projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
195 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
196 u8 res[16])
197 {
198 struct hci_dev *hdev = smp->conn->hcon->hdev;
199 u8 p1[16], p2[16];
200 int err;
201
202 BT_DBG("%s", hdev->name);
203
204 memset(p1, 0, 16);
205
206 /* p1 = pres || preq || _rat || _iat */
207 p1[0] = _iat;
208 p1[1] = _rat;
209 memcpy(p1 + 2, preq, 7);
210 memcpy(p1 + 9, pres, 7);
211
212 /* p2 = padding || ia || ra */
213 memcpy(p2, ra, 6);
214 memcpy(p2 + 6, ia, 6);
215 memset(p2 + 12, 0, 4);
216
217 /* res = r XOR p1 */
218 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
219
220 /* res = e(k, res) */
221 err = smp_e(smp->tfm_aes, k, res);
222 if (err) {
223 BT_ERR("Encrypt data error");
224 return err;
225 }
226
227 /* res = res XOR p2 */
228 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
229
230 /* res = e(k, res) */
231 err = smp_e(smp->tfm_aes, k, res);
232 if (err)
233 BT_ERR("Encrypt data error");
234
235 return err;
236 }
237
238 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
239 u8 _r[16])
240 {
241 struct hci_dev *hdev = smp->conn->hcon->hdev;
242 int err;
243
244 BT_DBG("%s", hdev->name);
245
246 /* Just least significant octets from r1 and r2 are considered */
247 memcpy(_r, r2, 8);
248 memcpy(_r + 8, r1, 8);
249
250 err = smp_e(smp->tfm_aes, k, _r);
251 if (err)
252 BT_ERR("Encrypt data error");
253
254 return err;
255 }
256
257 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
258 {
259 struct l2cap_chan *chan = conn->smp;
260 struct smp_chan *smp;
261 struct kvec iv[2];
262 struct msghdr msg;
263
264 if (!chan)
265 return;
266
267 BT_DBG("code 0x%2.2x", code);
268
269 iv[0].iov_base = &code;
270 iv[0].iov_len = 1;
271
272 iv[1].iov_base = data;
273 iv[1].iov_len = len;
274
275 memset(&msg, 0, sizeof(msg));
276
277 msg.msg_iov = (struct iovec *) &iv;
278 msg.msg_iovlen = 2;
279
280 l2cap_chan_send(chan, &msg, 1 + len);
281
282 if (!chan->data)
283 return;
284
285 smp = chan->data;
286
287 cancel_delayed_work_sync(&smp->security_timer);
288 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
289 }
290
291 static __u8 authreq_to_seclevel(__u8 authreq)
292 {
293 if (authreq & SMP_AUTH_MITM)
294 return BT_SECURITY_HIGH;
295 else
296 return BT_SECURITY_MEDIUM;
297 }
298
299 static __u8 seclevel_to_authreq(__u8 sec_level)
300 {
301 switch (sec_level) {
302 case BT_SECURITY_HIGH:
303 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
304 case BT_SECURITY_MEDIUM:
305 return SMP_AUTH_BONDING;
306 default:
307 return SMP_AUTH_NONE;
308 }
309 }
310
311 static void build_pairing_cmd(struct l2cap_conn *conn,
312 struct smp_cmd_pairing *req,
313 struct smp_cmd_pairing *rsp, __u8 authreq)
314 {
315 struct l2cap_chan *chan = conn->smp;
316 struct smp_chan *smp = chan->data;
317 struct hci_conn *hcon = conn->hcon;
318 struct hci_dev *hdev = hcon->hdev;
319 u8 local_dist = 0, remote_dist = 0;
320
321 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
322 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
323 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 authreq |= SMP_AUTH_BONDING;
325 } else {
326 authreq &= ~SMP_AUTH_BONDING;
327 }
328
329 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
330 remote_dist |= SMP_DIST_ID_KEY;
331
332 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
333 local_dist |= SMP_DIST_ID_KEY;
334
335 if (rsp == NULL) {
336 req->io_capability = conn->hcon->io_capability;
337 req->oob_flag = SMP_OOB_NOT_PRESENT;
338 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 req->init_key_dist = local_dist;
340 req->resp_key_dist = remote_dist;
341 req->auth_req = (authreq & AUTH_REQ_MASK);
342
343 smp->remote_key_dist = remote_dist;
344 return;
345 }
346
347 rsp->io_capability = conn->hcon->io_capability;
348 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
349 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
350 rsp->init_key_dist = req->init_key_dist & remote_dist;
351 rsp->resp_key_dist = req->resp_key_dist & local_dist;
352 rsp->auth_req = (authreq & AUTH_REQ_MASK);
353
354 smp->remote_key_dist = rsp->init_key_dist;
355 }
356
357 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
358 {
359 struct l2cap_chan *chan = conn->smp;
360 struct smp_chan *smp = chan->data;
361
362 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
363 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
364 return SMP_ENC_KEY_SIZE;
365
366 smp->enc_key_size = max_key_size;
367
368 return 0;
369 }
370
371 static void smp_chan_destroy(struct l2cap_conn *conn)
372 {
373 struct l2cap_chan *chan = conn->smp;
374 struct smp_chan *smp = chan->data;
375 bool complete;
376
377 BUG_ON(!smp);
378
379 cancel_delayed_work_sync(&smp->security_timer);
380
381 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
382 mgmt_smp_complete(conn->hcon, complete);
383
384 kfree(smp->csrk);
385 kfree(smp->slave_csrk);
386
387 crypto_free_blkcipher(smp->tfm_aes);
388
389 /* If pairing failed clean up any keys we might have */
390 if (!complete) {
391 if (smp->ltk) {
392 list_del(&smp->ltk->list);
393 kfree(smp->ltk);
394 }
395
396 if (smp->slave_ltk) {
397 list_del(&smp->slave_ltk->list);
398 kfree(smp->slave_ltk);
399 }
400
401 if (smp->remote_irk) {
402 list_del(&smp->remote_irk->list);
403 kfree(smp->remote_irk);
404 }
405 }
406
407 chan->data = NULL;
408 kfree(smp);
409 hci_conn_drop(conn->hcon);
410 }
411
412 static void smp_failure(struct l2cap_conn *conn, u8 reason)
413 {
414 struct hci_conn *hcon = conn->hcon;
415 struct l2cap_chan *chan = conn->smp;
416
417 if (reason)
418 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
419 &reason);
420
421 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
422 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
423
424 if (chan->data)
425 smp_chan_destroy(conn);
426 }
427
428 #define JUST_WORKS 0x00
429 #define JUST_CFM 0x01
430 #define REQ_PASSKEY 0x02
431 #define CFM_PASSKEY 0x03
432 #define REQ_OOB 0x04
433 #define OVERLAP 0xFF
434
435 static const u8 gen_method[5][5] = {
436 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
437 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
438 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
439 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
440 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
441 };
442
443 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
444 {
445 /* If either side has unknown io_caps, use JUST_CFM (which gets
446 * converted later to JUST_WORKS if we're initiators.
447 */
448 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
449 remote_io > SMP_IO_KEYBOARD_DISPLAY)
450 return JUST_CFM;
451
452 return gen_method[remote_io][local_io];
453 }
454
455 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
456 u8 local_io, u8 remote_io)
457 {
458 struct hci_conn *hcon = conn->hcon;
459 struct l2cap_chan *chan = conn->smp;
460 struct smp_chan *smp = chan->data;
461 u8 method;
462 u32 passkey = 0;
463 int ret = 0;
464
465 /* Initialize key for JUST WORKS */
466 memset(smp->tk, 0, sizeof(smp->tk));
467 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
468
469 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
470
471 /* If neither side wants MITM, either "just" confirm an incoming
472 * request or use just-works for outgoing ones. The JUST_CFM
473 * will be converted to JUST_WORKS if necessary later in this
474 * function. If either side has MITM look up the method from the
475 * table.
476 */
477 if (!(auth & SMP_AUTH_MITM))
478 method = JUST_CFM;
479 else
480 method = get_auth_method(smp, local_io, remote_io);
481
482 /* Don't confirm locally initiated pairing attempts */
483 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
484 method = JUST_WORKS;
485
486 /* Don't bother user space with no IO capabilities */
487 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
488 method = JUST_WORKS;
489
490 /* If Just Works, Continue with Zero TK */
491 if (method == JUST_WORKS) {
492 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
493 return 0;
494 }
495
496 /* Not Just Works/Confirm results in MITM Authentication */
497 if (method != JUST_CFM) {
498 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
499 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
500 hcon->pending_sec_level = BT_SECURITY_HIGH;
501 }
502
503 /* If both devices have Keyoard-Display I/O, the master
504 * Confirms and the slave Enters the passkey.
505 */
506 if (method == OVERLAP) {
507 if (hcon->role == HCI_ROLE_MASTER)
508 method = CFM_PASSKEY;
509 else
510 method = REQ_PASSKEY;
511 }
512
513 /* Generate random passkey. */
514 if (method == CFM_PASSKEY) {
515 memset(smp->tk, 0, sizeof(smp->tk));
516 get_random_bytes(&passkey, sizeof(passkey));
517 passkey %= 1000000;
518 put_unaligned_le32(passkey, smp->tk);
519 BT_DBG("PassKey: %d", passkey);
520 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
521 }
522
523 hci_dev_lock(hcon->hdev);
524
525 if (method == REQ_PASSKEY)
526 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
527 hcon->type, hcon->dst_type);
528 else if (method == JUST_CFM)
529 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
530 hcon->type, hcon->dst_type,
531 passkey, 1);
532 else
533 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
534 hcon->type, hcon->dst_type,
535 passkey, 0);
536
537 hci_dev_unlock(hcon->hdev);
538
539 return ret;
540 }
541
542 static u8 smp_confirm(struct smp_chan *smp)
543 {
544 struct l2cap_conn *conn = smp->conn;
545 struct smp_cmd_pairing_confirm cp;
546 int ret;
547
548 BT_DBG("conn %p", conn);
549
550 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
551 conn->hcon->init_addr_type, &conn->hcon->init_addr,
552 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
553 cp.confirm_val);
554 if (ret)
555 return SMP_UNSPECIFIED;
556
557 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
558
559 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
560
561 if (conn->hcon->out)
562 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
563 else
564 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
565
566 return 0;
567 }
568
569 static u8 smp_random(struct smp_chan *smp)
570 {
571 struct l2cap_conn *conn = smp->conn;
572 struct hci_conn *hcon = conn->hcon;
573 u8 confirm[16];
574 int ret;
575
576 if (IS_ERR_OR_NULL(smp->tfm_aes))
577 return SMP_UNSPECIFIED;
578
579 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
580
581 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
582 hcon->init_addr_type, &hcon->init_addr,
583 hcon->resp_addr_type, &hcon->resp_addr, confirm);
584 if (ret)
585 return SMP_UNSPECIFIED;
586
587 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
588 BT_ERR("Pairing failed (confirmation values mismatch)");
589 return SMP_CONFIRM_FAILED;
590 }
591
592 if (hcon->out) {
593 u8 stk[16];
594 __le64 rand = 0;
595 __le16 ediv = 0;
596
597 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
598
599 memset(stk + smp->enc_key_size, 0,
600 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
601
602 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
603 return SMP_UNSPECIFIED;
604
605 hci_le_start_enc(hcon, ediv, rand, stk);
606 hcon->enc_key_size = smp->enc_key_size;
607 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
608 } else {
609 u8 stk[16], auth;
610 __le64 rand = 0;
611 __le16 ediv = 0;
612
613 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
614 smp->prnd);
615
616 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
617
618 memset(stk + smp->enc_key_size, 0,
619 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
620
621 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
622 auth = 1;
623 else
624 auth = 0;
625
626 /* Even though there's no _SLAVE suffix this is the
627 * slave STK we're adding for later lookup (the master
628 * STK never needs to be stored).
629 */
630 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
631 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
632 }
633
634 return 0;
635 }
636
637 static void smp_notify_keys(struct l2cap_conn *conn)
638 {
639 struct l2cap_chan *chan = conn->smp;
640 struct smp_chan *smp = chan->data;
641 struct hci_conn *hcon = conn->hcon;
642 struct hci_dev *hdev = hcon->hdev;
643 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
644 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
645 bool persistent;
646
647 if (smp->remote_irk) {
648 mgmt_new_irk(hdev, smp->remote_irk);
649 /* Now that user space can be considered to know the
650 * identity address track the connection based on it
651 * from now on.
652 */
653 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
654 hcon->dst_type = smp->remote_irk->addr_type;
655 queue_work(hdev->workqueue, &conn->id_addr_update_work);
656
657 /* When receiving an indentity resolving key for
658 * a remote device that does not use a resolvable
659 * private address, just remove the key so that
660 * it is possible to use the controller white
661 * list for scanning.
662 *
663 * Userspace will have been told to not store
664 * this key at this point. So it is safe to
665 * just remove it.
666 */
667 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
668 list_del(&smp->remote_irk->list);
669 kfree(smp->remote_irk);
670 smp->remote_irk = NULL;
671 }
672 }
673
674 /* The LTKs and CSRKs should be persistent only if both sides
675 * had the bonding bit set in their authentication requests.
676 */
677 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
678
679 if (smp->csrk) {
680 smp->csrk->bdaddr_type = hcon->dst_type;
681 bacpy(&smp->csrk->bdaddr, &hcon->dst);
682 mgmt_new_csrk(hdev, smp->csrk, persistent);
683 }
684
685 if (smp->slave_csrk) {
686 smp->slave_csrk->bdaddr_type = hcon->dst_type;
687 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
688 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
689 }
690
691 if (smp->ltk) {
692 smp->ltk->bdaddr_type = hcon->dst_type;
693 bacpy(&smp->ltk->bdaddr, &hcon->dst);
694 mgmt_new_ltk(hdev, smp->ltk, persistent);
695 }
696
697 if (smp->slave_ltk) {
698 smp->slave_ltk->bdaddr_type = hcon->dst_type;
699 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
700 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
701 }
702 }
703
704 static void smp_allow_key_dist(struct smp_chan *smp)
705 {
706 /* Allow the first expected phase 3 PDU. The rest of the PDUs
707 * will be allowed in each PDU handler to ensure we receive
708 * them in the correct order.
709 */
710 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
711 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
712 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
713 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
714 else if (smp->remote_key_dist & SMP_DIST_SIGN)
715 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
716 }
717
718 static void smp_distribute_keys(struct smp_chan *smp)
719 {
720 struct smp_cmd_pairing *req, *rsp;
721 struct l2cap_conn *conn = smp->conn;
722 struct hci_conn *hcon = conn->hcon;
723 struct hci_dev *hdev = hcon->hdev;
724 __u8 *keydist;
725
726 BT_DBG("conn %p", conn);
727
728 rsp = (void *) &smp->prsp[1];
729
730 /* The responder sends its keys first */
731 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
732 smp_allow_key_dist(smp);
733 return;
734 }
735
736 req = (void *) &smp->preq[1];
737
738 if (hcon->out) {
739 keydist = &rsp->init_key_dist;
740 *keydist &= req->init_key_dist;
741 } else {
742 keydist = &rsp->resp_key_dist;
743 *keydist &= req->resp_key_dist;
744 }
745
746 BT_DBG("keydist 0x%x", *keydist);
747
748 if (*keydist & SMP_DIST_ENC_KEY) {
749 struct smp_cmd_encrypt_info enc;
750 struct smp_cmd_master_ident ident;
751 struct smp_ltk *ltk;
752 u8 authenticated;
753 __le16 ediv;
754 __le64 rand;
755
756 get_random_bytes(enc.ltk, sizeof(enc.ltk));
757 get_random_bytes(&ediv, sizeof(ediv));
758 get_random_bytes(&rand, sizeof(rand));
759
760 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
761
762 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
763 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
764 SMP_LTK_SLAVE, authenticated, enc.ltk,
765 smp->enc_key_size, ediv, rand);
766 smp->slave_ltk = ltk;
767
768 ident.ediv = ediv;
769 ident.rand = rand;
770
771 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
772
773 *keydist &= ~SMP_DIST_ENC_KEY;
774 }
775
776 if (*keydist & SMP_DIST_ID_KEY) {
777 struct smp_cmd_ident_addr_info addrinfo;
778 struct smp_cmd_ident_info idinfo;
779
780 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
781
782 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
783
784 /* The hci_conn contains the local identity address
785 * after the connection has been established.
786 *
787 * This is true even when the connection has been
788 * established using a resolvable random address.
789 */
790 bacpy(&addrinfo.bdaddr, &hcon->src);
791 addrinfo.addr_type = hcon->src_type;
792
793 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
794 &addrinfo);
795
796 *keydist &= ~SMP_DIST_ID_KEY;
797 }
798
799 if (*keydist & SMP_DIST_SIGN) {
800 struct smp_cmd_sign_info sign;
801 struct smp_csrk *csrk;
802
803 /* Generate a new random key */
804 get_random_bytes(sign.csrk, sizeof(sign.csrk));
805
806 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
807 if (csrk) {
808 csrk->master = 0x00;
809 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
810 }
811 smp->slave_csrk = csrk;
812
813 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
814
815 *keydist &= ~SMP_DIST_SIGN;
816 }
817
818 /* If there are still keys to be received wait for them */
819 if (smp->remote_key_dist & KEY_DIST_MASK) {
820 smp_allow_key_dist(smp);
821 return;
822 }
823
824 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
825 smp_notify_keys(conn);
826
827 smp_chan_destroy(conn);
828 }
829
830 static void smp_timeout(struct work_struct *work)
831 {
832 struct smp_chan *smp = container_of(work, struct smp_chan,
833 security_timer.work);
834 struct l2cap_conn *conn = smp->conn;
835
836 BT_DBG("conn %p", conn);
837
838 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
839 }
840
841 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
842 {
843 struct l2cap_chan *chan = conn->smp;
844 struct smp_chan *smp;
845
846 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
847 if (!smp)
848 return NULL;
849
850 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
851 if (IS_ERR(smp->tfm_aes)) {
852 BT_ERR("Unable to create ECB crypto context");
853 kfree(smp);
854 return NULL;
855 }
856
857 smp->conn = conn;
858 chan->data = smp;
859
860 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
861
862 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
863
864 hci_conn_hold(conn->hcon);
865
866 return smp;
867 }
868
869 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
870 {
871 struct l2cap_conn *conn = hcon->l2cap_data;
872 struct l2cap_chan *chan;
873 struct smp_chan *smp;
874 u32 value;
875 int err;
876
877 BT_DBG("");
878
879 if (!conn)
880 return -ENOTCONN;
881
882 chan = conn->smp;
883 if (!chan)
884 return -ENOTCONN;
885
886 l2cap_chan_lock(chan);
887 if (!chan->data) {
888 err = -ENOTCONN;
889 goto unlock;
890 }
891
892 smp = chan->data;
893
894 switch (mgmt_op) {
895 case MGMT_OP_USER_PASSKEY_REPLY:
896 value = le32_to_cpu(passkey);
897 memset(smp->tk, 0, sizeof(smp->tk));
898 BT_DBG("PassKey: %d", value);
899 put_unaligned_le32(value, smp->tk);
900 /* Fall Through */
901 case MGMT_OP_USER_CONFIRM_REPLY:
902 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
903 break;
904 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
905 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
906 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
907 err = 0;
908 goto unlock;
909 default:
910 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
911 err = -EOPNOTSUPP;
912 goto unlock;
913 }
914
915 err = 0;
916
917 /* If it is our turn to send Pairing Confirm, do so now */
918 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
919 u8 rsp = smp_confirm(smp);
920 if (rsp)
921 smp_failure(conn, rsp);
922 }
923
924 unlock:
925 l2cap_chan_unlock(chan);
926 return err;
927 }
928
929 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
930 {
931 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
932 struct l2cap_chan *chan = conn->smp;
933 struct hci_dev *hdev = conn->hcon->hdev;
934 struct smp_chan *smp;
935 u8 key_size, auth, sec_level;
936 int ret;
937
938 BT_DBG("conn %p", conn);
939
940 if (skb->len < sizeof(*req))
941 return SMP_INVALID_PARAMS;
942
943 if (conn->hcon->role != HCI_ROLE_SLAVE)
944 return SMP_CMD_NOTSUPP;
945
946 if (!chan->data)
947 smp = smp_chan_create(conn);
948 else
949 smp = chan->data;
950
951 if (!smp)
952 return SMP_UNSPECIFIED;
953
954 /* We didn't start the pairing, so match remote */
955 auth = req->auth_req & AUTH_REQ_MASK;
956
957 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
958 (auth & SMP_AUTH_BONDING))
959 return SMP_PAIRING_NOTSUPP;
960
961 smp->preq[0] = SMP_CMD_PAIRING_REQ;
962 memcpy(&smp->preq[1], req, sizeof(*req));
963 skb_pull(skb, sizeof(*req));
964
965 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
966 sec_level = BT_SECURITY_MEDIUM;
967 else
968 sec_level = authreq_to_seclevel(auth);
969
970 if (sec_level > conn->hcon->pending_sec_level)
971 conn->hcon->pending_sec_level = sec_level;
972
973 /* If we need MITM check that it can be acheived */
974 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
975 u8 method;
976
977 method = get_auth_method(smp, conn->hcon->io_capability,
978 req->io_capability);
979 if (method == JUST_WORKS || method == JUST_CFM)
980 return SMP_AUTH_REQUIREMENTS;
981 }
982
983 build_pairing_cmd(conn, req, &rsp, auth);
984
985 key_size = min(req->max_key_size, rsp.max_key_size);
986 if (check_enc_key_size(conn, key_size))
987 return SMP_ENC_KEY_SIZE;
988
989 get_random_bytes(smp->prnd, sizeof(smp->prnd));
990
991 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
992 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
993
994 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
995 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
996
997 /* Request setup of TK */
998 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
999 if (ret)
1000 return SMP_UNSPECIFIED;
1001
1002 return 0;
1003 }
1004
1005 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1006 {
1007 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1008 struct l2cap_chan *chan = conn->smp;
1009 struct smp_chan *smp = chan->data;
1010 u8 key_size, auth;
1011 int ret;
1012
1013 BT_DBG("conn %p", conn);
1014
1015 if (skb->len < sizeof(*rsp))
1016 return SMP_INVALID_PARAMS;
1017
1018 if (conn->hcon->role != HCI_ROLE_MASTER)
1019 return SMP_CMD_NOTSUPP;
1020
1021 skb_pull(skb, sizeof(*rsp));
1022
1023 req = (void *) &smp->preq[1];
1024
1025 key_size = min(req->max_key_size, rsp->max_key_size);
1026 if (check_enc_key_size(conn, key_size))
1027 return SMP_ENC_KEY_SIZE;
1028
1029 auth = rsp->auth_req & AUTH_REQ_MASK;
1030
1031 /* If we need MITM check that it can be acheived */
1032 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1033 u8 method;
1034
1035 method = get_auth_method(smp, req->io_capability,
1036 rsp->io_capability);
1037 if (method == JUST_WORKS || method == JUST_CFM)
1038 return SMP_AUTH_REQUIREMENTS;
1039 }
1040
1041 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1042
1043 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1044 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1045
1046 /* Update remote key distribution in case the remote cleared
1047 * some bits that we had enabled in our request.
1048 */
1049 smp->remote_key_dist &= rsp->resp_key_dist;
1050
1051 auth |= req->auth_req;
1052
1053 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1054 if (ret)
1055 return SMP_UNSPECIFIED;
1056
1057 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1058
1059 /* Can't compose response until we have been confirmed */
1060 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1061 return smp_confirm(smp);
1062
1063 return 0;
1064 }
1065
1066 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1067 {
1068 struct l2cap_chan *chan = conn->smp;
1069 struct smp_chan *smp = chan->data;
1070
1071 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1072
1073 if (skb->len < sizeof(smp->pcnf))
1074 return SMP_INVALID_PARAMS;
1075
1076 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1077 skb_pull(skb, sizeof(smp->pcnf));
1078
1079 if (conn->hcon->out) {
1080 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1081 smp->prnd);
1082 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1083 return 0;
1084 }
1085
1086 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1087 return smp_confirm(smp);
1088 else
1089 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1090
1091 return 0;
1092 }
1093
1094 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1095 {
1096 struct l2cap_chan *chan = conn->smp;
1097 struct smp_chan *smp = chan->data;
1098
1099 BT_DBG("conn %p", conn);
1100
1101 if (skb->len < sizeof(smp->rrnd))
1102 return SMP_INVALID_PARAMS;
1103
1104 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1105 skb_pull(skb, sizeof(smp->rrnd));
1106
1107 return smp_random(smp);
1108 }
1109
1110 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1111 {
1112 struct smp_ltk *key;
1113 struct hci_conn *hcon = conn->hcon;
1114
1115 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1116 hcon->role);
1117 if (!key)
1118 return false;
1119
1120 if (smp_ltk_sec_level(key) < sec_level)
1121 return false;
1122
1123 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1124 return true;
1125
1126 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1127 hcon->enc_key_size = key->enc_size;
1128
1129 /* We never store STKs for master role, so clear this flag */
1130 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1131
1132 return true;
1133 }
1134
1135 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1136 {
1137 if (sec_level == BT_SECURITY_LOW)
1138 return true;
1139
1140 /* If we're encrypted with an STK always claim insufficient
1141 * security. This way we allow the connection to be re-encrypted
1142 * with an LTK, even if the LTK provides the same level of
1143 * security. Only exception is if we don't have an LTK (e.g.
1144 * because of key distribution bits).
1145 */
1146 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1147 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1148 hcon->role))
1149 return false;
1150
1151 if (hcon->sec_level >= sec_level)
1152 return true;
1153
1154 return false;
1155 }
1156
1157 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1158 {
1159 struct smp_cmd_security_req *rp = (void *) skb->data;
1160 struct smp_cmd_pairing cp;
1161 struct hci_conn *hcon = conn->hcon;
1162 struct smp_chan *smp;
1163 u8 sec_level, auth;
1164
1165 BT_DBG("conn %p", conn);
1166
1167 if (skb->len < sizeof(*rp))
1168 return SMP_INVALID_PARAMS;
1169
1170 if (hcon->role != HCI_ROLE_MASTER)
1171 return SMP_CMD_NOTSUPP;
1172
1173 auth = rp->auth_req & AUTH_REQ_MASK;
1174
1175 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1176 sec_level = BT_SECURITY_MEDIUM;
1177 else
1178 sec_level = authreq_to_seclevel(auth);
1179
1180 if (smp_sufficient_security(hcon, sec_level))
1181 return 0;
1182
1183 if (sec_level > hcon->pending_sec_level)
1184 hcon->pending_sec_level = sec_level;
1185
1186 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1187 return 0;
1188
1189 smp = smp_chan_create(conn);
1190 if (!smp)
1191 return SMP_UNSPECIFIED;
1192
1193 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1194 (auth & SMP_AUTH_BONDING))
1195 return SMP_PAIRING_NOTSUPP;
1196
1197 skb_pull(skb, sizeof(*rp));
1198
1199 memset(&cp, 0, sizeof(cp));
1200 build_pairing_cmd(conn, &cp, NULL, auth);
1201
1202 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1203 memcpy(&smp->preq[1], &cp, sizeof(cp));
1204
1205 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1206 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1207
1208 return 0;
1209 }
1210
1211 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1212 {
1213 struct l2cap_conn *conn = hcon->l2cap_data;
1214 struct l2cap_chan *chan;
1215 struct smp_chan *smp;
1216 __u8 authreq;
1217 int ret;
1218
1219 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1220
1221 /* This may be NULL if there's an unexpected disconnection */
1222 if (!conn)
1223 return 1;
1224
1225 chan = conn->smp;
1226
1227 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1228 return 1;
1229
1230 if (smp_sufficient_security(hcon, sec_level))
1231 return 1;
1232
1233 if (sec_level > hcon->pending_sec_level)
1234 hcon->pending_sec_level = sec_level;
1235
1236 if (hcon->role == HCI_ROLE_MASTER)
1237 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1238 return 0;
1239
1240 l2cap_chan_lock(chan);
1241
1242 /* If SMP is already in progress ignore this request */
1243 if (chan->data) {
1244 ret = 0;
1245 goto unlock;
1246 }
1247
1248 smp = smp_chan_create(conn);
1249 if (!smp) {
1250 ret = 1;
1251 goto unlock;
1252 }
1253
1254 authreq = seclevel_to_authreq(sec_level);
1255
1256 /* Require MITM if IO Capability allows or the security level
1257 * requires it.
1258 */
1259 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1260 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1261 authreq |= SMP_AUTH_MITM;
1262
1263 if (hcon->role == HCI_ROLE_MASTER) {
1264 struct smp_cmd_pairing cp;
1265
1266 build_pairing_cmd(conn, &cp, NULL, authreq);
1267 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1268 memcpy(&smp->preq[1], &cp, sizeof(cp));
1269
1270 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1271 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1272 } else {
1273 struct smp_cmd_security_req cp;
1274 cp.auth_req = authreq;
1275 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1276 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1277 }
1278
1279 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1280 ret = 0;
1281
1282 unlock:
1283 l2cap_chan_unlock(chan);
1284 return ret;
1285 }
1286
1287 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1288 {
1289 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1290 struct l2cap_chan *chan = conn->smp;
1291 struct smp_chan *smp = chan->data;
1292
1293 BT_DBG("conn %p", conn);
1294
1295 if (skb->len < sizeof(*rp))
1296 return SMP_INVALID_PARAMS;
1297
1298 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1299
1300 skb_pull(skb, sizeof(*rp));
1301
1302 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1303
1304 return 0;
1305 }
1306
1307 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1308 {
1309 struct smp_cmd_master_ident *rp = (void *) skb->data;
1310 struct l2cap_chan *chan = conn->smp;
1311 struct smp_chan *smp = chan->data;
1312 struct hci_dev *hdev = conn->hcon->hdev;
1313 struct hci_conn *hcon = conn->hcon;
1314 struct smp_ltk *ltk;
1315 u8 authenticated;
1316
1317 BT_DBG("conn %p", conn);
1318
1319 if (skb->len < sizeof(*rp))
1320 return SMP_INVALID_PARAMS;
1321
1322 /* Mark the information as received */
1323 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1324
1325 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1326 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1327 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1328 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1329
1330 skb_pull(skb, sizeof(*rp));
1331
1332 hci_dev_lock(hdev);
1333 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1334 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1335 authenticated, smp->tk, smp->enc_key_size,
1336 rp->ediv, rp->rand);
1337 smp->ltk = ltk;
1338 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1339 smp_distribute_keys(smp);
1340 hci_dev_unlock(hdev);
1341
1342 return 0;
1343 }
1344
1345 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1346 {
1347 struct smp_cmd_ident_info *info = (void *) skb->data;
1348 struct l2cap_chan *chan = conn->smp;
1349 struct smp_chan *smp = chan->data;
1350
1351 BT_DBG("");
1352
1353 if (skb->len < sizeof(*info))
1354 return SMP_INVALID_PARAMS;
1355
1356 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1357
1358 skb_pull(skb, sizeof(*info));
1359
1360 memcpy(smp->irk, info->irk, 16);
1361
1362 return 0;
1363 }
1364
1365 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1366 struct sk_buff *skb)
1367 {
1368 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1369 struct l2cap_chan *chan = conn->smp;
1370 struct smp_chan *smp = chan->data;
1371 struct hci_conn *hcon = conn->hcon;
1372 bdaddr_t rpa;
1373
1374 BT_DBG("");
1375
1376 if (skb->len < sizeof(*info))
1377 return SMP_INVALID_PARAMS;
1378
1379 /* Mark the information as received */
1380 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1381
1382 if (smp->remote_key_dist & SMP_DIST_SIGN)
1383 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1384
1385 skb_pull(skb, sizeof(*info));
1386
1387 hci_dev_lock(hcon->hdev);
1388
1389 /* Strictly speaking the Core Specification (4.1) allows sending
1390 * an empty address which would force us to rely on just the IRK
1391 * as "identity information". However, since such
1392 * implementations are not known of and in order to not over
1393 * complicate our implementation, simply pretend that we never
1394 * received an IRK for such a device.
1395 */
1396 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1397 BT_ERR("Ignoring IRK with no identity address");
1398 goto distribute;
1399 }
1400
1401 bacpy(&smp->id_addr, &info->bdaddr);
1402 smp->id_addr_type = info->addr_type;
1403
1404 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1405 bacpy(&rpa, &hcon->dst);
1406 else
1407 bacpy(&rpa, BDADDR_ANY);
1408
1409 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1410 smp->id_addr_type, smp->irk, &rpa);
1411
1412 distribute:
1413 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1414 smp_distribute_keys(smp);
1415
1416 hci_dev_unlock(hcon->hdev);
1417
1418 return 0;
1419 }
1420
1421 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1422 {
1423 struct smp_cmd_sign_info *rp = (void *) skb->data;
1424 struct l2cap_chan *chan = conn->smp;
1425 struct smp_chan *smp = chan->data;
1426 struct hci_dev *hdev = conn->hcon->hdev;
1427 struct smp_csrk *csrk;
1428
1429 BT_DBG("conn %p", conn);
1430
1431 if (skb->len < sizeof(*rp))
1432 return SMP_INVALID_PARAMS;
1433
1434 /* Mark the information as received */
1435 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1436
1437 skb_pull(skb, sizeof(*rp));
1438
1439 hci_dev_lock(hdev);
1440 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1441 if (csrk) {
1442 csrk->master = 0x01;
1443 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1444 }
1445 smp->csrk = csrk;
1446 smp_distribute_keys(smp);
1447 hci_dev_unlock(hdev);
1448
1449 return 0;
1450 }
1451
1452 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1453 {
1454 struct l2cap_conn *conn = chan->conn;
1455 struct hci_conn *hcon = conn->hcon;
1456 struct smp_chan *smp;
1457 __u8 code, reason;
1458 int err = 0;
1459
1460 if (hcon->type != LE_LINK) {
1461 kfree_skb(skb);
1462 return 0;
1463 }
1464
1465 if (skb->len < 1)
1466 return -EILSEQ;
1467
1468 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1469 reason = SMP_PAIRING_NOTSUPP;
1470 goto done;
1471 }
1472
1473 code = skb->data[0];
1474 skb_pull(skb, sizeof(code));
1475
1476 smp = chan->data;
1477
1478 if (code > SMP_CMD_MAX)
1479 goto drop;
1480
1481 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1482 goto drop;
1483
1484 /* If we don't have a context the only allowed commands are
1485 * pairing request and security request.
1486 */
1487 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1488 goto drop;
1489
1490 switch (code) {
1491 case SMP_CMD_PAIRING_REQ:
1492 reason = smp_cmd_pairing_req(conn, skb);
1493 break;
1494
1495 case SMP_CMD_PAIRING_FAIL:
1496 smp_failure(conn, 0);
1497 err = -EPERM;
1498 break;
1499
1500 case SMP_CMD_PAIRING_RSP:
1501 reason = smp_cmd_pairing_rsp(conn, skb);
1502 break;
1503
1504 case SMP_CMD_SECURITY_REQ:
1505 reason = smp_cmd_security_req(conn, skb);
1506 break;
1507
1508 case SMP_CMD_PAIRING_CONFIRM:
1509 reason = smp_cmd_pairing_confirm(conn, skb);
1510 break;
1511
1512 case SMP_CMD_PAIRING_RANDOM:
1513 reason = smp_cmd_pairing_random(conn, skb);
1514 break;
1515
1516 case SMP_CMD_ENCRYPT_INFO:
1517 reason = smp_cmd_encrypt_info(conn, skb);
1518 break;
1519
1520 case SMP_CMD_MASTER_IDENT:
1521 reason = smp_cmd_master_ident(conn, skb);
1522 break;
1523
1524 case SMP_CMD_IDENT_INFO:
1525 reason = smp_cmd_ident_info(conn, skb);
1526 break;
1527
1528 case SMP_CMD_IDENT_ADDR_INFO:
1529 reason = smp_cmd_ident_addr_info(conn, skb);
1530 break;
1531
1532 case SMP_CMD_SIGN_INFO:
1533 reason = smp_cmd_sign_info(conn, skb);
1534 break;
1535
1536 default:
1537 BT_DBG("Unknown command code 0x%2.2x", code);
1538 reason = SMP_CMD_NOTSUPP;
1539 goto done;
1540 }
1541
1542 done:
1543 if (!err) {
1544 if (reason)
1545 smp_failure(conn, reason);
1546 kfree_skb(skb);
1547 }
1548
1549 return err;
1550
1551 drop:
1552 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1553 code, &hcon->dst);
1554 kfree_skb(skb);
1555 return 0;
1556 }
1557
1558 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1559 {
1560 struct l2cap_conn *conn = chan->conn;
1561
1562 BT_DBG("chan %p", chan);
1563
1564 if (chan->data)
1565 smp_chan_destroy(conn);
1566
1567 conn->smp = NULL;
1568 l2cap_chan_put(chan);
1569 }
1570
1571 static void smp_resume_cb(struct l2cap_chan *chan)
1572 {
1573 struct smp_chan *smp = chan->data;
1574 struct l2cap_conn *conn = chan->conn;
1575 struct hci_conn *hcon = conn->hcon;
1576
1577 BT_DBG("chan %p", chan);
1578
1579 if (!smp)
1580 return;
1581
1582 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1583 return;
1584
1585 cancel_delayed_work(&smp->security_timer);
1586
1587 smp_distribute_keys(smp);
1588 }
1589
1590 static void smp_ready_cb(struct l2cap_chan *chan)
1591 {
1592 struct l2cap_conn *conn = chan->conn;
1593
1594 BT_DBG("chan %p", chan);
1595
1596 conn->smp = chan;
1597 l2cap_chan_hold(chan);
1598 }
1599
1600 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1601 {
1602 int err;
1603
1604 BT_DBG("chan %p", chan);
1605
1606 err = smp_sig_channel(chan, skb);
1607 if (err) {
1608 struct smp_chan *smp = chan->data;
1609
1610 if (smp)
1611 cancel_delayed_work_sync(&smp->security_timer);
1612
1613 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1614 }
1615
1616 return err;
1617 }
1618
1619 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1620 unsigned long hdr_len,
1621 unsigned long len, int nb)
1622 {
1623 struct sk_buff *skb;
1624
1625 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1626 if (!skb)
1627 return ERR_PTR(-ENOMEM);
1628
1629 skb->priority = HCI_PRIO_MAX;
1630 bt_cb(skb)->chan = chan;
1631
1632 return skb;
1633 }
1634
1635 static const struct l2cap_ops smp_chan_ops = {
1636 .name = "Security Manager",
1637 .ready = smp_ready_cb,
1638 .recv = smp_recv_cb,
1639 .alloc_skb = smp_alloc_skb_cb,
1640 .teardown = smp_teardown_cb,
1641 .resume = smp_resume_cb,
1642
1643 .new_connection = l2cap_chan_no_new_connection,
1644 .state_change = l2cap_chan_no_state_change,
1645 .close = l2cap_chan_no_close,
1646 .defer = l2cap_chan_no_defer,
1647 .suspend = l2cap_chan_no_suspend,
1648 .set_shutdown = l2cap_chan_no_set_shutdown,
1649 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1650 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1651 };
1652
1653 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1654 {
1655 struct l2cap_chan *chan;
1656
1657 BT_DBG("pchan %p", pchan);
1658
1659 chan = l2cap_chan_create();
1660 if (!chan)
1661 return NULL;
1662
1663 chan->chan_type = pchan->chan_type;
1664 chan->ops = &smp_chan_ops;
1665 chan->scid = pchan->scid;
1666 chan->dcid = chan->scid;
1667 chan->imtu = pchan->imtu;
1668 chan->omtu = pchan->omtu;
1669 chan->mode = pchan->mode;
1670
1671 BT_DBG("created chan %p", chan);
1672
1673 return chan;
1674 }
1675
1676 static const struct l2cap_ops smp_root_chan_ops = {
1677 .name = "Security Manager Root",
1678 .new_connection = smp_new_conn_cb,
1679
1680 /* None of these are implemented for the root channel */
1681 .close = l2cap_chan_no_close,
1682 .alloc_skb = l2cap_chan_no_alloc_skb,
1683 .recv = l2cap_chan_no_recv,
1684 .state_change = l2cap_chan_no_state_change,
1685 .teardown = l2cap_chan_no_teardown,
1686 .ready = l2cap_chan_no_ready,
1687 .defer = l2cap_chan_no_defer,
1688 .suspend = l2cap_chan_no_suspend,
1689 .resume = l2cap_chan_no_resume,
1690 .set_shutdown = l2cap_chan_no_set_shutdown,
1691 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1692 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1693 };
1694
1695 int smp_register(struct hci_dev *hdev)
1696 {
1697 struct l2cap_chan *chan;
1698 struct crypto_blkcipher *tfm_aes;
1699
1700 BT_DBG("%s", hdev->name);
1701
1702 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1703 if (IS_ERR(tfm_aes)) {
1704 int err = PTR_ERR(tfm_aes);
1705 BT_ERR("Unable to create crypto context");
1706 return err;
1707 }
1708
1709 chan = l2cap_chan_create();
1710 if (!chan) {
1711 crypto_free_blkcipher(tfm_aes);
1712 return -ENOMEM;
1713 }
1714
1715 chan->data = tfm_aes;
1716
1717 l2cap_add_scid(chan, L2CAP_CID_SMP);
1718
1719 l2cap_chan_set_defaults(chan);
1720
1721 bacpy(&chan->src, &hdev->bdaddr);
1722 chan->src_type = BDADDR_LE_PUBLIC;
1723 chan->state = BT_LISTEN;
1724 chan->mode = L2CAP_MODE_BASIC;
1725 chan->imtu = L2CAP_DEFAULT_MTU;
1726 chan->ops = &smp_root_chan_ops;
1727
1728 hdev->smp_data = chan;
1729
1730 return 0;
1731 }
1732
1733 void smp_unregister(struct hci_dev *hdev)
1734 {
1735 struct l2cap_chan *chan = hdev->smp_data;
1736 struct crypto_blkcipher *tfm_aes;
1737
1738 if (!chan)
1739 return;
1740
1741 BT_DBG("%s chan %p", hdev->name, chan);
1742
1743 tfm_aes = chan->data;
1744 if (tfm_aes) {
1745 chan->data = NULL;
1746 crypto_free_blkcipher(tfm_aes);
1747 }
1748
1749 hdev->smp_data = NULL;
1750 l2cap_chan_put(chan);
1751 }
Linux kernel - Deliverables
This page took 0.094747 seconds and 6 git commands to generate.