projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix using uninitialized variable when pairing
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 u8 preq[7]; /* SMP Pairing Request */
49 u8 prsp[7]; /* SMP Pairing Response */
50 u8 prnd[16]; /* SMP Pairing Random (local) */
51 u8 rrnd[16]; /* SMP Pairing Random (remote) */
52 u8 pcnf[16]; /* SMP Pairing Confirm */
53 u8 tk[16]; /* SMP Temporary Key */
54 u8 enc_key_size;
55 u8 remote_key_dist;
56 bdaddr_t id_addr;
57 u8 id_addr_type;
58 u8 irk[16];
59 struct smp_csrk *csrk;
60 struct smp_csrk *slave_csrk;
61 struct smp_ltk *ltk;
62 struct smp_ltk *slave_ltk;
63 struct smp_irk *remote_irk;
64 unsigned long flags;
65
66 struct crypto_blkcipher *tfm_aes;
67 };
68
69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
70 {
71 size_t i;
72
73 for (i = 0; i < len; i++)
74 dst[len - 1 - i] = src[i];
75 }
76
77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 {
79 struct blkcipher_desc desc;
80 struct scatterlist sg;
81 uint8_t tmp[16], data[16];
82 int err;
83
84 if (tfm == NULL) {
85 BT_ERR("tfm %p", tfm);
86 return -EINVAL;
87 }
88
89 desc.tfm = tfm;
90 desc.flags = 0;
91
92 /* The most significant octet of key corresponds to k[0] */
93 swap_buf(k, tmp, 16);
94
95 err = crypto_blkcipher_setkey(tfm, tmp, 16);
96 if (err) {
97 BT_ERR("cipher setkey failed: %d", err);
98 return err;
99 }
100
101 /* Most significant octet of plaintextData corresponds to data[0] */
102 swap_buf(r, data, 16);
103
104 sg_init_one(&sg, data, 16);
105
106 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
107 if (err)
108 BT_ERR("Encrypt data error %d", err);
109
110 /* Most significant octet of encryptedData corresponds to data[0] */
111 swap_buf(data, r, 16);
112
113 return err;
114 }
115
116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
117 {
118 u8 _res[16];
119 int err;
120
121 /* r' = padding || r */
122 memcpy(_res, r, 3);
123 memset(_res + 3, 0, 13);
124
125 err = smp_e(tfm, irk, _res);
126 if (err) {
127 BT_ERR("Encrypt error");
128 return err;
129 }
130
131 /* The output of the random address function ah is:
132 * ah(h, r) = e(k, r') mod 2^24
133 * The output of the security function e is then truncated to 24 bits
134 * by taking the least significant 24 bits of the output of e as the
135 * result of ah.
136 */
137 memcpy(res, _res, 3);
138
139 return 0;
140 }
141
142 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
143 bdaddr_t *bdaddr)
144 {
145 u8 hash[3];
146 int err;
147
148 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
149
150 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
151 if (err)
152 return false;
153
154 return !memcmp(bdaddr->b, hash, 3);
155 }
156
157 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
158 {
159 int err;
160
161 get_random_bytes(&rpa->b[3], 3);
162
163 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
164 rpa->b[5] |= 0x40; /* Set second most significant bit */
165
166 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
167 if (err < 0)
168 return err;
169
170 BT_DBG("RPA %pMR", rpa);
171
172 return 0;
173 }
174
175 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
176 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
177 u8 res[16])
178 {
179 struct hci_dev *hdev = smp->conn->hcon->hdev;
180 u8 p1[16], p2[16];
181 int err;
182
183 BT_DBG("%s", hdev->name);
184
185 memset(p1, 0, 16);
186
187 /* p1 = pres || preq || _rat || _iat */
188 p1[0] = _iat;
189 p1[1] = _rat;
190 memcpy(p1 + 2, preq, 7);
191 memcpy(p1 + 9, pres, 7);
192
193 /* p2 = padding || ia || ra */
194 memcpy(p2, ra, 6);
195 memcpy(p2 + 6, ia, 6);
196 memset(p2 + 12, 0, 4);
197
198 /* res = r XOR p1 */
199 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200
201 /* res = e(k, res) */
202 err = smp_e(smp->tfm_aes, k, res);
203 if (err) {
204 BT_ERR("Encrypt data error");
205 return err;
206 }
207
208 /* res = res XOR p2 */
209 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210
211 /* res = e(k, res) */
212 err = smp_e(smp->tfm_aes, k, res);
213 if (err)
214 BT_ERR("Encrypt data error");
215
216 return err;
217 }
218
219 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
220 u8 _r[16])
221 {
222 struct hci_dev *hdev = smp->conn->hcon->hdev;
223 int err;
224
225 BT_DBG("%s", hdev->name);
226
227 /* Just least significant octets from r1 and r2 are considered */
228 memcpy(_r, r2, 8);
229 memcpy(_r + 8, r1, 8);
230
231 err = smp_e(smp->tfm_aes, k, _r);
232 if (err)
233 BT_ERR("Encrypt data error");
234
235 return err;
236 }
237
238 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
239 u16 dlen, void *data)
240 {
241 struct sk_buff *skb;
242 struct l2cap_hdr *lh;
243 int len;
244
245 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246
247 if (len > conn->mtu)
248 return NULL;
249
250 skb = bt_skb_alloc(len, GFP_ATOMIC);
251 if (!skb)
252 return NULL;
253
254 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
255 lh->len = cpu_to_le16(sizeof(code) + dlen);
256 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
257
258 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
259
260 memcpy(skb_put(skb, dlen), data, dlen);
261
262 return skb;
263 }
264
265 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
266 {
267 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
268
269 BT_DBG("code 0x%2.2x", code);
270
271 if (!skb)
272 return;
273
274 skb->priority = HCI_PRIO_MAX;
275 hci_send_acl(conn->hchan, skb, 0);
276
277 cancel_delayed_work_sync(&conn->security_timer);
278 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
279 }
280
281 static __u8 authreq_to_seclevel(__u8 authreq)
282 {
283 if (authreq & SMP_AUTH_MITM)
284 return BT_SECURITY_HIGH;
285 else
286 return BT_SECURITY_MEDIUM;
287 }
288
289 static __u8 seclevel_to_authreq(__u8 sec_level)
290 {
291 switch (sec_level) {
292 case BT_SECURITY_HIGH:
293 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
294 case BT_SECURITY_MEDIUM:
295 return SMP_AUTH_BONDING;
296 default:
297 return SMP_AUTH_NONE;
298 }
299 }
300
301 static void build_pairing_cmd(struct l2cap_conn *conn,
302 struct smp_cmd_pairing *req,
303 struct smp_cmd_pairing *rsp, __u8 authreq)
304 {
305 struct smp_chan *smp = conn->smp_chan;
306 struct hci_conn *hcon = conn->hcon;
307 struct hci_dev *hdev = hcon->hdev;
308 u8 local_dist = 0, remote_dist = 0;
309
310 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
313 authreq |= SMP_AUTH_BONDING;
314 } else {
315 authreq &= ~SMP_AUTH_BONDING;
316 }
317
318 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
319 remote_dist |= SMP_DIST_ID_KEY;
320
321 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
322 local_dist |= SMP_DIST_ID_KEY;
323
324 if (rsp == NULL) {
325 req->io_capability = conn->hcon->io_capability;
326 req->oob_flag = SMP_OOB_NOT_PRESENT;
327 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
328 req->init_key_dist = local_dist;
329 req->resp_key_dist = remote_dist;
330 req->auth_req = (authreq & AUTH_REQ_MASK);
331
332 smp->remote_key_dist = remote_dist;
333 return;
334 }
335
336 rsp->io_capability = conn->hcon->io_capability;
337 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
338 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 rsp->init_key_dist = req->init_key_dist & remote_dist;
340 rsp->resp_key_dist = req->resp_key_dist & local_dist;
341 rsp->auth_req = (authreq & AUTH_REQ_MASK);
342
343 smp->remote_key_dist = rsp->init_key_dist;
344 }
345
346 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
347 {
348 struct smp_chan *smp = conn->smp_chan;
349
350 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
351 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
352 return SMP_ENC_KEY_SIZE;
353
354 smp->enc_key_size = max_key_size;
355
356 return 0;
357 }
358
359 static void smp_failure(struct l2cap_conn *conn, u8 reason)
360 {
361 struct hci_conn *hcon = conn->hcon;
362
363 if (reason)
364 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
365 &reason);
366
367 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
368 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
369 HCI_ERROR_AUTH_FAILURE);
370
371 cancel_delayed_work_sync(&conn->security_timer);
372
373 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
374 smp_chan_destroy(conn);
375 }
376
377 #define JUST_WORKS 0x00
378 #define JUST_CFM 0x01
379 #define REQ_PASSKEY 0x02
380 #define CFM_PASSKEY 0x03
381 #define REQ_OOB 0x04
382 #define OVERLAP 0xFF
383
384 static const u8 gen_method[5][5] = {
385 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
386 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
387 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
388 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
389 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
390 };
391
392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
393 {
394 /* If either side has unknown io_caps, use JUST_CFM (which gets
395 * converted later to JUST_WORKS if we're initiators.
396 */
397 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
398 remote_io > SMP_IO_KEYBOARD_DISPLAY)
399 return JUST_CFM;
400
401 return gen_method[remote_io][local_io];
402 }
403
404 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
405 u8 local_io, u8 remote_io)
406 {
407 struct hci_conn *hcon = conn->hcon;
408 struct smp_chan *smp = conn->smp_chan;
409 u8 method;
410 u32 passkey = 0;
411 int ret = 0;
412
413 /* Initialize key for JUST WORKS */
414 memset(smp->tk, 0, sizeof(smp->tk));
415 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
416
417 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
418
419 /* If neither side wants MITM, either "just" confirm an incoming
420 * request or use just-works for outgoing ones. The JUST_CFM
421 * will be converted to JUST_WORKS if necessary later in this
422 * function. If either side has MITM look up the method from the
423 * table.
424 */
425 if (!(auth & SMP_AUTH_MITM))
426 method = JUST_CFM;
427 else
428 method = get_auth_method(smp, local_io, remote_io);
429
430 /* Don't confirm locally initiated pairing attempts */
431 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
432 method = JUST_WORKS;
433
434 /* If Just Works, Continue with Zero TK */
435 if (method == JUST_WORKS) {
436 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
437 return 0;
438 }
439
440 /* Not Just Works/Confirm results in MITM Authentication */
441 if (method != JUST_CFM)
442 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
443
444 /* If both devices have Keyoard-Display I/O, the master
445 * Confirms and the slave Enters the passkey.
446 */
447 if (method == OVERLAP) {
448 if (hcon->role == HCI_ROLE_MASTER)
449 method = CFM_PASSKEY;
450 else
451 method = REQ_PASSKEY;
452 }
453
454 /* Generate random passkey. */
455 if (method == CFM_PASSKEY) {
456 memset(smp->tk, 0, sizeof(smp->tk));
457 get_random_bytes(&passkey, sizeof(passkey));
458 passkey %= 1000000;
459 put_unaligned_le32(passkey, smp->tk);
460 BT_DBG("PassKey: %d", passkey);
461 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
462 }
463
464 hci_dev_lock(hcon->hdev);
465
466 if (method == REQ_PASSKEY)
467 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
468 hcon->type, hcon->dst_type);
469 else if (method == JUST_CFM)
470 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
471 hcon->type, hcon->dst_type,
472 passkey, 1);
473 else
474 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
475 hcon->type, hcon->dst_type,
476 passkey, 0);
477
478 hci_dev_unlock(hcon->hdev);
479
480 return ret;
481 }
482
483 static u8 smp_confirm(struct smp_chan *smp)
484 {
485 struct l2cap_conn *conn = smp->conn;
486 struct smp_cmd_pairing_confirm cp;
487 int ret;
488
489 BT_DBG("conn %p", conn);
490
491 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
492 conn->hcon->init_addr_type, &conn->hcon->init_addr,
493 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
494 cp.confirm_val);
495 if (ret)
496 return SMP_UNSPECIFIED;
497
498 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
499
500 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
501
502 return 0;
503 }
504
505 static u8 smp_random(struct smp_chan *smp)
506 {
507 struct l2cap_conn *conn = smp->conn;
508 struct hci_conn *hcon = conn->hcon;
509 u8 confirm[16];
510 int ret;
511
512 if (IS_ERR_OR_NULL(smp->tfm_aes))
513 return SMP_UNSPECIFIED;
514
515 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
516
517 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
518 hcon->init_addr_type, &hcon->init_addr,
519 hcon->resp_addr_type, &hcon->resp_addr, confirm);
520 if (ret)
521 return SMP_UNSPECIFIED;
522
523 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
524 BT_ERR("Pairing failed (confirmation values mismatch)");
525 return SMP_CONFIRM_FAILED;
526 }
527
528 if (hcon->out) {
529 u8 stk[16];
530 __le64 rand = 0;
531 __le16 ediv = 0;
532
533 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
534
535 memset(stk + smp->enc_key_size, 0,
536 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
537
538 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
539 return SMP_UNSPECIFIED;
540
541 hci_le_start_enc(hcon, ediv, rand, stk);
542 hcon->enc_key_size = smp->enc_key_size;
543 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
544 } else {
545 u8 stk[16], auth;
546 __le64 rand = 0;
547 __le16 ediv = 0;
548
549 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
550 smp->prnd);
551
552 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
553
554 memset(stk + smp->enc_key_size, 0,
555 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
556
557 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
558 auth = 1;
559 else
560 auth = 0;
561
562 /* Even though there's no _SLAVE suffix this is the
563 * slave STK we're adding for later lookup (the master
564 * STK never needs to be stored).
565 */
566 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
567 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
568 }
569
570 return 0;
571 }
572
573 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
574 {
575 struct smp_chan *smp;
576
577 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
578 if (!smp)
579 return NULL;
580
581 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
582 if (IS_ERR(smp->tfm_aes)) {
583 BT_ERR("Unable to create ECB crypto context");
584 kfree(smp);
585 return NULL;
586 }
587
588 smp->conn = conn;
589 conn->smp_chan = smp;
590
591 hci_conn_hold(conn->hcon);
592
593 return smp;
594 }
595
596 void smp_chan_destroy(struct l2cap_conn *conn)
597 {
598 struct smp_chan *smp = conn->smp_chan;
599 bool complete;
600
601 BUG_ON(!smp);
602
603 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
604 mgmt_smp_complete(conn->hcon, complete);
605
606 kfree(smp->csrk);
607 kfree(smp->slave_csrk);
608
609 crypto_free_blkcipher(smp->tfm_aes);
610
611 /* If pairing failed clean up any keys we might have */
612 if (!complete) {
613 if (smp->ltk) {
614 list_del(&smp->ltk->list);
615 kfree(smp->ltk);
616 }
617
618 if (smp->slave_ltk) {
619 list_del(&smp->slave_ltk->list);
620 kfree(smp->slave_ltk);
621 }
622
623 if (smp->remote_irk) {
624 list_del(&smp->remote_irk->list);
625 kfree(smp->remote_irk);
626 }
627 }
628
629 kfree(smp);
630 conn->smp_chan = NULL;
631 hci_conn_drop(conn->hcon);
632 }
633
634 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
635 {
636 struct l2cap_conn *conn = hcon->l2cap_data;
637 struct smp_chan *smp;
638 u32 value;
639
640 BT_DBG("");
641
642 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
643 return -ENOTCONN;
644
645 smp = conn->smp_chan;
646
647 switch (mgmt_op) {
648 case MGMT_OP_USER_PASSKEY_REPLY:
649 value = le32_to_cpu(passkey);
650 memset(smp->tk, 0, sizeof(smp->tk));
651 BT_DBG("PassKey: %d", value);
652 put_unaligned_le32(value, smp->tk);
653 /* Fall Through */
654 case MGMT_OP_USER_CONFIRM_REPLY:
655 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
656 break;
657 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
658 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
659 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
660 return 0;
661 default:
662 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
663 return -EOPNOTSUPP;
664 }
665
666 /* If it is our turn to send Pairing Confirm, do so now */
667 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
668 u8 rsp = smp_confirm(smp);
669 if (rsp)
670 smp_failure(conn, rsp);
671 }
672
673 return 0;
674 }
675
676 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
677 {
678 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
679 struct hci_dev *hdev = conn->hcon->hdev;
680 struct smp_chan *smp;
681 u8 key_size, auth, sec_level;
682 int ret;
683
684 BT_DBG("conn %p", conn);
685
686 if (skb->len < sizeof(*req))
687 return SMP_INVALID_PARAMS;
688
689 if (conn->hcon->role != HCI_ROLE_SLAVE)
690 return SMP_CMD_NOTSUPP;
691
692 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
693 smp = smp_chan_create(conn);
694 else
695 smp = conn->smp_chan;
696
697 if (!smp)
698 return SMP_UNSPECIFIED;
699
700 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) &&
701 (req->auth_req & SMP_AUTH_BONDING))
702 return SMP_PAIRING_NOTSUPP;
703
704 smp->preq[0] = SMP_CMD_PAIRING_REQ;
705 memcpy(&smp->preq[1], req, sizeof(*req));
706 skb_pull(skb, sizeof(*req));
707
708 /* We didn't start the pairing, so match remote */
709 auth = req->auth_req;
710
711 sec_level = authreq_to_seclevel(auth);
712 if (sec_level > conn->hcon->pending_sec_level)
713 conn->hcon->pending_sec_level = sec_level;
714
715 /* If we need MITM check that it can be acheived */
716 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
717 u8 method;
718
719 method = get_auth_method(smp, conn->hcon->io_capability,
720 req->io_capability);
721 if (method == JUST_WORKS || method == JUST_CFM)
722 return SMP_AUTH_REQUIREMENTS;
723 }
724
725 build_pairing_cmd(conn, req, &rsp, auth);
726
727 key_size = min(req->max_key_size, rsp.max_key_size);
728 if (check_enc_key_size(conn, key_size))
729 return SMP_ENC_KEY_SIZE;
730
731 get_random_bytes(smp->prnd, sizeof(smp->prnd));
732
733 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
734 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
735
736 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
737
738 /* Request setup of TK */
739 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
740 if (ret)
741 return SMP_UNSPECIFIED;
742
743 return 0;
744 }
745
746 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
747 {
748 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
749 struct smp_chan *smp = conn->smp_chan;
750 u8 key_size, auth = SMP_AUTH_NONE;
751 int ret;
752
753 BT_DBG("conn %p", conn);
754
755 if (skb->len < sizeof(*rsp))
756 return SMP_INVALID_PARAMS;
757
758 if (conn->hcon->role != HCI_ROLE_MASTER)
759 return SMP_CMD_NOTSUPP;
760
761 skb_pull(skb, sizeof(*rsp));
762
763 req = (void *) &smp->preq[1];
764
765 key_size = min(req->max_key_size, rsp->max_key_size);
766 if (check_enc_key_size(conn, key_size))
767 return SMP_ENC_KEY_SIZE;
768
769 /* If we need MITM check that it can be acheived */
770 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
771 u8 method;
772
773 method = get_auth_method(smp, req->io_capability,
774 rsp->io_capability);
775 if (method == JUST_WORKS || method == JUST_CFM)
776 return SMP_AUTH_REQUIREMENTS;
777 }
778
779 get_random_bytes(smp->prnd, sizeof(smp->prnd));
780
781 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
782 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
783
784 /* Update remote key distribution in case the remote cleared
785 * some bits that we had enabled in our request.
786 */
787 smp->remote_key_dist &= rsp->resp_key_dist;
788
789 if ((req->auth_req & SMP_AUTH_BONDING) &&
790 (rsp->auth_req & SMP_AUTH_BONDING))
791 auth = SMP_AUTH_BONDING;
792
793 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
794
795 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
796 if (ret)
797 return SMP_UNSPECIFIED;
798
799 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
800
801 /* Can't compose response until we have been confirmed */
802 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
803 return smp_confirm(smp);
804
805 return 0;
806 }
807
808 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
809 {
810 struct smp_chan *smp = conn->smp_chan;
811
812 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
813
814 if (skb->len < sizeof(smp->pcnf))
815 return SMP_INVALID_PARAMS;
816
817 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
818 skb_pull(skb, sizeof(smp->pcnf));
819
820 if (conn->hcon->out)
821 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
822 smp->prnd);
823 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
824 return smp_confirm(smp);
825 else
826 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
827
828 return 0;
829 }
830
831 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
832 {
833 struct smp_chan *smp = conn->smp_chan;
834
835 BT_DBG("conn %p", conn);
836
837 if (skb->len < sizeof(smp->rrnd))
838 return SMP_INVALID_PARAMS;
839
840 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
841 skb_pull(skb, sizeof(smp->rrnd));
842
843 return smp_random(smp);
844 }
845
846 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
847 {
848 struct smp_ltk *key;
849 struct hci_conn *hcon = conn->hcon;
850
851 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
852 hcon->role);
853 if (!key)
854 return false;
855
856 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
857 return false;
858
859 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
860 return true;
861
862 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
863 hcon->enc_key_size = key->enc_size;
864
865 /* We never store STKs for master role, so clear this flag */
866 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
867
868 return true;
869 }
870
871 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
872 {
873 if (sec_level == BT_SECURITY_LOW)
874 return true;
875
876 /* If we're encrypted with an STK always claim insufficient
877 * security. This way we allow the connection to be re-encrypted
878 * with an LTK, even if the LTK provides the same level of
879 * security. Only exception is if we don't have an LTK (e.g.
880 * because of key distribution bits).
881 */
882 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
883 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
884 hcon->role))
885 return false;
886
887 if (hcon->sec_level >= sec_level)
888 return true;
889
890 return false;
891 }
892
893 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
894 {
895 struct smp_cmd_security_req *rp = (void *) skb->data;
896 struct smp_cmd_pairing cp;
897 struct hci_conn *hcon = conn->hcon;
898 struct smp_chan *smp;
899 u8 sec_level;
900
901 BT_DBG("conn %p", conn);
902
903 if (skb->len < sizeof(*rp))
904 return SMP_INVALID_PARAMS;
905
906 if (hcon->role != HCI_ROLE_MASTER)
907 return SMP_CMD_NOTSUPP;
908
909 sec_level = authreq_to_seclevel(rp->auth_req);
910 if (smp_sufficient_security(hcon, sec_level))
911 return 0;
912
913 if (sec_level > hcon->pending_sec_level)
914 hcon->pending_sec_level = sec_level;
915
916 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
917 return 0;
918
919 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
920 return 0;
921
922 if (!test_bit(HCI_PAIRABLE, &hcon->hdev->dev_flags) &&
923 (rp->auth_req & SMP_AUTH_BONDING))
924 return SMP_PAIRING_NOTSUPP;
925
926 smp = smp_chan_create(conn);
927 if (!smp)
928 return SMP_UNSPECIFIED;
929
930 skb_pull(skb, sizeof(*rp));
931
932 memset(&cp, 0, sizeof(cp));
933 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
934
935 smp->preq[0] = SMP_CMD_PAIRING_REQ;
936 memcpy(&smp->preq[1], &cp, sizeof(cp));
937
938 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
939
940 return 0;
941 }
942
943 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
944 {
945 struct l2cap_conn *conn = hcon->l2cap_data;
946 struct smp_chan *smp;
947 __u8 authreq;
948
949 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
950
951 /* This may be NULL if there's an unexpected disconnection */
952 if (!conn)
953 return 1;
954
955 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
956 return 1;
957
958 if (smp_sufficient_security(hcon, sec_level))
959 return 1;
960
961 if (sec_level > hcon->pending_sec_level)
962 hcon->pending_sec_level = sec_level;
963
964 if (hcon->role == HCI_ROLE_MASTER)
965 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
966 return 0;
967
968 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
969 return 0;
970
971 smp = smp_chan_create(conn);
972 if (!smp)
973 return 1;
974
975 authreq = seclevel_to_authreq(sec_level);
976
977 /* Require MITM if IO Capability allows or the security level
978 * requires it.
979 */
980 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
981 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
982 authreq |= SMP_AUTH_MITM;
983
984 if (hcon->role == HCI_ROLE_MASTER) {
985 struct smp_cmd_pairing cp;
986
987 build_pairing_cmd(conn, &cp, NULL, authreq);
988 smp->preq[0] = SMP_CMD_PAIRING_REQ;
989 memcpy(&smp->preq[1], &cp, sizeof(cp));
990
991 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
992 } else {
993 struct smp_cmd_security_req cp;
994 cp.auth_req = authreq;
995 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
996 }
997
998 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
999
1000 return 0;
1001 }
1002
1003 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1004 {
1005 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1006 struct smp_chan *smp = conn->smp_chan;
1007
1008 BT_DBG("conn %p", conn);
1009
1010 if (skb->len < sizeof(*rp))
1011 return SMP_INVALID_PARAMS;
1012
1013 /* Ignore this PDU if it wasn't requested */
1014 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1015 return 0;
1016
1017 skb_pull(skb, sizeof(*rp));
1018
1019 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1020
1021 return 0;
1022 }
1023
1024 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1025 {
1026 struct smp_cmd_master_ident *rp = (void *) skb->data;
1027 struct smp_chan *smp = conn->smp_chan;
1028 struct hci_dev *hdev = conn->hcon->hdev;
1029 struct hci_conn *hcon = conn->hcon;
1030 struct smp_ltk *ltk;
1031 u8 authenticated;
1032
1033 BT_DBG("conn %p", conn);
1034
1035 if (skb->len < sizeof(*rp))
1036 return SMP_INVALID_PARAMS;
1037
1038 /* Ignore this PDU if it wasn't requested */
1039 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1040 return 0;
1041
1042 /* Mark the information as received */
1043 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1044
1045 skb_pull(skb, sizeof(*rp));
1046
1047 hci_dev_lock(hdev);
1048 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1049 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1050 authenticated, smp->tk, smp->enc_key_size,
1051 rp->ediv, rp->rand);
1052 smp->ltk = ltk;
1053 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1054 smp_distribute_keys(conn);
1055 hci_dev_unlock(hdev);
1056
1057 return 0;
1058 }
1059
1060 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1061 {
1062 struct smp_cmd_ident_info *info = (void *) skb->data;
1063 struct smp_chan *smp = conn->smp_chan;
1064
1065 BT_DBG("");
1066
1067 if (skb->len < sizeof(*info))
1068 return SMP_INVALID_PARAMS;
1069
1070 /* Ignore this PDU if it wasn't requested */
1071 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1072 return 0;
1073
1074 skb_pull(skb, sizeof(*info));
1075
1076 memcpy(smp->irk, info->irk, 16);
1077
1078 return 0;
1079 }
1080
1081 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1082 struct sk_buff *skb)
1083 {
1084 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1085 struct smp_chan *smp = conn->smp_chan;
1086 struct hci_conn *hcon = conn->hcon;
1087 bdaddr_t rpa;
1088
1089 BT_DBG("");
1090
1091 if (skb->len < sizeof(*info))
1092 return SMP_INVALID_PARAMS;
1093
1094 /* Ignore this PDU if it wasn't requested */
1095 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1096 return 0;
1097
1098 /* Mark the information as received */
1099 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1100
1101 skb_pull(skb, sizeof(*info));
1102
1103 hci_dev_lock(hcon->hdev);
1104
1105 /* Strictly speaking the Core Specification (4.1) allows sending
1106 * an empty address which would force us to rely on just the IRK
1107 * as "identity information". However, since such
1108 * implementations are not known of and in order to not over
1109 * complicate our implementation, simply pretend that we never
1110 * received an IRK for such a device.
1111 */
1112 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1113 BT_ERR("Ignoring IRK with no identity address");
1114 goto distribute;
1115 }
1116
1117 bacpy(&smp->id_addr, &info->bdaddr);
1118 smp->id_addr_type = info->addr_type;
1119
1120 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1121 bacpy(&rpa, &hcon->dst);
1122 else
1123 bacpy(&rpa, BDADDR_ANY);
1124
1125 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1126 smp->id_addr_type, smp->irk, &rpa);
1127
1128 distribute:
1129 smp_distribute_keys(conn);
1130
1131 hci_dev_unlock(hcon->hdev);
1132
1133 return 0;
1134 }
1135
1136 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1137 {
1138 struct smp_cmd_sign_info *rp = (void *) skb->data;
1139 struct smp_chan *smp = conn->smp_chan;
1140 struct hci_dev *hdev = conn->hcon->hdev;
1141 struct smp_csrk *csrk;
1142
1143 BT_DBG("conn %p", conn);
1144
1145 if (skb->len < sizeof(*rp))
1146 return SMP_INVALID_PARAMS;
1147
1148 /* Ignore this PDU if it wasn't requested */
1149 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1150 return 0;
1151
1152 /* Mark the information as received */
1153 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1154
1155 skb_pull(skb, sizeof(*rp));
1156
1157 hci_dev_lock(hdev);
1158 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1159 if (csrk) {
1160 csrk->master = 0x01;
1161 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1162 }
1163 smp->csrk = csrk;
1164 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1165 smp_distribute_keys(conn);
1166 hci_dev_unlock(hdev);
1167
1168 return 0;
1169 }
1170
1171 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1172 {
1173 struct hci_conn *hcon = conn->hcon;
1174 __u8 code, reason;
1175 int err = 0;
1176
1177 if (hcon->type != LE_LINK) {
1178 kfree_skb(skb);
1179 return 0;
1180 }
1181
1182 if (skb->len < 1) {
1183 kfree_skb(skb);
1184 return -EILSEQ;
1185 }
1186
1187 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1188 err = -ENOTSUPP;
1189 reason = SMP_PAIRING_NOTSUPP;
1190 goto done;
1191 }
1192
1193 code = skb->data[0];
1194 skb_pull(skb, sizeof(code));
1195
1196 /*
1197 * The SMP context must be initialized for all other PDUs except
1198 * pairing and security requests. If we get any other PDU when
1199 * not initialized simply disconnect (done if this function
1200 * returns an error).
1201 */
1202 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1203 !conn->smp_chan) {
1204 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1205 kfree_skb(skb);
1206 return -ENOTSUPP;
1207 }
1208
1209 switch (code) {
1210 case SMP_CMD_PAIRING_REQ:
1211 reason = smp_cmd_pairing_req(conn, skb);
1212 break;
1213
1214 case SMP_CMD_PAIRING_FAIL:
1215 smp_failure(conn, 0);
1216 reason = 0;
1217 err = -EPERM;
1218 break;
1219
1220 case SMP_CMD_PAIRING_RSP:
1221 reason = smp_cmd_pairing_rsp(conn, skb);
1222 break;
1223
1224 case SMP_CMD_SECURITY_REQ:
1225 reason = smp_cmd_security_req(conn, skb);
1226 break;
1227
1228 case SMP_CMD_PAIRING_CONFIRM:
1229 reason = smp_cmd_pairing_confirm(conn, skb);
1230 break;
1231
1232 case SMP_CMD_PAIRING_RANDOM:
1233 reason = smp_cmd_pairing_random(conn, skb);
1234 break;
1235
1236 case SMP_CMD_ENCRYPT_INFO:
1237 reason = smp_cmd_encrypt_info(conn, skb);
1238 break;
1239
1240 case SMP_CMD_MASTER_IDENT:
1241 reason = smp_cmd_master_ident(conn, skb);
1242 break;
1243
1244 case SMP_CMD_IDENT_INFO:
1245 reason = smp_cmd_ident_info(conn, skb);
1246 break;
1247
1248 case SMP_CMD_IDENT_ADDR_INFO:
1249 reason = smp_cmd_ident_addr_info(conn, skb);
1250 break;
1251
1252 case SMP_CMD_SIGN_INFO:
1253 reason = smp_cmd_sign_info(conn, skb);
1254 break;
1255
1256 default:
1257 BT_DBG("Unknown command code 0x%2.2x", code);
1258
1259 reason = SMP_CMD_NOTSUPP;
1260 err = -EOPNOTSUPP;
1261 goto done;
1262 }
1263
1264 done:
1265 if (reason)
1266 smp_failure(conn, reason);
1267
1268 kfree_skb(skb);
1269 return err;
1270 }
1271
1272 static void smp_notify_keys(struct l2cap_conn *conn)
1273 {
1274 struct smp_chan *smp = conn->smp_chan;
1275 struct hci_conn *hcon = conn->hcon;
1276 struct hci_dev *hdev = hcon->hdev;
1277 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1278 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1279 bool persistent;
1280
1281 if (smp->remote_irk) {
1282 mgmt_new_irk(hdev, smp->remote_irk);
1283 /* Now that user space can be considered to know the
1284 * identity address track the connection based on it
1285 * from now on.
1286 */
1287 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1288 hcon->dst_type = smp->remote_irk->addr_type;
1289 l2cap_conn_update_id_addr(hcon);
1290 }
1291
1292 /* The LTKs and CSRKs should be persistent only if both sides
1293 * had the bonding bit set in their authentication requests.
1294 */
1295 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1296
1297 if (smp->csrk) {
1298 smp->csrk->bdaddr_type = hcon->dst_type;
1299 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1300 mgmt_new_csrk(hdev, smp->csrk, persistent);
1301 }
1302
1303 if (smp->slave_csrk) {
1304 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1305 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1306 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1307 }
1308
1309 if (smp->ltk) {
1310 smp->ltk->bdaddr_type = hcon->dst_type;
1311 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1312 mgmt_new_ltk(hdev, smp->ltk, persistent);
1313 }
1314
1315 if (smp->slave_ltk) {
1316 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1317 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1318 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1319 }
1320 }
1321
1322 int smp_distribute_keys(struct l2cap_conn *conn)
1323 {
1324 struct smp_cmd_pairing *req, *rsp;
1325 struct smp_chan *smp = conn->smp_chan;
1326 struct hci_conn *hcon = conn->hcon;
1327 struct hci_dev *hdev = hcon->hdev;
1328 __u8 *keydist;
1329
1330 BT_DBG("conn %p", conn);
1331
1332 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1333 return 0;
1334
1335 rsp = (void *) &smp->prsp[1];
1336
1337 /* The responder sends its keys first */
1338 if (hcon->out && (smp->remote_key_dist & 0x07))
1339 return 0;
1340
1341 req = (void *) &smp->preq[1];
1342
1343 if (hcon->out) {
1344 keydist = &rsp->init_key_dist;
1345 *keydist &= req->init_key_dist;
1346 } else {
1347 keydist = &rsp->resp_key_dist;
1348 *keydist &= req->resp_key_dist;
1349 }
1350
1351 BT_DBG("keydist 0x%x", *keydist);
1352
1353 if (*keydist & SMP_DIST_ENC_KEY) {
1354 struct smp_cmd_encrypt_info enc;
1355 struct smp_cmd_master_ident ident;
1356 struct smp_ltk *ltk;
1357 u8 authenticated;
1358 __le16 ediv;
1359 __le64 rand;
1360
1361 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1362 get_random_bytes(&ediv, sizeof(ediv));
1363 get_random_bytes(&rand, sizeof(rand));
1364
1365 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1366
1367 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1368 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1369 SMP_LTK_SLAVE, authenticated, enc.ltk,
1370 smp->enc_key_size, ediv, rand);
1371 smp->slave_ltk = ltk;
1372
1373 ident.ediv = ediv;
1374 ident.rand = rand;
1375
1376 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1377
1378 *keydist &= ~SMP_DIST_ENC_KEY;
1379 }
1380
1381 if (*keydist & SMP_DIST_ID_KEY) {
1382 struct smp_cmd_ident_addr_info addrinfo;
1383 struct smp_cmd_ident_info idinfo;
1384
1385 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1386
1387 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1388
1389 /* The hci_conn contains the local identity address
1390 * after the connection has been established.
1391 *
1392 * This is true even when the connection has been
1393 * established using a resolvable random address.
1394 */
1395 bacpy(&addrinfo.bdaddr, &hcon->src);
1396 addrinfo.addr_type = hcon->src_type;
1397
1398 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1399 &addrinfo);
1400
1401 *keydist &= ~SMP_DIST_ID_KEY;
1402 }
1403
1404 if (*keydist & SMP_DIST_SIGN) {
1405 struct smp_cmd_sign_info sign;
1406 struct smp_csrk *csrk;
1407
1408 /* Generate a new random key */
1409 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1410
1411 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1412 if (csrk) {
1413 csrk->master = 0x00;
1414 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1415 }
1416 smp->slave_csrk = csrk;
1417
1418 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1419
1420 *keydist &= ~SMP_DIST_SIGN;
1421 }
1422
1423 /* If there are still keys to be received wait for them */
1424 if ((smp->remote_key_dist & 0x07))
1425 return 0;
1426
1427 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1428 cancel_delayed_work_sync(&conn->security_timer);
1429 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1430 smp_notify_keys(conn);
1431
1432 smp_chan_destroy(conn);
1433
1434 return 0;
1435 }
Linux kernel - Deliverables
This page took 0.14932 seconds and 6 git commands to generate.