projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'sound-fix-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 u8 preq[7]; /* SMP Pairing Request */
49 u8 prsp[7]; /* SMP Pairing Response */
50 u8 prnd[16]; /* SMP Pairing Random (local) */
51 u8 rrnd[16]; /* SMP Pairing Random (remote) */
52 u8 pcnf[16]; /* SMP Pairing Confirm */
53 u8 tk[16]; /* SMP Temporary Key */
54 u8 enc_key_size;
55 u8 remote_key_dist;
56 bdaddr_t id_addr;
57 u8 id_addr_type;
58 u8 irk[16];
59 struct smp_csrk *csrk;
60 struct smp_csrk *slave_csrk;
61 struct smp_ltk *ltk;
62 struct smp_ltk *slave_ltk;
63 struct smp_irk *remote_irk;
64 unsigned long flags;
65
66 struct crypto_blkcipher *tfm_aes;
67 };
68
69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
70 {
71 size_t i;
72
73 for (i = 0; i < len; i++)
74 dst[len - 1 - i] = src[i];
75 }
76
77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 {
79 struct blkcipher_desc desc;
80 struct scatterlist sg;
81 uint8_t tmp[16], data[16];
82 int err;
83
84 if (tfm == NULL) {
85 BT_ERR("tfm %p", tfm);
86 return -EINVAL;
87 }
88
89 desc.tfm = tfm;
90 desc.flags = 0;
91
92 /* The most significant octet of key corresponds to k[0] */
93 swap_buf(k, tmp, 16);
94
95 err = crypto_blkcipher_setkey(tfm, tmp, 16);
96 if (err) {
97 BT_ERR("cipher setkey failed: %d", err);
98 return err;
99 }
100
101 /* Most significant octet of plaintextData corresponds to data[0] */
102 swap_buf(r, data, 16);
103
104 sg_init_one(&sg, data, 16);
105
106 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
107 if (err)
108 BT_ERR("Encrypt data error %d", err);
109
110 /* Most significant octet of encryptedData corresponds to data[0] */
111 swap_buf(data, r, 16);
112
113 return err;
114 }
115
116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
117 {
118 u8 _res[16];
119 int err;
120
121 /* r' = padding || r */
122 memcpy(_res, r, 3);
123 memset(_res + 3, 0, 13);
124
125 err = smp_e(tfm, irk, _res);
126 if (err) {
127 BT_ERR("Encrypt error");
128 return err;
129 }
130
131 /* The output of the random address function ah is:
132 * ah(h, r) = e(k, r') mod 2^24
133 * The output of the security function e is then truncated to 24 bits
134 * by taking the least significant 24 bits of the output of e as the
135 * result of ah.
136 */
137 memcpy(res, _res, 3);
138
139 return 0;
140 }
141
142 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
143 bdaddr_t *bdaddr)
144 {
145 u8 hash[3];
146 int err;
147
148 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
149
150 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
151 if (err)
152 return false;
153
154 return !memcmp(bdaddr->b, hash, 3);
155 }
156
157 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
158 {
159 int err;
160
161 get_random_bytes(&rpa->b[3], 3);
162
163 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
164 rpa->b[5] |= 0x40; /* Set second most significant bit */
165
166 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
167 if (err < 0)
168 return err;
169
170 BT_DBG("RPA %pMR", rpa);
171
172 return 0;
173 }
174
175 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
176 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
177 u8 res[16])
178 {
179 struct hci_dev *hdev = smp->conn->hcon->hdev;
180 u8 p1[16], p2[16];
181 int err;
182
183 BT_DBG("%s", hdev->name);
184
185 memset(p1, 0, 16);
186
187 /* p1 = pres || preq || _rat || _iat */
188 p1[0] = _iat;
189 p1[1] = _rat;
190 memcpy(p1 + 2, preq, 7);
191 memcpy(p1 + 9, pres, 7);
192
193 /* p2 = padding || ia || ra */
194 memcpy(p2, ra, 6);
195 memcpy(p2 + 6, ia, 6);
196 memset(p2 + 12, 0, 4);
197
198 /* res = r XOR p1 */
199 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200
201 /* res = e(k, res) */
202 err = smp_e(smp->tfm_aes, k, res);
203 if (err) {
204 BT_ERR("Encrypt data error");
205 return err;
206 }
207
208 /* res = res XOR p2 */
209 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210
211 /* res = e(k, res) */
212 err = smp_e(smp->tfm_aes, k, res);
213 if (err)
214 BT_ERR("Encrypt data error");
215
216 return err;
217 }
218
219 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
220 u8 _r[16])
221 {
222 struct hci_dev *hdev = smp->conn->hcon->hdev;
223 int err;
224
225 BT_DBG("%s", hdev->name);
226
227 /* Just least significant octets from r1 and r2 are considered */
228 memcpy(_r, r2, 8);
229 memcpy(_r + 8, r1, 8);
230
231 err = smp_e(smp->tfm_aes, k, _r);
232 if (err)
233 BT_ERR("Encrypt data error");
234
235 return err;
236 }
237
238 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
239 u16 dlen, void *data)
240 {
241 struct sk_buff *skb;
242 struct l2cap_hdr *lh;
243 int len;
244
245 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246
247 if (len > conn->mtu)
248 return NULL;
249
250 skb = bt_skb_alloc(len, GFP_ATOMIC);
251 if (!skb)
252 return NULL;
253
254 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
255 lh->len = cpu_to_le16(sizeof(code) + dlen);
256 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
257
258 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
259
260 memcpy(skb_put(skb, dlen), data, dlen);
261
262 return skb;
263 }
264
265 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
266 {
267 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
268
269 BT_DBG("code 0x%2.2x", code);
270
271 if (!skb)
272 return;
273
274 skb->priority = HCI_PRIO_MAX;
275 hci_send_acl(conn->hchan, skb, 0);
276
277 cancel_delayed_work_sync(&conn->security_timer);
278 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
279 }
280
281 static __u8 authreq_to_seclevel(__u8 authreq)
282 {
283 if (authreq & SMP_AUTH_MITM)
284 return BT_SECURITY_HIGH;
285 else
286 return BT_SECURITY_MEDIUM;
287 }
288
289 static __u8 seclevel_to_authreq(__u8 sec_level)
290 {
291 switch (sec_level) {
292 case BT_SECURITY_HIGH:
293 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
294 case BT_SECURITY_MEDIUM:
295 return SMP_AUTH_BONDING;
296 default:
297 return SMP_AUTH_NONE;
298 }
299 }
300
301 static void build_pairing_cmd(struct l2cap_conn *conn,
302 struct smp_cmd_pairing *req,
303 struct smp_cmd_pairing *rsp, __u8 authreq)
304 {
305 struct smp_chan *smp = conn->smp_chan;
306 struct hci_conn *hcon = conn->hcon;
307 struct hci_dev *hdev = hcon->hdev;
308 u8 local_dist = 0, remote_dist = 0;
309
310 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
313 authreq |= SMP_AUTH_BONDING;
314 } else {
315 authreq &= ~SMP_AUTH_BONDING;
316 }
317
318 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
319 remote_dist |= SMP_DIST_ID_KEY;
320
321 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
322 local_dist |= SMP_DIST_ID_KEY;
323
324 if (rsp == NULL) {
325 req->io_capability = conn->hcon->io_capability;
326 req->oob_flag = SMP_OOB_NOT_PRESENT;
327 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
328 req->init_key_dist = local_dist;
329 req->resp_key_dist = remote_dist;
330 req->auth_req = (authreq & AUTH_REQ_MASK);
331
332 smp->remote_key_dist = remote_dist;
333 return;
334 }
335
336 rsp->io_capability = conn->hcon->io_capability;
337 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
338 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 rsp->init_key_dist = req->init_key_dist & remote_dist;
340 rsp->resp_key_dist = req->resp_key_dist & local_dist;
341 rsp->auth_req = (authreq & AUTH_REQ_MASK);
342
343 smp->remote_key_dist = rsp->init_key_dist;
344 }
345
346 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
347 {
348 struct smp_chan *smp = conn->smp_chan;
349
350 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
351 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
352 return SMP_ENC_KEY_SIZE;
353
354 smp->enc_key_size = max_key_size;
355
356 return 0;
357 }
358
359 static void smp_failure(struct l2cap_conn *conn, u8 reason)
360 {
361 struct hci_conn *hcon = conn->hcon;
362
363 if (reason)
364 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
365 &reason);
366
367 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
368 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
369 HCI_ERROR_AUTH_FAILURE);
370
371 cancel_delayed_work_sync(&conn->security_timer);
372
373 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
374 smp_chan_destroy(conn);
375 }
376
377 #define JUST_WORKS 0x00
378 #define JUST_CFM 0x01
379 #define REQ_PASSKEY 0x02
380 #define CFM_PASSKEY 0x03
381 #define REQ_OOB 0x04
382 #define OVERLAP 0xFF
383
384 static const u8 gen_method[5][5] = {
385 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
386 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
387 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
388 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
389 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
390 };
391
392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
393 {
394 /* If either side has unknown io_caps, use JUST_CFM (which gets
395 * converted later to JUST_WORKS if we're initiators.
396 */
397 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
398 remote_io > SMP_IO_KEYBOARD_DISPLAY)
399 return JUST_CFM;
400
401 return gen_method[remote_io][local_io];
402 }
403
404 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
405 u8 local_io, u8 remote_io)
406 {
407 struct hci_conn *hcon = conn->hcon;
408 struct smp_chan *smp = conn->smp_chan;
409 u8 method;
410 u32 passkey = 0;
411 int ret = 0;
412
413 /* Initialize key for JUST WORKS */
414 memset(smp->tk, 0, sizeof(smp->tk));
415 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
416
417 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
418
419 /* If neither side wants MITM, either "just" confirm an incoming
420 * request or use just-works for outgoing ones. The JUST_CFM
421 * will be converted to JUST_WORKS if necessary later in this
422 * function. If either side has MITM look up the method from the
423 * table.
424 */
425 if (!(auth & SMP_AUTH_MITM))
426 method = JUST_CFM;
427 else
428 method = get_auth_method(smp, local_io, remote_io);
429
430 /* Don't confirm locally initiated pairing attempts */
431 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
432 method = JUST_WORKS;
433
434 /* Don't bother user space with no IO capabilities */
435 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
436 method = JUST_WORKS;
437
438 /* If Just Works, Continue with Zero TK */
439 if (method == JUST_WORKS) {
440 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
441 return 0;
442 }
443
444 /* Not Just Works/Confirm results in MITM Authentication */
445 if (method != JUST_CFM)
446 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
447
448 /* If both devices have Keyoard-Display I/O, the master
449 * Confirms and the slave Enters the passkey.
450 */
451 if (method == OVERLAP) {
452 if (hcon->role == HCI_ROLE_MASTER)
453 method = CFM_PASSKEY;
454 else
455 method = REQ_PASSKEY;
456 }
457
458 /* Generate random passkey. */
459 if (method == CFM_PASSKEY) {
460 memset(smp->tk, 0, sizeof(smp->tk));
461 get_random_bytes(&passkey, sizeof(passkey));
462 passkey %= 1000000;
463 put_unaligned_le32(passkey, smp->tk);
464 BT_DBG("PassKey: %d", passkey);
465 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
466 }
467
468 hci_dev_lock(hcon->hdev);
469
470 if (method == REQ_PASSKEY)
471 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
472 hcon->type, hcon->dst_type);
473 else if (method == JUST_CFM)
474 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
475 hcon->type, hcon->dst_type,
476 passkey, 1);
477 else
478 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
479 hcon->type, hcon->dst_type,
480 passkey, 0);
481
482 hci_dev_unlock(hcon->hdev);
483
484 return ret;
485 }
486
487 static u8 smp_confirm(struct smp_chan *smp)
488 {
489 struct l2cap_conn *conn = smp->conn;
490 struct smp_cmd_pairing_confirm cp;
491 int ret;
492
493 BT_DBG("conn %p", conn);
494
495 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
496 conn->hcon->init_addr_type, &conn->hcon->init_addr,
497 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
498 cp.confirm_val);
499 if (ret)
500 return SMP_UNSPECIFIED;
501
502 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
503
504 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
505
506 return 0;
507 }
508
509 static u8 smp_random(struct smp_chan *smp)
510 {
511 struct l2cap_conn *conn = smp->conn;
512 struct hci_conn *hcon = conn->hcon;
513 u8 confirm[16];
514 int ret;
515
516 if (IS_ERR_OR_NULL(smp->tfm_aes))
517 return SMP_UNSPECIFIED;
518
519 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
520
521 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
522 hcon->init_addr_type, &hcon->init_addr,
523 hcon->resp_addr_type, &hcon->resp_addr, confirm);
524 if (ret)
525 return SMP_UNSPECIFIED;
526
527 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
528 BT_ERR("Pairing failed (confirmation values mismatch)");
529 return SMP_CONFIRM_FAILED;
530 }
531
532 if (hcon->out) {
533 u8 stk[16];
534 __le64 rand = 0;
535 __le16 ediv = 0;
536
537 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
538
539 memset(stk + smp->enc_key_size, 0,
540 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
541
542 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
543 return SMP_UNSPECIFIED;
544
545 hci_le_start_enc(hcon, ediv, rand, stk);
546 hcon->enc_key_size = smp->enc_key_size;
547 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
548 } else {
549 u8 stk[16], auth;
550 __le64 rand = 0;
551 __le16 ediv = 0;
552
553 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
554 smp->prnd);
555
556 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
557
558 memset(stk + smp->enc_key_size, 0,
559 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
560
561 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
562 auth = 1;
563 else
564 auth = 0;
565
566 /* Even though there's no _SLAVE suffix this is the
567 * slave STK we're adding for later lookup (the master
568 * STK never needs to be stored).
569 */
570 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
571 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
572 }
573
574 return 0;
575 }
576
577 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
578 {
579 struct smp_chan *smp;
580
581 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
582 if (!smp) {
583 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
584 return NULL;
585 }
586
587 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
588 if (IS_ERR(smp->tfm_aes)) {
589 BT_ERR("Unable to create ECB crypto context");
590 kfree(smp);
591 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
592 return NULL;
593 }
594
595 smp->conn = conn;
596 conn->smp_chan = smp;
597
598 hci_conn_hold(conn->hcon);
599
600 return smp;
601 }
602
603 void smp_chan_destroy(struct l2cap_conn *conn)
604 {
605 struct smp_chan *smp = conn->smp_chan;
606 bool complete;
607
608 BUG_ON(!smp);
609
610 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
611 mgmt_smp_complete(conn->hcon, complete);
612
613 kfree(smp->csrk);
614 kfree(smp->slave_csrk);
615
616 crypto_free_blkcipher(smp->tfm_aes);
617
618 /* If pairing failed clean up any keys we might have */
619 if (!complete) {
620 if (smp->ltk) {
621 list_del(&smp->ltk->list);
622 kfree(smp->ltk);
623 }
624
625 if (smp->slave_ltk) {
626 list_del(&smp->slave_ltk->list);
627 kfree(smp->slave_ltk);
628 }
629
630 if (smp->remote_irk) {
631 list_del(&smp->remote_irk->list);
632 kfree(smp->remote_irk);
633 }
634 }
635
636 kfree(smp);
637 conn->smp_chan = NULL;
638 hci_conn_drop(conn->hcon);
639 }
640
641 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
642 {
643 struct l2cap_conn *conn = hcon->l2cap_data;
644 struct smp_chan *smp;
645 u32 value;
646
647 BT_DBG("");
648
649 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
650 return -ENOTCONN;
651
652 smp = conn->smp_chan;
653
654 switch (mgmt_op) {
655 case MGMT_OP_USER_PASSKEY_REPLY:
656 value = le32_to_cpu(passkey);
657 memset(smp->tk, 0, sizeof(smp->tk));
658 BT_DBG("PassKey: %d", value);
659 put_unaligned_le32(value, smp->tk);
660 /* Fall Through */
661 case MGMT_OP_USER_CONFIRM_REPLY:
662 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
663 break;
664 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
665 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
666 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
667 return 0;
668 default:
669 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
670 return -EOPNOTSUPP;
671 }
672
673 /* If it is our turn to send Pairing Confirm, do so now */
674 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
675 u8 rsp = smp_confirm(smp);
676 if (rsp)
677 smp_failure(conn, rsp);
678 }
679
680 return 0;
681 }
682
683 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
684 {
685 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
686 struct hci_dev *hdev = conn->hcon->hdev;
687 struct smp_chan *smp;
688 u8 key_size, auth, sec_level;
689 int ret;
690
691 BT_DBG("conn %p", conn);
692
693 if (skb->len < sizeof(*req))
694 return SMP_INVALID_PARAMS;
695
696 if (conn->hcon->role != HCI_ROLE_SLAVE)
697 return SMP_CMD_NOTSUPP;
698
699 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
700 smp = smp_chan_create(conn);
701 else
702 smp = conn->smp_chan;
703
704 if (!smp)
705 return SMP_UNSPECIFIED;
706
707 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
708 (req->auth_req & SMP_AUTH_BONDING))
709 return SMP_PAIRING_NOTSUPP;
710
711 smp->preq[0] = SMP_CMD_PAIRING_REQ;
712 memcpy(&smp->preq[1], req, sizeof(*req));
713 skb_pull(skb, sizeof(*req));
714
715 /* We didn't start the pairing, so match remote */
716 auth = req->auth_req;
717
718 sec_level = authreq_to_seclevel(auth);
719 if (sec_level > conn->hcon->pending_sec_level)
720 conn->hcon->pending_sec_level = sec_level;
721
722 /* If we need MITM check that it can be acheived */
723 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
724 u8 method;
725
726 method = get_auth_method(smp, conn->hcon->io_capability,
727 req->io_capability);
728 if (method == JUST_WORKS || method == JUST_CFM)
729 return SMP_AUTH_REQUIREMENTS;
730 }
731
732 build_pairing_cmd(conn, req, &rsp, auth);
733
734 key_size = min(req->max_key_size, rsp.max_key_size);
735 if (check_enc_key_size(conn, key_size))
736 return SMP_ENC_KEY_SIZE;
737
738 get_random_bytes(smp->prnd, sizeof(smp->prnd));
739
740 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
741 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
742
743 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
744
745 /* Request setup of TK */
746 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
747 if (ret)
748 return SMP_UNSPECIFIED;
749
750 return 0;
751 }
752
753 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
754 {
755 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
756 struct smp_chan *smp = conn->smp_chan;
757 u8 key_size, auth = SMP_AUTH_NONE;
758 int ret;
759
760 BT_DBG("conn %p", conn);
761
762 if (skb->len < sizeof(*rsp))
763 return SMP_INVALID_PARAMS;
764
765 if (conn->hcon->role != HCI_ROLE_MASTER)
766 return SMP_CMD_NOTSUPP;
767
768 skb_pull(skb, sizeof(*rsp));
769
770 req = (void *) &smp->preq[1];
771
772 key_size = min(req->max_key_size, rsp->max_key_size);
773 if (check_enc_key_size(conn, key_size))
774 return SMP_ENC_KEY_SIZE;
775
776 /* If we need MITM check that it can be acheived */
777 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
778 u8 method;
779
780 method = get_auth_method(smp, req->io_capability,
781 rsp->io_capability);
782 if (method == JUST_WORKS || method == JUST_CFM)
783 return SMP_AUTH_REQUIREMENTS;
784 }
785
786 get_random_bytes(smp->prnd, sizeof(smp->prnd));
787
788 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
789 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
790
791 /* Update remote key distribution in case the remote cleared
792 * some bits that we had enabled in our request.
793 */
794 smp->remote_key_dist &= rsp->resp_key_dist;
795
796 if ((req->auth_req & SMP_AUTH_BONDING) &&
797 (rsp->auth_req & SMP_AUTH_BONDING))
798 auth = SMP_AUTH_BONDING;
799
800 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
801
802 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
803 if (ret)
804 return SMP_UNSPECIFIED;
805
806 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
807
808 /* Can't compose response until we have been confirmed */
809 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
810 return smp_confirm(smp);
811
812 return 0;
813 }
814
815 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
816 {
817 struct smp_chan *smp = conn->smp_chan;
818
819 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
820
821 if (skb->len < sizeof(smp->pcnf))
822 return SMP_INVALID_PARAMS;
823
824 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
825 skb_pull(skb, sizeof(smp->pcnf));
826
827 if (conn->hcon->out)
828 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
829 smp->prnd);
830 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
831 return smp_confirm(smp);
832 else
833 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
834
835 return 0;
836 }
837
838 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
839 {
840 struct smp_chan *smp = conn->smp_chan;
841
842 BT_DBG("conn %p", conn);
843
844 if (skb->len < sizeof(smp->rrnd))
845 return SMP_INVALID_PARAMS;
846
847 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
848 skb_pull(skb, sizeof(smp->rrnd));
849
850 return smp_random(smp);
851 }
852
853 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
854 {
855 struct smp_ltk *key;
856 struct hci_conn *hcon = conn->hcon;
857
858 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
859 hcon->role);
860 if (!key)
861 return false;
862
863 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
864 return false;
865
866 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
867 return true;
868
869 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
870 hcon->enc_key_size = key->enc_size;
871
872 /* We never store STKs for master role, so clear this flag */
873 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
874
875 return true;
876 }
877
878 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
879 {
880 if (sec_level == BT_SECURITY_LOW)
881 return true;
882
883 /* If we're encrypted with an STK always claim insufficient
884 * security. This way we allow the connection to be re-encrypted
885 * with an LTK, even if the LTK provides the same level of
886 * security. Only exception is if we don't have an LTK (e.g.
887 * because of key distribution bits).
888 */
889 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
890 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
891 hcon->role))
892 return false;
893
894 if (hcon->sec_level >= sec_level)
895 return true;
896
897 return false;
898 }
899
900 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
901 {
902 struct smp_cmd_security_req *rp = (void *) skb->data;
903 struct smp_cmd_pairing cp;
904 struct hci_conn *hcon = conn->hcon;
905 struct smp_chan *smp;
906 u8 sec_level;
907
908 BT_DBG("conn %p", conn);
909
910 if (skb->len < sizeof(*rp))
911 return SMP_INVALID_PARAMS;
912
913 if (hcon->role != HCI_ROLE_MASTER)
914 return SMP_CMD_NOTSUPP;
915
916 sec_level = authreq_to_seclevel(rp->auth_req);
917 if (smp_sufficient_security(hcon, sec_level))
918 return 0;
919
920 if (sec_level > hcon->pending_sec_level)
921 hcon->pending_sec_level = sec_level;
922
923 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
924 return 0;
925
926 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
927 return 0;
928
929 smp = smp_chan_create(conn);
930 if (!smp)
931 return SMP_UNSPECIFIED;
932
933 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
934 (rp->auth_req & SMP_AUTH_BONDING))
935 return SMP_PAIRING_NOTSUPP;
936
937 skb_pull(skb, sizeof(*rp));
938
939 memset(&cp, 0, sizeof(cp));
940 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
941
942 smp->preq[0] = SMP_CMD_PAIRING_REQ;
943 memcpy(&smp->preq[1], &cp, sizeof(cp));
944
945 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
946
947 return 0;
948 }
949
950 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
951 {
952 struct l2cap_conn *conn = hcon->l2cap_data;
953 struct smp_chan *smp;
954 __u8 authreq;
955
956 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
957
958 /* This may be NULL if there's an unexpected disconnection */
959 if (!conn)
960 return 1;
961
962 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
963 return 1;
964
965 if (smp_sufficient_security(hcon, sec_level))
966 return 1;
967
968 if (sec_level > hcon->pending_sec_level)
969 hcon->pending_sec_level = sec_level;
970
971 if (hcon->role == HCI_ROLE_MASTER)
972 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
973 return 0;
974
975 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
976 return 0;
977
978 smp = smp_chan_create(conn);
979 if (!smp)
980 return 1;
981
982 authreq = seclevel_to_authreq(sec_level);
983
984 /* Require MITM if IO Capability allows or the security level
985 * requires it.
986 */
987 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
988 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
989 authreq |= SMP_AUTH_MITM;
990
991 if (hcon->role == HCI_ROLE_MASTER) {
992 struct smp_cmd_pairing cp;
993
994 build_pairing_cmd(conn, &cp, NULL, authreq);
995 smp->preq[0] = SMP_CMD_PAIRING_REQ;
996 memcpy(&smp->preq[1], &cp, sizeof(cp));
997
998 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
999 } else {
1000 struct smp_cmd_security_req cp;
1001 cp.auth_req = authreq;
1002 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1003 }
1004
1005 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1006
1007 return 0;
1008 }
1009
1010 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1011 {
1012 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1013 struct smp_chan *smp = conn->smp_chan;
1014
1015 BT_DBG("conn %p", conn);
1016
1017 if (skb->len < sizeof(*rp))
1018 return SMP_INVALID_PARAMS;
1019
1020 /* Ignore this PDU if it wasn't requested */
1021 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1022 return 0;
1023
1024 skb_pull(skb, sizeof(*rp));
1025
1026 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1027
1028 return 0;
1029 }
1030
1031 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1032 {
1033 struct smp_cmd_master_ident *rp = (void *) skb->data;
1034 struct smp_chan *smp = conn->smp_chan;
1035 struct hci_dev *hdev = conn->hcon->hdev;
1036 struct hci_conn *hcon = conn->hcon;
1037 struct smp_ltk *ltk;
1038 u8 authenticated;
1039
1040 BT_DBG("conn %p", conn);
1041
1042 if (skb->len < sizeof(*rp))
1043 return SMP_INVALID_PARAMS;
1044
1045 /* Ignore this PDU if it wasn't requested */
1046 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1047 return 0;
1048
1049 /* Mark the information as received */
1050 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1051
1052 skb_pull(skb, sizeof(*rp));
1053
1054 hci_dev_lock(hdev);
1055 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1056 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1057 authenticated, smp->tk, smp->enc_key_size,
1058 rp->ediv, rp->rand);
1059 smp->ltk = ltk;
1060 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1061 smp_distribute_keys(conn);
1062 hci_dev_unlock(hdev);
1063
1064 return 0;
1065 }
1066
1067 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1068 {
1069 struct smp_cmd_ident_info *info = (void *) skb->data;
1070 struct smp_chan *smp = conn->smp_chan;
1071
1072 BT_DBG("");
1073
1074 if (skb->len < sizeof(*info))
1075 return SMP_INVALID_PARAMS;
1076
1077 /* Ignore this PDU if it wasn't requested */
1078 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1079 return 0;
1080
1081 skb_pull(skb, sizeof(*info));
1082
1083 memcpy(smp->irk, info->irk, 16);
1084
1085 return 0;
1086 }
1087
1088 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1089 struct sk_buff *skb)
1090 {
1091 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1092 struct smp_chan *smp = conn->smp_chan;
1093 struct hci_conn *hcon = conn->hcon;
1094 bdaddr_t rpa;
1095
1096 BT_DBG("");
1097
1098 if (skb->len < sizeof(*info))
1099 return SMP_INVALID_PARAMS;
1100
1101 /* Ignore this PDU if it wasn't requested */
1102 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1103 return 0;
1104
1105 /* Mark the information as received */
1106 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1107
1108 skb_pull(skb, sizeof(*info));
1109
1110 hci_dev_lock(hcon->hdev);
1111
1112 /* Strictly speaking the Core Specification (4.1) allows sending
1113 * an empty address which would force us to rely on just the IRK
1114 * as "identity information". However, since such
1115 * implementations are not known of and in order to not over
1116 * complicate our implementation, simply pretend that we never
1117 * received an IRK for such a device.
1118 */
1119 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1120 BT_ERR("Ignoring IRK with no identity address");
1121 goto distribute;
1122 }
1123
1124 bacpy(&smp->id_addr, &info->bdaddr);
1125 smp->id_addr_type = info->addr_type;
1126
1127 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1128 bacpy(&rpa, &hcon->dst);
1129 else
1130 bacpy(&rpa, BDADDR_ANY);
1131
1132 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1133 smp->id_addr_type, smp->irk, &rpa);
1134
1135 distribute:
1136 smp_distribute_keys(conn);
1137
1138 hci_dev_unlock(hcon->hdev);
1139
1140 return 0;
1141 }
1142
1143 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1144 {
1145 struct smp_cmd_sign_info *rp = (void *) skb->data;
1146 struct smp_chan *smp = conn->smp_chan;
1147 struct hci_dev *hdev = conn->hcon->hdev;
1148 struct smp_csrk *csrk;
1149
1150 BT_DBG("conn %p", conn);
1151
1152 if (skb->len < sizeof(*rp))
1153 return SMP_INVALID_PARAMS;
1154
1155 /* Ignore this PDU if it wasn't requested */
1156 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1157 return 0;
1158
1159 /* Mark the information as received */
1160 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1161
1162 skb_pull(skb, sizeof(*rp));
1163
1164 hci_dev_lock(hdev);
1165 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1166 if (csrk) {
1167 csrk->master = 0x01;
1168 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1169 }
1170 smp->csrk = csrk;
1171 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1172 smp_distribute_keys(conn);
1173 hci_dev_unlock(hdev);
1174
1175 return 0;
1176 }
1177
1178 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1179 {
1180 struct hci_conn *hcon = conn->hcon;
1181 __u8 code, reason;
1182 int err = 0;
1183
1184 if (hcon->type != LE_LINK) {
1185 kfree_skb(skb);
1186 return 0;
1187 }
1188
1189 if (skb->len < 1) {
1190 kfree_skb(skb);
1191 return -EILSEQ;
1192 }
1193
1194 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1195 err = -EOPNOTSUPP;
1196 reason = SMP_PAIRING_NOTSUPP;
1197 goto done;
1198 }
1199
1200 code = skb->data[0];
1201 skb_pull(skb, sizeof(code));
1202
1203 /*
1204 * The SMP context must be initialized for all other PDUs except
1205 * pairing and security requests. If we get any other PDU when
1206 * not initialized simply disconnect (done if this function
1207 * returns an error).
1208 */
1209 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1210 !conn->smp_chan) {
1211 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1212 kfree_skb(skb);
1213 return -EOPNOTSUPP;
1214 }
1215
1216 switch (code) {
1217 case SMP_CMD_PAIRING_REQ:
1218 reason = smp_cmd_pairing_req(conn, skb);
1219 break;
1220
1221 case SMP_CMD_PAIRING_FAIL:
1222 smp_failure(conn, 0);
1223 reason = 0;
1224 err = -EPERM;
1225 break;
1226
1227 case SMP_CMD_PAIRING_RSP:
1228 reason = smp_cmd_pairing_rsp(conn, skb);
1229 break;
1230
1231 case SMP_CMD_SECURITY_REQ:
1232 reason = smp_cmd_security_req(conn, skb);
1233 break;
1234
1235 case SMP_CMD_PAIRING_CONFIRM:
1236 reason = smp_cmd_pairing_confirm(conn, skb);
1237 break;
1238
1239 case SMP_CMD_PAIRING_RANDOM:
1240 reason = smp_cmd_pairing_random(conn, skb);
1241 break;
1242
1243 case SMP_CMD_ENCRYPT_INFO:
1244 reason = smp_cmd_encrypt_info(conn, skb);
1245 break;
1246
1247 case SMP_CMD_MASTER_IDENT:
1248 reason = smp_cmd_master_ident(conn, skb);
1249 break;
1250
1251 case SMP_CMD_IDENT_INFO:
1252 reason = smp_cmd_ident_info(conn, skb);
1253 break;
1254
1255 case SMP_CMD_IDENT_ADDR_INFO:
1256 reason = smp_cmd_ident_addr_info(conn, skb);
1257 break;
1258
1259 case SMP_CMD_SIGN_INFO:
1260 reason = smp_cmd_sign_info(conn, skb);
1261 break;
1262
1263 default:
1264 BT_DBG("Unknown command code 0x%2.2x", code);
1265
1266 reason = SMP_CMD_NOTSUPP;
1267 err = -EOPNOTSUPP;
1268 goto done;
1269 }
1270
1271 done:
1272 if (reason)
1273 smp_failure(conn, reason);
1274
1275 kfree_skb(skb);
1276 return err;
1277 }
1278
1279 static void smp_notify_keys(struct l2cap_conn *conn)
1280 {
1281 struct smp_chan *smp = conn->smp_chan;
1282 struct hci_conn *hcon = conn->hcon;
1283 struct hci_dev *hdev = hcon->hdev;
1284 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1285 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1286 bool persistent;
1287
1288 if (smp->remote_irk) {
1289 mgmt_new_irk(hdev, smp->remote_irk);
1290 /* Now that user space can be considered to know the
1291 * identity address track the connection based on it
1292 * from now on.
1293 */
1294 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1295 hcon->dst_type = smp->remote_irk->addr_type;
1296 l2cap_conn_update_id_addr(hcon);
1297
1298 /* When receiving an indentity resolving key for
1299 * a remote device that does not use a resolvable
1300 * private address, just remove the key so that
1301 * it is possible to use the controller white
1302 * list for scanning.
1303 *
1304 * Userspace will have been told to not store
1305 * this key at this point. So it is safe to
1306 * just remove it.
1307 */
1308 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1309 list_del(&smp->remote_irk->list);
1310 kfree(smp->remote_irk);
1311 smp->remote_irk = NULL;
1312 }
1313 }
1314
1315 /* The LTKs and CSRKs should be persistent only if both sides
1316 * had the bonding bit set in their authentication requests.
1317 */
1318 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1319
1320 if (smp->csrk) {
1321 smp->csrk->bdaddr_type = hcon->dst_type;
1322 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1323 mgmt_new_csrk(hdev, smp->csrk, persistent);
1324 }
1325
1326 if (smp->slave_csrk) {
1327 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1328 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1329 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1330 }
1331
1332 if (smp->ltk) {
1333 smp->ltk->bdaddr_type = hcon->dst_type;
1334 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1335 mgmt_new_ltk(hdev, smp->ltk, persistent);
1336 }
1337
1338 if (smp->slave_ltk) {
1339 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1340 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1341 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1342 }
1343 }
1344
1345 int smp_distribute_keys(struct l2cap_conn *conn)
1346 {
1347 struct smp_cmd_pairing *req, *rsp;
1348 struct smp_chan *smp = conn->smp_chan;
1349 struct hci_conn *hcon = conn->hcon;
1350 struct hci_dev *hdev = hcon->hdev;
1351 __u8 *keydist;
1352
1353 BT_DBG("conn %p", conn);
1354
1355 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1356 return 0;
1357
1358 rsp = (void *) &smp->prsp[1];
1359
1360 /* The responder sends its keys first */
1361 if (hcon->out && (smp->remote_key_dist & 0x07))
1362 return 0;
1363
1364 req = (void *) &smp->preq[1];
1365
1366 if (hcon->out) {
1367 keydist = &rsp->init_key_dist;
1368 *keydist &= req->init_key_dist;
1369 } else {
1370 keydist = &rsp->resp_key_dist;
1371 *keydist &= req->resp_key_dist;
1372 }
1373
1374 BT_DBG("keydist 0x%x", *keydist);
1375
1376 if (*keydist & SMP_DIST_ENC_KEY) {
1377 struct smp_cmd_encrypt_info enc;
1378 struct smp_cmd_master_ident ident;
1379 struct smp_ltk *ltk;
1380 u8 authenticated;
1381 __le16 ediv;
1382 __le64 rand;
1383
1384 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1385 get_random_bytes(&ediv, sizeof(ediv));
1386 get_random_bytes(&rand, sizeof(rand));
1387
1388 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1389
1390 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1391 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1392 SMP_LTK_SLAVE, authenticated, enc.ltk,
1393 smp->enc_key_size, ediv, rand);
1394 smp->slave_ltk = ltk;
1395
1396 ident.ediv = ediv;
1397 ident.rand = rand;
1398
1399 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1400
1401 *keydist &= ~SMP_DIST_ENC_KEY;
1402 }
1403
1404 if (*keydist & SMP_DIST_ID_KEY) {
1405 struct smp_cmd_ident_addr_info addrinfo;
1406 struct smp_cmd_ident_info idinfo;
1407
1408 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1409
1410 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1411
1412 /* The hci_conn contains the local identity address
1413 * after the connection has been established.
1414 *
1415 * This is true even when the connection has been
1416 * established using a resolvable random address.
1417 */
1418 bacpy(&addrinfo.bdaddr, &hcon->src);
1419 addrinfo.addr_type = hcon->src_type;
1420
1421 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1422 &addrinfo);
1423
1424 *keydist &= ~SMP_DIST_ID_KEY;
1425 }
1426
1427 if (*keydist & SMP_DIST_SIGN) {
1428 struct smp_cmd_sign_info sign;
1429 struct smp_csrk *csrk;
1430
1431 /* Generate a new random key */
1432 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1433
1434 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1435 if (csrk) {
1436 csrk->master = 0x00;
1437 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1438 }
1439 smp->slave_csrk = csrk;
1440
1441 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1442
1443 *keydist &= ~SMP_DIST_SIGN;
1444 }
1445
1446 /* If there are still keys to be received wait for them */
1447 if ((smp->remote_key_dist & 0x07))
1448 return 0;
1449
1450 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1451 cancel_delayed_work_sync(&conn->security_timer);
1452 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1453 smp_notify_keys(conn);
1454
1455 smp_chan_destroy(conn);
1456
1457 return 0;
1458 }
Linux kernel - Deliverables
This page took 0.061185 seconds and 6 git commands to generate.