2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <crypto/b128ops.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/l2cap.h>
30 #include <net/bluetooth/mgmt.h>
34 #define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
36 #define SMP_TIMEOUT msecs_to_jiffies(30000)
38 #define AUTH_REQ_MASK 0x07
39 #define KEY_DIST_MASK 0x07
50 struct l2cap_conn *conn;
51 struct delayed_work security_timer;
52 unsigned long allow_cmd; /* Bitmask of allowed commands */
54 u8 preq[7]; /* SMP Pairing Request */
55 u8 prsp[7]; /* SMP Pairing Response */
56 u8 prnd[16]; /* SMP Pairing Random (local) */
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */
65 struct smp_csrk *csrk;
66 struct smp_csrk *slave_csrk;
68 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk;
72 struct crypto_blkcipher *tfm_aes;
75 static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
79 for (i = 0; i < len; i++)
80 dst[len - 1 - i] = src[i];
83 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
85 struct blkcipher_desc desc;
86 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
91 BT_ERR("tfm %p", tfm);
98 /* The most significant octet of key corresponds to k[0] */
101 err = crypto_blkcipher_setkey(tfm, tmp, 16);
103 BT_ERR("cipher setkey failed: %d", err);
107 /* Most significant octet of plaintextData corresponds to data[0] */
108 swap_buf(r, data, 16);
110 sg_init_one(&sg, data, 16);
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
114 BT_ERR("Encrypt data error %d", err);
116 /* Most significant octet of encryptedData corresponds to data[0] */
117 swap_buf(data, r, 16);
122 static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
127 /* r' = padding || r */
129 memset(_res + 3, 0, 13);
131 err = smp_e(tfm, irk, _res);
133 BT_ERR("Encrypt error");
137 /* The output of the random address function ah is:
138 * ah(h, r) = e(k, r') mod 2^24
139 * The output of the security function e is then truncated to 24 bits
140 * by taking the least significant 24 bits of the output of e as the
143 memcpy(res, _res, 3);
148 bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr)
150 struct l2cap_chan *chan = hdev->smp_data;
151 struct crypto_blkcipher *tfm;
155 if (!chan || !chan->data)
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
166 return !memcmp(bdaddr->b, hash, 3);
169 int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
175 if (!chan || !chan->data)
180 get_random_bytes(&rpa->b[3], 3);
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
183 rpa->b[5] |= 0x40; /* Set second most significant bit */
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
189 BT_DBG("RPA %pMR", rpa);
194 static int smp_c1(struct smp_chan *smp, u8 k[16], u8 r[16], u8 preq[7],
195 u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, bdaddr_t *ra,
198 struct hci_dev *hdev = smp->conn->hcon->hdev;
202 BT_DBG("%s", hdev->name);
206 /* p1 = pres || preq || _rat || _iat */
209 memcpy(p1 + 2, preq, 7);
210 memcpy(p1 + 9, pres, 7);
212 /* p2 = padding || ia || ra */
214 memcpy(p2 + 6, ia, 6);
215 memset(p2 + 12, 0, 4);
218 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
220 /* res = e(k, res) */
221 err = smp_e(smp->tfm_aes, k, res);
223 BT_ERR("Encrypt data error");
227 /* res = res XOR p2 */
228 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
230 /* res = e(k, res) */
231 err = smp_e(smp->tfm_aes, k, res);
233 BT_ERR("Encrypt data error");
238 static int smp_s1(struct smp_chan *smp, u8 k[16], u8 r1[16], u8 r2[16],
241 struct hci_dev *hdev = smp->conn->hcon->hdev;
244 BT_DBG("%s", hdev->name);
246 /* Just least significant octets from r1 and r2 are considered */
248 memcpy(_r + 8, r1, 8);
250 err = smp_e(smp->tfm_aes, k, _r);
252 BT_ERR("Encrypt data error");
257 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
259 struct l2cap_chan *chan = conn->smp;
260 struct smp_chan *smp;
267 BT_DBG("code 0x%2.2x", code);
269 iv[0].iov_base = &code;
272 iv[1].iov_base = data;
275 memset(&msg, 0, sizeof(msg));
277 msg.msg_iov = (struct iovec *) &iv;
280 l2cap_chan_send(chan, &msg, 1 + len);
287 cancel_delayed_work_sync(&smp->security_timer);
288 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
291 static __u8 authreq_to_seclevel(__u8 authreq)
293 if (authreq & SMP_AUTH_MITM)
294 return BT_SECURITY_HIGH;
296 return BT_SECURITY_MEDIUM;
299 static __u8 seclevel_to_authreq(__u8 sec_level)
302 case BT_SECURITY_HIGH:
303 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
304 case BT_SECURITY_MEDIUM:
305 return SMP_AUTH_BONDING;
307 return SMP_AUTH_NONE;
311 static void build_pairing_cmd(struct l2cap_conn *conn,
312 struct smp_cmd_pairing *req,
313 struct smp_cmd_pairing *rsp, __u8 authreq)
315 struct l2cap_chan *chan = conn->smp;
316 struct smp_chan *smp = chan->data;
317 struct hci_conn *hcon = conn->hcon;
318 struct hci_dev *hdev = hcon->hdev;
319 u8 local_dist = 0, remote_dist = 0;
321 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
322 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
323 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
324 authreq |= SMP_AUTH_BONDING;
326 authreq &= ~SMP_AUTH_BONDING;
329 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
330 remote_dist |= SMP_DIST_ID_KEY;
332 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
333 local_dist |= SMP_DIST_ID_KEY;
336 req->io_capability = conn->hcon->io_capability;
337 req->oob_flag = SMP_OOB_NOT_PRESENT;
338 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
339 req->init_key_dist = local_dist;
340 req->resp_key_dist = remote_dist;
341 req->auth_req = (authreq & AUTH_REQ_MASK);
343 smp->remote_key_dist = remote_dist;
347 rsp->io_capability = conn->hcon->io_capability;
348 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
349 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
350 rsp->init_key_dist = req->init_key_dist & remote_dist;
351 rsp->resp_key_dist = req->resp_key_dist & local_dist;
352 rsp->auth_req = (authreq & AUTH_REQ_MASK);
354 smp->remote_key_dist = rsp->init_key_dist;
357 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
359 struct l2cap_chan *chan = conn->smp;
360 struct smp_chan *smp = chan->data;
362 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
363 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
364 return SMP_ENC_KEY_SIZE;
366 smp->enc_key_size = max_key_size;
371 static void smp_chan_destroy(struct l2cap_conn *conn)
373 struct l2cap_chan *chan = conn->smp;
374 struct smp_chan *smp = chan->data;
379 cancel_delayed_work_sync(&smp->security_timer);
381 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
382 mgmt_smp_complete(conn->hcon, complete);
385 kfree(smp->slave_csrk);
387 crypto_free_blkcipher(smp->tfm_aes);
389 /* If pairing failed clean up any keys we might have */
392 list_del(&smp->ltk->list);
396 if (smp->slave_ltk) {
397 list_del(&smp->slave_ltk->list);
398 kfree(smp->slave_ltk);
401 if (smp->remote_irk) {
402 list_del(&smp->remote_irk->list);
403 kfree(smp->remote_irk);
409 hci_conn_drop(conn->hcon);
412 static void smp_failure(struct l2cap_conn *conn, u8 reason)
414 struct hci_conn *hcon = conn->hcon;
415 struct l2cap_chan *chan = conn->smp;
418 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
421 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
422 mgmt_auth_failed(hcon, HCI_ERROR_AUTH_FAILURE);
425 smp_chan_destroy(conn);
428 #define JUST_WORKS 0x00
429 #define JUST_CFM 0x01
430 #define REQ_PASSKEY 0x02
431 #define CFM_PASSKEY 0x03
435 static const u8 gen_method[5][5] = {
436 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
437 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
438 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
439 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
440 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
443 static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
445 /* If either side has unknown io_caps, use JUST_CFM (which gets
446 * converted later to JUST_WORKS if we're initiators.
448 if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
449 remote_io > SMP_IO_KEYBOARD_DISPLAY)
452 return gen_method[remote_io][local_io];
455 static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
456 u8 local_io, u8 remote_io)
458 struct hci_conn *hcon = conn->hcon;
459 struct l2cap_chan *chan = conn->smp;
460 struct smp_chan *smp = chan->data;
465 /* Initialize key for JUST WORKS */
466 memset(smp->tk, 0, sizeof(smp->tk));
467 clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
469 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
471 /* If neither side wants MITM, either "just" confirm an incoming
472 * request or use just-works for outgoing ones. The JUST_CFM
473 * will be converted to JUST_WORKS if necessary later in this
474 * function. If either side has MITM look up the method from the
477 if (!(auth & SMP_AUTH_MITM))
480 method = get_auth_method(smp, local_io, remote_io);
482 /* Don't confirm locally initiated pairing attempts */
483 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
486 /* Don't bother user space with no IO capabilities */
487 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
490 /* If Just Works, Continue with Zero TK */
491 if (method == JUST_WORKS) {
492 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
496 /* Not Just Works/Confirm results in MITM Authentication */
497 if (method != JUST_CFM) {
498 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
499 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
500 hcon->pending_sec_level = BT_SECURITY_HIGH;
503 /* If both devices have Keyoard-Display I/O, the master
504 * Confirms and the slave Enters the passkey.
506 if (method == OVERLAP) {
507 if (hcon->role == HCI_ROLE_MASTER)
508 method = CFM_PASSKEY;
510 method = REQ_PASSKEY;
513 /* Generate random passkey. */
514 if (method == CFM_PASSKEY) {
515 memset(smp->tk, 0, sizeof(smp->tk));
516 get_random_bytes(&passkey, sizeof(passkey));
518 put_unaligned_le32(passkey, smp->tk);
519 BT_DBG("PassKey: %d", passkey);
520 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
523 hci_dev_lock(hcon->hdev);
525 if (method == REQ_PASSKEY)
526 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
527 hcon->type, hcon->dst_type);
528 else if (method == JUST_CFM)
529 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
530 hcon->type, hcon->dst_type,
533 ret = mgmt_user_passkey_notify(hcon->hdev, &hcon->dst,
534 hcon->type, hcon->dst_type,
537 hci_dev_unlock(hcon->hdev);
542 static u8 smp_confirm(struct smp_chan *smp)
544 struct l2cap_conn *conn = smp->conn;
545 struct smp_cmd_pairing_confirm cp;
548 BT_DBG("conn %p", conn);
550 ret = smp_c1(smp, smp->tk, smp->prnd, smp->preq, smp->prsp,
551 conn->hcon->init_addr_type, &conn->hcon->init_addr,
552 conn->hcon->resp_addr_type, &conn->hcon->resp_addr,
555 return SMP_UNSPECIFIED;
557 clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
559 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
562 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
564 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
569 static u8 smp_random(struct smp_chan *smp)
571 struct l2cap_conn *conn = smp->conn;
572 struct hci_conn *hcon = conn->hcon;
576 if (IS_ERR_OR_NULL(smp->tfm_aes))
577 return SMP_UNSPECIFIED;
579 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
581 ret = smp_c1(smp, smp->tk, smp->rrnd, smp->preq, smp->prsp,
582 hcon->init_addr_type, &hcon->init_addr,
583 hcon->resp_addr_type, &hcon->resp_addr, confirm);
585 return SMP_UNSPECIFIED;
587 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
588 BT_ERR("Pairing failed (confirmation values mismatch)");
589 return SMP_CONFIRM_FAILED;
597 smp_s1(smp, smp->tk, smp->rrnd, smp->prnd, stk);
599 memset(stk + smp->enc_key_size, 0,
600 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
602 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
603 return SMP_UNSPECIFIED;
605 hci_le_start_enc(hcon, ediv, rand, stk);
606 hcon->enc_key_size = smp->enc_key_size;
607 set_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
613 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
616 smp_s1(smp, smp->tk, smp->prnd, smp->rrnd, stk);
618 memset(stk + smp->enc_key_size, 0,
619 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
621 if (hcon->pending_sec_level == BT_SECURITY_HIGH)
626 /* Even though there's no _SLAVE suffix this is the
627 * slave STK we're adding for later lookup (the master
628 * STK never needs to be stored).
630 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
631 SMP_STK, auth, stk, smp->enc_key_size, ediv, rand);
637 static void smp_notify_keys(struct l2cap_conn *conn)
639 struct l2cap_chan *chan = conn->smp;
640 struct smp_chan *smp = chan->data;
641 struct hci_conn *hcon = conn->hcon;
642 struct hci_dev *hdev = hcon->hdev;
643 struct smp_cmd_pairing *req = (void *) &smp->preq[1];
644 struct smp_cmd_pairing *rsp = (void *) &smp->prsp[1];
647 if (smp->remote_irk) {
648 mgmt_new_irk(hdev, smp->remote_irk);
649 /* Now that user space can be considered to know the
650 * identity address track the connection based on it
653 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
654 hcon->dst_type = smp->remote_irk->addr_type;
655 queue_work(hdev->workqueue, &conn->id_addr_update_work);
657 /* When receiving an indentity resolving key for
658 * a remote device that does not use a resolvable
659 * private address, just remove the key so that
660 * it is possible to use the controller white
663 * Userspace will have been told to not store
664 * this key at this point. So it is safe to
667 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
668 list_del(&smp->remote_irk->list);
669 kfree(smp->remote_irk);
670 smp->remote_irk = NULL;
674 /* The LTKs and CSRKs should be persistent only if both sides
675 * had the bonding bit set in their authentication requests.
677 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING);
680 smp->csrk->bdaddr_type = hcon->dst_type;
681 bacpy(&smp->csrk->bdaddr, &hcon->dst);
682 mgmt_new_csrk(hdev, smp->csrk, persistent);
685 if (smp->slave_csrk) {
686 smp->slave_csrk->bdaddr_type = hcon->dst_type;
687 bacpy(&smp->slave_csrk->bdaddr, &hcon->dst);
688 mgmt_new_csrk(hdev, smp->slave_csrk, persistent);
692 smp->ltk->bdaddr_type = hcon->dst_type;
693 bacpy(&smp->ltk->bdaddr, &hcon->dst);
694 mgmt_new_ltk(hdev, smp->ltk, persistent);
697 if (smp->slave_ltk) {
698 smp->slave_ltk->bdaddr_type = hcon->dst_type;
699 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
700 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
704 static void smp_allow_key_dist(struct smp_chan *smp)
706 /* Allow the first expected phase 3 PDU. The rest of the PDUs
707 * will be allowed in each PDU handler to ensure we receive
708 * them in the correct order.
710 if (smp->remote_key_dist & SMP_DIST_ENC_KEY)
711 SMP_ALLOW_CMD(smp, SMP_CMD_ENCRYPT_INFO);
712 else if (smp->remote_key_dist & SMP_DIST_ID_KEY)
713 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
714 else if (smp->remote_key_dist & SMP_DIST_SIGN)
715 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
718 static void smp_distribute_keys(struct smp_chan *smp)
720 struct smp_cmd_pairing *req, *rsp;
721 struct l2cap_conn *conn = smp->conn;
722 struct hci_conn *hcon = conn->hcon;
723 struct hci_dev *hdev = hcon->hdev;
726 BT_DBG("conn %p", conn);
728 rsp = (void *) &smp->prsp[1];
730 /* The responder sends its keys first */
731 if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
732 smp_allow_key_dist(smp);
736 req = (void *) &smp->preq[1];
739 keydist = &rsp->init_key_dist;
740 *keydist &= req->init_key_dist;
742 keydist = &rsp->resp_key_dist;
743 *keydist &= req->resp_key_dist;
746 BT_DBG("keydist 0x%x", *keydist);
748 if (*keydist & SMP_DIST_ENC_KEY) {
749 struct smp_cmd_encrypt_info enc;
750 struct smp_cmd_master_ident ident;
756 get_random_bytes(enc.ltk, sizeof(enc.ltk));
757 get_random_bytes(&ediv, sizeof(ediv));
758 get_random_bytes(&rand, sizeof(rand));
760 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
762 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
763 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
764 SMP_LTK_SLAVE, authenticated, enc.ltk,
765 smp->enc_key_size, ediv, rand);
766 smp->slave_ltk = ltk;
771 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
773 *keydist &= ~SMP_DIST_ENC_KEY;
776 if (*keydist & SMP_DIST_ID_KEY) {
777 struct smp_cmd_ident_addr_info addrinfo;
778 struct smp_cmd_ident_info idinfo;
780 memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
782 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
784 /* The hci_conn contains the local identity address
785 * after the connection has been established.
787 * This is true even when the connection has been
788 * established using a resolvable random address.
790 bacpy(&addrinfo.bdaddr, &hcon->src);
791 addrinfo.addr_type = hcon->src_type;
793 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
796 *keydist &= ~SMP_DIST_ID_KEY;
799 if (*keydist & SMP_DIST_SIGN) {
800 struct smp_cmd_sign_info sign;
801 struct smp_csrk *csrk;
803 /* Generate a new random key */
804 get_random_bytes(sign.csrk, sizeof(sign.csrk));
806 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
809 memcpy(csrk->val, sign.csrk, sizeof(csrk->val));
811 smp->slave_csrk = csrk;
813 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
815 *keydist &= ~SMP_DIST_SIGN;
818 /* If there are still keys to be received wait for them */
819 if (smp->remote_key_dist & KEY_DIST_MASK) {
820 smp_allow_key_dist(smp);
824 set_bit(SMP_FLAG_COMPLETE, &smp->flags);
825 smp_notify_keys(conn);
827 smp_chan_destroy(conn);
830 static void smp_timeout(struct work_struct *work)
832 struct smp_chan *smp = container_of(work, struct smp_chan,
833 security_timer.work);
834 struct l2cap_conn *conn = smp->conn;
836 BT_DBG("conn %p", conn);
838 hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
841 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
843 struct l2cap_chan *chan = conn->smp;
844 struct smp_chan *smp;
846 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
850 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
851 if (IS_ERR(smp->tfm_aes)) {
852 BT_ERR("Unable to create ECB crypto context");
860 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_FAIL);
862 INIT_DELAYED_WORK(&smp->security_timer, smp_timeout);
864 hci_conn_hold(conn->hcon);
869 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
871 struct l2cap_conn *conn = hcon->l2cap_data;
872 struct l2cap_chan *chan;
873 struct smp_chan *smp;
886 l2cap_chan_lock(chan);
895 case MGMT_OP_USER_PASSKEY_REPLY:
896 value = le32_to_cpu(passkey);
897 memset(smp->tk, 0, sizeof(smp->tk));
898 BT_DBG("PassKey: %d", value);
899 put_unaligned_le32(value, smp->tk);
901 case MGMT_OP_USER_CONFIRM_REPLY:
902 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
904 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
905 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
906 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
910 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
917 /* If it is our turn to send Pairing Confirm, do so now */
918 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
919 u8 rsp = smp_confirm(smp);
921 smp_failure(conn, rsp);
925 l2cap_chan_unlock(chan);
929 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
931 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
932 struct l2cap_chan *chan = conn->smp;
933 struct hci_dev *hdev = conn->hcon->hdev;
934 struct smp_chan *smp;
935 u8 key_size, auth, sec_level;
938 BT_DBG("conn %p", conn);
940 if (skb->len < sizeof(*req))
941 return SMP_INVALID_PARAMS;
943 if (conn->hcon->role != HCI_ROLE_SLAVE)
944 return SMP_CMD_NOTSUPP;
947 smp = smp_chan_create(conn);
952 return SMP_UNSPECIFIED;
954 /* We didn't start the pairing, so match remote */
955 auth = req->auth_req & AUTH_REQ_MASK;
957 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
958 (auth & SMP_AUTH_BONDING))
959 return SMP_PAIRING_NOTSUPP;
961 smp->preq[0] = SMP_CMD_PAIRING_REQ;
962 memcpy(&smp->preq[1], req, sizeof(*req));
963 skb_pull(skb, sizeof(*req));
965 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
966 sec_level = BT_SECURITY_MEDIUM;
968 sec_level = authreq_to_seclevel(auth);
970 if (sec_level > conn->hcon->pending_sec_level)
971 conn->hcon->pending_sec_level = sec_level;
973 /* If we need MITM check that it can be acheived */
974 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
977 method = get_auth_method(smp, conn->hcon->io_capability,
979 if (method == JUST_WORKS || method == JUST_CFM)
980 return SMP_AUTH_REQUIREMENTS;
983 build_pairing_cmd(conn, req, &rsp, auth);
985 key_size = min(req->max_key_size, rsp.max_key_size);
986 if (check_enc_key_size(conn, key_size))
987 return SMP_ENC_KEY_SIZE;
989 get_random_bytes(smp->prnd, sizeof(smp->prnd));
991 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
992 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
994 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
995 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
997 /* Request setup of TK */
998 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
1000 return SMP_UNSPECIFIED;
1005 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1007 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
1008 struct l2cap_chan *chan = conn->smp;
1009 struct smp_chan *smp = chan->data;
1013 BT_DBG("conn %p", conn);
1015 if (skb->len < sizeof(*rsp))
1016 return SMP_INVALID_PARAMS;
1018 if (conn->hcon->role != HCI_ROLE_MASTER)
1019 return SMP_CMD_NOTSUPP;
1021 skb_pull(skb, sizeof(*rsp));
1023 req = (void *) &smp->preq[1];
1025 key_size = min(req->max_key_size, rsp->max_key_size);
1026 if (check_enc_key_size(conn, key_size))
1027 return SMP_ENC_KEY_SIZE;
1029 auth = rsp->auth_req & AUTH_REQ_MASK;
1031 /* If we need MITM check that it can be acheived */
1032 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1035 method = get_auth_method(smp, req->io_capability,
1036 rsp->io_capability);
1037 if (method == JUST_WORKS || method == JUST_CFM)
1038 return SMP_AUTH_REQUIREMENTS;
1041 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1043 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1044 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1046 /* Update remote key distribution in case the remote cleared
1047 * some bits that we had enabled in our request.
1049 smp->remote_key_dist &= rsp->resp_key_dist;
1051 auth |= req->auth_req;
1053 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
1055 return SMP_UNSPECIFIED;
1057 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1059 /* Can't compose response until we have been confirmed */
1060 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1061 return smp_confirm(smp);
1066 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1068 struct l2cap_chan *chan = conn->smp;
1069 struct smp_chan *smp = chan->data;
1071 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
1073 if (skb->len < sizeof(smp->pcnf))
1074 return SMP_INVALID_PARAMS;
1076 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1077 skb_pull(skb, sizeof(smp->pcnf));
1079 if (conn->hcon->out) {
1080 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1082 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1086 if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
1087 return smp_confirm(smp);
1089 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1094 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1096 struct l2cap_chan *chan = conn->smp;
1097 struct smp_chan *smp = chan->data;
1099 BT_DBG("conn %p", conn);
1101 if (skb->len < sizeof(smp->rrnd))
1102 return SMP_INVALID_PARAMS;
1104 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1105 skb_pull(skb, sizeof(smp->rrnd));
1107 return smp_random(smp);
1110 static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1112 struct smp_ltk *key;
1113 struct hci_conn *hcon = conn->hcon;
1115 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1120 if (smp_ltk_sec_level(key) < sec_level)
1123 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
1126 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
1127 hcon->enc_key_size = key->enc_size;
1129 /* We never store STKs for master role, so clear this flag */
1130 clear_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags);
1135 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
1137 if (sec_level == BT_SECURITY_LOW)
1140 /* If we're encrypted with an STK always claim insufficient
1141 * security. This way we allow the connection to be re-encrypted
1142 * with an LTK, even if the LTK provides the same level of
1143 * security. Only exception is if we don't have an LTK (e.g.
1144 * because of key distribution bits).
1146 if (test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1147 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
1151 if (hcon->sec_level >= sec_level)
1157 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1159 struct smp_cmd_security_req *rp = (void *) skb->data;
1160 struct smp_cmd_pairing cp;
1161 struct hci_conn *hcon = conn->hcon;
1162 struct smp_chan *smp;
1165 BT_DBG("conn %p", conn);
1167 if (skb->len < sizeof(*rp))
1168 return SMP_INVALID_PARAMS;
1170 if (hcon->role != HCI_ROLE_MASTER)
1171 return SMP_CMD_NOTSUPP;
1173 auth = rp->auth_req & AUTH_REQ_MASK;
1175 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1176 sec_level = BT_SECURITY_MEDIUM;
1178 sec_level = authreq_to_seclevel(auth);
1180 if (smp_sufficient_security(hcon, sec_level))
1183 if (sec_level > hcon->pending_sec_level)
1184 hcon->pending_sec_level = sec_level;
1186 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1189 smp = smp_chan_create(conn);
1191 return SMP_UNSPECIFIED;
1193 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
1194 (auth & SMP_AUTH_BONDING))
1195 return SMP_PAIRING_NOTSUPP;
1197 skb_pull(skb, sizeof(*rp));
1199 memset(&cp, 0, sizeof(cp));
1200 build_pairing_cmd(conn, &cp, NULL, auth);
1202 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1203 memcpy(&smp->preq[1], &cp, sizeof(cp));
1205 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1206 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1211 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1213 struct l2cap_conn *conn = hcon->l2cap_data;
1214 struct l2cap_chan *chan;
1215 struct smp_chan *smp;
1219 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
1221 /* This may be NULL if there's an unexpected disconnection */
1227 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
1230 if (smp_sufficient_security(hcon, sec_level))
1233 if (sec_level > hcon->pending_sec_level)
1234 hcon->pending_sec_level = sec_level;
1236 if (hcon->role == HCI_ROLE_MASTER)
1237 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
1240 l2cap_chan_lock(chan);
1242 /* If SMP is already in progress ignore this request */
1248 smp = smp_chan_create(conn);
1254 authreq = seclevel_to_authreq(sec_level);
1256 /* Require MITM if IO Capability allows or the security level
1259 if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
1260 hcon->pending_sec_level > BT_SECURITY_MEDIUM)
1261 authreq |= SMP_AUTH_MITM;
1263 if (hcon->role == HCI_ROLE_MASTER) {
1264 struct smp_cmd_pairing cp;
1266 build_pairing_cmd(conn, &cp, NULL, authreq);
1267 smp->preq[0] = SMP_CMD_PAIRING_REQ;
1268 memcpy(&smp->preq[1], &cp, sizeof(cp));
1270 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
1271 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
1273 struct smp_cmd_security_req cp;
1274 cp.auth_req = authreq;
1275 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
1276 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
1279 set_bit(SMP_FLAG_INITIATOR, &smp->flags);
1283 l2cap_chan_unlock(chan);
1287 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
1289 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
1290 struct l2cap_chan *chan = conn->smp;
1291 struct smp_chan *smp = chan->data;
1293 BT_DBG("conn %p", conn);
1295 if (skb->len < sizeof(*rp))
1296 return SMP_INVALID_PARAMS;
1298 SMP_ALLOW_CMD(smp, SMP_CMD_MASTER_IDENT);
1300 skb_pull(skb, sizeof(*rp));
1302 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
1307 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
1309 struct smp_cmd_master_ident *rp = (void *) skb->data;
1310 struct l2cap_chan *chan = conn->smp;
1311 struct smp_chan *smp = chan->data;
1312 struct hci_dev *hdev = conn->hcon->hdev;
1313 struct hci_conn *hcon = conn->hcon;
1314 struct smp_ltk *ltk;
1317 BT_DBG("conn %p", conn);
1319 if (skb->len < sizeof(*rp))
1320 return SMP_INVALID_PARAMS;
1322 /* Mark the information as received */
1323 smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
1325 if (smp->remote_key_dist & SMP_DIST_ID_KEY)
1326 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_INFO);
1327 else if (smp->remote_key_dist & SMP_DIST_SIGN)
1328 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1330 skb_pull(skb, sizeof(*rp));
1333 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
1334 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, SMP_LTK,
1335 authenticated, smp->tk, smp->enc_key_size,
1336 rp->ediv, rp->rand);
1338 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1339 smp_distribute_keys(smp);
1340 hci_dev_unlock(hdev);
1345 static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
1347 struct smp_cmd_ident_info *info = (void *) skb->data;
1348 struct l2cap_chan *chan = conn->smp;
1349 struct smp_chan *smp = chan->data;
1353 if (skb->len < sizeof(*info))
1354 return SMP_INVALID_PARAMS;
1356 SMP_ALLOW_CMD(smp, SMP_CMD_IDENT_ADDR_INFO);
1358 skb_pull(skb, sizeof(*info));
1360 memcpy(smp->irk, info->irk, 16);
1365 static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
1366 struct sk_buff *skb)
1368 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
1369 struct l2cap_chan *chan = conn->smp;
1370 struct smp_chan *smp = chan->data;
1371 struct hci_conn *hcon = conn->hcon;
1376 if (skb->len < sizeof(*info))
1377 return SMP_INVALID_PARAMS;
1379 /* Mark the information as received */
1380 smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
1382 if (smp->remote_key_dist & SMP_DIST_SIGN)
1383 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
1385 skb_pull(skb, sizeof(*info));
1387 hci_dev_lock(hcon->hdev);
1389 /* Strictly speaking the Core Specification (4.1) allows sending
1390 * an empty address which would force us to rely on just the IRK
1391 * as "identity information". However, since such
1392 * implementations are not known of and in order to not over
1393 * complicate our implementation, simply pretend that we never
1394 * received an IRK for such a device.
1396 if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
1397 BT_ERR("Ignoring IRK with no identity address");
1401 bacpy(&smp->id_addr, &info->bdaddr);
1402 smp->id_addr_type = info->addr_type;
1404 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
1405 bacpy(&rpa, &hcon->dst);
1407 bacpy(&rpa, BDADDR_ANY);
1409 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
1410 smp->id_addr_type, smp->irk, &rpa);
1413 if (!(smp->remote_key_dist & KEY_DIST_MASK))
1414 smp_distribute_keys(smp);
1416 hci_dev_unlock(hcon->hdev);
1421 static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1423 struct smp_cmd_sign_info *rp = (void *) skb->data;
1424 struct l2cap_chan *chan = conn->smp;
1425 struct smp_chan *smp = chan->data;
1426 struct hci_dev *hdev = conn->hcon->hdev;
1427 struct smp_csrk *csrk;
1429 BT_DBG("conn %p", conn);
1431 if (skb->len < sizeof(*rp))
1432 return SMP_INVALID_PARAMS;
1434 /* Mark the information as received */
1435 smp->remote_key_dist &= ~SMP_DIST_SIGN;
1437 skb_pull(skb, sizeof(*rp));
1440 csrk = kzalloc(sizeof(*csrk), GFP_KERNEL);
1442 csrk->master = 0x01;
1443 memcpy(csrk->val, rp->csrk, sizeof(csrk->val));
1446 smp_distribute_keys(smp);
1447 hci_dev_unlock(hdev);
1452 static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1454 struct l2cap_conn *conn = chan->conn;
1455 struct hci_conn *hcon = conn->hcon;
1456 struct smp_chan *smp;
1460 if (hcon->type != LE_LINK) {
1468 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) {
1469 reason = SMP_PAIRING_NOTSUPP;
1473 code = skb->data[0];
1474 skb_pull(skb, sizeof(code));
1478 if (code > SMP_CMD_MAX)
1481 if (smp && !test_and_clear_bit(code, &smp->allow_cmd))
1484 /* If we don't have a context the only allowed commands are
1485 * pairing request and security request.
1487 if (!smp && code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ)
1491 case SMP_CMD_PAIRING_REQ:
1492 reason = smp_cmd_pairing_req(conn, skb);
1495 case SMP_CMD_PAIRING_FAIL:
1496 smp_failure(conn, 0);
1500 case SMP_CMD_PAIRING_RSP:
1501 reason = smp_cmd_pairing_rsp(conn, skb);
1504 case SMP_CMD_SECURITY_REQ:
1505 reason = smp_cmd_security_req(conn, skb);
1508 case SMP_CMD_PAIRING_CONFIRM:
1509 reason = smp_cmd_pairing_confirm(conn, skb);
1512 case SMP_CMD_PAIRING_RANDOM:
1513 reason = smp_cmd_pairing_random(conn, skb);
1516 case SMP_CMD_ENCRYPT_INFO:
1517 reason = smp_cmd_encrypt_info(conn, skb);
1520 case SMP_CMD_MASTER_IDENT:
1521 reason = smp_cmd_master_ident(conn, skb);
1524 case SMP_CMD_IDENT_INFO:
1525 reason = smp_cmd_ident_info(conn, skb);
1528 case SMP_CMD_IDENT_ADDR_INFO:
1529 reason = smp_cmd_ident_addr_info(conn, skb);
1532 case SMP_CMD_SIGN_INFO:
1533 reason = smp_cmd_sign_info(conn, skb);
1537 BT_DBG("Unknown command code 0x%2.2x", code);
1538 reason = SMP_CMD_NOTSUPP;
1545 smp_failure(conn, reason);
1552 BT_ERR("%s unexpected SMP command 0x%02x from %pMR", hcon->hdev->name,
1558 static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1560 struct l2cap_conn *conn = chan->conn;
1562 BT_DBG("chan %p", chan);
1565 smp_chan_destroy(conn);
1568 l2cap_chan_put(chan);
1571 static void smp_resume_cb(struct l2cap_chan *chan)
1573 struct smp_chan *smp = chan->data;
1574 struct l2cap_conn *conn = chan->conn;
1575 struct hci_conn *hcon = conn->hcon;
1577 BT_DBG("chan %p", chan);
1582 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
1585 cancel_delayed_work(&smp->security_timer);
1587 smp_distribute_keys(smp);
1590 static void smp_ready_cb(struct l2cap_chan *chan)
1592 struct l2cap_conn *conn = chan->conn;
1594 BT_DBG("chan %p", chan);
1597 l2cap_chan_hold(chan);
1600 static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1604 BT_DBG("chan %p", chan);
1606 err = smp_sig_channel(chan, skb);
1608 struct smp_chan *smp = chan->data;
1611 cancel_delayed_work_sync(&smp->security_timer);
1613 hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
1619 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
1620 unsigned long hdr_len,
1621 unsigned long len, int nb)
1623 struct sk_buff *skb;
1625 skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL);
1627 return ERR_PTR(-ENOMEM);
1629 skb->priority = HCI_PRIO_MAX;
1630 bt_cb(skb)->chan = chan;
1635 static const struct l2cap_ops smp_chan_ops = {
1636 .name = "Security Manager",
1637 .ready = smp_ready_cb,
1638 .recv = smp_recv_cb,
1639 .alloc_skb = smp_alloc_skb_cb,
1640 .teardown = smp_teardown_cb,
1641 .resume = smp_resume_cb,
1643 .new_connection = l2cap_chan_no_new_connection,
1644 .state_change = l2cap_chan_no_state_change,
1645 .close = l2cap_chan_no_close,
1646 .defer = l2cap_chan_no_defer,
1647 .suspend = l2cap_chan_no_suspend,
1648 .set_shutdown = l2cap_chan_no_set_shutdown,
1649 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1650 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1653 static inline struct l2cap_chan *smp_new_conn_cb(struct l2cap_chan *pchan)
1655 struct l2cap_chan *chan;
1657 BT_DBG("pchan %p", pchan);
1659 chan = l2cap_chan_create();
1663 chan->chan_type = pchan->chan_type;
1664 chan->ops = &smp_chan_ops;
1665 chan->scid = pchan->scid;
1666 chan->dcid = chan->scid;
1667 chan->imtu = pchan->imtu;
1668 chan->omtu = pchan->omtu;
1669 chan->mode = pchan->mode;
1671 BT_DBG("created chan %p", chan);
1676 static const struct l2cap_ops smp_root_chan_ops = {
1677 .name = "Security Manager Root",
1678 .new_connection = smp_new_conn_cb,
1680 /* None of these are implemented for the root channel */
1681 .close = l2cap_chan_no_close,
1682 .alloc_skb = l2cap_chan_no_alloc_skb,
1683 .recv = l2cap_chan_no_recv,
1684 .state_change = l2cap_chan_no_state_change,
1685 .teardown = l2cap_chan_no_teardown,
1686 .ready = l2cap_chan_no_ready,
1687 .defer = l2cap_chan_no_defer,
1688 .suspend = l2cap_chan_no_suspend,
1689 .resume = l2cap_chan_no_resume,
1690 .set_shutdown = l2cap_chan_no_set_shutdown,
1691 .get_sndtimeo = l2cap_chan_no_get_sndtimeo,
1692 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1695 int smp_register(struct hci_dev *hdev)
1697 struct l2cap_chan *chan;
1698 struct crypto_blkcipher *tfm_aes;
1700 BT_DBG("%s", hdev->name);
1702 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1703 if (IS_ERR(tfm_aes)) {
1704 int err = PTR_ERR(tfm_aes);
1705 BT_ERR("Unable to create crypto context");
1709 chan = l2cap_chan_create();
1711 crypto_free_blkcipher(tfm_aes);
1715 chan->data = tfm_aes;
1717 l2cap_add_scid(chan, L2CAP_CID_SMP);
1719 l2cap_chan_set_defaults(chan);
1721 bacpy(&chan->src, &hdev->bdaddr);
1722 chan->src_type = BDADDR_LE_PUBLIC;
1723 chan->state = BT_LISTEN;
1724 chan->mode = L2CAP_MODE_BASIC;
1725 chan->imtu = L2CAP_DEFAULT_MTU;
1726 chan->ops = &smp_root_chan_ops;
1728 hdev->smp_data = chan;
1733 void smp_unregister(struct hci_dev *hdev)
1735 struct l2cap_chan *chan = hdev->smp_data;
1736 struct crypto_blkcipher *tfm_aes;
1741 BT_DBG("%s chan %p", hdev->name, chan);
1743 tfm_aes = chan->data;
1746 crypto_free_blkcipher(tfm_aes);
1749 hdev->smp_data = NULL;
1750 l2cap_chan_put(chan);