smp.c 10.6 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>
#include <net/bluetooth/smp.h>
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
#include <linux/crypto.h>
#include <crypto/b128ops.h>

static inline void swap128(u8 src[16], u8 dst[16])
{
	int i;
	for (i = 0; i < 16; i++)
		dst[15 - i] = src[i];
}

static inline void swap56(u8 src[7], u8 dst[7])
{
	int i;
	for (i = 0; i < 7; i++)
		dst[6 - i] = src[i];
}

static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
{
	struct blkcipher_desc desc;
	struct scatterlist sg;
	int err, iv_len;
	unsigned char iv[128];

	if (tfm == NULL) {
		BT_ERR("tfm %p", tfm);
		return -EINVAL;
	}

	desc.tfm = tfm;
	desc.flags = 0;

	err = crypto_blkcipher_setkey(tfm, k, 16);
	if (err) {
		BT_ERR("cipher setkey failed: %d", err);
		return err;
	}

	sg_init_one(&sg, r, 16);

	iv_len = crypto_blkcipher_ivsize(tfm);
	if (iv_len) {
		memset(&iv, 0xff, iv_len);
		crypto_blkcipher_set_iv(tfm, iv, iv_len);
	}

	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
	if (err)
		BT_ERR("Encrypt data error %d", err);

	return err;
}

static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
		u8 _rat, bdaddr_t *ra, u8 res[16])
{
	u8 p1[16], p2[16];
	int err;

	memset(p1, 0, 16);

	/* p1 = pres || preq || _rat || _iat */
	swap56(pres, p1);
	swap56(preq, p1 + 7);
	p1[14] = _rat;
	p1[15] = _iat;

	memset(p2, 0, 16);

	/* p2 = padding || ia || ra */
	baswap((bdaddr_t *) (p2 + 4), ia);
	baswap((bdaddr_t *) (p2 + 10), ra);

	/* res = r XOR p1 */
	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err) {
		BT_ERR("Encrypt data error");
		return err;
	}

	/* res = res XOR p2 */
	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
			u8 r1[16], u8 r2[16], u8 _r[16])
{
	int err;

	/* Just least significant octets from r1 and r2 are considered */
	memcpy(_r, r1 + 8, 8);
	memcpy(_r + 8, r2 + 8, 8);

	err = smp_e(tfm, k, _r);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_rand(u8 *buf)
{
	get_random_bytes(buf, 16);

	return 0;
}
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183

static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
						u16 dlen, void *data)
{
	struct sk_buff *skb;
	struct l2cap_hdr *lh;
	int len;

	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;

	if (len > conn->mtu)
		return NULL;

	skb = bt_skb_alloc(len, GFP_ATOMIC);
	if (!skb)
		return NULL;

	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
	lh->len = cpu_to_le16(sizeof(code) + dlen);
	lh->cid = cpu_to_le16(L2CAP_CID_SMP);

	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));

	memcpy(skb_put(skb, dlen), data, dlen);

	return skb;
}

static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
{
	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);

	BT_DBG("code 0x%2.2x", code);

	if (!skb)
		return;

	hci_send_acl(conn->hcon, skb, 0);
}

184 185 186 187 188 189
static void smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_pairing *rp = (void *) skb->data;

	BT_DBG("conn %p", conn);

190 191
	conn->preq[0] = SMP_CMD_PAIRING_REQ;
	memcpy(&conn->preq[1], rp, sizeof(*rp));
192 193 194 195 196 197 198 199 200
	skb_pull(skb, sizeof(*rp));

	rp->io_capability = 0x00;
	rp->oob_flag = 0x00;
	rp->max_key_size = 16;
	rp->init_key_dist = 0x00;
	rp->resp_key_dist = 0x00;
	rp->auth_req &= (SMP_AUTH_BONDING | SMP_AUTH_MITM);

201 202 203
	/* Just works */
	memset(conn->tk, 0, sizeof(conn->tk));

204 205 206
	conn->prsp[0] = SMP_CMD_PAIRING_RSP;
	memcpy(&conn->prsp[1], rp, sizeof(*rp));

207 208 209 210 211
	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(*rp), rp);
}

static void smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
{
212
	struct smp_cmd_pairing *rp = (void *) skb->data;
213
	struct smp_cmd_pairing_confirm cp;
214 215 216
	struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
	int ret;
	u8 res[16];
217 218 219

	BT_DBG("conn %p", conn);

220 221
	/* Just works */
	memset(conn->tk, 0, sizeof(conn->tk));
222

223 224 225 226
	conn->prsp[0] = SMP_CMD_PAIRING_RSP;
	memcpy(&conn->prsp[1], rp, sizeof(*rp));
	skb_pull(skb, sizeof(*rp));

227 228 229 230 231 232 233 234 235 236 237
	ret = smp_rand(conn->prnd);
	if (ret)
		return;

	ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0,
			conn->src, conn->hcon->dst_type, conn->dst, res);
	if (ret)
		return;

	swap128(res, cp.confirm_val);

238 239 240 241 242 243
	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
}

static void smp_cmd_pairing_confirm(struct l2cap_conn *conn,
							struct sk_buff *skb)
{
244 245
	struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;

246 247
	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

248 249
	memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf));
	skb_pull(skb, sizeof(conn->pcnf));
250

251 252
	if (conn->hcon->out) {
		u8 random[16];
253

254
		swap128(conn->prnd, random);
255
		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
256
								random);
257
	} else {
258 259 260
		struct smp_cmd_pairing_confirm cp;
		int ret;
		u8 res[16];
261

262 263 264
		ret = smp_rand(conn->prnd);
		if (ret)
			return;
265

266 267 268 269 270 271 272 273 274
		ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp,
						conn->hcon->dst_type, conn->dst,
						0, conn->src, res);
		if (ret)
			return;

		swap128(res, cp.confirm_val);

		smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
275 276 277 278 279
	}
}

static void smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
{
280 281
	struct hci_conn *hcon = conn->hcon;
	struct crypto_blkcipher *tfm = hcon->hdev->tfm;
282
	int ret;
283
	u8 key[16], res[16], random[16], confirm[16];
284 285 286 287

	swap128(skb->data, random);
	skb_pull(skb, sizeof(random));

288 289
	memset(hcon->ltk, 0, sizeof(hcon->ltk));

290 291 292 293 294 295 296 297 298 299
	if (conn->hcon->out)
		ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0,
				conn->src, conn->hcon->dst_type, conn->dst,
				res);
	else
		ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp,
				conn->hcon->dst_type, conn->dst, 0, conn->src,
				res);
	if (ret)
		return;
300 301 302

	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

303 304 305 306 307 308 309 310 311 312
	swap128(res, confirm);

	if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) {
		struct smp_cmd_pairing_fail cp;

		BT_ERR("Pairing failed (confirmation values mismatch)");
		cp.reason = SMP_CONFIRM_FAILED;
		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(cp), &cp);
		return;
	}
313 314

	if (conn->hcon->out) {
315 316 317
		__le16 ediv;
		u8 rand[8];

318
		smp_s1(tfm, conn->tk, random, conn->prnd, key);
319
		swap128(key, hcon->ltk);
320

321 322 323
		memset(rand, 0, sizeof(rand));
		ediv = 0;
		hci_le_start_enc(hcon, ediv, rand, hcon->ltk);
324
	} else {
325 326 327 328 329 330
		u8 r[16];

		swap128(conn->prnd, r);
		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);

		smp_s1(tfm, conn->tk, conn->prnd, random, key);
331
		swap128(key, hcon->ltk);
332 333 334 335 336 337 338
	}
}

static void smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_security_req *rp = (void *) skb->data;
	struct smp_cmd_pairing cp;
339
	struct hci_conn *hcon = conn->hcon;
340 341 342

	BT_DBG("conn %p", conn);

343 344 345
	if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
		return;

346 347 348 349 350 351 352 353 354 355
	skb_pull(skb, sizeof(*rp));
	memset(&cp, 0, sizeof(cp));

	cp.io_capability = 0x00;
	cp.oob_flag = 0x00;
	cp.max_key_size = 16;
	cp.init_key_dist = 0x00;
	cp.resp_key_dist = 0x00;
	cp.auth_req = rp->auth_req & (SMP_AUTH_BONDING | SMP_AUTH_MITM);

356 357 358
	conn->preq[0] = SMP_CMD_PAIRING_REQ;
	memcpy(&conn->preq[1], &cp, sizeof(cp));

359
	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
360 361 362 363 364 365 366 367 368 369 370 371 372 373

	set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
}

static __u8 seclevel_to_authreq(__u8 level)
{
	switch (level) {
	case BT_SECURITY_HIGH:
		/* For now we don't support bonding */
		return SMP_AUTH_MITM;

	default:
		return SMP_AUTH_NONE;
	}
374 375
}

376 377
int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
{
378
	struct hci_conn *hcon = conn->hcon;
379 380
	__u8 authreq;

381 382 383 384
	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);

	if (IS_ERR(hcon->hdev->tfm))
		return 1;
385

386 387
	if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
		return 0;
388

389 390
	if (sec_level == BT_SECURITY_LOW)
		return 1;
391

392
	if (hcon->sec_level >= sec_level)
393
		return 1;
394 395

	authreq = seclevel_to_authreq(sec_level);
396

397
	if (hcon->link_mode & HCI_LM_MASTER) {
398 399 400 401 402 403 404
		struct smp_cmd_pairing cp;
		cp.io_capability = 0x00;
		cp.oob_flag = 0x00;
		cp.max_key_size = 16;
		cp.init_key_dist = 0x00;
		cp.resp_key_dist = 0x00;
		cp.auth_req = authreq;
405 406 407 408

		conn->preq[0] = SMP_CMD_PAIRING_REQ;
		memcpy(&conn->preq[1], &cp, sizeof(cp));

409 410 411 412 413 414 415
		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
	} else {
		struct smp_cmd_security_req cp;
		cp.auth_req = authreq;
		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
	}

416 417 418
	hcon->pending_sec_level = sec_level;
	set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);

419 420 421 422 423 424 425 426 427
	return 0;
}

int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
{
	__u8 code = skb->data[0];
	__u8 reason;
	int err = 0;

428 429 430 431 432 433
	if (IS_ERR(conn->hcon->hdev->tfm)) {
		err = PTR_ERR(conn->hcon->hdev->tfm);
		reason = SMP_PAIRING_NOTSUPP;
		goto done;
	}

434 435 436 437
	skb_pull(skb, sizeof(code));

	switch (code) {
	case SMP_CMD_PAIRING_REQ:
438
		smp_cmd_pairing_req(conn, skb);
439 440 441 442 443 444
		break;

	case SMP_CMD_PAIRING_FAIL:
		break;

	case SMP_CMD_PAIRING_RSP:
445 446 447 448 449 450 451
		smp_cmd_pairing_rsp(conn, skb);
		break;

	case SMP_CMD_SECURITY_REQ:
		smp_cmd_security_req(conn, skb);
		break;

452
	case SMP_CMD_PAIRING_CONFIRM:
453 454 455
		smp_cmd_pairing_confirm(conn, skb);
		break;

456
	case SMP_CMD_PAIRING_RANDOM:
457 458 459
		smp_cmd_pairing_random(conn, skb);
		break;

460 461 462 463 464 465 466 467 468 469
	case SMP_CMD_ENCRYPT_INFO:
	case SMP_CMD_MASTER_IDENT:
	case SMP_CMD_IDENT_INFO:
	case SMP_CMD_IDENT_ADDR_INFO:
	case SMP_CMD_SIGN_INFO:
	default:
		BT_DBG("Unknown command code 0x%2.2x", code);

		reason = SMP_CMD_NOTSUPP;
		err = -EOPNOTSUPP;
470
		goto done;
471 472
	}

473 474 475 476 477
done:
	if (reason)
		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
								&reason);

478 479 480
	kfree_skb(skb);
	return err;
}