xref: /openbmc/linux/net/bluetooth/smp.c (revision 275876e2)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26 
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31 
32 #include "smp.h"
33 
34 #define SMP_TIMEOUT	msecs_to_jiffies(30000)
35 
36 #define AUTH_REQ_MASK   0x07
37 
38 enum {
39 	SMP_FLAG_TK_VALID,
40 	SMP_FLAG_CFM_PENDING,
41 	SMP_FLAG_MITM_AUTH,
42 	SMP_FLAG_COMPLETE,
43 	SMP_FLAG_INITIATOR,
44 };
45 
46 struct smp_chan {
47 	struct l2cap_conn *conn;
48 	u8		preq[7]; /* SMP Pairing Request */
49 	u8		prsp[7]; /* SMP Pairing Response */
50 	u8		prnd[16]; /* SMP Pairing Random (local) */
51 	u8		rrnd[16]; /* SMP Pairing Random (remote) */
52 	u8		pcnf[16]; /* SMP Pairing Confirm */
53 	u8		tk[16]; /* SMP Temporary Key */
54 	u8		enc_key_size;
55 	u8		remote_key_dist;
56 	bdaddr_t	id_addr;
57 	u8		id_addr_type;
58 	u8		irk[16];
59 	struct smp_csrk	*csrk;
60 	struct smp_csrk	*slave_csrk;
61 	struct smp_ltk	*ltk;
62 	struct smp_ltk	*slave_ltk;
63 	struct smp_irk	*remote_irk;
64 	unsigned long	flags;
65 
66 	struct crypto_blkcipher	*tfm_aes;
67 };
68 
69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
70 {
71 	size_t i;
72 
73 	for (i = 0; i < len; i++)
74 		dst[len - 1 - i] = src[i];
75 }
76 
77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 {
79 	struct blkcipher_desc desc;
80 	struct scatterlist sg;
81 	uint8_t tmp[16], data[16];
82 	int err;
83 
84 	if (tfm == NULL) {
85 		BT_ERR("tfm %p", tfm);
86 		return -EINVAL;
87 	}
88 
89 	desc.tfm = tfm;
90 	desc.flags = 0;
91 
92 	/* The most significant octet of key corresponds to k[0] */
93 	swap_buf(k, tmp, 16);
94 
95 	err = crypto_blkcipher_setkey(tfm, tmp, 16);
96 	if (err) {
97 		BT_ERR("cipher setkey failed: %d", err);
98 		return err;
99 	}
100 
101 	/* Most significant octet of plaintextData corresponds to data[0] */
102 	swap_buf(r, data, 16);
103 
104 	sg_init_one(&sg, data, 16);
105 
106 	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
107 	if (err)
108 		BT_ERR("Encrypt data error %d", err);
109 
110 	/* Most significant octet of encryptedData corresponds to data[0] */
111 	swap_buf(data, r, 16);
112 
113 	return err;
114 }
115 
116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
117 {
118 	u8 _res[16];
119 	int err;
120 
121 	/* r' = padding || r */
122 	memcpy(_res, r, 3);
123 	memset(_res + 3, 0, 13);
124 
125 	err = smp_e(tfm, irk, _res);
126 	if (err) {
127 		BT_ERR("Encrypt error");
128 		return err;
129 	}
130 
131 	/* The output of the random address function ah is:
132 	 *	ah(h, r) = e(k, r') mod 2^24
133 	 * The output of the security function e is then truncated to 24 bits
134 	 * by taking the least significant 24 bits of the output of e as the
135 	 * result of ah.
136 	 */
137 	memcpy(res, _res, 3);
138 
139 	return 0;
140 }
141 
142 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
143 		     bdaddr_t *bdaddr)
144 {
145 	u8 hash[3];
146 	int err;
147 
148 	BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
149 
150 	err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
151 	if (err)
152 		return false;
153 
154 	return !memcmp(bdaddr->b, hash, 3);
155 }
156 
157 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
158 {
159 	int err;
160 
161 	get_random_bytes(&rpa->b[3], 3);
162 
163 	rpa->b[5] &= 0x3f;	/* Clear two most significant bits */
164 	rpa->b[5] |= 0x40;	/* Set second most significant bit */
165 
166 	err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
167 	if (err < 0)
168 		return err;
169 
170 	BT_DBG("RPA %pMR", rpa);
171 
172 	return 0;
173 }
174 
175 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
176 		  u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
177 		  u8 res[16])
178 {
179 	struct hci_dev *hdev = smp->conn->hcon->hdev;
180 	u8 p1[16], p2[16];
181 	int err;
182 
183 	BT_DBG("%s", hdev->name);
184 
185 	memset(p1, 0, 16);
186 
187 	/* p1 = pres || preq || _rat || _iat */
188 	p1[0] = _iat;
189 	p1[1] = _rat;
190 	memcpy(p1 + 2, preq, 7);
191 	memcpy(p1 + 9, pres, 7);
192 
193 	/* p2 = padding || ia || ra */
194 	memcpy(p2, ra, 6);
195 	memcpy(p2 + 6, ia, 6);
196 	memset(p2 + 12, 0, 4);
197 
198 	/* res = r XOR p1 */
199 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
200 
201 	/* res = e(k, res) */
202 	err = smp_e(smp->tfm_aes, k, res);
203 	if (err) {
204 		BT_ERR("Encrypt data error");
205 		return err;
206 	}
207 
208 	/* res = res XOR p2 */
209 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
210 
211 	/* res = e(k, res) */
212 	err = smp_e(smp->tfm_aes, k, res);
213 	if (err)
214 		BT_ERR("Encrypt data error");
215 
216 	return err;
217 }
218 
219 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
220 		  u8 _r[16])
221 {
222 	struct hci_dev *hdev = smp->conn->hcon->hdev;
223 	int err;
224 
225 	BT_DBG("%s", hdev->name);
226 
227 	/* Just least significant octets from r1 and r2 are considered */
228 	memcpy(_r, r2, 8);
229 	memcpy(_r + 8, r1, 8);
230 
231 	err = smp_e(smp->tfm_aes, k, _r);
232 	if (err)
233 		BT_ERR("Encrypt data error");
234 
235 	return err;
236 }
237 
238 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
239 				     u16 dlen, void *data)
240 {
241 	struct sk_buff *skb;
242 	struct l2cap_hdr *lh;
243 	int len;
244 
245 	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
246 
247 	if (len > conn->mtu)
248 		return NULL;
249 
250 	skb = bt_skb_alloc(len, GFP_ATOMIC);
251 	if (!skb)
252 		return NULL;
253 
254 	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
255 	lh->len = cpu_to_le16(sizeof(code) + dlen);
256 	lh->cid = cpu_to_le16(L2CAP_CID_SMP);
257 
258 	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
259 
260 	memcpy(skb_put(skb, dlen), data, dlen);
261 
262 	return skb;
263 }
264 
265 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
266 {
267 	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
268 
269 	BT_DBG("code 0x%2.2x", code);
270 
271 	if (!skb)
272 		return;
273 
274 	skb->priority = HCI_PRIO_MAX;
275 	hci_send_acl(conn->hchan, skb, 0);
276 
277 	cancel_delayed_work_sync(&conn->security_timer);
278 	schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
279 }
280 
281 static __u8 authreq_to_seclevel(__u8 authreq)
282 {
283 	if (authreq & SMP_AUTH_MITM)
284 		return BT_SECURITY_HIGH;
285 	else
286 		return BT_SECURITY_MEDIUM;
287 }
288 
289 static __u8 seclevel_to_authreq(__u8 sec_level)
290 {
291 	switch (sec_level) {
292 	case BT_SECURITY_HIGH:
293 		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
294 	case BT_SECURITY_MEDIUM:
295 		return SMP_AUTH_BONDING;
296 	default:
297 		return SMP_AUTH_NONE;
298 	}
299 }
300 
301 static void build_pairing_cmd(struct l2cap_conn *conn,
302 			      struct smp_cmd_pairing *req,
303 			      struct smp_cmd_pairing *rsp, __u8 authreq)
304 {
305 	struct smp_chan *smp = conn->smp_chan;
306 	struct hci_conn *hcon = conn->hcon;
307 	struct hci_dev *hdev = hcon->hdev;
308 	u8 local_dist = 0, remote_dist = 0;
309 
310 	if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
311 		local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 		remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
313 		authreq |= SMP_AUTH_BONDING;
314 	} else {
315 		authreq &= ~SMP_AUTH_BONDING;
316 	}
317 
318 	if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
319 		remote_dist |= SMP_DIST_ID_KEY;
320 
321 	if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
322 		local_dist |= SMP_DIST_ID_KEY;
323 
324 	if (rsp == NULL) {
325 		req->io_capability = conn->hcon->io_capability;
326 		req->oob_flag = SMP_OOB_NOT_PRESENT;
327 		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
328 		req->init_key_dist = local_dist;
329 		req->resp_key_dist = remote_dist;
330 		req->auth_req = (authreq & AUTH_REQ_MASK);
331 
332 		smp->remote_key_dist = remote_dist;
333 		return;
334 	}
335 
336 	rsp->io_capability = conn->hcon->io_capability;
337 	rsp->oob_flag = SMP_OOB_NOT_PRESENT;
338 	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 	rsp->init_key_dist = req->init_key_dist & remote_dist;
340 	rsp->resp_key_dist = req->resp_key_dist & local_dist;
341 	rsp->auth_req = (authreq & AUTH_REQ_MASK);
342 
343 	smp->remote_key_dist = rsp->init_key_dist;
344 }
345 
346 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
347 {
348 	struct smp_chan *smp = conn->smp_chan;
349 
350 	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
351 	    (max_key_size < SMP_MIN_ENC_KEY_SIZE))
352 		return SMP_ENC_KEY_SIZE;
353 
354 	smp->enc_key_size = max_key_size;
355 
356 	return 0;
357 }
358 
359 static void smp_failure(struct l2cap_conn *conn, u8 reason)
360 {
361 	struct hci_conn *hcon = conn->hcon;
362 
363 	if (reason)
364 		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
365 			     &reason);
366 
367 	clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
368 	mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
369 			 HCI_ERROR_AUTH_FAILURE);
370 
371 	cancel_delayed_work_sync(&conn->security_timer);
372 
373 	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
374 		smp_chan_destroy(conn);
375 }
376 
377 #define JUST_WORKS	0x00
378 #define JUST_CFM	0x01
379 #define REQ_PASSKEY	0x02
380 #define CFM_PASSKEY	0x03
381 #define REQ_OOB		0x04
382 #define OVERLAP		0xFF
383 
384 static const u8 gen_method[5][5] = {
385 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
386 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
387 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
388 	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
389 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
390 };
391 
392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
393 {
394 	/* If either side has unknown io_caps, use JUST_CFM (which gets
395 	 * converted later to JUST_WORKS if we're initiators.
396 	 */
397 	if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
398 	    remote_io > SMP_IO_KEYBOARD_DISPLAY)
399 		return JUST_CFM;
400 
401 	return gen_method[remote_io][local_io];
402 }
403 
404 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
405 						u8 local_io, u8 remote_io)
406 {
407 	struct hci_conn *hcon = conn->hcon;
408 	struct smp_chan *smp = conn->smp_chan;
409 	u8 method;
410 	u32 passkey = 0;
411 	int ret = 0;
412 
413 	/* Initialize key for JUST WORKS */
414 	memset(smp->tk, 0, sizeof(smp->tk));
415 	clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
416 
417 	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
418 
419 	/* If neither side wants MITM, either "just" confirm an incoming
420 	 * request or use just-works for outgoing ones. The JUST_CFM
421 	 * will be converted to JUST_WORKS if necessary later in this
422 	 * function. If either side has MITM look up the method from the
423 	 * table.
424 	 */
425 	if (!(auth & SMP_AUTH_MITM))
426 		method = JUST_CFM;
427 	else
428 		method = get_auth_method(smp, local_io, remote_io);
429 
430 	/* Don't confirm locally initiated pairing attempts */
431 	if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
432 		method = JUST_WORKS;
433 
434 	/* Don't bother user space with no IO capabilities */
435 	if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
436 		method = JUST_WORKS;
437 
438 	/* If Just Works, Continue with Zero TK */
439 	if (method == JUST_WORKS) {
440 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
441 		return 0;
442 	}
443 
444 	/* Not Just Works/Confirm results in MITM Authentication */
445 	if (method != JUST_CFM)
446 		set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
447 
448 	/* If both devices have Keyoard-Display I/O, the master
449 	 * Confirms and the slave Enters the passkey.
450 	 */
451 	if (method == OVERLAP) {
452 		if (hcon->role == HCI_ROLE_MASTER)
453 			method = CFM_PASSKEY;
454 		else
455 			method = REQ_PASSKEY;
456 	}
457 
458 	/* Generate random passkey. */
459 	if (method == CFM_PASSKEY) {
460 		memset(smp->tk, 0, sizeof(smp->tk));
461 		get_random_bytes(&passkey, sizeof(passkey));
462 		passkey %= 1000000;
463 		put_unaligned_le32(passkey, smp->tk);
464 		BT_DBG("PassKey: %d", passkey);
465 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
466 	}
467 
468 	hci_dev_lock(hcon->hdev);
469 
470 	if (method == REQ_PASSKEY)
471 		ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
472 						hcon->type, hcon->dst_type);
473 	else if (method == JUST_CFM)
474 		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
475 						hcon->type, hcon->dst_type,
476 						passkey, 1);
477 	else
478 		ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
479 						hcon->type, hcon->dst_type,
480 						passkey, 0);
481 
482 	hci_dev_unlock(hcon->hdev);
483 
484 	return ret;
485 }
486 
487 static u8 smp_confirm(struct smp_chan *smp)
488 {
489 	struct l2cap_conn *conn = smp->conn;
490 	struct smp_cmd_pairing_confirm cp;
491 	int ret;
492 
493 	BT_DBG("conn %p", conn);
494 
495 	ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
496 		     conn->hcon->init_addr_type, &conn->hcon->init_addr,
497 		     conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
498 		     cp.confirm_val);
499 	if (ret)
500 		return SMP_UNSPECIFIED;
501 
502 	clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
503 
504 	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
505 
506 	return 0;
507 }
508 
509 static u8 smp_random(struct smp_chan *smp)
510 {
511 	struct l2cap_conn *conn = smp->conn;
512 	struct hci_conn *hcon = conn->hcon;
513 	u8 confirm[16];
514 	int ret;
515 
516 	if (IS_ERR_OR_NULL(smp->tfm_aes))
517 		return SMP_UNSPECIFIED;
518 
519 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
520 
521 	ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
522 		     hcon->init_addr_type, &hcon->init_addr,
523 		     hcon->resp_addr_type, &hcon->resp_addr, confirm);
524 	if (ret)
525 		return SMP_UNSPECIFIED;
526 
527 	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
528 		BT_ERR("Pairing failed (confirmation values mismatch)");
529 		return SMP_CONFIRM_FAILED;
530 	}
531 
532 	if (hcon->out) {
533 		u8 stk[16];
534 		__le64 rand = 0;
535 		__le16 ediv = 0;
536 
537 		smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
538 
539 		memset(stk + smp->enc_key_size, 0,
540 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
541 
542 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
543 			return SMP_UNSPECIFIED;
544 
545 		hci_le_start_enc(hcon, ediv, rand, stk);
546 		hcon->enc_key_size = smp->enc_key_size;
547 		set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
548 	} else {
549 		u8 stk[16], auth;
550 		__le64 rand = 0;
551 		__le16 ediv = 0;
552 
553 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
554 			     smp->prnd);
555 
556 		smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
557 
558 		memset(stk + smp->enc_key_size, 0,
559 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
560 
561 		if (hcon->pending_sec_level == BT_SECURITY_HIGH)
562 			auth = 1;
563 		else
564 			auth = 0;
565 
566 		/* Even though there's no _SLAVE suffix this is the
567 		 * slave STK we're adding for later lookup (the master
568 		 * STK never needs to be stored).
569 		 */
570 		hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
571 			    SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
572 	}
573 
574 	return 0;
575 }
576 
577 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
578 {
579 	struct smp_chan *smp;
580 
581 	smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
582 	if (!smp) {
583 		clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
584 		return NULL;
585 	}
586 
587 	smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
588 	if (IS_ERR(smp->tfm_aes)) {
589 		BT_ERR("Unable to create ECB crypto context");
590 		kfree(smp);
591 		clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
592 		return NULL;
593 	}
594 
595 	smp->conn = conn;
596 	conn->smp_chan = smp;
597 
598 	hci_conn_hold(conn->hcon);
599 
600 	return smp;
601 }
602 
603 void smp_chan_destroy(struct l2cap_conn *conn)
604 {
605 	struct smp_chan *smp = conn->smp_chan;
606 	bool complete;
607 
608 	BUG_ON(!smp);
609 
610 	complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
611 	mgmt_smp_complete(conn->hcon, complete);
612 
613 	kfree(smp->csrk);
614 	kfree(smp->slave_csrk);
615 
616 	crypto_free_blkcipher(smp->tfm_aes);
617 
618 	/* If pairing failed clean up any keys we might have */
619 	if (!complete) {
620 		if (smp->ltk) {
621 			list_del(&smp->ltk->list);
622 			kfree(smp->ltk);
623 		}
624 
625 		if (smp->slave_ltk) {
626 			list_del(&smp->slave_ltk->list);
627 			kfree(smp->slave_ltk);
628 		}
629 
630 		if (smp->remote_irk) {
631 			list_del(&smp->remote_irk->list);
632 			kfree(smp->remote_irk);
633 		}
634 	}
635 
636 	kfree(smp);
637 	conn->smp_chan = NULL;
638 	hci_conn_drop(conn->hcon);
639 }
640 
641 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
642 {
643 	struct l2cap_conn *conn = hcon->l2cap_data;
644 	struct smp_chan *smp;
645 	u32 value;
646 
647 	BT_DBG("");
648 
649 	if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
650 		return -ENOTCONN;
651 
652 	smp = conn->smp_chan;
653 
654 	switch (mgmt_op) {
655 	case MGMT_OP_USER_PASSKEY_REPLY:
656 		value = le32_to_cpu(passkey);
657 		memset(smp->tk, 0, sizeof(smp->tk));
658 		BT_DBG("PassKey: %d", value);
659 		put_unaligned_le32(value, smp->tk);
660 		/* Fall Through */
661 	case MGMT_OP_USER_CONFIRM_REPLY:
662 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
663 		break;
664 	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
665 	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
666 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
667 		return 0;
668 	default:
669 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
670 		return -EOPNOTSUPP;
671 	}
672 
673 	/* If it is our turn to send Pairing Confirm, do so now */
674 	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
675 		u8 rsp = smp_confirm(smp);
676 		if (rsp)
677 			smp_failure(conn, rsp);
678 	}
679 
680 	return 0;
681 }
682 
683 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
684 {
685 	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
686 	struct hci_dev *hdev = conn->hcon->hdev;
687 	struct smp_chan *smp;
688 	u8 key_size, auth, sec_level;
689 	int ret;
690 
691 	BT_DBG("conn %p", conn);
692 
693 	if (skb->len < sizeof(*req))
694 		return SMP_INVALID_PARAMS;
695 
696 	if (conn->hcon->role != HCI_ROLE_SLAVE)
697 		return SMP_CMD_NOTSUPP;
698 
699 	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
700 		smp = smp_chan_create(conn);
701 	else
702 		smp = conn->smp_chan;
703 
704 	if (!smp)
705 		return SMP_UNSPECIFIED;
706 
707 	if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
708 	    (req->auth_req & SMP_AUTH_BONDING))
709 		return SMP_PAIRING_NOTSUPP;
710 
711 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
712 	memcpy(&smp->preq[1], req, sizeof(*req));
713 	skb_pull(skb, sizeof(*req));
714 
715 	/* We didn't start the pairing, so match remote */
716 	auth = req->auth_req;
717 
718 	sec_level = authreq_to_seclevel(auth);
719 	if (sec_level > conn->hcon->pending_sec_level)
720 		conn->hcon->pending_sec_level = sec_level;
721 
722 	/* If we need MITM check that it can be acheived */
723 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
724 		u8 method;
725 
726 		method = get_auth_method(smp, conn->hcon->io_capability,
727 					 req->io_capability);
728 		if (method == JUST_WORKS || method == JUST_CFM)
729 			return SMP_AUTH_REQUIREMENTS;
730 	}
731 
732 	build_pairing_cmd(conn, req, &rsp, auth);
733 
734 	key_size = min(req->max_key_size, rsp.max_key_size);
735 	if (check_enc_key_size(conn, key_size))
736 		return SMP_ENC_KEY_SIZE;
737 
738 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
739 
740 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
741 	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
742 
743 	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
744 
745 	/* Request setup of TK */
746 	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
747 	if (ret)
748 		return SMP_UNSPECIFIED;
749 
750 	return 0;
751 }
752 
753 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
754 {
755 	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
756 	struct smp_chan *smp = conn->smp_chan;
757 	u8 key_size, auth = SMP_AUTH_NONE;
758 	int ret;
759 
760 	BT_DBG("conn %p", conn);
761 
762 	if (skb->len < sizeof(*rsp))
763 		return SMP_INVALID_PARAMS;
764 
765 	if (conn->hcon->role != HCI_ROLE_MASTER)
766 		return SMP_CMD_NOTSUPP;
767 
768 	skb_pull(skb, sizeof(*rsp));
769 
770 	req = (void *) &smp->preq[1];
771 
772 	key_size = min(req->max_key_size, rsp->max_key_size);
773 	if (check_enc_key_size(conn, key_size))
774 		return SMP_ENC_KEY_SIZE;
775 
776 	/* If we need MITM check that it can be acheived */
777 	if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
778 		u8 method;
779 
780 		method = get_auth_method(smp, req->io_capability,
781 					 rsp->io_capability);
782 		if (method == JUST_WORKS || method == JUST_CFM)
783 			return SMP_AUTH_REQUIREMENTS;
784 	}
785 
786 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
787 
788 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
789 	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
790 
791 	/* Update remote key distribution in case the remote cleared
792 	 * some bits that we had enabled in our request.
793 	 */
794 	smp->remote_key_dist &= rsp->resp_key_dist;
795 
796 	if ((req->auth_req & SMP_AUTH_BONDING) &&
797 	    (rsp->auth_req & SMP_AUTH_BONDING))
798 		auth = SMP_AUTH_BONDING;
799 
800 	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
801 
802 	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
803 	if (ret)
804 		return SMP_UNSPECIFIED;
805 
806 	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
807 
808 	/* Can't compose response until we have been confirmed */
809 	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
810 		return smp_confirm(smp);
811 
812 	return 0;
813 }
814 
815 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
816 {
817 	struct smp_chan *smp = conn->smp_chan;
818 
819 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
820 
821 	if (skb->len < sizeof(smp->pcnf))
822 		return SMP_INVALID_PARAMS;
823 
824 	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
825 	skb_pull(skb, sizeof(smp->pcnf));
826 
827 	if (conn->hcon->out)
828 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
829 			     smp->prnd);
830 	else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
831 		return smp_confirm(smp);
832 	else
833 		set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
834 
835 	return 0;
836 }
837 
838 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
839 {
840 	struct smp_chan *smp = conn->smp_chan;
841 
842 	BT_DBG("conn %p", conn);
843 
844 	if (skb->len < sizeof(smp->rrnd))
845 		return SMP_INVALID_PARAMS;
846 
847 	memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
848 	skb_pull(skb, sizeof(smp->rrnd));
849 
850 	return smp_random(smp);
851 }
852 
853 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
854 {
855 	struct smp_ltk *key;
856 	struct hci_conn *hcon = conn->hcon;
857 
858 	key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
859 				   hcon->role);
860 	if (!key)
861 		return false;
862 
863 	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
864 		return false;
865 
866 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
867 		return true;
868 
869 	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
870 	hcon->enc_key_size = key->enc_size;
871 
872 	/* We never store STKs for master role, so clear this flag */
873 	clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
874 
875 	return true;
876 }
877 
878 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
879 {
880 	if (sec_level == BT_SECURITY_LOW)
881 		return true;
882 
883 	/* If we're encrypted with an STK always claim insufficient
884 	 * security. This way we allow the connection to be re-encrypted
885 	 * with an LTK, even if the LTK provides the same level of
886 	 * security. Only exception is if we don't have an LTK (e.g.
887 	 * because of key distribution bits).
888 	 */
889 	if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
890 	    hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
891 				 hcon->role))
892 		return false;
893 
894 	if (hcon->sec_level >= sec_level)
895 		return true;
896 
897 	return false;
898 }
899 
900 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
901 {
902 	struct smp_cmd_security_req *rp = (void *) skb->data;
903 	struct smp_cmd_pairing cp;
904 	struct hci_conn *hcon = conn->hcon;
905 	struct smp_chan *smp;
906 	u8 sec_level;
907 
908 	BT_DBG("conn %p", conn);
909 
910 	if (skb->len < sizeof(*rp))
911 		return SMP_INVALID_PARAMS;
912 
913 	if (hcon->role != HCI_ROLE_MASTER)
914 		return SMP_CMD_NOTSUPP;
915 
916 	sec_level = authreq_to_seclevel(rp->auth_req);
917 	if (smp_sufficient_security(hcon, sec_level))
918 		return 0;
919 
920 	if (sec_level > hcon->pending_sec_level)
921 		hcon->pending_sec_level = sec_level;
922 
923 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
924 		return 0;
925 
926 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
927 		return 0;
928 
929 	smp = smp_chan_create(conn);
930 	if (!smp)
931 		return SMP_UNSPECIFIED;
932 
933 	if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
934 	    (rp->auth_req & SMP_AUTH_BONDING))
935 		return SMP_PAIRING_NOTSUPP;
936 
937 	skb_pull(skb, sizeof(*rp));
938 
939 	memset(&cp, 0, sizeof(cp));
940 	build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
941 
942 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
943 	memcpy(&smp->preq[1], &cp, sizeof(cp));
944 
945 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
946 
947 	return 0;
948 }
949 
950 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
951 {
952 	struct l2cap_conn *conn = hcon->l2cap_data;
953 	struct smp_chan *smp;
954 	__u8 authreq;
955 
956 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
957 
958 	/* This may be NULL if there's an unexpected disconnection */
959 	if (!conn)
960 		return 1;
961 
962 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
963 		return 1;
964 
965 	if (smp_sufficient_security(hcon, sec_level))
966 		return 1;
967 
968 	if (sec_level > hcon->pending_sec_level)
969 		hcon->pending_sec_level = sec_level;
970 
971 	if (hcon->role == HCI_ROLE_MASTER)
972 		if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
973 			return 0;
974 
975 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
976 		return 0;
977 
978 	smp = smp_chan_create(conn);
979 	if (!smp)
980 		return 1;
981 
982 	authreq = seclevel_to_authreq(sec_level);
983 
984 	/* Require MITM if IO Capability allows or the security level
985 	 * requires it.
986 	 */
987 	if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
988 	    hcon->pending_sec_level > BT_SECURITY_MEDIUM)
989 		authreq |= SMP_AUTH_MITM;
990 
991 	if (hcon->role == HCI_ROLE_MASTER) {
992 		struct smp_cmd_pairing cp;
993 
994 		build_pairing_cmd(conn, &cp, NULL, authreq);
995 		smp->preq[0] = SMP_CMD_PAIRING_REQ;
996 		memcpy(&smp->preq[1], &cp, sizeof(cp));
997 
998 		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
999 	} else {
1000 		struct smp_cmd_security_req cp;
1001 		cp.auth_req = authreq;
1002 		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1003 	}
1004 
1005 	set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1006 
1007 	return 0;
1008 }
1009 
1010 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1011 {
1012 	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1013 	struct smp_chan *smp = conn->smp_chan;
1014 
1015 	BT_DBG("conn %p", conn);
1016 
1017 	if (skb->len < sizeof(*rp))
1018 		return SMP_INVALID_PARAMS;
1019 
1020 	/* Ignore this PDU if it wasn't requested */
1021 	if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1022 		return 0;
1023 
1024 	skb_pull(skb, sizeof(*rp));
1025 
1026 	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1027 
1028 	return 0;
1029 }
1030 
1031 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1032 {
1033 	struct smp_cmd_master_ident *rp = (void *) skb->data;
1034 	struct smp_chan *smp = conn->smp_chan;
1035 	struct hci_dev *hdev = conn->hcon->hdev;
1036 	struct hci_conn *hcon = conn->hcon;
1037 	struct smp_ltk *ltk;
1038 	u8 authenticated;
1039 
1040 	BT_DBG("conn %p", conn);
1041 
1042 	if (skb->len < sizeof(*rp))
1043 		return SMP_INVALID_PARAMS;
1044 
1045 	/* Ignore this PDU if it wasn't requested */
1046 	if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
1047 		return 0;
1048 
1049 	/* Mark the information as received */
1050 	smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1051 
1052 	skb_pull(skb, sizeof(*rp));
1053 
1054 	hci_dev_lock(hdev);
1055 	authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1056 	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1057 			  authenticated, smp->tk, smp->enc_key_size,
1058 			  rp->ediv, rp->rand);
1059 	smp->ltk = ltk;
1060 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1061 		smp_distribute_keys(conn);
1062 	hci_dev_unlock(hdev);
1063 
1064 	return 0;
1065 }
1066 
1067 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1068 {
1069 	struct smp_cmd_ident_info *info = (void *) skb->data;
1070 	struct smp_chan *smp = conn->smp_chan;
1071 
1072 	BT_DBG("");
1073 
1074 	if (skb->len < sizeof(*info))
1075 		return SMP_INVALID_PARAMS;
1076 
1077 	/* Ignore this PDU if it wasn't requested */
1078 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1079 		return 0;
1080 
1081 	skb_pull(skb, sizeof(*info));
1082 
1083 	memcpy(smp->irk, info->irk, 16);
1084 
1085 	return 0;
1086 }
1087 
1088 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1089 				   struct sk_buff *skb)
1090 {
1091 	struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1092 	struct smp_chan *smp = conn->smp_chan;
1093 	struct hci_conn *hcon = conn->hcon;
1094 	bdaddr_t rpa;
1095 
1096 	BT_DBG("");
1097 
1098 	if (skb->len < sizeof(*info))
1099 		return SMP_INVALID_PARAMS;
1100 
1101 	/* Ignore this PDU if it wasn't requested */
1102 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1103 		return 0;
1104 
1105 	/* Mark the information as received */
1106 	smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1107 
1108 	skb_pull(skb, sizeof(*info));
1109 
1110 	hci_dev_lock(hcon->hdev);
1111 
1112 	/* Strictly speaking the Core Specification (4.1) allows sending
1113 	 * an empty address which would force us to rely on just the IRK
1114 	 * as "identity information". However, since such
1115 	 * implementations are not known of and in order to not over
1116 	 * complicate our implementation, simply pretend that we never
1117 	 * received an IRK for such a device.
1118 	 */
1119 	if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1120 		BT_ERR("Ignoring IRK with no identity address");
1121 		goto distribute;
1122 	}
1123 
1124 	bacpy(&smp->id_addr, &info->bdaddr);
1125 	smp->id_addr_type = info->addr_type;
1126 
1127 	if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1128 		bacpy(&rpa, &hcon->dst);
1129 	else
1130 		bacpy(&rpa, BDADDR_ANY);
1131 
1132 	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1133 				      smp->id_addr_type, smp->irk, &rpa);
1134 
1135 distribute:
1136 	smp_distribute_keys(conn);
1137 
1138 	hci_dev_unlock(hcon->hdev);
1139 
1140 	return 0;
1141 }
1142 
1143 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1144 {
1145 	struct smp_cmd_sign_info *rp = (void *) skb->data;
1146 	struct smp_chan *smp = conn->smp_chan;
1147 	struct hci_dev *hdev = conn->hcon->hdev;
1148 	struct smp_csrk *csrk;
1149 
1150 	BT_DBG("conn %p", conn);
1151 
1152 	if (skb->len < sizeof(*rp))
1153 		return SMP_INVALID_PARAMS;
1154 
1155 	/* Ignore this PDU if it wasn't requested */
1156 	if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1157 		return 0;
1158 
1159 	/* Mark the information as received */
1160 	smp->remote_key_dist &= ~SMP_DIST_SIGN;
1161 
1162 	skb_pull(skb, sizeof(*rp));
1163 
1164 	hci_dev_lock(hdev);
1165 	csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1166 	if (csrk) {
1167 		csrk->master = 0x01;
1168 		memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1169 	}
1170 	smp->csrk = csrk;
1171 	if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1172 		smp_distribute_keys(conn);
1173 	hci_dev_unlock(hdev);
1174 
1175 	return 0;
1176 }
1177 
1178 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1179 {
1180 	struct hci_conn *hcon = conn->hcon;
1181 	__u8 code, reason;
1182 	int err = 0;
1183 
1184 	if (hcon->type != LE_LINK) {
1185 		kfree_skb(skb);
1186 		return 0;
1187 	}
1188 
1189 	if (skb->len < 1) {
1190 		kfree_skb(skb);
1191 		return -EILSEQ;
1192 	}
1193 
1194 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1195 		err = -EOPNOTSUPP;
1196 		reason = SMP_PAIRING_NOTSUPP;
1197 		goto done;
1198 	}
1199 
1200 	code = skb->data[0];
1201 	skb_pull(skb, sizeof(code));
1202 
1203 	/*
1204 	 * The SMP context must be initialized for all other PDUs except
1205 	 * pairing and security requests. If we get any other PDU when
1206 	 * not initialized simply disconnect (done if this function
1207 	 * returns an error).
1208 	 */
1209 	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1210 	    !conn->smp_chan) {
1211 		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1212 		kfree_skb(skb);
1213 		return -EOPNOTSUPP;
1214 	}
1215 
1216 	switch (code) {
1217 	case SMP_CMD_PAIRING_REQ:
1218 		reason = smp_cmd_pairing_req(conn, skb);
1219 		break;
1220 
1221 	case SMP_CMD_PAIRING_FAIL:
1222 		smp_failure(conn, 0);
1223 		reason = 0;
1224 		err = -EPERM;
1225 		break;
1226 
1227 	case SMP_CMD_PAIRING_RSP:
1228 		reason = smp_cmd_pairing_rsp(conn, skb);
1229 		break;
1230 
1231 	case SMP_CMD_SECURITY_REQ:
1232 		reason = smp_cmd_security_req(conn, skb);
1233 		break;
1234 
1235 	case SMP_CMD_PAIRING_CONFIRM:
1236 		reason = smp_cmd_pairing_confirm(conn, skb);
1237 		break;
1238 
1239 	case SMP_CMD_PAIRING_RANDOM:
1240 		reason = smp_cmd_pairing_random(conn, skb);
1241 		break;
1242 
1243 	case SMP_CMD_ENCRYPT_INFO:
1244 		reason = smp_cmd_encrypt_info(conn, skb);
1245 		break;
1246 
1247 	case SMP_CMD_MASTER_IDENT:
1248 		reason = smp_cmd_master_ident(conn, skb);
1249 		break;
1250 
1251 	case SMP_CMD_IDENT_INFO:
1252 		reason = smp_cmd_ident_info(conn, skb);
1253 		break;
1254 
1255 	case SMP_CMD_IDENT_ADDR_INFO:
1256 		reason = smp_cmd_ident_addr_info(conn, skb);
1257 		break;
1258 
1259 	case SMP_CMD_SIGN_INFO:
1260 		reason = smp_cmd_sign_info(conn, skb);
1261 		break;
1262 
1263 	default:
1264 		BT_DBG("Unknown command code 0x%2.2x", code);
1265 
1266 		reason = SMP_CMD_NOTSUPP;
1267 		err = -EOPNOTSUPP;
1268 		goto done;
1269 	}
1270 
1271 done:
1272 	if (reason)
1273 		smp_failure(conn, reason);
1274 
1275 	kfree_skb(skb);
1276 	return err;
1277 }
1278 
1279 static void smp_notify_keys(struct l2cap_conn *conn)
1280 {
1281 	struct smp_chan *smp = conn->smp_chan;
1282 	struct hci_conn *hcon = conn->hcon;
1283 	struct hci_dev *hdev = hcon->hdev;
1284 	struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1285 	struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1286 	bool persistent;
1287 
1288 	if (smp->remote_irk) {
1289 		mgmt_new_irk(hdev, smp->remote_irk);
1290 		/* Now that user space can be considered to know the
1291 		 * identity address track the connection based on it
1292 		 * from now on.
1293 		 */
1294 		bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1295 		hcon->dst_type = smp->remote_irk->addr_type;
1296 		l2cap_conn_update_id_addr(hcon);
1297 
1298 		/* When receiving an indentity resolving key for
1299 		 * a remote device that does not use a resolvable
1300 		 * private address, just remove the key so that
1301 		 * it is possible to use the controller white
1302 		 * list for scanning.
1303 		 *
1304 		 * Userspace will have been told to not store
1305 		 * this key at this point. So it is safe to
1306 		 * just remove it.
1307 		 */
1308 		if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1309 			list_del(&smp->remote_irk->list);
1310 			kfree(smp->remote_irk);
1311 			smp->remote_irk = NULL;
1312 		}
1313 	}
1314 
1315 	/* The LTKs and CSRKs should be persistent only if both sides
1316 	 * had the bonding bit set in their authentication requests.
1317 	 */
1318 	persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1319 
1320 	if (smp->csrk) {
1321 		smp->csrk->bdaddr_type = hcon->dst_type;
1322 		bacpy(&smp->csrk->bdaddr, &hcon->dst);
1323 		mgmt_new_csrk(hdev, smp->csrk, persistent);
1324 	}
1325 
1326 	if (smp->slave_csrk) {
1327 		smp->slave_csrk->bdaddr_type = hcon->dst_type;
1328 		bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1329 		mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1330 	}
1331 
1332 	if (smp->ltk) {
1333 		smp->ltk->bdaddr_type = hcon->dst_type;
1334 		bacpy(&smp->ltk->bdaddr, &hcon->dst);
1335 		mgmt_new_ltk(hdev, smp->ltk, persistent);
1336 	}
1337 
1338 	if (smp->slave_ltk) {
1339 		smp->slave_ltk->bdaddr_type = hcon->dst_type;
1340 		bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1341 		mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1342 	}
1343 }
1344 
1345 int smp_distribute_keys(struct l2cap_conn *conn)
1346 {
1347 	struct smp_cmd_pairing *req, *rsp;
1348 	struct smp_chan *smp = conn->smp_chan;
1349 	struct hci_conn *hcon = conn->hcon;
1350 	struct hci_dev *hdev = hcon->hdev;
1351 	__u8 *keydist;
1352 
1353 	BT_DBG("conn %p", conn);
1354 
1355 	if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1356 		return 0;
1357 
1358 	rsp = (void *) &smp->prsp[1];
1359 
1360 	/* The responder sends its keys first */
1361 	if (hcon->out && (smp->remote_key_dist & 0x07))
1362 		return 0;
1363 
1364 	req = (void *) &smp->preq[1];
1365 
1366 	if (hcon->out) {
1367 		keydist = &rsp->init_key_dist;
1368 		*keydist &= req->init_key_dist;
1369 	} else {
1370 		keydist = &rsp->resp_key_dist;
1371 		*keydist &= req->resp_key_dist;
1372 	}
1373 
1374 	BT_DBG("keydist 0x%x", *keydist);
1375 
1376 	if (*keydist & SMP_DIST_ENC_KEY) {
1377 		struct smp_cmd_encrypt_info enc;
1378 		struct smp_cmd_master_ident ident;
1379 		struct smp_ltk *ltk;
1380 		u8 authenticated;
1381 		__le16 ediv;
1382 		__le64 rand;
1383 
1384 		get_random_bytes(enc.ltk, sizeof(enc.ltk));
1385 		get_random_bytes(&ediv, sizeof(ediv));
1386 		get_random_bytes(&rand, sizeof(rand));
1387 
1388 		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1389 
1390 		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1391 		ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1392 				  SMP_LTK_SLAVE, authenticated, enc.ltk,
1393 				  smp->enc_key_size, ediv, rand);
1394 		smp->slave_ltk = ltk;
1395 
1396 		ident.ediv = ediv;
1397 		ident.rand = rand;
1398 
1399 		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1400 
1401 		*keydist &= ~SMP_DIST_ENC_KEY;
1402 	}
1403 
1404 	if (*keydist & SMP_DIST_ID_KEY) {
1405 		struct smp_cmd_ident_addr_info addrinfo;
1406 		struct smp_cmd_ident_info idinfo;
1407 
1408 		memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1409 
1410 		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1411 
1412 		/* The hci_conn contains the local identity address
1413 		 * after the connection has been established.
1414 		 *
1415 		 * This is true even when the connection has been
1416 		 * established using a resolvable random address.
1417 		 */
1418 		bacpy(&addrinfo.bdaddr, &hcon->src);
1419 		addrinfo.addr_type = hcon->src_type;
1420 
1421 		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1422 			     &addrinfo);
1423 
1424 		*keydist &= ~SMP_DIST_ID_KEY;
1425 	}
1426 
1427 	if (*keydist & SMP_DIST_SIGN) {
1428 		struct smp_cmd_sign_info sign;
1429 		struct smp_csrk *csrk;
1430 
1431 		/* Generate a new random key */
1432 		get_random_bytes(sign.csrk, sizeof(sign.csrk));
1433 
1434 		csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1435 		if (csrk) {
1436 			csrk->master = 0x00;
1437 			memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1438 		}
1439 		smp->slave_csrk = csrk;
1440 
1441 		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1442 
1443 		*keydist &= ~SMP_DIST_SIGN;
1444 	}
1445 
1446 	/* If there are still keys to be received wait for them */
1447 	if ((smp->remote_key_dist & 0x07))
1448 		return 0;
1449 
1450 	clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1451 	cancel_delayed_work_sync(&conn->security_timer);
1452 	set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1453 	smp_notify_keys(conn);
1454 
1455 	smp_chan_destroy(conn);
1456 
1457 	return 0;
1458 }
1459