projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Trigger SMP for the appropriate LE CoC errors
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
196 bdaddr_t *ra, u8 res[16])
197 {
198 u8 p1[16], p2[16];
199 int err;
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
236 u8 r2[16], u8 _r[16])
237 {
238 int err;
239
240 /* Just least significant octets from r1 and r2 are considered */
241 memcpy(_r, r2, 8);
242 memcpy(_r + 8, r1, 8);
243
244 err = smp_e(tfm_aes, k, _r);
245 if (err)
246 BT_ERR("Encrypt data error");
247
248 return err;
249 }
250
251 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252 {
253 struct l2cap_chan *chan = conn->smp;
254 struct smp_chan *smp;
255 struct kvec iv[2];
256 struct msghdr msg;
257
258 if (!chan)
259 return;
260
261 BT_DBG("code 0x%2.2x", code);
262
263 iv[0].iov_base = &code;
264 iv[0].iov_len = 1;
265
266 iv[1].iov_base = data;
267 iv[1].iov_len = len;
268
269 memset(&msg, 0, sizeof(msg));
270
271 msg.msg_iov = (struct iovec *) &iv;
272 msg.msg_iovlen = 2;
273
274 l2cap_chan_send(chan, &msg, 1 + len);
275
276 if (!chan->data)
277 return;
278
279 smp = chan->data;
280
281 cancel_delayed_work_sync(&smp->security_timer);
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283 }
284
285 static __u8 authreq_to_seclevel(__u8 authreq)
286 {
287 if (authreq & SMP_AUTH_MITM)
288 return BT_SECURITY_HIGH;
289 else
290 return BT_SECURITY_MEDIUM;
291 }
292
293 static __u8 seclevel_to_authreq(__u8 sec_level)
294 {
295 switch (sec_level) {
296 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM:
299 return SMP_AUTH_BONDING;
300 default:
301 return SMP_AUTH_NONE;
302 }
303 }
304
305 static void build_pairing_cmd(struct l2cap_conn *conn,
306 struct smp_cmd_pairing *req,
307 struct smp_cmd_pairing *rsp, __u8 authreq)
308 {
309 struct l2cap_chan *chan = conn->smp;
310 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0;
314
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
317 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
318 authreq |= SMP_AUTH_BONDING;
319 } else {
320 authreq &= ~SMP_AUTH_BONDING;
321 }
322
323 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
324 remote_dist |= SMP_DIST_ID_KEY;
325
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY;
328
329 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK);
336
337 smp->remote_key_dist = remote_dist;
338 return;
339 }
340
341 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK);
347
348 smp->remote_key_dist = rsp->init_key_dist;
349 }
350
351 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
352 {
353 struct l2cap_chan *chan = conn->smp;
354 struct smp_chan *smp = chan->data;
355
356 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
357 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
358 return SMP_ENC_KEY_SIZE;
359
360 smp->enc_key_size = max_key_size;
361
362 return 0;
363 }
364
365 static void smp_chan_destroy(struct l2cap_conn *conn)
366 {
367 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data;
369 bool complete;
370
371 BUG_ON(!smp);
372
373 cancel_delayed_work_sync(&smp->security_timer);
374
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete);
377
378 kfree(smp->csrk);
379 kfree(smp->slave_csrk);
380
381 crypto_free_blkcipher(smp->tfm_aes);
382
383 /* If pairing failed clean up any keys we might have */
384 if (!complete) {
385 if (smp->ltk) {
386 list_del(&smp->ltk->list);
387 kfree(smp->ltk);
388 }
389
390 if (smp->slave_ltk) {
391 list_del(&smp->slave_ltk->list);
392 kfree(smp->slave_ltk);
393 }
394
395 if (smp->remote_irk) {
396 list_del(&smp->remote_irk->list);
397 kfree(smp->remote_irk);
398 }
399 }
400
401 chan->data = NULL;
402 kfree(smp);
403 hci_conn_drop(conn->hcon);
404 }
405
406 static void smp_failure(struct l2cap_conn *conn, u8 reason)
407 {
408 struct hci_conn *hcon = conn->hcon;
409 struct l2cap_chan *chan = conn->smp;
410
411 if (reason)
412 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
413 &reason);
414
415 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
416 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
417
418 if (chan->data)
419 smp_chan_destroy(conn);
420 }
421
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
426 #define REQ_OOB 0x04
427 #define OVERLAP 0xFF
428
429 static const u8 gen_method[5][5] = {
430 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
431 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
432 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
433 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435 };
436
437 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438 {
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
441 */
442 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
443 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM;
445
446 return gen_method[remote_io][local_io];
447 }
448
449 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
450 u8 local_io, u8 remote_io)
451 {
452 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0;
457 int ret = 0;
458
459 /* Initialize key for JUST WORKS */
460 memset(smp->tk, 0, sizeof(smp->tk));
461 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
462
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
464
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
469 * table.
470 */
471 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM;
473 else
474 method = get_auth_method(smp, local_io, remote_io);
475
476 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
478 method = JUST_WORKS;
479
480 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
482 method = JUST_WORKS;
483
484 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0;
488 }
489
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH;
495 }
496
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
499 */
500 if (method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY;
503 else
504 method = REQ_PASSKEY;
505 }
506
507 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000;
512 put_unaligned_le32(passkey, smp->tk);
513 BT_DBG("PassKey: %d", passkey);
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 }
516
517 if (method == REQ_PASSKEY)
518 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
519 hcon->type, hcon->dst_type);
520 else if (method == JUST_CFM)
521 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type,
523 passkey, 1);
524 else
525 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
526 hcon->type, hcon->dst_type,
527 passkey, 0);
528
529 return ret;
530 }
531
532 static u8 smp_confirm(struct smp_chan *smp)
533 {
534 struct l2cap_conn *conn = smp->conn;
535 struct smp_cmd_pairing_confirm cp;
536 int ret;
537
538 BT_DBG("conn %p", conn);
539
540 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
541 conn->hcon->init_addr_type, &conn->hcon->init_addr,
542 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
543 cp.confirm_val);
544 if (ret)
545 return SMP_UNSPECIFIED;
546
547 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
548
549 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
550
551 if (conn->hcon->out)
552 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
553 else
554 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
555
556 return 0;
557 }
558
559 static u8 smp_random(struct smp_chan *smp)
560 {
561 struct l2cap_conn *conn = smp->conn;
562 struct hci_conn *hcon = conn->hcon;
563 u8 confirm[16];
564 int ret;
565
566 if (IS_ERR_OR_NULL(smp->tfm_aes))
567 return SMP_UNSPECIFIED;
568
569 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
570
571 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
572 hcon->init_addr_type, &hcon->init_addr,
573 hcon->resp_addr_type, &hcon->resp_addr, confirm);
574 if (ret)
575 return SMP_UNSPECIFIED;
576
577 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED;
580 }
581
582 if (hcon->out) {
583 u8 stk[16];
584 __le64 rand = 0;
585 __le16 ediv = 0;
586
587 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
588
589 memset(stk + smp->enc_key_size, 0,
590 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
591
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
593 return SMP_UNSPECIFIED;
594
595 hci_le_start_enc(hcon, ediv, rand, stk);
596 hcon->enc_key_size = smp->enc_key_size;
597 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
598 } else {
599 u8 stk[16], auth;
600 __le64 rand = 0;
601 __le16 ediv = 0;
602
603 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
604 smp->prnd);
605
606 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
607
608 memset(stk + smp->enc_key_size, 0,
609 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
610
611 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
612 auth = 1;
613 else
614 auth = 0;
615
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
619 */
620 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
621 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
622 }
623
624 return 0;
625 }
626
627 static void smp_notify_keys(struct l2cap_conn *conn)
628 {
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 struct hci_conn *hcon = conn->hcon;
632 struct hci_dev *hdev = hcon->hdev;
633 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
634 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
635 bool persistent;
636
637 if (smp->remote_irk) {
638 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
641 * from now on.
642 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
644 hcon->dst_type = smp->remote_irk->addr_type;
645 queue_work(hdev->workqueue, &conn->id_addr_update_work);
646
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
651 * list for scanning.
652 *
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
655 * just remove it.
656 */
657 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
658 list_del(&smp->remote_irk->list);
659 kfree(smp->remote_irk);
660 smp->remote_irk = NULL;
661 }
662 }
663
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
666 */
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
668
669 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type;
671 bacpy(&smp->csrk->bdaddr, &hcon->dst);
672 mgmt_new_csrk(hdev, smp->csrk, persistent);
673 }
674
675 if (smp->slave_csrk) {
676 smp->slave_csrk->bdaddr_type = hcon->dst_type;
677 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
678 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
679 }
680
681 if (smp->ltk) {
682 smp->ltk->bdaddr_type = hcon->dst_type;
683 bacpy(&smp->ltk->bdaddr, &hcon->dst);
684 mgmt_new_ltk(hdev, smp->ltk, persistent);
685 }
686
687 if (smp->slave_ltk) {
688 smp->slave_ltk->bdaddr_type = hcon->dst_type;
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 }
692 }
693
694 static void smp_allow_key_dist(struct smp_chan *smp)
695 {
696 /* Allow the first expected phase 3 PDU. The rest of the PDUs
697 * will be allowed in each PDU handler to ensure we receive
698 * them in the correct order.
699 */
700 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
701 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
702 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
703 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
704 else if (smp->remote_key_dist & SMP_DIST_SIGN)
705 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
706 }
707
708 static void smp_distribute_keys(struct smp_chan *smp)
709 {
710 struct smp_cmd_pairing *req, *rsp;
711 struct l2cap_conn *conn = smp->conn;
712 struct hci_conn *hcon = conn->hcon;
713 struct hci_dev *hdev = hcon->hdev;
714 __u8 *keydist;
715
716 BT_DBG("conn %p", conn);
717
718 rsp = (void *) &smp->prsp[1];
719
720 /* The responder sends its keys first */
721 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
722 smp_allow_key_dist(smp);
723 return;
724 }
725
726 req = (void *) &smp->preq[1];
727
728 if (hcon->out) {
729 keydist = &rsp->init_key_dist;
730 *keydist &= req->init_key_dist;
731 } else {
732 keydist = &rsp->resp_key_dist;
733 *keydist &= req->resp_key_dist;
734 }
735
736 BT_DBG("keydist 0x%x", *keydist);
737
738 if (*keydist & SMP_DIST_ENC_KEY) {
739 struct smp_cmd_encrypt_info enc;
740 struct smp_cmd_master_ident ident;
741 struct smp_ltk *ltk;
742 u8 authenticated;
743 __le16 ediv;
744 __le64 rand;
745
746 get_random_bytes(enc.ltk, sizeof(enc.ltk));
747 get_random_bytes(&ediv, sizeof(ediv));
748 get_random_bytes(&rand, sizeof(rand));
749
750 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
751
752 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
753 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
754 SMP_LTK_SLAVE, authenticated, enc.ltk,
755 smp->enc_key_size, ediv, rand);
756 smp->slave_ltk = ltk;
757
758 ident.ediv = ediv;
759 ident.rand = rand;
760
761 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
762
763 *keydist &= ~SMP_DIST_ENC_KEY;
764 }
765
766 if (*keydist & SMP_DIST_ID_KEY) {
767 struct smp_cmd_ident_addr_info addrinfo;
768 struct smp_cmd_ident_info idinfo;
769
770 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
771
772 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
773
774 /* The hci_conn contains the local identity address
775 * after the connection has been established.
776 *
777 * This is true even when the connection has been
778 * established using a resolvable random address.
779 */
780 bacpy(&addrinfo.bdaddr, &hcon->src);
781 addrinfo.addr_type = hcon->src_type;
782
783 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
784 &addrinfo);
785
786 *keydist &= ~SMP_DIST_ID_KEY;
787 }
788
789 if (*keydist & SMP_DIST_SIGN) {
790 struct smp_cmd_sign_info sign;
791 struct smp_csrk *csrk;
792
793 /* Generate a new random key */
794 get_random_bytes(sign.csrk, sizeof(sign.csrk));
795
796 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
797 if (csrk) {
798 csrk->master = 0x00;
799 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
800 }
801 smp->slave_csrk = csrk;
802
803 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
804
805 *keydist &= ~SMP_DIST_SIGN;
806 }
807
808 /* If there are still keys to be received wait for them */
809 if (smp->remote_key_dist & KEY_DIST_MASK) {
810 smp_allow_key_dist(smp);
811 return;
812 }
813
814 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
815 smp_notify_keys(conn);
816
817 smp_chan_destroy(conn);
818 }
819
820 static void smp_timeout(struct work_struct *work)
821 {
822 struct smp_chan *smp = container_of(work, struct smp_chan,
823 security_timer.work);
824 struct l2cap_conn *conn = smp->conn;
825
826 BT_DBG("conn %p", conn);
827
828 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
829 }
830
831 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
832 {
833 struct l2cap_chan *chan = conn->smp;
834 struct smp_chan *smp;
835
836 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
837 if (!smp)
838 return NULL;
839
840 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
841 if (IS_ERR(smp->tfm_aes)) {
842 BT_ERR("Unable to create ECB crypto context");
843 kfree(smp);
844 return NULL;
845 }
846
847 smp->conn = conn;
848 chan->data = smp;
849
850 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
851
852 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
853
854 hci_conn_hold(conn->hcon);
855
856 return smp;
857 }
858
859 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
860 {
861 struct l2cap_conn *conn = hcon->l2cap_data;
862 struct l2cap_chan *chan;
863 struct smp_chan *smp;
864 u32 value;
865 int err;
866
867 BT_DBG("");
868
869 if (!conn)
870 return -ENOTCONN;
871
872 chan = conn->smp;
873 if (!chan)
874 return -ENOTCONN;
875
876 l2cap_chan_lock(chan);
877 if (!chan->data) {
878 err = -ENOTCONN;
879 goto unlock;
880 }
881
882 smp = chan->data;
883
884 switch (mgmt_op) {
885 case MGMT_OP_USER_PASSKEY_REPLY:
886 value = le32_to_cpu(passkey);
887 memset(smp->tk, 0, sizeof(smp->tk));
888 BT_DBG("PassKey: %d", value);
889 put_unaligned_le32(value, smp->tk);
890 /* Fall Through */
891 case MGMT_OP_USER_CONFIRM_REPLY:
892 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
893 break;
894 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
895 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
896 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
897 err = 0;
898 goto unlock;
899 default:
900 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
901 err = -EOPNOTSUPP;
902 goto unlock;
903 }
904
905 err = 0;
906
907 /* If it is our turn to send Pairing Confirm, do so now */
908 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
909 u8 rsp = smp_confirm(smp);
910 if (rsp)
911 smp_failure(conn, rsp);
912 }
913
914 unlock:
915 l2cap_chan_unlock(chan);
916 return err;
917 }
918
919 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
920 {
921 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
922 struct l2cap_chan *chan = conn->smp;
923 struct hci_dev *hdev = conn->hcon->hdev;
924 struct smp_chan *smp;
925 u8 key_size, auth, sec_level;
926 int ret;
927
928 BT_DBG("conn %p", conn);
929
930 if (skb->len < sizeof(*req))
931 return SMP_INVALID_PARAMS;
932
933 if (conn->hcon->role != HCI_ROLE_SLAVE)
934 return SMP_CMD_NOTSUPP;
935
936 if (!chan->data)
937 smp = smp_chan_create(conn);
938 else
939 smp = chan->data;
940
941 if (!smp)
942 return SMP_UNSPECIFIED;
943
944 /* We didn't start the pairing, so match remote */
945 auth = req->auth_req & AUTH_REQ_MASK;
946
947 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
948 (auth & SMP_AUTH_BONDING))
949 return SMP_PAIRING_NOTSUPP;
950
951 smp->preq[0] = SMP_CMD_PAIRING_REQ;
952 memcpy(&smp->preq[1], req, sizeof(*req));
953 skb_pull(skb, sizeof(*req));
954
955 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
956 sec_level = BT_SECURITY_MEDIUM;
957 else
958 sec_level = authreq_to_seclevel(auth);
959
960 if (sec_level > conn->hcon->pending_sec_level)
961 conn->hcon->pending_sec_level = sec_level;
962
963 /* If we need MITM check that it can be achieved */
964 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
965 u8 method;
966
967 method = get_auth_method(smp, conn->hcon->io_capability,
968 req->io_capability);
969 if (method == JUST_WORKS || method == JUST_CFM)
970 return SMP_AUTH_REQUIREMENTS;
971 }
972
973 build_pairing_cmd(conn, req, &rsp, auth);
974
975 key_size = min(req->max_key_size, rsp.max_key_size);
976 if (check_enc_key_size(conn, key_size))
977 return SMP_ENC_KEY_SIZE;
978
979 get_random_bytes(smp->prnd, sizeof(smp->prnd));
980
981 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
982 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
983
984 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
986
987 /* Request setup of TK */
988 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
989 if (ret)
990 return SMP_UNSPECIFIED;
991
992 return 0;
993 }
994
995 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
996 {
997 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
998 struct l2cap_chan *chan = conn->smp;
999 struct smp_chan *smp = chan->data;
1000 u8 key_size, auth;
1001 int ret;
1002
1003 BT_DBG("conn %p", conn);
1004
1005 if (skb->len < sizeof(*rsp))
1006 return SMP_INVALID_PARAMS;
1007
1008 if (conn->hcon->role != HCI_ROLE_MASTER)
1009 return SMP_CMD_NOTSUPP;
1010
1011 skb_pull(skb, sizeof(*rsp));
1012
1013 req = (void *) &smp->preq[1];
1014
1015 key_size = min(req->max_key_size, rsp->max_key_size);
1016 if (check_enc_key_size(conn, key_size))
1017 return SMP_ENC_KEY_SIZE;
1018
1019 auth = rsp->auth_req & AUTH_REQ_MASK;
1020
1021 /* If we need MITM check that it can be achieved */
1022 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1023 u8 method;
1024
1025 method = get_auth_method(smp, req->io_capability,
1026 rsp->io_capability);
1027 if (method == JUST_WORKS || method == JUST_CFM)
1028 return SMP_AUTH_REQUIREMENTS;
1029 }
1030
1031 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1032
1033 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1034 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1035
1036 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request.
1038 */
1039 smp->remote_key_dist &= rsp->resp_key_dist;
1040
1041 auth |= req->auth_req;
1042
1043 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1044 if (ret)
1045 return SMP_UNSPECIFIED;
1046
1047 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1048
1049 /* Can't compose response until we have been confirmed */
1050 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1051 return smp_confirm(smp);
1052
1053 return 0;
1054 }
1055
1056 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1057 {
1058 struct l2cap_chan *chan = conn->smp;
1059 struct smp_chan *smp = chan->data;
1060
1061 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1062
1063 if (skb->len < sizeof(smp->pcnf))
1064 return SMP_INVALID_PARAMS;
1065
1066 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1067 skb_pull(skb, sizeof(smp->pcnf));
1068
1069 if (conn->hcon->out) {
1070 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1071 smp->prnd);
1072 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1073 return 0;
1074 }
1075
1076 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1077 return smp_confirm(smp);
1078 else
1079 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1080
1081 return 0;
1082 }
1083
1084 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1085 {
1086 struct l2cap_chan *chan = conn->smp;
1087 struct smp_chan *smp = chan->data;
1088
1089 BT_DBG("conn %p", conn);
1090
1091 if (skb->len < sizeof(smp->rrnd))
1092 return SMP_INVALID_PARAMS;
1093
1094 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1095 skb_pull(skb, sizeof(smp->rrnd));
1096
1097 return smp_random(smp);
1098 }
1099
1100 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1101 {
1102 struct smp_ltk *key;
1103 struct hci_conn *hcon = conn->hcon;
1104
1105 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1106 hcon->role);
1107 if (!key)
1108 return false;
1109
1110 if (smp_ltk_sec_level(key) < sec_level)
1111 return false;
1112
1113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1114 return true;
1115
1116 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1117 hcon->enc_key_size = key->enc_size;
1118
1119 /* We never store STKs for master role, so clear this flag */
1120 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1121
1122 return true;
1123 }
1124
1125 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1126 enum smp_key_pref key_pref)
1127 {
1128 if (sec_level == BT_SECURITY_LOW)
1129 return true;
1130
1131 /* If we're encrypted with an STK but the caller prefers using
1132 * LTK claim insufficient security. This way we allow the
1133 * connection to be re-encrypted with an LTK, even if the LTK
1134 * provides the same level of security. Only exception is if we
1135 * don't have an LTK (e.g. because of key distribution bits).
1136 */
1137 if (key_pref == SMP_USE_LTK &&
1138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1139 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1140 hcon->role))
1141 return false;
1142
1143 if (hcon->sec_level >= sec_level)
1144 return true;
1145
1146 return false;
1147 }
1148
1149 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1150 {
1151 struct smp_cmd_security_req *rp = (void *) skb->data;
1152 struct smp_cmd_pairing cp;
1153 struct hci_conn *hcon = conn->hcon;
1154 struct smp_chan *smp;
1155 u8 sec_level, auth;
1156
1157 BT_DBG("conn %p", conn);
1158
1159 if (skb->len < sizeof(*rp))
1160 return SMP_INVALID_PARAMS;
1161
1162 if (hcon->role != HCI_ROLE_MASTER)
1163 return SMP_CMD_NOTSUPP;
1164
1165 auth = rp->auth_req & AUTH_REQ_MASK;
1166
1167 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1168 sec_level = BT_SECURITY_MEDIUM;
1169 else
1170 sec_level = authreq_to_seclevel(auth);
1171
1172 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1173 return 0;
1174
1175 if (sec_level > hcon->pending_sec_level)
1176 hcon->pending_sec_level = sec_level;
1177
1178 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1179 return 0;
1180
1181 smp = smp_chan_create(conn);
1182 if (!smp)
1183 return SMP_UNSPECIFIED;
1184
1185 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1186 (auth & SMP_AUTH_BONDING))
1187 return SMP_PAIRING_NOTSUPP;
1188
1189 skb_pull(skb, sizeof(*rp));
1190
1191 memset(&cp, 0, sizeof(cp));
1192 build_pairing_cmd(conn, &cp, NULL, auth);
1193
1194 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1195 memcpy(&smp->preq[1], &cp, sizeof(cp));
1196
1197 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1198 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1199
1200 return 0;
1201 }
1202
1203 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1204 {
1205 struct l2cap_conn *conn = hcon->l2cap_data;
1206 struct l2cap_chan *chan;
1207 struct smp_chan *smp;
1208 __u8 authreq;
1209 int ret;
1210
1211 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1212
1213 /* This may be NULL if there's an unexpected disconnection */
1214 if (!conn)
1215 return 1;
1216
1217 chan = conn->smp;
1218
1219 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1220 return 1;
1221
1222 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1223 return 1;
1224
1225 if (sec_level > hcon->pending_sec_level)
1226 hcon->pending_sec_level = sec_level;
1227
1228 if (hcon->role == HCI_ROLE_MASTER)
1229 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1230 return 0;
1231
1232 l2cap_chan_lock(chan);
1233
1234 /* If SMP is already in progress ignore this request */
1235 if (chan->data) {
1236 ret = 0;
1237 goto unlock;
1238 }
1239
1240 smp = smp_chan_create(conn);
1241 if (!smp) {
1242 ret = 1;
1243 goto unlock;
1244 }
1245
1246 authreq = seclevel_to_authreq(sec_level);
1247
1248 /* Require MITM if IO Capability allows or the security level
1249 * requires it.
1250 */
1251 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1252 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1253 authreq |= SMP_AUTH_MITM;
1254
1255 if (hcon->role == HCI_ROLE_MASTER) {
1256 struct smp_cmd_pairing cp;
1257
1258 build_pairing_cmd(conn, &cp, NULL, authreq);
1259 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1260 memcpy(&smp->preq[1], &cp, sizeof(cp));
1261
1262 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1263 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1264 } else {
1265 struct smp_cmd_security_req cp;
1266 cp.auth_req = authreq;
1267 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1269 }
1270
1271 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1272 ret = 0;
1273
1274 unlock:
1275 l2cap_chan_unlock(chan);
1276 return ret;
1277 }
1278
1279 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1280 {
1281 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1282 struct l2cap_chan *chan = conn->smp;
1283 struct smp_chan *smp = chan->data;
1284
1285 BT_DBG("conn %p", conn);
1286
1287 if (skb->len < sizeof(*rp))
1288 return SMP_INVALID_PARAMS;
1289
1290 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1291
1292 skb_pull(skb, sizeof(*rp));
1293
1294 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1295
1296 return 0;
1297 }
1298
1299 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1300 {
1301 struct smp_cmd_master_ident *rp = (void *) skb->data;
1302 struct l2cap_chan *chan = conn->smp;
1303 struct smp_chan *smp = chan->data;
1304 struct hci_dev *hdev = conn->hcon->hdev;
1305 struct hci_conn *hcon = conn->hcon;
1306 struct smp_ltk *ltk;
1307 u8 authenticated;
1308
1309 BT_DBG("conn %p", conn);
1310
1311 if (skb->len < sizeof(*rp))
1312 return SMP_INVALID_PARAMS;
1313
1314 /* Mark the information as received */
1315 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1316
1317 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1318 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1319 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1320 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1321
1322 skb_pull(skb, sizeof(*rp));
1323
1324 hci_dev_lock(hdev);
1325 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1326 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1327 authenticated, smp->tk, smp->enc_key_size,
1328 rp->ediv, rp->rand);
1329 smp->ltk = ltk;
1330 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1331 smp_distribute_keys(smp);
1332 hci_dev_unlock(hdev);
1333
1334 return 0;
1335 }
1336
1337 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1338 {
1339 struct smp_cmd_ident_info *info = (void *) skb->data;
1340 struct l2cap_chan *chan = conn->smp;
1341 struct smp_chan *smp = chan->data;
1342
1343 BT_DBG("");
1344
1345 if (skb->len < sizeof(*info))
1346 return SMP_INVALID_PARAMS;
1347
1348 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1349
1350 skb_pull(skb, sizeof(*info));
1351
1352 memcpy(smp->irk, info->irk, 16);
1353
1354 return 0;
1355 }
1356
1357 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1358 struct sk_buff *skb)
1359 {
1360 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1361 struct l2cap_chan *chan = conn->smp;
1362 struct smp_chan *smp = chan->data;
1363 struct hci_conn *hcon = conn->hcon;
1364 bdaddr_t rpa;
1365
1366 BT_DBG("");
1367
1368 if (skb->len < sizeof(*info))
1369 return SMP_INVALID_PARAMS;
1370
1371 /* Mark the information as received */
1372 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1373
1374 if (smp->remote_key_dist & SMP_DIST_SIGN)
1375 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1376
1377 skb_pull(skb, sizeof(*info));
1378
1379 hci_dev_lock(hcon->hdev);
1380
1381 /* Strictly speaking the Core Specification (4.1) allows sending
1382 * an empty address which would force us to rely on just the IRK
1383 * as "identity information". However, since such
1384 * implementations are not known of and in order to not over
1385 * complicate our implementation, simply pretend that we never
1386 * received an IRK for such a device.
1387 */
1388 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1389 BT_ERR("Ignoring IRK with no identity address");
1390 goto distribute;
1391 }
1392
1393 bacpy(&smp->id_addr, &info->bdaddr);
1394 smp->id_addr_type = info->addr_type;
1395
1396 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1397 bacpy(&rpa, &hcon->dst);
1398 else
1399 bacpy(&rpa, BDADDR_ANY);
1400
1401 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1402 smp->id_addr_type, smp->irk, &rpa);
1403
1404 distribute:
1405 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1406 smp_distribute_keys(smp);
1407
1408 hci_dev_unlock(hcon->hdev);
1409
1410 return 0;
1411 }
1412
1413 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1414 {
1415 struct smp_cmd_sign_info *rp = (void *) skb->data;
1416 struct l2cap_chan *chan = conn->smp;
1417 struct smp_chan *smp = chan->data;
1418 struct hci_dev *hdev = conn->hcon->hdev;
1419 struct smp_csrk *csrk;
1420
1421 BT_DBG("conn %p", conn);
1422
1423 if (skb->len < sizeof(*rp))
1424 return SMP_INVALID_PARAMS;
1425
1426 /* Mark the information as received */
1427 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1428
1429 skb_pull(skb, sizeof(*rp));
1430
1431 hci_dev_lock(hdev);
1432 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1433 if (csrk) {
1434 csrk->master = 0x01;
1435 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1436 }
1437 smp->csrk = csrk;
1438 smp_distribute_keys(smp);
1439 hci_dev_unlock(hdev);
1440
1441 return 0;
1442 }
1443
1444 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1445 {
1446 struct l2cap_conn *conn = chan->conn;
1447 struct hci_conn *hcon = conn->hcon;
1448 struct smp_chan *smp;
1449 __u8 code, reason;
1450 int err = 0;
1451
1452 if (hcon->type != LE_LINK) {
1453 kfree_skb(skb);
1454 return 0;
1455 }
1456
1457 if (skb->len < 1)
1458 return -EILSEQ;
1459
1460 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1461 reason = SMP_PAIRING_NOTSUPP;
1462 goto done;
1463 }
1464
1465 code = skb->data[0];
1466 skb_pull(skb, sizeof(code));
1467
1468 smp = chan->data;
1469
1470 if (code > SMP_CMD_MAX)
1471 goto drop;
1472
1473 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1474 goto drop;
1475
1476 /* If we don't have a context the only allowed commands are
1477 * pairing request and security request.
1478 */
1479 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1480 goto drop;
1481
1482 switch (code) {
1483 case SMP_CMD_PAIRING_REQ:
1484 reason = smp_cmd_pairing_req(conn, skb);
1485 break;
1486
1487 case SMP_CMD_PAIRING_FAIL:
1488 smp_failure(conn, 0);
1489 err = -EPERM;
1490 break;
1491
1492 case SMP_CMD_PAIRING_RSP:
1493 reason = smp_cmd_pairing_rsp(conn, skb);
1494 break;
1495
1496 case SMP_CMD_SECURITY_REQ:
1497 reason = smp_cmd_security_req(conn, skb);
1498 break;
1499
1500 case SMP_CMD_PAIRING_CONFIRM:
1501 reason = smp_cmd_pairing_confirm(conn, skb);
1502 break;
1503
1504 case SMP_CMD_PAIRING_RANDOM:
1505 reason = smp_cmd_pairing_random(conn, skb);
1506 break;
1507
1508 case SMP_CMD_ENCRYPT_INFO:
1509 reason = smp_cmd_encrypt_info(conn, skb);
1510 break;
1511
1512 case SMP_CMD_MASTER_IDENT:
1513 reason = smp_cmd_master_ident(conn, skb);
1514 break;
1515
1516 case SMP_CMD_IDENT_INFO:
1517 reason = smp_cmd_ident_info(conn, skb);
1518 break;
1519
1520 case SMP_CMD_IDENT_ADDR_INFO:
1521 reason = smp_cmd_ident_addr_info(conn, skb);
1522 break;
1523
1524 case SMP_CMD_SIGN_INFO:
1525 reason = smp_cmd_sign_info(conn, skb);
1526 break;
1527
1528 default:
1529 BT_DBG("Unknown command code 0x%2.2x", code);
1530 reason = SMP_CMD_NOTSUPP;
1531 goto done;
1532 }
1533
1534 done:
1535 if (!err) {
1536 if (reason)
1537 smp_failure(conn, reason);
1538 kfree_skb(skb);
1539 }
1540
1541 return err;
1542
1543 drop:
1544 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1545 code, &hcon->dst);
1546 kfree_skb(skb);
1547 return 0;
1548 }
1549
1550 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1551 {
1552 struct l2cap_conn *conn = chan->conn;
1553
1554 BT_DBG("chan %p", chan);
1555
1556 if (chan->data)
1557 smp_chan_destroy(conn);
1558
1559 conn->smp = NULL;
1560 l2cap_chan_put(chan);
1561 }
1562
1563 static void smp_resume_cb(struct l2cap_chan *chan)
1564 {
1565 struct smp_chan *smp = chan->data;
1566 struct l2cap_conn *conn = chan->conn;
1567 struct hci_conn *hcon = conn->hcon;
1568
1569 BT_DBG("chan %p", chan);
1570
1571 if (!smp)
1572 return;
1573
1574 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1575 return;
1576
1577 cancel_delayed_work(&smp->security_timer);
1578
1579 smp_distribute_keys(smp);
1580 }
1581
1582 static void smp_ready_cb(struct l2cap_chan *chan)
1583 {
1584 struct l2cap_conn *conn = chan->conn;
1585
1586 BT_DBG("chan %p", chan);
1587
1588 conn->smp = chan;
1589 l2cap_chan_hold(chan);
1590 }
1591
1592 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1593 {
1594 int err;
1595
1596 BT_DBG("chan %p", chan);
1597
1598 err = smp_sig_channel(chan, skb);
1599 if (err) {
1600 struct smp_chan *smp = chan->data;
1601
1602 if (smp)
1603 cancel_delayed_work_sync(&smp->security_timer);
1604
1605 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1606 }
1607
1608 return err;
1609 }
1610
1611 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1612 unsigned long hdr_len,
1613 unsigned long len, int nb)
1614 {
1615 struct sk_buff *skb;
1616
1617 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1618 if (!skb)
1619 return ERR_PTR(-ENOMEM);
1620
1621 skb->priority = HCI_PRIO_MAX;
1622 bt_cb(skb)->chan = chan;
1623
1624 return skb;
1625 }
1626
1627 static const struct l2cap_ops smp_chan_ops = {
1628 .name = "Security Manager",
1629 .ready = smp_ready_cb,
1630 .recv = smp_recv_cb,
1631 .alloc_skb = smp_alloc_skb_cb,
1632 .teardown = smp_teardown_cb,
1633 .resume = smp_resume_cb,
1634
1635 .new_connection = l2cap_chan_no_new_connection,
1636 .state_change = l2cap_chan_no_state_change,
1637 .close = l2cap_chan_no_close,
1638 .defer = l2cap_chan_no_defer,
1639 .suspend = l2cap_chan_no_suspend,
1640 .set_shutdown = l2cap_chan_no_set_shutdown,
1641 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1642 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1643 };
1644
1645 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1646 {
1647 struct l2cap_chan *chan;
1648
1649 BT_DBG("pchan %p", pchan);
1650
1651 chan = l2cap_chan_create();
1652 if (!chan)
1653 return NULL;
1654
1655 chan->chan_type = pchan->chan_type;
1656 chan->ops = &smp_chan_ops;
1657 chan->scid = pchan->scid;
1658 chan->dcid = chan->scid;
1659 chan->imtu = pchan->imtu;
1660 chan->omtu = pchan->omtu;
1661 chan->mode = pchan->mode;
1662
1663 /* Other L2CAP channels may request SMP routines in order to
1664 * change the security level. This means that the SMP channel
1665 * lock must be considered in its own category to avoid lockdep
1666 * warnings.
1667 */
1668 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
1669
1670 BT_DBG("created chan %p", chan);
1671
1672 return chan;
1673 }
1674
1675 static const struct l2cap_ops smp_root_chan_ops = {
1676 .name = "Security Manager Root",
1677 .new_connection = smp_new_conn_cb,
1678
1679 /* None of these are implemented for the root channel */
1680 .close = l2cap_chan_no_close,
1681 .alloc_skb = l2cap_chan_no_alloc_skb,
1682 .recv = l2cap_chan_no_recv,
1683 .state_change = l2cap_chan_no_state_change,
1684 .teardown = l2cap_chan_no_teardown,
1685 .ready = l2cap_chan_no_ready,
1686 .defer = l2cap_chan_no_defer,
1687 .suspend = l2cap_chan_no_suspend,
1688 .resume = l2cap_chan_no_resume,
1689 .set_shutdown = l2cap_chan_no_set_shutdown,
1690 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1691 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1692 };
1693
1694 int smp_register(struct hci_dev *hdev)
1695 {
1696 struct l2cap_chan *chan;
1697 struct crypto_blkcipher *tfm_aes;
1698
1699 BT_DBG("%s", hdev->name);
1700
1701 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1702 if (IS_ERR(tfm_aes)) {
1703 int err = PTR_ERR(tfm_aes);
1704 BT_ERR("Unable to create crypto context");
1705 return err;
1706 }
1707
1708 chan = l2cap_chan_create();
1709 if (!chan) {
1710 crypto_free_blkcipher(tfm_aes);
1711 return -ENOMEM;
1712 }
1713
1714 chan->data = tfm_aes;
1715
1716 l2cap_add_scid(chan, L2CAP_CID_SMP);
1717
1718 l2cap_chan_set_defaults(chan);
1719
1720 bacpy(&chan->src, &hdev->bdaddr);
1721 chan->src_type = BDADDR_LE_PUBLIC;
1722 chan->state = BT_LISTEN;
1723 chan->mode = L2CAP_MODE_BASIC;
1724 chan->imtu = L2CAP_DEFAULT_MTU;
1725 chan->ops = &smp_root_chan_ops;
1726
1727 /* Set correct nesting level for a parent/listening channel */
1728 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1729
1730 hdev->smp_data = chan;
1731
1732 return 0;
1733 }
1734
1735 void smp_unregister(struct hci_dev *hdev)
1736 {
1737 struct l2cap_chan *chan = hdev->smp_data;
1738 struct crypto_blkcipher *tfm_aes;
1739
1740 if (!chan)
1741 return;
1742
1743 BT_DBG("%s chan %p", hdev->name, chan);
1744
1745 tfm_aes = chan->data;
1746 if (tfm_aes) {
1747 chan->data = NULL;
1748 crypto_free_blkcipher(tfm_aes);
1749 }
1750
1751 hdev->smp_data = NULL;
1752 l2cap_chan_put(chan);
1753 }
Linux kernel - Deliverables
This page took 0.065979 seconds and 6 git commands to generate.