projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix BR/EDR Link Key type when derived through LE SC
[linux-block.git] / net / bluetooth / smp.c
CommitLineData
eb492e01
AB		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
8c520a59
GP		 23#include <linux/crypto.h>
24#include <linux/scatterlist.h>
25#include <crypto/b128ops.h>
26
eb492e01
AB		 27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h>
2b64d153 30#include <net/bluetooth/mgmt.h>
ac4b7236 31
3b19146d 32#include "ecc.h"
ac4b7236 33#include "smp.h"
d22ef0bc 34
b28b4943 35#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
b28b4943 36
3b19146d
JH		 37/* Keys which are not distributed with Secure Connections */
38#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
39
17b02e62 40#define SMP_TIMEOUT msecs_to_jiffies(30000)
5d3de7df 41
0edb14de
JH		 42#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
43 0x1f : 0x07)
44#define KEY_DIST_MASK 0x07
065a13e2 45
cbbbe3e2
JH		 46/* Maximum message length that can be passed to aes_cmac */
47#define CMAC_MSG_MAX 80
48
533e35d4
JH		 49enum {
50 SMP_FLAG_TK_VALID,
51 SMP_FLAG_CFM_PENDING,
52 SMP_FLAG_MITM_AUTH,
53 SMP_FLAG_COMPLETE,
54 SMP_FLAG_INITIATOR,
65668776 55 SMP_FLAG_SC,
d8f8edbe 56 SMP_FLAG_REMOTE_PK,
aeb7d461 57 SMP_FLAG_DEBUG_KEY,
533e35d4 58};
4bc58f51
JH		 59
60struct smp_chan {
b68fda68
JH		 61 struct l2cap_conn *conn;
62 struct delayed_work security_timer;
b28b4943 63 unsigned long allow_cmd; /* Bitmask of allowed commands */
b68fda68 64
4bc58f51
JH		 65 u8 preq[7]; /* SMP Pairing Request */
66 u8 prsp[7]; /* SMP Pairing Response */
67 u8 prnd[16]; /* SMP Pairing Random (local) */
68 u8 rrnd[16]; /* SMP Pairing Random (remote) */
69 u8 pcnf[16]; /* SMP Pairing Confirm */
70 u8 tk[16]; /* SMP Temporary Key */
71 u8 enc_key_size;
72 u8 remote_key_dist;
73 bdaddr_t id_addr;
74 u8 id_addr_type;
75 u8 irk[16];
76 struct smp_csrk *csrk;
77 struct smp_csrk *slave_csrk;
78 struct smp_ltk *ltk;
79 struct smp_ltk *slave_ltk;
80 struct smp_irk *remote_irk;
6a77083a 81 u8 *link_key;
4a74d658 82 unsigned long flags;
783e0574 83 u8 method;
6a7bd103 84
3b19146d
JH		 85 /* Secure Connections variables */
86 u8 local_pk[64];
87 u8 local_sk[32];
d8f8edbe
JH		 88 u8 remote_pk[64];
89 u8 dhkey[32];
760b018b 90 u8 mackey[16];
3b19146d 91
6a7bd103 92 struct crypto_blkcipher *tfm_aes;
407cecf6 93 struct crypto_hash *tfm_cmac;
4bc58f51
JH		 94};
95
aeb7d461
JH		 96/* These debug key values are defined in the SMP section of the core
97 * specification. debug_pk is the public debug key and debug_sk the
98 * private debug key.
99 */
100static const u8 debug_pk[64] = {
101 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
102 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
103 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
104 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
105
106 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
107 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
108 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
109 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
110};
111
112static const u8 debug_sk[32] = {
113 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
114 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
115 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
116 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
117};
118
8a2936f4 119static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
d22ef0bc 120{
8a2936f4 121 size_t i;
d22ef0bc 122
8a2936f4
JH		 123 for (i = 0; i < len; i++)
124 dst[len - 1 - i] = src[i];
d22ef0bc
AB		 125}
126
cbbbe3e2
JH		 127static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
128 size_t len, u8 mac[16])
129{
130 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
131 struct hash_desc desc;
132 struct scatterlist sg;
133 int err;
134
135 if (len > CMAC_MSG_MAX)
136 return -EFBIG;
137
138 if (!tfm) {
139 BT_ERR("tfm %p", tfm);
140 return -EINVAL;
141 }
142
143 desc.tfm = tfm;
144 desc.flags = 0;
145
146 crypto_hash_init(&desc);
147
148 /* Swap key and message from LSB to MSB */
149 swap_buf(k, tmp, 16);
150 swap_buf(m, msg_msb, len);
151
152 BT_DBG("msg (len %zu) %*phN", len, (int) len, m);
153 BT_DBG("key %16phN", k);
154
155 err = crypto_hash_setkey(tfm, tmp, 16);
156 if (err) {
157 BT_ERR("cipher setkey failed: %d", err);
158 return err;
159 }
160
161 sg_init_one(&sg, msg_msb, len);
162
163 err = crypto_hash_update(&desc, &sg, len);
164 if (err) {
165 BT_ERR("Hash update error %d", err);
166 return err;
167 }
168
169 err = crypto_hash_final(&desc, mac_msb);
170 if (err) {
171 BT_ERR("Hash final error %d", err);
172 return err;
173 }
174
175 swap_buf(mac_msb, mac, 16);
176
177 BT_DBG("mac %16phN", mac);
178
179 return 0;
180}
181
182static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
183 const u8 x[16], u8 z, u8 res[16])
184{
185 u8 m[65];
186 int err;
187
188 BT_DBG("u %32phN", u);
189 BT_DBG("v %32phN", v);
190 BT_DBG("x %16phN z %02x", x, z);
191
192 m[0] = z;
193 memcpy(m + 1, v, 32);
194 memcpy(m + 33, u, 32);
195
196 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
197 if (err)
198 return err;
199
200 BT_DBG("res %16phN", res);
201
202 return err;
203}
204
760b018b
JH		 205static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
206 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
207{
208 /* The btle, salt and length "magic" values are as defined in
209 * the SMP section of the Bluetooth core specification. In ASCII
210 * the btle value ends up being 'btle'. The salt is just a
211 * random number whereas length is the value 256 in little
212 * endian format.
213 */
214 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
215 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
216 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
217 const u8 length[2] = { 0x00, 0x01 };
218 u8 m[53], t[16];
219 int err;
220
221 BT_DBG("w %32phN", w);
222 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
223 BT_DBG("a1 %7phN a2 %7phN", a1, a2);
224
225 err = aes_cmac(tfm_cmac, salt, w, 32, t);
226 if (err)
227 return err;
228
229 BT_DBG("t %16phN", t);
230
231 memcpy(m, length, 2);
232 memcpy(m + 2, a2, 7);
233 memcpy(m + 9, a1, 7);
234 memcpy(m + 16, n2, 16);
235 memcpy(m + 32, n1, 16);
236 memcpy(m + 48, btle, 4);
237
238 m[52] = 0; /* Counter */
239
240 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
241 if (err)
242 return err;
243
244 BT_DBG("mackey %16phN", mackey);
245
246 m[52] = 1; /* Counter */
247
248 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
249 if (err)
250 return err;
251
252 BT_DBG("ltk %16phN", ltk);
253
254 return 0;
255}
256
257static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
258 const u8 n1[16], u8 n2[16], const u8 r[16],
259 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
260 u8 res[16])
261{
262 u8 m[65];
263 int err;
264
265 BT_DBG("w %16phN", w);
266 BT_DBG("n1 %16phN n2 %16phN", n1, n2);
267 BT_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
268
269 memcpy(m, a2, 7);
270 memcpy(m + 7, a1, 7);
271 memcpy(m + 14, io_cap, 3);
272 memcpy(m + 17, r, 16);
273 memcpy(m + 33, n2, 16);
274 memcpy(m + 49, n1, 16);
275
276 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
277 if (err)
278 return err;
279
280 BT_DBG("res %16phN", res);
281
282 return err;
283}
284
191dc7fe
JH		 285static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
286 const u8 x[16], const u8 y[16], u32 *val)
287{
288 u8 m[80], tmp[16];
289 int err;
290
291 BT_DBG("u %32phN", u);
292 BT_DBG("v %32phN", v);
293 BT_DBG("x %16phN y %16phN", x, y);
294
295 memcpy(m, y, 16);
296 memcpy(m + 16, v, 32);
297 memcpy(m + 48, u, 32);
298
299 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
300 if (err)
301 return err;
302
303 *val = get_unaligned_le32(tmp);
304 *val %= 1000000;
305
306 BT_DBG("val %06u", *val);
307
308 return 0;
309}
310
d22ef0bc
AB		 311static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
312{
313 struct blkcipher_desc desc;
314 struct scatterlist sg;
943a732a 315 uint8_t tmp[16], data[16];
201a5929 316 int err;
d22ef0bc
AB		 317
318 if (tfm == NULL) {
319 BT_ERR("tfm %p", tfm);
320 return -EINVAL;
321 }
322
323 desc.tfm = tfm;
324 desc.flags = 0;
325
943a732a 326 /* The most significant octet of key corresponds to k[0] */
8a2936f4 327 swap_buf(k, tmp, 16);
943a732a
JH		 328
329 err = crypto_blkcipher_setkey(tfm, tmp, 16);
d22ef0bc
AB		 330 if (err) {
331 BT_ERR("cipher setkey failed: %d", err);
332 return err;
333 }
334
943a732a 335 /* Most significant octet of plaintextData corresponds to data[0] */
8a2936f4 336 swap_buf(r, data, 16);
943a732a
JH		 337
338 sg_init_one(&sg, data, 16);
d22ef0bc 339
d22ef0bc
AB		 340 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
341 if (err)
342 BT_ERR("Encrypt data error %d", err);
343
943a732a 344 /* Most significant octet of encryptedData corresponds to data[0] */
8a2936f4 345 swap_buf(data, r, 16);
943a732a 346
d22ef0bc
AB		 347 return err;
348}
349
6a77083a
JH		 350static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
351 const u8 key_id[4], u8 res[16])
352{
353 int err;
354
355 BT_DBG("w %16phN key_id %4phN", w, key_id);
356
357 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
358 if (err)
359 return err;
360
361 BT_DBG("res %16phN", res);
362
363 return err;
364}
365
60478054
JH		 366static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
367{
943a732a 368 u8 _res[16];
60478054
JH		 369 int err;
370
371 /* r' = padding || r */
943a732a
JH		 372 memcpy(_res, r, 3);
373 memset(_res + 3, 0, 13);
60478054 374
943a732a 375 err = smp_e(tfm, irk, _res);
60478054
JH		 376 if (err) {
377 BT_ERR("Encrypt error");
378 return err;
379 }
380
381 /* The output of the random address function ah is:
382 * ah(h, r) = e(k, r') mod 2^24
383 * The output of the security function e is then truncated to 24 bits
384 * by taking the least significant 24 bits of the output of e as the
385 * result of ah.
386 */
943a732a 387 memcpy(res, _res, 3);
60478054
JH		 388
389 return 0;
390}
391
defce9e8 392bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
60478054 393{
defce9e8
JH		 394 struct l2cap_chan *chan = hdev->smp_data;
395 struct crypto_blkcipher *tfm;
60478054
JH		 396 u8 hash[3];
397 int err;
398
defce9e8
JH		 399 if (!chan || !chan->data)
400 return false;
401
402 tfm = chan->data;
403
60478054
JH		 404 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
405
406 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
407 if (err)
408 return false;
409
410 return !memcmp(bdaddr->b, hash, 3);
411}
412
defce9e8 413int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
b1e2b3ae 414{
defce9e8
JH		 415 struct l2cap_chan *chan = hdev->smp_data;
416 struct crypto_blkcipher *tfm;
b1e2b3ae
JH		 417 int err;
418
defce9e8
JH		 419 if (!chan || !chan->data)
420 return -EOPNOTSUPP;
421
422 tfm = chan->data;
423
b1e2b3ae
JH		 424 get_random_bytes(&rpa->b[3], 3);
425
426 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
427 rpa->b[5] |= 0x40; /* Set second most significant bit */
428
429 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
430 if (err < 0)
431 return err;
432
433 BT_DBG("RPA %pMR", rpa);
434
435 return 0;
436}
437
e491eaf3
JH		 438static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
439 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat,
440 bdaddr_t *ra, u8 res[16])
d22ef0bc
AB		 441{
442 u8 p1[16], p2[16];
443 int err;
444
445 memset(p1, 0, 16);
446
447 /* p1 = pres || preq || _rat || _iat */
943a732a
JH		 448 p1[0] = _iat;
449 p1[1] = _rat;
450 memcpy(p1 + 2, preq, 7);
451 memcpy(p1 + 9, pres, 7);
d22ef0bc
AB		 452
453 /* p2 = padding || ia || ra */
943a732a
JH		 454 memcpy(p2, ra, 6);
455 memcpy(p2 + 6, ia, 6);
456 memset(p2 + 12, 0, 4);
d22ef0bc
AB		 457
458 /* res = r XOR p1 */
459 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
460
461 /* res = e(k, res) */
e491eaf3 462 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 463 if (err) {
464 BT_ERR("Encrypt data error");
465 return err;
466 }
467
468 /* res = res XOR p2 */
469 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
470
471 /* res = e(k, res) */
e491eaf3 472 err = smp_e(tfm_aes, k, res);
d22ef0bc
AB		 473 if (err)
474 BT_ERR("Encrypt data error");
475
476 return err;
477}
478
e491eaf3
JH		 479static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
480 u8 r2[16], u8 _r[16])
d22ef0bc
AB		 481{
482 int err;
483
484 /* Just least significant octets from r1 and r2 are considered */
943a732a
JH		 485 memcpy(_r, r2, 8);
486 memcpy(_r + 8, r1, 8);
d22ef0bc 487
e491eaf3 488 err = smp_e(tfm_aes, k, _r);
d22ef0bc
AB		 489 if (err)
490 BT_ERR("Encrypt data error");
491
492 return err;
493}
494
5d88cc73 495static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
eb492e01 496{
5d88cc73 497 struct l2cap_chan *chan = conn->smp;
b68fda68 498 struct smp_chan *smp;
5d88cc73
JH		 499 struct kvec iv[2];
500 struct msghdr msg;
eb492e01 501
5d88cc73
JH		 502 if (!chan)
503 return;
eb492e01 504
5d88cc73 505 BT_DBG("code 0x%2.2x", code);
eb492e01 506
5d88cc73
JH		 507 iv[0].iov_base = &code;
508 iv[0].iov_len = 1;
eb492e01 509
5d88cc73
JH		 510 iv[1].iov_base = data;
511 iv[1].iov_len = len;
eb492e01 512
5d88cc73 513 memset(&msg, 0, sizeof(msg));
eb492e01 514
5d88cc73
JH		 515 msg.msg_iov = (struct iovec *) &iv;
516 msg.msg_iovlen = 2;
eb492e01 517
5d88cc73 518 l2cap_chan_send(chan, &msg, 1 + len);
e2dcd113 519
b68fda68
JH		 520 if (!chan->data)
521 return;
522
523 smp = chan->data;
524
525 cancel_delayed_work_sync(&smp->security_timer);
1b0921d6 526 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
eb492e01
AB		 527}
528
d2eb9e10 529static u8 authreq_to_seclevel(u8 authreq)
2b64d153 530{
d2eb9e10
JH		 531 if (authreq & SMP_AUTH_MITM) {
532 if (authreq & SMP_AUTH_SC)
533 return BT_SECURITY_FIPS;
534 else
535 return BT_SECURITY_HIGH;
536 } else {
2b64d153 537 return BT_SECURITY_MEDIUM;
d2eb9e10 538 }
2b64d153
BG		 539}
540
541static __u8 seclevel_to_authreq(__u8 sec_level)
542{
543 switch (sec_level) {
d2eb9e10 544 case BT_SECURITY_FIPS:
2b64d153
BG		 545 case BT_SECURITY_HIGH:
546 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
547 case BT_SECURITY_MEDIUM:
548 return SMP_AUTH_BONDING;
549 default:
550 return SMP_AUTH_NONE;
551 }
552}
553
b8e66eac 554static void build_pairing_cmd(struct l2cap_conn *conn,
f1560463
MH		 555 struct smp_cmd_pairing *req,
556 struct smp_cmd_pairing *rsp, __u8 authreq)
b8e66eac 557{
5d88cc73
JH		 558 struct l2cap_chan *chan = conn->smp;
559 struct smp_chan *smp = chan->data;
fd349c02
JH		 560 struct hci_conn *hcon = conn->hcon;
561 struct hci_dev *hdev = hcon->hdev;
562 u8 local_dist = 0, remote_dist = 0;
54790f73 563
b6ae8457 564 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
7ee4ea36
MH		 565 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
566 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
54790f73 567 authreq |= SMP_AUTH_BONDING;
2b64d153
BG		 568 } else {
569 authreq &= ~SMP_AUTH_BONDING;
54790f73
VCG		 570 }
571
fd349c02
JH		 572 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
573 remote_dist |= SMP_DIST_ID_KEY;
574
863efaf2
JH		 575 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
576 local_dist |= SMP_DIST_ID_KEY;
577
df8e1a4c
JH		 578 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
579 if ((authreq & SMP_AUTH_SC) &&
580 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
581 local_dist |= SMP_DIST_LINK_KEY;
582 remote_dist |= SMP_DIST_LINK_KEY;
583 }
584 } else {
585 authreq &= ~SMP_AUTH_SC;
586 }
587
54790f73
VCG		 588 if (rsp == NULL) {
589 req->io_capability = conn->hcon->io_capability;
590 req->oob_flag = SMP_OOB_NOT_PRESENT;
591 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 592 req->init_key_dist = local_dist;
593 req->resp_key_dist = remote_dist;
0edb14de 594 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 595
596 smp->remote_key_dist = remote_dist;
54790f73
VCG		 597 return;
598 }
599
600 rsp->io_capability = conn->hcon->io_capability;
601 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
602 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
fd349c02
JH		 603 rsp->init_key_dist = req->init_key_dist & remote_dist;
604 rsp->resp_key_dist = req->resp_key_dist & local_dist;
0edb14de 605 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
fd349c02
JH		 606
607 smp->remote_key_dist = rsp->init_key_dist;
b8e66eac
VCG		 608}
609
3158c50c
VCG		 610static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
611{
5d88cc73
JH		 612 struct l2cap_chan *chan = conn->smp;
613 struct smp_chan *smp = chan->data;
1c1def09 614
3158c50c 615 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
f1560463 616 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
3158c50c
VCG		 617 return SMP_ENC_KEY_SIZE;
618
f7aa611a 619 smp->enc_key_size = max_key_size;
3158c50c
VCG		 620
621 return 0;
622}
623
6f48e260
JH		 624static void smp_chan_destroy(struct l2cap_conn *conn)
625{
626 struct l2cap_chan *chan = conn->smp;
627 struct smp_chan *smp = chan->data;
628 bool complete;
629
630 BUG_ON(!smp);
631
632 cancel_delayed_work_sync(&smp->security_timer);
6f48e260 633
6f48e260
JH		 634 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
635 mgmt_smp_complete(conn->hcon, complete);
636
637 kfree(smp->csrk);
638 kfree(smp->slave_csrk);
6a77083a 639 kfree(smp->link_key);
6f48e260
JH		 640
641 crypto_free_blkcipher(smp->tfm_aes);
407cecf6 642 crypto_free_hash(smp->tfm_cmac);
6f48e260
JH		 643
644 /* If pairing failed clean up any keys we might have */
645 if (!complete) {
646 if (smp->ltk) {
970d0f1b
JH		 647 list_del_rcu(&smp->ltk->list);
648 kfree_rcu(smp->ltk, rcu);
6f48e260
JH		 649 }
650
651 if (smp->slave_ltk) {
970d0f1b
JH		 652 list_del_rcu(&smp->slave_ltk->list);
653 kfree_rcu(smp->slave_ltk, rcu);
6f48e260
JH		 654 }
655
656 if (smp->remote_irk) {
adae20cb
JH		 657 list_del_rcu(&smp->remote_irk->list);
658 kfree_rcu(smp->remote_irk, rcu);
6f48e260
JH		 659 }
660 }
661
662 chan->data = NULL;
663 kfree(smp);
664 hci_conn_drop(conn->hcon);
665}
666
84794e11 667static void smp_failure(struct l2cap_conn *conn, u8 reason)
4f957a76 668{
bab73cb6 669 struct hci_conn *hcon = conn->hcon;
b68fda68 670 struct l2cap_chan *chan = conn->smp;
bab73cb6 671
84794e11 672 if (reason)
4f957a76 673 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
f1560463 674 &reason);
4f957a76 675
ce39fb4e 676 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
e1e930f5 677 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
f1c09c07 678
fc75cc86 679 if (chan->data)
f1c09c07 680 smp_chan_destroy(conn);
4f957a76
BG		 681}
682
2b64d153
BG		 683#define JUST_WORKS 0x00
684#define JUST_CFM 0x01
685#define REQ_PASSKEY 0x02
686#define CFM_PASSKEY 0x03
687#define REQ_OOB 0x04
5e3d3d9b 688#define DSP_PASSKEY 0x05
2b64d153
BG		 689#define OVERLAP 0xFF
690
691static const u8 gen_method[5][5] = {
692 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
693 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
694 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
695 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
696 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
697};
698
5e3d3d9b
JH		 699static const u8 sc_method[5][5] = {
700 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
701 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
702 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
703 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
704 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
705};
706
581370cc
JH		 707static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
708{
2bcd4003
JH		 709 /* If either side has unknown io_caps, use JUST_CFM (which gets
710 * converted later to JUST_WORKS if we're initiators.
711 */
581370cc
JH		 712 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
713 remote_io > SMP_IO_KEYBOARD_DISPLAY)
2bcd4003 714 return JUST_CFM;
581370cc 715
5e3d3d9b
JH		 716 if (test_bit(SMP_FLAG_SC, &smp->flags))
717 return sc_method[remote_io][local_io];
718
581370cc
JH		 719 return gen_method[remote_io][local_io];
720}
721
2b64d153
BG		 722static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
723 u8 local_io, u8 remote_io)
724{
725 struct hci_conn *hcon = conn->hcon;
5d88cc73
JH		 726 struct l2cap_chan *chan = conn->smp;
727 struct smp_chan *smp = chan->data;
2b64d153
BG		 728 u32 passkey = 0;
729 int ret = 0;
730
731 /* Initialize key for JUST WORKS */
732 memset(smp->tk, 0, sizeof(smp->tk));
4a74d658 733 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 734
735 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
736
2bcd4003
JH		 737 /* If neither side wants MITM, either "just" confirm an incoming
738 * request or use just-works for outgoing ones. The JUST_CFM
739 * will be converted to JUST_WORKS if necessary later in this
740 * function. If either side has MITM look up the method from the
741 * table.
742 */
581370cc 743 if (!(auth & SMP_AUTH_MITM))
783e0574 744 smp->method = JUST_CFM;
2b64d153 745 else
783e0574 746 smp->method = get_auth_method(smp, local_io, remote_io);
2b64d153 747
a82505c7 748 /* Don't confirm locally initiated pairing attempts */
783e0574
JH		 749 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
750 &smp->flags))
751 smp->method = JUST_WORKS;
a82505c7 752
02f3e254 753 /* Don't bother user space with no IO capabilities */
783e0574
JH		 754 if (smp->method == JUST_CFM &&
755 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
756 smp->method = JUST_WORKS;
02f3e254 757
2b64d153 758 /* If Just Works, Continue with Zero TK */
783e0574 759 if (smp->method == JUST_WORKS) {
4a74d658 760 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 761 return 0;
762 }
763
764 /* Not Just Works/Confirm results in MITM Authentication */
783e0574 765 if (smp->method != JUST_CFM) {
4a74d658 766 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
5eb596f5
JH		 767 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
768 hcon->pending_sec_level = BT_SECURITY_HIGH;
769 }
2b64d153
BG		 770
771 /* If both devices have Keyoard-Display I/O, the master
772 * Confirms and the slave Enters the passkey.
773 */
783e0574 774 if (smp->method == OVERLAP) {
40bef302 775 if (hcon->role == HCI_ROLE_MASTER)
783e0574 776 smp->method = CFM_PASSKEY;
2b64d153 777 else
783e0574 778 smp->method = REQ_PASSKEY;
2b64d153
BG		 779 }
780
01ad34d2 781 /* Generate random passkey. */
783e0574 782 if (smp->method == CFM_PASSKEY) {
943a732a 783 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153
BG		 784 get_random_bytes(&passkey, sizeof(passkey));
785 passkey %= 1000000;
943a732a 786 put_unaligned_le32(passkey, smp->tk);
2b64d153 787 BT_DBG("PassKey: %d", passkey);
4a74d658 788 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 789 }
790
783e0574 791 if (smp->method == REQ_PASSKEY)
ce39fb4e 792 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
272d90df 793 hcon->type, hcon->dst_type);
783e0574 794 else if (smp->method == JUST_CFM)
4eb65e66
JH		 795 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
796 hcon->type, hcon->dst_type,
797 passkey, 1);
2b64d153 798 else
01ad34d2 799 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
272d90df 800 hcon->type, hcon->dst_type,
39adbffe 801 passkey, 0);
2b64d153 802
2b64d153
BG		 803 return ret;
804}
805
1cc61144 806static u8 smp_confirm(struct smp_chan *smp)
8aab4757 807{
8aab4757 808 struct l2cap_conn *conn = smp->conn;
8aab4757
VCG		 809 struct smp_cmd_pairing_confirm cp;
810 int ret;
8aab4757
VCG		 811
812 BT_DBG("conn %p", conn);
813
e491eaf3 814 ret = smp_c1(smp->tfm_aes, smp->tk, smp->prnd, smp->preq, smp->prsp,
b1cd5fd9 815 conn->hcon->init_addr_type, &conn->hcon->init_addr,
943a732a
JH		 816 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
817 cp.confirm_val);
1cc61144
JH		 818 if (ret)
819 return SMP_UNSPECIFIED;
8aab4757 820
4a74d658 821 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153 822
8aab4757
VCG		 823 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
824
b28b4943
JH		 825 if (conn->hcon->out)
826 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
827 else
828 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
829
1cc61144 830 return 0;
8aab4757
VCG		 831}
832
861580a9 833static u8 smp_random(struct smp_chan *smp)
8aab4757 834{
8aab4757
VCG		 835 struct l2cap_conn *conn = smp->conn;
836 struct hci_conn *hcon = conn->hcon;
861580a9 837 u8 confirm[16];
8aab4757
VCG		 838 int ret;
839
ec70f36f 840 if (IS_ERR_OR_NULL(smp->tfm_aes))
861580a9 841 return SMP_UNSPECIFIED;
8aab4757
VCG		 842
843 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
844
e491eaf3 845 ret = smp_c1(smp->tfm_aes, smp->tk, smp->rrnd, smp->preq, smp->prsp,
b1cd5fd9 846 hcon->init_addr_type, &hcon->init_addr,
943a732a 847 hcon->resp_addr_type, &hcon->resp_addr, confirm);
861580a9
JH		 848 if (ret)
849 return SMP_UNSPECIFIED;
8aab4757 850
8aab4757
VCG		 851 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
852 BT_ERR("Pairing failed (confirmation values mismatch)");
861580a9 853 return SMP_CONFIRM_FAILED;
8aab4757
VCG		 854 }
855
856 if (hcon->out) {
fe39c7b2
MH		 857 u8 stk[16];
858 __le64 rand = 0;
859 __le16 ediv = 0;
8aab4757 860
e491eaf3 861 smp_s1(smp->tfm_aes, smp->tk, smp->rrnd, smp->prnd, stk);
8aab4757 862
f7aa611a 863 memset(stk + smp->enc_key_size, 0,
04124681 864 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 865
861580a9
JH		 866 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
867 return SMP_UNSPECIFIED;
8aab4757
VCG		 868
869 hci_le_start_enc(hcon, ediv, rand, stk);
f7aa611a 870 hcon->enc_key_size = smp->enc_key_size;
fe59a05f 871 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
8aab4757 872 } else {
fff3490f 873 u8 stk[16], auth;
fe39c7b2
MH		 874 __le64 rand = 0;
875 __le16 ediv = 0;
8aab4757 876
943a732a
JH		 877 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
878 smp->prnd);
8aab4757 879
e491eaf3 880 smp_s1(smp->tfm_aes, smp->tk, smp->prnd, smp->rrnd, stk);
8aab4757 881
f7aa611a 882 memset(stk + smp->enc_key_size, 0,
f1560463 883 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
8aab4757 884
fff3490f
JH		 885 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
886 auth = 1;
887 else
888 auth = 0;
889
7d5843b7
JH		 890 /* Even though there's no _SLAVE suffix this is the
891 * slave STK we're adding for later lookup (the master
892 * STK never needs to be stored).
893 */
ce39fb4e 894 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2ceba539 895 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
8aab4757
VCG		 896 }
897
861580a9 898 return 0;
8aab4757
VCG		 899}
900
44f1a7ab
JH		 901static void smp_notify_keys(struct l2cap_conn *conn)
902{
903 struct l2cap_chan *chan = conn->smp;
904 struct smp_chan *smp = chan->data;
905 struct hci_conn *hcon = conn->hcon;
906 struct hci_dev *hdev = hcon->hdev;
907 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
908 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
909 bool persistent;
910
911 if (smp->remote_irk) {
912 mgmt_new_irk(hdev, smp->remote_irk);
913 /* Now that user space can be considered to know the
914 * identity address track the connection based on it
915 * from now on.
916 */
917 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
918 hcon->dst_type = smp->remote_irk->addr_type;
f3d82d0c 919 queue_work(hdev->workqueue, &conn->id_addr_update_work);
44f1a7ab
JH		 920
921 /* When receiving an indentity resolving key for
922 * a remote device that does not use a resolvable
923 * private address, just remove the key so that
924 * it is possible to use the controller white
925 * list for scanning.
926 *
927 * Userspace will have been told to not store
928 * this key at this point. So it is safe to
929 * just remove it.
930 */
931 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
adae20cb
JH		 932 list_del_rcu(&smp->remote_irk->list);
933 kfree_rcu(smp->remote_irk, rcu);
44f1a7ab
JH		 934 smp->remote_irk = NULL;
935 }
936 }
937
938 /* The LTKs and CSRKs should be persistent only if both sides
939 * had the bonding bit set in their authentication requests.
940 */
941 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
942
943 if (smp->csrk) {
944 smp->csrk->bdaddr_type = hcon->dst_type;
945 bacpy(&smp->csrk->bdaddr, &hcon->dst);
946 mgmt_new_csrk(hdev, smp->csrk, persistent);
947 }
948
949 if (smp->slave_csrk) {
950 smp->slave_csrk->bdaddr_type = hcon->dst_type;
951 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
952 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
953 }
954
955 if (smp->ltk) {
956 smp->ltk->bdaddr_type = hcon->dst_type;
957 bacpy(&smp->ltk->bdaddr, &hcon->dst);
958 mgmt_new_ltk(hdev, smp->ltk, persistent);
959 }
960
961 if (smp->slave_ltk) {
962 smp->slave_ltk->bdaddr_type = hcon->dst_type;
963 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
964 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
965 }
6a77083a
JH		 966
967 if (smp->link_key) {
e3befab9
JH		 968 struct link_key *key;
969 u8 type;
970
971 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
972 type = HCI_LK_DEBUG_COMBINATION;
973 else if (hcon->sec_level == BT_SECURITY_FIPS)
974 type = HCI_LK_AUTH_COMBINATION_P256;
975 else
976 type = HCI_LK_UNAUTH_COMBINATION_P256;
977
978 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
979 smp->link_key, type, 0, &persistent);
980 if (key) {
981 mgmt_new_link_key(hdev, key, persistent);
982
983 /* Don't keep debug keys around if the relevant
984 * flag is not set.
985 */
986 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
987 key->type == HCI_LK_DEBUG_COMBINATION) {
988 list_del_rcu(&key->list);
989 kfree_rcu(key, rcu);
990 }
991 }
6a77083a
JH		 992 }
993}
994
995static void sc_generate_link_key(struct smp_chan *smp)
996{
997 /* These constants are as specified in the core specification.
998 * In ASCII they spell out to 'tmp1' and 'lebr'.
999 */
1000 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1001 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1002
1003 smp->link_key = kzalloc(16, GFP_KERNEL);
1004 if (!smp->link_key)
1005 return;
1006
1007 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1008 kfree(smp->link_key);
1009 smp->link_key = NULL;
1010 return;
1011 }
1012
1013 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1014 kfree(smp->link_key);
1015 smp->link_key = NULL;
1016 return;
1017 }
44f1a7ab
JH		 1018}
1019
b28b4943
JH		 1020static void smp_allow_key_dist(struct smp_chan *smp)
1021{
1022 /* Allow the first expected phase 3 PDU. The rest of the PDUs
1023 * will be allowed in each PDU handler to ensure we receive
1024 * them in the correct order.
1025 */
1026 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
1027 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
1028 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1029 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1030 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1031 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1032}
1033
d6268e86 1034static void smp_distribute_keys(struct smp_chan *smp)
44f1a7ab
JH		 1035{
1036 struct smp_cmd_pairing *req, *rsp;
86d1407c 1037 struct l2cap_conn *conn = smp->conn;
44f1a7ab
JH		 1038 struct hci_conn *hcon = conn->hcon;
1039 struct hci_dev *hdev = hcon->hdev;
1040 __u8 *keydist;
1041
1042 BT_DBG("conn %p", conn);
1043
44f1a7ab
JH		 1044 rsp = (void *) &smp->prsp[1];
1045
1046 /* The responder sends its keys first */
b28b4943
JH		 1047 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
1048 smp_allow_key_dist(smp);
86d1407c 1049 return;
b28b4943 1050 }
44f1a7ab
JH		 1051
1052 req = (void *) &smp->preq[1];
1053
1054 if (hcon->out) {
1055 keydist = &rsp->init_key_dist;
1056 *keydist &= req->init_key_dist;
1057 } else {
1058 keydist = &rsp->resp_key_dist;
1059 *keydist &= req->resp_key_dist;
1060 }
1061
6a77083a
JH		 1062 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1063 if (*keydist & SMP_DIST_LINK_KEY)
1064 sc_generate_link_key(smp);
1065
1066 /* Clear the keys which are generated but not distributed */
1067 *keydist &= ~SMP_SC_NO_DIST;
1068 }
1069
44f1a7ab
JH		 1070 BT_DBG("keydist 0x%x", *keydist);
1071
1072 if (*keydist & SMP_DIST_ENC_KEY) {
1073 struct smp_cmd_encrypt_info enc;
1074 struct smp_cmd_master_ident ident;
1075 struct smp_ltk *ltk;
1076 u8 authenticated;
1077 __le16 ediv;
1078 __le64 rand;
1079
1080 get_random_bytes(enc.ltk, sizeof(enc.ltk));
1081 get_random_bytes(&ediv, sizeof(ediv));
1082 get_random_bytes(&rand, sizeof(rand));
1083
1084 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1085
1086 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1087 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1088 SMP_LTK_SLAVE, authenticated, enc.ltk,
1089 smp->enc_key_size, ediv, rand);
1090 smp->slave_ltk = ltk;
1091
1092 ident.ediv = ediv;
1093 ident.rand = rand;
1094
1095 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1096
1097 *keydist &= ~SMP_DIST_ENC_KEY;
1098 }
1099
1100 if (*keydist & SMP_DIST_ID_KEY) {
1101 struct smp_cmd_ident_addr_info addrinfo;
1102 struct smp_cmd_ident_info idinfo;
1103
1104 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1105
1106 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1107
1108 /* The hci_conn contains the local identity address
1109 * after the connection has been established.
1110 *
1111 * This is true even when the connection has been
1112 * established using a resolvable random address.
1113 */
1114 bacpy(&addrinfo.bdaddr, &hcon->src);
1115 addrinfo.addr_type = hcon->src_type;
1116
1117 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1118 &addrinfo);
1119
1120 *keydist &= ~SMP_DIST_ID_KEY;
1121 }
1122
1123 if (*keydist & SMP_DIST_SIGN) {
1124 struct smp_cmd_sign_info sign;
1125 struct smp_csrk *csrk;
1126
1127 /* Generate a new random key */
1128 get_random_bytes(sign.csrk, sizeof(sign.csrk));
1129
1130 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1131 if (csrk) {
1132 csrk->master = 0x00;
1133 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
1134 }
1135 smp->slave_csrk = csrk;
1136
1137 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
1138
1139 *keydist &= ~SMP_DIST_SIGN;
1140 }
1141
1142 /* If there are still keys to be received wait for them */
b28b4943
JH		 1143 if (smp->remote_key_dist & KEY_DIST_MASK) {
1144 smp_allow_key_dist(smp);
86d1407c 1145 return;
b28b4943 1146 }
44f1a7ab 1147
44f1a7ab
JH		 1148 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1149 smp_notify_keys(conn);
1150
1151 smp_chan_destroy(conn);
44f1a7ab
JH		 1152}
1153
b68fda68
JH		 1154static void smp_timeout(struct work_struct *work)
1155{
1156 struct smp_chan *smp = container_of(work, struct smp_chan,
1157 security_timer.work);
1158 struct l2cap_conn *conn = smp->conn;
1159
1160 BT_DBG("conn %p", conn);
1161
1e91c29e 1162 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
b68fda68
JH		 1163}
1164
8aab4757
VCG		 1165static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
1166{
5d88cc73 1167 struct l2cap_chan *chan = conn->smp;
8aab4757
VCG		 1168 struct smp_chan *smp;
1169
f1560463 1170 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
fc75cc86 1171 if (!smp)
8aab4757
VCG		 1172 return NULL;
1173
6a7bd103
JH		 1174 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1175 if (IS_ERR(smp->tfm_aes)) {
1176 BT_ERR("Unable to create ECB crypto context");
1177 kfree(smp);
1178 return NULL;
1179 }
1180
407cecf6
JH		 1181 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1182 if (IS_ERR(smp->tfm_cmac)) {
1183 BT_ERR("Unable to create CMAC crypto context");
1184 crypto_free_blkcipher(smp->tfm_aes);
1185 kfree(smp);
1186 return NULL;
1187 }
1188
8aab4757 1189 smp->conn = conn;
5d88cc73 1190 chan->data = smp;
8aab4757 1191
b28b4943
JH		 1192 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
1193
b68fda68
JH		 1194 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
1195
8aab4757
VCG		 1196 hci_conn_hold(conn->hcon);
1197
1198 return smp;
1199}
1200
760b018b
JH		 1201static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1202{
1203 struct hci_conn *hcon = smp->conn->hcon;
1204 u8 *na, *nb, a[7], b[7];
1205
1206 if (hcon->out) {
1207 na = smp->prnd;
1208 nb = smp->rrnd;
1209 } else {
1210 na = smp->rrnd;
1211 nb = smp->prnd;
1212 }
1213
1214 memcpy(a, &hcon->init_addr, 6);
1215 memcpy(b, &hcon->resp_addr, 6);
1216 a[6] = hcon->init_addr_type;
1217 b[6] = hcon->resp_addr_type;
1218
1219 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1220}
1221
dddd3059 1222static void sc_dhkey_check(struct smp_chan *smp, __le32 passkey)
760b018b
JH		 1223{
1224 struct hci_conn *hcon = smp->conn->hcon;
1225 struct smp_cmd_dhkey_check check;
1226 u8 a[7], b[7], *local_addr, *remote_addr;
1227 u8 io_cap[3], r[16];
1228
760b018b
JH		 1229 memcpy(a, &hcon->init_addr, 6);
1230 memcpy(b, &hcon->resp_addr, 6);
1231 a[6] = hcon->init_addr_type;
1232 b[6] = hcon->resp_addr_type;
1233
1234 if (hcon->out) {
1235 local_addr = a;
1236 remote_addr = b;
1237 memcpy(io_cap, &smp->preq[1], 3);
1238 } else {
1239 local_addr = b;
1240 remote_addr = a;
1241 memcpy(io_cap, &smp->prsp[1], 3);
1242 }
1243
dddd3059
JH		 1244 memset(r, 0, sizeof(r));
1245
1246 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1247 memcpy(r, &passkey, sizeof(passkey));
760b018b
JH		 1248
1249 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1250 local_addr, remote_addr, check.e);
1251
1252 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
dddd3059
JH		 1253}
1254
1255static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1256{
1257 switch (mgmt_op) {
1258 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1259 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1260 return 0;
1261 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1262 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1263 return 0;
1264 }
1265
1266 sc_dhkey_check(smp, passkey);
760b018b
JH		 1267
1268 return 0;
1269}
1270
2b64d153
BG		 1271int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
1272{
b10e8017 1273 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73 1274 struct l2cap_chan *chan;
2b64d153
BG		 1275 struct smp_chan *smp;
1276 u32 value;
fc75cc86 1277 int err;
2b64d153
BG		 1278
1279 BT_DBG("");
1280
fc75cc86 1281 if (!conn)
2b64d153
BG		 1282 return -ENOTCONN;
1283
5d88cc73
JH		 1284 chan = conn->smp;
1285 if (!chan)
1286 return -ENOTCONN;
1287
fc75cc86
JH		 1288 l2cap_chan_lock(chan);
1289 if (!chan->data) {
1290 err = -ENOTCONN;
1291 goto unlock;
1292 }
1293
5d88cc73 1294 smp = chan->data;
2b64d153 1295
760b018b
JH		 1296 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1297 err = sc_user_reply(smp, mgmt_op, passkey);
1298 goto unlock;
1299 }
1300
2b64d153
BG		 1301 switch (mgmt_op) {
1302 case MGMT_OP_USER_PASSKEY_REPLY:
1303 value = le32_to_cpu(passkey);
943a732a 1304 memset(smp->tk, 0, sizeof(smp->tk));
2b64d153 1305 BT_DBG("PassKey: %d", value);
943a732a 1306 put_unaligned_le32(value, smp->tk);
2b64d153
BG		 1307 /* Fall Through */
1308 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d658 1309 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153
BG		 1310 break;
1311 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1312 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e11 1313 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1314 err = 0;
1315 goto unlock;
2b64d153 1316 default:
84794e11 1317 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc86
JH		 1318 err = -EOPNOTSUPP;
1319 goto unlock;
2b64d153
BG		 1320 }
1321
fc75cc86
JH		 1322 err = 0;
1323
2b64d153 1324 /* If it is our turn to send Pairing Confirm, do so now */
1cc61144
JH		 1325 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1326 u8 rsp = smp_confirm(smp);
1327 if (rsp)
1328 smp_failure(conn, rsp);
1329 }
2b64d153 1330
fc75cc86
JH		 1331unlock:
1332 l2cap_chan_unlock(chan);
1333 return err;
2b64d153
BG		 1334}
1335
da85e5e5 1336static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1337{
3158c50c 1338 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
fc75cc86 1339 struct l2cap_chan *chan = conn->smp;
b3c6410b 1340 struct hci_dev *hdev = conn->hcon->hdev;
8aab4757 1341 struct smp_chan *smp;
c7262e71 1342 u8 key_size, auth, sec_level;
8aab4757 1343 int ret;
88ba43b6
AB		 1344
1345 BT_DBG("conn %p", conn);
1346
c46b98be 1347 if (skb->len < sizeof(*req))
38e4a915 1348 return SMP_INVALID_PARAMS;
c46b98be 1349
40bef302 1350 if (conn->hcon->role != HCI_ROLE_SLAVE)
2b64d153
BG		 1351 return SMP_CMD_NOTSUPP;
1352
fc75cc86 1353 if (!chan->data)
8aab4757 1354 smp = smp_chan_create(conn);
fc75cc86 1355 else
5d88cc73 1356 smp = chan->data;
8aab4757 1357
d08fd0e7
AE		 1358 if (!smp)
1359 return SMP_UNSPECIFIED;
d26a2345 1360
c05b9339 1361 /* We didn't start the pairing, so match remote */
0edb14de 1362 auth = req->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1363
b6ae8457 1364 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
c05b9339 1365 (auth & SMP_AUTH_BONDING))
b3c6410b
JH		 1366 return SMP_PAIRING_NOTSUPP;
1367
1c1def09
VCG		 1368 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1369 memcpy(&smp->preq[1], req, sizeof(*req));
3158c50c 1370 skb_pull(skb, sizeof(*req));
88ba43b6 1371
5e3d3d9b
JH		 1372 build_pairing_cmd(conn, req, &rsp, auth);
1373
1374 if (rsp.auth_req & SMP_AUTH_SC)
1375 set_bit(SMP_FLAG_SC, &smp->flags);
1376
5be5e275 1377 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1378 sec_level = BT_SECURITY_MEDIUM;
1379 else
1380 sec_level = authreq_to_seclevel(auth);
1381
c7262e71
JH		 1382 if (sec_level > conn->hcon->pending_sec_level)
1383 conn->hcon->pending_sec_level = sec_level;
fdde0a26 1384
49c922bb 1385 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1386 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1387 u8 method;
1388
1389 method = get_auth_method(smp, conn->hcon->io_capability,
1390 req->io_capability);
1391 if (method == JUST_WORKS || method == JUST_CFM)
1392 return SMP_AUTH_REQUIREMENTS;
1393 }
1394
3158c50c
VCG		 1395 key_size = min(req->max_key_size, rsp.max_key_size);
1396 if (check_enc_key_size(conn, key_size))
1397 return SMP_ENC_KEY_SIZE;
88ba43b6 1398
e84a6b13 1399 get_random_bytes(smp->prnd, sizeof(smp->prnd));
8aab4757 1400
1c1def09
VCG		 1401 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1402 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
f01ead31 1403
3158c50c 1404 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
3b19146d
JH		 1405
1406 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1407
1408 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1409 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1410 /* Clear bits which are generated but not distributed */
1411 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1412 /* Wait for Public Key from Initiating Device */
1413 return 0;
1414 } else {
1415 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1416 }
da85e5e5 1417
2b64d153
BG		 1418 /* Request setup of TK */
1419 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1420 if (ret)
1421 return SMP_UNSPECIFIED;
1422
da85e5e5 1423 return 0;
88ba43b6
AB		 1424}
1425
3b19146d
JH		 1426static u8 sc_send_public_key(struct smp_chan *smp)
1427{
1428 BT_DBG("");
1429
6c0dcc50
JH		 1430 while (true) {
1431 /* Generate local key pair for Secure Connections */
1432 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1433 return SMP_UNSPECIFIED;
1434
1435 /* This is unlikely, but we need to check that we didn't
1436 * accidentially generate a debug key.
1437 */
1438 if (memcmp(smp->local_sk, debug_sk, 32))
1439 break;
1440 }
3b19146d
JH		 1441
1442 BT_DBG("Local Public Key X: %32phN", smp->local_pk);
1443 BT_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1444 BT_DBG("Local Private Key: %32phN", smp->local_sk);
1445
1446 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1447
1448 return 0;
1449}
1450
da85e5e5 1451static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1452{
3158c50c 1453 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
5d88cc73
JH		 1454 struct l2cap_chan *chan = conn->smp;
1455 struct smp_chan *smp = chan->data;
0edb14de 1456 struct hci_dev *hdev = conn->hcon->hdev;
3a7dbfb8 1457 u8 key_size, auth;
7d24ddcc 1458 int ret;
88ba43b6
AB		 1459
1460 BT_DBG("conn %p", conn);
1461
c46b98be 1462 if (skb->len < sizeof(*rsp))
38e4a915 1463 return SMP_INVALID_PARAMS;
c46b98be 1464
40bef302 1465 if (conn->hcon->role != HCI_ROLE_MASTER)
2b64d153
BG		 1466 return SMP_CMD_NOTSUPP;
1467
3158c50c
VCG		 1468 skb_pull(skb, sizeof(*rsp));
1469
1c1def09 1470 req = (void *) &smp->preq[1];
da85e5e5 1471
3158c50c
VCG		 1472 key_size = min(req->max_key_size, rsp->max_key_size);
1473 if (check_enc_key_size(conn, key_size))
1474 return SMP_ENC_KEY_SIZE;
1475
0edb14de 1476 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1477
65668776
JH		 1478 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1479 set_bit(SMP_FLAG_SC, &smp->flags);
d2eb9e10
JH		 1480 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1481 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
65668776 1482
49c922bb 1483 /* If we need MITM check that it can be achieved */
2ed8f65c
JH		 1484 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1485 u8 method;
1486
1487 method = get_auth_method(smp, req->io_capability,
1488 rsp->io_capability);
1489 if (method == JUST_WORKS || method == JUST_CFM)
1490 return SMP_AUTH_REQUIREMENTS;
1491 }
1492
e84a6b13 1493 get_random_bytes(smp->prnd, sizeof(smp->prnd));
7d24ddcc 1494
8aab4757
VCG		 1495 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1496 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
7d24ddcc 1497
fdcc4bec
JH		 1498 /* Update remote key distribution in case the remote cleared
1499 * some bits that we had enabled in our request.
1500 */
1501 smp->remote_key_dist &= rsp->resp_key_dist;
1502
3b19146d
JH		 1503 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1504 /* Clear bits which are generated but not distributed */
1505 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1506 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1507 return sc_send_public_key(smp);
1508 }
1509
c05b9339 1510 auth |= req->auth_req;
2b64d153 1511
476585ec 1512 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
2b64d153
BG		 1513 if (ret)
1514 return SMP_UNSPECIFIED;
1515
4a74d658 1516 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
2b64d153
BG		 1517
1518 /* Can't compose response until we have been confirmed */
4a74d658 1519 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1520 return smp_confirm(smp);
da85e5e5
VCG		 1521
1522 return 0;
88ba43b6
AB		 1523}
1524
dcee2b32
JH		 1525static u8 sc_check_confirm(struct smp_chan *smp)
1526{
1527 struct l2cap_conn *conn = smp->conn;
1528
1529 BT_DBG("");
1530
1531 /* Public Key exchange must happen before any other steps */
1532 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1533 return SMP_UNSPECIFIED;
1534
1535 if (conn->hcon->out) {
1536 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1537 smp->prnd);
1538 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1539 }
1540
1541 return 0;
1542}
1543
da85e5e5 1544static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1545{
5d88cc73
JH		 1546 struct l2cap_chan *chan = conn->smp;
1547 struct smp_chan *smp = chan->data;
7d24ddcc 1548
88ba43b6
AB		 1549 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1550
c46b98be 1551 if (skb->len < sizeof(smp->pcnf))
38e4a915 1552 return SMP_INVALID_PARAMS;
c46b98be 1553
1c1def09
VCG		 1554 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1555 skb_pull(skb, sizeof(smp->pcnf));
88ba43b6 1556
dcee2b32
JH		 1557 if (test_bit(SMP_FLAG_SC, &smp->flags))
1558 return sc_check_confirm(smp);
1559
b28b4943 1560 if (conn->hcon->out) {
943a732a
JH		 1561 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1562 smp->prnd);
b28b4943
JH		 1563 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1564 return 0;
1565 }
1566
1567 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1cc61144 1568 return smp_confirm(smp);
943a732a 1569 else
4a74d658 1570 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
da85e5e5
VCG		 1571
1572 return 0;
88ba43b6
AB		 1573}
1574
da85e5e5 1575static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6 1576{
5d88cc73
JH		 1577 struct l2cap_chan *chan = conn->smp;
1578 struct smp_chan *smp = chan->data;
191dc7fe
JH		 1579 struct hci_conn *hcon = conn->hcon;
1580 u8 *pkax, *pkbx, *na, *nb;
1581 u32 passkey;
1582 int err;
7d24ddcc 1583
8aab4757 1584 BT_DBG("conn %p", conn);
3158c50c 1585
c46b98be 1586 if (skb->len < sizeof(smp->rrnd))
38e4a915 1587 return SMP_INVALID_PARAMS;
c46b98be 1588
943a732a 1589 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
8aab4757 1590 skb_pull(skb, sizeof(smp->rrnd));
e7e62c85 1591
191dc7fe
JH		 1592 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1593 return smp_random(smp);
1594
1595 if (hcon->out) {
1596 u8 cfm[16];
1597
1598 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1599 smp->rrnd, 0, cfm);
1600 if (err)
1601 return SMP_UNSPECIFIED;
1602
1603 if (memcmp(smp->pcnf, cfm, 16))
1604 return SMP_CONFIRM_FAILED;
1605
1606 pkax = smp->local_pk;
1607 pkbx = smp->remote_pk;
1608 na = smp->prnd;
1609 nb = smp->rrnd;
1610 } else {
1611 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1612 smp->prnd);
1613 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1614
1615 pkax = smp->remote_pk;
1616 pkbx = smp->local_pk;
1617 na = smp->rrnd;
1618 nb = smp->prnd;
1619 }
1620
760b018b
JH		 1621 /* Generate MacKey and LTK */
1622 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1623 if (err)
1624 return SMP_UNSPECIFIED;
1625
191dc7fe
JH		 1626 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
1627 if (err)
1628 return SMP_UNSPECIFIED;
1629
dddd3059
JH		 1630 if (smp->method == JUST_WORKS) {
1631 if (hcon->out) {
1632 sc_dhkey_check(smp, passkey);
1633 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1634 }
1635 return 0;
1636 }
1637
191dc7fe
JH		 1638 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
1639 hcon->type, hcon->dst_type,
1640 passkey, 0);
1641 if (err)
1642 return SMP_UNSPECIFIED;
1643
1644 return 0;
88ba43b6
AB		 1645}
1646
f81cd823 1647static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
988c5997 1648{
c9839a11 1649 struct smp_ltk *key;
988c5997
VCG		 1650 struct hci_conn *hcon = conn->hcon;
1651
f3a73d97 1652 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
988c5997 1653 if (!key)
f81cd823 1654 return false;
988c5997 1655
a6f7833c 1656 if (smp_ltk_sec_level(key) < sec_level)
f81cd823 1657 return false;
4dab7864 1658
51a8efd7 1659 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
f81cd823 1660 return true;
988c5997 1661
c9839a11
VCG		 1662 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1663 hcon->enc_key_size = key->enc_size;
988c5997 1664
fe59a05f
JH		 1665 /* We never store STKs for master role, so clear this flag */
1666 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1667
f81cd823 1668 return true;
988c5997 1669}
f1560463 1670
35dc6f83
JH		 1671bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1672 enum smp_key_pref key_pref)
854f4727
JH		 1673{
1674 if (sec_level == BT_SECURITY_LOW)
1675 return true;
1676
35dc6f83
JH		 1677 /* If we're encrypted with an STK but the caller prefers using
1678 * LTK claim insufficient security. This way we allow the
1679 * connection to be re-encrypted with an LTK, even if the LTK
1680 * provides the same level of security. Only exception is if we
1681 * don't have an LTK (e.g. because of key distribution bits).
9ab65d60 1682 */
35dc6f83
JH		 1683 if (key_pref == SMP_USE_LTK &&
1684 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
f3a73d97 1685 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
9ab65d60
JH		 1686 return false;
1687
854f4727
JH		 1688 if (hcon->sec_level >= sec_level)
1689 return true;
1690
1691 return false;
1692}
1693
da85e5e5 1694static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
88ba43b6
AB		 1695{
1696 struct smp_cmd_security_req *rp = (void *) skb->data;
1697 struct smp_cmd_pairing cp;
f1cb9af5 1698 struct hci_conn *hcon = conn->hcon;
0edb14de 1699 struct hci_dev *hdev = hcon->hdev;
8aab4757 1700 struct smp_chan *smp;
c05b9339 1701 u8 sec_level, auth;
88ba43b6
AB		 1702
1703 BT_DBG("conn %p", conn);
1704
c46b98be 1705 if (skb->len < sizeof(*rp))
38e4a915 1706 return SMP_INVALID_PARAMS;
c46b98be 1707
40bef302 1708 if (hcon->role != HCI_ROLE_MASTER)
86ca9eac
JH		 1709 return SMP_CMD_NOTSUPP;
1710
0edb14de 1711 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
c05b9339 1712
5be5e275 1713 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1afc2a1a
JH		 1714 sec_level = BT_SECURITY_MEDIUM;
1715 else
1716 sec_level = authreq_to_seclevel(auth);
1717
35dc6f83 1718 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
854f4727
JH		 1719 return 0;
1720
c7262e71
JH		 1721 if (sec_level > hcon->pending_sec_level)
1722 hcon->pending_sec_level = sec_level;
feb45eb5 1723
4dab7864 1724 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
988c5997
VCG		 1725 return 0;
1726
8aab4757 1727 smp = smp_chan_create(conn);
c29d2444
JH		 1728 if (!smp)
1729 return SMP_UNSPECIFIED;
d26a2345 1730
b6ae8457 1731 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
c05b9339 1732 (auth & SMP_AUTH_BONDING))
616d55be
JH		 1733 return SMP_PAIRING_NOTSUPP;
1734
88ba43b6 1735 skb_pull(skb, sizeof(*rp));
88ba43b6 1736
da85e5e5 1737 memset(&cp, 0, sizeof(cp));
c05b9339 1738 build_pairing_cmd(conn, &cp, NULL, auth);
88ba43b6 1739
1c1def09
VCG		 1740 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1741 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1742
88ba43b6 1743 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1744 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
f1cb9af5 1745
da85e5e5 1746 return 0;
88ba43b6
AB		 1747}
1748
cc110922 1749int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
eb492e01 1750{
cc110922 1751 struct l2cap_conn *conn = hcon->l2cap_data;
c68b7f12 1752 struct l2cap_chan *chan;
0a66cf20 1753 struct smp_chan *smp;
2b64d153 1754 __u8 authreq;
fc75cc86 1755 int ret;
eb492e01 1756
3a0259bb
VCG		 1757 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1758
0a66cf20
JH		 1759 /* This may be NULL if there's an unexpected disconnection */
1760 if (!conn)
1761 return 1;
1762
c68b7f12
JH		 1763 chan = conn->smp;
1764
757aee0f 1765 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
2e65c9d2
AG		 1766 return 1;
1767
35dc6f83 1768 if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
eb492e01 1769 return 1;
f1cb9af5 1770
c7262e71
JH		 1771 if (sec_level > hcon->pending_sec_level)
1772 hcon->pending_sec_level = sec_level;
1773
40bef302 1774 if (hcon->role == HCI_ROLE_MASTER)
c7262e71
JH		 1775 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1776 return 0;
d26a2345 1777
fc75cc86
JH		 1778 l2cap_chan_lock(chan);
1779
1780 /* If SMP is already in progress ignore this request */
1781 if (chan->data) {
1782 ret = 0;
1783 goto unlock;
1784 }
d26a2345 1785
8aab4757 1786 smp = smp_chan_create(conn);
fc75cc86
JH		 1787 if (!smp) {
1788 ret = 1;
1789 goto unlock;
1790 }
2b64d153
BG		 1791
1792 authreq = seclevel_to_authreq(sec_level);
d26a2345 1793
d2eb9e10
JH		 1794 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
1795 authreq |= SMP_AUTH_SC;
1796
79897d20
JH		 1797 /* Require MITM if IO Capability allows or the security level
1798 * requires it.
2e233644 1799 */
79897d20 1800 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
c7262e71 1801 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
2e233644
JH		 1802 authreq |= SMP_AUTH_MITM;
1803
40bef302 1804 if (hcon->role == HCI_ROLE_MASTER) {
d26a2345 1805 struct smp_cmd_pairing cp;
f01ead31 1806
2b64d153 1807 build_pairing_cmd(conn, &cp, NULL, authreq);
1c1def09
VCG		 1808 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1809 memcpy(&smp->preq[1], &cp, sizeof(cp));
f01ead31 1810
eb492e01 1811 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
b28b4943 1812 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
eb492e01
AB		 1813 } else {
1814 struct smp_cmd_security_req cp;
2b64d153 1815 cp.auth_req = authreq;
eb492e01 1816 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
b28b4943 1817 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
eb492e01
AB		 1818 }
1819
4a74d658 1820 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
fc75cc86 1821 ret = 0;
edca792c 1822
fc75cc86
JH		 1823unlock:
1824 l2cap_chan_unlock(chan);
1825 return ret;
eb492e01
AB		 1826}
1827
7034b911
VCG		 1828static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1829{
16b90839 1830 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
5d88cc73
JH		 1831 struct l2cap_chan *chan = conn->smp;
1832 struct smp_chan *smp = chan->data;
16b90839 1833
c46b98be
JH		 1834 BT_DBG("conn %p", conn);
1835
1836 if (skb->len < sizeof(*rp))
38e4a915 1837 return SMP_INVALID_PARAMS;
c46b98be 1838
b28b4943 1839 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
6131ddc8 1840
16b90839
VCG		 1841 skb_pull(skb, sizeof(*rp));
1842
1c1def09 1843 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
16b90839 1844
7034b911
VCG		 1845 return 0;
1846}
1847
1848static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1849{
16b90839 1850 struct smp_cmd_master_ident *rp = (void *) skb->data;
5d88cc73
JH		 1851 struct l2cap_chan *chan = conn->smp;
1852 struct smp_chan *smp = chan->data;
c9839a11
VCG		 1853 struct hci_dev *hdev = conn->hcon->hdev;
1854 struct hci_conn *hcon = conn->hcon;
23d0e128 1855 struct smp_ltk *ltk;
c9839a11 1856 u8 authenticated;
16b90839 1857
c46b98be
JH		 1858 BT_DBG("conn %p", conn);
1859
1860 if (skb->len < sizeof(*rp))
38e4a915 1861 return SMP_INVALID_PARAMS;
c46b98be 1862
9747a9f3
JH		 1863 /* Mark the information as received */
1864 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1865
b28b4943
JH		 1866 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1867 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
196332f5
JH		 1868 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1869 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
b28b4943 1870
16b90839 1871 skb_pull(skb, sizeof(*rp));
7034b911 1872
ce39fb4e 1873 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
2ceba539 1874 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
23d0e128
JH		 1875 authenticated, smp->tk, smp->enc_key_size,
1876 rp->ediv, rp->rand);
1877 smp->ltk = ltk;
c6e81e9a 1878 if (!(smp->remote_key_dist & KEY_DIST_MASK))
d6268e86 1879 smp_distribute_keys(smp);
7034b911
VCG		 1880
1881 return 0;
1882}
1883
fd349c02
JH		 1884static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1885{
1886 struct smp_cmd_ident_info *info = (void *) skb->data;
5d88cc73
JH		 1887 struct l2cap_chan *chan = conn->smp;
1888 struct smp_chan *smp = chan->data;
fd349c02
JH		 1889
1890 BT_DBG("");
1891
1892 if (skb->len < sizeof(*info))
38e4a915 1893 return SMP_INVALID_PARAMS;
fd349c02 1894
b28b4943 1895 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
6131ddc8 1896
fd349c02
JH		 1897 skb_pull(skb, sizeof(*info));
1898
1899 memcpy(smp->irk, info->irk, 16);
1900
1901 return 0;
1902}
1903
1904static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1905 struct sk_buff *skb)
1906{
1907 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
5d88cc73
JH		 1908 struct l2cap_chan *chan = conn->smp;
1909 struct smp_chan *smp = chan->data;
fd349c02
JH		 1910 struct hci_conn *hcon = conn->hcon;
1911 bdaddr_t rpa;
1912
1913 BT_DBG("");
1914
1915 if (skb->len < sizeof(*info))
38e4a915 1916 return SMP_INVALID_PARAMS;
fd349c02 1917
9747a9f3
JH		 1918 /* Mark the information as received */
1919 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1920
b28b4943
JH		 1921 if (smp->remote_key_dist & SMP_DIST_SIGN)
1922 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1923
fd349c02
JH		 1924 skb_pull(skb, sizeof(*info));
1925
a9a58f86
JH		 1926 /* Strictly speaking the Core Specification (4.1) allows sending
1927 * an empty address which would force us to rely on just the IRK
1928 * as "identity information". However, since such
1929 * implementations are not known of and in order to not over
1930 * complicate our implementation, simply pretend that we never
1931 * received an IRK for such a device.
1932 */
1933 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1934 BT_ERR("Ignoring IRK with no identity address");
31dd624e 1935 goto distribute;
a9a58f86
JH		 1936 }
1937
fd349c02
JH		 1938 bacpy(&smp->id_addr, &info->bdaddr);
1939 smp->id_addr_type = info->addr_type;
1940
1941 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1942 bacpy(&rpa, &hcon->dst);
1943 else
1944 bacpy(&rpa, BDADDR_ANY);
1945
23d0e128
JH		 1946 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1947 smp->id_addr_type, smp->irk, &rpa);
fd349c02 1948
31dd624e 1949distribute:
c6e81e9a
JH		 1950 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1951 smp_distribute_keys(smp);
fd349c02
JH		 1952
1953 return 0;
1954}
1955
7ee4ea36
MH		 1956static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1957{
1958 struct smp_cmd_sign_info *rp = (void *) skb->data;
5d88cc73
JH		 1959 struct l2cap_chan *chan = conn->smp;
1960 struct smp_chan *smp = chan->data;
7ee4ea36
MH		 1961 struct smp_csrk *csrk;
1962
1963 BT_DBG("conn %p", conn);
1964
1965 if (skb->len < sizeof(*rp))
38e4a915 1966 return SMP_INVALID_PARAMS;
7ee4ea36 1967
7ee4ea36
MH		 1968 /* Mark the information as received */
1969 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1970
1971 skb_pull(skb, sizeof(*rp));
1972
7ee4ea36
MH		 1973 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1974 if (csrk) {
1975 csrk->master = 0x01;
1976 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1977 }
1978 smp->csrk = csrk;
d6268e86 1979 smp_distribute_keys(smp);
7ee4ea36
MH		 1980
1981 return 0;
1982}
1983
5e3d3d9b
JH		 1984static u8 sc_select_method(struct smp_chan *smp)
1985{
1986 struct l2cap_conn *conn = smp->conn;
1987 struct hci_conn *hcon = conn->hcon;
1988 struct smp_cmd_pairing *local, *remote;
1989 u8 local_mitm, remote_mitm, local_io, remote_io, method;
1990
1991 /* The preq/prsp contain the raw Pairing Request/Response PDUs
1992 * which are needed as inputs to some crypto functions. To get
1993 * the "struct smp_cmd_pairing" from them we need to skip the
1994 * first byte which contains the opcode.
1995 */
1996 if (hcon->out) {
1997 local = (void *) &smp->preq[1];
1998 remote = (void *) &smp->prsp[1];
1999 } else {
2000 local = (void *) &smp->prsp[1];
2001 remote = (void *) &smp->preq[1];
2002 }
2003
2004 local_io = local->io_capability;
2005 remote_io = remote->io_capability;
2006
2007 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2008 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2009
2010 /* If either side wants MITM, look up the method from the table,
2011 * otherwise use JUST WORKS.
2012 */
2013 if (local_mitm || remote_mitm)
2014 method = get_auth_method(smp, local_io, remote_io);
2015 else
2016 method = JUST_WORKS;
2017
2018 /* Don't confirm locally initiated pairing attempts */
2019 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2020 method = JUST_WORKS;
2021
2022 return method;
2023}
2024
d8f8edbe
JH		 2025static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2026{
2027 struct smp_cmd_public_key *key = (void *) skb->data;
2028 struct hci_conn *hcon = conn->hcon;
2029 struct l2cap_chan *chan = conn->smp;
2030 struct smp_chan *smp = chan->data;
5e3d3d9b 2031 struct hci_dev *hdev = hcon->hdev;
cbbbe3e2 2032 struct smp_cmd_pairing_confirm cfm;
d8f8edbe
JH		 2033 int err;
2034
2035 BT_DBG("conn %p", conn);
2036
2037 if (skb->len < sizeof(*key))
2038 return SMP_INVALID_PARAMS;
2039
2040 memcpy(smp->remote_pk, key, 64);
2041
2042 /* Non-initiating device sends its public key after receiving
2043 * the key from the initiating device.
2044 */
2045 if (!hcon->out) {
2046 err = sc_send_public_key(smp);
2047 if (err)
2048 return err;
2049 }
2050
2051 BT_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2052 BT_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2053
2054 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2055 return SMP_UNSPECIFIED;
2056
2057 BT_DBG("DHKey %32phN", smp->dhkey);
2058
2059 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2060
5e3d3d9b
JH		 2061 smp->method = sc_select_method(smp);
2062
2063 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2064
2065 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2066 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2067 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2068 else
2069 hcon->pending_sec_level = BT_SECURITY_FIPS;
2070
aeb7d461
JH		 2071 if (!memcmp(debug_pk, smp->remote_pk, 64))
2072 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2073
cbbbe3e2
JH		 2074 /* The Initiating device waits for the non-initiating device to
2075 * send the confirm value.
2076 */
2077 if (conn->hcon->out)
2078 return 0;
2079
2080 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2081 0, cfm.confirm_val);
2082 if (err)
2083 return SMP_UNSPECIFIED;
2084
2085 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2086 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2087
d8f8edbe
JH		 2088 return 0;
2089}
2090
6433a9a2
JH		 2091static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2092{
2093 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2094 struct l2cap_chan *chan = conn->smp;
2095 struct hci_conn *hcon = conn->hcon;
2096 struct smp_chan *smp = chan->data;
2097 u8 a[7], b[7], *local_addr, *remote_addr;
2098 u8 io_cap[3], r[16], e[16];
d378a2d7 2099 u8 key_type, auth;
6433a9a2
JH		 2100 int err;
2101
2102 BT_DBG("conn %p", conn);
2103
2104 if (skb->len < sizeof(*check))
2105 return SMP_INVALID_PARAMS;
2106
2107 memcpy(a, &hcon->init_addr, 6);
2108 memcpy(b, &hcon->resp_addr, 6);
2109 a[6] = hcon->init_addr_type;
2110 b[6] = hcon->resp_addr_type;
2111
2112 if (hcon->out) {
2113 local_addr = a;
2114 remote_addr = b;
2115 memcpy(io_cap, &smp->prsp[1], 3);
2116 } else {
2117 local_addr = b;
2118 remote_addr = a;
2119 memcpy(io_cap, &smp->preq[1], 3);
2120 }
2121
2122 memset(r, 0, sizeof(r));
2123
2124 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2125 io_cap, remote_addr, local_addr, e);
2126 if (err)
2127 return SMP_UNSPECIFIED;
2128
2129 if (memcmp(check->e, e, 16))
2130 return SMP_DHKEY_CHECK_FAILED;
2131
d378a2d7
JH		 2132 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
2133 key_type = SMP_LTK_P256_DEBUG;
2134 else
2135 key_type = SMP_LTK_P256;
2136
2137 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
2138 auth = 1;
2139 else
2140 auth = 0;
2141
6433a9a2 2142 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
d378a2d7 2143 key_type, auth, smp->tk, smp->enc_key_size,
6433a9a2
JH		 2144 0, 0);
2145
2146 if (hcon->out) {
2147 hci_le_start_enc(hcon, 0, 0, smp->tk);
2148 hcon->enc_key_size = smp->enc_key_size;
2149 }
2150
2151 return 0;
2152}
2153
4befb867 2154static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
eb492e01 2155{
5d88cc73 2156 struct l2cap_conn *conn = chan->conn;
7b9899db 2157 struct hci_conn *hcon = conn->hcon;
b28b4943 2158 struct smp_chan *smp;
92381f5c 2159 __u8 code, reason;
eb492e01
AB		 2160 int err = 0;
2161
7b9899db
MH		 2162 if (hcon->type != LE_LINK) {
2163 kfree_skb(skb);
3432711f 2164 return 0;
7b9899db
MH		 2165 }
2166
8ae9b984 2167 if (skb->len < 1)
92381f5c 2168 return -EILSEQ;
92381f5c 2169
06ae3314 2170 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
2e65c9d2
AG		 2171 reason = SMP_PAIRING_NOTSUPP;
2172 goto done;
2173 }
2174
92381f5c 2175 code = skb->data[0];
eb492e01
AB		 2176 skb_pull(skb, sizeof(code));
2177
b28b4943
JH		 2178 smp = chan->data;
2179
2180 if (code > SMP_CMD_MAX)
2181 goto drop;
2182
24bd0bd9 2183 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
b28b4943
JH		 2184 goto drop;
2185
2186 /* If we don't have a context the only allowed commands are
2187 * pairing request and security request.
8cf9fa12 2188 */
b28b4943
JH		 2189 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
2190 goto drop;
8cf9fa12 2191
eb492e01
AB		 2192 switch (code) {
2193 case SMP_CMD_PAIRING_REQ:
da85e5e5 2194 reason = smp_cmd_pairing_req(conn, skb);
eb492e01
AB		 2195 break;
2196
2197 case SMP_CMD_PAIRING_FAIL:
84794e11 2198 smp_failure(conn, 0);
da85e5e5 2199 err = -EPERM;
eb492e01
AB		 2200 break;
2201
2202 case SMP_CMD_PAIRING_RSP:
da85e5e5 2203 reason = smp_cmd_pairing_rsp(conn, skb);
88ba43b6
AB		 2204 break;
2205
2206 case SMP_CMD_SECURITY_REQ:
da85e5e5 2207 reason = smp_cmd_security_req(conn, skb);
88ba43b6
AB		 2208 break;
2209
eb492e01 2210 case SMP_CMD_PAIRING_CONFIRM:
da85e5e5 2211 reason = smp_cmd_pairing_confirm(conn, skb);
88ba43b6
AB		 2212 break;
2213
eb492e01 2214 case SMP_CMD_PAIRING_RANDOM:
da85e5e5 2215 reason = smp_cmd_pairing_random(conn, skb);
88ba43b6
AB		 2216 break;
2217
eb492e01 2218 case SMP_CMD_ENCRYPT_INFO:
7034b911
VCG		 2219 reason = smp_cmd_encrypt_info(conn, skb);
2220 break;
2221
eb492e01 2222 case SMP_CMD_MASTER_IDENT:
7034b911
VCG		 2223 reason = smp_cmd_master_ident(conn, skb);
2224 break;
2225
eb492e01 2226 case SMP_CMD_IDENT_INFO:
fd349c02
JH		 2227 reason = smp_cmd_ident_info(conn, skb);
2228 break;
2229
eb492e01 2230 case SMP_CMD_IDENT_ADDR_INFO:
fd349c02
JH		 2231 reason = smp_cmd_ident_addr_info(conn, skb);
2232 break;
2233
eb492e01 2234 case SMP_CMD_SIGN_INFO:
7ee4ea36 2235 reason = smp_cmd_sign_info(conn, skb);
7034b911
VCG		 2236 break;
2237
d8f8edbe
JH		 2238 case SMP_CMD_PUBLIC_KEY:
2239 reason = smp_cmd_public_key(conn, skb);
2240 break;
2241
6433a9a2
JH		 2242 case SMP_CMD_DHKEY_CHECK:
2243 reason = smp_cmd_dhkey_check(conn, skb);
2244 break;
2245
eb492e01
AB		 2246 default:
2247 BT_DBG("Unknown command code 0x%2.2x", code);
eb492e01 2248 reason = SMP_CMD_NOTSUPP;
3a0259bb 2249 goto done;
eb492e01
AB		 2250 }
2251
3a0259bb 2252done:
9b7b18ef
JH		 2253 if (!err) {
2254 if (reason)
2255 smp_failure(conn, reason);
8ae9b984 2256 kfree_skb(skb);
9b7b18ef
JH		 2257 }
2258
eb492e01 2259 return err;
b28b4943
JH		 2260
2261drop:
2262 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
2263 code, &hcon->dst);
2264 kfree_skb(skb);
2265 return 0;
eb492e01 2266}
7034b911 2267
70db83c4
JH		 2268static void smp_teardown_cb(struct l2cap_chan *chan, int err)
2269{
2270 struct l2cap_conn *conn = chan->conn;
2271
2272 BT_DBG("chan %p", chan);
2273
fc75cc86 2274 if (chan->data)
5d88cc73 2275 smp_chan_destroy(conn);
5d88cc73 2276
70db83c4
JH		 2277 conn->smp = NULL;
2278 l2cap_chan_put(chan);
2279}
2280
44f1a7ab
JH		 2281static void smp_resume_cb(struct l2cap_chan *chan)
2282{
b68fda68 2283 struct smp_chan *smp = chan->data;
44f1a7ab
JH		 2284 struct l2cap_conn *conn = chan->conn;
2285 struct hci_conn *hcon = conn->hcon;
2286
2287 BT_DBG("chan %p", chan);
2288
86d1407c
JH		 2289 if (!smp)
2290 return;
b68fda68 2291
84bc0db5
JH		 2292 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2293 return;
2294
86d1407c
JH		 2295 cancel_delayed_work(&smp->security_timer);
2296
d6268e86 2297 smp_distribute_keys(smp);
44f1a7ab
JH		 2298}
2299
70db83c4
JH		 2300static void smp_ready_cb(struct l2cap_chan *chan)
2301{
2302 struct l2cap_conn *conn = chan->conn;
2303
2304 BT_DBG("chan %p", chan);
2305
2306 conn->smp = chan;
2307 l2cap_chan_hold(chan);
2308}
2309
4befb867
JH		 2310static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
2311{
2312 int err;
2313
2314 BT_DBG("chan %p", chan);
2315
2316 err = smp_sig_channel(chan, skb);
2317 if (err) {
b68fda68 2318 struct smp_chan *smp = chan->data;
4befb867 2319
b68fda68
JH		 2320 if (smp)
2321 cancel_delayed_work_sync(&smp->security_timer);
4befb867 2322
1e91c29e 2323 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
4befb867
JH		 2324 }
2325
2326 return err;
2327}
2328
70db83c4
JH		 2329static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
2330 unsigned long hdr_len,
2331 unsigned long len, int nb)
2332{
2333 struct sk_buff *skb;
2334
2335 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
2336 if (!skb)
2337 return ERR_PTR(-ENOMEM);
2338
2339 skb->priority = HCI_PRIO_MAX;
2340 bt_cb(skb)->chan = chan;
2341
2342 return skb;
2343}
2344
2345static const struct l2cap_ops smp_chan_ops = {
2346 .name = "Security Manager",
2347 .ready = smp_ready_cb,
5d88cc73 2348 .recv = smp_recv_cb,
70db83c4
JH		 2349 .alloc_skb = smp_alloc_skb_cb,
2350 .teardown = smp_teardown_cb,
44f1a7ab 2351 .resume = smp_resume_cb,
70db83c4
JH		 2352
2353 .new_connection = l2cap_chan_no_new_connection,
70db83c4
JH		 2354 .state_change = l2cap_chan_no_state_change,
2355 .close = l2cap_chan_no_close,
2356 .defer = l2cap_chan_no_defer,
2357 .suspend = l2cap_chan_no_suspend,
70db83c4
JH		 2358 .set_shutdown = l2cap_chan_no_set_shutdown,
2359 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2360 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2361};
2362
2363static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
2364{
2365 struct l2cap_chan *chan;
2366
2367 BT_DBG("pchan %p", pchan);
2368
2369 chan = l2cap_chan_create();
2370 if (!chan)
2371 return NULL;
2372
2373 chan->chan_type = pchan->chan_type;
2374 chan->ops = &smp_chan_ops;
2375 chan->scid = pchan->scid;
2376 chan->dcid = chan->scid;
2377 chan->imtu = pchan->imtu;
2378 chan->omtu = pchan->omtu;
2379 chan->mode = pchan->mode;
2380
abe84903
JH		 2381 /* Other L2CAP channels may request SMP routines in order to
2382 * change the security level. This means that the SMP channel
2383 * lock must be considered in its own category to avoid lockdep
2384 * warnings.
2385 */
2386 atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
2387
70db83c4
JH		 2388 BT_DBG("created chan %p", chan);
2389
2390 return chan;
2391}
2392
2393static const struct l2cap_ops smp_root_chan_ops = {
2394 .name = "Security Manager Root",
2395 .new_connection = smp_new_conn_cb,
2396
2397 /* None of these are implemented for the root channel */
2398 .close = l2cap_chan_no_close,
2399 .alloc_skb = l2cap_chan_no_alloc_skb,
2400 .recv = l2cap_chan_no_recv,
2401 .state_change = l2cap_chan_no_state_change,
2402 .teardown = l2cap_chan_no_teardown,
2403 .ready = l2cap_chan_no_ready,
2404 .defer = l2cap_chan_no_defer,
2405 .suspend = l2cap_chan_no_suspend,
2406 .resume = l2cap_chan_no_resume,
2407 .set_shutdown = l2cap_chan_no_set_shutdown,
2408 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
2409 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
2410};
2411
711eafe3
JH		 2412int smp_register(struct hci_dev *hdev)
2413{
70db83c4 2414 struct l2cap_chan *chan;
defce9e8 2415 struct crypto_blkcipher *tfm_aes;
70db83c4 2416
711eafe3
JH		 2417 BT_DBG("%s", hdev->name);
2418
adae20cb 2419 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
defce9e8
JH		 2420 if (IS_ERR(tfm_aes)) {
2421 int err = PTR_ERR(tfm_aes);
711eafe3 2422 BT_ERR("Unable to create crypto context");
711eafe3
JH		 2423 return err;
2424 }
2425
70db83c4
JH		 2426 chan = l2cap_chan_create();
2427 if (!chan) {
defce9e8 2428 crypto_free_blkcipher(tfm_aes);
70db83c4
JH		 2429 return -ENOMEM;
2430 }
2431
defce9e8
JH		 2432 chan->data = tfm_aes;
2433
5d88cc73 2434 l2cap_add_scid(chan, L2CAP_CID_SMP);
70db83c4
JH		 2435
2436 l2cap_chan_set_defaults(chan);
2437
2438 bacpy(&chan->src, &hdev->bdaddr);
2439 chan->src_type = BDADDR_LE_PUBLIC;
2440 chan->state = BT_LISTEN;
2441 chan->mode = L2CAP_MODE_BASIC;
2442 chan->imtu = L2CAP_DEFAULT_MTU;
2443 chan->ops = &smp_root_chan_ops;
2444
abe84903
JH		 2445 /* Set correct nesting level for a parent/listening channel */
2446 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
2447
70db83c4
JH		 2448 hdev->smp_data = chan;
2449
711eafe3
JH		 2450 return 0;
2451}
2452
2453void smp_unregister(struct hci_dev *hdev)
2454{
70db83c4 2455 struct l2cap_chan *chan = hdev->smp_data;
defce9e8 2456 struct crypto_blkcipher *tfm_aes;
70db83c4
JH		 2457
2458 if (!chan)
2459 return;
2460
2461 BT_DBG("%s chan %p", hdev->name, chan);
711eafe3 2462
defce9e8
JH		 2463 tfm_aes = chan->data;
2464 if (tfm_aes) {
2465 chan->data = NULL;
2466 crypto_free_blkcipher(tfm_aes);
711eafe3 2467 }
70db83c4
JH		 2468
2469 hdev->smp_data = NULL;
2470 l2cap_chan_put(chan);
711eafe3 2471}
Linux 6.x block layer and io_uring tree(s)