projects / deliverable / linux.git / blob
? search:


1201670afe381ac7e637137963dfd78e708623bb
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 #define SMP_DISALLOW_CMD(smp, code) clear_bit(code, &smp->allow_cmd)
36
37 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38
39 #define AUTH_REQ_MASK 0x07
40 #define KEY_DIST_MASK 0x07
41
42 enum {
43 SMP_FLAG_TK_VALID,
44 SMP_FLAG_CFM_PENDING,
45 SMP_FLAG_MITM_AUTH,
46 SMP_FLAG_COMPLETE,
47 SMP_FLAG_INITIATOR,
48 };
49
50 struct smp_chan {
51 struct l2cap_conn *conn;
52 struct delayed_work security_timer;
53 unsigned long allow_cmd; /* Bitmask of allowed commands */
54
55 u8 preq[7]; /* SMP Pairing Request */
56 u8 prsp[7]; /* SMP Pairing Response */
57 u8 prnd[16]; /* SMP Pairing Random (local) */
58 u8 rrnd[16]; /* SMP Pairing Random (remote) */
59 u8 pcnf[16]; /* SMP Pairing Confirm */
60 u8 tk[16]; /* SMP Temporary Key */
61 u8 enc_key_size;
62 u8 remote_key_dist;
63 bdaddr_t id_addr;
64 u8 id_addr_type;
65 u8 irk[16];
66 struct smp_csrk *csrk;
67 struct smp_csrk *slave_csrk;
68 struct smp_ltk *ltk;
69 struct smp_ltk *slave_ltk;
70 struct smp_irk *remote_irk;
71 unsigned long flags;
72
73 struct crypto_blkcipher *tfm_aes;
74 };
75
76 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
77 {
78 size_t i;
79
80 for (i = 0; i < len; i++)
81 dst[len - 1 - i] = src[i];
82 }
83
84 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
85 {
86 struct blkcipher_desc desc;
87 struct scatterlist sg;
88 uint8_t tmp[16], data[16];
89 int err;
90
91 if (tfm == NULL) {
92 BT_ERR("tfm %p", tfm);
93 return -EINVAL;
94 }
95
96 desc.tfm = tfm;
97 desc.flags = 0;
98
99 /* The most significant octet of key corresponds to k[0] */
100 swap_buf(k, tmp, 16);
101
102 err = crypto_blkcipher_setkey(tfm, tmp, 16);
103 if (err) {
104 BT_ERR("cipher setkey failed: %d", err);
105 return err;
106 }
107
108 /* Most significant octet of plaintextData corresponds to data[0] */
109 swap_buf(r, data, 16);
110
111 sg_init_one(&sg, data, 16);
112
113 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
114 if (err)
115 BT_ERR("Encrypt data error %d", err);
116
117 /* Most significant octet of encryptedData corresponds to data[0] */
118 swap_buf(data, r, 16);
119
120 return err;
121 }
122
123 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
124 {
125 u8 _res[16];
126 int err;
127
128 /* r' = padding || r */
129 memcpy(_res, r, 3);
130 memset(_res + 3, 0, 13);
131
132 err = smp_e(tfm, irk, _res);
133 if (err) {
134 BT_ERR("Encrypt error");
135 return err;
136 }
137
138 /* The output of the random address function ah is:
139 * ah(h, r) = e(k, r') mod 2^24
140 * The output of the security function e is then truncated to 24 bits
141 * by taking the least significant 24 bits of the output of e as the
142 * result of ah.
143 */
144 memcpy(res, _res, 3);
145
146 return 0;
147 }
148
149 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
150 {
151 struct l2cap_chan *chan = hdev->smp_data;
152 struct crypto_blkcipher *tfm;
153 u8 hash[3];
154 int err;
155
156 if (!chan || !chan->data)
157 return false;
158
159 tfm = chan->data;
160
161 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
162
163 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
164 if (err)
165 return false;
166
167 return !memcmp(bdaddr->b, hash, 3);
168 }
169
170 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
171 {
172 struct l2cap_chan *chan = hdev->smp_data;
173 struct crypto_blkcipher *tfm;
174 int err;
175
176 if (!chan || !chan->data)
177 return -EOPNOTSUPP;
178
179 tfm = chan->data;
180
181 get_random_bytes(&rpa->b[3], 3);
182
183 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
184 rpa->b[5] |= 0x40; /* Set second most significant bit */
185
186 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
187 if (err < 0)
188 return err;
189
190 BT_DBG("RPA %pMR", rpa);
191
192 return 0;
193 }
194
195 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
196 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
197 u8 res[16])
198 {
199 struct hci_dev *hdev = smp->conn->hcon->hdev;
200 u8 p1[16], p2[16];
201 int err;
202
203 BT_DBG("%s", hdev->name);
204
205 memset(p1, 0, 16);
206
207 /* p1 = pres || preq || _rat || _iat */
208 p1[0] = _iat;
209 p1[1] = _rat;
210 memcpy(p1 + 2, preq, 7);
211 memcpy(p1 + 9, pres, 7);
212
213 /* p2 = padding || ia || ra */
214 memcpy(p2, ra, 6);
215 memcpy(p2 + 6, ia, 6);
216 memset(p2 + 12, 0, 4);
217
218 /* res = r XOR p1 */
219 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
220
221 /* res = e(k, res) */
222 err = smp_e(smp->tfm_aes, k, res);
223 if (err) {
224 BT_ERR("Encrypt data error");
225 return err;
226 }
227
228 /* res = res XOR p2 */
229 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
230
231 /* res = e(k, res) */
232 err = smp_e(smp->tfm_aes, k, res);
233 if (err)
234 BT_ERR("Encrypt data error");
235
236 return err;
237 }
238
239 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
240 u8 _r[16])
241 {
242 struct hci_dev *hdev = smp->conn->hcon->hdev;
243 int err;
244
245 BT_DBG("%s", hdev->name);
246
247 /* Just least significant octets from r1 and r2 are considered */
248 memcpy(_r, r2, 8);
249 memcpy(_r + 8, r1, 8);
250
251 err = smp_e(smp->tfm_aes, k, _r);
252 if (err)
253 BT_ERR("Encrypt data error");
254
255 return err;
256 }
257
258 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
259 {
260 struct l2cap_chan *chan = conn->smp;
261 struct smp_chan *smp;
262 struct kvec iv[2];
263 struct msghdr msg;
264
265 if (!chan)
266 return;
267
268 BT_DBG("code 0x%2.2x", code);
269
270 iv[0].iov_base = &code;
271 iv[0].iov_len = 1;
272
273 iv[1].iov_base = data;
274 iv[1].iov_len = len;
275
276 memset(&msg, 0, sizeof(msg));
277
278 msg.msg_iov = (struct iovec *) &iv;
279 msg.msg_iovlen = 2;
280
281 l2cap_chan_send(chan, &msg, 1 + len);
282
283 if (!chan->data)
284 return;
285
286 smp = chan->data;
287
288 cancel_delayed_work_sync(&smp->security_timer);
289 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
290 }
291
292 static __u8 authreq_to_seclevel(__u8 authreq)
293 {
294 if (authreq & SMP_AUTH_MITM)
295 return BT_SECURITY_HIGH;
296 else
297 return BT_SECURITY_MEDIUM;
298 }
299
300 static __u8 seclevel_to_authreq(__u8 sec_level)
301 {
302 switch (sec_level) {
303 case BT_SECURITY_HIGH:
304 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
305 case BT_SECURITY_MEDIUM:
306 return SMP_AUTH_BONDING;
307 default:
308 return SMP_AUTH_NONE;
309 }
310 }
311
312 static void build_pairing_cmd(struct l2cap_conn *conn,
313 struct smp_cmd_pairing *req,
314 struct smp_cmd_pairing *rsp, __u8 authreq)
315 {
316 struct l2cap_chan *chan = conn->smp;
317 struct smp_chan *smp = chan->data;
318 struct hci_conn *hcon = conn->hcon;
319 struct hci_dev *hdev = hcon->hdev;
320 u8 local_dist = 0, remote_dist = 0;
321
322 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
323 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
325 authreq |= SMP_AUTH_BONDING;
326 } else {
327 authreq &= ~SMP_AUTH_BONDING;
328 }
329
330 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
331 remote_dist |= SMP_DIST_ID_KEY;
332
333 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
334 local_dist |= SMP_DIST_ID_KEY;
335
336 if (rsp == NULL) {
337 req->io_capability = conn->hcon->io_capability;
338 req->oob_flag = SMP_OOB_NOT_PRESENT;
339 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
340 req->init_key_dist = local_dist;
341 req->resp_key_dist = remote_dist;
342 req->auth_req = (authreq & AUTH_REQ_MASK);
343
344 smp->remote_key_dist = remote_dist;
345 return;
346 }
347
348 rsp->io_capability = conn->hcon->io_capability;
349 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
350 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
351 rsp->init_key_dist = req->init_key_dist & remote_dist;
352 rsp->resp_key_dist = req->resp_key_dist & local_dist;
353 rsp->auth_req = (authreq & AUTH_REQ_MASK);
354
355 smp->remote_key_dist = rsp->init_key_dist;
356 }
357
358 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
359 {
360 struct l2cap_chan *chan = conn->smp;
361 struct smp_chan *smp = chan->data;
362
363 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
364 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
365 return SMP_ENC_KEY_SIZE;
366
367 smp->enc_key_size = max_key_size;
368
369 return 0;
370 }
371
372 static void smp_chan_destroy(struct l2cap_conn *conn)
373 {
374 struct l2cap_chan *chan = conn->smp;
375 struct smp_chan *smp = chan->data;
376 bool complete;
377
378 BUG_ON(!smp);
379
380 cancel_delayed_work_sync(&smp->security_timer);
381
382 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
383 mgmt_smp_complete(conn->hcon, complete);
384
385 kfree(smp->csrk);
386 kfree(smp->slave_csrk);
387
388 crypto_free_blkcipher(smp->tfm_aes);
389
390 /* If pairing failed clean up any keys we might have */
391 if (!complete) {
392 if (smp->ltk) {
393 list_del(&smp->ltk->list);
394 kfree(smp->ltk);
395 }
396
397 if (smp->slave_ltk) {
398 list_del(&smp->slave_ltk->list);
399 kfree(smp->slave_ltk);
400 }
401
402 if (smp->remote_irk) {
403 list_del(&smp->remote_irk->list);
404 kfree(smp->remote_irk);
405 }
406 }
407
408 chan->data = NULL;
409 kfree(smp);
410 hci_conn_drop(conn->hcon);
411 }
412
413 static void smp_failure(struct l2cap_conn *conn, u8 reason)
414 {
415 struct hci_conn *hcon = conn->hcon;
416 struct l2cap_chan *chan = conn->smp;
417
418 if (reason)
419 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
420 &reason);
421
422 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
423 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
424 HCI_ERROR_AUTH_FAILURE);
425
426 if (chan->data)
427 smp_chan_destroy(conn);
428 }
429
430 #define JUST_WORKS 0x00
431 #define JUST_CFM 0x01
432 #define REQ_PASSKEY 0x02
433 #define CFM_PASSKEY 0x03
434 #define REQ_OOB 0x04
435 #define OVERLAP 0xFF
436
437 static const u8 gen_method[5][5] = {
438 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
439 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
440 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
441 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
442 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
443 };
444
445 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
446 {
447 /* If either side has unknown io_caps, use JUST_CFM (which gets
448 * converted later to JUST_WORKS if we're initiators.
449 */
450 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
451 remote_io > SMP_IO_KEYBOARD_DISPLAY)
452 return JUST_CFM;
453
454 return gen_method[remote_io][local_io];
455 }
456
457 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
458 u8 local_io, u8 remote_io)
459 {
460 struct hci_conn *hcon = conn->hcon;
461 struct l2cap_chan *chan = conn->smp;
462 struct smp_chan *smp = chan->data;
463 u8 method;
464 u32 passkey = 0;
465 int ret = 0;
466
467 /* Initialize key for JUST WORKS */
468 memset(smp->tk, 0, sizeof(smp->tk));
469 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
470
471 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
472
473 /* If neither side wants MITM, either "just" confirm an incoming
474 * request or use just-works for outgoing ones. The JUST_CFM
475 * will be converted to JUST_WORKS if necessary later in this
476 * function. If either side has MITM look up the method from the
477 * table.
478 */
479 if (!(auth & SMP_AUTH_MITM))
480 method = JUST_CFM;
481 else
482 method = get_auth_method(smp, local_io, remote_io);
483
484 /* Don't confirm locally initiated pairing attempts */
485 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
486 method = JUST_WORKS;
487
488 /* Don't bother user space with no IO capabilities */
489 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
490 method = JUST_WORKS;
491
492 /* If Just Works, Continue with Zero TK */
493 if (method == JUST_WORKS) {
494 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
495 return 0;
496 }
497
498 /* Not Just Works/Confirm results in MITM Authentication */
499 if (method != JUST_CFM)
500 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
501
502 /* If both devices have Keyoard-Display I/O, the master
503 * Confirms and the slave Enters the passkey.
504 */
505 if (method == OVERLAP) {
506 if (hcon->role == HCI_ROLE_MASTER)
507 method = CFM_PASSKEY;
508 else
509 method = REQ_PASSKEY;
510 }
511
512 /* Generate random passkey. */
513 if (method == CFM_PASSKEY) {
514 memset(smp->tk, 0, sizeof(smp->tk));
515 get_random_bytes(&passkey, sizeof(passkey));
516 passkey %= 1000000;
517 put_unaligned_le32(passkey, smp->tk);
518 BT_DBG("PassKey: %d", passkey);
519 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
520 }
521
522 hci_dev_lock(hcon->hdev);
523
524 if (method == REQ_PASSKEY)
525 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
526 hcon->type, hcon->dst_type);
527 else if (method == JUST_CFM)
528 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
529 hcon->type, hcon->dst_type,
530 passkey, 1);
531 else
532 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
533 hcon->type, hcon->dst_type,
534 passkey, 0);
535
536 hci_dev_unlock(hcon->hdev);
537
538 return ret;
539 }
540
541 static u8 smp_confirm(struct smp_chan *smp)
542 {
543 struct l2cap_conn *conn = smp->conn;
544 struct smp_cmd_pairing_confirm cp;
545 int ret;
546
547 BT_DBG("conn %p", conn);
548
549 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
550 conn->hcon->init_addr_type, &conn->hcon->init_addr,
551 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
552 cp.confirm_val);
553 if (ret)
554 return SMP_UNSPECIFIED;
555
556 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
557
558 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
559
560 if (conn->hcon->out)
561 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
562 else
563 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
564
565 return 0;
566 }
567
568 static u8 smp_random(struct smp_chan *smp)
569 {
570 struct l2cap_conn *conn = smp->conn;
571 struct hci_conn *hcon = conn->hcon;
572 u8 confirm[16];
573 int ret;
574
575 if (IS_ERR_OR_NULL(smp->tfm_aes))
576 return SMP_UNSPECIFIED;
577
578 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
579
580 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
581 hcon->init_addr_type, &hcon->init_addr,
582 hcon->resp_addr_type, &hcon->resp_addr, confirm);
583 if (ret)
584 return SMP_UNSPECIFIED;
585
586 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
587 BT_ERR("Pairing failed (confirmation values mismatch)");
588 return SMP_CONFIRM_FAILED;
589 }
590
591 if (hcon->out) {
592 u8 stk[16];
593 __le64 rand = 0;
594 __le16 ediv = 0;
595
596 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
597
598 memset(stk + smp->enc_key_size, 0,
599 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
600
601 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
602 return SMP_UNSPECIFIED;
603
604 hci_le_start_enc(hcon, ediv, rand, stk);
605 hcon->enc_key_size = smp->enc_key_size;
606 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
607 } else {
608 u8 stk[16], auth;
609 __le64 rand = 0;
610 __le16 ediv = 0;
611
612 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
613 smp->prnd);
614
615 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
616
617 memset(stk + smp->enc_key_size, 0,
618 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
619
620 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
621 auth = 1;
622 else
623 auth = 0;
624
625 /* Even though there's no _SLAVE suffix this is the
626 * slave STK we're adding for later lookup (the master
627 * STK never needs to be stored).
628 */
629 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
630 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
631 }
632
633 return 0;
634 }
635
636 static void smp_notify_keys(struct l2cap_conn *conn)
637 {
638 struct l2cap_chan *chan = conn->smp;
639 struct smp_chan *smp = chan->data;
640 struct hci_conn *hcon = conn->hcon;
641 struct hci_dev *hdev = hcon->hdev;
642 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
643 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
644 bool persistent;
645
646 if (smp->remote_irk) {
647 mgmt_new_irk(hdev, smp->remote_irk);
648 /* Now that user space can be considered to know the
649 * identity address track the connection based on it
650 * from now on.
651 */
652 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
653 hcon->dst_type = smp->remote_irk->addr_type;
654 queue_work(hdev->workqueue, &conn->id_addr_update_work);
655
656 /* When receiving an indentity resolving key for
657 * a remote device that does not use a resolvable
658 * private address, just remove the key so that
659 * it is possible to use the controller white
660 * list for scanning.
661 *
662 * Userspace will have been told to not store
663 * this key at this point. So it is safe to
664 * just remove it.
665 */
666 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
667 list_del(&smp->remote_irk->list);
668 kfree(smp->remote_irk);
669 smp->remote_irk = NULL;
670 }
671 }
672
673 /* The LTKs and CSRKs should be persistent only if both sides
674 * had the bonding bit set in their authentication requests.
675 */
676 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
677
678 if (smp->csrk) {
679 smp->csrk->bdaddr_type = hcon->dst_type;
680 bacpy(&smp->csrk->bdaddr, &hcon->dst);
681 mgmt_new_csrk(hdev, smp->csrk, persistent);
682 }
683
684 if (smp->slave_csrk) {
685 smp->slave_csrk->bdaddr_type = hcon->dst_type;
686 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
687 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
688 }
689
690 if (smp->ltk) {
691 smp->ltk->bdaddr_type = hcon->dst_type;
692 bacpy(&smp->ltk->bdaddr, &hcon->dst);
693 mgmt_new_ltk(hdev, smp->ltk, persistent);
694 }
695
696 if (smp->slave_ltk) {
697 smp->slave_ltk->bdaddr_type = hcon->dst_type;
698 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
699 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
700 }
701 }
702
703 static void smp_allow_key_dist(struct smp_chan *smp)
704 {
705 /* Allow the first expected phase 3 PDU. The rest of the PDUs
706 * will be allowed in each PDU handler to ensure we receive
707 * them in the correct order.
708 */
709 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
710 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
711 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
712 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
713 else if (smp->remote_key_dist & SMP_DIST_SIGN)
714 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
715 }
716
717 static void smp_distribute_keys(struct smp_chan *smp)
718 {
719 struct smp_cmd_pairing *req, *rsp;
720 struct l2cap_conn *conn = smp->conn;
721 struct hci_conn *hcon = conn->hcon;
722 struct hci_dev *hdev = hcon->hdev;
723 __u8 *keydist;
724
725 BT_DBG("conn %p", conn);
726
727 rsp = (void *) &smp->prsp[1];
728
729 /* The responder sends its keys first */
730 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
731 smp_allow_key_dist(smp);
732 return;
733 }
734
735 req = (void *) &smp->preq[1];
736
737 if (hcon->out) {
738 keydist = &rsp->init_key_dist;
739 *keydist &= req->init_key_dist;
740 } else {
741 keydist = &rsp->resp_key_dist;
742 *keydist &= req->resp_key_dist;
743 }
744
745 BT_DBG("keydist 0x%x", *keydist);
746
747 if (*keydist & SMP_DIST_ENC_KEY) {
748 struct smp_cmd_encrypt_info enc;
749 struct smp_cmd_master_ident ident;
750 struct smp_ltk *ltk;
751 u8 authenticated;
752 __le16 ediv;
753 __le64 rand;
754
755 get_random_bytes(enc.ltk, sizeof(enc.ltk));
756 get_random_bytes(&ediv, sizeof(ediv));
757 get_random_bytes(&rand, sizeof(rand));
758
759 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
760
761 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
762 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
763 SMP_LTK_SLAVE, authenticated, enc.ltk,
764 smp->enc_key_size, ediv, rand);
765 smp->slave_ltk = ltk;
766
767 ident.ediv = ediv;
768 ident.rand = rand;
769
770 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
771
772 *keydist &= ~SMP_DIST_ENC_KEY;
773 }
774
775 if (*keydist & SMP_DIST_ID_KEY) {
776 struct smp_cmd_ident_addr_info addrinfo;
777 struct smp_cmd_ident_info idinfo;
778
779 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
780
781 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
782
783 /* The hci_conn contains the local identity address
784 * after the connection has been established.
785 *
786 * This is true even when the connection has been
787 * established using a resolvable random address.
788 */
789 bacpy(&addrinfo.bdaddr, &hcon->src);
790 addrinfo.addr_type = hcon->src_type;
791
792 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
793 &addrinfo);
794
795 *keydist &= ~SMP_DIST_ID_KEY;
796 }
797
798 if (*keydist & SMP_DIST_SIGN) {
799 struct smp_cmd_sign_info sign;
800 struct smp_csrk *csrk;
801
802 /* Generate a new random key */
803 get_random_bytes(sign.csrk, sizeof(sign.csrk));
804
805 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
806 if (csrk) {
807 csrk->master = 0x00;
808 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
809 }
810 smp->slave_csrk = csrk;
811
812 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
813
814 *keydist &= ~SMP_DIST_SIGN;
815 }
816
817 /* If there are still keys to be received wait for them */
818 if (smp->remote_key_dist & KEY_DIST_MASK) {
819 smp_allow_key_dist(smp);
820 return;
821 }
822
823 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
824 smp_notify_keys(conn);
825
826 smp_chan_destroy(conn);
827 }
828
829 static void smp_timeout(struct work_struct *work)
830 {
831 struct smp_chan *smp = container_of(work, struct smp_chan,
832 security_timer.work);
833 struct l2cap_conn *conn = smp->conn;
834
835 BT_DBG("conn %p", conn);
836
837 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
838 }
839
840 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
841 {
842 struct l2cap_chan *chan = conn->smp;
843 struct smp_chan *smp;
844
845 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
846 if (!smp)
847 return NULL;
848
849 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
850 if (IS_ERR(smp->tfm_aes)) {
851 BT_ERR("Unable to create ECB crypto context");
852 kfree(smp);
853 return NULL;
854 }
855
856 smp->conn = conn;
857 chan->data = smp;
858
859 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
860
861 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
862
863 hci_conn_hold(conn->hcon);
864
865 return smp;
866 }
867
868 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
869 {
870 struct l2cap_conn *conn = hcon->l2cap_data;
871 struct l2cap_chan *chan;
872 struct smp_chan *smp;
873 u32 value;
874 int err;
875
876 BT_DBG("");
877
878 if (!conn)
879 return -ENOTCONN;
880
881 chan = conn->smp;
882 if (!chan)
883 return -ENOTCONN;
884
885 l2cap_chan_lock(chan);
886 if (!chan->data) {
887 err = -ENOTCONN;
888 goto unlock;
889 }
890
891 smp = chan->data;
892
893 switch (mgmt_op) {
894 case MGMT_OP_USER_PASSKEY_REPLY:
895 value = le32_to_cpu(passkey);
896 memset(smp->tk, 0, sizeof(smp->tk));
897 BT_DBG("PassKey: %d", value);
898 put_unaligned_le32(value, smp->tk);
899 /* Fall Through */
900 case MGMT_OP_USER_CONFIRM_REPLY:
901 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
902 break;
903 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
904 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
905 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
906 err = 0;
907 goto unlock;
908 default:
909 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
910 err = -EOPNOTSUPP;
911 goto unlock;
912 }
913
914 err = 0;
915
916 /* If it is our turn to send Pairing Confirm, do so now */
917 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
918 u8 rsp = smp_confirm(smp);
919 if (rsp)
920 smp_failure(conn, rsp);
921 }
922
923 unlock:
924 l2cap_chan_unlock(chan);
925 return err;
926 }
927
928 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
929 {
930 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
931 struct l2cap_chan *chan = conn->smp;
932 struct hci_dev *hdev = conn->hcon->hdev;
933 struct smp_chan *smp;
934 u8 key_size, auth, sec_level;
935 int ret;
936
937 BT_DBG("conn %p", conn);
938
939 if (skb->len < sizeof(*req))
940 return SMP_INVALID_PARAMS;
941
942 if (conn->hcon->role != HCI_ROLE_SLAVE)
943 return SMP_CMD_NOTSUPP;
944
945 if (!chan->data)
946 smp = smp_chan_create(conn);
947 else
948 smp = chan->data;
949
950 if (!smp)
951 return SMP_UNSPECIFIED;
952
953 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
954 (req->auth_req & SMP_AUTH_BONDING))
955 return SMP_PAIRING_NOTSUPP;
956
957 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
958
959 smp->preq[0] = SMP_CMD_PAIRING_REQ;
960 memcpy(&smp->preq[1], req, sizeof(*req));
961 skb_pull(skb, sizeof(*req));
962
963 /* We didn't start the pairing, so match remote */
964 auth = req->auth_req;
965
966 sec_level = authreq_to_seclevel(auth);
967 if (sec_level > conn->hcon->pending_sec_level)
968 conn->hcon->pending_sec_level = sec_level;
969
970 /* If we need MITM check that it can be acheived */
971 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
972 u8 method;
973
974 method = get_auth_method(smp, conn->hcon->io_capability,
975 req->io_capability);
976 if (method == JUST_WORKS || method == JUST_CFM)
977 return SMP_AUTH_REQUIREMENTS;
978 }
979
980 build_pairing_cmd(conn, req, &rsp, auth);
981
982 key_size = min(req->max_key_size, rsp.max_key_size);
983 if (check_enc_key_size(conn, key_size))
984 return SMP_ENC_KEY_SIZE;
985
986 get_random_bytes(smp->prnd, sizeof(smp->prnd));
987
988 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
989 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
990
991 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
992 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
993
994 /* Request setup of TK */
995 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
996 if (ret)
997 return SMP_UNSPECIFIED;
998
999 return 0;
1000 }
1001
1002 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1003 {
1004 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1005 struct l2cap_chan *chan = conn->smp;
1006 struct smp_chan *smp = chan->data;
1007 u8 key_size, auth = SMP_AUTH_NONE;
1008 int ret;
1009
1010 BT_DBG("conn %p", conn);
1011
1012 if (skb->len < sizeof(*rsp))
1013 return SMP_INVALID_PARAMS;
1014
1015 if (conn->hcon->role != HCI_ROLE_MASTER)
1016 return SMP_CMD_NOTSUPP;
1017
1018 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1019
1020 skb_pull(skb, sizeof(*rsp));
1021
1022 req = (void *) &smp->preq[1];
1023
1024 key_size = min(req->max_key_size, rsp->max_key_size);
1025 if (check_enc_key_size(conn, key_size))
1026 return SMP_ENC_KEY_SIZE;
1027
1028 /* If we need MITM check that it can be acheived */
1029 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1030 u8 method;
1031
1032 method = get_auth_method(smp, req->io_capability,
1033 rsp->io_capability);
1034 if (method == JUST_WORKS || method == JUST_CFM)
1035 return SMP_AUTH_REQUIREMENTS;
1036 }
1037
1038 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1039
1040 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1041 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1042
1043 /* Update remote key distribution in case the remote cleared
1044 * some bits that we had enabled in our request.
1045 */
1046 smp->remote_key_dist &= rsp->resp_key_dist;
1047
1048 if ((req->auth_req & SMP_AUTH_BONDING) &&
1049 (rsp->auth_req & SMP_AUTH_BONDING))
1050 auth = SMP_AUTH_BONDING;
1051
1052 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1053
1054 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1055 if (ret)
1056 return SMP_UNSPECIFIED;
1057
1058 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1059
1060 /* Can't compose response until we have been confirmed */
1061 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1062 return smp_confirm(smp);
1063
1064 return 0;
1065 }
1066
1067 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1068 {
1069 struct l2cap_chan *chan = conn->smp;
1070 struct smp_chan *smp = chan->data;
1071
1072 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1073
1074 if (skb->len < sizeof(smp->pcnf))
1075 return SMP_INVALID_PARAMS;
1076
1077 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1078
1079 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1080 skb_pull(skb, sizeof(smp->pcnf));
1081
1082 if (conn->hcon->out) {
1083 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1084 smp->prnd);
1085 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1086 return 0;
1087 }
1088
1089 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1090 return smp_confirm(smp);
1091 else
1092 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1093
1094 return 0;
1095 }
1096
1097 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1098 {
1099 struct l2cap_chan *chan = conn->smp;
1100 struct smp_chan *smp = chan->data;
1101
1102 BT_DBG("conn %p", conn);
1103
1104 if (skb->len < sizeof(smp->rrnd))
1105 return SMP_INVALID_PARAMS;
1106
1107 SMP_DISALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1108
1109 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1110 skb_pull(skb, sizeof(smp->rrnd));
1111
1112 return smp_random(smp);
1113 }
1114
1115 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1116 {
1117 struct smp_ltk *key;
1118 struct hci_conn *hcon = conn->hcon;
1119
1120 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1121 hcon->role);
1122 if (!key)
1123 return false;
1124
1125 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1126 return false;
1127
1128 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1129 return true;
1130
1131 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1132 hcon->enc_key_size = key->enc_size;
1133
1134 /* We never store STKs for master role, so clear this flag */
1135 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1136
1137 return true;
1138 }
1139
1140 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1141 {
1142 if (sec_level == BT_SECURITY_LOW)
1143 return true;
1144
1145 /* If we're encrypted with an STK always claim insufficient
1146 * security. This way we allow the connection to be re-encrypted
1147 * with an LTK, even if the LTK provides the same level of
1148 * security. Only exception is if we don't have an LTK (e.g.
1149 * because of key distribution bits).
1150 */
1151 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1152 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1153 hcon->role))
1154 return false;
1155
1156 if (hcon->sec_level >= sec_level)
1157 return true;
1158
1159 return false;
1160 }
1161
1162 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1163 {
1164 struct smp_cmd_security_req *rp = (void *) skb->data;
1165 struct smp_cmd_pairing cp;
1166 struct hci_conn *hcon = conn->hcon;
1167 struct smp_chan *smp;
1168 u8 sec_level;
1169
1170 BT_DBG("conn %p", conn);
1171
1172 if (skb->len < sizeof(*rp))
1173 return SMP_INVALID_PARAMS;
1174
1175 if (hcon->role != HCI_ROLE_MASTER)
1176 return SMP_CMD_NOTSUPP;
1177
1178 sec_level = authreq_to_seclevel(rp->auth_req);
1179 if (smp_sufficient_security(hcon, sec_level))
1180 return 0;
1181
1182 if (sec_level > hcon->pending_sec_level)
1183 hcon->pending_sec_level = sec_level;
1184
1185 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1186 return 0;
1187
1188 smp = smp_chan_create(conn);
1189 if (!smp)
1190 return SMP_UNSPECIFIED;
1191
1192 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1193 (rp->auth_req & SMP_AUTH_BONDING))
1194 return SMP_PAIRING_NOTSUPP;
1195
1196 skb_pull(skb, sizeof(*rp));
1197
1198 memset(&cp, 0, sizeof(cp));
1199 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1200
1201 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1202 memcpy(&smp->preq[1], &cp, sizeof(cp));
1203
1204 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1205 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1206
1207 return 0;
1208 }
1209
1210 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1211 {
1212 struct l2cap_conn *conn = hcon->l2cap_data;
1213 struct l2cap_chan *chan = conn->smp;
1214 struct smp_chan *smp;
1215 __u8 authreq;
1216 int ret;
1217
1218 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1219
1220 /* This may be NULL if there's an unexpected disconnection */
1221 if (!conn)
1222 return 1;
1223
1224 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1225 return 1;
1226
1227 if (smp_sufficient_security(hcon, sec_level))
1228 return 1;
1229
1230 if (sec_level > hcon->pending_sec_level)
1231 hcon->pending_sec_level = sec_level;
1232
1233 if (hcon->role == HCI_ROLE_MASTER)
1234 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1235 return 0;
1236
1237 l2cap_chan_lock(chan);
1238
1239 /* If SMP is already in progress ignore this request */
1240 if (chan->data) {
1241 ret = 0;
1242 goto unlock;
1243 }
1244
1245 smp = smp_chan_create(conn);
1246 if (!smp) {
1247 ret = 1;
1248 goto unlock;
1249 }
1250
1251 authreq = seclevel_to_authreq(sec_level);
1252
1253 /* Require MITM if IO Capability allows or the security level
1254 * requires it.
1255 */
1256 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1257 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1258 authreq |= SMP_AUTH_MITM;
1259
1260 if (hcon->role == HCI_ROLE_MASTER) {
1261 struct smp_cmd_pairing cp;
1262
1263 build_pairing_cmd(conn, &cp, NULL, authreq);
1264 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1265 memcpy(&smp->preq[1], &cp, sizeof(cp));
1266
1267 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1269 } else {
1270 struct smp_cmd_security_req cp;
1271 cp.auth_req = authreq;
1272 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1273 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1274 }
1275
1276 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1277 ret = 0;
1278
1279 unlock:
1280 l2cap_chan_unlock(chan);
1281 return ret;
1282 }
1283
1284 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1285 {
1286 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1287 struct l2cap_chan *chan = conn->smp;
1288 struct smp_chan *smp = chan->data;
1289
1290 BT_DBG("conn %p", conn);
1291
1292 if (skb->len < sizeof(*rp))
1293 return SMP_INVALID_PARAMS;
1294
1295 SMP_DISALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1296 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1297
1298 skb_pull(skb, sizeof(*rp));
1299
1300 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1301
1302 return 0;
1303 }
1304
1305 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1306 {
1307 struct smp_cmd_master_ident *rp = (void *) skb->data;
1308 struct l2cap_chan *chan = conn->smp;
1309 struct smp_chan *smp = chan->data;
1310 struct hci_dev *hdev = conn->hcon->hdev;
1311 struct hci_conn *hcon = conn->hcon;
1312 struct smp_ltk *ltk;
1313 u8 authenticated;
1314
1315 BT_DBG("conn %p", conn);
1316
1317 if (skb->len < sizeof(*rp))
1318 return SMP_INVALID_PARAMS;
1319
1320 /* Mark the information as received */
1321 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1322
1323 SMP_DISALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1324 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1325 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1326
1327 skb_pull(skb, sizeof(*rp));
1328
1329 hci_dev_lock(hdev);
1330 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1331 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1332 authenticated, smp->tk, smp->enc_key_size,
1333 rp->ediv, rp->rand);
1334 smp->ltk = ltk;
1335 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1336 smp_distribute_keys(smp);
1337 hci_dev_unlock(hdev);
1338
1339 return 0;
1340 }
1341
1342 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1343 {
1344 struct smp_cmd_ident_info *info = (void *) skb->data;
1345 struct l2cap_chan *chan = conn->smp;
1346 struct smp_chan *smp = chan->data;
1347
1348 BT_DBG("");
1349
1350 if (skb->len < sizeof(*info))
1351 return SMP_INVALID_PARAMS;
1352
1353 SMP_DISALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1354 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1355
1356 skb_pull(skb, sizeof(*info));
1357
1358 memcpy(smp->irk, info->irk, 16);
1359
1360 return 0;
1361 }
1362
1363 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1364 struct sk_buff *skb)
1365 {
1366 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1367 struct l2cap_chan *chan = conn->smp;
1368 struct smp_chan *smp = chan->data;
1369 struct hci_conn *hcon = conn->hcon;
1370 bdaddr_t rpa;
1371
1372 BT_DBG("");
1373
1374 if (skb->len < sizeof(*info))
1375 return SMP_INVALID_PARAMS;
1376
1377 /* Mark the information as received */
1378 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1379
1380 SMP_DISALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1381 if (smp->remote_key_dist & SMP_DIST_SIGN)
1382 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1383
1384 skb_pull(skb, sizeof(*info));
1385
1386 hci_dev_lock(hcon->hdev);
1387
1388 /* Strictly speaking the Core Specification (4.1) allows sending
1389 * an empty address which would force us to rely on just the IRK
1390 * as "identity information". However, since such
1391 * implementations are not known of and in order to not over
1392 * complicate our implementation, simply pretend that we never
1393 * received an IRK for such a device.
1394 */
1395 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1396 BT_ERR("Ignoring IRK with no identity address");
1397 goto distribute;
1398 }
1399
1400 bacpy(&smp->id_addr, &info->bdaddr);
1401 smp->id_addr_type = info->addr_type;
1402
1403 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1404 bacpy(&rpa, &hcon->dst);
1405 else
1406 bacpy(&rpa, BDADDR_ANY);
1407
1408 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1409 smp->id_addr_type, smp->irk, &rpa);
1410
1411 distribute:
1412 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1413 smp_distribute_keys(smp);
1414
1415 hci_dev_unlock(hcon->hdev);
1416
1417 return 0;
1418 }
1419
1420 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1421 {
1422 struct smp_cmd_sign_info *rp = (void *) skb->data;
1423 struct l2cap_chan *chan = conn->smp;
1424 struct smp_chan *smp = chan->data;
1425 struct hci_dev *hdev = conn->hcon->hdev;
1426 struct smp_csrk *csrk;
1427
1428 BT_DBG("conn %p", conn);
1429
1430 if (skb->len < sizeof(*rp))
1431 return SMP_INVALID_PARAMS;
1432
1433 /* Mark the information as received */
1434 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1435
1436 SMP_DISALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1437
1438 skb_pull(skb, sizeof(*rp));
1439
1440 hci_dev_lock(hdev);
1441 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1442 if (csrk) {
1443 csrk->master = 0x01;
1444 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1445 }
1446 smp->csrk = csrk;
1447 smp_distribute_keys(smp);
1448 hci_dev_unlock(hdev);
1449
1450 return 0;
1451 }
1452
1453 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1454 {
1455 struct l2cap_conn *conn = chan->conn;
1456 struct hci_conn *hcon = conn->hcon;
1457 struct smp_chan *smp;
1458 __u8 code, reason;
1459 int err = 0;
1460
1461 if (hcon->type != LE_LINK) {
1462 kfree_skb(skb);
1463 return 0;
1464 }
1465
1466 if (skb->len < 1)
1467 return -EILSEQ;
1468
1469 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1470 reason = SMP_PAIRING_NOTSUPP;
1471 goto done;
1472 }
1473
1474 code = skb->data[0];
1475 skb_pull(skb, sizeof(code));
1476
1477 smp = chan->data;
1478
1479 if (code > SMP_CMD_MAX)
1480 goto drop;
1481
1482 if (smp && !test_bit(code, &smp->allow_cmd))
1483 goto drop;
1484
1485 /* If we don't have a context the only allowed commands are
1486 * pairing request and security request.
1487 */
1488 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1489 goto drop;
1490
1491 switch (code) {
1492 case SMP_CMD_PAIRING_REQ:
1493 reason = smp_cmd_pairing_req(conn, skb);
1494 break;
1495
1496 case SMP_CMD_PAIRING_FAIL:
1497 smp_failure(conn, 0);
1498 err = -EPERM;
1499 break;
1500
1501 case SMP_CMD_PAIRING_RSP:
1502 reason = smp_cmd_pairing_rsp(conn, skb);
1503 break;
1504
1505 case SMP_CMD_SECURITY_REQ:
1506 reason = smp_cmd_security_req(conn, skb);
1507 break;
1508
1509 case SMP_CMD_PAIRING_CONFIRM:
1510 reason = smp_cmd_pairing_confirm(conn, skb);
1511 break;
1512
1513 case SMP_CMD_PAIRING_RANDOM:
1514 reason = smp_cmd_pairing_random(conn, skb);
1515 break;
1516
1517 case SMP_CMD_ENCRYPT_INFO:
1518 reason = smp_cmd_encrypt_info(conn, skb);
1519 break;
1520
1521 case SMP_CMD_MASTER_IDENT:
1522 reason = smp_cmd_master_ident(conn, skb);
1523 break;
1524
1525 case SMP_CMD_IDENT_INFO:
1526 reason = smp_cmd_ident_info(conn, skb);
1527 break;
1528
1529 case SMP_CMD_IDENT_ADDR_INFO:
1530 reason = smp_cmd_ident_addr_info(conn, skb);
1531 break;
1532
1533 case SMP_CMD_SIGN_INFO:
1534 reason = smp_cmd_sign_info(conn, skb);
1535 break;
1536
1537 default:
1538 BT_DBG("Unknown command code 0x%2.2x", code);
1539 reason = SMP_CMD_NOTSUPP;
1540 goto done;
1541 }
1542
1543 done:
1544 if (!err) {
1545 if (reason)
1546 smp_failure(conn, reason);
1547 kfree_skb(skb);
1548 }
1549
1550 return err;
1551
1552 drop:
1553 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1554 code, &hcon->dst);
1555 kfree_skb(skb);
1556 return 0;
1557 }
1558
1559 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1560 {
1561 struct l2cap_conn *conn = chan->conn;
1562
1563 BT_DBG("chan %p", chan);
1564
1565 if (chan->data)
1566 smp_chan_destroy(conn);
1567
1568 conn->smp = NULL;
1569 l2cap_chan_put(chan);
1570 }
1571
1572 static void smp_resume_cb(struct l2cap_chan *chan)
1573 {
1574 struct smp_chan *smp = chan->data;
1575 struct l2cap_conn *conn = chan->conn;
1576 struct hci_conn *hcon = conn->hcon;
1577
1578 BT_DBG("chan %p", chan);
1579
1580 if (!smp)
1581 return;
1582
1583 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1584 return;
1585
1586 cancel_delayed_work(&smp->security_timer);
1587
1588 smp_distribute_keys(smp);
1589 }
1590
1591 static void smp_ready_cb(struct l2cap_chan *chan)
1592 {
1593 struct l2cap_conn *conn = chan->conn;
1594
1595 BT_DBG("chan %p", chan);
1596
1597 conn->smp = chan;
1598 l2cap_chan_hold(chan);
1599 }
1600
1601 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1602 {
1603 int err;
1604
1605 BT_DBG("chan %p", chan);
1606
1607 err = smp_sig_channel(chan, skb);
1608 if (err) {
1609 struct smp_chan *smp = chan->data;
1610
1611 if (smp)
1612 cancel_delayed_work_sync(&smp->security_timer);
1613
1614 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1615 }
1616
1617 return err;
1618 }
1619
1620 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1621 unsigned long hdr_len,
1622 unsigned long len, int nb)
1623 {
1624 struct sk_buff *skb;
1625
1626 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1627 if (!skb)
1628 return ERR_PTR(-ENOMEM);
1629
1630 skb->priority = HCI_PRIO_MAX;
1631 bt_cb(skb)->chan = chan;
1632
1633 return skb;
1634 }
1635
1636 static const struct l2cap_ops smp_chan_ops = {
1637 .name = "Security Manager",
1638 .ready = smp_ready_cb,
1639 .recv = smp_recv_cb,
1640 .alloc_skb = smp_alloc_skb_cb,
1641 .teardown = smp_teardown_cb,
1642 .resume = smp_resume_cb,
1643
1644 .new_connection = l2cap_chan_no_new_connection,
1645 .state_change = l2cap_chan_no_state_change,
1646 .close = l2cap_chan_no_close,
1647 .defer = l2cap_chan_no_defer,
1648 .suspend = l2cap_chan_no_suspend,
1649 .set_shutdown = l2cap_chan_no_set_shutdown,
1650 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1651 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1652 };
1653
1654 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1655 {
1656 struct l2cap_chan *chan;
1657
1658 BT_DBG("pchan %p", pchan);
1659
1660 chan = l2cap_chan_create();
1661 if (!chan)
1662 return NULL;
1663
1664 chan->chan_type = pchan->chan_type;
1665 chan->ops = &smp_chan_ops;
1666 chan->scid = pchan->scid;
1667 chan->dcid = chan->scid;
1668 chan->imtu = pchan->imtu;
1669 chan->omtu = pchan->omtu;
1670 chan->mode = pchan->mode;
1671
1672 BT_DBG("created chan %p", chan);
1673
1674 return chan;
1675 }
1676
1677 static const struct l2cap_ops smp_root_chan_ops = {
1678 .name = "Security Manager Root",
1679 .new_connection = smp_new_conn_cb,
1680
1681 /* None of these are implemented for the root channel */
1682 .close = l2cap_chan_no_close,
1683 .alloc_skb = l2cap_chan_no_alloc_skb,
1684 .recv = l2cap_chan_no_recv,
1685 .state_change = l2cap_chan_no_state_change,
1686 .teardown = l2cap_chan_no_teardown,
1687 .ready = l2cap_chan_no_ready,
1688 .defer = l2cap_chan_no_defer,
1689 .suspend = l2cap_chan_no_suspend,
1690 .resume = l2cap_chan_no_resume,
1691 .set_shutdown = l2cap_chan_no_set_shutdown,
1692 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1693 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1694 };
1695
1696 int smp_register(struct hci_dev *hdev)
1697 {
1698 struct l2cap_chan *chan;
1699 struct crypto_blkcipher *tfm_aes;
1700
1701 BT_DBG("%s", hdev->name);
1702
1703 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1704 if (IS_ERR(tfm_aes)) {
1705 int err = PTR_ERR(tfm_aes);
1706 BT_ERR("Unable to create crypto context");
1707 return err;
1708 }
1709
1710 chan = l2cap_chan_create();
1711 if (!chan) {
1712 crypto_free_blkcipher(tfm_aes);
1713 return -ENOMEM;
1714 }
1715
1716 chan->data = tfm_aes;
1717
1718 l2cap_add_scid(chan, L2CAP_CID_SMP);
1719
1720 l2cap_chan_set_defaults(chan);
1721
1722 bacpy(&chan->src, &hdev->bdaddr);
1723 chan->src_type = BDADDR_LE_PUBLIC;
1724 chan->state = BT_LISTEN;
1725 chan->mode = L2CAP_MODE_BASIC;
1726 chan->imtu = L2CAP_DEFAULT_MTU;
1727 chan->ops = &smp_root_chan_ops;
1728
1729 hdev->smp_data = chan;
1730
1731 return 0;
1732 }
1733
1734 void smp_unregister(struct hci_dev *hdev)
1735 {
1736 struct l2cap_chan *chan = hdev->smp_data;
1737 struct crypto_blkcipher *tfm_aes;
1738
1739 if (!chan)
1740 return;
1741
1742 BT_DBG("%s chan %p", hdev->name, chan);
1743
1744 tfm_aes = chan->data;
1745 if (tfm_aes) {
1746 chan->data = NULL;
1747 crypto_free_blkcipher(tfm_aes);
1748 }
1749
1750 hdev->smp_data = NULL;
1751 l2cap_chan_put(chan);
1752 }
Linux kernel - Deliverables
This page took 0.063725 seconds and 4 git commands to generate.