Received: by 10.213.65.68 with SMTP id h4csp680765imn; Fri, 6 Apr 2018 07:13:33 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+0cA2IfpV1lbWy+ngn/ZUY56b3RiET6BvRp5BsD68nqu919G+KMoULiXywaEmJ9oU+HR28 X-Received: by 10.101.99.154 with SMTP id h26mr13002743pgv.3.1523024013090; Fri, 06 Apr 2018 07:13:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523024013; cv=none; d=google.com; s=arc-20160816; b=EVxm5nt0lfWhK+k8yV/+8bRtj8pD8SEWKPBXeYsYctboFGh2YmiC1sDMkQSVcD03n+ LtFRRnSxd2Rlj8TKB4mvsYC23bxuk7hoY904CDf5nZNf1MTY3+/fXeWZPhicROOdbUim dCw/FRy5ZUSr/6I5PJvMTUIRUJYgb5Cbd0T9nm+2dXxN2j4zPqCBaXBaFu7gECoCi95n 7ZWX8FsdM/BmBBNT2c/o6TmtkYrCXtoLxb2qQ1vCpyvRwbvrcgYoALMNADyn3tOkFI88 3VE/AhLHPu1KkaC3N7fuNmWv41uz8ExZk6ayyau1UHSZ0sD17oRvkey3DLtkhdjRUH58 8aag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=H0bacA8JIkUWbsolRiJM7Zch/cwL2romVHcnNP0U4qA=; b=GGnEn0tnypaSFtud3oHza0/jp7hXDxndBoKISQdC0MAUHcfDN24RmMRvBsXIVoz6Iw VqF5H+FGcvKK3frGC1cyWfw90nDYAu9K3dx/O0fYRjt8b903fbXLVoQexMDe4+7VVVFR bFqm8O42dZjGd9hdtkMtcOwEocjc0Yo+jk6BzQLEVKuuxB89hZAcx4zrHFIWGrkY7aDD pVsLcbPLNriyrc2nmVP+Aeh0Ad5oqoTf9CSbdhhvJcyjNV6pkORbb6N4+d2gDEIeiPDU EbHiIO5q6XCiXZSbbiXggXO1tQ01vfElMGhUZbxGwygg5n89BkYZako+6Bx+ktjtxC11 lqqg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e6si6062354pff.205.2018.04.06.07.13.19; Fri, 06 Apr 2018 07:13:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756225AbeDFNkK (ORCPT + 99 others); Fri, 6 Apr 2018 09:40:10 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:35218 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752501AbeDFNkG (ORCPT ); Fri, 6 Apr 2018 09:40:06 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 47B50D91; Fri, 6 Apr 2018 13:40:05 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Szymon Janc , Marcel Holtmann Subject: [PATCH 4.14 35/67] Bluetooth: Fix missing encryption refresh on Security Request Date: Fri, 6 Apr 2018 15:24:05 +0200 Message-Id: <20180406084346.018312203@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084341.225558262@linuxfoundation.org> References: <20180406084341.225558262@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Szymon Janc commit 64e759f58f128730b97a3c3a26d283c075ad7c86 upstream. If Security Request is received on connection that is already encrypted with sufficient security master should perform encryption key refresh procedure instead of just ignoring Slave Security Request (Core Spec 5.0 Vol 3 Part H 2.4.6). > ACL Data RX: Handle 3585 flags 0x02 dlen 6 SMP: Security Request (0x0b) len 1 Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09) < HCI Command: LE Start Encryption (0x08|0x0019) plen 28 Handle: 3585 Random number: 0x0000000000000000 Encrypted diversifier: 0x0000 Long term key: 44264272a5c426a9e868f034cf0e69f3 > HCI Event: Command Status (0x0f) plen 4 LE Start Encryption (0x08|0x0019) ncmd 1 Status: Success (0x00) > HCI Event: Encryption Key Refresh Complete (0x30) plen 3 Status: Success (0x00) Handle: 3585 Signed-off-by: Szymon Janc Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman --- net/bluetooth/smp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -2287,8 +2287,14 @@ static u8 smp_cmd_security_req(struct l2 else sec_level = authreq_to_seclevel(auth); - if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) + if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) { + /* If link is already encrypted with sufficient security we + * still need refresh encryption as per Core Spec 5.0 Vol 3, + * Part H 2.4.6 + */ + smp_ltk_encrypt(conn, hcon->sec_level); return 0; + } if (sec_level > hcon->pending_sec_level) hcon->pending_sec_level = sec_level;