2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
38 static inline void swap128(u8 src
[16], u8 dst
[16])
41 for (i
= 0; i
< 16; i
++)
45 static inline void swap56(u8 src
[7], u8 dst
[7])
48 for (i
= 0; i
< 7; i
++)
52 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
54 struct blkcipher_desc desc
;
55 struct scatterlist sg
;
59 BT_ERR("tfm %p", tfm
);
66 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
68 BT_ERR("cipher setkey failed: %d", err
);
72 sg_init_one(&sg
, r
, 16);
74 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
76 BT_ERR("Encrypt data error %d", err
);
81 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
86 /* r' = padding || r */
93 err
= smp_e(tfm
, k
, _res
);
95 BT_ERR("Encrypt error");
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
112 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
120 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
124 return !memcmp(bdaddr
->b
, hash
, 3);
127 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
131 get_random_bytes(&rpa
->b
[3], 3);
133 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
134 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
136 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
140 BT_DBG("RPA %pMR", rpa
);
145 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
146 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
147 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
154 /* p1 = pres || preq || _rat || _iat */
156 swap56(preq
, p1
+ 7);
162 /* p2 = padding || ia || ra */
163 baswap((bdaddr_t
*) (p2
+ 4), ia
);
164 baswap((bdaddr_t
*) (p2
+ 10), ra
);
167 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
169 /* res = e(k, res) */
170 err
= smp_e(tfm
, k
, res
);
172 BT_ERR("Encrypt data error");
176 /* res = res XOR p2 */
177 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
179 /* res = e(k, res) */
180 err
= smp_e(tfm
, k
, res
);
182 BT_ERR("Encrypt data error");
187 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
188 u8 r2
[16], u8 _r
[16])
192 /* Just least significant octets from r1 and r2 are considered */
193 memcpy(_r
, r1
+ 8, 8);
194 memcpy(_r
+ 8, r2
+ 8, 8);
196 err
= smp_e(tfm
, k
, _r
);
198 BT_ERR("Encrypt data error");
203 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
204 u16 dlen
, void *data
)
207 struct l2cap_hdr
*lh
;
210 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
215 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
219 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
220 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
221 lh
->cid
= __constant_cpu_to_le16(L2CAP_CID_SMP
);
223 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
225 memcpy(skb_put(skb
, dlen
), data
, dlen
);
230 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
232 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
234 BT_DBG("code 0x%2.2x", code
);
239 skb
->priority
= HCI_PRIO_MAX
;
240 hci_send_acl(conn
->hchan
, skb
, 0);
242 cancel_delayed_work_sync(&conn
->security_timer
);
243 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
246 static __u8
authreq_to_seclevel(__u8 authreq
)
248 if (authreq
& SMP_AUTH_MITM
)
249 return BT_SECURITY_HIGH
;
251 return BT_SECURITY_MEDIUM
;
254 static __u8
seclevel_to_authreq(__u8 sec_level
)
257 case BT_SECURITY_HIGH
:
258 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
259 case BT_SECURITY_MEDIUM
:
260 return SMP_AUTH_BONDING
;
262 return SMP_AUTH_NONE
;
266 static void build_pairing_cmd(struct l2cap_conn
*conn
,
267 struct smp_cmd_pairing
*req
,
268 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
270 struct smp_chan
*smp
= conn
->smp_chan
;
271 struct hci_conn
*hcon
= conn
->hcon
;
272 struct hci_dev
*hdev
= hcon
->hdev
;
273 u8 local_dist
= 0, remote_dist
= 0;
275 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
276 local_dist
= SMP_DIST_ENC_KEY
;
277 remote_dist
= SMP_DIST_ENC_KEY
;
278 authreq
|= SMP_AUTH_BONDING
;
280 authreq
&= ~SMP_AUTH_BONDING
;
283 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
284 remote_dist
|= SMP_DIST_ID_KEY
;
286 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
287 local_dist
|= SMP_DIST_ID_KEY
;
290 req
->io_capability
= conn
->hcon
->io_capability
;
291 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
292 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
293 req
->init_key_dist
= local_dist
;
294 req
->resp_key_dist
= remote_dist
;
295 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
297 smp
->remote_key_dist
= remote_dist
;
301 rsp
->io_capability
= conn
->hcon
->io_capability
;
302 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
303 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
304 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
305 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
306 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
308 smp
->remote_key_dist
= rsp
->init_key_dist
;
311 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
313 struct smp_chan
*smp
= conn
->smp_chan
;
315 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
316 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
317 return SMP_ENC_KEY_SIZE
;
319 smp
->enc_key_size
= max_key_size
;
324 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
326 struct hci_conn
*hcon
= conn
->hcon
;
329 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
332 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
333 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
334 HCI_ERROR_AUTH_FAILURE
);
336 cancel_delayed_work_sync(&conn
->security_timer
);
338 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
339 smp_chan_destroy(conn
);
342 #define JUST_WORKS 0x00
343 #define JUST_CFM 0x01
344 #define REQ_PASSKEY 0x02
345 #define CFM_PASSKEY 0x03
349 static const u8 gen_method
[5][5] = {
350 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
351 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
352 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
353 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
354 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
357 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
358 u8 local_io
, u8 remote_io
)
360 struct hci_conn
*hcon
= conn
->hcon
;
361 struct smp_chan
*smp
= conn
->smp_chan
;
366 /* Initialize key for JUST WORKS */
367 memset(smp
->tk
, 0, sizeof(smp
->tk
));
368 clear_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
370 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
372 /* If neither side wants MITM, use JUST WORKS */
373 /* If either side has unknown io_caps, use JUST WORKS */
374 /* Otherwise, look up method from the table */
375 if (!(auth
& SMP_AUTH_MITM
) ||
376 local_io
> SMP_IO_KEYBOARD_DISPLAY
||
377 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
380 method
= gen_method
[remote_io
][local_io
];
382 /* If not bonding, don't ask user to confirm a Zero TK */
383 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
386 /* If Just Works, Continue with Zero TK */
387 if (method
== JUST_WORKS
) {
388 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
392 /* Not Just Works/Confirm results in MITM Authentication */
393 if (method
!= JUST_CFM
)
394 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->smp_flags
);
396 /* If both devices have Keyoard-Display I/O, the master
397 * Confirms and the slave Enters the passkey.
399 if (method
== OVERLAP
) {
400 if (hcon
->link_mode
& HCI_LM_MASTER
)
401 method
= CFM_PASSKEY
;
403 method
= REQ_PASSKEY
;
406 /* Generate random passkey. Not valid until confirmed. */
407 if (method
== CFM_PASSKEY
) {
410 memset(key
, 0, sizeof(key
));
411 get_random_bytes(&passkey
, sizeof(passkey
));
413 put_unaligned_le32(passkey
, key
);
414 swap128(key
, smp
->tk
);
415 BT_DBG("PassKey: %d", passkey
);
418 hci_dev_lock(hcon
->hdev
);
420 if (method
== REQ_PASSKEY
)
421 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
422 hcon
->type
, hcon
->dst_type
);
424 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
425 hcon
->type
, hcon
->dst_type
,
426 cpu_to_le32(passkey
), 0);
428 hci_dev_unlock(hcon
->hdev
);
433 static void confirm_work(struct work_struct
*work
)
435 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, confirm
);
436 struct l2cap_conn
*conn
= smp
->conn
;
437 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
438 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
439 struct smp_cmd_pairing_confirm cp
;
443 BT_DBG("conn %p", conn
);
445 /* Prevent mutual access to hdev->tfm_aes */
449 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
450 conn
->hcon
->src_type
, &conn
->hcon
->src
,
451 conn
->hcon
->dst_type
, &conn
->hcon
->dst
, res
);
453 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
454 conn
->hcon
->dst_type
, &conn
->hcon
->dst
,
455 conn
->hcon
->src_type
, &conn
->hcon
->src
, res
);
457 hci_dev_unlock(hdev
);
460 reason
= SMP_UNSPECIFIED
;
464 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
466 swap128(res
, cp
.confirm_val
);
467 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
472 smp_failure(conn
, reason
);
475 static void random_work(struct work_struct
*work
)
477 struct smp_chan
*smp
= container_of(work
, struct smp_chan
, random
);
478 struct l2cap_conn
*conn
= smp
->conn
;
479 struct hci_conn
*hcon
= conn
->hcon
;
480 struct hci_dev
*hdev
= hcon
->hdev
;
481 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
482 u8 reason
, confirm
[16], res
[16], key
[16];
485 if (IS_ERR_OR_NULL(tfm
)) {
486 reason
= SMP_UNSPECIFIED
;
490 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
492 /* Prevent mutual access to hdev->tfm_aes */
496 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
497 hcon
->src_type
, &hcon
->src
,
498 hcon
->dst_type
, &hcon
->dst
, res
);
500 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
501 hcon
->dst_type
, &hcon
->dst
,
502 hcon
->src_type
, &hcon
->src
, res
);
504 hci_dev_unlock(hdev
);
507 reason
= SMP_UNSPECIFIED
;
511 swap128(res
, confirm
);
513 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
514 BT_ERR("Pairing failed (confirmation values mismatch)");
515 reason
= SMP_CONFIRM_FAILED
;
524 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, key
);
527 memset(stk
+ smp
->enc_key_size
, 0,
528 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
530 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
)) {
531 reason
= SMP_UNSPECIFIED
;
535 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
536 hcon
->enc_key_size
= smp
->enc_key_size
;
542 swap128(smp
->prnd
, r
);
543 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(r
), r
);
545 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, key
);
548 memset(stk
+ smp
->enc_key_size
, 0,
549 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
551 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
552 HCI_SMP_STK_SLAVE
, 0, stk
, smp
->enc_key_size
,
559 smp_failure(conn
, reason
);
562 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
564 struct smp_chan
*smp
;
566 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
570 INIT_WORK(&smp
->confirm
, confirm_work
);
571 INIT_WORK(&smp
->random
, random_work
);
574 conn
->smp_chan
= smp
;
575 conn
->hcon
->smp_conn
= conn
;
577 hci_conn_hold(conn
->hcon
);
582 void smp_chan_destroy(struct l2cap_conn
*conn
)
584 struct smp_chan
*smp
= conn
->smp_chan
;
589 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
590 mgmt_smp_complete(conn
->hcon
, complete
);
592 /* If pairing failed clean up any keys we might have */
595 list_del(&smp
->ltk
->list
);
599 if (smp
->slave_ltk
) {
600 list_del(&smp
->slave_ltk
->list
);
601 kfree(smp
->slave_ltk
);
604 if (smp
->remote_irk
) {
605 list_del(&smp
->remote_irk
->list
);
606 kfree(smp
->remote_irk
);
611 conn
->smp_chan
= NULL
;
612 conn
->hcon
->smp_conn
= NULL
;
613 hci_conn_drop(conn
->hcon
);
616 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
618 struct l2cap_conn
*conn
= hcon
->smp_conn
;
619 struct smp_chan
*smp
;
628 smp
= conn
->smp_chan
;
631 case MGMT_OP_USER_PASSKEY_REPLY
:
632 value
= le32_to_cpu(passkey
);
633 memset(key
, 0, sizeof(key
));
634 BT_DBG("PassKey: %d", value
);
635 put_unaligned_le32(value
, key
);
636 swap128(key
, smp
->tk
);
638 case MGMT_OP_USER_CONFIRM_REPLY
:
639 set_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
);
641 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
642 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
643 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
646 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
650 /* If it is our turn to send Pairing Confirm, do so now */
651 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
))
652 queue_work(hcon
->hdev
->workqueue
, &smp
->confirm
);
657 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
659 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
660 struct smp_chan
*smp
;
662 u8 auth
= SMP_AUTH_NONE
;
665 BT_DBG("conn %p", conn
);
667 if (skb
->len
< sizeof(*req
))
668 return SMP_UNSPECIFIED
;
670 if (conn
->hcon
->link_mode
& HCI_LM_MASTER
)
671 return SMP_CMD_NOTSUPP
;
673 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
674 smp
= smp_chan_create(conn
);
676 smp
= conn
->smp_chan
;
679 return SMP_UNSPECIFIED
;
681 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
682 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
683 skb_pull(skb
, sizeof(*req
));
685 /* We didn't start the pairing, so match remote */
686 if (req
->auth_req
& SMP_AUTH_BONDING
)
687 auth
= req
->auth_req
;
689 conn
->hcon
->pending_sec_level
= authreq_to_seclevel(auth
);
691 build_pairing_cmd(conn
, req
, &rsp
, auth
);
693 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
694 if (check_enc_key_size(conn
, key_size
))
695 return SMP_ENC_KEY_SIZE
;
697 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
699 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
700 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
702 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
704 /* Request setup of TK */
705 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
707 return SMP_UNSPECIFIED
;
712 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
714 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
715 struct smp_chan
*smp
= conn
->smp_chan
;
716 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
717 u8 key_size
, auth
= SMP_AUTH_NONE
;
720 BT_DBG("conn %p", conn
);
722 if (skb
->len
< sizeof(*rsp
))
723 return SMP_UNSPECIFIED
;
725 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
726 return SMP_CMD_NOTSUPP
;
728 skb_pull(skb
, sizeof(*rsp
));
730 req
= (void *) &smp
->preq
[1];
732 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
733 if (check_enc_key_size(conn
, key_size
))
734 return SMP_ENC_KEY_SIZE
;
736 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
738 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
739 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
741 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
742 (rsp
->auth_req
& SMP_AUTH_BONDING
))
743 auth
= SMP_AUTH_BONDING
;
745 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
747 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
749 return SMP_UNSPECIFIED
;
751 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
753 /* Can't compose response until we have been confirmed */
754 if (!test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
))
757 queue_work(hdev
->workqueue
, &smp
->confirm
);
762 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
764 struct smp_chan
*smp
= conn
->smp_chan
;
765 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
767 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
769 if (skb
->len
< sizeof(smp
->pcnf
))
770 return SMP_UNSPECIFIED
;
772 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
773 skb_pull(skb
, sizeof(smp
->pcnf
));
775 if (conn
->hcon
->out
) {
778 swap128(smp
->prnd
, random
);
779 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
781 } else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->smp_flags
)) {
782 queue_work(hdev
->workqueue
, &smp
->confirm
);
784 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->smp_flags
);
790 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
792 struct smp_chan
*smp
= conn
->smp_chan
;
793 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
795 BT_DBG("conn %p", conn
);
797 if (skb
->len
< sizeof(smp
->rrnd
))
798 return SMP_UNSPECIFIED
;
800 swap128(skb
->data
, smp
->rrnd
);
801 skb_pull(skb
, sizeof(smp
->rrnd
));
803 queue_work(hdev
->workqueue
, &smp
->random
);
808 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
811 struct hci_conn
*hcon
= conn
->hcon
;
813 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
818 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
821 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
824 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
825 hcon
->enc_key_size
= key
->enc_size
;
830 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
832 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
833 struct smp_cmd_pairing cp
;
834 struct hci_conn
*hcon
= conn
->hcon
;
835 struct smp_chan
*smp
;
837 BT_DBG("conn %p", conn
);
839 if (skb
->len
< sizeof(*rp
))
840 return SMP_UNSPECIFIED
;
842 if (!(conn
->hcon
->link_mode
& HCI_LM_MASTER
))
843 return SMP_CMD_NOTSUPP
;
845 hcon
->pending_sec_level
= authreq_to_seclevel(rp
->auth_req
);
847 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
850 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
853 smp
= smp_chan_create(conn
);
855 skb_pull(skb
, sizeof(*rp
));
857 memset(&cp
, 0, sizeof(cp
));
858 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
860 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
861 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
863 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
868 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
870 if (sec_level
== BT_SECURITY_LOW
)
873 if (hcon
->sec_level
>= sec_level
)
879 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
881 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
882 struct smp_chan
*smp
= conn
->smp_chan
;
885 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
887 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
890 if (smp_sufficient_security(hcon
, sec_level
))
893 if (hcon
->link_mode
& HCI_LM_MASTER
)
894 if (smp_ltk_encrypt(conn
, sec_level
))
897 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
900 smp
= smp_chan_create(conn
);
904 authreq
= seclevel_to_authreq(sec_level
);
906 if (hcon
->link_mode
& HCI_LM_MASTER
) {
907 struct smp_cmd_pairing cp
;
909 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
910 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
911 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
913 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
915 struct smp_cmd_security_req cp
;
916 cp
.auth_req
= authreq
;
917 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
921 hcon
->pending_sec_level
= sec_level
;
926 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
928 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
929 struct smp_chan
*smp
= conn
->smp_chan
;
931 BT_DBG("conn %p", conn
);
933 if (skb
->len
< sizeof(*rp
))
934 return SMP_UNSPECIFIED
;
936 /* Ignore this PDU if it wasn't requested */
937 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
940 skb_pull(skb
, sizeof(*rp
));
942 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
947 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
949 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
950 struct smp_chan
*smp
= conn
->smp_chan
;
951 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
952 struct hci_conn
*hcon
= conn
->hcon
;
956 BT_DBG("conn %p", conn
);
958 if (skb
->len
< sizeof(*rp
))
959 return SMP_UNSPECIFIED
;
961 /* Ignore this PDU if it wasn't requested */
962 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
965 /* Mark the information as received */
966 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
968 skb_pull(skb
, sizeof(*rp
));
971 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
972 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, HCI_SMP_LTK
,
973 authenticated
, smp
->tk
, smp
->enc_key_size
,
976 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
977 smp_distribute_keys(conn
);
978 hci_dev_unlock(hdev
);
983 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
985 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
986 struct smp_chan
*smp
= conn
->smp_chan
;
990 if (skb
->len
< sizeof(*info
))
991 return SMP_UNSPECIFIED
;
993 /* Ignore this PDU if it wasn't requested */
994 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
997 skb_pull(skb
, sizeof(*info
));
999 memcpy(smp
->irk
, info
->irk
, 16);
1004 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1005 struct sk_buff
*skb
)
1007 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1008 struct smp_chan
*smp
= conn
->smp_chan
;
1009 struct hci_conn
*hcon
= conn
->hcon
;
1014 if (skb
->len
< sizeof(*info
))
1015 return SMP_UNSPECIFIED
;
1017 /* Ignore this PDU if it wasn't requested */
1018 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1021 /* Mark the information as received */
1022 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1024 skb_pull(skb
, sizeof(*info
));
1026 /* Strictly speaking the Core Specification (4.1) allows sending
1027 * an empty address which would force us to rely on just the IRK
1028 * as "identity information". However, since such
1029 * implementations are not known of and in order to not over
1030 * complicate our implementation, simply pretend that we never
1031 * received an IRK for such a device.
1033 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1034 BT_ERR("Ignoring IRK with no identity address");
1035 smp_distribute_keys(conn
);
1039 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1040 smp
->id_addr_type
= info
->addr_type
;
1042 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1043 bacpy(&rpa
, &hcon
->dst
);
1045 bacpy(&rpa
, BDADDR_ANY
);
1047 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1048 smp
->id_addr_type
, smp
->irk
, &rpa
);
1050 /* Track the connection based on the Identity Address from now on */
1051 bacpy(&hcon
->dst
, &smp
->id_addr
);
1052 hcon
->dst_type
= smp
->id_addr_type
;
1054 l2cap_conn_update_id_addr(hcon
);
1056 smp_distribute_keys(conn
);
1061 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1063 struct hci_conn
*hcon
= conn
->hcon
;
1067 if (hcon
->type
!= LE_LINK
) {
1077 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1079 reason
= SMP_PAIRING_NOTSUPP
;
1083 code
= skb
->data
[0];
1084 skb_pull(skb
, sizeof(code
));
1087 * The SMP context must be initialized for all other PDUs except
1088 * pairing and security requests. If we get any other PDU when
1089 * not initialized simply disconnect (done if this function
1090 * returns an error).
1092 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1094 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1100 case SMP_CMD_PAIRING_REQ
:
1101 reason
= smp_cmd_pairing_req(conn
, skb
);
1104 case SMP_CMD_PAIRING_FAIL
:
1105 smp_failure(conn
, 0);
1110 case SMP_CMD_PAIRING_RSP
:
1111 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1114 case SMP_CMD_SECURITY_REQ
:
1115 reason
= smp_cmd_security_req(conn
, skb
);
1118 case SMP_CMD_PAIRING_CONFIRM
:
1119 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1122 case SMP_CMD_PAIRING_RANDOM
:
1123 reason
= smp_cmd_pairing_random(conn
, skb
);
1126 case SMP_CMD_ENCRYPT_INFO
:
1127 reason
= smp_cmd_encrypt_info(conn
, skb
);
1130 case SMP_CMD_MASTER_IDENT
:
1131 reason
= smp_cmd_master_ident(conn
, skb
);
1134 case SMP_CMD_IDENT_INFO
:
1135 reason
= smp_cmd_ident_info(conn
, skb
);
1138 case SMP_CMD_IDENT_ADDR_INFO
:
1139 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1142 case SMP_CMD_SIGN_INFO
:
1148 BT_DBG("Unknown command code 0x%2.2x", code
);
1150 reason
= SMP_CMD_NOTSUPP
;
1157 smp_failure(conn
, reason
);
1163 static void smp_notify_keys(struct l2cap_conn
*conn
)
1165 struct smp_chan
*smp
= conn
->smp_chan
;
1166 struct hci_conn
*hcon
= conn
->hcon
;
1167 struct hci_dev
*hdev
= hcon
->hdev
;
1169 if (smp
->remote_irk
)
1170 mgmt_new_irk(hdev
, smp
->remote_irk
);
1173 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1174 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1175 mgmt_new_ltk(hdev
, smp
->ltk
);
1178 if (smp
->slave_ltk
) {
1179 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1180 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1181 mgmt_new_ltk(hdev
, smp
->slave_ltk
);
1185 int smp_distribute_keys(struct l2cap_conn
*conn
)
1187 struct smp_cmd_pairing
*req
, *rsp
;
1188 struct smp_chan
*smp
= conn
->smp_chan
;
1189 struct hci_conn
*hcon
= conn
->hcon
;
1190 struct hci_dev
*hdev
= hcon
->hdev
;
1193 BT_DBG("conn %p", conn
);
1195 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1198 rsp
= (void *) &smp
->prsp
[1];
1200 /* The responder sends its keys first */
1201 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1204 req
= (void *) &smp
->preq
[1];
1207 keydist
= &rsp
->init_key_dist
;
1208 *keydist
&= req
->init_key_dist
;
1210 keydist
= &rsp
->resp_key_dist
;
1211 *keydist
&= req
->resp_key_dist
;
1214 BT_DBG("keydist 0x%x", *keydist
);
1216 if (*keydist
& SMP_DIST_ENC_KEY
) {
1217 struct smp_cmd_encrypt_info enc
;
1218 struct smp_cmd_master_ident ident
;
1219 struct smp_ltk
*ltk
;
1224 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1225 get_random_bytes(&ediv
, sizeof(ediv
));
1226 get_random_bytes(&rand
, sizeof(rand
));
1228 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1230 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1231 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1232 HCI_SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1233 smp
->enc_key_size
, ediv
, rand
);
1234 smp
->slave_ltk
= ltk
;
1239 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1241 *keydist
&= ~SMP_DIST_ENC_KEY
;
1244 if (*keydist
& SMP_DIST_ID_KEY
) {
1245 struct smp_cmd_ident_addr_info addrinfo
;
1246 struct smp_cmd_ident_info idinfo
;
1248 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1250 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1252 /* The hci_conn contains the local identity address
1253 * after the connection has been established.
1255 * This is true even when the connection has been
1256 * established using a resolvable random address.
1258 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1259 addrinfo
.addr_type
= hcon
->src_type
;
1261 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1264 *keydist
&= ~SMP_DIST_ID_KEY
;
1267 if (*keydist
& SMP_DIST_SIGN
) {
1268 struct smp_cmd_sign_info sign
;
1270 /* Send a dummy key */
1271 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1273 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1275 *keydist
&= ~SMP_DIST_SIGN
;
1278 /* If there are still keys to be received wait for them */
1279 if ((smp
->remote_key_dist
& 0x07))
1282 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1283 cancel_delayed_work_sync(&conn
->security_timer
);
1284 set_bit(SMP_FLAG_COMPLETE
, &smp
->smp_flags
);
1285 smp_notify_keys(conn
);
1287 smp_chan_destroy(conn
);