Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_kernel_shift_sdm845 / fa4ebc66c432d0e0ec947cb754d4144c4a681f28 / . / net / bluetooth / amp.c
blob: 2fc5562a84b9336b7872fb49fcee02be013fb6f0 [file] [log] [blame]
Andrei Emeltchenko903e4542012-09-27 17:26:09 +0300[diff] [blame]1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci.h>
16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/a2mp.h>
18#include <net/bluetooth/amp.h>
Dmitry Kasatkinba221bb2012-09-27 17:26:17 +0300[diff] [blame]19#include <crypto/hash.h>
Andrei Emeltchenko903e4542012-09-27 17:26:09 +0300[diff] [blame]20
Andrei Emeltchenko52c0d6e2012-09-27 17:26:12 +0300[diff] [blame]21/* Remote AMP Controllers interface */
Andrei Emeltchenko0b26ab92012-09-27 17:26:24 +0300[diff] [blame]22void amp_ctrl_get(struct amp_ctrl *ctrl)
Andrei Emeltchenko52c0d6e2012-09-27 17:26:12 +0300[diff] [blame]23{
24 BT_DBG("ctrl %p orig refcnt %d", ctrl,
25 atomic_read(&ctrl->kref.refcount));
26
27 kref_get(&ctrl->kref);
28}
29
30static void amp_ctrl_destroy(struct kref *kref)
31{
32 struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref);
33
34 BT_DBG("ctrl %p", ctrl);
35
36 kfree(ctrl->assoc);
37 kfree(ctrl);
38}
39
40int amp_ctrl_put(struct amp_ctrl *ctrl)
41{
42 BT_DBG("ctrl %p orig refcnt %d", ctrl,
43 atomic_read(&ctrl->kref.refcount));
44
45 return kref_put(&ctrl->kref, &amp_ctrl_destroy);
46}
47
Andrei Emeltchenkofa4ebc62012-10-05 16:56:55 +0300[diff] [blame^]48struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id)
Andrei Emeltchenko52c0d6e2012-09-27 17:26:12 +0300[diff] [blame]49{
50 struct amp_ctrl *ctrl;
51
52 ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
53 if (!ctrl)
54 return NULL;
55
Andrei Emeltchenkofa4ebc62012-10-05 16:56:55 +0300[diff] [blame^]56 kref_init(&ctrl->kref);
57 ctrl->id = id;
58
Andrei Emeltchenko52c0d6e2012-09-27 17:26:12 +0300[diff] [blame]59 mutex_lock(&mgr->amp_ctrls_lock);
60 list_add(&ctrl->list, &mgr->amp_ctrls);
61 mutex_unlock(&mgr->amp_ctrls_lock);
62
Andrei Emeltchenko52c0d6e2012-09-27 17:26:12 +0300[diff] [blame]63 BT_DBG("mgr %p ctrl %p", mgr, ctrl);
64
65 return ctrl;
66}
67
68void amp_ctrl_list_flush(struct amp_mgr *mgr)
69{
70 struct amp_ctrl *ctrl, *n;
71
72 BT_DBG("mgr %p", mgr);
73
74 mutex_lock(&mgr->amp_ctrls_lock);
75 list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) {
76 list_del(&ctrl->list);
77 amp_ctrl_put(ctrl);
78 }
79 mutex_unlock(&mgr->amp_ctrls_lock);
80}
81
82struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id)
83{
84 struct amp_ctrl *ctrl;
85
86 BT_DBG("mgr %p id %d", mgr, id);
87
88 mutex_lock(&mgr->amp_ctrls_lock);
89 list_for_each_entry(ctrl, &mgr->amp_ctrls, list) {
90 if (ctrl->id == id) {
91 amp_ctrl_get(ctrl);
92 mutex_unlock(&mgr->amp_ctrls_lock);
93 return ctrl;
94 }
95 }
96 mutex_unlock(&mgr->amp_ctrls_lock);
97
98 return NULL;
99}
100
Andrei Emeltchenko3161ae12012-09-27 17:26:11 +0300[diff] [blame]101/* Physical Link interface */
102static u8 __next_handle(struct amp_mgr *mgr)
103{
104 if (++mgr->handle == 0)
105 mgr->handle = 1;
106
107 return mgr->handle;
108}
109
110struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
111 u8 remote_id)
112{
113 bdaddr_t *dst = mgr->l2cap_conn->dst;
114 struct hci_conn *hcon;
115
116 hcon = hci_conn_add(hdev, AMP_LINK, dst);
117 if (!hcon)
118 return NULL;
119
120 hcon->state = BT_CONNECT;
121 hcon->out = true;
122 hcon->attempt++;
123 hcon->handle = __next_handle(mgr);
124 hcon->remote_id = remote_id;
125 hcon->amp_mgr = mgr;
126
127 return hcon;
128}
129
Dmitry Kasatkinba221bb2012-09-27 17:26:17 +0300[diff] [blame]130/* AMP crypto key generation interface */
131static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
132{
133 int ret = 0;
134 struct crypto_shash *tfm;
135
136 if (!ksize)
137 return -EINVAL;
138
139 tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
140 if (IS_ERR(tfm)) {
141 BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm));
142 return PTR_ERR(tfm);
143 }
144
145 ret = crypto_shash_setkey(tfm, key, ksize);
146 if (ret) {
147 BT_DBG("crypto_ahash_setkey failed: err %d", ret);
148 } else {
149 struct {
150 struct shash_desc shash;
151 char ctx[crypto_shash_descsize(tfm)];
152 } desc;
153
154 desc.shash.tfm = tfm;
155 desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
156
157 ret = crypto_shash_digest(&desc.shash, plaintext, psize,
158 output);
159 }
160
161 crypto_free_shash(tfm);
162 return ret;
163}
164
Andrei Emeltchenko5a349182012-09-27 17:26:18 +0300[diff] [blame]165int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
166{
167 struct hci_dev *hdev = conn->hdev;
168 struct link_key *key;
169 u8 keybuf[HCI_AMP_LINK_KEY_SIZE];
170 u8 gamp_key[HCI_AMP_LINK_KEY_SIZE];
171 int err;
172
173 if (!hci_conn_check_link_mode(conn))
174 return -EACCES;
175
176 BT_DBG("conn %p key_type %d", conn, conn->key_type);
177
178 /* Legacy key */
179 if (conn->key_type < 3) {
180 BT_ERR("Legacy key type %d", conn->key_type);
181 return -EACCES;
182 }
183
184 *type = conn->key_type;
185 *len = HCI_AMP_LINK_KEY_SIZE;
186
187 key = hci_find_link_key(hdev, &conn->dst);
Andrei Emeltchenko079db0c2012-10-05 16:56:53 +0300[diff] [blame]188 if (!key) {
189 BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst);
190 return -EACCES;
191 }
Andrei Emeltchenko5a349182012-09-27 17:26:18 +0300[diff] [blame]192
193 /* BR/EDR Link Key concatenated together with itself */
194 memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE);
195 memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE);
196
197 /* Derive Generic AMP Link Key (gamp) */
198 err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key);
199 if (err) {
200 BT_ERR("Could not derive Generic AMP Key: err %d", err);
201 return err;
202 }
203
204 if (conn->key_type == HCI_LK_DEBUG_COMBINATION) {
205 BT_DBG("Use Generic AMP Key (gamp)");
206 memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE);
207 return err;
208 }
209
210 /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */
211 return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data);
212}
213
Andrei Emeltchenko903e4542012-09-27 17:26:09 +0300[diff] [blame]214void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle)
215{
216 struct hci_cp_read_local_amp_assoc cp;
217 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
218
219 BT_DBG("%s handle %d", hdev->name, phy_handle);
220
221 cp.phy_handle = phy_handle;
222 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
223 cp.len_so_far = cpu_to_le16(loc_assoc->offset);
224
225 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
226}
227
228void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr)
229{
230 struct hci_cp_read_local_amp_assoc cp;
231
232 memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc));
233 memset(&cp, 0, sizeof(cp));
234
235 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
236
237 mgr->state = READ_LOC_AMP_ASSOC;
238 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
239}
Andrei Emeltchenkoa02226d2012-09-27 17:26:19 +0300[diff] [blame]240
Andrei Emeltchenko9495b2e2012-09-27 17:26:22 +0300[diff] [blame]241void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
242 struct hci_conn *hcon)
243{
244 struct hci_cp_read_local_amp_assoc cp;
245 struct amp_mgr *mgr = hcon->amp_mgr;
246
247 cp.phy_handle = hcon->handle;
248 cp.len_so_far = cpu_to_le16(0);
249 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
250
251 mgr->state = READ_LOC_AMP_ASSOC_FINAL;
252
253 /* Read Local AMP Assoc final link information data */
254 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
255}
Andrei Emeltchenko93c284e2012-09-27 17:26:20 +0300[diff] [blame]256
257/* Write AMP Assoc data fragments, returns true with last fragment written*/
258static bool amp_write_rem_assoc_frag(struct hci_dev *hdev,
259 struct hci_conn *hcon)
260{
261 struct hci_cp_write_remote_amp_assoc *cp;
262 struct amp_mgr *mgr = hcon->amp_mgr;
263 struct amp_ctrl *ctrl;
264 u16 frag_len, len;
265
266 ctrl = amp_ctrl_lookup(mgr, hcon->remote_id);
267 if (!ctrl)
268 return false;
269
270 if (!ctrl->assoc_rem_len) {
271 BT_DBG("all fragments are written");
272 ctrl->assoc_rem_len = ctrl->assoc_len;
273 ctrl->assoc_len_so_far = 0;
274
275 amp_ctrl_put(ctrl);
276 return true;
277 }
278
279 frag_len = min_t(u16, 248, ctrl->assoc_rem_len);
280 len = frag_len + sizeof(*cp);
281
282 cp = kzalloc(len, GFP_KERNEL);
283 if (!cp) {
284 amp_ctrl_put(ctrl);
285 return false;
286 }
287
288 BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u",
289 hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len);
290
291 cp->phy_handle = hcon->handle;
292 cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far);
293 cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len);
294 memcpy(cp->frag, ctrl->assoc, frag_len);
295
296 ctrl->assoc_len_so_far += frag_len;
297 ctrl->assoc_rem_len -= frag_len;
298
299 amp_ctrl_put(ctrl);
300
301 hci_send_cmd(hdev, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp);
302
303 kfree(cp);
304
305 return false;
306}
307
308void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle)
309{
310 struct hci_conn *hcon;
311
312 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
313
314 hcon = hci_conn_hash_lookup_handle(hdev, handle);
315 if (!hcon)
316 return;
317
318 amp_write_rem_assoc_frag(hdev, hcon);
319}
320
321void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle)
322{
323 struct hci_conn *hcon;
324
325 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
326
327 hcon = hci_conn_hash_lookup_handle(hdev, handle);
328 if (!hcon)
329 return;
330
331 BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon);
332
333 amp_write_rem_assoc_frag(hdev, hcon);
334}
335
Andrei Emeltchenkoa02226d2012-09-27 17:26:19 +0300[diff] [blame]336void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
337 struct hci_conn *hcon)
338{
339 struct hci_cp_create_phy_link cp;
340
341 cp.phy_handle = hcon->handle;
342
343 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
344 hcon->handle);
345
346 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
347 &cp.key_type)) {
348 BT_DBG("Cannot create link key");
349 return;
350 }
351
352 hci_send_cmd(hdev, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp);
353}
Andrei Emeltchenkodffa3872012-09-27 17:26:23 +0300[diff] [blame]354
355void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
356 struct hci_conn *hcon)
357{
358 struct hci_cp_accept_phy_link cp;
359
360 cp.phy_handle = hcon->handle;
361
362 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
363 hcon->handle);
364
365 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
366 &cp.key_type)) {
367 BT_DBG("Cannot create link key");
368 return;
369 }
370
371 hci_send_cmd(hdev, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp);
372}