projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add clarifying comment for LE CoC result value
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 struct delayed_work security_timer;
49 struct work_struct distribute_work;
50
51 u8 preq[7]; /* SMP Pairing Request */
52 u8 prsp[7]; /* SMP Pairing Response */
53 u8 prnd[16]; /* SMP Pairing Random (local) */
54 u8 rrnd[16]; /* SMP Pairing Random (remote) */
55 u8 pcnf[16]; /* SMP Pairing Confirm */
56 u8 tk[16]; /* SMP Temporary Key */
57 u8 enc_key_size;
58 u8 remote_key_dist;
59 bdaddr_t id_addr;
60 u8 id_addr_type;
61 u8 irk[16];
62 struct smp_csrk *csrk;
63 struct smp_csrk *slave_csrk;
64 struct smp_ltk *ltk;
65 struct smp_ltk *slave_ltk;
66 struct smp_irk *remote_irk;
67 unsigned long flags;
68
69 struct crypto_blkcipher *tfm_aes;
70 };
71
72 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
73 {
74 size_t i;
75
76 for (i = 0; i < len; i++)
77 dst[len - 1 - i] = src[i];
78 }
79
80 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
81 {
82 struct blkcipher_desc desc;
83 struct scatterlist sg;
84 uint8_t tmp[16], data[16];
85 int err;
86
87 if (tfm == NULL) {
88 BT_ERR("tfm %p", tfm);
89 return -EINVAL;
90 }
91
92 desc.tfm = tfm;
93 desc.flags = 0;
94
95 /* The most significant octet of key corresponds to k[0] */
96 swap_buf(k, tmp, 16);
97
98 err = crypto_blkcipher_setkey(tfm, tmp, 16);
99 if (err) {
100 BT_ERR("cipher setkey failed: %d", err);
101 return err;
102 }
103
104 /* Most significant octet of plaintextData corresponds to data[0] */
105 swap_buf(r, data, 16);
106
107 sg_init_one(&sg, data, 16);
108
109 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
110 if (err)
111 BT_ERR("Encrypt data error %d", err);
112
113 /* Most significant octet of encryptedData corresponds to data[0] */
114 swap_buf(data, r, 16);
115
116 return err;
117 }
118
119 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
120 {
121 u8 _res[16];
122 int err;
123
124 /* r' = padding || r */
125 memcpy(_res, r, 3);
126 memset(_res + 3, 0, 13);
127
128 err = smp_e(tfm, irk, _res);
129 if (err) {
130 BT_ERR("Encrypt error");
131 return err;
132 }
133
134 /* The output of the random address function ah is:
135 * ah(h, r) = e(k, r') mod 2^24
136 * The output of the security function e is then truncated to 24 bits
137 * by taking the least significant 24 bits of the output of e as the
138 * result of ah.
139 */
140 memcpy(res, _res, 3);
141
142 return 0;
143 }
144
145 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
146 {
147 struct l2cap_chan *chan = hdev->smp_data;
148 struct crypto_blkcipher *tfm;
149 u8 hash[3];
150 int err;
151
152 if (!chan || !chan->data)
153 return false;
154
155 tfm = chan->data;
156
157 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
158
159 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
160 if (err)
161 return false;
162
163 return !memcmp(bdaddr->b, hash, 3);
164 }
165
166 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
167 {
168 struct l2cap_chan *chan = hdev->smp_data;
169 struct crypto_blkcipher *tfm;
170 int err;
171
172 if (!chan || !chan->data)
173 return -EOPNOTSUPP;
174
175 tfm = chan->data;
176
177 get_random_bytes(&rpa->b[3], 3);
178
179 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
180 rpa->b[5] |= 0x40; /* Set second most significant bit */
181
182 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
183 if (err < 0)
184 return err;
185
186 BT_DBG("RPA %pMR", rpa);
187
188 return 0;
189 }
190
191 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
192 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
193 u8 res[16])
194 {
195 struct hci_dev *hdev = smp->conn->hcon->hdev;
196 u8 p1[16], p2[16];
197 int err;
198
199 BT_DBG("%s", hdev->name);
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(smp->tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(smp->tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
236 u8 _r[16])
237 {
238 struct hci_dev *hdev = smp->conn->hcon->hdev;
239 int err;
240
241 BT_DBG("%s", hdev->name);
242
243 /* Just least significant octets from r1 and r2 are considered */
244 memcpy(_r, r2, 8);
245 memcpy(_r + 8, r1, 8);
246
247 err = smp_e(smp->tfm_aes, k, _r);
248 if (err)
249 BT_ERR("Encrypt data error");
250
251 return err;
252 }
253
254 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
255 {
256 struct l2cap_chan *chan = conn->smp;
257 struct smp_chan *smp;
258 struct kvec iv[2];
259 struct msghdr msg;
260
261 if (!chan)
262 return;
263
264 BT_DBG("code 0x%2.2x", code);
265
266 iv[0].iov_base = &code;
267 iv[0].iov_len = 1;
268
269 iv[1].iov_base = data;
270 iv[1].iov_len = len;
271
272 memset(&msg, 0, sizeof(msg));
273
274 msg.msg_iov = (struct iovec *) &iv;
275 msg.msg_iovlen = 2;
276
277 l2cap_chan_send(chan, &msg, 1 + len);
278
279 if (!chan->data)
280 return;
281
282 smp = chan->data;
283
284 cancel_delayed_work_sync(&smp->security_timer);
285 if (test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
286 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
287 }
288
289 static __u8 authreq_to_seclevel(__u8 authreq)
290 {
291 if (authreq & SMP_AUTH_MITM)
292 return BT_SECURITY_HIGH;
293 else
294 return BT_SECURITY_MEDIUM;
295 }
296
297 static __u8 seclevel_to_authreq(__u8 sec_level)
298 {
299 switch (sec_level) {
300 case BT_SECURITY_HIGH:
301 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
302 case BT_SECURITY_MEDIUM:
303 return SMP_AUTH_BONDING;
304 default:
305 return SMP_AUTH_NONE;
306 }
307 }
308
309 static void build_pairing_cmd(struct l2cap_conn *conn,
310 struct smp_cmd_pairing *req,
311 struct smp_cmd_pairing *rsp, __u8 authreq)
312 {
313 struct l2cap_chan *chan = conn->smp;
314 struct smp_chan *smp = chan->data;
315 struct hci_conn *hcon = conn->hcon;
316 struct hci_dev *hdev = hcon->hdev;
317 u8 local_dist = 0, remote_dist = 0;
318
319 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
320 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
321 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
322 authreq |= SMP_AUTH_BONDING;
323 } else {
324 authreq &= ~SMP_AUTH_BONDING;
325 }
326
327 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
328 remote_dist |= SMP_DIST_ID_KEY;
329
330 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
331 local_dist |= SMP_DIST_ID_KEY;
332
333 if (rsp == NULL) {
334 req->io_capability = conn->hcon->io_capability;
335 req->oob_flag = SMP_OOB_NOT_PRESENT;
336 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
337 req->init_key_dist = local_dist;
338 req->resp_key_dist = remote_dist;
339 req->auth_req = (authreq & AUTH_REQ_MASK);
340
341 smp->remote_key_dist = remote_dist;
342 return;
343 }
344
345 rsp->io_capability = conn->hcon->io_capability;
346 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
347 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
348 rsp->init_key_dist = req->init_key_dist & remote_dist;
349 rsp->resp_key_dist = req->resp_key_dist & local_dist;
350 rsp->auth_req = (authreq & AUTH_REQ_MASK);
351
352 smp->remote_key_dist = rsp->init_key_dist;
353 }
354
355 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
356 {
357 struct l2cap_chan *chan = conn->smp;
358 struct smp_chan *smp = chan->data;
359
360 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
361 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
362 return SMP_ENC_KEY_SIZE;
363
364 smp->enc_key_size = max_key_size;
365
366 return 0;
367 }
368
369 static void smp_chan_destroy(struct l2cap_conn *conn)
370 {
371 struct l2cap_chan *chan = conn->smp;
372 struct smp_chan *smp = chan->data;
373 bool complete;
374
375 BUG_ON(!smp);
376
377 cancel_delayed_work_sync(&smp->security_timer);
378 /* In case the timeout freed the SMP context */
379 if (!chan->data)
380 return;
381
382 if (work_pending(&smp->distribute_work)) {
383 cancel_work_sync(&smp->distribute_work);
384 if (!chan->data)
385 return;
386 }
387
388 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
389 mgmt_smp_complete(conn->hcon, complete);
390
391 kfree(smp->csrk);
392 kfree(smp->slave_csrk);
393
394 crypto_free_blkcipher(smp->tfm_aes);
395
396 /* If pairing failed clean up any keys we might have */
397 if (!complete) {
398 if (smp->ltk) {
399 list_del(&smp->ltk->list);
400 kfree(smp->ltk);
401 }
402
403 if (smp->slave_ltk) {
404 list_del(&smp->slave_ltk->list);
405 kfree(smp->slave_ltk);
406 }
407
408 if (smp->remote_irk) {
409 list_del(&smp->remote_irk->list);
410 kfree(smp->remote_irk);
411 }
412 }
413
414 chan->data = NULL;
415 kfree(smp);
416 hci_conn_drop(conn->hcon);
417 }
418
419 static void smp_failure(struct l2cap_conn *conn, u8 reason)
420 {
421 struct hci_conn *hcon = conn->hcon;
422 struct l2cap_chan *chan = conn->smp;
423 struct smp_chan *smp;
424
425 if (reason)
426 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
427 &reason);
428
429 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
430 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
431 HCI_ERROR_AUTH_FAILURE);
432
433 if (!chan->data)
434 return;
435
436 smp = chan->data;
437
438 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
439 smp_chan_destroy(conn);
440 }
441
442 #define JUST_WORKS 0x00
443 #define JUST_CFM 0x01
444 #define REQ_PASSKEY 0x02
445 #define CFM_PASSKEY 0x03
446 #define REQ_OOB 0x04
447 #define OVERLAP 0xFF
448
449 static const u8 gen_method[5][5] = {
450 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
451 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
452 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
453 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
454 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
455 };
456
457 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
458 {
459 /* If either side has unknown io_caps, use JUST_CFM (which gets
460 * converted later to JUST_WORKS if we're initiators.
461 */
462 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
463 remote_io > SMP_IO_KEYBOARD_DISPLAY)
464 return JUST_CFM;
465
466 return gen_method[remote_io][local_io];
467 }
468
469 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
470 u8 local_io, u8 remote_io)
471 {
472 struct hci_conn *hcon = conn->hcon;
473 struct l2cap_chan *chan = conn->smp;
474 struct smp_chan *smp = chan->data;
475 u8 method;
476 u32 passkey = 0;
477 int ret = 0;
478
479 /* Initialize key for JUST WORKS */
480 memset(smp->tk, 0, sizeof(smp->tk));
481 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
482
483 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
484
485 /* If neither side wants MITM, either "just" confirm an incoming
486 * request or use just-works for outgoing ones. The JUST_CFM
487 * will be converted to JUST_WORKS if necessary later in this
488 * function. If either side has MITM look up the method from the
489 * table.
490 */
491 if (!(auth & SMP_AUTH_MITM))
492 method = JUST_CFM;
493 else
494 method = get_auth_method(smp, local_io, remote_io);
495
496 /* Don't confirm locally initiated pairing attempts */
497 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
498 method = JUST_WORKS;
499
500 /* Don't bother user space with no IO capabilities */
501 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
502 method = JUST_WORKS;
503
504 /* If Just Works, Continue with Zero TK */
505 if (method == JUST_WORKS) {
506 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
507 return 0;
508 }
509
510 /* Not Just Works/Confirm results in MITM Authentication */
511 if (method != JUST_CFM)
512 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
513
514 /* If both devices have Keyoard-Display I/O, the master
515 * Confirms and the slave Enters the passkey.
516 */
517 if (method == OVERLAP) {
518 if (hcon->role == HCI_ROLE_MASTER)
519 method = CFM_PASSKEY;
520 else
521 method = REQ_PASSKEY;
522 }
523
524 /* Generate random passkey. */
525 if (method == CFM_PASSKEY) {
526 memset(smp->tk, 0, sizeof(smp->tk));
527 get_random_bytes(&passkey, sizeof(passkey));
528 passkey %= 1000000;
529 put_unaligned_le32(passkey, smp->tk);
530 BT_DBG("PassKey: %d", passkey);
531 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
532 }
533
534 hci_dev_lock(hcon->hdev);
535
536 if (method == REQ_PASSKEY)
537 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
538 hcon->type, hcon->dst_type);
539 else if (method == JUST_CFM)
540 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
541 hcon->type, hcon->dst_type,
542 passkey, 1);
543 else
544 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
545 hcon->type, hcon->dst_type,
546 passkey, 0);
547
548 hci_dev_unlock(hcon->hdev);
549
550 return ret;
551 }
552
553 static u8 smp_confirm(struct smp_chan *smp)
554 {
555 struct l2cap_conn *conn = smp->conn;
556 struct smp_cmd_pairing_confirm cp;
557 int ret;
558
559 BT_DBG("conn %p", conn);
560
561 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
562 conn->hcon->init_addr_type, &conn->hcon->init_addr,
563 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
564 cp.confirm_val);
565 if (ret)
566 return SMP_UNSPECIFIED;
567
568 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
569
570 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
571
572 return 0;
573 }
574
575 static u8 smp_random(struct smp_chan *smp)
576 {
577 struct l2cap_conn *conn = smp->conn;
578 struct hci_conn *hcon = conn->hcon;
579 u8 confirm[16];
580 int ret;
581
582 if (IS_ERR_OR_NULL(smp->tfm_aes))
583 return SMP_UNSPECIFIED;
584
585 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
586
587 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
588 hcon->init_addr_type, &hcon->init_addr,
589 hcon->resp_addr_type, &hcon->resp_addr, confirm);
590 if (ret)
591 return SMP_UNSPECIFIED;
592
593 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
594 BT_ERR("Pairing failed (confirmation values mismatch)");
595 return SMP_CONFIRM_FAILED;
596 }
597
598 if (hcon->out) {
599 u8 stk[16];
600 __le64 rand = 0;
601 __le16 ediv = 0;
602
603 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
604
605 memset(stk + smp->enc_key_size, 0,
606 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
607
608 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
609 return SMP_UNSPECIFIED;
610
611 hci_le_start_enc(hcon, ediv, rand, stk);
612 hcon->enc_key_size = smp->enc_key_size;
613 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
614 } else {
615 u8 stk[16], auth;
616 __le64 rand = 0;
617 __le16 ediv = 0;
618
619 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
620 smp->prnd);
621
622 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
623
624 memset(stk + smp->enc_key_size, 0,
625 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
626
627 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
628 auth = 1;
629 else
630 auth = 0;
631
632 /* Even though there's no _SLAVE suffix this is the
633 * slave STK we're adding for later lookup (the master
634 * STK never needs to be stored).
635 */
636 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
637 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
638 }
639
640 return 0;
641 }
642
643 static void smp_notify_keys(struct l2cap_conn *conn)
644 {
645 struct l2cap_chan *chan = conn->smp;
646 struct smp_chan *smp = chan->data;
647 struct hci_conn *hcon = conn->hcon;
648 struct hci_dev *hdev = hcon->hdev;
649 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
650 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
651 bool persistent;
652
653 if (smp->remote_irk) {
654 mgmt_new_irk(hdev, smp->remote_irk);
655 /* Now that user space can be considered to know the
656 * identity address track the connection based on it
657 * from now on.
658 */
659 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
660 hcon->dst_type = smp->remote_irk->addr_type;
661 l2cap_conn_update_id_addr(hcon);
662
663 /* When receiving an indentity resolving key for
664 * a remote device that does not use a resolvable
665 * private address, just remove the key so that
666 * it is possible to use the controller white
667 * list for scanning.
668 *
669 * Userspace will have been told to not store
670 * this key at this point. So it is safe to
671 * just remove it.
672 */
673 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
674 list_del(&smp->remote_irk->list);
675 kfree(smp->remote_irk);
676 smp->remote_irk = NULL;
677 }
678 }
679
680 /* The LTKs and CSRKs should be persistent only if both sides
681 * had the bonding bit set in their authentication requests.
682 */
683 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
684
685 if (smp->csrk) {
686 smp->csrk->bdaddr_type = hcon->dst_type;
687 bacpy(&smp->csrk->bdaddr, &hcon->dst);
688 mgmt_new_csrk(hdev, smp->csrk, persistent);
689 }
690
691 if (smp->slave_csrk) {
692 smp->slave_csrk->bdaddr_type = hcon->dst_type;
693 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
694 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
695 }
696
697 if (smp->ltk) {
698 smp->ltk->bdaddr_type = hcon->dst_type;
699 bacpy(&smp->ltk->bdaddr, &hcon->dst);
700 mgmt_new_ltk(hdev, smp->ltk, persistent);
701 }
702
703 if (smp->slave_ltk) {
704 smp->slave_ltk->bdaddr_type = hcon->dst_type;
705 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
706 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
707 }
708 }
709
710 static void smp_distribute_keys(struct work_struct *work)
711 {
712 struct smp_chan *smp = container_of(work, struct smp_chan,
713 distribute_work);
714 struct smp_cmd_pairing *req, *rsp;
715 struct l2cap_conn *conn = smp->conn;
716 struct hci_conn *hcon = conn->hcon;
717 struct hci_dev *hdev = hcon->hdev;
718 __u8 *keydist;
719
720 BT_DBG("conn %p", conn);
721
722 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
723 return;
724
725 rsp = (void *) &smp->prsp[1];
726
727 /* The responder sends its keys first */
728 if (hcon->out && (smp->remote_key_dist & 0x07))
729 return;
730
731 req = (void *) &smp->preq[1];
732
733 if (hcon->out) {
734 keydist = &rsp->init_key_dist;
735 *keydist &= req->init_key_dist;
736 } else {
737 keydist = &rsp->resp_key_dist;
738 *keydist &= req->resp_key_dist;
739 }
740
741 BT_DBG("keydist 0x%x", *keydist);
742
743 if (*keydist & SMP_DIST_ENC_KEY) {
744 struct smp_cmd_encrypt_info enc;
745 struct smp_cmd_master_ident ident;
746 struct smp_ltk *ltk;
747 u8 authenticated;
748 __le16 ediv;
749 __le64 rand;
750
751 get_random_bytes(enc.ltk, sizeof(enc.ltk));
752 get_random_bytes(&ediv, sizeof(ediv));
753 get_random_bytes(&rand, sizeof(rand));
754
755 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
756
757 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
758 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
759 SMP_LTK_SLAVE, authenticated, enc.ltk,
760 smp->enc_key_size, ediv, rand);
761 smp->slave_ltk = ltk;
762
763 ident.ediv = ediv;
764 ident.rand = rand;
765
766 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
767
768 *keydist &= ~SMP_DIST_ENC_KEY;
769 }
770
771 if (*keydist & SMP_DIST_ID_KEY) {
772 struct smp_cmd_ident_addr_info addrinfo;
773 struct smp_cmd_ident_info idinfo;
774
775 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
776
777 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
778
779 /* The hci_conn contains the local identity address
780 * after the connection has been established.
781 *
782 * This is true even when the connection has been
783 * established using a resolvable random address.
784 */
785 bacpy(&addrinfo.bdaddr, &hcon->src);
786 addrinfo.addr_type = hcon->src_type;
787
788 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
789 &addrinfo);
790
791 *keydist &= ~SMP_DIST_ID_KEY;
792 }
793
794 if (*keydist & SMP_DIST_SIGN) {
795 struct smp_cmd_sign_info sign;
796 struct smp_csrk *csrk;
797
798 /* Generate a new random key */
799 get_random_bytes(sign.csrk, sizeof(sign.csrk));
800
801 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
802 if (csrk) {
803 csrk->master = 0x00;
804 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
805 }
806 smp->slave_csrk = csrk;
807
808 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
809
810 *keydist &= ~SMP_DIST_SIGN;
811 }
812
813 /* If there are still keys to be received wait for them */
814 if ((smp->remote_key_dist & 0x07))
815 return;
816
817 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
818 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
819 smp_notify_keys(conn);
820
821 smp_chan_destroy(conn);
822 }
823
824 static void smp_timeout(struct work_struct *work)
825 {
826 struct smp_chan *smp = container_of(work, struct smp_chan,
827 security_timer.work);
828 struct l2cap_conn *conn = smp->conn;
829
830 BT_DBG("conn %p", conn);
831
832 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
833 }
834
835 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
836 {
837 struct l2cap_chan *chan = conn->smp;
838 struct smp_chan *smp;
839
840 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
841 if (!smp) {
842 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
843 return NULL;
844 }
845
846 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
847 if (IS_ERR(smp->tfm_aes)) {
848 BT_ERR("Unable to create ECB crypto context");
849 kfree(smp);
850 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
851 return NULL;
852 }
853
854 smp->conn = conn;
855 chan->data = smp;
856
857 INIT_WORK(&smp->distribute_work, smp_distribute_keys);
858 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
859
860 hci_conn_hold(conn->hcon);
861
862 return smp;
863 }
864
865 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
866 {
867 struct l2cap_conn *conn = hcon->l2cap_data;
868 struct l2cap_chan *chan;
869 struct smp_chan *smp;
870 u32 value;
871
872 BT_DBG("");
873
874 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
875 return -ENOTCONN;
876
877 chan = conn->smp;
878 if (!chan)
879 return -ENOTCONN;
880
881 smp = chan->data;
882
883 switch (mgmt_op) {
884 case MGMT_OP_USER_PASSKEY_REPLY:
885 value = le32_to_cpu(passkey);
886 memset(smp->tk, 0, sizeof(smp->tk));
887 BT_DBG("PassKey: %d", value);
888 put_unaligned_le32(value, smp->tk);
889 /* Fall Through */
890 case MGMT_OP_USER_CONFIRM_REPLY:
891 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
892 break;
893 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
894 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
895 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
896 return 0;
897 default:
898 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
899 return -EOPNOTSUPP;
900 }
901
902 /* If it is our turn to send Pairing Confirm, do so now */
903 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
904 u8 rsp = smp_confirm(smp);
905 if (rsp)
906 smp_failure(conn, rsp);
907 }
908
909 return 0;
910 }
911
912 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
913 {
914 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
915 struct hci_dev *hdev = conn->hcon->hdev;
916 struct smp_chan *smp;
917 u8 key_size, auth, sec_level;
918 int ret;
919
920 BT_DBG("conn %p", conn);
921
922 if (skb->len < sizeof(*req))
923 return SMP_INVALID_PARAMS;
924
925 if (conn->hcon->role != HCI_ROLE_SLAVE)
926 return SMP_CMD_NOTSUPP;
927
928 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
929 smp = smp_chan_create(conn);
930 } else {
931 struct l2cap_chan *chan = conn->smp;
932 smp = chan->data;
933 }
934
935 if (!smp)
936 return SMP_UNSPECIFIED;
937
938 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
939 (req->auth_req & SMP_AUTH_BONDING))
940 return SMP_PAIRING_NOTSUPP;
941
942 smp->preq[0] = SMP_CMD_PAIRING_REQ;
943 memcpy(&smp->preq[1], req, sizeof(*req));
944 skb_pull(skb, sizeof(*req));
945
946 /* We didn't start the pairing, so match remote */
947 auth = req->auth_req;
948
949 sec_level = authreq_to_seclevel(auth);
950 if (sec_level > conn->hcon->pending_sec_level)
951 conn->hcon->pending_sec_level = sec_level;
952
953 /* If we need MITM check that it can be acheived */
954 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
955 u8 method;
956
957 method = get_auth_method(smp, conn->hcon->io_capability,
958 req->io_capability);
959 if (method == JUST_WORKS || method == JUST_CFM)
960 return SMP_AUTH_REQUIREMENTS;
961 }
962
963 build_pairing_cmd(conn, req, &rsp, auth);
964
965 key_size = min(req->max_key_size, rsp.max_key_size);
966 if (check_enc_key_size(conn, key_size))
967 return SMP_ENC_KEY_SIZE;
968
969 get_random_bytes(smp->prnd, sizeof(smp->prnd));
970
971 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
972 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
973
974 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
975
976 /* Request setup of TK */
977 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
978 if (ret)
979 return SMP_UNSPECIFIED;
980
981 return 0;
982 }
983
984 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
985 {
986 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
987 struct l2cap_chan *chan = conn->smp;
988 struct smp_chan *smp = chan->data;
989 u8 key_size, auth = SMP_AUTH_NONE;
990 int ret;
991
992 BT_DBG("conn %p", conn);
993
994 if (skb->len < sizeof(*rsp))
995 return SMP_INVALID_PARAMS;
996
997 if (conn->hcon->role != HCI_ROLE_MASTER)
998 return SMP_CMD_NOTSUPP;
999
1000 skb_pull(skb, sizeof(*rsp));
1001
1002 req = (void *) &smp->preq[1];
1003
1004 key_size = min(req->max_key_size, rsp->max_key_size);
1005 if (check_enc_key_size(conn, key_size))
1006 return SMP_ENC_KEY_SIZE;
1007
1008 /* If we need MITM check that it can be acheived */
1009 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1010 u8 method;
1011
1012 method = get_auth_method(smp, req->io_capability,
1013 rsp->io_capability);
1014 if (method == JUST_WORKS || method == JUST_CFM)
1015 return SMP_AUTH_REQUIREMENTS;
1016 }
1017
1018 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1019
1020 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1021 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1022
1023 /* Update remote key distribution in case the remote cleared
1024 * some bits that we had enabled in our request.
1025 */
1026 smp->remote_key_dist &= rsp->resp_key_dist;
1027
1028 if ((req->auth_req & SMP_AUTH_BONDING) &&
1029 (rsp->auth_req & SMP_AUTH_BONDING))
1030 auth = SMP_AUTH_BONDING;
1031
1032 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
1033
1034 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1035 if (ret)
1036 return SMP_UNSPECIFIED;
1037
1038 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1039
1040 /* Can't compose response until we have been confirmed */
1041 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1042 return smp_confirm(smp);
1043
1044 return 0;
1045 }
1046
1047 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1048 {
1049 struct l2cap_chan *chan = conn->smp;
1050 struct smp_chan *smp = chan->data;
1051
1052 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1053
1054 if (skb->len < sizeof(smp->pcnf))
1055 return SMP_INVALID_PARAMS;
1056
1057 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1058 skb_pull(skb, sizeof(smp->pcnf));
1059
1060 if (conn->hcon->out)
1061 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1062 smp->prnd);
1063 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1064 return smp_confirm(smp);
1065 else
1066 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1067
1068 return 0;
1069 }
1070
1071 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1072 {
1073 struct l2cap_chan *chan = conn->smp;
1074 struct smp_chan *smp = chan->data;
1075
1076 BT_DBG("conn %p", conn);
1077
1078 if (skb->len < sizeof(smp->rrnd))
1079 return SMP_INVALID_PARAMS;
1080
1081 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1082 skb_pull(skb, sizeof(smp->rrnd));
1083
1084 return smp_random(smp);
1085 }
1086
1087 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1088 {
1089 struct smp_ltk *key;
1090 struct hci_conn *hcon = conn->hcon;
1091
1092 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1093 hcon->role);
1094 if (!key)
1095 return false;
1096
1097 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
1098 return false;
1099
1100 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1101 return true;
1102
1103 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1104 hcon->enc_key_size = key->enc_size;
1105
1106 /* We never store STKs for master role, so clear this flag */
1107 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1108
1109 return true;
1110 }
1111
1112 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1113 {
1114 if (sec_level == BT_SECURITY_LOW)
1115 return true;
1116
1117 /* If we're encrypted with an STK always claim insufficient
1118 * security. This way we allow the connection to be re-encrypted
1119 * with an LTK, even if the LTK provides the same level of
1120 * security. Only exception is if we don't have an LTK (e.g.
1121 * because of key distribution bits).
1122 */
1123 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1124 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1125 hcon->role))
1126 return false;
1127
1128 if (hcon->sec_level >= sec_level)
1129 return true;
1130
1131 return false;
1132 }
1133
1134 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1135 {
1136 struct smp_cmd_security_req *rp = (void *) skb->data;
1137 struct smp_cmd_pairing cp;
1138 struct hci_conn *hcon = conn->hcon;
1139 struct smp_chan *smp;
1140 u8 sec_level;
1141
1142 BT_DBG("conn %p", conn);
1143
1144 if (skb->len < sizeof(*rp))
1145 return SMP_INVALID_PARAMS;
1146
1147 if (hcon->role != HCI_ROLE_MASTER)
1148 return SMP_CMD_NOTSUPP;
1149
1150 sec_level = authreq_to_seclevel(rp->auth_req);
1151 if (smp_sufficient_security(hcon, sec_level))
1152 return 0;
1153
1154 if (sec_level > hcon->pending_sec_level)
1155 hcon->pending_sec_level = sec_level;
1156
1157 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1158 return 0;
1159
1160 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1161 return 0;
1162
1163 smp = smp_chan_create(conn);
1164 if (!smp)
1165 return SMP_UNSPECIFIED;
1166
1167 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1168 (rp->auth_req & SMP_AUTH_BONDING))
1169 return SMP_PAIRING_NOTSUPP;
1170
1171 skb_pull(skb, sizeof(*rp));
1172
1173 memset(&cp, 0, sizeof(cp));
1174 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
1175
1176 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1177 memcpy(&smp->preq[1], &cp, sizeof(cp));
1178
1179 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1180
1181 return 0;
1182 }
1183
1184 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1185 {
1186 struct l2cap_conn *conn = hcon->l2cap_data;
1187 struct smp_chan *smp;
1188 __u8 authreq;
1189
1190 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1191
1192 /* This may be NULL if there's an unexpected disconnection */
1193 if (!conn)
1194 return 1;
1195
1196 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1197 return 1;
1198
1199 if (smp_sufficient_security(hcon, sec_level))
1200 return 1;
1201
1202 if (sec_level > hcon->pending_sec_level)
1203 hcon->pending_sec_level = sec_level;
1204
1205 if (hcon->role == HCI_ROLE_MASTER)
1206 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1207 return 0;
1208
1209 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1210 return 0;
1211
1212 smp = smp_chan_create(conn);
1213 if (!smp)
1214 return 1;
1215
1216 authreq = seclevel_to_authreq(sec_level);
1217
1218 /* Require MITM if IO Capability allows or the security level
1219 * requires it.
1220 */
1221 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1222 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1223 authreq |= SMP_AUTH_MITM;
1224
1225 if (hcon->role == HCI_ROLE_MASTER) {
1226 struct smp_cmd_pairing cp;
1227
1228 build_pairing_cmd(conn, &cp, NULL, authreq);
1229 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1230 memcpy(&smp->preq[1], &cp, sizeof(cp));
1231
1232 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1233 } else {
1234 struct smp_cmd_security_req cp;
1235 cp.auth_req = authreq;
1236 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1237 }
1238
1239 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1240
1241 return 0;
1242 }
1243
1244 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1245 {
1246 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1247 struct l2cap_chan *chan = conn->smp;
1248 struct smp_chan *smp = chan->data;
1249
1250 BT_DBG("conn %p", conn);
1251
1252 if (skb->len < sizeof(*rp))
1253 return SMP_INVALID_PARAMS;
1254
1255 /* Ignore this PDU if it wasn't requested */
1256 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1257 return 0;
1258
1259 skb_pull(skb, sizeof(*rp));
1260
1261 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1262
1263 return 0;
1264 }
1265
1266 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1267 {
1268 struct smp_cmd_master_ident *rp = (void *) skb->data;
1269 struct l2cap_chan *chan = conn->smp;
1270 struct smp_chan *smp = chan->data;
1271 struct hci_dev *hdev = conn->hcon->hdev;
1272 struct hci_conn *hcon = conn->hcon;
1273 struct smp_ltk *ltk;
1274 u8 authenticated;
1275
1276 BT_DBG("conn %p", conn);
1277
1278 if (skb->len < sizeof(*rp))
1279 return SMP_INVALID_PARAMS;
1280
1281 /* Ignore this PDU if it wasn't requested */
1282 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1283 return 0;
1284
1285 /* Mark the information as received */
1286 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1287
1288 skb_pull(skb, sizeof(*rp));
1289
1290 hci_dev_lock(hdev);
1291 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1292 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1293 authenticated, smp->tk, smp->enc_key_size,
1294 rp->ediv, rp->rand);
1295 smp->ltk = ltk;
1296 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1297 queue_work(hdev->workqueue, &smp->distribute_work);
1298 hci_dev_unlock(hdev);
1299
1300 return 0;
1301 }
1302
1303 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1304 {
1305 struct smp_cmd_ident_info *info = (void *) skb->data;
1306 struct l2cap_chan *chan = conn->smp;
1307 struct smp_chan *smp = chan->data;
1308
1309 BT_DBG("");
1310
1311 if (skb->len < sizeof(*info))
1312 return SMP_INVALID_PARAMS;
1313
1314 /* Ignore this PDU if it wasn't requested */
1315 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1316 return 0;
1317
1318 skb_pull(skb, sizeof(*info));
1319
1320 memcpy(smp->irk, info->irk, 16);
1321
1322 return 0;
1323 }
1324
1325 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1326 struct sk_buff *skb)
1327 {
1328 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1329 struct l2cap_chan *chan = conn->smp;
1330 struct smp_chan *smp = chan->data;
1331 struct hci_conn *hcon = conn->hcon;
1332 struct hci_dev *hdev = hcon->hdev;
1333 bdaddr_t rpa;
1334
1335 BT_DBG("");
1336
1337 if (skb->len < sizeof(*info))
1338 return SMP_INVALID_PARAMS;
1339
1340 /* Ignore this PDU if it wasn't requested */
1341 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1342 return 0;
1343
1344 /* Mark the information as received */
1345 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1346
1347 skb_pull(skb, sizeof(*info));
1348
1349 hci_dev_lock(hcon->hdev);
1350
1351 /* Strictly speaking the Core Specification (4.1) allows sending
1352 * an empty address which would force us to rely on just the IRK
1353 * as "identity information". However, since such
1354 * implementations are not known of and in order to not over
1355 * complicate our implementation, simply pretend that we never
1356 * received an IRK for such a device.
1357 */
1358 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1359 BT_ERR("Ignoring IRK with no identity address");
1360 goto distribute;
1361 }
1362
1363 bacpy(&smp->id_addr, &info->bdaddr);
1364 smp->id_addr_type = info->addr_type;
1365
1366 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1367 bacpy(&rpa, &hcon->dst);
1368 else
1369 bacpy(&rpa, BDADDR_ANY);
1370
1371 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1372 smp->id_addr_type, smp->irk, &rpa);
1373
1374 distribute:
1375 queue_work(hdev->workqueue, &smp->distribute_work);
1376
1377 hci_dev_unlock(hcon->hdev);
1378
1379 return 0;
1380 }
1381
1382 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1383 {
1384 struct smp_cmd_sign_info *rp = (void *) skb->data;
1385 struct l2cap_chan *chan = conn->smp;
1386 struct smp_chan *smp = chan->data;
1387 struct hci_dev *hdev = conn->hcon->hdev;
1388 struct smp_csrk *csrk;
1389
1390 BT_DBG("conn %p", conn);
1391
1392 if (skb->len < sizeof(*rp))
1393 return SMP_INVALID_PARAMS;
1394
1395 /* Ignore this PDU if it wasn't requested */
1396 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1397 return 0;
1398
1399 /* Mark the information as received */
1400 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1401
1402 skb_pull(skb, sizeof(*rp));
1403
1404 hci_dev_lock(hdev);
1405 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1406 if (csrk) {
1407 csrk->master = 0x01;
1408 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1409 }
1410 smp->csrk = csrk;
1411 queue_work(hdev->workqueue, &smp->distribute_work);
1412 hci_dev_unlock(hdev);
1413
1414 return 0;
1415 }
1416
1417 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1418 {
1419 struct l2cap_conn *conn = chan->conn;
1420 struct hci_conn *hcon = conn->hcon;
1421 __u8 code, reason;
1422 int err = 0;
1423
1424 if (hcon->type != LE_LINK) {
1425 kfree_skb(skb);
1426 return 0;
1427 }
1428
1429 if (skb->len < 1)
1430 return -EILSEQ;
1431
1432 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1433 reason = SMP_PAIRING_NOTSUPP;
1434 goto done;
1435 }
1436
1437 code = skb->data[0];
1438 skb_pull(skb, sizeof(code));
1439
1440 /*
1441 * The SMP context must be initialized for all other PDUs except
1442 * pairing and security requests. If we get any other PDU when
1443 * not initialized simply disconnect (done if this function
1444 * returns an error).
1445 */
1446 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1447 !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
1448 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1449 err = -EOPNOTSUPP;
1450 goto done;
1451 }
1452
1453 switch (code) {
1454 case SMP_CMD_PAIRING_REQ:
1455 reason = smp_cmd_pairing_req(conn, skb);
1456 break;
1457
1458 case SMP_CMD_PAIRING_FAIL:
1459 smp_failure(conn, 0);
1460 err = -EPERM;
1461 break;
1462
1463 case SMP_CMD_PAIRING_RSP:
1464 reason = smp_cmd_pairing_rsp(conn, skb);
1465 break;
1466
1467 case SMP_CMD_SECURITY_REQ:
1468 reason = smp_cmd_security_req(conn, skb);
1469 break;
1470
1471 case SMP_CMD_PAIRING_CONFIRM:
1472 reason = smp_cmd_pairing_confirm(conn, skb);
1473 break;
1474
1475 case SMP_CMD_PAIRING_RANDOM:
1476 reason = smp_cmd_pairing_random(conn, skb);
1477 break;
1478
1479 case SMP_CMD_ENCRYPT_INFO:
1480 reason = smp_cmd_encrypt_info(conn, skb);
1481 break;
1482
1483 case SMP_CMD_MASTER_IDENT:
1484 reason = smp_cmd_master_ident(conn, skb);
1485 break;
1486
1487 case SMP_CMD_IDENT_INFO:
1488 reason = smp_cmd_ident_info(conn, skb);
1489 break;
1490
1491 case SMP_CMD_IDENT_ADDR_INFO:
1492 reason = smp_cmd_ident_addr_info(conn, skb);
1493 break;
1494
1495 case SMP_CMD_SIGN_INFO:
1496 reason = smp_cmd_sign_info(conn, skb);
1497 break;
1498
1499 default:
1500 BT_DBG("Unknown command code 0x%2.2x", code);
1501 reason = SMP_CMD_NOTSUPP;
1502 goto done;
1503 }
1504
1505 done:
1506 if (!err) {
1507 if (reason)
1508 smp_failure(conn, reason);
1509 kfree_skb(skb);
1510 }
1511
1512 return err;
1513 }
1514
1515 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1516 {
1517 struct l2cap_conn *conn = chan->conn;
1518
1519 BT_DBG("chan %p", chan);
1520
1521 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
1522 smp_chan_destroy(conn);
1523
1524 conn->smp = NULL;
1525 l2cap_chan_put(chan);
1526 }
1527
1528 static void smp_resume_cb(struct l2cap_chan *chan)
1529 {
1530 struct smp_chan *smp = chan->data;
1531 struct l2cap_conn *conn = chan->conn;
1532 struct hci_conn *hcon = conn->hcon;
1533 struct hci_dev *hdev = hcon->hdev;
1534
1535 BT_DBG("chan %p", chan);
1536
1537 if (!smp)
1538 return;
1539
1540 cancel_delayed_work(&smp->security_timer);
1541
1542 if (test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1543 queue_work(hdev->workqueue, &smp->distribute_work);
1544 }
1545
1546 static void smp_ready_cb(struct l2cap_chan *chan)
1547 {
1548 struct l2cap_conn *conn = chan->conn;
1549
1550 BT_DBG("chan %p", chan);
1551
1552 conn->smp = chan;
1553 l2cap_chan_hold(chan);
1554 }
1555
1556 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1557 {
1558 int err;
1559
1560 BT_DBG("chan %p", chan);
1561
1562 err = smp_sig_channel(chan, skb);
1563 if (err) {
1564 struct smp_chan *smp = chan->data;
1565
1566 if (smp)
1567 cancel_delayed_work_sync(&smp->security_timer);
1568
1569 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1570 }
1571
1572 return err;
1573 }
1574
1575 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1576 unsigned long hdr_len,
1577 unsigned long len, int nb)
1578 {
1579 struct sk_buff *skb;
1580
1581 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1582 if (!skb)
1583 return ERR_PTR(-ENOMEM);
1584
1585 skb->priority = HCI_PRIO_MAX;
1586 bt_cb(skb)->chan = chan;
1587
1588 return skb;
1589 }
1590
1591 static const struct l2cap_ops smp_chan_ops = {
1592 .name = "Security Manager",
1593 .ready = smp_ready_cb,
1594 .recv = smp_recv_cb,
1595 .alloc_skb = smp_alloc_skb_cb,
1596 .teardown = smp_teardown_cb,
1597 .resume = smp_resume_cb,
1598
1599 .new_connection = l2cap_chan_no_new_connection,
1600 .state_change = l2cap_chan_no_state_change,
1601 .close = l2cap_chan_no_close,
1602 .defer = l2cap_chan_no_defer,
1603 .suspend = l2cap_chan_no_suspend,
1604 .set_shutdown = l2cap_chan_no_set_shutdown,
1605 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1606 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1607 };
1608
1609 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1610 {
1611 struct l2cap_chan *chan;
1612
1613 BT_DBG("pchan %p", pchan);
1614
1615 chan = l2cap_chan_create();
1616 if (!chan)
1617 return NULL;
1618
1619 chan->chan_type = pchan->chan_type;
1620 chan->ops = &smp_chan_ops;
1621 chan->scid = pchan->scid;
1622 chan->dcid = chan->scid;
1623 chan->imtu = pchan->imtu;
1624 chan->omtu = pchan->omtu;
1625 chan->mode = pchan->mode;
1626
1627 BT_DBG("created chan %p", chan);
1628
1629 return chan;
1630 }
1631
1632 static const struct l2cap_ops smp_root_chan_ops = {
1633 .name = "Security Manager Root",
1634 .new_connection = smp_new_conn_cb,
1635
1636 /* None of these are implemented for the root channel */
1637 .close = l2cap_chan_no_close,
1638 .alloc_skb = l2cap_chan_no_alloc_skb,
1639 .recv = l2cap_chan_no_recv,
1640 .state_change = l2cap_chan_no_state_change,
1641 .teardown = l2cap_chan_no_teardown,
1642 .ready = l2cap_chan_no_ready,
1643 .defer = l2cap_chan_no_defer,
1644 .suspend = l2cap_chan_no_suspend,
1645 .resume = l2cap_chan_no_resume,
1646 .set_shutdown = l2cap_chan_no_set_shutdown,
1647 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1648 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1649 };
1650
1651 int smp_register(struct hci_dev *hdev)
1652 {
1653 struct l2cap_chan *chan;
1654 struct crypto_blkcipher *tfm_aes;
1655
1656 BT_DBG("%s", hdev->name);
1657
1658 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1659 if (IS_ERR(tfm_aes)) {
1660 int err = PTR_ERR(tfm_aes);
1661 BT_ERR("Unable to create crypto context");
1662 return err;
1663 }
1664
1665 chan = l2cap_chan_create();
1666 if (!chan) {
1667 crypto_free_blkcipher(tfm_aes);
1668 return -ENOMEM;
1669 }
1670
1671 chan->data = tfm_aes;
1672
1673 l2cap_add_scid(chan, L2CAP_CID_SMP);
1674
1675 l2cap_chan_set_defaults(chan);
1676
1677 bacpy(&chan->src, &hdev->bdaddr);
1678 chan->src_type = BDADDR_LE_PUBLIC;
1679 chan->state = BT_LISTEN;
1680 chan->mode = L2CAP_MODE_BASIC;
1681 chan->imtu = L2CAP_DEFAULT_MTU;
1682 chan->ops = &smp_root_chan_ops;
1683
1684 hdev->smp_data = chan;
1685
1686 return 0;
1687 }
1688
1689 void smp_unregister(struct hci_dev *hdev)
1690 {
1691 struct l2cap_chan *chan = hdev->smp_data;
1692 struct crypto_blkcipher *tfm_aes;
1693
1694 if (!chan)
1695 return;
1696
1697 BT_DBG("%s chan %p", hdev->name, chan);
1698
1699 tfm_aes = chan->data;
1700 if (tfm_aes) {
1701 chan->data = NULL;
1702 crypto_free_blkcipher(tfm_aes);
1703 }
1704
1705 hdev->smp_data = NULL;
1706 l2cap_chan_put(chan);
1707 }
Linux kernel - Deliverables
This page took 0.064324 seconds and 6 git commands to generate.