1/*
2   BlueZ - Bluetooth protocol stack for Linux
3   Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5   This program is free software; you can redistribute it and/or modify
6   it under the terms of the GNU General Public License version 2 as
7   published by the Free Software Foundation;
8
9   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20   SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
30#include <net/bluetooth/mgmt.h>
31#include <net/bluetooth/smp.h>
32
33#define SMP_TIMEOUT	msecs_to_jiffies(30000)
34
35#define AUTH_REQ_MASK   0x07
36
37static inline void swap128(u8 src[16], u8 dst[16])
38{
39	int i;
40	for (i = 0; i < 16; i++)
41		dst[15 - i] = src[i];
42}
43
44static inline void swap56(u8 src[7], u8 dst[7])
45{
46	int i;
47	for (i = 0; i < 7; i++)
48		dst[6 - i] = src[i];
49}
50
51static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
52{
53	struct blkcipher_desc desc;
54	struct scatterlist sg;
55	int err, iv_len;
56	unsigned char iv[128];
57
58	if (tfm == NULL) {
59		BT_ERR("tfm %p", tfm);
60		return -EINVAL;
61	}
62
63	desc.tfm = tfm;
64	desc.flags = 0;
65
66	err = crypto_blkcipher_setkey(tfm, k, 16);
67	if (err) {
68		BT_ERR("cipher setkey failed: %d", err);
69		return err;
70	}
71
72	sg_init_one(&sg, r, 16);
73
74	iv_len = crypto_blkcipher_ivsize(tfm);
75	if (iv_len) {
76		memset(&iv, 0xff, iv_len);
77		crypto_blkcipher_set_iv(tfm, iv, iv_len);
78	}
79
80	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
81	if (err)
82		BT_ERR("Encrypt data error %d", err);
83
84	return err;
85}
86
87static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
88		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
89		u8 _rat, bdaddr_t *ra, u8 res[16])
90{
91	u8 p1[16], p2[16];
92	int err;
93
94	memset(p1, 0, 16);
95
96	/* p1 = pres || preq || _rat || _iat */
97	swap56(pres, p1);
98	swap56(preq, p1 + 7);
99	p1[14] = _rat;
100	p1[15] = _iat;
101
102	memset(p2, 0, 16);
103
104	/* p2 = padding || ia || ra */
105	baswap((bdaddr_t *) (p2 + 4), ia);
106	baswap((bdaddr_t *) (p2 + 10), ra);
107
108	/* res = r XOR p1 */
109	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
110
111	/* res = e(k, res) */
112	err = smp_e(tfm, k, res);
113	if (err) {
114		BT_ERR("Encrypt data error");
115		return err;
116	}
117
118	/* res = res XOR p2 */
119	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
120
121	/* res = e(k, res) */
122	err = smp_e(tfm, k, res);
123	if (err)
124		BT_ERR("Encrypt data error");
125
126	return err;
127}
128
129static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
130			u8 r1[16], u8 r2[16], u8 _r[16])
131{
132	int err;
133
134	/* Just least significant octets from r1 and r2 are considered */
135	memcpy(_r, r1 + 8, 8);
136	memcpy(_r + 8, r2 + 8, 8);
137
138	err = smp_e(tfm, k, _r);
139	if (err)
140		BT_ERR("Encrypt data error");
141
142	return err;
143}
144
145static int smp_rand(u8 *buf)
146{
147	get_random_bytes(buf, 16);
148
149	return 0;
150}
151
152static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
153						u16 dlen, void *data)
154{
155	struct sk_buff *skb;
156	struct l2cap_hdr *lh;
157	int len;
158
159	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
160
161	if (len > conn->mtu)
162		return NULL;
163
164	skb = bt_skb_alloc(len, GFP_ATOMIC);
165	if (!skb)
166		return NULL;
167
168	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
169	lh->len = cpu_to_le16(sizeof(code) + dlen);
170	lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
171
172	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
173
174	memcpy(skb_put(skb, dlen), data, dlen);
175
176	return skb;
177}
178
179static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
180{
181	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
182
183	BT_DBG("code 0x%2.2x", code);
184
185	if (!skb)
186		return;
187
188	skb->priority = HCI_PRIO_MAX;
189	hci_send_acl(conn->hchan, skb, 0);
190
191	cancel_delayed_work_sync(&conn->security_timer);
192	schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
193}
194
195static __u8 authreq_to_seclevel(__u8 authreq)
196{
197	if (authreq & SMP_AUTH_MITM)
198		return BT_SECURITY_HIGH;
199	else
200		return BT_SECURITY_MEDIUM;
201}
202
203static __u8 seclevel_to_authreq(__u8 sec_level)
204{
205	switch (sec_level) {
206	case BT_SECURITY_HIGH:
207		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
208	case BT_SECURITY_MEDIUM:
209		return SMP_AUTH_BONDING;
210	default:
211		return SMP_AUTH_NONE;
212	}
213}
214
215static void build_pairing_cmd(struct l2cap_conn *conn,
216				struct smp_cmd_pairing *req,
217				struct smp_cmd_pairing *rsp,
218				__u8 authreq)
219{
220	u8 dist_keys = 0;
221
222	if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
223		dist_keys = SMP_DIST_ENC_KEY;
224		authreq |= SMP_AUTH_BONDING;
225	} else {
226		authreq &= ~SMP_AUTH_BONDING;
227	}
228
229	if (rsp == NULL) {
230		req->io_capability = conn->hcon->io_capability;
231		req->oob_flag = SMP_OOB_NOT_PRESENT;
232		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
233		req->init_key_dist = 0;
234		req->resp_key_dist = dist_keys;
235		req->auth_req = (authreq & AUTH_REQ_MASK);
236		return;
237	}
238
239	rsp->io_capability = conn->hcon->io_capability;
240	rsp->oob_flag = SMP_OOB_NOT_PRESENT;
241	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
242	rsp->init_key_dist = 0;
243	rsp->resp_key_dist = req->resp_key_dist & dist_keys;
244	rsp->auth_req = (authreq & AUTH_REQ_MASK);
245}
246
247static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
248{
249	struct smp_chan *smp = conn->smp_chan;
250
251	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
252			(max_key_size < SMP_MIN_ENC_KEY_SIZE))
253		return SMP_ENC_KEY_SIZE;
254
255	smp->enc_key_size = max_key_size;
256
257	return 0;
258}
259
260static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
261{
262	struct hci_conn *hcon = conn->hcon;
263
264	if (send)
265		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
266								&reason);
267
268	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
269	mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
270			 hcon->dst_type, HCI_ERROR_AUTH_FAILURE);
271
272	cancel_delayed_work_sync(&conn->security_timer);
273
274	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
275		smp_chan_destroy(conn);
276}
277
278#define JUST_WORKS	0x00
279#define JUST_CFM	0x01
280#define REQ_PASSKEY	0x02
281#define CFM_PASSKEY	0x03
282#define REQ_OOB		0x04
283#define OVERLAP		0xFF
284
285static const u8 gen_method[5][5] = {
286	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
287	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
288	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
289	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
290	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
291};
292
293static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
294						u8 local_io, u8 remote_io)
295{
296	struct hci_conn *hcon = conn->hcon;
297	struct smp_chan *smp = conn->smp_chan;
298	u8 method;
299	u32 passkey = 0;
300	int ret = 0;
301
302	/* Initialize key for JUST WORKS */
303	memset(smp->tk, 0, sizeof(smp->tk));
304	clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
305
306	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
307
308	/* If neither side wants MITM, use JUST WORKS */
309	/* If either side has unknown io_caps, use JUST WORKS */
310	/* Otherwise, look up method from the table */
311	if (!(auth & SMP_AUTH_MITM) ||
312			local_io > SMP_IO_KEYBOARD_DISPLAY ||
313			remote_io > SMP_IO_KEYBOARD_DISPLAY)
314		method = JUST_WORKS;
315	else
316		method = gen_method[remote_io][local_io];
317
318	/* If not bonding, don't ask user to confirm a Zero TK */
319	if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
320		method = JUST_WORKS;
321
322	/* If Just Works, Continue with Zero TK */
323	if (method == JUST_WORKS) {
324		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
325		return 0;
326	}
327
328	/* Not Just Works/Confirm results in MITM Authentication */
329	if (method != JUST_CFM)
330		set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
331
332	/* If both devices have Keyoard-Display I/O, the master
333	 * Confirms and the slave Enters the passkey.
334	 */
335	if (method == OVERLAP) {
336		if (hcon->link_mode & HCI_LM_MASTER)
337			method = CFM_PASSKEY;
338		else
339			method = REQ_PASSKEY;
340	}
341
342	/* Generate random passkey. Not valid until confirmed. */
343	if (method == CFM_PASSKEY) {
344		u8 key[16];
345
346		memset(key, 0, sizeof(key));
347		get_random_bytes(&passkey, sizeof(passkey));
348		passkey %= 1000000;
349		put_unaligned_le32(passkey, key);
350		swap128(key, smp->tk);
351		BT_DBG("PassKey: %d", passkey);
352	}
353
354	hci_dev_lock(hcon->hdev);
355
356	if (method == REQ_PASSKEY)
357		ret = mgmt_user_passkey_request(hcon->hdev, conn->dst,
358						hcon->type, hcon->dst_type);
359	else
360		ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
361						hcon->type, hcon->dst_type,
362						cpu_to_le32(passkey), 0);
363
364	hci_dev_unlock(hcon->hdev);
365
366	return ret;
367}
368
369static void confirm_work(struct work_struct *work)
370{
371	struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
372	struct l2cap_conn *conn = smp->conn;
373	struct crypto_blkcipher *tfm;
374	struct smp_cmd_pairing_confirm cp;
375	int ret;
376	u8 res[16], reason;
377
378	BT_DBG("conn %p", conn);
379
380	tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
381	if (IS_ERR(tfm)) {
382		reason = SMP_UNSPECIFIED;
383		goto error;
384	}
385
386	smp->tfm = tfm;
387
388	if (conn->hcon->out)
389		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
390			     conn->src, conn->hcon->dst_type, conn->dst, res);
391	else
392		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
393			     conn->hcon->dst_type, conn->dst, 0, conn->src,
394			     res);
395	if (ret) {
396		reason = SMP_UNSPECIFIED;
397		goto error;
398	}
399
400	clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
401
402	swap128(res, cp.confirm_val);
403	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
404
405	return;
406
407error:
408	smp_failure(conn, reason, 1);
409}
410
411static void random_work(struct work_struct *work)
412{
413	struct smp_chan *smp = container_of(work, struct smp_chan, random);
414	struct l2cap_conn *conn = smp->conn;
415	struct hci_conn *hcon = conn->hcon;
416	struct crypto_blkcipher *tfm = smp->tfm;
417	u8 reason, confirm[16], res[16], key[16];
418	int ret;
419
420	if (IS_ERR_OR_NULL(tfm)) {
421		reason = SMP_UNSPECIFIED;
422		goto error;
423	}
424
425	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
426
427	if (hcon->out)
428		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
429			     conn->src, hcon->dst_type, conn->dst, res);
430	else
431		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
432			     hcon->dst_type, conn->dst, 0, conn->src, res);
433	if (ret) {
434		reason = SMP_UNSPECIFIED;
435		goto error;
436	}
437
438	swap128(res, confirm);
439
440	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
441		BT_ERR("Pairing failed (confirmation values mismatch)");
442		reason = SMP_CONFIRM_FAILED;
443		goto error;
444	}
445
446	if (hcon->out) {
447		u8 stk[16], rand[8];
448		__le16 ediv;
449
450		memset(rand, 0, sizeof(rand));
451		ediv = 0;
452
453		smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
454		swap128(key, stk);
455
456		memset(stk + smp->enc_key_size, 0,
457		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
458
459		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
460			reason = SMP_UNSPECIFIED;
461			goto error;
462		}
463
464		hci_le_start_enc(hcon, ediv, rand, stk);
465		hcon->enc_key_size = smp->enc_key_size;
466	} else {
467		u8 stk[16], r[16], rand[8];
468		__le16 ediv;
469
470		memset(rand, 0, sizeof(rand));
471		ediv = 0;
472
473		swap128(smp->prnd, r);
474		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
475
476		smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
477		swap128(key, stk);
478
479		memset(stk + smp->enc_key_size, 0,
480				SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
481
482		hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type,
483			    HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
484			    ediv, rand);
485	}
486
487	return;
488
489error:
490	smp_failure(conn, reason, 1);
491}
492
493static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
494{
495	struct smp_chan *smp;
496
497	smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
498	if (!smp)
499		return NULL;
500
501	INIT_WORK(&smp->confirm, confirm_work);
502	INIT_WORK(&smp->random, random_work);
503
504	smp->conn = conn;
505	conn->smp_chan = smp;
506	conn->hcon->smp_conn = conn;
507
508	hci_conn_hold(conn->hcon);
509
510	return smp;
511}
512
513void smp_chan_destroy(struct l2cap_conn *conn)
514{
515	struct smp_chan *smp = conn->smp_chan;
516
517	BUG_ON(!smp);
518
519	if (smp->tfm)
520		crypto_free_blkcipher(smp->tfm);
521
522	kfree(smp);
523	conn->smp_chan = NULL;
524	conn->hcon->smp_conn = NULL;
525	hci_conn_drop(conn->hcon);
526}
527
528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
529{
530	struct l2cap_conn *conn = hcon->smp_conn;
531	struct smp_chan *smp;
532	u32 value;
533	u8 key[16];
534
535	BT_DBG("");
536
537	if (!conn)
538		return -ENOTCONN;
539
540	smp = conn->smp_chan;
541
542	switch (mgmt_op) {
543	case MGMT_OP_USER_PASSKEY_REPLY:
544		value = le32_to_cpu(passkey);
545		memset(key, 0, sizeof(key));
546		BT_DBG("PassKey: %d", value);
547		put_unaligned_le32(value, key);
548		swap128(key, smp->tk);
549		/* Fall Through */
550	case MGMT_OP_USER_CONFIRM_REPLY:
551		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
552		break;
553	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
554	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
555		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
556		return 0;
557	default:
558		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
559		return -EOPNOTSUPP;
560	}
561
562	/* If it is our turn to send Pairing Confirm, do so now */
563	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
564		queue_work(hcon->hdev->workqueue, &smp->confirm);
565
566	return 0;
567}
568
569static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
570{
571	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
572	struct smp_chan *smp;
573	u8 key_size;
574	u8 auth = SMP_AUTH_NONE;
575	int ret;
576
577	BT_DBG("conn %p", conn);
578
579	if (conn->hcon->link_mode & HCI_LM_MASTER)
580		return SMP_CMD_NOTSUPP;
581
582	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
583		smp = smp_chan_create(conn);
584	else
585		smp = conn->smp_chan;
586
587	if (!smp)
588		return SMP_UNSPECIFIED;
589
590	smp->preq[0] = SMP_CMD_PAIRING_REQ;
591	memcpy(&smp->preq[1], req, sizeof(*req));
592	skb_pull(skb, sizeof(*req));
593
594	/* We didn't start the pairing, so match remote */
595	if (req->auth_req & SMP_AUTH_BONDING)
596		auth = req->auth_req;
597
598	conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
599
600	build_pairing_cmd(conn, req, &rsp, auth);
601
602	key_size = min(req->max_key_size, rsp.max_key_size);
603	if (check_enc_key_size(conn, key_size))
604		return SMP_ENC_KEY_SIZE;
605
606	ret = smp_rand(smp->prnd);
607	if (ret)
608		return SMP_UNSPECIFIED;
609
610	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
611	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
612
613	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
614
615	/* Request setup of TK */
616	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
617	if (ret)
618		return SMP_UNSPECIFIED;
619
620	return 0;
621}
622
623static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
624{
625	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
626	struct smp_chan *smp = conn->smp_chan;
627	struct hci_dev *hdev = conn->hcon->hdev;
628	u8 key_size, auth = SMP_AUTH_NONE;
629	int ret;
630
631	BT_DBG("conn %p", conn);
632
633	if (!(conn->hcon->link_mode & HCI_LM_MASTER))
634		return SMP_CMD_NOTSUPP;
635
636	skb_pull(skb, sizeof(*rsp));
637
638	req = (void *) &smp->preq[1];
639
640	key_size = min(req->max_key_size, rsp->max_key_size);
641	if (check_enc_key_size(conn, key_size))
642		return SMP_ENC_KEY_SIZE;
643
644	ret = smp_rand(smp->prnd);
645	if (ret)
646		return SMP_UNSPECIFIED;
647
648	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
649	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
650
651	if ((req->auth_req & SMP_AUTH_BONDING) &&
652			(rsp->auth_req & SMP_AUTH_BONDING))
653		auth = SMP_AUTH_BONDING;
654
655	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
656
657	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
658	if (ret)
659		return SMP_UNSPECIFIED;
660
661	set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
662
663	/* Can't compose response until we have been confirmed */
664	if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
665		return 0;
666
667	queue_work(hdev->workqueue, &smp->confirm);
668
669	return 0;
670}
671
672static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
673{
674	struct smp_chan *smp = conn->smp_chan;
675	struct hci_dev *hdev = conn->hcon->hdev;
676
677	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
678
679	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
680	skb_pull(skb, sizeof(smp->pcnf));
681
682	if (conn->hcon->out) {
683		u8 random[16];
684
685		swap128(smp->prnd, random);
686		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
687								random);
688	} else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
689		queue_work(hdev->workqueue, &smp->confirm);
690	} else {
691		set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
692	}
693
694	return 0;
695}
696
697static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
698{
699	struct smp_chan *smp = conn->smp_chan;
700	struct hci_dev *hdev = conn->hcon->hdev;
701
702	BT_DBG("conn %p", conn);
703
704	swap128(skb->data, smp->rrnd);
705	skb_pull(skb, sizeof(smp->rrnd));
706
707	queue_work(hdev->workqueue, &smp->random);
708
709	return 0;
710}
711
712static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
713{
714	struct smp_ltk *key;
715	struct hci_conn *hcon = conn->hcon;
716
717	key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type);
718	if (!key)
719		return 0;
720
721	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
722		return 0;
723
724	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
725		return 1;
726
727	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
728	hcon->enc_key_size = key->enc_size;
729
730	return 1;
731
732}
733static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
734{
735	struct smp_cmd_security_req *rp = (void *) skb->data;
736	struct smp_cmd_pairing cp;
737	struct hci_conn *hcon = conn->hcon;
738	struct smp_chan *smp;
739
740	BT_DBG("conn %p", conn);
741
742	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
743
744	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
745		return 0;
746
747	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
748		return 0;
749
750	smp = smp_chan_create(conn);
751
752	skb_pull(skb, sizeof(*rp));
753
754	memset(&cp, 0, sizeof(cp));
755	build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
756
757	smp->preq[0] = SMP_CMD_PAIRING_REQ;
758	memcpy(&smp->preq[1], &cp, sizeof(cp));
759
760	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
761
762	return 0;
763}
764
765int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
766{
767	struct l2cap_conn *conn = hcon->l2cap_data;
768	struct smp_chan *smp = conn->smp_chan;
769	__u8 authreq;
770
771	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
772
773	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
774		return 1;
775
776	if (sec_level == BT_SECURITY_LOW)
777		return 1;
778
779	if (hcon->sec_level >= sec_level)
780		return 1;
781
782	if (hcon->link_mode & HCI_LM_MASTER)
783		if (smp_ltk_encrypt(conn, sec_level))
784			goto done;
785
786	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
787		return 0;
788
789	smp = smp_chan_create(conn);
790	if (!smp)
791		return 1;
792
793	authreq = seclevel_to_authreq(sec_level);
794
795	if (hcon->link_mode & HCI_LM_MASTER) {
796		struct smp_cmd_pairing cp;
797
798		build_pairing_cmd(conn, &cp, NULL, authreq);
799		smp->preq[0] = SMP_CMD_PAIRING_REQ;
800		memcpy(&smp->preq[1], &cp, sizeof(cp));
801
802		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
803	} else {
804		struct smp_cmd_security_req cp;
805		cp.auth_req = authreq;
806		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
807	}
808
809done:
810	hcon->pending_sec_level = sec_level;
811
812	return 0;
813}
814
815static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
816{
817	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
818	struct smp_chan *smp = conn->smp_chan;
819
820	skb_pull(skb, sizeof(*rp));
821
822	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
823
824	return 0;
825}
826
827static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
828{
829	struct smp_cmd_master_ident *rp = (void *) skb->data;
830	struct smp_chan *smp = conn->smp_chan;
831	struct hci_dev *hdev = conn->hcon->hdev;
832	struct hci_conn *hcon = conn->hcon;
833	u8 authenticated;
834
835	skb_pull(skb, sizeof(*rp));
836
837	hci_dev_lock(hdev);
838	authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH);
839	hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
840		    HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size,
841		    rp->ediv, rp->rand);
842	smp_distribute_keys(conn, 1);
843	hci_dev_unlock(hdev);
844
845	return 0;
846}
847
848int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
849{
850	__u8 code = skb->data[0];
851	__u8 reason;
852	int err = 0;
853
854	if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
855		err = -ENOTSUPP;
856		reason = SMP_PAIRING_NOTSUPP;
857		goto done;
858	}
859
860	skb_pull(skb, sizeof(code));
861
862	/*
863	 * The SMP context must be initialized for all other PDUs except
864	 * pairing and security requests. If we get any other PDU when
865	 * not initialized simply disconnect (done if this function
866	 * returns an error).
867	 */
868	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
869	    !conn->smp_chan) {
870		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
871		kfree_skb(skb);
872		return -ENOTSUPP;
873	}
874
875	switch (code) {
876	case SMP_CMD_PAIRING_REQ:
877		reason = smp_cmd_pairing_req(conn, skb);
878		break;
879
880	case SMP_CMD_PAIRING_FAIL:
881		smp_failure(conn, skb->data[0], 0);
882		reason = 0;
883		err = -EPERM;
884		break;
885
886	case SMP_CMD_PAIRING_RSP:
887		reason = smp_cmd_pairing_rsp(conn, skb);
888		break;
889
890	case SMP_CMD_SECURITY_REQ:
891		reason = smp_cmd_security_req(conn, skb);
892		break;
893
894	case SMP_CMD_PAIRING_CONFIRM:
895		reason = smp_cmd_pairing_confirm(conn, skb);
896		break;
897
898	case SMP_CMD_PAIRING_RANDOM:
899		reason = smp_cmd_pairing_random(conn, skb);
900		break;
901
902	case SMP_CMD_ENCRYPT_INFO:
903		reason = smp_cmd_encrypt_info(conn, skb);
904		break;
905
906	case SMP_CMD_MASTER_IDENT:
907		reason = smp_cmd_master_ident(conn, skb);
908		break;
909
910	case SMP_CMD_IDENT_INFO:
911	case SMP_CMD_IDENT_ADDR_INFO:
912	case SMP_CMD_SIGN_INFO:
913		/* Just ignored */
914		reason = 0;
915		break;
916
917	default:
918		BT_DBG("Unknown command code 0x%2.2x", code);
919
920		reason = SMP_CMD_NOTSUPP;
921		err = -EOPNOTSUPP;
922		goto done;
923	}
924
925done:
926	if (reason)
927		smp_failure(conn, reason, 1);
928
929	kfree_skb(skb);
930	return err;
931}
932
933int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
934{
935	struct smp_cmd_pairing *req, *rsp;
936	struct smp_chan *smp = conn->smp_chan;
937	__u8 *keydist;
938
939	BT_DBG("conn %p force %d", conn, force);
940
941	if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
942		return 0;
943
944	rsp = (void *) &smp->prsp[1];
945
946	/* The responder sends its keys first */
947	if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
948		return 0;
949
950	req = (void *) &smp->preq[1];
951
952	if (conn->hcon->out) {
953		keydist = &rsp->init_key_dist;
954		*keydist &= req->init_key_dist;
955	} else {
956		keydist = &rsp->resp_key_dist;
957		*keydist &= req->resp_key_dist;
958	}
959
960
961	BT_DBG("keydist 0x%x", *keydist);
962
963	if (*keydist & SMP_DIST_ENC_KEY) {
964		struct smp_cmd_encrypt_info enc;
965		struct smp_cmd_master_ident ident;
966		struct hci_conn *hcon = conn->hcon;
967		u8 authenticated;
968		__le16 ediv;
969
970		get_random_bytes(enc.ltk, sizeof(enc.ltk));
971		get_random_bytes(&ediv, sizeof(ediv));
972		get_random_bytes(ident.rand, sizeof(ident.rand));
973
974		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
975
976		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
977		hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
978			    HCI_SMP_LTK_SLAVE, 1, authenticated,
979			    enc.ltk, smp->enc_key_size, ediv, ident.rand);
980
981		ident.ediv = ediv;
982
983		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
984
985		*keydist &= ~SMP_DIST_ENC_KEY;
986	}
987
988	if (*keydist & SMP_DIST_ID_KEY) {
989		struct smp_cmd_ident_addr_info addrinfo;
990		struct smp_cmd_ident_info idinfo;
991
992		/* Send a dummy key */
993		get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
994
995		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
996
997		/* Just public address */
998		memset(&addrinfo, 0, sizeof(addrinfo));
999		bacpy(&addrinfo.bdaddr, conn->src);
1000
1001		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1002								&addrinfo);
1003
1004		*keydist &= ~SMP_DIST_ID_KEY;
1005	}
1006
1007	if (*keydist & SMP_DIST_SIGN) {
1008		struct smp_cmd_sign_info sign;
1009
1010		/* Send a dummy key */
1011		get_random_bytes(sign.csrk, sizeof(sign.csrk));
1012
1013		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1014
1015		*keydist &= ~SMP_DIST_SIGN;
1016	}
1017
1018	if (conn->hcon->out || force) {
1019		clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1020		cancel_delayed_work_sync(&conn->security_timer);
1021		smp_chan_destroy(conn);
1022	}
1023
1024	return 0;
1025}
1026