| Message ID | 20200402132956.642267-1-marcel@holtmann.org (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Johan Hedberg |
| Headers | show |
| Series | [1/2] Bluetooth: Add support for reading security information | expand |
HI Marcel, On Thu, Apr 2, 2020 at 9:30 AM Marcel Holtmann <marcel@holtmann.org> wrote: > > To allow userspace to make correcty security policy decision, the kernel > needs to export a few details of the supported security features and > encryption key size information. This command exports this information > and also allows future extensions if needed. > > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > --- > include/net/bluetooth/mgmt.h | 7 +++++ > net/bluetooth/mgmt.c | 53 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 60 insertions(+) > > diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h > index f41cd87550dc..65dd6fd1fff3 100644 > --- a/include/net/bluetooth/mgmt.h > +++ b/include/net/bluetooth/mgmt.h > @@ -674,6 +674,13 @@ struct mgmt_cp_set_blocked_keys { > > #define MGMT_OP_SET_WIDEBAND_SPEECH 0x0047 > > +#define MGMT_OP_READ_SECURITY_INFO 0x0048 > +#define MGMT_READ_SECURITY_INFO_SIZE 0 > +struct mgmt_rp_read_security_info { > + __le16 sec_len; > + __u8 sec[0]; > +} __packed; > + > #define MGMT_EV_CMD_COMPLETE 0x0001 > struct mgmt_ev_cmd_complete { > __le16 opcode; > diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c > index 6552003a170e..7b9eac339c87 100644 > --- a/net/bluetooth/mgmt.c > +++ b/net/bluetooth/mgmt.c > @@ -108,6 +108,7 @@ static const u16 mgmt_commands[] = { > MGMT_OP_SET_APPEARANCE, > MGMT_OP_SET_BLOCKED_KEYS, > MGMT_OP_SET_WIDEBAND_SPEECH, > + MGMT_OP_READ_SECURITY_INFO, > }; > > static const u16 mgmt_events[] = { > @@ -155,6 +156,7 @@ static const u16 mgmt_untrusted_commands[] = { > MGMT_OP_READ_CONFIG_INFO, > MGMT_OP_READ_EXT_INDEX_LIST, > MGMT_OP_READ_EXT_INFO, > + MGMT_OP_READ_SECURITY_INFO, > }; > > static const u16 mgmt_untrusted_events[] = { > @@ -3659,6 +3661,55 @@ static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, > return err; > } > > +static int read_security_info(struct sock *sk, struct hci_dev *hdev, > + void *data, u16 data_len) > +{ > + char buf[16]; > + struct mgmt_rp_read_security_info *rp = (void *)buf; > + u16 sec_len = 0; > + u8 flags = 0; > + > + bt_dev_dbg(hdev, "sock %p", sk); > + > + memset(&buf, 0, sizeof(buf)); > + > + hci_dev_lock(hdev); > + > + /* When the Read Simple Pairing Options command is supported, then > + * the remote public key validation is supported. > + */ > + if (hdev->commands[41] & 0x08) > + flags |= 0x01; /* Remote public key validation (BR/EDR) */ > + > + flags |= 0x02; /* Remote public key validation (LE) */ > + > + /* When the Read Encryption Key Size command is supported, then the > + * encryption key size is enforced. > + */ > + if (hdev->commands[20] & 0x10) > + flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ > + > + flags |= 0x08; /* Encryption key size enforcement (LE) */ > + > + sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1); > + > + /* When the Read Simple Pairing Options command is supported, then > + * also max encryption key size information is provided. > + */ > + if (hdev->commands[41] & 0x08) > + sec_len = eir_append_le16(rp->sec, sec_len, 0x02, > + hdev->max_enc_key_size); > + > + sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE); > + > + rp->sec_len = cpu_to_le16(sec_len); > + > + hci_dev_unlock(hdev); > + > + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0, > + rp, sizeof(*rp) + sec_len); > +} > + > static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, > u16 opcode, struct sk_buff *skb) > { > @@ -7099,6 +7150,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = { > { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, > HCI_MGMT_VAR_LEN }, > { set_wideband_speech, MGMT_SETTING_SIZE }, > + { read_security_info, MGMT_READ_SECURITY_INFO_SIZE, > + HCI_MGMT_UNTRUSTED }, > }; > > void mgmt_index_added(struct hci_dev *hdev) > -- > 2.25.1 > LGTM.
Hi Alain, >> To allow userspace to make correcty security policy decision, the kernel >> needs to export a few details of the supported security features and >> encryption key size information. This command exports this information >> and also allows future extensions if needed. >> >> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> >> --- >> include/net/bluetooth/mgmt.h | 7 +++++ >> net/bluetooth/mgmt.c | 53 ++++++++++++++++++++++++++++++++++++ >> 2 files changed, 60 insertions(+) >> >> diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h >> index f41cd87550dc..65dd6fd1fff3 100644 >> --- a/include/net/bluetooth/mgmt.h >> +++ b/include/net/bluetooth/mgmt.h >> @@ -674,6 +674,13 @@ struct mgmt_cp_set_blocked_keys { >> >> #define MGMT_OP_SET_WIDEBAND_SPEECH 0x0047 >> >> +#define MGMT_OP_READ_SECURITY_INFO 0x0048 >> +#define MGMT_READ_SECURITY_INFO_SIZE 0 >> +struct mgmt_rp_read_security_info { >> + __le16 sec_len; >> + __u8 sec[0]; >> +} __packed; >> + >> #define MGMT_EV_CMD_COMPLETE 0x0001 >> struct mgmt_ev_cmd_complete { >> __le16 opcode; >> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c >> index 6552003a170e..7b9eac339c87 100644 >> --- a/net/bluetooth/mgmt.c >> +++ b/net/bluetooth/mgmt.c >> @@ -108,6 +108,7 @@ static const u16 mgmt_commands[] = { >> MGMT_OP_SET_APPEARANCE, >> MGMT_OP_SET_BLOCKED_KEYS, >> MGMT_OP_SET_WIDEBAND_SPEECH, >> + MGMT_OP_READ_SECURITY_INFO, >> }; >> >> static const u16 mgmt_events[] = { >> @@ -155,6 +156,7 @@ static const u16 mgmt_untrusted_commands[] = { >> MGMT_OP_READ_CONFIG_INFO, >> MGMT_OP_READ_EXT_INDEX_LIST, >> MGMT_OP_READ_EXT_INFO, >> + MGMT_OP_READ_SECURITY_INFO, >> }; >> >> static const u16 mgmt_untrusted_events[] = { >> @@ -3659,6 +3661,55 @@ static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, >> return err; >> } >> >> +static int read_security_info(struct sock *sk, struct hci_dev *hdev, >> + void *data, u16 data_len) >> +{ >> + char buf[16]; >> + struct mgmt_rp_read_security_info *rp = (void *)buf; >> + u16 sec_len = 0; >> + u8 flags = 0; >> + >> + bt_dev_dbg(hdev, "sock %p", sk); >> + >> + memset(&buf, 0, sizeof(buf)); >> + >> + hci_dev_lock(hdev); >> + >> + /* When the Read Simple Pairing Options command is supported, then >> + * the remote public key validation is supported. >> + */ >> + if (hdev->commands[41] & 0x08) >> + flags |= 0x01; /* Remote public key validation (BR/EDR) */ >> + >> + flags |= 0x02; /* Remote public key validation (LE) */ >> + >> + /* When the Read Encryption Key Size command is supported, then the >> + * encryption key size is enforced. >> + */ >> + if (hdev->commands[20] & 0x10) >> + flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ >> + >> + flags |= 0x08; /* Encryption key size enforcement (LE) */ >> + >> + sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1); >> + >> + /* When the Read Simple Pairing Options command is supported, then >> + * also max encryption key size information is provided. >> + */ >> + if (hdev->commands[41] & 0x08) >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x02, >> + hdev->max_enc_key_size); >> + >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE); >> + >> + rp->sec_len = cpu_to_le16(sec_len); >> + >> + hci_dev_unlock(hdev); >> + >> + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0, >> + rp, sizeof(*rp) + sec_len); >> +} >> + >> static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, >> u16 opcode, struct sk_buff *skb) >> { >> @@ -7099,6 +7150,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = { >> { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, >> HCI_MGMT_VAR_LEN }, >> { set_wideband_speech, MGMT_SETTING_SIZE }, >> + { read_security_info, MGMT_READ_SECURITY_INFO_SIZE, >> + HCI_MGMT_UNTRUSTED }, >> }; >> >> void mgmt_index_added(struct hci_dev *hdev) >> -- >> 2.25.1 >> > LGTM. Can I treat these as Reviewed-by: Alain Michaud <alainmichaud@google.com> ? Regards Marcel
Reviewed-by: Alain Michaud <alainm@chromium.org> On Fri, Apr 3, 2020 at 1:00 PM Marcel Holtmann <marcel@holtmann.org> wrote: > > Hi Alain, > > >> To allow userspace to make correcty security policy decision, the kernel > >> needs to export a few details of the supported security features and > >> encryption key size information. This command exports this information > >> and also allows future extensions if needed. > >> > >> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > >> --- > >> include/net/bluetooth/mgmt.h | 7 +++++ > >> net/bluetooth/mgmt.c | 53 ++++++++++++++++++++++++++++++++++++ > >> 2 files changed, 60 insertions(+) > >> > >> diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h > >> index f41cd87550dc..65dd6fd1fff3 100644 > >> --- a/include/net/bluetooth/mgmt.h > >> +++ b/include/net/bluetooth/mgmt.h > >> @@ -674,6 +674,13 @@ struct mgmt_cp_set_blocked_keys { > >> > >> #define MGMT_OP_SET_WIDEBAND_SPEECH 0x0047 > >> > >> +#define MGMT_OP_READ_SECURITY_INFO 0x0048 > >> +#define MGMT_READ_SECURITY_INFO_SIZE 0 > >> +struct mgmt_rp_read_security_info { > >> + __le16 sec_len; > >> + __u8 sec[0]; > >> +} __packed; > >> + > >> #define MGMT_EV_CMD_COMPLETE 0x0001 > >> struct mgmt_ev_cmd_complete { > >> __le16 opcode; > >> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c > >> index 6552003a170e..7b9eac339c87 100644 > >> --- a/net/bluetooth/mgmt.c > >> +++ b/net/bluetooth/mgmt.c > >> @@ -108,6 +108,7 @@ static const u16 mgmt_commands[] = { > >> MGMT_OP_SET_APPEARANCE, > >> MGMT_OP_SET_BLOCKED_KEYS, > >> MGMT_OP_SET_WIDEBAND_SPEECH, > >> + MGMT_OP_READ_SECURITY_INFO, > >> }; > >> > >> static const u16 mgmt_events[] = { > >> @@ -155,6 +156,7 @@ static const u16 mgmt_untrusted_commands[] = { > >> MGMT_OP_READ_CONFIG_INFO, > >> MGMT_OP_READ_EXT_INDEX_LIST, > >> MGMT_OP_READ_EXT_INFO, > >> + MGMT_OP_READ_SECURITY_INFO, > >> }; > >> > >> static const u16 mgmt_untrusted_events[] = { > >> @@ -3659,6 +3661,55 @@ static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, > >> return err; > >> } > >> > >> +static int read_security_info(struct sock *sk, struct hci_dev *hdev, > >> + void *data, u16 data_len) > >> +{ > >> + char buf[16]; > >> + struct mgmt_rp_read_security_info *rp = (void *)buf; > >> + u16 sec_len = 0; > >> + u8 flags = 0; > >> + > >> + bt_dev_dbg(hdev, "sock %p", sk); > >> + > >> + memset(&buf, 0, sizeof(buf)); > >> + > >> + hci_dev_lock(hdev); > >> + > >> + /* When the Read Simple Pairing Options command is supported, then > >> + * the remote public key validation is supported. > >> + */ > >> + if (hdev->commands[41] & 0x08) > >> + flags |= 0x01; /* Remote public key validation (BR/EDR) */ > >> + > >> + flags |= 0x02; /* Remote public key validation (LE) */ > >> + > >> + /* When the Read Encryption Key Size command is supported, then the > >> + * encryption key size is enforced. > >> + */ > >> + if (hdev->commands[20] & 0x10) > >> + flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ > >> + > >> + flags |= 0x08; /* Encryption key size enforcement (LE) */ > >> + > >> + sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1); > >> + > >> + /* When the Read Simple Pairing Options command is supported, then > >> + * also max encryption key size information is provided. > >> + */ > >> + if (hdev->commands[41] & 0x08) > >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x02, > >> + hdev->max_enc_key_size); > >> + > >> + sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE); > >> + > >> + rp->sec_len = cpu_to_le16(sec_len); > >> + > >> + hci_dev_unlock(hdev); > >> + > >> + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0, > >> + rp, sizeof(*rp) + sec_len); > >> +} > >> + > >> static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, > >> u16 opcode, struct sk_buff *skb) > >> { > >> @@ -7099,6 +7150,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = { > >> { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, > >> HCI_MGMT_VAR_LEN }, > >> { set_wideband_speech, MGMT_SETTING_SIZE }, > >> + { read_security_info, MGMT_READ_SECURITY_INFO_SIZE, > >> + HCI_MGMT_UNTRUSTED }, > >> }; > >> > >> void mgmt_index_added(struct hci_dev *hdev) > >> -- > >> 2.25.1 > >> > > LGTM. > > Can I treat these as Reviewed-by: Alain Michaud <alainmichaud@google.com> ? > > Regards > > Marcel >
Hi Marcel,
I love your patch! Yet something to improve:
[auto build test ERROR on bluetooth-next/master]
[also build test ERROR on next-20200403]
[cannot apply to v5.6]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Marcel-Holtmann/Bluetooth-Add-support-for-reading-security-information/20200403-174552
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
config: arm-davinci_all_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (GCC) 9.3.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=9.3.0 make.cross ARCH=arm
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
net/bluetooth/mgmt.c: In function 'read_security_info':
>> net/bluetooth/mgmt.c:3701:14: error: 'struct hci_dev' has no member named 'max_enc_key_size'; did you mean 'min_enc_key_size'?
3701 | hdev->max_enc_key_size);
| ^~~~~~~~~~~~~~~~
| min_enc_key_size
vim +3701 net/bluetooth/mgmt.c
3663
3664 static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3665 void *data, u16 data_len)
3666 {
3667 char buf[16];
3668 struct mgmt_rp_read_security_info *rp = (void *)buf;
3669 u16 sec_len = 0;
3670 u8 flags = 0;
3671
3672 bt_dev_dbg(hdev, "sock %p", sk);
3673
3674 memset(&buf, 0, sizeof(buf));
3675
3676 hci_dev_lock(hdev);
3677
3678 /* When the Read Simple Pairing Options command is supported, then
3679 * the remote public key validation is supported.
3680 */
3681 if (hdev->commands[41] & 0x08)
3682 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3683
3684 flags |= 0x02; /* Remote public key validation (LE) */
3685
3686 /* When the Read Encryption Key Size command is supported, then the
3687 * encryption key size is enforced.
3688 */
3689 if (hdev->commands[20] & 0x10)
3690 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3691
3692 flags |= 0x08; /* Encryption key size enforcement (LE) */
3693
3694 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3695
3696 /* When the Read Simple Pairing Options command is supported, then
3697 * also max encryption key size information is provided.
3698 */
3699 if (hdev->commands[41] & 0x08)
3700 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
> 3701 hdev->max_enc_key_size);
3702
3703 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3704
3705 rp->sec_len = cpu_to_le16(sec_len);
3706
3707 hci_dev_unlock(hdev);
3708
3709 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3710 rp, sizeof(*rp) + sec_len);
3711 }
3712
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h index f41cd87550dc..65dd6fd1fff3 100644 --- a/include/net/bluetooth/mgmt.h +++ b/include/net/bluetooth/mgmt.h @@ -674,6 +674,13 @@ struct mgmt_cp_set_blocked_keys { #define MGMT_OP_SET_WIDEBAND_SPEECH 0x0047 +#define MGMT_OP_READ_SECURITY_INFO 0x0048 +#define MGMT_READ_SECURITY_INFO_SIZE 0 +struct mgmt_rp_read_security_info { + __le16 sec_len; + __u8 sec[0]; +} __packed; + #define MGMT_EV_CMD_COMPLETE 0x0001 struct mgmt_ev_cmd_complete { __le16 opcode; diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 6552003a170e..7b9eac339c87 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -108,6 +108,7 @@ static const u16 mgmt_commands[] = { MGMT_OP_SET_APPEARANCE, MGMT_OP_SET_BLOCKED_KEYS, MGMT_OP_SET_WIDEBAND_SPEECH, + MGMT_OP_READ_SECURITY_INFO, }; static const u16 mgmt_events[] = { @@ -155,6 +156,7 @@ static const u16 mgmt_untrusted_commands[] = { MGMT_OP_READ_CONFIG_INFO, MGMT_OP_READ_EXT_INDEX_LIST, MGMT_OP_READ_EXT_INFO, + MGMT_OP_READ_SECURITY_INFO, }; static const u16 mgmt_untrusted_events[] = { @@ -3659,6 +3661,55 @@ static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, return err; } +static int read_security_info(struct sock *sk, struct hci_dev *hdev, + void *data, u16 data_len) +{ + char buf[16]; + struct mgmt_rp_read_security_info *rp = (void *)buf; + u16 sec_len = 0; + u8 flags = 0; + + bt_dev_dbg(hdev, "sock %p", sk); + + memset(&buf, 0, sizeof(buf)); + + hci_dev_lock(hdev); + + /* When the Read Simple Pairing Options command is supported, then + * the remote public key validation is supported. + */ + if (hdev->commands[41] & 0x08) + flags |= 0x01; /* Remote public key validation (BR/EDR) */ + + flags |= 0x02; /* Remote public key validation (LE) */ + + /* When the Read Encryption Key Size command is supported, then the + * encryption key size is enforced. + */ + if (hdev->commands[20] & 0x10) + flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ + + flags |= 0x08; /* Encryption key size enforcement (LE) */ + + sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1); + + /* When the Read Simple Pairing Options command is supported, then + * also max encryption key size information is provided. + */ + if (hdev->commands[41] & 0x08) + sec_len = eir_append_le16(rp->sec, sec_len, 0x02, + hdev->max_enc_key_size); + + sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE); + + rp->sec_len = cpu_to_le16(sec_len); + + hci_dev_unlock(hdev); + + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0, + rp, sizeof(*rp) + sec_len); +} + static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, u16 opcode, struct sk_buff *skb) { @@ -7099,6 +7150,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = { { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, HCI_MGMT_VAR_LEN }, { set_wideband_speech, MGMT_SETTING_SIZE }, + { read_security_info, MGMT_READ_SECURITY_INFO_SIZE, + HCI_MGMT_UNTRUSTED }, }; void mgmt_index_added(struct hci_dev *hdev)
To allow userspace to make correcty security policy decision, the kernel needs to export a few details of the supported security features and encryption key size information. This command exports this information and also allows future extensions if needed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> --- include/net/bluetooth/mgmt.h | 7 +++++ net/bluetooth/mgmt.c | 53 ++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+)