1eb492e01SAnderson Briglia /* 2eb492e01SAnderson Briglia BlueZ - Bluetooth protocol stack for Linux 3eb492e01SAnderson Briglia Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4eb492e01SAnderson Briglia 5eb492e01SAnderson Briglia This program is free software; you can redistribute it and/or modify 6eb492e01SAnderson Briglia it under the terms of the GNU General Public License version 2 as 7eb492e01SAnderson Briglia published by the Free Software Foundation; 8eb492e01SAnderson Briglia 9eb492e01SAnderson Briglia THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10eb492e01SAnderson Briglia OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11eb492e01SAnderson Briglia FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12eb492e01SAnderson Briglia IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13eb492e01SAnderson Briglia CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14eb492e01SAnderson Briglia WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15eb492e01SAnderson Briglia ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16eb492e01SAnderson Briglia OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17eb492e01SAnderson Briglia 18eb492e01SAnderson Briglia ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19eb492e01SAnderson Briglia COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20eb492e01SAnderson Briglia SOFTWARE IS DISCLAIMED. 21eb492e01SAnderson Briglia */ 22eb492e01SAnderson Briglia 238c520a59SGustavo Padovan #include <linux/crypto.h> 248c520a59SGustavo Padovan #include <linux/scatterlist.h> 258c520a59SGustavo Padovan #include <crypto/b128ops.h> 268c520a59SGustavo Padovan 27eb492e01SAnderson Briglia #include <net/bluetooth/bluetooth.h> 28eb492e01SAnderson Briglia #include <net/bluetooth/hci_core.h> 29eb492e01SAnderson Briglia #include <net/bluetooth/l2cap.h> 302b64d153SBrian Gix #include <net/bluetooth/mgmt.h> 31ac4b7236SMarcel Holtmann 323b19146dSJohan Hedberg #include "ecc.h" 33ac4b7236SMarcel Holtmann #include "smp.h" 34d22ef0bcSAnderson Briglia 35b28b4943SJohan Hedberg #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) 36b28b4943SJohan Hedberg 373b19146dSJohan Hedberg /* Keys which are not distributed with Secure Connections */ 383b19146dSJohan Hedberg #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY); 393b19146dSJohan Hedberg 4017b02e62SMarcel Holtmann #define SMP_TIMEOUT msecs_to_jiffies(30000) 415d3de7dfSVinicius Costa Gomes 420edb14deSJohan Hedberg #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \ 430edb14deSJohan Hedberg 0x1f : 0x07) 4488d3a8acSJohan Hedberg #define KEY_DIST_MASK 0x07 45065a13e2SJohan Hedberg 46cbbbe3e2SJohan Hedberg /* Maximum message length that can be passed to aes_cmac */ 47cbbbe3e2SJohan Hedberg #define CMAC_MSG_MAX 80 48cbbbe3e2SJohan Hedberg 49533e35d4SJohan Hedberg enum { 50533e35d4SJohan Hedberg SMP_FLAG_TK_VALID, 51533e35d4SJohan Hedberg SMP_FLAG_CFM_PENDING, 52533e35d4SJohan Hedberg SMP_FLAG_MITM_AUTH, 53533e35d4SJohan Hedberg SMP_FLAG_COMPLETE, 54533e35d4SJohan Hedberg SMP_FLAG_INITIATOR, 5565668776SJohan Hedberg SMP_FLAG_SC, 56d8f8edbeSJohan Hedberg SMP_FLAG_REMOTE_PK, 57aeb7d461SJohan Hedberg SMP_FLAG_DEBUG_KEY, 5838606f14SJohan Hedberg SMP_FLAG_WAIT_USER, 59d3e54a87SJohan Hedberg SMP_FLAG_DHKEY_PENDING, 60*02b05bd8SJohan Hedberg SMP_FLAG_OOB, 61533e35d4SJohan Hedberg }; 624bc58f51SJohan Hedberg 634bc58f51SJohan Hedberg struct smp_chan { 644bc58f51SJohan Hedberg struct l2cap_conn *conn; 65b68fda68SJohan Hedberg struct delayed_work security_timer; 66b28b4943SJohan Hedberg unsigned long allow_cmd; /* Bitmask of allowed commands */ 67b68fda68SJohan Hedberg 684bc58f51SJohan Hedberg u8 preq[7]; /* SMP Pairing Request */ 694bc58f51SJohan Hedberg u8 prsp[7]; /* SMP Pairing Response */ 704bc58f51SJohan Hedberg u8 prnd[16]; /* SMP Pairing Random (local) */ 714bc58f51SJohan Hedberg u8 rrnd[16]; /* SMP Pairing Random (remote) */ 724bc58f51SJohan Hedberg u8 pcnf[16]; /* SMP Pairing Confirm */ 734bc58f51SJohan Hedberg u8 tk[16]; /* SMP Temporary Key */ 744bc58f51SJohan Hedberg u8 enc_key_size; 754bc58f51SJohan Hedberg u8 remote_key_dist; 764bc58f51SJohan Hedberg bdaddr_t id_addr; 774bc58f51SJohan Hedberg u8 id_addr_type; 784bc58f51SJohan Hedberg u8 irk[16]; 794bc58f51SJohan Hedberg struct smp_csrk *csrk; 804bc58f51SJohan Hedberg struct smp_csrk *slave_csrk; 814bc58f51SJohan Hedberg struct smp_ltk *ltk; 824bc58f51SJohan Hedberg struct smp_ltk *slave_ltk; 834bc58f51SJohan Hedberg struct smp_irk *remote_irk; 846a77083aSJohan Hedberg u8 *link_key; 854a74d658SJohan Hedberg unsigned long flags; 86783e0574SJohan Hedberg u8 method; 8738606f14SJohan Hedberg u8 passkey_round; 886a7bd103SJohan Hedberg 893b19146dSJohan Hedberg /* Secure Connections variables */ 903b19146dSJohan Hedberg u8 local_pk[64]; 913b19146dSJohan Hedberg u8 local_sk[32]; 92d8f8edbeSJohan Hedberg u8 remote_pk[64]; 93d8f8edbeSJohan Hedberg u8 dhkey[32]; 94760b018bSJohan Hedberg u8 mackey[16]; 953b19146dSJohan Hedberg 966a7bd103SJohan Hedberg struct crypto_blkcipher *tfm_aes; 97407cecf6SJohan Hedberg struct crypto_hash *tfm_cmac; 984bc58f51SJohan Hedberg }; 994bc58f51SJohan Hedberg 100aeb7d461SJohan Hedberg /* These debug key values are defined in the SMP section of the core 101aeb7d461SJohan Hedberg * specification. debug_pk is the public debug key and debug_sk the 102aeb7d461SJohan Hedberg * private debug key. 103aeb7d461SJohan Hedberg */ 104aeb7d461SJohan Hedberg static const u8 debug_pk[64] = { 105aeb7d461SJohan Hedberg 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc, 106aeb7d461SJohan Hedberg 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef, 107aeb7d461SJohan Hedberg 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e, 108aeb7d461SJohan Hedberg 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20, 109aeb7d461SJohan Hedberg 110aeb7d461SJohan Hedberg 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74, 111aeb7d461SJohan Hedberg 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76, 112aeb7d461SJohan Hedberg 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63, 113aeb7d461SJohan Hedberg 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc, 114aeb7d461SJohan Hedberg }; 115aeb7d461SJohan Hedberg 116aeb7d461SJohan Hedberg static const u8 debug_sk[32] = { 117aeb7d461SJohan Hedberg 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58, 118aeb7d461SJohan Hedberg 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a, 119aeb7d461SJohan Hedberg 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74, 120aeb7d461SJohan Hedberg 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f, 121aeb7d461SJohan Hedberg }; 122aeb7d461SJohan Hedberg 1238a2936f4SJohan Hedberg static inline void swap_buf(const u8 *src, u8 *dst, size_t len) 124d22ef0bcSAnderson Briglia { 1258a2936f4SJohan Hedberg size_t i; 126d22ef0bcSAnderson Briglia 1278a2936f4SJohan Hedberg for (i = 0; i < len; i++) 1288a2936f4SJohan Hedberg dst[len - 1 - i] = src[i]; 129d22ef0bcSAnderson Briglia } 130d22ef0bcSAnderson Briglia 131cbbbe3e2SJohan Hedberg static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m, 132cbbbe3e2SJohan Hedberg size_t len, u8 mac[16]) 133cbbbe3e2SJohan Hedberg { 134cbbbe3e2SJohan Hedberg uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX]; 135cbbbe3e2SJohan Hedberg struct hash_desc desc; 136cbbbe3e2SJohan Hedberg struct scatterlist sg; 137cbbbe3e2SJohan Hedberg int err; 138cbbbe3e2SJohan Hedberg 139cbbbe3e2SJohan Hedberg if (len > CMAC_MSG_MAX) 140cbbbe3e2SJohan Hedberg return -EFBIG; 141cbbbe3e2SJohan Hedberg 142cbbbe3e2SJohan Hedberg if (!tfm) { 143cbbbe3e2SJohan Hedberg BT_ERR("tfm %p", tfm); 144cbbbe3e2SJohan Hedberg return -EINVAL; 145cbbbe3e2SJohan Hedberg } 146cbbbe3e2SJohan Hedberg 147cbbbe3e2SJohan Hedberg desc.tfm = tfm; 148cbbbe3e2SJohan Hedberg desc.flags = 0; 149cbbbe3e2SJohan Hedberg 150cbbbe3e2SJohan Hedberg crypto_hash_init(&desc); 151cbbbe3e2SJohan Hedberg 152cbbbe3e2SJohan Hedberg /* Swap key and message from LSB to MSB */ 153cbbbe3e2SJohan Hedberg swap_buf(k, tmp, 16); 154cbbbe3e2SJohan Hedberg swap_buf(m, msg_msb, len); 155cbbbe3e2SJohan Hedberg 156cbbbe3e2SJohan Hedberg BT_DBG("msg (len %zu) %*phN", len, (int) len, m); 157cbbbe3e2SJohan Hedberg BT_DBG("key %16phN", k); 158cbbbe3e2SJohan Hedberg 159cbbbe3e2SJohan Hedberg err = crypto_hash_setkey(tfm, tmp, 16); 160cbbbe3e2SJohan Hedberg if (err) { 161cbbbe3e2SJohan Hedberg BT_ERR("cipher setkey failed: %d", err); 162cbbbe3e2SJohan Hedberg return err; 163cbbbe3e2SJohan Hedberg } 164cbbbe3e2SJohan Hedberg 165cbbbe3e2SJohan Hedberg sg_init_one(&sg, msg_msb, len); 166cbbbe3e2SJohan Hedberg 167cbbbe3e2SJohan Hedberg err = crypto_hash_update(&desc, &sg, len); 168cbbbe3e2SJohan Hedberg if (err) { 169cbbbe3e2SJohan Hedberg BT_ERR("Hash update error %d", err); 170cbbbe3e2SJohan Hedberg return err; 171cbbbe3e2SJohan Hedberg } 172cbbbe3e2SJohan Hedberg 173cbbbe3e2SJohan Hedberg err = crypto_hash_final(&desc, mac_msb); 174cbbbe3e2SJohan Hedberg if (err) { 175cbbbe3e2SJohan Hedberg BT_ERR("Hash final error %d", err); 176cbbbe3e2SJohan Hedberg return err; 177cbbbe3e2SJohan Hedberg } 178cbbbe3e2SJohan Hedberg 179cbbbe3e2SJohan Hedberg swap_buf(mac_msb, mac, 16); 180cbbbe3e2SJohan Hedberg 181cbbbe3e2SJohan Hedberg BT_DBG("mac %16phN", mac); 182cbbbe3e2SJohan Hedberg 183cbbbe3e2SJohan Hedberg return 0; 184cbbbe3e2SJohan Hedberg } 185cbbbe3e2SJohan Hedberg 186cbbbe3e2SJohan Hedberg static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32], 187cbbbe3e2SJohan Hedberg const u8 x[16], u8 z, u8 res[16]) 188cbbbe3e2SJohan Hedberg { 189cbbbe3e2SJohan Hedberg u8 m[65]; 190cbbbe3e2SJohan Hedberg int err; 191cbbbe3e2SJohan Hedberg 192cbbbe3e2SJohan Hedberg BT_DBG("u %32phN", u); 193cbbbe3e2SJohan Hedberg BT_DBG("v %32phN", v); 194cbbbe3e2SJohan Hedberg BT_DBG("x %16phN z %02x", x, z); 195cbbbe3e2SJohan Hedberg 196cbbbe3e2SJohan Hedberg m[0] = z; 197cbbbe3e2SJohan Hedberg memcpy(m + 1, v, 32); 198cbbbe3e2SJohan Hedberg memcpy(m + 33, u, 32); 199cbbbe3e2SJohan Hedberg 200cbbbe3e2SJohan Hedberg err = aes_cmac(tfm_cmac, x, m, sizeof(m), res); 201cbbbe3e2SJohan Hedberg if (err) 202cbbbe3e2SJohan Hedberg return err; 203cbbbe3e2SJohan Hedberg 204cbbbe3e2SJohan Hedberg BT_DBG("res %16phN", res); 205cbbbe3e2SJohan Hedberg 206cbbbe3e2SJohan Hedberg return err; 207cbbbe3e2SJohan Hedberg } 208cbbbe3e2SJohan Hedberg 209760b018bSJohan Hedberg static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16], 210760b018bSJohan Hedberg u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16]) 211760b018bSJohan Hedberg { 212760b018bSJohan Hedberg /* The btle, salt and length "magic" values are as defined in 213760b018bSJohan Hedberg * the SMP section of the Bluetooth core specification. In ASCII 214760b018bSJohan Hedberg * the btle value ends up being 'btle'. The salt is just a 215760b018bSJohan Hedberg * random number whereas length is the value 256 in little 216760b018bSJohan Hedberg * endian format. 217760b018bSJohan Hedberg */ 218760b018bSJohan Hedberg const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 }; 219760b018bSJohan Hedberg const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60, 220760b018bSJohan Hedberg 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c }; 221760b018bSJohan Hedberg const u8 length[2] = { 0x00, 0x01 }; 222760b018bSJohan Hedberg u8 m[53], t[16]; 223760b018bSJohan Hedberg int err; 224760b018bSJohan Hedberg 225760b018bSJohan Hedberg BT_DBG("w %32phN", w); 226760b018bSJohan Hedberg BT_DBG("n1 %16phN n2 %16phN", n1, n2); 227760b018bSJohan Hedberg BT_DBG("a1 %7phN a2 %7phN", a1, a2); 228760b018bSJohan Hedberg 229760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, salt, w, 32, t); 230760b018bSJohan Hedberg if (err) 231760b018bSJohan Hedberg return err; 232760b018bSJohan Hedberg 233760b018bSJohan Hedberg BT_DBG("t %16phN", t); 234760b018bSJohan Hedberg 235760b018bSJohan Hedberg memcpy(m, length, 2); 236760b018bSJohan Hedberg memcpy(m + 2, a2, 7); 237760b018bSJohan Hedberg memcpy(m + 9, a1, 7); 238760b018bSJohan Hedberg memcpy(m + 16, n2, 16); 239760b018bSJohan Hedberg memcpy(m + 32, n1, 16); 240760b018bSJohan Hedberg memcpy(m + 48, btle, 4); 241760b018bSJohan Hedberg 242760b018bSJohan Hedberg m[52] = 0; /* Counter */ 243760b018bSJohan Hedberg 244760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey); 245760b018bSJohan Hedberg if (err) 246760b018bSJohan Hedberg return err; 247760b018bSJohan Hedberg 248760b018bSJohan Hedberg BT_DBG("mackey %16phN", mackey); 249760b018bSJohan Hedberg 250760b018bSJohan Hedberg m[52] = 1; /* Counter */ 251760b018bSJohan Hedberg 252760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk); 253760b018bSJohan Hedberg if (err) 254760b018bSJohan Hedberg return err; 255760b018bSJohan Hedberg 256760b018bSJohan Hedberg BT_DBG("ltk %16phN", ltk); 257760b018bSJohan Hedberg 258760b018bSJohan Hedberg return 0; 259760b018bSJohan Hedberg } 260760b018bSJohan Hedberg 261760b018bSJohan Hedberg static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16], 262760b018bSJohan Hedberg const u8 n1[16], u8 n2[16], const u8 r[16], 263760b018bSJohan Hedberg const u8 io_cap[3], const u8 a1[7], const u8 a2[7], 264760b018bSJohan Hedberg u8 res[16]) 265760b018bSJohan Hedberg { 266760b018bSJohan Hedberg u8 m[65]; 267760b018bSJohan Hedberg int err; 268760b018bSJohan Hedberg 269760b018bSJohan Hedberg BT_DBG("w %16phN", w); 270760b018bSJohan Hedberg BT_DBG("n1 %16phN n2 %16phN", n1, n2); 271760b018bSJohan Hedberg BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2); 272760b018bSJohan Hedberg 273760b018bSJohan Hedberg memcpy(m, a2, 7); 274760b018bSJohan Hedberg memcpy(m + 7, a1, 7); 275760b018bSJohan Hedberg memcpy(m + 14, io_cap, 3); 276760b018bSJohan Hedberg memcpy(m + 17, r, 16); 277760b018bSJohan Hedberg memcpy(m + 33, n2, 16); 278760b018bSJohan Hedberg memcpy(m + 49, n1, 16); 279760b018bSJohan Hedberg 280760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, w, m, sizeof(m), res); 281760b018bSJohan Hedberg if (err) 282760b018bSJohan Hedberg return err; 283760b018bSJohan Hedberg 284760b018bSJohan Hedberg BT_DBG("res %16phN", res); 285760b018bSJohan Hedberg 286760b018bSJohan Hedberg return err; 287760b018bSJohan Hedberg } 288760b018bSJohan Hedberg 289191dc7feSJohan Hedberg static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32], 290191dc7feSJohan Hedberg const u8 x[16], const u8 y[16], u32 *val) 291191dc7feSJohan Hedberg { 292191dc7feSJohan Hedberg u8 m[80], tmp[16]; 293191dc7feSJohan Hedberg int err; 294191dc7feSJohan Hedberg 295191dc7feSJohan Hedberg BT_DBG("u %32phN", u); 296191dc7feSJohan Hedberg BT_DBG("v %32phN", v); 297191dc7feSJohan Hedberg BT_DBG("x %16phN y %16phN", x, y); 298191dc7feSJohan Hedberg 299191dc7feSJohan Hedberg memcpy(m, y, 16); 300191dc7feSJohan Hedberg memcpy(m + 16, v, 32); 301191dc7feSJohan Hedberg memcpy(m + 48, u, 32); 302191dc7feSJohan Hedberg 303191dc7feSJohan Hedberg err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp); 304191dc7feSJohan Hedberg if (err) 305191dc7feSJohan Hedberg return err; 306191dc7feSJohan Hedberg 307191dc7feSJohan Hedberg *val = get_unaligned_le32(tmp); 308191dc7feSJohan Hedberg *val %= 1000000; 309191dc7feSJohan Hedberg 310191dc7feSJohan Hedberg BT_DBG("val %06u", *val); 311191dc7feSJohan Hedberg 312191dc7feSJohan Hedberg return 0; 313191dc7feSJohan Hedberg } 314191dc7feSJohan Hedberg 315d22ef0bcSAnderson Briglia static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 316d22ef0bcSAnderson Briglia { 317d22ef0bcSAnderson Briglia struct blkcipher_desc desc; 318d22ef0bcSAnderson Briglia struct scatterlist sg; 319943a732aSJohan Hedberg uint8_t tmp[16], data[16]; 320201a5929SJohan Hedberg int err; 321d22ef0bcSAnderson Briglia 322d22ef0bcSAnderson Briglia if (tfm == NULL) { 323d22ef0bcSAnderson Briglia BT_ERR("tfm %p", tfm); 324d22ef0bcSAnderson Briglia return -EINVAL; 325d22ef0bcSAnderson Briglia } 326d22ef0bcSAnderson Briglia 327d22ef0bcSAnderson Briglia desc.tfm = tfm; 328d22ef0bcSAnderson Briglia desc.flags = 0; 329d22ef0bcSAnderson Briglia 330943a732aSJohan Hedberg /* The most significant octet of key corresponds to k[0] */ 3318a2936f4SJohan Hedberg swap_buf(k, tmp, 16); 332943a732aSJohan Hedberg 333943a732aSJohan Hedberg err = crypto_blkcipher_setkey(tfm, tmp, 16); 334d22ef0bcSAnderson Briglia if (err) { 335d22ef0bcSAnderson Briglia BT_ERR("cipher setkey failed: %d", err); 336d22ef0bcSAnderson Briglia return err; 337d22ef0bcSAnderson Briglia } 338d22ef0bcSAnderson Briglia 339943a732aSJohan Hedberg /* Most significant octet of plaintextData corresponds to data[0] */ 3408a2936f4SJohan Hedberg swap_buf(r, data, 16); 341943a732aSJohan Hedberg 342943a732aSJohan Hedberg sg_init_one(&sg, data, 16); 343d22ef0bcSAnderson Briglia 344d22ef0bcSAnderson Briglia err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 345d22ef0bcSAnderson Briglia if (err) 346d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error %d", err); 347d22ef0bcSAnderson Briglia 348943a732aSJohan Hedberg /* Most significant octet of encryptedData corresponds to data[0] */ 3498a2936f4SJohan Hedberg swap_buf(data, r, 16); 350943a732aSJohan Hedberg 351d22ef0bcSAnderson Briglia return err; 352d22ef0bcSAnderson Briglia } 353d22ef0bcSAnderson Briglia 3546a77083aSJohan Hedberg static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16], 3556a77083aSJohan Hedberg const u8 key_id[4], u8 res[16]) 3566a77083aSJohan Hedberg { 3576a77083aSJohan Hedberg int err; 3586a77083aSJohan Hedberg 3596a77083aSJohan Hedberg BT_DBG("w %16phN key_id %4phN", w, key_id); 3606a77083aSJohan Hedberg 3616a77083aSJohan Hedberg err = aes_cmac(tfm_cmac, w, key_id, 4, res); 3626a77083aSJohan Hedberg if (err) 3636a77083aSJohan Hedberg return err; 3646a77083aSJohan Hedberg 3656a77083aSJohan Hedberg BT_DBG("res %16phN", res); 3666a77083aSJohan Hedberg 3676a77083aSJohan Hedberg return err; 3686a77083aSJohan Hedberg } 3696a77083aSJohan Hedberg 37060478054SJohan Hedberg static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) 37160478054SJohan Hedberg { 372943a732aSJohan Hedberg u8 _res[16]; 37360478054SJohan Hedberg int err; 37460478054SJohan Hedberg 37560478054SJohan Hedberg /* r' = padding || r */ 376943a732aSJohan Hedberg memcpy(_res, r, 3); 377943a732aSJohan Hedberg memset(_res + 3, 0, 13); 37860478054SJohan Hedberg 379943a732aSJohan Hedberg err = smp_e(tfm, irk, _res); 38060478054SJohan Hedberg if (err) { 38160478054SJohan Hedberg BT_ERR("Encrypt error"); 38260478054SJohan Hedberg return err; 38360478054SJohan Hedberg } 38460478054SJohan Hedberg 38560478054SJohan Hedberg /* The output of the random address function ah is: 38660478054SJohan Hedberg * ah(h, r) = e(k, r') mod 2^24 38760478054SJohan Hedberg * The output of the security function e is then truncated to 24 bits 38860478054SJohan Hedberg * by taking the least significant 24 bits of the output of e as the 38960478054SJohan Hedberg * result of ah. 39060478054SJohan Hedberg */ 391943a732aSJohan Hedberg memcpy(res, _res, 3); 39260478054SJohan Hedberg 39360478054SJohan Hedberg return 0; 39460478054SJohan Hedberg } 39560478054SJohan Hedberg 396defce9e8SJohan Hedberg bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr) 39760478054SJohan Hedberg { 398defce9e8SJohan Hedberg struct l2cap_chan *chan = hdev->smp_data; 399defce9e8SJohan Hedberg struct crypto_blkcipher *tfm; 40060478054SJohan Hedberg u8 hash[3]; 40160478054SJohan Hedberg int err; 40260478054SJohan Hedberg 403defce9e8SJohan Hedberg if (!chan || !chan->data) 404defce9e8SJohan Hedberg return false; 405defce9e8SJohan Hedberg 406defce9e8SJohan Hedberg tfm = chan->data; 407defce9e8SJohan Hedberg 40860478054SJohan Hedberg BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); 40960478054SJohan Hedberg 41060478054SJohan Hedberg err = smp_ah(tfm, irk, &bdaddr->b[3], hash); 41160478054SJohan Hedberg if (err) 41260478054SJohan Hedberg return false; 41360478054SJohan Hedberg 41460478054SJohan Hedberg return !memcmp(bdaddr->b, hash, 3); 41560478054SJohan Hedberg } 41660478054SJohan Hedberg 417defce9e8SJohan Hedberg int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa) 418b1e2b3aeSJohan Hedberg { 419defce9e8SJohan Hedberg struct l2cap_chan *chan = hdev->smp_data; 420defce9e8SJohan Hedberg struct crypto_blkcipher *tfm; 421b1e2b3aeSJohan Hedberg int err; 422b1e2b3aeSJohan Hedberg 423defce9e8SJohan Hedberg if (!chan || !chan->data) 424defce9e8SJohan Hedberg return -EOPNOTSUPP; 425defce9e8SJohan Hedberg 426defce9e8SJohan Hedberg tfm = chan->data; 427defce9e8SJohan Hedberg 428b1e2b3aeSJohan Hedberg get_random_bytes(&rpa->b[3], 3); 429b1e2b3aeSJohan Hedberg 430b1e2b3aeSJohan Hedberg rpa->b[5] &= 0x3f; /* Clear two most significant bits */ 431b1e2b3aeSJohan Hedberg rpa->b[5] |= 0x40; /* Set second most significant bit */ 432b1e2b3aeSJohan Hedberg 433b1e2b3aeSJohan Hedberg err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); 434b1e2b3aeSJohan Hedberg if (err < 0) 435b1e2b3aeSJohan Hedberg return err; 436b1e2b3aeSJohan Hedberg 437b1e2b3aeSJohan Hedberg BT_DBG("RPA %pMR", rpa); 438b1e2b3aeSJohan Hedberg 439b1e2b3aeSJohan Hedberg return 0; 440b1e2b3aeSJohan Hedberg } 441b1e2b3aeSJohan Hedberg 442e491eaf3SJohan Hedberg static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16], 443e491eaf3SJohan Hedberg u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, 444e491eaf3SJohan Hedberg bdaddr_t *ra, u8 res[16]) 445d22ef0bcSAnderson Briglia { 446d22ef0bcSAnderson Briglia u8 p1[16], p2[16]; 447d22ef0bcSAnderson Briglia int err; 448d22ef0bcSAnderson Briglia 449d22ef0bcSAnderson Briglia memset(p1, 0, 16); 450d22ef0bcSAnderson Briglia 451d22ef0bcSAnderson Briglia /* p1 = pres || preq || _rat || _iat */ 452943a732aSJohan Hedberg p1[0] = _iat; 453943a732aSJohan Hedberg p1[1] = _rat; 454943a732aSJohan Hedberg memcpy(p1 + 2, preq, 7); 455943a732aSJohan Hedberg memcpy(p1 + 9, pres, 7); 456d22ef0bcSAnderson Briglia 457d22ef0bcSAnderson Briglia /* p2 = padding || ia || ra */ 458943a732aSJohan Hedberg memcpy(p2, ra, 6); 459943a732aSJohan Hedberg memcpy(p2 + 6, ia, 6); 460943a732aSJohan Hedberg memset(p2 + 12, 0, 4); 461d22ef0bcSAnderson Briglia 462d22ef0bcSAnderson Briglia /* res = r XOR p1 */ 463d22ef0bcSAnderson Briglia u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); 464d22ef0bcSAnderson Briglia 465d22ef0bcSAnderson Briglia /* res = e(k, res) */ 466e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, res); 467d22ef0bcSAnderson Briglia if (err) { 468d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 469d22ef0bcSAnderson Briglia return err; 470d22ef0bcSAnderson Briglia } 471d22ef0bcSAnderson Briglia 472d22ef0bcSAnderson Briglia /* res = res XOR p2 */ 473d22ef0bcSAnderson Briglia u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); 474d22ef0bcSAnderson Briglia 475d22ef0bcSAnderson Briglia /* res = e(k, res) */ 476e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, res); 477d22ef0bcSAnderson Briglia if (err) 478d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 479d22ef0bcSAnderson Briglia 480d22ef0bcSAnderson Briglia return err; 481d22ef0bcSAnderson Briglia } 482d22ef0bcSAnderson Briglia 483e491eaf3SJohan Hedberg static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16], 484e491eaf3SJohan Hedberg u8 r2[16], u8 _r[16]) 485d22ef0bcSAnderson Briglia { 486d22ef0bcSAnderson Briglia int err; 487d22ef0bcSAnderson Briglia 488d22ef0bcSAnderson Briglia /* Just least significant octets from r1 and r2 are considered */ 489943a732aSJohan Hedberg memcpy(_r, r2, 8); 490943a732aSJohan Hedberg memcpy(_r + 8, r1, 8); 491d22ef0bcSAnderson Briglia 492e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, _r); 493d22ef0bcSAnderson Briglia if (err) 494d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 495d22ef0bcSAnderson Briglia 496d22ef0bcSAnderson Briglia return err; 497d22ef0bcSAnderson Briglia } 498d22ef0bcSAnderson Briglia 499eb492e01SAnderson Briglia static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 500eb492e01SAnderson Briglia { 5015d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 502b68fda68SJohan Hedberg struct smp_chan *smp; 5035d88cc73SJohan Hedberg struct kvec iv[2]; 5045d88cc73SJohan Hedberg struct msghdr msg; 5055d88cc73SJohan Hedberg 5065d88cc73SJohan Hedberg if (!chan) 5075d88cc73SJohan Hedberg return; 508eb492e01SAnderson Briglia 509eb492e01SAnderson Briglia BT_DBG("code 0x%2.2x", code); 510eb492e01SAnderson Briglia 5115d88cc73SJohan Hedberg iv[0].iov_base = &code; 5125d88cc73SJohan Hedberg iv[0].iov_len = 1; 513eb492e01SAnderson Briglia 5145d88cc73SJohan Hedberg iv[1].iov_base = data; 5155d88cc73SJohan Hedberg iv[1].iov_len = len; 5165d88cc73SJohan Hedberg 5175d88cc73SJohan Hedberg memset(&msg, 0, sizeof(msg)); 5185d88cc73SJohan Hedberg 5195d88cc73SJohan Hedberg msg.msg_iov = (struct iovec *) &iv; 5205d88cc73SJohan Hedberg msg.msg_iovlen = 2; 5215d88cc73SJohan Hedberg 5225d88cc73SJohan Hedberg l2cap_chan_send(chan, &msg, 1 + len); 523e2dcd113SVinicius Costa Gomes 524b68fda68SJohan Hedberg if (!chan->data) 525b68fda68SJohan Hedberg return; 526b68fda68SJohan Hedberg 527b68fda68SJohan Hedberg smp = chan->data; 528b68fda68SJohan Hedberg 529b68fda68SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 530b68fda68SJohan Hedberg schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); 531eb492e01SAnderson Briglia } 532eb492e01SAnderson Briglia 533d2eb9e10SJohan Hedberg static u8 authreq_to_seclevel(u8 authreq) 5342b64d153SBrian Gix { 535d2eb9e10SJohan Hedberg if (authreq & SMP_AUTH_MITM) { 536d2eb9e10SJohan Hedberg if (authreq & SMP_AUTH_SC) 537d2eb9e10SJohan Hedberg return BT_SECURITY_FIPS; 5382b64d153SBrian Gix else 539d2eb9e10SJohan Hedberg return BT_SECURITY_HIGH; 540d2eb9e10SJohan Hedberg } else { 5412b64d153SBrian Gix return BT_SECURITY_MEDIUM; 5422b64d153SBrian Gix } 543d2eb9e10SJohan Hedberg } 5442b64d153SBrian Gix 5452b64d153SBrian Gix static __u8 seclevel_to_authreq(__u8 sec_level) 5462b64d153SBrian Gix { 5472b64d153SBrian Gix switch (sec_level) { 548d2eb9e10SJohan Hedberg case BT_SECURITY_FIPS: 5492b64d153SBrian Gix case BT_SECURITY_HIGH: 5502b64d153SBrian Gix return SMP_AUTH_MITM | SMP_AUTH_BONDING; 5512b64d153SBrian Gix case BT_SECURITY_MEDIUM: 5522b64d153SBrian Gix return SMP_AUTH_BONDING; 5532b64d153SBrian Gix default: 5542b64d153SBrian Gix return SMP_AUTH_NONE; 5552b64d153SBrian Gix } 5562b64d153SBrian Gix } 5572b64d153SBrian Gix 558b8e66eacSVinicius Costa Gomes static void build_pairing_cmd(struct l2cap_conn *conn, 55954790f73SVinicius Costa Gomes struct smp_cmd_pairing *req, 560f1560463SMarcel Holtmann struct smp_cmd_pairing *rsp, __u8 authreq) 561b8e66eacSVinicius Costa Gomes { 5625d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 5635d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 564fd349c02SJohan Hedberg struct hci_conn *hcon = conn->hcon; 565fd349c02SJohan Hedberg struct hci_dev *hdev = hcon->hdev; 566*02b05bd8SJohan Hedberg u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT; 56754790f73SVinicius Costa Gomes 568b6ae8457SJohan Hedberg if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { 5697ee4ea36SMarcel Holtmann local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 5707ee4ea36SMarcel Holtmann remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 57154790f73SVinicius Costa Gomes authreq |= SMP_AUTH_BONDING; 5722b64d153SBrian Gix } else { 5732b64d153SBrian Gix authreq &= ~SMP_AUTH_BONDING; 57454790f73SVinicius Costa Gomes } 57554790f73SVinicius Costa Gomes 576fd349c02SJohan Hedberg if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) 577fd349c02SJohan Hedberg remote_dist |= SMP_DIST_ID_KEY; 578fd349c02SJohan Hedberg 579863efaf2SJohan Hedberg if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 580863efaf2SJohan Hedberg local_dist |= SMP_DIST_ID_KEY; 581863efaf2SJohan Hedberg 582*02b05bd8SJohan Hedberg if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && 583*02b05bd8SJohan Hedberg (authreq & SMP_AUTH_SC)) { 584*02b05bd8SJohan Hedberg struct oob_data *oob_data; 585*02b05bd8SJohan Hedberg u8 bdaddr_type; 586*02b05bd8SJohan Hedberg 587*02b05bd8SJohan Hedberg if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 588df8e1a4cSJohan Hedberg local_dist |= SMP_DIST_LINK_KEY; 589df8e1a4cSJohan Hedberg remote_dist |= SMP_DIST_LINK_KEY; 590df8e1a4cSJohan Hedberg } 591*02b05bd8SJohan Hedberg 592*02b05bd8SJohan Hedberg if (hcon->dst_type == ADDR_LE_DEV_PUBLIC) 593*02b05bd8SJohan Hedberg bdaddr_type = BDADDR_LE_PUBLIC; 594*02b05bd8SJohan Hedberg else 595*02b05bd8SJohan Hedberg bdaddr_type = BDADDR_LE_RANDOM; 596*02b05bd8SJohan Hedberg 597*02b05bd8SJohan Hedberg oob_data = hci_find_remote_oob_data(hdev, &hcon->dst, 598*02b05bd8SJohan Hedberg bdaddr_type); 599*02b05bd8SJohan Hedberg if (oob_data) { 600*02b05bd8SJohan Hedberg set_bit(SMP_FLAG_OOB, &smp->flags); 601*02b05bd8SJohan Hedberg oob_flag = SMP_OOB_PRESENT; 602*02b05bd8SJohan Hedberg memcpy(smp->rrnd, oob_data->rand256, 16); 603*02b05bd8SJohan Hedberg memcpy(smp->pcnf, oob_data->hash256, 16); 604*02b05bd8SJohan Hedberg } 605*02b05bd8SJohan Hedberg 606df8e1a4cSJohan Hedberg } else { 607df8e1a4cSJohan Hedberg authreq &= ~SMP_AUTH_SC; 608df8e1a4cSJohan Hedberg } 609df8e1a4cSJohan Hedberg 61054790f73SVinicius Costa Gomes if (rsp == NULL) { 61154790f73SVinicius Costa Gomes req->io_capability = conn->hcon->io_capability; 612*02b05bd8SJohan Hedberg req->oob_flag = oob_flag; 61354790f73SVinicius Costa Gomes req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 614fd349c02SJohan Hedberg req->init_key_dist = local_dist; 615fd349c02SJohan Hedberg req->resp_key_dist = remote_dist; 6160edb14deSJohan Hedberg req->auth_req = (authreq & AUTH_REQ_MASK(hdev)); 617fd349c02SJohan Hedberg 618fd349c02SJohan Hedberg smp->remote_key_dist = remote_dist; 61954790f73SVinicius Costa Gomes return; 62054790f73SVinicius Costa Gomes } 62154790f73SVinicius Costa Gomes 62254790f73SVinicius Costa Gomes rsp->io_capability = conn->hcon->io_capability; 623*02b05bd8SJohan Hedberg rsp->oob_flag = oob_flag; 62454790f73SVinicius Costa Gomes rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 625fd349c02SJohan Hedberg rsp->init_key_dist = req->init_key_dist & remote_dist; 626fd349c02SJohan Hedberg rsp->resp_key_dist = req->resp_key_dist & local_dist; 6270edb14deSJohan Hedberg rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev)); 628fd349c02SJohan Hedberg 629fd349c02SJohan Hedberg smp->remote_key_dist = rsp->init_key_dist; 630b8e66eacSVinicius Costa Gomes } 631b8e66eacSVinicius Costa Gomes 6323158c50cSVinicius Costa Gomes static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 6333158c50cSVinicius Costa Gomes { 6345d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 6355d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 6361c1def09SVinicius Costa Gomes 6373158c50cSVinicius Costa Gomes if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 6383158c50cSVinicius Costa Gomes (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 6393158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 6403158c50cSVinicius Costa Gomes 641f7aa611aSVinicius Costa Gomes smp->enc_key_size = max_key_size; 6423158c50cSVinicius Costa Gomes 6433158c50cSVinicius Costa Gomes return 0; 6443158c50cSVinicius Costa Gomes } 6453158c50cSVinicius Costa Gomes 6466f48e260SJohan Hedberg static void smp_chan_destroy(struct l2cap_conn *conn) 6476f48e260SJohan Hedberg { 6486f48e260SJohan Hedberg struct l2cap_chan *chan = conn->smp; 6496f48e260SJohan Hedberg struct smp_chan *smp = chan->data; 6506f48e260SJohan Hedberg bool complete; 6516f48e260SJohan Hedberg 6526f48e260SJohan Hedberg BUG_ON(!smp); 6536f48e260SJohan Hedberg 6546f48e260SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 6556f48e260SJohan Hedberg 6566f48e260SJohan Hedberg complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 6576f48e260SJohan Hedberg mgmt_smp_complete(conn->hcon, complete); 6586f48e260SJohan Hedberg 6596f48e260SJohan Hedberg kfree(smp->csrk); 6606f48e260SJohan Hedberg kfree(smp->slave_csrk); 6616a77083aSJohan Hedberg kfree(smp->link_key); 6626f48e260SJohan Hedberg 6636f48e260SJohan Hedberg crypto_free_blkcipher(smp->tfm_aes); 664407cecf6SJohan Hedberg crypto_free_hash(smp->tfm_cmac); 6656f48e260SJohan Hedberg 6666f48e260SJohan Hedberg /* If pairing failed clean up any keys we might have */ 6676f48e260SJohan Hedberg if (!complete) { 6686f48e260SJohan Hedberg if (smp->ltk) { 669970d0f1bSJohan Hedberg list_del_rcu(&smp->ltk->list); 670970d0f1bSJohan Hedberg kfree_rcu(smp->ltk, rcu); 6716f48e260SJohan Hedberg } 6726f48e260SJohan Hedberg 6736f48e260SJohan Hedberg if (smp->slave_ltk) { 674970d0f1bSJohan Hedberg list_del_rcu(&smp->slave_ltk->list); 675970d0f1bSJohan Hedberg kfree_rcu(smp->slave_ltk, rcu); 6766f48e260SJohan Hedberg } 6776f48e260SJohan Hedberg 6786f48e260SJohan Hedberg if (smp->remote_irk) { 679adae20cbSJohan Hedberg list_del_rcu(&smp->remote_irk->list); 680adae20cbSJohan Hedberg kfree_rcu(smp->remote_irk, rcu); 6816f48e260SJohan Hedberg } 6826f48e260SJohan Hedberg } 6836f48e260SJohan Hedberg 6846f48e260SJohan Hedberg chan->data = NULL; 6856f48e260SJohan Hedberg kfree(smp); 6866f48e260SJohan Hedberg hci_conn_drop(conn->hcon); 6876f48e260SJohan Hedberg } 6886f48e260SJohan Hedberg 68984794e11SJohan Hedberg static void smp_failure(struct l2cap_conn *conn, u8 reason) 6904f957a76SBrian Gix { 691bab73cb6SJohan Hedberg struct hci_conn *hcon = conn->hcon; 692b68fda68SJohan Hedberg struct l2cap_chan *chan = conn->smp; 693bab73cb6SJohan Hedberg 69484794e11SJohan Hedberg if (reason) 6954f957a76SBrian Gix smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 6964f957a76SBrian Gix &reason); 6974f957a76SBrian Gix 698ce39fb4eSMarcel Holtmann clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags); 699e1e930f5SJohan Hedberg mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE); 700f1c09c07SVinicius Costa Gomes 701fc75cc86SJohan Hedberg if (chan->data) 7024f957a76SBrian Gix smp_chan_destroy(conn); 7034f957a76SBrian Gix } 7044f957a76SBrian Gix 7052b64d153SBrian Gix #define JUST_WORKS 0x00 7062b64d153SBrian Gix #define JUST_CFM 0x01 7072b64d153SBrian Gix #define REQ_PASSKEY 0x02 7082b64d153SBrian Gix #define CFM_PASSKEY 0x03 7092b64d153SBrian Gix #define REQ_OOB 0x04 7105e3d3d9bSJohan Hedberg #define DSP_PASSKEY 0x05 7112b64d153SBrian Gix #define OVERLAP 0xFF 7122b64d153SBrian Gix 7132b64d153SBrian Gix static const u8 gen_method[5][5] = { 7142b64d153SBrian Gix { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 7152b64d153SBrian Gix { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 7162b64d153SBrian Gix { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 7172b64d153SBrian Gix { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 7182b64d153SBrian Gix { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 7192b64d153SBrian Gix }; 7202b64d153SBrian Gix 7215e3d3d9bSJohan Hedberg static const u8 sc_method[5][5] = { 7225e3d3d9bSJohan Hedberg { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 7235e3d3d9bSJohan Hedberg { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 7245e3d3d9bSJohan Hedberg { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY }, 7255e3d3d9bSJohan Hedberg { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 7265e3d3d9bSJohan Hedberg { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 7275e3d3d9bSJohan Hedberg }; 7285e3d3d9bSJohan Hedberg 729581370ccSJohan Hedberg static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) 730581370ccSJohan Hedberg { 7312bcd4003SJohan Hedberg /* If either side has unknown io_caps, use JUST_CFM (which gets 7322bcd4003SJohan Hedberg * converted later to JUST_WORKS if we're initiators. 7332bcd4003SJohan Hedberg */ 734581370ccSJohan Hedberg if (local_io > SMP_IO_KEYBOARD_DISPLAY || 735581370ccSJohan Hedberg remote_io > SMP_IO_KEYBOARD_DISPLAY) 7362bcd4003SJohan Hedberg return JUST_CFM; 737581370ccSJohan Hedberg 7385e3d3d9bSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) 7395e3d3d9bSJohan Hedberg return sc_method[remote_io][local_io]; 7405e3d3d9bSJohan Hedberg 741581370ccSJohan Hedberg return gen_method[remote_io][local_io]; 742581370ccSJohan Hedberg } 743581370ccSJohan Hedberg 7442b64d153SBrian Gix static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, 7452b64d153SBrian Gix u8 local_io, u8 remote_io) 7462b64d153SBrian Gix { 7472b64d153SBrian Gix struct hci_conn *hcon = conn->hcon; 7485d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 7495d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 7502b64d153SBrian Gix u32 passkey = 0; 7512b64d153SBrian Gix int ret = 0; 7522b64d153SBrian Gix 7532b64d153SBrian Gix /* Initialize key for JUST WORKS */ 7542b64d153SBrian Gix memset(smp->tk, 0, sizeof(smp->tk)); 7554a74d658SJohan Hedberg clear_bit(SMP_FLAG_TK_VALID, &smp->flags); 7562b64d153SBrian Gix 7572b64d153SBrian Gix BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); 7582b64d153SBrian Gix 7592bcd4003SJohan Hedberg /* If neither side wants MITM, either "just" confirm an incoming 7602bcd4003SJohan Hedberg * request or use just-works for outgoing ones. The JUST_CFM 7612bcd4003SJohan Hedberg * will be converted to JUST_WORKS if necessary later in this 7622bcd4003SJohan Hedberg * function. If either side has MITM look up the method from the 7632bcd4003SJohan Hedberg * table. 7642bcd4003SJohan Hedberg */ 765581370ccSJohan Hedberg if (!(auth & SMP_AUTH_MITM)) 766783e0574SJohan Hedberg smp->method = JUST_CFM; 7672b64d153SBrian Gix else 768783e0574SJohan Hedberg smp->method = get_auth_method(smp, local_io, remote_io); 7692b64d153SBrian Gix 770a82505c7SJohan Hedberg /* Don't confirm locally initiated pairing attempts */ 771783e0574SJohan Hedberg if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, 772783e0574SJohan Hedberg &smp->flags)) 773783e0574SJohan Hedberg smp->method = JUST_WORKS; 774a82505c7SJohan Hedberg 77502f3e254SJohan Hedberg /* Don't bother user space with no IO capabilities */ 776783e0574SJohan Hedberg if (smp->method == JUST_CFM && 777783e0574SJohan Hedberg hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 778783e0574SJohan Hedberg smp->method = JUST_WORKS; 77902f3e254SJohan Hedberg 7802b64d153SBrian Gix /* If Just Works, Continue with Zero TK */ 781783e0574SJohan Hedberg if (smp->method == JUST_WORKS) { 7824a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 7832b64d153SBrian Gix return 0; 7842b64d153SBrian Gix } 7852b64d153SBrian Gix 7862b64d153SBrian Gix /* Not Just Works/Confirm results in MITM Authentication */ 787783e0574SJohan Hedberg if (smp->method != JUST_CFM) { 7884a74d658SJohan Hedberg set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 7895eb596f5SJohan Hedberg if (hcon->pending_sec_level < BT_SECURITY_HIGH) 7905eb596f5SJohan Hedberg hcon->pending_sec_level = BT_SECURITY_HIGH; 7915eb596f5SJohan Hedberg } 7922b64d153SBrian Gix 7932b64d153SBrian Gix /* If both devices have Keyoard-Display I/O, the master 7942b64d153SBrian Gix * Confirms and the slave Enters the passkey. 7952b64d153SBrian Gix */ 796783e0574SJohan Hedberg if (smp->method == OVERLAP) { 79740bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) 798783e0574SJohan Hedberg smp->method = CFM_PASSKEY; 7992b64d153SBrian Gix else 800783e0574SJohan Hedberg smp->method = REQ_PASSKEY; 8012b64d153SBrian Gix } 8022b64d153SBrian Gix 80301ad34d2SJohan Hedberg /* Generate random passkey. */ 804783e0574SJohan Hedberg if (smp->method == CFM_PASSKEY) { 805943a732aSJohan Hedberg memset(smp->tk, 0, sizeof(smp->tk)); 8062b64d153SBrian Gix get_random_bytes(&passkey, sizeof(passkey)); 8072b64d153SBrian Gix passkey %= 1000000; 808943a732aSJohan Hedberg put_unaligned_le32(passkey, smp->tk); 8092b64d153SBrian Gix BT_DBG("PassKey: %d", passkey); 8104a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 8112b64d153SBrian Gix } 8122b64d153SBrian Gix 813783e0574SJohan Hedberg if (smp->method == REQ_PASSKEY) 814ce39fb4eSMarcel Holtmann ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, 815272d90dfSJohan Hedberg hcon->type, hcon->dst_type); 816783e0574SJohan Hedberg else if (smp->method == JUST_CFM) 8174eb65e66SJohan Hedberg ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, 8184eb65e66SJohan Hedberg hcon->type, hcon->dst_type, 8194eb65e66SJohan Hedberg passkey, 1); 8202b64d153SBrian Gix else 82101ad34d2SJohan Hedberg ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst, 822272d90dfSJohan Hedberg hcon->type, hcon->dst_type, 82339adbffeSJohan Hedberg passkey, 0); 8242b64d153SBrian Gix 8252b64d153SBrian Gix return ret; 8262b64d153SBrian Gix } 8272b64d153SBrian Gix 8281cc61144SJohan Hedberg static u8 smp_confirm(struct smp_chan *smp) 8298aab4757SVinicius Costa Gomes { 8308aab4757SVinicius Costa Gomes struct l2cap_conn *conn = smp->conn; 8318aab4757SVinicius Costa Gomes struct smp_cmd_pairing_confirm cp; 8328aab4757SVinicius Costa Gomes int ret; 8338aab4757SVinicius Costa Gomes 8348aab4757SVinicius Costa Gomes BT_DBG("conn %p", conn); 8358aab4757SVinicius Costa Gomes 836e491eaf3SJohan Hedberg ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp, 837b1cd5fd9SJohan Hedberg conn->hcon->init_addr_type, &conn->hcon->init_addr, 838943a732aSJohan Hedberg conn->hcon->resp_addr_type, &conn->hcon->resp_addr, 839943a732aSJohan Hedberg cp.confirm_val); 8401cc61144SJohan Hedberg if (ret) 8411cc61144SJohan Hedberg return SMP_UNSPECIFIED; 8428aab4757SVinicius Costa Gomes 8434a74d658SJohan Hedberg clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 8442b64d153SBrian Gix 8458aab4757SVinicius Costa Gomes smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 8468aab4757SVinicius Costa Gomes 847b28b4943SJohan Hedberg if (conn->hcon->out) 848b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 849b28b4943SJohan Hedberg else 850b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 851b28b4943SJohan Hedberg 8521cc61144SJohan Hedberg return 0; 8538aab4757SVinicius Costa Gomes } 8548aab4757SVinicius Costa Gomes 855861580a9SJohan Hedberg static u8 smp_random(struct smp_chan *smp) 8568aab4757SVinicius Costa Gomes { 8578aab4757SVinicius Costa Gomes struct l2cap_conn *conn = smp->conn; 8588aab4757SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 859861580a9SJohan Hedberg u8 confirm[16]; 8608aab4757SVinicius Costa Gomes int ret; 8618aab4757SVinicius Costa Gomes 862ec70f36fSJohan Hedberg if (IS_ERR_OR_NULL(smp->tfm_aes)) 863861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8648aab4757SVinicius Costa Gomes 8658aab4757SVinicius Costa Gomes BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 8668aab4757SVinicius Costa Gomes 867e491eaf3SJohan Hedberg ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp, 868b1cd5fd9SJohan Hedberg hcon->init_addr_type, &hcon->init_addr, 869943a732aSJohan Hedberg hcon->resp_addr_type, &hcon->resp_addr, confirm); 870861580a9SJohan Hedberg if (ret) 871861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8728aab4757SVinicius Costa Gomes 8738aab4757SVinicius Costa Gomes if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 8748aab4757SVinicius Costa Gomes BT_ERR("Pairing failed (confirmation values mismatch)"); 875861580a9SJohan Hedberg return SMP_CONFIRM_FAILED; 8768aab4757SVinicius Costa Gomes } 8778aab4757SVinicius Costa Gomes 8788aab4757SVinicius Costa Gomes if (hcon->out) { 879fe39c7b2SMarcel Holtmann u8 stk[16]; 880fe39c7b2SMarcel Holtmann __le64 rand = 0; 881fe39c7b2SMarcel Holtmann __le16 ediv = 0; 8828aab4757SVinicius Costa Gomes 883e491eaf3SJohan Hedberg smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk); 8848aab4757SVinicius Costa Gomes 885f7aa611aSVinicius Costa Gomes memset(stk + smp->enc_key_size, 0, 886f7aa611aSVinicius Costa Gomes SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 8878aab4757SVinicius Costa Gomes 888861580a9SJohan Hedberg if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 889861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8908aab4757SVinicius Costa Gomes 8918aab4757SVinicius Costa Gomes hci_le_start_enc(hcon, ediv, rand, stk); 892f7aa611aSVinicius Costa Gomes hcon->enc_key_size = smp->enc_key_size; 893fe59a05fSJohan Hedberg set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 8948aab4757SVinicius Costa Gomes } else { 895fff3490fSJohan Hedberg u8 stk[16], auth; 896fe39c7b2SMarcel Holtmann __le64 rand = 0; 897fe39c7b2SMarcel Holtmann __le16 ediv = 0; 8988aab4757SVinicius Costa Gomes 899943a732aSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 900943a732aSJohan Hedberg smp->prnd); 9018aab4757SVinicius Costa Gomes 902e491eaf3SJohan Hedberg smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk); 9038aab4757SVinicius Costa Gomes 904f7aa611aSVinicius Costa Gomes memset(stk + smp->enc_key_size, 0, 905f7aa611aSVinicius Costa Gomes SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 9068aab4757SVinicius Costa Gomes 907fff3490fSJohan Hedberg if (hcon->pending_sec_level == BT_SECURITY_HIGH) 908fff3490fSJohan Hedberg auth = 1; 909fff3490fSJohan Hedberg else 910fff3490fSJohan Hedberg auth = 0; 911fff3490fSJohan Hedberg 9127d5843b7SJohan Hedberg /* Even though there's no _SLAVE suffix this is the 9137d5843b7SJohan Hedberg * slave STK we're adding for later lookup (the master 9147d5843b7SJohan Hedberg * STK never needs to be stored). 9157d5843b7SJohan Hedberg */ 916ce39fb4eSMarcel Holtmann hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 9172ceba539SJohan Hedberg SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); 9188aab4757SVinicius Costa Gomes } 9198aab4757SVinicius Costa Gomes 920861580a9SJohan Hedberg return 0; 9218aab4757SVinicius Costa Gomes } 9228aab4757SVinicius Costa Gomes 92344f1a7abSJohan Hedberg static void smp_notify_keys(struct l2cap_conn *conn) 92444f1a7abSJohan Hedberg { 92544f1a7abSJohan Hedberg struct l2cap_chan *chan = conn->smp; 92644f1a7abSJohan Hedberg struct smp_chan *smp = chan->data; 92744f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 92844f1a7abSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 92944f1a7abSJohan Hedberg struct smp_cmd_pairing *req = (void *) &smp->preq[1]; 93044f1a7abSJohan Hedberg struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; 93144f1a7abSJohan Hedberg bool persistent; 93244f1a7abSJohan Hedberg 93344f1a7abSJohan Hedberg if (smp->remote_irk) { 93444f1a7abSJohan Hedberg mgmt_new_irk(hdev, smp->remote_irk); 93544f1a7abSJohan Hedberg /* Now that user space can be considered to know the 93644f1a7abSJohan Hedberg * identity address track the connection based on it 937b5ae344dSJohan Hedberg * from now on (assuming this is an LE link). 93844f1a7abSJohan Hedberg */ 939b5ae344dSJohan Hedberg if (hcon->type == LE_LINK) { 94044f1a7abSJohan Hedberg bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 94144f1a7abSJohan Hedberg hcon->dst_type = smp->remote_irk->addr_type; 942f3d82d0cSJohan Hedberg queue_work(hdev->workqueue, &conn->id_addr_update_work); 943b5ae344dSJohan Hedberg } 94444f1a7abSJohan Hedberg 94544f1a7abSJohan Hedberg /* When receiving an indentity resolving key for 94644f1a7abSJohan Hedberg * a remote device that does not use a resolvable 94744f1a7abSJohan Hedberg * private address, just remove the key so that 94844f1a7abSJohan Hedberg * it is possible to use the controller white 94944f1a7abSJohan Hedberg * list for scanning. 95044f1a7abSJohan Hedberg * 95144f1a7abSJohan Hedberg * Userspace will have been told to not store 95244f1a7abSJohan Hedberg * this key at this point. So it is safe to 95344f1a7abSJohan Hedberg * just remove it. 95444f1a7abSJohan Hedberg */ 95544f1a7abSJohan Hedberg if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { 956adae20cbSJohan Hedberg list_del_rcu(&smp->remote_irk->list); 957adae20cbSJohan Hedberg kfree_rcu(smp->remote_irk, rcu); 95844f1a7abSJohan Hedberg smp->remote_irk = NULL; 95944f1a7abSJohan Hedberg } 96044f1a7abSJohan Hedberg } 96144f1a7abSJohan Hedberg 962b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK) { 963b5ae344dSJohan Hedberg if (hcon->key_type == HCI_LK_DEBUG_COMBINATION) 964b5ae344dSJohan Hedberg persistent = false; 965b5ae344dSJohan Hedberg else 966b5ae344dSJohan Hedberg persistent = !test_bit(HCI_CONN_FLUSH_KEY, 967b5ae344dSJohan Hedberg &hcon->flags); 968b5ae344dSJohan Hedberg } else { 96944f1a7abSJohan Hedberg /* The LTKs and CSRKs should be persistent only if both sides 97044f1a7abSJohan Hedberg * had the bonding bit set in their authentication requests. 97144f1a7abSJohan Hedberg */ 972b5ae344dSJohan Hedberg persistent = !!((req->auth_req & rsp->auth_req) & 973b5ae344dSJohan Hedberg SMP_AUTH_BONDING); 974b5ae344dSJohan Hedberg } 975b5ae344dSJohan Hedberg 97644f1a7abSJohan Hedberg 97744f1a7abSJohan Hedberg if (smp->csrk) { 97844f1a7abSJohan Hedberg smp->csrk->bdaddr_type = hcon->dst_type; 97944f1a7abSJohan Hedberg bacpy(&smp->csrk->bdaddr, &hcon->dst); 98044f1a7abSJohan Hedberg mgmt_new_csrk(hdev, smp->csrk, persistent); 98144f1a7abSJohan Hedberg } 98244f1a7abSJohan Hedberg 98344f1a7abSJohan Hedberg if (smp->slave_csrk) { 98444f1a7abSJohan Hedberg smp->slave_csrk->bdaddr_type = hcon->dst_type; 98544f1a7abSJohan Hedberg bacpy(&smp->slave_csrk->bdaddr, &hcon->dst); 98644f1a7abSJohan Hedberg mgmt_new_csrk(hdev, smp->slave_csrk, persistent); 98744f1a7abSJohan Hedberg } 98844f1a7abSJohan Hedberg 98944f1a7abSJohan Hedberg if (smp->ltk) { 99044f1a7abSJohan Hedberg smp->ltk->bdaddr_type = hcon->dst_type; 99144f1a7abSJohan Hedberg bacpy(&smp->ltk->bdaddr, &hcon->dst); 99244f1a7abSJohan Hedberg mgmt_new_ltk(hdev, smp->ltk, persistent); 99344f1a7abSJohan Hedberg } 99444f1a7abSJohan Hedberg 99544f1a7abSJohan Hedberg if (smp->slave_ltk) { 99644f1a7abSJohan Hedberg smp->slave_ltk->bdaddr_type = hcon->dst_type; 99744f1a7abSJohan Hedberg bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); 99844f1a7abSJohan Hedberg mgmt_new_ltk(hdev, smp->slave_ltk, persistent); 99944f1a7abSJohan Hedberg } 10006a77083aSJohan Hedberg 10016a77083aSJohan Hedberg if (smp->link_key) { 1002e3befab9SJohan Hedberg struct link_key *key; 1003e3befab9SJohan Hedberg u8 type; 1004e3befab9SJohan Hedberg 1005e3befab9SJohan Hedberg if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) 1006e3befab9SJohan Hedberg type = HCI_LK_DEBUG_COMBINATION; 1007e3befab9SJohan Hedberg else if (hcon->sec_level == BT_SECURITY_FIPS) 1008e3befab9SJohan Hedberg type = HCI_LK_AUTH_COMBINATION_P256; 1009e3befab9SJohan Hedberg else 1010e3befab9SJohan Hedberg type = HCI_LK_UNAUTH_COMBINATION_P256; 1011e3befab9SJohan Hedberg 1012e3befab9SJohan Hedberg key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, 1013e3befab9SJohan Hedberg smp->link_key, type, 0, &persistent); 1014e3befab9SJohan Hedberg if (key) { 1015e3befab9SJohan Hedberg mgmt_new_link_key(hdev, key, persistent); 1016e3befab9SJohan Hedberg 1017e3befab9SJohan Hedberg /* Don't keep debug keys around if the relevant 1018e3befab9SJohan Hedberg * flag is not set. 1019e3befab9SJohan Hedberg */ 1020e3befab9SJohan Hedberg if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) && 1021e3befab9SJohan Hedberg key->type == HCI_LK_DEBUG_COMBINATION) { 1022e3befab9SJohan Hedberg list_del_rcu(&key->list); 1023e3befab9SJohan Hedberg kfree_rcu(key, rcu); 1024e3befab9SJohan Hedberg } 1025e3befab9SJohan Hedberg } 10266a77083aSJohan Hedberg } 10276a77083aSJohan Hedberg } 10286a77083aSJohan Hedberg 1029d3e54a87SJohan Hedberg static void sc_add_ltk(struct smp_chan *smp) 1030d3e54a87SJohan Hedberg { 1031d3e54a87SJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1032d3e54a87SJohan Hedberg u8 key_type, auth; 1033d3e54a87SJohan Hedberg 1034d3e54a87SJohan Hedberg if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) 1035d3e54a87SJohan Hedberg key_type = SMP_LTK_P256_DEBUG; 1036d3e54a87SJohan Hedberg else 1037d3e54a87SJohan Hedberg key_type = SMP_LTK_P256; 1038d3e54a87SJohan Hedberg 1039d3e54a87SJohan Hedberg if (hcon->pending_sec_level == BT_SECURITY_FIPS) 1040d3e54a87SJohan Hedberg auth = 1; 1041d3e54a87SJohan Hedberg else 1042d3e54a87SJohan Hedberg auth = 0; 1043d3e54a87SJohan Hedberg 1044d3e54a87SJohan Hedberg memset(smp->tk + smp->enc_key_size, 0, 1045d3e54a87SJohan Hedberg SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 1046d3e54a87SJohan Hedberg 1047d3e54a87SJohan Hedberg smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 1048d3e54a87SJohan Hedberg key_type, auth, smp->tk, smp->enc_key_size, 1049d3e54a87SJohan Hedberg 0, 0); 1050d3e54a87SJohan Hedberg } 1051d3e54a87SJohan Hedberg 10526a77083aSJohan Hedberg static void sc_generate_link_key(struct smp_chan *smp) 10536a77083aSJohan Hedberg { 10546a77083aSJohan Hedberg /* These constants are as specified in the core specification. 10556a77083aSJohan Hedberg * In ASCII they spell out to 'tmp1' and 'lebr'. 10566a77083aSJohan Hedberg */ 10576a77083aSJohan Hedberg const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 }; 10586a77083aSJohan Hedberg const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c }; 10596a77083aSJohan Hedberg 10606a77083aSJohan Hedberg smp->link_key = kzalloc(16, GFP_KERNEL); 10616a77083aSJohan Hedberg if (!smp->link_key) 10626a77083aSJohan Hedberg return; 10636a77083aSJohan Hedberg 10646a77083aSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) { 10656a77083aSJohan Hedberg kfree(smp->link_key); 10666a77083aSJohan Hedberg smp->link_key = NULL; 10676a77083aSJohan Hedberg return; 10686a77083aSJohan Hedberg } 10696a77083aSJohan Hedberg 10706a77083aSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) { 10716a77083aSJohan Hedberg kfree(smp->link_key); 10726a77083aSJohan Hedberg smp->link_key = NULL; 10736a77083aSJohan Hedberg return; 10746a77083aSJohan Hedberg } 107544f1a7abSJohan Hedberg } 107644f1a7abSJohan Hedberg 1077b28b4943SJohan Hedberg static void smp_allow_key_dist(struct smp_chan *smp) 1078b28b4943SJohan Hedberg { 1079b28b4943SJohan Hedberg /* Allow the first expected phase 3 PDU. The rest of the PDUs 1080b28b4943SJohan Hedberg * will be allowed in each PDU handler to ensure we receive 1081b28b4943SJohan Hedberg * them in the correct order. 1082b28b4943SJohan Hedberg */ 1083b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_ENC_KEY) 1084b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO); 1085b28b4943SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_ID_KEY) 1086b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); 1087b28b4943SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_SIGN) 1088b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 1089b28b4943SJohan Hedberg } 1090b28b4943SJohan Hedberg 1091b5ae344dSJohan Hedberg static void sc_generate_ltk(struct smp_chan *smp) 1092b5ae344dSJohan Hedberg { 1093b5ae344dSJohan Hedberg /* These constants are as specified in the core specification. 1094b5ae344dSJohan Hedberg * In ASCII they spell out to 'tmp2' and 'brle'. 1095b5ae344dSJohan Hedberg */ 1096b5ae344dSJohan Hedberg const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 }; 1097b5ae344dSJohan Hedberg const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 }; 1098b5ae344dSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1099b5ae344dSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 1100b5ae344dSJohan Hedberg struct link_key *key; 1101b5ae344dSJohan Hedberg 1102b5ae344dSJohan Hedberg key = hci_find_link_key(hdev, &hcon->dst); 1103b5ae344dSJohan Hedberg if (!key) { 1104b5ae344dSJohan Hedberg BT_ERR("%s No Link Key found to generate LTK", hdev->name); 1105b5ae344dSJohan Hedberg return; 1106b5ae344dSJohan Hedberg } 1107b5ae344dSJohan Hedberg 1108b5ae344dSJohan Hedberg if (key->type == HCI_LK_DEBUG_COMBINATION) 1109b5ae344dSJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 1110b5ae344dSJohan Hedberg 1111b5ae344dSJohan Hedberg if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk)) 1112b5ae344dSJohan Hedberg return; 1113b5ae344dSJohan Hedberg 1114b5ae344dSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk)) 1115b5ae344dSJohan Hedberg return; 1116b5ae344dSJohan Hedberg 1117b5ae344dSJohan Hedberg sc_add_ltk(smp); 1118b5ae344dSJohan Hedberg } 1119b5ae344dSJohan Hedberg 1120d6268e86SJohan Hedberg static void smp_distribute_keys(struct smp_chan *smp) 112144f1a7abSJohan Hedberg { 112244f1a7abSJohan Hedberg struct smp_cmd_pairing *req, *rsp; 112386d1407cSJohan Hedberg struct l2cap_conn *conn = smp->conn; 112444f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 112544f1a7abSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 112644f1a7abSJohan Hedberg __u8 *keydist; 112744f1a7abSJohan Hedberg 112844f1a7abSJohan Hedberg BT_DBG("conn %p", conn); 112944f1a7abSJohan Hedberg 113044f1a7abSJohan Hedberg rsp = (void *) &smp->prsp[1]; 113144f1a7abSJohan Hedberg 113244f1a7abSJohan Hedberg /* The responder sends its keys first */ 1133b28b4943SJohan Hedberg if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) { 1134b28b4943SJohan Hedberg smp_allow_key_dist(smp); 113586d1407cSJohan Hedberg return; 1136b28b4943SJohan Hedberg } 113744f1a7abSJohan Hedberg 113844f1a7abSJohan Hedberg req = (void *) &smp->preq[1]; 113944f1a7abSJohan Hedberg 114044f1a7abSJohan Hedberg if (hcon->out) { 114144f1a7abSJohan Hedberg keydist = &rsp->init_key_dist; 114244f1a7abSJohan Hedberg *keydist &= req->init_key_dist; 114344f1a7abSJohan Hedberg } else { 114444f1a7abSJohan Hedberg keydist = &rsp->resp_key_dist; 114544f1a7abSJohan Hedberg *keydist &= req->resp_key_dist; 114644f1a7abSJohan Hedberg } 114744f1a7abSJohan Hedberg 11486a77083aSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 1149b5ae344dSJohan Hedberg if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY)) 11506a77083aSJohan Hedberg sc_generate_link_key(smp); 1151b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY)) 1152b5ae344dSJohan Hedberg sc_generate_ltk(smp); 11536a77083aSJohan Hedberg 11546a77083aSJohan Hedberg /* Clear the keys which are generated but not distributed */ 11556a77083aSJohan Hedberg *keydist &= ~SMP_SC_NO_DIST; 11566a77083aSJohan Hedberg } 11576a77083aSJohan Hedberg 115844f1a7abSJohan Hedberg BT_DBG("keydist 0x%x", *keydist); 115944f1a7abSJohan Hedberg 116044f1a7abSJohan Hedberg if (*keydist & SMP_DIST_ENC_KEY) { 116144f1a7abSJohan Hedberg struct smp_cmd_encrypt_info enc; 116244f1a7abSJohan Hedberg struct smp_cmd_master_ident ident; 116344f1a7abSJohan Hedberg struct smp_ltk *ltk; 116444f1a7abSJohan Hedberg u8 authenticated; 116544f1a7abSJohan Hedberg __le16 ediv; 116644f1a7abSJohan Hedberg __le64 rand; 116744f1a7abSJohan Hedberg 116844f1a7abSJohan Hedberg get_random_bytes(enc.ltk, sizeof(enc.ltk)); 116944f1a7abSJohan Hedberg get_random_bytes(&ediv, sizeof(ediv)); 117044f1a7abSJohan Hedberg get_random_bytes(&rand, sizeof(rand)); 117144f1a7abSJohan Hedberg 117244f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 117344f1a7abSJohan Hedberg 117444f1a7abSJohan Hedberg authenticated = hcon->sec_level == BT_SECURITY_HIGH; 117544f1a7abSJohan Hedberg ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, 117644f1a7abSJohan Hedberg SMP_LTK_SLAVE, authenticated, enc.ltk, 117744f1a7abSJohan Hedberg smp->enc_key_size, ediv, rand); 117844f1a7abSJohan Hedberg smp->slave_ltk = ltk; 117944f1a7abSJohan Hedberg 118044f1a7abSJohan Hedberg ident.ediv = ediv; 118144f1a7abSJohan Hedberg ident.rand = rand; 118244f1a7abSJohan Hedberg 118344f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); 118444f1a7abSJohan Hedberg 118544f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_ENC_KEY; 118644f1a7abSJohan Hedberg } 118744f1a7abSJohan Hedberg 118844f1a7abSJohan Hedberg if (*keydist & SMP_DIST_ID_KEY) { 118944f1a7abSJohan Hedberg struct smp_cmd_ident_addr_info addrinfo; 119044f1a7abSJohan Hedberg struct smp_cmd_ident_info idinfo; 119144f1a7abSJohan Hedberg 119244f1a7abSJohan Hedberg memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk)); 119344f1a7abSJohan Hedberg 119444f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); 119544f1a7abSJohan Hedberg 119644f1a7abSJohan Hedberg /* The hci_conn contains the local identity address 119744f1a7abSJohan Hedberg * after the connection has been established. 119844f1a7abSJohan Hedberg * 119944f1a7abSJohan Hedberg * This is true even when the connection has been 120044f1a7abSJohan Hedberg * established using a resolvable random address. 120144f1a7abSJohan Hedberg */ 120244f1a7abSJohan Hedberg bacpy(&addrinfo.bdaddr, &hcon->src); 120344f1a7abSJohan Hedberg addrinfo.addr_type = hcon->src_type; 120444f1a7abSJohan Hedberg 120544f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), 120644f1a7abSJohan Hedberg &addrinfo); 120744f1a7abSJohan Hedberg 120844f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_ID_KEY; 120944f1a7abSJohan Hedberg } 121044f1a7abSJohan Hedberg 121144f1a7abSJohan Hedberg if (*keydist & SMP_DIST_SIGN) { 121244f1a7abSJohan Hedberg struct smp_cmd_sign_info sign; 121344f1a7abSJohan Hedberg struct smp_csrk *csrk; 121444f1a7abSJohan Hedberg 121544f1a7abSJohan Hedberg /* Generate a new random key */ 121644f1a7abSJohan Hedberg get_random_bytes(sign.csrk, sizeof(sign.csrk)); 121744f1a7abSJohan Hedberg 121844f1a7abSJohan Hedberg csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 121944f1a7abSJohan Hedberg if (csrk) { 122044f1a7abSJohan Hedberg csrk->master = 0x00; 122144f1a7abSJohan Hedberg memcpy(csrk->val, sign.csrk, sizeof(csrk->val)); 122244f1a7abSJohan Hedberg } 122344f1a7abSJohan Hedberg smp->slave_csrk = csrk; 122444f1a7abSJohan Hedberg 122544f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign); 122644f1a7abSJohan Hedberg 122744f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_SIGN; 122844f1a7abSJohan Hedberg } 122944f1a7abSJohan Hedberg 123044f1a7abSJohan Hedberg /* If there are still keys to be received wait for them */ 1231b28b4943SJohan Hedberg if (smp->remote_key_dist & KEY_DIST_MASK) { 1232b28b4943SJohan Hedberg smp_allow_key_dist(smp); 123386d1407cSJohan Hedberg return; 1234b28b4943SJohan Hedberg } 123544f1a7abSJohan Hedberg 123644f1a7abSJohan Hedberg set_bit(SMP_FLAG_COMPLETE, &smp->flags); 123744f1a7abSJohan Hedberg smp_notify_keys(conn); 123844f1a7abSJohan Hedberg 123944f1a7abSJohan Hedberg smp_chan_destroy(conn); 124044f1a7abSJohan Hedberg } 124144f1a7abSJohan Hedberg 1242b68fda68SJohan Hedberg static void smp_timeout(struct work_struct *work) 1243b68fda68SJohan Hedberg { 1244b68fda68SJohan Hedberg struct smp_chan *smp = container_of(work, struct smp_chan, 1245b68fda68SJohan Hedberg security_timer.work); 1246b68fda68SJohan Hedberg struct l2cap_conn *conn = smp->conn; 1247b68fda68SJohan Hedberg 1248b68fda68SJohan Hedberg BT_DBG("conn %p", conn); 1249b68fda68SJohan Hedberg 12501e91c29eSJohan Hedberg hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM); 1251b68fda68SJohan Hedberg } 1252b68fda68SJohan Hedberg 12538aab4757SVinicius Costa Gomes static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 12548aab4757SVinicius Costa Gomes { 12555d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 12568aab4757SVinicius Costa Gomes struct smp_chan *smp; 12578aab4757SVinicius Costa Gomes 1258f1560463SMarcel Holtmann smp = kzalloc(sizeof(*smp), GFP_ATOMIC); 1259fc75cc86SJohan Hedberg if (!smp) 12608aab4757SVinicius Costa Gomes return NULL; 12618aab4757SVinicius Costa Gomes 12626a7bd103SJohan Hedberg smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 12636a7bd103SJohan Hedberg if (IS_ERR(smp->tfm_aes)) { 12646a7bd103SJohan Hedberg BT_ERR("Unable to create ECB crypto context"); 12656a7bd103SJohan Hedberg kfree(smp); 12666a7bd103SJohan Hedberg return NULL; 12676a7bd103SJohan Hedberg } 12686a7bd103SJohan Hedberg 1269407cecf6SJohan Hedberg smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC); 1270407cecf6SJohan Hedberg if (IS_ERR(smp->tfm_cmac)) { 1271407cecf6SJohan Hedberg BT_ERR("Unable to create CMAC crypto context"); 1272407cecf6SJohan Hedberg crypto_free_blkcipher(smp->tfm_aes); 1273407cecf6SJohan Hedberg kfree(smp); 1274407cecf6SJohan Hedberg return NULL; 1275407cecf6SJohan Hedberg } 1276407cecf6SJohan Hedberg 12778aab4757SVinicius Costa Gomes smp->conn = conn; 12785d88cc73SJohan Hedberg chan->data = smp; 12798aab4757SVinicius Costa Gomes 1280b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL); 1281b28b4943SJohan Hedberg 1282b68fda68SJohan Hedberg INIT_DELAYED_WORK(&smp->security_timer, smp_timeout); 1283b68fda68SJohan Hedberg 12848aab4757SVinicius Costa Gomes hci_conn_hold(conn->hcon); 12858aab4757SVinicius Costa Gomes 12868aab4757SVinicius Costa Gomes return smp; 12878aab4757SVinicius Costa Gomes } 12888aab4757SVinicius Costa Gomes 1289760b018bSJohan Hedberg static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16]) 1290760b018bSJohan Hedberg { 1291760b018bSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1292760b018bSJohan Hedberg u8 *na, *nb, a[7], b[7]; 1293760b018bSJohan Hedberg 1294760b018bSJohan Hedberg if (hcon->out) { 1295760b018bSJohan Hedberg na = smp->prnd; 1296760b018bSJohan Hedberg nb = smp->rrnd; 1297760b018bSJohan Hedberg } else { 1298760b018bSJohan Hedberg na = smp->rrnd; 1299760b018bSJohan Hedberg nb = smp->prnd; 1300760b018bSJohan Hedberg } 1301760b018bSJohan Hedberg 1302760b018bSJohan Hedberg memcpy(a, &hcon->init_addr, 6); 1303760b018bSJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 1304760b018bSJohan Hedberg a[6] = hcon->init_addr_type; 1305760b018bSJohan Hedberg b[6] = hcon->resp_addr_type; 1306760b018bSJohan Hedberg 1307760b018bSJohan Hedberg return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk); 1308760b018bSJohan Hedberg } 1309760b018bSJohan Hedberg 131038606f14SJohan Hedberg static void sc_dhkey_check(struct smp_chan *smp) 1311760b018bSJohan Hedberg { 1312760b018bSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1313760b018bSJohan Hedberg struct smp_cmd_dhkey_check check; 1314760b018bSJohan Hedberg u8 a[7], b[7], *local_addr, *remote_addr; 1315760b018bSJohan Hedberg u8 io_cap[3], r[16]; 1316760b018bSJohan Hedberg 1317760b018bSJohan Hedberg memcpy(a, &hcon->init_addr, 6); 1318760b018bSJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 1319760b018bSJohan Hedberg a[6] = hcon->init_addr_type; 1320760b018bSJohan Hedberg b[6] = hcon->resp_addr_type; 1321760b018bSJohan Hedberg 1322760b018bSJohan Hedberg if (hcon->out) { 1323760b018bSJohan Hedberg local_addr = a; 1324760b018bSJohan Hedberg remote_addr = b; 1325760b018bSJohan Hedberg memcpy(io_cap, &smp->preq[1], 3); 1326760b018bSJohan Hedberg } else { 1327760b018bSJohan Hedberg local_addr = b; 1328760b018bSJohan Hedberg remote_addr = a; 1329760b018bSJohan Hedberg memcpy(io_cap, &smp->prsp[1], 3); 1330760b018bSJohan Hedberg } 1331760b018bSJohan Hedberg 1332dddd3059SJohan Hedberg memset(r, 0, sizeof(r)); 1333dddd3059SJohan Hedberg 1334dddd3059SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 133538606f14SJohan Hedberg put_unaligned_le32(hcon->passkey_notify, r); 1336760b018bSJohan Hedberg 1337760b018bSJohan Hedberg smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap, 1338760b018bSJohan Hedberg local_addr, remote_addr, check.e); 1339760b018bSJohan Hedberg 1340760b018bSJohan Hedberg smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check); 1341dddd3059SJohan Hedberg } 1342dddd3059SJohan Hedberg 134338606f14SJohan Hedberg static u8 sc_passkey_send_confirm(struct smp_chan *smp) 134438606f14SJohan Hedberg { 134538606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 134638606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 134738606f14SJohan Hedberg struct smp_cmd_pairing_confirm cfm; 134838606f14SJohan Hedberg u8 r; 134938606f14SJohan Hedberg 135038606f14SJohan Hedberg r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); 135138606f14SJohan Hedberg r |= 0x80; 135238606f14SJohan Hedberg 135338606f14SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 135438606f14SJohan Hedberg 135538606f14SJohan Hedberg if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r, 135638606f14SJohan Hedberg cfm.confirm_val)) 135738606f14SJohan Hedberg return SMP_UNSPECIFIED; 135838606f14SJohan Hedberg 135938606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm); 136038606f14SJohan Hedberg 136138606f14SJohan Hedberg return 0; 136238606f14SJohan Hedberg } 136338606f14SJohan Hedberg 136438606f14SJohan Hedberg static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op) 136538606f14SJohan Hedberg { 136638606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 136738606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 136838606f14SJohan Hedberg struct hci_dev *hdev = hcon->hdev; 136938606f14SJohan Hedberg u8 cfm[16], r; 137038606f14SJohan Hedberg 137138606f14SJohan Hedberg /* Ignore the PDU if we've already done 20 rounds (0 - 19) */ 137238606f14SJohan Hedberg if (smp->passkey_round >= 20) 137338606f14SJohan Hedberg return 0; 137438606f14SJohan Hedberg 137538606f14SJohan Hedberg switch (smp_op) { 137638606f14SJohan Hedberg case SMP_CMD_PAIRING_RANDOM: 137738606f14SJohan Hedberg r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); 137838606f14SJohan Hedberg r |= 0x80; 137938606f14SJohan Hedberg 138038606f14SJohan Hedberg if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, 138138606f14SJohan Hedberg smp->rrnd, r, cfm)) 138238606f14SJohan Hedberg return SMP_UNSPECIFIED; 138338606f14SJohan Hedberg 138438606f14SJohan Hedberg if (memcmp(smp->pcnf, cfm, 16)) 138538606f14SJohan Hedberg return SMP_CONFIRM_FAILED; 138638606f14SJohan Hedberg 138738606f14SJohan Hedberg smp->passkey_round++; 138838606f14SJohan Hedberg 138938606f14SJohan Hedberg if (smp->passkey_round == 20) { 139038606f14SJohan Hedberg /* Generate MacKey and LTK */ 139138606f14SJohan Hedberg if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk)) 139238606f14SJohan Hedberg return SMP_UNSPECIFIED; 139338606f14SJohan Hedberg } 139438606f14SJohan Hedberg 139538606f14SJohan Hedberg /* The round is only complete when the initiator 139638606f14SJohan Hedberg * receives pairing random. 139738606f14SJohan Hedberg */ 139838606f14SJohan Hedberg if (!hcon->out) { 139938606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, 140038606f14SJohan Hedberg sizeof(smp->prnd), smp->prnd); 1401d3e54a87SJohan Hedberg if (smp->passkey_round == 20) 140238606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1403d3e54a87SJohan Hedberg else 140438606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 140538606f14SJohan Hedberg return 0; 140638606f14SJohan Hedberg } 140738606f14SJohan Hedberg 140838606f14SJohan Hedberg /* Start the next round */ 140938606f14SJohan Hedberg if (smp->passkey_round != 20) 141038606f14SJohan Hedberg return sc_passkey_round(smp, 0); 141138606f14SJohan Hedberg 141238606f14SJohan Hedberg /* Passkey rounds are complete - start DHKey Check */ 141338606f14SJohan Hedberg sc_dhkey_check(smp); 141438606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 141538606f14SJohan Hedberg 141638606f14SJohan Hedberg break; 141738606f14SJohan Hedberg 141838606f14SJohan Hedberg case SMP_CMD_PAIRING_CONFIRM: 141938606f14SJohan Hedberg if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { 142038606f14SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 142138606f14SJohan Hedberg return 0; 142238606f14SJohan Hedberg } 142338606f14SJohan Hedberg 142438606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 142538606f14SJohan Hedberg 142638606f14SJohan Hedberg if (hcon->out) { 142738606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, 142838606f14SJohan Hedberg sizeof(smp->prnd), smp->prnd); 142938606f14SJohan Hedberg return 0; 143038606f14SJohan Hedberg } 143138606f14SJohan Hedberg 143238606f14SJohan Hedberg return sc_passkey_send_confirm(smp); 143338606f14SJohan Hedberg 143438606f14SJohan Hedberg case SMP_CMD_PUBLIC_KEY: 143538606f14SJohan Hedberg default: 143638606f14SJohan Hedberg /* Initiating device starts the round */ 143738606f14SJohan Hedberg if (!hcon->out) 143838606f14SJohan Hedberg return 0; 143938606f14SJohan Hedberg 144038606f14SJohan Hedberg BT_DBG("%s Starting passkey round %u", hdev->name, 144138606f14SJohan Hedberg smp->passkey_round + 1); 144238606f14SJohan Hedberg 144338606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 144438606f14SJohan Hedberg 144538606f14SJohan Hedberg return sc_passkey_send_confirm(smp); 144638606f14SJohan Hedberg } 144738606f14SJohan Hedberg 144838606f14SJohan Hedberg return 0; 144938606f14SJohan Hedberg } 145038606f14SJohan Hedberg 1451dddd3059SJohan Hedberg static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey) 1452dddd3059SJohan Hedberg { 145338606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 145438606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 145538606f14SJohan Hedberg u8 smp_op; 145638606f14SJohan Hedberg 145738606f14SJohan Hedberg clear_bit(SMP_FLAG_WAIT_USER, &smp->flags); 145838606f14SJohan Hedberg 1459dddd3059SJohan Hedberg switch (mgmt_op) { 1460dddd3059SJohan Hedberg case MGMT_OP_USER_PASSKEY_NEG_REPLY: 1461dddd3059SJohan Hedberg smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED); 1462dddd3059SJohan Hedberg return 0; 1463dddd3059SJohan Hedberg case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1464dddd3059SJohan Hedberg smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED); 1465dddd3059SJohan Hedberg return 0; 146638606f14SJohan Hedberg case MGMT_OP_USER_PASSKEY_REPLY: 146738606f14SJohan Hedberg hcon->passkey_notify = le32_to_cpu(passkey); 146838606f14SJohan Hedberg smp->passkey_round = 0; 146938606f14SJohan Hedberg 147038606f14SJohan Hedberg if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) 147138606f14SJohan Hedberg smp_op = SMP_CMD_PAIRING_CONFIRM; 147238606f14SJohan Hedberg else 147338606f14SJohan Hedberg smp_op = 0; 147438606f14SJohan Hedberg 147538606f14SJohan Hedberg if (sc_passkey_round(smp, smp_op)) 147638606f14SJohan Hedberg return -EIO; 147738606f14SJohan Hedberg 147838606f14SJohan Hedberg return 0; 1479dddd3059SJohan Hedberg } 1480dddd3059SJohan Hedberg 1481d3e54a87SJohan Hedberg /* Initiator sends DHKey check first */ 1482d3e54a87SJohan Hedberg if (hcon->out) { 148338606f14SJohan Hedberg sc_dhkey_check(smp); 1484d3e54a87SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1485d3e54a87SJohan Hedberg } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) { 1486d3e54a87SJohan Hedberg sc_dhkey_check(smp); 1487d3e54a87SJohan Hedberg sc_add_ltk(smp); 1488d3e54a87SJohan Hedberg } 1489760b018bSJohan Hedberg 1490760b018bSJohan Hedberg return 0; 1491760b018bSJohan Hedberg } 1492760b018bSJohan Hedberg 14932b64d153SBrian Gix int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 14942b64d153SBrian Gix { 1495b10e8017SJohan Hedberg struct l2cap_conn *conn = hcon->l2cap_data; 14965d88cc73SJohan Hedberg struct l2cap_chan *chan; 14972b64d153SBrian Gix struct smp_chan *smp; 14982b64d153SBrian Gix u32 value; 1499fc75cc86SJohan Hedberg int err; 15002b64d153SBrian Gix 15012b64d153SBrian Gix BT_DBG(""); 15022b64d153SBrian Gix 1503fc75cc86SJohan Hedberg if (!conn) 15042b64d153SBrian Gix return -ENOTCONN; 15052b64d153SBrian Gix 15065d88cc73SJohan Hedberg chan = conn->smp; 15075d88cc73SJohan Hedberg if (!chan) 15085d88cc73SJohan Hedberg return -ENOTCONN; 15095d88cc73SJohan Hedberg 1510fc75cc86SJohan Hedberg l2cap_chan_lock(chan); 1511fc75cc86SJohan Hedberg if (!chan->data) { 1512fc75cc86SJohan Hedberg err = -ENOTCONN; 1513fc75cc86SJohan Hedberg goto unlock; 1514fc75cc86SJohan Hedberg } 1515fc75cc86SJohan Hedberg 15165d88cc73SJohan Hedberg smp = chan->data; 15172b64d153SBrian Gix 1518760b018bSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 1519760b018bSJohan Hedberg err = sc_user_reply(smp, mgmt_op, passkey); 1520760b018bSJohan Hedberg goto unlock; 1521760b018bSJohan Hedberg } 1522760b018bSJohan Hedberg 15232b64d153SBrian Gix switch (mgmt_op) { 15242b64d153SBrian Gix case MGMT_OP_USER_PASSKEY_REPLY: 15252b64d153SBrian Gix value = le32_to_cpu(passkey); 1526943a732aSJohan Hedberg memset(smp->tk, 0, sizeof(smp->tk)); 15272b64d153SBrian Gix BT_DBG("PassKey: %d", value); 1528943a732aSJohan Hedberg put_unaligned_le32(value, smp->tk); 15292b64d153SBrian Gix /* Fall Through */ 15302b64d153SBrian Gix case MGMT_OP_USER_CONFIRM_REPLY: 15314a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 15322b64d153SBrian Gix break; 15332b64d153SBrian Gix case MGMT_OP_USER_PASSKEY_NEG_REPLY: 15342b64d153SBrian Gix case MGMT_OP_USER_CONFIRM_NEG_REPLY: 153584794e11SJohan Hedberg smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 1536fc75cc86SJohan Hedberg err = 0; 1537fc75cc86SJohan Hedberg goto unlock; 15382b64d153SBrian Gix default: 153984794e11SJohan Hedberg smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 1540fc75cc86SJohan Hedberg err = -EOPNOTSUPP; 1541fc75cc86SJohan Hedberg goto unlock; 15422b64d153SBrian Gix } 15432b64d153SBrian Gix 1544fc75cc86SJohan Hedberg err = 0; 1545fc75cc86SJohan Hedberg 15462b64d153SBrian Gix /* If it is our turn to send Pairing Confirm, do so now */ 15471cc61144SJohan Hedberg if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { 15481cc61144SJohan Hedberg u8 rsp = smp_confirm(smp); 15491cc61144SJohan Hedberg if (rsp) 15501cc61144SJohan Hedberg smp_failure(conn, rsp); 15511cc61144SJohan Hedberg } 15522b64d153SBrian Gix 1553fc75cc86SJohan Hedberg unlock: 1554fc75cc86SJohan Hedberg l2cap_chan_unlock(chan); 1555fc75cc86SJohan Hedberg return err; 15562b64d153SBrian Gix } 15572b64d153SBrian Gix 1558b5ae344dSJohan Hedberg static void build_bredr_pairing_cmd(struct smp_chan *smp, 1559b5ae344dSJohan Hedberg struct smp_cmd_pairing *req, 1560b5ae344dSJohan Hedberg struct smp_cmd_pairing *rsp) 1561b5ae344dSJohan Hedberg { 1562b5ae344dSJohan Hedberg struct l2cap_conn *conn = smp->conn; 1563b5ae344dSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 1564b5ae344dSJohan Hedberg u8 local_dist = 0, remote_dist = 0; 1565b5ae344dSJohan Hedberg 1566b5ae344dSJohan Hedberg if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) { 1567b5ae344dSJohan Hedberg local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 1568b5ae344dSJohan Hedberg remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 1569b5ae344dSJohan Hedberg } 1570b5ae344dSJohan Hedberg 1571b5ae344dSJohan Hedberg if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) 1572b5ae344dSJohan Hedberg remote_dist |= SMP_DIST_ID_KEY; 1573b5ae344dSJohan Hedberg 1574b5ae344dSJohan Hedberg if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 1575b5ae344dSJohan Hedberg local_dist |= SMP_DIST_ID_KEY; 1576b5ae344dSJohan Hedberg 1577b5ae344dSJohan Hedberg if (!rsp) { 1578b5ae344dSJohan Hedberg memset(req, 0, sizeof(*req)); 1579b5ae344dSJohan Hedberg 1580b5ae344dSJohan Hedberg req->init_key_dist = local_dist; 1581b5ae344dSJohan Hedberg req->resp_key_dist = remote_dist; 1582b5ae344dSJohan Hedberg req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 1583b5ae344dSJohan Hedberg 1584b5ae344dSJohan Hedberg smp->remote_key_dist = remote_dist; 1585b5ae344dSJohan Hedberg 1586b5ae344dSJohan Hedberg return; 1587b5ae344dSJohan Hedberg } 1588b5ae344dSJohan Hedberg 1589b5ae344dSJohan Hedberg memset(rsp, 0, sizeof(*rsp)); 1590b5ae344dSJohan Hedberg 1591b5ae344dSJohan Hedberg rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 1592b5ae344dSJohan Hedberg rsp->init_key_dist = req->init_key_dist & remote_dist; 1593b5ae344dSJohan Hedberg rsp->resp_key_dist = req->resp_key_dist & local_dist; 1594b5ae344dSJohan Hedberg 1595b5ae344dSJohan Hedberg smp->remote_key_dist = rsp->init_key_dist; 1596b5ae344dSJohan Hedberg } 1597b5ae344dSJohan Hedberg 1598da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 159988ba43b6SAnderson Briglia { 16003158c50cSVinicius Costa Gomes struct smp_cmd_pairing rsp, *req = (void *) skb->data; 1601fc75cc86SJohan Hedberg struct l2cap_chan *chan = conn->smp; 1602b3c6410bSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 16038aab4757SVinicius Costa Gomes struct smp_chan *smp; 1604c7262e71SJohan Hedberg u8 key_size, auth, sec_level; 16058aab4757SVinicius Costa Gomes int ret; 160688ba43b6SAnderson Briglia 160788ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 160888ba43b6SAnderson Briglia 1609c46b98beSJohan Hedberg if (skb->len < sizeof(*req)) 161038e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1611c46b98beSJohan Hedberg 161240bef302SJohan Hedberg if (conn->hcon->role != HCI_ROLE_SLAVE) 16132b64d153SBrian Gix return SMP_CMD_NOTSUPP; 16142b64d153SBrian Gix 1615fc75cc86SJohan Hedberg if (!chan->data) 16168aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 1617fc75cc86SJohan Hedberg else 16185d88cc73SJohan Hedberg smp = chan->data; 1619d26a2345SVinicius Costa Gomes 1620d08fd0e7SAndrei Emeltchenko if (!smp) 1621d08fd0e7SAndrei Emeltchenko return SMP_UNSPECIFIED; 1622d08fd0e7SAndrei Emeltchenko 1623c05b9339SJohan Hedberg /* We didn't start the pairing, so match remote */ 16240edb14deSJohan Hedberg auth = req->auth_req & AUTH_REQ_MASK(hdev); 1625c05b9339SJohan Hedberg 1626b6ae8457SJohan Hedberg if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && 1627c05b9339SJohan Hedberg (auth & SMP_AUTH_BONDING)) 1628b3c6410bSJohan Hedberg return SMP_PAIRING_NOTSUPP; 1629b3c6410bSJohan Hedberg 1630903b71c7SJohan Hedberg if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC)) 1631903b71c7SJohan Hedberg return SMP_AUTH_REQUIREMENTS; 1632903b71c7SJohan Hedberg 16331c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 16341c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], req, sizeof(*req)); 16353158c50cSVinicius Costa Gomes skb_pull(skb, sizeof(*req)); 163688ba43b6SAnderson Briglia 1637b5ae344dSJohan Hedberg /* SMP over BR/EDR requires special treatment */ 1638b5ae344dSJohan Hedberg if (conn->hcon->type == ACL_LINK) { 1639b5ae344dSJohan Hedberg /* We must have a BR/EDR SC link */ 1640b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags)) 1641b5ae344dSJohan Hedberg return SMP_CROSS_TRANSP_NOT_ALLOWED; 1642b5ae344dSJohan Hedberg 1643b5ae344dSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 1644b5ae344dSJohan Hedberg 1645b5ae344dSJohan Hedberg build_bredr_pairing_cmd(smp, req, &rsp); 1646b5ae344dSJohan Hedberg 1647b5ae344dSJohan Hedberg key_size = min(req->max_key_size, rsp.max_key_size); 1648b5ae344dSJohan Hedberg if (check_enc_key_size(conn, key_size)) 1649b5ae344dSJohan Hedberg return SMP_ENC_KEY_SIZE; 1650b5ae344dSJohan Hedberg 1651b5ae344dSJohan Hedberg /* Clear bits which are generated but not distributed */ 1652b5ae344dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 1653b5ae344dSJohan Hedberg 1654b5ae344dSJohan Hedberg smp->prsp[0] = SMP_CMD_PAIRING_RSP; 1655b5ae344dSJohan Hedberg memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1656b5ae344dSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 1657b5ae344dSJohan Hedberg 1658b5ae344dSJohan Hedberg smp_distribute_keys(smp); 1659b5ae344dSJohan Hedberg return 0; 1660b5ae344dSJohan Hedberg } 1661b5ae344dSJohan Hedberg 16625e3d3d9bSJohan Hedberg build_pairing_cmd(conn, req, &rsp, auth); 16635e3d3d9bSJohan Hedberg 16645e3d3d9bSJohan Hedberg if (rsp.auth_req & SMP_AUTH_SC) 16655e3d3d9bSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 16665e3d3d9bSJohan Hedberg 16675be5e275SJohan Hedberg if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 16681afc2a1aSJohan Hedberg sec_level = BT_SECURITY_MEDIUM; 16691afc2a1aSJohan Hedberg else 1670c7262e71SJohan Hedberg sec_level = authreq_to_seclevel(auth); 16711afc2a1aSJohan Hedberg 1672c7262e71SJohan Hedberg if (sec_level > conn->hcon->pending_sec_level) 1673c7262e71SJohan Hedberg conn->hcon->pending_sec_level = sec_level; 1674fdde0a26SIdo Yariv 167549c922bbSStephen Hemminger /* If we need MITM check that it can be achieved */ 16762ed8f65cSJohan Hedberg if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 16772ed8f65cSJohan Hedberg u8 method; 16782ed8f65cSJohan Hedberg 16792ed8f65cSJohan Hedberg method = get_auth_method(smp, conn->hcon->io_capability, 16802ed8f65cSJohan Hedberg req->io_capability); 16812ed8f65cSJohan Hedberg if (method == JUST_WORKS || method == JUST_CFM) 16822ed8f65cSJohan Hedberg return SMP_AUTH_REQUIREMENTS; 16832ed8f65cSJohan Hedberg } 16842ed8f65cSJohan Hedberg 16853158c50cSVinicius Costa Gomes key_size = min(req->max_key_size, rsp.max_key_size); 16863158c50cSVinicius Costa Gomes if (check_enc_key_size(conn, key_size)) 16873158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 168888ba43b6SAnderson Briglia 1689e84a6b13SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 16908aab4757SVinicius Costa Gomes 16911c1def09SVinicius Costa Gomes smp->prsp[0] = SMP_CMD_PAIRING_RSP; 16921c1def09SVinicius Costa Gomes memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1693f01ead31SAnderson Briglia 16943158c50cSVinicius Costa Gomes smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 16953b19146dSJohan Hedberg 16963b19146dSJohan Hedberg clear_bit(SMP_FLAG_INITIATOR, &smp->flags); 16973b19146dSJohan Hedberg 16983b19146dSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 16993b19146dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); 17003b19146dSJohan Hedberg /* Clear bits which are generated but not distributed */ 17013b19146dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 17023b19146dSJohan Hedberg /* Wait for Public Key from Initiating Device */ 17033b19146dSJohan Hedberg return 0; 17043b19146dSJohan Hedberg } else { 1705b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 17063b19146dSJohan Hedberg } 1707da85e5e5SVinicius Costa Gomes 17082b64d153SBrian Gix /* Request setup of TK */ 17092b64d153SBrian Gix ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 17102b64d153SBrian Gix if (ret) 17112b64d153SBrian Gix return SMP_UNSPECIFIED; 17122b64d153SBrian Gix 1713da85e5e5SVinicius Costa Gomes return 0; 171488ba43b6SAnderson Briglia } 171588ba43b6SAnderson Briglia 17163b19146dSJohan Hedberg static u8 sc_send_public_key(struct smp_chan *smp) 17173b19146dSJohan Hedberg { 171870157ef5SJohan Hedberg struct hci_dev *hdev = smp->conn->hcon->hdev; 171970157ef5SJohan Hedberg 17203b19146dSJohan Hedberg BT_DBG(""); 17213b19146dSJohan Hedberg 172270157ef5SJohan Hedberg if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) { 172370157ef5SJohan Hedberg BT_DBG("Using debug keys"); 172470157ef5SJohan Hedberg memcpy(smp->local_pk, debug_pk, 64); 172570157ef5SJohan Hedberg memcpy(smp->local_sk, debug_sk, 32); 172670157ef5SJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 172770157ef5SJohan Hedberg } else { 17286c0dcc50SJohan Hedberg while (true) { 17293b19146dSJohan Hedberg /* Generate local key pair for Secure Connections */ 17303b19146dSJohan Hedberg if (!ecc_make_key(smp->local_pk, smp->local_sk)) 17313b19146dSJohan Hedberg return SMP_UNSPECIFIED; 17323b19146dSJohan Hedberg 173370157ef5SJohan Hedberg /* This is unlikely, but we need to check that 173470157ef5SJohan Hedberg * we didn't accidentially generate a debug key. 17356c0dcc50SJohan Hedberg */ 17366c0dcc50SJohan Hedberg if (memcmp(smp->local_sk, debug_sk, 32)) 17376c0dcc50SJohan Hedberg break; 17386c0dcc50SJohan Hedberg } 173970157ef5SJohan Hedberg } 17406c0dcc50SJohan Hedberg 17413b19146dSJohan Hedberg BT_DBG("Local Public Key X: %32phN", smp->local_pk); 17423b19146dSJohan Hedberg BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]); 17433b19146dSJohan Hedberg BT_DBG("Local Private Key: %32phN", smp->local_sk); 17443b19146dSJohan Hedberg 17453b19146dSJohan Hedberg smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); 17463b19146dSJohan Hedberg 17473b19146dSJohan Hedberg return 0; 17483b19146dSJohan Hedberg } 17493b19146dSJohan Hedberg 1750da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 175188ba43b6SAnderson Briglia { 17523158c50cSVinicius Costa Gomes struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 17535d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 17545d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 17550edb14deSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 17563a7dbfb8SJohan Hedberg u8 key_size, auth; 17577d24ddccSAnderson Briglia int ret; 175888ba43b6SAnderson Briglia 175988ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 176088ba43b6SAnderson Briglia 1761c46b98beSJohan Hedberg if (skb->len < sizeof(*rsp)) 176238e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1763c46b98beSJohan Hedberg 176440bef302SJohan Hedberg if (conn->hcon->role != HCI_ROLE_MASTER) 17652b64d153SBrian Gix return SMP_CMD_NOTSUPP; 17662b64d153SBrian Gix 17673158c50cSVinicius Costa Gomes skb_pull(skb, sizeof(*rsp)); 1768da85e5e5SVinicius Costa Gomes 17691c1def09SVinicius Costa Gomes req = (void *) &smp->preq[1]; 17703158c50cSVinicius Costa Gomes 17713158c50cSVinicius Costa Gomes key_size = min(req->max_key_size, rsp->max_key_size); 17723158c50cSVinicius Costa Gomes if (check_enc_key_size(conn, key_size)) 17733158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 17743158c50cSVinicius Costa Gomes 17750edb14deSJohan Hedberg auth = rsp->auth_req & AUTH_REQ_MASK(hdev); 1776c05b9339SJohan Hedberg 1777903b71c7SJohan Hedberg if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC)) 1778903b71c7SJohan Hedberg return SMP_AUTH_REQUIREMENTS; 1779903b71c7SJohan Hedberg 1780b5ae344dSJohan Hedberg smp->prsp[0] = SMP_CMD_PAIRING_RSP; 1781b5ae344dSJohan Hedberg memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 1782b5ae344dSJohan Hedberg 1783b5ae344dSJohan Hedberg /* Update remote key distribution in case the remote cleared 1784b5ae344dSJohan Hedberg * some bits that we had enabled in our request. 1785b5ae344dSJohan Hedberg */ 1786b5ae344dSJohan Hedberg smp->remote_key_dist &= rsp->resp_key_dist; 1787b5ae344dSJohan Hedberg 1788b5ae344dSJohan Hedberg /* For BR/EDR this means we're done and can start phase 3 */ 1789b5ae344dSJohan Hedberg if (conn->hcon->type == ACL_LINK) { 1790b5ae344dSJohan Hedberg /* Clear bits which are generated but not distributed */ 1791b5ae344dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 1792b5ae344dSJohan Hedberg smp_distribute_keys(smp); 1793b5ae344dSJohan Hedberg return 0; 1794b5ae344dSJohan Hedberg } 1795b5ae344dSJohan Hedberg 179665668776SJohan Hedberg if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC)) 179765668776SJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 1798d2eb9e10SJohan Hedberg else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH) 1799d2eb9e10SJohan Hedberg conn->hcon->pending_sec_level = BT_SECURITY_HIGH; 180065668776SJohan Hedberg 180149c922bbSStephen Hemminger /* If we need MITM check that it can be achieved */ 18022ed8f65cSJohan Hedberg if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 18032ed8f65cSJohan Hedberg u8 method; 18042ed8f65cSJohan Hedberg 18052ed8f65cSJohan Hedberg method = get_auth_method(smp, req->io_capability, 18062ed8f65cSJohan Hedberg rsp->io_capability); 18072ed8f65cSJohan Hedberg if (method == JUST_WORKS || method == JUST_CFM) 18082ed8f65cSJohan Hedberg return SMP_AUTH_REQUIREMENTS; 18092ed8f65cSJohan Hedberg } 18102ed8f65cSJohan Hedberg 1811e84a6b13SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 18127d24ddccSAnderson Briglia 1813fdcc4becSJohan Hedberg /* Update remote key distribution in case the remote cleared 1814fdcc4becSJohan Hedberg * some bits that we had enabled in our request. 1815fdcc4becSJohan Hedberg */ 1816fdcc4becSJohan Hedberg smp->remote_key_dist &= rsp->resp_key_dist; 1817fdcc4becSJohan Hedberg 18183b19146dSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 18193b19146dSJohan Hedberg /* Clear bits which are generated but not distributed */ 18203b19146dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 18213b19146dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); 18223b19146dSJohan Hedberg return sc_send_public_key(smp); 18233b19146dSJohan Hedberg } 18243b19146dSJohan Hedberg 1825c05b9339SJohan Hedberg auth |= req->auth_req; 18262b64d153SBrian Gix 1827476585ecSJohan Hedberg ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 18282b64d153SBrian Gix if (ret) 18292b64d153SBrian Gix return SMP_UNSPECIFIED; 18302b64d153SBrian Gix 18314a74d658SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 18322b64d153SBrian Gix 18332b64d153SBrian Gix /* Can't compose response until we have been confirmed */ 18344a74d658SJohan Hedberg if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 18351cc61144SJohan Hedberg return smp_confirm(smp); 1836da85e5e5SVinicius Costa Gomes 1837da85e5e5SVinicius Costa Gomes return 0; 183888ba43b6SAnderson Briglia } 183988ba43b6SAnderson Briglia 1840dcee2b32SJohan Hedberg static u8 sc_check_confirm(struct smp_chan *smp) 1841dcee2b32SJohan Hedberg { 1842dcee2b32SJohan Hedberg struct l2cap_conn *conn = smp->conn; 1843dcee2b32SJohan Hedberg 1844dcee2b32SJohan Hedberg BT_DBG(""); 1845dcee2b32SJohan Hedberg 1846dcee2b32SJohan Hedberg /* Public Key exchange must happen before any other steps */ 1847dcee2b32SJohan Hedberg if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags)) 1848dcee2b32SJohan Hedberg return SMP_UNSPECIFIED; 1849dcee2b32SJohan Hedberg 185038606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 185138606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM); 185238606f14SJohan Hedberg 1853dcee2b32SJohan Hedberg if (conn->hcon->out) { 1854dcee2b32SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1855dcee2b32SJohan Hedberg smp->prnd); 1856dcee2b32SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 1857dcee2b32SJohan Hedberg } 1858dcee2b32SJohan Hedberg 1859dcee2b32SJohan Hedberg return 0; 1860dcee2b32SJohan Hedberg } 1861dcee2b32SJohan Hedberg 1862da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 186388ba43b6SAnderson Briglia { 18645d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 18655d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 18667d24ddccSAnderson Briglia 186788ba43b6SAnderson Briglia BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 186888ba43b6SAnderson Briglia 1869c46b98beSJohan Hedberg if (skb->len < sizeof(smp->pcnf)) 187038e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1871c46b98beSJohan Hedberg 18721c1def09SVinicius Costa Gomes memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 18731c1def09SVinicius Costa Gomes skb_pull(skb, sizeof(smp->pcnf)); 18747d24ddccSAnderson Briglia 1875dcee2b32SJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) 1876dcee2b32SJohan Hedberg return sc_check_confirm(smp); 1877dcee2b32SJohan Hedberg 1878b28b4943SJohan Hedberg if (conn->hcon->out) { 1879943a732aSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1880943a732aSJohan Hedberg smp->prnd); 1881b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 1882b28b4943SJohan Hedberg return 0; 1883b28b4943SJohan Hedberg } 1884b28b4943SJohan Hedberg 1885b28b4943SJohan Hedberg if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 18861cc61144SJohan Hedberg return smp_confirm(smp); 1887943a732aSJohan Hedberg else 18884a74d658SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 1889da85e5e5SVinicius Costa Gomes 1890da85e5e5SVinicius Costa Gomes return 0; 189188ba43b6SAnderson Briglia } 189288ba43b6SAnderson Briglia 1893da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 189488ba43b6SAnderson Briglia { 18955d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 18965d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 1897191dc7feSJohan Hedberg struct hci_conn *hcon = conn->hcon; 1898191dc7feSJohan Hedberg u8 *pkax, *pkbx, *na, *nb; 1899191dc7feSJohan Hedberg u32 passkey; 1900191dc7feSJohan Hedberg int err; 19017d24ddccSAnderson Briglia 19028aab4757SVinicius Costa Gomes BT_DBG("conn %p", conn); 19037d24ddccSAnderson Briglia 1904c46b98beSJohan Hedberg if (skb->len < sizeof(smp->rrnd)) 190538e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1906c46b98beSJohan Hedberg 1907943a732aSJohan Hedberg memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 19088aab4757SVinicius Costa Gomes skb_pull(skb, sizeof(smp->rrnd)); 190988ba43b6SAnderson Briglia 1910191dc7feSJohan Hedberg if (!test_bit(SMP_FLAG_SC, &smp->flags)) 1911861580a9SJohan Hedberg return smp_random(smp); 1912191dc7feSJohan Hedberg 191338606f14SJohan Hedberg /* Passkey entry has special treatment */ 191438606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 191538606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM); 191638606f14SJohan Hedberg 1917191dc7feSJohan Hedberg if (hcon->out) { 1918191dc7feSJohan Hedberg u8 cfm[16]; 1919191dc7feSJohan Hedberg 1920191dc7feSJohan Hedberg err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, 1921191dc7feSJohan Hedberg smp->rrnd, 0, cfm); 1922191dc7feSJohan Hedberg if (err) 1923191dc7feSJohan Hedberg return SMP_UNSPECIFIED; 1924191dc7feSJohan Hedberg 1925191dc7feSJohan Hedberg if (memcmp(smp->pcnf, cfm, 16)) 1926191dc7feSJohan Hedberg return SMP_CONFIRM_FAILED; 1927191dc7feSJohan Hedberg 1928191dc7feSJohan Hedberg pkax = smp->local_pk; 1929191dc7feSJohan Hedberg pkbx = smp->remote_pk; 1930191dc7feSJohan Hedberg na = smp->prnd; 1931191dc7feSJohan Hedberg nb = smp->rrnd; 1932191dc7feSJohan Hedberg } else { 1933191dc7feSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1934191dc7feSJohan Hedberg smp->prnd); 1935191dc7feSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1936191dc7feSJohan Hedberg 1937191dc7feSJohan Hedberg pkax = smp->remote_pk; 1938191dc7feSJohan Hedberg pkbx = smp->local_pk; 1939191dc7feSJohan Hedberg na = smp->rrnd; 1940191dc7feSJohan Hedberg nb = smp->prnd; 1941191dc7feSJohan Hedberg } 1942191dc7feSJohan Hedberg 1943760b018bSJohan Hedberg /* Generate MacKey and LTK */ 1944760b018bSJohan Hedberg err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk); 1945760b018bSJohan Hedberg if (err) 1946760b018bSJohan Hedberg return SMP_UNSPECIFIED; 1947760b018bSJohan Hedberg 1948dddd3059SJohan Hedberg if (smp->method == JUST_WORKS) { 1949dddd3059SJohan Hedberg if (hcon->out) { 195038606f14SJohan Hedberg sc_dhkey_check(smp); 1951dddd3059SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1952dddd3059SJohan Hedberg } 1953dddd3059SJohan Hedberg return 0; 1954dddd3059SJohan Hedberg } 1955dddd3059SJohan Hedberg 195638606f14SJohan Hedberg err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey); 1957191dc7feSJohan Hedberg if (err) 1958191dc7feSJohan Hedberg return SMP_UNSPECIFIED; 1959191dc7feSJohan Hedberg 196038606f14SJohan Hedberg err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type, 196138606f14SJohan Hedberg hcon->dst_type, passkey, 0); 196238606f14SJohan Hedberg if (err) 196338606f14SJohan Hedberg return SMP_UNSPECIFIED; 196438606f14SJohan Hedberg 196538606f14SJohan Hedberg set_bit(SMP_FLAG_WAIT_USER, &smp->flags); 196638606f14SJohan Hedberg 1967191dc7feSJohan Hedberg return 0; 196888ba43b6SAnderson Briglia } 196988ba43b6SAnderson Briglia 1970f81cd823SMarcel Holtmann static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 1971988c5997SVinicius Costa Gomes { 1972c9839a11SVinicius Costa Gomes struct smp_ltk *key; 1973988c5997SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 1974988c5997SVinicius Costa Gomes 1975f3a73d97SJohan Hedberg key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role); 1976988c5997SVinicius Costa Gomes if (!key) 1977f81cd823SMarcel Holtmann return false; 1978988c5997SVinicius Costa Gomes 1979a6f7833cSJohan Hedberg if (smp_ltk_sec_level(key) < sec_level) 1980f81cd823SMarcel Holtmann return false; 19814dab7864SJohan Hedberg 198251a8efd7SJohan Hedberg if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 1983f81cd823SMarcel Holtmann return true; 1984988c5997SVinicius Costa Gomes 1985c9839a11SVinicius Costa Gomes hci_le_start_enc(hcon, key->ediv, key->rand, key->val); 1986c9839a11SVinicius Costa Gomes hcon->enc_key_size = key->enc_size; 1987988c5997SVinicius Costa Gomes 1988fe59a05fSJohan Hedberg /* We never store STKs for master role, so clear this flag */ 1989fe59a05fSJohan Hedberg clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 1990fe59a05fSJohan Hedberg 1991f81cd823SMarcel Holtmann return true; 1992988c5997SVinicius Costa Gomes } 1993f1560463SMarcel Holtmann 199435dc6f83SJohan Hedberg bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level, 199535dc6f83SJohan Hedberg enum smp_key_pref key_pref) 1996854f4727SJohan Hedberg { 1997854f4727SJohan Hedberg if (sec_level == BT_SECURITY_LOW) 1998854f4727SJohan Hedberg return true; 1999854f4727SJohan Hedberg 200035dc6f83SJohan Hedberg /* If we're encrypted with an STK but the caller prefers using 200135dc6f83SJohan Hedberg * LTK claim insufficient security. This way we allow the 200235dc6f83SJohan Hedberg * connection to be re-encrypted with an LTK, even if the LTK 200335dc6f83SJohan Hedberg * provides the same level of security. Only exception is if we 200435dc6f83SJohan Hedberg * don't have an LTK (e.g. because of key distribution bits). 20059ab65d60SJohan Hedberg */ 200635dc6f83SJohan Hedberg if (key_pref == SMP_USE_LTK && 200735dc6f83SJohan Hedberg test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && 2008f3a73d97SJohan Hedberg hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role)) 20099ab65d60SJohan Hedberg return false; 20109ab65d60SJohan Hedberg 2011854f4727SJohan Hedberg if (hcon->sec_level >= sec_level) 2012854f4727SJohan Hedberg return true; 2013854f4727SJohan Hedberg 2014854f4727SJohan Hedberg return false; 2015854f4727SJohan Hedberg } 2016854f4727SJohan Hedberg 2017da85e5e5SVinicius Costa Gomes static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) 201888ba43b6SAnderson Briglia { 201988ba43b6SAnderson Briglia struct smp_cmd_security_req *rp = (void *) skb->data; 202088ba43b6SAnderson Briglia struct smp_cmd_pairing cp; 2021f1cb9af5SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 20220edb14deSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 20238aab4757SVinicius Costa Gomes struct smp_chan *smp; 2024c05b9339SJohan Hedberg u8 sec_level, auth; 202588ba43b6SAnderson Briglia 202688ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 202788ba43b6SAnderson Briglia 2028c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 202938e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2030c46b98beSJohan Hedberg 203140bef302SJohan Hedberg if (hcon->role != HCI_ROLE_MASTER) 203286ca9eacSJohan Hedberg return SMP_CMD_NOTSUPP; 203386ca9eacSJohan Hedberg 20340edb14deSJohan Hedberg auth = rp->auth_req & AUTH_REQ_MASK(hdev); 2035c05b9339SJohan Hedberg 2036903b71c7SJohan Hedberg if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC)) 2037903b71c7SJohan Hedberg return SMP_AUTH_REQUIREMENTS; 2038903b71c7SJohan Hedberg 20395be5e275SJohan Hedberg if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 20401afc2a1aSJohan Hedberg sec_level = BT_SECURITY_MEDIUM; 20411afc2a1aSJohan Hedberg else 2042c05b9339SJohan Hedberg sec_level = authreq_to_seclevel(auth); 20431afc2a1aSJohan Hedberg 204435dc6f83SJohan Hedberg if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) 2045854f4727SJohan Hedberg return 0; 2046854f4727SJohan Hedberg 2047c7262e71SJohan Hedberg if (sec_level > hcon->pending_sec_level) 2048c7262e71SJohan Hedberg hcon->pending_sec_level = sec_level; 2049feb45eb5SVinicius Costa Gomes 20504dab7864SJohan Hedberg if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2051988c5997SVinicius Costa Gomes return 0; 2052988c5997SVinicius Costa Gomes 20538aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 2054c29d2444SJohan Hedberg if (!smp) 2055c29d2444SJohan Hedberg return SMP_UNSPECIFIED; 2056d26a2345SVinicius Costa Gomes 2057b6ae8457SJohan Hedberg if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) && 2058c05b9339SJohan Hedberg (auth & SMP_AUTH_BONDING)) 2059616d55beSJohan Hedberg return SMP_PAIRING_NOTSUPP; 2060616d55beSJohan Hedberg 206188ba43b6SAnderson Briglia skb_pull(skb, sizeof(*rp)); 206288ba43b6SAnderson Briglia 2063da85e5e5SVinicius Costa Gomes memset(&cp, 0, sizeof(cp)); 2064c05b9339SJohan Hedberg build_pairing_cmd(conn, &cp, NULL, auth); 206588ba43b6SAnderson Briglia 20661c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 20671c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], &cp, sizeof(cp)); 2068f01ead31SAnderson Briglia 206988ba43b6SAnderson Briglia smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 2070b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2071f1cb9af5SVinicius Costa Gomes 2072da85e5e5SVinicius Costa Gomes return 0; 207388ba43b6SAnderson Briglia } 207488ba43b6SAnderson Briglia 2075cc110922SVinicius Costa Gomes int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) 2076eb492e01SAnderson Briglia { 2077cc110922SVinicius Costa Gomes struct l2cap_conn *conn = hcon->l2cap_data; 2078c68b7f12SJohan Hedberg struct l2cap_chan *chan; 20790a66cf20SJohan Hedberg struct smp_chan *smp; 20802b64d153SBrian Gix __u8 authreq; 2081fc75cc86SJohan Hedberg int ret; 2082eb492e01SAnderson Briglia 20833a0259bbSVinicius Costa Gomes BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 20843a0259bbSVinicius Costa Gomes 20850a66cf20SJohan Hedberg /* This may be NULL if there's an unexpected disconnection */ 20860a66cf20SJohan Hedberg if (!conn) 20870a66cf20SJohan Hedberg return 1; 20880a66cf20SJohan Hedberg 2089c68b7f12SJohan Hedberg chan = conn->smp; 2090c68b7f12SJohan Hedberg 2091757aee0fSJohan Hedberg if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 20922e65c9d2SAndre Guedes return 1; 20932e65c9d2SAndre Guedes 209435dc6f83SJohan Hedberg if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) 2095f1cb9af5SVinicius Costa Gomes return 1; 2096f1cb9af5SVinicius Costa Gomes 2097c7262e71SJohan Hedberg if (sec_level > hcon->pending_sec_level) 2098c7262e71SJohan Hedberg hcon->pending_sec_level = sec_level; 2099c7262e71SJohan Hedberg 210040bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) 2101c7262e71SJohan Hedberg if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2102c7262e71SJohan Hedberg return 0; 2103d26a2345SVinicius Costa Gomes 2104fc75cc86SJohan Hedberg l2cap_chan_lock(chan); 2105fc75cc86SJohan Hedberg 2106fc75cc86SJohan Hedberg /* If SMP is already in progress ignore this request */ 2107fc75cc86SJohan Hedberg if (chan->data) { 2108fc75cc86SJohan Hedberg ret = 0; 2109fc75cc86SJohan Hedberg goto unlock; 2110fc75cc86SJohan Hedberg } 2111d26a2345SVinicius Costa Gomes 21128aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 2113fc75cc86SJohan Hedberg if (!smp) { 2114fc75cc86SJohan Hedberg ret = 1; 2115fc75cc86SJohan Hedberg goto unlock; 2116fc75cc86SJohan Hedberg } 21172b64d153SBrian Gix 21182b64d153SBrian Gix authreq = seclevel_to_authreq(sec_level); 2119d26a2345SVinicius Costa Gomes 2120d2eb9e10SJohan Hedberg if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags)) 2121d2eb9e10SJohan Hedberg authreq |= SMP_AUTH_SC; 2122d2eb9e10SJohan Hedberg 212379897d20SJohan Hedberg /* Require MITM if IO Capability allows or the security level 212479897d20SJohan Hedberg * requires it. 21252e233644SJohan Hedberg */ 212679897d20SJohan Hedberg if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || 2127c7262e71SJohan Hedberg hcon->pending_sec_level > BT_SECURITY_MEDIUM) 21282e233644SJohan Hedberg authreq |= SMP_AUTH_MITM; 21292e233644SJohan Hedberg 213040bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) { 2131d26a2345SVinicius Costa Gomes struct smp_cmd_pairing cp; 2132f01ead31SAnderson Briglia 21332b64d153SBrian Gix build_pairing_cmd(conn, &cp, NULL, authreq); 21341c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 21351c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], &cp, sizeof(cp)); 2136f01ead31SAnderson Briglia 2137eb492e01SAnderson Briglia smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 2138b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2139eb492e01SAnderson Briglia } else { 2140eb492e01SAnderson Briglia struct smp_cmd_security_req cp; 21412b64d153SBrian Gix cp.auth_req = authreq; 2142eb492e01SAnderson Briglia smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 2143b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ); 2144eb492e01SAnderson Briglia } 2145eb492e01SAnderson Briglia 21464a74d658SJohan Hedberg set_bit(SMP_FLAG_INITIATOR, &smp->flags); 2147fc75cc86SJohan Hedberg ret = 0; 2148edca792cSJohan Hedberg 2149fc75cc86SJohan Hedberg unlock: 2150fc75cc86SJohan Hedberg l2cap_chan_unlock(chan); 2151fc75cc86SJohan Hedberg return ret; 2152eb492e01SAnderson Briglia } 2153eb492e01SAnderson Briglia 21547034b911SVinicius Costa Gomes static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) 21557034b911SVinicius Costa Gomes { 215616b90839SVinicius Costa Gomes struct smp_cmd_encrypt_info *rp = (void *) skb->data; 21575d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 21585d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 215916b90839SVinicius Costa Gomes 2160c46b98beSJohan Hedberg BT_DBG("conn %p", conn); 2161c46b98beSJohan Hedberg 2162c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 216338e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2164c46b98beSJohan Hedberg 2165b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT); 21666131ddc8SJohan Hedberg 216716b90839SVinicius Costa Gomes skb_pull(skb, sizeof(*rp)); 216816b90839SVinicius Costa Gomes 21691c1def09SVinicius Costa Gomes memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); 217016b90839SVinicius Costa Gomes 21717034b911SVinicius Costa Gomes return 0; 21727034b911SVinicius Costa Gomes } 21737034b911SVinicius Costa Gomes 21747034b911SVinicius Costa Gomes static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) 21757034b911SVinicius Costa Gomes { 217616b90839SVinicius Costa Gomes struct smp_cmd_master_ident *rp = (void *) skb->data; 21775d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 21785d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2179c9839a11SVinicius Costa Gomes struct hci_dev *hdev = conn->hcon->hdev; 2180c9839a11SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 218123d0e128SJohan Hedberg struct smp_ltk *ltk; 2182c9839a11SVinicius Costa Gomes u8 authenticated; 21837034b911SVinicius Costa Gomes 2184c46b98beSJohan Hedberg BT_DBG("conn %p", conn); 2185c46b98beSJohan Hedberg 2186c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 218738e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2188c46b98beSJohan Hedberg 21899747a9f3SJohan Hedberg /* Mark the information as received */ 21909747a9f3SJohan Hedberg smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; 21919747a9f3SJohan Hedberg 2192b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_ID_KEY) 2193b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); 2194196332f5SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_SIGN) 2195196332f5SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 2196b28b4943SJohan Hedberg 219716b90839SVinicius Costa Gomes skb_pull(skb, sizeof(*rp)); 219816b90839SVinicius Costa Gomes 2199ce39fb4eSMarcel Holtmann authenticated = (hcon->sec_level == BT_SECURITY_HIGH); 22002ceba539SJohan Hedberg ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK, 2201ce39fb4eSMarcel Holtmann authenticated, smp->tk, smp->enc_key_size, 220204124681SGustavo F. Padovan rp->ediv, rp->rand); 220323d0e128SJohan Hedberg smp->ltk = ltk; 2204c6e81e9aSJohan Hedberg if (!(smp->remote_key_dist & KEY_DIST_MASK)) 2205d6268e86SJohan Hedberg smp_distribute_keys(smp); 22067034b911SVinicius Costa Gomes 22077034b911SVinicius Costa Gomes return 0; 22087034b911SVinicius Costa Gomes } 22097034b911SVinicius Costa Gomes 2210fd349c02SJohan Hedberg static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb) 2211fd349c02SJohan Hedberg { 2212fd349c02SJohan Hedberg struct smp_cmd_ident_info *info = (void *) skb->data; 22135d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 22145d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2215fd349c02SJohan Hedberg 2216fd349c02SJohan Hedberg BT_DBG(""); 2217fd349c02SJohan Hedberg 2218fd349c02SJohan Hedberg if (skb->len < sizeof(*info)) 221938e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2220fd349c02SJohan Hedberg 2221b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO); 22226131ddc8SJohan Hedberg 2223fd349c02SJohan Hedberg skb_pull(skb, sizeof(*info)); 2224fd349c02SJohan Hedberg 2225fd349c02SJohan Hedberg memcpy(smp->irk, info->irk, 16); 2226fd349c02SJohan Hedberg 2227fd349c02SJohan Hedberg return 0; 2228fd349c02SJohan Hedberg } 2229fd349c02SJohan Hedberg 2230fd349c02SJohan Hedberg static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, 2231fd349c02SJohan Hedberg struct sk_buff *skb) 2232fd349c02SJohan Hedberg { 2233fd349c02SJohan Hedberg struct smp_cmd_ident_addr_info *info = (void *) skb->data; 22345d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 22355d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2236fd349c02SJohan Hedberg struct hci_conn *hcon = conn->hcon; 2237fd349c02SJohan Hedberg bdaddr_t rpa; 2238fd349c02SJohan Hedberg 2239fd349c02SJohan Hedberg BT_DBG(""); 2240fd349c02SJohan Hedberg 2241fd349c02SJohan Hedberg if (skb->len < sizeof(*info)) 224238e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2243fd349c02SJohan Hedberg 22449747a9f3SJohan Hedberg /* Mark the information as received */ 22459747a9f3SJohan Hedberg smp->remote_key_dist &= ~SMP_DIST_ID_KEY; 22469747a9f3SJohan Hedberg 2247b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_SIGN) 2248b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 2249b28b4943SJohan Hedberg 2250fd349c02SJohan Hedberg skb_pull(skb, sizeof(*info)); 2251fd349c02SJohan Hedberg 2252a9a58f86SJohan Hedberg /* Strictly speaking the Core Specification (4.1) allows sending 2253a9a58f86SJohan Hedberg * an empty address which would force us to rely on just the IRK 2254a9a58f86SJohan Hedberg * as "identity information". However, since such 2255a9a58f86SJohan Hedberg * implementations are not known of and in order to not over 2256a9a58f86SJohan Hedberg * complicate our implementation, simply pretend that we never 2257a9a58f86SJohan Hedberg * received an IRK for such a device. 2258a9a58f86SJohan Hedberg */ 2259a9a58f86SJohan Hedberg if (!bacmp(&info->bdaddr, BDADDR_ANY)) { 2260a9a58f86SJohan Hedberg BT_ERR("Ignoring IRK with no identity address"); 226131dd624eSJohan Hedberg goto distribute; 2262a9a58f86SJohan Hedberg } 2263a9a58f86SJohan Hedberg 2264fd349c02SJohan Hedberg bacpy(&smp->id_addr, &info->bdaddr); 2265fd349c02SJohan Hedberg smp->id_addr_type = info->addr_type; 2266fd349c02SJohan Hedberg 2267fd349c02SJohan Hedberg if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) 2268fd349c02SJohan Hedberg bacpy(&rpa, &hcon->dst); 2269fd349c02SJohan Hedberg else 2270fd349c02SJohan Hedberg bacpy(&rpa, BDADDR_ANY); 2271fd349c02SJohan Hedberg 227223d0e128SJohan Hedberg smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, 227323d0e128SJohan Hedberg smp->id_addr_type, smp->irk, &rpa); 2274fd349c02SJohan Hedberg 227531dd624eSJohan Hedberg distribute: 2276c6e81e9aSJohan Hedberg if (!(smp->remote_key_dist & KEY_DIST_MASK)) 2277d6268e86SJohan Hedberg smp_distribute_keys(smp); 2278fd349c02SJohan Hedberg 2279fd349c02SJohan Hedberg return 0; 2280fd349c02SJohan Hedberg } 2281fd349c02SJohan Hedberg 22827ee4ea36SMarcel Holtmann static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb) 22837ee4ea36SMarcel Holtmann { 22847ee4ea36SMarcel Holtmann struct smp_cmd_sign_info *rp = (void *) skb->data; 22855d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 22865d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 22877ee4ea36SMarcel Holtmann struct smp_csrk *csrk; 22887ee4ea36SMarcel Holtmann 22897ee4ea36SMarcel Holtmann BT_DBG("conn %p", conn); 22907ee4ea36SMarcel Holtmann 22917ee4ea36SMarcel Holtmann if (skb->len < sizeof(*rp)) 229238e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 22937ee4ea36SMarcel Holtmann 22947ee4ea36SMarcel Holtmann /* Mark the information as received */ 22957ee4ea36SMarcel Holtmann smp->remote_key_dist &= ~SMP_DIST_SIGN; 22967ee4ea36SMarcel Holtmann 22977ee4ea36SMarcel Holtmann skb_pull(skb, sizeof(*rp)); 22987ee4ea36SMarcel Holtmann 22997ee4ea36SMarcel Holtmann csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 23007ee4ea36SMarcel Holtmann if (csrk) { 23017ee4ea36SMarcel Holtmann csrk->master = 0x01; 23027ee4ea36SMarcel Holtmann memcpy(csrk->val, rp->csrk, sizeof(csrk->val)); 23037ee4ea36SMarcel Holtmann } 23047ee4ea36SMarcel Holtmann smp->csrk = csrk; 2305d6268e86SJohan Hedberg smp_distribute_keys(smp); 23067ee4ea36SMarcel Holtmann 23077ee4ea36SMarcel Holtmann return 0; 23087ee4ea36SMarcel Holtmann } 23097ee4ea36SMarcel Holtmann 23105e3d3d9bSJohan Hedberg static u8 sc_select_method(struct smp_chan *smp) 23115e3d3d9bSJohan Hedberg { 23125e3d3d9bSJohan Hedberg struct l2cap_conn *conn = smp->conn; 23135e3d3d9bSJohan Hedberg struct hci_conn *hcon = conn->hcon; 23145e3d3d9bSJohan Hedberg struct smp_cmd_pairing *local, *remote; 23155e3d3d9bSJohan Hedberg u8 local_mitm, remote_mitm, local_io, remote_io, method; 23165e3d3d9bSJohan Hedberg 23175e3d3d9bSJohan Hedberg /* The preq/prsp contain the raw Pairing Request/Response PDUs 23185e3d3d9bSJohan Hedberg * which are needed as inputs to some crypto functions. To get 23195e3d3d9bSJohan Hedberg * the "struct smp_cmd_pairing" from them we need to skip the 23205e3d3d9bSJohan Hedberg * first byte which contains the opcode. 23215e3d3d9bSJohan Hedberg */ 23225e3d3d9bSJohan Hedberg if (hcon->out) { 23235e3d3d9bSJohan Hedberg local = (void *) &smp->preq[1]; 23245e3d3d9bSJohan Hedberg remote = (void *) &smp->prsp[1]; 23255e3d3d9bSJohan Hedberg } else { 23265e3d3d9bSJohan Hedberg local = (void *) &smp->prsp[1]; 23275e3d3d9bSJohan Hedberg remote = (void *) &smp->preq[1]; 23285e3d3d9bSJohan Hedberg } 23295e3d3d9bSJohan Hedberg 23305e3d3d9bSJohan Hedberg local_io = local->io_capability; 23315e3d3d9bSJohan Hedberg remote_io = remote->io_capability; 23325e3d3d9bSJohan Hedberg 23335e3d3d9bSJohan Hedberg local_mitm = (local->auth_req & SMP_AUTH_MITM); 23345e3d3d9bSJohan Hedberg remote_mitm = (remote->auth_req & SMP_AUTH_MITM); 23355e3d3d9bSJohan Hedberg 23365e3d3d9bSJohan Hedberg /* If either side wants MITM, look up the method from the table, 23375e3d3d9bSJohan Hedberg * otherwise use JUST WORKS. 23385e3d3d9bSJohan Hedberg */ 23395e3d3d9bSJohan Hedberg if (local_mitm || remote_mitm) 23405e3d3d9bSJohan Hedberg method = get_auth_method(smp, local_io, remote_io); 23415e3d3d9bSJohan Hedberg else 23425e3d3d9bSJohan Hedberg method = JUST_WORKS; 23435e3d3d9bSJohan Hedberg 23445e3d3d9bSJohan Hedberg /* Don't confirm locally initiated pairing attempts */ 23455e3d3d9bSJohan Hedberg if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 23465e3d3d9bSJohan Hedberg method = JUST_WORKS; 23475e3d3d9bSJohan Hedberg 23485e3d3d9bSJohan Hedberg return method; 23495e3d3d9bSJohan Hedberg } 23505e3d3d9bSJohan Hedberg 2351d8f8edbeSJohan Hedberg static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb) 2352d8f8edbeSJohan Hedberg { 2353d8f8edbeSJohan Hedberg struct smp_cmd_public_key *key = (void *) skb->data; 2354d8f8edbeSJohan Hedberg struct hci_conn *hcon = conn->hcon; 2355d8f8edbeSJohan Hedberg struct l2cap_chan *chan = conn->smp; 2356d8f8edbeSJohan Hedberg struct smp_chan *smp = chan->data; 23575e3d3d9bSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 2358cbbbe3e2SJohan Hedberg struct smp_cmd_pairing_confirm cfm; 2359d8f8edbeSJohan Hedberg int err; 2360d8f8edbeSJohan Hedberg 2361d8f8edbeSJohan Hedberg BT_DBG("conn %p", conn); 2362d8f8edbeSJohan Hedberg 2363d8f8edbeSJohan Hedberg if (skb->len < sizeof(*key)) 2364d8f8edbeSJohan Hedberg return SMP_INVALID_PARAMS; 2365d8f8edbeSJohan Hedberg 2366d8f8edbeSJohan Hedberg memcpy(smp->remote_pk, key, 64); 2367d8f8edbeSJohan Hedberg 2368d8f8edbeSJohan Hedberg /* Non-initiating device sends its public key after receiving 2369d8f8edbeSJohan Hedberg * the key from the initiating device. 2370d8f8edbeSJohan Hedberg */ 2371d8f8edbeSJohan Hedberg if (!hcon->out) { 2372d8f8edbeSJohan Hedberg err = sc_send_public_key(smp); 2373d8f8edbeSJohan Hedberg if (err) 2374d8f8edbeSJohan Hedberg return err; 2375d8f8edbeSJohan Hedberg } 2376d8f8edbeSJohan Hedberg 2377d8f8edbeSJohan Hedberg BT_DBG("Remote Public Key X: %32phN", smp->remote_pk); 2378d8f8edbeSJohan Hedberg BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]); 2379d8f8edbeSJohan Hedberg 2380d8f8edbeSJohan Hedberg if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey)) 2381d8f8edbeSJohan Hedberg return SMP_UNSPECIFIED; 2382d8f8edbeSJohan Hedberg 2383d8f8edbeSJohan Hedberg BT_DBG("DHKey %32phN", smp->dhkey); 2384d8f8edbeSJohan Hedberg 2385d8f8edbeSJohan Hedberg set_bit(SMP_FLAG_REMOTE_PK, &smp->flags); 2386d8f8edbeSJohan Hedberg 23875e3d3d9bSJohan Hedberg smp->method = sc_select_method(smp); 23885e3d3d9bSJohan Hedberg 23895e3d3d9bSJohan Hedberg BT_DBG("%s selected method 0x%02x", hdev->name, smp->method); 23905e3d3d9bSJohan Hedberg 23915e3d3d9bSJohan Hedberg /* JUST_WORKS and JUST_CFM result in an unauthenticated key */ 23925e3d3d9bSJohan Hedberg if (smp->method == JUST_WORKS || smp->method == JUST_CFM) 23935e3d3d9bSJohan Hedberg hcon->pending_sec_level = BT_SECURITY_MEDIUM; 23945e3d3d9bSJohan Hedberg else 23955e3d3d9bSJohan Hedberg hcon->pending_sec_level = BT_SECURITY_FIPS; 23965e3d3d9bSJohan Hedberg 2397aeb7d461SJohan Hedberg if (!memcmp(debug_pk, smp->remote_pk, 64)) 2398aeb7d461SJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 2399aeb7d461SJohan Hedberg 240038606f14SJohan Hedberg if (smp->method == DSP_PASSKEY) { 240138606f14SJohan Hedberg get_random_bytes(&hcon->passkey_notify, 240238606f14SJohan Hedberg sizeof(hcon->passkey_notify)); 240338606f14SJohan Hedberg hcon->passkey_notify %= 1000000; 240438606f14SJohan Hedberg hcon->passkey_entered = 0; 240538606f14SJohan Hedberg smp->passkey_round = 0; 240638606f14SJohan Hedberg if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type, 240738606f14SJohan Hedberg hcon->dst_type, 240838606f14SJohan Hedberg hcon->passkey_notify, 240938606f14SJohan Hedberg hcon->passkey_entered)) 241038606f14SJohan Hedberg return SMP_UNSPECIFIED; 241138606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 241238606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY); 241338606f14SJohan Hedberg } 241438606f14SJohan Hedberg 241538606f14SJohan Hedberg if (hcon->out) 241638606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 241738606f14SJohan Hedberg 241838606f14SJohan Hedberg if (smp->method == REQ_PASSKEY) { 241938606f14SJohan Hedberg if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type, 242038606f14SJohan Hedberg hcon->dst_type)) 242138606f14SJohan Hedberg return SMP_UNSPECIFIED; 242238606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 242338606f14SJohan Hedberg set_bit(SMP_FLAG_WAIT_USER, &smp->flags); 242438606f14SJohan Hedberg return 0; 242538606f14SJohan Hedberg } 242638606f14SJohan Hedberg 2427cbbbe3e2SJohan Hedberg /* The Initiating device waits for the non-initiating device to 2428cbbbe3e2SJohan Hedberg * send the confirm value. 2429cbbbe3e2SJohan Hedberg */ 2430cbbbe3e2SJohan Hedberg if (conn->hcon->out) 2431cbbbe3e2SJohan Hedberg return 0; 2432cbbbe3e2SJohan Hedberg 2433cbbbe3e2SJohan Hedberg err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, 2434cbbbe3e2SJohan Hedberg 0, cfm.confirm_val); 2435cbbbe3e2SJohan Hedberg if (err) 2436cbbbe3e2SJohan Hedberg return SMP_UNSPECIFIED; 2437cbbbe3e2SJohan Hedberg 2438cbbbe3e2SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm); 2439cbbbe3e2SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 2440cbbbe3e2SJohan Hedberg 2441d8f8edbeSJohan Hedberg return 0; 2442d8f8edbeSJohan Hedberg } 2443d8f8edbeSJohan Hedberg 24446433a9a2SJohan Hedberg static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb) 24456433a9a2SJohan Hedberg { 24466433a9a2SJohan Hedberg struct smp_cmd_dhkey_check *check = (void *) skb->data; 24476433a9a2SJohan Hedberg struct l2cap_chan *chan = conn->smp; 24486433a9a2SJohan Hedberg struct hci_conn *hcon = conn->hcon; 24496433a9a2SJohan Hedberg struct smp_chan *smp = chan->data; 24506433a9a2SJohan Hedberg u8 a[7], b[7], *local_addr, *remote_addr; 24516433a9a2SJohan Hedberg u8 io_cap[3], r[16], e[16]; 24526433a9a2SJohan Hedberg int err; 24536433a9a2SJohan Hedberg 24546433a9a2SJohan Hedberg BT_DBG("conn %p", conn); 24556433a9a2SJohan Hedberg 24566433a9a2SJohan Hedberg if (skb->len < sizeof(*check)) 24576433a9a2SJohan Hedberg return SMP_INVALID_PARAMS; 24586433a9a2SJohan Hedberg 24596433a9a2SJohan Hedberg memcpy(a, &hcon->init_addr, 6); 24606433a9a2SJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 24616433a9a2SJohan Hedberg a[6] = hcon->init_addr_type; 24626433a9a2SJohan Hedberg b[6] = hcon->resp_addr_type; 24636433a9a2SJohan Hedberg 24646433a9a2SJohan Hedberg if (hcon->out) { 24656433a9a2SJohan Hedberg local_addr = a; 24666433a9a2SJohan Hedberg remote_addr = b; 24676433a9a2SJohan Hedberg memcpy(io_cap, &smp->prsp[1], 3); 24686433a9a2SJohan Hedberg } else { 24696433a9a2SJohan Hedberg local_addr = b; 24706433a9a2SJohan Hedberg remote_addr = a; 24716433a9a2SJohan Hedberg memcpy(io_cap, &smp->preq[1], 3); 24726433a9a2SJohan Hedberg } 24736433a9a2SJohan Hedberg 24746433a9a2SJohan Hedberg memset(r, 0, sizeof(r)); 24756433a9a2SJohan Hedberg 247638606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 247738606f14SJohan Hedberg put_unaligned_le32(hcon->passkey_notify, r); 247838606f14SJohan Hedberg 24796433a9a2SJohan Hedberg err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, 24806433a9a2SJohan Hedberg io_cap, remote_addr, local_addr, e); 24816433a9a2SJohan Hedberg if (err) 24826433a9a2SJohan Hedberg return SMP_UNSPECIFIED; 24836433a9a2SJohan Hedberg 24846433a9a2SJohan Hedberg if (memcmp(check->e, e, 16)) 24856433a9a2SJohan Hedberg return SMP_DHKEY_CHECK_FAILED; 24866433a9a2SJohan Hedberg 2487d3e54a87SJohan Hedberg if (!hcon->out) { 2488d3e54a87SJohan Hedberg if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { 2489d3e54a87SJohan Hedberg set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags); 2490d3e54a87SJohan Hedberg return 0; 2491d3e54a87SJohan Hedberg } 2492d378a2d7SJohan Hedberg 2493d3e54a87SJohan Hedberg /* Slave sends DHKey check as response to master */ 2494d3e54a87SJohan Hedberg sc_dhkey_check(smp); 2495d3e54a87SJohan Hedberg } 2496d378a2d7SJohan Hedberg 2497d3e54a87SJohan Hedberg sc_add_ltk(smp); 24986433a9a2SJohan Hedberg 24996433a9a2SJohan Hedberg if (hcon->out) { 25006433a9a2SJohan Hedberg hci_le_start_enc(hcon, 0, 0, smp->tk); 25016433a9a2SJohan Hedberg hcon->enc_key_size = smp->enc_key_size; 25026433a9a2SJohan Hedberg } 25036433a9a2SJohan Hedberg 25046433a9a2SJohan Hedberg return 0; 25056433a9a2SJohan Hedberg } 25066433a9a2SJohan Hedberg 25071408bb6eSJohan Hedberg static int smp_cmd_keypress_notify(struct l2cap_conn *conn, 25081408bb6eSJohan Hedberg struct sk_buff *skb) 25091408bb6eSJohan Hedberg { 25101408bb6eSJohan Hedberg struct smp_cmd_keypress_notify *kp = (void *) skb->data; 25111408bb6eSJohan Hedberg 25121408bb6eSJohan Hedberg BT_DBG("value 0x%02x", kp->value); 25131408bb6eSJohan Hedberg 25141408bb6eSJohan Hedberg return 0; 25151408bb6eSJohan Hedberg } 25161408bb6eSJohan Hedberg 25174befb867SJohan Hedberg static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb) 2518eb492e01SAnderson Briglia { 25195d88cc73SJohan Hedberg struct l2cap_conn *conn = chan->conn; 25207b9899dbSMarcel Holtmann struct hci_conn *hcon = conn->hcon; 2521b28b4943SJohan Hedberg struct smp_chan *smp; 252292381f5cSMarcel Holtmann __u8 code, reason; 2523eb492e01SAnderson Briglia int err = 0; 2524eb492e01SAnderson Briglia 25258ae9b984SJohan Hedberg if (skb->len < 1) 252692381f5cSMarcel Holtmann return -EILSEQ; 252792381f5cSMarcel Holtmann 252806ae3314SMarcel Holtmann if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) { 25292e65c9d2SAndre Guedes reason = SMP_PAIRING_NOTSUPP; 25302e65c9d2SAndre Guedes goto done; 25312e65c9d2SAndre Guedes } 25322e65c9d2SAndre Guedes 253392381f5cSMarcel Holtmann code = skb->data[0]; 2534eb492e01SAnderson Briglia skb_pull(skb, sizeof(code)); 2535eb492e01SAnderson Briglia 2536b28b4943SJohan Hedberg smp = chan->data; 2537b28b4943SJohan Hedberg 2538b28b4943SJohan Hedberg if (code > SMP_CMD_MAX) 2539b28b4943SJohan Hedberg goto drop; 2540b28b4943SJohan Hedberg 254124bd0bd9SJohan Hedberg if (smp && !test_and_clear_bit(code, &smp->allow_cmd)) 2542b28b4943SJohan Hedberg goto drop; 2543b28b4943SJohan Hedberg 2544b28b4943SJohan Hedberg /* If we don't have a context the only allowed commands are 2545b28b4943SJohan Hedberg * pairing request and security request. 25468cf9fa12SJohan Hedberg */ 2547b28b4943SJohan Hedberg if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ) 2548b28b4943SJohan Hedberg goto drop; 25498cf9fa12SJohan Hedberg 2550eb492e01SAnderson Briglia switch (code) { 2551eb492e01SAnderson Briglia case SMP_CMD_PAIRING_REQ: 2552da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_req(conn, skb); 2553eb492e01SAnderson Briglia break; 2554eb492e01SAnderson Briglia 2555eb492e01SAnderson Briglia case SMP_CMD_PAIRING_FAIL: 255684794e11SJohan Hedberg smp_failure(conn, 0); 2557da85e5e5SVinicius Costa Gomes err = -EPERM; 2558eb492e01SAnderson Briglia break; 2559eb492e01SAnderson Briglia 2560eb492e01SAnderson Briglia case SMP_CMD_PAIRING_RSP: 2561da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_rsp(conn, skb); 256288ba43b6SAnderson Briglia break; 256388ba43b6SAnderson Briglia 256488ba43b6SAnderson Briglia case SMP_CMD_SECURITY_REQ: 2565da85e5e5SVinicius Costa Gomes reason = smp_cmd_security_req(conn, skb); 256688ba43b6SAnderson Briglia break; 256788ba43b6SAnderson Briglia 2568eb492e01SAnderson Briglia case SMP_CMD_PAIRING_CONFIRM: 2569da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_confirm(conn, skb); 257088ba43b6SAnderson Briglia break; 257188ba43b6SAnderson Briglia 2572eb492e01SAnderson Briglia case SMP_CMD_PAIRING_RANDOM: 2573da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_random(conn, skb); 257488ba43b6SAnderson Briglia break; 257588ba43b6SAnderson Briglia 2576eb492e01SAnderson Briglia case SMP_CMD_ENCRYPT_INFO: 25777034b911SVinicius Costa Gomes reason = smp_cmd_encrypt_info(conn, skb); 25787034b911SVinicius Costa Gomes break; 25797034b911SVinicius Costa Gomes 2580eb492e01SAnderson Briglia case SMP_CMD_MASTER_IDENT: 25817034b911SVinicius Costa Gomes reason = smp_cmd_master_ident(conn, skb); 25827034b911SVinicius Costa Gomes break; 25837034b911SVinicius Costa Gomes 2584eb492e01SAnderson Briglia case SMP_CMD_IDENT_INFO: 2585fd349c02SJohan Hedberg reason = smp_cmd_ident_info(conn, skb); 2586fd349c02SJohan Hedberg break; 2587fd349c02SJohan Hedberg 2588eb492e01SAnderson Briglia case SMP_CMD_IDENT_ADDR_INFO: 2589fd349c02SJohan Hedberg reason = smp_cmd_ident_addr_info(conn, skb); 2590fd349c02SJohan Hedberg break; 2591fd349c02SJohan Hedberg 2592eb492e01SAnderson Briglia case SMP_CMD_SIGN_INFO: 25937ee4ea36SMarcel Holtmann reason = smp_cmd_sign_info(conn, skb); 25947034b911SVinicius Costa Gomes break; 25957034b911SVinicius Costa Gomes 2596d8f8edbeSJohan Hedberg case SMP_CMD_PUBLIC_KEY: 2597d8f8edbeSJohan Hedberg reason = smp_cmd_public_key(conn, skb); 2598d8f8edbeSJohan Hedberg break; 2599d8f8edbeSJohan Hedberg 26006433a9a2SJohan Hedberg case SMP_CMD_DHKEY_CHECK: 26016433a9a2SJohan Hedberg reason = smp_cmd_dhkey_check(conn, skb); 26026433a9a2SJohan Hedberg break; 26036433a9a2SJohan Hedberg 26041408bb6eSJohan Hedberg case SMP_CMD_KEYPRESS_NOTIFY: 26051408bb6eSJohan Hedberg reason = smp_cmd_keypress_notify(conn, skb); 26061408bb6eSJohan Hedberg break; 26071408bb6eSJohan Hedberg 2608eb492e01SAnderson Briglia default: 2609eb492e01SAnderson Briglia BT_DBG("Unknown command code 0x%2.2x", code); 2610eb492e01SAnderson Briglia reason = SMP_CMD_NOTSUPP; 26113a0259bbSVinicius Costa Gomes goto done; 26123a0259bbSVinicius Costa Gomes } 26133a0259bbSVinicius Costa Gomes 26143a0259bbSVinicius Costa Gomes done: 26159b7b18efSJohan Hedberg if (!err) { 26163a0259bbSVinicius Costa Gomes if (reason) 261784794e11SJohan Hedberg smp_failure(conn, reason); 2618eb492e01SAnderson Briglia kfree_skb(skb); 26199b7b18efSJohan Hedberg } 26209b7b18efSJohan Hedberg 2621eb492e01SAnderson Briglia return err; 2622b28b4943SJohan Hedberg 2623b28b4943SJohan Hedberg drop: 2624b28b4943SJohan Hedberg BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name, 2625b28b4943SJohan Hedberg code, &hcon->dst); 2626b28b4943SJohan Hedberg kfree_skb(skb); 2627b28b4943SJohan Hedberg return 0; 2628eb492e01SAnderson Briglia } 26297034b911SVinicius Costa Gomes 263070db83c4SJohan Hedberg static void smp_teardown_cb(struct l2cap_chan *chan, int err) 263170db83c4SJohan Hedberg { 263270db83c4SJohan Hedberg struct l2cap_conn *conn = chan->conn; 263370db83c4SJohan Hedberg 263470db83c4SJohan Hedberg BT_DBG("chan %p", chan); 263570db83c4SJohan Hedberg 2636fc75cc86SJohan Hedberg if (chan->data) 26375d88cc73SJohan Hedberg smp_chan_destroy(conn); 26385d88cc73SJohan Hedberg 263970db83c4SJohan Hedberg conn->smp = NULL; 264070db83c4SJohan Hedberg l2cap_chan_put(chan); 264170db83c4SJohan Hedberg } 264270db83c4SJohan Hedberg 2643b5ae344dSJohan Hedberg static void bredr_pairing(struct l2cap_chan *chan) 2644b5ae344dSJohan Hedberg { 2645b5ae344dSJohan Hedberg struct l2cap_conn *conn = chan->conn; 2646b5ae344dSJohan Hedberg struct hci_conn *hcon = conn->hcon; 2647b5ae344dSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 2648b5ae344dSJohan Hedberg struct smp_cmd_pairing req; 2649b5ae344dSJohan Hedberg struct smp_chan *smp; 2650b5ae344dSJohan Hedberg 2651b5ae344dSJohan Hedberg BT_DBG("chan %p", chan); 2652b5ae344dSJohan Hedberg 2653b5ae344dSJohan Hedberg /* Only new pairings are interesting */ 2654b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags)) 2655b5ae344dSJohan Hedberg return; 2656b5ae344dSJohan Hedberg 2657b5ae344dSJohan Hedberg /* Don't bother if we're not encrypted */ 2658b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 2659b5ae344dSJohan Hedberg return; 2660b5ae344dSJohan Hedberg 2661b5ae344dSJohan Hedberg /* Only master may initiate SMP over BR/EDR */ 2662b5ae344dSJohan Hedberg if (hcon->role != HCI_ROLE_MASTER) 2663b5ae344dSJohan Hedberg return; 2664b5ae344dSJohan Hedberg 2665b5ae344dSJohan Hedberg /* Secure Connections support must be enabled */ 2666b5ae344dSJohan Hedberg if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) 2667b5ae344dSJohan Hedberg return; 2668b5ae344dSJohan Hedberg 2669b5ae344dSJohan Hedberg /* BR/EDR must use Secure Connections for SMP */ 2670b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) && 2671b5ae344dSJohan Hedberg !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags)) 2672b5ae344dSJohan Hedberg return; 2673b5ae344dSJohan Hedberg 2674b5ae344dSJohan Hedberg /* If our LE support is not enabled don't do anything */ 2675b5ae344dSJohan Hedberg if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 2676b5ae344dSJohan Hedberg return; 2677b5ae344dSJohan Hedberg 2678b5ae344dSJohan Hedberg /* Don't bother if remote LE support is not enabled */ 2679b5ae344dSJohan Hedberg if (!lmp_host_le_capable(hcon)) 2680b5ae344dSJohan Hedberg return; 2681b5ae344dSJohan Hedberg 2682b5ae344dSJohan Hedberg /* Remote must support SMP fixed chan for BR/EDR */ 2683b5ae344dSJohan Hedberg if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR)) 2684b5ae344dSJohan Hedberg return; 2685b5ae344dSJohan Hedberg 2686b5ae344dSJohan Hedberg /* Don't bother if SMP is already ongoing */ 2687b5ae344dSJohan Hedberg if (chan->data) 2688b5ae344dSJohan Hedberg return; 2689b5ae344dSJohan Hedberg 2690b5ae344dSJohan Hedberg smp = smp_chan_create(conn); 2691b5ae344dSJohan Hedberg if (!smp) { 2692b5ae344dSJohan Hedberg BT_ERR("%s unable to create SMP context for BR/EDR", 2693b5ae344dSJohan Hedberg hdev->name); 2694b5ae344dSJohan Hedberg return; 2695b5ae344dSJohan Hedberg } 2696b5ae344dSJohan Hedberg 2697b5ae344dSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 2698b5ae344dSJohan Hedberg 2699b5ae344dSJohan Hedberg BT_DBG("%s starting SMP over BR/EDR", hdev->name); 2700b5ae344dSJohan Hedberg 2701b5ae344dSJohan Hedberg /* Prepare and send the BR/EDR SMP Pairing Request */ 2702b5ae344dSJohan Hedberg build_bredr_pairing_cmd(smp, &req, NULL); 2703b5ae344dSJohan Hedberg 2704b5ae344dSJohan Hedberg smp->preq[0] = SMP_CMD_PAIRING_REQ; 2705b5ae344dSJohan Hedberg memcpy(&smp->preq[1], &req, sizeof(req)); 2706b5ae344dSJohan Hedberg 2707b5ae344dSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req); 2708b5ae344dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2709b5ae344dSJohan Hedberg } 2710b5ae344dSJohan Hedberg 271144f1a7abSJohan Hedberg static void smp_resume_cb(struct l2cap_chan *chan) 271244f1a7abSJohan Hedberg { 2713b68fda68SJohan Hedberg struct smp_chan *smp = chan->data; 271444f1a7abSJohan Hedberg struct l2cap_conn *conn = chan->conn; 271544f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 271644f1a7abSJohan Hedberg 271744f1a7abSJohan Hedberg BT_DBG("chan %p", chan); 271844f1a7abSJohan Hedberg 2719b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK) { 2720b5ae344dSJohan Hedberg bredr_pairing(chan); 2721ef8efe4bSJohan Hedberg return; 2722b5ae344dSJohan Hedberg } 2723ef8efe4bSJohan Hedberg 272486d1407cSJohan Hedberg if (!smp) 272586d1407cSJohan Hedberg return; 2726b68fda68SJohan Hedberg 272784bc0db5SJohan Hedberg if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 272884bc0db5SJohan Hedberg return; 272984bc0db5SJohan Hedberg 2730b68fda68SJohan Hedberg cancel_delayed_work(&smp->security_timer); 273186d1407cSJohan Hedberg 2732d6268e86SJohan Hedberg smp_distribute_keys(smp); 273344f1a7abSJohan Hedberg } 273444f1a7abSJohan Hedberg 273570db83c4SJohan Hedberg static void smp_ready_cb(struct l2cap_chan *chan) 273670db83c4SJohan Hedberg { 273770db83c4SJohan Hedberg struct l2cap_conn *conn = chan->conn; 2738b5ae344dSJohan Hedberg struct hci_conn *hcon = conn->hcon; 273970db83c4SJohan Hedberg 274070db83c4SJohan Hedberg BT_DBG("chan %p", chan); 274170db83c4SJohan Hedberg 274270db83c4SJohan Hedberg conn->smp = chan; 274370db83c4SJohan Hedberg l2cap_chan_hold(chan); 2744b5ae344dSJohan Hedberg 2745b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 2746b5ae344dSJohan Hedberg bredr_pairing(chan); 274770db83c4SJohan Hedberg } 274870db83c4SJohan Hedberg 27494befb867SJohan Hedberg static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 27504befb867SJohan Hedberg { 27514befb867SJohan Hedberg int err; 27524befb867SJohan Hedberg 27534befb867SJohan Hedberg BT_DBG("chan %p", chan); 27544befb867SJohan Hedberg 27554befb867SJohan Hedberg err = smp_sig_channel(chan, skb); 27564befb867SJohan Hedberg if (err) { 2757b68fda68SJohan Hedberg struct smp_chan *smp = chan->data; 27584befb867SJohan Hedberg 2759b68fda68SJohan Hedberg if (smp) 2760b68fda68SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 27614befb867SJohan Hedberg 27621e91c29eSJohan Hedberg hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE); 27634befb867SJohan Hedberg } 27644befb867SJohan Hedberg 27654befb867SJohan Hedberg return err; 27664befb867SJohan Hedberg } 27674befb867SJohan Hedberg 276870db83c4SJohan Hedberg static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan, 276970db83c4SJohan Hedberg unsigned long hdr_len, 277070db83c4SJohan Hedberg unsigned long len, int nb) 277170db83c4SJohan Hedberg { 277270db83c4SJohan Hedberg struct sk_buff *skb; 277370db83c4SJohan Hedberg 277470db83c4SJohan Hedberg skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL); 277570db83c4SJohan Hedberg if (!skb) 277670db83c4SJohan Hedberg return ERR_PTR(-ENOMEM); 277770db83c4SJohan Hedberg 277870db83c4SJohan Hedberg skb->priority = HCI_PRIO_MAX; 277970db83c4SJohan Hedberg bt_cb(skb)->chan = chan; 278070db83c4SJohan Hedberg 278170db83c4SJohan Hedberg return skb; 278270db83c4SJohan Hedberg } 278370db83c4SJohan Hedberg 278470db83c4SJohan Hedberg static const struct l2cap_ops smp_chan_ops = { 278570db83c4SJohan Hedberg .name = "Security Manager", 278670db83c4SJohan Hedberg .ready = smp_ready_cb, 27875d88cc73SJohan Hedberg .recv = smp_recv_cb, 278870db83c4SJohan Hedberg .alloc_skb = smp_alloc_skb_cb, 278970db83c4SJohan Hedberg .teardown = smp_teardown_cb, 279044f1a7abSJohan Hedberg .resume = smp_resume_cb, 279170db83c4SJohan Hedberg 279270db83c4SJohan Hedberg .new_connection = l2cap_chan_no_new_connection, 279370db83c4SJohan Hedberg .state_change = l2cap_chan_no_state_change, 279470db83c4SJohan Hedberg .close = l2cap_chan_no_close, 279570db83c4SJohan Hedberg .defer = l2cap_chan_no_defer, 279670db83c4SJohan Hedberg .suspend = l2cap_chan_no_suspend, 279770db83c4SJohan Hedberg .set_shutdown = l2cap_chan_no_set_shutdown, 279870db83c4SJohan Hedberg .get_sndtimeo = l2cap_chan_no_get_sndtimeo, 279970db83c4SJohan Hedberg .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 280070db83c4SJohan Hedberg }; 280170db83c4SJohan Hedberg 280270db83c4SJohan Hedberg static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan) 280370db83c4SJohan Hedberg { 280470db83c4SJohan Hedberg struct l2cap_chan *chan; 280570db83c4SJohan Hedberg 280670db83c4SJohan Hedberg BT_DBG("pchan %p", pchan); 280770db83c4SJohan Hedberg 280870db83c4SJohan Hedberg chan = l2cap_chan_create(); 280970db83c4SJohan Hedberg if (!chan) 281070db83c4SJohan Hedberg return NULL; 281170db83c4SJohan Hedberg 281270db83c4SJohan Hedberg chan->chan_type = pchan->chan_type; 281370db83c4SJohan Hedberg chan->ops = &smp_chan_ops; 281470db83c4SJohan Hedberg chan->scid = pchan->scid; 281570db83c4SJohan Hedberg chan->dcid = chan->scid; 281670db83c4SJohan Hedberg chan->imtu = pchan->imtu; 281770db83c4SJohan Hedberg chan->omtu = pchan->omtu; 281870db83c4SJohan Hedberg chan->mode = pchan->mode; 281970db83c4SJohan Hedberg 2820abe84903SJohan Hedberg /* Other L2CAP channels may request SMP routines in order to 2821abe84903SJohan Hedberg * change the security level. This means that the SMP channel 2822abe84903SJohan Hedberg * lock must be considered in its own category to avoid lockdep 2823abe84903SJohan Hedberg * warnings. 2824abe84903SJohan Hedberg */ 2825abe84903SJohan Hedberg atomic_set(&chan->nesting, L2CAP_NESTING_SMP); 2826abe84903SJohan Hedberg 282770db83c4SJohan Hedberg BT_DBG("created chan %p", chan); 282870db83c4SJohan Hedberg 282970db83c4SJohan Hedberg return chan; 283070db83c4SJohan Hedberg } 283170db83c4SJohan Hedberg 283270db83c4SJohan Hedberg static const struct l2cap_ops smp_root_chan_ops = { 283370db83c4SJohan Hedberg .name = "Security Manager Root", 283470db83c4SJohan Hedberg .new_connection = smp_new_conn_cb, 283570db83c4SJohan Hedberg 283670db83c4SJohan Hedberg /* None of these are implemented for the root channel */ 283770db83c4SJohan Hedberg .close = l2cap_chan_no_close, 283870db83c4SJohan Hedberg .alloc_skb = l2cap_chan_no_alloc_skb, 283970db83c4SJohan Hedberg .recv = l2cap_chan_no_recv, 284070db83c4SJohan Hedberg .state_change = l2cap_chan_no_state_change, 284170db83c4SJohan Hedberg .teardown = l2cap_chan_no_teardown, 284270db83c4SJohan Hedberg .ready = l2cap_chan_no_ready, 284370db83c4SJohan Hedberg .defer = l2cap_chan_no_defer, 284470db83c4SJohan Hedberg .suspend = l2cap_chan_no_suspend, 284570db83c4SJohan Hedberg .resume = l2cap_chan_no_resume, 284670db83c4SJohan Hedberg .set_shutdown = l2cap_chan_no_set_shutdown, 284770db83c4SJohan Hedberg .get_sndtimeo = l2cap_chan_no_get_sndtimeo, 284870db83c4SJohan Hedberg .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 284970db83c4SJohan Hedberg }; 285070db83c4SJohan Hedberg 2851ef8efe4bSJohan Hedberg static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) 2852711eafe3SJohan Hedberg { 285370db83c4SJohan Hedberg struct l2cap_chan *chan; 2854defce9e8SJohan Hedberg struct crypto_blkcipher *tfm_aes; 285570db83c4SJohan Hedberg 2856ef8efe4bSJohan Hedberg if (cid == L2CAP_CID_SMP_BREDR) { 2857ef8efe4bSJohan Hedberg tfm_aes = NULL; 2858ef8efe4bSJohan Hedberg goto create_chan; 2859ef8efe4bSJohan Hedberg } 2860711eafe3SJohan Hedberg 2861adae20cbSJohan Hedberg tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); 2862defce9e8SJohan Hedberg if (IS_ERR(tfm_aes)) { 2863711eafe3SJohan Hedberg BT_ERR("Unable to create crypto context"); 2864ef8efe4bSJohan Hedberg return ERR_PTR(PTR_ERR(tfm_aes)); 2865711eafe3SJohan Hedberg } 2866711eafe3SJohan Hedberg 2867ef8efe4bSJohan Hedberg create_chan: 286870db83c4SJohan Hedberg chan = l2cap_chan_create(); 286970db83c4SJohan Hedberg if (!chan) { 2870defce9e8SJohan Hedberg crypto_free_blkcipher(tfm_aes); 2871ef8efe4bSJohan Hedberg return ERR_PTR(-ENOMEM); 287270db83c4SJohan Hedberg } 287370db83c4SJohan Hedberg 2874defce9e8SJohan Hedberg chan->data = tfm_aes; 2875defce9e8SJohan Hedberg 2876ef8efe4bSJohan Hedberg l2cap_add_scid(chan, cid); 287770db83c4SJohan Hedberg 287870db83c4SJohan Hedberg l2cap_chan_set_defaults(chan); 287970db83c4SJohan Hedberg 288070db83c4SJohan Hedberg bacpy(&chan->src, &hdev->bdaddr); 2881ef8efe4bSJohan Hedberg if (cid == L2CAP_CID_SMP) 288270db83c4SJohan Hedberg chan->src_type = BDADDR_LE_PUBLIC; 2883ef8efe4bSJohan Hedberg else 2884ef8efe4bSJohan Hedberg chan->src_type = BDADDR_BREDR; 288570db83c4SJohan Hedberg chan->state = BT_LISTEN; 288670db83c4SJohan Hedberg chan->mode = L2CAP_MODE_BASIC; 288770db83c4SJohan Hedberg chan->imtu = L2CAP_DEFAULT_MTU; 288870db83c4SJohan Hedberg chan->ops = &smp_root_chan_ops; 288970db83c4SJohan Hedberg 2890abe84903SJohan Hedberg /* Set correct nesting level for a parent/listening channel */ 2891abe84903SJohan Hedberg atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 2892abe84903SJohan Hedberg 2893ef8efe4bSJohan Hedberg return chan; 2894711eafe3SJohan Hedberg } 2895711eafe3SJohan Hedberg 2896ef8efe4bSJohan Hedberg static void smp_del_chan(struct l2cap_chan *chan) 2897711eafe3SJohan Hedberg { 2898defce9e8SJohan Hedberg struct crypto_blkcipher *tfm_aes; 289970db83c4SJohan Hedberg 2900ef8efe4bSJohan Hedberg BT_DBG("chan %p", chan); 2901711eafe3SJohan Hedberg 2902defce9e8SJohan Hedberg tfm_aes = chan->data; 2903defce9e8SJohan Hedberg if (tfm_aes) { 2904defce9e8SJohan Hedberg chan->data = NULL; 2905defce9e8SJohan Hedberg crypto_free_blkcipher(tfm_aes); 2906711eafe3SJohan Hedberg } 290770db83c4SJohan Hedberg 290870db83c4SJohan Hedberg l2cap_chan_put(chan); 2909711eafe3SJohan Hedberg } 2910ef8efe4bSJohan Hedberg 2911ef8efe4bSJohan Hedberg int smp_register(struct hci_dev *hdev) 2912ef8efe4bSJohan Hedberg { 2913ef8efe4bSJohan Hedberg struct l2cap_chan *chan; 2914ef8efe4bSJohan Hedberg 2915ef8efe4bSJohan Hedberg BT_DBG("%s", hdev->name); 2916ef8efe4bSJohan Hedberg 2917ef8efe4bSJohan Hedberg chan = smp_add_cid(hdev, L2CAP_CID_SMP); 2918ef8efe4bSJohan Hedberg if (IS_ERR(chan)) 2919ef8efe4bSJohan Hedberg return PTR_ERR(chan); 2920ef8efe4bSJohan Hedberg 2921ef8efe4bSJohan Hedberg hdev->smp_data = chan; 2922ef8efe4bSJohan Hedberg 2923ef8efe4bSJohan Hedberg if (!lmp_sc_capable(hdev) && 2924ef8efe4bSJohan Hedberg !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags)) 2925ef8efe4bSJohan Hedberg return 0; 2926ef8efe4bSJohan Hedberg 2927ef8efe4bSJohan Hedberg chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR); 2928ef8efe4bSJohan Hedberg if (IS_ERR(chan)) { 2929ef8efe4bSJohan Hedberg int err = PTR_ERR(chan); 2930ef8efe4bSJohan Hedberg chan = hdev->smp_data; 2931ef8efe4bSJohan Hedberg hdev->smp_data = NULL; 2932ef8efe4bSJohan Hedberg smp_del_chan(chan); 2933ef8efe4bSJohan Hedberg return err; 2934ef8efe4bSJohan Hedberg } 2935ef8efe4bSJohan Hedberg 2936ef8efe4bSJohan Hedberg hdev->smp_bredr_data = chan; 2937ef8efe4bSJohan Hedberg 2938ef8efe4bSJohan Hedberg return 0; 2939ef8efe4bSJohan Hedberg } 2940ef8efe4bSJohan Hedberg 2941ef8efe4bSJohan Hedberg void smp_unregister(struct hci_dev *hdev) 2942ef8efe4bSJohan Hedberg { 2943ef8efe4bSJohan Hedberg struct l2cap_chan *chan; 2944ef8efe4bSJohan Hedberg 2945ef8efe4bSJohan Hedberg if (hdev->smp_bredr_data) { 2946ef8efe4bSJohan Hedberg chan = hdev->smp_bredr_data; 2947ef8efe4bSJohan Hedberg hdev->smp_bredr_data = NULL; 2948ef8efe4bSJohan Hedberg smp_del_chan(chan); 2949ef8efe4bSJohan Hedberg } 2950ef8efe4bSJohan Hedberg 2951ef8efe4bSJohan Hedberg if (hdev->smp_data) { 2952ef8efe4bSJohan Hedberg chan = hdev->smp_data; 2953ef8efe4bSJohan Hedberg hdev->smp_data = NULL; 2954ef8efe4bSJohan Hedberg smp_del_chan(chan); 2955ef8efe4bSJohan Hedberg } 2956ef8efe4bSJohan Hedberg } 2957