Bluetooth: Add enhanced security model for Simple Pairing

#define SOL_SCO		17

#define SOL_RFCOMM	18

#define BT_SECURITY	4

struct bt_security {

	__u8 level;

};

#define BT_SECURITY_SDP		0

#define BT_SECURITY_LOW		1

#define BT_SECURITY_MEDIUM	2

#define BT_SECURITY_HIGH	3

#define BT_DEFER_SETUP	7

#define BT_INFO(fmt, arg...) printk(KERN_INFO "Bluetooth: " fmt "\n" , ## arg)

	__u16            link_policy;

	__u32		 link_mode;

	__u8             auth_type;

	__u8             sec_level;

	__u8             power_save;

	unsigned long	 pend;

void hci_conn_hash_flush(struct hci_dev *hdev);

void hci_conn_check_pending(struct hci_dev *hdev);

struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type);

struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type);

int hci_conn_check_link_mode(struct hci_conn *conn);

int hci_conn_auth(struct hci_conn *conn);

int hci_conn_encrypt(struct hci_conn *conn);

int hci_conn_security(struct hci_conn *conn, __u8 sec_level);

int hci_conn_change_link_key(struct hci_conn *conn);

int hci_conn_switch_role(struct hci_conn *conn, uint8_t role);

int hci_conn_switch_role(struct hci_conn *conn, __u8 role);

void hci_conn_enter_active_mode(struct hci_conn *conn);

void hci_conn_enter_sniff_mode(struct hci_conn *conn);

	int (*disconn_ind)	(struct hci_conn *conn, __u8 reason);

	int (*recv_acldata)	(struct hci_conn *conn, struct sk_buff *skb, __u16 flags);

	int (*recv_scodata)	(struct hci_conn *conn, struct sk_buff *skb);

	int (*auth_cfm)		(struct hci_conn *conn, __u8 status);

	int (*encrypt_cfm)	(struct hci_conn *conn, __u8 status, __u8 encrypt);

	int (*security_cfm)	(struct hci_conn *conn, __u8 status, __u8 encrypt);

};

static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)

static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status)

{

	register struct hci_proto *hp;

	__u8 encrypt;

	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))

		return;

	encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00;

	hp = hci_proto[HCI_PROTO_L2CAP];

	if (hp && hp->auth_cfm)

		hp->auth_cfm(conn, status);

	if (hp && hp->security_cfm)

		hp->security_cfm(conn, status, encrypt);

	hp = hci_proto[HCI_PROTO_SCO];

	if (hp && hp->auth_cfm)

		hp->auth_cfm(conn, status);

	if (hp && hp->security_cfm)

		hp->security_cfm(conn, status, encrypt);

}

static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encrypt)

	register struct hci_proto *hp;

	hp = hci_proto[HCI_PROTO_L2CAP];

	if (hp && hp->encrypt_cfm)

		hp->encrypt_cfm(conn, status, encrypt);

	if (hp && hp->security_cfm)

		hp->security_cfm(conn, status, encrypt);

	hp = hci_proto[HCI_PROTO_SCO];

	if (hp && hp->encrypt_cfm)

		hp->encrypt_cfm(conn, status, encrypt);

	if (hp && hp->security_cfm)

		hp->security_cfm(conn, status, encrypt);

}

int hci_register_proto(struct hci_proto *hproto);

	char *name;

	void (*auth_cfm)	(struct hci_conn *conn, __u8 status);

	void (*encrypt_cfm)	(struct hci_conn *conn, __u8 status, __u8 encrypt);

	void (*security_cfm)	(struct hci_conn *conn, __u8 status, __u8 encrypt);

	void (*key_change_cfm)	(struct hci_conn *conn, __u8 status);

	void (*role_switch_cfm)	(struct hci_conn *conn, __u8 status, __u8 role);

};

static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status)

{

	struct list_head *p;

	__u8 encrypt;

	hci_proto_auth_cfm(conn, status);

	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))

		return;

	encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00;

	read_lock_bh(&hci_cb_list_lock);

	list_for_each(p, &hci_cb_list) {

		struct hci_cb *cb = list_entry(p, struct hci_cb, list);

		if (cb->auth_cfm)

			cb->auth_cfm(conn, status);

		if (cb->security_cfm)

			cb->security_cfm(conn, status, encrypt);

	}

	read_unlock_bh(&hci_cb_list_lock);

}

	read_lock_bh(&hci_cb_list_lock);

	list_for_each(p, &hci_cb_list) {

		struct hci_cb *cb = list_entry(p, struct hci_cb, list);

		if (cb->encrypt_cfm)

			cb->encrypt_cfm(conn, status, encrypt);

		if (cb->security_cfm)

			cb->security_cfm(conn, status, encrypt);

	}

	read_unlock_bh(&hci_cb_list_lock);

}

/* Create SCO or ACL connection.

 * Device _must_ be locked */

struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type)

struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)

{

	struct hci_conn *acl;

	struct hci_conn *sco;

	hci_conn_hold(acl);

	if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {

		acl->sec_level = sec_level;

		acl->auth_type = auth_type;

		hci_acl_connect(acl);

	}

EXPORT_SYMBOL(hci_conn_check_link_mode);

/* Authenticate remote device */

int hci_conn_auth(struct hci_conn *conn)

static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)

{

	BT_DBG("conn %p", conn);

	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) {

		if (!(conn->auth_type & 0x01)) {

			conn->auth_type |= 0x01;

	if (sec_level > conn->sec_level)

		conn->link_mode &= ~HCI_LM_AUTH;

		}

	}

	conn->sec_level = sec_level;

	if (sec_level == BT_SECURITY_HIGH)

		conn->auth_type |= 0x01;

	if (conn->link_mode & HCI_LM_AUTH)

		return 1;

		hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,

							sizeof(cp), &cp);

	}

	return 0;

}

EXPORT_SYMBOL(hci_conn_auth);

/* Enable encryption */

int hci_conn_encrypt(struct hci_conn *conn)

/* Enable security */

int hci_conn_security(struct hci_conn *conn, __u8 sec_level)

{

	BT_DBG("conn %p", conn);

	if (sec_level == BT_SECURITY_SDP)

		return 1;

	if (sec_level == BT_SECURITY_LOW) {

		if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)

			return hci_conn_auth(conn, sec_level);

		else

			return 1;

	}

	if (conn->link_mode & HCI_LM_ENCRYPT)

		return hci_conn_auth(conn);

		return hci_conn_auth(conn, sec_level);

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))

		return 0;

	if (hci_conn_auth(conn)) {

	if (hci_conn_auth(conn, sec_level)) {

		struct hci_cp_set_conn_encrypt cp;

		cp.handle  = cpu_to_le16(conn->handle);

		cp.encrypt = 1;

		hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,

							sizeof(cp), &cp);

	}

	return 0;

}

EXPORT_SYMBOL(hci_conn_encrypt);

EXPORT_SYMBOL(hci_conn_security);

/* Change link key */

int hci_conn_change_link_key(struct hci_conn *conn)

		hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,

							sizeof(cp), &cp);

	}

	return 0;

}

EXPORT_SYMBOL(hci_conn_change_link_key);

/* Switch role */

int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)

int hci_conn_switch_role(struct hci_conn *conn, __u8 role)

{

	BT_DBG("conn %p", conn);

		cp.role = role;

		hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);

	}

	return 0;

}

EXPORT_SYMBOL(hci_conn_switch_role);

		if (conn->state == BT_CONFIG) {

			if (!ev->status && hdev->ssp_mode > 0 &&

					conn->ssp_mode > 0 && conn->out) {

					conn->ssp_mode > 0 && conn->out &&

					conn->sec_level != BT_SECURITY_SDP) {

				struct hci_cp_auth_requested cp;

				cp.handle = ev->handle;

				hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,

{

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||

				(l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))

		return hci_conn_encrypt(conn->hcon);

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)

		return hci_conn_security(conn->hcon, BT_SECURITY_HIGH);

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)

		return hci_conn_security(conn->hcon, BT_SECURITY_MEDIUM);

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)

		return hci_conn_auth(conn->hcon);

		return hci_conn_security(conn->hcon, BT_SECURITY_LOW);

	if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))

		return hci_conn_security(conn->hcon, BT_SECURITY_SDP);

	return 1;

}

	struct l2cap_conn *conn;

	struct hci_conn *hcon;

	struct hci_dev *hdev;

	__u8 sec_level;

	__u8 auth_type;

	int err = 0;

	err = -ENOMEM;

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH ||

			l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT ||

				l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {

		if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))

			auth_type = HCI_AT_NO_BONDING_MITM;

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)

		sec_level = BT_SECURITY_HIGH;

	else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))

		sec_level = BT_SECURITY_SDP;

	else if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)

		sec_level = BT_SECURITY_MEDIUM;

	else

		sec_level = BT_SECURITY_LOW;

	if (sk->sk_type == SOCK_RAW) {

		if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)

			auth_type = HCI_AT_DEDICATED_BONDING_MITM;

		else if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)

			auth_type = HCI_AT_DEDICATED_BONDING;

		else

			auth_type = HCI_AT_GENERAL_BONDING_MITM;

	} else {

		if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))

			auth_type = HCI_AT_NO_BONDING;

	} else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {

		if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)

			auth_type = HCI_AT_NO_BONDING_MITM;

		else

			auth_type = HCI_AT_NO_BONDING;

	} else {

		if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)

			auth_type = HCI_AT_GENERAL_BONDING_MITM;

		else if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)

			auth_type = HCI_AT_GENERAL_BONDING;

		else

			auth_type = HCI_AT_NO_BONDING;

	}

	hcon = hci_connect(hdev, ACL_LINK, dst, auth_type);

	hcon = hci_connect(hdev, ACL_LINK, dst, sec_level, auth_type);

	if (!hcon)

		goto done;

		 */

		parent->sk_data_ready(parent, 0);

	}

	if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {

		struct l2cap_conn *conn = l2cap_pi(sk)->conn;

		hci_conn_change_link_key(conn->hcon);

	}

}

/* Copy frame to all raw sockets on that connection */

	return 0;

}

static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)

{

	struct l2cap_chan_list *l;

	struct l2cap_conn *conn = hcon->l2cap_data;

	struct sock *sk;

	if (!conn)

		return 0;

	l = &conn->chan_list;

	BT_DBG("conn %p", conn);

	read_lock(&l->lock);

	for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {

		struct l2cap_pinfo *pi = l2cap_pi(sk);

		bh_lock_sock(sk);

		if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&

					!(hcon->link_mode & HCI_LM_ENCRYPT) &&

								!status) {

			bh_unlock_sock(sk);

			continue;

		}

		if (sk->sk_state == BT_CONNECT) {

			if (!status) {

				struct l2cap_conn_req req;

				req.scid = cpu_to_le16(l2cap_pi(sk)->scid);

				req.psm  = l2cap_pi(sk)->psm;

				l2cap_pi(sk)->ident = l2cap_get_ident(conn);

				l2cap_send_cmd(conn, l2cap_pi(sk)->ident,

					L2CAP_CONN_REQ, sizeof(req), &req);

			} else {

				l2cap_sock_clear_timer(sk);

				l2cap_sock_set_timer(sk, HZ / 10);

			}

		} else if (sk->sk_state == BT_CONNECT2) {

			struct l2cap_conn_rsp rsp;

			__u16 result;

			if (!status) {

				sk->sk_state = BT_CONFIG;

				result = L2CAP_CR_SUCCESS;

			} else {

				sk->sk_state = BT_DISCONN;

				l2cap_sock_set_timer(sk, HZ / 10);

				result = L2CAP_CR_SEC_BLOCK;

			}

			rsp.scid   = cpu_to_le16(l2cap_pi(sk)->dcid);

			rsp.dcid   = cpu_to_le16(l2cap_pi(sk)->scid);

			rsp.result = cpu_to_le16(result);

			rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);

			l2cap_send_cmd(conn, l2cap_pi(sk)->ident,

					L2CAP_CONN_RSP, sizeof(rsp), &rsp);

		}

		bh_unlock_sock(sk);

	}

	read_unlock(&l->lock);

	return 0;

}

static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)

static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)

{

	struct l2cap_chan_list *l;

	struct l2cap_conn *conn = hcon->l2cap_data;

		bh_lock_sock(sk);

		if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&

		if (!status && encrypt == 0x00 &&

				(pi->link_mode & L2CAP_LM_SECURE) &&

					(sk->sk_state == BT_CONNECTED ||

						sk->sk_state == BT_CONFIG) &&

						!status && encrypt == 0x00) {

						sk->sk_state == BT_CONFIG)) {

			__l2cap_sock_close(sk, ECONNREFUSED);

			bh_unlock_sock(sk);

			continue;

	.connect_ind	= l2cap_connect_ind,

	.connect_cfm	= l2cap_connect_cfm,

	.disconn_ind	= l2cap_disconn_ind,

	.auth_cfm	= l2cap_auth_cfm,

	.encrypt_cfm	= l2cap_encrypt_cfm,

	.security_cfm	= l2cap_security_cfm,

	.recv_acldata	= l2cap_recv_acldata

};