1. 10 5月, 2014 1 次提交
  2. 08 5月, 2014 1 次提交
  3. 12 4月, 2014 4 次提交
    • M
      Bluetooth: Request MITM Protection when initiator · b16c6604
      Mikel Astiz 提交于
      The GAP Specification gives the flexibility to decide whether MITM
      Protection is requested or not (Bluetooth Core Specification v4.0
      Volume 3, part C, section 6.5.3) when replying to an
      HCI_EV_IO_CAPA_REQUEST event.
      
      The recommendation is *not* to set this flag "unless the security
      policy of an available local service requires MITM Protection"
      (regardless of the bonding type). However, the kernel doesn't
      necessarily have this information and therefore the safest choice is
      to always use MITM Protection, also for General Bonding.
      
      This patch changes the behavior for the General Bonding initiator
      role, always requesting MITM Protection even if no high security level
      is used. Depending on the remote capabilities, the protection might
      not be actually used, and we will accept this locally unless of course
      a high security level was originally required.
      
      Note that this was already done for Dedicated Bonding. No-Bonding is
      left unmodified because MITM Protection is normally not desired in
      these cases.
      Signed-off-by: NMikel Astiz <mikel.astiz@bmw-carit.de>
      Signed-off-by: NTimo Mueller <timo.mueller@bmw-carit.de>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      b16c6604
    • T
      Bluetooth: Use MITM Protection when IO caps allow it · 7e74170a
      Timo Mueller 提交于
      When responding to a remotely-initiated pairing procedure, a MITM
      protected SSP associaton model can be used for pairing if both local
      and remote IO capabilities are set to something other than
      NoInputNoOutput, regardless of the bonding type (Dedicated or
      General).
      
      This was already done for Dedicated Bonding but this patch proposes to
      use the same policy for General Bonding as well.
      
      The GAP Specification gives the flexibility to decide whether MITM
      Protection is used ot not (Bluetooth Core Specification v4.0 Volume 3,
      part C, section 6.5.3).
      
      Note however that the recommendation is *not* to set this flag "unless
      the security policy of an available local service requires MITM
      Protection" (for both Dedicated and General Bonding). However, as we are
      already requiring MITM for Dedicated Bonding, we will follow this
      behaviour also for General Bonding.
      Signed-off-by: NTimo Mueller <timo.mueller@bmw-carit.de>
      Signed-off-by: NMikel Astiz <mikel.astiz@bmw-carit.de>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      7e74170a
    • M
      Bluetooth: Refactor code for outgoing dedicated bonding · 6fd6b915
      Mikel Astiz 提交于
      Do not always set the MITM protection requirement by default in the
      field conn->auth_type, since this will be added later in
      hci_io_capa_request_evt(), as part of the requirements specified in
      HCI_OP_IO_CAPABILITY_REPLY.
      
      This avoids a hackish exception for the auto-reject case, but doesn't
      change the behavior of the code at all.
      Signed-off-by: NMikel Astiz <mikel.astiz@bmw-carit.de>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      6fd6b915
    • M
      Bluetooth: Refactor hci_get_auth_req() · b7f94c88
      Mikel Astiz 提交于
      Refactor the code without changing its behavior by handling the
      no-bonding cases first followed by General Bonding.
      Signed-off-by: NMikel Astiz <mikel.astiz@bmw-carit.de>
      Signed-off-by: NTimo Mueller <timo.mueller@bmw-carit.de>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      b7f94c88
  4. 29 3月, 2014 1 次提交
  5. 27 3月, 2014 10 次提交
  6. 24 3月, 2014 1 次提交
  7. 22 3月, 2014 1 次提交
  8. 20 3月, 2014 2 次提交
  9. 13 3月, 2014 1 次提交
  10. 11 3月, 2014 1 次提交
    • A
      Bluetooth: Fix aborting eSCO connection in case of error 0x20 · 27539bc4
      Andrew Earl 提交于
      Add additional error case to attempt alternative configuration for SCO. Error
      occurs with Intel BT controller where fallback is not attempted as the error
      0x20 Unsupported LMP Parameter value is not included in the list of errors
      where a retry should be attempted.
      The problem also affects PTS test case TC_HF_ACS_BV_05_I.
      
      See the HCI log below for details:
      < HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17
          handle 256 voice setting 0x0060 ptype 0x0380
      > HCI Event: Command Status (0x0f) plen 4
          Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1
      > HCI Event: Max Slots Change (0x1b) plen 3
          handle 256 slots 1
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17
          status 0x20 handle 0 bdaddr 00:80:98:09:0B:19 type eSCO
          Error: Unsupported LMP Parameter Value
      < HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17
          handle 256 voice setting 0x0060 ptype 0x0380
      > HCI Event: Command Status (0x0f) plen 4
          Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1
      > HCI Event: Max Slots Change (0x1b) plen 3
          handle 256 slots 5
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17
          status 0x20 handle 0 bdaddr 00:80:98:09:0B:19 type eSCO
          Error: Unsupported LMP Parameter Value
      < HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17
          handle 256 voice setting 0x0060 ptype 0x03c8
      > HCI Event: Command Status (0x0f) plen 4
          Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1
      > HCI Event: Max Slots Change (0x1b) plen 3
          handle 256 slots 1
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17
          status 0x00 handle 257 bdaddr 00:80:98:09:0B:19 type eSCO
          Air mode: CVSD
      
      See btmon log for further details:
      > HCI Event (0x0f) plen 4 [hci0] 44.888063
            Setup Synchronous Connection (0x01|0x0028) ncmd 1
              Status: Success (0x00)
      > HCI Event (0x1b) plen 3 [hci0] 44.893064
              Handle: 256
              Max slots: 1
      > HCI Event (0x2c) plen 17 [hci0] 44.942080
              Status: Unsupported LMP Parameter Value (0x20)
              Handle: 0
              Address: 00:1B:DC:06:04:B0 (OUI 00-1B-DC)
              Link type: eSCO (0x02)
              Transmission interval: 0x00
              Retransmission window: 0x01
              RX packet length: 0
              TX packet length: 0
              Air mode: CVSD (0x02)
      > HCI Event (0x1b) plen 3 [hci0] 44.948054
              Handle: 256
              Max slots: 5
      Signed-off-by: NAndrew Earl <andrewx.earl@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      27539bc4
  11. 06 3月, 2014 1 次提交
    • C
      Bluetooth: Fix removing Long Term Key · 5981a882
      Claudio Takahasi 提交于
      This patch fixes authentication failure on LE link re-connection when
      BlueZ acts as slave (peripheral). LTK is removed from the internal list
      after its first use causing PIN or Key missing reply when re-connecting
      the link. The LE Long Term Key Request event indicates that the master
      is attempting to encrypt or re-encrypt the link.
      
      Pre-condition: BlueZ host paired and running as slave.
      How to reproduce(master):
      
        1) Establish an ACL LE encrypted link
        2) Disconnect the link
        3) Try to re-establish the ACL LE encrypted link (fails)
      
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
              Handle: 64
              Long term key: 2aa531db2fce9f00a0569c7d23d17409
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Reply (0x08|0x001a) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Encryption Change (0x08) plen 4
              Status: Success (0x00)
              Handle: 64
              Encryption: Enabled with AES-CCM (0x01)
      ...
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 3
      < HCI Command: LE Set Advertise Enable (0x08|0x000a) plen 1
              Advertising: Enabled (0x01)
      > HCI Event: Command Complete (0x0e) plen 4
            LE Set Advertise Enable (0x08|0x000a) ncmd 1
              Status: Success (0x00)
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Neg Reply (0x08|0x001b) plen 2
              Handle: 64
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Neg Reply (0x08|0x001b) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Disconnect Complete (0x05) plen 4
              Status: Success (0x00)
              Handle: 64
              Reason: Authentication Failure (0x05)
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 0
      Signed-off-by: NClaudio Takahasi <claudio.takahasi@openbossa.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      5981a882
  12. 01 3月, 2014 2 次提交
    • J
      Bluetooth: Remove unnecessary stop_scan_complete function · 81ad6fd9
      Johan Hedberg 提交于
      The stop_scan_complete function was used as an intermediate step before
      doing the actual connection creation. Since we're using hci_request
      there's no reason to have this extra function around, i.e. we can simply
      put both HCI commands into the same request.
      
      The single task that the intermediate function had, i.e. indicating
      discovery as stopped is now taken care of by a new
      HCI_LE_SCAN_INTERRUPTED flag which allows us to do the discovery state
      update when the stop scan command completes.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      81ad6fd9
    • J
      Bluetooth: Fix trying to disable scanning twice · 317ac8cb
      Johan Hedberg 提交于
      The discovery process has a timer for disabling scanning, however
      scanning might be disabled through other means too like the auto-connect
      process.  We should therefore ensure that the timer is never active
      after sending a HCI command to disable scanning.
      
      There was some existing code in stop_scan_complete trying to avoid the
      timer when a connect request interrupts a discovery procedure, but the
      other way around was not covered. This patch covers both scenarios by
      canceling the timer as soon as we get a successful command complete for
      the disabling HCI command.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      317ac8cb
  13. 28 2月, 2014 6 次提交
  14. 27 2月, 2014 4 次提交
    • A
      Bluetooth: Support resolvable private addresses · 5b906a84
      Andre Guedes 提交于
      Only identity addresses are inserted into hdev->pend_le_conns. So,
      in order to support resolvable private addresses in auto connection
      mechanism, we should resolve the address before checking for pending
      connections.
      
      Thus, this patch adds an extra check in check_pending_le_conn() and
      updates 'addr' and 'addr_type' variables before hci_pend_le_conn_
      lookup().
      Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5b906a84
    • A
      Bluetooth: Introduce LE auto connect options · 9fcb18ef
      Andre Guedes 提交于
      This patch introduces the LE auto connection options: HCI_AUTO_CONN_
      ALWAYS and HCI_AUTO_CONN_LINK_LOSS. Their working mechanism are
      described as follows:
      
      The HCI_AUTO_CONN_ALWAYS option configures the kernel to always re-
      establish the connection, no matter the reason the connection was
      terminated. This feature is required by some LE profiles such as
      HID over GATT, Health Thermometer and Blood Pressure. These profiles
      require the host autonomously connect to the device as soon as it
      enters in connectable mode (start advertising) so the device is able
      to delivery notifications or indications.
      
      The BT_AUTO_CONN_LINK_LOSS option configures the kernel to re-
      establish the connection in case the connection was terminated due
      to a link loss. This feature is required by the majority of LE
      profiles such as Proximity, Find Me, Cycling Speed and Cadence and
      Time.
      Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9fcb18ef
    • A
      Bluetooth: Introduce LE auto connection infrastructure · a4790dbd
      Andre Guedes 提交于
      This patch introduces the LE auto connection infrastructure which
      will be used to implement the LE auto connection options.
      
      In summary, the auto connection mechanism works as follows: Once the
      first pending LE connection is created, the background scanning is
      started. When the target device is found in range, the kernel
      autonomously starts the connection attempt. If connection is
      established successfully, that pending LE connection is deleted and
      the background is stopped.
      
      To achieve that, this patch introduces the hci_update_background_scan()
      which controls the background scanning state. This function starts or
      stops the background scanning based on the hdev->pend_le_conns list. If
      there is no pending LE connection, the background scanning is stopped.
      Otherwise, we start the background scanning.
      
      Then, every time a pending LE connection is added we call hci_update_
      background_scan() so the background scanning is started (in case it is
      not already running). Likewise, every time a pending LE connection is
      deleted we call hci_update_background_scan() so the background scanning
      is stopped (in case this was the last pending LE connection) or it is
      started again (in case we have more pending LE connections). Finally,
      we also call hci_update_background_scan() in hci_le_conn_failed() so
      the background scan is restarted in case the connection establishment
      fails. This way the background scanning keeps running until all pending
      LE connection are established.
      
      At this point, resolvable addresses are not support by this
      infrastructure. The proper support is added in upcoming patches.
      Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a4790dbd
    • A
      Bluetooth: Declare le_conn_failed in hci_core.h · 06c053fb
      Andre Guedes 提交于
      This patch adds the "hci_" prefix to le_conn_failed() helper and
      declares it in hci_core.h so it can be reused in hci_event.c.
      Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      06c053fb
  15. 25 2月, 2014 2 次提交
  16. 24 2月, 2014 1 次提交
  17. 20 2月, 2014 1 次提交