projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add SMP-internal timeout callback
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 struct delayed_work security_timer;
49
50 u8 preq[7]; /* SMP Pairing Request */
51 u8 prsp[7]; /* SMP Pairing Response */
52 u8 prnd[16]; /* SMP Pairing Random (local) */
53 u8 rrnd[16]; /* SMP Pairing Random (remote) */
54 u8 pcnf[16]; /* SMP Pairing Confirm */
55 u8 tk[16]; /* SMP Temporary Key */
56 u8 enc_key_size;
57 u8 remote_key_dist;
58 bdaddr_t id_addr;
59 u8 id_addr_type;
60 u8 irk[16];
61 struct smp_csrk *csrk;
62 struct smp_csrk *slave_csrk;
63 struct smp_ltk *ltk;
64 struct smp_ltk *slave_ltk;
65 struct smp_irk *remote_irk;
66 unsigned long flags;
67
68 struct crypto_blkcipher *tfm_aes;
69 };
70
71 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
72 {
73 size_t i;
74
75 for (i = 0; i < len; i++)
76 dst[len - 1 - i] = src[i];
77 }
78
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
80 {
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
84 int err;
85
86 if (tfm == NULL) {
87 BT_ERR("tfm %p", tfm);
88 return -EINVAL;
89 }
90
91 desc.tfm = tfm;
92 desc.flags = 0;
93
94 /* The most significant octet of key corresponds to k[0] */
95 swap_buf(k, tmp, 16);
96
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
98 if (err) {
99 BT_ERR("cipher setkey failed: %d", err);
100 return err;
101 }
102
103 /* Most significant octet of plaintextData corresponds to data[0] */
104 swap_buf(r, data, 16);
105
106 sg_init_one(&sg, data, 16);
107
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
109 if (err)
110 BT_ERR("Encrypt data error %d", err);
111
112 /* Most significant octet of encryptedData corresponds to data[0] */
113 swap_buf(data, r, 16);
114
115 return err;
116 }
117
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
119 {
120 u8 _res[16];
121 int err;
122
123 /* r' = padding || r */
124 memcpy(_res, r, 3);
125 memset(_res + 3, 0, 13);
126
127 err = smp_e(tfm, irk, _res);
128 if (err) {
129 BT_ERR("Encrypt error");
130 return err;
131 }
132
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
137 * result of ah.
138 */
139 memcpy(res, _res, 3);
140
141 return 0;
142 }
143
144 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
145 {
146 struct l2cap_chan *chan = hdev->smp_data;
147 struct crypto_blkcipher *tfm;
148 u8 hash[3];
149 int err;
150
151 if (!chan || !chan->data)
152 return false;
153
154 tfm = chan->data;
155
156 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
157
158 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
159 if (err)
160 return false;
161
162 return !memcmp(bdaddr->b, hash, 3);
163 }
164
165 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
166 {
167 struct l2cap_chan *chan = hdev->smp_data;
168 struct crypto_blkcipher *tfm;
169 int err;
170
171 if (!chan || !chan->data)
172 return -EOPNOTSUPP;
173
174 tfm = chan->data;
175
176 get_random_bytes(&rpa->b[3], 3);
177
178 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
179 rpa->b[5] |= 0x40; /* Set second most significant bit */
180
181 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
182 if (err < 0)
183 return err;
184
185 BT_DBG("RPA %pMR", rpa);
186
187 return 0;
188 }
189
190 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
191 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
192 u8 res[16])
193 {
194 struct hci_dev *hdev = smp->conn->hcon->hdev;
195 u8 p1[16], p2[16];
196 int err;
197
198 BT_DBG("%s", hdev->name);
199
200 memset(p1, 0, 16);
201
202 /* p1 = pres || preq || _rat || _iat */
203 p1[0] = _iat;
204 p1[1] = _rat;
205 memcpy(p1 + 2, preq, 7);
206 memcpy(p1 + 9, pres, 7);
207
208 /* p2 = padding || ia || ra */
209 memcpy(p2, ra, 6);
210 memcpy(p2 + 6, ia, 6);
211 memset(p2 + 12, 0, 4);
212
213 /* res = r XOR p1 */
214 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
215
216 /* res = e(k, res) */
217 err = smp_e(smp->tfm_aes, k, res);
218 if (err) {
219 BT_ERR("Encrypt data error");
220 return err;
221 }
222
223 /* res = res XOR p2 */
224 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
225
226 /* res = e(k, res) */
227 err = smp_e(smp->tfm_aes, k, res);
228 if (err)
229 BT_ERR("Encrypt data error");
230
231 return err;
232 }
233
234 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
235 u8 _r[16])
236 {
237 struct hci_dev *hdev = smp->conn->hcon->hdev;
238 int err;
239
240 BT_DBG("%s", hdev->name);
241
242 /* Just least significant octets from r1 and r2 are considered */
243 memcpy(_r, r2, 8);
244 memcpy(_r + 8, r1, 8);
245
246 err = smp_e(smp->tfm_aes, k, _r);
247 if (err)
248 BT_ERR("Encrypt data error");
249
250 return err;
251 }
252
253 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
254 {
255 struct l2cap_chan *chan = conn->smp;
256 struct smp_chan *smp;
257 struct kvec iv[2];
258 struct msghdr msg;
259
260 if (!chan)
261 return;
262
263 BT_DBG("code 0x%2.2x", code);
264
265 iv[0].iov_base = &code;
266 iv[0].iov_len = 1;
267
268 iv[1].iov_base = data;
269 iv[1].iov_len = len;
270
271 memset(&msg, 0, sizeof(msg));
272
273 msg.msg_iov = (struct iovec *) &iv;
274 msg.msg_iovlen = 2;
275
276 l2cap_chan_send(chan, &msg, 1 + len);
277
278 if (!chan->data)
279 return;
280
281 smp = chan->data;
282
283 cancel_delayed_work_sync(&smp->security_timer);
284 if (test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
285 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
286 }
287
288 static __u8 authreq_to_seclevel(__u8 authreq)
289 {
290 if (authreq & SMP_AUTH_MITM)
291 return BT_SECURITY_HIGH;
292 else
293 return BT_SECURITY_MEDIUM;
294 }
295
296 static __u8 seclevel_to_authreq(__u8 sec_level)
297 {
298 switch (sec_level) {
299 case BT_SECURITY_HIGH:
300 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
301 case BT_SECURITY_MEDIUM:
302 return SMP_AUTH_BONDING;
303 default:
304 return SMP_AUTH_NONE;
305 }
306 }
307
308 static void build_pairing_cmd(struct l2cap_conn *conn,
309 struct smp_cmd_pairing *req,
310 struct smp_cmd_pairing *rsp, __u8 authreq)
311 {
312 struct l2cap_chan *chan = conn->smp;
313 struct smp_chan *smp = chan->data;
314 struct hci_conn *hcon = conn->hcon;
315 struct hci_dev *hdev = hcon->hdev;
316 u8 local_dist = 0, remote_dist = 0;
317
318 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
319 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
320 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
321 authreq |= SMP_AUTH_BONDING;
322 } else {
323 authreq &= ~SMP_AUTH_BONDING;
324 }
325
326 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
327 remote_dist |= SMP_DIST_ID_KEY;
328
329 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
330 local_dist |= SMP_DIST_ID_KEY;
331
332 if (rsp == NULL) {
333 req->io_capability = conn->hcon->io_capability;
334 req->oob_flag = SMP_OOB_NOT_PRESENT;
335 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
336 req->init_key_dist = local_dist;
337 req->resp_key_dist = remote_dist;
338 req->auth_req = (authreq & AUTH_REQ_MASK);
339
340 smp->remote_key_dist = remote_dist;
341 return;
342 }
343
344 rsp->io_capability = conn->hcon->io_capability;
345 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
346 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
347 rsp->init_key_dist = req->init_key_dist & remote_dist;
348 rsp->resp_key_dist = req->resp_key_dist & local_dist;
349 rsp->auth_req = (authreq & AUTH_REQ_MASK);
350
351 smp->remote_key_dist = rsp->init_key_dist;
352 }
353
354 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
355 {
356 struct l2cap_chan *chan = conn->smp;
357 struct smp_chan *smp = chan->data;
358
359 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
360 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
361 return SMP_ENC_KEY_SIZE;
362
363 smp->enc_key_size = max_key_size;
364
365 return 0;
366 }
367
368 static void smp_failure(struct l2cap_conn *conn, u8 reason)
369 {
370 struct hci_conn *hcon = conn->hcon;
371 struct l2cap_chan *chan = conn->smp;
372 struct smp_chan *smp;
373
374 if (reason)
375 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
376 &reason);
377
378 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
379 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
380 HCI_ERROR_AUTH_FAILURE);
381
382 if (!chan->data)
383 return;
384
385 smp = chan->data;
386
387 cancel_delayed_work_sync(&smp->security_timer);
388
389 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
390 smp_chan_destroy(conn);
391 }
392
393 #define JUST_WORKS 0x00
394 #define JUST_CFM 0x01
395 #define REQ_PASSKEY 0x02
396 #define CFM_PASSKEY 0x03
397 #define REQ_OOB 0x04
398 #define OVERLAP 0xFF
399
400 static const u8 gen_method[5][5] = {
401 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
402 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
403 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
404 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
405 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
406 };
407
408 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
409 {
410 /* If either side has unknown io_caps, use JUST_CFM (which gets
411 * converted later to JUST_WORKS if we're initiators.
412 */
413 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
414 remote_io > SMP_IO_KEYBOARD_DISPLAY)
415 return JUST_CFM;
416
417 return gen_method[remote_io][local_io];
418 }
419
420 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
421 u8 local_io, u8 remote_io)
422 {
423 struct hci_conn *hcon = conn->hcon;
424 struct l2cap_chan *chan = conn->smp;
425 struct smp_chan *smp = chan->data;
426 u8 method;
427 u32 passkey = 0;
428 int ret = 0;
429
430 /* Initialize key for JUST WORKS */
431 memset(smp->tk, 0, sizeof(smp->tk));
432 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
433
434 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
435
436 /* If neither side wants MITM, either "just" confirm an incoming
437 * request or use just-works for outgoing ones. The JUST_CFM
438 * will be converted to JUST_WORKS if necessary later in this
439 * function. If either side has MITM look up the method from the
440 * table.
441 */
442 if (!(auth & SMP_AUTH_MITM))
443 method = JUST_CFM;
444 else
445 method = get_auth_method(smp, local_io, remote_io);
446
447 /* Don't confirm locally initiated pairing attempts */
448 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
449 method = JUST_WORKS;
450
451 /* Don't bother user space with no IO capabilities */
452 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
453 method = JUST_WORKS;
454
455 /* If Just Works, Continue with Zero TK */
456 if (method == JUST_WORKS) {
457 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
458 return 0;
459 }
460
461 /* Not Just Works/Confirm results in MITM Authentication */
462 if (method != JUST_CFM)
463 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
464
465 /* If both devices have Keyoard-Display I/O, the master
466 * Confirms and the slave Enters the passkey.
467 */
468 if (method == OVERLAP) {
469 if (hcon->role == HCI_ROLE_MASTER)
470 method = CFM_PASSKEY;
471 else
472 method = REQ_PASSKEY;
473 }
474
475 /* Generate random passkey. */
476 if (method == CFM_PASSKEY) {
477 memset(smp->tk, 0, sizeof(smp->tk));
478 get_random_bytes(&passkey, sizeof(passkey));
479 passkey %= 1000000;
480 put_unaligned_le32(passkey, smp->tk);
481 BT_DBG("PassKey: %d", passkey);
482 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
483 }
484
485 hci_dev_lock(hcon->hdev);
486
487 if (method == REQ_PASSKEY)
488 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
489 hcon->type, hcon->dst_type);
490 else if (method == JUST_CFM)
491 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
492 hcon->type, hcon->dst_type,
493 passkey, 1);
494 else
495 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
496 hcon->type, hcon->dst_type,
497 passkey, 0);
498
499 hci_dev_unlock(hcon->hdev);
500
501 return ret;
502 }
503
504 static u8 smp_confirm(struct smp_chan *smp)
505 {
506 struct l2cap_conn *conn = smp->conn;
507 struct smp_cmd_pairing_confirm cp;
508 int ret;
509
510 BT_DBG("conn %p", conn);
511
512 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
513 conn->hcon->init_addr_type, &conn->hcon->init_addr,
514 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
515 cp.confirm_val);
516 if (ret)
517 return SMP_UNSPECIFIED;
518
519 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
520
521 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
522
523 return 0;
524 }
525
526 static u8 smp_random(struct smp_chan *smp)
527 {
528 struct l2cap_conn *conn = smp->conn;
529 struct hci_conn *hcon = conn->hcon;
530 u8 confirm[16];
531 int ret;
532
533 if (IS_ERR_OR_NULL(smp->tfm_aes))
534 return SMP_UNSPECIFIED;
535
536 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
537
538 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
539 hcon->init_addr_type, &hcon->init_addr,
540 hcon->resp_addr_type, &hcon->resp_addr, confirm);
541 if (ret)
542 return SMP_UNSPECIFIED;
543
544 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
545 BT_ERR("Pairing failed (confirmation values mismatch)");
546 return SMP_CONFIRM_FAILED;
547 }
548
549 if (hcon->out) {
550 u8 stk[16];
551 __le64 rand = 0;
552 __le16 ediv = 0;
553
554 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
555
556 memset(stk + smp->enc_key_size, 0,
557 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
558
559 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
560 return SMP_UNSPECIFIED;
561
562 hci_le_start_enc(hcon, ediv, rand, stk);
563 hcon->enc_key_size = smp->enc_key_size;
564 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
565 } else {
566 u8 stk[16], auth;
567 __le64 rand = 0;
568 __le16 ediv = 0;
569
570 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
571 smp->prnd);
572
573 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
574
575 memset(stk + smp->enc_key_size, 0,
576 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
577
578 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
579 auth = 1;
580 else
581 auth = 0;
582
583 /* Even though there's no _SLAVE suffix this is the
584 * slave STK we're adding for later lookup (the master
585 * STK never needs to be stored).
586 */
587 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
588 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
589 }
590
591 return 0;
592 }
593
594 static void smp_notify_keys(struct l2cap_conn *conn)
595 {
596 struct l2cap_chan *chan = conn->smp;
597 struct smp_chan *smp = chan->data;
598 struct hci_conn *hcon = conn->hcon;
599 struct hci_dev *hdev = hcon->hdev;
600 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
601 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
602 bool persistent;
603
604 if (smp->remote_irk) {
605 mgmt_new_irk(hdev, smp->remote_irk);
606 /* Now that user space can be considered to know the
607 * identity address track the connection based on it
608 * from now on.
609 */
610 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
611 hcon->dst_type = smp->remote_irk->addr_type;
612 l2cap_conn_update_id_addr(hcon);
613
614 /* When receiving an indentity resolving key for
615 * a remote device that does not use a resolvable
616 * private address, just remove the key so that
617 * it is possible to use the controller white
618 * list for scanning.
619 *
620 * Userspace will have been told to not store
621 * this key at this point. So it is safe to
622 * just remove it.
623 */
624 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
625 list_del(&smp->remote_irk->list);
626 kfree(smp->remote_irk);
627 smp->remote_irk = NULL;
628 }
629 }
630
631 /* The LTKs and CSRKs should be persistent only if both sides
632 * had the bonding bit set in their authentication requests.
633 */
634 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
635
636 if (smp->csrk) {
637 smp->csrk->bdaddr_type = hcon->dst_type;
638 bacpy(&smp->csrk->bdaddr, &hcon->dst);
639 mgmt_new_csrk(hdev, smp->csrk, persistent);
640 }
641
642 if (smp->slave_csrk) {
643 smp->slave_csrk->bdaddr_type = hcon->dst_type;
644 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
645 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
646 }
647
648 if (smp->ltk) {
649 smp->ltk->bdaddr_type = hcon->dst_type;
650 bacpy(&smp->ltk->bdaddr, &hcon->dst);
651 mgmt_new_ltk(hdev, smp->ltk, persistent);
652 }
653
654 if (smp->slave_ltk) {
655 smp->slave_ltk->bdaddr_type = hcon->dst_type;
656 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
657 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
658 }
659 }
660
661 static int smp_distribute_keys(struct l2cap_conn *conn)
662 {
663 struct smp_cmd_pairing *req, *rsp;
664 struct l2cap_chan *chan = conn->smp;
665 struct smp_chan *smp = chan->data;
666 struct hci_conn *hcon = conn->hcon;
667 struct hci_dev *hdev = hcon->hdev;
668 __u8 *keydist;
669
670 BT_DBG("conn %p", conn);
671
672 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
673 return 0;
674
675 rsp = (void *) &smp->prsp[1];
676
677 /* The responder sends its keys first */
678 if (hcon->out && (smp->remote_key_dist & 0x07))
679 return 0;
680
681 req = (void *) &smp->preq[1];
682
683 if (hcon->out) {
684 keydist = &rsp->init_key_dist;
685 *keydist &= req->init_key_dist;
686 } else {
687 keydist = &rsp->resp_key_dist;
688 *keydist &= req->resp_key_dist;
689 }
690
691 BT_DBG("keydist 0x%x", *keydist);
692
693 if (*keydist & SMP_DIST_ENC_KEY) {
694 struct smp_cmd_encrypt_info enc;
695 struct smp_cmd_master_ident ident;
696 struct smp_ltk *ltk;
697 u8 authenticated;
698 __le16 ediv;
699 __le64 rand;
700
701 get_random_bytes(enc.ltk, sizeof(enc.ltk));
702 get_random_bytes(&ediv, sizeof(ediv));
703 get_random_bytes(&rand, sizeof(rand));
704
705 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
706
707 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
708 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
709 SMP_LTK_SLAVE, authenticated, enc.ltk,
710 smp->enc_key_size, ediv, rand);
711 smp->slave_ltk = ltk;
712
713 ident.ediv = ediv;
714 ident.rand = rand;
715
716 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
717
718 *keydist &= ~SMP_DIST_ENC_KEY;
719 }
720
721 if (*keydist & SMP_DIST_ID_KEY) {
722 struct smp_cmd_ident_addr_info addrinfo;
723 struct smp_cmd_ident_info idinfo;
724
725 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
726
727 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
728
729 /* The hci_conn contains the local identity address
730 * after the connection has been established.
731 *
732 * This is true even when the connection has been
733 * established using a resolvable random address.
734 */
735 bacpy(&addrinfo.bdaddr, &hcon->src);
736 addrinfo.addr_type = hcon->src_type;
737
738 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
739 &addrinfo);
740
741 *keydist &= ~SMP_DIST_ID_KEY;
742 }
743
744 if (*keydist & SMP_DIST_SIGN) {
745 struct smp_cmd_sign_info sign;
746 struct smp_csrk *csrk;
747
748 /* Generate a new random key */
749 get_random_bytes(sign.csrk, sizeof(sign.csrk));
750
751 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
752 if (csrk) {
753 csrk->master = 0x00;
754 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
755 }
756 smp->slave_csrk = csrk;
757
758 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
759
760 *keydist &= ~SMP_DIST_SIGN;
761 }
762
763 /* If there are still keys to be received wait for them */
764 if ((smp->remote_key_dist & 0x07))
765 return 0;
766
767 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
768 cancel_delayed_work_sync(&smp->security_timer);
769 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
770 smp_notify_keys(conn);
771
772 smp_chan_destroy(conn);
773
774 return 0;
775 }
776
777 static void smp_timeout(struct work_struct *work)
778 {
779 struct smp_chan *smp = container_of(work, struct smp_chan,
780 security_timer.work);
781 struct l2cap_conn *conn = smp->conn;
782
783 BT_DBG("conn %p", conn);
784
785 l2cap_conn_shutdown(conn, ETIMEDOUT);
786 }
787
788 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
789 {
790 struct l2cap_chan *chan = conn->smp;
791 struct smp_chan *smp;
792
793 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
794 if (!smp) {
795 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
796 return NULL;
797 }
798
799 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
800 if (IS_ERR(smp->tfm_aes)) {
801 BT_ERR("Unable to create ECB crypto context");
802 kfree(smp);
803 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
804 return NULL;
805 }
806
807 smp->conn = conn;
808 chan->data = smp;
809
810 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
811
812 hci_conn_hold(conn->hcon);
813
814 return smp;
815 }
816
817 void smp_chan_destroy(struct l2cap_conn *conn)
818 {
819 struct l2cap_chan *chan = conn->smp;
820 struct smp_chan *smp = chan->data;
821 bool complete;
822
823 BUG_ON(!smp);
824
825 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
826 mgmt_smp_complete(conn->hcon, complete);
827
828 kfree(smp->csrk);
829 kfree(smp->slave_csrk);
830
831 crypto_free_blkcipher(smp->tfm_aes);
832
833 /* If pairing failed clean up any keys we might have */
834 if (!complete) {
835 if (smp->ltk) {
836 list_del(&smp->ltk->list);
837 kfree(smp->ltk);
838 }
839
840 if (smp->slave_ltk) {
841 list_del(&smp->slave_ltk->list);
842 kfree(smp->slave_ltk);
843 }
844
845 if (smp->remote_irk) {
846 list_del(&smp->remote_irk->list);
847 kfree(smp->remote_irk);
848 }
849 }
850
851 chan->data = NULL;
852 kfree(smp);
853 hci_conn_drop(conn->hcon);
854 }
855
856 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
857 {
858 struct l2cap_conn *conn = hcon->l2cap_data;
859 struct l2cap_chan *chan;
860 struct smp_chan *smp;
861 u32 value;
862
863 BT_DBG("");
864
865 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
866 return -ENOTCONN;
867
868 chan = conn->smp;
869 if (!chan)
870 return -ENOTCONN;
871
872 smp = chan->data;
873
874 switch (mgmt_op) {
875 case MGMT_OP_USER_PASSKEY_REPLY:
876 value = le32_to_cpu(passkey);
877 memset(smp->tk, 0, sizeof(smp->tk));
878 BT_DBG("PassKey: %d", value);
879 put_unaligned_le32(value, smp->tk);
880 /* Fall Through */
881 case MGMT_OP_USER_CONFIRM_REPLY:
882 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
883 break;
884 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
885 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
886 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
887 return 0;
888 default:
889 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
890 return -EOPNOTSUPP;
891 }
892
893 /* If it is our turn to send Pairing Confirm, do so now */
894 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
895 u8 rsp = smp_confirm(smp);
896 if (rsp)
897 smp_failure(conn, rsp);
898 }
899
900 return 0;
901 }
902
903 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
904 {
905 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
906 struct hci_dev *hdev = conn->hcon->hdev;
907 struct smp_chan *smp;
908 u8 key_size, auth, sec_level;
909 int ret;
910
911 BT_DBG("conn %p", conn);
912
913 if (skb->len < sizeof(*req))
914 return SMP_INVALID_PARAMS;
915
916 if (conn->hcon->role != HCI_ROLE_SLAVE)
917 return SMP_CMD_NOTSUPP;
918
919 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
920 smp = smp_chan_create(conn);
921 } else {
922 struct l2cap_chan *chan = conn->smp;
923 smp = chan->data;
924 }
925
926 if (!smp)
927 return SMP_UNSPECIFIED;
928
929 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
930 (req->auth_req & SMP_AUTH_BONDING))
931 return SMP_PAIRING_NOTSUPP;
932
933 smp->preq[0] = SMP_CMD_PAIRING_REQ;
934 memcpy(&smp->preq[1], req, sizeof(*req));
935 skb_pull(skb, sizeof(*req));
936
937 /* We didn't start the pairing, so match remote */
938 auth = req->auth_req;
939
940 sec_level = authreq_to_seclevel(auth);
941 if (sec_level > conn->hcon->pending_sec_level)
942 conn->hcon->pending_sec_level = sec_level;
943
944 /* If we need MITM check that it can be acheived */
945 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
946 u8 method;
947
948 method = get_auth_method(smp, conn->hcon->io_capability,
949 req->io_capability);
950 if (method == JUST_WORKS || method == JUST_CFM)
951 return SMP_AUTH_REQUIREMENTS;
952 }
953
954 build_pairing_cmd(conn, req, &rsp, auth);
955
956 key_size = min(req->max_key_size, rsp.max_key_size);
957 if (check_enc_key_size(conn, key_size))
958 return SMP_ENC_KEY_SIZE;
959
960 get_random_bytes(smp->prnd, sizeof(smp->prnd));
961
962 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
963 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
964
965 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
966
967 /* Request setup of TK */
968 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
969 if (ret)
970 return SMP_UNSPECIFIED;
971
972 return 0;
973 }
974
975 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
976 {
977 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
978 struct l2cap_chan *chan = conn->smp;
979 struct smp_chan *smp = chan->data;
980 u8 key_size, auth = SMP_AUTH_NONE;
981 int ret;
982
983 BT_DBG("conn %p", conn);
984
985 if (skb->len < sizeof(*rsp))
986 return SMP_INVALID_PARAMS;
987
988 if (conn->hcon->role != HCI_ROLE_MASTER)
989 return SMP_CMD_NOTSUPP;
990
991 skb_pull(skb, sizeof(*rsp));
992
993 req = (void *) &smp->preq[1];
994
995 key_size = min(req->max_key_size, rsp->max_key_size);
996 if (check_enc_key_size(conn, key_size))
997 return SMP_ENC_KEY_SIZE;
998
999 /* If we need MITM check that it can be acheived */
1000 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1001 u8 method;
1002
1003 method = get_auth_method(smp, req->io_capability,
1004 rsp->io_capability);
1005 if (method == JUST_WORKS || method == JUST_CFM)
1006 return SMP_AUTH_REQUIREMENTS;
1007 }
1008
1009 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1010
1011 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1012 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1013
1014 /* Update remote key distribution in case the remote cleared
1015 * some bits that we had enabled in our request.
1016 */
1017 smp->remote_key_dist &= rsp->resp_key_dist;
1018
1019 if ((req->auth_req & SMP_AUTH_BONDING) &&
1020 (rsp->auth_req & SMP_AUTH_BONDING))
1021 auth = SMP_AUTH_BONDING;
1022
1023 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1024
1025 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1026 if (ret)
1027 return SMP_UNSPECIFIED;
1028
1029 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1030
1031 /* Can't compose response until we have been confirmed */
1032 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1033 return smp_confirm(smp);
1034
1035 return 0;
1036 }
1037
1038 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1039 {
1040 struct l2cap_chan *chan = conn->smp;
1041 struct smp_chan *smp = chan->data;
1042
1043 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1044
1045 if (skb->len < sizeof(smp->pcnf))
1046 return SMP_INVALID_PARAMS;
1047
1048 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1049 skb_pull(skb, sizeof(smp->pcnf));
1050
1051 if (conn->hcon->out)
1052 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1053 smp->prnd);
1054 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1055 return smp_confirm(smp);
1056 else
1057 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1058
1059 return 0;
1060 }
1061
1062 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1063 {
1064 struct l2cap_chan *chan = conn->smp;
1065 struct smp_chan *smp = chan->data;
1066
1067 BT_DBG("conn %p", conn);
1068
1069 if (skb->len < sizeof(smp->rrnd))
1070 return SMP_INVALID_PARAMS;
1071
1072 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1073 skb_pull(skb, sizeof(smp->rrnd));
1074
1075 return smp_random(smp);
1076 }
1077
1078 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1079 {
1080 struct smp_ltk *key;
1081 struct hci_conn *hcon = conn->hcon;
1082
1083 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1084 hcon->role);
1085 if (!key)
1086 return false;
1087
1088 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1089 return false;
1090
1091 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1092 return true;
1093
1094 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1095 hcon->enc_key_size = key->enc_size;
1096
1097 /* We never store STKs for master role, so clear this flag */
1098 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1099
1100 return true;
1101 }
1102
1103 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1104 {
1105 if (sec_level == BT_SECURITY_LOW)
1106 return true;
1107
1108 /* If we're encrypted with an STK always claim insufficient
1109 * security. This way we allow the connection to be re-encrypted
1110 * with an LTK, even if the LTK provides the same level of
1111 * security. Only exception is if we don't have an LTK (e.g.
1112 * because of key distribution bits).
1113 */
1114 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1115 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1116 hcon->role))
1117 return false;
1118
1119 if (hcon->sec_level >= sec_level)
1120 return true;
1121
1122 return false;
1123 }
1124
1125 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1126 {
1127 struct smp_cmd_security_req *rp = (void *) skb->data;
1128 struct smp_cmd_pairing cp;
1129 struct hci_conn *hcon = conn->hcon;
1130 struct smp_chan *smp;
1131 u8 sec_level;
1132
1133 BT_DBG("conn %p", conn);
1134
1135 if (skb->len < sizeof(*rp))
1136 return SMP_INVALID_PARAMS;
1137
1138 if (hcon->role != HCI_ROLE_MASTER)
1139 return SMP_CMD_NOTSUPP;
1140
1141 sec_level = authreq_to_seclevel(rp->auth_req);
1142 if (smp_sufficient_security(hcon, sec_level))
1143 return 0;
1144
1145 if (sec_level > hcon->pending_sec_level)
1146 hcon->pending_sec_level = sec_level;
1147
1148 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1149 return 0;
1150
1151 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1152 return 0;
1153
1154 smp = smp_chan_create(conn);
1155 if (!smp)
1156 return SMP_UNSPECIFIED;
1157
1158 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1159 (rp->auth_req & SMP_AUTH_BONDING))
1160 return SMP_PAIRING_NOTSUPP;
1161
1162 skb_pull(skb, sizeof(*rp));
1163
1164 memset(&cp, 0, sizeof(cp));
1165 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1166
1167 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1168 memcpy(&smp->preq[1], &cp, sizeof(cp));
1169
1170 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1171
1172 return 0;
1173 }
1174
1175 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1176 {
1177 struct l2cap_conn *conn = hcon->l2cap_data;
1178 struct smp_chan *smp;
1179 __u8 authreq;
1180
1181 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1182
1183 /* This may be NULL if there's an unexpected disconnection */
1184 if (!conn)
1185 return 1;
1186
1187 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1188 return 1;
1189
1190 if (smp_sufficient_security(hcon, sec_level))
1191 return 1;
1192
1193 if (sec_level > hcon->pending_sec_level)
1194 hcon->pending_sec_level = sec_level;
1195
1196 if (hcon->role == HCI_ROLE_MASTER)
1197 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1198 return 0;
1199
1200 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1201 return 0;
1202
1203 smp = smp_chan_create(conn);
1204 if (!smp)
1205 return 1;
1206
1207 authreq = seclevel_to_authreq(sec_level);
1208
1209 /* Require MITM if IO Capability allows or the security level
1210 * requires it.
1211 */
1212 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1213 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1214 authreq |= SMP_AUTH_MITM;
1215
1216 if (hcon->role == HCI_ROLE_MASTER) {
1217 struct smp_cmd_pairing cp;
1218
1219 build_pairing_cmd(conn, &cp, NULL, authreq);
1220 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1221 memcpy(&smp->preq[1], &cp, sizeof(cp));
1222
1223 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1224 } else {
1225 struct smp_cmd_security_req cp;
1226 cp.auth_req = authreq;
1227 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1228 }
1229
1230 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1231
1232 return 0;
1233 }
1234
1235 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1236 {
1237 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1238 struct l2cap_chan *chan = conn->smp;
1239 struct smp_chan *smp = chan->data;
1240
1241 BT_DBG("conn %p", conn);
1242
1243 if (skb->len < sizeof(*rp))
1244 return SMP_INVALID_PARAMS;
1245
1246 /* Ignore this PDU if it wasn't requested */
1247 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1248 return 0;
1249
1250 skb_pull(skb, sizeof(*rp));
1251
1252 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1253
1254 return 0;
1255 }
1256
1257 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1258 {
1259 struct smp_cmd_master_ident *rp = (void *) skb->data;
1260 struct l2cap_chan *chan = conn->smp;
1261 struct smp_chan *smp = chan->data;
1262 struct hci_dev *hdev = conn->hcon->hdev;
1263 struct hci_conn *hcon = conn->hcon;
1264 struct smp_ltk *ltk;
1265 u8 authenticated;
1266
1267 BT_DBG("conn %p", conn);
1268
1269 if (skb->len < sizeof(*rp))
1270 return SMP_INVALID_PARAMS;
1271
1272 /* Ignore this PDU if it wasn't requested */
1273 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1274 return 0;
1275
1276 /* Mark the information as received */
1277 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1278
1279 skb_pull(skb, sizeof(*rp));
1280
1281 hci_dev_lock(hdev);
1282 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1283 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1284 authenticated, smp->tk, smp->enc_key_size,
1285 rp->ediv, rp->rand);
1286 smp->ltk = ltk;
1287 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1288 smp_distribute_keys(conn);
1289 hci_dev_unlock(hdev);
1290
1291 return 0;
1292 }
1293
1294 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1295 {
1296 struct smp_cmd_ident_info *info = (void *) skb->data;
1297 struct l2cap_chan *chan = conn->smp;
1298 struct smp_chan *smp = chan->data;
1299
1300 BT_DBG("");
1301
1302 if (skb->len < sizeof(*info))
1303 return SMP_INVALID_PARAMS;
1304
1305 /* Ignore this PDU if it wasn't requested */
1306 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1307 return 0;
1308
1309 skb_pull(skb, sizeof(*info));
1310
1311 memcpy(smp->irk, info->irk, 16);
1312
1313 return 0;
1314 }
1315
1316 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1317 struct sk_buff *skb)
1318 {
1319 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1320 struct l2cap_chan *chan = conn->smp;
1321 struct smp_chan *smp = chan->data;
1322 struct hci_conn *hcon = conn->hcon;
1323 bdaddr_t rpa;
1324
1325 BT_DBG("");
1326
1327 if (skb->len < sizeof(*info))
1328 return SMP_INVALID_PARAMS;
1329
1330 /* Ignore this PDU if it wasn't requested */
1331 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1332 return 0;
1333
1334 /* Mark the information as received */
1335 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1336
1337 skb_pull(skb, sizeof(*info));
1338
1339 hci_dev_lock(hcon->hdev);
1340
1341 /* Strictly speaking the Core Specification (4.1) allows sending
1342 * an empty address which would force us to rely on just the IRK
1343 * as "identity information". However, since such
1344 * implementations are not known of and in order to not over
1345 * complicate our implementation, simply pretend that we never
1346 * received an IRK for such a device.
1347 */
1348 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1349 BT_ERR("Ignoring IRK with no identity address");
1350 goto distribute;
1351 }
1352
1353 bacpy(&smp->id_addr, &info->bdaddr);
1354 smp->id_addr_type = info->addr_type;
1355
1356 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1357 bacpy(&rpa, &hcon->dst);
1358 else
1359 bacpy(&rpa, BDADDR_ANY);
1360
1361 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1362 smp->id_addr_type, smp->irk, &rpa);
1363
1364 distribute:
1365 smp_distribute_keys(conn);
1366
1367 hci_dev_unlock(hcon->hdev);
1368
1369 return 0;
1370 }
1371
1372 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1373 {
1374 struct smp_cmd_sign_info *rp = (void *) skb->data;
1375 struct l2cap_chan *chan = conn->smp;
1376 struct smp_chan *smp = chan->data;
1377 struct hci_dev *hdev = conn->hcon->hdev;
1378 struct smp_csrk *csrk;
1379
1380 BT_DBG("conn %p", conn);
1381
1382 if (skb->len < sizeof(*rp))
1383 return SMP_INVALID_PARAMS;
1384
1385 /* Ignore this PDU if it wasn't requested */
1386 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1387 return 0;
1388
1389 /* Mark the information as received */
1390 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1391
1392 skb_pull(skb, sizeof(*rp));
1393
1394 hci_dev_lock(hdev);
1395 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1396 if (csrk) {
1397 csrk->master = 0x01;
1398 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1399 }
1400 smp->csrk = csrk;
1401 smp_distribute_keys(conn);
1402 hci_dev_unlock(hdev);
1403
1404 return 0;
1405 }
1406
1407 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1408 {
1409 struct l2cap_conn *conn = chan->conn;
1410 struct hci_conn *hcon = conn->hcon;
1411 __u8 code, reason;
1412 int err = 0;
1413
1414 if (hcon->type != LE_LINK) {
1415 kfree_skb(skb);
1416 return 0;
1417 }
1418
1419 if (skb->len < 1)
1420 return -EILSEQ;
1421
1422 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1423 err = -EOPNOTSUPP;
1424 reason = SMP_PAIRING_NOTSUPP;
1425 goto done;
1426 }
1427
1428 code = skb->data[0];
1429 skb_pull(skb, sizeof(code));
1430
1431 /*
1432 * The SMP context must be initialized for all other PDUs except
1433 * pairing and security requests. If we get any other PDU when
1434 * not initialized simply disconnect (done if this function
1435 * returns an error).
1436 */
1437 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1438 !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
1439 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1440 reason = SMP_CMD_NOTSUPP;
1441 err = -EOPNOTSUPP;
1442 goto done;
1443 }
1444
1445 switch (code) {
1446 case SMP_CMD_PAIRING_REQ:
1447 reason = smp_cmd_pairing_req(conn, skb);
1448 break;
1449
1450 case SMP_CMD_PAIRING_FAIL:
1451 smp_failure(conn, 0);
1452 reason = 0;
1453 err = -EPERM;
1454 break;
1455
1456 case SMP_CMD_PAIRING_RSP:
1457 reason = smp_cmd_pairing_rsp(conn, skb);
1458 break;
1459
1460 case SMP_CMD_SECURITY_REQ:
1461 reason = smp_cmd_security_req(conn, skb);
1462 break;
1463
1464 case SMP_CMD_PAIRING_CONFIRM:
1465 reason = smp_cmd_pairing_confirm(conn, skb);
1466 break;
1467
1468 case SMP_CMD_PAIRING_RANDOM:
1469 reason = smp_cmd_pairing_random(conn, skb);
1470 break;
1471
1472 case SMP_CMD_ENCRYPT_INFO:
1473 reason = smp_cmd_encrypt_info(conn, skb);
1474 break;
1475
1476 case SMP_CMD_MASTER_IDENT:
1477 reason = smp_cmd_master_ident(conn, skb);
1478 break;
1479
1480 case SMP_CMD_IDENT_INFO:
1481 reason = smp_cmd_ident_info(conn, skb);
1482 break;
1483
1484 case SMP_CMD_IDENT_ADDR_INFO:
1485 reason = smp_cmd_ident_addr_info(conn, skb);
1486 break;
1487
1488 case SMP_CMD_SIGN_INFO:
1489 reason = smp_cmd_sign_info(conn, skb);
1490 break;
1491
1492 default:
1493 BT_DBG("Unknown command code 0x%2.2x", code);
1494
1495 reason = SMP_CMD_NOTSUPP;
1496 err = -EOPNOTSUPP;
1497 goto done;
1498 }
1499
1500 done:
1501 if (reason)
1502 smp_failure(conn, reason);
1503 if (!err)
1504 kfree_skb(skb);
1505 return err;
1506 }
1507
1508 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1509 {
1510 struct l2cap_conn *conn = chan->conn;
1511 struct smp_chan *smp = chan->data;
1512
1513 BT_DBG("chan %p", chan);
1514
1515 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
1516 cancel_delayed_work_sync(&smp->security_timer);
1517 smp_chan_destroy(conn);
1518 }
1519
1520 conn->smp = NULL;
1521 l2cap_chan_put(chan);
1522 }
1523
1524 static void smp_resume_cb(struct l2cap_chan *chan)
1525 {
1526 struct smp_chan *smp = chan->data;
1527 struct l2cap_conn *conn = chan->conn;
1528 struct hci_conn *hcon = conn->hcon;
1529
1530 BT_DBG("chan %p", chan);
1531
1532 if (test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1533 smp_distribute_keys(conn);
1534
1535 if (smp)
1536 cancel_delayed_work(&smp->security_timer);
1537 }
1538
1539 static void smp_ready_cb(struct l2cap_chan *chan)
1540 {
1541 struct l2cap_conn *conn = chan->conn;
1542
1543 BT_DBG("chan %p", chan);
1544
1545 conn->smp = chan;
1546 l2cap_chan_hold(chan);
1547 }
1548
1549 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1550 {
1551 int err;
1552
1553 BT_DBG("chan %p", chan);
1554
1555 err = smp_sig_channel(chan, skb);
1556 if (err) {
1557 struct smp_chan *smp = chan->data;
1558
1559 if (smp)
1560 cancel_delayed_work_sync(&smp->security_timer);
1561
1562 l2cap_conn_shutdown(chan->conn, -err);
1563 }
1564
1565 return err;
1566 }
1567
1568 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1569 unsigned long hdr_len,
1570 unsigned long len, int nb)
1571 {
1572 struct sk_buff *skb;
1573
1574 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1575 if (!skb)
1576 return ERR_PTR(-ENOMEM);
1577
1578 skb->priority = HCI_PRIO_MAX;
1579 bt_cb(skb)->chan = chan;
1580
1581 return skb;
1582 }
1583
1584 static const struct l2cap_ops smp_chan_ops = {
1585 .name = "Security Manager",
1586 .ready = smp_ready_cb,
1587 .recv = smp_recv_cb,
1588 .alloc_skb = smp_alloc_skb_cb,
1589 .teardown = smp_teardown_cb,
1590 .resume = smp_resume_cb,
1591
1592 .new_connection = l2cap_chan_no_new_connection,
1593 .state_change = l2cap_chan_no_state_change,
1594 .close = l2cap_chan_no_close,
1595 .defer = l2cap_chan_no_defer,
1596 .suspend = l2cap_chan_no_suspend,
1597 .set_shutdown = l2cap_chan_no_set_shutdown,
1598 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1599 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1600 };
1601
1602 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1603 {
1604 struct l2cap_chan *chan;
1605
1606 BT_DBG("pchan %p", pchan);
1607
1608 chan = l2cap_chan_create();
1609 if (!chan)
1610 return NULL;
1611
1612 chan->chan_type = pchan->chan_type;
1613 chan->ops = &smp_chan_ops;
1614 chan->scid = pchan->scid;
1615 chan->dcid = chan->scid;
1616 chan->imtu = pchan->imtu;
1617 chan->omtu = pchan->omtu;
1618 chan->mode = pchan->mode;
1619
1620 BT_DBG("created chan %p", chan);
1621
1622 return chan;
1623 }
1624
1625 static const struct l2cap_ops smp_root_chan_ops = {
1626 .name = "Security Manager Root",
1627 .new_connection = smp_new_conn_cb,
1628
1629 /* None of these are implemented for the root channel */
1630 .close = l2cap_chan_no_close,
1631 .alloc_skb = l2cap_chan_no_alloc_skb,
1632 .recv = l2cap_chan_no_recv,
1633 .state_change = l2cap_chan_no_state_change,
1634 .teardown = l2cap_chan_no_teardown,
1635 .ready = l2cap_chan_no_ready,
1636 .defer = l2cap_chan_no_defer,
1637 .suspend = l2cap_chan_no_suspend,
1638 .resume = l2cap_chan_no_resume,
1639 .set_shutdown = l2cap_chan_no_set_shutdown,
1640 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1641 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1642 };
1643
1644 int smp_register(struct hci_dev *hdev)
1645 {
1646 struct l2cap_chan *chan;
1647 struct crypto_blkcipher *tfm_aes;
1648
1649 BT_DBG("%s", hdev->name);
1650
1651 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1652 if (IS_ERR(tfm_aes)) {
1653 int err = PTR_ERR(tfm_aes);
1654 BT_ERR("Unable to create crypto context");
1655 return err;
1656 }
1657
1658 chan = l2cap_chan_create();
1659 if (!chan) {
1660 crypto_free_blkcipher(tfm_aes);
1661 return -ENOMEM;
1662 }
1663
1664 chan->data = tfm_aes;
1665
1666 l2cap_add_scid(chan, L2CAP_CID_SMP);
1667
1668 l2cap_chan_set_defaults(chan);
1669
1670 bacpy(&chan->src, &hdev->bdaddr);
1671 chan->src_type = BDADDR_LE_PUBLIC;
1672 chan->state = BT_LISTEN;
1673 chan->mode = L2CAP_MODE_BASIC;
1674 chan->imtu = L2CAP_DEFAULT_MTU;
1675 chan->ops = &smp_root_chan_ops;
1676
1677 hdev->smp_data = chan;
1678
1679 return 0;
1680 }
1681
1682 void smp_unregister(struct hci_dev *hdev)
1683 {
1684 struct l2cap_chan *chan = hdev->smp_data;
1685 struct crypto_blkcipher *tfm_aes;
1686
1687 if (!chan)
1688 return;
1689
1690 BT_DBG("%s chan %p", hdev->name, chan);
1691
1692 tfm_aes = chan->data;
1693 if (tfm_aes) {
1694 chan->data = NULL;
1695 crypto_free_blkcipher(tfm_aes);
1696 }
1697
1698 hdev->smp_data = NULL;
1699 l2cap_chan_put(chan);
1700 }
Linux kernel - Deliverables
This page took 0.117327 seconds and 6 git commands to generate.