2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(u8 src
[16], u8 dst
[16])
41 for (i
= 0; i
< 16; i
++)
45 static inline void swap56(u8 src
[7], u8 dst
[7])
48 for (i
= 0; i
< 7; i
++)
52 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
54 struct blkcipher_desc desc
;
55 struct scatterlist sg
;
59 BT_ERR("tfm %p", tfm
);
66 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
68 BT_ERR("cipher setkey failed: %d", err
);
72 sg_init_one(&sg
, r
, 16);
74 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
76 BT_ERR("Encrypt data error %d", err
);
81 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
86 /* r' = padding || r */
93 err
= smp_e(tfm
, k
, _res
);
95 BT_ERR("Encrypt error");
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
112 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
120 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
124 return !memcmp(bdaddr
->b
, hash
, 3);
127 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
128 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
129 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
136 /* p1 = pres || preq || _rat || _iat */
138 swap56(preq
, p1
+ 7);
144 /* p2 = padding || ia || ra */
145 baswap((bdaddr_t
*) (p2
+ 4), ia
);
146 baswap((bdaddr_t
*) (p2
+ 10), ra
);
149 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
151 /* res = e(k, res) */
152 err
= smp_e(tfm
, k
, res
);
154 BT_ERR("Encrypt data error");
158 /* res = res XOR p2 */
159 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
161 /* res = e(k, res) */
162 err
= smp_e(tfm
, k
, res
);
164 BT_ERR("Encrypt data error");
169 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
170 u8 r2
[16], u8 _r
[16])
174 /* Just least significant octets from r1 and r2 are considered */
175 memcpy(_r
, r1
+ 8, 8);
176 memcpy(_r
+ 8, r2
+ 8, 8);
178 err
= smp_e(tfm
, k
, _r
);
180 BT_ERR("Encrypt data error");
185 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
186 u16 dlen
, void *data
)
189 struct l2cap_hdr
*lh
;
192 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
197 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
201 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
202 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
203 lh
->cid
= __constant_cpu_to_le16(L2CAP_CID_SMP
);
205 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
207 memcpy(skb_put(skb
, dlen
), data
, dlen
);
212 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
214 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
216 BT_DBG("code 0x%2.2x", code
);
221 skb
->priority
= HCI_PRIO_MAX
;
222 hci_send_acl(conn
->hchan
, skb
, 0);
224 cancel_delayed_work_sync(&conn
->security_timer
);
225 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
228 static __u8
authreq_to_seclevel(__u8 authreq
)
230 if (authreq
& SMP_AUTH_MITM
)
231 return BT_SECURITY_HIGH
;
233 return BT_SECURITY_MEDIUM
;
236 static __u8
seclevel_to_authreq(__u8 sec_level
)
239 case BT_SECURITY_HIGH
:
240 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
241 case BT_SECURITY_MEDIUM
:
242 return SMP_AUTH_BONDING
;
244 return SMP_AUTH_NONE
;
248 static void build_pairing_cmd(struct l2cap_conn
*conn
,
249 struct smp_cmd_pairing
*req
,
250 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
254 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
255 dist_keys
= SMP_DIST_ENC_KEY
;
256 authreq
|= SMP_AUTH_BONDING
;
258 authreq
&= ~SMP_AUTH_BONDING
;
262 req
->io_capability
= conn
->hcon
->io_capability
;
263 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
264 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
265 req
->init_key_dist
= dist_keys
;
266 req
->resp_key_dist
= dist_keys
;
267 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
271 rsp
->io_capability
= conn
->hcon
->io_capability
;
272 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
273 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
274 rsp
->init_key_dist
= req
->init_key_dist
& dist_keys
;
275 rsp
->resp_key_dist
= req
->resp_key_dist
& dist_keys
;
276 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
279 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
281 struct smp_chan
*smp
= conn
->smp_chan
;
283 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
284 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
285 return SMP_ENC_KEY_SIZE
;
287 smp
->enc_key_size
= max_key_size
;
292 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
294 struct hci_conn
*hcon
= conn
->hcon
;
297 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
300 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
301 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
302 HCI_ERROR_AUTH_FAILURE
);
304 cancel_delayed_work_sync(&conn
->security_timer
);
306 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
307 smp_chan_destroy(conn
);
310 #define JUST_WORKS 0x00
311 #define JUST_CFM 0x01
312 #define REQ_PASSKEY 0x02
313 #define CFM_PASSKEY 0x03
317 static const u8 gen_method
[5][5] = {
318 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
319 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
320 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
321 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
322 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
325 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
326 u8 local_io
, u8 remote_io
)
328 struct hci_conn
*hcon
= conn
->hcon
;
329 struct smp_chan
*smp
= conn
->smp_chan
;
334 /* Initialize key for JUST WORKS */
335 memset(smp
->tk
, 0, sizeof(smp
->tk
));
336 clear_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
338 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
340 /* If neither side wants MITM, use JUST WORKS */
341 /* If either side has unknown io_caps, use JUST WORKS */
342 /* Otherwise, look up method from the table */
343 if (!(auth
& SMP_AUTH_MITM
) ||
344 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
345 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
348 method
= gen_method
[remote_io
][local_io
];
350 /* If not bonding, don't ask user to confirm a Zero TK */
351 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
354 /* If Just Works, Continue with Zero TK */
355 if (method
== JUST_WORKS
) {
356 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
360 /* Not Just Works/Confirm results in MITM Authentication */
361 if (method
!= JUST_CFM
)
362 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->smp_flags
);
364 /* If both devices have Keyoard-Display I/O, the master
365 * Confirms and the slave Enters the passkey.
367 if (method
== OVERLAP
) {
368 if (hcon
->link_mode
& HCI_LM_MASTER
)
369 method
= CFM_PASSKEY
;
371 method
= REQ_PASSKEY
;
374 /* Generate random passkey. Not valid until confirmed. */
375 if (method
== CFM_PASSKEY
) {
378 memset(key
, 0, sizeof(key
));
379 get_random_bytes(&passkey
, sizeof(passkey
));
381 put_unaligned_le32(passkey
, key
);
382 swap128(key
, smp
->tk
);
383 BT_DBG("PassKey: %d", passkey
);
386 hci_dev_lock(hcon
->hdev
);
388 if (method
== REQ_PASSKEY
)
389 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
390 hcon
->type
, hcon
->dst_type
);
392 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
393 hcon
->type
, hcon
->dst_type
,
394 cpu_to_le32(passkey
), 0);
396 hci_dev_unlock(hcon
->hdev
);
401 static void confirm_work(struct work_struct
*work
)
403 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, confirm
);
404 struct l2cap_conn
*conn
= smp
->conn
;
405 struct crypto_blkcipher
*tfm
;
406 struct smp_cmd_pairing_confirm cp
;
410 BT_DBG("conn %p", conn
);
412 tfm
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
414 reason
= SMP_UNSPECIFIED
;
421 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
422 conn
->hcon
->src_type
, &conn
->hcon
->src
,
423 conn
->hcon
->dst_type
, &conn
->hcon
->dst
, res
);
425 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
426 conn
->hcon
->dst_type
, &conn
->hcon
->dst
,
427 conn
->hcon
->src_type
, &conn
->hcon
->src
, res
);
429 reason
= SMP_UNSPECIFIED
;
433 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
435 swap128(res
, cp
.confirm_val
);
436 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
441 smp_failure(conn
, reason
);
444 static void random_work(struct work_struct
*work
)
446 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, random
);
447 struct l2cap_conn
*conn
= smp
->conn
;
448 struct hci_conn
*hcon
= conn
->hcon
;
449 struct crypto_blkcipher
*tfm
= smp
->tfm
;
450 u8 reason
, confirm
[16], res
[16], key
[16];
453 if (IS_ERR_OR_NULL(tfm
)) {
454 reason
= SMP_UNSPECIFIED
;
458 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
461 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
462 hcon
->src_type
, &hcon
->src
,
463 hcon
->dst_type
, &hcon
->dst
, res
);
465 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
466 hcon
->dst_type
, &hcon
->dst
,
467 hcon
->src_type
, &hcon
->src
, res
);
469 reason
= SMP_UNSPECIFIED
;
473 swap128(res
, confirm
);
475 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
476 BT_ERR("Pairing failed (confirmation values mismatch)");
477 reason
= SMP_CONFIRM_FAILED
;
485 memset(rand
, 0, sizeof(rand
));
488 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, key
);
491 memset(stk
+ smp
->enc_key_size
, 0,
492 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
494 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
)) {
495 reason
= SMP_UNSPECIFIED
;
499 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
500 hcon
->enc_key_size
= smp
->enc_key_size
;
502 u8 stk
[16], r
[16], rand
[8];
505 memset(rand
, 0, sizeof(rand
));
508 swap128(smp
->prnd
, r
);
509 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(r
), r
);
511 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, key
);
514 memset(stk
+ smp
->enc_key_size
, 0,
515 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
517 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
518 HCI_SMP_STK_SLAVE
, 0, 0, stk
, smp
->enc_key_size
,
525 smp_failure(conn
, reason
);
528 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
530 struct smp_chan
*smp
;
532 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
536 INIT_WORK(&smp
->confirm
, confirm_work
);
537 INIT_WORK(&smp
->random
, random_work
);
540 conn
->smp_chan
= smp
;
541 conn
->hcon
->smp_conn
= conn
;
543 hci_conn_hold(conn
->hcon
);
548 void smp_chan_destroy(struct l2cap_conn
*conn
)
550 struct smp_chan
*smp
= conn
->smp_chan
;
555 crypto_free_blkcipher(smp
->tfm
);
558 conn
->smp_chan
= NULL
;
559 conn
->hcon
->smp_conn
= NULL
;
560 hci_conn_drop(conn
->hcon
);
563 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
565 struct l2cap_conn
*conn
= hcon
->smp_conn
;
566 struct smp_chan
*smp
;
575 smp
= conn
->smp_chan
;
578 case MGMT_OP_USER_PASSKEY_REPLY
:
579 value
= le32_to_cpu(passkey
);
580 memset(key
, 0, sizeof(key
));
581 BT_DBG("PassKey: %d", value
);
582 put_unaligned_le32(value
, key
);
583 swap128(key
, smp
->tk
);
585 case MGMT_OP_USER_CONFIRM_REPLY
:
586 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
588 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
589 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
590 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
593 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
597 /* If it is our turn to send Pairing Confirm, do so now */
598 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
))
599 queue_work(hcon
->hdev
->workqueue
, &smp
->confirm
);
604 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
606 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
607 struct smp_chan
*smp
;
609 u8 auth
= SMP_AUTH_NONE
;
612 BT_DBG("conn %p", conn
);
614 if (skb
->len
< sizeof(*req
))
615 return SMP_UNSPECIFIED
;
617 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
618 return SMP_CMD_NOTSUPP
;
620 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
621 smp
= smp_chan_create(conn
);
623 smp
= conn
->smp_chan
;
626 return SMP_UNSPECIFIED
;
628 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
629 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
630 skb_pull(skb
, sizeof(*req
));
632 /* We didn't start the pairing, so match remote */
633 if (req
->auth_req
& SMP_AUTH_BONDING
)
634 auth
= req
->auth_req
;
636 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
638 build_pairing_cmd(conn
, req
, &rsp
, auth
);
640 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
641 if (check_enc_key_size(conn
, key_size
))
642 return SMP_ENC_KEY_SIZE
;
644 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
646 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
647 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
649 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
651 /* Request setup of TK */
652 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
654 return SMP_UNSPECIFIED
;
659 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
661 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
662 struct smp_chan
*smp
= conn
->smp_chan
;
663 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
664 u8 key_size
, auth
= SMP_AUTH_NONE
;
667 BT_DBG("conn %p", conn
);
669 if (skb
->len
< sizeof(*rsp
))
670 return SMP_UNSPECIFIED
;
672 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
673 return SMP_CMD_NOTSUPP
;
675 skb_pull(skb
, sizeof(*rsp
));
677 req
= (void *) &smp
->preq
[1];
679 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
680 if (check_enc_key_size(conn
, key_size
))
681 return SMP_ENC_KEY_SIZE
;
683 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
685 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
686 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
688 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
689 (rsp
->auth_req
& SMP_AUTH_BONDING
))
690 auth
= SMP_AUTH_BONDING
;
692 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
694 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
696 return SMP_UNSPECIFIED
;
698 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
700 /* Can't compose response until we have been confirmed */
701 if (!test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
704 queue_work(hdev
->workqueue
, &smp
->confirm
);
709 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
711 struct smp_chan
*smp
= conn
->smp_chan
;
712 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
714 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
716 if (skb
->len
< sizeof(smp
->pcnf
))
717 return SMP_UNSPECIFIED
;
719 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
720 skb_pull(skb
, sizeof(smp
->pcnf
));
722 if (conn
->hcon
->out
) {
725 swap128(smp
->prnd
, random
);
726 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
728 } else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
)) {
729 queue_work(hdev
->workqueue
, &smp
->confirm
);
731 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
737 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
739 struct smp_chan
*smp
= conn
->smp_chan
;
740 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
742 BT_DBG("conn %p", conn
);
744 if (skb
->len
< sizeof(smp
->rrnd
))
745 return SMP_UNSPECIFIED
;
747 swap128(skb
->data
, smp
->rrnd
);
748 skb_pull(skb
, sizeof(smp
->rrnd
));
750 queue_work(hdev
->workqueue
, &smp
->random
);
755 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
758 struct hci_conn
*hcon
= conn
->hcon
;
760 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
765 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
768 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
771 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
772 hcon
->enc_key_size
= key
->enc_size
;
777 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
779 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
780 struct smp_cmd_pairing cp
;
781 struct hci_conn
*hcon
= conn
->hcon
;
782 struct smp_chan
*smp
;
784 BT_DBG("conn %p", conn
);
786 if (skb
->len
< sizeof(*rp
))
787 return SMP_UNSPECIFIED
;
789 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
790 return SMP_CMD_NOTSUPP
;
792 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
794 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
797 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
800 smp
= smp_chan_create(conn
);
802 skb_pull(skb
, sizeof(*rp
));
804 memset(&cp
, 0, sizeof(cp
));
805 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
807 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
808 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
810 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
815 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
817 if (sec_level
== BT_SECURITY_LOW
)
820 if (hcon
->sec_level
>= sec_level
)
826 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
828 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
829 struct smp_chan
*smp
= conn
->smp_chan
;
832 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
834 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
837 if (smp_sufficient_security(hcon
, sec_level
))
840 if (hcon
->link_mode
& HCI_LM_MASTER
)
841 if (smp_ltk_encrypt(conn
, sec_level
))
844 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
847 smp
= smp_chan_create(conn
);
851 authreq
= seclevel_to_authreq(sec_level
);
853 if (hcon
->link_mode
& HCI_LM_MASTER
) {
854 struct smp_cmd_pairing cp
;
856 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
857 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
858 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
860 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
862 struct smp_cmd_security_req cp
;
863 cp
.auth_req
= authreq
;
864 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
868 hcon
->pending_sec_level
= sec_level
;
873 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
875 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
876 struct smp_chan
*smp
= conn
->smp_chan
;
878 BT_DBG("conn %p", conn
);
880 if (skb
->len
< sizeof(*rp
))
881 return SMP_UNSPECIFIED
;
883 skb_pull(skb
, sizeof(*rp
));
885 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
890 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
892 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
893 struct smp_chan
*smp
= conn
->smp_chan
;
894 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
895 struct hci_conn
*hcon
= conn
->hcon
;
898 BT_DBG("conn %p", conn
);
900 if (skb
->len
< sizeof(*rp
))
901 return SMP_UNSPECIFIED
;
903 skb_pull(skb
, sizeof(*rp
));
906 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
907 hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
, 1,
908 authenticated
, smp
->tk
, smp
->enc_key_size
,
910 smp_distribute_keys(conn
, 1);
911 hci_dev_unlock(hdev
);
916 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
918 struct hci_conn
*hcon
= conn
->hcon
;
922 if (hcon
->type
!= LE_LINK
) {
932 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
934 reason
= SMP_PAIRING_NOTSUPP
;
939 skb_pull(skb
, sizeof(code
));
942 * The SMP context must be initialized for all other PDUs except
943 * pairing and security requests. If we get any other PDU when
944 * not initialized simply disconnect (done if this function
947 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
949 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
955 case SMP_CMD_PAIRING_REQ
:
956 reason
= smp_cmd_pairing_req(conn
, skb
);
959 case SMP_CMD_PAIRING_FAIL
:
960 smp_failure(conn
, 0);
965 case SMP_CMD_PAIRING_RSP
:
966 reason
= smp_cmd_pairing_rsp(conn
, skb
);
969 case SMP_CMD_SECURITY_REQ
:
970 reason
= smp_cmd_security_req(conn
, skb
);
973 case SMP_CMD_PAIRING_CONFIRM
:
974 reason
= smp_cmd_pairing_confirm(conn
, skb
);
977 case SMP_CMD_PAIRING_RANDOM
:
978 reason
= smp_cmd_pairing_random(conn
, skb
);
981 case SMP_CMD_ENCRYPT_INFO
:
982 reason
= smp_cmd_encrypt_info(conn
, skb
);
985 case SMP_CMD_MASTER_IDENT
:
986 reason
= smp_cmd_master_ident(conn
, skb
);
989 case SMP_CMD_IDENT_INFO
:
990 case SMP_CMD_IDENT_ADDR_INFO
:
991 case SMP_CMD_SIGN_INFO
:
997 BT_DBG("Unknown command code 0x%2.2x", code
);
999 reason
= SMP_CMD_NOTSUPP
;
1006 smp_failure(conn
, reason
);
1012 int smp_distribute_keys(struct l2cap_conn
*conn
, __u8 force
)
1014 struct smp_cmd_pairing
*req
, *rsp
;
1015 struct smp_chan
*smp
= conn
->smp_chan
;
1018 BT_DBG("conn %p force %d", conn
, force
);
1020 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
1023 rsp
= (void *) &smp
->prsp
[1];
1025 /* The responder sends its keys first */
1026 if (!force
&& conn
->hcon
->out
&& (rsp
->resp_key_dist
& 0x07))
1029 req
= (void *) &smp
->preq
[1];
1031 if (conn
->hcon
->out
) {
1032 keydist
= &rsp
->init_key_dist
;
1033 *keydist
&= req
->init_key_dist
;
1035 keydist
= &rsp
->resp_key_dist
;
1036 *keydist
&= req
->resp_key_dist
;
1039 BT_DBG("keydist 0x%x", *keydist
);
1041 if (*keydist
& SMP_DIST_ENC_KEY
) {
1042 struct smp_cmd_encrypt_info enc
;
1043 struct smp_cmd_master_ident ident
;
1044 struct hci_conn
*hcon
= conn
->hcon
;
1048 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1049 get_random_bytes(&ediv
, sizeof(ediv
));
1050 get_random_bytes(ident
.rand
, sizeof(ident
.rand
));
1052 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1054 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1055 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1056 HCI_SMP_LTK_SLAVE
, 1, authenticated
,
1057 enc
.ltk
, smp
->enc_key_size
, ediv
, ident
.rand
);
1061 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1063 *keydist
&= ~SMP_DIST_ENC_KEY
;
1066 if (*keydist
& SMP_DIST_ID_KEY
) {
1067 struct smp_cmd_ident_addr_info addrinfo
;
1068 struct smp_cmd_ident_info idinfo
;
1070 /* Send a dummy key */
1071 get_random_bytes(idinfo
.irk
, sizeof(idinfo
.irk
));
1073 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1075 /* Just public address */
1076 memset(&addrinfo
, 0, sizeof(addrinfo
));
1077 bacpy(&addrinfo
.bdaddr
, &conn
->hcon
->src
);
1079 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1082 *keydist
&= ~SMP_DIST_ID_KEY
;
1085 if (*keydist
& SMP_DIST_SIGN
) {
1086 struct smp_cmd_sign_info sign
;
1088 /* Send a dummy key */
1089 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1091 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1093 *keydist
&= ~SMP_DIST_SIGN
;
1096 if (conn
->hcon
->out
|| force
) {
1097 clear_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
);
1098 cancel_delayed_work_sync(&conn
->security_timer
);
1099 smp_chan_destroy(conn
);