2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 #define SMP_FLAG_TK_VALID 1
39 #define SMP_FLAG_CFM_PENDING 2
40 #define SMP_FLAG_MITM_AUTH 3
41 #define SMP_FLAG_COMPLETE 4
42 #define SMP_FLAG_INITIATOR 5
45 struct l2cap_conn
*conn
;
46 u8 preq
[7]; /* SMP Pairing Request */
47 u8 prsp
[7]; /* SMP Pairing Response */
48 u8 prnd
[16]; /* SMP Pairing Random (local) */
49 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
50 u8 pcnf
[16]; /* SMP Pairing Confirm */
51 u8 tk
[16]; /* SMP Temporary Key */
57 struct smp_csrk
*csrk
;
58 struct smp_csrk
*slave_csrk
;
60 struct smp_ltk
*slave_ltk
;
61 struct smp_irk
*remote_irk
;
65 static inline void swap128(const u8 src
[16], u8 dst
[16])
68 for (i
= 0; i
< 16; i
++)
72 static inline void swap56(const u8 src
[7], u8 dst
[7])
75 for (i
= 0; i
< 7; i
++)
79 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
81 struct blkcipher_desc desc
;
82 struct scatterlist sg
;
83 uint8_t tmp
[16], data
[16];
87 BT_ERR("tfm %p", tfm
);
94 /* The most significant octet of key corresponds to k[0] */
97 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
99 BT_ERR("cipher setkey failed: %d", err
);
103 /* Most significant octet of plaintextData corresponds to data[0] */
106 sg_init_one(&sg
, data
, 16);
108 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
110 BT_ERR("Encrypt data error %d", err
);
112 /* Most significant octet of encryptedData corresponds to data[0] */
118 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
123 /* r' = padding || r */
125 memset(_res
+ 3, 0, 13);
127 err
= smp_e(tfm
, irk
, _res
);
129 BT_ERR("Encrypt error");
133 /* The output of the random address function ah is:
134 * ah(h, r) = e(k, r') mod 2^24
135 * The output of the security function e is then truncated to 24 bits
136 * by taking the least significant 24 bits of the output of e as the
139 memcpy(res
, _res
, 3);
144 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
150 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
152 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
156 return !memcmp(bdaddr
->b
, hash
, 3);
159 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
163 get_random_bytes(&rpa
->b
[3], 3);
165 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
166 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
168 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
172 BT_DBG("RPA %pMR", rpa
);
177 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
178 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
179 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
186 /* p1 = pres || preq || _rat || _iat */
189 memcpy(p1
+ 2, preq
, 7);
190 memcpy(p1
+ 9, pres
, 7);
192 /* p2 = padding || ia || ra */
194 memcpy(p2
+ 6, ia
, 6);
195 memset(p2
+ 12, 0, 4);
198 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
200 /* res = e(k, res) */
201 err
= smp_e(tfm
, k
, res
);
203 BT_ERR("Encrypt data error");
207 /* res = res XOR p2 */
208 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
210 /* res = e(k, res) */
211 err
= smp_e(tfm
, k
, res
);
213 BT_ERR("Encrypt data error");
218 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
219 u8 r2
[16], u8 _r
[16])
223 /* Just least significant octets from r1 and r2 are considered */
225 memcpy(_r
+ 8, r1
, 8);
227 err
= smp_e(tfm
, k
, _r
);
229 BT_ERR("Encrypt data error");
234 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
235 u16 dlen
, void *data
)
238 struct l2cap_hdr
*lh
;
241 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
246 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
250 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
251 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
252 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
254 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
256 memcpy(skb_put(skb
, dlen
), data
, dlen
);
261 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
263 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
265 BT_DBG("code 0x%2.2x", code
);
270 skb
->priority
= HCI_PRIO_MAX
;
271 hci_send_acl(conn
->hchan
, skb
, 0);
273 cancel_delayed_work_sync(&conn
->security_timer
);
274 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
277 static __u8
authreq_to_seclevel(__u8 authreq
)
279 if (authreq
& SMP_AUTH_MITM
)
280 return BT_SECURITY_HIGH
;
282 return BT_SECURITY_MEDIUM
;
285 static __u8
seclevel_to_authreq(__u8 sec_level
)
288 case BT_SECURITY_HIGH
:
289 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
290 case BT_SECURITY_MEDIUM
:
291 return SMP_AUTH_BONDING
;
293 return SMP_AUTH_NONE
;
297 static void build_pairing_cmd(struct l2cap_conn
*conn
,
298 struct smp_cmd_pairing
*req
,
299 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
301 struct smp_chan
*smp
= conn
->smp_chan
;
302 struct hci_conn
*hcon
= conn
->hcon
;
303 struct hci_dev
*hdev
= hcon
->hdev
;
304 u8 local_dist
= 0, remote_dist
= 0;
306 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
307 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
308 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
309 authreq
|= SMP_AUTH_BONDING
;
311 authreq
&= ~SMP_AUTH_BONDING
;
314 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
315 remote_dist
|= SMP_DIST_ID_KEY
;
317 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
318 local_dist
|= SMP_DIST_ID_KEY
;
321 req
->io_capability
= conn
->hcon
->io_capability
;
322 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
323 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
324 req
->init_key_dist
= local_dist
;
325 req
->resp_key_dist
= remote_dist
;
326 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
328 smp
->remote_key_dist
= remote_dist
;
332 rsp
->io_capability
= conn
->hcon
->io_capability
;
333 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
334 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
335 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
336 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
337 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
339 smp
->remote_key_dist
= rsp
->init_key_dist
;
342 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
344 struct smp_chan
*smp
= conn
->smp_chan
;
346 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
347 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
348 return SMP_ENC_KEY_SIZE
;
350 smp
->enc_key_size
= max_key_size
;
355 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
357 struct hci_conn
*hcon
= conn
->hcon
;
360 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
363 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
364 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
365 HCI_ERROR_AUTH_FAILURE
);
367 cancel_delayed_work_sync(&conn
->security_timer
);
369 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
370 smp_chan_destroy(conn
);
373 #define JUST_WORKS 0x00
374 #define JUST_CFM 0x01
375 #define REQ_PASSKEY 0x02
376 #define CFM_PASSKEY 0x03
380 static const u8 gen_method
[5][5] = {
381 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
382 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
383 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
384 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
385 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
388 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
389 u8 local_io
, u8 remote_io
)
391 struct hci_conn
*hcon
= conn
->hcon
;
392 struct smp_chan
*smp
= conn
->smp_chan
;
397 /* Initialize key for JUST WORKS */
398 memset(smp
->tk
, 0, sizeof(smp
->tk
));
399 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
401 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
403 /* If neither side wants MITM, use JUST WORKS */
404 /* If either side has unknown io_caps, use JUST WORKS */
405 /* Otherwise, look up method from the table */
406 if (!(auth
& SMP_AUTH_MITM
) ||
407 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
408 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
411 method
= gen_method
[remote_io
][local_io
];
413 /* If not bonding, don't ask user to confirm a Zero TK */
414 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
417 /* Don't confirm locally initiated pairing attempts */
418 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
421 /* If Just Works, Continue with Zero TK */
422 if (method
== JUST_WORKS
) {
423 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
427 /* Not Just Works/Confirm results in MITM Authentication */
428 if (method
!= JUST_CFM
)
429 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
431 /* If both devices have Keyoard-Display I/O, the master
432 * Confirms and the slave Enters the passkey.
434 if (method
== OVERLAP
) {
435 if (hcon
->link_mode
& HCI_LM_MASTER
)
436 method
= CFM_PASSKEY
;
438 method
= REQ_PASSKEY
;
441 /* Generate random passkey. */
442 if (method
== CFM_PASSKEY
) {
443 memset(smp
->tk
, 0, sizeof(smp
->tk
));
444 get_random_bytes(&passkey
, sizeof(passkey
));
446 put_unaligned_le32(passkey
, smp
->tk
);
447 BT_DBG("PassKey: %d", passkey
);
448 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
451 hci_dev_lock(hcon
->hdev
);
453 if (method
== REQ_PASSKEY
)
454 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
455 hcon
->type
, hcon
->dst_type
);
456 else if (method
== JUST_CFM
)
457 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
458 hcon
->type
, hcon
->dst_type
,
461 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
462 hcon
->type
, hcon
->dst_type
,
465 hci_dev_unlock(hcon
->hdev
);
470 static void smp_confirm(struct smp_chan
*smp
)
472 struct l2cap_conn
*conn
= smp
->conn
;
473 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
474 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
475 struct smp_cmd_pairing_confirm cp
;
479 BT_DBG("conn %p", conn
);
481 /* Prevent mutual access to hdev->tfm_aes */
484 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
485 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
486 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
489 hci_dev_unlock(hdev
);
492 reason
= SMP_UNSPECIFIED
;
496 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
498 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
503 smp_failure(conn
, reason
);
506 static u8
smp_random(struct smp_chan
*smp
)
508 struct l2cap_conn
*conn
= smp
->conn
;
509 struct hci_conn
*hcon
= conn
->hcon
;
510 struct hci_dev
*hdev
= hcon
->hdev
;
511 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
515 if (IS_ERR_OR_NULL(tfm
))
516 return SMP_UNSPECIFIED
;
518 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
520 /* Prevent mutual access to hdev->tfm_aes */
523 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
524 hcon
->init_addr_type
, &hcon
->init_addr
,
525 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
527 hci_dev_unlock(hdev
);
530 return SMP_UNSPECIFIED
;
532 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
533 BT_ERR("Pairing failed (confirmation values mismatch)");
534 return SMP_CONFIRM_FAILED
;
542 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
544 memset(stk
+ smp
->enc_key_size
, 0,
545 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
547 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
548 return SMP_UNSPECIFIED
;
550 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
551 hcon
->enc_key_size
= smp
->enc_key_size
;
557 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
560 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
562 memset(stk
+ smp
->enc_key_size
, 0,
563 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
565 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
566 HCI_SMP_STK_SLAVE
, 0, stk
, smp
->enc_key_size
,
573 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
575 struct smp_chan
*smp
;
577 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
582 conn
->smp_chan
= smp
;
583 conn
->hcon
->smp_conn
= conn
;
585 hci_conn_hold(conn
->hcon
);
590 void smp_chan_destroy(struct l2cap_conn
*conn
)
592 struct smp_chan
*smp
= conn
->smp_chan
;
597 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
598 mgmt_smp_complete(conn
->hcon
, complete
);
601 kfree(smp
->slave_csrk
);
603 /* If pairing failed clean up any keys we might have */
606 list_del(&smp
->ltk
->list
);
610 if (smp
->slave_ltk
) {
611 list_del(&smp
->slave_ltk
->list
);
612 kfree(smp
->slave_ltk
);
615 if (smp
->remote_irk
) {
616 list_del(&smp
->remote_irk
->list
);
617 kfree(smp
->remote_irk
);
622 conn
->smp_chan
= NULL
;
623 conn
->hcon
->smp_conn
= NULL
;
624 hci_conn_drop(conn
->hcon
);
627 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
629 struct l2cap_conn
*conn
= hcon
->smp_conn
;
630 struct smp_chan
*smp
;
638 smp
= conn
->smp_chan
;
641 case MGMT_OP_USER_PASSKEY_REPLY
:
642 value
= le32_to_cpu(passkey
);
643 memset(smp
->tk
, 0, sizeof(smp
->tk
));
644 BT_DBG("PassKey: %d", value
);
645 put_unaligned_le32(value
, smp
->tk
);
647 case MGMT_OP_USER_CONFIRM_REPLY
:
648 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
650 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
651 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
652 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
655 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
659 /* If it is our turn to send Pairing Confirm, do so now */
660 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
))
666 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
668 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
669 struct smp_chan
*smp
;
673 BT_DBG("conn %p", conn
);
675 if (skb
->len
< sizeof(*req
))
676 return SMP_INVALID_PARAMS
;
678 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
679 return SMP_CMD_NOTSUPP
;
681 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
682 smp
= smp_chan_create(conn
);
684 smp
= conn
->smp_chan
;
687 return SMP_UNSPECIFIED
;
689 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
690 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
691 skb_pull(skb
, sizeof(*req
));
693 /* We didn't start the pairing, so match remote */
694 auth
= req
->auth_req
;
696 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
698 build_pairing_cmd(conn
, req
, &rsp
, auth
);
700 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
701 if (check_enc_key_size(conn
, key_size
))
702 return SMP_ENC_KEY_SIZE
;
704 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
706 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
707 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
709 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
711 /* Request setup of TK */
712 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
714 return SMP_UNSPECIFIED
;
716 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
721 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
723 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
724 struct smp_chan
*smp
= conn
->smp_chan
;
725 u8 key_size
, auth
= SMP_AUTH_NONE
;
728 BT_DBG("conn %p", conn
);
730 if (skb
->len
< sizeof(*rsp
))
731 return SMP_INVALID_PARAMS
;
733 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
734 return SMP_CMD_NOTSUPP
;
736 skb_pull(skb
, sizeof(*rsp
));
738 req
= (void *) &smp
->preq
[1];
740 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
741 if (check_enc_key_size(conn
, key_size
))
742 return SMP_ENC_KEY_SIZE
;
744 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
746 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
747 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
749 /* Update remote key distribution in case the remote cleared
750 * some bits that we had enabled in our request.
752 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
754 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
755 (rsp
->auth_req
& SMP_AUTH_BONDING
))
756 auth
= SMP_AUTH_BONDING
;
758 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
760 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
762 return SMP_UNSPECIFIED
;
764 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
766 /* Can't compose response until we have been confirmed */
767 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
773 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
775 struct smp_chan
*smp
= conn
->smp_chan
;
777 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
779 if (skb
->len
< sizeof(smp
->pcnf
))
780 return SMP_INVALID_PARAMS
;
782 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
783 skb_pull(skb
, sizeof(smp
->pcnf
));
786 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
788 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
791 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
796 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
798 struct smp_chan
*smp
= conn
->smp_chan
;
800 BT_DBG("conn %p", conn
);
802 if (skb
->len
< sizeof(smp
->rrnd
))
803 return SMP_INVALID_PARAMS
;
805 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
806 skb_pull(skb
, sizeof(smp
->rrnd
));
808 return smp_random(smp
);
811 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
814 struct hci_conn
*hcon
= conn
->hcon
;
816 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
821 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
824 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
827 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
828 hcon
->enc_key_size
= key
->enc_size
;
833 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
835 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
836 struct smp_cmd_pairing cp
;
837 struct hci_conn
*hcon
= conn
->hcon
;
838 struct smp_chan
*smp
;
840 BT_DBG("conn %p", conn
);
842 if (skb
->len
< sizeof(*rp
))
843 return SMP_INVALID_PARAMS
;
845 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
846 return SMP_CMD_NOTSUPP
;
848 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
850 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
853 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
856 smp
= smp_chan_create(conn
);
858 skb_pull(skb
, sizeof(*rp
));
860 memset(&cp
, 0, sizeof(cp
));
861 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
863 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
864 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
866 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
868 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
873 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
875 if (sec_level
== BT_SECURITY_LOW
)
878 if (hcon
->sec_level
>= sec_level
)
884 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
886 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
887 struct smp_chan
*smp
;
890 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
892 /* This may be NULL if there's an unexpected disconnection */
896 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
899 if (smp_sufficient_security(hcon
, sec_level
))
902 if (hcon
->link_mode
& HCI_LM_MASTER
)
903 if (smp_ltk_encrypt(conn
, sec_level
))
906 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
909 smp
= smp_chan_create(conn
);
913 authreq
= seclevel_to_authreq(sec_level
);
915 /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
916 * flag is set we should also set it for the SMP request.
918 if ((hcon
->auth_type
& 0x01))
919 authreq
|= SMP_AUTH_MITM
;
921 if (hcon
->link_mode
& HCI_LM_MASTER
) {
922 struct smp_cmd_pairing cp
;
924 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
925 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
926 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
928 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
930 struct smp_cmd_security_req cp
;
931 cp
.auth_req
= authreq
;
932 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
935 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
938 hcon
->pending_sec_level
= sec_level
;
943 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
945 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
946 struct smp_chan
*smp
= conn
->smp_chan
;
948 BT_DBG("conn %p", conn
);
950 if (skb
->len
< sizeof(*rp
))
951 return SMP_INVALID_PARAMS
;
953 /* Ignore this PDU if it wasn't requested */
954 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
957 skb_pull(skb
, sizeof(*rp
));
959 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
964 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
966 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
967 struct smp_chan
*smp
= conn
->smp_chan
;
968 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
969 struct hci_conn
*hcon
= conn
->hcon
;
973 BT_DBG("conn %p", conn
);
975 if (skb
->len
< sizeof(*rp
))
976 return SMP_INVALID_PARAMS
;
978 /* Ignore this PDU if it wasn't requested */
979 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
982 /* Mark the information as received */
983 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
985 skb_pull(skb
, sizeof(*rp
));
988 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
989 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
,
990 authenticated
, smp
->tk
, smp
->enc_key_size
,
993 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
994 smp_distribute_keys(conn
);
995 hci_dev_unlock(hdev
);
1000 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1002 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1003 struct smp_chan
*smp
= conn
->smp_chan
;
1007 if (skb
->len
< sizeof(*info
))
1008 return SMP_INVALID_PARAMS
;
1010 /* Ignore this PDU if it wasn't requested */
1011 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1014 skb_pull(skb
, sizeof(*info
));
1016 memcpy(smp
->irk
, info
->irk
, 16);
1021 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1022 struct sk_buff
*skb
)
1024 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1025 struct smp_chan
*smp
= conn
->smp_chan
;
1026 struct hci_conn
*hcon
= conn
->hcon
;
1031 if (skb
->len
< sizeof(*info
))
1032 return SMP_INVALID_PARAMS
;
1034 /* Ignore this PDU if it wasn't requested */
1035 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1038 /* Mark the information as received */
1039 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1041 skb_pull(skb
, sizeof(*info
));
1043 /* Strictly speaking the Core Specification (4.1) allows sending
1044 * an empty address which would force us to rely on just the IRK
1045 * as "identity information". However, since such
1046 * implementations are not known of and in order to not over
1047 * complicate our implementation, simply pretend that we never
1048 * received an IRK for such a device.
1050 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1051 BT_ERR("Ignoring IRK with no identity address");
1052 smp_distribute_keys(conn
);
1056 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1057 smp
->id_addr_type
= info
->addr_type
;
1059 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1060 bacpy(&rpa
, &hcon
->dst
);
1062 bacpy(&rpa
, BDADDR_ANY
);
1064 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1065 smp
->id_addr_type
, smp
->irk
, &rpa
);
1067 smp_distribute_keys(conn
);
1072 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1074 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1075 struct smp_chan
*smp
= conn
->smp_chan
;
1076 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1077 struct smp_csrk
*csrk
;
1079 BT_DBG("conn %p", conn
);
1081 if (skb
->len
< sizeof(*rp
))
1082 return SMP_INVALID_PARAMS
;
1084 /* Ignore this PDU if it wasn't requested */
1085 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1088 /* Mark the information as received */
1089 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1091 skb_pull(skb
, sizeof(*rp
));
1094 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1096 csrk
->master
= 0x01;
1097 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1100 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1101 smp_distribute_keys(conn
);
1102 hci_dev_unlock(hdev
);
1107 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1109 struct hci_conn
*hcon
= conn
->hcon
;
1113 if (hcon
->type
!= LE_LINK
) {
1123 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1125 reason
= SMP_PAIRING_NOTSUPP
;
1129 code
= skb
->data
[0];
1130 skb_pull(skb
, sizeof(code
));
1133 * The SMP context must be initialized for all other PDUs except
1134 * pairing and security requests. If we get any other PDU when
1135 * not initialized simply disconnect (done if this function
1136 * returns an error).
1138 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1140 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1146 case SMP_CMD_PAIRING_REQ
:
1147 reason
= smp_cmd_pairing_req(conn
, skb
);
1150 case SMP_CMD_PAIRING_FAIL
:
1151 smp_failure(conn
, 0);
1156 case SMP_CMD_PAIRING_RSP
:
1157 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1160 case SMP_CMD_SECURITY_REQ
:
1161 reason
= smp_cmd_security_req(conn
, skb
);
1164 case SMP_CMD_PAIRING_CONFIRM
:
1165 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1168 case SMP_CMD_PAIRING_RANDOM
:
1169 reason
= smp_cmd_pairing_random(conn
, skb
);
1172 case SMP_CMD_ENCRYPT_INFO
:
1173 reason
= smp_cmd_encrypt_info(conn
, skb
);
1176 case SMP_CMD_MASTER_IDENT
:
1177 reason
= smp_cmd_master_ident(conn
, skb
);
1180 case SMP_CMD_IDENT_INFO
:
1181 reason
= smp_cmd_ident_info(conn
, skb
);
1184 case SMP_CMD_IDENT_ADDR_INFO
:
1185 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1188 case SMP_CMD_SIGN_INFO
:
1189 reason
= smp_cmd_sign_info(conn
, skb
);
1193 BT_DBG("Unknown command code 0x%2.2x", code
);
1195 reason
= SMP_CMD_NOTSUPP
;
1202 smp_failure(conn
, reason
);
1208 static void smp_notify_keys(struct l2cap_conn
*conn
)
1210 struct smp_chan
*smp
= conn
->smp_chan
;
1211 struct hci_conn
*hcon
= conn
->hcon
;
1212 struct hci_dev
*hdev
= hcon
->hdev
;
1213 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1214 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1217 if (smp
->remote_irk
) {
1218 mgmt_new_irk(hdev
, smp
->remote_irk
);
1219 /* Now that user space can be considered to know the
1220 * identity address track the connection based on it
1223 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1224 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1225 l2cap_conn_update_id_addr(hcon
);
1228 /* The LTKs and CSRKs should be persistent only if both sides
1229 * had the bonding bit set in their authentication requests.
1231 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
1234 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1235 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1236 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1239 if (smp
->slave_csrk
) {
1240 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1241 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1242 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1246 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1247 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1248 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1251 if (smp
->slave_ltk
) {
1252 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1253 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1254 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1258 int smp_distribute_keys(struct l2cap_conn
*conn
)
1260 struct smp_cmd_pairing
*req
, *rsp
;
1261 struct smp_chan
*smp
= conn
->smp_chan
;
1262 struct hci_conn
*hcon
= conn
->hcon
;
1263 struct hci_dev
*hdev
= hcon
->hdev
;
1266 BT_DBG("conn %p", conn
);
1268 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1271 rsp
= (void *) &smp
->prsp
[1];
1273 /* The responder sends its keys first */
1274 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1277 req
= (void *) &smp
->preq
[1];
1280 keydist
= &rsp
->init_key_dist
;
1281 *keydist
&= req
->init_key_dist
;
1283 keydist
= &rsp
->resp_key_dist
;
1284 *keydist
&= req
->resp_key_dist
;
1287 BT_DBG("keydist 0x%x", *keydist
);
1289 if (*keydist
& SMP_DIST_ENC_KEY
) {
1290 struct smp_cmd_encrypt_info enc
;
1291 struct smp_cmd_master_ident ident
;
1292 struct smp_ltk
*ltk
;
1297 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1298 get_random_bytes(&ediv
, sizeof(ediv
));
1299 get_random_bytes(&rand
, sizeof(rand
));
1301 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1303 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1304 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1305 HCI_SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1306 smp
->enc_key_size
, ediv
, rand
);
1307 smp
->slave_ltk
= ltk
;
1312 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1314 *keydist
&= ~SMP_DIST_ENC_KEY
;
1317 if (*keydist
& SMP_DIST_ID_KEY
) {
1318 struct smp_cmd_ident_addr_info addrinfo
;
1319 struct smp_cmd_ident_info idinfo
;
1321 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1323 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1325 /* The hci_conn contains the local identity address
1326 * after the connection has been established.
1328 * This is true even when the connection has been
1329 * established using a resolvable random address.
1331 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1332 addrinfo
.addr_type
= hcon
->src_type
;
1334 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1337 *keydist
&= ~SMP_DIST_ID_KEY
;
1340 if (*keydist
& SMP_DIST_SIGN
) {
1341 struct smp_cmd_sign_info sign
;
1342 struct smp_csrk
*csrk
;
1344 /* Generate a new random key */
1345 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1347 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1349 csrk
->master
= 0x00;
1350 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1352 smp
->slave_csrk
= csrk
;
1354 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1356 *keydist
&= ~SMP_DIST_SIGN
;
1359 /* If there are still keys to be received wait for them */
1360 if ((smp
->remote_key_dist
& 0x07))
1363 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1364 cancel_delayed_work_sync(&conn
->security_timer
);
1365 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1366 smp_notify_keys(conn
);
1368 smp_chan_destroy(conn
);