2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
50 struct l2cap_conn
*conn
;
51 struct delayed_work security_timer
;
52 unsigned long allow_cmd
; /* Bitmask of allowed commands */
54 u8 preq
[7]; /* SMP Pairing Request */
55 u8 prsp
[7]; /* SMP Pairing Response */
56 u8 prnd
[16]; /* SMP Pairing Random (local) */
57 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf
[16]; /* SMP Pairing Confirm */
59 u8 tk
[16]; /* SMP Temporary Key */
65 struct smp_csrk
*csrk
;
66 struct smp_csrk
*slave_csrk
;
68 struct smp_ltk
*slave_ltk
;
69 struct smp_irk
*remote_irk
;
72 struct crypto_blkcipher
*tfm_aes
;
75 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
79 for (i
= 0; i
< len
; i
++)
80 dst
[len
- 1 - i
] = src
[i
];
83 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
85 struct blkcipher_desc desc
;
86 struct scatterlist sg
;
87 uint8_t tmp
[16], data
[16];
91 BT_ERR("tfm %p", tfm
);
98 /* The most significant octet of key corresponds to k[0] */
101 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
103 BT_ERR("cipher setkey failed: %d", err
);
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r
, data
, 16);
110 sg_init_one(&sg
, data
, 16);
112 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
114 BT_ERR("Encrypt data error %d", err
);
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data
, r
, 16);
122 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
127 /* r' = padding || r */
129 memset(_res
+ 3, 0, 13);
131 err
= smp_e(tfm
, irk
, _res
);
133 BT_ERR("Encrypt error");
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
143 memcpy(res
, _res
, 3);
148 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
150 struct l2cap_chan
*chan
= hdev
->smp_data
;
151 struct crypto_blkcipher
*tfm
;
155 if (!chan
|| !chan
->data
)
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
162 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
166 return !memcmp(bdaddr
->b
, hash
, 3);
169 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
171 struct l2cap_chan
*chan
= hdev
->smp_data
;
172 struct crypto_blkcipher
*tfm
;
175 if (!chan
|| !chan
->data
)
180 get_random_bytes(&rpa
->b
[3], 3);
182 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
183 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
185 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
189 BT_DBG("RPA %pMR", rpa
);
194 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
195 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
196 bdaddr_t
*ra
, u8 res
[16])
203 /* p1 = pres || preq || _rat || _iat */
206 memcpy(p1
+ 2, preq
, 7);
207 memcpy(p1
+ 9, pres
, 7);
209 /* p2 = padding || ia || ra */
211 memcpy(p2
+ 6, ia
, 6);
212 memset(p2
+ 12, 0, 4);
215 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
217 /* res = e(k, res) */
218 err
= smp_e(tfm_aes
, k
, res
);
220 BT_ERR("Encrypt data error");
224 /* res = res XOR p2 */
225 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
227 /* res = e(k, res) */
228 err
= smp_e(tfm_aes
, k
, res
);
230 BT_ERR("Encrypt data error");
235 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
236 u8 r2
[16], u8 _r
[16])
240 /* Just least significant octets from r1 and r2 are considered */
242 memcpy(_r
+ 8, r1
, 8);
244 err
= smp_e(tfm_aes
, k
, _r
);
246 BT_ERR("Encrypt data error");
251 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
253 struct l2cap_chan
*chan
= conn
->smp
;
254 struct smp_chan
*smp
;
261 BT_DBG("code 0x%2.2x", code
);
263 iv
[0].iov_base
= &code
;
266 iv
[1].iov_base
= data
;
269 memset(&msg
, 0, sizeof(msg
));
271 msg
.msg_iov
= (struct iovec
*) &iv
;
274 l2cap_chan_send(chan
, &msg
, 1 + len
);
281 cancel_delayed_work_sync(&smp
->security_timer
);
282 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
285 static __u8
authreq_to_seclevel(__u8 authreq
)
287 if (authreq
& SMP_AUTH_MITM
)
288 return BT_SECURITY_HIGH
;
290 return BT_SECURITY_MEDIUM
;
293 static __u8
seclevel_to_authreq(__u8 sec_level
)
296 case BT_SECURITY_HIGH
:
297 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
298 case BT_SECURITY_MEDIUM
:
299 return SMP_AUTH_BONDING
;
301 return SMP_AUTH_NONE
;
305 static void build_pairing_cmd(struct l2cap_conn
*conn
,
306 struct smp_cmd_pairing
*req
,
307 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
309 struct l2cap_chan
*chan
= conn
->smp
;
310 struct smp_chan
*smp
= chan
->data
;
311 struct hci_conn
*hcon
= conn
->hcon
;
312 struct hci_dev
*hdev
= hcon
->hdev
;
313 u8 local_dist
= 0, remote_dist
= 0;
315 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
316 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
317 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
318 authreq
|= SMP_AUTH_BONDING
;
320 authreq
&= ~SMP_AUTH_BONDING
;
323 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
324 remote_dist
|= SMP_DIST_ID_KEY
;
326 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
327 local_dist
|= SMP_DIST_ID_KEY
;
330 req
->io_capability
= conn
->hcon
->io_capability
;
331 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
332 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
333 req
->init_key_dist
= local_dist
;
334 req
->resp_key_dist
= remote_dist
;
335 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
337 smp
->remote_key_dist
= remote_dist
;
341 rsp
->io_capability
= conn
->hcon
->io_capability
;
342 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
343 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
344 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
345 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
346 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
348 smp
->remote_key_dist
= rsp
->init_key_dist
;
351 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
353 struct l2cap_chan
*chan
= conn
->smp
;
354 struct smp_chan
*smp
= chan
->data
;
356 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
357 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
358 return SMP_ENC_KEY_SIZE
;
360 smp
->enc_key_size
= max_key_size
;
365 static void smp_chan_destroy(struct l2cap_conn
*conn
)
367 struct l2cap_chan
*chan
= conn
->smp
;
368 struct smp_chan
*smp
= chan
->data
;
373 cancel_delayed_work_sync(&smp
->security_timer
);
375 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
376 mgmt_smp_complete(conn
->hcon
, complete
);
379 kfree(smp
->slave_csrk
);
381 crypto_free_blkcipher(smp
->tfm_aes
);
383 /* If pairing failed clean up any keys we might have */
386 list_del(&smp
->ltk
->list
);
390 if (smp
->slave_ltk
) {
391 list_del(&smp
->slave_ltk
->list
);
392 kfree(smp
->slave_ltk
);
395 if (smp
->remote_irk
) {
396 list_del(&smp
->remote_irk
->list
);
397 kfree(smp
->remote_irk
);
403 hci_conn_drop(conn
->hcon
);
406 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
408 struct hci_conn
*hcon
= conn
->hcon
;
409 struct l2cap_chan
*chan
= conn
->smp
;
412 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
415 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
416 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
419 smp_chan_destroy(conn
);
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
429 static const u8 gen_method
[5][5] = {
430 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
431 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
432 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
433 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
434 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
437 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
442 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
443 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
446 return gen_method
[remote_io
][local_io
];
449 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
450 u8 local_io
, u8 remote_io
)
452 struct hci_conn
*hcon
= conn
->hcon
;
453 struct l2cap_chan
*chan
= conn
->smp
;
454 struct smp_chan
*smp
= chan
->data
;
459 /* Initialize key for JUST WORKS */
460 memset(smp
->tk
, 0, sizeof(smp
->tk
));
461 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
471 if (!(auth
& SMP_AUTH_MITM
))
474 method
= get_auth_method(smp
, local_io
, remote_io
);
476 /* Don't confirm locally initiated pairing attempts */
477 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
480 /* Don't bother user space with no IO capabilities */
481 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
484 /* If Just Works, Continue with Zero TK */
485 if (method
== JUST_WORKS
) {
486 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method
!= JUST_CFM
) {
492 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
493 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
494 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
500 if (method
== OVERLAP
) {
501 if (hcon
->role
== HCI_ROLE_MASTER
)
502 method
= CFM_PASSKEY
;
504 method
= REQ_PASSKEY
;
507 /* Generate random passkey. */
508 if (method
== CFM_PASSKEY
) {
509 memset(smp
->tk
, 0, sizeof(smp
->tk
));
510 get_random_bytes(&passkey
, sizeof(passkey
));
512 put_unaligned_le32(passkey
, smp
->tk
);
513 BT_DBG("PassKey: %d", passkey
);
514 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
517 if (method
== REQ_PASSKEY
)
518 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
519 hcon
->type
, hcon
->dst_type
);
520 else if (method
== JUST_CFM
)
521 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
522 hcon
->type
, hcon
->dst_type
,
525 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
526 hcon
->type
, hcon
->dst_type
,
532 static u8
smp_confirm(struct smp_chan
*smp
)
534 struct l2cap_conn
*conn
= smp
->conn
;
535 struct smp_cmd_pairing_confirm cp
;
538 BT_DBG("conn %p", conn
);
540 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
541 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
542 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
545 return SMP_UNSPECIFIED
;
547 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
549 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
552 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
554 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
559 static u8
smp_random(struct smp_chan
*smp
)
561 struct l2cap_conn
*conn
= smp
->conn
;
562 struct hci_conn
*hcon
= conn
->hcon
;
566 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
567 return SMP_UNSPECIFIED
;
569 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
571 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
572 hcon
->init_addr_type
, &hcon
->init_addr
,
573 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
575 return SMP_UNSPECIFIED
;
577 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED
;
587 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
589 memset(stk
+ smp
->enc_key_size
, 0,
590 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
593 return SMP_UNSPECIFIED
;
595 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
596 hcon
->enc_key_size
= smp
->enc_key_size
;
597 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
603 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
606 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
608 memset(stk
+ smp
->enc_key_size
, 0,
609 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
611 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
620 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
621 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
627 static void smp_notify_keys(struct l2cap_conn
*conn
)
629 struct l2cap_chan
*chan
= conn
->smp
;
630 struct smp_chan
*smp
= chan
->data
;
631 struct hci_conn
*hcon
= conn
->hcon
;
632 struct hci_dev
*hdev
= hcon
->hdev
;
633 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
634 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
637 if (smp
->remote_irk
) {
638 mgmt_new_irk(hdev
, smp
->remote_irk
);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
643 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
644 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
645 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
657 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
658 list_del(&smp
->remote_irk
->list
);
659 kfree(smp
->remote_irk
);
660 smp
->remote_irk
= NULL
;
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
667 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
670 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
671 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
672 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
675 if (smp
->slave_csrk
) {
676 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
677 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
678 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
682 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
683 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
684 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
687 if (smp
->slave_ltk
) {
688 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
689 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
690 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
694 static void smp_allow_key_dist(struct smp_chan
*smp
)
696 /* Allow the first expected phase 3 PDU. The rest of the PDUs
697 * will be allowed in each PDU handler to ensure we receive
698 * them in the correct order.
700 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
701 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
702 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
703 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
704 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
705 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
708 static void smp_distribute_keys(struct smp_chan
*smp
)
710 struct smp_cmd_pairing
*req
, *rsp
;
711 struct l2cap_conn
*conn
= smp
->conn
;
712 struct hci_conn
*hcon
= conn
->hcon
;
713 struct hci_dev
*hdev
= hcon
->hdev
;
716 BT_DBG("conn %p", conn
);
718 rsp
= (void *) &smp
->prsp
[1];
720 /* The responder sends its keys first */
721 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
722 smp_allow_key_dist(smp
);
726 req
= (void *) &smp
->preq
[1];
729 keydist
= &rsp
->init_key_dist
;
730 *keydist
&= req
->init_key_dist
;
732 keydist
= &rsp
->resp_key_dist
;
733 *keydist
&= req
->resp_key_dist
;
736 BT_DBG("keydist 0x%x", *keydist
);
738 if (*keydist
& SMP_DIST_ENC_KEY
) {
739 struct smp_cmd_encrypt_info enc
;
740 struct smp_cmd_master_ident ident
;
746 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
747 get_random_bytes(&ediv
, sizeof(ediv
));
748 get_random_bytes(&rand
, sizeof(rand
));
750 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
752 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
753 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
754 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
755 smp
->enc_key_size
, ediv
, rand
);
756 smp
->slave_ltk
= ltk
;
761 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
763 *keydist
&= ~SMP_DIST_ENC_KEY
;
766 if (*keydist
& SMP_DIST_ID_KEY
) {
767 struct smp_cmd_ident_addr_info addrinfo
;
768 struct smp_cmd_ident_info idinfo
;
770 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
772 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
774 /* The hci_conn contains the local identity address
775 * after the connection has been established.
777 * This is true even when the connection has been
778 * established using a resolvable random address.
780 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
781 addrinfo
.addr_type
= hcon
->src_type
;
783 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
786 *keydist
&= ~SMP_DIST_ID_KEY
;
789 if (*keydist
& SMP_DIST_SIGN
) {
790 struct smp_cmd_sign_info sign
;
791 struct smp_csrk
*csrk
;
793 /* Generate a new random key */
794 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
796 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
799 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
801 smp
->slave_csrk
= csrk
;
803 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
805 *keydist
&= ~SMP_DIST_SIGN
;
808 /* If there are still keys to be received wait for them */
809 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
810 smp_allow_key_dist(smp
);
814 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
815 smp_notify_keys(conn
);
817 smp_chan_destroy(conn
);
820 static void smp_timeout(struct work_struct
*work
)
822 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
823 security_timer
.work
);
824 struct l2cap_conn
*conn
= smp
->conn
;
826 BT_DBG("conn %p", conn
);
828 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
831 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
833 struct l2cap_chan
*chan
= conn
->smp
;
834 struct smp_chan
*smp
;
836 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
840 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
841 if (IS_ERR(smp
->tfm_aes
)) {
842 BT_ERR("Unable to create ECB crypto context");
850 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
852 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
854 hci_conn_hold(conn
->hcon
);
859 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
861 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
862 struct l2cap_chan
*chan
;
863 struct smp_chan
*smp
;
876 l2cap_chan_lock(chan
);
885 case MGMT_OP_USER_PASSKEY_REPLY
:
886 value
= le32_to_cpu(passkey
);
887 memset(smp
->tk
, 0, sizeof(smp
->tk
));
888 BT_DBG("PassKey: %d", value
);
889 put_unaligned_le32(value
, smp
->tk
);
891 case MGMT_OP_USER_CONFIRM_REPLY
:
892 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
894 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
895 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
896 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
900 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
907 /* If it is our turn to send Pairing Confirm, do so now */
908 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
909 u8 rsp
= smp_confirm(smp
);
911 smp_failure(conn
, rsp
);
915 l2cap_chan_unlock(chan
);
919 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
921 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
922 struct l2cap_chan
*chan
= conn
->smp
;
923 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
924 struct smp_chan
*smp
;
925 u8 key_size
, auth
, sec_level
;
928 BT_DBG("conn %p", conn
);
930 if (skb
->len
< sizeof(*req
))
931 return SMP_INVALID_PARAMS
;
933 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
934 return SMP_CMD_NOTSUPP
;
937 smp
= smp_chan_create(conn
);
942 return SMP_UNSPECIFIED
;
944 /* We didn't start the pairing, so match remote */
945 auth
= req
->auth_req
& AUTH_REQ_MASK
;
947 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
948 (auth
& SMP_AUTH_BONDING
))
949 return SMP_PAIRING_NOTSUPP
;
951 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
952 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
953 skb_pull(skb
, sizeof(*req
));
955 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
956 sec_level
= BT_SECURITY_MEDIUM
;
958 sec_level
= authreq_to_seclevel(auth
);
960 if (sec_level
> conn
->hcon
->pending_sec_level
)
961 conn
->hcon
->pending_sec_level
= sec_level
;
963 /* If we need MITM check that it can be achieved */
964 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
967 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
969 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
970 return SMP_AUTH_REQUIREMENTS
;
973 build_pairing_cmd(conn
, req
, &rsp
, auth
);
975 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
976 if (check_enc_key_size(conn
, key_size
))
977 return SMP_ENC_KEY_SIZE
;
979 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
981 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
982 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
984 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
985 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
987 /* Request setup of TK */
988 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
990 return SMP_UNSPECIFIED
;
995 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
997 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
998 struct l2cap_chan
*chan
= conn
->smp
;
999 struct smp_chan
*smp
= chan
->data
;
1003 BT_DBG("conn %p", conn
);
1005 if (skb
->len
< sizeof(*rsp
))
1006 return SMP_INVALID_PARAMS
;
1008 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1009 return SMP_CMD_NOTSUPP
;
1011 skb_pull(skb
, sizeof(*rsp
));
1013 req
= (void *) &smp
->preq
[1];
1015 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1016 if (check_enc_key_size(conn
, key_size
))
1017 return SMP_ENC_KEY_SIZE
;
1019 auth
= rsp
->auth_req
& AUTH_REQ_MASK
;
1021 /* If we need MITM check that it can be achieved */
1022 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1025 method
= get_auth_method(smp
, req
->io_capability
,
1026 rsp
->io_capability
);
1027 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1028 return SMP_AUTH_REQUIREMENTS
;
1031 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1033 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1034 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1036 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request.
1039 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1041 auth
|= req
->auth_req
;
1043 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1045 return SMP_UNSPECIFIED
;
1047 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1049 /* Can't compose response until we have been confirmed */
1050 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1051 return smp_confirm(smp
);
1056 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1058 struct l2cap_chan
*chan
= conn
->smp
;
1059 struct smp_chan
*smp
= chan
->data
;
1061 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1063 if (skb
->len
< sizeof(smp
->pcnf
))
1064 return SMP_INVALID_PARAMS
;
1066 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1067 skb_pull(skb
, sizeof(smp
->pcnf
));
1069 if (conn
->hcon
->out
) {
1070 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1072 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1076 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1077 return smp_confirm(smp
);
1079 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1084 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1086 struct l2cap_chan
*chan
= conn
->smp
;
1087 struct smp_chan
*smp
= chan
->data
;
1089 BT_DBG("conn %p", conn
);
1091 if (skb
->len
< sizeof(smp
->rrnd
))
1092 return SMP_INVALID_PARAMS
;
1094 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1095 skb_pull(skb
, sizeof(smp
->rrnd
));
1097 return smp_random(smp
);
1100 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1102 struct smp_ltk
*key
;
1103 struct hci_conn
*hcon
= conn
->hcon
;
1105 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1110 if (smp_ltk_sec_level(key
) < sec_level
)
1113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1116 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1117 hcon
->enc_key_size
= key
->enc_size
;
1119 /* We never store STKs for master role, so clear this flag */
1120 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1125 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
1126 enum smp_key_pref key_pref
)
1128 if (sec_level
== BT_SECURITY_LOW
)
1131 /* If we're encrypted with an STK but the caller prefers using
1132 * LTK claim insufficient security. This way we allow the
1133 * connection to be re-encrypted with an LTK, even if the LTK
1134 * provides the same level of security. Only exception is if we
1135 * don't have an LTK (e.g. because of key distribution bits).
1137 if (key_pref
== SMP_USE_LTK
&&
1138 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1139 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1143 if (hcon
->sec_level
>= sec_level
)
1149 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1151 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1152 struct smp_cmd_pairing cp
;
1153 struct hci_conn
*hcon
= conn
->hcon
;
1154 struct smp_chan
*smp
;
1157 BT_DBG("conn %p", conn
);
1159 if (skb
->len
< sizeof(*rp
))
1160 return SMP_INVALID_PARAMS
;
1162 if (hcon
->role
!= HCI_ROLE_MASTER
)
1163 return SMP_CMD_NOTSUPP
;
1165 auth
= rp
->auth_req
& AUTH_REQ_MASK
;
1167 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1168 sec_level
= BT_SECURITY_MEDIUM
;
1170 sec_level
= authreq_to_seclevel(auth
);
1172 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1175 if (sec_level
> hcon
->pending_sec_level
)
1176 hcon
->pending_sec_level
= sec_level
;
1178 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1181 smp
= smp_chan_create(conn
);
1183 return SMP_UNSPECIFIED
;
1185 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1186 (auth
& SMP_AUTH_BONDING
))
1187 return SMP_PAIRING_NOTSUPP
;
1189 skb_pull(skb
, sizeof(*rp
));
1191 memset(&cp
, 0, sizeof(cp
));
1192 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1194 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1195 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1197 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1198 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1203 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1205 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1206 struct l2cap_chan
*chan
;
1207 struct smp_chan
*smp
;
1211 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1213 /* This may be NULL if there's an unexpected disconnection */
1219 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1222 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1225 if (sec_level
> hcon
->pending_sec_level
)
1226 hcon
->pending_sec_level
= sec_level
;
1228 if (hcon
->role
== HCI_ROLE_MASTER
)
1229 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1232 l2cap_chan_lock(chan
);
1234 /* If SMP is already in progress ignore this request */
1240 smp
= smp_chan_create(conn
);
1246 authreq
= seclevel_to_authreq(sec_level
);
1248 /* Require MITM if IO Capability allows or the security level
1251 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1252 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1253 authreq
|= SMP_AUTH_MITM
;
1255 if (hcon
->role
== HCI_ROLE_MASTER
) {
1256 struct smp_cmd_pairing cp
;
1258 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1259 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1260 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1262 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1263 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1265 struct smp_cmd_security_req cp
;
1266 cp
.auth_req
= authreq
;
1267 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1268 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1271 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1275 l2cap_chan_unlock(chan
);
1279 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1281 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1282 struct l2cap_chan
*chan
= conn
->smp
;
1283 struct smp_chan
*smp
= chan
->data
;
1285 BT_DBG("conn %p", conn
);
1287 if (skb
->len
< sizeof(*rp
))
1288 return SMP_INVALID_PARAMS
;
1290 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1292 skb_pull(skb
, sizeof(*rp
));
1294 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1299 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1301 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1302 struct l2cap_chan
*chan
= conn
->smp
;
1303 struct smp_chan
*smp
= chan
->data
;
1304 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1305 struct hci_conn
*hcon
= conn
->hcon
;
1306 struct smp_ltk
*ltk
;
1309 BT_DBG("conn %p", conn
);
1311 if (skb
->len
< sizeof(*rp
))
1312 return SMP_INVALID_PARAMS
;
1314 /* Mark the information as received */
1315 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1317 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1318 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1319 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1320 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1322 skb_pull(skb
, sizeof(*rp
));
1325 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1326 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1327 authenticated
, smp
->tk
, smp
->enc_key_size
,
1328 rp
->ediv
, rp
->rand
);
1330 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1331 smp_distribute_keys(smp
);
1332 hci_dev_unlock(hdev
);
1337 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1339 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1340 struct l2cap_chan
*chan
= conn
->smp
;
1341 struct smp_chan
*smp
= chan
->data
;
1345 if (skb
->len
< sizeof(*info
))
1346 return SMP_INVALID_PARAMS
;
1348 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1350 skb_pull(skb
, sizeof(*info
));
1352 memcpy(smp
->irk
, info
->irk
, 16);
1357 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1358 struct sk_buff
*skb
)
1360 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1361 struct l2cap_chan
*chan
= conn
->smp
;
1362 struct smp_chan
*smp
= chan
->data
;
1363 struct hci_conn
*hcon
= conn
->hcon
;
1368 if (skb
->len
< sizeof(*info
))
1369 return SMP_INVALID_PARAMS
;
1371 /* Mark the information as received */
1372 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1374 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1375 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1377 skb_pull(skb
, sizeof(*info
));
1379 hci_dev_lock(hcon
->hdev
);
1381 /* Strictly speaking the Core Specification (4.1) allows sending
1382 * an empty address which would force us to rely on just the IRK
1383 * as "identity information". However, since such
1384 * implementations are not known of and in order to not over
1385 * complicate our implementation, simply pretend that we never
1386 * received an IRK for such a device.
1388 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1389 BT_ERR("Ignoring IRK with no identity address");
1393 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1394 smp
->id_addr_type
= info
->addr_type
;
1396 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1397 bacpy(&rpa
, &hcon
->dst
);
1399 bacpy(&rpa
, BDADDR_ANY
);
1401 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1402 smp
->id_addr_type
, smp
->irk
, &rpa
);
1405 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1406 smp_distribute_keys(smp
);
1408 hci_dev_unlock(hcon
->hdev
);
1413 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1415 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1416 struct l2cap_chan
*chan
= conn
->smp
;
1417 struct smp_chan
*smp
= chan
->data
;
1418 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1419 struct smp_csrk
*csrk
;
1421 BT_DBG("conn %p", conn
);
1423 if (skb
->len
< sizeof(*rp
))
1424 return SMP_INVALID_PARAMS
;
1426 /* Mark the information as received */
1427 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1429 skb_pull(skb
, sizeof(*rp
));
1432 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1434 csrk
->master
= 0x01;
1435 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1438 smp_distribute_keys(smp
);
1439 hci_dev_unlock(hdev
);
1444 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1446 struct l2cap_conn
*conn
= chan
->conn
;
1447 struct hci_conn
*hcon
= conn
->hcon
;
1448 struct smp_chan
*smp
;
1452 if (hcon
->type
!= LE_LINK
) {
1460 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1461 reason
= SMP_PAIRING_NOTSUPP
;
1465 code
= skb
->data
[0];
1466 skb_pull(skb
, sizeof(code
));
1470 if (code
> SMP_CMD_MAX
)
1473 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
1476 /* If we don't have a context the only allowed commands are
1477 * pairing request and security request.
1479 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1483 case SMP_CMD_PAIRING_REQ
:
1484 reason
= smp_cmd_pairing_req(conn
, skb
);
1487 case SMP_CMD_PAIRING_FAIL
:
1488 smp_failure(conn
, 0);
1492 case SMP_CMD_PAIRING_RSP
:
1493 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1496 case SMP_CMD_SECURITY_REQ
:
1497 reason
= smp_cmd_security_req(conn
, skb
);
1500 case SMP_CMD_PAIRING_CONFIRM
:
1501 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1504 case SMP_CMD_PAIRING_RANDOM
:
1505 reason
= smp_cmd_pairing_random(conn
, skb
);
1508 case SMP_CMD_ENCRYPT_INFO
:
1509 reason
= smp_cmd_encrypt_info(conn
, skb
);
1512 case SMP_CMD_MASTER_IDENT
:
1513 reason
= smp_cmd_master_ident(conn
, skb
);
1516 case SMP_CMD_IDENT_INFO
:
1517 reason
= smp_cmd_ident_info(conn
, skb
);
1520 case SMP_CMD_IDENT_ADDR_INFO
:
1521 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1524 case SMP_CMD_SIGN_INFO
:
1525 reason
= smp_cmd_sign_info(conn
, skb
);
1529 BT_DBG("Unknown command code 0x%2.2x", code
);
1530 reason
= SMP_CMD_NOTSUPP
;
1537 smp_failure(conn
, reason
);
1544 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1550 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1552 struct l2cap_conn
*conn
= chan
->conn
;
1554 BT_DBG("chan %p", chan
);
1557 smp_chan_destroy(conn
);
1560 l2cap_chan_put(chan
);
1563 static void smp_resume_cb(struct l2cap_chan
*chan
)
1565 struct smp_chan
*smp
= chan
->data
;
1566 struct l2cap_conn
*conn
= chan
->conn
;
1567 struct hci_conn
*hcon
= conn
->hcon
;
1569 BT_DBG("chan %p", chan
);
1574 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1577 cancel_delayed_work(&smp
->security_timer
);
1579 smp_distribute_keys(smp
);
1582 static void smp_ready_cb(struct l2cap_chan
*chan
)
1584 struct l2cap_conn
*conn
= chan
->conn
;
1586 BT_DBG("chan %p", chan
);
1589 l2cap_chan_hold(chan
);
1592 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1596 BT_DBG("chan %p", chan
);
1598 err
= smp_sig_channel(chan
, skb
);
1600 struct smp_chan
*smp
= chan
->data
;
1603 cancel_delayed_work_sync(&smp
->security_timer
);
1605 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1611 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1612 unsigned long hdr_len
,
1613 unsigned long len
, int nb
)
1615 struct sk_buff
*skb
;
1617 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1619 return ERR_PTR(-ENOMEM
);
1621 skb
->priority
= HCI_PRIO_MAX
;
1622 bt_cb(skb
)->chan
= chan
;
1627 static const struct l2cap_ops smp_chan_ops
= {
1628 .name
= "Security Manager",
1629 .ready
= smp_ready_cb
,
1630 .recv
= smp_recv_cb
,
1631 .alloc_skb
= smp_alloc_skb_cb
,
1632 .teardown
= smp_teardown_cb
,
1633 .resume
= smp_resume_cb
,
1635 .new_connection
= l2cap_chan_no_new_connection
,
1636 .state_change
= l2cap_chan_no_state_change
,
1637 .close
= l2cap_chan_no_close
,
1638 .defer
= l2cap_chan_no_defer
,
1639 .suspend
= l2cap_chan_no_suspend
,
1640 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1641 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1642 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1645 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1647 struct l2cap_chan
*chan
;
1649 BT_DBG("pchan %p", pchan
);
1651 chan
= l2cap_chan_create();
1655 chan
->chan_type
= pchan
->chan_type
;
1656 chan
->ops
= &smp_chan_ops
;
1657 chan
->scid
= pchan
->scid
;
1658 chan
->dcid
= chan
->scid
;
1659 chan
->imtu
= pchan
->imtu
;
1660 chan
->omtu
= pchan
->omtu
;
1661 chan
->mode
= pchan
->mode
;
1663 /* Other L2CAP channels may request SMP routines in order to
1664 * change the security level. This means that the SMP channel
1665 * lock must be considered in its own category to avoid lockdep
1668 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
1670 BT_DBG("created chan %p", chan
);
1675 static const struct l2cap_ops smp_root_chan_ops
= {
1676 .name
= "Security Manager Root",
1677 .new_connection
= smp_new_conn_cb
,
1679 /* None of these are implemented for the root channel */
1680 .close
= l2cap_chan_no_close
,
1681 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1682 .recv
= l2cap_chan_no_recv
,
1683 .state_change
= l2cap_chan_no_state_change
,
1684 .teardown
= l2cap_chan_no_teardown
,
1685 .ready
= l2cap_chan_no_ready
,
1686 .defer
= l2cap_chan_no_defer
,
1687 .suspend
= l2cap_chan_no_suspend
,
1688 .resume
= l2cap_chan_no_resume
,
1689 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1690 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1691 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1694 int smp_register(struct hci_dev
*hdev
)
1696 struct l2cap_chan
*chan
;
1697 struct crypto_blkcipher
*tfm_aes
;
1699 BT_DBG("%s", hdev
->name
);
1701 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1702 if (IS_ERR(tfm_aes
)) {
1703 int err
= PTR_ERR(tfm_aes
);
1704 BT_ERR("Unable to create crypto context");
1708 chan
= l2cap_chan_create();
1710 crypto_free_blkcipher(tfm_aes
);
1714 chan
->data
= tfm_aes
;
1716 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1718 l2cap_chan_set_defaults(chan
);
1720 bacpy(&chan
->src
, &hdev
->bdaddr
);
1721 chan
->src_type
= BDADDR_LE_PUBLIC
;
1722 chan
->state
= BT_LISTEN
;
1723 chan
->mode
= L2CAP_MODE_BASIC
;
1724 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1725 chan
->ops
= &smp_root_chan_ops
;
1727 /* Set correct nesting level for a parent/listening channel */
1728 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
1730 hdev
->smp_data
= chan
;
1735 void smp_unregister(struct hci_dev
*hdev
)
1737 struct l2cap_chan
*chan
= hdev
->smp_data
;
1738 struct crypto_blkcipher
*tfm_aes
;
1743 BT_DBG("%s chan %p", hdev
->name
, chan
);
1745 tfm_aes
= chan
->data
;
1748 crypto_free_blkcipher(tfm_aes
);
1751 hdev
->smp_data
= NULL
;
1752 l2cap_chan_put(chan
);