Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp879993ybb; Wed, 25 Mar 2020 11:21:19 -0700 (PDT) X-Google-Smtp-Source: ADFU+vs+pps3n2kkIwTNi/t07db8w2QmpEGgSg2WyxVmAs/16SWVui7Xv2xfW7Z3gtro7UllINLu X-Received: by 2002:a4a:cb91:: with SMTP id y17mr2325125ooq.51.1585160478940; Wed, 25 Mar 2020 11:21:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585160478; cv=none; d=google.com; s=arc-20160816; b=QvRvivvVyFGN2gatabUD8LAw8pPcm80lBEYkORfgEqqyEnCzzUt+ypt6AcbvMfmdyE AdM1E8uAA1DZW9pjRdzNSoFXPoc1iZqnQXZQ6hHqd2HtF+3RWdvW70ZHR4+xZKv3z67V gjLOatVpw1/tYa6NSD62PZmt5OmCi5aM4JoLfPFYvz3Prm3rk/FHKCxIhItqgnknzIjY JuNHzxzMY+55LmrH+fBQmWE0WD/Mykm1wj5TVORdpmo8FrHSsMNAjsrJ7jWPM/rS+40B m81Vg0DAjUUvvV9FFsofYcrkHY3gyB3wOK8JaFzQCbMJgwOa0D9CP6sYk4sb605kMojH d94w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=vLBe7SPdxBlnuj/SXDhreeM9U3HFuwM56CJ8sTU6UqQ=; b=JfE68vM3L4AQ9zBZ1JmLoHIM00zBWhi8mGx28R6Ii+/wgHdu2qLdBIggILvV7VoukN 6qpXfujCj/NqUpt+rIKTk9EFk62NoIBGR76Es/nDWg4X817k+tSslEx2SwLdNP67gxon nuQcao4hMwmxOKp8vCEeaEWfmv4y6Oh+K/wZpH/ea1KQ/20U1IxDM4u3vaN2+bhvJ971 Zsr5VCfuSlI686p3hQxjB39UFxZ7XKanbNr8if1EOZO/1gcsZzNl9+F81GiiFboEx/if lNszYrjzDNW25TUT8FoZAPNx636FoBe/m3IA3RRdek4FF3kqp0KQlmaKT+NK8JTUnUKo 6Cbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v24si1628819oot.29.2020.03.25.11.20.51; Wed, 25 Mar 2020 11:21:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727129AbgCYSTE convert rfc822-to-8bit (ORCPT + 99 others); Wed, 25 Mar 2020 14:19:04 -0400 Received: from coyote.holtmann.net ([212.227.132.17]:38714 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727006AbgCYSTE (ORCPT ); Wed, 25 Mar 2020 14:19:04 -0400 Received: from marcel-macbook.fritz.box (p4FEFC5A7.dip0.t-ipconnect.de [79.239.197.167]) by mail.holtmann.org (Postfix) with ESMTPSA id 29E30CECD4; Wed, 25 Mar 2020 19:28:35 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Re: [PATCH v2] bluetooth: Enforce classic key size verification. From: Marcel Holtmann In-Reply-To: <1AFDC1E2-8875-4EFC-8A75-DAB89DA9FFB5@holtmann.org> Date: Wed, 25 Mar 2020 19:19:02 +0100 Cc: Alain Michaud , Marcel Holtmann , BlueZ Content-Transfer-Encoding: 8BIT Message-Id: References: <20200320133748.154926-1-alainm@chromium.org> <1ACCF17B-90EB-4DE1-BD8C-A927ABEC3913@holtmann.org> <992DB845-DB7F-41B9-93E0-538B08BDF910@holtmann.org> <1AFDC1E2-8875-4EFC-8A75-DAB89DA9FFB5@holtmann.org> To: Alain Michaud X-Mailer: Apple Mail (2.3608.60.0.2.5) Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Alain, >> I suspect we'd want bluetoothd to have a configuration that can enforce a more secure posture. >> >> Unfortunately when the command isn't supported, the platform is left between a rock and hard place... There isn't much we can do but to block the use of Bluetooth if the platform requires a more secure posture. > > so if the BR/EDR part is not up to the policy that the host requires, we could still configure the LE part. BlueZ is set up in this way that you can run a dual-mode controller as just a LE controller. > > I would also opt for the kernel just tells us what options it have. Then at least we can provide some feedback to the end-user on why Bluetooth is not available or why only selected features are available. what about something like this: +Read Security Features Command +============================== + + Command Code: 0x0048 + Controller Index: + Command Parameters: + Return Parameters: Security_Data_Length (2 Octets) + Security_Data (0-65535 Octets) + + This command is used to retrieve the supported security features + by the controller or the kernel. + + The Security_Data_Length and Security_Data parameters provide + a list of security settings, features and information. It uses + the same format as EIR_Data, but with the namespace defined here. + + Data Type Name + -------------------- + 0x01 Flags + 0x02 Max Encryption Key Size (BR/EDR) + 0x03 Max Encryption Key Size (LE) + 0x04 Encryption Key Size enforcement (BR/EDR) + 0x05 Encryption Key Size enforcement (LE) + 0x06 ECDH Public Key validation (BR/EDR) + 0x07 ECDH Public Key validation (LE) + + + Max Encryption Key Size (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating the max encryption key size. If the field is not + present, then it is unknown what the max encryption key + size of the controller or host is in use. + + Encryption Key Size Enforcement (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating the min encryption key size that is enforced by + the controller or host. If the field is not present, then + it is unknown what the controller or host are enforcing. + + ECDH Public Key validation (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating if public key validation is in use (0x01) or not + available (0x00). If the field is not present, then it is + unknown if the controller or host are validating public keys. + + This command generates a Command Complete event on success or + a Command Status event on failure. + + Possible errors: Invalid Parameters + Invalid Index Maybe this is overkill, but it would give us some flexible way of having the kernel tell us what is supported. Then bluetoothd can decide to power a controller or parts of a controller. Regards Marcel