1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23#include <linux/crypto.h> 24#include <linux/scatterlist.h> 25#include <crypto/b128ops.h> 26 27#include <net/bluetooth/bluetooth.h> 28#include <net/bluetooth/hci_core.h> 29#include <net/bluetooth/l2cap.h> 30#include <net/bluetooth/mgmt.h> 31#include <net/bluetooth/smp.h> 32 33#define SMP_TIMEOUT msecs_to_jiffies(30000) 34 35#define AUTH_REQ_MASK 0x07 36 37static inline void swap128(u8 src[16], u8 dst[16]) 38{ 39 int i; 40 for (i = 0; i < 16; i++) 41 dst[15 - i] = src[i]; 42} 43 44static inline void swap56(u8 src[7], u8 dst[7]) 45{ 46 int i; 47 for (i = 0; i < 7; i++) 48 dst[6 - i] = src[i]; 49} 50 51static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 52{ 53 struct blkcipher_desc desc; 54 struct scatterlist sg; 55 int err, iv_len; 56 unsigned char iv[128]; 57 58 if (tfm == NULL) { 59 BT_ERR("tfm %p", tfm); 60 return -EINVAL; 61 } 62 63 desc.tfm = tfm; 64 desc.flags = 0; 65 66 err = crypto_blkcipher_setkey(tfm, k, 16); 67 if (err) { 68 BT_ERR("cipher setkey failed: %d", err); 69 return err; 70 } 71 72 sg_init_one(&sg, r, 16); 73 74 iv_len = crypto_blkcipher_ivsize(tfm); 75 if (iv_len) { 76 memset(&iv, 0xff, iv_len); 77 crypto_blkcipher_set_iv(tfm, iv, iv_len); 78 } 79 80 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 81 if (err) 82 BT_ERR("Encrypt data error %d", err); 83 84 return err; 85} 86 87static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], 88 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, 89 u8 _rat, bdaddr_t *ra, u8 res[16]) 90{ 91 u8 p1[16], p2[16]; 92 int err; 93 94 memset(p1, 0, 16); 95 96 /* p1 = pres || preq || _rat || _iat */ 97 swap56(pres, p1); 98 swap56(preq, p1 + 7); 99 p1[14] = _rat; 100 p1[15] = _iat; 101 102 memset(p2, 0, 16); 103 104 /* p2 = padding || ia || ra */ 105 baswap((bdaddr_t *) (p2 + 4), ia); 106 baswap((bdaddr_t *) (p2 + 10), ra); 107 108 /* res = r XOR p1 */ 109 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); 110 111 /* res = e(k, res) */ 112 err = smp_e(tfm, k, res); 113 if (err) { 114 BT_ERR("Encrypt data error"); 115 return err; 116 } 117 118 /* res = res XOR p2 */ 119 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); 120 121 /* res = e(k, res) */ 122 err = smp_e(tfm, k, res); 123 if (err) 124 BT_ERR("Encrypt data error"); 125 126 return err; 127} 128 129static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], 130 u8 r1[16], u8 r2[16], u8 _r[16]) 131{ 132 int err; 133 134 /* Just least significant octets from r1 and r2 are considered */ 135 memcpy(_r, r1 + 8, 8); 136 memcpy(_r + 8, r2 + 8, 8); 137 138 err = smp_e(tfm, k, _r); 139 if (err) 140 BT_ERR("Encrypt data error"); 141 142 return err; 143} 144 145static int smp_rand(u8 *buf) 146{ 147 get_random_bytes(buf, 16); 148 149 return 0; 150} 151 152static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code, 153 u16 dlen, void *data) 154{ 155 struct sk_buff *skb; 156 struct l2cap_hdr *lh; 157 int len; 158 159 len = L2CAP_HDR_SIZE + sizeof(code) + dlen; 160 161 if (len > conn->mtu) 162 return NULL; 163 164 skb = bt_skb_alloc(len, GFP_ATOMIC); 165 if (!skb) 166 return NULL; 167 168 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 169 lh->len = cpu_to_le16(sizeof(code) + dlen); 170 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP); 171 172 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); 173 174 memcpy(skb_put(skb, dlen), data, dlen); 175 176 return skb; 177} 178 179static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 180{ 181 struct sk_buff *skb = smp_build_cmd(conn, code, len, data); 182 183 BT_DBG("code 0x%2.2x", code); 184 185 if (!skb) 186 return; 187 188 skb->priority = HCI_PRIO_MAX; 189 hci_send_acl(conn->hchan, skb, 0); 190 191 cancel_delayed_work_sync(&conn->security_timer); 192 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT); 193} 194 195static __u8 authreq_to_seclevel(__u8 authreq) 196{ 197 if (authreq & SMP_AUTH_MITM) 198 return BT_SECURITY_HIGH; 199 else 200 return BT_SECURITY_MEDIUM; 201} 202 203static __u8 seclevel_to_authreq(__u8 sec_level) 204{ 205 switch (sec_level) { 206 case BT_SECURITY_HIGH: 207 return SMP_AUTH_MITM | SMP_AUTH_BONDING; 208 case BT_SECURITY_MEDIUM: 209 return SMP_AUTH_BONDING; 210 default: 211 return SMP_AUTH_NONE; 212 } 213} 214 215static void build_pairing_cmd(struct l2cap_conn *conn, 216 struct smp_cmd_pairing *req, 217 struct smp_cmd_pairing *rsp, 218 __u8 authreq) 219{ 220 u8 dist_keys = 0; 221 222 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { 223 dist_keys = SMP_DIST_ENC_KEY; 224 authreq |= SMP_AUTH_BONDING; 225 } else { 226 authreq &= ~SMP_AUTH_BONDING; 227 } 228 229 if (rsp == NULL) { 230 req->io_capability = conn->hcon->io_capability; 231 req->oob_flag = SMP_OOB_NOT_PRESENT; 232 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 233 req->init_key_dist = 0; 234 req->resp_key_dist = dist_keys; 235 req->auth_req = (authreq & AUTH_REQ_MASK); 236 return; 237 } 238 239 rsp->io_capability = conn->hcon->io_capability; 240 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 241 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 242 rsp->init_key_dist = 0; 243 rsp->resp_key_dist = req->resp_key_dist & dist_keys; 244 rsp->auth_req = (authreq & AUTH_REQ_MASK); 245} 246 247static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 248{ 249 struct smp_chan *smp = conn->smp_chan; 250 251 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 252 (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 253 return SMP_ENC_KEY_SIZE; 254 255 smp->enc_key_size = max_key_size; 256 257 return 0; 258} 259 260static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send) 261{ 262 struct hci_conn *hcon = conn->hcon; 263 264 if (send) 265 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 266 &reason); 267 268 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags); 269 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type, 270 hcon->dst_type, HCI_ERROR_AUTH_FAILURE); 271 272 cancel_delayed_work_sync(&conn->security_timer); 273 274 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) 275 smp_chan_destroy(conn); 276} 277 278#define JUST_WORKS 0x00 279#define JUST_CFM 0x01 280#define REQ_PASSKEY 0x02 281#define CFM_PASSKEY 0x03 282#define REQ_OOB 0x04 283#define OVERLAP 0xFF 284 285static const u8 gen_method[5][5] = { 286 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 287 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 288 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 289 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 290 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 291}; 292 293static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, 294 u8 local_io, u8 remote_io) 295{ 296 struct hci_conn *hcon = conn->hcon; 297 struct smp_chan *smp = conn->smp_chan; 298 u8 method; 299 u32 passkey = 0; 300 int ret = 0; 301 302 /* Initialize key for JUST WORKS */ 303 memset(smp->tk, 0, sizeof(smp->tk)); 304 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 305 306 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); 307 308 /* If neither side wants MITM, use JUST WORKS */ 309 /* If either side has unknown io_caps, use JUST WORKS */ 310 /* Otherwise, look up method from the table */ 311 if (!(auth & SMP_AUTH_MITM) || 312 local_io > SMP_IO_KEYBOARD_DISPLAY || 313 remote_io > SMP_IO_KEYBOARD_DISPLAY) 314 method = JUST_WORKS; 315 else 316 method = gen_method[remote_io][local_io]; 317 318 /* If not bonding, don't ask user to confirm a Zero TK */ 319 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM) 320 method = JUST_WORKS; 321 322 /* If Just Works, Continue with Zero TK */ 323 if (method == JUST_WORKS) { 324 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 325 return 0; 326 } 327 328 /* Not Just Works/Confirm results in MITM Authentication */ 329 if (method != JUST_CFM) 330 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags); 331 332 /* If both devices have Keyoard-Display I/O, the master 333 * Confirms and the slave Enters the passkey. 334 */ 335 if (method == OVERLAP) { 336 if (hcon->link_mode & HCI_LM_MASTER) 337 method = CFM_PASSKEY; 338 else 339 method = REQ_PASSKEY; 340 } 341 342 /* Generate random passkey. Not valid until confirmed. */ 343 if (method == CFM_PASSKEY) { 344 u8 key[16]; 345 346 memset(key, 0, sizeof(key)); 347 get_random_bytes(&passkey, sizeof(passkey)); 348 passkey %= 1000000; 349 put_unaligned_le32(passkey, key); 350 swap128(key, smp->tk); 351 BT_DBG("PassKey: %d", passkey); 352 } 353 354 hci_dev_lock(hcon->hdev); 355 356 if (method == REQ_PASSKEY) 357 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst, 358 hcon->type, hcon->dst_type); 359 else 360 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst, 361 hcon->type, hcon->dst_type, 362 cpu_to_le32(passkey), 0); 363 364 hci_dev_unlock(hcon->hdev); 365 366 return ret; 367} 368 369static void confirm_work(struct work_struct *work) 370{ 371 struct smp_chan *smp = container_of(work, struct smp_chan, confirm); 372 struct l2cap_conn *conn = smp->conn; 373 struct crypto_blkcipher *tfm; 374 struct smp_cmd_pairing_confirm cp; 375 int ret; 376 u8 res[16], reason; 377 378 BT_DBG("conn %p", conn); 379 380 tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 381 if (IS_ERR(tfm)) { 382 reason = SMP_UNSPECIFIED; 383 goto error; 384 } 385 386 smp->tfm = tfm; 387 388 if (conn->hcon->out) 389 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0, 390 conn->src, conn->hcon->dst_type, conn->dst, res); 391 else 392 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 393 conn->hcon->dst_type, conn->dst, 0, conn->src, 394 res); 395 if (ret) { 396 reason = SMP_UNSPECIFIED; 397 goto error; 398 } 399 400 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 401 402 swap128(res, cp.confirm_val); 403 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 404 405 return; 406 407error: 408 smp_failure(conn, reason, 1); 409} 410 411static void random_work(struct work_struct *work) 412{ 413 struct smp_chan *smp = container_of(work, struct smp_chan, random); 414 struct l2cap_conn *conn = smp->conn; 415 struct hci_conn *hcon = conn->hcon; 416 struct crypto_blkcipher *tfm = smp->tfm; 417 u8 reason, confirm[16], res[16], key[16]; 418 int ret; 419 420 if (IS_ERR_OR_NULL(tfm)) { 421 reason = SMP_UNSPECIFIED; 422 goto error; 423 } 424 425 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 426 427 if (hcon->out) 428 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0, 429 conn->src, hcon->dst_type, conn->dst, res); 430 else 431 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 432 hcon->dst_type, conn->dst, 0, conn->src, res); 433 if (ret) { 434 reason = SMP_UNSPECIFIED; 435 goto error; 436 } 437 438 swap128(res, confirm); 439 440 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 441 BT_ERR("Pairing failed (confirmation values mismatch)"); 442 reason = SMP_CONFIRM_FAILED; 443 goto error; 444 } 445 446 if (hcon->out) { 447 u8 stk[16], rand[8]; 448 __le16 ediv; 449 450 memset(rand, 0, sizeof(rand)); 451 ediv = 0; 452 453 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key); 454 swap128(key, stk); 455 456 memset(stk + smp->enc_key_size, 0, 457 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 458 459 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) { 460 reason = SMP_UNSPECIFIED; 461 goto error; 462 } 463 464 hci_le_start_enc(hcon, ediv, rand, stk); 465 hcon->enc_key_size = smp->enc_key_size; 466 } else { 467 u8 stk[16], r[16], rand[8]; 468 __le16 ediv; 469 470 memset(rand, 0, sizeof(rand)); 471 ediv = 0; 472 473 swap128(smp->prnd, r); 474 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); 475 476 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key); 477 swap128(key, stk); 478 479 memset(stk + smp->enc_key_size, 0, 480 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 481 482 hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type, 483 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size, 484 ediv, rand); 485 } 486 487 return; 488 489error: 490 smp_failure(conn, reason, 1); 491} 492 493static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 494{ 495 struct smp_chan *smp; 496 497 smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC); 498 if (!smp) 499 return NULL; 500 501 INIT_WORK(&smp->confirm, confirm_work); 502 INIT_WORK(&smp->random, random_work); 503 504 smp->conn = conn; 505 conn->smp_chan = smp; 506 conn->hcon->smp_conn = conn; 507 508 hci_conn_hold(conn->hcon); 509 510 return smp; 511} 512 513void smp_chan_destroy(struct l2cap_conn *conn) 514{ 515 struct smp_chan *smp = conn->smp_chan; 516 517 BUG_ON(!smp); 518 519 if (smp->tfm) 520 crypto_free_blkcipher(smp->tfm); 521 522 kfree(smp); 523 conn->smp_chan = NULL; 524 conn->hcon->smp_conn = NULL; 525 hci_conn_drop(conn->hcon); 526} 527 528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 529{ 530 struct l2cap_conn *conn = hcon->smp_conn; 531 struct smp_chan *smp; 532 u32 value; 533 u8 key[16]; 534 535 BT_DBG(""); 536 537 if (!conn) 538 return -ENOTCONN; 539 540 smp = conn->smp_chan; 541 542 switch (mgmt_op) { 543 case MGMT_OP_USER_PASSKEY_REPLY: 544 value = le32_to_cpu(passkey); 545 memset(key, 0, sizeof(key)); 546 BT_DBG("PassKey: %d", value); 547 put_unaligned_le32(value, key); 548 swap128(key, smp->tk); 549 /* Fall Through */ 550 case MGMT_OP_USER_CONFIRM_REPLY: 551 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 552 break; 553 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 554 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 555 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1); 556 return 0; 557 default: 558 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1); 559 return -EOPNOTSUPP; 560 } 561 562 /* If it is our turn to send Pairing Confirm, do so now */ 563 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags)) 564 queue_work(hcon->hdev->workqueue, &smp->confirm); 565 566 return 0; 567} 568 569static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 570{ 571 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 572 struct smp_chan *smp; 573 u8 key_size; 574 u8 auth = SMP_AUTH_NONE; 575 int ret; 576 577 BT_DBG("conn %p", conn); 578 579 if (conn->hcon->link_mode & HCI_LM_MASTER) 580 return SMP_CMD_NOTSUPP; 581 582 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) 583 smp = smp_chan_create(conn); 584 else 585 smp = conn->smp_chan; 586 587 if (!smp) 588 return SMP_UNSPECIFIED; 589 590 smp->preq[0] = SMP_CMD_PAIRING_REQ; 591 memcpy(&smp->preq[1], req, sizeof(*req)); 592 skb_pull(skb, sizeof(*req)); 593 594 /* We didn't start the pairing, so match remote */ 595 if (req->auth_req & SMP_AUTH_BONDING) 596 auth = req->auth_req; 597 598 conn->hcon->pending_sec_level = authreq_to_seclevel(auth); 599 600 build_pairing_cmd(conn, req, &rsp, auth); 601 602 key_size = min(req->max_key_size, rsp.max_key_size); 603 if (check_enc_key_size(conn, key_size)) 604 return SMP_ENC_KEY_SIZE; 605 606 ret = smp_rand(smp->prnd); 607 if (ret) 608 return SMP_UNSPECIFIED; 609 610 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 611 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 612 613 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 614 615 /* Request setup of TK */ 616 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 617 if (ret) 618 return SMP_UNSPECIFIED; 619 620 return 0; 621} 622 623static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 624{ 625 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 626 struct smp_chan *smp = conn->smp_chan; 627 struct hci_dev *hdev = conn->hcon->hdev; 628 u8 key_size, auth = SMP_AUTH_NONE; 629 int ret; 630 631 BT_DBG("conn %p", conn); 632 633 if (!(conn->hcon->link_mode & HCI_LM_MASTER)) 634 return SMP_CMD_NOTSUPP; 635 636 skb_pull(skb, sizeof(*rsp)); 637 638 req = (void *) &smp->preq[1]; 639 640 key_size = min(req->max_key_size, rsp->max_key_size); 641 if (check_enc_key_size(conn, key_size)) 642 return SMP_ENC_KEY_SIZE; 643 644 ret = smp_rand(smp->prnd); 645 if (ret) 646 return SMP_UNSPECIFIED; 647 648 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 649 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 650 651 if ((req->auth_req & SMP_AUTH_BONDING) && 652 (rsp->auth_req & SMP_AUTH_BONDING)) 653 auth = SMP_AUTH_BONDING; 654 655 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM; 656 657 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 658 if (ret) 659 return SMP_UNSPECIFIED; 660 661 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 662 663 /* Can't compose response until we have been confirmed */ 664 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) 665 return 0; 666 667 queue_work(hdev->workqueue, &smp->confirm); 668 669 return 0; 670} 671 672static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 673{ 674 struct smp_chan *smp = conn->smp_chan; 675 struct hci_dev *hdev = conn->hcon->hdev; 676 677 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 678 679 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 680 skb_pull(skb, sizeof(smp->pcnf)); 681 682 if (conn->hcon->out) { 683 u8 random[16]; 684 685 swap128(smp->prnd, random); 686 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), 687 random); 688 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) { 689 queue_work(hdev->workqueue, &smp->confirm); 690 } else { 691 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 692 } 693 694 return 0; 695} 696 697static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 698{ 699 struct smp_chan *smp = conn->smp_chan; 700 struct hci_dev *hdev = conn->hcon->hdev; 701 702 BT_DBG("conn %p", conn); 703 704 swap128(skb->data, smp->rrnd); 705 skb_pull(skb, sizeof(smp->rrnd)); 706 707 queue_work(hdev->workqueue, &smp->random); 708 709 return 0; 710} 711 712static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 713{ 714 struct smp_ltk *key; 715 struct hci_conn *hcon = conn->hcon; 716 717 key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type); 718 if (!key) 719 return 0; 720 721 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated) 722 return 0; 723 724 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 725 return 1; 726 727 hci_le_start_enc(hcon, key->ediv, key->rand, key->val); 728 hcon->enc_key_size = key->enc_size; 729 730 return 1; 731 732} 733static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) 734{ 735 struct smp_cmd_security_req *rp = (void *) skb->data; 736 struct smp_cmd_pairing cp; 737 struct hci_conn *hcon = conn->hcon; 738 struct smp_chan *smp; 739 740 BT_DBG("conn %p", conn); 741 742 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); 743 744 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 745 return 0; 746 747 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 748 return 0; 749 750 smp = smp_chan_create(conn); 751 752 skb_pull(skb, sizeof(*rp)); 753 754 memset(&cp, 0, sizeof(cp)); 755 build_pairing_cmd(conn, &cp, NULL, rp->auth_req); 756 757 smp->preq[0] = SMP_CMD_PAIRING_REQ; 758 memcpy(&smp->preq[1], &cp, sizeof(cp)); 759 760 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 761 762 return 0; 763} 764 765int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) 766{ 767 struct l2cap_conn *conn = hcon->l2cap_data; 768 struct smp_chan *smp = conn->smp_chan; 769 __u8 authreq; 770 771 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 772 773 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 774 return 1; 775 776 if (sec_level == BT_SECURITY_LOW) 777 return 1; 778 779 if (hcon->sec_level >= sec_level) 780 return 1; 781 782 if (hcon->link_mode & HCI_LM_MASTER) 783 if (smp_ltk_encrypt(conn, sec_level)) 784 goto done; 785 786 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 787 return 0; 788 789 smp = smp_chan_create(conn); 790 if (!smp) 791 return 1; 792 793 authreq = seclevel_to_authreq(sec_level); 794 795 if (hcon->link_mode & HCI_LM_MASTER) { 796 struct smp_cmd_pairing cp; 797 798 build_pairing_cmd(conn, &cp, NULL, authreq); 799 smp->preq[0] = SMP_CMD_PAIRING_REQ; 800 memcpy(&smp->preq[1], &cp, sizeof(cp)); 801 802 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 803 } else { 804 struct smp_cmd_security_req cp; 805 cp.auth_req = authreq; 806 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 807 } 808 809done: 810 hcon->pending_sec_level = sec_level; 811 812 return 0; 813} 814 815static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) 816{ 817 struct smp_cmd_encrypt_info *rp = (void *) skb->data; 818 struct smp_chan *smp = conn->smp_chan; 819 820 skb_pull(skb, sizeof(*rp)); 821 822 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); 823 824 return 0; 825} 826 827static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) 828{ 829 struct smp_cmd_master_ident *rp = (void *) skb->data; 830 struct smp_chan *smp = conn->smp_chan; 831 struct hci_dev *hdev = conn->hcon->hdev; 832 struct hci_conn *hcon = conn->hcon; 833 u8 authenticated; 834 835 skb_pull(skb, sizeof(*rp)); 836 837 hci_dev_lock(hdev); 838 authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH); 839 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type, 840 HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size, 841 rp->ediv, rp->rand); 842 smp_distribute_keys(conn, 1); 843 hci_dev_unlock(hdev); 844 845 return 0; 846} 847 848int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) 849{ 850 __u8 code = skb->data[0]; 851 __u8 reason; 852 int err = 0; 853 854 if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) { 855 err = -ENOTSUPP; 856 reason = SMP_PAIRING_NOTSUPP; 857 goto done; 858 } 859 860 skb_pull(skb, sizeof(code)); 861 862 /* 863 * The SMP context must be initialized for all other PDUs except 864 * pairing and security requests. If we get any other PDU when 865 * not initialized simply disconnect (done if this function 866 * returns an error). 867 */ 868 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ && 869 !conn->smp_chan) { 870 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code); 871 kfree_skb(skb); 872 return -ENOTSUPP; 873 } 874 875 switch (code) { 876 case SMP_CMD_PAIRING_REQ: 877 reason = smp_cmd_pairing_req(conn, skb); 878 break; 879 880 case SMP_CMD_PAIRING_FAIL: 881 smp_failure(conn, skb->data[0], 0); 882 reason = 0; 883 err = -EPERM; 884 break; 885 886 case SMP_CMD_PAIRING_RSP: 887 reason = smp_cmd_pairing_rsp(conn, skb); 888 break; 889 890 case SMP_CMD_SECURITY_REQ: 891 reason = smp_cmd_security_req(conn, skb); 892 break; 893 894 case SMP_CMD_PAIRING_CONFIRM: 895 reason = smp_cmd_pairing_confirm(conn, skb); 896 break; 897 898 case SMP_CMD_PAIRING_RANDOM: 899 reason = smp_cmd_pairing_random(conn, skb); 900 break; 901 902 case SMP_CMD_ENCRYPT_INFO: 903 reason = smp_cmd_encrypt_info(conn, skb); 904 break; 905 906 case SMP_CMD_MASTER_IDENT: 907 reason = smp_cmd_master_ident(conn, skb); 908 break; 909 910 case SMP_CMD_IDENT_INFO: 911 case SMP_CMD_IDENT_ADDR_INFO: 912 case SMP_CMD_SIGN_INFO: 913 /* Just ignored */ 914 reason = 0; 915 break; 916 917 default: 918 BT_DBG("Unknown command code 0x%2.2x", code); 919 920 reason = SMP_CMD_NOTSUPP; 921 err = -EOPNOTSUPP; 922 goto done; 923 } 924 925done: 926 if (reason) 927 smp_failure(conn, reason, 1); 928 929 kfree_skb(skb); 930 return err; 931} 932 933int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) 934{ 935 struct smp_cmd_pairing *req, *rsp; 936 struct smp_chan *smp = conn->smp_chan; 937 __u8 *keydist; 938 939 BT_DBG("conn %p force %d", conn, force); 940 941 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) 942 return 0; 943 944 rsp = (void *) &smp->prsp[1]; 945 946 /* The responder sends its keys first */ 947 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07)) 948 return 0; 949 950 req = (void *) &smp->preq[1]; 951 952 if (conn->hcon->out) { 953 keydist = &rsp->init_key_dist; 954 *keydist &= req->init_key_dist; 955 } else { 956 keydist = &rsp->resp_key_dist; 957 *keydist &= req->resp_key_dist; 958 } 959 960 961 BT_DBG("keydist 0x%x", *keydist); 962 963 if (*keydist & SMP_DIST_ENC_KEY) { 964 struct smp_cmd_encrypt_info enc; 965 struct smp_cmd_master_ident ident; 966 struct hci_conn *hcon = conn->hcon; 967 u8 authenticated; 968 __le16 ediv; 969 970 get_random_bytes(enc.ltk, sizeof(enc.ltk)); 971 get_random_bytes(&ediv, sizeof(ediv)); 972 get_random_bytes(ident.rand, sizeof(ident.rand)); 973 974 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 975 976 authenticated = hcon->sec_level == BT_SECURITY_HIGH; 977 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type, 978 HCI_SMP_LTK_SLAVE, 1, authenticated, 979 enc.ltk, smp->enc_key_size, ediv, ident.rand); 980 981 ident.ediv = ediv; 982 983 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); 984 985 *keydist &= ~SMP_DIST_ENC_KEY; 986 } 987 988 if (*keydist & SMP_DIST_ID_KEY) { 989 struct smp_cmd_ident_addr_info addrinfo; 990 struct smp_cmd_ident_info idinfo; 991 992 /* Send a dummy key */ 993 get_random_bytes(idinfo.irk, sizeof(idinfo.irk)); 994 995 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); 996 997 /* Just public address */ 998 memset(&addrinfo, 0, sizeof(addrinfo)); 999 bacpy(&addrinfo.bdaddr, conn->src); 1000 1001 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), 1002 &addrinfo); 1003 1004 *keydist &= ~SMP_DIST_ID_KEY; 1005 } 1006 1007 if (*keydist & SMP_DIST_SIGN) { 1008 struct smp_cmd_sign_info sign; 1009 1010 /* Send a dummy key */ 1011 get_random_bytes(sign.csrk, sizeof(sign.csrk)); 1012 1013 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign); 1014 1015 *keydist &= ~SMP_DIST_SIGN; 1016 } 1017 1018 if (conn->hcon->out || force) { 1019 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); 1020 cancel_delayed_work_sync(&conn->security_timer); 1021 smp_chan_destroy(conn); 1022 } 1023 1024 return 0; 1025} 1026