Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp689144ybb; Fri, 3 Apr 2020 10:00:36 -0700 (PDT) X-Google-Smtp-Source: APiQypKvDRBc2GfeG+edZ/Z7rekKpf1jn48h+UV1TNIPuKbzL8OHGf2dLHP3mc3pJA3SgmRBax9H X-Received: by 2002:a9d:7488:: with SMTP id t8mr6992054otk.219.1585933236020; Fri, 03 Apr 2020 10:00:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585933236; cv=none; d=google.com; s=arc-20160816; b=SF3prJdWlrWxu/sEqLD9ZIciO769+HxE4WQxXa8SGMewLFk81nsVXEyAB+CvBaBjCw LF51Af9RuD1IKYA0v/MPOxKXH8JT/OV+ZtGXptdMctGPeOYnLIyUeaXl/2IXwJC9XLiu alNHx4ii/TrAevVb4wuPYcR5AwAcgQi/nRSdXz80wMoJjy0Hp5p3jIFPqlfkul19vjyU NiL6TPeOj18t7HM4KvSzWuahRhRqcQRjqSSBlJh5am1XcXVx80yhCdAlYWJ+kcUzanXR KtXfToUiFJaUccwCaQpfX4fxkIop05M6KmQh21Vb42qEaNCarrZ64SE8+UM3YWDl09IK z8JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=GAuWp/DkdVv3E3A/8FZqaevux05YEge0AJBGHxWR6ik=; b=sYqPospO3to7zMl8WXoVxBCqZDuhmFeyOh9TApDu7AVM4eZV5EhzrIYQk9fOvbL+CA 4PcLQ6PY0CrznNFp97C8shdceY/t73GboD7yttoECNDK/436j114Pt2FR8Xo0Ovdp57d c6s2Std5oyAVkEIJqUsipf3HD964VaAjGx4tjosMk3R05lepTzkG3TCA+mnJJ/LYbX1v 6ZB0B12MuwC6NCxD22/mU6R+ywqq60OXxbBo80VtIUfBMCTQ2ybCAyZO8ON04hz4V2Lp 8YVkaw7n9OoBNUw75S9Qiyt5YnnAhmXdIx7lH90fifQu9wMfJ8WUtYcAutSsvwItQglS D/Vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p203si4031193oic.214.2020.04.03.10.00.23; Fri, 03 Apr 2020 10:00:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728121AbgDCRAV convert rfc822-to-8bit (ORCPT + 99 others); Fri, 3 Apr 2020 13:00:21 -0400 Received: from coyote.holtmann.net ([212.227.132.17]:33617 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728126AbgDCRAV (ORCPT ); Fri, 3 Apr 2020 13:00:21 -0400 Received: from marcel-macbook.fritz.box (p4FEFC5A7.dip0.t-ipconnect.de [79.239.197.167]) by mail.holtmann.org (Postfix) with ESMTPSA id 309AACED02; Fri, 3 Apr 2020 19:09:53 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: [PATCH 1/2] Bluetooth: Add support for reading security information From: Marcel Holtmann In-Reply-To: Date: Fri, 3 Apr 2020 19:00:18 +0200 Cc: BlueZ Content-Transfer-Encoding: 8BIT Message-Id: <1D4E9B3D-5BB6-4153-9982-B16E5E588C06@holtmann.org> References: <20200402132956.642267-1-marcel@holtmann.org> To: Alain Michaud X-Mailer: Apple Mail (2.3608.80.23.2.2) Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Alain, >> To allow userspace to make correcty security policy decision, the kernel >> needs to export a few details of the supported security features and >> encryption key size information. This command exports this information >> and also allows future extensions if needed. >> >> Signed-off-by: Marcel Holtmann >> --- >> include/net/bluetooth/mgmt.h | 7 +++++ >> net/bluetooth/mgmt.c | 53 ++++++++++++++++++++++++++++++++++++ >> 2 files changed, 60 insertions(+) >> >> diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h >> index f41cd87550dc..65dd6fd1fff3 100644 >> --- a/include/net/bluetooth/mgmt.h >> +++ b/include/net/bluetooth/mgmt.h >> @@ -674,6 +674,13 @@ struct mgmt_cp_set_blocked_keys { >> >> #define MGMT_OP_SET_WIDEBAND_SPEECH 0x0047 >> >> +#define MGMT_OP_READ_SECURITY_INFO 0x0048 >> +#define MGMT_READ_SECURITY_INFO_SIZE 0 >> +struct mgmt_rp_read_security_info { >> + __le16 sec_len; >> + __u8 sec[0]; >> +} __packed; >> + >> #define MGMT_EV_CMD_COMPLETE 0x0001 >> struct mgmt_ev_cmd_complete { >> __le16 opcode; >> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c >> index 6552003a170e..7b9eac339c87 100644 >> --- a/net/bluetooth/mgmt.c >> +++ b/net/bluetooth/mgmt.c >> @@ -108,6 +108,7 @@ static const u16 mgmt_commands[] = { >> MGMT_OP_SET_APPEARANCE, >> MGMT_OP_SET_BLOCKED_KEYS, >> MGMT_OP_SET_WIDEBAND_SPEECH, >> + MGMT_OP_READ_SECURITY_INFO, >> }; >> >> static const u16 mgmt_events[] = { >> @@ -155,6 +156,7 @@ static const u16 mgmt_untrusted_commands[] = { >> MGMT_OP_READ_CONFIG_INFO, >> MGMT_OP_READ_EXT_INDEX_LIST, >> MGMT_OP_READ_EXT_INFO, >> + MGMT_OP_READ_SECURITY_INFO, >> }; >> >> static const u16 mgmt_untrusted_events[] = { >> @@ -3659,6 +3661,55 @@ static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, >> return err; >> } >> >> +static int read_security_info(struct sock *sk, struct hci_dev *hdev, >> + void *data, u16 data_len) >> +{ >> + char buf[16]; >> + struct mgmt_rp_read_security_info *rp = (void *)buf; >> + u16 sec_len = 0; >> + u8 flags = 0; >> + >> + bt_dev_dbg(hdev, "sock %p", sk); >> + >> + memset(&buf, 0, sizeof(buf)); >> + >> + hci_dev_lock(hdev); >> + >> + /* When the Read Simple Pairing Options command is supported, then >> + * the remote public key validation is supported. >> + */ >> + if (hdev->commands[41] & 0x08) >> + flags |= 0x01; /* Remote public key validation (BR/EDR) */ >> + >> + flags |= 0x02; /* Remote public key validation (LE) */ >> + >> + /* When the Read Encryption Key Size command is supported, then the >> + * encryption key size is enforced. >> + */ >> + if (hdev->commands[20] & 0x10) >> + flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ >> + >> + flags |= 0x08; /* Encryption key size enforcement (LE) */ >> + >> + sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1); >> + >> + /* When the Read Simple Pairing Options command is supported, then >> + * also max encryption key size information is provided. >> + */ >> + if (hdev->commands[41] & 0x08) >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x02, >> + hdev->max_enc_key_size); >> + >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE); >> + >> + rp->sec_len = cpu_to_le16(sec_len); >> + >> + hci_dev_unlock(hdev); >> + >> + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0, >> + rp, sizeof(*rp) + sec_len); >> +} >> + >> static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, >> u16 opcode, struct sk_buff *skb) >> { >> @@ -7099,6 +7150,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = { >> { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, >> HCI_MGMT_VAR_LEN }, >> { set_wideband_speech, MGMT_SETTING_SIZE }, >> + { read_security_info, MGMT_READ_SECURITY_INFO_SIZE, >> + HCI_MGMT_UNTRUSTED }, >> }; >> >> void mgmt_index_added(struct hci_dev *hdev) >> -- >> 2.25.1 >> > LGTM. Can I treat these as Reviewed-by: Alain Michaud ? Regards Marcel