From 515ec20a061abd17b6b4ac52aee19b319e15988c Mon Sep 17 00:00:00 2001 From: Szymon Janc Date: Mon, 30 May 2016 09:23:21 +0200 Subject: [PATCH] Bluetooth: SMP: Fix not waiting for remote DHCheck When doing LE SC pairing with Passkey Confirmation slave must wait for remote DHCheck before doing comparison. This fix issue with pairing as slave when passkey was first confirmed locally. Change-Id: Iba780836341a944997adde24285b2e650b31afa1 Signed-off-by: Szymon Janc --- net/bluetooth/smp.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 4c70de55b41..55f0c218069 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -94,6 +94,7 @@ enum { SMP_FLAG_BOND, /* if bonding */ SMP_FLAG_SC_DEBUG_KEY, /* if Secure Connection are using debug key */ SMP_FLAG_SEC_REQ, /* if Security Request was sent/received */ + SMP_FLAG_DHCHECK_WAIT, /* if waiting for remote DHCheck (as slave) */ }; /* SMP channel specific context */ @@ -1895,6 +1896,12 @@ void bt_smp_dhkey_ready(const uint8_t *dhkey) return; } + /* wait for remote DHKey Check */ + if (atomic_test_bit(&smp->flags, SMP_FLAG_DHCHECK_WAIT)) { + atomic_set_bit(&smp->flags, SMP_FLAG_DHKEY_SEND); + return; + } + if (atomic_test_bit(&smp->flags, SMP_FLAG_DHKEY_SEND)) { uint8_t err; @@ -2047,6 +2054,7 @@ static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf) smp->passkey_round++; if (smp->passkey_round == 20) { atomic_set_bit(&smp->allowed_cmds, BT_SMP_DHKEY_CHECK); + atomic_set_bit(&smp->flags, SMP_FLAG_DHCHECK_WAIT); return 0; } @@ -2060,6 +2068,7 @@ static uint8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf) } atomic_set_bit(&smp->allowed_cmds, BT_SMP_DHKEY_CHECK); + atomic_set_bit(&smp->flags, SMP_FLAG_DHCHECK_WAIT); smp_send_pairing_random(smp); #endif /* CONFIG_BLUETOOTH_PERIPHERAL */ @@ -2510,6 +2519,7 @@ static uint8_t smp_dhkey_check(struct bt_smp *smp, struct net_buf *buf) #endif /* CONFIG_BLUETOOTH_CENTRAL */ #if defined(CONFIG_BLUETOOTH_PERIPHERAL) if (smp->chan.conn->role == BT_HCI_ROLE_SLAVE) { + atomic_clear_bit(&smp->flags, SMP_FLAG_DHCHECK_WAIT); memcpy(smp->e, req->e, sizeof(smp->e)); /* wait for DHKey being generated */ @@ -3317,6 +3327,12 @@ int bt_smp_auth_passkey_confirm(struct bt_conn *conn) return 0; } + /* wait for remote DHKey Check */ + if (atomic_test_bit(&smp->flags, SMP_FLAG_DHCHECK_WAIT)) { + atomic_set_bit(&smp->flags, SMP_FLAG_DHKEY_SEND); + return 0; + } + if (atomic_test_bit(&smp->flags, SMP_FLAG_DHKEY_SEND)) { uint8_t err; #if defined(CONFIG_BLUETOOTH_CENTRAL)