Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp700929ybb; Fri, 20 Mar 2020 06:43:37 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvOxA4b/3VimQjA+Vqb6oLsrZlZMDejLtQqen8V0YIRA+QezY/i3TXcKsIXnCmS1UFfmnLK X-Received: by 2002:aca:ebc5:: with SMTP id j188mr6596417oih.65.1584711816960; Fri, 20 Mar 2020 06:43:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584711816; cv=none; d=google.com; s=arc-20160816; b=L4QTO4JbE8EguAM/2IkZWHj8xFJmSyQZlTdtZ5yLJm4VWti6BOHKmpJRZZ6Mz3h2K6 X6sN93flTEAi5XePrJJC64zYduebH9QCIjsUpDwAqzXhoq2HP5KIk1O1bTaZLTWwAALl KdzUEFhPIMRWQjdbTraZz/3SJkKn+WW3iHPFzAe21SX6kRe253NCVH63a9R1mAW+4KRX nMm8R9GEnandd8tgoqcrZep2L+Dkv2c5sHyh+T5Agkl9Vp+UyZGh4KJS0yGluVHv8+jw 240SigmGA095Ks5gkaPjUY40sKxWXrgslrsIs6ZV39xuF9RsmQxAG2Vb3X+AmRj/5OWO uKNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=eueK1RelaTKtQTskeoZt6YVdGRqiAzaN29k7LII+LmU=; b=ov9eUBksMWazjzYfNX79xUOdNUfdpeyATGLVIqAaG+UZy5GX4wEWCz0wMqN9OZSwwQ IEkp7UnlSTn8/0a8H/9N4k1hcbPR2TiiQc9Rv7x6t7GbNUgcmLsqFyhlS7OJOxJkr0Ut ONCjPnx3miYnlAbIaE9R9vdQbvFSXL6q7ThXR8gS+RDQaP1hDaEPgutqupl32COEGAac D2e6WOV6hLNyYZEc3LCNijCWfBKdYGxHhJ7D/8vqJj4IQHvxMuAl8IpCwOT3uXJ0/bAF cE2ttxYM6gbMZb1HbAhXnaGlM5q6YGOZ07n+Em80shO1invvheRW4lgIJC1iy4fRQGHl pdRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qBiQFmIz; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c21si3299651otp.0.2020.03.20.06.43.23; Fri, 20 Mar 2020 06:43:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qBiQFmIz; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727194AbgCTNmI (ORCPT + 99 others); Fri, 20 Mar 2020 09:42:08 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:35427 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726843AbgCTNmI (ORCPT ); Fri, 20 Mar 2020 09:42:08 -0400 Received: by mail-lf1-f65.google.com with SMTP id m15so4585940lfp.2 for ; Fri, 20 Mar 2020 06:42:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eueK1RelaTKtQTskeoZt6YVdGRqiAzaN29k7LII+LmU=; b=qBiQFmIzx4dIZ9z3un/4jzFSKPL3QvS+rj9LCmBhm3JwobYI5BEEObAOUwVbpQiURl Iv0FdchSpwwl3GNwfTgCTialyUIpnQCCcZEMKeqQGXGGCvWKOo+e5AstvXV/lvKPpqBM 4zjVT+PojPWpztxyRsAP9NuNGuWyovhTSJrv4jQXvrwQT8RbZyowOz1o/4FNddlDn5PL j+YHpHqx5DF2WqLwNhbmWwFVsgJ6byO+WNHs8gQSranMP1kkykX3UV6IHRF/POMM1TFZ p5ODFgEB467Ycb4au5lHLmqa/kJQQYXXjU+fVnLvvRARgrd39uM2qSJ4gBAq517hrPQN 54NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eueK1RelaTKtQTskeoZt6YVdGRqiAzaN29k7LII+LmU=; b=UKhW9GguI7+psfrnpkmEh9Np8OSF0gToAeK21M7TvxXGPePPz7THGof9/EkoYhXCjr fsILmZABB9JIETQ69AolN2+58yqsXJyde/VhuPvVssJlzg8oPhlbF/237r3mgN3/a2d1 mtQWjbaVrEIm+4FHNhcXcuerI3KaljQcG8N5JCFXUzKCJgc0UQTW5ipJsmSRm07vt94+ 0vQMHvdH7ol70QyywWsy66LoFZYa/wkKcGUFUEO3CwTT1OYoXdsCTq++G0nEoSwWd9R9 uPzeLStCXXDBUG6/bhd0caB4rruUP7/Y4uhHQtej2yDBUtjprFYMuxWyFbvXZ9/bTVd7 SJkQ== X-Gm-Message-State: ANhLgQ0cU+DPmG8Bk2A0idTvsFHsrQo7YQu9/7r4KQPb7LUTj3Txfayi L3+OM3XAB4rBL0cibqKR23hUP19peyE1CaFU/ADMnw== X-Received: by 2002:a05:6512:49e:: with SMTP id v30mr5351792lfq.158.1584711725360; Fri, 20 Mar 2020 06:42:05 -0700 (PDT) MIME-Version: 1.0 References: <20200320133748.154926-1-alainm@chromium.org> In-Reply-To: <20200320133748.154926-1-alainm@chromium.org> From: Alain Michaud Date: Fri, 20 Mar 2020 09:41:53 -0400 Message-ID: Subject: Re: [PATCH v2] bluetooth: Enforce classic key size verification. To: Alain Michaud , "Holtmann, Marcel" Cc: BlueZ Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Marcel, On Fri, Mar 20, 2020 at 9:37 AM Alain Michaud wrote: > > This change introduces a new configuration to strictly enforce key size > checks. This ensures that systems are in a secured configuration by > default while allowing for a compatible posture via a Kconfig option to > support controllers who may not support the read encryption key size > command. > > Signed-off-by: Alain Michaud > --- > > net/bluetooth/Kconfig | 20 ++++++++++++++++++++ > net/bluetooth/hci_core.c | 10 ++++++++++ > net/bluetooth/hci_event.c | 4 ++++ > 3 files changed, 34 insertions(+) > > diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig > index 165148c7c4ce..8e177d4f3f02 100644 > --- a/net/bluetooth/Kconfig > +++ b/net/bluetooth/Kconfig > @@ -128,4 +128,24 @@ config BT_DEBUGFS > Provide extensive information about internal Bluetooth states > in debugfs. > > +config BT_EXPERT > + bool "Expert Bluetooth options" > + depends on BT > + default n > + help > + Provides a set of expert options and configurations that should > + only be used deliberately by BT experts. This is considered a > + global switch to ensure these advanced features or options that > + depends on BT_EXPERT are only used in expert mode. > + > +config BT_ENFORCE_CLASSIC_KEY_SIZES > + bool "Enforces security requirements for Bluetooth classic" > + depends on BT && BT_EXPERT > + default y > + help > + Enforces Bluetooth classic security requirements by disallowing > + use of insecure Bluetooth controllers, i.e. that doesn't support > + Read Encryption Key Size command to prevent BT classic connection > + with very short encryption key. > + > source "drivers/bluetooth/Kconfig" > diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c > index 4e6d61a95b20..142130d4b66b 100644 > --- a/net/bluetooth/hci_core.c > +++ b/net/bluetooth/hci_core.c > @@ -1540,6 +1540,16 @@ static int hci_dev_do_open(struct hci_dev *hdev) > > clear_bit(HCI_INIT, &hdev->flags); > > +#ifdef BT_ENFORCE_CLASSIC_KEY_SIZES > + /* Don't allow usage of Bluetooth if the chip doesn't support */ > + /* Read Encryption Key Size command */ > + if (!ret && !(hdev->commands[20] & 0x10)) { > + bt_dev_err(hdev, > + "Disabling BT, Read Encryption Key Size !supported"); > + ret = -EIO; > + } > +#endif Just FYI, I haven't changed this bit yet. I'll wait for your guidance on where best to put this to leave the controller in the right state. > + > if (!ret) { > hci_dev_hold(hdev); > hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > index a40ed31f6eb8..54f90799a088 100644 > --- a/net/bluetooth/hci_event.c > +++ b/net/bluetooth/hci_event.c > @@ -2902,7 +2902,11 @@ static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status, > if (rp->status) { > bt_dev_err(hdev, "failed to read key size for handle %u", > handle); > +#ifdef BT_ENFORCE_CLASSIC_KEY_SIZES > + conn->enc_key_size = 0; > +#else > conn->enc_key_size = HCI_LINK_KEY_SIZE; > +#endif > } else { > conn->enc_key_size = rp->key_size; > } > -- > 2.25.1.696.g5e7596f4ac-goog >