2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
47 struct l2cap_conn
*conn
;
48 u8 preq
[7]; /* SMP Pairing Request */
49 u8 prsp
[7]; /* SMP Pairing Response */
50 u8 prnd
[16]; /* SMP Pairing Random (local) */
51 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
52 u8 pcnf
[16]; /* SMP Pairing Confirm */
53 u8 tk
[16]; /* SMP Temporary Key */
59 struct smp_csrk
*csrk
;
60 struct smp_csrk
*slave_csrk
;
62 struct smp_ltk
*slave_ltk
;
63 struct smp_irk
*remote_irk
;
67 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
71 for (i
= 0; i
< len
; i
++)
72 dst
[len
- 1 - i
] = src
[i
];
75 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
77 struct blkcipher_desc desc
;
78 struct scatterlist sg
;
79 uint8_t tmp
[16], data
[16];
83 BT_ERR("tfm %p", tfm
);
90 /* The most significant octet of key corresponds to k[0] */
93 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
95 BT_ERR("cipher setkey failed: %d", err
);
99 /* Most significant octet of plaintextData corresponds to data[0] */
100 swap_buf(r
, data
, 16);
102 sg_init_one(&sg
, data
, 16);
104 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
106 BT_ERR("Encrypt data error %d", err
);
108 /* Most significant octet of encryptedData corresponds to data[0] */
109 swap_buf(data
, r
, 16);
114 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
119 /* r' = padding || r */
121 memset(_res
+ 3, 0, 13);
123 err
= smp_e(tfm
, irk
, _res
);
125 BT_ERR("Encrypt error");
129 /* The output of the random address function ah is:
130 * ah(h, r) = e(k, r') mod 2^24
131 * The output of the security function e is then truncated to 24 bits
132 * by taking the least significant 24 bits of the output of e as the
135 memcpy(res
, _res
, 3);
140 bool smp_irk_matches(struct crypto_blkcipher
*tfm
, u8 irk
[16],
146 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
148 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
152 return !memcmp(bdaddr
->b
, hash
, 3);
155 int smp_generate_rpa(struct crypto_blkcipher
*tfm
, u8 irk
[16], bdaddr_t
*rpa
)
159 get_random_bytes(&rpa
->b
[3], 3);
161 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
162 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
164 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
168 BT_DBG("RPA %pMR", rpa
);
173 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
174 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
175 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
182 /* p1 = pres || preq || _rat || _iat */
185 memcpy(p1
+ 2, preq
, 7);
186 memcpy(p1
+ 9, pres
, 7);
188 /* p2 = padding || ia || ra */
190 memcpy(p2
+ 6, ia
, 6);
191 memset(p2
+ 12, 0, 4);
194 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
196 /* res = e(k, res) */
197 err
= smp_e(tfm
, k
, res
);
199 BT_ERR("Encrypt data error");
203 /* res = res XOR p2 */
204 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
206 /* res = e(k, res) */
207 err
= smp_e(tfm
, k
, res
);
209 BT_ERR("Encrypt data error");
214 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r1
[16],
215 u8 r2
[16], u8 _r
[16])
219 /* Just least significant octets from r1 and r2 are considered */
221 memcpy(_r
+ 8, r1
, 8);
223 err
= smp_e(tfm
, k
, _r
);
225 BT_ERR("Encrypt data error");
230 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
231 u16 dlen
, void *data
)
234 struct l2cap_hdr
*lh
;
237 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
242 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
246 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
247 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
248 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
250 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
252 memcpy(skb_put(skb
, dlen
), data
, dlen
);
257 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
259 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
261 BT_DBG("code 0x%2.2x", code
);
266 skb
->priority
= HCI_PRIO_MAX
;
267 hci_send_acl(conn
->hchan
, skb
, 0);
269 cancel_delayed_work_sync(&conn
->security_timer
);
270 schedule_delayed_work(&conn
->security_timer
, SMP_TIMEOUT
);
273 static __u8
authreq_to_seclevel(__u8 authreq
)
275 if (authreq
& SMP_AUTH_MITM
)
276 return BT_SECURITY_HIGH
;
278 return BT_SECURITY_MEDIUM
;
281 static __u8
seclevel_to_authreq(__u8 sec_level
)
284 case BT_SECURITY_HIGH
:
285 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
286 case BT_SECURITY_MEDIUM
:
287 return SMP_AUTH_BONDING
;
289 return SMP_AUTH_NONE
;
293 static void build_pairing_cmd(struct l2cap_conn
*conn
,
294 struct smp_cmd_pairing
*req
,
295 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
297 struct smp_chan
*smp
= conn
->smp_chan
;
298 struct hci_conn
*hcon
= conn
->hcon
;
299 struct hci_dev
*hdev
= hcon
->hdev
;
300 u8 local_dist
= 0, remote_dist
= 0;
302 if (test_bit(HCI_PAIRABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
303 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
304 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
305 authreq
|= SMP_AUTH_BONDING
;
307 authreq
&= ~SMP_AUTH_BONDING
;
310 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
311 remote_dist
|= SMP_DIST_ID_KEY
;
313 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
314 local_dist
|= SMP_DIST_ID_KEY
;
317 req
->io_capability
= conn
->hcon
->io_capability
;
318 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
319 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
320 req
->init_key_dist
= local_dist
;
321 req
->resp_key_dist
= remote_dist
;
322 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
324 smp
->remote_key_dist
= remote_dist
;
328 rsp
->io_capability
= conn
->hcon
->io_capability
;
329 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
330 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
331 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
332 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
333 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
335 smp
->remote_key_dist
= rsp
->init_key_dist
;
338 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
340 struct smp_chan
*smp
= conn
->smp_chan
;
342 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
343 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
344 return SMP_ENC_KEY_SIZE
;
346 smp
->enc_key_size
= max_key_size
;
351 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
353 struct hci_conn
*hcon
= conn
->hcon
;
356 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
359 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
360 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
361 HCI_ERROR_AUTH_FAILURE
);
363 cancel_delayed_work_sync(&conn
->security_timer
);
365 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
366 smp_chan_destroy(conn
);
369 #define JUST_WORKS 0x00
370 #define JUST_CFM 0x01
371 #define REQ_PASSKEY 0x02
372 #define CFM_PASSKEY 0x03
376 static const u8 gen_method
[5][5] = {
377 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
378 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
379 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
380 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
381 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
384 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
386 /* If either side has unknown io_caps, use JUST WORKS */
387 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
388 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
391 return gen_method
[remote_io
][local_io
];
394 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
395 u8 local_io
, u8 remote_io
)
397 struct hci_conn
*hcon
= conn
->hcon
;
398 struct smp_chan
*smp
= conn
->smp_chan
;
403 /* Initialize key for JUST WORKS */
404 memset(smp
->tk
, 0, sizeof(smp
->tk
));
405 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
407 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
409 /* If neither side wants MITM, use JUST WORKS */
410 /* Otherwise, look up method from the table */
411 if (!(auth
& SMP_AUTH_MITM
))
414 method
= get_auth_method(smp
, local_io
, remote_io
);
416 /* If not bonding, don't ask user to confirm a Zero TK */
417 if (!(auth
& SMP_AUTH_BONDING
) && method
== JUST_CFM
)
420 /* Don't confirm locally initiated pairing attempts */
421 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
424 /* If Just Works, Continue with Zero TK */
425 if (method
== JUST_WORKS
) {
426 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
430 /* Not Just Works/Confirm results in MITM Authentication */
431 if (method
!= JUST_CFM
)
432 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
434 /* If both devices have Keyoard-Display I/O, the master
435 * Confirms and the slave Enters the passkey.
437 if (method
== OVERLAP
) {
438 if (test_bit(HCI_CONN_MASTER
, &hcon
->flags
))
439 method
= CFM_PASSKEY
;
441 method
= REQ_PASSKEY
;
444 /* Generate random passkey. */
445 if (method
== CFM_PASSKEY
) {
446 memset(smp
->tk
, 0, sizeof(smp
->tk
));
447 get_random_bytes(&passkey
, sizeof(passkey
));
449 put_unaligned_le32(passkey
, smp
->tk
);
450 BT_DBG("PassKey: %d", passkey
);
451 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
454 hci_dev_lock(hcon
->hdev
);
456 if (method
== REQ_PASSKEY
)
457 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
458 hcon
->type
, hcon
->dst_type
);
459 else if (method
== JUST_CFM
)
460 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
461 hcon
->type
, hcon
->dst_type
,
464 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
465 hcon
->type
, hcon
->dst_type
,
468 hci_dev_unlock(hcon
->hdev
);
473 static u8
smp_confirm(struct smp_chan
*smp
)
475 struct l2cap_conn
*conn
= smp
->conn
;
476 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
477 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
478 struct smp_cmd_pairing_confirm cp
;
481 BT_DBG("conn %p", conn
);
483 /* Prevent mutual access to hdev->tfm_aes */
486 ret
= smp_c1(tfm
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
487 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
488 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
491 hci_dev_unlock(hdev
);
494 return SMP_UNSPECIFIED
;
496 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
498 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
503 static u8
smp_random(struct smp_chan
*smp
)
505 struct l2cap_conn
*conn
= smp
->conn
;
506 struct hci_conn
*hcon
= conn
->hcon
;
507 struct hci_dev
*hdev
= hcon
->hdev
;
508 struct crypto_blkcipher
*tfm
= hdev
->tfm_aes
;
512 if (IS_ERR_OR_NULL(tfm
))
513 return SMP_UNSPECIFIED
;
515 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
517 /* Prevent mutual access to hdev->tfm_aes */
520 ret
= smp_c1(tfm
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
521 hcon
->init_addr_type
, &hcon
->init_addr
,
522 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
524 hci_dev_unlock(hdev
);
527 return SMP_UNSPECIFIED
;
529 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
530 BT_ERR("Pairing failed (confirmation values mismatch)");
531 return SMP_CONFIRM_FAILED
;
539 smp_s1(tfm
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
541 memset(stk
+ smp
->enc_key_size
, 0,
542 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
544 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
545 return SMP_UNSPECIFIED
;
547 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
548 hcon
->enc_key_size
= smp
->enc_key_size
;
554 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
557 smp_s1(tfm
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
559 memset(stk
+ smp
->enc_key_size
, 0,
560 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
562 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
567 /* Even though there's no _SLAVE suffix this is the
568 * slave STK we're adding for later lookup (the master
569 * STK never needs to be stored).
571 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
572 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
578 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
580 struct smp_chan
*smp
;
582 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
587 conn
->smp_chan
= smp
;
588 conn
->hcon
->smp_conn
= conn
;
590 hci_conn_hold(conn
->hcon
);
595 void smp_chan_destroy(struct l2cap_conn
*conn
)
597 struct smp_chan
*smp
= conn
->smp_chan
;
602 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
603 mgmt_smp_complete(conn
->hcon
, complete
);
606 kfree(smp
->slave_csrk
);
608 /* If pairing failed clean up any keys we might have */
611 list_del(&smp
->ltk
->list
);
615 if (smp
->slave_ltk
) {
616 list_del(&smp
->slave_ltk
->list
);
617 kfree(smp
->slave_ltk
);
620 if (smp
->remote_irk
) {
621 list_del(&smp
->remote_irk
->list
);
622 kfree(smp
->remote_irk
);
627 conn
->smp_chan
= NULL
;
628 conn
->hcon
->smp_conn
= NULL
;
629 hci_conn_drop(conn
->hcon
);
632 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
634 struct l2cap_conn
*conn
= hcon
->smp_conn
;
635 struct smp_chan
*smp
;
643 smp
= conn
->smp_chan
;
646 case MGMT_OP_USER_PASSKEY_REPLY
:
647 value
= le32_to_cpu(passkey
);
648 memset(smp
->tk
, 0, sizeof(smp
->tk
));
649 BT_DBG("PassKey: %d", value
);
650 put_unaligned_le32(value
, smp
->tk
);
652 case MGMT_OP_USER_CONFIRM_REPLY
:
653 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
655 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
656 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
657 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
660 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
664 /* If it is our turn to send Pairing Confirm, do so now */
665 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
666 u8 rsp
= smp_confirm(smp
);
668 smp_failure(conn
, rsp
);
674 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
676 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
677 struct smp_chan
*smp
;
678 u8 key_size
, auth
, sec_level
;
681 BT_DBG("conn %p", conn
);
683 if (skb
->len
< sizeof(*req
))
684 return SMP_INVALID_PARAMS
;
686 if (test_bit(HCI_CONN_MASTER
, &conn
->hcon
->flags
))
687 return SMP_CMD_NOTSUPP
;
689 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
690 smp
= smp_chan_create(conn
);
692 smp
= conn
->smp_chan
;
695 return SMP_UNSPECIFIED
;
697 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
698 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
699 skb_pull(skb
, sizeof(*req
));
701 /* We didn't start the pairing, so match remote */
702 auth
= req
->auth_req
;
704 sec_level
= authreq_to_seclevel(auth
);
705 if (sec_level
> conn
->hcon
->pending_sec_level
)
706 conn
->hcon
->pending_sec_level
= sec_level
;
708 /* If we need MITM check that it can be acheived */
709 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
712 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
714 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
715 return SMP_AUTH_REQUIREMENTS
;
718 build_pairing_cmd(conn
, req
, &rsp
, auth
);
720 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
721 if (check_enc_key_size(conn
, key_size
))
722 return SMP_ENC_KEY_SIZE
;
724 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
726 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
727 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
729 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
731 /* Request setup of TK */
732 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
734 return SMP_UNSPECIFIED
;
736 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
741 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
743 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
744 struct smp_chan
*smp
= conn
->smp_chan
;
745 u8 key_size
, auth
= SMP_AUTH_NONE
;
748 BT_DBG("conn %p", conn
);
750 if (skb
->len
< sizeof(*rsp
))
751 return SMP_INVALID_PARAMS
;
753 if (!test_bit(HCI_CONN_MASTER
, &conn
->hcon
->flags
))
754 return SMP_CMD_NOTSUPP
;
756 skb_pull(skb
, sizeof(*rsp
));
758 req
= (void *) &smp
->preq
[1];
760 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
761 if (check_enc_key_size(conn
, key_size
))
762 return SMP_ENC_KEY_SIZE
;
764 /* If we need MITM check that it can be acheived */
765 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
768 method
= get_auth_method(smp
, req
->io_capability
,
770 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
771 return SMP_AUTH_REQUIREMENTS
;
774 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
776 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
777 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
779 /* Update remote key distribution in case the remote cleared
780 * some bits that we had enabled in our request.
782 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
784 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
785 (rsp
->auth_req
& SMP_AUTH_BONDING
))
786 auth
= SMP_AUTH_BONDING
;
788 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
790 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
792 return SMP_UNSPECIFIED
;
794 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
796 /* Can't compose response until we have been confirmed */
797 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
798 return smp_confirm(smp
);
803 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
805 struct smp_chan
*smp
= conn
->smp_chan
;
807 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
809 if (skb
->len
< sizeof(smp
->pcnf
))
810 return SMP_INVALID_PARAMS
;
812 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
813 skb_pull(skb
, sizeof(smp
->pcnf
));
816 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
818 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
819 return smp_confirm(smp
);
821 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
826 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
828 struct smp_chan
*smp
= conn
->smp_chan
;
830 BT_DBG("conn %p", conn
);
832 if (skb
->len
< sizeof(smp
->rrnd
))
833 return SMP_INVALID_PARAMS
;
835 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
836 skb_pull(skb
, sizeof(smp
->rrnd
));
838 return smp_random(smp
);
841 static u8
smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
844 struct hci_conn
*hcon
= conn
->hcon
;
846 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
851 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
854 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
857 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
858 hcon
->enc_key_size
= key
->enc_size
;
863 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
865 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
866 struct smp_cmd_pairing cp
;
867 struct hci_conn
*hcon
= conn
->hcon
;
868 struct smp_chan
*smp
;
871 BT_DBG("conn %p", conn
);
873 if (skb
->len
< sizeof(*rp
))
874 return SMP_INVALID_PARAMS
;
876 if (!test_bit(HCI_CONN_MASTER
, &conn
->hcon
->flags
))
877 return SMP_CMD_NOTSUPP
;
879 sec_level
= authreq_to_seclevel(rp
->auth_req
);
880 if (sec_level
> hcon
->pending_sec_level
)
881 hcon
->pending_sec_level
= sec_level
;
883 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
886 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
889 smp
= smp_chan_create(conn
);
891 return SMP_UNSPECIFIED
;
893 skb_pull(skb
, sizeof(*rp
));
895 memset(&cp
, 0, sizeof(cp
));
896 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
898 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
899 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
901 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
903 clear_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
908 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
910 if (sec_level
== BT_SECURITY_LOW
)
913 if (hcon
->sec_level
>= sec_level
)
919 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
921 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
922 struct smp_chan
*smp
;
925 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
927 /* This may be NULL if there's an unexpected disconnection */
931 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
934 if (smp_sufficient_security(hcon
, sec_level
))
937 if (sec_level
> hcon
->pending_sec_level
)
938 hcon
->pending_sec_level
= sec_level
;
940 if (test_bit(HCI_CONN_MASTER
, &hcon
->flags
))
941 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
944 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
947 smp
= smp_chan_create(conn
);
951 authreq
= seclevel_to_authreq(sec_level
);
953 /* Require MITM if IO Capability allows or the security level
956 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
957 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
958 authreq
|= SMP_AUTH_MITM
;
960 if (test_bit(HCI_CONN_MASTER
, &hcon
->flags
)) {
961 struct smp_cmd_pairing cp
;
963 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
964 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
965 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
967 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
969 struct smp_cmd_security_req cp
;
970 cp
.auth_req
= authreq
;
971 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
974 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
979 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
981 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
982 struct smp_chan
*smp
= conn
->smp_chan
;
984 BT_DBG("conn %p", conn
);
986 if (skb
->len
< sizeof(*rp
))
987 return SMP_INVALID_PARAMS
;
989 /* Ignore this PDU if it wasn't requested */
990 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
993 skb_pull(skb
, sizeof(*rp
));
995 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1000 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1002 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1003 struct smp_chan
*smp
= conn
->smp_chan
;
1004 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1005 struct hci_conn
*hcon
= conn
->hcon
;
1006 struct smp_ltk
*ltk
;
1009 BT_DBG("conn %p", conn
);
1011 if (skb
->len
< sizeof(*rp
))
1012 return SMP_INVALID_PARAMS
;
1014 /* Ignore this PDU if it wasn't requested */
1015 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
1018 /* Mark the information as received */
1019 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1021 skb_pull(skb
, sizeof(*rp
));
1024 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1025 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1026 authenticated
, smp
->tk
, smp
->enc_key_size
,
1027 rp
->ediv
, rp
->rand
);
1029 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1030 smp_distribute_keys(conn
);
1031 hci_dev_unlock(hdev
);
1036 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1038 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1039 struct smp_chan
*smp
= conn
->smp_chan
;
1043 if (skb
->len
< sizeof(*info
))
1044 return SMP_INVALID_PARAMS
;
1046 /* Ignore this PDU if it wasn't requested */
1047 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1050 skb_pull(skb
, sizeof(*info
));
1052 memcpy(smp
->irk
, info
->irk
, 16);
1057 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1058 struct sk_buff
*skb
)
1060 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1061 struct smp_chan
*smp
= conn
->smp_chan
;
1062 struct hci_conn
*hcon
= conn
->hcon
;
1067 if (skb
->len
< sizeof(*info
))
1068 return SMP_INVALID_PARAMS
;
1070 /* Ignore this PDU if it wasn't requested */
1071 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1074 /* Mark the information as received */
1075 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1077 skb_pull(skb
, sizeof(*info
));
1079 /* Strictly speaking the Core Specification (4.1) allows sending
1080 * an empty address which would force us to rely on just the IRK
1081 * as "identity information". However, since such
1082 * implementations are not known of and in order to not over
1083 * complicate our implementation, simply pretend that we never
1084 * received an IRK for such a device.
1086 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1087 BT_ERR("Ignoring IRK with no identity address");
1088 smp_distribute_keys(conn
);
1092 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1093 smp
->id_addr_type
= info
->addr_type
;
1095 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1096 bacpy(&rpa
, &hcon
->dst
);
1098 bacpy(&rpa
, BDADDR_ANY
);
1100 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1101 smp
->id_addr_type
, smp
->irk
, &rpa
);
1103 smp_distribute_keys(conn
);
1108 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1110 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1111 struct smp_chan
*smp
= conn
->smp_chan
;
1112 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1113 struct smp_csrk
*csrk
;
1115 BT_DBG("conn %p", conn
);
1117 if (skb
->len
< sizeof(*rp
))
1118 return SMP_INVALID_PARAMS
;
1120 /* Ignore this PDU if it wasn't requested */
1121 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1124 /* Mark the information as received */
1125 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1127 skb_pull(skb
, sizeof(*rp
));
1130 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1132 csrk
->master
= 0x01;
1133 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1136 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1137 smp_distribute_keys(conn
);
1138 hci_dev_unlock(hdev
);
1143 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1145 struct hci_conn
*hcon
= conn
->hcon
;
1149 if (hcon
->type
!= LE_LINK
) {
1159 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1161 reason
= SMP_PAIRING_NOTSUPP
;
1165 code
= skb
->data
[0];
1166 skb_pull(skb
, sizeof(code
));
1169 * The SMP context must be initialized for all other PDUs except
1170 * pairing and security requests. If we get any other PDU when
1171 * not initialized simply disconnect (done if this function
1172 * returns an error).
1174 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1176 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1182 case SMP_CMD_PAIRING_REQ
:
1183 reason
= smp_cmd_pairing_req(conn
, skb
);
1186 case SMP_CMD_PAIRING_FAIL
:
1187 smp_failure(conn
, 0);
1192 case SMP_CMD_PAIRING_RSP
:
1193 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1196 case SMP_CMD_SECURITY_REQ
:
1197 reason
= smp_cmd_security_req(conn
, skb
);
1200 case SMP_CMD_PAIRING_CONFIRM
:
1201 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1204 case SMP_CMD_PAIRING_RANDOM
:
1205 reason
= smp_cmd_pairing_random(conn
, skb
);
1208 case SMP_CMD_ENCRYPT_INFO
:
1209 reason
= smp_cmd_encrypt_info(conn
, skb
);
1212 case SMP_CMD_MASTER_IDENT
:
1213 reason
= smp_cmd_master_ident(conn
, skb
);
1216 case SMP_CMD_IDENT_INFO
:
1217 reason
= smp_cmd_ident_info(conn
, skb
);
1220 case SMP_CMD_IDENT_ADDR_INFO
:
1221 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1224 case SMP_CMD_SIGN_INFO
:
1225 reason
= smp_cmd_sign_info(conn
, skb
);
1229 BT_DBG("Unknown command code 0x%2.2x", code
);
1231 reason
= SMP_CMD_NOTSUPP
;
1238 smp_failure(conn
, reason
);
1244 static void smp_notify_keys(struct l2cap_conn
*conn
)
1246 struct smp_chan
*smp
= conn
->smp_chan
;
1247 struct hci_conn
*hcon
= conn
->hcon
;
1248 struct hci_dev
*hdev
= hcon
->hdev
;
1249 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
1250 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
1253 if (smp
->remote_irk
) {
1254 mgmt_new_irk(hdev
, smp
->remote_irk
);
1255 /* Now that user space can be considered to know the
1256 * identity address track the connection based on it
1259 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
1260 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
1261 l2cap_conn_update_id_addr(hcon
);
1264 /* The LTKs and CSRKs should be persistent only if both sides
1265 * had the bonding bit set in their authentication requests.
1267 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
1270 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
1271 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
1272 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
1275 if (smp
->slave_csrk
) {
1276 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
1277 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
1278 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
1282 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
1283 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
1284 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
1287 if (smp
->slave_ltk
) {
1288 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
1289 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
1290 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
1294 int smp_distribute_keys(struct l2cap_conn
*conn
)
1296 struct smp_cmd_pairing
*req
, *rsp
;
1297 struct smp_chan
*smp
= conn
->smp_chan
;
1298 struct hci_conn
*hcon
= conn
->hcon
;
1299 struct hci_dev
*hdev
= hcon
->hdev
;
1302 BT_DBG("conn %p", conn
);
1304 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1307 rsp
= (void *) &smp
->prsp
[1];
1309 /* The responder sends its keys first */
1310 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
1313 req
= (void *) &smp
->preq
[1];
1316 keydist
= &rsp
->init_key_dist
;
1317 *keydist
&= req
->init_key_dist
;
1319 keydist
= &rsp
->resp_key_dist
;
1320 *keydist
&= req
->resp_key_dist
;
1323 BT_DBG("keydist 0x%x", *keydist
);
1325 if (*keydist
& SMP_DIST_ENC_KEY
) {
1326 struct smp_cmd_encrypt_info enc
;
1327 struct smp_cmd_master_ident ident
;
1328 struct smp_ltk
*ltk
;
1333 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
1334 get_random_bytes(&ediv
, sizeof(ediv
));
1335 get_random_bytes(&rand
, sizeof(rand
));
1337 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
1339 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
1340 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
1341 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
1342 smp
->enc_key_size
, ediv
, rand
);
1343 smp
->slave_ltk
= ltk
;
1348 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
1350 *keydist
&= ~SMP_DIST_ENC_KEY
;
1353 if (*keydist
& SMP_DIST_ID_KEY
) {
1354 struct smp_cmd_ident_addr_info addrinfo
;
1355 struct smp_cmd_ident_info idinfo
;
1357 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
1359 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
1361 /* The hci_conn contains the local identity address
1362 * after the connection has been established.
1364 * This is true even when the connection has been
1365 * established using a resolvable random address.
1367 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
1368 addrinfo
.addr_type
= hcon
->src_type
;
1370 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
1373 *keydist
&= ~SMP_DIST_ID_KEY
;
1376 if (*keydist
& SMP_DIST_SIGN
) {
1377 struct smp_cmd_sign_info sign
;
1378 struct smp_csrk
*csrk
;
1380 /* Generate a new random key */
1381 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
1383 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1385 csrk
->master
= 0x00;
1386 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
1388 smp
->slave_csrk
= csrk
;
1390 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
1392 *keydist
&= ~SMP_DIST_SIGN
;
1395 /* If there are still keys to be received wait for them */
1396 if ((smp
->remote_key_dist
& 0x07))
1399 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
1400 cancel_delayed_work_sync(&conn
->security_timer
);
1401 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
1402 smp_notify_keys(conn
);
1404 smp_chan_destroy(conn
);