chan;
1591 l2cap_chan_hold(chan);
1592 }
1593
1594 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1595 {
1596 int err;
1597
1598 BT_DBG("chan %p", chan);
1599
1600 err = smp_sig_channel(chan, skb);
1601 if (err) {
1602 struct smp_chan *smp = chan->data;
1603
1604 if (smp)
1605 cancel_delayed_work_sync(&smp->security_timer);
1606
1607 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1608 }
1609
1610 return err;
1611 }
1612
1613 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1614 unsigned long hdr_len,
1615 unsigned long len, int nb)
1616 {
1617 struct sk_buff *skb;
1618
1619 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1620 if (!skb)
1621 return ERR_PTR(-ENOMEM);
1622
1623 skb->priority = HCI_PRIO_MAX;
1624 bt_cb(skb)->chan = chan;
1625
1626 return skb;
1627 }
1628
1629 static const struct l2cap_ops smp_chan_ops = {
1630 .name = "Security Manager",
1631 .ready = smp_ready_cb,
1632 .recv = smp_recv_cb,
1633 .alloc_skb = smp_alloc_skb_cb,
1634 .teardown = smp_teardown_cb,
1635 .resume = smp_resume_cb,
1636
1637 .new_connection = l2cap_chan_no_new_connection,
1638 .state_change = l2cap_chan_no_state_change,
1639 .close = l2cap_chan_no_close,
1640 .defer = l2cap_chan_no_defer,
1641 .suspend = l2cap_chan_no_suspend,
1642 .set_shutdown = l2cap_chan_no_set_shutdown,
1643 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1644 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1645 };
1646
1647 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1648 {
1649 struct l2cap_chan *chan;
1650
1651 BT_DBG("pchan %p", pchan);
1652
1653 chan = l2cap_chan_create();
1654 if (!chan)
1655 return NULL;
1656
1657 chan->chan_type = pchan->chan_type;
1658 chan->ops = &smp_chan_ops;
1659 chan->scid = pchan->scid;
1660 chan->dcid = chan->scid;
1661 chan->imtu = pchan->imtu;
1662 chan->omtu = pchan->omtu;
1663 chan->mode = pchan->mode;
1664
1665 BT_DBG("created chan %p", chan);
1666
1667 return chan;
1668 }
1669
1670 static const struct l2cap_ops smp_root_chan_ops = {
1671 .name = "Security Manager Root",
1672 .new_connection = smp_new_conn_cb,
1673
1674 /* None of these are implemented for the root channel */
1675 .close = l2cap_chan_no_close,
1676 .alloc_skb = l2cap_chan_no_alloc_skb,
1677 .recv = l2cap_chan_no_recv,
1678 .state_change = l2cap_chan_no_state_change,
1679 .teardown = l2cap_chan_no_teardown,
1680 .ready = l2cap_chan_no_ready,
1681 .defer = l2cap_chan_no_defer,
1682 .suspend = l2cap_chan_no_suspend,
1683 .resume = l2cap_chan_no_resume,
1684 .set_shutdown = l2cap_chan_no_set_shutdown,
1685 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1686 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1687 };
1688
1689 int smp_register(struct hci_dev *hdev)
1690 {
1691 struct l2cap_chan *chan;
1692 struct crypto_blkcipher *tfm_aes;
1693
1694 BT_DBG("%s", hdev->name);
1695
1696 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1697 if (IS_ERR(tfm_aes)) {
1698 int err = PTR_ERR(tfm_aes);
1699 BT_ERR("Unable to create crypto context");
1700 return err;
1701 }
1702
1703 chan = l2cap_chan_create();
1704 if (!chan) {
1705 crypto_free_blkcipher(tfm_aes);
1706 return -ENOMEM;
1707 }
1708
1709 chan->data = tfm_aes;
1710
1711 l2cap_add_scid(chan, L2CAP_CID_SMP);
1712
1713 l2cap_chan_set_defaults(chan);
1714
1715 bacpy(&chan->src, &hdev->bdaddr);
1716 chan->src_type = BDADDR_LE_PUBLIC;
1717 chan->state = BT_LISTEN;
1718 chan->mode = L2CAP_MODE_BASIC;
1719 chan->imtu = L2CAP_DEFAULT_MTU;
1720 chan->ops = &smp_root_chan_ops;
1721
1722 hdev->smp_data = chan;
1723
1724 return 0;
1725 }
1726
1727 void smp_unregister(struct hci_dev *hdev)
1728 {
1729 struct l2cap_chan *chan = hdev->smp_data;
1730 struct crypto_blkcipher *tfm_aes;
1731
1732 if (!chan)
1733 return;
1734
1735 BT_DBG("%s chan %p", hdev->name, chan);
1736
1737 tfm_aes = chan->data;
1738 if (tfm_aes) {
1739 chan->data = NULL;
1740 crypto_free_blkcipher(tfm_aes);
1741 }
1742
1743 hdev->smp_data = NULL;
1744 l2cap_chan_put(chan);
1745 }
1746
1747 #ifdef CONFIG_BT_SELFTEST
1748
1749 static int __init run_selftests(struct crypto_blkcipher *tfm_aes)
1750 {
1751 return 0;
1752 }
1753
1754 static int __init test_smp(void)
1755 {
1756 struct crypto_blkcipher *tfm_aes;
1757 int err;
1758
1759 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1760 if (IS_ERR(tfm_aes)) {
1761 BT_ERR("Unable to create ECB crypto context");
1762 return PTR_ERR(tfm_aes);
1763 }
1764
1765 err = run_selftests(tfm_aes);
1766 if (err < 0)
1767 BT_ERR("Self tests failed");
1768 else
1769 BT_INFO("Self-tests passed");
1770
1771 crypto_free_blkcipher(tfm_aes);
1772
1773 return err;
1774 }
1775
1776 module_init(test_smp);
1777
1778 #endif /* CONFIG_BT_SELFTEST */
Linux kernel - Deliverables
This page took 0.064255 seconds and 6 git commands to generate.