2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn
*conn
;
46 u8 preq
[7]; /* SMP Pairing Request */
47 u8 prsp
[7]; /* SMP Pairing Response */
48 u8 prnd
[16]; /* SMP Pairing Random (local) */
49 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf
[16]; /* SMP Pairing Confirm */
51 u8 tk
[16]; /* SMP Temporary Key */
57 struct smp_csrk
*csrk
;
58 struct smp_csrk
*slave_csrk
;
60 struct smp_ltk
*slave_ltk
;
61 struct smp_irk
*remote_irk
;
62 unsigned long smp_flags
;
63 struct work_struct confirm
;
64 struct work_struct random
;
67 static inline void swap128(const u8 src
[16], u8 dst
[16])
70 for (i
= 0; i
< 16; i
++)
74 static inline void swap56(const u8 src
[7], u8 dst
[7])
77 for (i
= 0; i
< 7; i
++)
81 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
83 struct blkcipher_desc desc
;
84 struct scatterlist sg
;
85 uint8_t tmp
[16], data
[16];
89 BT_ERR("tfm %p", tfm
);
96 /* The most significant octet of key corresponds to k[0] */
99 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
101 BT_ERR("cipher setkey failed: %d", err
);
105 /* Most significant octet of plaintextData corresponds to data[0] */
108 sg_init_one(&sg
, data
, 16);
110 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
112 BT_ERR("Encrypt data error %d", err
);
114 /* Most significant octet of encryptedData corresponds to data[0] */
120 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
125 /* r' = padding || r */
127 memset(_res
+ 3, 0, 13);
129 err
= smp_e(tfm
, irk
, _res
);
131 BT_ERR("Encrypt error");
135 /* The output of the random address function ah is:
136 * ah(h, r) = e(k, r') mod 2^24
137 * The output of the security function e is then truncated to 24 bits
138 * by taking the least significant 24 bits of the output of e as the
141 memcpy(res
, _res
, 3);
146 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
152 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
154 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
158 return !memcmp(bdaddr
->b
, hash
, 3);
161 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
165 get_random_bytes(&rpa
->b
[3], 3);
167 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
168 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
170 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
174 BT_DBG("RPA %pMR", rpa
);
179 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
180 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
181 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
188 /* p1 = pres || preq || _rat || _iat */
191 memcpy(p1
+ 2, preq
, 7);
192 memcpy(p1
+ 9, pres
, 7);
194 /* p2 = padding || ia || ra */
196 memcpy(p2
+ 6, ia
, 6);
197 memset(p2
+ 12, 0, 4);
200 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
202 /* res = e(k, res) */
203 err
= smp_e(tfm
, k
, res
);
205 BT_ERR("Encrypt data error");
209 /* res = res XOR p2 */
210 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
212 /* res = e(k, res) */
213 err
= smp_e(tfm
, k
, res
);
215 BT_ERR("Encrypt data error");
220 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
221 u8 r2
[16], u8 _r
[16])
225 /* Just least significant octets from r1 and r2 are considered */
227 memcpy(_r
+ 8, r1
, 8);
229 err
= smp_e(tfm
, k
, _r
);
231 BT_ERR("Encrypt data error");
236 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
237 u16 dlen
, void *data
)
240 struct l2cap_hdr
*lh
;
243 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
248 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
252 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
253 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
254 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
256 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
258 memcpy(skb_put(skb
, dlen
), data
, dlen
);
263 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
265 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
267 BT_DBG("code 0x%2.2x", code
);
272 skb
->priority
= HCI_PRIO_MAX
;
273 hci_send_acl(conn
->hchan
, skb
, 0);
275 cancel_delayed_work_sync(&conn
->security_timer
);
276 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
279 static __u8
authreq_to_seclevel(__u8 authreq
)
281 if (authreq
& SMP_AUTH_MITM
)
282 return BT_SECURITY_HIGH
;
284 return BT_SECURITY_MEDIUM
;
287 static __u8
seclevel_to_authreq(__u8 sec_level
)
290 case BT_SECURITY_HIGH
:
291 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
292 case BT_SECURITY_MEDIUM
:
293 return SMP_AUTH_BONDING
;
295 return SMP_AUTH_NONE
;
299 static void build_pairing_cmd(struct l2cap_conn
*conn
,
300 struct smp_cmd_pairing
*req
,
301 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
303 struct smp_chan
*smp
= conn
->smp_chan
;
304 struct hci_conn
*hcon
= conn
->hcon
;
305 struct hci_dev
*hdev
= hcon
->hdev
;
306 u8 local_dist
= 0, remote_dist
= 0;
308 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
309 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
310 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
311 authreq
|= SMP_AUTH_BONDING
;
313 authreq
&= ~SMP_AUTH_BONDING
;
316 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
317 remote_dist
|= SMP_DIST_ID_KEY
;
319 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
320 local_dist
|= SMP_DIST_ID_KEY
;
323 req
->io_capability
= conn
->hcon
->io_capability
;
324 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
325 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
326 req
->init_key_dist
= local_dist
;
327 req
->resp_key_dist
= remote_dist
;
328 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
330 smp
->remote_key_dist
= remote_dist
;
334 rsp
->io_capability
= conn
->hcon
->io_capability
;
335 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
336 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
337 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
338 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
339 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
341 smp
->remote_key_dist
= rsp
->init_key_dist
;
344 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
346 struct smp_chan
*smp
= conn
->smp_chan
;
348 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
349 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
350 return SMP_ENC_KEY_SIZE
;
352 smp
->enc_key_size
= max_key_size
;
357 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
359 struct hci_conn
*hcon
= conn
->hcon
;
362 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
365 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
366 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
367 HCI_ERROR_AUTH_FAILURE
);
369 cancel_delayed_work_sync(&conn
->security_timer
);
371 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
372 smp_chan_destroy(conn
);
375 #define JUST_WORKS 0x00
376 #define JUST_CFM 0x01
377 #define REQ_PASSKEY 0x02
378 #define CFM_PASSKEY 0x03
382 static const u8 gen_method
[5][5] = {
383 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
384 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
385 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
386 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
387 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
390 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
391 u8 local_io
, u8 remote_io
)
393 struct hci_conn
*hcon
= conn
->hcon
;
394 struct smp_chan
*smp
= conn
->smp_chan
;
399 /* Initialize key for JUST WORKS */
400 memset(smp
->tk
, 0, sizeof(smp
->tk
));
401 clear_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
403 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
405 /* If neither side wants MITM, use JUST WORKS */
406 /* If either side has unknown io_caps, use JUST WORKS */
407 /* Otherwise, look up method from the table */
408 if (!(auth
& SMP_AUTH_MITM
) ||
409 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
410 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
413 method
= gen_method
[remote_io
][local_io
];
415 /* If not bonding, don't ask user to confirm a Zero TK */
416 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
419 /* Don't confirm locally initiated pairing attempts */
420 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
,
424 /* If Just Works, Continue with Zero TK */
425 if (method
== JUST_WORKS
) {
426 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
430 /* Not Just Works/Confirm results in MITM Authentication */
431 if (method
!= JUST_CFM
)
432 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->smp_flags
);
434 /* If both devices have Keyoard-Display I/O, the master
435 * Confirms and the slave Enters the passkey.
437 if (method
== OVERLAP
) {
438 if (hcon
->link_mode
& HCI_LM_MASTER
)
439 method
= CFM_PASSKEY
;
441 method
= REQ_PASSKEY
;
444 /* Generate random passkey. */
445 if (method
== CFM_PASSKEY
) {
446 memset(smp
->tk
, 0, sizeof(smp
->tk
));
447 get_random_bytes(&passkey
, sizeof(passkey
));
449 put_unaligned_le32(passkey
, smp
->tk
);
450 BT_DBG("PassKey: %d", passkey
);
451 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
454 hci_dev_lock(hcon
->hdev
);
456 if (method
== REQ_PASSKEY
)
457 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
458 hcon
->type
, hcon
->dst_type
);
459 else if (method
== JUST_CFM
)
460 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
461 hcon
->type
, hcon
->dst_type
,
464 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
465 hcon
->type
, hcon
->dst_type
,
468 hci_dev_unlock(hcon
->hdev
);
473 static void confirm_work(struct work_struct
*work
)
475 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, confirm
);
476 struct l2cap_conn
*conn
= smp
->conn
;
477 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
478 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
479 struct smp_cmd_pairing_confirm cp
;
483 BT_DBG("conn %p", conn
);
485 /* Prevent mutual access to hdev->tfm_aes */
488 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
489 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
490 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
493 hci_dev_unlock(hdev
);
496 reason
= SMP_UNSPECIFIED
;
500 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
502 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
507 smp_failure(conn
, reason
);
510 static void random_work(struct work_struct
*work
)
512 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, random
);
513 struct l2cap_conn
*conn
= smp
->conn
;
514 struct hci_conn
*hcon
= conn
->hcon
;
515 struct hci_dev
*hdev
= hcon
->hdev
;
516 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
517 u8 reason
, confirm
[16];
520 if (IS_ERR_OR_NULL(tfm
)) {
521 reason
= SMP_UNSPECIFIED
;
525 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
527 /* Prevent mutual access to hdev->tfm_aes */
530 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
531 hcon
->init_addr_type
, &hcon
->init_addr
,
532 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
534 hci_dev_unlock(hdev
);
537 reason
= SMP_UNSPECIFIED
;
541 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
542 BT_ERR("Pairing failed (confirmation values mismatch)");
543 reason
= SMP_CONFIRM_FAILED
;
552 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
554 memset(stk
+ smp
->enc_key_size
, 0,
555 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
557 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
)) {
558 reason
= SMP_UNSPECIFIED
;
562 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
563 hcon
->enc_key_size
= smp
->enc_key_size
;
569 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
572 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
574 memset(stk
+ smp
->enc_key_size
, 0,
575 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
577 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
578 HCI_SMP_STK_SLAVE
, 0, stk
, smp
->enc_key_size
,
585 smp_failure(conn
, reason
);
588 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
590 struct smp_chan
*smp
;
592 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
596 INIT_WORK(&smp
->confirm
, confirm_work
);
597 INIT_WORK(&smp
->random
, random_work
);
600 conn
->smp_chan
= smp
;
601 conn
->hcon
->smp_conn
= conn
;
603 hci_conn_hold(conn
->hcon
);
608 void smp_chan_destroy(struct l2cap_conn
*conn
)
610 struct smp_chan
*smp
= conn
->smp_chan
;
615 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
616 mgmt_smp_complete(conn
->hcon
, complete
);
619 kfree(smp
->slave_csrk
);
621 /* If pairing failed clean up any keys we might have */
624 list_del(&smp
->ltk
->list
);
628 if (smp
->slave_ltk
) {
629 list_del(&smp
->slave_ltk
->list
);
630 kfree(smp
->slave_ltk
);
633 if (smp
->remote_irk
) {
634 list_del(&smp
->remote_irk
->list
);
635 kfree(smp
->remote_irk
);
640 conn
->smp_chan
= NULL
;
641 conn
->hcon
->smp_conn
= NULL
;
642 hci_conn_drop(conn
->hcon
);
645 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
647 struct l2cap_conn
*conn
= hcon
->smp_conn
;
648 struct smp_chan
*smp
;
656 smp
= conn
->smp_chan
;
659 case MGMT_OP_USER_PASSKEY_REPLY
:
660 value
= le32_to_cpu(passkey
);
661 memset(smp
->tk
, 0, sizeof(smp
->tk
));
662 BT_DBG("PassKey: %d", value
);
663 put_unaligned_le32(value
, smp
->tk
);
665 case MGMT_OP_USER_CONFIRM_REPLY
:
666 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
668 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
669 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
670 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
673 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
677 /* If it is our turn to send Pairing Confirm, do so now */
678 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
))
679 queue_work(hcon
->hdev
->workqueue
, &smp
->confirm
);
684 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
686 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
687 struct smp_chan
*smp
;
689 u8 auth
= SMP_AUTH_NONE
;
692 BT_DBG("conn %p", conn
);
694 if (skb
->len
< sizeof(*req
))
695 return SMP_INVALID_PARAMS
;
697 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
698 return SMP_CMD_NOTSUPP
;
700 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
701 smp
= smp_chan_create(conn
);
703 smp
= conn
->smp_chan
;
706 return SMP_UNSPECIFIED
;
708 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
709 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
710 skb_pull(skb
, sizeof(*req
));
712 /* We didn't start the pairing, so match remote */
713 if (req
->auth_req
& SMP_AUTH_BONDING
)
714 auth
= req
->auth_req
;
716 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
718 build_pairing_cmd(conn
, req
, &rsp
, auth
);
720 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
721 if (check_enc_key_size(conn
, key_size
))
722 return SMP_ENC_KEY_SIZE
;
724 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
726 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
727 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
729 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
731 /* Request setup of TK */
732 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
734 return SMP_UNSPECIFIED
;
736 clear_bit(SMP_FLAG_INITIATOR
, &smp
->smp_flags
);
741 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
743 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
744 struct smp_chan
*smp
= conn
->smp_chan
;
745 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
746 u8 key_size
, auth
= SMP_AUTH_NONE
;
749 BT_DBG("conn %p", conn
);
751 if (skb
->len
< sizeof(*rsp
))
752 return SMP_INVALID_PARAMS
;
754 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
755 return SMP_CMD_NOTSUPP
;
757 skb_pull(skb
, sizeof(*rsp
));
759 req
= (void *) &smp
->preq
[1];
761 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
762 if (check_enc_key_size(conn
, key_size
))
763 return SMP_ENC_KEY_SIZE
;
765 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
767 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
768 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
770 /* Update remote key distribution in case the remote cleared
771 * some bits that we had enabled in our request.
773 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
775 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
776 (rsp
->auth_req
& SMP_AUTH_BONDING
))
777 auth
= SMP_AUTH_BONDING
;
779 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
781 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
783 return SMP_UNSPECIFIED
;
785 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
787 /* Can't compose response until we have been confirmed */
788 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
789 queue_work(hdev
->workqueue
, &smp
->confirm
);
794 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
796 struct smp_chan
*smp
= conn
->smp_chan
;
797 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
799 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
801 if (skb
->len
< sizeof(smp
->pcnf
))
802 return SMP_INVALID_PARAMS
;
804 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
805 skb_pull(skb
, sizeof(smp
->pcnf
));
808 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
810 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
811 queue_work(hdev
->workqueue
, &smp
->confirm
);
813 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
818 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
820 struct smp_chan
*smp
= conn
->smp_chan
;
821 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
823 BT_DBG("conn %p", conn
);
825 if (skb
->len
< sizeof(smp
->rrnd
))
826 return SMP_INVALID_PARAMS
;
828 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
829 skb_pull(skb
, sizeof(smp
->rrnd
));
831 queue_work(hdev
->workqueue
, &smp
->random
);
836 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
839 struct hci_conn
*hcon
= conn
->hcon
;
841 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
846 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
849 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
852 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
853 hcon
->enc_key_size
= key
->enc_size
;
858 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
860 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
861 struct smp_cmd_pairing cp
;
862 struct hci_conn
*hcon
= conn
->hcon
;
863 struct smp_chan
*smp
;
865 BT_DBG("conn %p", conn
);
867 if (skb
->len
< sizeof(*rp
))
868 return SMP_INVALID_PARAMS
;
870 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
871 return SMP_CMD_NOTSUPP
;
873 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
875 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
878 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
881 smp
= smp_chan_create(conn
);
883 skb_pull(skb
, sizeof(*rp
));
885 memset(&cp
, 0, sizeof(cp
));
886 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
888 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
889 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
891 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
893 clear_bit(SMP_FLAG_INITIATOR
, &smp
->smp_flags
);
898 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
900 if (sec_level
== BT_SECURITY_LOW
)
903 if (hcon
->sec_level
>= sec_level
)
909 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
911 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
912 struct smp_chan
*smp
;
915 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
917 /* This may be NULL if there's an unexpected disconnection */
921 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
924 if (smp_sufficient_security(hcon
, sec_level
))
927 if (hcon
->link_mode
& HCI_LM_MASTER
)
928 if (smp_ltk_encrypt(conn
, sec_level
))
931 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
934 smp
= smp_chan_create(conn
);
938 authreq
= seclevel_to_authreq(sec_level
);
940 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
941 * flag is set we should also set it for the SMP request.
943 if ((hcon
->auth_type
& 0x01))
944 authreq
|= SMP_AUTH_MITM
;
946 if (hcon
->link_mode
& HCI_LM_MASTER
) {
947 struct smp_cmd_pairing cp
;
949 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
950 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
951 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
953 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
955 struct smp_cmd_security_req cp
;
956 cp
.auth_req
= authreq
;
957 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
960 set_bit(SMP_FLAG_INITIATOR
, &smp
->smp_flags
);
963 hcon
->pending_sec_level
= sec_level
;
968 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
970 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
971 struct smp_chan
*smp
= conn
->smp_chan
;
973 BT_DBG("conn %p", conn
);
975 if (skb
->len
< sizeof(*rp
))
976 return SMP_INVALID_PARAMS
;
978 /* Ignore this PDU if it wasn't requested */
979 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
982 skb_pull(skb
, sizeof(*rp
));
984 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
989 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
991 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
992 struct smp_chan
*smp
= conn
->smp_chan
;
993 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
994 struct hci_conn
*hcon
= conn
->hcon
;
998 BT_DBG("conn %p", conn
);
1000 if (skb
->len
< sizeof(*rp
))
1001 return SMP_INVALID_PARAMS
;
1003 /* Ignore this PDU if it wasn't requested */
1004 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
1007 /* Mark the information as received */
1008 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1010 skb_pull(skb
, sizeof(*rp
));
1013 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1014 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
,
1015 authenticated
, smp
->tk
, smp
->enc_key_size
,
1016 rp
->ediv
, rp
->rand
);
1018 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1019 smp_distribute_keys(conn
);
1020 hci_dev_unlock(hdev
);
1025 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1027 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1028 struct smp_chan
*smp
= conn
->smp_chan
;
1032 if (skb
->len
< sizeof(*info
))
1033 return SMP_INVALID_PARAMS
;
1035 /* Ignore this PDU if it wasn't requested */
1036 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1039 skb_pull(skb
, sizeof(*info
));
1041 memcpy(smp
->irk
, info
->irk
, 16);
1046 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1047 struct sk_buff
*skb
)
1049 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1050 struct smp_chan
*smp
= conn
->smp_chan
;
1051 struct hci_conn
*hcon
= conn
->hcon
;
1056 if (skb
->len
< sizeof(*info
))
1057 return SMP_INVALID_PARAMS
;
1059 /* Ignore this PDU if it wasn't requested */
1060 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1063 /* Mark the information as received */
1064 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1066 skb_pull(skb
, sizeof(*info
));
1068 /* Strictly speaking the Core Specification (4.1) allows sending
1069 * an empty address which would force us to rely on just the IRK
1070 * as "identity information". However, since such
1071 * implementations are not known of and in order to not over
1072 * complicate our implementation, simply pretend that we never
1073 * received an IRK for such a device.
1075 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1076 BT_ERR("Ignoring IRK with no identity address");
1077 smp_distribute_keys(conn
);
1081 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1082 smp
->id_addr_type
= info
->addr_type
;
1084 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1085 bacpy(&rpa
, &hcon
->dst
);
1087 bacpy(&rpa
, BDADDR_ANY
);
1089 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1090 smp
->id_addr_type
, smp
->irk
, &rpa
);
1092 smp_distribute_keys(conn
);
1097 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1099 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1100 struct smp_chan
*smp
= conn
->smp_chan
;
1101 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1102 struct smp_csrk
*csrk
;
1104 BT_DBG("conn %p", conn
);
1106 if (skb
->len
< sizeof(*rp
))
1107 return SMP_INVALID_PARAMS
;
1109 /* Ignore this PDU if it wasn't requested */
1110 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1113 /* Mark the information as received */
1114 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1116 skb_pull(skb
, sizeof(*rp
));
1119 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1121 csrk
->master
= 0x01;
1122 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1125 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1126 smp_distribute_keys(conn
);
1127 hci_dev_unlock(hdev
);
1132 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1134 struct hci_conn
*hcon
= conn
->hcon
;
1138 if (hcon
->type
!= LE_LINK
) {
1148 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1150 reason
= SMP_PAIRING_NOTSUPP
;
1154 code
= skb
->data
[0];
1155 skb_pull(skb
, sizeof(code
));
1158 * The SMP context must be initialized for all other PDUs except
1159 * pairing and security requests. If we get any other PDU when
1160 * not initialized simply disconnect (done if this function
1161 * returns an error).
1163 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1165 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1171 case SMP_CMD_PAIRING_REQ
:
1172 reason
= smp_cmd_pairing_req(conn
, skb
);
1175 case SMP_CMD_PAIRING_FAIL
:
1176 smp_failure(conn
, 0);
1181 case SMP_CMD_PAIRING_RSP
:
1182 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1185 case SMP_CMD_SECURITY_REQ
:
1186 reason
= smp_cmd_security_req(conn
, skb
);
1189 case SMP_CMD_PAIRING_CONFIRM
:
1190 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1193 case SMP_CMD_PAIRING_RANDOM
:
1194 reason
= smp_cmd_pairing_random(conn
, skb
);
1197 case SMP_CMD_ENCRYPT_INFO
:
1198 reason
= smp_cmd_encrypt_info(conn
, skb
);
1201 case SMP_CMD_MASTER_IDENT
:
1202 reason
= smp_cmd_master_ident(conn
, skb
);
1205 case SMP_CMD_IDENT_INFO
:
1206 reason
= smp_cmd_ident_info(conn
, skb
);
1209 case SMP_CMD_IDENT_ADDR_INFO
:
1210 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1213 case SMP_CMD_SIGN_INFO
:
1214 reason
= smp_cmd_sign_info(conn
, skb
);
1218 BT_DBG("Unknown command code 0x%2.2x", code
);
1220 reason
= SMP_CMD_NOTSUPP
;
1227 smp_failure(conn
, reason
);
1233 static void smp_notify_keys(struct l2cap_conn
*conn
)
1235 struct smp_chan
*smp
= conn
->smp_chan
;
1236 struct hci_conn
*hcon
= conn
->hcon
;
1237 struct hci_dev
*hdev
= hcon
->hdev
;
1238 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1239 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1242 if (smp
->remote_irk
) {
1243 mgmt_new_irk(hdev
, smp
->remote_irk
);
1244 /* Now that user space can be considered to know the
1245 * identity address track the connection based on it
1248 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1249 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1250 l2cap_conn_update_id_addr(hcon
);
1253 /* The LTKs and CSRKs should be persistent only if both sides
1254 * had the bonding bit set in their authentication requests.
1256 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
1259 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1260 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1261 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1264 if (smp
->slave_csrk
) {
1265 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1266 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1267 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1271 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1272 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1273 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1276 if (smp
->slave_ltk
) {
1277 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1278 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1279 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1283 int smp_distribute_keys(struct l2cap_conn
*conn
)
1285 struct smp_cmd_pairing
*req
, *rsp
;
1286 struct smp_chan
*smp
= conn
->smp_chan
;
1287 struct hci_conn
*hcon
= conn
->hcon
;
1288 struct hci_dev
*hdev
= hcon
->hdev
;
1291 BT_DBG("conn %p", conn
);
1293 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1296 rsp
= (void *) &smp
->prsp
[1];
1298 /* The responder sends its keys first */
1299 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1302 req
= (void *) &smp
->preq
[1];
1305 keydist
= &rsp
->init_key_dist
;
1306 *keydist
&= req
->init_key_dist
;
1308 keydist
= &rsp
->resp_key_dist
;
1309 *keydist
&= req
->resp_key_dist
;
1312 BT_DBG("keydist 0x%x", *keydist
);
1314 if (*keydist
& SMP_DIST_ENC_KEY
) {
1315 struct smp_cmd_encrypt_info enc
;
1316 struct smp_cmd_master_ident ident
;
1317 struct smp_ltk
*ltk
;
1322 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1323 get_random_bytes(&ediv
, sizeof(ediv
));
1324 get_random_bytes(&rand
, sizeof(rand
));
1326 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1328 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1329 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1330 HCI_SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1331 smp
->enc_key_size
, ediv
, rand
);
1332 smp
->slave_ltk
= ltk
;
1337 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1339 *keydist
&= ~SMP_DIST_ENC_KEY
;
1342 if (*keydist
& SMP_DIST_ID_KEY
) {
1343 struct smp_cmd_ident_addr_info addrinfo
;
1344 struct smp_cmd_ident_info idinfo
;
1346 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1348 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1350 /* The hci_conn contains the local identity address
1351 * after the connection has been established.
1353 * This is true even when the connection has been
1354 * established using a resolvable random address.
1356 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1357 addrinfo
.addr_type
= hcon
->src_type
;
1359 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1362 *keydist
&= ~SMP_DIST_ID_KEY
;
1365 if (*keydist
& SMP_DIST_SIGN
) {
1366 struct smp_cmd_sign_info sign
;
1367 struct smp_csrk
*csrk
;
1369 /* Generate a new random key */
1370 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1372 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1374 csrk
->master
= 0x00;
1375 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1377 smp
->slave_csrk
= csrk
;
1379 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1381 *keydist
&= ~SMP_DIST_SIGN
;
1384 /* If there are still keys to be received wait for them */
1385 if ((smp
->remote_key_dist
& 0x07))
1388 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1389 cancel_delayed_work_sync(&conn
->security_timer
);
1390 set_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
1391 smp_notify_keys(conn
);
1393 smp_chan_destroy(conn
);