1 /*
2 * Copyright (c) 2017 Nordic Semiconductor ASA
3 * Copyright (c) 2015 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <stdint.h>
9
10 #include <sys/byteorder.h>
11
12 #include <bluetooth/buf.h>
13 #include <bluetooth/hci.h>
14 #include <bluetooth/addr.h>
15
16 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_HCI_CORE)
17 #define LOG_MODULE_NAME bt_ssp
18 #include "common/log.h"
19
20 #include "keys.h"
21
22 #include "hci_core.h"
23 #include "conn_internal.h"
24
25 enum pairing_method {
26 LEGACY, /* Legacy (pre-SSP) pairing */
27 JUST_WORKS, /* JustWorks pairing */
28 PASSKEY_INPUT, /* Passkey Entry input */
29 PASSKEY_DISPLAY, /* Passkey Entry display */
30 PASSKEY_CONFIRM, /* Passkey confirm */
31 };
32
33 /* based on table 5.7, Core Spec 4.2, Vol.3 Part C, 5.2.2.6 */
34 static const uint8_t ssp_method[4 /* remote */][4 /* local */] = {
35 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS },
36 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS },
37 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS },
38 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
39 };
40
pin_code_neg_reply(const bt_addr_t * bdaddr)41 static int pin_code_neg_reply(const bt_addr_t *bdaddr)
42 {
43 struct bt_hci_cp_pin_code_neg_reply *cp;
44 struct net_buf *buf;
45
46 BT_DBG("");
47
48 buf = bt_hci_cmd_create(BT_HCI_OP_PIN_CODE_NEG_REPLY, sizeof(*cp));
49 if (!buf) {
50 return -ENOBUFS;
51 }
52
53 cp = net_buf_add(buf, sizeof(*cp));
54 bt_addr_copy(&cp->bdaddr, bdaddr);
55
56 return bt_hci_cmd_send_sync(BT_HCI_OP_PIN_CODE_NEG_REPLY, buf, NULL);
57 }
58
pin_code_reply(struct bt_conn * conn,const char * pin,uint8_t len)59 static int pin_code_reply(struct bt_conn *conn, const char *pin, uint8_t len)
60 {
61 struct bt_hci_cp_pin_code_reply *cp;
62 struct net_buf *buf;
63
64 BT_DBG("");
65
66 buf = bt_hci_cmd_create(BT_HCI_OP_PIN_CODE_REPLY, sizeof(*cp));
67 if (!buf) {
68 return -ENOBUFS;
69 }
70
71 cp = net_buf_add(buf, sizeof(*cp));
72
73 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
74 cp->pin_len = len;
75 strncpy((char *)cp->pin_code, pin, sizeof(cp->pin_code));
76
77 return bt_hci_cmd_send_sync(BT_HCI_OP_PIN_CODE_REPLY, buf, NULL);
78 }
79
bt_conn_auth_pincode_entry(struct bt_conn * conn,const char * pin)80 int bt_conn_auth_pincode_entry(struct bt_conn *conn, const char *pin)
81 {
82 size_t len;
83
84 if (!bt_auth) {
85 return -EINVAL;
86 }
87
88 if (conn->type != BT_CONN_TYPE_BR) {
89 return -EINVAL;
90 }
91
92 len = strlen(pin);
93 if (len > 16) {
94 return -EINVAL;
95 }
96
97 if (conn->required_sec_level == BT_SECURITY_L3 && len < 16) {
98 BT_WARN("PIN code for %s is not 16 bytes wide",
99 bt_addr_str(&conn->br.dst));
100 return -EPERM;
101 }
102
103 /* Allow user send entered PIN to remote, then reset user state. */
104 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
105 return -EPERM;
106 }
107
108 if (len == 16) {
109 atomic_set_bit(conn->flags, BT_CONN_BR_LEGACY_SECURE);
110 }
111
112 return pin_code_reply(conn, pin, len);
113 }
114
pin_code_req(struct bt_conn * conn)115 static void pin_code_req(struct bt_conn *conn)
116 {
117 if (bt_auth && bt_auth->pincode_entry) {
118 bool secure = false;
119
120 if (conn->required_sec_level == BT_SECURITY_L3) {
121 secure = true;
122 }
123
124 atomic_set_bit(conn->flags, BT_CONN_USER);
125 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING);
126 bt_auth->pincode_entry(conn, secure);
127 } else {
128 pin_code_neg_reply(&conn->br.dst);
129 }
130 }
131
get_io_capa(void)132 static uint8_t get_io_capa(void)
133 {
134 if (!bt_auth) {
135 return BT_IO_NO_INPUT_OUTPUT;
136 }
137
138 if (bt_auth->passkey_confirm && bt_auth->passkey_display) {
139 return BT_IO_DISPLAY_YESNO;
140 }
141
142 if (bt_auth->passkey_entry) {
143 return BT_IO_KEYBOARD_ONLY;
144 }
145
146 if (bt_auth->passkey_display) {
147 return BT_IO_DISPLAY_ONLY;
148 }
149
150 return BT_IO_NO_INPUT_OUTPUT;
151 }
152
ssp_pair_method(const struct bt_conn * conn)153 static uint8_t ssp_pair_method(const struct bt_conn *conn)
154 {
155 return ssp_method[conn->br.remote_io_capa][get_io_capa()];
156 }
157
ssp_get_auth(const struct bt_conn * conn)158 static uint8_t ssp_get_auth(const struct bt_conn *conn)
159 {
160 /* Validate no bond auth request, and if valid use it. */
161 if ((conn->br.remote_auth == BT_HCI_NO_BONDING) ||
162 ((conn->br.remote_auth == BT_HCI_NO_BONDING_MITM) &&
163 (ssp_pair_method(conn) > JUST_WORKS))) {
164 return conn->br.remote_auth;
165 }
166
167 /* Local & remote have enough IO capabilities to get MITM protection. */
168 if (ssp_pair_method(conn) > JUST_WORKS) {
169 return conn->br.remote_auth | BT_MITM;
170 }
171
172 /* No MITM protection possible so ignore remote MITM requirement. */
173 return (conn->br.remote_auth & ~BT_MITM);
174 }
175
ssp_confirm_reply(struct bt_conn * conn)176 static int ssp_confirm_reply(struct bt_conn *conn)
177 {
178 struct bt_hci_cp_user_confirm_reply *cp;
179 struct net_buf *buf;
180
181 BT_DBG("");
182
183 buf = bt_hci_cmd_create(BT_HCI_OP_USER_CONFIRM_REPLY, sizeof(*cp));
184 if (!buf) {
185 return -ENOBUFS;
186 }
187
188 cp = net_buf_add(buf, sizeof(*cp));
189 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
190
191 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_CONFIRM_REPLY, buf, NULL);
192 }
193
ssp_confirm_neg_reply(struct bt_conn * conn)194 static int ssp_confirm_neg_reply(struct bt_conn *conn)
195 {
196 struct bt_hci_cp_user_confirm_reply *cp;
197 struct net_buf *buf;
198
199 BT_DBG("");
200
201 buf = bt_hci_cmd_create(BT_HCI_OP_USER_CONFIRM_NEG_REPLY, sizeof(*cp));
202 if (!buf) {
203 return -ENOBUFS;
204 }
205
206 cp = net_buf_add(buf, sizeof(*cp));
207 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
208
209 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_CONFIRM_NEG_REPLY, buf,
210 NULL);
211 }
212
ssp_pairing_complete(struct bt_conn * conn,uint8_t status)213 static void ssp_pairing_complete(struct bt_conn *conn, uint8_t status)
214 {
215 if (!status) {
216 bool bond = !atomic_test_bit(conn->flags, BT_CONN_BR_NOBOND);
217
218 if (bt_auth && bt_auth->pairing_complete) {
219 bt_auth->pairing_complete(conn, bond);
220 }
221 } else {
222 if (bt_auth && bt_auth->pairing_failed) {
223 bt_auth->pairing_failed(conn, status);
224 }
225 }
226 }
227
ssp_auth(struct bt_conn * conn,uint32_t passkey)228 static void ssp_auth(struct bt_conn *conn, uint32_t passkey)
229 {
230 conn->br.pairing_method = ssp_pair_method(conn);
231
232 /*
233 * If local required security is HIGH then MITM is mandatory.
234 * MITM protection is no achievable when SSP 'justworks' is applied.
235 */
236 if (conn->required_sec_level > BT_SECURITY_L2 &&
237 conn->br.pairing_method == JUST_WORKS) {
238 BT_DBG("MITM protection infeasible for required security");
239 ssp_confirm_neg_reply(conn);
240 return;
241 }
242
243 switch (conn->br.pairing_method) {
244 case PASSKEY_CONFIRM:
245 atomic_set_bit(conn->flags, BT_CONN_USER);
246 bt_auth->passkey_confirm(conn, passkey);
247 break;
248 case PASSKEY_DISPLAY:
249 atomic_set_bit(conn->flags, BT_CONN_USER);
250 bt_auth->passkey_display(conn, passkey);
251 break;
252 case PASSKEY_INPUT:
253 atomic_set_bit(conn->flags, BT_CONN_USER);
254 bt_auth->passkey_entry(conn);
255 break;
256 case JUST_WORKS:
257 /*
258 * When local host works as pairing acceptor and 'justworks'
259 * model is applied then notify user about such pairing request.
260 * [BT Core 4.2 table 5.7, Vol 3, Part C, 5.2.2.6]
261 */
262 if (bt_auth && bt_auth->pairing_confirm &&
263 !atomic_test_bit(conn->flags,
264 BT_CONN_BR_PAIRING_INITIATOR)) {
265 atomic_set_bit(conn->flags, BT_CONN_USER);
266 bt_auth->pairing_confirm(conn);
267 break;
268 }
269 ssp_confirm_reply(conn);
270 break;
271 default:
272 break;
273 }
274 }
275
ssp_passkey_reply(struct bt_conn * conn,unsigned int passkey)276 static int ssp_passkey_reply(struct bt_conn *conn, unsigned int passkey)
277 {
278 struct bt_hci_cp_user_passkey_reply *cp;
279 struct net_buf *buf;
280
281 BT_DBG("");
282
283 buf = bt_hci_cmd_create(BT_HCI_OP_USER_PASSKEY_REPLY, sizeof(*cp));
284 if (!buf) {
285 return -ENOBUFS;
286 }
287
288 cp = net_buf_add(buf, sizeof(*cp));
289 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
290 cp->passkey = sys_cpu_to_le32(passkey);
291
292 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_PASSKEY_REPLY, buf, NULL);
293 }
294
ssp_passkey_neg_reply(struct bt_conn * conn)295 static int ssp_passkey_neg_reply(struct bt_conn *conn)
296 {
297 struct bt_hci_cp_user_passkey_neg_reply *cp;
298 struct net_buf *buf;
299
300 BT_DBG("");
301
302 buf = bt_hci_cmd_create(BT_HCI_OP_USER_PASSKEY_NEG_REPLY, sizeof(*cp));
303 if (!buf) {
304 return -ENOBUFS;
305 }
306
307 cp = net_buf_add(buf, sizeof(*cp));
308 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
309
310 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_PASSKEY_NEG_REPLY, buf,
311 NULL);
312 }
313
conn_auth(struct bt_conn * conn)314 static int conn_auth(struct bt_conn *conn)
315 {
316 struct bt_hci_cp_auth_requested *auth;
317 struct net_buf *buf;
318
319 BT_DBG("");
320
321 buf = bt_hci_cmd_create(BT_HCI_OP_AUTH_REQUESTED, sizeof(*auth));
322 if (!buf) {
323 return -ENOBUFS;
324 }
325
326 auth = net_buf_add(buf, sizeof(*auth));
327 auth->handle = sys_cpu_to_le16(conn->handle);
328
329 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING_INITIATOR);
330
331 return bt_hci_cmd_send_sync(BT_HCI_OP_AUTH_REQUESTED, buf, NULL);
332 }
333
bt_ssp_start_security(struct bt_conn * conn)334 int bt_ssp_start_security(struct bt_conn *conn)
335 {
336 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING)) {
337 return -EBUSY;
338 }
339
340 if (conn->required_sec_level > BT_SECURITY_L3) {
341 return -ENOTSUP;
342 }
343
344 if (get_io_capa() == BT_IO_NO_INPUT_OUTPUT &&
345 conn->required_sec_level > BT_SECURITY_L2) {
346 return -EINVAL;
347 }
348
349 return conn_auth(conn);
350 }
351
bt_ssp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)352 int bt_ssp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
353 {
354 /* User entered passkey, reset user state. */
355 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
356 return -EPERM;
357 }
358
359 if (conn->br.pairing_method == PASSKEY_INPUT) {
360 return ssp_passkey_reply(conn, passkey);
361 }
362
363 return -EINVAL;
364 }
365
bt_ssp_auth_passkey_confirm(struct bt_conn * conn)366 int bt_ssp_auth_passkey_confirm(struct bt_conn *conn)
367 {
368 /* Allow user confirm passkey value, then reset user state. */
369 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
370 return -EPERM;
371 }
372
373 return ssp_confirm_reply(conn);
374 }
375
bt_ssp_auth_pairing_confirm(struct bt_conn * conn)376 int bt_ssp_auth_pairing_confirm(struct bt_conn *conn)
377 {
378 return ssp_confirm_reply(conn);
379 }
380
bt_ssp_auth_cancel(struct bt_conn * conn)381 int bt_ssp_auth_cancel(struct bt_conn *conn)
382 {
383 /* Allow user cancel authentication, then reset user state. */
384 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
385 return -EPERM;
386 }
387
388 switch (conn->br.pairing_method) {
389 case JUST_WORKS:
390 case PASSKEY_CONFIRM:
391 return ssp_confirm_neg_reply(conn);
392 case PASSKEY_INPUT:
393 return ssp_passkey_neg_reply(conn);
394 case PASSKEY_DISPLAY:
395 return bt_conn_disconnect(conn,
396 BT_HCI_ERR_AUTH_FAIL);
397 case LEGACY:
398 return pin_code_neg_reply(&conn->br.dst);
399 default:
400 break;
401 }
402
403 return -EINVAL;
404 }
405
bt_hci_pin_code_req(struct net_buf * buf)406 void bt_hci_pin_code_req(struct net_buf *buf)
407 {
408 struct bt_hci_evt_pin_code_req *evt = (void *)buf->data;
409 struct bt_conn *conn;
410
411 BT_DBG("");
412
413 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
414 if (!conn) {
415 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
416 return;
417 }
418
419 pin_code_req(conn);
420 bt_conn_unref(conn);
421 }
422
bt_hci_link_key_notify(struct net_buf * buf)423 void bt_hci_link_key_notify(struct net_buf *buf)
424 {
425 struct bt_hci_evt_link_key_notify *evt = (void *)buf->data;
426 struct bt_conn *conn;
427
428 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
429 if (!conn) {
430 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
431 return;
432 }
433
434 BT_DBG("%s, link type 0x%02x", bt_addr_str(&evt->bdaddr), evt->key_type);
435
436 if (!conn->br.link_key) {
437 conn->br.link_key = bt_keys_get_link_key(&evt->bdaddr);
438 }
439 if (!conn->br.link_key) {
440 BT_ERR("Can't update keys for %s", bt_addr_str(&evt->bdaddr));
441 bt_conn_unref(conn);
442 return;
443 }
444
445 /* clear any old Link Key flags */
446 conn->br.link_key->flags = 0U;
447
448 switch (evt->key_type) {
449 case BT_LK_COMBINATION:
450 /*
451 * Setting Combination Link Key as AUTHENTICATED means it was
452 * successfully generated by 16 digits wide PIN code.
453 */
454 if (atomic_test_and_clear_bit(conn->flags,
455 BT_CONN_BR_LEGACY_SECURE)) {
456 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
457 }
458 memcpy(conn->br.link_key->val, evt->link_key, 16);
459 break;
460 case BT_LK_AUTH_COMBINATION_P192:
461 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
462 __fallthrough;
463 case BT_LK_UNAUTH_COMBINATION_P192:
464 /* Mark no-bond so that link-key is removed on disconnection */
465 if (ssp_get_auth(conn) < BT_HCI_DEDICATED_BONDING) {
466 atomic_set_bit(conn->flags, BT_CONN_BR_NOBOND);
467 }
468
469 memcpy(conn->br.link_key->val, evt->link_key, 16);
470 break;
471 case BT_LK_AUTH_COMBINATION_P256:
472 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
473 __fallthrough;
474 case BT_LK_UNAUTH_COMBINATION_P256:
475 conn->br.link_key->flags |= BT_LINK_KEY_SC;
476
477 /* Mark no-bond so that link-key is removed on disconnection */
478 if (ssp_get_auth(conn) < BT_HCI_DEDICATED_BONDING) {
479 atomic_set_bit(conn->flags, BT_CONN_BR_NOBOND);
480 }
481
482 memcpy(conn->br.link_key->val, evt->link_key, 16);
483 break;
484 default:
485 BT_WARN("Unsupported Link Key type %u", evt->key_type);
486 (void)memset(conn->br.link_key->val, 0,
487 sizeof(conn->br.link_key->val));
488 break;
489 }
490
491 if (IS_ENABLED(CONFIG_BT_SETTINGS) &&
492 !atomic_test_bit(conn->flags, BT_CONN_BR_NOBOND)) {
493 bt_keys_link_key_store(conn->br.link_key);
494 }
495
496 bt_conn_unref(conn);
497 }
498
link_key_neg_reply(const bt_addr_t * bdaddr)499 void link_key_neg_reply(const bt_addr_t *bdaddr)
500 {
501 struct bt_hci_cp_link_key_neg_reply *cp;
502 struct net_buf *buf;
503
504 BT_DBG("");
505
506 buf = bt_hci_cmd_create(BT_HCI_OP_LINK_KEY_NEG_REPLY, sizeof(*cp));
507 if (!buf) {
508 BT_ERR("Out of command buffers");
509 return;
510 }
511
512 cp = net_buf_add(buf, sizeof(*cp));
513 bt_addr_copy(&cp->bdaddr, bdaddr);
514 bt_hci_cmd_send_sync(BT_HCI_OP_LINK_KEY_NEG_REPLY, buf, NULL);
515 }
516
link_key_reply(const bt_addr_t * bdaddr,const uint8_t * lk)517 void link_key_reply(const bt_addr_t *bdaddr, const uint8_t *lk)
518 {
519 struct bt_hci_cp_link_key_reply *cp;
520 struct net_buf *buf;
521
522 BT_DBG("");
523
524 buf = bt_hci_cmd_create(BT_HCI_OP_LINK_KEY_REPLY, sizeof(*cp));
525 if (!buf) {
526 BT_ERR("Out of command buffers");
527 return;
528 }
529
530 cp = net_buf_add(buf, sizeof(*cp));
531 bt_addr_copy(&cp->bdaddr, bdaddr);
532 memcpy(cp->link_key, lk, 16);
533 bt_hci_cmd_send_sync(BT_HCI_OP_LINK_KEY_REPLY, buf, NULL);
534 }
535
bt_hci_link_key_req(struct net_buf * buf)536 void bt_hci_link_key_req(struct net_buf *buf)
537 {
538 struct bt_hci_evt_link_key_req *evt = (void *)buf->data;
539 struct bt_conn *conn;
540
541 BT_DBG("%s", bt_addr_str(&evt->bdaddr));
542
543 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
544 if (!conn) {
545 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
546 link_key_neg_reply(&evt->bdaddr);
547 return;
548 }
549
550 if (!conn->br.link_key) {
551 conn->br.link_key = bt_keys_find_link_key(&evt->bdaddr);
552 }
553
554 if (!conn->br.link_key) {
555 link_key_neg_reply(&evt->bdaddr);
556 bt_conn_unref(conn);
557 return;
558 }
559
560 /*
561 * Enforce regenerate by controller stronger link key since found one
562 * in database not covers requested security level.
563 */
564 if (!(conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) &&
565 conn->required_sec_level > BT_SECURITY_L2) {
566 link_key_neg_reply(&evt->bdaddr);
567 bt_conn_unref(conn);
568 return;
569 }
570
571 link_key_reply(&evt->bdaddr, conn->br.link_key->val);
572 bt_conn_unref(conn);
573 }
574
io_capa_neg_reply(const bt_addr_t * bdaddr,const uint8_t reason)575 void io_capa_neg_reply(const bt_addr_t *bdaddr, const uint8_t reason)
576 {
577 struct bt_hci_cp_io_capability_neg_reply *cp;
578 struct net_buf *resp_buf;
579
580 resp_buf = bt_hci_cmd_create(BT_HCI_OP_IO_CAPABILITY_NEG_REPLY,
581 sizeof(*cp));
582 if (!resp_buf) {
583 BT_ERR("Out of command buffers");
584 return;
585 }
586
587 cp = net_buf_add(resp_buf, sizeof(*cp));
588 bt_addr_copy(&cp->bdaddr, bdaddr);
589 cp->reason = reason;
590 bt_hci_cmd_send_sync(BT_HCI_OP_IO_CAPABILITY_NEG_REPLY, resp_buf, NULL);
591 }
592
bt_hci_io_capa_resp(struct net_buf * buf)593 void bt_hci_io_capa_resp(struct net_buf *buf)
594 {
595 struct bt_hci_evt_io_capa_resp *evt = (void *)buf->data;
596 struct bt_conn *conn;
597
598 BT_DBG("remote %s, IOcapa 0x%02x, auth 0x%02x",
599 bt_addr_str(&evt->bdaddr), evt->capability, evt->authentication);
600
601 if (evt->authentication > BT_HCI_GENERAL_BONDING_MITM) {
602 BT_ERR("Invalid remote authentication requirements");
603 io_capa_neg_reply(&evt->bdaddr,
604 BT_HCI_ERR_UNSUPP_FEATURE_PARAM_VAL);
605 return;
606 }
607
608 if (evt->capability > BT_IO_NO_INPUT_OUTPUT) {
609 BT_ERR("Invalid remote io capability requirements");
610 io_capa_neg_reply(&evt->bdaddr,
611 BT_HCI_ERR_UNSUPP_FEATURE_PARAM_VAL);
612 return;
613 }
614
615 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
616 if (!conn) {
617 BT_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
618 return;
619 }
620
621 conn->br.remote_io_capa = evt->capability;
622 conn->br.remote_auth = evt->authentication;
623 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING);
624 bt_conn_unref(conn);
625 }
626
bt_hci_io_capa_req(struct net_buf * buf)627 void bt_hci_io_capa_req(struct net_buf *buf)
628 {
629 struct bt_hci_evt_io_capa_req *evt = (void *)buf->data;
630 struct net_buf *resp_buf;
631 struct bt_conn *conn;
632 struct bt_hci_cp_io_capability_reply *cp;
633 uint8_t auth;
634
635 BT_DBG("");
636
637 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
638 if (!conn) {
639 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
640 return;
641 }
642
643 resp_buf = bt_hci_cmd_create(BT_HCI_OP_IO_CAPABILITY_REPLY,
644 sizeof(*cp));
645 if (!resp_buf) {
646 BT_ERR("Out of command buffers");
647 bt_conn_unref(conn);
648 return;
649 }
650
651 /*
652 * Set authentication requirements when acting as pairing initiator to
653 * 'dedicated bond' with MITM protection set if local IO capa
654 * potentially allows it, and for acceptor, based on local IO capa and
655 * remote's authentication set.
656 */
657 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING_INITIATOR)) {
658 if (get_io_capa() != BT_IO_NO_INPUT_OUTPUT) {
659 auth = BT_HCI_DEDICATED_BONDING_MITM;
660 } else {
661 auth = BT_HCI_DEDICATED_BONDING;
662 }
663 } else {
664 auth = ssp_get_auth(conn);
665 }
666
667 cp = net_buf_add(resp_buf, sizeof(*cp));
668 bt_addr_copy(&cp->bdaddr, &evt->bdaddr);
669 cp->capability = get_io_capa();
670 cp->authentication = auth;
671 cp->oob_data = 0U;
672 bt_hci_cmd_send_sync(BT_HCI_OP_IO_CAPABILITY_REPLY, resp_buf, NULL);
673 bt_conn_unref(conn);
674 }
675
bt_hci_ssp_complete(struct net_buf * buf)676 void bt_hci_ssp_complete(struct net_buf *buf)
677 {
678 struct bt_hci_evt_ssp_complete *evt = (void *)buf->data;
679 struct bt_conn *conn;
680
681 BT_DBG("status 0x%02x", evt->status);
682
683 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
684 if (!conn) {
685 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
686 return;
687 }
688
689 ssp_pairing_complete(conn, bt_security_err_get(evt->status));
690 if (evt->status) {
691 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
692 }
693
694 bt_conn_unref(conn);
695 }
696
bt_hci_user_confirm_req(struct net_buf * buf)697 void bt_hci_user_confirm_req(struct net_buf *buf)
698 {
699 struct bt_hci_evt_user_confirm_req *evt = (void *)buf->data;
700 struct bt_conn *conn;
701
702 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
703 if (!conn) {
704 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
705 return;
706 }
707
708 ssp_auth(conn, sys_le32_to_cpu(evt->passkey));
709 bt_conn_unref(conn);
710 }
711
bt_hci_user_passkey_notify(struct net_buf * buf)712 void bt_hci_user_passkey_notify(struct net_buf *buf)
713 {
714 struct bt_hci_evt_user_passkey_notify *evt = (void *)buf->data;
715 struct bt_conn *conn;
716
717 BT_DBG("");
718
719 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
720 if (!conn) {
721 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
722 return;
723 }
724
725 ssp_auth(conn, sys_le32_to_cpu(evt->passkey));
726 bt_conn_unref(conn);
727 }
728
bt_hci_user_passkey_req(struct net_buf * buf)729 void bt_hci_user_passkey_req(struct net_buf *buf)
730 {
731 struct bt_hci_evt_user_passkey_req *evt = (void *)buf->data;
732 struct bt_conn *conn;
733
734 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
735 if (!conn) {
736 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
737 return;
738 }
739
740 ssp_auth(conn, 0);
741 bt_conn_unref(conn);
742 }
743
link_encr(const uint16_t handle)744 static void link_encr(const uint16_t handle)
745 {
746 struct bt_hci_cp_set_conn_encrypt *encr;
747 struct net_buf *buf;
748
749 BT_DBG("");
750
751 buf = bt_hci_cmd_create(BT_HCI_OP_SET_CONN_ENCRYPT, sizeof(*encr));
752 if (!buf) {
753 BT_ERR("Out of command buffers");
754 return;
755 }
756
757 encr = net_buf_add(buf, sizeof(*encr));
758 encr->handle = sys_cpu_to_le16(handle);
759 encr->encrypt = 0x01;
760
761 bt_hci_cmd_send_sync(BT_HCI_OP_SET_CONN_ENCRYPT, buf, NULL);
762 }
763
bt_hci_auth_complete(struct net_buf * buf)764 void bt_hci_auth_complete(struct net_buf *buf)
765 {
766 struct bt_hci_evt_auth_complete *evt = (void *)buf->data;
767 struct bt_conn *conn;
768 uint16_t handle = sys_le16_to_cpu(evt->handle);
769
770 BT_DBG("status 0x%02x, handle %u", evt->status, handle);
771
772 conn = bt_conn_lookup_handle(handle);
773 if (!conn) {
774 BT_ERR("Can't find conn for handle %u", handle);
775 return;
776 }
777
778 if (evt->status) {
779 /*
780 * Inform layers above HCI about non-zero authentication
781 * status to make them able cleanup pending jobs.
782 */
783 bt_conn_security_changed(conn, evt->status,
784 bt_security_err_get(evt->status));
785 } else {
786 link_encr(handle);
787 }
788
789 bt_conn_unref(conn);
790 }
791
