Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2150083pxb; Sat, 27 Feb 2021 12:18:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJxWNYyYpB05ETxmyxeES2BNtH29puKi0fyx7J4vJYjXS0Fj2/Rdhi24JV8DQ62N47nJjiT4 X-Received: by 2002:a17:907:7683:: with SMTP id jv3mr8980328ejc.450.1614457129643; Sat, 27 Feb 2021 12:18:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614457129; cv=none; d=google.com; s=arc-20160816; b=CYwDxdz6TpeZoj09csVKo082YcMdHJfeStiO5z7KB3SZqSK3n75qFPO5Pvq41OEc4a UONzI/5ywAMKJRzSCkxriBb44Q5DYdyrBykZE8VspHeBKTSPAf22WBf5kuaqOrj5BbHI upU/5l8Z72ZnW26kFiMVyTXmwA4gR1MqKLJrVxbWCrXJ7+pokNqQZnh4c6ZYQvewu04k fTdefCuZ8S2nDL0yLzBxQJwjYcWBGsktXMD782OO+nFGwk+Sp/h4z39lywlTtcV/A3UO /BVhQQu+qN5nuI1W81EHJAnf2me+C6lkUrE9paHZqsxEP3y1AYHv3/eKqlz/cMODr+4A U7sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=7O2jmLcYJh2vqHgX13hbrqIsBH8ssYUT39sD9B+ZLig=; b=avNKFtvu7aH2/YWnMxSiTll3bjQfO5La5+cSa0iqFEFySsSy09b/wn7dPU+UDoqIed j+HJ6sA7i4pJ+eZRKc26MF5H5mHM8sHHqnMbyZZ2tT+RQf/J+qWcHZxLCGzYtOBvoexe QEAjhg3zbIVsdQsvFhabOLVWZUln2+LSQroInn4AlKy9e5V2FAaU+HssEh3x4V5zNueP Ct6314/q4uoeiE51JfW/z84vWU732Xmq30zOy1FF6xafiJKY45RxCqUDlY9mBjhi9KBb PKFy07rv2sQDCq/ouF0x0foCqcz0+6VBsWDgLHAhiIMvP9w9Sl+K8vly/BCbC7XerWhD Us+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i2si8439282eje.75.2021.02.27.12.18.04; Sat, 27 Feb 2021 12:18:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230008AbhB0UPr convert rfc822-to-8bit (ORCPT + 99 others); Sat, 27 Feb 2021 15:15:47 -0500 Received: from coyote.holtmann.net ([212.227.132.17]:33171 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230095AbhB0UPm (ORCPT ); Sat, 27 Feb 2021 15:15:42 -0500 Received: from marcel-macbook.holtmann.net (p4ff9fb90.dip0.t-ipconnect.de [79.249.251.144]) by mail.holtmann.org (Postfix) with ESMTPSA id BA302CED0A; Sat, 27 Feb 2021 21:22:30 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: [PATCH] Bluetooth: Fix for L2CAP/LE/CFC/BV-15-C From: Marcel Holtmann In-Reply-To: Date: Sat, 27 Feb 2021 21:14:57 +0100 Cc: Magdalena Kasenberg , Bluetooth Kernel Mailing List , Szymon Janc Content-Transfer-Encoding: 8BIT Message-Id: References: <20210222103021.20923-1-magdalena.kasenberg@codecoup.pl> <124AEB1E-158A-4CFB-BD5D-2DCA4C86ECD2@holtmann.org> To: Luiz Augusto von Dentz X-Mailer: Apple Mail (2.3654.60.0.2.21) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Luiz, >>> This is required for the qualification test L2CAP/LE/CFC/BV-15-C >>> >>> Implementation does not allow to set different key size for SMP and >>> L2CAP, which is needed for a current specification of the test. This fix >>> workarounds it with the debugfs variable le_l2cap_min_key_size. >>> >>> Logs from the test when the IUT uses a min and max l2cap encryption key size 16. >>> $ echo 16 > /sys/kernel/debug/bluetooth/hci0/le_l2cap_min_key_size >>> The lower tester uses a key size 7. >>> >>>> ACL Data RX: Handle 99 flags 0x02 dlen 11 #34 [hci0] 25.007392 >>> SMP: Pairing Request (0x01) len 6 >>> IO capability: DisplayYesNo (0x01) >>> OOB data: Authentication data not present (0x00) >>> Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09) >>> Max encryption key size: 7 >>> Initiator key distribution: (0x00) >>> Responder key distribution: (0x00) >>> < ACL Data TX: Handle 99 flags 0x00 dlen 11 #35 [hci0] 25.007591 >>> SMP: Pairing Response (0x02) len 6 >>> IO capability: KeyboardDisplay (0x04) >>> OOB data: Authentication data not present (0x00) >>> Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09) >>> Max encryption key size: 16 >>> Initiator key distribution: (0x00) >>> Responder key distribution: (0x00) >>> @ MGMT Event: New Long Term Key (0x000a) plen 37 {0x0001} [hci0] 28.788872 >>> Store hint: Yes (0x01) >>> LE Address: C0:DE:C0:FF:FF:01 (OUI C0-DE-C0) >>> Key type: Unauthenticated key from P-256 (0x02) >>> Master: 0x00 >>> Encryption size: 7 >>> Diversifier: 0000 >>> Randomizer: 0000000000000000 >>> Key: 529e11e8c7b9f5000000000000000000 >>> >>> >>> >>> After pairing with key size 7, L2CAP connection is requested which >>> requires key size 16. >>> >>>> ACL Data RX: Handle 99 flags 0x02 dlen 18 #56 [hci0] 34.998084 >>> LE L2CAP: LE Connection Request (0x14) ident 3 len 10 >>> PSM: 244 (0x00f4) >>> Source CID: 64 >>> MTU: 256 >>> MPS: 284 >>> Credits: 1 >>> < ACL Data TX: Handle 99 flags 0x00 dlen 18 #57 [hci0] 34.998325 >>> LE L2CAP: LE Connection Response (0x15) ident 3 len 10 >>> Destination CID: 0 >>> MTU: 0 >>> MPS: 0 >>> Credits: 0 >>> Result: Connection refused - insufficient encryption key size (0x0007) >>> >>> Signed-off-by: Magdalena Kasenberg >>> Reviewed-by: Szymon Janc >>> Cc: Szymon Janc >>> --- >>> include/net/bluetooth/hci_core.h | 1 + >>> net/bluetooth/hci_core.c | 1 + >>> net/bluetooth/hci_debugfs.c | 30 ++++++++++++++++++++++++++++++ >>> net/bluetooth/l2cap_core.c | 25 +++++++++++++++++++++++++ >>> 4 files changed, 57 insertions(+) >>> >>> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h >>> index ebdd4afe30d2..0bf0543efec5 100644 >>> --- a/include/net/bluetooth/hci_core.h >>> +++ b/include/net/bluetooth/hci_core.h >>> @@ -379,6 +379,7 @@ struct hci_dev { >>> __u16 auth_payload_timeout; >>> __u8 min_enc_key_size; >>> __u8 max_enc_key_size; >>> + __u8 le_l2cap_min_key_size; >>> __u8 pairing_opts; >>> __u8 ssp_debug_mode; >>> __u8 hw_error_code; >>> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c >>> index b0d9c36acc03..9ef4b39b380c 100644 >>> --- a/net/bluetooth/hci_core.c >>> +++ b/net/bluetooth/hci_core.c >>> @@ -3788,6 +3788,7 @@ struct hci_dev *hci_alloc_dev(void) >>> hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE; >>> hdev->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; >>> hdev->min_enc_key_size = HCI_MIN_ENC_KEY_SIZE; >>> + hdev->le_l2cap_min_key_size = HCI_MIN_ENC_KEY_SIZE; >> >> so I am not a fan of doing this with another variable and managing through debugfs. Can we pass the qualification test case by using BT_SECURITY_FIPS (which will enforce 128-bit key size)? > > I guess that will depend if PTS supports MITM which afaik it is > required with BT_SECURITY_FIPS, from the logs it looks like it doesn't > support it so we end up with an unauthenticated key so the error would > probably be different. we should give this a try .. > >> If not then we might want to add a socket option to set min/max encryption key size requirement on a per socket basis. > > Yep, it seems to be a common trend to have such tests on upper layers > (ATT/GATT also have such encryption key size), even though it is more > of a GAP test and perhaps could have been done at SMP level. .. however maybe we just deprecate BT_SECURITY or migrate it into something that allows specifying the details of a security level with extra parameters. I made the BT_SECURITY implementation in the kernel extendable. So we could also just add extra possible settings. Regards Marcel