commit 1fc62c526a5717c63d9dbedd2e6a530467349713
author Johan Hedberg <johan.hedberg@intel.com> Wed Jun 10 11:11:20 2015 +0300
committer Marcel Holtmann <marcel@holtmann.org> Wed Jun 10 10:50:06 2015 +0200
tree 2a046d6e337cf63bf40f9ac991f2ff46291e9da8
parent 61b2fc2bb53f162121f4267f10d2a662911f3e86

Bluetooth: Fix exposing full value of shortened LTKs

When we notify user space of a new LTK or distribute an LTK to the
remote peer the value passed should be the shortened version so that
it's easy to compare values in various traces. The core spec also sets
the requirements for the shortening/masking as:

"The masking shall be done after generation and before being
distributed, used or stored."

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

net/bluetooth/smp.c

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 3921cba..4bfaa3d 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1271,7 +1271,14 @@
 		__le16 ediv;
 		__le64 rand;
 
-		get_random_bytes(enc.ltk, sizeof(enc.ltk));
+		/* Make sure we generate only the significant amount of
+		 * bytes based on the encryption key size, and set the rest
+		 * of the value to zeroes.
+		 */
+		get_random_bytes(enc.ltk, smp->enc_key_size);
+		memset(enc.ltk + smp->enc_key_size, 0,
+		       sizeof(enc.ltk) - smp->enc_key_size);
+
 		get_random_bytes(&ediv, sizeof(ediv));
 		get_random_bytes(&rand, sizeof(rand));