xref: /openbmc/linux/net/bluetooth/smp.c (revision d22ef0bc83c5a4e7ca9f2791e658dc8949d31ff4) 
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <crypto/b128ops.h>
29 
30 static inline void swap128(u8 src[16], u8 dst[16])
31 {
32 	int i;
33 	for (i = 0; i < 16; i++)
34 		dst[15 - i] = src[i];
35 }
36 
37 static inline void swap56(u8 src[7], u8 dst[7])
38 {
39 	int i;
40 	for (i = 0; i < 7; i++)
41 		dst[6 - i] = src[i];
42 }
43 
44 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
45 {
46 	struct blkcipher_desc desc;
47 	struct scatterlist sg;
48 	int err, iv_len;
49 	unsigned char iv[128];
50 
51 	if (tfm == NULL) {
52 		BT_ERR("tfm %p", tfm);
53 		return -EINVAL;
54 	}
55 
56 	desc.tfm = tfm;
57 	desc.flags = 0;
58 
59 	err = crypto_blkcipher_setkey(tfm, k, 16);
60 	if (err) {
61 		BT_ERR("cipher setkey failed: %d", err);
62 		return err;
63 	}
64 
65 	sg_init_one(&sg, r, 16);
66 
67 	iv_len = crypto_blkcipher_ivsize(tfm);
68 	if (iv_len) {
69 		memset(&iv, 0xff, iv_len);
70 		crypto_blkcipher_set_iv(tfm, iv, iv_len);
71 	}
72 
73 	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
74 	if (err)
75 		BT_ERR("Encrypt data error %d", err);
76 
77 	return err;
78 }
79 
80 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
81 		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
82 		u8 _rat, bdaddr_t *ra, u8 res[16])
83 {
84 	u8 p1[16], p2[16];
85 	int err;
86 
87 	memset(p1, 0, 16);
88 
89 	/* p1 = pres || preq || _rat || _iat */
90 	swap56(pres, p1);
91 	swap56(preq, p1 + 7);
92 	p1[14] = _rat;
93 	p1[15] = _iat;
94 
95 	memset(p2, 0, 16);
96 
97 	/* p2 = padding || ia || ra */
98 	baswap((bdaddr_t *) (p2 + 4), ia);
99 	baswap((bdaddr_t *) (p2 + 10), ra);
100 
101 	/* res = r XOR p1 */
102 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
103 
104 	/* res = e(k, res) */
105 	err = smp_e(tfm, k, res);
106 	if (err) {
107 		BT_ERR("Encrypt data error");
108 		return err;
109 	}
110 
111 	/* res = res XOR p2 */
112 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
113 
114 	/* res = e(k, res) */
115 	err = smp_e(tfm, k, res);
116 	if (err)
117 		BT_ERR("Encrypt data error");
118 
119 	return err;
120 }
121 
122 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
123 			u8 r1[16], u8 r2[16], u8 _r[16])
124 {
125 	int err;
126 
127 	/* Just least significant octets from r1 and r2 are considered */
128 	memcpy(_r, r1 + 8, 8);
129 	memcpy(_r + 8, r2 + 8, 8);
130 
131 	err = smp_e(tfm, k, _r);
132 	if (err)
133 		BT_ERR("Encrypt data error");
134 
135 	return err;
136 }
137 
138 static int smp_rand(u8 *buf)
139 {
140 	get_random_bytes(buf, 16);
141 
142 	return 0;
143 }
144 
145 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
146 						u16 dlen, void *data)
147 {
148 	struct sk_buff *skb;
149 	struct l2cap_hdr *lh;
150 	int len;
151 
152 	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
153 
154 	if (len > conn->mtu)
155 		return NULL;
156 
157 	skb = bt_skb_alloc(len, GFP_ATOMIC);
158 	if (!skb)
159 		return NULL;
160 
161 	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
162 	lh->len = cpu_to_le16(sizeof(code) + dlen);
163 	lh->cid = cpu_to_le16(L2CAP_CID_SMP);
164 
165 	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
166 
167 	memcpy(skb_put(skb, dlen), data, dlen);
168 
169 	return skb;
170 }
171 
172 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
173 {
174 	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
175 
176 	BT_DBG("code 0x%2.2x", code);
177 
178 	if (!skb)
179 		return;
180 
181 	hci_send_acl(conn->hcon, skb, 0);
182 }
183 
184 static void smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
185 {
186 	struct smp_cmd_pairing *rp = (void *) skb->data;
187 
188 	BT_DBG("conn %p", conn);
189 
190 	skb_pull(skb, sizeof(*rp));
191 
192 	rp->io_capability = 0x00;
193 	rp->oob_flag = 0x00;
194 	rp->max_key_size = 16;
195 	rp->init_key_dist = 0x00;
196 	rp->resp_key_dist = 0x00;
197 	rp->auth_req &= (SMP_AUTH_BONDING | SMP_AUTH_MITM);
198 
199 	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(*rp), rp);
200 }
201 
202 static void smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
203 {
204 	struct smp_cmd_pairing_confirm cp;
205 
206 	BT_DBG("conn %p", conn);
207 
208 	memset(&cp, 0, sizeof(cp));
209 
210 	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
211 }
212 
213 static void smp_cmd_pairing_confirm(struct l2cap_conn *conn,
214 							struct sk_buff *skb)
215 {
216 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
217 
218 	if (conn->hcon->out) {
219 		struct smp_cmd_pairing_random random;
220 
221 		memset(&random, 0, sizeof(random));
222 
223 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
224 								&random);
225 	} else {
226 		struct smp_cmd_pairing_confirm confirm;
227 
228 		memset(&confirm, 0, sizeof(confirm));
229 
230 		smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(confirm),
231 								&confirm);
232 	}
233 }
234 
235 static void smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
236 {
237 	struct smp_cmd_pairing_random cp;
238 
239 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
240 
241 	skb_pull(skb, sizeof(cp));
242 
243 	if (conn->hcon->out) {
244 		/* FIXME: start encryption */
245 	} else {
246 		memset(&cp, 0, sizeof(cp));
247 
248 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(cp), &cp);
249 	}
250 }
251 
252 static void smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
253 {
254 	struct smp_cmd_security_req *rp = (void *) skb->data;
255 	struct smp_cmd_pairing cp;
256 
257 	BT_DBG("conn %p", conn);
258 
259 	skb_pull(skb, sizeof(*rp));
260 	memset(&cp, 0, sizeof(cp));
261 
262 	cp.io_capability = 0x00;
263 	cp.oob_flag = 0x00;
264 	cp.max_key_size = 16;
265 	cp.init_key_dist = 0x00;
266 	cp.resp_key_dist = 0x00;
267 	cp.auth_req = rp->auth_req & (SMP_AUTH_BONDING | SMP_AUTH_MITM);
268 
269 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
270 }
271 
272 int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
273 {
274 	struct hci_conn *hcon = conn->hcon;
275 	__u8 authreq;
276 
277 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
278 
279 	if (IS_ERR(hcon->hdev->tfm))
280 		return 1;
281 
282 	switch (sec_level) {
283 	case BT_SECURITY_MEDIUM:
284 		/* Encrypted, no MITM protection */
285 		authreq = HCI_AT_NO_BONDING_MITM;
286 		break;
287 
288 	case BT_SECURITY_HIGH:
289 		/* Bonding, MITM protection */
290 		authreq = HCI_AT_GENERAL_BONDING_MITM;
291 		break;
292 
293 	case BT_SECURITY_LOW:
294 	default:
295 		return 1;
296 	}
297 
298 	if (hcon->link_mode & HCI_LM_MASTER) {
299 		struct smp_cmd_pairing cp;
300 		cp.io_capability = 0x00;
301 		cp.oob_flag = 0x00;
302 		cp.max_key_size = 16;
303 		cp.init_key_dist = 0x00;
304 		cp.resp_key_dist = 0x00;
305 		cp.auth_req = authreq;
306 		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
307 	} else {
308 		struct smp_cmd_security_req cp;
309 		cp.auth_req = authreq;
310 		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
311 	}
312 
313 	return 0;
314 }
315 
316 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
317 {
318 	__u8 code = skb->data[0];
319 	__u8 reason;
320 	int err = 0;
321 
322 	if (IS_ERR(conn->hcon->hdev->tfm)) {
323 		err = PTR_ERR(conn->hcon->hdev->tfm);
324 		reason = SMP_PAIRING_NOTSUPP;
325 		goto done;
326 	}
327 
328 	skb_pull(skb, sizeof(code));
329 
330 	switch (code) {
331 	case SMP_CMD_PAIRING_REQ:
332 		smp_cmd_pairing_req(conn, skb);
333 		break;
334 
335 	case SMP_CMD_PAIRING_FAIL:
336 		break;
337 
338 	case SMP_CMD_PAIRING_RSP:
339 		smp_cmd_pairing_rsp(conn, skb);
340 		break;
341 
342 	case SMP_CMD_SECURITY_REQ:
343 		smp_cmd_security_req(conn, skb);
344 		break;
345 
346 	case SMP_CMD_PAIRING_CONFIRM:
347 		smp_cmd_pairing_confirm(conn, skb);
348 		break;
349 
350 	case SMP_CMD_PAIRING_RANDOM:
351 		smp_cmd_pairing_random(conn, skb);
352 		break;
353 
354 	case SMP_CMD_ENCRYPT_INFO:
355 	case SMP_CMD_MASTER_IDENT:
356 	case SMP_CMD_IDENT_INFO:
357 	case SMP_CMD_IDENT_ADDR_INFO:
358 	case SMP_CMD_SIGN_INFO:
359 	default:
360 		BT_DBG("Unknown command code 0x%2.2x", code);
361 
362 		reason = SMP_CMD_NOTSUPP;
363 		err = -EOPNOTSUPP;
364 		goto done;
365 	}
366 
367 done:
368 	if (reason)
369 		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
370 								&reason);
371 
372 	kfree_skb(skb);
373 	return err;
374 }
375