Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1866692ybm; Thu, 23 May 2019 07:54:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqxTozSuX1zRCtM5sIgD5nfzveg9hNe79MPtanwr8XRvJFImJfzQD1YwsP3dLFX2u3n0HlQJ X-Received: by 2002:a17:902:bb06:: with SMTP id l6mr40921877pls.78.1558623275637; Thu, 23 May 2019 07:54:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558623275; cv=none; d=google.com; s=arc-20160816; b=xrL+/WqBw6nvFL/s1wUlN2z2GftEV2gfLXoLJcdZ8+LsuCkM8hMUm2vCkgQPZORo+i TtI795QlXn71OCr9AfOze+cjTzzBD7AqjInuo3eoIIVW9Ow2BVH8Uo6PDfylGcT8dFDC 6jsBeWwaBWQZhgK9XyQK2oUmGFLwP+guva0GqjSxyoFgDQJKmaWiMLtIamXUcQOEQ2nR 0EAqckqt5Q5/c03UElIB/V2ltHGHN79gjQJvvNP3lkebenWFPlKC871QWcgw2QA/+AaP /H7NKXsed+z3fTqPxP2MQzfoo3FhCDDYMCfgpg+Z5c8A1AFwgnGdJzRAqcVvcZxLNZGs OS6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=; b=yCb9H6OrNYX7Z8SXt7fzbNgeWKf3zBTbzCeFuok4nuXzOXD2GwqRutukD/lT5lYdew yV9mBvdEc9scUsmk248G3UClPyESq3M1OQLOurqsj2Chj5R3f851Ez9LYv1sQAOV2KHN oiYeFTCewHn0ahY4W4d1OnVbNbMfekeIGWqoKTzNpjUHD6872wjLZfHsW/kVVBZsQJFG +Pc0mktTgA1KSTpODlGwFYcfizUEYdWAUTiO5w2bhVFKvAWjpsXvdX755EZF2ztPMS8S wsKhXtZoDU2bVSyoiz/Q1lRwRPRKzlBAxEoZmPd3TfD+KE3TtLZM7Z4Enpx/TP+6NToZ PYmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qx4LOv53; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z70si11194322pgd.514.2019.05.23.07.54.19; Thu, 23 May 2019 07:54:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qx4LOv53; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730782AbfEWOyO (ORCPT + 99 others); Thu, 23 May 2019 10:54:14 -0400 Received: from mail-oi1-f195.google.com ([209.85.167.195]:33596 "EHLO mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730752AbfEWOyN (ORCPT ); Thu, 23 May 2019 10:54:13 -0400 Received: by mail-oi1-f195.google.com with SMTP id q186so4609259oia.0 for ; Thu, 23 May 2019 07:54:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=; b=qx4LOv531Anr/a7C6YY5AT2tj9+EpFsyrFVDD63XCHNS/PVfZu4Slhh5KgOpPjrWEW CSlclzgRm301x3vAy68V06bRgsTVGlnQUSZJNpcEczSQjehx1vBa87UeQM2cIFYLhWfF HKbABZDhiuRaJsf5lg5u6Swke3OUqhGh+37gfXaocSAgrbvTzLhm1NEAlAygCo0Bs6qa fHvxyU3y5pDQ1nhEr/DQoO1wlGvcaz4gGx5K4ByT/DGPRxBK0qSsnKfWS8RoMG96NiFA uZfxEOHQjsSusFhS3JzildIQJDiEqUZX743PSir+aNYMpOsCQUQVXO1KXh7Xdpy2sB4R oAFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yGlDdZYHbLETNOc2j6kT+g7SBEF3Vd2G57qOzjA/ix0=; b=TkU1eY8G6DDKgdAgdJ6mExDa1DWhSFel0DP3QU0VxzPvskm7M0ZDIjxV5zCaYUrtTI yuvCJEt0Z88e+QnTUa2fOusKM/UvUriHozgZ/hvRwXSJj3BKrXs0m6A/J1nzhNZPmTf9 M+I8aDaigI3g6oa2z0T8o1XJzFziTEOnmOPT0t2U1oD+T7vvdGqdcnIgTYF715/FQZMo nR5IF2r+spEvZQQalkWjkalwBVBJqYODLZIXbLWIcju1aoERY1jaa23xKIAK9RaIkkCN qgrTJZsdFf9dTGEr6p5o75TltgS5e20eDHu0Jmn28sQpmfnpzTgMcUuawKrL5g0Jxmsf YlgA== X-Gm-Message-State: APjAAAUjv5vPAcEZO+R6PxEvsmTuLU3aS9LtXMGN7q0Bd1mrKlEO/zBs p0U99DYQHepNU1tvBM7b4MeCXOR190lDLbUzspDbJaf8 X-Received: by 2002:aca:b1c1:: with SMTP id a184mr3015793oif.98.1558623253329; Thu, 23 May 2019 07:54:13 -0700 (PDT) MIME-Version: 1.0 References: <20190522070540.48895-1-marcel@holtmann.org> In-Reply-To: <20190522070540.48895-1-marcel@holtmann.org> From: Vasily Khoruzhick Date: Thu, 23 May 2019 07:53:47 -0700 Message-ID: Subject: Re: [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled To: Marcel Holtmann Cc: "open list:BLUETOOTH DRIVERS" Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Wed, May 22, 2019 at 12:05 AM Marcel Holtmann wrote: > > The encryption is only mandatory to be enforced when both sides are using > Secure Simple Pairing and this means the key size check makes only sense > in that case. > > On legacy Bluetooth 2.0 and earlier devices like mice the encryption was > optional and thus causing an issue if the key size check is not bound to > using Secure Simple Pairing. > > Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections") > Signed-off-by: Marcel Holtmann > Cc: stable@vger.kernel.org Tested-by: Vasily Khoruzhick > --- > net/bluetooth/hci_conn.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c > index 3cf0764d5793..7516cdde3373 100644 > --- a/net/bluetooth/hci_conn.c > +++ b/net/bluetooth/hci_conn.c > @@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn) > return 0; > } > > - if (hci_conn_ssp_enabled(conn) && > - !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) > + /* If Secure Simple Pairing is not enabled, then legacy connection > + * setup is used and no encryption or key sizes can be enforced. > + */ > + if (!hci_conn_ssp_enabled(conn)) > + return 1; > + > + if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) > return 0; > > /* The minimum encryption key size needs to be enforced by the > -- > 2.20.1 >