18 files changed, 8321 insertions, 0 deletions

diff --git a/drivers/usb/wusbcore/Kconfig b/drivers/usb/wusbcore/Kconfig
new file mode 100644
index 00000000000..eb09a0a14a8
--- /dev/null
+++ b/drivers/usb/wusbcore/Kconfig
@@ -0,0 +1,41 @@
+#
+# Wireless USB Core configuration
+#
+config USB_WUSB
+	tristate "Enable Wireless USB extensions (EXPERIMENTAL)"
+	depends on EXPERIMENTAL
+	depends on USB
+        select UWB
+        select CRYPTO
+        select CRYPTO_BLKCIPHER
+        select CRYPTO_CBC
+        select CRYPTO_MANAGER
+        select CRYPTO_AES
+	help
+	  Enable the host-side support for Wireless USB.
+
+          To compile this support select Y (built in). It is safe to
+	  select even if you don't have the hardware.
+
+config USB_WUSB_CBAF
+	tristate "Support WUSB Cable Based Association (CBA)"
+	depends on USB
+	help
+	  Some WUSB devices support Cable Based Association. It's used to
+	  enable the secure communication between the host and the
+	  device.
+
+	  Enable this option if your WUSB device must to be connected
+	  via wired USB before establishing a wireless link.
+
+	  It is safe to select even if you don't have a compatible
+	  hardware.
+
+config USB_WUSB_CBAF_DEBUG
+	bool "Enable CBA debug messages"
+	depends on USB_WUSB_CBAF
+	help
+	  Say Y here if you want the CBA to produce a bunch of debug messages
+	  to the system log. Select this if you are having a problem with
+	  CBA support and want to see more of what is going on.
+
diff --git a/drivers/usb/wusbcore/Makefile b/drivers/usb/wusbcore/Makefile
new file mode 100644
index 00000000000..75f1ade6625
--- /dev/null
+++ b/drivers/usb/wusbcore/Makefile
@@ -0,0 +1,26 @@
+obj-$(CONFIG_USB_WUSB)		+= wusbcore.o
+obj-$(CONFIG_USB_HWA_HCD)	+= wusb-wa.o
+obj-$(CONFIG_USB_WUSB_CBAF)	+= wusb-cbaf.o
+
+
+wusbcore-objs := 	\
+	crypto.o	\
+	devconnect.o	\
+	dev-sysfs.o	\
+	mmc.o		\
+	pal.o		\
+	rh.o		\
+	reservation.o	\
+	security.o	\
+	wusbhc.o
+
+wusb-cbaf-objs := cbaf.o
+
+wusb-wa-objs :=	wa-hc.o		\
+		wa-nep.o	\
+		wa-rpipe.o	\
+		wa-xfer.o
+
+ifeq ($(CONFIG_USB_WUSB_CBAF_DEBUG),y)
+EXTRA_CFLAGS += -DDEBUG
+endif
diff --git a/drivers/usb/wusbcore/cbaf.c b/drivers/usb/wusbcore/cbaf.c
new file mode 100644
index 00000000000..ab4788d1785
--- /dev/null
+++ b/drivers/usb/wusbcore/cbaf.c
@@ -0,0 +1,673 @@
+/*
+ * Wireless USB - Cable Based Association
+ *
+ *
+ * Copyright (C) 2006 Intel Corporation
+ * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
+ * Copyright (C) 2008 Cambridge Silicon Radio Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ *
+ * WUSB devices have to be paired (associated in WUSB lingo) so
+ * that they can connect to the system.
+ *
+ * One way of pairing is using CBA-Cable Based Association. First
+ * time you plug the device with a cable, association is done between
+ * host and device and subsequent times, you can connect wirelessly
+ * without having to associate again. That's the idea.
+ *
+ * This driver does nothing Earth shattering. It just provides an
+ * interface to chat with the wire-connected device so we can get a
+ * CDID (device ID) that might have been previously associated to a
+ * CHID (host ID) and to set up a new <CHID,CDID,CK> triplet
+ * (connection context), with the CK being the secret, or connection
+ * key. This is the pairing data.
+ *
+ * When a device with the CBA capability connects, the probe routine
+ * just creates a bunch of sysfs files that a user space enumeration
+ * manager uses to allow it to connect wirelessly to the system or not.
+ *
+ * The process goes like this:
+ *
+ * 1. Device plugs, cbaf is loaded, notifications happen.
+ *
+ * 2. The connection manager (CM) sees a device with CBAF capability
+ *    (the wusb_chid etc. files in /sys/devices/blah/OURDEVICE).
+ *
+ * 3. The CM writes the host name, supported band groups, and the CHID
+ *    (host ID) into the wusb_host_name, wusb_host_band_groups and
+ *    wusb_chid files. These get sent to the device and the CDID (if
+ *    any) for this host is requested.
+ *
+ * 4. The CM can verify that the device's supported band groups
+ *    (wusb_device_band_groups) are compatible with the host.
+ *
+ * 5. The CM reads the wusb_cdid file.
+ *
+ * 6. The CM looks up its database
+ *
+ * 6.1 If it has a matching CHID,CDID entry, the device has been
+ *     authorized before (paired) and nothing further needs to be
+ *     done.
+ *
+ * 6.2 If the CDID is zero (or the CM doesn't find a matching CDID in
+ *     its database), the device is assumed to be not known.  The CM
+ *     may associate the host with device by: writing a randomly
+ *     generated CDID to wusb_cdid and then a random CK to wusb_ck
+ *     (this uploads the new CC to the device).
+ *
+ *     CMD may choose to prompt the user before associating with a new
+ *     device.
+ *
+ * 7. Device is unplugged.
+ *
+ * When the device tries to connect wirelessly, it will present its
+ * CDID to the WUSB host controller.  The CM will query the
+ * database. If the CHID/CDID pair found, it will (with a 4-way
+ * handshake) challenge the device to demonstrate it has the CK secret
+ * key (from our database) without actually exchanging it. Once
+ * satisfied, crypto keys are derived from the CK, the device is
+ * connected and all communication is encrypted.
+ *
+ * References:
+ *   [WUSB-AM] Association Models Supplement to the Certified Wireless
+ *             Universal Serial Bus Specification, version 1.0.
+ */
+#include <linux/module.h>
+#include <linux/ctype.h>
+#include <linux/version.h>
+#include <linux/usb.h>
+#include <linux/interrupt.h>
+#include <linux/delay.h>
+#include <linux/random.h>
+#include <linux/mutex.h>
+#include <linux/uwb.h>
+#include <linux/usb/wusb.h>
+#include <linux/usb/association.h>
+
+#define CBA_NAME_LEN 0x40 /* [WUSB-AM] table 4-7 */
+
+/* An instance of a Cable-Based-Association-Framework device */
+struct cbaf {
+	struct usb_device *usb_dev;
+	struct usb_interface *usb_iface;
+	void *buffer;
+	size_t buffer_size;
+
+	struct wusb_ckhdid chid;
+	char host_name[CBA_NAME_LEN];
+	u16 host_band_groups;
+
+	struct wusb_ckhdid cdid;
+	char device_name[CBA_NAME_LEN];
+	u16 device_band_groups;
+
+	struct wusb_ckhdid ck;
+};
+
+/*
+ * Verify that a CBAF USB-interface has what we need
+ *
+ * According to [WUSB-AM], CBA devices should provide at least two
+ * interfaces:
+ *  - RETRIEVE_HOST_INFO
+ *  - ASSOCIATE
+ *
+ * If the device doesn't provide these interfaces, we do not know how
+ * to deal with it.
+ */
+static int cbaf_check(struct cbaf *cbaf)
+{
+	int result;
+	struct device *dev = &cbaf->usb_iface->dev;
+	struct wusb_cbaf_assoc_info *assoc_info;
+	struct wusb_cbaf_assoc_request *assoc_request;
+	size_t assoc_size;
+	void *itr, *top;
+	int ar_rhi = 0, ar_assoc = 0;
+
+	result = usb_control_msg(
+		cbaf->usb_dev, usb_rcvctrlpipe(cbaf->usb_dev, 0),
+		CBAF_REQ_GET_ASSOCIATION_INFORMATION,
+		USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+		0, cbaf->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+		cbaf->buffer, cbaf->buffer_size, 1000 /* FIXME: arbitrary */);
+	if (result < 0) {
+		dev_err(dev, "Cannot get available association types: %d\n",
+			result);
+		return result;
+	}
+
+	assoc_info = cbaf->buffer;
+	if (result < sizeof(*assoc_info)) {
+		dev_err(dev, "Not enough data to decode association info "
+			"header (%zu vs %zu bytes required)\n",
+			(size_t)result, sizeof(*assoc_info));
+		return result;
+	}
+
+	assoc_size = le16_to_cpu(assoc_info->Length);
+	if (result < assoc_size) {
+		dev_err(dev, "Not enough data to decode association info "
+			"(%zu vs %zu bytes required)\n",
+			(size_t)assoc_size, sizeof(*assoc_info));
+		return result;
+	}
+	/*
+	 * From now on, we just verify, but won't error out unless we
+	 * don't find the AR_TYPE_WUSB_{RETRIEVE_HOST_INFO,ASSOCIATE}
+	 * types.
+	 */
+	itr = cbaf->buffer + sizeof(*assoc_info);
+	top = cbaf->buffer + assoc_size;
+	dev_dbg(dev, "Found %u association requests (%zu bytes)\n",
+		 assoc_info->NumAssociationRequests, assoc_size);
+
+	while (itr < top) {
+		u16 ar_type, ar_subtype;
+		u32 ar_size;
+		const char *ar_name;
+
+		assoc_request = itr;
+
+		if (top - itr < sizeof(*assoc_request)) {
+			dev_err(dev, "Not enough data to decode associaton "
+				"request (%zu vs %zu bytes needed)\n",
+				top - itr, sizeof(*assoc_request));
+			break;
+		}
+
+		ar_type = le16_to_cpu(assoc_request->AssociationTypeId);
+		ar_subtype = le16_to_cpu(assoc_request->AssociationSubTypeId);
+		ar_size = le32_to_cpu(assoc_request->AssociationTypeInfoSize);
+		ar_name = "unknown";
+
+		switch (ar_type) {
+		case AR_TYPE_WUSB:
+			/* Verify we have what is mandated by [WUSB-AM]. */
+			switch (ar_subtype) {
+			case AR_TYPE_WUSB_RETRIEVE_HOST_INFO:
+				ar_name = "RETRIEVE_HOST_INFO";
+				ar_rhi = 1;
+				break;
+			case AR_TYPE_WUSB_ASSOCIATE:
+				/* send assoc data */
+				ar_name = "ASSOCIATE";
+				ar_assoc = 1;
+				break;
+			};
+			break;
+		};
+
+		dev_dbg(dev, "Association request #%02u: 0x%04x/%04x "
+			 "(%zu bytes): %s\n",
+			 assoc_request->AssociationDataIndex, ar_type,
+			 ar_subtype, (size_t)ar_size, ar_name);
+
+		itr += sizeof(*assoc_request);
+	}
+
+	if (!ar_rhi) {
+		dev_err(dev, "Missing RETRIEVE_HOST_INFO association "
+			"request\n");
+		return -EINVAL;
+	}
+	if (!ar_assoc) {
+		dev_err(dev, "Missing ASSOCIATE association request\n");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static const struct wusb_cbaf_host_info cbaf_host_info_defaults = {
+	.AssociationTypeId_hdr    = WUSB_AR_AssociationTypeId,
+	.AssociationTypeId    	  = cpu_to_le16(AR_TYPE_WUSB),
+	.AssociationSubTypeId_hdr = WUSB_AR_AssociationSubTypeId,
+	.AssociationSubTypeId = cpu_to_le16(AR_TYPE_WUSB_RETRIEVE_HOST_INFO),
+	.CHID_hdr                 = WUSB_AR_CHID,
+	.LangID_hdr               = WUSB_AR_LangID,
+	.HostFriendlyName_hdr     = WUSB_AR_HostFriendlyName,
+};
+
+/* Send WUSB host information (CHID and name) to a CBAF device */
+static int cbaf_send_host_info(struct cbaf *cbaf)
+{
+	struct wusb_cbaf_host_info *hi;
+	size_t name_len;
+	size_t hi_size;
+
+	hi = cbaf->buffer;
+	memset(hi, 0, sizeof(*hi));
+	*hi = cbaf_host_info_defaults;
+	hi->CHID = cbaf->chid;
+	hi->LangID = 0;	/* FIXME: I guess... */
+	strlcpy(hi->HostFriendlyName, cbaf->host_name, CBA_NAME_LEN);
+	name_len = strlen(cbaf->host_name);
+	hi->HostFriendlyName_hdr.len = cpu_to_le16(name_len);
+	hi_size = sizeof(*hi) + name_len;
+
+	return usb_control_msg(cbaf->usb_dev, usb_sndctrlpipe(cbaf->usb_dev, 0),
+			CBAF_REQ_SET_ASSOCIATION_RESPONSE,
+			USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+			0x0101,
+			cbaf->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+			hi, hi_size, 1000 /* FIXME: arbitrary */);
+}
+
+/*
+ * Get device's information (CDID) associated to CHID
+ *
+ * The device will return it's information (CDID, name, bandgroups)
+ * associated to the CHID we have set before, or 0 CDID and default
+ * name and bandgroup if no CHID set or unknown.
+ */
+static int cbaf_cdid_get(struct cbaf *cbaf)
+{
+	int result;
+	struct device *dev = &cbaf->usb_iface->dev;
+	struct wusb_cbaf_device_info *di;
+	size_t needed;
+
+	di = cbaf->buffer;
+	result = usb_control_msg(
+		cbaf->usb_dev, usb_rcvctrlpipe(cbaf->usb_dev, 0),
+		CBAF_REQ_GET_ASSOCIATION_REQUEST,
+		USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+		0x0200, cbaf->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+		di, cbaf->buffer_size, 1000 /* FIXME: arbitrary */);
+	if (result < 0) {
+		dev_err(dev, "Cannot request device information: %d\n", result);
+		return result;
+	}
+
+	needed = result < sizeof(*di) ? sizeof(*di) : le32_to_cpu(di->Length);
+	if (result < needed) {
+		dev_err(dev, "Not enough data in DEVICE_INFO reply (%zu vs "
+			"%zu bytes needed)\n", (size_t)result, needed);
+		return result;
+	}
+
+	strlcpy(cbaf->device_name, di->DeviceFriendlyName, CBA_NAME_LEN);
+	cbaf->cdid = di->CDID;
+	cbaf->device_band_groups = le16_to_cpu(di->BandGroups);
+
+	return 0;
+}
+
+static ssize_t cbaf_wusb_chid_show(struct device *dev,
+					struct device_attribute *attr,
+					char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+	char pr_chid[WUSB_CKHDID_STRSIZE];
+
+	ckhdid_printf(pr_chid, sizeof(pr_chid), &cbaf->chid);
+	return scnprintf(buf, PAGE_SIZE, "%s\n", pr_chid);
+}
+
+static ssize_t cbaf_wusb_chid_store(struct device *dev,
+					 struct device_attribute *attr,
+					 const char *buf, size_t size)
+{
+	ssize_t result;
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	result = sscanf(buf,
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx",
+			&cbaf->chid.data[0] , &cbaf->chid.data[1],
+			&cbaf->chid.data[2] , &cbaf->chid.data[3],
+			&cbaf->chid.data[4] , &cbaf->chid.data[5],
+			&cbaf->chid.data[6] , &cbaf->chid.data[7],
+			&cbaf->chid.data[8] , &cbaf->chid.data[9],
+			&cbaf->chid.data[10], &cbaf->chid.data[11],
+			&cbaf->chid.data[12], &cbaf->chid.data[13],
+			&cbaf->chid.data[14], &cbaf->chid.data[15]);
+
+	if (result != 16)
+		return -EINVAL;
+
+	result = cbaf_send_host_info(cbaf);
+	if (result < 0)
+		return result;
+	result = cbaf_cdid_get(cbaf);
+	if (result < 0)
+		return -result;
+	return size;
+}
+static DEVICE_ATTR(wusb_chid, 0600, cbaf_wusb_chid_show, cbaf_wusb_chid_store);
+
+static ssize_t cbaf_wusb_host_name_show(struct device *dev,
+					struct device_attribute *attr,
+					char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	return scnprintf(buf, PAGE_SIZE, "%s\n", cbaf->host_name);
+}
+
+static ssize_t cbaf_wusb_host_name_store(struct device *dev,
+					 struct device_attribute *attr,
+					 const char *buf, size_t size)
+{
+	ssize_t result;
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	result = sscanf(buf, "%63s", cbaf->host_name);
+	if (result != 1)
+		return -EINVAL;
+
+	return size;
+}
+static DEVICE_ATTR(wusb_host_name, 0600, cbaf_wusb_host_name_show,
+					 cbaf_wusb_host_name_store);
+
+static ssize_t cbaf_wusb_host_band_groups_show(struct device *dev,
+					       struct device_attribute *attr,
+					       char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	return scnprintf(buf, PAGE_SIZE, "0x%04x\n", cbaf->host_band_groups);
+}
+
+static ssize_t cbaf_wusb_host_band_groups_store(struct device *dev,
+						struct device_attribute *attr,
+						const char *buf, size_t size)
+{
+	ssize_t result;
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+	u16 band_groups = 0;
+
+	result = sscanf(buf, "%04hx", &band_groups);
+	if (result != 1)
+		return -EINVAL;
+
+	cbaf->host_band_groups = band_groups;
+
+	return size;
+}
+
+static DEVICE_ATTR(wusb_host_band_groups, 0600,
+		   cbaf_wusb_host_band_groups_show,
+		   cbaf_wusb_host_band_groups_store);
+
+static const struct wusb_cbaf_device_info cbaf_device_info_defaults = {
+	.Length_hdr               = WUSB_AR_Length,
+	.CDID_hdr                 = WUSB_AR_CDID,
+	.BandGroups_hdr           = WUSB_AR_BandGroups,
+	.LangID_hdr               = WUSB_AR_LangID,
+	.DeviceFriendlyName_hdr   = WUSB_AR_DeviceFriendlyName,
+};
+
+static ssize_t cbaf_wusb_cdid_show(struct device *dev,
+				   struct device_attribute *attr, char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+	char pr_cdid[WUSB_CKHDID_STRSIZE];
+
+	ckhdid_printf(pr_cdid, sizeof(pr_cdid), &cbaf->cdid);
+	return scnprintf(buf, PAGE_SIZE, "%s\n", pr_cdid);
+}
+
+static ssize_t cbaf_wusb_cdid_store(struct device *dev,
+				struct device_attribute *attr,
+				const char *buf, size_t size)
+{
+	ssize_t result;
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+	struct wusb_ckhdid cdid;
+
+	result = sscanf(buf,
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx",
+			&cdid.data[0] , &cdid.data[1],
+			&cdid.data[2] , &cdid.data[3],
+			&cdid.data[4] , &cdid.data[5],
+			&cdid.data[6] , &cdid.data[7],
+			&cdid.data[8] , &cdid.data[9],
+			&cdid.data[10], &cdid.data[11],
+			&cdid.data[12], &cdid.data[13],
+			&cdid.data[14], &cdid.data[15]);
+	if (result != 16)
+		return -EINVAL;
+
+	cbaf->cdid = cdid;
+
+	return size;
+}
+static DEVICE_ATTR(wusb_cdid, 0600, cbaf_wusb_cdid_show, cbaf_wusb_cdid_store);
+
+static ssize_t cbaf_wusb_device_band_groups_show(struct device *dev,
+						 struct device_attribute *attr,
+						 char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	return scnprintf(buf, PAGE_SIZE, "0x%04x\n", cbaf->device_band_groups);
+}
+
+static DEVICE_ATTR(wusb_device_band_groups, 0600,
+		   cbaf_wusb_device_band_groups_show,
+		   NULL);
+
+static ssize_t cbaf_wusb_device_name_show(struct device *dev,
+					struct device_attribute *attr,
+					char *buf)
+{
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	return scnprintf(buf, PAGE_SIZE, "%s\n", cbaf->device_name);
+}
+static DEVICE_ATTR(wusb_device_name, 0600, cbaf_wusb_device_name_show, NULL);
+
+static const struct wusb_cbaf_cc_data cbaf_cc_data_defaults = {
+	.AssociationTypeId_hdr    = WUSB_AR_AssociationTypeId,
+	.AssociationTypeId    	  = cpu_to_le16(AR_TYPE_WUSB),
+	.AssociationSubTypeId_hdr = WUSB_AR_AssociationSubTypeId,
+	.AssociationSubTypeId     = cpu_to_le16(AR_TYPE_WUSB_ASSOCIATE),
+	.Length_hdr               = WUSB_AR_Length,
+	.Length               	  = cpu_to_le32(sizeof(struct wusb_cbaf_cc_data)),
+	.ConnectionContext_hdr    = WUSB_AR_ConnectionContext,
+	.BandGroups_hdr           = WUSB_AR_BandGroups,
+};
+
+static const struct wusb_cbaf_cc_data_fail cbaf_cc_data_fail_defaults = {
+	.AssociationTypeId_hdr    = WUSB_AR_AssociationTypeId,
+	.AssociationSubTypeId_hdr = WUSB_AR_AssociationSubTypeId,
+	.Length_hdr               = WUSB_AR_Length,
+	.AssociationStatus_hdr    = WUSB_AR_AssociationStatus,
+};
+
+/*
+ * Send a new CC to the device.
+ */
+static int cbaf_cc_upload(struct cbaf *cbaf)
+{
+	int result;
+	struct device *dev = &cbaf->usb_iface->dev;
+	struct wusb_cbaf_cc_data *ccd;
+	char pr_cdid[WUSB_CKHDID_STRSIZE];
+
+	ccd =  cbaf->buffer;
+	*ccd = cbaf_cc_data_defaults;
+	ccd->CHID = cbaf->chid;
+	ccd->CDID = cbaf->cdid;
+	ccd->CK = cbaf->ck;
+	ccd->BandGroups = cpu_to_le16(cbaf->host_band_groups);
+
+	dev_dbg(dev, "Trying to upload CC:\n");
+	ckhdid_printf(pr_cdid, sizeof(pr_cdid), &ccd->CHID);
+	dev_dbg(dev, "  CHID       %s\n", pr_cdid);
+	ckhdid_printf(pr_cdid, sizeof(pr_cdid), &ccd->CDID);
+	dev_dbg(dev, "  CDID       %s\n", pr_cdid);
+	dev_dbg(dev, "  Bandgroups 0x%04x\n", cbaf->host_band_groups);
+
+	result = usb_control_msg(
+		cbaf->usb_dev, usb_sndctrlpipe(cbaf->usb_dev, 0),
+		CBAF_REQ_SET_ASSOCIATION_RESPONSE,
+		USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+		0x0201, cbaf->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+		ccd, sizeof(*ccd), 1000 /* FIXME: arbitrary */);
+
+	return result;
+}
+
+static ssize_t cbaf_wusb_ck_store(struct device *dev,
+				  struct device_attribute *attr,
+				  const char *buf, size_t size)
+{
+	ssize_t result;
+	struct usb_interface *iface = to_usb_interface(dev);
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+
+	result = sscanf(buf,
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx "
+			"%02hhx %02hhx %02hhx %02hhx",
+			&cbaf->ck.data[0] , &cbaf->ck.data[1],
+			&cbaf->ck.data[2] , &cbaf->ck.data[3],
+			&cbaf->ck.data[4] , &cbaf->ck.data[5],
+			&cbaf->ck.data[6] , &cbaf->ck.data[7],
+			&cbaf->ck.data[8] , &cbaf->ck.data[9],
+			&cbaf->ck.data[10], &cbaf->ck.data[11],
+			&cbaf->ck.data[12], &cbaf->ck.data[13],
+			&cbaf->ck.data[14], &cbaf->ck.data[15]);
+	if (result != 16)
+		return -EINVAL;
+
+	result = cbaf_cc_upload(cbaf);
+	if (result < 0)
+		return result;
+
+	return size;
+}
+static DEVICE_ATTR(wusb_ck, 0600, NULL, cbaf_wusb_ck_store);
+
+static struct attribute *cbaf_dev_attrs[] = {
+	&dev_attr_wusb_host_name.attr,
+	&dev_attr_wusb_host_band_groups.attr,
+	&dev_attr_wusb_chid.attr,
+	&dev_attr_wusb_cdid.attr,
+	&dev_attr_wusb_device_name.attr,
+	&dev_attr_wusb_device_band_groups.attr,
+	&dev_attr_wusb_ck.attr,
+	NULL,
+};
+
+static struct attribute_group cbaf_dev_attr_group = {
+	.name = NULL,	/* we want them in the same directory */
+	.attrs = cbaf_dev_attrs,
+};
+
+static int cbaf_probe(struct usb_interface *iface,
+		      const struct usb_device_id *id)
+{
+	struct cbaf *cbaf;
+	struct device *dev = &iface->dev;
+	int result = -ENOMEM;
+
+	cbaf = kzalloc(sizeof(*cbaf), GFP_KERNEL);
+	if (cbaf == NULL)
+		goto error_kzalloc;
+	cbaf->buffer = kmalloc(512, GFP_KERNEL);
+	if (cbaf->buffer == NULL)
+		goto error_kmalloc_buffer;
+
+	cbaf->buffer_size = 512;
+	cbaf->usb_dev = usb_get_dev(interface_to_usbdev(iface));
+	cbaf->usb_iface = usb_get_intf(iface);
+	result = cbaf_check(cbaf);
+	if (result < 0) {
+		dev_err(dev, "This device is not WUSB-CBAF compliant"
+			"and is not supported yet.\n");
+		goto error_check;
+	}
+
+	result = sysfs_create_group(&dev->kobj, &cbaf_dev_attr_group);
+	if (result < 0) {
+		dev_err(dev, "Can't register sysfs attr group: %d\n", result);
+		goto error_create_group;
+	}
+	usb_set_intfdata(iface, cbaf);
+	return 0;
+
+error_create_group:
+error_check:
+	kfree(cbaf->buffer);
+error_kmalloc_buffer:
+	kfree(cbaf);
+error_kzalloc:
+	return result;
+}
+
+static void cbaf_disconnect(struct usb_interface *iface)
+{
+	struct cbaf *cbaf = usb_get_intfdata(iface);
+	struct device *dev = &iface->dev;
+	sysfs_remove_group(&dev->kobj, &cbaf_dev_attr_group);
+	usb_set_intfdata(iface, NULL);
+	usb_put_intf(iface);
+	kfree(cbaf->buffer);
+	/* paranoia: clean up crypto keys */
+	memset(cbaf, 0, sizeof(*cbaf));
+	kfree(cbaf);
+}
+
+static struct usb_device_id cbaf_id_table[] = {
+	{ USB_INTERFACE_INFO(0xef, 0x03, 0x01), },
+	{ },
+};
+MODULE_DEVICE_TABLE(usb, cbaf_id_table);
+
+static struct usb_driver cbaf_driver = {
+	.name =		"wusb-cbaf",
+	.id_table =	cbaf_id_table,
+	.probe =	cbaf_probe,
+	.disconnect =	cbaf_disconnect,
+};
+
+static int __init cbaf_driver_init(void)
+{
+	return usb_register(&cbaf_driver);
+}
+module_init(cbaf_driver_init);
+
+static void __exit cbaf_driver_exit(void)
+{
+	usb_deregister(&cbaf_driver);
+}
+module_exit(cbaf_driver_exit);
+
+MODULE_AUTHOR("Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>");
+MODULE_DESCRIPTION("Wireless USB Cable Based Association");
+MODULE_LICENSE("GPL");
diff --git a/drivers/usb/wusbcore/crypto.c b/drivers/usb/wusbcore/crypto.c
new file mode 100644
index 00000000000..c36c4389baa
--- /dev/null
+++ b/drivers/usb/wusbcore/crypto.c
@@ -0,0 +1,538 @@
+/*
+ * Ultra Wide Band
+ * AES-128 CCM Encryption
+ *
+ * Copyright (C) 2007 Intel Corporation
+ * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ *
+ * We don't do any encryption here; we use the Linux Kernel's AES-128
+ * crypto modules to construct keys and payload blocks in a way
+ * defined by WUSB1.0[6]. Check the erratas, as typos are are patched
+ * there.
+ *
+ * Thanks a zillion to John Keys for his help and clarifications over
+ * the designed-by-a-committee text.
+ *
+ * So the idea is that there is this basic Pseudo-Random-Function
+ * defined in WUSB1.0[6.5] which is the core of everything. It works
+ * by tweaking some blocks, AES crypting them and then xoring
+ * something else with them (this seems to be called CBC(AES) -- can
+ * you tell I know jack about crypto?). So we just funnel it into the
+ * Linux Crypto API.
+ *
+ * We leave a crypto test module so we can verify that vectors match,
+ * every now and then.
+ *
+ * Block size: 16 bytes -- AES seems to do things in 'block sizes'. I
+ *             am learning a lot...
+ *
+ *             Conveniently, some data structures that need to be
+ *             funneled through AES are...16 bytes in size!
+ */
+
+#include <linux/crypto.h>
+#include <linux/module.h>
+#include <linux/err.h>
+#include <linux/uwb.h>
+#include <linux/usb/wusb.h>
+#include <linux/scatterlist.h>
+#define D_LOCAL 0
+#include <linux/uwb/debug.h>
+
+
+/*
+ * Block of data, as understood by AES-CCM
+ *
+ * The code assumes this structure is nothing but a 16 byte array
+ * (packed in a struct to avoid common mess ups that I usually do with
+ * arrays and enforcing type checking).
+ */
+struct aes_ccm_block {
+	u8 data[16];
+} __attribute__((packed));
+
+/*
+ * Counter-mode Blocks (WUSB1.0[6.4])
+ *
+ * According to CCM (or so it seems), for the purpose of calculating
+ * the MIC, the message is broken in N counter-mode blocks, B0, B1,
+ * ... BN.
+ *
+ * B0 contains flags, the CCM nonce and l(m).
+ *
+ * B1 contains l(a), the MAC header, the encryption offset and padding.
+ *
+ * If EO is nonzero, additional blocks are built from payload bytes
+ * until EO is exahusted (FIXME: padding to 16 bytes, I guess). The
+ * padding is not xmitted.
+ */
+
+/* WUSB1.0[T6.4] */
+struct aes_ccm_b0 {
+	u8 flags;	/* 0x59, per CCM spec */
+	struct aes_ccm_nonce ccm_nonce;
+	__be16 lm;
+} __attribute__((packed));
+
+/* WUSB1.0[T6.5] */
+struct aes_ccm_b1 {
+	__be16 la;
+	u8 mac_header[10];
+	__le16 eo;
+	u8 security_reserved;	/* This is always zero */
+	u8 padding;		/* 0 */
+} __attribute__((packed));
+
+/*
+ * Encryption Blocks (WUSB1.0[6.4.4])
+ *
+ * CCM uses Ax blocks to generate a keystream with which the MIC and
+ * the message's payload are encoded. A0 always encrypts/decrypts the
+ * MIC. Ax (x>0) are used for the sucesive payload blocks.
+ *
+ * The x is the counter, and is increased for each block.
+ */
+struct aes_ccm_a {
+	u8 flags;	/* 0x01, per CCM spec */
+	struct aes_ccm_nonce ccm_nonce;
+	__be16 counter;	/* Value of x */
+} __attribute__((packed));
+
+static void bytewise_xor(void *_bo, const void *_bi1, const void *_bi2,
+			 size_t size)
+{
+	u8 *bo = _bo;
+	const u8 *bi1 = _bi1, *bi2 = _bi2;
+	size_t itr;
+	for (itr = 0; itr < size; itr++)
+		bo[itr] = bi1[itr] ^ bi2[itr];
+}
+
+/*
+ * CC-MAC function WUSB1.0[6.5]
+ *
+ * Take a data string and produce the encrypted CBC Counter-mode MIC
+ *
+ * Note the names for most function arguments are made to (more or
+ * less) match those used in the pseudo-function definition given in
+ * WUSB1.0[6.5].
+ *
+ * @tfm_cbc: CBC(AES) blkcipher handle (initialized)
+ *
+ * @tfm_aes: AES cipher handle (initialized)
+ *
+ * @mic: buffer for placing the computed MIC (Message Integrity
+ *       Code). This is exactly 8 bytes, and we expect the buffer to
+ *       be at least eight bytes in length.
+ *
+ * @key: 128 bit symmetric key
+ *
+ * @n: CCM nonce
+ *
+ * @a: ASCII string, 14 bytes long (I guess zero padded if needed;
+ *     we use exactly 14 bytes).
+ *
+ * @b: data stream to be processed; cannot be a global or const local
+ *     (will confuse the scatterlists)
+ *
+ * @blen: size of b...
+ *
+ * Still not very clear how this is done, but looks like this: we
+ * create block B0 (as WUSB1.0[6.5] says), then we AES-crypt it with
+ * @key. We bytewise xor B0 with B1 (1) and AES-crypt that. Then we
+ * take the payload and divide it in blocks (16 bytes), xor them with
+ * the previous crypto result (16 bytes) and crypt it, repeat the next
+ * block with the output of the previous one, rinse wash (I guess this
+ * is what AES CBC mode means...but I truly have no idea). So we use
+ * the CBC(AES) blkcipher, that does precisely that. The IV (Initial
+ * Vector) is 16 bytes and is set to zero, so
+ *
+ * See rfc3610. Linux crypto has a CBC implementation, but the
+ * documentation is scarce, to say the least, and the example code is
+ * so intricated that is difficult to understand how things work. Most
+ * of this is guess work -- bite me.
+ *
+ * (1) Created as 6.5 says, again, using as l(a) 'Blen + 14', and
+ *     using the 14 bytes of @a to fill up
+ *     b1.{mac_header,e0,security_reserved,padding}.
+ *
+ * NOTE: The definiton of l(a) in WUSB1.0[6.5] vs the definition of
+ *       l(m) is orthogonal, they bear no relationship, so it is not
+ *       in conflict with the parameter's relation that
+ *       WUSB1.0[6.4.2]) defines.
+ *
+ * NOTE: WUSB1.0[A.1]: Host Nonce is missing a nibble? (1e); fixed in
+ *       first errata released on 2005/07.
+ *
+ * NOTE: we need to clean IV to zero at each invocation to make sure
+ *       we start with a fresh empty Initial Vector, so that the CBC
+ *       works ok.
+ *
+ * NOTE: blen is not aligned to a block size, we'll pad zeros, that's
+ *       what sg[4] is for. Maybe there is a smarter way to do this.
+ */
+static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
+			struct crypto_cipher *tfm_aes, void *mic,
+			const struct aes_ccm_nonce *n,
+			const struct aes_ccm_label *a, const void *b,
+			size_t blen)
+{
+	int result = 0;
+	struct blkcipher_desc desc;
+	struct aes_ccm_b0 b0;
+	struct aes_ccm_b1 b1;
+	struct aes_ccm_a ax;
+	struct scatterlist sg[4], sg_dst;
+	void *iv, *dst_buf;
+	size_t ivsize, dst_size;
+	const u8 bzero[16] = { 0 };
+	size_t zero_padding;
+
+	d_fnstart(3, NULL, "(tfm_cbc %p, tfm_aes %p, mic %p, "
+		  "n %p, a %p, b %