projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Organize SMP crypto functions to logical sections
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
8c520a59
GP		 23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
eb492e01
AB		 27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
2b64d153 30#include <net/bluetooth/mgmt.h>
ac4b7236 31
3b19146d 32#include "ecc.h"
ac4b7236 33#include "smp.h"
d22ef0bc 34
c7a3d57d
JH		 35/* Low-level debug macros to be used for stuff that we don't want
36 * accidentially in dmesg, i.e. the values of the various crypto keys
37 * and the inputs & outputs of crypto functions.
38 */
39#ifdef DEBUG
40#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
41 ##__VA_ARGS__)
42#else
43#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
44 ##__VA_ARGS__)
45#endif
46
b28b4943 47#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 48
3b19146d
JH		 49/* Keys which are not distributed with Secure Connections */
50#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
51
17b02e62 52#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 53
0edb14de
JH		 54#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
55 0x1f : 0x07)
56#define KEY_DIST_MASK 0x07
065a13e2 57
cbbbe3e2
JH		 58/* Maximum message length that can be passed to aes_cmac */
59#define CMAC_MSG_MAX 80
60
533e35d4
JH		 61enum {
62 SMP_FLAG_TK_VALID,
63 SMP_FLAG_CFM_PENDING,
64 SMP_FLAG_MITM_AUTH,
65 SMP_FLAG_COMPLETE,
66 SMP_FLAG_INITIATOR,
65668776 67 SMP_FLAG_SC,
d8f8edbe 68 SMP_FLAG_REMOTE_PK,
aeb7d461 69 SMP_FLAG_DEBUG_KEY,
38606f14 70 SMP_FLAG_WAIT_USER,
d3e54a87 71 SMP_FLAG_DHKEY_PENDING,
02b05bd8 72 SMP_FLAG_OOB,
533e35d4 73};
4bc58f51
JH		 74
75struct smp_chan {
b68fda68
JH		 76 struct l2cap_conn *conn;
77 struct delayed_work security_timer;
b28b4943 78 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 79
4bc58f51
JH		 80 u8 preq[7]; /* SMP Pairing Request */
81 u8 prsp[7]; /* SMP Pairing Response */
82 u8 prnd[16]; /* SMP Pairing Random (local) */
83 u8 rrnd[16]; /* SMP Pairing Random (remote) */
84 u8 pcnf[16]; /* SMP Pairing Confirm */
85 u8 tk[16]; /* SMP Temporary Key */
a29b0733 86 u8 rr[16];
4bc58f51
JH		 87 u8 enc_key_size;
88 u8 remote_key_dist;
89 bdaddr_t id_addr;
90 u8 id_addr_type;
91 u8 irk[16];
92 struct smp_csrk *csrk;
93 struct smp_csrk *slave_csrk;
94 struct smp_ltk *ltk;
95 struct smp_ltk *slave_ltk;
96 struct smp_irk *remote_irk;
6a77083a 97 u8 *link_key;
4a74d658 98 unsigned long flags;
783e0574 99 u8 method;
38606f14 100 u8 passkey_round;
6a7bd103 101
3b19146d
JH		 102 /* Secure Connections variables */
103 u8 local_pk[64];
104 u8 local_sk[32];
d8f8edbe
JH		 105 u8 remote_pk[64];
106 u8 dhkey[32];
760b018b 107 u8 mackey[16];
3b19146d 108
6a7bd103 109 struct crypto_blkcipher *tfm_aes;
407cecf6 110 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 111};
112
aeb7d461
JH		 113/* These debug key values are defined in the SMP section of the core
114 * specification. debug_pk is the public debug key and debug_sk the
115 * private debug key.
116 */
117static const u8 debug_pk[64] = {
118 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
122
123 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
127};
128
129static const u8 debug_sk[32] = {
130 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
134};
135
8a2936f4 136static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 137{
8a2936f4 138 size_t i;
d22ef0bc 139
8a2936f4
JH		 140 for (i = 0; i < len; i++)
141 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 142}
143
06edf8de
JH		 144/* The following functions map to the LE SC SMP crypto functions
145 * AES-CMAC, f4, f5, f6, g2 and h6.
146 */
147
cbbbe3e2
JH		 148static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
149 size_t len, u8 mac[16])
150{
151 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
152 struct hash_desc desc;
153 struct scatterlist sg;
154 int err;
155
156 if (len > CMAC_MSG_MAX)
157 return -EFBIG;
158
159 if (!tfm) {
160 BT_ERR("tfm %p", tfm);
161 return -EINVAL;
162 }
163
164 desc.tfm = tfm;
165 desc.flags = 0;
166
167 crypto_hash_init(&desc);
168
169 /* Swap key and message from LSB to MSB */
170 swap_buf(k, tmp, 16);
171 swap_buf(m, msg_msb, len);
172
c7a3d57d
JH		 173 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
174 SMP_DBG("key %16phN", k);
cbbbe3e2
JH		 175
176 err = crypto_hash_setkey(tfm, tmp, 16);
177 if (err) {
178 BT_ERR("cipher setkey failed: %d", err);
179 return err;
180 }
181
182 sg_init_one(&sg, msg_msb, len);
183
184 err = crypto_hash_update(&desc, &sg, len);
185 if (err) {
186 BT_ERR("Hash update error %d", err);
187 return err;
188 }
189
190 err = crypto_hash_final(&desc, mac_msb);
191 if (err) {
192 BT_ERR("Hash final error %d", err);
193 return err;
194 }
195
196 swap_buf(mac_msb, mac, 16);
197
c7a3d57d 198 SMP_DBG("mac %16phN", mac);
cbbbe3e2
JH		 199
200 return 0;
201}
202
203static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
204 const u8 x[16], u8 z, u8 res[16])
205{
206 u8 m[65];
207 int err;
208
c7a3d57d
JH		 209 SMP_DBG("u %32phN", u);
210 SMP_DBG("v %32phN", v);
211 SMP_DBG("x %16phN z %02x", x, z);
cbbbe3e2
JH		 212
213 m[0] = z;
214 memcpy(m + 1, v, 32);
215 memcpy(m + 33, u, 32);
216
217 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
218 if (err)
219 return err;
220
c7a3d57d 221 SMP_DBG("res %16phN", res);
cbbbe3e2
JH		 222
223 return err;
224}
225
760b018b
JH		 226static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
227 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
228{
229 /* The btle, salt and length "magic" values are as defined in
230 * the SMP section of the Bluetooth core specification. In ASCII
231 * the btle value ends up being 'btle'. The salt is just a
232 * random number whereas length is the value 256 in little
233 * endian format.
234 */
235 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
236 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
237 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
238 const u8 length[2] = { 0x00, 0x01 };
239 u8 m[53], t[16];
240 int err;
241
c7a3d57d
JH		 242 SMP_DBG("w %32phN", w);
243 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
244 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
760b018b
JH		 245
246 err = aes_cmac(tfm_cmac, salt, w, 32, t);
247 if (err)
248 return err;
249
c7a3d57d 250 SMP_DBG("t %16phN", t);
760b018b
JH		 251
252 memcpy(m, length, 2);
253 memcpy(m + 2, a2, 7);
254 memcpy(m + 9, a1, 7);
255 memcpy(m + 16, n2, 16);
256 memcpy(m + 32, n1, 16);
257 memcpy(m + 48, btle, 4);
258
259 m[52] = 0; /* Counter */
260
261 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
262 if (err)
263 return err;
264
c7a3d57d 265 SMP_DBG("mackey %16phN", mackey);
760b018b
JH		 266
267 m[52] = 1; /* Counter */
268
269 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
270 if (err)
271 return err;
272
c7a3d57d 273 SMP_DBG("ltk %16phN", ltk);
760b018b
JH		 274
275 return 0;
276}
277
278static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
279 const u8 n1[16], u8 n2[16], const u8 r[16],
280 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
281 u8 res[16])
282{
283 u8 m[65];
284 int err;
285
c7a3d57d
JH		 286 SMP_DBG("w %16phN", w);
287 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
288 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
760b018b
JH		 289
290 memcpy(m, a2, 7);
291 memcpy(m + 7, a1, 7);
292 memcpy(m + 14, io_cap, 3);
293 memcpy(m + 17, r, 16);
294 memcpy(m + 33, n2, 16);
295 memcpy(m + 49, n1, 16);
296
297 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
298 if (err)
299 return err;
300
301 BT_DBG("res %16phN", res);
302
303 return err;
304}
305
191dc7fe
JH		 306static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
307 const u8 x[16], const u8 y[16], u32 *val)
308{
309 u8 m[80], tmp[16];
310 int err;
311
c7a3d57d
JH		 312 SMP_DBG("u %32phN", u);
313 SMP_DBG("v %32phN", v);
314 SMP_DBG("x %16phN y %16phN", x, y);
191dc7fe
JH		 315
316 memcpy(m, y, 16);
317 memcpy(m + 16, v, 32);
318 memcpy(m + 48, u, 32);
319
320 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
321 if (err)
322 return err;
323
324 *val = get_unaligned_le32(tmp);
325 *val %= 1000000;
326
c7a3d57d 327 SMP_DBG("val %06u", *val);
191dc7fe
JH		 328
329 return 0;
330}
331
06edf8de
JH		 332static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
333 const u8 key_id[4], u8 res[16])
334{
335 int err;
336
337 SMP_DBG("w %16phN key_id %4phN", w, key_id);
338
339 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
340 if (err)
341 return err;
342
343 SMP_DBG("res %16phN", res);
344
345 return err;
346}
347
348/* The following functions map to the legacy SMP crypto functions e, c1,
349 * s1 and ah.
350 */
351
d22ef0bc
AB		 352static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
353{
354 struct blkcipher_desc desc;
355 struct scatterlist sg;
943a732a 356 uint8_t tmp[16], data[16];
201a5929 357 int err;
d22ef0bc
AB		 358
359 if (tfm == NULL) {
360 BT_ERR("tfm %p", tfm);
361 return -EINVAL;
362 }
363
364 desc.tfm = tfm;
365 desc.flags = 0;
366
943a732a 367 /* The most significant octet of key corresponds to k[0] */
8a2936f4 368 swap_buf(k, tmp, 16);
943a732a
JH		 369
370 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 371 if (err) {
372 BT_ERR("cipher setkey failed: %d", err);
373 return err;
374 }
375
943a732a 376 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 377 swap_buf(r, data, 16);
943a732a
JH		 378
379 sg_init_one(&sg, data, 16);
d22ef0bc 380
d22ef0bc
AB		 381 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
382 if (err)
383 BT_ERR("Encrypt data error %d", err);
384
943a732a 385 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 386 swap_buf(data, r, 16);
943a732a 387
d22ef0bc
AB		 388 return err;
389}
390
06edf8de
JH		 391static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
392 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
393 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
6a77083a 394{
06edf8de 395 u8 p1[16], p2[16];
6a77083a
JH		 396 int err;
397
06edf8de 398 memset(p1, 0, 16);
6a77083a 399
06edf8de
JH		 400 /* p1 = pres || preq || _rat || _iat */
401 p1[0] = _iat;
402 p1[1] = _rat;
403 memcpy(p1 + 2, preq, 7);
404 memcpy(p1 + 9, pres, 7);
405
406 /* p2 = padding || ia || ra */
407 memcpy(p2, ra, 6);
408 memcpy(p2 + 6, ia, 6);
409 memset(p2 + 12, 0, 4);
410
411 /* res = r XOR p1 */
412 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
413
414 /* res = e(k, res) */
415 err = smp_e(tfm_aes, k, res);
416 if (err) {
417 BT_ERR("Encrypt data error");
6a77083a 418 return err;
06edf8de 419 }
6a77083a 420
06edf8de
JH		 421 /* res = res XOR p2 */
422 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
423
424 /* res = e(k, res) */
425 err = smp_e(tfm_aes, k, res);
426 if (err)
427 BT_ERR("Encrypt data error");
428
429 return err;
430}
431
432static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
433 const u8 r1[16], const u8 r2[16], u8 _r[16])
434{
435 int err;
436
437 /* Just least significant octets from r1 and r2 are considered */
438 memcpy(_r, r2, 8);
439 memcpy(_r + 8, r1, 8);
440
441 err = smp_e(tfm_aes, k, _r);
442 if (err)
443 BT_ERR("Encrypt data error");
6a77083a
JH		 444
445 return err;
446}
447
cd082797
JH		 448static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
449 const u8 r[3], u8 res[3])
60478054 450{
943a732a 451 u8 _res[16];
60478054
JH		 452 int err;
453
454 /* r' = padding || r */
943a732a
JH		 455 memcpy(_res, r, 3);
456 memset(_res + 3, 0, 13);
60478054 457
943a732a 458 err = smp_e(tfm, irk, _res);
60478054
JH		 459 if (err) {
460 BT_ERR("Encrypt error");
461 return err;
462 }
463
464 /* The output of the random address function ah is:
465 * ah(h, r) = e(k, r') mod 2^24
466 * The output of the security function e is then truncated to 24 bits
467 * by taking the least significant 24 bits of the output of e as the
468 * result of ah.
469 */
943a732a 470 memcpy(res, _res, 3);
60478054
JH		 471
472 return 0;
473}
474
cd082797
JH		 475bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
476 const bdaddr_t *bdaddr)
60478054 477{
defce9e8
JH		 478 struct l2cap_chan *chan = hdev->smp_data;
479 struct crypto_blkcipher *tfm;
60478054
JH		 480 u8 hash[3];
481 int err;
482
defce9e8
JH		 483 if (!chan || !chan->data)
484 return false;
485
486 tfm = chan->data;
487
60478054
JH		 488 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
489
490 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
491 if (err)
492 return false;
493
494 return !memcmp(bdaddr->b, hash, 3);
495}
496
cd082797 497int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 498{
defce9e8
JH		 499 struct l2cap_chan *chan = hdev->smp_data;
500 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 501 int err;
502
defce9e8
JH		 503 if (!chan || !chan->data)
504 return -EOPNOTSUPP;
505
506 tfm = chan->data;
507
b1e2b3ae
JH		 508 get_random_bytes(&rpa->b[3], 3);
509
510 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
511 rpa->b[5] |= 0x40; /* Set second most significant bit */
512
513 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
514 if (err < 0)
515 return err;
516
517 BT_DBG("RPA %pMR", rpa);
518
519 return 0;
520}
521
5d88cc73 522static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 523{
5d88cc73 524 struct l2cap_chan *chan = conn->smp;
b68fda68 525 struct smp_chan *smp;
5d88cc73
JH		 526 struct kvec iv[2];
527 struct msghdr msg;
eb492e01 528
5d88cc73
JH		 529 if (!chan)
530 return;
eb492e01 531
5d88cc73 532 BT_DBG("code 0x%2.2x", code);
eb492e01 533
5d88cc73
JH		 534 iv[0].iov_base = &code;
535 iv[0].iov_len = 1;
eb492e01 536
5d88cc73
JH		 537 iv[1].iov_base = data;
538 iv[1].iov_len = len;
eb492e01 539
5d88cc73 540 memset(&msg, 0, sizeof(msg));
eb492e01 541
5d88cc73
JH		 542 msg.msg_iov = (struct iovec *) &iv;
543 msg.msg_iovlen = 2;
eb492e01 544
5d88cc73 545 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 546
b68fda68
JH		 547 if (!chan->data)
548 return;
549
550 smp = chan->data;
551
552 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 553 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 554}
555
d2eb9e10 556static u8 authreq_to_seclevel(u8 authreq)
2b64d153 557{
d2eb9e10
JH		 558 if (authreq & SMP_AUTH_MITM) {
559 if (authreq & SMP_AUTH_SC)
560 return BT_SECURITY_FIPS;
561 else
562 return BT_SECURITY_HIGH;
563 } else {
2b64d153 564 return BT_SECURITY_MEDIUM;
d2eb9e10 565 }
2b64d153
BG		 566}
567
568static __u8 seclevel_to_authreq(__u8 sec_level)
569{
570 switch (sec_level) {
d2eb9e10 571 case BT_SECURITY_FIPS:
2b64d153
BG		 572 case BT_SECURITY_HIGH:
573 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
574 case BT_SECURITY_MEDIUM:
575 return SMP_AUTH_BONDING;
576 default:
577 return SMP_AUTH_NONE;
578 }
579}
580
b8e66eac 581static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 582 struct smp_cmd_pairing *req,
583 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 584{
5d88cc73
JH		 585 struct l2cap_chan *chan = conn->smp;
586 struct smp_chan *smp = chan->data;
fd349c02
JH		 587 struct hci_conn *hcon = conn->hcon;
588 struct hci_dev *hdev = hcon->hdev;
02b05bd8 589 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
54790f73 590
b6ae8457 591 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 592 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
593 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 594 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 595 } else {
596 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 597 }
598
fd349c02
JH		 599 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
600 remote_dist |= SMP_DIST_ID_KEY;
601
863efaf2
JH		 602 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
603 local_dist |= SMP_DIST_ID_KEY;
604
02b05bd8
JH		 605 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
606 (authreq & SMP_AUTH_SC)) {
607 struct oob_data *oob_data;
608 u8 bdaddr_type;
609
610 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
df8e1a4c
JH		 611 local_dist |= SMP_DIST_LINK_KEY;
612 remote_dist |= SMP_DIST_LINK_KEY;
613 }
02b05bd8
JH		 614
615 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
616 bdaddr_type = BDADDR_LE_PUBLIC;
617 else
618 bdaddr_type = BDADDR_LE_RANDOM;
619
620 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
621 bdaddr_type);
622 if (oob_data) {
623 set_bit(SMP_FLAG_OOB, &smp->flags);
624 oob_flag = SMP_OOB_PRESENT;
a29b0733 625 memcpy(smp->rr, oob_data->rand256, 16);
02b05bd8
JH		 626 memcpy(smp->pcnf, oob_data->hash256, 16);
627 }
628
df8e1a4c
JH		 629 } else {
630 authreq &= ~SMP_AUTH_SC;
631 }
632
54790f73
VCG		 633 if (rsp == NULL) {
634 req->io_capability = conn->hcon->io_capability;
02b05bd8 635 req->oob_flag = oob_flag;
54790f73 636 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 637 req->init_key_dist = local_dist;
638 req->resp_key_dist = remote_dist;
0edb14de 639 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 640
641 smp->remote_key_dist = remote_dist;
54790f73
VCG		 642 return;
643 }
644
645 rsp->io_capability = conn->hcon->io_capability;
02b05bd8 646 rsp->oob_flag = oob_flag;
54790f73 647 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 648 rsp->init_key_dist = req->init_key_dist & remote_dist;
649 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 650 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 651
652 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 653}
654
3158c50c
VCG		 655static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
656{
5d88cc73
JH		 657 struct l2cap_chan *chan = conn->smp;
658 struct smp_chan *smp = chan->data;
1c1def09 659
3158c50c 660 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 661 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 662 return SMP_ENC_KEY_SIZE;
663
f7aa611a 664 smp->enc_key_size = max_key_size;
3158c50c
VCG		 665
666 return 0;
667}
668
6f48e260
JH		 669static void smp_chan_destroy(struct l2cap_conn *conn)
670{
671 struct l2cap_chan *chan = conn->smp;
672 struct smp_chan *smp = chan->data;
673 bool complete;
674
675 BUG_ON(!smp);
676
677 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 678
6f48e260
JH		 679 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
680 mgmt_smp_complete(conn->hcon, complete);
681
682 kfree(smp->csrk);
683 kfree(smp->slave_csrk);
6a77083a 684 kfree(smp->link_key);
6f48e260
JH		 685
686 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 687 crypto_free_hash(smp->tfm_cmac);
6f48e260
JH		 688
689 /* If pairing failed clean up any keys we might have */
690 if (!complete) {
691 if (smp->ltk) {
970d0f1b
JH		 692 list_del_rcu(&smp->ltk->list);
693 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 694 }
695
696 if (smp->slave_ltk) {
970d0f1b
JH		 697 list_del_rcu(&smp->slave_ltk->list);
698 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 699 }
700
701 if (smp->remote_irk) {
adae20cb
JH		 702 list_del_rcu(&smp->remote_irk->list);
703 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 704 }
705 }
706
707 chan->data = NULL;
708 kfree(smp);
709 hci_conn_drop(conn->hcon);
710}
711
84794e11 712static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 713{
bab73cb6 714 struct hci_conn *hcon = conn->hcon;
b68fda68 715 struct l2cap_chan *chan = conn->smp;
bab73cb6 716
84794e11 717 if (reason)
4f957a76 718 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 719 &reason);
4f957a76 720
ce39fb4e 721 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 722 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 723
fc75cc86 724 if (chan->data)
f1c09c07 725 smp_chan_destroy(conn);
4f957a76
BG		 726}
727
2b64d153
BG		 728#define JUST_WORKS 0x00
729#define JUST_CFM 0x01
730#define REQ_PASSKEY 0x02
731#define CFM_PASSKEY 0x03
732#define REQ_OOB 0x04
5e3d3d9b 733#define DSP_PASSKEY 0x05
2b64d153
BG		 734#define OVERLAP 0xFF
735
736static const u8 gen_method[5][5] = {
737 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
738 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
739 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
740 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
741 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
742};
743
5e3d3d9b
JH		 744static const u8 sc_method[5][5] = {
745 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
746 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
747 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
748 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
749 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
750};
751
581370cc
JH		 752static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
753{
2bcd4003
JH		 754 /* If either side has unknown io_caps, use JUST_CFM (which gets
755 * converted later to JUST_WORKS if we're initiators.
756 */
581370cc
JH		 757 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
758 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 759 return JUST_CFM;
581370cc 760
5e3d3d9b
JH		 761 if (test_bit(SMP_FLAG_SC, &smp->flags))
762 return sc_method[remote_io][local_io];
763
581370cc
JH		 764 return gen_method[remote_io][local_io];
765}
766
2b64d153
BG		 767static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
768 u8 local_io, u8 remote_io)
769{
770 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 771 struct l2cap_chan *chan = conn->smp;
772 struct smp_chan *smp = chan->data;
2b64d153
BG		 773 u32 passkey = 0;
774 int ret = 0;
775
776 /* Initialize key for JUST WORKS */
777 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 778 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 779
780 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
781
2bcd4003
JH		 782 /* If neither side wants MITM, either "just" confirm an incoming
783 * request or use just-works for outgoing ones. The JUST_CFM
784 * will be converted to JUST_WORKS if necessary later in this
785 * function. If either side has MITM look up the method from the
786 * table.
787 */
581370cc 788 if (!(auth & SMP_AUTH_MITM))
783e0574 789 smp->method = JUST_CFM;
2b64d153 790 else
783e0574 791 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 792
a82505c7 793 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 794 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
795 &smp->flags))
796 smp->method = JUST_WORKS;
a82505c7 797
02f3e254 798 /* Don't bother user space with no IO capabilities */
783e0574
JH		 799 if (smp->method == JUST_CFM &&
800 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
801 smp->method = JUST_WORKS;
02f3e254 802
2b64d153 803 /* If Just Works, Continue with Zero TK */
783e0574 804 if (smp->method == JUST_WORKS) {
4a74d658 805 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 806 return 0;
807 }
808
809 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 810 if (smp->method != JUST_CFM) {
4a74d658 811 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 812 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
813 hcon->pending_sec_level = BT_SECURITY_HIGH;
814 }
2b64d153
BG		 815
816 /* If both devices have Keyoard-Display I/O, the master
817 * Confirms and the slave Enters the passkey.
818 */
783e0574 819 if (smp->method == OVERLAP) {
40bef302 820 if (hcon->role == HCI_ROLE_MASTER)
783e0574 821 smp->method = CFM_PASSKEY;
2b64d153 822 else
783e0574 823 smp->method = REQ_PASSKEY;
2b64d153
BG		 824 }
825
01ad34d2 826 /* Generate random passkey. */
783e0574 827 if (smp->method == CFM_PASSKEY) {
943a732a 828 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 829 get_random_bytes(&passkey, sizeof(passkey));
830 passkey %= 1000000;
943a732a 831 put_unaligned_le32(passkey, smp->tk);
2b64d153 832 BT_DBG("PassKey: %d", passkey);
4a74d658 833 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 834 }
835
783e0574 836 if (smp->method == REQ_PASSKEY)
ce39fb4e 837 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 838 hcon->type, hcon->dst_type);
783e0574 839 else if (smp->method == JUST_CFM)
4eb65e66
JH		 840 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
841 hcon->type, hcon->dst_type,
842 passkey, 1);
2b64d153 843 else
01ad34d2 844 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 845 hcon->type, hcon->dst_type,
39adbffe 846 passkey, 0);
2b64d153 847
2b64d153
BG		 848 return ret;
849}
850
1cc61144 851static u8 smp_confirm(struct smp_chan *smp)
8aab4757 852{
8aab4757 853 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 854 struct smp_cmd_pairing_confirm cp;
855 int ret;
8aab4757
VCG		 856
857 BT_DBG("conn %p", conn);
858
e491eaf3 859 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 860 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 861 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
862 cp.confirm_val);
1cc61144
JH		 863 if (ret)
864 return SMP_UNSPECIFIED;
8aab4757 865
4a74d658 866 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 867
8aab4757
VCG		 868 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
869
b28b4943
JH		 870 if (conn->hcon->out)
871 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
872 else
873 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
874
1cc61144 875 return 0;
8aab4757
VCG		 876}
877
861580a9 878static u8 smp_random(struct smp_chan *smp)
8aab4757 879{
8aab4757
VCG		 880 struct l2cap_conn *conn = smp->conn;
881 struct hci_conn *hcon = conn->hcon;
861580a9 882 u8 confirm[16];
8aab4757
VCG		 883 int ret;
884
ec70f36f 885 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 886 return SMP_UNSPECIFIED;
8aab4757
VCG		 887
888 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
889
e491eaf3 890 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 891 hcon->init_addr_type, &hcon->init_addr,
943a732a 892 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 893 if (ret)
894 return SMP_UNSPECIFIED;
8aab4757 895
8aab4757
VCG		 896 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
897 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 898 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 899 }
900
901 if (hcon->out) {
fe39c7b2
MH		 902 u8 stk[16];
903 __le64 rand = 0;
904 __le16 ediv = 0;
8aab4757 905
e491eaf3 906 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 907
f7aa611a 908 memset(stk + smp->enc_key_size, 0,
04124681 909 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 910
861580a9
JH		 911 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
912 return SMP_UNSPECIFIED;
8aab4757
VCG		 913
914 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 915 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 916 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 917 } else {
fff3490f 918 u8 stk[16], auth;
fe39c7b2
MH		 919 __le64 rand = 0;
920 __le16 ediv = 0;
8aab4757 921
943a732a
JH		 922 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
923 smp->prnd);
8aab4757 924
e491eaf3 925 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 926
f7aa611a 927 memset(stk + smp->enc_key_size, 0,
f1560463 928 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 929
fff3490f
JH		 930 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
931 auth = 1;
932 else
933 auth = 0;
934
7d5843b7
JH		 935 /* Even though there's no _SLAVE suffix this is the
936 * slave STK we're adding for later lookup (the master
937 * STK never needs to be stored).
938 */
ce39fb4e 939 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 940 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 941 }
942
861580a9 943 return 0;
8aab4757
VCG		 944}
945
44f1a7ab
JH		 946static void smp_notify_keys(struct l2cap_conn *conn)
947{
948 struct l2cap_chan *chan = conn->smp;
949 struct smp_chan *smp = chan->data;
950 struct hci_conn *hcon = conn->hcon;
951 struct hci_dev *hdev = hcon->hdev;
952 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
953 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
954 bool persistent;
955
956 if (smp->remote_irk) {
957 mgmt_new_irk(hdev, smp->remote_irk);
958 /* Now that user space can be considered to know the
959 * identity address track the connection based on it
b5ae344d 960 * from now on (assuming this is an LE link).
44f1a7ab 961 */
b5ae344d
JH		 962 if (hcon->type == LE_LINK) {
963 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
964 hcon->dst_type = smp->remote_irk->addr_type;
965 queue_work(hdev->workqueue, &conn->id_addr_update_work);
966 }
44f1a7ab
JH		 967
968 /* When receiving an indentity resolving key for
969 * a remote device that does not use a resolvable
970 * private address, just remove the key so that
971 * it is possible to use the controller white
972 * list for scanning.
973 *
974 * Userspace will have been told to not store
975 * this key at this point. So it is safe to
976 * just remove it.
977 */
978 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 979 list_del_rcu(&smp->remote_irk->list);
980 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 981 smp->remote_irk = NULL;
982 }
983 }
984
b5ae344d
JH		 985 if (hcon->type == ACL_LINK) {
986 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
987 persistent = false;
988 else
989 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
990 &hcon->flags);
991 } else {
992 /* The LTKs and CSRKs should be persistent only if both sides
993 * had the bonding bit set in their authentication requests.
994 */
995 persistent = !!((req->auth_req & rsp->auth_req) &
996 SMP_AUTH_BONDING);
997 }
998
44f1a7ab
JH		 999
1000 if (smp->csrk) {
1001 smp->csrk->bdaddr_type = hcon->dst_type;
1002 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1003 mgmt_new_csrk(hdev, smp->csrk, persistent);
1004 }
1005
1006 if (smp->slave_csrk) {
1007 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1008 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1009 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1010 }
1011
1012 if (smp->ltk) {
1013 smp->ltk->bdaddr_type = hcon->dst_type;
1014 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1015 mgmt_new_ltk(hdev, smp->ltk, persistent);
1016 }
1017
1018 if (smp->slave_ltk) {
1019 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1020 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1021 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1022 }
6a77083a
JH		 1023
1024 if (smp->link_key) {
e3befab9
JH		 1025 struct link_key *key;
1026 u8 type;
1027
1028 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1029 type = HCI_LK_DEBUG_COMBINATION;
1030 else if (hcon->sec_level == BT_SECURITY_FIPS)
1031 type = HCI_LK_AUTH_COMBINATION_P256;
1032 else
1033 type = HCI_LK_UNAUTH_COMBINATION_P256;
1034
1035 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1036 smp->link_key, type, 0, &persistent);
1037 if (key) {
1038 mgmt_new_link_key(hdev, key, persistent);
1039
1040 /* Don't keep debug keys around if the relevant
1041 * flag is not set.
1042 */
1043 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1044 key->type == HCI_LK_DEBUG_COMBINATION) {
1045 list_del_rcu(&key->list);
1046 kfree_rcu(key, rcu);
1047 }
1048 }
6a77083a
JH		 1049 }
1050}
1051
d3e54a87
JH		 1052static void sc_add_ltk(struct smp_chan *smp)
1053{
1054 struct hci_conn *hcon = smp->conn->hcon;
1055 u8 key_type, auth;
1056
1057 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1058 key_type = SMP_LTK_P256_DEBUG;
1059 else
1060 key_type = SMP_LTK_P256;
1061
1062 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1063 auth = 1;
1064 else
1065 auth = 0;
1066
1067 memset(smp->tk + smp->enc_key_size, 0,
1068 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1069
1070 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1071 key_type, auth, smp->tk, smp->enc_key_size,
1072 0, 0);
1073}
1074
6a77083a
JH		 1075static void sc_generate_link_key(struct smp_chan *smp)
1076{
1077 /* These constants are as specified in the core specification.
1078 * In ASCII they spell out to 'tmp1' and 'lebr'.
1079 */
1080 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1081 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1082
1083 smp->link_key = kzalloc(16, GFP_KERNEL);
1084 if (!smp->link_key)
1085 return;
1086
1087 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1088 kfree(smp->link_key);
1089 smp->link_key = NULL;
1090 return;
1091 }
1092
1093 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1094 kfree(smp->link_key);
1095 smp->link_key = NULL;
1096 return;
1097 }
44f1a7ab
JH		 1098}
1099
b28b4943
JH		 1100static void smp_allow_key_dist(struct smp_chan *smp)
1101{
1102 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1103 * will be allowed in each PDU handler to ensure we receive
1104 * them in the correct order.
1105 */
1106 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1107 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1108 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1109 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1110 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1111 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1112}
1113
b5ae344d
JH		 1114static void sc_generate_ltk(struct smp_chan *smp)
1115{
1116 /* These constants are as specified in the core specification.
1117 * In ASCII they spell out to 'tmp2' and 'brle'.
1118 */
1119 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1120 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1121 struct hci_conn *hcon = smp->conn->hcon;
1122 struct hci_dev *hdev = hcon->hdev;
1123 struct link_key *key;
1124
1125 key = hci_find_link_key(hdev, &hcon->dst);
1126 if (!key) {
1127 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1128 return;
1129 }
1130
1131 if (key->type == HCI_LK_DEBUG_COMBINATION)
1132 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1133
1134 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1135 return;
1136
1137 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1138 return;
1139
1140 sc_add_ltk(smp);
1141}
1142
d6268e86 1143static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1144{
1145 struct smp_cmd_pairing *req, *rsp;
86d1407c 1146 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1147 struct hci_conn *hcon = conn->hcon;
1148 struct hci_dev *hdev = hcon->hdev;
1149 __u8 *keydist;
1150
1151 BT_DBG("conn %p", conn);
1152
44f1a7ab
JH		 1153 rsp = (void *) &smp->prsp[1];
1154
1155 /* The responder sends its keys first */
b28b4943
JH		 1156 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1157 smp_allow_key_dist(smp);
86d1407c 1158 return;
b28b4943 1159 }
44f1a7ab
JH		 1160
1161 req = (void *) &smp->preq[1];
1162
1163 if (hcon->out) {
1164 keydist = &rsp->init_key_dist;
1165 *keydist &= req->init_key_dist;
1166 } else {
1167 keydist = &rsp->resp_key_dist;
1168 *keydist &= req->resp_key_dist;
1169 }
1170
6a77083a 1171 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
b5ae344d 1172 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
6a77083a 1173 sc_generate_link_key(smp);
b5ae344d
JH		 1174 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1175 sc_generate_ltk(smp);
6a77083a
JH		 1176
1177 /* Clear the keys which are generated but not distributed */
1178 *keydist &= ~SMP_SC_NO_DIST;
1179 }
1180
44f1a7ab
JH		 1181 BT_DBG("keydist 0x%x", *keydist);
1182
1183 if (*keydist & SMP_DIST_ENC_KEY) {
1184 struct smp_cmd_encrypt_info enc;
1185 struct smp_cmd_master_ident ident;
1186 struct smp_ltk *ltk;
1187 u8 authenticated;
1188 __le16 ediv;
1189 __le64 rand;
1190
1191 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1192 get_random_bytes(&ediv, sizeof(ediv));
1193 get_random_bytes(&rand, sizeof(rand));
1194
1195 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1196
1197 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1198 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1199 SMP_LTK_SLAVE, authenticated, enc.ltk,
1200 smp->enc_key_size, ediv, rand);
1201 smp->slave_ltk = ltk;
1202
1203 ident.ediv = ediv;
1204 ident.rand = rand;
1205
1206 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1207
1208 *keydist &= ~SMP_DIST_ENC_KEY;
1209 }
1210
1211 if (*keydist & SMP_DIST_ID_KEY) {
1212 struct smp_cmd_ident_addr_info addrinfo;
1213 struct smp_cmd_ident_info idinfo;
1214
1215 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1216
1217 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1218
1219 /* The hci_conn contains the local identity address
1220 * after the connection has been established.
1221 *
1222 * This is true even when the connection has been
1223 * established using a resolvable random address.
1224 */
1225 bacpy(&addrinfo.bdaddr, &hcon->src);
1226 addrinfo.addr_type = hcon->src_type;
1227
1228 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1229 &addrinfo);
1230
1231 *keydist &= ~SMP_DIST_ID_KEY;
1232 }
1233
1234 if (*keydist & SMP_DIST_SIGN) {
1235 struct smp_cmd_sign_info sign;
1236 struct smp_csrk *csrk;
1237
1238 /* Generate a new random key */
1239 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1240
1241 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1242 if (csrk) {
1243 csrk->master = 0x00;
1244 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1245 }
1246 smp->slave_csrk = csrk;
1247
1248 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1249
1250 *keydist &= ~SMP_DIST_SIGN;
1251 }
1252
1253 /* If there are still keys to be received wait for them */
b28b4943
JH		 1254 if (smp->remote_key_dist & KEY_DIST_MASK) {
1255 smp_allow_key_dist(smp);
86d1407c 1256 return;
b28b4943 1257 }
44f1a7ab 1258
44f1a7ab
JH		 1259 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1260 smp_notify_keys(conn);
1261
1262 smp_chan_destroy(conn);
44f1a7ab
JH		 1263}
1264
b68fda68
JH		 1265static void smp_timeout(struct work_struct *work)
1266{
1267 struct smp_chan *smp = container_of(work, struct smp_chan,
1268 security_timer.work);
1269 struct l2cap_conn *conn = smp->conn;
1270
1271 BT_DBG("conn %p", conn);
1272
1e91c29e 1273 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1274}
1275
8aab4757
VCG		 1276static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1277{
5d88cc73 1278 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1279 struct smp_chan *smp;
1280
f1560463 1281 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1282 if (!smp)
8aab4757
VCG		 1283 return NULL;
1284
6a7bd103
JH		 1285 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1286 if (IS_ERR(smp->tfm_aes)) {
1287 BT_ERR("Unable to create ECB crypto context");
1288 kfree(smp);
1289 return NULL;
1290 }
1291
407cecf6
JH		 1292 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1293 if (IS_ERR(smp->tfm_cmac)) {
1294 BT_ERR("Unable to create CMAC crypto context");
1295 crypto_free_blkcipher(smp->tfm_aes);
1296 kfree(smp);
1297 return NULL;
1298 }
1299
8aab4757 1300 smp->conn = conn;
5d88cc73 1301 chan->data = smp;
8aab4757 1302
b28b4943
JH		 1303 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1304
b68fda68
JH		 1305 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1306
8aab4757
VCG		 1307 hci_conn_hold(conn->hcon);
1308
1309 return smp;
1310}
1311
760b018b
JH		 1312static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1313{
1314 struct hci_conn *hcon = smp->conn->hcon;
1315 u8 *na, *nb, a[7], b[7];
1316
1317 if (hcon->out) {
1318 na = smp->prnd;
1319 nb = smp->rrnd;
1320 } else {
1321 na = smp->rrnd;
1322 nb = smp->prnd;
1323 }
1324
1325 memcpy(a, &hcon->init_addr, 6);
1326 memcpy(b, &hcon->resp_addr, 6);
1327 a[6] = hcon->init_addr_type;
1328 b[6] = hcon->resp_addr_type;
1329
1330 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1331}
1332
38606f14 1333static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1334{
1335 struct hci_conn *hcon = smp->conn->hcon;
1336 struct smp_cmd_dhkey_check check;
1337 u8 a[7], b[7], *local_addr, *remote_addr;
1338 u8 io_cap[3], r[16];
1339
760b018b
JH		 1340 memcpy(a, &hcon->init_addr, 6);
1341 memcpy(b, &hcon->resp_addr, 6);
1342 a[6] = hcon->init_addr_type;
1343 b[6] = hcon->resp_addr_type;
1344
1345 if (hcon->out) {
1346 local_addr = a;
1347 remote_addr = b;
1348 memcpy(io_cap, &smp->preq[1], 3);
1349 } else {
1350 local_addr = b;
1351 remote_addr = a;
1352 memcpy(io_cap, &smp->prsp[1], 3);
1353 }
1354
dddd3059
JH		 1355 memset(r, 0, sizeof(r));
1356
1357 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1358 put_unaligned_le32(hcon->passkey_notify, r);
760b018b 1359
a29b0733
JH		 1360 if (smp->method == REQ_OOB)
1361 memcpy(r, smp->rr, 16);
1362
760b018b
JH		 1363 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1364 local_addr, remote_addr, check.e);
1365
1366 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1367}
1368
38606f14
JH		 1369static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1370{
1371 struct l2cap_conn *conn = smp->conn;
1372 struct hci_conn *hcon = conn->hcon;
1373 struct smp_cmd_pairing_confirm cfm;
1374 u8 r;
1375
1376 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1377 r |= 0x80;
1378
1379 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1380
1381 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1382 cfm.confirm_val))
1383 return SMP_UNSPECIFIED;
1384
1385 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1386
1387 return 0;
1388}
1389
1390static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1391{
1392 struct l2cap_conn *conn = smp->conn;
1393 struct hci_conn *hcon = conn->hcon;
1394 struct hci_dev *hdev = hcon->hdev;
1395 u8 cfm[16], r;
1396
1397 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1398 if (smp->passkey_round >= 20)
1399 return 0;
1400
1401 switch (smp_op) {
1402 case SMP_CMD_PAIRING_RANDOM:
1403 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1404 r |= 0x80;
1405
1406 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1407 smp->rrnd, r, cfm))
1408 return SMP_UNSPECIFIED;
1409
1410 if (memcmp(smp->pcnf, cfm, 16))
1411 return SMP_CONFIRM_FAILED;
1412
1413 smp->passkey_round++;
1414
1415 if (smp->passkey_round == 20) {
1416 /* Generate MacKey and LTK */
1417 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1418 return SMP_UNSPECIFIED;
1419 }
1420
1421 /* The round is only complete when the initiator
1422 * receives pairing random.
1423 */
1424 if (!hcon->out) {
1425 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1426 sizeof(smp->prnd), smp->prnd);
d3e54a87 1427 if (smp->passkey_round == 20)
38606f14 1428 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1429 else
38606f14 1430 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1431 return 0;
1432 }
1433
1434 /* Start the next round */
1435 if (smp->passkey_round != 20)
1436 return sc_passkey_round(smp, 0);
1437
1438 /* Passkey rounds are complete - start DHKey Check */
1439 sc_dhkey_check(smp);
1440 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1441
1442 break;
1443
1444 case SMP_CMD_PAIRING_CONFIRM:
1445 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1446 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1447 return 0;
1448 }
1449
1450 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1451
1452 if (hcon->out) {
1453 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1454 sizeof(smp->prnd), smp->prnd);
1455 return 0;
1456 }
1457
1458 return sc_passkey_send_confirm(smp);
1459
1460 case SMP_CMD_PUBLIC_KEY:
1461 default:
1462 /* Initiating device starts the round */
1463 if (!hcon->out)
1464 return 0;
1465
1466 BT_DBG("%s Starting passkey round %u", hdev->name,
1467 smp->passkey_round + 1);
1468
1469 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1470
1471 return sc_passkey_send_confirm(smp);
1472 }
1473
1474 return 0;
1475}
1476
dddd3059
JH		 1477static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1478{
38606f14
JH		 1479 struct l2cap_conn *conn = smp->conn;
1480 struct hci_conn *hcon = conn->hcon;
1481 u8 smp_op;
1482
1483 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1484
dddd3059
JH		 1485 switch (mgmt_op) {
1486 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1487 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1488 return 0;
1489 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1490 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1491 return 0;
38606f14
JH		 1492 case MGMT_OP_USER_PASSKEY_REPLY:
1493 hcon->passkey_notify = le32_to_cpu(passkey);
1494 smp->passkey_round = 0;
1495
1496 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1497 smp_op = SMP_CMD_PAIRING_CONFIRM;
1498 else
1499 smp_op = 0;
1500
1501 if (sc_passkey_round(smp, smp_op))
1502 return -EIO;
1503
1504 return 0;
dddd3059
JH		 1505 }
1506
d3e54a87
JH		 1507 /* Initiator sends DHKey check first */
1508 if (hcon->out) {
1509 sc_dhkey_check(smp);
1510 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1511 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1512 sc_dhkey_check(smp);
1513 sc_add_ltk(smp);
1514 }
760b018b
JH		 1515
1516 return 0;
1517}
1518
2b64d153
BG		 1519int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1520{
b10e8017 1521 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1522 struct l2cap_chan *chan;
2b64d153
BG		 1523 struct smp_chan *smp;
1524 u32 value;
fc75cc86 1525 int err;
2b64d153
BG		 1526
1527 BT_DBG("");
1528
fc75cc86 1529 if (!conn)
2b64d153
BG		 1530 return -ENOTCONN;
1531
5d88cc73
JH		 1532 chan = conn->smp;
1533 if (!chan)
1534 return -ENOTCONN;
1535
fc75cc86
JH		 1536 l2cap_chan_lock(chan);
1537 if (!chan->data) {
1538 err = -ENOTCONN;
1539 goto unlock;
1540 }
1541
5d88cc73 1542 smp = chan->data;
2b64d153 1543
760b018b
JH		 1544 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1545 err = sc_user_reply(smp, mgmt_op, passkey);
1546 goto unlock;
1547 }
1548
2b64d153
BG		 1549 switch (mgmt_op) {
1550 case MGMT_OP_USER_PASSKEY_REPLY:
1551 value = le32_to_cpu(passkey);
943a732a 1552 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1553 BT_DBG("PassKey: %d", value);
943a732a 1554 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1555 /* Fall Through */
1556 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1557 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1558 break;
1559 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1560 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1561 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1562 err = 0;
1563 goto unlock;
2b64d153 1564 default:
84794e11 1565 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1566 err = -EOPNOTSUPP;
1567 goto unlock;
2b64d153
BG		 1568 }
1569
fc75cc86
JH		 1570 err = 0;
1571
2b64d153 1572 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1573 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1574 u8 rsp = smp_confirm(smp);
1575 if (rsp)
1576 smp_failure(conn, rsp);
1577 }
2b64d153 1578
fc75cc86
JH		 1579unlock:
1580 l2cap_chan_unlock(chan);
1581 return err;
2b64d153
BG		 1582}
1583
b5ae344d
JH		 1584static void build_bredr_pairing_cmd(struct smp_chan *smp,
1585 struct smp_cmd_pairing *req,
1586 struct smp_cmd_pairing *rsp)
1587{
1588 struct l2cap_conn *conn = smp->conn;
1589 struct hci_dev *hdev = conn->hcon->hdev;
1590 u8 local_dist = 0, remote_dist = 0;
1591
1592 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1593 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1594 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1595 }
1596
1597 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1598 remote_dist |= SMP_DIST_ID_KEY;
1599
1600 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1601 local_dist |= SMP_DIST_ID_KEY;
1602
1603 if (!rsp) {
1604 memset(req, 0, sizeof(*req));
1605
1606 req->init_key_dist = local_dist;
1607 req->resp_key_dist = remote_dist;
1608 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1609
1610 smp->remote_key_dist = remote_dist;
1611
1612 return;
1613 }
1614
1615 memset(rsp, 0, sizeof(*rsp));
1616
1617 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1618 rsp->init_key_dist = req->init_key_dist & remote_dist;
1619 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1620
1621 smp->remote_key_dist = rsp->init_key_dist;
1622}
1623
da85e5e5 1624static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1625{
3158c50c 1626 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1627 struct l2cap_chan *chan = conn->smp;
b3c6410b 1628 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1629 struct smp_chan *smp;
c7262e71 1630 u8 key_size, auth, sec_level;
8aab4757 1631 int ret;
88ba43b6
AB		 1632
1633 BT_DBG("conn %p", conn);
1634
c46b98be 1635 if (skb->len < sizeof(*req))
38e4a915 1636 return SMP_INVALID_PARAMS;
c46b98be 1637
40bef302 1638 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1639 return SMP_CMD_NOTSUPP;
1640
fc75cc86 1641 if (!chan->data)
8aab4757 1642 smp = smp_chan_create(conn);
fc75cc86 1643 else
5d88cc73 1644 smp = chan->data;
8aab4757 1645
d08fd0e7
AE		 1646 if (!smp)
1647 return SMP_UNSPECIFIED;
d26a2345 1648
c05b9339 1649 /* We didn't start the pairing, so match remote */
0edb14de 1650 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1651
b6ae8457 1652 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1653 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1654 return SMP_PAIRING_NOTSUPP;
1655
903b71c7
JH		 1656 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1657 return SMP_AUTH_REQUIREMENTS;
1658
1c1def09
VCG		 1659 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1660 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1661 skb_pull(skb, sizeof(*req));
88ba43b6 1662
b5ae344d
JH		 1663 /* SMP over BR/EDR requires special treatment */
1664 if (conn->hcon->type == ACL_LINK) {
1665 /* We must have a BR/EDR SC link */
1666 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags))
1667 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1668
1669 set_bit(SMP_FLAG_SC, &smp->flags);
1670
1671 build_bredr_pairing_cmd(smp, req, &rsp);
1672
1673 key_size = min(req->max_key_size, rsp.max_key_size);
1674 if (check_enc_key_size(conn, key_size))
1675 return SMP_ENC_KEY_SIZE;
1676
1677 /* Clear bits which are generated but not distributed */
1678 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1679
1680 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1681 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1682 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1683
1684 smp_distribute_keys(smp);
1685 return 0;
1686 }
1687
5e3d3d9b
JH		 1688 build_pairing_cmd(conn, req, &rsp, auth);
1689
1690 if (rsp.auth_req & SMP_AUTH_SC)
1691 set_bit(SMP_FLAG_SC, &smp->flags);
1692
5be5e275 1693 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1694 sec_level = BT_SECURITY_MEDIUM;
1695 else
1696 sec_level = authreq_to_seclevel(auth);
1697
c7262e71
JH		 1698 if (sec_level > conn->hcon->pending_sec_level)
1699 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1700
49c922bb 1701 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1702 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1703 u8 method;
1704
1705 method = get_auth_method(smp, conn->hcon->io_capability,
1706 req->io_capability);
1707 if (method == JUST_WORKS || method == JUST_CFM)
1708 return SMP_AUTH_REQUIREMENTS;
1709 }
1710
3158c50c
VCG		 1711 key_size = min(req->max_key_size, rsp.max_key_size);
1712 if (check_enc_key_size(conn, key_size))
1713 return SMP_ENC_KEY_SIZE;
88ba43b6 1714
e84a6b13 1715 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1716
1c1def09
VCG		 1717 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1718 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1719
3158c50c 1720 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1721
1722 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1723
1724 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1725 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1726 /* Clear bits which are generated but not distributed */
1727 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1728 /* Wait for Public Key from Initiating Device */
1729 return 0;
1730 } else {
1731 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1732 }
da85e5e5 1733
2b64d153
BG		 1734 /* Request setup of TK */
1735 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1736 if (ret)
1737 return SMP_UNSPECIFIED;
1738
da85e5e5 1739 return 0;
88ba43b6
AB		 1740}
1741
3b19146d
JH		 1742static u8 sc_send_public_key(struct smp_chan *smp)
1743{
70157ef5
JH		 1744 struct hci_dev *hdev = smp->conn->hcon->hdev;
1745
3b19146d
JH		 1746 BT_DBG("");
1747
70157ef5
JH		 1748 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1749 BT_DBG("Using debug keys");
1750 memcpy(smp->local_pk, debug_pk, 64);
1751 memcpy(smp->local_sk, debug_sk, 32);
1752 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1753 } else {
1754 while (true) {
1755 /* Generate local key pair for Secure Connections */
1756 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1757 return SMP_UNSPECIFIED;
6c0dcc50 1758
70157ef5
JH		 1759 /* This is unlikely, but we need to check that
1760 * we didn't accidentially generate a debug key.
1761 */
1762 if (memcmp(smp->local_sk, debug_sk, 32))
1763 break;
1764 }
6c0dcc50 1765 }
3b19146d 1766
c7a3d57d
JH		 1767 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1768 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1769 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
3b19146d
JH		 1770
1771 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1772
1773 return 0;
1774}
1775
da85e5e5 1776static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1777{
3158c50c 1778 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1779 struct l2cap_chan *chan = conn->smp;
1780 struct smp_chan *smp = chan->data;
0edb14de 1781 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1782 u8 key_size, auth;
7d24ddcc 1783 int ret;
88ba43b6
AB		 1784
1785 BT_DBG("conn %p", conn);
1786
c46b98be 1787 if (skb->len < sizeof(*rsp))
38e4a915 1788 return SMP_INVALID_PARAMS;
c46b98be 1789
40bef302 1790 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1791 return SMP_CMD_NOTSUPP;
1792
3158c50c
VCG		 1793 skb_pull(skb, sizeof(*rsp));
1794
1c1def09 1795 req = (void *) &smp->preq[1];
da85e5e5 1796
3158c50c
VCG		 1797 key_size = min(req->max_key_size, rsp->max_key_size);
1798 if (check_enc_key_size(conn, key_size))
1799 return SMP_ENC_KEY_SIZE;
1800
0edb14de 1801 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1802
903b71c7
JH		 1803 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1804 return SMP_AUTH_REQUIREMENTS;
1805
b5ae344d
JH		 1806 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1807 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1808
1809 /* Update remote key distribution in case the remote cleared
1810 * some bits that we had enabled in our request.
1811 */
1812 smp->remote_key_dist &= rsp->resp_key_dist;
1813
1814 /* For BR/EDR this means we're done and can start phase 3 */
1815 if (conn->hcon->type == ACL_LINK) {
1816 /* Clear bits which are generated but not distributed */
1817 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1818 smp_distribute_keys(smp);
1819 return 0;
1820 }
1821
65668776
JH		 1822 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1823 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1824 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1825 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1826
49c922bb 1827 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1828 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1829 u8 method;
1830
1831 method = get_auth_method(smp, req->io_capability,
1832 rsp->io_capability);
1833 if (method == JUST_WORKS || method == JUST_CFM)
1834 return SMP_AUTH_REQUIREMENTS;
1835 }
1836
e84a6b13 1837 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1838
fdcc4bec
JH		 1839 /* Update remote key distribution in case the remote cleared
1840 * some bits that we had enabled in our request.
1841 */
1842 smp->remote_key_dist &= rsp->resp_key_dist;
1843
3b19146d
JH		 1844 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1845 /* Clear bits which are generated but not distributed */
1846 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1847 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1848 return sc_send_public_key(smp);
1849 }
1850
c05b9339 1851 auth |= req->auth_req;
2b64d153 1852
476585ec 1853 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1854 if (ret)
1855 return SMP_UNSPECIFIED;
1856
4a74d658 1857 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1858
1859 /* Can't compose response until we have been confirmed */
4a74d658 1860 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1861 return smp_confirm(smp);
da85e5e5
VCG		 1862
1863 return 0;
88ba43b6
AB		 1864}
1865
dcee2b32
JH		 1866static u8 sc_check_confirm(struct smp_chan *smp)
1867{
1868 struct l2cap_conn *conn = smp->conn;
1869
1870 BT_DBG("");
1871
1872 /* Public Key exchange must happen before any other steps */
1873 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1874 return SMP_UNSPECIFIED;
1875
38606f14
JH		 1876 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1877 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1878
dcee2b32
JH		 1879 if (conn->hcon->out) {
1880 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1881 smp->prnd);
1882 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1883 }
1884
1885 return 0;
1886}
1887
da85e5e5 1888static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1889{
5d88cc73
JH		 1890 struct l2cap_chan *chan = conn->smp;
1891 struct smp_chan *smp = chan->data;
7d24ddcc 1892
88ba43b6
AB		 1893 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1894
c46b98be 1895 if (skb->len < sizeof(smp->pcnf))
38e4a915 1896 return SMP_INVALID_PARAMS;
c46b98be 1897
1c1def09
VCG		 1898 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1899 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1900
dcee2b32
JH		 1901 if (test_bit(SMP_FLAG_SC, &smp->flags))
1902 return sc_check_confirm(smp);
1903
b28b4943 1904 if (conn->hcon->out) {
943a732a
JH		 1905 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1906 smp->prnd);
b28b4943
JH		 1907 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1908 return 0;
1909 }
1910
1911 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1912 return smp_confirm(smp);
943a732a 1913 else
4a74d658 1914 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1915
1916 return 0;
88ba43b6
AB		 1917}
1918
da85e5e5 1919static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1920{
5d88cc73
JH		 1921 struct l2cap_chan *chan = conn->smp;
1922 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1923 struct hci_conn *hcon = conn->hcon;
1924 u8 *pkax, *pkbx, *na, *nb;
1925 u32 passkey;
1926 int err;
7d24ddcc 1927
8aab4757 1928 BT_DBG("conn %p", conn);
3158c50c 1929
c46b98be 1930 if (skb->len < sizeof(smp->rrnd))
38e4a915 1931 return SMP_INVALID_PARAMS;
c46b98be 1932
943a732a 1933 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1934 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1935
191dc7fe
JH		 1936 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1937 return smp_random(smp);
1938
a29b0733
JH		 1939 if (smp->method == REQ_OOB) {
1940 if (!hcon->out)
1941 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1942 sizeof(smp->prnd), smp->prnd);
1943 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1944 goto mackey_and_ltk;
1945 }
1946
38606f14
JH		 1947 /* Passkey entry has special treatment */
1948 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1949 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1950
191dc7fe
JH		 1951 if (hcon->out) {
1952 u8 cfm[16];
1953
1954 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1955 smp->rrnd, 0, cfm);
1956 if (err)
1957 return SMP_UNSPECIFIED;
1958
1959 if (memcmp(smp->pcnf, cfm, 16))
1960 return SMP_CONFIRM_FAILED;
1961
1962 pkax = smp->local_pk;
1963 pkbx = smp->remote_pk;
1964 na = smp->prnd;
1965 nb = smp->rrnd;
1966 } else {
1967 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1968 smp->prnd);
1969 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1970
1971 pkax = smp->remote_pk;
1972 pkbx = smp->local_pk;
1973 na = smp->rrnd;
1974 nb = smp->prnd;
1975 }
1976
a29b0733 1977mackey_and_ltk:
760b018b
JH		 1978 /* Generate MacKey and LTK */
1979 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1980 if (err)
1981 return SMP_UNSPECIFIED;
1982
a29b0733 1983 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
dddd3059 1984 if (hcon->out) {
38606f14 1985 sc_dhkey_check(smp);
dddd3059
JH		 1986 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1987 }
1988 return 0;
1989 }
1990
38606f14
JH		 1991 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
1992 if (err)
1993 return SMP_UNSPECIFIED;
1994
1995 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
1996 hcon->dst_type, passkey, 0);
191dc7fe
JH		 1997 if (err)
1998 return SMP_UNSPECIFIED;
1999
38606f14
JH		 2000 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2001
191dc7fe 2002 return 0;
88ba43b6
AB		 2003}
2004
f81cd823 2005static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 2006{
c9839a11 2007 struct smp_ltk *key;
988c5997
VCG		 2008 struct hci_conn *hcon = conn->hcon;
2009
f3a73d97 2010 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 2011 if (!key)
f81cd823 2012 return false;
988c5997 2013
a6f7833c 2014 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 2015 return false;
4dab7864 2016
51a8efd7 2017 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 2018 return true;
988c5997 2019
c9839a11
VCG		 2020 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
2021 hcon->enc_key_size = key->enc_size;
988c5997 2022
fe59a05f
JH		 2023 /* We never store STKs for master role, so clear this flag */
2024 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
2025
f81cd823 2026 return true;
988c5997 2027}
f1560463 2028
35dc6f83
JH		 2029bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
2030 enum smp_key_pref key_pref)
854f4727
JH		 2031{
2032 if (sec_level == BT_SECURITY_LOW)
2033 return true;
2034
35dc6f83
JH		 2035 /* If we're encrypted with an STK but the caller prefers using
2036 * LTK claim insufficient security. This way we allow the
2037 * connection to be re-encrypted with an LTK, even if the LTK
2038 * provides the same level of security. Only exception is if we
2039 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 2040 */
35dc6f83
JH		 2041 if (key_pref == SMP_USE_LTK &&
2042 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 2043 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 2044 return false;
2045
854f4727
JH		 2046 if (hcon->sec_level >= sec_level)
2047 return true;
2048
2049 return false;
2050}
2051
da85e5e5 2052static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 2053{
2054 struct smp_cmd_security_req *rp = (void *) skb->data;
2055 struct smp_cmd_pairing cp;
f1cb9af5 2056 struct hci_conn *hcon = conn->hcon;
0edb14de 2057 struct hci_dev *hdev = hcon->hdev;
8aab4757 2058 struct smp_chan *smp;
c05b9339 2059 u8 sec_level, auth;
88ba43b6
AB		 2060
2061 BT_DBG("conn %p", conn);
2062
c46b98be 2063 if (skb->len < sizeof(*rp))
38e4a915 2064 return SMP_INVALID_PARAMS;
c46b98be 2065
40bef302 2066 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 2067 return SMP_CMD_NOTSUPP;
2068
0edb14de 2069 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 2070
903b71c7
JH		 2071 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2072 return SMP_AUTH_REQUIREMENTS;
2073
5be5e275 2074 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 2075 sec_level = BT_SECURITY_MEDIUM;
2076 else
2077 sec_level = authreq_to_seclevel(auth);
2078
35dc6f83 2079 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 2080 return 0;
2081
c7262e71
JH		 2082 if (sec_level > hcon->pending_sec_level)
2083 hcon->pending_sec_level = sec_level;
feb45eb5 2084
4dab7864 2085 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 2086 return 0;
2087
8aab4757 2088 smp = smp_chan_create(conn);
c29d2444
JH		 2089 if (!smp)
2090 return SMP_UNSPECIFIED;
d26a2345 2091
b6ae8457 2092 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 2093 (auth & SMP_AUTH_BONDING))
616d55be
JH		 2094 return SMP_PAIRING_NOTSUPP;
2095
88ba43b6 2096 skb_pull(skb, sizeof(*rp));
88ba43b6 2097
da85e5e5 2098 memset(&cp, 0, sizeof(cp));
c05b9339 2099 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 2100
1c1def09
VCG		 2101 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2102 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2103
88ba43b6 2104 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2105 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 2106
da85e5e5 2107 return 0;
88ba43b6
AB		 2108}
2109
cc110922 2110int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 2111{
cc110922 2112 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 2113 struct l2cap_chan *chan;
0a66cf20 2114 struct smp_chan *smp;
2b64d153 2115 __u8 authreq;
fc75cc86 2116 int ret;
eb492e01 2117
3a0259bb
VCG		 2118 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
2119
0a66cf20
JH		 2120 /* This may be NULL if there's an unexpected disconnection */
2121 if (!conn)
2122 return 1;
2123
c68b7f12
JH		 2124 chan = conn->smp;
2125
757aee0f 2126 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 2127 return 1;
2128
35dc6f83 2129 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 2130 return 1;
f1cb9af5 2131
c7262e71
JH		 2132 if (sec_level > hcon->pending_sec_level)
2133 hcon->pending_sec_level = sec_level;
2134
40bef302 2135 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 2136 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
2137 return 0;
d26a2345 2138
fc75cc86
JH		 2139 l2cap_chan_lock(chan);
2140
2141 /* If SMP is already in progress ignore this request */
2142 if (chan->data) {
2143 ret = 0;
2144 goto unlock;
2145 }
d26a2345 2146
8aab4757 2147 smp = smp_chan_create(conn);
fc75cc86
JH		 2148 if (!smp) {
2149 ret = 1;
2150 goto unlock;
2151 }
2b64d153
BG		 2152
2153 authreq = seclevel_to_authreq(sec_level);
d26a2345 2154
d2eb9e10
JH		 2155 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2156 authreq |= SMP_AUTH_SC;
2157
79897d20
JH		 2158 /* Require MITM if IO Capability allows or the security level
2159 * requires it.
2e233644 2160 */
79897d20 2161 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 2162 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 2163 authreq |= SMP_AUTH_MITM;
2164
40bef302 2165 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 2166 struct smp_cmd_pairing cp;
f01ead31 2167
2b64d153 2168 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 2169 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2170 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 2171
eb492e01 2172 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 2173 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 2174 } else {
2175 struct smp_cmd_security_req cp;
2b64d153 2176 cp.auth_req = authreq;
eb492e01 2177 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 2178 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 2179 }
2180
4a74d658 2181 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 2182 ret = 0;
edca792c 2183
fc75cc86
JH		 2184unlock:
2185 l2cap_chan_unlock(chan);
2186 return ret;
eb492e01
AB		 2187}
2188
7034b911
VCG		 2189static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2190{
16b90839 2191 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2192 struct l2cap_chan *chan = conn->smp;
2193 struct smp_chan *smp = chan->data;
16b90839 2194
c46b98be
JH		 2195 BT_DBG("conn %p", conn);
2196
2197 if (skb->len < sizeof(*rp))
38e4a915 2198 return SMP_INVALID_PARAMS;
c46b98be 2199
b28b4943 2200 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2201
16b90839
VCG		 2202 skb_pull(skb, sizeof(*rp));
2203
1c1def09 2204 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2205
7034b911
VCG		 2206 return 0;
2207}
2208
2209static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2210{
16b90839 2211 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2212 struct l2cap_chan *chan = conn->smp;
2213 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2214 struct hci_dev *hdev = conn->hcon->hdev;
2215 struct hci_conn *hcon = conn->hcon;
23d0e128 2216 struct smp_ltk *ltk;
c9839a11 2217 u8 authenticated;
16b90839 2218
c46b98be
JH		 2219 BT_DBG("conn %p", conn);
2220
2221 if (skb->len < sizeof(*rp))
38e4a915 2222 return SMP_INVALID_PARAMS;
c46b98be 2223
9747a9f3
JH		 2224 /* Mark the information as received */
2225 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2226
b28b4943
JH		 2227 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2228 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2229 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2230 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2231
16b90839 2232 skb_pull(skb, sizeof(*rp));
7034b911 2233
ce39fb4e 2234 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2235 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2236 authenticated, smp->tk, smp->enc_key_size,
2237 rp->ediv, rp->rand);
2238 smp->ltk = ltk;
c6e81e9a 2239 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2240 smp_distribute_keys(smp);
7034b911
VCG		 2241
2242 return 0;
2243}
2244
fd349c02
JH		 2245static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2246{
2247 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2248 struct l2cap_chan *chan = conn->smp;
2249 struct smp_chan *smp = chan->data;
fd349c02
JH		 2250
2251 BT_DBG("");
2252
2253 if (skb->len < sizeof(*info))
38e4a915 2254 return SMP_INVALID_PARAMS;
fd349c02 2255
b28b4943 2256 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2257
fd349c02
JH		 2258 skb_pull(skb, sizeof(*info));
2259
2260 memcpy(smp->irk, info->irk, 16);
2261
2262 return 0;
2263}
2264
2265static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2266 struct sk_buff *skb)
2267{
2268 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2269 struct l2cap_chan *chan = conn->smp;
2270 struct smp_chan *smp = chan->data;
fd349c02
JH		 2271 struct hci_conn *hcon = conn->hcon;
2272 bdaddr_t rpa;
2273
2274 BT_DBG("");
2275
2276 if (skb->len < sizeof(*info))
38e4a915 2277 return SMP_INVALID_PARAMS;
fd349c02 2278
9747a9f3
JH		 2279 /* Mark the information as received */
2280 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2281
b28b4943
JH		 2282 if (smp->remote_key_dist & SMP_DIST_SIGN)
2283 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2284
fd349c02
JH		 2285 skb_pull(skb, sizeof(*info));
2286
a9a58f86
JH		 2287 /* Strictly speaking the Core Specification (4.1) allows sending
2288 * an empty address which would force us to rely on just the IRK
2289 * as "identity information". However, since such
2290 * implementations are not known of and in order to not over
2291 * complicate our implementation, simply pretend that we never
2292 * received an IRK for such a device.
2293 */
2294 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2295 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2296 goto distribute;
a9a58f86
JH		 2297 }
2298
fd349c02
JH		 2299 bacpy(&smp->id_addr, &info->bdaddr);
2300 smp->id_addr_type = info->addr_type;
2301
2302 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2303 bacpy(&rpa, &hcon->dst);
2304 else
2305 bacpy(&rpa, BDADDR_ANY);
2306
23d0e128
JH		 2307 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2308 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2309
31dd624e 2310distribute:
c6e81e9a
JH		 2311 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2312 smp_distribute_keys(smp);
fd349c02
JH		 2313
2314 return 0;
2315}
2316
7ee4ea36
MH		 2317static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2318{
2319 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2320 struct l2cap_chan *chan = conn->smp;
2321 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2322 struct smp_csrk *csrk;
2323
2324 BT_DBG("conn %p", conn);
2325
2326 if (skb->len < sizeof(*rp))
38e4a915 2327 return SMP_INVALID_PARAMS;
7ee4ea36 2328
7ee4ea36
MH		 2329 /* Mark the information as received */
2330 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2331
2332 skb_pull(skb, sizeof(*rp));
2333
7ee4ea36
MH		 2334 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2335 if (csrk) {
2336 csrk->master = 0x01;
2337 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2338 }
2339 smp->csrk = csrk;
d6268e86 2340 smp_distribute_keys(smp);
7ee4ea36
MH		 2341
2342 return 0;
2343}
2344
5e3d3d9b
JH		 2345static u8 sc_select_method(struct smp_chan *smp)
2346{
2347 struct l2cap_conn *conn = smp->conn;
2348 struct hci_conn *hcon = conn->hcon;
2349 struct smp_cmd_pairing *local, *remote;
2350 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2351
a29b0733
JH		 2352 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2353 return REQ_OOB;
2354
5e3d3d9b
JH		 2355 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2356 * which are needed as inputs to some crypto functions. To get
2357 * the "struct smp_cmd_pairing" from them we need to skip the
2358 * first byte which contains the opcode.
2359 */
2360 if (hcon->out) {
2361 local = (void *) &smp->preq[1];
2362 remote = (void *) &smp->prsp[1];
2363 } else {
2364 local = (void *) &smp->prsp[1];
2365 remote = (void *) &smp->preq[1];
2366 }
2367
2368 local_io = local->io_capability;
2369 remote_io = remote->io_capability;
2370
2371 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2372 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2373
2374 /* If either side wants MITM, look up the method from the table,
2375 * otherwise use JUST WORKS.
2376 */
2377 if (local_mitm || remote_mitm)
2378 method = get_auth_method(smp, local_io, remote_io);
2379 else
2380 method = JUST_WORKS;
2381
2382 /* Don't confirm locally initiated pairing attempts */
2383 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2384 method = JUST_WORKS;
2385
2386 return method;
2387}
2388
d8f8edbe
JH		 2389static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2390{
2391 struct smp_cmd_public_key *key = (void *) skb->data;
2392 struct hci_conn *hcon = conn->hcon;
2393 struct l2cap_chan *chan = conn->smp;
2394 struct smp_chan *smp = chan->data;
5e3d3d9b 2395 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2396 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2397 int err;
2398
2399 BT_DBG("conn %p", conn);
2400
2401 if (skb->len < sizeof(*key))
2402 return SMP_INVALID_PARAMS;
2403
2404 memcpy(smp->remote_pk, key, 64);
2405
2406 /* Non-initiating device sends its public key after receiving
2407 * the key from the initiating device.
2408 */
2409 if (!hcon->out) {
2410 err = sc_send_public_key(smp);
2411 if (err)
2412 return err;
2413 }
2414
c7a3d57d
JH		 2415 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2416 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
d8f8edbe
JH		 2417
2418 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2419 return SMP_UNSPECIFIED;
2420
c7a3d57d 2421 SMP_DBG("DHKey %32phN", smp->dhkey);
d8f8edbe
JH		 2422
2423 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2424
5e3d3d9b
JH		 2425 smp->method = sc_select_method(smp);
2426
2427 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2428
2429 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2430 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2431 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2432 else
2433 hcon->pending_sec_level = BT_SECURITY_FIPS;
2434
aeb7d461
JH		 2435 if (!memcmp(debug_pk, smp->remote_pk, 64))
2436 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2437
38606f14
JH		 2438 if (smp->method == DSP_PASSKEY) {
2439 get_random_bytes(&hcon->passkey_notify,
2440 sizeof(hcon->passkey_notify));
2441 hcon->passkey_notify %= 1000000;
2442 hcon->passkey_entered = 0;
2443 smp->passkey_round = 0;
2444 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2445 hcon->dst_type,
2446 hcon->passkey_notify,
2447 hcon->passkey_entered))
2448 return SMP_UNSPECIFIED;
2449 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2450 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2451 }
2452
a29b0733
JH		 2453 if (smp->method == REQ_OOB) {
2454 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2455 smp->rr, 0, cfm.confirm_val);
2456 if (err)
2457 return SMP_UNSPECIFIED;
2458
2459 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2460 return SMP_CONFIRM_FAILED;
2461
2462 if (hcon->out)
2463 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2464 sizeof(smp->prnd), smp->prnd);
2465
2466 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2467
2468 return 0;
2469 }
2470
38606f14
JH		 2471 if (hcon->out)
2472 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2473
2474 if (smp->method == REQ_PASSKEY) {
2475 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2476 hcon->dst_type))
2477 return SMP_UNSPECIFIED;
2478 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2479 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2480 return 0;
2481 }
2482
cbbbe3e2
JH		 2483 /* The Initiating device waits for the non-initiating device to
2484 * send the confirm value.
2485 */
2486 if (conn->hcon->out)
2487 return 0;
2488
2489 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2490 0, cfm.confirm_val);
2491 if (err)
2492 return SMP_UNSPECIFIED;
2493
2494 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2495 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2496
d8f8edbe
JH		 2497 return 0;
2498}
2499
6433a9a2
JH		 2500static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2501{
2502 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2503 struct l2cap_chan *chan = conn->smp;
2504 struct hci_conn *hcon = conn->hcon;
2505 struct smp_chan *smp = chan->data;
2506 u8 a[7], b[7], *local_addr, *remote_addr;
2507 u8 io_cap[3], r[16], e[16];
2508 int err;
2509
2510 BT_DBG("conn %p", conn);
2511
2512 if (skb->len < sizeof(*check))
2513 return SMP_INVALID_PARAMS;
2514
2515 memcpy(a, &hcon->init_addr, 6);
2516 memcpy(b, &hcon->resp_addr, 6);
2517 a[6] = hcon->init_addr_type;
2518 b[6] = hcon->resp_addr_type;
2519
2520 if (hcon->out) {
2521 local_addr = a;
2522 remote_addr = b;
2523 memcpy(io_cap, &smp->prsp[1], 3);
2524 } else {
2525 local_addr = b;
2526 remote_addr = a;
2527 memcpy(io_cap, &smp->preq[1], 3);
2528 }
2529
2530 memset(r, 0, sizeof(r));
2531
38606f14
JH		 2532 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2533 put_unaligned_le32(hcon->passkey_notify, r);
2534
6433a9a2
JH		 2535 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2536 io_cap, remote_addr, local_addr, e);
2537 if (err)
2538 return SMP_UNSPECIFIED;
2539
2540 if (memcmp(check->e, e, 16))
2541 return SMP_DHKEY_CHECK_FAILED;
2542
d3e54a87
JH		 2543 if (!hcon->out) {
2544 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2545 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2546 return 0;
2547 }
d378a2d7 2548
d3e54a87
JH		 2549 /* Slave sends DHKey check as response to master */
2550 sc_dhkey_check(smp);
2551 }
d378a2d7 2552
d3e54a87 2553 sc_add_ltk(smp);
6433a9a2
JH		 2554
2555 if (hcon->out) {
2556 hci_le_start_enc(hcon, 0, 0, smp->tk);
2557 hcon->enc_key_size = smp->enc_key_size;
2558 }
2559
2560 return 0;
2561}
2562
1408bb6e
JH		 2563static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2564 struct sk_buff *skb)
2565{
2566 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2567
2568 BT_DBG("value 0x%02x", kp->value);
2569
2570 return 0;
2571}
2572
4befb867 2573static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2574{
5d88cc73 2575 struct l2cap_conn *conn = chan->conn;
7b9899db 2576 struct hci_conn *hcon = conn->hcon;
b28b4943 2577 struct smp_chan *smp;
92381f5c 2578 __u8 code, reason;
eb492e01
AB		 2579 int err = 0;
2580
8ae9b984 2581 if (skb->len < 1)
92381f5c 2582 return -EILSEQ;
92381f5c 2583
06ae3314 2584 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2585 reason = SMP_PAIRING_NOTSUPP;
2586 goto done;
2587 }
2588
92381f5c 2589 code = skb->data[0];
eb492e01
AB		 2590 skb_pull(skb, sizeof(code));
2591
b28b4943
JH		 2592 smp = chan->data;
2593
2594 if (code > SMP_CMD_MAX)
2595 goto drop;
2596
24bd0bd9 2597 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2598 goto drop;
2599
2600 /* If we don't have a context the only allowed commands are
2601 * pairing request and security request.
8cf9fa12 2602 */
b28b4943
JH		 2603 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2604 goto drop;
8cf9fa12 2605
eb492e01
AB		 2606 switch (code) {
2607 case SMP_CMD_PAIRING_REQ:
da85e5e5 2608 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2609 break;
2610
2611 case SMP_CMD_PAIRING_FAIL:
84794e11 2612 smp_failure(conn, 0);
da85e5e5 2613 err = -EPERM;
eb492e01
AB		 2614 break;
2615
2616 case SMP_CMD_PAIRING_RSP:
da85e5e5 2617 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2618 break;
2619
2620 case SMP_CMD_SECURITY_REQ:
da85e5e5 2621 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2622 break;
2623
eb492e01 2624 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2625 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2626 break;
2627
eb492e01 2628 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2629 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2630 break;
2631
eb492e01 2632 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2633 reason = smp_cmd_encrypt_info(conn, skb);
2634 break;
2635
eb492e01 2636 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2637 reason = smp_cmd_master_ident(conn, skb);
2638 break;
2639
eb492e01 2640 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2641 reason = smp_cmd_ident_info(conn, skb);
2642 break;
2643
eb492e01 2644 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2645 reason = smp_cmd_ident_addr_info(conn, skb);
2646 break;
2647
eb492e01 2648 case SMP_CMD_SIGN_INFO:
7ee4ea36 2649 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2650 break;
2651
d8f8edbe
JH		 2652 case SMP_CMD_PUBLIC_KEY:
2653 reason = smp_cmd_public_key(conn, skb);
2654 break;
2655
6433a9a2
JH		 2656 case SMP_CMD_DHKEY_CHECK:
2657 reason = smp_cmd_dhkey_check(conn, skb);
2658 break;
2659
1408bb6e
JH		 2660 case SMP_CMD_KEYPRESS_NOTIFY:
2661 reason = smp_cmd_keypress_notify(conn, skb);
2662 break;
2663
eb492e01
AB		 2664 default:
2665 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2666 reason = SMP_CMD_NOTSUPP;
3a0259bb 2667 goto done;
eb492e01
AB		 2668 }
2669
3a0259bb 2670done:
9b7b18ef
JH		 2671 if (!err) {
2672 if (reason)
2673 smp_failure(conn, reason);
8ae9b984 2674 kfree_skb(skb);
9b7b18ef
JH		 2675 }
2676
eb492e01 2677 return err;
b28b4943
JH		 2678
2679drop:
2680 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2681 code, &hcon->dst);
2682 kfree_skb(skb);
2683 return 0;
eb492e01 2684}
7034b911 2685
70db83c4
JH		 2686static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2687{
2688 struct l2cap_conn *conn = chan->conn;
2689
2690 BT_DBG("chan %p", chan);
2691
fc75cc86 2692 if (chan->data)
5d88cc73 2693 smp_chan_destroy(conn);
5d88cc73 2694
70db83c4
JH		 2695 conn->smp = NULL;
2696 l2cap_chan_put(chan);
2697}
2698
b5ae344d
JH		 2699static void bredr_pairing(struct l2cap_chan *chan)
2700{
2701 struct l2cap_conn *conn = chan->conn;
2702 struct hci_conn *hcon = conn->hcon;
2703 struct hci_dev *hdev = hcon->hdev;
2704 struct smp_cmd_pairing req;
2705 struct smp_chan *smp;
2706
2707 BT_DBG("chan %p", chan);
2708
2709 /* Only new pairings are interesting */
2710 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2711 return;
2712
2713 /* Don't bother if we're not encrypted */
2714 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2715 return;
2716
2717 /* Only master may initiate SMP over BR/EDR */
2718 if (hcon->role != HCI_ROLE_MASTER)
2719 return;
2720
2721 /* Secure Connections support must be enabled */
2722 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2723 return;
2724
2725 /* BR/EDR must use Secure Connections for SMP */
2726 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2727 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2728 return;
2729
2730 /* If our LE support is not enabled don't do anything */
2731 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2732 return;
2733
2734 /* Don't bother if remote LE support is not enabled */
2735 if (!lmp_host_le_capable(hcon))
2736 return;
2737
2738 /* Remote must support SMP fixed chan for BR/EDR */
2739 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2740 return;
2741
2742 /* Don't bother if SMP is already ongoing */
2743 if (chan->data)
2744 return;
2745
2746 smp = smp_chan_create(conn);
2747 if (!smp) {
2748 BT_ERR("%s unable to create SMP context for BR/EDR",
2749 hdev->name);
2750 return;
2751 }
2752
2753 set_bit(SMP_FLAG_SC, &smp->flags);
2754
2755 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2756
2757 /* Prepare and send the BR/EDR SMP Pairing Request */
2758 build_bredr_pairing_cmd(smp, &req, NULL);
2759
2760 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2761 memcpy(&smp->preq[1], &req, sizeof(req));
2762
2763 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2764 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2765}
2766
44f1a7ab
JH		 2767static void smp_resume_cb(struct l2cap_chan *chan)
2768{
b68fda68 2769 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2770 struct l2cap_conn *conn = chan->conn;
2771 struct hci_conn *hcon = conn->hcon;
2772
2773 BT_DBG("chan %p", chan);
2774
b5ae344d
JH		 2775 if (hcon->type == ACL_LINK) {
2776 bredr_pairing(chan);
ef8efe4b 2777 return;
b5ae344d 2778 }
ef8efe4b 2779
86d1407c
JH		 2780 if (!smp)
2781 return;
b68fda68 2782
84bc0db5
JH		 2783 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2784 return;
2785
86d1407c
JH		 2786 cancel_delayed_work(&smp->security_timer);
2787
d6268e86 2788 smp_distribute_keys(smp);
44f1a7ab
JH		 2789}
2790
70db83c4
JH		 2791static void smp_ready_cb(struct l2cap_chan *chan)
2792{
2793 struct l2cap_conn *conn = chan->conn;
b5ae344d 2794 struct hci_conn *hcon = conn->hcon;
70db83c4
JH		 2795
2796 BT_DBG("chan %p", chan);
2797
2798 conn->smp = chan;
2799 l2cap_chan_hold(chan);
b5ae344d
JH		 2800
2801 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2802 bredr_pairing(chan);
70db83c4
JH		 2803}
2804
4befb867
JH		 2805static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2806{
2807 int err;
2808
2809 BT_DBG("chan %p", chan);
2810
2811 err = smp_sig_channel(chan, skb);
2812 if (err) {
b68fda68 2813 struct smp_chan *smp = chan->data;
4befb867 2814
b68fda68
JH		 2815 if (smp)
2816 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2817
1e91c29e 2818 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2819 }
2820
2821 return err;
2822}
2823
70db83c4
JH		 2824static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2825 unsigned long hdr_len,
2826 unsigned long len, int nb)
2827{
2828 struct sk_buff *skb;
2829
2830 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2831 if (!skb)
2832 return ERR_PTR(-ENOMEM);
2833
2834 skb->priority = HCI_PRIO_MAX;
2835 bt_cb(skb)->chan = chan;
2836
2837 return skb;
2838}
2839
2840static const struct l2cap_ops smp_chan_ops = {
2841 .name = "Security Manager",
2842 .ready = smp_ready_cb,
5d88cc73 2843 .recv = smp_recv_cb,
70db83c4
JH		 2844 .alloc_skb = smp_alloc_skb_cb,
2845 .teardown = smp_teardown_cb,
44f1a7ab 2846 .resume = smp_resume_cb,
70db83c4
JH		 2847
2848 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2849 .state_change = l2cap_chan_no_state_change,
2850 .close = l2cap_chan_no_close,
2851 .defer = l2cap_chan_no_defer,
2852 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2853 .set_shutdown = l2cap_chan_no_set_shutdown,
2854 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2855 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2856};
2857
2858static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2859{
2860 struct l2cap_chan *chan;
2861
2862 BT_DBG("pchan %p", pchan);
2863
2864 chan = l2cap_chan_create();
2865 if (!chan)
2866 return NULL;
2867
2868 chan->chan_type = pchan->chan_type;
2869 chan->ops = &smp_chan_ops;
2870 chan->scid = pchan->scid;
2871 chan->dcid = chan->scid;
2872 chan->imtu = pchan->imtu;
2873 chan->omtu = pchan->omtu;
2874 chan->mode = pchan->mode;
2875
abe84903
JH		 2876 /* Other L2CAP channels may request SMP routines in order to
2877 * change the security level. This means that the SMP channel
2878 * lock must be considered in its own category to avoid lockdep
2879 * warnings.
2880 */
2881 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2882
70db83c4
JH		 2883 BT_DBG("created chan %p", chan);
2884
2885 return chan;
2886}
2887
2888static const struct l2cap_ops smp_root_chan_ops = {
2889 .name = "Security Manager Root",
2890 .new_connection = smp_new_conn_cb,
2891
2892 /* None of these are implemented for the root channel */
2893 .close = l2cap_chan_no_close,
2894 .alloc_skb = l2cap_chan_no_alloc_skb,
2895 .recv = l2cap_chan_no_recv,
2896 .state_change = l2cap_chan_no_state_change,
2897 .teardown = l2cap_chan_no_teardown,
2898 .ready = l2cap_chan_no_ready,
2899 .defer = l2cap_chan_no_defer,
2900 .suspend = l2cap_chan_no_suspend,
2901 .resume = l2cap_chan_no_resume,
2902 .set_shutdown = l2cap_chan_no_set_shutdown,
2903 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2904 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2905};
2906
ef8efe4b 2907static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
711eafe3 2908{
70db83c4 2909 struct l2cap_chan *chan;
defce9e8 2910 struct crypto_blkcipher *tfm_aes;
70db83c4 2911
ef8efe4b
JH		 2912 if (cid == L2CAP_CID_SMP_BREDR) {
2913 tfm_aes = NULL;
2914 goto create_chan;
2915 }
711eafe3 2916
adae20cb 2917 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8 2918 if (IS_ERR(tfm_aes)) {
711eafe3 2919 BT_ERR("Unable to create crypto context");
ef8efe4b 2920 return ERR_PTR(PTR_ERR(tfm_aes));
711eafe3
JH		 2921 }
2922
ef8efe4b 2923create_chan:
70db83c4
JH		 2924 chan = l2cap_chan_create();
2925 if (!chan) {
defce9e8 2926 crypto_free_blkcipher(tfm_aes);
ef8efe4b 2927 return ERR_PTR(-ENOMEM);
70db83c4
JH		 2928 }
2929
defce9e8
JH		 2930 chan->data = tfm_aes;
2931
ef8efe4b 2932 l2cap_add_scid(chan, cid);
70db83c4
JH		 2933
2934 l2cap_chan_set_defaults(chan);
2935
2936 bacpy(&chan->src, &hdev->bdaddr);
ef8efe4b
JH		 2937 if (cid == L2CAP_CID_SMP)
2938 chan->src_type = BDADDR_LE_PUBLIC;
2939 else
2940 chan->src_type = BDADDR_BREDR;
70db83c4
JH		 2941 chan->state = BT_LISTEN;
2942 chan->mode = L2CAP_MODE_BASIC;
2943 chan->imtu = L2CAP_DEFAULT_MTU;
2944 chan->ops = &smp_root_chan_ops;
2945
abe84903
JH		 2946 /* Set correct nesting level for a parent/listening channel */
2947 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2948
ef8efe4b 2949 return chan;
711eafe3
JH		 2950}
2951
ef8efe4b 2952static void smp_del_chan(struct l2cap_chan *chan)
711eafe3 2953{
ef8efe4b 2954 struct crypto_blkcipher *tfm_aes;
70db83c4 2955
ef8efe4b 2956 BT_DBG("chan %p", chan);
711eafe3 2957
defce9e8
JH		 2958 tfm_aes = chan->data;
2959 if (tfm_aes) {
2960 chan->data = NULL;
2961 crypto_free_blkcipher(tfm_aes);
711eafe3 2962 }
70db83c4 2963
70db83c4 2964 l2cap_chan_put(chan);
711eafe3 2965}
ef8efe4b
JH		 2966
2967int smp_register(struct hci_dev *hdev)
2968{
2969 struct l2cap_chan *chan;
2970
2971 BT_DBG("%s", hdev->name);
2972
2973 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
2974 if (IS_ERR(chan))
2975 return PTR_ERR(chan);
2976
2977 hdev->smp_data = chan;
2978
2979 if (!lmp_sc_capable(hdev) &&
2980 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2981 return 0;
2982
2983 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
2984 if (IS_ERR(chan)) {
2985 int err = PTR_ERR(chan);
2986 chan = hdev->smp_data;
2987 hdev->smp_data = NULL;
2988 smp_del_chan(chan);
2989 return err;
2990 }
2991
2992 hdev->smp_bredr_data = chan;
2993
2994 return 0;
2995}
2996
2997void smp_unregister(struct hci_dev *hdev)
2998{
2999 struct l2cap_chan *chan;
3000
3001 if (hdev->smp_bredr_data) {
3002 chan = hdev->smp_bredr_data;
3003 hdev->smp_bredr_data = NULL;
3004 smp_del_chan(chan);
3005 }
3006
3007 if (hdev->smp_data) {
3008 chan = hdev->smp_data;
3009 hdev->smp_data = NULL;
3010 smp_del_chan(chan);
3011 }
3012}
Linux kernel - Deliverables
This page took 0.66134 seconds and 5 git commands to generate.