smp.c 23.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

23 24 25 26
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <crypto/b128ops.h>

27 28 29
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>
30
#include <net/bluetooth/mgmt.h>
31
#include <net/bluetooth/smp.h>
32

33
#define SMP_TIMEOUT	msecs_to_jiffies(30000)
34

35 36
#define AUTH_REQ_MASK   0x07

37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
static inline void swap128(u8 src[16], u8 dst[16])
{
	int i;
	for (i = 0; i < 16; i++)
		dst[15 - i] = src[i];
}

static inline void swap56(u8 src[7], u8 dst[7])
{
	int i;
	for (i = 0; i < 7; i++)
		dst[6 - i] = src[i];
}

static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
{
	struct blkcipher_desc desc;
	struct scatterlist sg;
	int err, iv_len;
	unsigned char iv[128];

	if (tfm == NULL) {
		BT_ERR("tfm %p", tfm);
		return -EINVAL;
	}

	desc.tfm = tfm;
	desc.flags = 0;

	err = crypto_blkcipher_setkey(tfm, k, 16);
	if (err) {
		BT_ERR("cipher setkey failed: %d", err);
		return err;
	}

	sg_init_one(&sg, r, 16);

	iv_len = crypto_blkcipher_ivsize(tfm);
	if (iv_len) {
		memset(&iv, 0xff, iv_len);
		crypto_blkcipher_set_iv(tfm, iv, iv_len);
	}

	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
	if (err)
		BT_ERR("Encrypt data error %d", err);

	return err;
}

static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
		u8 _rat, bdaddr_t *ra, u8 res[16])
{
	u8 p1[16], p2[16];
	int err;

	memset(p1, 0, 16);

	/* p1 = pres || preq || _rat || _iat */
	swap56(pres, p1);
	swap56(preq, p1 + 7);
	p1[14] = _rat;
	p1[15] = _iat;

	memset(p2, 0, 16);

	/* p2 = padding || ia || ra */
	baswap((bdaddr_t *) (p2 + 4), ia);
	baswap((bdaddr_t *) (p2 + 10), ra);

	/* res = r XOR p1 */
	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err) {
		BT_ERR("Encrypt data error");
		return err;
	}

	/* res = res XOR p2 */
	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
			u8 r1[16], u8 r2[16], u8 _r[16])
{
	int err;

	/* Just least significant octets from r1 and r2 are considered */
	memcpy(_r, r1 + 8, 8);
	memcpy(_r + 8, r2 + 8, 8);

	err = smp_e(tfm, k, _r);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_rand(u8 *buf)
{
	get_random_bytes(buf, 16);

	return 0;
}
151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169

static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
						u16 dlen, void *data)
{
	struct sk_buff *skb;
	struct l2cap_hdr *lh;
	int len;

	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;

	if (len > conn->mtu)
		return NULL;

	skb = bt_skb_alloc(len, GFP_ATOMIC);
	if (!skb)
		return NULL;

	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
	lh->len = cpu_to_le16(sizeof(code) + dlen);
170
	lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187

	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));

	memcpy(skb_put(skb, dlen), data, dlen);

	return skb;
}

static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
{
	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);

	BT_DBG("code 0x%2.2x", code);

	if (!skb)
		return;

188 189
	skb->priority = HCI_PRIO_MAX;
	hci_send_acl(conn->hchan, skb, 0);
190

191
	cancel_delayed_work_sync(&conn->security_timer);
192
	schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
193 194
}

195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
static __u8 authreq_to_seclevel(__u8 authreq)
{
	if (authreq & SMP_AUTH_MITM)
		return BT_SECURITY_HIGH;
	else
		return BT_SECURITY_MEDIUM;
}

static __u8 seclevel_to_authreq(__u8 sec_level)
{
	switch (sec_level) {
	case BT_SECURITY_HIGH:
		return SMP_AUTH_MITM | SMP_AUTH_BONDING;
	case BT_SECURITY_MEDIUM:
		return SMP_AUTH_BONDING;
	default:
		return SMP_AUTH_NONE;
	}
}

215
static void build_pairing_cmd(struct l2cap_conn *conn,
216 217 218
				struct smp_cmd_pairing *req,
				struct smp_cmd_pairing *rsp,
				__u8 authreq)
219
{
220
	u8 dist_keys = 0;
221

222
	if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
223
		dist_keys = SMP_DIST_ENC_KEY;
224
		authreq |= SMP_AUTH_BONDING;
225 226
	} else {
		authreq &= ~SMP_AUTH_BONDING;
227 228 229 230 231 232
	}

	if (rsp == NULL) {
		req->io_capability = conn->hcon->io_capability;
		req->oob_flag = SMP_OOB_NOT_PRESENT;
		req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
233
		req->init_key_dist = 0;
234
		req->resp_key_dist = dist_keys;
235
		req->auth_req = (authreq & AUTH_REQ_MASK);
236 237 238 239 240 241
		return;
	}

	rsp->io_capability = conn->hcon->io_capability;
	rsp->oob_flag = SMP_OOB_NOT_PRESENT;
	rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
242
	rsp->init_key_dist = 0;
243
	rsp->resp_key_dist = req->resp_key_dist & dist_keys;
244
	rsp->auth_req = (authreq & AUTH_REQ_MASK);
245 246
}

247 248
static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
{
249 250
	struct smp_chan *smp = conn->smp_chan;

251 252 253 254
	if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
			(max_key_size < SMP_MIN_ENC_KEY_SIZE))
		return SMP_ENC_KEY_SIZE;

255
	smp->enc_key_size = max_key_size;
256 257 258 259

	return 0;
}

260 261
static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
{
262 263
	struct hci_conn *hcon = conn->hcon;

264 265 266 267
	if (send)
		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
								&reason);

268
	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
269
	mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
270
			 hcon->dst_type, HCI_ERROR_AUTH_FAILURE);
271

272 273 274
	cancel_delayed_work_sync(&conn->security_timer);

	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
275
		smp_chan_destroy(conn);
276 277
}

278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
#define JUST_WORKS	0x00
#define JUST_CFM	0x01
#define REQ_PASSKEY	0x02
#define CFM_PASSKEY	0x03
#define REQ_OOB		0x04
#define OVERLAP		0xFF

static const u8 gen_method[5][5] = {
	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
	{ JUST_WORKS,  JUST_CFM,    REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
	{ JUST_WORKS,  JUST_CFM,    JUST_WORKS,  JUST_WORKS, JUST_CFM    },
	{ CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP     },
};

static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
						u8 local_io, u8 remote_io)
{
	struct hci_conn *hcon = conn->hcon;
	struct smp_chan *smp = conn->smp_chan;
	u8 method;
	u32 passkey = 0;
	int ret = 0;

	/* Initialize key for JUST WORKS */
	memset(smp->tk, 0, sizeof(smp->tk));
	clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);

	BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);

	/* If neither side wants MITM, use JUST WORKS */
	/* If either side has unknown io_caps, use JUST WORKS */
	/* Otherwise, look up method from the table */
	if (!(auth & SMP_AUTH_MITM) ||
			local_io > SMP_IO_KEYBOARD_DISPLAY ||
			remote_io > SMP_IO_KEYBOARD_DISPLAY)
		method = JUST_WORKS;
	else
316
		method = gen_method[remote_io][local_io];
317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356

	/* If not bonding, don't ask user to confirm a Zero TK */
	if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
		method = JUST_WORKS;

	/* If Just Works, Continue with Zero TK */
	if (method == JUST_WORKS) {
		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
		return 0;
	}

	/* Not Just Works/Confirm results in MITM Authentication */
	if (method != JUST_CFM)
		set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);

	/* If both devices have Keyoard-Display I/O, the master
	 * Confirms and the slave Enters the passkey.
	 */
	if (method == OVERLAP) {
		if (hcon->link_mode & HCI_LM_MASTER)
			method = CFM_PASSKEY;
		else
			method = REQ_PASSKEY;
	}

	/* Generate random passkey. Not valid until confirmed. */
	if (method == CFM_PASSKEY) {
		u8 key[16];

		memset(key, 0, sizeof(key));
		get_random_bytes(&passkey, sizeof(passkey));
		passkey %= 1000000;
		put_unaligned_le32(passkey, key);
		swap128(key, smp->tk);
		BT_DBG("PassKey: %d", passkey);
	}

	hci_dev_lock(hcon->hdev);

	if (method == REQ_PASSKEY)
357 358
		ret = mgmt_user_passkey_request(hcon->hdev, conn->dst,
						hcon->type, hcon->dst_type);
359 360
	else
		ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
361
						hcon->type, hcon->dst_type,
362 363 364 365 366 367 368
						cpu_to_le32(passkey), 0);

	hci_dev_unlock(hcon->hdev);

	return ret;
}

369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389
static void confirm_work(struct work_struct *work)
{
	struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
	struct l2cap_conn *conn = smp->conn;
	struct crypto_blkcipher *tfm;
	struct smp_cmd_pairing_confirm cp;
	int ret;
	u8 res[16], reason;

	BT_DBG("conn %p", conn);

	tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm)) {
		reason = SMP_UNSPECIFIED;
		goto error;
	}

	smp->tfm = tfm;

	if (conn->hcon->out)
		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
390
			     conn->src, conn->hcon->dst_type, conn->dst, res);
391 392
	else
		ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
393 394
			     conn->hcon->dst_type, conn->dst, 0, conn->src,
			     res);
395 396 397 398 399
	if (ret) {
		reason = SMP_UNSPECIFIED;
		goto error;
	}

400 401
	clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);

402 403 404 405 406 407
	swap128(res, cp.confirm_val);
	smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);

	return;

error:
408
	smp_failure(conn, reason, 1);
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
}

static void random_work(struct work_struct *work)
{
	struct smp_chan *smp = container_of(work, struct smp_chan, random);
	struct l2cap_conn *conn = smp->conn;
	struct hci_conn *hcon = conn->hcon;
	struct crypto_blkcipher *tfm = smp->tfm;
	u8 reason, confirm[16], res[16], key[16];
	int ret;

	if (IS_ERR_OR_NULL(tfm)) {
		reason = SMP_UNSPECIFIED;
		goto error;
	}

	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

	if (hcon->out)
		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
429
			     conn->src, hcon->dst_type, conn->dst, res);
430 431
	else
		ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
432
			     hcon->dst_type, conn->dst, 0, conn->src, res);
433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
	if (ret) {
		reason = SMP_UNSPECIFIED;
		goto error;
	}

	swap128(res, confirm);

	if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
		BT_ERR("Pairing failed (confirmation values mismatch)");
		reason = SMP_CONFIRM_FAILED;
		goto error;
	}

	if (hcon->out) {
		u8 stk[16], rand[8];
		__le16 ediv;

		memset(rand, 0, sizeof(rand));
		ediv = 0;

		smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
		swap128(key, stk);

456
		memset(stk + smp->enc_key_size, 0,
457
		       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
458

459
		if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
460 461 462 463 464
			reason = SMP_UNSPECIFIED;
			goto error;
		}

		hci_le_start_enc(hcon, ediv, rand, stk);
465
		hcon->enc_key_size = smp->enc_key_size;
466 467 468 469 470 471 472 473 474 475 476 477 478
	} else {
		u8 stk[16], r[16], rand[8];
		__le16 ediv;

		memset(rand, 0, sizeof(rand));
		ediv = 0;

		swap128(smp->prnd, r);
		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);

		smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
		swap128(key, stk);

479 480
		memset(stk + smp->enc_key_size, 0,
				SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
481

482
		hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type,
483 484
			    HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
			    ediv, rand);
485 486 487 488 489
	}

	return;

error:
490
	smp_failure(conn, reason, 1);
491 492 493 494 495 496 497 498 499 500 501 502 503 504 505
}

static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
{
	struct smp_chan *smp;

	smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
	if (!smp)
		return NULL;

	INIT_WORK(&smp->confirm, confirm_work);
	INIT_WORK(&smp->random, random_work);

	smp->conn = conn;
	conn->smp_chan = smp;
506
	conn->hcon->smp_conn = conn;
507 508 509 510 511 512 513 514

	hci_conn_hold(conn->hcon);

	return smp;
}

void smp_chan_destroy(struct l2cap_conn *conn)
{
515 516
	struct smp_chan *smp = conn->smp_chan;

517
	BUG_ON(!smp);
518 519 520 521 522 523

	if (smp->tfm)
		crypto_free_blkcipher(smp->tfm);

	kfree(smp);
	conn->smp_chan = NULL;
524
	conn->hcon->smp_conn = NULL;
525
	hci_conn_drop(conn->hcon);
526 527
}

528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568
int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
{
	struct l2cap_conn *conn = hcon->smp_conn;
	struct smp_chan *smp;
	u32 value;
	u8 key[16];

	BT_DBG("");

	if (!conn)
		return -ENOTCONN;

	smp = conn->smp_chan;

	switch (mgmt_op) {
	case MGMT_OP_USER_PASSKEY_REPLY:
		value = le32_to_cpu(passkey);
		memset(key, 0, sizeof(key));
		BT_DBG("PassKey: %d", value);
		put_unaligned_le32(value, key);
		swap128(key, smp->tk);
		/* Fall Through */
	case MGMT_OP_USER_CONFIRM_REPLY:
		set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
		break;
	case MGMT_OP_USER_PASSKEY_NEG_REPLY:
	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
		return 0;
	default:
		smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
		return -EOPNOTSUPP;
	}

	/* If it is our turn to send Pairing Confirm, do so now */
	if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
		queue_work(hcon->hdev->workqueue, &smp->confirm);

	return 0;
}

569
static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
570
{
571
	struct smp_cmd_pairing rsp, *req = (void *) skb->data;
572
	struct smp_chan *smp;
573
	u8 key_size;
574
	u8 auth = SMP_AUTH_NONE;
575
	int ret;
576 577 578

	BT_DBG("conn %p", conn);

579 580 581
	if (conn->hcon->link_mode & HCI_LM_MASTER)
		return SMP_CMD_NOTSUPP;

582
	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
583
		smp = smp_chan_create(conn);
584 585
	else
		smp = conn->smp_chan;
586

587 588
	if (!smp)
		return SMP_UNSPECIFIED;
589

590 591
	smp->preq[0] = SMP_CMD_PAIRING_REQ;
	memcpy(&smp->preq[1], req, sizeof(*req));
592
	skb_pull(skb, sizeof(*req));
593

594 595 596
	/* We didn't start the pairing, so match remote */
	if (req->auth_req & SMP_AUTH_BONDING)
		auth = req->auth_req;
597

598 599
	conn->hcon->pending_sec_level = authreq_to_seclevel(auth);

600
	build_pairing_cmd(conn, req, &rsp, auth);
601 602 603 604

	key_size = min(req->max_key_size, rsp.max_key_size);
	if (check_enc_key_size(conn, key_size))
		return SMP_ENC_KEY_SIZE;
605

606 607 608 609
	ret = smp_rand(smp->prnd);
	if (ret)
		return SMP_UNSPECIFIED;

610 611
	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
	memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
612

613
	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
614

615 616 617 618 619
	/* Request setup of TK */
	ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
	if (ret)
		return SMP_UNSPECIFIED;

620
	return 0;
621 622
}

623
static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
624
{
625
	struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
626
	struct smp_chan *smp = conn->smp_chan;
627
	struct hci_dev *hdev = conn->hcon->hdev;
628
	u8 key_size, auth = SMP_AUTH_NONE;
629
	int ret;
630 631 632

	BT_DBG("conn %p", conn);

633 634 635
	if (!(conn->hcon->link_mode & HCI_LM_MASTER))
		return SMP_CMD_NOTSUPP;

636 637
	skb_pull(skb, sizeof(*rsp));

638
	req = (void *) &smp->preq[1];
639

640 641 642 643
	key_size = min(req->max_key_size, rsp->max_key_size);
	if (check_enc_key_size(conn, key_size))
		return SMP_ENC_KEY_SIZE;

644
	ret = smp_rand(smp->prnd);
645
	if (ret)
646
		return SMP_UNSPECIFIED;
647

648 649
	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
	memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
650

651 652 653 654 655 656
	if ((req->auth_req & SMP_AUTH_BONDING) &&
			(rsp->auth_req & SMP_AUTH_BONDING))
		auth = SMP_AUTH_BONDING;

	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;

657
	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
658 659 660 661 662 663 664 665 666
	if (ret)
		return SMP_UNSPECIFIED;

	set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);

	/* Can't compose response until we have been confirmed */
	if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
		return 0;

667
	queue_work(hdev->workqueue, &smp->confirm);
668 669

	return 0;
670 671
}

672
static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
673
{
674
	struct smp_chan *smp = conn->smp_chan;
675
	struct hci_dev *hdev = conn->hcon->hdev;
676

677 678
	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

679 680
	memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
	skb_pull(skb, sizeof(smp->pcnf));
681

682 683
	if (conn->hcon->out) {
		u8 random[16];
684

685
		swap128(smp->prnd, random);
686
		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
687
								random);
688
	} else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
689
		queue_work(hdev->workqueue, &smp->confirm);
690 691
	} else {
		set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
692
	}
693 694

	return 0;
695 696
}

697
static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
698
{
699
	struct smp_chan *smp = conn->smp_chan;
700
	struct hci_dev *hdev = conn->hcon->hdev;
701

702
	BT_DBG("conn %p", conn);
703

704 705
	swap128(skb->data, smp->rrnd);
	skb_pull(skb, sizeof(smp->rrnd));
706

707
	queue_work(hdev->workqueue, &smp->random);
708 709

	return 0;
710 711
}

712
static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
713
{
714
	struct smp_ltk *key;
715 716
	struct hci_conn *hcon = conn->hcon;

717
	key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type);
718 719 720
	if (!key)
		return 0;

721 722 723
	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
		return 0;

724
	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
725 726
		return 1;

727 728
	hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
	hcon->enc_key_size = key->enc_size;
729 730 731 732

	return 1;

}
733
static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
734 735 736
{
	struct smp_cmd_security_req *rp = (void *) skb->data;
	struct smp_cmd_pairing cp;
737
	struct hci_conn *hcon = conn->hcon;
738
	struct smp_chan *smp;
739 740 741

	BT_DBG("conn %p", conn);

742
	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
743

744
	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
745 746
		return 0;

747
	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
748
		return 0;
749

750
	smp = smp_chan_create(conn);
751

752 753
	skb_pull(skb, sizeof(*rp));

754
	memset(&cp, 0, sizeof(cp));
755
	build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
756

757 758
	smp->preq[0] = SMP_CMD_PAIRING_REQ;
	memcpy(&smp->preq[1], &cp, sizeof(cp));
759

760
	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
761

762
	return 0;
763 764
}

765
int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
766
{
767
	struct l2cap_conn *conn = hcon->l2cap_data;
768
	struct smp_chan *smp = conn->smp_chan;
769
	__u8 authreq;
770

771 772
	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);

773
	if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
774 775
		return 1;

776 777
	if (sec_level == BT_SECURITY_LOW)
		return 1;
778

779
	if (hcon->sec_level >= sec_level)
780
		return 1;
781

782
	if (hcon->link_mode & HCI_LM_MASTER)
783
		if (smp_ltk_encrypt(conn, sec_level))
784
			goto done;
785

786
	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
787 788
		return 0;

789
	smp = smp_chan_create(conn);
790 791 792 793
	if (!smp)
		return 1;

	authreq = seclevel_to_authreq(sec_level);
794 795 796

	if (hcon->link_mode & HCI_LM_MASTER) {
		struct smp_cmd_pairing cp;
797

798
		build_pairing_cmd(conn, &cp, NULL, authreq);
799 800
		smp->preq[0] = SMP_CMD_PAIRING_REQ;
		memcpy(&smp->preq[1], &cp, sizeof(cp));
801

802 803 804
		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
	} else {
		struct smp_cmd_security_req cp;
805
		cp.auth_req = authreq;
806 807 808
		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
	}

809
done:
810 811
	hcon->pending_sec_level = sec_level;

812 813 814
	return 0;
}

815 816
static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
{
817
	struct smp_cmd_encrypt_info *rp = (void *) skb->data;
818
	struct smp_chan *smp = conn->smp_chan;
819 820 821

	skb_pull(skb, sizeof(*rp));

822
	memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
823

824 825 826 827 828
	return 0;
}

static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
{
829
	struct smp_cmd_master_ident *rp = (void *) skb->data;
830
	struct smp_chan *smp = conn->smp_chan;
831 832 833
	struct hci_dev *hdev = conn->hcon->hdev;
	struct hci_conn *hcon = conn->hcon;
	u8 authenticated;
834 835

	skb_pull(skb, sizeof(*rp));
836

837 838 839
	hci_dev_lock(hdev);
	authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH);
	hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
840 841
		    HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size,
		    rp->ediv, rp->rand);
842
	smp_distribute_keys(conn, 1);
843
	hci_dev_unlock(hdev);
844 845 846 847

	return 0;
}

848 849 850 851 852 853
int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
{
	__u8 code = skb->data[0];
	__u8 reason;
	int err = 0;

854
	if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
855 856 857 858 859
		err = -ENOTSUPP;
		reason = SMP_PAIRING_NOTSUPP;
		goto done;
	}

860 861
	skb_pull(skb, sizeof(code));

862 863 864 865 866 867 868 869 870 871 872 873 874
	/*
	 * The SMP context must be initialized for all other PDUs except
	 * pairing and security requests. If we get any other PDU when
	 * not initialized simply disconnect (done if this function
	 * returns an error).
	 */
	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
	    !conn->smp_chan) {
		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
		kfree_skb(skb);
		return -ENOTSUPP;
	}

875 876
	switch (code) {
	case SMP_CMD_PAIRING_REQ:
877
		reason = smp_cmd_pairing_req(conn, skb);
878 879 880
		break;

	case SMP_CMD_PAIRING_FAIL:
881
		smp_failure(conn, skb->data[0], 0);
882 883
		reason = 0;
		err = -EPERM;
884 885 886
		break;

	case SMP_CMD_PAIRING_RSP:
887
		reason = smp_cmd_pairing_rsp(conn, skb);
888 889 890
		break;

	case SMP_CMD_SECURITY_REQ:
891
		reason = smp_cmd_security_req(conn, skb);
892 893
		break;

894
	case SMP_CMD_PAIRING_CONFIRM:
895
		reason = smp_cmd_pairing_confirm(conn, skb);
896 897
		break;

898
	case SMP_CMD_PAIRING_RANDOM:
899
		reason = smp_cmd_pairing_random(conn, skb);
900 901
		break;

902
	case SMP_CMD_ENCRYPT_INFO:
903 904 905
		reason = smp_cmd_encrypt_info(conn, skb);
		break;

906
	case SMP_CMD_MASTER_IDENT:
907 908 909
		reason = smp_cmd_master_ident(conn, skb);
		break;

910 911 912
	case SMP_CMD_IDENT_INFO:
	case SMP_CMD_IDENT_ADDR_INFO:
	case SMP_CMD_SIGN_INFO:
913 914 915 916
		/* Just ignored */
		reason = 0;
		break;

917 918 919 920 921
	default:
		BT_DBG("Unknown command code 0x%2.2x", code);

		reason = SMP_CMD_NOTSUPP;
		err = -EOPNOTSUPP;
922
		goto done;
923 924
	}

925 926
done:
	if (reason)
927
		smp_failure(conn, reason, 1);
928

929 930 931
	kfree_skb(skb);
	return err;
}
932 933 934 935

int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
{
	struct smp_cmd_pairing *req, *rsp;
936
	struct smp_chan *smp = conn->smp_chan;
937 938 939 940
	__u8 *keydist;

	BT_DBG("conn %p force %d", conn, force);

941
	if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
942 943
		return 0;

944
	rsp = (void *) &smp->prsp[1];
945 946 947 948 949

	/* The responder sends its keys first */
	if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
		return 0;

950
	req = (void *) &smp->preq[1];
951 952 953 954 955 956 957 958 959 960 961 962 963 964 965

	if (conn->hcon->out) {
		keydist = &rsp->init_key_dist;
		*keydist &= req->init_key_dist;
	} else {
		keydist = &rsp->resp_key_dist;
		*keydist &= req->resp_key_dist;
	}


	BT_DBG("keydist 0x%x", *keydist);

	if (*keydist & SMP_DIST_ENC_KEY) {
		struct smp_cmd_encrypt_info enc;
		struct smp_cmd_master_ident ident;
966 967
		struct hci_conn *hcon = conn->hcon;
		u8 authenticated;
968 969 970 971 972 973 974 975
		__le16 ediv;

		get_random_bytes(enc.ltk, sizeof(enc.ltk));
		get_random_bytes(&ediv, sizeof(ediv));
		get_random_bytes(ident.rand, sizeof(ident.rand));

		smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);

976 977
		authenticated = hcon->sec_level == BT_SECURITY_HIGH;
		hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
978 979
			    HCI_SMP_LTK_SLAVE, 1, authenticated,
			    enc.ltk, smp->enc_key_size, ediv, ident.rand);
980

981
		ident.ediv = ediv;
982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017

		smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);

		*keydist &= ~SMP_DIST_ENC_KEY;
	}

	if (*keydist & SMP_DIST_ID_KEY) {
		struct smp_cmd_ident_addr_info addrinfo;
		struct smp_cmd_ident_info idinfo;

		/* Send a dummy key */
		get_random_bytes(idinfo.irk, sizeof(idinfo.irk));

		smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);

		/* Just public address */
		memset(&addrinfo, 0, sizeof(addrinfo));
		bacpy(&addrinfo.bdaddr, conn->src);

		smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
								&addrinfo);

		*keydist &= ~SMP_DIST_ID_KEY;
	}

	if (*keydist & SMP_DIST_SIGN) {
		struct smp_cmd_sign_info sign;

		/* Send a dummy key */
		get_random_bytes(sign.csrk, sizeof(sign.csrk));

		smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);

		*keydist &= ~SMP_DIST_SIGN;
	}

1018
	if (conn->hcon->out || force) {
1019
		clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1020
		cancel_delayed_work_sync(&conn->security_timer);
1021
		smp_chan_destroy(conn);
1022 1023
	}

1024 1025
	return 0;
}