projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Convert SMP to use l2cap_chan infrastructure
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 u8 preq[7]; /* SMP Pairing Request */
49 u8 prsp[7]; /* SMP Pairing Response */
50 u8 prnd[16]; /* SMP Pairing Random (local) */
51 u8 rrnd[16]; /* SMP Pairing Random (remote) */
52 u8 pcnf[16]; /* SMP Pairing Confirm */
53 u8 tk[16]; /* SMP Temporary Key */
54 u8 enc_key_size;
55 u8 remote_key_dist;
56 bdaddr_t id_addr;
57 u8 id_addr_type;
58 u8 irk[16];
59 struct smp_csrk *csrk;
60 struct smp_csrk *slave_csrk;
61 struct smp_ltk *ltk;
62 struct smp_ltk *slave_ltk;
63 struct smp_irk *remote_irk;
64 unsigned long flags;
65
66 struct crypto_blkcipher *tfm_aes;
67 };
68
69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
70 {
71 size_t i;
72
73 for (i = 0; i < len; i++)
74 dst[len - 1 - i] = src[i];
75 }
76
77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 {
79 struct blkcipher_desc desc;
80 struct scatterlist sg;
81 uint8_t tmp[16], data[16];
82 int err;
83
84 if (tfm == NULL) {
85 BT_ERR("tfm %p", tfm);
86 return -EINVAL;
87 }
88
89 desc.tfm = tfm;
90 desc.flags = 0;
91
92 /* The most significant octet of key corresponds to k[0] */
93 swap_buf(k, tmp, 16);
94
95 err = crypto_blkcipher_setkey(tfm, tmp, 16);
96 if (err) {
97 BT_ERR("cipher setkey failed: %d", err);
98 return err;
99 }
100
101 /* Most significant octet of plaintextData corresponds to data[0] */
102 swap_buf(r, data, 16);
103
104 sg_init_one(&sg, data, 16);
105
106 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
107 if (err)
108 BT_ERR("Encrypt data error %d", err);
109
110 /* Most significant octet of encryptedData corresponds to data[0] */
111 swap_buf(data, r, 16);
112
113 return err;
114 }
115
116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
117 {
118 u8 _res[16];
119 int err;
120
121 /* r' = padding || r */
122 memcpy(_res, r, 3);
123 memset(_res + 3, 0, 13);
124
125 err = smp_e(tfm, irk, _res);
126 if (err) {
127 BT_ERR("Encrypt error");
128 return err;
129 }
130
131 /* The output of the random address function ah is:
132 * ah(h, r) = e(k, r') mod 2^24
133 * The output of the security function e is then truncated to 24 bits
134 * by taking the least significant 24 bits of the output of e as the
135 * result of ah.
136 */
137 memcpy(res, _res, 3);
138
139 return 0;
140 }
141
142 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
143 {
144 struct l2cap_chan *chan = hdev->smp_data;
145 struct crypto_blkcipher *tfm;
146 u8 hash[3];
147 int err;
148
149 if (!chan || !chan->data)
150 return false;
151
152 tfm = chan->data;
153
154 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
155
156 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
157 if (err)
158 return false;
159
160 return !memcmp(bdaddr->b, hash, 3);
161 }
162
163 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
164 {
165 struct l2cap_chan *chan = hdev->smp_data;
166 struct crypto_blkcipher *tfm;
167 int err;
168
169 if (!chan || !chan->data)
170 return -EOPNOTSUPP;
171
172 tfm = chan->data;
173
174 get_random_bytes(&rpa->b[3], 3);
175
176 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
177 rpa->b[5] |= 0x40; /* Set second most significant bit */
178
179 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
180 if (err < 0)
181 return err;
182
183 BT_DBG("RPA %pMR", rpa);
184
185 return 0;
186 }
187
188 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
189 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
190 u8 res[16])
191 {
192 struct hci_dev *hdev = smp->conn->hcon->hdev;
193 u8 p1[16], p2[16];
194 int err;
195
196 BT_DBG("%s", hdev->name);
197
198 memset(p1, 0, 16);
199
200 /* p1 = pres || preq || _rat || _iat */
201 p1[0] = _iat;
202 p1[1] = _rat;
203 memcpy(p1 + 2, preq, 7);
204 memcpy(p1 + 9, pres, 7);
205
206 /* p2 = padding || ia || ra */
207 memcpy(p2, ra, 6);
208 memcpy(p2 + 6, ia, 6);
209 memset(p2 + 12, 0, 4);
210
211 /* res = r XOR p1 */
212 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
213
214 /* res = e(k, res) */
215 err = smp_e(smp->tfm_aes, k, res);
216 if (err) {
217 BT_ERR("Encrypt data error");
218 return err;
219 }
220
221 /* res = res XOR p2 */
222 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
223
224 /* res = e(k, res) */
225 err = smp_e(smp->tfm_aes, k, res);
226 if (err)
227 BT_ERR("Encrypt data error");
228
229 return err;
230 }
231
232 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
233 u8 _r[16])
234 {
235 struct hci_dev *hdev = smp->conn->hcon->hdev;
236 int err;
237
238 BT_DBG("%s", hdev->name);
239
240 /* Just least significant octets from r1 and r2 are considered */
241 memcpy(_r, r2, 8);
242 memcpy(_r + 8, r1, 8);
243
244 err = smp_e(smp->tfm_aes, k, _r);
245 if (err)
246 BT_ERR("Encrypt data error");
247
248 return err;
249 }
250
251 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252 {
253 struct l2cap_chan *chan = conn->smp;
254 struct kvec iv[2];
255 struct msghdr msg;
256
257 if (!chan)
258 return;
259
260 BT_DBG("code 0x%2.2x", code);
261
262 iv[0].iov_base = &code;
263 iv[0].iov_len = 1;
264
265 iv[1].iov_base = data;
266 iv[1].iov_len = len;
267
268 memset(&msg, 0, sizeof(msg));
269
270 msg.msg_iov = (struct iovec *) &iv;
271 msg.msg_iovlen = 2;
272
273 l2cap_chan_send(chan, &msg, 1 + len);
274
275 cancel_delayed_work_sync(&conn->security_timer);
276 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
277 }
278
279 static __u8 authreq_to_seclevel(__u8 authreq)
280 {
281 if (authreq & SMP_AUTH_MITM)
282 return BT_SECURITY_HIGH;
283 else
284 return BT_SECURITY_MEDIUM;
285 }
286
287 static __u8 seclevel_to_authreq(__u8 sec_level)
288 {
289 switch (sec_level) {
290 case BT_SECURITY_HIGH:
291 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
292 case BT_SECURITY_MEDIUM:
293 return SMP_AUTH_BONDING;
294 default:
295 return SMP_AUTH_NONE;
296 }
297 }
298
299 static void build_pairing_cmd(struct l2cap_conn *conn,
300 struct smp_cmd_pairing *req,
301 struct smp_cmd_pairing *rsp, __u8 authreq)
302 {
303 struct l2cap_chan *chan = conn->smp;
304 struct smp_chan *smp = chan->data;
305 struct hci_conn *hcon = conn->hcon;
306 struct hci_dev *hdev = hcon->hdev;
307 u8 local_dist = 0, remote_dist = 0;
308
309 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
310 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
311 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 authreq |= SMP_AUTH_BONDING;
313 } else {
314 authreq &= ~SMP_AUTH_BONDING;
315 }
316
317 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
318 remote_dist |= SMP_DIST_ID_KEY;
319
320 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
321 local_dist |= SMP_DIST_ID_KEY;
322
323 if (rsp == NULL) {
324 req->io_capability = conn->hcon->io_capability;
325 req->oob_flag = SMP_OOB_NOT_PRESENT;
326 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
327 req->init_key_dist = local_dist;
328 req->resp_key_dist = remote_dist;
329 req->auth_req = (authreq & AUTH_REQ_MASK);
330
331 smp->remote_key_dist = remote_dist;
332 return;
333 }
334
335 rsp->io_capability = conn->hcon->io_capability;
336 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
337 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
338 rsp->init_key_dist = req->init_key_dist & remote_dist;
339 rsp->resp_key_dist = req->resp_key_dist & local_dist;
340 rsp->auth_req = (authreq & AUTH_REQ_MASK);
341
342 smp->remote_key_dist = rsp->init_key_dist;
343 }
344
345 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
346 {
347 struct l2cap_chan *chan = conn->smp;
348 struct smp_chan *smp = chan->data;
349
350 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
351 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
352 return SMP_ENC_KEY_SIZE;
353
354 smp->enc_key_size = max_key_size;
355
356 return 0;
357 }
358
359 static void smp_failure(struct l2cap_conn *conn, u8 reason)
360 {
361 struct hci_conn *hcon = conn->hcon;
362
363 if (reason)
364 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
365 &reason);
366
367 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
368 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
369 HCI_ERROR_AUTH_FAILURE);
370
371 cancel_delayed_work_sync(&conn->security_timer);
372
373 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
374 smp_chan_destroy(conn);
375 }
376
377 #define JUST_WORKS 0x00
378 #define JUST_CFM 0x01
379 #define REQ_PASSKEY 0x02
380 #define CFM_PASSKEY 0x03
381 #define REQ_OOB 0x04
382 #define OVERLAP 0xFF
383
384 static const u8 gen_method[5][5] = {
385 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
386 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
387 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
388 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
389 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
390 };
391
392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
393 {
394 /* If either side has unknown io_caps, use JUST_CFM (which gets
395 * converted later to JUST_WORKS if we're initiators.
396 */
397 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
398 remote_io > SMP_IO_KEYBOARD_DISPLAY)
399 return JUST_CFM;
400
401 return gen_method[remote_io][local_io];
402 }
403
404 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
405 u8 local_io, u8 remote_io)
406 {
407 struct hci_conn *hcon = conn->hcon;
408 struct l2cap_chan *chan = conn->smp;
409 struct smp_chan *smp = chan->data;
410 u8 method;
411 u32 passkey = 0;
412 int ret = 0;
413
414 /* Initialize key for JUST WORKS */
415 memset(smp->tk, 0, sizeof(smp->tk));
416 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
417
418 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
419
420 /* If neither side wants MITM, either "just" confirm an incoming
421 * request or use just-works for outgoing ones. The JUST_CFM
422 * will be converted to JUST_WORKS if necessary later in this
423 * function. If either side has MITM look up the method from the
424 * table.
425 */
426 if (!(auth & SMP_AUTH_MITM))
427 method = JUST_CFM;
428 else
429 method = get_auth_method(smp, local_io, remote_io);
430
431 /* Don't confirm locally initiated pairing attempts */
432 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
433 method = JUST_WORKS;
434
435 /* Don't bother user space with no IO capabilities */
436 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
437 method = JUST_WORKS;
438
439 /* If Just Works, Continue with Zero TK */
440 if (method == JUST_WORKS) {
441 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
442 return 0;
443 }
444
445 /* Not Just Works/Confirm results in MITM Authentication */
446 if (method != JUST_CFM)
447 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
448
449 /* If both devices have Keyoard-Display I/O, the master
450 * Confirms and the slave Enters the passkey.
451 */
452 if (method == OVERLAP) {
453 if (hcon->role == HCI_ROLE_MASTER)
454 method = CFM_PASSKEY;
455 else
456 method = REQ_PASSKEY;
457 }
458
459 /* Generate random passkey. */
460 if (method == CFM_PASSKEY) {
461 memset(smp->tk, 0, sizeof(smp->tk));
462 get_random_bytes(&passkey, sizeof(passkey));
463 passkey %= 1000000;
464 put_unaligned_le32(passkey, smp->tk);
465 BT_DBG("PassKey: %d", passkey);
466 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
467 }
468
469 hci_dev_lock(hcon->hdev);
470
471 if (method == REQ_PASSKEY)
472 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
473 hcon->type, hcon->dst_type);
474 else if (method == JUST_CFM)
475 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
476 hcon->type, hcon->dst_type,
477 passkey, 1);
478 else
479 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
480 hcon->type, hcon->dst_type,
481 passkey, 0);
482
483 hci_dev_unlock(hcon->hdev);
484
485 return ret;
486 }
487
488 static u8 smp_confirm(struct smp_chan *smp)
489 {
490 struct l2cap_conn *conn = smp->conn;
491 struct smp_cmd_pairing_confirm cp;
492 int ret;
493
494 BT_DBG("conn %p", conn);
495
496 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
497 conn->hcon->init_addr_type, &conn->hcon->init_addr,
498 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
499 cp.confirm_val);
500 if (ret)
501 return SMP_UNSPECIFIED;
502
503 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
504
505 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
506
507 return 0;
508 }
509
510 static u8 smp_random(struct smp_chan *smp)
511 {
512 struct l2cap_conn *conn = smp->conn;
513 struct hci_conn *hcon = conn->hcon;
514 u8 confirm[16];
515 int ret;
516
517 if (IS_ERR_OR_NULL(smp->tfm_aes))
518 return SMP_UNSPECIFIED;
519
520 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
521
522 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
523 hcon->init_addr_type, &hcon->init_addr,
524 hcon->resp_addr_type, &hcon->resp_addr, confirm);
525 if (ret)
526 return SMP_UNSPECIFIED;
527
528 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
529 BT_ERR("Pairing failed (confirmation values mismatch)");
530 return SMP_CONFIRM_FAILED;
531 }
532
533 if (hcon->out) {
534 u8 stk[16];
535 __le64 rand = 0;
536 __le16 ediv = 0;
537
538 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
539
540 memset(stk + smp->enc_key_size, 0,
541 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
542
543 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
544 return SMP_UNSPECIFIED;
545
546 hci_le_start_enc(hcon, ediv, rand, stk);
547 hcon->enc_key_size = smp->enc_key_size;
548 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
549 } else {
550 u8 stk[16], auth;
551 __le64 rand = 0;
552 __le16 ediv = 0;
553
554 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
555 smp->prnd);
556
557 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
558
559 memset(stk + smp->enc_key_size, 0,
560 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
561
562 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
563 auth = 1;
564 else
565 auth = 0;
566
567 /* Even though there's no _SLAVE suffix this is the
568 * slave STK we're adding for later lookup (the master
569 * STK never needs to be stored).
570 */
571 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
572 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
573 }
574
575 return 0;
576 }
577
578 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
579 {
580 struct l2cap_chan *chan = conn->smp;
581 struct smp_chan *smp;
582
583 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
584 if (!smp) {
585 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
586 return NULL;
587 }
588
589 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
590 if (IS_ERR(smp->tfm_aes)) {
591 BT_ERR("Unable to create ECB crypto context");
592 kfree(smp);
593 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
594 return NULL;
595 }
596
597 smp->conn = conn;
598 chan->data = smp;
599
600 hci_conn_hold(conn->hcon);
601
602 return smp;
603 }
604
605 void smp_chan_destroy(struct l2cap_conn *conn)
606 {
607 struct l2cap_chan *chan = conn->smp;
608 struct smp_chan *smp = chan->data;
609 bool complete;
610
611 BUG_ON(!smp);
612
613 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
614 mgmt_smp_complete(conn->hcon, complete);
615
616 kfree(smp->csrk);
617 kfree(smp->slave_csrk);
618
619 crypto_free_blkcipher(smp->tfm_aes);
620
621 /* If pairing failed clean up any keys we might have */
622 if (!complete) {
623 if (smp->ltk) {
624 list_del(&smp->ltk->list);
625 kfree(smp->ltk);
626 }
627
628 if (smp->slave_ltk) {
629 list_del(&smp->slave_ltk->list);
630 kfree(smp->slave_ltk);
631 }
632
633 if (smp->remote_irk) {
634 list_del(&smp->remote_irk->list);
635 kfree(smp->remote_irk);
636 }
637 }
638
639 chan->data = NULL;
640 kfree(smp);
641 hci_conn_drop(conn->hcon);
642 }
643
644 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
645 {
646 struct l2cap_conn *conn = hcon->l2cap_data;
647 struct l2cap_chan *chan;
648 struct smp_chan *smp;
649 u32 value;
650
651 BT_DBG("");
652
653 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
654 return -ENOTCONN;
655
656 chan = conn->smp;
657 if (!chan)
658 return -ENOTCONN;
659
660 smp = chan->data;
661
662 switch (mgmt_op) {
663 case MGMT_OP_USER_PASSKEY_REPLY:
664 value = le32_to_cpu(passkey);
665 memset(smp->tk, 0, sizeof(smp->tk));
666 BT_DBG("PassKey: %d", value);
667 put_unaligned_le32(value, smp->tk);
668 /* Fall Through */
669 case MGMT_OP_USER_CONFIRM_REPLY:
670 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
671 break;
672 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
673 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
674 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
675 return 0;
676 default:
677 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
678 return -EOPNOTSUPP;
679 }
680
681 /* If it is our turn to send Pairing Confirm, do so now */
682 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
683 u8 rsp = smp_confirm(smp);
684 if (rsp)
685 smp_failure(conn, rsp);
686 }
687
688 return 0;
689 }
690
691 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
692 {
693 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
694 struct hci_dev *hdev = conn->hcon->hdev;
695 struct smp_chan *smp;
696 u8 key_size, auth, sec_level;
697 int ret;
698
699 BT_DBG("conn %p", conn);
700
701 if (skb->len < sizeof(*req))
702 return SMP_INVALID_PARAMS;
703
704 if (conn->hcon->role != HCI_ROLE_SLAVE)
705 return SMP_CMD_NOTSUPP;
706
707 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
708 smp = smp_chan_create(conn);
709 } else {
710 struct l2cap_chan *chan = conn->smp;
711 smp = chan->data;
712 }
713
714 if (!smp)
715 return SMP_UNSPECIFIED;
716
717 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
718 (req->auth_req & SMP_AUTH_BONDING))
719 return SMP_PAIRING_NOTSUPP;
720
721 smp->preq[0] = SMP_CMD_PAIRING_REQ;
722 memcpy(&smp->preq[1], req, sizeof(*req));
723 skb_pull(skb, sizeof(*req));
724
725 /* We didn't start the pairing, so match remote */
726 auth = req->auth_req;
727
728 sec_level = authreq_to_seclevel(auth);
729 if (sec_level > conn->hcon->pending_sec_level)
730 conn->hcon->pending_sec_level = sec_level;
731
732 /* If we need MITM check that it can be acheived */
733 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
734 u8 method;
735
736 method = get_auth_method(smp, conn->hcon->io_capability,
737 req->io_capability);
738 if (method == JUST_WORKS || method == JUST_CFM)
739 return SMP_AUTH_REQUIREMENTS;
740 }
741
742 build_pairing_cmd(conn, req, &rsp, auth);
743
744 key_size = min(req->max_key_size, rsp.max_key_size);
745 if (check_enc_key_size(conn, key_size))
746 return SMP_ENC_KEY_SIZE;
747
748 get_random_bytes(smp->prnd, sizeof(smp->prnd));
749
750 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
751 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
752
753 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
754
755 /* Request setup of TK */
756 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
757 if (ret)
758 return SMP_UNSPECIFIED;
759
760 return 0;
761 }
762
763 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
764 {
765 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
766 struct l2cap_chan *chan = conn->smp;
767 struct smp_chan *smp = chan->data;
768 u8 key_size, auth = SMP_AUTH_NONE;
769 int ret;
770
771 BT_DBG("conn %p", conn);
772
773 if (skb->len < sizeof(*rsp))
774 return SMP_INVALID_PARAMS;
775
776 if (conn->hcon->role != HCI_ROLE_MASTER)
777 return SMP_CMD_NOTSUPP;
778
779 skb_pull(skb, sizeof(*rsp));
780
781 req = (void *) &smp->preq[1];
782
783 key_size = min(req->max_key_size, rsp->max_key_size);
784 if (check_enc_key_size(conn, key_size))
785 return SMP_ENC_KEY_SIZE;
786
787 /* If we need MITM check that it can be acheived */
788 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
789 u8 method;
790
791 method = get_auth_method(smp, req->io_capability,
792 rsp->io_capability);
793 if (method == JUST_WORKS || method == JUST_CFM)
794 return SMP_AUTH_REQUIREMENTS;
795 }
796
797 get_random_bytes(smp->prnd, sizeof(smp->prnd));
798
799 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
800 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
801
802 /* Update remote key distribution in case the remote cleared
803 * some bits that we had enabled in our request.
804 */
805 smp->remote_key_dist &= rsp->resp_key_dist;
806
807 if ((req->auth_req & SMP_AUTH_BONDING) &&
808 (rsp->auth_req & SMP_AUTH_BONDING))
809 auth = SMP_AUTH_BONDING;
810
811 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
812
813 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
814 if (ret)
815 return SMP_UNSPECIFIED;
816
817 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
818
819 /* Can't compose response until we have been confirmed */
820 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
821 return smp_confirm(smp);
822
823 return 0;
824 }
825
826 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
827 {
828 struct l2cap_chan *chan = conn->smp;
829 struct smp_chan *smp = chan->data;
830
831 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
832
833 if (skb->len < sizeof(smp->pcnf))
834 return SMP_INVALID_PARAMS;
835
836 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
837 skb_pull(skb, sizeof(smp->pcnf));
838
839 if (conn->hcon->out)
840 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
841 smp->prnd);
842 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
843 return smp_confirm(smp);
844 else
845 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
846
847 return 0;
848 }
849
850 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
851 {
852 struct l2cap_chan *chan = conn->smp;
853 struct smp_chan *smp = chan->data;
854
855 BT_DBG("conn %p", conn);
856
857 if (skb->len < sizeof(smp->rrnd))
858 return SMP_INVALID_PARAMS;
859
860 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
861 skb_pull(skb, sizeof(smp->rrnd));
862
863 return smp_random(smp);
864 }
865
866 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
867 {
868 struct smp_ltk *key;
869 struct hci_conn *hcon = conn->hcon;
870
871 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
872 hcon->role);
873 if (!key)
874 return false;
875
876 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
877 return false;
878
879 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
880 return true;
881
882 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
883 hcon->enc_key_size = key->enc_size;
884
885 /* We never store STKs for master role, so clear this flag */
886 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
887
888 return true;
889 }
890
891 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
892 {
893 if (sec_level == BT_SECURITY_LOW)
894 return true;
895
896 /* If we're encrypted with an STK always claim insufficient
897 * security. This way we allow the connection to be re-encrypted
898 * with an LTK, even if the LTK provides the same level of
899 * security. Only exception is if we don't have an LTK (e.g.
900 * because of key distribution bits).
901 */
902 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
903 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
904 hcon->role))
905 return false;
906
907 if (hcon->sec_level >= sec_level)
908 return true;
909
910 return false;
911 }
912
913 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
914 {
915 struct smp_cmd_security_req *rp = (void *) skb->data;
916 struct smp_cmd_pairing cp;
917 struct hci_conn *hcon = conn->hcon;
918 struct smp_chan *smp;
919 u8 sec_level;
920
921 BT_DBG("conn %p", conn);
922
923 if (skb->len < sizeof(*rp))
924 return SMP_INVALID_PARAMS;
925
926 if (hcon->role != HCI_ROLE_MASTER)
927 return SMP_CMD_NOTSUPP;
928
929 sec_level = authreq_to_seclevel(rp->auth_req);
930 if (smp_sufficient_security(hcon, sec_level))
931 return 0;
932
933 if (sec_level > hcon->pending_sec_level)
934 hcon->pending_sec_level = sec_level;
935
936 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
937 return 0;
938
939 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
940 return 0;
941
942 smp = smp_chan_create(conn);
943 if (!smp)
944 return SMP_UNSPECIFIED;
945
946 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
947 (rp->auth_req & SMP_AUTH_BONDING))
948 return SMP_PAIRING_NOTSUPP;
949
950 skb_pull(skb, sizeof(*rp));
951
952 memset(&cp, 0, sizeof(cp));
953 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
954
955 smp->preq[0] = SMP_CMD_PAIRING_REQ;
956 memcpy(&smp->preq[1], &cp, sizeof(cp));
957
958 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
959
960 return 0;
961 }
962
963 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
964 {
965 struct l2cap_conn *conn = hcon->l2cap_data;
966 struct smp_chan *smp;
967 __u8 authreq;
968
969 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
970
971 /* This may be NULL if there's an unexpected disconnection */
972 if (!conn)
973 return 1;
974
975 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
976 return 1;
977
978 if (smp_sufficient_security(hcon, sec_level))
979 return 1;
980
981 if (sec_level > hcon->pending_sec_level)
982 hcon->pending_sec_level = sec_level;
983
984 if (hcon->role == HCI_ROLE_MASTER)
985 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
986 return 0;
987
988 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
989 return 0;
990
991 smp = smp_chan_create(conn);
992 if (!smp)
993 return 1;
994
995 authreq = seclevel_to_authreq(sec_level);
996
997 /* Require MITM if IO Capability allows or the security level
998 * requires it.
999 */
1000 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1001 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1002 authreq |= SMP_AUTH_MITM;
1003
1004 if (hcon->role == HCI_ROLE_MASTER) {
1005 struct smp_cmd_pairing cp;
1006
1007 build_pairing_cmd(conn, &cp, NULL, authreq);
1008 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1009 memcpy(&smp->preq[1], &cp, sizeof(cp));
1010
1011 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1012 } else {
1013 struct smp_cmd_security_req cp;
1014 cp.auth_req = authreq;
1015 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1016 }
1017
1018 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1019
1020 return 0;
1021 }
1022
1023 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1024 {
1025 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1026 struct l2cap_chan *chan = conn->smp;
1027 struct smp_chan *smp = chan->data;
1028
1029 BT_DBG("conn %p", conn);
1030
1031 if (skb->len < sizeof(*rp))
1032 return SMP_INVALID_PARAMS;
1033
1034 /* Ignore this PDU if it wasn't requested */
1035 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1036 return 0;
1037
1038 skb_pull(skb, sizeof(*rp));
1039
1040 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1041
1042 return 0;
1043 }
1044
1045 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1046 {
1047 struct smp_cmd_master_ident *rp = (void *) skb->data;
1048 struct l2cap_chan *chan = conn->smp;
1049 struct smp_chan *smp = chan->data;
1050 struct hci_dev *hdev = conn->hcon->hdev;
1051 struct hci_conn *hcon = conn->hcon;
1052 struct smp_ltk *ltk;
1053 u8 authenticated;
1054
1055 BT_DBG("conn %p", conn);
1056
1057 if (skb->len < sizeof(*rp))
1058 return SMP_INVALID_PARAMS;
1059
1060 /* Ignore this PDU if it wasn't requested */
1061 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1062 return 0;
1063
1064 /* Mark the information as received */
1065 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1066
1067 skb_pull(skb, sizeof(*rp));
1068
1069 hci_dev_lock(hdev);
1070 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1071 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1072 authenticated, smp->tk, smp->enc_key_size,
1073 rp->ediv, rp->rand);
1074 smp->ltk = ltk;
1075 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1076 smp_distribute_keys(conn);
1077 hci_dev_unlock(hdev);
1078
1079 return 0;
1080 }
1081
1082 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1083 {
1084 struct smp_cmd_ident_info *info = (void *) skb->data;
1085 struct l2cap_chan *chan = conn->smp;
1086 struct smp_chan *smp = chan->data;
1087
1088 BT_DBG("");
1089
1090 if (skb->len < sizeof(*info))
1091 return SMP_INVALID_PARAMS;
1092
1093 /* Ignore this PDU if it wasn't requested */
1094 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1095 return 0;
1096
1097 skb_pull(skb, sizeof(*info));
1098
1099 memcpy(smp->irk, info->irk, 16);
1100
1101 return 0;
1102 }
1103
1104 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1105 struct sk_buff *skb)
1106 {
1107 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1108 struct l2cap_chan *chan = conn->smp;
1109 struct smp_chan *smp = chan->data;
1110 struct hci_conn *hcon = conn->hcon;
1111 bdaddr_t rpa;
1112
1113 BT_DBG("");
1114
1115 if (skb->len < sizeof(*info))
1116 return SMP_INVALID_PARAMS;
1117
1118 /* Ignore this PDU if it wasn't requested */
1119 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1120 return 0;
1121
1122 /* Mark the information as received */
1123 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1124
1125 skb_pull(skb, sizeof(*info));
1126
1127 hci_dev_lock(hcon->hdev);
1128
1129 /* Strictly speaking the Core Specification (4.1) allows sending
1130 * an empty address which would force us to rely on just the IRK
1131 * as "identity information". However, since such
1132 * implementations are not known of and in order to not over
1133 * complicate our implementation, simply pretend that we never
1134 * received an IRK for such a device.
1135 */
1136 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1137 BT_ERR("Ignoring IRK with no identity address");
1138 goto distribute;
1139 }
1140
1141 bacpy(&smp->id_addr, &info->bdaddr);
1142 smp->id_addr_type = info->addr_type;
1143
1144 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1145 bacpy(&rpa, &hcon->dst);
1146 else
1147 bacpy(&rpa, BDADDR_ANY);
1148
1149 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1150 smp->id_addr_type, smp->irk, &rpa);
1151
1152 distribute:
1153 smp_distribute_keys(conn);
1154
1155 hci_dev_unlock(hcon->hdev);
1156
1157 return 0;
1158 }
1159
1160 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1161 {
1162 struct smp_cmd_sign_info *rp = (void *) skb->data;
1163 struct l2cap_chan *chan = conn->smp;
1164 struct smp_chan *smp = chan->data;
1165 struct hci_dev *hdev = conn->hcon->hdev;
1166 struct smp_csrk *csrk;
1167
1168 BT_DBG("conn %p", conn);
1169
1170 if (skb->len < sizeof(*rp))
1171 return SMP_INVALID_PARAMS;
1172
1173 /* Ignore this PDU if it wasn't requested */
1174 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1175 return 0;
1176
1177 /* Mark the information as received */
1178 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1179
1180 skb_pull(skb, sizeof(*rp));
1181
1182 hci_dev_lock(hdev);
1183 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1184 if (csrk) {
1185 csrk->master = 0x01;
1186 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1187 }
1188 smp->csrk = csrk;
1189 smp_distribute_keys(conn);
1190 hci_dev_unlock(hdev);
1191
1192 return 0;
1193 }
1194
1195 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1196 {
1197 struct l2cap_conn *conn = chan->conn;
1198 struct hci_conn *hcon = conn->hcon;
1199 __u8 code, reason;
1200 int err = 0;
1201
1202 if (hcon->type != LE_LINK) {
1203 kfree_skb(skb);
1204 return 0;
1205 }
1206
1207 if (skb->len < 1) {
1208 kfree_skb(skb);
1209 return -EILSEQ;
1210 }
1211
1212 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1213 err = -EOPNOTSUPP;
1214 reason = SMP_PAIRING_NOTSUPP;
1215 goto done;
1216 }
1217
1218 code = skb->data[0];
1219 skb_pull(skb, sizeof(code));
1220
1221 /*
1222 * The SMP context must be initialized for all other PDUs except
1223 * pairing and security requests. If we get any other PDU when
1224 * not initialized simply disconnect (done if this function
1225 * returns an error).
1226 */
1227 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1228 !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
1229 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1230 kfree_skb(skb);
1231 return -EOPNOTSUPP;
1232 }
1233
1234 switch (code) {
1235 case SMP_CMD_PAIRING_REQ:
1236 reason = smp_cmd_pairing_req(conn, skb);
1237 break;
1238
1239 case SMP_CMD_PAIRING_FAIL:
1240 smp_failure(conn, 0);
1241 reason = 0;
1242 err = -EPERM;
1243 break;
1244
1245 case SMP_CMD_PAIRING_RSP:
1246 reason = smp_cmd_pairing_rsp(conn, skb);
1247 break;
1248
1249 case SMP_CMD_SECURITY_REQ:
1250 reason = smp_cmd_security_req(conn, skb);
1251 break;
1252
1253 case SMP_CMD_PAIRING_CONFIRM:
1254 reason = smp_cmd_pairing_confirm(conn, skb);
1255 break;
1256
1257 case SMP_CMD_PAIRING_RANDOM:
1258 reason = smp_cmd_pairing_random(conn, skb);
1259 break;
1260
1261 case SMP_CMD_ENCRYPT_INFO:
1262 reason = smp_cmd_encrypt_info(conn, skb);
1263 break;
1264
1265 case SMP_CMD_MASTER_IDENT:
1266 reason = smp_cmd_master_ident(conn, skb);
1267 break;
1268
1269 case SMP_CMD_IDENT_INFO:
1270 reason = smp_cmd_ident_info(conn, skb);
1271 break;
1272
1273 case SMP_CMD_IDENT_ADDR_INFO:
1274 reason = smp_cmd_ident_addr_info(conn, skb);
1275 break;
1276
1277 case SMP_CMD_SIGN_INFO:
1278 reason = smp_cmd_sign_info(conn, skb);
1279 break;
1280
1281 default:
1282 BT_DBG("Unknown command code 0x%2.2x", code);
1283
1284 reason = SMP_CMD_NOTSUPP;
1285 err = -EOPNOTSUPP;
1286 goto done;
1287 }
1288
1289 done:
1290 if (reason)
1291 smp_failure(conn, reason);
1292
1293 kfree_skb(skb);
1294 return err;
1295 }
1296
1297 static void smp_notify_keys(struct l2cap_conn *conn)
1298 {
1299 struct l2cap_chan *chan = conn->smp;
1300 struct smp_chan *smp = chan->data;
1301 struct hci_conn *hcon = conn->hcon;
1302 struct hci_dev *hdev = hcon->hdev;
1303 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1304 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1305 bool persistent;
1306
1307 if (smp->remote_irk) {
1308 mgmt_new_irk(hdev, smp->remote_irk);
1309 /* Now that user space can be considered to know the
1310 * identity address track the connection based on it
1311 * from now on.
1312 */
1313 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1314 hcon->dst_type = smp->remote_irk->addr_type;
1315 l2cap_conn_update_id_addr(hcon);
1316
1317 /* When receiving an indentity resolving key for
1318 * a remote device that does not use a resolvable
1319 * private address, just remove the key so that
1320 * it is possible to use the controller white
1321 * list for scanning.
1322 *
1323 * Userspace will have been told to not store
1324 * this key at this point. So it is safe to
1325 * just remove it.
1326 */
1327 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1328 list_del(&smp->remote_irk->list);
1329 kfree(smp->remote_irk);
1330 smp->remote_irk = NULL;
1331 }
1332 }
1333
1334 /* The LTKs and CSRKs should be persistent only if both sides
1335 * had the bonding bit set in their authentication requests.
1336 */
1337 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1338
1339 if (smp->csrk) {
1340 smp->csrk->bdaddr_type = hcon->dst_type;
1341 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1342 mgmt_new_csrk(hdev, smp->csrk, persistent);
1343 }
1344
1345 if (smp->slave_csrk) {
1346 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1347 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1348 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1349 }
1350
1351 if (smp->ltk) {
1352 smp->ltk->bdaddr_type = hcon->dst_type;
1353 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1354 mgmt_new_ltk(hdev, smp->ltk, persistent);
1355 }
1356
1357 if (smp->slave_ltk) {
1358 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1359 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1360 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1361 }
1362 }
1363
1364 int smp_distribute_keys(struct l2cap_conn *conn)
1365 {
1366 struct smp_cmd_pairing *req, *rsp;
1367 struct l2cap_chan *chan = conn->smp;
1368 struct smp_chan *smp = chan->data;
1369 struct hci_conn *hcon = conn->hcon;
1370 struct hci_dev *hdev = hcon->hdev;
1371 __u8 *keydist;
1372
1373 BT_DBG("conn %p", conn);
1374
1375 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1376 return 0;
1377
1378 rsp = (void *) &smp->prsp[1];
1379
1380 /* The responder sends its keys first */
1381 if (hcon->out && (smp->remote_key_dist & 0x07))
1382 return 0;
1383
1384 req = (void *) &smp->preq[1];
1385
1386 if (hcon->out) {
1387 keydist = &rsp->init_key_dist;
1388 *keydist &= req->init_key_dist;
1389 } else {
1390 keydist = &rsp->resp_key_dist;
1391 *keydist &= req->resp_key_dist;
1392 }
1393
1394 BT_DBG("keydist 0x%x", *keydist);
1395
1396 if (*keydist & SMP_DIST_ENC_KEY) {
1397 struct smp_cmd_encrypt_info enc;
1398 struct smp_cmd_master_ident ident;
1399 struct smp_ltk *ltk;
1400 u8 authenticated;
1401 __le16 ediv;
1402 __le64 rand;
1403
1404 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1405 get_random_bytes(&ediv, sizeof(ediv));
1406 get_random_bytes(&rand, sizeof(rand));
1407
1408 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1409
1410 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1411 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1412 SMP_LTK_SLAVE, authenticated, enc.ltk,
1413 smp->enc_key_size, ediv, rand);
1414 smp->slave_ltk = ltk;
1415
1416 ident.ediv = ediv;
1417 ident.rand = rand;
1418
1419 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1420
1421 *keydist &= ~SMP_DIST_ENC_KEY;
1422 }
1423
1424 if (*keydist & SMP_DIST_ID_KEY) {
1425 struct smp_cmd_ident_addr_info addrinfo;
1426 struct smp_cmd_ident_info idinfo;
1427
1428 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1429
1430 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1431
1432 /* The hci_conn contains the local identity address
1433 * after the connection has been established.
1434 *
1435 * This is true even when the connection has been
1436 * established using a resolvable random address.
1437 */
1438 bacpy(&addrinfo.bdaddr, &hcon->src);
1439 addrinfo.addr_type = hcon->src_type;
1440
1441 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1442 &addrinfo);
1443
1444 *keydist &= ~SMP_DIST_ID_KEY;
1445 }
1446
1447 if (*keydist & SMP_DIST_SIGN) {
1448 struct smp_cmd_sign_info sign;
1449 struct smp_csrk *csrk;
1450
1451 /* Generate a new random key */
1452 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1453
1454 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1455 if (csrk) {
1456 csrk->master = 0x00;
1457 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1458 }
1459 smp->slave_csrk = csrk;
1460
1461 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1462
1463 *keydist &= ~SMP_DIST_SIGN;
1464 }
1465
1466 /* If there are still keys to be received wait for them */
1467 if ((smp->remote_key_dist & 0x07))
1468 return 0;
1469
1470 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1471 cancel_delayed_work_sync(&conn->security_timer);
1472 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1473 smp_notify_keys(conn);
1474
1475 smp_chan_destroy(conn);
1476
1477 return 0;
1478 }
1479
1480 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1481 {
1482 struct l2cap_conn *conn = chan->conn;
1483
1484 BT_DBG("chan %p", chan);
1485
1486 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
1487 cancel_delayed_work_sync(&conn->security_timer);
1488 smp_chan_destroy(conn);
1489 }
1490
1491 conn->smp = NULL;
1492 l2cap_chan_put(chan);
1493 }
1494
1495 static void smp_ready_cb(struct l2cap_chan *chan)
1496 {
1497 struct l2cap_conn *conn = chan->conn;
1498
1499 BT_DBG("chan %p", chan);
1500
1501 conn->smp = chan;
1502 l2cap_chan_hold(chan);
1503 }
1504
1505 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1506 unsigned long hdr_len,
1507 unsigned long len, int nb)
1508 {
1509 struct sk_buff *skb;
1510
1511 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1512 if (!skb)
1513 return ERR_PTR(-ENOMEM);
1514
1515 skb->priority = HCI_PRIO_MAX;
1516 bt_cb(skb)->chan = chan;
1517
1518 return skb;
1519 }
1520
1521 static const struct l2cap_ops smp_chan_ops = {
1522 .name = "Security Manager",
1523 .ready = smp_ready_cb,
1524 .recv = smp_recv_cb,
1525 .alloc_skb = smp_alloc_skb_cb,
1526 .teardown = smp_teardown_cb,
1527
1528 .new_connection = l2cap_chan_no_new_connection,
1529 .state_change = l2cap_chan_no_state_change,
1530 .close = l2cap_chan_no_close,
1531 .defer = l2cap_chan_no_defer,
1532 .suspend = l2cap_chan_no_suspend,
1533 .resume = l2cap_chan_no_resume,
1534 .set_shutdown = l2cap_chan_no_set_shutdown,
1535 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1536 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1537 };
1538
1539 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1540 {
1541 struct l2cap_chan *chan;
1542
1543 BT_DBG("pchan %p", pchan);
1544
1545 chan = l2cap_chan_create();
1546 if (!chan)
1547 return NULL;
1548
1549 chan->chan_type = pchan->chan_type;
1550 chan->ops = &smp_chan_ops;
1551 chan->scid = pchan->scid;
1552 chan->dcid = chan->scid;
1553 chan->imtu = pchan->imtu;
1554 chan->omtu = pchan->omtu;
1555 chan->mode = pchan->mode;
1556
1557 BT_DBG("created chan %p", chan);
1558
1559 return chan;
1560 }
1561
1562 static const struct l2cap_ops smp_root_chan_ops = {
1563 .name = "Security Manager Root",
1564 .new_connection = smp_new_conn_cb,
1565
1566 /* None of these are implemented for the root channel */
1567 .close = l2cap_chan_no_close,
1568 .alloc_skb = l2cap_chan_no_alloc_skb,
1569 .recv = l2cap_chan_no_recv,
1570 .state_change = l2cap_chan_no_state_change,
1571 .teardown = l2cap_chan_no_teardown,
1572 .ready = l2cap_chan_no_ready,
1573 .defer = l2cap_chan_no_defer,
1574 .suspend = l2cap_chan_no_suspend,
1575 .resume = l2cap_chan_no_resume,
1576 .set_shutdown = l2cap_chan_no_set_shutdown,
1577 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1578 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1579 };
1580
1581 int smp_register(struct hci_dev *hdev)
1582 {
1583 struct l2cap_chan *chan;
1584 struct crypto_blkcipher *tfm_aes;
1585
1586 BT_DBG("%s", hdev->name);
1587
1588 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1589 if (IS_ERR(tfm_aes)) {
1590 int err = PTR_ERR(tfm_aes);
1591 BT_ERR("Unable to create crypto context");
1592 return err;
1593 }
1594
1595 chan = l2cap_chan_create();
1596 if (!chan) {
1597 crypto_free_blkcipher(tfm_aes);
1598 return -ENOMEM;
1599 }
1600
1601 chan->data = tfm_aes;
1602
1603 l2cap_add_scid(chan, L2CAP_CID_SMP);
1604
1605 l2cap_chan_set_defaults(chan);
1606
1607 bacpy(&chan->src, &hdev->bdaddr);
1608 chan->src_type = BDADDR_LE_PUBLIC;
1609 chan->state = BT_LISTEN;
1610 chan->mode = L2CAP_MODE_BASIC;
1611 chan->imtu = L2CAP_DEFAULT_MTU;
1612 chan->ops = &smp_root_chan_ops;
1613
1614 hdev->smp_data = chan;
1615
1616 return 0;
1617 }
1618
1619 void smp_unregister(struct hci_dev *hdev)
1620 {
1621 struct l2cap_chan *chan = hdev->smp_data;
1622 struct crypto_blkcipher *tfm_aes;
1623
1624 if (!chan)
1625 return;
1626
1627 BT_DBG("%s chan %p", hdev->name, chan);
1628
1629 tfm_aes = chan->data;
1630 if (tfm_aes) {
1631 chan->data = NULL;
1632 crypto_free_blkcipher(tfm_aes);
1633 }
1634
1635 hdev->smp_data = NULL;
1636 l2cap_chan_put(chan);
1637 }
Linux kernel - Deliverables
This page took 0.094233 seconds and 6 git commands to generate.