projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix calling smp_distribute_keys() when still waiting for keys
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37 #define KEY_DIST_MASK 0x07
38
39 enum {
40 SMP_FLAG_TK_VALID,
41 SMP_FLAG_CFM_PENDING,
42 SMP_FLAG_MITM_AUTH,
43 SMP_FLAG_COMPLETE,
44 SMP_FLAG_INITIATOR,
45 };
46
47 struct smp_chan {
48 struct l2cap_conn *conn;
49 struct delayed_work security_timer;
50
51 u8 preq[7]; /* SMP Pairing Request */
52 u8 prsp[7]; /* SMP Pairing Response */
53 u8 prnd[16]; /* SMP Pairing Random (local) */
54 u8 rrnd[16]; /* SMP Pairing Random (remote) */
55 u8 pcnf[16]; /* SMP Pairing Confirm */
56 u8 tk[16]; /* SMP Temporary Key */
57 u8 enc_key_size;
58 u8 remote_key_dist;
59 bdaddr_t id_addr;
60 u8 id_addr_type;
61 u8 irk[16];
62 struct smp_csrk *csrk;
63 struct smp_csrk *slave_csrk;
64 struct smp_ltk *ltk;
65 struct smp_ltk *slave_ltk;
66 struct smp_irk *remote_irk;
67 unsigned long flags;
68
69 struct crypto_blkcipher *tfm_aes;
70 };
71
72 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
73 {
74 size_t i;
75
76 for (i = 0; i < len; i++)
77 dst[len - 1 - i] = src[i];
78 }
79
80 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 {
82 struct blkcipher_desc desc;
83 struct scatterlist sg;
84 uint8_t tmp[16], data[16];
85 int err;
86
87 if (tfm == NULL) {
88 BT_ERR("tfm %p", tfm);
89 return -EINVAL;
90 }
91
92 desc.tfm = tfm;
93 desc.flags = 0;
94
95 /* The most significant octet of key corresponds to k[0] */
96 swap_buf(k, tmp, 16);
97
98 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 if (err) {
100 BT_ERR("cipher setkey failed: %d", err);
101 return err;
102 }
103
104 /* Most significant octet of plaintextData corresponds to data[0] */
105 swap_buf(r, data, 16);
106
107 sg_init_one(&sg, data, 16);
108
109 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 if (err)
111 BT_ERR("Encrypt data error %d", err);
112
113 /* Most significant octet of encryptedData corresponds to data[0] */
114 swap_buf(data, r, 16);
115
116 return err;
117 }
118
119 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
120 {
121 u8 _res[16];
122 int err;
123
124 /* r' = padding || r */
125 memcpy(_res, r, 3);
126 memset(_res + 3, 0, 13);
127
128 err = smp_e(tfm, irk, _res);
129 if (err) {
130 BT_ERR("Encrypt error");
131 return err;
132 }
133
134 /* The output of the random address function ah is:
135 * ah(h, r) = e(k, r') mod 2^24
136 * The output of the security function e is then truncated to 24 bits
137 * by taking the least significant 24 bits of the output of e as the
138 * result of ah.
139 */
140 memcpy(res, _res, 3);
141
142 return 0;
143 }
144
145 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
146 {
147 struct l2cap_chan *chan = hdev->smp_data;
148 struct crypto_blkcipher *tfm;
149 u8 hash[3];
150 int err;
151
152 if (!chan || !chan->data)
153 return false;
154
155 tfm = chan->data;
156
157 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
158
159 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
160 if (err)
161 return false;
162
163 return !memcmp(bdaddr->b, hash, 3);
164 }
165
166 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
167 {
168 struct l2cap_chan *chan = hdev->smp_data;
169 struct crypto_blkcipher *tfm;
170 int err;
171
172 if (!chan || !chan->data)
173 return -EOPNOTSUPP;
174
175 tfm = chan->data;
176
177 get_random_bytes(&rpa->b[3], 3);
178
179 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
180 rpa->b[5] |= 0x40; /* Set second most significant bit */
181
182 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
183 if (err < 0)
184 return err;
185
186 BT_DBG("RPA %pMR", rpa);
187
188 return 0;
189 }
190
191 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
192 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
193 u8 res[16])
194 {
195 struct hci_dev *hdev = smp->conn->hcon->hdev;
196 u8 p1[16], p2[16];
197 int err;
198
199 BT_DBG("%s", hdev->name);
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(smp->tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(smp->tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
236 u8 _r[16])
237 {
238 struct hci_dev *hdev = smp->conn->hcon->hdev;
239 int err;
240
241 BT_DBG("%s", hdev->name);
242
243 /* Just least significant octets from r1 and r2 are considered */
244 memcpy(_r, r2, 8);
245 memcpy(_r + 8, r1, 8);
246
247 err = smp_e(smp->tfm_aes, k, _r);
248 if (err)
249 BT_ERR("Encrypt data error");
250
251 return err;
252 }
253
254 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
255 {
256 struct l2cap_chan *chan = conn->smp;
257 struct smp_chan *smp;
258 struct kvec iv[2];
259 struct msghdr msg;
260
261 if (!chan)
262 return;
263
264 BT_DBG("code 0x%2.2x", code);
265
266 iv[0].iov_base = &code;
267 iv[0].iov_len = 1;
268
269 iv[1].iov_base = data;
270 iv[1].iov_len = len;
271
272 memset(&msg, 0, sizeof(msg));
273
274 msg.msg_iov = (struct iovec *) &iv;
275 msg.msg_iovlen = 2;
276
277 l2cap_chan_send(chan, &msg, 1 + len);
278
279 if (!chan->data)
280 return;
281
282 smp = chan->data;
283
284 cancel_delayed_work_sync(&smp->security_timer);
285 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
286 }
287
288 static __u8 authreq_to_seclevel(__u8 authreq)
289 {
290 if (authreq & SMP_AUTH_MITM)
291 return BT_SECURITY_HIGH;
292 else
293 return BT_SECURITY_MEDIUM;
294 }
295
296 static __u8 seclevel_to_authreq(__u8 sec_level)
297 {
298 switch (sec_level) {
299 case BT_SECURITY_HIGH:
300 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
301 case BT_SECURITY_MEDIUM:
302 return SMP_AUTH_BONDING;
303 default:
304 return SMP_AUTH_NONE;
305 }
306 }
307
308 static void build_pairing_cmd(struct l2cap_conn *conn,
309 struct smp_cmd_pairing *req,
310 struct smp_cmd_pairing *rsp, __u8 authreq)
311 {
312 struct l2cap_chan *chan = conn->smp;
313 struct smp_chan *smp = chan->data;
314 struct hci_conn *hcon = conn->hcon;
315 struct hci_dev *hdev = hcon->hdev;
316 u8 local_dist = 0, remote_dist = 0;
317
318 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
319 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
320 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
321 authreq |= SMP_AUTH_BONDING;
322 } else {
323 authreq &= ~SMP_AUTH_BONDING;
324 }
325
326 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
327 remote_dist |= SMP_DIST_ID_KEY;
328
329 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
330 local_dist |= SMP_DIST_ID_KEY;
331
332 if (rsp == NULL) {
333 req->io_capability = conn->hcon->io_capability;
334 req->oob_flag = SMP_OOB_NOT_PRESENT;
335 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
336 req->init_key_dist = local_dist;
337 req->resp_key_dist = remote_dist;
338 req->auth_req = (authreq & AUTH_REQ_MASK);
339
340 smp->remote_key_dist = remote_dist;
341 return;
342 }
343
344 rsp->io_capability = conn->hcon->io_capability;
345 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
346 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
347 rsp->init_key_dist = req->init_key_dist & remote_dist;
348 rsp->resp_key_dist = req->resp_key_dist & local_dist;
349 rsp->auth_req = (authreq & AUTH_REQ_MASK);
350
351 smp->remote_key_dist = rsp->init_key_dist;
352 }
353
354 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
355 {
356 struct l2cap_chan *chan = conn->smp;
357 struct smp_chan *smp = chan->data;
358
359 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
360 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
361 return SMP_ENC_KEY_SIZE;
362
363 smp->enc_key_size = max_key_size;
364
365 return 0;
366 }
367
368 static void smp_chan_destroy(struct l2cap_conn *conn)
369 {
370 struct l2cap_chan *chan = conn->smp;
371 struct smp_chan *smp = chan->data;
372 bool complete;
373
374 BUG_ON(!smp);
375
376 cancel_delayed_work_sync(&smp->security_timer);
377
378 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
379 mgmt_smp_complete(conn->hcon, complete);
380
381 kfree(smp->csrk);
382 kfree(smp->slave_csrk);
383
384 crypto_free_blkcipher(smp->tfm_aes);
385
386 /* If pairing failed clean up any keys we might have */
387 if (!complete) {
388 if (smp->ltk) {
389 list_del(&smp->ltk->list);
390 kfree(smp->ltk);
391 }
392
393 if (smp->slave_ltk) {
394 list_del(&smp->slave_ltk->list);
395 kfree(smp->slave_ltk);
396 }
397
398 if (smp->remote_irk) {
399 list_del(&smp->remote_irk->list);
400 kfree(smp->remote_irk);
401 }
402 }
403
404 chan->data = NULL;
405 kfree(smp);
406 hci_conn_drop(conn->hcon);
407 }
408
409 static void smp_failure(struct l2cap_conn *conn, u8 reason)
410 {
411 struct hci_conn *hcon = conn->hcon;
412 struct l2cap_chan *chan = conn->smp;
413
414 if (reason)
415 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
416 &reason);
417
418 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
419 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
420 HCI_ERROR_AUTH_FAILURE);
421
422 if (chan->data)
423 smp_chan_destroy(conn);
424 }
425
426 #define JUST_WORKS 0x00
427 #define JUST_CFM 0x01
428 #define REQ_PASSKEY 0x02
429 #define CFM_PASSKEY 0x03
430 #define REQ_OOB 0x04
431 #define OVERLAP 0xFF
432
433 static const u8 gen_method[5][5] = {
434 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
435 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
436 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
437 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
438 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
439 };
440
441 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
442 {
443 /* If either side has unknown io_caps, use JUST_CFM (which gets
444 * converted later to JUST_WORKS if we're initiators.
445 */
446 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
447 remote_io > SMP_IO_KEYBOARD_DISPLAY)
448 return JUST_CFM;
449
450 return gen_method[remote_io][local_io];
451 }
452
453 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
454 u8 local_io, u8 remote_io)
455 {
456 struct hci_conn *hcon = conn->hcon;
457 struct l2cap_chan *chan = conn->smp;
458 struct smp_chan *smp = chan->data;
459 u8 method;
460 u32 passkey = 0;
461 int ret = 0;
462
463 /* Initialize key for JUST WORKS */
464 memset(smp->tk, 0, sizeof(smp->tk));
465 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
466
467 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
468
469 /* If neither side wants MITM, either "just" confirm an incoming
470 * request or use just-works for outgoing ones. The JUST_CFM
471 * will be converted to JUST_WORKS if necessary later in this
472 * function. If either side has MITM look up the method from the
473 * table.
474 */
475 if (!(auth & SMP_AUTH_MITM))
476 method = JUST_CFM;
477 else
478 method = get_auth_method(smp, local_io, remote_io);
479
480 /* Don't confirm locally initiated pairing attempts */
481 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
482 method = JUST_WORKS;
483
484 /* Don't bother user space with no IO capabilities */
485 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
486 method = JUST_WORKS;
487
488 /* If Just Works, Continue with Zero TK */
489 if (method == JUST_WORKS) {
490 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
491 return 0;
492 }
493
494 /* Not Just Works/Confirm results in MITM Authentication */
495 if (method != JUST_CFM)
496 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
497
498 /* If both devices have Keyoard-Display I/O, the master
499 * Confirms and the slave Enters the passkey.
500 */
501 if (method == OVERLAP) {
502 if (hcon->role == HCI_ROLE_MASTER)
503 method = CFM_PASSKEY;
504 else
505 method = REQ_PASSKEY;
506 }
507
508 /* Generate random passkey. */
509 if (method == CFM_PASSKEY) {
510 memset(smp->tk, 0, sizeof(smp->tk));
511 get_random_bytes(&passkey, sizeof(passkey));
512 passkey %= 1000000;
513 put_unaligned_le32(passkey, smp->tk);
514 BT_DBG("PassKey: %d", passkey);
515 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
516 }
517
518 hci_dev_lock(hcon->hdev);
519
520 if (method == REQ_PASSKEY)
521 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type);
523 else if (method == JUST_CFM)
524 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
525 hcon->type, hcon->dst_type,
526 passkey, 1);
527 else
528 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
529 hcon->type, hcon->dst_type,
530 passkey, 0);
531
532 hci_dev_unlock(hcon->hdev);
533
534 return ret;
535 }
536
537 static u8 smp_confirm(struct smp_chan *smp)
538 {
539 struct l2cap_conn *conn = smp->conn;
540 struct smp_cmd_pairing_confirm cp;
541 int ret;
542
543 BT_DBG("conn %p", conn);
544
545 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
546 conn->hcon->init_addr_type, &conn->hcon->init_addr,
547 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
548 cp.confirm_val);
549 if (ret)
550 return SMP_UNSPECIFIED;
551
552 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
553
554 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
555
556 return 0;
557 }
558
559 static u8 smp_random(struct smp_chan *smp)
560 {
561 struct l2cap_conn *conn = smp->conn;
562 struct hci_conn *hcon = conn->hcon;
563 u8 confirm[16];
564 int ret;
565
566 if (IS_ERR_OR_NULL(smp->tfm_aes))
567 return SMP_UNSPECIFIED;
568
569 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
570
571 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
572 hcon->init_addr_type, &hcon->init_addr,
573 hcon->resp_addr_type, &hcon->resp_addr, confirm);
574 if (ret)
575 return SMP_UNSPECIFIED;
576
577 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED;
580 }
581
582 if (hcon->out) {
583 u8 stk[16];
584 __le64 rand = 0;
585 __le16 ediv = 0;
586
587 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
588
589 memset(stk + smp->enc_key_size, 0,
590 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
591
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
593 return SMP_UNSPECIFIED;
594
595 hci_le_start_enc(hcon, ediv, rand, stk);
596 hcon->enc_key_size = smp->enc_key_size;
597 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
598 } else {
599 u8 stk[16], auth;
600 __le64 rand = 0;
601 __le16 ediv = 0;
602
603 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
604 smp->prnd);
605
606 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
607
608 memset(stk + smp->enc_key_size, 0,
609 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
610
611 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
612 auth = 1;
613 else
614 auth = 0;
615
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
619 */
620 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
621 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
622 }
623
624 return 0;
625 }
626
627 static void smp_notify_keys(struct l2cap_conn *conn)
628 {
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 struct hci_conn *hcon = conn->hcon;
632 struct hci_dev *hdev = hcon->hdev;
633 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
634 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
635 bool persistent;
636
637 if (smp->remote_irk) {
638 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
641 * from now on.
642 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
644 hcon->dst_type = smp->remote_irk->addr_type;
645 queue_work(hdev->workqueue, &conn->id_addr_update_work);
646
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
651 * list for scanning.
652 *
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
655 * just remove it.
656 */
657 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
658 list_del(&smp->remote_irk->list);
659 kfree(smp->remote_irk);
660 smp->remote_irk = NULL;
661 }
662 }
663
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
666 */
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
668
669 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type;
671 bacpy(&smp->csrk->bdaddr, &hcon->dst);
672 mgmt_new_csrk(hdev, smp->csrk, persistent);
673 }
674
675 if (smp->slave_csrk) {
676 smp->slave_csrk->bdaddr_type = hcon->dst_type;
677 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
678 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
679 }
680
681 if (smp->ltk) {
682 smp->ltk->bdaddr_type = hcon->dst_type;
683 bacpy(&smp->ltk->bdaddr, &hcon->dst);
684 mgmt_new_ltk(hdev, smp->ltk, persistent);
685 }
686
687 if (smp->slave_ltk) {
688 smp->slave_ltk->bdaddr_type = hcon->dst_type;
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 }
692 }
693
694 static void smp_distribute_keys(struct smp_chan *smp)
695 {
696 struct smp_cmd_pairing *req, *rsp;
697 struct l2cap_conn *conn = smp->conn;
698 struct hci_conn *hcon = conn->hcon;
699 struct hci_dev *hdev = hcon->hdev;
700 __u8 *keydist;
701
702 BT_DBG("conn %p", conn);
703
704 rsp = (void *) &smp->prsp[1];
705
706 /* The responder sends its keys first */
707 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK))
708 return;
709
710 req = (void *) &smp->preq[1];
711
712 if (hcon->out) {
713 keydist = &rsp->init_key_dist;
714 *keydist &= req->init_key_dist;
715 } else {
716 keydist = &rsp->resp_key_dist;
717 *keydist &= req->resp_key_dist;
718 }
719
720 BT_DBG("keydist 0x%x", *keydist);
721
722 if (*keydist & SMP_DIST_ENC_KEY) {
723 struct smp_cmd_encrypt_info enc;
724 struct smp_cmd_master_ident ident;
725 struct smp_ltk *ltk;
726 u8 authenticated;
727 __le16 ediv;
728 __le64 rand;
729
730 get_random_bytes(enc.ltk, sizeof(enc.ltk));
731 get_random_bytes(&ediv, sizeof(ediv));
732 get_random_bytes(&rand, sizeof(rand));
733
734 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
735
736 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
737 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
738 SMP_LTK_SLAVE, authenticated, enc.ltk,
739 smp->enc_key_size, ediv, rand);
740 smp->slave_ltk = ltk;
741
742 ident.ediv = ediv;
743 ident.rand = rand;
744
745 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
746
747 *keydist &= ~SMP_DIST_ENC_KEY;
748 }
749
750 if (*keydist & SMP_DIST_ID_KEY) {
751 struct smp_cmd_ident_addr_info addrinfo;
752 struct smp_cmd_ident_info idinfo;
753
754 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
755
756 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
757
758 /* The hci_conn contains the local identity address
759 * after the connection has been established.
760 *
761 * This is true even when the connection has been
762 * established using a resolvable random address.
763 */
764 bacpy(&addrinfo.bdaddr, &hcon->src);
765 addrinfo.addr_type = hcon->src_type;
766
767 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
768 &addrinfo);
769
770 *keydist &= ~SMP_DIST_ID_KEY;
771 }
772
773 if (*keydist & SMP_DIST_SIGN) {
774 struct smp_cmd_sign_info sign;
775 struct smp_csrk *csrk;
776
777 /* Generate a new random key */
778 get_random_bytes(sign.csrk, sizeof(sign.csrk));
779
780 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
781 if (csrk) {
782 csrk->master = 0x00;
783 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
784 }
785 smp->slave_csrk = csrk;
786
787 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
788
789 *keydist &= ~SMP_DIST_SIGN;
790 }
791
792 /* If there are still keys to be received wait for them */
793 if (smp->remote_key_dist & KEY_DIST_MASK)
794 return;
795
796 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
797 smp_notify_keys(conn);
798
799 smp_chan_destroy(conn);
800 }
801
802 static void smp_timeout(struct work_struct *work)
803 {
804 struct smp_chan *smp = container_of(work, struct smp_chan,
805 security_timer.work);
806 struct l2cap_conn *conn = smp->conn;
807
808 BT_DBG("conn %p", conn);
809
810 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
811 }
812
813 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
814 {
815 struct l2cap_chan *chan = conn->smp;
816 struct smp_chan *smp;
817
818 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
819 if (!smp)
820 return NULL;
821
822 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
823 if (IS_ERR(smp->tfm_aes)) {
824 BT_ERR("Unable to create ECB crypto context");
825 kfree(smp);
826 return NULL;
827 }
828
829 smp->conn = conn;
830 chan->data = smp;
831
832 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
833
834 hci_conn_hold(conn->hcon);
835
836 return smp;
837 }
838
839 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
840 {
841 struct l2cap_conn *conn = hcon->l2cap_data;
842 struct l2cap_chan *chan;
843 struct smp_chan *smp;
844 u32 value;
845 int err;
846
847 BT_DBG("");
848
849 if (!conn)
850 return -ENOTCONN;
851
852 chan = conn->smp;
853 if (!chan)
854 return -ENOTCONN;
855
856 l2cap_chan_lock(chan);
857 if (!chan->data) {
858 err = -ENOTCONN;
859 goto unlock;
860 }
861
862 smp = chan->data;
863
864 switch (mgmt_op) {
865 case MGMT_OP_USER_PASSKEY_REPLY:
866 value = le32_to_cpu(passkey);
867 memset(smp->tk, 0, sizeof(smp->tk));
868 BT_DBG("PassKey: %d", value);
869 put_unaligned_le32(value, smp->tk);
870 /* Fall Through */
871 case MGMT_OP_USER_CONFIRM_REPLY:
872 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
873 break;
874 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
875 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
876 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
877 err = 0;
878 goto unlock;
879 default:
880 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
881 err = -EOPNOTSUPP;
882 goto unlock;
883 }
884
885 err = 0;
886
887 /* If it is our turn to send Pairing Confirm, do so now */
888 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
889 u8 rsp = smp_confirm(smp);
890 if (rsp)
891 smp_failure(conn, rsp);
892 }
893
894 unlock:
895 l2cap_chan_unlock(chan);
896 return err;
897 }
898
899 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
900 {
901 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
902 struct l2cap_chan *chan = conn->smp;
903 struct hci_dev *hdev = conn->hcon->hdev;
904 struct smp_chan *smp;
905 u8 key_size, auth, sec_level;
906 int ret;
907
908 BT_DBG("conn %p", conn);
909
910 if (skb->len < sizeof(*req))
911 return SMP_INVALID_PARAMS;
912
913 if (conn->hcon->role != HCI_ROLE_SLAVE)
914 return SMP_CMD_NOTSUPP;
915
916 if (!chan->data)
917 smp = smp_chan_create(conn);
918 else
919 smp = chan->data;
920
921 if (!smp)
922 return SMP_UNSPECIFIED;
923
924 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
925 (req->auth_req & SMP_AUTH_BONDING))
926 return SMP_PAIRING_NOTSUPP;
927
928 smp->preq[0] = SMP_CMD_PAIRING_REQ;
929 memcpy(&smp->preq[1], req, sizeof(*req));
930 skb_pull(skb, sizeof(*req));
931
932 /* We didn't start the pairing, so match remote */
933 auth = req->auth_req;
934
935 sec_level = authreq_to_seclevel(auth);
936 if (sec_level > conn->hcon->pending_sec_level)
937 conn->hcon->pending_sec_level = sec_level;
938
939 /* If we need MITM check that it can be acheived */
940 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
941 u8 method;
942
943 method = get_auth_method(smp, conn->hcon->io_capability,
944 req->io_capability);
945 if (method == JUST_WORKS || method == JUST_CFM)
946 return SMP_AUTH_REQUIREMENTS;
947 }
948
949 build_pairing_cmd(conn, req, &rsp, auth);
950
951 key_size = min(req->max_key_size, rsp.max_key_size);
952 if (check_enc_key_size(conn, key_size))
953 return SMP_ENC_KEY_SIZE;
954
955 get_random_bytes(smp->prnd, sizeof(smp->prnd));
956
957 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
958 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
959
960 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
961
962 /* Request setup of TK */
963 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
964 if (ret)
965 return SMP_UNSPECIFIED;
966
967 return 0;
968 }
969
970 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
971 {
972 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
973 struct l2cap_chan *chan = conn->smp;
974 struct smp_chan *smp = chan->data;
975 u8 key_size, auth = SMP_AUTH_NONE;
976 int ret;
977
978 BT_DBG("conn %p", conn);
979
980 if (skb->len < sizeof(*rsp))
981 return SMP_INVALID_PARAMS;
982
983 if (conn->hcon->role != HCI_ROLE_MASTER)
984 return SMP_CMD_NOTSUPP;
985
986 skb_pull(skb, sizeof(*rsp));
987
988 req = (void *) &smp->preq[1];
989
990 key_size = min(req->max_key_size, rsp->max_key_size);
991 if (check_enc_key_size(conn, key_size))
992 return SMP_ENC_KEY_SIZE;
993
994 /* If we need MITM check that it can be acheived */
995 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
996 u8 method;
997
998 method = get_auth_method(smp, req->io_capability,
999 rsp->io_capability);
1000 if (method == JUST_WORKS || method == JUST_CFM)
1001 return SMP_AUTH_REQUIREMENTS;
1002 }
1003
1004 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1005
1006 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1007 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1008
1009 /* Update remote key distribution in case the remote cleared
1010 * some bits that we had enabled in our request.
1011 */
1012 smp->remote_key_dist &= rsp->resp_key_dist;
1013
1014 if ((req->auth_req & SMP_AUTH_BONDING) &&
1015 (rsp->auth_req & SMP_AUTH_BONDING))
1016 auth = SMP_AUTH_BONDING;
1017
1018 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1019
1020 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1021 if (ret)
1022 return SMP_UNSPECIFIED;
1023
1024 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1025
1026 /* Can't compose response until we have been confirmed */
1027 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1028 return smp_confirm(smp);
1029
1030 return 0;
1031 }
1032
1033 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1034 {
1035 struct l2cap_chan *chan = conn->smp;
1036 struct smp_chan *smp = chan->data;
1037
1038 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1039
1040 if (skb->len < sizeof(smp->pcnf))
1041 return SMP_INVALID_PARAMS;
1042
1043 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1044 skb_pull(skb, sizeof(smp->pcnf));
1045
1046 if (conn->hcon->out)
1047 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1048 smp->prnd);
1049 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1050 return smp_confirm(smp);
1051 else
1052 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1053
1054 return 0;
1055 }
1056
1057 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1058 {
1059 struct l2cap_chan *chan = conn->smp;
1060 struct smp_chan *smp = chan->data;
1061
1062 BT_DBG("conn %p", conn);
1063
1064 if (skb->len < sizeof(smp->rrnd))
1065 return SMP_INVALID_PARAMS;
1066
1067 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1068 skb_pull(skb, sizeof(smp->rrnd));
1069
1070 return smp_random(smp);
1071 }
1072
1073 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1074 {
1075 struct smp_ltk *key;
1076 struct hci_conn *hcon = conn->hcon;
1077
1078 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1079 hcon->role);
1080 if (!key)
1081 return false;
1082
1083 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1084 return false;
1085
1086 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1087 return true;
1088
1089 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1090 hcon->enc_key_size = key->enc_size;
1091
1092 /* We never store STKs for master role, so clear this flag */
1093 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1094
1095 return true;
1096 }
1097
1098 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1099 {
1100 if (sec_level == BT_SECURITY_LOW)
1101 return true;
1102
1103 /* If we're encrypted with an STK always claim insufficient
1104 * security. This way we allow the connection to be re-encrypted
1105 * with an LTK, even if the LTK provides the same level of
1106 * security. Only exception is if we don't have an LTK (e.g.
1107 * because of key distribution bits).
1108 */
1109 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1110 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1111 hcon->role))
1112 return false;
1113
1114 if (hcon->sec_level >= sec_level)
1115 return true;
1116
1117 return false;
1118 }
1119
1120 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1121 {
1122 struct smp_cmd_security_req *rp = (void *) skb->data;
1123 struct smp_cmd_pairing cp;
1124 struct hci_conn *hcon = conn->hcon;
1125 struct l2cap_chan *chan = conn->smp;
1126 struct smp_chan *smp;
1127 u8 sec_level;
1128
1129 BT_DBG("conn %p", conn);
1130
1131 if (skb->len < sizeof(*rp))
1132 return SMP_INVALID_PARAMS;
1133
1134 if (hcon->role != HCI_ROLE_MASTER)
1135 return SMP_CMD_NOTSUPP;
1136
1137 sec_level = authreq_to_seclevel(rp->auth_req);
1138 if (smp_sufficient_security(hcon, sec_level))
1139 return 0;
1140
1141 if (sec_level > hcon->pending_sec_level)
1142 hcon->pending_sec_level = sec_level;
1143
1144 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1145 return 0;
1146
1147 /* If SMP is already in progress ignore this request */
1148 if (chan->data)
1149 return 0;
1150
1151 smp = smp_chan_create(conn);
1152 if (!smp)
1153 return SMP_UNSPECIFIED;
1154
1155 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1156 (rp->auth_req & SMP_AUTH_BONDING))
1157 return SMP_PAIRING_NOTSUPP;
1158
1159 skb_pull(skb, sizeof(*rp));
1160
1161 memset(&cp, 0, sizeof(cp));
1162 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1163
1164 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1165 memcpy(&smp->preq[1], &cp, sizeof(cp));
1166
1167 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1168
1169 return 0;
1170 }
1171
1172 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1173 {
1174 struct l2cap_conn *conn = hcon->l2cap_data;
1175 struct l2cap_chan *chan = conn->smp;
1176 struct smp_chan *smp;
1177 __u8 authreq;
1178 int ret;
1179
1180 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1181
1182 /* This may be NULL if there's an unexpected disconnection */
1183 if (!conn)
1184 return 1;
1185
1186 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1187 return 1;
1188
1189 if (smp_sufficient_security(hcon, sec_level))
1190 return 1;
1191
1192 if (sec_level > hcon->pending_sec_level)
1193 hcon->pending_sec_level = sec_level;
1194
1195 if (hcon->role == HCI_ROLE_MASTER)
1196 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1197 return 0;
1198
1199 l2cap_chan_lock(chan);
1200
1201 /* If SMP is already in progress ignore this request */
1202 if (chan->data) {
1203 ret = 0;
1204 goto unlock;
1205 }
1206
1207 smp = smp_chan_create(conn);
1208 if (!smp) {
1209 ret = 1;
1210 goto unlock;
1211 }
1212
1213 authreq = seclevel_to_authreq(sec_level);
1214
1215 /* Require MITM if IO Capability allows or the security level
1216 * requires it.
1217 */
1218 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1219 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1220 authreq |= SMP_AUTH_MITM;
1221
1222 if (hcon->role == HCI_ROLE_MASTER) {
1223 struct smp_cmd_pairing cp;
1224
1225 build_pairing_cmd(conn, &cp, NULL, authreq);
1226 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1227 memcpy(&smp->preq[1], &cp, sizeof(cp));
1228
1229 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1230 } else {
1231 struct smp_cmd_security_req cp;
1232 cp.auth_req = authreq;
1233 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1234 }
1235
1236 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1237 ret = 0;
1238
1239 unlock:
1240 l2cap_chan_unlock(chan);
1241 return ret;
1242 }
1243
1244 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1245 {
1246 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1247 struct l2cap_chan *chan = conn->smp;
1248 struct smp_chan *smp = chan->data;
1249
1250 BT_DBG("conn %p", conn);
1251
1252 if (skb->len < sizeof(*rp))
1253 return SMP_INVALID_PARAMS;
1254
1255 /* Ignore this PDU if it wasn't requested */
1256 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1257 return 0;
1258
1259 skb_pull(skb, sizeof(*rp));
1260
1261 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1262
1263 return 0;
1264 }
1265
1266 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1267 {
1268 struct smp_cmd_master_ident *rp = (void *) skb->data;
1269 struct l2cap_chan *chan = conn->smp;
1270 struct smp_chan *smp = chan->data;
1271 struct hci_dev *hdev = conn->hcon->hdev;
1272 struct hci_conn *hcon = conn->hcon;
1273 struct smp_ltk *ltk;
1274 u8 authenticated;
1275
1276 BT_DBG("conn %p", conn);
1277
1278 if (skb->len < sizeof(*rp))
1279 return SMP_INVALID_PARAMS;
1280
1281 /* Ignore this PDU if it wasn't requested */
1282 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1283 return 0;
1284
1285 /* Mark the information as received */
1286 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1287
1288 skb_pull(skb, sizeof(*rp));
1289
1290 hci_dev_lock(hdev);
1291 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1292 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1293 authenticated, smp->tk, smp->enc_key_size,
1294 rp->ediv, rp->rand);
1295 smp->ltk = ltk;
1296 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1297 smp_distribute_keys(smp);
1298 hci_dev_unlock(hdev);
1299
1300 return 0;
1301 }
1302
1303 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1304 {
1305 struct smp_cmd_ident_info *info = (void *) skb->data;
1306 struct l2cap_chan *chan = conn->smp;
1307 struct smp_chan *smp = chan->data;
1308
1309 BT_DBG("");
1310
1311 if (skb->len < sizeof(*info))
1312 return SMP_INVALID_PARAMS;
1313
1314 /* Ignore this PDU if it wasn't requested */
1315 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1316 return 0;
1317
1318 skb_pull(skb, sizeof(*info));
1319
1320 memcpy(smp->irk, info->irk, 16);
1321
1322 return 0;
1323 }
1324
1325 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1326 struct sk_buff *skb)
1327 {
1328 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1329 struct l2cap_chan *chan = conn->smp;
1330 struct smp_chan *smp = chan->data;
1331 struct hci_conn *hcon = conn->hcon;
1332 bdaddr_t rpa;
1333
1334 BT_DBG("");
1335
1336 if (skb->len < sizeof(*info))
1337 return SMP_INVALID_PARAMS;
1338
1339 /* Ignore this PDU if it wasn't requested */
1340 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1341 return 0;
1342
1343 /* Mark the information as received */
1344 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1345
1346 skb_pull(skb, sizeof(*info));
1347
1348 hci_dev_lock(hcon->hdev);
1349
1350 /* Strictly speaking the Core Specification (4.1) allows sending
1351 * an empty address which would force us to rely on just the IRK
1352 * as "identity information". However, since such
1353 * implementations are not known of and in order to not over
1354 * complicate our implementation, simply pretend that we never
1355 * received an IRK for such a device.
1356 */
1357 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1358 BT_ERR("Ignoring IRK with no identity address");
1359 goto distribute;
1360 }
1361
1362 bacpy(&smp->id_addr, &info->bdaddr);
1363 smp->id_addr_type = info->addr_type;
1364
1365 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1366 bacpy(&rpa, &hcon->dst);
1367 else
1368 bacpy(&rpa, BDADDR_ANY);
1369
1370 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1371 smp->id_addr_type, smp->irk, &rpa);
1372
1373 distribute:
1374 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1375 smp_distribute_keys(smp);
1376
1377 hci_dev_unlock(hcon->hdev);
1378
1379 return 0;
1380 }
1381
1382 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1383 {
1384 struct smp_cmd_sign_info *rp = (void *) skb->data;
1385 struct l2cap_chan *chan = conn->smp;
1386 struct smp_chan *smp = chan->data;
1387 struct hci_dev *hdev = conn->hcon->hdev;
1388 struct smp_csrk *csrk;
1389
1390 BT_DBG("conn %p", conn);
1391
1392 if (skb->len < sizeof(*rp))
1393 return SMP_INVALID_PARAMS;
1394
1395 /* Ignore this PDU if it wasn't requested */
1396 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1397 return 0;
1398
1399 /* Mark the information as received */
1400 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1401
1402 skb_pull(skb, sizeof(*rp));
1403
1404 hci_dev_lock(hdev);
1405 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1406 if (csrk) {
1407 csrk->master = 0x01;
1408 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1409 }
1410 smp->csrk = csrk;
1411 smp_distribute_keys(smp);
1412 hci_dev_unlock(hdev);
1413
1414 return 0;
1415 }
1416
1417 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1418 {
1419 struct l2cap_conn *conn = chan->conn;
1420 struct hci_conn *hcon = conn->hcon;
1421 __u8 code, reason;
1422 int err = 0;
1423
1424 if (hcon->type != LE_LINK) {
1425 kfree_skb(skb);
1426 return 0;
1427 }
1428
1429 if (skb->len < 1)
1430 return -EILSEQ;
1431
1432 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1433 reason = SMP_PAIRING_NOTSUPP;
1434 goto done;
1435 }
1436
1437 code = skb->data[0];
1438 skb_pull(skb, sizeof(code));
1439
1440 /*
1441 * The SMP context must be initialized for all other PDUs except
1442 * pairing and security requests. If we get any other PDU when
1443 * not initialized simply disconnect (done if this function
1444 * returns an error).
1445 */
1446 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1447 !chan->data) {
1448 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1449 err = -EOPNOTSUPP;
1450 goto done;
1451 }
1452
1453 switch (code) {
1454 case SMP_CMD_PAIRING_REQ:
1455 reason = smp_cmd_pairing_req(conn, skb);
1456 break;
1457
1458 case SMP_CMD_PAIRING_FAIL:
1459 smp_failure(conn, 0);
1460 err = -EPERM;
1461 break;
1462
1463 case SMP_CMD_PAIRING_RSP:
1464 reason = smp_cmd_pairing_rsp(conn, skb);
1465 break;
1466
1467 case SMP_CMD_SECURITY_REQ:
1468 reason = smp_cmd_security_req(conn, skb);
1469 break;
1470
1471 case SMP_CMD_PAIRING_CONFIRM:
1472 reason = smp_cmd_pairing_confirm(conn, skb);
1473 break;
1474
1475 case SMP_CMD_PAIRING_RANDOM:
1476 reason = smp_cmd_pairing_random(conn, skb);
1477 break;
1478
1479 case SMP_CMD_ENCRYPT_INFO:
1480 reason = smp_cmd_encrypt_info(conn, skb);
1481 break;
1482
1483 case SMP_CMD_MASTER_IDENT:
1484 reason = smp_cmd_master_ident(conn, skb);
1485 break;
1486
1487 case SMP_CMD_IDENT_INFO:
1488 reason = smp_cmd_ident_info(conn, skb);
1489 break;
1490
1491 case SMP_CMD_IDENT_ADDR_INFO:
1492 reason = smp_cmd_ident_addr_info(conn, skb);
1493 break;
1494
1495 case SMP_CMD_SIGN_INFO:
1496 reason = smp_cmd_sign_info(conn, skb);
1497 break;
1498
1499 default:
1500 BT_DBG("Unknown command code 0x%2.2x", code);
1501 reason = SMP_CMD_NOTSUPP;
1502 goto done;
1503 }
1504
1505 done:
1506 if (!err) {
1507 if (reason)
1508 smp_failure(conn, reason);
1509 kfree_skb(skb);
1510 }
1511
1512 return err;
1513 }
1514
1515 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1516 {
1517 struct l2cap_conn *conn = chan->conn;
1518
1519 BT_DBG("chan %p", chan);
1520
1521 if (chan->data)
1522 smp_chan_destroy(conn);
1523
1524 conn->smp = NULL;
1525 l2cap_chan_put(chan);
1526 }
1527
1528 static void smp_resume_cb(struct l2cap_chan *chan)
1529 {
1530 struct smp_chan *smp = chan->data;
1531 struct l2cap_conn *conn = chan->conn;
1532 struct hci_conn *hcon = conn->hcon;
1533
1534 BT_DBG("chan %p", chan);
1535
1536 if (!smp)
1537 return;
1538
1539 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1540 return;
1541
1542 cancel_delayed_work(&smp->security_timer);
1543
1544 smp_distribute_keys(smp);
1545 }
1546
1547 static void smp_ready_cb(struct l2cap_chan *chan)
1548 {
1549 struct l2cap_conn *conn = chan->conn;
1550
1551 BT_DBG("chan %p", chan);
1552
1553 conn->smp = chan;
1554 l2cap_chan_hold(chan);
1555 }
1556
1557 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1558 {
1559 int err;
1560
1561 BT_DBG("chan %p", chan);
1562
1563 err = smp_sig_channel(chan, skb);
1564 if (err) {
1565 struct smp_chan *smp = chan->data;
1566
1567 if (smp)
1568 cancel_delayed_work_sync(&smp->security_timer);
1569
1570 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1571 }
1572
1573 return err;
1574 }
1575
1576 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1577 unsigned long hdr_len,
1578 unsigned long len, int nb)
1579 {
1580 struct sk_buff *skb;
1581
1582 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1583 if (!skb)
1584 return ERR_PTR(-ENOMEM);
1585
1586 skb->priority = HCI_PRIO_MAX;
1587 bt_cb(skb)->chan = chan;
1588
1589 return skb;
1590 }
1591
1592 static const struct l2cap_ops smp_chan_ops = {
1593 .name = "Security Manager",
1594 .ready = smp_ready_cb,
1595 .recv = smp_recv_cb,
1596 .alloc_skb = smp_alloc_skb_cb,
1597 .teardown = smp_teardown_cb,
1598 .resume = smp_resume_cb,
1599
1600 .new_connection = l2cap_chan_no_new_connection,
1601 .state_change = l2cap_chan_no_state_change,
1602 .close = l2cap_chan_no_close,
1603 .defer = l2cap_chan_no_defer,
1604 .suspend = l2cap_chan_no_suspend,
1605 .set_shutdown = l2cap_chan_no_set_shutdown,
1606 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1607 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1608 };
1609
1610 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1611 {
1612 struct l2cap_chan *chan;
1613
1614 BT_DBG("pchan %p", pchan);
1615
1616 chan = l2cap_chan_create();
1617 if (!chan)
1618 return NULL;
1619
1620 chan->chan_type = pchan->chan_type;
1621 chan->ops = &smp_chan_ops;
1622 chan->scid = pchan->scid;
1623 chan->dcid = chan->scid;
1624 chan->imtu = pchan->imtu;
1625 chan->omtu = pchan->omtu;
1626 chan->mode = pchan->mode;
1627
1628 BT_DBG("created chan %p", chan);
1629
1630 return chan;
1631 }
1632
1633 static const struct l2cap_ops smp_root_chan_ops = {
1634 .name = "Security Manager Root",
1635 .new_connection = smp_new_conn_cb,
1636
1637 /* None of these are implemented for the root channel */
1638 .close = l2cap_chan_no_close,
1639 .alloc_skb = l2cap_chan_no_alloc_skb,
1640 .recv = l2cap_chan_no_recv,
1641 .state_change = l2cap_chan_no_state_change,
1642 .teardown = l2cap_chan_no_teardown,
1643 .ready = l2cap_chan_no_ready,
1644 .defer = l2cap_chan_no_defer,
1645 .suspend = l2cap_chan_no_suspend,
1646 .resume = l2cap_chan_no_resume,
1647 .set_shutdown = l2cap_chan_no_set_shutdown,
1648 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1649 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1650 };
1651
1652 int smp_register(struct hci_dev *hdev)
1653 {
1654 struct l2cap_chan *chan;
1655 struct crypto_blkcipher *tfm_aes;
1656
1657 BT_DBG("%s", hdev->name);
1658
1659 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1660 if (IS_ERR(tfm_aes)) {
1661 int err = PTR_ERR(tfm_aes);
1662 BT_ERR("Unable to create crypto context");
1663 return err;
1664 }
1665
1666 chan = l2cap_chan_create();
1667 if (!chan) {
1668 crypto_free_blkcipher(tfm_aes);
1669 return -ENOMEM;
1670 }
1671
1672 chan->data = tfm_aes;
1673
1674 l2cap_add_scid(chan, L2CAP_CID_SMP);
1675
1676 l2cap_chan_set_defaults(chan);
1677
1678 bacpy(&chan->src, &hdev->bdaddr);
1679 chan->src_type = BDADDR_LE_PUBLIC;
1680 chan->state = BT_LISTEN;
1681 chan->mode = L2CAP_MODE_BASIC;
1682 chan->imtu = L2CAP_DEFAULT_MTU;
1683 chan->ops = &smp_root_chan_ops;
1684
1685 hdev->smp_data = chan;
1686
1687 return 0;
1688 }
1689
1690 void smp_unregister(struct hci_dev *hdev)
1691 {
1692 struct l2cap_chan *chan = hdev->smp_data;
1693 struct crypto_blkcipher *tfm_aes;
1694
1695 if (!chan)
1696 return;
1697
1698 BT_DBG("%s chan %p", hdev->name, chan);
1699
1700 tfm_aes = chan->data;
1701 if (tfm_aes) {
1702 chan->data = NULL;
1703 crypto_free_blkcipher(tfm_aes);
1704 }
1705
1706 hdev->smp_data = NULL;
1707 l2cap_chan_put(chan);
1708 }
Linux kernel - Deliverables
This page took 0.064825 seconds and 6 git commands to generate.