]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/smp.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Update SMP security level to/from auth_req for SC
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
39 0x1f : 0x07)
40 #define KEY_DIST_MASK 0x07
41
42 enum {
43 SMP_FLAG_TK_VALID,
44 SMP_FLAG_CFM_PENDING,
45 SMP_FLAG_MITM_AUTH,
46 SMP_FLAG_COMPLETE,
47 SMP_FLAG_INITIATOR,
48 SMP_FLAG_SC,
49 };
50
51 struct smp_chan {
52 struct l2cap_conn *conn;
53 struct delayed_work security_timer;
54 unsigned long allow_cmd; /* Bitmask of allowed commands */
55
56 u8 preq[7]; /* SMP Pairing Request */
57 u8 prsp[7]; /* SMP Pairing Response */
58 u8 prnd[16]; /* SMP Pairing Random (local) */
59 u8 rrnd[16]; /* SMP Pairing Random (remote) */
60 u8 pcnf[16]; /* SMP Pairing Confirm */
61 u8 tk[16]; /* SMP Temporary Key */
62 u8 enc_key_size;
63 u8 remote_key_dist;
64 bdaddr_t id_addr;
65 u8 id_addr_type;
66 u8 irk[16];
67 struct smp_csrk *csrk;
68 struct smp_csrk *slave_csrk;
69 struct smp_ltk *ltk;
70 struct smp_ltk *slave_ltk;
71 struct smp_irk *remote_irk;
72 unsigned long flags;
73
74 struct crypto_blkcipher *tfm_aes;
75 };
76
77 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
78 {
79 size_t i;
80
81 for (i = 0; i < len; i++)
82 dst[len - 1 - i] = src[i];
83 }
84
85 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
86 {
87 struct blkcipher_desc desc;
88 struct scatterlist sg;
89 uint8_t tmp[16], data[16];
90 int err;
91
92 if (tfm == NULL) {
93 BT_ERR("tfm %p", tfm);
94 return -EINVAL;
95 }
96
97 desc.tfm = tfm;
98 desc.flags = 0;
99
100 /* The most significant octet of key corresponds to k[0] */
101 swap_buf(k, tmp, 16);
102
103 err = crypto_blkcipher_setkey(tfm, tmp, 16);
104 if (err) {
105 BT_ERR("cipher setkey failed: %d", err);
106 return err;
107 }
108
109 /* Most significant octet of plaintextData corresponds to data[0] */
110 swap_buf(r, data, 16);
111
112 sg_init_one(&sg, data, 16);
113
114 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
115 if (err)
116 BT_ERR("Encrypt data error %d", err);
117
118 /* Most significant octet of encryptedData corresponds to data[0] */
119 swap_buf(data, r, 16);
120
121 return err;
122 }
123
124 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
125 {
126 u8 _res[16];
127 int err;
128
129 /* r' = padding || r */
130 memcpy(_res, r, 3);
131 memset(_res + 3, 0, 13);
132
133 err = smp_e(tfm, irk, _res);
134 if (err) {
135 BT_ERR("Encrypt error");
136 return err;
137 }
138
139 /* The output of the random address function ah is:
140 * ah(h, r) = e(k, r') mod 2^24
141 * The output of the security function e is then truncated to 24 bits
142 * by taking the least significant 24 bits of the output of e as the
143 * result of ah.
144 */
145 memcpy(res, _res, 3);
146
147 return 0;
148 }
149
150 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
151 {
152 struct l2cap_chan *chan = hdev->smp_data;
153 struct crypto_blkcipher *tfm;
154 u8 hash[3];
155 int err;
156
157 if (!chan || !chan->data)
158 return false;
159
160 tfm = chan->data;
161
162 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
163
164 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
165 if (err)
166 return false;
167
168 return !memcmp(bdaddr->b, hash, 3);
169 }
170
171 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
172 {
173 struct l2cap_chan *chan = hdev->smp_data;
174 struct crypto_blkcipher *tfm;
175 int err;
176
177 if (!chan || !chan->data)
178 return -EOPNOTSUPP;
179
180 tfm = chan->data;
181
182 get_random_bytes(&rpa->b[3], 3);
183
184 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
185 rpa->b[5] |= 0x40; /* Set second most significant bit */
186
187 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
188 if (err < 0)
189 return err;
190
191 BT_DBG("RPA %pMR", rpa);
192
193 return 0;
194 }
195
196 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
197 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
198 bdaddr_t *ra, u8 res[16])
199 {
200 u8 p1[16], p2[16];
201 int err;
202
203 memset(p1, 0, 16);
204
205 /* p1 = pres || preq || _rat || _iat */
206 p1[0] = _iat;
207 p1[1] = _rat;
208 memcpy(p1 + 2, preq, 7);
209 memcpy(p1 + 9, pres, 7);
210
211 /* p2 = padding || ia || ra */
212 memcpy(p2, ra, 6);
213 memcpy(p2 + 6, ia, 6);
214 memset(p2 + 12, 0, 4);
215
216 /* res = r XOR p1 */
217 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
218
219 /* res = e(k, res) */
220 err = smp_e(tfm_aes, k, res);
221 if (err) {
222 BT_ERR("Encrypt data error");
223 return err;
224 }
225
226 /* res = res XOR p2 */
227 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
228
229 /* res = e(k, res) */
230 err = smp_e(tfm_aes, k, res);
231 if (err)
232 BT_ERR("Encrypt data error");
233
234 return err;
235 }
236
237 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
238 u8 r2[16], u8 _r[16])
239 {
240 int err;
241
242 /* Just least significant octets from r1 and r2 are considered */
243 memcpy(_r, r2, 8);
244 memcpy(_r + 8, r1, 8);
245
246 err = smp_e(tfm_aes, k, _r);
247 if (err)
248 BT_ERR("Encrypt data error");
249
250 return err;
251 }
252
253 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
254 {
255 struct l2cap_chan *chan = conn->smp;
256 struct smp_chan *smp;
257 struct kvec iv[2];
258 struct msghdr msg;
259
260 if (!chan)
261 return;
262
263 BT_DBG("code 0x%2.2x", code);
264
265 iv[0].iov_base = &code;
266 iv[0].iov_len = 1;
267
268 iv[1].iov_base = data;
269 iv[1].iov_len = len;
270
271 memset(&msg, 0, sizeof(msg));
272
273 msg.msg_iov = (struct iovec *) &iv;
274 msg.msg_iovlen = 2;
275
276 l2cap_chan_send(chan, &msg, 1 + len);
277
278 if (!chan->data)
279 return;
280
281 smp = chan->data;
282
283 cancel_delayed_work_sync(&smp->security_timer);
284 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
285 }
286
287 static u8 authreq_to_seclevel(u8 authreq)
288 {
289 if (authreq & SMP_AUTH_MITM) {
290 if (authreq & SMP_AUTH_SC)
291 return BT_SECURITY_FIPS;
292 else
293 return BT_SECURITY_HIGH;
294 } else {
295 return BT_SECURITY_MEDIUM;
296 }
297 }
298
299 static __u8 seclevel_to_authreq(__u8 sec_level)
300 {
301 switch (sec_level) {
302 case BT_SECURITY_FIPS:
303 case BT_SECURITY_HIGH:
304 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
305 case BT_SECURITY_MEDIUM:
306 return SMP_AUTH_BONDING;
307 default:
308 return SMP_AUTH_NONE;
309 }
310 }
311
312 static void build_pairing_cmd(struct l2cap_conn *conn,
313 struct smp_cmd_pairing *req,
314 struct smp_cmd_pairing *rsp, __u8 authreq)
315 {
316 struct l2cap_chan *chan = conn->smp;
317 struct smp_chan *smp = chan->data;
318 struct hci_conn *hcon = conn->hcon;
319 struct hci_dev *hdev = hcon->hdev;
320 u8 local_dist = 0, remote_dist = 0;
321
322 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
323 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
325 authreq |= SMP_AUTH_BONDING;
326 } else {
327 authreq &= ~SMP_AUTH_BONDING;
328 }
329
330 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
331 remote_dist |= SMP_DIST_ID_KEY;
332
333 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
334 local_dist |= SMP_DIST_ID_KEY;
335
336 if (rsp == NULL) {
337 req->io_capability = conn->hcon->io_capability;
338 req->oob_flag = SMP_OOB_NOT_PRESENT;
339 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
340 req->init_key_dist = local_dist;
341 req->resp_key_dist = remote_dist;
342 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
343
344 smp->remote_key_dist = remote_dist;
345 return;
346 }
347
348 rsp->io_capability = conn->hcon->io_capability;
349 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
350 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
351 rsp->init_key_dist = req->init_key_dist & remote_dist;
352 rsp->resp_key_dist = req->resp_key_dist & local_dist;
353 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
354
355 smp->remote_key_dist = rsp->init_key_dist;
356 }
357
358 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
359 {
360 struct l2cap_chan *chan = conn->smp;
361 struct smp_chan *smp = chan->data;
362
363 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
364 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
365 return SMP_ENC_KEY_SIZE;
366
367 smp->enc_key_size = max_key_size;
368
369 return 0;
370 }
371
372 static void smp_chan_destroy(struct l2cap_conn *conn)
373 {
374 struct l2cap_chan *chan = conn->smp;
375 struct smp_chan *smp = chan->data;
376 bool complete;
377
378 BUG_ON(!smp);
379
380 cancel_delayed_work_sync(&smp->security_timer);
381
382 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
383 mgmt_smp_complete(conn->hcon, complete);
384
385 kfree(smp->csrk);
386 kfree(smp->slave_csrk);
387
388 crypto_free_blkcipher(smp->tfm_aes);
389
390 /* If pairing failed clean up any keys we might have */
391 if (!complete) {
392 if (smp->ltk) {
393 list_del_rcu(&smp->ltk->list);
394 kfree_rcu(smp->ltk, rcu);
395 }
396
397 if (smp->slave_ltk) {
398 list_del_rcu(&smp->slave_ltk->list);
399 kfree_rcu(smp->slave_ltk, rcu);
400 }
401
402 if (smp->remote_irk) {
403 list_del_rcu(&smp->remote_irk->list);
404 kfree_rcu(smp->remote_irk, rcu);
405 }
406 }
407
408 chan->data = NULL;
409 kfree(smp);
410 hci_conn_drop(conn->hcon);
411 }
412
413 static void smp_failure(struct l2cap_conn *conn, u8 reason)
414 {
415 struct hci_conn *hcon = conn->hcon;
416 struct l2cap_chan *chan = conn->smp;
417
418 if (reason)
419 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
420 &reason);
421
422 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
423 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
424
425 if (chan->data)
426 smp_chan_destroy(conn);
427 }
428
429 #define JUST_WORKS 0x00
430 #define JUST_CFM 0x01
431 #define REQ_PASSKEY 0x02
432 #define CFM_PASSKEY 0x03
433 #define REQ_OOB 0x04
434 #define OVERLAP 0xFF
435
436 static const u8 gen_method[5][5] = {
437 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
438 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
439 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
440 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
441 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
442 };
443
444 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
445 {
446 /* If either side has unknown io_caps, use JUST_CFM (which gets
447 * converted later to JUST_WORKS if we're initiators.
448 */
449 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
450 remote_io > SMP_IO_KEYBOARD_DISPLAY)
451 return JUST_CFM;
452
453 return gen_method[remote_io][local_io];
454 }
455
456 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
457 u8 local_io, u8 remote_io)
458 {
459 struct hci_conn *hcon = conn->hcon;
460 struct l2cap_chan *chan = conn->smp;
461 struct smp_chan *smp = chan->data;
462 u8 method;
463 u32 passkey = 0;
464 int ret = 0;
465
466 /* Initialize key for JUST WORKS */
467 memset(smp->tk, 0, sizeof(smp->tk));
468 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
469
470 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
471
472 /* If neither side wants MITM, either "just" confirm an incoming
473 * request or use just-works for outgoing ones. The JUST_CFM
474 * will be converted to JUST_WORKS if necessary later in this
475 * function. If either side has MITM look up the method from the
476 * table.
477 */
478 if (!(auth & SMP_AUTH_MITM))
479 method = JUST_CFM;
480 else
481 method = get_auth_method(smp, local_io, remote_io);
482
483 /* Don't confirm locally initiated pairing attempts */
484 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
485 method = JUST_WORKS;
486
487 /* Don't bother user space with no IO capabilities */
488 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
489 method = JUST_WORKS;
490
491 /* If Just Works, Continue with Zero TK */
492 if (method == JUST_WORKS) {
493 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
494 return 0;
495 }
496
497 /* Not Just Works/Confirm results in MITM Authentication */
498 if (method != JUST_CFM) {
499 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
500 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
501 hcon->pending_sec_level = BT_SECURITY_HIGH;
502 }
503
504 /* If both devices have Keyoard-Display I/O, the master
505 * Confirms and the slave Enters the passkey.
506 */
507 if (method == OVERLAP) {
508 if (hcon->role == HCI_ROLE_MASTER)
509 method = CFM_PASSKEY;
510 else
511 method = REQ_PASSKEY;
512 }
513
514 /* Generate random passkey. */
515 if (method == CFM_PASSKEY) {
516 memset(smp->tk, 0, sizeof(smp->tk));
517 get_random_bytes(&passkey, sizeof(passkey));
518 passkey %= 1000000;
519 put_unaligned_le32(passkey, smp->tk);
520 BT_DBG("PassKey: %d", passkey);
521 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
522 }
523
524 if (method == REQ_PASSKEY)
525 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
526 hcon->type, hcon->dst_type);
527 else if (method == JUST_CFM)
528 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
529 hcon->type, hcon->dst_type,
530 passkey, 1);
531 else
532 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
533 hcon->type, hcon->dst_type,
534 passkey, 0);
535
536 return ret;
537 }
538
539 static u8 smp_confirm(struct smp_chan *smp)
540 {
541 struct l2cap_conn *conn = smp->conn;
542 struct smp_cmd_pairing_confirm cp;
543 int ret;
544
545 BT_DBG("conn %p", conn);
546
547 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
548 conn->hcon->init_addr_type, &conn->hcon->init_addr,
549 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
550 cp.confirm_val);
551 if (ret)
552 return SMP_UNSPECIFIED;
553
554 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
555
556 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
557
558 if (conn->hcon->out)
559 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
560 else
561 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
562
563 return 0;
564 }
565
566 static u8 smp_random(struct smp_chan *smp)
567 {
568 struct l2cap_conn *conn = smp->conn;
569 struct hci_conn *hcon = conn->hcon;
570 u8 confirm[16];
571 int ret;
572
573 if (IS_ERR_OR_NULL(smp->tfm_aes))
574 return SMP_UNSPECIFIED;
575
576 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
577
578 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
579 hcon->init_addr_type, &hcon->init_addr,
580 hcon->resp_addr_type, &hcon->resp_addr, confirm);
581 if (ret)
582 return SMP_UNSPECIFIED;
583
584 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
585 BT_ERR("Pairing failed (confirmation values mismatch)");
586 return SMP_CONFIRM_FAILED;
587 }
588
589 if (hcon->out) {
590 u8 stk[16];
591 __le64 rand = 0;
592 __le16 ediv = 0;
593
594 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
595
596 memset(stk + smp->enc_key_size, 0,
597 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
598
599 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
600 return SMP_UNSPECIFIED;
601
602 hci_le_start_enc(hcon, ediv, rand, stk);
603 hcon->enc_key_size = smp->enc_key_size;
604 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
605 } else {
606 u8 stk[16], auth;
607 __le64 rand = 0;
608 __le16 ediv = 0;
609
610 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
611 smp->prnd);
612
613 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
614
615 memset(stk + smp->enc_key_size, 0,
616 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
617
618 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
619 auth = 1;
620 else
621 auth = 0;
622
623 /* Even though there's no _SLAVE suffix this is the
624 * slave STK we're adding for later lookup (the master
625 * STK never needs to be stored).
626 */
627 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
628 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
629 }
630
631 return 0;
632 }
633
634 static void smp_notify_keys(struct l2cap_conn *conn)
635 {
636 struct l2cap_chan *chan = conn->smp;
637 struct smp_chan *smp = chan->data;
638 struct hci_conn *hcon = conn->hcon;
639 struct hci_dev *hdev = hcon->hdev;
640 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
641 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
642 bool persistent;
643
644 if (smp->remote_irk) {
645 mgmt_new_irk(hdev, smp->remote_irk);
646 /* Now that user space can be considered to know the
647 * identity address track the connection based on it
648 * from now on.
649 */
650 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
651 hcon->dst_type = smp->remote_irk->addr_type;
652 queue_work(hdev->workqueue, &conn->id_addr_update_work);
653
654 /* When receiving an indentity resolving key for
655 * a remote device that does not use a resolvable
656 * private address, just remove the key so that
657 * it is possible to use the controller white
658 * list for scanning.
659 *
660 * Userspace will have been told to not store
661 * this key at this point. So it is safe to
662 * just remove it.
663 */
664 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
665 list_del_rcu(&smp->remote_irk->list);
666 kfree_rcu(smp->remote_irk, rcu);
667 smp->remote_irk = NULL;
668 }
669 }
670
671 /* The LTKs and CSRKs should be persistent only if both sides
672 * had the bonding bit set in their authentication requests.
673 */
674 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
675
676 if (smp->csrk) {
677 smp->csrk->bdaddr_type = hcon->dst_type;
678 bacpy(&smp->csrk->bdaddr, &hcon->dst);
679 mgmt_new_csrk(hdev, smp->csrk, persistent);
680 }
681
682 if (smp->slave_csrk) {
683 smp->slave_csrk->bdaddr_type = hcon->dst_type;
684 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
685 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
686 }
687
688 if (smp->ltk) {
689 smp->ltk->bdaddr_type = hcon->dst_type;
690 bacpy(&smp->ltk->bdaddr, &hcon->dst);
691 mgmt_new_ltk(hdev, smp->ltk, persistent);
692 }
693
694 if (smp->slave_ltk) {
695 smp->slave_ltk->bdaddr_type = hcon->dst_type;
696 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
697 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
698 }
699 }
700
701 static void smp_allow_key_dist(struct smp_chan *smp)
702 {
703 /* Allow the first expected phase 3 PDU. The rest of the PDUs
704 * will be allowed in each PDU handler to ensure we receive
705 * them in the correct order.
706 */
707 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
708 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
709 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
710 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
711 else if (smp->remote_key_dist & SMP_DIST_SIGN)
712 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
713 }
714
715 static void smp_distribute_keys(struct smp_chan *smp)
716 {
717 struct smp_cmd_pairing *req, *rsp;
718 struct l2cap_conn *conn = smp->conn;
719 struct hci_conn *hcon = conn->hcon;
720 struct hci_dev *hdev = hcon->hdev;
721 __u8 *keydist;
722
723 BT_DBG("conn %p", conn);
724
725 rsp = (void *) &smp->prsp[1];
726
727 /* The responder sends its keys first */
728 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
729 smp_allow_key_dist(smp);
730 return;
731 }
732
733 req = (void *) &smp->preq[1];
734
735 if (hcon->out) {
736 keydist = &rsp->init_key_dist;
737 *keydist &= req->init_key_dist;
738 } else {
739 keydist = &rsp->resp_key_dist;
740 *keydist &= req->resp_key_dist;
741 }
742
743 BT_DBG("keydist 0x%x", *keydist);
744
745 if (*keydist & SMP_DIST_ENC_KEY) {
746 struct smp_cmd_encrypt_info enc;
747 struct smp_cmd_master_ident ident;
748 struct smp_ltk *ltk;
749 u8 authenticated;
750 __le16 ediv;
751 __le64 rand;
752
753 get_random_bytes(enc.ltk, sizeof(enc.ltk));
754 get_random_bytes(&ediv, sizeof(ediv));
755 get_random_bytes(&rand, sizeof(rand));
756
757 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
758
759 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
760 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
761 SMP_LTK_SLAVE, authenticated, enc.ltk,
762 smp->enc_key_size, ediv, rand);
763 smp->slave_ltk = ltk;
764
765 ident.ediv = ediv;
766 ident.rand = rand;
767
768 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
769
770 *keydist &= ~SMP_DIST_ENC_KEY;
771 }
772
773 if (*keydist & SMP_DIST_ID_KEY) {
774 struct smp_cmd_ident_addr_info addrinfo;
775 struct smp_cmd_ident_info idinfo;
776
777 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
778
779 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
780
781 /* The hci_conn contains the local identity address
782 * after the connection has been established.
783 *
784 * This is true even when the connection has been
785 * established using a resolvable random address.
786 */
787 bacpy(&addrinfo.bdaddr, &hcon->src);
788 addrinfo.addr_type = hcon->src_type;
789
790 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
791 &addrinfo);
792
793 *keydist &= ~SMP_DIST_ID_KEY;
794 }
795
796 if (*keydist & SMP_DIST_SIGN) {
797 struct smp_cmd_sign_info sign;
798 struct smp_csrk *csrk;
799
800 /* Generate a new random key */
801 get_random_bytes(sign.csrk, sizeof(sign.csrk));
802
803 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
804 if (csrk) {
805 csrk->master = 0x00;
806 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
807 }
808 smp->slave_csrk = csrk;
809
810 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
811
812 *keydist &= ~SMP_DIST_SIGN;
813 }
814
815 /* If there are still keys to be received wait for them */
816 if (smp->remote_key_dist & KEY_DIST_MASK) {
817 smp_allow_key_dist(smp);
818 return;
819 }
820
821 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
822 smp_notify_keys(conn);
823
824 smp_chan_destroy(conn);
825 }
826
827 static void smp_timeout(struct work_struct *work)
828 {
829 struct smp_chan *smp = container_of(work, struct smp_chan,
830 security_timer.work);
831 struct l2cap_conn *conn = smp->conn;
832
833 BT_DBG("conn %p", conn);
834
835 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
836 }
837
838 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
839 {
840 struct l2cap_chan *chan = conn->smp;
841 struct smp_chan *smp;
842
843 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
844 if (!smp)
845 return NULL;
846
847 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
848 if (IS_ERR(smp->tfm_aes)) {
849 BT_ERR("Unable to create ECB crypto context");
850 kfree(smp);
851 return NULL;
852 }
853
854 smp->conn = conn;
855 chan->data = smp;
856
857 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
858
859 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
860
861 hci_conn_hold(conn->hcon);
862
863 return smp;
864 }
865
866 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
867 {
868 struct l2cap_conn *conn = hcon->l2cap_data;
869 struct l2cap_chan *chan;
870 struct smp_chan *smp;
871 u32 value;
872 int err;
873
874 BT_DBG("");
875
876 if (!conn)
877 return -ENOTCONN;
878
879 chan = conn->smp;
880 if (!chan)
881 return -ENOTCONN;
882
883 l2cap_chan_lock(chan);
884 if (!chan->data) {
885 err = -ENOTCONN;
886 goto unlock;
887 }
888
889 smp = chan->data;
890
891 switch (mgmt_op) {
892 case MGMT_OP_USER_PASSKEY_REPLY:
893 value = le32_to_cpu(passkey);
894 memset(smp->tk, 0, sizeof(smp->tk));
895 BT_DBG("PassKey: %d", value);
896 put_unaligned_le32(value, smp->tk);
897 /* Fall Through */
898 case MGMT_OP_USER_CONFIRM_REPLY:
899 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
900 break;
901 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
902 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
903 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
904 err = 0;
905 goto unlock;
906 default:
907 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
908 err = -EOPNOTSUPP;
909 goto unlock;
910 }
911
912 err = 0;
913
914 /* If it is our turn to send Pairing Confirm, do so now */
915 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
916 u8 rsp = smp_confirm(smp);
917 if (rsp)
918 smp_failure(conn, rsp);
919 }
920
921 unlock:
922 l2cap_chan_unlock(chan);
923 return err;
924 }
925
926 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
927 {
928 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
929 struct l2cap_chan *chan = conn->smp;
930 struct hci_dev *hdev = conn->hcon->hdev;
931 struct smp_chan *smp;
932 u8 key_size, auth, sec_level;
933 int ret;
934
935 BT_DBG("conn %p", conn);
936
937 if (skb->len < sizeof(*req))
938 return SMP_INVALID_PARAMS;
939
940 if (conn->hcon->role != HCI_ROLE_SLAVE)
941 return SMP_CMD_NOTSUPP;
942
943 if (!chan->data)
944 smp = smp_chan_create(conn);
945 else
946 smp = chan->data;
947
948 if (!smp)
949 return SMP_UNSPECIFIED;
950
951 /* We didn't start the pairing, so match remote */
952 auth = req->auth_req & AUTH_REQ_MASK(hdev);
953
954 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
955 (auth & SMP_AUTH_BONDING))
956 return SMP_PAIRING_NOTSUPP;
957
958 smp->preq[0] = SMP_CMD_PAIRING_REQ;
959 memcpy(&smp->preq[1], req, sizeof(*req));
960 skb_pull(skb, sizeof(*req));
961
962 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
963 sec_level = BT_SECURITY_MEDIUM;
964 else
965 sec_level = authreq_to_seclevel(auth);
966
967 if (sec_level > conn->hcon->pending_sec_level)
968 conn->hcon->pending_sec_level = sec_level;
969
970 /* If we need MITM check that it can be achieved */
971 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
972 u8 method;
973
974 method = get_auth_method(smp, conn->hcon->io_capability,
975 req->io_capability);
976 if (method == JUST_WORKS || method == JUST_CFM)
977 return SMP_AUTH_REQUIREMENTS;
978 }
979
980 build_pairing_cmd(conn, req, &rsp, auth);
981
982 if (rsp.auth_req & SMP_AUTH_SC)
983 set_bit(SMP_FLAG_SC, &smp->flags);
984
985 key_size = min(req->max_key_size, rsp.max_key_size);
986 if (check_enc_key_size(conn, key_size))
987 return SMP_ENC_KEY_SIZE;
988
989 get_random_bytes(smp->prnd, sizeof(smp->prnd));
990
991 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
992 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
993
994 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
995 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
996
997 /* Request setup of TK */
998 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
999 if (ret)
1000 return SMP_UNSPECIFIED;
1001
1002 return 0;
1003 }
1004
1005 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1006 {
1007 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1008 struct l2cap_chan *chan = conn->smp;
1009 struct smp_chan *smp = chan->data;
1010 struct hci_dev *hdev = conn->hcon->hdev;
1011 u8 key_size, auth;
1012 int ret;
1013
1014 BT_DBG("conn %p", conn);
1015
1016 if (skb->len < sizeof(*rsp))
1017 return SMP_INVALID_PARAMS;
1018
1019 if (conn->hcon->role != HCI_ROLE_MASTER)
1020 return SMP_CMD_NOTSUPP;
1021
1022 skb_pull(skb, sizeof(*rsp));
1023
1024 req = (void *) &smp->preq[1];
1025
1026 key_size = min(req->max_key_size, rsp->max_key_size);
1027 if (check_enc_key_size(conn, key_size))
1028 return SMP_ENC_KEY_SIZE;
1029
1030 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1031
1032 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1033 set_bit(SMP_FLAG_SC, &smp->flags);
1034 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1035 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1036
1037 /* If we need MITM check that it can be achieved */
1038 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1039 u8 method;
1040
1041 method = get_auth_method(smp, req->io_capability,
1042 rsp->io_capability);
1043 if (method == JUST_WORKS || method == JUST_CFM)
1044 return SMP_AUTH_REQUIREMENTS;
1045 }
1046
1047 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1048
1049 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1050 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1051
1052 /* Update remote key distribution in case the remote cleared
1053 * some bits that we had enabled in our request.
1054 */
1055 smp->remote_key_dist &= rsp->resp_key_dist;
1056
1057 auth |= req->auth_req;
1058
1059 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1060 if (ret)
1061 return SMP_UNSPECIFIED;
1062
1063 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1064
1065 /* Can't compose response until we have been confirmed */
1066 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1067 return smp_confirm(smp);
1068
1069 return 0;
1070 }
1071
1072 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1073 {
1074 struct l2cap_chan *chan = conn->smp;
1075 struct smp_chan *smp = chan->data;
1076
1077 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1078
1079 if (skb->len < sizeof(smp->pcnf))
1080 return SMP_INVALID_PARAMS;
1081
1082 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1083 skb_pull(skb, sizeof(smp->pcnf));
1084
1085 if (conn->hcon->out) {
1086 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1087 smp->prnd);
1088 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1089 return 0;
1090 }
1091
1092 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1093 return smp_confirm(smp);
1094 else
1095 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1096
1097 return 0;
1098 }
1099
1100 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1101 {
1102 struct l2cap_chan *chan = conn->smp;
1103 struct smp_chan *smp = chan->data;
1104
1105 BT_DBG("conn %p", conn);
1106
1107 if (skb->len < sizeof(smp->rrnd))
1108 return SMP_INVALID_PARAMS;
1109
1110 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1111 skb_pull(skb, sizeof(smp->rrnd));
1112
1113 return smp_random(smp);
1114 }
1115
1116 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1117 {
1118 struct smp_ltk *key;
1119 struct hci_conn *hcon = conn->hcon;
1120
1121 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1122 hcon->role);
1123 if (!key)
1124 return false;
1125
1126 if (smp_ltk_sec_level(key) < sec_level)
1127 return false;
1128
1129 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1130 return true;
1131
1132 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1133 hcon->enc_key_size = key->enc_size;
1134
1135 /* We never store STKs for master role, so clear this flag */
1136 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1137
1138 return true;
1139 }
1140
1141 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1142 enum smp_key_pref key_pref)
1143 {
1144 if (sec_level == BT_SECURITY_LOW)
1145 return true;
1146
1147 /* If we're encrypted with an STK but the caller prefers using
1148 * LTK claim insufficient security. This way we allow the
1149 * connection to be re-encrypted with an LTK, even if the LTK
1150 * provides the same level of security. Only exception is if we
1151 * don't have an LTK (e.g. because of key distribution bits).
1152 */
1153 if (key_pref == SMP_USE_LTK &&
1154 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1155 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1156 hcon->role))
1157 return false;
1158
1159 if (hcon->sec_level >= sec_level)
1160 return true;
1161
1162 return false;
1163 }
1164
1165 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1166 {
1167 struct smp_cmd_security_req *rp = (void *) skb->data;
1168 struct smp_cmd_pairing cp;
1169 struct hci_conn *hcon = conn->hcon;
1170 struct hci_dev *hdev = hcon->hdev;
1171 struct smp_chan *smp;
1172 u8 sec_level, auth;
1173
1174 BT_DBG("conn %p", conn);
1175
1176 if (skb->len < sizeof(*rp))
1177 return SMP_INVALID_PARAMS;
1178
1179 if (hcon->role != HCI_ROLE_MASTER)
1180 return SMP_CMD_NOTSUPP;
1181
1182 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
1183
1184 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1185 sec_level = BT_SECURITY_MEDIUM;
1186 else
1187 sec_level = authreq_to_seclevel(auth);
1188
1189 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1190 return 0;
1191
1192 if (sec_level > hcon->pending_sec_level)
1193 hcon->pending_sec_level = sec_level;
1194
1195 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1196 return 0;
1197
1198 smp = smp_chan_create(conn);
1199 if (!smp)
1200 return SMP_UNSPECIFIED;
1201
1202 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1203 (auth & SMP_AUTH_BONDING))
1204 return SMP_PAIRING_NOTSUPP;
1205
1206 skb_pull(skb, sizeof(*rp));
1207
1208 memset(&cp, 0, sizeof(cp));
1209 build_pairing_cmd(conn, &cp, NULL, auth);
1210
1211 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1212 memcpy(&smp->preq[1], &cp, sizeof(cp));
1213
1214 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1215 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1216
1217 return 0;
1218 }
1219
1220 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1221 {
1222 struct l2cap_conn *conn = hcon->l2cap_data;
1223 struct l2cap_chan *chan;
1224 struct smp_chan *smp;
1225 __u8 authreq;
1226 int ret;
1227
1228 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1229
1230 /* This may be NULL if there's an unexpected disconnection */
1231 if (!conn)
1232 return 1;
1233
1234 chan = conn->smp;
1235
1236 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1237 return 1;
1238
1239 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1240 return 1;
1241
1242 if (sec_level > hcon->pending_sec_level)
1243 hcon->pending_sec_level = sec_level;
1244
1245 if (hcon->role == HCI_ROLE_MASTER)
1246 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1247 return 0;
1248
1249 l2cap_chan_lock(chan);
1250
1251 /* If SMP is already in progress ignore this request */
1252 if (chan->data) {
1253 ret = 0;
1254 goto unlock;
1255 }
1256
1257 smp = smp_chan_create(conn);
1258 if (!smp) {
1259 ret = 1;
1260 goto unlock;
1261 }
1262
1263 authreq = seclevel_to_authreq(sec_level);
1264
1265 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1266 authreq |= SMP_AUTH_SC;
1267
1268 /* Require MITM if IO Capability allows or the security level
1269 * requires it.
1270 */
1271 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1272 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1273 authreq |= SMP_AUTH_MITM;
1274
1275 if (hcon->role == HCI_ROLE_MASTER) {
1276 struct smp_cmd_pairing cp;
1277
1278 build_pairing_cmd(conn, &cp, NULL, authreq);
1279 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1280 memcpy(&smp->preq[1], &cp, sizeof(cp));
1281
1282 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1283 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1284 } else {
1285 struct smp_cmd_security_req cp;
1286 cp.auth_req = authreq;
1287 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1288 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1289 }
1290
1291 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1292 ret = 0;
1293
1294 unlock:
1295 l2cap_chan_unlock(chan);
1296 return ret;
1297 }
1298
1299 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1300 {
1301 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1302 struct l2cap_chan *chan = conn->smp;
1303 struct smp_chan *smp = chan->data;
1304
1305 BT_DBG("conn %p", conn);
1306
1307 if (skb->len < sizeof(*rp))
1308 return SMP_INVALID_PARAMS;
1309
1310 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1311
1312 skb_pull(skb, sizeof(*rp));
1313
1314 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1315
1316 return 0;
1317 }
1318
1319 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1320 {
1321 struct smp_cmd_master_ident *rp = (void *) skb->data;
1322 struct l2cap_chan *chan = conn->smp;
1323 struct smp_chan *smp = chan->data;
1324 struct hci_dev *hdev = conn->hcon->hdev;
1325 struct hci_conn *hcon = conn->hcon;
1326 struct smp_ltk *ltk;
1327 u8 authenticated;
1328
1329 BT_DBG("conn %p", conn);
1330
1331 if (skb->len < sizeof(*rp))
1332 return SMP_INVALID_PARAMS;
1333
1334 /* Mark the information as received */
1335 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1336
1337 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1338 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1339 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1340 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1341
1342 skb_pull(skb, sizeof(*rp));
1343
1344 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1345 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1346 authenticated, smp->tk, smp->enc_key_size,
1347 rp->ediv, rp->rand);
1348 smp->ltk = ltk;
1349 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1350 smp_distribute_keys(smp);
1351
1352 return 0;
1353 }
1354
1355 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1356 {
1357 struct smp_cmd_ident_info *info = (void *) skb->data;
1358 struct l2cap_chan *chan = conn->smp;
1359 struct smp_chan *smp = chan->data;
1360
1361 BT_DBG("");
1362
1363 if (skb->len < sizeof(*info))
1364 return SMP_INVALID_PARAMS;
1365
1366 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1367
1368 skb_pull(skb, sizeof(*info));
1369
1370 memcpy(smp->irk, info->irk, 16);
1371
1372 return 0;
1373 }
1374
1375 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1376 struct sk_buff *skb)
1377 {
1378 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1379 struct l2cap_chan *chan = conn->smp;
1380 struct smp_chan *smp = chan->data;
1381 struct hci_conn *hcon = conn->hcon;
1382 bdaddr_t rpa;
1383
1384 BT_DBG("");
1385
1386 if (skb->len < sizeof(*info))
1387 return SMP_INVALID_PARAMS;
1388
1389 /* Mark the information as received */
1390 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1391
1392 if (smp->remote_key_dist & SMP_DIST_SIGN)
1393 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1394
1395 skb_pull(skb, sizeof(*info));
1396
1397 /* Strictly speaking the Core Specification (4.1) allows sending
1398 * an empty address which would force us to rely on just the IRK
1399 * as "identity information". However, since such
1400 * implementations are not known of and in order to not over
1401 * complicate our implementation, simply pretend that we never
1402 * received an IRK for such a device.
1403 */
1404 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1405 BT_ERR("Ignoring IRK with no identity address");
1406 goto distribute;
1407 }
1408
1409 bacpy(&smp->id_addr, &info->bdaddr);
1410 smp->id_addr_type = info->addr_type;
1411
1412 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1413 bacpy(&rpa, &hcon->dst);
1414 else
1415 bacpy(&rpa, BDADDR_ANY);
1416
1417 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1418 smp->id_addr_type, smp->irk, &rpa);
1419
1420 distribute:
1421 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1422 smp_distribute_keys(smp);
1423
1424 return 0;
1425 }
1426
1427 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1428 {
1429 struct smp_cmd_sign_info *rp = (void *) skb->data;
1430 struct l2cap_chan *chan = conn->smp;
1431 struct smp_chan *smp = chan->data;
1432 struct smp_csrk *csrk;
1433
1434 BT_DBG("conn %p", conn);
1435
1436 if (skb->len < sizeof(*rp))
1437 return SMP_INVALID_PARAMS;
1438
1439 /* Mark the information as received */
1440 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1441
1442 skb_pull(skb, sizeof(*rp));
1443
1444 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1445 if (csrk) {
1446 csrk->master = 0x01;
1447 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1448 }
1449 smp->csrk = csrk;
1450 smp_distribute_keys(smp);
1451
1452 return 0;
1453 }
1454
1455 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1456 {
1457 struct l2cap_conn *conn = chan->conn;
1458 struct hci_conn *hcon = conn->hcon;
1459 struct smp_chan *smp;
1460 __u8 code, reason;
1461 int err = 0;
1462
1463 if (hcon->type != LE_LINK) {
1464 kfree_skb(skb);
1465 return 0;
1466 }
1467
1468 if (skb->len < 1)
1469 return -EILSEQ;
1470
1471 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1472 reason = SMP_PAIRING_NOTSUPP;
1473 goto done;
1474 }
1475
1476 code = skb->data[0];
1477 skb_pull(skb, sizeof(code));
1478
1479 smp = chan->data;
1480
1481 if (code > SMP_CMD_MAX)
1482 goto drop;
1483
1484 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1485 goto drop;
1486
1487 /* If we don't have a context the only allowed commands are
1488 * pairing request and security request.
1489 */
1490 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1491 goto drop;
1492
1493 switch (code) {
1494 case SMP_CMD_PAIRING_REQ:
1495 reason = smp_cmd_pairing_req(conn, skb);
1496 break;
1497
1498 case SMP_CMD_PAIRING_FAIL:
1499 smp_failure(conn, 0);
1500 err = -EPERM;
1501 break;
1502
1503 case SMP_CMD_PAIRING_RSP:
1504 reason = smp_cmd_pairing_rsp(conn, skb);
1505 break;
1506
1507 case SMP_CMD_SECURITY_REQ:
1508 reason = smp_cmd_security_req(conn, skb);
1509 break;
1510
1511 case SMP_CMD_PAIRING_CONFIRM:
1512 reason = smp_cmd_pairing_confirm(conn, skb);
1513 break;
1514
1515 case SMP_CMD_PAIRING_RANDOM:
1516 reason = smp_cmd_pairing_random(conn, skb);
1517 break;
1518
1519 case SMP_CMD_ENCRYPT_INFO:
1520 reason = smp_cmd_encrypt_info(conn, skb);
1521 break;
1522
1523 case SMP_CMD_MASTER_IDENT:
1524 reason = smp_cmd_master_ident(conn, skb);
1525 break;
1526
1527 case SMP_CMD_IDENT_INFO:
1528 reason = smp_cmd_ident_info(conn, skb);
1529 break;
1530
1531 case SMP_CMD_IDENT_ADDR_INFO:
1532 reason = smp_cmd_ident_addr_info(conn, skb);
1533 break;
1534
1535 case SMP_CMD_SIGN_INFO:
1536 reason = smp_cmd_sign_info(conn, skb);
1537 break;
1538
1539 default:
1540 BT_DBG("Unknown command code 0x%2.2x", code);
1541 reason = SMP_CMD_NOTSUPP;
1542 goto done;
1543 }
1544
1545 done:
1546 if (!err) {
1547 if (reason)
1548 smp_failure(conn, reason);
1549 kfree_skb(skb);
1550 }
1551
1552 return err;
1553
1554 drop:
1555 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1556 code, &hcon->dst);
1557 kfree_skb(skb);
1558 return 0;
1559 }
1560
1561 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1562 {
1563 struct l2cap_conn *conn = chan->conn;
1564
1565 BT_DBG("chan %p", chan);
1566
1567 if (chan->data)
1568 smp_chan_destroy(conn);
1569
1570 conn->smp = NULL;
1571 l2cap_chan_put(chan);
1572 }
1573
1574 static void smp_resume_cb(struct l2cap_chan *chan)
1575 {
1576 struct smp_chan *smp = chan->data;
1577 struct l2cap_conn *conn = chan->conn;
1578 struct hci_conn *hcon = conn->hcon;
1579
1580 BT_DBG("chan %p", chan);
1581
1582 if (!smp)
1583 return;
1584
1585 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1586 return;
1587
1588 cancel_delayed_work(&smp->security_timer);
1589
1590 smp_distribute_keys(smp);
1591 }
1592
1593 static void smp_ready_cb(struct l2cap_chan *chan)
1594 {
1595 struct l2cap_conn *conn = chan->conn;
1596
1597 BT_DBG("chan %p", chan);
1598
1599 conn->smp = chan;
1600 l2cap_chan_hold(chan);
1601 }
1602
1603 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1604 {
1605 int err;
1606
1607 BT_DBG("chan %p", chan);
1608
1609 err = smp_sig_channel(chan, skb);
1610 if (err) {
1611 struct smp_chan *smp = chan->data;
1612
1613 if (smp)
1614 cancel_delayed_work_sync(&smp->security_timer);
1615
1616 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1617 }
1618
1619 return err;
1620 }
1621
1622 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1623 unsigned long hdr_len,
1624 unsigned long len, int nb)
1625 {
1626 struct sk_buff *skb;
1627
1628 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1629 if (!skb)
1630 return ERR_PTR(-ENOMEM);
1631
1632 skb->priority = HCI_PRIO_MAX;
1633 bt_cb(skb)->chan = chan;
1634
1635 return skb;
1636 }
1637
1638 static const struct l2cap_ops smp_chan_ops = {
1639 .name = "Security Manager",
1640 .ready = smp_ready_cb,
1641 .recv = smp_recv_cb,
1642 .alloc_skb = smp_alloc_skb_cb,
1643 .teardown = smp_teardown_cb,
1644 .resume = smp_resume_cb,
1645
1646 .new_connection = l2cap_chan_no_new_connection,
1647 .state_change = l2cap_chan_no_state_change,
1648 .close = l2cap_chan_no_close,
1649 .defer = l2cap_chan_no_defer,
1650 .suspend = l2cap_chan_no_suspend,
1651 .set_shutdown = l2cap_chan_no_set_shutdown,
1652 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1653 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1654 };
1655
1656 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1657 {
1658 struct l2cap_chan *chan;
1659
1660 BT_DBG("pchan %p", pchan);
1661
1662 chan = l2cap_chan_create();
1663 if (!chan)
1664 return NULL;
1665
1666 chan->chan_type = pchan->chan_type;
1667 chan->ops = &smp_chan_ops;
1668 chan->scid = pchan->scid;
1669 chan->dcid = chan->scid;
1670 chan->imtu = pchan->imtu;
1671 chan->omtu = pchan->omtu;
1672 chan->mode = pchan->mode;
1673
1674 /* Other L2CAP channels may request SMP routines in order to
1675 * change the security level. This means that the SMP channel
1676 * lock must be considered in its own category to avoid lockdep
1677 * warnings.
1678 */
1679 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
1680
1681 BT_DBG("created chan %p", chan);
1682
1683 return chan;
1684 }
1685
1686 static const struct l2cap_ops smp_root_chan_ops = {
1687 .name = "Security Manager Root",
1688 .new_connection = smp_new_conn_cb,
1689
1690 /* None of these are implemented for the root channel */
1691 .close = l2cap_chan_no_close,
1692 .alloc_skb = l2cap_chan_no_alloc_skb,
1693 .recv = l2cap_chan_no_recv,
1694 .state_change = l2cap_chan_no_state_change,
1695 .teardown = l2cap_chan_no_teardown,
1696 .ready = l2cap_chan_no_ready,
1697 .defer = l2cap_chan_no_defer,
1698 .suspend = l2cap_chan_no_suspend,
1699 .resume = l2cap_chan_no_resume,
1700 .set_shutdown = l2cap_chan_no_set_shutdown,
1701 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1702 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1703 };
1704
1705 int smp_register(struct hci_dev *hdev)
1706 {
1707 struct l2cap_chan *chan;
1708 struct crypto_blkcipher *tfm_aes;
1709
1710 BT_DBG("%s", hdev->name);
1711
1712 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1713 if (IS_ERR(tfm_aes)) {
1714 int err = PTR_ERR(tfm_aes);
1715 BT_ERR("Unable to create crypto context");
1716 return err;
1717 }
1718
1719 chan = l2cap_chan_create();
1720 if (!chan) {
1721 crypto_free_blkcipher(tfm_aes);
1722 return -ENOMEM;
1723 }
1724
1725 chan->data = tfm_aes;
1726
1727 l2cap_add_scid(chan, L2CAP_CID_SMP);
1728
1729 l2cap_chan_set_defaults(chan);
1730
1731 bacpy(&chan->src, &hdev->bdaddr);
1732 chan->src_type = BDADDR_LE_PUBLIC;
1733 chan->state = BT_LISTEN;
1734 chan->mode = L2CAP_MODE_BASIC;
1735 chan->imtu = L2CAP_DEFAULT_MTU;
1736 chan->ops = &smp_root_chan_ops;
1737
1738 /* Set correct nesting level for a parent/listening channel */
1739 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1740
1741 hdev->smp_data = chan;
1742
1743 return 0;
1744 }
1745
1746 void smp_unregister(struct hci_dev *hdev)
1747 {
1748 struct l2cap_chan *chan = hdev->smp_data;
1749 struct crypto_blkcipher *tfm_aes;
1750
1751 if (!chan)
1752 return;
1753
1754 BT_DBG("%s chan %p", hdev->name, chan);
1755
1756 tfm_aes = chan->data;
1757 if (tfm_aes) {
1758 chan->data = NULL;
1759 crypto_free_blkcipher(tfm_aes);
1760 }
1761
1762 hdev->smp_data = NULL;
1763 l2cap_chan_put(chan);
1764 }
Ubuntu Artful kernel mirror