If HCI based ECC is used we should delay sending local Public Key in
LE SC pairing until it is generated by controller.
Change-Id: Ic979fc8efa40a8089ac2b74cbcfac21bdca79bfe
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This refactor the way stored keys are handled to avoid overwriting
existing keys with new keys in case of pairing failed. Main goal is
to delay update of keys (including type and encryption size) until
link is succesfully encrypted with new key (legacy STK or LE SC LTK).
To fix this properly, TK is used to store STK or LE SC LTK and updates
of keys properties are done only on successfull encryption. This makes
code less error prone since update is done only in one place in code.
Also quering SMP code for current key makes sure that correct keys is
used in case of re-pairing.
Change-Id: I6b9e3d8229de522143e0d1fbfe0bd8223dad2a56
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This implementes f5 function and use it to generate LTK and
MacKey.
Change-Id: I86d9a958d5009796ea04f2447e1bad9eb63981ce
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This adds initial pieces for LE SC support including pairing method
selection, authentication field updates, confirmation generation and
public key sending.
Change-Id: I91dcd0058c8f45ea19df89c2336142d927b08235
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Convert the code to use the net_buf API instead of the soon to be
removed bt_buf API.
Change-Id: I3c7f6c5ec2b447adc8855acf8d66205434ce08eb
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If Security Request with unsupported flags is received just ignore them
instead of repairing. This is already done for Pairing Request but was
missing in Security Request.
Since we are still on 4.0 just remove any new bits definitions and update
BT_SMP_AUTH_MASK accordingly.
This fix constant repairing (instead of just enabling encryption) with
peripherals that support LE Secure Connections.
Change-Id: Ic053590755e97eadbcadbea788670c050f895d32
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to pair with devices that use reduced encryption key size.
Encryption key size is stored with keys for future use. LTKs are kept
in full form (16 bytes) and are reduced only when used.
As master:
< ACL Data TX: Handle 64 flags 0x00 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, Legacy,
No Keypresses (0x01)
Max encryption key size: 16
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 64 flags 0x02 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 7
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
...
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
Handle: 64
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
Long term key: df3cff52a981d6000000000000000000
As slave:
> ACL Data RX: Handle 64 flags 0x02 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 7
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
< ACL Data TX: Handle 64 flags 0x00 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 16
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
...
> HCI Event: LE Meta Event (0x3e) plen 13
LE Long Term Key Request (0x05)
Handle: 64
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
< HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
Handle: 64
Long term key: 701b431a9e17bb000000000000000000
Change-Id: Ibc70aa01c040aff0d39410d273d6880d35aa5ae0
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Change all the Intel and Wind River code license from BSD-3 to Apache 2.
Change-Id: Id8be2c1c161a06ea8a0b9f38e17660e11dbb384b
Signed-off-by: Javier B Perez Hernandez <javier.b.perez.hernandez@linux.intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
All required includes should be placed in source file that includes
internal header.
Change-Id: I161e7ebe2e62377ea4cf03f759d48f5900103076
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
bt_smp_sign_packet() signs data packet adding signature and count at
the end of data.
Change-Id: I6cca931cf33d74a765f4b4aa126aae10bee7ef4c
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
bt_smp_sign_verify() checks signature if csrk is present.
Change-Id: I90be8be769539860a245b141bf27549a3506a111
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Connection Signature Resolving Keys allows to sign data sent over not
encrypted connection.
Change-Id: Ia73e5572acc99f53a183f94597d57865563279d1
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
In a case there no crypto library, AES-CMAC Message Authentication Code
might be calculated with the help of Host Controller LE Encrypt command.
Change-Id: If7073bf4baa3f86c04728712f6789cc269673da7
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
The PACK_STRUCT macro will be removed soon and __packed is what all
code should use. Convert all the usages in Bluetooth code.
Change-Id: Id5c724566565f67fa8167b61398c508194ece89b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
For now we don't support key shortening, so set the minimum value
appropriately to 16 bytes. Once key shortening is implemented this
value can be lowered again.
Change-Id: I172d0bf6d04ba4c5eaa7bbf8ae2accfa373eebb5
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add support for the SMP ah() crypto function which is used to match up
IRKs with RPAs.
Change-Id: Iaea8397ea401df800259dfab2ce97187aa5e2df6
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add support for handing the Identity Info and Identity Address Info
SMP PDUs.
Change-Id: Ie0ed57e2c1819a1619b9eaa340ed22666c81eea8
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add more defines needed to do key distribution and using correct
values for the authentication requirement.
Change-Id: I674c143d26ee31e9473c50c181c2947a305025fd
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
We'll either way need various callbacks as well as get rid of the
channel-specific contexts in conn.h, so add a dynamic way of
registering fixed channels. The LE signaling channel is handled in the
same way as any other channel.
Change-Id: I5f8c1af3c8e3d107212becf507a5a6485838e081
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add tracking of the confirmation values, remote random value and the
temporary key value. This also involves implementing the SMP e()
function with the help of the HCI_LE_Encrypt command.
Change-Id: I4cdad917e9689bbe16cd908941d0335c1c33f870
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add handling of SMP Pairing Request for Pairing Feature Exchange. In
the beginning support Just Works pairing method.
Change-Id: I8aab10683e9f26db4e0e9cb1bb9a8dc8940f0ab0
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Add bt_smp_create_pdu() helper and implement send_err_rsp for an
unknown SMP command.
Change-Id: Iaed0811f3323f62aaa56eb531fb383cf15396ef8
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Add support for Security Manager Protocol fixed channel. SMP handling
would be done in smp.c.
Change-Id: I26d3d098c6b1c3d03aad958d83dfee09e03add1d
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Szymon Janc