1. 13 Feb, 2014 25 commits
    • Oliver Neukum's avatar
      Bluetooth: Add firmware update for Atheros 0cf3:311f · 1e56f1eb
      Oliver Neukum authored
      The device is not functional without firmware.
      
      The device without firmware:
      T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#=  3 Spd=12  MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=311f Rev=00.01
      C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      
      The device with firmware:
      T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#=  4 Spd=12  MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=3007 Rev=00.01
      C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      1e56f1eb
    • Oliver Neukum's avatar
      Bluetooth: Enable Atheros 0cf3:311e for firmware upload · b131237c
      Oliver Neukum authored
      The device will bind to btusb without firmware, but with the original
      buggy firmware device discovery does not work. No devices are detected.
      
      Device descriptor without firmware:
      T:  Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=311e Rev= 0.01
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      
      with firmware:
      T:  Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=311e Rev= 0.02
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      b131237c
    • Marcel Holtmann's avatar
      Bluetooth: Add debugfs entry to show Secure Connections Only mode · 134c2a89
      Marcel Holtmann authored
      For debugging purposes of Secure Connection Only support a simple
      debugfs entry is used to indicate if this mode is active or not.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      134c2a89
    • Marcel Holtmann's avatar
      Bluetooth: Handle security level 4 for RFCOMM connections · 2c068e0b
      Marcel Holtmann authored
      With the introduction of security level 4, the RFCOMM sockets need to
      be made aware of this new level. This change ensures that the pairing
      requirements are set correctly for these connections.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      2c068e0b
    • Marcel Holtmann's avatar
      Bluetooth: Handle security level 4 for L2CAP connections · 7d513e92
      Marcel Holtmann authored
      With the introduction of security level 4, the L2CAP sockets need to
      be made aware of this new level. This change ensures that the pairing
      requirements are set correctly for these connections.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      7d513e92
    • Marcel Holtmann's avatar
      Bluetooth: Introduce requirements for security level 4 · 7b5a9241
      Marcel Holtmann authored
      The security level 4 is a new strong security requirement that is based
      around 128-bit equivalent strength for link and encryption keys required
      using FIPS approved algorithms. Which means that E0, SAFER+ and P-192
      are not allowed. Only connections created with P-256 resulting from
      using Secure Connections support are allowed.
      
      This security level needs to be enforced when Secure Connection Only
      mode is enabled for a controller or a service requires FIPS compliant
      strong security. Currently it is not possible to enable either of
      these two cases. This patch just puts in the foundation for being
      able to handle security level 4 in the future.
      
      It should be noted that devices or services with security level 4
      requirement can only communicate using Bluetooth 4.1 controllers
      with support for Secure Connections. There is no backward compatibilty
      if used with older hardware.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      7b5a9241
    • Marcel Holtmann's avatar
      Bluetooth: Track Secure Connections support of remote devices · eb9a8f3f
      Marcel Holtmann authored
      It is important to know if Secure Connections support has been enabled
      for a given remote device. The information is provided in the remote
      host features page. So track this information and provide a simple
      helper function to extract the status.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      eb9a8f3f
    • Johan Hedberg's avatar
      Bluetooth: Fix mgmt error code for negative PIN response · eadd663a
      Johan Hedberg authored
      The NOT_PAIRED status is only really suitable for operations where being
      paired is a pre-requisite. Using it e.g. for the mgmt_pair_device
      command seems unintuitive. In the case that either the local or the
      remote user responds with a negative PIN Code response the "PIN or Key
      Missing" HCI status will be generated. This patch changes the mapping of
      this status from the NOT_PAIRED mgmt status to the more intuitive
      AUTH_FAILED mgmt status.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      eadd663a
    • Wei Yongjun's avatar
      Bluetooth: Convert to use ATTRIBUTE_GROUPS macro · b848079a
      Wei Yongjun authored
      Use ATTRIBUTE_GROUPS macro to reduce the number of lines of code.
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      b848079a
    • Marcel Holtmann's avatar
      Bluetooth: Add support for remote OOB input of P-256 data · ec109113
      Marcel Holtmann authored
      The current management interface only allows to provide the remote
      OOB input of P-192 data. This extends the command to also accept
      P-256 data as well. To make this backwards compatible, the userspace
      can decide to only provide P-192 data or the combined P-192 and P-256
      data. It is also allowed to leave the P-192 data empty if userspace
      only has the remote P-256 data.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      ec109113
    • Marcel Holtmann's avatar
      Bluetooth: Add internal function for storing P-192 and P-256 data · 0798872e
      Marcel Holtmann authored
      Add function to allow adding P-192 and P-256 data to the internal
      storage. This also fixes a few coding style issues from the previous
      helper functions for the out-of-band credentials storage.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      0798872e
    • Marcel Holtmann's avatar
      Bluetooth: Provide remote OOB data for Secure Connections · 519ca9d0
      Marcel Holtmann authored
      When Secure Connections has been enabled it is possible to provide P-192
      and/or P-256 data during the pairing process. The internal out-of-band
      credentials storage has been extended to also hold P-256 data.
      
      Initially the P-256 data will be empty and with Secure Connections enabled
      no P-256 data will be provided. This is according to the specification
      since it might be possible that the remote side did not provide either
      of the out-of-band credentials.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      519ca9d0
    • Marcel Holtmann's avatar
      Bluetooth: Add debugfs quirk for forcing Secure Connections support · 5afeac14
      Marcel Holtmann authored
      The Bluetooth 4.1 specification with Secure Connections support has
      just been released and controllers with this feature are still in
      an early stage.
      
      A handful of controllers have already support for it, but they do
      not always identify this feature correctly. This debugfs entry
      allows to tell the kernel that the controller can be treated as
      it would fully support Secure Connections.
      
      Using debugfs to force Secure Connections support of course does
      not make this feature magically appear in all controllers. This
      is a debug functionality for early adopters. Once the majority
      of controllers matures this quirk will be removed.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      5afeac14
    • Marcel Holtmann's avatar
      Bluetooth: Add support for local OOB data with Secure Connections · 4d2d2796
      Marcel Holtmann authored
      For Secure Connections support and the usage of out-of-band pairing,
      it is needed to read the P-256 hash and randomizer or P-192 hash and
      randomizer. This change will read P-192 data when Secure Connections
      is disabled and P-192 and P-256 data when it is enabled.
      
      The difference is between using HCI Read Local OOB Data and using the
      new HCI Read Local OOB Extended Data command. The first one has been
      introduced with Bluetooth 2.1 and returns only the P-192 data.
      
      < HCI Command: Read Local OOB Data (0x03|0x0057) plen 0
      > HCI Event: Command Complete (0x0e) plen 36
            Read Local OOB Data (0x03|0x0057) ncmd 1
              Status: Success (0x00)
              Hash C from P-192: 975a59baa1c4eee391477cb410b23e6d
              Randomizer R with P-192: 9ee63b7dec411d3b467c5ae446df7f7d
      
      The second command has been introduced with Bluetooth 4.1 and will
      return P-192 and P-256 data.
      
      < HCI Command: Read Local OOB Extended Data (0x03|0x007d) plen 0
      > HCI Event: Command Complete (0x0e) plen 68
            Read Local OOB Extended Data (0x03|0x007d) ncmd 1
              Status: Success (0x00)
              Hash C from P-192: 6489731804b156fa6355efb8124a1389
              Randomizer R with P-192: 4781d5352fb215b2958222b3937b6026
              Hash C from P-256: 69ef8a928b9d07fc149e630e74ecb991
              Randomizer R with P-256: 4781d5352fb215b2958222b3937b6026
      
      The change for the management interface is transparent and no change
      is required for existing userspace. The Secure Connections feature
      needs to be manually enabled. When it is disabled, then userspace
      only gets the P-192 returned and with Secure Connections enabled,
      userspace gets P-192 and P-256 in an extended structure.
      
      It is also acceptable to just ignore the P-256 data since it is not
      required to support them. The pairing with out-of-band credentials
      will still succeed. However then of course no Secure Connection will
      b established.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      4d2d2796
    • Marcel Holtmann's avatar
      Bluetooth: Limit acceptable link key types to only supported ones · 8e991132
      Marcel Holtmann authored
      The link keys that are loaded by userspace during controller setup
      should be limited to actual valid and supported types. With the
      support for Secure Connections, it is limited to types 0x00 - 0x08
      at the moment. Reject any other link key types.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      8e991132
    • Marcel Holtmann's avatar
      Bluetooth: Enable Secure Connection during power on if configured · a6d0d690
      Marcel Holtmann authored
      If support for Secure Connection has been configured, then make sure
      to send the appropiate HCI command to enable it when powering on the
      controller.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      a6d0d690
    • Marcel Holtmann's avatar
      Bluetooth: Add management command for enabling Secure Connections · eac83dc6
      Marcel Holtmann authored
      The support for Secure Connections need to be explicitly enabled by
      userspace. This is required since only userspace that can handle the
      new link key types should enable support for Secure Connections.
      
      This command handling is similar to how Secure Simple Pairing enabling
      is done. It also tracks the case when Secure Connections support is
      enabled via raw HCI commands. This makes sure that the host features
      page is updated as well.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      eac83dc6
    • Marcel Holtmann's avatar
      Bluetooth: Add flags and setting for Secure Connections support · e98d2ce2
      Marcel Holtmann authored
      The MGMT_SETTING_SECURE_CONN setting is used to track the support and
      status for Secure Connections from the management interface. For HCI
      based tracking HCI_SC_ENABLED flag is used.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      e98d2ce2
    • Marcel Holtmann's avatar
      Bluetooth: Enable Authenticated Payload Timeout Expired event · 40c59fcb
      Marcel Holtmann authored
      With Secure Connections capable controllers, the authenticated payload
      timeout can trigger. Enable the event so the controller informs the
      host when this happens.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      40c59fcb
    • Marcel Holtmann's avatar
      Bluetooth: Add support for handling P-256 derived link keys · 66138ce8
      Marcel Holtmann authored
      Before being able to enable Secure Connections support, the core needs
      to know on how to handle P-256 derived link keys. The difference between
      authenticated and unauthenticated P-256 derived link keys is the same as
      its P-192 counter parts.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      66138ce8
    • Marcel Holtmann's avatar
      Bluetooth: Add definitions for new link key types · 11015c79
      Marcel Holtmann authored
      With the introduction of Secure Connections, the list of link key types
      got extended by P-256 versions of authenticated and unauthenticated
      link keys.
      
      To avoid any confusion the previous authenticated and unauthenticated
      link key types got ammended with a P912 postfix. And the two new keys
      have a P256 postfix now. Existing code using the previous definitions
      has been adjusted.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      11015c79
    • Marcel Holtmann's avatar
      Bluetooth: Add HCI command definition for extended OOB data · e2f99131
      Marcel Holtmann authored
      The Secure Connections feature introduces the support for P-256 strength
      pairings (compared to P-192 with Secure Simple Pairing). This however
      means that for out-of-band pairing the hash and randomizer needs to be
      differentiated. Two new commands are introduced to handle the possible
      combinations of P-192 and P-256. This add the HCI command definition
      for both.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      e2f99131
    • Marcel Holtmann's avatar
      Bluetooth: Add HCI command definition for Secure Connections enabling · eb4b95c6
      Marcel Holtmann authored
      The Secure Connections feature is optional and host stacks have to
      manually enable it. This add the HCI command definiton for reading
      and writing this setting.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      eb4b95c6
    • Marcel Holtmann's avatar
      Bluetooth: Add LMP feature definitions for Secure Connections support · d5991585
      Marcel Holtmann authored
      The support for Secure Connections introduces two new controller
      features and one new host feature.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      d5991585
    • Johan Hedberg's avatar
      Bluetooth: Fix outgoing authentication requirement check · 264b8b4e
      Johan Hedberg authored
      The check for HIGH security level dates back to pre-mgmt times when a
      raw L2CAP socket with HIGH security level was used to trigger dedicated
      bonding. For legacy pairing checking for the security level was the only
      way to catch the need to authenticate in all scenarios. With mgmt
      however, the pair_device command does not use HIGH security but MEDIUM
      security. Therefore, the existing code would never trigger
      authentication for a non-SSP connection without an MITM requirement
      (e.g. if user space provided a NoInputNoOutput IO capability). In such a
      scenario the mgmt_pair_device command would return success without
      actually triggering any kind of pairing.
      
      This patch updates the authentication requirement check to also consider
      MEDIUM security level, and thereby ensures that mgmt_pair_device will
      always trigger authentication.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      264b8b4e
  2. 12 Feb, 2014 15 commits