Bluetooth: Fix exposing full value of shortened LTKs

When we notify user space of a new LTK or distribute an LTK to the
remote peer the value passed should be the shortened version so that
it's easy to compare values in various traces. The core spec also sets
the requirements for the shortening/masking as:

"The masking shall be done after generation and before being
distributed, used or stored."

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a6f21f8c2f984b42607c5f13de5c2eeed245c0ea..e41bbe28a36e5afaead2fb549af8b1f807d3845f 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -7603,7 +7603,12 @@ void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
        if (key->type == SMP_LTK)
                ev.key.master = 1;
 
-       memcpy(ev.key.val, key->val, sizeof(key->val));
+       /* Make sure we copy only the significant bytes based on the
+        * encryption key size, and set the rest of the value to zeroes.
+        */
+       memcpy(ev.key.val, key->val, sizeof(key->enc_size));
+       memset(ev.key.val + key->enc_size, 0,
+              sizeof(ev.key.val) - key->enc_size);
 
        mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
 }

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 3921cba056d3100ca9341757d16221657628a68c..4bfaa3d3ed289c338766dd34df8561521c0200d6 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1271,7 +1271,14 @@ static void smp_distribute_keys(struct smp_chan *smp)
                __le16 ediv;
                __le64 rand;
 
-               get_random_bytes(enc.ltk, sizeof(enc.ltk));
+               /* Make sure we generate only the significant amount of
+                * bytes based on the encryption key size, and set the rest
+                * of the value to zeroes.
+                */
+               get_random_bytes(enc.ltk, smp->enc_key_size);
+               memset(enc.ltk + smp->enc_key_size, 0,
+                      sizeof(enc.ltk) - smp->enc_key_size);
+
                get_random_bytes(&ediv, sizeof(ediv));
                get_random_bytes(&rand, sizeof(rand));