projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Convert LTK list to RCU
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
196 bdaddr_t *ra, u8 res[16])
197 {
198 u8 p1[16], p2[16];
199 int err;
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
236 u8 r2[16], u8 _r[16])
237 {
238 int err;
239
240 /* Just least significant octets from r1 and r2 are considered */
241 memcpy(_r, r2, 8);
242 memcpy(_r + 8, r1, 8);
243
244 err = smp_e(tfm_aes, k, _r);
245 if (err)
246 BT_ERR("Encrypt data error");
247
248 return err;
249 }
250
251 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252 {
253 struct l2cap_chan *chan = conn->smp;
254 struct smp_chan *smp;
255 struct kvec iv[2];
256 struct msghdr msg;
257
258 if (!chan)
259 return;
260
261 BT_DBG("code 0x%2.2x", code);
262
263 iv[0].iov_base = &code;
264 iv[0].iov_len = 1;
265
266 iv[1].iov_base = data;
267 iv[1].iov_len = len;
268
269 memset(&msg, 0, sizeof(msg));
270
271 msg.msg_iov = (struct iovec *) &iv;
272 msg.msg_iovlen = 2;
273
274 l2cap_chan_send(chan, &msg, 1 + len);
275
276 if (!chan->data)
277 return;
278
279 smp = chan->data;
280
281 cancel_delayed_work_sync(&smp->security_timer);
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283 }
284
285 static __u8 authreq_to_seclevel(__u8 authreq)
286 {
287 if (authreq & SMP_AUTH_MITM)
288 return BT_SECURITY_HIGH;
289 else
290 return BT_SECURITY_MEDIUM;
291 }
292
293 static __u8 seclevel_to_authreq(__u8 sec_level)
294 {
295 switch (sec_level) {
296 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM:
299 return SMP_AUTH_BONDING;
300 default:
301 return SMP_AUTH_NONE;
302 }
303 }
304
305 static void build_pairing_cmd(struct l2cap_conn *conn,
306 struct smp_cmd_pairing *req,
307 struct smp_cmd_pairing *rsp, __u8 authreq)
308 {
309 struct l2cap_chan *chan = conn->smp;
310 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0;
314
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
317 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
318 authreq |= SMP_AUTH_BONDING;
319 } else {
320 authreq &= ~SMP_AUTH_BONDING;
321 }
322
323 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
324 remote_dist |= SMP_DIST_ID_KEY;
325
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY;
328
329 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK);
336
337 smp->remote_key_dist = remote_dist;
338 return;
339 }
340
341 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK);
347
348 smp->remote_key_dist = rsp->init_key_dist;
349 }
350
351 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
352 {
353 struct l2cap_chan *chan = conn->smp;
354 struct smp_chan *smp = chan->data;
355
356 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
357 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
358 return SMP_ENC_KEY_SIZE;
359
360 smp->enc_key_size = max_key_size;
361
362 return 0;
363 }
364
365 static void smp_chan_destroy(struct l2cap_conn *conn)
366 {
367 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data;
369 bool complete;
370
371 BUG_ON(!smp);
372
373 cancel_delayed_work_sync(&smp->security_timer);
374
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete);
377
378 kfree(smp->csrk);
379 kfree(smp->slave_csrk);
380
381 crypto_free_blkcipher(smp->tfm_aes);
382
383 /* If pairing failed clean up any keys we might have */
384 if (!complete) {
385 if (smp->ltk) {
386 list_del_rcu(&smp->ltk->list);
387 kfree_rcu(smp->ltk, rcu);
388 }
389
390 if (smp->slave_ltk) {
391 list_del_rcu(&smp->slave_ltk->list);
392 kfree_rcu(smp->slave_ltk, rcu);
393 }
394
395 if (smp->remote_irk) {
396 list_del(&smp->remote_irk->list);
397 kfree(smp->remote_irk);
398 }
399 }
400
401 chan->data = NULL;
402 kfree(smp);
403 hci_conn_drop(conn->hcon);
404 }
405
406 static void smp_failure(struct l2cap_conn *conn, u8 reason)
407 {
408 struct hci_conn *hcon = conn->hcon;
409 struct l2cap_chan *chan = conn->smp;
410
411 if (reason)
412 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
413 &reason);
414
415 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
416 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
417
418 if (chan->data)
419 smp_chan_destroy(conn);
420 }
421
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
426 #define REQ_OOB 0x04
427 #define OVERLAP 0xFF
428
429 static const u8 gen_method[5][5] = {
430 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
431 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
432 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
433 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435 };
436
437 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438 {
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
441 */
442 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
443 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM;
445
446 return gen_method[remote_io][local_io];
447 }
448
449 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
450 u8 local_io, u8 remote_io)
451 {
452 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0;
457 int ret = 0;
458
459 /* Initialize key for JUST WORKS */
460 memset(smp->tk, 0, sizeof(smp->tk));
461 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
462
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
464
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
469 * table.
470 */
471 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM;
473 else
474 method = get_auth_method(smp, local_io, remote_io);
475
476 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
478 method = JUST_WORKS;
479
480 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
482 method = JUST_WORKS;
483
484 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0;
488 }
489
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH;
495 }
496
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
499 */
500 if (method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY;
503 else
504 method = REQ_PASSKEY;
505 }
506
507 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000;
512 put_unaligned_le32(passkey, smp->tk);
513 BT_DBG("PassKey: %d", passkey);
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 }
516
517 if (method == REQ_PASSKEY)
518 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
519 hcon->type, hcon->dst_type);
520 else if (method == JUST_CFM)
521 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type,
523 passkey, 1);
524 else
525 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
526 hcon->type, hcon->dst_type,
527 passkey, 0);
528
529 return ret;
530 }
531
532 static u8 smp_confirm(struct smp_chan *smp)
533 {
534 struct l2cap_conn *conn = smp->conn;
535 struct smp_cmd_pairing_confirm cp;
536 int ret;
537
538 BT_DBG("conn %p", conn);
539
540 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
541 conn->hcon->init_addr_type, &conn->hcon->init_addr,
542 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
543 cp.confirm_val);
544 if (ret)
545 return SMP_UNSPECIFIED;
546
547 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
548
549 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
550
551 if (conn->hcon->out)
552 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
553 else
554 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
555
556 return 0;
557 }
558
559 static u8 smp_random(struct smp_chan *smp)
560 {
561 struct l2cap_conn *conn = smp->conn;
562 struct hci_conn *hcon = conn->hcon;
563 u8 confirm[16];
564 int ret;
565
566 if (IS_ERR_OR_NULL(smp->tfm_aes))
567 return SMP_UNSPECIFIED;
568
569 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
570
571 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
572 hcon->init_addr_type, &hcon->init_addr,
573 hcon->resp_addr_type, &hcon->resp_addr, confirm);
574 if (ret)
575 return SMP_UNSPECIFIED;
576
577 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED;
580 }
581
582 if (hcon->out) {
583 u8 stk[16];
584 __le64 rand = 0;
585 __le16 ediv = 0;
586
587 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
588
589 memset(stk + smp->enc_key_size, 0,
590 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
591
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
593 return SMP_UNSPECIFIED;
594
595 hci_le_start_enc(hcon, ediv, rand, stk);
596 hcon->enc_key_size = smp->enc_key_size;
597 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
598 } else {
599 u8 stk[16], auth;
600 __le64 rand = 0;
601 __le16 ediv = 0;
602
603 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
604 smp->prnd);
605
606 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
607
608 memset(stk + smp->enc_key_size, 0,
609 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
610
611 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
612 auth = 1;
613 else
614 auth = 0;
615
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
619 */
620 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
621 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
622 }
623
624 return 0;
625 }
626
627 static void smp_notify_keys(struct l2cap_conn *conn)
628 {
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 struct hci_conn *hcon = conn->hcon;
632 struct hci_dev *hdev = hcon->hdev;
633 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
634 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
635 bool persistent;
636
637 if (smp->remote_irk) {
638 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
641 * from now on.
642 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
644 hcon->dst_type = smp->remote_irk->addr_type;
645 queue_work(hdev->workqueue, &conn->id_addr_update_work);
646
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
651 * list for scanning.
652 *
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
655 * just remove it.
656 */
657 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
658 list_del(&smp->remote_irk->list);
659 kfree(smp->remote_irk);
660 smp->remote_irk = NULL;
661 }
662 }
663
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
666 */
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
668
669 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type;
671 bacpy(&smp->csrk->bdaddr, &hcon->dst);
672 mgmt_new_csrk(hdev, smp->csrk, persistent);
673 }
674
675 if (smp->slave_csrk) {
676 smp->slave_csrk->bdaddr_type = hcon->dst_type;
677 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
678 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
679 }
680
681 if (smp->ltk) {
682 smp->ltk->bdaddr_type = hcon->dst_type;
683 bacpy(&smp->ltk->bdaddr, &hcon->dst);
684 mgmt_new_ltk(hdev, smp->ltk, persistent);
685 }
686
687 if (smp->slave_ltk) {
688 smp->slave_ltk->bdaddr_type = hcon->dst_type;
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 }
692 }
693
694 static void smp_allow_key_dist(struct smp_chan *smp)
695 {
696 /* Allow the first expected phase 3 PDU. The rest of the PDUs
697 * will be allowed in each PDU handler to ensure we receive
698 * them in the correct order.
699 */
700 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
701 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
702 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
703 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
704 else if (smp->remote_key_dist & SMP_DIST_SIGN)
705 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
706 }
707
708 static void smp_distribute_keys(struct smp_chan *smp)
709 {
710 struct smp_cmd_pairing *req, *rsp;
711 struct l2cap_conn *conn = smp->conn;
712 struct hci_conn *hcon = conn->hcon;
713 struct hci_dev *hdev = hcon->hdev;
714 __u8 *keydist;
715
716 BT_DBG("conn %p", conn);
717
718 rsp = (void *) &smp->prsp[1];
719
720 /* The responder sends its keys first */
721 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
722 smp_allow_key_dist(smp);
723 return;
724 }
725
726 req = (void *) &smp->preq[1];
727
728 if (hcon->out) {
729 keydist = &rsp->init_key_dist;
730 *keydist &= req->init_key_dist;
731 } else {
732 keydist = &rsp->resp_key_dist;
733 *keydist &= req->resp_key_dist;
734 }
735
736 BT_DBG("keydist 0x%x", *keydist);
737
738 if (*keydist & SMP_DIST_ENC_KEY) {
739 struct smp_cmd_encrypt_info enc;
740 struct smp_cmd_master_ident ident;
741 struct smp_ltk *ltk;
742 u8 authenticated;
743 __le16 ediv;
744 __le64 rand;
745
746 get_random_bytes(enc.ltk, sizeof(enc.ltk));
747 get_random_bytes(&ediv, sizeof(ediv));
748 get_random_bytes(&rand, sizeof(rand));
749
750 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
751
752 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
753 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
754 SMP_LTK_SLAVE, authenticated, enc.ltk,
755 smp->enc_key_size, ediv, rand);
756 smp->slave_ltk = ltk;
757
758 ident.ediv = ediv;
759 ident.rand = rand;
760
761 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
762
763 *keydist &= ~SMP_DIST_ENC_KEY;
764 }
765
766 if (*keydist & SMP_DIST_ID_KEY) {
767 struct smp_cmd_ident_addr_info addrinfo;
768 struct smp_cmd_ident_info idinfo;
769
770 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
771
772 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
773
774 /* The hci_conn contains the local identity address
775 * after the connection has been established.
776 *
777 * This is true even when the connection has been
778 * established using a resolvable random address.
779 */
780 bacpy(&addrinfo.bdaddr, &hcon->src);
781 addrinfo.addr_type = hcon->src_type;
782
783 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
784 &addrinfo);
785
786 *keydist &= ~SMP_DIST_ID_KEY;
787 }
788
789 if (*keydist & SMP_DIST_SIGN) {
790 struct smp_cmd_sign_info sign;
791 struct smp_csrk *csrk;
792
793 /* Generate a new random key */
794 get_random_bytes(sign.csrk, sizeof(sign.csrk));
795
796 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
797 if (csrk) {
798 csrk->master = 0x00;
799 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
800 }
801 smp->slave_csrk = csrk;
802
803 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
804
805 *keydist &= ~SMP_DIST_SIGN;
806 }
807
808 /* If there are still keys to be received wait for them */
809 if (smp->remote_key_dist & KEY_DIST_MASK) {
810 smp_allow_key_dist(smp);
811 return;
812 }
813
814 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
815 smp_notify_keys(conn);
816
817 smp_chan_destroy(conn);
818 }
819
820 static void smp_timeout(struct work_struct *work)
821 {
822 struct smp_chan *smp = container_of(work, struct smp_chan,
823 security_timer.work);
824 struct l2cap_conn *conn = smp->conn;
825
826 BT_DBG("conn %p", conn);
827
828 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
829 }
830
831 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
832 {
833 struct l2cap_chan *chan = conn->smp;
834 struct smp_chan *smp;
835
836 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
837 if (!smp)
838 return NULL;
839
840 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
841 if (IS_ERR(smp->tfm_aes)) {
842 BT_ERR("Unable to create ECB crypto context");
843 kfree(smp);
844 return NULL;
845 }
846
847 smp->conn = conn;
848 chan->data = smp;
849
850 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
851
852 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
853
854 hci_conn_hold(conn->hcon);
855
856 return smp;
857 }
858
859 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
860 {
861 struct l2cap_conn *conn = hcon->l2cap_data;
862 struct l2cap_chan *chan;
863 struct smp_chan *smp;
864 u32 value;
865 int err;
866
867 BT_DBG("");
868
869 if (!conn)
870 return -ENOTCONN;
871
872 chan = conn->smp;
873 if (!chan)
874 return -ENOTCONN;
875
876 l2cap_chan_lock(chan);
877 if (!chan->data) {
878 err = -ENOTCONN;
879 goto unlock;
880 }
881
882 smp = chan->data;
883
884 switch (mgmt_op) {
885 case MGMT_OP_USER_PASSKEY_REPLY:
886 value = le32_to_cpu(passkey);
887 memset(smp->tk, 0, sizeof(smp->tk));
888 BT_DBG("PassKey: %d", value);
889 put_unaligned_le32(value, smp->tk);
890 /* Fall Through */
891 case MGMT_OP_USER_CONFIRM_REPLY:
892 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
893 break;
894 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
895 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
896 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
897 err = 0;
898 goto unlock;
899 default:
900 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
901 err = -EOPNOTSUPP;
902 goto unlock;
903 }
904
905 err = 0;
906
907 /* If it is our turn to send Pairing Confirm, do so now */
908 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
909 u8 rsp = smp_confirm(smp);
910 if (rsp)
911 smp_failure(conn, rsp);
912 }
913
914 unlock:
915 l2cap_chan_unlock(chan);
916 return err;
917 }
918
919 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
920 {
921 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
922 struct l2cap_chan *chan = conn->smp;
923 struct hci_dev *hdev = conn->hcon->hdev;
924 struct smp_chan *smp;
925 u8 key_size, auth, sec_level;
926 int ret;
927
928 BT_DBG("conn %p", conn);
929
930 if (skb->len < sizeof(*req))
931 return SMP_INVALID_PARAMS;
932
933 if (conn->hcon->role != HCI_ROLE_SLAVE)
934 return SMP_CMD_NOTSUPP;
935
936 if (!chan->data)
937 smp = smp_chan_create(conn);
938 else
939 smp = chan->data;
940
941 if (!smp)
942 return SMP_UNSPECIFIED;
943
944 /* We didn't start the pairing, so match remote */
945 auth = req->auth_req & AUTH_REQ_MASK;
946
947 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
948 (auth & SMP_AUTH_BONDING))
949 return SMP_PAIRING_NOTSUPP;
950
951 smp->preq[0] = SMP_CMD_PAIRING_REQ;
952 memcpy(&smp->preq[1], req, sizeof(*req));
953 skb_pull(skb, sizeof(*req));
954
955 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
956 sec_level = BT_SECURITY_MEDIUM;
957 else
958 sec_level = authreq_to_seclevel(auth);
959
960 if (sec_level > conn->hcon->pending_sec_level)
961 conn->hcon->pending_sec_level = sec_level;
962
963 /* If we need MITM check that it can be achieved */
964 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
965 u8 method;
966
967 method = get_auth_method(smp, conn->hcon->io_capability,
968 req->io_capability);
969 if (method == JUST_WORKS || method == JUST_CFM)
970 return SMP_AUTH_REQUIREMENTS;
971 }
972
973 build_pairing_cmd(conn, req, &rsp, auth);
974
975 key_size = min(req->max_key_size, rsp.max_key_size);
976 if (check_enc_key_size(conn, key_size))
977 return SMP_ENC_KEY_SIZE;
978
979 get_random_bytes(smp->prnd, sizeof(smp->prnd));
980
981 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
982 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
983
984 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
986
987 /* Request setup of TK */
988 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
989 if (ret)
990 return SMP_UNSPECIFIED;
991
992 return 0;
993 }
994
995 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
996 {
997 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
998 struct l2cap_chan *chan = conn->smp;
999 struct smp_chan *smp = chan->data;
1000 u8 key_size, auth;
1001 int ret;
1002
1003 BT_DBG("conn %p", conn);
1004
1005 if (skb->len < sizeof(*rsp))
1006 return SMP_INVALID_PARAMS;
1007
1008 if (conn->hcon->role != HCI_ROLE_MASTER)
1009 return SMP_CMD_NOTSUPP;
1010
1011 skb_pull(skb, sizeof(*rsp));
1012
1013 req = (void *) &smp->preq[1];
1014
1015 key_size = min(req->max_key_size, rsp->max_key_size);
1016 if (check_enc_key_size(conn, key_size))
1017 return SMP_ENC_KEY_SIZE;
1018
1019 auth = rsp->auth_req & AUTH_REQ_MASK;
1020
1021 /* If we need MITM check that it can be achieved */
1022 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1023 u8 method;
1024
1025 method = get_auth_method(smp, req->io_capability,
1026 rsp->io_capability);
1027 if (method == JUST_WORKS || method == JUST_CFM)
1028 return SMP_AUTH_REQUIREMENTS;
1029 }
1030
1031 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1032
1033 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1034 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1035
1036 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request.
1038 */
1039 smp->remote_key_dist &= rsp->resp_key_dist;
1040
1041 auth |= req->auth_req;
1042
1043 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1044 if (ret)
1045 return SMP_UNSPECIFIED;
1046
1047 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1048
1049 /* Can't compose response until we have been confirmed */
1050 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1051 return smp_confirm(smp);
1052
1053 return 0;
1054 }
1055
1056 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1057 {
1058 struct l2cap_chan *chan = conn->smp;
1059 struct smp_chan *smp = chan->data;
1060
1061 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1062
1063 if (skb->len < sizeof(smp->pcnf))
1064 return SMP_INVALID_PARAMS;
1065
1066 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1067 skb_pull(skb, sizeof(smp->pcnf));
1068
1069 if (conn->hcon->out) {
1070 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1071 smp->prnd);
1072 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1073 return 0;
1074 }
1075
1076 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1077 return smp_confirm(smp);
1078 else
1079 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1080
1081 return 0;
1082 }
1083
1084 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1085 {
1086 struct l2cap_chan *chan = conn->smp;
1087 struct smp_chan *smp = chan->data;
1088
1089 BT_DBG("conn %p", conn);
1090
1091 if (skb->len < sizeof(smp->rrnd))
1092 return SMP_INVALID_PARAMS;
1093
1094 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1095 skb_pull(skb, sizeof(smp->rrnd));
1096
1097 return smp_random(smp);
1098 }
1099
1100 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1101 {
1102 struct smp_ltk *key;
1103 struct hci_conn *hcon = conn->hcon;
1104
1105 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1106 hcon->role);
1107 if (!key)
1108 return false;
1109
1110 if (smp_ltk_sec_level(key) < sec_level)
1111 return false;
1112
1113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1114 return true;
1115
1116 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1117 hcon->enc_key_size = key->enc_size;
1118
1119 /* We never store STKs for master role, so clear this flag */
1120 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1121
1122 return true;
1123 }
1124
1125 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1126 enum smp_key_pref key_pref)
1127 {
1128 if (sec_level == BT_SECURITY_LOW)
1129 return true;
1130
1131 /* If we're encrypted with an STK but the caller prefers using
1132 * LTK claim insufficient security. This way we allow the
1133 * connection to be re-encrypted with an LTK, even if the LTK
1134 * provides the same level of security. Only exception is if we
1135 * don't have an LTK (e.g. because of key distribution bits).
1136 */
1137 if (key_pref == SMP_USE_LTK &&
1138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1139 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1140 hcon->role))
1141 return false;
1142
1143 if (hcon->sec_level >= sec_level)
1144 return true;
1145
1146 return false;
1147 }
1148
1149 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1150 {
1151 struct smp_cmd_security_req *rp = (void *) skb->data;
1152 struct smp_cmd_pairing cp;
1153 struct hci_conn *hcon = conn->hcon;
1154 struct smp_chan *smp;
1155 u8 sec_level, auth;
1156
1157 BT_DBG("conn %p", conn);
1158
1159 if (skb->len < sizeof(*rp))
1160 return SMP_INVALID_PARAMS;
1161
1162 if (hcon->role != HCI_ROLE_MASTER)
1163 return SMP_CMD_NOTSUPP;
1164
1165 auth = rp->auth_req & AUTH_REQ_MASK;
1166
1167 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1168 sec_level = BT_SECURITY_MEDIUM;
1169 else
1170 sec_level = authreq_to_seclevel(auth);
1171
1172 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1173 return 0;
1174
1175 if (sec_level > hcon->pending_sec_level)
1176 hcon->pending_sec_level = sec_level;
1177
1178 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1179 return 0;
1180
1181 smp = smp_chan_create(conn);
1182 if (!smp)
1183 return SMP_UNSPECIFIED;
1184
1185 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1186 (auth & SMP_AUTH_BONDING))
1187 return SMP_PAIRING_NOTSUPP;
1188
1189 skb_pull(skb, sizeof(*rp));
1190
1191 memset(&cp, 0, sizeof(cp));
1192 build_pairing_cmd(conn, &cp, NULL, auth);
1193
1194 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1195 memcpy(&smp->preq[1], &cp, sizeof(cp));
1196
1197 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1198 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1199
1200 return 0;
1201 }
1202
1203 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1204 {
1205 struct l2cap_conn *conn = hcon->l2cap_data;
1206 struct l2cap_chan *chan;
1207 struct smp_chan *smp;
1208 __u8 authreq;
1209 int ret;
1210
1211 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1212
1213 /* This may be NULL if there's an unexpected disconnection */
1214 if (!conn)
1215 return 1;
1216
1217 chan = conn->smp;
1218
1219 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1220 return 1;
1221
1222 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1223 return 1;
1224
1225 if (sec_level > hcon->pending_sec_level)
1226 hcon->pending_sec_level = sec_level;
1227
1228 if (hcon->role == HCI_ROLE_MASTER)
1229 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1230 return 0;
1231
1232 l2cap_chan_lock(chan);
1233
1234 /* If SMP is already in progress ignore this request */
1235 if (chan->data) {
1236 ret = 0;
1237 goto unlock;
1238 }
1239
1240 smp = smp_chan_create(conn);
1241 if (!smp) {
1242 ret = 1;
1243 goto unlock;
1244 }
1245
1246 authreq = seclevel_to_authreq(sec_level);
1247
1248 /* Require MITM if IO Capability allows or the security level
1249 * requires it.
1250 */
1251 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1252 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1253 authreq |= SMP_AUTH_MITM;
1254
1255 if (hcon->role == HCI_ROLE_MASTER) {
1256 struct smp_cmd_pairing cp;
1257
1258 build_pairing_cmd(conn, &cp, NULL, authreq);
1259 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1260 memcpy(&smp->preq[1], &cp, sizeof(cp));
1261
1262 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1263 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1264 } else {
1265 struct smp_cmd_security_req cp;
1266 cp.auth_req = authreq;
1267 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1269 }
1270
1271 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1272 ret = 0;
1273
1274 unlock:
1275 l2cap_chan_unlock(chan);
1276 return ret;
1277 }
1278
1279 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1280 {
1281 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1282 struct l2cap_chan *chan = conn->smp;
1283 struct smp_chan *smp = chan->data;
1284
1285 BT_DBG("conn %p", conn);
1286
1287 if (skb->len < sizeof(*rp))
1288 return SMP_INVALID_PARAMS;
1289
1290 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1291
1292 skb_pull(skb, sizeof(*rp));
1293
1294 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1295
1296 return 0;
1297 }
1298
1299 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1300 {
1301 struct smp_cmd_master_ident *rp = (void *) skb->data;
1302 struct l2cap_chan *chan = conn->smp;
1303 struct smp_chan *smp = chan->data;
1304 struct hci_dev *hdev = conn->hcon->hdev;
1305 struct hci_conn *hcon = conn->hcon;
1306 struct smp_ltk *ltk;
1307 u8 authenticated;
1308
1309 BT_DBG("conn %p", conn);
1310
1311 if (skb->len < sizeof(*rp))
1312 return SMP_INVALID_PARAMS;
1313
1314 /* Mark the information as received */
1315 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1316
1317 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1318 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1319 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1320 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1321
1322 skb_pull(skb, sizeof(*rp));
1323
1324 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1325 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1326 authenticated, smp->tk, smp->enc_key_size,
1327 rp->ediv, rp->rand);
1328 smp->ltk = ltk;
1329 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1330 smp_distribute_keys(smp);
1331
1332 return 0;
1333 }
1334
1335 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1336 {
1337 struct smp_cmd_ident_info *info = (void *) skb->data;
1338 struct l2cap_chan *chan = conn->smp;
1339 struct smp_chan *smp = chan->data;
1340
1341 BT_DBG("");
1342
1343 if (skb->len < sizeof(*info))
1344 return SMP_INVALID_PARAMS;
1345
1346 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1347
1348 skb_pull(skb, sizeof(*info));
1349
1350 memcpy(smp->irk, info->irk, 16);
1351
1352 return 0;
1353 }
1354
1355 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1356 struct sk_buff *skb)
1357 {
1358 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1359 struct l2cap_chan *chan = conn->smp;
1360 struct smp_chan *smp = chan->data;
1361 struct hci_conn *hcon = conn->hcon;
1362 bdaddr_t rpa;
1363
1364 BT_DBG("");
1365
1366 if (skb->len < sizeof(*info))
1367 return SMP_INVALID_PARAMS;
1368
1369 /* Mark the information as received */
1370 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1371
1372 if (smp->remote_key_dist & SMP_DIST_SIGN)
1373 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1374
1375 skb_pull(skb, sizeof(*info));
1376
1377 hci_dev_lock(hcon->hdev);
1378
1379 /* Strictly speaking the Core Specification (4.1) allows sending
1380 * an empty address which would force us to rely on just the IRK
1381 * as "identity information". However, since such
1382 * implementations are not known of and in order to not over
1383 * complicate our implementation, simply pretend that we never
1384 * received an IRK for such a device.
1385 */
1386 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1387 BT_ERR("Ignoring IRK with no identity address");
1388 goto distribute;
1389 }
1390
1391 bacpy(&smp->id_addr, &info->bdaddr);
1392 smp->id_addr_type = info->addr_type;
1393
1394 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1395 bacpy(&rpa, &hcon->dst);
1396 else
1397 bacpy(&rpa, BDADDR_ANY);
1398
1399 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1400 smp->id_addr_type, smp->irk, &rpa);
1401
1402 distribute:
1403 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1404 smp_distribute_keys(smp);
1405
1406 hci_dev_unlock(hcon->hdev);
1407
1408 return 0;
1409 }
1410
1411 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1412 {
1413 struct smp_cmd_sign_info *rp = (void *) skb->data;
1414 struct l2cap_chan *chan = conn->smp;
1415 struct smp_chan *smp = chan->data;
1416 struct hci_dev *hdev = conn->hcon->hdev;
1417 struct smp_csrk *csrk;
1418
1419 BT_DBG("conn %p", conn);
1420
1421 if (skb->len < sizeof(*rp))
1422 return SMP_INVALID_PARAMS;
1423
1424 /* Mark the information as received */
1425 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1426
1427 skb_pull(skb, sizeof(*rp));
1428
1429 hci_dev_lock(hdev);
1430 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1431 if (csrk) {
1432 csrk->master = 0x01;
1433 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1434 }
1435 smp->csrk = csrk;
1436 smp_distribute_keys(smp);
1437 hci_dev_unlock(hdev);
1438
1439 return 0;
1440 }
1441
1442 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1443 {
1444 struct l2cap_conn *conn = chan->conn;
1445 struct hci_conn *hcon = conn->hcon;
1446 struct smp_chan *smp;
1447 __u8 code, reason;
1448 int err = 0;
1449
1450 if (hcon->type != LE_LINK) {
1451 kfree_skb(skb);
1452 return 0;
1453 }
1454
1455 if (skb->len < 1)
1456 return -EILSEQ;
1457
1458 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1459 reason = SMP_PAIRING_NOTSUPP;
1460 goto done;
1461 }
1462
1463 code = skb->data[0];
1464 skb_pull(skb, sizeof(code));
1465
1466 smp = chan->data;
1467
1468 if (code > SMP_CMD_MAX)
1469 goto drop;
1470
1471 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1472 goto drop;
1473
1474 /* If we don't have a context the only allowed commands are
1475 * pairing request and security request.
1476 */
1477 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1478 goto drop;
1479
1480 switch (code) {
1481 case SMP_CMD_PAIRING_REQ:
1482 reason = smp_cmd_pairing_req(conn, skb);
1483 break;
1484
1485 case SMP_CMD_PAIRING_FAIL:
1486 smp_failure(conn, 0);
1487 err = -EPERM;
1488 break;
1489
1490 case SMP_CMD_PAIRING_RSP:
1491 reason = smp_cmd_pairing_rsp(conn, skb);
1492 break;
1493
1494 case SMP_CMD_SECURITY_REQ:
1495 reason = smp_cmd_security_req(conn, skb);
1496 break;
1497
1498 case SMP_CMD_PAIRING_CONFIRM:
1499 reason = smp_cmd_pairing_confirm(conn, skb);
1500 break;
1501
1502 case SMP_CMD_PAIRING_RANDOM:
1503 reason = smp_cmd_pairing_random(conn, skb);
1504 break;
1505
1506 case SMP_CMD_ENCRYPT_INFO:
1507 reason = smp_cmd_encrypt_info(conn, skb);
1508 break;
1509
1510 case SMP_CMD_MASTER_IDENT:
1511 reason = smp_cmd_master_ident(conn, skb);
1512 break;
1513
1514 case SMP_CMD_IDENT_INFO:
1515 reason = smp_cmd_ident_info(conn, skb);
1516 break;
1517
1518 case SMP_CMD_IDENT_ADDR_INFO:
1519 reason = smp_cmd_ident_addr_info(conn, skb);
1520 break;
1521
1522 case SMP_CMD_SIGN_INFO:
1523 reason = smp_cmd_sign_info(conn, skb);
1524 break;
1525
1526 default:
1527 BT_DBG("Unknown command code 0x%2.2x", code);
1528 reason = SMP_CMD_NOTSUPP;
1529 goto done;
1530 }
1531
1532 done:
1533 if (!err) {
1534 if (reason)
1535 smp_failure(conn, reason);
1536 kfree_skb(skb);
1537 }
1538
1539 return err;
1540
1541 drop:
1542 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1543 code, &hcon->dst);
1544 kfree_skb(skb);
1545 return 0;
1546 }
1547
1548 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1549 {
1550 struct l2cap_conn *conn = chan->conn;
1551
1552 BT_DBG("chan %p", chan);
1553
1554 if (chan->data)
1555 smp_chan_destroy(conn);
1556
1557 conn->smp = NULL;
1558 l2cap_chan_put(chan);
1559 }
1560
1561 static void smp_resume_cb(struct l2cap_chan *chan)
1562 {
1563 struct smp_chan *smp = chan->data;
1564 struct l2cap_conn *conn = chan->conn;
1565 struct hci_conn *hcon = conn->hcon;
1566
1567 BT_DBG("chan %p", chan);
1568
1569 if (!smp)
1570 return;
1571
1572 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1573 return;
1574
1575 cancel_delayed_work(&smp->security_timer);
1576
1577 smp_distribute_keys(smp);
1578 }
1579
1580 static void smp_ready_cb(struct l2cap_chan *chan)
1581 {
1582 struct l2cap_conn *conn = chan->conn;
1583
1584 BT_DBG("chan %p", chan);
1585
1586 conn->smp = chan;
1587 l2cap_chan_hold(chan);
1588 }
1589
1590 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1591 {
1592 int err;
1593
1594 BT_DBG("chan %p", chan);
1595
1596 err = smp_sig_channel(chan, skb);
1597 if (err) {
1598 struct smp_chan *smp = chan->data;
1599
1600 if (smp)
1601 cancel_delayed_work_sync(&smp->security_timer);
1602
1603 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1604 }
1605
1606 return err;
1607 }
1608
1609 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1610 unsigned long hdr_len,
1611 unsigned long len, int nb)
1612 {
1613 struct sk_buff *skb;
1614
1615 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1616 if (!skb)
1617 return ERR_PTR(-ENOMEM);
1618
1619 skb->priority = HCI_PRIO_MAX;
1620 bt_cb(skb)->chan = chan;
1621
1622 return skb;
1623 }
1624
1625 static const struct l2cap_ops smp_chan_ops = {
1626 .name = "Security Manager",
1627 .ready = smp_ready_cb,
1628 .recv = smp_recv_cb,
1629 .alloc_skb = smp_alloc_skb_cb,
1630 .teardown = smp_teardown_cb,
1631 .resume = smp_resume_cb,
1632
1633 .new_connection = l2cap_chan_no_new_connection,
1634 .state_change = l2cap_chan_no_state_change,
1635 .close = l2cap_chan_no_close,
1636 .defer = l2cap_chan_no_defer,
1637 .suspend = l2cap_chan_no_suspend,
1638 .set_shutdown = l2cap_chan_no_set_shutdown,
1639 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1640 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1641 };
1642
1643 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1644 {
1645 struct l2cap_chan *chan;
1646
1647 BT_DBG("pchan %p", pchan);
1648
1649 chan = l2cap_chan_create();
1650 if (!chan)
1651 return NULL;
1652
1653 chan->chan_type = pchan->chan_type;
1654 chan->ops = &smp_chan_ops;
1655 chan->scid = pchan->scid;
1656 chan->dcid = chan->scid;
1657 chan->imtu = pchan->imtu;
1658 chan->omtu = pchan->omtu;
1659 chan->mode = pchan->mode;
1660
1661 /* Other L2CAP channels may request SMP routines in order to
1662 * change the security level. This means that the SMP channel
1663 * lock must be considered in its own category to avoid lockdep
1664 * warnings.
1665 */
1666 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
1667
1668 BT_DBG("created chan %p", chan);
1669
1670 return chan;
1671 }
1672
1673 static const struct l2cap_ops smp_root_chan_ops = {
1674 .name = "Security Manager Root",
1675 .new_connection = smp_new_conn_cb,
1676
1677 /* None of these are implemented for the root channel */
1678 .close = l2cap_chan_no_close,
1679 .alloc_skb = l2cap_chan_no_alloc_skb,
1680 .recv = l2cap_chan_no_recv,
1681 .state_change = l2cap_chan_no_state_change,
1682 .teardown = l2cap_chan_no_teardown,
1683 .ready = l2cap_chan_no_ready,
1684 .defer = l2cap_chan_no_defer,
1685 .suspend = l2cap_chan_no_suspend,
1686 .resume = l2cap_chan_no_resume,
1687 .set_shutdown = l2cap_chan_no_set_shutdown,
1688 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1689 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1690 };
1691
1692 int smp_register(struct hci_dev *hdev)
1693 {
1694 struct l2cap_chan *chan;
1695 struct crypto_blkcipher *tfm_aes;
1696
1697 BT_DBG("%s", hdev->name);
1698
1699 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1700 if (IS_ERR(tfm_aes)) {
1701 int err = PTR_ERR(tfm_aes);
1702 BT_ERR("Unable to create crypto context");
1703 return err;
1704 }
1705
1706 chan = l2cap_chan_create();
1707 if (!chan) {
1708 crypto_free_blkcipher(tfm_aes);
1709 return -ENOMEM;
1710 }
1711
1712 chan->data = tfm_aes;
1713
1714 l2cap_add_scid(chan, L2CAP_CID_SMP);
1715
1716 l2cap_chan_set_defaults(chan);
1717
1718 bacpy(&chan->src, &hdev->bdaddr);
1719 chan->src_type = BDADDR_LE_PUBLIC;
1720 chan->state = BT_LISTEN;
1721 chan->mode = L2CAP_MODE_BASIC;
1722 chan->imtu = L2CAP_DEFAULT_MTU;
1723 chan->ops = &smp_root_chan_ops;
1724
1725 /* Set correct nesting level for a parent/listening channel */
1726 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1727
1728 hdev->smp_data = chan;
1729
1730 return 0;
1731 }
1732
1733 void smp_unregister(struct hci_dev *hdev)
1734 {
1735 struct l2cap_chan *chan = hdev->smp_data;
1736 struct crypto_blkcipher *tfm_aes;
1737
1738 if (!chan)
1739 return;
1740
1741 BT_DBG("%s chan %p", hdev->name, chan);
1742
1743 tfm_aes = chan->data;
1744 if (tfm_aes) {
1745 chan->data = NULL;
1746 crypto_free_blkcipher(tfm_aes);
1747 }
1748
1749 hdev->smp_data = NULL;
1750 l2cap_chan_put(chan);
1751 }
Linux kernel - Deliverables
This page took 0.065461 seconds and 5 git commands to generate.