2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
35 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
37 /* Keys which are not distributed with Secure Connections */
38 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
40 #define SMP_TIMEOUT msecs_to_jiffies(30000)
42 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
44 #define KEY_DIST_MASK 0x07
46 /* Maximum message length that can be passed to aes_cmac */
47 #define CMAC_MSG_MAX 80
60 struct l2cap_conn
*conn
;
61 struct delayed_work security_timer
;
62 unsigned long allow_cmd
; /* Bitmask of allowed commands */
64 u8 preq
[7]; /* SMP Pairing Request */
65 u8 prsp
[7]; /* SMP Pairing Response */
66 u8 prnd
[16]; /* SMP Pairing Random (local) */
67 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
68 u8 pcnf
[16]; /* SMP Pairing Confirm */
69 u8 tk
[16]; /* SMP Temporary Key */
75 struct smp_csrk
*csrk
;
76 struct smp_csrk
*slave_csrk
;
78 struct smp_ltk
*slave_ltk
;
79 struct smp_irk
*remote_irk
;
83 /* Secure Connections variables */
90 struct crypto_blkcipher
*tfm_aes
;
91 struct crypto_hash
*tfm_cmac
;
94 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
98 for (i
= 0; i
< len
; i
++)
99 dst
[len
- 1 - i
] = src
[i
];
102 static int aes_cmac(struct crypto_hash
*tfm
, const u8 k
[16], const u8
*m
,
103 size_t len
, u8 mac
[16])
105 uint8_t tmp
[16], mac_msb
[16], msg_msb
[CMAC_MSG_MAX
];
106 struct hash_desc desc
;
107 struct scatterlist sg
;
110 if (len
> CMAC_MSG_MAX
)
114 BT_ERR("tfm %p", tfm
);
121 crypto_hash_init(&desc
);
123 /* Swap key and message from LSB to MSB */
124 swap_buf(k
, tmp
, 16);
125 swap_buf(m
, msg_msb
, len
);
127 BT_DBG("msg (len %zu) %*phN", len
, (int) len
, m
);
128 BT_DBG("key %16phN", k
);
130 err
= crypto_hash_setkey(tfm
, tmp
, 16);
132 BT_ERR("cipher setkey failed: %d", err
);
136 sg_init_one(&sg
, msg_msb
, len
);
138 err
= crypto_hash_update(&desc
, &sg
, len
);
140 BT_ERR("Hash update error %d", err
);
144 err
= crypto_hash_final(&desc
, mac_msb
);
146 BT_ERR("Hash final error %d", err
);
150 swap_buf(mac_msb
, mac
, 16);
152 BT_DBG("mac %16phN", mac
);
157 static int smp_f4(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
158 const u8 x
[16], u8 z
, u8 res
[16])
163 BT_DBG("u %32phN", u
);
164 BT_DBG("v %32phN", v
);
165 BT_DBG("x %16phN z %02x", x
, z
);
168 memcpy(m
+ 1, v
, 32);
169 memcpy(m
+ 33, u
, 32);
171 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), res
);
175 BT_DBG("res %16phN", res
);
180 static int smp_f5(struct crypto_hash
*tfm_cmac
, u8 w
[32], u8 n1
[16], u8 n2
[16],
181 u8 a1
[7], u8 a2
[7], u8 mackey
[16], u8 ltk
[16])
183 /* The btle, salt and length "magic" values are as defined in
184 * the SMP section of the Bluetooth core specification. In ASCII
185 * the btle value ends up being 'btle'. The salt is just a
186 * random number whereas length is the value 256 in little
189 const u8 btle
[4] = { 0x65, 0x6c, 0x74, 0x62 };
190 const u8 salt
[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
191 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
192 const u8 length
[2] = { 0x00, 0x01 };
196 BT_DBG("w %32phN", w
);
197 BT_DBG("n1 %16phN n2 %16phN", n1
, n2
);
198 BT_DBG("a1 %7phN a2 %7phN", a1
, a2
);
200 err
= aes_cmac(tfm_cmac
, salt
, w
, 32, t
);
204 BT_DBG("t %16phN", t
);
206 memcpy(m
, length
, 2);
207 memcpy(m
+ 2, a2
, 7);
208 memcpy(m
+ 9, a1
, 7);
209 memcpy(m
+ 16, n2
, 16);
210 memcpy(m
+ 32, n1
, 16);
211 memcpy(m
+ 48, btle
, 4);
213 m
[52] = 0; /* Counter */
215 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), mackey
);
219 BT_DBG("mackey %16phN", mackey
);
221 m
[52] = 1; /* Counter */
223 err
= aes_cmac(tfm_cmac
, t
, m
, sizeof(m
), ltk
);
227 BT_DBG("ltk %16phN", ltk
);
232 static int smp_f6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
233 const u8 n1
[16], u8 n2
[16], const u8 r
[16],
234 const u8 io_cap
[3], const u8 a1
[7], const u8 a2
[7],
240 BT_DBG("w %16phN", w
);
241 BT_DBG("n1 %16phN n2 %16phN", n1
, n2
);
242 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r
, io_cap
, a1
, a2
);
245 memcpy(m
+ 7, a1
, 7);
246 memcpy(m
+ 14, io_cap
, 3);
247 memcpy(m
+ 17, r
, 16);
248 memcpy(m
+ 33, n2
, 16);
249 memcpy(m
+ 49, n1
, 16);
251 err
= aes_cmac(tfm_cmac
, w
, m
, sizeof(m
), res
);
255 BT_DBG("res %16phN", res
);
260 static int smp_g2(struct crypto_hash
*tfm_cmac
, const u8 u
[32], const u8 v
[32],
261 const u8 x
[16], const u8 y
[16], u32
*val
)
266 BT_DBG("u %32phN", u
);
267 BT_DBG("v %32phN", v
);
268 BT_DBG("x %16phN y %16phN", x
, y
);
271 memcpy(m
+ 16, v
, 32);
272 memcpy(m
+ 48, u
, 32);
274 err
= aes_cmac(tfm_cmac
, x
, m
, sizeof(m
), tmp
);
278 *val
= get_unaligned_le32(tmp
);
281 BT_DBG("val %06u", *val
);
286 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
288 struct blkcipher_desc desc
;
289 struct scatterlist sg
;
290 uint8_t tmp
[16], data
[16];
294 BT_ERR("tfm %p", tfm
);
301 /* The most significant octet of key corresponds to k[0] */
302 swap_buf(k
, tmp
, 16);
304 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
306 BT_ERR("cipher setkey failed: %d", err
);
310 /* Most significant octet of plaintextData corresponds to data[0] */
311 swap_buf(r
, data
, 16);
313 sg_init_one(&sg
, data
, 16);
315 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
317 BT_ERR("Encrypt data error %d", err
);
319 /* Most significant octet of encryptedData corresponds to data[0] */
320 swap_buf(data
, r
, 16);
325 static int smp_h6(struct crypto_hash
*tfm_cmac
, const u8 w
[16],
326 const u8 key_id
[4], u8 res
[16])
330 BT_DBG("w %16phN key_id %4phN", w
, key_id
);
332 err
= aes_cmac(tfm_cmac
, w
, key_id
, 4, res
);
336 BT_DBG("res %16phN", res
);
341 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
346 /* r' = padding || r */
348 memset(_res
+ 3, 0, 13);
350 err
= smp_e(tfm
, irk
, _res
);
352 BT_ERR("Encrypt error");
356 /* The output of the random address function ah is:
357 * ah(h, r) = e(k, r') mod 2^24
358 * The output of the security function e is then truncated to 24 bits
359 * by taking the least significant 24 bits of the output of e as the
362 memcpy(res
, _res
, 3);
367 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
369 struct l2cap_chan
*chan
= hdev
->smp_data
;
370 struct crypto_blkcipher
*tfm
;
374 if (!chan
|| !chan
->data
)
379 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
381 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
385 return !memcmp(bdaddr
->b
, hash
, 3);
388 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
390 struct l2cap_chan
*chan
= hdev
->smp_data
;
391 struct crypto_blkcipher
*tfm
;
394 if (!chan
|| !chan
->data
)
399 get_random_bytes(&rpa
->b
[3], 3);
401 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
402 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
404 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
408 BT_DBG("RPA %pMR", rpa
);
413 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
414 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
415 bdaddr_t
*ra
, u8 res
[16])
422 /* p1 = pres || preq || _rat || _iat */
425 memcpy(p1
+ 2, preq
, 7);
426 memcpy(p1
+ 9, pres
, 7);
428 /* p2 = padding || ia || ra */
430 memcpy(p2
+ 6, ia
, 6);
431 memset(p2
+ 12, 0, 4);
434 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
436 /* res = e(k, res) */
437 err
= smp_e(tfm_aes
, k
, res
);
439 BT_ERR("Encrypt data error");
443 /* res = res XOR p2 */
444 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
446 /* res = e(k, res) */
447 err
= smp_e(tfm_aes
, k
, res
);
449 BT_ERR("Encrypt data error");
454 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
455 u8 r2
[16], u8 _r
[16])
459 /* Just least significant octets from r1 and r2 are considered */
461 memcpy(_r
+ 8, r1
, 8);
463 err
= smp_e(tfm_aes
, k
, _r
);
465 BT_ERR("Encrypt data error");
470 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
472 struct l2cap_chan
*chan
= conn
->smp
;
473 struct smp_chan
*smp
;
480 BT_DBG("code 0x%2.2x", code
);
482 iv
[0].iov_base
= &code
;
485 iv
[1].iov_base
= data
;
488 memset(&msg
, 0, sizeof(msg
));
490 msg
.msg_iov
= (struct iovec
*) &iv
;
493 l2cap_chan_send(chan
, &msg
, 1 + len
);
500 cancel_delayed_work_sync(&smp
->security_timer
);
501 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
504 static u8
authreq_to_seclevel(u8 authreq
)
506 if (authreq
& SMP_AUTH_MITM
) {
507 if (authreq
& SMP_AUTH_SC
)
508 return BT_SECURITY_FIPS
;
510 return BT_SECURITY_HIGH
;
512 return BT_SECURITY_MEDIUM
;
516 static __u8
seclevel_to_authreq(__u8 sec_level
)
519 case BT_SECURITY_FIPS
:
520 case BT_SECURITY_HIGH
:
521 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
522 case BT_SECURITY_MEDIUM
:
523 return SMP_AUTH_BONDING
;
525 return SMP_AUTH_NONE
;
529 static void build_pairing_cmd(struct l2cap_conn
*conn
,
530 struct smp_cmd_pairing
*req
,
531 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
533 struct l2cap_chan
*chan
= conn
->smp
;
534 struct smp_chan
*smp
= chan
->data
;
535 struct hci_conn
*hcon
= conn
->hcon
;
536 struct hci_dev
*hdev
= hcon
->hdev
;
537 u8 local_dist
= 0, remote_dist
= 0;
539 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
540 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
541 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
542 authreq
|= SMP_AUTH_BONDING
;
544 authreq
&= ~SMP_AUTH_BONDING
;
547 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
548 remote_dist
|= SMP_DIST_ID_KEY
;
550 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
551 local_dist
|= SMP_DIST_ID_KEY
;
553 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
)) {
554 if ((authreq
& SMP_AUTH_SC
) &&
555 test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
556 local_dist
|= SMP_DIST_LINK_KEY
;
557 remote_dist
|= SMP_DIST_LINK_KEY
;
560 authreq
&= ~SMP_AUTH_SC
;
564 req
->io_capability
= conn
->hcon
->io_capability
;
565 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
566 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
567 req
->init_key_dist
= local_dist
;
568 req
->resp_key_dist
= remote_dist
;
569 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
571 smp
->remote_key_dist
= remote_dist
;
575 rsp
->io_capability
= conn
->hcon
->io_capability
;
576 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
577 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
578 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
579 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
580 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
582 smp
->remote_key_dist
= rsp
->init_key_dist
;
585 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
587 struct l2cap_chan
*chan
= conn
->smp
;
588 struct smp_chan
*smp
= chan
->data
;
590 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
591 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
592 return SMP_ENC_KEY_SIZE
;
594 smp
->enc_key_size
= max_key_size
;
599 static void smp_chan_destroy(struct l2cap_conn
*conn
)
601 struct l2cap_chan
*chan
= conn
->smp
;
602 struct smp_chan
*smp
= chan
->data
;
607 cancel_delayed_work_sync(&smp
->security_timer
);
609 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
610 mgmt_smp_complete(conn
->hcon
, complete
);
613 kfree(smp
->slave_csrk
);
614 kfree(smp
->link_key
);
616 crypto_free_blkcipher(smp
->tfm_aes
);
617 crypto_free_hash(smp
->tfm_cmac
);
619 /* If pairing failed clean up any keys we might have */
622 list_del_rcu(&smp
->ltk
->list
);
623 kfree_rcu(smp
->ltk
, rcu
);
626 if (smp
->slave_ltk
) {
627 list_del_rcu(&smp
->slave_ltk
->list
);
628 kfree_rcu(smp
->slave_ltk
, rcu
);
631 if (smp
->remote_irk
) {
632 list_del_rcu(&smp
->remote_irk
->list
);
633 kfree_rcu(smp
->remote_irk
, rcu
);
639 hci_conn_drop(conn
->hcon
);
642 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
644 struct hci_conn
*hcon
= conn
->hcon
;
645 struct l2cap_chan
*chan
= conn
->smp
;
648 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
651 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
652 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
655 smp_chan_destroy(conn
);
658 #define JUST_WORKS 0x00
659 #define JUST_CFM 0x01
660 #define REQ_PASSKEY 0x02
661 #define CFM_PASSKEY 0x03
665 static const u8 gen_method
[5][5] = {
666 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
667 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
668 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
669 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
670 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
673 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
675 /* If either side has unknown io_caps, use JUST_CFM (which gets
676 * converted later to JUST_WORKS if we're initiators.
678 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
679 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
682 return gen_method
[remote_io
][local_io
];
685 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
686 u8 local_io
, u8 remote_io
)
688 struct hci_conn
*hcon
= conn
->hcon
;
689 struct l2cap_chan
*chan
= conn
->smp
;
690 struct smp_chan
*smp
= chan
->data
;
695 /* Initialize key for JUST WORKS */
696 memset(smp
->tk
, 0, sizeof(smp
->tk
));
697 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
699 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
701 /* If neither side wants MITM, either "just" confirm an incoming
702 * request or use just-works for outgoing ones. The JUST_CFM
703 * will be converted to JUST_WORKS if necessary later in this
704 * function. If either side has MITM look up the method from the
707 if (!(auth
& SMP_AUTH_MITM
))
710 method
= get_auth_method(smp
, local_io
, remote_io
);
712 /* Don't confirm locally initiated pairing attempts */
713 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
716 /* Don't bother user space with no IO capabilities */
717 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
720 /* If Just Works, Continue with Zero TK */
721 if (method
== JUST_WORKS
) {
722 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
726 /* Not Just Works/Confirm results in MITM Authentication */
727 if (method
!= JUST_CFM
) {
728 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
729 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
730 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
733 /* If both devices have Keyoard-Display I/O, the master
734 * Confirms and the slave Enters the passkey.
736 if (method
== OVERLAP
) {
737 if (hcon
->role
== HCI_ROLE_MASTER
)
738 method
= CFM_PASSKEY
;
740 method
= REQ_PASSKEY
;
743 /* Generate random passkey. */
744 if (method
== CFM_PASSKEY
) {
745 memset(smp
->tk
, 0, sizeof(smp
->tk
));
746 get_random_bytes(&passkey
, sizeof(passkey
));
748 put_unaligned_le32(passkey
, smp
->tk
);
749 BT_DBG("PassKey: %d", passkey
);
750 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
753 if (method
== REQ_PASSKEY
)
754 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
755 hcon
->type
, hcon
->dst_type
);
756 else if (method
== JUST_CFM
)
757 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
758 hcon
->type
, hcon
->dst_type
,
761 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
762 hcon
->type
, hcon
->dst_type
,
768 static u8
smp_confirm(struct smp_chan
*smp
)
770 struct l2cap_conn
*conn
= smp
->conn
;
771 struct smp_cmd_pairing_confirm cp
;
774 BT_DBG("conn %p", conn
);
776 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
777 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
778 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
781 return SMP_UNSPECIFIED
;
783 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
785 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
788 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
790 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
795 static u8
smp_random(struct smp_chan
*smp
)
797 struct l2cap_conn
*conn
= smp
->conn
;
798 struct hci_conn
*hcon
= conn
->hcon
;
802 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
803 return SMP_UNSPECIFIED
;
805 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
807 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
808 hcon
->init_addr_type
, &hcon
->init_addr
,
809 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
811 return SMP_UNSPECIFIED
;
813 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
814 BT_ERR("Pairing failed (confirmation values mismatch)");
815 return SMP_CONFIRM_FAILED
;
823 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
825 memset(stk
+ smp
->enc_key_size
, 0,
826 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
828 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
829 return SMP_UNSPECIFIED
;
831 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
832 hcon
->enc_key_size
= smp
->enc_key_size
;
833 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
839 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
842 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
844 memset(stk
+ smp
->enc_key_size
, 0,
845 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
847 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
852 /* Even though there's no _SLAVE suffix this is the
853 * slave STK we're adding for later lookup (the master
854 * STK never needs to be stored).
856 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
857 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
863 static void smp_notify_keys(struct l2cap_conn
*conn
)
865 struct l2cap_chan
*chan
= conn
->smp
;
866 struct smp_chan
*smp
= chan
->data
;
867 struct hci_conn
*hcon
= conn
->hcon
;
868 struct hci_dev
*hdev
= hcon
->hdev
;
869 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
870 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
873 if (smp
->remote_irk
) {
874 mgmt_new_irk(hdev
, smp
->remote_irk
);
875 /* Now that user space can be considered to know the
876 * identity address track the connection based on it
879 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
880 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
881 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
883 /* When receiving an indentity resolving key for
884 * a remote device that does not use a resolvable
885 * private address, just remove the key so that
886 * it is possible to use the controller white
889 * Userspace will have been told to not store
890 * this key at this point. So it is safe to
893 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
894 list_del_rcu(&smp
->remote_irk
->list
);
895 kfree_rcu(smp
->remote_irk
, rcu
);
896 smp
->remote_irk
= NULL
;
900 /* The LTKs and CSRKs should be persistent only if both sides
901 * had the bonding bit set in their authentication requests.
903 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
906 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
907 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
908 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
911 if (smp
->slave_csrk
) {
912 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
913 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
914 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
918 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
919 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
920 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
923 if (smp
->slave_ltk
) {
924 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
925 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
926 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
930 hci_add_link_key(hdev
, smp
->conn
->hcon
, &hcon
->dst
,
931 smp
->link_key
, HCI_LK_AUTH_COMBINATION_P256
,
936 static void sc_generate_link_key(struct smp_chan
*smp
)
938 /* These constants are as specified in the core specification.
939 * In ASCII they spell out to 'tmp1' and 'lebr'.
941 const u8 tmp1
[4] = { 0x31, 0x70, 0x6d, 0x74 };
942 const u8 lebr
[4] = { 0x72, 0x62, 0x65, 0x6c };
944 smp
->link_key
= kzalloc(16, GFP_KERNEL
);
948 if (smp_h6(smp
->tfm_cmac
, smp
->tk
, tmp1
, smp
->link_key
)) {
949 kfree(smp
->link_key
);
950 smp
->link_key
= NULL
;
954 if (smp_h6(smp
->tfm_cmac
, smp
->link_key
, lebr
, smp
->link_key
)) {
955 kfree(smp
->link_key
);
956 smp
->link_key
= NULL
;
961 static void smp_allow_key_dist(struct smp_chan
*smp
)
963 /* Allow the first expected phase 3 PDU. The rest of the PDUs
964 * will be allowed in each PDU handler to ensure we receive
965 * them in the correct order.
967 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
968 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
969 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
970 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
971 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
972 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
975 static void smp_distribute_keys(struct smp_chan
*smp
)
977 struct smp_cmd_pairing
*req
, *rsp
;
978 struct l2cap_conn
*conn
= smp
->conn
;
979 struct hci_conn
*hcon
= conn
->hcon
;
980 struct hci_dev
*hdev
= hcon
->hdev
;
983 BT_DBG("conn %p", conn
);
985 rsp
= (void *) &smp
->prsp
[1];
987 /* The responder sends its keys first */
988 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
989 smp_allow_key_dist(smp
);
993 req
= (void *) &smp
->preq
[1];
996 keydist
= &rsp
->init_key_dist
;
997 *keydist
&= req
->init_key_dist
;
999 keydist
= &rsp
->resp_key_dist
;
1000 *keydist
&= req
->resp_key_dist
;
1003 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1004 if (*keydist
& SMP_DIST_LINK_KEY
)
1005 sc_generate_link_key(smp
);
1007 /* Clear the keys which are generated but not distributed */
1008 *keydist
&= ~SMP_SC_NO_DIST
;
1011 BT_DBG("keydist 0x%x", *keydist
);
1013 if (*keydist
& SMP_DIST_ENC_KEY
) {
1014 struct smp_cmd_encrypt_info enc
;
1015 struct smp_cmd_master_ident ident
;
1016 struct smp_ltk
*ltk
;
1021 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1022 get_random_bytes(&ediv
, sizeof(ediv
));
1023 get_random_bytes(&rand
, sizeof(rand
));
1025 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1027 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1028 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1029 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1030 smp
->enc_key_size
, ediv
, rand
);
1031 smp
->slave_ltk
= ltk
;
1036 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1038 *keydist
&= ~SMP_DIST_ENC_KEY
;
1041 if (*keydist
& SMP_DIST_ID_KEY
) {
1042 struct smp_cmd_ident_addr_info addrinfo
;
1043 struct smp_cmd_ident_info idinfo
;
1045 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1047 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1049 /* The hci_conn contains the local identity address
1050 * after the connection has been established.
1052 * This is true even when the connection has been
1053 * established using a resolvable random address.
1055 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1056 addrinfo
.addr_type
= hcon
->src_type
;
1058 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1061 *keydist
&= ~SMP_DIST_ID_KEY
;
1064 if (*keydist
& SMP_DIST_SIGN
) {
1065 struct smp_cmd_sign_info sign
;
1066 struct smp_csrk
*csrk
;
1068 /* Generate a new random key */
1069 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1071 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1073 csrk
->master
= 0x00;
1074 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1076 smp
->slave_csrk
= csrk
;
1078 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1080 *keydist
&= ~SMP_DIST_SIGN
;
1083 /* If there are still keys to be received wait for them */
1084 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
1085 smp_allow_key_dist(smp
);
1089 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1090 smp_notify_keys(conn
);
1092 smp_chan_destroy(conn
);
1095 static void smp_timeout(struct work_struct
*work
)
1097 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
1098 security_timer
.work
);
1099 struct l2cap_conn
*conn
= smp
->conn
;
1101 BT_DBG("conn %p", conn
);
1103 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
1106 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
1108 struct l2cap_chan
*chan
= conn
->smp
;
1109 struct smp_chan
*smp
;
1111 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
1115 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1116 if (IS_ERR(smp
->tfm_aes
)) {
1117 BT_ERR("Unable to create ECB crypto context");
1122 smp
->tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
1123 if (IS_ERR(smp
->tfm_cmac
)) {
1124 BT_ERR("Unable to create CMAC crypto context");
1125 crypto_free_blkcipher(smp
->tfm_aes
);
1133 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
1135 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
1137 hci_conn_hold(conn
->hcon
);
1142 static int sc_mackey_and_ltk(struct smp_chan
*smp
, u8 mackey
[16], u8 ltk
[16])
1144 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1145 u8
*na
, *nb
, a
[7], b
[7];
1155 memcpy(a
, &hcon
->init_addr
, 6);
1156 memcpy(b
, &hcon
->resp_addr
, 6);
1157 a
[6] = hcon
->init_addr_type
;
1158 b
[6] = hcon
->resp_addr_type
;
1160 return smp_f5(smp
->tfm_cmac
, smp
->dhkey
, na
, nb
, a
, b
, mackey
, ltk
);
1163 static int sc_user_reply(struct smp_chan
*smp
, u16 mgmt_op
, __le32 passkey
)
1165 struct hci_conn
*hcon
= smp
->conn
->hcon
;
1166 struct smp_cmd_dhkey_check check
;
1167 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
1168 u8 io_cap
[3], r
[16];
1171 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1172 smp_failure(smp
->conn
, SMP_PASSKEY_ENTRY_FAILED
);
1174 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1175 smp_failure(smp
->conn
, SMP_NUMERIC_COMP_FAILED
);
1179 memcpy(a
, &hcon
->init_addr
, 6);
1180 memcpy(b
, &hcon
->resp_addr
, 6);
1181 a
[6] = hcon
->init_addr_type
;
1182 b
[6] = hcon
->resp_addr_type
;
1187 memcpy(io_cap
, &smp
->preq
[1], 3);
1191 memcpy(io_cap
, &smp
->prsp
[1], 3);
1194 memcpy(r
, &passkey
, sizeof(passkey
));
1195 memset(r
+ sizeof(passkey
), 0, sizeof(r
) - sizeof(passkey
));
1197 smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->prnd
, smp
->rrnd
, r
, io_cap
,
1198 local_addr
, remote_addr
, check
.e
);
1200 smp_send_cmd(smp
->conn
, SMP_CMD_DHKEY_CHECK
, sizeof(check
), &check
);
1205 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
1207 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1208 struct l2cap_chan
*chan
;
1209 struct smp_chan
*smp
;
1222 l2cap_chan_lock(chan
);
1230 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1231 err
= sc_user_reply(smp
, mgmt_op
, passkey
);
1236 case MGMT_OP_USER_PASSKEY_REPLY
:
1237 value
= le32_to_cpu(passkey
);
1238 memset(smp
->tk
, 0, sizeof(smp
->tk
));
1239 BT_DBG("PassKey: %d", value
);
1240 put_unaligned_le32(value
, smp
->tk
);
1242 case MGMT_OP_USER_CONFIRM_REPLY
:
1243 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
1245 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
1246 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
1247 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1251 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
1258 /* If it is our turn to send Pairing Confirm, do so now */
1259 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
1260 u8 rsp
= smp_confirm(smp
);
1262 smp_failure(conn
, rsp
);
1266 l2cap_chan_unlock(chan
);
1270 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1272 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
1273 struct l2cap_chan
*chan
= conn
->smp
;
1274 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1275 struct smp_chan
*smp
;
1276 u8 key_size
, auth
, sec_level
;
1279 BT_DBG("conn %p", conn
);
1281 if (skb
->len
< sizeof(*req
))
1282 return SMP_INVALID_PARAMS
;
1284 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
1285 return SMP_CMD_NOTSUPP
;
1288 smp
= smp_chan_create(conn
);
1293 return SMP_UNSPECIFIED
;
1295 /* We didn't start the pairing, so match remote */
1296 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
1298 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
1299 (auth
& SMP_AUTH_BONDING
))
1300 return SMP_PAIRING_NOTSUPP
;
1302 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1303 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
1304 skb_pull(skb
, sizeof(*req
));
1306 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1307 sec_level
= BT_SECURITY_MEDIUM
;
1309 sec_level
= authreq_to_seclevel(auth
);
1311 if (sec_level
> conn
->hcon
->pending_sec_level
)
1312 conn
->hcon
->pending_sec_level
= sec_level
;
1314 /* If we need MITM check that it can be achieved */
1315 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1318 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
1319 req
->io_capability
);
1320 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1321 return SMP_AUTH_REQUIREMENTS
;
1324 build_pairing_cmd(conn
, req
, &rsp
, auth
);
1326 if (rsp
.auth_req
& SMP_AUTH_SC
)
1327 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1329 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1330 if (check_enc_key_size(conn
, key_size
))
1331 return SMP_ENC_KEY_SIZE
;
1333 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1335 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1336 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1338 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1340 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1342 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1343 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1344 /* Clear bits which are generated but not distributed */
1345 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1346 /* Wait for Public Key from Initiating Device */
1349 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1352 /* Request setup of TK */
1353 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1355 return SMP_UNSPECIFIED
;
1360 static u8
sc_send_public_key(struct smp_chan
*smp
)
1364 /* Generate local key pair for Secure Connections */
1365 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
1366 return SMP_UNSPECIFIED
;
1368 BT_DBG("Local Public Key X: %32phN", smp
->local_pk
);
1369 BT_DBG("Local Public Key Y: %32phN", &smp
->local_pk
[32]);
1370 BT_DBG("Local Private Key: %32phN", smp
->local_sk
);
1372 smp_send_cmd(smp
->conn
, SMP_CMD_PUBLIC_KEY
, 64, smp
->local_pk
);
1377 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1379 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1380 struct l2cap_chan
*chan
= conn
->smp
;
1381 struct smp_chan
*smp
= chan
->data
;
1382 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1386 BT_DBG("conn %p", conn
);
1388 if (skb
->len
< sizeof(*rsp
))
1389 return SMP_INVALID_PARAMS
;
1391 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1392 return SMP_CMD_NOTSUPP
;
1394 skb_pull(skb
, sizeof(*rsp
));
1396 req
= (void *) &smp
->preq
[1];
1398 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1399 if (check_enc_key_size(conn
, key_size
))
1400 return SMP_ENC_KEY_SIZE
;
1402 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1404 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1405 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1406 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1407 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1409 /* If we need MITM check that it can be achieved */
1410 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1413 method
= get_auth_method(smp
, req
->io_capability
,
1414 rsp
->io_capability
);
1415 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1416 return SMP_AUTH_REQUIREMENTS
;
1419 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1421 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1422 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1424 /* Update remote key distribution in case the remote cleared
1425 * some bits that we had enabled in our request.
1427 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1429 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1430 /* Clear bits which are generated but not distributed */
1431 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1432 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1433 return sc_send_public_key(smp
);
1436 auth
|= req
->auth_req
;
1438 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1440 return SMP_UNSPECIFIED
;
1442 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1444 /* Can't compose response until we have been confirmed */
1445 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1446 return smp_confirm(smp
);
1451 static u8
sc_check_confirm(struct smp_chan
*smp
)
1453 struct l2cap_conn
*conn
= smp
->conn
;
1457 /* Public Key exchange must happen before any other steps */
1458 if (!test_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
))
1459 return SMP_UNSPECIFIED
;
1461 if (conn
->hcon
->out
) {
1462 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1464 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1470 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1472 struct l2cap_chan
*chan
= conn
->smp
;
1473 struct smp_chan
*smp
= chan
->data
;
1475 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1477 if (skb
->len
< sizeof(smp
->pcnf
))
1478 return SMP_INVALID_PARAMS
;
1480 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1481 skb_pull(skb
, sizeof(smp
->pcnf
));
1483 if (test_bit(SMP_FLAG_SC
, &smp
->flags
))
1484 return sc_check_confirm(smp
);
1486 if (conn
->hcon
->out
) {
1487 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1489 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1493 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1494 return smp_confirm(smp
);
1496 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1501 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1503 struct l2cap_chan
*chan
= conn
->smp
;
1504 struct smp_chan
*smp
= chan
->data
;
1505 struct hci_conn
*hcon
= conn
->hcon
;
1506 u8
*pkax
, *pkbx
, *na
, *nb
;
1510 BT_DBG("conn %p", conn
);
1512 if (skb
->len
< sizeof(smp
->rrnd
))
1513 return SMP_INVALID_PARAMS
;
1515 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1516 skb_pull(skb
, sizeof(smp
->rrnd
));
1518 if (!test_bit(SMP_FLAG_SC
, &smp
->flags
))
1519 return smp_random(smp
);
1524 err
= smp_f4(smp
->tfm_cmac
, smp
->remote_pk
, smp
->local_pk
,
1527 return SMP_UNSPECIFIED
;
1529 if (memcmp(smp
->pcnf
, cfm
, 16))
1530 return SMP_CONFIRM_FAILED
;
1532 pkax
= smp
->local_pk
;
1533 pkbx
= smp
->remote_pk
;
1537 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1539 SMP_ALLOW_CMD(smp
, SMP_CMD_DHKEY_CHECK
);
1541 pkax
= smp
->remote_pk
;
1542 pkbx
= smp
->local_pk
;
1547 /* Generate MacKey and LTK */
1548 err
= sc_mackey_and_ltk(smp
, smp
->mackey
, smp
->tk
);
1550 return SMP_UNSPECIFIED
;
1552 err
= smp_g2(smp
->tfm_cmac
, pkax
, pkbx
, na
, nb
, &passkey
);
1554 return SMP_UNSPECIFIED
;
1556 err
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
1557 hcon
->type
, hcon
->dst_type
,
1560 return SMP_UNSPECIFIED
;
1565 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1567 struct smp_ltk
*key
;
1568 struct hci_conn
*hcon
= conn
->hcon
;
1570 key
= hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
);
1574 if (smp_ltk_sec_level(key
) < sec_level
)
1577 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1580 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1581 hcon
->enc_key_size
= key
->enc_size
;
1583 /* We never store STKs for master role, so clear this flag */
1584 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1589 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
1590 enum smp_key_pref key_pref
)
1592 if (sec_level
== BT_SECURITY_LOW
)
1595 /* If we're encrypted with an STK but the caller prefers using
1596 * LTK claim insufficient security. This way we allow the
1597 * connection to be re-encrypted with an LTK, even if the LTK
1598 * provides the same level of security. Only exception is if we
1599 * don't have an LTK (e.g. because of key distribution bits).
1601 if (key_pref
== SMP_USE_LTK
&&
1602 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1603 hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
))
1606 if (hcon
->sec_level
>= sec_level
)
1612 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1614 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1615 struct smp_cmd_pairing cp
;
1616 struct hci_conn
*hcon
= conn
->hcon
;
1617 struct hci_dev
*hdev
= hcon
->hdev
;
1618 struct smp_chan
*smp
;
1621 BT_DBG("conn %p", conn
);
1623 if (skb
->len
< sizeof(*rp
))
1624 return SMP_INVALID_PARAMS
;
1626 if (hcon
->role
!= HCI_ROLE_MASTER
)
1627 return SMP_CMD_NOTSUPP
;
1629 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
1631 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1632 sec_level
= BT_SECURITY_MEDIUM
;
1634 sec_level
= authreq_to_seclevel(auth
);
1636 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1639 if (sec_level
> hcon
->pending_sec_level
)
1640 hcon
->pending_sec_level
= sec_level
;
1642 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1645 smp
= smp_chan_create(conn
);
1647 return SMP_UNSPECIFIED
;
1649 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1650 (auth
& SMP_AUTH_BONDING
))
1651 return SMP_PAIRING_NOTSUPP
;
1653 skb_pull(skb
, sizeof(*rp
));
1655 memset(&cp
, 0, sizeof(cp
));
1656 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1658 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1659 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1661 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1662 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1667 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1669 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1670 struct l2cap_chan
*chan
;
1671 struct smp_chan
*smp
;
1675 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1677 /* This may be NULL if there's an unexpected disconnection */
1683 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1686 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1689 if (sec_level
> hcon
->pending_sec_level
)
1690 hcon
->pending_sec_level
= sec_level
;
1692 if (hcon
->role
== HCI_ROLE_MASTER
)
1693 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1696 l2cap_chan_lock(chan
);
1698 /* If SMP is already in progress ignore this request */
1704 smp
= smp_chan_create(conn
);
1710 authreq
= seclevel_to_authreq(sec_level
);
1712 if (test_bit(HCI_SC_ENABLED
, &hcon
->hdev
->dev_flags
))
1713 authreq
|= SMP_AUTH_SC
;
1715 /* Require MITM if IO Capability allows or the security level
1718 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1719 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1720 authreq
|= SMP_AUTH_MITM
;
1722 if (hcon
->role
== HCI_ROLE_MASTER
) {
1723 struct smp_cmd_pairing cp
;
1725 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1726 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1727 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1729 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1730 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1732 struct smp_cmd_security_req cp
;
1733 cp
.auth_req
= authreq
;
1734 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1735 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1738 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1742 l2cap_chan_unlock(chan
);
1746 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1748 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1749 struct l2cap_chan
*chan
= conn
->smp
;
1750 struct smp_chan
*smp
= chan
->data
;
1752 BT_DBG("conn %p", conn
);
1754 if (skb
->len
< sizeof(*rp
))
1755 return SMP_INVALID_PARAMS
;
1757 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1759 skb_pull(skb
, sizeof(*rp
));
1761 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1766 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1768 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1769 struct l2cap_chan
*chan
= conn
->smp
;
1770 struct smp_chan
*smp
= chan
->data
;
1771 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1772 struct hci_conn
*hcon
= conn
->hcon
;
1773 struct smp_ltk
*ltk
;
1776 BT_DBG("conn %p", conn
);
1778 if (skb
->len
< sizeof(*rp
))
1779 return SMP_INVALID_PARAMS
;
1781 /* Mark the information as received */
1782 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1784 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1785 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1786 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1787 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1789 skb_pull(skb
, sizeof(*rp
));
1791 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1792 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1793 authenticated
, smp
->tk
, smp
->enc_key_size
,
1794 rp
->ediv
, rp
->rand
);
1796 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1797 smp_distribute_keys(smp
);
1802 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1804 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1805 struct l2cap_chan
*chan
= conn
->smp
;
1806 struct smp_chan
*smp
= chan
->data
;
1810 if (skb
->len
< sizeof(*info
))
1811 return SMP_INVALID_PARAMS
;
1813 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1815 skb_pull(skb
, sizeof(*info
));
1817 memcpy(smp
->irk
, info
->irk
, 16);
1822 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1823 struct sk_buff
*skb
)
1825 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1826 struct l2cap_chan
*chan
= conn
->smp
;
1827 struct smp_chan
*smp
= chan
->data
;
1828 struct hci_conn
*hcon
= conn
->hcon
;
1833 if (skb
->len
< sizeof(*info
))
1834 return SMP_INVALID_PARAMS
;
1836 /* Mark the information as received */
1837 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1839 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1840 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1842 skb_pull(skb
, sizeof(*info
));
1844 /* Strictly speaking the Core Specification (4.1) allows sending
1845 * an empty address which would force us to rely on just the IRK
1846 * as "identity information". However, since such
1847 * implementations are not known of and in order to not over
1848 * complicate our implementation, simply pretend that we never
1849 * received an IRK for such a device.
1851 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1852 BT_ERR("Ignoring IRK with no identity address");
1856 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1857 smp
->id_addr_type
= info
->addr_type
;
1859 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1860 bacpy(&rpa
, &hcon
->dst
);
1862 bacpy(&rpa
, BDADDR_ANY
);
1864 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1865 smp
->id_addr_type
, smp
->irk
, &rpa
);
1868 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1869 smp_distribute_keys(smp
);
1874 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1876 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1877 struct l2cap_chan
*chan
= conn
->smp
;
1878 struct smp_chan
*smp
= chan
->data
;
1879 struct smp_csrk
*csrk
;
1881 BT_DBG("conn %p", conn
);
1883 if (skb
->len
< sizeof(*rp
))
1884 return SMP_INVALID_PARAMS
;
1886 /* Mark the information as received */
1887 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1889 skb_pull(skb
, sizeof(*rp
));
1891 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1893 csrk
->master
= 0x01;
1894 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1897 smp_distribute_keys(smp
);
1902 static int smp_cmd_public_key(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1904 struct smp_cmd_public_key
*key
= (void *) skb
->data
;
1905 struct hci_conn
*hcon
= conn
->hcon
;
1906 struct l2cap_chan
*chan
= conn
->smp
;
1907 struct smp_chan
*smp
= chan
->data
;
1908 struct smp_cmd_pairing_confirm cfm
;
1911 BT_DBG("conn %p", conn
);
1913 if (skb
->len
< sizeof(*key
))
1914 return SMP_INVALID_PARAMS
;
1916 memcpy(smp
->remote_pk
, key
, 64);
1918 /* Non-initiating device sends its public key after receiving
1919 * the key from the initiating device.
1922 err
= sc_send_public_key(smp
);
1927 BT_DBG("Remote Public Key X: %32phN", smp
->remote_pk
);
1928 BT_DBG("Remote Public Key Y: %32phN", &smp
->remote_pk
[32]);
1930 if (!ecdh_shared_secret(smp
->remote_pk
, smp
->local_sk
, smp
->dhkey
))
1931 return SMP_UNSPECIFIED
;
1933 BT_DBG("DHKey %32phN", smp
->dhkey
);
1935 set_bit(SMP_FLAG_REMOTE_PK
, &smp
->flags
);
1937 /* The Initiating device waits for the non-initiating device to
1938 * send the confirm value.
1940 if (conn
->hcon
->out
)
1943 err
= smp_f4(smp
->tfm_cmac
, smp
->local_pk
, smp
->remote_pk
, smp
->prnd
,
1944 0, cfm
.confirm_val
);
1946 return SMP_UNSPECIFIED
;
1948 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cfm
), &cfm
);
1949 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1954 static int smp_cmd_dhkey_check(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1956 struct smp_cmd_dhkey_check
*check
= (void *) skb
->data
;
1957 struct l2cap_chan
*chan
= conn
->smp
;
1958 struct hci_conn
*hcon
= conn
->hcon
;
1959 struct smp_chan
*smp
= chan
->data
;
1960 u8 a
[7], b
[7], *local_addr
, *remote_addr
;
1961 u8 io_cap
[3], r
[16], e
[16];
1964 BT_DBG("conn %p", conn
);
1966 if (skb
->len
< sizeof(*check
))
1967 return SMP_INVALID_PARAMS
;
1969 memcpy(a
, &hcon
->init_addr
, 6);
1970 memcpy(b
, &hcon
->resp_addr
, 6);
1971 a
[6] = hcon
->init_addr_type
;
1972 b
[6] = hcon
->resp_addr_type
;
1977 memcpy(io_cap
, &smp
->prsp
[1], 3);
1981 memcpy(io_cap
, &smp
->preq
[1], 3);
1984 memset(r
, 0, sizeof(r
));
1986 err
= smp_f6(smp
->tfm_cmac
, smp
->mackey
, smp
->rrnd
, smp
->prnd
, r
,
1987 io_cap
, remote_addr
, local_addr
, e
);
1989 return SMP_UNSPECIFIED
;
1991 if (memcmp(check
->e
, e
, 16))
1992 return SMP_DHKEY_CHECK_FAILED
;
1994 smp
->ltk
= hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1995 SMP_LTK_P256
, 0, smp
->tk
, smp
->enc_key_size
,
1999 hci_le_start_enc(hcon
, 0, 0, smp
->tk
);
2000 hcon
->enc_key_size
= smp
->enc_key_size
;
2006 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2008 struct l2cap_conn
*conn
= chan
->conn
;
2009 struct hci_conn
*hcon
= conn
->hcon
;
2010 struct smp_chan
*smp
;
2014 if (hcon
->type
!= LE_LINK
) {
2022 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
2023 reason
= SMP_PAIRING_NOTSUPP
;
2027 code
= skb
->data
[0];
2028 skb_pull(skb
, sizeof(code
));
2032 if (code
> SMP_CMD_MAX
)
2035 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
2038 /* If we don't have a context the only allowed commands are
2039 * pairing request and security request.
2041 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
2045 case SMP_CMD_PAIRING_REQ
:
2046 reason
= smp_cmd_pairing_req(conn
, skb
);
2049 case SMP_CMD_PAIRING_FAIL
:
2050 smp_failure(conn
, 0);
2054 case SMP_CMD_PAIRING_RSP
:
2055 reason
= smp_cmd_pairing_rsp(conn
, skb
);
2058 case SMP_CMD_SECURITY_REQ
:
2059 reason
= smp_cmd_security_req(conn
, skb
);
2062 case SMP_CMD_PAIRING_CONFIRM
:
2063 reason
= smp_cmd_pairing_confirm(conn
, skb
);
2066 case SMP_CMD_PAIRING_RANDOM
:
2067 reason
= smp_cmd_pairing_random(conn
, skb
);
2070 case SMP_CMD_ENCRYPT_INFO
:
2071 reason
= smp_cmd_encrypt_info(conn
, skb
);
2074 case SMP_CMD_MASTER_IDENT
:
2075 reason
= smp_cmd_master_ident(conn
, skb
);
2078 case SMP_CMD_IDENT_INFO
:
2079 reason
= smp_cmd_ident_info(conn
, skb
);
2082 case SMP_CMD_IDENT_ADDR_INFO
:
2083 reason
= smp_cmd_ident_addr_info(conn
, skb
);
2086 case SMP_CMD_SIGN_INFO
:
2087 reason
= smp_cmd_sign_info(conn
, skb
);
2090 case SMP_CMD_PUBLIC_KEY
:
2091 reason
= smp_cmd_public_key(conn
, skb
);
2094 case SMP_CMD_DHKEY_CHECK
:
2095 reason
= smp_cmd_dhkey_check(conn
, skb
);
2099 BT_DBG("Unknown command code 0x%2.2x", code
);
2100 reason
= SMP_CMD_NOTSUPP
;
2107 smp_failure(conn
, reason
);
2114 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
2120 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
2122 struct l2cap_conn
*conn
= chan
->conn
;
2124 BT_DBG("chan %p", chan
);
2127 smp_chan_destroy(conn
);
2130 l2cap_chan_put(chan
);
2133 static void smp_resume_cb(struct l2cap_chan
*chan
)
2135 struct smp_chan
*smp
= chan
->data
;
2136 struct l2cap_conn
*conn
= chan
->conn
;
2137 struct hci_conn
*hcon
= conn
->hcon
;
2139 BT_DBG("chan %p", chan
);
2144 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
2147 cancel_delayed_work(&smp
->security_timer
);
2149 smp_distribute_keys(smp
);
2152 static void smp_ready_cb(struct l2cap_chan
*chan
)
2154 struct l2cap_conn
*conn
= chan
->conn
;
2156 BT_DBG("chan %p", chan
);
2159 l2cap_chan_hold(chan
);
2162 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
2166 BT_DBG("chan %p", chan
);
2168 err
= smp_sig_channel(chan
, skb
);
2170 struct smp_chan
*smp
= chan
->data
;
2173 cancel_delayed_work_sync(&smp
->security_timer
);
2175 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
2181 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
2182 unsigned long hdr_len
,
2183 unsigned long len
, int nb
)
2185 struct sk_buff
*skb
;
2187 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
2189 return ERR_PTR(-ENOMEM
);
2191 skb
->priority
= HCI_PRIO_MAX
;
2192 bt_cb(skb
)->chan
= chan
;
2197 static const struct l2cap_ops smp_chan_ops
= {
2198 .name
= "Security Manager",
2199 .ready
= smp_ready_cb
,
2200 .recv
= smp_recv_cb
,
2201 .alloc_skb
= smp_alloc_skb_cb
,
2202 .teardown
= smp_teardown_cb
,
2203 .resume
= smp_resume_cb
,
2205 .new_connection
= l2cap_chan_no_new_connection
,
2206 .state_change
= l2cap_chan_no_state_change
,
2207 .close
= l2cap_chan_no_close
,
2208 .defer
= l2cap_chan_no_defer
,
2209 .suspend
= l2cap_chan_no_suspend
,
2210 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2211 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2212 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2215 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
2217 struct l2cap_chan
*chan
;
2219 BT_DBG("pchan %p", pchan
);
2221 chan
= l2cap_chan_create();
2225 chan
->chan_type
= pchan
->chan_type
;
2226 chan
->ops
= &smp_chan_ops
;
2227 chan
->scid
= pchan
->scid
;
2228 chan
->dcid
= chan
->scid
;
2229 chan
->imtu
= pchan
->imtu
;
2230 chan
->omtu
= pchan
->omtu
;
2231 chan
->mode
= pchan
->mode
;
2233 /* Other L2CAP channels may request SMP routines in order to
2234 * change the security level. This means that the SMP channel
2235 * lock must be considered in its own category to avoid lockdep
2238 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
2240 BT_DBG("created chan %p", chan
);
2245 static const struct l2cap_ops smp_root_chan_ops
= {
2246 .name
= "Security Manager Root",
2247 .new_connection
= smp_new_conn_cb
,
2249 /* None of these are implemented for the root channel */
2250 .close
= l2cap_chan_no_close
,
2251 .alloc_skb
= l2cap_chan_no_alloc_skb
,
2252 .recv
= l2cap_chan_no_recv
,
2253 .state_change
= l2cap_chan_no_state_change
,
2254 .teardown
= l2cap_chan_no_teardown
,
2255 .ready
= l2cap_chan_no_ready
,
2256 .defer
= l2cap_chan_no_defer
,
2257 .suspend
= l2cap_chan_no_suspend
,
2258 .resume
= l2cap_chan_no_resume
,
2259 .set_shutdown
= l2cap_chan_no_set_shutdown
,
2260 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
2261 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
2264 int smp_register(struct hci_dev
*hdev
)
2266 struct l2cap_chan
*chan
;
2267 struct crypto_blkcipher
*tfm_aes
;
2269 BT_DBG("%s", hdev
->name
);
2271 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2272 if (IS_ERR(tfm_aes
)) {
2273 int err
= PTR_ERR(tfm_aes
);
2274 BT_ERR("Unable to create crypto context");
2278 chan
= l2cap_chan_create();
2280 crypto_free_blkcipher(tfm_aes
);
2284 chan
->data
= tfm_aes
;
2286 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
2288 l2cap_chan_set_defaults(chan
);
2290 bacpy(&chan
->src
, &hdev
->bdaddr
);
2291 chan
->src_type
= BDADDR_LE_PUBLIC
;
2292 chan
->state
= BT_LISTEN
;
2293 chan
->mode
= L2CAP_MODE_BASIC
;
2294 chan
->imtu
= L2CAP_DEFAULT_MTU
;
2295 chan
->ops
= &smp_root_chan_ops
;
2297 /* Set correct nesting level for a parent/listening channel */
2298 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
2300 hdev
->smp_data
= chan
;
2305 void smp_unregister(struct hci_dev
*hdev
)
2307 struct l2cap_chan
*chan
= hdev
->smp_data
;
2308 struct crypto_blkcipher
*tfm_aes
;
2313 BT_DBG("%s chan %p", hdev
->name
, chan
);
2315 tfm_aes
= chan
->data
;
2318 crypto_free_blkcipher(tfm_aes
);
2321 hdev
->smp_data
= NULL
;
2322 l2cap_chan_put(chan
);