aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/smp.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/smp.c')
-rw-r--r--net/bluetooth/smp.c268
1 files changed, 235 insertions, 33 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 759b63572641..32c47de30344 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -23,6 +23,7 @@
23#include <net/bluetooth/bluetooth.h> 23#include <net/bluetooth/bluetooth.h>
24#include <net/bluetooth/hci_core.h> 24#include <net/bluetooth/hci_core.h>
25#include <net/bluetooth/l2cap.h> 25#include <net/bluetooth/l2cap.h>
26#include <net/bluetooth/mgmt.h>
26#include <net/bluetooth/smp.h> 27#include <net/bluetooth/smp.h>
27#include <linux/crypto.h> 28#include <linux/crypto.h>
28#include <linux/scatterlist.h> 29#include <linux/scatterlist.h>
@@ -181,30 +182,53 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
181 if (!skb) 182 if (!skb)
182 return; 183 return;
183 184
184 hci_send_acl(conn->hcon, skb, 0); 185 skb->priority = HCI_PRIO_MAX;
186 hci_send_acl(conn->hchan, skb, 0);
185 187
186 mod_timer(&conn->security_timer, jiffies + 188 cancel_delayed_work_sync(&conn->security_timer);
189 schedule_delayed_work(&conn->security_timer,
187 msecs_to_jiffies(SMP_TIMEOUT)); 190 msecs_to_jiffies(SMP_TIMEOUT));
188} 191}
189 192
193static __u8 authreq_to_seclevel(__u8 authreq)
194{
195 if (authreq & SMP_AUTH_MITM)
196 return BT_SECURITY_HIGH;
197 else
198 return BT_SECURITY_MEDIUM;
199}
200
201static __u8 seclevel_to_authreq(__u8 sec_level)
202{
203 switch (sec_level) {
204 case BT_SECURITY_HIGH:
205 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
206 case BT_SECURITY_MEDIUM:
207 return SMP_AUTH_BONDING;
208 default:
209 return SMP_AUTH_NONE;
210 }
211}
212
190static void build_pairing_cmd(struct l2cap_conn *conn, 213static void build_pairing_cmd(struct l2cap_conn *conn,
191 struct smp_cmd_pairing *req, 214 struct smp_cmd_pairing *req,
192 struct smp_cmd_pairing *rsp, 215 struct smp_cmd_pairing *rsp,
193 __u8 authreq) 216 __u8 authreq)
194{ 217{
195 u8 dist_keys; 218 u8 dist_keys = 0;
196 219
197 dist_keys = 0;
198 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) { 220 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) {
199 dist_keys = SMP_DIST_ENC_KEY; 221 dist_keys = SMP_DIST_ENC_KEY;
200 authreq |= SMP_AUTH_BONDING; 222 authreq |= SMP_AUTH_BONDING;
223 } else {
224 authreq &= ~SMP_AUTH_BONDING;
201 } 225 }
202 226
203 if (rsp == NULL) { 227 if (rsp == NULL) {
204 req->io_capability = conn->hcon->io_capability; 228 req->io_capability = conn->hcon->io_capability;
205 req->oob_flag = SMP_OOB_NOT_PRESENT; 229 req->oob_flag = SMP_OOB_NOT_PRESENT;
206 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 230 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
207 req->init_key_dist = dist_keys; 231 req->init_key_dist = 0;
208 req->resp_key_dist = dist_keys; 232 req->resp_key_dist = dist_keys;
209 req->auth_req = authreq; 233 req->auth_req = authreq;
210 return; 234 return;
@@ -213,7 +237,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
213 rsp->io_capability = conn->hcon->io_capability; 237 rsp->io_capability = conn->hcon->io_capability;
214 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 238 rsp->oob_flag = SMP_OOB_NOT_PRESENT;
215 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 239 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
216 rsp->init_key_dist = req->init_key_dist & dist_keys; 240 rsp->init_key_dist = 0;
217 rsp->resp_key_dist = req->resp_key_dist & dist_keys; 241 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
218 rsp->auth_req = authreq; 242 rsp->auth_req = authreq;
219} 243}
@@ -231,6 +255,107 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
231 return 0; 255 return 0;
232} 256}
233 257
258static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
259{
260 if (send)
261 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
262 &reason);
263
264 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->pend);
265 mgmt_auth_failed(conn->hcon->hdev, conn->dst, reason);
266 cancel_delayed_work_sync(&conn->security_timer);
267 smp_chan_destroy(conn);
268}
269
270#define JUST_WORKS 0x00
271#define JUST_CFM 0x01
272#define REQ_PASSKEY 0x02
273#define CFM_PASSKEY 0x03
274#define REQ_OOB 0x04
275#define OVERLAP 0xFF
276
277static const u8 gen_method[5][5] = {
278 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
279 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
280 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
281 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
282 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
283};
284
285static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
286 u8 local_io, u8 remote_io)
287{
288 struct hci_conn *hcon = conn->hcon;
289 struct smp_chan *smp = conn->smp_chan;
290 u8 method;
291 u32 passkey = 0;
292 int ret = 0;
293
294 /* Initialize key for JUST WORKS */
295 memset(smp->tk, 0, sizeof(smp->tk));
296 clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
297
298 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
299
300 /* If neither side wants MITM, use JUST WORKS */
301 /* If either side has unknown io_caps, use JUST WORKS */
302 /* Otherwise, look up method from the table */
303 if (!(auth & SMP_AUTH_MITM) ||
304 local_io > SMP_IO_KEYBOARD_DISPLAY ||
305 remote_io > SMP_IO_KEYBOARD_DISPLAY)
306 method = JUST_WORKS;
307 else
308 method = gen_method[local_io][remote_io];
309
310 /* If not bonding, don't ask user to confirm a Zero TK */
311 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
312 method = JUST_WORKS;
313
314 /* If Just Works, Continue with Zero TK */
315 if (method == JUST_WORKS) {
316 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
317 return 0;
318 }
319
320 /* Not Just Works/Confirm results in MITM Authentication */
321 if (method != JUST_CFM)
322 set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
323
324 /* If both devices have Keyoard-Display I/O, the master
325 * Confirms and the slave Enters the passkey.
326 */
327 if (method == OVERLAP) {
328 if (hcon->link_mode & HCI_LM_MASTER)
329 method = CFM_PASSKEY;
330 else
331 method = REQ_PASSKEY;
332 }
333
334 /* Generate random passkey. Not valid until confirmed. */
335 if (method == CFM_PASSKEY) {
336 u8 key[16];
337
338 memset(key, 0, sizeof(key));
339 get_random_bytes(&passkey, sizeof(passkey));
340 passkey %= 1000000;
341 put_unaligned_le32(passkey, key);
342 swap128(key, smp->tk);
343 BT_DBG("PassKey: %d", passkey);
344 }
345
346 hci_dev_lock(hcon->hdev);
347
348 if (method == REQ_PASSKEY)
349 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst);
350 else
351 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
352 cpu_to_le32(passkey), 0);
353
354 hci_dev_unlock(hcon->hdev);
355
356 return ret;
357}
358
234static void confirm_work(struct work_struct *work) 359static void confirm_work(struct work_struct *work)
235{ 360{
236 struct smp_chan *smp = container_of(work, struct smp_chan, confirm); 361 struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
@@ -263,14 +388,15 @@ static void confirm_work(struct work_struct *work)
263 goto error; 388 goto error;
264 } 389 }
265 390
391 clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
392
266 swap128(res, cp.confirm_val); 393 swap128(res, cp.confirm_val);
267 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 394 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
268 395
269 return; 396 return;
270 397
271error: 398error:
272 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason); 399 smp_failure(conn, reason, 1);
273 smp_chan_destroy(conn);
274} 400}
275 401
276static void random_work(struct work_struct *work) 402static void random_work(struct work_struct *work)
@@ -353,8 +479,7 @@ static void random_work(struct work_struct *work)
353 return; 479 return;
354 480
355error: 481error:
356 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), &reason); 482 smp_failure(conn, reason, 1);
357 smp_chan_destroy(conn);
358} 483}
359 484
360static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 485static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
@@ -370,6 +495,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
370 495
371 smp->conn = conn; 496 smp->conn = conn;
372 conn->smp_chan = smp; 497 conn->smp_chan = smp;
498 conn->hcon->smp_conn = conn;
373 499
374 hci_conn_hold(conn->hcon); 500 hci_conn_hold(conn->hcon);
375 501
@@ -378,19 +504,73 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
378 504
379void smp_chan_destroy(struct l2cap_conn *conn) 505void smp_chan_destroy(struct l2cap_conn *conn)
380{ 506{
381 kfree(conn->smp_chan); 507 struct smp_chan *smp = conn->smp_chan;
508
509 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend);
510
511 if (smp->tfm)
512 crypto_free_blkcipher(smp->tfm);
513
514 kfree(smp);
515 conn->smp_chan = NULL;
516 conn->hcon->smp_conn = NULL;
382 hci_conn_put(conn->hcon); 517 hci_conn_put(conn->hcon);
383} 518}
384 519
520int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
521{
522 struct l2cap_conn *conn = hcon->smp_conn;
523 struct smp_chan *smp;
524 u32 value;
525 u8 key[16];
526
527 BT_DBG("");
528
529 if (!conn)
530 return -ENOTCONN;
531
532 smp = conn->smp_chan;
533
534 switch (mgmt_op) {
535 case MGMT_OP_USER_PASSKEY_REPLY:
536 value = le32_to_cpu(passkey);
537 memset(key, 0, sizeof(key));
538 BT_DBG("PassKey: %d", value);
539 put_unaligned_le32(value, key);
540 swap128(key, smp->tk);
541 /* Fall Through */
542 case MGMT_OP_USER_CONFIRM_REPLY:
543 set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
544 break;
545 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
546 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
547 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
548 return 0;
549 default:
550 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1);
551 return -EOPNOTSUPP;
552 }
553
554 /* If it is our turn to send Pairing Confirm, do so now */
555 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
556 queue_work(hcon->hdev->workqueue, &smp->confirm);
557
558 return 0;
559}
560
385static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 561static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
386{ 562{
387 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 563 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
388 struct smp_chan *smp; 564 struct smp_chan *smp;
389 u8 key_size; 565 u8 key_size;
566 u8 auth = SMP_AUTH_NONE;
390 int ret; 567 int ret;
391 568
392 BT_DBG("conn %p", conn); 569 BT_DBG("conn %p", conn);
393 570
571 if (conn->hcon->link_mode & HCI_LM_MASTER)
572 return SMP_CMD_NOTSUPP;
573
394 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 574 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend))
395 smp = smp_chan_create(conn); 575 smp = smp_chan_create(conn);
396 576
@@ -400,19 +580,16 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
400 memcpy(&smp->preq[1], req, sizeof(*req)); 580 memcpy(&smp->preq[1], req, sizeof(*req));
401 skb_pull(skb, sizeof(*req)); 581 skb_pull(skb, sizeof(*req));
402 582
403 if (req->oob_flag) 583 /* We didn't start the pairing, so match remote */
404 return SMP_OOB_NOT_AVAIL; 584 if (req->auth_req & SMP_AUTH_BONDING)
585 auth = req->auth_req;
405 586
406 /* We didn't start the pairing, so no requirements */ 587 build_pairing_cmd(conn, req, &rsp, auth);
407 build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE);
408 588
409 key_size = min(req->max_key_size, rsp.max_key_size); 589 key_size = min(req->max_key_size, rsp.max_key_size);
410 if (check_enc_key_size(conn, key_size)) 590 if (check_enc_key_size(conn, key_size))
411 return SMP_ENC_KEY_SIZE; 591 return SMP_ENC_KEY_SIZE;
412 592
413 /* Just works */
414 memset(smp->tk, 0, sizeof(smp->tk));
415
416 ret = smp_rand(smp->prnd); 593 ret = smp_rand(smp->prnd);
417 if (ret) 594 if (ret)
418 return SMP_UNSPECIFIED; 595 return SMP_UNSPECIFIED;
@@ -422,6 +599,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
422 599
423 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 600 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
424 601
602 /* Request setup of TK */
603 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
604 if (ret)
605 return SMP_UNSPECIFIED;
606
425 return 0; 607 return 0;
426} 608}
427 609
@@ -430,11 +612,14 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
430 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 612 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
431 struct smp_chan *smp = conn->smp_chan; 613 struct smp_chan *smp = conn->smp_chan;
432 struct hci_dev *hdev = conn->hcon->hdev; 614 struct hci_dev *hdev = conn->hcon->hdev;
433 u8 key_size; 615 u8 key_size, auth = SMP_AUTH_NONE;
434 int ret; 616 int ret;
435 617
436 BT_DBG("conn %p", conn); 618 BT_DBG("conn %p", conn);
437 619
620 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
621 return SMP_CMD_NOTSUPP;
622
438 skb_pull(skb, sizeof(*rsp)); 623 skb_pull(skb, sizeof(*rsp));
439 624
440 req = (void *) &smp->preq[1]; 625 req = (void *) &smp->preq[1];
@@ -443,12 +628,6 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
443 if (check_enc_key_size(conn, key_size)) 628 if (check_enc_key_size(conn, key_size))
444 return SMP_ENC_KEY_SIZE; 629 return SMP_ENC_KEY_SIZE;
445 630
446 if (rsp->oob_flag)
447 return SMP_OOB_NOT_AVAIL;
448
449 /* Just works */
450 memset(smp->tk, 0, sizeof(smp->tk));
451
452 ret = smp_rand(smp->prnd); 631 ret = smp_rand(smp->prnd);
453 if (ret) 632 if (ret)
454 return SMP_UNSPECIFIED; 633 return SMP_UNSPECIFIED;
@@ -456,6 +635,22 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
456 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 635 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
457 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 636 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
458 637
638 if ((req->auth_req & SMP_AUTH_BONDING) &&
639 (rsp->auth_req & SMP_AUTH_BONDING))
640 auth = SMP_AUTH_BONDING;
641
642 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
643
644 ret = tk_request(conn, 0, auth, rsp->io_capability, req->io_capability);
645 if (ret)
646 return SMP_UNSPECIFIED;
647
648 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
649
650 /* Can't compose response until we have been confirmed */
651 if (!test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
652 return 0;
653
459 queue_work(hdev->workqueue, &smp->confirm); 654 queue_work(hdev->workqueue, &smp->confirm);
460 655
461 return 0; 656 return 0;
@@ -477,8 +672,10 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
477 swap128(smp->prnd, random); 672 swap128(smp->prnd, random);
478 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), 673 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
479 random); 674 random);
480 } else { 675 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
481 queue_work(hdev->workqueue, &smp->confirm); 676 queue_work(hdev->workqueue, &smp->confirm);
677 } else {
678 set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
482 } 679 }
483 680
484 return 0; 681 return 0;
@@ -531,7 +728,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
531 728
532 BT_DBG("conn %p", conn); 729 BT_DBG("conn %p", conn);
533 730
534 hcon->pending_sec_level = BT_SECURITY_MEDIUM; 731 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
535 732
536 if (smp_ltk_encrypt(conn)) 733 if (smp_ltk_encrypt(conn))
537 return 0; 734 return 0;
@@ -558,6 +755,7 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
558{ 755{
559 struct hci_conn *hcon = conn->hcon; 756 struct hci_conn *hcon = conn->hcon;
560 struct smp_chan *smp = conn->smp_chan; 757 struct smp_chan *smp = conn->smp_chan;
758 __u8 authreq;
561 759
562 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); 760 BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
563 761
@@ -578,18 +776,22 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
578 return 0; 776 return 0;
579 777
580 smp = smp_chan_create(conn); 778 smp = smp_chan_create(conn);
779 if (!smp)
780 return 1;
781
782 authreq = seclevel_to_authreq(sec_level);
581 783
582 if (hcon->link_mode & HCI_LM_MASTER) { 784 if (hcon->link_mode & HCI_LM_MASTER) {
583 struct smp_cmd_pairing cp; 785 struct smp_cmd_pairing cp;
584 786
585 build_pairing_cmd(conn, &cp, NULL, SMP_AUTH_NONE); 787 build_pairing_cmd(conn, &cp, NULL, authreq);
586 smp->preq[0] = SMP_CMD_PAIRING_REQ; 788 smp->preq[0] = SMP_CMD_PAIRING_REQ;
587 memcpy(&smp->preq[1], &cp, sizeof(cp)); 789 memcpy(&smp->preq[1], &cp, sizeof(cp));
588 790
589 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 791 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
590 } else { 792 } else {
591 struct smp_cmd_security_req cp; 793 struct smp_cmd_security_req cp;
592 cp.auth_req = SMP_AUTH_NONE; 794 cp.auth_req = authreq;
593 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 795 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
594 } 796 }
595 797
@@ -618,7 +820,7 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
618 820
619 skb_pull(skb, sizeof(*rp)); 821 skb_pull(skb, sizeof(*rp));
620 822
621 hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size, 823 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
622 rp->ediv, rp->rand, smp->tk); 824 rp->ediv, rp->rand, smp->tk);
623 825
624 smp_distribute_keys(conn, 1); 826 smp_distribute_keys(conn, 1);
@@ -646,6 +848,7 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
646 break; 848 break;
647 849
648 case SMP_CMD_PAIRING_FAIL: 850 case SMP_CMD_PAIRING_FAIL:
851 smp_failure(conn, skb->data[0], 0);
649 reason = 0; 852 reason = 0;
650 err = -EPERM; 853 err = -EPERM;
651 break; 854 break;
@@ -691,8 +894,7 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
691 894
692done: 895done:
693 if (reason) 896 if (reason)
694 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 897 smp_failure(conn, reason, 1);
695 &reason);
696 898
697 kfree_skb(skb); 899 kfree_skb(skb);
698 return err; 900 return err;
@@ -781,7 +983,7 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
781 983
782 if (conn->hcon->out || force) { 984 if (conn->hcon->out || force) {
783 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend); 985 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend);
784 del_timer(&conn->security_timer); 986 cancel_delayed_work_sync(&conn->security_timer);
785 smp_chan_destroy(conn); 987 smp_chan_destroy(conn);
786 } 988 }
787 989
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-30 05:09:46 -0500