Bluetooth: Add controller side link key clearing to hci_init_req

The controller may have link keys in its own memory and these keys could
be used for secure connections. However, since the interface to access
these keys doesn't provide information about the key types (which would
be needed to infer the level of security each key provides) using these
keys is rather useless. Therefore, simply clear the controller side list
in the initialization procedure.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 65cab13..4e2f008 100644 (file)
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -487,6 +487,12 @@ struct hci_cp_set_event_flt {
 #define HCI_CONN_SETUP_AUTO_OFF        0x01
 #define HCI_CONN_SETUP_AUTO_ON 0x02
 
+#define HCI_OP_DELETE_STORED_LINK_KEY  0x0c12
+struct hci_cp_delete_stored_link_key {
+       bdaddr_t bdaddr;
+       __u8     delete_all;
+} __packed;
+
 #define HCI_OP_WRITE_LOCAL_NAME                0x0c13
 struct hci_cp_write_local_name {
        __u8     name[248];

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 183ce81..cedb8a9 100644 (file)
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -190,6 +190,7 @@ static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
 
 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
 {
+       struct hci_cp_delete_stored_link_key cp;
        struct sk_buff *skb;
        __le16 param;
        __u8 flt_type;
@@ -260,6 +261,10 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
        /* Connection accept timeout ~20 secs */
        param = cpu_to_le16(0x7d00);
        hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
+
+       bacpy(&cp.bdaddr, BDADDR_ANY);
+       cp.delete_all = 1;
+       hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
 }
 
 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cf3014a..49b387c 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -557,6 +557,16 @@ static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
        hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
 }
 
+static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
+                                                       struct sk_buff *skb)
+{
+       __u8 status = *((__u8 *) skb->data);
+
+       BT_DBG("%s status 0x%x", hdev->name, status);
+
+       hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
+}
+
 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
 {
        BT_DBG("%s status 0x%x", hdev->name, status);
@@ -1402,6 +1412,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
                hci_cc_write_ca_timeout(hdev, skb);
                break;
 
+       case HCI_OP_DELETE_STORED_LINK_KEY:
+               hci_cc_delete_stored_link_key(hdev, skb);
+               break;
+
        default:
                BT_DBG("%s opcode 0x%x", hdev->name, opcode);
                break;