1 files changed, 165 insertions, 41 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5f812455a450..4327b129d38e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -461,6 +461,34 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
        }
 }
+static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        u8 status = *((u8 *) skb->data);
+        struct hci_cp_write_sc_support *sent;
+        BT_DBG("%s status 0x%2.2x", hdev->name, status);
+        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
+        if (!sent)
+                return;
+        if (!status) {
+                if (sent->support)
+                        hdev->features[1][0] |= LMP_HOST_SC;
+                else
+                        hdev->features[1][0] &= ~LMP_HOST_SC;
+        }
+        if (test_bit(HCI_MGMT, &hdev->dev_flags))
+                mgmt_sc_enable_complete(hdev, sent->support, status);
+        else if (!status) {
+                if (sent->support)
+                        set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
+                else
+                        clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
+        }
+}
 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct hci_rp_read_local_version *rp = (void *) skb->data;
@@ -904,16 +932,50 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
        hci_dev_unlock(hdev);
 }
-static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
+static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
-                                             struct sk_buff *skb)
+                                       struct sk_buff *skb)
 {
        struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
        hci_dev_lock(hdev);
-        mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
+        mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
-                                                rp->randomizer, rp->status);
+                                          NULL, NULL, rp->status);
+        hci_dev_unlock(hdev);
+}
+static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
+                                           struct sk_buff *skb)
+{
+        struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
+        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
+        hci_dev_lock(hdev);
+        mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
+                                          rp->hash256, rp->randomizer256,
+                                          rp->status);
+        hci_dev_unlock(hdev);
+}
+static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        __u8 status = *((__u8 *) skb->data);
+        bdaddr_t *sent;
+        BT_DBG("%s status 0x%2.2x", hdev->name, status);
+        sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
+        if (!sent)
+                return;
+        hci_dev_lock(hdev);
+        if (!status)
+                bacpy(&hdev->random_addr, sent);
        hci_dev_unlock(hdev);
 }
@@ -1185,9 +1247,12 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
                return 0;
        /* Only request authentication for SSP connections or non-SSP
-         * devices with sec_level HIGH or if MITM protection is requested */
+         * devices with sec_level MEDIUM or HIGH or if MITM protection
+         * is requested.
+         */
        if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
-            conn->pending_sec_level != BT_SECURITY_HIGH)
+            conn->pending_sec_level != BT_SECURITY_HIGH &&
+            conn->pending_sec_level != BT_SECURITY_MEDIUM)
                return 0;
        return 1;
@@ -1659,7 +1724,7 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
        } else {
                conn->state = BT_CLOSED;
                if (conn->type == ACL_LINK)
-                        mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
+                        mgmt_connect_failed(hdev, &conn->dst, conn->type,
                                            conn->dst_type, ev->status);
        }
@@ -1943,35 +2008,46 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
        hci_dev_lock(hdev);
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
-        if (conn) {
+        if (!conn)
-                if (!ev->status) {
+                goto unlock;
-                        if (ev->encrypt) {
-                                /* Encryption implies authentication */
+        if (!ev->status) {
-                                conn->link_mode |= HCI_LM_AUTH;
+                if (ev->encrypt) {
-                                conn->link_mode |= HCI_LM_ENCRYPT;
+                        /* Encryption implies authentication */
-                                conn->sec_level = conn->pending_sec_level;
+                        conn->link_mode |= HCI_LM_AUTH;
-                        } else
+                        conn->link_mode |= HCI_LM_ENCRYPT;
-                                conn->link_mode &= ~HCI_LM_ENCRYPT;
+                        conn->sec_level = conn->pending_sec_level;
-                }
-                clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
+                        /* P-256 authentication key implies FIPS */
+                        if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
+                                conn->link_mode |= HCI_LM_FIPS;
-                if (ev->status && conn->state == BT_CONNECTED) {
+                        if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
-                        hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
+                            conn->type == LE_LINK)
-                        hci_conn_drop(conn);
+                                set_bit(HCI_CONN_AES_CCM, &conn->flags);
-                        goto unlock;
+                } else {
+                        conn->link_mode &= ~HCI_LM_ENCRYPT;
+                        clear_bit(HCI_CONN_AES_CCM, &conn->flags);
                }
+        }
-                if (conn->state == BT_CONFIG) {
+        clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
-                        if (!ev->status)
-                                conn->state = BT_CONNECTED;
-                        hci_proto_connect_cfm(conn, ev->status);
+        if (ev->status && conn->state == BT_CONNECTED) {
-                        hci_conn_drop(conn);
+                hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
-                } else
+                hci_conn_drop(conn);
-                        hci_encrypt_cfm(conn, ev->status, ev->encrypt);
+                goto unlock;
        }
+        if (conn->state == BT_CONFIG) {
+                if (!ev->status)
+                        conn->state = BT_CONNECTED;
+                hci_proto_connect_cfm(conn, ev->status);
+                hci_conn_drop(conn);
+        } else
+                hci_encrypt_cfm(conn, ev->status, ev->encrypt);
 unlock:
        hci_dev_unlock(hdev);
 }
@@ -2144,6 +2220,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                hci_cc_write_ssp_mode(hdev, skb);
                break;
+        case HCI_OP_WRITE_SC_SUPPORT:
+                hci_cc_write_sc_support(hdev, skb);
+                break;
        case HCI_OP_READ_LOCAL_VERSION:
                hci_cc_read_local_version(hdev, skb);
                break;
@@ -2213,7 +2293,11 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                break;
        case HCI_OP_READ_LOCAL_OOB_DATA:
-                hci_cc_read_local_oob_data_reply(hdev, skb);
+                hci_cc_read_local_oob_data(hdev, skb);
+                break;
+        case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
+                hci_cc_read_local_oob_ext_data(hdev, skb);
                break;
        case HCI_OP_LE_READ_BUFFER_SIZE:
@@ -2244,6 +2328,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                hci_cc_user_passkey_neg_reply(hdev, skb);
                break;
+        case HCI_OP_LE_SET_RANDOM_ADDR:
+                hci_cc_le_set_random_addr(hdev, skb);
+                break;
        case HCI_OP_LE_SET_ADV_ENABLE:
                hci_cc_le_set_adv_enable(hdev, skb);
                break;
@@ -2630,7 +2718,8 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
        if (conn) {
-                if (key->type == HCI_LK_UNAUTH_COMBINATION &&
+                if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
+                     key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
                    conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
                        BT_DBG("%s ignoring unauthenticated key", hdev->name);
                        goto not_found;
@@ -2844,6 +2933,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
                         * features do not indicate SSP support */
                        clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
                }
+                if (ev->features[0] & LMP_HOST_SC)
+                        set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
        }
        if (conn->state != BT_CONFIG)
@@ -3337,20 +3429,36 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
        data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
        if (data) {
-                struct hci_cp_remote_oob_data_reply cp;
+                if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
+                        struct hci_cp_remote_oob_ext_data_reply cp;
-                bacpy(&cp.bdaddr, &ev->bdaddr);
+                        bacpy(&cp.bdaddr, &ev->bdaddr);
-                memcpy(cp.hash, data->hash, sizeof(cp.hash));
+                        memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
-                memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
+                        memcpy(cp.randomizer192, data->randomizer192,
+                               sizeof(cp.randomizer192));
+                        memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
+                        memcpy(cp.randomizer256, data->randomizer256,
+                               sizeof(cp.randomizer256));
+                        hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
+                                     sizeof(cp), &cp);
+                } else {
+                        struct hci_cp_remote_oob_data_reply cp;
-                hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
+                        bacpy(&cp.bdaddr, &ev->bdaddr);
-                             &cp);
+                        memcpy(cp.hash, data->hash192, sizeof(cp.hash));
+                        memcpy(cp.randomizer, data->randomizer192,
+                               sizeof(cp.randomizer));
+                        hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
+                                     sizeof(cp), &cp);
+                }
        } else {
                struct hci_cp_remote_oob_data_neg_reply cp;
                bacpy(&cp.bdaddr, &ev->bdaddr);
-                hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
+                hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
-                             &cp);
+                             sizeof(cp), &cp);
        }
 unlock:
@@ -3484,6 +3592,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct hci_ev_le_conn_complete *ev = (void *) skb->data;
        struct hci_conn *conn;
+        struct smp_irk *irk;
        BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
@@ -3516,6 +3625,21 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                }
        }
+        /* Lookup the identity address from the stored connection
+         * address and address type.
+         *
+         * When establishing connections to an identity address, the
+         * connection procedure will store the resolvable random
+         * address first. Now if it can be converted back into the
+         * identity address, start using the identity address from
+         * now on.
+         */
+        irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
+        if (irk) {
+                bacpy(&conn->dst, &irk->bdaddr);
+                conn->dst_type = irk->addr_type;
+        }
        if (ev->status) {
                mgmt_connect_failed(hdev, &conn->dst, conn->type,
                                    conn->dst_type, ev->status);
@@ -3526,7 +3650,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
        }
        if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
-                mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
+                mgmt_device_connected(hdev, &conn->dst, conn->type,
                                      conn->dst_type, 0, NULL, 0, NULL);
        conn->sec_level = BT_SECURITY_LOW;
@@ -3577,7 +3701,7 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
        if (conn == NULL)
                goto not_found;
-        ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
+        ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
        if (ltk == NULL)
                goto not_found;

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 5f812455a450..4327b129d38e 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -461,6 +461,34 @@ static void hci_cc_write_ssp_mode(struct hci_dev hdev, struct sk_buff skb)
461	}	461	}
462	}	462	}
463		463
		464	static void hci_cc_write_sc_support(struct hci_dev hdev, struct sk_buff skb)
		465	{
		466	u8 status = ((u8 ) skb->data);
		467	struct hci_cp_write_sc_support *sent;
		468
		469	BT_DBG("%s status 0x%2.2x", hdev->name, status);
		470
		471	sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
		472	if (!sent)
		473	return;
		474
		475	if (!status) {
		476	if (sent->support)
		477	hdev->features[1][0] \|= LMP_HOST_SC;
		478	else
		479	hdev->features[1][0] &= ~LMP_HOST_SC;
		480	}
		481
		482	if (test_bit(HCI_MGMT, &hdev->dev_flags))
		483	mgmt_sc_enable_complete(hdev, sent->support, status);
		484	else if (!status) {
		485	if (sent->support)
		486	set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
		487	else
		488	clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
		489	}
		490	}
		491
464	static void hci_cc_read_local_version(struct hci_dev hdev, struct sk_buff skb)	492	static void hci_cc_read_local_version(struct hci_dev hdev, struct sk_buff skb)
465	{	493	{
466	struct hci_rp_read_local_version rp = (void ) skb->data;	494	struct hci_rp_read_local_version rp = (void ) skb->data;
@@ -904,16 +932,50 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
904	hci_dev_unlock(hdev);	932	hci_dev_unlock(hdev);
905	}	933	}
906		934
907	static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,	935	static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
908	struct sk_buff *skb)	936	struct sk_buff *skb)
909	{	937	{
910	struct hci_rp_read_local_oob_data rp = (void ) skb->data;	938	struct hci_rp_read_local_oob_data rp = (void ) skb->data;
911		939
912	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);	940	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
913		941
914	hci_dev_lock(hdev);	942	hci_dev_lock(hdev);
915	mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,	943	mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
916	rp->randomizer, rp->status);	944	NULL, NULL, rp->status);
		945	hci_dev_unlock(hdev);
		946	}
		947
		948	static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
		949	struct sk_buff *skb)
		950	{
		951	struct hci_rp_read_local_oob_ext_data rp = (void ) skb->data;
		952
		953	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
		954
		955	hci_dev_lock(hdev);
		956	mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
		957	rp->hash256, rp->randomizer256,
		958	rp->status);
		959	hci_dev_unlock(hdev);
		960	}
		961
		962
		963	static void hci_cc_le_set_random_addr(struct hci_dev hdev, struct sk_buff skb)
		964	{
		965	__u8 status = ((__u8 ) skb->data);
		966	bdaddr_t *sent;
		967
		968	BT_DBG("%s status 0x%2.2x", hdev->name, status);
		969
		970	sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
		971	if (!sent)
		972	return;
		973
		974	hci_dev_lock(hdev);
		975
		976	if (!status)
		977	bacpy(&hdev->random_addr, sent);
		978
917	hci_dev_unlock(hdev);	979	hci_dev_unlock(hdev);
918	}	980	}
919		981
@@ -1185,9 +1247,12 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1185	return 0;	1247	return 0;
1186		1248
1187	/* Only request authentication for SSP connections or non-SSP	1249	/* Only request authentication for SSP connections or non-SSP
1188	* devices with sec_level HIGH or if MITM protection is requested */	1250	* devices with sec_level MEDIUM or HIGH or if MITM protection
		1251	* is requested.
		1252	*/
1189	if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&	1253	if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1190	conn->pending_sec_level != BT_SECURITY_HIGH)	1254	conn->pending_sec_level != BT_SECURITY_HIGH &&
		1255	conn->pending_sec_level != BT_SECURITY_MEDIUM)
1191	return 0;	1256	return 0;
1192		1257
1193	return 1;	1258	return 1;
@@ -1659,7 +1724,7 @@ static void hci_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
1659	} else {	1724	} else {
1660	conn->state = BT_CLOSED;	1725	conn->state = BT_CLOSED;
1661	if (conn->type == ACL_LINK)	1726	if (conn->type == ACL_LINK)
1662	mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,	1727	mgmt_connect_failed(hdev, &conn->dst, conn->type,
1663	conn->dst_type, ev->status);	1728	conn->dst_type, ev->status);
1664	}	1729	}
1665		1730
@@ -1943,35 +2008,46 @@ static void hci_encrypt_change_evt(struct hci_dev hdev, struct sk_buff skb)
1943	hci_dev_lock(hdev);	2008	hci_dev_lock(hdev);
1944		2009
1945	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));	2010	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1946	if (conn) {	2011	if (!conn)
1947	if (!ev->status) {	2012	goto unlock;
1948	if (ev->encrypt) {	2013
1949	/* Encryption implies authentication */	2014	if (!ev->status) {
1950	conn->link_mode \|= HCI_LM_AUTH;	2015	if (ev->encrypt) {
1951	conn->link_mode \|= HCI_LM_ENCRYPT;	2016	/* Encryption implies authentication */
1952	conn->sec_level = conn->pending_sec_level;	2017	conn->link_mode \|= HCI_LM_AUTH;
1953	} else	2018	conn->link_mode \|= HCI_LM_ENCRYPT;
1954	conn->link_mode &= ~HCI_LM_ENCRYPT;	2019	conn->sec_level = conn->pending_sec_level;
1955	}
1956		2020
1957	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);	2021	/* P-256 authentication key implies FIPS */
		2022	if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
		2023	conn->link_mode \|= HCI_LM_FIPS;
1958		2024
1959	if (ev->status && conn->state == BT_CONNECTED) {	2025	if ((conn->type == ACL_LINK && ev->encrypt == 0x02) \|\|
1960	hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);	2026	conn->type == LE_LINK)
1961	hci_conn_drop(conn);	2027	set_bit(HCI_CONN_AES_CCM, &conn->flags);
1962	goto unlock;	2028	} else {
		2029	conn->link_mode &= ~HCI_LM_ENCRYPT;
		2030	clear_bit(HCI_CONN_AES_CCM, &conn->flags);
1963	}	2031	}
		2032	}
1964		2033
1965	if (conn->state == BT_CONFIG) {	2034	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1966	if (!ev->status)
1967	conn->state = BT_CONNECTED;
1968		2035
1969	hci_proto_connect_cfm(conn, ev->status);	2036	if (ev->status && conn->state == BT_CONNECTED) {
1970	hci_conn_drop(conn);	2037	hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1971	} else	2038	hci_conn_drop(conn);
1972	hci_encrypt_cfm(conn, ev->status, ev->encrypt);	2039	goto unlock;
1973	}	2040	}
1974		2041
		2042	if (conn->state == BT_CONFIG) {
		2043	if (!ev->status)
		2044	conn->state = BT_CONNECTED;
		2045
		2046	hci_proto_connect_cfm(conn, ev->status);
		2047	hci_conn_drop(conn);
		2048	} else
		2049	hci_encrypt_cfm(conn, ev->status, ev->encrypt);
		2050
1975	unlock:	2051	unlock:
1976	hci_dev_unlock(hdev);	2052	hci_dev_unlock(hdev);
1977	}	2053	}
@@ -2144,6 +2220,10 @@ static void hci_cmd_complete_evt(struct hci_dev hdev, struct sk_buff skb)
2144	hci_cc_write_ssp_mode(hdev, skb);	2220	hci_cc_write_ssp_mode(hdev, skb);
2145	break;	2221	break;
2146		2222
		2223	case HCI_OP_WRITE_SC_SUPPORT:
		2224	hci_cc_write_sc_support(hdev, skb);
		2225	break;
		2226
2147	case HCI_OP_READ_LOCAL_VERSION:	2227	case HCI_OP_READ_LOCAL_VERSION:
2148	hci_cc_read_local_version(hdev, skb);	2228	hci_cc_read_local_version(hdev, skb);
2149	break;	2229	break;
@@ -2213,7 +2293,11 @@ static void hci_cmd_complete_evt(struct hci_dev hdev, struct sk_buff skb)
2213	break;	2293	break;
2214		2294
2215	case HCI_OP_READ_LOCAL_OOB_DATA:	2295	case HCI_OP_READ_LOCAL_OOB_DATA:
2216	hci_cc_read_local_oob_data_reply(hdev, skb);	2296	hci_cc_read_local_oob_data(hdev, skb);
		2297	break;
		2298
		2299	case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
		2300	hci_cc_read_local_oob_ext_data(hdev, skb);
2217	break;	2301	break;
2218		2302
2219	case HCI_OP_LE_READ_BUFFER_SIZE:	2303	case HCI_OP_LE_READ_BUFFER_SIZE:
@@ -2244,6 +2328,10 @@ static void hci_cmd_complete_evt(struct hci_dev hdev, struct sk_buff skb)
2244	hci_cc_user_passkey_neg_reply(hdev, skb);	2328	hci_cc_user_passkey_neg_reply(hdev, skb);
2245	break;	2329	break;
2246		2330
		2331	case HCI_OP_LE_SET_RANDOM_ADDR:
		2332	hci_cc_le_set_random_addr(hdev, skb);
		2333	break;
		2334
2247	case HCI_OP_LE_SET_ADV_ENABLE:	2335	case HCI_OP_LE_SET_ADV_ENABLE:
2248	hci_cc_le_set_adv_enable(hdev, skb);	2336	hci_cc_le_set_adv_enable(hdev, skb);
2249	break;	2337	break;
@@ -2630,7 +2718,8 @@ static void hci_link_key_request_evt(struct hci_dev hdev, struct sk_buff skb)
2630		2718
2631	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);	2719	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2632	if (conn) {	2720	if (conn) {
2633	if (key->type == HCI_LK_UNAUTH_COMBINATION &&	2721	if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 \|\|
		2722	key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2634	conn->auth_type != 0xff && (conn->auth_type & 0x01)) {	2723	conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2635	BT_DBG("%s ignoring unauthenticated key", hdev->name);	2724	BT_DBG("%s ignoring unauthenticated key", hdev->name);
2636	goto not_found;	2725	goto not_found;
@@ -2844,6 +2933,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2844	* features do not indicate SSP support */	2933	* features do not indicate SSP support */
2845	clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);	2934	clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2846	}	2935	}
		2936
		2937	if (ev->features[0] & LMP_HOST_SC)
		2938	set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
2847	}	2939	}
2848		2940
2849	if (conn->state != BT_CONFIG)	2941	if (conn->state != BT_CONFIG)
@@ -3337,20 +3429,36 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3337		3429
3338	data = hci_find_remote_oob_data(hdev, &ev->bdaddr);	3430	data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3339	if (data) {	3431	if (data) {
3340	struct hci_cp_remote_oob_data_reply cp;	3432	if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
		3433	struct hci_cp_remote_oob_ext_data_reply cp;
3341		3434
3342	bacpy(&cp.bdaddr, &ev->bdaddr);	3435	bacpy(&cp.bdaddr, &ev->bdaddr);
3343	memcpy(cp.hash, data->hash, sizeof(cp.hash));	3436	memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3344	memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));	3437	memcpy(cp.randomizer192, data->randomizer192,
		3438	sizeof(cp.randomizer192));
		3439	memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
		3440	memcpy(cp.randomizer256, data->randomizer256,
		3441	sizeof(cp.randomizer256));
		3442
		3443	hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
		3444	sizeof(cp), &cp);
		3445	} else {
		3446	struct hci_cp_remote_oob_data_reply cp;
3345		3447
3346	hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),	3448	bacpy(&cp.bdaddr, &ev->bdaddr);
3347	&cp);	3449	memcpy(cp.hash, data->hash192, sizeof(cp.hash));
		3450	memcpy(cp.randomizer, data->randomizer192,
		3451	sizeof(cp.randomizer));
		3452
		3453	hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
		3454	sizeof(cp), &cp);
		3455	}
3348	} else {	3456	} else {
3349	struct hci_cp_remote_oob_data_neg_reply cp;	3457	struct hci_cp_remote_oob_data_neg_reply cp;
3350		3458
3351	bacpy(&cp.bdaddr, &ev->bdaddr);	3459	bacpy(&cp.bdaddr, &ev->bdaddr);
3352	hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),	3460	hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3353	&cp);	3461	sizeof(cp), &cp);
3354	}	3462	}
3355		3463
3356	unlock:	3464	unlock:
@@ -3484,6 +3592,7 @@ static void hci_le_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
3484	{	3592	{
3485	struct hci_ev_le_conn_complete ev = (void ) skb->data;	3593	struct hci_ev_le_conn_complete ev = (void ) skb->data;
3486	struct hci_conn *conn;	3594	struct hci_conn *conn;
		3595	struct smp_irk *irk;
3487		3596
3488	BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);	3597	BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3489		3598
@@ -3516,6 +3625,21 @@ static void hci_le_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
3516	}	3625	}
3517	}	3626	}
3518		3627
		3628	/* Lookup the identity address from the stored connection
		3629	* address and address type.
		3630	*
		3631	* When establishing connections to an identity address, the
		3632	* connection procedure will store the resolvable random
		3633	* address first. Now if it can be converted back into the
		3634	* identity address, start using the identity address from
		3635	* now on.
		3636	*/
		3637	irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
		3638	if (irk) {
		3639	bacpy(&conn->dst, &irk->bdaddr);
		3640	conn->dst_type = irk->addr_type;
		3641	}
		3642
3519	if (ev->status) {	3643	if (ev->status) {
3520	mgmt_connect_failed(hdev, &conn->dst, conn->type,	3644	mgmt_connect_failed(hdev, &conn->dst, conn->type,
3521	conn->dst_type, ev->status);	3645	conn->dst_type, ev->status);
@@ -3526,7 +3650,7 @@ static void hci_le_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
3526	}	3650	}
3527		3651
3528	if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))	3652	if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3529	mgmt_device_connected(hdev, &ev->bdaddr, conn->type,	3653	mgmt_device_connected(hdev, &conn->dst, conn->type,
3530	conn->dst_type, 0, NULL, 0, NULL);	3654	conn->dst_type, 0, NULL, 0, NULL);
3531		3655
3532	conn->sec_level = BT_SECURITY_LOW;	3656	conn->sec_level = BT_SECURITY_LOW;
@@ -3577,7 +3701,7 @@ static void hci_le_ltk_request_evt(struct hci_dev hdev, struct sk_buff skb)
3577	if (conn == NULL)	3701	if (conn == NULL)
3578	goto not_found;	3702	goto not_found;
3579		3703
3580	ltk = hci_find_ltk(hdev, ev->ediv, ev->random);	3704	ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3581	if (ltk == NULL)	3705	if (ltk == NULL)
3582	goto not_found;	3706	goto not_found;
3583		3707