Bluetooth: Fix exposing full value of shortened LTKs

When we notify user space of a new LTK or distribute an LTK to the remote peer the value passed should be the shortened version so that it's easy to compare values in various traces. The core spec also sets the requirements for the shortening/masking as: "The masking shall be done after generation and before being distributed, used or stored." Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Johan Hedberg <johan.hedberg@intel.com> 2015-06-10 11:11:20 +0300
committer: Marcel Holtmann <marcel@holtmann.org> 2015-06-10 10:50:06 +0200
commit: 1fc62c526a5717c63d9dbedd2e6a530467349713 (patch)
tree: 2a046d6e337cf63bf40f9ac991f2ff46291e9da8 /net/bluetooth/mgmt.c
parent: 61b2fc2bb53f162121f4267f10d2a662911f3e86 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a6f21f8c2f98..e41bbe28a36e 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -7603,7 +7603,12 @@ void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
 	if (key->type == SMP_LTK)
 		ev.key.master = 1;
 
-	memcpy(ev.key.val, key->val, sizeof(key->val));
+	/* Make sure we copy only the significant bytes based on the
+	 * encryption key size, and set the rest of the value to zeroes.
+	 */
+	memcpy(ev.key.val, key->val, sizeof(key->enc_size));
+	memset(ev.key.val + key->enc_size, 0,
+	       sizeof(ev.key.val) - key->enc_size);
 
 	mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
 }
author	Johan Hedberg <johan.hedberg@intel.com>	2015-06-10 11:11:20 +0300
committer	Marcel Holtmann <marcel@holtmann.org>	2015-06-10 10:50:06 +0200
commit	1fc62c526a5717c63d9dbedd2e6a530467349713 (patch)
tree	2a046d6e337cf63bf40f9ac991f2ff46291e9da8 /net/bluetooth/mgmt.c
parent	61b2fc2bb53f162121f4267f10d2a662911f3e86 (diff)