2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
35 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
37 /* Keys which are not distributed with Secure Connections */
38 #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
40 #define SMP_TIMEOUT msecs_to_jiffies(30000)
42 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
44 #define KEY_DIST_MASK 0x07
56 struct l2cap_conn
*conn
;
57 struct delayed_work security_timer
;
58 unsigned long allow_cmd
; /* Bitmask of allowed commands */
60 u8 preq
[7]; /* SMP Pairing Request */
61 u8 prsp
[7]; /* SMP Pairing Response */
62 u8 prnd
[16]; /* SMP Pairing Random (local) */
63 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
64 u8 pcnf
[16]; /* SMP Pairing Confirm */
65 u8 tk
[16]; /* SMP Temporary Key */
71 struct smp_csrk
*csrk
;
72 struct smp_csrk
*slave_csrk
;
74 struct smp_ltk
*slave_ltk
;
75 struct smp_irk
*remote_irk
;
78 /* Secure Connections variables */
82 struct crypto_blkcipher
*tfm_aes
;
83 struct crypto_hash
*tfm_cmac
;
86 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
90 for (i
= 0; i
< len
; i
++)
91 dst
[len
- 1 - i
] = src
[i
];
94 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
96 struct blkcipher_desc desc
;
97 struct scatterlist sg
;
98 uint8_t tmp
[16], data
[16];
102 BT_ERR("tfm %p", tfm
);
109 /* The most significant octet of key corresponds to k[0] */
110 swap_buf(k
, tmp
, 16);
112 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
114 BT_ERR("cipher setkey failed: %d", err
);
118 /* Most significant octet of plaintextData corresponds to data[0] */
119 swap_buf(r
, data
, 16);
121 sg_init_one(&sg
, data
, 16);
123 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
125 BT_ERR("Encrypt data error %d", err
);
127 /* Most significant octet of encryptedData corresponds to data[0] */
128 swap_buf(data
, r
, 16);
133 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
138 /* r' = padding || r */
140 memset(_res
+ 3, 0, 13);
142 err
= smp_e(tfm
, irk
, _res
);
144 BT_ERR("Encrypt error");
148 /* The output of the random address function ah is:
149 * ah(h, r) = e(k, r') mod 2^24
150 * The output of the security function e is then truncated to 24 bits
151 * by taking the least significant 24 bits of the output of e as the
154 memcpy(res
, _res
, 3);
159 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
161 struct l2cap_chan
*chan
= hdev
->smp_data
;
162 struct crypto_blkcipher
*tfm
;
166 if (!chan
|| !chan
->data
)
171 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
173 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
177 return !memcmp(bdaddr
->b
, hash
, 3);
180 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
182 struct l2cap_chan
*chan
= hdev
->smp_data
;
183 struct crypto_blkcipher
*tfm
;
186 if (!chan
|| !chan
->data
)
191 get_random_bytes(&rpa
->b
[3], 3);
193 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
194 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
196 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
200 BT_DBG("RPA %pMR", rpa
);
205 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
206 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
207 bdaddr_t
*ra
, u8 res
[16])
214 /* p1 = pres || preq || _rat || _iat */
217 memcpy(p1
+ 2, preq
, 7);
218 memcpy(p1
+ 9, pres
, 7);
220 /* p2 = padding || ia || ra */
222 memcpy(p2
+ 6, ia
, 6);
223 memset(p2
+ 12, 0, 4);
226 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
228 /* res = e(k, res) */
229 err
= smp_e(tfm_aes
, k
, res
);
231 BT_ERR("Encrypt data error");
235 /* res = res XOR p2 */
236 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
238 /* res = e(k, res) */
239 err
= smp_e(tfm_aes
, k
, res
);
241 BT_ERR("Encrypt data error");
246 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
247 u8 r2
[16], u8 _r
[16])
251 /* Just least significant octets from r1 and r2 are considered */
253 memcpy(_r
+ 8, r1
, 8);
255 err
= smp_e(tfm_aes
, k
, _r
);
257 BT_ERR("Encrypt data error");
262 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
264 struct l2cap_chan
*chan
= conn
->smp
;
265 struct smp_chan
*smp
;
272 BT_DBG("code 0x%2.2x", code
);
274 iv
[0].iov_base
= &code
;
277 iv
[1].iov_base
= data
;
280 memset(&msg
, 0, sizeof(msg
));
282 msg
.msg_iov
= (struct iovec
*) &iv
;
285 l2cap_chan_send(chan
, &msg
, 1 + len
);
292 cancel_delayed_work_sync(&smp
->security_timer
);
293 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
296 static u8
authreq_to_seclevel(u8 authreq
)
298 if (authreq
& SMP_AUTH_MITM
) {
299 if (authreq
& SMP_AUTH_SC
)
300 return BT_SECURITY_FIPS
;
302 return BT_SECURITY_HIGH
;
304 return BT_SECURITY_MEDIUM
;
308 static __u8
seclevel_to_authreq(__u8 sec_level
)
311 case BT_SECURITY_FIPS
:
312 case BT_SECURITY_HIGH
:
313 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
314 case BT_SECURITY_MEDIUM
:
315 return SMP_AUTH_BONDING
;
317 return SMP_AUTH_NONE
;
321 static void build_pairing_cmd(struct l2cap_conn
*conn
,
322 struct smp_cmd_pairing
*req
,
323 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
325 struct l2cap_chan
*chan
= conn
->smp
;
326 struct smp_chan
*smp
= chan
->data
;
327 struct hci_conn
*hcon
= conn
->hcon
;
328 struct hci_dev
*hdev
= hcon
->hdev
;
329 u8 local_dist
= 0, remote_dist
= 0;
331 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
332 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
333 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
334 authreq
|= SMP_AUTH_BONDING
;
336 authreq
&= ~SMP_AUTH_BONDING
;
339 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
340 remote_dist
|= SMP_DIST_ID_KEY
;
342 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
343 local_dist
|= SMP_DIST_ID_KEY
;
345 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
)) {
346 if ((authreq
& SMP_AUTH_SC
) &&
347 test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
348 local_dist
|= SMP_DIST_LINK_KEY
;
349 remote_dist
|= SMP_DIST_LINK_KEY
;
352 authreq
&= ~SMP_AUTH_SC
;
356 req
->io_capability
= conn
->hcon
->io_capability
;
357 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
358 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
359 req
->init_key_dist
= local_dist
;
360 req
->resp_key_dist
= remote_dist
;
361 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
363 smp
->remote_key_dist
= remote_dist
;
367 rsp
->io_capability
= conn
->hcon
->io_capability
;
368 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
369 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
370 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
371 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
372 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
374 smp
->remote_key_dist
= rsp
->init_key_dist
;
377 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
379 struct l2cap_chan
*chan
= conn
->smp
;
380 struct smp_chan
*smp
= chan
->data
;
382 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
383 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
384 return SMP_ENC_KEY_SIZE
;
386 smp
->enc_key_size
= max_key_size
;
391 static void smp_chan_destroy(struct l2cap_conn
*conn
)
393 struct l2cap_chan
*chan
= conn
->smp
;
394 struct smp_chan
*smp
= chan
->data
;
399 cancel_delayed_work_sync(&smp
->security_timer
);
401 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
402 mgmt_smp_complete(conn
->hcon
, complete
);
405 kfree(smp
->slave_csrk
);
407 crypto_free_blkcipher(smp
->tfm_aes
);
408 crypto_free_hash(smp
->tfm_cmac
);
410 /* If pairing failed clean up any keys we might have */
413 list_del_rcu(&smp
->ltk
->list
);
414 kfree_rcu(smp
->ltk
, rcu
);
417 if (smp
->slave_ltk
) {
418 list_del_rcu(&smp
->slave_ltk
->list
);
419 kfree_rcu(smp
->slave_ltk
, rcu
);
422 if (smp
->remote_irk
) {
423 list_del_rcu(&smp
->remote_irk
->list
);
424 kfree_rcu(smp
->remote_irk
, rcu
);
430 hci_conn_drop(conn
->hcon
);
433 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
435 struct hci_conn
*hcon
= conn
->hcon
;
436 struct l2cap_chan
*chan
= conn
->smp
;
439 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
442 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
443 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
446 smp_chan_destroy(conn
);
449 #define JUST_WORKS 0x00
450 #define JUST_CFM 0x01
451 #define REQ_PASSKEY 0x02
452 #define CFM_PASSKEY 0x03
456 static const u8 gen_method
[5][5] = {
457 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
458 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
459 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
460 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
461 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
464 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
466 /* If either side has unknown io_caps, use JUST_CFM (which gets
467 * converted later to JUST_WORKS if we're initiators.
469 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
470 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
473 return gen_method
[remote_io
][local_io
];
476 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
477 u8 local_io
, u8 remote_io
)
479 struct hci_conn
*hcon
= conn
->hcon
;
480 struct l2cap_chan
*chan
= conn
->smp
;
481 struct smp_chan
*smp
= chan
->data
;
486 /* Initialize key for JUST WORKS */
487 memset(smp
->tk
, 0, sizeof(smp
->tk
));
488 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
490 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
492 /* If neither side wants MITM, either "just" confirm an incoming
493 * request or use just-works for outgoing ones. The JUST_CFM
494 * will be converted to JUST_WORKS if necessary later in this
495 * function. If either side has MITM look up the method from the
498 if (!(auth
& SMP_AUTH_MITM
))
501 method
= get_auth_method(smp
, local_io
, remote_io
);
503 /* Don't confirm locally initiated pairing attempts */
504 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
507 /* Don't bother user space with no IO capabilities */
508 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
511 /* If Just Works, Continue with Zero TK */
512 if (method
== JUST_WORKS
) {
513 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
517 /* Not Just Works/Confirm results in MITM Authentication */
518 if (method
!= JUST_CFM
) {
519 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
520 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
521 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
524 /* If both devices have Keyoard-Display I/O, the master
525 * Confirms and the slave Enters the passkey.
527 if (method
== OVERLAP
) {
528 if (hcon
->role
== HCI_ROLE_MASTER
)
529 method
= CFM_PASSKEY
;
531 method
= REQ_PASSKEY
;
534 /* Generate random passkey. */
535 if (method
== CFM_PASSKEY
) {
536 memset(smp
->tk
, 0, sizeof(smp
->tk
));
537 get_random_bytes(&passkey
, sizeof(passkey
));
539 put_unaligned_le32(passkey
, smp
->tk
);
540 BT_DBG("PassKey: %d", passkey
);
541 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
544 if (method
== REQ_PASSKEY
)
545 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
546 hcon
->type
, hcon
->dst_type
);
547 else if (method
== JUST_CFM
)
548 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
549 hcon
->type
, hcon
->dst_type
,
552 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
553 hcon
->type
, hcon
->dst_type
,
559 static u8
smp_confirm(struct smp_chan
*smp
)
561 struct l2cap_conn
*conn
= smp
->conn
;
562 struct smp_cmd_pairing_confirm cp
;
565 BT_DBG("conn %p", conn
);
567 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
568 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
569 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
572 return SMP_UNSPECIFIED
;
574 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
576 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
579 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
581 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
586 static u8
smp_random(struct smp_chan
*smp
)
588 struct l2cap_conn
*conn
= smp
->conn
;
589 struct hci_conn
*hcon
= conn
->hcon
;
593 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
594 return SMP_UNSPECIFIED
;
596 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
598 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
599 hcon
->init_addr_type
, &hcon
->init_addr
,
600 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
602 return SMP_UNSPECIFIED
;
604 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
605 BT_ERR("Pairing failed (confirmation values mismatch)");
606 return SMP_CONFIRM_FAILED
;
614 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
616 memset(stk
+ smp
->enc_key_size
, 0,
617 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
619 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
620 return SMP_UNSPECIFIED
;
622 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
623 hcon
->enc_key_size
= smp
->enc_key_size
;
624 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
630 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
633 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
635 memset(stk
+ smp
->enc_key_size
, 0,
636 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
638 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
643 /* Even though there's no _SLAVE suffix this is the
644 * slave STK we're adding for later lookup (the master
645 * STK never needs to be stored).
647 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
648 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
654 static void smp_notify_keys(struct l2cap_conn
*conn
)
656 struct l2cap_chan
*chan
= conn
->smp
;
657 struct smp_chan
*smp
= chan
->data
;
658 struct hci_conn
*hcon
= conn
->hcon
;
659 struct hci_dev
*hdev
= hcon
->hdev
;
660 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
661 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
664 if (smp
->remote_irk
) {
665 mgmt_new_irk(hdev
, smp
->remote_irk
);
666 /* Now that user space can be considered to know the
667 * identity address track the connection based on it
670 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
671 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
672 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
674 /* When receiving an indentity resolving key for
675 * a remote device that does not use a resolvable
676 * private address, just remove the key so that
677 * it is possible to use the controller white
680 * Userspace will have been told to not store
681 * this key at this point. So it is safe to
684 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
685 list_del_rcu(&smp
->remote_irk
->list
);
686 kfree_rcu(smp
->remote_irk
, rcu
);
687 smp
->remote_irk
= NULL
;
691 /* The LTKs and CSRKs should be persistent only if both sides
692 * had the bonding bit set in their authentication requests.
694 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
697 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
698 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
699 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
702 if (smp
->slave_csrk
) {
703 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
704 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
705 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
709 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
710 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
711 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
714 if (smp
->slave_ltk
) {
715 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
716 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
717 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
721 static void smp_allow_key_dist(struct smp_chan
*smp
)
723 /* Allow the first expected phase 3 PDU. The rest of the PDUs
724 * will be allowed in each PDU handler to ensure we receive
725 * them in the correct order.
727 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
728 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
729 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
730 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
731 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
732 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
735 static void smp_distribute_keys(struct smp_chan
*smp
)
737 struct smp_cmd_pairing
*req
, *rsp
;
738 struct l2cap_conn
*conn
= smp
->conn
;
739 struct hci_conn
*hcon
= conn
->hcon
;
740 struct hci_dev
*hdev
= hcon
->hdev
;
743 BT_DBG("conn %p", conn
);
745 rsp
= (void *) &smp
->prsp
[1];
747 /* The responder sends its keys first */
748 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
749 smp_allow_key_dist(smp
);
753 req
= (void *) &smp
->preq
[1];
756 keydist
= &rsp
->init_key_dist
;
757 *keydist
&= req
->init_key_dist
;
759 keydist
= &rsp
->resp_key_dist
;
760 *keydist
&= req
->resp_key_dist
;
763 BT_DBG("keydist 0x%x", *keydist
);
765 if (*keydist
& SMP_DIST_ENC_KEY
) {
766 struct smp_cmd_encrypt_info enc
;
767 struct smp_cmd_master_ident ident
;
773 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
774 get_random_bytes(&ediv
, sizeof(ediv
));
775 get_random_bytes(&rand
, sizeof(rand
));
777 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
779 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
780 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
781 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
782 smp
->enc_key_size
, ediv
, rand
);
783 smp
->slave_ltk
= ltk
;
788 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
790 *keydist
&= ~SMP_DIST_ENC_KEY
;
793 if (*keydist
& SMP_DIST_ID_KEY
) {
794 struct smp_cmd_ident_addr_info addrinfo
;
795 struct smp_cmd_ident_info idinfo
;
797 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
799 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
801 /* The hci_conn contains the local identity address
802 * after the connection has been established.
804 * This is true even when the connection has been
805 * established using a resolvable random address.
807 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
808 addrinfo
.addr_type
= hcon
->src_type
;
810 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
813 *keydist
&= ~SMP_DIST_ID_KEY
;
816 if (*keydist
& SMP_DIST_SIGN
) {
817 struct smp_cmd_sign_info sign
;
818 struct smp_csrk
*csrk
;
820 /* Generate a new random key */
821 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
823 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
826 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
828 smp
->slave_csrk
= csrk
;
830 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
832 *keydist
&= ~SMP_DIST_SIGN
;
835 /* If there are still keys to be received wait for them */
836 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
837 smp_allow_key_dist(smp
);
841 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
842 smp_notify_keys(conn
);
844 smp_chan_destroy(conn
);
847 static void smp_timeout(struct work_struct
*work
)
849 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
850 security_timer
.work
);
851 struct l2cap_conn
*conn
= smp
->conn
;
853 BT_DBG("conn %p", conn
);
855 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
858 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
860 struct l2cap_chan
*chan
= conn
->smp
;
861 struct smp_chan
*smp
;
863 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
867 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
868 if (IS_ERR(smp
->tfm_aes
)) {
869 BT_ERR("Unable to create ECB crypto context");
874 smp
->tfm_cmac
= crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC
);
875 if (IS_ERR(smp
->tfm_cmac
)) {
876 BT_ERR("Unable to create CMAC crypto context");
877 crypto_free_blkcipher(smp
->tfm_aes
);
885 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
887 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
889 hci_conn_hold(conn
->hcon
);
894 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
896 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
897 struct l2cap_chan
*chan
;
898 struct smp_chan
*smp
;
911 l2cap_chan_lock(chan
);
920 case MGMT_OP_USER_PASSKEY_REPLY
:
921 value
= le32_to_cpu(passkey
);
922 memset(smp
->tk
, 0, sizeof(smp
->tk
));
923 BT_DBG("PassKey: %d", value
);
924 put_unaligned_le32(value
, smp
->tk
);
926 case MGMT_OP_USER_CONFIRM_REPLY
:
927 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
929 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
930 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
931 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
935 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
942 /* If it is our turn to send Pairing Confirm, do so now */
943 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
944 u8 rsp
= smp_confirm(smp
);
946 smp_failure(conn
, rsp
);
950 l2cap_chan_unlock(chan
);
954 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
956 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
957 struct l2cap_chan
*chan
= conn
->smp
;
958 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
959 struct smp_chan
*smp
;
960 u8 key_size
, auth
, sec_level
;
963 BT_DBG("conn %p", conn
);
965 if (skb
->len
< sizeof(*req
))
966 return SMP_INVALID_PARAMS
;
968 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
969 return SMP_CMD_NOTSUPP
;
972 smp
= smp_chan_create(conn
);
977 return SMP_UNSPECIFIED
;
979 /* We didn't start the pairing, so match remote */
980 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
982 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
983 (auth
& SMP_AUTH_BONDING
))
984 return SMP_PAIRING_NOTSUPP
;
986 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
987 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
988 skb_pull(skb
, sizeof(*req
));
990 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
991 sec_level
= BT_SECURITY_MEDIUM
;
993 sec_level
= authreq_to_seclevel(auth
);
995 if (sec_level
> conn
->hcon
->pending_sec_level
)
996 conn
->hcon
->pending_sec_level
= sec_level
;
998 /* If we need MITM check that it can be achieved */
999 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1002 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
1003 req
->io_capability
);
1004 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1005 return SMP_AUTH_REQUIREMENTS
;
1008 build_pairing_cmd(conn
, req
, &rsp
, auth
);
1010 if (rsp
.auth_req
& SMP_AUTH_SC
)
1011 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1013 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
1014 if (check_enc_key_size(conn
, key_size
))
1015 return SMP_ENC_KEY_SIZE
;
1017 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1019 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1020 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
1022 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
1024 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1026 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1027 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1028 /* Clear bits which are generated but not distributed */
1029 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1030 /* Wait for Public Key from Initiating Device */
1033 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
1036 /* Request setup of TK */
1037 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1039 return SMP_UNSPECIFIED
;
1044 static u8
sc_send_public_key(struct smp_chan
*smp
)
1048 /* Generate local key pair for Secure Connections */
1049 if (!ecc_make_key(smp
->local_pk
, smp
->local_sk
))
1050 return SMP_UNSPECIFIED
;
1052 BT_DBG("Local Public Key X: %32phN", smp
->local_pk
);
1053 BT_DBG("Local Public Key Y: %32phN", &smp
->local_pk
[32]);
1054 BT_DBG("Local Private Key: %32phN", smp
->local_sk
);
1056 smp_send_cmd(smp
->conn
, SMP_CMD_PUBLIC_KEY
, 64, smp
->local_pk
);
1061 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1063 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1064 struct l2cap_chan
*chan
= conn
->smp
;
1065 struct smp_chan
*smp
= chan
->data
;
1066 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1070 BT_DBG("conn %p", conn
);
1072 if (skb
->len
< sizeof(*rsp
))
1073 return SMP_INVALID_PARAMS
;
1075 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1076 return SMP_CMD_NOTSUPP
;
1078 skb_pull(skb
, sizeof(*rsp
));
1080 req
= (void *) &smp
->preq
[1];
1082 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1083 if (check_enc_key_size(conn
, key_size
))
1084 return SMP_ENC_KEY_SIZE
;
1086 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1088 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1089 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1090 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1091 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1093 /* If we need MITM check that it can be achieved */
1094 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1097 method
= get_auth_method(smp
, req
->io_capability
,
1098 rsp
->io_capability
);
1099 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1100 return SMP_AUTH_REQUIREMENTS
;
1103 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1105 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1106 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1108 /* Update remote key distribution in case the remote cleared
1109 * some bits that we had enabled in our request.
1111 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1113 if (test_bit(SMP_FLAG_SC
, &smp
->flags
)) {
1114 /* Clear bits which are generated but not distributed */
1115 smp
->remote_key_dist
&= ~SMP_SC_NO_DIST
;
1116 SMP_ALLOW_CMD(smp
, SMP_CMD_PUBLIC_KEY
);
1117 return sc_send_public_key(smp
);
1120 auth
|= req
->auth_req
;
1122 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1124 return SMP_UNSPECIFIED
;
1126 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1128 /* Can't compose response until we have been confirmed */
1129 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1130 return smp_confirm(smp
);
1135 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1137 struct l2cap_chan
*chan
= conn
->smp
;
1138 struct smp_chan
*smp
= chan
->data
;
1140 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1142 if (skb
->len
< sizeof(smp
->pcnf
))
1143 return SMP_INVALID_PARAMS
;
1145 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1146 skb_pull(skb
, sizeof(smp
->pcnf
));
1148 if (conn
->hcon
->out
) {
1149 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1151 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1155 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1156 return smp_confirm(smp
);
1158 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1163 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1165 struct l2cap_chan
*chan
= conn
->smp
;
1166 struct smp_chan
*smp
= chan
->data
;
1168 BT_DBG("conn %p", conn
);
1170 if (skb
->len
< sizeof(smp
->rrnd
))
1171 return SMP_INVALID_PARAMS
;
1173 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1174 skb_pull(skb
, sizeof(smp
->rrnd
));
1176 return smp_random(smp
);
1179 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1181 struct smp_ltk
*key
;
1182 struct hci_conn
*hcon
= conn
->hcon
;
1184 key
= hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
);
1188 if (smp_ltk_sec_level(key
) < sec_level
)
1191 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1194 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1195 hcon
->enc_key_size
= key
->enc_size
;
1197 /* We never store STKs for master role, so clear this flag */
1198 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1203 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
1204 enum smp_key_pref key_pref
)
1206 if (sec_level
== BT_SECURITY_LOW
)
1209 /* If we're encrypted with an STK but the caller prefers using
1210 * LTK claim insufficient security. This way we allow the
1211 * connection to be re-encrypted with an LTK, even if the LTK
1212 * provides the same level of security. Only exception is if we
1213 * don't have an LTK (e.g. because of key distribution bits).
1215 if (key_pref
== SMP_USE_LTK
&&
1216 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1217 hci_find_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
, hcon
->role
))
1220 if (hcon
->sec_level
>= sec_level
)
1226 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1228 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1229 struct smp_cmd_pairing cp
;
1230 struct hci_conn
*hcon
= conn
->hcon
;
1231 struct hci_dev
*hdev
= hcon
->hdev
;
1232 struct smp_chan
*smp
;
1235 BT_DBG("conn %p", conn
);
1237 if (skb
->len
< sizeof(*rp
))
1238 return SMP_INVALID_PARAMS
;
1240 if (hcon
->role
!= HCI_ROLE_MASTER
)
1241 return SMP_CMD_NOTSUPP
;
1243 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
1245 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1246 sec_level
= BT_SECURITY_MEDIUM
;
1248 sec_level
= authreq_to_seclevel(auth
);
1250 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1253 if (sec_level
> hcon
->pending_sec_level
)
1254 hcon
->pending_sec_level
= sec_level
;
1256 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1259 smp
= smp_chan_create(conn
);
1261 return SMP_UNSPECIFIED
;
1263 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1264 (auth
& SMP_AUTH_BONDING
))
1265 return SMP_PAIRING_NOTSUPP
;
1267 skb_pull(skb
, sizeof(*rp
));
1269 memset(&cp
, 0, sizeof(cp
));
1270 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1272 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1273 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1275 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1276 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1281 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1283 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1284 struct l2cap_chan
*chan
;
1285 struct smp_chan
*smp
;
1289 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1291 /* This may be NULL if there's an unexpected disconnection */
1297 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1300 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1303 if (sec_level
> hcon
->pending_sec_level
)
1304 hcon
->pending_sec_level
= sec_level
;
1306 if (hcon
->role
== HCI_ROLE_MASTER
)
1307 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1310 l2cap_chan_lock(chan
);
1312 /* If SMP is already in progress ignore this request */
1318 smp
= smp_chan_create(conn
);
1324 authreq
= seclevel_to_authreq(sec_level
);
1326 if (test_bit(HCI_SC_ENABLED
, &hcon
->hdev
->dev_flags
))
1327 authreq
|= SMP_AUTH_SC
;
1329 /* Require MITM if IO Capability allows or the security level
1332 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1333 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1334 authreq
|= SMP_AUTH_MITM
;
1336 if (hcon
->role
== HCI_ROLE_MASTER
) {
1337 struct smp_cmd_pairing cp
;
1339 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1340 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1341 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1343 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1344 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1346 struct smp_cmd_security_req cp
;
1347 cp
.auth_req
= authreq
;
1348 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1349 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1352 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1356 l2cap_chan_unlock(chan
);
1360 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1362 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1363 struct l2cap_chan
*chan
= conn
->smp
;
1364 struct smp_chan
*smp
= chan
->data
;
1366 BT_DBG("conn %p", conn
);
1368 if (skb
->len
< sizeof(*rp
))
1369 return SMP_INVALID_PARAMS
;
1371 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1373 skb_pull(skb
, sizeof(*rp
));
1375 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1380 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1382 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1383 struct l2cap_chan
*chan
= conn
->smp
;
1384 struct smp_chan
*smp
= chan
->data
;
1385 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1386 struct hci_conn
*hcon
= conn
->hcon
;
1387 struct smp_ltk
*ltk
;
1390 BT_DBG("conn %p", conn
);
1392 if (skb
->len
< sizeof(*rp
))
1393 return SMP_INVALID_PARAMS
;
1395 /* Mark the information as received */
1396 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1398 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1399 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1400 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1401 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1403 skb_pull(skb
, sizeof(*rp
));
1405 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1406 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1407 authenticated
, smp
->tk
, smp
->enc_key_size
,
1408 rp
->ediv
, rp
->rand
);
1410 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1411 smp_distribute_keys(smp
);
1416 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1418 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1419 struct l2cap_chan
*chan
= conn
->smp
;
1420 struct smp_chan
*smp
= chan
->data
;
1424 if (skb
->len
< sizeof(*info
))
1425 return SMP_INVALID_PARAMS
;
1427 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1429 skb_pull(skb
, sizeof(*info
));
1431 memcpy(smp
->irk
, info
->irk
, 16);
1436 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1437 struct sk_buff
*skb
)
1439 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1440 struct l2cap_chan
*chan
= conn
->smp
;
1441 struct smp_chan
*smp
= chan
->data
;
1442 struct hci_conn
*hcon
= conn
->hcon
;
1447 if (skb
->len
< sizeof(*info
))
1448 return SMP_INVALID_PARAMS
;
1450 /* Mark the information as received */
1451 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1453 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1454 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1456 skb_pull(skb
, sizeof(*info
));
1458 /* Strictly speaking the Core Specification (4.1) allows sending
1459 * an empty address which would force us to rely on just the IRK
1460 * as "identity information". However, since such
1461 * implementations are not known of and in order to not over
1462 * complicate our implementation, simply pretend that we never
1463 * received an IRK for such a device.
1465 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1466 BT_ERR("Ignoring IRK with no identity address");
1470 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1471 smp
->id_addr_type
= info
->addr_type
;
1473 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1474 bacpy(&rpa
, &hcon
->dst
);
1476 bacpy(&rpa
, BDADDR_ANY
);
1478 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1479 smp
->id_addr_type
, smp
->irk
, &rpa
);
1482 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1483 smp_distribute_keys(smp
);
1488 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1490 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1491 struct l2cap_chan
*chan
= conn
->smp
;
1492 struct smp_chan
*smp
= chan
->data
;
1493 struct smp_csrk
*csrk
;
1495 BT_DBG("conn %p", conn
);
1497 if (skb
->len
< sizeof(*rp
))
1498 return SMP_INVALID_PARAMS
;
1500 /* Mark the information as received */
1501 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1503 skb_pull(skb
, sizeof(*rp
));
1505 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1507 csrk
->master
= 0x01;
1508 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1511 smp_distribute_keys(smp
);
1516 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1518 struct l2cap_conn
*conn
= chan
->conn
;
1519 struct hci_conn
*hcon
= conn
->hcon
;
1520 struct smp_chan
*smp
;
1524 if (hcon
->type
!= LE_LINK
) {
1532 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1533 reason
= SMP_PAIRING_NOTSUPP
;
1537 code
= skb
->data
[0];
1538 skb_pull(skb
, sizeof(code
));
1542 if (code
> SMP_CMD_MAX
)
1545 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
1548 /* If we don't have a context the only allowed commands are
1549 * pairing request and security request.
1551 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1555 case SMP_CMD_PAIRING_REQ
:
1556 reason
= smp_cmd_pairing_req(conn
, skb
);
1559 case SMP_CMD_PAIRING_FAIL
:
1560 smp_failure(conn
, 0);
1564 case SMP_CMD_PAIRING_RSP
:
1565 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1568 case SMP_CMD_SECURITY_REQ
:
1569 reason
= smp_cmd_security_req(conn
, skb
);
1572 case SMP_CMD_PAIRING_CONFIRM
:
1573 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1576 case SMP_CMD_PAIRING_RANDOM
:
1577 reason
= smp_cmd_pairing_random(conn
, skb
);
1580 case SMP_CMD_ENCRYPT_INFO
:
1581 reason
= smp_cmd_encrypt_info(conn
, skb
);
1584 case SMP_CMD_MASTER_IDENT
:
1585 reason
= smp_cmd_master_ident(conn
, skb
);
1588 case SMP_CMD_IDENT_INFO
:
1589 reason
= smp_cmd_ident_info(conn
, skb
);
1592 case SMP_CMD_IDENT_ADDR_INFO
:
1593 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1596 case SMP_CMD_SIGN_INFO
:
1597 reason
= smp_cmd_sign_info(conn
, skb
);
1601 BT_DBG("Unknown command code 0x%2.2x", code
);
1602 reason
= SMP_CMD_NOTSUPP
;
1609 smp_failure(conn
, reason
);
1616 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1622 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1624 struct l2cap_conn
*conn
= chan
->conn
;
1626 BT_DBG("chan %p", chan
);
1629 smp_chan_destroy(conn
);
1632 l2cap_chan_put(chan
);
1635 static void smp_resume_cb(struct l2cap_chan
*chan
)
1637 struct smp_chan
*smp
= chan
->data
;
1638 struct l2cap_conn
*conn
= chan
->conn
;
1639 struct hci_conn
*hcon
= conn
->hcon
;
1641 BT_DBG("chan %p", chan
);
1646 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1649 cancel_delayed_work(&smp
->security_timer
);
1651 smp_distribute_keys(smp
);
1654 static void smp_ready_cb(struct l2cap_chan
*chan
)
1656 struct l2cap_conn
*conn
= chan
->conn
;
1658 BT_DBG("chan %p", chan
);
1661 l2cap_chan_hold(chan
);
1664 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1668 BT_DBG("chan %p", chan
);
1670 err
= smp_sig_channel(chan
, skb
);
1672 struct smp_chan
*smp
= chan
->data
;
1675 cancel_delayed_work_sync(&smp
->security_timer
);
1677 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1683 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1684 unsigned long hdr_len
,
1685 unsigned long len
, int nb
)
1687 struct sk_buff
*skb
;
1689 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1691 return ERR_PTR(-ENOMEM
);
1693 skb
->priority
= HCI_PRIO_MAX
;
1694 bt_cb(skb
)->chan
= chan
;
1699 static const struct l2cap_ops smp_chan_ops
= {
1700 .name
= "Security Manager",
1701 .ready
= smp_ready_cb
,
1702 .recv
= smp_recv_cb
,
1703 .alloc_skb
= smp_alloc_skb_cb
,
1704 .teardown
= smp_teardown_cb
,
1705 .resume
= smp_resume_cb
,
1707 .new_connection
= l2cap_chan_no_new_connection
,
1708 .state_change
= l2cap_chan_no_state_change
,
1709 .close
= l2cap_chan_no_close
,
1710 .defer
= l2cap_chan_no_defer
,
1711 .suspend
= l2cap_chan_no_suspend
,
1712 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1713 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1714 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1717 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1719 struct l2cap_chan
*chan
;
1721 BT_DBG("pchan %p", pchan
);
1723 chan
= l2cap_chan_create();
1727 chan
->chan_type
= pchan
->chan_type
;
1728 chan
->ops
= &smp_chan_ops
;
1729 chan
->scid
= pchan
->scid
;
1730 chan
->dcid
= chan
->scid
;
1731 chan
->imtu
= pchan
->imtu
;
1732 chan
->omtu
= pchan
->omtu
;
1733 chan
->mode
= pchan
->mode
;
1735 /* Other L2CAP channels may request SMP routines in order to
1736 * change the security level. This means that the SMP channel
1737 * lock must be considered in its own category to avoid lockdep
1740 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
1742 BT_DBG("created chan %p", chan
);
1747 static const struct l2cap_ops smp_root_chan_ops
= {
1748 .name
= "Security Manager Root",
1749 .new_connection
= smp_new_conn_cb
,
1751 /* None of these are implemented for the root channel */
1752 .close
= l2cap_chan_no_close
,
1753 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1754 .recv
= l2cap_chan_no_recv
,
1755 .state_change
= l2cap_chan_no_state_change
,
1756 .teardown
= l2cap_chan_no_teardown
,
1757 .ready
= l2cap_chan_no_ready
,
1758 .defer
= l2cap_chan_no_defer
,
1759 .suspend
= l2cap_chan_no_suspend
,
1760 .resume
= l2cap_chan_no_resume
,
1761 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1762 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1763 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1766 int smp_register(struct hci_dev
*hdev
)
1768 struct l2cap_chan
*chan
;
1769 struct crypto_blkcipher
*tfm_aes
;
1771 BT_DBG("%s", hdev
->name
);
1773 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1774 if (IS_ERR(tfm_aes
)) {
1775 int err
= PTR_ERR(tfm_aes
);
1776 BT_ERR("Unable to create crypto context");
1780 chan
= l2cap_chan_create();
1782 crypto_free_blkcipher(tfm_aes
);
1786 chan
->data
= tfm_aes
;
1788 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1790 l2cap_chan_set_defaults(chan
);
1792 bacpy(&chan
->src
, &hdev
->bdaddr
);
1793 chan
->src_type
= BDADDR_LE_PUBLIC
;
1794 chan
->state
= BT_LISTEN
;
1795 chan
->mode
= L2CAP_MODE_BASIC
;
1796 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1797 chan
->ops
= &smp_root_chan_ops
;
1799 /* Set correct nesting level for a parent/listening channel */
1800 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
1802 hdev
->smp_data
= chan
;
1807 void smp_unregister(struct hci_dev
*hdev
)
1809 struct l2cap_chan
*chan
= hdev
->smp_data
;
1810 struct crypto_blkcipher
*tfm_aes
;
1815 BT_DBG("%s chan %p", hdev
->name
, chan
);
1817 tfm_aes
= chan
->data
;
1820 crypto_free_blkcipher(tfm_aes
);
1823 hdev
->smp_data
= NULL
;
1824 l2cap_chan_put(chan
);