This is bug in SMP (Security Manager Protocol) where the Address of
Local Adapter is used while storing the Long Term Key. This resulted
in a new create device call to remote device with Local Device Address.
Patch is same as before just rebased over latest Kernel, including SMP
patches from Brian Gix.
Hemant Gupta (1):
Bluetooth: Incorrect address while storing LTK.
net/bluetooth/smp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Hi Hemant,
* Hemant Gupta <[email protected]> [2011-12-23 11:07:24 +0530]:
> This patch fixes incorrect address storage while storing
> Long Term Key for LE Devices using SMP (Security Manager Protocol).
> The address stored should be of remote device and not of source device.
>
> Signed-off-by: Hemant Gupta <[email protected]>
> ---
> net/bluetooth/smp.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
Patch has been applied, thanks.
Gustavo
Hi Hemant,
> This patch fixes incorrect address storage while storing
> Long Term Key for LE Devices using SMP (Security Manager Protocol).
> The address stored should be of remote device and not of source device.
>
> Signed-off-by: Hemant Gupta <[email protected]>
> ---
> net/bluetooth/smp.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
Acked-by: Marcel Holtmann <[email protected]>
Regards
Marcel
Hi Hemant,
On 12/22/2011 9:37 PM, Hemant Gupta wrote:
> This patch fixes incorrect address storage while storing
> Long Term Key for LE Devices using SMP (Security Manager Protocol).
> The address stored should be of remote device and not of source device.
>
> Signed-off-by: Hemant Gupta<[email protected]>
> ---
> net/bluetooth/smp.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
> index 9fea4bf..32c47de 100644
> --- a/net/bluetooth/smp.c
> +++ b/net/bluetooth/smp.c
> @@ -820,7 +820,7 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
>
> skb_pull(skb, sizeof(*rp));
>
> - hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size,
> + hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
> rp->ediv, rp->rand, smp->tk);
>
> smp_distribute_keys(conn, 1);
I agree that this is a bug, and that this is the correct fix.
--
Brian Gix
[email protected]
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
This patch fixes incorrect address storage while storing
Long Term Key for LE Devices using SMP (Security Manager Protocol).
The address stored should be of remote device and not of source device.
Signed-off-by: Hemant Gupta <[email protected]>
---
net/bluetooth/smp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 9fea4bf..32c47de 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -820,7 +820,7 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
skb_pull(skb, sizeof(*rp));
- hci_add_ltk(conn->hcon->hdev, 1, conn->src, smp->smp_key_size,
+ hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size,
rp->ediv, rp->rand, smp->tk);
smp_distribute_keys(conn, 1);
--
1.6.6.1