xref: /openbmc/linux/net/bluetooth/smp.c (revision d2999e1b)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
26 
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
31 
32 #include "smp.h"
33 
34 #define SMP_TIMEOUT	msecs_to_jiffies(30000)
35 
36 #define AUTH_REQ_MASK   0x07
37 
38 #define SMP_FLAG_TK_VALID	1
39 #define SMP_FLAG_CFM_PENDING	2
40 #define SMP_FLAG_MITM_AUTH	3
41 #define SMP_FLAG_COMPLETE	4
42 #define SMP_FLAG_INITIATOR	5
43 
44 struct smp_chan {
45 	struct l2cap_conn *conn;
46 	u8		preq[7]; /* SMP Pairing Request */
47 	u8		prsp[7]; /* SMP Pairing Response */
48 	u8		prnd[16]; /* SMP Pairing Random (local) */
49 	u8		rrnd[16]; /* SMP Pairing Random (remote) */
50 	u8		pcnf[16]; /* SMP Pairing Confirm */
51 	u8		tk[16]; /* SMP Temporary Key */
52 	u8		enc_key_size;
53 	u8		remote_key_dist;
54 	bdaddr_t	id_addr;
55 	u8		id_addr_type;
56 	u8		irk[16];
57 	struct smp_csrk	*csrk;
58 	struct smp_csrk	*slave_csrk;
59 	struct smp_ltk	*ltk;
60 	struct smp_ltk	*slave_ltk;
61 	struct smp_irk	*remote_irk;
62 	unsigned long	flags;
63 };
64 
65 static inline void swap128(const u8 src[16], u8 dst[16])
66 {
67 	int i;
68 	for (i = 0; i < 16; i++)
69 		dst[15 - i] = src[i];
70 }
71 
72 static inline void swap56(const u8 src[7], u8 dst[7])
73 {
74 	int i;
75 	for (i = 0; i < 7; i++)
76 		dst[6 - i] = src[i];
77 }
78 
79 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
80 {
81 	struct blkcipher_desc desc;
82 	struct scatterlist sg;
83 	uint8_t tmp[16], data[16];
84 	int err;
85 
86 	if (tfm == NULL) {
87 		BT_ERR("tfm %p", tfm);
88 		return -EINVAL;
89 	}
90 
91 	desc.tfm = tfm;
92 	desc.flags = 0;
93 
94 	/* The most significant octet of key corresponds to k[0] */
95 	swap128(k, tmp);
96 
97 	err = crypto_blkcipher_setkey(tfm, tmp, 16);
98 	if (err) {
99 		BT_ERR("cipher setkey failed: %d", err);
100 		return err;
101 	}
102 
103 	/* Most significant octet of plaintextData corresponds to data[0] */
104 	swap128(r, data);
105 
106 	sg_init_one(&sg, data, 16);
107 
108 	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
109 	if (err)
110 		BT_ERR("Encrypt data error %d", err);
111 
112 	/* Most significant octet of encryptedData corresponds to data[0] */
113 	swap128(data, r);
114 
115 	return err;
116 }
117 
118 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
119 {
120 	u8 _res[16];
121 	int err;
122 
123 	/* r' = padding || r */
124 	memcpy(_res, r, 3);
125 	memset(_res + 3, 0, 13);
126 
127 	err = smp_e(tfm, irk, _res);
128 	if (err) {
129 		BT_ERR("Encrypt error");
130 		return err;
131 	}
132 
133 	/* The output of the random address function ah is:
134 	 *	ah(h, r) = e(k, r') mod 2^24
135 	 * The output of the security function e is then truncated to 24 bits
136 	 * by taking the least significant 24 bits of the output of e as the
137 	 * result of ah.
138 	 */
139 	memcpy(res, _res, 3);
140 
141 	return 0;
142 }
143 
144 bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
145 		     bdaddr_t *bdaddr)
146 {
147 	u8 hash[3];
148 	int err;
149 
150 	BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
151 
152 	err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
153 	if (err)
154 		return false;
155 
156 	return !memcmp(bdaddr->b, hash, 3);
157 }
158 
159 int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
160 {
161 	int err;
162 
163 	get_random_bytes(&rpa->b[3], 3);
164 
165 	rpa->b[5] &= 0x3f;	/* Clear two most significant bits */
166 	rpa->b[5] |= 0x40;	/* Set second most significant bit */
167 
168 	err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
169 	if (err < 0)
170 		return err;
171 
172 	BT_DBG("RPA %pMR", rpa);
173 
174 	return 0;
175 }
176 
177 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
178 		  u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
179 		  u8 _rat, bdaddr_t *ra, u8 res[16])
180 {
181 	u8 p1[16], p2[16];
182 	int err;
183 
184 	memset(p1, 0, 16);
185 
186 	/* p1 = pres || preq || _rat || _iat */
187 	p1[0] = _iat;
188 	p1[1] = _rat;
189 	memcpy(p1 + 2, preq, 7);
190 	memcpy(p1 + 9, pres, 7);
191 
192 	/* p2 = padding || ia || ra */
193 	memcpy(p2, ra, 6);
194 	memcpy(p2 + 6, ia, 6);
195 	memset(p2 + 12, 0, 4);
196 
197 	/* res = r XOR p1 */
198 	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
199 
200 	/* res = e(k, res) */
201 	err = smp_e(tfm, k, res);
202 	if (err) {
203 		BT_ERR("Encrypt data error");
204 		return err;
205 	}
206 
207 	/* res = res XOR p2 */
208 	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
209 
210 	/* res = e(k, res) */
211 	err = smp_e(tfm, k, res);
212 	if (err)
213 		BT_ERR("Encrypt data error");
214 
215 	return err;
216 }
217 
218 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
219 		  u8 r2[16], u8 _r[16])
220 {
221 	int err;
222 
223 	/* Just least significant octets from r1 and r2 are considered */
224 	memcpy(_r, r2, 8);
225 	memcpy(_r + 8, r1, 8);
226 
227 	err = smp_e(tfm, k, _r);
228 	if (err)
229 		BT_ERR("Encrypt data error");
230 
231 	return err;
232 }
233 
234 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
235 				     u16 dlen, void *data)
236 {
237 	struct sk_buff *skb;
238 	struct l2cap_hdr *lh;
239 	int len;
240 
241 	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
242 
243 	if (len > conn->mtu)
244 		return NULL;
245 
246 	skb = bt_skb_alloc(len, GFP_ATOMIC);
247 	if (!skb)
248 		return NULL;
249 
250 	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
251 	lh->len = cpu_to_le16(sizeof(code) + dlen);
252 	lh->cid = cpu_to_le16(L2CAP_CID_SMP);
253 
254 	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
255 
256 	memcpy(skb_put(skb, dlen), data, dlen);
257 
258 	return skb;
259 }
260 
261 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
262 {
263 	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
264 
265 	BT_DBG("code 0x%2.2x", code);
266 
267 	if (!skb)
268 		return;
269 
270 	skb->priority = HCI_PRIO_MAX;
271 	hci_send_acl(conn->hchan, skb, 0);
272 
273 	cancel_delayed_work_sync(&conn->security_timer);
274 	schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
275 }
276 
277 static __u8 authreq_to_seclevel(__u8 authreq)
278 {
279 	if (authreq & SMP_AUTH_MITM)
280 		return BT_SECURITY_HIGH;
281 	else
282 		return BT_SECURITY_MEDIUM;
283 }
284 
285 static __u8 seclevel_to_authreq(__u8 sec_level)
286 {
287 	switch (sec_level) {
288 	case BT_SECURITY_HIGH:
289 		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
290 	case BT_SECURITY_MEDIUM:
291 		return SMP_AUTH_BONDING;
292 	default:
293 		return SMP_AUTH_NONE;
294 	}
295 }
296 
297 static void build_pairing_cmd(struct l2cap_conn *conn,
298 			      struct smp_cmd_pairing *req,
299 			      struct smp_cmd_pairing *rsp, __u8 authreq)
300 {
301 	struct smp_chan *smp = conn->smp_chan;
302 	struct hci_conn *hcon = conn->hcon;
303 	struct hci_dev *hdev = hcon->hdev;
304 	u8 local_dist = 0, remote_dist = 0;
305 
306 	if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
307 		local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
308 		remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
309 		authreq |= SMP_AUTH_BONDING;
310 	} else {
311 		authreq &= ~SMP_AUTH_BONDING;
312 	}
313 
314 	if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
315 		remote_dist |= SMP_DIST_ID_KEY;
316 
317 	if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
318 		local_dist |= SMP_DIST_ID_KEY;
319 
320 	if (rsp == NULL) {
321 		req->io_capability = conn->hcon->io_capability;
322 		req->oob_flag = SMP_OOB_NOT_PRESENT;
323 		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
324 		req->init_key_dist = local_dist;
325 		req->resp_key_dist = remote_dist;
326 		req->auth_req = (authreq & AUTH_REQ_MASK);
327 
328 		smp->remote_key_dist = remote_dist;
329 		return;
330 	}
331 
332 	rsp->io_capability = conn->hcon->io_capability;
333 	rsp->oob_flag = SMP_OOB_NOT_PRESENT;
334 	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
335 	rsp->init_key_dist = req->init_key_dist & remote_dist;
336 	rsp->resp_key_dist = req->resp_key_dist & local_dist;
337 	rsp->auth_req = (authreq & AUTH_REQ_MASK);
338 
339 	smp->remote_key_dist = rsp->init_key_dist;
340 }
341 
342 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
343 {
344 	struct smp_chan *smp = conn->smp_chan;
345 
346 	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
347 	    (max_key_size < SMP_MIN_ENC_KEY_SIZE))
348 		return SMP_ENC_KEY_SIZE;
349 
350 	smp->enc_key_size = max_key_size;
351 
352 	return 0;
353 }
354 
355 static void smp_failure(struct l2cap_conn *conn, u8 reason)
356 {
357 	struct hci_conn *hcon = conn->hcon;
358 
359 	if (reason)
360 		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
361 			     &reason);
362 
363 	clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
364 	mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
365 			 HCI_ERROR_AUTH_FAILURE);
366 
367 	cancel_delayed_work_sync(&conn->security_timer);
368 
369 	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
370 		smp_chan_destroy(conn);
371 }
372 
373 #define JUST_WORKS	0x00
374 #define JUST_CFM	0x01
375 #define REQ_PASSKEY	0x02
376 #define CFM_PASSKEY	0x03
377 #define REQ_OOB		0x04
378 #define OVERLAP		0xFF
379 
380 static const u8 gen_method[5][5] = {
381 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
382 	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
383 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
384 	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
385 	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
386 };
387 
388 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
389 						u8 local_io, u8 remote_io)
390 {
391 	struct hci_conn *hcon = conn->hcon;
392 	struct smp_chan *smp = conn->smp_chan;
393 	u8 method;
394 	u32 passkey = 0;
395 	int ret = 0;
396 
397 	/* Initialize key for JUST WORKS */
398 	memset(smp->tk, 0, sizeof(smp->tk));
399 	clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
400 
401 	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
402 
403 	/* If neither side wants MITM, use JUST WORKS */
404 	/* If either side has unknown io_caps, use JUST WORKS */
405 	/* Otherwise, look up method from the table */
406 	if (!(auth & SMP_AUTH_MITM) ||
407 	    local_io > SMP_IO_KEYBOARD_DISPLAY ||
408 	    remote_io > SMP_IO_KEYBOARD_DISPLAY)
409 		method = JUST_WORKS;
410 	else
411 		method = gen_method[remote_io][local_io];
412 
413 	/* If not bonding, don't ask user to confirm a Zero TK */
414 	if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
415 		method = JUST_WORKS;
416 
417 	/* Don't confirm locally initiated pairing attempts */
418 	if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
419 		method = JUST_WORKS;
420 
421 	/* If Just Works, Continue with Zero TK */
422 	if (method == JUST_WORKS) {
423 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
424 		return 0;
425 	}
426 
427 	/* Not Just Works/Confirm results in MITM Authentication */
428 	if (method != JUST_CFM)
429 		set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
430 
431 	/* If both devices have Keyoard-Display I/O, the master
432 	 * Confirms and the slave Enters the passkey.
433 	 */
434 	if (method == OVERLAP) {
435 		if (hcon->link_mode & HCI_LM_MASTER)
436 			method = CFM_PASSKEY;
437 		else
438 			method = REQ_PASSKEY;
439 	}
440 
441 	/* Generate random passkey. */
442 	if (method == CFM_PASSKEY) {
443 		memset(smp->tk, 0, sizeof(smp->tk));
444 		get_random_bytes(&passkey, sizeof(passkey));
445 		passkey %= 1000000;
446 		put_unaligned_le32(passkey, smp->tk);
447 		BT_DBG("PassKey: %d", passkey);
448 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
449 	}
450 
451 	hci_dev_lock(hcon->hdev);
452 
453 	if (method == REQ_PASSKEY)
454 		ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
455 						hcon->type, hcon->dst_type);
456 	else if (method == JUST_CFM)
457 		ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
458 						hcon->type, hcon->dst_type,
459 						passkey, 1);
460 	else
461 		ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
462 						hcon->type, hcon->dst_type,
463 						passkey, 0);
464 
465 	hci_dev_unlock(hcon->hdev);
466 
467 	return ret;
468 }
469 
470 static u8 smp_confirm(struct smp_chan *smp)
471 {
472 	struct l2cap_conn *conn = smp->conn;
473 	struct hci_dev *hdev = conn->hcon->hdev;
474 	struct crypto_blkcipher *tfm = hdev->tfm_aes;
475 	struct smp_cmd_pairing_confirm cp;
476 	int ret;
477 
478 	BT_DBG("conn %p", conn);
479 
480 	/* Prevent mutual access to hdev->tfm_aes */
481 	hci_dev_lock(hdev);
482 
483 	ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
484 		     conn->hcon->init_addr_type, &conn->hcon->init_addr,
485 		     conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
486 		     cp.confirm_val);
487 
488 	hci_dev_unlock(hdev);
489 
490 	if (ret)
491 		return SMP_UNSPECIFIED;
492 
493 	clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
494 
495 	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
496 
497 	return 0;
498 }
499 
500 static u8 smp_random(struct smp_chan *smp)
501 {
502 	struct l2cap_conn *conn = smp->conn;
503 	struct hci_conn *hcon = conn->hcon;
504 	struct hci_dev *hdev = hcon->hdev;
505 	struct crypto_blkcipher *tfm = hdev->tfm_aes;
506 	u8 confirm[16];
507 	int ret;
508 
509 	if (IS_ERR_OR_NULL(tfm))
510 		return SMP_UNSPECIFIED;
511 
512 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
513 
514 	/* Prevent mutual access to hdev->tfm_aes */
515 	hci_dev_lock(hdev);
516 
517 	ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
518 		     hcon->init_addr_type, &hcon->init_addr,
519 		     hcon->resp_addr_type, &hcon->resp_addr, confirm);
520 
521 	hci_dev_unlock(hdev);
522 
523 	if (ret)
524 		return SMP_UNSPECIFIED;
525 
526 	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
527 		BT_ERR("Pairing failed (confirmation values mismatch)");
528 		return SMP_CONFIRM_FAILED;
529 	}
530 
531 	if (hcon->out) {
532 		u8 stk[16];
533 		__le64 rand = 0;
534 		__le16 ediv = 0;
535 
536 		smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, stk);
537 
538 		memset(stk + smp->enc_key_size, 0,
539 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
540 
541 		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
542 			return SMP_UNSPECIFIED;
543 
544 		hci_le_start_enc(hcon, ediv, rand, stk);
545 		hcon->enc_key_size = smp->enc_key_size;
546 	} else {
547 		u8 stk[16], auth;
548 		__le64 rand = 0;
549 		__le16 ediv = 0;
550 
551 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
552 			     smp->prnd);
553 
554 		smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, stk);
555 
556 		memset(stk + smp->enc_key_size, 0,
557 		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
558 
559 		if (hcon->pending_sec_level == BT_SECURITY_HIGH)
560 			auth = 1;
561 		else
562 			auth = 0;
563 
564 		hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
565 			    HCI_SMP_STK_SLAVE, auth, stk, smp->enc_key_size,
566 			    ediv, rand);
567 	}
568 
569 	return 0;
570 }
571 
572 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
573 {
574 	struct smp_chan *smp;
575 
576 	smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
577 	if (!smp)
578 		return NULL;
579 
580 	smp->conn = conn;
581 	conn->smp_chan = smp;
582 	conn->hcon->smp_conn = conn;
583 
584 	hci_conn_hold(conn->hcon);
585 
586 	return smp;
587 }
588 
589 void smp_chan_destroy(struct l2cap_conn *conn)
590 {
591 	struct smp_chan *smp = conn->smp_chan;
592 	bool complete;
593 
594 	BUG_ON(!smp);
595 
596 	complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
597 	mgmt_smp_complete(conn->hcon, complete);
598 
599 	kfree(smp->csrk);
600 	kfree(smp->slave_csrk);
601 
602 	/* If pairing failed clean up any keys we might have */
603 	if (!complete) {
604 		if (smp->ltk) {
605 			list_del(&smp->ltk->list);
606 			kfree(smp->ltk);
607 		}
608 
609 		if (smp->slave_ltk) {
610 			list_del(&smp->slave_ltk->list);
611 			kfree(smp->slave_ltk);
612 		}
613 
614 		if (smp->remote_irk) {
615 			list_del(&smp->remote_irk->list);
616 			kfree(smp->remote_irk);
617 		}
618 	}
619 
620 	kfree(smp);
621 	conn->smp_chan = NULL;
622 	conn->hcon->smp_conn = NULL;
623 	hci_conn_drop(conn->hcon);
624 }
625 
626 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
627 {
628 	struct l2cap_conn *conn = hcon->smp_conn;
629 	struct smp_chan *smp;
630 	u32 value;
631 
632 	BT_DBG("");
633 
634 	if (!conn)
635 		return -ENOTCONN;
636 
637 	smp = conn->smp_chan;
638 
639 	switch (mgmt_op) {
640 	case MGMT_OP_USER_PASSKEY_REPLY:
641 		value = le32_to_cpu(passkey);
642 		memset(smp->tk, 0, sizeof(smp->tk));
643 		BT_DBG("PassKey: %d", value);
644 		put_unaligned_le32(value, smp->tk);
645 		/* Fall Through */
646 	case MGMT_OP_USER_CONFIRM_REPLY:
647 		set_bit(SMP_FLAG_TK_VALID, &smp->flags);
648 		break;
649 	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650 	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
651 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
652 		return 0;
653 	default:
654 		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
655 		return -EOPNOTSUPP;
656 	}
657 
658 	/* If it is our turn to send Pairing Confirm, do so now */
659 	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
660 		u8 rsp = smp_confirm(smp);
661 		if (rsp)
662 			smp_failure(conn, rsp);
663 	}
664 
665 	return 0;
666 }
667 
668 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
669 {
670 	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
671 	struct smp_chan *smp;
672 	u8 key_size, auth;
673 	int ret;
674 
675 	BT_DBG("conn %p", conn);
676 
677 	if (skb->len < sizeof(*req))
678 		return SMP_INVALID_PARAMS;
679 
680 	if (conn->hcon->link_mode & HCI_LM_MASTER)
681 		return SMP_CMD_NOTSUPP;
682 
683 	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
684 		smp = smp_chan_create(conn);
685 	else
686 		smp = conn->smp_chan;
687 
688 	if (!smp)
689 		return SMP_UNSPECIFIED;
690 
691 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
692 	memcpy(&smp->preq[1], req, sizeof(*req));
693 	skb_pull(skb, sizeof(*req));
694 
695 	/* We didn't start the pairing, so match remote */
696 	auth = req->auth_req;
697 
698 	conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
699 
700 	build_pairing_cmd(conn, req, &rsp, auth);
701 
702 	key_size = min(req->max_key_size, rsp.max_key_size);
703 	if (check_enc_key_size(conn, key_size))
704 		return SMP_ENC_KEY_SIZE;
705 
706 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
707 
708 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
709 	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
710 
711 	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
712 
713 	/* Request setup of TK */
714 	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
715 	if (ret)
716 		return SMP_UNSPECIFIED;
717 
718 	clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
719 
720 	return 0;
721 }
722 
723 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
724 {
725 	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
726 	struct smp_chan *smp = conn->smp_chan;
727 	u8 key_size, auth = SMP_AUTH_NONE;
728 	int ret;
729 
730 	BT_DBG("conn %p", conn);
731 
732 	if (skb->len < sizeof(*rsp))
733 		return SMP_INVALID_PARAMS;
734 
735 	if (!(conn->hcon->link_mode & HCI_LM_MASTER))
736 		return SMP_CMD_NOTSUPP;
737 
738 	skb_pull(skb, sizeof(*rsp));
739 
740 	req = (void *) &smp->preq[1];
741 
742 	key_size = min(req->max_key_size, rsp->max_key_size);
743 	if (check_enc_key_size(conn, key_size))
744 		return SMP_ENC_KEY_SIZE;
745 
746 	get_random_bytes(smp->prnd, sizeof(smp->prnd));
747 
748 	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
749 	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
750 
751 	/* Update remote key distribution in case the remote cleared
752 	 * some bits that we had enabled in our request.
753 	 */
754 	smp->remote_key_dist &= rsp->resp_key_dist;
755 
756 	if ((req->auth_req & SMP_AUTH_BONDING) &&
757 	    (rsp->auth_req & SMP_AUTH_BONDING))
758 		auth = SMP_AUTH_BONDING;
759 
760 	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
761 
762 	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
763 	if (ret)
764 		return SMP_UNSPECIFIED;
765 
766 	set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
767 
768 	/* Can't compose response until we have been confirmed */
769 	if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
770 		return smp_confirm(smp);
771 
772 	return 0;
773 }
774 
775 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
776 {
777 	struct smp_chan *smp = conn->smp_chan;
778 
779 	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
780 
781 	if (skb->len < sizeof(smp->pcnf))
782 		return SMP_INVALID_PARAMS;
783 
784 	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
785 	skb_pull(skb, sizeof(smp->pcnf));
786 
787 	if (conn->hcon->out)
788 		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
789 			     smp->prnd);
790 	else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
791 		return smp_confirm(smp);
792 	else
793 		set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
794 
795 	return 0;
796 }
797 
798 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
799 {
800 	struct smp_chan *smp = conn->smp_chan;
801 
802 	BT_DBG("conn %p", conn);
803 
804 	if (skb->len < sizeof(smp->rrnd))
805 		return SMP_INVALID_PARAMS;
806 
807 	memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
808 	skb_pull(skb, sizeof(smp->rrnd));
809 
810 	return smp_random(smp);
811 }
812 
813 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
814 {
815 	struct smp_ltk *key;
816 	struct hci_conn *hcon = conn->hcon;
817 
818 	key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
819 				   hcon->out);
820 	if (!key)
821 		return 0;
822 
823 	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
824 		return 0;
825 
826 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
827 		return 1;
828 
829 	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
830 	hcon->enc_key_size = key->enc_size;
831 
832 	return 1;
833 }
834 
835 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
836 {
837 	struct smp_cmd_security_req *rp = (void *) skb->data;
838 	struct smp_cmd_pairing cp;
839 	struct hci_conn *hcon = conn->hcon;
840 	struct smp_chan *smp;
841 
842 	BT_DBG("conn %p", conn);
843 
844 	if (skb->len < sizeof(*rp))
845 		return SMP_INVALID_PARAMS;
846 
847 	if (!(conn->hcon->link_mode & HCI_LM_MASTER))
848 		return SMP_CMD_NOTSUPP;
849 
850 	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
851 
852 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
853 		return 0;
854 
855 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
856 		return 0;
857 
858 	smp = smp_chan_create(conn);
859 
860 	skb_pull(skb, sizeof(*rp));
861 
862 	memset(&cp, 0, sizeof(cp));
863 	build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
864 
865 	smp->preq[0] = SMP_CMD_PAIRING_REQ;
866 	memcpy(&smp->preq[1], &cp, sizeof(cp));
867 
868 	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
869 
870 	clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
871 
872 	return 0;
873 }
874 
875 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
876 {
877 	if (sec_level == BT_SECURITY_LOW)
878 		return true;
879 
880 	if (hcon->sec_level >= sec_level)
881 		return true;
882 
883 	return false;
884 }
885 
886 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
887 {
888 	struct l2cap_conn *conn = hcon->l2cap_data;
889 	struct smp_chan *smp;
890 	__u8 authreq;
891 
892 	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
893 
894 	/* This may be NULL if there's an unexpected disconnection */
895 	if (!conn)
896 		return 1;
897 
898 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
899 		return 1;
900 
901 	if (smp_sufficient_security(hcon, sec_level))
902 		return 1;
903 
904 	if (hcon->link_mode & HCI_LM_MASTER)
905 		if (smp_ltk_encrypt(conn, sec_level))
906 			goto done;
907 
908 	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
909 		return 0;
910 
911 	smp = smp_chan_create(conn);
912 	if (!smp)
913 		return 1;
914 
915 	authreq = seclevel_to_authreq(sec_level);
916 
917 	/* Require MITM if IO Capability allows or the security level
918 	 * requires it.
919 	 */
920 	if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
921 	    sec_level > BT_SECURITY_MEDIUM)
922 		authreq |= SMP_AUTH_MITM;
923 
924 	if (hcon->link_mode & HCI_LM_MASTER) {
925 		struct smp_cmd_pairing cp;
926 
927 		build_pairing_cmd(conn, &cp, NULL, authreq);
928 		smp->preq[0] = SMP_CMD_PAIRING_REQ;
929 		memcpy(&smp->preq[1], &cp, sizeof(cp));
930 
931 		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
932 	} else {
933 		struct smp_cmd_security_req cp;
934 		cp.auth_req = authreq;
935 		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
936 	}
937 
938 	set_bit(SMP_FLAG_INITIATOR, &smp->flags);
939 
940 done:
941 	hcon->pending_sec_level = sec_level;
942 
943 	return 0;
944 }
945 
946 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
947 {
948 	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
949 	struct smp_chan *smp = conn->smp_chan;
950 
951 	BT_DBG("conn %p", conn);
952 
953 	if (skb->len < sizeof(*rp))
954 		return SMP_INVALID_PARAMS;
955 
956 	/* Ignore this PDU if it wasn't requested */
957 	if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
958 		return 0;
959 
960 	skb_pull(skb, sizeof(*rp));
961 
962 	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
963 
964 	return 0;
965 }
966 
967 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
968 {
969 	struct smp_cmd_master_ident *rp = (void *) skb->data;
970 	struct smp_chan *smp = conn->smp_chan;
971 	struct hci_dev *hdev = conn->hcon->hdev;
972 	struct hci_conn *hcon = conn->hcon;
973 	struct smp_ltk *ltk;
974 	u8 authenticated;
975 
976 	BT_DBG("conn %p", conn);
977 
978 	if (skb->len < sizeof(*rp))
979 		return SMP_INVALID_PARAMS;
980 
981 	/* Ignore this PDU if it wasn't requested */
982 	if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
983 		return 0;
984 
985 	/* Mark the information as received */
986 	smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
987 
988 	skb_pull(skb, sizeof(*rp));
989 
990 	hci_dev_lock(hdev);
991 	authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
992 	ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
993 			  authenticated, smp->tk, smp->enc_key_size,
994 			  rp->ediv, rp->rand);
995 	smp->ltk = ltk;
996 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
997 		smp_distribute_keys(conn);
998 	hci_dev_unlock(hdev);
999 
1000 	return 0;
1001 }
1002 
1003 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1004 {
1005 	struct smp_cmd_ident_info *info = (void *) skb->data;
1006 	struct smp_chan *smp = conn->smp_chan;
1007 
1008 	BT_DBG("");
1009 
1010 	if (skb->len < sizeof(*info))
1011 		return SMP_INVALID_PARAMS;
1012 
1013 	/* Ignore this PDU if it wasn't requested */
1014 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1015 		return 0;
1016 
1017 	skb_pull(skb, sizeof(*info));
1018 
1019 	memcpy(smp->irk, info->irk, 16);
1020 
1021 	return 0;
1022 }
1023 
1024 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1025 				   struct sk_buff *skb)
1026 {
1027 	struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1028 	struct smp_chan *smp = conn->smp_chan;
1029 	struct hci_conn *hcon = conn->hcon;
1030 	bdaddr_t rpa;
1031 
1032 	BT_DBG("");
1033 
1034 	if (skb->len < sizeof(*info))
1035 		return SMP_INVALID_PARAMS;
1036 
1037 	/* Ignore this PDU if it wasn't requested */
1038 	if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1039 		return 0;
1040 
1041 	/* Mark the information as received */
1042 	smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1043 
1044 	skb_pull(skb, sizeof(*info));
1045 
1046 	/* Strictly speaking the Core Specification (4.1) allows sending
1047 	 * an empty address which would force us to rely on just the IRK
1048 	 * as "identity information". However, since such
1049 	 * implementations are not known of and in order to not over
1050 	 * complicate our implementation, simply pretend that we never
1051 	 * received an IRK for such a device.
1052 	 */
1053 	if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1054 		BT_ERR("Ignoring IRK with no identity address");
1055 		smp_distribute_keys(conn);
1056 		return 0;
1057 	}
1058 
1059 	bacpy(&smp->id_addr, &info->bdaddr);
1060 	smp->id_addr_type = info->addr_type;
1061 
1062 	if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1063 		bacpy(&rpa, &hcon->dst);
1064 	else
1065 		bacpy(&rpa, BDADDR_ANY);
1066 
1067 	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1068 				      smp->id_addr_type, smp->irk, &rpa);
1069 
1070 	smp_distribute_keys(conn);
1071 
1072 	return 0;
1073 }
1074 
1075 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1076 {
1077 	struct smp_cmd_sign_info *rp = (void *) skb->data;
1078 	struct smp_chan *smp = conn->smp_chan;
1079 	struct hci_dev *hdev = conn->hcon->hdev;
1080 	struct smp_csrk *csrk;
1081 
1082 	BT_DBG("conn %p", conn);
1083 
1084 	if (skb->len < sizeof(*rp))
1085 		return SMP_INVALID_PARAMS;
1086 
1087 	/* Ignore this PDU if it wasn't requested */
1088 	if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1089 		return 0;
1090 
1091 	/* Mark the information as received */
1092 	smp->remote_key_dist &= ~SMP_DIST_SIGN;
1093 
1094 	skb_pull(skb, sizeof(*rp));
1095 
1096 	hci_dev_lock(hdev);
1097 	csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1098 	if (csrk) {
1099 		csrk->master = 0x01;
1100 		memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1101 	}
1102 	smp->csrk = csrk;
1103 	if (!(smp->remote_key_dist & SMP_DIST_SIGN))
1104 		smp_distribute_keys(conn);
1105 	hci_dev_unlock(hdev);
1106 
1107 	return 0;
1108 }
1109 
1110 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1111 {
1112 	struct hci_conn *hcon = conn->hcon;
1113 	__u8 code, reason;
1114 	int err = 0;
1115 
1116 	if (hcon->type != LE_LINK) {
1117 		kfree_skb(skb);
1118 		return 0;
1119 	}
1120 
1121 	if (skb->len < 1) {
1122 		kfree_skb(skb);
1123 		return -EILSEQ;
1124 	}
1125 
1126 	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1127 		err = -ENOTSUPP;
1128 		reason = SMP_PAIRING_NOTSUPP;
1129 		goto done;
1130 	}
1131 
1132 	code = skb->data[0];
1133 	skb_pull(skb, sizeof(code));
1134 
1135 	/*
1136 	 * The SMP context must be initialized for all other PDUs except
1137 	 * pairing and security requests. If we get any other PDU when
1138 	 * not initialized simply disconnect (done if this function
1139 	 * returns an error).
1140 	 */
1141 	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
1142 	    !conn->smp_chan) {
1143 		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
1144 		kfree_skb(skb);
1145 		return -ENOTSUPP;
1146 	}
1147 
1148 	switch (code) {
1149 	case SMP_CMD_PAIRING_REQ:
1150 		reason = smp_cmd_pairing_req(conn, skb);
1151 		break;
1152 
1153 	case SMP_CMD_PAIRING_FAIL:
1154 		smp_failure(conn, 0);
1155 		reason = 0;
1156 		err = -EPERM;
1157 		break;
1158 
1159 	case SMP_CMD_PAIRING_RSP:
1160 		reason = smp_cmd_pairing_rsp(conn, skb);
1161 		break;
1162 
1163 	case SMP_CMD_SECURITY_REQ:
1164 		reason = smp_cmd_security_req(conn, skb);
1165 		break;
1166 
1167 	case SMP_CMD_PAIRING_CONFIRM:
1168 		reason = smp_cmd_pairing_confirm(conn, skb);
1169 		break;
1170 
1171 	case SMP_CMD_PAIRING_RANDOM:
1172 		reason = smp_cmd_pairing_random(conn, skb);
1173 		break;
1174 
1175 	case SMP_CMD_ENCRYPT_INFO:
1176 		reason = smp_cmd_encrypt_info(conn, skb);
1177 		break;
1178 
1179 	case SMP_CMD_MASTER_IDENT:
1180 		reason = smp_cmd_master_ident(conn, skb);
1181 		break;
1182 
1183 	case SMP_CMD_IDENT_INFO:
1184 		reason = smp_cmd_ident_info(conn, skb);
1185 		break;
1186 
1187 	case SMP_CMD_IDENT_ADDR_INFO:
1188 		reason = smp_cmd_ident_addr_info(conn, skb);
1189 		break;
1190 
1191 	case SMP_CMD_SIGN_INFO:
1192 		reason = smp_cmd_sign_info(conn, skb);
1193 		break;
1194 
1195 	default:
1196 		BT_DBG("Unknown command code 0x%2.2x", code);
1197 
1198 		reason = SMP_CMD_NOTSUPP;
1199 		err = -EOPNOTSUPP;
1200 		goto done;
1201 	}
1202 
1203 done:
1204 	if (reason)
1205 		smp_failure(conn, reason);
1206 
1207 	kfree_skb(skb);
1208 	return err;
1209 }
1210 
1211 static void smp_notify_keys(struct l2cap_conn *conn)
1212 {
1213 	struct smp_chan *smp = conn->smp_chan;
1214 	struct hci_conn *hcon = conn->hcon;
1215 	struct hci_dev *hdev = hcon->hdev;
1216 	struct smp_cmd_pairing *req = (void *) &smp->preq[1];
1217 	struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
1218 	bool persistent;
1219 
1220 	if (smp->remote_irk) {
1221 		mgmt_new_irk(hdev, smp->remote_irk);
1222 		/* Now that user space can be considered to know the
1223 		 * identity address track the connection based on it
1224 		 * from now on.
1225 		 */
1226 		bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1227 		hcon->dst_type = smp->remote_irk->addr_type;
1228 		l2cap_conn_update_id_addr(hcon);
1229 	}
1230 
1231 	/* The LTKs and CSRKs should be persistent only if both sides
1232 	 * had the bonding bit set in their authentication requests.
1233 	 */
1234 	persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
1235 
1236 	if (smp->csrk) {
1237 		smp->csrk->bdaddr_type = hcon->dst_type;
1238 		bacpy(&smp->csrk->bdaddr, &hcon->dst);
1239 		mgmt_new_csrk(hdev, smp->csrk, persistent);
1240 	}
1241 
1242 	if (smp->slave_csrk) {
1243 		smp->slave_csrk->bdaddr_type = hcon->dst_type;
1244 		bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
1245 		mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
1246 	}
1247 
1248 	if (smp->ltk) {
1249 		smp->ltk->bdaddr_type = hcon->dst_type;
1250 		bacpy(&smp->ltk->bdaddr, &hcon->dst);
1251 		mgmt_new_ltk(hdev, smp->ltk, persistent);
1252 	}
1253 
1254 	if (smp->slave_ltk) {
1255 		smp->slave_ltk->bdaddr_type = hcon->dst_type;
1256 		bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1257 		mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
1258 	}
1259 }
1260 
1261 int smp_distribute_keys(struct l2cap_conn *conn)
1262 {
1263 	struct smp_cmd_pairing *req, *rsp;
1264 	struct smp_chan *smp = conn->smp_chan;
1265 	struct hci_conn *hcon = conn->hcon;
1266 	struct hci_dev *hdev = hcon->hdev;
1267 	__u8 *keydist;
1268 
1269 	BT_DBG("conn %p", conn);
1270 
1271 	if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1272 		return 0;
1273 
1274 	rsp = (void *) &smp->prsp[1];
1275 
1276 	/* The responder sends its keys first */
1277 	if (hcon->out && (smp->remote_key_dist & 0x07))
1278 		return 0;
1279 
1280 	req = (void *) &smp->preq[1];
1281 
1282 	if (hcon->out) {
1283 		keydist = &rsp->init_key_dist;
1284 		*keydist &= req->init_key_dist;
1285 	} else {
1286 		keydist = &rsp->resp_key_dist;
1287 		*keydist &= req->resp_key_dist;
1288 	}
1289 
1290 	BT_DBG("keydist 0x%x", *keydist);
1291 
1292 	if (*keydist & SMP_DIST_ENC_KEY) {
1293 		struct smp_cmd_encrypt_info enc;
1294 		struct smp_cmd_master_ident ident;
1295 		struct smp_ltk *ltk;
1296 		u8 authenticated;
1297 		__le16 ediv;
1298 		__le64 rand;
1299 
1300 		get_random_bytes(enc.ltk, sizeof(enc.ltk));
1301 		get_random_bytes(&ediv, sizeof(ediv));
1302 		get_random_bytes(&rand, sizeof(rand));
1303 
1304 		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1305 
1306 		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1307 		ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1308 				  HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1309 				  smp->enc_key_size, ediv, rand);
1310 		smp->slave_ltk = ltk;
1311 
1312 		ident.ediv = ediv;
1313 		ident.rand = rand;
1314 
1315 		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1316 
1317 		*keydist &= ~SMP_DIST_ENC_KEY;
1318 	}
1319 
1320 	if (*keydist & SMP_DIST_ID_KEY) {
1321 		struct smp_cmd_ident_addr_info addrinfo;
1322 		struct smp_cmd_ident_info idinfo;
1323 
1324 		memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1325 
1326 		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1327 
1328 		/* The hci_conn contains the local identity address
1329 		 * after the connection has been established.
1330 		 *
1331 		 * This is true even when the connection has been
1332 		 * established using a resolvable random address.
1333 		 */
1334 		bacpy(&addrinfo.bdaddr, &hcon->src);
1335 		addrinfo.addr_type = hcon->src_type;
1336 
1337 		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1338 			     &addrinfo);
1339 
1340 		*keydist &= ~SMP_DIST_ID_KEY;
1341 	}
1342 
1343 	if (*keydist & SMP_DIST_SIGN) {
1344 		struct smp_cmd_sign_info sign;
1345 		struct smp_csrk *csrk;
1346 
1347 		/* Generate a new random key */
1348 		get_random_bytes(sign.csrk, sizeof(sign.csrk));
1349 
1350 		csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1351 		if (csrk) {
1352 			csrk->master = 0x00;
1353 			memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1354 		}
1355 		smp->slave_csrk = csrk;
1356 
1357 		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1358 
1359 		*keydist &= ~SMP_DIST_SIGN;
1360 	}
1361 
1362 	/* If there are still keys to be received wait for them */
1363 	if ((smp->remote_key_dist & 0x07))
1364 		return 0;
1365 
1366 	clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1367 	cancel_delayed_work_sync(&conn->security_timer);
1368 	set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1369 	smp_notify_keys(conn);
1370 
1371 	smp_chan_destroy(conn);
1372 
1373 	return 0;
1374 }
1375