2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
29 #include <crypto/b128ops.h>
31 #define SMP_TIMEOUT 30000 /* 30 seconds */
33 #define AUTH_REQ_MASK 0x07
35 static inline void swap128(u8 src[16], u8 dst[16])
38 for (i = 0; i < 16; i++)
42 static inline void swap56(u8 src[7], u8 dst[7])
45 for (i = 0; i < 7; i++)
49 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
51 struct blkcipher_desc desc;
52 struct scatterlist sg;
54 unsigned char iv[128];
57 BT_ERR("tfm %p", tfm);
64 err = crypto_blkcipher_setkey(tfm, k, 16);
66 BT_ERR("cipher setkey failed: %d", err);
70 sg_init_one(&sg, r, 16);
72 iv_len = crypto_blkcipher_ivsize(tfm);
74 memset(&iv, 0xff, iv_len);
75 crypto_blkcipher_set_iv(tfm, iv, iv_len);
78 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
80 BT_ERR("Encrypt data error %d", err);
85 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
86 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
87 u8 _rat, bdaddr_t *ra, u8 res[16])
94 /* p1 = pres || preq || _rat || _iat */
102 /* p2 = padding || ia || ra */
103 baswap((bdaddr_t *) (p2 + 4), ia);
104 baswap((bdaddr_t *) (p2 + 10), ra);
107 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
109 /* res = e(k, res) */
110 err = smp_e(tfm, k, res);
112 BT_ERR("Encrypt data error");
116 /* res = res XOR p2 */
117 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
119 /* res = e(k, res) */
120 err = smp_e(tfm, k, res);
122 BT_ERR("Encrypt data error");
127 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
128 u8 r1[16], u8 r2[16], u8 _r[16])
132 /* Just least significant octets from r1 and r2 are considered */
133 memcpy(_r, r1 + 8, 8);
134 memcpy(_r + 8, r2 + 8, 8);
136 err = smp_e(tfm, k, _r);
138 BT_ERR("Encrypt data error");
143 static int smp_rand(u8 *buf)
145 get_random_bytes(buf, 16);
150 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
151 u16 dlen, void *data)
154 struct l2cap_hdr *lh;
157 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
162 skb = bt_skb_alloc(len, GFP_ATOMIC);
166 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
167 lh->len = cpu_to_le16(sizeof(code) + dlen);
168 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
170 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
172 memcpy(skb_put(skb, dlen), data, dlen);
177 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
179 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
181 BT_DBG("code 0x%2.2x", code);
186 hci_send_acl(conn->hcon, skb, 0);
188 mod_timer(&conn->security_timer, jiffies +
189 msecs_to_jiffies(SMP_TIMEOUT));
192 static void build_pairing_cmd(struct l2cap_conn *conn,
193 struct smp_cmd_pairing *req,
194 struct smp_cmd_pairing *rsp,
200 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
201 dist_keys = SMP_DIST_ENC_KEY;
202 authreq |= SMP_AUTH_BONDING;
206 req->io_capability = conn->hcon->io_capability;
207 req->oob_flag = SMP_OOB_NOT_PRESENT;
208 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
209 req->init_key_dist = dist_keys;
210 req->resp_key_dist = dist_keys;
211 req->auth_req = (authreq & AUTH_REQ_MASK);
215 rsp->io_capability = conn->hcon->io_capability;
216 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
217 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
218 rsp->init_key_dist = req->init_key_dist & dist_keys;
219 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
220 rsp->auth_req = (authreq & AUTH_REQ_MASK);
223 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
225 struct smp_chan *smp = conn->smp_chan;
227 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
228 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
229 return SMP_ENC_KEY_SIZE;
231 smp->smp_key_size = max_key_size;
236 static void confirm_work(struct work_struct *work)
238 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
239 struct l2cap_conn *conn = smp->conn;
240 struct crypto_blkcipher *tfm;
241 struct smp_cmd_pairing_confirm cp;
245 BT_DBG("conn %p", conn);
247 tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
249 reason = SMP_UNSPECIFIED;
256 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
257 conn->src, conn->hcon->dst_type, conn->dst,
260 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
261 conn->hcon->dst_type, conn->dst, 0, conn->src,
264 reason = SMP_UNSPECIFIED;
268 swap128(res, cp.confirm_val);
269 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
274 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason);
275 smp_chan_destroy(conn);
278 static void random_work(struct work_struct *work)
280 struct smp_chan *smp = container_of(work, struct smp_chan, random);
281 struct l2cap_conn *conn = smp->conn;
282 struct hci_conn *hcon = conn->hcon;
283 struct crypto_blkcipher *tfm = smp->tfm;
284 u8 reason, confirm[16], res[16], key[16];
287 if (IS_ERR_OR_NULL(tfm)) {
288 reason = SMP_UNSPECIFIED;
292 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
295 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
296 conn->src, hcon->dst_type, conn->dst,
299 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
300 hcon->dst_type, conn->dst, 0, conn->src,
303 reason = SMP_UNSPECIFIED;
307 swap128(res, confirm);
309 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
310 BT_ERR("Pairing failed (confirmation values mismatch)");
311 reason = SMP_CONFIRM_FAILED;
319 memset(rand, 0, sizeof(rand));
322 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
325 memset(stk + smp->smp_key_size, 0,
326 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
328 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) {
329 reason = SMP_UNSPECIFIED;
333 hci_le_start_enc(hcon, ediv, rand, stk);
334 hcon->enc_key_size = smp->smp_key_size;
336 u8 stk[16], r[16], rand[8];
339 memset(rand, 0, sizeof(rand));
342 swap128(smp->prnd, r);
343 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
345 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
348 memset(stk + smp->smp_key_size, 0,
349 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
351 hci_add_ltk(hcon->hdev, 0, conn->dst, smp->smp_key_size,
358 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason);
359 smp_chan_destroy(conn);
362 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
364 struct smp_chan *smp;
366 smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
370 INIT_WORK(&smp->confirm, confirm_work);
371 INIT_WORK(&smp->random, random_work);
374 conn->smp_chan = smp;
376 hci_conn_hold(conn->hcon);
381 void smp_chan_destroy(struct l2cap_conn *conn)
383 kfree(conn->smp_chan);
384 hci_conn_put(conn->hcon);
387 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
389 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
390 struct smp_chan *smp;
394 BT_DBG("conn %p", conn);
396 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
397 smp = smp_chan_create(conn);
399 smp = conn->smp_chan;
401 smp->preq[0] = SMP_CMD_PAIRING_REQ;
402 memcpy(&smp->preq[1], req, sizeof(*req));
403 skb_pull(skb, sizeof(*req));
406 return SMP_OOB_NOT_AVAIL;
408 /* We didn't start the pairing, so no requirements */
409 build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
411 key_size = min(req->max_key_size, rsp.max_key_size);
412 if (check_enc_key_size(conn, key_size))
413 return SMP_ENC_KEY_SIZE;
416 memset(smp->tk, 0, sizeof(smp->tk));
418 ret = smp_rand(smp->prnd);
420 return SMP_UNSPECIFIED;
422 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
423 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
425 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
430 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
432 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
433 struct smp_chan *smp = conn->smp_chan;
434 struct hci_dev *hdev = conn->hcon->hdev;
438 BT_DBG("conn %p", conn);
440 skb_pull(skb, sizeof(*rsp));
442 req = (void *) &smp->preq[1];
444 key_size = min(req->max_key_size, rsp->max_key_size);
445 if (check_enc_key_size(conn, key_size))
446 return SMP_ENC_KEY_SIZE;
449 return SMP_OOB_NOT_AVAIL;
452 memset(smp->tk, 0, sizeof(smp->tk));
454 ret = smp_rand(smp->prnd);
456 return SMP_UNSPECIFIED;
458 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
459 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
461 queue_work(hdev->workqueue, &smp->confirm);
466 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
468 struct smp_chan *smp = conn->smp_chan;
469 struct hci_dev *hdev = conn->hcon->hdev;
471 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
473 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
474 skb_pull(skb, sizeof(smp->pcnf));
476 if (conn->hcon->out) {
479 swap128(smp->prnd, random);
480 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
483 queue_work(hdev->workqueue, &smp->confirm);
489 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
491 struct smp_chan *smp = conn->smp_chan;
492 struct hci_dev *hdev = conn->hcon->hdev;
494 BT_DBG("conn %p", conn);
496 swap128(skb->data, smp->rrnd);
497 skb_pull(skb, sizeof(smp->rrnd));
499 queue_work(hdev->workqueue, &smp->random);
504 static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
506 struct link_key *key;
507 struct key_master_id *master;
508 struct hci_conn *hcon = conn->hcon;
510 key = hci_find_link_key_type(hcon->hdev, conn->dst,
515 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND,
519 master = (void *) key->data;
520 hci_le_start_enc(hcon, master->ediv, master->rand,
522 hcon->enc_key_size = key->pin_len;
527 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
529 struct smp_cmd_security_req *rp = (void *) skb->data;
530 struct smp_cmd_pairing cp;
531 struct hci_conn *hcon = conn->hcon;
532 struct smp_chan *smp;
534 BT_DBG("conn %p", conn);
536 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
538 if (smp_ltk_encrypt(conn))
541 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
544 smp = smp_chan_create(conn);
546 skb_pull(skb, sizeof(*rp));
548 memset(&cp, 0, sizeof(cp));
549 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
551 smp->preq[0] = SMP_CMD_PAIRING_REQ;
552 memcpy(&smp->preq[1], &cp, sizeof(cp));
554 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
559 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
561 struct l2cap_conn *conn = hcon->l2cap_data;
562 struct smp_chan *smp = conn->smp_chan;
564 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
566 if (!lmp_host_le_capable(hcon->hdev))
569 if (sec_level == BT_SECURITY_LOW)
572 if (hcon->sec_level >= sec_level)
575 if (hcon->link_mode & HCI_LM_MASTER)
576 if (smp_ltk_encrypt(conn))
579 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
582 smp = smp_chan_create(conn);
584 if (hcon->link_mode & HCI_LM_MASTER) {
585 struct smp_cmd_pairing cp;
587 build_pairing_cmd(conn, &cp, NULL, SMP_AUTH_NONE);
588 smp->preq[0] = SMP_CMD_PAIRING_REQ;
589 memcpy(&smp->preq[1], &cp, sizeof(cp));
591 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
593 struct smp_cmd_security_req cp;
594 cp.auth_req = SMP_AUTH_NONE;
595 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
599 hcon->pending_sec_level = sec_level;
604 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
606 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
607 struct smp_chan *smp = conn->smp_chan;
609 skb_pull(skb, sizeof(*rp));
611 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
616 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
618 struct smp_cmd_master_ident *rp = (void *) skb->data;
619 struct smp_chan *smp = conn->smp_chan;
621 skb_pull(skb, sizeof(*rp));
623 hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size,
624 rp->ediv, rp->rand, smp->tk);
626 smp_distribute_keys(conn, 1);
631 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
633 __u8 code = skb->data[0];
637 if (!lmp_host_le_capable(conn->hcon->hdev)) {
639 reason = SMP_PAIRING_NOTSUPP;
643 skb_pull(skb, sizeof(code));
646 * The SMP context must be initialized for all other PDUs except
647 * pairing and security requests. If we get any other PDU when
648 * not initialized simply disconnect (done if this function
651 if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
653 BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
659 case SMP_CMD_PAIRING_REQ:
660 reason = smp_cmd_pairing_req(conn, skb);
663 case SMP_CMD_PAIRING_FAIL:
668 case SMP_CMD_PAIRING_RSP:
669 reason = smp_cmd_pairing_rsp(conn, skb);
672 case SMP_CMD_SECURITY_REQ:
673 reason = smp_cmd_security_req(conn, skb);
676 case SMP_CMD_PAIRING_CONFIRM:
677 reason = smp_cmd_pairing_confirm(conn, skb);
680 case SMP_CMD_PAIRING_RANDOM:
681 reason = smp_cmd_pairing_random(conn, skb);
684 case SMP_CMD_ENCRYPT_INFO:
685 reason = smp_cmd_encrypt_info(conn, skb);
688 case SMP_CMD_MASTER_IDENT:
689 reason = smp_cmd_master_ident(conn, skb);
692 case SMP_CMD_IDENT_INFO:
693 case SMP_CMD_IDENT_ADDR_INFO:
694 case SMP_CMD_SIGN_INFO:
700 BT_DBG("Unknown command code 0x%2.2x", code);
702 reason = SMP_CMD_NOTSUPP;
709 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
716 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
718 struct smp_cmd_pairing *req, *rsp;
719 struct smp_chan *smp = conn->smp_chan;
722 BT_DBG("conn %p force %d", conn, force);
724 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
727 rsp = (void *) &smp->prsp[1];
729 /* The responder sends its keys first */
730 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
733 req = (void *) &smp->preq[1];
735 if (conn->hcon->out) {
736 keydist = &rsp->init_key_dist;
737 *keydist &= req->init_key_dist;
739 keydist = &rsp->resp_key_dist;
740 *keydist &= req->resp_key_dist;
744 BT_DBG("keydist 0x%x", *keydist);
746 if (*keydist & SMP_DIST_ENC_KEY) {
747 struct smp_cmd_encrypt_info enc;
748 struct smp_cmd_master_ident ident;
751 get_random_bytes(enc.ltk, sizeof(enc.ltk));
752 get_random_bytes(&ediv, sizeof(ediv));
753 get_random_bytes(ident.rand, sizeof(ident.rand));
755 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
757 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
758 ediv, ident.rand, enc.ltk);
760 ident.ediv = cpu_to_le16(ediv);
762 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
764 *keydist &= ~SMP_DIST_ENC_KEY;
767 if (*keydist & SMP_DIST_ID_KEY) {
768 struct smp_cmd_ident_addr_info addrinfo;
769 struct smp_cmd_ident_info idinfo;
771 /* Send a dummy key */
772 get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
774 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
776 /* Just public address */
777 memset(&addrinfo, 0, sizeof(addrinfo));
778 bacpy(&addrinfo.bdaddr, conn->src);
780 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
783 *keydist &= ~SMP_DIST_ID_KEY;
786 if (*keydist & SMP_DIST_SIGN) {
787 struct smp_cmd_sign_info sign;
789 /* Send a dummy key */
790 get_random_bytes(sign.csrk, sizeof(sign.csrk));
792 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
794 *keydist &= ~SMP_DIST_SIGN;
797 if (conn->hcon->out || force) {
798 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend);
799 del_timer(&conn->security_timer);
800 smp_chan_destroy(conn);