2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
50 struct l2cap_conn
*conn
;
51 struct delayed_work security_timer
;
52 unsigned long allow_cmd
; /* Bitmask of allowed commands */
54 u8 preq
[7]; /* SMP Pairing Request */
55 u8 prsp
[7]; /* SMP Pairing Response */
56 u8 prnd
[16]; /* SMP Pairing Random (local) */
57 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf
[16]; /* SMP Pairing Confirm */
59 u8 tk
[16]; /* SMP Temporary Key */
65 struct smp_csrk
*csrk
;
66 struct smp_csrk
*slave_csrk
;
68 struct smp_ltk
*slave_ltk
;
69 struct smp_irk
*remote_irk
;
72 struct crypto_blkcipher
*tfm_aes
;
75 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
79 for (i
= 0; i
< len
; i
++)
80 dst
[len
- 1 - i
] = src
[i
];
83 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
85 struct blkcipher_desc desc
;
86 struct scatterlist sg
;
87 uint8_t tmp
[16], data
[16];
91 BT_ERR("tfm %p", tfm
);
98 /* The most significant octet of key corresponds to k[0] */
101 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
103 BT_ERR("cipher setkey failed: %d", err
);
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r
, data
, 16);
110 sg_init_one(&sg
, data
, 16);
112 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
114 BT_ERR("Encrypt data error %d", err
);
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data
, r
, 16);
122 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
127 /* r' = padding || r */
129 memset(_res
+ 3, 0, 13);
131 err
= smp_e(tfm
, irk
, _res
);
133 BT_ERR("Encrypt error");
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
143 memcpy(res
, _res
, 3);
148 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
150 struct l2cap_chan
*chan
= hdev
->smp_data
;
151 struct crypto_blkcipher
*tfm
;
155 if (!chan
|| !chan
->data
)
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
162 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
166 return !memcmp(bdaddr
->b
, hash
, 3);
169 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
171 struct l2cap_chan
*chan
= hdev
->smp_data
;
172 struct crypto_blkcipher
*tfm
;
175 if (!chan
|| !chan
->data
)
180 get_random_bytes(&rpa
->b
[3], 3);
182 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
183 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
185 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
189 BT_DBG("RPA %pMR", rpa
);
194 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
195 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
196 bdaddr_t
*ra
, u8 res
[16])
203 /* p1 = pres || preq || _rat || _iat */
206 memcpy(p1
+ 2, preq
, 7);
207 memcpy(p1
+ 9, pres
, 7);
209 /* p2 = padding || ia || ra */
211 memcpy(p2
+ 6, ia
, 6);
212 memset(p2
+ 12, 0, 4);
215 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
217 /* res = e(k, res) */
218 err
= smp_e(tfm_aes
, k
, res
);
220 BT_ERR("Encrypt data error");
224 /* res = res XOR p2 */
225 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
227 /* res = e(k, res) */
228 err
= smp_e(tfm_aes
, k
, res
);
230 BT_ERR("Encrypt data error");
235 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
236 u8 r2
[16], u8 _r
[16])
240 /* Just least significant octets from r1 and r2 are considered */
242 memcpy(_r
+ 8, r1
, 8);
244 err
= smp_e(tfm_aes
, k
, _r
);
246 BT_ERR("Encrypt data error");
251 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
253 struct l2cap_chan
*chan
= conn
->smp
;
254 struct smp_chan
*smp
;
261 BT_DBG("code 0x%2.2x", code
);
263 iv
[0].iov_base
= &code
;
266 iv
[1].iov_base
= data
;
269 memset(&msg
, 0, sizeof(msg
));
271 msg
.msg_iov
= (struct iovec
*) &iv
;
274 l2cap_chan_send(chan
, &msg
, 1 + len
);
281 cancel_delayed_work_sync(&smp
->security_timer
);
282 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
285 static __u8
authreq_to_seclevel(__u8 authreq
)
287 if (authreq
& SMP_AUTH_MITM
)
288 return BT_SECURITY_HIGH
;
290 return BT_SECURITY_MEDIUM
;
293 static __u8
seclevel_to_authreq(__u8 sec_level
)
296 case BT_SECURITY_HIGH
:
297 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
298 case BT_SECURITY_MEDIUM
:
299 return SMP_AUTH_BONDING
;
301 return SMP_AUTH_NONE
;
305 static void build_pairing_cmd(struct l2cap_conn
*conn
,
306 struct smp_cmd_pairing
*req
,
307 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
309 struct l2cap_chan
*chan
= conn
->smp
;
310 struct smp_chan
*smp
= chan
->data
;
311 struct hci_conn
*hcon
= conn
->hcon
;
312 struct hci_dev
*hdev
= hcon
->hdev
;
313 u8 local_dist
= 0, remote_dist
= 0;
315 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
316 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
317 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
318 authreq
|= SMP_AUTH_BONDING
;
320 authreq
&= ~SMP_AUTH_BONDING
;
323 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
324 remote_dist
|= SMP_DIST_ID_KEY
;
326 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
327 local_dist
|= SMP_DIST_ID_KEY
;
330 req
->io_capability
= conn
->hcon
->io_capability
;
331 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
332 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
333 req
->init_key_dist
= local_dist
;
334 req
->resp_key_dist
= remote_dist
;
335 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
337 smp
->remote_key_dist
= remote_dist
;
341 rsp
->io_capability
= conn
->hcon
->io_capability
;
342 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
343 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
344 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
345 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
346 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
348 smp
->remote_key_dist
= rsp
->init_key_dist
;
351 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
353 struct l2cap_chan
*chan
= conn
->smp
;
354 struct smp_chan
*smp
= chan
->data
;
356 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
357 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
358 return SMP_ENC_KEY_SIZE
;
360 smp
->enc_key_size
= max_key_size
;
365 static void smp_chan_destroy(struct l2cap_conn
*conn
)
367 struct l2cap_chan
*chan
= conn
->smp
;
368 struct smp_chan
*smp
= chan
->data
;
373 cancel_delayed_work_sync(&smp
->security_timer
);
375 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
376 mgmt_smp_complete(conn
->hcon
, complete
);
379 kfree(smp
->slave_csrk
);
381 crypto_free_blkcipher(smp
->tfm_aes
);
383 /* If pairing failed clean up any keys we might have */
386 list_del_rcu(&smp
->ltk
->list
);
387 kfree_rcu(smp
->ltk
, rcu
);
390 if (smp
->slave_ltk
) {
391 list_del_rcu(&smp
->slave_ltk
->list
);
392 kfree_rcu(smp
->slave_ltk
, rcu
);
395 if (smp
->remote_irk
) {
396 list_del_rcu(&smp
->remote_irk
->list
);
397 kfree_rcu(smp
->remote_irk
, rcu
);
403 hci_conn_drop(conn
->hcon
);
406 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
408 struct hci_conn
*hcon
= conn
->hcon
;
409 struct l2cap_chan
*chan
= conn
->smp
;
412 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
415 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
416 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
419 smp_chan_destroy(conn
);
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
429 static const u8 gen_method
[5][5] = {
430 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
431 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
432 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
433 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
434 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
437 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
442 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
443 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
446 return gen_method
[remote_io
][local_io
];
449 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
450 u8 local_io
, u8 remote_io
)
452 struct hci_conn
*hcon
= conn
->hcon
;
453 struct l2cap_chan
*chan
= conn
->smp
;
454 struct smp_chan
*smp
= chan
->data
;
459 /* Initialize key for JUST WORKS */
460 memset(smp
->tk
, 0, sizeof(smp
->tk
));
461 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
471 if (!(auth
& SMP_AUTH_MITM
))
474 method
= get_auth_method(smp
, local_io
, remote_io
);
476 /* Don't confirm locally initiated pairing attempts */
477 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
480 /* Don't bother user space with no IO capabilities */
481 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
484 /* If Just Works, Continue with Zero TK */
485 if (method
== JUST_WORKS
) {
486 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method
!= JUST_CFM
) {
492 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
493 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
494 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
500 if (method
== OVERLAP
) {
501 if (hcon
->role
== HCI_ROLE_MASTER
)
502 method
= CFM_PASSKEY
;
504 method
= REQ_PASSKEY
;
507 /* Generate random passkey. */
508 if (method
== CFM_PASSKEY
) {
509 memset(smp
->tk
, 0, sizeof(smp
->tk
));
510 get_random_bytes(&passkey
, sizeof(passkey
));
512 put_unaligned_le32(passkey
, smp
->tk
);
513 BT_DBG("PassKey: %d", passkey
);
514 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
517 if (method
== REQ_PASSKEY
)
518 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
519 hcon
->type
, hcon
->dst_type
);
520 else if (method
== JUST_CFM
)
521 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
522 hcon
->type
, hcon
->dst_type
,
525 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
526 hcon
->type
, hcon
->dst_type
,
532 static u8
smp_confirm(struct smp_chan
*smp
)
534 struct l2cap_conn
*conn
= smp
->conn
;
535 struct smp_cmd_pairing_confirm cp
;
538 BT_DBG("conn %p", conn
);
540 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
541 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
542 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
545 return SMP_UNSPECIFIED
;
547 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
549 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
552 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
554 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
559 static u8
smp_random(struct smp_chan
*smp
)
561 struct l2cap_conn
*conn
= smp
->conn
;
562 struct hci_conn
*hcon
= conn
->hcon
;
566 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
567 return SMP_UNSPECIFIED
;
569 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
571 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
572 hcon
->init_addr_type
, &hcon
->init_addr
,
573 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
575 return SMP_UNSPECIFIED
;
577 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED
;
587 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
589 memset(stk
+ smp
->enc_key_size
, 0,
590 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
593 return SMP_UNSPECIFIED
;
595 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
596 hcon
->enc_key_size
= smp
->enc_key_size
;
597 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
603 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
606 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
608 memset(stk
+ smp
->enc_key_size
, 0,
609 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
611 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
620 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
621 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
627 static void smp_notify_keys(struct l2cap_conn
*conn
)
629 struct l2cap_chan
*chan
= conn
->smp
;
630 struct smp_chan
*smp
= chan
->data
;
631 struct hci_conn
*hcon
= conn
->hcon
;
632 struct hci_dev
*hdev
= hcon
->hdev
;
633 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
634 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
637 if (smp
->remote_irk
) {
638 mgmt_new_irk(hdev
, smp
->remote_irk
);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
643 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
644 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
645 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
657 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
658 list_del_rcu(&smp
->remote_irk
->list
);
659 kfree_rcu(smp
->remote_irk
, rcu
);
660 smp
->remote_irk
= NULL
;
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
667 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
670 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
671 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
672 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
675 if (smp
->slave_csrk
) {
676 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
677 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
678 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
682 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
683 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
684 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
687 if (smp
->slave_ltk
) {
688 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
689 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
690 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
694 static void smp_allow_key_dist(struct smp_chan
*smp
)
696 /* Allow the first expected phase 3 PDU. The rest of the PDUs
697 * will be allowed in each PDU handler to ensure we receive
698 * them in the correct order.
700 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
701 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
702 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
703 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
704 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
705 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
708 static void smp_distribute_keys(struct smp_chan
*smp
)
710 struct smp_cmd_pairing
*req
, *rsp
;
711 struct l2cap_conn
*conn
= smp
->conn
;
712 struct hci_conn
*hcon
= conn
->hcon
;
713 struct hci_dev
*hdev
= hcon
->hdev
;
716 BT_DBG("conn %p", conn
);
718 rsp
= (void *) &smp
->prsp
[1];
720 /* The responder sends its keys first */
721 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
722 smp_allow_key_dist(smp
);
726 req
= (void *) &smp
->preq
[1];
729 keydist
= &rsp
->init_key_dist
;
730 *keydist
&= req
->init_key_dist
;
732 keydist
= &rsp
->resp_key_dist
;
733 *keydist
&= req
->resp_key_dist
;
736 BT_DBG("keydist 0x%x", *keydist
);
738 if (*keydist
& SMP_DIST_ENC_KEY
) {
739 struct smp_cmd_encrypt_info enc
;
740 struct smp_cmd_master_ident ident
;
746 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
747 get_random_bytes(&ediv
, sizeof(ediv
));
748 get_random_bytes(&rand
, sizeof(rand
));
750 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
752 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
753 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
754 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
755 smp
->enc_key_size
, ediv
, rand
);
756 smp
->slave_ltk
= ltk
;
761 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
763 *keydist
&= ~SMP_DIST_ENC_KEY
;
766 if (*keydist
& SMP_DIST_ID_KEY
) {
767 struct smp_cmd_ident_addr_info addrinfo
;
768 struct smp_cmd_ident_info idinfo
;
770 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
772 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
774 /* The hci_conn contains the local identity address
775 * after the connection has been established.
777 * This is true even when the connection has been
778 * established using a resolvable random address.
780 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
781 addrinfo
.addr_type
= hcon
->src_type
;
783 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
786 *keydist
&= ~SMP_DIST_ID_KEY
;
789 if (*keydist
& SMP_DIST_SIGN
) {
790 struct smp_cmd_sign_info sign
;
791 struct smp_csrk
*csrk
;
793 /* Generate a new random key */
794 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
796 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
799 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
801 smp
->slave_csrk
= csrk
;
803 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
805 *keydist
&= ~SMP_DIST_SIGN
;
808 /* If there are still keys to be received wait for them */
809 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
810 smp_allow_key_dist(smp
);
814 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
815 smp_notify_keys(conn
);
817 smp_chan_destroy(conn
);
820 static void smp_timeout(struct work_struct
*work
)
822 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
823 security_timer
.work
);
824 struct l2cap_conn
*conn
= smp
->conn
;
826 BT_DBG("conn %p", conn
);
828 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
831 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
833 struct l2cap_chan
*chan
= conn
->smp
;
834 struct smp_chan
*smp
;
836 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
840 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
841 if (IS_ERR(smp
->tfm_aes
)) {
842 BT_ERR("Unable to create ECB crypto context");
850 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
852 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
854 hci_conn_hold(conn
->hcon
);
859 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
861 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
862 struct l2cap_chan
*chan
;
863 struct smp_chan
*smp
;
876 l2cap_chan_lock(chan
);
885 case MGMT_OP_USER_PASSKEY_REPLY
:
886 value
= le32_to_cpu(passkey
);
887 memset(smp
->tk
, 0, sizeof(smp
->tk
));
888 BT_DBG("PassKey: %d", value
);
889 put_unaligned_le32(value
, smp
->tk
);
891 case MGMT_OP_USER_CONFIRM_REPLY
:
892 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
894 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
895 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
896 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
900 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
907 /* If it is our turn to send Pairing Confirm, do so now */
908 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
909 u8 rsp
= smp_confirm(smp
);
911 smp_failure(conn
, rsp
);
915 l2cap_chan_unlock(chan
);
919 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
921 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
922 struct l2cap_chan
*chan
= conn
->smp
;
923 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
924 struct smp_chan
*smp
;
925 u8 key_size
, auth
, sec_level
;
928 BT_DBG("conn %p", conn
);
930 if (skb
->len
< sizeof(*req
))
931 return SMP_INVALID_PARAMS
;
933 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
934 return SMP_CMD_NOTSUPP
;
937 smp
= smp_chan_create(conn
);
942 return SMP_UNSPECIFIED
;
944 /* We didn't start the pairing, so match remote */
945 auth
= req
->auth_req
& AUTH_REQ_MASK
;
947 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
948 (auth
& SMP_AUTH_BONDING
))
949 return SMP_PAIRING_NOTSUPP
;
951 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
952 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
953 skb_pull(skb
, sizeof(*req
));
955 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
956 sec_level
= BT_SECURITY_MEDIUM
;
958 sec_level
= authreq_to_seclevel(auth
);
960 if (sec_level
> conn
->hcon
->pending_sec_level
)
961 conn
->hcon
->pending_sec_level
= sec_level
;
963 /* If we need MITM check that it can be achieved */
964 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
967 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
969 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
970 return SMP_AUTH_REQUIREMENTS
;
973 build_pairing_cmd(conn
, req
, &rsp
, auth
);
975 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
976 if (check_enc_key_size(conn
, key_size
))
977 return SMP_ENC_KEY_SIZE
;
979 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
981 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
982 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
984 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
985 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
987 /* Request setup of TK */
988 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
990 return SMP_UNSPECIFIED
;
995 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
997 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
998 struct l2cap_chan
*chan
= conn
->smp
;
999 struct smp_chan
*smp
= chan
->data
;
1003 BT_DBG("conn %p", conn
);
1005 if (skb
->len
< sizeof(*rsp
))
1006 return SMP_INVALID_PARAMS
;
1008 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1009 return SMP_CMD_NOTSUPP
;
1011 skb_pull(skb
, sizeof(*rsp
));
1013 req
= (void *) &smp
->preq
[1];
1015 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1016 if (check_enc_key_size(conn
, key_size
))
1017 return SMP_ENC_KEY_SIZE
;
1019 auth
= rsp
->auth_req
& AUTH_REQ_MASK
;
1021 /* If we need MITM check that it can be achieved */
1022 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1025 method
= get_auth_method(smp
, req
->io_capability
,
1026 rsp
->io_capability
);
1027 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1028 return SMP_AUTH_REQUIREMENTS
;
1031 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1033 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1034 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1036 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request.
1039 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1041 auth
|= req
->auth_req
;
1043 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1045 return SMP_UNSPECIFIED
;
1047 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1049 /* Can't compose response until we have been confirmed */
1050 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1051 return smp_confirm(smp
);
1056 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1058 struct l2cap_chan
*chan
= conn
->smp
;
1059 struct smp_chan
*smp
= chan
->data
;
1061 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1063 if (skb
->len
< sizeof(smp
->pcnf
))
1064 return SMP_INVALID_PARAMS
;
1066 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1067 skb_pull(skb
, sizeof(smp
->pcnf
));
1069 if (conn
->hcon
->out
) {
1070 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1072 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1076 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1077 return smp_confirm(smp
);
1079 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1084 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1086 struct l2cap_chan
*chan
= conn
->smp
;
1087 struct smp_chan
*smp
= chan
->data
;
1089 BT_DBG("conn %p", conn
);
1091 if (skb
->len
< sizeof(smp
->rrnd
))
1092 return SMP_INVALID_PARAMS
;
1094 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1095 skb_pull(skb
, sizeof(smp
->rrnd
));
1097 return smp_random(smp
);
1100 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1102 struct smp_ltk
*key
;
1103 struct hci_conn
*hcon
= conn
->hcon
;
1105 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1110 if (smp_ltk_sec_level(key
) < sec_level
)
1113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1116 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1117 hcon
->enc_key_size
= key
->enc_size
;
1119 /* We never store STKs for master role, so clear this flag */
1120 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1125 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
1126 enum smp_key_pref key_pref
)
1128 if (sec_level
== BT_SECURITY_LOW
)
1131 /* If we're encrypted with an STK but the caller prefers using
1132 * LTK claim insufficient security. This way we allow the
1133 * connection to be re-encrypted with an LTK, even if the LTK
1134 * provides the same level of security. Only exception is if we
1135 * don't have an LTK (e.g. because of key distribution bits).
1137 if (key_pref
== SMP_USE_LTK
&&
1138 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1139 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1143 if (hcon
->sec_level
>= sec_level
)
1149 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1151 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1152 struct smp_cmd_pairing cp
;
1153 struct hci_conn
*hcon
= conn
->hcon
;
1154 struct smp_chan
*smp
;
1157 BT_DBG("conn %p", conn
);
1159 if (skb
->len
< sizeof(*rp
))
1160 return SMP_INVALID_PARAMS
;
1162 if (hcon
->role
!= HCI_ROLE_MASTER
)
1163 return SMP_CMD_NOTSUPP
;
1165 auth
= rp
->auth_req
& AUTH_REQ_MASK
;
1167 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1168 sec_level
= BT_SECURITY_MEDIUM
;
1170 sec_level
= authreq_to_seclevel(auth
);
1172 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1175 if (sec_level
> hcon
->pending_sec_level
)
1176 hcon
->pending_sec_level
= sec_level
;
1178 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1181 smp
= smp_chan_create(conn
);
1183 return SMP_UNSPECIFIED
;
1185 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1186 (auth
& SMP_AUTH_BONDING
))
1187 return SMP_PAIRING_NOTSUPP
;
1189 skb_pull(skb
, sizeof(*rp
));
1191 memset(&cp
, 0, sizeof(cp
));
1192 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1194 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1195 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1197 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1198 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1203 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1205 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1206 struct l2cap_chan
*chan
;
1207 struct smp_chan
*smp
;
1211 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1213 /* This may be NULL if there's an unexpected disconnection */
1219 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1222 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1225 if (sec_level
> hcon
->pending_sec_level
)
1226 hcon
->pending_sec_level
= sec_level
;
1228 if (hcon
->role
== HCI_ROLE_MASTER
)
1229 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1232 l2cap_chan_lock(chan
);
1234 /* If SMP is already in progress ignore this request */
1240 smp
= smp_chan_create(conn
);
1246 authreq
= seclevel_to_authreq(sec_level
);
1248 /* Require MITM if IO Capability allows or the security level
1251 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1252 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1253 authreq
|= SMP_AUTH_MITM
;
1255 if (hcon
->role
== HCI_ROLE_MASTER
) {
1256 struct smp_cmd_pairing cp
;
1258 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1259 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1260 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1262 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1263 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1265 struct smp_cmd_security_req cp
;
1266 cp
.auth_req
= authreq
;
1267 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1268 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1271 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1275 l2cap_chan_unlock(chan
);
1279 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1281 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1282 struct l2cap_chan
*chan
= conn
->smp
;
1283 struct smp_chan
*smp
= chan
->data
;
1285 BT_DBG("conn %p", conn
);
1287 if (skb
->len
< sizeof(*rp
))
1288 return SMP_INVALID_PARAMS
;
1290 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1292 skb_pull(skb
, sizeof(*rp
));
1294 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1299 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1301 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1302 struct l2cap_chan
*chan
= conn
->smp
;
1303 struct smp_chan
*smp
= chan
->data
;
1304 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1305 struct hci_conn
*hcon
= conn
->hcon
;
1306 struct smp_ltk
*ltk
;
1309 BT_DBG("conn %p", conn
);
1311 if (skb
->len
< sizeof(*rp
))
1312 return SMP_INVALID_PARAMS
;
1314 /* Mark the information as received */
1315 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1317 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1318 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1319 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1320 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1322 skb_pull(skb
, sizeof(*rp
));
1324 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1325 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1326 authenticated
, smp
->tk
, smp
->enc_key_size
,
1327 rp
->ediv
, rp
->rand
);
1329 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1330 smp_distribute_keys(smp
);
1335 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1337 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1338 struct l2cap_chan
*chan
= conn
->smp
;
1339 struct smp_chan
*smp
= chan
->data
;
1343 if (skb
->len
< sizeof(*info
))
1344 return SMP_INVALID_PARAMS
;
1346 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1348 skb_pull(skb
, sizeof(*info
));
1350 memcpy(smp
->irk
, info
->irk
, 16);
1355 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1356 struct sk_buff
*skb
)
1358 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1359 struct l2cap_chan
*chan
= conn
->smp
;
1360 struct smp_chan
*smp
= chan
->data
;
1361 struct hci_conn
*hcon
= conn
->hcon
;
1366 if (skb
->len
< sizeof(*info
))
1367 return SMP_INVALID_PARAMS
;
1369 /* Mark the information as received */
1370 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1372 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1373 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1375 skb_pull(skb
, sizeof(*info
));
1377 /* Strictly speaking the Core Specification (4.1) allows sending
1378 * an empty address which would force us to rely on just the IRK
1379 * as "identity information". However, since such
1380 * implementations are not known of and in order to not over
1381 * complicate our implementation, simply pretend that we never
1382 * received an IRK for such a device.
1384 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1385 BT_ERR("Ignoring IRK with no identity address");
1389 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1390 smp
->id_addr_type
= info
->addr_type
;
1392 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1393 bacpy(&rpa
, &hcon
->dst
);
1395 bacpy(&rpa
, BDADDR_ANY
);
1397 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1398 smp
->id_addr_type
, smp
->irk
, &rpa
);
1401 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1402 smp_distribute_keys(smp
);
1407 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1409 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1410 struct l2cap_chan
*chan
= conn
->smp
;
1411 struct smp_chan
*smp
= chan
->data
;
1412 struct smp_csrk
*csrk
;
1414 BT_DBG("conn %p", conn
);
1416 if (skb
->len
< sizeof(*rp
))
1417 return SMP_INVALID_PARAMS
;
1419 /* Mark the information as received */
1420 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1422 skb_pull(skb
, sizeof(*rp
));
1424 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1426 csrk
->master
= 0x01;
1427 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1430 smp_distribute_keys(smp
);
1435 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1437 struct l2cap_conn
*conn
= chan
->conn
;
1438 struct hci_conn
*hcon
= conn
->hcon
;
1439 struct smp_chan
*smp
;
1443 if (hcon
->type
!= LE_LINK
) {
1451 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1452 reason
= SMP_PAIRING_NOTSUPP
;
1456 code
= skb
->data
[0];
1457 skb_pull(skb
, sizeof(code
));
1461 if (code
> SMP_CMD_MAX
)
1464 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
1467 /* If we don't have a context the only allowed commands are
1468 * pairing request and security request.
1470 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1474 case SMP_CMD_PAIRING_REQ
:
1475 reason
= smp_cmd_pairing_req(conn
, skb
);
1478 case SMP_CMD_PAIRING_FAIL
:
1479 smp_failure(conn
, 0);
1483 case SMP_CMD_PAIRING_RSP
:
1484 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1487 case SMP_CMD_SECURITY_REQ
:
1488 reason
= smp_cmd_security_req(conn
, skb
);
1491 case SMP_CMD_PAIRING_CONFIRM
:
1492 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1495 case SMP_CMD_PAIRING_RANDOM
:
1496 reason
= smp_cmd_pairing_random(conn
, skb
);
1499 case SMP_CMD_ENCRYPT_INFO
:
1500 reason
= smp_cmd_encrypt_info(conn
, skb
);
1503 case SMP_CMD_MASTER_IDENT
:
1504 reason
= smp_cmd_master_ident(conn
, skb
);
1507 case SMP_CMD_IDENT_INFO
:
1508 reason
= smp_cmd_ident_info(conn
, skb
);
1511 case SMP_CMD_IDENT_ADDR_INFO
:
1512 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1515 case SMP_CMD_SIGN_INFO
:
1516 reason
= smp_cmd_sign_info(conn
, skb
);
1520 BT_DBG("Unknown command code 0x%2.2x", code
);
1521 reason
= SMP_CMD_NOTSUPP
;
1528 smp_failure(conn
, reason
);
1535 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1541 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1543 struct l2cap_conn
*conn
= chan
->conn
;
1545 BT_DBG("chan %p", chan
);
1548 smp_chan_destroy(conn
);
1551 l2cap_chan_put(chan
);
1554 static void smp_resume_cb(struct l2cap_chan
*chan
)
1556 struct smp_chan
*smp
= chan
->data
;
1557 struct l2cap_conn
*conn
= chan
->conn
;
1558 struct hci_conn
*hcon
= conn
->hcon
;
1560 BT_DBG("chan %p", chan
);
1565 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1568 cancel_delayed_work(&smp
->security_timer
);
1570 smp_distribute_keys(smp
);
1573 static void smp_ready_cb(struct l2cap_chan
*chan
)
1575 struct l2cap_conn
*conn
= chan
->conn
;
1577 BT_DBG("chan %p", chan
);
1580 l2cap_chan_hold(chan
);
1583 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1587 BT_DBG("chan %p", chan
);
1589 err
= smp_sig_channel(chan
, skb
);
1591 struct smp_chan
*smp
= chan
->data
;
1594 cancel_delayed_work_sync(&smp
->security_timer
);
1596 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1602 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1603 unsigned long hdr_len
,
1604 unsigned long len
, int nb
)
1606 struct sk_buff
*skb
;
1608 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1610 return ERR_PTR(-ENOMEM
);
1612 skb
->priority
= HCI_PRIO_MAX
;
1613 bt_cb(skb
)->chan
= chan
;
1618 static const struct l2cap_ops smp_chan_ops
= {
1619 .name
= "Security Manager",
1620 .ready
= smp_ready_cb
,
1621 .recv
= smp_recv_cb
,
1622 .alloc_skb
= smp_alloc_skb_cb
,
1623 .teardown
= smp_teardown_cb
,
1624 .resume
= smp_resume_cb
,
1626 .new_connection
= l2cap_chan_no_new_connection
,
1627 .state_change
= l2cap_chan_no_state_change
,
1628 .close
= l2cap_chan_no_close
,
1629 .defer
= l2cap_chan_no_defer
,
1630 .suspend
= l2cap_chan_no_suspend
,
1631 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1632 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1633 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1636 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1638 struct l2cap_chan
*chan
;
1640 BT_DBG("pchan %p", pchan
);
1642 chan
= l2cap_chan_create();
1646 chan
->chan_type
= pchan
->chan_type
;
1647 chan
->ops
= &smp_chan_ops
;
1648 chan
->scid
= pchan
->scid
;
1649 chan
->dcid
= chan
->scid
;
1650 chan
->imtu
= pchan
->imtu
;
1651 chan
->omtu
= pchan
->omtu
;
1652 chan
->mode
= pchan
->mode
;
1654 /* Other L2CAP channels may request SMP routines in order to
1655 * change the security level. This means that the SMP channel
1656 * lock must be considered in its own category to avoid lockdep
1659 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
1661 BT_DBG("created chan %p", chan
);
1666 static const struct l2cap_ops smp_root_chan_ops
= {
1667 .name
= "Security Manager Root",
1668 .new_connection
= smp_new_conn_cb
,
1670 /* None of these are implemented for the root channel */
1671 .close
= l2cap_chan_no_close
,
1672 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1673 .recv
= l2cap_chan_no_recv
,
1674 .state_change
= l2cap_chan_no_state_change
,
1675 .teardown
= l2cap_chan_no_teardown
,
1676 .ready
= l2cap_chan_no_ready
,
1677 .defer
= l2cap_chan_no_defer
,
1678 .suspend
= l2cap_chan_no_suspend
,
1679 .resume
= l2cap_chan_no_resume
,
1680 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1681 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1682 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1685 int smp_register(struct hci_dev
*hdev
)
1687 struct l2cap_chan
*chan
;
1688 struct crypto_blkcipher
*tfm_aes
;
1690 BT_DBG("%s", hdev
->name
);
1692 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1693 if (IS_ERR(tfm_aes
)) {
1694 int err
= PTR_ERR(tfm_aes
);
1695 BT_ERR("Unable to create crypto context");
1699 chan
= l2cap_chan_create();
1701 crypto_free_blkcipher(tfm_aes
);
1705 chan
->data
= tfm_aes
;
1707 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1709 l2cap_chan_set_defaults(chan
);
1711 bacpy(&chan
->src
, &hdev
->bdaddr
);
1712 chan
->src_type
= BDADDR_LE_PUBLIC
;
1713 chan
->state
= BT_LISTEN
;
1714 chan
->mode
= L2CAP_MODE_BASIC
;
1715 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1716 chan
->ops
= &smp_root_chan_ops
;
1718 /* Set correct nesting level for a parent/listening channel */
1719 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
1721 hdev
->smp_data
= chan
;
1726 void smp_unregister(struct hci_dev
*hdev
)
1728 struct l2cap_chan
*chan
= hdev
->smp_data
;
1729 struct crypto_blkcipher
*tfm_aes
;
1734 BT_DBG("%s chan %p", hdev
->name
, chan
);
1736 tfm_aes
= chan
->data
;
1739 crypto_free_blkcipher(tfm_aes
);
1742 hdev
->smp_data
= NULL
;
1743 l2cap_chan_put(chan
);