From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
Marcel Holtmann <marcel@holtmann.org>,
Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Subject: [PATCH 5.8 06/14] Bluetooth: Disconnect if E0 is used for Level 4
Date: Fri, 16 Oct 2020 11:07:51 +0200 [thread overview]
Message-ID: <20201016090437.470187436@linuxfoundation.org> (raw)
In-Reply-To: <20201016090437.153175229@linuxfoundation.org>
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5 upstream.
E0 is not allowed with Level 4:
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319:
'128-bit equivalent strength for link and encryption keys
required using FIPS approved algorithms (E0 not allowed,
SAFER+ not allowed, and P-192 not allowed; encryption key
not shortened'
SC enabled:
> HCI Event: Read Remote Extended Features (0x23) plen 13
Status: Success (0x00)
Handle: 256
Page: 1/2
Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Secure Simple Pairing (Host Support)
LE Supported (Host)
Secure Connections (Host Support)
> HCI Event: Encryption Change (0x08) plen 4
Status: Success (0x00)
Handle: 256
Encryption: Enabled with AES-CCM (0x02)
SC disabled:
> HCI Event: Read Remote Extended Features (0x23) plen 13
Status: Success (0x00)
Handle: 256
Page: 1/2
Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Secure Simple Pairing (Host Support)
LE Supported (Host)
> HCI Event: Encryption Change (0x08) plen 4
Status: Success (0x00)
Handle: 256
Encryption: Enabled with E0 (0x01)
[May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used
< HCI Command: Disconnect (0x01|0x0006) plen 3
Handle: 256
Reason: Authentication Failure (0x05)
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/bluetooth/hci_core.h | 10 ++++++----
net/bluetooth/hci_conn.c | 17 +++++++++++++++++
net/bluetooth/hci_event.c | 20 ++++++++------------
3 files changed, 31 insertions(+), 16 deletions(-)
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1402,11 +1402,13 @@ static inline void hci_encrypt_cfm(struc
else
encrypt = 0x01;
- if (conn->sec_level == BT_SECURITY_SDP)
- conn->sec_level = BT_SECURITY_LOW;
+ if (!status) {
+ if (conn->sec_level == BT_SECURITY_SDP)
+ conn->sec_level = BT_SECURITY_LOW;
- if (conn->pending_sec_level > conn->sec_level)
- conn->sec_level = conn->pending_sec_level;
+ if (conn->pending_sec_level > conn->sec_level)
+ conn->sec_level = conn->pending_sec_level;
+ }
mutex_lock(&hci_cb_list_lock);
list_for_each_entry(cb, &hci_cb_list, list) {
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1323,6 +1323,23 @@ int hci_conn_check_link_mode(struct hci_
return 0;
}
+ /* AES encryption is required for Level 4:
+ *
+ * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
+ * page 1319:
+ *
+ * 128-bit equivalent strength for link and encryption keys
+ * required using FIPS approved algorithms (E0 not allowed,
+ * SAFER+ not allowed, and P-192 not allowed; encryption key
+ * not shortened)
+ */
+ if (conn->sec_level == BT_SECURITY_FIPS &&
+ !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
+ bt_dev_err(conn->hdev,
+ "Invalid security: Missing AES-CCM usage");
+ return 0;
+ }
+
if (hci_conn_ssp_enabled(conn) &&
!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
return 0;
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3068,26 +3068,22 @@ static void hci_encrypt_change_evt(struc
clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
+ /* Check link security requirements are met */
+ if (!hci_conn_check_link_mode(conn))
+ ev->status = HCI_ERROR_AUTH_FAILURE;
+
if (ev->status && conn->state == BT_CONNECTED) {
if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
+ /* Notify upper layers so they can cleanup before
+ * disconnecting.
+ */
+ hci_encrypt_cfm(conn, ev->status);
hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
hci_conn_drop(conn);
goto unlock;
}
-
- /* In Secure Connections Only mode, do not allow any connections
- * that are not encrypted with AES-CCM using a P-256 authenticated
- * combination key.
- */
- if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
- (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
- conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
- hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
- hci_conn_drop(conn);
- goto unlock;
- }
/* Try reading the encryption key size for encrypted ACL links */
if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
next prev parent reply other threads:[~2020-10-16 9:11 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 9:07 [PATCH 5.8 00/14] 5.8.16-rc1 review Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 01/14] crypto: bcm - Verify GCM/CCM key length in setkey Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 02/14] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 03/14] Bluetooth: A2MP: Fix not initializing all members Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 04/14] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 05/14] Bluetooth: MGMT: Fix not checking if BT_HS is enabled Greg Kroah-Hartman
2020-10-16 9:07 ` Greg Kroah-Hartman [this message]
2020-10-16 9:07 ` [PATCH 5.8 07/14] media: usbtv: Fix refcounting mixup Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 08/14] USB: serial: option: add Cellient MPL200 card Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 09/14] USB: serial: option: Add Telit FT980-KS composition Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 10/14] staging: comedi: check validity of wMaxPacketSize of usb endpoints found Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 11/14] USB: serial: pl2303: add device-id for HP GC device Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 12/14] USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 13/14] reiserfs: Initialize inode keys properly Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.8 14/14] reiserfs: Fix oops during mount Greg Kroah-Hartman
2020-10-16 14:11 ` [PATCH 5.8 00/14] 5.8.16-rc1 review Jeffrin Jose T
2020-10-16 15:00 ` Greg Kroah-Hartman
2020-10-16 15:16 ` Guenter Roeck
2020-10-17 3:35 ` Jeffrin Jose T
2020-10-16 15:12 ` Guenter Roeck
2020-10-16 18:30 ` Naresh Kamboju
2020-10-16 19:08 ` Guenter Roeck
2020-10-17 16:05 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201016090437.470187436@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=hegtvedt@cisco.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.von.dentz@intel.com \
--cc=marcel@holtmann.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).