2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
35 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
37 /* Keys which are not distributed with Secure Connections */
38 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
40 #define SMP_TIMEOUT msecs_to_jiffies(30000)
42 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
44 #define KEY_DIST_MASK 0x07
46 /* Maximum message length that can be passed to aes_cmac */
47 #define CMAC_MSG_MAX 80
59 SMP_FLAG_DHKEY_PENDING
,
64 struct l2cap_conn
*conn
;
65 struct delayed_work security_timer
;
66 unsigned long allow_cmd
; /* Bitmask of allowed commands */
68 u8 preq
[7]; /* SMP Pairing Request */
69 u8 prsp
[7]; /* SMP Pairing Response */
70 u8 prnd
[16]; /* SMP Pairing Random (local) */
71 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
72 u8 pcnf
[16]; /* SMP Pairing Confirm */
73 u8 tk
[16]; /* SMP Temporary Key */
80 struct smp_csrk
*csrk
;
81 struct smp_csrk
*slave_csrk
;
83 struct smp_ltk
*slave_ltk
;
84 struct smp_irk
*remote_irk
;
90 /* Secure Connections variables */
97 struct crypto_blkcipher
*tfm_aes
;
98 struct crypto_hash
*tfm_cmac
;
101 /* These debug key values are defined in the SMP section of the core
102 * specification. debug_pk is the public debug key and debug_sk the
105 static const u8 debug_pk
[64] = {
106 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
107 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
108 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
109 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
111 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
112 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
113 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
114 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
117 static const u8 debug_sk
[32] = {
118 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
119 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
120 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
121 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
124 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
128 for (i
= 0; i
< len
; i
++)
129 dst
[len
- 1 - i
] = src
[i
];
132 static int aes_cmac(struct crypto_hash
*tfm
, const u8 k
[16], const u8
*m
,
133 size_t len
, u8 mac
[16])
135 uint8_t tmp
[16], mac_msb
[16], msg_msb
[CMAC_MSG_MAX
];
136 struct hash_desc desc
;
137 struct scatterlist sg
;
140 if (len
> CMAC_MSG_MAX
)
144 BT_ERR("tfm %p", tfm
);
151 crypto_hash_init(&desc
);
153 /* Swap key and message from LSB to MSB */
154 swap_buf(k
, tmp
, 16);
155 swap_buf(m
, msg_msb
, len
);
157 BT_DBG("msg (len %zu) %*phN", len
, (int) len
, m
);
158 BT_DBG("key %16phN", k
);
160 err
= crypto_hash_setkey(tfm
, tmp
, 16);
162 BT_ERR("cipher setkey failed: %d", err
);
166 sg_init_one(&sg
, msg_msb
, len
);
168 err
= crypto_hash_update(&desc
, &sg
, len
);
170 BT_ERR("Hash update error %d", err
);
174 err
= crypto_hash_final(&desc
, mac_msb
);
176 BT_ERR("Hash final error %d", err
);
180 swap_buf(mac_msb
, mac
, 16);
182 BT_DBG("mac %16phN", mac
);
187 static int smp_f4(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
188 const u8 x
[16], u8 z
, u8 res
[16])
193 BT_DBG("u %32phN", u
);
194 BT_DBG("v %32phN", v
);
195 BT_DBG("x %16phN z %02x", x
, z
);
198 memcpy(m
+ 1, v
, 32);
199 memcpy(m
+ 33, u
, 32);
201 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), res
);
205 BT_DBG("res %16phN", res
);
210 static int smp_f5(struct crypto_hash
*tfm_cmac
, u8 w
[32], u8 n1
[16], u8 n2
[16],
211 u8 a1
[7], u8 a2
[7], u8 mackey
[16], u8 ltk
[16])
213 /* The btle, salt and length "magic" values are as defined in
214 * the SMP section of the Bluetooth core specification. In ASCII
215 * the btle value ends up being 'btle'. The salt is just a
216 * random number whereas length is the value 256 in little
219 const u8 btle
[4] = { 0x65, 0x6c, 0x74, 0x62 };
220 const u8 salt
[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
221 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
222 const u8 length
[2] = { 0x00, 0x01 };
226 BT_DBG("w %32phN", w
);
227 BT_DBG("n1 %16phN n2 %16phN", n1
, n2
);
228 BT_DBG("a1 %7phN a2 %7phN", a1
, a2
);
230 err
= aes_cmac(tfm_cmac
, salt
, w
, 32, t
);
234 BT_DBG("t %16phN", t
);
236 memcpy(m
, length
, 2);
237 memcpy(m
+ 2, a2
, 7);
238 memcpy(m
+ 9, a1
, 7);
239 memcpy(m
+ 16, n2
, 16);
240 memcpy(m
+ 32, n1
, 16);
241 memcpy(m
+ 48, btle
, 4);
243 m
[52] = 0; /* Counter */
245 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), mackey
);
249 BT_DBG("mackey %16phN", mackey
);
251 m
[52] = 1; /* Counter */
253 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), ltk
);
257 BT_DBG("ltk %16phN", ltk
);
262 static int smp_f6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
263 const u8 n1
[16], u8 n2
[16], const u8 r
[16],
264 const u8 io_cap
[3], const u8 a1
[7], const u8 a2
[7],
270 BT_DBG("w %16phN", w
);
271 BT_DBG("n1 %16phN n2 %16phN", n1
, n2
);
272 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r
, io_cap
, a1
, a2
);
275 memcpy(m
+ 7, a1
, 7);
276 memcpy(m
+ 14, io_cap
, 3);
277 memcpy(m
+ 17, r
, 16);
278 memcpy(m
+ 33, n2
, 16);
279 memcpy(m
+ 49, n1
, 16);
281 err
= aes_cmac(tfm_cmac
, w
, m
, sizeof(m
), res
);
285 BT_DBG("res %16phN", res
);
290 static int smp_g2(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
291 const u8 x
[16], const u8 y
[16], u32
*val
)
296 BT_DBG("u %32phN", u
);
297 BT_DBG("v %32phN", v
);
298 BT_DBG("x %16phN y %16phN", x
, y
);
301 memcpy(m
+ 16, v
, 32);
302 memcpy(m
+ 48, u
, 32);
304 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), tmp
);
308 *val
= get_unaligned_le32(tmp
);
311 BT_DBG("val %06u", *val
);
316 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
318 struct blkcipher_desc desc
;
319 struct scatterlist sg
;
320 uint8_t tmp
[16], data
[16];
324 BT_ERR("tfm %p", tfm
);
331 /* The most significant octet of key corresponds to k[0] */
332 swap_buf(k
, tmp
, 16);
334 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
336 BT_ERR("cipher setkey failed: %d", err
);
340 /* Most significant octet of plaintextData corresponds to data[0] */
341 swap_buf(r
, data
, 16);
343 sg_init_one(&sg
, data
, 16);
345 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
347 BT_ERR("Encrypt data error %d", err
);
349 /* Most significant octet of encryptedData corresponds to data[0] */
350 swap_buf(data
, r
, 16);
355 static int smp_h6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
356 const u8 key_id
[4], u8 res
[16])
360 BT_DBG("w %16phN key_id %4phN", w
, key_id
);
362 err
= aes_cmac(tfm_cmac
, w
, key_id
, 4, res
);
366 BT_DBG("res %16phN", res
);
371 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
376 /* r' = padding || r */
378 memset(_res
+ 3, 0, 13);
380 err
= smp_e(tfm
, irk
, _res
);
382 BT_ERR("Encrypt error");
386 /* The output of the random address function ah is:
387 * ah(h, r) = e(k, r') mod 2^24
388 * The output of the security function e is then truncated to 24 bits
389 * by taking the least significant 24 bits of the output of e as the
392 memcpy(res
, _res
, 3);
397 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
399 struct l2cap_chan
*chan
= hdev
->smp_data
;
400 struct crypto_blkcipher
*tfm
;
404 if (!chan
|| !chan
->data
)
409 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
411 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
415 return !memcmp(bdaddr
->b
, hash
, 3);
418 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
420 struct l2cap_chan
*chan
= hdev
->smp_data
;
421 struct crypto_blkcipher
*tfm
;
424 if (!chan
|| !chan
->data
)
429 get_random_bytes(&rpa
->b
[3], 3);
431 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
432 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
434 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
438 BT_DBG("RPA %pMR", rpa
);
443 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
444 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
445 bdaddr_t
*ra
, u8 res
[16])
452 /* p1 = pres || preq || _rat || _iat */
455 memcpy(p1
+ 2, preq
, 7);
456 memcpy(p1
+ 9, pres
, 7);
458 /* p2 = padding || ia || ra */
460 memcpy(p2
+ 6, ia
, 6);
461 memset(p2
+ 12, 0, 4);
464 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
466 /* res = e(k, res) */
467 err
= smp_e(tfm_aes
, k
, res
);
469 BT_ERR("Encrypt data error");
473 /* res = res XOR p2 */
474 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
476 /* res = e(k, res) */
477 err
= smp_e(tfm_aes
, k
, res
);
479 BT_ERR("Encrypt data error");
484 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
485 u8 r2
[16], u8 _r
[16])
489 /* Just least significant octets from r1 and r2 are considered */
491 memcpy(_r
+ 8, r1
, 8);
493 err
= smp_e(tfm_aes
, k
, _r
);
495 BT_ERR("Encrypt data error");
500 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
502 struct l2cap_chan
*chan
= conn
->smp
;
503 struct smp_chan
*smp
;
510 BT_DBG("code 0x%2.2x", code
);
512 iv
[0].iov_base
= &code
;
515 iv
[1].iov_base
= data
;
518 memset(&msg
, 0, sizeof(msg
));
520 msg
.msg_iov
= (struct iovec
*) &iv
;
523 l2cap_chan_send(chan
, &msg
, 1 + len
);
530 cancel_delayed_work_sync(&smp
->security_timer
);
531 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
534 static u8
authreq_to_seclevel(u8 authreq
)
536 if (authreq
& SMP_AUTH_MITM
) {
537 if (authreq
& SMP_AUTH_SC
)
538 return BT_SECURITY_FIPS
;
540 return BT_SECURITY_HIGH
;
542 return BT_SECURITY_MEDIUM
;
546 static __u8
seclevel_to_authreq(__u8 sec_level
)
549 case BT_SECURITY_FIPS
:
550 case BT_SECURITY_HIGH
:
551 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
552 case BT_SECURITY_MEDIUM
:
553 return SMP_AUTH_BONDING
;
555 return SMP_AUTH_NONE
;
559 static void build_pairing_cmd(struct l2cap_conn
*conn
,
560 struct smp_cmd_pairing
*req
,
561 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
563 struct l2cap_chan
*chan
= conn
->smp
;
564 struct smp_chan
*smp
= chan
->data
;
565 struct hci_conn
*hcon
= conn
->hcon
;
566 struct hci_dev
*hdev
= hcon
->hdev
;
567 u8 local_dist
= 0, remote_dist
= 0, oob_flag
= SMP_OOB_NOT_PRESENT
;
569 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
570 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
571 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
572 authreq
|= SMP_AUTH_BONDING
;
574 authreq
&= ~SMP_AUTH_BONDING
;
577 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
578 remote_dist
|= SMP_DIST_ID_KEY
;
580 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
581 local_dist
|= SMP_DIST_ID_KEY
;
583 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
584 (authreq
& SMP_AUTH_SC
)) {
585 struct oob_data
*oob_data
;
588 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
589 local_dist
|= SMP_DIST_LINK_KEY
;
590 remote_dist
|= SMP_DIST_LINK_KEY
;
593 if (hcon
->dst_type
== ADDR_LE_DEV_PUBLIC
)
594 bdaddr_type
= BDADDR_LE_PUBLIC
;
596 bdaddr_type
= BDADDR_LE_RANDOM
;
598 oob_data
= hci_find_remote_oob_data(hdev
, &hcon
->dst
,
601 set_bit(SMP_FLAG_OOB
, &smp
->flags
);
602 oob_flag
= SMP_OOB_PRESENT
;
603 memcpy(smp
->rr
, oob_data
->rand256
, 16);
604 memcpy(smp
->pcnf
, oob_data
->hash256
, 16);
608 authreq
&= ~SMP_AUTH_SC
;
612 req
->io_capability
= conn
->hcon
->io_capability
;
613 req
->oob_flag
= oob_flag
;
614 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
615 req
->init_key_dist
= local_dist
;
616 req
->resp_key_dist
= remote_dist
;
617 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
619 smp
->remote_key_dist
= remote_dist
;
623 rsp
->io_capability
= conn
->hcon
->io_capability
;
624 rsp
->oob_flag
= oob_flag
;
625 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
626 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
627 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
628 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
630 smp
->remote_key_dist
= rsp
->init_key_dist
;
633 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
635 struct l2cap_chan
*chan
= conn
->smp
;
636 struct smp_chan
*smp
= chan
->data
;
638 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
639 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
640 return SMP_ENC_KEY_SIZE
;
642 smp
->enc_key_size
= max_key_size
;
647 static void smp_chan_destroy(struct l2cap_conn
*conn
)
649 struct l2cap_chan
*chan
= conn
->smp
;
650 struct smp_chan
*smp
= chan
->data
;
655 cancel_delayed_work_sync(&smp
->security_timer
);
657 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
658 mgmt_smp_complete(conn
->hcon
, complete
);
661 kfree(smp
->slave_csrk
);
662 kfree(smp
->link_key
);
664 crypto_free_blkcipher(smp
->tfm_aes
);
665 crypto_free_hash(smp
->tfm_cmac
);
667 /* If pairing failed clean up any keys we might have */
670 list_del_rcu(&smp
->ltk
->list
);
671 kfree_rcu(smp
->ltk
, rcu
);
674 if (smp
->slave_ltk
) {
675 list_del_rcu(&smp
->slave_ltk
->list
);
676 kfree_rcu(smp
->slave_ltk
, rcu
);
679 if (smp
->remote_irk
) {
680 list_del_rcu(&smp
->remote_irk
->list
);
681 kfree_rcu(smp
->remote_irk
, rcu
);
687 hci_conn_drop(conn
->hcon
);
690 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
692 struct hci_conn
*hcon
= conn
->hcon
;
693 struct l2cap_chan
*chan
= conn
->smp
;
696 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
699 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
700 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
703 smp_chan_destroy(conn
);
706 #define JUST_WORKS 0x00
707 #define JUST_CFM 0x01
708 #define REQ_PASSKEY 0x02
709 #define CFM_PASSKEY 0x03
711 #define DSP_PASSKEY 0x05
714 static const u8 gen_method
[5][5] = {
715 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
716 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
717 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
718 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
719 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
722 static const u8 sc_method
[5][5] = {
723 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
724 { JUST_WORKS
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
725 { DSP_PASSKEY
, DSP_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, DSP_PASSKEY
},
726 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
727 { DSP_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
730 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
732 /* If either side has unknown io_caps, use JUST_CFM (which gets
733 * converted later to JUST_WORKS if we're initiators.
735 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
736 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
739 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
740 return sc_method
[remote_io
][local_io
];
742 return gen_method
[remote_io
][local_io
];
745 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
746 u8 local_io
, u8 remote_io
)
748 struct hci_conn
*hcon
= conn
->hcon
;
749 struct l2cap_chan
*chan
= conn
->smp
;
750 struct smp_chan
*smp
= chan
->data
;
754 /* Initialize key for JUST WORKS */
755 memset(smp
->tk
, 0, sizeof(smp
->tk
));
756 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
758 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
760 /* If neither side wants MITM, either "just" confirm an incoming
761 * request or use just-works for outgoing ones. The JUST_CFM
762 * will be converted to JUST_WORKS if necessary later in this
763 * function. If either side has MITM look up the method from the
766 if (!(auth
& SMP_AUTH_MITM
))
767 smp
->method
= JUST_CFM
;
769 smp
->method
= get_auth_method(smp
, local_io
, remote_io
);
771 /* Don't confirm locally initiated pairing attempts */
772 if (smp
->method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
,
774 smp
->method
= JUST_WORKS
;
776 /* Don't bother user space with no IO capabilities */
777 if (smp
->method
== JUST_CFM
&&
778 hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
779 smp
->method
= JUST_WORKS
;
781 /* If Just Works, Continue with Zero TK */
782 if (smp
->method
== JUST_WORKS
) {
783 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
787 /* Not Just Works/Confirm results in MITM Authentication */
788 if (smp
->method
!= JUST_CFM
) {
789 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
790 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
791 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
794 /* If both devices have Keyoard-Display I/O, the master
795 * Confirms and the slave Enters the passkey.
797 if (smp
->method
== OVERLAP
) {
798 if (hcon
->role
== HCI_ROLE_MASTER
)
799 smp
->method
= CFM_PASSKEY
;
801 smp
->method
= REQ_PASSKEY
;
804 /* Generate random passkey. */
805 if (smp
->method
== CFM_PASSKEY
) {
806 memset(smp
->tk
, 0, sizeof(smp
->tk
));
807 get_random_bytes(&passkey
, sizeof(passkey
));
809 put_unaligned_le32(passkey
, smp
->tk
);
810 BT_DBG("PassKey: %d", passkey
);
811 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
814 if (smp
->method
== REQ_PASSKEY
)
815 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
816 hcon
->type
, hcon
->dst_type
);
817 else if (smp
->method
== JUST_CFM
)
818 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
819 hcon
->type
, hcon
->dst_type
,
822 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
823 hcon
->type
, hcon
->dst_type
,
829 static u8
smp_confirm(struct smp_chan
*smp
)
831 struct l2cap_conn
*conn
= smp
->conn
;
832 struct smp_cmd_pairing_confirm cp
;
835 BT_DBG("conn %p", conn
);
837 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
838 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
839 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
842 return SMP_UNSPECIFIED
;
844 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
846 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
849 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
851 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
856 static u8
smp_random(struct smp_chan
*smp
)
858 struct l2cap_conn
*conn
= smp
->conn
;
859 struct hci_conn
*hcon
= conn
->hcon
;
863 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
864 return SMP_UNSPECIFIED
;
866 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
868 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
869 hcon
->init_addr_type
, &hcon
->init_addr
,
870 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
872 return SMP_UNSPECIFIED
;
874 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
875 BT_ERR("Pairing failed (confirmation values mismatch)");
876 return SMP_CONFIRM_FAILED
;
884 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
886 memset(stk
+ smp
->enc_key_size
, 0,
887 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
889 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
890 return SMP_UNSPECIFIED
;
892 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
893 hcon
->enc_key_size
= smp
->enc_key_size
;
894 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
900 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
903 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
905 memset(stk
+ smp
->enc_key_size
, 0,
906 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
908 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
913 /* Even though there's no _SLAVE suffix this is the
914 * slave STK we're adding for later lookup (the master
915 * STK never needs to be stored).
917 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
918 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
924 static void smp_notify_keys(struct l2cap_conn
*conn
)
926 struct l2cap_chan
*chan
= conn
->smp
;
927 struct smp_chan
*smp
= chan
->data
;
928 struct hci_conn
*hcon
= conn
->hcon
;
929 struct hci_dev
*hdev
= hcon
->hdev
;
930 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
931 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
934 if (smp
->remote_irk
) {
935 mgmt_new_irk(hdev
, smp
->remote_irk
);
936 /* Now that user space can be considered to know the
937 * identity address track the connection based on it
938 * from now on (assuming this is an LE link).
940 if (hcon
->type
== LE_LINK
) {
941 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
942 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
943 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
946 /* When receiving an indentity resolving key for
947 * a remote device that does not use a resolvable
948 * private address, just remove the key so that
949 * it is possible to use the controller white
952 * Userspace will have been told to not store
953 * this key at this point. So it is safe to
956 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
957 list_del_rcu(&smp
->remote_irk
->list
);
958 kfree_rcu(smp
->remote_irk
, rcu
);
959 smp
->remote_irk
= NULL
;
963 if (hcon
->type
== ACL_LINK
) {
964 if (hcon
->key_type
== HCI_LK_DEBUG_COMBINATION
)
967 persistent
= !test_bit(HCI_CONN_FLUSH_KEY
,
970 /* The LTKs and CSRKs should be persistent only if both sides
971 * had the bonding bit set in their authentication requests.
973 persistent
= !!((req
->auth_req
& rsp
->auth_req
) &
979 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
980 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
981 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
984 if (smp
->slave_csrk
) {
985 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
986 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
987 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
991 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
992 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
993 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
996 if (smp
->slave_ltk
) {
997 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
998 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
999 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1002 if (smp
->link_key
) {
1003 struct link_key
*key
;
1006 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1007 type
= HCI_LK_DEBUG_COMBINATION
;
1008 else if (hcon
->sec_level
== BT_SECURITY_FIPS
)
1009 type
= HCI_LK_AUTH_COMBINATION_P256
;
1011 type
= HCI_LK_UNAUTH_COMBINATION_P256
;
1013 key
= hci_add_link_key(hdev
, smp
->conn
->hcon
, &hcon
->dst
,
1014 smp
->link_key
, type
, 0, &persistent
);
1016 mgmt_new_link_key(hdev
, key
, persistent
);
1018 /* Don't keep debug keys around if the relevant
1021 if (!test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
) &&
1022 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
1023 list_del_rcu(&key
->list
);
1024 kfree_rcu(key
, rcu
);
1030 static void sc_add_ltk(struct smp_chan
*smp
)
1032 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1035 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1036 key_type
= SMP_LTK_P256_DEBUG
;
1038 key_type
= SMP_LTK_P256
;
1040 if (hcon
->pending_sec_level
== BT_SECURITY_FIPS
)
1045 memset(smp
->tk
+ smp
->enc_key_size
, 0,
1046 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
1048 smp
->ltk
= hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1049 key_type
, auth
, smp
->tk
, smp
->enc_key_size
,
1053 static void sc_generate_link_key(struct smp_chan
*smp
)
1055 /* These constants are as specified in the core specification.
1056 * In ASCII they spell out to 'tmp1' and 'lebr'.
1058 const u8 tmp1
[4] = { 0x31, 0x70, 0x6d, 0x74 };
1059 const u8 lebr
[4] = { 0x72, 0x62, 0x65, 0x6c };
1061 smp
->link_key
= kzalloc(16, GFP_KERNEL
);
1065 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, tmp1
, smp
->link_key
)) {
1066 kfree(smp
->link_key
);
1067 smp
->link_key
= NULL
;
1071 if (smp_h6(smp
->tfm_cmac
, smp
->link_key
, lebr
, smp
->link_key
)) {
1072 kfree(smp
->link_key
);
1073 smp
->link_key
= NULL
;
1078 static void smp_allow_key_dist(struct smp_chan
*smp
)
1080 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1081 * will be allowed in each PDU handler to ensure we receive
1082 * them in the correct order.
1084 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
1085 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
1086 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1087 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1088 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1089 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1092 static void sc_generate_ltk(struct smp_chan
*smp
)
1094 /* These constants are as specified in the core specification.
1095 * In ASCII they spell out to 'tmp2' and 'brle'.
1097 const u8 tmp2
[4] = { 0x32, 0x70, 0x6d, 0x74 };
1098 const u8 brle
[4] = { 0x65, 0x6c, 0x72, 0x62 };
1099 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1100 struct hci_dev
*hdev
= hcon
->hdev
;
1101 struct link_key
*key
;
1103 key
= hci_find_link_key(hdev
, &hcon
->dst
);
1105 BT_ERR("%s No Link Key found to generate LTK", hdev
->name
);
1109 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
1110 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1112 if (smp_h6(smp
->tfm_cmac
, key
->val
, tmp2
, smp
->tk
))
1115 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, brle
, smp
->tk
))
1121 static void smp_distribute_keys(struct smp_chan
*smp
)
1123 struct smp_cmd_pairing
*req
, *rsp
;
1124 struct l2cap_conn
*conn
= smp
->conn
;
1125 struct hci_conn
*hcon
= conn
->hcon
;
1126 struct hci_dev
*hdev
= hcon
->hdev
;
1129 BT_DBG("conn %p", conn
);
1131 rsp
= (void *) &smp
->prsp
[1];
1133 /* The responder sends its keys first */
1134 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
1135 smp_allow_key_dist(smp
);
1139 req
= (void *) &smp
->preq
[1];
1142 keydist
= &rsp
->init_key_dist
;
1143 *keydist
&= req
->init_key_dist
;
1145 keydist
= &rsp
->resp_key_dist
;
1146 *keydist
&= req
->resp_key_dist
;
1149 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1150 if (hcon
->type
== LE_LINK
&& (*keydist
& SMP_DIST_LINK_KEY
))
1151 sc_generate_link_key(smp
);
1152 if (hcon
->type
== ACL_LINK
&& (*keydist
& SMP_DIST_ENC_KEY
))
1153 sc_generate_ltk(smp
);
1155 /* Clear the keys which are generated but not distributed */
1156 *keydist
&= ~SMP_SC_NO_DIST
;
1159 BT_DBG("keydist 0x%x", *keydist
);
1161 if (*keydist
& SMP_DIST_ENC_KEY
) {
1162 struct smp_cmd_encrypt_info enc
;
1163 struct smp_cmd_master_ident ident
;
1164 struct smp_ltk
*ltk
;
1169 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1170 get_random_bytes(&ediv
, sizeof(ediv
));
1171 get_random_bytes(&rand
, sizeof(rand
));
1173 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1175 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1176 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1177 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1178 smp
->enc_key_size
, ediv
, rand
);
1179 smp
->slave_ltk
= ltk
;
1184 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1186 *keydist
&= ~SMP_DIST_ENC_KEY
;
1189 if (*keydist
& SMP_DIST_ID_KEY
) {
1190 struct smp_cmd_ident_addr_info addrinfo
;
1191 struct smp_cmd_ident_info idinfo
;
1193 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1195 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1197 /* The hci_conn contains the local identity address
1198 * after the connection has been established.
1200 * This is true even when the connection has been
1201 * established using a resolvable random address.
1203 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1204 addrinfo
.addr_type
= hcon
->src_type
;
1206 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1209 *keydist
&= ~SMP_DIST_ID_KEY
;
1212 if (*keydist
& SMP_DIST_SIGN
) {
1213 struct smp_cmd_sign_info sign
;
1214 struct smp_csrk
*csrk
;
1216 /* Generate a new random key */
1217 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1219 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1221 csrk
->master
= 0x00;
1222 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1224 smp
->slave_csrk
= csrk
;
1226 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1228 *keydist
&= ~SMP_DIST_SIGN
;
1231 /* If there are still keys to be received wait for them */
1232 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
1233 smp_allow_key_dist(smp
);
1237 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1238 smp_notify_keys(conn
);
1240 smp_chan_destroy(conn
);
1243 static void smp_timeout(struct work_struct
*work
)
1245 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
1246 security_timer
.work
);
1247 struct l2cap_conn
*conn
= smp
->conn
;
1249 BT_DBG("conn %p", conn
);
1251 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
1254 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
1256 struct l2cap_chan
*chan
= conn
->smp
;
1257 struct smp_chan
*smp
;
1259 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
1263 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1264 if (IS_ERR(smp
->tfm_aes
)) {
1265 BT_ERR("Unable to create ECB crypto context");
1270 smp
->tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
1271 if (IS_ERR(smp
->tfm_cmac
)) {
1272 BT_ERR("Unable to create CMAC crypto context");
1273 crypto_free_blkcipher(smp
->tfm_aes
);
1281 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
1283 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
1285 hci_conn_hold(conn
->hcon
);
1290 static int sc_mackey_and_ltk(struct smp_chan
*smp
, u8 mackey
[16], u8 ltk
[16])
1292 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1293 u8
*na
, *nb
, a
[7], b
[7];
1303 memcpy(a
, &hcon
->init_addr
, 6);
1304 memcpy(b
, &hcon
->resp_addr
, 6);
1305 a
[6] = hcon
->init_addr_type
;
1306 b
[6] = hcon
->resp_addr_type
;
1308 return smp_f5(smp
->tfm_cmac
, smp
->dhkey
, na
, nb
, a
, b
, mackey
, ltk
);
1311 static void sc_dhkey_check(struct smp_chan
*smp
)
1313 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1314 struct smp_cmd_dhkey_check check
;
1315 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
1316 u8 io_cap
[3], r
[16];
1318 memcpy(a
, &hcon
->init_addr
, 6);
1319 memcpy(b
, &hcon
->resp_addr
, 6);
1320 a
[6] = hcon
->init_addr_type
;
1321 b
[6] = hcon
->resp_addr_type
;
1326 memcpy(io_cap
, &smp
->preq
[1], 3);
1330 memcpy(io_cap
, &smp
->prsp
[1], 3);
1333 memset(r
, 0, sizeof(r
));
1335 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1336 put_unaligned_le32(hcon
->passkey_notify
, r
);
1338 if (smp
->method
== REQ_OOB
)
1339 memcpy(r
, smp
->rr
, 16);
1341 smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->prnd
, smp
->rrnd
, r
, io_cap
,
1342 local_addr
, remote_addr
, check
.e
);
1344 smp_send_cmd(smp
->conn
, SMP_CMD_DHKEY_CHECK
, sizeof(check
), &check
);
1347 static u8
sc_passkey_send_confirm(struct smp_chan
*smp
)
1349 struct l2cap_conn
*conn
= smp
->conn
;
1350 struct hci_conn
*hcon
= conn
->hcon
;
1351 struct smp_cmd_pairing_confirm cfm
;
1354 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1357 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1359 if (smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
, r
,
1361 return SMP_UNSPECIFIED
;
1363 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
1368 static u8
sc_passkey_round(struct smp_chan
*smp
, u8 smp_op
)
1370 struct l2cap_conn
*conn
= smp
->conn
;
1371 struct hci_conn
*hcon
= conn
->hcon
;
1372 struct hci_dev
*hdev
= hcon
->hdev
;
1375 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1376 if (smp
->passkey_round
>= 20)
1380 case SMP_CMD_PAIRING_RANDOM
:
1381 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1384 if (smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1386 return SMP_UNSPECIFIED
;
1388 if (memcmp(smp
->pcnf
, cfm
, 16))
1389 return SMP_CONFIRM_FAILED
;
1391 smp
->passkey_round
++;
1393 if (smp
->passkey_round
== 20) {
1394 /* Generate MacKey and LTK */
1395 if (sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
))
1396 return SMP_UNSPECIFIED
;
1399 /* The round is only complete when the initiator
1400 * receives pairing random.
1403 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1404 sizeof(smp
->prnd
), smp
->prnd
);
1405 if (smp
->passkey_round
== 20)
1406 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1408 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1412 /* Start the next round */
1413 if (smp
->passkey_round
!= 20)
1414 return sc_passkey_round(smp
, 0);
1416 /* Passkey rounds are complete - start DHKey Check */
1417 sc_dhkey_check(smp
);
1418 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1422 case SMP_CMD_PAIRING_CONFIRM
:
1423 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
1424 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1428 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1431 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1432 sizeof(smp
->prnd
), smp
->prnd
);
1436 return sc_passkey_send_confirm(smp
);
1438 case SMP_CMD_PUBLIC_KEY
:
1440 /* Initiating device starts the round */
1444 BT_DBG("%s Starting passkey round %u", hdev
->name
,
1445 smp
->passkey_round
+ 1);
1447 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1449 return sc_passkey_send_confirm(smp
);
1455 static int sc_user_reply(struct smp_chan
*smp
, u16 mgmt_op
, __le32 passkey
)
1457 struct l2cap_conn
*conn
= smp
->conn
;
1458 struct hci_conn
*hcon
= conn
->hcon
;
1461 clear_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
1464 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1465 smp_failure(smp
->conn
, SMP_PASSKEY_ENTRY_FAILED
);
1467 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1468 smp_failure(smp
->conn
, SMP_NUMERIC_COMP_FAILED
);
1470 case MGMT_OP_USER_PASSKEY_REPLY
:
1471 hcon
->passkey_notify
= le32_to_cpu(passkey
);
1472 smp
->passkey_round
= 0;
1474 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
))
1475 smp_op
= SMP_CMD_PAIRING_CONFIRM
;
1479 if (sc_passkey_round(smp
, smp_op
))
1485 /* Initiator sends DHKey check first */
1487 sc_dhkey_check(smp
);
1488 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1489 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
)) {
1490 sc_dhkey_check(smp
);
1497 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
1499 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1500 struct l2cap_chan
*chan
;
1501 struct smp_chan
*smp
;
1514 l2cap_chan_lock(chan
);
1522 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1523 err
= sc_user_reply(smp
, mgmt_op
, passkey
);
1528 case MGMT_OP_USER_PASSKEY_REPLY
:
1529 value
= le32_to_cpu(passkey
);
1530 memset(smp
->tk
, 0, sizeof(smp
->tk
));
1531 BT_DBG("PassKey: %d", value
);
1532 put_unaligned_le32(value
, smp
->tk
);
1534 case MGMT_OP_USER_CONFIRM_REPLY
:
1535 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
1537 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1538 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1539 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1543 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1550 /* If it is our turn to send Pairing Confirm, do so now */
1551 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
1552 u8 rsp
= smp_confirm(smp
);
1554 smp_failure(conn
, rsp
);
1558 l2cap_chan_unlock(chan
);
1562 static void build_bredr_pairing_cmd(struct smp_chan
*smp
,
1563 struct smp_cmd_pairing
*req
,
1564 struct smp_cmd_pairing
*rsp
)
1566 struct l2cap_conn
*conn
= smp
->conn
;
1567 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1568 u8 local_dist
= 0, remote_dist
= 0;
1570 if (test_bit(HCI_BONDABLE
, &hdev
->dev_flags
)) {
1571 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1572 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1575 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
1576 remote_dist
|= SMP_DIST_ID_KEY
;
1578 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
1579 local_dist
|= SMP_DIST_ID_KEY
;
1582 memset(req
, 0, sizeof(*req
));
1584 req
->init_key_dist
= local_dist
;
1585 req
->resp_key_dist
= remote_dist
;
1586 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1588 smp
->remote_key_dist
= remote_dist
;
1593 memset(rsp
, 0, sizeof(*rsp
));
1595 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1596 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
1597 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
1599 smp
->remote_key_dist
= rsp
->init_key_dist
;
1602 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1604 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
1605 struct l2cap_chan
*chan
= conn
->smp
;
1606 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1607 struct smp_chan
*smp
;
1608 u8 key_size
, auth
, sec_level
;
1611 BT_DBG("conn %p", conn
);
1613 if (skb
->len
< sizeof(*req
))
1614 return SMP_INVALID_PARAMS
;
1616 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
1617 return SMP_CMD_NOTSUPP
;
1620 smp
= smp_chan_create(conn
);
1625 return SMP_UNSPECIFIED
;
1627 /* We didn't start the pairing, so match remote */
1628 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
1630 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
1631 (auth
& SMP_AUTH_BONDING
))
1632 return SMP_PAIRING_NOTSUPP
;
1634 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
1635 return SMP_AUTH_REQUIREMENTS
;
1637 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1638 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
1639 skb_pull(skb
, sizeof(*req
));
1641 /* SMP over BR/EDR requires special treatment */
1642 if (conn
->hcon
->type
== ACL_LINK
) {
1643 /* We must have a BR/EDR SC link */
1644 if (!test_bit(HCI_CONN_AES_CCM
, &conn
->hcon
->flags
))
1645 return SMP_CROSS_TRANSP_NOT_ALLOWED
;
1647 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1649 build_bredr_pairing_cmd(smp
, req
, &rsp
);
1651 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1652 if (check_enc_key_size(conn
, key_size
))
1653 return SMP_ENC_KEY_SIZE
;
1655 /* Clear bits which are generated but not distributed */
1656 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1658 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1659 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1660 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1662 smp_distribute_keys(smp
);
1666 build_pairing_cmd(conn
, req
, &rsp
, auth
);
1668 if (rsp
.auth_req
& SMP_AUTH_SC
)
1669 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1671 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1672 sec_level
= BT_SECURITY_MEDIUM
;
1674 sec_level
= authreq_to_seclevel(auth
);
1676 if (sec_level
> conn
->hcon
->pending_sec_level
)
1677 conn
->hcon
->pending_sec_level
= sec_level
;
1679 /* If we need MITM check that it can be achieved */
1680 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1683 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
1684 req
->io_capability
);
1685 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1686 return SMP_AUTH_REQUIREMENTS
;
1689 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1690 if (check_enc_key_size(conn
, key_size
))
1691 return SMP_ENC_KEY_SIZE
;
1693 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1695 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1696 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1698 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1700 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1702 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1703 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1704 /* Clear bits which are generated but not distributed */
1705 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1706 /* Wait for Public Key from Initiating Device */
1709 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1712 /* Request setup of TK */
1713 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1715 return SMP_UNSPECIFIED
;
1720 static u8
sc_send_public_key(struct smp_chan
*smp
)
1722 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
1726 if (test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
)) {
1727 BT_DBG("Using debug keys");
1728 memcpy(smp
->local_pk
, debug_pk
, 64);
1729 memcpy(smp
->local_sk
, debug_sk
, 32);
1730 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1733 /* Generate local key pair for Secure Connections */
1734 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
1735 return SMP_UNSPECIFIED
;
1737 /* This is unlikely, but we need to check that
1738 * we didn't accidentially generate a debug key.
1740 if (memcmp(smp
->local_sk
, debug_sk
, 32))
1745 BT_DBG("Local Public Key X: %32phN", smp
->local_pk
);
1746 BT_DBG("Local Public Key Y: %32phN", &smp
->local_pk
[32]);
1747 BT_DBG("Local Private Key: %32phN", smp
->local_sk
);
1749 smp_send_cmd(smp
->conn
, SMP_CMD_PUBLIC_KEY
, 64, smp
->local_pk
);
1754 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1756 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1757 struct l2cap_chan
*chan
= conn
->smp
;
1758 struct smp_chan
*smp
= chan
->data
;
1759 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1763 BT_DBG("conn %p", conn
);
1765 if (skb
->len
< sizeof(*rsp
))
1766 return SMP_INVALID_PARAMS
;
1768 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1769 return SMP_CMD_NOTSUPP
;
1771 skb_pull(skb
, sizeof(*rsp
));
1773 req
= (void *) &smp
->preq
[1];
1775 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1776 if (check_enc_key_size(conn
, key_size
))
1777 return SMP_ENC_KEY_SIZE
;
1779 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1781 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
1782 return SMP_AUTH_REQUIREMENTS
;
1784 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1785 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1787 /* Update remote key distribution in case the remote cleared
1788 * some bits that we had enabled in our request.
1790 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1792 /* For BR/EDR this means we're done and can start phase 3 */
1793 if (conn
->hcon
->type
== ACL_LINK
) {
1794 /* Clear bits which are generated but not distributed */
1795 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1796 smp_distribute_keys(smp
);
1800 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1801 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1802 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1803 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1805 /* If we need MITM check that it can be achieved */
1806 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1809 method
= get_auth_method(smp
, req
->io_capability
,
1810 rsp
->io_capability
);
1811 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1812 return SMP_AUTH_REQUIREMENTS
;
1815 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1817 /* Update remote key distribution in case the remote cleared
1818 * some bits that we had enabled in our request.
1820 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1822 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1823 /* Clear bits which are generated but not distributed */
1824 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1825 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1826 return sc_send_public_key(smp
);
1829 auth
|= req
->auth_req
;
1831 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1833 return SMP_UNSPECIFIED
;
1835 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1837 /* Can't compose response until we have been confirmed */
1838 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1839 return smp_confirm(smp
);
1844 static u8
sc_check_confirm(struct smp_chan
*smp
)
1846 struct l2cap_conn
*conn
= smp
->conn
;
1850 /* Public Key exchange must happen before any other steps */
1851 if (!test_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
))
1852 return SMP_UNSPECIFIED
;
1854 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1855 return sc_passkey_round(smp
, SMP_CMD_PAIRING_CONFIRM
);
1857 if (conn
->hcon
->out
) {
1858 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1860 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1866 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1868 struct l2cap_chan
*chan
= conn
->smp
;
1869 struct smp_chan
*smp
= chan
->data
;
1871 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1873 if (skb
->len
< sizeof(smp
->pcnf
))
1874 return SMP_INVALID_PARAMS
;
1876 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1877 skb_pull(skb
, sizeof(smp
->pcnf
));
1879 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
1880 return sc_check_confirm(smp
);
1882 if (conn
->hcon
->out
) {
1883 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1885 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1889 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1890 return smp_confirm(smp
);
1892 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1897 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1899 struct l2cap_chan
*chan
= conn
->smp
;
1900 struct smp_chan
*smp
= chan
->data
;
1901 struct hci_conn
*hcon
= conn
->hcon
;
1902 u8
*pkax
, *pkbx
, *na
, *nb
;
1906 BT_DBG("conn %p", conn
);
1908 if (skb
->len
< sizeof(smp
->rrnd
))
1909 return SMP_INVALID_PARAMS
;
1911 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1912 skb_pull(skb
, sizeof(smp
->rrnd
));
1914 if (!test_bit(SMP_FLAG_SC
, &smp
->flags
))
1915 return smp_random(smp
);
1917 if (smp
->method
== REQ_OOB
) {
1919 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1920 sizeof(smp
->prnd
), smp
->prnd
);
1921 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1922 goto mackey_and_ltk
;
1925 /* Passkey entry has special treatment */
1926 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1927 return sc_passkey_round(smp
, SMP_CMD_PAIRING_RANDOM
);
1932 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1935 return SMP_UNSPECIFIED
;
1937 if (memcmp(smp
->pcnf
, cfm
, 16))
1938 return SMP_CONFIRM_FAILED
;
1940 pkax
= smp
->local_pk
;
1941 pkbx
= smp
->remote_pk
;
1945 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1947 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1949 pkax
= smp
->remote_pk
;
1950 pkbx
= smp
->local_pk
;
1956 /* Generate MacKey and LTK */
1957 err
= sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
);
1959 return SMP_UNSPECIFIED
;
1961 if (smp
->method
== JUST_WORKS
|| smp
->method
== REQ_OOB
) {
1963 sc_dhkey_check(smp
);
1964 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1969 err
= smp_g2(smp
->tfm_cmac
, pkax
, pkbx
, na
, nb
, &passkey
);
1971 return SMP_UNSPECIFIED
;
1973 err
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
, hcon
->type
,
1974 hcon
->dst_type
, passkey
, 0);
1976 return SMP_UNSPECIFIED
;
1978 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
1983 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1985 struct smp_ltk
*key
;
1986 struct hci_conn
*hcon
= conn
->hcon
;
1988 key
= hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
);
1992 if (smp_ltk_sec_level(key
) < sec_level
)
1995 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1998 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1999 hcon
->enc_key_size
= key
->enc_size
;
2001 /* We never store STKs for master role, so clear this flag */
2002 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
2007 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
2008 enum smp_key_pref key_pref
)
2010 if (sec_level
== BT_SECURITY_LOW
)
2013 /* If we're encrypted with an STK but the caller prefers using
2014 * LTK claim insufficient security. This way we allow the
2015 * connection to be re-encrypted with an LTK, even if the LTK
2016 * provides the same level of security. Only exception is if we
2017 * don't have an LTK (e.g. because of key distribution bits).
2019 if (key_pref
== SMP_USE_LTK
&&
2020 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
2021 hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
))
2024 if (hcon
->sec_level
>= sec_level
)
2030 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2032 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
2033 struct smp_cmd_pairing cp
;
2034 struct hci_conn
*hcon
= conn
->hcon
;
2035 struct hci_dev
*hdev
= hcon
->hdev
;
2036 struct smp_chan
*smp
;
2039 BT_DBG("conn %p", conn
);
2041 if (skb
->len
< sizeof(*rp
))
2042 return SMP_INVALID_PARAMS
;
2044 if (hcon
->role
!= HCI_ROLE_MASTER
)
2045 return SMP_CMD_NOTSUPP
;
2047 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
2049 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
2050 return SMP_AUTH_REQUIREMENTS
;
2052 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
2053 sec_level
= BT_SECURITY_MEDIUM
;
2055 sec_level
= authreq_to_seclevel(auth
);
2057 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2060 if (sec_level
> hcon
->pending_sec_level
)
2061 hcon
->pending_sec_level
= sec_level
;
2063 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2066 smp
= smp_chan_create(conn
);
2068 return SMP_UNSPECIFIED
;
2070 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
2071 (auth
& SMP_AUTH_BONDING
))
2072 return SMP_PAIRING_NOTSUPP
;
2074 skb_pull(skb
, sizeof(*rp
));
2076 memset(&cp
, 0, sizeof(cp
));
2077 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
2079 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2080 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2082 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2083 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2088 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
2090 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
2091 struct l2cap_chan
*chan
;
2092 struct smp_chan
*smp
;
2096 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
2098 /* This may be NULL if there's an unexpected disconnection */
2104 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
2107 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2110 if (sec_level
> hcon
->pending_sec_level
)
2111 hcon
->pending_sec_level
= sec_level
;
2113 if (hcon
->role
== HCI_ROLE_MASTER
)
2114 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2117 l2cap_chan_lock(chan
);
2119 /* If SMP is already in progress ignore this request */
2125 smp
= smp_chan_create(conn
);
2131 authreq
= seclevel_to_authreq(sec_level
);
2133 if (test_bit(HCI_SC_ENABLED
, &hcon
->hdev
->dev_flags
))
2134 authreq
|= SMP_AUTH_SC
;
2136 /* Require MITM if IO Capability allows or the security level
2139 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
2140 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
2141 authreq
|= SMP_AUTH_MITM
;
2143 if (hcon
->role
== HCI_ROLE_MASTER
) {
2144 struct smp_cmd_pairing cp
;
2146 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
2147 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2148 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2150 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2151 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2153 struct smp_cmd_security_req cp
;
2154 cp
.auth_req
= authreq
;
2155 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
2156 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
2159 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
2163 l2cap_chan_unlock(chan
);
2167 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2169 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
2170 struct l2cap_chan
*chan
= conn
->smp
;
2171 struct smp_chan
*smp
= chan
->data
;
2173 BT_DBG("conn %p", conn
);
2175 if (skb
->len
< sizeof(*rp
))
2176 return SMP_INVALID_PARAMS
;
2178 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
2180 skb_pull(skb
, sizeof(*rp
));
2182 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
2187 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2189 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
2190 struct l2cap_chan
*chan
= conn
->smp
;
2191 struct smp_chan
*smp
= chan
->data
;
2192 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
2193 struct hci_conn
*hcon
= conn
->hcon
;
2194 struct smp_ltk
*ltk
;
2197 BT_DBG("conn %p", conn
);
2199 if (skb
->len
< sizeof(*rp
))
2200 return SMP_INVALID_PARAMS
;
2202 /* Mark the information as received */
2203 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
2205 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
2206 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
2207 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2208 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2210 skb_pull(skb
, sizeof(*rp
));
2212 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
2213 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
2214 authenticated
, smp
->tk
, smp
->enc_key_size
,
2215 rp
->ediv
, rp
->rand
);
2217 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2218 smp_distribute_keys(smp
);
2223 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2225 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
2226 struct l2cap_chan
*chan
= conn
->smp
;
2227 struct smp_chan
*smp
= chan
->data
;
2231 if (skb
->len
< sizeof(*info
))
2232 return SMP_INVALID_PARAMS
;
2234 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
2236 skb_pull(skb
, sizeof(*info
));
2238 memcpy(smp
->irk
, info
->irk
, 16);
2243 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
2244 struct sk_buff
*skb
)
2246 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
2247 struct l2cap_chan
*chan
= conn
->smp
;
2248 struct smp_chan
*smp
= chan
->data
;
2249 struct hci_conn
*hcon
= conn
->hcon
;
2254 if (skb
->len
< sizeof(*info
))
2255 return SMP_INVALID_PARAMS
;
2257 /* Mark the information as received */
2258 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
2260 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2261 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2263 skb_pull(skb
, sizeof(*info
));
2265 /* Strictly speaking the Core Specification (4.1) allows sending
2266 * an empty address which would force us to rely on just the IRK
2267 * as "identity information". However, since such
2268 * implementations are not known of and in order to not over
2269 * complicate our implementation, simply pretend that we never
2270 * received an IRK for such a device.
2272 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
2273 BT_ERR("Ignoring IRK with no identity address");
2277 bacpy(&smp
->id_addr
, &info
->bdaddr
);
2278 smp
->id_addr_type
= info
->addr_type
;
2280 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
2281 bacpy(&rpa
, &hcon
->dst
);
2283 bacpy(&rpa
, BDADDR_ANY
);
2285 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
2286 smp
->id_addr_type
, smp
->irk
, &rpa
);
2289 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2290 smp_distribute_keys(smp
);
2295 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2297 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
2298 struct l2cap_chan
*chan
= conn
->smp
;
2299 struct smp_chan
*smp
= chan
->data
;
2300 struct smp_csrk
*csrk
;
2302 BT_DBG("conn %p", conn
);
2304 if (skb
->len
< sizeof(*rp
))
2305 return SMP_INVALID_PARAMS
;
2307 /* Mark the information as received */
2308 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
2310 skb_pull(skb
, sizeof(*rp
));
2312 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
2314 csrk
->master
= 0x01;
2315 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
2318 smp_distribute_keys(smp
);
2323 static u8
sc_select_method(struct smp_chan
*smp
)
2325 struct l2cap_conn
*conn
= smp
->conn
;
2326 struct hci_conn
*hcon
= conn
->hcon
;
2327 struct smp_cmd_pairing
*local
, *remote
;
2328 u8 local_mitm
, remote_mitm
, local_io
, remote_io
, method
;
2330 if (test_bit(SMP_FLAG_OOB
, &smp
->flags
))
2333 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2334 * which are needed as inputs to some crypto functions. To get
2335 * the "struct smp_cmd_pairing" from them we need to skip the
2336 * first byte which contains the opcode.
2339 local
= (void *) &smp
->preq
[1];
2340 remote
= (void *) &smp
->prsp
[1];
2342 local
= (void *) &smp
->prsp
[1];
2343 remote
= (void *) &smp
->preq
[1];
2346 local_io
= local
->io_capability
;
2347 remote_io
= remote
->io_capability
;
2349 local_mitm
= (local
->auth_req
& SMP_AUTH_MITM
);
2350 remote_mitm
= (remote
->auth_req
& SMP_AUTH_MITM
);
2352 /* If either side wants MITM, look up the method from the table,
2353 * otherwise use JUST WORKS.
2355 if (local_mitm
|| remote_mitm
)
2356 method
= get_auth_method(smp
, local_io
, remote_io
);
2358 method
= JUST_WORKS
;
2360 /* Don't confirm locally initiated pairing attempts */
2361 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
2362 method
= JUST_WORKS
;
2367 static int smp_cmd_public_key(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2369 struct smp_cmd_public_key
*key
= (void *) skb
->data
;
2370 struct hci_conn
*hcon
= conn
->hcon
;
2371 struct l2cap_chan
*chan
= conn
->smp
;
2372 struct smp_chan
*smp
= chan
->data
;
2373 struct hci_dev
*hdev
= hcon
->hdev
;
2374 struct smp_cmd_pairing_confirm cfm
;
2377 BT_DBG("conn %p", conn
);
2379 if (skb
->len
< sizeof(*key
))
2380 return SMP_INVALID_PARAMS
;
2382 memcpy(smp
->remote_pk
, key
, 64);
2384 /* Non-initiating device sends its public key after receiving
2385 * the key from the initiating device.
2388 err
= sc_send_public_key(smp
);
2393 BT_DBG("Remote Public Key X: %32phN", smp
->remote_pk
);
2394 BT_DBG("Remote Public Key Y: %32phN", &smp
->remote_pk
[32]);
2396 if (!ecdh_shared_secret(smp
->remote_pk
, smp
->local_sk
, smp
->dhkey
))
2397 return SMP_UNSPECIFIED
;
2399 BT_DBG("DHKey %32phN", smp
->dhkey
);
2401 set_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
);
2403 smp
->method
= sc_select_method(smp
);
2405 BT_DBG("%s selected method 0x%02x", hdev
->name
, smp
->method
);
2407 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2408 if (smp
->method
== JUST_WORKS
|| smp
->method
== JUST_CFM
)
2409 hcon
->pending_sec_level
= BT_SECURITY_MEDIUM
;
2411 hcon
->pending_sec_level
= BT_SECURITY_FIPS
;
2413 if (!memcmp(debug_pk
, smp
->remote_pk
, 64))
2414 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
2416 if (smp
->method
== DSP_PASSKEY
) {
2417 get_random_bytes(&hcon
->passkey_notify
,
2418 sizeof(hcon
->passkey_notify
));
2419 hcon
->passkey_notify
%= 1000000;
2420 hcon
->passkey_entered
= 0;
2421 smp
->passkey_round
= 0;
2422 if (mgmt_user_passkey_notify(hdev
, &hcon
->dst
, hcon
->type
,
2424 hcon
->passkey_notify
,
2425 hcon
->passkey_entered
))
2426 return SMP_UNSPECIFIED
;
2427 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2428 return sc_passkey_round(smp
, SMP_CMD_PUBLIC_KEY
);
2431 if (smp
->method
== REQ_OOB
) {
2432 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->remote_pk
,
2433 smp
->rr
, 0, cfm
.confirm_val
);
2435 return SMP_UNSPECIFIED
;
2437 if (memcmp(cfm
.confirm_val
, smp
->pcnf
, 16))
2438 return SMP_CONFIRM_FAILED
;
2441 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
2442 sizeof(smp
->prnd
), smp
->prnd
);
2444 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2450 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2452 if (smp
->method
== REQ_PASSKEY
) {
2453 if (mgmt_user_passkey_request(hdev
, &hcon
->dst
, hcon
->type
,
2455 return SMP_UNSPECIFIED
;
2456 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2457 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
2461 /* The Initiating device waits for the non-initiating device to
2462 * send the confirm value.
2464 if (conn
->hcon
->out
)
2467 err
= smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
,
2468 0, cfm
.confirm_val
);
2470 return SMP_UNSPECIFIED
;
2472 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
2473 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2478 static int smp_cmd_dhkey_check(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2480 struct smp_cmd_dhkey_check
*check
= (void *) skb
->data
;
2481 struct l2cap_chan
*chan
= conn
->smp
;
2482 struct hci_conn
*hcon
= conn
->hcon
;
2483 struct smp_chan
*smp
= chan
->data
;
2484 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
2485 u8 io_cap
[3], r
[16], e
[16];
2488 BT_DBG("conn %p", conn
);
2490 if (skb
->len
< sizeof(*check
))
2491 return SMP_INVALID_PARAMS
;
2493 memcpy(a
, &hcon
->init_addr
, 6);
2494 memcpy(b
, &hcon
->resp_addr
, 6);
2495 a
[6] = hcon
->init_addr_type
;
2496 b
[6] = hcon
->resp_addr_type
;
2501 memcpy(io_cap
, &smp
->prsp
[1], 3);
2505 memcpy(io_cap
, &smp
->preq
[1], 3);
2508 memset(r
, 0, sizeof(r
));
2510 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
2511 put_unaligned_le32(hcon
->passkey_notify
, r
);
2513 err
= smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->rrnd
, smp
->prnd
, r
,
2514 io_cap
, remote_addr
, local_addr
, e
);
2516 return SMP_UNSPECIFIED
;
2518 if (memcmp(check
->e
, e
, 16))
2519 return SMP_DHKEY_CHECK_FAILED
;
2522 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
2523 set_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
);
2527 /* Slave sends DHKey check as response to master */
2528 sc_dhkey_check(smp
);
2534 hci_le_start_enc(hcon
, 0, 0, smp
->tk
);
2535 hcon
->enc_key_size
= smp
->enc_key_size
;
2541 static int smp_cmd_keypress_notify(struct l2cap_conn
*conn
,
2542 struct sk_buff
*skb
)
2544 struct smp_cmd_keypress_notify
*kp
= (void *) skb
->data
;
2546 BT_DBG("value 0x%02x", kp
->value
);
2551 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2553 struct l2cap_conn
*conn
= chan
->conn
;
2554 struct hci_conn
*hcon
= conn
->hcon
;
2555 struct smp_chan
*smp
;
2562 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
2563 reason
= SMP_PAIRING_NOTSUPP
;
2567 code
= skb
->data
[0];
2568 skb_pull(skb
, sizeof(code
));
2572 if (code
> SMP_CMD_MAX
)
2575 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
2578 /* If we don't have a context the only allowed commands are
2579 * pairing request and security request.
2581 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
2585 case SMP_CMD_PAIRING_REQ
:
2586 reason
= smp_cmd_pairing_req(conn
, skb
);
2589 case SMP_CMD_PAIRING_FAIL
:
2590 smp_failure(conn
, 0);
2594 case SMP_CMD_PAIRING_RSP
:
2595 reason
= smp_cmd_pairing_rsp(conn
, skb
);
2598 case SMP_CMD_SECURITY_REQ
:
2599 reason
= smp_cmd_security_req(conn
, skb
);
2602 case SMP_CMD_PAIRING_CONFIRM
:
2603 reason
= smp_cmd_pairing_confirm(conn
, skb
);
2606 case SMP_CMD_PAIRING_RANDOM
:
2607 reason
= smp_cmd_pairing_random(conn
, skb
);
2610 case SMP_CMD_ENCRYPT_INFO
:
2611 reason
= smp_cmd_encrypt_info(conn
, skb
);
2614 case SMP_CMD_MASTER_IDENT
:
2615 reason
= smp_cmd_master_ident(conn
, skb
);
2618 case SMP_CMD_IDENT_INFO
:
2619 reason
= smp_cmd_ident_info(conn
, skb
);
2622 case SMP_CMD_IDENT_ADDR_INFO
:
2623 reason
= smp_cmd_ident_addr_info(conn
, skb
);
2626 case SMP_CMD_SIGN_INFO
:
2627 reason
= smp_cmd_sign_info(conn
, skb
);
2630 case SMP_CMD_PUBLIC_KEY
:
2631 reason
= smp_cmd_public_key(conn
, skb
);
2634 case SMP_CMD_DHKEY_CHECK
:
2635 reason
= smp_cmd_dhkey_check(conn
, skb
);
2638 case SMP_CMD_KEYPRESS_NOTIFY
:
2639 reason
= smp_cmd_keypress_notify(conn
, skb
);
2643 BT_DBG("Unknown command code 0x%2.2x", code
);
2644 reason
= SMP_CMD_NOTSUPP
;
2651 smp_failure(conn
, reason
);
2658 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
2664 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
2666 struct l2cap_conn
*conn
= chan
->conn
;
2668 BT_DBG("chan %p", chan
);
2671 smp_chan_destroy(conn
);
2674 l2cap_chan_put(chan
);
2677 static void bredr_pairing(struct l2cap_chan
*chan
)
2679 struct l2cap_conn
*conn
= chan
->conn
;
2680 struct hci_conn
*hcon
= conn
->hcon
;
2681 struct hci_dev
*hdev
= hcon
->hdev
;
2682 struct smp_cmd_pairing req
;
2683 struct smp_chan
*smp
;
2685 BT_DBG("chan %p", chan
);
2687 /* Only new pairings are interesting */
2688 if (!test_bit(HCI_CONN_NEW_LINK_KEY
, &hcon
->flags
))
2691 /* Don't bother if we're not encrypted */
2692 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2695 /* Only master may initiate SMP over BR/EDR */
2696 if (hcon
->role
!= HCI_ROLE_MASTER
)
2699 /* Secure Connections support must be enabled */
2700 if (!test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
2703 /* BR/EDR must use Secure Connections for SMP */
2704 if (!test_bit(HCI_CONN_AES_CCM
, &hcon
->flags
) &&
2705 !test_bit(HCI_FORCE_LESC
, &hdev
->dbg_flags
))
2708 /* If our LE support is not enabled don't do anything */
2709 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
2712 /* Don't bother if remote LE support is not enabled */
2713 if (!lmp_host_le_capable(hcon
))
2716 /* Remote must support SMP fixed chan for BR/EDR */
2717 if (!(conn
->remote_fixed_chan
& L2CAP_FC_SMP_BREDR
))
2720 /* Don't bother if SMP is already ongoing */
2724 smp
= smp_chan_create(conn
);
2726 BT_ERR("%s unable to create SMP context for BR/EDR",
2731 set_bit(SMP_FLAG_SC
, &smp
->flags
);
2733 BT_DBG("%s starting SMP over BR/EDR", hdev
->name
);
2735 /* Prepare and send the BR/EDR SMP Pairing Request */
2736 build_bredr_pairing_cmd(smp
, &req
, NULL
);
2738 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2739 memcpy(&smp
->preq
[1], &req
, sizeof(req
));
2741 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(req
), &req
);
2742 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2745 static void smp_resume_cb(struct l2cap_chan
*chan
)
2747 struct smp_chan
*smp
= chan
->data
;
2748 struct l2cap_conn
*conn
= chan
->conn
;
2749 struct hci_conn
*hcon
= conn
->hcon
;
2751 BT_DBG("chan %p", chan
);
2753 if (hcon
->type
== ACL_LINK
) {
2754 bredr_pairing(chan
);
2761 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2764 cancel_delayed_work(&smp
->security_timer
);
2766 smp_distribute_keys(smp
);
2769 static void smp_ready_cb(struct l2cap_chan
*chan
)
2771 struct l2cap_conn
*conn
= chan
->conn
;
2772 struct hci_conn
*hcon
= conn
->hcon
;
2774 BT_DBG("chan %p", chan
);
2777 l2cap_chan_hold(chan
);
2779 if (hcon
->type
== ACL_LINK
&& test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2780 bredr_pairing(chan
);
2783 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2787 BT_DBG("chan %p", chan
);
2789 err
= smp_sig_channel(chan
, skb
);
2791 struct smp_chan
*smp
= chan
->data
;
2794 cancel_delayed_work_sync(&smp
->security_timer
);
2796 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
2802 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
2803 unsigned long hdr_len
,
2804 unsigned long len
, int nb
)
2806 struct sk_buff
*skb
;
2808 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
2810 return ERR_PTR(-ENOMEM
);
2812 skb
->priority
= HCI_PRIO_MAX
;
2813 bt_cb(skb
)->chan
= chan
;
2818 static const struct l2cap_ops smp_chan_ops
= {
2819 .name
= "Security Manager",
2820 .ready
= smp_ready_cb
,
2821 .recv
= smp_recv_cb
,
2822 .alloc_skb
= smp_alloc_skb_cb
,
2823 .teardown
= smp_teardown_cb
,
2824 .resume
= smp_resume_cb
,
2826 .new_connection
= l2cap_chan_no_new_connection
,
2827 .state_change
= l2cap_chan_no_state_change
,
2828 .close
= l2cap_chan_no_close
,
2829 .defer
= l2cap_chan_no_defer
,
2830 .suspend
= l2cap_chan_no_suspend
,
2831 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2832 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2833 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2836 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
2838 struct l2cap_chan
*chan
;
2840 BT_DBG("pchan %p", pchan
);
2842 chan
= l2cap_chan_create();
2846 chan
->chan_type
= pchan
->chan_type
;
2847 chan
->ops
= &smp_chan_ops
;
2848 chan
->scid
= pchan
->scid
;
2849 chan
->dcid
= chan
->scid
;
2850 chan
->imtu
= pchan
->imtu
;
2851 chan
->omtu
= pchan
->omtu
;
2852 chan
->mode
= pchan
->mode
;
2854 /* Other L2CAP channels may request SMP routines in order to
2855 * change the security level. This means that the SMP channel
2856 * lock must be considered in its own category to avoid lockdep
2859 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
2861 BT_DBG("created chan %p", chan
);
2866 static const struct l2cap_ops smp_root_chan_ops
= {
2867 .name
= "Security Manager Root",
2868 .new_connection
= smp_new_conn_cb
,
2870 /* None of these are implemented for the root channel */
2871 .close
= l2cap_chan_no_close
,
2872 .alloc_skb
= l2cap_chan_no_alloc_skb
,
2873 .recv
= l2cap_chan_no_recv
,
2874 .state_change
= l2cap_chan_no_state_change
,
2875 .teardown
= l2cap_chan_no_teardown
,
2876 .ready
= l2cap_chan_no_ready
,
2877 .defer
= l2cap_chan_no_defer
,
2878 .suspend
= l2cap_chan_no_suspend
,
2879 .resume
= l2cap_chan_no_resume
,
2880 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2881 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2882 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2885 static struct l2cap_chan
*smp_add_cid(struct hci_dev
*hdev
, u16 cid
)
2887 struct l2cap_chan
*chan
;
2888 struct crypto_blkcipher
*tfm_aes
;
2890 if (cid
== L2CAP_CID_SMP_BREDR
) {
2895 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2896 if (IS_ERR(tfm_aes
)) {
2897 BT_ERR("Unable to create crypto context");
2898 return ERR_PTR(PTR_ERR(tfm_aes
));
2902 chan
= l2cap_chan_create();
2904 crypto_free_blkcipher(tfm_aes
);
2905 return ERR_PTR(-ENOMEM
);
2908 chan
->data
= tfm_aes
;
2910 l2cap_add_scid(chan
, cid
);
2912 l2cap_chan_set_defaults(chan
);
2914 bacpy(&chan
->src
, &hdev
->bdaddr
);
2915 if (cid
== L2CAP_CID_SMP
)
2916 chan
->src_type
= BDADDR_LE_PUBLIC
;
2918 chan
->src_type
= BDADDR_BREDR
;
2919 chan
->state
= BT_LISTEN
;
2920 chan
->mode
= L2CAP_MODE_BASIC
;
2921 chan
->imtu
= L2CAP_DEFAULT_MTU
;
2922 chan
->ops
= &smp_root_chan_ops
;
2924 /* Set correct nesting level for a parent/listening channel */
2925 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
2930 static void smp_del_chan(struct l2cap_chan
*chan
)
2932 struct crypto_blkcipher
*tfm_aes
;
2934 BT_DBG("chan %p", chan
);
2936 tfm_aes
= chan
->data
;
2939 crypto_free_blkcipher(tfm_aes
);
2942 l2cap_chan_put(chan
);
2945 int smp_register(struct hci_dev
*hdev
)
2947 struct l2cap_chan
*chan
;
2949 BT_DBG("%s", hdev
->name
);
2951 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP
);
2953 return PTR_ERR(chan
);
2955 hdev
->smp_data
= chan
;
2957 if (!lmp_sc_capable(hdev
) &&
2958 !test_bit(HCI_FORCE_LESC
, &hdev
->dbg_flags
))
2961 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP_BREDR
);
2963 int err
= PTR_ERR(chan
);
2964 chan
= hdev
->smp_data
;
2965 hdev
->smp_data
= NULL
;
2970 hdev
->smp_bredr_data
= chan
;
2975 void smp_unregister(struct hci_dev
*hdev
)
2977 struct l2cap_chan
*chan
;
2979 if (hdev
->smp_bredr_data
) {
2980 chan
= hdev
->smp_bredr_data
;
2981 hdev
->smp_bredr_data
= NULL
;
2985 if (hdev
->smp_data
) {
2986 chan
= hdev
->smp_data
;
2987 hdev
->smp_data
= NULL
;