blob: 8cfa1c1b205c49e95d923ad9fe6d8eaeb9e44ba2 [file] [log] [blame]
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
Gustavo Padovan8c520a52012-05-23 04:04:22 -030023#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
Anderson Brigliaeb492e02011-06-09 18:50:40 -030027#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
Brian Gix2b64d152011-12-21 16:12:12 -080030#include <net/bluetooth/mgmt.h>
Marcel Holtmannac4b7232013-10-10 14:54:16 -070031
Johan Hedberg3b191462014-06-06 10:50:15 +030032#include "ecc.h"
Marcel Holtmannac4b7232013-10-10 14:54:16 -070033#include "smp.h"
Anderson Brigliad22ef0b2011-06-09 18:50:44 -030034
Johan Hedbergb28b4942014-09-05 22:19:55 +030035#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
Johan Hedbergb28b4942014-09-05 22:19:55 +030036
Johan Hedberg3b191462014-06-06 10:50:15 +030037/* Keys which are not distributed with Secure Connections */
38#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
39
Marcel Holtmann17b02e62012-03-01 14:32:37 -080040#define SMP_TIMEOUT msecs_to_jiffies(30000)
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -030041
Johan Hedberg0edb14d2014-05-26 13:29:28 +030042#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
43 0x1f : 0x07)
44#define KEY_DIST_MASK 0x07
Johan Hedberg065a13e2012-10-11 16:26:06 +020045
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +030046/* Maximum message length that can be passed to aes_cmac */
47#define CMAC_MSG_MAX 80
48
Johan Hedberg533e35d2014-06-16 19:25:18 +030049enum {
50 SMP_FLAG_TK_VALID,
51 SMP_FLAG_CFM_PENDING,
52 SMP_FLAG_MITM_AUTH,
53 SMP_FLAG_COMPLETE,
54 SMP_FLAG_INITIATOR,
Johan Hedberg65668772014-05-16 11:03:34 +030055 SMP_FLAG_SC,
Johan Hedbergd8f8edb2014-06-06 11:09:28 +030056 SMP_FLAG_REMOTE_PK,
Johan Hedbergaeb7d462014-05-31 18:52:28 +030057 SMP_FLAG_DEBUG_KEY,
Johan Hedberg38606f12014-06-25 11:10:28 +030058 SMP_FLAG_WAIT_USER,
Johan Hedberg533e35d2014-06-16 19:25:18 +030059};
Johan Hedberg4bc58f52014-05-20 09:45:47 +030060
61struct smp_chan {
Johan Hedbergb68fda62014-08-11 22:06:40 +030062 struct l2cap_conn *conn;
63 struct delayed_work security_timer;
Johan Hedbergb28b4942014-09-05 22:19:55 +030064 unsigned long allow_cmd; /* Bitmask of allowed commands */
Johan Hedbergb68fda62014-08-11 22:06:40 +030065
Johan Hedberg4bc58f52014-05-20 09:45:47 +030066 u8 preq[7]; /* SMP Pairing Request */
67 u8 prsp[7]; /* SMP Pairing Response */
68 u8 prnd[16]; /* SMP Pairing Random (local) */
69 u8 rrnd[16]; /* SMP Pairing Random (remote) */
70 u8 pcnf[16]; /* SMP Pairing Confirm */
71 u8 tk[16]; /* SMP Temporary Key */
72 u8 enc_key_size;
73 u8 remote_key_dist;
74 bdaddr_t id_addr;
75 u8 id_addr_type;
76 u8 irk[16];
77 struct smp_csrk *csrk;
78 struct smp_csrk *slave_csrk;
79 struct smp_ltk *ltk;
80 struct smp_ltk *slave_ltk;
81 struct smp_irk *remote_irk;
Johan Hedberg6a770832014-06-06 11:54:04 +030082 u8 *link_key;
Johan Hedberg4a74d652014-05-20 09:45:50 +030083 unsigned long flags;
Johan Hedberg783e0572014-05-31 18:48:26 +030084 u8 method;
Johan Hedberg38606f12014-06-25 11:10:28 +030085 u8 passkey_round;
Johan Hedberg6a7bd102014-06-27 14:23:03 +030086
Johan Hedberg3b191462014-06-06 10:50:15 +030087 /* Secure Connections variables */
88 u8 local_pk[64];
89 u8 local_sk[32];
Johan Hedbergd8f8edb2014-06-06 11:09:28 +030090 u8 remote_pk[64];
91 u8 dhkey[32];
Johan Hedberg760b0182014-06-06 11:44:05 +030092 u8 mackey[16];
Johan Hedberg3b191462014-06-06 10:50:15 +030093
Johan Hedberg6a7bd102014-06-27 14:23:03 +030094 struct crypto_blkcipher *tfm_aes;
Johan Hedberg407cecf2014-05-02 14:19:47 +030095 struct crypto_hash *tfm_cmac;
Johan Hedberg4bc58f52014-05-20 09:45:47 +030096};
97
Johan Hedbergaeb7d462014-05-31 18:52:28 +030098/* These debug key values are defined in the SMP section of the core
99 * specification. debug_pk is the public debug key and debug_sk the
100 * private debug key.
101 */
102static const u8 debug_pk[64] = {
103 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
104 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
105 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
106 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
107
108 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
109 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
110 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
111 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
112};
113
114static const u8 debug_sk[32] = {
115 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
116 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
117 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
118 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
119};
120
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300121static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300122{
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300123 size_t i;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300124
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300125 for (i = 0; i < len; i++)
126 dst[len - 1 - i] = src[i];
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300127}
128
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +0300129static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
130 size_t len, u8 mac[16])
131{
132 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
133 struct hash_desc desc;
134 struct scatterlist sg;
135 int err;
136
137 if (len > CMAC_MSG_MAX)
138 return -EFBIG;
139
140 if (!tfm) {
141 BT_ERR("tfm %p", tfm);
142 return -EINVAL;
143 }
144
145 desc.tfm = tfm;
146 desc.flags = 0;
147
148 crypto_hash_init(&desc);
149
150 /* Swap key and message from LSB to MSB */
151 swap_buf(k, tmp, 16);
152 swap_buf(m, msg_msb, len);
153
154 BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
155 BT_DBG("key %16phN", k);
156
157 err = crypto_hash_setkey(tfm, tmp, 16);
158 if (err) {
159 BT_ERR("cipher setkey failed: %d", err);
160 return err;
161 }
162
163 sg_init_one(&sg, msg_msb, len);
164
165 err = crypto_hash_update(&desc, &sg, len);
166 if (err) {
167 BT_ERR("Hash update error %d", err);
168 return err;
169 }
170
171 err = crypto_hash_final(&desc, mac_msb);
172 if (err) {
173 BT_ERR("Hash final error %d", err);
174 return err;
175 }
176
177 swap_buf(mac_msb, mac, 16);
178
179 BT_DBG("mac %16phN", mac);
180
181 return 0;
182}
183
184static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
185 const u8 x[16], u8 z, u8 res[16])
186{
187 u8 m[65];
188 int err;
189
190 BT_DBG("u %32phN", u);
191 BT_DBG("v %32phN", v);
192 BT_DBG("x %16phN z %02x", x, z);
193
194 m[0] = z;
195 memcpy(m + 1, v, 32);
196 memcpy(m + 33, u, 32);
197
198 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
199 if (err)
200 return err;
201
202 BT_DBG("res %16phN", res);
203
204 return err;
205}
206
Johan Hedberg760b0182014-06-06 11:44:05 +0300207static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
208 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
209{
210 /* The btle, salt and length "magic" values are as defined in
211 * the SMP section of the Bluetooth core specification. In ASCII
212 * the btle value ends up being 'btle'. The salt is just a
213 * random number whereas length is the value 256 in little
214 * endian format.
215 */
216 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
217 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
218 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
219 const u8 length[2] = { 0x00, 0x01 };
220 u8 m[53], t[16];
221 int err;
222
223 BT_DBG("w %32phN", w);
224 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
225 BT_DBG("a1 %7phN a2 %7phN", a1, a2);
226
227 err = aes_cmac(tfm_cmac, salt, w, 32, t);
228 if (err)
229 return err;
230
231 BT_DBG("t %16phN", t);
232
233 memcpy(m, length, 2);
234 memcpy(m + 2, a2, 7);
235 memcpy(m + 9, a1, 7);
236 memcpy(m + 16, n2, 16);
237 memcpy(m + 32, n1, 16);
238 memcpy(m + 48, btle, 4);
239
240 m[52] = 0; /* Counter */
241
242 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
243 if (err)
244 return err;
245
246 BT_DBG("mackey %16phN", mackey);
247
248 m[52] = 1; /* Counter */
249
250 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
251 if (err)
252 return err;
253
254 BT_DBG("ltk %16phN", ltk);
255
256 return 0;
257}
258
259static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
260 const u8 n1[16], u8 n2[16], const u8 r[16],
261 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
262 u8 res[16])
263{
264 u8 m[65];
265 int err;
266
267 BT_DBG("w %16phN", w);
268 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
269 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
270
271 memcpy(m, a2, 7);
272 memcpy(m + 7, a1, 7);
273 memcpy(m + 14, io_cap, 3);
274 memcpy(m + 17, r, 16);
275 memcpy(m + 33, n2, 16);
276 memcpy(m + 49, n1, 16);
277
278 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
279 if (err)
280 return err;
281
282 BT_DBG("res %16phN", res);
283
284 return err;
285}
286
Johan Hedberg191dc7f2014-06-06 11:39:49 +0300287static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
288 const u8 x[16], const u8 y[16], u32 *val)
289{
290 u8 m[80], tmp[16];
291 int err;
292
293 BT_DBG("u %32phN", u);
294 BT_DBG("v %32phN", v);
295 BT_DBG("x %16phN y %16phN", x, y);
296
297 memcpy(m, y, 16);
298 memcpy(m + 16, v, 32);
299 memcpy(m + 48, u, 32);
300
301 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
302 if (err)
303 return err;
304
305 *val = get_unaligned_le32(tmp);
306 *val %= 1000000;
307
308 BT_DBG("val %06u", *val);
309
310 return 0;
311}
312
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300313static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
314{
315 struct blkcipher_desc desc;
316 struct scatterlist sg;
Johan Hedberg943a7322014-03-18 12:58:24 +0200317 uint8_t tmp[16], data[16];
Johan Hedberg201a5922013-12-02 10:49:04 +0200318 int err;
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300319
320 if (tfm == NULL) {
321 BT_ERR("tfm %p", tfm);
322 return -EINVAL;
323 }
324
325 desc.tfm = tfm;
326 desc.flags = 0;
327
Johan Hedberg943a7322014-03-18 12:58:24 +0200328 /* The most significant octet of key corresponds to k[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300329 swap_buf(k, tmp, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200330
331 err = crypto_blkcipher_setkey(tfm, tmp, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300332 if (err) {
333 BT_ERR("cipher setkey failed: %d", err);
334 return err;
335 }
336
Johan Hedberg943a7322014-03-18 12:58:24 +0200337 /* Most significant octet of plaintextData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300338 swap_buf(r, data, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200339
340 sg_init_one(&sg, data, 16);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300341
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300342 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
343 if (err)
344 BT_ERR("Encrypt data error %d", err);
345
Johan Hedberg943a7322014-03-18 12:58:24 +0200346 /* Most significant octet of encryptedData corresponds to data[0] */
Johan Hedberg8a2936f2014-06-16 19:25:19 +0300347 swap_buf(data, r, 16);
Johan Hedberg943a7322014-03-18 12:58:24 +0200348
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300349 return err;
350}
351
Johan Hedberg6a770832014-06-06 11:54:04 +0300352static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
353 const u8 key_id[4], u8 res[16])
354{
355 int err;
356
357 BT_DBG("w %16phN key_id %4phN", w, key_id);
358
359 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
360 if (err)
361 return err;
362
363 BT_DBG("res %16phN", res);
364
365 return err;
366}
367
Johan Hedberg60478052014-02-18 10:19:31 +0200368static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
369{
Johan Hedberg943a7322014-03-18 12:58:24 +0200370 u8 _res[16];
Johan Hedberg60478052014-02-18 10:19:31 +0200371 int err;
372
373 /* r' = padding || r */
Johan Hedberg943a7322014-03-18 12:58:24 +0200374 memcpy(_res, r, 3);
375 memset(_res + 3, 0, 13);
Johan Hedberg60478052014-02-18 10:19:31 +0200376
Johan Hedberg943a7322014-03-18 12:58:24 +0200377 err = smp_e(tfm, irk, _res);
Johan Hedberg60478052014-02-18 10:19:31 +0200378 if (err) {
379 BT_ERR("Encrypt error");
380 return err;
381 }
382
383 /* The output of the random address function ah is:
384 * ah(h, r) = e(k, r') mod 2^24
385 * The output of the security function e is then truncated to 24 bits
386 * by taking the least significant 24 bits of the output of e as the
387 * result of ah.
388 */
Johan Hedberg943a7322014-03-18 12:58:24 +0200389 memcpy(res, _res, 3);
Johan Hedberg60478052014-02-18 10:19:31 +0200390
391 return 0;
392}
393
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300394bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
Johan Hedberg60478052014-02-18 10:19:31 +0200395{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300396 struct l2cap_chan *chan = hdev->smp_data;
397 struct crypto_blkcipher *tfm;
Johan Hedberg60478052014-02-18 10:19:31 +0200398 u8 hash[3];
399 int err;
400
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300401 if (!chan || !chan->data)
402 return false;
403
404 tfm = chan->data;
405
Johan Hedberg60478052014-02-18 10:19:31 +0200406 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
407
408 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
409 if (err)
410 return false;
411
412 return !memcmp(bdaddr->b, hash, 3);
413}
414
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300415int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200416{
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300417 struct l2cap_chan *chan = hdev->smp_data;
418 struct crypto_blkcipher *tfm;
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200419 int err;
420
Johan Hedbergdefce9e2014-08-08 09:37:17 +0300421 if (!chan || !chan->data)
422 return -EOPNOTSUPP;
423
424 tfm = chan->data;
425
Johan Hedbergb1e2b3a2014-02-23 19:42:19 +0200426 get_random_bytes(&rpa->b[3], 3);
427
428 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
429 rpa->b[5] |= 0x40; /* Set second most significant bit */
430
431 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
432 if (err < 0)
433 return err;
434
435 BT_DBG("RPA %pMR", rpa);
436
437 return 0;
438}
439
Johan Hedberge491eaf2014-10-25 21:15:37 +0200440static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
441 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
442 bdaddr_t *ra, u8 res[16])
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300443{
444 u8 p1[16], p2[16];
445 int err;
446
447 memset(p1, 0, 16);
448
449 /* p1 = pres || preq || _rat || _iat */
Johan Hedberg943a7322014-03-18 12:58:24 +0200450 p1[0] = _iat;
451 p1[1] = _rat;
452 memcpy(p1 + 2, preq, 7);
453 memcpy(p1 + 9, pres, 7);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300454
455 /* p2 = padding || ia || ra */
Johan Hedberg943a7322014-03-18 12:58:24 +0200456 memcpy(p2, ra, 6);
457 memcpy(p2 + 6, ia, 6);
458 memset(p2 + 12, 0, 4);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300459
460 /* res = r XOR p1 */
461 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
462
463 /* res = e(k, res) */
Johan Hedberge491eaf2014-10-25 21:15:37 +0200464 err = smp_e(tfm_aes, k, res);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300465 if (err) {
466 BT_ERR("Encrypt data error");
467 return err;
468 }
469
470 /* res = res XOR p2 */
471 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
472
473 /* res = e(k, res) */
Johan Hedberge491eaf2014-10-25 21:15:37 +0200474 err = smp_e(tfm_aes, k, res);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300475 if (err)
476 BT_ERR("Encrypt data error");
477
478 return err;
479}
480
Johan Hedberge491eaf2014-10-25 21:15:37 +0200481static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
482 u8 r2[16], u8 _r[16])
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300483{
484 int err;
485
486 /* Just least significant octets from r1 and r2 are considered */
Johan Hedberg943a7322014-03-18 12:58:24 +0200487 memcpy(_r, r2, 8);
488 memcpy(_r + 8, r1, 8);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300489
Johan Hedberge491eaf2014-10-25 21:15:37 +0200490 err = smp_e(tfm_aes, k, _r);
Anderson Brigliad22ef0b2011-06-09 18:50:44 -0300491 if (err)
492 BT_ERR("Encrypt data error");
493
494 return err;
495}
496
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300497static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
498{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300499 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300500 struct smp_chan *smp;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300501 struct kvec iv[2];
502 struct msghdr msg;
503
504 if (!chan)
505 return;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300506
507 BT_DBG("code 0x%2.2x", code);
508
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300509 iv[0].iov_base = &code;
510 iv[0].iov_len = 1;
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300511
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300512 iv[1].iov_base = data;
513 iv[1].iov_len = len;
514
515 memset(&msg, 0, sizeof(msg));
516
517 msg.msg_iov = (struct iovec *) &iv;
518 msg.msg_iovlen = 2;
519
520 l2cap_chan_send(chan, &msg, 1 + len);
Vinicius Costa Gomese2dcd112011-08-19 21:06:50 -0300521
Johan Hedbergb68fda62014-08-11 22:06:40 +0300522 if (!chan->data)
523 return;
524
525 smp = chan->data;
526
527 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg1b0921d2014-09-05 22:19:48 +0300528 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
Anderson Brigliaeb492e02011-06-09 18:50:40 -0300529}
530
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300531static u8 authreq_to_seclevel(u8 authreq)
Brian Gix2b64d152011-12-21 16:12:12 -0800532{
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300533 if (authreq & SMP_AUTH_MITM) {
534 if (authreq & SMP_AUTH_SC)
535 return BT_SECURITY_FIPS;
536 else
537 return BT_SECURITY_HIGH;
538 } else {
Brian Gix2b64d152011-12-21 16:12:12 -0800539 return BT_SECURITY_MEDIUM;
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300540 }
Brian Gix2b64d152011-12-21 16:12:12 -0800541}
542
543static __u8 seclevel_to_authreq(__u8 sec_level)
544{
545 switch (sec_level) {
Johan Hedbergd2eb9e12014-05-16 10:59:06 +0300546 case BT_SECURITY_FIPS:
Brian Gix2b64d152011-12-21 16:12:12 -0800547 case BT_SECURITY_HIGH:
548 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
549 case BT_SECURITY_MEDIUM:
550 return SMP_AUTH_BONDING;
551 default:
552 return SMP_AUTH_NONE;
553 }
554}
555
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300556static void build_pairing_cmd(struct l2cap_conn *conn,
Marcel Holtmannf1560462013-10-13 05:43:25 -0700557 struct smp_cmd_pairing *req,
558 struct smp_cmd_pairing *rsp, __u8 authreq)
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300559{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300560 struct l2cap_chan *chan = conn->smp;
561 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200562 struct hci_conn *hcon = conn->hcon;
563 struct hci_dev *hdev = hcon->hdev;
564 u8 local_dist = 0, remote_dist = 0;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300565
Johan Hedbergb6ae8452014-07-30 09:22:22 +0300566 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -0700567 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
568 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300569 authreq |= SMP_AUTH_BONDING;
Brian Gix2b64d152011-12-21 16:12:12 -0800570 } else {
571 authreq &= ~SMP_AUTH_BONDING;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300572 }
573
Johan Hedbergfd349c02014-02-18 10:19:36 +0200574 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
575 remote_dist |= SMP_DIST_ID_KEY;
576
Johan Hedberg863efaf2014-02-22 19:06:32 +0200577 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
578 local_dist |= SMP_DIST_ID_KEY;
579
Johan Hedbergdf8e1a42014-06-06 10:39:56 +0300580 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
581 if ((authreq & SMP_AUTH_SC) &&
582 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
583 local_dist |= SMP_DIST_LINK_KEY;
584 remote_dist |= SMP_DIST_LINK_KEY;
585 }
586 } else {
587 authreq &= ~SMP_AUTH_SC;
588 }
589
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300590 if (rsp == NULL) {
591 req->io_capability = conn->hcon->io_capability;
592 req->oob_flag = SMP_OOB_NOT_PRESENT;
593 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200594 req->init_key_dist = local_dist;
595 req->resp_key_dist = remote_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300596 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200597
598 smp->remote_key_dist = remote_dist;
Vinicius Costa Gomes54790f72011-07-07 18:59:38 -0300599 return;
600 }
601
602 rsp->io_capability = conn->hcon->io_capability;
603 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
604 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
Johan Hedbergfd349c02014-02-18 10:19:36 +0200605 rsp->init_key_dist = req->init_key_dist & remote_dist;
606 rsp->resp_key_dist = req->resp_key_dist & local_dist;
Johan Hedberg0edb14d2014-05-26 13:29:28 +0300607 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
Johan Hedbergfd349c02014-02-18 10:19:36 +0200608
609 smp->remote_key_dist = rsp->init_key_dist;
Vinicius Costa Gomesb8e66ea2011-06-09 18:50:52 -0300610}
611
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300612static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
613{
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300614 struct l2cap_chan *chan = conn->smp;
615 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -0300616
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300617 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
Marcel Holtmannf1560462013-10-13 05:43:25 -0700618 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300619 return SMP_ENC_KEY_SIZE;
620
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300621 smp->enc_key_size = max_key_size;
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -0300622
623 return 0;
624}
625
Johan Hedberg6f48e262014-08-11 22:06:44 +0300626static void smp_chan_destroy(struct l2cap_conn *conn)
627{
628 struct l2cap_chan *chan = conn->smp;
629 struct smp_chan *smp = chan->data;
630 bool complete;
631
632 BUG_ON(!smp);
633
634 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300635
Johan Hedberg6f48e262014-08-11 22:06:44 +0300636 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
637 mgmt_smp_complete(conn->hcon, complete);
638
639 kfree(smp->csrk);
640 kfree(smp->slave_csrk);
Johan Hedberg6a770832014-06-06 11:54:04 +0300641 kfree(smp->link_key);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300642
643 crypto_free_blkcipher(smp->tfm_aes);
Johan Hedberg407cecf2014-05-02 14:19:47 +0300644 crypto_free_hash(smp->tfm_cmac);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300645
646 /* If pairing failed clean up any keys we might have */
647 if (!complete) {
648 if (smp->ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200649 list_del_rcu(&smp->ltk->list);
650 kfree_rcu(smp->ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300651 }
652
653 if (smp->slave_ltk) {
Johan Hedberg970d0f12014-11-13 14:37:47 +0200654 list_del_rcu(&smp->slave_ltk->list);
655 kfree_rcu(smp->slave_ltk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300656 }
657
658 if (smp->remote_irk) {
Johan Hedbergadae20c2014-11-13 14:37:48 +0200659 list_del_rcu(&smp->remote_irk->list);
660 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg6f48e262014-08-11 22:06:44 +0300661 }
662 }
663
664 chan->data = NULL;
665 kfree(smp);
666 hci_conn_drop(conn->hcon);
667}
668
Johan Hedberg84794e12013-11-06 11:24:57 +0200669static void smp_failure(struct l2cap_conn *conn, u8 reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800670{
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200671 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb68fda62014-08-11 22:06:40 +0300672 struct l2cap_chan *chan = conn->smp;
Johan Hedbergbab73cb2012-02-09 16:07:29 +0200673
Johan Hedberg84794e12013-11-06 11:24:57 +0200674 if (reason)
Brian Gix4f957a72011-11-23 08:28:36 -0800675 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
Marcel Holtmannf1560462013-10-13 05:43:25 -0700676 &reason);
Brian Gix4f957a72011-11-23 08:28:36 -0800677
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700678 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
Johan Hedberge1e930f2014-09-08 17:09:49 -0700679 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300680
Johan Hedbergfc75cc82014-09-05 22:19:52 +0300681 if (chan->data)
Vinicius Costa Gomesf1c09c02012-02-01 18:27:56 -0300682 smp_chan_destroy(conn);
Brian Gix4f957a72011-11-23 08:28:36 -0800683}
684
Brian Gix2b64d152011-12-21 16:12:12 -0800685#define JUST_WORKS 0x00
686#define JUST_CFM 0x01
687#define REQ_PASSKEY 0x02
688#define CFM_PASSKEY 0x03
689#define REQ_OOB 0x04
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300690#define DSP_PASSKEY 0x05
Brian Gix2b64d152011-12-21 16:12:12 -0800691#define OVERLAP 0xFF
692
693static const u8 gen_method[5][5] = {
694 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
695 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
696 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
697 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
698 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
699};
700
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300701static const u8 sc_method[5][5] = {
702 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
703 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
704 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
705 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
706 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
707};
708
Johan Hedberg581370c2014-06-17 13:07:38 +0300709static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
710{
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300711 /* If either side has unknown io_caps, use JUST_CFM (which gets
712 * converted later to JUST_WORKS if we're initiators.
713 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300714 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
715 remote_io > SMP_IO_KEYBOARD_DISPLAY)
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300716 return JUST_CFM;
Johan Hedberg581370c2014-06-17 13:07:38 +0300717
Johan Hedberg5e3d3d92014-05-31 18:51:02 +0300718 if (test_bit(SMP_FLAG_SC, &smp->flags))
719 return sc_method[remote_io][local_io];
720
Johan Hedberg581370c2014-06-17 13:07:38 +0300721 return gen_method[remote_io][local_io];
722}
723
Brian Gix2b64d152011-12-21 16:12:12 -0800724static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
725 u8 local_io, u8 remote_io)
726{
727 struct hci_conn *hcon = conn->hcon;
Johan Hedberg5d88cc72014-08-08 09:37:18 +0300728 struct l2cap_chan *chan = conn->smp;
729 struct smp_chan *smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -0800730 u32 passkey = 0;
731 int ret = 0;
732
733 /* Initialize key for JUST WORKS */
734 memset(smp->tk, 0, sizeof(smp->tk));
Johan Hedberg4a74d652014-05-20 09:45:50 +0300735 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800736
737 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
738
Johan Hedberg2bcd4002014-07-09 19:18:09 +0300739 /* If neither side wants MITM, either "just" confirm an incoming
740 * request or use just-works for outgoing ones. The JUST_CFM
741 * will be converted to JUST_WORKS if necessary later in this
742 * function. If either side has MITM look up the method from the
743 * table.
744 */
Johan Hedberg581370c2014-06-17 13:07:38 +0300745 if (!(auth & SMP_AUTH_MITM))
Johan Hedberg783e0572014-05-31 18:48:26 +0300746 smp->method = JUST_CFM;
Brian Gix2b64d152011-12-21 16:12:12 -0800747 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300748 smp->method = get_auth_method(smp, local_io, remote_io);
Brian Gix2b64d152011-12-21 16:12:12 -0800749
Johan Hedberga82505c2014-03-24 14:39:07 +0200750 /* Don't confirm locally initiated pairing attempts */
Johan Hedberg783e0572014-05-31 18:48:26 +0300751 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
752 &smp->flags))
753 smp->method = JUST_WORKS;
Johan Hedberga82505c2014-03-24 14:39:07 +0200754
Johan Hedberg02f3e252014-07-16 15:09:13 +0300755 /* Don't bother user space with no IO capabilities */
Johan Hedberg783e0572014-05-31 18:48:26 +0300756 if (smp->method == JUST_CFM &&
757 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
758 smp->method = JUST_WORKS;
Johan Hedberg02f3e252014-07-16 15:09:13 +0300759
Brian Gix2b64d152011-12-21 16:12:12 -0800760 /* If Just Works, Continue with Zero TK */
Johan Hedberg783e0572014-05-31 18:48:26 +0300761 if (smp->method == JUST_WORKS) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300762 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800763 return 0;
764 }
765
766 /* Not Just Works/Confirm results in MITM Authentication */
Johan Hedberg783e0572014-05-31 18:48:26 +0300767 if (smp->method != JUST_CFM) {
Johan Hedberg4a74d652014-05-20 09:45:50 +0300768 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
Johan Hedberg5eb596f2014-09-18 11:26:32 +0300769 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
770 hcon->pending_sec_level = BT_SECURITY_HIGH;
771 }
Brian Gix2b64d152011-12-21 16:12:12 -0800772
773 /* If both devices have Keyoard-Display I/O, the master
774 * Confirms and the slave Enters the passkey.
775 */
Johan Hedberg783e0572014-05-31 18:48:26 +0300776 if (smp->method == OVERLAP) {
Johan Hedberg40bef302014-07-16 11:42:27 +0300777 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedberg783e0572014-05-31 18:48:26 +0300778 smp->method = CFM_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800779 else
Johan Hedberg783e0572014-05-31 18:48:26 +0300780 smp->method = REQ_PASSKEY;
Brian Gix2b64d152011-12-21 16:12:12 -0800781 }
782
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200783 /* Generate random passkey. */
Johan Hedberg783e0572014-05-31 18:48:26 +0300784 if (smp->method == CFM_PASSKEY) {
Johan Hedberg943a7322014-03-18 12:58:24 +0200785 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -0800786 get_random_bytes(&passkey, sizeof(passkey));
787 passkey %= 1000000;
Johan Hedberg943a7322014-03-18 12:58:24 +0200788 put_unaligned_le32(passkey, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -0800789 BT_DBG("PassKey: %d", passkey);
Johan Hedberg4a74d652014-05-20 09:45:50 +0300790 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800791 }
792
Johan Hedberg783e0572014-05-31 18:48:26 +0300793 if (smp->method == REQ_PASSKEY)
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700794 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200795 hcon->type, hcon->dst_type);
Johan Hedberg783e0572014-05-31 18:48:26 +0300796 else if (smp->method == JUST_CFM)
Johan Hedberg4eb65e62014-03-24 14:39:05 +0200797 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
798 hcon->type, hcon->dst_type,
799 passkey, 1);
Brian Gix2b64d152011-12-21 16:12:12 -0800800 else
Johan Hedberg01ad34d2014-03-19 14:14:53 +0200801 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
Johan Hedberg272d90d2012-02-09 15:26:12 +0200802 hcon->type, hcon->dst_type,
Johan Hedberg39adbff2014-03-20 08:18:14 +0200803 passkey, 0);
Brian Gix2b64d152011-12-21 16:12:12 -0800804
Brian Gix2b64d152011-12-21 16:12:12 -0800805 return ret;
806}
807
Johan Hedberg1cc61142014-05-20 09:45:52 +0300808static u8 smp_confirm(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300809{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300810 struct l2cap_conn *conn = smp->conn;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300811 struct smp_cmd_pairing_confirm cp;
812 int ret;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300813
814 BT_DBG("conn %p", conn);
815
Johan Hedberge491eaf2014-10-25 21:15:37 +0200816 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200817 conn->hcon->init_addr_type, &conn->hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200818 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
819 cp.confirm_val);
Johan Hedberg1cc61142014-05-20 09:45:52 +0300820 if (ret)
821 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300822
Johan Hedberg4a74d652014-05-20 09:45:50 +0300823 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -0800824
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300825 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
826
Johan Hedbergb28b4942014-09-05 22:19:55 +0300827 if (conn->hcon->out)
828 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
829 else
830 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
831
Johan Hedberg1cc61142014-05-20 09:45:52 +0300832 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300833}
834
Johan Hedberg861580a2014-05-20 09:45:51 +0300835static u8 smp_random(struct smp_chan *smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300836{
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300837 struct l2cap_conn *conn = smp->conn;
838 struct hci_conn *hcon = conn->hcon;
Johan Hedberg861580a2014-05-20 09:45:51 +0300839 u8 confirm[16];
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300840 int ret;
841
Johan Hedbergec70f362014-06-27 14:23:04 +0300842 if (IS_ERR_OR_NULL(smp->tfm_aes))
Johan Hedberg861580a2014-05-20 09:45:51 +0300843 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300844
845 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
846
Johan Hedberge491eaf2014-10-25 21:15:37 +0200847 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
Johan Hedbergb1cd5fd2014-02-28 12:54:17 +0200848 hcon->init_addr_type, &hcon->init_addr,
Johan Hedberg943a7322014-03-18 12:58:24 +0200849 hcon->resp_addr_type, &hcon->resp_addr, confirm);
Johan Hedberg861580a2014-05-20 09:45:51 +0300850 if (ret)
851 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300852
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300853 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
854 BT_ERR("Pairing failed (confirmation values mismatch)");
Johan Hedberg861580a2014-05-20 09:45:51 +0300855 return SMP_CONFIRM_FAILED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300856 }
857
858 if (hcon->out) {
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -0800859 u8 stk[16];
860 __le64 rand = 0;
861 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300862
Johan Hedberge491eaf2014-10-25 21:15:37 +0200863 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300864
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300865 memset(stk + smp->enc_key_size, 0,
Gustavo F. Padovan04124682012-03-08 01:25:00 -0300866 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300867
Johan Hedberg861580a2014-05-20 09:45:51 +0300868 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
869 return SMP_UNSPECIFIED;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300870
871 hci_le_start_enc(hcon, ediv, rand, stk);
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300872 hcon->enc_key_size = smp->enc_key_size;
Johan Hedbergfe59a052014-07-01 19:14:12 +0300873 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300874 } else {
Johan Hedbergfff34902014-06-10 15:19:50 +0300875 u8 stk[16], auth;
Marcel Holtmannfe39c7b2014-02-27 16:00:28 -0800876 __le64 rand = 0;
877 __le16 ediv = 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300878
Johan Hedberg943a7322014-03-18 12:58:24 +0200879 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
880 smp->prnd);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300881
Johan Hedberge491eaf2014-10-25 21:15:37 +0200882 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300883
Vinicius Costa Gomesf7aa6112012-01-30 19:29:12 -0300884 memset(stk + smp->enc_key_size, 0,
Marcel Holtmannf1560462013-10-13 05:43:25 -0700885 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300886
Johan Hedbergfff34902014-06-10 15:19:50 +0300887 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
888 auth = 1;
889 else
890 auth = 0;
891
Johan Hedberg7d5843b2014-06-16 19:25:15 +0300892 /* Even though there's no _SLAVE suffix this is the
893 * slave STK we're adding for later lookup (the master
894 * STK never needs to be stored).
895 */
Marcel Holtmannce39fb42013-10-13 02:23:39 -0700896 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedberg2ceba532014-06-16 19:25:16 +0300897 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300898 }
899
Johan Hedberg861580a2014-05-20 09:45:51 +0300900 return 0;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -0300901}
902
Johan Hedberg44f1a7a2014-08-11 22:06:36 +0300903static void smp_notify_keys(struct l2cap_conn *conn)
904{
905 struct l2cap_chan *chan = conn->smp;
906 struct smp_chan *smp = chan->data;
907 struct hci_conn *hcon = conn->hcon;
908 struct hci_dev *hdev = hcon->hdev;
909 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
910 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
911 bool persistent;
912
913 if (smp->remote_irk) {
914 mgmt_new_irk(hdev, smp->remote_irk);
915 /* Now that user space can be considered to know the
916 * identity address track the connection based on it
917 * from now on.
918 */
919 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
920 hcon->dst_type = smp->remote_irk->addr_type;
Johan Hedbergf3d82d02014-09-05 22:19:50 +0300921 queue_work(hdev->workqueue, &conn->id_addr_update_work);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +0300922
923 /* When receiving an indentity resolving key for
924 * a remote device that does not use a resolvable
925 * private address, just remove the key so that
926 * it is possible to use the controller white
927 * list for scanning.
928 *
929 * Userspace will have been told to not store
930 * this key at this point. So it is safe to
931 * just remove it.
932 */
933 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
Johan Hedbergadae20c2014-11-13 14:37:48 +0200934 list_del_rcu(&smp->remote_irk->list);
935 kfree_rcu(smp->remote_irk, rcu);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +0300936 smp->remote_irk = NULL;
937 }
938 }
939
940 /* The LTKs and CSRKs should be persistent only if both sides
941 * had the bonding bit set in their authentication requests.
942 */
943 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
944
945 if (smp->csrk) {
946 smp->csrk->bdaddr_type = hcon->dst_type;
947 bacpy(&smp->csrk->bdaddr, &hcon->dst);
948 mgmt_new_csrk(hdev, smp->csrk, persistent);
949 }
950
951 if (smp->slave_csrk) {
952 smp->slave_csrk->bdaddr_type = hcon->dst_type;
953 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
954 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
955 }
956
957 if (smp->ltk) {
958 smp->ltk->bdaddr_type = hcon->dst_type;
959 bacpy(&smp->ltk->bdaddr, &hcon->dst);
960 mgmt_new_ltk(hdev, smp->ltk, persistent);
961 }
962
963 if (smp->slave_ltk) {
964 smp->slave_ltk->bdaddr_type = hcon->dst_type;
965 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
966 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
967 }
Johan Hedberg6a770832014-06-06 11:54:04 +0300968
969 if (smp->link_key) {
Johan Hedberge3befab2014-06-01 16:33:39 +0300970 struct link_key *key;
971 u8 type;
972
973 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
974 type = HCI_LK_DEBUG_COMBINATION;
975 else if (hcon->sec_level == BT_SECURITY_FIPS)
976 type = HCI_LK_AUTH_COMBINATION_P256;
977 else
978 type = HCI_LK_UNAUTH_COMBINATION_P256;
979
980 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
981 smp->link_key, type, 0, &persistent);
982 if (key) {
983 mgmt_new_link_key(hdev, key, persistent);
984
985 /* Don't keep debug keys around if the relevant
986 * flag is not set.
987 */
988 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
989 key->type == HCI_LK_DEBUG_COMBINATION) {
990 list_del_rcu(&key->list);
991 kfree_rcu(key, rcu);
992 }
993 }
Johan Hedberg6a770832014-06-06 11:54:04 +0300994 }
995}
996
997static void sc_generate_link_key(struct smp_chan *smp)
998{
999 /* These constants are as specified in the core specification.
1000 * In ASCII they spell out to 'tmp1' and 'lebr'.
1001 */
1002 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1003 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1004
1005 smp->link_key = kzalloc(16, GFP_KERNEL);
1006 if (!smp->link_key)
1007 return;
1008
1009 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1010 kfree(smp->link_key);
1011 smp->link_key = NULL;
1012 return;
1013 }
1014
1015 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1016 kfree(smp->link_key);
1017 smp->link_key = NULL;
1018 return;
1019 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001020}
1021
Johan Hedbergb28b4942014-09-05 22:19:55 +03001022static void smp_allow_key_dist(struct smp_chan *smp)
1023{
1024 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1025 * will be allowed in each PDU handler to ensure we receive
1026 * them in the correct order.
1027 */
1028 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1029 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1030 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1031 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1032 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1033 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1034}
1035
Johan Hedbergd6268e82014-09-05 22:19:51 +03001036static void smp_distribute_keys(struct smp_chan *smp)
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001037{
1038 struct smp_cmd_pairing *req, *rsp;
Johan Hedberg86d14072014-08-11 22:06:43 +03001039 struct l2cap_conn *conn = smp->conn;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001040 struct hci_conn *hcon = conn->hcon;
1041 struct hci_dev *hdev = hcon->hdev;
1042 __u8 *keydist;
1043
1044 BT_DBG("conn %p", conn);
1045
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001046 rsp = (void *) &smp->prsp[1];
1047
1048 /* The responder sends its keys first */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001049 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1050 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001051 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001052 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001053
1054 req = (void *) &smp->preq[1];
1055
1056 if (hcon->out) {
1057 keydist = &rsp->init_key_dist;
1058 *keydist &= req->init_key_dist;
1059 } else {
1060 keydist = &rsp->resp_key_dist;
1061 *keydist &= req->resp_key_dist;
1062 }
1063
Johan Hedberg6a770832014-06-06 11:54:04 +03001064 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1065 if (*keydist & SMP_DIST_LINK_KEY)
1066 sc_generate_link_key(smp);
1067
1068 /* Clear the keys which are generated but not distributed */
1069 *keydist &= ~SMP_SC_NO_DIST;
1070 }
1071
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001072 BT_DBG("keydist 0x%x", *keydist);
1073
1074 if (*keydist & SMP_DIST_ENC_KEY) {
1075 struct smp_cmd_encrypt_info enc;
1076 struct smp_cmd_master_ident ident;
1077 struct smp_ltk *ltk;
1078 u8 authenticated;
1079 __le16 ediv;
1080 __le64 rand;
1081
1082 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1083 get_random_bytes(&ediv, sizeof(ediv));
1084 get_random_bytes(&rand, sizeof(rand));
1085
1086 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1087
1088 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1089 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1090 SMP_LTK_SLAVE, authenticated, enc.ltk,
1091 smp->enc_key_size, ediv, rand);
1092 smp->slave_ltk = ltk;
1093
1094 ident.ediv = ediv;
1095 ident.rand = rand;
1096
1097 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1098
1099 *keydist &= ~SMP_DIST_ENC_KEY;
1100 }
1101
1102 if (*keydist & SMP_DIST_ID_KEY) {
1103 struct smp_cmd_ident_addr_info addrinfo;
1104 struct smp_cmd_ident_info idinfo;
1105
1106 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1107
1108 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1109
1110 /* The hci_conn contains the local identity address
1111 * after the connection has been established.
1112 *
1113 * This is true even when the connection has been
1114 * established using a resolvable random address.
1115 */
1116 bacpy(&addrinfo.bdaddr, &hcon->src);
1117 addrinfo.addr_type = hcon->src_type;
1118
1119 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1120 &addrinfo);
1121
1122 *keydist &= ~SMP_DIST_ID_KEY;
1123 }
1124
1125 if (*keydist & SMP_DIST_SIGN) {
1126 struct smp_cmd_sign_info sign;
1127 struct smp_csrk *csrk;
1128
1129 /* Generate a new random key */
1130 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1131
1132 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1133 if (csrk) {
1134 csrk->master = 0x00;
1135 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1136 }
1137 smp->slave_csrk = csrk;
1138
1139 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1140
1141 *keydist &= ~SMP_DIST_SIGN;
1142 }
1143
1144 /* If there are still keys to be received wait for them */
Johan Hedbergb28b4942014-09-05 22:19:55 +03001145 if (smp->remote_key_dist & KEY_DIST_MASK) {
1146 smp_allow_key_dist(smp);
Johan Hedberg86d14072014-08-11 22:06:43 +03001147 return;
Johan Hedbergb28b4942014-09-05 22:19:55 +03001148 }
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001149
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001150 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1151 smp_notify_keys(conn);
1152
1153 smp_chan_destroy(conn);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03001154}
1155
Johan Hedbergb68fda62014-08-11 22:06:40 +03001156static void smp_timeout(struct work_struct *work)
1157{
1158 struct smp_chan *smp = container_of(work, struct smp_chan,
1159 security_timer.work);
1160 struct l2cap_conn *conn = smp->conn;
1161
1162 BT_DBG("conn %p", conn);
1163
Johan Hedberg1e91c292014-08-18 20:33:29 +03001164 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
Johan Hedbergb68fda62014-08-11 22:06:40 +03001165}
1166
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001167static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1168{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001169 struct l2cap_chan *chan = conn->smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001170 struct smp_chan *smp;
1171
Marcel Holtmannf1560462013-10-13 05:43:25 -07001172 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001173 if (!smp)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001174 return NULL;
1175
Johan Hedberg6a7bd102014-06-27 14:23:03 +03001176 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1177 if (IS_ERR(smp->tfm_aes)) {
1178 BT_ERR("Unable to create ECB crypto context");
1179 kfree(smp);
1180 return NULL;
1181 }
1182
Johan Hedberg407cecf2014-05-02 14:19:47 +03001183 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1184 if (IS_ERR(smp->tfm_cmac)) {
1185 BT_ERR("Unable to create CMAC crypto context");
1186 crypto_free_blkcipher(smp->tfm_aes);
1187 kfree(smp);
1188 return NULL;
1189 }
1190
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001191 smp->conn = conn;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001192 chan->data = smp;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001193
Johan Hedbergb28b4942014-09-05 22:19:55 +03001194 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1195
Johan Hedbergb68fda62014-08-11 22:06:40 +03001196 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1197
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001198 hci_conn_hold(conn->hcon);
1199
1200 return smp;
1201}
1202
Johan Hedberg760b0182014-06-06 11:44:05 +03001203static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1204{
1205 struct hci_conn *hcon = smp->conn->hcon;
1206 u8 *na, *nb, a[7], b[7];
1207
1208 if (hcon->out) {
1209 na = smp->prnd;
1210 nb = smp->rrnd;
1211 } else {
1212 na = smp->rrnd;
1213 nb = smp->prnd;
1214 }
1215
1216 memcpy(a, &hcon->init_addr, 6);
1217 memcpy(b, &hcon->resp_addr, 6);
1218 a[6] = hcon->init_addr_type;
1219 b[6] = hcon->resp_addr_type;
1220
1221 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1222}
1223
Johan Hedberg38606f12014-06-25 11:10:28 +03001224static void sc_dhkey_check(struct smp_chan *smp)
Johan Hedberg760b0182014-06-06 11:44:05 +03001225{
1226 struct hci_conn *hcon = smp->conn->hcon;
1227 struct smp_cmd_dhkey_check check;
1228 u8 a[7], b[7], *local_addr, *remote_addr;
1229 u8 io_cap[3], r[16];
1230
Johan Hedberg760b0182014-06-06 11:44:05 +03001231 memcpy(a, &hcon->init_addr, 6);
1232 memcpy(b, &hcon->resp_addr, 6);
1233 a[6] = hcon->init_addr_type;
1234 b[6] = hcon->resp_addr_type;
1235
1236 if (hcon->out) {
1237 local_addr = a;
1238 remote_addr = b;
1239 memcpy(io_cap, &smp->preq[1], 3);
1240 } else {
1241 local_addr = b;
1242 remote_addr = a;
1243 memcpy(io_cap, &smp->prsp[1], 3);
1244 }
1245
Johan Hedbergdddd3052014-06-01 15:38:09 +03001246 memset(r, 0, sizeof(r));
1247
1248 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
Johan Hedberg38606f12014-06-25 11:10:28 +03001249 put_unaligned_le32(hcon->passkey_notify, r);
Johan Hedberg760b0182014-06-06 11:44:05 +03001250
1251 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1252 local_addr, remote_addr, check.e);
1253
1254 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
Johan Hedbergdddd3052014-06-01 15:38:09 +03001255}
1256
Johan Hedberg38606f12014-06-25 11:10:28 +03001257static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1258{
1259 struct l2cap_conn *conn = smp->conn;
1260 struct hci_conn *hcon = conn->hcon;
1261 struct smp_cmd_pairing_confirm cfm;
1262 u8 r;
1263
1264 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1265 r |= 0x80;
1266
1267 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1268
1269 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1270 cfm.confirm_val))
1271 return SMP_UNSPECIFIED;
1272
1273 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1274
1275 return 0;
1276}
1277
1278static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1279{
1280 struct l2cap_conn *conn = smp->conn;
1281 struct hci_conn *hcon = conn->hcon;
1282 struct hci_dev *hdev = hcon->hdev;
1283 u8 cfm[16], r;
1284
1285 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1286 if (smp->passkey_round >= 20)
1287 return 0;
1288
1289 switch (smp_op) {
1290 case SMP_CMD_PAIRING_RANDOM:
1291 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1292 r |= 0x80;
1293
1294 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1295 smp->rrnd, r, cfm))
1296 return SMP_UNSPECIFIED;
1297
1298 if (memcmp(smp->pcnf, cfm, 16))
1299 return SMP_CONFIRM_FAILED;
1300
1301 smp->passkey_round++;
1302
1303 if (smp->passkey_round == 20) {
1304 /* Generate MacKey and LTK */
1305 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1306 return SMP_UNSPECIFIED;
1307 }
1308
1309 /* The round is only complete when the initiator
1310 * receives pairing random.
1311 */
1312 if (!hcon->out) {
1313 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1314 sizeof(smp->prnd), smp->prnd);
1315 if (smp->passkey_round == 20) {
1316 sc_dhkey_check(smp);
1317 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1318 } else {
1319 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1320 }
1321 return 0;
1322 }
1323
1324 /* Start the next round */
1325 if (smp->passkey_round != 20)
1326 return sc_passkey_round(smp, 0);
1327
1328 /* Passkey rounds are complete - start DHKey Check */
1329 sc_dhkey_check(smp);
1330 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1331
1332 break;
1333
1334 case SMP_CMD_PAIRING_CONFIRM:
1335 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1336 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1337 return 0;
1338 }
1339
1340 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1341
1342 if (hcon->out) {
1343 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1344 sizeof(smp->prnd), smp->prnd);
1345 return 0;
1346 }
1347
1348 return sc_passkey_send_confirm(smp);
1349
1350 case SMP_CMD_PUBLIC_KEY:
1351 default:
1352 /* Initiating device starts the round */
1353 if (!hcon->out)
1354 return 0;
1355
1356 BT_DBG("%s Starting passkey round %u", hdev->name,
1357 smp->passkey_round + 1);
1358
1359 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1360
1361 return sc_passkey_send_confirm(smp);
1362 }
1363
1364 return 0;
1365}
1366
Johan Hedbergdddd3052014-06-01 15:38:09 +03001367static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1368{
Johan Hedberg38606f12014-06-25 11:10:28 +03001369 struct l2cap_conn *conn = smp->conn;
1370 struct hci_conn *hcon = conn->hcon;
1371 u8 smp_op;
1372
1373 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1374
Johan Hedbergdddd3052014-06-01 15:38:09 +03001375 switch (mgmt_op) {
1376 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1377 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1378 return 0;
1379 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1380 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1381 return 0;
Johan Hedberg38606f12014-06-25 11:10:28 +03001382 case MGMT_OP_USER_PASSKEY_REPLY:
1383 hcon->passkey_notify = le32_to_cpu(passkey);
1384 smp->passkey_round = 0;
1385
1386 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1387 smp_op = SMP_CMD_PAIRING_CONFIRM;
1388 else
1389 smp_op = 0;
1390
1391 if (sc_passkey_round(smp, smp_op))
1392 return -EIO;
1393
1394 return 0;
Johan Hedbergdddd3052014-06-01 15:38:09 +03001395 }
1396
Johan Hedberg38606f12014-06-25 11:10:28 +03001397 sc_dhkey_check(smp);
Johan Hedberg760b0182014-06-06 11:44:05 +03001398
1399 return 0;
1400}
1401
Brian Gix2b64d152011-12-21 16:12:12 -08001402int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1403{
Johan Hedbergb10e8012014-06-27 14:23:07 +03001404 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001405 struct l2cap_chan *chan;
Brian Gix2b64d152011-12-21 16:12:12 -08001406 struct smp_chan *smp;
1407 u32 value;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001408 int err;
Brian Gix2b64d152011-12-21 16:12:12 -08001409
1410 BT_DBG("");
1411
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001412 if (!conn)
Brian Gix2b64d152011-12-21 16:12:12 -08001413 return -ENOTCONN;
1414
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001415 chan = conn->smp;
1416 if (!chan)
1417 return -ENOTCONN;
1418
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001419 l2cap_chan_lock(chan);
1420 if (!chan->data) {
1421 err = -ENOTCONN;
1422 goto unlock;
1423 }
1424
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001425 smp = chan->data;
Brian Gix2b64d152011-12-21 16:12:12 -08001426
Johan Hedberg760b0182014-06-06 11:44:05 +03001427 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1428 err = sc_user_reply(smp, mgmt_op, passkey);
1429 goto unlock;
1430 }
1431
Brian Gix2b64d152011-12-21 16:12:12 -08001432 switch (mgmt_op) {
1433 case MGMT_OP_USER_PASSKEY_REPLY:
1434 value = le32_to_cpu(passkey);
Johan Hedberg943a7322014-03-18 12:58:24 +02001435 memset(smp->tk, 0, sizeof(smp->tk));
Brian Gix2b64d152011-12-21 16:12:12 -08001436 BT_DBG("PassKey: %d", value);
Johan Hedberg943a7322014-03-18 12:58:24 +02001437 put_unaligned_le32(value, smp->tk);
Brian Gix2b64d152011-12-21 16:12:12 -08001438 /* Fall Through */
1439 case MGMT_OP_USER_CONFIRM_REPLY:
Johan Hedberg4a74d652014-05-20 09:45:50 +03001440 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001441 break;
1442 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1443 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
Johan Hedberg84794e12013-11-06 11:24:57 +02001444 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001445 err = 0;
1446 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001447 default:
Johan Hedberg84794e12013-11-06 11:24:57 +02001448 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001449 err = -EOPNOTSUPP;
1450 goto unlock;
Brian Gix2b64d152011-12-21 16:12:12 -08001451 }
1452
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001453 err = 0;
1454
Brian Gix2b64d152011-12-21 16:12:12 -08001455 /* If it is our turn to send Pairing Confirm, do so now */
Johan Hedberg1cc61142014-05-20 09:45:52 +03001456 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1457 u8 rsp = smp_confirm(smp);
1458 if (rsp)
1459 smp_failure(conn, rsp);
1460 }
Brian Gix2b64d152011-12-21 16:12:12 -08001461
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001462unlock:
1463 l2cap_chan_unlock(chan);
1464 return err;
Brian Gix2b64d152011-12-21 16:12:12 -08001465}
1466
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001467static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001468{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001469 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001470 struct l2cap_chan *chan = conn->smp;
Johan Hedbergb3c64102014-07-10 11:02:07 +03001471 struct hci_dev *hdev = conn->hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001472 struct smp_chan *smp;
Johan Hedbergc7262e72014-06-17 13:07:37 +03001473 u8 key_size, auth, sec_level;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001474 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001475
1476 BT_DBG("conn %p", conn);
1477
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001478 if (skb->len < sizeof(*req))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001479 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001480
Johan Hedberg40bef302014-07-16 11:42:27 +03001481 if (conn->hcon->role != HCI_ROLE_SLAVE)
Brian Gix2b64d152011-12-21 16:12:12 -08001482 return SMP_CMD_NOTSUPP;
1483
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001484 if (!chan->data)
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001485 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001486 else
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001487 smp = chan->data;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001488
Andrei Emeltchenkod08fd0e2012-07-19 17:03:43 +03001489 if (!smp)
1490 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001491
Johan Hedbergc05b9332014-09-10 17:37:42 -07001492 /* We didn't start the pairing, so match remote */
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001493 auth = req->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001494
Johan Hedbergb6ae8452014-07-30 09:22:22 +03001495 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07001496 (auth & SMP_AUTH_BONDING))
Johan Hedbergb3c64102014-07-10 11:02:07 +03001497 return SMP_PAIRING_NOTSUPP;
1498
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001499 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1500 memcpy(&smp->preq[1], req, sizeof(*req));
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001501 skb_pull(skb, sizeof(*req));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001502
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03001503 build_pairing_cmd(conn, req, &rsp, auth);
1504
1505 if (rsp.auth_req & SMP_AUTH_SC)
1506 set_bit(SMP_FLAG_SC, &smp->flags);
1507
Johan Hedberg5be5e272014-09-10 17:58:54 -07001508 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07001509 sec_level = BT_SECURITY_MEDIUM;
1510 else
1511 sec_level = authreq_to_seclevel(auth);
1512
Johan Hedbergc7262e72014-06-17 13:07:37 +03001513 if (sec_level > conn->hcon->pending_sec_level)
1514 conn->hcon->pending_sec_level = sec_level;
Ido Yarivfdde0a22012-03-05 20:09:38 +02001515
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001516 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001517 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1518 u8 method;
1519
1520 method = get_auth_method(smp, conn->hcon->io_capability,
1521 req->io_capability);
1522 if (method == JUST_WORKS || method == JUST_CFM)
1523 return SMP_AUTH_REQUIREMENTS;
1524 }
1525
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001526 key_size = min(req->max_key_size, rsp.max_key_size);
1527 if (check_enc_key_size(conn, key_size))
1528 return SMP_ENC_KEY_SIZE;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001529
Johan Hedberge84a6b12013-12-02 10:49:03 +02001530 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001531
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001532 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1533 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001534
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001535 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
Johan Hedberg3b191462014-06-06 10:50:15 +03001536
1537 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1538
1539 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1540 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1541 /* Clear bits which are generated but not distributed */
1542 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1543 /* Wait for Public Key from Initiating Device */
1544 return 0;
1545 } else {
1546 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1547 }
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001548
Brian Gix2b64d152011-12-21 16:12:12 -08001549 /* Request setup of TK */
1550 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1551 if (ret)
1552 return SMP_UNSPECIFIED;
1553
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001554 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001555}
1556
Johan Hedberg3b191462014-06-06 10:50:15 +03001557static u8 sc_send_public_key(struct smp_chan *smp)
1558{
1559 BT_DBG("");
1560
Johan Hedberg6c0dcc52014-06-06 15:33:30 +03001561 while (true) {
1562 /* Generate local key pair for Secure Connections */
1563 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1564 return SMP_UNSPECIFIED;
1565
1566 /* This is unlikely, but we need to check that we didn't
1567 * accidentially generate a debug key.
1568 */
1569 if (memcmp(smp->local_sk, debug_sk, 32))
1570 break;
1571 }
Johan Hedberg3b191462014-06-06 10:50:15 +03001572
1573 BT_DBG("Local Public Key X: %32phN", smp->local_pk);
1574 BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1575 BT_DBG("Local Private Key: %32phN", smp->local_sk);
1576
1577 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1578
1579 return 0;
1580}
1581
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001582static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001583{
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001584 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001585 struct l2cap_chan *chan = conn->smp;
1586 struct smp_chan *smp = chan->data;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001587 struct hci_dev *hdev = conn->hcon->hdev;
Johan Hedberg3a7dbfb2014-09-10 17:37:41 -07001588 u8 key_size, auth;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001589 int ret;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001590
1591 BT_DBG("conn %p", conn);
1592
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001593 if (skb->len < sizeof(*rsp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001594 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001595
Johan Hedberg40bef302014-07-16 11:42:27 +03001596 if (conn->hcon->role != HCI_ROLE_MASTER)
Brian Gix2b64d152011-12-21 16:12:12 -08001597 return SMP_CMD_NOTSUPP;
1598
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001599 skb_pull(skb, sizeof(*rsp));
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001600
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001601 req = (void *) &smp->preq[1];
Vinicius Costa Gomes3158c502011-06-14 13:37:42 -03001602
1603 key_size = min(req->max_key_size, rsp->max_key_size);
1604 if (check_enc_key_size(conn, key_size))
1605 return SMP_ENC_KEY_SIZE;
1606
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001607 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001608
Johan Hedberg65668772014-05-16 11:03:34 +03001609 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1610 set_bit(SMP_FLAG_SC, &smp->flags);
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03001611 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1612 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
Johan Hedberg65668772014-05-16 11:03:34 +03001613
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001614 /* If we need MITM check that it can be achieved */
Johan Hedberg2ed8f652014-06-17 13:07:39 +03001615 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1616 u8 method;
1617
1618 method = get_auth_method(smp, req->io_capability,
1619 rsp->io_capability);
1620 if (method == JUST_WORKS || method == JUST_CFM)
1621 return SMP_AUTH_REQUIREMENTS;
1622 }
1623
Johan Hedberge84a6b12013-12-02 10:49:03 +02001624 get_random_bytes(smp->prnd, sizeof(smp->prnd));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001625
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001626 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1627 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001628
Johan Hedbergfdcc4be2014-03-14 10:53:50 +02001629 /* Update remote key distribution in case the remote cleared
1630 * some bits that we had enabled in our request.
1631 */
1632 smp->remote_key_dist &= rsp->resp_key_dist;
1633
Johan Hedberg3b191462014-06-06 10:50:15 +03001634 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1635 /* Clear bits which are generated but not distributed */
1636 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1637 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1638 return sc_send_public_key(smp);
1639 }
1640
Johan Hedbergc05b9332014-09-10 17:37:42 -07001641 auth |= req->auth_req;
Brian Gix2b64d152011-12-21 16:12:12 -08001642
Johan Hedberg476585e2012-06-06 18:54:15 +08001643 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
Brian Gix2b64d152011-12-21 16:12:12 -08001644 if (ret)
1645 return SMP_UNSPECIFIED;
1646
Johan Hedberg4a74d652014-05-20 09:45:50 +03001647 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Brian Gix2b64d152011-12-21 16:12:12 -08001648
1649 /* Can't compose response until we have been confirmed */
Johan Hedberg4a74d652014-05-20 09:45:50 +03001650 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03001651 return smp_confirm(smp);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001652
1653 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001654}
1655
Johan Hedbergdcee2b32014-06-06 11:36:38 +03001656static u8 sc_check_confirm(struct smp_chan *smp)
1657{
1658 struct l2cap_conn *conn = smp->conn;
1659
1660 BT_DBG("");
1661
1662 /* Public Key exchange must happen before any other steps */
1663 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1664 return SMP_UNSPECIFIED;
1665
Johan Hedberg38606f12014-06-25 11:10:28 +03001666 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1667 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1668
Johan Hedbergdcee2b32014-06-06 11:36:38 +03001669 if (conn->hcon->out) {
1670 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1671 smp->prnd);
1672 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1673 }
1674
1675 return 0;
1676}
1677
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001678static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001679{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001680 struct l2cap_chan *chan = conn->smp;
1681 struct smp_chan *smp = chan->data;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001682
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001683 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1684
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001685 if (skb->len < sizeof(smp->pcnf))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001686 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001687
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001688 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1689 skb_pull(skb, sizeof(smp->pcnf));
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001690
Johan Hedbergdcee2b32014-06-06 11:36:38 +03001691 if (test_bit(SMP_FLAG_SC, &smp->flags))
1692 return sc_check_confirm(smp);
1693
Johan Hedbergb28b4942014-09-05 22:19:55 +03001694 if (conn->hcon->out) {
Johan Hedberg943a7322014-03-18 12:58:24 +02001695 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1696 smp->prnd);
Johan Hedbergb28b4942014-09-05 22:19:55 +03001697 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1698 return 0;
1699 }
1700
1701 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
Johan Hedberg1cc61142014-05-20 09:45:52 +03001702 return smp_confirm(smp);
Johan Hedberg943a7322014-03-18 12:58:24 +02001703 else
Johan Hedberg4a74d652014-05-20 09:45:50 +03001704 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001705
1706 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001707}
1708
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001709static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001710{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001711 struct l2cap_chan *chan = conn->smp;
1712 struct smp_chan *smp = chan->data;
Johan Hedberg191dc7f2014-06-06 11:39:49 +03001713 struct hci_conn *hcon = conn->hcon;
1714 u8 *pkax, *pkbx, *na, *nb;
1715 u32 passkey;
1716 int err;
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001717
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001718 BT_DBG("conn %p", conn);
Anderson Briglia7d24ddc2011-06-09 18:50:46 -03001719
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001720 if (skb->len < sizeof(smp->rrnd))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001721 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001722
Johan Hedberg943a7322014-03-18 12:58:24 +02001723 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001724 skb_pull(skb, sizeof(smp->rrnd));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001725
Johan Hedberg191dc7f2014-06-06 11:39:49 +03001726 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1727 return smp_random(smp);
1728
Johan Hedberg38606f12014-06-25 11:10:28 +03001729 /* Passkey entry has special treatment */
1730 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1731 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1732
Johan Hedberg191dc7f2014-06-06 11:39:49 +03001733 if (hcon->out) {
1734 u8 cfm[16];
1735
1736 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1737 smp->rrnd, 0, cfm);
1738 if (err)
1739 return SMP_UNSPECIFIED;
1740
1741 if (memcmp(smp->pcnf, cfm, 16))
1742 return SMP_CONFIRM_FAILED;
1743
1744 pkax = smp->local_pk;
1745 pkbx = smp->remote_pk;
1746 na = smp->prnd;
1747 nb = smp->rrnd;
1748 } else {
1749 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1750 smp->prnd);
1751 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1752
1753 pkax = smp->remote_pk;
1754 pkbx = smp->local_pk;
1755 na = smp->rrnd;
1756 nb = smp->prnd;
1757 }
1758
Johan Hedberg760b0182014-06-06 11:44:05 +03001759 /* Generate MacKey and LTK */
1760 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1761 if (err)
1762 return SMP_UNSPECIFIED;
1763
Johan Hedbergdddd3052014-06-01 15:38:09 +03001764 if (smp->method == JUST_WORKS) {
1765 if (hcon->out) {
Johan Hedberg38606f12014-06-25 11:10:28 +03001766 sc_dhkey_check(smp);
Johan Hedbergdddd3052014-06-01 15:38:09 +03001767 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1768 }
1769 return 0;
1770 }
1771
Johan Hedberg38606f12014-06-25 11:10:28 +03001772 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
Johan Hedberg191dc7f2014-06-06 11:39:49 +03001773 if (err)
1774 return SMP_UNSPECIFIED;
1775
Johan Hedberg38606f12014-06-25 11:10:28 +03001776 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
1777 hcon->dst_type, passkey, 0);
1778 if (err)
1779 return SMP_UNSPECIFIED;
1780
1781 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1782
Johan Hedberg191dc7f2014-06-06 11:39:49 +03001783 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001784}
1785
Marcel Holtmannf81cd822014-07-01 10:59:24 +02001786static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001787{
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03001788 struct smp_ltk *key;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001789 struct hci_conn *hcon = conn->hcon;
1790
Johan Hedbergf3a73d92014-05-29 15:02:59 +03001791 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001792 if (!key)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02001793 return false;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001794
Johan Hedberga6f78332014-09-10 17:37:45 -07001795 if (smp_ltk_sec_level(key) < sec_level)
Marcel Holtmannf81cd822014-07-01 10:59:24 +02001796 return false;
Johan Hedberg4dab7862012-06-07 14:58:37 +08001797
Johan Hedberg51a8efd2012-01-16 06:10:31 +02001798 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
Marcel Holtmannf81cd822014-07-01 10:59:24 +02001799 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001800
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03001801 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1802 hcon->enc_key_size = key->enc_size;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001803
Johan Hedbergfe59a052014-07-01 19:14:12 +03001804 /* We never store STKs for master role, so clear this flag */
1805 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1806
Marcel Holtmannf81cd822014-07-01 10:59:24 +02001807 return true;
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001808}
Marcel Holtmannf1560462013-10-13 05:43:25 -07001809
Johan Hedberg35dc6f82014-11-13 10:55:18 +02001810bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1811 enum smp_key_pref key_pref)
Johan Hedberg854f4722014-07-01 18:40:20 +03001812{
1813 if (sec_level == BT_SECURITY_LOW)
1814 return true;
1815
Johan Hedberg35dc6f82014-11-13 10:55:18 +02001816 /* If we're encrypted with an STK but the caller prefers using
1817 * LTK claim insufficient security. This way we allow the
1818 * connection to be re-encrypted with an LTK, even if the LTK
1819 * provides the same level of security. Only exception is if we
1820 * don't have an LTK (e.g. because of key distribution bits).
Johan Hedberg9ab65d602014-07-01 19:14:13 +03001821 */
Johan Hedberg35dc6f82014-11-13 10:55:18 +02001822 if (key_pref == SMP_USE_LTK &&
1823 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
Johan Hedbergf3a73d92014-05-29 15:02:59 +03001824 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
Johan Hedberg9ab65d602014-07-01 19:14:13 +03001825 return false;
1826
Johan Hedberg854f4722014-07-01 18:40:20 +03001827 if (hcon->sec_level >= sec_level)
1828 return true;
1829
1830 return false;
1831}
1832
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001833static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001834{
1835 struct smp_cmd_security_req *rp = (void *) skb->data;
1836 struct smp_cmd_pairing cp;
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03001837 struct hci_conn *hcon = conn->hcon;
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001838 struct hci_dev *hdev = hcon->hdev;
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001839 struct smp_chan *smp;
Johan Hedbergc05b9332014-09-10 17:37:42 -07001840 u8 sec_level, auth;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001841
1842 BT_DBG("conn %p", conn);
1843
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001844 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001845 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001846
Johan Hedberg40bef302014-07-16 11:42:27 +03001847 if (hcon->role != HCI_ROLE_MASTER)
Johan Hedberg86ca9ea2013-11-05 11:30:39 +02001848 return SMP_CMD_NOTSUPP;
1849
Johan Hedberg0edb14d2014-05-26 13:29:28 +03001850 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
Johan Hedbergc05b9332014-09-10 17:37:42 -07001851
Johan Hedberg5be5e272014-09-10 17:58:54 -07001852 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
Johan Hedberg1afc2a12014-09-10 17:37:44 -07001853 sec_level = BT_SECURITY_MEDIUM;
1854 else
1855 sec_level = authreq_to_seclevel(auth);
1856
Johan Hedberg35dc6f82014-11-13 10:55:18 +02001857 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Johan Hedberg854f4722014-07-01 18:40:20 +03001858 return 0;
1859
Johan Hedbergc7262e72014-06-17 13:07:37 +03001860 if (sec_level > hcon->pending_sec_level)
1861 hcon->pending_sec_level = sec_level;
Vinicius Costa Gomesfeb45eb2011-08-25 20:02:35 -03001862
Johan Hedberg4dab7862012-06-07 14:58:37 +08001863 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
Vinicius Costa Gomes988c5992011-08-25 20:02:28 -03001864 return 0;
1865
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001866 smp = smp_chan_create(conn);
Johan Hedbergc29d2442014-06-16 19:25:14 +03001867 if (!smp)
1868 return SMP_UNSPECIFIED;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001869
Johan Hedbergb6ae8452014-07-30 09:22:22 +03001870 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
Johan Hedbergc05b9332014-09-10 17:37:42 -07001871 (auth & SMP_AUTH_BONDING))
Johan Hedberg616d55b2014-07-29 14:18:48 +03001872 return SMP_PAIRING_NOTSUPP;
1873
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001874 skb_pull(skb, sizeof(*rp));
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001875
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001876 memset(&cp, 0, sizeof(cp));
Johan Hedbergc05b9332014-09-10 17:37:42 -07001877 build_pairing_cmd(conn, &cp, NULL, auth);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001878
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001879 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1880 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001881
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001882 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03001883 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03001884
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03001885 return 0;
Anderson Briglia88ba43b2011-06-09 18:50:42 -03001886}
1887
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03001888int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001889{
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03001890 struct l2cap_conn *conn = hcon->l2cap_data;
Johan Hedbergc68b7f12014-09-06 06:59:10 +03001891 struct l2cap_chan *chan;
Johan Hedberg0a66cf22014-03-24 14:39:03 +02001892 struct smp_chan *smp;
Brian Gix2b64d152011-12-21 16:12:12 -08001893 __u8 authreq;
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001894 int ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001895
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03001896 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1897
Johan Hedberg0a66cf22014-03-24 14:39:03 +02001898 /* This may be NULL if there's an unexpected disconnection */
1899 if (!conn)
1900 return 1;
1901
Johan Hedbergc68b7f12014-09-06 06:59:10 +03001902 chan = conn->smp;
1903
Johan Hedberg757aee02013-04-24 13:05:32 +03001904 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
Andre Guedes2e65c9d2011-06-30 19:20:56 -03001905 return 1;
1906
Johan Hedberg35dc6f82014-11-13 10:55:18 +02001907 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03001908 return 1;
1909
Johan Hedbergc7262e72014-06-17 13:07:37 +03001910 if (sec_level > hcon->pending_sec_level)
1911 hcon->pending_sec_level = sec_level;
1912
Johan Hedberg40bef302014-07-16 11:42:27 +03001913 if (hcon->role == HCI_ROLE_MASTER)
Johan Hedbergc7262e72014-06-17 13:07:37 +03001914 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1915 return 0;
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001916
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001917 l2cap_chan_lock(chan);
1918
1919 /* If SMP is already in progress ignore this request */
1920 if (chan->data) {
1921 ret = 0;
1922 goto unlock;
1923 }
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001924
Vinicius Costa Gomes8aab4752011-09-05 14:31:31 -03001925 smp = smp_chan_create(conn);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001926 if (!smp) {
1927 ret = 1;
1928 goto unlock;
1929 }
Brian Gix2b64d152011-12-21 16:12:12 -08001930
1931 authreq = seclevel_to_authreq(sec_level);
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001932
Johan Hedbergd2eb9e12014-05-16 10:59:06 +03001933 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1934 authreq |= SMP_AUTH_SC;
1935
Johan Hedberg79897d22014-06-01 09:45:24 +03001936 /* Require MITM if IO Capability allows or the security level
1937 * requires it.
Johan Hedberg2e233642014-03-18 15:42:30 +02001938 */
Johan Hedberg79897d22014-06-01 09:45:24 +03001939 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
Johan Hedbergc7262e72014-06-17 13:07:37 +03001940 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
Johan Hedberg2e233642014-03-18 15:42:30 +02001941 authreq |= SMP_AUTH_MITM;
1942
Johan Hedberg40bef302014-07-16 11:42:27 +03001943 if (hcon->role == HCI_ROLE_MASTER) {
Vinicius Costa Gomesd26a2342011-08-19 21:06:51 -03001944 struct smp_cmd_pairing cp;
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001945
Brian Gix2b64d152011-12-21 16:12:12 -08001946 build_pairing_cmd(conn, &cp, NULL, authreq);
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001947 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1948 memcpy(&smp->preq[1], &cp, sizeof(cp));
Anderson Brigliaf01ead32011-06-09 18:50:45 -03001949
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001950 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03001951 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001952 } else {
1953 struct smp_cmd_security_req cp;
Brian Gix2b64d152011-12-21 16:12:12 -08001954 cp.auth_req = authreq;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001955 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
Johan Hedbergb28b4942014-09-05 22:19:55 +03001956 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001957 }
1958
Johan Hedberg4a74d652014-05-20 09:45:50 +03001959 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001960 ret = 0;
Johan Hedbergedca7922014-03-24 15:54:11 +02001961
Johan Hedbergfc75cc82014-09-05 22:19:52 +03001962unlock:
1963 l2cap_chan_unlock(chan);
1964 return ret;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03001965}
1966
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03001967static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1968{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03001969 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001970 struct l2cap_chan *chan = conn->smp;
1971 struct smp_chan *smp = chan->data;
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03001972
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001973 BT_DBG("conn %p", conn);
1974
1975 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03001976 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001977
Johan Hedbergb28b4942014-09-05 22:19:55 +03001978 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02001979
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03001980 skb_pull(skb, sizeof(*rp));
1981
Vinicius Costa Gomes1c1def02011-09-05 14:31:30 -03001982 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03001983
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03001984 return 0;
1985}
1986
1987static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1988{
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03001989 struct smp_cmd_master_ident *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03001990 struct l2cap_chan *chan = conn->smp;
1991 struct smp_chan *smp = chan->data;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03001992 struct hci_dev *hdev = conn->hcon->hdev;
1993 struct hci_conn *hcon = conn->hcon;
Johan Hedberg23d0e122014-02-19 14:57:46 +02001994 struct smp_ltk *ltk;
Vinicius Costa Gomesc9839a12012-02-02 21:08:01 -03001995 u8 authenticated;
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03001996
Johan Hedbergc46b98b2014-02-18 10:19:29 +02001997 BT_DBG("conn %p", conn);
1998
1999 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002000 return SMP_INVALID_PARAMS;
Johan Hedbergc46b98b2014-02-18 10:19:29 +02002001
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002002 /* Mark the information as received */
2003 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
2004
Johan Hedbergb28b4942014-09-05 22:19:55 +03002005 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
2006 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
Johan Hedberg196332f2014-09-09 16:21:46 -07002007 else if (smp->remote_key_dist & SMP_DIST_SIGN)
2008 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
Johan Hedbergb28b4942014-09-05 22:19:55 +03002009
Vinicius Costa Gomes16b90832011-07-07 18:59:39 -03002010 skb_pull(skb, sizeof(*rp));
2011
Marcel Holtmannce39fb42013-10-13 02:23:39 -07002012 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
Johan Hedberg2ceba532014-06-16 19:25:16 +03002013 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
Johan Hedberg23d0e122014-02-19 14:57:46 +02002014 authenticated, smp->tk, smp->enc_key_size,
2015 rp->ediv, rp->rand);
2016 smp->ltk = ltk;
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002017 if (!(smp->remote_key_dist & KEY_DIST_MASK))
Johan Hedbergd6268e82014-09-05 22:19:51 +03002018 smp_distribute_keys(smp);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002019
2020 return 0;
2021}
2022
Johan Hedbergfd349c02014-02-18 10:19:36 +02002023static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
2024{
2025 struct smp_cmd_ident_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002026 struct l2cap_chan *chan = conn->smp;
2027 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002028
2029 BT_DBG("");
2030
2031 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002032 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002033
Johan Hedbergb28b4942014-09-05 22:19:55 +03002034 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
Johan Hedberg6131ddc2014-02-18 10:19:37 +02002035
Johan Hedbergfd349c02014-02-18 10:19:36 +02002036 skb_pull(skb, sizeof(*info));
2037
2038 memcpy(smp->irk, info->irk, 16);
2039
2040 return 0;
2041}
2042
2043static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
2044 struct sk_buff *skb)
2045{
2046 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002047 struct l2cap_chan *chan = conn->smp;
2048 struct smp_chan *smp = chan->data;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002049 struct hci_conn *hcon = conn->hcon;
2050 bdaddr_t rpa;
2051
2052 BT_DBG("");
2053
2054 if (skb->len < sizeof(*info))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002055 return SMP_INVALID_PARAMS;
Johan Hedbergfd349c02014-02-18 10:19:36 +02002056
Johan Hedberg9747a9f2014-02-26 23:33:43 +02002057 /* Mark the information as received */
2058 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
2059
Johan Hedbergb28b4942014-09-05 22:19:55 +03002060 if (smp->remote_key_dist & SMP_DIST_SIGN)
2061 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
2062
Johan Hedbergfd349c02014-02-18 10:19:36 +02002063 skb_pull(skb, sizeof(*info));
2064
Johan Hedberga9a58f82014-02-25 22:24:37 +02002065 /* Strictly speaking the Core Specification (4.1) allows sending
2066 * an empty address which would force us to rely on just the IRK
2067 * as "identity information". However, since such
2068 * implementations are not known of and in order to not over
2069 * complicate our implementation, simply pretend that we never
2070 * received an IRK for such a device.
2071 */
2072 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
2073 BT_ERR("Ignoring IRK with no identity address");
Johan Hedberg31dd6242014-06-27 14:23:02 +03002074 goto distribute;
Johan Hedberga9a58f82014-02-25 22:24:37 +02002075 }
2076
Johan Hedbergfd349c02014-02-18 10:19:36 +02002077 bacpy(&smp->id_addr, &info->bdaddr);
2078 smp->id_addr_type = info->addr_type;
2079
2080 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
2081 bacpy(&rpa, &hcon->dst);
2082 else
2083 bacpy(&rpa, BDADDR_ANY);
2084
Johan Hedberg23d0e122014-02-19 14:57:46 +02002085 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
2086 smp->id_addr_type, smp->irk, &rpa);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002087
Johan Hedberg31dd6242014-06-27 14:23:02 +03002088distribute:
Johan Hedbergc6e81e92014-09-05 22:19:54 +03002089 if (!(smp->remote_key_dist & KEY_DIST_MASK))
2090 smp_distribute_keys(smp);
Johan Hedbergfd349c02014-02-18 10:19:36 +02002091
2092 return 0;
2093}
2094
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002095static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
2096{
2097 struct smp_cmd_sign_info *rp = (void *) skb->data;
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002098 struct l2cap_chan *chan = conn->smp;
2099 struct smp_chan *smp = chan->data;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002100 struct smp_csrk *csrk;
2101
2102 BT_DBG("conn %p", conn);
2103
2104 if (skb->len < sizeof(*rp))
Johan Hedberg38e4a912014-05-08 14:19:11 +03002105 return SMP_INVALID_PARAMS;
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002106
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002107 /* Mark the information as received */
2108 smp->remote_key_dist &= ~SMP_DIST_SIGN;
2109
2110 skb_pull(skb, sizeof(*rp));
2111
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002112 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
2113 if (csrk) {
2114 csrk->master = 0x01;
2115 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
2116 }
2117 smp->csrk = csrk;
Johan Hedbergd6268e82014-09-05 22:19:51 +03002118 smp_distribute_keys(smp);
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002119
2120 return 0;
2121}
2122
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002123static u8 sc_select_method(struct smp_chan *smp)
2124{
2125 struct l2cap_conn *conn = smp->conn;
2126 struct hci_conn *hcon = conn->hcon;
2127 struct smp_cmd_pairing *local, *remote;
2128 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2129
2130 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2131 * which are needed as inputs to some crypto functions. To get
2132 * the "struct smp_cmd_pairing" from them we need to skip the
2133 * first byte which contains the opcode.
2134 */
2135 if (hcon->out) {
2136 local = (void *) &smp->preq[1];
2137 remote = (void *) &smp->prsp[1];
2138 } else {
2139 local = (void *) &smp->prsp[1];
2140 remote = (void *) &smp->preq[1];
2141 }
2142
2143 local_io = local->io_capability;
2144 remote_io = remote->io_capability;
2145
2146 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2147 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2148
2149 /* If either side wants MITM, look up the method from the table,
2150 * otherwise use JUST WORKS.
2151 */
2152 if (local_mitm || remote_mitm)
2153 method = get_auth_method(smp, local_io, remote_io);
2154 else
2155 method = JUST_WORKS;
2156
2157 /* Don't confirm locally initiated pairing attempts */
2158 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2159 method = JUST_WORKS;
2160
2161 return method;
2162}
2163
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002164static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2165{
2166 struct smp_cmd_public_key *key = (void *) skb->data;
2167 struct hci_conn *hcon = conn->hcon;
2168 struct l2cap_chan *chan = conn->smp;
2169 struct smp_chan *smp = chan->data;
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002170 struct hci_dev *hdev = hcon->hdev;
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002171 struct smp_cmd_pairing_confirm cfm;
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002172 int err;
2173
2174 BT_DBG("conn %p", conn);
2175
2176 if (skb->len < sizeof(*key))
2177 return SMP_INVALID_PARAMS;
2178
2179 memcpy(smp->remote_pk, key, 64);
2180
2181 /* Non-initiating device sends its public key after receiving
2182 * the key from the initiating device.
2183 */
2184 if (!hcon->out) {
2185 err = sc_send_public_key(smp);
2186 if (err)
2187 return err;
2188 }
2189
2190 BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2191 BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2192
2193 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2194 return SMP_UNSPECIFIED;
2195
2196 BT_DBG("DHKey %32phN", smp->dhkey);
2197
2198 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2199
Johan Hedberg5e3d3d92014-05-31 18:51:02 +03002200 smp->method = sc_select_method(smp);
2201
2202 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2203
2204 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2205 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2206 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2207 else
2208 hcon->pending_sec_level = BT_SECURITY_FIPS;
2209
Johan Hedbergaeb7d462014-05-31 18:52:28 +03002210 if (!memcmp(debug_pk, smp->remote_pk, 64))
2211 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2212
Johan Hedberg38606f12014-06-25 11:10:28 +03002213 if (smp->method == DSP_PASSKEY) {
2214 get_random_bytes(&hcon->passkey_notify,
2215 sizeof(hcon->passkey_notify));
2216 hcon->passkey_notify %= 1000000;
2217 hcon->passkey_entered = 0;
2218 smp->passkey_round = 0;
2219 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2220 hcon->dst_type,
2221 hcon->passkey_notify,
2222 hcon->passkey_entered))
2223 return SMP_UNSPECIFIED;
2224 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2225 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2226 }
2227
2228 if (hcon->out)
2229 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2230
2231 if (smp->method == REQ_PASSKEY) {
2232 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2233 hcon->dst_type))
2234 return SMP_UNSPECIFIED;
2235 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2236 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2237 return 0;
2238 }
2239
Johan Hedbergcbbbe3e2014-06-06 11:30:08 +03002240 /* The Initiating device waits for the non-initiating device to
2241 * send the confirm value.
2242 */
2243 if (conn->hcon->out)
2244 return 0;
2245
2246 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2247 0, cfm.confirm_val);
2248 if (err)
2249 return SMP_UNSPECIFIED;
2250
2251 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2252 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2253
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002254 return 0;
2255}
2256
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002257static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2258{
2259 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2260 struct l2cap_chan *chan = conn->smp;
2261 struct hci_conn *hcon = conn->hcon;
2262 struct smp_chan *smp = chan->data;
2263 u8 a[7], b[7], *local_addr, *remote_addr;
2264 u8 io_cap[3], r[16], e[16];
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002265 u8 key_type, auth;
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002266 int err;
2267
2268 BT_DBG("conn %p", conn);
2269
2270 if (skb->len < sizeof(*check))
2271 return SMP_INVALID_PARAMS;
2272
2273 memcpy(a, &hcon->init_addr, 6);
2274 memcpy(b, &hcon->resp_addr, 6);
2275 a[6] = hcon->init_addr_type;
2276 b[6] = hcon->resp_addr_type;
2277
2278 if (hcon->out) {
2279 local_addr = a;
2280 remote_addr = b;
2281 memcpy(io_cap, &smp->prsp[1], 3);
2282 } else {
2283 local_addr = b;
2284 remote_addr = a;
2285 memcpy(io_cap, &smp->preq[1], 3);
2286 }
2287
2288 memset(r, 0, sizeof(r));
2289
Johan Hedberg38606f12014-06-25 11:10:28 +03002290 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2291 put_unaligned_le32(hcon->passkey_notify, r);
2292
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002293 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2294 io_cap, remote_addr, local_addr, e);
2295 if (err)
2296 return SMP_UNSPECIFIED;
2297
2298 if (memcmp(check->e, e, 16))
2299 return SMP_DHKEY_CHECK_FAILED;
2300
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002301 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
2302 key_type = SMP_LTK_P256_DEBUG;
2303 else
2304 key_type = SMP_LTK_P256;
2305
2306 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
2307 auth = 1;
2308 else
2309 auth = 0;
2310
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002311 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
Johan Hedbergd378a2d2014-05-31 18:53:36 +03002312 key_type, auth, smp->tk, smp->enc_key_size,
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002313 0, 0);
2314
2315 if (hcon->out) {
2316 hci_le_start_enc(hcon, 0, 0, smp->tk);
2317 hcon->enc_key_size = smp->enc_key_size;
2318 }
2319
2320 return 0;
2321}
2322
Johan Hedberg4befb862014-08-11 22:06:38 +03002323static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002324{
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002325 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002326 struct hci_conn *hcon = conn->hcon;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002327 struct smp_chan *smp;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002328 __u8 code, reason;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002329 int err = 0;
2330
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002331 if (hcon->type != LE_LINK) {
2332 kfree_skb(skb);
Johan Hedberg34327112013-10-16 11:37:01 +03002333 return 0;
Marcel Holtmann7b9899d2013-10-03 00:00:57 -07002334 }
2335
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002336 if (skb->len < 1)
Marcel Holtmann92381f52013-10-03 01:23:08 -07002337 return -EILSEQ;
Marcel Holtmann92381f52013-10-03 01:23:08 -07002338
Marcel Holtmann06ae3312013-10-18 03:43:00 -07002339 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
Andre Guedes2e65c9d2011-06-30 19:20:56 -03002340 reason = SMP_PAIRING_NOTSUPP;
2341 goto done;
2342 }
2343
Marcel Holtmann92381f52013-10-03 01:23:08 -07002344 code = skb->data[0];
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002345 skb_pull(skb, sizeof(code));
2346
Johan Hedbergb28b4942014-09-05 22:19:55 +03002347 smp = chan->data;
2348
2349 if (code > SMP_CMD_MAX)
2350 goto drop;
2351
Johan Hedberg24bd0bd2014-09-10 17:37:43 -07002352 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
Johan Hedbergb28b4942014-09-05 22:19:55 +03002353 goto drop;
2354
2355 /* If we don't have a context the only allowed commands are
2356 * pairing request and security request.
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002357 */
Johan Hedbergb28b4942014-09-05 22:19:55 +03002358 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2359 goto drop;
Johan Hedberg8cf9fa12013-01-29 10:44:23 -06002360
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002361 switch (code) {
2362 case SMP_CMD_PAIRING_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002363 reason = smp_cmd_pairing_req(conn, skb);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002364 break;
2365
2366 case SMP_CMD_PAIRING_FAIL:
Johan Hedberg84794e12013-11-06 11:24:57 +02002367 smp_failure(conn, 0);
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002368 err = -EPERM;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002369 break;
2370
2371 case SMP_CMD_PAIRING_RSP:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002372 reason = smp_cmd_pairing_rsp(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002373 break;
2374
2375 case SMP_CMD_SECURITY_REQ:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002376 reason = smp_cmd_security_req(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002377 break;
2378
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002379 case SMP_CMD_PAIRING_CONFIRM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002380 reason = smp_cmd_pairing_confirm(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002381 break;
2382
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002383 case SMP_CMD_PAIRING_RANDOM:
Vinicius Costa Gomesda85e5e2011-06-09 18:50:53 -03002384 reason = smp_cmd_pairing_random(conn, skb);
Anderson Briglia88ba43b2011-06-09 18:50:42 -03002385 break;
2386
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002387 case SMP_CMD_ENCRYPT_INFO:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002388 reason = smp_cmd_encrypt_info(conn, skb);
2389 break;
2390
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002391 case SMP_CMD_MASTER_IDENT:
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002392 reason = smp_cmd_master_ident(conn, skb);
2393 break;
2394
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002395 case SMP_CMD_IDENT_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002396 reason = smp_cmd_ident_info(conn, skb);
2397 break;
2398
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002399 case SMP_CMD_IDENT_ADDR_INFO:
Johan Hedbergfd349c02014-02-18 10:19:36 +02002400 reason = smp_cmd_ident_addr_info(conn, skb);
2401 break;
2402
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002403 case SMP_CMD_SIGN_INFO:
Marcel Holtmann7ee4ea32014-03-09 12:19:17 -07002404 reason = smp_cmd_sign_info(conn, skb);
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002405 break;
2406
Johan Hedbergd8f8edb2014-06-06 11:09:28 +03002407 case SMP_CMD_PUBLIC_KEY:
2408 reason = smp_cmd_public_key(conn, skb);
2409 break;
2410
Johan Hedberg6433a9a2014-06-06 11:47:30 +03002411 case SMP_CMD_DHKEY_CHECK:
2412 reason = smp_cmd_dhkey_check(conn, skb);
2413 break;
2414
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002415 default:
2416 BT_DBG("Unknown command code 0x%2.2x", code);
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002417 reason = SMP_CMD_NOTSUPP;
Vinicius Costa Gomes3a0259b2011-06-09 18:50:43 -03002418 goto done;
2419 }
2420
2421done:
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002422 if (!err) {
2423 if (reason)
2424 smp_failure(conn, reason);
Johan Hedberg8ae9b982014-08-11 22:06:39 +03002425 kfree_skb(skb);
Johan Hedberg9b7b18e2014-08-18 20:33:31 +03002426 }
2427
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002428 return err;
Johan Hedbergb28b4942014-09-05 22:19:55 +03002429
2430drop:
2431 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2432 code, &hcon->dst);
2433 kfree_skb(skb);
2434 return 0;
Anderson Brigliaeb492e02011-06-09 18:50:40 -03002435}
Vinicius Costa Gomes7034b912011-07-07 18:59:34 -03002436
Johan Hedberg70db83c2014-08-08 09:37:16 +03002437static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2438{
2439 struct l2cap_conn *conn = chan->conn;
2440
2441 BT_DBG("chan %p", chan);
2442
Johan Hedbergfc75cc82014-09-05 22:19:52 +03002443 if (chan->data)
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002444 smp_chan_destroy(conn);
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002445
Johan Hedberg70db83c2014-08-08 09:37:16 +03002446 conn->smp = NULL;
2447 l2cap_chan_put(chan);
2448}
2449
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002450static void smp_resume_cb(struct l2cap_chan *chan)
2451{
Johan Hedbergb68fda62014-08-11 22:06:40 +03002452 struct smp_chan *smp = chan->data;
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002453 struct l2cap_conn *conn = chan->conn;
2454 struct hci_conn *hcon = conn->hcon;
2455
2456 BT_DBG("chan %p", chan);
2457
Johan Hedberg86d14072014-08-11 22:06:43 +03002458 if (!smp)
2459 return;
Johan Hedbergb68fda62014-08-11 22:06:40 +03002460
Johan Hedberg84bc0db2014-09-05 22:19:49 +03002461 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2462 return;
2463
Johan Hedberg86d14072014-08-11 22:06:43 +03002464 cancel_delayed_work(&smp->security_timer);
2465
Johan Hedbergd6268e82014-09-05 22:19:51 +03002466 smp_distribute_keys(smp);
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002467}
2468
Johan Hedberg70db83c2014-08-08 09:37:16 +03002469static void smp_ready_cb(struct l2cap_chan *chan)
2470{
2471 struct l2cap_conn *conn = chan->conn;
2472
2473 BT_DBG("chan %p", chan);
2474
2475 conn->smp = chan;
2476 l2cap_chan_hold(chan);
2477}
2478
Johan Hedberg4befb862014-08-11 22:06:38 +03002479static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2480{
2481 int err;
2482
2483 BT_DBG("chan %p", chan);
2484
2485 err = smp_sig_channel(chan, skb);
2486 if (err) {
Johan Hedbergb68fda62014-08-11 22:06:40 +03002487 struct smp_chan *smp = chan->data;
Johan Hedberg4befb862014-08-11 22:06:38 +03002488
Johan Hedbergb68fda62014-08-11 22:06:40 +03002489 if (smp)
2490 cancel_delayed_work_sync(&smp->security_timer);
Johan Hedberg4befb862014-08-11 22:06:38 +03002491
Johan Hedberg1e91c292014-08-18 20:33:29 +03002492 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
Johan Hedberg4befb862014-08-11 22:06:38 +03002493 }
2494
2495 return err;
2496}
2497
Johan Hedberg70db83c2014-08-08 09:37:16 +03002498static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2499 unsigned long hdr_len,
2500 unsigned long len, int nb)
2501{
2502 struct sk_buff *skb;
2503
2504 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2505 if (!skb)
2506 return ERR_PTR(-ENOMEM);
2507
2508 skb->priority = HCI_PRIO_MAX;
2509 bt_cb(skb)->chan = chan;
2510
2511 return skb;
2512}
2513
2514static const struct l2cap_ops smp_chan_ops = {
2515 .name = "Security Manager",
2516 .ready = smp_ready_cb,
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002517 .recv = smp_recv_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03002518 .alloc_skb = smp_alloc_skb_cb,
2519 .teardown = smp_teardown_cb,
Johan Hedberg44f1a7a2014-08-11 22:06:36 +03002520 .resume = smp_resume_cb,
Johan Hedberg70db83c2014-08-08 09:37:16 +03002521
2522 .new_connection = l2cap_chan_no_new_connection,
Johan Hedberg70db83c2014-08-08 09:37:16 +03002523 .state_change = l2cap_chan_no_state_change,
2524 .close = l2cap_chan_no_close,
2525 .defer = l2cap_chan_no_defer,
2526 .suspend = l2cap_chan_no_suspend,
Johan Hedberg70db83c2014-08-08 09:37:16 +03002527 .set_shutdown = l2cap_chan_no_set_shutdown,
2528 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2529 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2530};
2531
2532static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2533{
2534 struct l2cap_chan *chan;
2535
2536 BT_DBG("pchan %p", pchan);
2537
2538 chan = l2cap_chan_create();
2539 if (!chan)
2540 return NULL;
2541
2542 chan->chan_type = pchan->chan_type;
2543 chan->ops = &smp_chan_ops;
2544 chan->scid = pchan->scid;
2545 chan->dcid = chan->scid;
2546 chan->imtu = pchan->imtu;
2547 chan->omtu = pchan->omtu;
2548 chan->mode = pchan->mode;
2549
Johan Hedbergabe84902014-11-12 22:22:21 +02002550 /* Other L2CAP channels may request SMP routines in order to
2551 * change the security level. This means that the SMP channel
2552 * lock must be considered in its own category to avoid lockdep
2553 * warnings.
2554 */
2555 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2556
Johan Hedberg70db83c2014-08-08 09:37:16 +03002557 BT_DBG("created chan %p", chan);
2558
2559 return chan;
2560}
2561
2562static const struct l2cap_ops smp_root_chan_ops = {
2563 .name = "Security Manager Root",
2564 .new_connection = smp_new_conn_cb,
2565
2566 /* None of these are implemented for the root channel */
2567 .close = l2cap_chan_no_close,
2568 .alloc_skb = l2cap_chan_no_alloc_skb,
2569 .recv = l2cap_chan_no_recv,
2570 .state_change = l2cap_chan_no_state_change,
2571 .teardown = l2cap_chan_no_teardown,
2572 .ready = l2cap_chan_no_ready,
2573 .defer = l2cap_chan_no_defer,
2574 .suspend = l2cap_chan_no_suspend,
2575 .resume = l2cap_chan_no_resume,
2576 .set_shutdown = l2cap_chan_no_set_shutdown,
2577 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2578 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2579};
2580
Johan Hedberg711eafe2014-08-08 09:32:52 +03002581int smp_register(struct hci_dev *hdev)
2582{
Johan Hedberg70db83c2014-08-08 09:37:16 +03002583 struct l2cap_chan *chan;
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002584 struct crypto_blkcipher *tfm_aes;
Johan Hedberg70db83c2014-08-08 09:37:16 +03002585
Johan Hedberg711eafe2014-08-08 09:32:52 +03002586 BT_DBG("%s", hdev->name);
2587
Johan Hedbergadae20c2014-11-13 14:37:48 +02002588 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002589 if (IS_ERR(tfm_aes)) {
2590 int err = PTR_ERR(tfm_aes);
Johan Hedberg711eafe2014-08-08 09:32:52 +03002591 BT_ERR("Unable to create crypto context");
Johan Hedberg711eafe2014-08-08 09:32:52 +03002592 return err;
2593 }
2594
Johan Hedberg70db83c2014-08-08 09:37:16 +03002595 chan = l2cap_chan_create();
2596 if (!chan) {
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002597 crypto_free_blkcipher(tfm_aes);
Johan Hedberg70db83c2014-08-08 09:37:16 +03002598 return -ENOMEM;
2599 }
2600
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002601 chan->data = tfm_aes;
2602
Johan Hedberg5d88cc72014-08-08 09:37:18 +03002603 l2cap_add_scid(chan, L2CAP_CID_SMP);
Johan Hedberg70db83c2014-08-08 09:37:16 +03002604
2605 l2cap_chan_set_defaults(chan);
2606
2607 bacpy(&chan->src, &hdev->bdaddr);
2608 chan->src_type = BDADDR_LE_PUBLIC;
2609 chan->state = BT_LISTEN;
2610 chan->mode = L2CAP_MODE_BASIC;
2611 chan->imtu = L2CAP_DEFAULT_MTU;
2612 chan->ops = &smp_root_chan_ops;
2613
Johan Hedbergabe84902014-11-12 22:22:21 +02002614 /* Set correct nesting level for a parent/listening channel */
2615 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2616
Johan Hedberg70db83c2014-08-08 09:37:16 +03002617 hdev->smp_data = chan;
2618
Johan Hedberg711eafe2014-08-08 09:32:52 +03002619 return 0;
2620}
2621
2622void smp_unregister(struct hci_dev *hdev)
2623{
Johan Hedberg70db83c2014-08-08 09:37:16 +03002624 struct l2cap_chan *chan = hdev->smp_data;
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002625 struct crypto_blkcipher *tfm_aes;
Johan Hedberg70db83c2014-08-08 09:37:16 +03002626
2627 if (!chan)
2628 return;
2629
2630 BT_DBG("%s chan %p", hdev->name, chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03002631
Johan Hedbergdefce9e2014-08-08 09:37:17 +03002632 tfm_aes = chan->data;
2633 if (tfm_aes) {
2634 chan->data = NULL;
2635 crypto_free_blkcipher(tfm_aes);
Johan Hedberg711eafe2014-08-08 09:32:52 +03002636 }
Johan Hedberg70db83c2014-08-08 09:37:16 +03002637
2638 hdev->smp_data = NULL;
2639 l2cap_chan_put(chan);
Johan Hedberg711eafe2014-08-08 09:32:52 +03002640}