diff mbox series

bluetooth/smp: Fix for GAP/SEC/SEM/BI-10-C

Message ID 20200513081853.362-1-lukasz.rymanowski@codecoup.pl (mailing list archive)
State Accepted
Delegated to: Marcel Holtmann
Headers show
Series bluetooth/smp: Fix for GAP/SEC/SEM/BI-10-C | expand

Commit Message

Łukasz Rymanowski May 13, 2020, 8:18 a.m. UTC
Security Mode 1 level 4, force us to use have key size 16 octects long.
This patch adds check for that.

This is required for the qualification test GAP/SEC/SEM/BI-10-C

Logs from test when ATT is configured with sec level BT_SECURITY_FIPS

< ACL Data TX: Handle 3585 flags 0x00 dlen 11                                                                       #28 [hci0] 3.785965
      SMP: Pairing Request (0x01) len 6
        IO capability: DisplayYesNo (0x01)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
        Max encryption key size: 16
        Initiator key distribution: EncKey Sign (0x05)
        Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11                                                                       #35 [hci0] 3.883020
      SMP: Pairing Response (0x02) len 6
        IO capability: DisplayYesNo (0x01)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
        Max encryption key size: 7
        Initiator key distribution: EncKey Sign (0x05)
        Responder key distribution: EncKey IdKey Sign (0x07)
< ACL Data TX: Handle 3585 flags 0x00 dlen 6                                                                        #36 [hci0] 3.883136
      SMP: Pairing Failed (0x05) len 1
        Reason: Encryption key size (0x06)

Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>
---
 net/bluetooth/smp.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Marcel Holtmann May 18, 2020, 7:59 a.m. UTC | #1
Hi Lukasz,

> Security Mode 1 level 4, force us to use have key size 16 octects long.
> This patch adds check for that.
> 
> This is required for the qualification test GAP/SEC/SEM/BI-10-C
> 
> Logs from test when ATT is configured with sec level BT_SECURITY_FIPS
> 
> < ACL Data TX: Handle 3585 flags 0x00 dlen 11                                                                       #28 [hci0] 3.785965
>      SMP: Pairing Request (0x01) len 6
>        IO capability: DisplayYesNo (0x01)
>        OOB data: Authentication data not present (0x00)
>        Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
>        Max encryption key size: 16
>        Initiator key distribution: EncKey Sign (0x05)
>        Responder key distribution: EncKey IdKey Sign (0x07)
>> ACL Data RX: Handle 3585 flags 0x02 dlen 11                                                                       #35 [hci0] 3.883020
>      SMP: Pairing Response (0x02) len 6
>        IO capability: DisplayYesNo (0x01)
>        OOB data: Authentication data not present (0x00)
>        Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
>        Max encryption key size: 7
>        Initiator key distribution: EncKey Sign (0x05)
>        Responder key distribution: EncKey IdKey Sign (0x07)
> < ACL Data TX: Handle 3585 flags 0x00 dlen 6                                                                        #36 [hci0] 3.883136
>      SMP: Pairing Failed (0x05) len 1
>        Reason: Encryption key size (0x06)
> 
> Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>
> ---
> net/bluetooth/smp.c | 4 ++++
> 1 file changed, 4 insertions(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel
diff mbox series

Patch

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 5510017cf9ff..b9f5f74cd4a7 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -730,6 +730,10 @@  static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
 	struct hci_dev *hdev = conn->hcon->hdev;
 	struct smp_chan *smp = chan->data;
 
+	if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS &&
+	    max_key_size != SMP_MAX_ENC_KEY_SIZE)
+		return SMP_ENC_KEY_SIZE;
+
 	if (max_key_size > hdev->le_max_key_size ||
 	    max_key_size < SMP_MIN_ENC_KEY_SIZE)
 		return SMP_ENC_KEY_SIZE;