Linux-Bluetooth Archive on lore.kernel.org
 help / color / Atom feed
* [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled
@ 2019-05-22  7:05 Marcel Holtmann
  2019-05-23 14:53 ` Vasily Khoruzhick
  0 siblings, 1 reply; 3+ messages in thread
From: Marcel Holtmann @ 2019-05-22  7:05 UTC (permalink / raw)
  To: anarsoul, linux-bluetooth

The encryption is only mandatory to be enforced when both sides are using
Secure Simple Pairing and this means the key size check makes only sense
in that case.

On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
optional and thus causing an issue if the key size check is not bound to
using Secure Simple Pairing.

Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
---
 net/bluetooth/hci_conn.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 3cf0764d5793..7516cdde3373 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
 			return 0;
 	}
 
-	if (hci_conn_ssp_enabled(conn) &&
-	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
+	/* If Secure Simple Pairing is not enabled, then legacy connection
+	 * setup is used and no encryption or key sizes can be enforced.
+	 */
+	if (!hci_conn_ssp_enabled(conn))
+		return 1;
+
+	if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
 		return 0;
 
 	/* The minimum encryption key size needs to be enforced by the
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled
  2019-05-22  7:05 [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled Marcel Holtmann
@ 2019-05-23 14:53 ` Vasily Khoruzhick
  2019-06-04 12:26   ` Bastien Nocera
  0 siblings, 1 reply; 3+ messages in thread
From: Vasily Khoruzhick @ 2019-05-23 14:53 UTC (permalink / raw)
  To: Marcel Holtmann; +Cc: open list:BLUETOOTH DRIVERS

On Wed, May 22, 2019 at 12:05 AM Marcel Holtmann <marcel@holtmann.org> wrote:
>
> The encryption is only mandatory to be enforced when both sides are using
> Secure Simple Pairing and this means the key size check makes only sense
> in that case.
>
> On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
> optional and thus causing an issue if the key size check is not bound to
> using Secure Simple Pairing.
>
> Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
> Cc: stable@vger.kernel.org

Tested-by: Vasily Khoruzhick <anarsoul@gmail.com>

> ---
>  net/bluetooth/hci_conn.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 3cf0764d5793..7516cdde3373 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
>                         return 0;
>         }
>
> -       if (hci_conn_ssp_enabled(conn) &&
> -           !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
> +       /* If Secure Simple Pairing is not enabled, then legacy connection
> +        * setup is used and no encryption or key sizes can be enforced.
> +        */
> +       if (!hci_conn_ssp_enabled(conn))
> +               return 1;
> +
> +       if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
>                 return 0;
>
>         /* The minimum encryption key size needs to be enforced by the
> --
> 2.20.1
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled
  2019-05-23 14:53 ` Vasily Khoruzhick
@ 2019-06-04 12:26   ` Bastien Nocera
  0 siblings, 0 replies; 3+ messages in thread
From: Bastien Nocera @ 2019-06-04 12:26 UTC (permalink / raw)
  To: Vasily Khoruzhick, Marcel Holtmann; +Cc: open list:BLUETOOTH DRIVERS

On Thu, 2019-05-23 at 07:53 -0700, Vasily Khoruzhick wrote:
> On Wed, May 22, 2019 at 12:05 AM Marcel Holtmann <marcel@holtmann.org
> > wrote:
> > The encryption is only mandatory to be enforced when both sides are
> > using
> > Secure Simple Pairing and this means the key size check makes only
> > sense
> > in that case.
> > 
> > On legacy Bluetooth 2.0 and earlier devices like mice the
> > encryption was
> > optional and thus causing an issue if the key size check is not
> > bound to
> > using Secure Simple Pairing.
> > 
> > Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size
> > for LE and BR/EDR connections")
> > Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
> > Cc: stable@vger.kernel.org
> 
> Tested-by: Vasily Khoruzhick <anarsoul@gmail.com>

I've asked for this patch to be included in the current Fedora release:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org/thread/YE5OGFZRDJL2TFJK3RWU7AAWV3PFRMNB/

Hopefully, that means that it gets a bit more testing and gets merged upstream.

Cheers


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-22  7:05 [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled Marcel Holtmann
2019-05-23 14:53 ` Vasily Khoruzhick
2019-06-04 12:26   ` Bastien Nocera

Linux-Bluetooth Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-bluetooth/0 linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ https://lore.kernel.org/linux-bluetooth \
		linux-bluetooth@vger.kernel.org linux-bluetooth@archiver.kernel.org
	public-inbox-index linux-bluetooth

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-bluetooth


AGPL code for this site: git clone https://public-inbox.org/ public-inbox