Bluetooth: Add controller side link key clearing to hci_init_req
authorJohan Hedberg <johan.hedberg@nokia.com>
Mon, 10 Jan 2011 11:44:55 +0000 (13:44 +0200)
committerGustavo F. Padovan <padovan@profusion.mobi>
Tue, 8 Feb 2011 03:40:06 +0000 (01:40 -0200)
The controller may have link keys in its own memory and these keys could
be used for secure connections. However, since the interface to access
these keys doesn't provide information about the key types (which would
be needed to infer the level of security each key provides) using these
keys is rather useless. Therefore, simply clear the controller side list
in the initialization procedure.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
include/net/bluetooth/hci.h
net/bluetooth/hci_core.c
net/bluetooth/hci_event.c

index 65cab137e19f026d10524a0ea8cff4f8a2174374..4e2f008d32e122f62a4b31cf3b7814085f4bee14 100644 (file)
@@ -487,6 +487,12 @@ struct hci_cp_set_event_flt {
 #define HCI_CONN_SETUP_AUTO_OFF        0x01
 #define HCI_CONN_SETUP_AUTO_ON 0x02
 
+#define HCI_OP_DELETE_STORED_LINK_KEY  0x0c12
+struct hci_cp_delete_stored_link_key {
+       bdaddr_t bdaddr;
+       __u8     delete_all;
+} __packed;
+
 #define HCI_OP_WRITE_LOCAL_NAME                0x0c13
 struct hci_cp_write_local_name {
        __u8     name[248];
index 183ce81f7a5c45955d73a2a075b41afa5acb6aff..cedb8a966df6568b6eb53a1d2883e3ea8352c569 100644 (file)
@@ -190,6 +190,7 @@ static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
 
 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
 {
+       struct hci_cp_delete_stored_link_key cp;
        struct sk_buff *skb;
        __le16 param;
        __u8 flt_type;
@@ -260,6 +261,10 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
        /* Connection accept timeout ~20 secs */
        param = cpu_to_le16(0x7d00);
        hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
+
+       bacpy(&cp.bdaddr, BDADDR_ANY);
+       cp.delete_all = 1;
+       hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
 }
 
 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
index cf3014ae00e47087311a03e2e465c1fdb8fda61e..49b387cdcc3835bfe06da1583ec60ab295b809fa 100644 (file)
@@ -557,6 +557,16 @@ static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
        hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
 }
 
+static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
+                                                       struct sk_buff *skb)
+{
+       __u8 status = *((__u8 *) skb->data);
+
+       BT_DBG("%s status 0x%x", hdev->name, status);
+
+       hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
+}
+
 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
 {
        BT_DBG("%s status 0x%x", hdev->name, status);
@@ -1402,6 +1412,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
                hci_cc_write_ca_timeout(hdev, skb);
                break;
 
+       case HCI_OP_DELETE_STORED_LINK_KEY:
+               hci_cc_delete_stored_link_key(hdev, skb);
+               break;
+
        default:
                BT_DBG("%s opcode 0x%x", hdev->name, opcode);
                break;