• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26 
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31 #include <net/bluetooth/smp.h>
32 
33 #define SMP_TIMEOUT	msecs_to_jiffies(30000)
34 
35 #define AUTH_REQ_MASK   0x07
36 
swap128(u8 src[16],u8 dst[16])37 static inline void swap128(u8 src[16], u8 dst[16])
38 {
39 	int i;
40 	for (i = 0; i < 16; i++)
41 		dst[15 - i] = src[i];
42 }
43 
swap56(u8 src[7],u8 dst[7])44 static inline void swap56(u8 src[7], u8 dst[7])
45 {
46 	int i;
47 	for (i = 0; i < 7; i++)
48 		dst[6 - i] = src[i];
49 }
50 
smp_e(struct crypto_blkcipher * tfm,const u8 * k,u8 * r)51 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
52 {
53 	struct blkcipher_desc desc;
54 	struct scatterlist sg;
55 	int err, iv_len;
56 	unsigned char iv[128];
57 
58 	if (tfm == NULL) {
59 		BT_ERR("tfm %p", tfm);
60 		return -EINVAL;
61 	}
62 
63 	desc.tfm = tfm;
64 	desc.flags = 0;
65 
66 	err = crypto_blkcipher_setkey(tfm, k, 16);
67 	if (err) {
68 		BT_ERR("cipher setkey failed: %d", err);
69 		return err;
70 	}
71 
72 	sg_init_one(&sg, r, 16);
73 
74 	iv_len = crypto_blkcipher_ivsize(tfm);
75 	if (iv_len) {
76 		memset(&iv, 0xff, iv_len);
77 		crypto_blkcipher_set_iv(tfm, iv, iv_len);
78 	}
79 
80 	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
81 	if (err)
82 		BT_ERR("Encrypt data error %d", err);
83 
84 	return err;
85 }
86 
smp_c1(struct crypto_blkcipher * tfm,u8 k[16],u8 r[16],u8 preq[7],u8 pres[7],u8 _iat,bdaddr_t * ia,u8 _rat,bdaddr_t * ra,u8 res[16])87 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
88 		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
89 		u8 _rat, bdaddr_t *ra, u8 res[16])
90 {
91 	u8 p1[16], p2[16];
92 	int err;
93 
94 	memset(p1, 0, 16);
95 
96 	/* p1 = pres || preq || _rat || _iat */
97 	swap56(pres, p1);
98 	swap56(preq, p1 + 7);
99 	p1[14] = _rat;
100 	p1[15] = _iat;
101 
102 	memset(p2, 0, 16);
103 
104 	/* p2 = padding || ia || ra */
105 	baswap((bdaddr_t *) (p2 + 4), ia);
106 	baswap((bdaddr_t *) (p2 + 10), ra);
107 
108 	/* res = r XOR p1 */
109 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
110 
111 	/* res = e(k, res) */
112 	err = smp_e(tfm, k, res);
113 	if (err) {
114 		BT_ERR("Encrypt data error");
115 		return err;
116 	}
117 
118 	/* res = res XOR p2 */
119 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
120 
121 	/* res = e(k, res) */
122 	err = smp_e(tfm, k, res);
123 	if (err)
124 		BT_ERR("Encrypt data error");
125 
126 	return err;
127 }
128 
smp_s1(struct crypto_blkcipher * tfm,u8 k[16],u8 r1[16],u8 r2[16],u8 _r[16])129 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
130 			u8 r1[16], u8 r2[16], u8 _r[16])
131 {
132 	int err;
133 
134 	/* Just least significant octets from r1 and r2 are considered */
135 	memcpy(_r, r1 + 8, 8);
136 	memcpy(_r + 8, r2 + 8, 8);
137 
138 	err = smp_e(tfm, k, _r);
139 	if (err)
140 		BT_ERR("Encrypt data error");
141 
142 	return err;
143 }
144 
smp_rand(u8 * buf)145 static int smp_rand(u8 *buf)
146 {
147 	get_random_bytes(buf, 16);
148 
149 	return 0;
150 }
151 
smp_build_cmd(struct l2cap_conn * conn,u8 code,u16 dlen,void * data)152 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
153 						u16 dlen, void *data)
154 {
155 	struct sk_buff *skb;
156 	struct l2cap_hdr *lh;
157 	int len;
158 
159 	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
160 
161 	if (len > conn->mtu)
162 		return NULL;
163 
164 	skb = bt_skb_alloc(len, GFP_ATOMIC);
165 	if (!skb)
166 		return NULL;
167 
168 	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
169 	lh->len = cpu_to_le16(sizeof(code) + dlen);
170 	lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
171 
172 	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
173 
174 	memcpy(skb_put(skb, dlen), data, dlen);
175 
176 	return skb;
177 }
178 
smp_send_cmd(struct l2cap_conn * conn,u8 code,u16 len,void * data)179 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
180 {
181 	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
182 
183 	BT_DBG("code 0x%2.2x", code);
184 
185 	if (!skb)
186 		return;
187 
188 	skb->priority = HCI_PRIO_MAX;
189 	hci_send_acl(conn->hchan, skb, 0);
190 
191 	cancel_delayed_work_sync(&conn->security_timer);
192 	schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
193 }
194 
authreq_to_seclevel(__u8 authreq)195 static __u8 authreq_to_seclevel(__u8 authreq)
196 {
197 	if (authreq & SMP_AUTH_MITM)
198 		return BT_SECURITY_HIGH;
199 	else
200 		return BT_SECURITY_MEDIUM;
201 }
202 
seclevel_to_authreq(__u8 sec_level)203 static __u8 seclevel_to_authreq(__u8 sec_level)
204 {
205 	switch (sec_level) {
206 	case BT_SECURITY_HIGH:
207 		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
208 	case BT_SECURITY_MEDIUM:
209 		return SMP_AUTH_BONDING;
210 	default:
211 		return SMP_AUTH_NONE;
212 	}
213 }
214 
build_pairing_cmd(struct l2cap_conn * conn,struct smp_cmd_pairing * req,struct smp_cmd_pairing * rsp,__u8 authreq)215 static void build_pairing_cmd(struct l2cap_conn *conn,
216 				struct smp_cmd_pairing *req,
217 				struct smp_cmd_pairing *rsp,
218 				__u8 authreq)
219 {
220 	u8 dist_keys = 0;
221 
222 	if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
223 		dist_keys = SMP_DIST_ENC_KEY;
224 		authreq |= SMP_AUTH_BONDING;
225 	} else {
226 		authreq &= ~SMP_AUTH_BONDING;
227 	}
228 
229 	if (rsp == NULL) {
230 		req->io_capability = conn->hcon->io_capability;
231 		req->oob_flag = SMP_OOB_NOT_PRESENT;
232 		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
233 		req->init_key_dist = 0;
234 		req->resp_key_dist = dist_keys;
235 		req->auth_req = (authreq & AUTH_REQ_MASK);
236 		return;
237 	}
238 
239 	rsp->io_capability = conn->hcon->io_capability;
240 	rsp->oob_flag = SMP_OOB_NOT_PRESENT;
241 	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
242 	rsp->init_key_dist = 0;
243 	rsp->resp_key_dist = req->resp_key_dist & dist_keys;
244 	rsp->auth_req = (authreq & AUTH_REQ_MASK);
245 }
246 
check_enc_key_size(struct l2cap_conn * conn,__u8 max_key_size)247 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
248 {
249 	struct smp_chan *smp = conn->smp_chan;
250 
251 	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
252 			(max_key_size < SMP_MIN_ENC_KEY_SIZE))
253 		return SMP_ENC_KEY_SIZE;
254 
255 	smp->enc_key_size = max_key_size;
256 
257 	return 0;
258 }
259 
smp_failure(struct l2cap_conn * conn,u8 reason,u8 send)260 static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
261 {
262 	struct hci_conn *hcon = conn->hcon;
263 
264 	if (send)
265 		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
266 								&reason);
267 
268 	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
269 	mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
270 			 hcon->dst_type, HCI_ERROR_AUTH_FAILURE);
271 
272 	cancel_delayed_work_sync(&conn->security_timer);
273 
274 	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
275 		smp_chan_destroy(conn);
276 }
277 
278 #define JUST_WORKS	0x00
279 #define JUST_CFM	0x01
280 #define REQ_PASSKEY	0x02
281 #define CFM_PASSKEY	0x03
282 #define REQ_OOB		0x04
283 #define OVERLAP		0xFF
284 
285 static const u8 gen_method[5][5] = {
286 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
287 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
288 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
289 	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
290 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
291 };
292 
tk_request(struct l2cap_conn * conn,u8 remote_oob,u8 auth,u8 local_io,u8 remote_io)293 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
294 						u8 local_io, u8 remote_io)
295 {
296 	struct hci_conn *hcon = conn->hcon;
297 	struct smp_chan *smp = conn->smp_chan;
298 	u8 method;
299 	u32 passkey = 0;
300 	int ret = 0;
301 
302 	/* Initialize key for JUST WORKS */
303 	memset(smp->tk, 0, sizeof(smp->tk));
304 	clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
305 
306 	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
307 
308 	/* If neither side wants MITM, use JUST WORKS */
309 	/* If either side has unknown io_caps, use JUST WORKS */
310 	/* Otherwise, look up method from the table */
311 	if (!(auth & SMP_AUTH_MITM) ||
312 			local_io > SMP_IO_KEYBOARD_DISPLAY ||
313 			remote_io > SMP_IO_KEYBOARD_DISPLAY)
314 		method = JUST_WORKS;
315 	else
316 		method = gen_method[remote_io][local_io];
317 
318 	/* If not bonding, don't ask user to confirm a Zero TK */
319 	if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
320 		method = JUST_WORKS;
321 
322 	/* If Just Works, Continue with Zero TK */
323 	if (method == JUST_WORKS) {
324 		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
325 		return 0;
326 	}
327 
328 	/* Not Just Works/Confirm results in MITM Authentication */
329 	if (method != JUST_CFM)
330 		set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
331 
332 	/* If both devices have Keyoard-Display I/O, the master
333 	 * Confirms and the slave Enters the passkey.
334 	 */
335 	if (method == OVERLAP) {
336 		if (hcon->link_mode & HCI_LM_MASTER)
337 			method = CFM_PASSKEY;
338 		else
339 			method = REQ_PASSKEY;
340 	}
341 
342 	/* Generate random passkey. Not valid until confirmed. */
343 	if (method == CFM_PASSKEY) {
344 		u8 key[16];
345 
346 		memset(key, 0, sizeof(key));
347 		get_random_bytes(&passkey, sizeof(passkey));
348 		passkey %= 1000000;
349 		put_unaligned_le32(passkey, key);
350 		swap128(key, smp->tk);
351 		BT_DBG("PassKey: %d", passkey);
352 	}
353 
354 	hci_dev_lock(hcon->hdev);
355 
356 	if (method == REQ_PASSKEY)
357 		ret = mgmt_user_passkey_request(hcon->hdev, conn->dst,
358 						hcon->type, hcon->dst_type);
359 	else
360 		ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
361 						hcon->type, hcon->dst_type,
362 						cpu_to_le32(passkey), 0);
363 
364 	hci_dev_unlock(hcon->hdev);
365 
366 	return ret;
367 }
368 
confirm_work(struct work_struct * work)369 static void confirm_work(struct work_struct *work)
370 {
371 	struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
372 	struct l2cap_conn *conn = smp->conn;
373 	struct crypto_blkcipher *tfm;
374 	struct smp_cmd_pairing_confirm cp;
375 	int ret;
376 	u8 res[16], reason;
377 
378 	BT_DBG("conn %p", conn);
379 
380 	tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
381 	if (IS_ERR(tfm)) {
382 		reason = SMP_UNSPECIFIED;
383 		goto error;
384 	}
385 
386 	smp->tfm = tfm;
387 
388 	if (conn->hcon->out)
389 		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
390 			     conn->src, conn->hcon->dst_type, conn->dst, res);
391 	else
392 		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
393 			     conn->hcon->dst_type, conn->dst, 0, conn->src,
394 			     res);
395 	if (ret) {
396 		reason = SMP_UNSPECIFIED;
397 		goto error;
398 	}
399 
400 	clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
401 
402 	swap128(res, cp.confirm_val);
403 	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
404 
405 	return;
406 
407 error:
408 	smp_failure(conn, reason, 1);
409 }
410 
random_work(struct work_struct * work)411 static void random_work(struct work_struct *work)
412 {
413 	struct smp_chan *smp = container_of(work, struct smp_chan, random);
414 	struct l2cap_conn *conn = smp->conn;
415 	struct hci_conn *hcon = conn->hcon;
416 	struct crypto_blkcipher *tfm = smp->tfm;
417 	u8 reason, confirm[16], res[16], key[16];
418 	int ret;
419 
420 	if (IS_ERR_OR_NULL(tfm)) {
421 		reason = SMP_UNSPECIFIED;
422 		goto error;
423 	}
424 
425 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
426 
427 	if (hcon->out)
428 		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
429 			     conn->src, hcon->dst_type, conn->dst, res);
430 	else
431 		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
432 			     hcon->dst_type, conn->dst, 0, conn->src, res);
433 	if (ret) {
434 		reason = SMP_UNSPECIFIED;
435 		goto error;
436 	}
437 
438 	swap128(res, confirm);
439 
440 	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
441 		BT_ERR("Pairing failed (confirmation values mismatch)");
442 		reason = SMP_CONFIRM_FAILED;
443 		goto error;
444 	}
445 
446 	if (hcon->out) {
447 		u8 stk[16], rand[8];
448 		__le16 ediv;
449 
450 		memset(rand, 0, sizeof(rand));
451 		ediv = 0;
452 
453 		smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
454 		swap128(key, stk);
455 
456 		memset(stk + smp->enc_key_size, 0,
457 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
458 
459 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
460 			reason = SMP_UNSPECIFIED;
461 			goto error;
462 		}
463 
464 		hci_le_start_enc(hcon, ediv, rand, stk);
465 		hcon->enc_key_size = smp->enc_key_size;
466 	} else {
467 		u8 stk[16], r[16], rand[8];
468 		__le16 ediv;
469 
470 		memset(rand, 0, sizeof(rand));
471 		ediv = 0;
472 
473 		swap128(smp->prnd, r);
474 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
475 
476 		smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
477 		swap128(key, stk);
478 
479 		memset(stk + smp->enc_key_size, 0,
480 				SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
481 
482 		hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type,
483 			    HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
484 			    ediv, rand);
485 	}
486 
487 	return;
488 
489 error:
490 	smp_failure(conn, reason, 1);
491 }
492 
smp_chan_create(struct l2cap_conn * conn)493 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
494 {
495 	struct smp_chan *smp;
496 
497 	smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
498 	if (!smp)
499 		return NULL;
500 
501 	INIT_WORK(&smp->confirm, confirm_work);
502 	INIT_WORK(&smp->random, random_work);
503 
504 	smp->conn = conn;
505 	conn->smp_chan = smp;
506 	conn->hcon->smp_conn = conn;
507 
508 	hci_conn_hold(conn->hcon);
509 
510 	return smp;
511 }
512 
smp_chan_destroy(struct l2cap_conn * conn)513 void smp_chan_destroy(struct l2cap_conn *conn)
514 {
515 	struct smp_chan *smp = conn->smp_chan;
516 
517 	BUG_ON(!smp);
518 
519 	if (smp->tfm)
520 		crypto_free_blkcipher(smp->tfm);
521 
522 	kfree(smp);
523 	conn->smp_chan = NULL;
524 	conn->hcon->smp_conn = NULL;
525 	hci_conn_drop(conn->hcon);
526 }
527 
smp_user_confirm_reply(struct hci_conn * hcon,u16 mgmt_op,__le32 passkey)528 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
529 {
530 	struct l2cap_conn *conn = hcon->smp_conn;
531 	struct smp_chan *smp;
532 	u32 value;
533 	u8 key[16];
534 
535 	BT_DBG("");
536 
537 	if (!conn)
538 		return -ENOTCONN;
539 
540 	smp = conn->smp_chan;
541 
542 	switch (mgmt_op) {
543 	case MGMT_OP_USER_PASSKEY_REPLY:
544 		value = le32_to_cpu(passkey);
545 		memset(key, 0, sizeof(key));
546 		BT_DBG("PassKey: %d", value);
547 		put_unaligned_le32(value, key);
548 		swap128(key, smp->tk);
549 		/* Fall Through */
550 	case MGMT_OP_USER_CONFIRM_REPLY:
551 		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
552 		break;
553 	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
554 	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
555 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
556 		return 0;
557 	default:
558 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
559 		return -EOPNOTSUPP;
560 	}
561 
562 	/* If it is our turn to send Pairing Confirm, do so now */
563 	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
564 		queue_work(hcon->hdev->workqueue, &smp->confirm);
565 
566 	return 0;
567 }
568 
smp_cmd_pairing_req(struct l2cap_conn * conn,struct sk_buff * skb)569 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
570 {
571 	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
572 	struct smp_chan *smp;
573 	u8 key_size;
574 	u8 auth = SMP_AUTH_NONE;
575 	int ret;
576 
577 	BT_DBG("conn %p", conn);
578 
579 	if (conn->hcon->link_mode & HCI_LM_MASTER)
580 		return SMP_CMD_NOTSUPP;
581 
582 	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
583 		smp = smp_chan_create(conn);
584 	else
585 		smp = conn->smp_chan;
586 
587 	if (!smp)
588 		return SMP_UNSPECIFIED;
589 
590 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
591 	memcpy(&smp->preq[1], req, sizeof(*req));
592 	skb_pull(skb, sizeof(*req));
593 
594 	/* We didn't start the pairing, so match remote */
595 	if (req->auth_req & SMP_AUTH_BONDING)
596 		auth = req->auth_req;
597 
598 	conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
599 
600 	build_pairing_cmd(conn, req, &rsp, auth);
601 
602 	key_size = min(req->max_key_size, rsp.max_key_size);
603 	if (check_enc_key_size(conn, key_size))
604 		return SMP_ENC_KEY_SIZE;
605 
606 	ret = smp_rand(smp->prnd);
607 	if (ret)
608 		return SMP_UNSPECIFIED;
609 
610 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
611 	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
612 
613 	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
614 
615 	/* Request setup of TK */
616 	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
617 	if (ret)
618 		return SMP_UNSPECIFIED;
619 
620 	return 0;
621 }
622 
smp_cmd_pairing_rsp(struct l2cap_conn * conn,struct sk_buff * skb)623 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
624 {
625 	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
626 	struct smp_chan *smp = conn->smp_chan;
627 	struct hci_dev *hdev = conn->hcon->hdev;
628 	u8 key_size, auth = SMP_AUTH_NONE;
629 	int ret;
630 
631 	BT_DBG("conn %p", conn);
632 
633 	if (!(conn->hcon->link_mode & HCI_LM_MASTER))
634 		return SMP_CMD_NOTSUPP;
635 
636 	skb_pull(skb, sizeof(*rsp));
637 
638 	req = (void *) &smp->preq[1];
639 
640 	key_size = min(req->max_key_size, rsp->max_key_size);
641 	if (check_enc_key_size(conn, key_size))
642 		return SMP_ENC_KEY_SIZE;
643 
644 	ret = smp_rand(smp->prnd);
645 	if (ret)
646 		return SMP_UNSPECIFIED;
647 
648 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
649 	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
650 
651 	if ((req->auth_req & SMP_AUTH_BONDING) &&
652 			(rsp->auth_req & SMP_AUTH_BONDING))
653 		auth = SMP_AUTH_BONDING;
654 
655 	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
656 
657 	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
658 	if (ret)
659 		return SMP_UNSPECIFIED;
660 
661 	set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
662 
663 	/* Can't compose response until we have been confirmed */
664 	if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
665 		return 0;
666 
667 	queue_work(hdev->workqueue, &smp->confirm);
668 
669 	return 0;
670 }
671 
smp_cmd_pairing_confirm(struct l2cap_conn * conn,struct sk_buff * skb)672 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
673 {
674 	struct smp_chan *smp = conn->smp_chan;
675 	struct hci_dev *hdev = conn->hcon->hdev;
676 
677 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
678 
679 	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
680 	skb_pull(skb, sizeof(smp->pcnf));
681 
682 	if (conn->hcon->out) {
683 		u8 random[16];
684 
685 		swap128(smp->prnd, random);
686 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
687 								random);
688 	} else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
689 		queue_work(hdev->workqueue, &smp->confirm);
690 	} else {
691 		set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
692 	}
693 
694 	return 0;
695 }
696 
smp_cmd_pairing_random(struct l2cap_conn * conn,struct sk_buff * skb)697 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
698 {
699 	struct smp_chan *smp = conn->smp_chan;
700 	struct hci_dev *hdev = conn->hcon->hdev;
701 
702 	BT_DBG("conn %p", conn);
703 
704 	swap128(skb->data, smp->rrnd);
705 	skb_pull(skb, sizeof(smp->rrnd));
706 
707 	queue_work(hdev->workqueue, &smp->random);
708 
709 	return 0;
710 }
711 
smp_ltk_encrypt(struct l2cap_conn * conn,u8 sec_level)712 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
713 {
714 	struct smp_ltk *key;
715 	struct hci_conn *hcon = conn->hcon;
716 
717 	key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type);
718 	if (!key)
719 		return 0;
720 
721 	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
722 		return 0;
723 
724 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
725 		return 1;
726 
727 	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
728 	hcon->enc_key_size = key->enc_size;
729 
730 	return 1;
731 
732 }
smp_cmd_security_req(struct l2cap_conn * conn,struct sk_buff * skb)733 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
734 {
735 	struct smp_cmd_security_req *rp = (void *) skb->data;
736 	struct smp_cmd_pairing cp;
737 	struct hci_conn *hcon = conn->hcon;
738 	struct smp_chan *smp;
739 
740 	BT_DBG("conn %p", conn);
741 
742 	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
743 
744 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
745 		return 0;
746 
747 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
748 		return 0;
749 
750 	smp = smp_chan_create(conn);
751 
752 	skb_pull(skb, sizeof(*rp));
753 
754 	memset(&cp, 0, sizeof(cp));
755 	build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
756 
757 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
758 	memcpy(&smp->preq[1], &cp, sizeof(cp));
759 
760 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
761 
762 	return 0;
763 }
764 
smp_conn_security(struct hci_conn * hcon,__u8 sec_level)765 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
766 {
767 	struct l2cap_conn *conn = hcon->l2cap_data;
768 	struct smp_chan *smp = conn->smp_chan;
769 	__u8 authreq;
770 
771 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
772 
773 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
774 		return 1;
775 
776 	if (sec_level == BT_SECURITY_LOW)
777 		return 1;
778 
779 	if (hcon->sec_level >= sec_level)
780 		return 1;
781 
782 	if (hcon->link_mode & HCI_LM_MASTER)
783 		if (smp_ltk_encrypt(conn, sec_level))
784 			goto done;
785 
786 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
787 		return 0;
788 
789 	smp = smp_chan_create(conn);
790 	if (!smp)
791 		return 1;
792 
793 	authreq = seclevel_to_authreq(sec_level);
794 
795 	if (hcon->link_mode & HCI_LM_MASTER) {
796 		struct smp_cmd_pairing cp;
797 
798 		build_pairing_cmd(conn, &cp, NULL, authreq);
799 		smp->preq[0] = SMP_CMD_PAIRING_REQ;
800 		memcpy(&smp->preq[1], &cp, sizeof(cp));
801 
802 		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
803 	} else {
804 		struct smp_cmd_security_req cp;
805 		cp.auth_req = authreq;
806 		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
807 	}
808 
809 done:
810 	hcon->pending_sec_level = sec_level;
811 
812 	return 0;
813 }
814 
smp_cmd_encrypt_info(struct l2cap_conn * conn,struct sk_buff * skb)815 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
816 {
817 	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
818 	struct smp_chan *smp = conn->smp_chan;
819 
820 	skb_pull(skb, sizeof(*rp));
821 
822 	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
823 
824 	return 0;
825 }
826 
smp_cmd_master_ident(struct l2cap_conn * conn,struct sk_buff * skb)827 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
828 {
829 	struct smp_cmd_master_ident *rp = (void *) skb->data;
830 	struct smp_chan *smp = conn->smp_chan;
831 	struct hci_dev *hdev = conn->hcon->hdev;
832 	struct hci_conn *hcon = conn->hcon;
833 	u8 authenticated;
834 
835 	skb_pull(skb, sizeof(*rp));
836 
837 	hci_dev_lock(hdev);
838 	authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH);
839 	hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
840 		    HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size,
841 		    rp->ediv, rp->rand);
842 	smp_distribute_keys(conn, 1);
843 	hci_dev_unlock(hdev);
844 
845 	return 0;
846 }
847 
smp_sig_channel(struct l2cap_conn * conn,struct sk_buff * skb)848 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
849 {
850 	__u8 code = skb->data[0];
851 	__u8 reason;
852 	int err = 0;
853 
854 	if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
855 		err = -ENOTSUPP;
856 		reason = SMP_PAIRING_NOTSUPP;
857 		goto done;
858 	}
859 
860 	skb_pull(skb, sizeof(code));
861 
862 	/*
863 	 * The SMP context must be initialized for all other PDUs except
864 	 * pairing and security requests. If we get any other PDU when
865 	 * not initialized simply disconnect (done if this function
866 	 * returns an error).
867 	 */
868 	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
869 	    !conn->smp_chan) {
870 		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
871 		kfree_skb(skb);
872 		return -ENOTSUPP;
873 	}
874 
875 	switch (code) {
876 	case SMP_CMD_PAIRING_REQ:
877 		reason = smp_cmd_pairing_req(conn, skb);
878 		break;
879 
880 	case SMP_CMD_PAIRING_FAIL:
881 		smp_failure(conn, skb->data[0], 0);
882 		reason = 0;
883 		err = -EPERM;
884 		break;
885 
886 	case SMP_CMD_PAIRING_RSP:
887 		reason = smp_cmd_pairing_rsp(conn, skb);
888 		break;
889 
890 	case SMP_CMD_SECURITY_REQ:
891 		reason = smp_cmd_security_req(conn, skb);
892 		break;
893 
894 	case SMP_CMD_PAIRING_CONFIRM:
895 		reason = smp_cmd_pairing_confirm(conn, skb);
896 		break;
897 
898 	case SMP_CMD_PAIRING_RANDOM:
899 		reason = smp_cmd_pairing_random(conn, skb);
900 		break;
901 
902 	case SMP_CMD_ENCRYPT_INFO:
903 		reason = smp_cmd_encrypt_info(conn, skb);
904 		break;
905 
906 	case SMP_CMD_MASTER_IDENT:
907 		reason = smp_cmd_master_ident(conn, skb);
908 		break;
909 
910 	case SMP_CMD_IDENT_INFO:
911 	case SMP_CMD_IDENT_ADDR_INFO:
912 	case SMP_CMD_SIGN_INFO:
913 		/* Just ignored */
914 		reason = 0;
915 		break;
916 
917 	default:
918 		BT_DBG("Unknown command code 0x%2.2x", code);
919 
920 		reason = SMP_CMD_NOTSUPP;
921 		err = -EOPNOTSUPP;
922 		goto done;
923 	}
924 
925 done:
926 	if (reason)
927 		smp_failure(conn, reason, 1);
928 
929 	kfree_skb(skb);
930 	return err;
931 }
932 
smp_distribute_keys(struct l2cap_conn * conn,__u8 force)933 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
934 {
935 	struct smp_cmd_pairing *req, *rsp;
936 	struct smp_chan *smp = conn->smp_chan;
937 	__u8 *keydist;
938 
939 	BT_DBG("conn %p force %d", conn, force);
940 
941 	if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
942 		return 0;
943 
944 	rsp = (void *) &smp->prsp[1];
945 
946 	/* The responder sends its keys first */
947 	if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
948 		return 0;
949 
950 	req = (void *) &smp->preq[1];
951 
952 	if (conn->hcon->out) {
953 		keydist = &rsp->init_key_dist;
954 		*keydist &= req->init_key_dist;
955 	} else {
956 		keydist = &rsp->resp_key_dist;
957 		*keydist &= req->resp_key_dist;
958 	}
959 
960 
961 	BT_DBG("keydist 0x%x", *keydist);
962 
963 	if (*keydist & SMP_DIST_ENC_KEY) {
964 		struct smp_cmd_encrypt_info enc;
965 		struct smp_cmd_master_ident ident;
966 		struct hci_conn *hcon = conn->hcon;
967 		u8 authenticated;
968 		__le16 ediv;
969 
970 		get_random_bytes(enc.ltk, sizeof(enc.ltk));
971 		get_random_bytes(&ediv, sizeof(ediv));
972 		get_random_bytes(ident.rand, sizeof(ident.rand));
973 
974 		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
975 
976 		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
977 		hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
978 			    HCI_SMP_LTK_SLAVE, 1, authenticated,
979 			    enc.ltk, smp->enc_key_size, ediv, ident.rand);
980 
981 		ident.ediv = ediv;
982 
983 		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
984 
985 		*keydist &= ~SMP_DIST_ENC_KEY;
986 	}
987 
988 	if (*keydist & SMP_DIST_ID_KEY) {
989 		struct smp_cmd_ident_addr_info addrinfo;
990 		struct smp_cmd_ident_info idinfo;
991 
992 		/* Send a dummy key */
993 		get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
994 
995 		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
996 
997 		/* Just public address */
998 		memset(&addrinfo, 0, sizeof(addrinfo));
999 		bacpy(&addrinfo.bdaddr, conn->src);
1000 
1001 		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1002 								&addrinfo);
1003 
1004 		*keydist &= ~SMP_DIST_ID_KEY;
1005 	}
1006 
1007 	if (*keydist & SMP_DIST_SIGN) {
1008 		struct smp_cmd_sign_info sign;
1009 
1010 		/* Send a dummy key */
1011 		get_random_bytes(sign.csrk, sizeof(sign.csrk));
1012 
1013 		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1014 
1015 		*keydist &= ~SMP_DIST_SIGN;
1016 	}
1017 
1018 	if (conn->hcon->out || force) {
1019 		clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1020 		cancel_delayed_work_sync(&conn->security_timer);
1021 		smp_chan_destroy(conn);
1022 	}
1023 
1024 	return 0;
1025 }
1026