LinuxLists.cc - [PATCH v2] Bluetooth: Preserve auth + encrypt for sec mode 3 remotes

2011-08-09 20:42:41

Subject: [PATCH v2] Bluetooth: Preserve auth + encrypt for sec mode 3 remotes

TGVnYWN5IHJlbW90ZSBkZXZpY2VzICh2IDIuMC0pIGNhbiBlc3RhYmxpc2ggbGluay1sZXZlbA0K
ZW5jcnlwdGlvbiBhcyBwYXJ0IG9mIEFDTCBjb25uZWN0aW9uIGVzdGFibGlzaG1lbnQNCihpZS4s
IHNlY3VyaXR5IG1vZGUgMykuIFRoZSBob3N0IGNvbnRyb2xsZXIgaW5kaWNhdGVzIGxpbmstbGV2
ZWwNCmVuY3J5cHRpb24gaXMgZXN0YWJsaXNoZWQgaW4gdGhpcyBjYXNlIHdpdGggdGhlDQpFbmNy
eXB0aW9uX0VuYWJsZWQgZmxhZyBvZiB0aGUgQ29ubmVjdGlvbiBDb21wbGV0ZSBldmVudC4NCg0K
VGhpcyB0d28tcGFydCBmaXggZmlyc3Qgc2V0cyB0aGUgY29ycmVjdCBsaW5rIHN0YXRlIGZvciB0
aGlzDQpjb25kaXRpb24gYW5kLCBzZWNvbmQsIGJ5cGFzc2VzIGFkZGl0aW9uYWwgYXV0aCArIGVu
Y3J5cHQgZm9yDQpzdWJzZXF1ZW50IHNlY3VyaXR5IGxldmVsIGVsZXZhdGlvbnMgKHVwIHRvIGJ1
dCBub3QgaW5jbHVkaW5nDQpCVF9TRUNVUklUWV9ISUdIKS4NCg0KU2lnbmVkLW9mZi1ieTogUGV0
ZXIgSHVybGV5IDxwZXRlckBodXJsZXlzb2Z0d2FyZS5jb20+DQotLS0NCg0KdjI6IFJlbW92ZSBy
ZWR1bmRhbnQgc3NwX21vZGUgdGVzdHMgYW5kIHNldCBjb25uZWN0aW9uDQpzZWN1cml0eSBsZXZl
bCBmcm9tIHBlbmRpbmcgd2hlbiBoYW5kbGluZyBjb25uX2NvbXBsZXRlIGV2dCANCg0KIG5ldC9i
bHVldG9vdGgvaGNpX2Nvbm4uYyAgfCAgIDEzICsrKysrKysrKysrLS0NCiBuZXQvYmx1ZXRvb3Ro
L2hjaV9ldmVudC5jIHwgICAgOSArKysrKysrKysNCiAyIGZpbGVzIGNoYW5nZWQsIDIwIGluc2Vy
dGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQoNCmRpZmYgLS1naXQgYS9uZXQvYmx1ZXRvb3RoL2hj
aV9jb25uLmMgYi9uZXQvYmx1ZXRvb3RoL2hjaV9jb25uLmMNCmluZGV4IGUzMzMyNzQuLmJmZGQ2
M2YgMTAwNjQ0DQotLS0gYS9uZXQvYmx1ZXRvb3RoL2hjaV9jb25uLmMNCisrKyBiL25ldC9ibHVl
dG9vdGgvaGNpX2Nvbm4uYw0KQEAgLTU0MSw5ICs1NDEsMTggQEAgc3RhdGljIGludCBoY2lfY29u
bl9hdXRoKHN0cnVjdCBoY2lfY29ubiAqY29ubiwgX191OCBzZWNfbGV2ZWwsIF9fdTggYXV0aF90
eXBlKQ0KIAlpZiAoY29ubi0+cGVuZGluZ19zZWNfbGV2ZWwgPiBzZWNfbGV2ZWwpDQogCQlzZWNf
bGV2ZWwgPSBjb25uLT5wZW5kaW5nX3NlY19sZXZlbDsNCiANCi0JaWYgKHNlY19sZXZlbCA+IGNv
bm4tPnNlY19sZXZlbCkNCisJaWYgKHNlY19sZXZlbCA+IGNvbm4tPnNlY19sZXZlbCkgew0KIAkJ
Y29ubi0+cGVuZGluZ19zZWNfbGV2ZWwgPSBzZWNfbGV2ZWw7DQotCWVsc2UgaWYgKGNvbm4tPmxp
bmtfbW9kZSAmIEhDSV9MTV9BVVRIKQ0KKwkJLyogTGVnYWN5IHNlY3VyaXR5IG1vZGUgMyByZW1v
dGUgZGV2aWNlcyB0aGF0IGFyZSBhbHJlYWR5DQorCQkgKiBhdXRoJ2QgZG8gbm90IG5lZWQgdG8g
cmUtYXV0aCB1bmxlc3MgcHJvbW90aW5nIHRvDQorCQkgKiBCVF9TRUNVUklUWV9ISUdIICovDQor
CQlpZiAoIShjb25uLT5oZGV2LT5zc3BfbW9kZSA+IDAgJiYgY29ubi0+c3NwX21vZGUgPiAwKSAm
Jg0KKwkJCQkoc2VjX2xldmVsICE9IEJUX1NFQ1VSSVRZX0hJR0gpICYmDQorCQkJCShjb25uLT5s
aW5rX21vZGUgJiBIQ0lfTE1fQVVUSCkpIHsNCisJCQljb25uLT5zZWNfbGV2ZWwgPSBzZWNfbGV2
ZWw7DQorCQkJcmV0dXJuIDE7DQorCQl9DQorCX0gZWxzZSBpZiAoY29ubi0+bGlua19tb2RlICYg
SENJX0xNX0FVVEgpDQogCQlyZXR1cm4gMTsNCiANCiAJLyogTWFrZSBzdXJlIHdlIHByZXNlcnZl
IGFuIGV4aXN0aW5nIE1JVE0gcmVxdWlyZW1lbnQqLw0KZGlmZiAtLWdpdCBhL25ldC9ibHVldG9v
dGgvaGNpX2V2ZW50LmMgYi9uZXQvYmx1ZXRvb3RoL2hjaV9ldmVudC5jDQppbmRleCA3NzkzMGFh
Li40NjRjZmI0IDEwMDY0NA0KLS0tIGEvbmV0L2JsdWV0b290aC9oY2lfZXZlbnQuYw0KKysrIGIv
bmV0L2JsdWV0b290aC9oY2lfZXZlbnQuYw0KQEAgLTEzMTEsNiArMTMxMSwxNSBAQCBzdGF0aWMg
aW5saW5lIHZvaWQgaGNpX2Nvbm5fY29tcGxldGVfZXZ0KHN0cnVjdCBoY2lfZGV2ICpoZGV2LCBz
dHJ1Y3Qgc2tfYnVmZiAqcw0KIAkJaWYgKHRlc3RfYml0KEhDSV9FTkNSWVBULCAmaGRldi0+Zmxh
Z3MpKQ0KIAkJCWNvbm4tPmxpbmtfbW9kZSB8PSBIQ0lfTE1fRU5DUllQVDsNCiANCisJCS8qIElu
ZGljYXRlIHRoZSBjb3JyZWN0IGxpbmsgc3RhdGUgZm9yIGxlZ2FjeSBzZWMgbW9kZSAzDQorCQkg
KiByZW1vdGUgZGV2aWNlcyBmb3Igd2hpY2ggdGhlIExNIGhhcyBhbHJlYWR5IGVzdGFibGlzaGVk
DQorCQkgKiBsaW5rIGVuY3J5cHRpb24gKi8NCisJCWlmIChjb25uLT50eXBlID09IEFDTF9MSU5L
ICYmIGV2LT5lbmNyX21vZGUgPT0gMHgwMSAmJg0KKwkJCQljb25uLT5wZW5kaW5nX3NlY19sZXZl
bCAhPSBCVF9TRUNVUklUWV9ISUdIKSB7DQorCQkJY29ubi0+bGlua19tb2RlIHw9IEhDSV9MTV9B
VVRIIHwgSENJX0xNX0VOQ1JZUFQ7DQorCQkJY29ubi0+c2VjX2xldmVsID0gY29ubi0+cGVuZGlu
Z19zZWNfbGV2ZWw7DQorCQl9DQorDQogCQkvKiBHZXQgcmVtb3RlIGZlYXR1cmVzICovDQogCQlp
ZiAoY29ubi0+dHlwZSA9PSBBQ0xfTElOSykgew0KIAkJCXN0cnVjdCBoY2lfY3BfcmVhZF9yZW1v
dGVfZmVhdHVyZXMgY3A7DQotLSANCjEuNy40LjENCg0K

2011-09-15 13:03:54

by Peter Hurley

[permalink] [raw]

Subject: Re: [PATCH v2] Bluetooth: Preserve auth + encrypt for sec mode 3 remotes

On Tue, 2011-08-09 at 16:42 -0400, Peter Hurley wrote:
> Legacy remote devices (v 2.0-) can establish link-level
> encryption as part of ACL connection establishment
> (ie., security mode 3). The host controller indicates link-level
> encryption is established in this case with the
> Encryption_Enabled flag of the Connection Complete event.
>
> This two-part fix first sets the correct link state for this
> condition and, second, bypasses additional auth + encrypt for
> subsequent security level elevations (up to but not including
> BT_SECURITY_HIGH).
>
> Signed-off-by: Peter Hurley <[email protected]>
> ---
>
> v2: Remove redundant ssp_mode tests and set connection
> security level from pending when handling conn_complete evt
>
> net/bluetooth/hci_conn.c | 13 +++++++++++--
> net/bluetooth/hci_event.c | 9 +++++++++
> 2 files changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index e333274..bfdd63f 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -541,9 +541,18 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
> if (conn->pending_sec_level > sec_level)
> sec_level = conn->pending_sec_level;
>
> - if (sec_level > conn->sec_level)
> + if (sec_level > conn->sec_level) {
> conn->pending_sec_level = sec_level;
> - else if (conn->link_mode & HCI_LM_AUTH)
> + /* Legacy security mode 3 remote devices that are already
> + * auth'd do not need to re-auth unless promoting to
> + * BT_SECURITY_HIGH */
> + if (!(conn->hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
> + (sec_level != BT_SECURITY_HIGH) &&
> + (conn->link_mode & HCI_LM_AUTH)) {
> + conn->sec_level = sec_level;
> + return 1;
> + }
> + } else if (conn->link_mode & HCI_LM_AUTH)
> return 1;
>
> /* Make sure we preserve an existing MITM requirement*/
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index 77930aa..464cfb4 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -1311,6 +1311,15 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
> if (test_bit(HCI_ENCRYPT, &hdev->flags))
> conn->link_mode |= HCI_LM_ENCRYPT;
>
> + /* Indicate the correct link state for legacy sec mode 3
> + * remote devices for which the LM has already established
> + * link encryption */
> + if (conn->type == ACL_LINK && ev->encr_mode == 0x01 &&
> + conn->pending_sec_level != BT_SECURITY_HIGH) {
> + conn->link_mode |= HCI_LM_AUTH | HCI_LM_ENCRYPT;
> + conn->sec_level = conn->pending_sec_level;
> + }
> +
> /* Get remote features */
> if (conn->type == ACL_LINK) {
> struct hci_cp_read_remote_features cp;
> --

Turns out this is not allowed per spec. From the Core 4.0 spec, Vol 3,
Part C - Generic Access Profile, Section 5.2.2.2.2, Authentication
Required for Access to Local Service by Remote Device:

"A Bluetooth device in security mode 4 shall respond to authentication
and pairing requests during link establishment when the remote device is
in security mode 3 for backwards compatibility reasons. However,
authentication of the remote device shall be performed after the receipt
of the channel establishment request is received, and before the channel
establishment response is sent."