projects / deliverable / linux.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Bluetooth: Update smp_random to return a response code
[deliverable/linux.git] / net / bluetooth / smp.c
... / ...
CommitLineData
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
30#include <net/bluetooth/mgmt.h>
31
32#include "smp.h"
33
34#define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36#define AUTH_REQ_MASK 0x07
37
38#define SMP_FLAG_TK_VALID 1
39#define SMP_FLAG_CFM_PENDING 2
40#define SMP_FLAG_MITM_AUTH 3
41#define SMP_FLAG_COMPLETE 4
42#define SMP_FLAG_INITIATOR 5
43
44struct smp_chan {
45 struct l2cap_conn *conn;
46 u8 preq[7]; /* SMP Pairing Request */
47 u8 prsp[7]; /* SMP Pairing Response */
48 u8 prnd[16]; /* SMP Pairing Random (local) */
49 u8 rrnd[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf[16]; /* SMP Pairing Confirm */
51 u8 tk[16]; /* SMP Temporary Key */
52 u8 enc_key_size;
53 u8 remote_key_dist;
54 bdaddr_t id_addr;
55 u8 id_addr_type;
56 u8 irk[16];
57 struct smp_csrk *csrk;
58 struct smp_csrk *slave_csrk;
59 struct smp_ltk *ltk;
60 struct smp_ltk *slave_ltk;
61 struct smp_irk *remote_irk;
62 unsigned long flags;
63};
64
65static inline void swap128(const u8 src[16], u8 dst[16])
66{
67 int i;
68 for (i = 0; i < 16; i++)
69 dst[15 - i] = src[i];
70}
71
72static inline void swap56(const u8 src[7], u8 dst[7])
73{
74 int i;
75 for (i = 0; i < 7; i++)
76 dst[6 - i] = src[i];
77}
78
79static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
80{
81 struct blkcipher_desc desc;
82 struct scatterlist sg;
83 uint8_t tmp[16], data[16];
84 int err;
85
86 if (tfm == NULL) {
87 BT_ERR("tfm %p", tfm);
88 return -EINVAL;
89 }
90
91 desc.tfm = tfm;
92 desc.flags = 0;
93
94 /* The most significant octet of key corresponds to k[0] */
95 swap128(k, tmp);
96
97 err = crypto_blkcipher_setkey(tfm, tmp, 16);
98 if (err) {
99 BT_ERR("cipher setkey failed: %d", err);
100 return err;
101 }
102
103 /* Most significant octet of plaintextData corresponds to data[0] */
104 swap128(r, data);
105
106 sg_init_one(&sg, data, 16);
107
108 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
109 if (err)
110 BT_ERR("Encrypt data error %d", err);
111
112 /* Most significant octet of encryptedData corresponds to data[0] */
113 swap128(data, r);
114
115 return err;
116}
117
118static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
119{
120 u8 _res[16];
121 int err;
122
123 /* r' = padding || r */
124 memcpy(_res, r, 3);
125 memset(_res + 3, 0, 13);
126
127 err = smp_e(tfm, irk, _res);
128 if (err) {
129 BT_ERR("Encrypt error");
130 return err;
131 }
132
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
137 * result of ah.
138 */
139 memcpy(res, _res, 3);
140
141 return 0;
142}
143
144bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
145 bdaddr_t *bdaddr)
146{
147 u8 hash[3];
148 int err;
149
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
151
152 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
153 if (err)
154 return false;
155
156 return !memcmp(bdaddr->b, hash, 3);
157}
158
159int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
160{
161 int err;
162
163 get_random_bytes(&rpa->b[3], 3);
164
165 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
166 rpa->b[5] |= 0x40; /* Set second most significant bit */
167
168 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
169 if (err < 0)
170 return err;
171
172 BT_DBG("RPA %pMR", rpa);
173
174 return 0;
175}
176
177static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 u8 _rat, bdaddr_t *ra, u8 res[16])
180{
181 u8 p1[16], p2[16];
182 int err;
183
184 memset(p1, 0, 16);
185
186 /* p1 = pres || preq || _rat || _iat */
187 p1[0] = _iat;
188 p1[1] = _rat;
189 memcpy(p1 + 2, preq, 7);
190 memcpy(p1 + 9, pres, 7);
191
192 /* p2 = padding || ia || ra */
193 memcpy(p2, ra, 6);
194 memcpy(p2 + 6, ia, 6);
195 memset(p2 + 12, 0, 4);
196
197 /* res = r XOR p1 */
198 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
199
200 /* res = e(k, res) */
201 err = smp_e(tfm, k, res);
202 if (err) {
203 BT_ERR("Encrypt data error");
204 return err;
205 }
206
207 /* res = res XOR p2 */
208 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
209
210 /* res = e(k, res) */
211 err = smp_e(tfm, k, res);
212 if (err)
213 BT_ERR("Encrypt data error");
214
215 return err;
216}
217
218static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 u8 r2[16], u8 _r[16])
220{
221 int err;
222
223 /* Just least significant octets from r1 and r2 are considered */
224 memcpy(_r, r2, 8);
225 memcpy(_r + 8, r1, 8);
226
227 err = smp_e(tfm, k, _r);
228 if (err)
229 BT_ERR("Encrypt data error");
230
231 return err;
232}
233
234static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 u16 dlen, void *data)
236{
237 struct sk_buff *skb;
238 struct l2cap_hdr *lh;
239 int len;
240
241 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
242
243 if (len > conn->mtu)
244 return NULL;
245
246 skb = bt_skb_alloc(len, GFP_ATOMIC);
247 if (!skb)
248 return NULL;
249
250 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 lh->len = cpu_to_le16(sizeof(code) + dlen);
252 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
253
254 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
255
256 memcpy(skb_put(skb, dlen), data, dlen);
257
258 return skb;
259}
260
261static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
262{
263 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
264
265 BT_DBG("code 0x%2.2x", code);
266
267 if (!skb)
268 return;
269
270 skb->priority = HCI_PRIO_MAX;
271 hci_send_acl(conn->hchan, skb, 0);
272
273 cancel_delayed_work_sync(&conn->security_timer);
274 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
275}
276
277static __u8 authreq_to_seclevel(__u8 authreq)
278{
279 if (authreq & SMP_AUTH_MITM)
280 return BT_SECURITY_HIGH;
281 else
282 return BT_SECURITY_MEDIUM;
283}
284
285static __u8 seclevel_to_authreq(__u8 sec_level)
286{
287 switch (sec_level) {
288 case BT_SECURITY_HIGH:
289 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 case BT_SECURITY_MEDIUM:
291 return SMP_AUTH_BONDING;
292 default:
293 return SMP_AUTH_NONE;
294 }
295}
296
297static void build_pairing_cmd(struct l2cap_conn *conn,
298 struct smp_cmd_pairing *req,
299 struct smp_cmd_pairing *rsp, __u8 authreq)
300{
301 struct smp_chan *smp = conn->smp_chan;
302 struct hci_conn *hcon = conn->hcon;
303 struct hci_dev *hdev = hcon->hdev;
304 u8 local_dist = 0, remote_dist = 0;
305
306 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 authreq |= SMP_AUTH_BONDING;
310 } else {
311 authreq &= ~SMP_AUTH_BONDING;
312 }
313
314 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 remote_dist |= SMP_DIST_ID_KEY;
316
317 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 local_dist |= SMP_DIST_ID_KEY;
319
320 if (rsp == NULL) {
321 req->io_capability = conn->hcon->io_capability;
322 req->oob_flag = SMP_OOB_NOT_PRESENT;
323 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 req->init_key_dist = local_dist;
325 req->resp_key_dist = remote_dist;
326 req->auth_req = (authreq & AUTH_REQ_MASK);
327
328 smp->remote_key_dist = remote_dist;
329 return;
330 }
331
332 rsp->io_capability = conn->hcon->io_capability;
333 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 rsp->init_key_dist = req->init_key_dist & remote_dist;
336 rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 rsp->auth_req = (authreq & AUTH_REQ_MASK);
338
339 smp->remote_key_dist = rsp->init_key_dist;
340}
341
342static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
343{
344 struct smp_chan *smp = conn->smp_chan;
345
346 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 return SMP_ENC_KEY_SIZE;
349
350 smp->enc_key_size = max_key_size;
351
352 return 0;
353}
354
355static void smp_failure(struct l2cap_conn *conn, u8 reason)
356{
357 struct hci_conn *hcon = conn->hcon;
358
359 if (reason)
360 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
361 &reason);
362
363 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 HCI_ERROR_AUTH_FAILURE);
366
367 cancel_delayed_work_sync(&conn->security_timer);
368
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 smp_chan_destroy(conn);
371}
372
373#define JUST_WORKS 0x00
374#define JUST_CFM 0x01
375#define REQ_PASSKEY 0x02
376#define CFM_PASSKEY 0x03
377#define REQ_OOB 0x04
378#define OVERLAP 0xFF
379
380static const u8 gen_method[5][5] = {
381 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
385 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
386};
387
388static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 u8 local_io, u8 remote_io)
390{
391 struct hci_conn *hcon = conn->hcon;
392 struct smp_chan *smp = conn->smp_chan;
393 u8 method;
394 u32 passkey = 0;
395 int ret = 0;
396
397 /* Initialize key for JUST WORKS */
398 memset(smp->tk, 0, sizeof(smp->tk));
399 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
400
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
402
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth & SMP_AUTH_MITM) ||
407 local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 remote_io > SMP_IO_KEYBOARD_DISPLAY)
409 method = JUST_WORKS;
410 else
411 method = gen_method[remote_io][local_io];
412
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
415 method = JUST_WORKS;
416
417 /* Don't confirm locally initiated pairing attempts */
418 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
419 method = JUST_WORKS;
420
421 /* If Just Works, Continue with Zero TK */
422 if (method == JUST_WORKS) {
423 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
424 return 0;
425 }
426
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method != JUST_CFM)
429 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
430
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
433 */
434 if (method == OVERLAP) {
435 if (hcon->link_mode & HCI_LM_MASTER)
436 method = CFM_PASSKEY;
437 else
438 method = REQ_PASSKEY;
439 }
440
441 /* Generate random passkey. */
442 if (method == CFM_PASSKEY) {
443 memset(smp->tk, 0, sizeof(smp->tk));
444 get_random_bytes(&passkey, sizeof(passkey));
445 passkey %= 1000000;
446 put_unaligned_le32(passkey, smp->tk);
447 BT_DBG("PassKey: %d", passkey);
448 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
449 }
450
451 hci_dev_lock(hcon->hdev);
452
453 if (method == REQ_PASSKEY)
454 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 hcon->type, hcon->dst_type);
456 else if (method == JUST_CFM)
457 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 hcon->type, hcon->dst_type,
459 passkey, 1);
460 else
461 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 hcon->type, hcon->dst_type,
463 passkey, 0);
464
465 hci_dev_unlock(hcon->hdev);
466
467 return ret;
468}
469
470static void smp_confirm(struct smp_chan *smp)
471{
472 struct l2cap_conn *conn = smp->conn;
473 struct hci_dev *hdev = conn->hcon->hdev;
474 struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 struct smp_cmd_pairing_confirm cp;
476 int ret;
477 u8 reason;
478
479 BT_DBG("conn %p", conn);
480
481 /* Prevent mutual access to hdev->tfm_aes */
482 hci_dev_lock(hdev);
483
484 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
485 conn->hcon->init_addr_type, &conn->hcon->init_addr,
486 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
487 cp.confirm_val);
488
489 hci_dev_unlock(hdev);
490
491 if (ret) {
492 reason = SMP_UNSPECIFIED;
493 goto error;
494 }
495
496 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
497
498 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
499
500 return;
501
502error:
503 smp_failure(conn, reason);
504}
505
506static u8 smp_random(struct smp_chan *smp)
507{
508 struct l2cap_conn *conn = smp->conn;
509 struct hci_conn *hcon = conn->hcon;
510 struct hci_dev *hdev = hcon->hdev;
511 struct crypto_blkcipher *tfm = hdev->tfm_aes;
512 u8 confirm[16];
513 int ret;
514
515 if (IS_ERR_OR_NULL(tfm))
516 return SMP_UNSPECIFIED;
517
518 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
519
520 /* Prevent mutual access to hdev->tfm_aes */
521 hci_dev_lock(hdev);
522
523 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
524 hcon->init_addr_type, &hcon->init_addr,
525 hcon->resp_addr_type, &hcon->resp_addr, confirm);
526
527 hci_dev_unlock(hdev);
528
529 if (ret)
530 return SMP_UNSPECIFIED;
531
532 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
533 BT_ERR("Pairing failed (confirmation values mismatch)");
534 return SMP_CONFIRM_FAILED;
535 }
536
537 if (hcon->out) {
538 u8 stk[16];
539 __le64 rand = 0;
540 __le16 ediv = 0;
541
542 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
543
544 memset(stk + smp->enc_key_size, 0,
545 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
546
547 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
548 return SMP_UNSPECIFIED;
549
550 hci_le_start_enc(hcon, ediv, rand, stk);
551 hcon->enc_key_size = smp->enc_key_size;
552 } else {
553 u8 stk[16];
554 __le64 rand = 0;
555 __le16 ediv = 0;
556
557 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
558 smp->prnd);
559
560 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
561
562 memset(stk + smp->enc_key_size, 0,
563 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
564
565 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
566 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
567 ediv, rand);
568 }
569
570 return 0;
571}
572
573static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
574{
575 struct smp_chan *smp;
576
577 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
578 if (!smp)
579 return NULL;
580
581 smp->conn = conn;
582 conn->smp_chan = smp;
583 conn->hcon->smp_conn = conn;
584
585 hci_conn_hold(conn->hcon);
586
587 return smp;
588}
589
590void smp_chan_destroy(struct l2cap_conn *conn)
591{
592 struct smp_chan *smp = conn->smp_chan;
593 bool complete;
594
595 BUG_ON(!smp);
596
597 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
598 mgmt_smp_complete(conn->hcon, complete);
599
600 kfree(smp->csrk);
601 kfree(smp->slave_csrk);
602
603 /* If pairing failed clean up any keys we might have */
604 if (!complete) {
605 if (smp->ltk) {
606 list_del(&smp->ltk->list);
607 kfree(smp->ltk);
608 }
609
610 if (smp->slave_ltk) {
611 list_del(&smp->slave_ltk->list);
612 kfree(smp->slave_ltk);
613 }
614
615 if (smp->remote_irk) {
616 list_del(&smp->remote_irk->list);
617 kfree(smp->remote_irk);
618 }
619 }
620
621 kfree(smp);
622 conn->smp_chan = NULL;
623 conn->hcon->smp_conn = NULL;
624 hci_conn_drop(conn->hcon);
625}
626
627int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
628{
629 struct l2cap_conn *conn = hcon->smp_conn;
630 struct smp_chan *smp;
631 u32 value;
632
633 BT_DBG("");
634
635 if (!conn)
636 return -ENOTCONN;
637
638 smp = conn->smp_chan;
639
640 switch (mgmt_op) {
641 case MGMT_OP_USER_PASSKEY_REPLY:
642 value = le32_to_cpu(passkey);
643 memset(smp->tk, 0, sizeof(smp->tk));
644 BT_DBG("PassKey: %d", value);
645 put_unaligned_le32(value, smp->tk);
646 /* Fall Through */
647 case MGMT_OP_USER_CONFIRM_REPLY:
648 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
649 break;
650 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
651 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
652 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
653 return 0;
654 default:
655 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
656 return -EOPNOTSUPP;
657 }
658
659 /* If it is our turn to send Pairing Confirm, do so now */
660 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
661 smp_confirm(smp);
662
663 return 0;
664}
665
666static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
667{
668 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
669 struct smp_chan *smp;
670 u8 key_size, auth;
671 int ret;
672
673 BT_DBG("conn %p", conn);
674
675 if (skb->len < sizeof(*req))
676 return SMP_INVALID_PARAMS;
677
678 if (conn->hcon->link_mode & HCI_LM_MASTER)
679 return SMP_CMD_NOTSUPP;
680
681 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
682 smp = smp_chan_create(conn);
683 else
684 smp = conn->smp_chan;
685
686 if (!smp)
687 return SMP_UNSPECIFIED;
688
689 smp->preq[0] = SMP_CMD_PAIRING_REQ;
690 memcpy(&smp->preq[1], req, sizeof(*req));
691 skb_pull(skb, sizeof(*req));
692
693 /* We didn't start the pairing, so match remote */
694 auth = req->auth_req;
695
696 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
697
698 build_pairing_cmd(conn, req, &rsp, auth);
699
700 key_size = min(req->max_key_size, rsp.max_key_size);
701 if (check_enc_key_size(conn, key_size))
702 return SMP_ENC_KEY_SIZE;
703
704 get_random_bytes(smp->prnd, sizeof(smp->prnd));
705
706 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
707 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
708
709 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
710
711 /* Request setup of TK */
712 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
713 if (ret)
714 return SMP_UNSPECIFIED;
715
716 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
717
718 return 0;
719}
720
721static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
722{
723 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
724 struct smp_chan *smp = conn->smp_chan;
725 u8 key_size, auth = SMP_AUTH_NONE;
726 int ret;
727
728 BT_DBG("conn %p", conn);
729
730 if (skb->len < sizeof(*rsp))
731 return SMP_INVALID_PARAMS;
732
733 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
734 return SMP_CMD_NOTSUPP;
735
736 skb_pull(skb, sizeof(*rsp));
737
738 req = (void *) &smp->preq[1];
739
740 key_size = min(req->max_key_size, rsp->max_key_size);
741 if (check_enc_key_size(conn, key_size))
742 return SMP_ENC_KEY_SIZE;
743
744 get_random_bytes(smp->prnd, sizeof(smp->prnd));
745
746 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
747 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
748
749 /* Update remote key distribution in case the remote cleared
750 * some bits that we had enabled in our request.
751 */
752 smp->remote_key_dist &= rsp->resp_key_dist;
753
754 if ((req->auth_req & SMP_AUTH_BONDING) &&
755 (rsp->auth_req & SMP_AUTH_BONDING))
756 auth = SMP_AUTH_BONDING;
757
758 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
759
760 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
761 if (ret)
762 return SMP_UNSPECIFIED;
763
764 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
765
766 /* Can't compose response until we have been confirmed */
767 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
768 smp_confirm(smp);
769
770 return 0;
771}
772
773static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
774{
775 struct smp_chan *smp = conn->smp_chan;
776
777 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
778
779 if (skb->len < sizeof(smp->pcnf))
780 return SMP_INVALID_PARAMS;
781
782 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
783 skb_pull(skb, sizeof(smp->pcnf));
784
785 if (conn->hcon->out)
786 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
787 smp->prnd);
788 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
789 smp_confirm(smp);
790 else
791 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
792
793 return 0;
794}
795
796static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
797{
798 struct smp_chan *smp = conn->smp_chan;
799
800 BT_DBG("conn %p", conn);
801
802 if (skb->len < sizeof(smp->rrnd))
803 return SMP_INVALID_PARAMS;
804
805 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
806 skb_pull(skb, sizeof(smp->rrnd));
807
808 return smp_random(smp);
809}
810
811static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
812{
813 struct smp_ltk *key;
814 struct hci_conn *hcon = conn->hcon;
815
816 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
817 hcon->out);
818 if (!key)
819 return 0;
820
821 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
822 return 0;
823
824 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
825 return 1;
826
827 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
828 hcon->enc_key_size = key->enc_size;
829
830 return 1;
831}
832
833static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
834{
835 struct smp_cmd_security_req *rp = (void *) skb->data;
836 struct smp_cmd_pairing cp;
837 struct hci_conn *hcon = conn->hcon;
838 struct smp_chan *smp;
839
840 BT_DBG("conn %p", conn);
841
842 if (skb->len < sizeof(*rp))
843 return SMP_INVALID_PARAMS;
844
845 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
846 return SMP_CMD_NOTSUPP;
847
848 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
849
850 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
851 return 0;
852
853 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
854 return 0;
855
856 smp = smp_chan_create(conn);
857
858 skb_pull(skb, sizeof(*rp));
859
860 memset(&cp, 0, sizeof(cp));
861 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
862
863 smp->preq[0] = SMP_CMD_PAIRING_REQ;
864 memcpy(&smp->preq[1], &cp, sizeof(cp));
865
866 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
867
868 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
869
870 return 0;
871}
872
873bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
874{
875 if (sec_level == BT_SECURITY_LOW)
876 return true;
877
878 if (hcon->sec_level >= sec_level)
879 return true;
880
881 return false;
882}
883
884int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
885{
886 struct l2cap_conn *conn = hcon->l2cap_data;
887 struct smp_chan *smp;
888 __u8 authreq;
889
890 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
891
892 /* This may be NULL if there's an unexpected disconnection */
893 if (!conn)
894 return 1;
895
896 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
897 return 1;
898
899 if (smp_sufficient_security(hcon, sec_level))
900 return 1;
901
902 if (hcon->link_mode & HCI_LM_MASTER)
903 if (smp_ltk_encrypt(conn, sec_level))
904 goto done;
905
906 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
907 return 0;
908
909 smp = smp_chan_create(conn);
910 if (!smp)
911 return 1;
912
913 authreq = seclevel_to_authreq(sec_level);
914
915 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
916 * flag is set we should also set it for the SMP request.
917 */
918 if ((hcon->auth_type & 0x01))
919 authreq |= SMP_AUTH_MITM;
920
921 if (hcon->link_mode & HCI_LM_MASTER) {
922 struct smp_cmd_pairing cp;
923
924 build_pairing_cmd(conn, &cp, NULL, authreq);
925 smp->preq[0] = SMP_CMD_PAIRING_REQ;
926 memcpy(&smp->preq[1], &cp, sizeof(cp));
927
928 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
929 } else {
930 struct smp_cmd_security_req cp;
931 cp.auth_req = authreq;
932 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
933 }
934
935 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
936
937done:
938 hcon->pending_sec_level = sec_level;
939
940 return 0;
941}
942
943static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
944{
945 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
946 struct smp_chan *smp = conn->smp_chan;
947
948 BT_DBG("conn %p", conn);
949
950 if (skb->len < sizeof(*rp))
951 return SMP_INVALID_PARAMS;
952
953 /* Ignore this PDU if it wasn't requested */
954 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
955 return 0;
956
957 skb_pull(skb, sizeof(*rp));
958
959 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
960
961 return 0;
962}
963
964static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
965{
966 struct smp_cmd_master_ident *rp = (void *) skb->data;
967 struct smp_chan *smp = conn->smp_chan;
968 struct hci_dev *hdev = conn->hcon->hdev;
969 struct hci_conn *hcon = conn->hcon;
970 struct smp_ltk *ltk;
971 u8 authenticated;
972
973 BT_DBG("conn %p", conn);
974
975 if (skb->len < sizeof(*rp))
976 return SMP_INVALID_PARAMS;
977
978 /* Ignore this PDU if it wasn't requested */
979 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
980 return 0;
981
982 /* Mark the information as received */
983 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
984
985 skb_pull(skb, sizeof(*rp));
986
987 hci_dev_lock(hdev);
988 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
989 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
990 authenticated, smp->tk, smp->enc_key_size,
991 rp->ediv, rp->rand);
992 smp->ltk = ltk;
993 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
994 smp_distribute_keys(conn);
995 hci_dev_unlock(hdev);
996
997 return 0;
998}
999
1000static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1001{
1002 struct smp_cmd_ident_info *info = (void *) skb->data;
1003 struct smp_chan *smp = conn->smp_chan;
1004
1005 BT_DBG("");
1006
1007 if (skb->len < sizeof(*info))
1008 return SMP_INVALID_PARAMS;
1009
1010 /* Ignore this PDU if it wasn't requested */
1011 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1012 return 0;
1013
1014 skb_pull(skb, sizeof(*info));
1015
1016 memcpy(smp->irk, info->irk, 16);
1017
1018 return 0;
1019}
1020
1021static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1022 struct sk_buff *skb)
1023{
1024 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1025 struct smp_chan *smp = conn->smp_chan;
1026 struct hci_conn *hcon = conn->hcon;
1027 bdaddr_t rpa;
1028
1029 BT_DBG("");
1030
1031 if (skb->len < sizeof(*info))
1032 return SMP_INVALID_PARAMS;
1033
1034 /* Ignore this PDU if it wasn't requested */
1035 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1036 return 0;
1037
1038 /* Mark the information as received */
1039 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1040
1041 skb_pull(skb, sizeof(*info));
1042
1043 /* Strictly speaking the Core Specification (4.1) allows sending
1044 * an empty address which would force us to rely on just the IRK
1045 * as "identity information". However, since such
1046 * implementations are not known of and in order to not over
1047 * complicate our implementation, simply pretend that we never
1048 * received an IRK for such a device.
1049 */
1050 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1051 BT_ERR("Ignoring IRK with no identity address");
1052 smp_distribute_keys(conn);
1053 return 0;
1054 }
1055
1056 bacpy(&smp->id_addr, &info->bdaddr);
1057 smp->id_addr_type = info->addr_type;
1058
1059 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1060 bacpy(&rpa, &hcon->dst);
1061 else
1062 bacpy(&rpa, BDADDR_ANY);
1063
1064 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1065 smp->id_addr_type, smp->irk, &rpa);
1066
1067 smp_distribute_keys(conn);
1068
1069 return 0;
1070}
1071
1072static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1073{
1074 struct smp_cmd_sign_info *rp = (void *) skb->data;
1075 struct smp_chan *smp = conn->smp_chan;
1076 struct hci_dev *hdev = conn->hcon->hdev;
1077 struct smp_csrk *csrk;
1078
1079 BT_DBG("conn %p", conn);
1080
1081 if (skb->len < sizeof(*rp))
1082 return SMP_INVALID_PARAMS;
1083
1084 /* Ignore this PDU if it wasn't requested */
1085 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1086 return 0;
1087
1088 /* Mark the information as received */
1089 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1090
1091 skb_pull(skb, sizeof(*rp));
1092
1093 hci_dev_lock(hdev);
1094 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1095 if (csrk) {
1096 csrk->master = 0x01;
1097 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1098 }
1099 smp->csrk = csrk;
1100 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1101 smp_distribute_keys(conn);
1102 hci_dev_unlock(hdev);
1103
1104 return 0;
1105}
1106
1107int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1108{
1109 struct hci_conn *hcon = conn->hcon;
1110 __u8 code, reason;
1111 int err = 0;
1112
1113 if (hcon->type != LE_LINK) {
1114 kfree_skb(skb);
1115 return 0;
1116 }
1117
1118 if (skb->len < 1) {
1119 kfree_skb(skb);
1120 return -EILSEQ;
1121 }
1122
1123 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1124 err = -ENOTSUPP;
1125 reason = SMP_PAIRING_NOTSUPP;
1126 goto done;
1127 }
1128
1129 code = skb->data[0];
1130 skb_pull(skb, sizeof(code));
1131
1132 /*
1133 * The SMP context must be initialized for all other PDUs except
1134 * pairing and security requests. If we get any other PDU when
1135 * not initialized simply disconnect (done if this function
1136 * returns an error).
1137 */
1138 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1139 !conn->smp_chan) {
1140 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1141 kfree_skb(skb);
1142 return -ENOTSUPP;
1143 }
1144
1145 switch (code) {
1146 case SMP_CMD_PAIRING_REQ:
1147 reason = smp_cmd_pairing_req(conn, skb);
1148 break;
1149
1150 case SMP_CMD_PAIRING_FAIL:
1151 smp_failure(conn, 0);
1152 reason = 0;
1153 err = -EPERM;
1154 break;
1155
1156 case SMP_CMD_PAIRING_RSP:
1157 reason = smp_cmd_pairing_rsp(conn, skb);
1158 break;
1159
1160 case SMP_CMD_SECURITY_REQ:
1161 reason = smp_cmd_security_req(conn, skb);
1162 break;
1163
1164 case SMP_CMD_PAIRING_CONFIRM:
1165 reason = smp_cmd_pairing_confirm(conn, skb);
1166 break;
1167
1168 case SMP_CMD_PAIRING_RANDOM:
1169 reason = smp_cmd_pairing_random(conn, skb);
1170 break;
1171
1172 case SMP_CMD_ENCRYPT_INFO:
1173 reason = smp_cmd_encrypt_info(conn, skb);
1174 break;
1175
1176 case SMP_CMD_MASTER_IDENT:
1177 reason = smp_cmd_master_ident(conn, skb);
1178 break;
1179
1180 case SMP_CMD_IDENT_INFO:
1181 reason = smp_cmd_ident_info(conn, skb);
1182 break;
1183
1184 case SMP_CMD_IDENT_ADDR_INFO:
1185 reason = smp_cmd_ident_addr_info(conn, skb);
1186 break;
1187
1188 case SMP_CMD_SIGN_INFO:
1189 reason = smp_cmd_sign_info(conn, skb);
1190 break;
1191
1192 default:
1193 BT_DBG("Unknown command code 0x%2.2x", code);
1194
1195 reason = SMP_CMD_NOTSUPP;
1196 err = -EOPNOTSUPP;
1197 goto done;
1198 }
1199
1200done:
1201 if (reason)
1202 smp_failure(conn, reason);
1203
1204 kfree_skb(skb);
1205 return err;
1206}
1207
1208static void smp_notify_keys(struct l2cap_conn *conn)
1209{
1210 struct smp_chan *smp = conn->smp_chan;
1211 struct hci_conn *hcon = conn->hcon;
1212 struct hci_dev *hdev = hcon->hdev;
1213 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1214 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1215 bool persistent;
1216
1217 if (smp->remote_irk) {
1218 mgmt_new_irk(hdev, smp->remote_irk);
1219 /* Now that user space can be considered to know the
1220 * identity address track the connection based on it
1221 * from now on.
1222 */
1223 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1224 hcon->dst_type = smp->remote_irk->addr_type;
1225 l2cap_conn_update_id_addr(hcon);
1226 }
1227
1228 /* The LTKs and CSRKs should be persistent only if both sides
1229 * had the bonding bit set in their authentication requests.
1230 */
1231 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1232
1233 if (smp->csrk) {
1234 smp->csrk->bdaddr_type = hcon->dst_type;
1235 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1236 mgmt_new_csrk(hdev, smp->csrk, persistent);
1237 }
1238
1239 if (smp->slave_csrk) {
1240 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1241 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1242 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1243 }
1244
1245 if (smp->ltk) {
1246 smp->ltk->bdaddr_type = hcon->dst_type;
1247 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1248 mgmt_new_ltk(hdev, smp->ltk, persistent);
1249 }
1250
1251 if (smp->slave_ltk) {
1252 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1253 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1254 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1255 }
1256}
1257
1258int smp_distribute_keys(struct l2cap_conn *conn)
1259{
1260 struct smp_cmd_pairing *req, *rsp;
1261 struct smp_chan *smp = conn->smp_chan;
1262 struct hci_conn *hcon = conn->hcon;
1263 struct hci_dev *hdev = hcon->hdev;
1264 __u8 *keydist;
1265
1266 BT_DBG("conn %p", conn);
1267
1268 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1269 return 0;
1270
1271 rsp = (void *) &smp->prsp[1];
1272
1273 /* The responder sends its keys first */
1274 if (hcon->out && (smp->remote_key_dist & 0x07))
1275 return 0;
1276
1277 req = (void *) &smp->preq[1];
1278
1279 if (hcon->out) {
1280 keydist = &rsp->init_key_dist;
1281 *keydist &= req->init_key_dist;
1282 } else {
1283 keydist = &rsp->resp_key_dist;
1284 *keydist &= req->resp_key_dist;
1285 }
1286
1287 BT_DBG("keydist 0x%x", *keydist);
1288
1289 if (*keydist & SMP_DIST_ENC_KEY) {
1290 struct smp_cmd_encrypt_info enc;
1291 struct smp_cmd_master_ident ident;
1292 struct smp_ltk *ltk;
1293 u8 authenticated;
1294 __le16 ediv;
1295 __le64 rand;
1296
1297 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1298 get_random_bytes(&ediv, sizeof(ediv));
1299 get_random_bytes(&rand, sizeof(rand));
1300
1301 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1302
1303 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1304 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1305 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1306 smp->enc_key_size, ediv, rand);
1307 smp->slave_ltk = ltk;
1308
1309 ident.ediv = ediv;
1310 ident.rand = rand;
1311
1312 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1313
1314 *keydist &= ~SMP_DIST_ENC_KEY;
1315 }
1316
1317 if (*keydist & SMP_DIST_ID_KEY) {
1318 struct smp_cmd_ident_addr_info addrinfo;
1319 struct smp_cmd_ident_info idinfo;
1320
1321 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1322
1323 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1324
1325 /* The hci_conn contains the local identity address
1326 * after the connection has been established.
1327 *
1328 * This is true even when the connection has been
1329 * established using a resolvable random address.
1330 */
1331 bacpy(&addrinfo.bdaddr, &hcon->src);
1332 addrinfo.addr_type = hcon->src_type;
1333
1334 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1335 &addrinfo);
1336
1337 *keydist &= ~SMP_DIST_ID_KEY;
1338 }
1339
1340 if (*keydist & SMP_DIST_SIGN) {
1341 struct smp_cmd_sign_info sign;
1342 struct smp_csrk *csrk;
1343
1344 /* Generate a new random key */
1345 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1346
1347 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1348 if (csrk) {
1349 csrk->master = 0x00;
1350 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1351 }
1352 smp->slave_csrk = csrk;
1353
1354 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1355
1356 *keydist &= ~SMP_DIST_SIGN;
1357 }
1358
1359 /* If there are still keys to be received wait for them */
1360 if ((smp->remote_key_dist & 0x07))
1361 return 0;
1362
1363 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1364 cancel_delayed_work_sync(&conn->security_timer);
1365 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1366 smp_notify_keys(conn);
1367
1368 smp_chan_destroy(conn);
1369
1370 return 0;
1371}
Linux kernel - Deliverables
This page took 0.027855 seconds and 5 git commands to generate.