Skip to content

Commit

Permalink
Bluetooth: Fix exposing full value of shortened LTKs
Browse files Browse the repository at this point in the history
When we notify user space of a new LTK or distribute an LTK to the
remote peer the value passed should be the shortened version so that
it's easy to compare values in various traces. The core spec also sets
the requirements for the shortening/masking as:

"The masking shall be done after generation and before being
distributed, used or stored."

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
  • Loading branch information
Johan Hedberg authored and holtmann committed Jun 10, 2015
1 parent 61b2fc2 commit 1fc62c5
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
7 changes: 6 additions & 1 deletion net/bluetooth/mgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -7603,7 +7603,12 @@ void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
if (key->type == SMP_LTK)
ev.key.master = 1;

memcpy(ev.key.val, key->val, sizeof(key->val));
/* Make sure we copy only the significant bytes based on the
* encryption key size, and set the rest of the value to zeroes.
*/
memcpy(ev.key.val, key->val, sizeof(key->enc_size));
memset(ev.key.val + key->enc_size, 0,
sizeof(ev.key.val) - key->enc_size);

mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
}
Expand Down
9 changes: 8 additions & 1 deletion net/bluetooth/smp.c
Original file line number Diff line number Diff line change
Expand Up @@ -1271,7 +1271,14 @@ static void smp_distribute_keys(struct smp_chan *smp)
__le16 ediv;
__le64 rand;

get_random_bytes(enc.ltk, sizeof(enc.ltk));
/* Make sure we generate only the significant amount of
* bytes based on the encryption key size, and set the rest
* of the value to zeroes.
*/
get_random_bytes(enc.ltk, smp->enc_key_size);
memset(enc.ltk + smp->enc_key_size, 0,
sizeof(enc.ltk) - smp->enc_key_size);

get_random_bytes(&ediv, sizeof(ediv));
get_random_bytes(&rand, sizeof(rand));

Expand Down

0 comments on commit 1fc62c5

Please sign in to comment.