Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6498778ybv;
        Wed, 12 Feb 2020 13:30:21 -0800 (PST)
X-Google-Smtp-Source: APXvYqx82S3G2upCjOad1cJSYATBjtns1P4ySFwRZmETQA7r79/3YsuebpogrSIP2D6NfOJSA7lI
X-Received: by 2002:a9d:53cb:: with SMTP id i11mr11201339oth.158.1581543020875;
        Wed, 12 Feb 2020 13:30:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581543020; cv=none;
        d=google.com; s=arc-20160816;
        b=rDWPXONOdhvGvUnAfNCJdPWOw3RP3pvX0Wcsta5ahgKDwYtASc/TDJzL7XVz1y63M+
         lw+Q3GYyL1/UHO6nnt952vbE8DdWSoZRND0bPLXkGWgz3/E82q7/jdGPWBUfCxitpTwl
         S1cZRO3ac0pSOa4H156pzPshZVY+4xpWnsLovgvsAMLFI/I8qpEYkBidaNpjwuGeA3B4
         MmGCpSQZyCptXKleEZt6RnaAHC+CiCe5Ig1YqajqfGJKb/mn5x6ewMZw4pw9aj/8aumF
         ebhXh55vjZE4QpQevhpy+UGHUBzqL04S2ktF0PEGBIEbXvkQv7GjvDfXvKlcyupGkhDT
         ogNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=6EUdtzaj5HeATaXjc8VyFybXqFaOOVdixXXnNM4Bwu8=;
        b=WtDMM8YA8QlPWF0FPvBx21qgBC+k6VOBbtx/xqHh6GinsPSF4KBscm1FeTlrVGEjpH
         hby0+wIb2f9JdQBs/xvsCwJsf+3PoUOMUBivIG1KBtdq3pUG9AHYIDRkRWRCwiYDhmNN
         vYeYcCB+75CdUqlmbzRwaAIQPUVeDDqm7UAIumno1PoO7KoFKKN8M6gfTVpFM4IR7ndN
         cpHsTxfl2SsmSwfuj51gasqxdEnKd4cfCtLH+wZDJtskBpVMLQ7m2eJcgFiB5YkTU8My
         Huj8t0HgmvvJJHBlj2l5xf1FPUZdLW/K4H0z8pHFhjv7yFvPm/ysyt5Drf2PlIrMLfdD
         jYLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Gm7kWnYI;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y12si24430oti.162.2020.02.12.13.30.06;
        Wed, 12 Feb 2020 13:30:20 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Gm7kWnYI;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729113AbgBLV36 (ORCPT <rfc822;ruprecht.th@gmail.com>
        + 99 others); Wed, 12 Feb 2020 16:29:58 -0500
Received: from mail-ot1-f68.google.com ([209.85.210.68]:34443 "EHLO
        mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727420AbgBLV36 (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 12 Feb 2020 16:29:58 -0500
Received: by mail-ot1-f68.google.com with SMTP id j16so3482806otl.1;
        Wed, 12 Feb 2020 13:29:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=6EUdtzaj5HeATaXjc8VyFybXqFaOOVdixXXnNM4Bwu8=;
        b=Gm7kWnYIxvK5ldgUz4g0nVBMQc639uswc6TWHlep6sMqtQ+qujlnjp283SbnnrOPbU
         b7avqm/swkSzEN9Ep5ayPFEhjB1lKr0rbO+LZ0bGR1mC47DVV3RJ5mtUiJct8Dy/lwHr
         3JV/DMBqqGEnml0UNFYuKej4E1ULCpr/3MFyEk3OGTwVn6LNgAhJV2yCIcJGcuISfvw1
         fLV80ZpcvfknDPnc+7UPtii/Iu54o/RXKZra9rrrR57tnQlg77PXMFzjqGbWejck6OXe
         u9EIa1vIAEzSevFbx3pN/zGWFslWR5FY9NjIQPKkaGkV+8CiA2T9I36/yz5PQiuNDw6e
         +gOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=6EUdtzaj5HeATaXjc8VyFybXqFaOOVdixXXnNM4Bwu8=;
        b=pTgDhW6FFiakFY0gMc3lfbZK9af6qiKp3OHj7WqtO/e2Xz7D5eeNoh97OQLpxQCUOj
         92TVKZm+sPoqbOMI78isW9JR2yz9uEXs/1EKkBTURkru4gXZAsZfn/4Ucg6Ge0yei3A1
         ublo8NilbTmFgQVPxlrIeHhzyLpdX6cGI74dsCQl6d3r8AAVPRmm/HSUSCSUmKd6WC49
         GzBJQv1efVBoHlFGGNzNx4JTtxYETpftCq+1GdeiigDfVyj2vvuho9JLQa9CPZp+RhQ4
         JD8uJG8y+BDrWpKDKSAfuuUy/eCoM23LwBpOD0EHdecArPAnHjAj4JU9TDJwyQ/O5GqI
         7Wgw==
X-Gm-Message-State: APjAAAVg5AnWGe/hy8gZCuZNOoKT4mRkY3FpkLZMTdOgQQrqWdQX/L0G
        JdpvikmyFj+/B8bDEtVdYLdDRnh/9O2L7JU3QgE=
X-Received: by 2002:a9d:6d10:: with SMTP id o16mr11255994otp.28.1581542997421;
 Wed, 12 Feb 2020 13:29:57 -0800 (PST)
MIME-Version: 1.0
References: <20200212212316.Bluez.v3.1.Ia71869d2f3e19a76a6a352c61088a085a1d41ba6@changeid>
 <89D0B633-381D-4700-AB33-5F803BCB6E94@holtmann.org> <86D0ACD5-BEF7-45B3-B621-BA2E457AB57B@gmail.com>
In-Reply-To: <86D0ACD5-BEF7-45B3-B621-BA2E457AB57B@gmail.com>
From:   Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Date:   Wed, 12 Feb 2020 13:29:45 -0800
Message-ID: <CABBYNZLm_q_WV3nmGVpePXpLsjnkk_zpEm1cYK0ps7H3PM=_kQ@mail.gmail.com>
Subject: Re: [Bluez PATCH v3] bluetooth: secure bluetooth stack from bluedump attack
To:     Johan Hedberg <johan.hedberg@gmail.com>
Cc:     Marcel Holtmann <marcel@holtmann.org>,
        Howard Chung <howardchung@google.com>,
        Bluez mailing list <linux-bluetooth@vger.kernel.org>,
        ChromeOS Bluetooth Upstreaming 
        <chromeos-bluetooth-upstreaming@chromium.org>,
        "David S. Miller" <davem@davemloft.net>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Howard,

On Wed, Feb 12, 2020 at 7:39 AM Johan Hedberg <johan.hedberg@gmail.com> wrote:
>
> Hi Marcel,
>
> On 12. Feb 2020, at 17.19, Marcel Holtmann <marcel@holtmann.org> wrote:
> >> +            key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
> >> +                               hcon->role);
> >> +
> >> +            /* If there already exists link key in local host, leave the
> >> +             * decision to user space since the remote device could be
> >> +             * legitimate or malicious.
> >> +             */
> >> +            if (smp->method == JUST_WORKS && key) {
> >> +                    err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
> >> +                                                    hcon->type,
> >> +                                                    hcon->dst_type, passkey,
> >> +                                                    1);
> >> +                    if (err)
> >> +                            return SMP_UNSPECIFIED;
> >> +                    set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
> >> +            }
> >>      }
> >
> > while this looks good, I like to optimize this to only look up the LTK when needed.

I wonder why we don't just call user confirm everytime? That way the
new policy preference applies to both a new pair or when already
paired, and we don't have to really do the key lookup here since the
userspace can do the check if really needed.

> >
> >       /* comment here */
> >       if (smp->method != JUST_WORKS)
> >               goto mackey_and_ltk;
> >
> >
> >       /* and command here */
> >       if (hci_find_ltk()) {
> >               mgmt_user_confirm_request()
> >               ..
> >       }
> >
> > And my preference that we also get an Ack from Johan or Luiz that double checked that this is fine.
>
> Acked-by: Johan Hedberg <johan.hedberg@intel.com>
>
> Johan



-- 
Luiz Augusto von Dentz