2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
28 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
35 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
40 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
44 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
45 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
46 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
48 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
50 memcpy(skb_put(skb
, dlen
), data
, dlen
);
55 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
57 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
59 BT_DBG("code 0x%2.2x", code
);
64 hci_send_acl(conn
->hcon
, skb
, 0);
67 static void smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
69 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
71 BT_DBG("conn %p", conn
);
73 skb_pull(skb
, sizeof(*rp
));
75 rp
->io_capability
= 0x00;
77 rp
->max_key_size
= 16;
78 rp
->init_key_dist
= 0x00;
79 rp
->resp_key_dist
= 0x00;
80 rp
->auth_req
&= (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
82 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(*rp
), rp
);
85 static void smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
87 struct smp_cmd_pairing_confirm cp
;
89 BT_DBG("conn %p", conn
);
91 memset(&cp
, 0, sizeof(cp
));
93 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
96 static void smp_cmd_pairing_confirm(struct l2cap_conn
*conn
,
99 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
101 if (conn
->hcon
->out
) {
102 struct smp_cmd_pairing_random random
;
104 memset(&random
, 0, sizeof(random
));
106 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
109 struct smp_cmd_pairing_confirm confirm
;
111 memset(&confirm
, 0, sizeof(confirm
));
113 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(confirm
),
118 static void smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
120 struct smp_cmd_pairing_random cp
;
122 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
124 skb_pull(skb
, sizeof(cp
));
126 if (conn
->hcon
->out
) {
127 /* FIXME: start encryption */
129 memset(&cp
, 0, sizeof(cp
));
131 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(cp
), &cp
);
135 static void smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
137 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
138 struct smp_cmd_pairing cp
;
140 BT_DBG("conn %p", conn
);
142 skb_pull(skb
, sizeof(*rp
));
143 memset(&cp
, 0, sizeof(cp
));
145 cp
.io_capability
= 0x00;
147 cp
.max_key_size
= 16;
148 cp
.init_key_dist
= 0x00;
149 cp
.resp_key_dist
= 0x00;
150 cp
.auth_req
= rp
->auth_req
& (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
152 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
155 int smp_conn_security(struct l2cap_conn
*conn
, __u8 sec_level
)
157 struct hci_conn
*hcon
= conn
->hcon
;
160 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
162 if (IS_ERR(hcon
->hdev
->tfm
))
166 case BT_SECURITY_MEDIUM
:
167 /* Encrypted, no MITM protection */
168 authreq
= HCI_AT_NO_BONDING_MITM
;
171 case BT_SECURITY_HIGH
:
172 /* Bonding, MITM protection */
173 authreq
= HCI_AT_GENERAL_BONDING_MITM
;
176 case BT_SECURITY_LOW
:
181 if (hcon
->link_mode
& HCI_LM_MASTER
) {
182 struct smp_cmd_pairing cp
;
183 cp
.io_capability
= 0x00;
185 cp
.max_key_size
= 16;
186 cp
.init_key_dist
= 0x00;
187 cp
.resp_key_dist
= 0x00;
188 cp
.auth_req
= authreq
;
189 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
191 struct smp_cmd_security_req cp
;
192 cp
.auth_req
= authreq
;
193 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
199 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
201 __u8 code
= skb
->data
[0];
205 if (IS_ERR(conn
->hcon
->hdev
->tfm
)) {
206 err
= PTR_ERR(conn
->hcon
->hdev
->tfm
);
207 reason
= SMP_PAIRING_NOTSUPP
;
211 skb_pull(skb
, sizeof(code
));
214 case SMP_CMD_PAIRING_REQ
:
215 smp_cmd_pairing_req(conn
, skb
);
218 case SMP_CMD_PAIRING_FAIL
:
221 case SMP_CMD_PAIRING_RSP
:
222 smp_cmd_pairing_rsp(conn
, skb
);
225 case SMP_CMD_SECURITY_REQ
:
226 smp_cmd_security_req(conn
, skb
);
229 case SMP_CMD_PAIRING_CONFIRM
:
230 smp_cmd_pairing_confirm(conn
, skb
);
233 case SMP_CMD_PAIRING_RANDOM
:
234 smp_cmd_pairing_random(conn
, skb
);
237 case SMP_CMD_ENCRYPT_INFO
:
238 case SMP_CMD_MASTER_IDENT
:
239 case SMP_CMD_IDENT_INFO
:
240 case SMP_CMD_IDENT_ADDR_INFO
:
241 case SMP_CMD_SIGN_INFO
:
243 BT_DBG("Unknown command code 0x%2.2x", code
);
245 reason
= SMP_CMD_NOTSUPP
;
252 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),