Commit 882fafad authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann

Bluetooth: Fix local OOB data handling for SMP

We need to store the local ra/rb value in order to verify the Check
value received from the remote. This patch adds a new 'lr' for the local
ra/rb value and makes sure it gets used when verifying the DHKey Check
PDU received from the remote.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 8e4e2ee5
...@@ -95,7 +95,8 @@ struct smp_chan { ...@@ -95,7 +95,8 @@ struct smp_chan {
u8 rrnd[16]; /* SMP Pairing Random (remote) */ u8 rrnd[16]; /* SMP Pairing Random (remote) */
u8 pcnf[16]; /* SMP Pairing Confirm */ u8 pcnf[16]; /* SMP Pairing Confirm */
u8 tk[16]; /* SMP Temporary Key */ u8 tk[16]; /* SMP Temporary Key */
u8 rr[16]; u8 rr[16]; /* Remote OOB ra/rb value */
u8 lr[16]; /* Local OOB ra/rb value */
u8 enc_key_size; u8 enc_key_size;
u8 remote_key_dist; u8 remote_key_dist;
bdaddr_t id_addr; bdaddr_t id_addr;
...@@ -1830,7 +1831,7 @@ static u8 sc_send_public_key(struct smp_chan *smp) ...@@ -1830,7 +1831,7 @@ static u8 sc_send_public_key(struct smp_chan *smp)
memcpy(smp->local_pk, smp_dev->local_pk, 64); memcpy(smp->local_pk, smp_dev->local_pk, 64);
memcpy(smp->local_sk, smp_dev->local_sk, 32); memcpy(smp->local_sk, smp_dev->local_sk, 32);
memcpy(smp->rr, smp_dev->local_rr, 16); memcpy(smp->lr, smp_dev->local_rr, 16);
if (smp_dev->debug_key) if (smp_dev->debug_key)
set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
...@@ -2634,6 +2635,8 @@ static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb) ...@@ -2634,6 +2635,8 @@ static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY) if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
put_unaligned_le32(hcon->passkey_notify, r); put_unaligned_le32(hcon->passkey_notify, r);
else if (smp->method == REQ_OOB)
memcpy(r, smp->lr, 16);
err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r, err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
io_cap, remote_addr, local_addr, e); io_cap, remote_addr, local_addr, e);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment