Commit Graph

36 Commits

Author SHA1 Message Date
Szymon Janc 6de50c5aa6 Bluetooth: Store LE SC Public Key in SMP code
There is no need to keep this in bt_dev structure as this is not
used outside of SMP code.

Change-Id: I24a1d9daffb4d382bf1ed07a5645e4cbdafa3c5e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-10 19:13:01 -05:00
Johan Hedberg 672bf0d63c Bluetooth: SMP: Return errors from authentication APIs
This way we can pass any errors back to the application.

Change-Id: Ic53b858a73436e1c9c4d03e358aeffae7fd837ab
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:25:19 -05:00
Szymon Janc bdbd425d42 Bluetooth: SMP: Remove unused function declaration
Change-Id: I8de54a275a2d5bbc56792bf5f95af8f9e9800018
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:25:18 -05:00
Arkadiusz Lichwa 0afdae9677 Bluetooth: SMP: Refactor authentication
Moves object handling user authentication callback interface exposed
in public API to hci core module and exports internally LE SMP
authentication handlers.
The stack authentication API methods call based on connection type
the correct internal methods. Currently only LE SMP backend
is implemented.
Make getting local io capa in runtime.

Change-Id: I17459096616a620467b4fa01c53fd4bc0b59af9b
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
2016-02-05 20:25:09 -05:00
Szymon Janc 97fb4d2990 Bluetooth: SMP: Delay LE SC pairing until PublicKey is generated
If HCI based ECC is used we should delay sending local Public Key in
LE SC pairing until it is generated by controller.

Change-Id: Ic979fc8efa40a8089ac2b74cbcfac21bdca79bfe
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:25:02 -05:00
Szymon Janc 341f81bd81 Bluetooth: SMP: Refactor keys handling
This refactor the way stored keys are handled to avoid overwriting
existing keys with new keys in case of pairing failed. Main goal is
to delay update of keys (including type and encryption size) until
link is succesfully encrypted with new key (legacy STK or LE SC LTK).

To fix this properly, TK is used to store STK or LE SC LTK and updates
of keys properties are done only on successfull encryption. This makes
code less error prone since update is done only in one place in code.
Also quering SMP code for current key makes sure that correct keys is
used in case of re-pairing.

Change-Id: I6b9e3d8229de522143e0d1fbfe0bd8223dad2a56
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:52 -05:00
Szymon Janc 5c97a0678c Bluetooth: SMP: Calculate LTK and MacKey for LE SC
This implementes f5 function and use it to generate LTK and
MacKey.

Change-Id: I86d9a958d5009796ea04f2447e1bad9eb63981ce
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:49 -05:00
Szymon Janc 2eada0eb3c Bluetooth: SMP: Add initial bits of LE SC support
This adds initial pieces for LE SC support including pairing method
selection, authentication field updates, confirmation generation and
public key sending.

Change-Id: I91dcd0058c8f45ea19df89c2336142d927b08235
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:49 -05:00
Szymon Janc 057f069734 Bluetooth: SMP: Add defines for LE Secure Connections
Change-Id: I94c31bc4656bc261892dbac4341f13a706594c2f
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:49 -05:00
Johan Hedberg dfdd7b24de Bluetooth: smp: Convert to net_buf API
Convert the code to use the net_buf API instead of the soon to be
removed bt_buf API.

Change-Id: I3c7f6c5ec2b447adc8855acf8d66205434ce08eb
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:24:38 -05:00
Szymon Janc 3def4202ae Bluetooth: SMP: Ignore unsupported AuthReq in Security Request
If Security Request with unsupported flags is received just ignore them
instead of repairing. This is already done for Pairing Request but was
missing in Security Request.

Since we are still on 4.0 just remove any new bits definitions and update
BT_SMP_AUTH_MASK accordingly.

This fix constant repairing (instead of just enabling encryption) with
peripherals that support LE Secure Connections.

Change-Id: Ic053590755e97eadbcadbea788670c050f895d32
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:31 -05:00
Szymon Janc e896804811 Bluetooth: SMP: Add support for encryption key size reduction
This allows to pair with devices that use reduced encryption key size.
Encryption key size is stored with keys for future use. LTKs are kept
in full form (16 bytes) and are reduced only when used.

As master:
< ACL Data TX: Handle 64 flags 0x00 dlen 11
      SMP: Pairing Request (0x01) len 6
        IO capability: NoInputNoOutput (0x03)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, No MITM, Legacy,
                                    No Keypresses (0x01)
        Max encryption key size: 16
        Initiator key distribution: EncKey Sign (0x05)
        Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 64 flags 0x02 dlen 11
      SMP: Pairing Response (0x02) len 6
        IO capability: KeyboardDisplay (0x04)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: No bonding, No MITM, Legacy,
                                    No Keypresses (0x00)
        Max encryption key size: 7
        Initiator key distribution: <none> (0x00)
        Responder key distribution: <none> (0x00)
...
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
        Handle: 64
        Random number: 0x0000000000000000
        Encrypted diversifier: 0x0000
        Long term key: df3cff52a981d6000000000000000000

As slave:
> ACL Data RX: Handle 64 flags 0x02 dlen 11
      SMP: Pairing Request (0x01) len 6
        IO capability: KeyboardDisplay (0x04)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: No bonding, No MITM, Legacy,
                                    No Keypresses (0x00)
        Max encryption key size: 7
        Initiator key distribution: <none> (0x00)
        Responder key distribution: <none> (0x00)
< ACL Data TX: Handle 64 flags 0x00 dlen 11
      SMP: Pairing Response (0x02) len 6
        IO capability: NoInputNoOutput (0x03)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: No bonding, No MITM, Legacy,
                                    No Keypresses (0x00)
        Max encryption key size: 16
        Initiator key distribution: <none> (0x00)
        Responder key distribution: <none> (0x00)
...
> HCI Event: LE Meta Event (0x3e) plen 13
      LE Long Term Key Request (0x05)
        Handle: 64
        Random number: 0x0000000000000000
        Encrypted diversifier: 0x0000
< HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
        Handle: 64
        Long term key: 701b431a9e17bb000000000000000000

Change-Id: Ibc70aa01c040aff0d39410d273d6880d35aa5ae0
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:24:30 -05:00
Javier B Perez Hernandez f7fffae8aa Change BSD-3 licenses to Apache 2
Change all the Intel and Wind River code license from BSD-3 to Apache 2.

Change-Id: Id8be2c1c161a06ea8a0b9f38e17660e11dbb384b
Signed-off-by: Javier B Perez Hernandez <javier.b.perez.hernandez@linux.intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
2016-02-05 20:24:29 -05:00
Szymon Janc cc261005f2 Bluetooth: Remove includes from internal headers
All required includes should be placed in source file that includes
internal header.

Change-Id: I161e7ebe2e62377ea4cf03f759d48f5900103076
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
2016-02-05 20:16:16 -05:00
Andrei Emeltchenko 5c8fda8e67 Bluetooth: Add data signing function
bt_smp_sign_packet() signs data packet adding signature and count at
the end of data.

Change-Id: I6cca931cf33d74a765f4b4aa126aae10bee7ef4c
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:15:24 -05:00
Andrei Emeltchenko b029073dee Bluetooth: Add signature verification function
bt_smp_sign_verify() checks signature if csrk is present.

Change-Id: I90be8be769539860a245b141bf27549a3506a111
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:15:23 -05:00
Andrei Emeltchenko 37bff2b3be Bluetooth: Generate and distribute local CSRK key
Connection Signature Resolving Keys allows to sign data sent over not
encrypted connection.

Change-Id: Ia73e5572acc99f53a183f94597d57865563279d1
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:14:44 -05:00
Andrei Emeltchenko 82fddc9cbc Bluetooth: Add AES-CMAC calculation based on AES 128 bit cipher
In a case there no crypto library, AES-CMAC Message Authentication Code
might be calculated with the help of Host Controller LE Encrypt command.

Change-Id: If7073bf4baa3f86c04728712f6789cc269673da7
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:14:41 -05:00
Johan Hedberg fe41cec885 Bluetooth: Move bt_security to conn.h and rename it appropriately
Change-Id: Ibea6e4ef08c68e9debf0c53036dd2e4f75ea9a72
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:40 -05:00
Szymon Janc 59e78e4d41 Bluetooth: SMP: Add support for sending security request
This allows to request sequrity as a slave.

Change-Id: Ieab15c2ab20403a5a22b13a331405276a7d4074f
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
2016-02-05 20:14:35 -05:00
Mariusz Skamra 8beeb0f3d3 Bluetooth: SMP: Fix smp_send_pairing_req function name
Prefix smp_send_pairing_req with bt_* to maintain proper
namespace in API.

Change-Id: Ia1f0d1291c5298034b9f1312b0d5a94aaa099cd0
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
2016-02-05 20:14:35 -05:00
Szymon Janc bdb7044f09 Bluetooth: SMP: Make bt_smp_init parameters explicit void
Change-Id: I307ebd13cf031af3359176a19d6a9d4c067cf0ec
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
2016-02-05 20:14:34 -05:00
Szymon Janc 3f8e289402 Bluetooth: SMP: Handle security request from slave
If sufficently strong key exists enable encryption. If no key is
present or key doesn't meet auth requirements start pairing.

Change-Id: I50be66f895d02dbbce49290c21bbc445ab734b4b
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
2016-02-05 20:14:32 -05:00
Szymon Janc b3d94667a2 Bluetooth: SMP: Add initial support for sending pairing request
This allows to send pairing request and receive pairing response.

Change-Id: Ic7ad120a2d32896c4edd20b0020c5727bcc30f37
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
2016-02-05 20:14:31 -05:00
Johan Hedberg 451b105978 Bluetooth: Use __packed instead of the deprecated PACK_STRUCT
The PACK_STRUCT macro will be removed soon and __packed is what all
code should use. Convert all the usages in Bluetooth code.

Change-Id: Id5c724566565f67fa8167b61398c508194ece89b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:18 -05:00
Johan Hedberg 0fb7461140 Bluetooth: SMP: Set correct minimum encryption key size
For now we don't support key shortening, so set the minimum value
appropriately to 16 bytes. Once key shortening is implemented this
value can be lowered again.

Change-Id: I172d0bf6d04ba4c5eaa7bbf8ae2accfa373eebb5
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:18 -05:00
Johan Hedberg 86eb6667cf Bluetooth: SMP: Add IRK resolving support
Add support for the SMP ah() crypto function which is used to match up
IRKs with RPAs.

Change-Id: Iaea8397ea401df800259dfab2ce97187aa5e2df6
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:17 -05:00
Johan Hedberg 9cdd128eab Bluetooth: SMP: Add support for receiving remote IRK
Add support for handing the Identity Info and Identity Address Info
SMP PDUs.

Change-Id: Ie0ed57e2c1819a1619b9eaa340ed22666c81eea8
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:17 -05:00
Johan Hedberg 20b2d70a56 Bluetooth: SMP: Add more protocol defines
Add more defines needed to do key distribution and using correct
values for the authentication requirement.

Change-Id: I674c143d26ee31e9473c50c181c2947a305025fd
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:03 -05:00
Johan Hedberg 0b099acb4c Bluetooth: Add registration mechanism for L2CAP channels
We'll either way need various callbacks as well as get rid of the
channel-specific contexts in conn.h, so add a dynamic way of
registering fixed channels. The LE signaling channel is handled in the
same way as any other channel.

Change-Id: I5f8c1af3c8e3d107212becf507a5a6485838e081
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:03 -05:00
Johan Hedberg 5071a46ac8 Bluetooth: SMP: Add full Pairing Confirm & Random handling
Add tracking of the confirmation values, remote random value and the
temporary key value. This also involves implementing the SMP e()
function with the help of the HCI_LE_Encrypt command.

Change-Id: I4cdad917e9689bbe16cd908941d0335c1c33f870
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2016-02-05 20:14:02 -05:00
Andrei Emeltchenko 0aadf6ce69 Bluetooth: Add SMP Pairing Confirm skeleton
Change-Id: I484e24f111212acf3e920b4eed56d69e6b94493d
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:13:57 -05:00
Andrei Emeltchenko b7dddcff00 Bluetooth: Add SMP Pairing Request skeleton
Add handling of SMP Pairing Request for Pairing Feature Exchange. In
the beginning support Just Works pairing method.

Change-Id: I8aab10683e9f26db4e0e9cb1bb9a8dc8940f0ab0
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:13:57 -05:00
Andrei Emeltchenko d780f70339 Bluetooth: trivial empty space fix
Change-Id: I933dae2543f0f0c722736a3b3be79cf5494e9ff6
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:13:57 -05:00
Andrei Emeltchenko 3750a7eb36 Bluetooth: Implement SMP error response
Add bt_smp_create_pdu() helper and implement send_err_rsp for an
unknown SMP command.

Change-Id: Iaed0811f3323f62aaa56eb531fb383cf15396ef8
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:13:57 -05:00
Andrei Emeltchenko 69f94f2484 Bluetooth: Add skeleton for SMP handling
Add support for Security Manager Protocol fixed channel. SMP handling
would be done in smp.c.

Change-Id: I26d3d098c6b1c3d03aad958d83dfee09e03add1d
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
2016-02-05 20:13:57 -05:00