aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorVinicius Costa Gomes <vinicius.gomes@openbossa.org>2011-09-05 13:31:30 -0400
committerGustavo F. Padovan <padovan@profusion.mobi>2011-09-21 11:58:12 -0400
commit1c1def09c446aae441410b70e6439ffe44dee866 (patch)
tree037e722c234649ff21406cf9c3f3e79aaee2aa78 /net/bluetooth
parent142c69c6eaab26587264881bb71546e30aafdcee (diff)
Bluetooth: Move SMP fields to a separate structure
The objective is to make the core to have as little as possible information about SMP procedures and logic. Now, all the SMP specific information is hidden from the core. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_core.c8
-rw-r--r--net/bluetooth/smp.c108
2 files changed, 54 insertions, 62 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 1d2068322728..b4e7cde35365 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1523,11 +1523,6 @@ int hci_register_dev(struct hci_dev *hdev)
1523 if (!hdev->workqueue) 1523 if (!hdev->workqueue)
1524 goto nomem; 1524 goto nomem;
1525 1525
1526 hdev->tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1527 if (IS_ERR(hdev->tfm))
1528 BT_INFO("Failed to load transform for ecb(aes): %ld",
1529 PTR_ERR(hdev->tfm));
1530
1531 hci_register_sysfs(hdev); 1526 hci_register_sysfs(hdev);
1532 1527
1533 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 1528 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
@@ -1576,9 +1571,6 @@ int hci_unregister_dev(struct hci_dev *hdev)
1576 !test_bit(HCI_SETUP, &hdev->flags)) 1571 !test_bit(HCI_SETUP, &hdev->flags))
1577 mgmt_index_removed(hdev->id); 1572 mgmt_index_removed(hdev->id);
1578 1573
1579 if (!IS_ERR(hdev->tfm))
1580 crypto_free_blkcipher(hdev->tfm);
1581
1582 hci_notify(hdev, HCI_DEV_UNREG); 1574 hci_notify(hdev, HCI_DEV_UNREG);
1583 1575
1584 if (hdev->rfkill) { 1576 if (hdev->rfkill) {
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index f0c67f62a08e..b5e1b4a300cc 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -232,11 +232,13 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
232 232
233static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 233static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
234{ 234{
235 struct smp_chan *smp = conn->smp_chan;
236
235 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 237 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
236 (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 238 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
237 return SMP_ENC_KEY_SIZE; 239 return SMP_ENC_KEY_SIZE;
238 240
239 conn->smp_key_size = max_key_size; 241 smp->smp_key_size = max_key_size;
240 242
241 return 0; 243 return 0;
242} 244}
@@ -244,6 +246,7 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
244static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 246static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
245{ 247{
246 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 248 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
249 struct smp_chan *smp = conn->smp_chan;
247 u8 key_size; 250 u8 key_size;
248 251
249 BT_DBG("conn %p", conn); 252 BT_DBG("conn %p", conn);
@@ -251,8 +254,8 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
251 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 254 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
252 hci_conn_hold(conn->hcon); 255 hci_conn_hold(conn->hcon);
253 256
254 conn->preq[0] = SMP_CMD_PAIRING_REQ; 257 smp->preq[0] = SMP_CMD_PAIRING_REQ;
255 memcpy(&conn->preq[1], req, sizeof(*req)); 258 memcpy(&smp->preq[1], req, sizeof(*req));
256 skb_pull(skb, sizeof(*req)); 259 skb_pull(skb, sizeof(*req));
257 260
258 if (req->oob_flag) 261 if (req->oob_flag)
@@ -266,10 +269,10 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
266 return SMP_ENC_KEY_SIZE; 269 return SMP_ENC_KEY_SIZE;
267 270
268 /* Just works */ 271 /* Just works */
269 memset(conn->tk, 0, sizeof(conn->tk)); 272 memset(smp->tk, 0, sizeof(smp->tk));
270 273
271 conn->prsp[0] = SMP_CMD_PAIRING_RSP; 274 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
272 memcpy(&conn->prsp[1], &rsp, sizeof(rsp)); 275 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
273 276
274 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 277 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
275 278
@@ -280,7 +283,9 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
280{ 283{
281 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 284 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
282 struct smp_cmd_pairing_confirm cp; 285 struct smp_cmd_pairing_confirm cp;
283 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm; 286 struct smp_chan *smp = conn->smp_chan;
287 struct crypto_blkcipher *tfm = smp->tfm;
288
284 int ret; 289 int ret;
285 u8 res[16], key_size; 290 u8 res[16], key_size;
286 291
@@ -288,7 +293,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
288 293
289 skb_pull(skb, sizeof(*rsp)); 294 skb_pull(skb, sizeof(*rsp));
290 295
291 req = (void *) &conn->preq[1]; 296 req = (void *) &smp->preq[1];
292 297
293 key_size = min(req->max_key_size, rsp->max_key_size); 298 key_size = min(req->max_key_size, rsp->max_key_size);
294 if (check_enc_key_size(conn, key_size)) 299 if (check_enc_key_size(conn, key_size))
@@ -298,16 +303,16 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
298 return SMP_OOB_NOT_AVAIL; 303 return SMP_OOB_NOT_AVAIL;
299 304
300 /* Just works */ 305 /* Just works */
301 memset(conn->tk, 0, sizeof(conn->tk)); 306 memset(smp->tk, 0, sizeof(smp->tk));
302 307
303 conn->prsp[0] = SMP_CMD_PAIRING_RSP; 308 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
304 memcpy(&conn->prsp[1], rsp, sizeof(*rsp)); 309 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
305 310
306 ret = smp_rand(conn->prnd); 311 ret = smp_rand(smp->prnd);
307 if (ret) 312 if (ret)
308 return SMP_UNSPECIFIED; 313 return SMP_UNSPECIFIED;
309 314
310 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0, 315 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
311 conn->src, conn->hcon->dst_type, conn->dst, res); 316 conn->src, conn->hcon->dst_type, conn->dst, res);
312 if (ret) 317 if (ret)
313 return SMP_UNSPECIFIED; 318 return SMP_UNSPECIFIED;
@@ -321,17 +326,18 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
321 326
322static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 327static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
323{ 328{
324 struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm; 329 struct smp_chan *smp = conn->smp_chan;
330 struct crypto_blkcipher *tfm = smp->tfm;
325 331
326 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 332 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
327 333
328 memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf)); 334 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
329 skb_pull(skb, sizeof(conn->pcnf)); 335 skb_pull(skb, sizeof(smp->pcnf));
330 336
331 if (conn->hcon->out) { 337 if (conn->hcon->out) {
332 u8 random[16]; 338 u8 random[16];
333 339
334 swap128(conn->prnd, random); 340 swap128(smp->prnd, random);
335 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), 341 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
336 random); 342 random);
337 } else { 343 } else {
@@ -339,11 +345,11 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
339 int ret; 345 int ret;
340 u8 res[16]; 346 u8 res[16];
341 347
342 ret = smp_rand(conn->prnd); 348 ret = smp_rand(smp->prnd);
343 if (ret) 349 if (ret)
344 return SMP_UNSPECIFIED; 350 return SMP_UNSPECIFIED;
345 351
346 ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 352 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
347 conn->hcon->dst_type, conn->dst, 353 conn->hcon->dst_type, conn->dst,
348 0, conn->src, res); 354 0, conn->src, res);
349 if (ret) 355 if (ret)
@@ -360,7 +366,8 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
360static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 366static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
361{ 367{
362 struct hci_conn *hcon = conn->hcon; 368 struct hci_conn *hcon = conn->hcon;
363 struct crypto_blkcipher *tfm = hcon->hdev->tfm; 369 struct smp_chan *smp = conn->smp_chan;
370 struct crypto_blkcipher *tfm = smp->tfm;
364 int ret; 371 int ret;
365 u8 key[16], res[16], random[16], confirm[16]; 372 u8 key[16], res[16], random[16], confirm[16];
366 373
@@ -368,11 +375,11 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
368 skb_pull(skb, sizeof(random)); 375 skb_pull(skb, sizeof(random));
369 376
370 if (conn->hcon->out) 377 if (conn->hcon->out)
371 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0, 378 ret = smp_c1(tfm, smp->tk, random, smp->preq, smp->prsp, 0,
372 conn->src, conn->hcon->dst_type, conn->dst, 379 conn->src, conn->hcon->dst_type, conn->dst,
373 res); 380 res);
374 else 381 else
375 ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 382 ret = smp_c1(tfm, smp->tk, random, smp->preq, smp->prsp,
376 conn->hcon->dst_type, conn->dst, 0, conn->src, 383 conn->hcon->dst_type, conn->dst, 0, conn->src,
377 res); 384 res);
378 if (ret) 385 if (ret)
@@ -382,7 +389,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
382 389
383 swap128(res, confirm); 390 swap128(res, confirm);
384 391
385 if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) { 392 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
386 BT_ERR("Pairing failed (confirmation values mismatch)"); 393 BT_ERR("Pairing failed (confirmation values mismatch)");
387 return SMP_CONFIRM_FAILED; 394 return SMP_CONFIRM_FAILED;
388 } 395 }
@@ -394,17 +401,17 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
394 memset(rand, 0, sizeof(rand)); 401 memset(rand, 0, sizeof(rand));
395 ediv = 0; 402 ediv = 0;
396 403
397 smp_s1(tfm, conn->tk, random, conn->prnd, key); 404 smp_s1(tfm, smp->tk, random, smp->prnd, key);
398 swap128(key, stk); 405 swap128(key, stk);
399 406
400 memset(stk + conn->smp_key_size, 0, 407 memset(stk + smp->smp_key_size, 0,
401 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); 408 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
402 409
403 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) 410 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
404 return SMP_UNSPECIFIED; 411 return SMP_UNSPECIFIED;
405 412
406 hci_le_start_enc(hcon, ediv, rand, stk); 413 hci_le_start_enc(hcon, ediv, rand, stk);
407 hcon->enc_key_size = conn->smp_key_size; 414 hcon->enc_key_size = smp->smp_key_size;
408 } else { 415 } else {
409 u8 stk[16], r[16], rand[8]; 416 u8 stk[16], r[16], rand[8];
410 __le16 ediv; 417 __le16 ediv;
@@ -412,16 +419,16 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
412 memset(rand, 0, sizeof(rand)); 419 memset(rand, 0, sizeof(rand));
413 ediv = 0; 420 ediv = 0;
414 421
415 swap128(conn->prnd, r); 422 swap128(smp->prnd, r);
416 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); 423 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
417 424
418 smp_s1(tfm, conn->tk, conn->prnd, random, key); 425 smp_s1(tfm, smp->tk, smp->prnd, random, key);
419 swap128(key, stk); 426 swap128(key, stk);
420 427
421 memset(stk + conn->smp_key_size, 0, 428 memset(stk + smp->smp_key_size, 0,
422 SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); 429 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size);
423 430
424 hci_add_ltk(conn->hcon->hdev, 0, conn->dst, conn->smp_key_size, 431 hci_add_ltk(conn->hcon->hdev, 0, conn->dst, smp->smp_key_size,
425 ediv, rand, stk); 432 ediv, rand, stk);
426 } 433 }
427 434
@@ -433,6 +440,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
433 struct smp_cmd_security_req *rp = (void *) skb->data; 440 struct smp_cmd_security_req *rp = (void *) skb->data;
434 struct smp_cmd_pairing cp; 441 struct smp_cmd_pairing cp;
435 struct hci_conn *hcon = conn->hcon; 442 struct hci_conn *hcon = conn->hcon;
443 struct smp_chan *smp = conn->smp_chan;
436 444
437 BT_DBG("conn %p", conn); 445 BT_DBG("conn %p", conn);
438 446
@@ -446,8 +454,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
446 memset(&cp, 0, sizeof(cp)); 454 memset(&cp, 0, sizeof(cp));
447 build_pairing_cmd(conn, &cp, NULL, rp->auth_req); 455 build_pairing_cmd(conn, &cp, NULL, rp->auth_req);
448 456
449 conn->preq[0] = SMP_CMD_PAIRING_REQ; 457 smp->preq[0] = SMP_CMD_PAIRING_REQ;
450 memcpy(&conn->preq[1], &cp, sizeof(cp)); 458 memcpy(&smp->preq[1], &cp, sizeof(cp));
451 459
452 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 460 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
453 461
@@ -457,6 +465,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
457int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) 465int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
458{ 466{
459 struct hci_conn *hcon = conn->hcon; 467 struct hci_conn *hcon = conn->hcon;
468 struct smp_chan *smp = conn->smp_chan;
460 __u8 authreq; 469 __u8 authreq;
461 470
462 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 471 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
@@ -464,9 +473,6 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
464 if (!lmp_host_le_capable(hcon->hdev)) 473 if (!lmp_host_le_capable(hcon->hdev))
465 return 1; 474 return 1;
466 475
467 if (IS_ERR(hcon->hdev->tfm))
468 return 1;
469
470 if (sec_level == BT_SECURITY_LOW) 476 if (sec_level == BT_SECURITY_LOW)
471 return 1; 477 return 1;
472 478
@@ -505,8 +511,8 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
505 struct smp_cmd_pairing cp; 511 struct smp_cmd_pairing cp;
506 512
507 build_pairing_cmd(conn, &cp, NULL, authreq); 513 build_pairing_cmd(conn, &cp, NULL, authreq);
508 conn->preq[0] = SMP_CMD_PAIRING_REQ; 514 smp->preq[0] = SMP_CMD_PAIRING_REQ;
509 memcpy(&conn->preq[1], &cp, sizeof(cp)); 515 memcpy(&smp->preq[1], &cp, sizeof(cp));
510 516
511 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 517 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
512 } else { 518 } else {
@@ -524,10 +530,11 @@ done:
524static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) 530static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
525{ 531{
526 struct smp_cmd_encrypt_info *rp = (void *) skb->data; 532 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
533 struct smp_chan *smp = conn->smp_chan;
527 534
528 skb_pull(skb, sizeof(*rp)); 535 skb_pull(skb, sizeof(*rp));
529 536
530 memcpy(conn->tk, rp->ltk, sizeof(conn->tk)); 537 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
531 538
532 return 0; 539 return 0;
533} 540}
@@ -535,11 +542,12 @@ static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
535static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) 542static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
536{ 543{
537 struct smp_cmd_master_ident *rp = (void *) skb->data; 544 struct smp_cmd_master_ident *rp = (void *) skb->data;
545 struct smp_chan *smp = conn->smp_chan;
538 546
539 skb_pull(skb, sizeof(*rp)); 547 skb_pull(skb, sizeof(*rp));
540 548
541 hci_add_ltk(conn->hcon->hdev, 1, conn->src, conn->smp_key_size, 549 hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size,
542 rp->ediv, rp->rand, conn->tk); 550 rp->ediv, rp->rand, smp->tk);
543 551
544 smp_distribute_keys(conn, 1); 552 smp_distribute_keys(conn, 1);
545 553
@@ -558,12 +566,6 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
558 goto done; 566 goto done;
559 } 567 }
560 568
561 if (IS_ERR(conn->hcon->hdev->tfm)) {
562 err = PTR_ERR(conn->hcon->hdev->tfm);
563 reason = SMP_PAIRING_NOTSUPP;
564 goto done;
565 }
566
567 skb_pull(skb, sizeof(code)); 569 skb_pull(skb, sizeof(code));
568 570
569 switch (code) { 571 switch (code) {
@@ -627,23 +629,21 @@ done:
627int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) 629int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
628{ 630{
629 struct smp_cmd_pairing *req, *rsp; 631 struct smp_cmd_pairing *req, *rsp;
632 struct smp_chan *smp = conn->smp_chan;
630 __u8 *keydist; 633 __u8 *keydist;
631 634
632 BT_DBG("conn %p force %d", conn, force); 635 BT_DBG("conn %p force %d", conn, force);
633 636
634 if (IS_ERR(conn->hcon->hdev->tfm))
635 return PTR_ERR(conn->hcon->hdev->tfm);
636
637 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 637 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
638 return 0; 638 return 0;
639 639
640 rsp = (void *) &conn->prsp[1]; 640 rsp = (void *) &smp->prsp[1];
641 641
642 /* The responder sends its keys first */ 642 /* The responder sends its keys first */
643 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07)) 643 if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
644 return 0; 644 return 0;
645 645
646 req = (void *) &conn->preq[1]; 646 req = (void *) &smp->preq[1];
647 647
648 if (conn->hcon->out) { 648 if (conn->hcon->out) {
649 keydist = &rsp->init_key_dist; 649 keydist = &rsp->init_key_dist;
@@ -667,7 +667,7 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
667 667
668 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 668 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
669 669
670 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, conn->smp_key_size, 670 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
671 ediv, ident.rand, enc.ltk); 671 ediv, ident.rand, enc.ltk);
672 672
673 ident.ediv = cpu_to_le16(ediv); 673 ident.ediv = cpu_to_le16(ediv);