Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp879993ybb;
        Wed, 25 Mar 2020 11:21:19 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vs+pps3n2kkIwTNi/t07db8w2QmpEGgSg2WyxVmAs/16SWVui7Xv2xfW7Z3gtro7UllINLu
X-Received: by 2002:a4a:cb91:: with SMTP id y17mr2325125ooq.51.1585160478940;
        Wed, 25 Mar 2020 11:21:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585160478; cv=none;
        d=google.com; s=arc-20160816;
        b=QvRvivvVyFGN2gatabUD8LAw8pPcm80lBEYkORfgEqqyEnCzzUt+ypt6AcbvMfmdyE
         AdM1E8uAA1DZW9pjRdzNSoFXPoc1iZqnQXZQ6hHqd2HtF+3RWdvW70ZHR4+xZKv3z67V
         gjLOatVpw1/tYa6NSD62PZmt5OmCi5aM4JoLfPFYvz3Prm3rk/FHKCxIhItqgnknzIjY
         JuNHzxzMY+55LmrH+fBQmWE0WD/Mykm1wj5TVORdpmo8FrHSsMNAjsrJ7jWPM/rS+40B
         m81Vg0DAjUUvvV9FFsofYcrkHY3gyB3wOK8JaFzQCbMJgwOa0D9CP6sYk4sb605kMojH
         d94w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=vLBe7SPdxBlnuj/SXDhreeM9U3HFuwM56CJ8sTU6UqQ=;
        b=JfE68vM3L4AQ9zBZ1JmLoHIM00zBWhi8mGx28R6Ii+/wgHdu2qLdBIggILvV7VoukN
         6qpXfujCj/NqUpt+rIKTk9EFk62NoIBGR76Es/nDWg4X817k+tSslEx2SwLdNP67gxon
         nuQcao4hMwmxOKp8vCEeaEWfmv4y6Oh+K/wZpH/ea1KQ/20U1IxDM4u3vaN2+bhvJ971
         Zsr5VCfuSlI686p3hQxjB39UFxZ7XKanbNr8if1EOZO/1gcsZzNl9+F81GiiFboEx/if
         lNszYrjzDNW25TUT8FoZAPNx636FoBe/m3IA3RRdek4FF3kqp0KQlmaKT+NK8JTUnUKo
         6Cbg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v24si1628819oot.29.2020.03.25.11.20.51;
        Wed, 25 Mar 2020 11:21:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727129AbgCYSTE convert rfc822-to-8bit (ORCPT
        <rfc822;farzad.panahi@gmail.com> + 99 others);
        Wed, 25 Mar 2020 14:19:04 -0400
Received: from coyote.holtmann.net ([212.227.132.17]:38714 "EHLO
        mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727006AbgCYSTE (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 25 Mar 2020 14:19:04 -0400
Received: from marcel-macbook.fritz.box (p4FEFC5A7.dip0.t-ipconnect.de [79.239.197.167])
        by mail.holtmann.org (Postfix) with ESMTPSA id 29E30CECD4;
        Wed, 25 Mar 2020 19:28:35 +0100 (CET)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Subject: Re: [PATCH v2] bluetooth: Enforce classic key size verification.
From:   Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <1AFDC1E2-8875-4EFC-8A75-DAB89DA9FFB5@holtmann.org>
Date:   Wed, 25 Mar 2020 19:19:02 +0100
Cc:     Alain Michaud <alainm@chromium.org>,
        Marcel Holtmann <marcel.holtmann@intel.com>,
        BlueZ <linux-bluetooth@vger.kernel.org>
Content-Transfer-Encoding: 8BIT
Message-Id: <D1D08F4A-9FAE-4E68-B005-E2573E42D1D8@holtmann.org>
References: <20200320133748.154926-1-alainm@chromium.org>
 <CALWDO_WSHiNw+uwcZzufJ7rjHr=zpMs6f3ry=rdLMGLz2gJZ=w@mail.gmail.com>
 <1ACCF17B-90EB-4DE1-BD8C-A927ABEC3913@holtmann.org>
 <CALWDO_V=6NXLTZ=XTc+uAe3YUVkUfe88c4beWWoqWK7+vK4+8g@mail.gmail.com>
 <992DB845-DB7F-41B9-93E0-538B08BDF910@holtmann.org>
 <CALWDO_WF4n_Ta-fYoxTv4OF_guZy=d8urEyrosUPgWdHXo8Pag@mail.gmail.com>
 <C35897C0-9924-4598-859B-0ADD1EF2FB94@holtmann.org>
 <CALWDO_XjO9=2Y_W-uAXxb+myh1nLvF7_CxrprtLZ=pAj-FrVaQ@mail.gmail.com>
 <1AFDC1E2-8875-4EFC-8A75-DAB89DA9FFB5@holtmann.org>
To:     Alain Michaud <alainmichaud@google.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Alain,

>> I suspect we'd want bluetoothd to have a configuration that can enforce a more secure posture.
>> 
>> Unfortunately when the command isn't supported, the platform is left between a rock and hard place... There isn't much we can do but to block the use of Bluetooth if the platform requires a more secure posture.
> 
> so if the BR/EDR part is not up to the policy that the host requires, we could still configure the LE part. BlueZ is set up in this way that you can run a dual-mode controller as just a LE controller.
> 
> I would also opt for the kernel just tells us what options it have. Then at least we can provide some feedback to the end-user on why Bluetooth is not available or why only selected features are available.

what about something like this:

+Read Security Features Command
+==============================
+
+       Command Code:           0x0048
+       Controller Index:       <controller id>
+       Command Parameters:
+       Return Parameters:      Security_Data_Length (2 Octets)
+                               Security_Data (0-65535 Octets)
+
+       This command is used to retrieve the supported security features
+       by the controller or the kernel.
+
+       The Security_Data_Length and Security_Data parameters provide
+       a list of security settings, features and information. It uses
+       the same format as EIR_Data, but with the namespace defined here.
+
+               Data Type       Name
+               --------------------
+               0x01            Flags
+               0x02            Max Encryption Key Size (BR/EDR)
+               0x03            Max Encryption Key Size (LE)
+               0x04            Encryption Key Size enforcement (BR/EDR)
+               0x05            Encryption Key Size enforcement (LE)
+               0x06            ECDH Public Key validation (BR/EDR)
+               0x07            ECDH Public Key validation (LE)
+
+
+       Max Encryption Key Size (BR/EDR and LE)
+
+               When the field is present, then it provides 1 Octet value
+               indicating the max encryption key size. If the field is not
+               present, then it is unknown what the max encryption key
+               size of the controller or host is in use.
+
+       Encryption Key Size Enforcement (BR/EDR and LE)
+
+               When the field is present, then it provides 1 Octet value
+               indicating the min encryption key size that is enforced by
+               the controller or host. If the field is not present, then
+               it is unknown what the controller or host are enforcing.
+
+       ECDH Public Key validation (BR/EDR and LE)
+
+               When the field is present, then it provides 1 Octet value
+               indicating if public key validation is in use (0x01) or not
+               available (0x00). If the field is not present, then it is
+               unknown if the controller or host are validating public keys.
+
+       This command generates a Command Complete event on success or
+       a Command Status event on failure.
+
+       Possible errors:        Invalid Parameters
+                               Invalid Index

Maybe this is overkill, but it would give us some flexible way of having the kernel tell us what is supported. Then bluetoothd can decide to power a controller or parts of a controller.

Regards

Marcel