2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
40 #define KEY_DIST_MASK 0x07
52 struct l2cap_conn
*conn
;
53 struct delayed_work security_timer
;
54 unsigned long allow_cmd
; /* Bitmask of allowed commands */
56 u8 preq
[7]; /* SMP Pairing Request */
57 u8 prsp
[7]; /* SMP Pairing Response */
58 u8 prnd
[16]; /* SMP Pairing Random (local) */
59 u8 rrnd
[16]; /* SMP Pairing Random (remote) */
60 u8 pcnf
[16]; /* SMP Pairing Confirm */
61 u8 tk
[16]; /* SMP Temporary Key */
67 struct smp_csrk
*csrk
;
68 struct smp_csrk
*slave_csrk
;
70 struct smp_ltk
*slave_ltk
;
71 struct smp_irk
*remote_irk
;
74 struct crypto_blkcipher
*tfm_aes
;
77 static inline void swap_buf(const u8
*src
, u8
*dst
, size_t len
)
81 for (i
= 0; i
< len
; i
++)
82 dst
[len
- 1 - i
] = src
[i
];
85 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
87 struct blkcipher_desc desc
;
88 struct scatterlist sg
;
89 uint8_t tmp
[16], data
[16];
93 BT_ERR("tfm %p", tfm
);
100 /* The most significant octet of key corresponds to k[0] */
101 swap_buf(k
, tmp
, 16);
103 err
= crypto_blkcipher_setkey(tfm
, tmp
, 16);
105 BT_ERR("cipher setkey failed: %d", err
);
109 /* Most significant octet of plaintextData corresponds to data[0] */
110 swap_buf(r
, data
, 16);
112 sg_init_one(&sg
, data
, 16);
114 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
116 BT_ERR("Encrypt data error %d", err
);
118 /* Most significant octet of encryptedData corresponds to data[0] */
119 swap_buf(data
, r
, 16);
124 static int smp_ah(struct crypto_blkcipher
*tfm
, u8 irk
[16], u8 r
[3], u8 res
[3])
129 /* r' = padding || r */
131 memset(_res
+ 3, 0, 13);
133 err
= smp_e(tfm
, irk
, _res
);
135 BT_ERR("Encrypt error");
139 /* The output of the random address function ah is:
140 * ah(h, r) = e(k, r') mod 2^24
141 * The output of the security function e is then truncated to 24 bits
142 * by taking the least significant 24 bits of the output of e as the
145 memcpy(res
, _res
, 3);
150 bool smp_irk_matches(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*bdaddr
)
152 struct l2cap_chan
*chan
= hdev
->smp_data
;
153 struct crypto_blkcipher
*tfm
;
157 if (!chan
|| !chan
->data
)
162 BT_DBG("RPA %pMR IRK %*phN", bdaddr
, 16, irk
);
164 err
= smp_ah(tfm
, irk
, &bdaddr
->b
[3], hash
);
168 return !memcmp(bdaddr
->b
, hash
, 3);
171 int smp_generate_rpa(struct hci_dev
*hdev
, u8 irk
[16], bdaddr_t
*rpa
)
173 struct l2cap_chan
*chan
= hdev
->smp_data
;
174 struct crypto_blkcipher
*tfm
;
177 if (!chan
|| !chan
->data
)
182 get_random_bytes(&rpa
->b
[3], 3);
184 rpa
->b
[5] &= 0x3f; /* Clear two most significant bits */
185 rpa
->b
[5] |= 0x40; /* Set second most significant bit */
187 err
= smp_ah(tfm
, irk
, &rpa
->b
[3], rpa
->b
);
191 BT_DBG("RPA %pMR", rpa
);
196 static int smp_c1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r
[16],
197 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
, u8 _rat
,
198 bdaddr_t
*ra
, u8 res
[16])
205 /* p1 = pres || preq || _rat || _iat */
208 memcpy(p1
+ 2, preq
, 7);
209 memcpy(p1
+ 9, pres
, 7);
211 /* p2 = padding || ia || ra */
213 memcpy(p2
+ 6, ia
, 6);
214 memset(p2
+ 12, 0, 4);
217 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
219 /* res = e(k, res) */
220 err
= smp_e(tfm_aes
, k
, res
);
222 BT_ERR("Encrypt data error");
226 /* res = res XOR p2 */
227 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
229 /* res = e(k, res) */
230 err
= smp_e(tfm_aes
, k
, res
);
232 BT_ERR("Encrypt data error");
237 static int smp_s1(struct crypto_blkcipher
*tfm_aes
, u8 k
[16], u8 r1
[16],
238 u8 r2
[16], u8 _r
[16])
242 /* Just least significant octets from r1 and r2 are considered */
244 memcpy(_r
+ 8, r1
, 8);
246 err
= smp_e(tfm_aes
, k
, _r
);
248 BT_ERR("Encrypt data error");
253 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
255 struct l2cap_chan
*chan
= conn
->smp
;
256 struct smp_chan
*smp
;
263 BT_DBG("code 0x%2.2x", code
);
265 iv
[0].iov_base
= &code
;
268 iv
[1].iov_base
= data
;
271 memset(&msg
, 0, sizeof(msg
));
273 msg
.msg_iov
= (struct iovec
*) &iv
;
276 l2cap_chan_send(chan
, &msg
, 1 + len
);
283 cancel_delayed_work_sync(&smp
->security_timer
);
284 schedule_delayed_work(&smp
->security_timer
, SMP_TIMEOUT
);
287 static u8
authreq_to_seclevel(u8 authreq
)
289 if (authreq
& SMP_AUTH_MITM
) {
290 if (authreq
& SMP_AUTH_SC
)
291 return BT_SECURITY_FIPS
;
293 return BT_SECURITY_HIGH
;
295 return BT_SECURITY_MEDIUM
;
299 static __u8
seclevel_to_authreq(__u8 sec_level
)
302 case BT_SECURITY_FIPS
:
303 case BT_SECURITY_HIGH
:
304 return SMP_AUTH_MITM
| SMP_AUTH_BONDING
;
305 case BT_SECURITY_MEDIUM
:
306 return SMP_AUTH_BONDING
;
308 return SMP_AUTH_NONE
;
312 static void build_pairing_cmd(struct l2cap_conn
*conn
,
313 struct smp_cmd_pairing
*req
,
314 struct smp_cmd_pairing
*rsp
, __u8 authreq
)
316 struct l2cap_chan
*chan
= conn
->smp
;
317 struct smp_chan
*smp
= chan
->data
;
318 struct hci_conn
*hcon
= conn
->hcon
;
319 struct hci_dev
*hdev
= hcon
->hdev
;
320 u8 local_dist
= 0, remote_dist
= 0;
322 if (test_bit(HCI_BONDABLE
, &conn
->hcon
->hdev
->dev_flags
)) {
323 local_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
324 remote_dist
= SMP_DIST_ENC_KEY
| SMP_DIST_SIGN
;
325 authreq
|= SMP_AUTH_BONDING
;
327 authreq
&= ~SMP_AUTH_BONDING
;
330 if (test_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
))
331 remote_dist
|= SMP_DIST_ID_KEY
;
333 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
334 local_dist
|= SMP_DIST_ID_KEY
;
337 req
->io_capability
= conn
->hcon
->io_capability
;
338 req
->oob_flag
= SMP_OOB_NOT_PRESENT
;
339 req
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
340 req
->init_key_dist
= local_dist
;
341 req
->resp_key_dist
= remote_dist
;
342 req
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
344 smp
->remote_key_dist
= remote_dist
;
348 rsp
->io_capability
= conn
->hcon
->io_capability
;
349 rsp
->oob_flag
= SMP_OOB_NOT_PRESENT
;
350 rsp
->max_key_size
= SMP_MAX_ENC_KEY_SIZE
;
351 rsp
->init_key_dist
= req
->init_key_dist
& remote_dist
;
352 rsp
->resp_key_dist
= req
->resp_key_dist
& local_dist
;
353 rsp
->auth_req
= (authreq
& AUTH_REQ_MASK(hdev
));
355 smp
->remote_key_dist
= rsp
->init_key_dist
;
358 static u8
check_enc_key_size(struct l2cap_conn
*conn
, __u8 max_key_size
)
360 struct l2cap_chan
*chan
= conn
->smp
;
361 struct smp_chan
*smp
= chan
->data
;
363 if ((max_key_size
> SMP_MAX_ENC_KEY_SIZE
) ||
364 (max_key_size
< SMP_MIN_ENC_KEY_SIZE
))
365 return SMP_ENC_KEY_SIZE
;
367 smp
->enc_key_size
= max_key_size
;
372 static void smp_chan_destroy(struct l2cap_conn
*conn
)
374 struct l2cap_chan
*chan
= conn
->smp
;
375 struct smp_chan
*smp
= chan
->data
;
380 cancel_delayed_work_sync(&smp
->security_timer
);
382 complete
= test_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
383 mgmt_smp_complete(conn
->hcon
, complete
);
386 kfree(smp
->slave_csrk
);
388 crypto_free_blkcipher(smp
->tfm_aes
);
390 /* If pairing failed clean up any keys we might have */
393 list_del_rcu(&smp
->ltk
->list
);
394 kfree_rcu(smp
->ltk
, rcu
);
397 if (smp
->slave_ltk
) {
398 list_del_rcu(&smp
->slave_ltk
->list
);
399 kfree_rcu(smp
->slave_ltk
, rcu
);
402 if (smp
->remote_irk
) {
403 list_del_rcu(&smp
->remote_irk
->list
);
404 kfree_rcu(smp
->remote_irk
, rcu
);
410 hci_conn_drop(conn
->hcon
);
413 static void smp_failure(struct l2cap_conn
*conn
, u8 reason
)
415 struct hci_conn
*hcon
= conn
->hcon
;
416 struct l2cap_chan
*chan
= conn
->smp
;
419 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),
422 clear_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
);
423 mgmt_auth_failed(hcon
, HCI_ERROR_AUTH_FAILURE
);
426 smp_chan_destroy(conn
);
429 #define JUST_WORKS 0x00
430 #define JUST_CFM 0x01
431 #define REQ_PASSKEY 0x02
432 #define CFM_PASSKEY 0x03
436 static const u8 gen_method
[5][5] = {
437 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
438 { JUST_WORKS
, JUST_CFM
, REQ_PASSKEY
, JUST_WORKS
, REQ_PASSKEY
},
439 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, CFM_PASSKEY
},
440 { JUST_WORKS
, JUST_CFM
, JUST_WORKS
, JUST_WORKS
, JUST_CFM
},
441 { CFM_PASSKEY
, CFM_PASSKEY
, REQ_PASSKEY
, JUST_WORKS
, OVERLAP
},
444 static u8
get_auth_method(struct smp_chan
*smp
, u8 local_io
, u8 remote_io
)
446 /* If either side has unknown io_caps, use JUST_CFM (which gets
447 * converted later to JUST_WORKS if we're initiators.
449 if (local_io
> SMP_IO_KEYBOARD_DISPLAY
||
450 remote_io
> SMP_IO_KEYBOARD_DISPLAY
)
453 return gen_method
[remote_io
][local_io
];
456 static int tk_request(struct l2cap_conn
*conn
, u8 remote_oob
, u8 auth
,
457 u8 local_io
, u8 remote_io
)
459 struct hci_conn
*hcon
= conn
->hcon
;
460 struct l2cap_chan
*chan
= conn
->smp
;
461 struct smp_chan
*smp
= chan
->data
;
466 /* Initialize key for JUST WORKS */
467 memset(smp
->tk
, 0, sizeof(smp
->tk
));
468 clear_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
470 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth
, local_io
, remote_io
);
472 /* If neither side wants MITM, either "just" confirm an incoming
473 * request or use just-works for outgoing ones. The JUST_CFM
474 * will be converted to JUST_WORKS if necessary later in this
475 * function. If either side has MITM look up the method from the
478 if (!(auth
& SMP_AUTH_MITM
))
481 method
= get_auth_method(smp
, local_io
, remote_io
);
483 /* Don't confirm locally initiated pairing attempts */
484 if (method
== JUST_CFM
&& test_bit(SMP_FLAG_INITIATOR
, &smp
->flags
))
487 /* Don't bother user space with no IO capabilities */
488 if (method
== JUST_CFM
&& hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
491 /* If Just Works, Continue with Zero TK */
492 if (method
== JUST_WORKS
) {
493 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
497 /* Not Just Works/Confirm results in MITM Authentication */
498 if (method
!= JUST_CFM
) {
499 set_bit(SMP_FLAG_MITM_AUTH
, &smp
->flags
);
500 if (hcon
->pending_sec_level
< BT_SECURITY_HIGH
)
501 hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
504 /* If both devices have Keyoard-Display I/O, the master
505 * Confirms and the slave Enters the passkey.
507 if (method
== OVERLAP
) {
508 if (hcon
->role
== HCI_ROLE_MASTER
)
509 method
= CFM_PASSKEY
;
511 method
= REQ_PASSKEY
;
514 /* Generate random passkey. */
515 if (method
== CFM_PASSKEY
) {
516 memset(smp
->tk
, 0, sizeof(smp
->tk
));
517 get_random_bytes(&passkey
, sizeof(passkey
));
519 put_unaligned_le32(passkey
, smp
->tk
);
520 BT_DBG("PassKey: %d", passkey
);
521 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
524 if (method
== REQ_PASSKEY
)
525 ret
= mgmt_user_passkey_request(hcon
->hdev
, &hcon
->dst
,
526 hcon
->type
, hcon
->dst_type
);
527 else if (method
== JUST_CFM
)
528 ret
= mgmt_user_confirm_request(hcon
->hdev
, &hcon
->dst
,
529 hcon
->type
, hcon
->dst_type
,
532 ret
= mgmt_user_passkey_notify(hcon
->hdev
, &hcon
->dst
,
533 hcon
->type
, hcon
->dst_type
,
539 static u8
smp_confirm(struct smp_chan
*smp
)
541 struct l2cap_conn
*conn
= smp
->conn
;
542 struct smp_cmd_pairing_confirm cp
;
545 BT_DBG("conn %p", conn
);
547 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->preq
, smp
->prsp
,
548 conn
->hcon
->init_addr_type
, &conn
->hcon
->init_addr
,
549 conn
->hcon
->resp_addr_type
, &conn
->hcon
->resp_addr
,
552 return SMP_UNSPECIFIED
;
554 clear_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
556 smp_send_cmd(smp
->conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
559 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
561 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
566 static u8
smp_random(struct smp_chan
*smp
)
568 struct l2cap_conn
*conn
= smp
->conn
;
569 struct hci_conn
*hcon
= conn
->hcon
;
573 if (IS_ERR_OR_NULL(smp
->tfm_aes
))
574 return SMP_UNSPECIFIED
;
576 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
578 ret
= smp_c1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->preq
, smp
->prsp
,
579 hcon
->init_addr_type
, &hcon
->init_addr
,
580 hcon
->resp_addr_type
, &hcon
->resp_addr
, confirm
);
582 return SMP_UNSPECIFIED
;
584 if (memcmp(smp
->pcnf
, confirm
, sizeof(smp
->pcnf
)) != 0) {
585 BT_ERR("Pairing failed (confirmation values mismatch)");
586 return SMP_CONFIRM_FAILED
;
594 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->rrnd
, smp
->prnd
, stk
);
596 memset(stk
+ smp
->enc_key_size
, 0,
597 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
599 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
600 return SMP_UNSPECIFIED
;
602 hci_le_start_enc(hcon
, ediv
, rand
, stk
);
603 hcon
->enc_key_size
= smp
->enc_key_size
;
604 set_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
610 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
613 smp_s1(smp
->tfm_aes
, smp
->tk
, smp
->prnd
, smp
->rrnd
, stk
);
615 memset(stk
+ smp
->enc_key_size
, 0,
616 SMP_MAX_ENC_KEY_SIZE
- smp
->enc_key_size
);
618 if (hcon
->pending_sec_level
== BT_SECURITY_HIGH
)
623 /* Even though there's no _SLAVE suffix this is the
624 * slave STK we're adding for later lookup (the master
625 * STK never needs to be stored).
627 hci_add_ltk(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
628 SMP_STK
, auth
, stk
, smp
->enc_key_size
, ediv
, rand
);
634 static void smp_notify_keys(struct l2cap_conn
*conn
)
636 struct l2cap_chan
*chan
= conn
->smp
;
637 struct smp_chan
*smp
= chan
->data
;
638 struct hci_conn
*hcon
= conn
->hcon
;
639 struct hci_dev
*hdev
= hcon
->hdev
;
640 struct smp_cmd_pairing
*req
= (void *) &smp
->preq
[1];
641 struct smp_cmd_pairing
*rsp
= (void *) &smp
->prsp
[1];
644 if (smp
->remote_irk
) {
645 mgmt_new_irk(hdev
, smp
->remote_irk
);
646 /* Now that user space can be considered to know the
647 * identity address track the connection based on it
650 bacpy(&hcon
->dst
, &smp
->remote_irk
->bdaddr
);
651 hcon
->dst_type
= smp
->remote_irk
->addr_type
;
652 queue_work(hdev
->workqueue
, &conn
->id_addr_update_work
);
654 /* When receiving an indentity resolving key for
655 * a remote device that does not use a resolvable
656 * private address, just remove the key so that
657 * it is possible to use the controller white
660 * Userspace will have been told to not store
661 * this key at this point. So it is safe to
664 if (!bacmp(&smp
->remote_irk
->rpa
, BDADDR_ANY
)) {
665 list_del_rcu(&smp
->remote_irk
->list
);
666 kfree_rcu(smp
->remote_irk
, rcu
);
667 smp
->remote_irk
= NULL
;
671 /* The LTKs and CSRKs should be persistent only if both sides
672 * had the bonding bit set in their authentication requests.
674 persistent
= !!((req
->auth_req
& rsp
->auth_req
) & SMP_AUTH_BONDING
);
677 smp
->csrk
->bdaddr_type
= hcon
->dst_type
;
678 bacpy(&smp
->csrk
->bdaddr
, &hcon
->dst
);
679 mgmt_new_csrk(hdev
, smp
->csrk
, persistent
);
682 if (smp
->slave_csrk
) {
683 smp
->slave_csrk
->bdaddr_type
= hcon
->dst_type
;
684 bacpy(&smp
->slave_csrk
->bdaddr
, &hcon
->dst
);
685 mgmt_new_csrk(hdev
, smp
->slave_csrk
, persistent
);
689 smp
->ltk
->bdaddr_type
= hcon
->dst_type
;
690 bacpy(&smp
->ltk
->bdaddr
, &hcon
->dst
);
691 mgmt_new_ltk(hdev
, smp
->ltk
, persistent
);
694 if (smp
->slave_ltk
) {
695 smp
->slave_ltk
->bdaddr_type
= hcon
->dst_type
;
696 bacpy(&smp
->slave_ltk
->bdaddr
, &hcon
->dst
);
697 mgmt_new_ltk(hdev
, smp
->slave_ltk
, persistent
);
701 static void smp_allow_key_dist(struct smp_chan
*smp
)
703 /* Allow the first expected phase 3 PDU. The rest of the PDUs
704 * will be allowed in each PDU handler to ensure we receive
705 * them in the correct order.
707 if (smp
->remote_key_dist
& SMP_DIST_ENC_KEY
)
708 SMP_ALLOW_CMD(smp
, SMP_CMD_ENCRYPT_INFO
);
709 else if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
710 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
711 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
712 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
715 static void smp_distribute_keys(struct smp_chan
*smp
)
717 struct smp_cmd_pairing
*req
, *rsp
;
718 struct l2cap_conn
*conn
= smp
->conn
;
719 struct hci_conn
*hcon
= conn
->hcon
;
720 struct hci_dev
*hdev
= hcon
->hdev
;
723 BT_DBG("conn %p", conn
);
725 rsp
= (void *) &smp
->prsp
[1];
727 /* The responder sends its keys first */
728 if (hcon
->out
&& (smp
->remote_key_dist
& KEY_DIST_MASK
)) {
729 smp_allow_key_dist(smp
);
733 req
= (void *) &smp
->preq
[1];
736 keydist
= &rsp
->init_key_dist
;
737 *keydist
&= req
->init_key_dist
;
739 keydist
= &rsp
->resp_key_dist
;
740 *keydist
&= req
->resp_key_dist
;
743 BT_DBG("keydist 0x%x", *keydist
);
745 if (*keydist
& SMP_DIST_ENC_KEY
) {
746 struct smp_cmd_encrypt_info enc
;
747 struct smp_cmd_master_ident ident
;
753 get_random_bytes(enc
.ltk
, sizeof(enc
.ltk
));
754 get_random_bytes(&ediv
, sizeof(ediv
));
755 get_random_bytes(&rand
, sizeof(rand
));
757 smp_send_cmd(conn
, SMP_CMD_ENCRYPT_INFO
, sizeof(enc
), &enc
);
759 authenticated
= hcon
->sec_level
== BT_SECURITY_HIGH
;
760 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
,
761 SMP_LTK_SLAVE
, authenticated
, enc
.ltk
,
762 smp
->enc_key_size
, ediv
, rand
);
763 smp
->slave_ltk
= ltk
;
768 smp_send_cmd(conn
, SMP_CMD_MASTER_IDENT
, sizeof(ident
), &ident
);
770 *keydist
&= ~SMP_DIST_ENC_KEY
;
773 if (*keydist
& SMP_DIST_ID_KEY
) {
774 struct smp_cmd_ident_addr_info addrinfo
;
775 struct smp_cmd_ident_info idinfo
;
777 memcpy(idinfo
.irk
, hdev
->irk
, sizeof(idinfo
.irk
));
779 smp_send_cmd(conn
, SMP_CMD_IDENT_INFO
, sizeof(idinfo
), &idinfo
);
781 /* The hci_conn contains the local identity address
782 * after the connection has been established.
784 * This is true even when the connection has been
785 * established using a resolvable random address.
787 bacpy(&addrinfo
.bdaddr
, &hcon
->src
);
788 addrinfo
.addr_type
= hcon
->src_type
;
790 smp_send_cmd(conn
, SMP_CMD_IDENT_ADDR_INFO
, sizeof(addrinfo
),
793 *keydist
&= ~SMP_DIST_ID_KEY
;
796 if (*keydist
& SMP_DIST_SIGN
) {
797 struct smp_cmd_sign_info sign
;
798 struct smp_csrk
*csrk
;
800 /* Generate a new random key */
801 get_random_bytes(sign
.csrk
, sizeof(sign
.csrk
));
803 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
806 memcpy(csrk
->val
, sign
.csrk
, sizeof(csrk
->val
));
808 smp
->slave_csrk
= csrk
;
810 smp_send_cmd(conn
, SMP_CMD_SIGN_INFO
, sizeof(sign
), &sign
);
812 *keydist
&= ~SMP_DIST_SIGN
;
815 /* If there are still keys to be received wait for them */
816 if (smp
->remote_key_dist
& KEY_DIST_MASK
) {
817 smp_allow_key_dist(smp
);
821 set_bit(SMP_FLAG_COMPLETE
, &smp
->flags
);
822 smp_notify_keys(conn
);
824 smp_chan_destroy(conn
);
827 static void smp_timeout(struct work_struct
*work
)
829 struct smp_chan
*smp
= container_of(work
, struct smp_chan
,
830 security_timer
.work
);
831 struct l2cap_conn
*conn
= smp
->conn
;
833 BT_DBG("conn %p", conn
);
835 hci_disconnect(conn
->hcon
, HCI_ERROR_REMOTE_USER_TERM
);
838 static struct smp_chan
*smp_chan_create(struct l2cap_conn
*conn
)
840 struct l2cap_chan
*chan
= conn
->smp
;
841 struct smp_chan
*smp
;
843 smp
= kzalloc(sizeof(*smp
), GFP_ATOMIC
);
847 smp
->tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC
);
848 if (IS_ERR(smp
->tfm_aes
)) {
849 BT_ERR("Unable to create ECB crypto context");
857 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_FAIL
);
859 INIT_DELAYED_WORK(&smp
->security_timer
, smp_timeout
);
861 hci_conn_hold(conn
->hcon
);
866 int smp_user_confirm_reply(struct hci_conn
*hcon
, u16 mgmt_op
, __le32 passkey
)
868 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
869 struct l2cap_chan
*chan
;
870 struct smp_chan
*smp
;
883 l2cap_chan_lock(chan
);
892 case MGMT_OP_USER_PASSKEY_REPLY
:
893 value
= le32_to_cpu(passkey
);
894 memset(smp
->tk
, 0, sizeof(smp
->tk
));
895 BT_DBG("PassKey: %d", value
);
896 put_unaligned_le32(value
, smp
->tk
);
898 case MGMT_OP_USER_CONFIRM_REPLY
:
899 set_bit(SMP_FLAG_TK_VALID
, &smp
->flags
);
901 case MGMT_OP_USER_PASSKEY_NEG_REPLY
:
902 case MGMT_OP_USER_CONFIRM_NEG_REPLY
:
903 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
907 smp_failure(conn
, SMP_PASSKEY_ENTRY_FAILED
);
914 /* If it is our turn to send Pairing Confirm, do so now */
915 if (test_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
)) {
916 u8 rsp
= smp_confirm(smp
);
918 smp_failure(conn
, rsp
);
922 l2cap_chan_unlock(chan
);
926 static u8
smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
928 struct smp_cmd_pairing rsp
, *req
= (void *) skb
->data
;
929 struct l2cap_chan
*chan
= conn
->smp
;
930 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
931 struct smp_chan
*smp
;
932 u8 key_size
, auth
, sec_level
;
935 BT_DBG("conn %p", conn
);
937 if (skb
->len
< sizeof(*req
))
938 return SMP_INVALID_PARAMS
;
940 if (conn
->hcon
->role
!= HCI_ROLE_SLAVE
)
941 return SMP_CMD_NOTSUPP
;
944 smp
= smp_chan_create(conn
);
949 return SMP_UNSPECIFIED
;
951 /* We didn't start the pairing, so match remote */
952 auth
= req
->auth_req
& AUTH_REQ_MASK(hdev
);
954 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
955 (auth
& SMP_AUTH_BONDING
))
956 return SMP_PAIRING_NOTSUPP
;
958 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
959 memcpy(&smp
->preq
[1], req
, sizeof(*req
));
960 skb_pull(skb
, sizeof(*req
));
962 if (conn
->hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
963 sec_level
= BT_SECURITY_MEDIUM
;
965 sec_level
= authreq_to_seclevel(auth
);
967 if (sec_level
> conn
->hcon
->pending_sec_level
)
968 conn
->hcon
->pending_sec_level
= sec_level
;
970 /* If we need MITM check that it can be achieved */
971 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
974 method
= get_auth_method(smp
, conn
->hcon
->io_capability
,
976 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
977 return SMP_AUTH_REQUIREMENTS
;
980 build_pairing_cmd(conn
, req
, &rsp
, auth
);
982 if (rsp
.auth_req
& SMP_AUTH_SC
)
983 set_bit(SMP_FLAG_SC
, &smp
->flags
);
985 key_size
= min(req
->max_key_size
, rsp
.max_key_size
);
986 if (check_enc_key_size(conn
, key_size
))
987 return SMP_ENC_KEY_SIZE
;
989 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
991 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
992 memcpy(&smp
->prsp
[1], &rsp
, sizeof(rsp
));
994 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(rsp
), &rsp
);
995 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_CONFIRM
);
997 /* Request setup of TK */
998 ret
= tk_request(conn
, 0, auth
, rsp
.io_capability
, req
->io_capability
);
1000 return SMP_UNSPECIFIED
;
1005 static u8
smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1007 struct smp_cmd_pairing
*req
, *rsp
= (void *) skb
->data
;
1008 struct l2cap_chan
*chan
= conn
->smp
;
1009 struct smp_chan
*smp
= chan
->data
;
1010 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1014 BT_DBG("conn %p", conn
);
1016 if (skb
->len
< sizeof(*rsp
))
1017 return SMP_INVALID_PARAMS
;
1019 if (conn
->hcon
->role
!= HCI_ROLE_MASTER
)
1020 return SMP_CMD_NOTSUPP
;
1022 skb_pull(skb
, sizeof(*rsp
));
1024 req
= (void *) &smp
->preq
[1];
1026 key_size
= min(req
->max_key_size
, rsp
->max_key_size
);
1027 if (check_enc_key_size(conn
, key_size
))
1028 return SMP_ENC_KEY_SIZE
;
1030 auth
= rsp
->auth_req
& AUTH_REQ_MASK(hdev
);
1032 if ((req
->auth_req
& SMP_AUTH_SC
) && (auth
& SMP_AUTH_SC
))
1033 set_bit(SMP_FLAG_SC
, &smp
->flags
);
1034 else if (conn
->hcon
->pending_sec_level
> BT_SECURITY_HIGH
)
1035 conn
->hcon
->pending_sec_level
= BT_SECURITY_HIGH
;
1037 /* If we need MITM check that it can be achieved */
1038 if (conn
->hcon
->pending_sec_level
>= BT_SECURITY_HIGH
) {
1041 method
= get_auth_method(smp
, req
->io_capability
,
1042 rsp
->io_capability
);
1043 if (method
== JUST_WORKS
|| method
== JUST_CFM
)
1044 return SMP_AUTH_REQUIREMENTS
;
1047 get_random_bytes(smp
->prnd
, sizeof(smp
->prnd
));
1049 smp
->prsp
[0] = SMP_CMD_PAIRING_RSP
;
1050 memcpy(&smp
->prsp
[1], rsp
, sizeof(*rsp
));
1052 /* Update remote key distribution in case the remote cleared
1053 * some bits that we had enabled in our request.
1055 smp
->remote_key_dist
&= rsp
->resp_key_dist
;
1057 auth
|= req
->auth_req
;
1059 ret
= tk_request(conn
, 0, auth
, req
->io_capability
, rsp
->io_capability
);
1061 return SMP_UNSPECIFIED
;
1063 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1065 /* Can't compose response until we have been confirmed */
1066 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1067 return smp_confirm(smp
);
1072 static u8
smp_cmd_pairing_confirm(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1074 struct l2cap_chan
*chan
= conn
->smp
;
1075 struct smp_chan
*smp
= chan
->data
;
1077 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
1079 if (skb
->len
< sizeof(smp
->pcnf
))
1080 return SMP_INVALID_PARAMS
;
1082 memcpy(smp
->pcnf
, skb
->data
, sizeof(smp
->pcnf
));
1083 skb_pull(skb
, sizeof(smp
->pcnf
));
1085 if (conn
->hcon
->out
) {
1086 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(smp
->prnd
),
1088 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RANDOM
);
1092 if (test_bit(SMP_FLAG_TK_VALID
, &smp
->flags
))
1093 return smp_confirm(smp
);
1095 set_bit(SMP_FLAG_CFM_PENDING
, &smp
->flags
);
1100 static u8
smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1102 struct l2cap_chan
*chan
= conn
->smp
;
1103 struct smp_chan
*smp
= chan
->data
;
1105 BT_DBG("conn %p", conn
);
1107 if (skb
->len
< sizeof(smp
->rrnd
))
1108 return SMP_INVALID_PARAMS
;
1110 memcpy(smp
->rrnd
, skb
->data
, sizeof(smp
->rrnd
));
1111 skb_pull(skb
, sizeof(smp
->rrnd
));
1113 return smp_random(smp
);
1116 static bool smp_ltk_encrypt(struct l2cap_conn
*conn
, u8 sec_level
)
1118 struct smp_ltk
*key
;
1119 struct hci_conn
*hcon
= conn
->hcon
;
1121 key
= hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1126 if (smp_ltk_sec_level(key
) < sec_level
)
1129 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &hcon
->flags
))
1132 hci_le_start_enc(hcon
, key
->ediv
, key
->rand
, key
->val
);
1133 hcon
->enc_key_size
= key
->enc_size
;
1135 /* We never store STKs for master role, so clear this flag */
1136 clear_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
);
1141 bool smp_sufficient_security(struct hci_conn
*hcon
, u8 sec_level
,
1142 enum smp_key_pref key_pref
)
1144 if (sec_level
== BT_SECURITY_LOW
)
1147 /* If we're encrypted with an STK but the caller prefers using
1148 * LTK claim insufficient security. This way we allow the
1149 * connection to be re-encrypted with an LTK, even if the LTK
1150 * provides the same level of security. Only exception is if we
1151 * don't have an LTK (e.g. because of key distribution bits).
1153 if (key_pref
== SMP_USE_LTK
&&
1154 test_bit(HCI_CONN_STK_ENCRYPT
, &hcon
->flags
) &&
1155 hci_find_ltk_by_addr(hcon
->hdev
, &hcon
->dst
, hcon
->dst_type
,
1159 if (hcon
->sec_level
>= sec_level
)
1165 static u8
smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1167 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
1168 struct smp_cmd_pairing cp
;
1169 struct hci_conn
*hcon
= conn
->hcon
;
1170 struct hci_dev
*hdev
= hcon
->hdev
;
1171 struct smp_chan
*smp
;
1174 BT_DBG("conn %p", conn
);
1176 if (skb
->len
< sizeof(*rp
))
1177 return SMP_INVALID_PARAMS
;
1179 if (hcon
->role
!= HCI_ROLE_MASTER
)
1180 return SMP_CMD_NOTSUPP
;
1182 auth
= rp
->auth_req
& AUTH_REQ_MASK(hdev
);
1184 if (hcon
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)
1185 sec_level
= BT_SECURITY_MEDIUM
;
1187 sec_level
= authreq_to_seclevel(auth
);
1189 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1192 if (sec_level
> hcon
->pending_sec_level
)
1193 hcon
->pending_sec_level
= sec_level
;
1195 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1198 smp
= smp_chan_create(conn
);
1200 return SMP_UNSPECIFIED
;
1202 if (!test_bit(HCI_BONDABLE
, &hcon
->hdev
->dev_flags
) &&
1203 (auth
& SMP_AUTH_BONDING
))
1204 return SMP_PAIRING_NOTSUPP
;
1206 skb_pull(skb
, sizeof(*rp
));
1208 memset(&cp
, 0, sizeof(cp
));
1209 build_pairing_cmd(conn
, &cp
, NULL
, auth
);
1211 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1212 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1214 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1215 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1220 int smp_conn_security(struct hci_conn
*hcon
, __u8 sec_level
)
1222 struct l2cap_conn
*conn
= hcon
->l2cap_data
;
1223 struct l2cap_chan
*chan
;
1224 struct smp_chan
*smp
;
1228 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
1230 /* This may be NULL if there's an unexpected disconnection */
1236 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
))
1239 if (smp_sufficient_security(hcon
, sec_level
, SMP_USE_LTK
))
1242 if (sec_level
> hcon
->pending_sec_level
)
1243 hcon
->pending_sec_level
= sec_level
;
1245 if (hcon
->role
== HCI_ROLE_MASTER
)
1246 if (smp_ltk_encrypt(conn
, hcon
->pending_sec_level
))
1249 l2cap_chan_lock(chan
);
1251 /* If SMP is already in progress ignore this request */
1257 smp
= smp_chan_create(conn
);
1263 authreq
= seclevel_to_authreq(sec_level
);
1265 if (test_bit(HCI_SC_ENABLED
, &hcon
->hdev
->dev_flags
))
1266 authreq
|= SMP_AUTH_SC
;
1268 /* Require MITM if IO Capability allows or the security level
1271 if (hcon
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
||
1272 hcon
->pending_sec_level
> BT_SECURITY_MEDIUM
)
1273 authreq
|= SMP_AUTH_MITM
;
1275 if (hcon
->role
== HCI_ROLE_MASTER
) {
1276 struct smp_cmd_pairing cp
;
1278 build_pairing_cmd(conn
, &cp
, NULL
, authreq
);
1279 smp
->preq
[0] = SMP_CMD_PAIRING_REQ
;
1280 memcpy(&smp
->preq
[1], &cp
, sizeof(cp
));
1282 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
1283 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_RSP
);
1285 struct smp_cmd_security_req cp
;
1286 cp
.auth_req
= authreq
;
1287 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
1288 SMP_ALLOW_CMD(smp
, SMP_CMD_PAIRING_REQ
);
1291 set_bit(SMP_FLAG_INITIATOR
, &smp
->flags
);
1295 l2cap_chan_unlock(chan
);
1299 static int smp_cmd_encrypt_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1301 struct smp_cmd_encrypt_info
*rp
= (void *) skb
->data
;
1302 struct l2cap_chan
*chan
= conn
->smp
;
1303 struct smp_chan
*smp
= chan
->data
;
1305 BT_DBG("conn %p", conn
);
1307 if (skb
->len
< sizeof(*rp
))
1308 return SMP_INVALID_PARAMS
;
1310 SMP_ALLOW_CMD(smp
, SMP_CMD_MASTER_IDENT
);
1312 skb_pull(skb
, sizeof(*rp
));
1314 memcpy(smp
->tk
, rp
->ltk
, sizeof(smp
->tk
));
1319 static int smp_cmd_master_ident(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1321 struct smp_cmd_master_ident
*rp
= (void *) skb
->data
;
1322 struct l2cap_chan
*chan
= conn
->smp
;
1323 struct smp_chan
*smp
= chan
->data
;
1324 struct hci_dev
*hdev
= conn
->hcon
->hdev
;
1325 struct hci_conn
*hcon
= conn
->hcon
;
1326 struct smp_ltk
*ltk
;
1329 BT_DBG("conn %p", conn
);
1331 if (skb
->len
< sizeof(*rp
))
1332 return SMP_INVALID_PARAMS
;
1334 /* Mark the information as received */
1335 smp
->remote_key_dist
&= ~SMP_DIST_ENC_KEY
;
1337 if (smp
->remote_key_dist
& SMP_DIST_ID_KEY
)
1338 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_INFO
);
1339 else if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1340 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1342 skb_pull(skb
, sizeof(*rp
));
1344 authenticated
= (hcon
->sec_level
== BT_SECURITY_HIGH
);
1345 ltk
= hci_add_ltk(hdev
, &hcon
->dst
, hcon
->dst_type
, SMP_LTK
,
1346 authenticated
, smp
->tk
, smp
->enc_key_size
,
1347 rp
->ediv
, rp
->rand
);
1349 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1350 smp_distribute_keys(smp
);
1355 static int smp_cmd_ident_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1357 struct smp_cmd_ident_info
*info
= (void *) skb
->data
;
1358 struct l2cap_chan
*chan
= conn
->smp
;
1359 struct smp_chan
*smp
= chan
->data
;
1363 if (skb
->len
< sizeof(*info
))
1364 return SMP_INVALID_PARAMS
;
1366 SMP_ALLOW_CMD(smp
, SMP_CMD_IDENT_ADDR_INFO
);
1368 skb_pull(skb
, sizeof(*info
));
1370 memcpy(smp
->irk
, info
->irk
, 16);
1375 static int smp_cmd_ident_addr_info(struct l2cap_conn
*conn
,
1376 struct sk_buff
*skb
)
1378 struct smp_cmd_ident_addr_info
*info
= (void *) skb
->data
;
1379 struct l2cap_chan
*chan
= conn
->smp
;
1380 struct smp_chan
*smp
= chan
->data
;
1381 struct hci_conn
*hcon
= conn
->hcon
;
1386 if (skb
->len
< sizeof(*info
))
1387 return SMP_INVALID_PARAMS
;
1389 /* Mark the information as received */
1390 smp
->remote_key_dist
&= ~SMP_DIST_ID_KEY
;
1392 if (smp
->remote_key_dist
& SMP_DIST_SIGN
)
1393 SMP_ALLOW_CMD(smp
, SMP_CMD_SIGN_INFO
);
1395 skb_pull(skb
, sizeof(*info
));
1397 /* Strictly speaking the Core Specification (4.1) allows sending
1398 * an empty address which would force us to rely on just the IRK
1399 * as "identity information". However, since such
1400 * implementations are not known of and in order to not over
1401 * complicate our implementation, simply pretend that we never
1402 * received an IRK for such a device.
1404 if (!bacmp(&info
->bdaddr
, BDADDR_ANY
)) {
1405 BT_ERR("Ignoring IRK with no identity address");
1409 bacpy(&smp
->id_addr
, &info
->bdaddr
);
1410 smp
->id_addr_type
= info
->addr_type
;
1412 if (hci_bdaddr_is_rpa(&hcon
->dst
, hcon
->dst_type
))
1413 bacpy(&rpa
, &hcon
->dst
);
1415 bacpy(&rpa
, BDADDR_ANY
);
1417 smp
->remote_irk
= hci_add_irk(conn
->hcon
->hdev
, &smp
->id_addr
,
1418 smp
->id_addr_type
, smp
->irk
, &rpa
);
1421 if (!(smp
->remote_key_dist
& KEY_DIST_MASK
))
1422 smp_distribute_keys(smp
);
1427 static int smp_cmd_sign_info(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
1429 struct smp_cmd_sign_info
*rp
= (void *) skb
->data
;
1430 struct l2cap_chan
*chan
= conn
->smp
;
1431 struct smp_chan
*smp
= chan
->data
;
1432 struct smp_csrk
*csrk
;
1434 BT_DBG("conn %p", conn
);
1436 if (skb
->len
< sizeof(*rp
))
1437 return SMP_INVALID_PARAMS
;
1439 /* Mark the information as received */
1440 smp
->remote_key_dist
&= ~SMP_DIST_SIGN
;
1442 skb_pull(skb
, sizeof(*rp
));
1444 csrk
= kzalloc(sizeof(*csrk
), GFP_KERNEL
);
1446 csrk
->master
= 0x01;
1447 memcpy(csrk
->val
, rp
->csrk
, sizeof(csrk
->val
));
1450 smp_distribute_keys(smp
);
1455 static int smp_sig_channel(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1457 struct l2cap_conn
*conn
= chan
->conn
;
1458 struct hci_conn
*hcon
= conn
->hcon
;
1459 struct smp_chan
*smp
;
1463 if (hcon
->type
!= LE_LINK
) {
1471 if (!test_bit(HCI_LE_ENABLED
, &hcon
->hdev
->dev_flags
)) {
1472 reason
= SMP_PAIRING_NOTSUPP
;
1476 code
= skb
->data
[0];
1477 skb_pull(skb
, sizeof(code
));
1481 if (code
> SMP_CMD_MAX
)
1484 if (smp
&& !test_and_clear_bit(code
, &smp
->allow_cmd
))
1487 /* If we don't have a context the only allowed commands are
1488 * pairing request and security request.
1490 if (!smp
&& code
!= SMP_CMD_PAIRING_REQ
&& code
!= SMP_CMD_SECURITY_REQ
)
1494 case SMP_CMD_PAIRING_REQ
:
1495 reason
= smp_cmd_pairing_req(conn
, skb
);
1498 case SMP_CMD_PAIRING_FAIL
:
1499 smp_failure(conn
, 0);
1503 case SMP_CMD_PAIRING_RSP
:
1504 reason
= smp_cmd_pairing_rsp(conn
, skb
);
1507 case SMP_CMD_SECURITY_REQ
:
1508 reason
= smp_cmd_security_req(conn
, skb
);
1511 case SMP_CMD_PAIRING_CONFIRM
:
1512 reason
= smp_cmd_pairing_confirm(conn
, skb
);
1515 case SMP_CMD_PAIRING_RANDOM
:
1516 reason
= smp_cmd_pairing_random(conn
, skb
);
1519 case SMP_CMD_ENCRYPT_INFO
:
1520 reason
= smp_cmd_encrypt_info(conn
, skb
);
1523 case SMP_CMD_MASTER_IDENT
:
1524 reason
= smp_cmd_master_ident(conn
, skb
);
1527 case SMP_CMD_IDENT_INFO
:
1528 reason
= smp_cmd_ident_info(conn
, skb
);
1531 case SMP_CMD_IDENT_ADDR_INFO
:
1532 reason
= smp_cmd_ident_addr_info(conn
, skb
);
1535 case SMP_CMD_SIGN_INFO
:
1536 reason
= smp_cmd_sign_info(conn
, skb
);
1540 BT_DBG("Unknown command code 0x%2.2x", code
);
1541 reason
= SMP_CMD_NOTSUPP
;
1548 smp_failure(conn
, reason
);
1555 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon
->hdev
->name
,
1561 static void smp_teardown_cb(struct l2cap_chan
*chan
, int err
)
1563 struct l2cap_conn
*conn
= chan
->conn
;
1565 BT_DBG("chan %p", chan
);
1568 smp_chan_destroy(conn
);
1571 l2cap_chan_put(chan
);
1574 static void smp_resume_cb(struct l2cap_chan
*chan
)
1576 struct smp_chan
*smp
= chan
->data
;
1577 struct l2cap_conn
*conn
= chan
->conn
;
1578 struct hci_conn
*hcon
= conn
->hcon
;
1580 BT_DBG("chan %p", chan
);
1585 if (!test_bit(HCI_CONN_ENCRYPT
, &hcon
->flags
))
1588 cancel_delayed_work(&smp
->security_timer
);
1590 smp_distribute_keys(smp
);
1593 static void smp_ready_cb(struct l2cap_chan
*chan
)
1595 struct l2cap_conn
*conn
= chan
->conn
;
1597 BT_DBG("chan %p", chan
);
1600 l2cap_chan_hold(chan
);
1603 static int smp_recv_cb(struct l2cap_chan
*chan
, struct sk_buff
*skb
)
1607 BT_DBG("chan %p", chan
);
1609 err
= smp_sig_channel(chan
, skb
);
1611 struct smp_chan
*smp
= chan
->data
;
1614 cancel_delayed_work_sync(&smp
->security_timer
);
1616 hci_disconnect(chan
->conn
->hcon
, HCI_ERROR_AUTH_FAILURE
);
1622 static struct sk_buff
*smp_alloc_skb_cb(struct l2cap_chan
*chan
,
1623 unsigned long hdr_len
,
1624 unsigned long len
, int nb
)
1626 struct sk_buff
*skb
;
1628 skb
= bt_skb_alloc(hdr_len
+ len
, GFP_KERNEL
);
1630 return ERR_PTR(-ENOMEM
);
1632 skb
->priority
= HCI_PRIO_MAX
;
1633 bt_cb(skb
)->chan
= chan
;
1638 static const struct l2cap_ops smp_chan_ops
= {
1639 .name
= "Security Manager",
1640 .ready
= smp_ready_cb
,
1641 .recv
= smp_recv_cb
,
1642 .alloc_skb
= smp_alloc_skb_cb
,
1643 .teardown
= smp_teardown_cb
,
1644 .resume
= smp_resume_cb
,
1646 .new_connection
= l2cap_chan_no_new_connection
,
1647 .state_change
= l2cap_chan_no_state_change
,
1648 .close
= l2cap_chan_no_close
,
1649 .defer
= l2cap_chan_no_defer
,
1650 .suspend
= l2cap_chan_no_suspend
,
1651 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1652 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1653 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1656 static inline struct l2cap_chan
*smp_new_conn_cb(struct l2cap_chan
*pchan
)
1658 struct l2cap_chan
*chan
;
1660 BT_DBG("pchan %p", pchan
);
1662 chan
= l2cap_chan_create();
1666 chan
->chan_type
= pchan
->chan_type
;
1667 chan
->ops
= &smp_chan_ops
;
1668 chan
->scid
= pchan
->scid
;
1669 chan
->dcid
= chan
->scid
;
1670 chan
->imtu
= pchan
->imtu
;
1671 chan
->omtu
= pchan
->omtu
;
1672 chan
->mode
= pchan
->mode
;
1674 /* Other L2CAP channels may request SMP routines in order to
1675 * change the security level. This means that the SMP channel
1676 * lock must be considered in its own category to avoid lockdep
1679 atomic_set(&chan
->nesting
, L2CAP_NESTING_SMP
);
1681 BT_DBG("created chan %p", chan
);
1686 static const struct l2cap_ops smp_root_chan_ops
= {
1687 .name
= "Security Manager Root",
1688 .new_connection
= smp_new_conn_cb
,
1690 /* None of these are implemented for the root channel */
1691 .close
= l2cap_chan_no_close
,
1692 .alloc_skb
= l2cap_chan_no_alloc_skb
,
1693 .recv
= l2cap_chan_no_recv
,
1694 .state_change
= l2cap_chan_no_state_change
,
1695 .teardown
= l2cap_chan_no_teardown
,
1696 .ready
= l2cap_chan_no_ready
,
1697 .defer
= l2cap_chan_no_defer
,
1698 .suspend
= l2cap_chan_no_suspend
,
1699 .resume
= l2cap_chan_no_resume
,
1700 .set_shutdown
= l2cap_chan_no_set_shutdown
,
1701 .get_sndtimeo
= l2cap_chan_no_get_sndtimeo
,
1702 .memcpy_fromiovec
= l2cap_chan_no_memcpy_fromiovec
,
1705 int smp_register(struct hci_dev
*hdev
)
1707 struct l2cap_chan
*chan
;
1708 struct crypto_blkcipher
*tfm_aes
;
1710 BT_DBG("%s", hdev
->name
);
1712 tfm_aes
= crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1713 if (IS_ERR(tfm_aes
)) {
1714 int err
= PTR_ERR(tfm_aes
);
1715 BT_ERR("Unable to create crypto context");
1719 chan
= l2cap_chan_create();
1721 crypto_free_blkcipher(tfm_aes
);
1725 chan
->data
= tfm_aes
;
1727 l2cap_add_scid(chan
, L2CAP_CID_SMP
);
1729 l2cap_chan_set_defaults(chan
);
1731 bacpy(&chan
->src
, &hdev
->bdaddr
);
1732 chan
->src_type
= BDADDR_LE_PUBLIC
;
1733 chan
->state
= BT_LISTEN
;
1734 chan
->mode
= L2CAP_MODE_BASIC
;
1735 chan
->imtu
= L2CAP_DEFAULT_MTU
;
1736 chan
->ops
= &smp_root_chan_ops
;
1738 /* Set correct nesting level for a parent/listening channel */
1739 atomic_set(&chan
->nesting
, L2CAP_NESTING_PARENT
);
1741 hdev
->smp_data
= chan
;
1746 void smp_unregister(struct hci_dev
*hdev
)
1748 struct l2cap_chan
*chan
= hdev
->smp_data
;
1749 struct crypto_blkcipher
*tfm_aes
;
1754 BT_DBG("%s chan %p", hdev
->name
, chan
);
1756 tfm_aes
= chan
->data
;
1759 crypto_free_blkcipher(tfm_aes
);
1762 hdev
->smp_data
= NULL
;
1763 l2cap_chan_put(chan
);