2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
36 #define AUTH_REQ_MASK 0x07
47 struct l2cap_conn
*conn
;
48 struct delayed_work security_timer
;
49 struct work_struct distribute_work
;
51 u8 preq
[7]; /* SMP Pairing Request */
52 u8 prsp
[7]; /* SMP Pairing Response */
53 u8 prnd
[16]; /* SMP Pairing Random (local) */
54 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
55 u8 pcnf
[16]; /* SMP Pairing Confirm */
56 u8 tk
[16]; /* SMP Temporary Key */
62 struct smp_csrk
*csrk
;
63 struct smp_csrk
*slave_csrk
;
65 struct smp_ltk
*slave_ltk
;
66 struct smp_irk
*remote_irk
;
69 struct crypto_blkcipher
*tfm_aes
;
72 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
76 for (i
= 0; i
< len
; i
++)
77 dst
[len
- 1 - i
] = src
[i
];
80 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
82 struct blkcipher_desc desc
;
83 struct scatterlist sg
;
84 uint8_t tmp
[16], data
[16];
88 BT_ERR("tfm %p", tfm
);
95 /* The most significant octet of key corresponds to k[0] */
98 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
100 BT_ERR("cipher setkey failed: %d", err
);
104 /* Most significant octet of plaintextData corresponds to data[0] */
105 swap_buf(r
, data
, 16);
107 sg_init_one(&sg
, data
, 16);
109 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
111 BT_ERR("Encrypt data error %d", err
);
113 /* Most significant octet of encryptedData corresponds to data[0] */
114 swap_buf(data
, r
, 16);
119 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
124 /* r' = padding || r */
126 memset(_res
+ 3, 0, 13);
128 err
= smp_e(tfm
, irk
, _res
);
130 BT_ERR("Encrypt error");
134 /* The output of the random address function ah is:
135 * ah(h, r) = e(k, r') mod 2^24
136 * The output of the security function e is then truncated to 24 bits
137 * by taking the least significant 24 bits of the output of e as the
140 memcpy(res
, _res
, 3);
145 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
147 struct l2cap_chan
*chan
= hdev
->smp_data
;
148 struct crypto_blkcipher
*tfm
;
152 if (!chan
|| !chan
->data
)
157 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
159 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
163 return !memcmp(bdaddr
->b
, hash
, 3);
166 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
168 struct l2cap_chan
*chan
= hdev
->smp_data
;
169 struct crypto_blkcipher
*tfm
;
172 if (!chan
|| !chan
->data
)
177 get_random_bytes(&rpa
->b
[3], 3);
179 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
180 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
182 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
186 BT_DBG("RPA %pMR", rpa
);
191 static int smp_c1(struct smp_chan
*smp
, u8 k
[16], u8 r
[16], u8 preq
[7],
192 u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
, bdaddr_t
*ra
,
195 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
199 BT_DBG("%s", hdev
->name
);
203 /* p1 = pres || preq || _rat || _iat */
206 memcpy(p1
+ 2, preq
, 7);
207 memcpy(p1
+ 9, pres
, 7);
209 /* p2 = padding || ia || ra */
211 memcpy(p2
+ 6, ia
, 6);
212 memset(p2
+ 12, 0, 4);
215 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
217 /* res = e(k, res) */
218 err
= smp_e(smp
->tfm_aes
, k
, res
);
220 BT_ERR("Encrypt data error");
224 /* res = res XOR p2 */
225 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
227 /* res = e(k, res) */
228 err
= smp_e(smp
->tfm_aes
, k
, res
);
230 BT_ERR("Encrypt data error");
235 static int smp_s1(struct smp_chan
*smp
, u8 k
[16], u8 r1
[16], u8 r2
[16],
238 struct hci_dev
*hdev
= smp
->conn
->hcon
->hdev
;
241 BT_DBG("%s", hdev
->name
);
243 /* Just least significant octets from r1 and r2 are considered */
245 memcpy(_r
+ 8, r1
, 8);
247 err
= smp_e(smp
->tfm_aes
, k
, _r
);
249 BT_ERR("Encrypt data error");
254 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
256 struct l2cap_chan
*chan
= conn
->smp
;
257 struct smp_chan
*smp
;
264 BT_DBG("code 0x%2.2x", code
);
266 iv
[0].iov_base
= &code
;
269 iv
[1].iov_base
= data
;
272 memset(&msg
, 0, sizeof(msg
));
274 msg
.msg_iov
= (struct iovec
*) &iv
;
277 l2cap_chan_send(chan
, &msg
, 1 + len
);
284 cancel_delayed_work_sync(&smp
->security_timer
);
285 if (test_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
286 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
289 static __u8
authreq_to_seclevel(__u8 authreq
)
291 if (authreq
& SMP_AUTH_MITM
)
292 return BT_SECURITY_HIGH
;
294 return BT_SECURITY_MEDIUM
;
297 static __u8
seclevel_to_authreq(__u8 sec_level
)
300 case BT_SECURITY_HIGH
:
301 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
302 case BT_SECURITY_MEDIUM
:
303 return SMP_AUTH_BONDING
;
305 return SMP_AUTH_NONE
;
309 static void build_pairing_cmd(struct l2cap_conn
*conn
,
310 struct smp_cmd_pairing
*req
,
311 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
313 struct l2cap_chan
*chan
= conn
->smp
;
314 struct smp_chan
*smp
= chan
->data
;
315 struct hci_conn
*hcon
= conn
->hcon
;
316 struct hci_dev
*hdev
= hcon
->hdev
;
317 u8 local_dist
= 0, remote_dist
= 0;
319 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
320 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
321 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
322 authreq
|= SMP_AUTH_BONDING
;
324 authreq
&= ~SMP_AUTH_BONDING
;
327 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
328 remote_dist
|= SMP_DIST_ID_KEY
;
330 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
331 local_dist
|= SMP_DIST_ID_KEY
;
334 req
->io_capability
= conn
->hcon
->io_capability
;
335 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
336 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
337 req
->init_key_dist
= local_dist
;
338 req
->resp_key_dist
= remote_dist
;
339 req
->auth_req
= (authreq
& AUTH_REQ_MASK
);
341 smp
->remote_key_dist
= remote_dist
;
345 rsp
->io_capability
= conn
->hcon
->io_capability
;
346 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
347 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
348 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
349 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
350 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK
);
352 smp
->remote_key_dist
= rsp
->init_key_dist
;
355 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
357 struct l2cap_chan
*chan
= conn
->smp
;
358 struct smp_chan
*smp
= chan
->data
;
360 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
361 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
362 return SMP_ENC_KEY_SIZE
;
364 smp
->enc_key_size
= max_key_size
;
369 static void smp_chan_destroy(struct l2cap_conn
*conn
)
371 struct l2cap_chan
*chan
= conn
->smp
;
372 struct smp_chan
*smp
= chan
->data
;
377 cancel_delayed_work_sync(&smp
->security_timer
);
378 /* In case the timeout freed the SMP context */
382 if (work_pending(&smp
->distribute_work
)) {
383 cancel_work_sync(&smp
->distribute_work
);
388 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
389 mgmt_smp_complete(conn
->hcon
, complete
);
392 kfree(smp
->slave_csrk
);
394 crypto_free_blkcipher(smp
->tfm_aes
);
396 /* If pairing failed clean up any keys we might have */
399 list_del(&smp
->ltk
->list
);
403 if (smp
->slave_ltk
) {
404 list_del(&smp
->slave_ltk
->list
);
405 kfree(smp
->slave_ltk
);
408 if (smp
->remote_irk
) {
409 list_del(&smp
->remote_irk
->list
);
410 kfree(smp
->remote_irk
);
416 hci_conn_drop(conn
->hcon
);
419 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
421 struct hci_conn
*hcon
= conn
->hcon
;
422 struct l2cap_chan
*chan
= conn
->smp
;
423 struct smp_chan
*smp
;
426 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
429 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
430 mgmt_auth_failed(hcon
->hdev
, &hcon
->dst
, hcon
->type
, hcon
->dst_type
,
431 HCI_ERROR_AUTH_FAILURE
);
438 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
439 smp_chan_destroy(conn
);
442 #define JUST_WORKS 0x00
443 #define JUST_CFM 0x01
444 #define REQ_PASSKEY 0x02
445 #define CFM_PASSKEY 0x03
449 static const u8 gen_method
[5][5] = {
450 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
451 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
452 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
453 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
454 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
457 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
459 /* If either side has unknown io_caps, use JUST_CFM (which gets
460 * converted later to JUST_WORKS if we're initiators.
462 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
463 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
466 return gen_method
[remote_io
][local_io
];
469 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
470 u8 local_io
, u8 remote_io
)
472 struct hci_conn
*hcon
= conn
->hcon
;
473 struct l2cap_chan
*chan
= conn
->smp
;
474 struct smp_chan
*smp
= chan
->data
;
479 /* Initialize key for JUST WORKS */
480 memset(smp
->tk
, 0, sizeof(smp
->tk
));
481 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
483 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
485 /* If neither side wants MITM, either "just" confirm an incoming
486 * request or use just-works for outgoing ones. The JUST_CFM
487 * will be converted to JUST_WORKS if necessary later in this
488 * function. If either side has MITM look up the method from the
491 if (!(auth
& SMP_AUTH_MITM
))
494 method
= get_auth_method(smp
, local_io
, remote_io
);
496 /* Don't confirm locally initiated pairing attempts */
497 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
500 /* Don't bother user space with no IO capabilities */
501 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
504 /* If Just Works, Continue with Zero TK */
505 if (method
== JUST_WORKS
) {
506 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
510 /* Not Just Works/Confirm results in MITM Authentication */
511 if (method
!= JUST_CFM
)
512 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
514 /* If both devices have Keyoard-Display I/O, the master
515 * Confirms and the slave Enters the passkey.
517 if (method
== OVERLAP
) {
518 if (hcon
->role
== HCI_ROLE_MASTER
)
519 method
= CFM_PASSKEY
;
521 method
= REQ_PASSKEY
;
524 /* Generate random passkey. */
525 if (method
== CFM_PASSKEY
) {
526 memset(smp
->tk
, 0, sizeof(smp
->tk
));
527 get_random_bytes(&passkey
, sizeof(passkey
));
529 put_unaligned_le32(passkey
, smp
->tk
);
530 BT_DBG("PassKey: %d", passkey
);
531 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
534 hci_dev_lock(hcon
->hdev
);
536 if (method
== REQ_PASSKEY
)
537 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
538 hcon
->type
, hcon
->dst_type
);
539 else if (method
== JUST_CFM
)
540 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
541 hcon
->type
, hcon
->dst_type
,
544 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
545 hcon
->type
, hcon
->dst_type
,
548 hci_dev_unlock(hcon
->hdev
);
553 static u8
smp_confirm(struct smp_chan
*smp
)
555 struct l2cap_conn
*conn
= smp
->conn
;
556 struct smp_cmd_pairing_confirm cp
;
559 BT_DBG("conn %p", conn
);
561 ret
= smp_c1(smp
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
562 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
563 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
566 return SMP_UNSPECIFIED
;
568 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
570 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
575 static u8
smp_random(struct smp_chan
*smp
)
577 struct l2cap_conn
*conn
= smp
->conn
;
578 struct hci_conn
*hcon
= conn
->hcon
;
582 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
583 return SMP_UNSPECIFIED
;
585 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
587 ret
= smp_c1(smp
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
588 hcon
->init_addr_type
, &hcon
->init_addr
,
589 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
591 return SMP_UNSPECIFIED
;
593 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
594 BT_ERR("Pairing failed (confirmation values mismatch)");
595 return SMP_CONFIRM_FAILED
;
603 smp_s1(smp
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
605 memset(stk
+ smp
->enc_key_size
, 0,
606 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
608 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
609 return SMP_UNSPECIFIED
;
611 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
612 hcon
->enc_key_size
= smp
->enc_key_size
;
613 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
619 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
622 smp_s1(smp
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
624 memset(stk
+ smp
->enc_key_size
, 0,
625 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
627 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
632 /* Even though there's no _SLAVE suffix this is the
633 * slave STK we're adding for later lookup (the master
634 * STK never needs to be stored).
636 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
637 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
643 static void smp_notify_keys(struct l2cap_conn
*conn
)
645 struct l2cap_chan
*chan
= conn
->smp
;
646 struct smp_chan
*smp
= chan
->data
;
647 struct hci_conn
*hcon
= conn
->hcon
;
648 struct hci_dev
*hdev
= hcon
->hdev
;
649 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
650 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
653 if (smp
->remote_irk
) {
654 mgmt_new_irk(hdev
, smp
->remote_irk
);
655 /* Now that user space can be considered to know the
656 * identity address track the connection based on it
659 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
660 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
661 l2cap_conn_update_id_addr(hcon
);
663 /* When receiving an indentity resolving key for
664 * a remote device that does not use a resolvable
665 * private address, just remove the key so that
666 * it is possible to use the controller white
669 * Userspace will have been told to not store
670 * this key at this point. So it is safe to
673 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
674 list_del(&smp
->remote_irk
->list
);
675 kfree(smp
->remote_irk
);
676 smp
->remote_irk
= NULL
;
680 /* The LTKs and CSRKs should be persistent only if both sides
681 * had the bonding bit set in their authentication requests.
683 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
686 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
687 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
688 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
691 if (smp
->slave_csrk
) {
692 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
693 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
694 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
698 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
699 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
700 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
703 if (smp
->slave_ltk
) {
704 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
705 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
706 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
710 static void smp_distribute_keys(struct work_struct
*work
)
712 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
714 struct smp_cmd_pairing
*req
, *rsp
;
715 struct l2cap_conn
*conn
= smp
->conn
;
716 struct hci_conn
*hcon
= conn
->hcon
;
717 struct hci_dev
*hdev
= hcon
->hdev
;
720 BT_DBG("conn %p", conn
);
722 if (!test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
725 rsp
= (void *) &smp
->prsp
[1];
727 /* The responder sends its keys first */
728 if (hcon
->out
&& (smp
->remote_key_dist
& 0x07))
731 req
= (void *) &smp
->preq
[1];
734 keydist
= &rsp
->init_key_dist
;
735 *keydist
&= req
->init_key_dist
;
737 keydist
= &rsp
->resp_key_dist
;
738 *keydist
&= req
->resp_key_dist
;
741 BT_DBG("keydist 0x%x", *keydist
);
743 if (*keydist
& SMP_DIST_ENC_KEY
) {
744 struct smp_cmd_encrypt_info enc
;
745 struct smp_cmd_master_ident ident
;
751 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
752 get_random_bytes(&ediv
, sizeof(ediv
));
753 get_random_bytes(&rand
, sizeof(rand
));
755 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
757 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
758 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
759 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
760 smp
->enc_key_size
, ediv
, rand
);
761 smp
->slave_ltk
= ltk
;
766 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
768 *keydist
&= ~SMP_DIST_ENC_KEY
;
771 if (*keydist
& SMP_DIST_ID_KEY
) {
772 struct smp_cmd_ident_addr_info addrinfo
;
773 struct smp_cmd_ident_info idinfo
;
775 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
777 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
779 /* The hci_conn contains the local identity address
780 * after the connection has been established.
782 * This is true even when the connection has been
783 * established using a resolvable random address.
785 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
786 addrinfo
.addr_type
= hcon
->src_type
;
788 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
791 *keydist
&= ~SMP_DIST_ID_KEY
;
794 if (*keydist
& SMP_DIST_SIGN
) {
795 struct smp_cmd_sign_info sign
;
796 struct smp_csrk
*csrk
;
798 /* Generate a new random key */
799 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
801 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
804 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
806 smp
->slave_csrk
= csrk
;
808 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
810 *keydist
&= ~SMP_DIST_SIGN
;
813 /* If there are still keys to be received wait for them */
814 if ((smp
->remote_key_dist
& 0x07))
817 clear_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
);
818 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
819 smp_notify_keys(conn
);
821 smp_chan_destroy(conn
);
824 static void smp_timeout(struct work_struct
*work
)
826 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
827 security_timer
.work
);
828 struct l2cap_conn
*conn
= smp
->conn
;
830 BT_DBG("conn %p", conn
);
832 l2cap_conn_shutdown(conn
, ETIMEDOUT
);
835 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
837 struct l2cap_chan
*chan
= conn
->smp
;
838 struct smp_chan
*smp
;
840 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
842 clear_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
);
846 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
847 if (IS_ERR(smp
->tfm_aes
)) {
848 BT_ERR("Unable to create ECB crypto context");
850 clear_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
);
857 INIT_WORK(&smp
->distribute_work
, smp_distribute_keys
);
858 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
860 hci_conn_hold(conn
->hcon
);
865 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
867 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
868 struct l2cap_chan
*chan
;
869 struct smp_chan
*smp
;
874 if (!conn
|| !test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
884 case MGMT_OP_USER_PASSKEY_REPLY
:
885 value
= le32_to_cpu(passkey
);
886 memset(smp
->tk
, 0, sizeof(smp
->tk
));
887 BT_DBG("PassKey: %d", value
);
888 put_unaligned_le32(value
, smp
->tk
);
890 case MGMT_OP_USER_CONFIRM_REPLY
:
891 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
893 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
894 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
895 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
898 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
902 /* If it is our turn to send Pairing Confirm, do so now */
903 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
904 u8 rsp
= smp_confirm(smp
);
906 smp_failure(conn
, rsp
);
912 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
914 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
915 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
916 struct smp_chan
*smp
;
917 u8 key_size
, auth
, sec_level
;
920 BT_DBG("conn %p", conn
);
922 if (skb
->len
< sizeof(*req
))
923 return SMP_INVALID_PARAMS
;
925 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
926 return SMP_CMD_NOTSUPP
;
928 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
)) {
929 smp
= smp_chan_create(conn
);
931 struct l2cap_chan
*chan
= conn
->smp
;
936 return SMP_UNSPECIFIED
;
938 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
939 (req
->auth_req
& SMP_AUTH_BONDING
))
940 return SMP_PAIRING_NOTSUPP
;
942 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
943 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
944 skb_pull(skb
, sizeof(*req
));
946 /* We didn't start the pairing, so match remote */
947 auth
= req
->auth_req
;
949 sec_level
= authreq_to_seclevel(auth
);
950 if (sec_level
> conn
->hcon
->pending_sec_level
)
951 conn
->hcon
->pending_sec_level
= sec_level
;
953 /* If we need MITM check that it can be acheived */
954 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
957 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
959 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
960 return SMP_AUTH_REQUIREMENTS
;
963 build_pairing_cmd(conn
, req
, &rsp
, auth
);
965 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
966 if (check_enc_key_size(conn
, key_size
))
967 return SMP_ENC_KEY_SIZE
;
969 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
971 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
972 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
974 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
976 /* Request setup of TK */
977 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
979 return SMP_UNSPECIFIED
;
984 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
986 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
987 struct l2cap_chan
*chan
= conn
->smp
;
988 struct smp_chan
*smp
= chan
->data
;
989 u8 key_size
, auth
= SMP_AUTH_NONE
;
992 BT_DBG("conn %p", conn
);
994 if (skb
->len
< sizeof(*rsp
))
995 return SMP_INVALID_PARAMS
;
997 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
998 return SMP_CMD_NOTSUPP
;
1000 skb_pull(skb
, sizeof(*rsp
));
1002 req
= (void *) &smp
->preq
[1];
1004 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1005 if (check_enc_key_size(conn
, key_size
))
1006 return SMP_ENC_KEY_SIZE
;
1008 /* If we need MITM check that it can be acheived */
1009 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1012 method
= get_auth_method(smp
, req
->io_capability
,
1013 rsp
->io_capability
);
1014 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1015 return SMP_AUTH_REQUIREMENTS
;
1018 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1020 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1021 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1023 /* Update remote key distribution in case the remote cleared
1024 * some bits that we had enabled in our request.
1026 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1028 if ((req
->auth_req
& SMP_AUTH_BONDING
) &&
1029 (rsp
->auth_req
& SMP_AUTH_BONDING
))
1030 auth
= SMP_AUTH_BONDING
;
1032 auth
|= (req
->auth_req
| rsp
->auth_req
) & SMP_AUTH_MITM
;
1034 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1036 return SMP_UNSPECIFIED
;
1038 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1040 /* Can't compose response until we have been confirmed */
1041 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1042 return smp_confirm(smp
);
1047 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1049 struct l2cap_chan
*chan
= conn
->smp
;
1050 struct smp_chan
*smp
= chan
->data
;
1052 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1054 if (skb
->len
< sizeof(smp
->pcnf
))
1055 return SMP_INVALID_PARAMS
;
1057 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1058 skb_pull(skb
, sizeof(smp
->pcnf
));
1060 if (conn
->hcon
->out
)
1061 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1063 else if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1064 return smp_confirm(smp
);
1066 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1071 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1073 struct l2cap_chan
*chan
= conn
->smp
;
1074 struct smp_chan
*smp
= chan
->data
;
1076 BT_DBG("conn %p", conn
);
1078 if (skb
->len
< sizeof(smp
->rrnd
))
1079 return SMP_INVALID_PARAMS
;
1081 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1082 skb_pull(skb
, sizeof(smp
->rrnd
));
1084 return smp_random(smp
);
1087 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1089 struct smp_ltk
*key
;
1090 struct hci_conn
*hcon
= conn
->hcon
;
1092 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1097 if (sec_level
> BT_SECURITY_MEDIUM
&& !key
->authenticated
)
1100 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1103 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1104 hcon
->enc_key_size
= key
->enc_size
;
1106 /* We never store STKs for master role, so clear this flag */
1107 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1112 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
)
1114 if (sec_level
== BT_SECURITY_LOW
)
1117 /* If we're encrypted with an STK always claim insufficient
1118 * security. This way we allow the connection to be re-encrypted
1119 * with an LTK, even if the LTK provides the same level of
1120 * security. Only exception is if we don't have an LTK (e.g.
1121 * because of key distribution bits).
1123 if (test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1124 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1128 if (hcon
->sec_level
>= sec_level
)
1134 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1136 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1137 struct smp_cmd_pairing cp
;
1138 struct hci_conn
*hcon
= conn
->hcon
;
1139 struct smp_chan
*smp
;
1142 BT_DBG("conn %p", conn
);
1144 if (skb
->len
< sizeof(*rp
))
1145 return SMP_INVALID_PARAMS
;
1147 if (hcon
->role
!= HCI_ROLE_MASTER
)
1148 return SMP_CMD_NOTSUPP
;
1150 sec_level
= authreq_to_seclevel(rp
->auth_req
);
1151 if (smp_sufficient_security(hcon
, sec_level
))
1154 if (sec_level
> hcon
->pending_sec_level
)
1155 hcon
->pending_sec_level
= sec_level
;
1157 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1160 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1163 smp
= smp_chan_create(conn
);
1165 return SMP_UNSPECIFIED
;
1167 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1168 (rp
->auth_req
& SMP_AUTH_BONDING
))
1169 return SMP_PAIRING_NOTSUPP
;
1171 skb_pull(skb
, sizeof(*rp
));
1173 memset(&cp
, 0, sizeof(cp
));
1174 build_pairing_cmd(conn
, &cp
, NULL
, rp
->auth_req
);
1176 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1177 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1179 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1184 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1186 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1187 struct smp_chan
*smp
;
1190 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1192 /* This may be NULL if there's an unexpected disconnection */
1196 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1199 if (smp_sufficient_security(hcon
, sec_level
))
1202 if (sec_level
> hcon
->pending_sec_level
)
1203 hcon
->pending_sec_level
= sec_level
;
1205 if (hcon
->role
== HCI_ROLE_MASTER
)
1206 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1209 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
))
1212 smp
= smp_chan_create(conn
);
1216 authreq
= seclevel_to_authreq(sec_level
);
1218 /* Require MITM if IO Capability allows or the security level
1221 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1222 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1223 authreq
|= SMP_AUTH_MITM
;
1225 if (hcon
->role
== HCI_ROLE_MASTER
) {
1226 struct smp_cmd_pairing cp
;
1228 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1229 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1230 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1232 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1234 struct smp_cmd_security_req cp
;
1235 cp
.auth_req
= authreq
;
1236 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1239 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1244 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1246 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1247 struct l2cap_chan
*chan
= conn
->smp
;
1248 struct smp_chan
*smp
= chan
->data
;
1250 BT_DBG("conn %p", conn
);
1252 if (skb
->len
< sizeof(*rp
))
1253 return SMP_INVALID_PARAMS
;
1255 /* Ignore this PDU if it wasn't requested */
1256 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
1259 skb_pull(skb
, sizeof(*rp
));
1261 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1266 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1268 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1269 struct l2cap_chan
*chan
= conn
->smp
;
1270 struct smp_chan
*smp
= chan
->data
;
1271 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1272 struct hci_conn
*hcon
= conn
->hcon
;
1273 struct smp_ltk
*ltk
;
1276 BT_DBG("conn %p", conn
);
1278 if (skb
->len
< sizeof(*rp
))
1279 return SMP_INVALID_PARAMS
;
1281 /* Ignore this PDU if it wasn't requested */
1282 if (!(smp
->remote_key_dist
& SMP_DIST_ENC_KEY
))
1285 /* Mark the information as received */
1286 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1288 skb_pull(skb
, sizeof(*rp
));
1291 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1292 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1293 authenticated
, smp
->tk
, smp
->enc_key_size
,
1294 rp
->ediv
, rp
->rand
);
1296 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1297 queue_work(hdev
->workqueue
, &smp
->distribute_work
);
1298 hci_dev_unlock(hdev
);
1303 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1305 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1306 struct l2cap_chan
*chan
= conn
->smp
;
1307 struct smp_chan
*smp
= chan
->data
;
1311 if (skb
->len
< sizeof(*info
))
1312 return SMP_INVALID_PARAMS
;
1314 /* Ignore this PDU if it wasn't requested */
1315 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1318 skb_pull(skb
, sizeof(*info
));
1320 memcpy(smp
->irk
, info
->irk
, 16);
1325 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1326 struct sk_buff
*skb
)
1328 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1329 struct l2cap_chan
*chan
= conn
->smp
;
1330 struct smp_chan
*smp
= chan
->data
;
1331 struct hci_conn
*hcon
= conn
->hcon
;
1332 struct hci_dev
*hdev
= hcon
->hdev
;
1337 if (skb
->len
< sizeof(*info
))
1338 return SMP_INVALID_PARAMS
;
1340 /* Ignore this PDU if it wasn't requested */
1341 if (!(smp
->remote_key_dist
& SMP_DIST_ID_KEY
))
1344 /* Mark the information as received */
1345 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1347 skb_pull(skb
, sizeof(*info
));
1349 hci_dev_lock(hcon
->hdev
);
1351 /* Strictly speaking the Core Specification (4.1) allows sending
1352 * an empty address which would force us to rely on just the IRK
1353 * as "identity information". However, since such
1354 * implementations are not known of and in order to not over
1355 * complicate our implementation, simply pretend that we never
1356 * received an IRK for such a device.
1358 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1359 BT_ERR("Ignoring IRK with no identity address");
1363 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1364 smp
->id_addr_type
= info
->addr_type
;
1366 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1367 bacpy(&rpa
, &hcon
->dst
);
1369 bacpy(&rpa
, BDADDR_ANY
);
1371 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1372 smp
->id_addr_type
, smp
->irk
, &rpa
);
1375 queue_work(hdev
->workqueue
, &smp
->distribute_work
);
1377 hci_dev_unlock(hcon
->hdev
);
1382 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1384 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1385 struct l2cap_chan
*chan
= conn
->smp
;
1386 struct smp_chan
*smp
= chan
->data
;
1387 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1388 struct smp_csrk
*csrk
;
1390 BT_DBG("conn %p", conn
);
1392 if (skb
->len
< sizeof(*rp
))
1393 return SMP_INVALID_PARAMS
;
1395 /* Ignore this PDU if it wasn't requested */
1396 if (!(smp
->remote_key_dist
& SMP_DIST_SIGN
))
1399 /* Mark the information as received */
1400 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1402 skb_pull(skb
, sizeof(*rp
));
1405 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1407 csrk
->master
= 0x01;
1408 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1411 queue_work(hdev
->workqueue
, &smp
->distribute_work
);
1412 hci_dev_unlock(hdev
);
1417 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1419 struct l2cap_conn
*conn
= chan
->conn
;
1420 struct hci_conn
*hcon
= conn
->hcon
;
1424 if (hcon
->type
!= LE_LINK
) {
1432 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1434 reason
= SMP_PAIRING_NOTSUPP
;
1438 code
= skb
->data
[0];
1439 skb_pull(skb
, sizeof(code
));
1442 * The SMP context must be initialized for all other PDUs except
1443 * pairing and security requests. If we get any other PDU when
1444 * not initialized simply disconnect (done if this function
1445 * returns an error).
1447 if (code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
&&
1448 !test_bit(HCI_CONN_LE_SMP_PEND
, &hcon
->flags
)) {
1449 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code
);
1450 reason
= SMP_CMD_NOTSUPP
;
1456 case SMP_CMD_PAIRING_REQ
:
1457 reason
= smp_cmd_pairing_req(conn
, skb
);
1460 case SMP_CMD_PAIRING_FAIL
:
1461 smp_failure(conn
, 0);
1466 case SMP_CMD_PAIRING_RSP
:
1467 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1470 case SMP_CMD_SECURITY_REQ
:
1471 reason
= smp_cmd_security_req(conn
, skb
);
1474 case SMP_CMD_PAIRING_CONFIRM
:
1475 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1478 case SMP_CMD_PAIRING_RANDOM
:
1479 reason
= smp_cmd_pairing_random(conn
, skb
);
1482 case SMP_CMD_ENCRYPT_INFO
:
1483 reason
= smp_cmd_encrypt_info(conn
, skb
);
1486 case SMP_CMD_MASTER_IDENT
:
1487 reason
= smp_cmd_master_ident(conn
, skb
);
1490 case SMP_CMD_IDENT_INFO
:
1491 reason
= smp_cmd_ident_info(conn
, skb
);
1494 case SMP_CMD_IDENT_ADDR_INFO
:
1495 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1498 case SMP_CMD_SIGN_INFO
:
1499 reason
= smp_cmd_sign_info(conn
, skb
);
1503 BT_DBG("Unknown command code 0x%2.2x", code
);
1505 reason
= SMP_CMD_NOTSUPP
;
1512 smp_failure(conn
, reason
);
1518 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1520 struct l2cap_conn
*conn
= chan
->conn
;
1522 BT_DBG("chan %p", chan
);
1524 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND
, &conn
->hcon
->flags
))
1525 smp_chan_destroy(conn
);
1528 l2cap_chan_put(chan
);
1531 static void smp_resume_cb(struct l2cap_chan
*chan
)
1533 struct smp_chan
*smp
= chan
->data
;
1534 struct l2cap_conn
*conn
= chan
->conn
;
1535 struct hci_conn
*hcon
= conn
->hcon
;
1536 struct hci_dev
*hdev
= hcon
->hdev
;
1538 BT_DBG("chan %p", chan
);
1543 cancel_delayed_work(&smp
->security_timer
);
1545 if (test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1546 queue_work(hdev
->workqueue
, &smp
->distribute_work
);
1549 static void smp_ready_cb(struct l2cap_chan
*chan
)
1551 struct l2cap_conn
*conn
= chan
->conn
;
1553 BT_DBG("chan %p", chan
);
1556 l2cap_chan_hold(chan
);
1559 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1563 BT_DBG("chan %p", chan
);
1565 err
= smp_sig_channel(chan
, skb
);
1567 struct smp_chan
*smp
= chan
->data
;
1570 cancel_delayed_work_sync(&smp
->security_timer
);
1572 l2cap_conn_shutdown(chan
->conn
, -err
);
1578 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1579 unsigned long hdr_len
,
1580 unsigned long len
, int nb
)
1582 struct sk_buff
*skb
;
1584 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1586 return ERR_PTR(-ENOMEM
);
1588 skb
->priority
= HCI_PRIO_MAX
;
1589 bt_cb(skb
)->chan
= chan
;
1594 static const struct l2cap_ops smp_chan_ops
= {
1595 .name
= "Security Manager",
1596 .ready
= smp_ready_cb
,
1597 .recv
= smp_recv_cb
,
1598 .alloc_skb
= smp_alloc_skb_cb
,
1599 .teardown
= smp_teardown_cb
,
1600 .resume
= smp_resume_cb
,
1602 .new_connection
= l2cap_chan_no_new_connection
,
1603 .state_change
= l2cap_chan_no_state_change
,
1604 .close
= l2cap_chan_no_close
,
1605 .defer
= l2cap_chan_no_defer
,
1606 .suspend
= l2cap_chan_no_suspend
,
1607 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1608 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1609 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1612 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1614 struct l2cap_chan
*chan
;
1616 BT_DBG("pchan %p", pchan
);
1618 chan
= l2cap_chan_create();
1622 chan
->chan_type
= pchan
->chan_type
;
1623 chan
->ops
= &smp_chan_ops
;
1624 chan
->scid
= pchan
->scid
;
1625 chan
->dcid
= chan
->scid
;
1626 chan
->imtu
= pchan
->imtu
;
1627 chan
->omtu
= pchan
->omtu
;
1628 chan
->mode
= pchan
->mode
;
1630 BT_DBG("created chan %p", chan
);
1635 static const struct l2cap_ops smp_root_chan_ops
= {
1636 .name
= "Security Manager Root",
1637 .new_connection
= smp_new_conn_cb
,
1639 /* None of these are implemented for the root channel */
1640 .close
= l2cap_chan_no_close
,
1641 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1642 .recv
= l2cap_chan_no_recv
,
1643 .state_change
= l2cap_chan_no_state_change
,
1644 .teardown
= l2cap_chan_no_teardown
,
1645 .ready
= l2cap_chan_no_ready
,
1646 .defer
= l2cap_chan_no_defer
,
1647 .suspend
= l2cap_chan_no_suspend
,
1648 .resume
= l2cap_chan_no_resume
,
1649 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1650 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1651 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1654 int smp_register(struct hci_dev
*hdev
)
1656 struct l2cap_chan
*chan
;
1657 struct crypto_blkcipher
*tfm_aes
;
1659 BT_DBG("%s", hdev
->name
);
1661 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
1662 if (IS_ERR(tfm_aes
)) {
1663 int err
= PTR_ERR(tfm_aes
);
1664 BT_ERR("Unable to create crypto context");
1668 chan
= l2cap_chan_create();
1670 crypto_free_blkcipher(tfm_aes
);
1674 chan
->data
= tfm_aes
;
1676 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1678 l2cap_chan_set_defaults(chan
);
1680 bacpy(&chan
->src
, &hdev
->bdaddr
);
1681 chan
->src_type
= BDADDR_LE_PUBLIC
;
1682 chan
->state
= BT_LISTEN
;
1683 chan
->mode
= L2CAP_MODE_BASIC
;
1684 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1685 chan
->ops
= &smp_root_chan_ops
;
1687 hdev
->smp_data
= chan
;
1692 void smp_unregister(struct hci_dev
*hdev
)
1694 struct l2cap_chan
*chan
= hdev
->smp_data
;
1695 struct crypto_blkcipher
*tfm_aes
;
1700 BT_DBG("%s chan %p", hdev
->name
, chan
);
1702 tfm_aes
= chan
->data
;
1705 crypto_free_blkcipher(tfm_aes
);
1708 hdev
->smp_data
= NULL
;
1709 l2cap_chan_put(chan
);