projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix SMP security level when we have no IO capabilities
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
195 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
196 u8 res[16])
197 {
198 struct hci_dev *hdev = smp->conn->hcon->hdev;
199 u8 p1[16], p2[16];
200 int err;
201
202 BT_DBG("%s", hdev->name);
203
204 memset(p1, 0, 16);
205
206 /* p1 = pres || preq || _rat || _iat */
207 p1[0] = _iat;
208 p1[1] = _rat;
209 memcpy(p1 + 2, preq, 7);
210 memcpy(p1 + 9, pres, 7);
211
212 /* p2 = padding || ia || ra */
213 memcpy(p2, ra, 6);
214 memcpy(p2 + 6, ia, 6);
215 memset(p2 + 12, 0, 4);
216
217 /* res = r XOR p1 */
218 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
219
220 /* res = e(k, res) */
221 err = smp_e(smp->tfm_aes, k, res);
222 if (err) {
223 BT_ERR("Encrypt data error");
224 return err;
225 }
226
227 /* res = res XOR p2 */
228 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
229
230 /* res = e(k, res) */
231 err = smp_e(smp->tfm_aes, k, res);
232 if (err)
233 BT_ERR("Encrypt data error");
234
235 return err;
236 }
237
238 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
239 u8 _r[16])
240 {
241 struct hci_dev *hdev = smp->conn->hcon->hdev;
242 int err;
243
244 BT_DBG("%s", hdev->name);
245
246 /* Just least significant octets from r1 and r2 are considered */
247 memcpy(_r, r2, 8);
248 memcpy(_r + 8, r1, 8);
249
250 err = smp_e(smp->tfm_aes, k, _r);
251 if (err)
252 BT_ERR("Encrypt data error");
253
254 return err;
255 }
256
257 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
258 {
259 struct l2cap_chan *chan = conn->smp;
260 struct smp_chan *smp;
261 struct kvec iv[2];
262 struct msghdr msg;
263
264 if (!chan)
265 return;
266
267 BT_DBG("code 0x%2.2x", code);
268
269 iv[0].iov_base = &code;
270 iv[0].iov_len = 1;
271
272 iv[1].iov_base = data;
273 iv[1].iov_len = len;
274
275 memset(&msg, 0, sizeof(msg));
276
277 msg.msg_iov = (struct iovec *) &iv;
278 msg.msg_iovlen = 2;
279
280 l2cap_chan_send(chan, &msg, 1 + len);
281
282 if (!chan->data)
283 return;
284
285 smp = chan->data;
286
287 cancel_delayed_work_sync(&smp->security_timer);
288 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
289 }
290
291 static __u8 authreq_to_seclevel(__u8 authreq)
292 {
293 if (authreq & SMP_AUTH_MITM)
294 return BT_SECURITY_HIGH;
295 else
296 return BT_SECURITY_MEDIUM;
297 }
298
299 static __u8 seclevel_to_authreq(__u8 sec_level)
300 {
301 switch (sec_level) {
302 case BT_SECURITY_HIGH:
303 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
304 case BT_SECURITY_MEDIUM:
305 return SMP_AUTH_BONDING;
306 default:
307 return SMP_AUTH_NONE;
308 }
309 }
310
311 static void build_pairing_cmd(struct l2cap_conn *conn,
312 struct smp_cmd_pairing *req,
313 struct smp_cmd_pairing *rsp, __u8 authreq)
314 {
315 struct l2cap_chan *chan = conn->smp;
316 struct smp_chan *smp = chan->data;
317 struct hci_conn *hcon = conn->hcon;
318 struct hci_dev *hdev = hcon->hdev;
319 u8 local_dist = 0, remote_dist = 0;
320
321 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
322 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
323 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 authreq |= SMP_AUTH_BONDING;
325 } else {
326 authreq &= ~SMP_AUTH_BONDING;
327 }
328
329 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
330 remote_dist |= SMP_DIST_ID_KEY;
331
332 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
333 local_dist |= SMP_DIST_ID_KEY;
334
335 if (rsp == NULL) {
336 req->io_capability = conn->hcon->io_capability;
337 req->oob_flag = SMP_OOB_NOT_PRESENT;
338 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 req->init_key_dist = local_dist;
340 req->resp_key_dist = remote_dist;
341 req->auth_req = (authreq & AUTH_REQ_MASK);
342
343 smp->remote_key_dist = remote_dist;
344 return;
345 }
346
347 rsp->io_capability = conn->hcon->io_capability;
348 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
349 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
350 rsp->init_key_dist = req->init_key_dist & remote_dist;
351 rsp->resp_key_dist = req->resp_key_dist & local_dist;
352 rsp->auth_req = (authreq & AUTH_REQ_MASK);
353
354 smp->remote_key_dist = rsp->init_key_dist;
355 }
356
357 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
358 {
359 struct l2cap_chan *chan = conn->smp;
360 struct smp_chan *smp = chan->data;
361
362 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
363 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
364 return SMP_ENC_KEY_SIZE;
365
366 smp->enc_key_size = max_key_size;
367
368 return 0;
369 }
370
371 static void smp_chan_destroy(struct l2cap_conn *conn)
372 {
373 struct l2cap_chan *chan = conn->smp;
374 struct smp_chan *smp = chan->data;
375 bool complete;
376
377 BUG_ON(!smp);
378
379 cancel_delayed_work_sync(&smp->security_timer);
380
381 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
382 mgmt_smp_complete(conn->hcon, complete);
383
384 kfree(smp->csrk);
385 kfree(smp->slave_csrk);
386
387 crypto_free_blkcipher(smp->tfm_aes);
388
389 /* If pairing failed clean up any keys we might have */
390 if (!complete) {
391 if (smp->ltk) {
392 list_del(&smp->ltk->list);
393 kfree(smp->ltk);
394 }
395
396 if (smp->slave_ltk) {
397 list_del(&smp->slave_ltk->list);
398 kfree(smp->slave_ltk);
399 }
400
401 if (smp->remote_irk) {
402 list_del(&smp->remote_irk->list);
403 kfree(smp->remote_irk);
404 }
405 }
406
407 chan->data = NULL;
408 kfree(smp);
409 hci_conn_drop(conn->hcon);
410 }
411
412 static void smp_failure(struct l2cap_conn *conn, u8 reason)
413 {
414 struct hci_conn *hcon = conn->hcon;
415 struct l2cap_chan *chan = conn->smp;
416
417 if (reason)
418 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
419 &reason);
420
421 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
422 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
423
424 if (chan->data)
425 smp_chan_destroy(conn);
426 }
427
428 #define JUST_WORKS 0x00
429 #define JUST_CFM 0x01
430 #define REQ_PASSKEY 0x02
431 #define CFM_PASSKEY 0x03
432 #define REQ_OOB 0x04
433 #define OVERLAP 0xFF
434
435 static const u8 gen_method[5][5] = {
436 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
437 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
438 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
439 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
440 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
441 };
442
443 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
444 {
445 /* If either side has unknown io_caps, use JUST_CFM (which gets
446 * converted later to JUST_WORKS if we're initiators.
447 */
448 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
449 remote_io > SMP_IO_KEYBOARD_DISPLAY)
450 return JUST_CFM;
451
452 return gen_method[remote_io][local_io];
453 }
454
455 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
456 u8 local_io, u8 remote_io)
457 {
458 struct hci_conn *hcon = conn->hcon;
459 struct l2cap_chan *chan = conn->smp;
460 struct smp_chan *smp = chan->data;
461 u8 method;
462 u32 passkey = 0;
463 int ret = 0;
464
465 /* Initialize key for JUST WORKS */
466 memset(smp->tk, 0, sizeof(smp->tk));
467 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
468
469 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
470
471 /* If neither side wants MITM, either "just" confirm an incoming
472 * request or use just-works for outgoing ones. The JUST_CFM
473 * will be converted to JUST_WORKS if necessary later in this
474 * function. If either side has MITM look up the method from the
475 * table.
476 */
477 if (!(auth & SMP_AUTH_MITM))
478 method = JUST_CFM;
479 else
480 method = get_auth_method(smp, local_io, remote_io);
481
482 /* Don't confirm locally initiated pairing attempts */
483 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
484 method = JUST_WORKS;
485
486 /* Don't bother user space with no IO capabilities */
487 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
488 method = JUST_WORKS;
489
490 /* If Just Works, Continue with Zero TK */
491 if (method == JUST_WORKS) {
492 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
493 return 0;
494 }
495
496 /* Not Just Works/Confirm results in MITM Authentication */
497 if (method != JUST_CFM)
498 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
499
500 /* If both devices have Keyoard-Display I/O, the master
501 * Confirms and the slave Enters the passkey.
502 */
503 if (method == OVERLAP) {
504 if (hcon->role == HCI_ROLE_MASTER)
505 method = CFM_PASSKEY;
506 else
507 method = REQ_PASSKEY;
508 }
509
510 /* Generate random passkey. */
511 if (method == CFM_PASSKEY) {
512 memset(smp->tk, 0, sizeof(smp->tk));
513 get_random_bytes(&passkey, sizeof(passkey));
514 passkey %= 1000000;
515 put_unaligned_le32(passkey, smp->tk);
516 BT_DBG("PassKey: %d", passkey);
517 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
518 }
519
520 hci_dev_lock(hcon->hdev);
521
522 if (method == REQ_PASSKEY)
523 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
524 hcon->type, hcon->dst_type);
525 else if (method == JUST_CFM)
526 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
527 hcon->type, hcon->dst_type,
528 passkey, 1);
529 else
530 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
531 hcon->type, hcon->dst_type,
532 passkey, 0);
533
534 hci_dev_unlock(hcon->hdev);
535
536 return ret;
537 }
538
539 static u8 smp_confirm(struct smp_chan *smp)
540 {
541 struct l2cap_conn *conn = smp->conn;
542 struct smp_cmd_pairing_confirm cp;
543 int ret;
544
545 BT_DBG("conn %p", conn);
546
547 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
548 conn->hcon->init_addr_type, &conn->hcon->init_addr,
549 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
550 cp.confirm_val);
551 if (ret)
552 return SMP_UNSPECIFIED;
553
554 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
555
556 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
557
558 if (conn->hcon->out)
559 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
560 else
561 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
562
563 return 0;
564 }
565
566 static u8 smp_random(struct smp_chan *smp)
567 {
568 struct l2cap_conn *conn = smp->conn;
569 struct hci_conn *hcon = conn->hcon;
570 u8 confirm[16];
571 int ret;
572
573 if (IS_ERR_OR_NULL(smp->tfm_aes))
574 return SMP_UNSPECIFIED;
575
576 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
577
578 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
579 hcon->init_addr_type, &hcon->init_addr,
580 hcon->resp_addr_type, &hcon->resp_addr, confirm);
581 if (ret)
582 return SMP_UNSPECIFIED;
583
584 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
585 BT_ERR("Pairing failed (confirmation values mismatch)");
586 return SMP_CONFIRM_FAILED;
587 }
588
589 if (hcon->out) {
590 u8 stk[16];
591 __le64 rand = 0;
592 __le16 ediv = 0;
593
594 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
595
596 memset(stk + smp->enc_key_size, 0,
597 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
598
599 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
600 return SMP_UNSPECIFIED;
601
602 hci_le_start_enc(hcon, ediv, rand, stk);
603 hcon->enc_key_size = smp->enc_key_size;
604 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
605 } else {
606 u8 stk[16], auth;
607 __le64 rand = 0;
608 __le16 ediv = 0;
609
610 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
611 smp->prnd);
612
613 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
614
615 memset(stk + smp->enc_key_size, 0,
616 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
617
618 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
619 auth = 1;
620 else
621 auth = 0;
622
623 /* Even though there's no _SLAVE suffix this is the
624 * slave STK we're adding for later lookup (the master
625 * STK never needs to be stored).
626 */
627 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
628 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
629 }
630
631 return 0;
632 }
633
634 static void smp_notify_keys(struct l2cap_conn *conn)
635 {
636 struct l2cap_chan *chan = conn->smp;
637 struct smp_chan *smp = chan->data;
638 struct hci_conn *hcon = conn->hcon;
639 struct hci_dev *hdev = hcon->hdev;
640 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
641 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
642 bool persistent;
643
644 if (smp->remote_irk) {
645 mgmt_new_irk(hdev, smp->remote_irk);
646 /* Now that user space can be considered to know the
647 * identity address track the connection based on it
648 * from now on.
649 */
650 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
651 hcon->dst_type = smp->remote_irk->addr_type;
652 queue_work(hdev->workqueue, &conn->id_addr_update_work);
653
654 /* When receiving an indentity resolving key for
655 * a remote device that does not use a resolvable
656 * private address, just remove the key so that
657 * it is possible to use the controller white
658 * list for scanning.
659 *
660 * Userspace will have been told to not store
661 * this key at this point. So it is safe to
662 * just remove it.
663 */
664 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
665 list_del(&smp->remote_irk->list);
666 kfree(smp->remote_irk);
667 smp->remote_irk = NULL;
668 }
669 }
670
671 /* The LTKs and CSRKs should be persistent only if both sides
672 * had the bonding bit set in their authentication requests.
673 */
674 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
675
676 if (smp->csrk) {
677 smp->csrk->bdaddr_type = hcon->dst_type;
678 bacpy(&smp->csrk->bdaddr, &hcon->dst);
679 mgmt_new_csrk(hdev, smp->csrk, persistent);
680 }
681
682 if (smp->slave_csrk) {
683 smp->slave_csrk->bdaddr_type = hcon->dst_type;
684 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
685 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
686 }
687
688 if (smp->ltk) {
689 smp->ltk->bdaddr_type = hcon->dst_type;
690 bacpy(&smp->ltk->bdaddr, &hcon->dst);
691 mgmt_new_ltk(hdev, smp->ltk, persistent);
692 }
693
694 if (smp->slave_ltk) {
695 smp->slave_ltk->bdaddr_type = hcon->dst_type;
696 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
697 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
698 }
699 }
700
701 static void smp_allow_key_dist(struct smp_chan *smp)
702 {
703 /* Allow the first expected phase 3 PDU. The rest of the PDUs
704 * will be allowed in each PDU handler to ensure we receive
705 * them in the correct order.
706 */
707 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
708 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
709 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
710 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
711 else if (smp->remote_key_dist & SMP_DIST_SIGN)
712 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
713 }
714
715 static void smp_distribute_keys(struct smp_chan *smp)
716 {
717 struct smp_cmd_pairing *req, *rsp;
718 struct l2cap_conn *conn = smp->conn;
719 struct hci_conn *hcon = conn->hcon;
720 struct hci_dev *hdev = hcon->hdev;
721 __u8 *keydist;
722
723 BT_DBG("conn %p", conn);
724
725 rsp = (void *) &smp->prsp[1];
726
727 /* The responder sends its keys first */
728 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
729 smp_allow_key_dist(smp);
730 return;
731 }
732
733 req = (void *) &smp->preq[1];
734
735 if (hcon->out) {
736 keydist = &rsp->init_key_dist;
737 *keydist &= req->init_key_dist;
738 } else {
739 keydist = &rsp->resp_key_dist;
740 *keydist &= req->resp_key_dist;
741 }
742
743 BT_DBG("keydist 0x%x", *keydist);
744
745 if (*keydist & SMP_DIST_ENC_KEY) {
746 struct smp_cmd_encrypt_info enc;
747 struct smp_cmd_master_ident ident;
748 struct smp_ltk *ltk;
749 u8 authenticated;
750 __le16 ediv;
751 __le64 rand;
752
753 get_random_bytes(enc.ltk, sizeof(enc.ltk));
754 get_random_bytes(&ediv, sizeof(ediv));
755 get_random_bytes(&rand, sizeof(rand));
756
757 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
758
759 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
760 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
761 SMP_LTK_SLAVE, authenticated, enc.ltk,
762 smp->enc_key_size, ediv, rand);
763 smp->slave_ltk = ltk;
764
765 ident.ediv = ediv;
766 ident.rand = rand;
767
768 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
769
770 *keydist &= ~SMP_DIST_ENC_KEY;
771 }
772
773 if (*keydist & SMP_DIST_ID_KEY) {
774 struct smp_cmd_ident_addr_info addrinfo;
775 struct smp_cmd_ident_info idinfo;
776
777 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
778
779 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
780
781 /* The hci_conn contains the local identity address
782 * after the connection has been established.
783 *
784 * This is true even when the connection has been
785 * established using a resolvable random address.
786 */
787 bacpy(&addrinfo.bdaddr, &hcon->src);
788 addrinfo.addr_type = hcon->src_type;
789
790 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
791 &addrinfo);
792
793 *keydist &= ~SMP_DIST_ID_KEY;
794 }
795
796 if (*keydist & SMP_DIST_SIGN) {
797 struct smp_cmd_sign_info sign;
798 struct smp_csrk *csrk;
799
800 /* Generate a new random key */
801 get_random_bytes(sign.csrk, sizeof(sign.csrk));
802
803 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
804 if (csrk) {
805 csrk->master = 0x00;
806 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
807 }
808 smp->slave_csrk = csrk;
809
810 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
811
812 *keydist &= ~SMP_DIST_SIGN;
813 }
814
815 /* If there are still keys to be received wait for them */
816 if (smp->remote_key_dist & KEY_DIST_MASK) {
817 smp_allow_key_dist(smp);
818 return;
819 }
820
821 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
822 smp_notify_keys(conn);
823
824 smp_chan_destroy(conn);
825 }
826
827 static void smp_timeout(struct work_struct *work)
828 {
829 struct smp_chan *smp = container_of(work, struct smp_chan,
830 security_timer.work);
831 struct l2cap_conn *conn = smp->conn;
832
833 BT_DBG("conn %p", conn);
834
835 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
836 }
837
838 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
839 {
840 struct l2cap_chan *chan = conn->smp;
841 struct smp_chan *smp;
842
843 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
844 if (!smp)
845 return NULL;
846
847 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
848 if (IS_ERR(smp->tfm_aes)) {
849 BT_ERR("Unable to create ECB crypto context");
850 kfree(smp);
851 return NULL;
852 }
853
854 smp->conn = conn;
855 chan->data = smp;
856
857 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
858
859 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
860
861 hci_conn_hold(conn->hcon);
862
863 return smp;
864 }
865
866 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
867 {
868 struct l2cap_conn *conn = hcon->l2cap_data;
869 struct l2cap_chan *chan;
870 struct smp_chan *smp;
871 u32 value;
872 int err;
873
874 BT_DBG("");
875
876 if (!conn)
877 return -ENOTCONN;
878
879 chan = conn->smp;
880 if (!chan)
881 return -ENOTCONN;
882
883 l2cap_chan_lock(chan);
884 if (!chan->data) {
885 err = -ENOTCONN;
886 goto unlock;
887 }
888
889 smp = chan->data;
890
891 switch (mgmt_op) {
892 case MGMT_OP_USER_PASSKEY_REPLY:
893 value = le32_to_cpu(passkey);
894 memset(smp->tk, 0, sizeof(smp->tk));
895 BT_DBG("PassKey: %d", value);
896 put_unaligned_le32(value, smp->tk);
897 /* Fall Through */
898 case MGMT_OP_USER_CONFIRM_REPLY:
899 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
900 break;
901 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
902 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
903 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
904 err = 0;
905 goto unlock;
906 default:
907 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
908 err = -EOPNOTSUPP;
909 goto unlock;
910 }
911
912 err = 0;
913
914 /* If it is our turn to send Pairing Confirm, do so now */
915 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
916 u8 rsp = smp_confirm(smp);
917 if (rsp)
918 smp_failure(conn, rsp);
919 }
920
921 unlock:
922 l2cap_chan_unlock(chan);
923 return err;
924 }
925
926 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
927 {
928 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
929 struct l2cap_chan *chan = conn->smp;
930 struct hci_dev *hdev = conn->hcon->hdev;
931 struct smp_chan *smp;
932 u8 key_size, auth, sec_level;
933 int ret;
934
935 BT_DBG("conn %p", conn);
936
937 if (skb->len < sizeof(*req))
938 return SMP_INVALID_PARAMS;
939
940 if (conn->hcon->role != HCI_ROLE_SLAVE)
941 return SMP_CMD_NOTSUPP;
942
943 if (!chan->data)
944 smp = smp_chan_create(conn);
945 else
946 smp = chan->data;
947
948 if (!smp)
949 return SMP_UNSPECIFIED;
950
951 /* We didn't start the pairing, so match remote */
952 auth = req->auth_req & AUTH_REQ_MASK;
953
954 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
955 (auth & SMP_AUTH_BONDING))
956 return SMP_PAIRING_NOTSUPP;
957
958 smp->preq[0] = SMP_CMD_PAIRING_REQ;
959 memcpy(&smp->preq[1], req, sizeof(*req));
960 skb_pull(skb, sizeof(*req));
961
962 if (conn->hcon->io_capability == 0x03)
963 sec_level = BT_SECURITY_MEDIUM;
964 else
965 sec_level = authreq_to_seclevel(auth);
966
967 if (sec_level > conn->hcon->pending_sec_level)
968 conn->hcon->pending_sec_level = sec_level;
969
970 /* If we need MITM check that it can be acheived */
971 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
972 u8 method;
973
974 method = get_auth_method(smp, conn->hcon->io_capability,
975 req->io_capability);
976 if (method == JUST_WORKS || method == JUST_CFM)
977 return SMP_AUTH_REQUIREMENTS;
978 }
979
980 build_pairing_cmd(conn, req, &rsp, auth);
981
982 key_size = min(req->max_key_size, rsp.max_key_size);
983 if (check_enc_key_size(conn, key_size))
984 return SMP_ENC_KEY_SIZE;
985
986 get_random_bytes(smp->prnd, sizeof(smp->prnd));
987
988 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
989 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
990
991 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
992 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
993
994 /* Request setup of TK */
995 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
996 if (ret)
997 return SMP_UNSPECIFIED;
998
999 return 0;
1000 }
1001
1002 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1003 {
1004 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1005 struct l2cap_chan *chan = conn->smp;
1006 struct smp_chan *smp = chan->data;
1007 u8 key_size, auth;
1008 int ret;
1009
1010 BT_DBG("conn %p", conn);
1011
1012 if (skb->len < sizeof(*rsp))
1013 return SMP_INVALID_PARAMS;
1014
1015 if (conn->hcon->role != HCI_ROLE_MASTER)
1016 return SMP_CMD_NOTSUPP;
1017
1018 skb_pull(skb, sizeof(*rsp));
1019
1020 req = (void *) &smp->preq[1];
1021
1022 key_size = min(req->max_key_size, rsp->max_key_size);
1023 if (check_enc_key_size(conn, key_size))
1024 return SMP_ENC_KEY_SIZE;
1025
1026 auth = rsp->auth_req & AUTH_REQ_MASK;
1027
1028 /* If we need MITM check that it can be acheived */
1029 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1030 u8 method;
1031
1032 method = get_auth_method(smp, req->io_capability,
1033 rsp->io_capability);
1034 if (method == JUST_WORKS || method == JUST_CFM)
1035 return SMP_AUTH_REQUIREMENTS;
1036 }
1037
1038 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1039
1040 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1041 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1042
1043 /* Update remote key distribution in case the remote cleared
1044 * some bits that we had enabled in our request.
1045 */
1046 smp->remote_key_dist &= rsp->resp_key_dist;
1047
1048 auth |= req->auth_req;
1049
1050 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1051 if (ret)
1052 return SMP_UNSPECIFIED;
1053
1054 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1055
1056 /* Can't compose response until we have been confirmed */
1057 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1058 return smp_confirm(smp);
1059
1060 return 0;
1061 }
1062
1063 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1064 {
1065 struct l2cap_chan *chan = conn->smp;
1066 struct smp_chan *smp = chan->data;
1067
1068 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1069
1070 if (skb->len < sizeof(smp->pcnf))
1071 return SMP_INVALID_PARAMS;
1072
1073 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1074 skb_pull(skb, sizeof(smp->pcnf));
1075
1076 if (conn->hcon->out) {
1077 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1078 smp->prnd);
1079 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1080 return 0;
1081 }
1082
1083 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1084 return smp_confirm(smp);
1085 else
1086 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1087
1088 return 0;
1089 }
1090
1091 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1092 {
1093 struct l2cap_chan *chan = conn->smp;
1094 struct smp_chan *smp = chan->data;
1095
1096 BT_DBG("conn %p", conn);
1097
1098 if (skb->len < sizeof(smp->rrnd))
1099 return SMP_INVALID_PARAMS;
1100
1101 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1102 skb_pull(skb, sizeof(smp->rrnd));
1103
1104 return smp_random(smp);
1105 }
1106
1107 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1108 {
1109 struct smp_ltk *key;
1110 struct hci_conn *hcon = conn->hcon;
1111
1112 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1113 hcon->role);
1114 if (!key)
1115 return false;
1116
1117 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1118 return false;
1119
1120 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1121 return true;
1122
1123 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1124 hcon->enc_key_size = key->enc_size;
1125
1126 /* We never store STKs for master role, so clear this flag */
1127 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1128
1129 return true;
1130 }
1131
1132 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1133 {
1134 if (sec_level == BT_SECURITY_LOW)
1135 return true;
1136
1137 /* If we're encrypted with an STK always claim insufficient
1138 * security. This way we allow the connection to be re-encrypted
1139 * with an LTK, even if the LTK provides the same level of
1140 * security. Only exception is if we don't have an LTK (e.g.
1141 * because of key distribution bits).
1142 */
1143 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1144 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1145 hcon->role))
1146 return false;
1147
1148 if (hcon->sec_level >= sec_level)
1149 return true;
1150
1151 return false;
1152 }
1153
1154 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1155 {
1156 struct smp_cmd_security_req *rp = (void *) skb->data;
1157 struct smp_cmd_pairing cp;
1158 struct hci_conn *hcon = conn->hcon;
1159 struct smp_chan *smp;
1160 u8 sec_level, auth;
1161
1162 BT_DBG("conn %p", conn);
1163
1164 if (skb->len < sizeof(*rp))
1165 return SMP_INVALID_PARAMS;
1166
1167 if (hcon->role != HCI_ROLE_MASTER)
1168 return SMP_CMD_NOTSUPP;
1169
1170 auth = rp->auth_req & AUTH_REQ_MASK;
1171
1172 if (hcon->io_capability == 0x03)
1173 sec_level = BT_SECURITY_MEDIUM;
1174 else
1175 sec_level = authreq_to_seclevel(auth);
1176
1177 if (smp_sufficient_security(hcon, sec_level))
1178 return 0;
1179
1180 if (sec_level > hcon->pending_sec_level)
1181 hcon->pending_sec_level = sec_level;
1182
1183 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1184 return 0;
1185
1186 smp = smp_chan_create(conn);
1187 if (!smp)
1188 return SMP_UNSPECIFIED;
1189
1190 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1191 (auth & SMP_AUTH_BONDING))
1192 return SMP_PAIRING_NOTSUPP;
1193
1194 skb_pull(skb, sizeof(*rp));
1195
1196 memset(&cp, 0, sizeof(cp));
1197 build_pairing_cmd(conn, &cp, NULL, auth);
1198
1199 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1200 memcpy(&smp->preq[1], &cp, sizeof(cp));
1201
1202 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1203 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1204
1205 return 0;
1206 }
1207
1208 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1209 {
1210 struct l2cap_conn *conn = hcon->l2cap_data;
1211 struct l2cap_chan *chan;
1212 struct smp_chan *smp;
1213 __u8 authreq;
1214 int ret;
1215
1216 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1217
1218 /* This may be NULL if there's an unexpected disconnection */
1219 if (!conn)
1220 return 1;
1221
1222 chan = conn->smp;
1223
1224 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1225 return 1;
1226
1227 if (smp_sufficient_security(hcon, sec_level))
1228 return 1;
1229
1230 if (sec_level > hcon->pending_sec_level)
1231 hcon->pending_sec_level = sec_level;
1232
1233 if (hcon->role == HCI_ROLE_MASTER)
1234 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1235 return 0;
1236
1237 l2cap_chan_lock(chan);
1238
1239 /* If SMP is already in progress ignore this request */
1240 if (chan->data) {
1241 ret = 0;
1242 goto unlock;
1243 }
1244
1245 smp = smp_chan_create(conn);
1246 if (!smp) {
1247 ret = 1;
1248 goto unlock;
1249 }
1250
1251 authreq = seclevel_to_authreq(sec_level);
1252
1253 /* Require MITM if IO Capability allows or the security level
1254 * requires it.
1255 */
1256 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1257 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1258 authreq |= SMP_AUTH_MITM;
1259
1260 if (hcon->role == HCI_ROLE_MASTER) {
1261 struct smp_cmd_pairing cp;
1262
1263 build_pairing_cmd(conn, &cp, NULL, authreq);
1264 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1265 memcpy(&smp->preq[1], &cp, sizeof(cp));
1266
1267 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1269 } else {
1270 struct smp_cmd_security_req cp;
1271 cp.auth_req = authreq;
1272 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1273 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1274 }
1275
1276 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1277 ret = 0;
1278
1279 unlock:
1280 l2cap_chan_unlock(chan);
1281 return ret;
1282 }
1283
1284 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1285 {
1286 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1287 struct l2cap_chan *chan = conn->smp;
1288 struct smp_chan *smp = chan->data;
1289
1290 BT_DBG("conn %p", conn);
1291
1292 if (skb->len < sizeof(*rp))
1293 return SMP_INVALID_PARAMS;
1294
1295 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1296
1297 skb_pull(skb, sizeof(*rp));
1298
1299 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1300
1301 return 0;
1302 }
1303
1304 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1305 {
1306 struct smp_cmd_master_ident *rp = (void *) skb->data;
1307 struct l2cap_chan *chan = conn->smp;
1308 struct smp_chan *smp = chan->data;
1309 struct hci_dev *hdev = conn->hcon->hdev;
1310 struct hci_conn *hcon = conn->hcon;
1311 struct smp_ltk *ltk;
1312 u8 authenticated;
1313
1314 BT_DBG("conn %p", conn);
1315
1316 if (skb->len < sizeof(*rp))
1317 return SMP_INVALID_PARAMS;
1318
1319 /* Mark the information as received */
1320 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1321
1322 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1323 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1324 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1325 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1326
1327 skb_pull(skb, sizeof(*rp));
1328
1329 hci_dev_lock(hdev);
1330 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1331 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1332 authenticated, smp->tk, smp->enc_key_size,
1333 rp->ediv, rp->rand);
1334 smp->ltk = ltk;
1335 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1336 smp_distribute_keys(smp);
1337 hci_dev_unlock(hdev);
1338
1339 return 0;
1340 }
1341
1342 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1343 {
1344 struct smp_cmd_ident_info *info = (void *) skb->data;
1345 struct l2cap_chan *chan = conn->smp;
1346 struct smp_chan *smp = chan->data;
1347
1348 BT_DBG("");
1349
1350 if (skb->len < sizeof(*info))
1351 return SMP_INVALID_PARAMS;
1352
1353 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1354
1355 skb_pull(skb, sizeof(*info));
1356
1357 memcpy(smp->irk, info->irk, 16);
1358
1359 return 0;
1360 }
1361
1362 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1363 struct sk_buff *skb)
1364 {
1365 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1366 struct l2cap_chan *chan = conn->smp;
1367 struct smp_chan *smp = chan->data;
1368 struct hci_conn *hcon = conn->hcon;
1369 bdaddr_t rpa;
1370
1371 BT_DBG("");
1372
1373 if (skb->len < sizeof(*info))
1374 return SMP_INVALID_PARAMS;
1375
1376 /* Mark the information as received */
1377 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1378
1379 if (smp->remote_key_dist & SMP_DIST_SIGN)
1380 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1381
1382 skb_pull(skb, sizeof(*info));
1383
1384 hci_dev_lock(hcon->hdev);
1385
1386 /* Strictly speaking the Core Specification (4.1) allows sending
1387 * an empty address which would force us to rely on just the IRK
1388 * as "identity information". However, since such
1389 * implementations are not known of and in order to not over
1390 * complicate our implementation, simply pretend that we never
1391 * received an IRK for such a device.
1392 */
1393 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1394 BT_ERR("Ignoring IRK with no identity address");
1395 goto distribute;
1396 }
1397
1398 bacpy(&smp->id_addr, &info->bdaddr);
1399 smp->id_addr_type = info->addr_type;
1400
1401 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1402 bacpy(&rpa, &hcon->dst);
1403 else
1404 bacpy(&rpa, BDADDR_ANY);
1405
1406 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1407 smp->id_addr_type, smp->irk, &rpa);
1408
1409 distribute:
1410 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1411 smp_distribute_keys(smp);
1412
1413 hci_dev_unlock(hcon->hdev);
1414
1415 return 0;
1416 }
1417
1418 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1419 {
1420 struct smp_cmd_sign_info *rp = (void *) skb->data;
1421 struct l2cap_chan *chan = conn->smp;
1422 struct smp_chan *smp = chan->data;
1423 struct hci_dev *hdev = conn->hcon->hdev;
1424 struct smp_csrk *csrk;
1425
1426 BT_DBG("conn %p", conn);
1427
1428 if (skb->len < sizeof(*rp))
1429 return SMP_INVALID_PARAMS;
1430
1431 /* Mark the information as received */
1432 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1433
1434 skb_pull(skb, sizeof(*rp));
1435
1436 hci_dev_lock(hdev);
1437 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1438 if (csrk) {
1439 csrk->master = 0x01;
1440 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1441 }
1442 smp->csrk = csrk;
1443 smp_distribute_keys(smp);
1444 hci_dev_unlock(hdev);
1445
1446 return 0;
1447 }
1448
1449 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1450 {
1451 struct l2cap_conn *conn = chan->conn;
1452 struct hci_conn *hcon = conn->hcon;
1453 struct smp_chan *smp;
1454 __u8 code, reason;
1455 int err = 0;
1456
1457 if (hcon->type != LE_LINK) {
1458 kfree_skb(skb);
1459 return 0;
1460 }
1461
1462 if (skb->len < 1)
1463 return -EILSEQ;
1464
1465 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1466 reason = SMP_PAIRING_NOTSUPP;
1467 goto done;
1468 }
1469
1470 code = skb->data[0];
1471 skb_pull(skb, sizeof(code));
1472
1473 smp = chan->data;
1474
1475 if (code > SMP_CMD_MAX)
1476 goto drop;
1477
1478 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1479 goto drop;
1480
1481 /* If we don't have a context the only allowed commands are
1482 * pairing request and security request.
1483 */
1484 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1485 goto drop;
1486
1487 switch (code) {
1488 case SMP_CMD_PAIRING_REQ:
1489 reason = smp_cmd_pairing_req(conn, skb);
1490 break;
1491
1492 case SMP_CMD_PAIRING_FAIL:
1493 smp_failure(conn, 0);
1494 err = -EPERM;
1495 break;
1496
1497 case SMP_CMD_PAIRING_RSP:
1498 reason = smp_cmd_pairing_rsp(conn, skb);
1499 break;
1500
1501 case SMP_CMD_SECURITY_REQ:
1502 reason = smp_cmd_security_req(conn, skb);
1503 break;
1504
1505 case SMP_CMD_PAIRING_CONFIRM:
1506 reason = smp_cmd_pairing_confirm(conn, skb);
1507 break;
1508
1509 case SMP_CMD_PAIRING_RANDOM:
1510 reason = smp_cmd_pairing_random(conn, skb);
1511 break;
1512
1513 case SMP_CMD_ENCRYPT_INFO:
1514 reason = smp_cmd_encrypt_info(conn, skb);
1515 break;
1516
1517 case SMP_CMD_MASTER_IDENT:
1518 reason = smp_cmd_master_ident(conn, skb);
1519 break;
1520
1521 case SMP_CMD_IDENT_INFO:
1522 reason = smp_cmd_ident_info(conn, skb);
1523 break;
1524
1525 case SMP_CMD_IDENT_ADDR_INFO:
1526 reason = smp_cmd_ident_addr_info(conn, skb);
1527 break;
1528
1529 case SMP_CMD_SIGN_INFO:
1530 reason = smp_cmd_sign_info(conn, skb);
1531 break;
1532
1533 default:
1534 BT_DBG("Unknown command code 0x%2.2x", code);
1535 reason = SMP_CMD_NOTSUPP;
1536 goto done;
1537 }
1538
1539 done:
1540 if (!err) {
1541 if (reason)
1542 smp_failure(conn, reason);
1543 kfree_skb(skb);
1544 }
1545
1546 return err;
1547
1548 drop:
1549 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1550 code, &hcon->dst);
1551 kfree_skb(skb);
1552 return 0;
1553 }
1554
1555 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1556 {
1557 struct l2cap_conn *conn = chan->conn;
1558
1559 BT_DBG("chan %p", chan);
1560
1561 if (chan->data)
1562 smp_chan_destroy(conn);
1563
1564 conn->smp = NULL;
1565 l2cap_chan_put(chan);
1566 }
1567
1568 static void smp_resume_cb(struct l2cap_chan *chan)
1569 {
1570 struct smp_chan *smp = chan->data;
1571 struct l2cap_conn *conn = chan->conn;
1572 struct hci_conn *hcon = conn->hcon;
1573
1574 BT_DBG("chan %p", chan);
1575
1576 if (!smp)
1577 return;
1578
1579 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1580 return;
1581
1582 cancel_delayed_work(&smp->security_timer);
1583
1584 smp_distribute_keys(smp);
1585 }
1586
1587 static void smp_ready_cb(struct l2cap_chan *chan)
1588 {
1589 struct l2cap_conn *conn = chan->conn;
1590
1591 BT_DBG("chan %p", chan);
1592
1593 conn->smp = chan;
1594 l2cap_chan_hold(chan);
1595 }
1596
1597 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1598 {
1599 int err;
1600
1601 BT_DBG("chan %p", chan);
1602
1603 err = smp_sig_channel(chan, skb);
1604 if (err) {
1605 struct smp_chan *smp = chan->data;
1606
1607 if (smp)
1608 cancel_delayed_work_sync(&smp->security_timer);
1609
1610 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1611 }
1612
1613 return err;
1614 }
1615
1616 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1617 unsigned long hdr_len,
1618 unsigned long len, int nb)
1619 {
1620 struct sk_buff *skb;
1621
1622 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1623 if (!skb)
1624 return ERR_PTR(-ENOMEM);
1625
1626 skb->priority = HCI_PRIO_MAX;
1627 bt_cb(skb)->chan = chan;
1628
1629 return skb;
1630 }
1631
1632 static const struct l2cap_ops smp_chan_ops = {
1633 .name = "Security Manager",
1634 .ready = smp_ready_cb,
1635 .recv = smp_recv_cb,
1636 .alloc_skb = smp_alloc_skb_cb,
1637 .teardown = smp_teardown_cb,
1638 .resume = smp_resume_cb,
1639
1640 .new_connection = l2cap_chan_no_new_connection,
1641 .state_change = l2cap_chan_no_state_change,
1642 .close = l2cap_chan_no_close,
1643 .defer = l2cap_chan_no_defer,
1644 .suspend = l2cap_chan_no_suspend,
1645 .set_shutdown = l2cap_chan_no_set_shutdown,
1646 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1647 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1648 };
1649
1650 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1651 {
1652 struct l2cap_chan *chan;
1653
1654 BT_DBG("pchan %p", pchan);
1655
1656 chan = l2cap_chan_create();
1657 if (!chan)
1658 return NULL;
1659
1660 chan->chan_type = pchan->chan_type;
1661 chan->ops = &smp_chan_ops;
1662 chan->scid = pchan->scid;
1663 chan->dcid = chan->scid;
1664 chan->imtu = pchan->imtu;
1665 chan->omtu = pchan->omtu;
1666 chan->mode = pchan->mode;
1667
1668 BT_DBG("created chan %p", chan);
1669
1670 return chan;
1671 }
1672
1673 static const struct l2cap_ops smp_root_chan_ops = {
1674 .name = "Security Manager Root",
1675 .new_connection = smp_new_conn_cb,
1676
1677 /* None of these are implemented for the root channel */
1678 .close = l2cap_chan_no_close,
1679 .alloc_skb = l2cap_chan_no_alloc_skb,
1680 .recv = l2cap_chan_no_recv,
1681 .state_change = l2cap_chan_no_state_change,
1682 .teardown = l2cap_chan_no_teardown,
1683 .ready = l2cap_chan_no_ready,
1684 .defer = l2cap_chan_no_defer,
1685 .suspend = l2cap_chan_no_suspend,
1686 .resume = l2cap_chan_no_resume,
1687 .set_shutdown = l2cap_chan_no_set_shutdown,
1688 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1689 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1690 };
1691
1692 int smp_register(struct hci_dev *hdev)
1693 {
1694 struct l2cap_chan *chan;
1695 struct crypto_blkcipher *tfm_aes;
1696
1697 BT_DBG("%s", hdev->name);
1698
1699 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1700 if (IS_ERR(tfm_aes)) {
1701 int err = PTR_ERR(tfm_aes);
1702 BT_ERR("Unable to create crypto context");
1703 return err;
1704 }
1705
1706 chan = l2cap_chan_create();
1707 if (!chan) {
1708 crypto_free_blkcipher(tfm_aes);
1709 return -ENOMEM;
1710 }
1711
1712 chan->data = tfm_aes;
1713
1714 l2cap_add_scid(chan, L2CAP_CID_SMP);
1715
1716 l2cap_chan_set_defaults(chan);
1717
1718 bacpy(&chan->src, &hdev->bdaddr);
1719 chan->src_type = BDADDR_LE_PUBLIC;
1720 chan->state = BT_LISTEN;
1721 chan->mode = L2CAP_MODE_BASIC;
1722 chan->imtu = L2CAP_DEFAULT_MTU;
1723 chan->ops = &smp_root_chan_ops;
1724
1725 hdev->smp_data = chan;
1726
1727 return 0;
1728 }
1729
1730 void smp_unregister(struct hci_dev *hdev)
1731 {
1732 struct l2cap_chan *chan = hdev->smp_data;
1733 struct crypto_blkcipher *tfm_aes;
1734
1735 if (!chan)
1736 return;
1737
1738 BT_DBG("%s chan %p", hdev->name, chan);
1739
1740 tfm_aes = chan->data;
1741 if (tfm_aes) {
1742 chan->data = NULL;
1743 crypto_free_blkcipher(tfm_aes);
1744 }
1745
1746 hdev->smp_data = NULL;
1747 l2cap_chan_put(chan);
1748 }
Linux kernel - Deliverables
This page took 0.069477 seconds and 6 git commands to generate.