Bluetooth: Add LE SecMgr and mgmtops support
Enabled ECB Block encoding for Low Energy pairing
Implemented missing components of MGMTOPS interface
Differentiated as needed between BR/EDR pairing and LE pairing
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Conflicts:
net/bluetooth/mgmt.c
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 8bb69df..114d251 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -41,6 +41,8 @@
select CRC16
select CRYPTO_BLKCIPHER
select CRYPTO_AES
+ select CRYPTO_ECB
+ select CRYPTO_MANAGER
help
L2CAP (Logical Link Control and Adaptation Protocol) provides
connection oriented and connection-less data transport. L2CAP
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
index 6dfe088..d46736a 100644
--- a/net/bluetooth/Makefile
+++ b/net/bluetooth/Makefile
@@ -8,6 +8,6 @@
obj-$(CONFIG_BT_CMTP) += cmtp/
obj-$(CONFIG_BT_HIDP) += hidp/
-bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o hci_sock.o hci_sysfs.o lib.o
-bluetooth-$(CONFIG_BT_L2CAP) += l2cap_core.o l2cap_sock.o amp.o smp.o
+bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o hci_sock.o hci_sysfs.o lib.o smp.o
+bluetooth-$(CONFIG_BT_L2CAP) += l2cap_core.o l2cap_sock.o amp.o
bluetooth-$(CONFIG_BT_SCO) += sco.o
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 5284527..bcc65ff 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -621,13 +621,14 @@
le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
if (le)
- return ERR_PTR(-EBUSY);
+ return le;
entry = hci_find_adv_entry(hdev, dst);
if (!entry)
- return ERR_PTR(-EHOSTUNREACH);
+ le = hci_le_conn_add(hdev, dst, 0);
+ else
+ le = hci_le_conn_add(hdev, dst, entry->bdaddr_type);
- le = hci_le_conn_add(hdev, dst, entry->bdaddr_type);
if (!le)
return ERR_PTR(-ENOMEM);
@@ -747,8 +748,8 @@
/* Make sure we preserve an existing MITM requirement*/
auth_type |= (conn->auth_type & 0x01);
-
conn->auth_type = auth_type;
+ conn->auth_initiator = 1;
if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
struct hci_cp_auth_requested cp;
@@ -763,7 +764,7 @@
/* Enable security */
int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
{
- BT_DBG("conn %p", conn);
+ BT_DBG("conn %p %d %d", conn, sec_level, auth_type);
if (sec_level == BT_SECURITY_SDP)
return 1;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index b095e99..65af37f 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -60,7 +60,7 @@
static DEFINE_RWLOCK(hci_task_lock);
-static int enable_smp;
+static int enable_smp = 1;
/* HCI device list */
LIST_HEAD(hci_dev_list);
@@ -962,7 +962,7 @@
BT_DBG("%s", hdev->name);
- if (hci_dev_open(hdev->id) < 0)
+ if (hci_dev_open(hdev->id) < 0 && !test_bit(HCI_UP, &hdev->flags))
return;
if (test_bit(HCI_AUTO_OFF, &hdev->flags))
@@ -1097,7 +1097,9 @@
u8 *val, u8 type, u8 pin_len)
{
struct link_key *key, *old_key;
+ struct hci_conn *conn;
u8 old_key_type;
+ u8 bonded = 0;
old_key = hci_find_link_key(hdev, bdaddr);
if (old_key) {
@@ -1115,11 +1117,17 @@
bacpy(&key->bdaddr, bdaddr);
memcpy(key->val, val, 16);
+ key->auth = 0x01;
key->type = type;
key->pin_len = pin_len;
+ conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
+
+ if (conn && (conn->auth_type > 0x01 || conn->remote_auth > 0x01))
+ bonded = 1;
+
if (new_key)
- mgmt_new_key(hdev->id, key, old_key_type);
+ mgmt_new_key(hdev->id, key, bonded);
if (type == 0x06)
key->type = old_key_type;
@@ -1128,24 +1136,22 @@
}
int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
- u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
+ u8 key_size, u8 auth, __le16 ediv, u8 rand[8],
+ u8 ltk[16])
{
struct link_key *key, *old_key;
struct key_master_id *id;
- u8 old_key_type;
- BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
+ BT_DBG("%s Auth: %2.2X addr %s", hdev->name, auth, batostr(bdaddr));
old_key = hci_find_link_key_type(hdev, bdaddr, KEY_TYPE_LTK);
if (old_key) {
key = old_key;
- old_key_type = old_key->type;
} else {
key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
if (!key)
return -ENOMEM;
list_add(&key->list, &hdev->link_keys);
- old_key_type = 0xff;
}
key->dlen = sizeof(*id);
@@ -1154,13 +1160,14 @@
memcpy(key->val, ltk, sizeof(key->val));
key->type = KEY_TYPE_LTK;
key->pin_len = key_size;
+ key->auth = auth;
id = (void *) &key->data;
id->ediv = ediv;
memcpy(id->rand, rand, sizeof(id->rand));
if (new_key)
- mgmt_new_key(hdev->id, key, old_key_type);
+ mgmt_new_key(hdev->id, key, auth & 0x01);
return 0;
}
@@ -1243,6 +1250,7 @@
{
struct list_head *p, *n;
+ BT_DBG("");
write_lock_bh(&hdev->adv_entries_lock);
list_for_each_safe(p, n, &hdev->adv_entries) {
@@ -1264,6 +1272,7 @@
struct list_head *p;
struct adv_entry *res = NULL;
+ BT_DBG("");
read_lock_bh(&hdev->adv_entries_lock);
list_for_each(p, &hdev->adv_entries) {
@@ -1318,6 +1327,8 @@
{
struct adv_entry *entry;
+ BT_DBG("");
+
if (!is_connectable_adv(ev->evt_type))
return -EINVAL;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6a17f4a..0c731f9 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -498,6 +498,8 @@
* command otherwise */
u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
+ BT_DBG("");
+
/* Events for 1.2 and newer controllers */
if (hdev->lmp_ver > 1) {
events[4] |= 0x01; /* Flow Specification Complete */
@@ -631,6 +633,23 @@
memcpy(hdev->features, rp->features, 8);
+ if (hdev->dev_type == HCI_BREDR && test_bit(HCI_INIT, &hdev->flags)) {
+ if (hdev->features[6] & LMP_SIMPLE_PAIR) {
+ u8 mode = 0x01;
+ hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
+ sizeof(mode), &mode);
+ }
+
+ if (hdev->features[3] & LMP_RSSI_INQ)
+ hci_setup_inquiry_mode(hdev);
+
+ if (hdev->features[7] & LMP_INQ_TX_PWR)
+ hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER,
+ 0, NULL);
+
+ hci_setup_event_mask(hdev);
+ }
+
/* Adjust default settings according to features
* supported by device. */
@@ -963,7 +982,6 @@
param_scan_enable = *((__u8 *) sent);
if (param_scan_enable == 0x01) {
del_timer(&hdev->adv_timer);
- hci_adv_entries_clear(hdev);
} else if (param_scan_enable == 0x00) {
mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
}
@@ -977,8 +995,11 @@
hci_req_complete(hdev, HCI_OP_INQUIRY, status);
hci_conn_check_pending(hdev);
- } else
+ } else {
set_bit(HCI_INQUIRY, &hdev->flags);
+ if (test_bit(HCI_MGMT, &hdev->flags))
+ mgmt_inquiry_started(hdev->id);
+ }
}
static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
@@ -1481,11 +1502,16 @@
BT_DBG("%s status %d", hdev->name, status);
- clear_bit(HCI_INQUIRY, &hdev->flags);
+ if (!lmp_le_capable(hdev))
+ clear_bit(HCI_INQUIRY, &hdev->flags);
hci_req_complete(hdev, HCI_OP_INQUIRY, status);
- hci_conn_check_pending(hdev);
+ if (test_bit(HCI_MGMT, &hdev->flags))
+ mgmt_inquiry_complete_evt(hdev->id, status);
+
+ if (!lmp_le_capable(hdev))
+ hci_conn_check_pending(hdev);
}
static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1511,8 +1537,8 @@
data.rssi = 0x00;
data.ssp_mode = 0x00;
hci_inquiry_cache_update(hdev, &data);
- mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
- NULL);
+ mgmt_device_found(hdev->id, &info->bdaddr, 0, 0,
+ info->dev_class, 0, 0, NULL);
}
hci_dev_unlock(hdev);
@@ -1547,6 +1573,10 @@
hci_conn_hold(conn);
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
mgmt_connected(hdev->id, &ev->bdaddr);
+ } else if (conn->type == LE_LINK) {
+ conn->state = BT_CONNECTED;
+ conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+ mgmt_connected(hdev->id, &ev->bdaddr);
} else
conn->state = BT_CONNECTED;
@@ -1577,7 +1607,7 @@
}
} else {
conn->state = BT_CLOSED;
- if (conn->type == ACL_LINK)
+ if (conn->type == ACL_LINK || conn->type == LE_LINK)
mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
}
@@ -1691,7 +1721,7 @@
conn->state = BT_CLOSED;
- if (conn->type == ACL_LINK)
+ if (conn->type == ACL_LINK || conn->type == LE_LINK)
mgmt_disconnected(hdev->id, &conn->dst);
hci_proto_disconn_cfm(conn, ev->reason);
@@ -1782,8 +1812,8 @@
hci_dev_lock(hdev);
- if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
- mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
+ if (test_bit(HCI_MGMT, &hdev->flags))
+ mgmt_remote_name(hdev->id, &ev->bdaddr, ev->status, ev->name);
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
if (conn && hci_outgoing_auth_needed(hdev, conn)) {
@@ -2604,9 +2634,9 @@
data.rssi = info->rssi;
data.ssp_mode = 0x00;
hci_inquiry_cache_update(hdev, &data);
- mgmt_device_found(hdev->id, &info->bdaddr,
+ mgmt_device_found(hdev->id, &info->bdaddr, 0, 0,
info->dev_class, info->rssi,
- NULL);
+ 0, NULL);
}
} else {
struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
@@ -2621,9 +2651,9 @@
data.rssi = info->rssi;
data.ssp_mode = 0x00;
hci_inquiry_cache_update(hdev, &data);
- mgmt_device_found(hdev->id, &info->bdaddr,
+ mgmt_device_found(hdev->id, &info->bdaddr, 0, 0,
info->dev_class, info->rssi,
- NULL);
+ 0, NULL);
}
}
@@ -2764,8 +2794,9 @@
data.rssi = info->rssi;
data.ssp_mode = 0x01;
hci_inquiry_cache_update(hdev, &data);
- mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
- info->rssi, info->data);
+ mgmt_device_found(hdev->id, &info->bdaddr, 0, 0,
+ info->dev_class, info->rssi,
+ HCI_MAX_EIR_LENGTH, info->data);
}
hci_dev_unlock(hdev);
@@ -2773,18 +2804,22 @@
static inline u8 hci_get_auth_req(struct hci_conn *conn)
{
+ BT_DBG("%p", conn);
+
/* If remote requests dedicated bonding follow that lead */
if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
/* If both remote and local IO capabilities allow MITM
* protection then require it, otherwise don't */
- if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
+ if (conn->remote_cap == 0x03 || conn->io_capability == 0x03) {
return 0x02;
- else
+ } else {
+ conn->auth_type |= 0x01;
return 0x03;
+ }
}
/* If remote requests no-bonding follow that lead */
- if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
+ if (conn->remote_auth <= 0x01)
return 0x00;
return conn->auth_type;
@@ -2811,10 +2846,15 @@
if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
(conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
struct hci_cp_io_capability_reply cp;
+ u8 io_cap = conn->io_capability;
+ /* ACL-SSP does not support IO CAP 0x04 */
+ cp.capability = (io_cap == 0x04) ? 0x01 : io_cap;
bacpy(&cp.bdaddr, &ev->bdaddr);
- cp.capability = conn->io_capability;
- cp.authentication = hci_get_auth_req(conn);
+ if (conn->auth_initiator)
+ cp.authentication = conn->auth_type;
+ else
+ cp.authentication = hci_get_auth_req(conn);
if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
hci_find_remote_oob_data(hdev, &conn->dst))
@@ -2859,8 +2899,8 @@
hci_dev_unlock(hdev);
}
-static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
- struct sk_buff *skb)
+static inline void hci_user_ssp_confirmation_evt(struct hci_dev *hdev,
+ u8 event, struct sk_buff *skb)
{
struct hci_ev_user_confirm_req *ev = (void *) skb->data;
@@ -2868,8 +2908,14 @@
hci_dev_lock(hdev);
- if (test_bit(HCI_MGMT, &hdev->flags))
- mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
+ if (test_bit(HCI_MGMT, &hdev->flags)) {
+ if (event == HCI_EV_USER_PASSKEY_REQUEST)
+ mgmt_user_confirm_request(hdev->id, event,
+ &ev->bdaddr, 0);
+ else
+ mgmt_user_confirm_request(hdev->id, event,
+ &ev->bdaddr, ev->passkey);
+ }
hci_dev_unlock(hdev);
}
@@ -2981,6 +3027,7 @@
conn->sec_level = BT_SECURITY_LOW;
conn->handle = __le16_to_cpu(ev->handle);
conn->state = BT_CONNECTED;
+ conn->disc_timeout = HCI_DISCONN_TIMEOUT;
hci_conn_hold_device(conn);
hci_conn_add_sysfs(conn);
@@ -3036,11 +3083,12 @@
num_reports = skb->data[0];
ev = (void *) &skb->data[1];
- hci_add_adv_entry(hdev, ev);
- while (--num_reports) {
- ev = (void *) (ev->data + ev->length + 1);
+ while (num_reports--) {
+ mgmt_device_found(hdev->id, &ev->bdaddr, ev->bdaddr_type,
+ 1, NULL, 0, ev->length, ev->data);
hci_add_adv_entry(hdev, ev);
+ ev = (void *) (ev->data + ev->length + 1);
}
}
@@ -3326,8 +3374,10 @@
hci_io_capa_reply_evt(hdev, skb);
break;
+ case HCI_EV_USER_PASSKEY_REQUEST:
+ case HCI_EV_USER_PASSKEY_NOTIFICATION:
case HCI_EV_USER_CONFIRM_REQUEST:
- hci_user_confirm_request_evt(hdev, skb);
+ hci_user_ssp_confirmation_evt(hdev, event, skb);
break;
case HCI_EV_SIMPLE_PAIR_COMPLETE:
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 5a5c378..92d72b7 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -49,7 +49,7 @@
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
-static int enable_mgmt;
+static int enable_mgmt = 1;
/* ----- HCI socket interface ----- */
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index e753c5f..ca18ed5 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -999,22 +999,27 @@
read_lock(&l->lock);
- for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
- bh_lock_sock(sk);
+ if (l->head) {
+ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
+ bh_lock_sock(sk);
- if (l2cap_pi(sk)->scid == L2CAP_CID_LE_DATA) {
- if (smp_conn_security(conn, l2cap_pi(sk)->sec_level))
- l2cap_chan_ready(sk);
+ if (conn->hcon->type == LE_LINK) {
+ if (smp_conn_security(conn,
+ l2cap_pi(sk)->sec_level))
+ l2cap_chan_ready(sk);
- } else if (sk->sk_type != SOCK_SEQPACKET &&
- sk->sk_type != SOCK_STREAM) {
- l2cap_sock_clear_timer(sk);
- sk->sk_state = BT_CONNECTED;
- sk->sk_state_change(sk);
- } else if (sk->sk_state == BT_CONNECT)
- l2cap_do_start(sk);
+ } else if (sk->sk_type != SOCK_SEQPACKET &&
+ sk->sk_type != SOCK_STREAM) {
+ l2cap_sock_clear_timer(sk);
+ sk->sk_state = BT_CONNECTED;
+ sk->sk_state_change(sk);
+ } else if (sk->sk_state == BT_CONNECT)
+ l2cap_do_start(sk);
- bh_unlock_sock(sk);
+ bh_unlock_sock(sk);
+ }
+ } else if (conn->hcon->type == LE_LINK) {
+ smp_conn_security(conn, BT_SECURITY_HIGH);
}
read_unlock(&l->lock);
@@ -1232,9 +1237,9 @@
l2cap_chan_add(conn, sk);
- BT_DBG("hcon->state %d", (int) hcon->state);
-
- if (l2cap_pi(sk)->fixed_channel) {
+ if ((l2cap_pi(sk)->fixed_channel) ||
+ (l2cap_pi(sk)->dcid == L2CAP_CID_LE_DATA &&
+ hcon->state == BT_CONNECTED)) {
sk->sk_state = BT_CONNECTED;
sk->sk_state_change(sk);
} else {
@@ -7253,12 +7258,12 @@
BT_DBG("sk->scid %d", l2cap_pi(sk)->scid);
if (l2cap_pi(sk)->scid == L2CAP_CID_LE_DATA) {
- if (!status && encrypt) {
+ if (!status && encrypt)
l2cap_pi(sk)->sec_level = hcon->sec_level;
- del_timer(&conn->security_timer);
- l2cap_chan_ready(sk);
- smp_distribute_keys(conn, 0);
- }
+
+ del_timer(&conn->security_timer);
+ l2cap_chan_ready(sk);
+ smp_link_encrypt_cmplt(conn, status, encrypt);
bh_unlock_sock(sk);
continue;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 310e17e..16033bb 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -27,11 +27,28 @@
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
#include <net/bluetooth/mgmt.h>
+#include <net/bluetooth/smp.h>
#define MGMT_VERSION 0
#define MGMT_REVISION 1
+enum scan_mode {
+ SCAN_IDLE,
+ SCAN_LE,
+ SCAN_BR
+};
+
+struct disco_interleave {
+ struct timer_list timer;
+ struct timer_list le_timer;
+ u16 index;
+ enum scan_mode mode;
+ int int_phase;
+ int int_count;
+};
+
struct pending_cmd {
struct list_head list;
__u16 opcode;
@@ -139,7 +156,7 @@
return -ENOMEM;
}
- put_unaligned_le16(count, &rp->num_controllers);
+ put_unaligned_le16(0, &rp->num_controllers);
i = 0;
list_for_each(p, &hci_dev_list) {
@@ -153,6 +170,7 @@
continue;
put_unaligned_le16(d->id, &rp->index[i++]);
+ put_unaligned_le16((u16)i, &rp->num_controllers);
BT_DBG("Added hci%u", d->id);
}
@@ -216,6 +234,8 @@
static void mgmt_pending_free(struct pending_cmd *cmd)
{
+ BT_DBG("%d", cmd->opcode);
+
sock_put(cmd->sk);
kfree(cmd->param);
kfree(cmd);
@@ -226,6 +246,8 @@
{
struct pending_cmd *cmd;
+ BT_DBG("%d", opcode);
+
cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
if (!cmd)
return NULL;
@@ -256,6 +278,8 @@
{
struct list_head *p, *n;
+ BT_DBG(" %d", opcode);
+
list_for_each_safe(p, n, &cmd_list) {
struct pending_cmd *cmd;
@@ -275,6 +299,8 @@
{
struct list_head *p;
+ BT_DBG(" %d", opcode);
+
list_for_each(p, &cmd_list) {
struct pending_cmd *cmd;
@@ -294,6 +320,8 @@
static void mgmt_pending_remove(struct pending_cmd *cmd)
{
+ BT_DBG(" %d", cmd->opcode);
+
list_del(&cmd->list);
mgmt_pending_free(cmd);
}
@@ -475,6 +503,8 @@
struct sk_buff *skb;
struct mgmt_hdr *hdr;
+ BT_DBG("hci%d %d", index, event);
+
skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
if (!skb)
return -ENOMEM;
@@ -948,7 +978,7 @@
while (i < len) {
struct mgmt_key_info *key = (void *) cp->keys + i;
- i += sizeof(*key) + key->dlen;
+ i += sizeof(*key);
if (key->type == KEY_TYPE_LTK) {
struct key_master_id *id = (void *) key->data;
@@ -957,7 +987,7 @@
continue;
hci_add_ltk(hdev, 0, &key->bdaddr, key->pin_len,
- id->ediv, id->rand, key->val);
+ key->auth, id->ediv, id->rand, key->val);
continue;
}
@@ -1288,6 +1318,8 @@
struct mgmt_rp_pair_device rp;
struct hci_conn *conn = cmd->user_data;
+ BT_DBG(" %u", status);
+
bacpy(&rp.bdaddr, &conn->dst);
rp.status = status;
@@ -1307,7 +1339,7 @@
{
struct pending_cmd *cmd;
- BT_DBG("status %u", status);
+ BT_DBG(" %u", status);
cmd = find_pairing(conn);
if (!cmd) {
@@ -1318,23 +1350,68 @@
pairing_complete(cmd, status);
}
+static void security_complete_cb(struct hci_conn *conn, u8 status)
+{
+ struct pending_cmd *cmd;
+
+ BT_DBG(" %u", status);
+
+ cmd = find_pairing(conn);
+ if (!cmd) {
+ BT_DBG("Unable to find a pending command");
+ return;
+ }
+
+ if (conn->type == LE_LINK)
+ smp_link_encrypt_cmplt(conn->l2cap_data, status,
+ status ? 0 : 1);
+ else
+ pairing_complete(cmd, status);
+}
+
+static void connect_complete_cb(struct hci_conn *conn, u8 status)
+{
+ struct pending_cmd *cmd;
+
+ BT_DBG("conn: %p %u", conn, status);
+
+ cmd = find_pairing(conn);
+ if (!cmd) {
+ BT_DBG("Unable to find a pending command");
+ return;
+ }
+
+ hci_conn_put(conn);
+}
+
+static void discovery_terminated(struct pending_cmd *cmd, void *data)
+{
+ struct mgmt_mode ev = {0};
+ struct disco_interleave *ilp = cmd->param;
+
+ BT_DBG("");
+ del_timer_sync(&ilp->le_timer);
+ del_timer_sync(&ilp->timer);
+ mgmt_event(MGMT_EV_DISCOVERING, cmd->index, &ev, sizeof(ev), NULL);
+
+ list_del(&cmd->list);
+
+ mgmt_pending_free(cmd);
+}
+
static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
{
struct hci_dev *hdev;
struct mgmt_cp_pair_device *cp;
struct pending_cmd *cmd;
- u8 sec_level, auth_type;
+ u8 sec_level, auth_type, io_cap;
struct hci_conn *conn;
int err;
BT_DBG("");
- cp = (void *) data;
-
- if (len != sizeof(*cp))
- return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
-
hdev = hci_dev_get(index);
+
if (!hdev)
return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
@@ -1355,8 +1432,19 @@
auth_type = HCI_AT_DEDICATED_BONDING_MITM;
}
- conn = hci_connect(hdev, ACL_LINK, 0, &cp->bdaddr, sec_level,
- auth_type);
+ if (hci_find_adv_entry(hdev, &cp->bdaddr)) {
+ conn = hci_connect(hdev, LE_LINK, 0, &cp->bdaddr, sec_level,
+ auth_type);
+ if (conn && !IS_ERR(conn))
+ hci_conn_hold(conn);
+ } else {
+ /* ACL-SSP does not support io_cap 0x04 (KeyboadDisplay) */
+ if (io_cap == 0x04)
+ io_cap = 0x01;
+ conn = hci_connect(hdev, ACL_LINK, 0, &cp->bdaddr, sec_level,
+ auth_type);
+ }
+
if (IS_ERR(conn)) {
err = PTR_ERR(conn);
goto unlock;
@@ -1375,10 +1463,10 @@
goto unlock;
}
- conn->connect_cfm_cb = pairing_complete_cb;
- conn->security_cfm_cb = pairing_complete_cb;
+ conn->connect_cfm_cb = connect_complete_cb;
+ conn->security_cfm_cb = security_complete_cb;
conn->disconn_cfm_cb = pairing_complete_cb;
- conn->io_capability = cp->io_cap;
+ conn->io_capability = io_cap;
cmd->user_data = conn;
if (conn->state == BT_CONNECTED &&
@@ -1395,25 +1483,23 @@
}
static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
- u16 len, int success)
+ u16 len, u16 opcode)
{
struct mgmt_cp_user_confirm_reply *cp = (void *) data;
- u16 mgmt_op, hci_op;
+ u16 mgmt_op = opcode, hci_op;
struct pending_cmd *cmd;
struct hci_dev *hdev;
+ struct hci_conn *le_conn;
int err;
- BT_DBG("");
+ BT_DBG("%d", mgmt_op);
- if (success) {
- mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
- hci_op = HCI_OP_USER_CONFIRM_REPLY;
- } else {
- mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
+ if (mgmt_op == MGMT_OP_USER_CONFIRM_NEG_REPLY)
hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
- }
+ else
+ hci_op = HCI_OP_USER_CONFIRM_REPLY;
- if (len != sizeof(*cp))
+ if (len < sizeof(*cp))
return cmd_status(sk, index, mgmt_op, EINVAL);
hdev = hci_dev_get(index);
@@ -1424,16 +1510,64 @@
if (!test_bit(HCI_UP, &hdev->flags)) {
err = cmd_status(sk, index, mgmt_op, ENETDOWN);
- goto failed;
+ goto done;
}
+ le_conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
+ if (le_conn) {
+ err = le_user_confirm_reply(le_conn, mgmt_op, (void *) cp);
+ goto done;
+ }
+ BT_DBG("BR/EDR: %s", mgmt_op == MGMT_OP_USER_CONFIRM_NEG_REPLY ?
+ "Reject" : "Accept");
+
cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
if (!cmd) {
err = -ENOMEM;
+ goto done;
+ }
+
+ err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
+ if (err < 0)
+ mgmt_pending_remove(cmd);
+
+done:
+ hci_dev_unlock(hdev);
+ hci_dev_put(hdev);
+
+ return err;
+}
+
+static int resolve_name(struct sock *sk, u16 index, unsigned char *data,
+ u16 len)
+{
+ struct mgmt_cp_resolve_name *mgmt_cp = (void *) data;
+ struct hci_cp_remote_name_req hci_cp;
+ struct hci_dev *hdev;
+ struct pending_cmd *cmd;
+ int err;
+
+ BT_DBG("");
+
+ if (len != sizeof(*mgmt_cp))
+ return cmd_status(sk, index, MGMT_OP_RESOLVE_NAME, EINVAL);
+
+ hdev = hci_dev_get(index);
+ if (!hdev)
+ return cmd_status(sk, index, MGMT_OP_RESOLVE_NAME, ENODEV);
+
+ hci_dev_lock(hdev);
+
+ cmd = mgmt_pending_add(sk, MGMT_OP_RESOLVE_NAME, index, data, len);
+ if (!cmd) {
+ err = -ENOMEM;
goto failed;
}
- err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
+ memset(&hci_cp, 0, sizeof(hci_cp));
+ bacpy(&hci_cp.bdaddr, &mgmt_cp->bdaddr);
+ err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(hci_cp),
+ &hci_cp);
if (err < 0)
mgmt_pending_remove(cmd);
@@ -1483,6 +1617,293 @@
return err;
}
+static void discovery_rsp(struct pending_cmd *cmd, void *data)
+{
+ struct mgmt_mode ev;
+
+ BT_DBG("");
+ if (cmd->opcode == MGMT_OP_START_DISCOVERY) {
+ ev.val = 1;
+ cmd_status(cmd->sk, cmd->index, MGMT_OP_START_DISCOVERY, 0);
+ } else {
+ ev.val = 0;
+ cmd_complete(cmd->sk, cmd->index, MGMT_OP_STOP_DISCOVERY,
+ NULL, 0);
+ if (cmd->opcode == MGMT_OP_STOP_DISCOVERY) {
+ struct disco_interleave *ilp = cmd->param;
+
+ del_timer_sync(&ilp->le_timer);
+ del_timer_sync(&ilp->timer);
+ }
+ }
+
+ mgmt_event(MGMT_EV_DISCOVERING, cmd->index, &ev, sizeof(ev), NULL);
+
+ list_del(&cmd->list);
+
+ mgmt_pending_free(cmd);
+}
+
+void mgmt_inquiry_started(u16 index)
+{
+ BT_DBG("");
+ mgmt_pending_foreach(MGMT_OP_START_DISCOVERY, index,
+ discovery_rsp, NULL);
+}
+
+void mgmt_inquiry_complete_evt(u16 index, u8 status)
+{
+ struct hci_dev *hdev;
+ struct hci_cp_le_set_scan_enable le_cp = {1, 0};
+ struct pending_cmd *cmd;
+ int err = -1;
+
+ BT_DBG("");
+
+ hdev = hci_dev_get(index);
+ if (!hdev || !lmp_le_capable(hdev)) {
+ struct mgmt_mode cp = {0};
+
+ mgmt_pending_foreach(MGMT_OP_STOP_DISCOVERY, index,
+ discovery_terminated, NULL);
+
+ mgmt_event(MGMT_EV_DISCOVERING, index, &cp, sizeof(cp), NULL);
+ return;
+ }
+
+ hci_dev_lock(hdev);
+
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
+ if (cmd && cmd->param) {
+ struct disco_interleave *ilp = cmd->param;
+
+ err = hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
+ sizeof(le_cp), &le_cp);
+ if (err >= 0) {
+ mod_timer(&ilp->le_timer, jiffies +
+ msecs_to_jiffies(ilp->int_phase * 1000));
+ ilp->mode = SCAN_LE;
+ } else
+ ilp->mode = SCAN_IDLE;
+ }
+
+ if (err < 0)
+ mgmt_pending_foreach(MGMT_OP_STOP_DISCOVERY, index,
+ discovery_terminated, NULL);
+
+ hci_dev_unlock(hdev);
+ hci_dev_put(hdev);
+}
+
+static void disco_to(unsigned long data)
+{
+ struct disco_interleave *ilp = (void *)data;
+ struct hci_dev *hdev;
+ struct pending_cmd *cmd;
+
+ BT_DBG("hci%d", ilp->index);
+
+ del_timer_sync(&ilp->le_timer);
+ hdev = hci_dev_get(ilp->index);
+
+ if (hdev) {
+ hci_dev_lock(hdev);
+
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, ilp->index);
+
+ if (ilp->mode != SCAN_IDLE) {
+ struct hci_cp_le_set_scan_enable le_cp = {0, 0};
+
+ if (ilp->mode == SCAN_LE)
+ hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
+ sizeof(le_cp), &le_cp);
+ else
+ hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL,
+ 0, NULL);
+
+ ilp->mode = SCAN_IDLE;
+ }
+
+ if (cmd) {
+ struct mgmt_mode cp = {0};
+
+ mgmt_event(MGMT_EV_DISCOVERING, ilp->index, &cp,
+ sizeof(cp), NULL);
+ mgmt_pending_remove(cmd);
+ }
+
+ hci_dev_unlock(hdev);
+ }
+}
+
+static void disco_le_to(unsigned long data)
+{
+ struct disco_interleave *ilp = (void *)data;
+ struct hci_dev *hdev;
+ struct pending_cmd *cmd;
+ struct hci_cp_le_set_scan_enable le_cp = {0, 0};
+
+ BT_DBG("hci%d", ilp->index);
+
+ hdev = hci_dev_get(ilp->index);
+ del_timer_sync(&ilp->le_timer);
+
+ if (hdev) {
+ hci_dev_lock(hdev);
+
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, ilp->index);
+
+ if (ilp->mode == SCAN_LE)
+ hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
+ sizeof(le_cp), &le_cp);
+
+ /* re-start BR scan */
+ if (cmd) {
+ struct hci_cp_inquiry cp = {{0x33, 0x8b, 0x9e}, 4, 0};
+ ilp->int_phase *= 2;
+ ilp->int_count = 0;
+ cp.num_rsp = (u8) ilp->int_phase;
+ hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
+ ilp->mode = SCAN_BR;
+ } else
+ ilp->mode = SCAN_IDLE;
+
+ hci_dev_unlock(hdev);
+ }
+}
+
+static int start_discovery(struct sock *sk, u16 index)
+{
+ struct hci_cp_inquiry cp = {{0x33, 0x8b, 0x9e}, 8, 0};
+ struct hci_dev *hdev;
+ struct pending_cmd *cmd;
+ int err;
+
+ BT_DBG("");
+
+ hdev = hci_dev_get(index);
+ if (!hdev)
+ return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
+
+ hci_dev_lock(hdev);
+
+ cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
+ if (!cmd) {
+ err = -ENOMEM;
+ goto failed;
+ }
+
+ /* If LE Capable, we will alternate between BR/EDR and LE */
+ if (lmp_le_capable(hdev)) {
+ struct hci_cp_le_set_scan_parameters le_cp;
+
+ /* Shorten BR scan params */
+ cp.num_rsp = 1;
+ cp.length /= 2;
+
+ /* Setup LE scan params */
+ memset(&le_cp, 0, sizeof(le_cp));
+ le_cp.type = 0x01; /* Active scanning */
+ /* The recommended value for scan interval and window is
+ * 11.25 msec. It is calculated by: time = n * 0.625 msec */
+ le_cp.interval = cpu_to_le16(0x0012);
+ le_cp.window = cpu_to_le16(0x0012);
+ le_cp.own_bdaddr_type = 0; /* Public address */
+ le_cp.filter = 0; /* Accept all adv packets */
+
+ hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAMETERS,
+ sizeof(le_cp), &le_cp);
+ }
+
+ err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
+
+ if (err < 0)
+ mgmt_pending_remove(cmd);
+ else if (lmp_le_capable(hdev)) {
+ struct disco_interleave il, *ilp;
+
+ il.int_phase = 1;
+ il.int_count = 0;
+ il.index = index;
+ il.mode = SCAN_BR;
+ mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, &il,
+ sizeof(struct disco_interleave));
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
+ if (cmd) {
+ ilp = cmd->param;
+ setup_timer(&ilp->le_timer, disco_le_to,
+ (unsigned long) ilp);
+ setup_timer(&ilp->timer, disco_to, (unsigned long) ilp);
+ mod_timer(&ilp->timer,
+ jiffies + msecs_to_jiffies(20000));
+ }
+ }
+
+failed:
+ hci_dev_unlock(hdev);
+ hci_dev_put(hdev);
+
+ return err;
+}
+
+static int stop_discovery(struct sock *sk, u16 index)
+{
+ struct hci_cp_le_set_scan_enable le_cp = {0, 0};
+ struct mgmt_mode mode_cp = {0};
+ struct disco_interleave *ilp = NULL;
+ struct hci_dev *hdev;
+ struct pending_cmd *cmd = NULL;
+ int err = -EPERM;
+
+ BT_DBG("");
+
+ hdev = hci_dev_get(index);
+ if (!hdev)
+ return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
+
+ hci_dev_lock(hdev);
+
+ if (lmp_le_capable(hdev)) {
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
+ if (!cmd) {
+ err = -ENOMEM;
+ goto failed;
+ }
+
+ ilp = cmd->param;
+ }
+
+ if (lmp_le_capable(hdev) && ilp && (ilp->mode == SCAN_LE))
+ err = hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
+ sizeof(le_cp), &le_cp);
+
+ if (err < 0) {
+ if (!ilp || (ilp->mode == SCAN_BR))
+ err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL,
+ 0, NULL);
+ }
+
+ if (ilp) {
+ ilp->mode = SCAN_IDLE;
+ del_timer_sync(&ilp->le_timer);
+ del_timer_sync(&ilp->timer);
+ }
+
+ if (err < 0 && cmd)
+ mgmt_pending_remove(cmd);
+
+ mgmt_event(MGMT_EV_DISCOVERING, index, &mode_cp, sizeof(mode_cp), NULL);
+
+failed:
+ hci_dev_unlock(hdev);
+ hci_dev_put(hdev);
+
+ if (err < 0)
+ return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, -err);
+ else
+ return err;
+}
+
static int read_local_oob_data(struct sock *sk, u16 index)
{
struct hci_dev *hdev;
@@ -1631,6 +2052,7 @@
goto done;
}
+ BT_DBG("got opcode %x", opcode);
switch (opcode) {
case MGMT_OP_READ_VERSION:
err = read_version(sk);
@@ -1690,14 +2112,23 @@
err = pair_device(sk, index, buf + sizeof(*hdr), len);
break;
case MGMT_OP_USER_CONFIRM_REPLY:
- err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
- break;
+ case MGMT_OP_USER_PASSKEY_REPLY:
case MGMT_OP_USER_CONFIRM_NEG_REPLY:
- err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
+ err = user_confirm_reply(sk, index, buf + sizeof(*hdr),
+ len, opcode);
break;
case MGMT_OP_SET_LOCAL_NAME:
err = set_local_name(sk, index, buf + sizeof(*hdr), len);
break;
+ case MGMT_OP_START_DISCOVERY:
+ err = start_discovery(sk, index);
+ break;
+ case MGMT_OP_STOP_DISCOVERY:
+ err = stop_discovery(sk, index);
+ break;
+ case MGMT_OP_RESOLVE_NAME:
+ err = resolve_name(sk, index, buf + sizeof(*hdr), len);
+ break;
case MGMT_OP_READ_LOCAL_OOB_DATA:
err = read_local_oob_data(sk, index);
break;
@@ -1727,11 +2158,13 @@
int mgmt_index_added(u16 index)
{
+ BT_DBG("%d", index);
return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
}
int mgmt_index_removed(u16 index)
{
+ BT_DBG("%d", index);
return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
}
@@ -1766,6 +2199,8 @@
struct cmd_lookup match = { powered, NULL };
int ret;
+ BT_DBG("hci%u %d", index, powered);
+
mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
ev.val = powered;
@@ -1815,7 +2250,7 @@
return ret;
}
-int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
+int mgmt_new_key(u16 index, struct link_key *key, u8 bonded)
{
struct mgmt_ev_new_key *ev;
int err, total;
@@ -1829,7 +2264,8 @@
ev->key.type = key->type;
memcpy(ev->key.val, key->val, 16);
ev->key.pin_len = key->pin_len;
- ev->old_key_type = old_key_type;
+ ev->key.auth = key->auth;
+ ev->store_hint = bonded;
ev->key.dlen = key->dlen;
memcpy(ev->key.data, key->data, key->dlen);
@@ -1914,7 +2350,10 @@
{
struct mgmt_ev_pin_code_request ev;
+ BT_DBG("hci%u", index);
+
bacpy(&ev.bdaddr, bdaddr);
+ ev.secure = 0;
return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
NULL);
@@ -1962,16 +2401,56 @@
return err;
}
-int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
+int mgmt_user_confirm_request(u16 index, u8 event,
+ bdaddr_t *bdaddr, __le32 value)
{
struct mgmt_ev_user_confirm_request ev;
+ struct hci_conn *conn = NULL;
+ struct hci_dev *hdev;
+ u8 loc_cap, rem_cap, loc_mitm, rem_mitm;
+
+ BT_DBG("hci%u", index);
+
+ hdev = hci_dev_get(index);
+
+ if (hdev)
+ conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
+
+ ev.auto_confirm = 0;
+
+ if (!conn || event != HCI_EV_USER_CONFIRM_REQUEST)
+ goto no_auto_confirm;
+
+ loc_cap = (conn->io_capability == 0x04) ? 0x01 : conn->io_capability;
+ rem_cap = conn->remote_cap;
+ loc_mitm = conn->auth_type & 0x01;
+ rem_mitm = conn->remote_auth & 0x01;
+
+ if (loc_cap == 0x01 && (rem_cap == 0x00 || rem_cap == 0x03))
+ goto no_auto_confirm;
+
+
+ if ((!loc_mitm || rem_cap == 0x03) && (!rem_mitm || loc_cap == 0x03))
+ ev.auto_confirm = 1;
+
+no_auto_confirm:
+ bacpy(&ev.bdaddr, bdaddr);
+ ev.event = event;
+ put_unaligned_le32(value, &ev.value);
+
+ return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
+ NULL);
+}
+
+int mgmt_user_passkey_request(u16 index, bdaddr_t *bdaddr)
+{
+ struct mgmt_ev_user_passkey_request ev;
BT_DBG("hci%u", index);
bacpy(&ev.bdaddr, bdaddr);
- put_unaligned_le32(value, &ev.value);
- return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
+ return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, index, &ev, sizeof(ev),
NULL);
}
@@ -2089,30 +2568,71 @@
return err;
}
-int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
- u8 *eir)
+int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 type, u8 le,
+ u8 *dev_class, s8 rssi, u8 eir_len, u8 *eir)
{
struct mgmt_ev_device_found ev;
+ struct hci_dev *hdev = hci_dev_get(index);
+ struct pending_cmd *cmd;
+ int err;
+
+ BT_DBG("le: %d", le);
memset(&ev, 0, sizeof(ev));
bacpy(&ev.bdaddr, bdaddr);
- memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
ev.rssi = rssi;
+ ev.type = type;
+ ev.le = le;
- if (eir)
- memcpy(ev.eir, eir, sizeof(ev.eir));
+ if (dev_class)
+ memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
- return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
+ if (eir && eir_len)
+ memcpy(ev.eir, eir, eir_len);
+
+ err = mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
+
+ if (err < 0)
+ return err;
+
+ cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
+ if (cmd) {
+ struct disco_interleave *ilp = cmd->param;
+
+ ilp->int_count++;
+ if (hdev && ilp->int_count >= ilp->int_phase) {
+ /* Inquiry scan for General Discovery LAP */
+ struct hci_cp_inquiry cp = {{0x33, 0x8b, 0x9e}, 4, 0};
+ struct hci_cp_le_set_scan_enable le_cp = {0, 0};
+ ilp->int_phase *= 2;
+ ilp->int_count = 0;
+ if (ilp->mode == SCAN_LE) {
+ /* cancel LE scan */
+ hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE,
+ sizeof(le_cp), &le_cp);
+ /* start BR scan */
+ cp.num_rsp = (u8) ilp->int_phase;
+ hci_send_cmd(hdev, HCI_OP_INQUIRY,
+ sizeof(cp), &cp);
+ ilp->mode = SCAN_BR;
+ del_timer_sync(&ilp->le_timer);
+ }
+ }
+ }
+
+ return 0;
}
-int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
+
+int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 status, u8 *name)
{
struct mgmt_ev_remote_name ev;
memset(&ev, 0, sizeof(ev));
bacpy(&ev.bdaddr, bdaddr);
+ ev.status = status;
memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index e1c4ef3..4b25081 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -23,12 +23,21 @@
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>
+#include <net/bluetooth/mgmt.h>
#include <net/bluetooth/smp.h>
#include <linux/crypto.h>
#include <crypto/b128ops.h>
+#include <asm/unaligned.h>
#define SMP_TIMEOUT 30000 /* 30 seconds */
+#ifndef FALSE
+#define FALSE 0
+#define TRUE (!FALSE)
+#endif
+
+static int smp_distribute_keys(struct l2cap_conn *conn, __u8 force);
+
static inline void swap128(u8 src[16], u8 dst[16])
{
int i;
@@ -183,12 +192,21 @@
hci_send_acl(conn->hcon, NULL, skb, 0);
}
+static __u8 authreq_to_seclevel(__u8 authreq)
+{
+ if (authreq & SMP_AUTH_MITM)
+ return BT_SECURITY_HIGH;
+ else if (authreq & SMP_AUTH_BONDING)
+ return BT_SECURITY_MEDIUM;
+ else
+ return BT_SECURITY_LOW;
+}
+
static __u8 seclevel_to_authreq(__u8 level)
{
switch (level) {
case BT_SECURITY_HIGH:
- /* Right now we don't support bonding */
- return SMP_AUTH_MITM;
+ return SMP_AUTH_MITM | SMP_AUTH_BONDING;
default:
return SMP_AUTH_NONE;
@@ -200,70 +218,265 @@
struct smp_cmd_pairing *rsp,
__u8 authreq)
{
+ struct hci_conn *hcon = conn->hcon;
u8 all_keys = 0;
- u8 dist_keys;
+ u8 dist_keys = 0;
- dist_keys = 0;
- if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
- dist_keys = SMP_DIST_ENC_KEY;
- authreq |= SMP_AUTH_BONDING;
- }
+ dist_keys = SMP_DIST_ENC_KEY;
+ authreq |= SMP_AUTH_BONDING;
+
+ BT_DBG("conn->hcon->io_capability:%d", conn->hcon->io_capability);
if (rsp == NULL) {
req->io_capability = conn->hcon->io_capability;
- req->oob_flag = SMP_OOB_NOT_PRESENT;
+ req->oob_flag = hcon->oob ? SMP_OOB_PRESENT :
+ SMP_OOB_NOT_PRESENT;
req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
- req->init_key_dist = dist_keys;
- req->resp_key_dist = all_keys;
+ req->init_key_dist = all_keys;
+ req->resp_key_dist = dist_keys;
req->auth_req = authreq;
+ BT_DBG("SMP_CMD_PAIRING_REQ %d %d %d %d %2.2x %2.2x",
+ req->io_capability, req->oob_flag,
+ req->auth_req, req->max_key_size,
+ req->init_key_dist, req->resp_key_dist);
return;
}
+ /* Only request OOB if remote AND we support it */
+ if (req->oob_flag)
+ rsp->oob_flag = hcon->oob ? SMP_OOB_PRESENT :
+ SMP_OOB_NOT_PRESENT;
+ else
+ rsp->oob_flag = SMP_OOB_NOT_PRESENT;
+
rsp->io_capability = conn->hcon->io_capability;
- rsp->oob_flag = SMP_OOB_NOT_PRESENT;
rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
rsp->init_key_dist = req->init_key_dist & all_keys;
rsp->resp_key_dist = req->resp_key_dist & dist_keys;
rsp->auth_req = authreq;
+ BT_DBG("SMP_CMD_PAIRING_RSP %d %d %d %d %2.2x %2.2x",
+ req->io_capability, req->oob_flag, req->auth_req,
+ req->max_key_size, req->init_key_dist,
+ req->resp_key_dist);
}
static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
{
+ struct hci_conn *hcon = conn->hcon;
+
if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
(max_key_size < SMP_MIN_ENC_KEY_SIZE))
return SMP_ENC_KEY_SIZE;
- conn->smp_key_size = max_key_size;
+ hcon->smp_key_size = max_key_size;
return 0;
}
+#define JUST_WORKS SMP_JUST_WORKS
+#define REQ_PASSKEY SMP_REQ_PASSKEY
+#define CFM_PASSKEY SMP_CFM_PASSKEY
+#define JUST_CFM SMP_JUST_CFM
+#define OVERLAP SMP_OVERLAP
+static const u8 gen_method[5][5] = {
+ {JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY},
+ {JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY},
+ {CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY},
+ {JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM},
+ {CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP}
+};
+
+static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
+ u8 local_io, u8 remote_io)
+{
+ struct hci_conn *hcon = conn->hcon;
+ u8 method;
+ u32 passkey = 0;
+
+ /* Initialize key to JUST WORKS */
+ memset(hcon->tk, 0, sizeof(hcon->tk));
+ hcon->tk_valid = FALSE;
+ hcon->auth = auth;
+
+ /* By definition, OOB data will be used if both sides have it available
+ */
+ if (remote_oob && hcon->oob) {
+ method = SMP_REQ_OOB;
+ goto agent_request;
+ }
+
+ BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
+
+ /* If neither side wants MITM, use JUST WORKS */
+ /* If either side has unknown io_caps, use JUST_WORKS */
+ if (!(auth & SMP_AUTH_MITM) ||
+ local_io > SMP_IO_KEYBOARD_DISPLAY ||
+ remote_io > SMP_IO_KEYBOARD_DISPLAY) {
+ hcon->auth &= ~SMP_AUTH_MITM;
+ hcon->tk_valid = TRUE;
+ return 0;
+ }
+
+ /* MITM is now officially requested, but not required */
+ /* Determine what we need (if anything) from the agent */
+ method = gen_method[local_io][remote_io];
+
+ BT_DBG("tk_method: %d", method);
+
+ if (method == SMP_JUST_WORKS || method == SMP_JUST_CFM)
+ hcon->auth &= ~SMP_AUTH_MITM;
+
+ /* Don't bother confirming unbonded JUST_WORKS */
+ if (!(auth & SMP_AUTH_BONDING) && method == SMP_JUST_CFM) {
+ hcon->tk_valid = TRUE;
+ return 0;
+ } else if (method == SMP_JUST_WORKS) {
+ hcon->tk_valid = TRUE;
+ return 0;
+ } else if (method == SMP_OVERLAP) {
+ if (hcon->link_mode & HCI_LM_MASTER)
+ method = SMP_CFM_PASSKEY;
+ else
+ method = SMP_REQ_PASSKEY;
+ }
+
+ BT_DBG("tk_method-2: %d", method);
+
+ if (method == SMP_CFM_PASSKEY) {
+ u8 key[16];
+ /* Generate a passkey for display. It is not valid until
+ * confirmed.
+ */
+ memset(key, 0, sizeof(key));
+ get_random_bytes(&passkey, sizeof(passkey));
+ passkey %= 1000000;
+ put_unaligned_le32(passkey, key);
+ swap128(key, hcon->tk);
+ BT_DBG("PassKey: %d", passkey);
+ }
+
+agent_request:
+ switch (method) {
+ case SMP_REQ_PASSKEY:
+ return mgmt_user_confirm_request(0, HCI_EV_USER_PASSKEY_REQUEST,
+ conn->dst, 0);
+ case SMP_CFM_PASSKEY:
+ default:
+ return mgmt_user_confirm_request(0, HCI_EV_USER_CONFIRM_REQUEST,
+ conn->dst, passkey);
+ }
+}
+
+static int send_pairing_confirm(struct l2cap_conn *conn)
+{
+ struct hci_conn *hcon = conn->hcon;
+ struct crypto_blkcipher *tfm = hcon->hdev->tfm;
+ struct smp_cmd_pairing_confirm cp;
+ int ret;
+ u8 res[16];
+
+ if (conn->hcon->out)
+ ret = smp_c1(tfm, hcon->tk, hcon->prnd, hcon->preq, hcon->prsp,
+ 0, conn->src, hcon->dst_type, conn->dst, res);
+ else
+ ret = smp_c1(tfm, hcon->tk, hcon->prnd, hcon->preq, hcon->prsp,
+ hcon->dst_type, conn->dst, 0, conn->src, res);
+
+ if (ret)
+ return SMP_CONFIRM_FAILED;
+
+ swap128(res, cp.confirm_val);
+
+ hcon->cfm_pending = FALSE;
+
+ smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
+
+ return 0;
+}
+
+int le_user_confirm_reply(struct hci_conn *hdev, u16 mgmt_op, void *cp)
+{
+ struct mgmt_cp_user_passkey_reply *psk_reply = cp;
+ struct l2cap_conn *conn = hdev->smp_conn;
+ u8 key[16];
+ u8 reason = 0;
+ int ret = 0;
+
+ BT_DBG("");
+
+ hdev->tk_valid = TRUE;
+
+ switch (mgmt_op) {
+ case MGMT_OP_USER_CONFIRM_NEG_REPLY:
+ reason = SMP_CONFIRM_FAILED;
+ break;
+ case MGMT_OP_USER_CONFIRM_REPLY:
+ break;
+ case MGMT_OP_USER_PASSKEY_REPLY:
+ memset(key, 0, sizeof(key));
+ BT_DBG("PassKey: %d", psk_reply->passkey);
+ put_unaligned_le32(psk_reply->passkey, key);
+ swap128(key, hdev->tk);
+ break;
+ default:
+ reason = SMP_CONFIRM_FAILED;
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ if (reason) {
+ BT_DBG("smp_send_cmd: SMP_CMD_PAIRING_FAIL");
+ smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
+ &reason);
+ } else if (hdev->cfm_pending) {
+ BT_DBG("send_pairing_confirm");
+ ret = send_pairing_confirm(conn);
+ }
+
+ return ret;
+}
+
static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_pairing rsp, *req = (void *) skb->data;
u8 key_size;
+ u8 auth = SMP_AUTH_NONE;
+ int ret;
BT_DBG("conn %p", conn);
- conn->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&conn->preq[1], req, sizeof(*req));
+ hcon->preq[0] = SMP_CMD_PAIRING_REQ;
+ memcpy(&hcon->preq[1], req, sizeof(*req));
skb_pull(skb, sizeof(*req));
- if (req->oob_flag)
- return SMP_OOB_NOT_AVAIL;
+ if (req->oob_flag && hcon->oob) {
+ /* By definition, OOB data pairing will have MITM protection */
+ auth = req->auth_req | SMP_AUTH_MITM;
+ } else if (req->auth_req & SMP_AUTH_BONDING) {
+ /* We will attempt MITM for all Bonding attempts */
+ auth = SMP_AUTH_BONDING | SMP_AUTH_MITM;
+ }
/* We didn't start the pairing, so no requirements */
- build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
+ build_pairing_cmd(conn, req, &rsp, auth);
key_size = min(req->max_key_size, rsp.max_key_size);
if (check_enc_key_size(conn, key_size))
return SMP_ENC_KEY_SIZE;
- /* Just works */
- memset(conn->tk, 0, sizeof(conn->tk));
+ ret = smp_rand(hcon->prnd);
+ if (ret)
+ return SMP_UNSPECIFIED;
- conn->prsp[0] = SMP_CMD_PAIRING_RSP;
- memcpy(&conn->prsp[1], &rsp, sizeof(rsp));
+ /* Request setup of TK */
+ ret = tk_request(conn, req->oob_flag, auth, rsp.io_capability,
+ req->io_capability);
+ if (ret)
+ return SMP_UNSPECIFIED;
+
+ hcon->prsp[0] = SMP_CMD_PAIRING_RSP;
+ memcpy(&hcon->prsp[1], &rsp, sizeof(rsp));
smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
@@ -275,81 +488,76 @@
static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
- struct smp_cmd_pairing_confirm cp;
- struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
+ u8 key_size, auth = SMP_AUTH_NONE;
int ret;
- u8 res[16], key_size;
BT_DBG("conn %p", conn);
skb_pull(skb, sizeof(*rsp));
- req = (void *) &conn->preq[1];
+ req = (void *) &hcon->preq[1];
key_size = min(req->max_key_size, rsp->max_key_size);
if (check_enc_key_size(conn, key_size))
return SMP_ENC_KEY_SIZE;
- if (rsp->oob_flag)
- return SMP_OOB_NOT_AVAIL;
+ hcon->prsp[0] = SMP_CMD_PAIRING_RSP;
+ memcpy(&hcon->prsp[1], rsp, sizeof(*rsp));
- /* Just works */
- memset(conn->tk, 0, sizeof(conn->tk));
-
- conn->prsp[0] = SMP_CMD_PAIRING_RSP;
- memcpy(&conn->prsp[1], rsp, sizeof(*rsp));
-
- ret = smp_rand(conn->prnd);
+ ret = smp_rand(hcon->prnd);
if (ret)
return SMP_UNSPECIFIED;
- ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0,
- conn->src, conn->hcon->dst_type, conn->dst, res);
+ if ((req->auth_req & SMP_AUTH_BONDING) &&
+ (rsp->auth_req & SMP_AUTH_BONDING))
+ auth = SMP_AUTH_BONDING;
+
+ auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
+
+ ret = tk_request(conn, req->oob_flag, auth, rsp->io_capability,
+ req->io_capability);
if (ret)
return SMP_UNSPECIFIED;
- swap128(res, cp.confirm_val);
+ hcon->cfm_pending = TRUE;
- smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
+ /* Can't compose response until we have been confirmed */
+ if (!hcon->tk_valid)
+ return 0;
+
+ ret = send_pairing_confirm(conn);
+ if (ret)
+ return SMP_CONFIRM_FAILED;
return 0;
}
static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
{
- struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm;
+ struct hci_conn *hcon = conn->hcon;
+ int ret;
BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
- memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf));
- skb_pull(skb, sizeof(conn->pcnf));
+ memcpy(hcon->pcnf, skb->data, sizeof(hcon->pcnf));
+ skb_pull(skb, sizeof(hcon->pcnf));
if (conn->hcon->out) {
u8 random[16];
- swap128(conn->prnd, random);
+ swap128(hcon->prnd, random);
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
random);
- } else {
- struct smp_cmd_pairing_confirm cp;
- int ret;
- u8 res[16];
+ } else if (hcon->tk_valid) {
+ ret = send_pairing_confirm(conn);
- ret = smp_rand(conn->prnd);
- if (ret)
- return SMP_UNSPECIFIED;
-
- ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp,
- conn->hcon->dst_type, conn->dst,
- 0, conn->src, res);
if (ret)
return SMP_CONFIRM_FAILED;
+ } else
+ hcon->cfm_pending = TRUE;
- swap128(res, cp.confirm_val);
-
- smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
- }
mod_timer(&conn->security_timer, jiffies +
msecs_to_jiffies(SMP_TIMEOUT));
@@ -368,12 +576,12 @@
skb_pull(skb, sizeof(random));
if (conn->hcon->out)
- ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0,
- conn->src, conn->hcon->dst_type, conn->dst,
+ ret = smp_c1(tfm, hcon->tk, random, hcon->preq, hcon->prsp, 0,
+ conn->src, hcon->dst_type, conn->dst,
res);
else
- ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp,
- conn->hcon->dst_type, conn->dst, 0, conn->src,
+ ret = smp_c1(tfm, hcon->tk, random, hcon->preq, hcon->prsp,
+ hcon->dst_type, conn->dst, 0, conn->src,
res);
if (ret)
return SMP_UNSPECIFIED;
@@ -382,7 +590,7 @@
swap128(res, confirm);
- if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) {
+ if (memcmp(hcon->pcnf, confirm, sizeof(hcon->pcnf)) != 0) {
BT_ERR("Pairing failed (confirmation values mismatch)");
return SMP_CONFIRM_FAILED;
}
@@ -394,14 +602,14 @@
memset(rand, 0, sizeof(rand));
ediv = 0;
- smp_s1(tfm, conn->tk, random, conn->prnd, key);
+ smp_s1(tfm, hcon->tk, random, hcon->prnd, key);
swap128(key, stk);
- memset(stk + conn->smp_key_size, 0,
- SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
+ memset(stk + hcon->smp_key_size, 0,
+ SMP_MAX_ENC_KEY_SIZE - hcon->smp_key_size);
hci_le_start_enc(hcon, ediv, rand, stk);
- hcon->enc_key_size = conn->smp_key_size;
+ hcon->enc_key_size = hcon->smp_key_size;
} else {
u8 stk[16], r[16], rand[8];
__le16 ediv;
@@ -409,17 +617,17 @@
memset(rand, 0, sizeof(rand));
ediv = 0;
- swap128(conn->prnd, r);
+ swap128(hcon->prnd, r);
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
- smp_s1(tfm, conn->tk, conn->prnd, random, key);
+ smp_s1(tfm, hcon->tk, hcon->prnd, random, key);
swap128(key, stk);
- memset(stk + conn->smp_key_size, 0,
- SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size);
+ memset(stk + hcon->smp_key_size, 0,
+ SMP_MAX_ENC_KEY_SIZE - hcon->smp_key_size);
- hci_add_ltk(conn->hcon->hdev, 0, conn->dst, conn->smp_key_size,
- ediv, rand, stk);
+ hci_add_ltk(conn->hcon->hdev, 0, conn->dst, hcon->smp_key_size,
+ hcon->auth, ediv, rand, stk);
}
return 0;
@@ -427,27 +635,45 @@
static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_security_req *rp = (void *) skb->data;
struct smp_cmd_pairing cp;
- struct hci_conn *hcon = conn->hcon;
+ struct link_key *key;
BT_DBG("conn %p", conn);
if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
return 0;
+ key = hci_find_link_key_type(hcon->hdev, conn->dst, KEY_TYPE_LTK);
+ if (key && ((key->auth & SMP_AUTH_MITM) ||
+ !(rp->auth_req & SMP_AUTH_MITM))) {
+ struct key_master_id *master = (void *) key->data;
+
+ hci_le_start_enc(hcon, master->ediv, master->rand,
+ key->val);
+ hcon->enc_key_size = key->pin_len;
+
+ hcon->sec_req = TRUE;
+ hcon->sec_level = authreq_to_seclevel(rp->auth_req);
+
+ return 0;
+ }
+
+ hcon->sec_req = FALSE;
+
skb_pull(skb, sizeof(*rp));
memset(&cp, 0, sizeof(cp));
build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
- conn->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&conn->preq[1], &cp, sizeof(cp));
+ hcon->preq[0] = SMP_CMD_PAIRING_REQ;
+ memcpy(&hcon->preq[1], &cp, sizeof(cp));
smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
mod_timer(&conn->security_timer, jiffies +
- msecs_to_jiffies(SMP_TIMEOUT));
+ msecs_to_jiffies(SMP_TIMEOUT));
set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend);
@@ -461,21 +687,33 @@
BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
- if (IS_ERR(hcon->hdev->tfm))
+ if (IS_ERR(hcon->hdev->tfm)) {
+ BT_DBG("IS_ERR");
return 1;
+ }
- if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
+ if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) {
+ BT_DBG("HCI_CONN_ENCRYPT_PEND");
return -EINPROGRESS;
+ }
- if (sec_level == BT_SECURITY_LOW)
+ if (sec_level == BT_SECURITY_LOW) {
+ BT_DBG("BT_SECURITY_LOW");
return 1;
+ }
- if (hcon->sec_level > sec_level)
+ if (hcon->sec_level > sec_level) {
+ BT_DBG("hcon->sec_level > sec_level");
return 1;
+ }
authreq = seclevel_to_authreq(sec_level);
- if (hcon->link_mode & HCI_LM_MASTER) {
+ BT_ERR("conn = %p, sec: %d", conn, sec_level);
+ hcon->smp_conn = conn;
+ hcon->sec_level = sec_level;
+
+ if ((hcon->link_mode & HCI_LM_MASTER) && !hcon->sec_req) {
struct link_key *key;
key = hci_find_link_key_type(hcon->hdev, conn->dst,
@@ -487,16 +725,20 @@
key->val);
hcon->enc_key_size = key->pin_len;
+ hcon->sec_req = TRUE;
+
goto done;
}
}
+ hcon->sec_req = FALSE;
+
if (hcon->link_mode & HCI_LM_MASTER) {
struct smp_cmd_pairing cp;
build_pairing_cmd(conn, &cp, NULL, authreq);
- conn->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&conn->preq[1], &cp, sizeof(cp));
+ hcon->preq[0] = SMP_CMD_PAIRING_REQ;
+ memcpy(&hcon->preq[1], &cp, sizeof(cp));
mod_timer(&conn->security_timer, jiffies +
msecs_to_jiffies(SMP_TIMEOUT));
@@ -517,6 +759,7 @@
static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_encrypt_info *rp = (void *) skb->data;
u8 rand[8];
int err;
@@ -527,7 +770,8 @@
memset(rand, 0, sizeof(rand));
- err = hci_add_ltk(conn->hcon->hdev, 0, conn->dst, 0, 0, rand, rp->ltk);
+ err = hci_add_ltk(hcon->hdev, 0, conn->dst, 0, 0, 0,
+ rand, rp->ltk);
if (err)
return SMP_UNSPECIFIED;
@@ -536,44 +780,52 @@
static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_master_ident *rp = (void *) skb->data;
- struct smp_cmd_pairing *paircmd = (void *) &conn->prsp[1];
+ struct smp_cmd_pairing *paircmd = (void *) &hcon->prsp[1];
struct link_key *key;
- struct key_master_id *id;
- u8 keydist = paircmd->init_key_dist;
+ u8 *keydist;
skb_pull(skb, sizeof(*rp));
- key = hci_find_link_key_type(conn->hcon->hdev, conn->dst, KEY_TYPE_LTK);
+ key = hci_find_link_key_type(hcon->hdev, conn->dst, KEY_TYPE_LTK);
if (key == NULL)
return SMP_UNSPECIFIED;
- BT_DBG("keydist 0x%x", keydist);
+ if (hcon->out)
+ keydist = &paircmd->resp_key_dist;
+ else
+ keydist = &paircmd->init_key_dist;
- id = (void *) key->data;
- id->ediv = rp->ediv;
- memcpy(id->rand, rp->rand, sizeof(rp->rand));
+ BT_DBG("keydist 0x%x", *keydist);
- hci_add_ltk(conn->hcon->hdev, 1, conn->src, conn->smp_key_size,
- rp->ediv, rp->rand, key->val);
+ hci_add_ltk(hcon->hdev, 1, conn->dst, hcon->smp_key_size,
+ hcon->auth, rp->ediv, rp->rand, key->val);
- smp_distribute_keys(conn, 1);
+ *keydist &= ~SMP_DIST_ENC_KEY;
+ if (hcon->out) {
+ if (!(*keydist))
+ smp_distribute_keys(conn, 1);
+ }
return 0;
}
int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
{
+ struct hci_conn *hcon = conn->hcon;
__u8 code = skb->data[0];
__u8 reason;
int err = 0;
- if (IS_ERR(conn->hcon->hdev->tfm)) {
- err = PTR_ERR(conn->hcon->hdev->tfm);
+ if (IS_ERR(hcon->hdev->tfm)) {
+ err = PTR_ERR(hcon->hdev->tfm);
reason = SMP_PAIRING_NOTSUPP;
+ BT_ERR("SMP_PAIRING_NOTSUPP %p", hcon->hdev->tfm);
goto done;
}
+ hcon->smp_conn = conn;
skb_pull(skb, sizeof(code));
switch (code) {
@@ -626,33 +878,36 @@
}
done:
- if (reason)
+ if (reason) {
+ BT_ERR("SMP_CMD_PAIRING_FAIL: %d", reason);
smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
&reason);
+ }
kfree_skb(skb);
return err;
}
-int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
+static int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
{
+ struct hci_conn *hcon = conn->hcon;
struct smp_cmd_pairing *req, *rsp;
__u8 *keydist;
BT_DBG("conn %p force %d", conn, force);
- if (IS_ERR(conn->hcon->hdev->tfm))
- return PTR_ERR(conn->hcon->hdev->tfm);
+ if (IS_ERR(hcon->hdev->tfm))
+ return PTR_ERR(hcon->hdev->tfm);
- rsp = (void *) &conn->prsp[1];
+ rsp = (void *) &hcon->prsp[1];
/* The responder sends its keys first */
- if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
+ if (!force && hcon->out && (rsp->resp_key_dist & 0x07))
return 0;
- req = (void *) &conn->preq[1];
+ req = (void *) &hcon->preq[1];
- if (conn->hcon->out) {
+ if (hcon->out) {
keydist = &rsp->init_key_dist;
*keydist &= req->init_key_dist;
} else {
@@ -674,8 +929,8 @@
smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
- hci_add_ltk(conn->hcon->hdev, 1, conn->dst, conn->smp_key_size,
- ediv, ident.rand, enc.ltk);
+ hci_add_ltk(hcon->hdev, 1, conn->dst, hcon->smp_key_size,
+ hcon->auth, ediv, ident.rand, enc.ltk);
ident.ediv = cpu_to_le16(ediv);
@@ -714,5 +969,24 @@
*keydist &= ~SMP_DIST_SIGN;
}
+ if (hcon->out || rsp->resp_key_dist)
+ hcon->disconn_cfm_cb(hcon, 0);
+
+ return 0;
+}
+
+int smp_link_encrypt_cmplt(struct l2cap_conn *conn, u8 status, u8 encrypt)
+{
+ struct hci_conn *hcon = conn->hcon;
+
+ BT_DBG("smp: %d %d %d", status, encrypt, hcon->sec_req);
+
+ if (!status && encrypt && !hcon->sec_req)
+ smp_distribute_keys(conn, 0);
+
+ /* Fall back to Pairing request if failed a Link Security request */
+ else if (hcon->sec_req && (status || !encrypt))
+ smp_conn_security(conn, hcon->sec_level);
+
return 0;
}