2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 #define SMP_DISALLOW_CMD(smp, code) clear_bit(code, &smp->allow_cmd)
37 #define SMP_TIMEOUT msecs_to_jiffies(30000)
39 #define AUTH_REQ_MASK 0x07
40 #define KEY_DIST_MASK 0x07
51 struct l2cap_conn
*conn
;
52 struct delayed_work security_timer
;
53 unsigned long allow_cmd
; /* Bitmask of allowed commands */
55 u8 preq
[7]; /* SMP Pairing Request */
56 u8 prsp
[7]; /* SMP Pairing Response */
57 u8 prnd
[16]; /* SMP Pairing Random (local) */
58 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
59 u8 pcnf
[16]; /* SMP Pairing Confirm */
60 u8 tk
[16]; /* SMP Temporary Key */
66 struct smp_csrk
*csrk
;
67 struct smp_csrk
*slave_csrk
;
69 struct smp_ltk
*slave_ltk
;
70 struct smp_irk
*remote_irk
;
73 struct crypto_blkcipher
*tfm_aes
;
76 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
80 for (i
= 0; i
< len
; i
++)
81 dst
[len
- 1 - i
] = src
[i
];
84 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
86 struct blkcipher_desc desc
;
87 struct scatterlist sg
;
88 uint8_t tmp
[16], data
[16];
92 BT_ERR("tfm %p", tfm
);
99 /* The most significant octet of key corresponds to k[0] */
100 swap_buf(k
, tmp
, 16);
102 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
104 BT_ERR("cipher setkey failed: %d", err
);
108 /* Most significant octet of plaintextData corresponds to data[0] */
109 swap_buf(r
, data
, 16);
111 sg_init_one(&sg
, data
, 16);
113 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
115 BT_ERR("Encrypt data error %d", err
);
117 /* Most significant octet of encryptedData corresponds to data[0] */
118 swap_buf(data
, r
, 16);
123 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
128 /* r' = padding || r */
130 memset(_res
+ 3, 0, 13);
132 err
= smp_e(tfm
, irk
, _res
);
134 BT_ERR("Encrypt error");
138 /* The output of the random address function ah is:
139 * ah(h, r) = e(k, r') mod 2^24
140 * The output of the security function e is then truncated to 24 bits
141 * by taking the least significant 24 bits of the output of e as the
144 memcpy(res
, _res
, 3);
149 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
151 struct l2cap_chan
*chan
= hdev
->smp_data
;
152 struct crypto_blkcipher
*tfm
;
156 if (!chan
|| !chan
->data
)
161 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
163 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
167 return !memcmp(bdaddr
->b
, hash
, 3);
170 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
172 struct l2cap_chan
*chan
= hdev
->smp_data
;
173 struct crypto_blkcipher
*tfm
;
176 if (!chan
|| !chan
->data
)
181 get_random_bytes(&rpa
->b
[3], 3);
183 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
184 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
186 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
190 BT_DBG("RPA %pMR", rpa
);
195 static int smp_c1(struct smp_chan
*smp
, u8 k
[16], u8 r
[16], u8 preq
[7],
196 u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
, bdaddr_t
*ra
,
199 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
203 BT_DBG("%s", hdev
->name
);
207 /* p1 = pres || preq || _rat || _iat */
210 memcpy(p1
+ 2, preq
, 7);
211 memcpy(p1
+ 9, pres
, 7);
213 /* p2 = padding || ia || ra */
215 memcpy(p2
+ 6, ia
, 6);
216 memset(p2
+ 12, 0, 4);
219 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
221 /* res = e(k, res) */
222 err
= smp_e(smp
->tfm_aes
, k
, res
);
224 BT_ERR("Encrypt data error");
228 /* res = res XOR p2 */
229 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
231 /* res = e(k, res) */
232 err
= smp_e(smp
->tfm_aes
, k
, res
);
234 BT_ERR("Encrypt data error");
239 static int smp_s1(struct smp_chan
*smp
, u8 k
[16], u8 r1
[16], u8 r2
[16],
242 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
245 BT_DBG("%s", hdev
->name
);
247 /* Just least significant octets from r1 and r2 are considered */
249 memcpy(_r
+ 8, r1
, 8);
251 err
= smp_e(smp
->tfm_aes
, k
, _r
);
253 BT_ERR("Encrypt data error");
258 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
260 struct l2cap_chan
*chan
= conn
->smp
;
261 struct smp_chan
*smp
;
268 BT_DBG("code 0x%2.2x", code
);
270 iv
[0].iov_base
= &code
;
273 iv
[1].iov_base
= data
;
276 memset(&msg
, 0, sizeof(msg
));
278 msg
.msg_iov
= (struct iovec
*) &iv
;
281 l2cap_chan_send(chan
, &msg
, 1 + len
);
288 cancel_delayed_work_sync(&smp
->security_timer
);
289 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
292 static __u8
authreq_to_seclevel(__u8 authreq
)
294 if (authreq
& SMP_AUTH_MITM
)
295 return BT_SECURITY_HIGH
;
297 return BT_SECURITY_MEDIUM
;
300 static __u8
seclevel_to_authreq(__u8 sec_level
)
303 case BT_SECURITY_HIGH
:
304 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
305 case BT_SECURITY_MEDIUM
:
306 return SMP_AUTH_BONDING
;
308 return SMP_AUTH_NONE
;
312 static void build_pairing_cmd(struct l2cap_conn
*conn
,
313 struct smp_cmd_pairing
*req
,
314 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
316 struct l2cap_chan
*chan
= conn
->smp
;
317 struct smp_chan
*smp
= chan
->data
;
318 struct hci_conn
*hcon
= conn
->hcon
;
319 struct hci_dev
*hdev
= hcon
->hdev
;
320 u8 local_dist
= 0, remote_dist
= 0;
322 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
323 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
324 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
325 authreq
|= SMP_AUTH_BONDING
;
327 authreq
&= ~SMP_AUTH_BONDING
;
330 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
331 remote_dist
|= SMP_DIST_ID_KEY
;
333 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
334 local_dist
|= SMP_DIST_ID_KEY
;
337 req
->io_capability
= conn
->hcon
->io_capability
;
338 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
339 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
340 req
->init_key_dist
= local_dist
;
341 req
->resp_key_dist
= remote_dist
;
342 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
344 smp
->remote_key_dist
= remote_dist
;
348 rsp
->io_capability
= conn
->hcon
->io_capability
;
349 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
350 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
351 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
352 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
353 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
355 smp
->remote_key_dist
= rsp
->init_key_dist
;
358 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
360 struct l2cap_chan
*chan
= conn
->smp
;
361 struct smp_chan
*smp
= chan
->data
;
363 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
364 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
365 return SMP_ENC_KEY_SIZE
;
367 smp
->enc_key_size
= max_key_size
;
372 static void smp_chan_destroy(struct l2cap_conn
*conn
)
374 struct l2cap_chan
*chan
= conn
->smp
;
375 struct smp_chan
*smp
= chan
->data
;
380 cancel_delayed_work_sync(&smp
->security_timer
);
382 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
383 mgmt_smp_complete(conn
->hcon
, complete
);
386 kfree(smp
->slave_csrk
);
388 crypto_free_blkcipher(smp
->tfm_aes
);
390 /* If pairing failed clean up any keys we might have */
393 list_del(&smp
->ltk
->list
);
397 if (smp
->slave_ltk
) {
398 list_del(&smp
->slave_ltk
->list
);
399 kfree(smp
->slave_ltk
);
402 if (smp
->remote_irk
) {
403 list_del(&smp
->remote_irk
->list
);
404 kfree(smp
->remote_irk
);
410 hci_conn_drop(conn
->hcon
);
413 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
415 struct hci_conn
*hcon
= conn
->hcon
;
416 struct l2cap_chan
*chan
= conn
->smp
;
419 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
422 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
423 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
424 HCI_ERROR_AUTH_FAILURE
);
427 smp_chan_destroy(conn
);
430 #define JUST_WORKS 0x00
431 #define JUST_CFM 0x01
432 #define REQ_PASSKEY 0x02
433 #define CFM_PASSKEY 0x03
437 static const u8 gen_method
[5][5] = {
438 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
439 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
440 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
441 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
442 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
445 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
447 /* If either side has unknown io_caps, use JUST_CFM (which gets
448 * converted later to JUST_WORKS if we're initiators.
450 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
451 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
454 return gen_method
[remote_io
][local_io
];
457 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
458 u8 local_io
, u8 remote_io
)
460 struct hci_conn
*hcon
= conn
->hcon
;
461 struct l2cap_chan
*chan
= conn
->smp
;
462 struct smp_chan
*smp
= chan
->data
;
467 /* Initialize key for JUST WORKS */
468 memset(smp
->tk
, 0, sizeof(smp
->tk
));
469 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
471 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
473 /* If neither side wants MITM, either "just" confirm an incoming
474 * request or use just-works for outgoing ones. The JUST_CFM
475 * will be converted to JUST_WORKS if necessary later in this
476 * function. If either side has MITM look up the method from the
479 if (!(auth
& SMP_AUTH_MITM
))
482 method
= get_auth_method(smp
, local_io
, remote_io
);
484 /* Don't confirm locally initiated pairing attempts */
485 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
488 /* Don't bother user space with no IO capabilities */
489 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
492 /* If Just Works, Continue with Zero TK */
493 if (method
== JUST_WORKS
) {
494 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
498 /* Not Just Works/Confirm results in MITM Authentication */
499 if (method
!= JUST_CFM
)
500 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
502 /* If both devices have Keyoard-Display I/O, the master
503 * Confirms and the slave Enters the passkey.
505 if (method
== OVERLAP
) {
506 if (hcon
->role
== HCI_ROLE_MASTER
)
507 method
= CFM_PASSKEY
;
509 method
= REQ_PASSKEY
;
512 /* Generate random passkey. */
513 if (method
== CFM_PASSKEY
) {
514 memset(smp
->tk
, 0, sizeof(smp
->tk
));
515 get_random_bytes(&passkey
, sizeof(passkey
));
517 put_unaligned_le32(passkey
, smp
->tk
);
518 BT_DBG("PassKey: %d", passkey
);
519 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
522 hci_dev_lock(hcon
->hdev
);
524 if (method
== REQ_PASSKEY
)
525 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
526 hcon
->type
, hcon
->dst_type
);
527 else if (method
== JUST_CFM
)
528 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
529 hcon
->type
, hcon
->dst_type
,
532 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
533 hcon
->type
, hcon
->dst_type
,
536 hci_dev_unlock(hcon
->hdev
);
541 static u8
smp_confirm(struct smp_chan
*smp
)
543 struct l2cap_conn
*conn
= smp
->conn
;
544 struct smp_cmd_pairing_confirm cp
;
547 BT_DBG("conn %p", conn
);
549 ret
= smp_c1(smp
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
550 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
551 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
554 return SMP_UNSPECIFIED
;
556 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
558 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
561 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
563 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
568 static u8
smp_random(struct smp_chan
*smp
)
570 struct l2cap_conn
*conn
= smp
->conn
;
571 struct hci_conn
*hcon
= conn
->hcon
;
575 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
576 return SMP_UNSPECIFIED
;
578 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
580 ret
= smp_c1(smp
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
581 hcon
->init_addr_type
, &hcon
->init_addr
,
582 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
584 return SMP_UNSPECIFIED
;
586 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
587 BT_ERR("Pairing failed (confirmation values mismatch)");
588 return SMP_CONFIRM_FAILED
;
596 smp_s1(smp
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
598 memset(stk
+ smp
->enc_key_size
, 0,
599 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
601 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
602 return SMP_UNSPECIFIED
;
604 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
605 hcon
->enc_key_size
= smp
->enc_key_size
;
606 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
612 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
615 smp_s1(smp
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
617 memset(stk
+ smp
->enc_key_size
, 0,
618 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
620 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
625 /* Even though there's no _SLAVE suffix this is the
626 * slave STK we're adding for later lookup (the master
627 * STK never needs to be stored).
629 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
630 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
636 static void smp_notify_keys(struct l2cap_conn
*conn
)
638 struct l2cap_chan
*chan
= conn
->smp
;
639 struct smp_chan
*smp
= chan
->data
;
640 struct hci_conn
*hcon
= conn
->hcon
;
641 struct hci_dev
*hdev
= hcon
->hdev
;
642 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
643 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
646 if (smp
->remote_irk
) {
647 mgmt_new_irk(hdev
, smp
->remote_irk
);
648 /* Now that user space can be considered to know the
649 * identity address track the connection based on it
652 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
653 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
654 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
656 /* When receiving an indentity resolving key for
657 * a remote device that does not use a resolvable
658 * private address, just remove the key so that
659 * it is possible to use the controller white
662 * Userspace will have been told to not store
663 * this key at this point. So it is safe to
666 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
667 list_del(&smp
->remote_irk
->list
);
668 kfree(smp
->remote_irk
);
669 smp
->remote_irk
= NULL
;
673 /* The LTKs and CSRKs should be persistent only if both sides
674 * had the bonding bit set in their authentication requests.
676 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
679 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
680 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
681 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
684 if (smp
->slave_csrk
) {
685 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
686 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
687 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
691 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
692 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
693 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
696 if (smp
->slave_ltk
) {
697 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
698 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
699 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
703 static void smp_allow_key_dist(struct smp_chan
*smp
)
705 /* Allow the first expected phase 3 PDU. The rest of the PDUs
706 * will be allowed in each PDU handler to ensure we receive
707 * them in the correct order.
709 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
710 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
711 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
712 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
713 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
714 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
717 static void smp_distribute_keys(struct smp_chan
*smp
)
719 struct smp_cmd_pairing
*req
, *rsp
;
720 struct l2cap_conn
*conn
= smp
->conn
;
721 struct hci_conn
*hcon
= conn
->hcon
;
722 struct hci_dev
*hdev
= hcon
->hdev
;
725 BT_DBG("conn %p", conn
);
727 rsp
= (void *) &smp
->prsp
[1];
729 /* The responder sends its keys first */
730 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
731 smp_allow_key_dist(smp
);
735 req
= (void *) &smp
->preq
[1];
738 keydist
= &rsp
->init_key_dist
;
739 *keydist
&= req
->init_key_dist
;
741 keydist
= &rsp
->resp_key_dist
;
742 *keydist
&= req
->resp_key_dist
;
745 BT_DBG("keydist 0x%x", *keydist
);
747 if (*keydist
& SMP_DIST_ENC_KEY
) {
748 struct smp_cmd_encrypt_info enc
;
749 struct smp_cmd_master_ident ident
;
755 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
756 get_random_bytes(&ediv
, sizeof(ediv
));
757 get_random_bytes(&rand
, sizeof(rand
));
759 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
761 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
762 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
763 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
764 smp
->enc_key_size
, ediv
, rand
);
765 smp
->slave_ltk
= ltk
;
770 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
772 *keydist
&= ~SMP_DIST_ENC_KEY
;
775 if (*keydist
& SMP_DIST_ID_KEY
) {
776 struct smp_cmd_ident_addr_info addrinfo
;
777 struct smp_cmd_ident_info idinfo
;
779 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
781 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
783 /* The hci_conn contains the local identity address
784 * after the connection has been established.
786 * This is true even when the connection has been
787 * established using a resolvable random address.
789 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
790 addrinfo
.addr_type
= hcon
->src_type
;
792 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
795 *keydist
&= ~SMP_DIST_ID_KEY
;
798 if (*keydist
& SMP_DIST_SIGN
) {
799 struct smp_cmd_sign_info sign
;
800 struct smp_csrk
*csrk
;
802 /* Generate a new random key */
803 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
805 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
808 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
810 smp
->slave_csrk
= csrk
;
812 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
814 *keydist
&= ~SMP_DIST_SIGN
;
817 /* If there are still keys to be received wait for them */
818 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
819 smp_allow_key_dist(smp
);
823 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
824 smp_notify_keys(conn
);
826 smp_chan_destroy(conn
);
829 static void smp_timeout(struct work_struct
*work
)
831 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
832 security_timer
.work
);
833 struct l2cap_conn
*conn
= smp
->conn
;
835 BT_DBG("conn %p", conn
);
837 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
840 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
842 struct l2cap_chan
*chan
= conn
->smp
;
843 struct smp_chan
*smp
;
845 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
849 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
850 if (IS_ERR(smp
->tfm_aes
)) {
851 BT_ERR("Unable to create ECB crypto context");
859 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
861 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
863 hci_conn_hold(conn
->hcon
);
868 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
870 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
871 struct l2cap_chan
*chan
;
872 struct smp_chan
*smp
;
885 l2cap_chan_lock(chan
);
894 case MGMT_OP_USER_PASSKEY_REPLY
:
895 value
= le32_to_cpu(passkey
);
896 memset(smp
->tk
, 0, sizeof(smp
->tk
));
897 BT_DBG("PassKey: %d", value
);
898 put_unaligned_le32(value
, smp
->tk
);
900 case MGMT_OP_USER_CONFIRM_REPLY
:
901 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
903 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
904 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
905 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
909 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
916 /* If it is our turn to send Pairing Confirm, do so now */
917 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
918 u8 rsp
= smp_confirm(smp
);
920 smp_failure(conn
, rsp
);
924 l2cap_chan_unlock(chan
);
928 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
930 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
931 struct l2cap_chan
*chan
= conn
->smp
;
932 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
933 struct smp_chan
*smp
;
934 u8 key_size
, auth
, sec_level
;
937 BT_DBG("conn %p", conn
);
939 if (skb
->len
< sizeof(*req
))
940 return SMP_INVALID_PARAMS
;
942 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
943 return SMP_CMD_NOTSUPP
;
946 smp
= smp_chan_create(conn
);
951 return SMP_UNSPECIFIED
;
953 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
954 (req
->auth_req
& SMP_AUTH_BONDING
))
955 return SMP_PAIRING_NOTSUPP
;
957 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
959 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
960 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
961 skb_pull(skb
, sizeof(*req
));
963 /* We didn't start the pairing, so match remote */
964 auth
= req
->auth_req
;
966 sec_level
= authreq_to_seclevel(auth
);
967 if (sec_level
> conn
->hcon
->pending_sec_level
)
968 conn
->hcon
->pending_sec_level
= sec_level
;
970 /* If we need MITM check that it can be acheived */
971 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
974 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
976 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
977 return SMP_AUTH_REQUIREMENTS
;
980 build_pairing_cmd(conn
, req
, &rsp
, auth
);
982 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
983 if (check_enc_key_size(conn
, key_size
))
984 return SMP_ENC_KEY_SIZE
;
986 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
988 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
989 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
991 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
992 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
994 /* Request setup of TK */
995 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
997 return SMP_UNSPECIFIED
;
1002 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1004 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1005 struct l2cap_chan
*chan
= conn
->smp
;
1006 struct smp_chan
*smp
= chan
->data
;
1007 u8 key_size
, auth
= SMP_AUTH_NONE
;
1010 BT_DBG("conn %p", conn
);
1012 if (skb
->len
< sizeof(*rsp
))
1013 return SMP_INVALID_PARAMS
;
1015 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1016 return SMP_CMD_NOTSUPP
;
1018 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1020 skb_pull(skb
, sizeof(*rsp
));
1022 req
= (void *) &smp
->preq
[1];
1024 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1025 if (check_enc_key_size(conn
, key_size
))
1026 return SMP_ENC_KEY_SIZE
;
1028 /* If we need MITM check that it can be acheived */
1029 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1032 method
= get_auth_method(smp
, req
->io_capability
,
1033 rsp
->io_capability
);
1034 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1035 return SMP_AUTH_REQUIREMENTS
;
1038 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1040 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1041 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1043 /* Update remote key distribution in case the remote cleared
1044 * some bits that we had enabled in our request.
1046 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1048 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
1049 (rsp
->auth_req
& SMP_AUTH_BONDING
))
1050 auth
= SMP_AUTH_BONDING
;
1052 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
1054 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1056 return SMP_UNSPECIFIED
;
1058 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1060 /* Can't compose response until we have been confirmed */
1061 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1062 return smp_confirm(smp
);
1067 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1069 struct l2cap_chan
*chan
= conn
->smp
;
1070 struct smp_chan
*smp
= chan
->data
;
1072 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1074 if (skb
->len
< sizeof(smp
->pcnf
))
1075 return SMP_INVALID_PARAMS
;
1077 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1079 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1080 skb_pull(skb
, sizeof(smp
->pcnf
));
1082 if (conn
->hcon
->out
) {
1083 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1085 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1089 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1090 return smp_confirm(smp
);
1092 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1097 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1099 struct l2cap_chan
*chan
= conn
->smp
;
1100 struct smp_chan
*smp
= chan
->data
;
1102 BT_DBG("conn %p", conn
);
1104 if (skb
->len
< sizeof(smp
->rrnd
))
1105 return SMP_INVALID_PARAMS
;
1107 SMP_DISALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1109 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1110 skb_pull(skb
, sizeof(smp
->rrnd
));
1112 return smp_random(smp
);
1115 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1117 struct smp_ltk
*key
;
1118 struct hci_conn
*hcon
= conn
->hcon
;
1120 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1125 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
1128 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1131 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1132 hcon
->enc_key_size
= key
->enc_size
;
1134 /* We never store STKs for master role, so clear this flag */
1135 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1140 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
1142 if (sec_level
== BT_SECURITY_LOW
)
1145 /* If we're encrypted with an STK always claim insufficient
1146 * security. This way we allow the connection to be re-encrypted
1147 * with an LTK, even if the LTK provides the same level of
1148 * security. Only exception is if we don't have an LTK (e.g.
1149 * because of key distribution bits).
1151 if (test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1152 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1156 if (hcon
->sec_level
>= sec_level
)
1162 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1164 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1165 struct smp_cmd_pairing cp
;
1166 struct hci_conn
*hcon
= conn
->hcon
;
1167 struct smp_chan
*smp
;
1170 BT_DBG("conn %p", conn
);
1172 if (skb
->len
< sizeof(*rp
))
1173 return SMP_INVALID_PARAMS
;
1175 if (hcon
->role
!= HCI_ROLE_MASTER
)
1176 return SMP_CMD_NOTSUPP
;
1178 sec_level
= authreq_to_seclevel(rp
->auth_req
);
1179 if (smp_sufficient_security(hcon
, sec_level
))
1182 if (sec_level
> hcon
->pending_sec_level
)
1183 hcon
->pending_sec_level
= sec_level
;
1185 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1188 smp
= smp_chan_create(conn
);
1190 return SMP_UNSPECIFIED
;
1192 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1193 (rp
->auth_req
& SMP_AUTH_BONDING
))
1194 return SMP_PAIRING_NOTSUPP
;
1196 skb_pull(skb
, sizeof(*rp
));
1198 memset(&cp
, 0, sizeof(cp
));
1199 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
1201 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1202 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1204 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1205 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1210 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1212 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1213 struct l2cap_chan
*chan
= conn
->smp
;
1214 struct smp_chan
*smp
;
1218 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1220 /* This may be NULL if there's an unexpected disconnection */
1224 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1227 if (smp_sufficient_security(hcon
, sec_level
))
1230 if (sec_level
> hcon
->pending_sec_level
)
1231 hcon
->pending_sec_level
= sec_level
;
1233 if (hcon
->role
== HCI_ROLE_MASTER
)
1234 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1237 l2cap_chan_lock(chan
);
1239 /* If SMP is already in progress ignore this request */
1245 smp
= smp_chan_create(conn
);
1251 authreq
= seclevel_to_authreq(sec_level
);
1253 /* Require MITM if IO Capability allows or the security level
1256 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1257 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1258 authreq
|= SMP_AUTH_MITM
;
1260 if (hcon
->role
== HCI_ROLE_MASTER
) {
1261 struct smp_cmd_pairing cp
;
1263 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1264 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1265 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1267 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1268 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1270 struct smp_cmd_security_req cp
;
1271 cp
.auth_req
= authreq
;
1272 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1273 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1276 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1280 l2cap_chan_unlock(chan
);
1284 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1286 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1287 struct l2cap_chan
*chan
= conn
->smp
;
1288 struct smp_chan
*smp
= chan
->data
;
1290 BT_DBG("conn %p", conn
);
1292 if (skb
->len
< sizeof(*rp
))
1293 return SMP_INVALID_PARAMS
;
1295 SMP_DISALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
1296 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1298 skb_pull(skb
, sizeof(*rp
));
1300 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1305 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1307 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1308 struct l2cap_chan
*chan
= conn
->smp
;
1309 struct smp_chan
*smp
= chan
->data
;
1310 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1311 struct hci_conn
*hcon
= conn
->hcon
;
1312 struct smp_ltk
*ltk
;
1315 BT_DBG("conn %p", conn
);
1317 if (skb
->len
< sizeof(*rp
))
1318 return SMP_INVALID_PARAMS
;
1320 /* Mark the information as received */
1321 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1323 SMP_DISALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1324 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1325 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1327 skb_pull(skb
, sizeof(*rp
));
1330 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1331 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1332 authenticated
, smp
->tk
, smp
->enc_key_size
,
1333 rp
->ediv
, rp
->rand
);
1335 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1336 smp_distribute_keys(smp
);
1337 hci_dev_unlock(hdev
);
1342 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1344 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1345 struct l2cap_chan
*chan
= conn
->smp
;
1346 struct smp_chan
*smp
= chan
->data
;
1350 if (skb
->len
< sizeof(*info
))
1351 return SMP_INVALID_PARAMS
;
1353 SMP_DISALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1354 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1356 skb_pull(skb
, sizeof(*info
));
1358 memcpy(smp
->irk
, info
->irk
, 16);
1363 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1364 struct sk_buff
*skb
)
1366 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1367 struct l2cap_chan
*chan
= conn
->smp
;
1368 struct smp_chan
*smp
= chan
->data
;
1369 struct hci_conn
*hcon
= conn
->hcon
;
1374 if (skb
->len
< sizeof(*info
))
1375 return SMP_INVALID_PARAMS
;
1377 /* Mark the information as received */
1378 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1380 SMP_DISALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1381 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1382 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1384 skb_pull(skb
, sizeof(*info
));
1386 hci_dev_lock(hcon
->hdev
);
1388 /* Strictly speaking the Core Specification (4.1) allows sending
1389 * an empty address which would force us to rely on just the IRK
1390 * as "identity information". However, since such
1391 * implementations are not known of and in order to not over
1392 * complicate our implementation, simply pretend that we never
1393 * received an IRK for such a device.
1395 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1396 BT_ERR("Ignoring IRK with no identity address");
1400 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1401 smp
->id_addr_type
= info
->addr_type
;
1403 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1404 bacpy(&rpa
, &hcon
->dst
);
1406 bacpy(&rpa
, BDADDR_ANY
);
1408 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1409 smp
->id_addr_type
, smp
->irk
, &rpa
);
1412 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1413 smp_distribute_keys(smp
);
1415 hci_dev_unlock(hcon
->hdev
);
1420 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1422 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1423 struct l2cap_chan
*chan
= conn
->smp
;
1424 struct smp_chan
*smp
= chan
->data
;
1425 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1426 struct smp_csrk
*csrk
;
1428 BT_DBG("conn %p", conn
);
1430 if (skb
->len
< sizeof(*rp
))
1431 return SMP_INVALID_PARAMS
;
1433 /* Mark the information as received */
1434 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1436 SMP_DISALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1438 skb_pull(skb
, sizeof(*rp
));
1441 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1443 csrk
->master
= 0x01;
1444 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1447 smp_distribute_keys(smp
);
1448 hci_dev_unlock(hdev
);
1453 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1455 struct l2cap_conn
*conn
= chan
->conn
;
1456 struct hci_conn
*hcon
= conn
->hcon
;
1457 struct smp_chan
*smp
;
1461 if (hcon
->type
!= LE_LINK
) {
1469 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1470 reason
= SMP_PAIRING_NOTSUPP
;
1474 code
= skb
->data
[0];
1475 skb_pull(skb
, sizeof(code
));
1479 if (code
> SMP_CMD_MAX
)
1482 if (smp
&& !test_bit(code
, &smp
->allow_cmd
))
1485 /* If we don't have a context the only allowed commands are
1486 * pairing request and security request.
1488 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1492 case SMP_CMD_PAIRING_REQ
:
1493 reason
= smp_cmd_pairing_req(conn
, skb
);
1496 case SMP_CMD_PAIRING_FAIL
:
1497 smp_failure(conn
, 0);
1501 case SMP_CMD_PAIRING_RSP
:
1502 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1505 case SMP_CMD_SECURITY_REQ
:
1506 reason
= smp_cmd_security_req(conn
, skb
);
1509 case SMP_CMD_PAIRING_CONFIRM
:
1510 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1513 case SMP_CMD_PAIRING_RANDOM
:
1514 reason
= smp_cmd_pairing_random(conn
, skb
);
1517 case SMP_CMD_ENCRYPT_INFO
:
1518 reason
= smp_cmd_encrypt_info(conn
, skb
);
1521 case SMP_CMD_MASTER_IDENT
:
1522 reason
= smp_cmd_master_ident(conn
, skb
);
1525 case SMP_CMD_IDENT_INFO
:
1526 reason
= smp_cmd_ident_info(conn
, skb
);
1529 case SMP_CMD_IDENT_ADDR_INFO
:
1530 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1533 case SMP_CMD_SIGN_INFO
:
1534 reason
= smp_cmd_sign_info(conn
, skb
);
1538 BT_DBG("Unknown command code 0x%2.2x", code
);
1539 reason
= SMP_CMD_NOTSUPP
;
1546 smp_failure(conn
, reason
);
1553 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1559 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1561 struct l2cap_conn
*conn
= chan
->conn
;
1563 BT_DBG("chan %p", chan
);
1566 smp_chan_destroy(conn
);
1569 l2cap_chan_put(chan
);
1572 static void smp_resume_cb(struct l2cap_chan
*chan
)
1574 struct smp_chan
*smp
= chan
->data
;
1575 struct l2cap_conn
*conn
= chan
->conn
;
1576 struct hci_conn
*hcon
= conn
->hcon
;
1578 BT_DBG("chan %p", chan
);
1583 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1586 cancel_delayed_work(&smp
->security_timer
);
1588 smp_distribute_keys(smp
);
1591 static void smp_ready_cb(struct l2cap_chan
*chan
)
1593 struct l2cap_conn
*conn
= chan
->conn
;
1595 BT_DBG("chan %p", chan
);
1598 l2cap_chan_hold(chan
);
1601 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1605 BT_DBG("chan %p", chan
);
1607 err
= smp_sig_channel(chan
, skb
);
1609 struct smp_chan
*smp
= chan
->data
;
1612 cancel_delayed_work_sync(&smp
->security_timer
);
1614 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1620 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1621 unsigned long hdr_len
,
1622 unsigned long len
, int nb
)
1624 struct sk_buff
*skb
;
1626 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1628 return ERR_PTR(-ENOMEM
);
1630 skb
->priority
= HCI_PRIO_MAX
;
1631 bt_cb(skb
)->chan
= chan
;
1636 static const struct l2cap_ops smp_chan_ops
= {
1637 .name
= "Security Manager",
1638 .ready
= smp_ready_cb
,
1639 .recv
= smp_recv_cb
,
1640 .alloc_skb
= smp_alloc_skb_cb
,
1641 .teardown
= smp_teardown_cb
,
1642 .resume
= smp_resume_cb
,
1644 .new_connection
= l2cap_chan_no_new_connection
,
1645 .state_change
= l2cap_chan_no_state_change
,
1646 .close
= l2cap_chan_no_close
,
1647 .defer
= l2cap_chan_no_defer
,
1648 .suspend
= l2cap_chan_no_suspend
,
1649 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1650 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1651 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1654 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1656 struct l2cap_chan
*chan
;
1658 BT_DBG("pchan %p", pchan
);
1660 chan
= l2cap_chan_create();
1664 chan
->chan_type
= pchan
->chan_type
;
1665 chan
->ops
= &smp_chan_ops
;
1666 chan
->scid
= pchan
->scid
;
1667 chan
->dcid
= chan
->scid
;
1668 chan
->imtu
= pchan
->imtu
;
1669 chan
->omtu
= pchan
->omtu
;
1670 chan
->mode
= pchan
->mode
;
1672 BT_DBG("created chan %p", chan
);
1677 static const struct l2cap_ops smp_root_chan_ops
= {
1678 .name
= "Security Manager Root",
1679 .new_connection
= smp_new_conn_cb
,
1681 /* None of these are implemented for the root channel */
1682 .close
= l2cap_chan_no_close
,
1683 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1684 .recv
= l2cap_chan_no_recv
,
1685 .state_change
= l2cap_chan_no_state_change
,
1686 .teardown
= l2cap_chan_no_teardown
,
1687 .ready
= l2cap_chan_no_ready
,
1688 .defer
= l2cap_chan_no_defer
,
1689 .suspend
= l2cap_chan_no_suspend
,
1690 .resume
= l2cap_chan_no_resume
,
1691 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1692 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1693 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1696 int smp_register(struct hci_dev
*hdev
)
1698 struct l2cap_chan
*chan
;
1699 struct crypto_blkcipher
*tfm_aes
;
1701 BT_DBG("%s", hdev
->name
);
1703 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1704 if (IS_ERR(tfm_aes
)) {
1705 int err
= PTR_ERR(tfm_aes
);
1706 BT_ERR("Unable to create crypto context");
1710 chan
= l2cap_chan_create();
1712 crypto_free_blkcipher(tfm_aes
);
1716 chan
->data
= tfm_aes
;
1718 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1720 l2cap_chan_set_defaults(chan
);
1722 bacpy(&chan
->src
, &hdev
->bdaddr
);
1723 chan
->src_type
= BDADDR_LE_PUBLIC
;
1724 chan
->state
= BT_LISTEN
;
1725 chan
->mode
= L2CAP_MODE_BASIC
;
1726 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1727 chan
->ops
= &smp_root_chan_ops
;
1729 hdev
->smp_data
= chan
;
1734 void smp_unregister(struct hci_dev
*hdev
)
1736 struct l2cap_chan
*chan
= hdev
->smp_data
;
1737 struct crypto_blkcipher
*tfm_aes
;
1742 BT_DBG("%s chan %p", hdev
->name
, chan
);
1744 tfm_aes
= chan
->data
;
1747 crypto_free_blkcipher(tfm_aes
);
1750 hdev
->smp_data
= NULL
;
1751 l2cap_chan_put(chan
);