projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Track LE initiator and responder address information
[deliverable/linux.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 static inline void swap128(u8 src[16], u8 dst[16])
39 {
40 int i;
41 for (i = 0; i < 16; i++)
42 dst[15 - i] = src[i];
43 }
44
45 static inline void swap56(u8 src[7], u8 dst[7])
46 {
47 int i;
48 for (i = 0; i < 7; i++)
49 dst[6 - i] = src[i];
50 }
51
52 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
53 {
54 struct blkcipher_desc desc;
55 struct scatterlist sg;
56 int err;
57
58 if (tfm == NULL) {
59 BT_ERR("tfm %p", tfm);
60 return -EINVAL;
61 }
62
63 desc.tfm = tfm;
64 desc.flags = 0;
65
66 err = crypto_blkcipher_setkey(tfm, k, 16);
67 if (err) {
68 BT_ERR("cipher setkey failed: %d", err);
69 return err;
70 }
71
72 sg_init_one(&sg, r, 16);
73
74 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
75 if (err)
76 BT_ERR("Encrypt data error %d", err);
77
78 return err;
79 }
80
81 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
82 {
83 u8 _res[16], k[16];
84 int err;
85
86 /* r' = padding || r */
87 memset(_res, 0, 13);
88 _res[13] = r[2];
89 _res[14] = r[1];
90 _res[15] = r[0];
91
92 swap128(irk, k);
93 err = smp_e(tfm, k, _res);
94 if (err) {
95 BT_ERR("Encrypt error");
96 return err;
97 }
98
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
103 * result of ah.
104 */
105 res[0] = _res[15];
106 res[1] = _res[14];
107 res[2] = _res[13];
108
109 return 0;
110 }
111
112 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
113 bdaddr_t *bdaddr)
114 {
115 u8 hash[3];
116 int err;
117
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
119
120 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
121 if (err)
122 return false;
123
124 return !memcmp(bdaddr->b, hash, 3);
125 }
126
127 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
128 {
129 int err;
130
131 get_random_bytes(&rpa->b[3], 3);
132
133 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
134 rpa->b[5] |= 0x40; /* Set second most significant bit */
135
136 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
137 if (err < 0)
138 return err;
139
140 BT_DBG("RPA %pMR", rpa);
141
142 return 0;
143 }
144
145 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
146 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
147 u8 _rat, bdaddr_t *ra, u8 res[16])
148 {
149 u8 p1[16], p2[16];
150 int err;
151
152 memset(p1, 0, 16);
153
154 /* p1 = pres || preq || _rat || _iat */
155 swap56(pres, p1);
156 swap56(preq, p1 + 7);
157 p1[14] = _rat;
158 p1[15] = _iat;
159
160 memset(p2, 0, 16);
161
162 /* p2 = padding || ia || ra */
163 baswap((bdaddr_t *) (p2 + 4), ia);
164 baswap((bdaddr_t *) (p2 + 10), ra);
165
166 /* res = r XOR p1 */
167 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
168
169 /* res = e(k, res) */
170 err = smp_e(tfm, k, res);
171 if (err) {
172 BT_ERR("Encrypt data error");
173 return err;
174 }
175
176 /* res = res XOR p2 */
177 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
178
179 /* res = e(k, res) */
180 err = smp_e(tfm, k, res);
181 if (err)
182 BT_ERR("Encrypt data error");
183
184 return err;
185 }
186
187 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
188 u8 r2[16], u8 _r[16])
189 {
190 int err;
191
192 /* Just least significant octets from r1 and r2 are considered */
193 memcpy(_r, r1 + 8, 8);
194 memcpy(_r + 8, r2 + 8, 8);
195
196 err = smp_e(tfm, k, _r);
197 if (err)
198 BT_ERR("Encrypt data error");
199
200 return err;
201 }
202
203 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
204 u16 dlen, void *data)
205 {
206 struct sk_buff *skb;
207 struct l2cap_hdr *lh;
208 int len;
209
210 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
211
212 if (len > conn->mtu)
213 return NULL;
214
215 skb = bt_skb_alloc(len, GFP_ATOMIC);
216 if (!skb)
217 return NULL;
218
219 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
220 lh->len = cpu_to_le16(sizeof(code) + dlen);
221 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
222
223 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
224
225 memcpy(skb_put(skb, dlen), data, dlen);
226
227 return skb;
228 }
229
230 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
231 {
232 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
233
234 BT_DBG("code 0x%2.2x", code);
235
236 if (!skb)
237 return;
238
239 skb->priority = HCI_PRIO_MAX;
240 hci_send_acl(conn->hchan, skb, 0);
241
242 cancel_delayed_work_sync(&conn->security_timer);
243 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
244 }
245
246 static __u8 authreq_to_seclevel(__u8 authreq)
247 {
248 if (authreq & SMP_AUTH_MITM)
249 return BT_SECURITY_HIGH;
250 else
251 return BT_SECURITY_MEDIUM;
252 }
253
254 static __u8 seclevel_to_authreq(__u8 sec_level)
255 {
256 switch (sec_level) {
257 case BT_SECURITY_HIGH:
258 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
259 case BT_SECURITY_MEDIUM:
260 return SMP_AUTH_BONDING;
261 default:
262 return SMP_AUTH_NONE;
263 }
264 }
265
266 static void build_pairing_cmd(struct l2cap_conn *conn,
267 struct smp_cmd_pairing *req,
268 struct smp_cmd_pairing *rsp, __u8 authreq)
269 {
270 struct smp_chan *smp = conn->smp_chan;
271 struct hci_conn *hcon = conn->hcon;
272 struct hci_dev *hdev = hcon->hdev;
273 u8 local_dist = 0, remote_dist = 0;
274
275 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
276 local_dist = SMP_DIST_ENC_KEY;
277 remote_dist = SMP_DIST_ENC_KEY;
278 authreq |= SMP_AUTH_BONDING;
279 } else {
280 authreq &= ~SMP_AUTH_BONDING;
281 }
282
283 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
284 remote_dist |= SMP_DIST_ID_KEY;
285
286 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
287 local_dist |= SMP_DIST_ID_KEY;
288
289 if (rsp == NULL) {
290 req->io_capability = conn->hcon->io_capability;
291 req->oob_flag = SMP_OOB_NOT_PRESENT;
292 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
293 req->init_key_dist = local_dist;
294 req->resp_key_dist = remote_dist;
295 req->auth_req = (authreq & AUTH_REQ_MASK);
296
297 smp->remote_key_dist = remote_dist;
298 return;
299 }
300
301 rsp->io_capability = conn->hcon->io_capability;
302 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
303 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
304 rsp->init_key_dist = req->init_key_dist & remote_dist;
305 rsp->resp_key_dist = req->resp_key_dist & local_dist;
306 rsp->auth_req = (authreq & AUTH_REQ_MASK);
307
308 smp->remote_key_dist = rsp->init_key_dist;
309 }
310
311 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
312 {
313 struct smp_chan *smp = conn->smp_chan;
314
315 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
316 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
317 return SMP_ENC_KEY_SIZE;
318
319 smp->enc_key_size = max_key_size;
320
321 return 0;
322 }
323
324 static void smp_failure(struct l2cap_conn *conn, u8 reason)
325 {
326 struct hci_conn *hcon = conn->hcon;
327
328 if (reason)
329 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
330 &reason);
331
332 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
333 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
334 HCI_ERROR_AUTH_FAILURE);
335
336 cancel_delayed_work_sync(&conn->security_timer);
337
338 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
339 smp_chan_destroy(conn);
340 }
341
342 #define JUST_WORKS 0x00
343 #define JUST_CFM 0x01
344 #define REQ_PASSKEY 0x02
345 #define CFM_PASSKEY 0x03
346 #define REQ_OOB 0x04
347 #define OVERLAP 0xFF
348
349 static const u8 gen_method[5][5] = {
350 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
351 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
352 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
353 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
354 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
355 };
356
357 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
358 u8 local_io, u8 remote_io)
359 {
360 struct hci_conn *hcon = conn->hcon;
361 struct smp_chan *smp = conn->smp_chan;
362 u8 method;
363 u32 passkey = 0;
364 int ret = 0;
365
366 /* Initialize key for JUST WORKS */
367 memset(smp->tk, 0, sizeof(smp->tk));
368 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
369
370 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
371
372 /* If neither side wants MITM, use JUST WORKS */
373 /* If either side has unknown io_caps, use JUST WORKS */
374 /* Otherwise, look up method from the table */
375 if (!(auth & SMP_AUTH_MITM) ||
376 local_io > SMP_IO_KEYBOARD_DISPLAY ||
377 remote_io > SMP_IO_KEYBOARD_DISPLAY)
378 method = JUST_WORKS;
379 else
380 method = gen_method[remote_io][local_io];
381
382 /* If not bonding, don't ask user to confirm a Zero TK */
383 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
384 method = JUST_WORKS;
385
386 /* If Just Works, Continue with Zero TK */
387 if (method == JUST_WORKS) {
388 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
389 return 0;
390 }
391
392 /* Not Just Works/Confirm results in MITM Authentication */
393 if (method != JUST_CFM)
394 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
395
396 /* If both devices have Keyoard-Display I/O, the master
397 * Confirms and the slave Enters the passkey.
398 */
399 if (method == OVERLAP) {
400 if (hcon->link_mode & HCI_LM_MASTER)
401 method = CFM_PASSKEY;
402 else
403 method = REQ_PASSKEY;
404 }
405
406 /* Generate random passkey. Not valid until confirmed. */
407 if (method == CFM_PASSKEY) {
408 u8 key[16];
409
410 memset(key, 0, sizeof(key));
411 get_random_bytes(&passkey, sizeof(passkey));
412 passkey %= 1000000;
413 put_unaligned_le32(passkey, key);
414 swap128(key, smp->tk);
415 BT_DBG("PassKey: %d", passkey);
416 }
417
418 hci_dev_lock(hcon->hdev);
419
420 if (method == REQ_PASSKEY)
421 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
422 hcon->type, hcon->dst_type);
423 else
424 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
425 hcon->type, hcon->dst_type,
426 cpu_to_le32(passkey), 0);
427
428 hci_dev_unlock(hcon->hdev);
429
430 return ret;
431 }
432
433 static void confirm_work(struct work_struct *work)
434 {
435 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
436 struct l2cap_conn *conn = smp->conn;
437 struct hci_dev *hdev = conn->hcon->hdev;
438 struct crypto_blkcipher *tfm = hdev->tfm_aes;
439 struct smp_cmd_pairing_confirm cp;
440 int ret;
441 u8 res[16], reason;
442
443 BT_DBG("conn %p", conn);
444
445 /* Prevent mutual access to hdev->tfm_aes */
446 hci_dev_lock(hdev);
447
448 if (conn->hcon->out)
449 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
450 conn->hcon->src_type, &conn->hcon->src,
451 conn->hcon->dst_type, &conn->hcon->dst, res);
452 else
453 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
454 conn->hcon->dst_type, &conn->hcon->dst,
455 conn->hcon->src_type, &conn->hcon->src, res);
456
457 hci_dev_unlock(hdev);
458
459 if (ret) {
460 reason = SMP_UNSPECIFIED;
461 goto error;
462 }
463
464 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
465
466 swap128(res, cp.confirm_val);
467 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
468
469 return;
470
471 error:
472 smp_failure(conn, reason);
473 }
474
475 static void random_work(struct work_struct *work)
476 {
477 struct smp_chan *smp = container_of(work, struct smp_chan, random);
478 struct l2cap_conn *conn = smp->conn;
479 struct hci_conn *hcon = conn->hcon;
480 struct hci_dev *hdev = hcon->hdev;
481 struct crypto_blkcipher *tfm = hdev->tfm_aes;
482 u8 reason, confirm[16], res[16], key[16];
483 int ret;
484
485 if (IS_ERR_OR_NULL(tfm)) {
486 reason = SMP_UNSPECIFIED;
487 goto error;
488 }
489
490 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
491
492 /* Prevent mutual access to hdev->tfm_aes */
493 hci_dev_lock(hdev);
494
495 if (hcon->out)
496 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
497 hcon->src_type, &hcon->src,
498 hcon->dst_type, &hcon->dst, res);
499 else
500 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
501 hcon->dst_type, &hcon->dst,
502 hcon->src_type, &hcon->src, res);
503
504 hci_dev_unlock(hdev);
505
506 if (ret) {
507 reason = SMP_UNSPECIFIED;
508 goto error;
509 }
510
511 swap128(res, confirm);
512
513 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
514 BT_ERR("Pairing failed (confirmation values mismatch)");
515 reason = SMP_CONFIRM_FAILED;
516 goto error;
517 }
518
519 if (hcon->out) {
520 u8 stk[16];
521 __le64 rand = 0;
522 __le16 ediv = 0;
523
524 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
525 swap128(key, stk);
526
527 memset(stk + smp->enc_key_size, 0,
528 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
529
530 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
531 reason = SMP_UNSPECIFIED;
532 goto error;
533 }
534
535 hci_le_start_enc(hcon, ediv, rand, stk);
536 hcon->enc_key_size = smp->enc_key_size;
537 } else {
538 u8 stk[16], r[16];
539 __le64 rand = 0;
540 __le16 ediv = 0;
541
542 swap128(smp->prnd, r);
543 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
544
545 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
546 swap128(key, stk);
547
548 memset(stk + smp->enc_key_size, 0,
549 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
550
551 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
552 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
553 ediv, rand);
554 }
555
556 return;
557
558 error:
559 smp_failure(conn, reason);
560 }
561
562 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
563 {
564 struct smp_chan *smp;
565
566 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
567 if (!smp)
568 return NULL;
569
570 INIT_WORK(&smp->confirm, confirm_work);
571 INIT_WORK(&smp->random, random_work);
572
573 smp->conn = conn;
574 conn->smp_chan = smp;
575 conn->hcon->smp_conn = conn;
576
577 hci_conn_hold(conn->hcon);
578
579 return smp;
580 }
581
582 void smp_chan_destroy(struct l2cap_conn *conn)
583 {
584 struct smp_chan *smp = conn->smp_chan;
585 bool complete;
586
587 BUG_ON(!smp);
588
589 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
590 mgmt_smp_complete(conn->hcon, complete);
591
592 /* If pairing failed clean up any keys we might have */
593 if (!complete) {
594 if (smp->ltk) {
595 list_del(&smp->ltk->list);
596 kfree(smp->ltk);
597 }
598
599 if (smp->slave_ltk) {
600 list_del(&smp->slave_ltk->list);
601 kfree(smp->slave_ltk);
602 }
603
604 if (smp->remote_irk) {
605 list_del(&smp->remote_irk->list);
606 kfree(smp->remote_irk);
607 }
608 }
609
610 kfree(smp);
611 conn->smp_chan = NULL;
612 conn->hcon->smp_conn = NULL;
613 hci_conn_drop(conn->hcon);
614 }
615
616 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
617 {
618 struct l2cap_conn *conn = hcon->smp_conn;
619 struct smp_chan *smp;
620 u32 value;
621 u8 key[16];
622
623 BT_DBG("");
624
625 if (!conn)
626 return -ENOTCONN;
627
628 smp = conn->smp_chan;
629
630 switch (mgmt_op) {
631 case MGMT_OP_USER_PASSKEY_REPLY:
632 value = le32_to_cpu(passkey);
633 memset(key, 0, sizeof(key));
634 BT_DBG("PassKey: %d", value);
635 put_unaligned_le32(value, key);
636 swap128(key, smp->tk);
637 /* Fall Through */
638 case MGMT_OP_USER_CONFIRM_REPLY:
639 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
640 break;
641 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
642 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
643 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
644 return 0;
645 default:
646 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
647 return -EOPNOTSUPP;
648 }
649
650 /* If it is our turn to send Pairing Confirm, do so now */
651 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
652 queue_work(hcon->hdev->workqueue, &smp->confirm);
653
654 return 0;
655 }
656
657 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
658 {
659 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
660 struct smp_chan *smp;
661 u8 key_size;
662 u8 auth = SMP_AUTH_NONE;
663 int ret;
664
665 BT_DBG("conn %p", conn);
666
667 if (skb->len < sizeof(*req))
668 return SMP_UNSPECIFIED;
669
670 if (conn->hcon->link_mode & HCI_LM_MASTER)
671 return SMP_CMD_NOTSUPP;
672
673 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
674 smp = smp_chan_create(conn);
675 else
676 smp = conn->smp_chan;
677
678 if (!smp)
679 return SMP_UNSPECIFIED;
680
681 smp->preq[0] = SMP_CMD_PAIRING_REQ;
682 memcpy(&smp->preq[1], req, sizeof(*req));
683 skb_pull(skb, sizeof(*req));
684
685 /* We didn't start the pairing, so match remote */
686 if (req->auth_req & SMP_AUTH_BONDING)
687 auth = req->auth_req;
688
689 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
690
691 build_pairing_cmd(conn, req, &rsp, auth);
692
693 key_size = min(req->max_key_size, rsp.max_key_size);
694 if (check_enc_key_size(conn, key_size))
695 return SMP_ENC_KEY_SIZE;
696
697 get_random_bytes(smp->prnd, sizeof(smp->prnd));
698
699 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
700 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
701
702 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
703
704 /* Request setup of TK */
705 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
706 if (ret)
707 return SMP_UNSPECIFIED;
708
709 return 0;
710 }
711
712 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
713 {
714 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
715 struct smp_chan *smp = conn->smp_chan;
716 struct hci_dev *hdev = conn->hcon->hdev;
717 u8 key_size, auth = SMP_AUTH_NONE;
718 int ret;
719
720 BT_DBG("conn %p", conn);
721
722 if (skb->len < sizeof(*rsp))
723 return SMP_UNSPECIFIED;
724
725 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
726 return SMP_CMD_NOTSUPP;
727
728 skb_pull(skb, sizeof(*rsp));
729
730 req = (void *) &smp->preq[1];
731
732 key_size = min(req->max_key_size, rsp->max_key_size);
733 if (check_enc_key_size(conn, key_size))
734 return SMP_ENC_KEY_SIZE;
735
736 get_random_bytes(smp->prnd, sizeof(smp->prnd));
737
738 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
739 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
740
741 if ((req->auth_req & SMP_AUTH_BONDING) &&
742 (rsp->auth_req & SMP_AUTH_BONDING))
743 auth = SMP_AUTH_BONDING;
744
745 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
746
747 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
748 if (ret)
749 return SMP_UNSPECIFIED;
750
751 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
752
753 /* Can't compose response until we have been confirmed */
754 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
755 return 0;
756
757 queue_work(hdev->workqueue, &smp->confirm);
758
759 return 0;
760 }
761
762 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
763 {
764 struct smp_chan *smp = conn->smp_chan;
765 struct hci_dev *hdev = conn->hcon->hdev;
766
767 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
768
769 if (skb->len < sizeof(smp->pcnf))
770 return SMP_UNSPECIFIED;
771
772 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
773 skb_pull(skb, sizeof(smp->pcnf));
774
775 if (conn->hcon->out) {
776 u8 random[16];
777
778 swap128(smp->prnd, random);
779 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
780 random);
781 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
782 queue_work(hdev->workqueue, &smp->confirm);
783 } else {
784 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
785 }
786
787 return 0;
788 }
789
790 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
791 {
792 struct smp_chan *smp = conn->smp_chan;
793 struct hci_dev *hdev = conn->hcon->hdev;
794
795 BT_DBG("conn %p", conn);
796
797 if (skb->len < sizeof(smp->rrnd))
798 return SMP_UNSPECIFIED;
799
800 swap128(skb->data, smp->rrnd);
801 skb_pull(skb, sizeof(smp->rrnd));
802
803 queue_work(hdev->workqueue, &smp->random);
804
805 return 0;
806 }
807
808 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
809 {
810 struct smp_ltk *key;
811 struct hci_conn *hcon = conn->hcon;
812
813 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
814 hcon->out);
815 if (!key)
816 return 0;
817
818 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
819 return 0;
820
821 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
822 return 1;
823
824 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
825 hcon->enc_key_size = key->enc_size;
826
827 return 1;
828 }
829
830 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
831 {
832 struct smp_cmd_security_req *rp = (void *) skb->data;
833 struct smp_cmd_pairing cp;
834 struct hci_conn *hcon = conn->hcon;
835 struct smp_chan *smp;
836
837 BT_DBG("conn %p", conn);
838
839 if (skb->len < sizeof(*rp))
840 return SMP_UNSPECIFIED;
841
842 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
843 return SMP_CMD_NOTSUPP;
844
845 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
846
847 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
848 return 0;
849
850 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
851 return 0;
852
853 smp = smp_chan_create(conn);
854
855 skb_pull(skb, sizeof(*rp));
856
857 memset(&cp, 0, sizeof(cp));
858 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
859
860 smp->preq[0] = SMP_CMD_PAIRING_REQ;
861 memcpy(&smp->preq[1], &cp, sizeof(cp));
862
863 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
864
865 return 0;
866 }
867
868 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
869 {
870 if (sec_level == BT_SECURITY_LOW)
871 return true;
872
873 if (hcon->sec_level >= sec_level)
874 return true;
875
876 return false;
877 }
878
879 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
880 {
881 struct l2cap_conn *conn = hcon->l2cap_data;
882 struct smp_chan *smp = conn->smp_chan;
883 __u8 authreq;
884
885 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
886
887 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
888 return 1;
889
890 if (smp_sufficient_security(hcon, sec_level))
891 return 1;
892
893 if (hcon->link_mode & HCI_LM_MASTER)
894 if (smp_ltk_encrypt(conn, sec_level))
895 goto done;
896
897 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
898 return 0;
899
900 smp = smp_chan_create(conn);
901 if (!smp)
902 return 1;
903
904 authreq = seclevel_to_authreq(sec_level);
905
906 if (hcon->link_mode & HCI_LM_MASTER) {
907 struct smp_cmd_pairing cp;
908
909 build_pairing_cmd(conn, &cp, NULL, authreq);
910 smp->preq[0] = SMP_CMD_PAIRING_REQ;
911 memcpy(&smp->preq[1], &cp, sizeof(cp));
912
913 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
914 } else {
915 struct smp_cmd_security_req cp;
916 cp.auth_req = authreq;
917 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
918 }
919
920 done:
921 hcon->pending_sec_level = sec_level;
922
923 return 0;
924 }
925
926 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
927 {
928 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
929 struct smp_chan *smp = conn->smp_chan;
930
931 BT_DBG("conn %p", conn);
932
933 if (skb->len < sizeof(*rp))
934 return SMP_UNSPECIFIED;
935
936 /* Ignore this PDU if it wasn't requested */
937 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
938 return 0;
939
940 skb_pull(skb, sizeof(*rp));
941
942 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
943
944 return 0;
945 }
946
947 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
948 {
949 struct smp_cmd_master_ident *rp = (void *) skb->data;
950 struct smp_chan *smp = conn->smp_chan;
951 struct hci_dev *hdev = conn->hcon->hdev;
952 struct hci_conn *hcon = conn->hcon;
953 struct smp_ltk *ltk;
954 u8 authenticated;
955
956 BT_DBG("conn %p", conn);
957
958 if (skb->len < sizeof(*rp))
959 return SMP_UNSPECIFIED;
960
961 /* Ignore this PDU if it wasn't requested */
962 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
963 return 0;
964
965 /* Mark the information as received */
966 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
967
968 skb_pull(skb, sizeof(*rp));
969
970 hci_dev_lock(hdev);
971 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
972 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
973 authenticated, smp->tk, smp->enc_key_size,
974 rp->ediv, rp->rand);
975 smp->ltk = ltk;
976 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
977 smp_distribute_keys(conn);
978 hci_dev_unlock(hdev);
979
980 return 0;
981 }
982
983 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
984 {
985 struct smp_cmd_ident_info *info = (void *) skb->data;
986 struct smp_chan *smp = conn->smp_chan;
987
988 BT_DBG("");
989
990 if (skb->len < sizeof(*info))
991 return SMP_UNSPECIFIED;
992
993 /* Ignore this PDU if it wasn't requested */
994 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
995 return 0;
996
997 skb_pull(skb, sizeof(*info));
998
999 memcpy(smp->irk, info->irk, 16);
1000
1001 return 0;
1002 }
1003
1004 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1005 struct sk_buff *skb)
1006 {
1007 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1008 struct smp_chan *smp = conn->smp_chan;
1009 struct hci_conn *hcon = conn->hcon;
1010 bdaddr_t rpa;
1011
1012 BT_DBG("");
1013
1014 if (skb->len < sizeof(*info))
1015 return SMP_UNSPECIFIED;
1016
1017 /* Ignore this PDU if it wasn't requested */
1018 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1019 return 0;
1020
1021 /* Mark the information as received */
1022 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1023
1024 skb_pull(skb, sizeof(*info));
1025
1026 /* Strictly speaking the Core Specification (4.1) allows sending
1027 * an empty address which would force us to rely on just the IRK
1028 * as "identity information". However, since such
1029 * implementations are not known of and in order to not over
1030 * complicate our implementation, simply pretend that we never
1031 * received an IRK for such a device.
1032 */
1033 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1034 BT_ERR("Ignoring IRK with no identity address");
1035 smp_distribute_keys(conn);
1036 return 0;
1037 }
1038
1039 bacpy(&smp->id_addr, &info->bdaddr);
1040 smp->id_addr_type = info->addr_type;
1041
1042 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1043 bacpy(&rpa, &hcon->dst);
1044 else
1045 bacpy(&rpa, BDADDR_ANY);
1046
1047 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1048 smp->id_addr_type, smp->irk, &rpa);
1049
1050 /* Track the connection based on the Identity Address from now on */
1051 bacpy(&hcon->dst, &smp->id_addr);
1052 hcon->dst_type = smp->id_addr_type;
1053
1054 l2cap_conn_update_id_addr(hcon);
1055
1056 smp_distribute_keys(conn);
1057
1058 return 0;
1059 }
1060
1061 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1062 {
1063 struct hci_conn *hcon = conn->hcon;
1064 __u8 code, reason;
1065 int err = 0;
1066
1067 if (hcon->type != LE_LINK) {
1068 kfree_skb(skb);
1069 return 0;
1070 }
1071
1072 if (skb->len < 1) {
1073 kfree_skb(skb);
1074 return -EILSEQ;
1075 }
1076
1077 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1078 err = -ENOTSUPP;
1079 reason = SMP_PAIRING_NOTSUPP;
1080 goto done;
1081 }
1082
1083 code = skb->data[0];
1084 skb_pull(skb, sizeof(code));
1085
1086 /*
1087 * The SMP context must be initialized for all other PDUs except
1088 * pairing and security requests. If we get any other PDU when
1089 * not initialized simply disconnect (done if this function
1090 * returns an error).
1091 */
1092 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1093 !conn->smp_chan) {
1094 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1095 kfree_skb(skb);
1096 return -ENOTSUPP;
1097 }
1098
1099 switch (code) {
1100 case SMP_CMD_PAIRING_REQ:
1101 reason = smp_cmd_pairing_req(conn, skb);
1102 break;
1103
1104 case SMP_CMD_PAIRING_FAIL:
1105 smp_failure(conn, 0);
1106 reason = 0;
1107 err = -EPERM;
1108 break;
1109
1110 case SMP_CMD_PAIRING_RSP:
1111 reason = smp_cmd_pairing_rsp(conn, skb);
1112 break;
1113
1114 case SMP_CMD_SECURITY_REQ:
1115 reason = smp_cmd_security_req(conn, skb);
1116 break;
1117
1118 case SMP_CMD_PAIRING_CONFIRM:
1119 reason = smp_cmd_pairing_confirm(conn, skb);
1120 break;
1121
1122 case SMP_CMD_PAIRING_RANDOM:
1123 reason = smp_cmd_pairing_random(conn, skb);
1124 break;
1125
1126 case SMP_CMD_ENCRYPT_INFO:
1127 reason = smp_cmd_encrypt_info(conn, skb);
1128 break;
1129
1130 case SMP_CMD_MASTER_IDENT:
1131 reason = smp_cmd_master_ident(conn, skb);
1132 break;
1133
1134 case SMP_CMD_IDENT_INFO:
1135 reason = smp_cmd_ident_info(conn, skb);
1136 break;
1137
1138 case SMP_CMD_IDENT_ADDR_INFO:
1139 reason = smp_cmd_ident_addr_info(conn, skb);
1140 break;
1141
1142 case SMP_CMD_SIGN_INFO:
1143 /* Just ignored */
1144 reason = 0;
1145 break;
1146
1147 default:
1148 BT_DBG("Unknown command code 0x%2.2x", code);
1149
1150 reason = SMP_CMD_NOTSUPP;
1151 err = -EOPNOTSUPP;
1152 goto done;
1153 }
1154
1155 done:
1156 if (reason)
1157 smp_failure(conn, reason);
1158
1159 kfree_skb(skb);
1160 return err;
1161 }
1162
1163 static void smp_notify_keys(struct l2cap_conn *conn)
1164 {
1165 struct smp_chan *smp = conn->smp_chan;
1166 struct hci_conn *hcon = conn->hcon;
1167 struct hci_dev *hdev = hcon->hdev;
1168
1169 if (smp->remote_irk)
1170 mgmt_new_irk(hdev, smp->remote_irk);
1171
1172 if (smp->ltk) {
1173 smp->ltk->bdaddr_type = hcon->dst_type;
1174 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1175 mgmt_new_ltk(hdev, smp->ltk);
1176 }
1177
1178 if (smp->slave_ltk) {
1179 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1180 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1181 mgmt_new_ltk(hdev, smp->slave_ltk);
1182 }
1183 }
1184
1185 int smp_distribute_keys(struct l2cap_conn *conn)
1186 {
1187 struct smp_cmd_pairing *req, *rsp;
1188 struct smp_chan *smp = conn->smp_chan;
1189 struct hci_conn *hcon = conn->hcon;
1190 struct hci_dev *hdev = hcon->hdev;
1191 __u8 *keydist;
1192
1193 BT_DBG("conn %p", conn);
1194
1195 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1196 return 0;
1197
1198 rsp = (void *) &smp->prsp[1];
1199
1200 /* The responder sends its keys first */
1201 if (hcon->out && (smp->remote_key_dist & 0x07))
1202 return 0;
1203
1204 req = (void *) &smp->preq[1];
1205
1206 if (hcon->out) {
1207 keydist = &rsp->init_key_dist;
1208 *keydist &= req->init_key_dist;
1209 } else {
1210 keydist = &rsp->resp_key_dist;
1211 *keydist &= req->resp_key_dist;
1212 }
1213
1214 BT_DBG("keydist 0x%x", *keydist);
1215
1216 if (*keydist & SMP_DIST_ENC_KEY) {
1217 struct smp_cmd_encrypt_info enc;
1218 struct smp_cmd_master_ident ident;
1219 struct smp_ltk *ltk;
1220 u8 authenticated;
1221 __le16 ediv;
1222 __le64 rand;
1223
1224 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1225 get_random_bytes(&ediv, sizeof(ediv));
1226 get_random_bytes(&rand, sizeof(rand));
1227
1228 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1229
1230 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1231 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1232 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1233 smp->enc_key_size, ediv, rand);
1234 smp->slave_ltk = ltk;
1235
1236 ident.ediv = ediv;
1237 ident.rand = rand;
1238
1239 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1240
1241 *keydist &= ~SMP_DIST_ENC_KEY;
1242 }
1243
1244 if (*keydist & SMP_DIST_ID_KEY) {
1245 struct smp_cmd_ident_addr_info addrinfo;
1246 struct smp_cmd_ident_info idinfo;
1247
1248 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1249
1250 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1251
1252 /* The hci_conn contains the local identity address
1253 * after the connection has been established.
1254 *
1255 * This is true even when the connection has been
1256 * established using a resolvable random address.
1257 */
1258 bacpy(&addrinfo.bdaddr, &hcon->src);
1259 addrinfo.addr_type = hcon->src_type;
1260
1261 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1262 &addrinfo);
1263
1264 *keydist &= ~SMP_DIST_ID_KEY;
1265 }
1266
1267 if (*keydist & SMP_DIST_SIGN) {
1268 struct smp_cmd_sign_info sign;
1269
1270 /* Send a dummy key */
1271 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1272
1273 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1274
1275 *keydist &= ~SMP_DIST_SIGN;
1276 }
1277
1278 /* If there are still keys to be received wait for them */
1279 if ((smp->remote_key_dist & 0x07))
1280 return 0;
1281
1282 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1283 cancel_delayed_work_sync(&conn->security_timer);
1284 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1285 smp_notify_keys(conn);
1286
1287 smp_chan_destroy(conn);
1288
1289 return 0;
1290 }
Linux kernel - Deliverables
This page took 0.073001 seconds and 6 git commands to generate.