]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/bluetooth/smp.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Remove unnecessary hdev locking in smp.c
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / smp.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #include "smp.h"
33
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
37
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
40
41 enum {
42 SMP_FLAG_TK_VALID,
43 SMP_FLAG_CFM_PENDING,
44 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR,
47 };
48
49 struct smp_chan {
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
53
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
60 u8 enc_key_size;
61 u8 remote_key_dist;
62 bdaddr_t id_addr;
63 u8 id_addr_type;
64 u8 irk[16];
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
67 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
70 unsigned long flags;
71
72 struct crypto_blkcipher *tfm_aes;
73 };
74
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
76 {
77 size_t i;
78
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
81 }
82
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
84 {
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err;
89
90 if (tfm == NULL) {
91 BT_ERR("tfm %p", tfm);
92 return -EINVAL;
93 }
94
95 desc.tfm = tfm;
96 desc.flags = 0;
97
98 /* The most significant octet of key corresponds to k[0] */
99 swap_buf(k, tmp, 16);
100
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
102 if (err) {
103 BT_ERR("cipher setkey failed: %d", err);
104 return err;
105 }
106
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
109
110 sg_init_one(&sg, data, 16);
111
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
113 if (err)
114 BT_ERR("Encrypt data error %d", err);
115
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
118
119 return err;
120 }
121
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
123 {
124 u8 _res[16];
125 int err;
126
127 /* r' = padding || r */
128 memcpy(_res, r, 3);
129 memset(_res + 3, 0, 13);
130
131 err = smp_e(tfm, irk, _res);
132 if (err) {
133 BT_ERR("Encrypt error");
134 return err;
135 }
136
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
141 * result of ah.
142 */
143 memcpy(res, _res, 3);
144
145 return 0;
146 }
147
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
149 {
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err;
154
155 if (!chan || !chan->data)
156 return false;
157
158 tfm = chan->data;
159
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
161
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
163 if (err)
164 return false;
165
166 return !memcmp(bdaddr->b, hash, 3);
167 }
168
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
170 {
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err;
174
175 if (!chan || !chan->data)
176 return -EOPNOTSUPP;
177
178 tfm = chan->data;
179
180 get_random_bytes(&rpa->b[3], 3);
181
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
184
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
186 if (err < 0)
187 return err;
188
189 BT_DBG("RPA %pMR", rpa);
190
191 return 0;
192 }
193
194 static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
196 bdaddr_t *ra, u8 res[16])
197 {
198 u8 p1[16], p2[16];
199 int err;
200
201 memset(p1, 0, 16);
202
203 /* p1 = pres || preq || _rat || _iat */
204 p1[0] = _iat;
205 p1[1] = _rat;
206 memcpy(p1 + 2, preq, 7);
207 memcpy(p1 + 9, pres, 7);
208
209 /* p2 = padding || ia || ra */
210 memcpy(p2, ra, 6);
211 memcpy(p2 + 6, ia, 6);
212 memset(p2 + 12, 0, 4);
213
214 /* res = r XOR p1 */
215 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
216
217 /* res = e(k, res) */
218 err = smp_e(tfm_aes, k, res);
219 if (err) {
220 BT_ERR("Encrypt data error");
221 return err;
222 }
223
224 /* res = res XOR p2 */
225 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
226
227 /* res = e(k, res) */
228 err = smp_e(tfm_aes, k, res);
229 if (err)
230 BT_ERR("Encrypt data error");
231
232 return err;
233 }
234
235 static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
236 u8 r2[16], u8 _r[16])
237 {
238 int err;
239
240 /* Just least significant octets from r1 and r2 are considered */
241 memcpy(_r, r2, 8);
242 memcpy(_r + 8, r1, 8);
243
244 err = smp_e(tfm_aes, k, _r);
245 if (err)
246 BT_ERR("Encrypt data error");
247
248 return err;
249 }
250
251 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252 {
253 struct l2cap_chan *chan = conn->smp;
254 struct smp_chan *smp;
255 struct kvec iv[2];
256 struct msghdr msg;
257
258 if (!chan)
259 return;
260
261 BT_DBG("code 0x%2.2x", code);
262
263 iv[0].iov_base = &code;
264 iv[0].iov_len = 1;
265
266 iv[1].iov_base = data;
267 iv[1].iov_len = len;
268
269 memset(&msg, 0, sizeof(msg));
270
271 msg.msg_iov = (struct iovec *) &iv;
272 msg.msg_iovlen = 2;
273
274 l2cap_chan_send(chan, &msg, 1 + len);
275
276 if (!chan->data)
277 return;
278
279 smp = chan->data;
280
281 cancel_delayed_work_sync(&smp->security_timer);
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283 }
284
285 static __u8 authreq_to_seclevel(__u8 authreq)
286 {
287 if (authreq & SMP_AUTH_MITM)
288 return BT_SECURITY_HIGH;
289 else
290 return BT_SECURITY_MEDIUM;
291 }
292
293 static __u8 seclevel_to_authreq(__u8 sec_level)
294 {
295 switch (sec_level) {
296 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM:
299 return SMP_AUTH_BONDING;
300 default:
301 return SMP_AUTH_NONE;
302 }
303 }
304
305 static void build_pairing_cmd(struct l2cap_conn *conn,
306 struct smp_cmd_pairing *req,
307 struct smp_cmd_pairing *rsp, __u8 authreq)
308 {
309 struct l2cap_chan *chan = conn->smp;
310 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0;
314
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
317 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
318 authreq |= SMP_AUTH_BONDING;
319 } else {
320 authreq &= ~SMP_AUTH_BONDING;
321 }
322
323 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
324 remote_dist |= SMP_DIST_ID_KEY;
325
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY;
328
329 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK);
336
337 smp->remote_key_dist = remote_dist;
338 return;
339 }
340
341 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK);
347
348 smp->remote_key_dist = rsp->init_key_dist;
349 }
350
351 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
352 {
353 struct l2cap_chan *chan = conn->smp;
354 struct smp_chan *smp = chan->data;
355
356 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
357 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
358 return SMP_ENC_KEY_SIZE;
359
360 smp->enc_key_size = max_key_size;
361
362 return 0;
363 }
364
365 static void smp_chan_destroy(struct l2cap_conn *conn)
366 {
367 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data;
369 bool complete;
370
371 BUG_ON(!smp);
372
373 cancel_delayed_work_sync(&smp->security_timer);
374
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete);
377
378 kfree(smp->csrk);
379 kfree(smp->slave_csrk);
380
381 crypto_free_blkcipher(smp->tfm_aes);
382
383 /* If pairing failed clean up any keys we might have */
384 if (!complete) {
385 if (smp->ltk) {
386 list_del_rcu(&smp->ltk->list);
387 kfree_rcu(smp->ltk, rcu);
388 }
389
390 if (smp->slave_ltk) {
391 list_del_rcu(&smp->slave_ltk->list);
392 kfree_rcu(smp->slave_ltk, rcu);
393 }
394
395 if (smp->remote_irk) {
396 list_del_rcu(&smp->remote_irk->list);
397 kfree_rcu(smp->remote_irk, rcu);
398 }
399 }
400
401 chan->data = NULL;
402 kfree(smp);
403 hci_conn_drop(conn->hcon);
404 }
405
406 static void smp_failure(struct l2cap_conn *conn, u8 reason)
407 {
408 struct hci_conn *hcon = conn->hcon;
409 struct l2cap_chan *chan = conn->smp;
410
411 if (reason)
412 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
413 &reason);
414
415 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
416 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
417
418 if (chan->data)
419 smp_chan_destroy(conn);
420 }
421
422 #define JUST_WORKS 0x00
423 #define JUST_CFM 0x01
424 #define REQ_PASSKEY 0x02
425 #define CFM_PASSKEY 0x03
426 #define REQ_OOB 0x04
427 #define OVERLAP 0xFF
428
429 static const u8 gen_method[5][5] = {
430 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
431 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
432 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
433 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435 };
436
437 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438 {
439 /* If either side has unknown io_caps, use JUST_CFM (which gets
440 * converted later to JUST_WORKS if we're initiators.
441 */
442 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
443 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM;
445
446 return gen_method[remote_io][local_io];
447 }
448
449 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
450 u8 local_io, u8 remote_io)
451 {
452 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0;
457 int ret = 0;
458
459 /* Initialize key for JUST WORKS */
460 memset(smp->tk, 0, sizeof(smp->tk));
461 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
462
463 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
464
465 /* If neither side wants MITM, either "just" confirm an incoming
466 * request or use just-works for outgoing ones. The JUST_CFM
467 * will be converted to JUST_WORKS if necessary later in this
468 * function. If either side has MITM look up the method from the
469 * table.
470 */
471 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM;
473 else
474 method = get_auth_method(smp, local_io, remote_io);
475
476 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
478 method = JUST_WORKS;
479
480 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
482 method = JUST_WORKS;
483
484 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0;
488 }
489
490 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH;
495 }
496
497 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey.
499 */
500 if (method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY;
503 else
504 method = REQ_PASSKEY;
505 }
506
507 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000;
512 put_unaligned_le32(passkey, smp->tk);
513 BT_DBG("PassKey: %d", passkey);
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 }
516
517 if (method == REQ_PASSKEY)
518 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
519 hcon->type, hcon->dst_type);
520 else if (method == JUST_CFM)
521 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type,
523 passkey, 1);
524 else
525 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
526 hcon->type, hcon->dst_type,
527 passkey, 0);
528
529 return ret;
530 }
531
532 static u8 smp_confirm(struct smp_chan *smp)
533 {
534 struct l2cap_conn *conn = smp->conn;
535 struct smp_cmd_pairing_confirm cp;
536 int ret;
537
538 BT_DBG("conn %p", conn);
539
540 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
541 conn->hcon->init_addr_type, &conn->hcon->init_addr,
542 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
543 cp.confirm_val);
544 if (ret)
545 return SMP_UNSPECIFIED;
546
547 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
548
549 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
550
551 if (conn->hcon->out)
552 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
553 else
554 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
555
556 return 0;
557 }
558
559 static u8 smp_random(struct smp_chan *smp)
560 {
561 struct l2cap_conn *conn = smp->conn;
562 struct hci_conn *hcon = conn->hcon;
563 u8 confirm[16];
564 int ret;
565
566 if (IS_ERR_OR_NULL(smp->tfm_aes))
567 return SMP_UNSPECIFIED;
568
569 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
570
571 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
572 hcon->init_addr_type, &hcon->init_addr,
573 hcon->resp_addr_type, &hcon->resp_addr, confirm);
574 if (ret)
575 return SMP_UNSPECIFIED;
576
577 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
578 BT_ERR("Pairing failed (confirmation values mismatch)");
579 return SMP_CONFIRM_FAILED;
580 }
581
582 if (hcon->out) {
583 u8 stk[16];
584 __le64 rand = 0;
585 __le16 ediv = 0;
586
587 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
588
589 memset(stk + smp->enc_key_size, 0,
590 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
591
592 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
593 return SMP_UNSPECIFIED;
594
595 hci_le_start_enc(hcon, ediv, rand, stk);
596 hcon->enc_key_size = smp->enc_key_size;
597 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
598 } else {
599 u8 stk[16], auth;
600 __le64 rand = 0;
601 __le16 ediv = 0;
602
603 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
604 smp->prnd);
605
606 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
607
608 memset(stk + smp->enc_key_size, 0,
609 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
610
611 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
612 auth = 1;
613 else
614 auth = 0;
615
616 /* Even though there's no _SLAVE suffix this is the
617 * slave STK we're adding for later lookup (the master
618 * STK never needs to be stored).
619 */
620 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
621 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
622 }
623
624 return 0;
625 }
626
627 static void smp_notify_keys(struct l2cap_conn *conn)
628 {
629 struct l2cap_chan *chan = conn->smp;
630 struct smp_chan *smp = chan->data;
631 struct hci_conn *hcon = conn->hcon;
632 struct hci_dev *hdev = hcon->hdev;
633 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
634 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
635 bool persistent;
636
637 if (smp->remote_irk) {
638 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the
640 * identity address track the connection based on it
641 * from now on.
642 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
644 hcon->dst_type = smp->remote_irk->addr_type;
645 queue_work(hdev->workqueue, &conn->id_addr_update_work);
646
647 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable
649 * private address, just remove the key so that
650 * it is possible to use the controller white
651 * list for scanning.
652 *
653 * Userspace will have been told to not store
654 * this key at this point. So it is safe to
655 * just remove it.
656 */
657 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
658 list_del_rcu(&smp->remote_irk->list);
659 kfree_rcu(smp->remote_irk, rcu);
660 smp->remote_irk = NULL;
661 }
662 }
663
664 /* The LTKs and CSRKs should be persistent only if both sides
665 * had the bonding bit set in their authentication requests.
666 */
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
668
669 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type;
671 bacpy(&smp->csrk->bdaddr, &hcon->dst);
672 mgmt_new_csrk(hdev, smp->csrk, persistent);
673 }
674
675 if (smp->slave_csrk) {
676 smp->slave_csrk->bdaddr_type = hcon->dst_type;
677 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
678 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
679 }
680
681 if (smp->ltk) {
682 smp->ltk->bdaddr_type = hcon->dst_type;
683 bacpy(&smp->ltk->bdaddr, &hcon->dst);
684 mgmt_new_ltk(hdev, smp->ltk, persistent);
685 }
686
687 if (smp->slave_ltk) {
688 smp->slave_ltk->bdaddr_type = hcon->dst_type;
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 }
692 }
693
694 static void smp_allow_key_dist(struct smp_chan *smp)
695 {
696 /* Allow the first expected phase 3 PDU. The rest of the PDUs
697 * will be allowed in each PDU handler to ensure we receive
698 * them in the correct order.
699 */
700 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
701 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
702 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
703 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
704 else if (smp->remote_key_dist & SMP_DIST_SIGN)
705 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
706 }
707
708 static void smp_distribute_keys(struct smp_chan *smp)
709 {
710 struct smp_cmd_pairing *req, *rsp;
711 struct l2cap_conn *conn = smp->conn;
712 struct hci_conn *hcon = conn->hcon;
713 struct hci_dev *hdev = hcon->hdev;
714 __u8 *keydist;
715
716 BT_DBG("conn %p", conn);
717
718 rsp = (void *) &smp->prsp[1];
719
720 /* The responder sends its keys first */
721 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
722 smp_allow_key_dist(smp);
723 return;
724 }
725
726 req = (void *) &smp->preq[1];
727
728 if (hcon->out) {
729 keydist = &rsp->init_key_dist;
730 *keydist &= req->init_key_dist;
731 } else {
732 keydist = &rsp->resp_key_dist;
733 *keydist &= req->resp_key_dist;
734 }
735
736 BT_DBG("keydist 0x%x", *keydist);
737
738 if (*keydist & SMP_DIST_ENC_KEY) {
739 struct smp_cmd_encrypt_info enc;
740 struct smp_cmd_master_ident ident;
741 struct smp_ltk *ltk;
742 u8 authenticated;
743 __le16 ediv;
744 __le64 rand;
745
746 get_random_bytes(enc.ltk, sizeof(enc.ltk));
747 get_random_bytes(&ediv, sizeof(ediv));
748 get_random_bytes(&rand, sizeof(rand));
749
750 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
751
752 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
753 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
754 SMP_LTK_SLAVE, authenticated, enc.ltk,
755 smp->enc_key_size, ediv, rand);
756 smp->slave_ltk = ltk;
757
758 ident.ediv = ediv;
759 ident.rand = rand;
760
761 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
762
763 *keydist &= ~SMP_DIST_ENC_KEY;
764 }
765
766 if (*keydist & SMP_DIST_ID_KEY) {
767 struct smp_cmd_ident_addr_info addrinfo;
768 struct smp_cmd_ident_info idinfo;
769
770 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
771
772 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
773
774 /* The hci_conn contains the local identity address
775 * after the connection has been established.
776 *
777 * This is true even when the connection has been
778 * established using a resolvable random address.
779 */
780 bacpy(&addrinfo.bdaddr, &hcon->src);
781 addrinfo.addr_type = hcon->src_type;
782
783 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
784 &addrinfo);
785
786 *keydist &= ~SMP_DIST_ID_KEY;
787 }
788
789 if (*keydist & SMP_DIST_SIGN) {
790 struct smp_cmd_sign_info sign;
791 struct smp_csrk *csrk;
792
793 /* Generate a new random key */
794 get_random_bytes(sign.csrk, sizeof(sign.csrk));
795
796 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
797 if (csrk) {
798 csrk->master = 0x00;
799 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
800 }
801 smp->slave_csrk = csrk;
802
803 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
804
805 *keydist &= ~SMP_DIST_SIGN;
806 }
807
808 /* If there are still keys to be received wait for them */
809 if (smp->remote_key_dist & KEY_DIST_MASK) {
810 smp_allow_key_dist(smp);
811 return;
812 }
813
814 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
815 smp_notify_keys(conn);
816
817 smp_chan_destroy(conn);
818 }
819
820 static void smp_timeout(struct work_struct *work)
821 {
822 struct smp_chan *smp = container_of(work, struct smp_chan,
823 security_timer.work);
824 struct l2cap_conn *conn = smp->conn;
825
826 BT_DBG("conn %p", conn);
827
828 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
829 }
830
831 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
832 {
833 struct l2cap_chan *chan = conn->smp;
834 struct smp_chan *smp;
835
836 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
837 if (!smp)
838 return NULL;
839
840 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
841 if (IS_ERR(smp->tfm_aes)) {
842 BT_ERR("Unable to create ECB crypto context");
843 kfree(smp);
844 return NULL;
845 }
846
847 smp->conn = conn;
848 chan->data = smp;
849
850 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
851
852 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
853
854 hci_conn_hold(conn->hcon);
855
856 return smp;
857 }
858
859 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
860 {
861 struct l2cap_conn *conn = hcon->l2cap_data;
862 struct l2cap_chan *chan;
863 struct smp_chan *smp;
864 u32 value;
865 int err;
866
867 BT_DBG("");
868
869 if (!conn)
870 return -ENOTCONN;
871
872 chan = conn->smp;
873 if (!chan)
874 return -ENOTCONN;
875
876 l2cap_chan_lock(chan);
877 if (!chan->data) {
878 err = -ENOTCONN;
879 goto unlock;
880 }
881
882 smp = chan->data;
883
884 switch (mgmt_op) {
885 case MGMT_OP_USER_PASSKEY_REPLY:
886 value = le32_to_cpu(passkey);
887 memset(smp->tk, 0, sizeof(smp->tk));
888 BT_DBG("PassKey: %d", value);
889 put_unaligned_le32(value, smp->tk);
890 /* Fall Through */
891 case MGMT_OP_USER_CONFIRM_REPLY:
892 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
893 break;
894 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
895 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
896 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
897 err = 0;
898 goto unlock;
899 default:
900 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
901 err = -EOPNOTSUPP;
902 goto unlock;
903 }
904
905 err = 0;
906
907 /* If it is our turn to send Pairing Confirm, do so now */
908 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
909 u8 rsp = smp_confirm(smp);
910 if (rsp)
911 smp_failure(conn, rsp);
912 }
913
914 unlock:
915 l2cap_chan_unlock(chan);
916 return err;
917 }
918
919 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
920 {
921 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
922 struct l2cap_chan *chan = conn->smp;
923 struct hci_dev *hdev = conn->hcon->hdev;
924 struct smp_chan *smp;
925 u8 key_size, auth, sec_level;
926 int ret;
927
928 BT_DBG("conn %p", conn);
929
930 if (skb->len < sizeof(*req))
931 return SMP_INVALID_PARAMS;
932
933 if (conn->hcon->role != HCI_ROLE_SLAVE)
934 return SMP_CMD_NOTSUPP;
935
936 if (!chan->data)
937 smp = smp_chan_create(conn);
938 else
939 smp = chan->data;
940
941 if (!smp)
942 return SMP_UNSPECIFIED;
943
944 /* We didn't start the pairing, so match remote */
945 auth = req->auth_req & AUTH_REQ_MASK;
946
947 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
948 (auth & SMP_AUTH_BONDING))
949 return SMP_PAIRING_NOTSUPP;
950
951 smp->preq[0] = SMP_CMD_PAIRING_REQ;
952 memcpy(&smp->preq[1], req, sizeof(*req));
953 skb_pull(skb, sizeof(*req));
954
955 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
956 sec_level = BT_SECURITY_MEDIUM;
957 else
958 sec_level = authreq_to_seclevel(auth);
959
960 if (sec_level > conn->hcon->pending_sec_level)
961 conn->hcon->pending_sec_level = sec_level;
962
963 /* If we need MITM check that it can be achieved */
964 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
965 u8 method;
966
967 method = get_auth_method(smp, conn->hcon->io_capability,
968 req->io_capability);
969 if (method == JUST_WORKS || method == JUST_CFM)
970 return SMP_AUTH_REQUIREMENTS;
971 }
972
973 build_pairing_cmd(conn, req, &rsp, auth);
974
975 key_size = min(req->max_key_size, rsp.max_key_size);
976 if (check_enc_key_size(conn, key_size))
977 return SMP_ENC_KEY_SIZE;
978
979 get_random_bytes(smp->prnd, sizeof(smp->prnd));
980
981 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
982 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
983
984 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
986
987 /* Request setup of TK */
988 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
989 if (ret)
990 return SMP_UNSPECIFIED;
991
992 return 0;
993 }
994
995 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
996 {
997 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
998 struct l2cap_chan *chan = conn->smp;
999 struct smp_chan *smp = chan->data;
1000 u8 key_size, auth;
1001 int ret;
1002
1003 BT_DBG("conn %p", conn);
1004
1005 if (skb->len < sizeof(*rsp))
1006 return SMP_INVALID_PARAMS;
1007
1008 if (conn->hcon->role != HCI_ROLE_MASTER)
1009 return SMP_CMD_NOTSUPP;
1010
1011 skb_pull(skb, sizeof(*rsp));
1012
1013 req = (void *) &smp->preq[1];
1014
1015 key_size = min(req->max_key_size, rsp->max_key_size);
1016 if (check_enc_key_size(conn, key_size))
1017 return SMP_ENC_KEY_SIZE;
1018
1019 auth = rsp->auth_req & AUTH_REQ_MASK;
1020
1021 /* If we need MITM check that it can be achieved */
1022 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1023 u8 method;
1024
1025 method = get_auth_method(smp, req->io_capability,
1026 rsp->io_capability);
1027 if (method == JUST_WORKS || method == JUST_CFM)
1028 return SMP_AUTH_REQUIREMENTS;
1029 }
1030
1031 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1032
1033 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1034 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1035
1036 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request.
1038 */
1039 smp->remote_key_dist &= rsp->resp_key_dist;
1040
1041 auth |= req->auth_req;
1042
1043 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1044 if (ret)
1045 return SMP_UNSPECIFIED;
1046
1047 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1048
1049 /* Can't compose response until we have been confirmed */
1050 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1051 return smp_confirm(smp);
1052
1053 return 0;
1054 }
1055
1056 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1057 {
1058 struct l2cap_chan *chan = conn->smp;
1059 struct smp_chan *smp = chan->data;
1060
1061 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1062
1063 if (skb->len < sizeof(smp->pcnf))
1064 return SMP_INVALID_PARAMS;
1065
1066 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1067 skb_pull(skb, sizeof(smp->pcnf));
1068
1069 if (conn->hcon->out) {
1070 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1071 smp->prnd);
1072 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1073 return 0;
1074 }
1075
1076 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1077 return smp_confirm(smp);
1078 else
1079 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1080
1081 return 0;
1082 }
1083
1084 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1085 {
1086 struct l2cap_chan *chan = conn->smp;
1087 struct smp_chan *smp = chan->data;
1088
1089 BT_DBG("conn %p", conn);
1090
1091 if (skb->len < sizeof(smp->rrnd))
1092 return SMP_INVALID_PARAMS;
1093
1094 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1095 skb_pull(skb, sizeof(smp->rrnd));
1096
1097 return smp_random(smp);
1098 }
1099
1100 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1101 {
1102 struct smp_ltk *key;
1103 struct hci_conn *hcon = conn->hcon;
1104
1105 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1106 hcon->role);
1107 if (!key)
1108 return false;
1109
1110 if (smp_ltk_sec_level(key) < sec_level)
1111 return false;
1112
1113 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1114 return true;
1115
1116 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1117 hcon->enc_key_size = key->enc_size;
1118
1119 /* We never store STKs for master role, so clear this flag */
1120 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1121
1122 return true;
1123 }
1124
1125 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1126 enum smp_key_pref key_pref)
1127 {
1128 if (sec_level == BT_SECURITY_LOW)
1129 return true;
1130
1131 /* If we're encrypted with an STK but the caller prefers using
1132 * LTK claim insufficient security. This way we allow the
1133 * connection to be re-encrypted with an LTK, even if the LTK
1134 * provides the same level of security. Only exception is if we
1135 * don't have an LTK (e.g. because of key distribution bits).
1136 */
1137 if (key_pref == SMP_USE_LTK &&
1138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1139 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1140 hcon->role))
1141 return false;
1142
1143 if (hcon->sec_level >= sec_level)
1144 return true;
1145
1146 return false;
1147 }
1148
1149 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1150 {
1151 struct smp_cmd_security_req *rp = (void *) skb->data;
1152 struct smp_cmd_pairing cp;
1153 struct hci_conn *hcon = conn->hcon;
1154 struct smp_chan *smp;
1155 u8 sec_level, auth;
1156
1157 BT_DBG("conn %p", conn);
1158
1159 if (skb->len < sizeof(*rp))
1160 return SMP_INVALID_PARAMS;
1161
1162 if (hcon->role != HCI_ROLE_MASTER)
1163 return SMP_CMD_NOTSUPP;
1164
1165 auth = rp->auth_req & AUTH_REQ_MASK;
1166
1167 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1168 sec_level = BT_SECURITY_MEDIUM;
1169 else
1170 sec_level = authreq_to_seclevel(auth);
1171
1172 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1173 return 0;
1174
1175 if (sec_level > hcon->pending_sec_level)
1176 hcon->pending_sec_level = sec_level;
1177
1178 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1179 return 0;
1180
1181 smp = smp_chan_create(conn);
1182 if (!smp)
1183 return SMP_UNSPECIFIED;
1184
1185 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1186 (auth & SMP_AUTH_BONDING))
1187 return SMP_PAIRING_NOTSUPP;
1188
1189 skb_pull(skb, sizeof(*rp));
1190
1191 memset(&cp, 0, sizeof(cp));
1192 build_pairing_cmd(conn, &cp, NULL, auth);
1193
1194 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1195 memcpy(&smp->preq[1], &cp, sizeof(cp));
1196
1197 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1198 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1199
1200 return 0;
1201 }
1202
1203 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1204 {
1205 struct l2cap_conn *conn = hcon->l2cap_data;
1206 struct l2cap_chan *chan;
1207 struct smp_chan *smp;
1208 __u8 authreq;
1209 int ret;
1210
1211 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1212
1213 /* This may be NULL if there's an unexpected disconnection */
1214 if (!conn)
1215 return 1;
1216
1217 chan = conn->smp;
1218
1219 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1220 return 1;
1221
1222 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
1223 return 1;
1224
1225 if (sec_level > hcon->pending_sec_level)
1226 hcon->pending_sec_level = sec_level;
1227
1228 if (hcon->role == HCI_ROLE_MASTER)
1229 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1230 return 0;
1231
1232 l2cap_chan_lock(chan);
1233
1234 /* If SMP is already in progress ignore this request */
1235 if (chan->data) {
1236 ret = 0;
1237 goto unlock;
1238 }
1239
1240 smp = smp_chan_create(conn);
1241 if (!smp) {
1242 ret = 1;
1243 goto unlock;
1244 }
1245
1246 authreq = seclevel_to_authreq(sec_level);
1247
1248 /* Require MITM if IO Capability allows or the security level
1249 * requires it.
1250 */
1251 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1252 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1253 authreq |= SMP_AUTH_MITM;
1254
1255 if (hcon->role == HCI_ROLE_MASTER) {
1256 struct smp_cmd_pairing cp;
1257
1258 build_pairing_cmd(conn, &cp, NULL, authreq);
1259 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1260 memcpy(&smp->preq[1], &cp, sizeof(cp));
1261
1262 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1263 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1264 } else {
1265 struct smp_cmd_security_req cp;
1266 cp.auth_req = authreq;
1267 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1268 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1269 }
1270
1271 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1272 ret = 0;
1273
1274 unlock:
1275 l2cap_chan_unlock(chan);
1276 return ret;
1277 }
1278
1279 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1280 {
1281 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1282 struct l2cap_chan *chan = conn->smp;
1283 struct smp_chan *smp = chan->data;
1284
1285 BT_DBG("conn %p", conn);
1286
1287 if (skb->len < sizeof(*rp))
1288 return SMP_INVALID_PARAMS;
1289
1290 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1291
1292 skb_pull(skb, sizeof(*rp));
1293
1294 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1295
1296 return 0;
1297 }
1298
1299 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1300 {
1301 struct smp_cmd_master_ident *rp = (void *) skb->data;
1302 struct l2cap_chan *chan = conn->smp;
1303 struct smp_chan *smp = chan->data;
1304 struct hci_dev *hdev = conn->hcon->hdev;
1305 struct hci_conn *hcon = conn->hcon;
1306 struct smp_ltk *ltk;
1307 u8 authenticated;
1308
1309 BT_DBG("conn %p", conn);
1310
1311 if (skb->len < sizeof(*rp))
1312 return SMP_INVALID_PARAMS;
1313
1314 /* Mark the information as received */
1315 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1316
1317 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1318 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1319 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1320 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1321
1322 skb_pull(skb, sizeof(*rp));
1323
1324 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1325 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1326 authenticated, smp->tk, smp->enc_key_size,
1327 rp->ediv, rp->rand);
1328 smp->ltk = ltk;
1329 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1330 smp_distribute_keys(smp);
1331
1332 return 0;
1333 }
1334
1335 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1336 {
1337 struct smp_cmd_ident_info *info = (void *) skb->data;
1338 struct l2cap_chan *chan = conn->smp;
1339 struct smp_chan *smp = chan->data;
1340
1341 BT_DBG("");
1342
1343 if (skb->len < sizeof(*info))
1344 return SMP_INVALID_PARAMS;
1345
1346 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1347
1348 skb_pull(skb, sizeof(*info));
1349
1350 memcpy(smp->irk, info->irk, 16);
1351
1352 return 0;
1353 }
1354
1355 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1356 struct sk_buff *skb)
1357 {
1358 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1359 struct l2cap_chan *chan = conn->smp;
1360 struct smp_chan *smp = chan->data;
1361 struct hci_conn *hcon = conn->hcon;
1362 bdaddr_t rpa;
1363
1364 BT_DBG("");
1365
1366 if (skb->len < sizeof(*info))
1367 return SMP_INVALID_PARAMS;
1368
1369 /* Mark the information as received */
1370 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1371
1372 if (smp->remote_key_dist & SMP_DIST_SIGN)
1373 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1374
1375 skb_pull(skb, sizeof(*info));
1376
1377 /* Strictly speaking the Core Specification (4.1) allows sending
1378 * an empty address which would force us to rely on just the IRK
1379 * as "identity information". However, since such
1380 * implementations are not known of and in order to not over
1381 * complicate our implementation, simply pretend that we never
1382 * received an IRK for such a device.
1383 */
1384 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1385 BT_ERR("Ignoring IRK with no identity address");
1386 goto distribute;
1387 }
1388
1389 bacpy(&smp->id_addr, &info->bdaddr);
1390 smp->id_addr_type = info->addr_type;
1391
1392 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1393 bacpy(&rpa, &hcon->dst);
1394 else
1395 bacpy(&rpa, BDADDR_ANY);
1396
1397 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1398 smp->id_addr_type, smp->irk, &rpa);
1399
1400 distribute:
1401 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1402 smp_distribute_keys(smp);
1403
1404 return 0;
1405 }
1406
1407 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1408 {
1409 struct smp_cmd_sign_info *rp = (void *) skb->data;
1410 struct l2cap_chan *chan = conn->smp;
1411 struct smp_chan *smp = chan->data;
1412 struct smp_csrk *csrk;
1413
1414 BT_DBG("conn %p", conn);
1415
1416 if (skb->len < sizeof(*rp))
1417 return SMP_INVALID_PARAMS;
1418
1419 /* Mark the information as received */
1420 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1421
1422 skb_pull(skb, sizeof(*rp));
1423
1424 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1425 if (csrk) {
1426 csrk->master = 0x01;
1427 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1428 }
1429 smp->csrk = csrk;
1430 smp_distribute_keys(smp);
1431
1432 return 0;
1433 }
1434
1435 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1436 {
1437 struct l2cap_conn *conn = chan->conn;
1438 struct hci_conn *hcon = conn->hcon;
1439 struct smp_chan *smp;
1440 __u8 code, reason;
1441 int err = 0;
1442
1443 if (hcon->type != LE_LINK) {
1444 kfree_skb(skb);
1445 return 0;
1446 }
1447
1448 if (skb->len < 1)
1449 return -EILSEQ;
1450
1451 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1452 reason = SMP_PAIRING_NOTSUPP;
1453 goto done;
1454 }
1455
1456 code = skb->data[0];
1457 skb_pull(skb, sizeof(code));
1458
1459 smp = chan->data;
1460
1461 if (code > SMP_CMD_MAX)
1462 goto drop;
1463
1464 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1465 goto drop;
1466
1467 /* If we don't have a context the only allowed commands are
1468 * pairing request and security request.
1469 */
1470 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1471 goto drop;
1472
1473 switch (code) {
1474 case SMP_CMD_PAIRING_REQ:
1475 reason = smp_cmd_pairing_req(conn, skb);
1476 break;
1477
1478 case SMP_CMD_PAIRING_FAIL:
1479 smp_failure(conn, 0);
1480 err = -EPERM;
1481 break;
1482
1483 case SMP_CMD_PAIRING_RSP:
1484 reason = smp_cmd_pairing_rsp(conn, skb);
1485 break;
1486
1487 case SMP_CMD_SECURITY_REQ:
1488 reason = smp_cmd_security_req(conn, skb);
1489 break;
1490
1491 case SMP_CMD_PAIRING_CONFIRM:
1492 reason = smp_cmd_pairing_confirm(conn, skb);
1493 break;
1494
1495 case SMP_CMD_PAIRING_RANDOM:
1496 reason = smp_cmd_pairing_random(conn, skb);
1497 break;
1498
1499 case SMP_CMD_ENCRYPT_INFO:
1500 reason = smp_cmd_encrypt_info(conn, skb);
1501 break;
1502
1503 case SMP_CMD_MASTER_IDENT:
1504 reason = smp_cmd_master_ident(conn, skb);
1505 break;
1506
1507 case SMP_CMD_IDENT_INFO:
1508 reason = smp_cmd_ident_info(conn, skb);
1509 break;
1510
1511 case SMP_CMD_IDENT_ADDR_INFO:
1512 reason = smp_cmd_ident_addr_info(conn, skb);
1513 break;
1514
1515 case SMP_CMD_SIGN_INFO:
1516 reason = smp_cmd_sign_info(conn, skb);
1517 break;
1518
1519 default:
1520 BT_DBG("Unknown command code 0x%2.2x", code);
1521 reason = SMP_CMD_NOTSUPP;
1522 goto done;
1523 }
1524
1525 done:
1526 if (!err) {
1527 if (reason)
1528 smp_failure(conn, reason);
1529 kfree_skb(skb);
1530 }
1531
1532 return err;
1533
1534 drop:
1535 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1536 code, &hcon->dst);
1537 kfree_skb(skb);
1538 return 0;
1539 }
1540
1541 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1542 {
1543 struct l2cap_conn *conn = chan->conn;
1544
1545 BT_DBG("chan %p", chan);
1546
1547 if (chan->data)
1548 smp_chan_destroy(conn);
1549
1550 conn->smp = NULL;
1551 l2cap_chan_put(chan);
1552 }
1553
1554 static void smp_resume_cb(struct l2cap_chan *chan)
1555 {
1556 struct smp_chan *smp = chan->data;
1557 struct l2cap_conn *conn = chan->conn;
1558 struct hci_conn *hcon = conn->hcon;
1559
1560 BT_DBG("chan %p", chan);
1561
1562 if (!smp)
1563 return;
1564
1565 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1566 return;
1567
1568 cancel_delayed_work(&smp->security_timer);
1569
1570 smp_distribute_keys(smp);
1571 }
1572
1573 static void smp_ready_cb(struct l2cap_chan *chan)
1574 {
1575 struct l2cap_conn *conn = chan->conn;
1576
1577 BT_DBG("chan %p", chan);
1578
1579 conn->smp = chan;
1580 l2cap_chan_hold(chan);
1581 }
1582
1583 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1584 {
1585 int err;
1586
1587 BT_DBG("chan %p", chan);
1588
1589 err = smp_sig_channel(chan, skb);
1590 if (err) {
1591 struct smp_chan *smp = chan->data;
1592
1593 if (smp)
1594 cancel_delayed_work_sync(&smp->security_timer);
1595
1596 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1597 }
1598
1599 return err;
1600 }
1601
1602 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1603 unsigned long hdr_len,
1604 unsigned long len, int nb)
1605 {
1606 struct sk_buff *skb;
1607
1608 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1609 if (!skb)
1610 return ERR_PTR(-ENOMEM);
1611
1612 skb->priority = HCI_PRIO_MAX;
1613 bt_cb(skb)->chan = chan;
1614
1615 return skb;
1616 }
1617
1618 static const struct l2cap_ops smp_chan_ops = {
1619 .name = "Security Manager",
1620 .ready = smp_ready_cb,
1621 .recv = smp_recv_cb,
1622 .alloc_skb = smp_alloc_skb_cb,
1623 .teardown = smp_teardown_cb,
1624 .resume = smp_resume_cb,
1625
1626 .new_connection = l2cap_chan_no_new_connection,
1627 .state_change = l2cap_chan_no_state_change,
1628 .close = l2cap_chan_no_close,
1629 .defer = l2cap_chan_no_defer,
1630 .suspend = l2cap_chan_no_suspend,
1631 .set_shutdown = l2cap_chan_no_set_shutdown,
1632 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1633 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1634 };
1635
1636 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1637 {
1638 struct l2cap_chan *chan;
1639
1640 BT_DBG("pchan %p", pchan);
1641
1642 chan = l2cap_chan_create();
1643 if (!chan)
1644 return NULL;
1645
1646 chan->chan_type = pchan->chan_type;
1647 chan->ops = &smp_chan_ops;
1648 chan->scid = pchan->scid;
1649 chan->dcid = chan->scid;
1650 chan->imtu = pchan->imtu;
1651 chan->omtu = pchan->omtu;
1652 chan->mode = pchan->mode;
1653
1654 /* Other L2CAP channels may request SMP routines in order to
1655 * change the security level. This means that the SMP channel
1656 * lock must be considered in its own category to avoid lockdep
1657 * warnings.
1658 */
1659 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
1660
1661 BT_DBG("created chan %p", chan);
1662
1663 return chan;
1664 }
1665
1666 static const struct l2cap_ops smp_root_chan_ops = {
1667 .name = "Security Manager Root",
1668 .new_connection = smp_new_conn_cb,
1669
1670 /* None of these are implemented for the root channel */
1671 .close = l2cap_chan_no_close,
1672 .alloc_skb = l2cap_chan_no_alloc_skb,
1673 .recv = l2cap_chan_no_recv,
1674 .state_change = l2cap_chan_no_state_change,
1675 .teardown = l2cap_chan_no_teardown,
1676 .ready = l2cap_chan_no_ready,
1677 .defer = l2cap_chan_no_defer,
1678 .suspend = l2cap_chan_no_suspend,
1679 .resume = l2cap_chan_no_resume,
1680 .set_shutdown = l2cap_chan_no_set_shutdown,
1681 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1682 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1683 };
1684
1685 int smp_register(struct hci_dev *hdev)
1686 {
1687 struct l2cap_chan *chan;
1688 struct crypto_blkcipher *tfm_aes;
1689
1690 BT_DBG("%s", hdev->name);
1691
1692 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1693 if (IS_ERR(tfm_aes)) {
1694 int err = PTR_ERR(tfm_aes);
1695 BT_ERR("Unable to create crypto context");
1696 return err;
1697 }
1698
1699 chan = l2cap_chan_create();
1700 if (!chan) {
1701 crypto_free_blkcipher(tfm_aes);
1702 return -ENOMEM;
1703 }
1704
1705 chan->data = tfm_aes;
1706
1707 l2cap_add_scid(chan, L2CAP_CID_SMP);
1708
1709 l2cap_chan_set_defaults(chan);
1710
1711 bacpy(&chan->src, &hdev->bdaddr);
1712 chan->src_type = BDADDR_LE_PUBLIC;
1713 chan->state = BT_LISTEN;
1714 chan->mode = L2CAP_MODE_BASIC;
1715 chan->imtu = L2CAP_DEFAULT_MTU;
1716 chan->ops = &smp_root_chan_ops;
1717
1718 /* Set correct nesting level for a parent/listening channel */
1719 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1720
1721 hdev->smp_data = chan;
1722
1723 return 0;
1724 }
1725
1726 void smp_unregister(struct hci_dev *hdev)
1727 {
1728 struct l2cap_chan *chan = hdev->smp_data;
1729 struct crypto_blkcipher *tfm_aes;
1730
1731 if (!chan)
1732 return;
1733
1734 BT_DBG("%s chan %p", hdev->name, chan);
1735
1736 tfm_aes = chan->data;
1737 if (tfm_aes) {
1738 chan->data = NULL;
1739 crypto_free_blkcipher(tfm_aes);
1740 }
1741
1742 hdev->smp_data = NULL;
1743 l2cap_chan_put(chan);
1744 }
ubuntu-bionic-kernel mirror