| smp.c (f730cc9fee2b47c22964b4843a41d723f436b62a) | smp.c (2064ee332e4c1b7495cf68b84355c213d8fe71fd) |
|---|---|
| 1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 --- 982 unchanged lines hidden (view full) --- 991 992 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp, 993 hcon->init_addr_type, &hcon->init_addr, 994 hcon->resp_addr_type, &hcon->resp_addr, confirm); 995 if (ret) 996 return SMP_UNSPECIFIED; 997 998 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) { | 1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 --- 982 unchanged lines hidden (view full) --- 991 992 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp, 993 hcon->init_addr_type, &hcon->init_addr, 994 hcon->resp_addr_type, &hcon->resp_addr, confirm); 995 if (ret) 996 return SMP_UNSPECIFIED; 997 998 if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) { |
| 999 BT_ERR("Pairing failed (confirmation values mismatch)"); | 999 bt_dev_err(hcon->hdev, "pairing failed " 1000 "(confirmation values mismatch)"); |
| 1000 return SMP_CONFIRM_FAILED; 1001 } 1002 1003 if (hcon->out) { 1004 u8 stk[16]; 1005 __le64 rand = 0; 1006 __le16 ediv = 0; 1007 --- 197 unchanged lines hidden (view full) --- 1205 /* From core spec. Spells out in ASCII as 'brle'. */ 1206 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 }; 1207 struct hci_conn *hcon = smp->conn->hcon; 1208 struct hci_dev *hdev = hcon->hdev; 1209 struct link_key *key; 1210 1211 key = hci_find_link_key(hdev, &hcon->dst); 1212 if (!key) { | 1001 return SMP_CONFIRM_FAILED; 1002 } 1003 1004 if (hcon->out) { 1005 u8 stk[16]; 1006 __le64 rand = 0; 1007 __le16 ediv = 0; 1008 --- 197 unchanged lines hidden (view full) --- 1206 /* From core spec. Spells out in ASCII as 'brle'. */ 1207 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 }; 1208 struct hci_conn *hcon = smp->conn->hcon; 1209 struct hci_dev *hdev = hcon->hdev; 1210 struct link_key *key; 1211 1212 key = hci_find_link_key(hdev, &hcon->dst); 1213 if (!key) { |
| 1213 BT_ERR("%s No Link Key found to generate LTK", hdev->name); | 1214 bt_dev_err(hdev, "no Link Key found to generate LTK"); |
| 1214 return; 1215 } 1216 1217 if (key->type == HCI_LK_DEBUG_COMBINATION) 1218 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 1219 1220 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { 1221 /* SALT = 0x00000000000000000000000000000000746D7032 */ --- 840 unchanged lines hidden (view full) --- 2062 struct smp_cmd_pairing *req, *rsp; 2063 u8 auth; 2064 2065 /* The issue is only observed when we're in slave role */ 2066 if (hcon->out) 2067 return SMP_UNSPECIFIED; 2068 2069 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { | 1215 return; 1216 } 1217 1218 if (key->type == HCI_LK_DEBUG_COMBINATION) 1219 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 1220 1221 if (test_bit(SMP_FLAG_CT2, &smp->flags)) { 1222 /* SALT = 0x00000000000000000000000000000000746D7032 */ --- 840 unchanged lines hidden (view full) --- 2063 struct smp_cmd_pairing *req, *rsp; 2064 u8 auth; 2065 2066 /* The issue is only observed when we're in slave role */ 2067 if (hcon->out) 2068 return SMP_UNSPECIFIED; 2069 2070 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { |
| 2070 BT_ERR("Refusing SMP SC -> legacy fallback in SC-only mode"); | 2071 bt_dev_err(hdev, "refusing legacy fallback in SC-only mode"); |
| 2071 return SMP_UNSPECIFIED; 2072 } 2073 | 2072 return SMP_UNSPECIFIED; 2073 } 2074 |
| 2074 BT_ERR("Trying to fall back to legacy SMP"); | 2075 bt_dev_err(hdev, "trying to fall back to legacy SMP"); |
| 2075 2076 req = (void *) &smp->preq[1]; 2077 rsp = (void *) &smp->prsp[1]; 2078 2079 /* Rebuild key dist flags which may have been cleared for SC */ 2080 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist); 2081 2082 auth = req->auth_req & AUTH_REQ_MASK(hdev); 2083 2084 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) { | 2076 2077 req = (void *) &smp->preq[1]; 2078 rsp = (void *) &smp->prsp[1]; 2079 2080 /* Rebuild key dist flags which may have been cleared for SC */ 2081 smp->remote_key_dist = (req->init_key_dist & rsp->resp_key_dist); 2082 2083 auth = req->auth_req & AUTH_REQ_MASK(hdev); 2084 2085 if (tk_request(conn, 0, auth, rsp->io_capability, req->io_capability)) { |
| 2085 BT_ERR("Failed to fall back to legacy SMP"); | 2086 bt_dev_err(hdev, "failed to fall back to legacy SMP"); |
| 2086 return SMP_UNSPECIFIED; 2087 } 2088 2089 clear_bit(SMP_FLAG_SC, &smp->flags); 2090 2091 return 0; 2092} 2093 --- 256 unchanged lines hidden (view full) --- 2350 hcon->pending_sec_level = sec_level; 2351 2352 if (hcon->role == HCI_ROLE_MASTER) 2353 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2354 return 0; 2355 2356 chan = conn->smp; 2357 if (!chan) { | 2087 return SMP_UNSPECIFIED; 2088 } 2089 2090 clear_bit(SMP_FLAG_SC, &smp->flags); 2091 2092 return 0; 2093} 2094 --- 256 unchanged lines hidden (view full) --- 2351 hcon->pending_sec_level = sec_level; 2352 2353 if (hcon->role == HCI_ROLE_MASTER) 2354 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2355 return 0; 2356 2357 chan = conn->smp; 2358 if (!chan) { |
| 2358 BT_ERR("SMP security requested but not available"); | 2359 bt_dev_err(hcon->hdev, "security requested but not available"); |
| 2359 return 1; 2360 } 2361 2362 l2cap_chan_lock(chan); 2363 2364 /* If SMP is already in progress ignore this request */ 2365 if (chan->data) { 2366 ret = 0; --- 176 unchanged lines hidden (view full) --- 2543 * complicate our implementation, simply pretend that we never 2544 * received an IRK for such a device. 2545 * 2546 * The Identity Address must also be a Static Random or Public 2547 * Address, which hci_is_identity_address() checks for. 2548 */ 2549 if (!bacmp(&info->bdaddr, BDADDR_ANY) || 2550 !hci_is_identity_address(&info->bdaddr, info->addr_type)) { | 2360 return 1; 2361 } 2362 2363 l2cap_chan_lock(chan); 2364 2365 /* If SMP is already in progress ignore this request */ 2366 if (chan->data) { 2367 ret = 0; --- 176 unchanged lines hidden (view full) --- 2544 * complicate our implementation, simply pretend that we never 2545 * received an IRK for such a device. 2546 * 2547 * The Identity Address must also be a Static Random or Public 2548 * Address, which hci_is_identity_address() checks for. 2549 */ 2550 if (!bacmp(&info->bdaddr, BDADDR_ANY) || 2551 !hci_is_identity_address(&info->bdaddr, info->addr_type)) { |
| 2551 BT_ERR("Ignoring IRK with no identity address"); | 2552 bt_dev_err(hcon->hdev, "ignoring IRK with no identity address"); |
| 2552 goto distribute; 2553 } 2554 2555 bacpy(&smp->id_addr, &info->bdaddr); 2556 smp->id_addr_type = info->addr_type; 2557 2558 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) 2559 bacpy(&rpa, &hcon->dst); --- 388 unchanged lines hidden (view full) --- 2948 if (reason) 2949 smp_failure(conn, reason); 2950 kfree_skb(skb); 2951 } 2952 2953 return err; 2954 2955drop: | 2553 goto distribute; 2554 } 2555 2556 bacpy(&smp->id_addr, &info->bdaddr); 2557 smp->id_addr_type = info->addr_type; 2558 2559 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) 2560 bacpy(&rpa, &hcon->dst); --- 388 unchanged lines hidden (view full) --- 2949 if (reason) 2950 smp_failure(conn, reason); 2951 kfree_skb(skb); 2952 } 2953 2954 return err; 2955 2956drop: |
| 2956 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name, 2957 code, &hcon->dst); | 2957 bt_dev_err(hcon->hdev, "unexpected SMP command 0x%02x from %pMR", 2958 code, &hcon->dst); |
| 2958 kfree_skb(skb); 2959 return 0; 2960} 2961 2962static void smp_teardown_cb(struct l2cap_chan *chan, int err) 2963{ 2964 struct l2cap_conn *conn = chan->conn; 2965 --- 50 unchanged lines hidden (view full) --- 3016 return; 3017 3018 /* Don't bother if SMP is already ongoing */ 3019 if (chan->data) 3020 return; 3021 3022 smp = smp_chan_create(conn); 3023 if (!smp) { | 2959 kfree_skb(skb); 2960 return 0; 2961} 2962 2963static void smp_teardown_cb(struct l2cap_chan *chan, int err) 2964{ 2965 struct l2cap_conn *conn = chan->conn; 2966 --- 50 unchanged lines hidden (view full) --- 3017 return; 3018 3019 /* Don't bother if SMP is already ongoing */ 3020 if (chan->data) 3021 return; 3022 3023 smp = smp_chan_create(conn); 3024 if (!smp) { |
| 3024 BT_ERR("%s unable to create SMP context for BR/EDR", 3025 hdev->name); | 3025 bt_dev_err(hdev, "unable to create SMP context for BR/EDR"); |
| 3026 return; 3027 } 3028 3029 set_bit(SMP_FLAG_SC, &smp->flags); 3030 3031 BT_DBG("%s starting SMP over BR/EDR", hdev->name); 3032 3033 /* Prepare and send the BR/EDR SMP Pairing Request */ --- 878 unchanged lines hidden --- | 3026 return; 3027 } 3028 3029 set_bit(SMP_FLAG_SC, &smp->flags); 3030 3031 BT_DBG("%s starting SMP over BR/EDR", hdev->name); 3032 3033 /* Prepare and send the BR/EDR SMP Pairing Request */ --- 878 unchanged lines hidden --- |