[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / smp.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>
#include <net/bluetooth/smp.h>
#include <linux/crypto.h>
#include <crypto/b128ops.h>

static inline void swap128(u8 src[16], u8 dst[16])
{
	int i;
	for (i = 0; i < 16; i++)
		dst[15 - i] = src[i];
}

static inline void swap56(u8 src[7], u8 dst[7])
{
	int i;
	for (i = 0; i < 7; i++)
		dst[6 - i] = src[i];
}

static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
{
	struct blkcipher_desc desc;
	struct scatterlist sg;
	int err, iv_len;
	unsigned char iv[128];

	if (tfm == NULL) {
		BT_ERR("tfm %p", tfm);
		return -EINVAL;
	}

	desc.tfm = tfm;
	desc.flags = 0;

	err = crypto_blkcipher_setkey(tfm, k, 16);
	if (err) {
		BT_ERR("cipher setkey failed: %d", err);
		return err;
	}

	sg_init_one(&sg, r, 16);

	iv_len = crypto_blkcipher_ivsize(tfm);
	if (iv_len) {
		memset(&iv, 0xff, iv_len);
		crypto_blkcipher_set_iv(tfm, iv, iv_len);
	}

	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
	if (err)
		BT_ERR("Encrypt data error %d", err);

	return err;
}

static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
		u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
		u8 _rat, bdaddr_t *ra, u8 res[16])
{
	u8 p1[16], p2[16];
	int err;

	memset(p1, 0, 16);

	/* p1 = pres || preq || _rat || _iat */
	swap56(pres, p1);
	swap56(preq, p1 + 7);
	p1[14] = _rat;
	p1[15] = _iat;

	memset(p2, 0, 16);

	/* p2 = padding || ia || ra */
	baswap((bdaddr_t *) (p2 + 4), ia);
	baswap((bdaddr_t *) (p2 + 10), ra);

	/* res = r XOR p1 */
	u128_xor((u128 *) res, (u128 *) r, (u128 *) p1);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err) {
		BT_ERR("Encrypt data error");
		return err;
	}

	/* res = res XOR p2 */
	u128_xor((u128 *) res, (u128 *) res, (u128 *) p2);

	/* res = e(k, res) */
	err = smp_e(tfm, k, res);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
			u8 r1[16], u8 r2[16], u8 _r[16])
{
	int err;

	/* Just least significant octets from r1 and r2 are considered */
	memcpy(_r, r1 + 8, 8);
	memcpy(_r + 8, r2 + 8, 8);

	err = smp_e(tfm, k, _r);
	if (err)
		BT_ERR("Encrypt data error");

	return err;
}

static int smp_rand(u8 *buf)
{
	get_random_bytes(buf, 16);

	return 0;
}

static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
						u16 dlen, void *data)
{
	struct sk_buff *skb;
	struct l2cap_hdr *lh;
	int len;

	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;

	if (len > conn->mtu)
		return NULL;

	skb = bt_skb_alloc(len, GFP_ATOMIC);
	if (!skb)
		return NULL;

	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
	lh->len = cpu_to_le16(sizeof(code) + dlen);
	lh->cid = cpu_to_le16(L2CAP_CID_SMP);

	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));

	memcpy(skb_put(skb, dlen), data, dlen);

	return skb;
}

static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
{
	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);

	BT_DBG("code 0x%2.2x", code);

	if (!skb)
		return;

	hci_send_acl(conn->hcon, skb, 0);
}

static void smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_pairing *rp = (void *) skb->data;

	BT_DBG("conn %p", conn);

	skb_pull(skb, sizeof(*rp));

	rp->io_capability = 0x00;
	rp->oob_flag = 0x00;
	rp->max_key_size = 16;
	rp->init_key_dist = 0x00;
	rp->resp_key_dist = 0x00;
	rp->auth_req &= (SMP_AUTH_BONDING | SMP_AUTH_MITM);

	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(*rp), rp);
}

static void smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_pairing_confirm cp;

	BT_DBG("conn %p", conn);

	memset(&cp, 0, sizeof(cp));

	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
}

static void smp_cmd_pairing_confirm(struct l2cap_conn *conn,
							struct sk_buff *skb)
{
	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

	if (conn->hcon->out) {
		struct smp_cmd_pairing_random random;

		memset(&random, 0, sizeof(random));

		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
								&random);
	} else {
		struct smp_cmd_pairing_confirm confirm;

		memset(&confirm, 0, sizeof(confirm));

		smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(confirm),
								&confirm);
	}
}

static void smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_pairing_random cp;

	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");

	skb_pull(skb, sizeof(cp));

	if (conn->hcon->out) {
		/* FIXME: start encryption */
	} else {
		memset(&cp, 0, sizeof(cp));

		smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(cp), &cp);
	}
}

static void smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
	struct smp_cmd_security_req *rp = (void *) skb->data;
	struct smp_cmd_pairing cp;

	BT_DBG("conn %p", conn);

	skb_pull(skb, sizeof(*rp));
	memset(&cp, 0, sizeof(cp));

	cp.io_capability = 0x00;
	cp.oob_flag = 0x00;
	cp.max_key_size = 16;
	cp.init_key_dist = 0x00;
	cp.resp_key_dist = 0x00;
	cp.auth_req = rp->auth_req & (SMP_AUTH_BONDING | SMP_AUTH_MITM);

	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
}

int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
{
	struct hci_conn *hcon = conn->hcon;
	__u8 authreq;

	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);

	if (IS_ERR(hcon->hdev->tfm))
		return 1;

	switch (sec_level) {
	case BT_SECURITY_MEDIUM:
		/* Encrypted, no MITM protection */
		authreq = HCI_AT_NO_BONDING_MITM;
		break;

	case BT_SECURITY_HIGH:
		/* Bonding, MITM protection */
		authreq = HCI_AT_GENERAL_BONDING_MITM;
		break;

	case BT_SECURITY_LOW:
	default:
		return 1;
	}

	if (hcon->link_mode & HCI_LM_MASTER) {
		struct smp_cmd_pairing cp;
		cp.io_capability = 0x00;
		cp.oob_flag = 0x00;
		cp.max_key_size = 16;
		cp.init_key_dist = 0x00;
		cp.resp_key_dist = 0x00;
		cp.auth_req = authreq;
		smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
	} else {
		struct smp_cmd_security_req cp;
		cp.auth_req = authreq;
		smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
	}

	return 0;
}

int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
{
	__u8 code = skb->data[0];
	__u8 reason;
	int err = 0;

	if (IS_ERR(conn->hcon->hdev->tfm)) {
		err = PTR_ERR(conn->hcon->hdev->tfm);
		reason = SMP_PAIRING_NOTSUPP;
		goto done;
	}

	skb_pull(skb, sizeof(code));

	switch (code) {
	case SMP_CMD_PAIRING_REQ:
		smp_cmd_pairing_req(conn, skb);
		break;

	case SMP_CMD_PAIRING_FAIL:
		break;

	case SMP_CMD_PAIRING_RSP:
		smp_cmd_pairing_rsp(conn, skb);
		break;

	case SMP_CMD_SECURITY_REQ:
		smp_cmd_security_req(conn, skb);
		break;

	case SMP_CMD_PAIRING_CONFIRM:
		smp_cmd_pairing_confirm(conn, skb);
		break;

	case SMP_CMD_PAIRING_RANDOM:
		smp_cmd_pairing_random(conn, skb);
		break;

	case SMP_CMD_ENCRYPT_INFO:
	case SMP_CMD_MASTER_IDENT:
	case SMP_CMD_IDENT_INFO:
	case SMP_CMD_IDENT_ADDR_INFO:
	case SMP_CMD_SIGN_INFO:
	default:
		BT_DBG("Unknown command code 0x%2.2x", code);

		reason = SMP_CMD_NOTSUPP;
		err = -EOPNOTSUPP;
		goto done;
	}

done:
	if (reason)
		smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
								&reason);

	kfree_skb(skb);
	return err;
}
Commit	Line	Data
eb492e01 AB	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
	4
	5	This program is free software; you can redistribute it and/or modify
	6	it under the terms of the GNU General Public License version 2 as
	7	published by the Free Software Foundation;
	8
	9	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	10	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	11	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	12	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	13	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	14	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	15	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	16	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	17
	18	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	19	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	20	SOFTWARE IS DISCLAIMED.
	21	*/
	22
	23	#include <net/bluetooth/bluetooth.h>
	24	#include <net/bluetooth/hci_core.h>
	25	#include <net/bluetooth/l2cap.h>
	26	#include <net/bluetooth/smp.h>
d22ef0bc AB	27	#include <linux/crypto.h>
	28	#include <crypto/b128ops.h>
	29
	30	static inline void swap128(u8 src[16], u8 dst[16])
	31	{
	32	int i;
	33	for (i = 0; i < 16; i++)
	34	dst[15 - i] = src[i];
	35	}
	36
	37	static inline void swap56(u8 src[7], u8 dst[7])
	38	{
	39	int i;
	40	for (i = 0; i < 7; i++)
	41	dst[6 - i] = src[i];
	42	}
	43
	44	static int smp_e(struct crypto_blkcipher tfm, const u8 k, u8 *r)
	45	{
	46	struct blkcipher_desc desc;
	47	struct scatterlist sg;
	48	int err, iv_len;
	49	unsigned char iv[128];
	50
	51	if (tfm == NULL) {
	52	BT_ERR("tfm %p", tfm);
	53	return -EINVAL;
	54	}
	55
	56	desc.tfm = tfm;
	57	desc.flags = 0;
	58
	59	err = crypto_blkcipher_setkey(tfm, k, 16);
	60	if (err) {
	61	BT_ERR("cipher setkey failed: %d", err);
	62	return err;
	63	}
	64
	65	sg_init_one(&sg, r, 16);
	66
	67	iv_len = crypto_blkcipher_ivsize(tfm);
	68	if (iv_len) {
	69	memset(&iv, 0xff, iv_len);
	70	crypto_blkcipher_set_iv(tfm, iv, iv_len);
	71	}
	72
	73	err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
	74	if (err)
	75	BT_ERR("Encrypt data error %d", err);
	76
	77	return err;
	78	}
	79
	80	static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
	81	u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
	82	u8 _rat, bdaddr_t *ra, u8 res[16])
	83	{
	84	u8 p1[16], p2[16];
	85	int err;
	86
	87	memset(p1, 0, 16);
	88
	89	/* p1 = pres \|\| preq \|\| _rat \|\| _iat */
	90	swap56(pres, p1);
91	swap56(preq, p1 + 7);
92	p1[14] = _rat;
93	p1[15] = _iat;
94
95	memset(p2, 0, 16);
96
97	/* p2 = padding \|\| ia \|\| ra */
98	baswap((bdaddr_t *) (p2 + 4), ia);
99	baswap((bdaddr_t *) (p2 + 10), ra);
100
101	/* res = r XOR p1 */
102	u128_xor((u128 ) res, (u128 ) r, (u128 *) p1);
103
104	/* res = e(k, res) */
105	err = smp_e(tfm, k, res);
106	if (err) {
107	BT_ERR("Encrypt data error");
108	return err;
109	}
110
111	/* res = res XOR p2 */
112	u128_xor((u128 ) res, (u128 ) res, (u128 *) p2);
113
114	/* res = e(k, res) */
115	err = smp_e(tfm, k, res);
116	if (err)
117	BT_ERR("Encrypt data error");
118
119	return err;
120	}
121
122	static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16],
123	u8 r1[16], u8 r2[16], u8 _r[16])
124	{
125	int err;
126
127	/* Just least significant octets from r1 and r2 are considered */
128	memcpy(_r, r1 + 8, 8);
129	memcpy(_r + 8, r2 + 8, 8);
130
131	err = smp_e(tfm, k, _r);
132	if (err)
133	BT_ERR("Encrypt data error");
134
135	return err;
136	}
137
138	static int smp_rand(u8 *buf)
139	{
140	get_random_bytes(buf, 16);
141
142	return 0;
143	}
eb492e01 AB	144
	145	static struct sk_buff smp_build_cmd(struct l2cap_conn conn, u8 code,
	146	u16 dlen, void *data)
	147	{
	148	struct sk_buff *skb;
	149	struct l2cap_hdr *lh;
	150	int len;
	151
	152	len = L2CAP_HDR_SIZE + sizeof(code) + dlen;
	153
	154	if (len > conn->mtu)
	155	return NULL;
	156
	157	skb = bt_skb_alloc(len, GFP_ATOMIC);
	158	if (!skb)
	159	return NULL;
	160
	161	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
	162	lh->len = cpu_to_le16(sizeof(code) + dlen);
	163	lh->cid = cpu_to_le16(L2CAP_CID_SMP);
	164
	165	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
	166
	167	memcpy(skb_put(skb, dlen), data, dlen);
	168
	169	return skb;
	170	}
	171
	172	static void smp_send_cmd(struct l2cap_conn conn, u8 code, u16 len, void data)
	173	{
	174	struct sk_buff *skb = smp_build_cmd(conn, code, len, data);
	175
	176	BT_DBG("code 0x%2.2x", code);
	177
	178	if (!skb)
	179	return;
	180
	181	hci_send_acl(conn->hcon, skb, 0);
	182	}
	183
88ba43b6 AB	184	static void smp_cmd_pairing_req(struct l2cap_conn conn, struct sk_buff skb)
	185	{
	186	struct smp_cmd_pairing rp = (void ) skb->data;
	187
	188	BT_DBG("conn %p", conn);
	189
	190	skb_pull(skb, sizeof(*rp));
	191
	192	rp->io_capability = 0x00;
	193	rp->oob_flag = 0x00;
	194	rp->max_key_size = 16;
	195	rp->init_key_dist = 0x00;
	196	rp->resp_key_dist = 0x00;
	197	rp->auth_req &= (SMP_AUTH_BONDING \| SMP_AUTH_MITM);
	198
	199	smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(*rp), rp);
	200	}
	201
	202	static void smp_cmd_pairing_rsp(struct l2cap_conn conn, struct sk_buff skb)
	203	{
	204	struct smp_cmd_pairing_confirm cp;
	205
	206	BT_DBG("conn %p", conn);
	207
	208	memset(&cp, 0, sizeof(cp));
	209
	210	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
	211	}
	212
	213	static void smp_cmd_pairing_confirm(struct l2cap_conn *conn,
	214	struct sk_buff *skb)
	215	{
	216	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
	217
	218	if (conn->hcon->out) {
	219	struct smp_cmd_pairing_random random;
	220
	221	memset(&random, 0, sizeof(random));
	222
	223	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
	224	&random);
	225	} else {
	226	struct smp_cmd_pairing_confirm confirm;
	227
	228	memset(&confirm, 0, sizeof(confirm));
	229
	230	smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(confirm),
	231	&confirm);
	232	}
	233	}
	234
	235	static void smp_cmd_pairing_random(struct l2cap_conn conn, struct sk_buff skb)
	236	{
	237	struct smp_cmd_pairing_random cp;
	238
	239	BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
	240
	241	skb_pull(skb, sizeof(cp));
	242
	243	if (conn->hcon->out) {
	244	/* FIXME: start encryption */
	245	} else {
	246	memset(&cp, 0, sizeof(cp));
	247
248	smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(cp), &cp);
249	}
250	}
251
252	static void smp_cmd_security_req(struct l2cap_conn conn, struct sk_buff skb)
253	{
254	struct smp_cmd_security_req rp = (void ) skb->data;
255	struct smp_cmd_pairing cp;
256
257	BT_DBG("conn %p", conn);
258
259	skb_pull(skb, sizeof(*rp));
260	memset(&cp, 0, sizeof(cp));
261
262	cp.io_capability = 0x00;
263	cp.oob_flag = 0x00;
264	cp.max_key_size = 16;
265	cp.init_key_dist = 0x00;
266	cp.resp_key_dist = 0x00;
267	cp.auth_req = rp->auth_req & (SMP_AUTH_BONDING \| SMP_AUTH_MITM);
268
269	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
270	}
271
eb492e01 AB	272	int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
eb492e01 AB	273	{
3a0259bb	274	struct hci_conn *hcon = conn->hcon;
eb492e01 AB	275	__u8 authreq;
eb492e01 AB	276
3a0259bb VCG	277	BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
	278
	279	if (IS_ERR(hcon->hdev->tfm))
	280	return 1;
eb492e01 AB	281
	282	switch (sec_level) {
	283	case BT_SECURITY_MEDIUM:
	284	/* Encrypted, no MITM protection */
	285	authreq = HCI_AT_NO_BONDING_MITM;
	286	break;
	287
	288	case BT_SECURITY_HIGH:
	289	/* Bonding, MITM protection */
	290	authreq = HCI_AT_GENERAL_BONDING_MITM;
	291	break;
	292
	293	case BT_SECURITY_LOW:
	294	default:
	295	return 1;
	296	}
	297
3a0259bb	298	if (hcon->link_mode & HCI_LM_MASTER) {
eb492e01 AB	299	struct smp_cmd_pairing cp;
	300	cp.io_capability = 0x00;
	301	cp.oob_flag = 0x00;
	302	cp.max_key_size = 16;
	303	cp.init_key_dist = 0x00;
	304	cp.resp_key_dist = 0x00;
	305	cp.auth_req = authreq;
	306	smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
	307	} else {
	308	struct smp_cmd_security_req cp;
	309	cp.auth_req = authreq;
	310	smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
	311	}
	312
	313	return 0;
	314	}
	315
	316	int smp_sig_channel(struct l2cap_conn conn, struct sk_buff skb)
	317	{
	318	__u8 code = skb->data[0];
	319	__u8 reason;
	320	int err = 0;
	321
3a0259bb VCG	322	if (IS_ERR(conn->hcon->hdev->tfm)) {
	323	err = PTR_ERR(conn->hcon->hdev->tfm);
	324	reason = SMP_PAIRING_NOTSUPP;
	325	goto done;
	326	}
	327
eb492e01 AB	328	skb_pull(skb, sizeof(code));
	329
	330	switch (code) {
	331	case SMP_CMD_PAIRING_REQ:
88ba43b6	332	smp_cmd_pairing_req(conn, skb);
eb492e01 AB	333	break;
	334
	335	case SMP_CMD_PAIRING_FAIL:
	336	break;
	337
	338	case SMP_CMD_PAIRING_RSP:
88ba43b6 AB	339	smp_cmd_pairing_rsp(conn, skb);
	340	break;
	341
	342	case SMP_CMD_SECURITY_REQ:
	343	smp_cmd_security_req(conn, skb);
	344	break;
	345
eb492e01	346	case SMP_CMD_PAIRING_CONFIRM:
88ba43b6 AB	347	smp_cmd_pairing_confirm(conn, skb);
	348	break;
	349
eb492e01	350	case SMP_CMD_PAIRING_RANDOM:
88ba43b6 AB	351	smp_cmd_pairing_random(conn, skb);
	352	break;
	353
eb492e01 AB	354	case SMP_CMD_ENCRYPT_INFO:
	355	case SMP_CMD_MASTER_IDENT:
	356	case SMP_CMD_IDENT_INFO:
	357	case SMP_CMD_IDENT_ADDR_INFO:
	358	case SMP_CMD_SIGN_INFO:
eb492e01 AB	359	default:
	360	BT_DBG("Unknown command code 0x%2.2x", code);
	361
	362	reason = SMP_CMD_NOTSUPP;
eb492e01	363	err = -EOPNOTSUPP;
3a0259bb	364	goto done;
eb492e01 AB	365	}
eb492e01 AB	366
3a0259bb VCG	367	done:
	368	if (reason)
	369	smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
	370	&reason);
	371
eb492e01 AB	372	kfree_skb(skb);
	373	return err;
	374	}