1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/crypto.h> 24 #include <linux/scatterlist.h> 25 #include <crypto/b128ops.h> 26 27 #include <net/bluetooth/bluetooth.h> 28 #include <net/bluetooth/hci_core.h> 29 #include <net/bluetooth/l2cap.h> 30 #include <net/bluetooth/mgmt.h> 31 32 #include "smp.h" 33 34 #define SMP_TIMEOUT msecs_to_jiffies(30000) 35 36 #define AUTH_REQ_MASK 0x07 37 38 enum { 39 SMP_FLAG_TK_VALID, 40 SMP_FLAG_CFM_PENDING, 41 SMP_FLAG_MITM_AUTH, 42 SMP_FLAG_COMPLETE, 43 SMP_FLAG_INITIATOR, 44 }; 45 46 struct smp_chan { 47 struct l2cap_conn *conn; 48 u8 preq[7]; /* SMP Pairing Request */ 49 u8 prsp[7]; /* SMP Pairing Response */ 50 u8 prnd[16]; /* SMP Pairing Random (local) */ 51 u8 rrnd[16]; /* SMP Pairing Random (remote) */ 52 u8 pcnf[16]; /* SMP Pairing Confirm */ 53 u8 tk[16]; /* SMP Temporary Key */ 54 u8 enc_key_size; 55 u8 remote_key_dist; 56 bdaddr_t id_addr; 57 u8 id_addr_type; 58 u8 irk[16]; 59 struct smp_csrk *csrk; 60 struct smp_csrk *slave_csrk; 61 struct smp_ltk *ltk; 62 struct smp_ltk *slave_ltk; 63 struct smp_irk *remote_irk; 64 unsigned long flags; 65 66 struct crypto_blkcipher *tfm_aes; 67 }; 68 69 static inline void swap_buf(const u8 *src, u8 *dst, size_t len) 70 { 71 size_t i; 72 73 for (i = 0; i < len; i++) 74 dst[len - 1 - i] = src[i]; 75 } 76 77 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 78 { 79 struct blkcipher_desc desc; 80 struct scatterlist sg; 81 uint8_t tmp[16], data[16]; 82 int err; 83 84 if (tfm == NULL) { 85 BT_ERR("tfm %p", tfm); 86 return -EINVAL; 87 } 88 89 desc.tfm = tfm; 90 desc.flags = 0; 91 92 /* The most significant octet of key corresponds to k[0] */ 93 swap_buf(k, tmp, 16); 94 95 err = crypto_blkcipher_setkey(tfm, tmp, 16); 96 if (err) { 97 BT_ERR("cipher setkey failed: %d", err); 98 return err; 99 } 100 101 /* Most significant octet of plaintextData corresponds to data[0] */ 102 swap_buf(r, data, 16); 103 104 sg_init_one(&sg, data, 16); 105 106 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 107 if (err) 108 BT_ERR("Encrypt data error %d", err); 109 110 /* Most significant octet of encryptedData corresponds to data[0] */ 111 swap_buf(data, r, 16); 112 113 return err; 114 } 115 116 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) 117 { 118 u8 _res[16]; 119 int err; 120 121 /* r' = padding || r */ 122 memcpy(_res, r, 3); 123 memset(_res + 3, 0, 13); 124 125 err = smp_e(tfm, irk, _res); 126 if (err) { 127 BT_ERR("Encrypt error"); 128 return err; 129 } 130 131 /* The output of the random address function ah is: 132 * ah(h, r) = e(k, r') mod 2^24 133 * The output of the security function e is then truncated to 24 bits 134 * by taking the least significant 24 bits of the output of e as the 135 * result of ah. 136 */ 137 memcpy(res, _res, 3); 138 139 return 0; 140 } 141 142 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16], 143 bdaddr_t *bdaddr) 144 { 145 u8 hash[3]; 146 int err; 147 148 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); 149 150 err = smp_ah(tfm, irk, &bdaddr->b[3], hash); 151 if (err) 152 return false; 153 154 return !memcmp(bdaddr->b, hash, 3); 155 } 156 157 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa) 158 { 159 int err; 160 161 get_random_bytes(&rpa->b[3], 3); 162 163 rpa->b[5] &= 0x3f; /* Clear two most significant bits */ 164 rpa->b[5] |= 0x40; /* Set second most significant bit */ 165 166 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); 167 if (err < 0) 168 return err; 169 170 BT_DBG("RPA %pMR", rpa); 171 172 return 0; 173 } 174 175 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7], 176 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra, 177 u8 res[16]) 178 { 179 struct hci_dev *hdev = smp->conn->hcon->hdev; 180 u8 p1[16], p2[16]; 181 int err; 182 183 BT_DBG("%s", hdev->name); 184 185 memset(p1, 0, 16); 186 187 /* p1 = pres || preq || _rat || _iat */ 188 p1[0] = _iat; 189 p1[1] = _rat; 190 memcpy(p1 + 2, preq, 7); 191 memcpy(p1 + 9, pres, 7); 192 193 /* p2 = padding || ia || ra */ 194 memcpy(p2, ra, 6); 195 memcpy(p2 + 6, ia, 6); 196 memset(p2 + 12, 0, 4); 197 198 /* res = r XOR p1 */ 199 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); 200 201 /* res = e(k, res) */ 202 err = smp_e(smp->tfm_aes, k, res); 203 if (err) { 204 BT_ERR("Encrypt data error"); 205 return err; 206 } 207 208 /* res = res XOR p2 */ 209 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); 210 211 /* res = e(k, res) */ 212 err = smp_e(smp->tfm_aes, k, res); 213 if (err) 214 BT_ERR("Encrypt data error"); 215 216 return err; 217 } 218 219 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16], 220 u8 _r[16]) 221 { 222 struct hci_dev *hdev = smp->conn->hcon->hdev; 223 int err; 224 225 BT_DBG("%s", hdev->name); 226 227 /* Just least significant octets from r1 and r2 are considered */ 228 memcpy(_r, r2, 8); 229 memcpy(_r + 8, r1, 8); 230 231 err = smp_e(smp->tfm_aes, k, _r); 232 if (err) 233 BT_ERR("Encrypt data error"); 234 235 return err; 236 } 237 238 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code, 239 u16 dlen, void *data) 240 { 241 struct sk_buff *skb; 242 struct l2cap_hdr *lh; 243 int len; 244 245 len = L2CAP_HDR_SIZE + sizeof(code) + dlen; 246 247 if (len > conn->mtu) 248 return NULL; 249 250 skb = bt_skb_alloc(len, GFP_ATOMIC); 251 if (!skb) 252 return NULL; 253 254 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 255 lh->len = cpu_to_le16(sizeof(code) + dlen); 256 lh->cid = cpu_to_le16(L2CAP_CID_SMP); 257 258 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); 259 260 memcpy(skb_put(skb, dlen), data, dlen); 261 262 return skb; 263 } 264 265 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 266 { 267 struct sk_buff *skb = smp_build_cmd(conn, code, len, data); 268 269 BT_DBG("code 0x%2.2x", code); 270 271 if (!skb) 272 return; 273 274 skb->priority = HCI_PRIO_MAX; 275 hci_send_acl(conn->hchan, skb, 0); 276 277 cancel_delayed_work_sync(&conn->security_timer); 278 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT); 279 } 280 281 static __u8 authreq_to_seclevel(__u8 authreq) 282 { 283 if (authreq & SMP_AUTH_MITM) 284 return BT_SECURITY_HIGH; 285 else 286 return BT_SECURITY_MEDIUM; 287 } 288 289 static __u8 seclevel_to_authreq(__u8 sec_level) 290 { 291 switch (sec_level) { 292 case BT_SECURITY_HIGH: 293 return SMP_AUTH_MITM | SMP_AUTH_BONDING; 294 case BT_SECURITY_MEDIUM: 295 return SMP_AUTH_BONDING; 296 default: 297 return SMP_AUTH_NONE; 298 } 299 } 300 301 static void build_pairing_cmd(struct l2cap_conn *conn, 302 struct smp_cmd_pairing *req, 303 struct smp_cmd_pairing *rsp, __u8 authreq) 304 { 305 struct smp_chan *smp = conn->smp_chan; 306 struct hci_conn *hcon = conn->hcon; 307 struct hci_dev *hdev = hcon->hdev; 308 u8 local_dist = 0, remote_dist = 0; 309 310 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { 311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 313 authreq |= SMP_AUTH_BONDING; 314 } else { 315 authreq &= ~SMP_AUTH_BONDING; 316 } 317 318 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) 319 remote_dist |= SMP_DIST_ID_KEY; 320 321 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 322 local_dist |= SMP_DIST_ID_KEY; 323 324 if (rsp == NULL) { 325 req->io_capability = conn->hcon->io_capability; 326 req->oob_flag = SMP_OOB_NOT_PRESENT; 327 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 328 req->init_key_dist = local_dist; 329 req->resp_key_dist = remote_dist; 330 req->auth_req = (authreq & AUTH_REQ_MASK); 331 332 smp->remote_key_dist = remote_dist; 333 return; 334 } 335 336 rsp->io_capability = conn->hcon->io_capability; 337 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 338 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 339 rsp->init_key_dist = req->init_key_dist & remote_dist; 340 rsp->resp_key_dist = req->resp_key_dist & local_dist; 341 rsp->auth_req = (authreq & AUTH_REQ_MASK); 342 343 smp->remote_key_dist = rsp->init_key_dist; 344 } 345 346 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 347 { 348 struct smp_chan *smp = conn->smp_chan; 349 350 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 351 (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 352 return SMP_ENC_KEY_SIZE; 353 354 smp->enc_key_size = max_key_size; 355 356 return 0; 357 } 358 359 static void smp_failure(struct l2cap_conn *conn, u8 reason) 360 { 361 struct hci_conn *hcon = conn->hcon; 362 363 if (reason) 364 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 365 &reason); 366 367 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags); 368 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type, 369 HCI_ERROR_AUTH_FAILURE); 370 371 cancel_delayed_work_sync(&conn->security_timer); 372 373 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 374 smp_chan_destroy(conn); 375 } 376 377 #define JUST_WORKS 0x00 378 #define JUST_CFM 0x01 379 #define REQ_PASSKEY 0x02 380 #define CFM_PASSKEY 0x03 381 #define REQ_OOB 0x04 382 #define OVERLAP 0xFF 383 384 static const u8 gen_method[5][5] = { 385 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 386 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY }, 387 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY }, 388 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM }, 389 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 390 }; 391 392 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) 393 { 394 /* If either side has unknown io_caps, use JUST_CFM (which gets 395 * converted later to JUST_WORKS if we're initiators. 396 */ 397 if (local_io > SMP_IO_KEYBOARD_DISPLAY || 398 remote_io > SMP_IO_KEYBOARD_DISPLAY) 399 return JUST_CFM; 400 401 return gen_method[remote_io][local_io]; 402 } 403 404 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, 405 u8 local_io, u8 remote_io) 406 { 407 struct hci_conn *hcon = conn->hcon; 408 struct smp_chan *smp = conn->smp_chan; 409 u8 method; 410 u32 passkey = 0; 411 int ret = 0; 412 413 /* Initialize key for JUST WORKS */ 414 memset(smp->tk, 0, sizeof(smp->tk)); 415 clear_bit(SMP_FLAG_TK_VALID, &smp->flags); 416 417 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); 418 419 /* If neither side wants MITM, either "just" confirm an incoming 420 * request or use just-works for outgoing ones. The JUST_CFM 421 * will be converted to JUST_WORKS if necessary later in this 422 * function. If either side has MITM look up the method from the 423 * table. 424 */ 425 if (!(auth & SMP_AUTH_MITM)) 426 method = JUST_CFM; 427 else 428 method = get_auth_method(smp, local_io, remote_io); 429 430 /* Don't confirm locally initiated pairing attempts */ 431 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 432 method = JUST_WORKS; 433 434 /* Don't bother user space with no IO capabilities */ 435 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 436 method = JUST_WORKS; 437 438 /* If Just Works, Continue with Zero TK */ 439 if (method == JUST_WORKS) { 440 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 441 return 0; 442 } 443 444 /* Not Just Works/Confirm results in MITM Authentication */ 445 if (method != JUST_CFM) 446 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 447 448 /* If both devices have Keyoard-Display I/O, the master 449 * Confirms and the slave Enters the passkey. 450 */ 451 if (method == OVERLAP) { 452 if (hcon->role == HCI_ROLE_MASTER) 453 method = CFM_PASSKEY; 454 else 455 method = REQ_PASSKEY; 456 } 457 458 /* Generate random passkey. */ 459 if (method == CFM_PASSKEY) { 460 memset(smp->tk, 0, sizeof(smp->tk)); 461 get_random_bytes(&passkey, sizeof(passkey)); 462 passkey %= 1000000; 463 put_unaligned_le32(passkey, smp->tk); 464 BT_DBG("PassKey: %d", passkey); 465 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 466 } 467 468 hci_dev_lock(hcon->hdev); 469 470 if (method == REQ_PASSKEY) 471 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, 472 hcon->type, hcon->dst_type); 473 else if (method == JUST_CFM) 474 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, 475 hcon->type, hcon->dst_type, 476 passkey, 1); 477 else 478 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst, 479 hcon->type, hcon->dst_type, 480 passkey, 0); 481 482 hci_dev_unlock(hcon->hdev); 483 484 return ret; 485 } 486 487 static u8 smp_confirm(struct smp_chan *smp) 488 { 489 struct l2cap_conn *conn = smp->conn; 490 struct smp_cmd_pairing_confirm cp; 491 int ret; 492 493 BT_DBG("conn %p", conn); 494 495 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp, 496 conn->hcon->init_addr_type, &conn->hcon->init_addr, 497 conn->hcon->resp_addr_type, &conn->hcon->resp_addr, 498 cp.confirm_val); 499 if (ret) 500 return SMP_UNSPECIFIED; 501 502 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 503 504 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 505 506 return 0; 507 } 508 509 static u8 smp_random(struct smp_chan *smp) 510 { 511 struct l2cap_conn *conn = smp->conn; 512 struct hci_conn *hcon = conn->hcon; 513 u8 confirm[16]; 514 int ret; 515 516 if (IS_ERR_OR_NULL(smp->tfm_aes)) 517 return SMP_UNSPECIFIED; 518 519 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 520 521 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp, 522 hcon->init_addr_type, &hcon->init_addr, 523 hcon->resp_addr_type, &hcon->resp_addr, confirm); 524 if (ret) 525 return SMP_UNSPECIFIED; 526 527 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 528 BT_ERR("Pairing failed (confirmation values mismatch)"); 529 return SMP_CONFIRM_FAILED; 530 } 531 532 if (hcon->out) { 533 u8 stk[16]; 534 __le64 rand = 0; 535 __le16 ediv = 0; 536 537 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk); 538 539 memset(stk + smp->enc_key_size, 0, 540 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 541 542 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 543 return SMP_UNSPECIFIED; 544 545 hci_le_start_enc(hcon, ediv, rand, stk); 546 hcon->enc_key_size = smp->enc_key_size; 547 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 548 } else { 549 u8 stk[16], auth; 550 __le64 rand = 0; 551 __le16 ediv = 0; 552 553 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 554 smp->prnd); 555 556 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk); 557 558 memset(stk + smp->enc_key_size, 0, 559 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 560 561 if (hcon->pending_sec_level == BT_SECURITY_HIGH) 562 auth = 1; 563 else 564 auth = 0; 565 566 /* Even though there's no _SLAVE suffix this is the 567 * slave STK we're adding for later lookup (the master 568 * STK never needs to be stored). 569 */ 570 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 571 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand); 572 } 573 574 return 0; 575 } 576 577 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 578 { 579 struct smp_chan *smp; 580 581 smp = kzalloc(sizeof(*smp), GFP_ATOMIC); 582 if (!smp) { 583 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); 584 return NULL; 585 } 586 587 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 588 if (IS_ERR(smp->tfm_aes)) { 589 BT_ERR("Unable to create ECB crypto context"); 590 kfree(smp); 591 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); 592 return NULL; 593 } 594 595 smp->conn = conn; 596 conn->smp_chan = smp; 597 598 hci_conn_hold(conn->hcon); 599 600 return smp; 601 } 602 603 void smp_chan_destroy(struct l2cap_conn *conn) 604 { 605 struct smp_chan *smp = conn->smp_chan; 606 bool complete; 607 608 BUG_ON(!smp); 609 610 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 611 mgmt_smp_complete(conn->hcon, complete); 612 613 kfree(smp->csrk); 614 kfree(smp->slave_csrk); 615 616 crypto_free_blkcipher(smp->tfm_aes); 617 618 /* If pairing failed clean up any keys we might have */ 619 if (!complete) { 620 if (smp->ltk) { 621 list_del(&smp->ltk->list); 622 kfree(smp->ltk); 623 } 624 625 if (smp->slave_ltk) { 626 list_del(&smp->slave_ltk->list); 627 kfree(smp->slave_ltk); 628 } 629 630 if (smp->remote_irk) { 631 list_del(&smp->remote_irk->list); 632 kfree(smp->remote_irk); 633 } 634 } 635 636 kfree(smp); 637 conn->smp_chan = NULL; 638 hci_conn_drop(conn->hcon); 639 } 640 641 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 642 { 643 struct l2cap_conn *conn = hcon->l2cap_data; 644 struct smp_chan *smp; 645 u32 value; 646 647 BT_DBG(""); 648 649 if (!conn || !test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 650 return -ENOTCONN; 651 652 smp = conn->smp_chan; 653 654 switch (mgmt_op) { 655 case MGMT_OP_USER_PASSKEY_REPLY: 656 value = le32_to_cpu(passkey); 657 memset(smp->tk, 0, sizeof(smp->tk)); 658 BT_DBG("PassKey: %d", value); 659 put_unaligned_le32(value, smp->tk); 660 /* Fall Through */ 661 case MGMT_OP_USER_CONFIRM_REPLY: 662 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 663 break; 664 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 665 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 666 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 667 return 0; 668 default: 669 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED); 670 return -EOPNOTSUPP; 671 } 672 673 /* If it is our turn to send Pairing Confirm, do so now */ 674 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { 675 u8 rsp = smp_confirm(smp); 676 if (rsp) 677 smp_failure(conn, rsp); 678 } 679 680 return 0; 681 } 682 683 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 684 { 685 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 686 struct hci_dev *hdev = conn->hcon->hdev; 687 struct smp_chan *smp; 688 u8 key_size, auth, sec_level; 689 int ret; 690 691 BT_DBG("conn %p", conn); 692 693 if (skb->len < sizeof(*req)) 694 return SMP_INVALID_PARAMS; 695 696 if (conn->hcon->role != HCI_ROLE_SLAVE) 697 return SMP_CMD_NOTSUPP; 698 699 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) 700 smp = smp_chan_create(conn); 701 else 702 smp = conn->smp_chan; 703 704 if (!smp) 705 return SMP_UNSPECIFIED; 706 707 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && 708 (req->auth_req & SMP_AUTH_BONDING)) 709 return SMP_PAIRING_NOTSUPP; 710 711 smp->preq[0] = SMP_CMD_PAIRING_REQ; 712 memcpy(&smp->preq[1], req, sizeof(*req)); 713 skb_pull(skb, sizeof(*req)); 714 715 /* We didn't start the pairing, so match remote */ 716 auth = req->auth_req; 717 718 sec_level = authreq_to_seclevel(auth); 719 if (sec_level > conn->hcon->pending_sec_level) 720 conn->hcon->pending_sec_level = sec_level; 721 722 /* If we need MITM check that it can be acheived */ 723 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 724 u8 method; 725 726 method = get_auth_method(smp, conn->hcon->io_capability, 727 req->io_capability); 728 if (method == JUST_WORKS || method == JUST_CFM) 729 return SMP_AUTH_REQUIREMENTS; 730 } 731 732 build_pairing_cmd(conn, req, &rsp, auth); 733 734 key_size = min(req->max_key_size, rsp.max_key_size); 735 if (check_enc_key_size(conn, key_size)) 736 return SMP_ENC_KEY_SIZE; 737 738 get_random_bytes(smp->prnd, sizeof(smp->prnd)); 739 740 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 741 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 742 743 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 744 745 /* Request setup of TK */ 746 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 747 if (ret) 748 return SMP_UNSPECIFIED; 749 750 return 0; 751 } 752 753 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 754 { 755 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 756 struct smp_chan *smp = conn->smp_chan; 757 u8 key_size, auth = SMP_AUTH_NONE; 758 int ret; 759 760 BT_DBG("conn %p", conn); 761 762 if (skb->len < sizeof(*rsp)) 763 return SMP_INVALID_PARAMS; 764 765 if (conn->hcon->role != HCI_ROLE_MASTER) 766 return SMP_CMD_NOTSUPP; 767 768 skb_pull(skb, sizeof(*rsp)); 769 770 req = (void *) &smp->preq[1]; 771 772 key_size = min(req->max_key_size, rsp->max_key_size); 773 if (check_enc_key_size(conn, key_size)) 774 return SMP_ENC_KEY_SIZE; 775 776 /* If we need MITM check that it can be acheived */ 777 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 778 u8 method; 779 780 method = get_auth_method(smp, req->io_capability, 781 rsp->io_capability); 782 if (method == JUST_WORKS || method == JUST_CFM) 783 return SMP_AUTH_REQUIREMENTS; 784 } 785 786 get_random_bytes(smp->prnd, sizeof(smp->prnd)); 787 788 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 789 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 790 791 /* Update remote key distribution in case the remote cleared 792 * some bits that we had enabled in our request. 793 */ 794 smp->remote_key_dist &= rsp->resp_key_dist; 795 796 if ((req->auth_req & SMP_AUTH_BONDING) && 797 (rsp->auth_req & SMP_AUTH_BONDING)) 798 auth = SMP_AUTH_BONDING; 799 800 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM; 801 802 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 803 if (ret) 804 return SMP_UNSPECIFIED; 805 806 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 807 808 /* Can't compose response until we have been confirmed */ 809 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 810 return smp_confirm(smp); 811 812 return 0; 813 } 814 815 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 816 { 817 struct smp_chan *smp = conn->smp_chan; 818 819 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 820 821 if (skb->len < sizeof(smp->pcnf)) 822 return SMP_INVALID_PARAMS; 823 824 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 825 skb_pull(skb, sizeof(smp->pcnf)); 826 827 if (conn->hcon->out) 828 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 829 smp->prnd); 830 else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 831 return smp_confirm(smp); 832 else 833 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 834 835 return 0; 836 } 837 838 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 839 { 840 struct smp_chan *smp = conn->smp_chan; 841 842 BT_DBG("conn %p", conn); 843 844 if (skb->len < sizeof(smp->rrnd)) 845 return SMP_INVALID_PARAMS; 846 847 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 848 skb_pull(skb, sizeof(smp->rrnd)); 849 850 return smp_random(smp); 851 } 852 853 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 854 { 855 struct smp_ltk *key; 856 struct hci_conn *hcon = conn->hcon; 857 858 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 859 hcon->role); 860 if (!key) 861 return false; 862 863 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated) 864 return false; 865 866 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 867 return true; 868 869 hci_le_start_enc(hcon, key->ediv, key->rand, key->val); 870 hcon->enc_key_size = key->enc_size; 871 872 /* We never store STKs for master role, so clear this flag */ 873 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags); 874 875 return true; 876 } 877 878 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level) 879 { 880 if (sec_level == BT_SECURITY_LOW) 881 return true; 882 883 /* If we're encrypted with an STK always claim insufficient 884 * security. This way we allow the connection to be re-encrypted 885 * with an LTK, even if the LTK provides the same level of 886 * security. Only exception is if we don't have an LTK (e.g. 887 * because of key distribution bits). 888 */ 889 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && 890 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 891 hcon->role)) 892 return false; 893 894 if (hcon->sec_level >= sec_level) 895 return true; 896 897 return false; 898 } 899 900 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) 901 { 902 struct smp_cmd_security_req *rp = (void *) skb->data; 903 struct smp_cmd_pairing cp; 904 struct hci_conn *hcon = conn->hcon; 905 struct smp_chan *smp; 906 u8 sec_level; 907 908 BT_DBG("conn %p", conn); 909 910 if (skb->len < sizeof(*rp)) 911 return SMP_INVALID_PARAMS; 912 913 if (hcon->role != HCI_ROLE_MASTER) 914 return SMP_CMD_NOTSUPP; 915 916 sec_level = authreq_to_seclevel(rp->auth_req); 917 if (smp_sufficient_security(hcon, sec_level)) 918 return 0; 919 920 if (sec_level > hcon->pending_sec_level) 921 hcon->pending_sec_level = sec_level; 922 923 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 924 return 0; 925 926 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 927 return 0; 928 929 smp = smp_chan_create(conn); 930 if (!smp) 931 return SMP_UNSPECIFIED; 932 933 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) && 934 (rp->auth_req & SMP_AUTH_BONDING)) 935 return SMP_PAIRING_NOTSUPP; 936 937 skb_pull(skb, sizeof(*rp)); 938 939 memset(&cp, 0, sizeof(cp)); 940 build_pairing_cmd(conn, &cp, NULL, rp->auth_req); 941 942 smp->preq[0] = SMP_CMD_PAIRING_REQ; 943 memcpy(&smp->preq[1], &cp, sizeof(cp)); 944 945 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 946 947 return 0; 948 } 949 950 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) 951 { 952 struct l2cap_conn *conn = hcon->l2cap_data; 953 struct smp_chan *smp; 954 __u8 authreq; 955 956 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 957 958 /* This may be NULL if there's an unexpected disconnection */ 959 if (!conn) 960 return 1; 961 962 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 963 return 1; 964 965 if (smp_sufficient_security(hcon, sec_level)) 966 return 1; 967 968 if (sec_level > hcon->pending_sec_level) 969 hcon->pending_sec_level = sec_level; 970 971 if (hcon->role == HCI_ROLE_MASTER) 972 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 973 return 0; 974 975 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 976 return 0; 977 978 smp = smp_chan_create(conn); 979 if (!smp) 980 return 1; 981 982 authreq = seclevel_to_authreq(sec_level); 983 984 /* Require MITM if IO Capability allows or the security level 985 * requires it. 986 */ 987 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || 988 hcon->pending_sec_level > BT_SECURITY_MEDIUM) 989 authreq |= SMP_AUTH_MITM; 990 991 if (hcon->role == HCI_ROLE_MASTER) { 992 struct smp_cmd_pairing cp; 993 994 build_pairing_cmd(conn, &cp, NULL, authreq); 995 smp->preq[0] = SMP_CMD_PAIRING_REQ; 996 memcpy(&smp->preq[1], &cp, sizeof(cp)); 997 998 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 999 } else { 1000 struct smp_cmd_security_req cp; 1001 cp.auth_req = authreq; 1002 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 1003 } 1004 1005 set_bit(SMP_FLAG_INITIATOR, &smp->flags); 1006 1007 return 0; 1008 } 1009 1010 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) 1011 { 1012 struct smp_cmd_encrypt_info *rp = (void *) skb->data; 1013 struct smp_chan *smp = conn->smp_chan; 1014 1015 BT_DBG("conn %p", conn); 1016 1017 if (skb->len < sizeof(*rp)) 1018 return SMP_INVALID_PARAMS; 1019 1020 /* Ignore this PDU if it wasn't requested */ 1021 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) 1022 return 0; 1023 1024 skb_pull(skb, sizeof(*rp)); 1025 1026 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); 1027 1028 return 0; 1029 } 1030 1031 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) 1032 { 1033 struct smp_cmd_master_ident *rp = (void *) skb->data; 1034 struct smp_chan *smp = conn->smp_chan; 1035 struct hci_dev *hdev = conn->hcon->hdev; 1036 struct hci_conn *hcon = conn->hcon; 1037 struct smp_ltk *ltk; 1038 u8 authenticated; 1039 1040 BT_DBG("conn %p", conn); 1041 1042 if (skb->len < sizeof(*rp)) 1043 return SMP_INVALID_PARAMS; 1044 1045 /* Ignore this PDU if it wasn't requested */ 1046 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) 1047 return 0; 1048 1049 /* Mark the information as received */ 1050 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; 1051 1052 skb_pull(skb, sizeof(*rp)); 1053 1054 hci_dev_lock(hdev); 1055 authenticated = (hcon->sec_level == BT_SECURITY_HIGH); 1056 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK, 1057 authenticated, smp->tk, smp->enc_key_size, 1058 rp->ediv, rp->rand); 1059 smp->ltk = ltk; 1060 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) 1061 smp_distribute_keys(conn); 1062 hci_dev_unlock(hdev); 1063 1064 return 0; 1065 } 1066 1067 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb) 1068 { 1069 struct smp_cmd_ident_info *info = (void *) skb->data; 1070 struct smp_chan *smp = conn->smp_chan; 1071 1072 BT_DBG(""); 1073 1074 if (skb->len < sizeof(*info)) 1075 return SMP_INVALID_PARAMS; 1076 1077 /* Ignore this PDU if it wasn't requested */ 1078 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) 1079 return 0; 1080 1081 skb_pull(skb, sizeof(*info)); 1082 1083 memcpy(smp->irk, info->irk, 16); 1084 1085 return 0; 1086 } 1087 1088 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, 1089 struct sk_buff *skb) 1090 { 1091 struct smp_cmd_ident_addr_info *info = (void *) skb->data; 1092 struct smp_chan *smp = conn->smp_chan; 1093 struct hci_conn *hcon = conn->hcon; 1094 bdaddr_t rpa; 1095 1096 BT_DBG(""); 1097 1098 if (skb->len < sizeof(*info)) 1099 return SMP_INVALID_PARAMS; 1100 1101 /* Ignore this PDU if it wasn't requested */ 1102 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) 1103 return 0; 1104 1105 /* Mark the information as received */ 1106 smp->remote_key_dist &= ~SMP_DIST_ID_KEY; 1107 1108 skb_pull(skb, sizeof(*info)); 1109 1110 hci_dev_lock(hcon->hdev); 1111 1112 /* Strictly speaking the Core Specification (4.1) allows sending 1113 * an empty address which would force us to rely on just the IRK 1114 * as "identity information". However, since such 1115 * implementations are not known of and in order to not over 1116 * complicate our implementation, simply pretend that we never 1117 * received an IRK for such a device. 1118 */ 1119 if (!bacmp(&info->bdaddr, BDADDR_ANY)) { 1120 BT_ERR("Ignoring IRK with no identity address"); 1121 goto distribute; 1122 } 1123 1124 bacpy(&smp->id_addr, &info->bdaddr); 1125 smp->id_addr_type = info->addr_type; 1126 1127 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) 1128 bacpy(&rpa, &hcon->dst); 1129 else 1130 bacpy(&rpa, BDADDR_ANY); 1131 1132 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, 1133 smp->id_addr_type, smp->irk, &rpa); 1134 1135 distribute: 1136 smp_distribute_keys(conn); 1137 1138 hci_dev_unlock(hcon->hdev); 1139 1140 return 0; 1141 } 1142 1143 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb) 1144 { 1145 struct smp_cmd_sign_info *rp = (void *) skb->data; 1146 struct smp_chan *smp = conn->smp_chan; 1147 struct hci_dev *hdev = conn->hcon->hdev; 1148 struct smp_csrk *csrk; 1149 1150 BT_DBG("conn %p", conn); 1151 1152 if (skb->len < sizeof(*rp)) 1153 return SMP_INVALID_PARAMS; 1154 1155 /* Ignore this PDU if it wasn't requested */ 1156 if (!(smp->remote_key_dist & SMP_DIST_SIGN)) 1157 return 0; 1158 1159 /* Mark the information as received */ 1160 smp->remote_key_dist &= ~SMP_DIST_SIGN; 1161 1162 skb_pull(skb, sizeof(*rp)); 1163 1164 hci_dev_lock(hdev); 1165 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 1166 if (csrk) { 1167 csrk->master = 0x01; 1168 memcpy(csrk->val, rp->csrk, sizeof(csrk->val)); 1169 } 1170 smp->csrk = csrk; 1171 if (!(smp->remote_key_dist & SMP_DIST_SIGN)) 1172 smp_distribute_keys(conn); 1173 hci_dev_unlock(hdev); 1174 1175 return 0; 1176 } 1177 1178 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) 1179 { 1180 struct hci_conn *hcon = conn->hcon; 1181 __u8 code, reason; 1182 int err = 0; 1183 1184 if (hcon->type != LE_LINK) { 1185 kfree_skb(skb); 1186 return 0; 1187 } 1188 1189 if (skb->len < 1) { 1190 kfree_skb(skb); 1191 return -EILSEQ; 1192 } 1193 1194 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) { 1195 err = -EOPNOTSUPP; 1196 reason = SMP_PAIRING_NOTSUPP; 1197 goto done; 1198 } 1199 1200 code = skb->data[0]; 1201 skb_pull(skb, sizeof(code)); 1202 1203 /* 1204 * The SMP context must be initialized for all other PDUs except 1205 * pairing and security requests. If we get any other PDU when 1206 * not initialized simply disconnect (done if this function 1207 * returns an error). 1208 */ 1209 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ && 1210 !conn->smp_chan) { 1211 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code); 1212 kfree_skb(skb); 1213 return -EOPNOTSUPP; 1214 } 1215 1216 switch (code) { 1217 case SMP_CMD_PAIRING_REQ: 1218 reason = smp_cmd_pairing_req(conn, skb); 1219 break; 1220 1221 case SMP_CMD_PAIRING_FAIL: 1222 smp_failure(conn, 0); 1223 reason = 0; 1224 err = -EPERM; 1225 break; 1226 1227 case SMP_CMD_PAIRING_RSP: 1228 reason = smp_cmd_pairing_rsp(conn, skb); 1229 break; 1230 1231 case SMP_CMD_SECURITY_REQ: 1232 reason = smp_cmd_security_req(conn, skb); 1233 break; 1234 1235 case SMP_CMD_PAIRING_CONFIRM: 1236 reason = smp_cmd_pairing_confirm(conn, skb); 1237 break; 1238 1239 case SMP_CMD_PAIRING_RANDOM: 1240 reason = smp_cmd_pairing_random(conn, skb); 1241 break; 1242 1243 case SMP_CMD_ENCRYPT_INFO: 1244 reason = smp_cmd_encrypt_info(conn, skb); 1245 break; 1246 1247 case SMP_CMD_MASTER_IDENT: 1248 reason = smp_cmd_master_ident(conn, skb); 1249 break; 1250 1251 case SMP_CMD_IDENT_INFO: 1252 reason = smp_cmd_ident_info(conn, skb); 1253 break; 1254 1255 case SMP_CMD_IDENT_ADDR_INFO: 1256 reason = smp_cmd_ident_addr_info(conn, skb); 1257 break; 1258 1259 case SMP_CMD_SIGN_INFO: 1260 reason = smp_cmd_sign_info(conn, skb); 1261 break; 1262 1263 default: 1264 BT_DBG("Unknown command code 0x%2.2x", code); 1265 1266 reason = SMP_CMD_NOTSUPP; 1267 err = -EOPNOTSUPP; 1268 goto done; 1269 } 1270 1271 done: 1272 if (reason) 1273 smp_failure(conn, reason); 1274 1275 kfree_skb(skb); 1276 return err; 1277 } 1278 1279 static void smp_notify_keys(struct l2cap_conn *conn) 1280 { 1281 struct smp_chan *smp = conn->smp_chan; 1282 struct hci_conn *hcon = conn->hcon; 1283 struct hci_dev *hdev = hcon->hdev; 1284 struct smp_cmd_pairing *req = (void *) &smp->preq[1]; 1285 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1]; 1286 bool persistent; 1287 1288 if (smp->remote_irk) { 1289 mgmt_new_irk(hdev, smp->remote_irk); 1290 /* Now that user space can be considered to know the 1291 * identity address track the connection based on it 1292 * from now on. 1293 */ 1294 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 1295 hcon->dst_type = smp->remote_irk->addr_type; 1296 l2cap_conn_update_id_addr(hcon); 1297 1298 /* When receiving an indentity resolving key for 1299 * a remote device that does not use a resolvable 1300 * private address, just remove the key so that 1301 * it is possible to use the controller white 1302 * list for scanning. 1303 * 1304 * Userspace will have been told to not store 1305 * this key at this point. So it is safe to 1306 * just remove it. 1307 */ 1308 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { 1309 list_del(&smp->remote_irk->list); 1310 kfree(smp->remote_irk); 1311 smp->remote_irk = NULL; 1312 } 1313 } 1314 1315 /* The LTKs and CSRKs should be persistent only if both sides 1316 * had the bonding bit set in their authentication requests. 1317 */ 1318 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING); 1319 1320 if (smp->csrk) { 1321 smp->csrk->bdaddr_type = hcon->dst_type; 1322 bacpy(&smp->csrk->bdaddr, &hcon->dst); 1323 mgmt_new_csrk(hdev, smp->csrk, persistent); 1324 } 1325 1326 if (smp->slave_csrk) { 1327 smp->slave_csrk->bdaddr_type = hcon->dst_type; 1328 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst); 1329 mgmt_new_csrk(hdev, smp->slave_csrk, persistent); 1330 } 1331 1332 if (smp->ltk) { 1333 smp->ltk->bdaddr_type = hcon->dst_type; 1334 bacpy(&smp->ltk->bdaddr, &hcon->dst); 1335 mgmt_new_ltk(hdev, smp->ltk, persistent); 1336 } 1337 1338 if (smp->slave_ltk) { 1339 smp->slave_ltk->bdaddr_type = hcon->dst_type; 1340 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); 1341 mgmt_new_ltk(hdev, smp->slave_ltk, persistent); 1342 } 1343 } 1344 1345 int smp_distribute_keys(struct l2cap_conn *conn) 1346 { 1347 struct smp_cmd_pairing *req, *rsp; 1348 struct smp_chan *smp = conn->smp_chan; 1349 struct hci_conn *hcon = conn->hcon; 1350 struct hci_dev *hdev = hcon->hdev; 1351 __u8 *keydist; 1352 1353 BT_DBG("conn %p", conn); 1354 1355 if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 1356 return 0; 1357 1358 rsp = (void *) &smp->prsp[1]; 1359 1360 /* The responder sends its keys first */ 1361 if (hcon->out && (smp->remote_key_dist & 0x07)) 1362 return 0; 1363 1364 req = (void *) &smp->preq[1]; 1365 1366 if (hcon->out) { 1367 keydist = &rsp->init_key_dist; 1368 *keydist &= req->init_key_dist; 1369 } else { 1370 keydist = &rsp->resp_key_dist; 1371 *keydist &= req->resp_key_dist; 1372 } 1373 1374 BT_DBG("keydist 0x%x", *keydist); 1375 1376 if (*keydist & SMP_DIST_ENC_KEY) { 1377 struct smp_cmd_encrypt_info enc; 1378 struct smp_cmd_master_ident ident; 1379 struct smp_ltk *ltk; 1380 u8 authenticated; 1381 __le16 ediv; 1382 __le64 rand; 1383 1384 get_random_bytes(enc.ltk, sizeof(enc.ltk)); 1385 get_random_bytes(&ediv, sizeof(ediv)); 1386 get_random_bytes(&rand, sizeof(rand)); 1387 1388 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 1389 1390 authenticated = hcon->sec_level == BT_SECURITY_HIGH; 1391 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, 1392 SMP_LTK_SLAVE, authenticated, enc.ltk, 1393 smp->enc_key_size, ediv, rand); 1394 smp->slave_ltk = ltk; 1395 1396 ident.ediv = ediv; 1397 ident.rand = rand; 1398 1399 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); 1400 1401 *keydist &= ~SMP_DIST_ENC_KEY; 1402 } 1403 1404 if (*keydist & SMP_DIST_ID_KEY) { 1405 struct smp_cmd_ident_addr_info addrinfo; 1406 struct smp_cmd_ident_info idinfo; 1407 1408 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk)); 1409 1410 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); 1411 1412 /* The hci_conn contains the local identity address 1413 * after the connection has been established. 1414 * 1415 * This is true even when the connection has been 1416 * established using a resolvable random address. 1417 */ 1418 bacpy(&addrinfo.bdaddr, &hcon->src); 1419 addrinfo.addr_type = hcon->src_type; 1420 1421 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), 1422 &addrinfo); 1423 1424 *keydist &= ~SMP_DIST_ID_KEY; 1425 } 1426 1427 if (*keydist & SMP_DIST_SIGN) { 1428 struct smp_cmd_sign_info sign; 1429 struct smp_csrk *csrk; 1430 1431 /* Generate a new random key */ 1432 get_random_bytes(sign.csrk, sizeof(sign.csrk)); 1433 1434 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL); 1435 if (csrk) { 1436 csrk->master = 0x00; 1437 memcpy(csrk->val, sign.csrk, sizeof(csrk->val)); 1438 } 1439 smp->slave_csrk = csrk; 1440 1441 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign); 1442 1443 *keydist &= ~SMP_DIST_SIGN; 1444 } 1445 1446 /* If there are still keys to be received wait for them */ 1447 if ((smp->remote_key_dist & 0x07)) 1448 return 0; 1449 1450 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags); 1451 cancel_delayed_work_sync(&conn->security_timer); 1452 set_bit(SMP_FLAG_COMPLETE, &smp->flags); 1453 smp_notify_keys(conn); 1454 1455 smp_chan_destroy(conn); 1456 1457 return 0; 1458 } 1459