Etusivu Tutki Apua
Kirjaudu sisään
GfA
/
linux_kernel
5
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

Bluetooth: Re-encrypt link after receiving an LTK

It's not strictly speaking required to re-encrypt a link once we receive
an LTK since the connection is already encrypted with the STK. However,
re-encrypting with the LTK allows us to verify that we've received an
LTK that actually works.

This patch updates the SMP code to request encrypting with the LTK in
case we're in master role and waits until the key refresh complete event
before notifying user space of the distributed keys.

A new flag is also added for the SMP context to ensure that we
re-encryption only once in case of multiple calls to smp_distribute_keys.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg 11 vuotta sitten
vanhempi
9489eca4ab
commit
38ccdc9332
2 muutettua tiedostoa jossa 29 lisäystä ja 6 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 27 5
      net/bluetooth/smp.c
  2. 2 1
      net/bluetooth/smp.h

+ 27 - 5
net/bluetooth/smp.c
Näytä tiedosto 

@@ -1178,6 +1178,7 @@ int smp_distribute_keys(struct l2cap_conn *conn)
 
 	struct smp_chan *smp = conn->smp_chan;
 
 	struct smp_chan *smp = conn->smp_chan;
 
 	struct hci_conn *hcon = conn->hcon;
 
 	struct hci_conn *hcon = conn->hcon;
 
 	struct hci_dev *hdev = hcon->hdev;
 
 	struct hci_dev *hdev = hcon->hdev;
 
+	bool ltk_encrypt;
 
 	__u8 *keydist;
 
 	__u8 *keydist;
 
 
 
 	BT_DBG("conn %p", conn);
 
 	BT_DBG("conn %p", conn);
 
@@ -1269,12 +1270,33 @@ int smp_distribute_keys(struct l2cap_conn *conn)
 
 	if ((smp->remote_key_dist & 0x07))
 
 	if ((smp->remote_key_dist & 0x07))
 
 		return 0;
 
 		return 0;
 
 
 
-	clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
 
-	cancel_delayed_work_sync(&conn->security_timer);
 
-	set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
 
-	smp_notify_keys(conn);
 
+	/* Check if we should try to re-encrypt the link with the LTK.
 
+	 * SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've
 
+	 * already tried this (in which case we shouldn't try again).
 
+	 *
 
+	 * The request will trigger an encryption key refresh event
 
+	 * which will cause a call to auth_cfm and eventually lead to
 
+	 * l2cap_core.c calling this smp_distribute_keys function again
 
+	 * and thereby completing the process.
 
+	 */
 
+	if (smp->ltk)
 
+		ltk_encrypt = !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT,
 
+						&smp->smp_flags);
 
+	else
 
+		ltk_encrypt = false;
 
 
 
-	smp_chan_destroy(conn);
 
+	/* Re-encrypt the link with LTK if possible */
 
+	if (ltk_encrypt && hcon->out) {
 
+		struct smp_ltk *ltk = smp->ltk;
 
+		hci_le_start_enc(hcon, ltk->ediv, ltk->rand, ltk->val);
 
+		hcon->enc_key_size = ltk->enc_size;
 
+	} else {
 
+		clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
 
+		cancel_delayed_work_sync(&conn->security_timer);
 
+		set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
 
+		smp_notify_keys(conn);
 
+		smp_chan_destroy(conn);
 
+	}
 
 
 
 	return 0;
 
 	return 0;
 
 }
 
 }

+ 2 - 1
net/bluetooth/smp.h
Näytä tiedosto 

@@ -118,7 +118,8 @@ struct smp_cmd_security_req {
 
 #define SMP_FLAG_TK_VALID	1
 
 #define SMP_FLAG_TK_VALID	1
 
 #define SMP_FLAG_CFM_PENDING	2
 
 #define SMP_FLAG_CFM_PENDING	2
 
 #define SMP_FLAG_MITM_AUTH	3
 
 #define SMP_FLAG_MITM_AUTH	3
 
-#define SMP_FLAG_COMPLETE	4
 
+#define SMP_FLAG_LTK_ENCRYPT	4
 
+#define SMP_FLAG_COMPLETE	5
 
 
 
 struct smp_chan {
 
 struct smp_chan {
 
 	struct l2cap_conn *conn;
 
 	struct l2cap_conn *conn;