projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add debugfs switch for forcing SMP over BR/EDR
[deliverable/linux.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
8c520a59
GP		 23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
eb492e01
AB		 27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
2b64d153 30#include <net/bluetooth/mgmt.h>
ac4b7236 31
3b19146d 32#include "ecc.h"
ac4b7236 33#include "smp.h"
d22ef0bc 34
b28b4943 35#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 36
3b19146d
JH		 37/* Keys which are not distributed with Secure Connections */
38#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
39
17b02e62 40#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 41
0edb14de
JH		 42#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
43 0x1f : 0x07)
44#define KEY_DIST_MASK 0x07
065a13e2 45
cbbbe3e2
JH		 46/* Maximum message length that can be passed to aes_cmac */
47#define CMAC_MSG_MAX 80
48
533e35d4
JH		 49enum {
50 SMP_FLAG_TK_VALID,
51 SMP_FLAG_CFM_PENDING,
52 SMP_FLAG_MITM_AUTH,
53 SMP_FLAG_COMPLETE,
54 SMP_FLAG_INITIATOR,
65668776 55 SMP_FLAG_SC,
d8f8edbe 56 SMP_FLAG_REMOTE_PK,
aeb7d461 57 SMP_FLAG_DEBUG_KEY,
38606f14 58 SMP_FLAG_WAIT_USER,
d3e54a87 59 SMP_FLAG_DHKEY_PENDING,
533e35d4 60};
4bc58f51
JH		 61
62struct smp_chan {
b68fda68
JH		 63 struct l2cap_conn *conn;
64 struct delayed_work security_timer;
b28b4943 65 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 66
4bc58f51
JH		 67 u8 preq[7]; /* SMP Pairing Request */
68 u8 prsp[7]; /* SMP Pairing Response */
69 u8 prnd[16]; /* SMP Pairing Random (local) */
70 u8 rrnd[16]; /* SMP Pairing Random (remote) */
71 u8 pcnf[16]; /* SMP Pairing Confirm */
72 u8 tk[16]; /* SMP Temporary Key */
73 u8 enc_key_size;
74 u8 remote_key_dist;
75 bdaddr_t id_addr;
76 u8 id_addr_type;
77 u8 irk[16];
78 struct smp_csrk *csrk;
79 struct smp_csrk *slave_csrk;
80 struct smp_ltk *ltk;
81 struct smp_ltk *slave_ltk;
82 struct smp_irk *remote_irk;
6a77083a 83 u8 *link_key;
4a74d658 84 unsigned long flags;
783e0574 85 u8 method;
38606f14 86 u8 passkey_round;
6a7bd103 87
3b19146d
JH		 88 /* Secure Connections variables */
89 u8 local_pk[64];
90 u8 local_sk[32];
d8f8edbe
JH		 91 u8 remote_pk[64];
92 u8 dhkey[32];
760b018b 93 u8 mackey[16];
3b19146d 94
6a7bd103 95 struct crypto_blkcipher *tfm_aes;
407cecf6 96 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 97};
98
aeb7d461
JH		 99/* These debug key values are defined in the SMP section of the core
100 * specification. debug_pk is the public debug key and debug_sk the
101 * private debug key.
102 */
103static const u8 debug_pk[64] = {
104 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
105 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
106 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
107 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
108
109 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
110 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
111 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
112 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
113};
114
115static const u8 debug_sk[32] = {
116 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
117 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
118 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
119 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
120};
121
8a2936f4 122static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 123{
8a2936f4 124 size_t i;
d22ef0bc 125
8a2936f4
JH		 126 for (i = 0; i < len; i++)
127 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 128}
129
cbbbe3e2
JH		 130static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
131 size_t len, u8 mac[16])
132{
133 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
134 struct hash_desc desc;
135 struct scatterlist sg;
136 int err;
137
138 if (len > CMAC_MSG_MAX)
139 return -EFBIG;
140
141 if (!tfm) {
142 BT_ERR("tfm %p", tfm);
143 return -EINVAL;
144 }
145
146 desc.tfm = tfm;
147 desc.flags = 0;
148
149 crypto_hash_init(&desc);
150
151 /* Swap key and message from LSB to MSB */
152 swap_buf(k, tmp, 16);
153 swap_buf(m, msg_msb, len);
154
155 BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
156 BT_DBG("key %16phN", k);
157
158 err = crypto_hash_setkey(tfm, tmp, 16);
159 if (err) {
160 BT_ERR("cipher setkey failed: %d", err);
161 return err;
162 }
163
164 sg_init_one(&sg, msg_msb, len);
165
166 err = crypto_hash_update(&desc, &sg, len);
167 if (err) {
168 BT_ERR("Hash update error %d", err);
169 return err;
170 }
171
172 err = crypto_hash_final(&desc, mac_msb);
173 if (err) {
174 BT_ERR("Hash final error %d", err);
175 return err;
176 }
177
178 swap_buf(mac_msb, mac, 16);
179
180 BT_DBG("mac %16phN", mac);
181
182 return 0;
183}
184
185static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
186 const u8 x[16], u8 z, u8 res[16])
187{
188 u8 m[65];
189 int err;
190
191 BT_DBG("u %32phN", u);
192 BT_DBG("v %32phN", v);
193 BT_DBG("x %16phN z %02x", x, z);
194
195 m[0] = z;
196 memcpy(m + 1, v, 32);
197 memcpy(m + 33, u, 32);
198
199 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
200 if (err)
201 return err;
202
203 BT_DBG("res %16phN", res);
204
205 return err;
206}
207
760b018b
JH		 208static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
209 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
210{
211 /* The btle, salt and length "magic" values are as defined in
212 * the SMP section of the Bluetooth core specification. In ASCII
213 * the btle value ends up being 'btle'. The salt is just a
214 * random number whereas length is the value 256 in little
215 * endian format.
216 */
217 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
218 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
219 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
220 const u8 length[2] = { 0x00, 0x01 };
221 u8 m[53], t[16];
222 int err;
223
224 BT_DBG("w %32phN", w);
225 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
226 BT_DBG("a1 %7phN a2 %7phN", a1, a2);
227
228 err = aes_cmac(tfm_cmac, salt, w, 32, t);
229 if (err)
230 return err;
231
232 BT_DBG("t %16phN", t);
233
234 memcpy(m, length, 2);
235 memcpy(m + 2, a2, 7);
236 memcpy(m + 9, a1, 7);
237 memcpy(m + 16, n2, 16);
238 memcpy(m + 32, n1, 16);
239 memcpy(m + 48, btle, 4);
240
241 m[52] = 0; /* Counter */
242
243 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
244 if (err)
245 return err;
246
247 BT_DBG("mackey %16phN", mackey);
248
249 m[52] = 1; /* Counter */
250
251 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
252 if (err)
253 return err;
254
255 BT_DBG("ltk %16phN", ltk);
256
257 return 0;
258}
259
260static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
261 const u8 n1[16], u8 n2[16], const u8 r[16],
262 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
263 u8 res[16])
264{
265 u8 m[65];
266 int err;
267
268 BT_DBG("w %16phN", w);
269 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
270 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
271
272 memcpy(m, a2, 7);
273 memcpy(m + 7, a1, 7);
274 memcpy(m + 14, io_cap, 3);
275 memcpy(m + 17, r, 16);
276 memcpy(m + 33, n2, 16);
277 memcpy(m + 49, n1, 16);
278
279 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
280 if (err)
281 return err;
282
283 BT_DBG("res %16phN", res);
284
285 return err;
286}
287
191dc7fe
JH		 288static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
289 const u8 x[16], const u8 y[16], u32 *val)
290{
291 u8 m[80], tmp[16];
292 int err;
293
294 BT_DBG("u %32phN", u);
295 BT_DBG("v %32phN", v);
296 BT_DBG("x %16phN y %16phN", x, y);
297
298 memcpy(m, y, 16);
299 memcpy(m + 16, v, 32);
300 memcpy(m + 48, u, 32);
301
302 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
303 if (err)
304 return err;
305
306 *val = get_unaligned_le32(tmp);
307 *val %= 1000000;
308
309 BT_DBG("val %06u", *val);
310
311 return 0;
312}
313
d22ef0bc
AB		 314static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
315{
316 struct blkcipher_desc desc;
317 struct scatterlist sg;
943a732a 318 uint8_t tmp[16], data[16];
201a5929 319 int err;
d22ef0bc
AB		 320
321 if (tfm == NULL) {
322 BT_ERR("tfm %p", tfm);
323 return -EINVAL;
324 }
325
326 desc.tfm = tfm;
327 desc.flags = 0;
328
943a732a 329 /* The most significant octet of key corresponds to k[0] */
8a2936f4 330 swap_buf(k, tmp, 16);
943a732a
JH		 331
332 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 333 if (err) {
334 BT_ERR("cipher setkey failed: %d", err);
335 return err;
336 }
337
943a732a 338 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 339 swap_buf(r, data, 16);
943a732a
JH		 340
341 sg_init_one(&sg, data, 16);
d22ef0bc 342
d22ef0bc
AB		 343 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
344 if (err)
345 BT_ERR("Encrypt data error %d", err);
346
943a732a 347 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 348 swap_buf(data, r, 16);
943a732a 349
d22ef0bc
AB		 350 return err;
351}
352
6a77083a
JH		 353static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355{
356 int err;
357
358 BT_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 BT_DBG("res %16phN", res);
365
366 return err;
367}
368
60478054
JH		 369static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
370{
943a732a 371 u8 _res[16];
60478054
JH		 372 int err;
373
374 /* r' = padding || r */
943a732a
JH		 375 memcpy(_res, r, 3);
376 memset(_res + 3, 0, 13);
60478054 377
943a732a 378 err = smp_e(tfm, irk, _res);
60478054
JH		 379 if (err) {
380 BT_ERR("Encrypt error");
381 return err;
382 }
383
384 /* The output of the random address function ah is:
385 * ah(h, r) = e(k, r') mod 2^24
386 * The output of the security function e is then truncated to 24 bits
387 * by taking the least significant 24 bits of the output of e as the
388 * result of ah.
389 */
943a732a 390 memcpy(res, _res, 3);
60478054
JH		 391
392 return 0;
393}
394
defce9e8 395bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
60478054 396{
defce9e8
JH		 397 struct l2cap_chan *chan = hdev->smp_data;
398 struct crypto_blkcipher *tfm;
60478054
JH		 399 u8 hash[3];
400 int err;
401
defce9e8
JH		 402 if (!chan || !chan->data)
403 return false;
404
405 tfm = chan->data;
406
60478054
JH		 407 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
408
409 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
410 if (err)
411 return false;
412
413 return !memcmp(bdaddr->b, hash, 3);
414}
415
defce9e8 416int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 417{
defce9e8
JH		 418 struct l2cap_chan *chan = hdev->smp_data;
419 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 420 int err;
421
defce9e8
JH		 422 if (!chan || !chan->data)
423 return -EOPNOTSUPP;
424
425 tfm = chan->data;
426
b1e2b3ae
JH		 427 get_random_bytes(&rpa->b[3], 3);
428
429 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
430 rpa->b[5] |= 0x40; /* Set second most significant bit */
431
432 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
433 if (err < 0)
434 return err;
435
436 BT_DBG("RPA %pMR", rpa);
437
438 return 0;
439}
440
e491eaf3
JH		 441static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
442 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
443 bdaddr_t *ra, u8 res[16])
d22ef0bc
AB		 444{
445 u8 p1[16], p2[16];
446 int err;
447
448 memset(p1, 0, 16);
449
450 /* p1 = pres || preq || _rat || _iat */
943a732a
JH		 451 p1[0] = _iat;
452 p1[1] = _rat;
453 memcpy(p1 + 2, preq, 7);
454 memcpy(p1 + 9, pres, 7);
d22ef0bc
AB		 455
456 /* p2 = padding || ia || ra */
943a732a
JH		 457 memcpy(p2, ra, 6);
458 memcpy(p2 + 6, ia, 6);
459 memset(p2 + 12, 0, 4);
d22ef0bc
AB		 460
461 /* res = r XOR p1 */
462 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
463
464 /* res = e(k, res) */
e491eaf3 465 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 466 if (err) {
467 BT_ERR("Encrypt data error");
468 return err;
469 }
470
471 /* res = res XOR p2 */
472 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
473
474 /* res = e(k, res) */
e491eaf3 475 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 476 if (err)
477 BT_ERR("Encrypt data error");
478
479 return err;
480}
481
e491eaf3
JH		 482static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
483 u8 r2[16], u8 _r[16])
d22ef0bc
AB		 484{
485 int err;
486
487 /* Just least significant octets from r1 and r2 are considered */
943a732a
JH		 488 memcpy(_r, r2, 8);
489 memcpy(_r + 8, r1, 8);
d22ef0bc 490
e491eaf3 491 err = smp_e(tfm_aes, k, _r);
d22ef0bc
AB		 492 if (err)
493 BT_ERR("Encrypt data error");
494
495 return err;
496}
497
5d88cc73 498static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 499{
5d88cc73 500 struct l2cap_chan *chan = conn->smp;
b68fda68 501 struct smp_chan *smp;
5d88cc73
JH		 502 struct kvec iv[2];
503 struct msghdr msg;
eb492e01 504
5d88cc73
JH		 505 if (!chan)
506 return;
eb492e01 507
5d88cc73 508 BT_DBG("code 0x%2.2x", code);
eb492e01 509
5d88cc73
JH		 510 iv[0].iov_base = &code;
511 iv[0].iov_len = 1;
eb492e01 512
5d88cc73
JH		 513 iv[1].iov_base = data;
514 iv[1].iov_len = len;
eb492e01 515
5d88cc73 516 memset(&msg, 0, sizeof(msg));
eb492e01 517
5d88cc73
JH		 518 msg.msg_iov = (struct iovec *) &iv;
519 msg.msg_iovlen = 2;
eb492e01 520
5d88cc73 521 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 522
b68fda68
JH		 523 if (!chan->data)
524 return;
525
526 smp = chan->data;
527
528 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 529 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 530}
531
d2eb9e10 532static u8 authreq_to_seclevel(u8 authreq)
2b64d153 533{
d2eb9e10
JH		 534 if (authreq & SMP_AUTH_MITM) {
535 if (authreq & SMP_AUTH_SC)
536 return BT_SECURITY_FIPS;
537 else
538 return BT_SECURITY_HIGH;
539 } else {
2b64d153 540 return BT_SECURITY_MEDIUM;
d2eb9e10 541 }
2b64d153
BG		 542}
543
544static __u8 seclevel_to_authreq(__u8 sec_level)
545{
546 switch (sec_level) {
d2eb9e10 547 case BT_SECURITY_FIPS:
2b64d153
BG		 548 case BT_SECURITY_HIGH:
549 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
550 case BT_SECURITY_MEDIUM:
551 return SMP_AUTH_BONDING;
552 default:
553 return SMP_AUTH_NONE;
554 }
555}
556
b8e66eac 557static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 558 struct smp_cmd_pairing *req,
559 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 560{
5d88cc73
JH		 561 struct l2cap_chan *chan = conn->smp;
562 struct smp_chan *smp = chan->data;
fd349c02
JH		 563 struct hci_conn *hcon = conn->hcon;
564 struct hci_dev *hdev = hcon->hdev;
565 u8 local_dist = 0, remote_dist = 0;
54790f73 566
b6ae8457 567 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 568 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
569 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 570 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 571 } else {
572 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 573 }
574
fd349c02
JH		 575 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
576 remote_dist |= SMP_DIST_ID_KEY;
577
863efaf2
JH		 578 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
579 local_dist |= SMP_DIST_ID_KEY;
580
df8e1a4c
JH		 581 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
582 if ((authreq & SMP_AUTH_SC) &&
583 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
584 local_dist |= SMP_DIST_LINK_KEY;
585 remote_dist |= SMP_DIST_LINK_KEY;
586 }
587 } else {
588 authreq &= ~SMP_AUTH_SC;
589 }
590
54790f73
VCG		 591 if (rsp == NULL) {
592 req->io_capability = conn->hcon->io_capability;
593 req->oob_flag = SMP_OOB_NOT_PRESENT;
594 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 595 req->init_key_dist = local_dist;
596 req->resp_key_dist = remote_dist;
0edb14de 597 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 598
599 smp->remote_key_dist = remote_dist;
54790f73
VCG		 600 return;
601 }
602
603 rsp->io_capability = conn->hcon->io_capability;
604 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
605 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 606 rsp->init_key_dist = req->init_key_dist & remote_dist;
607 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 608 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 609
610 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 611}
612
3158c50c
VCG		 613static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
614{
5d88cc73
JH		 615 struct l2cap_chan *chan = conn->smp;
616 struct smp_chan *smp = chan->data;
1c1def09 617
3158c50c 618 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 619 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 620 return SMP_ENC_KEY_SIZE;
621
f7aa611a 622 smp->enc_key_size = max_key_size;
3158c50c
VCG		 623
624 return 0;
625}
626
6f48e260
JH		 627static void smp_chan_destroy(struct l2cap_conn *conn)
628{
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 bool complete;
632
633 BUG_ON(!smp);
634
635 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 636
6f48e260
JH		 637 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
638 mgmt_smp_complete(conn->hcon, complete);
639
640 kfree(smp->csrk);
641 kfree(smp->slave_csrk);
6a77083a 642 kfree(smp->link_key);
6f48e260
JH		 643
644 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 645 crypto_free_hash(smp->tfm_cmac);
6f48e260
JH		 646
647 /* If pairing failed clean up any keys we might have */
648 if (!complete) {
649 if (smp->ltk) {
970d0f1b
JH		 650 list_del_rcu(&smp->ltk->list);
651 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 652 }
653
654 if (smp->slave_ltk) {
970d0f1b
JH		 655 list_del_rcu(&smp->slave_ltk->list);
656 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 657 }
658
659 if (smp->remote_irk) {
adae20cb
JH		 660 list_del_rcu(&smp->remote_irk->list);
661 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 662 }
663 }
664
665 chan->data = NULL;
666 kfree(smp);
667 hci_conn_drop(conn->hcon);
668}
669
84794e11 670static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 671{
bab73cb6 672 struct hci_conn *hcon = conn->hcon;
b68fda68 673 struct l2cap_chan *chan = conn->smp;
bab73cb6 674
84794e11 675 if (reason)
4f957a76 676 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 677 &reason);
4f957a76 678
ce39fb4e 679 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 680 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 681
fc75cc86 682 if (chan->data)
f1c09c07 683 smp_chan_destroy(conn);
4f957a76
BG		 684}
685
2b64d153
BG		 686#define JUST_WORKS 0x00
687#define JUST_CFM 0x01
688#define REQ_PASSKEY 0x02
689#define CFM_PASSKEY 0x03
690#define REQ_OOB 0x04
5e3d3d9b 691#define DSP_PASSKEY 0x05
2b64d153
BG		 692#define OVERLAP 0xFF
693
694static const u8 gen_method[5][5] = {
695 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
696 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
697 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
698 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
699 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
700};
701
5e3d3d9b
JH		 702static const u8 sc_method[5][5] = {
703 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
704 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
705 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
706 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
707 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
708};
709
581370cc
JH		 710static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
711{
2bcd4003
JH		 712 /* If either side has unknown io_caps, use JUST_CFM (which gets
713 * converted later to JUST_WORKS if we're initiators.
714 */
581370cc
JH		 715 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
716 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 717 return JUST_CFM;
581370cc 718
5e3d3d9b
JH		 719 if (test_bit(SMP_FLAG_SC, &smp->flags))
720 return sc_method[remote_io][local_io];
721
581370cc
JH		 722 return gen_method[remote_io][local_io];
723}
724
2b64d153
BG		 725static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
726 u8 local_io, u8 remote_io)
727{
728 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 729 struct l2cap_chan *chan = conn->smp;
730 struct smp_chan *smp = chan->data;
2b64d153
BG		 731 u32 passkey = 0;
732 int ret = 0;
733
734 /* Initialize key for JUST WORKS */
735 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 736 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 737
738 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
739
2bcd4003
JH		 740 /* If neither side wants MITM, either "just" confirm an incoming
741 * request or use just-works for outgoing ones. The JUST_CFM
742 * will be converted to JUST_WORKS if necessary later in this
743 * function. If either side has MITM look up the method from the
744 * table.
745 */
581370cc 746 if (!(auth & SMP_AUTH_MITM))
783e0574 747 smp->method = JUST_CFM;
2b64d153 748 else
783e0574 749 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 750
a82505c7 751 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 752 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
753 &smp->flags))
754 smp->method = JUST_WORKS;
a82505c7 755
02f3e254 756 /* Don't bother user space with no IO capabilities */
783e0574
JH		 757 if (smp->method == JUST_CFM &&
758 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
759 smp->method = JUST_WORKS;
02f3e254 760
2b64d153 761 /* If Just Works, Continue with Zero TK */
783e0574 762 if (smp->method == JUST_WORKS) {
4a74d658 763 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 764 return 0;
765 }
766
767 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 768 if (smp->method != JUST_CFM) {
4a74d658 769 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 770 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
771 hcon->pending_sec_level = BT_SECURITY_HIGH;
772 }
2b64d153
BG		 773
774 /* If both devices have Keyoard-Display I/O, the master
775 * Confirms and the slave Enters the passkey.
776 */
783e0574 777 if (smp->method == OVERLAP) {
40bef302 778 if (hcon->role == HCI_ROLE_MASTER)
783e0574 779 smp->method = CFM_PASSKEY;
2b64d153 780 else
783e0574 781 smp->method = REQ_PASSKEY;
2b64d153
BG		 782 }
783
01ad34d2 784 /* Generate random passkey. */
783e0574 785 if (smp->method == CFM_PASSKEY) {
943a732a 786 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 787 get_random_bytes(&passkey, sizeof(passkey));
788 passkey %= 1000000;
943a732a 789 put_unaligned_le32(passkey, smp->tk);
2b64d153 790 BT_DBG("PassKey: %d", passkey);
4a74d658 791 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 792 }
793
783e0574 794 if (smp->method == REQ_PASSKEY)
ce39fb4e 795 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 796 hcon->type, hcon->dst_type);
783e0574 797 else if (smp->method == JUST_CFM)
4eb65e66
JH		 798 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
799 hcon->type, hcon->dst_type,
800 passkey, 1);
2b64d153 801 else
01ad34d2 802 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 803 hcon->type, hcon->dst_type,
39adbffe 804 passkey, 0);
2b64d153 805
2b64d153
BG		 806 return ret;
807}
808
1cc61144 809static u8 smp_confirm(struct smp_chan *smp)
8aab4757 810{
8aab4757 811 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 812 struct smp_cmd_pairing_confirm cp;
813 int ret;
8aab4757
VCG		 814
815 BT_DBG("conn %p", conn);
816
e491eaf3 817 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 818 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 819 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
820 cp.confirm_val);
1cc61144
JH		 821 if (ret)
822 return SMP_UNSPECIFIED;
8aab4757 823
4a74d658 824 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 825
8aab4757
VCG		 826 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
827
b28b4943
JH		 828 if (conn->hcon->out)
829 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
830 else
831 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
832
1cc61144 833 return 0;
8aab4757
VCG		 834}
835
861580a9 836static u8 smp_random(struct smp_chan *smp)
8aab4757 837{
8aab4757
VCG		 838 struct l2cap_conn *conn = smp->conn;
839 struct hci_conn *hcon = conn->hcon;
861580a9 840 u8 confirm[16];
8aab4757
VCG		 841 int ret;
842
ec70f36f 843 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 844 return SMP_UNSPECIFIED;
8aab4757
VCG		 845
846 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
847
e491eaf3 848 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 849 hcon->init_addr_type, &hcon->init_addr,
943a732a 850 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 851 if (ret)
852 return SMP_UNSPECIFIED;
8aab4757 853
8aab4757
VCG		 854 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
855 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 856 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 857 }
858
859 if (hcon->out) {
fe39c7b2
MH		 860 u8 stk[16];
861 __le64 rand = 0;
862 __le16 ediv = 0;
8aab4757 863
e491eaf3 864 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 865
f7aa611a 866 memset(stk + smp->enc_key_size, 0,
04124681 867 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 868
861580a9
JH		 869 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
870 return SMP_UNSPECIFIED;
8aab4757
VCG		 871
872 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 873 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 874 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 875 } else {
fff3490f 876 u8 stk[16], auth;
fe39c7b2
MH		 877 __le64 rand = 0;
878 __le16 ediv = 0;
8aab4757 879
943a732a
JH		 880 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
881 smp->prnd);
8aab4757 882
e491eaf3 883 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 884
f7aa611a 885 memset(stk + smp->enc_key_size, 0,
f1560463 886 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 887
fff3490f
JH		 888 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
889 auth = 1;
890 else
891 auth = 0;
892
7d5843b7
JH		 893 /* Even though there's no _SLAVE suffix this is the
894 * slave STK we're adding for later lookup (the master
895 * STK never needs to be stored).
896 */
ce39fb4e 897 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 898 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 899 }
900
861580a9 901 return 0;
8aab4757
VCG		 902}
903
44f1a7ab
JH		 904static void smp_notify_keys(struct l2cap_conn *conn)
905{
906 struct l2cap_chan *chan = conn->smp;
907 struct smp_chan *smp = chan->data;
908 struct hci_conn *hcon = conn->hcon;
909 struct hci_dev *hdev = hcon->hdev;
910 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
911 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
912 bool persistent;
913
914 if (smp->remote_irk) {
915 mgmt_new_irk(hdev, smp->remote_irk);
916 /* Now that user space can be considered to know the
917 * identity address track the connection based on it
918 * from now on.
919 */
920 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
921 hcon->dst_type = smp->remote_irk->addr_type;
f3d82d0c 922 queue_work(hdev->workqueue, &conn->id_addr_update_work);
44f1a7ab
JH		 923
924 /* When receiving an indentity resolving key for
925 * a remote device that does not use a resolvable
926 * private address, just remove the key so that
927 * it is possible to use the controller white
928 * list for scanning.
929 *
930 * Userspace will have been told to not store
931 * this key at this point. So it is safe to
932 * just remove it.
933 */
934 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 935 list_del_rcu(&smp->remote_irk->list);
936 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 937 smp->remote_irk = NULL;
938 }
939 }
940
941 /* The LTKs and CSRKs should be persistent only if both sides
942 * had the bonding bit set in their authentication requests.
943 */
944 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
945
946 if (smp->csrk) {
947 smp->csrk->bdaddr_type = hcon->dst_type;
948 bacpy(&smp->csrk->bdaddr, &hcon->dst);
949 mgmt_new_csrk(hdev, smp->csrk, persistent);
950 }
951
952 if (smp->slave_csrk) {
953 smp->slave_csrk->bdaddr_type = hcon->dst_type;
954 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
955 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
956 }
957
958 if (smp->ltk) {
959 smp->ltk->bdaddr_type = hcon->dst_type;
960 bacpy(&smp->ltk->bdaddr, &hcon->dst);
961 mgmt_new_ltk(hdev, smp->ltk, persistent);
962 }
963
964 if (smp->slave_ltk) {
965 smp->slave_ltk->bdaddr_type = hcon->dst_type;
966 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
967 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
968 }
6a77083a
JH		 969
970 if (smp->link_key) {
e3befab9
JH		 971 struct link_key *key;
972 u8 type;
973
974 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
975 type = HCI_LK_DEBUG_COMBINATION;
976 else if (hcon->sec_level == BT_SECURITY_FIPS)
977 type = HCI_LK_AUTH_COMBINATION_P256;
978 else
979 type = HCI_LK_UNAUTH_COMBINATION_P256;
980
981 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
982 smp->link_key, type, 0, &persistent);
983 if (key) {
984 mgmt_new_link_key(hdev, key, persistent);
985
986 /* Don't keep debug keys around if the relevant
987 * flag is not set.
988 */
989 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
990 key->type == HCI_LK_DEBUG_COMBINATION) {
991 list_del_rcu(&key->list);
992 kfree_rcu(key, rcu);
993 }
994 }
6a77083a
JH		 995 }
996}
997
d3e54a87
JH		 998static void sc_add_ltk(struct smp_chan *smp)
999{
1000 struct hci_conn *hcon = smp->conn->hcon;
1001 u8 key_type, auth;
1002
1003 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1004 key_type = SMP_LTK_P256_DEBUG;
1005 else
1006 key_type = SMP_LTK_P256;
1007
1008 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1009 auth = 1;
1010 else
1011 auth = 0;
1012
1013 memset(smp->tk + smp->enc_key_size, 0,
1014 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1015
1016 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1017 key_type, auth, smp->tk, smp->enc_key_size,
1018 0, 0);
1019}
1020
6a77083a
JH		 1021static void sc_generate_link_key(struct smp_chan *smp)
1022{
1023 /* These constants are as specified in the core specification.
1024 * In ASCII they spell out to 'tmp1' and 'lebr'.
1025 */
1026 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1027 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1028
1029 smp->link_key = kzalloc(16, GFP_KERNEL);
1030 if (!smp->link_key)
1031 return;
1032
1033 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1034 kfree(smp->link_key);
1035 smp->link_key = NULL;
1036 return;
1037 }
1038
1039 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1040 kfree(smp->link_key);
1041 smp->link_key = NULL;
1042 return;
1043 }
44f1a7ab
JH		 1044}
1045
b28b4943
JH		 1046static void smp_allow_key_dist(struct smp_chan *smp)
1047{
1048 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1049 * will be allowed in each PDU handler to ensure we receive
1050 * them in the correct order.
1051 */
1052 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1053 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1054 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1055 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1056 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1057 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1058}
1059
d6268e86 1060static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1061{
1062 struct smp_cmd_pairing *req, *rsp;
86d1407c 1063 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1064 struct hci_conn *hcon = conn->hcon;
1065 struct hci_dev *hdev = hcon->hdev;
1066 __u8 *keydist;
1067
1068 BT_DBG("conn %p", conn);
1069
44f1a7ab
JH		 1070 rsp = (void *) &smp->prsp[1];
1071
1072 /* The responder sends its keys first */
b28b4943
JH		 1073 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1074 smp_allow_key_dist(smp);
86d1407c 1075 return;
b28b4943 1076 }
44f1a7ab
JH		 1077
1078 req = (void *) &smp->preq[1];
1079
1080 if (hcon->out) {
1081 keydist = &rsp->init_key_dist;
1082 *keydist &= req->init_key_dist;
1083 } else {
1084 keydist = &rsp->resp_key_dist;
1085 *keydist &= req->resp_key_dist;
1086 }
1087
6a77083a
JH		 1088 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1089 if (*keydist & SMP_DIST_LINK_KEY)
1090 sc_generate_link_key(smp);
1091
1092 /* Clear the keys which are generated but not distributed */
1093 *keydist &= ~SMP_SC_NO_DIST;
1094 }
1095
44f1a7ab
JH		 1096 BT_DBG("keydist 0x%x", *keydist);
1097
1098 if (*keydist & SMP_DIST_ENC_KEY) {
1099 struct smp_cmd_encrypt_info enc;
1100 struct smp_cmd_master_ident ident;
1101 struct smp_ltk *ltk;
1102 u8 authenticated;
1103 __le16 ediv;
1104 __le64 rand;
1105
1106 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1107 get_random_bytes(&ediv, sizeof(ediv));
1108 get_random_bytes(&rand, sizeof(rand));
1109
1110 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1111
1112 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1113 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1114 SMP_LTK_SLAVE, authenticated, enc.ltk,
1115 smp->enc_key_size, ediv, rand);
1116 smp->slave_ltk = ltk;
1117
1118 ident.ediv = ediv;
1119 ident.rand = rand;
1120
1121 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1122
1123 *keydist &= ~SMP_DIST_ENC_KEY;
1124 }
1125
1126 if (*keydist & SMP_DIST_ID_KEY) {
1127 struct smp_cmd_ident_addr_info addrinfo;
1128 struct smp_cmd_ident_info idinfo;
1129
1130 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1131
1132 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1133
1134 /* The hci_conn contains the local identity address
1135 * after the connection has been established.
1136 *
1137 * This is true even when the connection has been
1138 * established using a resolvable random address.
1139 */
1140 bacpy(&addrinfo.bdaddr, &hcon->src);
1141 addrinfo.addr_type = hcon->src_type;
1142
1143 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1144 &addrinfo);
1145
1146 *keydist &= ~SMP_DIST_ID_KEY;
1147 }
1148
1149 if (*keydist & SMP_DIST_SIGN) {
1150 struct smp_cmd_sign_info sign;
1151 struct smp_csrk *csrk;
1152
1153 /* Generate a new random key */
1154 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1155
1156 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1157 if (csrk) {
1158 csrk->master = 0x00;
1159 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1160 }
1161 smp->slave_csrk = csrk;
1162
1163 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1164
1165 *keydist &= ~SMP_DIST_SIGN;
1166 }
1167
1168 /* If there are still keys to be received wait for them */
b28b4943
JH		 1169 if (smp->remote_key_dist & KEY_DIST_MASK) {
1170 smp_allow_key_dist(smp);
86d1407c 1171 return;
b28b4943 1172 }
44f1a7ab 1173
44f1a7ab
JH		 1174 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1175 smp_notify_keys(conn);
1176
1177 smp_chan_destroy(conn);
44f1a7ab
JH		 1178}
1179
b68fda68
JH		 1180static void smp_timeout(struct work_struct *work)
1181{
1182 struct smp_chan *smp = container_of(work, struct smp_chan,
1183 security_timer.work);
1184 struct l2cap_conn *conn = smp->conn;
1185
1186 BT_DBG("conn %p", conn);
1187
1e91c29e 1188 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1189}
1190
8aab4757
VCG		 1191static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1192{
5d88cc73 1193 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1194 struct smp_chan *smp;
1195
f1560463 1196 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1197 if (!smp)
8aab4757
VCG		 1198 return NULL;
1199
6a7bd103
JH		 1200 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1201 if (IS_ERR(smp->tfm_aes)) {
1202 BT_ERR("Unable to create ECB crypto context");
1203 kfree(smp);
1204 return NULL;
1205 }
1206
407cecf6
JH		 1207 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1208 if (IS_ERR(smp->tfm_cmac)) {
1209 BT_ERR("Unable to create CMAC crypto context");
1210 crypto_free_blkcipher(smp->tfm_aes);
1211 kfree(smp);
1212 return NULL;
1213 }
1214
8aab4757 1215 smp->conn = conn;
5d88cc73 1216 chan->data = smp;
8aab4757 1217
b28b4943
JH		 1218 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1219
b68fda68
JH		 1220 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1221
8aab4757
VCG		 1222 hci_conn_hold(conn->hcon);
1223
1224 return smp;
1225}
1226
760b018b
JH		 1227static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1228{
1229 struct hci_conn *hcon = smp->conn->hcon;
1230 u8 *na, *nb, a[7], b[7];
1231
1232 if (hcon->out) {
1233 na = smp->prnd;
1234 nb = smp->rrnd;
1235 } else {
1236 na = smp->rrnd;
1237 nb = smp->prnd;
1238 }
1239
1240 memcpy(a, &hcon->init_addr, 6);
1241 memcpy(b, &hcon->resp_addr, 6);
1242 a[6] = hcon->init_addr_type;
1243 b[6] = hcon->resp_addr_type;
1244
1245 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1246}
1247
38606f14 1248static void sc_dhkey_check(struct smp_chan *smp)
760b018b
JH		 1249{
1250 struct hci_conn *hcon = smp->conn->hcon;
1251 struct smp_cmd_dhkey_check check;
1252 u8 a[7], b[7], *local_addr, *remote_addr;
1253 u8 io_cap[3], r[16];
1254
760b018b
JH		 1255 memcpy(a, &hcon->init_addr, 6);
1256 memcpy(b, &hcon->resp_addr, 6);
1257 a[6] = hcon->init_addr_type;
1258 b[6] = hcon->resp_addr_type;
1259
1260 if (hcon->out) {
1261 local_addr = a;
1262 remote_addr = b;
1263 memcpy(io_cap, &smp->preq[1], 3);
1264 } else {
1265 local_addr = b;
1266 remote_addr = a;
1267 memcpy(io_cap, &smp->prsp[1], 3);
1268 }
1269
dddd3059
JH		 1270 memset(r, 0, sizeof(r));
1271
1272 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
38606f14 1273 put_unaligned_le32(hcon->passkey_notify, r);
760b018b
JH		 1274
1275 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1276 local_addr, remote_addr, check.e);
1277
1278 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1279}
1280
38606f14
JH		 1281static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1282{
1283 struct l2cap_conn *conn = smp->conn;
1284 struct hci_conn *hcon = conn->hcon;
1285 struct smp_cmd_pairing_confirm cfm;
1286 u8 r;
1287
1288 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1289 r |= 0x80;
1290
1291 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1292
1293 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1294 cfm.confirm_val))
1295 return SMP_UNSPECIFIED;
1296
1297 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1298
1299 return 0;
1300}
1301
1302static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1303{
1304 struct l2cap_conn *conn = smp->conn;
1305 struct hci_conn *hcon = conn->hcon;
1306 struct hci_dev *hdev = hcon->hdev;
1307 u8 cfm[16], r;
1308
1309 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1310 if (smp->passkey_round >= 20)
1311 return 0;
1312
1313 switch (smp_op) {
1314 case SMP_CMD_PAIRING_RANDOM:
1315 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1316 r |= 0x80;
1317
1318 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1319 smp->rrnd, r, cfm))
1320 return SMP_UNSPECIFIED;
1321
1322 if (memcmp(smp->pcnf, cfm, 16))
1323 return SMP_CONFIRM_FAILED;
1324
1325 smp->passkey_round++;
1326
1327 if (smp->passkey_round == 20) {
1328 /* Generate MacKey and LTK */
1329 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1330 return SMP_UNSPECIFIED;
1331 }
1332
1333 /* The round is only complete when the initiator
1334 * receives pairing random.
1335 */
1336 if (!hcon->out) {
1337 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1338 sizeof(smp->prnd), smp->prnd);
d3e54a87 1339 if (smp->passkey_round == 20)
38606f14 1340 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
d3e54a87 1341 else
38606f14 1342 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
38606f14
JH		 1343 return 0;
1344 }
1345
1346 /* Start the next round */
1347 if (smp->passkey_round != 20)
1348 return sc_passkey_round(smp, 0);
1349
1350 /* Passkey rounds are complete - start DHKey Check */
1351 sc_dhkey_check(smp);
1352 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1353
1354 break;
1355
1356 case SMP_CMD_PAIRING_CONFIRM:
1357 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1358 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1359 return 0;
1360 }
1361
1362 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1363
1364 if (hcon->out) {
1365 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1366 sizeof(smp->prnd), smp->prnd);
1367 return 0;
1368 }
1369
1370 return sc_passkey_send_confirm(smp);
1371
1372 case SMP_CMD_PUBLIC_KEY:
1373 default:
1374 /* Initiating device starts the round */
1375 if (!hcon->out)
1376 return 0;
1377
1378 BT_DBG("%s Starting passkey round %u", hdev->name,
1379 smp->passkey_round + 1);
1380
1381 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1382
1383 return sc_passkey_send_confirm(smp);
1384 }
1385
1386 return 0;
1387}
1388
dddd3059
JH		 1389static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1390{
38606f14
JH		 1391 struct l2cap_conn *conn = smp->conn;
1392 struct hci_conn *hcon = conn->hcon;
1393 u8 smp_op;
1394
1395 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1396
dddd3059
JH		 1397 switch (mgmt_op) {
1398 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1399 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1400 return 0;
1401 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1402 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1403 return 0;
38606f14
JH		 1404 case MGMT_OP_USER_PASSKEY_REPLY:
1405 hcon->passkey_notify = le32_to_cpu(passkey);
1406 smp->passkey_round = 0;
1407
1408 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1409 smp_op = SMP_CMD_PAIRING_CONFIRM;
1410 else
1411 smp_op = 0;
1412
1413 if (sc_passkey_round(smp, smp_op))
1414 return -EIO;
1415
1416 return 0;
dddd3059
JH		 1417 }
1418
d3e54a87
JH		 1419 /* Initiator sends DHKey check first */
1420 if (hcon->out) {
1421 sc_dhkey_check(smp);
1422 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1423 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1424 sc_dhkey_check(smp);
1425 sc_add_ltk(smp);
1426 }
760b018b
JH		 1427
1428 return 0;
1429}
1430
2b64d153
BG		 1431int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1432{
b10e8017 1433 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1434 struct l2cap_chan *chan;
2b64d153
BG		 1435 struct smp_chan *smp;
1436 u32 value;
fc75cc86 1437 int err;
2b64d153
BG		 1438
1439 BT_DBG("");
1440
fc75cc86 1441 if (!conn)
2b64d153
BG		 1442 return -ENOTCONN;
1443
5d88cc73
JH		 1444 chan = conn->smp;
1445 if (!chan)
1446 return -ENOTCONN;
1447
fc75cc86
JH		 1448 l2cap_chan_lock(chan);
1449 if (!chan->data) {
1450 err = -ENOTCONN;
1451 goto unlock;
1452 }
1453
5d88cc73 1454 smp = chan->data;
2b64d153 1455
760b018b
JH		 1456 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1457 err = sc_user_reply(smp, mgmt_op, passkey);
1458 goto unlock;
1459 }
1460
2b64d153
BG		 1461 switch (mgmt_op) {
1462 case MGMT_OP_USER_PASSKEY_REPLY:
1463 value = le32_to_cpu(passkey);
943a732a 1464 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1465 BT_DBG("PassKey: %d", value);
943a732a 1466 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1467 /* Fall Through */
1468 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1469 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1470 break;
1471 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1472 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1473 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1474 err = 0;
1475 goto unlock;
2b64d153 1476 default:
84794e11 1477 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1478 err = -EOPNOTSUPP;
1479 goto unlock;
2b64d153
BG		 1480 }
1481
fc75cc86
JH		 1482 err = 0;
1483
2b64d153 1484 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1485 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1486 u8 rsp = smp_confirm(smp);
1487 if (rsp)
1488 smp_failure(conn, rsp);
1489 }
2b64d153 1490
fc75cc86
JH		 1491unlock:
1492 l2cap_chan_unlock(chan);
1493 return err;
2b64d153
BG		 1494}
1495
da85e5e5 1496static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1497{
3158c50c 1498 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1499 struct l2cap_chan *chan = conn->smp;
b3c6410b 1500 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1501 struct smp_chan *smp;
c7262e71 1502 u8 key_size, auth, sec_level;
8aab4757 1503 int ret;
88ba43b6
AB		 1504
1505 BT_DBG("conn %p", conn);
1506
c46b98be 1507 if (skb->len < sizeof(*req))
38e4a915 1508 return SMP_INVALID_PARAMS;
c46b98be 1509
40bef302 1510 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1511 return SMP_CMD_NOTSUPP;
1512
fc75cc86 1513 if (!chan->data)
8aab4757 1514 smp = smp_chan_create(conn);
fc75cc86 1515 else
5d88cc73 1516 smp = chan->data;
8aab4757 1517
d08fd0e7
AE		 1518 if (!smp)
1519 return SMP_UNSPECIFIED;
d26a2345 1520
c05b9339 1521 /* We didn't start the pairing, so match remote */
0edb14de 1522 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1523
b6ae8457 1524 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1525 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1526 return SMP_PAIRING_NOTSUPP;
1527
1c1def09
VCG		 1528 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1529 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1530 skb_pull(skb, sizeof(*req));
88ba43b6 1531
5e3d3d9b
JH		 1532 build_pairing_cmd(conn, req, &rsp, auth);
1533
1534 if (rsp.auth_req & SMP_AUTH_SC)
1535 set_bit(SMP_FLAG_SC, &smp->flags);
1536
5be5e275 1537 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1538 sec_level = BT_SECURITY_MEDIUM;
1539 else
1540 sec_level = authreq_to_seclevel(auth);
1541
c7262e71
JH		 1542 if (sec_level > conn->hcon->pending_sec_level)
1543 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1544
49c922bb 1545 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1546 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1547 u8 method;
1548
1549 method = get_auth_method(smp, conn->hcon->io_capability,
1550 req->io_capability);
1551 if (method == JUST_WORKS || method == JUST_CFM)
1552 return SMP_AUTH_REQUIREMENTS;
1553 }
1554
3158c50c
VCG		 1555 key_size = min(req->max_key_size, rsp.max_key_size);
1556 if (check_enc_key_size(conn, key_size))
1557 return SMP_ENC_KEY_SIZE;
88ba43b6 1558
e84a6b13 1559 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1560
1c1def09
VCG		 1561 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1562 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1563
3158c50c 1564 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1565
1566 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1567
1568 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1570 /* Clear bits which are generated but not distributed */
1571 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1572 /* Wait for Public Key from Initiating Device */
1573 return 0;
1574 } else {
1575 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1576 }
da85e5e5 1577
2b64d153
BG		 1578 /* Request setup of TK */
1579 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1580 if (ret)
1581 return SMP_UNSPECIFIED;
1582
da85e5e5 1583 return 0;
88ba43b6
AB		 1584}
1585
3b19146d
JH		 1586static u8 sc_send_public_key(struct smp_chan *smp)
1587{
70157ef5
JH		 1588 struct hci_dev *hdev = smp->conn->hcon->hdev;
1589
3b19146d
JH		 1590 BT_DBG("");
1591
70157ef5
JH		 1592 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1593 BT_DBG("Using debug keys");
1594 memcpy(smp->local_pk, debug_pk, 64);
1595 memcpy(smp->local_sk, debug_sk, 32);
1596 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1597 } else {
1598 while (true) {
1599 /* Generate local key pair for Secure Connections */
1600 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1601 return SMP_UNSPECIFIED;
6c0dcc50 1602
70157ef5
JH		 1603 /* This is unlikely, but we need to check that
1604 * we didn't accidentially generate a debug key.
1605 */
1606 if (memcmp(smp->local_sk, debug_sk, 32))
1607 break;
1608 }
6c0dcc50 1609 }
3b19146d
JH		 1610
1611 BT_DBG("Local Public Key X: %32phN", smp->local_pk);
1612 BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1613 BT_DBG("Local Private Key: %32phN", smp->local_sk);
1614
1615 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1616
1617 return 0;
1618}
1619
da85e5e5 1620static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1621{
3158c50c 1622 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1623 struct l2cap_chan *chan = conn->smp;
1624 struct smp_chan *smp = chan->data;
0edb14de 1625 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1626 u8 key_size, auth;
7d24ddcc 1627 int ret;
88ba43b6
AB		 1628
1629 BT_DBG("conn %p", conn);
1630
c46b98be 1631 if (skb->len < sizeof(*rsp))
38e4a915 1632 return SMP_INVALID_PARAMS;
c46b98be 1633
40bef302 1634 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1635 return SMP_CMD_NOTSUPP;
1636
3158c50c
VCG		 1637 skb_pull(skb, sizeof(*rsp));
1638
1c1def09 1639 req = (void *) &smp->preq[1];
da85e5e5 1640
3158c50c
VCG		 1641 key_size = min(req->max_key_size, rsp->max_key_size);
1642 if (check_enc_key_size(conn, key_size))
1643 return SMP_ENC_KEY_SIZE;
1644
0edb14de 1645 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1646
65668776
JH		 1647 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1648 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1649 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1650 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1651
49c922bb 1652 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1653 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1654 u8 method;
1655
1656 method = get_auth_method(smp, req->io_capability,
1657 rsp->io_capability);
1658 if (method == JUST_WORKS || method == JUST_CFM)
1659 return SMP_AUTH_REQUIREMENTS;
1660 }
1661
e84a6b13 1662 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1663
8aab4757
VCG		 1664 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1665 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
7d24ddcc 1666
fdcc4bec
JH		 1667 /* Update remote key distribution in case the remote cleared
1668 * some bits that we had enabled in our request.
1669 */
1670 smp->remote_key_dist &= rsp->resp_key_dist;
1671
3b19146d
JH		 1672 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1673 /* Clear bits which are generated but not distributed */
1674 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1675 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1676 return sc_send_public_key(smp);
1677 }
1678
c05b9339 1679 auth |= req->auth_req;
2b64d153 1680
476585ec 1681 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1682 if (ret)
1683 return SMP_UNSPECIFIED;
1684
4a74d658 1685 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1686
1687 /* Can't compose response until we have been confirmed */
4a74d658 1688 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1689 return smp_confirm(smp);
da85e5e5
VCG		 1690
1691 return 0;
88ba43b6
AB		 1692}
1693
dcee2b32
JH		 1694static u8 sc_check_confirm(struct smp_chan *smp)
1695{
1696 struct l2cap_conn *conn = smp->conn;
1697
1698 BT_DBG("");
1699
1700 /* Public Key exchange must happen before any other steps */
1701 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1702 return SMP_UNSPECIFIED;
1703
38606f14
JH		 1704 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1705 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1706
dcee2b32
JH		 1707 if (conn->hcon->out) {
1708 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1709 smp->prnd);
1710 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1711 }
1712
1713 return 0;
1714}
1715
da85e5e5 1716static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1717{
5d88cc73
JH		 1718 struct l2cap_chan *chan = conn->smp;
1719 struct smp_chan *smp = chan->data;
7d24ddcc 1720
88ba43b6
AB		 1721 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1722
c46b98be 1723 if (skb->len < sizeof(smp->pcnf))
38e4a915 1724 return SMP_INVALID_PARAMS;
c46b98be 1725
1c1def09
VCG		 1726 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1727 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1728
dcee2b32
JH		 1729 if (test_bit(SMP_FLAG_SC, &smp->flags))
1730 return sc_check_confirm(smp);
1731
b28b4943 1732 if (conn->hcon->out) {
943a732a
JH		 1733 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1734 smp->prnd);
b28b4943
JH		 1735 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1736 return 0;
1737 }
1738
1739 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1740 return smp_confirm(smp);
943a732a 1741 else
4a74d658 1742 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1743
1744 return 0;
88ba43b6
AB		 1745}
1746
da85e5e5 1747static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1748{
5d88cc73
JH		 1749 struct l2cap_chan *chan = conn->smp;
1750 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1751 struct hci_conn *hcon = conn->hcon;
1752 u8 *pkax, *pkbx, *na, *nb;
1753 u32 passkey;
1754 int err;
7d24ddcc 1755
8aab4757 1756 BT_DBG("conn %p", conn);
3158c50c 1757
c46b98be 1758 if (skb->len < sizeof(smp->rrnd))
38e4a915 1759 return SMP_INVALID_PARAMS;
c46b98be 1760
943a732a 1761 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1762 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1763
191dc7fe
JH		 1764 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1765 return smp_random(smp);
1766
38606f14
JH		 1767 /* Passkey entry has special treatment */
1768 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1769 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1770
191dc7fe
JH		 1771 if (hcon->out) {
1772 u8 cfm[16];
1773
1774 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1775 smp->rrnd, 0, cfm);
1776 if (err)
1777 return SMP_UNSPECIFIED;
1778
1779 if (memcmp(smp->pcnf, cfm, 16))
1780 return SMP_CONFIRM_FAILED;
1781
1782 pkax = smp->local_pk;
1783 pkbx = smp->remote_pk;
1784 na = smp->prnd;
1785 nb = smp->rrnd;
1786 } else {
1787 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1788 smp->prnd);
1789 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1790
1791 pkax = smp->remote_pk;
1792 pkbx = smp->local_pk;
1793 na = smp->rrnd;
1794 nb = smp->prnd;
1795 }
1796
760b018b
JH		 1797 /* Generate MacKey and LTK */
1798 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1799 if (err)
1800 return SMP_UNSPECIFIED;
1801
dddd3059
JH		 1802 if (smp->method == JUST_WORKS) {
1803 if (hcon->out) {
38606f14 1804 sc_dhkey_check(smp);
dddd3059
JH		 1805 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1806 }
1807 return 0;
1808 }
1809
38606f14
JH		 1810 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
1811 if (err)
1812 return SMP_UNSPECIFIED;
1813
1814 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
1815 hcon->dst_type, passkey, 0);
191dc7fe
JH		 1816 if (err)
1817 return SMP_UNSPECIFIED;
1818
38606f14
JH		 1819 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1820
191dc7fe 1821 return 0;
88ba43b6
AB		 1822}
1823
f81cd823 1824static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 1825{
c9839a11 1826 struct smp_ltk *key;
988c5997
VCG		 1827 struct hci_conn *hcon = conn->hcon;
1828
f3a73d97 1829 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 1830 if (!key)
f81cd823 1831 return false;
988c5997 1832
a6f7833c 1833 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 1834 return false;
4dab7864 1835
51a8efd7 1836 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 1837 return true;
988c5997 1838
c9839a11
VCG		 1839 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1840 hcon->enc_key_size = key->enc_size;
988c5997 1841
fe59a05f
JH		 1842 /* We never store STKs for master role, so clear this flag */
1843 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1844
f81cd823 1845 return true;
988c5997 1846}
f1560463 1847
35dc6f83
JH		 1848bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1849 enum smp_key_pref key_pref)
854f4727
JH		 1850{
1851 if (sec_level == BT_SECURITY_LOW)
1852 return true;
1853
35dc6f83
JH		 1854 /* If we're encrypted with an STK but the caller prefers using
1855 * LTK claim insufficient security. This way we allow the
1856 * connection to be re-encrypted with an LTK, even if the LTK
1857 * provides the same level of security. Only exception is if we
1858 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 1859 */
35dc6f83
JH		 1860 if (key_pref == SMP_USE_LTK &&
1861 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 1862 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 1863 return false;
1864
854f4727
JH		 1865 if (hcon->sec_level >= sec_level)
1866 return true;
1867
1868 return false;
1869}
1870
da85e5e5 1871static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 1872{
1873 struct smp_cmd_security_req *rp = (void *) skb->data;
1874 struct smp_cmd_pairing cp;
f1cb9af5 1875 struct hci_conn *hcon = conn->hcon;
0edb14de 1876 struct hci_dev *hdev = hcon->hdev;
8aab4757 1877 struct smp_chan *smp;
c05b9339 1878 u8 sec_level, auth;
88ba43b6
AB		 1879
1880 BT_DBG("conn %p", conn);
1881
c46b98be 1882 if (skb->len < sizeof(*rp))
38e4a915 1883 return SMP_INVALID_PARAMS;
c46b98be 1884
40bef302 1885 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 1886 return SMP_CMD_NOTSUPP;
1887
0edb14de 1888 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1889
5be5e275 1890 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1891 sec_level = BT_SECURITY_MEDIUM;
1892 else
1893 sec_level = authreq_to_seclevel(auth);
1894
35dc6f83 1895 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 1896 return 0;
1897
c7262e71
JH		 1898 if (sec_level > hcon->pending_sec_level)
1899 hcon->pending_sec_level = sec_level;
feb45eb5 1900
4dab7864 1901 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 1902 return 0;
1903
8aab4757 1904 smp = smp_chan_create(conn);
c29d2444
JH		 1905 if (!smp)
1906 return SMP_UNSPECIFIED;
d26a2345 1907
b6ae8457 1908 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 1909 (auth & SMP_AUTH_BONDING))
616d55be
JH		 1910 return SMP_PAIRING_NOTSUPP;
1911
88ba43b6 1912 skb_pull(skb, sizeof(*rp));
88ba43b6 1913
da85e5e5 1914 memset(&cp, 0, sizeof(cp));
c05b9339 1915 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 1916
1c1def09
VCG		 1917 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1918 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1919
88ba43b6 1920 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1921 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 1922
da85e5e5 1923 return 0;
88ba43b6
AB		 1924}
1925
cc110922 1926int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 1927{
cc110922 1928 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 1929 struct l2cap_chan *chan;
0a66cf20 1930 struct smp_chan *smp;
2b64d153 1931 __u8 authreq;
fc75cc86 1932 int ret;
eb492e01 1933
3a0259bb
VCG		 1934 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1935
0a66cf20
JH		 1936 /* This may be NULL if there's an unexpected disconnection */
1937 if (!conn)
1938 return 1;
1939
c68b7f12
JH		 1940 chan = conn->smp;
1941
757aee0f 1942 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 1943 return 1;
1944
35dc6f83 1945 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 1946 return 1;
f1cb9af5 1947
c7262e71
JH		 1948 if (sec_level > hcon->pending_sec_level)
1949 hcon->pending_sec_level = sec_level;
1950
40bef302 1951 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 1952 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1953 return 0;
d26a2345 1954
fc75cc86
JH		 1955 l2cap_chan_lock(chan);
1956
1957 /* If SMP is already in progress ignore this request */
1958 if (chan->data) {
1959 ret = 0;
1960 goto unlock;
1961 }
d26a2345 1962
8aab4757 1963 smp = smp_chan_create(conn);
fc75cc86
JH		 1964 if (!smp) {
1965 ret = 1;
1966 goto unlock;
1967 }
2b64d153
BG		 1968
1969 authreq = seclevel_to_authreq(sec_level);
d26a2345 1970
d2eb9e10
JH		 1971 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1972 authreq |= SMP_AUTH_SC;
1973
79897d20
JH		 1974 /* Require MITM if IO Capability allows or the security level
1975 * requires it.
2e233644 1976 */
79897d20 1977 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 1978 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 1979 authreq |= SMP_AUTH_MITM;
1980
40bef302 1981 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 1982 struct smp_cmd_pairing cp;
f01ead31 1983
2b64d153 1984 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 1985 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1986 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1987
eb492e01 1988 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1989 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 1990 } else {
1991 struct smp_cmd_security_req cp;
2b64d153 1992 cp.auth_req = authreq;
eb492e01 1993 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 1994 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 1995 }
1996
4a74d658 1997 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 1998 ret = 0;
edca792c 1999
fc75cc86
JH		 2000unlock:
2001 l2cap_chan_unlock(chan);
2002 return ret;
eb492e01
AB		 2003}
2004
7034b911
VCG		 2005static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
2006{
16b90839 2007 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 2008 struct l2cap_chan *chan = conn->smp;
2009 struct smp_chan *smp = chan->data;
16b90839 2010
c46b98be
JH		 2011 BT_DBG("conn %p", conn);
2012
2013 if (skb->len < sizeof(*rp))
38e4a915 2014 return SMP_INVALID_PARAMS;
c46b98be 2015
b28b4943 2016 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 2017
16b90839
VCG		 2018 skb_pull(skb, sizeof(*rp));
2019
1c1def09 2020 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 2021
7034b911
VCG		 2022 return 0;
2023}
2024
2025static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2026{
16b90839 2027 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 2028 struct l2cap_chan *chan = conn->smp;
2029 struct smp_chan *smp = chan->data;
c9839a11
VCG		 2030 struct hci_dev *hdev = conn->hcon->hdev;
2031 struct hci_conn *hcon = conn->hcon;
23d0e128 2032 struct smp_ltk *ltk;
c9839a11 2033 u8 authenticated;
16b90839 2034
c46b98be
JH		 2035 BT_DBG("conn %p", conn);
2036
2037 if (skb->len < sizeof(*rp))
38e4a915 2038 return SMP_INVALID_PARAMS;
c46b98be 2039
9747a9f3
JH		 2040 /* Mark the information as received */
2041 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2042
b28b4943
JH		 2043 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2044 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 2045 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2046 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 2047
16b90839 2048 skb_pull(skb, sizeof(*rp));
7034b911 2049
ce39fb4e 2050 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 2051 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 2052 authenticated, smp->tk, smp->enc_key_size,
2053 rp->ediv, rp->rand);
2054 smp->ltk = ltk;
c6e81e9a 2055 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 2056 smp_distribute_keys(smp);
7034b911
VCG		 2057
2058 return 0;
2059}
2060
fd349c02
JH		 2061static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2062{
2063 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 2064 struct l2cap_chan *chan = conn->smp;
2065 struct smp_chan *smp = chan->data;
fd349c02
JH		 2066
2067 BT_DBG("");
2068
2069 if (skb->len < sizeof(*info))
38e4a915 2070 return SMP_INVALID_PARAMS;
fd349c02 2071
b28b4943 2072 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 2073
fd349c02
JH		 2074 skb_pull(skb, sizeof(*info));
2075
2076 memcpy(smp->irk, info->irk, 16);
2077
2078 return 0;
2079}
2080
2081static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2082 struct sk_buff *skb)
2083{
2084 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 2085 struct l2cap_chan *chan = conn->smp;
2086 struct smp_chan *smp = chan->data;
fd349c02
JH		 2087 struct hci_conn *hcon = conn->hcon;
2088 bdaddr_t rpa;
2089
2090 BT_DBG("");
2091
2092 if (skb->len < sizeof(*info))
38e4a915 2093 return SMP_INVALID_PARAMS;
fd349c02 2094
9747a9f3
JH		 2095 /* Mark the information as received */
2096 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2097
b28b4943
JH		 2098 if (smp->remote_key_dist & SMP_DIST_SIGN)
2099 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2100
fd349c02
JH		 2101 skb_pull(skb, sizeof(*info));
2102
a9a58f86
JH		 2103 /* Strictly speaking the Core Specification (4.1) allows sending
2104 * an empty address which would force us to rely on just the IRK
2105 * as "identity information". However, since such
2106 * implementations are not known of and in order to not over
2107 * complicate our implementation, simply pretend that we never
2108 * received an IRK for such a device.
2109 */
2110 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2111 BT_ERR("Ignoring IRK with no identity address");
31dd624e 2112 goto distribute;
a9a58f86
JH		 2113 }
2114
fd349c02
JH		 2115 bacpy(&smp->id_addr, &info->bdaddr);
2116 smp->id_addr_type = info->addr_type;
2117
2118 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2119 bacpy(&rpa, &hcon->dst);
2120 else
2121 bacpy(&rpa, BDADDR_ANY);
2122
23d0e128
JH		 2123 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2124 smp->id_addr_type, smp->irk, &rpa);
fd349c02 2125
31dd624e 2126distribute:
c6e81e9a
JH		 2127 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2128 smp_distribute_keys(smp);
fd349c02
JH		 2129
2130 return 0;
2131}
2132
7ee4ea36
MH		 2133static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2134{
2135 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 2136 struct l2cap_chan *chan = conn->smp;
2137 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 2138 struct smp_csrk *csrk;
2139
2140 BT_DBG("conn %p", conn);
2141
2142 if (skb->len < sizeof(*rp))
38e4a915 2143 return SMP_INVALID_PARAMS;
7ee4ea36 2144
7ee4ea36
MH		 2145 /* Mark the information as received */
2146 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2147
2148 skb_pull(skb, sizeof(*rp));
2149
7ee4ea36
MH		 2150 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2151 if (csrk) {
2152 csrk->master = 0x01;
2153 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2154 }
2155 smp->csrk = csrk;
d6268e86 2156 smp_distribute_keys(smp);
7ee4ea36
MH		 2157
2158 return 0;
2159}
2160
5e3d3d9b
JH		 2161static u8 sc_select_method(struct smp_chan *smp)
2162{
2163 struct l2cap_conn *conn = smp->conn;
2164 struct hci_conn *hcon = conn->hcon;
2165 struct smp_cmd_pairing *local, *remote;
2166 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2167
2168 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2169 * which are needed as inputs to some crypto functions. To get
2170 * the "struct smp_cmd_pairing" from them we need to skip the
2171 * first byte which contains the opcode.
2172 */
2173 if (hcon->out) {
2174 local = (void *) &smp->preq[1];
2175 remote = (void *) &smp->prsp[1];
2176 } else {
2177 local = (void *) &smp->prsp[1];
2178 remote = (void *) &smp->preq[1];
2179 }
2180
2181 local_io = local->io_capability;
2182 remote_io = remote->io_capability;
2183
2184 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2185 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2186
2187 /* If either side wants MITM, look up the method from the table,
2188 * otherwise use JUST WORKS.
2189 */
2190 if (local_mitm || remote_mitm)
2191 method = get_auth_method(smp, local_io, remote_io);
2192 else
2193 method = JUST_WORKS;
2194
2195 /* Don't confirm locally initiated pairing attempts */
2196 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2197 method = JUST_WORKS;
2198
2199 return method;
2200}
2201
d8f8edbe
JH		 2202static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2203{
2204 struct smp_cmd_public_key *key = (void *) skb->data;
2205 struct hci_conn *hcon = conn->hcon;
2206 struct l2cap_chan *chan = conn->smp;
2207 struct smp_chan *smp = chan->data;
5e3d3d9b 2208 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2209 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2210 int err;
2211
2212 BT_DBG("conn %p", conn);
2213
2214 if (skb->len < sizeof(*key))
2215 return SMP_INVALID_PARAMS;
2216
2217 memcpy(smp->remote_pk, key, 64);
2218
2219 /* Non-initiating device sends its public key after receiving
2220 * the key from the initiating device.
2221 */
2222 if (!hcon->out) {
2223 err = sc_send_public_key(smp);
2224 if (err)
2225 return err;
2226 }
2227
2228 BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2229 BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2230
2231 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2232 return SMP_UNSPECIFIED;
2233
2234 BT_DBG("DHKey %32phN", smp->dhkey);
2235
2236 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2237
5e3d3d9b
JH		 2238 smp->method = sc_select_method(smp);
2239
2240 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2241
2242 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2243 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2244 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2245 else
2246 hcon->pending_sec_level = BT_SECURITY_FIPS;
2247
aeb7d461
JH		 2248 if (!memcmp(debug_pk, smp->remote_pk, 64))
2249 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2250
38606f14
JH		 2251 if (smp->method == DSP_PASSKEY) {
2252 get_random_bytes(&hcon->passkey_notify,
2253 sizeof(hcon->passkey_notify));
2254 hcon->passkey_notify %= 1000000;
2255 hcon->passkey_entered = 0;
2256 smp->passkey_round = 0;
2257 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2258 hcon->dst_type,
2259 hcon->passkey_notify,
2260 hcon->passkey_entered))
2261 return SMP_UNSPECIFIED;
2262 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2263 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2264 }
2265
2266 if (hcon->out)
2267 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2268
2269 if (smp->method == REQ_PASSKEY) {
2270 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2271 hcon->dst_type))
2272 return SMP_UNSPECIFIED;
2273 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2274 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2275 return 0;
2276 }
2277
cbbbe3e2
JH		 2278 /* The Initiating device waits for the non-initiating device to
2279 * send the confirm value.
2280 */
2281 if (conn->hcon->out)
2282 return 0;
2283
2284 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2285 0, cfm.confirm_val);
2286 if (err)
2287 return SMP_UNSPECIFIED;
2288
2289 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2290 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2291
d8f8edbe
JH		 2292 return 0;
2293}
2294
6433a9a2
JH		 2295static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2296{
2297 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2298 struct l2cap_chan *chan = conn->smp;
2299 struct hci_conn *hcon = conn->hcon;
2300 struct smp_chan *smp = chan->data;
2301 u8 a[7], b[7], *local_addr, *remote_addr;
2302 u8 io_cap[3], r[16], e[16];
2303 int err;
2304
2305 BT_DBG("conn %p", conn);
2306
2307 if (skb->len < sizeof(*check))
2308 return SMP_INVALID_PARAMS;
2309
2310 memcpy(a, &hcon->init_addr, 6);
2311 memcpy(b, &hcon->resp_addr, 6);
2312 a[6] = hcon->init_addr_type;
2313 b[6] = hcon->resp_addr_type;
2314
2315 if (hcon->out) {
2316 local_addr = a;
2317 remote_addr = b;
2318 memcpy(io_cap, &smp->prsp[1], 3);
2319 } else {
2320 local_addr = b;
2321 remote_addr = a;
2322 memcpy(io_cap, &smp->preq[1], 3);
2323 }
2324
2325 memset(r, 0, sizeof(r));
2326
38606f14
JH		 2327 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2328 put_unaligned_le32(hcon->passkey_notify, r);
2329
6433a9a2
JH		 2330 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2331 io_cap, remote_addr, local_addr, e);
2332 if (err)
2333 return SMP_UNSPECIFIED;
2334
2335 if (memcmp(check->e, e, 16))
2336 return SMP_DHKEY_CHECK_FAILED;
2337
d3e54a87
JH		 2338 if (!hcon->out) {
2339 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2340 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2341 return 0;
2342 }
d378a2d7 2343
d3e54a87
JH		 2344 /* Slave sends DHKey check as response to master */
2345 sc_dhkey_check(smp);
2346 }
d378a2d7 2347
d3e54a87 2348 sc_add_ltk(smp);
6433a9a2
JH		 2349
2350 if (hcon->out) {
2351 hci_le_start_enc(hcon, 0, 0, smp->tk);
2352 hcon->enc_key_size = smp->enc_key_size;
2353 }
2354
2355 return 0;
2356}
2357
1408bb6e
JH		 2358static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2359 struct sk_buff *skb)
2360{
2361 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2362
2363 BT_DBG("value 0x%02x", kp->value);
2364
2365 return 0;
2366}
2367
4befb867 2368static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2369{
5d88cc73 2370 struct l2cap_conn *conn = chan->conn;
7b9899db 2371 struct hci_conn *hcon = conn->hcon;
b28b4943 2372 struct smp_chan *smp;
92381f5c 2373 __u8 code, reason;
eb492e01
AB		 2374 int err = 0;
2375
7b9899db
MH		 2376 if (hcon->type != LE_LINK) {
2377 kfree_skb(skb);
3432711f 2378 return 0;
7b9899db
MH		 2379 }
2380
8ae9b984 2381 if (skb->len < 1)
92381f5c 2382 return -EILSEQ;
92381f5c 2383
06ae3314 2384 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2385 reason = SMP_PAIRING_NOTSUPP;
2386 goto done;
2387 }
2388
92381f5c 2389 code = skb->data[0];
eb492e01
AB		 2390 skb_pull(skb, sizeof(code));
2391
b28b4943
JH		 2392 smp = chan->data;
2393
2394 if (code > SMP_CMD_MAX)
2395 goto drop;
2396
24bd0bd9 2397 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2398 goto drop;
2399
2400 /* If we don't have a context the only allowed commands are
2401 * pairing request and security request.
8cf9fa12 2402 */
b28b4943
JH		 2403 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2404 goto drop;
8cf9fa12 2405
eb492e01
AB		 2406 switch (code) {
2407 case SMP_CMD_PAIRING_REQ:
da85e5e5 2408 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2409 break;
2410
2411 case SMP_CMD_PAIRING_FAIL:
84794e11 2412 smp_failure(conn, 0);
da85e5e5 2413 err = -EPERM;
eb492e01
AB		 2414 break;
2415
2416 case SMP_CMD_PAIRING_RSP:
da85e5e5 2417 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2418 break;
2419
2420 case SMP_CMD_SECURITY_REQ:
da85e5e5 2421 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2422 break;
2423
eb492e01 2424 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2425 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2426 break;
2427
eb492e01 2428 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2429 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2430 break;
2431
eb492e01 2432 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2433 reason = smp_cmd_encrypt_info(conn, skb);
2434 break;
2435
eb492e01 2436 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2437 reason = smp_cmd_master_ident(conn, skb);
2438 break;
2439
eb492e01 2440 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2441 reason = smp_cmd_ident_info(conn, skb);
2442 break;
2443
eb492e01 2444 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2445 reason = smp_cmd_ident_addr_info(conn, skb);
2446 break;
2447
eb492e01 2448 case SMP_CMD_SIGN_INFO:
7ee4ea36 2449 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2450 break;
2451
d8f8edbe
JH		 2452 case SMP_CMD_PUBLIC_KEY:
2453 reason = smp_cmd_public_key(conn, skb);
2454 break;
2455
6433a9a2
JH		 2456 case SMP_CMD_DHKEY_CHECK:
2457 reason = smp_cmd_dhkey_check(conn, skb);
2458 break;
2459
1408bb6e
JH		 2460 case SMP_CMD_KEYPRESS_NOTIFY:
2461 reason = smp_cmd_keypress_notify(conn, skb);
2462 break;
2463
eb492e01
AB		 2464 default:
2465 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2466 reason = SMP_CMD_NOTSUPP;
3a0259bb 2467 goto done;
eb492e01
AB		 2468 }
2469
3a0259bb 2470done:
9b7b18ef
JH		 2471 if (!err) {
2472 if (reason)
2473 smp_failure(conn, reason);
8ae9b984 2474 kfree_skb(skb);
9b7b18ef
JH		 2475 }
2476
eb492e01 2477 return err;
b28b4943
JH		 2478
2479drop:
2480 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2481 code, &hcon->dst);
2482 kfree_skb(skb);
2483 return 0;
eb492e01 2484}
7034b911 2485
70db83c4
JH		 2486static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2487{
2488 struct l2cap_conn *conn = chan->conn;
2489
2490 BT_DBG("chan %p", chan);
2491
fc75cc86 2492 if (chan->data)
5d88cc73 2493 smp_chan_destroy(conn);
5d88cc73 2494
70db83c4
JH		 2495 conn->smp = NULL;
2496 l2cap_chan_put(chan);
2497}
2498
44f1a7ab
JH		 2499static void smp_resume_cb(struct l2cap_chan *chan)
2500{
b68fda68 2501 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2502 struct l2cap_conn *conn = chan->conn;
2503 struct hci_conn *hcon = conn->hcon;
2504
2505 BT_DBG("chan %p", chan);
2506
86d1407c
JH		 2507 if (!smp)
2508 return;
b68fda68 2509
84bc0db5
JH		 2510 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2511 return;
2512
86d1407c
JH		 2513 cancel_delayed_work(&smp->security_timer);
2514
d6268e86 2515 smp_distribute_keys(smp);
44f1a7ab
JH		 2516}
2517
70db83c4
JH		 2518static void smp_ready_cb(struct l2cap_chan *chan)
2519{
2520 struct l2cap_conn *conn = chan->conn;
2521
2522 BT_DBG("chan %p", chan);
2523
2524 conn->smp = chan;
2525 l2cap_chan_hold(chan);
2526}
2527
4befb867
JH		 2528static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2529{
2530 int err;
2531
2532 BT_DBG("chan %p", chan);
2533
2534 err = smp_sig_channel(chan, skb);
2535 if (err) {
b68fda68 2536 struct smp_chan *smp = chan->data;
4befb867 2537
b68fda68
JH		 2538 if (smp)
2539 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2540
1e91c29e 2541 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2542 }
2543
2544 return err;
2545}
2546
70db83c4
JH		 2547static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2548 unsigned long hdr_len,
2549 unsigned long len, int nb)
2550{
2551 struct sk_buff *skb;
2552
2553 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2554 if (!skb)
2555 return ERR_PTR(-ENOMEM);
2556
2557 skb->priority = HCI_PRIO_MAX;
2558 bt_cb(skb)->chan = chan;
2559
2560 return skb;
2561}
2562
2563static const struct l2cap_ops smp_chan_ops = {
2564 .name = "Security Manager",
2565 .ready = smp_ready_cb,
5d88cc73 2566 .recv = smp_recv_cb,
70db83c4
JH		 2567 .alloc_skb = smp_alloc_skb_cb,
2568 .teardown = smp_teardown_cb,
44f1a7ab 2569 .resume = smp_resume_cb,
70db83c4
JH		 2570
2571 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2572 .state_change = l2cap_chan_no_state_change,
2573 .close = l2cap_chan_no_close,
2574 .defer = l2cap_chan_no_defer,
2575 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2576 .set_shutdown = l2cap_chan_no_set_shutdown,
2577 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2578 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2579};
2580
2581static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2582{
2583 struct l2cap_chan *chan;
2584
2585 BT_DBG("pchan %p", pchan);
2586
2587 chan = l2cap_chan_create();
2588 if (!chan)
2589 return NULL;
2590
2591 chan->chan_type = pchan->chan_type;
2592 chan->ops = &smp_chan_ops;
2593 chan->scid = pchan->scid;
2594 chan->dcid = chan->scid;
2595 chan->imtu = pchan->imtu;
2596 chan->omtu = pchan->omtu;
2597 chan->mode = pchan->mode;
2598
abe84903
JH		 2599 /* Other L2CAP channels may request SMP routines in order to
2600 * change the security level. This means that the SMP channel
2601 * lock must be considered in its own category to avoid lockdep
2602 * warnings.
2603 */
2604 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2605
70db83c4
JH		 2606 BT_DBG("created chan %p", chan);
2607
2608 return chan;
2609}
2610
2611static const struct l2cap_ops smp_root_chan_ops = {
2612 .name = "Security Manager Root",
2613 .new_connection = smp_new_conn_cb,
2614
2615 /* None of these are implemented for the root channel */
2616 .close = l2cap_chan_no_close,
2617 .alloc_skb = l2cap_chan_no_alloc_skb,
2618 .recv = l2cap_chan_no_recv,
2619 .state_change = l2cap_chan_no_state_change,
2620 .teardown = l2cap_chan_no_teardown,
2621 .ready = l2cap_chan_no_ready,
2622 .defer = l2cap_chan_no_defer,
2623 .suspend = l2cap_chan_no_suspend,
2624 .resume = l2cap_chan_no_resume,
2625 .set_shutdown = l2cap_chan_no_set_shutdown,
2626 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2627 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2628};
2629
711eafe3
JH		 2630int smp_register(struct hci_dev *hdev)
2631{
70db83c4 2632 struct l2cap_chan *chan;
defce9e8 2633 struct crypto_blkcipher *tfm_aes;
70db83c4 2634
711eafe3
JH		 2635 BT_DBG("%s", hdev->name);
2636
adae20cb 2637 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8
JH		 2638 if (IS_ERR(tfm_aes)) {
2639 int err = PTR_ERR(tfm_aes);
711eafe3 2640 BT_ERR("Unable to create crypto context");
711eafe3
JH		 2641 return err;
2642 }
2643
70db83c4
JH		 2644 chan = l2cap_chan_create();
2645 if (!chan) {
defce9e8 2646 crypto_free_blkcipher(tfm_aes);
70db83c4
JH		 2647 return -ENOMEM;
2648 }
2649
defce9e8
JH		 2650 chan->data = tfm_aes;
2651
5d88cc73 2652 l2cap_add_scid(chan, L2CAP_CID_SMP);
70db83c4
JH		 2653
2654 l2cap_chan_set_defaults(chan);
2655
2656 bacpy(&chan->src, &hdev->bdaddr);
2657 chan->src_type = BDADDR_LE_PUBLIC;
2658 chan->state = BT_LISTEN;
2659 chan->mode = L2CAP_MODE_BASIC;
2660 chan->imtu = L2CAP_DEFAULT_MTU;
2661 chan->ops = &smp_root_chan_ops;
2662
abe84903
JH		 2663 /* Set correct nesting level for a parent/listening channel */
2664 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2665
70db83c4
JH		 2666 hdev->smp_data = chan;
2667
711eafe3
JH		 2668 return 0;
2669}
2670
2671void smp_unregister(struct hci_dev *hdev)
2672{
70db83c4 2673 struct l2cap_chan *chan = hdev->smp_data;
defce9e8 2674 struct crypto_blkcipher *tfm_aes;
70db83c4
JH		 2675
2676 if (!chan)
2677 return;
2678
2679 BT_DBG("%s chan %p", hdev->name, chan);
711eafe3 2680
defce9e8
JH		 2681 tfm_aes = chan->data;
2682 if (tfm_aes) {
2683 chan->data = NULL;
2684 crypto_free_blkcipher(tfm_aes);
711eafe3 2685 }
70db83c4
JH		 2686
2687 hdev->smp_data = NULL;
2688 l2cap_chan_put(chan);
711eafe3 2689}
Linux kernel - Deliverables
This page took 0.43152 seconds and 5 git commands to generate.