]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/bluetooth/smp.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Don't send ERTM configuration option when disabled
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_TIMEOUT msecs_to_jiffies(30000)
35
36 #define AUTH_REQ_MASK 0x07
37
38 enum {
39 SMP_FLAG_TK_VALID,
40 SMP_FLAG_CFM_PENDING,
41 SMP_FLAG_MITM_AUTH,
42 SMP_FLAG_COMPLETE,
43 SMP_FLAG_INITIATOR,
44 };
45
46 struct smp_chan {
47 struct l2cap_conn *conn;
48 u8 preq[7]; /* SMP Pairing Request */
49 u8 prsp[7]; /* SMP Pairing Response */
50 u8 prnd[16]; /* SMP Pairing Random (local) */
51 u8 rrnd[16]; /* SMP Pairing Random (remote) */
52 u8 pcnf[16]; /* SMP Pairing Confirm */
53 u8 tk[16]; /* SMP Temporary Key */
54 u8 enc_key_size;
55 u8 remote_key_dist;
56 bdaddr_t id_addr;
57 u8 id_addr_type;
58 u8 irk[16];
59 struct smp_csrk *csrk;
60 struct smp_csrk *slave_csrk;
61 struct smp_ltk *ltk;
62 struct smp_ltk *slave_ltk;
63 struct smp_irk *remote_irk;
64 unsigned long flags;
65
66 struct crypto_blkcipher *tfm_aes;
67 };
68
69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
70 {
71 size_t i;
72
73 for (i = 0; i < len; i++)
74 dst[len - 1 - i] = src[i];
75 }
76
77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 {
79 struct blkcipher_desc desc;
80 struct scatterlist sg;
81 uint8_t tmp[16], data[16];
82 int err;
83
84 if (tfm == NULL) {
85 BT_ERR("tfm %p", tfm);
86 return -EINVAL;
87 }
88
89 desc.tfm = tfm;
90 desc.flags = 0;
91
92 /* The most significant octet of key corresponds to k[0] */
93 swap_buf(k, tmp, 16);
94
95 err = crypto_blkcipher_setkey(tfm, tmp, 16);
96 if (err) {
97 BT_ERR("cipher setkey failed: %d", err);
98 return err;
99 }
100
101 /* Most significant octet of plaintextData corresponds to data[0] */
102 swap_buf(r, data, 16);
103
104 sg_init_one(&sg, data, 16);
105
106 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
107 if (err)
108 BT_ERR("Encrypt data error %d", err);
109
110 /* Most significant octet of encryptedData corresponds to data[0] */
111 swap_buf(data, r, 16);
112
113 return err;
114 }
115
116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
117 {
118 u8 _res[16];
119 int err;
120
121 /* r' = padding || r */
122 memcpy(_res, r, 3);
123 memset(_res + 3, 0, 13);
124
125 err = smp_e(tfm, irk, _res);
126 if (err) {
127 BT_ERR("Encrypt error");
128 return err;
129 }
130
131 /* The output of the random address function ah is:
132 * ah(h, r) = e(k, r') mod 2^24
133 * The output of the security function e is then truncated to 24 bits
134 * by taking the least significant 24 bits of the output of e as the
135 * result of ah.
136 */
137 memcpy(res, _res, 3);
138
139 return 0;
140 }
141
142 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
143 bdaddr_t *bdaddr)
144 {
145 u8 hash[3];
146 int err;
147
148 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
149
150 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
151 if (err)
152 return false;
153
154 return !memcmp(bdaddr->b, hash, 3);
155 }
156
157 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
158 {
159 int err;
160
161 get_random_bytes(&rpa->b[3], 3);
162
163 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
164 rpa->b[5] |= 0x40; /* Set second most significant bit */
165
166 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
167 if (err < 0)
168 return err;
169
170 BT_DBG("RPA %pMR", rpa);
171
172 return 0;
173 }
174
175 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
176 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
177 u8 res[16])
178 {
179 struct hci_dev *hdev = smp->conn->hcon->hdev;
180 u8 p1[16], p2[16];
181 int err;
182
183 BT_DBG("%s", hdev->name);
184
185 memset(p1, 0, 16);
186
187 /* p1 = pres || preq || _rat || _iat */
188 p1[0] = _iat;
189 p1[1] = _rat;
190 memcpy(p1 + 2, preq, 7);
191 memcpy(p1 + 9, pres, 7);
192
193 /* p2 = padding || ia || ra */
194 memcpy(p2, ra, 6);
195 memcpy(p2 + 6, ia, 6);
196 memset(p2 + 12, 0, 4);
197
198 /* res = r XOR p1 */
199 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200
201 /* res = e(k, res) */
202 err = smp_e(smp->tfm_aes, k, res);
203 if (err) {
204 BT_ERR("Encrypt data error");
205 return err;
206 }
207
208 /* res = res XOR p2 */
209 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210
211 /* res = e(k, res) */
212 err = smp_e(smp->tfm_aes, k, res);
213 if (err)
214 BT_ERR("Encrypt data error");
215
216 return err;
217 }
218
219 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
220 u8 _r[16])
221 {
222 struct hci_dev *hdev = smp->conn->hcon->hdev;
223 int err;
224
225 BT_DBG("%s", hdev->name);
226
227 /* Just least significant octets from r1 and r2 are considered */
228 memcpy(_r, r2, 8);
229 memcpy(_r + 8, r1, 8);
230
231 err = smp_e(smp->tfm_aes, k, _r);
232 if (err)
233 BT_ERR("Encrypt data error");
234
235 return err;
236 }
237
238 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
239 u16 dlen, void *data)
240 {
241 struct sk_buff *skb;
242 struct l2cap_hdr *lh;
243 int len;
244
245 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246
247 if (len > conn->mtu)
248 return NULL;
249
250 skb = bt_skb_alloc(len, GFP_ATOMIC);
251 if (!skb)
252 return NULL;
253
254 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
255 lh->len = cpu_to_le16(sizeof(code) + dlen);
256 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
257
258 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
259
260 memcpy(skb_put(skb, dlen), data, dlen);
261
262 return skb;
263 }
264
265 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
266 {
267 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
268
269 BT_DBG("code 0x%2.2x", code);
270
271 if (!skb)
272 return;
273
274 skb->priority = HCI_PRIO_MAX;
275 hci_send_acl(conn->hchan, skb, 0);
276
277 cancel_delayed_work_sync(&conn->security_timer);
278 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
279 }
280
281 static __u8 authreq_to_seclevel(__u8 authreq)
282 {
283 if (authreq & SMP_AUTH_MITM)
284 return BT_SECURITY_HIGH;
285 else
286 return BT_SECURITY_MEDIUM;
287 }
288
289 static __u8 seclevel_to_authreq(__u8 sec_level)
290 {
291 switch (sec_level) {
292 case BT_SECURITY_HIGH:
293 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
294 case BT_SECURITY_MEDIUM:
295 return SMP_AUTH_BONDING;
296 default:
297 return SMP_AUTH_NONE;
298 }
299 }
300
301 static void build_pairing_cmd(struct l2cap_conn *conn,
302 struct smp_cmd_pairing *req,
303 struct smp_cmd_pairing *rsp, __u8 authreq)
304 {
305 struct smp_chan *smp = conn->smp_chan;
306 struct hci_conn *hcon = conn->hcon;
307 struct hci_dev *hdev = hcon->hdev;
308 u8 local_dist = 0, remote_dist = 0;
309
310 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
313 authreq |= SMP_AUTH_BONDING;
314 } else {
315 authreq &= ~SMP_AUTH_BONDING;
316 }
317
318 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
319 remote_dist |= SMP_DIST_ID_KEY;
320
321 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
322 local_dist |= SMP_DIST_ID_KEY;
323
324 if (rsp == NULL) {
325 req->io_capability = conn->hcon->io_capability;
326 req->oob_flag = SMP_OOB_NOT_PRESENT;
327 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
328 req->init_key_dist = local_dist;
329 req->resp_key_dist = remote_dist;
330 req->auth_req = (authreq & AUTH_REQ_MASK);
331
332 smp->remote_key_dist = remote_dist;
333 return;
334 }
335
336 rsp->io_capability = conn->hcon->io_capability;
337 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
338 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 rsp->init_key_dist = req->init_key_dist & remote_dist;
340 rsp->resp_key_dist = req->resp_key_dist & local_dist;
341 rsp->auth_req = (authreq & AUTH_REQ_MASK);
342
343 smp->remote_key_dist = rsp->init_key_dist;
344 }
345
346 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
347 {
348 struct smp_chan *smp = conn->smp_chan;
349
350 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
351 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
352 return SMP_ENC_KEY_SIZE;
353
354 smp->enc_key_size = max_key_size;
355
356 return 0;
357 }
358
359 static void smp_failure(struct l2cap_conn *conn, u8 reason)
360 {
361 struct hci_conn *hcon = conn->hcon;
362
363 if (reason)
364 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
365 &reason);
366
367 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
368 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
369 HCI_ERROR_AUTH_FAILURE);
370
371 cancel_delayed_work_sync(&conn->security_timer);
372
373 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
374 smp_chan_destroy(conn);
375 }
376
377 #define JUST_WORKS 0x00
378 #define JUST_CFM 0x01
379 #define REQ_PASSKEY 0x02
380 #define CFM_PASSKEY 0x03
381 #define REQ_OOB 0x04
382 #define OVERLAP 0xFF
383
384 static const u8 gen_method[5][5] = {
385 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
386 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
387 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
388 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
389 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
390 };
391
392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
393 {
394 /* If either side has unknown io_caps, use JUST WORKS */
395 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
396 remote_io > SMP_IO_KEYBOARD_DISPLAY)
397 return JUST_WORKS;
398
399 return gen_method[remote_io][local_io];
400 }
401
402 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
403 u8 local_io, u8 remote_io)
404 {
405 struct hci_conn *hcon = conn->hcon;
406 struct smp_chan *smp = conn->smp_chan;
407 u8 method;
408 u32 passkey = 0;
409 int ret = 0;
410
411 /* Initialize key for JUST WORKS */
412 memset(smp->tk, 0, sizeof(smp->tk));
413 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
414
415 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
416
417 /* If neither side wants MITM, use JUST WORKS */
418 /* Otherwise, look up method from the table */
419 if (!(auth & SMP_AUTH_MITM))
420 method = JUST_WORKS;
421 else
422 method = get_auth_method(smp, local_io, remote_io);
423
424 /* If not bonding, don't ask user to confirm a Zero TK */
425 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
426 method = JUST_WORKS;
427
428 /* Don't confirm locally initiated pairing attempts */
429 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
430 method = JUST_WORKS;
431
432 /* If Just Works, Continue with Zero TK */
433 if (method == JUST_WORKS) {
434 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
435 return 0;
436 }
437
438 /* Not Just Works/Confirm results in MITM Authentication */
439 if (method != JUST_CFM)
440 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
441
442 /* If both devices have Keyoard-Display I/O, the master
443 * Confirms and the slave Enters the passkey.
444 */
445 if (method == OVERLAP) {
446 if (test_bit(HCI_CONN_MASTER, &hcon->flags))
447 method = CFM_PASSKEY;
448 else
449 method = REQ_PASSKEY;
450 }
451
452 /* Generate random passkey. */
453 if (method == CFM_PASSKEY) {
454 memset(smp->tk, 0, sizeof(smp->tk));
455 get_random_bytes(&passkey, sizeof(passkey));
456 passkey %= 1000000;
457 put_unaligned_le32(passkey, smp->tk);
458 BT_DBG("PassKey: %d", passkey);
459 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
460 }
461
462 hci_dev_lock(hcon->hdev);
463
464 if (method == REQ_PASSKEY)
465 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
466 hcon->type, hcon->dst_type);
467 else if (method == JUST_CFM)
468 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
469 hcon->type, hcon->dst_type,
470 passkey, 1);
471 else
472 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
473 hcon->type, hcon->dst_type,
474 passkey, 0);
475
476 hci_dev_unlock(hcon->hdev);
477
478 return ret;
479 }
480
481 static u8 smp_confirm(struct smp_chan *smp)
482 {
483 struct l2cap_conn *conn = smp->conn;
484 struct smp_cmd_pairing_confirm cp;
485 int ret;
486
487 BT_DBG("conn %p", conn);
488
489 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
490 conn->hcon->init_addr_type, &conn->hcon->init_addr,
491 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
492 cp.confirm_val);
493 if (ret)
494 return SMP_UNSPECIFIED;
495
496 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
497
498 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
499
500 return 0;
501 }
502
503 static u8 smp_random(struct smp_chan *smp)
504 {
505 struct l2cap_conn *conn = smp->conn;
506 struct hci_conn *hcon = conn->hcon;
507 u8 confirm[16];
508 int ret;
509
510 if (IS_ERR_OR_NULL(smp->tfm_aes))
511 return SMP_UNSPECIFIED;
512
513 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
514
515 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
516 hcon->init_addr_type, &hcon->init_addr,
517 hcon->resp_addr_type, &hcon->resp_addr, confirm);
518 if (ret)
519 return SMP_UNSPECIFIED;
520
521 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
522 BT_ERR("Pairing failed (confirmation values mismatch)");
523 return SMP_CONFIRM_FAILED;
524 }
525
526 if (hcon->out) {
527 u8 stk[16];
528 __le64 rand = 0;
529 __le16 ediv = 0;
530
531 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
532
533 memset(stk + smp->enc_key_size, 0,
534 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
535
536 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
537 return SMP_UNSPECIFIED;
538
539 hci_le_start_enc(hcon, ediv, rand, stk);
540 hcon->enc_key_size = smp->enc_key_size;
541 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
542 } else {
543 u8 stk[16], auth;
544 __le64 rand = 0;
545 __le16 ediv = 0;
546
547 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
548 smp->prnd);
549
550 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
551
552 memset(stk + smp->enc_key_size, 0,
553 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
554
555 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
556 auth = 1;
557 else
558 auth = 0;
559
560 /* Even though there's no _SLAVE suffix this is the
561 * slave STK we're adding for later lookup (the master
562 * STK never needs to be stored).
563 */
564 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
565 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
566 }
567
568 return 0;
569 }
570
571 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
572 {
573 struct smp_chan *smp;
574
575 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
576 if (!smp)
577 return NULL;
578
579 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
580 if (IS_ERR(smp->tfm_aes)) {
581 BT_ERR("Unable to create ECB crypto context");
582 kfree(smp);
583 return NULL;
584 }
585
586 smp->conn = conn;
587 conn->smp_chan = smp;
588
589 hci_conn_hold(conn->hcon);
590
591 return smp;
592 }
593
594 void smp_chan_destroy(struct l2cap_conn *conn)
595 {
596 struct smp_chan *smp = conn->smp_chan;
597 bool complete;
598
599 BUG_ON(!smp);
600
601 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
602 mgmt_smp_complete(conn->hcon, complete);
603
604 kfree(smp->csrk);
605 kfree(smp->slave_csrk);
606
607 crypto_free_blkcipher(smp->tfm_aes);
608
609 /* If pairing failed clean up any keys we might have */
610 if (!complete) {
611 if (smp->ltk) {
612 list_del(&smp->ltk->list);
613 kfree(smp->ltk);
614 }
615
616 if (smp->slave_ltk) {
617 list_del(&smp->slave_ltk->list);
618 kfree(smp->slave_ltk);
619 }
620
621 if (smp->remote_irk) {
622 list_del(&smp->remote_irk->list);
623 kfree(smp->remote_irk);
624 }
625 }
626
627 kfree(smp);
628 conn->smp_chan = NULL;
629 hci_conn_drop(conn->hcon);
630 }
631
632 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
633 {
634 struct l2cap_conn *conn = hcon->l2cap_data;
635 struct smp_chan *smp;
636 u32 value;
637
638 BT_DBG("");
639
640 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
641 return -ENOTCONN;
642
643 smp = conn->smp_chan;
644
645 switch (mgmt_op) {
646 case MGMT_OP_USER_PASSKEY_REPLY:
647 value = le32_to_cpu(passkey);
648 memset(smp->tk, 0, sizeof(smp->tk));
649 BT_DBG("PassKey: %d", value);
650 put_unaligned_le32(value, smp->tk);
651 /* Fall Through */
652 case MGMT_OP_USER_CONFIRM_REPLY:
653 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
654 break;
655 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
656 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
657 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
658 return 0;
659 default:
660 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
661 return -EOPNOTSUPP;
662 }
663
664 /* If it is our turn to send Pairing Confirm, do so now */
665 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
666 u8 rsp = smp_confirm(smp);
667 if (rsp)
668 smp_failure(conn, rsp);
669 }
670
671 return 0;
672 }
673
674 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
675 {
676 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
677 struct smp_chan *smp;
678 u8 key_size, auth, sec_level;
679 int ret;
680
681 BT_DBG("conn %p", conn);
682
683 if (skb->len < sizeof(*req))
684 return SMP_INVALID_PARAMS;
685
686 if (test_bit(HCI_CONN_MASTER, &conn->hcon->flags))
687 return SMP_CMD_NOTSUPP;
688
689 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
690 smp = smp_chan_create(conn);
691 else
692 smp = conn->smp_chan;
693
694 if (!smp)
695 return SMP_UNSPECIFIED;
696
697 smp->preq[0] = SMP_CMD_PAIRING_REQ;
698 memcpy(&smp->preq[1], req, sizeof(*req));
699 skb_pull(skb, sizeof(*req));
700
701 /* We didn't start the pairing, so match remote */
702 auth = req->auth_req;
703
704 sec_level = authreq_to_seclevel(auth);
705 if (sec_level > conn->hcon->pending_sec_level)
706 conn->hcon->pending_sec_level = sec_level;
707
708 /* If we need MITM check that it can be acheived */
709 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
710 u8 method;
711
712 method = get_auth_method(smp, conn->hcon->io_capability,
713 req->io_capability);
714 if (method == JUST_WORKS || method == JUST_CFM)
715 return SMP_AUTH_REQUIREMENTS;
716 }
717
718 build_pairing_cmd(conn, req, &rsp, auth);
719
720 key_size = min(req->max_key_size, rsp.max_key_size);
721 if (check_enc_key_size(conn, key_size))
722 return SMP_ENC_KEY_SIZE;
723
724 get_random_bytes(smp->prnd, sizeof(smp->prnd));
725
726 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
727 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
728
729 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
730
731 /* Request setup of TK */
732 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
733 if (ret)
734 return SMP_UNSPECIFIED;
735
736 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
737
738 return 0;
739 }
740
741 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
742 {
743 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
744 struct smp_chan *smp = conn->smp_chan;
745 u8 key_size, auth = SMP_AUTH_NONE;
746 int ret;
747
748 BT_DBG("conn %p", conn);
749
750 if (skb->len < sizeof(*rsp))
751 return SMP_INVALID_PARAMS;
752
753 if (!test_bit(HCI_CONN_MASTER, &conn->hcon->flags))
754 return SMP_CMD_NOTSUPP;
755
756 skb_pull(skb, sizeof(*rsp));
757
758 req = (void *) &smp->preq[1];
759
760 key_size = min(req->max_key_size, rsp->max_key_size);
761 if (check_enc_key_size(conn, key_size))
762 return SMP_ENC_KEY_SIZE;
763
764 /* If we need MITM check that it can be acheived */
765 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
766 u8 method;
767
768 method = get_auth_method(smp, req->io_capability,
769 rsp->io_capability);
770 if (method == JUST_WORKS || method == JUST_CFM)
771 return SMP_AUTH_REQUIREMENTS;
772 }
773
774 get_random_bytes(smp->prnd, sizeof(smp->prnd));
775
776 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
777 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
778
779 /* Update remote key distribution in case the remote cleared
780 * some bits that we had enabled in our request.
781 */
782 smp->remote_key_dist &= rsp->resp_key_dist;
783
784 if ((req->auth_req & SMP_AUTH_BONDING) &&
785 (rsp->auth_req & SMP_AUTH_BONDING))
786 auth = SMP_AUTH_BONDING;
787
788 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
789
790 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
791 if (ret)
792 return SMP_UNSPECIFIED;
793
794 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
795
796 /* Can't compose response until we have been confirmed */
797 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
798 return smp_confirm(smp);
799
800 return 0;
801 }
802
803 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
804 {
805 struct smp_chan *smp = conn->smp_chan;
806
807 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
808
809 if (skb->len < sizeof(smp->pcnf))
810 return SMP_INVALID_PARAMS;
811
812 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
813 skb_pull(skb, sizeof(smp->pcnf));
814
815 if (conn->hcon->out)
816 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
817 smp->prnd);
818 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
819 return smp_confirm(smp);
820 else
821 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
822
823 return 0;
824 }
825
826 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
827 {
828 struct smp_chan *smp = conn->smp_chan;
829
830 BT_DBG("conn %p", conn);
831
832 if (skb->len < sizeof(smp->rrnd))
833 return SMP_INVALID_PARAMS;
834
835 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
836 skb_pull(skb, sizeof(smp->rrnd));
837
838 return smp_random(smp);
839 }
840
841 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
842 {
843 struct smp_ltk *key;
844 struct hci_conn *hcon = conn->hcon;
845
846 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
847 hcon->out);
848 if (!key)
849 return false;
850
851 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
852 return false;
853
854 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
855 return true;
856
857 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
858 hcon->enc_key_size = key->enc_size;
859
860 /* We never store STKs for master role, so clear this flag */
861 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
862
863 return true;
864 }
865
866 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
867 {
868 if (sec_level == BT_SECURITY_LOW)
869 return true;
870
871 /* If we're encrypted with an STK always claim insufficient
872 * security. This way we allow the connection to be re-encrypted
873 * with an LTK, even if the LTK provides the same level of
874 * security.
875 */
876 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags))
877 return false;
878
879 if (hcon->sec_level >= sec_level)
880 return true;
881
882 return false;
883 }
884
885 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
886 {
887 struct smp_cmd_security_req *rp = (void *) skb->data;
888 struct smp_cmd_pairing cp;
889 struct hci_conn *hcon = conn->hcon;
890 struct smp_chan *smp;
891 u8 sec_level;
892
893 BT_DBG("conn %p", conn);
894
895 if (skb->len < sizeof(*rp))
896 return SMP_INVALID_PARAMS;
897
898 if (!test_bit(HCI_CONN_MASTER, &conn->hcon->flags))
899 return SMP_CMD_NOTSUPP;
900
901 sec_level = authreq_to_seclevel(rp->auth_req);
902 if (smp_sufficient_security(hcon, sec_level))
903 return 0;
904
905 if (sec_level > hcon->pending_sec_level)
906 hcon->pending_sec_level = sec_level;
907
908 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
909 return 0;
910
911 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
912 return 0;
913
914 smp = smp_chan_create(conn);
915 if (!smp)
916 return SMP_UNSPECIFIED;
917
918 skb_pull(skb, sizeof(*rp));
919
920 memset(&cp, 0, sizeof(cp));
921 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
922
923 smp->preq[0] = SMP_CMD_PAIRING_REQ;
924 memcpy(&smp->preq[1], &cp, sizeof(cp));
925
926 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
927
928 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
929
930 return 0;
931 }
932
933 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
934 {
935 struct l2cap_conn *conn = hcon->l2cap_data;
936 struct smp_chan *smp;
937 __u8 authreq;
938
939 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
940
941 /* This may be NULL if there's an unexpected disconnection */
942 if (!conn)
943 return 1;
944
945 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
946 return 1;
947
948 if (smp_sufficient_security(hcon, sec_level))
949 return 1;
950
951 if (sec_level > hcon->pending_sec_level)
952 hcon->pending_sec_level = sec_level;
953
954 if (test_bit(HCI_CONN_MASTER, &hcon->flags))
955 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
956 return 0;
957
958 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
959 return 0;
960
961 smp = smp_chan_create(conn);
962 if (!smp)
963 return 1;
964
965 authreq = seclevel_to_authreq(sec_level);
966
967 /* Require MITM if IO Capability allows or the security level
968 * requires it.
969 */
970 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
971 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
972 authreq |= SMP_AUTH_MITM;
973
974 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
975 struct smp_cmd_pairing cp;
976
977 build_pairing_cmd(conn, &cp, NULL, authreq);
978 smp->preq[0] = SMP_CMD_PAIRING_REQ;
979 memcpy(&smp->preq[1], &cp, sizeof(cp));
980
981 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
982 } else {
983 struct smp_cmd_security_req cp;
984 cp.auth_req = authreq;
985 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
986 }
987
988 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
989
990 return 0;
991 }
992
993 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
994 {
995 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
996 struct smp_chan *smp = conn->smp_chan;
997
998 BT_DBG("conn %p", conn);
999
1000 if (skb->len < sizeof(*rp))
1001 return SMP_INVALID_PARAMS;
1002
1003 /* Ignore this PDU if it wasn't requested */
1004 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1005 return 0;
1006
1007 skb_pull(skb, sizeof(*rp));
1008
1009 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1010
1011 return 0;
1012 }
1013
1014 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1015 {
1016 struct smp_cmd_master_ident *rp = (void *) skb->data;
1017 struct smp_chan *smp = conn->smp_chan;
1018 struct hci_dev *hdev = conn->hcon->hdev;
1019 struct hci_conn *hcon = conn->hcon;
1020 struct smp_ltk *ltk;
1021 u8 authenticated;
1022
1023 BT_DBG("conn %p", conn);
1024
1025 if (skb->len < sizeof(*rp))
1026 return SMP_INVALID_PARAMS;
1027
1028 /* Ignore this PDU if it wasn't requested */
1029 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1030 return 0;
1031
1032 /* Mark the information as received */
1033 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1034
1035 skb_pull(skb, sizeof(*rp));
1036
1037 hci_dev_lock(hdev);
1038 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1039 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1040 authenticated, smp->tk, smp->enc_key_size,
1041 rp->ediv, rp->rand);
1042 smp->ltk = ltk;
1043 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1044 smp_distribute_keys(conn);
1045 hci_dev_unlock(hdev);
1046
1047 return 0;
1048 }
1049
1050 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1051 {
1052 struct smp_cmd_ident_info *info = (void *) skb->data;
1053 struct smp_chan *smp = conn->smp_chan;
1054
1055 BT_DBG("");
1056
1057 if (skb->len < sizeof(*info))
1058 return SMP_INVALID_PARAMS;
1059
1060 /* Ignore this PDU if it wasn't requested */
1061 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1062 return 0;
1063
1064 skb_pull(skb, sizeof(*info));
1065
1066 memcpy(smp->irk, info->irk, 16);
1067
1068 return 0;
1069 }
1070
1071 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1072 struct sk_buff *skb)
1073 {
1074 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1075 struct smp_chan *smp = conn->smp_chan;
1076 struct hci_conn *hcon = conn->hcon;
1077 bdaddr_t rpa;
1078
1079 BT_DBG("");
1080
1081 if (skb->len < sizeof(*info))
1082 return SMP_INVALID_PARAMS;
1083
1084 /* Ignore this PDU if it wasn't requested */
1085 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1086 return 0;
1087
1088 /* Mark the information as received */
1089 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1090
1091 skb_pull(skb, sizeof(*info));
1092
1093 hci_dev_lock(hcon->hdev);
1094
1095 /* Strictly speaking the Core Specification (4.1) allows sending
1096 * an empty address which would force us to rely on just the IRK
1097 * as "identity information". However, since such
1098 * implementations are not known of and in order to not over
1099 * complicate our implementation, simply pretend that we never
1100 * received an IRK for such a device.
1101 */
1102 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1103 BT_ERR("Ignoring IRK with no identity address");
1104 goto distribute;
1105 }
1106
1107 bacpy(&smp->id_addr, &info->bdaddr);
1108 smp->id_addr_type = info->addr_type;
1109
1110 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1111 bacpy(&rpa, &hcon->dst);
1112 else
1113 bacpy(&rpa, BDADDR_ANY);
1114
1115 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1116 smp->id_addr_type, smp->irk, &rpa);
1117
1118 distribute:
1119 smp_distribute_keys(conn);
1120
1121 hci_dev_unlock(hcon->hdev);
1122
1123 return 0;
1124 }
1125
1126 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1127 {
1128 struct smp_cmd_sign_info *rp = (void *) skb->data;
1129 struct smp_chan *smp = conn->smp_chan;
1130 struct hci_dev *hdev = conn->hcon->hdev;
1131 struct smp_csrk *csrk;
1132
1133 BT_DBG("conn %p", conn);
1134
1135 if (skb->len < sizeof(*rp))
1136 return SMP_INVALID_PARAMS;
1137
1138 /* Ignore this PDU if it wasn't requested */
1139 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1140 return 0;
1141
1142 /* Mark the information as received */
1143 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1144
1145 skb_pull(skb, sizeof(*rp));
1146
1147 hci_dev_lock(hdev);
1148 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1149 if (csrk) {
1150 csrk->master = 0x01;
1151 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1152 }
1153 smp->csrk = csrk;
1154 if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1155 smp_distribute_keys(conn);
1156 hci_dev_unlock(hdev);
1157
1158 return 0;
1159 }
1160
1161 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1162 {
1163 struct hci_conn *hcon = conn->hcon;
1164 __u8 code, reason;
1165 int err = 0;
1166
1167 if (hcon->type != LE_LINK) {
1168 kfree_skb(skb);
1169 return 0;
1170 }
1171
1172 if (skb->len < 1) {
1173 kfree_skb(skb);
1174 return -EILSEQ;
1175 }
1176
1177 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1178 err = -ENOTSUPP;
1179 reason = SMP_PAIRING_NOTSUPP;
1180 goto done;
1181 }
1182
1183 code = skb->data[0];
1184 skb_pull(skb, sizeof(code));
1185
1186 /*
1187 * The SMP context must be initialized for all other PDUs except
1188 * pairing and security requests. If we get any other PDU when
1189 * not initialized simply disconnect (done if this function
1190 * returns an error).
1191 */
1192 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1193 !conn->smp_chan) {
1194 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1195 kfree_skb(skb);
1196 return -ENOTSUPP;
1197 }
1198
1199 switch (code) {
1200 case SMP_CMD_PAIRING_REQ:
1201 reason = smp_cmd_pairing_req(conn, skb);
1202 break;
1203
1204 case SMP_CMD_PAIRING_FAIL:
1205 smp_failure(conn, 0);
1206 reason = 0;
1207 err = -EPERM;
1208 break;
1209
1210 case SMP_CMD_PAIRING_RSP:
1211 reason = smp_cmd_pairing_rsp(conn, skb);
1212 break;
1213
1214 case SMP_CMD_SECURITY_REQ:
1215 reason = smp_cmd_security_req(conn, skb);
1216 break;
1217
1218 case SMP_CMD_PAIRING_CONFIRM:
1219 reason = smp_cmd_pairing_confirm(conn, skb);
1220 break;
1221
1222 case SMP_CMD_PAIRING_RANDOM:
1223 reason = smp_cmd_pairing_random(conn, skb);
1224 break;
1225
1226 case SMP_CMD_ENCRYPT_INFO:
1227 reason = smp_cmd_encrypt_info(conn, skb);
1228 break;
1229
1230 case SMP_CMD_MASTER_IDENT:
1231 reason = smp_cmd_master_ident(conn, skb);
1232 break;
1233
1234 case SMP_CMD_IDENT_INFO:
1235 reason = smp_cmd_ident_info(conn, skb);
1236 break;
1237
1238 case SMP_CMD_IDENT_ADDR_INFO:
1239 reason = smp_cmd_ident_addr_info(conn, skb);
1240 break;
1241
1242 case SMP_CMD_SIGN_INFO:
1243 reason = smp_cmd_sign_info(conn, skb);
1244 break;
1245
1246 default:
1247 BT_DBG("Unknown command code 0x%2.2x", code);
1248
1249 reason = SMP_CMD_NOTSUPP;
1250 err = -EOPNOTSUPP;
1251 goto done;
1252 }
1253
1254 done:
1255 if (reason)
1256 smp_failure(conn, reason);
1257
1258 kfree_skb(skb);
1259 return err;
1260 }
1261
1262 static void smp_notify_keys(struct l2cap_conn *conn)
1263 {
1264 struct smp_chan *smp = conn->smp_chan;
1265 struct hci_conn *hcon = conn->hcon;
1266 struct hci_dev *hdev = hcon->hdev;
1267 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1268 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1269 bool persistent;
1270
1271 if (smp->remote_irk) {
1272 mgmt_new_irk(hdev, smp->remote_irk);
1273 /* Now that user space can be considered to know the
1274 * identity address track the connection based on it
1275 * from now on.
1276 */
1277 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1278 hcon->dst_type = smp->remote_irk->addr_type;
1279 l2cap_conn_update_id_addr(hcon);
1280 }
1281
1282 /* The LTKs and CSRKs should be persistent only if both sides
1283 * had the bonding bit set in their authentication requests.
1284 */
1285 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1286
1287 if (smp->csrk) {
1288 smp->csrk->bdaddr_type = hcon->dst_type;
1289 bacpy(&smp->csrk->bdaddr, &hcon->dst);
1290 mgmt_new_csrk(hdev, smp->csrk, persistent);
1291 }
1292
1293 if (smp->slave_csrk) {
1294 smp->slave_csrk->bdaddr_type = hcon->dst_type;
1295 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1296 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1297 }
1298
1299 if (smp->ltk) {
1300 smp->ltk->bdaddr_type = hcon->dst_type;
1301 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1302 mgmt_new_ltk(hdev, smp->ltk, persistent);
1303 }
1304
1305 if (smp->slave_ltk) {
1306 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1307 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1308 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1309 }
1310 }
1311
1312 int smp_distribute_keys(struct l2cap_conn *conn)
1313 {
1314 struct smp_cmd_pairing *req, *rsp;
1315 struct smp_chan *smp = conn->smp_chan;
1316 struct hci_conn *hcon = conn->hcon;
1317 struct hci_dev *hdev = hcon->hdev;
1318 __u8 *keydist;
1319
1320 BT_DBG("conn %p", conn);
1321
1322 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1323 return 0;
1324
1325 rsp = (void *) &smp->prsp[1];
1326
1327 /* The responder sends its keys first */
1328 if (hcon->out && (smp->remote_key_dist & 0x07))
1329 return 0;
1330
1331 req = (void *) &smp->preq[1];
1332
1333 if (hcon->out) {
1334 keydist = &rsp->init_key_dist;
1335 *keydist &= req->init_key_dist;
1336 } else {
1337 keydist = &rsp->resp_key_dist;
1338 *keydist &= req->resp_key_dist;
1339 }
1340
1341 BT_DBG("keydist 0x%x", *keydist);
1342
1343 if (*keydist & SMP_DIST_ENC_KEY) {
1344 struct smp_cmd_encrypt_info enc;
1345 struct smp_cmd_master_ident ident;
1346 struct smp_ltk *ltk;
1347 u8 authenticated;
1348 __le16 ediv;
1349 __le64 rand;
1350
1351 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1352 get_random_bytes(&ediv, sizeof(ediv));
1353 get_random_bytes(&rand, sizeof(rand));
1354
1355 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1356
1357 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1358 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1359 SMP_LTK_SLAVE, authenticated, enc.ltk,
1360 smp->enc_key_size, ediv, rand);
1361 smp->slave_ltk = ltk;
1362
1363 ident.ediv = ediv;
1364 ident.rand = rand;
1365
1366 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1367
1368 *keydist &= ~SMP_DIST_ENC_KEY;
1369 }
1370
1371 if (*keydist & SMP_DIST_ID_KEY) {
1372 struct smp_cmd_ident_addr_info addrinfo;
1373 struct smp_cmd_ident_info idinfo;
1374
1375 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1376
1377 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1378
1379 /* The hci_conn contains the local identity address
1380 * after the connection has been established.
1381 *
1382 * This is true even when the connection has been
1383 * established using a resolvable random address.
1384 */
1385 bacpy(&addrinfo.bdaddr, &hcon->src);
1386 addrinfo.addr_type = hcon->src_type;
1387
1388 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1389 &addrinfo);
1390
1391 *keydist &= ~SMP_DIST_ID_KEY;
1392 }
1393
1394 if (*keydist & SMP_DIST_SIGN) {
1395 struct smp_cmd_sign_info sign;
1396 struct smp_csrk *csrk;
1397
1398 /* Generate a new random key */
1399 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1400
1401 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1402 if (csrk) {
1403 csrk->master = 0x00;
1404 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1405 }
1406 smp->slave_csrk = csrk;
1407
1408 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1409
1410 *keydist &= ~SMP_DIST_SIGN;
1411 }
1412
1413 /* If there are still keys to be received wait for them */
1414 if ((smp->remote_key_dist & 0x07))
1415 return 0;
1416
1417 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1418 cancel_delayed_work_sync(&conn->security_timer);
1419 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1420 smp_notify_keys(conn);
1421
1422 smp_chan_destroy(conn);
1423
1424 return 0;
1425 }
ubuntu-bionic-kernel mirror