1 /*
2 * Copyright (c) 2017-2025 Nordic Semiconductor ASA
3 * Copyright (c) 2015 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <errno.h>
9 #include <stdint.h>
10
11 #include <zephyr/bluetooth/conn.h>
12 #include <zephyr/sys/byteorder.h>
13
14 #include <zephyr/bluetooth/buf.h>
15 #include <zephyr/bluetooth/hci.h>
16 #include <zephyr/bluetooth/addr.h>
17
18 #include "common/bt_str.h"
19
20 #include "host/keys.h"
21
22 #include "host/hci_core.h"
23 #include "host/conn_internal.h"
24 #include "l2cap_br_internal.h"
25
26 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
27 #include <zephyr/logging/log.h>
28 LOG_MODULE_REGISTER(bt_ssp);
29
30 enum pairing_method {
31 LEGACY, /* Legacy (pre-SSP) pairing */
32 JUST_WORKS, /* JustWorks pairing */
33 PASSKEY_INPUT, /* Passkey Entry input */
34 PASSKEY_DISPLAY, /* Passkey Entry display */
35 PASSKEY_CONFIRM, /* Passkey confirm */
36 };
37
38 /* based on table 5.7, Core Spec 4.2, Vol.3 Part C, 5.2.2.6 */
39 static const uint8_t ssp_method[4 /* remote */][4 /* local */] = {
40 { JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS },
41 { JUST_WORKS, PASSKEY_CONFIRM, PASSKEY_INPUT, JUST_WORKS },
42 { PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS },
43 { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
44 };
45
pin_code_neg_reply(const bt_addr_t * bdaddr)46 static int pin_code_neg_reply(const bt_addr_t *bdaddr)
47 {
48 struct bt_hci_cp_pin_code_neg_reply *cp;
49 struct net_buf *buf;
50
51 LOG_DBG("");
52
53 buf = bt_hci_cmd_alloc(K_FOREVER);
54 if (!buf) {
55 return -ENOBUFS;
56 }
57
58 cp = net_buf_add(buf, sizeof(*cp));
59 bt_addr_copy(&cp->bdaddr, bdaddr);
60
61 return bt_hci_cmd_send_sync(BT_HCI_OP_PIN_CODE_NEG_REPLY, buf, NULL);
62 }
63
pin_code_reply(struct bt_conn * conn,const char * pin,uint8_t len)64 static int pin_code_reply(struct bt_conn *conn, const char *pin, uint8_t len)
65 {
66 struct bt_hci_cp_pin_code_reply *cp;
67 struct net_buf *buf;
68
69 LOG_DBG("");
70
71 buf = bt_hci_cmd_alloc(K_FOREVER);
72 if (!buf) {
73 return -ENOBUFS;
74 }
75
76 cp = net_buf_add(buf, sizeof(*cp));
77
78 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
79 cp->pin_len = len;
80 strncpy((char *)cp->pin_code, pin, sizeof(cp->pin_code));
81
82 return bt_hci_cmd_send_sync(BT_HCI_OP_PIN_CODE_REPLY, buf, NULL);
83 }
84
bt_conn_auth_pincode_entry(struct bt_conn * conn,const char * pin)85 int bt_conn_auth_pincode_entry(struct bt_conn *conn, const char *pin)
86 {
87 size_t len;
88
89 if (!bt_auth) {
90 return -EINVAL;
91 }
92
93 if (!bt_conn_is_type(conn, BT_CONN_TYPE_BR)) {
94 LOG_DBG("Invalid connection type: %u for %p", conn->type, conn);
95 return -EINVAL;
96 }
97
98 len = strlen(pin);
99 if (len > 16) {
100 return -EINVAL;
101 }
102
103 if (conn->required_sec_level == BT_SECURITY_L3 && len < 16) {
104 LOG_WRN("PIN code for %s is not 16 bytes wide", bt_addr_str(&conn->br.dst));
105 return -EPERM;
106 }
107
108 /* Allow user send entered PIN to remote, then reset user state. */
109 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
110 return -EPERM;
111 }
112
113 if (len == 16) {
114 atomic_set_bit(conn->flags, BT_CONN_BR_LEGACY_SECURE);
115 }
116
117 return pin_code_reply(conn, pin, len);
118 }
119
pin_code_req(struct bt_conn * conn)120 static void pin_code_req(struct bt_conn *conn)
121 {
122 if (bt_auth && bt_auth->pincode_entry) {
123 bool secure = false;
124
125 if (conn->required_sec_level == BT_SECURITY_L3) {
126 secure = true;
127 }
128
129 atomic_set_bit(conn->flags, BT_CONN_USER);
130 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING);
131 bt_auth->pincode_entry(conn, secure);
132 } else {
133 pin_code_neg_reply(&conn->br.dst);
134 }
135 }
136
get_io_capa(void)137 static uint8_t get_io_capa(void)
138 {
139 if (!bt_auth) {
140 return BT_IO_NO_INPUT_OUTPUT;
141 }
142
143 if (bt_auth->passkey_confirm && bt_auth->passkey_display) {
144 return BT_IO_DISPLAY_YESNO;
145 }
146
147 if (bt_auth->passkey_entry) {
148 return BT_IO_KEYBOARD_ONLY;
149 }
150
151 if (bt_auth->passkey_display) {
152 return BT_IO_DISPLAY_ONLY;
153 }
154
155 return BT_IO_NO_INPUT_OUTPUT;
156 }
157
ssp_pair_method(const struct bt_conn * conn)158 static uint8_t ssp_pair_method(const struct bt_conn *conn)
159 {
160 return ssp_method[conn->br.remote_io_capa][get_io_capa()];
161 }
162
ssp_get_auth(const struct bt_conn * conn)163 static uint8_t ssp_get_auth(const struct bt_conn *conn)
164 {
165 bt_security_t max_sec_level;
166
167 /* Check if the MITM is required by service */
168 max_sec_level = bt_l2cap_br_get_max_sec_level();
169
170 /*
171 * The local device shall only set the MITM protection required flag
172 * if the local device itself requires MITM protection.
173 */
174 if ((max_sec_level > BT_SECURITY_L2) && (ssp_pair_method(conn) > JUST_WORKS)) {
175 return conn->br.remote_auth | BT_MITM;
176 }
177
178 /* No MITM protection possible so ignore remote MITM requirement. */
179 return (conn->br.remote_auth & ~BT_MITM);
180 }
181
ssp_confirm_reply(struct bt_conn * conn)182 static int ssp_confirm_reply(struct bt_conn *conn)
183 {
184 struct bt_hci_cp_user_confirm_reply *cp;
185 struct net_buf *buf;
186
187 LOG_DBG("");
188
189 buf = bt_hci_cmd_alloc(K_FOREVER);
190 if (!buf) {
191 return -ENOBUFS;
192 }
193
194 cp = net_buf_add(buf, sizeof(*cp));
195 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
196
197 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_CONFIRM_REPLY, buf, NULL);
198 }
199
ssp_confirm_neg_reply(struct bt_conn * conn)200 static int ssp_confirm_neg_reply(struct bt_conn *conn)
201 {
202 struct bt_hci_cp_user_confirm_reply *cp;
203 struct net_buf *buf;
204
205 LOG_DBG("");
206
207 buf = bt_hci_cmd_alloc(K_FOREVER);
208 if (!buf) {
209 return -ENOBUFS;
210 }
211
212 cp = net_buf_add(buf, sizeof(*cp));
213 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
214
215 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_CONFIRM_NEG_REPLY, buf,
216 NULL);
217 }
218
ssp_pairing_complete(struct bt_conn * conn,uint8_t status)219 static void ssp_pairing_complete(struct bt_conn *conn, uint8_t status)
220 {
221 /* When the ssp pairing complete event notified,
222 * clear the pairing flag.
223 */
224 atomic_clear_bit(conn->flags, BT_CONN_BR_PAIRING);
225 atomic_set_bit_to(conn->flags, BT_CONN_BR_PAIRED, !status);
226
227 LOG_DBG("Pairing completed status %d", status);
228
229 if (!status) {
230 bool bond = !atomic_test_bit(conn->flags, BT_CONN_BR_NOBOND);
231 struct bt_conn_auth_info_cb *listener, *next;
232
233 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
234 next, node) {
235 if (listener->pairing_complete) {
236 listener->pairing_complete(conn, bond);
237 }
238 }
239 } else {
240 struct bt_conn_auth_info_cb *listener, *next;
241
242 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
243 next, node) {
244 if (listener->pairing_failed) {
245 listener->pairing_failed(conn, status);
246 }
247 }
248 }
249 }
250
251 #define BR_SSP_AUTH_MITM_DISABLED(auth) (((auth) & BT_MITM) == 0)
252
ssp_auth(struct bt_conn * conn,uint32_t passkey)253 static void ssp_auth(struct bt_conn *conn, uint32_t passkey)
254 {
255 conn->br.pairing_method = ssp_pair_method(conn);
256
257 if (BR_SSP_AUTH_MITM_DISABLED(conn->br.local_auth) &&
258 BR_SSP_AUTH_MITM_DISABLED(conn->br.remote_auth)) {
259 /*
260 * If the MITM flag of both sides is false, the pairing method is `just works`.
261 */
262 conn->br.pairing_method = JUST_WORKS;
263 }
264
265 /*
266 * If local required security is HIGH then MITM is mandatory.
267 * MITM protection is no achievable when SSP 'justworks' is applied.
268 */
269 if (conn->required_sec_level > BT_SECURITY_L2 &&
270 conn->br.pairing_method == JUST_WORKS) {
271 LOG_DBG("MITM protection infeasible for required security");
272 ssp_confirm_neg_reply(conn);
273 return;
274 }
275
276 switch (conn->br.pairing_method) {
277 case PASSKEY_CONFIRM:
278 atomic_set_bit(conn->flags, BT_CONN_USER);
279 bt_auth->passkey_confirm(conn, passkey);
280 break;
281 case PASSKEY_DISPLAY:
282 atomic_set_bit(conn->flags, BT_CONN_USER);
283 bt_auth->passkey_display(conn, passkey);
284 break;
285 case PASSKEY_INPUT:
286 atomic_set_bit(conn->flags, BT_CONN_USER);
287 bt_auth->passkey_entry(conn);
288 break;
289 case JUST_WORKS:
290 /*
291 * When local host works as pairing acceptor and 'justworks'
292 * model is applied then notify user about such pairing request.
293 * [BT Core 4.2 table 5.7, Vol 3, Part C, 5.2.2.6]
294 */
295 if (bt_auth && bt_auth->pairing_confirm &&
296 !atomic_test_bit(conn->flags,
297 BT_CONN_BR_PAIRING_INITIATOR)) {
298 atomic_set_bit(conn->flags, BT_CONN_USER);
299 bt_auth->pairing_confirm(conn);
300 break;
301 }
302 ssp_confirm_reply(conn);
303 break;
304 default:
305 break;
306 }
307 }
308
ssp_passkey_reply(struct bt_conn * conn,unsigned int passkey)309 static int ssp_passkey_reply(struct bt_conn *conn, unsigned int passkey)
310 {
311 struct bt_hci_cp_user_passkey_reply *cp;
312 struct net_buf *buf;
313
314 LOG_DBG("");
315
316 buf = bt_hci_cmd_alloc(K_FOREVER);
317 if (!buf) {
318 return -ENOBUFS;
319 }
320
321 cp = net_buf_add(buf, sizeof(*cp));
322 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
323 cp->passkey = sys_cpu_to_le32(passkey);
324
325 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_PASSKEY_REPLY, buf, NULL);
326 }
327
ssp_passkey_neg_reply(struct bt_conn * conn)328 static int ssp_passkey_neg_reply(struct bt_conn *conn)
329 {
330 struct bt_hci_cp_user_passkey_neg_reply *cp;
331 struct net_buf *buf;
332
333 LOG_DBG("");
334
335 buf = bt_hci_cmd_alloc(K_FOREVER);
336 if (!buf) {
337 return -ENOBUFS;
338 }
339
340 cp = net_buf_add(buf, sizeof(*cp));
341 bt_addr_copy(&cp->bdaddr, &conn->br.dst);
342
343 return bt_hci_cmd_send_sync(BT_HCI_OP_USER_PASSKEY_NEG_REPLY, buf,
344 NULL);
345 }
346
conn_auth(struct bt_conn * conn)347 static int conn_auth(struct bt_conn *conn)
348 {
349 struct bt_hci_cp_auth_requested *auth;
350 struct net_buf *buf;
351
352 LOG_DBG("");
353
354 buf = bt_hci_cmd_alloc(K_FOREVER);
355 if (!buf) {
356 return -ENOBUFS;
357 }
358
359 auth = net_buf_add(buf, sizeof(*auth));
360 auth->handle = sys_cpu_to_le16(conn->handle);
361
362 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING_INITIATOR);
363
364 return bt_hci_cmd_send_sync(BT_HCI_OP_AUTH_REQUESTED, buf, NULL);
365 }
366
bt_ssp_start_security(struct bt_conn * conn)367 int bt_ssp_start_security(struct bt_conn *conn)
368 {
369 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING)) {
370 return -EBUSY;
371 }
372
373 if (get_io_capa() == BT_IO_NO_INPUT_OUTPUT &&
374 conn->required_sec_level > BT_SECURITY_L2) {
375 return -EINVAL;
376 }
377
378 return conn_auth(conn);
379 }
380
bt_ssp_auth_passkey_entry(struct bt_conn * conn,unsigned int passkey)381 int bt_ssp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
382 {
383 /* User entered passkey, reset user state. */
384 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
385 return -EPERM;
386 }
387
388 if (conn->br.pairing_method == PASSKEY_INPUT) {
389 return ssp_passkey_reply(conn, passkey);
390 }
391
392 return -EINVAL;
393 }
394
bt_ssp_auth_passkey_confirm(struct bt_conn * conn)395 int bt_ssp_auth_passkey_confirm(struct bt_conn *conn)
396 {
397 /* Allow user confirm passkey value, then reset user state. */
398 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
399 return -EPERM;
400 }
401
402 return ssp_confirm_reply(conn);
403 }
404
bt_ssp_auth_pairing_confirm(struct bt_conn * conn)405 int bt_ssp_auth_pairing_confirm(struct bt_conn *conn)
406 {
407 return ssp_confirm_reply(conn);
408 }
409
bt_ssp_auth_cancel(struct bt_conn * conn)410 int bt_ssp_auth_cancel(struct bt_conn *conn)
411 {
412 /* Allow user cancel authentication, then reset user state. */
413 if (!atomic_test_and_clear_bit(conn->flags, BT_CONN_USER)) {
414 return -EPERM;
415 }
416
417 switch (conn->br.pairing_method) {
418 case JUST_WORKS:
419 case PASSKEY_CONFIRM:
420 return ssp_confirm_neg_reply(conn);
421 case PASSKEY_INPUT:
422 return ssp_passkey_neg_reply(conn);
423 case PASSKEY_DISPLAY:
424 return bt_conn_disconnect(conn,
425 BT_HCI_ERR_AUTH_FAIL);
426 case LEGACY:
427 return pin_code_neg_reply(&conn->br.dst);
428 default:
429 break;
430 }
431
432 return -EINVAL;
433 }
434
bt_hci_pin_code_req(struct net_buf * buf)435 void bt_hci_pin_code_req(struct net_buf *buf)
436 {
437 struct bt_hci_evt_pin_code_req *evt = (void *)buf->data;
438 struct bt_conn *conn;
439
440 LOG_DBG("");
441
442 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
443 if (!conn) {
444 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
445 return;
446 }
447
448 pin_code_req(conn);
449 bt_conn_unref(conn);
450 }
451
bt_hci_link_key_notify(struct net_buf * buf)452 void bt_hci_link_key_notify(struct net_buf *buf)
453 {
454 struct bt_hci_evt_link_key_notify *evt = (void *)buf->data;
455 struct bt_conn *conn;
456
457 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
458 if (!conn) {
459 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
460 return;
461 }
462
463 LOG_DBG("%s, link type 0x%02x", bt_addr_str(&evt->bdaddr), evt->key_type);
464
465 if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) && (evt->key_type != BT_LK_AUTH_COMBINATION_P256)) {
466 /*
467 * When in Secure Connections Only mode, all services
468 * (except those allowed to have Security Mode 4, Level 0)
469 * available on the BR/EDR physical transport require Security
470 * Mode 4, Level 4.
471 * Link key type should be P-256 based Secure Simple Pairing
472 * and Secure Authentication.
473 */
474 LOG_WRN("For SC only mode, link key type should be %d",
475 BT_LK_AUTH_COMBINATION_P256);
476 ssp_pairing_complete(conn, bt_security_err_get(BT_HCI_ERR_AUTH_FAIL));
477 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
478 bt_conn_unref(conn);
479 return;
480 }
481
482 if (!conn->br.link_key) {
483 conn->br.link_key = bt_keys_get_link_key(&evt->bdaddr);
484 }
485 if (!conn->br.link_key) {
486 LOG_ERR("Can't update keys for %s", bt_addr_str(&evt->bdaddr));
487 bt_conn_unref(conn);
488 return;
489 }
490
491 /* clear any old Link Key flags */
492 conn->br.link_key->flags = 0U;
493
494 switch (evt->key_type) {
495 case BT_LK_COMBINATION:
496 /*
497 * Setting Combination Link Key as AUTHENTICATED means it was
498 * successfully generated by 16 digits wide PIN code.
499 */
500 if (atomic_test_and_clear_bit(conn->flags,
501 BT_CONN_BR_LEGACY_SECURE)) {
502 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
503 }
504 memcpy(conn->br.link_key->val, evt->link_key, 16);
505 break;
506 case BT_LK_AUTH_COMBINATION_P192:
507 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
508 __fallthrough;
509 case BT_LK_UNAUTH_COMBINATION_P192:
510 memcpy(conn->br.link_key->val, evt->link_key, 16);
511 break;
512 case BT_LK_AUTH_COMBINATION_P256:
513 conn->br.link_key->flags |= BT_LINK_KEY_AUTHENTICATED;
514 __fallthrough;
515 case BT_LK_UNAUTH_COMBINATION_P256:
516 conn->br.link_key->flags |= BT_LINK_KEY_SC;
517
518 memcpy(conn->br.link_key->val, evt->link_key, 16);
519 break;
520 default:
521 LOG_WRN("Unsupported Link Key type %u", evt->key_type);
522 (void)memset(conn->br.link_key->val, 0,
523 sizeof(conn->br.link_key->val));
524 break;
525 }
526
527 if (IS_ENABLED(CONFIG_BT_SETTINGS) &&
528 !atomic_test_bit(conn->flags, BT_CONN_BR_NOBOND)) {
529 bt_keys_link_key_store(conn->br.link_key);
530 }
531
532 bt_conn_unref(conn);
533 }
534
link_key_neg_reply(const bt_addr_t * bdaddr)535 void link_key_neg_reply(const bt_addr_t *bdaddr)
536 {
537 struct bt_hci_cp_link_key_neg_reply *cp;
538 struct net_buf *buf;
539
540 LOG_DBG("");
541
542 buf = bt_hci_cmd_alloc(K_FOREVER);
543 if (!buf) {
544 LOG_ERR("Out of command buffers");
545 return;
546 }
547
548 cp = net_buf_add(buf, sizeof(*cp));
549 bt_addr_copy(&cp->bdaddr, bdaddr);
550 bt_hci_cmd_send_sync(BT_HCI_OP_LINK_KEY_NEG_REPLY, buf, NULL);
551 }
552
link_key_reply(const bt_addr_t * bdaddr,const uint8_t * lk)553 void link_key_reply(const bt_addr_t *bdaddr, const uint8_t *lk)
554 {
555 struct bt_hci_cp_link_key_reply *cp;
556 struct net_buf *buf;
557
558 LOG_DBG("");
559
560 buf = bt_hci_cmd_alloc(K_FOREVER);
561 if (!buf) {
562 LOG_ERR("Out of command buffers");
563 return;
564 }
565
566 cp = net_buf_add(buf, sizeof(*cp));
567 bt_addr_copy(&cp->bdaddr, bdaddr);
568 memcpy(cp->link_key, lk, 16);
569 bt_hci_cmd_send_sync(BT_HCI_OP_LINK_KEY_REPLY, buf, NULL);
570 }
571
bt_hci_link_key_req(struct net_buf * buf)572 void bt_hci_link_key_req(struct net_buf *buf)
573 {
574 struct bt_hci_evt_link_key_req *evt = (void *)buf->data;
575 struct bt_conn *conn;
576
577 LOG_DBG("%s", bt_addr_str(&evt->bdaddr));
578
579 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
580 if (!conn) {
581 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
582 link_key_neg_reply(&evt->bdaddr);
583 return;
584 }
585
586 if (!conn->br.link_key) {
587 conn->br.link_key = bt_keys_find_link_key(&evt->bdaddr);
588 }
589
590 if (!conn->br.link_key) {
591 link_key_neg_reply(&evt->bdaddr);
592 bt_conn_unref(conn);
593 return;
594 }
595
596 /*
597 * Enforce regenerate by controller stronger link key since found one
598 * in database not covers requested security level.
599 */
600 if (!(conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) &&
601 conn->required_sec_level > BT_SECURITY_L2) {
602 link_key_neg_reply(&evt->bdaddr);
603 bt_conn_unref(conn);
604 return;
605 }
606
607 link_key_reply(&evt->bdaddr, conn->br.link_key->val);
608 bt_conn_unref(conn);
609 }
610
io_capa_neg_reply(const bt_addr_t * bdaddr,const uint8_t reason)611 void io_capa_neg_reply(const bt_addr_t *bdaddr, const uint8_t reason)
612 {
613 struct bt_hci_cp_io_capability_neg_reply *cp;
614 struct net_buf *resp_buf;
615
616 resp_buf = bt_hci_cmd_alloc(K_FOREVER);
617 if (!resp_buf) {
618 LOG_ERR("Out of command buffers");
619 return;
620 }
621
622 cp = net_buf_add(resp_buf, sizeof(*cp));
623 bt_addr_copy(&cp->bdaddr, bdaddr);
624 cp->reason = reason;
625 bt_hci_cmd_send_sync(BT_HCI_OP_IO_CAPABILITY_NEG_REPLY, resp_buf, NULL);
626 }
627
bt_hci_io_capa_resp(struct net_buf * buf)628 void bt_hci_io_capa_resp(struct net_buf *buf)
629 {
630 struct bt_hci_evt_io_capa_resp *evt = (void *)buf->data;
631 struct bt_conn *conn;
632
633 LOG_DBG("remote %s, IOcapa 0x%02x, auth 0x%02x", bt_addr_str(&evt->bdaddr), evt->capability,
634 evt->authentication);
635
636 if (evt->authentication > BT_HCI_GENERAL_BONDING_MITM) {
637 LOG_ERR("Invalid remote authentication requirements");
638 io_capa_neg_reply(&evt->bdaddr,
639 BT_HCI_ERR_UNSUPP_FEATURE_PARAM_VAL);
640 return;
641 }
642
643 if (evt->capability > BT_IO_NO_INPUT_OUTPUT) {
644 LOG_ERR("Invalid remote io capability requirements");
645 io_capa_neg_reply(&evt->bdaddr,
646 BT_HCI_ERR_UNSUPP_FEATURE_PARAM_VAL);
647 return;
648 }
649
650 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
651 if (!conn) {
652 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
653 return;
654 }
655
656 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING_INITIATOR) &&
657 (evt->authentication > BT_HCI_NO_BONDING_MITM) &&
658 !atomic_test_bit(conn->flags, BT_CONN_BR_BONDABLE)) {
659 /*
660 * BLUETOOTH CORE SPECIFICATION Version 6.0 | Vol 3, Part C, section 9.4.2.
661 * A device in the non-bondable mode does not allow a bond to be created with a
662 * peer device.
663 *
664 * If the local is SSP initiator and non-bondable mode, and the bonding is required
665 * by peer device, reports the pairing failure and disconnects the ACL connection
666 * with error `BT_HCI_ERR_AUTH_FAIL`.
667 */
668 LOG_WRN("Bonding flag mismatch (initiator:false != responder:true)");
669 ssp_pairing_complete(conn, bt_security_err_get(BT_HCI_ERR_AUTH_FAIL));
670 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
671 bt_conn_unref(conn);
672 return;
673 }
674
675 conn->br.remote_io_capa = evt->capability;
676 conn->br.remote_auth = evt->authentication;
677 atomic_set_bit(conn->flags, BT_CONN_BR_PAIRING);
678 bt_conn_unref(conn);
679 }
680
681 /* Clear Bonding flag */
682 #define BT_HCI_SET_NO_BONDING(auth) ((auth) & 0x01)
683
684 /* Clear MITM flag */
685 #define BT_HCI_SET_NO_MITM(auth) ((auth) & (~0x01))
686
bt_hci_io_capa_req(struct net_buf * buf)687 void bt_hci_io_capa_req(struct net_buf *buf)
688 {
689 struct bt_hci_evt_io_capa_req *evt = (void *)buf->data;
690 struct net_buf *resp_buf;
691 struct bt_conn *conn;
692 struct bt_hci_cp_io_capability_reply *cp;
693 uint8_t auth;
694
695 LOG_DBG("");
696
697 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
698 if (!conn) {
699 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
700 return;
701 }
702
703 #if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
704 if (bt_auth && bt_auth->pairing_accept) {
705 enum bt_security_err err;
706
707 err = bt_auth->pairing_accept(conn, NULL);
708 if (err != BT_SECURITY_ERR_SUCCESS) {
709 io_capa_neg_reply(&evt->bdaddr, BT_HCI_ERR_PAIRING_NOT_ALLOWED);
710 bt_conn_unref(conn);
711 return;
712 }
713 }
714 #endif
715
716 /*
717 * Set authentication requirements when acting as pairing initiator to
718 * 'dedicated bond' with MITM protection set if local IO capa
719 * potentially allows it, and for acceptor, based on local IO capa and
720 * remote's authentication set.
721 */
722 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING_INITIATOR)) {
723 if (get_io_capa() != BT_IO_NO_INPUT_OUTPUT) {
724 if (atomic_test_bit(conn->flags, BT_CONN_BR_GENERAL_BONDING)) {
725 auth = BT_HCI_GENERAL_BONDING_MITM;
726 } else {
727 auth = BT_HCI_DEDICATED_BONDING_MITM;
728 }
729 } else {
730 if (atomic_test_bit(conn->flags, BT_CONN_BR_GENERAL_BONDING)) {
731 auth = BT_HCI_GENERAL_BONDING;
732 } else {
733 auth = BT_HCI_DEDICATED_BONDING;
734 }
735 }
736
737 if (conn->required_sec_level < BT_SECURITY_L3) {
738 /* If security level less than L3, clear MITM flag. */
739 auth = BT_HCI_SET_NO_MITM(auth);
740 }
741 } else {
742 auth = ssp_get_auth(conn);
743
744 /*
745 * Core v6.0, Vol 3, Part C, Section 4.3.1 Non-bondable mode
746 * When a Bluetooth device is in non-bondable mode it shall not accept a
747 * pairing request that results in bonding. Devices in non-bondable mode
748 * may accept connections that do not request or require bonding.
749 *
750 * If the peer supports bonding mode, but the local is in non-bondable
751 * mode, it will send a negative response with error code
752 * `BT_HCI_ERR_PAIRING_NOT_ALLOWED`.
753 */
754 if (!atomic_test_bit(conn->flags, BT_CONN_BR_BONDABLE) &&
755 (conn->br.remote_auth > BT_HCI_NO_BONDING_MITM)) {
756 LOG_WRN("Invalid remote bonding requirements");
757 io_capa_neg_reply(&evt->bdaddr,
758 BT_HCI_ERR_PAIRING_NOT_ALLOWED);
759 bt_conn_unref(conn);
760 return;
761 }
762 }
763
764 if (!atomic_test_bit(conn->flags, BT_CONN_BR_BONDABLE)) {
765 /* If bondable is false, clear bonding flag. */
766 auth = BT_HCI_SET_NO_BONDING(auth);
767 }
768
769 conn->br.local_auth = auth;
770
771 resp_buf = bt_hci_cmd_alloc(K_FOREVER);
772 if (!resp_buf) {
773 LOG_ERR("Out of command buffers");
774 bt_conn_unref(conn);
775 return;
776 }
777
778 cp = net_buf_add(resp_buf, sizeof(*cp));
779 bt_addr_copy(&cp->bdaddr, &evt->bdaddr);
780 cp->capability = get_io_capa();
781 cp->authentication = auth;
782 cp->oob_data = 0U;
783 bt_hci_cmd_send_sync(BT_HCI_OP_IO_CAPABILITY_REPLY, resp_buf, NULL);
784 bt_conn_unref(conn);
785 }
786
bt_hci_ssp_complete(struct net_buf * buf)787 void bt_hci_ssp_complete(struct net_buf *buf)
788 {
789 struct bt_hci_evt_ssp_complete *evt = (void *)buf->data;
790 struct bt_conn *conn;
791
792 LOG_DBG("status 0x%02x", evt->status);
793
794 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
795 if (!conn) {
796 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
797 return;
798 }
799
800 /* Mark no-bond so that link-key will be removed on disconnection */
801 if (ssp_get_auth(conn) < BT_HCI_DEDICATED_BONDING) {
802 atomic_set_bit(conn->flags, BT_CONN_BR_NOBOND);
803 }
804
805 ssp_pairing_complete(conn, bt_security_err_get(evt->status));
806 if (evt->status) {
807 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
808 }
809
810 bt_conn_unref(conn);
811 }
812
bt_hci_user_confirm_req(struct net_buf * buf)813 void bt_hci_user_confirm_req(struct net_buf *buf)
814 {
815 struct bt_hci_evt_user_confirm_req *evt = (void *)buf->data;
816 struct bt_conn *conn;
817
818 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
819 if (!conn) {
820 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
821 return;
822 }
823
824 ssp_auth(conn, sys_le32_to_cpu(evt->passkey));
825 bt_conn_unref(conn);
826 }
827
bt_hci_user_passkey_notify(struct net_buf * buf)828 void bt_hci_user_passkey_notify(struct net_buf *buf)
829 {
830 struct bt_hci_evt_user_passkey_notify *evt = (void *)buf->data;
831 struct bt_conn *conn;
832
833 LOG_DBG("");
834
835 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
836 if (!conn) {
837 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
838 return;
839 }
840
841 ssp_auth(conn, sys_le32_to_cpu(evt->passkey));
842 bt_conn_unref(conn);
843 }
844
bt_hci_user_passkey_req(struct net_buf * buf)845 void bt_hci_user_passkey_req(struct net_buf *buf)
846 {
847 struct bt_hci_evt_user_passkey_req *evt = (void *)buf->data;
848 struct bt_conn *conn;
849
850 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
851 if (!conn) {
852 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
853 return;
854 }
855
856 ssp_auth(conn, 0);
857 bt_conn_unref(conn);
858 }
859
link_encr(const uint16_t handle)860 static void link_encr(const uint16_t handle)
861 {
862 struct bt_hci_cp_set_conn_encrypt *encr;
863 struct net_buf *buf;
864
865 LOG_DBG("");
866
867 buf = bt_hci_cmd_alloc(K_FOREVER);
868 if (!buf) {
869 LOG_ERR("Out of command buffers");
870 return;
871 }
872
873 encr = net_buf_add(buf, sizeof(*encr));
874 encr->handle = sys_cpu_to_le16(handle);
875 encr->encrypt = 0x01;
876
877 bt_hci_cmd_send_sync(BT_HCI_OP_SET_CONN_ENCRYPT, buf, NULL);
878 }
879
bt_hci_auth_complete(struct net_buf * buf)880 void bt_hci_auth_complete(struct net_buf *buf)
881 {
882 struct bt_hci_evt_auth_complete *evt = (void *)buf->data;
883 struct bt_conn *conn;
884 uint16_t handle = sys_le16_to_cpu(evt->handle);
885
886 LOG_DBG("status 0x%02x, handle %u", evt->status, handle);
887
888 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
889 if (!conn) {
890 LOG_ERR("Can't find conn for handle %u", handle);
891 return;
892 }
893
894 if (evt->status) {
895 /*
896 * Inform layers above HCI about non-zero authentication
897 * status to make them able cleanup pending jobs.
898 */
899 bt_conn_security_changed(conn, evt->status,
900 bt_security_err_get(evt->status));
901 } else {
902 link_encr(handle);
903 }
904
905 bt_conn_unref(conn);
906 }
907