2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
29 #include <crypto/b128ops.h>
31 #define SMP_TIMEOUT 30000 /* 30 seconds */
33 static inline void swap128(u8 src
[16], u8 dst
[16])
36 for (i
= 0; i
< 16; i
++)
40 static inline void swap56(u8 src
[7], u8 dst
[7])
43 for (i
= 0; i
< 7; i
++)
47 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
49 struct blkcipher_desc desc
;
50 struct scatterlist sg
;
52 unsigned char iv
[128];
55 BT_ERR("tfm %p", tfm
);
62 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
64 BT_ERR("cipher setkey failed: %d", err
);
68 sg_init_one(&sg
, r
, 16);
70 iv_len
= crypto_blkcipher_ivsize(tfm
);
72 memset(&iv
, 0xff, iv_len
);
73 crypto_blkcipher_set_iv(tfm
, iv
, iv_len
);
76 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
78 BT_ERR("Encrypt data error %d", err
);
83 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
84 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
85 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
92 /* p1 = pres || preq || _rat || _iat */
100 /* p2 = padding || ia || ra */
101 baswap((bdaddr_t
*) (p2
+ 4), ia
);
102 baswap((bdaddr_t
*) (p2
+ 10), ra
);
105 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
107 /* res = e(k, res) */
108 err
= smp_e(tfm
, k
, res
);
110 BT_ERR("Encrypt data error");
114 /* res = res XOR p2 */
115 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
117 /* res = e(k, res) */
118 err
= smp_e(tfm
, k
, res
);
120 BT_ERR("Encrypt data error");
125 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16],
126 u8 r1
[16], u8 r2
[16], u8 _r
[16])
130 /* Just least significant octets from r1 and r2 are considered */
131 memcpy(_r
, r1
+ 8, 8);
132 memcpy(_r
+ 8, r2
+ 8, 8);
134 err
= smp_e(tfm
, k
, _r
);
136 BT_ERR("Encrypt data error");
141 static int smp_rand(u8
*buf
)
143 get_random_bytes(buf
, 16);
148 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
149 u16 dlen
, void *data
)
152 struct l2cap_hdr
*lh
;
155 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
160 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
164 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
165 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
166 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
168 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
170 memcpy(skb_put(skb
, dlen
), data
, dlen
);
175 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
177 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
179 BT_DBG("code 0x%2.2x", code
);
184 hci_send_acl(conn
->hcon
, skb
, 0);
187 static __u8
seclevel_to_authreq(__u8 level
)
190 case BT_SECURITY_HIGH
:
191 /* Right now we don't support bonding */
192 return SMP_AUTH_MITM
;
195 return SMP_AUTH_NONE
;
199 static void build_pairing_cmd(struct l2cap_conn
*conn
,
200 struct smp_cmd_pairing
*req
,
201 struct smp_cmd_pairing
*rsp
,
207 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->flags
)) {
208 dist_keys
= SMP_DIST_ENC_KEY
| SMP_DIST_ID_KEY
| SMP_DIST_SIGN
;
209 authreq
|= SMP_AUTH_BONDING
;
213 req
->io_capability
= conn
->hcon
->io_capability
;
214 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
215 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
216 req
->init_key_dist
= dist_keys
;
217 req
->resp_key_dist
= dist_keys
;
218 req
->auth_req
= authreq
;
222 rsp
->io_capability
= conn
->hcon
->io_capability
;
223 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
224 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
225 rsp
->init_key_dist
= req
->init_key_dist
& dist_keys
;
226 rsp
->resp_key_dist
= req
->resp_key_dist
& dist_keys
;
227 rsp
->auth_req
= authreq
;
230 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
232 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
233 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
234 return SMP_ENC_KEY_SIZE
;
236 conn
->smp_key_size
= max_key_size
;
241 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
243 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
246 BT_DBG("conn %p", conn
);
248 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
249 memcpy(&conn
->preq
[1], req
, sizeof(*req
));
250 skb_pull(skb
, sizeof(*req
));
253 return SMP_OOB_NOT_AVAIL
;
255 /* We didn't start the pairing, so no requirements */
256 build_pairing_cmd(conn
, req
, &rsp
, SMP_AUTH_NONE
);
258 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
259 if (check_enc_key_size(conn
, key_size
))
260 return SMP_ENC_KEY_SIZE
;
263 memset(conn
->tk
, 0, sizeof(conn
->tk
));
265 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
266 memcpy(&conn
->prsp
[1], &rsp
, sizeof(rsp
));
268 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
270 mod_timer(&conn
->security_timer
, jiffies
+
271 msecs_to_jiffies(SMP_TIMEOUT
));
276 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
278 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
279 struct smp_cmd_pairing_confirm cp
;
280 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
282 u8 res
[16], key_size
;
284 BT_DBG("conn %p", conn
);
286 skb_pull(skb
, sizeof(*rsp
));
288 req
= (void *) &conn
->preq
[1];
290 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
291 if (check_enc_key_size(conn
, key_size
))
292 return SMP_ENC_KEY_SIZE
;
295 return SMP_OOB_NOT_AVAIL
;
298 memset(conn
->tk
, 0, sizeof(conn
->tk
));
300 conn
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
301 memcpy(&conn
->prsp
[1], rsp
, sizeof(*rsp
));
303 ret
= smp_rand(conn
->prnd
);
305 return SMP_UNSPECIFIED
;
307 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
, 0,
308 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
, res
);
310 return SMP_UNSPECIFIED
;
312 swap128(res
, cp
.confirm_val
);
314 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
319 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
321 struct crypto_blkcipher
*tfm
= conn
->hcon
->hdev
->tfm
;
323 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
325 memcpy(conn
->pcnf
, skb
->data
, sizeof(conn
->pcnf
));
326 skb_pull(skb
, sizeof(conn
->pcnf
));
328 if (conn
->hcon
->out
) {
331 swap128(conn
->prnd
, random
);
332 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
335 struct smp_cmd_pairing_confirm cp
;
339 ret
= smp_rand(conn
->prnd
);
341 return SMP_UNSPECIFIED
;
343 ret
= smp_c1(tfm
, conn
->tk
, conn
->prnd
, conn
->preq
, conn
->prsp
,
344 conn
->hcon
->dst_type
, conn
->dst
,
347 return SMP_CONFIRM_FAILED
;
349 swap128(res
, cp
.confirm_val
);
351 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
354 mod_timer(&conn
->security_timer
, jiffies
+
355 msecs_to_jiffies(SMP_TIMEOUT
));
360 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
362 struct hci_conn
*hcon
= conn
->hcon
;
363 struct crypto_blkcipher
*tfm
= hcon
->hdev
->tfm
;
365 u8 key
[16], res
[16], random
[16], confirm
[16];
367 swap128(skb
->data
, random
);
368 skb_pull(skb
, sizeof(random
));
370 memset(hcon
->ltk
, 0, sizeof(hcon
->ltk
));
373 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
, 0,
374 conn
->src
, conn
->hcon
->dst_type
, conn
->dst
,
377 ret
= smp_c1(tfm
, conn
->tk
, random
, conn
->preq
, conn
->prsp
,
378 conn
->hcon
->dst_type
, conn
->dst
, 0, conn
->src
,
381 return SMP_UNSPECIFIED
;
383 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
385 swap128(res
, confirm
);
387 if (memcmp(conn
->pcnf
, confirm
, sizeof(conn
->pcnf
)) != 0) {
388 BT_ERR("Pairing failed (confirmation values mismatch)");
389 return SMP_CONFIRM_FAILED
;
392 if (conn
->hcon
->out
) {
396 memset(rand
, 0, sizeof(rand
));
399 smp_s1(tfm
, conn
->tk
, random
, conn
->prnd
, key
);
402 memset(stk
+ conn
->smp_key_size
, 0,
403 SMP_MAX_ENC_KEY_SIZE
- conn
->smp_key_size
);
405 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
407 u8 stk
[16], r
[16], rand
[8];
410 memset(rand
, 0, sizeof(rand
));
413 swap128(conn
->prnd
, r
);
414 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(r
), r
);
416 smp_s1(tfm
, conn
->tk
, conn
->prnd
, random
, key
);
419 memset(stk
+ conn
->smp_key_size
, 0,
420 SMP_MAX_ENC_KEY_SIZE
- conn
->smp_key_size
);
422 hci_add_ltk(conn
->hcon
->hdev
, 0, conn
->dst
, ediv
, rand
, stk
);
428 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
430 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
431 struct smp_cmd_pairing cp
;
432 struct hci_conn
*hcon
= conn
->hcon
;
434 BT_DBG("conn %p", conn
);
436 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
))
439 skb_pull(skb
, sizeof(*rp
));
441 memset(&cp
, 0, sizeof(cp
));
442 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
444 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
445 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
447 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
449 mod_timer(&conn
->security_timer
, jiffies
+
450 msecs_to_jiffies(SMP_TIMEOUT
));
452 set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
);
457 int smp_conn_security(struct l2cap_conn
*conn
, __u8 sec_level
)
459 struct hci_conn
*hcon
= conn
->hcon
;
462 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
464 if (!lmp_host_le_capable(hcon
->hdev
))
467 if (IS_ERR(hcon
->hdev
->tfm
))
470 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
))
473 if (sec_level
== BT_SECURITY_LOW
)
476 if (hcon
->sec_level
>= sec_level
)
479 authreq
= seclevel_to_authreq(sec_level
);
481 if (hcon
->link_mode
& HCI_LM_MASTER
) {
482 struct smp_cmd_pairing cp
;
483 struct link_key
*key
;
485 key
= hci_find_link_key_type(hcon
->hdev
, conn
->dst
,
488 struct key_master_id
*master
= (void *) key
->data
;
490 hci_le_start_enc(hcon
, master
->ediv
, master
->rand
,
495 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
496 conn
->preq
[0] = SMP_CMD_PAIRING_REQ
;
497 memcpy(&conn
->preq
[1], &cp
, sizeof(cp
));
499 mod_timer(&conn
->security_timer
, jiffies
+
500 msecs_to_jiffies(SMP_TIMEOUT
));
502 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
504 struct smp_cmd_security_req cp
;
505 cp
.auth_req
= authreq
;
506 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
510 hcon
->pending_sec_level
= sec_level
;
511 set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->pend
);
516 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
518 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
520 skb_pull(skb
, sizeof(*rp
));
522 memcpy(conn
->tk
, rp
->ltk
, sizeof(conn
->tk
));
527 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
529 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
531 skb_pull(skb
, sizeof(*rp
));
533 hci_add_ltk(conn
->hcon
->hdev
, 1, conn
->src
, rp
->ediv
,
536 smp_distribute_keys(conn
, 1);
541 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
543 __u8 code
= skb
->data
[0];
547 if (!lmp_host_le_capable(conn
->hcon
->hdev
)) {
549 reason
= SMP_PAIRING_NOTSUPP
;
553 if (IS_ERR(conn
->hcon
->hdev
->tfm
)) {
554 err
= PTR_ERR(conn
->hcon
->hdev
->tfm
);
555 reason
= SMP_PAIRING_NOTSUPP
;
559 skb_pull(skb
, sizeof(code
));
562 case SMP_CMD_PAIRING_REQ
:
563 reason
= smp_cmd_pairing_req(conn
, skb
);
566 case SMP_CMD_PAIRING_FAIL
:
571 case SMP_CMD_PAIRING_RSP
:
572 reason
= smp_cmd_pairing_rsp(conn
, skb
);
575 case SMP_CMD_SECURITY_REQ
:
576 reason
= smp_cmd_security_req(conn
, skb
);
579 case SMP_CMD_PAIRING_CONFIRM
:
580 reason
= smp_cmd_pairing_confirm(conn
, skb
);
583 case SMP_CMD_PAIRING_RANDOM
:
584 reason
= smp_cmd_pairing_random(conn
, skb
);
587 case SMP_CMD_ENCRYPT_INFO
:
588 reason
= smp_cmd_encrypt_info(conn
, skb
);
591 case SMP_CMD_MASTER_IDENT
:
592 reason
= smp_cmd_master_ident(conn
, skb
);
595 case SMP_CMD_IDENT_INFO
:
596 case SMP_CMD_IDENT_ADDR_INFO
:
597 case SMP_CMD_SIGN_INFO
:
603 BT_DBG("Unknown command code 0x%2.2x", code
);
605 reason
= SMP_CMD_NOTSUPP
;
612 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
619 int smp_distribute_keys(struct l2cap_conn
*conn
, __u8 force
)
621 struct smp_cmd_pairing
*req
, *rsp
;
624 BT_DBG("conn %p force %d", conn
, force
);
626 if (IS_ERR(conn
->hcon
->hdev
->tfm
))
627 return PTR_ERR(conn
->hcon
->hdev
->tfm
);
629 rsp
= (void *) &conn
->prsp
[1];
631 /* The responder sends its keys first */
632 if (!force
&& conn
->hcon
->out
&& (rsp
->resp_key_dist
& 0x07))
635 req
= (void *) &conn
->preq
[1];
637 if (conn
->hcon
->out
) {
638 keydist
= &rsp
->init_key_dist
;
639 *keydist
&= req
->init_key_dist
;
641 keydist
= &rsp
->resp_key_dist
;
642 *keydist
&= req
->resp_key_dist
;
646 BT_DBG("keydist 0x%x", *keydist
);
648 if (*keydist
& SMP_DIST_ENC_KEY
) {
649 struct smp_cmd_encrypt_info enc
;
650 struct smp_cmd_master_ident ident
;
653 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
654 get_random_bytes(&ediv
, sizeof(ediv
));
655 get_random_bytes(ident
.rand
, sizeof(ident
.rand
));
657 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
659 hci_add_ltk(conn
->hcon
->hdev
, 1, conn
->dst
, ediv
,
660 ident
.rand
, enc
.ltk
);
662 ident
.ediv
= cpu_to_le16(ediv
);
664 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
666 *keydist
&= ~SMP_DIST_ENC_KEY
;
669 if (*keydist
& SMP_DIST_ID_KEY
) {
670 struct smp_cmd_ident_addr_info addrinfo
;
671 struct smp_cmd_ident_info idinfo
;
673 /* Send a dummy key */
674 get_random_bytes(idinfo
.irk
, sizeof(idinfo
.irk
));
676 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
678 /* Just public address */
679 memset(&addrinfo
, 0, sizeof(addrinfo
));
680 bacpy(&addrinfo
.bdaddr
, conn
->src
);
682 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
685 *keydist
&= ~SMP_DIST_ID_KEY
;
688 if (*keydist
& SMP_DIST_SIGN
) {
689 struct smp_cmd_sign_info sign
;
691 /* Send a dummy key */
692 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
694 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
696 *keydist
&= ~SMP_DIST_SIGN
;