1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31 #include <net/bluetooth/smp.h>
32
33 #define SMP_TIMEOUT msecs_to_jiffies(30000)
34
35 #define AUTH_REQ_MASK 0x07
36
swap128(u8 src[16],u8 dst[16])37 static inline void swap128(u8 src[16], u8 dst[16])
38 {
39 int i;
40 for (i = 0; i < 16; i++)
41 dst[15 - i] = src[i];
42 }
43
swap56(u8 src[7],u8 dst[7])44 static inline void swap56(u8 src[7], u8 dst[7])
45 {
46 int i;
47 for (i = 0; i < 7; i++)
48 dst[6 - i] = src[i];
49 }
50
smp_e(struct crypto_blkcipher * tfm,const u8 * k,u8 * r)51 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
52 {
53 struct blkcipher_desc desc;
54 struct scatterlist sg;
55 int err, iv_len;
56 unsigned char iv[128];
57
58 if (tfm == NULL) {
59 BT_ERR("tfm %p", tfm);
60 return -EINVAL;
61 }
62
63 desc.tfm = tfm;
64 desc.flags = 0;
65
66 err = crypto_blkcipher_setkey(tfm, k, 16);
67 if (err) {
68 BT_ERR("cipher setkey failed: %d", err);
69 return err;
70 }
71
72 sg_init_one(&sg, r, 16);
73
74 iv_len = crypto_blkcipher_ivsize(tfm);
75 if (iv_len) {
76 memset(&iv, 0xff, iv_len);
77 crypto_blkcipher_set_iv(tfm, iv, iv_len);
78 }
79
80 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
81 if (err)
82 BT_ERR("Encrypt data error %d", err);
83
84 return err;
85 }
86
smp_c1(struct crypto_blkcipher * tfm,u8 k[16],u8 r[16],u8 preq[7],u8 pres[7],u8 _iat,bdaddr_t * ia,u8 _rat,bdaddr_t * ra,u8 res[16])87 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
88 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
89 u8 _rat, bdaddr_t *ra, u8 res[16])
90 {
91 u8 p1[16], p2[16];
92 int err;
93
94 memset(p1, 0, 16);
95
96 /* p1 = pres || preq || _rat || _iat */
97 swap56(pres, p1);
98 swap56(preq, p1 + 7);
99 p1[14] = _rat;
100 p1[15] = _iat;
101
102 memset(p2, 0, 16);
103
104 /* p2 = padding || ia || ra */
105 baswap((bdaddr_t *) (p2 + 4), ia);
106 baswap((bdaddr_t *) (p2 + 10), ra);
107
108 /* res = r XOR p1 */
109 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
110
111 /* res = e(k, res) */
112 err = smp_e(tfm, k, res);
113 if (err) {
114 BT_ERR("Encrypt data error");
115 return err;
116 }
117
118 /* res = res XOR p2 */
119 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
120
121 /* res = e(k, res) */
122 err = smp_e(tfm, k, res);
123 if (err)
124 BT_ERR("Encrypt data error");
125
126 return err;
127 }
128
smp_s1(struct crypto_blkcipher * tfm,u8 k[16],u8 r1[16],u8 r2[16],u8 _r[16])129 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
130 u8 r1[16], u8 r2[16], u8 _r[16])
131 {
132 int err;
133
134 /* Just least significant octets from r1 and r2 are considered */
135 memcpy(_r, r1 + 8, 8);
136 memcpy(_r + 8, r2 + 8, 8);
137
138 err = smp_e(tfm, k, _r);
139 if (err)
140 BT_ERR("Encrypt data error");
141
142 return err;
143 }
144
smp_rand(u8 * buf)145 static int smp_rand(u8 *buf)
146 {
147 get_random_bytes(buf, 16);
148
149 return 0;
150 }
151
smp_build_cmd(struct l2cap_conn * conn,u8 code,u16 dlen,void * data)152 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
153 u16 dlen, void *data)
154 {
155 struct sk_buff *skb;
156 struct l2cap_hdr *lh;
157 int len;
158
159 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
160
161 if (len > conn->mtu)
162 return NULL;
163
164 skb = bt_skb_alloc(len, GFP_ATOMIC);
165 if (!skb)
166 return NULL;
167
168 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
169 lh->len = cpu_to_le16(sizeof(code) + dlen);
170 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
171
172 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
173
174 memcpy(skb_put(skb, dlen), data, dlen);
175
176 return skb;
177 }
178
smp_send_cmd(struct l2cap_conn * conn,u8 code,u16 len,void * data)179 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
180 {
181 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
182
183 BT_DBG("code 0x%2.2x", code);
184
185 if (!skb)
186 return;
187
188 skb->priority = HCI_PRIO_MAX;
189 hci_send_acl(conn->hchan, skb, 0);
190
191 cancel_delayed_work_sync(&conn->security_timer);
192 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
193 }
194
authreq_to_seclevel(__u8 authreq)195 static __u8 authreq_to_seclevel(__u8 authreq)
196 {
197 if (authreq & SMP_AUTH_MITM)
198 return BT_SECURITY_HIGH;
199 else
200 return BT_SECURITY_MEDIUM;
201 }
202
seclevel_to_authreq(__u8 sec_level)203 static __u8 seclevel_to_authreq(__u8 sec_level)
204 {
205 switch (sec_level) {
206 case BT_SECURITY_HIGH:
207 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
208 case BT_SECURITY_MEDIUM:
209 return SMP_AUTH_BONDING;
210 default:
211 return SMP_AUTH_NONE;
212 }
213 }
214
build_pairing_cmd(struct l2cap_conn * conn,struct smp_cmd_pairing * req,struct smp_cmd_pairing * rsp,__u8 authreq)215 static void build_pairing_cmd(struct l2cap_conn *conn,
216 struct smp_cmd_pairing *req,
217 struct smp_cmd_pairing *rsp,
218 __u8 authreq)
219 {
220 u8 dist_keys = 0;
221
222 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
223 dist_keys = SMP_DIST_ENC_KEY;
224 authreq |= SMP_AUTH_BONDING;
225 } else {
226 authreq &= ~SMP_AUTH_BONDING;
227 }
228
229 if (rsp == NULL) {
230 req->io_capability = conn->hcon->io_capability;
231 req->oob_flag = SMP_OOB_NOT_PRESENT;
232 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
233 req->init_key_dist = 0;
234 req->resp_key_dist = dist_keys;
235 req->auth_req = (authreq & AUTH_REQ_MASK);
236 return;
237 }
238
239 rsp->io_capability = conn->hcon->io_capability;
240 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
241 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
242 rsp->init_key_dist = 0;
243 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
244 rsp->auth_req = (authreq & AUTH_REQ_MASK);
245 }
246
check_enc_key_size(struct l2cap_conn * conn,__u8 max_key_size)247 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
248 {
249 struct smp_chan *smp = conn->smp_chan;
250
251 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
252 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
253 return SMP_ENC_KEY_SIZE;
254
255 smp->enc_key_size = max_key_size;
256
257 return 0;
258 }
259
smp_failure(struct l2cap_conn * conn,u8 reason,u8 send)260 static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
261 {
262 struct hci_conn *hcon = conn->hcon;
263
264 if (send)
265 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
266 &reason);
267
268 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
269 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
270 hcon->dst_type, HCI_ERROR_AUTH_FAILURE);
271
272 cancel_delayed_work_sync(&conn->security_timer);
273
274 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
275 smp_chan_destroy(conn);
276 }
277
278 #define JUST_WORKS 0x00
279 #define JUST_CFM 0x01
280 #define REQ_PASSKEY 0x02
281 #define CFM_PASSKEY 0x03
282 #define REQ_OOB 0x04
283 #define OVERLAP 0xFF
284
285 static const u8 gen_method[5][5] = {
286 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
287 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
288 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
289 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
290 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
291 };
292
tk_request(struct l2cap_conn * conn,u8 remote_oob,u8 auth,u8 local_io,u8 remote_io)293 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
294 u8 local_io, u8 remote_io)
295 {
296 struct hci_conn *hcon = conn->hcon;
297 struct smp_chan *smp = conn->smp_chan;
298 u8 method;
299 u32 passkey = 0;
300 int ret = 0;
301
302 /* Initialize key for JUST WORKS */
303 memset(smp->tk, 0, sizeof(smp->tk));
304 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
305
306 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
307
308 /* If neither side wants MITM, use JUST WORKS */
309 /* If either side has unknown io_caps, use JUST WORKS */
310 /* Otherwise, look up method from the table */
311 if (!(auth & SMP_AUTH_MITM) ||
312 local_io > SMP_IO_KEYBOARD_DISPLAY ||
313 remote_io > SMP_IO_KEYBOARD_DISPLAY)
314 method = JUST_WORKS;
315 else
316 method = gen_method[remote_io][local_io];
317
318 /* If not bonding, don't ask user to confirm a Zero TK */
319 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
320 method = JUST_WORKS;
321
322 /* If Just Works, Continue with Zero TK */
323 if (method == JUST_WORKS) {
324 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
325 return 0;
326 }
327
328 /* Not Just Works/Confirm results in MITM Authentication */
329 if (method != JUST_CFM)
330 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
331
332 /* If both devices have Keyoard-Display I/O, the master
333 * Confirms and the slave Enters the passkey.
334 */
335 if (method == OVERLAP) {
336 if (hcon->link_mode & HCI_LM_MASTER)
337 method = CFM_PASSKEY;
338 else
339 method = REQ_PASSKEY;
340 }
341
342 /* Generate random passkey. Not valid until confirmed. */
343 if (method == CFM_PASSKEY) {
344 u8 key[16];
345
346 memset(key, 0, sizeof(key));
347 get_random_bytes(&passkey, sizeof(passkey));
348 passkey %= 1000000;
349 put_unaligned_le32(passkey, key);
350 swap128(key, smp->tk);
351 BT_DBG("PassKey: %d", passkey);
352 }
353
354 hci_dev_lock(hcon->hdev);
355
356 if (method == REQ_PASSKEY)
357 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst,
358 hcon->type, hcon->dst_type);
359 else
360 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
361 hcon->type, hcon->dst_type,
362 cpu_to_le32(passkey), 0);
363
364 hci_dev_unlock(hcon->hdev);
365
366 return ret;
367 }
368
confirm_work(struct work_struct * work)369 static void confirm_work(struct work_struct *work)
370 {
371 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
372 struct l2cap_conn *conn = smp->conn;
373 struct crypto_blkcipher *tfm;
374 struct smp_cmd_pairing_confirm cp;
375 int ret;
376 u8 res[16], reason;
377
378 BT_DBG("conn %p", conn);
379
380 tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
381 if (IS_ERR(tfm)) {
382 reason = SMP_UNSPECIFIED;
383 goto error;
384 }
385
386 smp->tfm = tfm;
387
388 if (conn->hcon->out)
389 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
390 conn->src, conn->hcon->dst_type, conn->dst, res);
391 else
392 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
393 conn->hcon->dst_type, conn->dst, 0, conn->src,
394 res);
395 if (ret) {
396 reason = SMP_UNSPECIFIED;
397 goto error;
398 }
399
400 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
401
402 swap128(res, cp.confirm_val);
403 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
404
405 return;
406
407 error:
408 smp_failure(conn, reason, 1);
409 }
410
random_work(struct work_struct * work)411 static void random_work(struct work_struct *work)
412 {
413 struct smp_chan *smp = container_of(work, struct smp_chan, random);
414 struct l2cap_conn *conn = smp->conn;
415 struct hci_conn *hcon = conn->hcon;
416 struct crypto_blkcipher *tfm = smp->tfm;
417 u8 reason, confirm[16], res[16], key[16];
418 int ret;
419
420 if (IS_ERR_OR_NULL(tfm)) {
421 reason = SMP_UNSPECIFIED;
422 goto error;
423 }
424
425 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
426
427 if (hcon->out)
428 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
429 conn->src, hcon->dst_type, conn->dst, res);
430 else
431 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
432 hcon->dst_type, conn->dst, 0, conn->src, res);
433 if (ret) {
434 reason = SMP_UNSPECIFIED;
435 goto error;
436 }
437
438 swap128(res, confirm);
439
440 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
441 BT_ERR("Pairing failed (confirmation values mismatch)");
442 reason = SMP_CONFIRM_FAILED;
443 goto error;
444 }
445
446 if (hcon->out) {
447 u8 stk[16], rand[8];
448 __le16 ediv;
449
450 memset(rand, 0, sizeof(rand));
451 ediv = 0;
452
453 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
454 swap128(key, stk);
455
456 memset(stk + smp->enc_key_size, 0,
457 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
458
459 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
460 reason = SMP_UNSPECIFIED;
461 goto error;
462 }
463
464 hci_le_start_enc(hcon, ediv, rand, stk);
465 hcon->enc_key_size = smp->enc_key_size;
466 } else {
467 u8 stk[16], r[16], rand[8];
468 __le16 ediv;
469
470 memset(rand, 0, sizeof(rand));
471 ediv = 0;
472
473 swap128(smp->prnd, r);
474 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
475
476 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
477 swap128(key, stk);
478
479 memset(stk + smp->enc_key_size, 0,
480 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
481
482 hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type,
483 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
484 ediv, rand);
485 }
486
487 return;
488
489 error:
490 smp_failure(conn, reason, 1);
491 }
492
smp_chan_create(struct l2cap_conn * conn)493 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
494 {
495 struct smp_chan *smp;
496
497 smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
498 if (!smp)
499 return NULL;
500
501 INIT_WORK(&smp->confirm, confirm_work);
502 INIT_WORK(&smp->random, random_work);
503
504 smp->conn = conn;
505 conn->smp_chan = smp;
506 conn->hcon->smp_conn = conn;
507
508 hci_conn_hold(conn->hcon);
509
510 return smp;
511 }
512
smp_chan_destroy(struct l2cap_conn * conn)513 void smp_chan_destroy(struct l2cap_conn *conn)
514 {
515 struct smp_chan *smp = conn->smp_chan;
516
517 BUG_ON(!smp);
518
519 if (smp->tfm)
520 crypto_free_blkcipher(smp->tfm);
521
522 kfree(smp);
523 conn->smp_chan = NULL;
524 conn->hcon->smp_conn = NULL;
525 hci_conn_drop(conn->hcon);
526 }
527
smp_user_confirm_reply(struct hci_conn * hcon,u16 mgmt_op,__le32 passkey)528 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
529 {
530 struct l2cap_conn *conn = hcon->smp_conn;
531 struct smp_chan *smp;
532 u32 value;
533 u8 key[16];
534
535 BT_DBG("");
536
537 if (!conn)
538 return -ENOTCONN;
539
540 smp = conn->smp_chan;
541
542 switch (mgmt_op) {
543 case MGMT_OP_USER_PASSKEY_REPLY:
544 value = le32_to_cpu(passkey);
545 memset(key, 0, sizeof(key));
546 BT_DBG("PassKey: %d", value);
547 put_unaligned_le32(value, key);
548 swap128(key, smp->tk);
549 /* Fall Through */
550 case MGMT_OP_USER_CONFIRM_REPLY:
551 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
552 break;
553 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
554 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
555 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
556 return 0;
557 default:
558 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
559 return -EOPNOTSUPP;
560 }
561
562 /* If it is our turn to send Pairing Confirm, do so now */
563 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
564 queue_work(hcon->hdev->workqueue, &smp->confirm);
565
566 return 0;
567 }
568
smp_cmd_pairing_req(struct l2cap_conn * conn,struct sk_buff * skb)569 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
570 {
571 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
572 struct smp_chan *smp;
573 u8 key_size;
574 u8 auth = SMP_AUTH_NONE;
575 int ret;
576
577 BT_DBG("conn %p", conn);
578
579 if (conn->hcon->link_mode & HCI_LM_MASTER)
580 return SMP_CMD_NOTSUPP;
581
582 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
583 smp = smp_chan_create(conn);
584 else
585 smp = conn->smp_chan;
586
587 if (!smp)
588 return SMP_UNSPECIFIED;
589
590 smp->preq[0] = SMP_CMD_PAIRING_REQ;
591 memcpy(&smp->preq[1], req, sizeof(*req));
592 skb_pull(skb, sizeof(*req));
593
594 /* We didn't start the pairing, so match remote */
595 if (req->auth_req & SMP_AUTH_BONDING)
596 auth = req->auth_req;
597
598 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
599
600 build_pairing_cmd(conn, req, &rsp, auth);
601
602 key_size = min(req->max_key_size, rsp.max_key_size);
603 if (check_enc_key_size(conn, key_size))
604 return SMP_ENC_KEY_SIZE;
605
606 ret = smp_rand(smp->prnd);
607 if (ret)
608 return SMP_UNSPECIFIED;
609
610 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
611 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
612
613 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
614
615 /* Request setup of TK */
616 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
617 if (ret)
618 return SMP_UNSPECIFIED;
619
620 return 0;
621 }
622
smp_cmd_pairing_rsp(struct l2cap_conn * conn,struct sk_buff * skb)623 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
624 {
625 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
626 struct smp_chan *smp = conn->smp_chan;
627 struct hci_dev *hdev = conn->hcon->hdev;
628 u8 key_size, auth = SMP_AUTH_NONE;
629 int ret;
630
631 BT_DBG("conn %p", conn);
632
633 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
634 return SMP_CMD_NOTSUPP;
635
636 skb_pull(skb, sizeof(*rsp));
637
638 req = (void *) &smp->preq[1];
639
640 key_size = min(req->max_key_size, rsp->max_key_size);
641 if (check_enc_key_size(conn, key_size))
642 return SMP_ENC_KEY_SIZE;
643
644 ret = smp_rand(smp->prnd);
645 if (ret)
646 return SMP_UNSPECIFIED;
647
648 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
649 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
650
651 if ((req->auth_req & SMP_AUTH_BONDING) &&
652 (rsp->auth_req & SMP_AUTH_BONDING))
653 auth = SMP_AUTH_BONDING;
654
655 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
656
657 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
658 if (ret)
659 return SMP_UNSPECIFIED;
660
661 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
662
663 /* Can't compose response until we have been confirmed */
664 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
665 return 0;
666
667 queue_work(hdev->workqueue, &smp->confirm);
668
669 return 0;
670 }
671
smp_cmd_pairing_confirm(struct l2cap_conn * conn,struct sk_buff * skb)672 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
673 {
674 struct smp_chan *smp = conn->smp_chan;
675 struct hci_dev *hdev = conn->hcon->hdev;
676
677 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
678
679 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
680 skb_pull(skb, sizeof(smp->pcnf));
681
682 if (conn->hcon->out) {
683 u8 random[16];
684
685 swap128(smp->prnd, random);
686 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
687 random);
688 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
689 queue_work(hdev->workqueue, &smp->confirm);
690 } else {
691 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
692 }
693
694 return 0;
695 }
696
smp_cmd_pairing_random(struct l2cap_conn * conn,struct sk_buff * skb)697 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
698 {
699 struct smp_chan *smp = conn->smp_chan;
700 struct hci_dev *hdev = conn->hcon->hdev;
701
702 BT_DBG("conn %p", conn);
703
704 swap128(skb->data, smp->rrnd);
705 skb_pull(skb, sizeof(smp->rrnd));
706
707 queue_work(hdev->workqueue, &smp->random);
708
709 return 0;
710 }
711
smp_ltk_encrypt(struct l2cap_conn * conn,u8 sec_level)712 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
713 {
714 struct smp_ltk *key;
715 struct hci_conn *hcon = conn->hcon;
716
717 key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type);
718 if (!key)
719 return 0;
720
721 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
722 return 0;
723
724 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
725 return 1;
726
727 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
728 hcon->enc_key_size = key->enc_size;
729
730 return 1;
731
732 }
smp_cmd_security_req(struct l2cap_conn * conn,struct sk_buff * skb)733 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
734 {
735 struct smp_cmd_security_req *rp = (void *) skb->data;
736 struct smp_cmd_pairing cp;
737 struct hci_conn *hcon = conn->hcon;
738 struct smp_chan *smp;
739
740 BT_DBG("conn %p", conn);
741
742 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
743
744 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
745 return 0;
746
747 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
748 return 0;
749
750 smp = smp_chan_create(conn);
751
752 skb_pull(skb, sizeof(*rp));
753
754 memset(&cp, 0, sizeof(cp));
755 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
756
757 smp->preq[0] = SMP_CMD_PAIRING_REQ;
758 memcpy(&smp->preq[1], &cp, sizeof(cp));
759
760 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
761
762 return 0;
763 }
764
smp_conn_security(struct hci_conn * hcon,__u8 sec_level)765 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
766 {
767 struct l2cap_conn *conn = hcon->l2cap_data;
768 struct smp_chan *smp = conn->smp_chan;
769 __u8 authreq;
770
771 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
772
773 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
774 return 1;
775
776 if (sec_level == BT_SECURITY_LOW)
777 return 1;
778
779 if (hcon->sec_level >= sec_level)
780 return 1;
781
782 if (hcon->link_mode & HCI_LM_MASTER)
783 if (smp_ltk_encrypt(conn, sec_level))
784 goto done;
785
786 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
787 return 0;
788
789 smp = smp_chan_create(conn);
790 if (!smp)
791 return 1;
792
793 authreq = seclevel_to_authreq(sec_level);
794
795 if (hcon->link_mode & HCI_LM_MASTER) {
796 struct smp_cmd_pairing cp;
797
798 build_pairing_cmd(conn, &cp, NULL, authreq);
799 smp->preq[0] = SMP_CMD_PAIRING_REQ;
800 memcpy(&smp->preq[1], &cp, sizeof(cp));
801
802 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
803 } else {
804 struct smp_cmd_security_req cp;
805 cp.auth_req = authreq;
806 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
807 }
808
809 done:
810 hcon->pending_sec_level = sec_level;
811
812 return 0;
813 }
814
smp_cmd_encrypt_info(struct l2cap_conn * conn,struct sk_buff * skb)815 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
816 {
817 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
818 struct smp_chan *smp = conn->smp_chan;
819
820 skb_pull(skb, sizeof(*rp));
821
822 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
823
824 return 0;
825 }
826
smp_cmd_master_ident(struct l2cap_conn * conn,struct sk_buff * skb)827 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
828 {
829 struct smp_cmd_master_ident *rp = (void *) skb->data;
830 struct smp_chan *smp = conn->smp_chan;
831 struct hci_dev *hdev = conn->hcon->hdev;
832 struct hci_conn *hcon = conn->hcon;
833 u8 authenticated;
834
835 skb_pull(skb, sizeof(*rp));
836
837 hci_dev_lock(hdev);
838 authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH);
839 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
840 HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size,
841 rp->ediv, rp->rand);
842 smp_distribute_keys(conn, 1);
843 hci_dev_unlock(hdev);
844
845 return 0;
846 }
847
smp_sig_channel(struct l2cap_conn * conn,struct sk_buff * skb)848 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
849 {
850 __u8 code = skb->data[0];
851 __u8 reason;
852 int err = 0;
853
854 if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
855 err = -ENOTSUPP;
856 reason = SMP_PAIRING_NOTSUPP;
857 goto done;
858 }
859
860 skb_pull(skb, sizeof(code));
861
862 /*
863 * The SMP context must be initialized for all other PDUs except
864 * pairing and security requests. If we get any other PDU when
865 * not initialized simply disconnect (done if this function
866 * returns an error).
867 */
868 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
869 !conn->smp_chan) {
870 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
871 kfree_skb(skb);
872 return -ENOTSUPP;
873 }
874
875 switch (code) {
876 case SMP_CMD_PAIRING_REQ:
877 reason = smp_cmd_pairing_req(conn, skb);
878 break;
879
880 case SMP_CMD_PAIRING_FAIL:
881 smp_failure(conn, skb->data[0], 0);
882 reason = 0;
883 err = -EPERM;
884 break;
885
886 case SMP_CMD_PAIRING_RSP:
887 reason = smp_cmd_pairing_rsp(conn, skb);
888 break;
889
890 case SMP_CMD_SECURITY_REQ:
891 reason = smp_cmd_security_req(conn, skb);
892 break;
893
894 case SMP_CMD_PAIRING_CONFIRM:
895 reason = smp_cmd_pairing_confirm(conn, skb);
896 break;
897
898 case SMP_CMD_PAIRING_RANDOM:
899 reason = smp_cmd_pairing_random(conn, skb);
900 break;
901
902 case SMP_CMD_ENCRYPT_INFO:
903 reason = smp_cmd_encrypt_info(conn, skb);
904 break;
905
906 case SMP_CMD_MASTER_IDENT:
907 reason = smp_cmd_master_ident(conn, skb);
908 break;
909
910 case SMP_CMD_IDENT_INFO:
911 case SMP_CMD_IDENT_ADDR_INFO:
912 case SMP_CMD_SIGN_INFO:
913 /* Just ignored */
914 reason = 0;
915 break;
916
917 default:
918 BT_DBG("Unknown command code 0x%2.2x", code);
919
920 reason = SMP_CMD_NOTSUPP;
921 err = -EOPNOTSUPP;
922 goto done;
923 }
924
925 done:
926 if (reason)
927 smp_failure(conn, reason, 1);
928
929 kfree_skb(skb);
930 return err;
931 }
932
smp_distribute_keys(struct l2cap_conn * conn,__u8 force)933 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
934 {
935 struct smp_cmd_pairing *req, *rsp;
936 struct smp_chan *smp = conn->smp_chan;
937 __u8 *keydist;
938
939 BT_DBG("conn %p force %d", conn, force);
940
941 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
942 return 0;
943
944 rsp = (void *) &smp->prsp[1];
945
946 /* The responder sends its keys first */
947 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
948 return 0;
949
950 req = (void *) &smp->preq[1];
951
952 if (conn->hcon->out) {
953 keydist = &rsp->init_key_dist;
954 *keydist &= req->init_key_dist;
955 } else {
956 keydist = &rsp->resp_key_dist;
957 *keydist &= req->resp_key_dist;
958 }
959
960
961 BT_DBG("keydist 0x%x", *keydist);
962
963 if (*keydist & SMP_DIST_ENC_KEY) {
964 struct smp_cmd_encrypt_info enc;
965 struct smp_cmd_master_ident ident;
966 struct hci_conn *hcon = conn->hcon;
967 u8 authenticated;
968 __le16 ediv;
969
970 get_random_bytes(enc.ltk, sizeof(enc.ltk));
971 get_random_bytes(&ediv, sizeof(ediv));
972 get_random_bytes(ident.rand, sizeof(ident.rand));
973
974 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
975
976 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
977 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
978 HCI_SMP_LTK_SLAVE, 1, authenticated,
979 enc.ltk, smp->enc_key_size, ediv, ident.rand);
980
981 ident.ediv = ediv;
982
983 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
984
985 *keydist &= ~SMP_DIST_ENC_KEY;
986 }
987
988 if (*keydist & SMP_DIST_ID_KEY) {
989 struct smp_cmd_ident_addr_info addrinfo;
990 struct smp_cmd_ident_info idinfo;
991
992 /* Send a dummy key */
993 get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
994
995 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
996
997 /* Just public address */
998 memset(&addrinfo, 0, sizeof(addrinfo));
999 bacpy(&addrinfo.bdaddr, conn->src);
1000
1001 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1002 &addrinfo);
1003
1004 *keydist &= ~SMP_DIST_ID_KEY;
1005 }
1006
1007 if (*keydist & SMP_DIST_SIGN) {
1008 struct smp_cmd_sign_info sign;
1009
1010 /* Send a dummy key */
1011 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1012
1013 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1014
1015 *keydist &= ~SMP_DIST_SIGN;
1016 }
1017
1018 if (conn->hcon->out || force) {
1019 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1020 cancel_delayed_work_sync(&conn->security_timer);
1021 smp_chan_destroy(conn);
1022 }
1023
1024 return 0;
1025 }
1026