1eb492e01SAnderson Briglia /* 2eb492e01SAnderson Briglia BlueZ - Bluetooth protocol stack for Linux 3eb492e01SAnderson Briglia Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4eb492e01SAnderson Briglia 5eb492e01SAnderson Briglia This program is free software; you can redistribute it and/or modify 6eb492e01SAnderson Briglia it under the terms of the GNU General Public License version 2 as 7eb492e01SAnderson Briglia published by the Free Software Foundation; 8eb492e01SAnderson Briglia 9eb492e01SAnderson Briglia THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10eb492e01SAnderson Briglia OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11eb492e01SAnderson Briglia FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12eb492e01SAnderson Briglia IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13eb492e01SAnderson Briglia CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14eb492e01SAnderson Briglia WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15eb492e01SAnderson Briglia ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16eb492e01SAnderson Briglia OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17eb492e01SAnderson Briglia 18eb492e01SAnderson Briglia ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19eb492e01SAnderson Briglia COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20eb492e01SAnderson Briglia SOFTWARE IS DISCLAIMED. 21eb492e01SAnderson Briglia */ 22eb492e01SAnderson Briglia 238c520a59SGustavo Padovan #include <linux/crypto.h> 248c520a59SGustavo Padovan #include <linux/scatterlist.h> 258c520a59SGustavo Padovan #include <crypto/b128ops.h> 268c520a59SGustavo Padovan 27eb492e01SAnderson Briglia #include <net/bluetooth/bluetooth.h> 28eb492e01SAnderson Briglia #include <net/bluetooth/hci_core.h> 29eb492e01SAnderson Briglia #include <net/bluetooth/l2cap.h> 302b64d153SBrian Gix #include <net/bluetooth/mgmt.h> 31ac4b7236SMarcel Holtmann 323b19146dSJohan Hedberg #include "ecc.h" 33ac4b7236SMarcel Holtmann #include "smp.h" 34d22ef0bcSAnderson Briglia 35b28b4943SJohan Hedberg #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) 36b28b4943SJohan Hedberg 373b19146dSJohan Hedberg /* Keys which are not distributed with Secure Connections */ 383b19146dSJohan Hedberg #define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY); 393b19146dSJohan Hedberg 4017b02e62SMarcel Holtmann #define SMP_TIMEOUT msecs_to_jiffies(30000) 415d3de7dfSVinicius Costa Gomes 420edb14deSJohan Hedberg #define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \ 430edb14deSJohan Hedberg 0x1f : 0x07) 4488d3a8acSJohan Hedberg #define KEY_DIST_MASK 0x07 45065a13e2SJohan Hedberg 46cbbbe3e2SJohan Hedberg /* Maximum message length that can be passed to aes_cmac */ 47cbbbe3e2SJohan Hedberg #define CMAC_MSG_MAX 80 48cbbbe3e2SJohan Hedberg 49533e35d4SJohan Hedberg enum { 50533e35d4SJohan Hedberg SMP_FLAG_TK_VALID, 51533e35d4SJohan Hedberg SMP_FLAG_CFM_PENDING, 52533e35d4SJohan Hedberg SMP_FLAG_MITM_AUTH, 53533e35d4SJohan Hedberg SMP_FLAG_COMPLETE, 54533e35d4SJohan Hedberg SMP_FLAG_INITIATOR, 5565668776SJohan Hedberg SMP_FLAG_SC, 56d8f8edbeSJohan Hedberg SMP_FLAG_REMOTE_PK, 57aeb7d461SJohan Hedberg SMP_FLAG_DEBUG_KEY, 5838606f14SJohan Hedberg SMP_FLAG_WAIT_USER, 59d3e54a87SJohan Hedberg SMP_FLAG_DHKEY_PENDING, 60533e35d4SJohan Hedberg }; 614bc58f51SJohan Hedberg 624bc58f51SJohan Hedberg struct smp_chan { 634bc58f51SJohan Hedberg struct l2cap_conn *conn; 64b68fda68SJohan Hedberg struct delayed_work security_timer; 65b28b4943SJohan Hedberg unsigned long allow_cmd; /* Bitmask of allowed commands */ 66b68fda68SJohan Hedberg 674bc58f51SJohan Hedberg u8 preq[7]; /* SMP Pairing Request */ 684bc58f51SJohan Hedberg u8 prsp[7]; /* SMP Pairing Response */ 694bc58f51SJohan Hedberg u8 prnd[16]; /* SMP Pairing Random (local) */ 704bc58f51SJohan Hedberg u8 rrnd[16]; /* SMP Pairing Random (remote) */ 714bc58f51SJohan Hedberg u8 pcnf[16]; /* SMP Pairing Confirm */ 724bc58f51SJohan Hedberg u8 tk[16]; /* SMP Temporary Key */ 734bc58f51SJohan Hedberg u8 enc_key_size; 744bc58f51SJohan Hedberg u8 remote_key_dist; 754bc58f51SJohan Hedberg bdaddr_t id_addr; 764bc58f51SJohan Hedberg u8 id_addr_type; 774bc58f51SJohan Hedberg u8 irk[16]; 784bc58f51SJohan Hedberg struct smp_csrk *csrk; 794bc58f51SJohan Hedberg struct smp_csrk *slave_csrk; 804bc58f51SJohan Hedberg struct smp_ltk *ltk; 814bc58f51SJohan Hedberg struct smp_ltk *slave_ltk; 824bc58f51SJohan Hedberg struct smp_irk *remote_irk; 836a77083aSJohan Hedberg u8 *link_key; 844a74d658SJohan Hedberg unsigned long flags; 85783e0574SJohan Hedberg u8 method; 8638606f14SJohan Hedberg u8 passkey_round; 876a7bd103SJohan Hedberg 883b19146dSJohan Hedberg /* Secure Connections variables */ 893b19146dSJohan Hedberg u8 local_pk[64]; 903b19146dSJohan Hedberg u8 local_sk[32]; 91d8f8edbeSJohan Hedberg u8 remote_pk[64]; 92d8f8edbeSJohan Hedberg u8 dhkey[32]; 93760b018bSJohan Hedberg u8 mackey[16]; 943b19146dSJohan Hedberg 956a7bd103SJohan Hedberg struct crypto_blkcipher *tfm_aes; 96407cecf6SJohan Hedberg struct crypto_hash *tfm_cmac; 974bc58f51SJohan Hedberg }; 984bc58f51SJohan Hedberg 99aeb7d461SJohan Hedberg /* These debug key values are defined in the SMP section of the core 100aeb7d461SJohan Hedberg * specification. debug_pk is the public debug key and debug_sk the 101aeb7d461SJohan Hedberg * private debug key. 102aeb7d461SJohan Hedberg */ 103aeb7d461SJohan Hedberg static const u8 debug_pk[64] = { 104aeb7d461SJohan Hedberg 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc, 105aeb7d461SJohan Hedberg 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef, 106aeb7d461SJohan Hedberg 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e, 107aeb7d461SJohan Hedberg 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20, 108aeb7d461SJohan Hedberg 109aeb7d461SJohan Hedberg 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74, 110aeb7d461SJohan Hedberg 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76, 111aeb7d461SJohan Hedberg 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63, 112aeb7d461SJohan Hedberg 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc, 113aeb7d461SJohan Hedberg }; 114aeb7d461SJohan Hedberg 115aeb7d461SJohan Hedberg static const u8 debug_sk[32] = { 116aeb7d461SJohan Hedberg 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58, 117aeb7d461SJohan Hedberg 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a, 118aeb7d461SJohan Hedberg 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74, 119aeb7d461SJohan Hedberg 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f, 120aeb7d461SJohan Hedberg }; 121aeb7d461SJohan Hedberg 1228a2936f4SJohan Hedberg static inline void swap_buf(const u8 *src, u8 *dst, size_t len) 123d22ef0bcSAnderson Briglia { 1248a2936f4SJohan Hedberg size_t i; 125d22ef0bcSAnderson Briglia 1268a2936f4SJohan Hedberg for (i = 0; i < len; i++) 1278a2936f4SJohan Hedberg dst[len - 1 - i] = src[i]; 128d22ef0bcSAnderson Briglia } 129d22ef0bcSAnderson Briglia 130cbbbe3e2SJohan Hedberg static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m, 131cbbbe3e2SJohan Hedberg size_t len, u8 mac[16]) 132cbbbe3e2SJohan Hedberg { 133cbbbe3e2SJohan Hedberg uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX]; 134cbbbe3e2SJohan Hedberg struct hash_desc desc; 135cbbbe3e2SJohan Hedberg struct scatterlist sg; 136cbbbe3e2SJohan Hedberg int err; 137cbbbe3e2SJohan Hedberg 138cbbbe3e2SJohan Hedberg if (len > CMAC_MSG_MAX) 139cbbbe3e2SJohan Hedberg return -EFBIG; 140cbbbe3e2SJohan Hedberg 141cbbbe3e2SJohan Hedberg if (!tfm) { 142cbbbe3e2SJohan Hedberg BT_ERR("tfm %p", tfm); 143cbbbe3e2SJohan Hedberg return -EINVAL; 144cbbbe3e2SJohan Hedberg } 145cbbbe3e2SJohan Hedberg 146cbbbe3e2SJohan Hedberg desc.tfm = tfm; 147cbbbe3e2SJohan Hedberg desc.flags = 0; 148cbbbe3e2SJohan Hedberg 149cbbbe3e2SJohan Hedberg crypto_hash_init(&desc); 150cbbbe3e2SJohan Hedberg 151cbbbe3e2SJohan Hedberg /* Swap key and message from LSB to MSB */ 152cbbbe3e2SJohan Hedberg swap_buf(k, tmp, 16); 153cbbbe3e2SJohan Hedberg swap_buf(m, msg_msb, len); 154cbbbe3e2SJohan Hedberg 155cbbbe3e2SJohan Hedberg BT_DBG("msg (len %zu) %*phN", len, (int) len, m); 156cbbbe3e2SJohan Hedberg BT_DBG("key %16phN", k); 157cbbbe3e2SJohan Hedberg 158cbbbe3e2SJohan Hedberg err = crypto_hash_setkey(tfm, tmp, 16); 159cbbbe3e2SJohan Hedberg if (err) { 160cbbbe3e2SJohan Hedberg BT_ERR("cipher setkey failed: %d", err); 161cbbbe3e2SJohan Hedberg return err; 162cbbbe3e2SJohan Hedberg } 163cbbbe3e2SJohan Hedberg 164cbbbe3e2SJohan Hedberg sg_init_one(&sg, msg_msb, len); 165cbbbe3e2SJohan Hedberg 166cbbbe3e2SJohan Hedberg err = crypto_hash_update(&desc, &sg, len); 167cbbbe3e2SJohan Hedberg if (err) { 168cbbbe3e2SJohan Hedberg BT_ERR("Hash update error %d", err); 169cbbbe3e2SJohan Hedberg return err; 170cbbbe3e2SJohan Hedberg } 171cbbbe3e2SJohan Hedberg 172cbbbe3e2SJohan Hedberg err = crypto_hash_final(&desc, mac_msb); 173cbbbe3e2SJohan Hedberg if (err) { 174cbbbe3e2SJohan Hedberg BT_ERR("Hash final error %d", err); 175cbbbe3e2SJohan Hedberg return err; 176cbbbe3e2SJohan Hedberg } 177cbbbe3e2SJohan Hedberg 178cbbbe3e2SJohan Hedberg swap_buf(mac_msb, mac, 16); 179cbbbe3e2SJohan Hedberg 180cbbbe3e2SJohan Hedberg BT_DBG("mac %16phN", mac); 181cbbbe3e2SJohan Hedberg 182cbbbe3e2SJohan Hedberg return 0; 183cbbbe3e2SJohan Hedberg } 184cbbbe3e2SJohan Hedberg 185cbbbe3e2SJohan Hedberg static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32], 186cbbbe3e2SJohan Hedberg const u8 x[16], u8 z, u8 res[16]) 187cbbbe3e2SJohan Hedberg { 188cbbbe3e2SJohan Hedberg u8 m[65]; 189cbbbe3e2SJohan Hedberg int err; 190cbbbe3e2SJohan Hedberg 191cbbbe3e2SJohan Hedberg BT_DBG("u %32phN", u); 192cbbbe3e2SJohan Hedberg BT_DBG("v %32phN", v); 193cbbbe3e2SJohan Hedberg BT_DBG("x %16phN z %02x", x, z); 194cbbbe3e2SJohan Hedberg 195cbbbe3e2SJohan Hedberg m[0] = z; 196cbbbe3e2SJohan Hedberg memcpy(m + 1, v, 32); 197cbbbe3e2SJohan Hedberg memcpy(m + 33, u, 32); 198cbbbe3e2SJohan Hedberg 199cbbbe3e2SJohan Hedberg err = aes_cmac(tfm_cmac, x, m, sizeof(m), res); 200cbbbe3e2SJohan Hedberg if (err) 201cbbbe3e2SJohan Hedberg return err; 202cbbbe3e2SJohan Hedberg 203cbbbe3e2SJohan Hedberg BT_DBG("res %16phN", res); 204cbbbe3e2SJohan Hedberg 205cbbbe3e2SJohan Hedberg return err; 206cbbbe3e2SJohan Hedberg } 207cbbbe3e2SJohan Hedberg 208760b018bSJohan Hedberg static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16], 209760b018bSJohan Hedberg u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16]) 210760b018bSJohan Hedberg { 211760b018bSJohan Hedberg /* The btle, salt and length "magic" values are as defined in 212760b018bSJohan Hedberg * the SMP section of the Bluetooth core specification. In ASCII 213760b018bSJohan Hedberg * the btle value ends up being 'btle'. The salt is just a 214760b018bSJohan Hedberg * random number whereas length is the value 256 in little 215760b018bSJohan Hedberg * endian format. 216760b018bSJohan Hedberg */ 217760b018bSJohan Hedberg const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 }; 218760b018bSJohan Hedberg const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60, 219760b018bSJohan Hedberg 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c }; 220760b018bSJohan Hedberg const u8 length[2] = { 0x00, 0x01 }; 221760b018bSJohan Hedberg u8 m[53], t[16]; 222760b018bSJohan Hedberg int err; 223760b018bSJohan Hedberg 224760b018bSJohan Hedberg BT_DBG("w %32phN", w); 225760b018bSJohan Hedberg BT_DBG("n1 %16phN n2 %16phN", n1, n2); 226760b018bSJohan Hedberg BT_DBG("a1 %7phN a2 %7phN", a1, a2); 227760b018bSJohan Hedberg 228760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, salt, w, 32, t); 229760b018bSJohan Hedberg if (err) 230760b018bSJohan Hedberg return err; 231760b018bSJohan Hedberg 232760b018bSJohan Hedberg BT_DBG("t %16phN", t); 233760b018bSJohan Hedberg 234760b018bSJohan Hedberg memcpy(m, length, 2); 235760b018bSJohan Hedberg memcpy(m + 2, a2, 7); 236760b018bSJohan Hedberg memcpy(m + 9, a1, 7); 237760b018bSJohan Hedberg memcpy(m + 16, n2, 16); 238760b018bSJohan Hedberg memcpy(m + 32, n1, 16); 239760b018bSJohan Hedberg memcpy(m + 48, btle, 4); 240760b018bSJohan Hedberg 241760b018bSJohan Hedberg m[52] = 0; /* Counter */ 242760b018bSJohan Hedberg 243760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey); 244760b018bSJohan Hedberg if (err) 245760b018bSJohan Hedberg return err; 246760b018bSJohan Hedberg 247760b018bSJohan Hedberg BT_DBG("mackey %16phN", mackey); 248760b018bSJohan Hedberg 249760b018bSJohan Hedberg m[52] = 1; /* Counter */ 250760b018bSJohan Hedberg 251760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk); 252760b018bSJohan Hedberg if (err) 253760b018bSJohan Hedberg return err; 254760b018bSJohan Hedberg 255760b018bSJohan Hedberg BT_DBG("ltk %16phN", ltk); 256760b018bSJohan Hedberg 257760b018bSJohan Hedberg return 0; 258760b018bSJohan Hedberg } 259760b018bSJohan Hedberg 260760b018bSJohan Hedberg static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16], 261760b018bSJohan Hedberg const u8 n1[16], u8 n2[16], const u8 r[16], 262760b018bSJohan Hedberg const u8 io_cap[3], const u8 a1[7], const u8 a2[7], 263760b018bSJohan Hedberg u8 res[16]) 264760b018bSJohan Hedberg { 265760b018bSJohan Hedberg u8 m[65]; 266760b018bSJohan Hedberg int err; 267760b018bSJohan Hedberg 268760b018bSJohan Hedberg BT_DBG("w %16phN", w); 269760b018bSJohan Hedberg BT_DBG("n1 %16phN n2 %16phN", n1, n2); 270760b018bSJohan Hedberg BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2); 271760b018bSJohan Hedberg 272760b018bSJohan Hedberg memcpy(m, a2, 7); 273760b018bSJohan Hedberg memcpy(m + 7, a1, 7); 274760b018bSJohan Hedberg memcpy(m + 14, io_cap, 3); 275760b018bSJohan Hedberg memcpy(m + 17, r, 16); 276760b018bSJohan Hedberg memcpy(m + 33, n2, 16); 277760b018bSJohan Hedberg memcpy(m + 49, n1, 16); 278760b018bSJohan Hedberg 279760b018bSJohan Hedberg err = aes_cmac(tfm_cmac, w, m, sizeof(m), res); 280760b018bSJohan Hedberg if (err) 281760b018bSJohan Hedberg return err; 282760b018bSJohan Hedberg 283760b018bSJohan Hedberg BT_DBG("res %16phN", res); 284760b018bSJohan Hedberg 285760b018bSJohan Hedberg return err; 286760b018bSJohan Hedberg } 287760b018bSJohan Hedberg 288191dc7feSJohan Hedberg static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32], 289191dc7feSJohan Hedberg const u8 x[16], const u8 y[16], u32 *val) 290191dc7feSJohan Hedberg { 291191dc7feSJohan Hedberg u8 m[80], tmp[16]; 292191dc7feSJohan Hedberg int err; 293191dc7feSJohan Hedberg 294191dc7feSJohan Hedberg BT_DBG("u %32phN", u); 295191dc7feSJohan Hedberg BT_DBG("v %32phN", v); 296191dc7feSJohan Hedberg BT_DBG("x %16phN y %16phN", x, y); 297191dc7feSJohan Hedberg 298191dc7feSJohan Hedberg memcpy(m, y, 16); 299191dc7feSJohan Hedberg memcpy(m + 16, v, 32); 300191dc7feSJohan Hedberg memcpy(m + 48, u, 32); 301191dc7feSJohan Hedberg 302191dc7feSJohan Hedberg err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp); 303191dc7feSJohan Hedberg if (err) 304191dc7feSJohan Hedberg return err; 305191dc7feSJohan Hedberg 306191dc7feSJohan Hedberg *val = get_unaligned_le32(tmp); 307191dc7feSJohan Hedberg *val %= 1000000; 308191dc7feSJohan Hedberg 309191dc7feSJohan Hedberg BT_DBG("val %06u", *val); 310191dc7feSJohan Hedberg 311191dc7feSJohan Hedberg return 0; 312191dc7feSJohan Hedberg } 313191dc7feSJohan Hedberg 314d22ef0bcSAnderson Briglia static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 315d22ef0bcSAnderson Briglia { 316d22ef0bcSAnderson Briglia struct blkcipher_desc desc; 317d22ef0bcSAnderson Briglia struct scatterlist sg; 318943a732aSJohan Hedberg uint8_t tmp[16], data[16]; 319201a5929SJohan Hedberg int err; 320d22ef0bcSAnderson Briglia 321d22ef0bcSAnderson Briglia if (tfm == NULL) { 322d22ef0bcSAnderson Briglia BT_ERR("tfm %p", tfm); 323d22ef0bcSAnderson Briglia return -EINVAL; 324d22ef0bcSAnderson Briglia } 325d22ef0bcSAnderson Briglia 326d22ef0bcSAnderson Briglia desc.tfm = tfm; 327d22ef0bcSAnderson Briglia desc.flags = 0; 328d22ef0bcSAnderson Briglia 329943a732aSJohan Hedberg /* The most significant octet of key corresponds to k[0] */ 3308a2936f4SJohan Hedberg swap_buf(k, tmp, 16); 331943a732aSJohan Hedberg 332943a732aSJohan Hedberg err = crypto_blkcipher_setkey(tfm, tmp, 16); 333d22ef0bcSAnderson Briglia if (err) { 334d22ef0bcSAnderson Briglia BT_ERR("cipher setkey failed: %d", err); 335d22ef0bcSAnderson Briglia return err; 336d22ef0bcSAnderson Briglia } 337d22ef0bcSAnderson Briglia 338943a732aSJohan Hedberg /* Most significant octet of plaintextData corresponds to data[0] */ 3398a2936f4SJohan Hedberg swap_buf(r, data, 16); 340943a732aSJohan Hedberg 341943a732aSJohan Hedberg sg_init_one(&sg, data, 16); 342d22ef0bcSAnderson Briglia 343d22ef0bcSAnderson Briglia err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 344d22ef0bcSAnderson Briglia if (err) 345d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error %d", err); 346d22ef0bcSAnderson Briglia 347943a732aSJohan Hedberg /* Most significant octet of encryptedData corresponds to data[0] */ 3488a2936f4SJohan Hedberg swap_buf(data, r, 16); 349943a732aSJohan Hedberg 350d22ef0bcSAnderson Briglia return err; 351d22ef0bcSAnderson Briglia } 352d22ef0bcSAnderson Briglia 3536a77083aSJohan Hedberg static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16], 3546a77083aSJohan Hedberg const u8 key_id[4], u8 res[16]) 3556a77083aSJohan Hedberg { 3566a77083aSJohan Hedberg int err; 3576a77083aSJohan Hedberg 3586a77083aSJohan Hedberg BT_DBG("w %16phN key_id %4phN", w, key_id); 3596a77083aSJohan Hedberg 3606a77083aSJohan Hedberg err = aes_cmac(tfm_cmac, w, key_id, 4, res); 3616a77083aSJohan Hedberg if (err) 3626a77083aSJohan Hedberg return err; 3636a77083aSJohan Hedberg 3646a77083aSJohan Hedberg BT_DBG("res %16phN", res); 3656a77083aSJohan Hedberg 3666a77083aSJohan Hedberg return err; 3676a77083aSJohan Hedberg } 3686a77083aSJohan Hedberg 36960478054SJohan Hedberg static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) 37060478054SJohan Hedberg { 371943a732aSJohan Hedberg u8 _res[16]; 37260478054SJohan Hedberg int err; 37360478054SJohan Hedberg 37460478054SJohan Hedberg /* r' = padding || r */ 375943a732aSJohan Hedberg memcpy(_res, r, 3); 376943a732aSJohan Hedberg memset(_res + 3, 0, 13); 37760478054SJohan Hedberg 378943a732aSJohan Hedberg err = smp_e(tfm, irk, _res); 37960478054SJohan Hedberg if (err) { 38060478054SJohan Hedberg BT_ERR("Encrypt error"); 38160478054SJohan Hedberg return err; 38260478054SJohan Hedberg } 38360478054SJohan Hedberg 38460478054SJohan Hedberg /* The output of the random address function ah is: 38560478054SJohan Hedberg * ah(h, r) = e(k, r') mod 2^24 38660478054SJohan Hedberg * The output of the security function e is then truncated to 24 bits 38760478054SJohan Hedberg * by taking the least significant 24 bits of the output of e as the 38860478054SJohan Hedberg * result of ah. 38960478054SJohan Hedberg */ 390943a732aSJohan Hedberg memcpy(res, _res, 3); 39160478054SJohan Hedberg 39260478054SJohan Hedberg return 0; 39360478054SJohan Hedberg } 39460478054SJohan Hedberg 395defce9e8SJohan Hedberg bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr) 39660478054SJohan Hedberg { 397defce9e8SJohan Hedberg struct l2cap_chan *chan = hdev->smp_data; 398defce9e8SJohan Hedberg struct crypto_blkcipher *tfm; 39960478054SJohan Hedberg u8 hash[3]; 40060478054SJohan Hedberg int err; 40160478054SJohan Hedberg 402defce9e8SJohan Hedberg if (!chan || !chan->data) 403defce9e8SJohan Hedberg return false; 404defce9e8SJohan Hedberg 405defce9e8SJohan Hedberg tfm = chan->data; 406defce9e8SJohan Hedberg 40760478054SJohan Hedberg BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); 40860478054SJohan Hedberg 40960478054SJohan Hedberg err = smp_ah(tfm, irk, &bdaddr->b[3], hash); 41060478054SJohan Hedberg if (err) 41160478054SJohan Hedberg return false; 41260478054SJohan Hedberg 41360478054SJohan Hedberg return !memcmp(bdaddr->b, hash, 3); 41460478054SJohan Hedberg } 41560478054SJohan Hedberg 416defce9e8SJohan Hedberg int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa) 417b1e2b3aeSJohan Hedberg { 418defce9e8SJohan Hedberg struct l2cap_chan *chan = hdev->smp_data; 419defce9e8SJohan Hedberg struct crypto_blkcipher *tfm; 420b1e2b3aeSJohan Hedberg int err; 421b1e2b3aeSJohan Hedberg 422defce9e8SJohan Hedberg if (!chan || !chan->data) 423defce9e8SJohan Hedberg return -EOPNOTSUPP; 424defce9e8SJohan Hedberg 425defce9e8SJohan Hedberg tfm = chan->data; 426defce9e8SJohan Hedberg 427b1e2b3aeSJohan Hedberg get_random_bytes(&rpa->b[3], 3); 428b1e2b3aeSJohan Hedberg 429b1e2b3aeSJohan Hedberg rpa->b[5] &= 0x3f; /* Clear two most significant bits */ 430b1e2b3aeSJohan Hedberg rpa->b[5] |= 0x40; /* Set second most significant bit */ 431b1e2b3aeSJohan Hedberg 432b1e2b3aeSJohan Hedberg err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); 433b1e2b3aeSJohan Hedberg if (err < 0) 434b1e2b3aeSJohan Hedberg return err; 435b1e2b3aeSJohan Hedberg 436b1e2b3aeSJohan Hedberg BT_DBG("RPA %pMR", rpa); 437b1e2b3aeSJohan Hedberg 438b1e2b3aeSJohan Hedberg return 0; 439b1e2b3aeSJohan Hedberg } 440b1e2b3aeSJohan Hedberg 441e491eaf3SJohan Hedberg static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16], 442e491eaf3SJohan Hedberg u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, 443e491eaf3SJohan Hedberg bdaddr_t *ra, u8 res[16]) 444d22ef0bcSAnderson Briglia { 445d22ef0bcSAnderson Briglia u8 p1[16], p2[16]; 446d22ef0bcSAnderson Briglia int err; 447d22ef0bcSAnderson Briglia 448d22ef0bcSAnderson Briglia memset(p1, 0, 16); 449d22ef0bcSAnderson Briglia 450d22ef0bcSAnderson Briglia /* p1 = pres || preq || _rat || _iat */ 451943a732aSJohan Hedberg p1[0] = _iat; 452943a732aSJohan Hedberg p1[1] = _rat; 453943a732aSJohan Hedberg memcpy(p1 + 2, preq, 7); 454943a732aSJohan Hedberg memcpy(p1 + 9, pres, 7); 455d22ef0bcSAnderson Briglia 456d22ef0bcSAnderson Briglia /* p2 = padding || ia || ra */ 457943a732aSJohan Hedberg memcpy(p2, ra, 6); 458943a732aSJohan Hedberg memcpy(p2 + 6, ia, 6); 459943a732aSJohan Hedberg memset(p2 + 12, 0, 4); 460d22ef0bcSAnderson Briglia 461d22ef0bcSAnderson Briglia /* res = r XOR p1 */ 462d22ef0bcSAnderson Briglia u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); 463d22ef0bcSAnderson Briglia 464d22ef0bcSAnderson Briglia /* res = e(k, res) */ 465e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, res); 466d22ef0bcSAnderson Briglia if (err) { 467d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 468d22ef0bcSAnderson Briglia return err; 469d22ef0bcSAnderson Briglia } 470d22ef0bcSAnderson Briglia 471d22ef0bcSAnderson Briglia /* res = res XOR p2 */ 472d22ef0bcSAnderson Briglia u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); 473d22ef0bcSAnderson Briglia 474d22ef0bcSAnderson Briglia /* res = e(k, res) */ 475e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, res); 476d22ef0bcSAnderson Briglia if (err) 477d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 478d22ef0bcSAnderson Briglia 479d22ef0bcSAnderson Briglia return err; 480d22ef0bcSAnderson Briglia } 481d22ef0bcSAnderson Briglia 482e491eaf3SJohan Hedberg static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16], 483e491eaf3SJohan Hedberg u8 r2[16], u8 _r[16]) 484d22ef0bcSAnderson Briglia { 485d22ef0bcSAnderson Briglia int err; 486d22ef0bcSAnderson Briglia 487d22ef0bcSAnderson Briglia /* Just least significant octets from r1 and r2 are considered */ 488943a732aSJohan Hedberg memcpy(_r, r2, 8); 489943a732aSJohan Hedberg memcpy(_r + 8, r1, 8); 490d22ef0bcSAnderson Briglia 491e491eaf3SJohan Hedberg err = smp_e(tfm_aes, k, _r); 492d22ef0bcSAnderson Briglia if (err) 493d22ef0bcSAnderson Briglia BT_ERR("Encrypt data error"); 494d22ef0bcSAnderson Briglia 495d22ef0bcSAnderson Briglia return err; 496d22ef0bcSAnderson Briglia } 497d22ef0bcSAnderson Briglia 498eb492e01SAnderson Briglia static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 499eb492e01SAnderson Briglia { 5005d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 501b68fda68SJohan Hedberg struct smp_chan *smp; 5025d88cc73SJohan Hedberg struct kvec iv[2]; 5035d88cc73SJohan Hedberg struct msghdr msg; 5045d88cc73SJohan Hedberg 5055d88cc73SJohan Hedberg if (!chan) 5065d88cc73SJohan Hedberg return; 507eb492e01SAnderson Briglia 508eb492e01SAnderson Briglia BT_DBG("code 0x%2.2x", code); 509eb492e01SAnderson Briglia 5105d88cc73SJohan Hedberg iv[0].iov_base = &code; 5115d88cc73SJohan Hedberg iv[0].iov_len = 1; 512eb492e01SAnderson Briglia 5135d88cc73SJohan Hedberg iv[1].iov_base = data; 5145d88cc73SJohan Hedberg iv[1].iov_len = len; 5155d88cc73SJohan Hedberg 5165d88cc73SJohan Hedberg memset(&msg, 0, sizeof(msg)); 5175d88cc73SJohan Hedberg 5185d88cc73SJohan Hedberg msg.msg_iov = (struct iovec *) &iv; 5195d88cc73SJohan Hedberg msg.msg_iovlen = 2; 5205d88cc73SJohan Hedberg 5215d88cc73SJohan Hedberg l2cap_chan_send(chan, &msg, 1 + len); 522e2dcd113SVinicius Costa Gomes 523b68fda68SJohan Hedberg if (!chan->data) 524b68fda68SJohan Hedberg return; 525b68fda68SJohan Hedberg 526b68fda68SJohan Hedberg smp = chan->data; 527b68fda68SJohan Hedberg 528b68fda68SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 529b68fda68SJohan Hedberg schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); 530eb492e01SAnderson Briglia } 531eb492e01SAnderson Briglia 532d2eb9e10SJohan Hedberg static u8 authreq_to_seclevel(u8 authreq) 5332b64d153SBrian Gix { 534d2eb9e10SJohan Hedberg if (authreq & SMP_AUTH_MITM) { 535d2eb9e10SJohan Hedberg if (authreq & SMP_AUTH_SC) 536d2eb9e10SJohan Hedberg return BT_SECURITY_FIPS; 5372b64d153SBrian Gix else 538d2eb9e10SJohan Hedberg return BT_SECURITY_HIGH; 539d2eb9e10SJohan Hedberg } else { 5402b64d153SBrian Gix return BT_SECURITY_MEDIUM; 5412b64d153SBrian Gix } 542d2eb9e10SJohan Hedberg } 5432b64d153SBrian Gix 5442b64d153SBrian Gix static __u8 seclevel_to_authreq(__u8 sec_level) 5452b64d153SBrian Gix { 5462b64d153SBrian Gix switch (sec_level) { 547d2eb9e10SJohan Hedberg case BT_SECURITY_FIPS: 5482b64d153SBrian Gix case BT_SECURITY_HIGH: 5492b64d153SBrian Gix return SMP_AUTH_MITM | SMP_AUTH_BONDING; 5502b64d153SBrian Gix case BT_SECURITY_MEDIUM: 5512b64d153SBrian Gix return SMP_AUTH_BONDING; 5522b64d153SBrian Gix default: 5532b64d153SBrian Gix return SMP_AUTH_NONE; 5542b64d153SBrian Gix } 5552b64d153SBrian Gix } 5562b64d153SBrian Gix 557b8e66eacSVinicius Costa Gomes static void build_pairing_cmd(struct l2cap_conn *conn, 55854790f73SVinicius Costa Gomes struct smp_cmd_pairing *req, 559f1560463SMarcel Holtmann struct smp_cmd_pairing *rsp, __u8 authreq) 560b8e66eacSVinicius Costa Gomes { 5615d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 5625d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 563fd349c02SJohan Hedberg struct hci_conn *hcon = conn->hcon; 564fd349c02SJohan Hedberg struct hci_dev *hdev = hcon->hdev; 565fd349c02SJohan Hedberg u8 local_dist = 0, remote_dist = 0; 56654790f73SVinicius Costa Gomes 567b6ae8457SJohan Hedberg if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { 5687ee4ea36SMarcel Holtmann local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 5697ee4ea36SMarcel Holtmann remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 57054790f73SVinicius Costa Gomes authreq |= SMP_AUTH_BONDING; 5712b64d153SBrian Gix } else { 5722b64d153SBrian Gix authreq &= ~SMP_AUTH_BONDING; 57354790f73SVinicius Costa Gomes } 57454790f73SVinicius Costa Gomes 575fd349c02SJohan Hedberg if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) 576fd349c02SJohan Hedberg remote_dist |= SMP_DIST_ID_KEY; 577fd349c02SJohan Hedberg 578863efaf2SJohan Hedberg if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 579863efaf2SJohan Hedberg local_dist |= SMP_DIST_ID_KEY; 580863efaf2SJohan Hedberg 581df8e1a4cSJohan Hedberg if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { 582df8e1a4cSJohan Hedberg if ((authreq & SMP_AUTH_SC) && 583df8e1a4cSJohan Hedberg test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 584df8e1a4cSJohan Hedberg local_dist |= SMP_DIST_LINK_KEY; 585df8e1a4cSJohan Hedberg remote_dist |= SMP_DIST_LINK_KEY; 586df8e1a4cSJohan Hedberg } 587df8e1a4cSJohan Hedberg } else { 588df8e1a4cSJohan Hedberg authreq &= ~SMP_AUTH_SC; 589df8e1a4cSJohan Hedberg } 590df8e1a4cSJohan Hedberg 59154790f73SVinicius Costa Gomes if (rsp == NULL) { 59254790f73SVinicius Costa Gomes req->io_capability = conn->hcon->io_capability; 59354790f73SVinicius Costa Gomes req->oob_flag = SMP_OOB_NOT_PRESENT; 59454790f73SVinicius Costa Gomes req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 595fd349c02SJohan Hedberg req->init_key_dist = local_dist; 596fd349c02SJohan Hedberg req->resp_key_dist = remote_dist; 5970edb14deSJohan Hedberg req->auth_req = (authreq & AUTH_REQ_MASK(hdev)); 598fd349c02SJohan Hedberg 599fd349c02SJohan Hedberg smp->remote_key_dist = remote_dist; 60054790f73SVinicius Costa Gomes return; 60154790f73SVinicius Costa Gomes } 60254790f73SVinicius Costa Gomes 60354790f73SVinicius Costa Gomes rsp->io_capability = conn->hcon->io_capability; 60454790f73SVinicius Costa Gomes rsp->oob_flag = SMP_OOB_NOT_PRESENT; 60554790f73SVinicius Costa Gomes rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 606fd349c02SJohan Hedberg rsp->init_key_dist = req->init_key_dist & remote_dist; 607fd349c02SJohan Hedberg rsp->resp_key_dist = req->resp_key_dist & local_dist; 6080edb14deSJohan Hedberg rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev)); 609fd349c02SJohan Hedberg 610fd349c02SJohan Hedberg smp->remote_key_dist = rsp->init_key_dist; 611b8e66eacSVinicius Costa Gomes } 612b8e66eacSVinicius Costa Gomes 6133158c50cSVinicius Costa Gomes static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 6143158c50cSVinicius Costa Gomes { 6155d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 6165d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 6171c1def09SVinicius Costa Gomes 6183158c50cSVinicius Costa Gomes if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 6193158c50cSVinicius Costa Gomes (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 6203158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 6213158c50cSVinicius Costa Gomes 622f7aa611aSVinicius Costa Gomes smp->enc_key_size = max_key_size; 6233158c50cSVinicius Costa Gomes 6243158c50cSVinicius Costa Gomes return 0; 6253158c50cSVinicius Costa Gomes } 6263158c50cSVinicius Costa Gomes 6276f48e260SJohan Hedberg static void smp_chan_destroy(struct l2cap_conn *conn) 6286f48e260SJohan Hedberg { 6296f48e260SJohan Hedberg struct l2cap_chan *chan = conn->smp; 6306f48e260SJohan Hedberg struct smp_chan *smp = chan->data; 6316f48e260SJohan Hedberg bool complete; 6326f48e260SJohan Hedberg 6336f48e260SJohan Hedberg BUG_ON(!smp); 6346f48e260SJohan Hedberg 6356f48e260SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 6366f48e260SJohan Hedberg 6376f48e260SJohan Hedberg complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 6386f48e260SJohan Hedberg mgmt_smp_complete(conn->hcon, complete); 6396f48e260SJohan Hedberg 6406f48e260SJohan Hedberg kfree(smp->csrk); 6416f48e260SJohan Hedberg kfree(smp->slave_csrk); 6426a77083aSJohan Hedberg kfree(smp->link_key); 6436f48e260SJohan Hedberg 6446f48e260SJohan Hedberg crypto_free_blkcipher(smp->tfm_aes); 645407cecf6SJohan Hedberg crypto_free_hash(smp->tfm_cmac); 6466f48e260SJohan Hedberg 6476f48e260SJohan Hedberg /* If pairing failed clean up any keys we might have */ 6486f48e260SJohan Hedberg if (!complete) { 6496f48e260SJohan Hedberg if (smp->ltk) { 650970d0f1bSJohan Hedberg list_del_rcu(&smp->ltk->list); 651970d0f1bSJohan Hedberg kfree_rcu(smp->ltk, rcu); 6526f48e260SJohan Hedberg } 6536f48e260SJohan Hedberg 6546f48e260SJohan Hedberg if (smp->slave_ltk) { 655970d0f1bSJohan Hedberg list_del_rcu(&smp->slave_ltk->list); 656970d0f1bSJohan Hedberg kfree_rcu(smp->slave_ltk, rcu); 6576f48e260SJohan Hedberg } 6586f48e260SJohan Hedberg 6596f48e260SJohan Hedberg if (smp->remote_irk) { 660adae20cbSJohan Hedberg list_del_rcu(&smp->remote_irk->list); 661adae20cbSJohan Hedberg kfree_rcu(smp->remote_irk, rcu); 6626f48e260SJohan Hedberg } 6636f48e260SJohan Hedberg } 6646f48e260SJohan Hedberg 6656f48e260SJohan Hedberg chan->data = NULL; 6666f48e260SJohan Hedberg kfree(smp); 6676f48e260SJohan Hedberg hci_conn_drop(conn->hcon); 6686f48e260SJohan Hedberg } 6696f48e260SJohan Hedberg 67084794e11SJohan Hedberg static void smp_failure(struct l2cap_conn *conn, u8 reason) 6714f957a76SBrian Gix { 672bab73cb6SJohan Hedberg struct hci_conn *hcon = conn->hcon; 673b68fda68SJohan Hedberg struct l2cap_chan *chan = conn->smp; 674bab73cb6SJohan Hedberg 67584794e11SJohan Hedberg if (reason) 6764f957a76SBrian Gix smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 6774f957a76SBrian Gix &reason); 6784f957a76SBrian Gix 679ce39fb4eSMarcel Holtmann clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags); 680e1e930f5SJohan Hedberg mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE); 681f1c09c07SVinicius Costa Gomes 682fc75cc86SJohan Hedberg if (chan->data) 6834f957a76SBrian Gix smp_chan_destroy(conn); 6844f957a76SBrian Gix } 6854f957a76SBrian Gix 6862b64d153SBrian Gix #define JUST_WORKS 0x00 6872b64d153SBrian Gix #define JUST_CFM 0x01 6882b64d153SBrian Gix #define REQ_PASSKEY 0x02 6892b64d153SBrian Gix #define CFM_PASSKEY 0x03 6902b64d153SBrian Gix #define REQ_OOB 0x04 6915e3d3d9bSJohan Hedberg #define DSP_PASSKEY 0x05 6922b64d153SBrian Gix #define OVERLAP 0xFF 6932b64d153SBrian Gix 6942b64d153SBrian Gix static const u8 gen_method[5][5] = { 6952b64d153SBrian Gix { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 6962b64d153SBrian Gix { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 6972b64d153SBrian Gix { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 6982b64d153SBrian Gix { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 6992b64d153SBrian Gix { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 7002b64d153SBrian Gix }; 7012b64d153SBrian Gix 7025e3d3d9bSJohan Hedberg static const u8 sc_method[5][5] = { 7035e3d3d9bSJohan Hedberg { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 7045e3d3d9bSJohan Hedberg { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 7055e3d3d9bSJohan Hedberg { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY }, 7065e3d3d9bSJohan Hedberg { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 7075e3d3d9bSJohan Hedberg { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 7085e3d3d9bSJohan Hedberg }; 7095e3d3d9bSJohan Hedberg 710581370ccSJohan Hedberg static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) 711581370ccSJohan Hedberg { 7122bcd4003SJohan Hedberg /* If either side has unknown io_caps, use JUST_CFM (which gets 7132bcd4003SJohan Hedberg * converted later to JUST_WORKS if we're initiators. 7142bcd4003SJohan Hedberg */ 715581370ccSJohan Hedberg if (local_io > SMP_IO_KEYBOARD_DISPLAY || 716581370ccSJohan Hedberg remote_io > SMP_IO_KEYBOARD_DISPLAY) 7172bcd4003SJohan Hedberg return JUST_CFM; 718581370ccSJohan Hedberg 7195e3d3d9bSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) 7205e3d3d9bSJohan Hedberg return sc_method[remote_io][local_io]; 7215e3d3d9bSJohan Hedberg 722581370ccSJohan Hedberg return gen_method[remote_io][local_io]; 723581370ccSJohan Hedberg } 724581370ccSJohan Hedberg 7252b64d153SBrian Gix static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, 7262b64d153SBrian Gix u8 local_io, u8 remote_io) 7272b64d153SBrian Gix { 7282b64d153SBrian Gix struct hci_conn *hcon = conn->hcon; 7295d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 7305d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 7312b64d153SBrian Gix u32 passkey = 0; 7322b64d153SBrian Gix int ret = 0; 7332b64d153SBrian Gix 7342b64d153SBrian Gix /* Initialize key for JUST WORKS */ 7352b64d153SBrian Gix memset(smp->tk, 0, sizeof(smp->tk)); 7364a74d658SJohan Hedberg clear_bit(SMP_FLAG_TK_VALID, &smp->flags); 7372b64d153SBrian Gix 7382b64d153SBrian Gix BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); 7392b64d153SBrian Gix 7402bcd4003SJohan Hedberg /* If neither side wants MITM, either "just" confirm an incoming 7412bcd4003SJohan Hedberg * request or use just-works for outgoing ones. The JUST_CFM 7422bcd4003SJohan Hedberg * will be converted to JUST_WORKS if necessary later in this 7432bcd4003SJohan Hedberg * function. If either side has MITM look up the method from the 7442bcd4003SJohan Hedberg * table. 7452bcd4003SJohan Hedberg */ 746581370ccSJohan Hedberg if (!(auth & SMP_AUTH_MITM)) 747783e0574SJohan Hedberg smp->method = JUST_CFM; 7482b64d153SBrian Gix else 749783e0574SJohan Hedberg smp->method = get_auth_method(smp, local_io, remote_io); 7502b64d153SBrian Gix 751a82505c7SJohan Hedberg /* Don't confirm locally initiated pairing attempts */ 752783e0574SJohan Hedberg if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, 753783e0574SJohan Hedberg &smp->flags)) 754783e0574SJohan Hedberg smp->method = JUST_WORKS; 755a82505c7SJohan Hedberg 75602f3e254SJohan Hedberg /* Don't bother user space with no IO capabilities */ 757783e0574SJohan Hedberg if (smp->method == JUST_CFM && 758783e0574SJohan Hedberg hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 759783e0574SJohan Hedberg smp->method = JUST_WORKS; 76002f3e254SJohan Hedberg 7612b64d153SBrian Gix /* If Just Works, Continue with Zero TK */ 762783e0574SJohan Hedberg if (smp->method == JUST_WORKS) { 7634a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 7642b64d153SBrian Gix return 0; 7652b64d153SBrian Gix } 7662b64d153SBrian Gix 7672b64d153SBrian Gix /* Not Just Works/Confirm results in MITM Authentication */ 768783e0574SJohan Hedberg if (smp->method != JUST_CFM) { 7694a74d658SJohan Hedberg set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 7705eb596f5SJohan Hedberg if (hcon->pending_sec_level < BT_SECURITY_HIGH) 7715eb596f5SJohan Hedberg hcon->pending_sec_level = BT_SECURITY_HIGH; 7725eb596f5SJohan Hedberg } 7732b64d153SBrian Gix 7742b64d153SBrian Gix /* If both devices have Keyoard-Display I/O, the master 7752b64d153SBrian Gix * Confirms and the slave Enters the passkey. 7762b64d153SBrian Gix */ 777783e0574SJohan Hedberg if (smp->method == OVERLAP) { 77840bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) 779783e0574SJohan Hedberg smp->method = CFM_PASSKEY; 7802b64d153SBrian Gix else 781783e0574SJohan Hedberg smp->method = REQ_PASSKEY; 7822b64d153SBrian Gix } 7832b64d153SBrian Gix 78401ad34d2SJohan Hedberg /* Generate random passkey. */ 785783e0574SJohan Hedberg if (smp->method == CFM_PASSKEY) { 786943a732aSJohan Hedberg memset(smp->tk, 0, sizeof(smp->tk)); 7872b64d153SBrian Gix get_random_bytes(&passkey, sizeof(passkey)); 7882b64d153SBrian Gix passkey %= 1000000; 789943a732aSJohan Hedberg put_unaligned_le32(passkey, smp->tk); 7902b64d153SBrian Gix BT_DBG("PassKey: %d", passkey); 7914a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 7922b64d153SBrian Gix } 7932b64d153SBrian Gix 794783e0574SJohan Hedberg if (smp->method == REQ_PASSKEY) 795ce39fb4eSMarcel Holtmann ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, 796272d90dfSJohan Hedberg hcon->type, hcon->dst_type); 797783e0574SJohan Hedberg else if (smp->method == JUST_CFM) 7984eb65e66SJohan Hedberg ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, 7994eb65e66SJohan Hedberg hcon->type, hcon->dst_type, 8004eb65e66SJohan Hedberg passkey, 1); 8012b64d153SBrian Gix else 80201ad34d2SJohan Hedberg ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst, 803272d90dfSJohan Hedberg hcon->type, hcon->dst_type, 80439adbffeSJohan Hedberg passkey, 0); 8052b64d153SBrian Gix 8062b64d153SBrian Gix return ret; 8072b64d153SBrian Gix } 8082b64d153SBrian Gix 8091cc61144SJohan Hedberg static u8 smp_confirm(struct smp_chan *smp) 8108aab4757SVinicius Costa Gomes { 8118aab4757SVinicius Costa Gomes struct l2cap_conn *conn = smp->conn; 8128aab4757SVinicius Costa Gomes struct smp_cmd_pairing_confirm cp; 8138aab4757SVinicius Costa Gomes int ret; 8148aab4757SVinicius Costa Gomes 8158aab4757SVinicius Costa Gomes BT_DBG("conn %p", conn); 8168aab4757SVinicius Costa Gomes 817e491eaf3SJohan Hedberg ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp, 818b1cd5fd9SJohan Hedberg conn->hcon->init_addr_type, &conn->hcon->init_addr, 819943a732aSJohan Hedberg conn->hcon->resp_addr_type, &conn->hcon->resp_addr, 820943a732aSJohan Hedberg cp.confirm_val); 8211cc61144SJohan Hedberg if (ret) 8221cc61144SJohan Hedberg return SMP_UNSPECIFIED; 8238aab4757SVinicius Costa Gomes 8244a74d658SJohan Hedberg clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 8252b64d153SBrian Gix 8268aab4757SVinicius Costa Gomes smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 8278aab4757SVinicius Costa Gomes 828b28b4943SJohan Hedberg if (conn->hcon->out) 829b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 830b28b4943SJohan Hedberg else 831b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 832b28b4943SJohan Hedberg 8331cc61144SJohan Hedberg return 0; 8348aab4757SVinicius Costa Gomes } 8358aab4757SVinicius Costa Gomes 836861580a9SJohan Hedberg static u8 smp_random(struct smp_chan *smp) 8378aab4757SVinicius Costa Gomes { 8388aab4757SVinicius Costa Gomes struct l2cap_conn *conn = smp->conn; 8398aab4757SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 840861580a9SJohan Hedberg u8 confirm[16]; 8418aab4757SVinicius Costa Gomes int ret; 8428aab4757SVinicius Costa Gomes 843ec70f36fSJohan Hedberg if (IS_ERR_OR_NULL(smp->tfm_aes)) 844861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8458aab4757SVinicius Costa Gomes 8468aab4757SVinicius Costa Gomes BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 8478aab4757SVinicius Costa Gomes 848e491eaf3SJohan Hedberg ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp, 849b1cd5fd9SJohan Hedberg hcon->init_addr_type, &hcon->init_addr, 850943a732aSJohan Hedberg hcon->resp_addr_type, &hcon->resp_addr, confirm); 851861580a9SJohan Hedberg if (ret) 852861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8538aab4757SVinicius Costa Gomes 8548aab4757SVinicius Costa Gomes if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 8558aab4757SVinicius Costa Gomes BT_ERR("Pairing failed (confirmation values mismatch)"); 856861580a9SJohan Hedberg return SMP_CONFIRM_FAILED; 8578aab4757SVinicius Costa Gomes } 8588aab4757SVinicius Costa Gomes 8598aab4757SVinicius Costa Gomes if (hcon->out) { 860fe39c7b2SMarcel Holtmann u8 stk[16]; 861fe39c7b2SMarcel Holtmann __le64 rand = 0; 862fe39c7b2SMarcel Holtmann __le16 ediv = 0; 8638aab4757SVinicius Costa Gomes 864e491eaf3SJohan Hedberg smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk); 8658aab4757SVinicius Costa Gomes 866f7aa611aSVinicius Costa Gomes memset(stk + smp->enc_key_size, 0, 867f7aa611aSVinicius Costa Gomes SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 8688aab4757SVinicius Costa Gomes 869861580a9SJohan Hedberg if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 870861580a9SJohan Hedberg return SMP_UNSPECIFIED; 8718aab4757SVinicius Costa Gomes 8728aab4757SVinicius Costa Gomes hci_le_start_enc(hcon, ediv, rand, stk); 873f7aa611aSVinicius Costa Gomes hcon->enc_key_size = smp->enc_key_size; 874fe59a05fSJohan Hedberg set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 8758aab4757SVinicius Costa Gomes } else { 876fff3490fSJohan Hedberg u8 stk[16], auth; 877fe39c7b2SMarcel Holtmann __le64 rand = 0; 878fe39c7b2SMarcel Holtmann __le16 ediv = 0; 8798aab4757SVinicius Costa Gomes 880943a732aSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 881943a732aSJohan Hedberg smp->prnd); 8828aab4757SVinicius Costa Gomes 883e491eaf3SJohan Hedberg smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk); 8848aab4757SVinicius Costa Gomes 885f7aa611aSVinicius Costa Gomes memset(stk + smp->enc_key_size, 0, 886f7aa611aSVinicius Costa Gomes SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 8878aab4757SVinicius Costa Gomes 888fff3490fSJohan Hedberg if (hcon->pending_sec_level == BT_SECURITY_HIGH) 889fff3490fSJohan Hedberg auth = 1; 890fff3490fSJohan Hedberg else 891fff3490fSJohan Hedberg auth = 0; 892fff3490fSJohan Hedberg 8937d5843b7SJohan Hedberg /* Even though there's no _SLAVE suffix this is the 8947d5843b7SJohan Hedberg * slave STK we're adding for later lookup (the master 8957d5843b7SJohan Hedberg * STK never needs to be stored). 8967d5843b7SJohan Hedberg */ 897ce39fb4eSMarcel Holtmann hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 8982ceba539SJohan Hedberg SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); 8998aab4757SVinicius Costa Gomes } 9008aab4757SVinicius Costa Gomes 901861580a9SJohan Hedberg return 0; 9028aab4757SVinicius Costa Gomes } 9038aab4757SVinicius Costa Gomes 90444f1a7abSJohan Hedberg static void smp_notify_keys(struct l2cap_conn *conn) 90544f1a7abSJohan Hedberg { 90644f1a7abSJohan Hedberg struct l2cap_chan *chan = conn->smp; 90744f1a7abSJohan Hedberg struct smp_chan *smp = chan->data; 90844f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 90944f1a7abSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 91044f1a7abSJohan Hedberg struct smp_cmd_pairing *req = (void *) &smp->preq[1]; 91144f1a7abSJohan Hedberg struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; 91244f1a7abSJohan Hedberg bool persistent; 91344f1a7abSJohan Hedberg 91444f1a7abSJohan Hedberg if (smp->remote_irk) { 91544f1a7abSJohan Hedberg mgmt_new_irk(hdev, smp->remote_irk); 91644f1a7abSJohan Hedberg /* Now that user space can be considered to know the 91744f1a7abSJohan Hedberg * identity address track the connection based on it 918b5ae344dSJohan Hedberg * from now on (assuming this is an LE link). 91944f1a7abSJohan Hedberg */ 920b5ae344dSJohan Hedberg if (hcon->type == LE_LINK) { 92144f1a7abSJohan Hedberg bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 92244f1a7abSJohan Hedberg hcon->dst_type = smp->remote_irk->addr_type; 923f3d82d0cSJohan Hedberg queue_work(hdev->workqueue, &conn->id_addr_update_work); 924b5ae344dSJohan Hedberg } 92544f1a7abSJohan Hedberg 92644f1a7abSJohan Hedberg /* When receiving an indentity resolving key for 92744f1a7abSJohan Hedberg * a remote device that does not use a resolvable 92844f1a7abSJohan Hedberg * private address, just remove the key so that 92944f1a7abSJohan Hedberg * it is possible to use the controller white 93044f1a7abSJohan Hedberg * list for scanning. 93144f1a7abSJohan Hedberg * 93244f1a7abSJohan Hedberg * Userspace will have been told to not store 93344f1a7abSJohan Hedberg * this key at this point. So it is safe to 93444f1a7abSJohan Hedberg * just remove it. 93544f1a7abSJohan Hedberg */ 93644f1a7abSJohan Hedberg if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { 937adae20cbSJohan Hedberg list_del_rcu(&smp->remote_irk->list); 938adae20cbSJohan Hedberg kfree_rcu(smp->remote_irk, rcu); 93944f1a7abSJohan Hedberg smp->remote_irk = NULL; 94044f1a7abSJohan Hedberg } 94144f1a7abSJohan Hedberg } 94244f1a7abSJohan Hedberg 943b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK) { 944b5ae344dSJohan Hedberg if (hcon->key_type == HCI_LK_DEBUG_COMBINATION) 945b5ae344dSJohan Hedberg persistent = false; 946b5ae344dSJohan Hedberg else 947b5ae344dSJohan Hedberg persistent = !test_bit(HCI_CONN_FLUSH_KEY, 948b5ae344dSJohan Hedberg &hcon->flags); 949b5ae344dSJohan Hedberg } else { 95044f1a7abSJohan Hedberg /* The LTKs and CSRKs should be persistent only if both sides 95144f1a7abSJohan Hedberg * had the bonding bit set in their authentication requests. 95244f1a7abSJohan Hedberg */ 953b5ae344dSJohan Hedberg persistent = !!((req->auth_req & rsp->auth_req) & 954b5ae344dSJohan Hedberg SMP_AUTH_BONDING); 955b5ae344dSJohan Hedberg } 956b5ae344dSJohan Hedberg 95744f1a7abSJohan Hedberg 95844f1a7abSJohan Hedberg if (smp->csrk) { 95944f1a7abSJohan Hedberg smp->csrk->bdaddr_type = hcon->dst_type; 96044f1a7abSJohan Hedberg bacpy(&smp->csrk->bdaddr, &hcon->dst); 96144f1a7abSJohan Hedberg mgmt_new_csrk(hdev, smp->csrk, persistent); 96244f1a7abSJohan Hedberg } 96344f1a7abSJohan Hedberg 96444f1a7abSJohan Hedberg if (smp->slave_csrk) { 96544f1a7abSJohan Hedberg smp->slave_csrk->bdaddr_type = hcon->dst_type; 96644f1a7abSJohan Hedberg bacpy(&smp->slave_csrk->bdaddr, &hcon->dst); 96744f1a7abSJohan Hedberg mgmt_new_csrk(hdev, smp->slave_csrk, persistent); 96844f1a7abSJohan Hedberg } 96944f1a7abSJohan Hedberg 97044f1a7abSJohan Hedberg if (smp->ltk) { 97144f1a7abSJohan Hedberg smp->ltk->bdaddr_type = hcon->dst_type; 97244f1a7abSJohan Hedberg bacpy(&smp->ltk->bdaddr, &hcon->dst); 97344f1a7abSJohan Hedberg mgmt_new_ltk(hdev, smp->ltk, persistent); 97444f1a7abSJohan Hedberg } 97544f1a7abSJohan Hedberg 97644f1a7abSJohan Hedberg if (smp->slave_ltk) { 97744f1a7abSJohan Hedberg smp->slave_ltk->bdaddr_type = hcon->dst_type; 97844f1a7abSJohan Hedberg bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); 97944f1a7abSJohan Hedberg mgmt_new_ltk(hdev, smp->slave_ltk, persistent); 98044f1a7abSJohan Hedberg } 9816a77083aSJohan Hedberg 9826a77083aSJohan Hedberg if (smp->link_key) { 983e3befab9SJohan Hedberg struct link_key *key; 984e3befab9SJohan Hedberg u8 type; 985e3befab9SJohan Hedberg 986e3befab9SJohan Hedberg if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) 987e3befab9SJohan Hedberg type = HCI_LK_DEBUG_COMBINATION; 988e3befab9SJohan Hedberg else if (hcon->sec_level == BT_SECURITY_FIPS) 989e3befab9SJohan Hedberg type = HCI_LK_AUTH_COMBINATION_P256; 990e3befab9SJohan Hedberg else 991e3befab9SJohan Hedberg type = HCI_LK_UNAUTH_COMBINATION_P256; 992e3befab9SJohan Hedberg 993e3befab9SJohan Hedberg key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, 994e3befab9SJohan Hedberg smp->link_key, type, 0, &persistent); 995e3befab9SJohan Hedberg if (key) { 996e3befab9SJohan Hedberg mgmt_new_link_key(hdev, key, persistent); 997e3befab9SJohan Hedberg 998e3befab9SJohan Hedberg /* Don't keep debug keys around if the relevant 999e3befab9SJohan Hedberg * flag is not set. 1000e3befab9SJohan Hedberg */ 1001e3befab9SJohan Hedberg if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) && 1002e3befab9SJohan Hedberg key->type == HCI_LK_DEBUG_COMBINATION) { 1003e3befab9SJohan Hedberg list_del_rcu(&key->list); 1004e3befab9SJohan Hedberg kfree_rcu(key, rcu); 1005e3befab9SJohan Hedberg } 1006e3befab9SJohan Hedberg } 10076a77083aSJohan Hedberg } 10086a77083aSJohan Hedberg } 10096a77083aSJohan Hedberg 1010d3e54a87SJohan Hedberg static void sc_add_ltk(struct smp_chan *smp) 1011d3e54a87SJohan Hedberg { 1012d3e54a87SJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1013d3e54a87SJohan Hedberg u8 key_type, auth; 1014d3e54a87SJohan Hedberg 1015d3e54a87SJohan Hedberg if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags)) 1016d3e54a87SJohan Hedberg key_type = SMP_LTK_P256_DEBUG; 1017d3e54a87SJohan Hedberg else 1018d3e54a87SJohan Hedberg key_type = SMP_LTK_P256; 1019d3e54a87SJohan Hedberg 1020d3e54a87SJohan Hedberg if (hcon->pending_sec_level == BT_SECURITY_FIPS) 1021d3e54a87SJohan Hedberg auth = 1; 1022d3e54a87SJohan Hedberg else 1023d3e54a87SJohan Hedberg auth = 0; 1024d3e54a87SJohan Hedberg 1025d3e54a87SJohan Hedberg memset(smp->tk + smp->enc_key_size, 0, 1026d3e54a87SJohan Hedberg SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 1027d3e54a87SJohan Hedberg 1028d3e54a87SJohan Hedberg smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 1029d3e54a87SJohan Hedberg key_type, auth, smp->tk, smp->enc_key_size, 1030d3e54a87SJohan Hedberg 0, 0); 1031d3e54a87SJohan Hedberg } 1032d3e54a87SJohan Hedberg 10336a77083aSJohan Hedberg static void sc_generate_link_key(struct smp_chan *smp) 10346a77083aSJohan Hedberg { 10356a77083aSJohan Hedberg /* These constants are as specified in the core specification. 10366a77083aSJohan Hedberg * In ASCII they spell out to 'tmp1' and 'lebr'. 10376a77083aSJohan Hedberg */ 10386a77083aSJohan Hedberg const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 }; 10396a77083aSJohan Hedberg const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c }; 10406a77083aSJohan Hedberg 10416a77083aSJohan Hedberg smp->link_key = kzalloc(16, GFP_KERNEL); 10426a77083aSJohan Hedberg if (!smp->link_key) 10436a77083aSJohan Hedberg return; 10446a77083aSJohan Hedberg 10456a77083aSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) { 10466a77083aSJohan Hedberg kfree(smp->link_key); 10476a77083aSJohan Hedberg smp->link_key = NULL; 10486a77083aSJohan Hedberg return; 10496a77083aSJohan Hedberg } 10506a77083aSJohan Hedberg 10516a77083aSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) { 10526a77083aSJohan Hedberg kfree(smp->link_key); 10536a77083aSJohan Hedberg smp->link_key = NULL; 10546a77083aSJohan Hedberg return; 10556a77083aSJohan Hedberg } 105644f1a7abSJohan Hedberg } 105744f1a7abSJohan Hedberg 1058b28b4943SJohan Hedberg static void smp_allow_key_dist(struct smp_chan *smp) 1059b28b4943SJohan Hedberg { 1060b28b4943SJohan Hedberg /* Allow the first expected phase 3 PDU. The rest of the PDUs 1061b28b4943SJohan Hedberg * will be allowed in each PDU handler to ensure we receive 1062b28b4943SJohan Hedberg * them in the correct order. 1063b28b4943SJohan Hedberg */ 1064b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_ENC_KEY) 1065b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO); 1066b28b4943SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_ID_KEY) 1067b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); 1068b28b4943SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_SIGN) 1069b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 1070b28b4943SJohan Hedberg } 1071b28b4943SJohan Hedberg 1072b5ae344dSJohan Hedberg static void sc_generate_ltk(struct smp_chan *smp) 1073b5ae344dSJohan Hedberg { 1074b5ae344dSJohan Hedberg /* These constants are as specified in the core specification. 1075b5ae344dSJohan Hedberg * In ASCII they spell out to 'tmp2' and 'brle'. 1076b5ae344dSJohan Hedberg */ 1077b5ae344dSJohan Hedberg const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 }; 1078b5ae344dSJohan Hedberg const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 }; 1079b5ae344dSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1080b5ae344dSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 1081b5ae344dSJohan Hedberg struct link_key *key; 1082b5ae344dSJohan Hedberg 1083b5ae344dSJohan Hedberg key = hci_find_link_key(hdev, &hcon->dst); 1084b5ae344dSJohan Hedberg if (!key) { 1085b5ae344dSJohan Hedberg BT_ERR("%s No Link Key found to generate LTK", hdev->name); 1086b5ae344dSJohan Hedberg return; 1087b5ae344dSJohan Hedberg } 1088b5ae344dSJohan Hedberg 1089b5ae344dSJohan Hedberg if (key->type == HCI_LK_DEBUG_COMBINATION) 1090b5ae344dSJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 1091b5ae344dSJohan Hedberg 1092b5ae344dSJohan Hedberg if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk)) 1093b5ae344dSJohan Hedberg return; 1094b5ae344dSJohan Hedberg 1095b5ae344dSJohan Hedberg if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk)) 1096b5ae344dSJohan Hedberg return; 1097b5ae344dSJohan Hedberg 1098b5ae344dSJohan Hedberg sc_add_ltk(smp); 1099b5ae344dSJohan Hedberg } 1100b5ae344dSJohan Hedberg 1101d6268e86SJohan Hedberg static void smp_distribute_keys(struct smp_chan *smp) 110244f1a7abSJohan Hedberg { 110344f1a7abSJohan Hedberg struct smp_cmd_pairing *req, *rsp; 110486d1407cSJohan Hedberg struct l2cap_conn *conn = smp->conn; 110544f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 110644f1a7abSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 110744f1a7abSJohan Hedberg __u8 *keydist; 110844f1a7abSJohan Hedberg 110944f1a7abSJohan Hedberg BT_DBG("conn %p", conn); 111044f1a7abSJohan Hedberg 111144f1a7abSJohan Hedberg rsp = (void *) &smp->prsp[1]; 111244f1a7abSJohan Hedberg 111344f1a7abSJohan Hedberg /* The responder sends its keys first */ 1114b28b4943SJohan Hedberg if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) { 1115b28b4943SJohan Hedberg smp_allow_key_dist(smp); 111686d1407cSJohan Hedberg return; 1117b28b4943SJohan Hedberg } 111844f1a7abSJohan Hedberg 111944f1a7abSJohan Hedberg req = (void *) &smp->preq[1]; 112044f1a7abSJohan Hedberg 112144f1a7abSJohan Hedberg if (hcon->out) { 112244f1a7abSJohan Hedberg keydist = &rsp->init_key_dist; 112344f1a7abSJohan Hedberg *keydist &= req->init_key_dist; 112444f1a7abSJohan Hedberg } else { 112544f1a7abSJohan Hedberg keydist = &rsp->resp_key_dist; 112644f1a7abSJohan Hedberg *keydist &= req->resp_key_dist; 112744f1a7abSJohan Hedberg } 112844f1a7abSJohan Hedberg 11296a77083aSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 1130b5ae344dSJohan Hedberg if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY)) 11316a77083aSJohan Hedberg sc_generate_link_key(smp); 1132b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY)) 1133b5ae344dSJohan Hedberg sc_generate_ltk(smp); 11346a77083aSJohan Hedberg 11356a77083aSJohan Hedberg /* Clear the keys which are generated but not distributed */ 11366a77083aSJohan Hedberg *keydist &= ~SMP_SC_NO_DIST; 11376a77083aSJohan Hedberg } 11386a77083aSJohan Hedberg 113944f1a7abSJohan Hedberg BT_DBG("keydist 0x%x", *keydist); 114044f1a7abSJohan Hedberg 114144f1a7abSJohan Hedberg if (*keydist & SMP_DIST_ENC_KEY) { 114244f1a7abSJohan Hedberg struct smp_cmd_encrypt_info enc; 114344f1a7abSJohan Hedberg struct smp_cmd_master_ident ident; 114444f1a7abSJohan Hedberg struct smp_ltk *ltk; 114544f1a7abSJohan Hedberg u8 authenticated; 114644f1a7abSJohan Hedberg __le16 ediv; 114744f1a7abSJohan Hedberg __le64 rand; 114844f1a7abSJohan Hedberg 114944f1a7abSJohan Hedberg get_random_bytes(enc.ltk, sizeof(enc.ltk)); 115044f1a7abSJohan Hedberg get_random_bytes(&ediv, sizeof(ediv)); 115144f1a7abSJohan Hedberg get_random_bytes(&rand, sizeof(rand)); 115244f1a7abSJohan Hedberg 115344f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 115444f1a7abSJohan Hedberg 115544f1a7abSJohan Hedberg authenticated = hcon->sec_level == BT_SECURITY_HIGH; 115644f1a7abSJohan Hedberg ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, 115744f1a7abSJohan Hedberg SMP_LTK_SLAVE, authenticated, enc.ltk, 115844f1a7abSJohan Hedberg smp->enc_key_size, ediv, rand); 115944f1a7abSJohan Hedberg smp->slave_ltk = ltk; 116044f1a7abSJohan Hedberg 116144f1a7abSJohan Hedberg ident.ediv = ediv; 116244f1a7abSJohan Hedberg ident.rand = rand; 116344f1a7abSJohan Hedberg 116444f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); 116544f1a7abSJohan Hedberg 116644f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_ENC_KEY; 116744f1a7abSJohan Hedberg } 116844f1a7abSJohan Hedberg 116944f1a7abSJohan Hedberg if (*keydist & SMP_DIST_ID_KEY) { 117044f1a7abSJohan Hedberg struct smp_cmd_ident_addr_info addrinfo; 117144f1a7abSJohan Hedberg struct smp_cmd_ident_info idinfo; 117244f1a7abSJohan Hedberg 117344f1a7abSJohan Hedberg memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk)); 117444f1a7abSJohan Hedberg 117544f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); 117644f1a7abSJohan Hedberg 117744f1a7abSJohan Hedberg /* The hci_conn contains the local identity address 117844f1a7abSJohan Hedberg * after the connection has been established. 117944f1a7abSJohan Hedberg * 118044f1a7abSJohan Hedberg * This is true even when the connection has been 118144f1a7abSJohan Hedberg * established using a resolvable random address. 118244f1a7abSJohan Hedberg */ 118344f1a7abSJohan Hedberg bacpy(&addrinfo.bdaddr, &hcon->src); 118444f1a7abSJohan Hedberg addrinfo.addr_type = hcon->src_type; 118544f1a7abSJohan Hedberg 118644f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), 118744f1a7abSJohan Hedberg &addrinfo); 118844f1a7abSJohan Hedberg 118944f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_ID_KEY; 119044f1a7abSJohan Hedberg } 119144f1a7abSJohan Hedberg 119244f1a7abSJohan Hedberg if (*keydist & SMP_DIST_SIGN) { 119344f1a7abSJohan Hedberg struct smp_cmd_sign_info sign; 119444f1a7abSJohan Hedberg struct smp_csrk *csrk; 119544f1a7abSJohan Hedberg 119644f1a7abSJohan Hedberg /* Generate a new random key */ 119744f1a7abSJohan Hedberg get_random_bytes(sign.csrk, sizeof(sign.csrk)); 119844f1a7abSJohan Hedberg 119944f1a7abSJohan Hedberg csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 120044f1a7abSJohan Hedberg if (csrk) { 120144f1a7abSJohan Hedberg csrk->master = 0x00; 120244f1a7abSJohan Hedberg memcpy(csrk->val, sign.csrk, sizeof(csrk->val)); 120344f1a7abSJohan Hedberg } 120444f1a7abSJohan Hedberg smp->slave_csrk = csrk; 120544f1a7abSJohan Hedberg 120644f1a7abSJohan Hedberg smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign); 120744f1a7abSJohan Hedberg 120844f1a7abSJohan Hedberg *keydist &= ~SMP_DIST_SIGN; 120944f1a7abSJohan Hedberg } 121044f1a7abSJohan Hedberg 121144f1a7abSJohan Hedberg /* If there are still keys to be received wait for them */ 1212b28b4943SJohan Hedberg if (smp->remote_key_dist & KEY_DIST_MASK) { 1213b28b4943SJohan Hedberg smp_allow_key_dist(smp); 121486d1407cSJohan Hedberg return; 1215b28b4943SJohan Hedberg } 121644f1a7abSJohan Hedberg 121744f1a7abSJohan Hedberg set_bit(SMP_FLAG_COMPLETE, &smp->flags); 121844f1a7abSJohan Hedberg smp_notify_keys(conn); 121944f1a7abSJohan Hedberg 122044f1a7abSJohan Hedberg smp_chan_destroy(conn); 122144f1a7abSJohan Hedberg } 122244f1a7abSJohan Hedberg 1223b68fda68SJohan Hedberg static void smp_timeout(struct work_struct *work) 1224b68fda68SJohan Hedberg { 1225b68fda68SJohan Hedberg struct smp_chan *smp = container_of(work, struct smp_chan, 1226b68fda68SJohan Hedberg security_timer.work); 1227b68fda68SJohan Hedberg struct l2cap_conn *conn = smp->conn; 1228b68fda68SJohan Hedberg 1229b68fda68SJohan Hedberg BT_DBG("conn %p", conn); 1230b68fda68SJohan Hedberg 12311e91c29eSJohan Hedberg hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM); 1232b68fda68SJohan Hedberg } 1233b68fda68SJohan Hedberg 12348aab4757SVinicius Costa Gomes static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 12358aab4757SVinicius Costa Gomes { 12365d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 12378aab4757SVinicius Costa Gomes struct smp_chan *smp; 12388aab4757SVinicius Costa Gomes 1239f1560463SMarcel Holtmann smp = kzalloc(sizeof(*smp), GFP_ATOMIC); 1240fc75cc86SJohan Hedberg if (!smp) 12418aab4757SVinicius Costa Gomes return NULL; 12428aab4757SVinicius Costa Gomes 12436a7bd103SJohan Hedberg smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 12446a7bd103SJohan Hedberg if (IS_ERR(smp->tfm_aes)) { 12456a7bd103SJohan Hedberg BT_ERR("Unable to create ECB crypto context"); 12466a7bd103SJohan Hedberg kfree(smp); 12476a7bd103SJohan Hedberg return NULL; 12486a7bd103SJohan Hedberg } 12496a7bd103SJohan Hedberg 1250407cecf6SJohan Hedberg smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC); 1251407cecf6SJohan Hedberg if (IS_ERR(smp->tfm_cmac)) { 1252407cecf6SJohan Hedberg BT_ERR("Unable to create CMAC crypto context"); 1253407cecf6SJohan Hedberg crypto_free_blkcipher(smp->tfm_aes); 1254407cecf6SJohan Hedberg kfree(smp); 1255407cecf6SJohan Hedberg return NULL; 1256407cecf6SJohan Hedberg } 1257407cecf6SJohan Hedberg 12588aab4757SVinicius Costa Gomes smp->conn = conn; 12595d88cc73SJohan Hedberg chan->data = smp; 12608aab4757SVinicius Costa Gomes 1261b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL); 1262b28b4943SJohan Hedberg 1263b68fda68SJohan Hedberg INIT_DELAYED_WORK(&smp->security_timer, smp_timeout); 1264b68fda68SJohan Hedberg 12658aab4757SVinicius Costa Gomes hci_conn_hold(conn->hcon); 12668aab4757SVinicius Costa Gomes 12678aab4757SVinicius Costa Gomes return smp; 12688aab4757SVinicius Costa Gomes } 12698aab4757SVinicius Costa Gomes 1270760b018bSJohan Hedberg static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16]) 1271760b018bSJohan Hedberg { 1272760b018bSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1273760b018bSJohan Hedberg u8 *na, *nb, a[7], b[7]; 1274760b018bSJohan Hedberg 1275760b018bSJohan Hedberg if (hcon->out) { 1276760b018bSJohan Hedberg na = smp->prnd; 1277760b018bSJohan Hedberg nb = smp->rrnd; 1278760b018bSJohan Hedberg } else { 1279760b018bSJohan Hedberg na = smp->rrnd; 1280760b018bSJohan Hedberg nb = smp->prnd; 1281760b018bSJohan Hedberg } 1282760b018bSJohan Hedberg 1283760b018bSJohan Hedberg memcpy(a, &hcon->init_addr, 6); 1284760b018bSJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 1285760b018bSJohan Hedberg a[6] = hcon->init_addr_type; 1286760b018bSJohan Hedberg b[6] = hcon->resp_addr_type; 1287760b018bSJohan Hedberg 1288760b018bSJohan Hedberg return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk); 1289760b018bSJohan Hedberg } 1290760b018bSJohan Hedberg 129138606f14SJohan Hedberg static void sc_dhkey_check(struct smp_chan *smp) 1292760b018bSJohan Hedberg { 1293760b018bSJohan Hedberg struct hci_conn *hcon = smp->conn->hcon; 1294760b018bSJohan Hedberg struct smp_cmd_dhkey_check check; 1295760b018bSJohan Hedberg u8 a[7], b[7], *local_addr, *remote_addr; 1296760b018bSJohan Hedberg u8 io_cap[3], r[16]; 1297760b018bSJohan Hedberg 1298760b018bSJohan Hedberg memcpy(a, &hcon->init_addr, 6); 1299760b018bSJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 1300760b018bSJohan Hedberg a[6] = hcon->init_addr_type; 1301760b018bSJohan Hedberg b[6] = hcon->resp_addr_type; 1302760b018bSJohan Hedberg 1303760b018bSJohan Hedberg if (hcon->out) { 1304760b018bSJohan Hedberg local_addr = a; 1305760b018bSJohan Hedberg remote_addr = b; 1306760b018bSJohan Hedberg memcpy(io_cap, &smp->preq[1], 3); 1307760b018bSJohan Hedberg } else { 1308760b018bSJohan Hedberg local_addr = b; 1309760b018bSJohan Hedberg remote_addr = a; 1310760b018bSJohan Hedberg memcpy(io_cap, &smp->prsp[1], 3); 1311760b018bSJohan Hedberg } 1312760b018bSJohan Hedberg 1313dddd3059SJohan Hedberg memset(r, 0, sizeof(r)); 1314dddd3059SJohan Hedberg 1315dddd3059SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 131638606f14SJohan Hedberg put_unaligned_le32(hcon->passkey_notify, r); 1317760b018bSJohan Hedberg 1318760b018bSJohan Hedberg smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap, 1319760b018bSJohan Hedberg local_addr, remote_addr, check.e); 1320760b018bSJohan Hedberg 1321760b018bSJohan Hedberg smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check); 1322dddd3059SJohan Hedberg } 1323dddd3059SJohan Hedberg 132438606f14SJohan Hedberg static u8 sc_passkey_send_confirm(struct smp_chan *smp) 132538606f14SJohan Hedberg { 132638606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 132738606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 132838606f14SJohan Hedberg struct smp_cmd_pairing_confirm cfm; 132938606f14SJohan Hedberg u8 r; 133038606f14SJohan Hedberg 133138606f14SJohan Hedberg r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); 133238606f14SJohan Hedberg r |= 0x80; 133338606f14SJohan Hedberg 133438606f14SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 133538606f14SJohan Hedberg 133638606f14SJohan Hedberg if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r, 133738606f14SJohan Hedberg cfm.confirm_val)) 133838606f14SJohan Hedberg return SMP_UNSPECIFIED; 133938606f14SJohan Hedberg 134038606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm); 134138606f14SJohan Hedberg 134238606f14SJohan Hedberg return 0; 134338606f14SJohan Hedberg } 134438606f14SJohan Hedberg 134538606f14SJohan Hedberg static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op) 134638606f14SJohan Hedberg { 134738606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 134838606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 134938606f14SJohan Hedberg struct hci_dev *hdev = hcon->hdev; 135038606f14SJohan Hedberg u8 cfm[16], r; 135138606f14SJohan Hedberg 135238606f14SJohan Hedberg /* Ignore the PDU if we've already done 20 rounds (0 - 19) */ 135338606f14SJohan Hedberg if (smp->passkey_round >= 20) 135438606f14SJohan Hedberg return 0; 135538606f14SJohan Hedberg 135638606f14SJohan Hedberg switch (smp_op) { 135738606f14SJohan Hedberg case SMP_CMD_PAIRING_RANDOM: 135838606f14SJohan Hedberg r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01); 135938606f14SJohan Hedberg r |= 0x80; 136038606f14SJohan Hedberg 136138606f14SJohan Hedberg if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, 136238606f14SJohan Hedberg smp->rrnd, r, cfm)) 136338606f14SJohan Hedberg return SMP_UNSPECIFIED; 136438606f14SJohan Hedberg 136538606f14SJohan Hedberg if (memcmp(smp->pcnf, cfm, 16)) 136638606f14SJohan Hedberg return SMP_CONFIRM_FAILED; 136738606f14SJohan Hedberg 136838606f14SJohan Hedberg smp->passkey_round++; 136938606f14SJohan Hedberg 137038606f14SJohan Hedberg if (smp->passkey_round == 20) { 137138606f14SJohan Hedberg /* Generate MacKey and LTK */ 137238606f14SJohan Hedberg if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk)) 137338606f14SJohan Hedberg return SMP_UNSPECIFIED; 137438606f14SJohan Hedberg } 137538606f14SJohan Hedberg 137638606f14SJohan Hedberg /* The round is only complete when the initiator 137738606f14SJohan Hedberg * receives pairing random. 137838606f14SJohan Hedberg */ 137938606f14SJohan Hedberg if (!hcon->out) { 138038606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, 138138606f14SJohan Hedberg sizeof(smp->prnd), smp->prnd); 1382d3e54a87SJohan Hedberg if (smp->passkey_round == 20) 138338606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1384d3e54a87SJohan Hedberg else 138538606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 138638606f14SJohan Hedberg return 0; 138738606f14SJohan Hedberg } 138838606f14SJohan Hedberg 138938606f14SJohan Hedberg /* Start the next round */ 139038606f14SJohan Hedberg if (smp->passkey_round != 20) 139138606f14SJohan Hedberg return sc_passkey_round(smp, 0); 139238606f14SJohan Hedberg 139338606f14SJohan Hedberg /* Passkey rounds are complete - start DHKey Check */ 139438606f14SJohan Hedberg sc_dhkey_check(smp); 139538606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 139638606f14SJohan Hedberg 139738606f14SJohan Hedberg break; 139838606f14SJohan Hedberg 139938606f14SJohan Hedberg case SMP_CMD_PAIRING_CONFIRM: 140038606f14SJohan Hedberg if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { 140138606f14SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 140238606f14SJohan Hedberg return 0; 140338606f14SJohan Hedberg } 140438606f14SJohan Hedberg 140538606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 140638606f14SJohan Hedberg 140738606f14SJohan Hedberg if (hcon->out) { 140838606f14SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, 140938606f14SJohan Hedberg sizeof(smp->prnd), smp->prnd); 141038606f14SJohan Hedberg return 0; 141138606f14SJohan Hedberg } 141238606f14SJohan Hedberg 141338606f14SJohan Hedberg return sc_passkey_send_confirm(smp); 141438606f14SJohan Hedberg 141538606f14SJohan Hedberg case SMP_CMD_PUBLIC_KEY: 141638606f14SJohan Hedberg default: 141738606f14SJohan Hedberg /* Initiating device starts the round */ 141838606f14SJohan Hedberg if (!hcon->out) 141938606f14SJohan Hedberg return 0; 142038606f14SJohan Hedberg 142138606f14SJohan Hedberg BT_DBG("%s Starting passkey round %u", hdev->name, 142238606f14SJohan Hedberg smp->passkey_round + 1); 142338606f14SJohan Hedberg 142438606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 142538606f14SJohan Hedberg 142638606f14SJohan Hedberg return sc_passkey_send_confirm(smp); 142738606f14SJohan Hedberg } 142838606f14SJohan Hedberg 142938606f14SJohan Hedberg return 0; 143038606f14SJohan Hedberg } 143138606f14SJohan Hedberg 1432dddd3059SJohan Hedberg static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey) 1433dddd3059SJohan Hedberg { 143438606f14SJohan Hedberg struct l2cap_conn *conn = smp->conn; 143538606f14SJohan Hedberg struct hci_conn *hcon = conn->hcon; 143638606f14SJohan Hedberg u8 smp_op; 143738606f14SJohan Hedberg 143838606f14SJohan Hedberg clear_bit(SMP_FLAG_WAIT_USER, &smp->flags); 143938606f14SJohan Hedberg 1440dddd3059SJohan Hedberg switch (mgmt_op) { 1441dddd3059SJohan Hedberg case MGMT_OP_USER_PASSKEY_NEG_REPLY: 1442dddd3059SJohan Hedberg smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED); 1443dddd3059SJohan Hedberg return 0; 1444dddd3059SJohan Hedberg case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1445dddd3059SJohan Hedberg smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED); 1446dddd3059SJohan Hedberg return 0; 144738606f14SJohan Hedberg case MGMT_OP_USER_PASSKEY_REPLY: 144838606f14SJohan Hedberg hcon->passkey_notify = le32_to_cpu(passkey); 144938606f14SJohan Hedberg smp->passkey_round = 0; 145038606f14SJohan Hedberg 145138606f14SJohan Hedberg if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) 145238606f14SJohan Hedberg smp_op = SMP_CMD_PAIRING_CONFIRM; 145338606f14SJohan Hedberg else 145438606f14SJohan Hedberg smp_op = 0; 145538606f14SJohan Hedberg 145638606f14SJohan Hedberg if (sc_passkey_round(smp, smp_op)) 145738606f14SJohan Hedberg return -EIO; 145838606f14SJohan Hedberg 145938606f14SJohan Hedberg return 0; 1460dddd3059SJohan Hedberg } 1461dddd3059SJohan Hedberg 1462d3e54a87SJohan Hedberg /* Initiator sends DHKey check first */ 1463d3e54a87SJohan Hedberg if (hcon->out) { 146438606f14SJohan Hedberg sc_dhkey_check(smp); 1465d3e54a87SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1466d3e54a87SJohan Hedberg } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) { 1467d3e54a87SJohan Hedberg sc_dhkey_check(smp); 1468d3e54a87SJohan Hedberg sc_add_ltk(smp); 1469d3e54a87SJohan Hedberg } 1470760b018bSJohan Hedberg 1471760b018bSJohan Hedberg return 0; 1472760b018bSJohan Hedberg } 1473760b018bSJohan Hedberg 14742b64d153SBrian Gix int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 14752b64d153SBrian Gix { 1476b10e8017SJohan Hedberg struct l2cap_conn *conn = hcon->l2cap_data; 14775d88cc73SJohan Hedberg struct l2cap_chan *chan; 14782b64d153SBrian Gix struct smp_chan *smp; 14792b64d153SBrian Gix u32 value; 1480fc75cc86SJohan Hedberg int err; 14812b64d153SBrian Gix 14822b64d153SBrian Gix BT_DBG(""); 14832b64d153SBrian Gix 1484fc75cc86SJohan Hedberg if (!conn) 14852b64d153SBrian Gix return -ENOTCONN; 14862b64d153SBrian Gix 14875d88cc73SJohan Hedberg chan = conn->smp; 14885d88cc73SJohan Hedberg if (!chan) 14895d88cc73SJohan Hedberg return -ENOTCONN; 14905d88cc73SJohan Hedberg 1491fc75cc86SJohan Hedberg l2cap_chan_lock(chan); 1492fc75cc86SJohan Hedberg if (!chan->data) { 1493fc75cc86SJohan Hedberg err = -ENOTCONN; 1494fc75cc86SJohan Hedberg goto unlock; 1495fc75cc86SJohan Hedberg } 1496fc75cc86SJohan Hedberg 14975d88cc73SJohan Hedberg smp = chan->data; 14982b64d153SBrian Gix 1499760b018bSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 1500760b018bSJohan Hedberg err = sc_user_reply(smp, mgmt_op, passkey); 1501760b018bSJohan Hedberg goto unlock; 1502760b018bSJohan Hedberg } 1503760b018bSJohan Hedberg 15042b64d153SBrian Gix switch (mgmt_op) { 15052b64d153SBrian Gix case MGMT_OP_USER_PASSKEY_REPLY: 15062b64d153SBrian Gix value = le32_to_cpu(passkey); 1507943a732aSJohan Hedberg memset(smp->tk, 0, sizeof(smp->tk)); 15082b64d153SBrian Gix BT_DBG("PassKey: %d", value); 1509943a732aSJohan Hedberg put_unaligned_le32(value, smp->tk); 15102b64d153SBrian Gix /* Fall Through */ 15112b64d153SBrian Gix case MGMT_OP_USER_CONFIRM_REPLY: 15124a74d658SJohan Hedberg set_bit(SMP_FLAG_TK_VALID, &smp->flags); 15132b64d153SBrian Gix break; 15142b64d153SBrian Gix case MGMT_OP_USER_PASSKEY_NEG_REPLY: 15152b64d153SBrian Gix case MGMT_OP_USER_CONFIRM_NEG_REPLY: 151684794e11SJohan Hedberg smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 1517fc75cc86SJohan Hedberg err = 0; 1518fc75cc86SJohan Hedberg goto unlock; 15192b64d153SBrian Gix default: 152084794e11SJohan Hedberg smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 1521fc75cc86SJohan Hedberg err = -EOPNOTSUPP; 1522fc75cc86SJohan Hedberg goto unlock; 15232b64d153SBrian Gix } 15242b64d153SBrian Gix 1525fc75cc86SJohan Hedberg err = 0; 1526fc75cc86SJohan Hedberg 15272b64d153SBrian Gix /* If it is our turn to send Pairing Confirm, do so now */ 15281cc61144SJohan Hedberg if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { 15291cc61144SJohan Hedberg u8 rsp = smp_confirm(smp); 15301cc61144SJohan Hedberg if (rsp) 15311cc61144SJohan Hedberg smp_failure(conn, rsp); 15321cc61144SJohan Hedberg } 15332b64d153SBrian Gix 1534fc75cc86SJohan Hedberg unlock: 1535fc75cc86SJohan Hedberg l2cap_chan_unlock(chan); 1536fc75cc86SJohan Hedberg return err; 15372b64d153SBrian Gix } 15382b64d153SBrian Gix 1539b5ae344dSJohan Hedberg static void build_bredr_pairing_cmd(struct smp_chan *smp, 1540b5ae344dSJohan Hedberg struct smp_cmd_pairing *req, 1541b5ae344dSJohan Hedberg struct smp_cmd_pairing *rsp) 1542b5ae344dSJohan Hedberg { 1543b5ae344dSJohan Hedberg struct l2cap_conn *conn = smp->conn; 1544b5ae344dSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 1545b5ae344dSJohan Hedberg u8 local_dist = 0, remote_dist = 0; 1546b5ae344dSJohan Hedberg 1547b5ae344dSJohan Hedberg if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) { 1548b5ae344dSJohan Hedberg local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 1549b5ae344dSJohan Hedberg remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 1550b5ae344dSJohan Hedberg } 1551b5ae344dSJohan Hedberg 1552b5ae344dSJohan Hedberg if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) 1553b5ae344dSJohan Hedberg remote_dist |= SMP_DIST_ID_KEY; 1554b5ae344dSJohan Hedberg 1555b5ae344dSJohan Hedberg if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 1556b5ae344dSJohan Hedberg local_dist |= SMP_DIST_ID_KEY; 1557b5ae344dSJohan Hedberg 1558b5ae344dSJohan Hedberg if (!rsp) { 1559b5ae344dSJohan Hedberg memset(req, 0, sizeof(*req)); 1560b5ae344dSJohan Hedberg 1561b5ae344dSJohan Hedberg req->init_key_dist = local_dist; 1562b5ae344dSJohan Hedberg req->resp_key_dist = remote_dist; 1563b5ae344dSJohan Hedberg req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 1564b5ae344dSJohan Hedberg 1565b5ae344dSJohan Hedberg smp->remote_key_dist = remote_dist; 1566b5ae344dSJohan Hedberg 1567b5ae344dSJohan Hedberg return; 1568b5ae344dSJohan Hedberg } 1569b5ae344dSJohan Hedberg 1570b5ae344dSJohan Hedberg memset(rsp, 0, sizeof(*rsp)); 1571b5ae344dSJohan Hedberg 1572b5ae344dSJohan Hedberg rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 1573b5ae344dSJohan Hedberg rsp->init_key_dist = req->init_key_dist & remote_dist; 1574b5ae344dSJohan Hedberg rsp->resp_key_dist = req->resp_key_dist & local_dist; 1575b5ae344dSJohan Hedberg 1576b5ae344dSJohan Hedberg smp->remote_key_dist = rsp->init_key_dist; 1577b5ae344dSJohan Hedberg } 1578b5ae344dSJohan Hedberg 1579da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 158088ba43b6SAnderson Briglia { 15813158c50cSVinicius Costa Gomes struct smp_cmd_pairing rsp, *req = (void *) skb->data; 1582fc75cc86SJohan Hedberg struct l2cap_chan *chan = conn->smp; 1583b3c6410bSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 15848aab4757SVinicius Costa Gomes struct smp_chan *smp; 1585c7262e71SJohan Hedberg u8 key_size, auth, sec_level; 15868aab4757SVinicius Costa Gomes int ret; 158788ba43b6SAnderson Briglia 158888ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 158988ba43b6SAnderson Briglia 1590c46b98beSJohan Hedberg if (skb->len < sizeof(*req)) 159138e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1592c46b98beSJohan Hedberg 159340bef302SJohan Hedberg if (conn->hcon->role != HCI_ROLE_SLAVE) 15942b64d153SBrian Gix return SMP_CMD_NOTSUPP; 15952b64d153SBrian Gix 1596fc75cc86SJohan Hedberg if (!chan->data) 15978aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 1598fc75cc86SJohan Hedberg else 15995d88cc73SJohan Hedberg smp = chan->data; 1600d26a2345SVinicius Costa Gomes 1601d08fd0e7SAndrei Emeltchenko if (!smp) 1602d08fd0e7SAndrei Emeltchenko return SMP_UNSPECIFIED; 1603d08fd0e7SAndrei Emeltchenko 1604c05b9339SJohan Hedberg /* We didn't start the pairing, so match remote */ 16050edb14deSJohan Hedberg auth = req->auth_req & AUTH_REQ_MASK(hdev); 1606c05b9339SJohan Hedberg 1607b6ae8457SJohan Hedberg if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && 1608c05b9339SJohan Hedberg (auth & SMP_AUTH_BONDING)) 1609b3c6410bSJohan Hedberg return SMP_PAIRING_NOTSUPP; 1610b3c6410bSJohan Hedberg 16111c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 16121c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], req, sizeof(*req)); 16133158c50cSVinicius Costa Gomes skb_pull(skb, sizeof(*req)); 161488ba43b6SAnderson Briglia 1615b5ae344dSJohan Hedberg /* SMP over BR/EDR requires special treatment */ 1616b5ae344dSJohan Hedberg if (conn->hcon->type == ACL_LINK) { 1617b5ae344dSJohan Hedberg /* We must have a BR/EDR SC link */ 1618b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags)) 1619b5ae344dSJohan Hedberg return SMP_CROSS_TRANSP_NOT_ALLOWED; 1620b5ae344dSJohan Hedberg 1621b5ae344dSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 1622b5ae344dSJohan Hedberg 1623b5ae344dSJohan Hedberg build_bredr_pairing_cmd(smp, req, &rsp); 1624b5ae344dSJohan Hedberg 1625b5ae344dSJohan Hedberg key_size = min(req->max_key_size, rsp.max_key_size); 1626b5ae344dSJohan Hedberg if (check_enc_key_size(conn, key_size)) 1627b5ae344dSJohan Hedberg return SMP_ENC_KEY_SIZE; 1628b5ae344dSJohan Hedberg 1629b5ae344dSJohan Hedberg /* Clear bits which are generated but not distributed */ 1630b5ae344dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 1631b5ae344dSJohan Hedberg 1632b5ae344dSJohan Hedberg smp->prsp[0] = SMP_CMD_PAIRING_RSP; 1633b5ae344dSJohan Hedberg memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1634b5ae344dSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 1635b5ae344dSJohan Hedberg 1636b5ae344dSJohan Hedberg smp_distribute_keys(smp); 1637b5ae344dSJohan Hedberg return 0; 1638b5ae344dSJohan Hedberg } 1639b5ae344dSJohan Hedberg 16405e3d3d9bSJohan Hedberg build_pairing_cmd(conn, req, &rsp, auth); 16415e3d3d9bSJohan Hedberg 16425e3d3d9bSJohan Hedberg if (rsp.auth_req & SMP_AUTH_SC) 16435e3d3d9bSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 16445e3d3d9bSJohan Hedberg 16455be5e275SJohan Hedberg if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 16461afc2a1aSJohan Hedberg sec_level = BT_SECURITY_MEDIUM; 16471afc2a1aSJohan Hedberg else 1648c7262e71SJohan Hedberg sec_level = authreq_to_seclevel(auth); 16491afc2a1aSJohan Hedberg 1650c7262e71SJohan Hedberg if (sec_level > conn->hcon->pending_sec_level) 1651c7262e71SJohan Hedberg conn->hcon->pending_sec_level = sec_level; 1652fdde0a26SIdo Yariv 165349c922bbSStephen Hemminger /* If we need MITM check that it can be achieved */ 16542ed8f65cSJohan Hedberg if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 16552ed8f65cSJohan Hedberg u8 method; 16562ed8f65cSJohan Hedberg 16572ed8f65cSJohan Hedberg method = get_auth_method(smp, conn->hcon->io_capability, 16582ed8f65cSJohan Hedberg req->io_capability); 16592ed8f65cSJohan Hedberg if (method == JUST_WORKS || method == JUST_CFM) 16602ed8f65cSJohan Hedberg return SMP_AUTH_REQUIREMENTS; 16612ed8f65cSJohan Hedberg } 16622ed8f65cSJohan Hedberg 16633158c50cSVinicius Costa Gomes key_size = min(req->max_key_size, rsp.max_key_size); 16643158c50cSVinicius Costa Gomes if (check_enc_key_size(conn, key_size)) 16653158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 166688ba43b6SAnderson Briglia 1667e84a6b13SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 16688aab4757SVinicius Costa Gomes 16691c1def09SVinicius Costa Gomes smp->prsp[0] = SMP_CMD_PAIRING_RSP; 16701c1def09SVinicius Costa Gomes memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1671f01ead31SAnderson Briglia 16723158c50cSVinicius Costa Gomes smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 16733b19146dSJohan Hedberg 16743b19146dSJohan Hedberg clear_bit(SMP_FLAG_INITIATOR, &smp->flags); 16753b19146dSJohan Hedberg 16763b19146dSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 16773b19146dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); 16783b19146dSJohan Hedberg /* Clear bits which are generated but not distributed */ 16793b19146dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 16803b19146dSJohan Hedberg /* Wait for Public Key from Initiating Device */ 16813b19146dSJohan Hedberg return 0; 16823b19146dSJohan Hedberg } else { 1683b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 16843b19146dSJohan Hedberg } 1685da85e5e5SVinicius Costa Gomes 16862b64d153SBrian Gix /* Request setup of TK */ 16872b64d153SBrian Gix ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 16882b64d153SBrian Gix if (ret) 16892b64d153SBrian Gix return SMP_UNSPECIFIED; 16902b64d153SBrian Gix 1691da85e5e5SVinicius Costa Gomes return 0; 169288ba43b6SAnderson Briglia } 169388ba43b6SAnderson Briglia 16943b19146dSJohan Hedberg static u8 sc_send_public_key(struct smp_chan *smp) 16953b19146dSJohan Hedberg { 169670157ef5SJohan Hedberg struct hci_dev *hdev = smp->conn->hcon->hdev; 169770157ef5SJohan Hedberg 16983b19146dSJohan Hedberg BT_DBG(""); 16993b19146dSJohan Hedberg 170070157ef5SJohan Hedberg if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) { 170170157ef5SJohan Hedberg BT_DBG("Using debug keys"); 170270157ef5SJohan Hedberg memcpy(smp->local_pk, debug_pk, 64); 170370157ef5SJohan Hedberg memcpy(smp->local_sk, debug_sk, 32); 170470157ef5SJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 170570157ef5SJohan Hedberg } else { 17066c0dcc50SJohan Hedberg while (true) { 17073b19146dSJohan Hedberg /* Generate local key pair for Secure Connections */ 17083b19146dSJohan Hedberg if (!ecc_make_key(smp->local_pk, smp->local_sk)) 17093b19146dSJohan Hedberg return SMP_UNSPECIFIED; 17103b19146dSJohan Hedberg 171170157ef5SJohan Hedberg /* This is unlikely, but we need to check that 171270157ef5SJohan Hedberg * we didn't accidentially generate a debug key. 17136c0dcc50SJohan Hedberg */ 17146c0dcc50SJohan Hedberg if (memcmp(smp->local_sk, debug_sk, 32)) 17156c0dcc50SJohan Hedberg break; 17166c0dcc50SJohan Hedberg } 171770157ef5SJohan Hedberg } 17186c0dcc50SJohan Hedberg 17193b19146dSJohan Hedberg BT_DBG("Local Public Key X: %32phN", smp->local_pk); 17203b19146dSJohan Hedberg BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]); 17213b19146dSJohan Hedberg BT_DBG("Local Private Key: %32phN", smp->local_sk); 17223b19146dSJohan Hedberg 17233b19146dSJohan Hedberg smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); 17243b19146dSJohan Hedberg 17253b19146dSJohan Hedberg return 0; 17263b19146dSJohan Hedberg } 17273b19146dSJohan Hedberg 1728da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 172988ba43b6SAnderson Briglia { 17303158c50cSVinicius Costa Gomes struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 17315d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 17325d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 17330edb14deSJohan Hedberg struct hci_dev *hdev = conn->hcon->hdev; 17343a7dbfb8SJohan Hedberg u8 key_size, auth; 17357d24ddccSAnderson Briglia int ret; 173688ba43b6SAnderson Briglia 173788ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 173888ba43b6SAnderson Briglia 1739c46b98beSJohan Hedberg if (skb->len < sizeof(*rsp)) 174038e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1741c46b98beSJohan Hedberg 174240bef302SJohan Hedberg if (conn->hcon->role != HCI_ROLE_MASTER) 17432b64d153SBrian Gix return SMP_CMD_NOTSUPP; 17442b64d153SBrian Gix 17453158c50cSVinicius Costa Gomes skb_pull(skb, sizeof(*rsp)); 1746da85e5e5SVinicius Costa Gomes 17471c1def09SVinicius Costa Gomes req = (void *) &smp->preq[1]; 17483158c50cSVinicius Costa Gomes 17493158c50cSVinicius Costa Gomes key_size = min(req->max_key_size, rsp->max_key_size); 17503158c50cSVinicius Costa Gomes if (check_enc_key_size(conn, key_size)) 17513158c50cSVinicius Costa Gomes return SMP_ENC_KEY_SIZE; 17523158c50cSVinicius Costa Gomes 17530edb14deSJohan Hedberg auth = rsp->auth_req & AUTH_REQ_MASK(hdev); 1754c05b9339SJohan Hedberg 1755b5ae344dSJohan Hedberg smp->prsp[0] = SMP_CMD_PAIRING_RSP; 1756b5ae344dSJohan Hedberg memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 1757b5ae344dSJohan Hedberg 1758b5ae344dSJohan Hedberg /* Update remote key distribution in case the remote cleared 1759b5ae344dSJohan Hedberg * some bits that we had enabled in our request. 1760b5ae344dSJohan Hedberg */ 1761b5ae344dSJohan Hedberg smp->remote_key_dist &= rsp->resp_key_dist; 1762b5ae344dSJohan Hedberg 1763b5ae344dSJohan Hedberg /* For BR/EDR this means we're done and can start phase 3 */ 1764b5ae344dSJohan Hedberg if (conn->hcon->type == ACL_LINK) { 1765b5ae344dSJohan Hedberg /* Clear bits which are generated but not distributed */ 1766b5ae344dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 1767b5ae344dSJohan Hedberg smp_distribute_keys(smp); 1768b5ae344dSJohan Hedberg return 0; 1769b5ae344dSJohan Hedberg } 1770b5ae344dSJohan Hedberg 177165668776SJohan Hedberg if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC)) 177265668776SJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 1773d2eb9e10SJohan Hedberg else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH) 1774d2eb9e10SJohan Hedberg conn->hcon->pending_sec_level = BT_SECURITY_HIGH; 177565668776SJohan Hedberg 177649c922bbSStephen Hemminger /* If we need MITM check that it can be achieved */ 17772ed8f65cSJohan Hedberg if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 17782ed8f65cSJohan Hedberg u8 method; 17792ed8f65cSJohan Hedberg 17802ed8f65cSJohan Hedberg method = get_auth_method(smp, req->io_capability, 17812ed8f65cSJohan Hedberg rsp->io_capability); 17822ed8f65cSJohan Hedberg if (method == JUST_WORKS || method == JUST_CFM) 17832ed8f65cSJohan Hedberg return SMP_AUTH_REQUIREMENTS; 17842ed8f65cSJohan Hedberg } 17852ed8f65cSJohan Hedberg 1786e84a6b13SJohan Hedberg get_random_bytes(smp->prnd, sizeof(smp->prnd)); 17877d24ddccSAnderson Briglia 1788fdcc4becSJohan Hedberg /* Update remote key distribution in case the remote cleared 1789fdcc4becSJohan Hedberg * some bits that we had enabled in our request. 1790fdcc4becSJohan Hedberg */ 1791fdcc4becSJohan Hedberg smp->remote_key_dist &= rsp->resp_key_dist; 1792fdcc4becSJohan Hedberg 17933b19146dSJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) { 17943b19146dSJohan Hedberg /* Clear bits which are generated but not distributed */ 17953b19146dSJohan Hedberg smp->remote_key_dist &= ~SMP_SC_NO_DIST; 17963b19146dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY); 17973b19146dSJohan Hedberg return sc_send_public_key(smp); 17983b19146dSJohan Hedberg } 17993b19146dSJohan Hedberg 1800c05b9339SJohan Hedberg auth |= req->auth_req; 18012b64d153SBrian Gix 1802476585ecSJohan Hedberg ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 18032b64d153SBrian Gix if (ret) 18042b64d153SBrian Gix return SMP_UNSPECIFIED; 18052b64d153SBrian Gix 18064a74d658SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 18072b64d153SBrian Gix 18082b64d153SBrian Gix /* Can't compose response until we have been confirmed */ 18094a74d658SJohan Hedberg if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 18101cc61144SJohan Hedberg return smp_confirm(smp); 1811da85e5e5SVinicius Costa Gomes 1812da85e5e5SVinicius Costa Gomes return 0; 181388ba43b6SAnderson Briglia } 181488ba43b6SAnderson Briglia 1815dcee2b32SJohan Hedberg static u8 sc_check_confirm(struct smp_chan *smp) 1816dcee2b32SJohan Hedberg { 1817dcee2b32SJohan Hedberg struct l2cap_conn *conn = smp->conn; 1818dcee2b32SJohan Hedberg 1819dcee2b32SJohan Hedberg BT_DBG(""); 1820dcee2b32SJohan Hedberg 1821dcee2b32SJohan Hedberg /* Public Key exchange must happen before any other steps */ 1822dcee2b32SJohan Hedberg if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags)) 1823dcee2b32SJohan Hedberg return SMP_UNSPECIFIED; 1824dcee2b32SJohan Hedberg 182538606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 182638606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM); 182738606f14SJohan Hedberg 1828dcee2b32SJohan Hedberg if (conn->hcon->out) { 1829dcee2b32SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1830dcee2b32SJohan Hedberg smp->prnd); 1831dcee2b32SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 1832dcee2b32SJohan Hedberg } 1833dcee2b32SJohan Hedberg 1834dcee2b32SJohan Hedberg return 0; 1835dcee2b32SJohan Hedberg } 1836dcee2b32SJohan Hedberg 1837da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 183888ba43b6SAnderson Briglia { 18395d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 18405d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 18417d24ddccSAnderson Briglia 184288ba43b6SAnderson Briglia BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 184388ba43b6SAnderson Briglia 1844c46b98beSJohan Hedberg if (skb->len < sizeof(smp->pcnf)) 184538e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1846c46b98beSJohan Hedberg 18471c1def09SVinicius Costa Gomes memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 18481c1def09SVinicius Costa Gomes skb_pull(skb, sizeof(smp->pcnf)); 18497d24ddccSAnderson Briglia 1850dcee2b32SJohan Hedberg if (test_bit(SMP_FLAG_SC, &smp->flags)) 1851dcee2b32SJohan Hedberg return sc_check_confirm(smp); 1852dcee2b32SJohan Hedberg 1853b28b4943SJohan Hedberg if (conn->hcon->out) { 1854943a732aSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1855943a732aSJohan Hedberg smp->prnd); 1856b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 1857b28b4943SJohan Hedberg return 0; 1858b28b4943SJohan Hedberg } 1859b28b4943SJohan Hedberg 1860b28b4943SJohan Hedberg if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 18611cc61144SJohan Hedberg return smp_confirm(smp); 1862943a732aSJohan Hedberg else 18634a74d658SJohan Hedberg set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 1864da85e5e5SVinicius Costa Gomes 1865da85e5e5SVinicius Costa Gomes return 0; 186688ba43b6SAnderson Briglia } 186788ba43b6SAnderson Briglia 1868da85e5e5SVinicius Costa Gomes static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 186988ba43b6SAnderson Briglia { 18705d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 18715d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 1872191dc7feSJohan Hedberg struct hci_conn *hcon = conn->hcon; 1873191dc7feSJohan Hedberg u8 *pkax, *pkbx, *na, *nb; 1874191dc7feSJohan Hedberg u32 passkey; 1875191dc7feSJohan Hedberg int err; 18767d24ddccSAnderson Briglia 18778aab4757SVinicius Costa Gomes BT_DBG("conn %p", conn); 18787d24ddccSAnderson Briglia 1879c46b98beSJohan Hedberg if (skb->len < sizeof(smp->rrnd)) 188038e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 1881c46b98beSJohan Hedberg 1882943a732aSJohan Hedberg memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 18838aab4757SVinicius Costa Gomes skb_pull(skb, sizeof(smp->rrnd)); 188488ba43b6SAnderson Briglia 1885191dc7feSJohan Hedberg if (!test_bit(SMP_FLAG_SC, &smp->flags)) 1886861580a9SJohan Hedberg return smp_random(smp); 1887191dc7feSJohan Hedberg 188838606f14SJohan Hedberg /* Passkey entry has special treatment */ 188938606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 189038606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM); 189138606f14SJohan Hedberg 1892191dc7feSJohan Hedberg if (hcon->out) { 1893191dc7feSJohan Hedberg u8 cfm[16]; 1894191dc7feSJohan Hedberg 1895191dc7feSJohan Hedberg err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk, 1896191dc7feSJohan Hedberg smp->rrnd, 0, cfm); 1897191dc7feSJohan Hedberg if (err) 1898191dc7feSJohan Hedberg return SMP_UNSPECIFIED; 1899191dc7feSJohan Hedberg 1900191dc7feSJohan Hedberg if (memcmp(smp->pcnf, cfm, 16)) 1901191dc7feSJohan Hedberg return SMP_CONFIRM_FAILED; 1902191dc7feSJohan Hedberg 1903191dc7feSJohan Hedberg pkax = smp->local_pk; 1904191dc7feSJohan Hedberg pkbx = smp->remote_pk; 1905191dc7feSJohan Hedberg na = smp->prnd; 1906191dc7feSJohan Hedberg nb = smp->rrnd; 1907191dc7feSJohan Hedberg } else { 1908191dc7feSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1909191dc7feSJohan Hedberg smp->prnd); 1910191dc7feSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1911191dc7feSJohan Hedberg 1912191dc7feSJohan Hedberg pkax = smp->remote_pk; 1913191dc7feSJohan Hedberg pkbx = smp->local_pk; 1914191dc7feSJohan Hedberg na = smp->rrnd; 1915191dc7feSJohan Hedberg nb = smp->prnd; 1916191dc7feSJohan Hedberg } 1917191dc7feSJohan Hedberg 1918760b018bSJohan Hedberg /* Generate MacKey and LTK */ 1919760b018bSJohan Hedberg err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk); 1920760b018bSJohan Hedberg if (err) 1921760b018bSJohan Hedberg return SMP_UNSPECIFIED; 1922760b018bSJohan Hedberg 1923dddd3059SJohan Hedberg if (smp->method == JUST_WORKS) { 1924dddd3059SJohan Hedberg if (hcon->out) { 192538606f14SJohan Hedberg sc_dhkey_check(smp); 1926dddd3059SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK); 1927dddd3059SJohan Hedberg } 1928dddd3059SJohan Hedberg return 0; 1929dddd3059SJohan Hedberg } 1930dddd3059SJohan Hedberg 193138606f14SJohan Hedberg err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey); 1932191dc7feSJohan Hedberg if (err) 1933191dc7feSJohan Hedberg return SMP_UNSPECIFIED; 1934191dc7feSJohan Hedberg 193538606f14SJohan Hedberg err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type, 193638606f14SJohan Hedberg hcon->dst_type, passkey, 0); 193738606f14SJohan Hedberg if (err) 193838606f14SJohan Hedberg return SMP_UNSPECIFIED; 193938606f14SJohan Hedberg 194038606f14SJohan Hedberg set_bit(SMP_FLAG_WAIT_USER, &smp->flags); 194138606f14SJohan Hedberg 1942191dc7feSJohan Hedberg return 0; 194388ba43b6SAnderson Briglia } 194488ba43b6SAnderson Briglia 1945f81cd823SMarcel Holtmann static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 1946988c5997SVinicius Costa Gomes { 1947c9839a11SVinicius Costa Gomes struct smp_ltk *key; 1948988c5997SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 1949988c5997SVinicius Costa Gomes 1950f3a73d97SJohan Hedberg key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role); 1951988c5997SVinicius Costa Gomes if (!key) 1952f81cd823SMarcel Holtmann return false; 1953988c5997SVinicius Costa Gomes 1954a6f7833cSJohan Hedberg if (smp_ltk_sec_level(key) < sec_level) 1955f81cd823SMarcel Holtmann return false; 19564dab7864SJohan Hedberg 195751a8efd7SJohan Hedberg if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 1958f81cd823SMarcel Holtmann return true; 1959988c5997SVinicius Costa Gomes 1960c9839a11SVinicius Costa Gomes hci_le_start_enc(hcon, key->ediv, key->rand, key->val); 1961c9839a11SVinicius Costa Gomes hcon->enc_key_size = key->enc_size; 1962988c5997SVinicius Costa Gomes 1963fe59a05fSJohan Hedberg /* We never store STKs for master role, so clear this flag */ 1964fe59a05fSJohan Hedberg clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 1965fe59a05fSJohan Hedberg 1966f81cd823SMarcel Holtmann return true; 1967988c5997SVinicius Costa Gomes } 1968f1560463SMarcel Holtmann 196935dc6f83SJohan Hedberg bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level, 197035dc6f83SJohan Hedberg enum smp_key_pref key_pref) 1971854f4727SJohan Hedberg { 1972854f4727SJohan Hedberg if (sec_level == BT_SECURITY_LOW) 1973854f4727SJohan Hedberg return true; 1974854f4727SJohan Hedberg 197535dc6f83SJohan Hedberg /* If we're encrypted with an STK but the caller prefers using 197635dc6f83SJohan Hedberg * LTK claim insufficient security. This way we allow the 197735dc6f83SJohan Hedberg * connection to be re-encrypted with an LTK, even if the LTK 197835dc6f83SJohan Hedberg * provides the same level of security. Only exception is if we 197935dc6f83SJohan Hedberg * don't have an LTK (e.g. because of key distribution bits). 19809ab65d60SJohan Hedberg */ 198135dc6f83SJohan Hedberg if (key_pref == SMP_USE_LTK && 198235dc6f83SJohan Hedberg test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && 1983f3a73d97SJohan Hedberg hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role)) 19849ab65d60SJohan Hedberg return false; 19859ab65d60SJohan Hedberg 1986854f4727SJohan Hedberg if (hcon->sec_level >= sec_level) 1987854f4727SJohan Hedberg return true; 1988854f4727SJohan Hedberg 1989854f4727SJohan Hedberg return false; 1990854f4727SJohan Hedberg } 1991854f4727SJohan Hedberg 1992da85e5e5SVinicius Costa Gomes static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) 199388ba43b6SAnderson Briglia { 199488ba43b6SAnderson Briglia struct smp_cmd_security_req *rp = (void *) skb->data; 199588ba43b6SAnderson Briglia struct smp_cmd_pairing cp; 1996f1cb9af5SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 19970edb14deSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 19988aab4757SVinicius Costa Gomes struct smp_chan *smp; 1999c05b9339SJohan Hedberg u8 sec_level, auth; 200088ba43b6SAnderson Briglia 200188ba43b6SAnderson Briglia BT_DBG("conn %p", conn); 200288ba43b6SAnderson Briglia 2003c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 200438e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2005c46b98beSJohan Hedberg 200640bef302SJohan Hedberg if (hcon->role != HCI_ROLE_MASTER) 200786ca9eacSJohan Hedberg return SMP_CMD_NOTSUPP; 200886ca9eacSJohan Hedberg 20090edb14deSJohan Hedberg auth = rp->auth_req & AUTH_REQ_MASK(hdev); 2010c05b9339SJohan Hedberg 20115be5e275SJohan Hedberg if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 20121afc2a1aSJohan Hedberg sec_level = BT_SECURITY_MEDIUM; 20131afc2a1aSJohan Hedberg else 2014c05b9339SJohan Hedberg sec_level = authreq_to_seclevel(auth); 20151afc2a1aSJohan Hedberg 201635dc6f83SJohan Hedberg if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) 2017854f4727SJohan Hedberg return 0; 2018854f4727SJohan Hedberg 2019c7262e71SJohan Hedberg if (sec_level > hcon->pending_sec_level) 2020c7262e71SJohan Hedberg hcon->pending_sec_level = sec_level; 2021feb45eb5SVinicius Costa Gomes 20224dab7864SJohan Hedberg if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2023988c5997SVinicius Costa Gomes return 0; 2024988c5997SVinicius Costa Gomes 20258aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 2026c29d2444SJohan Hedberg if (!smp) 2027c29d2444SJohan Hedberg return SMP_UNSPECIFIED; 2028d26a2345SVinicius Costa Gomes 2029b6ae8457SJohan Hedberg if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) && 2030c05b9339SJohan Hedberg (auth & SMP_AUTH_BONDING)) 2031616d55beSJohan Hedberg return SMP_PAIRING_NOTSUPP; 2032616d55beSJohan Hedberg 203388ba43b6SAnderson Briglia skb_pull(skb, sizeof(*rp)); 203488ba43b6SAnderson Briglia 2035da85e5e5SVinicius Costa Gomes memset(&cp, 0, sizeof(cp)); 2036c05b9339SJohan Hedberg build_pairing_cmd(conn, &cp, NULL, auth); 203788ba43b6SAnderson Briglia 20381c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 20391c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], &cp, sizeof(cp)); 2040f01ead31SAnderson Briglia 204188ba43b6SAnderson Briglia smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 2042b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2043f1cb9af5SVinicius Costa Gomes 2044da85e5e5SVinicius Costa Gomes return 0; 204588ba43b6SAnderson Briglia } 204688ba43b6SAnderson Briglia 2047cc110922SVinicius Costa Gomes int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) 2048eb492e01SAnderson Briglia { 2049cc110922SVinicius Costa Gomes struct l2cap_conn *conn = hcon->l2cap_data; 2050c68b7f12SJohan Hedberg struct l2cap_chan *chan; 20510a66cf20SJohan Hedberg struct smp_chan *smp; 20522b64d153SBrian Gix __u8 authreq; 2053fc75cc86SJohan Hedberg int ret; 2054eb492e01SAnderson Briglia 20553a0259bbSVinicius Costa Gomes BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 20563a0259bbSVinicius Costa Gomes 20570a66cf20SJohan Hedberg /* This may be NULL if there's an unexpected disconnection */ 20580a66cf20SJohan Hedberg if (!conn) 20590a66cf20SJohan Hedberg return 1; 20600a66cf20SJohan Hedberg 2061c68b7f12SJohan Hedberg chan = conn->smp; 2062c68b7f12SJohan Hedberg 2063757aee0fSJohan Hedberg if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 20642e65c9d2SAndre Guedes return 1; 20652e65c9d2SAndre Guedes 206635dc6f83SJohan Hedberg if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) 2067f1cb9af5SVinicius Costa Gomes return 1; 2068f1cb9af5SVinicius Costa Gomes 2069c7262e71SJohan Hedberg if (sec_level > hcon->pending_sec_level) 2070c7262e71SJohan Hedberg hcon->pending_sec_level = sec_level; 2071c7262e71SJohan Hedberg 207240bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) 2073c7262e71SJohan Hedberg if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 2074c7262e71SJohan Hedberg return 0; 2075d26a2345SVinicius Costa Gomes 2076fc75cc86SJohan Hedberg l2cap_chan_lock(chan); 2077fc75cc86SJohan Hedberg 2078fc75cc86SJohan Hedberg /* If SMP is already in progress ignore this request */ 2079fc75cc86SJohan Hedberg if (chan->data) { 2080fc75cc86SJohan Hedberg ret = 0; 2081fc75cc86SJohan Hedberg goto unlock; 2082fc75cc86SJohan Hedberg } 2083d26a2345SVinicius Costa Gomes 20848aab4757SVinicius Costa Gomes smp = smp_chan_create(conn); 2085fc75cc86SJohan Hedberg if (!smp) { 2086fc75cc86SJohan Hedberg ret = 1; 2087fc75cc86SJohan Hedberg goto unlock; 2088fc75cc86SJohan Hedberg } 20892b64d153SBrian Gix 20902b64d153SBrian Gix authreq = seclevel_to_authreq(sec_level); 2091d26a2345SVinicius Costa Gomes 2092d2eb9e10SJohan Hedberg if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags)) 2093d2eb9e10SJohan Hedberg authreq |= SMP_AUTH_SC; 2094d2eb9e10SJohan Hedberg 209579897d20SJohan Hedberg /* Require MITM if IO Capability allows or the security level 209679897d20SJohan Hedberg * requires it. 20972e233644SJohan Hedberg */ 209879897d20SJohan Hedberg if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || 2099c7262e71SJohan Hedberg hcon->pending_sec_level > BT_SECURITY_MEDIUM) 21002e233644SJohan Hedberg authreq |= SMP_AUTH_MITM; 21012e233644SJohan Hedberg 210240bef302SJohan Hedberg if (hcon->role == HCI_ROLE_MASTER) { 2103d26a2345SVinicius Costa Gomes struct smp_cmd_pairing cp; 2104f01ead31SAnderson Briglia 21052b64d153SBrian Gix build_pairing_cmd(conn, &cp, NULL, authreq); 21061c1def09SVinicius Costa Gomes smp->preq[0] = SMP_CMD_PAIRING_REQ; 21071c1def09SVinicius Costa Gomes memcpy(&smp->preq[1], &cp, sizeof(cp)); 2108f01ead31SAnderson Briglia 2109eb492e01SAnderson Briglia smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 2110b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2111eb492e01SAnderson Briglia } else { 2112eb492e01SAnderson Briglia struct smp_cmd_security_req cp; 21132b64d153SBrian Gix cp.auth_req = authreq; 2114eb492e01SAnderson Briglia smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 2115b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ); 2116eb492e01SAnderson Briglia } 2117eb492e01SAnderson Briglia 21184a74d658SJohan Hedberg set_bit(SMP_FLAG_INITIATOR, &smp->flags); 2119fc75cc86SJohan Hedberg ret = 0; 2120edca792cSJohan Hedberg 2121fc75cc86SJohan Hedberg unlock: 2122fc75cc86SJohan Hedberg l2cap_chan_unlock(chan); 2123fc75cc86SJohan Hedberg return ret; 2124eb492e01SAnderson Briglia } 2125eb492e01SAnderson Briglia 21267034b911SVinicius Costa Gomes static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) 21277034b911SVinicius Costa Gomes { 212816b90839SVinicius Costa Gomes struct smp_cmd_encrypt_info *rp = (void *) skb->data; 21295d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 21305d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 213116b90839SVinicius Costa Gomes 2132c46b98beSJohan Hedberg BT_DBG("conn %p", conn); 2133c46b98beSJohan Hedberg 2134c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 213538e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2136c46b98beSJohan Hedberg 2137b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT); 21386131ddc8SJohan Hedberg 213916b90839SVinicius Costa Gomes skb_pull(skb, sizeof(*rp)); 214016b90839SVinicius Costa Gomes 21411c1def09SVinicius Costa Gomes memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); 214216b90839SVinicius Costa Gomes 21437034b911SVinicius Costa Gomes return 0; 21447034b911SVinicius Costa Gomes } 21457034b911SVinicius Costa Gomes 21467034b911SVinicius Costa Gomes static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) 21477034b911SVinicius Costa Gomes { 214816b90839SVinicius Costa Gomes struct smp_cmd_master_ident *rp = (void *) skb->data; 21495d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 21505d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2151c9839a11SVinicius Costa Gomes struct hci_dev *hdev = conn->hcon->hdev; 2152c9839a11SVinicius Costa Gomes struct hci_conn *hcon = conn->hcon; 215323d0e128SJohan Hedberg struct smp_ltk *ltk; 2154c9839a11SVinicius Costa Gomes u8 authenticated; 21557034b911SVinicius Costa Gomes 2156c46b98beSJohan Hedberg BT_DBG("conn %p", conn); 2157c46b98beSJohan Hedberg 2158c46b98beSJohan Hedberg if (skb->len < sizeof(*rp)) 215938e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2160c46b98beSJohan Hedberg 21619747a9f3SJohan Hedberg /* Mark the information as received */ 21629747a9f3SJohan Hedberg smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; 21639747a9f3SJohan Hedberg 2164b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_ID_KEY) 2165b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO); 2166196332f5SJohan Hedberg else if (smp->remote_key_dist & SMP_DIST_SIGN) 2167196332f5SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 2168b28b4943SJohan Hedberg 216916b90839SVinicius Costa Gomes skb_pull(skb, sizeof(*rp)); 217016b90839SVinicius Costa Gomes 2171ce39fb4eSMarcel Holtmann authenticated = (hcon->sec_level == BT_SECURITY_HIGH); 21722ceba539SJohan Hedberg ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK, 2173ce39fb4eSMarcel Holtmann authenticated, smp->tk, smp->enc_key_size, 217404124681SGustavo F. Padovan rp->ediv, rp->rand); 217523d0e128SJohan Hedberg smp->ltk = ltk; 2176c6e81e9aSJohan Hedberg if (!(smp->remote_key_dist & KEY_DIST_MASK)) 2177d6268e86SJohan Hedberg smp_distribute_keys(smp); 21787034b911SVinicius Costa Gomes 21797034b911SVinicius Costa Gomes return 0; 21807034b911SVinicius Costa Gomes } 21817034b911SVinicius Costa Gomes 2182fd349c02SJohan Hedberg static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb) 2183fd349c02SJohan Hedberg { 2184fd349c02SJohan Hedberg struct smp_cmd_ident_info *info = (void *) skb->data; 21855d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 21865d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2187fd349c02SJohan Hedberg 2188fd349c02SJohan Hedberg BT_DBG(""); 2189fd349c02SJohan Hedberg 2190fd349c02SJohan Hedberg if (skb->len < sizeof(*info)) 219138e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2192fd349c02SJohan Hedberg 2193b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO); 21946131ddc8SJohan Hedberg 2195fd349c02SJohan Hedberg skb_pull(skb, sizeof(*info)); 2196fd349c02SJohan Hedberg 2197fd349c02SJohan Hedberg memcpy(smp->irk, info->irk, 16); 2198fd349c02SJohan Hedberg 2199fd349c02SJohan Hedberg return 0; 2200fd349c02SJohan Hedberg } 2201fd349c02SJohan Hedberg 2202fd349c02SJohan Hedberg static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, 2203fd349c02SJohan Hedberg struct sk_buff *skb) 2204fd349c02SJohan Hedberg { 2205fd349c02SJohan Hedberg struct smp_cmd_ident_addr_info *info = (void *) skb->data; 22065d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 22075d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 2208fd349c02SJohan Hedberg struct hci_conn *hcon = conn->hcon; 2209fd349c02SJohan Hedberg bdaddr_t rpa; 2210fd349c02SJohan Hedberg 2211fd349c02SJohan Hedberg BT_DBG(""); 2212fd349c02SJohan Hedberg 2213fd349c02SJohan Hedberg if (skb->len < sizeof(*info)) 221438e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 2215fd349c02SJohan Hedberg 22169747a9f3SJohan Hedberg /* Mark the information as received */ 22179747a9f3SJohan Hedberg smp->remote_key_dist &= ~SMP_DIST_ID_KEY; 22189747a9f3SJohan Hedberg 2219b28b4943SJohan Hedberg if (smp->remote_key_dist & SMP_DIST_SIGN) 2220b28b4943SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 2221b28b4943SJohan Hedberg 2222fd349c02SJohan Hedberg skb_pull(skb, sizeof(*info)); 2223fd349c02SJohan Hedberg 2224a9a58f86SJohan Hedberg /* Strictly speaking the Core Specification (4.1) allows sending 2225a9a58f86SJohan Hedberg * an empty address which would force us to rely on just the IRK 2226a9a58f86SJohan Hedberg * as "identity information". However, since such 2227a9a58f86SJohan Hedberg * implementations are not known of and in order to not over 2228a9a58f86SJohan Hedberg * complicate our implementation, simply pretend that we never 2229a9a58f86SJohan Hedberg * received an IRK for such a device. 2230a9a58f86SJohan Hedberg */ 2231a9a58f86SJohan Hedberg if (!bacmp(&info->bdaddr, BDADDR_ANY)) { 2232a9a58f86SJohan Hedberg BT_ERR("Ignoring IRK with no identity address"); 223331dd624eSJohan Hedberg goto distribute; 2234a9a58f86SJohan Hedberg } 2235a9a58f86SJohan Hedberg 2236fd349c02SJohan Hedberg bacpy(&smp->id_addr, &info->bdaddr); 2237fd349c02SJohan Hedberg smp->id_addr_type = info->addr_type; 2238fd349c02SJohan Hedberg 2239fd349c02SJohan Hedberg if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) 2240fd349c02SJohan Hedberg bacpy(&rpa, &hcon->dst); 2241fd349c02SJohan Hedberg else 2242fd349c02SJohan Hedberg bacpy(&rpa, BDADDR_ANY); 2243fd349c02SJohan Hedberg 224423d0e128SJohan Hedberg smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, 224523d0e128SJohan Hedberg smp->id_addr_type, smp->irk, &rpa); 2246fd349c02SJohan Hedberg 224731dd624eSJohan Hedberg distribute: 2248c6e81e9aSJohan Hedberg if (!(smp->remote_key_dist & KEY_DIST_MASK)) 2249d6268e86SJohan Hedberg smp_distribute_keys(smp); 2250fd349c02SJohan Hedberg 2251fd349c02SJohan Hedberg return 0; 2252fd349c02SJohan Hedberg } 2253fd349c02SJohan Hedberg 22547ee4ea36SMarcel Holtmann static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb) 22557ee4ea36SMarcel Holtmann { 22567ee4ea36SMarcel Holtmann struct smp_cmd_sign_info *rp = (void *) skb->data; 22575d88cc73SJohan Hedberg struct l2cap_chan *chan = conn->smp; 22585d88cc73SJohan Hedberg struct smp_chan *smp = chan->data; 22597ee4ea36SMarcel Holtmann struct smp_csrk *csrk; 22607ee4ea36SMarcel Holtmann 22617ee4ea36SMarcel Holtmann BT_DBG("conn %p", conn); 22627ee4ea36SMarcel Holtmann 22637ee4ea36SMarcel Holtmann if (skb->len < sizeof(*rp)) 226438e4a915SJohan Hedberg return SMP_INVALID_PARAMS; 22657ee4ea36SMarcel Holtmann 22667ee4ea36SMarcel Holtmann /* Mark the information as received */ 22677ee4ea36SMarcel Holtmann smp->remote_key_dist &= ~SMP_DIST_SIGN; 22687ee4ea36SMarcel Holtmann 22697ee4ea36SMarcel Holtmann skb_pull(skb, sizeof(*rp)); 22707ee4ea36SMarcel Holtmann 22717ee4ea36SMarcel Holtmann csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 22727ee4ea36SMarcel Holtmann if (csrk) { 22737ee4ea36SMarcel Holtmann csrk->master = 0x01; 22747ee4ea36SMarcel Holtmann memcpy(csrk->val, rp->csrk, sizeof(csrk->val)); 22757ee4ea36SMarcel Holtmann } 22767ee4ea36SMarcel Holtmann smp->csrk = csrk; 2277d6268e86SJohan Hedberg smp_distribute_keys(smp); 22787ee4ea36SMarcel Holtmann 22797ee4ea36SMarcel Holtmann return 0; 22807ee4ea36SMarcel Holtmann } 22817ee4ea36SMarcel Holtmann 22825e3d3d9bSJohan Hedberg static u8 sc_select_method(struct smp_chan *smp) 22835e3d3d9bSJohan Hedberg { 22845e3d3d9bSJohan Hedberg struct l2cap_conn *conn = smp->conn; 22855e3d3d9bSJohan Hedberg struct hci_conn *hcon = conn->hcon; 22865e3d3d9bSJohan Hedberg struct smp_cmd_pairing *local, *remote; 22875e3d3d9bSJohan Hedberg u8 local_mitm, remote_mitm, local_io, remote_io, method; 22885e3d3d9bSJohan Hedberg 22895e3d3d9bSJohan Hedberg /* The preq/prsp contain the raw Pairing Request/Response PDUs 22905e3d3d9bSJohan Hedberg * which are needed as inputs to some crypto functions. To get 22915e3d3d9bSJohan Hedberg * the "struct smp_cmd_pairing" from them we need to skip the 22925e3d3d9bSJohan Hedberg * first byte which contains the opcode. 22935e3d3d9bSJohan Hedberg */ 22945e3d3d9bSJohan Hedberg if (hcon->out) { 22955e3d3d9bSJohan Hedberg local = (void *) &smp->preq[1]; 22965e3d3d9bSJohan Hedberg remote = (void *) &smp->prsp[1]; 22975e3d3d9bSJohan Hedberg } else { 22985e3d3d9bSJohan Hedberg local = (void *) &smp->prsp[1]; 22995e3d3d9bSJohan Hedberg remote = (void *) &smp->preq[1]; 23005e3d3d9bSJohan Hedberg } 23015e3d3d9bSJohan Hedberg 23025e3d3d9bSJohan Hedberg local_io = local->io_capability; 23035e3d3d9bSJohan Hedberg remote_io = remote->io_capability; 23045e3d3d9bSJohan Hedberg 23055e3d3d9bSJohan Hedberg local_mitm = (local->auth_req & SMP_AUTH_MITM); 23065e3d3d9bSJohan Hedberg remote_mitm = (remote->auth_req & SMP_AUTH_MITM); 23075e3d3d9bSJohan Hedberg 23085e3d3d9bSJohan Hedberg /* If either side wants MITM, look up the method from the table, 23095e3d3d9bSJohan Hedberg * otherwise use JUST WORKS. 23105e3d3d9bSJohan Hedberg */ 23115e3d3d9bSJohan Hedberg if (local_mitm || remote_mitm) 23125e3d3d9bSJohan Hedberg method = get_auth_method(smp, local_io, remote_io); 23135e3d3d9bSJohan Hedberg else 23145e3d3d9bSJohan Hedberg method = JUST_WORKS; 23155e3d3d9bSJohan Hedberg 23165e3d3d9bSJohan Hedberg /* Don't confirm locally initiated pairing attempts */ 23175e3d3d9bSJohan Hedberg if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 23185e3d3d9bSJohan Hedberg method = JUST_WORKS; 23195e3d3d9bSJohan Hedberg 23205e3d3d9bSJohan Hedberg return method; 23215e3d3d9bSJohan Hedberg } 23225e3d3d9bSJohan Hedberg 2323d8f8edbeSJohan Hedberg static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb) 2324d8f8edbeSJohan Hedberg { 2325d8f8edbeSJohan Hedberg struct smp_cmd_public_key *key = (void *) skb->data; 2326d8f8edbeSJohan Hedberg struct hci_conn *hcon = conn->hcon; 2327d8f8edbeSJohan Hedberg struct l2cap_chan *chan = conn->smp; 2328d8f8edbeSJohan Hedberg struct smp_chan *smp = chan->data; 23295e3d3d9bSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 2330cbbbe3e2SJohan Hedberg struct smp_cmd_pairing_confirm cfm; 2331d8f8edbeSJohan Hedberg int err; 2332d8f8edbeSJohan Hedberg 2333d8f8edbeSJohan Hedberg BT_DBG("conn %p", conn); 2334d8f8edbeSJohan Hedberg 2335d8f8edbeSJohan Hedberg if (skb->len < sizeof(*key)) 2336d8f8edbeSJohan Hedberg return SMP_INVALID_PARAMS; 2337d8f8edbeSJohan Hedberg 2338d8f8edbeSJohan Hedberg memcpy(smp->remote_pk, key, 64); 2339d8f8edbeSJohan Hedberg 2340d8f8edbeSJohan Hedberg /* Non-initiating device sends its public key after receiving 2341d8f8edbeSJohan Hedberg * the key from the initiating device. 2342d8f8edbeSJohan Hedberg */ 2343d8f8edbeSJohan Hedberg if (!hcon->out) { 2344d8f8edbeSJohan Hedberg err = sc_send_public_key(smp); 2345d8f8edbeSJohan Hedberg if (err) 2346d8f8edbeSJohan Hedberg return err; 2347d8f8edbeSJohan Hedberg } 2348d8f8edbeSJohan Hedberg 2349d8f8edbeSJohan Hedberg BT_DBG("Remote Public Key X: %32phN", smp->remote_pk); 2350d8f8edbeSJohan Hedberg BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]); 2351d8f8edbeSJohan Hedberg 2352d8f8edbeSJohan Hedberg if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey)) 2353d8f8edbeSJohan Hedberg return SMP_UNSPECIFIED; 2354d8f8edbeSJohan Hedberg 2355d8f8edbeSJohan Hedberg BT_DBG("DHKey %32phN", smp->dhkey); 2356d8f8edbeSJohan Hedberg 2357d8f8edbeSJohan Hedberg set_bit(SMP_FLAG_REMOTE_PK, &smp->flags); 2358d8f8edbeSJohan Hedberg 23595e3d3d9bSJohan Hedberg smp->method = sc_select_method(smp); 23605e3d3d9bSJohan Hedberg 23615e3d3d9bSJohan Hedberg BT_DBG("%s selected method 0x%02x", hdev->name, smp->method); 23625e3d3d9bSJohan Hedberg 23635e3d3d9bSJohan Hedberg /* JUST_WORKS and JUST_CFM result in an unauthenticated key */ 23645e3d3d9bSJohan Hedberg if (smp->method == JUST_WORKS || smp->method == JUST_CFM) 23655e3d3d9bSJohan Hedberg hcon->pending_sec_level = BT_SECURITY_MEDIUM; 23665e3d3d9bSJohan Hedberg else 23675e3d3d9bSJohan Hedberg hcon->pending_sec_level = BT_SECURITY_FIPS; 23685e3d3d9bSJohan Hedberg 2369aeb7d461SJohan Hedberg if (!memcmp(debug_pk, smp->remote_pk, 64)) 2370aeb7d461SJohan Hedberg set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); 2371aeb7d461SJohan Hedberg 237238606f14SJohan Hedberg if (smp->method == DSP_PASSKEY) { 237338606f14SJohan Hedberg get_random_bytes(&hcon->passkey_notify, 237438606f14SJohan Hedberg sizeof(hcon->passkey_notify)); 237538606f14SJohan Hedberg hcon->passkey_notify %= 1000000; 237638606f14SJohan Hedberg hcon->passkey_entered = 0; 237738606f14SJohan Hedberg smp->passkey_round = 0; 237838606f14SJohan Hedberg if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type, 237938606f14SJohan Hedberg hcon->dst_type, 238038606f14SJohan Hedberg hcon->passkey_notify, 238138606f14SJohan Hedberg hcon->passkey_entered)) 238238606f14SJohan Hedberg return SMP_UNSPECIFIED; 238338606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 238438606f14SJohan Hedberg return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY); 238538606f14SJohan Hedberg } 238638606f14SJohan Hedberg 238738606f14SJohan Hedberg if (hcon->out) 238838606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 238938606f14SJohan Hedberg 239038606f14SJohan Hedberg if (smp->method == REQ_PASSKEY) { 239138606f14SJohan Hedberg if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type, 239238606f14SJohan Hedberg hcon->dst_type)) 239338606f14SJohan Hedberg return SMP_UNSPECIFIED; 239438606f14SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 239538606f14SJohan Hedberg set_bit(SMP_FLAG_WAIT_USER, &smp->flags); 239638606f14SJohan Hedberg return 0; 239738606f14SJohan Hedberg } 239838606f14SJohan Hedberg 2399cbbbe3e2SJohan Hedberg /* The Initiating device waits for the non-initiating device to 2400cbbbe3e2SJohan Hedberg * send the confirm value. 2401cbbbe3e2SJohan Hedberg */ 2402cbbbe3e2SJohan Hedberg if (conn->hcon->out) 2403cbbbe3e2SJohan Hedberg return 0; 2404cbbbe3e2SJohan Hedberg 2405cbbbe3e2SJohan Hedberg err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, 2406cbbbe3e2SJohan Hedberg 0, cfm.confirm_val); 2407cbbbe3e2SJohan Hedberg if (err) 2408cbbbe3e2SJohan Hedberg return SMP_UNSPECIFIED; 2409cbbbe3e2SJohan Hedberg 2410cbbbe3e2SJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm); 2411cbbbe3e2SJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM); 2412cbbbe3e2SJohan Hedberg 2413d8f8edbeSJohan Hedberg return 0; 2414d8f8edbeSJohan Hedberg } 2415d8f8edbeSJohan Hedberg 24166433a9a2SJohan Hedberg static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb) 24176433a9a2SJohan Hedberg { 24186433a9a2SJohan Hedberg struct smp_cmd_dhkey_check *check = (void *) skb->data; 24196433a9a2SJohan Hedberg struct l2cap_chan *chan = conn->smp; 24206433a9a2SJohan Hedberg struct hci_conn *hcon = conn->hcon; 24216433a9a2SJohan Hedberg struct smp_chan *smp = chan->data; 24226433a9a2SJohan Hedberg u8 a[7], b[7], *local_addr, *remote_addr; 24236433a9a2SJohan Hedberg u8 io_cap[3], r[16], e[16]; 24246433a9a2SJohan Hedberg int err; 24256433a9a2SJohan Hedberg 24266433a9a2SJohan Hedberg BT_DBG("conn %p", conn); 24276433a9a2SJohan Hedberg 24286433a9a2SJohan Hedberg if (skb->len < sizeof(*check)) 24296433a9a2SJohan Hedberg return SMP_INVALID_PARAMS; 24306433a9a2SJohan Hedberg 24316433a9a2SJohan Hedberg memcpy(a, &hcon->init_addr, 6); 24326433a9a2SJohan Hedberg memcpy(b, &hcon->resp_addr, 6); 24336433a9a2SJohan Hedberg a[6] = hcon->init_addr_type; 24346433a9a2SJohan Hedberg b[6] = hcon->resp_addr_type; 24356433a9a2SJohan Hedberg 24366433a9a2SJohan Hedberg if (hcon->out) { 24376433a9a2SJohan Hedberg local_addr = a; 24386433a9a2SJohan Hedberg remote_addr = b; 24396433a9a2SJohan Hedberg memcpy(io_cap, &smp->prsp[1], 3); 24406433a9a2SJohan Hedberg } else { 24416433a9a2SJohan Hedberg local_addr = b; 24426433a9a2SJohan Hedberg remote_addr = a; 24436433a9a2SJohan Hedberg memcpy(io_cap, &smp->preq[1], 3); 24446433a9a2SJohan Hedberg } 24456433a9a2SJohan Hedberg 24466433a9a2SJohan Hedberg memset(r, 0, sizeof(r)); 24476433a9a2SJohan Hedberg 244838606f14SJohan Hedberg if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) 244938606f14SJohan Hedberg put_unaligned_le32(hcon->passkey_notify, r); 245038606f14SJohan Hedberg 24516433a9a2SJohan Hedberg err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, 24526433a9a2SJohan Hedberg io_cap, remote_addr, local_addr, e); 24536433a9a2SJohan Hedberg if (err) 24546433a9a2SJohan Hedberg return SMP_UNSPECIFIED; 24556433a9a2SJohan Hedberg 24566433a9a2SJohan Hedberg if (memcmp(check->e, e, 16)) 24576433a9a2SJohan Hedberg return SMP_DHKEY_CHECK_FAILED; 24586433a9a2SJohan Hedberg 2459d3e54a87SJohan Hedberg if (!hcon->out) { 2460d3e54a87SJohan Hedberg if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) { 2461d3e54a87SJohan Hedberg set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags); 2462d3e54a87SJohan Hedberg return 0; 2463d3e54a87SJohan Hedberg } 2464d378a2d7SJohan Hedberg 2465d3e54a87SJohan Hedberg /* Slave sends DHKey check as response to master */ 2466d3e54a87SJohan Hedberg sc_dhkey_check(smp); 2467d3e54a87SJohan Hedberg } 2468d378a2d7SJohan Hedberg 2469d3e54a87SJohan Hedberg sc_add_ltk(smp); 24706433a9a2SJohan Hedberg 24716433a9a2SJohan Hedberg if (hcon->out) { 24726433a9a2SJohan Hedberg hci_le_start_enc(hcon, 0, 0, smp->tk); 24736433a9a2SJohan Hedberg hcon->enc_key_size = smp->enc_key_size; 24746433a9a2SJohan Hedberg } 24756433a9a2SJohan Hedberg 24766433a9a2SJohan Hedberg return 0; 24776433a9a2SJohan Hedberg } 24786433a9a2SJohan Hedberg 24791408bb6eSJohan Hedberg static int smp_cmd_keypress_notify(struct l2cap_conn *conn, 24801408bb6eSJohan Hedberg struct sk_buff *skb) 24811408bb6eSJohan Hedberg { 24821408bb6eSJohan Hedberg struct smp_cmd_keypress_notify *kp = (void *) skb->data; 24831408bb6eSJohan Hedberg 24841408bb6eSJohan Hedberg BT_DBG("value 0x%02x", kp->value); 24851408bb6eSJohan Hedberg 24861408bb6eSJohan Hedberg return 0; 24871408bb6eSJohan Hedberg } 24881408bb6eSJohan Hedberg 24894befb867SJohan Hedberg static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb) 2490eb492e01SAnderson Briglia { 24915d88cc73SJohan Hedberg struct l2cap_conn *conn = chan->conn; 24927b9899dbSMarcel Holtmann struct hci_conn *hcon = conn->hcon; 2493b28b4943SJohan Hedberg struct smp_chan *smp; 249492381f5cSMarcel Holtmann __u8 code, reason; 2495eb492e01SAnderson Briglia int err = 0; 2496eb492e01SAnderson Briglia 24978ae9b984SJohan Hedberg if (skb->len < 1) 249892381f5cSMarcel Holtmann return -EILSEQ; 249992381f5cSMarcel Holtmann 250006ae3314SMarcel Holtmann if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) { 25012e65c9d2SAndre Guedes reason = SMP_PAIRING_NOTSUPP; 25022e65c9d2SAndre Guedes goto done; 25032e65c9d2SAndre Guedes } 25042e65c9d2SAndre Guedes 250592381f5cSMarcel Holtmann code = skb->data[0]; 2506eb492e01SAnderson Briglia skb_pull(skb, sizeof(code)); 2507eb492e01SAnderson Briglia 2508b28b4943SJohan Hedberg smp = chan->data; 2509b28b4943SJohan Hedberg 2510b28b4943SJohan Hedberg if (code > SMP_CMD_MAX) 2511b28b4943SJohan Hedberg goto drop; 2512b28b4943SJohan Hedberg 251324bd0bd9SJohan Hedberg if (smp && !test_and_clear_bit(code, &smp->allow_cmd)) 2514b28b4943SJohan Hedberg goto drop; 2515b28b4943SJohan Hedberg 2516b28b4943SJohan Hedberg /* If we don't have a context the only allowed commands are 2517b28b4943SJohan Hedberg * pairing request and security request. 25188cf9fa12SJohan Hedberg */ 2519b28b4943SJohan Hedberg if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ) 2520b28b4943SJohan Hedberg goto drop; 25218cf9fa12SJohan Hedberg 2522eb492e01SAnderson Briglia switch (code) { 2523eb492e01SAnderson Briglia case SMP_CMD_PAIRING_REQ: 2524da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_req(conn, skb); 2525eb492e01SAnderson Briglia break; 2526eb492e01SAnderson Briglia 2527eb492e01SAnderson Briglia case SMP_CMD_PAIRING_FAIL: 252884794e11SJohan Hedberg smp_failure(conn, 0); 2529da85e5e5SVinicius Costa Gomes err = -EPERM; 2530eb492e01SAnderson Briglia break; 2531eb492e01SAnderson Briglia 2532eb492e01SAnderson Briglia case SMP_CMD_PAIRING_RSP: 2533da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_rsp(conn, skb); 253488ba43b6SAnderson Briglia break; 253588ba43b6SAnderson Briglia 253688ba43b6SAnderson Briglia case SMP_CMD_SECURITY_REQ: 2537da85e5e5SVinicius Costa Gomes reason = smp_cmd_security_req(conn, skb); 253888ba43b6SAnderson Briglia break; 253988ba43b6SAnderson Briglia 2540eb492e01SAnderson Briglia case SMP_CMD_PAIRING_CONFIRM: 2541da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_confirm(conn, skb); 254288ba43b6SAnderson Briglia break; 254388ba43b6SAnderson Briglia 2544eb492e01SAnderson Briglia case SMP_CMD_PAIRING_RANDOM: 2545da85e5e5SVinicius Costa Gomes reason = smp_cmd_pairing_random(conn, skb); 254688ba43b6SAnderson Briglia break; 254788ba43b6SAnderson Briglia 2548eb492e01SAnderson Briglia case SMP_CMD_ENCRYPT_INFO: 25497034b911SVinicius Costa Gomes reason = smp_cmd_encrypt_info(conn, skb); 25507034b911SVinicius Costa Gomes break; 25517034b911SVinicius Costa Gomes 2552eb492e01SAnderson Briglia case SMP_CMD_MASTER_IDENT: 25537034b911SVinicius Costa Gomes reason = smp_cmd_master_ident(conn, skb); 25547034b911SVinicius Costa Gomes break; 25557034b911SVinicius Costa Gomes 2556eb492e01SAnderson Briglia case SMP_CMD_IDENT_INFO: 2557fd349c02SJohan Hedberg reason = smp_cmd_ident_info(conn, skb); 2558fd349c02SJohan Hedberg break; 2559fd349c02SJohan Hedberg 2560eb492e01SAnderson Briglia case SMP_CMD_IDENT_ADDR_INFO: 2561fd349c02SJohan Hedberg reason = smp_cmd_ident_addr_info(conn, skb); 2562fd349c02SJohan Hedberg break; 2563fd349c02SJohan Hedberg 2564eb492e01SAnderson Briglia case SMP_CMD_SIGN_INFO: 25657ee4ea36SMarcel Holtmann reason = smp_cmd_sign_info(conn, skb); 25667034b911SVinicius Costa Gomes break; 25677034b911SVinicius Costa Gomes 2568d8f8edbeSJohan Hedberg case SMP_CMD_PUBLIC_KEY: 2569d8f8edbeSJohan Hedberg reason = smp_cmd_public_key(conn, skb); 2570d8f8edbeSJohan Hedberg break; 2571d8f8edbeSJohan Hedberg 25726433a9a2SJohan Hedberg case SMP_CMD_DHKEY_CHECK: 25736433a9a2SJohan Hedberg reason = smp_cmd_dhkey_check(conn, skb); 25746433a9a2SJohan Hedberg break; 25756433a9a2SJohan Hedberg 25761408bb6eSJohan Hedberg case SMP_CMD_KEYPRESS_NOTIFY: 25771408bb6eSJohan Hedberg reason = smp_cmd_keypress_notify(conn, skb); 25781408bb6eSJohan Hedberg break; 25791408bb6eSJohan Hedberg 2580eb492e01SAnderson Briglia default: 2581eb492e01SAnderson Briglia BT_DBG("Unknown command code 0x%2.2x", code); 2582eb492e01SAnderson Briglia reason = SMP_CMD_NOTSUPP; 25833a0259bbSVinicius Costa Gomes goto done; 25843a0259bbSVinicius Costa Gomes } 25853a0259bbSVinicius Costa Gomes 25863a0259bbSVinicius Costa Gomes done: 25879b7b18efSJohan Hedberg if (!err) { 25883a0259bbSVinicius Costa Gomes if (reason) 258984794e11SJohan Hedberg smp_failure(conn, reason); 2590eb492e01SAnderson Briglia kfree_skb(skb); 25919b7b18efSJohan Hedberg } 25929b7b18efSJohan Hedberg 2593eb492e01SAnderson Briglia return err; 2594b28b4943SJohan Hedberg 2595b28b4943SJohan Hedberg drop: 2596b28b4943SJohan Hedberg BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name, 2597b28b4943SJohan Hedberg code, &hcon->dst); 2598b28b4943SJohan Hedberg kfree_skb(skb); 2599b28b4943SJohan Hedberg return 0; 2600eb492e01SAnderson Briglia } 26017034b911SVinicius Costa Gomes 260270db83c4SJohan Hedberg static void smp_teardown_cb(struct l2cap_chan *chan, int err) 260370db83c4SJohan Hedberg { 260470db83c4SJohan Hedberg struct l2cap_conn *conn = chan->conn; 260570db83c4SJohan Hedberg 260670db83c4SJohan Hedberg BT_DBG("chan %p", chan); 260770db83c4SJohan Hedberg 2608fc75cc86SJohan Hedberg if (chan->data) 26095d88cc73SJohan Hedberg smp_chan_destroy(conn); 26105d88cc73SJohan Hedberg 261170db83c4SJohan Hedberg conn->smp = NULL; 261270db83c4SJohan Hedberg l2cap_chan_put(chan); 261370db83c4SJohan Hedberg } 261470db83c4SJohan Hedberg 2615b5ae344dSJohan Hedberg static void bredr_pairing(struct l2cap_chan *chan) 2616b5ae344dSJohan Hedberg { 2617b5ae344dSJohan Hedberg struct l2cap_conn *conn = chan->conn; 2618b5ae344dSJohan Hedberg struct hci_conn *hcon = conn->hcon; 2619b5ae344dSJohan Hedberg struct hci_dev *hdev = hcon->hdev; 2620b5ae344dSJohan Hedberg struct smp_cmd_pairing req; 2621b5ae344dSJohan Hedberg struct smp_chan *smp; 2622b5ae344dSJohan Hedberg 2623b5ae344dSJohan Hedberg BT_DBG("chan %p", chan); 2624b5ae344dSJohan Hedberg 2625b5ae344dSJohan Hedberg /* Only new pairings are interesting */ 2626b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags)) 2627b5ae344dSJohan Hedberg return; 2628b5ae344dSJohan Hedberg 2629b5ae344dSJohan Hedberg /* Don't bother if we're not encrypted */ 2630b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 2631b5ae344dSJohan Hedberg return; 2632b5ae344dSJohan Hedberg 2633b5ae344dSJohan Hedberg /* Only master may initiate SMP over BR/EDR */ 2634b5ae344dSJohan Hedberg if (hcon->role != HCI_ROLE_MASTER) 2635b5ae344dSJohan Hedberg return; 2636b5ae344dSJohan Hedberg 2637b5ae344dSJohan Hedberg /* Secure Connections support must be enabled */ 2638b5ae344dSJohan Hedberg if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) 2639b5ae344dSJohan Hedberg return; 2640b5ae344dSJohan Hedberg 2641b5ae344dSJohan Hedberg /* BR/EDR must use Secure Connections for SMP */ 2642b5ae344dSJohan Hedberg if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) && 2643b5ae344dSJohan Hedberg !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags)) 2644b5ae344dSJohan Hedberg return; 2645b5ae344dSJohan Hedberg 2646b5ae344dSJohan Hedberg /* If our LE support is not enabled don't do anything */ 2647b5ae344dSJohan Hedberg if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 2648b5ae344dSJohan Hedberg return; 2649b5ae344dSJohan Hedberg 2650b5ae344dSJohan Hedberg /* Don't bother if remote LE support is not enabled */ 2651b5ae344dSJohan Hedberg if (!lmp_host_le_capable(hcon)) 2652b5ae344dSJohan Hedberg return; 2653b5ae344dSJohan Hedberg 2654b5ae344dSJohan Hedberg /* Remote must support SMP fixed chan for BR/EDR */ 2655b5ae344dSJohan Hedberg if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR)) 2656b5ae344dSJohan Hedberg return; 2657b5ae344dSJohan Hedberg 2658b5ae344dSJohan Hedberg /* Don't bother if SMP is already ongoing */ 2659b5ae344dSJohan Hedberg if (chan->data) 2660b5ae344dSJohan Hedberg return; 2661b5ae344dSJohan Hedberg 2662b5ae344dSJohan Hedberg smp = smp_chan_create(conn); 2663b5ae344dSJohan Hedberg if (!smp) { 2664b5ae344dSJohan Hedberg BT_ERR("%s unable to create SMP context for BR/EDR", 2665b5ae344dSJohan Hedberg hdev->name); 2666b5ae344dSJohan Hedberg return; 2667b5ae344dSJohan Hedberg } 2668b5ae344dSJohan Hedberg 2669b5ae344dSJohan Hedberg set_bit(SMP_FLAG_SC, &smp->flags); 2670b5ae344dSJohan Hedberg 2671b5ae344dSJohan Hedberg BT_DBG("%s starting SMP over BR/EDR", hdev->name); 2672b5ae344dSJohan Hedberg 2673b5ae344dSJohan Hedberg /* Prepare and send the BR/EDR SMP Pairing Request */ 2674b5ae344dSJohan Hedberg build_bredr_pairing_cmd(smp, &req, NULL); 2675b5ae344dSJohan Hedberg 2676b5ae344dSJohan Hedberg smp->preq[0] = SMP_CMD_PAIRING_REQ; 2677b5ae344dSJohan Hedberg memcpy(&smp->preq[1], &req, sizeof(req)); 2678b5ae344dSJohan Hedberg 2679b5ae344dSJohan Hedberg smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req); 2680b5ae344dSJohan Hedberg SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP); 2681b5ae344dSJohan Hedberg } 2682b5ae344dSJohan Hedberg 268344f1a7abSJohan Hedberg static void smp_resume_cb(struct l2cap_chan *chan) 268444f1a7abSJohan Hedberg { 2685b68fda68SJohan Hedberg struct smp_chan *smp = chan->data; 268644f1a7abSJohan Hedberg struct l2cap_conn *conn = chan->conn; 268744f1a7abSJohan Hedberg struct hci_conn *hcon = conn->hcon; 268844f1a7abSJohan Hedberg 268944f1a7abSJohan Hedberg BT_DBG("chan %p", chan); 269044f1a7abSJohan Hedberg 2691b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK) { 2692b5ae344dSJohan Hedberg bredr_pairing(chan); 2693ef8efe4bSJohan Hedberg return; 2694b5ae344dSJohan Hedberg } 2695ef8efe4bSJohan Hedberg 269686d1407cSJohan Hedberg if (!smp) 269786d1407cSJohan Hedberg return; 2698b68fda68SJohan Hedberg 269984bc0db5SJohan Hedberg if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 270084bc0db5SJohan Hedberg return; 270184bc0db5SJohan Hedberg 2702b68fda68SJohan Hedberg cancel_delayed_work(&smp->security_timer); 270386d1407cSJohan Hedberg 2704d6268e86SJohan Hedberg smp_distribute_keys(smp); 270544f1a7abSJohan Hedberg } 270644f1a7abSJohan Hedberg 270770db83c4SJohan Hedberg static void smp_ready_cb(struct l2cap_chan *chan) 270870db83c4SJohan Hedberg { 270970db83c4SJohan Hedberg struct l2cap_conn *conn = chan->conn; 2710b5ae344dSJohan Hedberg struct hci_conn *hcon = conn->hcon; 271170db83c4SJohan Hedberg 271270db83c4SJohan Hedberg BT_DBG("chan %p", chan); 271370db83c4SJohan Hedberg 271470db83c4SJohan Hedberg conn->smp = chan; 271570db83c4SJohan Hedberg l2cap_chan_hold(chan); 2716b5ae344dSJohan Hedberg 2717b5ae344dSJohan Hedberg if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) 2718b5ae344dSJohan Hedberg bredr_pairing(chan); 271970db83c4SJohan Hedberg } 272070db83c4SJohan Hedberg 27214befb867SJohan Hedberg static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 27224befb867SJohan Hedberg { 27234befb867SJohan Hedberg int err; 27244befb867SJohan Hedberg 27254befb867SJohan Hedberg BT_DBG("chan %p", chan); 27264befb867SJohan Hedberg 27274befb867SJohan Hedberg err = smp_sig_channel(chan, skb); 27284befb867SJohan Hedberg if (err) { 2729b68fda68SJohan Hedberg struct smp_chan *smp = chan->data; 27304befb867SJohan Hedberg 2731b68fda68SJohan Hedberg if (smp) 2732b68fda68SJohan Hedberg cancel_delayed_work_sync(&smp->security_timer); 27334befb867SJohan Hedberg 27341e91c29eSJohan Hedberg hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE); 27354befb867SJohan Hedberg } 27364befb867SJohan Hedberg 27374befb867SJohan Hedberg return err; 27384befb867SJohan Hedberg } 27394befb867SJohan Hedberg 274070db83c4SJohan Hedberg static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan, 274170db83c4SJohan Hedberg unsigned long hdr_len, 274270db83c4SJohan Hedberg unsigned long len, int nb) 274370db83c4SJohan Hedberg { 274470db83c4SJohan Hedberg struct sk_buff *skb; 274570db83c4SJohan Hedberg 274670db83c4SJohan Hedberg skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL); 274770db83c4SJohan Hedberg if (!skb) 274870db83c4SJohan Hedberg return ERR_PTR(-ENOMEM); 274970db83c4SJohan Hedberg 275070db83c4SJohan Hedberg skb->priority = HCI_PRIO_MAX; 275170db83c4SJohan Hedberg bt_cb(skb)->chan = chan; 275270db83c4SJohan Hedberg 275370db83c4SJohan Hedberg return skb; 275470db83c4SJohan Hedberg } 275570db83c4SJohan Hedberg 275670db83c4SJohan Hedberg static const struct l2cap_ops smp_chan_ops = { 275770db83c4SJohan Hedberg .name = "Security Manager", 275870db83c4SJohan Hedberg .ready = smp_ready_cb, 27595d88cc73SJohan Hedberg .recv = smp_recv_cb, 276070db83c4SJohan Hedberg .alloc_skb = smp_alloc_skb_cb, 276170db83c4SJohan Hedberg .teardown = smp_teardown_cb, 276244f1a7abSJohan Hedberg .resume = smp_resume_cb, 276370db83c4SJohan Hedberg 276470db83c4SJohan Hedberg .new_connection = l2cap_chan_no_new_connection, 276570db83c4SJohan Hedberg .state_change = l2cap_chan_no_state_change, 276670db83c4SJohan Hedberg .close = l2cap_chan_no_close, 276770db83c4SJohan Hedberg .defer = l2cap_chan_no_defer, 276870db83c4SJohan Hedberg .suspend = l2cap_chan_no_suspend, 276970db83c4SJohan Hedberg .set_shutdown = l2cap_chan_no_set_shutdown, 277070db83c4SJohan Hedberg .get_sndtimeo = l2cap_chan_no_get_sndtimeo, 277170db83c4SJohan Hedberg .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 277270db83c4SJohan Hedberg }; 277370db83c4SJohan Hedberg 277470db83c4SJohan Hedberg static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan) 277570db83c4SJohan Hedberg { 277670db83c4SJohan Hedberg struct l2cap_chan *chan; 277770db83c4SJohan Hedberg 277870db83c4SJohan Hedberg BT_DBG("pchan %p", pchan); 277970db83c4SJohan Hedberg 278070db83c4SJohan Hedberg chan = l2cap_chan_create(); 278170db83c4SJohan Hedberg if (!chan) 278270db83c4SJohan Hedberg return NULL; 278370db83c4SJohan Hedberg 278470db83c4SJohan Hedberg chan->chan_type = pchan->chan_type; 278570db83c4SJohan Hedberg chan->ops = &smp_chan_ops; 278670db83c4SJohan Hedberg chan->scid = pchan->scid; 278770db83c4SJohan Hedberg chan->dcid = chan->scid; 278870db83c4SJohan Hedberg chan->imtu = pchan->imtu; 278970db83c4SJohan Hedberg chan->omtu = pchan->omtu; 279070db83c4SJohan Hedberg chan->mode = pchan->mode; 279170db83c4SJohan Hedberg 2792abe84903SJohan Hedberg /* Other L2CAP channels may request SMP routines in order to 2793abe84903SJohan Hedberg * change the security level. This means that the SMP channel 2794abe84903SJohan Hedberg * lock must be considered in its own category to avoid lockdep 2795abe84903SJohan Hedberg * warnings. 2796abe84903SJohan Hedberg */ 2797abe84903SJohan Hedberg atomic_set(&chan->nesting, L2CAP_NESTING_SMP); 2798abe84903SJohan Hedberg 279970db83c4SJohan Hedberg BT_DBG("created chan %p", chan); 280070db83c4SJohan Hedberg 280170db83c4SJohan Hedberg return chan; 280270db83c4SJohan Hedberg } 280370db83c4SJohan Hedberg 280470db83c4SJohan Hedberg static const struct l2cap_ops smp_root_chan_ops = { 280570db83c4SJohan Hedberg .name = "Security Manager Root", 280670db83c4SJohan Hedberg .new_connection = smp_new_conn_cb, 280770db83c4SJohan Hedberg 280870db83c4SJohan Hedberg /* None of these are implemented for the root channel */ 280970db83c4SJohan Hedberg .close = l2cap_chan_no_close, 281070db83c4SJohan Hedberg .alloc_skb = l2cap_chan_no_alloc_skb, 281170db83c4SJohan Hedberg .recv = l2cap_chan_no_recv, 281270db83c4SJohan Hedberg .state_change = l2cap_chan_no_state_change, 281370db83c4SJohan Hedberg .teardown = l2cap_chan_no_teardown, 281470db83c4SJohan Hedberg .ready = l2cap_chan_no_ready, 281570db83c4SJohan Hedberg .defer = l2cap_chan_no_defer, 281670db83c4SJohan Hedberg .suspend = l2cap_chan_no_suspend, 281770db83c4SJohan Hedberg .resume = l2cap_chan_no_resume, 281870db83c4SJohan Hedberg .set_shutdown = l2cap_chan_no_set_shutdown, 281970db83c4SJohan Hedberg .get_sndtimeo = l2cap_chan_no_get_sndtimeo, 282070db83c4SJohan Hedberg .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 282170db83c4SJohan Hedberg }; 282270db83c4SJohan Hedberg 2823ef8efe4bSJohan Hedberg static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) 2824711eafe3SJohan Hedberg { 282570db83c4SJohan Hedberg struct l2cap_chan *chan; 2826defce9e8SJohan Hedberg struct crypto_blkcipher *tfm_aes; 282770db83c4SJohan Hedberg 2828ef8efe4bSJohan Hedberg if (cid == L2CAP_CID_SMP_BREDR) { 2829ef8efe4bSJohan Hedberg tfm_aes = NULL; 2830ef8efe4bSJohan Hedberg goto create_chan; 2831ef8efe4bSJohan Hedberg } 2832711eafe3SJohan Hedberg 2833adae20cbSJohan Hedberg tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); 2834defce9e8SJohan Hedberg if (IS_ERR(tfm_aes)) { 2835711eafe3SJohan Hedberg BT_ERR("Unable to create crypto context"); 2836ef8efe4bSJohan Hedberg return ERR_PTR(PTR_ERR(tfm_aes)); 2837711eafe3SJohan Hedberg } 2838711eafe3SJohan Hedberg 2839ef8efe4bSJohan Hedberg create_chan: 284070db83c4SJohan Hedberg chan = l2cap_chan_create(); 284170db83c4SJohan Hedberg if (!chan) { 2842defce9e8SJohan Hedberg crypto_free_blkcipher(tfm_aes); 2843ef8efe4bSJohan Hedberg return ERR_PTR(-ENOMEM); 284470db83c4SJohan Hedberg } 284570db83c4SJohan Hedberg 2846defce9e8SJohan Hedberg chan->data = tfm_aes; 2847defce9e8SJohan Hedberg 2848ef8efe4bSJohan Hedberg l2cap_add_scid(chan, cid); 284970db83c4SJohan Hedberg 285070db83c4SJohan Hedberg l2cap_chan_set_defaults(chan); 285170db83c4SJohan Hedberg 285270db83c4SJohan Hedberg bacpy(&chan->src, &hdev->bdaddr); 2853ef8efe4bSJohan Hedberg if (cid == L2CAP_CID_SMP) 285470db83c4SJohan Hedberg chan->src_type = BDADDR_LE_PUBLIC; 2855ef8efe4bSJohan Hedberg else 2856ef8efe4bSJohan Hedberg chan->src_type = BDADDR_BREDR; 285770db83c4SJohan Hedberg chan->state = BT_LISTEN; 285870db83c4SJohan Hedberg chan->mode = L2CAP_MODE_BASIC; 285970db83c4SJohan Hedberg chan->imtu = L2CAP_DEFAULT_MTU; 286070db83c4SJohan Hedberg chan->ops = &smp_root_chan_ops; 286170db83c4SJohan Hedberg 2862abe84903SJohan Hedberg /* Set correct nesting level for a parent/listening channel */ 2863abe84903SJohan Hedberg atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 2864abe84903SJohan Hedberg 2865ef8efe4bSJohan Hedberg return chan; 2866711eafe3SJohan Hedberg } 2867711eafe3SJohan Hedberg 2868ef8efe4bSJohan Hedberg static void smp_del_chan(struct l2cap_chan *chan) 2869711eafe3SJohan Hedberg { 2870defce9e8SJohan Hedberg struct crypto_blkcipher *tfm_aes; 287170db83c4SJohan Hedberg 2872ef8efe4bSJohan Hedberg BT_DBG("chan %p", chan); 2873711eafe3SJohan Hedberg 2874defce9e8SJohan Hedberg tfm_aes = chan->data; 2875defce9e8SJohan Hedberg if (tfm_aes) { 2876defce9e8SJohan Hedberg chan->data = NULL; 2877defce9e8SJohan Hedberg crypto_free_blkcipher(tfm_aes); 2878711eafe3SJohan Hedberg } 287970db83c4SJohan Hedberg 288070db83c4SJohan Hedberg l2cap_chan_put(chan); 2881711eafe3SJohan Hedberg } 2882ef8efe4bSJohan Hedberg 2883ef8efe4bSJohan Hedberg int smp_register(struct hci_dev *hdev) 2884ef8efe4bSJohan Hedberg { 2885ef8efe4bSJohan Hedberg struct l2cap_chan *chan; 2886ef8efe4bSJohan Hedberg 2887ef8efe4bSJohan Hedberg BT_DBG("%s", hdev->name); 2888ef8efe4bSJohan Hedberg 2889ef8efe4bSJohan Hedberg chan = smp_add_cid(hdev, L2CAP_CID_SMP); 2890ef8efe4bSJohan Hedberg if (IS_ERR(chan)) 2891ef8efe4bSJohan Hedberg return PTR_ERR(chan); 2892ef8efe4bSJohan Hedberg 2893ef8efe4bSJohan Hedberg hdev->smp_data = chan; 2894ef8efe4bSJohan Hedberg 2895ef8efe4bSJohan Hedberg if (!lmp_sc_capable(hdev) && 2896ef8efe4bSJohan Hedberg !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags)) 2897ef8efe4bSJohan Hedberg return 0; 2898ef8efe4bSJohan Hedberg 2899ef8efe4bSJohan Hedberg chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR); 2900ef8efe4bSJohan Hedberg if (IS_ERR(chan)) { 2901ef8efe4bSJohan Hedberg int err = PTR_ERR(chan); 2902ef8efe4bSJohan Hedberg chan = hdev->smp_data; 2903ef8efe4bSJohan Hedberg hdev->smp_data = NULL; 2904ef8efe4bSJohan Hedberg smp_del_chan(chan); 2905ef8efe4bSJohan Hedberg return err; 2906ef8efe4bSJohan Hedberg } 2907ef8efe4bSJohan Hedberg 2908ef8efe4bSJohan Hedberg hdev->smp_bredr_data = chan; 2909ef8efe4bSJohan Hedberg 2910ef8efe4bSJohan Hedberg return 0; 2911ef8efe4bSJohan Hedberg } 2912ef8efe4bSJohan Hedberg 2913ef8efe4bSJohan Hedberg void smp_unregister(struct hci_dev *hdev) 2914ef8efe4bSJohan Hedberg { 2915ef8efe4bSJohan Hedberg struct l2cap_chan *chan; 2916ef8efe4bSJohan Hedberg 2917ef8efe4bSJohan Hedberg if (hdev->smp_bredr_data) { 2918ef8efe4bSJohan Hedberg chan = hdev->smp_bredr_data; 2919ef8efe4bSJohan Hedberg hdev->smp_bredr_data = NULL; 2920ef8efe4bSJohan Hedberg smp_del_chan(chan); 2921ef8efe4bSJohan Hedberg } 2922ef8efe4bSJohan Hedberg 2923ef8efe4bSJohan Hedberg if (hdev->smp_data) { 2924ef8efe4bSJohan Hedberg chan = hdev->smp_data; 2925ef8efe4bSJohan Hedberg hdev->smp_data = NULL; 2926ef8efe4bSJohan Hedberg smp_del_chan(chan); 2927ef8efe4bSJohan Hedberg } 2928ef8efe4bSJohan Hedberg } 2929