Andrei Emeltchenko | 903e454 | 2012-09-27 17:26:09 +0300 | [diff] [blame] | 1 | /* |
| 2 | Copyright (c) 2011,2012 Intel Corp. |
| 3 | |
| 4 | This program is free software; you can redistribute it and/or modify |
| 5 | it under the terms of the GNU General Public License version 2 and |
| 6 | only version 2 as published by the Free Software Foundation. |
| 7 | |
| 8 | This program is distributed in the hope that it will be useful, |
| 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | GNU General Public License for more details. |
| 12 | */ |
| 13 | |
| 14 | #include <net/bluetooth/bluetooth.h> |
| 15 | #include <net/bluetooth/hci.h> |
| 16 | #include <net/bluetooth/hci_core.h> |
| 17 | #include <net/bluetooth/a2mp.h> |
| 18 | #include <net/bluetooth/amp.h> |
Dmitry Kasatkin | ba221bb | 2012-09-27 17:26:17 +0300 | [diff] [blame] | 19 | #include <crypto/hash.h> |
Andrei Emeltchenko | 903e454 | 2012-09-27 17:26:09 +0300 | [diff] [blame] | 20 | |
Andrei Emeltchenko | 52c0d6e | 2012-09-27 17:26:12 +0300 | [diff] [blame] | 21 | /* Remote AMP Controllers interface */ |
Andrei Emeltchenko | 0b26ab9 | 2012-09-27 17:26:24 +0300 | [diff] [blame] | 22 | void amp_ctrl_get(struct amp_ctrl *ctrl) |
Andrei Emeltchenko | 52c0d6e | 2012-09-27 17:26:12 +0300 | [diff] [blame] | 23 | { |
| 24 | BT_DBG("ctrl %p orig refcnt %d", ctrl, |
| 25 | atomic_read(&ctrl->kref.refcount)); |
| 26 | |
| 27 | kref_get(&ctrl->kref); |
| 28 | } |
| 29 | |
| 30 | static void amp_ctrl_destroy(struct kref *kref) |
| 31 | { |
| 32 | struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref); |
| 33 | |
| 34 | BT_DBG("ctrl %p", ctrl); |
| 35 | |
| 36 | kfree(ctrl->assoc); |
| 37 | kfree(ctrl); |
| 38 | } |
| 39 | |
| 40 | int amp_ctrl_put(struct amp_ctrl *ctrl) |
| 41 | { |
| 42 | BT_DBG("ctrl %p orig refcnt %d", ctrl, |
| 43 | atomic_read(&ctrl->kref.refcount)); |
| 44 | |
| 45 | return kref_put(&ctrl->kref, &_ctrl_destroy); |
| 46 | } |
| 47 | |
| 48 | struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr) |
| 49 | { |
| 50 | struct amp_ctrl *ctrl; |
| 51 | |
| 52 | ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL); |
| 53 | if (!ctrl) |
| 54 | return NULL; |
| 55 | |
| 56 | mutex_lock(&mgr->amp_ctrls_lock); |
| 57 | list_add(&ctrl->list, &mgr->amp_ctrls); |
| 58 | mutex_unlock(&mgr->amp_ctrls_lock); |
| 59 | |
| 60 | kref_init(&ctrl->kref); |
| 61 | |
| 62 | BT_DBG("mgr %p ctrl %p", mgr, ctrl); |
| 63 | |
| 64 | return ctrl; |
| 65 | } |
| 66 | |
| 67 | void amp_ctrl_list_flush(struct amp_mgr *mgr) |
| 68 | { |
| 69 | struct amp_ctrl *ctrl, *n; |
| 70 | |
| 71 | BT_DBG("mgr %p", mgr); |
| 72 | |
| 73 | mutex_lock(&mgr->amp_ctrls_lock); |
| 74 | list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) { |
| 75 | list_del(&ctrl->list); |
| 76 | amp_ctrl_put(ctrl); |
| 77 | } |
| 78 | mutex_unlock(&mgr->amp_ctrls_lock); |
| 79 | } |
| 80 | |
| 81 | struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id) |
| 82 | { |
| 83 | struct amp_ctrl *ctrl; |
| 84 | |
| 85 | BT_DBG("mgr %p id %d", mgr, id); |
| 86 | |
| 87 | mutex_lock(&mgr->amp_ctrls_lock); |
| 88 | list_for_each_entry(ctrl, &mgr->amp_ctrls, list) { |
| 89 | if (ctrl->id == id) { |
| 90 | amp_ctrl_get(ctrl); |
| 91 | mutex_unlock(&mgr->amp_ctrls_lock); |
| 92 | return ctrl; |
| 93 | } |
| 94 | } |
| 95 | mutex_unlock(&mgr->amp_ctrls_lock); |
| 96 | |
| 97 | return NULL; |
| 98 | } |
| 99 | |
Andrei Emeltchenko | 3161ae1 | 2012-09-27 17:26:11 +0300 | [diff] [blame] | 100 | /* Physical Link interface */ |
| 101 | static u8 __next_handle(struct amp_mgr *mgr) |
| 102 | { |
| 103 | if (++mgr->handle == 0) |
| 104 | mgr->handle = 1; |
| 105 | |
| 106 | return mgr->handle; |
| 107 | } |
| 108 | |
| 109 | struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr, |
| 110 | u8 remote_id) |
| 111 | { |
| 112 | bdaddr_t *dst = mgr->l2cap_conn->dst; |
| 113 | struct hci_conn *hcon; |
| 114 | |
| 115 | hcon = hci_conn_add(hdev, AMP_LINK, dst); |
| 116 | if (!hcon) |
| 117 | return NULL; |
| 118 | |
| 119 | hcon->state = BT_CONNECT; |
| 120 | hcon->out = true; |
| 121 | hcon->attempt++; |
| 122 | hcon->handle = __next_handle(mgr); |
| 123 | hcon->remote_id = remote_id; |
| 124 | hcon->amp_mgr = mgr; |
| 125 | |
| 126 | return hcon; |
| 127 | } |
| 128 | |
Dmitry Kasatkin | ba221bb | 2012-09-27 17:26:17 +0300 | [diff] [blame] | 129 | /* AMP crypto key generation interface */ |
| 130 | static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output) |
| 131 | { |
| 132 | int ret = 0; |
| 133 | struct crypto_shash *tfm; |
| 134 | |
| 135 | if (!ksize) |
| 136 | return -EINVAL; |
| 137 | |
| 138 | tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); |
| 139 | if (IS_ERR(tfm)) { |
| 140 | BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm)); |
| 141 | return PTR_ERR(tfm); |
| 142 | } |
| 143 | |
| 144 | ret = crypto_shash_setkey(tfm, key, ksize); |
| 145 | if (ret) { |
| 146 | BT_DBG("crypto_ahash_setkey failed: err %d", ret); |
| 147 | } else { |
| 148 | struct { |
| 149 | struct shash_desc shash; |
| 150 | char ctx[crypto_shash_descsize(tfm)]; |
| 151 | } desc; |
| 152 | |
| 153 | desc.shash.tfm = tfm; |
| 154 | desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
| 155 | |
| 156 | ret = crypto_shash_digest(&desc.shash, plaintext, psize, |
| 157 | output); |
| 158 | } |
| 159 | |
| 160 | crypto_free_shash(tfm); |
| 161 | return ret; |
| 162 | } |
| 163 | |
Andrei Emeltchenko | 5a34918 | 2012-09-27 17:26:18 +0300 | [diff] [blame] | 164 | int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type) |
| 165 | { |
| 166 | struct hci_dev *hdev = conn->hdev; |
| 167 | struct link_key *key; |
| 168 | u8 keybuf[HCI_AMP_LINK_KEY_SIZE]; |
| 169 | u8 gamp_key[HCI_AMP_LINK_KEY_SIZE]; |
| 170 | int err; |
| 171 | |
| 172 | if (!hci_conn_check_link_mode(conn)) |
| 173 | return -EACCES; |
| 174 | |
| 175 | BT_DBG("conn %p key_type %d", conn, conn->key_type); |
| 176 | |
| 177 | /* Legacy key */ |
| 178 | if (conn->key_type < 3) { |
| 179 | BT_ERR("Legacy key type %d", conn->key_type); |
| 180 | return -EACCES; |
| 181 | } |
| 182 | |
| 183 | *type = conn->key_type; |
| 184 | *len = HCI_AMP_LINK_KEY_SIZE; |
| 185 | |
| 186 | key = hci_find_link_key(hdev, &conn->dst); |
Andrei Emeltchenko | 079db0c | 2012-10-05 16:56:53 +0300 | [diff] [blame] | 187 | if (!key) { |
| 188 | BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst); |
| 189 | return -EACCES; |
| 190 | } |
Andrei Emeltchenko | 5a34918 | 2012-09-27 17:26:18 +0300 | [diff] [blame] | 191 | |
| 192 | /* BR/EDR Link Key concatenated together with itself */ |
| 193 | memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE); |
| 194 | memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE); |
| 195 | |
| 196 | /* Derive Generic AMP Link Key (gamp) */ |
| 197 | err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key); |
| 198 | if (err) { |
| 199 | BT_ERR("Could not derive Generic AMP Key: err %d", err); |
| 200 | return err; |
| 201 | } |
| 202 | |
| 203 | if (conn->key_type == HCI_LK_DEBUG_COMBINATION) { |
| 204 | BT_DBG("Use Generic AMP Key (gamp)"); |
| 205 | memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE); |
| 206 | return err; |
| 207 | } |
| 208 | |
| 209 | /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */ |
| 210 | return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data); |
| 211 | } |
| 212 | |
Andrei Emeltchenko | 903e454 | 2012-09-27 17:26:09 +0300 | [diff] [blame] | 213 | void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle) |
| 214 | { |
| 215 | struct hci_cp_read_local_amp_assoc cp; |
| 216 | struct amp_assoc *loc_assoc = &hdev->loc_assoc; |
| 217 | |
| 218 | BT_DBG("%s handle %d", hdev->name, phy_handle); |
| 219 | |
| 220 | cp.phy_handle = phy_handle; |
| 221 | cp.max_len = cpu_to_le16(hdev->amp_assoc_size); |
| 222 | cp.len_so_far = cpu_to_le16(loc_assoc->offset); |
| 223 | |
| 224 | hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); |
| 225 | } |
| 226 | |
| 227 | void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr) |
| 228 | { |
| 229 | struct hci_cp_read_local_amp_assoc cp; |
| 230 | |
| 231 | memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc)); |
| 232 | memset(&cp, 0, sizeof(cp)); |
| 233 | |
| 234 | cp.max_len = cpu_to_le16(hdev->amp_assoc_size); |
| 235 | |
| 236 | mgr->state = READ_LOC_AMP_ASSOC; |
| 237 | hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); |
| 238 | } |
Andrei Emeltchenko | a02226d | 2012-09-27 17:26:19 +0300 | [diff] [blame] | 239 | |
Andrei Emeltchenko | 9495b2e | 2012-09-27 17:26:22 +0300 | [diff] [blame] | 240 | void amp_read_loc_assoc_final_data(struct hci_dev *hdev, |
| 241 | struct hci_conn *hcon) |
| 242 | { |
| 243 | struct hci_cp_read_local_amp_assoc cp; |
| 244 | struct amp_mgr *mgr = hcon->amp_mgr; |
| 245 | |
| 246 | cp.phy_handle = hcon->handle; |
| 247 | cp.len_so_far = cpu_to_le16(0); |
| 248 | cp.max_len = cpu_to_le16(hdev->amp_assoc_size); |
| 249 | |
| 250 | mgr->state = READ_LOC_AMP_ASSOC_FINAL; |
| 251 | |
| 252 | /* Read Local AMP Assoc final link information data */ |
| 253 | hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); |
| 254 | } |
Andrei Emeltchenko | 93c284e | 2012-09-27 17:26:20 +0300 | [diff] [blame] | 255 | |
| 256 | /* Write AMP Assoc data fragments, returns true with last fragment written*/ |
| 257 | static bool amp_write_rem_assoc_frag(struct hci_dev *hdev, |
| 258 | struct hci_conn *hcon) |
| 259 | { |
| 260 | struct hci_cp_write_remote_amp_assoc *cp; |
| 261 | struct amp_mgr *mgr = hcon->amp_mgr; |
| 262 | struct amp_ctrl *ctrl; |
| 263 | u16 frag_len, len; |
| 264 | |
| 265 | ctrl = amp_ctrl_lookup(mgr, hcon->remote_id); |
| 266 | if (!ctrl) |
| 267 | return false; |
| 268 | |
| 269 | if (!ctrl->assoc_rem_len) { |
| 270 | BT_DBG("all fragments are written"); |
| 271 | ctrl->assoc_rem_len = ctrl->assoc_len; |
| 272 | ctrl->assoc_len_so_far = 0; |
| 273 | |
| 274 | amp_ctrl_put(ctrl); |
| 275 | return true; |
| 276 | } |
| 277 | |
| 278 | frag_len = min_t(u16, 248, ctrl->assoc_rem_len); |
| 279 | len = frag_len + sizeof(*cp); |
| 280 | |
| 281 | cp = kzalloc(len, GFP_KERNEL); |
| 282 | if (!cp) { |
| 283 | amp_ctrl_put(ctrl); |
| 284 | return false; |
| 285 | } |
| 286 | |
| 287 | BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u", |
| 288 | hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len); |
| 289 | |
| 290 | cp->phy_handle = hcon->handle; |
| 291 | cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far); |
| 292 | cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len); |
| 293 | memcpy(cp->frag, ctrl->assoc, frag_len); |
| 294 | |
| 295 | ctrl->assoc_len_so_far += frag_len; |
| 296 | ctrl->assoc_rem_len -= frag_len; |
| 297 | |
| 298 | amp_ctrl_put(ctrl); |
| 299 | |
| 300 | hci_send_cmd(hdev, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp); |
| 301 | |
| 302 | kfree(cp); |
| 303 | |
| 304 | return false; |
| 305 | } |
| 306 | |
| 307 | void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle) |
| 308 | { |
| 309 | struct hci_conn *hcon; |
| 310 | |
| 311 | BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle); |
| 312 | |
| 313 | hcon = hci_conn_hash_lookup_handle(hdev, handle); |
| 314 | if (!hcon) |
| 315 | return; |
| 316 | |
| 317 | amp_write_rem_assoc_frag(hdev, hcon); |
| 318 | } |
| 319 | |
| 320 | void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle) |
| 321 | { |
| 322 | struct hci_conn *hcon; |
| 323 | |
| 324 | BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle); |
| 325 | |
| 326 | hcon = hci_conn_hash_lookup_handle(hdev, handle); |
| 327 | if (!hcon) |
| 328 | return; |
| 329 | |
| 330 | BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon); |
| 331 | |
| 332 | amp_write_rem_assoc_frag(hdev, hcon); |
| 333 | } |
| 334 | |
Andrei Emeltchenko | a02226d | 2012-09-27 17:26:19 +0300 | [diff] [blame] | 335 | void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, |
| 336 | struct hci_conn *hcon) |
| 337 | { |
| 338 | struct hci_cp_create_phy_link cp; |
| 339 | |
| 340 | cp.phy_handle = hcon->handle; |
| 341 | |
| 342 | BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon, |
| 343 | hcon->handle); |
| 344 | |
| 345 | if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len, |
| 346 | &cp.key_type)) { |
| 347 | BT_DBG("Cannot create link key"); |
| 348 | return; |
| 349 | } |
| 350 | |
| 351 | hci_send_cmd(hdev, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp); |
| 352 | } |
Andrei Emeltchenko | dffa387 | 2012-09-27 17:26:23 +0300 | [diff] [blame] | 353 | |
| 354 | void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, |
| 355 | struct hci_conn *hcon) |
| 356 | { |
| 357 | struct hci_cp_accept_phy_link cp; |
| 358 | |
| 359 | cp.phy_handle = hcon->handle; |
| 360 | |
| 361 | BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon, |
| 362 | hcon->handle); |
| 363 | |
| 364 | if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len, |
| 365 | &cp.key_type)) { |
| 366 | BT_DBG("Cannot create link key"); |
| 367 | return; |
| 368 | } |
| 369 | |
| 370 | hci_send_cmd(hdev, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp); |
| 371 | } |