nfsd4: typo logical vs bitwise negate for want_mask
[linux-btrfs-devel.git] / net / bluetooth / smp.c
blob391888b88a929bdcb93166b0d3ed2c1ae1e3d7f3
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
29 #include <crypto/b128ops.h>
31 #define SMP_TIMEOUT 30000 /* 30 seconds */
33 static inline void swap128(u8 src[16], u8 dst[16])
35 int i;
36 for (i = 0; i < 16; i++)
37 dst[15 - i] = src[i];
40 static inline void swap56(u8 src[7], u8 dst[7])
42 int i;
43 for (i = 0; i < 7; i++)
44 dst[6 - i] = src[i];
47 static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
49 struct blkcipher_desc desc;
50 struct scatterlist sg;
51 int err, iv_len;
52 unsigned char iv[128];
54 if (tfm == NULL) {
55 BT_ERR("tfm %p", tfm);
56 return -EINVAL;
59 desc.tfm = tfm;
60 desc.flags = 0;
62 err = crypto_blkcipher_setkey(tfm, k, 16);
63 if (err) {
64 BT_ERR("cipher setkey failed: %d", err);
65 return err;
68 sg_init_one(&sg, r, 16);
70 iv_len = crypto_blkcipher_ivsize(tfm);
71 if (iv_len) {
72 memset(&iv, 0xff, iv_len);
73 crypto_blkcipher_set_iv(tfm, iv, iv_len);
76 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
77 if (err)
78 BT_ERR("Encrypt data error %d", err);
80 return err;
83 static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
84 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
85 u8 _rat, bdaddr_t *ra, u8 res[16])
87 u8 p1[16], p2[16];
88 int err;
90 memset(p1, 0, 16);
92 /* p1 = pres || preq || _rat || _iat */
93 swap56(pres, p1);
94 swap56(preq, p1 + 7);
95 p1[14] = _rat;
96 p1[15] = _iat;
98 memset(p2, 0, 16);
100 /* p2 = padding || ia || ra */
101 baswap((bdaddr_t *) (p2 + 4), ia);
102 baswap((bdaddr_t *) (p2 + 10), ra);
104 /* res = r XOR p1 */
105 u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);
107 /* res = e(k, res) */
108 err = smp_e(tfm, k, res);
109 if (err) {
110 BT_ERR("Encrypt data error");
111 return err;
114 /* res = res XOR p2 */
115 u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);
117 /* res = e(k, res) */
118 err = smp_e(tfm, k, res);
119 if (err)
120 BT_ERR("Encrypt data error");
122 return err;
125 static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
126 u8 r1[16], u8 r2[16], u8 _r[16])
128 int err;
130 /* Just least significant octets from r1 and r2 are considered */
131 memcpy(_r, r1 + 8, 8);
132 memcpy(_r + 8, r2 + 8, 8);
134 err = smp_e(tfm, k, _r);
135 if (err)
136 BT_ERR("Encrypt data error");
138 return err;
141 static int smp_rand(u8 *buf)
143 get_random_bytes(buf, 16);
145 return 0;
148 static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
149 u16 dlen, void *data)
151 struct sk_buff *skb;
152 struct l2cap_hdr *lh;
153 int len;
155 len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
157 if (len > conn->mtu)
158 return NULL;
160 skb = bt_skb_alloc(len, GFP_ATOMIC);
161 if (!skb)
162 return NULL;
164 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
165 lh->len = cpu_to_le16(sizeof(code) + dlen);
166 lh->cid = cpu_to_le16(L2CAP_CID_SMP);
168 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
170 memcpy(skb_put(skb, dlen), data, dlen);
172 return skb;
175 static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
177 struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
179 BT_DBG("code 0x%2.2x", code);
181 if (!skb)
182 return;
184 hci_send_acl(conn->hcon, skb, 0);
187 static __u8 seclevel_to_authreq(__u8 level)
189 switch (level) {
190 case BT_SECURITY_HIGH:
191 /* Right now we don't support bonding */
192 return SMP_AUTH_MITM;
194 default:
195 return SMP_AUTH_NONE;
199 static void build_pairing_cmd(struct l2cap_conn *conn,
200 struct smp_cmd_pairing *req,
201 struct smp_cmd_pairing *rsp,
202 __u8 authreq)
204 u8 dist_keys;
206 dist_keys = 0;
207 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
208 dist_keys = SMP_DIST_ENC_KEY | SMP_DIST_ID_KEY | SMP_DIST_SIGN;
209 authreq |= SMP_AUTH_BONDING;
212 if (rsp == NULL) {
213 req->io_capability = conn->hcon->io_capability;
214 req->oob_flag = SMP_OOB_NOT_PRESENT;
215 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
216 req->init_key_dist = dist_keys;
217 req->resp_key_dist = dist_keys;
218 req->auth_req = authreq;
219 return;
222 rsp->io_capability = conn->hcon->io_capability;
223 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
224 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
225 rsp->init_key_dist = req->init_key_dist & dist_keys;
226 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
227 rsp->auth_req = authreq;
230 static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
232 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
233 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
234 return SMP_ENC_KEY_SIZE;
236 conn->smp_key_size = max_key_size;
238 return 0;
241 static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
243 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
244 u8 key_size;
246 BT_DBG("conn %p", conn);
248 conn->preq[0] = SMP_CMD_PAIRING_REQ;
249 memcpy(&conn->preq[1], req, sizeof(*req));
250 skb_pull(skb, sizeof(*req));
252 if (req->oob_flag)
253 return SMP_OOB_NOT_AVAIL;
255 /* We didn't start the pairing, so no requirements */
256 build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
258 key_size = min(req->max_key_size, rsp.max_key_size);
259 if (check_enc_key_size(conn, key_size))
260 return SMP_ENC_KEY_SIZE;
262 /* Just works */
263 memset(conn->tk, 0, sizeof(conn->tk));
265 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
266 memcpy(&conn->prsp[1], &rsp, sizeof(rsp));
268 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
270 mod_timer(&conn->security_timer, jiffies +
271 msecs_to_jiffies(SMP_TIMEOUT));
273 return 0;
276 static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
278 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
279 struct smp_cmd_pairing_confirm cp;
280 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
281 int ret;
282 u8 res[16], key_size;
284 BT_DBG("conn %p", conn);
286 skb_pull(skb, sizeof(*rsp));
288 req = (void *) &conn->preq[1];
290 key_size = min(req->max_key_size, rsp->max_key_size);
291 if (check_enc_key_size(conn, key_size))
292 return SMP_ENC_KEY_SIZE;
294 if (rsp->oob_flag)
295 return SMP_OOB_NOT_AVAIL;
297 /* Just works */
298 memset(conn->tk, 0, sizeof(conn->tk));
300 conn->prsp[0] = SMP_CMD_PAIRING_RSP;
301 memcpy(&conn->prsp[1], rsp, sizeof(*rsp));
303 ret = smp_rand(conn->prnd);
304 if (ret)
305 return SMP_UNSPECIFIED;
307 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0,
308 conn->src, conn->hcon->dst_type, conn->dst, res);
309 if (ret)
310 return SMP_UNSPECIFIED;
312 swap128(res, cp.confirm_val);
314 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
316 return 0;
319 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
321 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
323 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
325 memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf));
326 skb_pull(skb, sizeof(conn->pcnf));
328 if (conn->hcon->out) {
329 u8 random[16];
331 swap128(conn->prnd, random);
332 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
333 random);
334 } else {
335 struct smp_cmd_pairing_confirm cp;
336 int ret;
337 u8 res[16];
339 ret = smp_rand(conn->prnd);
340 if (ret)
341 return SMP_UNSPECIFIED;
343 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp,
344 conn->hcon->dst_type, conn->dst,
345 0, conn->src, res);
346 if (ret)
347 return SMP_CONFIRM_FAILED;
349 swap128(res, cp.confirm_val);
351 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
354 mod_timer(&conn->security_timer, jiffies +
355 msecs_to_jiffies(SMP_TIMEOUT));
357 return 0;
360 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
362 struct hci_conn *hcon = conn->hcon;
363 struct crypto_blkcipher *tfm = hcon->hdev->tfm;
364 int ret;
365 u8 key[16], res[16], random[16], confirm[16];
367 swap128(skb->data, random);
368 skb_pull(skb, sizeof(random));
370 if (conn->hcon->out)
371 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0,
372 conn->src, conn->hcon->dst_type, conn->dst,
373 res);
374 else
375 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp,
376 conn->hcon->dst_type, conn->dst, 0, conn->src,
377 res);
378 if (ret)
379 return SMP_UNSPECIFIED;
381 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
383 swap128(res, confirm);
385 if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) {
386 BT_ERR("Pairing failed (confirmation values mismatch)");
387 return SMP_CONFIRM_FAILED;
390 if (conn->hcon->out) {
391 u8 stk[16], rand[8];
392 __le16 ediv;
394 memset(rand, 0, sizeof(rand));
395 ediv = 0;
397 smp_s1(tfm, conn->tk, random, conn->prnd, key);
398 swap128(key, stk);
400 memset(stk + conn->smp_key_size, 0,
401 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
403 hci_le_start_enc(hcon, ediv, rand, stk);
404 hcon->enc_key_size = conn->smp_key_size;
405 } else {
406 u8 stk[16], r[16], rand[8];
407 __le16 ediv;
409 memset(rand, 0, sizeof(rand));
410 ediv = 0;
412 swap128(conn->prnd, r);
413 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
415 smp_s1(tfm, conn->tk, conn->prnd, random, key);
416 swap128(key, stk);
418 memset(stk + conn->smp_key_size, 0,
419 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
421 hci_add_ltk(conn->hcon->hdev, 0, conn->dst, conn->smp_key_size,
422 ediv, rand, stk);
425 return 0;
428 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
430 struct smp_cmd_security_req *rp = (void *) skb->data;
431 struct smp_cmd_pairing cp;
432 struct hci_conn *hcon = conn->hcon;
434 BT_DBG("conn %p", conn);
436 if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
437 return 0;
439 skb_pull(skb, sizeof(*rp));
441 memset(&cp, 0, sizeof(cp));
442 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
444 conn->preq[0] = SMP_CMD_PAIRING_REQ;
445 memcpy(&conn->preq[1], &cp, sizeof(cp));
447 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
449 mod_timer(&conn->security_timer, jiffies +
450 msecs_to_jiffies(SMP_TIMEOUT));
452 set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
454 return 0;
457 int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
459 struct hci_conn *hcon = conn->hcon;
460 __u8 authreq;
462 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
464 if (!lmp_host_le_capable(hcon->hdev))
465 return 1;
467 if (IS_ERR(hcon->hdev->tfm))
468 return 1;
470 if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
471 return 0;
473 if (sec_level == BT_SECURITY_LOW)
474 return 1;
476 if (hcon->sec_level >= sec_level)
477 return 1;
479 authreq = seclevel_to_authreq(sec_level);
481 if (hcon->link_mode & HCI_LM_MASTER) {
482 struct smp_cmd_pairing cp;
483 struct link_key *key;
485 key = hci_find_link_key_type(hcon->hdev, conn->dst,
486 HCI_LK_SMP_LTK);
487 if (key) {
488 struct key_master_id *master = (void *) key->data;
490 hci_le_start_enc(hcon, master->ediv, master->rand,
491 key->val);
492 hcon->enc_key_size = key->pin_len;
494 goto done;
497 build_pairing_cmd(conn, &cp, NULL, authreq);
498 conn->preq[0] = SMP_CMD_PAIRING_REQ;
499 memcpy(&conn->preq[1], &cp, sizeof(cp));
501 mod_timer(&conn->security_timer, jiffies +
502 msecs_to_jiffies(SMP_TIMEOUT));
504 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
505 } else {
506 struct smp_cmd_security_req cp;
507 cp.auth_req = authreq;
508 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
511 done:
512 hcon->pending_sec_level = sec_level;
513 set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
515 return 0;
518 static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
520 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
522 skb_pull(skb, sizeof(*rp));
524 memcpy(conn->tk, rp->ltk, sizeof(conn->tk));
526 return 0;
529 static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
531 struct smp_cmd_master_ident *rp = (void *) skb->data;
533 skb_pull(skb, sizeof(*rp));
535 hci_add_ltk(conn->hcon->hdev, 1, conn->src, conn->smp_key_size,
536 rp->ediv, rp->rand, conn->tk);
538 smp_distribute_keys(conn, 1);
540 return 0;
543 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
545 __u8 code = skb->data[0];
546 __u8 reason;
547 int err = 0;
549 if (!lmp_host_le_capable(conn->hcon->hdev)) {
550 err = -ENOTSUPP;
551 reason = SMP_PAIRING_NOTSUPP;
552 goto done;
555 if (IS_ERR(conn->hcon->hdev->tfm)) {
556 err = PTR_ERR(conn->hcon->hdev->tfm);
557 reason = SMP_PAIRING_NOTSUPP;
558 goto done;
561 skb_pull(skb, sizeof(code));
563 switch (code) {
564 case SMP_CMD_PAIRING_REQ:
565 reason = smp_cmd_pairing_req(conn, skb);
566 break;
568 case SMP_CMD_PAIRING_FAIL:
569 reason = 0;
570 err = -EPERM;
571 break;
573 case SMP_CMD_PAIRING_RSP:
574 reason = smp_cmd_pairing_rsp(conn, skb);
575 break;
577 case SMP_CMD_SECURITY_REQ:
578 reason = smp_cmd_security_req(conn, skb);
579 break;
581 case SMP_CMD_PAIRING_CONFIRM:
582 reason = smp_cmd_pairing_confirm(conn, skb);
583 break;
585 case SMP_CMD_PAIRING_RANDOM:
586 reason = smp_cmd_pairing_random(conn, skb);
587 break;
589 case SMP_CMD_ENCRYPT_INFO:
590 reason = smp_cmd_encrypt_info(conn, skb);
591 break;
593 case SMP_CMD_MASTER_IDENT:
594 reason = smp_cmd_master_ident(conn, skb);
595 break;
597 case SMP_CMD_IDENT_INFO:
598 case SMP_CMD_IDENT_ADDR_INFO:
599 case SMP_CMD_SIGN_INFO:
600 /* Just ignored */
601 reason = 0;
602 break;
604 default:
605 BT_DBG("Unknown command code 0x%2.2x", code);
607 reason = SMP_CMD_NOTSUPP;
608 err = -EOPNOTSUPP;
609 goto done;
612 done:
613 if (reason)
614 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
615 &reason);
617 kfree_skb(skb);
618 return err;
621 int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
623 struct smp_cmd_pairing *req, *rsp;
624 __u8 *keydist;
626 BT_DBG("conn %p force %d", conn, force);
628 if (IS_ERR(conn->hcon->hdev->tfm))
629 return PTR_ERR(conn->hcon->hdev->tfm);
631 rsp = (void *) &conn->prsp[1];
633 /* The responder sends its keys first */
634 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
635 return 0;
637 req = (void *) &conn->preq[1];
639 if (conn->hcon->out) {
640 keydist = &rsp->init_key_dist;
641 *keydist &= req->init_key_dist;
642 } else {
643 keydist = &rsp->resp_key_dist;
644 *keydist &= req->resp_key_dist;
648 BT_DBG("keydist 0x%x", *keydist);
650 if (*keydist & SMP_DIST_ENC_KEY) {
651 struct smp_cmd_encrypt_info enc;
652 struct smp_cmd_master_ident ident;
653 __le16 ediv;
655 get_random_bytes(enc.ltk, sizeof(enc.ltk));
656 get_random_bytes(&ediv, sizeof(ediv));
657 get_random_bytes(ident.rand, sizeof(ident.rand));
659 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
661 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, conn->smp_key_size,
662 ediv, ident.rand, enc.ltk);
664 ident.ediv = cpu_to_le16(ediv);
666 smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
668 *keydist &= ~SMP_DIST_ENC_KEY;
671 if (*keydist & SMP_DIST_ID_KEY) {
672 struct smp_cmd_ident_addr_info addrinfo;
673 struct smp_cmd_ident_info idinfo;
675 /* Send a dummy key */
676 get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
678 smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
680 /* Just public address */
681 memset(&addrinfo, 0, sizeof(addrinfo));
682 bacpy(&addrinfo.bdaddr, conn->src);
684 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
685 &addrinfo);
687 *keydist &= ~SMP_DIST_ID_KEY;
690 if (*keydist & SMP_DIST_SIGN) {
691 struct smp_cmd_sign_info sign;
693 /* Send a dummy key */
694 get_random_bytes(sign.csrk, sizeof(sign.csrk));
696 smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign);
698 *keydist &= ~SMP_DIST_SIGN;
701 return 0;