2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
50 struct l2cap_conn
*conn
;
51 struct delayed_work security_timer
;
52 unsigned long allow_cmd
; /* Bitmask of allowed commands */
54 u8 preq
[7]; /* SMP Pairing Request */
55 u8 prsp
[7]; /* SMP Pairing Response */
56 u8 prnd
[16]; /* SMP Pairing Random (local) */
57 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf
[16]; /* SMP Pairing Confirm */
59 u8 tk
[16]; /* SMP Temporary Key */
65 struct smp_csrk
*csrk
;
66 struct smp_csrk
*slave_csrk
;
68 struct smp_ltk
*slave_ltk
;
69 struct smp_irk
*remote_irk
;
72 struct crypto_blkcipher
*tfm_aes
;
75 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
79 for (i
= 0; i
< len
; i
++)
80 dst
[len
- 1 - i
] = src
[i
];
83 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
85 struct blkcipher_desc desc
;
86 struct scatterlist sg
;
87 uint8_t tmp
[16], data
[16];
91 BT_ERR("tfm %p", tfm
);
98 /* The most significant octet of key corresponds to k[0] */
101 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
103 BT_ERR("cipher setkey failed: %d", err
);
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r
, data
, 16);
110 sg_init_one(&sg
, data
, 16);
112 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
114 BT_ERR("Encrypt data error %d", err
);
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data
, r
, 16);
122 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
127 /* r' = padding || r */
129 memset(_res
+ 3, 0, 13);
131 err
= smp_e(tfm
, irk
, _res
);
133 BT_ERR("Encrypt error");
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
143 memcpy(res
, _res
, 3);
148 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
150 struct l2cap_chan
*chan
= hdev
->smp_data
;
151 struct crypto_blkcipher
*tfm
;
155 if (!chan
|| !chan
->data
)
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
162 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
166 return !memcmp(bdaddr
->b
, hash
, 3);
169 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
171 struct l2cap_chan
*chan
= hdev
->smp_data
;
172 struct crypto_blkcipher
*tfm
;
175 if (!chan
|| !chan
->data
)
180 get_random_bytes(&rpa
->b
[3], 3);
182 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
183 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
185 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
189 BT_DBG("RPA %pMR", rpa
);
194 static int smp_c1(struct smp_chan
*smp
, u8 k
[16], u8 r
[16], u8 preq
[7],
195 u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
, bdaddr_t
*ra
,
198 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
202 BT_DBG("%s", hdev
->name
);
206 /* p1 = pres || preq || _rat || _iat */
209 memcpy(p1
+ 2, preq
, 7);
210 memcpy(p1
+ 9, pres
, 7);
212 /* p2 = padding || ia || ra */
214 memcpy(p2
+ 6, ia
, 6);
215 memset(p2
+ 12, 0, 4);
218 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
220 /* res = e(k, res) */
221 err
= smp_e(smp
->tfm_aes
, k
, res
);
223 BT_ERR("Encrypt data error");
227 /* res = res XOR p2 */
228 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
230 /* res = e(k, res) */
231 err
= smp_e(smp
->tfm_aes
, k
, res
);
233 BT_ERR("Encrypt data error");
238 static int smp_s1(struct smp_chan
*smp
, u8 k
[16], u8 r1
[16], u8 r2
[16],
241 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
244 BT_DBG("%s", hdev
->name
);
246 /* Just least significant octets from r1 and r2 are considered */
248 memcpy(_r
+ 8, r1
, 8);
250 err
= smp_e(smp
->tfm_aes
, k
, _r
);
252 BT_ERR("Encrypt data error");
257 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
259 struct l2cap_chan
*chan
= conn
->smp
;
260 struct smp_chan
*smp
;
267 BT_DBG("code 0x%2.2x", code
);
269 iv
[0].iov_base
= &code
;
272 iv
[1].iov_base
= data
;
275 memset(&msg
, 0, sizeof(msg
));
277 msg
.msg_iov
= (struct iovec
*) &iv
;
280 l2cap_chan_send(chan
, &msg
, 1 + len
);
287 cancel_delayed_work_sync(&smp
->security_timer
);
288 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
291 static __u8
authreq_to_seclevel(__u8 authreq
)
293 if (authreq
& SMP_AUTH_MITM
)
294 return BT_SECURITY_HIGH
;
296 return BT_SECURITY_MEDIUM
;
299 static __u8
seclevel_to_authreq(__u8 sec_level
)
302 case BT_SECURITY_HIGH
:
303 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
304 case BT_SECURITY_MEDIUM
:
305 return SMP_AUTH_BONDING
;
307 return SMP_AUTH_NONE
;
311 static void build_pairing_cmd(struct l2cap_conn
*conn
,
312 struct smp_cmd_pairing
*req
,
313 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
315 struct l2cap_chan
*chan
= conn
->smp
;
316 struct smp_chan
*smp
= chan
->data
;
317 struct hci_conn
*hcon
= conn
->hcon
;
318 struct hci_dev
*hdev
= hcon
->hdev
;
319 u8 local_dist
= 0, remote_dist
= 0;
321 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
322 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
323 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
324 authreq
|= SMP_AUTH_BONDING
;
326 authreq
&= ~SMP_AUTH_BONDING
;
329 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
330 remote_dist
|= SMP_DIST_ID_KEY
;
332 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
333 local_dist
|= SMP_DIST_ID_KEY
;
336 req
->io_capability
= conn
->hcon
->io_capability
;
337 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
338 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
339 req
->init_key_dist
= local_dist
;
340 req
->resp_key_dist
= remote_dist
;
341 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
343 smp
->remote_key_dist
= remote_dist
;
347 rsp
->io_capability
= conn
->hcon
->io_capability
;
348 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
349 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
350 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
351 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
352 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
354 smp
->remote_key_dist
= rsp
->init_key_dist
;
357 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
359 struct l2cap_chan
*chan
= conn
->smp
;
360 struct smp_chan
*smp
= chan
->data
;
362 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
363 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
364 return SMP_ENC_KEY_SIZE
;
366 smp
->enc_key_size
= max_key_size
;
371 static void smp_chan_destroy(struct l2cap_conn
*conn
)
373 struct l2cap_chan
*chan
= conn
->smp
;
374 struct smp_chan
*smp
= chan
->data
;
379 cancel_delayed_work_sync(&smp
->security_timer
);
381 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
382 mgmt_smp_complete(conn
->hcon
, complete
);
385 kfree(smp
->slave_csrk
);
387 crypto_free_blkcipher(smp
->tfm_aes
);
389 /* If pairing failed clean up any keys we might have */
392 list_del(&smp
->ltk
->list
);
396 if (smp
->slave_ltk
) {
397 list_del(&smp
->slave_ltk
->list
);
398 kfree(smp
->slave_ltk
);
401 if (smp
->remote_irk
) {
402 list_del(&smp
->remote_irk
->list
);
403 kfree(smp
->remote_irk
);
409 hci_conn_drop(conn
->hcon
);
412 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
414 struct hci_conn
*hcon
= conn
->hcon
;
415 struct l2cap_chan
*chan
= conn
->smp
;
418 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
421 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
422 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
425 smp_chan_destroy(conn
);
428 #define JUST_WORKS 0x00
429 #define JUST_CFM 0x01
430 #define REQ_PASSKEY 0x02
431 #define CFM_PASSKEY 0x03
435 static const u8 gen_method
[5][5] = {
436 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
437 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
438 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
439 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
440 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
443 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
445 /* If either side has unknown io_caps, use JUST_CFM (which gets
446 * converted later to JUST_WORKS if we're initiators.
448 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
449 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
452 return gen_method
[remote_io
][local_io
];
455 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
456 u8 local_io
, u8 remote_io
)
458 struct hci_conn
*hcon
= conn
->hcon
;
459 struct l2cap_chan
*chan
= conn
->smp
;
460 struct smp_chan
*smp
= chan
->data
;
465 /* Initialize key for JUST WORKS */
466 memset(smp
->tk
, 0, sizeof(smp
->tk
));
467 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
469 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
471 /* If neither side wants MITM, either "just" confirm an incoming
472 * request or use just-works for outgoing ones. The JUST_CFM
473 * will be converted to JUST_WORKS if necessary later in this
474 * function. If either side has MITM look up the method from the
477 if (!(auth
& SMP_AUTH_MITM
))
480 method
= get_auth_method(smp
, local_io
, remote_io
);
482 /* Don't confirm locally initiated pairing attempts */
483 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
486 /* Don't bother user space with no IO capabilities */
487 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
490 /* If Just Works, Continue with Zero TK */
491 if (method
== JUST_WORKS
) {
492 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
496 /* Not Just Works/Confirm results in MITM Authentication */
497 if (method
!= JUST_CFM
)
498 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
500 /* If both devices have Keyoard-Display I/O, the master
501 * Confirms and the slave Enters the passkey.
503 if (method
== OVERLAP
) {
504 if (hcon
->role
== HCI_ROLE_MASTER
)
505 method
= CFM_PASSKEY
;
507 method
= REQ_PASSKEY
;
510 /* Generate random passkey. */
511 if (method
== CFM_PASSKEY
) {
512 memset(smp
->tk
, 0, sizeof(smp
->tk
));
513 get_random_bytes(&passkey
, sizeof(passkey
));
515 put_unaligned_le32(passkey
, smp
->tk
);
516 BT_DBG("PassKey: %d", passkey
);
517 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
520 hci_dev_lock(hcon
->hdev
);
522 if (method
== REQ_PASSKEY
)
523 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
524 hcon
->type
, hcon
->dst_type
);
525 else if (method
== JUST_CFM
)
526 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
527 hcon
->type
, hcon
->dst_type
,
530 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
531 hcon
->type
, hcon
->dst_type
,
534 hci_dev_unlock(hcon
->hdev
);
539 static u8
smp_confirm(struct smp_chan
*smp
)
541 struct l2cap_conn
*conn
= smp
->conn
;
542 struct smp_cmd_pairing_confirm cp
;
545 BT_DBG("conn %p", conn
);
547 ret
= smp_c1(smp
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
548 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
549 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
552 return SMP_UNSPECIFIED
;
554 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
556 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
559 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
561 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
566 static u8
smp_random(struct smp_chan
*smp
)
568 struct l2cap_conn
*conn
= smp
->conn
;
569 struct hci_conn
*hcon
= conn
->hcon
;
573 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
574 return SMP_UNSPECIFIED
;
576 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
578 ret
= smp_c1(smp
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
579 hcon
->init_addr_type
, &hcon
->init_addr
,
580 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
582 return SMP_UNSPECIFIED
;
584 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
585 BT_ERR("Pairing failed (confirmation values mismatch)");
586 return SMP_CONFIRM_FAILED
;
594 smp_s1(smp
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
596 memset(stk
+ smp
->enc_key_size
, 0,
597 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
599 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
600 return SMP_UNSPECIFIED
;
602 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
603 hcon
->enc_key_size
= smp
->enc_key_size
;
604 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
610 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
613 smp_s1(smp
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
615 memset(stk
+ smp
->enc_key_size
, 0,
616 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
618 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
623 /* Even though there's no _SLAVE suffix this is the
624 * slave STK we're adding for later lookup (the master
625 * STK never needs to be stored).
627 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
628 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
634 static void smp_notify_keys(struct l2cap_conn
*conn
)
636 struct l2cap_chan
*chan
= conn
->smp
;
637 struct smp_chan
*smp
= chan
->data
;
638 struct hci_conn
*hcon
= conn
->hcon
;
639 struct hci_dev
*hdev
= hcon
->hdev
;
640 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
641 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
644 if (smp
->remote_irk
) {
645 mgmt_new_irk(hdev
, smp
->remote_irk
);
646 /* Now that user space can be considered to know the
647 * identity address track the connection based on it
650 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
651 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
652 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
654 /* When receiving an indentity resolving key for
655 * a remote device that does not use a resolvable
656 * private address, just remove the key so that
657 * it is possible to use the controller white
660 * Userspace will have been told to not store
661 * this key at this point. So it is safe to
664 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
665 list_del(&smp
->remote_irk
->list
);
666 kfree(smp
->remote_irk
);
667 smp
->remote_irk
= NULL
;
671 /* The LTKs and CSRKs should be persistent only if both sides
672 * had the bonding bit set in their authentication requests.
674 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
677 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
678 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
679 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
682 if (smp
->slave_csrk
) {
683 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
684 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
685 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
689 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
690 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
691 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
694 if (smp
->slave_ltk
) {
695 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
696 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
697 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
701 static void smp_allow_key_dist(struct smp_chan
*smp
)
703 /* Allow the first expected phase 3 PDU. The rest of the PDUs
704 * will be allowed in each PDU handler to ensure we receive
705 * them in the correct order.
707 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
708 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
709 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
710 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
711 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
712 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
715 static void smp_distribute_keys(struct smp_chan
*smp
)
717 struct smp_cmd_pairing
*req
, *rsp
;
718 struct l2cap_conn
*conn
= smp
->conn
;
719 struct hci_conn
*hcon
= conn
->hcon
;
720 struct hci_dev
*hdev
= hcon
->hdev
;
723 BT_DBG("conn %p", conn
);
725 rsp
= (void *) &smp
->prsp
[1];
727 /* The responder sends its keys first */
728 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
729 smp_allow_key_dist(smp
);
733 req
= (void *) &smp
->preq
[1];
736 keydist
= &rsp
->init_key_dist
;
737 *keydist
&= req
->init_key_dist
;
739 keydist
= &rsp
->resp_key_dist
;
740 *keydist
&= req
->resp_key_dist
;
743 BT_DBG("keydist 0x%x", *keydist
);
745 if (*keydist
& SMP_DIST_ENC_KEY
) {
746 struct smp_cmd_encrypt_info enc
;
747 struct smp_cmd_master_ident ident
;
753 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
754 get_random_bytes(&ediv
, sizeof(ediv
));
755 get_random_bytes(&rand
, sizeof(rand
));
757 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
759 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
760 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
761 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
762 smp
->enc_key_size
, ediv
, rand
);
763 smp
->slave_ltk
= ltk
;
768 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
770 *keydist
&= ~SMP_DIST_ENC_KEY
;
773 if (*keydist
& SMP_DIST_ID_KEY
) {
774 struct smp_cmd_ident_addr_info addrinfo
;
775 struct smp_cmd_ident_info idinfo
;
777 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
779 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
781 /* The hci_conn contains the local identity address
782 * after the connection has been established.
784 * This is true even when the connection has been
785 * established using a resolvable random address.
787 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
788 addrinfo
.addr_type
= hcon
->src_type
;
790 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
793 *keydist
&= ~SMP_DIST_ID_KEY
;
796 if (*keydist
& SMP_DIST_SIGN
) {
797 struct smp_cmd_sign_info sign
;
798 struct smp_csrk
*csrk
;
800 /* Generate a new random key */
801 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
803 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
806 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
808 smp
->slave_csrk
= csrk
;
810 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
812 *keydist
&= ~SMP_DIST_SIGN
;
815 /* If there are still keys to be received wait for them */
816 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
817 smp_allow_key_dist(smp
);
821 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
822 smp_notify_keys(conn
);
824 smp_chan_destroy(conn
);
827 static void smp_timeout(struct work_struct
*work
)
829 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
830 security_timer
.work
);
831 struct l2cap_conn
*conn
= smp
->conn
;
833 BT_DBG("conn %p", conn
);
835 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
838 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
840 struct l2cap_chan
*chan
= conn
->smp
;
841 struct smp_chan
*smp
;
843 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
847 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
848 if (IS_ERR(smp
->tfm_aes
)) {
849 BT_ERR("Unable to create ECB crypto context");
857 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
859 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
861 hci_conn_hold(conn
->hcon
);
866 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
868 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
869 struct l2cap_chan
*chan
;
870 struct smp_chan
*smp
;
883 l2cap_chan_lock(chan
);
892 case MGMT_OP_USER_PASSKEY_REPLY
:
893 value
= le32_to_cpu(passkey
);
894 memset(smp
->tk
, 0, sizeof(smp
->tk
));
895 BT_DBG("PassKey: %d", value
);
896 put_unaligned_le32(value
, smp
->tk
);
898 case MGMT_OP_USER_CONFIRM_REPLY
:
899 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
901 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
902 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
903 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
907 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
914 /* If it is our turn to send Pairing Confirm, do so now */
915 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
916 u8 rsp
= smp_confirm(smp
);
918 smp_failure(conn
, rsp
);
922 l2cap_chan_unlock(chan
);
926 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
928 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
929 struct l2cap_chan
*chan
= conn
->smp
;
930 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
931 struct smp_chan
*smp
;
932 u8 key_size
, auth
, sec_level
;
935 BT_DBG("conn %p", conn
);
937 if (skb
->len
< sizeof(*req
))
938 return SMP_INVALID_PARAMS
;
940 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
941 return SMP_CMD_NOTSUPP
;
944 smp
= smp_chan_create(conn
);
949 return SMP_UNSPECIFIED
;
951 /* We didn't start the pairing, so match remote */
952 auth
= req
->auth_req
& AUTH_REQ_MASK
;
954 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
955 (auth
& SMP_AUTH_BONDING
))
956 return SMP_PAIRING_NOTSUPP
;
958 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
959 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
960 skb_pull(skb
, sizeof(*req
));
962 if (conn
->hcon
->io_capability
== 0x03)
963 sec_level
= BT_SECURITY_MEDIUM
;
965 sec_level
= authreq_to_seclevel(auth
);
967 if (sec_level
> conn
->hcon
->pending_sec_level
)
968 conn
->hcon
->pending_sec_level
= sec_level
;
970 /* If we need MITM check that it can be acheived */
971 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
974 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
976 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
977 return SMP_AUTH_REQUIREMENTS
;
980 build_pairing_cmd(conn
, req
, &rsp
, auth
);
982 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
983 if (check_enc_key_size(conn
, key_size
))
984 return SMP_ENC_KEY_SIZE
;
986 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
988 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
989 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
991 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
992 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
994 /* Request setup of TK */
995 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
997 return SMP_UNSPECIFIED
;
1002 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1004 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1005 struct l2cap_chan
*chan
= conn
->smp
;
1006 struct smp_chan
*smp
= chan
->data
;
1010 BT_DBG("conn %p", conn
);
1012 if (skb
->len
< sizeof(*rsp
))
1013 return SMP_INVALID_PARAMS
;
1015 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1016 return SMP_CMD_NOTSUPP
;
1018 skb_pull(skb
, sizeof(*rsp
));
1020 req
= (void *) &smp
->preq
[1];
1022 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1023 if (check_enc_key_size(conn
, key_size
))
1024 return SMP_ENC_KEY_SIZE
;
1026 auth
= rsp
->auth_req
& AUTH_REQ_MASK
;
1028 /* If we need MITM check that it can be acheived */
1029 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1032 method
= get_auth_method(smp
, req
->io_capability
,
1033 rsp
->io_capability
);
1034 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1035 return SMP_AUTH_REQUIREMENTS
;
1038 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1040 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1041 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1043 /* Update remote key distribution in case the remote cleared
1044 * some bits that we had enabled in our request.
1046 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1048 auth
|= req
->auth_req
;
1050 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1052 return SMP_UNSPECIFIED
;
1054 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1056 /* Can't compose response until we have been confirmed */
1057 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1058 return smp_confirm(smp
);
1063 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1065 struct l2cap_chan
*chan
= conn
->smp
;
1066 struct smp_chan
*smp
= chan
->data
;
1068 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1070 if (skb
->len
< sizeof(smp
->pcnf
))
1071 return SMP_INVALID_PARAMS
;
1073 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1074 skb_pull(skb
, sizeof(smp
->pcnf
));
1076 if (conn
->hcon
->out
) {
1077 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1079 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1083 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1084 return smp_confirm(smp
);
1086 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1091 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1093 struct l2cap_chan
*chan
= conn
->smp
;
1094 struct smp_chan
*smp
= chan
->data
;
1096 BT_DBG("conn %p", conn
);
1098 if (skb
->len
< sizeof(smp
->rrnd
))
1099 return SMP_INVALID_PARAMS
;
1101 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1102 skb_pull(skb
, sizeof(smp
->rrnd
));
1104 return smp_random(smp
);
1107 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1109 struct smp_ltk
*key
;
1110 struct hci_conn
*hcon
= conn
->hcon
;
1112 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1117 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
1120 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1123 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1124 hcon
->enc_key_size
= key
->enc_size
;
1126 /* We never store STKs for master role, so clear this flag */
1127 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1132 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
1134 if (sec_level
== BT_SECURITY_LOW
)
1137 /* If we're encrypted with an STK always claim insufficient
1138 * security. This way we allow the connection to be re-encrypted
1139 * with an LTK, even if the LTK provides the same level of
1140 * security. Only exception is if we don't have an LTK (e.g.
1141 * because of key distribution bits).
1143 if (test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1144 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1148 if (hcon
->sec_level
>= sec_level
)
1154 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1156 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1157 struct smp_cmd_pairing cp
;
1158 struct hci_conn
*hcon
= conn
->hcon
;
1159 struct smp_chan
*smp
;
1162 BT_DBG("conn %p", conn
);
1164 if (skb
->len
< sizeof(*rp
))
1165 return SMP_INVALID_PARAMS
;
1167 if (hcon
->role
!= HCI_ROLE_MASTER
)
1168 return SMP_CMD_NOTSUPP
;
1170 auth
= rp
->auth_req
& AUTH_REQ_MASK
;
1172 if (hcon
->io_capability
== 0x03)
1173 sec_level
= BT_SECURITY_MEDIUM
;
1175 sec_level
= authreq_to_seclevel(auth
);
1177 if (smp_sufficient_security(hcon
, sec_level
))
1180 if (sec_level
> hcon
->pending_sec_level
)
1181 hcon
->pending_sec_level
= sec_level
;
1183 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1186 smp
= smp_chan_create(conn
);
1188 return SMP_UNSPECIFIED
;
1190 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1191 (auth
& SMP_AUTH_BONDING
))
1192 return SMP_PAIRING_NOTSUPP
;
1194 skb_pull(skb
, sizeof(*rp
));
1196 memset(&cp
, 0, sizeof(cp
));
1197 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1199 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1200 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1202 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1203 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1208 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1210 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1211 struct l2cap_chan
*chan
;
1212 struct smp_chan
*smp
;
1216 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1218 /* This may be NULL if there's an unexpected disconnection */
1224 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1227 if (smp_sufficient_security(hcon
, sec_level
))
1230 if (sec_level
> hcon
->pending_sec_level
)
1231 hcon
->pending_sec_level
= sec_level
;
1233 if (hcon
->role
== HCI_ROLE_MASTER
)
1234 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1237 l2cap_chan_lock(chan
);
1239 /* If SMP is already in progress ignore this request */
1245 smp
= smp_chan_create(conn
);
1251 authreq
= seclevel_to_authreq(sec_level
);
1253 /* Require MITM if IO Capability allows or the security level
1256 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1257 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1258 authreq
|= SMP_AUTH_MITM
;
1260 if (hcon
->role
== HCI_ROLE_MASTER
) {
1261 struct smp_cmd_pairing cp
;
1263 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1264 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1265 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1267 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1268 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1270 struct smp_cmd_security_req cp
;
1271 cp
.auth_req
= authreq
;
1272 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1273 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1276 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1280 l2cap_chan_unlock(chan
);
1284 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1286 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1287 struct l2cap_chan
*chan
= conn
->smp
;
1288 struct smp_chan
*smp
= chan
->data
;
1290 BT_DBG("conn %p", conn
);
1292 if (skb
->len
< sizeof(*rp
))
1293 return SMP_INVALID_PARAMS
;
1295 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1297 skb_pull(skb
, sizeof(*rp
));
1299 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1304 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1306 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1307 struct l2cap_chan
*chan
= conn
->smp
;
1308 struct smp_chan
*smp
= chan
->data
;
1309 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1310 struct hci_conn
*hcon
= conn
->hcon
;
1311 struct smp_ltk
*ltk
;
1314 BT_DBG("conn %p", conn
);
1316 if (skb
->len
< sizeof(*rp
))
1317 return SMP_INVALID_PARAMS
;
1319 /* Mark the information as received */
1320 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1322 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1323 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1324 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1325 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1327 skb_pull(skb
, sizeof(*rp
));
1330 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1331 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1332 authenticated
, smp
->tk
, smp
->enc_key_size
,
1333 rp
->ediv
, rp
->rand
);
1335 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1336 smp_distribute_keys(smp
);
1337 hci_dev_unlock(hdev
);
1342 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1344 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1345 struct l2cap_chan
*chan
= conn
->smp
;
1346 struct smp_chan
*smp
= chan
->data
;
1350 if (skb
->len
< sizeof(*info
))
1351 return SMP_INVALID_PARAMS
;
1353 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1355 skb_pull(skb
, sizeof(*info
));
1357 memcpy(smp
->irk
, info
->irk
, 16);
1362 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1363 struct sk_buff
*skb
)
1365 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1366 struct l2cap_chan
*chan
= conn
->smp
;
1367 struct smp_chan
*smp
= chan
->data
;
1368 struct hci_conn
*hcon
= conn
->hcon
;
1373 if (skb
->len
< sizeof(*info
))
1374 return SMP_INVALID_PARAMS
;
1376 /* Mark the information as received */
1377 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1379 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1380 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1382 skb_pull(skb
, sizeof(*info
));
1384 hci_dev_lock(hcon
->hdev
);
1386 /* Strictly speaking the Core Specification (4.1) allows sending
1387 * an empty address which would force us to rely on just the IRK
1388 * as "identity information". However, since such
1389 * implementations are not known of and in order to not over
1390 * complicate our implementation, simply pretend that we never
1391 * received an IRK for such a device.
1393 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1394 BT_ERR("Ignoring IRK with no identity address");
1398 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1399 smp
->id_addr_type
= info
->addr_type
;
1401 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1402 bacpy(&rpa
, &hcon
->dst
);
1404 bacpy(&rpa
, BDADDR_ANY
);
1406 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1407 smp
->id_addr_type
, smp
->irk
, &rpa
);
1410 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1411 smp_distribute_keys(smp
);
1413 hci_dev_unlock(hcon
->hdev
);
1418 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1420 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1421 struct l2cap_chan
*chan
= conn
->smp
;
1422 struct smp_chan
*smp
= chan
->data
;
1423 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1424 struct smp_csrk
*csrk
;
1426 BT_DBG("conn %p", conn
);
1428 if (skb
->len
< sizeof(*rp
))
1429 return SMP_INVALID_PARAMS
;
1431 /* Mark the information as received */
1432 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1434 skb_pull(skb
, sizeof(*rp
));
1437 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1439 csrk
->master
= 0x01;
1440 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1443 smp_distribute_keys(smp
);
1444 hci_dev_unlock(hdev
);
1449 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1451 struct l2cap_conn
*conn
= chan
->conn
;
1452 struct hci_conn
*hcon
= conn
->hcon
;
1453 struct smp_chan
*smp
;
1457 if (hcon
->type
!= LE_LINK
) {
1465 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1466 reason
= SMP_PAIRING_NOTSUPP
;
1470 code
= skb
->data
[0];
1471 skb_pull(skb
, sizeof(code
));
1475 if (code
> SMP_CMD_MAX
)
1478 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
1481 /* If we don't have a context the only allowed commands are
1482 * pairing request and security request.
1484 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1488 case SMP_CMD_PAIRING_REQ
:
1489 reason
= smp_cmd_pairing_req(conn
, skb
);
1492 case SMP_CMD_PAIRING_FAIL
:
1493 smp_failure(conn
, 0);
1497 case SMP_CMD_PAIRING_RSP
:
1498 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1501 case SMP_CMD_SECURITY_REQ
:
1502 reason
= smp_cmd_security_req(conn
, skb
);
1505 case SMP_CMD_PAIRING_CONFIRM
:
1506 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1509 case SMP_CMD_PAIRING_RANDOM
:
1510 reason
= smp_cmd_pairing_random(conn
, skb
);
1513 case SMP_CMD_ENCRYPT_INFO
:
1514 reason
= smp_cmd_encrypt_info(conn
, skb
);
1517 case SMP_CMD_MASTER_IDENT
:
1518 reason
= smp_cmd_master_ident(conn
, skb
);
1521 case SMP_CMD_IDENT_INFO
:
1522 reason
= smp_cmd_ident_info(conn
, skb
);
1525 case SMP_CMD_IDENT_ADDR_INFO
:
1526 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1529 case SMP_CMD_SIGN_INFO
:
1530 reason
= smp_cmd_sign_info(conn
, skb
);
1534 BT_DBG("Unknown command code 0x%2.2x", code
);
1535 reason
= SMP_CMD_NOTSUPP
;
1542 smp_failure(conn
, reason
);
1549 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1555 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1557 struct l2cap_conn
*conn
= chan
->conn
;
1559 BT_DBG("chan %p", chan
);
1562 smp_chan_destroy(conn
);
1565 l2cap_chan_put(chan
);
1568 static void smp_resume_cb(struct l2cap_chan
*chan
)
1570 struct smp_chan
*smp
= chan
->data
;
1571 struct l2cap_conn
*conn
= chan
->conn
;
1572 struct hci_conn
*hcon
= conn
->hcon
;
1574 BT_DBG("chan %p", chan
);
1579 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1582 cancel_delayed_work(&smp
->security_timer
);
1584 smp_distribute_keys(smp
);
1587 static void smp_ready_cb(struct l2cap_chan
*chan
)
1589 struct l2cap_conn
*conn
= chan
->conn
;
1591 BT_DBG("chan %p", chan
);
1594 l2cap_chan_hold(chan
);
1597 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1601 BT_DBG("chan %p", chan
);
1603 err
= smp_sig_channel(chan
, skb
);
1605 struct smp_chan
*smp
= chan
->data
;
1608 cancel_delayed_work_sync(&smp
->security_timer
);
1610 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1616 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1617 unsigned long hdr_len
,
1618 unsigned long len
, int nb
)
1620 struct sk_buff
*skb
;
1622 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1624 return ERR_PTR(-ENOMEM
);
1626 skb
->priority
= HCI_PRIO_MAX
;
1627 bt_cb(skb
)->chan
= chan
;
1632 static const struct l2cap_ops smp_chan_ops
= {
1633 .name
= "Security Manager",
1634 .ready
= smp_ready_cb
,
1635 .recv
= smp_recv_cb
,
1636 .alloc_skb
= smp_alloc_skb_cb
,
1637 .teardown
= smp_teardown_cb
,
1638 .resume
= smp_resume_cb
,
1640 .new_connection
= l2cap_chan_no_new_connection
,
1641 .state_change
= l2cap_chan_no_state_change
,
1642 .close
= l2cap_chan_no_close
,
1643 .defer
= l2cap_chan_no_defer
,
1644 .suspend
= l2cap_chan_no_suspend
,
1645 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1646 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1647 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1650 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1652 struct l2cap_chan
*chan
;
1654 BT_DBG("pchan %p", pchan
);
1656 chan
= l2cap_chan_create();
1660 chan
->chan_type
= pchan
->chan_type
;
1661 chan
->ops
= &smp_chan_ops
;
1662 chan
->scid
= pchan
->scid
;
1663 chan
->dcid
= chan
->scid
;
1664 chan
->imtu
= pchan
->imtu
;
1665 chan
->omtu
= pchan
->omtu
;
1666 chan
->mode
= pchan
->mode
;
1668 BT_DBG("created chan %p", chan
);
1673 static const struct l2cap_ops smp_root_chan_ops
= {
1674 .name
= "Security Manager Root",
1675 .new_connection
= smp_new_conn_cb
,
1677 /* None of these are implemented for the root channel */
1678 .close
= l2cap_chan_no_close
,
1679 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1680 .recv
= l2cap_chan_no_recv
,
1681 .state_change
= l2cap_chan_no_state_change
,
1682 .teardown
= l2cap_chan_no_teardown
,
1683 .ready
= l2cap_chan_no_ready
,
1684 .defer
= l2cap_chan_no_defer
,
1685 .suspend
= l2cap_chan_no_suspend
,
1686 .resume
= l2cap_chan_no_resume
,
1687 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1688 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1689 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1692 int smp_register(struct hci_dev
*hdev
)
1694 struct l2cap_chan
*chan
;
1695 struct crypto_blkcipher
*tfm_aes
;
1697 BT_DBG("%s", hdev
->name
);
1699 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1700 if (IS_ERR(tfm_aes
)) {
1701 int err
= PTR_ERR(tfm_aes
);
1702 BT_ERR("Unable to create crypto context");
1706 chan
= l2cap_chan_create();
1708 crypto_free_blkcipher(tfm_aes
);
1712 chan
->data
= tfm_aes
;
1714 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1716 l2cap_chan_set_defaults(chan
);
1718 bacpy(&chan
->src
, &hdev
->bdaddr
);
1719 chan
->src_type
= BDADDR_LE_PUBLIC
;
1720 chan
->state
= BT_LISTEN
;
1721 chan
->mode
= L2CAP_MODE_BASIC
;
1722 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1723 chan
->ops
= &smp_root_chan_ops
;
1725 hdev
->smp_data
= chan
;
1730 void smp_unregister(struct hci_dev
*hdev
)
1732 struct l2cap_chan
*chan
= hdev
->smp_data
;
1733 struct crypto_blkcipher
*tfm_aes
;
1738 BT_DBG("%s chan %p", hdev
->name
, chan
);
1740 tfm_aes
= chan
->data
;
1743 crypto_free_blkcipher(tfm_aes
);
1746 hdev
->smp_data
= NULL
;
1747 l2cap_chan_put(chan
);