Merge remote-tracking branch 'moduleh/module.h-split'
[linux-2.6/next.git] / net / bluetooth / smp.c
blobf0c67f62a08e36c149b5f8ab4f5533c9ab3a0b95
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
29 #include <crypto/b128ops.h>
31 #define SMP_TIMEOUT 30000 /* 30 seconds */
33 static inline void swap128(u8 src[16], u8 dst[16])
35 int i;
36 for (i = 0; i < 16; i++)
37 dst[15 - i] = src[i];
40 static inline void swap56(u8 src[7], u8 dst[7])
42 int i;
43 for (i = 0; i < 7; i++)
44 dst[6 - i] = src[i];
47 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
49 struct blkcipher_desc desc;
50 struct scatterlist sg;
51 int err, iv_len;
52 unsigned char iv[128];
54 if (tfm == NULL) {
55 BT_ERR("tfm %p", tfm);
56 return -EINVAL;
59 desc.tfm = tfm;
60 desc.flags = 0;
62 err = crypto_blkcipher_setkey(tfm, k, 16);
63 if (err) {
64 BT_ERR("cipher setkey failed: %d", err);
65 return err;
68 sg_init_one(&sg, r, 16);
70 iv_len = crypto_blkcipher_ivsize(tfm);
71 if (iv_len) {
72 memset(&iv, 0xff, iv_len);
73 crypto_blkcipher_set_iv(tfm, iv, iv_len);
76 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
77 if (err)
78 BT_ERR("Encrypt data error %d", err);
80 return err;
83 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
84 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
85 u8 _rat, bdaddr_t *ra, u8 res[16])
87 u8 p1[16], p2[16];
88 int err;
90 memset(p1, 0, 16);
92 /* p1 = pres || preq || _rat || _iat */
93 swap56(pres, p1);
94 swap56(preq, p1 + 7);
95 p1[14] = _rat;
96 p1[15] = _iat;
98 memset(p2, 0, 16);
100 /* p2 = padding || ia || ra */
101 baswap((bdaddr_t *) (p2 + 4), ia);
102 baswap((bdaddr_t *) (p2 + 10), ra);
104 /* res = r XOR p1 */
105 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
107 /* res = e(k, res) */
108 err = smp_e(tfm, k, res);
109 if (err) {
110 BT_ERR("Encrypt data error");
111 return err;
114 /* res = res XOR p2 */
115 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
117 /* res = e(k, res) */
118 err = smp_e(tfm, k, res);
119 if (err)
120 BT_ERR("Encrypt data error");
122 return err;
125 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
126 u8 r1[16], u8 r2[16], u8 _r[16])
128 int err;
130 /* Just least significant octets from r1 and r2 are considered */
131 memcpy(_r, r1 + 8, 8);
132 memcpy(_r + 8, r2 + 8, 8);
134 err = smp_e(tfm, k, _r);
135 if (err)
136 BT_ERR("Encrypt data error");
138 return err;
141 static int smp_rand(u8 *buf)
143 get_random_bytes(buf, 16);
145 return 0;
148 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
149 u16 dlen, void *data)
151 struct sk_buff *skb;
152 struct l2cap_hdr *lh;
153 int len;
155 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
157 if (len > conn->mtu)
158 return NULL;
160 skb = bt_skb_alloc(len, GFP_ATOMIC);
161 if (!skb)
162 return NULL;
164 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
165 lh->len = cpu_to_le16(sizeof(code) + dlen);
166 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
168 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
170 memcpy(skb_put(skb, dlen), data, dlen);
172 return skb;
175 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
177 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
179 BT_DBG("code 0x%2.2x", code);
181 if (!skb)
182 return;
184 hci_send_acl(conn->hcon, skb, 0);
186 mod_timer(&conn->security_timer, jiffies +
187 msecs_to_jiffies(SMP_TIMEOUT));
190 static __u8 seclevel_to_authreq(__u8 level)
192 switch (level) {
193 case BT_SECURITY_HIGH:
194 /* Right now we don't support bonding */
195 return SMP_AUTH_MITM;
197 default:
198 return SMP_AUTH_NONE;
202 static void build_pairing_cmd(struct l2cap_conn *conn,
203 struct smp_cmd_pairing *req,
204 struct smp_cmd_pairing *rsp,
205 __u8 authreq)
207 u8 dist_keys;
209 dist_keys = 0;
210 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
211 dist_keys = SMP_DIST_ENC_KEY | SMP_DIST_ID_KEY | SMP_DIST_SIGN;
212 authreq |= SMP_AUTH_BONDING;
215 if (rsp == NULL) {
216 req->io_capability = conn->hcon->io_capability;
217 req->oob_flag = SMP_OOB_NOT_PRESENT;
218 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
219 req->init_key_dist = dist_keys;
220 req->resp_key_dist = dist_keys;
221 req->auth_req = authreq;
222 return;
225 rsp->io_capability = conn->hcon->io_capability;
226 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
227 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
228 rsp->init_key_dist = req->init_key_dist & dist_keys;
229 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
230 rsp->auth_req = authreq;
233 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
235 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
236 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
237 return SMP_ENC_KEY_SIZE;
239 conn->smp_key_size = max_key_size;
241 return 0;
244 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
246 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
247 u8 key_size;
249 BT_DBG("conn %p", conn);
251 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
252 hci_conn_hold(conn->hcon);
254 conn->preq[0] = SMP_CMD_PAIRING_REQ;
255 memcpy(&conn->preq[1], req, sizeof(*req));
256 skb_pull(skb, sizeof(*req));
258 if (req->oob_flag)
259 return SMP_OOB_NOT_AVAIL;
261 /* We didn't start the pairing, so no requirements */
262 build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
264 key_size = min(req->max_key_size, rsp.max_key_size);
265 if (check_enc_key_size(conn, key_size))
266 return SMP_ENC_KEY_SIZE;
268 /* Just works */
269 memset(conn->tk, 0, sizeof(conn->tk));
271 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
272 memcpy(&conn->prsp[1], &rsp, sizeof(rsp));
274 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
276 return 0;
279 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
281 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
282 struct smp_cmd_pairing_confirm cp;
283 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
284 int ret;
285 u8 res[16], key_size;
287 BT_DBG("conn %p", conn);
289 skb_pull(skb, sizeof(*rsp));
291 req = (void *) &conn->preq[1];
293 key_size = min(req->max_key_size, rsp->max_key_size);
294 if (check_enc_key_size(conn, key_size))
295 return SMP_ENC_KEY_SIZE;
297 if (rsp->oob_flag)
298 return SMP_OOB_NOT_AVAIL;
300 /* Just works */
301 memset(conn->tk, 0, sizeof(conn->tk));
303 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
304 memcpy(&conn->prsp[1], rsp, sizeof(*rsp));
306 ret = smp_rand(conn->prnd);
307 if (ret)
308 return SMP_UNSPECIFIED;
310 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0,
311 conn->src, conn->hcon->dst_type, conn->dst, res);
312 if (ret)
313 return SMP_UNSPECIFIED;
315 swap128(res, cp.confirm_val);
317 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
319 return 0;
322 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
324 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
326 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
328 memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf));
329 skb_pull(skb, sizeof(conn->pcnf));
331 if (conn->hcon->out) {
332 u8 random[16];
334 swap128(conn->prnd, random);
335 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
336 random);
337 } else {
338 struct smp_cmd_pairing_confirm cp;
339 int ret;
340 u8 res[16];
342 ret = smp_rand(conn->prnd);
343 if (ret)
344 return SMP_UNSPECIFIED;
346 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp,
347 conn->hcon->dst_type, conn->dst,
348 0, conn->src, res);
349 if (ret)
350 return SMP_CONFIRM_FAILED;
352 swap128(res, cp.confirm_val);
354 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
357 return 0;
360 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
362 struct hci_conn *hcon = conn->hcon;
363 struct crypto_blkcipher *tfm = hcon->hdev->tfm;
364 int ret;
365 u8 key[16], res[16], random[16], confirm[16];
367 swap128(skb->data, random);
368 skb_pull(skb, sizeof(random));
370 if (conn->hcon->out)
371 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0,
372 conn->src, conn->hcon->dst_type, conn->dst,
373 res);
374 else
375 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp,
376 conn->hcon->dst_type, conn->dst, 0, conn->src,
377 res);
378 if (ret)
379 return SMP_UNSPECIFIED;
381 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
383 swap128(res, confirm);
385 if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) {
386 BT_ERR("Pairing failed (confirmation values mismatch)");
387 return SMP_CONFIRM_FAILED;
390 if (conn->hcon->out) {
391 u8 stk[16], rand[8];
392 __le16 ediv;
394 memset(rand, 0, sizeof(rand));
395 ediv = 0;
397 smp_s1(tfm, conn->tk, random, conn->prnd, key);
398 swap128(key, stk);
400 memset(stk + conn->smp_key_size, 0,
401 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
403 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
404 return SMP_UNSPECIFIED;
406 hci_le_start_enc(hcon, ediv, rand, stk);
407 hcon->enc_key_size = conn->smp_key_size;
408 } else {
409 u8 stk[16], r[16], rand[8];
410 __le16 ediv;
412 memset(rand, 0, sizeof(rand));
413 ediv = 0;
415 swap128(conn->prnd, r);
416 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
418 smp_s1(tfm, conn->tk, conn->prnd, random, key);
419 swap128(key, stk);
421 memset(stk + conn->smp_key_size, 0,
422 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
424 hci_add_ltk(conn->hcon->hdev, 0, conn->dst, conn->smp_key_size,
425 ediv, rand, stk);
428 return 0;
431 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
433 struct smp_cmd_security_req *rp = (void *) skb->data;
434 struct smp_cmd_pairing cp;
435 struct hci_conn *hcon = conn->hcon;
437 BT_DBG("conn %p", conn);
439 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
440 return 0;
442 hci_conn_hold(hcon);
444 skb_pull(skb, sizeof(*rp));
446 memset(&cp, 0, sizeof(cp));
447 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
449 conn->preq[0] = SMP_CMD_PAIRING_REQ;
450 memcpy(&conn->preq[1], &cp, sizeof(cp));
452 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
454 return 0;
457 int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
459 struct hci_conn *hcon = conn->hcon;
460 __u8 authreq;
462 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
464 if (!lmp_host_le_capable(hcon->hdev))
465 return 1;
467 if (IS_ERR(hcon->hdev->tfm))
468 return 1;
470 if (sec_level == BT_SECURITY_LOW)
471 return 1;
473 if (hcon->sec_level >= sec_level)
474 return 1;
476 if (hcon->link_mode & HCI_LM_MASTER) {
477 struct link_key *key;
479 key = hci_find_link_key_type(hcon->hdev, conn->dst,
480 HCI_LK_SMP_LTK);
481 if (key) {
482 struct key_master_id *master = (void *) key->data;
484 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND,
485 &hcon->pend))
486 goto done;
488 hci_le_start_enc(hcon, master->ediv, master->rand,
489 key->val);
490 hcon->enc_key_size = key->pin_len;
492 goto done;
496 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend))
497 return 0;
499 /* While SMP is going on */
500 hci_conn_hold(hcon);
502 authreq = seclevel_to_authreq(sec_level);
504 if (hcon->link_mode & HCI_LM_MASTER) {
505 struct smp_cmd_pairing cp;
507 build_pairing_cmd(conn, &cp, NULL, authreq);
508 conn->preq[0] = SMP_CMD_PAIRING_REQ;
509 memcpy(&conn->preq[1], &cp, sizeof(cp));
511 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
512 } else {
513 struct smp_cmd_security_req cp;
514 cp.auth_req = authreq;
515 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
518 done:
519 hcon->pending_sec_level = sec_level;
521 return 0;
524 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
526 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
528 skb_pull(skb, sizeof(*rp));
530 memcpy(conn->tk, rp->ltk, sizeof(conn->tk));
532 return 0;
535 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
537 struct smp_cmd_master_ident *rp = (void *) skb->data;
539 skb_pull(skb, sizeof(*rp));
541 hci_add_ltk(conn->hcon->hdev, 1, conn->src, conn->smp_key_size,
542 rp->ediv, rp->rand, conn->tk);
544 smp_distribute_keys(conn, 1);
546 return 0;
549 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
551 __u8 code = skb->data[0];
552 __u8 reason;
553 int err = 0;
555 if (!lmp_host_le_capable(conn->hcon->hdev)) {
556 err = -ENOTSUPP;
557 reason = SMP_PAIRING_NOTSUPP;
558 goto done;
561 if (IS_ERR(conn->hcon->hdev->tfm)) {
562 err = PTR_ERR(conn->hcon->hdev->tfm);
563 reason = SMP_PAIRING_NOTSUPP;
564 goto done;
567 skb_pull(skb, sizeof(code));
569 switch (code) {
570 case SMP_CMD_PAIRING_REQ:
571 reason = smp_cmd_pairing_req(conn, skb);
572 break;
574 case SMP_CMD_PAIRING_FAIL:
575 reason = 0;
576 err = -EPERM;
577 break;
579 case SMP_CMD_PAIRING_RSP:
580 reason = smp_cmd_pairing_rsp(conn, skb);
581 break;
583 case SMP_CMD_SECURITY_REQ:
584 reason = smp_cmd_security_req(conn, skb);
585 break;
587 case SMP_CMD_PAIRING_CONFIRM:
588 reason = smp_cmd_pairing_confirm(conn, skb);
589 break;
591 case SMP_CMD_PAIRING_RANDOM:
592 reason = smp_cmd_pairing_random(conn, skb);
593 break;
595 case SMP_CMD_ENCRYPT_INFO:
596 reason = smp_cmd_encrypt_info(conn, skb);
597 break;
599 case SMP_CMD_MASTER_IDENT:
600 reason = smp_cmd_master_ident(conn, skb);
601 break;
603 case SMP_CMD_IDENT_INFO:
604 case SMP_CMD_IDENT_ADDR_INFO:
605 case SMP_CMD_SIGN_INFO:
606 /* Just ignored */
607 reason = 0;
608 break;
610 default:
611 BT_DBG("Unknown command code 0x%2.2x", code);
613 reason = SMP_CMD_NOTSUPP;
614 err = -EOPNOTSUPP;
615 goto done;
618 done:
619 if (reason)
620 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
621 &reason);
623 kfree_skb(skb);
624 return err;
627 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
629 struct smp_cmd_pairing *req, *rsp;
630 __u8 *keydist;
632 BT_DBG("conn %p force %d", conn, force);
634 if (IS_ERR(conn->hcon->hdev->tfm))
635 return PTR_ERR(conn->hcon->hdev->tfm);
637 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
638 return 0;
640 rsp = (void *) &conn->prsp[1];
642 /* The responder sends its keys first */
643 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
644 return 0;
646 req = (void *) &conn->preq[1];
648 if (conn->hcon->out) {
649 keydist = &rsp->init_key_dist;
650 *keydist &= req->init_key_dist;
651 } else {
652 keydist = &rsp->resp_key_dist;
653 *keydist &= req->resp_key_dist;
657 BT_DBG("keydist 0x%x", *keydist);
659 if (*keydist & SMP_DIST_ENC_KEY) {
660 struct smp_cmd_encrypt_info enc;
661 struct smp_cmd_master_ident ident;
662 __le16 ediv;
664 get_random_bytes(enc.ltk, sizeof(enc.ltk));
665 get_random_bytes(&ediv, sizeof(ediv));
666 get_random_bytes(ident.rand, sizeof(ident.rand));
668 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
670 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, conn->smp_key_size,
671 ediv, ident.rand, enc.ltk);
673 ident.ediv = cpu_to_le16(ediv);
675 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
677 *keydist &= ~SMP_DIST_ENC_KEY;
680 if (*keydist & SMP_DIST_ID_KEY) {
681 struct smp_cmd_ident_addr_info addrinfo;
682 struct smp_cmd_ident_info idinfo;
684 /* Send a dummy key */
685 get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
687 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
689 /* Just public address */
690 memset(&addrinfo, 0, sizeof(addrinfo));
691 bacpy(&addrinfo.bdaddr, conn->src);
693 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
694 &addrinfo);
696 *keydist &= ~SMP_DIST_ID_KEY;
699 if (*keydist & SMP_DIST_SIGN) {
700 struct smp_cmd_sign_info sign;
702 /* Send a dummy key */
703 get_random_bytes(sign.csrk, sizeof(sign.csrk));
705 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
707 *keydist &= ~SMP_DIST_SIGN;
710 if (conn->hcon->out || force) {
711 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend);
712 del_timer(&conn->security_timer);
713 hci_conn_put(conn->hcon);
716 return 0;