Received: by 10.213.65.68 with SMTP id h4csp734123imn; Fri, 6 Apr 2018 08:02:56 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/jN7kgT1kHOW0d06lx0+IocdthGGJdLVhHWUMKMzXNWGq5it+Kw1ItphLYdJOE5Dbot+So X-Received: by 10.99.117.79 with SMTP id f15mr1724509pgn.263.1523026976823; Fri, 06 Apr 2018 08:02:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523026976; cv=none; d=google.com; s=arc-20160816; b=ZMMRCi/u+0qINiJUXTqIkilrMun4CgLxYpwI3RZnt64DEmoEGsH9SSHFWRcvOGdAAV XwUcIjzX8Zt/UWY7Z3L5blgJfkcxiCFNBDQN1gJS0qQTqDDNJENwnrFlNaePmYTYUGOm aaTSnJjcwkdLLYJTl0TiQ7AvGzafHOh8ETUi7iKuuhditGo9+M6xMvSF6B+bt/OWXXpE A246mrnvdYLs0uKipcFq1r4p3wIAMf632GqMAY0QLCJCjI8uqWSQiitDsAKIw36QU3Q9 xUK38RWwUsgxOBx/YvSAnEZH51cQEjGn4681os82Qh1M4VXlIvc/8l929gRPVnNVTen3 Tung== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=UI/x/QzAeeKqKXXHDeBZVsfIfajThh/7QL58bMPJWH0=; b=0XDj/qwxLsSxQk7Co4ajPB0nTaw3ubE7JGZ5oqJF490Ga0OZHq23aUxlAQvxqFvlh2 eDh+p0fEnUOe3XjF/1z1INN60y7WqWYL8U8ciA2ZX6kOOBp2XGddsh0j1b5Ge5lZcsRU do/GJ9am1sgg7ZbSYwWRkXSNnVtj5/A9BEENGXL9cWOq0QuMFNjNXHwshNSelkOSsCa3 qaMLnvsYvUvd0exUopltICfvv8/mC/J1wIrE4ZPZrvFcm7C3AE6dzKyUfQRkDejQXKf6 ZD72KFszrHSdI2MAG611xbGOE826umerefLtNFcZ/m0v8wwr3yyR3ODpoSirOAceiz6s 29cQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y13si8168114pfd.47.2018.04.06.08.02.42; Fri, 06 Apr 2018 08:02:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755024AbeDFNbA (ORCPT + 99 others); Fri, 6 Apr 2018 09:31:00 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:56290 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754992AbeDFNaz (ORCPT ); Fri, 6 Apr 2018 09:30:55 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id A2458D6A; Fri, 6 Apr 2018 13:30:54 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Szymon Janc , Marcel Holtmann Subject: [PATCH 4.4 41/72] Bluetooth: Fix missing encryption refresh on Security Request Date: Fri, 6 Apr 2018 15:23:42 +0200 Message-Id: <20180406084308.607718398@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084305.210085169@linuxfoundation.org> References: <20180406084305.210085169@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Szymon Janc commit 64e759f58f128730b97a3c3a26d283c075ad7c86 upstream. If Security Request is received on connection that is already encrypted with sufficient security master should perform encryption key refresh procedure instead of just ignoring Slave Security Request (Core Spec 5.0 Vol 3 Part H 2.4.6). > ACL Data RX: Handle 3585 flags 0x02 dlen 6 SMP: Security Request (0x0b) len 1 Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09) < HCI Command: LE Start Encryption (0x08|0x0019) plen 28 Handle: 3585 Random number: 0x0000000000000000 Encrypted diversifier: 0x0000 Long term key: 44264272a5c426a9e868f034cf0e69f3 > HCI Event: Command Status (0x0f) plen 4 LE Start Encryption (0x08|0x0019) ncmd 1 Status: Success (0x00) > HCI Event: Encryption Key Refresh Complete (0x30) plen 3 Status: Success (0x00) Handle: 3585 Signed-off-by: Szymon Janc Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman --- net/bluetooth/smp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -2251,8 +2251,14 @@ static u8 smp_cmd_security_req(struct l2 else sec_level = authreq_to_seclevel(auth); - if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) + if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) { + /* If link is already encrypted with sufficient security we + * still need refresh encryption as per Core Spec 5.0 Vol 3, + * Part H 2.4.6 + */ + smp_ltk_encrypt(conn, hcon->sec_level); return 0; + } if (sec_level > hcon->pending_sec_level) hcon->pending_sec_level = sec_level;