2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <crypto/b128ops.h>
30 static inline void swap128(u8 src
[16], u8 dst
[16])
33 for (i
= 0; i
< 16; i
++)
37 static inline void swap56(u8 src
[7], u8 dst
[7])
40 for (i
= 0; i
< 7; i
++)
44 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
46 struct blkcipher_desc desc
;
47 struct scatterlist sg
;
49 unsigned char iv
[128];
52 BT_ERR("tfm %p", tfm
);
59 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
61 BT_ERR("cipher setkey failed: %d", err
);
65 sg_init_one(&sg
, r
, 16);
67 iv_len
= crypto_blkcipher_ivsize(tfm
);
69 memset(&iv
, 0xff, iv_len
);
70 crypto_blkcipher_set_iv(tfm
, iv
, iv_len
);
73 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
75 BT_ERR("Encrypt data error %d", err
);
80 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
81 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
82 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
89 /* p1 = pres || preq || _rat || _iat */
97 /* p2 = padding || ia || ra */
98 baswap((bdaddr_t
*) (p2
+ 4), ia
);
99 baswap((bdaddr_t
*) (p2
+ 10), ra
);
102 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
104 /* res = e(k, res) */
105 err
= smp_e(tfm
, k
, res
);
107 BT_ERR("Encrypt data error");
111 /* res = res XOR p2 */
112 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
114 /* res = e(k, res) */
115 err
= smp_e(tfm
, k
, res
);
117 BT_ERR("Encrypt data error");
122 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16],
123 u8 r1
[16], u8 r2
[16], u8 _r
[16])
127 /* Just least significant octets from r1 and r2 are considered */
128 memcpy(_r
, r1
+ 8, 8);
129 memcpy(_r
+ 8, r2
+ 8, 8);
131 err
= smp_e(tfm
, k
, _r
);
133 BT_ERR("Encrypt data error");
138 static int smp_rand(u8
*buf
)
140 get_random_bytes(buf
, 16);
145 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
146 u16 dlen
, void *data
)
149 struct l2cap_hdr
*lh
;
152 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
157 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
161 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
162 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
163 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
165 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
167 memcpy(skb_put(skb
, dlen
), data
, dlen
);
172 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
174 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
176 BT_DBG("code 0x%2.2x", code
);
181 hci_send_acl(conn
->hcon
, skb
, 0);
184 static void smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
186 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
188 BT_DBG("conn %p", conn
);
190 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
191 memcpy(&conn
->preq
[1], rp
, sizeof(*rp
));
192 skb_pull(skb
, sizeof(*rp
));
194 rp
->io_capability
= 0x00;
196 rp
->max_key_size
= 16;
197 rp
->init_key_dist
= 0x00;
198 rp
->resp_key_dist
= 0x00;
199 rp
->auth_req
&= (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
202 memset(conn
->tk
, 0, sizeof(conn
->tk
));
204 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
205 memcpy(&conn
->prsp
[1], rp
, sizeof(*rp
));
207 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(*rp
), rp
);
210 static void smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
212 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
213 struct smp_cmd_pairing_confirm cp
;
214 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
218 BT_DBG("conn %p", conn
);
221 memset(conn
->tk
, 0, sizeof(conn
->tk
));
223 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
224 memcpy(&conn
->prsp
[1], rp
, sizeof(*rp
));
225 skb_pull(skb
, sizeof(*rp
));
227 ret
= smp_rand(conn
->prnd
);
231 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
, 0,
232 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
, res
);
236 swap128(res
, cp
.confirm_val
);
238 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
241 static void smp_cmd_pairing_confirm(struct l2cap_conn
*conn
,
244 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
246 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
248 memcpy(conn
->pcnf
, skb
->data
, sizeof(conn
->pcnf
));
249 skb_pull(skb
, sizeof(conn
->pcnf
));
251 if (conn
->hcon
->out
) {
254 swap128(conn
->prnd
, random
);
255 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
258 struct smp_cmd_pairing_confirm cp
;
262 ret
= smp_rand(conn
->prnd
);
266 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
,
267 conn
->hcon
->dst_type
, conn
->dst
,
272 swap128(res
, cp
.confirm_val
);
274 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
278 static void smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
280 struct hci_conn
*hcon
= conn
->hcon
;
281 struct crypto_blkcipher
*tfm
= hcon
->hdev
->tfm
;
283 u8 key
[16], res
[16], random
[16], confirm
[16], buf
[128];
285 swap128(skb
->data
, random
);
286 skb_pull(skb
, sizeof(random
));
288 memset(hcon
->ltk
, 0, sizeof(hcon
->ltk
));
291 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
, 0,
292 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
,
295 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
,
296 conn
->hcon
->dst_type
, conn
->dst
, 0, conn
->src
,
301 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
303 swap128(res
, confirm
);
305 if (memcmp(conn
->pcnf
, confirm
, sizeof(conn
->pcnf
)) != 0) {
306 struct smp_cmd_pairing_fail cp
;
308 BT_ERR("Pairing failed (confirmation values mismatch)");
309 cp
.reason
= SMP_CONFIRM_FAILED
;
310 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(cp
), &cp
);
314 if (conn
->hcon
->out
) {
318 smp_s1(tfm
, conn
->tk
, random
, conn
->prnd
, key
);
319 swap128(key
, hcon
->ltk
);
321 memset(rand
, 0, sizeof(rand
));
323 hci_le_start_enc(hcon
, ediv
, rand
, hcon
->ltk
);
327 swap128(conn
->prnd
, r
);
328 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(r
), r
);
330 smp_s1(tfm
, conn
->tk
, conn
->prnd
, random
, key
);
331 swap128(key
, hcon
->ltk
);
333 hex_dump_to_buffer(key
, sizeof(key
), 16, 1, buf
,
335 BT_DBG("key %s", buf
);
339 static void smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
341 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
342 struct smp_cmd_pairing cp
;
344 BT_DBG("conn %p", conn
);
346 skb_pull(skb
, sizeof(*rp
));
347 memset(&cp
, 0, sizeof(cp
));
349 cp
.io_capability
= 0x00;
351 cp
.max_key_size
= 16;
352 cp
.init_key_dist
= 0x00;
353 cp
.resp_key_dist
= 0x00;
354 cp
.auth_req
= rp
->auth_req
& (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
356 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
357 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
359 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
362 int smp_conn_security(struct l2cap_conn
*conn
, __u8 sec_level
)
364 struct hci_conn
*hcon
= conn
->hcon
;
367 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
369 if (IS_ERR(hcon
->hdev
->tfm
))
373 case BT_SECURITY_MEDIUM
:
374 /* Encrypted, no MITM protection */
375 authreq
= HCI_AT_NO_BONDING_MITM
;
378 case BT_SECURITY_HIGH
:
379 /* Bonding, MITM protection */
380 authreq
= HCI_AT_GENERAL_BONDING_MITM
;
383 case BT_SECURITY_LOW
:
388 if (hcon
->link_mode
& HCI_LM_MASTER
) {
389 struct smp_cmd_pairing cp
;
390 cp
.io_capability
= 0x00;
392 cp
.max_key_size
= 16;
393 cp
.init_key_dist
= 0x00;
394 cp
.resp_key_dist
= 0x00;
395 cp
.auth_req
= authreq
;
397 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
398 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
400 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
402 struct smp_cmd_security_req cp
;
403 cp
.auth_req
= authreq
;
404 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
410 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
412 __u8 code
= skb
->data
[0];
416 if (IS_ERR(conn
->hcon
->hdev
->tfm
)) {
417 err
= PTR_ERR(conn
->hcon
->hdev
->tfm
);
418 reason
= SMP_PAIRING_NOTSUPP
;
422 skb_pull(skb
, sizeof(code
));
425 case SMP_CMD_PAIRING_REQ
:
426 smp_cmd_pairing_req(conn
, skb
);
429 case SMP_CMD_PAIRING_FAIL
:
432 case SMP_CMD_PAIRING_RSP
:
433 smp_cmd_pairing_rsp(conn
, skb
);
436 case SMP_CMD_SECURITY_REQ
:
437 smp_cmd_security_req(conn
, skb
);
440 case SMP_CMD_PAIRING_CONFIRM
:
441 smp_cmd_pairing_confirm(conn
, skb
);
444 case SMP_CMD_PAIRING_RANDOM
:
445 smp_cmd_pairing_random(conn
, skb
);
448 case SMP_CMD_ENCRYPT_INFO
:
449 case SMP_CMD_MASTER_IDENT
:
450 case SMP_CMD_IDENT_INFO
:
451 case SMP_CMD_IDENT_ADDR_INFO
:
452 case SMP_CMD_SIGN_INFO
:
454 BT_DBG("Unknown command code 0x%2.2x", code
);
456 reason
= SMP_CMD_NOTSUPP
;
463 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),