2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <crypto/b128ops.h>
30 static inline void swap128(u8 src
[16], u8 dst
[16])
33 for (i
= 0; i
< 16; i
++)
37 static inline void swap56(u8 src
[7], u8 dst
[7])
40 for (i
= 0; i
< 7; i
++)
44 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
46 struct blkcipher_desc desc
;
47 struct scatterlist sg
;
49 unsigned char iv
[128];
52 BT_ERR("tfm %p", tfm
);
59 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
61 BT_ERR("cipher setkey failed: %d", err
);
65 sg_init_one(&sg
, r
, 16);
67 iv_len
= crypto_blkcipher_ivsize(tfm
);
69 memset(&iv
, 0xff, iv_len
);
70 crypto_blkcipher_set_iv(tfm
, iv
, iv_len
);
73 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
75 BT_ERR("Encrypt data error %d", err
);
80 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
81 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
82 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
89 /* p1 = pres || preq || _rat || _iat */
97 /* p2 = padding || ia || ra */
98 baswap((bdaddr_t
*) (p2
+ 4), ia
);
99 baswap((bdaddr_t
*) (p2
+ 10), ra
);
102 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
104 /* res = e(k, res) */
105 err
= smp_e(tfm
, k
, res
);
107 BT_ERR("Encrypt data error");
111 /* res = res XOR p2 */
112 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
114 /* res = e(k, res) */
115 err
= smp_e(tfm
, k
, res
);
117 BT_ERR("Encrypt data error");
122 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16],
123 u8 r1
[16], u8 r2
[16], u8 _r
[16])
127 /* Just least significant octets from r1 and r2 are considered */
128 memcpy(_r
, r1
+ 8, 8);
129 memcpy(_r
+ 8, r2
+ 8, 8);
131 err
= smp_e(tfm
, k
, _r
);
133 BT_ERR("Encrypt data error");
138 static int smp_rand(u8
*buf
)
140 get_random_bytes(buf
, 16);
145 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
146 u16 dlen
, void *data
)
149 struct l2cap_hdr
*lh
;
152 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
157 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
161 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
162 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
163 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
165 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
167 memcpy(skb_put(skb
, dlen
), data
, dlen
);
172 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
174 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
176 BT_DBG("code 0x%2.2x", code
);
181 hci_send_acl(conn
->hcon
, skb
, 0);
184 static void build_pairing_cmd(struct l2cap_conn
*conn
,
185 struct smp_cmd_pairing
*cmd
, __u8 authreq
)
187 cmd
->io_capability
= conn
->hcon
->io_capability
;
188 cmd
->oob_flag
= SMP_OOB_NOT_PRESENT
;
189 cmd
->max_key_size
= 16;
190 cmd
->init_key_dist
= 0x00;
191 cmd
->resp_key_dist
= 0x00;
192 cmd
->auth_req
= authreq
;
195 static void smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
197 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
199 BT_DBG("conn %p", conn
);
201 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
202 memcpy(&conn
->preq
[1], rp
, sizeof(*rp
));
203 skb_pull(skb
, sizeof(*rp
));
205 rp
->io_capability
= 0x00;
207 rp
->max_key_size
= 16;
208 rp
->init_key_dist
= 0x00;
209 rp
->resp_key_dist
= 0x00;
210 rp
->auth_req
&= (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
213 memset(conn
->tk
, 0, sizeof(conn
->tk
));
215 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
216 memcpy(&conn
->prsp
[1], rp
, sizeof(*rp
));
218 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(*rp
), rp
);
221 static void smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
223 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
224 struct smp_cmd_pairing_confirm cp
;
225 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
229 BT_DBG("conn %p", conn
);
232 memset(conn
->tk
, 0, sizeof(conn
->tk
));
234 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
235 memcpy(&conn
->prsp
[1], rp
, sizeof(*rp
));
236 skb_pull(skb
, sizeof(*rp
));
238 ret
= smp_rand(conn
->prnd
);
242 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
, 0,
243 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
, res
);
247 swap128(res
, cp
.confirm_val
);
249 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
252 static void smp_cmd_pairing_confirm(struct l2cap_conn
*conn
,
255 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
257 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
259 memcpy(conn
->pcnf
, skb
->data
, sizeof(conn
->pcnf
));
260 skb_pull(skb
, sizeof(conn
->pcnf
));
262 if (conn
->hcon
->out
) {
265 swap128(conn
->prnd
, random
);
266 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
269 struct smp_cmd_pairing_confirm cp
;
273 ret
= smp_rand(conn
->prnd
);
277 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
,
278 conn
->hcon
->dst_type
, conn
->dst
,
283 swap128(res
, cp
.confirm_val
);
285 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
289 static void smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
291 struct hci_conn
*hcon
= conn
->hcon
;
292 struct crypto_blkcipher
*tfm
= hcon
->hdev
->tfm
;
294 u8 key
[16], res
[16], random
[16], confirm
[16];
296 swap128(skb
->data
, random
);
297 skb_pull(skb
, sizeof(random
));
299 memset(hcon
->ltk
, 0, sizeof(hcon
->ltk
));
302 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
, 0,
303 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
,
306 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
,
307 conn
->hcon
->dst_type
, conn
->dst
, 0, conn
->src
,
312 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
314 swap128(res
, confirm
);
316 if (memcmp(conn
->pcnf
, confirm
, sizeof(conn
->pcnf
)) != 0) {
317 struct smp_cmd_pairing_fail cp
;
319 BT_ERR("Pairing failed (confirmation values mismatch)");
320 cp
.reason
= SMP_CONFIRM_FAILED
;
321 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(cp
), &cp
);
325 if (conn
->hcon
->out
) {
329 smp_s1(tfm
, conn
->tk
, random
, conn
->prnd
, key
);
330 swap128(key
, hcon
->ltk
);
332 memset(rand
, 0, sizeof(rand
));
334 hci_le_start_enc(hcon
, ediv
, rand
, hcon
->ltk
);
338 swap128(conn
->prnd
, r
);
339 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(r
), r
);
341 smp_s1(tfm
, conn
->tk
, conn
->prnd
, random
, key
);
342 swap128(key
, hcon
->ltk
);
346 static void smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
348 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
349 struct smp_cmd_pairing cp
;
350 struct hci_conn
*hcon
= conn
->hcon
;
352 BT_DBG("conn %p", conn
);
354 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
))
357 skb_pull(skb
, sizeof(*rp
));
358 memset(&cp
, 0, sizeof(cp
));
360 cp
.io_capability
= 0x00;
362 cp
.max_key_size
= 16;
363 cp
.init_key_dist
= 0x00;
364 cp
.resp_key_dist
= 0x00;
365 cp
.auth_req
= rp
->auth_req
& (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
367 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
368 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
370 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
372 set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
);
375 static __u8
seclevel_to_authreq(__u8 level
)
378 case BT_SECURITY_HIGH
:
379 /* For now we don't support bonding */
380 return SMP_AUTH_MITM
;
383 return SMP_AUTH_NONE
;
387 int smp_conn_security(struct l2cap_conn
*conn
, __u8 sec_level
)
389 struct hci_conn
*hcon
= conn
->hcon
;
392 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
394 if (IS_ERR(hcon
->hdev
->tfm
))
397 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
))
400 if (sec_level
== BT_SECURITY_LOW
)
403 if (hcon
->sec_level
>= sec_level
)
406 authreq
= seclevel_to_authreq(sec_level
);
408 if (hcon
->link_mode
& HCI_LM_MASTER
) {
409 struct smp_cmd_pairing cp
;
410 cp
.io_capability
= 0x00;
412 cp
.max_key_size
= 16;
413 cp
.init_key_dist
= 0x00;
414 cp
.resp_key_dist
= 0x00;
415 cp
.auth_req
= authreq
;
417 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
418 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
420 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
422 struct smp_cmd_security_req cp
;
423 cp
.auth_req
= authreq
;
424 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
427 hcon
->pending_sec_level
= sec_level
;
428 set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
);
433 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
435 __u8 code
= skb
->data
[0];
439 if (IS_ERR(conn
->hcon
->hdev
->tfm
)) {
440 err
= PTR_ERR(conn
->hcon
->hdev
->tfm
);
441 reason
= SMP_PAIRING_NOTSUPP
;
445 skb_pull(skb
, sizeof(code
));
448 case SMP_CMD_PAIRING_REQ
:
449 smp_cmd_pairing_req(conn
, skb
);
452 case SMP_CMD_PAIRING_FAIL
:
455 case SMP_CMD_PAIRING_RSP
:
456 smp_cmd_pairing_rsp(conn
, skb
);
459 case SMP_CMD_SECURITY_REQ
:
460 smp_cmd_security_req(conn
, skb
);
463 case SMP_CMD_PAIRING_CONFIRM
:
464 smp_cmd_pairing_confirm(conn
, skb
);
467 case SMP_CMD_PAIRING_RANDOM
:
468 smp_cmd_pairing_random(conn
, skb
);
471 case SMP_CMD_ENCRYPT_INFO
:
472 case SMP_CMD_MASTER_IDENT
:
473 case SMP_CMD_IDENT_INFO
:
474 case SMP_CMD_IDENT_ADDR_INFO
:
475 case SMP_CMD_SIGN_INFO
:
477 BT_DBG("Unknown command code 0x%2.2x", code
);
479 reason
= SMP_CMD_NOTSUPP
;
486 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),