projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add check for accidentally generating a debug key
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
8c520a59
GP		 23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
eb492e01
AB		 27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
2b64d153 30#include <net/bluetooth/mgmt.h>
ac4b7236 31
3b19146d 32#include "ecc.h"
ac4b7236 33#include "smp.h"
d22ef0bc 34
b28b4943 35#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 36
3b19146d
JH		 37/* Keys which are not distributed with Secure Connections */
38#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
39
17b02e62 40#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 41
0edb14de
JH		 42#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
43 0x1f : 0x07)
44#define KEY_DIST_MASK 0x07
065a13e2 45
cbbbe3e2
JH		 46/* Maximum message length that can be passed to aes_cmac */
47#define CMAC_MSG_MAX 80
48
533e35d4
JH		 49enum {
50 SMP_FLAG_TK_VALID,
51 SMP_FLAG_CFM_PENDING,
52 SMP_FLAG_MITM_AUTH,
53 SMP_FLAG_COMPLETE,
54 SMP_FLAG_INITIATOR,
65668776 55 SMP_FLAG_SC,
d8f8edbe 56 SMP_FLAG_REMOTE_PK,
aeb7d461 57 SMP_FLAG_DEBUG_KEY,
533e35d4 58};
4bc58f51
JH		 59
60struct smp_chan {
b68fda68
JH		 61 struct l2cap_conn *conn;
62 struct delayed_work security_timer;
b28b4943 63 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 64
4bc58f51
JH		 65 u8 preq[7]; /* SMP Pairing Request */
66 u8 prsp[7]; /* SMP Pairing Response */
67 u8 prnd[16]; /* SMP Pairing Random (local) */
68 u8 rrnd[16]; /* SMP Pairing Random (remote) */
69 u8 pcnf[16]; /* SMP Pairing Confirm */
70 u8 tk[16]; /* SMP Temporary Key */
71 u8 enc_key_size;
72 u8 remote_key_dist;
73 bdaddr_t id_addr;
74 u8 id_addr_type;
75 u8 irk[16];
76 struct smp_csrk *csrk;
77 struct smp_csrk *slave_csrk;
78 struct smp_ltk *ltk;
79 struct smp_ltk *slave_ltk;
80 struct smp_irk *remote_irk;
6a77083a 81 u8 *link_key;
4a74d658 82 unsigned long flags;
783e0574 83 u8 method;
6a7bd103 84
3b19146d
JH		 85 /* Secure Connections variables */
86 u8 local_pk[64];
87 u8 local_sk[32];
d8f8edbe
JH		 88 u8 remote_pk[64];
89 u8 dhkey[32];
760b018b 90 u8 mackey[16];
3b19146d 91
6a7bd103 92 struct crypto_blkcipher *tfm_aes;
407cecf6 93 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 94};
95
aeb7d461
JH		 96/* These debug key values are defined in the SMP section of the core
97 * specification. debug_pk is the public debug key and debug_sk the
98 * private debug key.
99 */
100static const u8 debug_pk[64] = {
101 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
102 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
103 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
104 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
105
106 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
107 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
108 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
109 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
110};
111
112static const u8 debug_sk[32] = {
113 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
114 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
115 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
116 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
117};
118
8a2936f4 119static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 120{
8a2936f4 121 size_t i;
d22ef0bc 122
8a2936f4
JH		 123 for (i = 0; i < len; i++)
124 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 125}
126
cbbbe3e2
JH		 127static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
128 size_t len, u8 mac[16])
129{
130 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
131 struct hash_desc desc;
132 struct scatterlist sg;
133 int err;
134
135 if (len > CMAC_MSG_MAX)
136 return -EFBIG;
137
138 if (!tfm) {
139 BT_ERR("tfm %p", tfm);
140 return -EINVAL;
141 }
142
143 desc.tfm = tfm;
144 desc.flags = 0;
145
146 crypto_hash_init(&desc);
147
148 /* Swap key and message from LSB to MSB */
149 swap_buf(k, tmp, 16);
150 swap_buf(m, msg_msb, len);
151
152 BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
153 BT_DBG("key %16phN", k);
154
155 err = crypto_hash_setkey(tfm, tmp, 16);
156 if (err) {
157 BT_ERR("cipher setkey failed: %d", err);
158 return err;
159 }
160
161 sg_init_one(&sg, msg_msb, len);
162
163 err = crypto_hash_update(&desc, &sg, len);
164 if (err) {
165 BT_ERR("Hash update error %d", err);
166 return err;
167 }
168
169 err = crypto_hash_final(&desc, mac_msb);
170 if (err) {
171 BT_ERR("Hash final error %d", err);
172 return err;
173 }
174
175 swap_buf(mac_msb, mac, 16);
176
177 BT_DBG("mac %16phN", mac);
178
179 return 0;
180}
181
182static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
183 const u8 x[16], u8 z, u8 res[16])
184{
185 u8 m[65];
186 int err;
187
188 BT_DBG("u %32phN", u);
189 BT_DBG("v %32phN", v);
190 BT_DBG("x %16phN z %02x", x, z);
191
192 m[0] = z;
193 memcpy(m + 1, v, 32);
194 memcpy(m + 33, u, 32);
195
196 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
197 if (err)
198 return err;
199
200 BT_DBG("res %16phN", res);
201
202 return err;
203}
204
760b018b
JH		 205static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
206 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
207{
208 /* The btle, salt and length "magic" values are as defined in
209 * the SMP section of the Bluetooth core specification. In ASCII
210 * the btle value ends up being 'btle'. The salt is just a
211 * random number whereas length is the value 256 in little
212 * endian format.
213 */
214 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
215 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
216 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
217 const u8 length[2] = { 0x00, 0x01 };
218 u8 m[53], t[16];
219 int err;
220
221 BT_DBG("w %32phN", w);
222 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
223 BT_DBG("a1 %7phN a2 %7phN", a1, a2);
224
225 err = aes_cmac(tfm_cmac, salt, w, 32, t);
226 if (err)
227 return err;
228
229 BT_DBG("t %16phN", t);
230
231 memcpy(m, length, 2);
232 memcpy(m + 2, a2, 7);
233 memcpy(m + 9, a1, 7);
234 memcpy(m + 16, n2, 16);
235 memcpy(m + 32, n1, 16);
236 memcpy(m + 48, btle, 4);
237
238 m[52] = 0; /* Counter */
239
240 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
241 if (err)
242 return err;
243
244 BT_DBG("mackey %16phN", mackey);
245
246 m[52] = 1; /* Counter */
247
248 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
249 if (err)
250 return err;
251
252 BT_DBG("ltk %16phN", ltk);
253
254 return 0;
255}
256
257static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
258 const u8 n1[16], u8 n2[16], const u8 r[16],
259 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
260 u8 res[16])
261{
262 u8 m[65];
263 int err;
264
265 BT_DBG("w %16phN", w);
266 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
267 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
268
269 memcpy(m, a2, 7);
270 memcpy(m + 7, a1, 7);
271 memcpy(m + 14, io_cap, 3);
272 memcpy(m + 17, r, 16);
273 memcpy(m + 33, n2, 16);
274 memcpy(m + 49, n1, 16);
275
276 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
277 if (err)
278 return err;
279
280 BT_DBG("res %16phN", res);
281
282 return err;
283}
284
191dc7fe
JH		 285static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
286 const u8 x[16], const u8 y[16], u32 *val)
287{
288 u8 m[80], tmp[16];
289 int err;
290
291 BT_DBG("u %32phN", u);
292 BT_DBG("v %32phN", v);
293 BT_DBG("x %16phN y %16phN", x, y);
294
295 memcpy(m, y, 16);
296 memcpy(m + 16, v, 32);
297 memcpy(m + 48, u, 32);
298
299 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
300 if (err)
301 return err;
302
303 *val = get_unaligned_le32(tmp);
304 *val %= 1000000;
305
306 BT_DBG("val %06u", *val);
307
308 return 0;
309}
310
d22ef0bc
AB		 311static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
312{
313 struct blkcipher_desc desc;
314 struct scatterlist sg;
943a732a 315 uint8_t tmp[16], data[16];
201a5929 316 int err;
d22ef0bc
AB		 317
318 if (tfm == NULL) {
319 BT_ERR("tfm %p", tfm);
320 return -EINVAL;
321 }
322
323 desc.tfm = tfm;
324 desc.flags = 0;
325
943a732a 326 /* The most significant octet of key corresponds to k[0] */
8a2936f4 327 swap_buf(k, tmp, 16);
943a732a
JH		 328
329 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 330 if (err) {
331 BT_ERR("cipher setkey failed: %d", err);
332 return err;
333 }
334
943a732a 335 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 336 swap_buf(r, data, 16);
943a732a
JH		 337
338 sg_init_one(&sg, data, 16);
d22ef0bc 339
d22ef0bc
AB		 340 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
341 if (err)
342 BT_ERR("Encrypt data error %d", err);
343
943a732a 344 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 345 swap_buf(data, r, 16);
943a732a 346
d22ef0bc
AB		 347 return err;
348}
349
6a77083a
JH		 350static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
351 const u8 key_id[4], u8 res[16])
352{
353 int err;
354
355 BT_DBG("w %16phN key_id %4phN", w, key_id);
356
357 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
358 if (err)
359 return err;
360
361 BT_DBG("res %16phN", res);
362
363 return err;
364}
365
60478054
JH		 366static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
367{
943a732a 368 u8 _res[16];
60478054
JH		 369 int err;
370
371 /* r' = padding || r */
943a732a
JH		 372 memcpy(_res, r, 3);
373 memset(_res + 3, 0, 13);
60478054 374
943a732a 375 err = smp_e(tfm, irk, _res);
60478054
JH		 376 if (err) {
377 BT_ERR("Encrypt error");
378 return err;
379 }
380
381 /* The output of the random address function ah is:
382 * ah(h, r) = e(k, r') mod 2^24
383 * The output of the security function e is then truncated to 24 bits
384 * by taking the least significant 24 bits of the output of e as the
385 * result of ah.
386 */
943a732a 387 memcpy(res, _res, 3);
60478054
JH		 388
389 return 0;
390}
391
defce9e8 392bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
60478054 393{
defce9e8
JH		 394 struct l2cap_chan *chan = hdev->smp_data;
395 struct crypto_blkcipher *tfm;
60478054
JH		 396 u8 hash[3];
397 int err;
398
defce9e8
JH		 399 if (!chan || !chan->data)
400 return false;
401
402 tfm = chan->data;
403
60478054
JH		 404 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
405
406 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
407 if (err)
408 return false;
409
410 return !memcmp(bdaddr->b, hash, 3);
411}
412
defce9e8 413int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 414{
defce9e8
JH		 415 struct l2cap_chan *chan = hdev->smp_data;
416 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 417 int err;
418
defce9e8
JH		 419 if (!chan || !chan->data)
420 return -EOPNOTSUPP;
421
422 tfm = chan->data;
423
b1e2b3ae
JH		 424 get_random_bytes(&rpa->b[3], 3);
425
426 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
427 rpa->b[5] |= 0x40; /* Set second most significant bit */
428
429 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
430 if (err < 0)
431 return err;
432
433 BT_DBG("RPA %pMR", rpa);
434
435 return 0;
436}
437
e491eaf3
JH		 438static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
439 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
440 bdaddr_t *ra, u8 res[16])
d22ef0bc
AB		 441{
442 u8 p1[16], p2[16];
443 int err;
444
445 memset(p1, 0, 16);
446
447 /* p1 = pres || preq || _rat || _iat */
943a732a
JH		 448 p1[0] = _iat;
449 p1[1] = _rat;
450 memcpy(p1 + 2, preq, 7);
451 memcpy(p1 + 9, pres, 7);
d22ef0bc
AB		 452
453 /* p2 = padding || ia || ra */
943a732a
JH		 454 memcpy(p2, ra, 6);
455 memcpy(p2 + 6, ia, 6);
456 memset(p2 + 12, 0, 4);
d22ef0bc
AB		 457
458 /* res = r XOR p1 */
459 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
460
461 /* res = e(k, res) */
e491eaf3 462 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 463 if (err) {
464 BT_ERR("Encrypt data error");
465 return err;
466 }
467
468 /* res = res XOR p2 */
469 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
470
471 /* res = e(k, res) */
e491eaf3 472 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 473 if (err)
474 BT_ERR("Encrypt data error");
475
476 return err;
477}
478
e491eaf3
JH		 479static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
480 u8 r2[16], u8 _r[16])
d22ef0bc
AB		 481{
482 int err;
483
484 /* Just least significant octets from r1 and r2 are considered */
943a732a
JH		 485 memcpy(_r, r2, 8);
486 memcpy(_r + 8, r1, 8);
d22ef0bc 487
e491eaf3 488 err = smp_e(tfm_aes, k, _r);
d22ef0bc
AB		 489 if (err)
490 BT_ERR("Encrypt data error");
491
492 return err;
493}
494
5d88cc73 495static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 496{
5d88cc73 497 struct l2cap_chan *chan = conn->smp;
b68fda68 498 struct smp_chan *smp;
5d88cc73
JH		 499 struct kvec iv[2];
500 struct msghdr msg;
eb492e01 501
5d88cc73
JH		 502 if (!chan)
503 return;
eb492e01 504
5d88cc73 505 BT_DBG("code 0x%2.2x", code);
eb492e01 506
5d88cc73
JH		 507 iv[0].iov_base = &code;
508 iv[0].iov_len = 1;
eb492e01 509
5d88cc73
JH		 510 iv[1].iov_base = data;
511 iv[1].iov_len = len;
eb492e01 512
5d88cc73 513 memset(&msg, 0, sizeof(msg));
eb492e01 514
5d88cc73
JH		 515 msg.msg_iov = (struct iovec *) &iv;
516 msg.msg_iovlen = 2;
eb492e01 517
5d88cc73 518 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 519
b68fda68
JH		 520 if (!chan->data)
521 return;
522
523 smp = chan->data;
524
525 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 526 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 527}
528
d2eb9e10 529static u8 authreq_to_seclevel(u8 authreq)
2b64d153 530{
d2eb9e10
JH		 531 if (authreq & SMP_AUTH_MITM) {
532 if (authreq & SMP_AUTH_SC)
533 return BT_SECURITY_FIPS;
534 else
535 return BT_SECURITY_HIGH;
536 } else {
2b64d153 537 return BT_SECURITY_MEDIUM;
d2eb9e10 538 }
2b64d153
BG		 539}
540
541static __u8 seclevel_to_authreq(__u8 sec_level)
542{
543 switch (sec_level) {
d2eb9e10 544 case BT_SECURITY_FIPS:
2b64d153
BG		 545 case BT_SECURITY_HIGH:
546 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
547 case BT_SECURITY_MEDIUM:
548 return SMP_AUTH_BONDING;
549 default:
550 return SMP_AUTH_NONE;
551 }
552}
553
b8e66eac 554static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 555 struct smp_cmd_pairing *req,
556 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 557{
5d88cc73
JH		 558 struct l2cap_chan *chan = conn->smp;
559 struct smp_chan *smp = chan->data;
fd349c02
JH		 560 struct hci_conn *hcon = conn->hcon;
561 struct hci_dev *hdev = hcon->hdev;
562 u8 local_dist = 0, remote_dist = 0;
54790f73 563
b6ae8457 564 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 565 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
566 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 567 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 568 } else {
569 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 570 }
571
fd349c02
JH		 572 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
573 remote_dist |= SMP_DIST_ID_KEY;
574
863efaf2
JH		 575 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
576 local_dist |= SMP_DIST_ID_KEY;
577
df8e1a4c
JH		 578 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
579 if ((authreq & SMP_AUTH_SC) &&
580 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
581 local_dist |= SMP_DIST_LINK_KEY;
582 remote_dist |= SMP_DIST_LINK_KEY;
583 }
584 } else {
585 authreq &= ~SMP_AUTH_SC;
586 }
587
54790f73
VCG		 588 if (rsp == NULL) {
589 req->io_capability = conn->hcon->io_capability;
590 req->oob_flag = SMP_OOB_NOT_PRESENT;
591 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 592 req->init_key_dist = local_dist;
593 req->resp_key_dist = remote_dist;
0edb14de 594 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 595
596 smp->remote_key_dist = remote_dist;
54790f73
VCG		 597 return;
598 }
599
600 rsp->io_capability = conn->hcon->io_capability;
601 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
602 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 603 rsp->init_key_dist = req->init_key_dist & remote_dist;
604 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 605 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 606
607 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 608}
609
3158c50c
VCG		 610static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
611{
5d88cc73
JH		 612 struct l2cap_chan *chan = conn->smp;
613 struct smp_chan *smp = chan->data;
1c1def09 614
3158c50c 615 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 616 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 617 return SMP_ENC_KEY_SIZE;
618
f7aa611a 619 smp->enc_key_size = max_key_size;
3158c50c
VCG		 620
621 return 0;
622}
623
6f48e260
JH		 624static void smp_chan_destroy(struct l2cap_conn *conn)
625{
626 struct l2cap_chan *chan = conn->smp;
627 struct smp_chan *smp = chan->data;
628 bool complete;
629
630 BUG_ON(!smp);
631
632 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 633
6f48e260
JH		 634 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
635 mgmt_smp_complete(conn->hcon, complete);
636
637 kfree(smp->csrk);
638 kfree(smp->slave_csrk);
6a77083a 639 kfree(smp->link_key);
6f48e260
JH		 640
641 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 642 crypto_free_hash(smp->tfm_cmac);
6f48e260
JH		 643
644 /* If pairing failed clean up any keys we might have */
645 if (!complete) {
646 if (smp->ltk) {
970d0f1b
JH		 647 list_del_rcu(&smp->ltk->list);
648 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 649 }
650
651 if (smp->slave_ltk) {
970d0f1b
JH		 652 list_del_rcu(&smp->slave_ltk->list);
653 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 654 }
655
656 if (smp->remote_irk) {
adae20cb
JH		 657 list_del_rcu(&smp->remote_irk->list);
658 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 659 }
660 }
661
662 chan->data = NULL;
663 kfree(smp);
664 hci_conn_drop(conn->hcon);
665}
666
84794e11 667static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 668{
bab73cb6 669 struct hci_conn *hcon = conn->hcon;
b68fda68 670 struct l2cap_chan *chan = conn->smp;
bab73cb6 671
84794e11 672 if (reason)
4f957a76 673 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 674 &reason);
4f957a76 675
ce39fb4e 676 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 677 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 678
fc75cc86 679 if (chan->data)
f1c09c07 680 smp_chan_destroy(conn);
4f957a76
BG		 681}
682
2b64d153
BG		 683#define JUST_WORKS 0x00
684#define JUST_CFM 0x01
685#define REQ_PASSKEY 0x02
686#define CFM_PASSKEY 0x03
687#define REQ_OOB 0x04
5e3d3d9b 688#define DSP_PASSKEY 0x05
2b64d153
BG		 689#define OVERLAP 0xFF
690
691static const u8 gen_method[5][5] = {
692 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
693 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
694 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
695 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
696 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
697};
698
5e3d3d9b
JH		 699static const u8 sc_method[5][5] = {
700 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
701 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
702 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
703 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
704 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
705};
706
581370cc
JH		 707static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
708{
2bcd4003
JH		 709 /* If either side has unknown io_caps, use JUST_CFM (which gets
710 * converted later to JUST_WORKS if we're initiators.
711 */
581370cc
JH		 712 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
713 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 714 return JUST_CFM;
581370cc 715
5e3d3d9b
JH		 716 if (test_bit(SMP_FLAG_SC, &smp->flags))
717 return sc_method[remote_io][local_io];
718
581370cc
JH		 719 return gen_method[remote_io][local_io];
720}
721
2b64d153
BG		 722static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
723 u8 local_io, u8 remote_io)
724{
725 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 726 struct l2cap_chan *chan = conn->smp;
727 struct smp_chan *smp = chan->data;
2b64d153
BG		 728 u32 passkey = 0;
729 int ret = 0;
730
731 /* Initialize key for JUST WORKS */
732 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 733 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 734
735 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
736
2bcd4003
JH		 737 /* If neither side wants MITM, either "just" confirm an incoming
738 * request or use just-works for outgoing ones. The JUST_CFM
739 * will be converted to JUST_WORKS if necessary later in this
740 * function. If either side has MITM look up the method from the
741 * table.
742 */
581370cc 743 if (!(auth & SMP_AUTH_MITM))
783e0574 744 smp->method = JUST_CFM;
2b64d153 745 else
783e0574 746 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 747
a82505c7 748 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 749 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
750 &smp->flags))
751 smp->method = JUST_WORKS;
a82505c7 752
02f3e254 753 /* Don't bother user space with no IO capabilities */
783e0574
JH		 754 if (smp->method == JUST_CFM &&
755 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
756 smp->method = JUST_WORKS;
02f3e254 757
2b64d153 758 /* If Just Works, Continue with Zero TK */
783e0574 759 if (smp->method == JUST_WORKS) {
4a74d658 760 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 761 return 0;
762 }
763
764 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 765 if (smp->method != JUST_CFM) {
4a74d658 766 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 767 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
768 hcon->pending_sec_level = BT_SECURITY_HIGH;
769 }
2b64d153
BG		 770
771 /* If both devices have Keyoard-Display I/O, the master
772 * Confirms and the slave Enters the passkey.
773 */
783e0574 774 if (smp->method == OVERLAP) {
40bef302 775 if (hcon->role == HCI_ROLE_MASTER)
783e0574 776 smp->method = CFM_PASSKEY;
2b64d153 777 else
783e0574 778 smp->method = REQ_PASSKEY;
2b64d153
BG		 779 }
780
01ad34d2 781 /* Generate random passkey. */
783e0574 782 if (smp->method == CFM_PASSKEY) {
943a732a 783 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 784 get_random_bytes(&passkey, sizeof(passkey));
785 passkey %= 1000000;
943a732a 786 put_unaligned_le32(passkey, smp->tk);
2b64d153 787 BT_DBG("PassKey: %d", passkey);
4a74d658 788 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 789 }
790
783e0574 791 if (smp->method == REQ_PASSKEY)
ce39fb4e 792 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 793 hcon->type, hcon->dst_type);
783e0574 794 else if (smp->method == JUST_CFM)
4eb65e66
JH		 795 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
796 hcon->type, hcon->dst_type,
797 passkey, 1);
2b64d153 798 else
01ad34d2 799 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 800 hcon->type, hcon->dst_type,
39adbffe 801 passkey, 0);
2b64d153 802
2b64d153
BG		 803 return ret;
804}
805
1cc61144 806static u8 smp_confirm(struct smp_chan *smp)
8aab4757 807{
8aab4757 808 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 809 struct smp_cmd_pairing_confirm cp;
810 int ret;
8aab4757
VCG		 811
812 BT_DBG("conn %p", conn);
813
e491eaf3 814 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 815 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 816 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
817 cp.confirm_val);
1cc61144
JH		 818 if (ret)
819 return SMP_UNSPECIFIED;
8aab4757 820
4a74d658 821 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 822
8aab4757
VCG		 823 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
824
b28b4943
JH		 825 if (conn->hcon->out)
826 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
827 else
828 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
829
1cc61144 830 return 0;
8aab4757
VCG		 831}
832
861580a9 833static u8 smp_random(struct smp_chan *smp)
8aab4757 834{
8aab4757
VCG		 835 struct l2cap_conn *conn = smp->conn;
836 struct hci_conn *hcon = conn->hcon;
861580a9 837 u8 confirm[16];
8aab4757
VCG		 838 int ret;
839
ec70f36f 840 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 841 return SMP_UNSPECIFIED;
8aab4757
VCG		 842
843 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
844
e491eaf3 845 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 846 hcon->init_addr_type, &hcon->init_addr,
943a732a 847 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 848 if (ret)
849 return SMP_UNSPECIFIED;
8aab4757 850
8aab4757
VCG		 851 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
852 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 853 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 854 }
855
856 if (hcon->out) {
fe39c7b2
MH		 857 u8 stk[16];
858 __le64 rand = 0;
859 __le16 ediv = 0;
8aab4757 860
e491eaf3 861 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 862
f7aa611a 863 memset(stk + smp->enc_key_size, 0,
04124681 864 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 865
861580a9
JH		 866 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
867 return SMP_UNSPECIFIED;
8aab4757
VCG		 868
869 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 870 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 871 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 872 } else {
fff3490f 873 u8 stk[16], auth;
fe39c7b2
MH		 874 __le64 rand = 0;
875 __le16 ediv = 0;
8aab4757 876
943a732a
JH		 877 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
878 smp->prnd);
8aab4757 879
e491eaf3 880 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 881
f7aa611a 882 memset(stk + smp->enc_key_size, 0,
f1560463 883 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 884
fff3490f
JH		 885 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
886 auth = 1;
887 else
888 auth = 0;
889
7d5843b7
JH		 890 /* Even though there's no _SLAVE suffix this is the
891 * slave STK we're adding for later lookup (the master
892 * STK never needs to be stored).
893 */
ce39fb4e 894 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 895 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 896 }
897
861580a9 898 return 0;
8aab4757
VCG		 899}
900
44f1a7ab
JH		 901static void smp_notify_keys(struct l2cap_conn *conn)
902{
903 struct l2cap_chan *chan = conn->smp;
904 struct smp_chan *smp = chan->data;
905 struct hci_conn *hcon = conn->hcon;
906 struct hci_dev *hdev = hcon->hdev;
907 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
908 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
909 bool persistent;
910
911 if (smp->remote_irk) {
912 mgmt_new_irk(hdev, smp->remote_irk);
913 /* Now that user space can be considered to know the
914 * identity address track the connection based on it
915 * from now on.
916 */
917 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
918 hcon->dst_type = smp->remote_irk->addr_type;
f3d82d0c 919 queue_work(hdev->workqueue, &conn->id_addr_update_work);
44f1a7ab
JH		 920
921 /* When receiving an indentity resolving key for
922 * a remote device that does not use a resolvable
923 * private address, just remove the key so that
924 * it is possible to use the controller white
925 * list for scanning.
926 *
927 * Userspace will have been told to not store
928 * this key at this point. So it is safe to
929 * just remove it.
930 */
931 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 932 list_del_rcu(&smp->remote_irk->list);
933 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 934 smp->remote_irk = NULL;
935 }
936 }
937
938 /* The LTKs and CSRKs should be persistent only if both sides
939 * had the bonding bit set in their authentication requests.
940 */
941 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
942
943 if (smp->csrk) {
944 smp->csrk->bdaddr_type = hcon->dst_type;
945 bacpy(&smp->csrk->bdaddr, &hcon->dst);
946 mgmt_new_csrk(hdev, smp->csrk, persistent);
947 }
948
949 if (smp->slave_csrk) {
950 smp->slave_csrk->bdaddr_type = hcon->dst_type;
951 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
952 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
953 }
954
955 if (smp->ltk) {
956 smp->ltk->bdaddr_type = hcon->dst_type;
957 bacpy(&smp->ltk->bdaddr, &hcon->dst);
958 mgmt_new_ltk(hdev, smp->ltk, persistent);
959 }
960
961 if (smp->slave_ltk) {
962 smp->slave_ltk->bdaddr_type = hcon->dst_type;
963 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
964 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
965 }
6a77083a
JH		 966
967 if (smp->link_key) {
968 hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
969 smp->link_key, HCI_LK_AUTH_COMBINATION_P256,
970 0, NULL);
971 }
972}
973
974static void sc_generate_link_key(struct smp_chan *smp)
975{
976 /* These constants are as specified in the core specification.
977 * In ASCII they spell out to 'tmp1' and 'lebr'.
978 */
979 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
980 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
981
982 smp->link_key = kzalloc(16, GFP_KERNEL);
983 if (!smp->link_key)
984 return;
985
986 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
987 kfree(smp->link_key);
988 smp->link_key = NULL;
989 return;
990 }
991
992 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
993 kfree(smp->link_key);
994 smp->link_key = NULL;
995 return;
996 }
44f1a7ab
JH		 997}
998
b28b4943
JH		 999static void smp_allow_key_dist(struct smp_chan *smp)
1000{
1001 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1002 * will be allowed in each PDU handler to ensure we receive
1003 * them in the correct order.
1004 */
1005 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1006 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1007 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1008 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1009 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1010 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1011}
1012
d6268e86 1013static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1014{
1015 struct smp_cmd_pairing *req, *rsp;
86d1407c 1016 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1017 struct hci_conn *hcon = conn->hcon;
1018 struct hci_dev *hdev = hcon->hdev;
1019 __u8 *keydist;
1020
1021 BT_DBG("conn %p", conn);
1022
44f1a7ab
JH		 1023 rsp = (void *) &smp->prsp[1];
1024
1025 /* The responder sends its keys first */
b28b4943
JH		 1026 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1027 smp_allow_key_dist(smp);
86d1407c 1028 return;
b28b4943 1029 }
44f1a7ab
JH		 1030
1031 req = (void *) &smp->preq[1];
1032
1033 if (hcon->out) {
1034 keydist = &rsp->init_key_dist;
1035 *keydist &= req->init_key_dist;
1036 } else {
1037 keydist = &rsp->resp_key_dist;
1038 *keydist &= req->resp_key_dist;
1039 }
1040
6a77083a
JH		 1041 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1042 if (*keydist & SMP_DIST_LINK_KEY)
1043 sc_generate_link_key(smp);
1044
1045 /* Clear the keys which are generated but not distributed */
1046 *keydist &= ~SMP_SC_NO_DIST;
1047 }
1048
44f1a7ab
JH		 1049 BT_DBG("keydist 0x%x", *keydist);
1050
1051 if (*keydist & SMP_DIST_ENC_KEY) {
1052 struct smp_cmd_encrypt_info enc;
1053 struct smp_cmd_master_ident ident;
1054 struct smp_ltk *ltk;
1055 u8 authenticated;
1056 __le16 ediv;
1057 __le64 rand;
1058
1059 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1060 get_random_bytes(&ediv, sizeof(ediv));
1061 get_random_bytes(&rand, sizeof(rand));
1062
1063 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1064
1065 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1066 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1067 SMP_LTK_SLAVE, authenticated, enc.ltk,
1068 smp->enc_key_size, ediv, rand);
1069 smp->slave_ltk = ltk;
1070
1071 ident.ediv = ediv;
1072 ident.rand = rand;
1073
1074 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1075
1076 *keydist &= ~SMP_DIST_ENC_KEY;
1077 }
1078
1079 if (*keydist & SMP_DIST_ID_KEY) {
1080 struct smp_cmd_ident_addr_info addrinfo;
1081 struct smp_cmd_ident_info idinfo;
1082
1083 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1084
1085 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1086
1087 /* The hci_conn contains the local identity address
1088 * after the connection has been established.
1089 *
1090 * This is true even when the connection has been
1091 * established using a resolvable random address.
1092 */
1093 bacpy(&addrinfo.bdaddr, &hcon->src);
1094 addrinfo.addr_type = hcon->src_type;
1095
1096 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1097 &addrinfo);
1098
1099 *keydist &= ~SMP_DIST_ID_KEY;
1100 }
1101
1102 if (*keydist & SMP_DIST_SIGN) {
1103 struct smp_cmd_sign_info sign;
1104 struct smp_csrk *csrk;
1105
1106 /* Generate a new random key */
1107 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1108
1109 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1110 if (csrk) {
1111 csrk->master = 0x00;
1112 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1113 }
1114 smp->slave_csrk = csrk;
1115
1116 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1117
1118 *keydist &= ~SMP_DIST_SIGN;
1119 }
1120
1121 /* If there are still keys to be received wait for them */
b28b4943
JH		 1122 if (smp->remote_key_dist & KEY_DIST_MASK) {
1123 smp_allow_key_dist(smp);
86d1407c 1124 return;
b28b4943 1125 }
44f1a7ab 1126
44f1a7ab
JH		 1127 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1128 smp_notify_keys(conn);
1129
1130 smp_chan_destroy(conn);
44f1a7ab
JH		 1131}
1132
b68fda68
JH		 1133static void smp_timeout(struct work_struct *work)
1134{
1135 struct smp_chan *smp = container_of(work, struct smp_chan,
1136 security_timer.work);
1137 struct l2cap_conn *conn = smp->conn;
1138
1139 BT_DBG("conn %p", conn);
1140
1e91c29e 1141 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1142}
1143
8aab4757
VCG		 1144static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1145{
5d88cc73 1146 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1147 struct smp_chan *smp;
1148
f1560463 1149 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1150 if (!smp)
8aab4757
VCG		 1151 return NULL;
1152
6a7bd103
JH		 1153 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1154 if (IS_ERR(smp->tfm_aes)) {
1155 BT_ERR("Unable to create ECB crypto context");
1156 kfree(smp);
1157 return NULL;
1158 }
1159
407cecf6
JH		 1160 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1161 if (IS_ERR(smp->tfm_cmac)) {
1162 BT_ERR("Unable to create CMAC crypto context");
1163 crypto_free_blkcipher(smp->tfm_aes);
1164 kfree(smp);
1165 return NULL;
1166 }
1167
8aab4757 1168 smp->conn = conn;
5d88cc73 1169 chan->data = smp;
8aab4757 1170
b28b4943
JH		 1171 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1172
b68fda68
JH		 1173 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1174
8aab4757
VCG		 1175 hci_conn_hold(conn->hcon);
1176
1177 return smp;
1178}
1179
760b018b
JH		 1180static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1181{
1182 struct hci_conn *hcon = smp->conn->hcon;
1183 u8 *na, *nb, a[7], b[7];
1184
1185 if (hcon->out) {
1186 na = smp->prnd;
1187 nb = smp->rrnd;
1188 } else {
1189 na = smp->rrnd;
1190 nb = smp->prnd;
1191 }
1192
1193 memcpy(a, &hcon->init_addr, 6);
1194 memcpy(b, &hcon->resp_addr, 6);
1195 a[6] = hcon->init_addr_type;
1196 b[6] = hcon->resp_addr_type;
1197
1198 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1199}
1200
1201static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1202{
1203 struct hci_conn *hcon = smp->conn->hcon;
1204 struct smp_cmd_dhkey_check check;
1205 u8 a[7], b[7], *local_addr, *remote_addr;
1206 u8 io_cap[3], r[16];
1207
1208 switch (mgmt_op) {
1209 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1210 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1211 return 0;
1212 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1213 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1214 return 0;
1215 }
1216
1217 memcpy(a, &hcon->init_addr, 6);
1218 memcpy(b, &hcon->resp_addr, 6);
1219 a[6] = hcon->init_addr_type;
1220 b[6] = hcon->resp_addr_type;
1221
1222 if (hcon->out) {
1223 local_addr = a;
1224 remote_addr = b;
1225 memcpy(io_cap, &smp->preq[1], 3);
1226 } else {
1227 local_addr = b;
1228 remote_addr = a;
1229 memcpy(io_cap, &smp->prsp[1], 3);
1230 }
1231
1232 memcpy(r, &passkey, sizeof(passkey));
1233 memset(r + sizeof(passkey), 0, sizeof(r) - sizeof(passkey));
1234
1235 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1236 local_addr, remote_addr, check.e);
1237
1238 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1239
1240 return 0;
1241}
1242
2b64d153
BG		 1243int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1244{
b10e8017 1245 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1246 struct l2cap_chan *chan;
2b64d153
BG		 1247 struct smp_chan *smp;
1248 u32 value;
fc75cc86 1249 int err;
2b64d153
BG		 1250
1251 BT_DBG("");
1252
fc75cc86 1253 if (!conn)
2b64d153
BG		 1254 return -ENOTCONN;
1255
5d88cc73
JH		 1256 chan = conn->smp;
1257 if (!chan)
1258 return -ENOTCONN;
1259
fc75cc86
JH		 1260 l2cap_chan_lock(chan);
1261 if (!chan->data) {
1262 err = -ENOTCONN;
1263 goto unlock;
1264 }
1265
5d88cc73 1266 smp = chan->data;
2b64d153 1267
760b018b
JH		 1268 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1269 err = sc_user_reply(smp, mgmt_op, passkey);
1270 goto unlock;
1271 }
1272
2b64d153
BG		 1273 switch (mgmt_op) {
1274 case MGMT_OP_USER_PASSKEY_REPLY:
1275 value = le32_to_cpu(passkey);
943a732a 1276 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1277 BT_DBG("PassKey: %d", value);
943a732a 1278 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1279 /* Fall Through */
1280 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1281 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1282 break;
1283 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1284 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1285 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1286 err = 0;
1287 goto unlock;
2b64d153 1288 default:
84794e11 1289 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1290 err = -EOPNOTSUPP;
1291 goto unlock;
2b64d153
BG		 1292 }
1293
fc75cc86
JH		 1294 err = 0;
1295
2b64d153 1296 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1297 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1298 u8 rsp = smp_confirm(smp);
1299 if (rsp)
1300 smp_failure(conn, rsp);
1301 }
2b64d153 1302
fc75cc86
JH		 1303unlock:
1304 l2cap_chan_unlock(chan);
1305 return err;
2b64d153
BG		 1306}
1307
da85e5e5 1308static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1309{
3158c50c 1310 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1311 struct l2cap_chan *chan = conn->smp;
b3c6410b 1312 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1313 struct smp_chan *smp;
c7262e71 1314 u8 key_size, auth, sec_level;
8aab4757 1315 int ret;
88ba43b6
AB		 1316
1317 BT_DBG("conn %p", conn);
1318
c46b98be 1319 if (skb->len < sizeof(*req))
38e4a915 1320 return SMP_INVALID_PARAMS;
c46b98be 1321
40bef302 1322 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1323 return SMP_CMD_NOTSUPP;
1324
fc75cc86 1325 if (!chan->data)
8aab4757 1326 smp = smp_chan_create(conn);
fc75cc86 1327 else
5d88cc73 1328 smp = chan->data;
8aab4757 1329
d08fd0e7
AE		 1330 if (!smp)
1331 return SMP_UNSPECIFIED;
d26a2345 1332
c05b9339 1333 /* We didn't start the pairing, so match remote */
0edb14de 1334 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1335
b6ae8457 1336 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1337 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1338 return SMP_PAIRING_NOTSUPP;
1339
1c1def09
VCG		 1340 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1341 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1342 skb_pull(skb, sizeof(*req));
88ba43b6 1343
5e3d3d9b
JH		 1344 build_pairing_cmd(conn, req, &rsp, auth);
1345
1346 if (rsp.auth_req & SMP_AUTH_SC)
1347 set_bit(SMP_FLAG_SC, &smp->flags);
1348
5be5e275 1349 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1350 sec_level = BT_SECURITY_MEDIUM;
1351 else
1352 sec_level = authreq_to_seclevel(auth);
1353
c7262e71
JH		 1354 if (sec_level > conn->hcon->pending_sec_level)
1355 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1356
49c922bb 1357 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1358 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1359 u8 method;
1360
1361 method = get_auth_method(smp, conn->hcon->io_capability,
1362 req->io_capability);
1363 if (method == JUST_WORKS || method == JUST_CFM)
1364 return SMP_AUTH_REQUIREMENTS;
1365 }
1366
3158c50c
VCG		 1367 key_size = min(req->max_key_size, rsp.max_key_size);
1368 if (check_enc_key_size(conn, key_size))
1369 return SMP_ENC_KEY_SIZE;
88ba43b6 1370
e84a6b13 1371 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1372
1c1def09
VCG		 1373 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1374 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1375
3158c50c 1376 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1377
1378 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1379
1380 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1381 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1382 /* Clear bits which are generated but not distributed */
1383 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1384 /* Wait for Public Key from Initiating Device */
1385 return 0;
1386 } else {
1387 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1388 }
da85e5e5 1389
2b64d153
BG		 1390 /* Request setup of TK */
1391 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1392 if (ret)
1393 return SMP_UNSPECIFIED;
1394
da85e5e5 1395 return 0;
88ba43b6
AB		 1396}
1397
3b19146d
JH		 1398static u8 sc_send_public_key(struct smp_chan *smp)
1399{
1400 BT_DBG("");
1401
6c0dcc50
JH		 1402 while (true) {
1403 /* Generate local key pair for Secure Connections */
1404 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1405 return SMP_UNSPECIFIED;
1406
1407 /* This is unlikely, but we need to check that we didn't
1408 * accidentially generate a debug key.
1409 */
1410 if (memcmp(smp->local_sk, debug_sk, 32))
1411 break;
1412 }
3b19146d
JH		 1413
1414 BT_DBG("Local Public Key X: %32phN", smp->local_pk);
1415 BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1416 BT_DBG("Local Private Key: %32phN", smp->local_sk);
1417
1418 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1419
1420 return 0;
1421}
1422
da85e5e5 1423static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1424{
3158c50c 1425 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1426 struct l2cap_chan *chan = conn->smp;
1427 struct smp_chan *smp = chan->data;
0edb14de 1428 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1429 u8 key_size, auth;
7d24ddcc 1430 int ret;
88ba43b6
AB		 1431
1432 BT_DBG("conn %p", conn);
1433
c46b98be 1434 if (skb->len < sizeof(*rsp))
38e4a915 1435 return SMP_INVALID_PARAMS;
c46b98be 1436
40bef302 1437 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1438 return SMP_CMD_NOTSUPP;
1439
3158c50c
VCG		 1440 skb_pull(skb, sizeof(*rsp));
1441
1c1def09 1442 req = (void *) &smp->preq[1];
da85e5e5 1443
3158c50c
VCG		 1444 key_size = min(req->max_key_size, rsp->max_key_size);
1445 if (check_enc_key_size(conn, key_size))
1446 return SMP_ENC_KEY_SIZE;
1447
0edb14de 1448 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1449
65668776
JH		 1450 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1451 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1452 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1453 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1454
49c922bb 1455 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1456 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1457 u8 method;
1458
1459 method = get_auth_method(smp, req->io_capability,
1460 rsp->io_capability);
1461 if (method == JUST_WORKS || method == JUST_CFM)
1462 return SMP_AUTH_REQUIREMENTS;
1463 }
1464
e84a6b13 1465 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1466
8aab4757
VCG		 1467 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1468 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
7d24ddcc 1469
fdcc4bec
JH		 1470 /* Update remote key distribution in case the remote cleared
1471 * some bits that we had enabled in our request.
1472 */
1473 smp->remote_key_dist &= rsp->resp_key_dist;
1474
3b19146d
JH		 1475 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1476 /* Clear bits which are generated but not distributed */
1477 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1478 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1479 return sc_send_public_key(smp);
1480 }
1481
c05b9339 1482 auth |= req->auth_req;
2b64d153 1483
476585ec 1484 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1485 if (ret)
1486 return SMP_UNSPECIFIED;
1487
4a74d658 1488 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1489
1490 /* Can't compose response until we have been confirmed */
4a74d658 1491 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1492 return smp_confirm(smp);
da85e5e5
VCG		 1493
1494 return 0;
88ba43b6
AB		 1495}
1496
dcee2b32
JH		 1497static u8 sc_check_confirm(struct smp_chan *smp)
1498{
1499 struct l2cap_conn *conn = smp->conn;
1500
1501 BT_DBG("");
1502
1503 /* Public Key exchange must happen before any other steps */
1504 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1505 return SMP_UNSPECIFIED;
1506
1507 if (conn->hcon->out) {
1508 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1509 smp->prnd);
1510 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1511 }
1512
1513 return 0;
1514}
1515
da85e5e5 1516static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1517{
5d88cc73
JH		 1518 struct l2cap_chan *chan = conn->smp;
1519 struct smp_chan *smp = chan->data;
7d24ddcc 1520
88ba43b6
AB		 1521 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1522
c46b98be 1523 if (skb->len < sizeof(smp->pcnf))
38e4a915 1524 return SMP_INVALID_PARAMS;
c46b98be 1525
1c1def09
VCG		 1526 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1527 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1528
dcee2b32
JH		 1529 if (test_bit(SMP_FLAG_SC, &smp->flags))
1530 return sc_check_confirm(smp);
1531
b28b4943 1532 if (conn->hcon->out) {
943a732a
JH		 1533 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1534 smp->prnd);
b28b4943
JH		 1535 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1536 return 0;
1537 }
1538
1539 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1540 return smp_confirm(smp);
943a732a 1541 else
4a74d658 1542 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1543
1544 return 0;
88ba43b6
AB		 1545}
1546
da85e5e5 1547static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1548{
5d88cc73
JH		 1549 struct l2cap_chan *chan = conn->smp;
1550 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1551 struct hci_conn *hcon = conn->hcon;
1552 u8 *pkax, *pkbx, *na, *nb;
1553 u32 passkey;
1554 int err;
7d24ddcc 1555
8aab4757 1556 BT_DBG("conn %p", conn);
3158c50c 1557
c46b98be 1558 if (skb->len < sizeof(smp->rrnd))
38e4a915 1559 return SMP_INVALID_PARAMS;
c46b98be 1560
943a732a 1561 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1562 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1563
191dc7fe
JH		 1564 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1565 return smp_random(smp);
1566
1567 if (hcon->out) {
1568 u8 cfm[16];
1569
1570 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1571 smp->rrnd, 0, cfm);
1572 if (err)
1573 return SMP_UNSPECIFIED;
1574
1575 if (memcmp(smp->pcnf, cfm, 16))
1576 return SMP_CONFIRM_FAILED;
1577
1578 pkax = smp->local_pk;
1579 pkbx = smp->remote_pk;
1580 na = smp->prnd;
1581 nb = smp->rrnd;
1582 } else {
1583 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1584 smp->prnd);
1585 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1586
1587 pkax = smp->remote_pk;
1588 pkbx = smp->local_pk;
1589 na = smp->rrnd;
1590 nb = smp->prnd;
1591 }
1592
760b018b
JH		 1593 /* Generate MacKey and LTK */
1594 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1595 if (err)
1596 return SMP_UNSPECIFIED;
1597
191dc7fe
JH		 1598 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
1599 if (err)
1600 return SMP_UNSPECIFIED;
1601
1602 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
1603 hcon->type, hcon->dst_type,
1604 passkey, 0);
1605 if (err)
1606 return SMP_UNSPECIFIED;
1607
1608 return 0;
88ba43b6
AB		 1609}
1610
f81cd823 1611static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 1612{
c9839a11 1613 struct smp_ltk *key;
988c5997
VCG		 1614 struct hci_conn *hcon = conn->hcon;
1615
f3a73d97 1616 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 1617 if (!key)
f81cd823 1618 return false;
988c5997 1619
a6f7833c 1620 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 1621 return false;
4dab7864 1622
51a8efd7 1623 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 1624 return true;
988c5997 1625
c9839a11
VCG		 1626 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1627 hcon->enc_key_size = key->enc_size;
988c5997 1628
fe59a05f
JH		 1629 /* We never store STKs for master role, so clear this flag */
1630 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1631
f81cd823 1632 return true;
988c5997 1633}
f1560463 1634
35dc6f83
JH		 1635bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1636 enum smp_key_pref key_pref)
854f4727
JH		 1637{
1638 if (sec_level == BT_SECURITY_LOW)
1639 return true;
1640
35dc6f83
JH		 1641 /* If we're encrypted with an STK but the caller prefers using
1642 * LTK claim insufficient security. This way we allow the
1643 * connection to be re-encrypted with an LTK, even if the LTK
1644 * provides the same level of security. Only exception is if we
1645 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 1646 */
35dc6f83
JH		 1647 if (key_pref == SMP_USE_LTK &&
1648 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 1649 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 1650 return false;
1651
854f4727
JH		 1652 if (hcon->sec_level >= sec_level)
1653 return true;
1654
1655 return false;
1656}
1657
da85e5e5 1658static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 1659{
1660 struct smp_cmd_security_req *rp = (void *) skb->data;
1661 struct smp_cmd_pairing cp;
f1cb9af5 1662 struct hci_conn *hcon = conn->hcon;
0edb14de 1663 struct hci_dev *hdev = hcon->hdev;
8aab4757 1664 struct smp_chan *smp;
c05b9339 1665 u8 sec_level, auth;
88ba43b6
AB		 1666
1667 BT_DBG("conn %p", conn);
1668
c46b98be 1669 if (skb->len < sizeof(*rp))
38e4a915 1670 return SMP_INVALID_PARAMS;
c46b98be 1671
40bef302 1672 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 1673 return SMP_CMD_NOTSUPP;
1674
0edb14de 1675 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1676
5be5e275 1677 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1678 sec_level = BT_SECURITY_MEDIUM;
1679 else
1680 sec_level = authreq_to_seclevel(auth);
1681
35dc6f83 1682 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 1683 return 0;
1684
c7262e71
JH		 1685 if (sec_level > hcon->pending_sec_level)
1686 hcon->pending_sec_level = sec_level;
feb45eb5 1687
4dab7864 1688 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 1689 return 0;
1690
8aab4757 1691 smp = smp_chan_create(conn);
c29d2444
JH		 1692 if (!smp)
1693 return SMP_UNSPECIFIED;
d26a2345 1694
b6ae8457 1695 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 1696 (auth & SMP_AUTH_BONDING))
616d55be
JH		 1697 return SMP_PAIRING_NOTSUPP;
1698
88ba43b6 1699 skb_pull(skb, sizeof(*rp));
88ba43b6 1700
da85e5e5 1701 memset(&cp, 0, sizeof(cp));
c05b9339 1702 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 1703
1c1def09
VCG		 1704 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1705 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1706
88ba43b6 1707 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1708 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 1709
da85e5e5 1710 return 0;
88ba43b6
AB		 1711}
1712
cc110922 1713int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 1714{
cc110922 1715 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 1716 struct l2cap_chan *chan;
0a66cf20 1717 struct smp_chan *smp;
2b64d153 1718 __u8 authreq;
fc75cc86 1719 int ret;
eb492e01 1720
3a0259bb
VCG		 1721 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1722
0a66cf20
JH		 1723 /* This may be NULL if there's an unexpected disconnection */
1724 if (!conn)
1725 return 1;
1726
c68b7f12
JH		 1727 chan = conn->smp;
1728
757aee0f 1729 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 1730 return 1;
1731
35dc6f83 1732 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 1733 return 1;
f1cb9af5 1734
c7262e71
JH		 1735 if (sec_level > hcon->pending_sec_level)
1736 hcon->pending_sec_level = sec_level;
1737
40bef302 1738 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 1739 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1740 return 0;
d26a2345 1741
fc75cc86
JH		 1742 l2cap_chan_lock(chan);
1743
1744 /* If SMP is already in progress ignore this request */
1745 if (chan->data) {
1746 ret = 0;
1747 goto unlock;
1748 }
d26a2345 1749
8aab4757 1750 smp = smp_chan_create(conn);
fc75cc86
JH		 1751 if (!smp) {
1752 ret = 1;
1753 goto unlock;
1754 }
2b64d153
BG		 1755
1756 authreq = seclevel_to_authreq(sec_level);
d26a2345 1757
d2eb9e10
JH		 1758 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1759 authreq |= SMP_AUTH_SC;
1760
79897d20
JH		 1761 /* Require MITM if IO Capability allows or the security level
1762 * requires it.
2e233644 1763 */
79897d20 1764 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 1765 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 1766 authreq |= SMP_AUTH_MITM;
1767
40bef302 1768 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 1769 struct smp_cmd_pairing cp;
f01ead31 1770
2b64d153 1771 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 1772 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1773 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1774
eb492e01 1775 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1776 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 1777 } else {
1778 struct smp_cmd_security_req cp;
2b64d153 1779 cp.auth_req = authreq;
eb492e01 1780 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 1781 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 1782 }
1783
4a74d658 1784 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 1785 ret = 0;
edca792c 1786
fc75cc86
JH		 1787unlock:
1788 l2cap_chan_unlock(chan);
1789 return ret;
eb492e01
AB		 1790}
1791
7034b911
VCG		 1792static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1793{
16b90839 1794 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 1795 struct l2cap_chan *chan = conn->smp;
1796 struct smp_chan *smp = chan->data;
16b90839 1797
c46b98be
JH		 1798 BT_DBG("conn %p", conn);
1799
1800 if (skb->len < sizeof(*rp))
38e4a915 1801 return SMP_INVALID_PARAMS;
c46b98be 1802
b28b4943 1803 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 1804
16b90839
VCG		 1805 skb_pull(skb, sizeof(*rp));
1806
1c1def09 1807 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 1808
7034b911
VCG		 1809 return 0;
1810}
1811
1812static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1813{
16b90839 1814 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 1815 struct l2cap_chan *chan = conn->smp;
1816 struct smp_chan *smp = chan->data;
c9839a11
VCG		 1817 struct hci_dev *hdev = conn->hcon->hdev;
1818 struct hci_conn *hcon = conn->hcon;
23d0e128 1819 struct smp_ltk *ltk;
c9839a11 1820 u8 authenticated;
16b90839 1821
c46b98be
JH		 1822 BT_DBG("conn %p", conn);
1823
1824 if (skb->len < sizeof(*rp))
38e4a915 1825 return SMP_INVALID_PARAMS;
c46b98be 1826
9747a9f3
JH		 1827 /* Mark the information as received */
1828 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1829
b28b4943
JH		 1830 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1831 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 1832 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1833 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 1834
16b90839 1835 skb_pull(skb, sizeof(*rp));
7034b911 1836
ce39fb4e 1837 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 1838 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 1839 authenticated, smp->tk, smp->enc_key_size,
1840 rp->ediv, rp->rand);
1841 smp->ltk = ltk;
c6e81e9a 1842 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 1843 smp_distribute_keys(smp);
7034b911
VCG		 1844
1845 return 0;
1846}
1847
fd349c02
JH		 1848static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1849{
1850 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 1851 struct l2cap_chan *chan = conn->smp;
1852 struct smp_chan *smp = chan->data;
fd349c02
JH		 1853
1854 BT_DBG("");
1855
1856 if (skb->len < sizeof(*info))
38e4a915 1857 return SMP_INVALID_PARAMS;
fd349c02 1858
b28b4943 1859 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 1860
fd349c02
JH		 1861 skb_pull(skb, sizeof(*info));
1862
1863 memcpy(smp->irk, info->irk, 16);
1864
1865 return 0;
1866}
1867
1868static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1869 struct sk_buff *skb)
1870{
1871 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 1872 struct l2cap_chan *chan = conn->smp;
1873 struct smp_chan *smp = chan->data;
fd349c02
JH		 1874 struct hci_conn *hcon = conn->hcon;
1875 bdaddr_t rpa;
1876
1877 BT_DBG("");
1878
1879 if (skb->len < sizeof(*info))
38e4a915 1880 return SMP_INVALID_PARAMS;
fd349c02 1881
9747a9f3
JH		 1882 /* Mark the information as received */
1883 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1884
b28b4943
JH		 1885 if (smp->remote_key_dist & SMP_DIST_SIGN)
1886 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1887
fd349c02
JH		 1888 skb_pull(skb, sizeof(*info));
1889
a9a58f86
JH		 1890 /* Strictly speaking the Core Specification (4.1) allows sending
1891 * an empty address which would force us to rely on just the IRK
1892 * as "identity information". However, since such
1893 * implementations are not known of and in order to not over
1894 * complicate our implementation, simply pretend that we never
1895 * received an IRK for such a device.
1896 */
1897 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1898 BT_ERR("Ignoring IRK with no identity address");
31dd624e 1899 goto distribute;
a9a58f86
JH		 1900 }
1901
fd349c02
JH		 1902 bacpy(&smp->id_addr, &info->bdaddr);
1903 smp->id_addr_type = info->addr_type;
1904
1905 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1906 bacpy(&rpa, &hcon->dst);
1907 else
1908 bacpy(&rpa, BDADDR_ANY);
1909
23d0e128
JH		 1910 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1911 smp->id_addr_type, smp->irk, &rpa);
fd349c02 1912
31dd624e 1913distribute:
c6e81e9a
JH		 1914 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1915 smp_distribute_keys(smp);
fd349c02
JH		 1916
1917 return 0;
1918}
1919
7ee4ea36
MH		 1920static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1921{
1922 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 1923 struct l2cap_chan *chan = conn->smp;
1924 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 1925 struct smp_csrk *csrk;
1926
1927 BT_DBG("conn %p", conn);
1928
1929 if (skb->len < sizeof(*rp))
38e4a915 1930 return SMP_INVALID_PARAMS;
7ee4ea36 1931
7ee4ea36
MH		 1932 /* Mark the information as received */
1933 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1934
1935 skb_pull(skb, sizeof(*rp));
1936
7ee4ea36
MH		 1937 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1938 if (csrk) {
1939 csrk->master = 0x01;
1940 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1941 }
1942 smp->csrk = csrk;
d6268e86 1943 smp_distribute_keys(smp);
7ee4ea36
MH		 1944
1945 return 0;
1946}
1947
5e3d3d9b
JH		 1948static u8 sc_select_method(struct smp_chan *smp)
1949{
1950 struct l2cap_conn *conn = smp->conn;
1951 struct hci_conn *hcon = conn->hcon;
1952 struct smp_cmd_pairing *local, *remote;
1953 u8 local_mitm, remote_mitm, local_io, remote_io, method;
1954
1955 /* The preq/prsp contain the raw Pairing Request/Response PDUs
1956 * which are needed as inputs to some crypto functions. To get
1957 * the "struct smp_cmd_pairing" from them we need to skip the
1958 * first byte which contains the opcode.
1959 */
1960 if (hcon->out) {
1961 local = (void *) &smp->preq[1];
1962 remote = (void *) &smp->prsp[1];
1963 } else {
1964 local = (void *) &smp->prsp[1];
1965 remote = (void *) &smp->preq[1];
1966 }
1967
1968 local_io = local->io_capability;
1969 remote_io = remote->io_capability;
1970
1971 local_mitm = (local->auth_req & SMP_AUTH_MITM);
1972 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
1973
1974 /* If either side wants MITM, look up the method from the table,
1975 * otherwise use JUST WORKS.
1976 */
1977 if (local_mitm || remote_mitm)
1978 method = get_auth_method(smp, local_io, remote_io);
1979 else
1980 method = JUST_WORKS;
1981
1982 /* Don't confirm locally initiated pairing attempts */
1983 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
1984 method = JUST_WORKS;
1985
1986 return method;
1987}
1988
d8f8edbe
JH		 1989static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
1990{
1991 struct smp_cmd_public_key *key = (void *) skb->data;
1992 struct hci_conn *hcon = conn->hcon;
1993 struct l2cap_chan *chan = conn->smp;
1994 struct smp_chan *smp = chan->data;
5e3d3d9b 1995 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 1996 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 1997 int err;
1998
1999 BT_DBG("conn %p", conn);
2000
2001 if (skb->len < sizeof(*key))
2002 return SMP_INVALID_PARAMS;
2003
2004 memcpy(smp->remote_pk, key, 64);
2005
2006 /* Non-initiating device sends its public key after receiving
2007 * the key from the initiating device.
2008 */
2009 if (!hcon->out) {
2010 err = sc_send_public_key(smp);
2011 if (err)
2012 return err;
2013 }
2014
2015 BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2016 BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2017
2018 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2019 return SMP_UNSPECIFIED;
2020
2021 BT_DBG("DHKey %32phN", smp->dhkey);
2022
2023 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2024
5e3d3d9b
JH		 2025 smp->method = sc_select_method(smp);
2026
2027 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2028
2029 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2030 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2031 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2032 else
2033 hcon->pending_sec_level = BT_SECURITY_FIPS;
2034
aeb7d461
JH		 2035 if (!memcmp(debug_pk, smp->remote_pk, 64))
2036 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2037
cbbbe3e2
JH		 2038 /* The Initiating device waits for the non-initiating device to
2039 * send the confirm value.
2040 */
2041 if (conn->hcon->out)
2042 return 0;
2043
2044 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2045 0, cfm.confirm_val);
2046 if (err)
2047 return SMP_UNSPECIFIED;
2048
2049 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2050 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2051
d8f8edbe
JH		 2052 return 0;
2053}
2054
6433a9a2
JH		 2055static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2056{
2057 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2058 struct l2cap_chan *chan = conn->smp;
2059 struct hci_conn *hcon = conn->hcon;
2060 struct smp_chan *smp = chan->data;
2061 u8 a[7], b[7], *local_addr, *remote_addr;
2062 u8 io_cap[3], r[16], e[16];
2063 int err;
2064
2065 BT_DBG("conn %p", conn);
2066
2067 if (skb->len < sizeof(*check))
2068 return SMP_INVALID_PARAMS;
2069
2070 memcpy(a, &hcon->init_addr, 6);
2071 memcpy(b, &hcon->resp_addr, 6);
2072 a[6] = hcon->init_addr_type;
2073 b[6] = hcon->resp_addr_type;
2074
2075 if (hcon->out) {
2076 local_addr = a;
2077 remote_addr = b;
2078 memcpy(io_cap, &smp->prsp[1], 3);
2079 } else {
2080 local_addr = b;
2081 remote_addr = a;
2082 memcpy(io_cap, &smp->preq[1], 3);
2083 }
2084
2085 memset(r, 0, sizeof(r));
2086
2087 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2088 io_cap, remote_addr, local_addr, e);
2089 if (err)
2090 return SMP_UNSPECIFIED;
2091
2092 if (memcmp(check->e, e, 16))
2093 return SMP_DHKEY_CHECK_FAILED;
2094
2095 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2096 SMP_LTK_P256, 0, smp->tk, smp->enc_key_size,
2097 0, 0);
2098
2099 if (hcon->out) {
2100 hci_le_start_enc(hcon, 0, 0, smp->tk);
2101 hcon->enc_key_size = smp->enc_key_size;
2102 }
2103
2104 return 0;
2105}
2106
4befb867 2107static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2108{
5d88cc73 2109 struct l2cap_conn *conn = chan->conn;
7b9899db 2110 struct hci_conn *hcon = conn->hcon;
b28b4943 2111 struct smp_chan *smp;
92381f5c 2112 __u8 code, reason;
eb492e01
AB		 2113 int err = 0;
2114
7b9899db
MH		 2115 if (hcon->type != LE_LINK) {
2116 kfree_skb(skb);
3432711f 2117 return 0;
7b9899db
MH		 2118 }
2119
8ae9b984 2120 if (skb->len < 1)
92381f5c 2121 return -EILSEQ;
92381f5c 2122
06ae3314 2123 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2124 reason = SMP_PAIRING_NOTSUPP;
2125 goto done;
2126 }
2127
92381f5c 2128 code = skb->data[0];
eb492e01
AB		 2129 skb_pull(skb, sizeof(code));
2130
b28b4943
JH		 2131 smp = chan->data;
2132
2133 if (code > SMP_CMD_MAX)
2134 goto drop;
2135
24bd0bd9 2136 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2137 goto drop;
2138
2139 /* If we don't have a context the only allowed commands are
2140 * pairing request and security request.
8cf9fa12 2141 */
b28b4943
JH		 2142 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2143 goto drop;
8cf9fa12 2144
eb492e01
AB		 2145 switch (code) {
2146 case SMP_CMD_PAIRING_REQ:
da85e5e5 2147 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2148 break;
2149
2150 case SMP_CMD_PAIRING_FAIL:
84794e11 2151 smp_failure(conn, 0);
da85e5e5 2152 err = -EPERM;
eb492e01
AB		 2153 break;
2154
2155 case SMP_CMD_PAIRING_RSP:
da85e5e5 2156 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2157 break;
2158
2159 case SMP_CMD_SECURITY_REQ:
da85e5e5 2160 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2161 break;
2162
eb492e01 2163 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2164 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2165 break;
2166
eb492e01 2167 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2168 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2169 break;
2170
eb492e01 2171 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2172 reason = smp_cmd_encrypt_info(conn, skb);
2173 break;
2174
eb492e01 2175 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2176 reason = smp_cmd_master_ident(conn, skb);
2177 break;
2178
eb492e01 2179 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2180 reason = smp_cmd_ident_info(conn, skb);
2181 break;
2182
eb492e01 2183 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2184 reason = smp_cmd_ident_addr_info(conn, skb);
2185 break;
2186
eb492e01 2187 case SMP_CMD_SIGN_INFO:
7ee4ea36 2188 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2189 break;
2190
d8f8edbe
JH		 2191 case SMP_CMD_PUBLIC_KEY:
2192 reason = smp_cmd_public_key(conn, skb);
2193 break;
2194
6433a9a2
JH		 2195 case SMP_CMD_DHKEY_CHECK:
2196 reason = smp_cmd_dhkey_check(conn, skb);
2197 break;
2198
eb492e01
AB		 2199 default:
2200 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2201 reason = SMP_CMD_NOTSUPP;
3a0259bb 2202 goto done;
eb492e01
AB		 2203 }
2204
3a0259bb 2205done:
9b7b18ef
JH		 2206 if (!err) {
2207 if (reason)
2208 smp_failure(conn, reason);
8ae9b984 2209 kfree_skb(skb);
9b7b18ef
JH		 2210 }
2211
eb492e01 2212 return err;
b28b4943
JH		 2213
2214drop:
2215 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2216 code, &hcon->dst);
2217 kfree_skb(skb);
2218 return 0;
eb492e01 2219}
7034b911 2220
70db83c4
JH		 2221static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2222{
2223 struct l2cap_conn *conn = chan->conn;
2224
2225 BT_DBG("chan %p", chan);
2226
fc75cc86 2227 if (chan->data)
5d88cc73 2228 smp_chan_destroy(conn);
5d88cc73 2229
70db83c4
JH		 2230 conn->smp = NULL;
2231 l2cap_chan_put(chan);
2232}
2233
44f1a7ab
JH		 2234static void smp_resume_cb(struct l2cap_chan *chan)
2235{
b68fda68 2236 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2237 struct l2cap_conn *conn = chan->conn;
2238 struct hci_conn *hcon = conn->hcon;
2239
2240 BT_DBG("chan %p", chan);
2241
86d1407c
JH		 2242 if (!smp)
2243 return;
b68fda68 2244
84bc0db5
JH		 2245 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2246 return;
2247
86d1407c
JH		 2248 cancel_delayed_work(&smp->security_timer);
2249
d6268e86 2250 smp_distribute_keys(smp);
44f1a7ab
JH		 2251}
2252
70db83c4
JH		 2253static void smp_ready_cb(struct l2cap_chan *chan)
2254{
2255 struct l2cap_conn *conn = chan->conn;
2256
2257 BT_DBG("chan %p", chan);
2258
2259 conn->smp = chan;
2260 l2cap_chan_hold(chan);
2261}
2262
4befb867
JH		 2263static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2264{
2265 int err;
2266
2267 BT_DBG("chan %p", chan);
2268
2269 err = smp_sig_channel(chan, skb);
2270 if (err) {
b68fda68 2271 struct smp_chan *smp = chan->data;
4befb867 2272
b68fda68
JH		 2273 if (smp)
2274 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2275
1e91c29e 2276 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2277 }
2278
2279 return err;
2280}
2281
70db83c4
JH		 2282static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2283 unsigned long hdr_len,
2284 unsigned long len, int nb)
2285{
2286 struct sk_buff *skb;
2287
2288 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2289 if (!skb)
2290 return ERR_PTR(-ENOMEM);
2291
2292 skb->priority = HCI_PRIO_MAX;
2293 bt_cb(skb)->chan = chan;
2294
2295 return skb;
2296}
2297
2298static const struct l2cap_ops smp_chan_ops = {
2299 .name = "Security Manager",
2300 .ready = smp_ready_cb,
5d88cc73 2301 .recv = smp_recv_cb,
70db83c4
JH		 2302 .alloc_skb = smp_alloc_skb_cb,
2303 .teardown = smp_teardown_cb,
44f1a7ab 2304 .resume = smp_resume_cb,
70db83c4
JH		 2305
2306 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2307 .state_change = l2cap_chan_no_state_change,
2308 .close = l2cap_chan_no_close,
2309 .defer = l2cap_chan_no_defer,
2310 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2311 .set_shutdown = l2cap_chan_no_set_shutdown,
2312 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2313 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2314};
2315
2316static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2317{
2318 struct l2cap_chan *chan;
2319
2320 BT_DBG("pchan %p", pchan);
2321
2322 chan = l2cap_chan_create();
2323 if (!chan)
2324 return NULL;
2325
2326 chan->chan_type = pchan->chan_type;
2327 chan->ops = &smp_chan_ops;
2328 chan->scid = pchan->scid;
2329 chan->dcid = chan->scid;
2330 chan->imtu = pchan->imtu;
2331 chan->omtu = pchan->omtu;
2332 chan->mode = pchan->mode;
2333
abe84903
JH		 2334 /* Other L2CAP channels may request SMP routines in order to
2335 * change the security level. This means that the SMP channel
2336 * lock must be considered in its own category to avoid lockdep
2337 * warnings.
2338 */
2339 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2340
70db83c4
JH		 2341 BT_DBG("created chan %p", chan);
2342
2343 return chan;
2344}
2345
2346static const struct l2cap_ops smp_root_chan_ops = {
2347 .name = "Security Manager Root",
2348 .new_connection = smp_new_conn_cb,
2349
2350 /* None of these are implemented for the root channel */
2351 .close = l2cap_chan_no_close,
2352 .alloc_skb = l2cap_chan_no_alloc_skb,
2353 .recv = l2cap_chan_no_recv,
2354 .state_change = l2cap_chan_no_state_change,
2355 .teardown = l2cap_chan_no_teardown,
2356 .ready = l2cap_chan_no_ready,
2357 .defer = l2cap_chan_no_defer,
2358 .suspend = l2cap_chan_no_suspend,
2359 .resume = l2cap_chan_no_resume,
2360 .set_shutdown = l2cap_chan_no_set_shutdown,
2361 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2362 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2363};
2364
711eafe3
JH		 2365int smp_register(struct hci_dev *hdev)
2366{
70db83c4 2367 struct l2cap_chan *chan;
defce9e8 2368 struct crypto_blkcipher *tfm_aes;
70db83c4 2369
711eafe3
JH		 2370 BT_DBG("%s", hdev->name);
2371
adae20cb 2372 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8
JH		 2373 if (IS_ERR(tfm_aes)) {
2374 int err = PTR_ERR(tfm_aes);
711eafe3 2375 BT_ERR("Unable to create crypto context");
711eafe3
JH		 2376 return err;
2377 }
2378
70db83c4
JH		 2379 chan = l2cap_chan_create();
2380 if (!chan) {
defce9e8 2381 crypto_free_blkcipher(tfm_aes);
70db83c4
JH		 2382 return -ENOMEM;
2383 }
2384
defce9e8
JH		 2385 chan->data = tfm_aes;
2386
5d88cc73 2387 l2cap_add_scid(chan, L2CAP_CID_SMP);
70db83c4
JH		 2388
2389 l2cap_chan_set_defaults(chan);
2390
2391 bacpy(&chan->src, &hdev->bdaddr);
2392 chan->src_type = BDADDR_LE_PUBLIC;
2393 chan->state = BT_LISTEN;
2394 chan->mode = L2CAP_MODE_BASIC;
2395 chan->imtu = L2CAP_DEFAULT_MTU;
2396 chan->ops = &smp_root_chan_ops;
2397
abe84903
JH		 2398 /* Set correct nesting level for a parent/listening channel */
2399 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2400
70db83c4
JH		 2401 hdev->smp_data = chan;
2402
711eafe3
JH		 2403 return 0;
2404}
2405
2406void smp_unregister(struct hci_dev *hdev)
2407{
70db83c4 2408 struct l2cap_chan *chan = hdev->smp_data;
defce9e8 2409 struct crypto_blkcipher *tfm_aes;
70db83c4
JH		 2410
2411 if (!chan)
2412 return;
2413
2414 BT_DBG("%s chan %p", hdev->name, chan);
711eafe3 2415
defce9e8
JH		 2416 tfm_aes = chan->data;
2417 if (tfm_aes) {
2418 chan->data = NULL;
2419 crypto_free_blkcipher(tfm_aes);
711eafe3 2420 }
70db83c4
JH		 2421
2422 hdev->smp_data = NULL;
2423 l2cap_chan_put(chan);
711eafe3 2424}
Linux kernel - Deliverables
This page took 0.522934 seconds and 5 git commands to generate.