Received: by 10.213.65.68 with SMTP id h4csp714819imn; Fri, 6 Apr 2018 07:44:10 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+hTIJF+Rq4NYhHVswHNxS8BYPb2jNdsqPRe9ZLYz+pvqSzeORcfgIkClj2JoD4l9kP+tfV X-Received: by 10.99.5.137 with SMTP id 131mr17486626pgf.99.1523025850316; Fri, 06 Apr 2018 07:44:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523025850; cv=none; d=google.com; s=arc-20160816; b=SZysNUaEePIWb6+zRKNHxpmtlkapd4HlAi3+7Whg5EJhABLt7V6RpYLTE9YVoCy3Vd K6EQlaUi8k36GFXhqI1y5MC8vypgYnuBybftuOvvRulE10GO5yyQ475CbIz3uqEUfSn9 SbpFzyk209qeHedYfxRgwUzAG8Ru/8Dhsi80IAh/PyjFeXPzDwkZZbYx12qmAdRv2H0E uoeSfdzR0qT9+D43Xq9J7Igwd7ZpoAxSh9BfFGsMmM/F5zhZQJpwhc4336TU6FF+fDGB /U8raKwMAUuw96cM/2FdmnY2/157+BlbN2S1qiusE4/clr7Cj+Anvd679qUE4F3S35i7 AMuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=4de4PvGWpefIvPkgW9AwDUSybFFdHorXqgpnzSGRbkg=; b=aTOI/dv9s0YpmfbEHzS0CQIheOAjfpW532R/P1EZdnbJMb625jmZnATt/+XHUUoNzz IdMVKT42KjfpIusgqlYVMOy59q0KxisWYJugShbOyJm3XPf1O64WxbaO2hY9e5c36Ecj ce2KOXFGnu1W32a8roKjIBr2Oei+Ur78dPNgJiP++p7E17Gr+i4WNnDc0IN8/5cON8UU TlCPcFs7aYvldIrzzW0kY0EV59lK8NDnVxv6D8Meh2u4pvLDEpyFz0aTCJTSdu0WnjE8 dzlkrsH/dGeeHV7MIbG1I3KGMrFWHUf1xmXq0+r8knem1AA3Awk5fzMSBc1Zq3G9mfPy M+Jw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l61-v6si8824441plb.568.2018.04.06.07.43.56; Fri, 06 Apr 2018 07:44:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755853AbeDFNeZ (ORCPT + 99 others); Fri, 6 Apr 2018 09:34:25 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58294 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755825AbeDFNeX (ORCPT ); Fri, 6 Apr 2018 09:34:23 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7BC98D85; Fri, 6 Apr 2018 13:34:22 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Szymon Janc , Marcel Holtmann Subject: [PATCH 4.9 046/102] Bluetooth: Fix missing encryption refresh on Security Request Date: Fri, 6 Apr 2018 15:23:27 +0200 Message-Id: <20180406084338.118675485@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084331.507038179@linuxfoundation.org> References: <20180406084331.507038179@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Szymon Janc commit 64e759f58f128730b97a3c3a26d283c075ad7c86 upstream. If Security Request is received on connection that is already encrypted with sufficient security master should perform encryption key refresh procedure instead of just ignoring Slave Security Request (Core Spec 5.0 Vol 3 Part H 2.4.6). > ACL Data RX: Handle 3585 flags 0x02 dlen 6 SMP: Security Request (0x0b) len 1 Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09) < HCI Command: LE Start Encryption (0x08|0x0019) plen 28 Handle: 3585 Random number: 0x0000000000000000 Encrypted diversifier: 0x0000 Long term key: 44264272a5c426a9e868f034cf0e69f3 > HCI Event: Command Status (0x0f) plen 4 LE Start Encryption (0x08|0x0019) ncmd 1 Status: Success (0x00) > HCI Event: Encryption Key Refresh Complete (0x30) plen 3 Status: Success (0x00) Handle: 3585 Signed-off-by: Szymon Janc Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman --- net/bluetooth/smp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -2233,8 +2233,14 @@ static u8 smp_cmd_security_req(struct l2 else sec_level = authreq_to_seclevel(auth); - if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) + if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) { + /* If link is already encrypted with sufficient security we + * still need refresh encryption as per Core Spec 5.0 Vol 3, + * Part H 2.4.6 + */ + smp_ltk_encrypt(conn, hcon->sec_level); return 0; + } if (sec_level > hcon->pending_sec_level) hcon->pending_sec_level = sec_level;