9 files changed, 1389 insertions, 0 deletions
diff --git a/usr.sbin/bluetooth/hcsecd/Makefile b/usr.sbin/bluetooth/hcsecd/Makefile
new file mode 100644
index 000000000000..b32e3c670aa1
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/Makefile
@@ -0,0 +1,15 @@
+# $Id: Makefile,v 1.8 2003/08/14 20:06:20 max Exp $
+
+PACKAGE=	bluetooth
+CONFS=		hcsecd.conf
+CONFSDIR=	/etc/bluetooth
+CONFSMODE_hcsecd.conf=	600
+PROG=		hcsecd
+MAN=		hcsecd.8 hcsecd.conf.5
+SRCS=		hcsecd.c lexer.l parser.y
+WARNS?=		2
+CFLAGS+=	-I${.CURDIR}
+
+LIBADD=		bluetooth
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/bluetooth/hcsecd/Makefile.depend b/usr.sbin/bluetooth/hcsecd/Makefile.depend
new file mode 100644
index 000000000000..5cf06f846a48
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/Makefile.depend
@@ -0,0 +1,17 @@
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+	include \
+	include/xlocale \
+	lib/${CSU_DIR} \
+	lib/libbluetooth \
+	lib/libc \
+	lib/libcompiler_rt \
+	usr.bin/yacc.host \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
diff --git a/usr.sbin/bluetooth/hcsecd/hcsecd.8 b/usr.sbin/bluetooth/hcsecd/hcsecd.8
new file mode 100644
index 000000000000..9f8d3c7bf971
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/hcsecd.8
@@ -0,0 +1,126 @@
+.\" Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: hcsecd.8,v 1.8 2003/09/08 18:54:20 max Exp $
+.\"
+.Dd November 16, 2002
+.Dt HCSECD 8
+.Os
+.Sh NAME
+.Nm hcsecd
+.Nd control link keys and PIN codes for Bluetooth devices
+.Sh SYNOPSIS
+.Nm
+.Op Fl dh
+.Fl f Ar configfile
+.Sh DESCRIPTION
+The
+.Nm
+daemon controls link keys and PIN codes for Bluetooth devices.
+It opens a raw HCI socket and listens for
+.Dv Link_Key_Request ,
+.Dv PIN_Code_Request
+and
+.Dv Link_Key_Notification
+HCI events.
+.Pp
+Once a
+.Dv Link_Key_Request
+or
+.Dv PIN_Code_Request
+HCI event is received, the daemon scans the configuration file for a
+matching entry.
+The remote device BD_ADDR is used as a key.
+If no matching entry was found, the default entry will be used.
+If no default entry was found then it is assumed that no link key and no
+PIN code exists.
+For any given entry, the link key takes precedence over the PIN code.
+If a link key was not specified, the device must generate the link key from
+the PIN code.
+If an entry was found and the link key (or PIN code) exists, the
+.Dv Link_Key_Request_Reply
+(or
+.Dv PIN_Code_Request_Reply )
+command will be sent back to the device.
+Otherwise, the
+.Dv Link_Key_Request_Negative_Reply
+(or
+.Dv PIN_Code_Request_Negative_Reply )
+command will be sent back to the device.
+.Pp
+The
+.Nm
+daemon also handles HCI
+.Dv Link_Key_Notification
+events and caches link keys created from the PIN codes in memory.
+To preserve link keys between restarts the
+.Nm
+daemon dumps link keys for all entries in the
+.Pa /var/db/hcsecd.keys
+link keys file.
+If it exists, the link keys file gets processed by the
+.Nm
+daemon after it processes its main configuration file.
+The link keys file gets written every time the
+.Nm
+daemon shuts down gracefully.
+It is possible to force the
+.Nm
+daemon to re-read its main configuration file and dump the link keys file by
+sending the
+.Dv HUP
+signal to the
+.Nm
+process.
+The user is expected to not modify the link keys file by hand.
+.Pp
+The command line options are as follows:
+.Bl -tag -width indent
+.It Fl d
+Do not detach from the controlling terminal.
+.It Fl f Ar configfile
+Specify the name of the configuration file.
+The default is
+.Pa /etc/bluetooth/hcsecd.conf .
+.It Fl h
+Display usage message and exit.
+.El
+.Sh FILES
+.Bl -tag -width ".Pa /etc/bluetooth/hcsecd.conf" -compact
+.It Pa /etc/bluetooth/hcsecd.conf
+.It Pa /var/db/hcsecd.keys
+.It Pa /var/run/hcsecd.pid
+.El
+.Sh SEE ALSO
+.Xr ng_btsocket 4 ,
+.Xr ng_hci 4 ,
+.Xr hcsecd.conf 5 ,
+.Xr hccontrol 8
+.Sh AUTHORS
+.An Maksim Yevmenkin Aq Mt m_evmenkin@yahoo.com
+.Sh BUGS
+Currently there is no way to select the link key or the PIN code based on
+which local device received the request.
+Everything is based on the remote device BD_ADDR.
+An interface for external helpers to obtain link keys and PIN codes is missing.
diff --git a/usr.sbin/bluetooth/hcsecd/hcsecd.c b/usr.sbin/bluetooth/hcsecd/hcsecd.c
new file mode 100644
index 000000000000..824b0ba6971b
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/hcsecd.c
@@ -0,0 +1,448 @@
+/*-
+ * hcsecd.c
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: hcsecd.c,v 1.6 2003/08/18 19:19:55 max Exp $
+ */
+
+#include <sys/queue.h>
+#define L2CAP_SOCKET_CHECKED
+#include <bluetooth.h>
+#include <err.h>
+#include <errno.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include "hcsecd.h"
+
+static int	done = 0;
+
+static int process_pin_code_request_event
+	(int sock, struct sockaddr_hci *addr, bdaddr_p bdaddr);
+static int process_link_key_request_event
+	(int sock, struct sockaddr_hci *addr, bdaddr_p bdaddr);
+static int send_pin_code_reply
+	(int sock, struct sockaddr_hci *addr, bdaddr_p bdaddr, char const *pin);
+static int send_link_key_reply
+	(int sock, struct sockaddr_hci *addr, bdaddr_p bdaddr, uint8_t *key);
+static int process_link_key_notification_event
+	(int sock, struct sockaddr_hci *addr, ng_hci_link_key_notification_ep *ep);
+static void sighup
+	(int s);
+static void sigint
+	(int s);
+static void usage
+	(void);
+
+/* Main */
+int
+main(int argc, char *argv[])
+{
+	int					 n, detach, sock;
+	socklen_t				 size;
+	struct sigaction			 sa;
+	struct sockaddr_hci			 addr;
+	struct ng_btsocket_hci_raw_filter	 filter;
+	char					 buffer[HCSECD_BUFFER_SIZE];
+	ng_hci_event_pkt_t			*event = NULL;
+
+	detach = 1;
+
+	while ((n = getopt(argc, argv, "df:h")) != -1) {
+		switch (n) {
+		case 'd':
+			detach = 0;
+			break;
+
+		case 'f':
+			config_file = optarg;
+			break;
+
+		case 'h':
+		default:
+			usage();
+			/* NOT REACHED */
+		}
+	}
+
+	if (config_file == NULL)
+		usage();
+		/* NOT REACHED */
+
+	if (getuid() != 0)
+		errx(1, "** ERROR: You should run %s as privileged user!",
+			HCSECD_IDENT);
+
+	/* Set signal handlers */
+	memset(&sa, 0, sizeof(sa));
+	sa.sa_handler = sigint;
+	sa.sa_flags = SA_NOCLDWAIT;
+	if (sigaction(SIGINT, &sa, NULL) < 0)
+		err(1, "Could not sigaction(SIGINT)");
+	if (sigaction(SIGTERM, &sa, NULL) < 0)
+		err(1, "Could not sigaction(SIGINT)");
+
+	memset(&sa, 0, sizeof(sa));
+	sa.sa_handler = sighup;
+	if (sigaction(SIGHUP, &sa, NULL) < 0)
+		err(1, "Could not sigaction(SIGHUP)");
+
+	/* Open socket and set filter */
+	sock = socket(PF_BLUETOOTH, SOCK_RAW, BLUETOOTH_PROTO_HCI);
+	if (sock < 0)
+		err(1, "Could not create HCI socket");
+
+	memset(&filter, 0, sizeof(filter));
+	bit_set(filter.event_mask, NG_HCI_EVENT_PIN_CODE_REQ - 1);
+	bit_set(filter.event_mask, NG_HCI_EVENT_LINK_KEY_REQ - 1);
+	bit_set(filter.event_mask, NG_HCI_EVENT_LINK_KEY_NOTIFICATION - 1);
+
+	if (setsockopt(sock, SOL_HCI_RAW, SO_HCI_RAW_FILTER,
+			(void * const) &filter, sizeof(filter)) < 0)
+		err(1, "Could not set HCI socket filter");
+
+	if (detach && daemon(0, 0) < 0)
+		err(1, "Could not daemon()ize");
+
+	openlog(HCSECD_IDENT, LOG_NDELAY|LOG_PERROR|LOG_PID, LOG_DAEMON);
+
+	read_config_file();
+	read_keys_file();
+
+	if (detach) {
+		FILE	*pid = NULL;
+
+		if ((pid = fopen(HCSECD_PIDFILE, "w")) == NULL) {
+			syslog(LOG_ERR, "Could not create PID file %s. %s (%d)",
+					HCSECD_PIDFILE, strerror(errno), errno);
+			exit(1);
+		}
+
+		fprintf(pid, "%d", getpid());
+		fclose(pid);
+	}
+
+	event = (ng_hci_event_pkt_t *) buffer;
+	while (!done) {
+		size = sizeof(addr);
+		n = recvfrom(sock, buffer, sizeof(buffer), 0,
+				(struct sockaddr *) &addr, &size);
+		if (n < 0) {
+			if (errno == EINTR)
+				continue;
+
+			syslog(LOG_ERR, "Could not receive from HCI socket. " \
+					"%s (%d)", strerror(errno), errno);
+			exit(1);
+		}
+
+		if (event->type != NG_HCI_EVENT_PKT) {
+			syslog(LOG_ERR, "Received unexpected HCI packet, " \
+					"type=%#x", event->type);
+			continue;
+		}
+
+		switch (event->event) {
+		case NG_HCI_EVENT_PIN_CODE_REQ:
+			process_pin_code_request_event(sock, &addr,
+							(bdaddr_p)(event + 1));
+			break;
+
+		case NG_HCI_EVENT_LINK_KEY_REQ:
+			process_link_key_request_event(sock, &addr,
+							(bdaddr_p)(event + 1));
+			break;
+
+		case NG_HCI_EVENT_LINK_KEY_NOTIFICATION:
+			process_link_key_notification_event(sock, &addr,
+				(ng_hci_link_key_notification_ep *)(event + 1));
+			break;
+
+		default:
+			syslog(LOG_ERR, "Received unexpected HCI event, " \
+					"event=%#x", event->event);
+			break;
+		}
+	}
+
+	if (detach)
+		if (remove(HCSECD_PIDFILE) < 0)
+			syslog(LOG_ERR, "Could not remove PID file %s. %s (%d)",
+					HCSECD_PIDFILE, strerror(errno), errno);
+
+	dump_keys_file();
+	clean_config();
+	closelog();
+	close(sock);
+
+	return (0);
+}
+
+/* Process PIN_Code_Request event */
+static int
+process_pin_code_request_event(int sock, struct sockaddr_hci *addr,
+		bdaddr_p bdaddr)
+{
+	link_key_p	key = NULL;
+
+	syslog(LOG_DEBUG, "Got PIN_Code_Request event from '%s', " \
+			"remote bdaddr %s", addr->hci_node,
+			bt_ntoa(bdaddr, NULL));
+
+	if ((key = get_key(bdaddr, 0)) != NULL) {
+		syslog(LOG_DEBUG, "Found matching entry, " \
+				"remote bdaddr %s, name '%s', PIN code %s",
+				bt_ntoa(&key->bdaddr, NULL),
+				(key->name != NULL)? key->name : "No name",
+				(key->pin != NULL)? "exists" : "doesn't exist");
+
+		return (send_pin_code_reply(sock, addr, bdaddr, key->pin));
+	}
+
+	syslog(LOG_DEBUG, "Could not PIN code for remote bdaddr %s",
+			bt_ntoa(bdaddr, NULL));
+
+	return (send_pin_code_reply(sock, addr, bdaddr, NULL));
+}
+
+/* Process Link_Key_Request event */
+static int
+process_link_key_request_event(int sock, struct sockaddr_hci *addr,
+		bdaddr_p bdaddr)
+{
+	link_key_p	key = NULL;
+
+	syslog(LOG_DEBUG, "Got Link_Key_Request event from '%s', " \
+			"remote bdaddr %s", addr->hci_node,
+			bt_ntoa(bdaddr, NULL));
+
+	if ((key = get_key(bdaddr, 0)) != NULL) {
+		syslog(LOG_DEBUG, "Found matching entry, " \
+				"remote bdaddr %s, name '%s', link key %s",
+				bt_ntoa(&key->bdaddr, NULL),
+				(key->name != NULL)? key->name : "No name",
+				(key->key != NULL)? "exists" : "doesn't exist");
+
+		return (send_link_key_reply(sock, addr, bdaddr, key->key));
+	}
+
+	syslog(LOG_DEBUG, "Could not find link key for remote bdaddr %s",
+			bt_ntoa(bdaddr, NULL));
+
+	return (send_link_key_reply(sock, addr, bdaddr, NULL));
+}
+
+/* Send PIN_Code_[Negative]_Reply */
+static int
+send_pin_code_reply(int sock, struct sockaddr_hci *addr, 
+		bdaddr_p bdaddr, char const *pin)
+{
+	uint8_t			 buffer[HCSECD_BUFFER_SIZE];
+	ng_hci_cmd_pkt_t	*cmd = NULL;
+
+	memset(buffer, 0, sizeof(buffer));
+
+	cmd = (ng_hci_cmd_pkt_t *) buffer;
+	cmd->type = NG_HCI_CMD_PKT;
+
+	if (pin != NULL) {
+		ng_hci_pin_code_rep_cp	*cp = NULL;
+
+		cmd->opcode = htole16(NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL,
+						NG_HCI_OCF_PIN_CODE_REP));
+		cmd->length = sizeof(*cp);
+
+		cp = (ng_hci_pin_code_rep_cp *)(cmd + 1);
+		memcpy(&cp->bdaddr, bdaddr, sizeof(cp->bdaddr));
+		strncpy((char *) cp->pin, pin, sizeof(cp->pin));
+		cp->pin_size = strlen((char const *) cp->pin);
+
+		syslog(LOG_DEBUG, "Sending PIN_Code_Reply to '%s' " \
+				"for remote bdaddr %s",
+				addr->hci_node, bt_ntoa(bdaddr, NULL));
+	} else {
+		ng_hci_pin_code_neg_rep_cp	*cp = NULL;
+
+		cmd->opcode = htole16(NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL,
+						NG_HCI_OCF_PIN_CODE_NEG_REP));
+		cmd->length = sizeof(*cp);
+
+		cp = (ng_hci_pin_code_neg_rep_cp *)(cmd + 1);
+		memcpy(&cp->bdaddr, bdaddr, sizeof(cp->bdaddr));
+
+		syslog(LOG_DEBUG, "Sending PIN_Code_Negative_Reply to '%s' " \
+				"for remote bdaddr %s",
+				addr->hci_node, bt_ntoa(bdaddr, NULL));
+	}
+
+again:
+	if (sendto(sock, buffer, sizeof(*cmd) + cmd->length, 0,
+			(struct sockaddr *) addr, sizeof(*addr)) < 0) {
+		if (errno == EINTR)
+			goto again;
+
+		syslog(LOG_ERR, "Could not send PIN code reply to '%s' " \
+				"for remote bdaddr %s. %s (%d)",
+				addr->hci_node, bt_ntoa(bdaddr, NULL),
+				strerror(errno), errno);
+		return (-1);
+	}
+
+	return (0);
+}
+
+/* Send Link_Key_[Negative]_Reply */
+static int
+send_link_key_reply(int sock, struct sockaddr_hci *addr, 
+		bdaddr_p bdaddr, uint8_t *key)
+{
+	uint8_t			 buffer[HCSECD_BUFFER_SIZE];
+	ng_hci_cmd_pkt_t	*cmd = NULL;
+
+	memset(buffer, 0, sizeof(buffer));
+
+	cmd = (ng_hci_cmd_pkt_t *) buffer;
+	cmd->type = NG_HCI_CMD_PKT;
+
+	if (key != NULL) {
+		ng_hci_link_key_rep_cp	*cp = NULL;
+
+		cmd->opcode = htole16(NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL,
+						NG_HCI_OCF_LINK_KEY_REP));
+		cmd->length = sizeof(*cp);
+
+		cp = (ng_hci_link_key_rep_cp *)(cmd + 1);
+		memcpy(&cp->bdaddr, bdaddr, sizeof(cp->bdaddr));
+		memcpy(&cp->key, key, sizeof(cp->key));
+
+		syslog(LOG_DEBUG, "Sending Link_Key_Reply to '%s' " \
+				"for remote bdaddr %s",
+				addr->hci_node, bt_ntoa(bdaddr, NULL));
+	} else {
+		ng_hci_link_key_neg_rep_cp	*cp = NULL;
+
+		cmd->opcode = htole16(NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL,
+						NG_HCI_OCF_LINK_KEY_NEG_REP));
+		cmd->length = sizeof(*cp);
+
+		cp = (ng_hci_link_key_neg_rep_cp *)(cmd + 1);
+		memcpy(&cp->bdaddr, bdaddr, sizeof(cp->bdaddr));
+
+		syslog(LOG_DEBUG, "Sending Link_Key_Negative_Reply to '%s' " \
+				"for remote bdaddr %s",
+				addr->hci_node, bt_ntoa(bdaddr, NULL));
+	}
+
+again:
+	if (sendto(sock, buffer, sizeof(*cmd) + cmd->length, 0,
+			(struct sockaddr *) addr, sizeof(*addr)) < 0) {
+		if (errno == EINTR)
+			goto again;
+
+		syslog(LOG_ERR, "Could not send link key reply to '%s' " \
+				"for remote bdaddr %s. %s (%d)",
+				addr->hci_node, bt_ntoa(bdaddr, NULL),
+				strerror(errno), errno);
+		return (-1);
+	}
+
+	return (0);
+}
+
+/* Process Link_Key_Notification event */
+static int
+process_link_key_notification_event(int sock, struct sockaddr_hci *addr,
+		ng_hci_link_key_notification_ep *ep)
+{
+	link_key_p	key = NULL;
+
+	syslog(LOG_DEBUG, "Got Link_Key_Notification event from '%s', " \
+			"remote bdaddr %s", addr->hci_node,
+			bt_ntoa(&ep->bdaddr, NULL));
+
+	if ((key = get_key(&ep->bdaddr, 1)) == NULL) {
+		syslog(LOG_ERR, "Could not find entry for remote bdaddr %s",
+				bt_ntoa(&ep->bdaddr, NULL));
+		return (-1);
+	}
+
+	syslog(LOG_DEBUG, "Updating link key for the entry, " \
+			"remote bdaddr %s, name '%s', link key %s",
+			bt_ntoa(&key->bdaddr, NULL),
+			(key->name != NULL)? key->name : "No name",
+			(key->key != NULL)? "exists" : "doesn't exist");
+
+	if (key->key == NULL) {
+		key->key = (uint8_t *) malloc(NG_HCI_KEY_SIZE);
+		if (key->key == NULL) {
+			syslog(LOG_ERR, "Could not allocate link key");
+			exit(1);
+		}
+	}
+
+	memcpy(key->key, &ep->key, NG_HCI_KEY_SIZE);
+
+	return (0);
+}
+
+/* Signal handlers */
+static void
+sighup(int s)
+{
+	syslog(LOG_DEBUG, "Got SIGHUP (%d)", s);
+
+	dump_keys_file();
+	read_config_file();
+	read_keys_file();
+}
+
+static void
+sigint(int s)
+{
+	syslog(LOG_DEBUG, "Got signal %d, total number of signals %d",
+			s, ++ done);
+}
+
+/* Display usage and exit */
+static void
+usage(void)
+{
+	fprintf(stderr,
+"Usage: %s [-d] -f config_file [-h]\n" \
+"Where:\n" \
+"\t-d              do not detach from terminal\n" \
+"\t-f config_file  use <config_file>\n" \
+"\t-h              display this message\n", HCSECD_IDENT);
+
+	exit(255);
+}
+
diff --git a/usr.sbin/bluetooth/hcsecd/hcsecd.conf b/usr.sbin/bluetooth/hcsecd/hcsecd.conf
new file mode 100644
index 000000000000..36ec516ae019
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/hcsecd.conf
@@ -0,0 +1,55 @@
+# $Id: hcsecd.conf,v 1.1 2003/05/26 22:50:47 max Exp $
+#
+# HCI security daemon configuration file
+#
+# Format:
+#
+# device {
+#	option	value ;
+# }
+#
+# Possible options and values
+#
+# Options	Values
+# ----------------------------------
+# bdaddr	xx:xx:xx:xx:xx:xx ;  	- remote device BD_ADDR
+# name 		"any char" ;		- to set user friendly device name
+# key		0x11223344 | nokey ;	- to set link key for the device
+# pin		"secret" | nopin ;	- to PIN code for the device
+#
+# Notes:
+#
+#	Currently there is no way to select keys/PIN code based on which
+#	local device received the request. Everything is based on remote
+#	device BD_ADDR.
+#
+#	"nokey"	means that no link key has been defined and we should
+#		send Link_Key_Negative_Reply command to the device.
+#
+#	"nopin"	means that no PIN code has been defined and we should
+#		send PIN_Code_Negative_Reply command to the device
+#
+
+# Default entry is applied if no better match found
+# It MUST have 00:00:00:00:00:00 as bdaddr
+device {
+	bdaddr	00:00:00:00:00:00;
+	name	"Default entry";
+	key	nokey;
+	pin	nopin;
+}
+
+device {
+	bdaddr	00:01:02:03:04:05;
+	name	"Dummy";
+	key	nokey;
+	pin	"0000";
+}
+
+device {
+	bdaddr	00:11:22:33:44:55;
+	name	"Dummy";
+	key	0x00112233445566778899aabbccddeeff; # 16 bytes key (hex string)
+	pin	nopin;
+}
+
diff --git a/usr.sbin/bluetooth/hcsecd/hcsecd.conf.5 b/usr.sbin/bluetooth/hcsecd/hcsecd.conf.5
new file mode 100644
index 000000000000..306aea6cbb5b
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/hcsecd.conf.5
@@ -0,0 +1,130 @@
+.\" Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: hcsecd.conf.5,v 1.1 2003/05/26 22:49:23 max Exp $
+.\"
+.Dd May 26, 2003
+.Dt HCSECD.CONF 5
+.Os
+.Sh NAME
+.Nm hcsecd.conf
+.Nd
+.Xr hcsecd 8
+configuration file
+.Sh DESCRIPTION
+The
+.Nm
+file is the configuration file for the
+.Xr hcsecd 8
+Bluetooth link keys/PIN codes management daemon.
+.Pp
+The
+.Nm
+file is a free-form
+.Tn ASCII
+text file.
+It is parsed by the recursive-descent parser built into
+.Xr hcsecd 8 .
+The file may contain extra tabs and newlines for formatting purposes.
+Keywords in the file are case-sensitive.
+Comments may be placed anywhere within the file (except within quotes).
+Comments begin with the
+.Ql #
+character and end at the end of the line.
+.Sh FILE FORMAT
+The
+.Nm
+file consists of a list of
+.Cm device
+entries.
+Each
+.Cm device
+entry defines a link key or PIN code for a remote Bluetooth device.
+Each remote Bluetooth device is identified by its unique BD_ADDR.
+.Pp
+The
+.Cm device
+entry
+.Pp
+.Cm device
+{
+.Cm option Ar argument ;
+.Oo
+.Cm option Ar argument ;
+.Oc
+}
+.Pp
+The following section describes all supported options and arguments.
+.Bl -tag -width indent
+.It Cm bdaddr Ar BD_ADDR
+Specify remote device BD_ADDR for the entry.
+.It Cm name Ar device_name
+Specify user friendly name for the entry.
+Name is a string in straight double quotes.
+.It Cm key Ar link_key
+Specify link key for the entry.
+Link key is hexadecimal string up to 32 characters in length starting with
+.Ql 0x .
+.It Cm key nokey
+Specify no link key for the entry.
+.It Cm pin Ar PIN_code
+Specify PIN code for the entry.
+PIN code is a string up to 16 characters in length in straight double quotes.
+.It Cm pin nopin
+Specify no PIN code for the entry.
+.El
+.Sh EXAMPLES
+A sample
+.Nm
+file:
+.Bd -literal
+# Default entry is applied if no better match found
+# It MUST have 00:00:00:00:00:00 as bdaddr
+device {
+        bdaddr  00:00:00:00:00:00;
+        name    "Default entry";
+        key     nokey;
+        pin     nopin;
+}
+
+# Ericsson T68 phone
+device {
+        bdaddr  00:80:37:5e:4d:d4;
+        name    "Ericsson T68 phone";
+        key     nokey;
+        pin     "0000"; # PIN code
+}
+
+# Dummy device
+device {
+        bdaddr  00:11:22:33:44:55;
+        name    "Dummy";
+        key     0x00112233445566778899aabbccddeeff; # 16 bytes key
+        pin     nopin;
+}
+.Ed
+.Sh SEE ALSO
+.Xr hcsecd 8
+.Sh AUTHORS
+.An Maksim Yevmenkin Aq Mt m_evmenkin@yahoo.com
diff --git a/usr.sbin/bluetooth/hcsecd/hcsecd.h b/usr.sbin/bluetooth/hcsecd/hcsecd.h
new file mode 100644
index 000000000000..e13139e7cf1a
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/hcsecd.h
@@ -0,0 +1,66 @@
+/*-
+ * hcsecd.h
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: hcsecd.h,v 1.3 2003/09/08 18:54:21 max Exp $
+ */
+
+#ifndef _HCSECD_H_
+#define _HCSECD_H_ 1
+
+#define HCSECD_BUFFER_SIZE	512
+#define HCSECD_IDENT		"hcsecd"
+#define HCSECD_PIDFILE		"/var/run/" HCSECD_IDENT ".pid"
+#define HCSECD_KEYSFILE		"/var/db/"  HCSECD_IDENT ".keys"
+
+struct link_key
+{
+	bdaddr_t		 bdaddr; /* remote device BDADDR */
+	char			*name;   /* remote device name */
+	uint8_t			*key;    /* link key (or NULL if no key) */
+	char			*pin;    /* pin (or NULL if no pin) */
+	LIST_ENTRY(link_key)	 next;   /* link to the next */
+};
+typedef struct link_key		link_key_t;
+typedef struct link_key *	link_key_p;
+
+extern char	*config_file;
+
+#if __config_debug__
+void		dump_config	(void);
+#endif
+
+void		read_config_file(void);
+void		clean_config	(void);
+link_key_p	get_key		(bdaddr_p bdaddr, int exact_match);
+
+int		read_keys_file  (void);
+int		dump_keys_file  (void);
+
+#endif /* ndef _HCSECD_H_ */
+
diff --git a/usr.sbin/bluetooth/hcsecd/lexer.l b/usr.sbin/bluetooth/hcsecd/lexer.l
new file mode 100644
index 000000000000..71bfd7d5c7b1
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/lexer.l
@@ -0,0 +1,96 @@
+%{
+/*-
+ * lexer.l
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: lexer.l,v 1.1 2002/11/24 20:22:39 max Exp $
+ */
+
+#include <string.h>
+#include "parser.h"
+%}
+
+%option yylineno noyywrap nounput noinput
+
+delim		[ \t\n]
+ws		{delim}+
+empty		{delim}*
+comment		\#.*
+
+hexdigit	[0-9a-fA-F]
+hexbyte		{hexdigit}{hexdigit}
+
+device_word	device
+bdaddr_word	bdaddr
+name_word	name
+key_word	key
+nokey_word	nokey
+pin_word	pin
+nopin_word	nopin
+
+bdaddrstring	{hexbyte}:{hexbyte}:{hexbyte}:{hexbyte}:{hexbyte}:{hexbyte}
+hexstring	0x{hexbyte}+
+string		\".+\"
+
+%%
+
+\;		return (';');
+\:		return (':');
+\{		return ('{');
+\}		return ('}');
+
+{ws}		;
+{empty}		;
+{comment}	;
+
+{device_word}	return (T_DEVICE);
+{bdaddr_word}	return (T_BDADDR);
+{name_word}	return (T_NAME);
+{key_word}	return (T_KEY);
+{nokey_word}	return (T_NOKEY);
+{pin_word}	return (T_PIN);
+{nopin_word}	return (T_NOPIN);
+
+{bdaddrstring}	{
+		yylval.string = yytext;
+		return (T_BDADDRSTRING);
+		}
+
+{hexstring}	{
+		yylval.string = &yytext[2];
+		return (T_HEXSTRING);
+		}
+
+{string}	{
+		yytext[strlen(yytext) - 1] = 0;
+		yylval.string = &yytext[1];
+		return (T_STRING);
+		}
+
+%%
+
diff --git a/usr.sbin/bluetooth/hcsecd/parser.y b/usr.sbin/bluetooth/hcsecd/parser.y
new file mode 100644
index 000000000000..bf8d33f565bc
--- /dev/null
+++ b/usr.sbin/bluetooth/hcsecd/parser.y
@@ -0,0 +1,436 @@
+%{
+/*-
+ * parser.y
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2001-2002 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: parser.y,v 1.5 2003/06/07 21:22:30 max Exp $
+ */
+
+#include <sys/fcntl.h>
+#include <sys/queue.h>
+#define L2CAP_SOCKET_CHECKED
+#include <bluetooth.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include "hcsecd.h"
+
+	int	yyparse  (void);
+	int	yylex    (void);
+
+static	void	free_key (link_key_p key);
+static	int	hexa2int4(char *a);
+static	int	hexa2int8(char *a);
+
+extern	int			 yylineno;
+static	LIST_HEAD(, link_key)	 link_keys;
+	char			*config_file = "/etc/bluetooth/hcsecd.conf";
+
+static	link_key_p		 key = NULL;
+%}
+
+%union {
+	char	*string;
+}
+
+%token <string> T_BDADDRSTRING T_HEXSTRING T_STRING
+%token T_DEVICE T_BDADDR T_NAME T_KEY T_PIN T_NOKEY T_NOPIN T_JUNK
+
+%%
+
+config:		line
+		| config line
+		;
+
+line:		T_DEVICE
+			{
+			key = (link_key_p) malloc(sizeof(*key));
+			if (key == NULL) {
+				syslog(LOG_ERR, "Could not allocate new " \
+						"config entry");
+				exit(1);
+			}
+
+			memset(key, 0, sizeof(*key));
+			}
+		'{' options '}'
+			{
+			if (get_key(&key->bdaddr, 1) != NULL) {
+				syslog(LOG_ERR, "Ignoring duplicated entry " \
+						"for bdaddr %s",
+						bt_ntoa(&key->bdaddr, NULL));
+				free_key(key);
+			} else 
+				LIST_INSERT_HEAD(&link_keys, key, next);
+
+			key = NULL;
+			}
+		;
+
+options:	option ';'
+		| options option ';'
+		;
+
+option:		bdaddr
+		| name
+		| key
+		| pin
+		;
+
+bdaddr:		T_BDADDR T_BDADDRSTRING
+			{
+			if (!bt_aton($2, &key->bdaddr)) {
+				syslog(LOG_ERR, "Cound not parse BD_ADDR " \
+						"'%s'", $2);
+				exit(1);
+			}
+			}
+		;
+
+name:		T_NAME T_STRING
+			{
+			if (key->name != NULL)
+				free(key->name);
+
+			key->name = strdup($2);
+			if (key->name == NULL) {
+				syslog(LOG_ERR, "Could not allocate new " \
+						"device name");
+				exit(1);
+			}
+			}
+		;
+
+key:		T_KEY T_HEXSTRING
+			{
+			int	i, len;
+
+			if (key->key != NULL)
+				free(key->key);
+
+			key->key = (uint8_t *) malloc(NG_HCI_KEY_SIZE);
+			if (key->key == NULL) {
+				syslog(LOG_ERR, "Could not allocate new " \
+						"link key");
+				exit(1);
+			}
+
+			memset(key->key, 0, NG_HCI_KEY_SIZE);
+
+			len = strlen($2) / 2;
+			if (len > NG_HCI_KEY_SIZE)
+				len = NG_HCI_KEY_SIZE;
+
+			for (i = 0; i < len; i ++)
+				key->key[i] = hexa2int8((char *)($2) + 2*i);
+			}
+		| T_KEY T_NOKEY
+			{
+			if (key->key != NULL)
+				free(key->key);
+
+			key->key = NULL;
+			}
+		;
+
+pin:		T_PIN T_STRING
+			{
+			if (key->pin != NULL)
+				free(key->pin);
+
+			key->pin = strdup($2);
+			if (key->pin == NULL) {
+				syslog(LOG_ERR, "Could not allocate new " \
+						"PIN code");
+				exit(1);
+			}
+			}
+		| T_PIN T_NOPIN
+			{
+			if (key->pin != NULL)
+				free(key->pin);
+
+			key->pin = NULL;
+			}
+		;
+
+%%
+
+/* Display parser error message */
+void
+yyerror(char const *message)
+{
+	syslog(LOG_ERR, "%s in line %d", message, yylineno);
+}
+
+/* Re-read config file */
+void
+read_config_file(void)
+{
+	extern FILE	*yyin;
+
+	if (config_file == NULL) {
+		syslog(LOG_ERR, "Unknown config file name!");
+		exit(1);
+	}
+
+	if ((yyin = fopen(config_file, "r")) == NULL) {
+		syslog(LOG_ERR, "Could not open config file '%s'. %s (%d)",
+				config_file, strerror(errno), errno);
+		exit(1);
+	}
+
+	clean_config();
+	if (yyparse() < 0) {
+		syslog(LOG_ERR, "Could not parse config file '%s'",config_file);
+		exit(1);
+	}
+
+	fclose(yyin);
+	yyin = NULL;
+
+#if __config_debug__
+	dump_config();
+#endif
+}
+
+/* Clean config */
+void
+clean_config(void)
+{
+	link_key_p	key = NULL;
+
+	while ((key = LIST_FIRST(&link_keys)) != NULL) {
+		LIST_REMOVE(key, next);
+		free_key(key);
+	}
+}
+
+/* Find link key entry in the list. Return exact or default match */
+link_key_p
+get_key(bdaddr_p bdaddr, int exact_match)
+{
+	link_key_p	key = NULL, defkey = NULL;
+
+	LIST_FOREACH(key, &link_keys, next) {
+		if (memcmp(bdaddr, &key->bdaddr, sizeof(key->bdaddr)) == 0)
+			break;
+
+		if (!exact_match)
+			if (memcmp(NG_HCI_BDADDR_ANY, &key->bdaddr,
+					sizeof(key->bdaddr)) == 0)
+				defkey = key;
+	}
+
+	return ((key != NULL)? key : defkey);
+}
+
+#if __config_debug__
+/* Dump config */
+void
+dump_config(void)
+{
+	link_key_p	key = NULL;
+	char		buffer[64];
+
+	LIST_FOREACH(key, &link_keys, next) {
+		if (key->key != NULL)
+			snprintf(buffer, sizeof(buffer),
+"0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				key->key[0], key->key[1], key->key[2],
+				key->key[3], key->key[4], key->key[5],
+				key->key[6], key->key[7], key->key[8],
+				key->key[9], key->key[10], key->key[11],
+				key->key[12], key->key[13], key->key[14],
+				key->key[15]);
+
+		syslog(LOG_DEBUG, 
+"device %s " \
+"bdaddr %s " \
+"pin %s " \
+"key %s",
+			(key->name != NULL)? key->name : "noname",
+			bt_ntoa(&key->bdaddr, NULL),
+			(key->pin != NULL)? key->pin : "nopin",
+			(key->key != NULL)? buffer : "nokey");
+	}
+}
+#endif
+
+/* Read keys file */
+int
+read_keys_file(void)
+{
+	FILE		*f = NULL;
+	link_key_t	*key = NULL;
+	char		 buf[HCSECD_BUFFER_SIZE], *p = NULL, *cp = NULL;
+	bdaddr_t	 bdaddr;
+	int		 i, len;
+
+	if ((f = fopen(HCSECD_KEYSFILE, "r")) == NULL) {
+		if (errno == ENOENT)
+			return (0);
+
+		syslog(LOG_ERR, "Could not open keys file %s. %s (%d)\n",
+				HCSECD_KEYSFILE, strerror(errno), errno);
+
+		return (-1);
+	}
+
+	while ((p = fgets(buf, sizeof(buf), f)) != NULL) {
+		if (*p == '#')
+			continue;
+		if ((cp = strpbrk(p, " ")) == NULL)
+			continue;
+
+		*cp++ = '\0';
+
+		if (!bt_aton(p, &bdaddr))
+			continue;
+
+		if ((key = get_key(&bdaddr, 1)) == NULL)
+			continue;
+
+		if (key->key == NULL) {
+			key->key = (uint8_t *) malloc(NG_HCI_KEY_SIZE);
+			if (key->key == NULL) {
+				syslog(LOG_ERR, "Could not allocate link key");
+				exit(1);
+			}
+		}
+
+		memset(key->key, 0, NG_HCI_KEY_SIZE);
+
+		len = strlen(cp) / 2;
+		if (len > NG_HCI_KEY_SIZE)
+			len = NG_HCI_KEY_SIZE;
+
+		for (i = 0; i < len; i ++)
+			key->key[i] = hexa2int8(cp + 2*i);
+
+		syslog(LOG_DEBUG, "Restored link key for the entry, " \
+				"remote bdaddr %s, name '%s'",
+				bt_ntoa(&key->bdaddr, NULL),
+				(key->name != NULL)? key->name : "No name");
+	}
+
+	fclose(f);
+
+	return (0);
+}
+
+/* Dump keys file */
+int
+dump_keys_file(void)
+{
+	link_key_p	key = NULL;
+	char		tmp[PATH_MAX], buf[HCSECD_BUFFER_SIZE];
+	int		f;
+
+	snprintf(tmp, sizeof(tmp), "%s.tmp", HCSECD_KEYSFILE);
+	if ((f = open(tmp, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0600)) < 0) {
+		syslog(LOG_ERR, "Could not create temp keys file %s. %s (%d)\n",
+				tmp, strerror(errno), errno);
+		return (-1);
+	}
+
+	LIST_FOREACH(key, &link_keys, next) {
+		if (key->key == NULL)
+			continue;
+
+		snprintf(buf, sizeof(buf),
+"%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
+			bt_ntoa(&key->bdaddr, NULL),
+			key->key[0],  key->key[1],  key->key[2],  key->key[3],
+			key->key[4],  key->key[5],  key->key[6],  key->key[7],
+			key->key[8],  key->key[9],  key->key[10], key->key[11],
+			key->key[12], key->key[13], key->key[14], key->key[15]);
+
+		if (write(f, buf, strlen(buf)) < 0) {
+			syslog(LOG_ERR, "Could not write temp keys file. " \
+					"%s (%d)\n", strerror(errno), errno);
+			break;
+		}
+	}
+
+	close(f);
+
+	if (rename(tmp, HCSECD_KEYSFILE) < 0) {
+		syslog(LOG_ERR, "Could not rename(%s, %s). %s (%d)\n",
+				tmp, HCSECD_KEYSFILE, strerror(errno), errno);
+		unlink(tmp);
+		return (-1);
+	}
+
+	return (0);
+}
+
+/* Free key entry */
+static void
+free_key(link_key_p key)
+{
+	if (key->name != NULL)
+		free(key->name);
+	if (key->key != NULL)
+		free(key->key);
+	if (key->pin != NULL)
+		free(key->pin);
+
+	memset(key, 0, sizeof(*key));
+	free(key);
+}
+
+/* Convert hex ASCII to int4 */
+static int
+hexa2int4(char *a)
+{
+	if ('0' <= *a && *a <= '9')
+		return (*a - '0');
+
+	if ('A' <= *a && *a <= 'F')
+		return (*a - 'A' + 0xa);
+
+	if ('a' <= *a && *a <= 'f')
+		return (*a - 'a' + 0xa);
+
+	syslog(LOG_ERR, "Invalid hex character: '%c' (%#x)", *a, *a);
+	exit(1);
+}
+
+/* Convert hex ASCII to int8 */
+static int
+hexa2int8(char *a)
+{
+	return ((hexa2int4(a) << 4) | hexa2int4(a + 1));
+}
+