2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(const u8 src
[16], u8 dst
[16])
41 for (i
= 0; i
< 16; i
++)
45 static inline void swap56(const u8 src
[7], u8 dst
[7])
48 for (i
= 0; i
< 7; i
++)
52 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
54 struct blkcipher_desc desc
;
55 struct scatterlist sg
;
56 uint8_t tmp
[16], data
[16];
60 BT_ERR("tfm %p", tfm
);
67 /* The most significant octet of key corresponds to k[0] */
70 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
72 BT_ERR("cipher setkey failed: %d", err
);
76 /* Most significant octet of plaintextData corresponds to data[0] */
79 sg_init_one(&sg
, data
, 16);
81 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
83 BT_ERR("Encrypt data error %d", err
);
85 /* Most significant octet of encryptedData corresponds to data[0] */
91 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
96 /* r' = padding || r */
98 memset(_res
+ 3, 0, 13);
100 err
= smp_e(tfm
, irk
, _res
);
102 BT_ERR("Encrypt error");
106 /* The output of the random address function ah is:
107 * ah(h, r) = e(k, r') mod 2^24
108 * The output of the security function e is then truncated to 24 bits
109 * by taking the least significant 24 bits of the output of e as the
112 memcpy(res
, _res
, 3);
117 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
123 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
125 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
129 return !memcmp(bdaddr
->b
, hash
, 3);
132 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
136 get_random_bytes(&rpa
->b
[3], 3);
138 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
139 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
141 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
145 BT_DBG("RPA %pMR", rpa
);
150 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
151 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
152 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
159 /* p1 = pres || preq || _rat || _iat */
162 memcpy(p1
+ 2, preq
, 7);
163 memcpy(p1
+ 9, pres
, 7);
165 /* p2 = padding || ia || ra */
167 memcpy(p2
+ 6, ia
, 6);
168 memset(p2
+ 12, 0, 4);
171 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
173 /* res = e(k, res) */
174 err
= smp_e(tfm
, k
, res
);
176 BT_ERR("Encrypt data error");
180 /* res = res XOR p2 */
181 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
183 /* res = e(k, res) */
184 err
= smp_e(tfm
, k
, res
);
186 BT_ERR("Encrypt data error");
191 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
192 u8 r2
[16], u8 _r
[16])
196 /* Just least significant octets from r1 and r2 are considered */
198 memcpy(_r
+ 8, r1
, 8);
200 err
= smp_e(tfm
, k
, _r
);
202 BT_ERR("Encrypt data error");
207 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
208 u16 dlen
, void *data
)
211 struct l2cap_hdr
*lh
;
214 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
219 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
223 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
224 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
225 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
227 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
229 memcpy(skb_put(skb
, dlen
), data
, dlen
);
234 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
236 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
238 BT_DBG("code 0x%2.2x", code
);
243 skb
->priority
= HCI_PRIO_MAX
;
244 hci_send_acl(conn
->hchan
, skb
, 0);
246 cancel_delayed_work_sync(&conn
->security_timer
);
247 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
250 static __u8
authreq_to_seclevel(__u8 authreq
)
252 if (authreq
& SMP_AUTH_MITM
)
253 return BT_SECURITY_HIGH
;
255 return BT_SECURITY_MEDIUM
;
258 static __u8
seclevel_to_authreq(__u8 sec_level
)
261 case BT_SECURITY_HIGH
:
262 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
263 case BT_SECURITY_MEDIUM
:
264 return SMP_AUTH_BONDING
;
266 return SMP_AUTH_NONE
;
270 static void build_pairing_cmd(struct l2cap_conn
*conn
,
271 struct smp_cmd_pairing
*req
,
272 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
274 struct smp_chan
*smp
= conn
->smp_chan
;
275 struct hci_conn
*hcon
= conn
->hcon
;
276 struct hci_dev
*hdev
= hcon
->hdev
;
277 u8 local_dist
= 0, remote_dist
= 0;
279 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
280 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
281 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
282 authreq
|= SMP_AUTH_BONDING
;
284 authreq
&= ~SMP_AUTH_BONDING
;
287 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
288 remote_dist
|= SMP_DIST_ID_KEY
;
290 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
291 local_dist
|= SMP_DIST_ID_KEY
;
294 req
->io_capability
= conn
->hcon
->io_capability
;
295 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
296 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
297 req
->init_key_dist
= local_dist
;
298 req
->resp_key_dist
= remote_dist
;
299 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
301 smp
->remote_key_dist
= remote_dist
;
305 rsp
->io_capability
= conn
->hcon
->io_capability
;
306 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
307 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
308 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
309 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
310 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
312 smp
->remote_key_dist
= rsp
->init_key_dist
;
315 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
317 struct smp_chan
*smp
= conn
->smp_chan
;
319 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
320 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
321 return SMP_ENC_KEY_SIZE
;
323 smp
->enc_key_size
= max_key_size
;
328 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
330 struct hci_conn
*hcon
= conn
->hcon
;
333 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
336 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
337 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
338 HCI_ERROR_AUTH_FAILURE
);
340 cancel_delayed_work_sync(&conn
->security_timer
);
342 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
343 smp_chan_destroy(conn
);
346 #define JUST_WORKS 0x00
347 #define JUST_CFM 0x01
348 #define REQ_PASSKEY 0x02
349 #define CFM_PASSKEY 0x03
353 static const u8 gen_method
[5][5] = {
354 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
355 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
356 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
357 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
358 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
361 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
362 u8 local_io
, u8 remote_io
)
364 struct hci_conn
*hcon
= conn
->hcon
;
365 struct smp_chan
*smp
= conn
->smp_chan
;
370 /* Initialize key for JUST WORKS */
371 memset(smp
->tk
, 0, sizeof(smp
->tk
));
372 clear_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
374 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
376 /* If neither side wants MITM, use JUST WORKS */
377 /* If either side has unknown io_caps, use JUST WORKS */
378 /* Otherwise, look up method from the table */
379 if (!(auth
& SMP_AUTH_MITM
) ||
380 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
381 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
384 method
= gen_method
[remote_io
][local_io
];
386 /* If not bonding, don't ask user to confirm a Zero TK */
387 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
390 /* If Just Works, Continue with Zero TK */
391 if (method
== JUST_WORKS
) {
392 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
396 /* Not Just Works/Confirm results in MITM Authentication */
397 if (method
!= JUST_CFM
)
398 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->smp_flags
);
400 /* If both devices have Keyoard-Display I/O, the master
401 * Confirms and the slave Enters the passkey.
403 if (method
== OVERLAP
) {
404 if (hcon
->link_mode
& HCI_LM_MASTER
)
405 method
= CFM_PASSKEY
;
407 method
= REQ_PASSKEY
;
410 /* Generate random passkey. */
411 if (method
== CFM_PASSKEY
) {
412 memset(smp
->tk
, 0, sizeof(smp
->tk
));
413 get_random_bytes(&passkey
, sizeof(passkey
));
415 put_unaligned_le32(passkey
, smp
->tk
);
416 BT_DBG("PassKey: %d", passkey
);
417 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
420 hci_dev_lock(hcon
->hdev
);
422 if (method
== REQ_PASSKEY
)
423 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
424 hcon
->type
, hcon
->dst_type
);
426 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
427 hcon
->type
, hcon
->dst_type
,
430 hci_dev_unlock(hcon
->hdev
);
435 static void confirm_work(struct work_struct
*work
)
437 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, confirm
);
438 struct l2cap_conn
*conn
= smp
->conn
;
439 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
440 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
441 struct smp_cmd_pairing_confirm cp
;
445 BT_DBG("conn %p", conn
);
447 /* Prevent mutual access to hdev->tfm_aes */
450 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
451 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
452 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
455 hci_dev_unlock(hdev
);
458 reason
= SMP_UNSPECIFIED
;
462 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
464 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
469 smp_failure(conn
, reason
);
472 static void random_work(struct work_struct
*work
)
474 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, random
);
475 struct l2cap_conn
*conn
= smp
->conn
;
476 struct hci_conn
*hcon
= conn
->hcon
;
477 struct hci_dev
*hdev
= hcon
->hdev
;
478 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
479 u8 reason
, confirm
[16];
482 if (IS_ERR_OR_NULL(tfm
)) {
483 reason
= SMP_UNSPECIFIED
;
487 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
489 /* Prevent mutual access to hdev->tfm_aes */
492 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
493 hcon
->init_addr_type
, &hcon
->init_addr
,
494 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
496 hci_dev_unlock(hdev
);
499 reason
= SMP_UNSPECIFIED
;
503 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
504 BT_ERR("Pairing failed (confirmation values mismatch)");
505 reason
= SMP_CONFIRM_FAILED
;
514 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
516 memset(stk
+ smp
->enc_key_size
, 0,
517 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
519 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
)) {
520 reason
= SMP_UNSPECIFIED
;
524 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
525 hcon
->enc_key_size
= smp
->enc_key_size
;
531 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
534 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
536 memset(stk
+ smp
->enc_key_size
, 0,
537 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
539 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
540 HCI_SMP_STK_SLAVE
, 0, stk
, smp
->enc_key_size
,
547 smp_failure(conn
, reason
);
550 static void smp_reencrypt(struct work_struct
*work
)
552 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
554 struct l2cap_conn
*conn
= smp
->conn
;
555 struct hci_conn
*hcon
= conn
->hcon
;
556 struct smp_ltk
*ltk
= smp
->ltk
;
560 hci_le_start_enc(hcon
, ltk
->ediv
, ltk
->rand
, ltk
->val
);
561 hcon
->enc_key_size
= ltk
->enc_size
;
564 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
566 struct smp_chan
*smp
;
568 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
572 INIT_WORK(&smp
->confirm
, confirm_work
);
573 INIT_WORK(&smp
->random
, random_work
);
574 INIT_DELAYED_WORK(&smp
->reencrypt
, smp_reencrypt
);
577 conn
->smp_chan
= smp
;
578 conn
->hcon
->smp_conn
= conn
;
580 hci_conn_hold(conn
->hcon
);
585 void smp_chan_destroy(struct l2cap_conn
*conn
)
587 struct smp_chan
*smp
= conn
->smp_chan
;
592 cancel_delayed_work_sync(&smp
->reencrypt
);
594 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
595 mgmt_smp_complete(conn
->hcon
, complete
);
598 kfree(smp
->slave_csrk
);
600 /* If pairing failed clean up any keys we might have */
603 list_del(&smp
->ltk
->list
);
607 if (smp
->slave_ltk
) {
608 list_del(&smp
->slave_ltk
->list
);
609 kfree(smp
->slave_ltk
);
612 if (smp
->remote_irk
) {
613 list_del(&smp
->remote_irk
->list
);
614 kfree(smp
->remote_irk
);
619 conn
->smp_chan
= NULL
;
620 conn
->hcon
->smp_conn
= NULL
;
621 hci_conn_drop(conn
->hcon
);
624 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
626 struct l2cap_conn
*conn
= hcon
->smp_conn
;
627 struct smp_chan
*smp
;
635 smp
= conn
->smp_chan
;
638 case MGMT_OP_USER_PASSKEY_REPLY
:
639 value
= le32_to_cpu(passkey
);
640 memset(smp
->tk
, 0, sizeof(smp
->tk
));
641 BT_DBG("PassKey: %d", value
);
642 put_unaligned_le32(value
, smp
->tk
);
644 case MGMT_OP_USER_CONFIRM_REPLY
:
645 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
647 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
648 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
649 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
652 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
656 /* If it is our turn to send Pairing Confirm, do so now */
657 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
))
658 queue_work(hcon
->hdev
->workqueue
, &smp
->confirm
);
663 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
665 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
666 struct smp_chan
*smp
;
668 u8 auth
= SMP_AUTH_NONE
;
671 BT_DBG("conn %p", conn
);
673 if (skb
->len
< sizeof(*req
))
674 return SMP_UNSPECIFIED
;
676 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
677 return SMP_CMD_NOTSUPP
;
679 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
680 smp
= smp_chan_create(conn
);
682 smp
= conn
->smp_chan
;
685 return SMP_UNSPECIFIED
;
687 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
688 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
689 skb_pull(skb
, sizeof(*req
));
691 /* We didn't start the pairing, so match remote */
692 if (req
->auth_req
& SMP_AUTH_BONDING
)
693 auth
= req
->auth_req
;
695 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
697 build_pairing_cmd(conn
, req
, &rsp
, auth
);
699 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
700 if (check_enc_key_size(conn
, key_size
))
701 return SMP_ENC_KEY_SIZE
;
703 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
705 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
706 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
708 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
710 /* Request setup of TK */
711 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
713 return SMP_UNSPECIFIED
;
718 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
720 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
721 struct smp_chan
*smp
= conn
->smp_chan
;
722 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
723 u8 key_size
, auth
= SMP_AUTH_NONE
;
726 BT_DBG("conn %p", conn
);
728 if (skb
->len
< sizeof(*rsp
))
729 return SMP_UNSPECIFIED
;
731 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
732 return SMP_CMD_NOTSUPP
;
734 skb_pull(skb
, sizeof(*rsp
));
736 req
= (void *) &smp
->preq
[1];
738 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
739 if (check_enc_key_size(conn
, key_size
))
740 return SMP_ENC_KEY_SIZE
;
742 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
744 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
745 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
747 /* Update remote key distribution in case the remote cleared
748 * some bits that we had enabled in our request.
750 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
752 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
753 (rsp
->auth_req
& SMP_AUTH_BONDING
))
754 auth
= SMP_AUTH_BONDING
;
756 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
758 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
760 return SMP_UNSPECIFIED
;
762 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
764 /* Can't compose response until we have been confirmed */
765 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
766 queue_work(hdev
->workqueue
, &smp
->confirm
);
771 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
773 struct smp_chan
*smp
= conn
->smp_chan
;
774 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
776 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
778 if (skb
->len
< sizeof(smp
->pcnf
))
779 return SMP_UNSPECIFIED
;
781 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
782 skb_pull(skb
, sizeof(smp
->pcnf
));
785 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
787 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
788 queue_work(hdev
->workqueue
, &smp
->confirm
);
790 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
795 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
797 struct smp_chan
*smp
= conn
->smp_chan
;
798 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
800 BT_DBG("conn %p", conn
);
802 if (skb
->len
< sizeof(smp
->rrnd
))
803 return SMP_UNSPECIFIED
;
805 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
806 skb_pull(skb
, sizeof(smp
->rrnd
));
808 queue_work(hdev
->workqueue
, &smp
->random
);
813 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
816 struct hci_conn
*hcon
= conn
->hcon
;
818 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
823 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
826 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
829 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
830 hcon
->enc_key_size
= key
->enc_size
;
835 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
837 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
838 struct smp_cmd_pairing cp
;
839 struct hci_conn
*hcon
= conn
->hcon
;
840 struct smp_chan
*smp
;
842 BT_DBG("conn %p", conn
);
844 if (skb
->len
< sizeof(*rp
))
845 return SMP_UNSPECIFIED
;
847 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
848 return SMP_CMD_NOTSUPP
;
850 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
852 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
855 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
858 smp
= smp_chan_create(conn
);
860 skb_pull(skb
, sizeof(*rp
));
862 memset(&cp
, 0, sizeof(cp
));
863 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
865 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
866 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
868 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
873 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
875 if (sec_level
== BT_SECURITY_LOW
)
878 if (hcon
->sec_level
>= sec_level
)
884 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
886 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
887 struct smp_chan
*smp
;
890 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
892 /* This may be NULL if there's an unexpected disconnection */
896 smp
= conn
->smp_chan
;
898 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
901 if (smp_sufficient_security(hcon
, sec_level
))
904 if (hcon
->link_mode
& HCI_LM_MASTER
)
905 if (smp_ltk_encrypt(conn
, sec_level
))
908 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
911 smp
= smp_chan_create(conn
);
915 authreq
= seclevel_to_authreq(sec_level
);
917 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
918 * flag is set we should also set it for the SMP request.
920 if ((hcon
->auth_type
& 0x01))
921 authreq
|= SMP_AUTH_MITM
;
923 if (hcon
->link_mode
& HCI_LM_MASTER
) {
924 struct smp_cmd_pairing cp
;
926 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
927 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
928 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
930 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
932 struct smp_cmd_security_req cp
;
933 cp
.auth_req
= authreq
;
934 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
938 hcon
->pending_sec_level
= sec_level
;
943 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
945 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
946 struct smp_chan
*smp
= conn
->smp_chan
;
948 BT_DBG("conn %p", conn
);
950 if (skb
->len
< sizeof(*rp
))
951 return SMP_UNSPECIFIED
;
953 /* Ignore this PDU if it wasn't requested */
954 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
957 skb_pull(skb
, sizeof(*rp
));
959 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
964 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
966 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
967 struct smp_chan
*smp
= conn
->smp_chan
;
968 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
969 struct hci_conn
*hcon
= conn
->hcon
;
973 BT_DBG("conn %p", conn
);
975 if (skb
->len
< sizeof(*rp
))
976 return SMP_UNSPECIFIED
;
978 /* Ignore this PDU if it wasn't requested */
979 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
982 /* Mark the information as received */
983 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
985 skb_pull(skb
, sizeof(*rp
));
988 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
989 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
,
990 authenticated
, smp
->tk
, smp
->enc_key_size
,
993 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
994 smp_distribute_keys(conn
);
995 hci_dev_unlock(hdev
);
1000 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1002 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1003 struct smp_chan
*smp
= conn
->smp_chan
;
1007 if (skb
->len
< sizeof(*info
))
1008 return SMP_UNSPECIFIED
;
1010 /* Ignore this PDU if it wasn't requested */
1011 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1014 skb_pull(skb
, sizeof(*info
));
1016 memcpy(smp
->irk
, info
->irk
, 16);
1021 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1022 struct sk_buff
*skb
)
1024 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1025 struct smp_chan
*smp
= conn
->smp_chan
;
1026 struct hci_conn
*hcon
= conn
->hcon
;
1031 if (skb
->len
< sizeof(*info
))
1032 return SMP_UNSPECIFIED
;
1034 /* Ignore this PDU if it wasn't requested */
1035 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1038 /* Mark the information as received */
1039 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1041 skb_pull(skb
, sizeof(*info
));
1043 /* Strictly speaking the Core Specification (4.1) allows sending
1044 * an empty address which would force us to rely on just the IRK
1045 * as "identity information". However, since such
1046 * implementations are not known of and in order to not over
1047 * complicate our implementation, simply pretend that we never
1048 * received an IRK for such a device.
1050 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1051 BT_ERR("Ignoring IRK with no identity address");
1052 smp_distribute_keys(conn
);
1056 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1057 smp
->id_addr_type
= info
->addr_type
;
1059 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1060 bacpy(&rpa
, &hcon
->dst
);
1062 bacpy(&rpa
, BDADDR_ANY
);
1064 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1065 smp
->id_addr_type
, smp
->irk
, &rpa
);
1067 smp_distribute_keys(conn
);
1072 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1074 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1075 struct smp_chan
*smp
= conn
->smp_chan
;
1076 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1077 struct smp_csrk
*csrk
;
1079 BT_DBG("conn %p", conn
);
1081 if (skb
->len
< sizeof(*rp
))
1082 return SMP_UNSPECIFIED
;
1084 /* Ignore this PDU if it wasn't requested */
1085 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1088 /* Mark the information as received */
1089 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1091 skb_pull(skb
, sizeof(*rp
));
1094 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1096 csrk
->master
= 0x01;
1097 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1100 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1101 smp_distribute_keys(conn
);
1102 hci_dev_unlock(hdev
);
1107 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1109 struct hci_conn
*hcon
= conn
->hcon
;
1113 if (hcon
->type
!= LE_LINK
) {
1123 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1125 reason
= SMP_PAIRING_NOTSUPP
;
1129 code
= skb
->data
[0];
1130 skb_pull(skb
, sizeof(code
));
1133 * The SMP context must be initialized for all other PDUs except
1134 * pairing and security requests. If we get any other PDU when
1135 * not initialized simply disconnect (done if this function
1136 * returns an error).
1138 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1140 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1146 case SMP_CMD_PAIRING_REQ
:
1147 reason
= smp_cmd_pairing_req(conn
, skb
);
1150 case SMP_CMD_PAIRING_FAIL
:
1151 smp_failure(conn
, 0);
1156 case SMP_CMD_PAIRING_RSP
:
1157 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1160 case SMP_CMD_SECURITY_REQ
:
1161 reason
= smp_cmd_security_req(conn
, skb
);
1164 case SMP_CMD_PAIRING_CONFIRM
:
1165 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1168 case SMP_CMD_PAIRING_RANDOM
:
1169 reason
= smp_cmd_pairing_random(conn
, skb
);
1172 case SMP_CMD_ENCRYPT_INFO
:
1173 reason
= smp_cmd_encrypt_info(conn
, skb
);
1176 case SMP_CMD_MASTER_IDENT
:
1177 reason
= smp_cmd_master_ident(conn
, skb
);
1180 case SMP_CMD_IDENT_INFO
:
1181 reason
= smp_cmd_ident_info(conn
, skb
);
1184 case SMP_CMD_IDENT_ADDR_INFO
:
1185 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1188 case SMP_CMD_SIGN_INFO
:
1189 reason
= smp_cmd_sign_info(conn
, skb
);
1193 BT_DBG("Unknown command code 0x%2.2x", code
);
1195 reason
= SMP_CMD_NOTSUPP
;
1202 smp_failure(conn
, reason
);
1208 static void smp_notify_keys(struct l2cap_conn
*conn
)
1210 struct smp_chan
*smp
= conn
->smp_chan
;
1211 struct hci_conn
*hcon
= conn
->hcon
;
1212 struct hci_dev
*hdev
= hcon
->hdev
;
1213 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1214 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1217 if (smp
->remote_irk
) {
1218 mgmt_new_irk(hdev
, smp
->remote_irk
);
1219 /* Now that user space can be considered to know the
1220 * identity address track the connection based on it
1223 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1224 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1225 l2cap_conn_update_id_addr(hcon
);
1228 /* The LTKs and CSRKs should be persistent only if both sides
1229 * had the bonding bit set in their authentication requests.
1231 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
1234 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1235 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1236 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1239 if (smp
->slave_csrk
) {
1240 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1241 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1242 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1246 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1247 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1248 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1251 if (smp
->slave_ltk
) {
1252 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1253 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1254 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1258 int smp_distribute_keys(struct l2cap_conn
*conn
)
1260 struct smp_cmd_pairing
*req
, *rsp
;
1261 struct smp_chan
*smp
= conn
->smp_chan
;
1262 struct hci_conn
*hcon
= conn
->hcon
;
1263 struct hci_dev
*hdev
= hcon
->hdev
;
1267 BT_DBG("conn %p", conn
);
1269 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1272 rsp
= (void *) &smp
->prsp
[1];
1274 /* The responder sends its keys first */
1275 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1278 req
= (void *) &smp
->preq
[1];
1281 keydist
= &rsp
->init_key_dist
;
1282 *keydist
&= req
->init_key_dist
;
1284 keydist
= &rsp
->resp_key_dist
;
1285 *keydist
&= req
->resp_key_dist
;
1288 BT_DBG("keydist 0x%x", *keydist
);
1290 if (*keydist
& SMP_DIST_ENC_KEY
) {
1291 struct smp_cmd_encrypt_info enc
;
1292 struct smp_cmd_master_ident ident
;
1293 struct smp_ltk
*ltk
;
1298 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1299 get_random_bytes(&ediv
, sizeof(ediv
));
1300 get_random_bytes(&rand
, sizeof(rand
));
1302 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1304 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1305 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1306 HCI_SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1307 smp
->enc_key_size
, ediv
, rand
);
1308 smp
->slave_ltk
= ltk
;
1313 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1315 *keydist
&= ~SMP_DIST_ENC_KEY
;
1318 if (*keydist
& SMP_DIST_ID_KEY
) {
1319 struct smp_cmd_ident_addr_info addrinfo
;
1320 struct smp_cmd_ident_info idinfo
;
1322 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1324 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1326 /* The hci_conn contains the local identity address
1327 * after the connection has been established.
1329 * This is true even when the connection has been
1330 * established using a resolvable random address.
1332 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1333 addrinfo
.addr_type
= hcon
->src_type
;
1335 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1338 *keydist
&= ~SMP_DIST_ID_KEY
;
1341 if (*keydist
& SMP_DIST_SIGN
) {
1342 struct smp_cmd_sign_info sign
;
1343 struct smp_csrk
*csrk
;
1345 /* Generate a new random key */
1346 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1348 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1350 csrk
->master
= 0x00;
1351 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1353 smp
->slave_csrk
= csrk
;
1355 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1357 *keydist
&= ~SMP_DIST_SIGN
;
1360 /* If there are still keys to be received wait for them */
1361 if ((smp
->remote_key_dist
& 0x07))
1364 /* Check if we should try to re-encrypt the link with the LTK.
1365 * SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've
1366 * already tried this (in which case we shouldn't try again).
1368 * The request will trigger an encryption key refresh event
1369 * which will cause a call to auth_cfm and eventually lead to
1370 * l2cap_core.c calling this smp_distribute_keys function again
1371 * and thereby completing the process.
1374 ltk_encrypt
= !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT
,
1377 ltk_encrypt
= false;
1379 /* Re-encrypt the link with LTK if possible */
1380 if (ltk_encrypt
&& hcon
->out
) {
1381 queue_delayed_work(hdev
->req_workqueue
, &smp
->reencrypt
,
1382 SMP_REENCRYPT_TIMEOUT
);
1384 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1385 cancel_delayed_work_sync(&conn
->security_timer
);
1386 set_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
1387 smp_notify_keys(conn
);
1388 smp_chan_destroy(conn
);