2
BlueZ - Bluetooth protocol stack for Linux
3
Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5
This program is free software; you can redistribute it and/or modify
6
it under the terms of the GNU General Public License version 2 as
7
published by the Free Software Foundation;
9
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20
SOFTWARE IS DISCLAIMED.
23
#include <net/bluetooth/bluetooth.h>
24
#include <net/bluetooth/hci_core.h>
25
#include <net/bluetooth/l2cap.h>
26
#include <net/bluetooth/smp.h>
27
#include <linux/crypto.h>
28
#include <linux/scatterlist.h>
29
#include <crypto/b128ops.h>
31
#define SMP_TIMEOUT 30000 /* 30 seconds */
33
static inline void swap128(u8 src[16], u8 dst[16])
36
for (i = 0; i < 16; i++)
40
static inline void swap56(u8 src[7], u8 dst[7])
43
for (i = 0; i < 7; i++)
47
static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
49
struct blkcipher_desc desc;
50
struct scatterlist sg;
52
unsigned char iv[128];
55
BT_ERR("tfm %p", tfm);
62
err = crypto_blkcipher_setkey(tfm, k, 16);
64
BT_ERR("cipher setkey failed: %d", err);
68
sg_init_one(&sg, r, 16);
70
iv_len = crypto_blkcipher_ivsize(tfm);
72
memset(&iv, 0xff, iv_len);
73
crypto_blkcipher_set_iv(tfm, iv, iv_len);
76
err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
78
BT_ERR("Encrypt data error %d", err);
83
static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
84
u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
85
u8 _rat, bdaddr_t *ra, u8 res[16])
92
/* p1 = pres || preq || _rat || _iat */
100
/* p2 = padding || ia || ra */
101
baswap((bdaddr_t *) (p2 + 4), ia);
102
baswap((bdaddr_t *) (p2 + 10), ra);
105
u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
107
/* res = e(k, res) */
108
err = smp_e(tfm, k, res);
110
BT_ERR("Encrypt data error");
114
/* res = res XOR p2 */
115
u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
117
/* res = e(k, res) */
118
err = smp_e(tfm, k, res);
120
BT_ERR("Encrypt data error");
125
static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
126
u8 r1[16], u8 r2[16], u8 _r[16])
130
/* Just least significant octets from r1 and r2 are considered */
131
memcpy(_r, r1 + 8, 8);
132
memcpy(_r + 8, r2 + 8, 8);
134
err = smp_e(tfm, k, _r);
136
BT_ERR("Encrypt data error");
141
static int smp_rand(u8 *buf)
143
get_random_bytes(buf, 16);
148
static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
149
u16 dlen, void *data)
152
struct l2cap_hdr *lh;
155
len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
160
skb = bt_skb_alloc(len, GFP_ATOMIC);
164
lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
165
lh->len = cpu_to_le16(sizeof(code) + dlen);
166
lh->cid = cpu_to_le16(L2CAP_CID_SMP);
168
memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
170
memcpy(skb_put(skb, dlen), data, dlen);
175
static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
177
struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
179
BT_DBG("code 0x%2.2x", code);
184
hci_send_acl(conn->hcon, skb, 0);
186
mod_timer(&conn->security_timer, jiffies +
187
msecs_to_jiffies(SMP_TIMEOUT));
190
static void build_pairing_cmd(struct l2cap_conn *conn,
191
struct smp_cmd_pairing *req,
192
struct smp_cmd_pairing *rsp,
198
if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
199
dist_keys = SMP_DIST_ENC_KEY;
200
authreq |= SMP_AUTH_BONDING;
204
req->io_capability = conn->hcon->io_capability;
205
req->oob_flag = SMP_OOB_NOT_PRESENT;
206
req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
207
req->init_key_dist = dist_keys;
208
req->resp_key_dist = dist_keys;
209
req->auth_req = authreq;
213
rsp->io_capability = conn->hcon->io_capability;
214
rsp->oob_flag = SMP_OOB_NOT_PRESENT;
215
rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
216
rsp->init_key_dist = req->init_key_dist & dist_keys;
217
rsp->resp_key_dist = req->resp_key_dist & dist_keys;
218
rsp->auth_req = authreq;
221
static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
223
struct smp_chan *smp = conn->smp_chan;
225
if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
226
(max_key_size < SMP_MIN_ENC_KEY_SIZE))
227
return SMP_ENC_KEY_SIZE;
229
smp->smp_key_size = max_key_size;
234
static void confirm_work(struct work_struct *work)
236
struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
237
struct l2cap_conn *conn = smp->conn;
238
struct crypto_blkcipher *tfm;
239
struct smp_cmd_pairing_confirm cp;
243
BT_DBG("conn %p", conn);
245
tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
247
reason = SMP_UNSPECIFIED;
254
ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
255
conn->src, conn->hcon->dst_type, conn->dst,
258
ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
259
conn->hcon->dst_type, conn->dst, 0, conn->src,
262
reason = SMP_UNSPECIFIED;
266
swap128(res, cp.confirm_val);
267
smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
272
smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason);
273
smp_chan_destroy(conn);
276
static void random_work(struct work_struct *work)
278
struct smp_chan *smp = container_of(work, struct smp_chan, random);
279
struct l2cap_conn *conn = smp->conn;
280
struct hci_conn *hcon = conn->hcon;
281
struct crypto_blkcipher *tfm = smp->tfm;
282
u8 reason, confirm[16], res[16], key[16];
285
if (IS_ERR_OR_NULL(tfm)) {
286
reason = SMP_UNSPECIFIED;
290
BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
293
ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
294
conn->src, hcon->dst_type, conn->dst,
297
ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
298
hcon->dst_type, conn->dst, 0, conn->src,
301
reason = SMP_UNSPECIFIED;
305
swap128(res, confirm);
307
if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
308
BT_ERR("Pairing failed (confirmation values mismatch)");
309
reason = SMP_CONFIRM_FAILED;
317
memset(rand, 0, sizeof(rand));
320
smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
323
memset(stk + smp->smp_key_size, 0,
324
SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
326
if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) {
327
reason = SMP_UNSPECIFIED;
331
hci_le_start_enc(hcon, ediv, rand, stk);
332
hcon->enc_key_size = smp->smp_key_size;
334
u8 stk[16], r[16], rand[8];
337
memset(rand, 0, sizeof(rand));
340
swap128(smp->prnd, r);
341
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
343
smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
346
memset(stk + smp->smp_key_size, 0,
347
SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
349
hci_add_ltk(hcon->hdev, 0, conn->dst, smp->smp_key_size,
356
smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason);
357
smp_chan_destroy(conn);
360
static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
362
struct smp_chan *smp;
364
smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC);
368
INIT_WORK(&smp->confirm, confirm_work);
369
INIT_WORK(&smp->random, random_work);
372
conn->smp_chan = smp;
374
hci_conn_hold(conn->hcon);
379
void smp_chan_destroy(struct l2cap_conn *conn)
381
kfree(conn->smp_chan);
382
hci_conn_put(conn->hcon);
385
static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
387
struct smp_cmd_pairing rsp, *req = (void *) skb->data;
388
struct smp_chan *smp;
392
BT_DBG("conn %p", conn);
394
if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
395
smp = smp_chan_create(conn);
397
smp = conn->smp_chan;
399
smp->preq[0] = SMP_CMD_PAIRING_REQ;
400
memcpy(&smp->preq[1], req, sizeof(*req));
401
skb_pull(skb, sizeof(*req));
404
return SMP_OOB_NOT_AVAIL;
406
/* We didn't start the pairing, so no requirements */
407
build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
409
key_size = min(req->max_key_size, rsp.max_key_size);
410
if (check_enc_key_size(conn, key_size))
411
return SMP_ENC_KEY_SIZE;
414
memset(smp->tk, 0, sizeof(smp->tk));
416
ret = smp_rand(smp->prnd);
418
return SMP_UNSPECIFIED;
420
smp->prsp[0] = SMP_CMD_PAIRING_RSP;
421
memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
423
smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
428
static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
430
struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
431
struct smp_chan *smp = conn->smp_chan;
432
struct hci_dev *hdev = conn->hcon->hdev;
436
BT_DBG("conn %p", conn);
438
skb_pull(skb, sizeof(*rsp));
440
req = (void *) &smp->preq[1];
442
key_size = min(req->max_key_size, rsp->max_key_size);
443
if (check_enc_key_size(conn, key_size))
444
return SMP_ENC_KEY_SIZE;
447
return SMP_OOB_NOT_AVAIL;
450
memset(smp->tk, 0, sizeof(smp->tk));
452
ret = smp_rand(smp->prnd);
454
return SMP_UNSPECIFIED;
456
smp->prsp[0] = SMP_CMD_PAIRING_RSP;
457
memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
459
queue_work(hdev->workqueue, &smp->confirm);
464
static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
466
struct smp_chan *smp = conn->smp_chan;
467
struct hci_dev *hdev = conn->hcon->hdev;
469
BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
471
memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
472
skb_pull(skb, sizeof(smp->pcnf));
474
if (conn->hcon->out) {
477
swap128(smp->prnd, random);
478
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
481
queue_work(hdev->workqueue, &smp->confirm);
487
static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
489
struct smp_chan *smp = conn->smp_chan;
490
struct hci_dev *hdev = conn->hcon->hdev;
492
BT_DBG("conn %p", conn);
494
swap128(skb->data, smp->rrnd);
495
skb_pull(skb, sizeof(smp->rrnd));
497
queue_work(hdev->workqueue, &smp->random);
502
static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
504
struct link_key *key;
505
struct key_master_id *master;
506
struct hci_conn *hcon = conn->hcon;
508
key = hci_find_link_key_type(hcon->hdev, conn->dst,
513
if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND,
517
master = (void *) key->data;
518
hci_le_start_enc(hcon, master->ediv, master->rand,
520
hcon->enc_key_size = key->pin_len;
525
static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
527
struct smp_cmd_security_req *rp = (void *) skb->data;
528
struct smp_cmd_pairing cp;
529
struct hci_conn *hcon = conn->hcon;
530
struct smp_chan *smp;
532
BT_DBG("conn %p", conn);
534
hcon->pending_sec_level = BT_SECURITY_MEDIUM;
536
if (smp_ltk_encrypt(conn))
539
if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
542
smp = smp_chan_create(conn);
544
skb_pull(skb, sizeof(*rp));
546
memset(&cp, 0, sizeof(cp));
547
build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
549
smp->preq[0] = SMP_CMD_PAIRING_REQ;
550
memcpy(&smp->preq[1], &cp, sizeof(cp));
552
smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
557
int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
559
struct hci_conn *hcon = conn->hcon;
560
struct smp_chan *smp = conn->smp_chan;
562
BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
564
if (!lmp_host_le_capable(hcon->hdev))
567
if (sec_level == BT_SECURITY_LOW)
570
if (hcon->sec_level >= sec_level)
573
if (hcon->link_mode & HCI_LM_MASTER)
574
if (smp_ltk_encrypt(conn))
577
if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
580
smp = smp_chan_create(conn);
582
if (hcon->link_mode & HCI_LM_MASTER) {
583
struct smp_cmd_pairing cp;
585
build_pairing_cmd(conn, &cp, NULL, SMP_AUTH_NONE);
586
smp->preq[0] = SMP_CMD_PAIRING_REQ;
587
memcpy(&smp->preq[1], &cp, sizeof(cp));
589
smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
591
struct smp_cmd_security_req cp;
592
cp.auth_req = SMP_AUTH_NONE;
593
smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
597
hcon->pending_sec_level = sec_level;
602
static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
604
struct smp_cmd_encrypt_info *rp = (void *) skb->data;
605
struct smp_chan *smp = conn->smp_chan;
607
skb_pull(skb, sizeof(*rp));
609
memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
614
static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
616
struct smp_cmd_master_ident *rp = (void *) skb->data;
617
struct smp_chan *smp = conn->smp_chan;
619
skb_pull(skb, sizeof(*rp));
621
hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size,
622
rp->ediv, rp->rand, smp->tk);
624
smp_distribute_keys(conn, 1);
629
int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
631
__u8 code = skb->data[0];
635
if (!lmp_host_le_capable(conn->hcon->hdev)) {
637
reason = SMP_PAIRING_NOTSUPP;
641
skb_pull(skb, sizeof(code));
644
case SMP_CMD_PAIRING_REQ:
645
reason = smp_cmd_pairing_req(conn, skb);
648
case SMP_CMD_PAIRING_FAIL:
653
case SMP_CMD_PAIRING_RSP:
654
reason = smp_cmd_pairing_rsp(conn, skb);
657
case SMP_CMD_SECURITY_REQ:
658
reason = smp_cmd_security_req(conn, skb);
661
case SMP_CMD_PAIRING_CONFIRM:
662
reason = smp_cmd_pairing_confirm(conn, skb);
665
case SMP_CMD_PAIRING_RANDOM:
666
reason = smp_cmd_pairing_random(conn, skb);
669
case SMP_CMD_ENCRYPT_INFO:
670
reason = smp_cmd_encrypt_info(conn, skb);
673
case SMP_CMD_MASTER_IDENT:
674
reason = smp_cmd_master_ident(conn, skb);
677
case SMP_CMD_IDENT_INFO:
678
case SMP_CMD_IDENT_ADDR_INFO:
679
case SMP_CMD_SIGN_INFO:
685
BT_DBG("Unknown command code 0x%2.2x", code);
687
reason = SMP_CMD_NOTSUPP;
694
smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
701
int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
703
struct smp_cmd_pairing *req, *rsp;
704
struct smp_chan *smp = conn->smp_chan;
707
BT_DBG("conn %p force %d", conn, force);
709
if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
712
rsp = (void *) &smp->prsp[1];
714
/* The responder sends its keys first */
715
if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
718
req = (void *) &smp->preq[1];
720
if (conn->hcon->out) {
721
keydist = &rsp->init_key_dist;
722
*keydist &= req->init_key_dist;
724
keydist = &rsp->resp_key_dist;
725
*keydist &= req->resp_key_dist;
729
BT_DBG("keydist 0x%x", *keydist);
731
if (*keydist & SMP_DIST_ENC_KEY) {
732
struct smp_cmd_encrypt_info enc;
733
struct smp_cmd_master_ident ident;
736
get_random_bytes(enc.ltk, sizeof(enc.ltk));
737
get_random_bytes(&ediv, sizeof(ediv));
738
get_random_bytes(ident.rand, sizeof(ident.rand));
740
smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
742
hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
743
ediv, ident.rand, enc.ltk);
745
ident.ediv = cpu_to_le16(ediv);
747
smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
749
*keydist &= ~SMP_DIST_ENC_KEY;
752
if (*keydist & SMP_DIST_ID_KEY) {
753
struct smp_cmd_ident_addr_info addrinfo;
754
struct smp_cmd_ident_info idinfo;
756
/* Send a dummy key */
757
get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
759
smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
761
/* Just public address */
762
memset(&addrinfo, 0, sizeof(addrinfo));
763
bacpy(&addrinfo.bdaddr, conn->src);
765
smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
768
*keydist &= ~SMP_DIST_ID_KEY;
771
if (*keydist & SMP_DIST_SIGN) {
772
struct smp_cmd_sign_info sign;
774
/* Send a dummy key */
775
get_random_bytes(sign.csrk, sizeof(sign.csrk));
777
smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
779
*keydist &= ~SMP_DIST_SIGN;
782
if (conn->hcon->out || force) {
783
clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend);
784
del_timer(&conn->security_timer);
785
smp_chan_destroy(conn);