aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/smp.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/smp.c')
-rw-r--r--net/bluetooth/smp.c250
1 files changed, 222 insertions, 28 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 45007362683b..f06068072bdd 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -78,6 +78,52 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
78 return err; 78 return err;
79} 79}
80 80
81static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3])
82{
83 u8 _res[16], k[16];
84 int err;
85
86 /* r' = padding || r */
87 memset(_res, 0, 13);
88 _res[13] = r[2];
89 _res[14] = r[1];
90 _res[15] = r[0];
91
92 swap128(irk, k);
93 err = smp_e(tfm, k, _res);
94 if (err) {
95 BT_ERR("Encrypt error");
96 return err;
97 }
98
99 /* The output of the random address function ah is:
100 * ah(h, r) = e(k, r') mod 2^24
101 * The output of the security function e is then truncated to 24 bits
102 * by taking the least significant 24 bits of the output of e as the
103 * result of ah.
104 */
105 res[0] = _res[15];
106 res[1] = _res[14];
107 res[2] = _res[13];
108
109 return 0;
110}
111
112bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
113 bdaddr_t *bdaddr)
114{
115 u8 hash[3];
116 int err;
117
118 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
119
120 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
121 if (err)
122 return false;
123
124 return !memcmp(bdaddr->b, hash, 3);
125}
126
81static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], 127static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
82 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, 128 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
83 u8 _rat, bdaddr_t *ra, u8 res[16]) 129 u8 _rat, bdaddr_t *ra, u8 res[16])
@@ -203,31 +249,42 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
203 struct smp_cmd_pairing *req, 249 struct smp_cmd_pairing *req,
204 struct smp_cmd_pairing *rsp, __u8 authreq) 250 struct smp_cmd_pairing *rsp, __u8 authreq)
205{ 251{
206 u8 dist_keys = 0; 252 struct smp_chan *smp = conn->smp_chan;
253 struct hci_conn *hcon = conn->hcon;
254 struct hci_dev *hdev = hcon->hdev;
255 u8 local_dist = 0, remote_dist = 0;
207 256
208 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { 257 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
209 dist_keys = SMP_DIST_ENC_KEY; 258 local_dist = SMP_DIST_ENC_KEY;
259 remote_dist = SMP_DIST_ENC_KEY;
210 authreq |= SMP_AUTH_BONDING; 260 authreq |= SMP_AUTH_BONDING;
211 } else { 261 } else {
212 authreq &= ~SMP_AUTH_BONDING; 262 authreq &= ~SMP_AUTH_BONDING;
213 } 263 }
214 264
265 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
266 remote_dist |= SMP_DIST_ID_KEY;
267
215 if (rsp == NULL) { 268 if (rsp == NULL) {
216 req->io_capability = conn->hcon->io_capability; 269 req->io_capability = conn->hcon->io_capability;
217 req->oob_flag = SMP_OOB_NOT_PRESENT; 270 req->oob_flag = SMP_OOB_NOT_PRESENT;
218 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 271 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
219 req->init_key_dist = 0; 272 req->init_key_dist = local_dist;
220 req->resp_key_dist = dist_keys; 273 req->resp_key_dist = remote_dist;
221 req->auth_req = (authreq & AUTH_REQ_MASK); 274 req->auth_req = (authreq & AUTH_REQ_MASK);
275
276 smp->remote_key_dist = remote_dist;
222 return; 277 return;
223 } 278 }
224 279
225 rsp->io_capability = conn->hcon->io_capability; 280 rsp->io_capability = conn->hcon->io_capability;
226 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 281 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
227 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 282 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
228 rsp->init_key_dist = 0; 283 rsp->init_key_dist = req->init_key_dist & remote_dist;
229 rsp->resp_key_dist = req->resp_key_dist & dist_keys; 284 rsp->resp_key_dist = req->resp_key_dist & local_dist;
230 rsp->auth_req = (authreq & AUTH_REQ_MASK); 285 rsp->auth_req = (authreq & AUTH_REQ_MASK);
286
287 smp->remote_key_dist = rsp->init_key_dist;
231} 288}
232 289
233static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 290static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
@@ -356,20 +413,16 @@ static void confirm_work(struct work_struct *work)
356{ 413{
357 struct smp_chan *smp = container_of(work, struct smp_chan, confirm); 414 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
358 struct l2cap_conn *conn = smp->conn; 415 struct l2cap_conn *conn = smp->conn;
359 struct crypto_blkcipher *tfm; 416 struct hci_dev *hdev = conn->hcon->hdev;
417 struct crypto_blkcipher *tfm = hdev->tfm_aes;
360 struct smp_cmd_pairing_confirm cp; 418 struct smp_cmd_pairing_confirm cp;
361 int ret; 419 int ret;
362 u8 res[16], reason; 420 u8 res[16], reason;
363 421
364 BT_DBG("conn %p", conn); 422 BT_DBG("conn %p", conn);
365 423
366 tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 424 /* Prevent mutual access to hdev->tfm_aes */
367 if (IS_ERR(tfm)) { 425 hci_dev_lock(hdev);
368 reason = SMP_UNSPECIFIED;
369 goto error;
370 }
371
372 smp->tfm = tfm;
373 426
374 if (conn->hcon->out) 427 if (conn->hcon->out)
375 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 428 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
@@ -379,6 +432,9 @@ static void confirm_work(struct work_struct *work)
379 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 432 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
380 conn->hcon->dst_type, &conn->hcon->dst, 433 conn->hcon->dst_type, &conn->hcon->dst,
381 conn->hcon->src_type, &conn->hcon->src, res); 434 conn->hcon->src_type, &conn->hcon->src, res);
435
436 hci_dev_unlock(hdev);
437
382 if (ret) { 438 if (ret) {
383 reason = SMP_UNSPECIFIED; 439 reason = SMP_UNSPECIFIED;
384 goto error; 440 goto error;
@@ -400,7 +456,8 @@ static void random_work(struct work_struct *work)
400 struct smp_chan *smp = container_of(work, struct smp_chan, random); 456 struct smp_chan *smp = container_of(work, struct smp_chan, random);
401 struct l2cap_conn *conn = smp->conn; 457 struct l2cap_conn *conn = smp->conn;
402 struct hci_conn *hcon = conn->hcon; 458 struct hci_conn *hcon = conn->hcon;
403 struct crypto_blkcipher *tfm = smp->tfm; 459 struct hci_dev *hdev = hcon->hdev;
460 struct crypto_blkcipher *tfm = hdev->tfm_aes;
404 u8 reason, confirm[16], res[16], key[16]; 461 u8 reason, confirm[16], res[16], key[16];
405 int ret; 462 int ret;
406 463
@@ -411,6 +468,9 @@ static void random_work(struct work_struct *work)
411 468
412 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 469 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
413 470
471 /* Prevent mutual access to hdev->tfm_aes */
472 hci_dev_lock(hdev);
473
414 if (hcon->out) 474 if (hcon->out)
415 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 475 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
416 hcon->src_type, &hcon->src, 476 hcon->src_type, &hcon->src,
@@ -419,6 +479,9 @@ static void random_work(struct work_struct *work)
419 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 479 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
420 hcon->dst_type, &hcon->dst, 480 hcon->dst_type, &hcon->dst,
421 hcon->src_type, &hcon->src, res); 481 hcon->src_type, &hcon->src, res);
482
483 hci_dev_unlock(hdev);
484
422 if (ret) { 485 if (ret) {
423 reason = SMP_UNSPECIFIED; 486 reason = SMP_UNSPECIFIED;
424 goto error; 487 goto error;
@@ -469,7 +532,7 @@ static void random_work(struct work_struct *work)
469 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 532 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
470 533
471 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 534 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
472 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size, 535 HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size,
473 ediv, rand); 536 ediv, rand);
474 } 537 }
475 538
@@ -502,11 +565,12 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
502void smp_chan_destroy(struct l2cap_conn *conn) 565void smp_chan_destroy(struct l2cap_conn *conn)
503{ 566{
504 struct smp_chan *smp = conn->smp_chan; 567 struct smp_chan *smp = conn->smp_chan;
568 bool complete;
505 569
506 BUG_ON(!smp); 570 BUG_ON(!smp);
507 571
508 if (smp->tfm) 572 complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
509 crypto_free_blkcipher(smp->tfm); 573 mgmt_smp_complete(conn->hcon, complete);
510 574
511 kfree(smp); 575 kfree(smp);
512 conn->smp_chan = NULL; 576 conn->smp_chan = NULL;
@@ -565,6 +629,9 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
565 629
566 BT_DBG("conn %p", conn); 630 BT_DBG("conn %p", conn);
567 631
632 if (skb->len < sizeof(*req))
633 return SMP_UNSPECIFIED;
634
568 if (conn->hcon->link_mode & HCI_LM_MASTER) 635 if (conn->hcon->link_mode & HCI_LM_MASTER)
569 return SMP_CMD_NOTSUPP; 636 return SMP_CMD_NOTSUPP;
570 637
@@ -617,6 +684,9 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
617 684
618 BT_DBG("conn %p", conn); 685 BT_DBG("conn %p", conn);
619 686
687 if (skb->len < sizeof(*rsp))
688 return SMP_UNSPECIFIED;
689
620 if (!(conn->hcon->link_mode & HCI_LM_MASTER)) 690 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
621 return SMP_CMD_NOTSUPP; 691 return SMP_CMD_NOTSUPP;
622 692
@@ -661,6 +731,9 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
661 731
662 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 732 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
663 733
734 if (skb->len < sizeof(smp->pcnf))
735 return SMP_UNSPECIFIED;
736
664 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 737 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
665 skb_pull(skb, sizeof(smp->pcnf)); 738 skb_pull(skb, sizeof(smp->pcnf));
666 739
@@ -686,6 +759,9 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
686 759
687 BT_DBG("conn %p", conn); 760 BT_DBG("conn %p", conn);
688 761
762 if (skb->len < sizeof(smp->rrnd))
763 return SMP_UNSPECIFIED;
764
689 swap128(skb->data, smp->rrnd); 765 swap128(skb->data, smp->rrnd);
690 skb_pull(skb, sizeof(smp->rrnd)); 766 skb_pull(skb, sizeof(smp->rrnd));
691 767
@@ -699,7 +775,8 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
699 struct smp_ltk *key; 775 struct smp_ltk *key;
700 struct hci_conn *hcon = conn->hcon; 776 struct hci_conn *hcon = conn->hcon;
701 777
702 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type); 778 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type,
779 hcon->out);
703 if (!key) 780 if (!key)
704 return 0; 781 return 0;
705 782
@@ -724,6 +801,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
724 801
725 BT_DBG("conn %p", conn); 802 BT_DBG("conn %p", conn);
726 803
804 if (skb->len < sizeof(*rp))
805 return SMP_UNSPECIFIED;
806
727 if (!(conn->hcon->link_mode & HCI_LM_MASTER)) 807 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
728 return SMP_CMD_NOTSUPP; 808 return SMP_CMD_NOTSUPP;
729 809
@@ -813,6 +893,15 @@ static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
813 struct smp_cmd_encrypt_info *rp = (void *) skb->data; 893 struct smp_cmd_encrypt_info *rp = (void *) skb->data;
814 struct smp_chan *smp = conn->smp_chan; 894 struct smp_chan *smp = conn->smp_chan;
815 895
896 BT_DBG("conn %p", conn);
897
898 if (skb->len < sizeof(*rp))
899 return SMP_UNSPECIFIED;
900
901 /* Ignore this PDU if it wasn't requested */
902 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
903 return 0;
904
816 skb_pull(skb, sizeof(*rp)); 905 skb_pull(skb, sizeof(*rp));
817 906
818 memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); 907 memcpy(smp->tk, rp->ltk, sizeof(smp->tk));
@@ -826,21 +915,95 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
826 struct smp_chan *smp = conn->smp_chan; 915 struct smp_chan *smp = conn->smp_chan;
827 struct hci_dev *hdev = conn->hcon->hdev; 916 struct hci_dev *hdev = conn->hcon->hdev;
828 struct hci_conn *hcon = conn->hcon; 917 struct hci_conn *hcon = conn->hcon;
918 struct smp_ltk *ltk;
829 u8 authenticated; 919 u8 authenticated;
830 920
921 BT_DBG("conn %p", conn);
922
923 if (skb->len < sizeof(*rp))
924 return SMP_UNSPECIFIED;
925
926 /* Ignore this PDU if it wasn't requested */
927 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
928 return 0;
929
831 skb_pull(skb, sizeof(*rp)); 930 skb_pull(skb, sizeof(*rp));
832 931
833 hci_dev_lock(hdev); 932 hci_dev_lock(hdev);
834 authenticated = (hcon->sec_level == BT_SECURITY_HIGH); 933 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
835 hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK, 1, 934 ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK,
836 authenticated, smp->tk, smp->enc_key_size, 935 authenticated, smp->tk, smp->enc_key_size,
837 rp->ediv, rp->rand); 936 rp->ediv, rp->rand);
838 smp_distribute_keys(conn, 1); 937 smp->ltk = ltk;
938 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
939 smp_distribute_keys(conn, 1);
839 hci_dev_unlock(hdev); 940 hci_dev_unlock(hdev);
840 941
841 return 0; 942 return 0;
842} 943}
843 944
945static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
946{
947 struct smp_cmd_ident_info *info = (void *) skb->data;
948 struct smp_chan *smp = conn->smp_chan;
949
950 BT_DBG("");
951
952 if (skb->len < sizeof(*info))
953 return SMP_UNSPECIFIED;
954
955 /* Ignore this PDU if it wasn't requested */
956 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
957 return 0;
958
959 skb_pull(skb, sizeof(*info));
960
961 memcpy(smp->irk, info->irk, 16);
962
963 return 0;
964}
965
966static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
967 struct sk_buff *skb)
968{
969 struct smp_cmd_ident_addr_info *info = (void *) skb->data;
970 struct smp_chan *smp = conn->smp_chan;
971 struct hci_conn *hcon = conn->hcon;
972 bdaddr_t rpa;
973
974 BT_DBG("");
975
976 if (skb->len < sizeof(*info))
977 return SMP_UNSPECIFIED;
978
979 /* Ignore this PDU if it wasn't requested */
980 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
981 return 0;
982
983 skb_pull(skb, sizeof(*info));
984
985 bacpy(&smp->id_addr, &info->bdaddr);
986 smp->id_addr_type = info->addr_type;
987
988 if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type))
989 bacpy(&rpa, &hcon->dst);
990 else
991 bacpy(&rpa, BDADDR_ANY);
992
993 smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
994 smp->id_addr_type, smp->irk, &rpa);
995
996 /* Track the connection based on the Identity Address from now on */
997 bacpy(&hcon->dst, &smp->id_addr);
998 hcon->dst_type = smp->id_addr_type;
999
1000 l2cap_conn_update_id_addr(hcon);
1001
1002 smp_distribute_keys(conn, 1);
1003
1004 return 0;
1005}
1006
844int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) 1007int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
845{ 1008{
846 struct hci_conn *hcon = conn->hcon; 1009 struct hci_conn *hcon = conn->hcon;
@@ -915,7 +1078,13 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
915 break; 1078 break;
916 1079
917 case SMP_CMD_IDENT_INFO: 1080 case SMP_CMD_IDENT_INFO:
1081 reason = smp_cmd_ident_info(conn, skb);
1082 break;
1083
918 case SMP_CMD_IDENT_ADDR_INFO: 1084 case SMP_CMD_IDENT_ADDR_INFO:
1085 reason = smp_cmd_ident_addr_info(conn, skb);
1086 break;
1087
919 case SMP_CMD_SIGN_INFO: 1088 case SMP_CMD_SIGN_INFO:
920 /* Just ignored */ 1089 /* Just ignored */
921 reason = 0; 1090 reason = 0;
@@ -937,6 +1106,28 @@ done:
937 return err; 1106 return err;
938} 1107}
939 1108
1109static void smp_notify_keys(struct l2cap_conn *conn)
1110{
1111 struct smp_chan *smp = conn->smp_chan;
1112 struct hci_conn *hcon = conn->hcon;
1113 struct hci_dev *hdev = hcon->hdev;
1114
1115 if (smp->remote_irk)
1116 mgmt_new_irk(hdev, smp->remote_irk);
1117
1118 if (smp->ltk) {
1119 smp->ltk->bdaddr_type = hcon->dst_type;
1120 bacpy(&smp->ltk->bdaddr, &hcon->dst);
1121 mgmt_new_ltk(hdev, smp->ltk);
1122 }
1123
1124 if (smp->slave_ltk) {
1125 smp->slave_ltk->bdaddr_type = hcon->dst_type;
1126 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
1127 mgmt_new_ltk(hdev, smp->slave_ltk);
1128 }
1129}
1130
940int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) 1131int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
941{ 1132{
942 struct smp_cmd_pairing *req, *rsp; 1133 struct smp_cmd_pairing *req, *rsp;
@@ -964,13 +1155,13 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
964 *keydist &= req->resp_key_dist; 1155 *keydist &= req->resp_key_dist;
965 } 1156 }
966 1157
967
968 BT_DBG("keydist 0x%x", *keydist); 1158 BT_DBG("keydist 0x%x", *keydist);
969 1159
970 if (*keydist & SMP_DIST_ENC_KEY) { 1160 if (*keydist & SMP_DIST_ENC_KEY) {
971 struct smp_cmd_encrypt_info enc; 1161 struct smp_cmd_encrypt_info enc;
972 struct smp_cmd_master_ident ident; 1162 struct smp_cmd_master_ident ident;
973 struct hci_conn *hcon = conn->hcon; 1163 struct hci_conn *hcon = conn->hcon;
1164 struct smp_ltk *ltk;
974 u8 authenticated; 1165 u8 authenticated;
975 __le16 ediv; 1166 __le16 ediv;
976 1167
@@ -981,9 +1172,10 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
981 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 1172 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
982 1173
983 authenticated = hcon->sec_level == BT_SECURITY_HIGH; 1174 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
984 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, 1175 ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
985 HCI_SMP_LTK_SLAVE, 1, authenticated, 1176 HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
986 enc.ltk, smp->enc_key_size, ediv, ident.rand); 1177 smp->enc_key_size, ediv, ident.rand);
1178 smp->slave_ltk = ltk;
987 1179
988 ident.ediv = ediv; 1180 ident.ediv = ediv;
989 1181
@@ -1022,9 +1214,11 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
1022 *keydist &= ~SMP_DIST_SIGN; 1214 *keydist &= ~SMP_DIST_SIGN;
1023 } 1215 }
1024 1216
1025 if (conn->hcon->out || force) { 1217 if (conn->hcon->out || force || !(rsp->init_key_dist & 0x07)) {
1026 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); 1218 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1027 cancel_delayed_work_sync(&conn->security_timer); 1219 cancel_delayed_work_sync(&conn->security_timer);
1220 set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1221 smp_notify_keys(conn);
1028 smp_chan_destroy(conn); 1222 smp_chan_destroy(conn);
1029 } 1223 }
1030 1224
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-15 11:39:05 -0400