2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25 #include <net/bluetooth/l2cap.h>
26 #include <net/bluetooth/smp.h>
27 #include <linux/crypto.h>
28 #include <crypto/b128ops.h>
30 static inline void swap128(u8 src
[16], u8 dst
[16])
33 for (i
= 0; i
< 16; i
++)
37 static inline void swap56(u8 src
[7], u8 dst
[7])
40 for (i
= 0; i
< 7; i
++)
44 static int smp_e(struct crypto_blkcipher
*tfm
, const u8
*k
, u8
*r
)
46 struct blkcipher_desc desc
;
47 struct scatterlist sg
;
49 unsigned char iv
[128];
52 BT_ERR("tfm %p", tfm
);
59 err
= crypto_blkcipher_setkey(tfm
, k
, 16);
61 BT_ERR("cipher setkey failed: %d", err
);
65 sg_init_one(&sg
, r
, 16);
67 iv_len
= crypto_blkcipher_ivsize(tfm
);
69 memset(&iv
, 0xff, iv_len
);
70 crypto_blkcipher_set_iv(tfm
, iv
, iv_len
);
73 err
= crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, 16);
75 BT_ERR("Encrypt data error %d", err
);
80 static int smp_c1(struct crypto_blkcipher
*tfm
, u8 k
[16], u8 r
[16],
81 u8 preq
[7], u8 pres
[7], u8 _iat
, bdaddr_t
*ia
,
82 u8 _rat
, bdaddr_t
*ra
, u8 res
[16])
89 /* p1 = pres || preq || _rat || _iat */
97 /* p2 = padding || ia || ra */
98 baswap((bdaddr_t
*) (p2
+ 4), ia
);
99 baswap((bdaddr_t
*) (p2
+ 10), ra
);
102 u128_xor((u128
*) res
, (u128
*) r
, (u128
*) p1
);
104 /* res = e(k, res) */
105 err
= smp_e(tfm
, k
, res
);
107 BT_ERR("Encrypt data error");
111 /* res = res XOR p2 */
112 u128_xor((u128
*) res
, (u128
*) res
, (u128
*) p2
);
114 /* res = e(k, res) */
115 err
= smp_e(tfm
, k
, res
);
117 BT_ERR("Encrypt data error");
122 static int smp_s1(struct crypto_blkcipher
*tfm
, u8 k
[16],
123 u8 r1
[16], u8 r2
[16], u8 _r
[16])
127 /* Just least significant octets from r1 and r2 are considered */
128 memcpy(_r
, r1
+ 8, 8);
129 memcpy(_r
+ 8, r2
+ 8, 8);
131 err
= smp_e(tfm
, k
, _r
);
133 BT_ERR("Encrypt data error");
138 static int smp_rand(u8
*buf
)
140 get_random_bytes(buf
, 16);
145 static struct sk_buff
*smp_build_cmd(struct l2cap_conn
*conn
, u8 code
,
146 u16 dlen
, void *data
)
149 struct l2cap_hdr
*lh
;
152 len
= L2CAP_HDR_SIZE
+ sizeof(code
) + dlen
;
157 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
161 lh
= (struct l2cap_hdr
*) skb_put(skb
, L2CAP_HDR_SIZE
);
162 lh
->len
= cpu_to_le16(sizeof(code
) + dlen
);
163 lh
->cid
= cpu_to_le16(L2CAP_CID_SMP
);
165 memcpy(skb_put(skb
, sizeof(code
)), &code
, sizeof(code
));
167 memcpy(skb_put(skb
, dlen
), data
, dlen
);
172 static void smp_send_cmd(struct l2cap_conn
*conn
, u8 code
, u16 len
, void *data
)
174 struct sk_buff
*skb
= smp_build_cmd(conn
, code
, len
, data
);
176 BT_DBG("code 0x%2.2x", code
);
181 hci_send_acl(conn
->hcon
, skb
, 0);
184 static void smp_cmd_pairing_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
186 struct smp_cmd_pairing
*rp
= (void *) skb
->data
;
188 BT_DBG("conn %p", conn
);
190 skb_pull(skb
, sizeof(*rp
));
192 rp
->io_capability
= 0x00;
194 rp
->max_key_size
= 16;
195 rp
->init_key_dist
= 0x00;
196 rp
->resp_key_dist
= 0x00;
197 rp
->auth_req
&= (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
199 smp_send_cmd(conn
, SMP_CMD_PAIRING_RSP
, sizeof(*rp
), rp
);
202 static void smp_cmd_pairing_rsp(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
204 struct smp_cmd_pairing_confirm cp
;
206 BT_DBG("conn %p", conn
);
208 memset(&cp
, 0, sizeof(cp
));
210 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(cp
), &cp
);
213 static void smp_cmd_pairing_confirm(struct l2cap_conn
*conn
,
216 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
218 if (conn
->hcon
->out
) {
219 struct smp_cmd_pairing_random random
;
221 memset(&random
, 0, sizeof(random
));
223 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(random
),
226 struct smp_cmd_pairing_confirm confirm
;
228 memset(&confirm
, 0, sizeof(confirm
));
230 smp_send_cmd(conn
, SMP_CMD_PAIRING_CONFIRM
, sizeof(confirm
),
235 static void smp_cmd_pairing_random(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
237 struct smp_cmd_pairing_random cp
;
239 BT_DBG("conn %p %s", conn
, conn
->hcon
->out
? "master" : "slave");
241 skb_pull(skb
, sizeof(cp
));
243 if (conn
->hcon
->out
) {
244 /* FIXME: start encryption */
246 memset(&cp
, 0, sizeof(cp
));
248 smp_send_cmd(conn
, SMP_CMD_PAIRING_RANDOM
, sizeof(cp
), &cp
);
252 static void smp_cmd_security_req(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
254 struct smp_cmd_security_req
*rp
= (void *) skb
->data
;
255 struct smp_cmd_pairing cp
;
257 BT_DBG("conn %p", conn
);
259 skb_pull(skb
, sizeof(*rp
));
260 memset(&cp
, 0, sizeof(cp
));
262 cp
.io_capability
= 0x00;
264 cp
.max_key_size
= 16;
265 cp
.init_key_dist
= 0x00;
266 cp
.resp_key_dist
= 0x00;
267 cp
.auth_req
= rp
->auth_req
& (SMP_AUTH_BONDING
| SMP_AUTH_MITM
);
269 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
272 int smp_conn_security(struct l2cap_conn
*conn
, __u8 sec_level
)
274 struct hci_conn
*hcon
= conn
->hcon
;
277 BT_DBG("conn %p hcon %p level 0x%2.2x", conn
, hcon
, sec_level
);
279 if (IS_ERR(hcon
->hdev
->tfm
))
283 case BT_SECURITY_MEDIUM
:
284 /* Encrypted, no MITM protection */
285 authreq
= HCI_AT_NO_BONDING_MITM
;
288 case BT_SECURITY_HIGH
:
289 /* Bonding, MITM protection */
290 authreq
= HCI_AT_GENERAL_BONDING_MITM
;
293 case BT_SECURITY_LOW
:
298 if (hcon
->link_mode
& HCI_LM_MASTER
) {
299 struct smp_cmd_pairing cp
;
300 cp
.io_capability
= 0x00;
302 cp
.max_key_size
= 16;
303 cp
.init_key_dist
= 0x00;
304 cp
.resp_key_dist
= 0x00;
305 cp
.auth_req
= authreq
;
306 smp_send_cmd(conn
, SMP_CMD_PAIRING_REQ
, sizeof(cp
), &cp
);
308 struct smp_cmd_security_req cp
;
309 cp
.auth_req
= authreq
;
310 smp_send_cmd(conn
, SMP_CMD_SECURITY_REQ
, sizeof(cp
), &cp
);
316 int smp_sig_channel(struct l2cap_conn
*conn
, struct sk_buff
*skb
)
318 __u8 code
= skb
->data
[0];
322 if (IS_ERR(conn
->hcon
->hdev
->tfm
)) {
323 err
= PTR_ERR(conn
->hcon
->hdev
->tfm
);
324 reason
= SMP_PAIRING_NOTSUPP
;
328 skb_pull(skb
, sizeof(code
));
331 case SMP_CMD_PAIRING_REQ
:
332 smp_cmd_pairing_req(conn
, skb
);
335 case SMP_CMD_PAIRING_FAIL
:
338 case SMP_CMD_PAIRING_RSP
:
339 smp_cmd_pairing_rsp(conn
, skb
);
342 case SMP_CMD_SECURITY_REQ
:
343 smp_cmd_security_req(conn
, skb
);
346 case SMP_CMD_PAIRING_CONFIRM
:
347 smp_cmd_pairing_confirm(conn
, skb
);
350 case SMP_CMD_PAIRING_RANDOM
:
351 smp_cmd_pairing_random(conn
, skb
);
354 case SMP_CMD_ENCRYPT_INFO
:
355 case SMP_CMD_MASTER_IDENT
:
356 case SMP_CMD_IDENT_INFO
:
357 case SMP_CMD_IDENT_ADDR_INFO
:
358 case SMP_CMD_SIGN_INFO
:
360 BT_DBG("Unknown command code 0x%2.2x", code
);
362 reason
= SMP_CMD_NOTSUPP
;
369 smp_send_cmd(conn
, SMP_CMD_PAIRING_FAIL
, sizeof(reason
),