projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add dummy handler for LE SC keypress notification
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "ecc.h"
33 #include "smp.h"
34
35 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36
37 /* Keys which are not distributed with Secure Connections */
38 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
39
40 #define SMP_TIMEOUT msecs_to_jiffies(30000)
41
42 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
43 0x1f : 0x07)
44 #define KEY_DIST_MASK 0x07
45
46 /* Maximum message length that can be passed to aes_cmac */
47 #define CMAC_MSG_MAX 80
48
49 enum {
50 SMP_FLAG_TK_VALID,
51 SMP_FLAG_CFM_PENDING,
52 SMP_FLAG_MITM_AUTH,
53 SMP_FLAG_COMPLETE,
54 SMP_FLAG_INITIATOR,
55 SMP_FLAG_SC,
56 SMP_FLAG_REMOTE_PK,
57 SMP_FLAG_DEBUG_KEY,
58 SMP_FLAG_WAIT_USER,
59 SMP_FLAG_DHKEY_PENDING,
60 };
61
62 struct smp_chan {
63 struct l2cap_conn *conn;
64 struct delayed_work security_timer;
65 unsigned long allow_cmd; /* Bitmask of allowed commands */
66
67 u8 preq[7]; /* SMP Pairing Request */
68 u8 prsp[7]; /* SMP Pairing Response */
69 u8 prnd[16]; /* SMP Pairing Random (local) */
70 u8 rrnd[16]; /* SMP Pairing Random (remote) */
71 u8 pcnf[16]; /* SMP Pairing Confirm */
72 u8 tk[16]; /* SMP Temporary Key */
73 u8 enc_key_size;
74 u8 remote_key_dist;
75 bdaddr_t id_addr;
76 u8 id_addr_type;
77 u8 irk[16];
78 struct smp_csrk *csrk;
79 struct smp_csrk *slave_csrk;
80 struct smp_ltk *ltk;
81 struct smp_ltk *slave_ltk;
82 struct smp_irk *remote_irk;
83 u8 *link_key;
84 unsigned long flags;
85 u8 method;
86 u8 passkey_round;
87
88 /* Secure Connections variables */
89 u8 local_pk[64];
90 u8 local_sk[32];
91 u8 remote_pk[64];
92 u8 dhkey[32];
93 u8 mackey[16];
94
95 struct crypto_blkcipher *tfm_aes;
96 struct crypto_hash *tfm_cmac;
97 };
98
99 /* These debug key values are defined in the SMP section of the core
100 * specification. debug_pk is the public debug key and debug_sk the
101 * private debug key.
102 */
103 static const u8 debug_pk[64] = {
104 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
105 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
106 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
107 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
108
109 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
110 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
111 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
112 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
113 };
114
115 static const u8 debug_sk[32] = {
116 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
117 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
118 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
119 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
120 };
121
122 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
123 {
124 size_t i;
125
126 for (i = 0; i < len; i++)
127 dst[len - 1 - i] = src[i];
128 }
129
130 static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
131 size_t len, u8 mac[16])
132 {
133 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
134 struct hash_desc desc;
135 struct scatterlist sg;
136 int err;
137
138 if (len > CMAC_MSG_MAX)
139 return -EFBIG;
140
141 if (!tfm) {
142 BT_ERR("tfm %p", tfm);
143 return -EINVAL;
144 }
145
146 desc.tfm = tfm;
147 desc.flags = 0;
148
149 crypto_hash_init(&desc);
150
151 /* Swap key and message from LSB to MSB */
152 swap_buf(k, tmp, 16);
153 swap_buf(m, msg_msb, len);
154
155 BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
156 BT_DBG("key %16phN", k);
157
158 err = crypto_hash_setkey(tfm, tmp, 16);
159 if (err) {
160 BT_ERR("cipher setkey failed: %d", err);
161 return err;
162 }
163
164 sg_init_one(&sg, msg_msb, len);
165
166 err = crypto_hash_update(&desc, &sg, len);
167 if (err) {
168 BT_ERR("Hash update error %d", err);
169 return err;
170 }
171
172 err = crypto_hash_final(&desc, mac_msb);
173 if (err) {
174 BT_ERR("Hash final error %d", err);
175 return err;
176 }
177
178 swap_buf(mac_msb, mac, 16);
179
180 BT_DBG("mac %16phN", mac);
181
182 return 0;
183 }
184
185 static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
186 const u8 x[16], u8 z, u8 res[16])
187 {
188 u8 m[65];
189 int err;
190
191 BT_DBG("u %32phN", u);
192 BT_DBG("v %32phN", v);
193 BT_DBG("x %16phN z %02x", x, z);
194
195 m[0] = z;
196 memcpy(m + 1, v, 32);
197 memcpy(m + 33, u, 32);
198
199 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
200 if (err)
201 return err;
202
203 BT_DBG("res %16phN", res);
204
205 return err;
206 }
207
208 static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
209 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
210 {
211 /* The btle, salt and length "magic" values are as defined in
212 * the SMP section of the Bluetooth core specification. In ASCII
213 * the btle value ends up being 'btle'. The salt is just a
214 * random number whereas length is the value 256 in little
215 * endian format.
216 */
217 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
218 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
219 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
220 const u8 length[2] = { 0x00, 0x01 };
221 u8 m[53], t[16];
222 int err;
223
224 BT_DBG("w %32phN", w);
225 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
226 BT_DBG("a1 %7phN a2 %7phN", a1, a2);
227
228 err = aes_cmac(tfm_cmac, salt, w, 32, t);
229 if (err)
230 return err;
231
232 BT_DBG("t %16phN", t);
233
234 memcpy(m, length, 2);
235 memcpy(m + 2, a2, 7);
236 memcpy(m + 9, a1, 7);
237 memcpy(m + 16, n2, 16);
238 memcpy(m + 32, n1, 16);
239 memcpy(m + 48, btle, 4);
240
241 m[52] = 0; /* Counter */
242
243 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
244 if (err)
245 return err;
246
247 BT_DBG("mackey %16phN", mackey);
248
249 m[52] = 1; /* Counter */
250
251 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
252 if (err)
253 return err;
254
255 BT_DBG("ltk %16phN", ltk);
256
257 return 0;
258 }
259
260 static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
261 const u8 n1[16], u8 n2[16], const u8 r[16],
262 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
263 u8 res[16])
264 {
265 u8 m[65];
266 int err;
267
268 BT_DBG("w %16phN", w);
269 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
270 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
271
272 memcpy(m, a2, 7);
273 memcpy(m + 7, a1, 7);
274 memcpy(m + 14, io_cap, 3);
275 memcpy(m + 17, r, 16);
276 memcpy(m + 33, n2, 16);
277 memcpy(m + 49, n1, 16);
278
279 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
280 if (err)
281 return err;
282
283 BT_DBG("res %16phN", res);
284
285 return err;
286 }
287
288 static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
289 const u8 x[16], const u8 y[16], u32 *val)
290 {
291 u8 m[80], tmp[16];
292 int err;
293
294 BT_DBG("u %32phN", u);
295 BT_DBG("v %32phN", v);
296 BT_DBG("x %16phN y %16phN", x, y);
297
298 memcpy(m, y, 16);
299 memcpy(m + 16, v, 32);
300 memcpy(m + 48, u, 32);
301
302 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
303 if (err)
304 return err;
305
306 *val = get_unaligned_le32(tmp);
307 *val %= 1000000;
308
309 BT_DBG("val %06u", *val);
310
311 return 0;
312 }
313
314 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
315 {
316 struct blkcipher_desc desc;
317 struct scatterlist sg;
318 uint8_t tmp[16], data[16];
319 int err;
320
321 if (tfm == NULL) {
322 BT_ERR("tfm %p", tfm);
323 return -EINVAL;
324 }
325
326 desc.tfm = tfm;
327 desc.flags = 0;
328
329 /* The most significant octet of key corresponds to k[0] */
330 swap_buf(k, tmp, 16);
331
332 err = crypto_blkcipher_setkey(tfm, tmp, 16);
333 if (err) {
334 BT_ERR("cipher setkey failed: %d", err);
335 return err;
336 }
337
338 /* Most significant octet of plaintextData corresponds to data[0] */
339 swap_buf(r, data, 16);
340
341 sg_init_one(&sg, data, 16);
342
343 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
344 if (err)
345 BT_ERR("Encrypt data error %d", err);
346
347 /* Most significant octet of encryptedData corresponds to data[0] */
348 swap_buf(data, r, 16);
349
350 return err;
351 }
352
353 static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
354 const u8 key_id[4], u8 res[16])
355 {
356 int err;
357
358 BT_DBG("w %16phN key_id %4phN", w, key_id);
359
360 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
361 if (err)
362 return err;
363
364 BT_DBG("res %16phN", res);
365
366 return err;
367 }
368
369 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
370 {
371 u8 _res[16];
372 int err;
373
374 /* r' = padding || r */
375 memcpy(_res, r, 3);
376 memset(_res + 3, 0, 13);
377
378 err = smp_e(tfm, irk, _res);
379 if (err) {
380 BT_ERR("Encrypt error");
381 return err;
382 }
383
384 /* The output of the random address function ah is:
385 * ah(h, r) = e(k, r') mod 2^24
386 * The output of the security function e is then truncated to 24 bits
387 * by taking the least significant 24 bits of the output of e as the
388 * result of ah.
389 */
390 memcpy(res, _res, 3);
391
392 return 0;
393 }
394
395 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
396 {
397 struct l2cap_chan *chan = hdev->smp_data;
398 struct crypto_blkcipher *tfm;
399 u8 hash[3];
400 int err;
401
402 if (!chan || !chan->data)
403 return false;
404
405 tfm = chan->data;
406
407 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
408
409 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
410 if (err)
411 return false;
412
413 return !memcmp(bdaddr->b, hash, 3);
414 }
415
416 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
417 {
418 struct l2cap_chan *chan = hdev->smp_data;
419 struct crypto_blkcipher *tfm;
420 int err;
421
422 if (!chan || !chan->data)
423 return -EOPNOTSUPP;
424
425 tfm = chan->data;
426
427 get_random_bytes(&rpa->b[3], 3);
428
429 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
430 rpa->b[5] |= 0x40; /* Set second most significant bit */
431
432 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
433 if (err < 0)
434 return err;
435
436 BT_DBG("RPA %pMR", rpa);
437
438 return 0;
439 }
440
441 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
442 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
443 bdaddr_t *ra, u8 res[16])
444 {
445 u8 p1[16], p2[16];
446 int err;
447
448 memset(p1, 0, 16);
449
450 /* p1 = pres || preq || _rat || _iat */
451 p1[0] = _iat;
452 p1[1] = _rat;
453 memcpy(p1 + 2, preq, 7);
454 memcpy(p1 + 9, pres, 7);
455
456 /* p2 = padding || ia || ra */
457 memcpy(p2, ra, 6);
458 memcpy(p2 + 6, ia, 6);
459 memset(p2 + 12, 0, 4);
460
461 /* res = r XOR p1 */
462 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
463
464 /* res = e(k, res) */
465 err = smp_e(tfm_aes, k, res);
466 if (err) {
467 BT_ERR("Encrypt data error");
468 return err;
469 }
470
471 /* res = res XOR p2 */
472 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
473
474 /* res = e(k, res) */
475 err = smp_e(tfm_aes, k, res);
476 if (err)
477 BT_ERR("Encrypt data error");
478
479 return err;
480 }
481
482 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
483 u8 r2[16], u8 _r[16])
484 {
485 int err;
486
487 /* Just least significant octets from r1 and r2 are considered */
488 memcpy(_r, r2, 8);
489 memcpy(_r + 8, r1, 8);
490
491 err = smp_e(tfm_aes, k, _r);
492 if (err)
493 BT_ERR("Encrypt data error");
494
495 return err;
496 }
497
498 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
499 {
500 struct l2cap_chan *chan = conn->smp;
501 struct smp_chan *smp;
502 struct kvec iv[2];
503 struct msghdr msg;
504
505 if (!chan)
506 return;
507
508 BT_DBG("code 0x%2.2x", code);
509
510 iv[0].iov_base = &code;
511 iv[0].iov_len = 1;
512
513 iv[1].iov_base = data;
514 iv[1].iov_len = len;
515
516 memset(&msg, 0, sizeof(msg));
517
518 msg.msg_iov = (struct iovec *) &iv;
519 msg.msg_iovlen = 2;
520
521 l2cap_chan_send(chan, &msg, 1 + len);
522
523 if (!chan->data)
524 return;
525
526 smp = chan->data;
527
528 cancel_delayed_work_sync(&smp->security_timer);
529 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
530 }
531
532 static u8 authreq_to_seclevel(u8 authreq)
533 {
534 if (authreq & SMP_AUTH_MITM) {
535 if (authreq & SMP_AUTH_SC)
536 return BT_SECURITY_FIPS;
537 else
538 return BT_SECURITY_HIGH;
539 } else {
540 return BT_SECURITY_MEDIUM;
541 }
542 }
543
544 static __u8 seclevel_to_authreq(__u8 sec_level)
545 {
546 switch (sec_level) {
547 case BT_SECURITY_FIPS:
548 case BT_SECURITY_HIGH:
549 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
550 case BT_SECURITY_MEDIUM:
551 return SMP_AUTH_BONDING;
552 default:
553 return SMP_AUTH_NONE;
554 }
555 }
556
557 static void build_pairing_cmd(struct l2cap_conn *conn,
558 struct smp_cmd_pairing *req,
559 struct smp_cmd_pairing *rsp, __u8 authreq)
560 {
561 struct l2cap_chan *chan = conn->smp;
562 struct smp_chan *smp = chan->data;
563 struct hci_conn *hcon = conn->hcon;
564 struct hci_dev *hdev = hcon->hdev;
565 u8 local_dist = 0, remote_dist = 0;
566
567 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
568 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
569 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
570 authreq |= SMP_AUTH_BONDING;
571 } else {
572 authreq &= ~SMP_AUTH_BONDING;
573 }
574
575 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
576 remote_dist |= SMP_DIST_ID_KEY;
577
578 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
579 local_dist |= SMP_DIST_ID_KEY;
580
581 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
582 if ((authreq & SMP_AUTH_SC) &&
583 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
584 local_dist |= SMP_DIST_LINK_KEY;
585 remote_dist |= SMP_DIST_LINK_KEY;
586 }
587 } else {
588 authreq &= ~SMP_AUTH_SC;
589 }
590
591 if (rsp == NULL) {
592 req->io_capability = conn->hcon->io_capability;
593 req->oob_flag = SMP_OOB_NOT_PRESENT;
594 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
595 req->init_key_dist = local_dist;
596 req->resp_key_dist = remote_dist;
597 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
598
599 smp->remote_key_dist = remote_dist;
600 return;
601 }
602
603 rsp->io_capability = conn->hcon->io_capability;
604 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
605 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
606 rsp->init_key_dist = req->init_key_dist & remote_dist;
607 rsp->resp_key_dist = req->resp_key_dist & local_dist;
608 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
609
610 smp->remote_key_dist = rsp->init_key_dist;
611 }
612
613 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
614 {
615 struct l2cap_chan *chan = conn->smp;
616 struct smp_chan *smp = chan->data;
617
618 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
619 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
620 return SMP_ENC_KEY_SIZE;
621
622 smp->enc_key_size = max_key_size;
623
624 return 0;
625 }
626
627 static void smp_chan_destroy(struct l2cap_conn *conn)
628 {
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 bool complete;
632
633 BUG_ON(!smp);
634
635 cancel_delayed_work_sync(&smp->security_timer);
636
637 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
638 mgmt_smp_complete(conn->hcon, complete);
639
640 kfree(smp->csrk);
641 kfree(smp->slave_csrk);
642 kfree(smp->link_key);
643
644 crypto_free_blkcipher(smp->tfm_aes);
645 crypto_free_hash(smp->tfm_cmac);
646
647 /* If pairing failed clean up any keys we might have */
648 if (!complete) {
649 if (smp->ltk) {
650 list_del_rcu(&smp->ltk->list);
651 kfree_rcu(smp->ltk, rcu);
652 }
653
654 if (smp->slave_ltk) {
655 list_del_rcu(&smp->slave_ltk->list);
656 kfree_rcu(smp->slave_ltk, rcu);
657 }
658
659 if (smp->remote_irk) {
660 list_del_rcu(&smp->remote_irk->list);
661 kfree_rcu(smp->remote_irk, rcu);
662 }
663 }
664
665 chan->data = NULL;
666 kfree(smp);
667 hci_conn_drop(conn->hcon);
668 }
669
670 static void smp_failure(struct l2cap_conn *conn, u8 reason)
671 {
672 struct hci_conn *hcon = conn->hcon;
673 struct l2cap_chan *chan = conn->smp;
674
675 if (reason)
676 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
677 &reason);
678
679 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
680 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
681
682 if (chan->data)
683 smp_chan_destroy(conn);
684 }
685
686 #define JUST_WORKS 0x00
687 #define JUST_CFM 0x01
688 #define REQ_PASSKEY 0x02
689 #define CFM_PASSKEY 0x03
690 #define REQ_OOB 0x04
691 #define DSP_PASSKEY 0x05
692 #define OVERLAP 0xFF
693
694 static const u8 gen_method[5][5] = {
695 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
696 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
697 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
698 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
699 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
700 };
701
702 static const u8 sc_method[5][5] = {
703 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
704 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
705 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
706 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
707 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
708 };
709
710 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
711 {
712 /* If either side has unknown io_caps, use JUST_CFM (which gets
713 * converted later to JUST_WORKS if we're initiators.
714 */
715 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
716 remote_io > SMP_IO_KEYBOARD_DISPLAY)
717 return JUST_CFM;
718
719 if (test_bit(SMP_FLAG_SC, &smp->flags))
720 return sc_method[remote_io][local_io];
721
722 return gen_method[remote_io][local_io];
723 }
724
725 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
726 u8 local_io, u8 remote_io)
727 {
728 struct hci_conn *hcon = conn->hcon;
729 struct l2cap_chan *chan = conn->smp;
730 struct smp_chan *smp = chan->data;
731 u32 passkey = 0;
732 int ret = 0;
733
734 /* Initialize key for JUST WORKS */
735 memset(smp->tk, 0, sizeof(smp->tk));
736 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
737
738 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
739
740 /* If neither side wants MITM, either "just" confirm an incoming
741 * request or use just-works for outgoing ones. The JUST_CFM
742 * will be converted to JUST_WORKS if necessary later in this
743 * function. If either side has MITM look up the method from the
744 * table.
745 */
746 if (!(auth & SMP_AUTH_MITM))
747 smp->method = JUST_CFM;
748 else
749 smp->method = get_auth_method(smp, local_io, remote_io);
750
751 /* Don't confirm locally initiated pairing attempts */
752 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
753 &smp->flags))
754 smp->method = JUST_WORKS;
755
756 /* Don't bother user space with no IO capabilities */
757 if (smp->method == JUST_CFM &&
758 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
759 smp->method = JUST_WORKS;
760
761 /* If Just Works, Continue with Zero TK */
762 if (smp->method == JUST_WORKS) {
763 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
764 return 0;
765 }
766
767 /* Not Just Works/Confirm results in MITM Authentication */
768 if (smp->method != JUST_CFM) {
769 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
770 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
771 hcon->pending_sec_level = BT_SECURITY_HIGH;
772 }
773
774 /* If both devices have Keyoard-Display I/O, the master
775 * Confirms and the slave Enters the passkey.
776 */
777 if (smp->method == OVERLAP) {
778 if (hcon->role == HCI_ROLE_MASTER)
779 smp->method = CFM_PASSKEY;
780 else
781 smp->method = REQ_PASSKEY;
782 }
783
784 /* Generate random passkey. */
785 if (smp->method == CFM_PASSKEY) {
786 memset(smp->tk, 0, sizeof(smp->tk));
787 get_random_bytes(&passkey, sizeof(passkey));
788 passkey %= 1000000;
789 put_unaligned_le32(passkey, smp->tk);
790 BT_DBG("PassKey: %d", passkey);
791 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
792 }
793
794 if (smp->method == REQ_PASSKEY)
795 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
796 hcon->type, hcon->dst_type);
797 else if (smp->method == JUST_CFM)
798 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
799 hcon->type, hcon->dst_type,
800 passkey, 1);
801 else
802 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
803 hcon->type, hcon->dst_type,
804 passkey, 0);
805
806 return ret;
807 }
808
809 static u8 smp_confirm(struct smp_chan *smp)
810 {
811 struct l2cap_conn *conn = smp->conn;
812 struct smp_cmd_pairing_confirm cp;
813 int ret;
814
815 BT_DBG("conn %p", conn);
816
817 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
818 conn->hcon->init_addr_type, &conn->hcon->init_addr,
819 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
820 cp.confirm_val);
821 if (ret)
822 return SMP_UNSPECIFIED;
823
824 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
825
826 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
827
828 if (conn->hcon->out)
829 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
830 else
831 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
832
833 return 0;
834 }
835
836 static u8 smp_random(struct smp_chan *smp)
837 {
838 struct l2cap_conn *conn = smp->conn;
839 struct hci_conn *hcon = conn->hcon;
840 u8 confirm[16];
841 int ret;
842
843 if (IS_ERR_OR_NULL(smp->tfm_aes))
844 return SMP_UNSPECIFIED;
845
846 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
847
848 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
849 hcon->init_addr_type, &hcon->init_addr,
850 hcon->resp_addr_type, &hcon->resp_addr, confirm);
851 if (ret)
852 return SMP_UNSPECIFIED;
853
854 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
855 BT_ERR("Pairing failed (confirmation values mismatch)");
856 return SMP_CONFIRM_FAILED;
857 }
858
859 if (hcon->out) {
860 u8 stk[16];
861 __le64 rand = 0;
862 __le16 ediv = 0;
863
864 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
865
866 memset(stk + smp->enc_key_size, 0,
867 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
868
869 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
870 return SMP_UNSPECIFIED;
871
872 hci_le_start_enc(hcon, ediv, rand, stk);
873 hcon->enc_key_size = smp->enc_key_size;
874 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
875 } else {
876 u8 stk[16], auth;
877 __le64 rand = 0;
878 __le16 ediv = 0;
879
880 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
881 smp->prnd);
882
883 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
884
885 memset(stk + smp->enc_key_size, 0,
886 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
887
888 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
889 auth = 1;
890 else
891 auth = 0;
892
893 /* Even though there's no _SLAVE suffix this is the
894 * slave STK we're adding for later lookup (the master
895 * STK never needs to be stored).
896 */
897 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
898 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
899 }
900
901 return 0;
902 }
903
904 static void smp_notify_keys(struct l2cap_conn *conn)
905 {
906 struct l2cap_chan *chan = conn->smp;
907 struct smp_chan *smp = chan->data;
908 struct hci_conn *hcon = conn->hcon;
909 struct hci_dev *hdev = hcon->hdev;
910 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
911 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
912 bool persistent;
913
914 if (smp->remote_irk) {
915 mgmt_new_irk(hdev, smp->remote_irk);
916 /* Now that user space can be considered to know the
917 * identity address track the connection based on it
918 * from now on.
919 */
920 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
921 hcon->dst_type = smp->remote_irk->addr_type;
922 queue_work(hdev->workqueue, &conn->id_addr_update_work);
923
924 /* When receiving an indentity resolving key for
925 * a remote device that does not use a resolvable
926 * private address, just remove the key so that
927 * it is possible to use the controller white
928 * list for scanning.
929 *
930 * Userspace will have been told to not store
931 * this key at this point. So it is safe to
932 * just remove it.
933 */
934 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
935 list_del_rcu(&smp->remote_irk->list);
936 kfree_rcu(smp->remote_irk, rcu);
937 smp->remote_irk = NULL;
938 }
939 }
940
941 /* The LTKs and CSRKs should be persistent only if both sides
942 * had the bonding bit set in their authentication requests.
943 */
944 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
945
946 if (smp->csrk) {
947 smp->csrk->bdaddr_type = hcon->dst_type;
948 bacpy(&smp->csrk->bdaddr, &hcon->dst);
949 mgmt_new_csrk(hdev, smp->csrk, persistent);
950 }
951
952 if (smp->slave_csrk) {
953 smp->slave_csrk->bdaddr_type = hcon->dst_type;
954 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
955 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
956 }
957
958 if (smp->ltk) {
959 smp->ltk->bdaddr_type = hcon->dst_type;
960 bacpy(&smp->ltk->bdaddr, &hcon->dst);
961 mgmt_new_ltk(hdev, smp->ltk, persistent);
962 }
963
964 if (smp->slave_ltk) {
965 smp->slave_ltk->bdaddr_type = hcon->dst_type;
966 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
967 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
968 }
969
970 if (smp->link_key) {
971 struct link_key *key;
972 u8 type;
973
974 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
975 type = HCI_LK_DEBUG_COMBINATION;
976 else if (hcon->sec_level == BT_SECURITY_FIPS)
977 type = HCI_LK_AUTH_COMBINATION_P256;
978 else
979 type = HCI_LK_UNAUTH_COMBINATION_P256;
980
981 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
982 smp->link_key, type, 0, &persistent);
983 if (key) {
984 mgmt_new_link_key(hdev, key, persistent);
985
986 /* Don't keep debug keys around if the relevant
987 * flag is not set.
988 */
989 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
990 key->type == HCI_LK_DEBUG_COMBINATION) {
991 list_del_rcu(&key->list);
992 kfree_rcu(key, rcu);
993 }
994 }
995 }
996 }
997
998 static void sc_add_ltk(struct smp_chan *smp)
999 {
1000 struct hci_conn *hcon = smp->conn->hcon;
1001 u8 key_type, auth;
1002
1003 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1004 key_type = SMP_LTK_P256_DEBUG;
1005 else
1006 key_type = SMP_LTK_P256;
1007
1008 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1009 auth = 1;
1010 else
1011 auth = 0;
1012
1013 memset(smp->tk + smp->enc_key_size, 0,
1014 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1015
1016 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1017 key_type, auth, smp->tk, smp->enc_key_size,
1018 0, 0);
1019 }
1020
1021 static void sc_generate_link_key(struct smp_chan *smp)
1022 {
1023 /* These constants are as specified in the core specification.
1024 * In ASCII they spell out to 'tmp1' and 'lebr'.
1025 */
1026 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1027 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1028
1029 smp->link_key = kzalloc(16, GFP_KERNEL);
1030 if (!smp->link_key)
1031 return;
1032
1033 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1034 kfree(smp->link_key);
1035 smp->link_key = NULL;
1036 return;
1037 }
1038
1039 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1040 kfree(smp->link_key);
1041 smp->link_key = NULL;
1042 return;
1043 }
1044 }
1045
1046 static void smp_allow_key_dist(struct smp_chan *smp)
1047 {
1048 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1049 * will be allowed in each PDU handler to ensure we receive
1050 * them in the correct order.
1051 */
1052 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1053 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1054 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1055 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1056 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1057 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1058 }
1059
1060 static void smp_distribute_keys(struct smp_chan *smp)
1061 {
1062 struct smp_cmd_pairing *req, *rsp;
1063 struct l2cap_conn *conn = smp->conn;
1064 struct hci_conn *hcon = conn->hcon;
1065 struct hci_dev *hdev = hcon->hdev;
1066 __u8 *keydist;
1067
1068 BT_DBG("conn %p", conn);
1069
1070 rsp = (void *) &smp->prsp[1];
1071
1072 /* The responder sends its keys first */
1073 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1074 smp_allow_key_dist(smp);
1075 return;
1076 }
1077
1078 req = (void *) &smp->preq[1];
1079
1080 if (hcon->out) {
1081 keydist = &rsp->init_key_dist;
1082 *keydist &= req->init_key_dist;
1083 } else {
1084 keydist = &rsp->resp_key_dist;
1085 *keydist &= req->resp_key_dist;
1086 }
1087
1088 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1089 if (*keydist & SMP_DIST_LINK_KEY)
1090 sc_generate_link_key(smp);
1091
1092 /* Clear the keys which are generated but not distributed */
1093 *keydist &= ~SMP_SC_NO_DIST;
1094 }
1095
1096 BT_DBG("keydist 0x%x", *keydist);
1097
1098 if (*keydist & SMP_DIST_ENC_KEY) {
1099 struct smp_cmd_encrypt_info enc;
1100 struct smp_cmd_master_ident ident;
1101 struct smp_ltk *ltk;
1102 u8 authenticated;
1103 __le16 ediv;
1104 __le64 rand;
1105
1106 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1107 get_random_bytes(&ediv, sizeof(ediv));
1108 get_random_bytes(&rand, sizeof(rand));
1109
1110 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1111
1112 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1113 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1114 SMP_LTK_SLAVE, authenticated, enc.ltk,
1115 smp->enc_key_size, ediv, rand);
1116 smp->slave_ltk = ltk;
1117
1118 ident.ediv = ediv;
1119 ident.rand = rand;
1120
1121 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1122
1123 *keydist &= ~SMP_DIST_ENC_KEY;
1124 }
1125
1126 if (*keydist & SMP_DIST_ID_KEY) {
1127 struct smp_cmd_ident_addr_info addrinfo;
1128 struct smp_cmd_ident_info idinfo;
1129
1130 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1131
1132 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1133
1134 /* The hci_conn contains the local identity address
1135 * after the connection has been established.
1136 *
1137 * This is true even when the connection has been
1138 * established using a resolvable random address.
1139 */
1140 bacpy(&addrinfo.bdaddr, &hcon->src);
1141 addrinfo.addr_type = hcon->src_type;
1142
1143 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1144 &addrinfo);
1145
1146 *keydist &= ~SMP_DIST_ID_KEY;
1147 }
1148
1149 if (*keydist & SMP_DIST_SIGN) {
1150 struct smp_cmd_sign_info sign;
1151 struct smp_csrk *csrk;
1152
1153 /* Generate a new random key */
1154 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1155
1156 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1157 if (csrk) {
1158 csrk->master = 0x00;
1159 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1160 }
1161 smp->slave_csrk = csrk;
1162
1163 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1164
1165 *keydist &= ~SMP_DIST_SIGN;
1166 }
1167
1168 /* If there are still keys to be received wait for them */
1169 if (smp->remote_key_dist & KEY_DIST_MASK) {
1170 smp_allow_key_dist(smp);
1171 return;
1172 }
1173
1174 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1175 smp_notify_keys(conn);
1176
1177 smp_chan_destroy(conn);
1178 }
1179
1180 static void smp_timeout(struct work_struct *work)
1181 {
1182 struct smp_chan *smp = container_of(work, struct smp_chan,
1183 security_timer.work);
1184 struct l2cap_conn *conn = smp->conn;
1185
1186 BT_DBG("conn %p", conn);
1187
1188 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
1189 }
1190
1191 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1192 {
1193 struct l2cap_chan *chan = conn->smp;
1194 struct smp_chan *smp;
1195
1196 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
1197 if (!smp)
1198 return NULL;
1199
1200 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1201 if (IS_ERR(smp->tfm_aes)) {
1202 BT_ERR("Unable to create ECB crypto context");
1203 kfree(smp);
1204 return NULL;
1205 }
1206
1207 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1208 if (IS_ERR(smp->tfm_cmac)) {
1209 BT_ERR("Unable to create CMAC crypto context");
1210 crypto_free_blkcipher(smp->tfm_aes);
1211 kfree(smp);
1212 return NULL;
1213 }
1214
1215 smp->conn = conn;
1216 chan->data = smp;
1217
1218 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1219
1220 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1221
1222 hci_conn_hold(conn->hcon);
1223
1224 return smp;
1225 }
1226
1227 static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1228 {
1229 struct hci_conn *hcon = smp->conn->hcon;
1230 u8 *na, *nb, a[7], b[7];
1231
1232 if (hcon->out) {
1233 na = smp->prnd;
1234 nb = smp->rrnd;
1235 } else {
1236 na = smp->rrnd;
1237 nb = smp->prnd;
1238 }
1239
1240 memcpy(a, &hcon->init_addr, 6);
1241 memcpy(b, &hcon->resp_addr, 6);
1242 a[6] = hcon->init_addr_type;
1243 b[6] = hcon->resp_addr_type;
1244
1245 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1246 }
1247
1248 static void sc_dhkey_check(struct smp_chan *smp)
1249 {
1250 struct hci_conn *hcon = smp->conn->hcon;
1251 struct smp_cmd_dhkey_check check;
1252 u8 a[7], b[7], *local_addr, *remote_addr;
1253 u8 io_cap[3], r[16];
1254
1255 memcpy(a, &hcon->init_addr, 6);
1256 memcpy(b, &hcon->resp_addr, 6);
1257 a[6] = hcon->init_addr_type;
1258 b[6] = hcon->resp_addr_type;
1259
1260 if (hcon->out) {
1261 local_addr = a;
1262 remote_addr = b;
1263 memcpy(io_cap, &smp->preq[1], 3);
1264 } else {
1265 local_addr = b;
1266 remote_addr = a;
1267 memcpy(io_cap, &smp->prsp[1], 3);
1268 }
1269
1270 memset(r, 0, sizeof(r));
1271
1272 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1273 put_unaligned_le32(hcon->passkey_notify, r);
1274
1275 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1276 local_addr, remote_addr, check.e);
1277
1278 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1279 }
1280
1281 static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1282 {
1283 struct l2cap_conn *conn = smp->conn;
1284 struct hci_conn *hcon = conn->hcon;
1285 struct smp_cmd_pairing_confirm cfm;
1286 u8 r;
1287
1288 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1289 r |= 0x80;
1290
1291 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1292
1293 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1294 cfm.confirm_val))
1295 return SMP_UNSPECIFIED;
1296
1297 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1298
1299 return 0;
1300 }
1301
1302 static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1303 {
1304 struct l2cap_conn *conn = smp->conn;
1305 struct hci_conn *hcon = conn->hcon;
1306 struct hci_dev *hdev = hcon->hdev;
1307 u8 cfm[16], r;
1308
1309 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1310 if (smp->passkey_round >= 20)
1311 return 0;
1312
1313 switch (smp_op) {
1314 case SMP_CMD_PAIRING_RANDOM:
1315 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1316 r |= 0x80;
1317
1318 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1319 smp->rrnd, r, cfm))
1320 return SMP_UNSPECIFIED;
1321
1322 if (memcmp(smp->pcnf, cfm, 16))
1323 return SMP_CONFIRM_FAILED;
1324
1325 smp->passkey_round++;
1326
1327 if (smp->passkey_round == 20) {
1328 /* Generate MacKey and LTK */
1329 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1330 return SMP_UNSPECIFIED;
1331 }
1332
1333 /* The round is only complete when the initiator
1334 * receives pairing random.
1335 */
1336 if (!hcon->out) {
1337 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1338 sizeof(smp->prnd), smp->prnd);
1339 if (smp->passkey_round == 20)
1340 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1341 else
1342 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1343 return 0;
1344 }
1345
1346 /* Start the next round */
1347 if (smp->passkey_round != 20)
1348 return sc_passkey_round(smp, 0);
1349
1350 /* Passkey rounds are complete - start DHKey Check */
1351 sc_dhkey_check(smp);
1352 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1353
1354 break;
1355
1356 case SMP_CMD_PAIRING_CONFIRM:
1357 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1358 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1359 return 0;
1360 }
1361
1362 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1363
1364 if (hcon->out) {
1365 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1366 sizeof(smp->prnd), smp->prnd);
1367 return 0;
1368 }
1369
1370 return sc_passkey_send_confirm(smp);
1371
1372 case SMP_CMD_PUBLIC_KEY:
1373 default:
1374 /* Initiating device starts the round */
1375 if (!hcon->out)
1376 return 0;
1377
1378 BT_DBG("%s Starting passkey round %u", hdev->name,
1379 smp->passkey_round + 1);
1380
1381 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1382
1383 return sc_passkey_send_confirm(smp);
1384 }
1385
1386 return 0;
1387 }
1388
1389 static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1390 {
1391 struct l2cap_conn *conn = smp->conn;
1392 struct hci_conn *hcon = conn->hcon;
1393 u8 smp_op;
1394
1395 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1396
1397 switch (mgmt_op) {
1398 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1399 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1400 return 0;
1401 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1402 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1403 return 0;
1404 case MGMT_OP_USER_PASSKEY_REPLY:
1405 hcon->passkey_notify = le32_to_cpu(passkey);
1406 smp->passkey_round = 0;
1407
1408 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1409 smp_op = SMP_CMD_PAIRING_CONFIRM;
1410 else
1411 smp_op = 0;
1412
1413 if (sc_passkey_round(smp, smp_op))
1414 return -EIO;
1415
1416 return 0;
1417 }
1418
1419 /* Initiator sends DHKey check first */
1420 if (hcon->out) {
1421 sc_dhkey_check(smp);
1422 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1423 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1424 sc_dhkey_check(smp);
1425 sc_add_ltk(smp);
1426 }
1427
1428 return 0;
1429 }
1430
1431 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1432 {
1433 struct l2cap_conn *conn = hcon->l2cap_data;
1434 struct l2cap_chan *chan;
1435 struct smp_chan *smp;
1436 u32 value;
1437 int err;
1438
1439 BT_DBG("");
1440
1441 if (!conn)
1442 return -ENOTCONN;
1443
1444 chan = conn->smp;
1445 if (!chan)
1446 return -ENOTCONN;
1447
1448 l2cap_chan_lock(chan);
1449 if (!chan->data) {
1450 err = -ENOTCONN;
1451 goto unlock;
1452 }
1453
1454 smp = chan->data;
1455
1456 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1457 err = sc_user_reply(smp, mgmt_op, passkey);
1458 goto unlock;
1459 }
1460
1461 switch (mgmt_op) {
1462 case MGMT_OP_USER_PASSKEY_REPLY:
1463 value = le32_to_cpu(passkey);
1464 memset(smp->tk, 0, sizeof(smp->tk));
1465 BT_DBG("PassKey: %d", value);
1466 put_unaligned_le32(value, smp->tk);
1467 /* Fall Through */
1468 case MGMT_OP_USER_CONFIRM_REPLY:
1469 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
1470 break;
1471 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1472 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1473 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1474 err = 0;
1475 goto unlock;
1476 default:
1477 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
1478 err = -EOPNOTSUPP;
1479 goto unlock;
1480 }
1481
1482 err = 0;
1483
1484 /* If it is our turn to send Pairing Confirm, do so now */
1485 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1486 u8 rsp = smp_confirm(smp);
1487 if (rsp)
1488 smp_failure(conn, rsp);
1489 }
1490
1491 unlock:
1492 l2cap_chan_unlock(chan);
1493 return err;
1494 }
1495
1496 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1497 {
1498 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
1499 struct l2cap_chan *chan = conn->smp;
1500 struct hci_dev *hdev = conn->hcon->hdev;
1501 struct smp_chan *smp;
1502 u8 key_size, auth, sec_level;
1503 int ret;
1504
1505 BT_DBG("conn %p", conn);
1506
1507 if (skb->len < sizeof(*req))
1508 return SMP_INVALID_PARAMS;
1509
1510 if (conn->hcon->role != HCI_ROLE_SLAVE)
1511 return SMP_CMD_NOTSUPP;
1512
1513 if (!chan->data)
1514 smp = smp_chan_create(conn);
1515 else
1516 smp = chan->data;
1517
1518 if (!smp)
1519 return SMP_UNSPECIFIED;
1520
1521 /* We didn't start the pairing, so match remote */
1522 auth = req->auth_req & AUTH_REQ_MASK(hdev);
1523
1524 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
1525 (auth & SMP_AUTH_BONDING))
1526 return SMP_PAIRING_NOTSUPP;
1527
1528 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1529 memcpy(&smp->preq[1], req, sizeof(*req));
1530 skb_pull(skb, sizeof(*req));
1531
1532 build_pairing_cmd(conn, req, &rsp, auth);
1533
1534 if (rsp.auth_req & SMP_AUTH_SC)
1535 set_bit(SMP_FLAG_SC, &smp->flags);
1536
1537 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1538 sec_level = BT_SECURITY_MEDIUM;
1539 else
1540 sec_level = authreq_to_seclevel(auth);
1541
1542 if (sec_level > conn->hcon->pending_sec_level)
1543 conn->hcon->pending_sec_level = sec_level;
1544
1545 /* If we need MITM check that it can be achieved */
1546 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1547 u8 method;
1548
1549 method = get_auth_method(smp, conn->hcon->io_capability,
1550 req->io_capability);
1551 if (method == JUST_WORKS || method == JUST_CFM)
1552 return SMP_AUTH_REQUIREMENTS;
1553 }
1554
1555 key_size = min(req->max_key_size, rsp.max_key_size);
1556 if (check_enc_key_size(conn, key_size))
1557 return SMP_ENC_KEY_SIZE;
1558
1559 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1560
1561 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1562 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1563
1564 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1565
1566 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1567
1568 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1569 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1570 /* Clear bits which are generated but not distributed */
1571 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1572 /* Wait for Public Key from Initiating Device */
1573 return 0;
1574 } else {
1575 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1576 }
1577
1578 /* Request setup of TK */
1579 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1580 if (ret)
1581 return SMP_UNSPECIFIED;
1582
1583 return 0;
1584 }
1585
1586 static u8 sc_send_public_key(struct smp_chan *smp)
1587 {
1588 BT_DBG("");
1589
1590 while (true) {
1591 /* Generate local key pair for Secure Connections */
1592 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1593 return SMP_UNSPECIFIED;
1594
1595 /* This is unlikely, but we need to check that we didn't
1596 * accidentially generate a debug key.
1597 */
1598 if (memcmp(smp->local_sk, debug_sk, 32))
1599 break;
1600 }
1601
1602 BT_DBG("Local Public Key X: %32phN", smp->local_pk);
1603 BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1604 BT_DBG("Local Private Key: %32phN", smp->local_sk);
1605
1606 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1607
1608 return 0;
1609 }
1610
1611 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1612 {
1613 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1614 struct l2cap_chan *chan = conn->smp;
1615 struct smp_chan *smp = chan->data;
1616 struct hci_dev *hdev = conn->hcon->hdev;
1617 u8 key_size, auth;
1618 int ret;
1619
1620 BT_DBG("conn %p", conn);
1621
1622 if (skb->len < sizeof(*rsp))
1623 return SMP_INVALID_PARAMS;
1624
1625 if (conn->hcon->role != HCI_ROLE_MASTER)
1626 return SMP_CMD_NOTSUPP;
1627
1628 skb_pull(skb, sizeof(*rsp));
1629
1630 req = (void *) &smp->preq[1];
1631
1632 key_size = min(req->max_key_size, rsp->max_key_size);
1633 if (check_enc_key_size(conn, key_size))
1634 return SMP_ENC_KEY_SIZE;
1635
1636 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1637
1638 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1639 set_bit(SMP_FLAG_SC, &smp->flags);
1640 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1641 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1642
1643 /* If we need MITM check that it can be achieved */
1644 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1645 u8 method;
1646
1647 method = get_auth_method(smp, req->io_capability,
1648 rsp->io_capability);
1649 if (method == JUST_WORKS || method == JUST_CFM)
1650 return SMP_AUTH_REQUIREMENTS;
1651 }
1652
1653 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1654
1655 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1656 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1657
1658 /* Update remote key distribution in case the remote cleared
1659 * some bits that we had enabled in our request.
1660 */
1661 smp->remote_key_dist &= rsp->resp_key_dist;
1662
1663 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1664 /* Clear bits which are generated but not distributed */
1665 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1666 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1667 return sc_send_public_key(smp);
1668 }
1669
1670 auth |= req->auth_req;
1671
1672 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1673 if (ret)
1674 return SMP_UNSPECIFIED;
1675
1676 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1677
1678 /* Can't compose response until we have been confirmed */
1679 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1680 return smp_confirm(smp);
1681
1682 return 0;
1683 }
1684
1685 static u8 sc_check_confirm(struct smp_chan *smp)
1686 {
1687 struct l2cap_conn *conn = smp->conn;
1688
1689 BT_DBG("");
1690
1691 /* Public Key exchange must happen before any other steps */
1692 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1693 return SMP_UNSPECIFIED;
1694
1695 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1696 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1697
1698 if (conn->hcon->out) {
1699 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1700 smp->prnd);
1701 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1702 }
1703
1704 return 0;
1705 }
1706
1707 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1708 {
1709 struct l2cap_chan *chan = conn->smp;
1710 struct smp_chan *smp = chan->data;
1711
1712 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1713
1714 if (skb->len < sizeof(smp->pcnf))
1715 return SMP_INVALID_PARAMS;
1716
1717 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1718 skb_pull(skb, sizeof(smp->pcnf));
1719
1720 if (test_bit(SMP_FLAG_SC, &smp->flags))
1721 return sc_check_confirm(smp);
1722
1723 if (conn->hcon->out) {
1724 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1725 smp->prnd);
1726 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1727 return 0;
1728 }
1729
1730 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1731 return smp_confirm(smp);
1732 else
1733 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1734
1735 return 0;
1736 }
1737
1738 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1739 {
1740 struct l2cap_chan *chan = conn->smp;
1741 struct smp_chan *smp = chan->data;
1742 struct hci_conn *hcon = conn->hcon;
1743 u8 *pkax, *pkbx, *na, *nb;
1744 u32 passkey;
1745 int err;
1746
1747 BT_DBG("conn %p", conn);
1748
1749 if (skb->len < sizeof(smp->rrnd))
1750 return SMP_INVALID_PARAMS;
1751
1752 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1753 skb_pull(skb, sizeof(smp->rrnd));
1754
1755 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1756 return smp_random(smp);
1757
1758 /* Passkey entry has special treatment */
1759 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1760 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1761
1762 if (hcon->out) {
1763 u8 cfm[16];
1764
1765 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1766 smp->rrnd, 0, cfm);
1767 if (err)
1768 return SMP_UNSPECIFIED;
1769
1770 if (memcmp(smp->pcnf, cfm, 16))
1771 return SMP_CONFIRM_FAILED;
1772
1773 pkax = smp->local_pk;
1774 pkbx = smp->remote_pk;
1775 na = smp->prnd;
1776 nb = smp->rrnd;
1777 } else {
1778 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1779 smp->prnd);
1780 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1781
1782 pkax = smp->remote_pk;
1783 pkbx = smp->local_pk;
1784 na = smp->rrnd;
1785 nb = smp->prnd;
1786 }
1787
1788 /* Generate MacKey and LTK */
1789 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1790 if (err)
1791 return SMP_UNSPECIFIED;
1792
1793 if (smp->method == JUST_WORKS) {
1794 if (hcon->out) {
1795 sc_dhkey_check(smp);
1796 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1797 }
1798 return 0;
1799 }
1800
1801 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
1802 if (err)
1803 return SMP_UNSPECIFIED;
1804
1805 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
1806 hcon->dst_type, passkey, 0);
1807 if (err)
1808 return SMP_UNSPECIFIED;
1809
1810 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1811
1812 return 0;
1813 }
1814
1815 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1816 {
1817 struct smp_ltk *key;
1818 struct hci_conn *hcon = conn->hcon;
1819
1820 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
1821 if (!key)
1822 return false;
1823
1824 if (smp_ltk_sec_level(key) < sec_level)
1825 return false;
1826
1827 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1828 return true;
1829
1830 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1831 hcon->enc_key_size = key->enc_size;
1832
1833 /* We never store STKs for master role, so clear this flag */
1834 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1835
1836 return true;
1837 }
1838
1839 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1840 enum smp_key_pref key_pref)
1841 {
1842 if (sec_level == BT_SECURITY_LOW)
1843 return true;
1844
1845 /* If we're encrypted with an STK but the caller prefers using
1846 * LTK claim insufficient security. This way we allow the
1847 * connection to be re-encrypted with an LTK, even if the LTK
1848 * provides the same level of security. Only exception is if we
1849 * don't have an LTK (e.g. because of key distribution bits).
1850 */
1851 if (key_pref == SMP_USE_LTK &&
1852 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1853 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
1854 return false;
1855
1856 if (hcon->sec_level >= sec_level)
1857 return true;
1858
1859 return false;
1860 }
1861
1862 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1863 {
1864 struct smp_cmd_security_req *rp = (void *) skb->data;
1865 struct smp_cmd_pairing cp;
1866 struct hci_conn *hcon = conn->hcon;
1867 struct hci_dev *hdev = hcon->hdev;
1868 struct smp_chan *smp;
1869 u8 sec_level, auth;
1870
1871 BT_DBG("conn %p", conn);
1872
1873 if (skb->len < sizeof(*rp))
1874 return SMP_INVALID_PARAMS;
1875
1876 if (hcon->role != HCI_ROLE_MASTER)
1877 return SMP_CMD_NOTSUPP;
1878
1879 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
1880
1881 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1882 sec_level = BT_SECURITY_MEDIUM;
1883 else
1884 sec_level = authreq_to_seclevel(auth);
1885
1886 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1887 return 0;
1888
1889 if (sec_level > hcon->pending_sec_level)
1890 hcon->pending_sec_level = sec_level;
1891
1892 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1893 return 0;
1894
1895 smp = smp_chan_create(conn);
1896 if (!smp)
1897 return SMP_UNSPECIFIED;
1898
1899 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1900 (auth & SMP_AUTH_BONDING))
1901 return SMP_PAIRING_NOTSUPP;
1902
1903 skb_pull(skb, sizeof(*rp));
1904
1905 memset(&cp, 0, sizeof(cp));
1906 build_pairing_cmd(conn, &cp, NULL, auth);
1907
1908 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1909 memcpy(&smp->preq[1], &cp, sizeof(cp));
1910
1911 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1912 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1913
1914 return 0;
1915 }
1916
1917 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1918 {
1919 struct l2cap_conn *conn = hcon->l2cap_data;
1920 struct l2cap_chan *chan;
1921 struct smp_chan *smp;
1922 __u8 authreq;
1923 int ret;
1924
1925 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1926
1927 /* This may be NULL if there's an unexpected disconnection */
1928 if (!conn)
1929 return 1;
1930
1931 chan = conn->smp;
1932
1933 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1934 return 1;
1935
1936 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1937 return 1;
1938
1939 if (sec_level > hcon->pending_sec_level)
1940 hcon->pending_sec_level = sec_level;
1941
1942 if (hcon->role == HCI_ROLE_MASTER)
1943 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1944 return 0;
1945
1946 l2cap_chan_lock(chan);
1947
1948 /* If SMP is already in progress ignore this request */
1949 if (chan->data) {
1950 ret = 0;
1951 goto unlock;
1952 }
1953
1954 smp = smp_chan_create(conn);
1955 if (!smp) {
1956 ret = 1;
1957 goto unlock;
1958 }
1959
1960 authreq = seclevel_to_authreq(sec_level);
1961
1962 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1963 authreq |= SMP_AUTH_SC;
1964
1965 /* Require MITM if IO Capability allows or the security level
1966 * requires it.
1967 */
1968 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1969 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1970 authreq |= SMP_AUTH_MITM;
1971
1972 if (hcon->role == HCI_ROLE_MASTER) {
1973 struct smp_cmd_pairing cp;
1974
1975 build_pairing_cmd(conn, &cp, NULL, authreq);
1976 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1977 memcpy(&smp->preq[1], &cp, sizeof(cp));
1978
1979 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1980 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1981 } else {
1982 struct smp_cmd_security_req cp;
1983 cp.auth_req = authreq;
1984 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1986 }
1987
1988 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1989 ret = 0;
1990
1991 unlock:
1992 l2cap_chan_unlock(chan);
1993 return ret;
1994 }
1995
1996 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1997 {
1998 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1999 struct l2cap_chan *chan = conn->smp;
2000 struct smp_chan *smp = chan->data;
2001
2002 BT_DBG("conn %p", conn);
2003
2004 if (skb->len < sizeof(*rp))
2005 return SMP_INVALID_PARAMS;
2006
2007 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
2008
2009 skb_pull(skb, sizeof(*rp));
2010
2011 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
2012
2013 return 0;
2014 }
2015
2016 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
2017 {
2018 struct smp_cmd_master_ident *rp = (void *) skb->data;
2019 struct l2cap_chan *chan = conn->smp;
2020 struct smp_chan *smp = chan->data;
2021 struct hci_dev *hdev = conn->hcon->hdev;
2022 struct hci_conn *hcon = conn->hcon;
2023 struct smp_ltk *ltk;
2024 u8 authenticated;
2025
2026 BT_DBG("conn %p", conn);
2027
2028 if (skb->len < sizeof(*rp))
2029 return SMP_INVALID_PARAMS;
2030
2031 /* Mark the information as received */
2032 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2033
2034 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2035 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
2036 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2037 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2038
2039 skb_pull(skb, sizeof(*rp));
2040
2041 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2042 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
2043 authenticated, smp->tk, smp->enc_key_size,
2044 rp->ediv, rp->rand);
2045 smp->ltk = ltk;
2046 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2047 smp_distribute_keys(smp);
2048
2049 return 0;
2050 }
2051
2052 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2053 {
2054 struct smp_cmd_ident_info *info = (void *) skb->data;
2055 struct l2cap_chan *chan = conn->smp;
2056 struct smp_chan *smp = chan->data;
2057
2058 BT_DBG("");
2059
2060 if (skb->len < sizeof(*info))
2061 return SMP_INVALID_PARAMS;
2062
2063 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
2064
2065 skb_pull(skb, sizeof(*info));
2066
2067 memcpy(smp->irk, info->irk, 16);
2068
2069 return 0;
2070 }
2071
2072 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2073 struct sk_buff *skb)
2074 {
2075 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
2076 struct l2cap_chan *chan = conn->smp;
2077 struct smp_chan *smp = chan->data;
2078 struct hci_conn *hcon = conn->hcon;
2079 bdaddr_t rpa;
2080
2081 BT_DBG("");
2082
2083 if (skb->len < sizeof(*info))
2084 return SMP_INVALID_PARAMS;
2085
2086 /* Mark the information as received */
2087 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2088
2089 if (smp->remote_key_dist & SMP_DIST_SIGN)
2090 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2091
2092 skb_pull(skb, sizeof(*info));
2093
2094 /* Strictly speaking the Core Specification (4.1) allows sending
2095 * an empty address which would force us to rely on just the IRK
2096 * as "identity information". However, since such
2097 * implementations are not known of and in order to not over
2098 * complicate our implementation, simply pretend that we never
2099 * received an IRK for such a device.
2100 */
2101 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2102 BT_ERR("Ignoring IRK with no identity address");
2103 goto distribute;
2104 }
2105
2106 bacpy(&smp->id_addr, &info->bdaddr);
2107 smp->id_addr_type = info->addr_type;
2108
2109 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2110 bacpy(&rpa, &hcon->dst);
2111 else
2112 bacpy(&rpa, BDADDR_ANY);
2113
2114 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2115 smp->id_addr_type, smp->irk, &rpa);
2116
2117 distribute:
2118 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2119 smp_distribute_keys(smp);
2120
2121 return 0;
2122 }
2123
2124 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2125 {
2126 struct smp_cmd_sign_info *rp = (void *) skb->data;
2127 struct l2cap_chan *chan = conn->smp;
2128 struct smp_chan *smp = chan->data;
2129 struct smp_csrk *csrk;
2130
2131 BT_DBG("conn %p", conn);
2132
2133 if (skb->len < sizeof(*rp))
2134 return SMP_INVALID_PARAMS;
2135
2136 /* Mark the information as received */
2137 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2138
2139 skb_pull(skb, sizeof(*rp));
2140
2141 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2142 if (csrk) {
2143 csrk->master = 0x01;
2144 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2145 }
2146 smp->csrk = csrk;
2147 smp_distribute_keys(smp);
2148
2149 return 0;
2150 }
2151
2152 static u8 sc_select_method(struct smp_chan *smp)
2153 {
2154 struct l2cap_conn *conn = smp->conn;
2155 struct hci_conn *hcon = conn->hcon;
2156 struct smp_cmd_pairing *local, *remote;
2157 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2158
2159 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2160 * which are needed as inputs to some crypto functions. To get
2161 * the "struct smp_cmd_pairing" from them we need to skip the
2162 * first byte which contains the opcode.
2163 */
2164 if (hcon->out) {
2165 local = (void *) &smp->preq[1];
2166 remote = (void *) &smp->prsp[1];
2167 } else {
2168 local = (void *) &smp->prsp[1];
2169 remote = (void *) &smp->preq[1];
2170 }
2171
2172 local_io = local->io_capability;
2173 remote_io = remote->io_capability;
2174
2175 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2176 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2177
2178 /* If either side wants MITM, look up the method from the table,
2179 * otherwise use JUST WORKS.
2180 */
2181 if (local_mitm || remote_mitm)
2182 method = get_auth_method(smp, local_io, remote_io);
2183 else
2184 method = JUST_WORKS;
2185
2186 /* Don't confirm locally initiated pairing attempts */
2187 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2188 method = JUST_WORKS;
2189
2190 return method;
2191 }
2192
2193 static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2194 {
2195 struct smp_cmd_public_key *key = (void *) skb->data;
2196 struct hci_conn *hcon = conn->hcon;
2197 struct l2cap_chan *chan = conn->smp;
2198 struct smp_chan *smp = chan->data;
2199 struct hci_dev *hdev = hcon->hdev;
2200 struct smp_cmd_pairing_confirm cfm;
2201 int err;
2202
2203 BT_DBG("conn %p", conn);
2204
2205 if (skb->len < sizeof(*key))
2206 return SMP_INVALID_PARAMS;
2207
2208 memcpy(smp->remote_pk, key, 64);
2209
2210 /* Non-initiating device sends its public key after receiving
2211 * the key from the initiating device.
2212 */
2213 if (!hcon->out) {
2214 err = sc_send_public_key(smp);
2215 if (err)
2216 return err;
2217 }
2218
2219 BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2220 BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2221
2222 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2223 return SMP_UNSPECIFIED;
2224
2225 BT_DBG("DHKey %32phN", smp->dhkey);
2226
2227 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2228
2229 smp->method = sc_select_method(smp);
2230
2231 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2232
2233 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2234 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2235 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2236 else
2237 hcon->pending_sec_level = BT_SECURITY_FIPS;
2238
2239 if (!memcmp(debug_pk, smp->remote_pk, 64))
2240 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2241
2242 if (smp->method == DSP_PASSKEY) {
2243 get_random_bytes(&hcon->passkey_notify,
2244 sizeof(hcon->passkey_notify));
2245 hcon->passkey_notify %= 1000000;
2246 hcon->passkey_entered = 0;
2247 smp->passkey_round = 0;
2248 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2249 hcon->dst_type,
2250 hcon->passkey_notify,
2251 hcon->passkey_entered))
2252 return SMP_UNSPECIFIED;
2253 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2254 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2255 }
2256
2257 if (hcon->out)
2258 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2259
2260 if (smp->method == REQ_PASSKEY) {
2261 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2262 hcon->dst_type))
2263 return SMP_UNSPECIFIED;
2264 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2265 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2266 return 0;
2267 }
2268
2269 /* The Initiating device waits for the non-initiating device to
2270 * send the confirm value.
2271 */
2272 if (conn->hcon->out)
2273 return 0;
2274
2275 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2276 0, cfm.confirm_val);
2277 if (err)
2278 return SMP_UNSPECIFIED;
2279
2280 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2281 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2282
2283 return 0;
2284 }
2285
2286 static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2287 {
2288 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2289 struct l2cap_chan *chan = conn->smp;
2290 struct hci_conn *hcon = conn->hcon;
2291 struct smp_chan *smp = chan->data;
2292 u8 a[7], b[7], *local_addr, *remote_addr;
2293 u8 io_cap[3], r[16], e[16];
2294 int err;
2295
2296 BT_DBG("conn %p", conn);
2297
2298 if (skb->len < sizeof(*check))
2299 return SMP_INVALID_PARAMS;
2300
2301 memcpy(a, &hcon->init_addr, 6);
2302 memcpy(b, &hcon->resp_addr, 6);
2303 a[6] = hcon->init_addr_type;
2304 b[6] = hcon->resp_addr_type;
2305
2306 if (hcon->out) {
2307 local_addr = a;
2308 remote_addr = b;
2309 memcpy(io_cap, &smp->prsp[1], 3);
2310 } else {
2311 local_addr = b;
2312 remote_addr = a;
2313 memcpy(io_cap, &smp->preq[1], 3);
2314 }
2315
2316 memset(r, 0, sizeof(r));
2317
2318 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2319 put_unaligned_le32(hcon->passkey_notify, r);
2320
2321 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2322 io_cap, remote_addr, local_addr, e);
2323 if (err)
2324 return SMP_UNSPECIFIED;
2325
2326 if (memcmp(check->e, e, 16))
2327 return SMP_DHKEY_CHECK_FAILED;
2328
2329 if (!hcon->out) {
2330 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2331 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2332 return 0;
2333 }
2334
2335 /* Slave sends DHKey check as response to master */
2336 sc_dhkey_check(smp);
2337 }
2338
2339 sc_add_ltk(smp);
2340
2341 if (hcon->out) {
2342 hci_le_start_enc(hcon, 0, 0, smp->tk);
2343 hcon->enc_key_size = smp->enc_key_size;
2344 }
2345
2346 return 0;
2347 }
2348
2349 static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2350 struct sk_buff *skb)
2351 {
2352 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2353
2354 BT_DBG("value 0x%02x", kp->value);
2355
2356 return 0;
2357 }
2358
2359 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
2360 {
2361 struct l2cap_conn *conn = chan->conn;
2362 struct hci_conn *hcon = conn->hcon;
2363 struct smp_chan *smp;
2364 __u8 code, reason;
2365 int err = 0;
2366
2367 if (hcon->type != LE_LINK) {
2368 kfree_skb(skb);
2369 return 0;
2370 }
2371
2372 if (skb->len < 1)
2373 return -EILSEQ;
2374
2375 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2376 reason = SMP_PAIRING_NOTSUPP;
2377 goto done;
2378 }
2379
2380 code = skb->data[0];
2381 skb_pull(skb, sizeof(code));
2382
2383 smp = chan->data;
2384
2385 if (code > SMP_CMD_MAX)
2386 goto drop;
2387
2388 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
2389 goto drop;
2390
2391 /* If we don't have a context the only allowed commands are
2392 * pairing request and security request.
2393 */
2394 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2395 goto drop;
2396
2397 switch (code) {
2398 case SMP_CMD_PAIRING_REQ:
2399 reason = smp_cmd_pairing_req(conn, skb);
2400 break;
2401
2402 case SMP_CMD_PAIRING_FAIL:
2403 smp_failure(conn, 0);
2404 err = -EPERM;
2405 break;
2406
2407 case SMP_CMD_PAIRING_RSP:
2408 reason = smp_cmd_pairing_rsp(conn, skb);
2409 break;
2410
2411 case SMP_CMD_SECURITY_REQ:
2412 reason = smp_cmd_security_req(conn, skb);
2413 break;
2414
2415 case SMP_CMD_PAIRING_CONFIRM:
2416 reason = smp_cmd_pairing_confirm(conn, skb);
2417 break;
2418
2419 case SMP_CMD_PAIRING_RANDOM:
2420 reason = smp_cmd_pairing_random(conn, skb);
2421 break;
2422
2423 case SMP_CMD_ENCRYPT_INFO:
2424 reason = smp_cmd_encrypt_info(conn, skb);
2425 break;
2426
2427 case SMP_CMD_MASTER_IDENT:
2428 reason = smp_cmd_master_ident(conn, skb);
2429 break;
2430
2431 case SMP_CMD_IDENT_INFO:
2432 reason = smp_cmd_ident_info(conn, skb);
2433 break;
2434
2435 case SMP_CMD_IDENT_ADDR_INFO:
2436 reason = smp_cmd_ident_addr_info(conn, skb);
2437 break;
2438
2439 case SMP_CMD_SIGN_INFO:
2440 reason = smp_cmd_sign_info(conn, skb);
2441 break;
2442
2443 case SMP_CMD_PUBLIC_KEY:
2444 reason = smp_cmd_public_key(conn, skb);
2445 break;
2446
2447 case SMP_CMD_DHKEY_CHECK:
2448 reason = smp_cmd_dhkey_check(conn, skb);
2449 break;
2450
2451 case SMP_CMD_KEYPRESS_NOTIFY:
2452 reason = smp_cmd_keypress_notify(conn, skb);
2453 break;
2454
2455 default:
2456 BT_DBG("Unknown command code 0x%2.2x", code);
2457 reason = SMP_CMD_NOTSUPP;
2458 goto done;
2459 }
2460
2461 done:
2462 if (!err) {
2463 if (reason)
2464 smp_failure(conn, reason);
2465 kfree_skb(skb);
2466 }
2467
2468 return err;
2469
2470 drop:
2471 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2472 code, &hcon->dst);
2473 kfree_skb(skb);
2474 return 0;
2475 }
2476
2477 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2478 {
2479 struct l2cap_conn *conn = chan->conn;
2480
2481 BT_DBG("chan %p", chan);
2482
2483 if (chan->data)
2484 smp_chan_destroy(conn);
2485
2486 conn->smp = NULL;
2487 l2cap_chan_put(chan);
2488 }
2489
2490 static void smp_resume_cb(struct l2cap_chan *chan)
2491 {
2492 struct smp_chan *smp = chan->data;
2493 struct l2cap_conn *conn = chan->conn;
2494 struct hci_conn *hcon = conn->hcon;
2495
2496 BT_DBG("chan %p", chan);
2497
2498 if (!smp)
2499 return;
2500
2501 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2502 return;
2503
2504 cancel_delayed_work(&smp->security_timer);
2505
2506 smp_distribute_keys(smp);
2507 }
2508
2509 static void smp_ready_cb(struct l2cap_chan *chan)
2510 {
2511 struct l2cap_conn *conn = chan->conn;
2512
2513 BT_DBG("chan %p", chan);
2514
2515 conn->smp = chan;
2516 l2cap_chan_hold(chan);
2517 }
2518
2519 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2520 {
2521 int err;
2522
2523 BT_DBG("chan %p", chan);
2524
2525 err = smp_sig_channel(chan, skb);
2526 if (err) {
2527 struct smp_chan *smp = chan->data;
2528
2529 if (smp)
2530 cancel_delayed_work_sync(&smp->security_timer);
2531
2532 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
2533 }
2534
2535 return err;
2536 }
2537
2538 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2539 unsigned long hdr_len,
2540 unsigned long len, int nb)
2541 {
2542 struct sk_buff *skb;
2543
2544 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2545 if (!skb)
2546 return ERR_PTR(-ENOMEM);
2547
2548 skb->priority = HCI_PRIO_MAX;
2549 bt_cb(skb)->chan = chan;
2550
2551 return skb;
2552 }
2553
2554 static const struct l2cap_ops smp_chan_ops = {
2555 .name = "Security Manager",
2556 .ready = smp_ready_cb,
2557 .recv = smp_recv_cb,
2558 .alloc_skb = smp_alloc_skb_cb,
2559 .teardown = smp_teardown_cb,
2560 .resume = smp_resume_cb,
2561
2562 .new_connection = l2cap_chan_no_new_connection,
2563 .state_change = l2cap_chan_no_state_change,
2564 .close = l2cap_chan_no_close,
2565 .defer = l2cap_chan_no_defer,
2566 .suspend = l2cap_chan_no_suspend,
2567 .set_shutdown = l2cap_chan_no_set_shutdown,
2568 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2569 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2570 };
2571
2572 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2573 {
2574 struct l2cap_chan *chan;
2575
2576 BT_DBG("pchan %p", pchan);
2577
2578 chan = l2cap_chan_create();
2579 if (!chan)
2580 return NULL;
2581
2582 chan->chan_type = pchan->chan_type;
2583 chan->ops = &smp_chan_ops;
2584 chan->scid = pchan->scid;
2585 chan->dcid = chan->scid;
2586 chan->imtu = pchan->imtu;
2587 chan->omtu = pchan->omtu;
2588 chan->mode = pchan->mode;
2589
2590 /* Other L2CAP channels may request SMP routines in order to
2591 * change the security level. This means that the SMP channel
2592 * lock must be considered in its own category to avoid lockdep
2593 * warnings.
2594 */
2595 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2596
2597 BT_DBG("created chan %p", chan);
2598
2599 return chan;
2600 }
2601
2602 static const struct l2cap_ops smp_root_chan_ops = {
2603 .name = "Security Manager Root",
2604 .new_connection = smp_new_conn_cb,
2605
2606 /* None of these are implemented for the root channel */
2607 .close = l2cap_chan_no_close,
2608 .alloc_skb = l2cap_chan_no_alloc_skb,
2609 .recv = l2cap_chan_no_recv,
2610 .state_change = l2cap_chan_no_state_change,
2611 .teardown = l2cap_chan_no_teardown,
2612 .ready = l2cap_chan_no_ready,
2613 .defer = l2cap_chan_no_defer,
2614 .suspend = l2cap_chan_no_suspend,
2615 .resume = l2cap_chan_no_resume,
2616 .set_shutdown = l2cap_chan_no_set_shutdown,
2617 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2618 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2619 };
2620
2621 int smp_register(struct hci_dev *hdev)
2622 {
2623 struct l2cap_chan *chan;
2624 struct crypto_blkcipher *tfm_aes;
2625
2626 BT_DBG("%s", hdev->name);
2627
2628 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2629 if (IS_ERR(tfm_aes)) {
2630 int err = PTR_ERR(tfm_aes);
2631 BT_ERR("Unable to create crypto context");
2632 return err;
2633 }
2634
2635 chan = l2cap_chan_create();
2636 if (!chan) {
2637 crypto_free_blkcipher(tfm_aes);
2638 return -ENOMEM;
2639 }
2640
2641 chan->data = tfm_aes;
2642
2643 l2cap_add_scid(chan, L2CAP_CID_SMP);
2644
2645 l2cap_chan_set_defaults(chan);
2646
2647 bacpy(&chan->src, &hdev->bdaddr);
2648 chan->src_type = BDADDR_LE_PUBLIC;
2649 chan->state = BT_LISTEN;
2650 chan->mode = L2CAP_MODE_BASIC;
2651 chan->imtu = L2CAP_DEFAULT_MTU;
2652 chan->ops = &smp_root_chan_ops;
2653
2654 /* Set correct nesting level for a parent/listening channel */
2655 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2656
2657 hdev->smp_data = chan;
2658
2659 return 0;
2660 }
2661
2662 void smp_unregister(struct hci_dev *hdev)
2663 {
2664 struct l2cap_chan *chan = hdev->smp_data;
2665 struct crypto_blkcipher *tfm_aes;
2666
2667 if (!chan)
2668 return;
2669
2670 BT_DBG("%s chan %p", hdev->name, chan);
2671
2672 tfm_aes = chan->data;
2673 if (tfm_aes) {
2674 chan->data = NULL;
2675 crypto_free_blkcipher(tfm_aes);
2676 }
2677
2678 hdev->smp_data = NULL;
2679 l2cap_chan_put(chan);
2680 }
Linux kernel - Deliverables
This page took 0.082225 seconds and 6 git commands to generate.