2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
35 /* Low-level debug macros to be used for stuff that we don't want
36 * accidentially in dmesg, i.e. the values of the various crypto keys
37 * and the inputs & outputs of crypto functions.
40 #define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
43 #define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
47 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
49 /* Keys which are not distributed with Secure Connections */
50 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
52 #define SMP_TIMEOUT msecs_to_jiffies(30000)
54 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
56 #define KEY_DIST_MASK 0x07
58 /* Maximum message length that can be passed to aes_cmac */
59 #define CMAC_MSG_MAX 80
71 SMP_FLAG_DHKEY_PENDING
,
76 struct l2cap_conn
*conn
;
77 struct delayed_work security_timer
;
78 unsigned long allow_cmd
; /* Bitmask of allowed commands */
80 u8 preq
[7]; /* SMP Pairing Request */
81 u8 prsp
[7]; /* SMP Pairing Response */
82 u8 prnd
[16]; /* SMP Pairing Random (local) */
83 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
84 u8 pcnf
[16]; /* SMP Pairing Confirm */
85 u8 tk
[16]; /* SMP Temporary Key */
92 struct smp_csrk
*csrk
;
93 struct smp_csrk
*slave_csrk
;
95 struct smp_ltk
*slave_ltk
;
96 struct smp_irk
*remote_irk
;
102 /* Secure Connections variables */
109 struct crypto_blkcipher
*tfm_aes
;
110 struct crypto_hash
*tfm_cmac
;
113 /* These debug key values are defined in the SMP section of the core
114 * specification. debug_pk is the public debug key and debug_sk the
117 static const u8 debug_pk
[64] = {
118 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
123 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
129 static const u8 debug_sk
[32] = {
130 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
136 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
140 for (i
= 0; i
< len
; i
++)
141 dst
[len
- 1 - i
] = src
[i
];
144 /* The following functions map to the LE SC SMP crypto functions
145 * AES-CMAC, f4, f5, f6, g2 and h6.
148 static int aes_cmac(struct crypto_hash
*tfm
, const u8 k
[16], const u8
*m
,
149 size_t len
, u8 mac
[16])
151 uint8_t tmp
[16], mac_msb
[16], msg_msb
[CMAC_MSG_MAX
];
152 struct hash_desc desc
;
153 struct scatterlist sg
;
156 if (len
> CMAC_MSG_MAX
)
160 BT_ERR("tfm %p", tfm
);
167 crypto_hash_init(&desc
);
169 /* Swap key and message from LSB to MSB */
170 swap_buf(k
, tmp
, 16);
171 swap_buf(m
, msg_msb
, len
);
173 SMP_DBG("msg (len %zu) %*phN", len
, (int) len
, m
);
174 SMP_DBG("key %16phN", k
);
176 err
= crypto_hash_setkey(tfm
, tmp
, 16);
178 BT_ERR("cipher setkey failed: %d", err
);
182 sg_init_one(&sg
, msg_msb
, len
);
184 err
= crypto_hash_update(&desc
, &sg
, len
);
186 BT_ERR("Hash update error %d", err
);
190 err
= crypto_hash_final(&desc
, mac_msb
);
192 BT_ERR("Hash final error %d", err
);
196 swap_buf(mac_msb
, mac
, 16);
198 SMP_DBG("mac %16phN", mac
);
203 static int smp_f4(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
204 const u8 x
[16], u8 z
, u8 res
[16])
209 SMP_DBG("u %32phN", u
);
210 SMP_DBG("v %32phN", v
);
211 SMP_DBG("x %16phN z %02x", x
, z
);
214 memcpy(m
+ 1, v
, 32);
215 memcpy(m
+ 33, u
, 32);
217 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), res
);
221 SMP_DBG("res %16phN", res
);
226 static int smp_f5(struct crypto_hash
*tfm_cmac
, u8 w
[32], u8 n1
[16], u8 n2
[16],
227 u8 a1
[7], u8 a2
[7], u8 mackey
[16], u8 ltk
[16])
229 /* The btle, salt and length "magic" values are as defined in
230 * the SMP section of the Bluetooth core specification. In ASCII
231 * the btle value ends up being 'btle'. The salt is just a
232 * random number whereas length is the value 256 in little
235 const u8 btle
[4] = { 0x65, 0x6c, 0x74, 0x62 };
236 const u8 salt
[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
237 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
238 const u8 length
[2] = { 0x00, 0x01 };
242 SMP_DBG("w %32phN", w
);
243 SMP_DBG("n1 %16phN n2 %16phN", n1
, n2
);
244 SMP_DBG("a1 %7phN a2 %7phN", a1
, a2
);
246 err
= aes_cmac(tfm_cmac
, salt
, w
, 32, t
);
250 SMP_DBG("t %16phN", t
);
252 memcpy(m
, length
, 2);
253 memcpy(m
+ 2, a2
, 7);
254 memcpy(m
+ 9, a1
, 7);
255 memcpy(m
+ 16, n2
, 16);
256 memcpy(m
+ 32, n1
, 16);
257 memcpy(m
+ 48, btle
, 4);
259 m
[52] = 0; /* Counter */
261 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), mackey
);
265 SMP_DBG("mackey %16phN", mackey
);
267 m
[52] = 1; /* Counter */
269 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), ltk
);
273 SMP_DBG("ltk %16phN", ltk
);
278 static int smp_f6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
279 const u8 n1
[16], u8 n2
[16], const u8 r
[16],
280 const u8 io_cap
[3], const u8 a1
[7], const u8 a2
[7],
286 SMP_DBG("w %16phN", w
);
287 SMP_DBG("n1 %16phN n2 %16phN", n1
, n2
);
288 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r
, io_cap
, a1
, a2
);
291 memcpy(m
+ 7, a1
, 7);
292 memcpy(m
+ 14, io_cap
, 3);
293 memcpy(m
+ 17, r
, 16);
294 memcpy(m
+ 33, n2
, 16);
295 memcpy(m
+ 49, n1
, 16);
297 err
= aes_cmac(tfm_cmac
, w
, m
, sizeof(m
), res
);
301 BT_DBG("res %16phN", res
);
306 static int smp_g2(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
307 const u8 x
[16], const u8 y
[16], u32
*val
)
312 SMP_DBG("u %32phN", u
);
313 SMP_DBG("v %32phN", v
);
314 SMP_DBG("x %16phN y %16phN", x
, y
);
317 memcpy(m
+ 16, v
, 32);
318 memcpy(m
+ 48, u
, 32);
320 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), tmp
);
324 *val
= get_unaligned_le32(tmp
);
327 SMP_DBG("val %06u", *val
);
332 static int smp_h6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
333 const u8 key_id
[4], u8 res
[16])
337 SMP_DBG("w %16phN key_id %4phN", w
, key_id
);
339 err
= aes_cmac(tfm_cmac
, w
, key_id
, 4, res
);
343 SMP_DBG("res %16phN", res
);
348 /* The following functions map to the legacy SMP crypto functions e, c1,
352 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
354 struct blkcipher_desc desc
;
355 struct scatterlist sg
;
356 uint8_t tmp
[16], data
[16];
360 BT_ERR("tfm %p", tfm
);
367 /* The most significant octet of key corresponds to k[0] */
368 swap_buf(k
, tmp
, 16);
370 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
372 BT_ERR("cipher setkey failed: %d", err
);
376 /* Most significant octet of plaintextData corresponds to data[0] */
377 swap_buf(r
, data
, 16);
379 sg_init_one(&sg
, data
, 16);
381 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
383 BT_ERR("Encrypt data error %d", err
);
385 /* Most significant octet of encryptedData corresponds to data[0] */
386 swap_buf(data
, r
, 16);
391 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, const u8 k
[16],
392 const u8 r
[16], const u8 preq
[7], const u8 pres
[7], u8 _iat
,
393 const bdaddr_t
*ia
, u8 _rat
, const bdaddr_t
*ra
, u8 res
[16])
400 /* p1 = pres || preq || _rat || _iat */
403 memcpy(p1
+ 2, preq
, 7);
404 memcpy(p1
+ 9, pres
, 7);
406 /* p2 = padding || ia || ra */
408 memcpy(p2
+ 6, ia
, 6);
409 memset(p2
+ 12, 0, 4);
412 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
414 /* res = e(k, res) */
415 err
= smp_e(tfm_aes
, k
, res
);
417 BT_ERR("Encrypt data error");
421 /* res = res XOR p2 */
422 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
424 /* res = e(k, res) */
425 err
= smp_e(tfm_aes
, k
, res
);
427 BT_ERR("Encrypt data error");
432 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, const u8 k
[16],
433 const u8 r1
[16], const u8 r2
[16], u8 _r
[16])
437 /* Just least significant octets from r1 and r2 are considered */
439 memcpy(_r
+ 8, r1
, 8);
441 err
= smp_e(tfm_aes
, k
, _r
);
443 BT_ERR("Encrypt data error");
448 static int smp_ah(struct crypto_blkcipher
*tfm
, const u8 irk
[16],
449 const u8 r
[3], u8 res
[3])
454 /* r' = padding || r */
456 memset(_res
+ 3, 0, 13);
458 err
= smp_e(tfm
, irk
, _res
);
460 BT_ERR("Encrypt error");
464 /* The output of the random address function ah is:
465 * ah(h, r) = e(k, r') mod 2^24
466 * The output of the security function e is then truncated to 24 bits
467 * by taking the least significant 24 bits of the output of e as the
470 memcpy(res
, _res
, 3);
475 bool smp_irk_matches(struct hci_dev
*hdev
, const u8 irk
[16],
476 const bdaddr_t
*bdaddr
)
478 struct l2cap_chan
*chan
= hdev
->smp_data
;
479 struct crypto_blkcipher
*tfm
;
483 if (!chan
|| !chan
->data
)
488 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
490 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
494 return !memcmp(bdaddr
->b
, hash
, 3);
497 int smp_generate_rpa(struct hci_dev
*hdev
, const u8 irk
[16], bdaddr_t
*rpa
)
499 struct l2cap_chan
*chan
= hdev
->smp_data
;
500 struct crypto_blkcipher
*tfm
;
503 if (!chan
|| !chan
->data
)
508 get_random_bytes(&rpa
->b
[3], 3);
510 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
511 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
513 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
517 BT_DBG("RPA %pMR", rpa
);
522 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
524 struct l2cap_chan
*chan
= conn
->smp
;
525 struct smp_chan
*smp
;
532 BT_DBG("code 0x%2.2x", code
);
534 iv
[0].iov_base
= &code
;
537 iv
[1].iov_base
= data
;
540 memset(&msg
, 0, sizeof(msg
));
542 msg
.msg_iov
= (struct iovec
*) &iv
;
545 l2cap_chan_send(chan
, &msg
, 1 + len
);
552 cancel_delayed_work_sync(&smp
->security_timer
);
553 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
556 static u8
authreq_to_seclevel(u8 authreq
)
558 if (authreq
& SMP_AUTH_MITM
) {
559 if (authreq
& SMP_AUTH_SC
)
560 return BT_SECURITY_FIPS
;
562 return BT_SECURITY_HIGH
;
564 return BT_SECURITY_MEDIUM
;
568 static __u8
seclevel_to_authreq(__u8 sec_level
)
571 case BT_SECURITY_FIPS
:
572 case BT_SECURITY_HIGH
:
573 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
574 case BT_SECURITY_MEDIUM
:
575 return SMP_AUTH_BONDING
;
577 return SMP_AUTH_NONE
;
581 static void build_pairing_cmd(struct l2cap_conn
*conn
,
582 struct smp_cmd_pairing
*req
,
583 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
585 struct l2cap_chan
*chan
= conn
->smp
;
586 struct smp_chan
*smp
= chan
->data
;
587 struct hci_conn
*hcon
= conn
->hcon
;
588 struct hci_dev
*hdev
= hcon
->hdev
;
589 u8 local_dist
= 0, remote_dist
= 0, oob_flag
= SMP_OOB_NOT_PRESENT
;
591 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
592 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
593 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
594 authreq
|= SMP_AUTH_BONDING
;
596 authreq
&= ~SMP_AUTH_BONDING
;
599 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
600 remote_dist
|= SMP_DIST_ID_KEY
;
602 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
603 local_dist
|= SMP_DIST_ID_KEY
;
605 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
606 (authreq
& SMP_AUTH_SC
)) {
607 struct oob_data
*oob_data
;
610 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
611 local_dist
|= SMP_DIST_LINK_KEY
;
612 remote_dist
|= SMP_DIST_LINK_KEY
;
615 if (hcon
->dst_type
== ADDR_LE_DEV_PUBLIC
)
616 bdaddr_type
= BDADDR_LE_PUBLIC
;
618 bdaddr_type
= BDADDR_LE_RANDOM
;
620 oob_data
= hci_find_remote_oob_data(hdev
, &hcon
->dst
,
623 set_bit(SMP_FLAG_OOB
, &smp
->flags
);
624 oob_flag
= SMP_OOB_PRESENT
;
625 memcpy(smp
->rr
, oob_data
->rand256
, 16);
626 memcpy(smp
->pcnf
, oob_data
->hash256
, 16);
630 authreq
&= ~SMP_AUTH_SC
;
634 req
->io_capability
= conn
->hcon
->io_capability
;
635 req
->oob_flag
= oob_flag
;
636 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
637 req
->init_key_dist
= local_dist
;
638 req
->resp_key_dist
= remote_dist
;
639 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
641 smp
->remote_key_dist
= remote_dist
;
645 rsp
->io_capability
= conn
->hcon
->io_capability
;
646 rsp
->oob_flag
= oob_flag
;
647 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
648 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
649 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
650 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
652 smp
->remote_key_dist
= rsp
->init_key_dist
;
655 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
657 struct l2cap_chan
*chan
= conn
->smp
;
658 struct smp_chan
*smp
= chan
->data
;
660 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
661 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
662 return SMP_ENC_KEY_SIZE
;
664 smp
->enc_key_size
= max_key_size
;
669 static void smp_chan_destroy(struct l2cap_conn
*conn
)
671 struct l2cap_chan
*chan
= conn
->smp
;
672 struct smp_chan
*smp
= chan
->data
;
677 cancel_delayed_work_sync(&smp
->security_timer
);
679 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
680 mgmt_smp_complete(conn
->hcon
, complete
);
683 kfree(smp
->slave_csrk
);
684 kfree(smp
->link_key
);
686 crypto_free_blkcipher(smp
->tfm_aes
);
687 crypto_free_hash(smp
->tfm_cmac
);
689 /* If pairing failed clean up any keys we might have */
692 list_del_rcu(&smp
->ltk
->list
);
693 kfree_rcu(smp
->ltk
, rcu
);
696 if (smp
->slave_ltk
) {
697 list_del_rcu(&smp
->slave_ltk
->list
);
698 kfree_rcu(smp
->slave_ltk
, rcu
);
701 if (smp
->remote_irk
) {
702 list_del_rcu(&smp
->remote_irk
->list
);
703 kfree_rcu(smp
->remote_irk
, rcu
);
709 hci_conn_drop(conn
->hcon
);
712 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
714 struct hci_conn
*hcon
= conn
->hcon
;
715 struct l2cap_chan
*chan
= conn
->smp
;
718 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
721 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
722 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
725 smp_chan_destroy(conn
);
728 #define JUST_WORKS 0x00
729 #define JUST_CFM 0x01
730 #define REQ_PASSKEY 0x02
731 #define CFM_PASSKEY 0x03
733 #define DSP_PASSKEY 0x05
736 static const u8 gen_method
[5][5] = {
737 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
738 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
739 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
740 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
741 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
744 static const u8 sc_method
[5][5] = {
745 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
746 { JUST_WORKS
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
747 { DSP_PASSKEY
, DSP_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, DSP_PASSKEY
},
748 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
749 { DSP_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
752 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
754 /* If either side has unknown io_caps, use JUST_CFM (which gets
755 * converted later to JUST_WORKS if we're initiators.
757 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
758 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
761 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
762 return sc_method
[remote_io
][local_io
];
764 return gen_method
[remote_io
][local_io
];
767 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
768 u8 local_io
, u8 remote_io
)
770 struct hci_conn
*hcon
= conn
->hcon
;
771 struct l2cap_chan
*chan
= conn
->smp
;
772 struct smp_chan
*smp
= chan
->data
;
776 /* Initialize key for JUST WORKS */
777 memset(smp
->tk
, 0, sizeof(smp
->tk
));
778 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
780 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
782 /* If neither side wants MITM, either "just" confirm an incoming
783 * request or use just-works for outgoing ones. The JUST_CFM
784 * will be converted to JUST_WORKS if necessary later in this
785 * function. If either side has MITM look up the method from the
788 if (!(auth
& SMP_AUTH_MITM
))
789 smp
->method
= JUST_CFM
;
791 smp
->method
= get_auth_method(smp
, local_io
, remote_io
);
793 /* Don't confirm locally initiated pairing attempts */
794 if (smp
->method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
,
796 smp
->method
= JUST_WORKS
;
798 /* Don't bother user space with no IO capabilities */
799 if (smp
->method
== JUST_CFM
&&
800 hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
801 smp
->method
= JUST_WORKS
;
803 /* If Just Works, Continue with Zero TK */
804 if (smp
->method
== JUST_WORKS
) {
805 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
809 /* Not Just Works/Confirm results in MITM Authentication */
810 if (smp
->method
!= JUST_CFM
) {
811 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
812 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
813 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
816 /* If both devices have Keyoard-Display I/O, the master
817 * Confirms and the slave Enters the passkey.
819 if (smp
->method
== OVERLAP
) {
820 if (hcon
->role
== HCI_ROLE_MASTER
)
821 smp
->method
= CFM_PASSKEY
;
823 smp
->method
= REQ_PASSKEY
;
826 /* Generate random passkey. */
827 if (smp
->method
== CFM_PASSKEY
) {
828 memset(smp
->tk
, 0, sizeof(smp
->tk
));
829 get_random_bytes(&passkey
, sizeof(passkey
));
831 put_unaligned_le32(passkey
, smp
->tk
);
832 BT_DBG("PassKey: %d", passkey
);
833 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
836 if (smp
->method
== REQ_PASSKEY
)
837 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
838 hcon
->type
, hcon
->dst_type
);
839 else if (smp
->method
== JUST_CFM
)
840 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
841 hcon
->type
, hcon
->dst_type
,
844 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
845 hcon
->type
, hcon
->dst_type
,
851 static u8
smp_confirm(struct smp_chan
*smp
)
853 struct l2cap_conn
*conn
= smp
->conn
;
854 struct smp_cmd_pairing_confirm cp
;
857 BT_DBG("conn %p", conn
);
859 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
860 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
861 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
864 return SMP_UNSPECIFIED
;
866 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
868 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
871 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
873 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
878 static u8
smp_random(struct smp_chan
*smp
)
880 struct l2cap_conn
*conn
= smp
->conn
;
881 struct hci_conn
*hcon
= conn
->hcon
;
885 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
886 return SMP_UNSPECIFIED
;
888 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
890 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
891 hcon
->init_addr_type
, &hcon
->init_addr
,
892 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
894 return SMP_UNSPECIFIED
;
896 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
897 BT_ERR("Pairing failed (confirmation values mismatch)");
898 return SMP_CONFIRM_FAILED
;
906 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
908 memset(stk
+ smp
->enc_key_size
, 0,
909 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
911 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
912 return SMP_UNSPECIFIED
;
914 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
915 hcon
->enc_key_size
= smp
->enc_key_size
;
916 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
922 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
925 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
927 memset(stk
+ smp
->enc_key_size
, 0,
928 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
930 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
935 /* Even though there's no _SLAVE suffix this is the
936 * slave STK we're adding for later lookup (the master
937 * STK never needs to be stored).
939 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
940 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
946 static void smp_notify_keys(struct l2cap_conn
*conn
)
948 struct l2cap_chan
*chan
= conn
->smp
;
949 struct smp_chan
*smp
= chan
->data
;
950 struct hci_conn
*hcon
= conn
->hcon
;
951 struct hci_dev
*hdev
= hcon
->hdev
;
952 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
953 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
956 if (smp
->remote_irk
) {
957 mgmt_new_irk(hdev
, smp
->remote_irk
);
958 /* Now that user space can be considered to know the
959 * identity address track the connection based on it
960 * from now on (assuming this is an LE link).
962 if (hcon
->type
== LE_LINK
) {
963 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
964 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
965 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
968 /* When receiving an indentity resolving key for
969 * a remote device that does not use a resolvable
970 * private address, just remove the key so that
971 * it is possible to use the controller white
974 * Userspace will have been told to not store
975 * this key at this point. So it is safe to
978 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
979 list_del_rcu(&smp
->remote_irk
->list
);
980 kfree_rcu(smp
->remote_irk
, rcu
);
981 smp
->remote_irk
= NULL
;
985 if (hcon
->type
== ACL_LINK
) {
986 if (hcon
->key_type
== HCI_LK_DEBUG_COMBINATION
)
989 persistent
= !test_bit(HCI_CONN_FLUSH_KEY
,
992 /* The LTKs and CSRKs should be persistent only if both sides
993 * had the bonding bit set in their authentication requests.
995 persistent
= !!((req
->auth_req
& rsp
->auth_req
) &
1001 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1002 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1003 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1006 if (smp
->slave_csrk
) {
1007 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1008 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1009 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1013 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1014 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1015 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1018 if (smp
->slave_ltk
) {
1019 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1020 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1021 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1024 if (smp
->link_key
) {
1025 struct link_key
*key
;
1028 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1029 type
= HCI_LK_DEBUG_COMBINATION
;
1030 else if (hcon
->sec_level
== BT_SECURITY_FIPS
)
1031 type
= HCI_LK_AUTH_COMBINATION_P256
;
1033 type
= HCI_LK_UNAUTH_COMBINATION_P256
;
1035 key
= hci_add_link_key(hdev
, smp
->conn
->hcon
, &hcon
->dst
,
1036 smp
->link_key
, type
, 0, &persistent
);
1038 mgmt_new_link_key(hdev
, key
, persistent
);
1040 /* Don't keep debug keys around if the relevant
1043 if (!test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
) &&
1044 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
1045 list_del_rcu(&key
->list
);
1046 kfree_rcu(key
, rcu
);
1052 static void sc_add_ltk(struct smp_chan
*smp
)
1054 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1057 if (test_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
))
1058 key_type
= SMP_LTK_P256_DEBUG
;
1060 key_type
= SMP_LTK_P256
;
1062 if (hcon
->pending_sec_level
== BT_SECURITY_FIPS
)
1067 memset(smp
->tk
+ smp
->enc_key_size
, 0,
1068 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
1070 smp
->ltk
= hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1071 key_type
, auth
, smp
->tk
, smp
->enc_key_size
,
1075 static void sc_generate_link_key(struct smp_chan
*smp
)
1077 /* These constants are as specified in the core specification.
1078 * In ASCII they spell out to 'tmp1' and 'lebr'.
1080 const u8 tmp1
[4] = { 0x31, 0x70, 0x6d, 0x74 };
1081 const u8 lebr
[4] = { 0x72, 0x62, 0x65, 0x6c };
1083 smp
->link_key
= kzalloc(16, GFP_KERNEL
);
1087 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, tmp1
, smp
->link_key
)) {
1088 kfree(smp
->link_key
);
1089 smp
->link_key
= NULL
;
1093 if (smp_h6(smp
->tfm_cmac
, smp
->link_key
, lebr
, smp
->link_key
)) {
1094 kfree(smp
->link_key
);
1095 smp
->link_key
= NULL
;
1100 static void smp_allow_key_dist(struct smp_chan
*smp
)
1102 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1103 * will be allowed in each PDU handler to ensure we receive
1104 * them in the correct order.
1106 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
1107 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
1108 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1109 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1110 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1111 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1114 static void sc_generate_ltk(struct smp_chan
*smp
)
1116 /* These constants are as specified in the core specification.
1117 * In ASCII they spell out to 'tmp2' and 'brle'.
1119 const u8 tmp2
[4] = { 0x32, 0x70, 0x6d, 0x74 };
1120 const u8 brle
[4] = { 0x65, 0x6c, 0x72, 0x62 };
1121 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1122 struct hci_dev
*hdev
= hcon
->hdev
;
1123 struct link_key
*key
;
1125 key
= hci_find_link_key(hdev
, &hcon
->dst
);
1127 BT_ERR("%s No Link Key found to generate LTK", hdev
->name
);
1131 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
1132 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1134 if (smp_h6(smp
->tfm_cmac
, key
->val
, tmp2
, smp
->tk
))
1137 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, brle
, smp
->tk
))
1143 static void smp_distribute_keys(struct smp_chan
*smp
)
1145 struct smp_cmd_pairing
*req
, *rsp
;
1146 struct l2cap_conn
*conn
= smp
->conn
;
1147 struct hci_conn
*hcon
= conn
->hcon
;
1148 struct hci_dev
*hdev
= hcon
->hdev
;
1151 BT_DBG("conn %p", conn
);
1153 rsp
= (void *) &smp
->prsp
[1];
1155 /* The responder sends its keys first */
1156 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
1157 smp_allow_key_dist(smp
);
1161 req
= (void *) &smp
->preq
[1];
1164 keydist
= &rsp
->init_key_dist
;
1165 *keydist
&= req
->init_key_dist
;
1167 keydist
= &rsp
->resp_key_dist
;
1168 *keydist
&= req
->resp_key_dist
;
1171 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1172 if (hcon
->type
== LE_LINK
&& (*keydist
& SMP_DIST_LINK_KEY
))
1173 sc_generate_link_key(smp
);
1174 if (hcon
->type
== ACL_LINK
&& (*keydist
& SMP_DIST_ENC_KEY
))
1175 sc_generate_ltk(smp
);
1177 /* Clear the keys which are generated but not distributed */
1178 *keydist
&= ~SMP_SC_NO_DIST
;
1181 BT_DBG("keydist 0x%x", *keydist
);
1183 if (*keydist
& SMP_DIST_ENC_KEY
) {
1184 struct smp_cmd_encrypt_info enc
;
1185 struct smp_cmd_master_ident ident
;
1186 struct smp_ltk
*ltk
;
1191 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1192 get_random_bytes(&ediv
, sizeof(ediv
));
1193 get_random_bytes(&rand
, sizeof(rand
));
1195 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1197 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1198 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1199 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1200 smp
->enc_key_size
, ediv
, rand
);
1201 smp
->slave_ltk
= ltk
;
1206 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1208 *keydist
&= ~SMP_DIST_ENC_KEY
;
1211 if (*keydist
& SMP_DIST_ID_KEY
) {
1212 struct smp_cmd_ident_addr_info addrinfo
;
1213 struct smp_cmd_ident_info idinfo
;
1215 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1217 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1219 /* The hci_conn contains the local identity address
1220 * after the connection has been established.
1222 * This is true even when the connection has been
1223 * established using a resolvable random address.
1225 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1226 addrinfo
.addr_type
= hcon
->src_type
;
1228 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1231 *keydist
&= ~SMP_DIST_ID_KEY
;
1234 if (*keydist
& SMP_DIST_SIGN
) {
1235 struct smp_cmd_sign_info sign
;
1236 struct smp_csrk
*csrk
;
1238 /* Generate a new random key */
1239 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1241 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1243 csrk
->master
= 0x00;
1244 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1246 smp
->slave_csrk
= csrk
;
1248 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1250 *keydist
&= ~SMP_DIST_SIGN
;
1253 /* If there are still keys to be received wait for them */
1254 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
1255 smp_allow_key_dist(smp
);
1259 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1260 smp_notify_keys(conn
);
1262 smp_chan_destroy(conn
);
1265 static void smp_timeout(struct work_struct
*work
)
1267 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
1268 security_timer
.work
);
1269 struct l2cap_conn
*conn
= smp
->conn
;
1271 BT_DBG("conn %p", conn
);
1273 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
1276 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
1278 struct l2cap_chan
*chan
= conn
->smp
;
1279 struct smp_chan
*smp
;
1281 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
1285 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1286 if (IS_ERR(smp
->tfm_aes
)) {
1287 BT_ERR("Unable to create ECB crypto context");
1292 smp
->tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
1293 if (IS_ERR(smp
->tfm_cmac
)) {
1294 BT_ERR("Unable to create CMAC crypto context");
1295 crypto_free_blkcipher(smp
->tfm_aes
);
1303 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
1305 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
1307 hci_conn_hold(conn
->hcon
);
1312 static int sc_mackey_and_ltk(struct smp_chan
*smp
, u8 mackey
[16], u8 ltk
[16])
1314 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1315 u8
*na
, *nb
, a
[7], b
[7];
1325 memcpy(a
, &hcon
->init_addr
, 6);
1326 memcpy(b
, &hcon
->resp_addr
, 6);
1327 a
[6] = hcon
->init_addr_type
;
1328 b
[6] = hcon
->resp_addr_type
;
1330 return smp_f5(smp
->tfm_cmac
, smp
->dhkey
, na
, nb
, a
, b
, mackey
, ltk
);
1333 static void sc_dhkey_check(struct smp_chan
*smp
)
1335 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1336 struct smp_cmd_dhkey_check check
;
1337 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
1338 u8 io_cap
[3], r
[16];
1340 memcpy(a
, &hcon
->init_addr
, 6);
1341 memcpy(b
, &hcon
->resp_addr
, 6);
1342 a
[6] = hcon
->init_addr_type
;
1343 b
[6] = hcon
->resp_addr_type
;
1348 memcpy(io_cap
, &smp
->preq
[1], 3);
1352 memcpy(io_cap
, &smp
->prsp
[1], 3);
1355 memset(r
, 0, sizeof(r
));
1357 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1358 put_unaligned_le32(hcon
->passkey_notify
, r
);
1360 if (smp
->method
== REQ_OOB
)
1361 memcpy(r
, smp
->rr
, 16);
1363 smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->prnd
, smp
->rrnd
, r
, io_cap
,
1364 local_addr
, remote_addr
, check
.e
);
1366 smp_send_cmd(smp
->conn
, SMP_CMD_DHKEY_CHECK
, sizeof(check
), &check
);
1369 static u8
sc_passkey_send_confirm(struct smp_chan
*smp
)
1371 struct l2cap_conn
*conn
= smp
->conn
;
1372 struct hci_conn
*hcon
= conn
->hcon
;
1373 struct smp_cmd_pairing_confirm cfm
;
1376 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1379 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1381 if (smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
, r
,
1383 return SMP_UNSPECIFIED
;
1385 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
1390 static u8
sc_passkey_round(struct smp_chan
*smp
, u8 smp_op
)
1392 struct l2cap_conn
*conn
= smp
->conn
;
1393 struct hci_conn
*hcon
= conn
->hcon
;
1394 struct hci_dev
*hdev
= hcon
->hdev
;
1397 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1398 if (smp
->passkey_round
>= 20)
1402 case SMP_CMD_PAIRING_RANDOM
:
1403 r
= ((hcon
->passkey_notify
>> smp
->passkey_round
) & 0x01);
1406 if (smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1408 return SMP_UNSPECIFIED
;
1410 if (memcmp(smp
->pcnf
, cfm
, 16))
1411 return SMP_CONFIRM_FAILED
;
1413 smp
->passkey_round
++;
1415 if (smp
->passkey_round
== 20) {
1416 /* Generate MacKey and LTK */
1417 if (sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
))
1418 return SMP_UNSPECIFIED
;
1421 /* The round is only complete when the initiator
1422 * receives pairing random.
1425 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1426 sizeof(smp
->prnd
), smp
->prnd
);
1427 if (smp
->passkey_round
== 20)
1428 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1430 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1434 /* Start the next round */
1435 if (smp
->passkey_round
!= 20)
1436 return sc_passkey_round(smp
, 0);
1438 /* Passkey rounds are complete - start DHKey Check */
1439 sc_dhkey_check(smp
);
1440 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1444 case SMP_CMD_PAIRING_CONFIRM
:
1445 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
1446 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1450 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1453 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1454 sizeof(smp
->prnd
), smp
->prnd
);
1458 return sc_passkey_send_confirm(smp
);
1460 case SMP_CMD_PUBLIC_KEY
:
1462 /* Initiating device starts the round */
1466 BT_DBG("%s Starting passkey round %u", hdev
->name
,
1467 smp
->passkey_round
+ 1);
1469 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1471 return sc_passkey_send_confirm(smp
);
1477 static int sc_user_reply(struct smp_chan
*smp
, u16 mgmt_op
, __le32 passkey
)
1479 struct l2cap_conn
*conn
= smp
->conn
;
1480 struct hci_conn
*hcon
= conn
->hcon
;
1483 clear_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
1486 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1487 smp_failure(smp
->conn
, SMP_PASSKEY_ENTRY_FAILED
);
1489 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1490 smp_failure(smp
->conn
, SMP_NUMERIC_COMP_FAILED
);
1492 case MGMT_OP_USER_PASSKEY_REPLY
:
1493 hcon
->passkey_notify
= le32_to_cpu(passkey
);
1494 smp
->passkey_round
= 0;
1496 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
))
1497 smp_op
= SMP_CMD_PAIRING_CONFIRM
;
1501 if (sc_passkey_round(smp
, smp_op
))
1507 /* Initiator sends DHKey check first */
1509 sc_dhkey_check(smp
);
1510 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1511 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
)) {
1512 sc_dhkey_check(smp
);
1519 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
1521 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1522 struct l2cap_chan
*chan
;
1523 struct smp_chan
*smp
;
1536 l2cap_chan_lock(chan
);
1544 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1545 err
= sc_user_reply(smp
, mgmt_op
, passkey
);
1550 case MGMT_OP_USER_PASSKEY_REPLY
:
1551 value
= le32_to_cpu(passkey
);
1552 memset(smp
->tk
, 0, sizeof(smp
->tk
));
1553 BT_DBG("PassKey: %d", value
);
1554 put_unaligned_le32(value
, smp
->tk
);
1556 case MGMT_OP_USER_CONFIRM_REPLY
:
1557 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
1559 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1560 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1561 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1565 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1572 /* If it is our turn to send Pairing Confirm, do so now */
1573 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
1574 u8 rsp
= smp_confirm(smp
);
1576 smp_failure(conn
, rsp
);
1580 l2cap_chan_unlock(chan
);
1584 static void build_bredr_pairing_cmd(struct smp_chan
*smp
,
1585 struct smp_cmd_pairing
*req
,
1586 struct smp_cmd_pairing
*rsp
)
1588 struct l2cap_conn
*conn
= smp
->conn
;
1589 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1590 u8 local_dist
= 0, remote_dist
= 0;
1592 if (test_bit(HCI_BONDABLE
, &hdev
->dev_flags
)) {
1593 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1594 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
1597 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
1598 remote_dist
|= SMP_DIST_ID_KEY
;
1600 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
1601 local_dist
|= SMP_DIST_ID_KEY
;
1604 memset(req
, 0, sizeof(*req
));
1606 req
->init_key_dist
= local_dist
;
1607 req
->resp_key_dist
= remote_dist
;
1608 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1610 smp
->remote_key_dist
= remote_dist
;
1615 memset(rsp
, 0, sizeof(*rsp
));
1617 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
1618 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
1619 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
1621 smp
->remote_key_dist
= rsp
->init_key_dist
;
1624 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1626 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
1627 struct l2cap_chan
*chan
= conn
->smp
;
1628 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1629 struct smp_chan
*smp
;
1630 u8 key_size
, auth
, sec_level
;
1633 BT_DBG("conn %p", conn
);
1635 if (skb
->len
< sizeof(*req
))
1636 return SMP_INVALID_PARAMS
;
1638 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
1639 return SMP_CMD_NOTSUPP
;
1642 smp
= smp_chan_create(conn
);
1647 return SMP_UNSPECIFIED
;
1649 /* We didn't start the pairing, so match remote */
1650 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
1652 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
1653 (auth
& SMP_AUTH_BONDING
))
1654 return SMP_PAIRING_NOTSUPP
;
1656 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
1657 return SMP_AUTH_REQUIREMENTS
;
1659 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1660 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
1661 skb_pull(skb
, sizeof(*req
));
1663 /* SMP over BR/EDR requires special treatment */
1664 if (conn
->hcon
->type
== ACL_LINK
) {
1665 /* We must have a BR/EDR SC link */
1666 if (!test_bit(HCI_CONN_AES_CCM
, &conn
->hcon
->flags
))
1667 return SMP_CROSS_TRANSP_NOT_ALLOWED
;
1669 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1671 build_bredr_pairing_cmd(smp
, req
, &rsp
);
1673 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1674 if (check_enc_key_size(conn
, key_size
))
1675 return SMP_ENC_KEY_SIZE
;
1677 /* Clear bits which are generated but not distributed */
1678 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1680 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1681 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1682 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1684 smp_distribute_keys(smp
);
1688 build_pairing_cmd(conn
, req
, &rsp
, auth
);
1690 if (rsp
.auth_req
& SMP_AUTH_SC
)
1691 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1693 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1694 sec_level
= BT_SECURITY_MEDIUM
;
1696 sec_level
= authreq_to_seclevel(auth
);
1698 if (sec_level
> conn
->hcon
->pending_sec_level
)
1699 conn
->hcon
->pending_sec_level
= sec_level
;
1701 /* If we need MITM check that it can be achieved */
1702 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1705 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
1706 req
->io_capability
);
1707 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1708 return SMP_AUTH_REQUIREMENTS
;
1711 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1712 if (check_enc_key_size(conn
, key_size
))
1713 return SMP_ENC_KEY_SIZE
;
1715 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1717 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1718 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1720 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1722 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1724 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1725 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1726 /* Clear bits which are generated but not distributed */
1727 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1728 /* Wait for Public Key from Initiating Device */
1731 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1734 /* Request setup of TK */
1735 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1737 return SMP_UNSPECIFIED
;
1742 static u8
sc_send_public_key(struct smp_chan
*smp
)
1744 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
1748 if (test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
)) {
1749 BT_DBG("Using debug keys");
1750 memcpy(smp
->local_pk
, debug_pk
, 64);
1751 memcpy(smp
->local_sk
, debug_sk
, 32);
1752 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
1755 /* Generate local key pair for Secure Connections */
1756 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
1757 return SMP_UNSPECIFIED
;
1759 /* This is unlikely, but we need to check that
1760 * we didn't accidentially generate a debug key.
1762 if (memcmp(smp
->local_sk
, debug_sk
, 32))
1767 SMP_DBG("Local Public Key X: %32phN", smp
->local_pk
);
1768 SMP_DBG("Local Public Key Y: %32phN", &smp
->local_pk
[32]);
1769 SMP_DBG("Local Private Key: %32phN", smp
->local_sk
);
1771 smp_send_cmd(smp
->conn
, SMP_CMD_PUBLIC_KEY
, 64, smp
->local_pk
);
1776 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1778 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1779 struct l2cap_chan
*chan
= conn
->smp
;
1780 struct smp_chan
*smp
= chan
->data
;
1781 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1785 BT_DBG("conn %p", conn
);
1787 if (skb
->len
< sizeof(*rsp
))
1788 return SMP_INVALID_PARAMS
;
1790 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1791 return SMP_CMD_NOTSUPP
;
1793 skb_pull(skb
, sizeof(*rsp
));
1795 req
= (void *) &smp
->preq
[1];
1797 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1798 if (check_enc_key_size(conn
, key_size
))
1799 return SMP_ENC_KEY_SIZE
;
1801 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1803 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
1804 return SMP_AUTH_REQUIREMENTS
;
1806 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1807 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1809 /* Update remote key distribution in case the remote cleared
1810 * some bits that we had enabled in our request.
1812 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1814 /* For BR/EDR this means we're done and can start phase 3 */
1815 if (conn
->hcon
->type
== ACL_LINK
) {
1816 /* Clear bits which are generated but not distributed */
1817 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1818 smp_distribute_keys(smp
);
1822 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1823 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1824 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1825 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1827 /* If we need MITM check that it can be achieved */
1828 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1831 method
= get_auth_method(smp
, req
->io_capability
,
1832 rsp
->io_capability
);
1833 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1834 return SMP_AUTH_REQUIREMENTS
;
1837 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1839 /* Update remote key distribution in case the remote cleared
1840 * some bits that we had enabled in our request.
1842 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1844 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1845 /* Clear bits which are generated but not distributed */
1846 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1847 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1848 return sc_send_public_key(smp
);
1851 auth
|= req
->auth_req
;
1853 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1855 return SMP_UNSPECIFIED
;
1857 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1859 /* Can't compose response until we have been confirmed */
1860 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1861 return smp_confirm(smp
);
1866 static u8
sc_check_confirm(struct smp_chan
*smp
)
1868 struct l2cap_conn
*conn
= smp
->conn
;
1872 /* Public Key exchange must happen before any other steps */
1873 if (!test_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
))
1874 return SMP_UNSPECIFIED
;
1876 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1877 return sc_passkey_round(smp
, SMP_CMD_PAIRING_CONFIRM
);
1879 if (conn
->hcon
->out
) {
1880 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1882 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1888 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1890 struct l2cap_chan
*chan
= conn
->smp
;
1891 struct smp_chan
*smp
= chan
->data
;
1893 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1895 if (skb
->len
< sizeof(smp
->pcnf
))
1896 return SMP_INVALID_PARAMS
;
1898 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1899 skb_pull(skb
, sizeof(smp
->pcnf
));
1901 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
1902 return sc_check_confirm(smp
);
1904 if (conn
->hcon
->out
) {
1905 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1907 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1911 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1912 return smp_confirm(smp
);
1914 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1919 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1921 struct l2cap_chan
*chan
= conn
->smp
;
1922 struct smp_chan
*smp
= chan
->data
;
1923 struct hci_conn
*hcon
= conn
->hcon
;
1924 u8
*pkax
, *pkbx
, *na
, *nb
;
1928 BT_DBG("conn %p", conn
);
1930 if (skb
->len
< sizeof(smp
->rrnd
))
1931 return SMP_INVALID_PARAMS
;
1933 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1934 skb_pull(skb
, sizeof(smp
->rrnd
));
1936 if (!test_bit(SMP_FLAG_SC
, &smp
->flags
))
1937 return smp_random(smp
);
1939 if (smp
->method
== REQ_OOB
) {
1941 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
1942 sizeof(smp
->prnd
), smp
->prnd
);
1943 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1944 goto mackey_and_ltk
;
1947 /* Passkey entry has special treatment */
1948 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
1949 return sc_passkey_round(smp
, SMP_CMD_PAIRING_RANDOM
);
1954 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1957 return SMP_UNSPECIFIED
;
1959 if (memcmp(smp
->pcnf
, cfm
, 16))
1960 return SMP_CONFIRM_FAILED
;
1962 pkax
= smp
->local_pk
;
1963 pkbx
= smp
->remote_pk
;
1967 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1969 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1971 pkax
= smp
->remote_pk
;
1972 pkbx
= smp
->local_pk
;
1978 /* Generate MacKey and LTK */
1979 err
= sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
);
1981 return SMP_UNSPECIFIED
;
1983 if (smp
->method
== JUST_WORKS
|| smp
->method
== REQ_OOB
) {
1985 sc_dhkey_check(smp
);
1986 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1991 err
= smp_g2(smp
->tfm_cmac
, pkax
, pkbx
, na
, nb
, &passkey
);
1993 return SMP_UNSPECIFIED
;
1995 err
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
, hcon
->type
,
1996 hcon
->dst_type
, passkey
, 0);
1998 return SMP_UNSPECIFIED
;
2000 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
2005 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
2007 struct smp_ltk
*key
;
2008 struct hci_conn
*hcon
= conn
->hcon
;
2010 key
= hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
);
2014 if (smp_ltk_sec_level(key
) < sec_level
)
2017 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
2020 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
2021 hcon
->enc_key_size
= key
->enc_size
;
2023 /* We never store STKs for master role, so clear this flag */
2024 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
2029 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
2030 enum smp_key_pref key_pref
)
2032 if (sec_level
== BT_SECURITY_LOW
)
2035 /* If we're encrypted with an STK but the caller prefers using
2036 * LTK claim insufficient security. This way we allow the
2037 * connection to be re-encrypted with an LTK, even if the LTK
2038 * provides the same level of security. Only exception is if we
2039 * don't have an LTK (e.g. because of key distribution bits).
2041 if (key_pref
== SMP_USE_LTK
&&
2042 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
2043 hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
))
2046 if (hcon
->sec_level
>= sec_level
)
2052 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2054 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
2055 struct smp_cmd_pairing cp
;
2056 struct hci_conn
*hcon
= conn
->hcon
;
2057 struct hci_dev
*hdev
= hcon
->hdev
;
2058 struct smp_chan
*smp
;
2061 BT_DBG("conn %p", conn
);
2063 if (skb
->len
< sizeof(*rp
))
2064 return SMP_INVALID_PARAMS
;
2066 if (hcon
->role
!= HCI_ROLE_MASTER
)
2067 return SMP_CMD_NOTSUPP
;
2069 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
2071 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) && !(auth
& SMP_AUTH_SC
))
2072 return SMP_AUTH_REQUIREMENTS
;
2074 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
2075 sec_level
= BT_SECURITY_MEDIUM
;
2077 sec_level
= authreq_to_seclevel(auth
);
2079 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2082 if (sec_level
> hcon
->pending_sec_level
)
2083 hcon
->pending_sec_level
= sec_level
;
2085 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2088 smp
= smp_chan_create(conn
);
2090 return SMP_UNSPECIFIED
;
2092 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
2093 (auth
& SMP_AUTH_BONDING
))
2094 return SMP_PAIRING_NOTSUPP
;
2096 skb_pull(skb
, sizeof(*rp
));
2098 memset(&cp
, 0, sizeof(cp
));
2099 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
2101 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2102 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2104 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2105 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2110 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
2112 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
2113 struct l2cap_chan
*chan
;
2114 struct smp_chan
*smp
;
2118 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
2120 /* This may be NULL if there's an unexpected disconnection */
2126 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
2129 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
2132 if (sec_level
> hcon
->pending_sec_level
)
2133 hcon
->pending_sec_level
= sec_level
;
2135 if (hcon
->role
== HCI_ROLE_MASTER
)
2136 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
2139 l2cap_chan_lock(chan
);
2141 /* If SMP is already in progress ignore this request */
2147 smp
= smp_chan_create(conn
);
2153 authreq
= seclevel_to_authreq(sec_level
);
2155 if (test_bit(HCI_SC_ENABLED
, &hcon
->hdev
->dev_flags
))
2156 authreq
|= SMP_AUTH_SC
;
2158 /* Require MITM if IO Capability allows or the security level
2161 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
2162 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
2163 authreq
|= SMP_AUTH_MITM
;
2165 if (hcon
->role
== HCI_ROLE_MASTER
) {
2166 struct smp_cmd_pairing cp
;
2168 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
2169 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2170 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
2172 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
2173 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2175 struct smp_cmd_security_req cp
;
2176 cp
.auth_req
= authreq
;
2177 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
2178 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
2181 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
2185 l2cap_chan_unlock(chan
);
2189 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2191 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
2192 struct l2cap_chan
*chan
= conn
->smp
;
2193 struct smp_chan
*smp
= chan
->data
;
2195 BT_DBG("conn %p", conn
);
2197 if (skb
->len
< sizeof(*rp
))
2198 return SMP_INVALID_PARAMS
;
2200 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
2202 skb_pull(skb
, sizeof(*rp
));
2204 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
2209 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2211 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
2212 struct l2cap_chan
*chan
= conn
->smp
;
2213 struct smp_chan
*smp
= chan
->data
;
2214 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
2215 struct hci_conn
*hcon
= conn
->hcon
;
2216 struct smp_ltk
*ltk
;
2219 BT_DBG("conn %p", conn
);
2221 if (skb
->len
< sizeof(*rp
))
2222 return SMP_INVALID_PARAMS
;
2224 /* Mark the information as received */
2225 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
2227 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
2228 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
2229 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2230 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2232 skb_pull(skb
, sizeof(*rp
));
2234 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
2235 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
2236 authenticated
, smp
->tk
, smp
->enc_key_size
,
2237 rp
->ediv
, rp
->rand
);
2239 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2240 smp_distribute_keys(smp
);
2245 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2247 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
2248 struct l2cap_chan
*chan
= conn
->smp
;
2249 struct smp_chan
*smp
= chan
->data
;
2253 if (skb
->len
< sizeof(*info
))
2254 return SMP_INVALID_PARAMS
;
2256 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
2258 skb_pull(skb
, sizeof(*info
));
2260 memcpy(smp
->irk
, info
->irk
, 16);
2265 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
2266 struct sk_buff
*skb
)
2268 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
2269 struct l2cap_chan
*chan
= conn
->smp
;
2270 struct smp_chan
*smp
= chan
->data
;
2271 struct hci_conn
*hcon
= conn
->hcon
;
2276 if (skb
->len
< sizeof(*info
))
2277 return SMP_INVALID_PARAMS
;
2279 /* Mark the information as received */
2280 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
2282 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
2283 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
2285 skb_pull(skb
, sizeof(*info
));
2287 /* Strictly speaking the Core Specification (4.1) allows sending
2288 * an empty address which would force us to rely on just the IRK
2289 * as "identity information". However, since such
2290 * implementations are not known of and in order to not over
2291 * complicate our implementation, simply pretend that we never
2292 * received an IRK for such a device.
2294 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
2295 BT_ERR("Ignoring IRK with no identity address");
2299 bacpy(&smp
->id_addr
, &info
->bdaddr
);
2300 smp
->id_addr_type
= info
->addr_type
;
2302 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
2303 bacpy(&rpa
, &hcon
->dst
);
2305 bacpy(&rpa
, BDADDR_ANY
);
2307 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
2308 smp
->id_addr_type
, smp
->irk
, &rpa
);
2311 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
2312 smp_distribute_keys(smp
);
2317 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2319 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
2320 struct l2cap_chan
*chan
= conn
->smp
;
2321 struct smp_chan
*smp
= chan
->data
;
2322 struct smp_csrk
*csrk
;
2324 BT_DBG("conn %p", conn
);
2326 if (skb
->len
< sizeof(*rp
))
2327 return SMP_INVALID_PARAMS
;
2329 /* Mark the information as received */
2330 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
2332 skb_pull(skb
, sizeof(*rp
));
2334 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
2336 csrk
->master
= 0x01;
2337 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
2340 smp_distribute_keys(smp
);
2345 static u8
sc_select_method(struct smp_chan
*smp
)
2347 struct l2cap_conn
*conn
= smp
->conn
;
2348 struct hci_conn
*hcon
= conn
->hcon
;
2349 struct smp_cmd_pairing
*local
, *remote
;
2350 u8 local_mitm
, remote_mitm
, local_io
, remote_io
, method
;
2352 if (test_bit(SMP_FLAG_OOB
, &smp
->flags
))
2355 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2356 * which are needed as inputs to some crypto functions. To get
2357 * the "struct smp_cmd_pairing" from them we need to skip the
2358 * first byte which contains the opcode.
2361 local
= (void *) &smp
->preq
[1];
2362 remote
= (void *) &smp
->prsp
[1];
2364 local
= (void *) &smp
->prsp
[1];
2365 remote
= (void *) &smp
->preq
[1];
2368 local_io
= local
->io_capability
;
2369 remote_io
= remote
->io_capability
;
2371 local_mitm
= (local
->auth_req
& SMP_AUTH_MITM
);
2372 remote_mitm
= (remote
->auth_req
& SMP_AUTH_MITM
);
2374 /* If either side wants MITM, look up the method from the table,
2375 * otherwise use JUST WORKS.
2377 if (local_mitm
|| remote_mitm
)
2378 method
= get_auth_method(smp
, local_io
, remote_io
);
2380 method
= JUST_WORKS
;
2382 /* Don't confirm locally initiated pairing attempts */
2383 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
2384 method
= JUST_WORKS
;
2389 static int smp_cmd_public_key(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2391 struct smp_cmd_public_key
*key
= (void *) skb
->data
;
2392 struct hci_conn
*hcon
= conn
->hcon
;
2393 struct l2cap_chan
*chan
= conn
->smp
;
2394 struct smp_chan
*smp
= chan
->data
;
2395 struct hci_dev
*hdev
= hcon
->hdev
;
2396 struct smp_cmd_pairing_confirm cfm
;
2399 BT_DBG("conn %p", conn
);
2401 if (skb
->len
< sizeof(*key
))
2402 return SMP_INVALID_PARAMS
;
2404 memcpy(smp
->remote_pk
, key
, 64);
2406 /* Non-initiating device sends its public key after receiving
2407 * the key from the initiating device.
2410 err
= sc_send_public_key(smp
);
2415 SMP_DBG("Remote Public Key X: %32phN", smp
->remote_pk
);
2416 SMP_DBG("Remote Public Key Y: %32phN", &smp
->remote_pk
[32]);
2418 if (!ecdh_shared_secret(smp
->remote_pk
, smp
->local_sk
, smp
->dhkey
))
2419 return SMP_UNSPECIFIED
;
2421 SMP_DBG("DHKey %32phN", smp
->dhkey
);
2423 set_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
);
2425 smp
->method
= sc_select_method(smp
);
2427 BT_DBG("%s selected method 0x%02x", hdev
->name
, smp
->method
);
2429 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2430 if (smp
->method
== JUST_WORKS
|| smp
->method
== JUST_CFM
)
2431 hcon
->pending_sec_level
= BT_SECURITY_MEDIUM
;
2433 hcon
->pending_sec_level
= BT_SECURITY_FIPS
;
2435 if (!memcmp(debug_pk
, smp
->remote_pk
, 64))
2436 set_bit(SMP_FLAG_DEBUG_KEY
, &smp
->flags
);
2438 if (smp
->method
== DSP_PASSKEY
) {
2439 get_random_bytes(&hcon
->passkey_notify
,
2440 sizeof(hcon
->passkey_notify
));
2441 hcon
->passkey_notify
%= 1000000;
2442 hcon
->passkey_entered
= 0;
2443 smp
->passkey_round
= 0;
2444 if (mgmt_user_passkey_notify(hdev
, &hcon
->dst
, hcon
->type
,
2446 hcon
->passkey_notify
,
2447 hcon
->passkey_entered
))
2448 return SMP_UNSPECIFIED
;
2449 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2450 return sc_passkey_round(smp
, SMP_CMD_PUBLIC_KEY
);
2453 if (smp
->method
== REQ_OOB
) {
2454 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->remote_pk
,
2455 smp
->rr
, 0, cfm
.confirm_val
);
2457 return SMP_UNSPECIFIED
;
2459 if (memcmp(cfm
.confirm_val
, smp
->pcnf
, 16))
2460 return SMP_CONFIRM_FAILED
;
2463 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
,
2464 sizeof(smp
->prnd
), smp
->prnd
);
2466 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2472 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2474 if (smp
->method
== REQ_PASSKEY
) {
2475 if (mgmt_user_passkey_request(hdev
, &hcon
->dst
, hcon
->type
,
2477 return SMP_UNSPECIFIED
;
2478 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
2479 set_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
);
2483 /* The Initiating device waits for the non-initiating device to
2484 * send the confirm value.
2486 if (conn
->hcon
->out
)
2489 err
= smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
,
2490 0, cfm
.confirm_val
);
2492 return SMP_UNSPECIFIED
;
2494 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
2495 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
2500 static int smp_cmd_dhkey_check(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
2502 struct smp_cmd_dhkey_check
*check
= (void *) skb
->data
;
2503 struct l2cap_chan
*chan
= conn
->smp
;
2504 struct hci_conn
*hcon
= conn
->hcon
;
2505 struct smp_chan
*smp
= chan
->data
;
2506 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
2507 u8 io_cap
[3], r
[16], e
[16];
2510 BT_DBG("conn %p", conn
);
2512 if (skb
->len
< sizeof(*check
))
2513 return SMP_INVALID_PARAMS
;
2515 memcpy(a
, &hcon
->init_addr
, 6);
2516 memcpy(b
, &hcon
->resp_addr
, 6);
2517 a
[6] = hcon
->init_addr_type
;
2518 b
[6] = hcon
->resp_addr_type
;
2523 memcpy(io_cap
, &smp
->prsp
[1], 3);
2527 memcpy(io_cap
, &smp
->preq
[1], 3);
2530 memset(r
, 0, sizeof(r
));
2532 if (smp
->method
== REQ_PASSKEY
|| smp
->method
== DSP_PASSKEY
)
2533 put_unaligned_le32(hcon
->passkey_notify
, r
);
2535 err
= smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->rrnd
, smp
->prnd
, r
,
2536 io_cap
, remote_addr
, local_addr
, e
);
2538 return SMP_UNSPECIFIED
;
2540 if (memcmp(check
->e
, e
, 16))
2541 return SMP_DHKEY_CHECK_FAILED
;
2544 if (test_bit(SMP_FLAG_WAIT_USER
, &smp
->flags
)) {
2545 set_bit(SMP_FLAG_DHKEY_PENDING
, &smp
->flags
);
2549 /* Slave sends DHKey check as response to master */
2550 sc_dhkey_check(smp
);
2556 hci_le_start_enc(hcon
, 0, 0, smp
->tk
);
2557 hcon
->enc_key_size
= smp
->enc_key_size
;
2563 static int smp_cmd_keypress_notify(struct l2cap_conn
*conn
,
2564 struct sk_buff
*skb
)
2566 struct smp_cmd_keypress_notify
*kp
= (void *) skb
->data
;
2568 BT_DBG("value 0x%02x", kp
->value
);
2573 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2575 struct l2cap_conn
*conn
= chan
->conn
;
2576 struct hci_conn
*hcon
= conn
->hcon
;
2577 struct smp_chan
*smp
;
2584 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
2585 reason
= SMP_PAIRING_NOTSUPP
;
2589 code
= skb
->data
[0];
2590 skb_pull(skb
, sizeof(code
));
2594 if (code
> SMP_CMD_MAX
)
2597 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
2600 /* If we don't have a context the only allowed commands are
2601 * pairing request and security request.
2603 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
2607 case SMP_CMD_PAIRING_REQ
:
2608 reason
= smp_cmd_pairing_req(conn
, skb
);
2611 case SMP_CMD_PAIRING_FAIL
:
2612 smp_failure(conn
, 0);
2616 case SMP_CMD_PAIRING_RSP
:
2617 reason
= smp_cmd_pairing_rsp(conn
, skb
);
2620 case SMP_CMD_SECURITY_REQ
:
2621 reason
= smp_cmd_security_req(conn
, skb
);
2624 case SMP_CMD_PAIRING_CONFIRM
:
2625 reason
= smp_cmd_pairing_confirm(conn
, skb
);
2628 case SMP_CMD_PAIRING_RANDOM
:
2629 reason
= smp_cmd_pairing_random(conn
, skb
);
2632 case SMP_CMD_ENCRYPT_INFO
:
2633 reason
= smp_cmd_encrypt_info(conn
, skb
);
2636 case SMP_CMD_MASTER_IDENT
:
2637 reason
= smp_cmd_master_ident(conn
, skb
);
2640 case SMP_CMD_IDENT_INFO
:
2641 reason
= smp_cmd_ident_info(conn
, skb
);
2644 case SMP_CMD_IDENT_ADDR_INFO
:
2645 reason
= smp_cmd_ident_addr_info(conn
, skb
);
2648 case SMP_CMD_SIGN_INFO
:
2649 reason
= smp_cmd_sign_info(conn
, skb
);
2652 case SMP_CMD_PUBLIC_KEY
:
2653 reason
= smp_cmd_public_key(conn
, skb
);
2656 case SMP_CMD_DHKEY_CHECK
:
2657 reason
= smp_cmd_dhkey_check(conn
, skb
);
2660 case SMP_CMD_KEYPRESS_NOTIFY
:
2661 reason
= smp_cmd_keypress_notify(conn
, skb
);
2665 BT_DBG("Unknown command code 0x%2.2x", code
);
2666 reason
= SMP_CMD_NOTSUPP
;
2673 smp_failure(conn
, reason
);
2680 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
2686 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
2688 struct l2cap_conn
*conn
= chan
->conn
;
2690 BT_DBG("chan %p", chan
);
2693 smp_chan_destroy(conn
);
2696 l2cap_chan_put(chan
);
2699 static void bredr_pairing(struct l2cap_chan
*chan
)
2701 struct l2cap_conn
*conn
= chan
->conn
;
2702 struct hci_conn
*hcon
= conn
->hcon
;
2703 struct hci_dev
*hdev
= hcon
->hdev
;
2704 struct smp_cmd_pairing req
;
2705 struct smp_chan
*smp
;
2707 BT_DBG("chan %p", chan
);
2709 /* Only new pairings are interesting */
2710 if (!test_bit(HCI_CONN_NEW_LINK_KEY
, &hcon
->flags
))
2713 /* Don't bother if we're not encrypted */
2714 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2717 /* Only master may initiate SMP over BR/EDR */
2718 if (hcon
->role
!= HCI_ROLE_MASTER
)
2721 /* Secure Connections support must be enabled */
2722 if (!test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
2725 /* BR/EDR must use Secure Connections for SMP */
2726 if (!test_bit(HCI_CONN_AES_CCM
, &hcon
->flags
) &&
2727 !test_bit(HCI_FORCE_LESC
, &hdev
->dbg_flags
))
2730 /* If our LE support is not enabled don't do anything */
2731 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
2734 /* Don't bother if remote LE support is not enabled */
2735 if (!lmp_host_le_capable(hcon
))
2738 /* Remote must support SMP fixed chan for BR/EDR */
2739 if (!(conn
->remote_fixed_chan
& L2CAP_FC_SMP_BREDR
))
2742 /* Don't bother if SMP is already ongoing */
2746 smp
= smp_chan_create(conn
);
2748 BT_ERR("%s unable to create SMP context for BR/EDR",
2753 set_bit(SMP_FLAG_SC
, &smp
->flags
);
2755 BT_DBG("%s starting SMP over BR/EDR", hdev
->name
);
2757 /* Prepare and send the BR/EDR SMP Pairing Request */
2758 build_bredr_pairing_cmd(smp
, &req
, NULL
);
2760 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
2761 memcpy(&smp
->preq
[1], &req
, sizeof(req
));
2763 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(req
), &req
);
2764 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
2767 static void smp_resume_cb(struct l2cap_chan
*chan
)
2769 struct smp_chan
*smp
= chan
->data
;
2770 struct l2cap_conn
*conn
= chan
->conn
;
2771 struct hci_conn
*hcon
= conn
->hcon
;
2773 BT_DBG("chan %p", chan
);
2775 if (hcon
->type
== ACL_LINK
) {
2776 bredr_pairing(chan
);
2783 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2786 cancel_delayed_work(&smp
->security_timer
);
2788 smp_distribute_keys(smp
);
2791 static void smp_ready_cb(struct l2cap_chan
*chan
)
2793 struct l2cap_conn
*conn
= chan
->conn
;
2794 struct hci_conn
*hcon
= conn
->hcon
;
2796 BT_DBG("chan %p", chan
);
2799 l2cap_chan_hold(chan
);
2801 if (hcon
->type
== ACL_LINK
&& test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2802 bredr_pairing(chan
);
2805 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2809 BT_DBG("chan %p", chan
);
2811 err
= smp_sig_channel(chan
, skb
);
2813 struct smp_chan
*smp
= chan
->data
;
2816 cancel_delayed_work_sync(&smp
->security_timer
);
2818 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
2824 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
2825 unsigned long hdr_len
,
2826 unsigned long len
, int nb
)
2828 struct sk_buff
*skb
;
2830 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
2832 return ERR_PTR(-ENOMEM
);
2834 skb
->priority
= HCI_PRIO_MAX
;
2835 bt_cb(skb
)->chan
= chan
;
2840 static const struct l2cap_ops smp_chan_ops
= {
2841 .name
= "Security Manager",
2842 .ready
= smp_ready_cb
,
2843 .recv
= smp_recv_cb
,
2844 .alloc_skb
= smp_alloc_skb_cb
,
2845 .teardown
= smp_teardown_cb
,
2846 .resume
= smp_resume_cb
,
2848 .new_connection
= l2cap_chan_no_new_connection
,
2849 .state_change
= l2cap_chan_no_state_change
,
2850 .close
= l2cap_chan_no_close
,
2851 .defer
= l2cap_chan_no_defer
,
2852 .suspend
= l2cap_chan_no_suspend
,
2853 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2854 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2855 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2858 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
2860 struct l2cap_chan
*chan
;
2862 BT_DBG("pchan %p", pchan
);
2864 chan
= l2cap_chan_create();
2868 chan
->chan_type
= pchan
->chan_type
;
2869 chan
->ops
= &smp_chan_ops
;
2870 chan
->scid
= pchan
->scid
;
2871 chan
->dcid
= chan
->scid
;
2872 chan
->imtu
= pchan
->imtu
;
2873 chan
->omtu
= pchan
->omtu
;
2874 chan
->mode
= pchan
->mode
;
2876 /* Other L2CAP channels may request SMP routines in order to
2877 * change the security level. This means that the SMP channel
2878 * lock must be considered in its own category to avoid lockdep
2881 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
2883 BT_DBG("created chan %p", chan
);
2888 static const struct l2cap_ops smp_root_chan_ops
= {
2889 .name
= "Security Manager Root",
2890 .new_connection
= smp_new_conn_cb
,
2892 /* None of these are implemented for the root channel */
2893 .close
= l2cap_chan_no_close
,
2894 .alloc_skb
= l2cap_chan_no_alloc_skb
,
2895 .recv
= l2cap_chan_no_recv
,
2896 .state_change
= l2cap_chan_no_state_change
,
2897 .teardown
= l2cap_chan_no_teardown
,
2898 .ready
= l2cap_chan_no_ready
,
2899 .defer
= l2cap_chan_no_defer
,
2900 .suspend
= l2cap_chan_no_suspend
,
2901 .resume
= l2cap_chan_no_resume
,
2902 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2903 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2904 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2907 static struct l2cap_chan
*smp_add_cid(struct hci_dev
*hdev
, u16 cid
)
2909 struct l2cap_chan
*chan
;
2910 struct crypto_blkcipher
*tfm_aes
;
2912 if (cid
== L2CAP_CID_SMP_BREDR
) {
2917 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2918 if (IS_ERR(tfm_aes
)) {
2919 BT_ERR("Unable to create crypto context");
2920 return ERR_PTR(PTR_ERR(tfm_aes
));
2924 chan
= l2cap_chan_create();
2926 crypto_free_blkcipher(tfm_aes
);
2927 return ERR_PTR(-ENOMEM
);
2930 chan
->data
= tfm_aes
;
2932 l2cap_add_scid(chan
, cid
);
2934 l2cap_chan_set_defaults(chan
);
2936 bacpy(&chan
->src
, &hdev
->bdaddr
);
2937 if (cid
== L2CAP_CID_SMP
)
2938 chan
->src_type
= BDADDR_LE_PUBLIC
;
2940 chan
->src_type
= BDADDR_BREDR
;
2941 chan
->state
= BT_LISTEN
;
2942 chan
->mode
= L2CAP_MODE_BASIC
;
2943 chan
->imtu
= L2CAP_DEFAULT_MTU
;
2944 chan
->ops
= &smp_root_chan_ops
;
2946 /* Set correct nesting level for a parent/listening channel */
2947 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
2952 static void smp_del_chan(struct l2cap_chan
*chan
)
2954 struct crypto_blkcipher
*tfm_aes
;
2956 BT_DBG("chan %p", chan
);
2958 tfm_aes
= chan
->data
;
2961 crypto_free_blkcipher(tfm_aes
);
2964 l2cap_chan_put(chan
);
2967 int smp_register(struct hci_dev
*hdev
)
2969 struct l2cap_chan
*chan
;
2971 BT_DBG("%s", hdev
->name
);
2973 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP
);
2975 return PTR_ERR(chan
);
2977 hdev
->smp_data
= chan
;
2979 if (!lmp_sc_capable(hdev
) &&
2980 !test_bit(HCI_FORCE_LESC
, &hdev
->dbg_flags
))
2983 chan
= smp_add_cid(hdev
, L2CAP_CID_SMP_BREDR
);
2985 int err
= PTR_ERR(chan
);
2986 chan
= hdev
->smp_data
;
2987 hdev
->smp_data
= NULL
;
2992 hdev
->smp_bredr_data
= chan
;
2997 void smp_unregister(struct hci_dev
*hdev
)
2999 struct l2cap_chan
*chan
;
3001 if (hdev
->smp_bredr_data
) {
3002 chan
= hdev
->smp_bredr_data
;
3003 hdev
->smp_bredr_data
= NULL
;
3007 if (hdev
->smp_data
) {
3008 chan
= hdev
->smp_data
;
3009 hdev
->smp_data
= NULL
;