Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1866692ybm;
        Thu, 23 May 2019 07:54:35 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxTozSuX1zRCtM5sIgD5nfzveg9hNe79MPtanwr8XRvJFImJfzQD1YwsP3dLFX2u3n0HlQJ
X-Received: by 2002:a17:902:bb06:: with SMTP id l6mr40921877pls.78.1558623275637;
        Thu, 23 May 2019 07:54:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558623275; cv=none;
        d=google.com; s=arc-20160816;
        b=xrL+/WqBw6nvFL/s1wUlN2z2GftEV2gfLXoLJcdZ8+LsuCkM8hMUm2vCkgQPZORo+i
         TtI795QlXn71OCr9AfOze+cjTzzBD7AqjInuo3eoIIVW9Ow2BVH8Uo6PDfylGcT8dFDC
         6jsBeWwaBWQZhgK9XyQK2oUmGFLwP+guva0GqjSxyoFgDQJKmaWiMLtIamXUcQOEQ2nR
         0EAqckqt5Q5/c03UElIB/V2ltHGHN79gjQJvvNP3lkebenWFPlKC871QWcgw2QA/+AaP
         /H7NKXsed+z3fTqPxP2MQzfoo3FhCDDYMCfgpg+Z5c8A1AFwgnGdJzRAqcVvcZxLNZGs
         OS6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=;
        b=yCb9H6OrNYX7Z8SXt7fzbNgeWKf3zBTbzCeFuok4nuXzOXD2GwqRutukD/lT5lYdew
         yV9mBvdEc9scUsmk248G3UClPyESq3M1OQLOurqsj2Chj5R3f851Ez9LYv1sQAOV2KHN
         oiYeFTCewHn0ahY4W4d1OnVbNbMfekeIGWqoKTzNpjUHD6872wjLZfHsW/kVVBZsQJFG
         +Pc0mktTgA1KSTpODlGwFYcfizUEYdWAUTiO5w2bhVFKvAWjpsXvdX755EZF2ztPMS8S
         wsKhXtZoDU2bVSyoiz/Q1lRwRPRKzlBAxEoZmPd3TfD+KE3TtLZM7Z4Enpx/TP+6NToZ
         PYmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=qx4LOv53;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z70si11194322pgd.514.2019.05.23.07.54.19;
        Thu, 23 May 2019 07:54:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=qx4LOv53;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730782AbfEWOyO (ORCPT <rfc822;morrolinux@gmail.com>
        + 99 others); Thu, 23 May 2019 10:54:14 -0400
Received: from mail-oi1-f195.google.com ([209.85.167.195]:33596 "EHLO
        mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730752AbfEWOyN (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 23 May 2019 10:54:13 -0400
Received: by mail-oi1-f195.google.com with SMTP id q186so4609259oia.0
        for <linux-bluetooth@vger.kernel.org>; Thu, 23 May 2019 07:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=;
        b=qx4LOv531Anr/a7C6YY5AT2tj9+EpFsyrFVDD63XCHNS/PVfZu4Slhh5KgOpPjrWEW
         CSlclzgRm301x3vAy68V06bRgsTVGlnQUSZJNpcEczSQjehx1vBa87UeQM2cIFYLhWfF
         HKbABZDhiuRaJsf5lg5u6Swke3OUqhGh+37gfXaocSAgrbvTzLhm1NEAlAygCo0Bs6qa
         fHvxyU3y5pDQ1nhEr/DQoO1wlGvcaz4gGx5K4ByT/DGPRxBK0qSsnKfWS8RoMG96NiFA
         uZfxEOHQjsSusFhS3JzildIQJDiEqUZX743PSir+aNYMpOsCQUQVXO1KXh7Xdpy2sB4R
         oAFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=;
        b=TkU1eY8G6DDKgdAgdJ6mExDa1DWhSFel0DP3QU0VxzPvskm7M0ZDIjxV5zCaYUrtTI
         yuvCJEt0Z88e+QnTUa2fOusKM/UvUriHozgZ/hvRwXSJj3BKrXs0m6A/J1nzhNZPmTf9
         M+I8aDaigI3g6oa2z0T8o1XJzFziTEOnmOPT0t2U1oD+T7vvdGqdcnIgTYF715/FQZMo
         nR5IF2r+spEvZQQalkWjkalwBVBJqYODLZIXbLWIcju1aoERY1jaa23xKIAK9RaIkkCN
         qgrTJZsdFf9dTGEr6p5o75TltgS5e20eDHu0Jmn28sQpmfnpzTgMcUuawKrL5g0Jxmsf
         YlgA==
X-Gm-Message-State: APjAAAUjv5vPAcEZO+R6PxEvsmTuLU3aS9LtXMGN7q0Bd1mrKlEO/zBs
        p0U99DYQHepNU1tvBM7b4MeCXOR190lDLbUzspDbJaf8
X-Received: by 2002:aca:b1c1:: with SMTP id a184mr3015793oif.98.1558623253329;
 Thu, 23 May 2019 07:54:13 -0700 (PDT)
MIME-Version: 1.0
References: <20190522070540.48895-1-marcel@holtmann.org>
In-Reply-To: <20190522070540.48895-1-marcel@holtmann.org>
From:   Vasily Khoruzhick <anarsoul@gmail.com>
Date:   Thu, 23 May 2019 07:53:47 -0700
Message-ID: <CA+E=qVcW0aQ=D_0bvEbTL9VA5P_2iykbZpNr2xH8P-eHB3FSog@mail.gmail.com>
Subject: Re: [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing
 is enabled
To:     Marcel Holtmann <marcel@holtmann.org>
Cc:     "open list:BLUETOOTH DRIVERS" <linux-bluetooth@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

On Wed, May 22, 2019 at 12:05 AM Marcel Holtmann <marcel@holtmann.org> wrote:
>
> The encryption is only mandatory to be enforced when both sides are using
> Secure Simple Pairing and this means the key size check makes only sense
> in that case.
>
> On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
> optional and thus causing an issue if the key size check is not bound to
> using Secure Simple Pairing.
>
> Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
> Cc: stable@vger.kernel.org

Tested-by: Vasily Khoruzhick <anarsoul@gmail.com>

> ---
>  net/bluetooth/hci_conn.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 3cf0764d5793..7516cdde3373 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
>                         return 0;
>         }
>
> -       if (hci_conn_ssp_enabled(conn) &&
> -           !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
> +       /* If Secure Simple Pairing is not enabled, then legacy connection
> +        * setup is used and no encryption or key sizes can be enforced.
> +        */
> +       if (!hci_conn_ssp_enabled(conn))
> +               return 1;
> +
> +       if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
>                 return 0;
>
>         /* The minimum encryption key size needs to be enforced by the
> --
> 2.20.1
>