* [PATCH v1] Bluetooth: Check for encryption key size on connect
@ 2020-09-17 10:10 Archie Pusaka
2020-09-20 6:18 ` Marcel Holtmann
0 siblings, 1 reply; 2+ messages in thread
From: Archie Pusaka @ 2020-09-17 10:10 UTC (permalink / raw)
To: linux-bluetooth, Marcel Holtmann
Cc: CrosBT Upstreaming, Archie Pusaka, Alain Michaud,
David S. Miller, Jakub Kicinski, Johan Hedberg, linux-kernel,
netdev
From: Archie Pusaka <apusaka@chromium.org>
When receiving connection, we only check whether the link has been
encrypted, but not the encryption key size of the link.
This patch adds check for encryption key size, and reject L2CAP
connection which size is below the specified threshold (default 7)
with security block.
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Alain Michaud <alainm@chromium.org>
---
net/bluetooth/l2cap_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index ade83e224567..b4fc0ad38aaa 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4101,7 +4101,8 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
/* Check if the ACL is secure enough (if not SDP) */
if (psm != cpu_to_le16(L2CAP_PSM_SDP) &&
- !hci_conn_check_link_mode(conn->hcon)) {
+ (!hci_conn_check_link_mode(conn->hcon) ||
+ !l2cap_check_enc_key_size(conn->hcon))) {
conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
result = L2CAP_CR_SEC_BLOCK;
goto response;
--
2.28.0.681.g6f77f65b4e-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v1] Bluetooth: Check for encryption key size on connect
2020-09-17 10:10 [PATCH v1] Bluetooth: Check for encryption key size on connect Archie Pusaka
@ 2020-09-20 6:18 ` Marcel Holtmann
0 siblings, 0 replies; 2+ messages in thread
From: Marcel Holtmann @ 2020-09-20 6:18 UTC (permalink / raw)
To: Archie Pusaka
Cc: linux-bluetooth, CrosBT Upstreaming, Archie Pusaka,
Alain Michaud, David S. Miller, Jakub Kicinski, Johan Hedberg,
linux-kernel, netdev
Hi Archie,
> When receiving connection, we only check whether the link has been
> encrypted, but not the encryption key size of the link.
>
> This patch adds check for encryption key size, and reject L2CAP
> connection which size is below the specified threshold (default 7)
> with security block.
please include btmon trace in the commit message to demonstrate this.
Regards
Marcel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-20 6:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-17 10:10 [PATCH v1] Bluetooth: Check for encryption key size on connect Archie Pusaka
2020-09-20 6:18 ` Marcel Holtmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).