Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1ad9bb3 authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz Committed by Greg Kroah-Hartman
Browse files

Bluetooth: Disconnect if E0 is used for Level 4 



commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5 upstream.

E0 is not allowed with Level 4:

BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319:

  '128-bit equivalent strength for link and encryption keys
   required using FIPS approved algorithms (E0 not allowed,
   SAFER+ not allowed, and P-192 not allowed; encryption key
   not shortened'

SC enabled:

> HCI Event: Read Remote Extended Features (0x23) plen 13
        Status: Success (0x00)
        Handle: 256
        Page: 1/2
        Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          Secure Simple Pairing (Host Support)
          LE Supported (Host)
          Secure Connections (Host Support)
> HCI Event: Encryption Change (0x08) plen 4
        Status: Success (0x00)
        Handle: 256
        Encryption: Enabled with AES-CCM (0x02)

SC disabled:

> HCI Event: Read Remote Extended Features (0x23) plen 13
        Status: Success (0x00)
        Handle: 256
        Page: 1/2
        Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          Secure Simple Pairing (Host Support)
          LE Supported (Host)
> HCI Event: Encryption Change (0x08) plen 4
        Status: Success (0x00)
        Handle: 256
        Encryption: Enabled with E0 (0x01)
[May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used
< HCI Command: Disconnect (0x01|0x0006) plen 3
        Handle: 256
        Reason: Authentication Failure (0x05)

Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Cc: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3882085f

include/net/bluetooth/hci_core.h

+6 −4
Original line number Diff line number Diff line
@@ -1308,11 +1308,13 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status) 
	else

		encrypt = 0x01;



	if (!status) {

		if (conn->sec_level == BT_SECURITY_SDP)

			conn->sec_level = BT_SECURITY_LOW;



		if (conn->pending_sec_level > conn->sec_level)

			conn->sec_level = conn->pending_sec_level;

	}



	mutex_lock(&hci_cb_list_lock);

	list_for_each_entry(cb, &hci_cb_list, list) {

net/bluetooth/hci_conn.c

+17 −0
Original line number Diff line number Diff line
@@ -1282,6 +1282,23 @@ int hci_conn_check_link_mode(struct hci_conn *conn) 
			return 0;

	}



	 /* AES encryption is required for Level 4:

	  *

	  * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C

	  * page 1319:

	  *

	  * 128-bit equivalent strength for link and encryption keys

	  * required using FIPS approved algorithms (E0 not allowed,

	  * SAFER+ not allowed, and P-192 not allowed; encryption key

	  * not shortened)

	  */

	if (conn->sec_level == BT_SECURITY_FIPS &&

	    !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {

		bt_dev_err(conn->hdev,

			   "Invalid security: Missing AES-CCM usage");

		return 0;

	}



	if (hci_conn_ssp_enabled(conn) &&

	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))

		return 0;

net/bluetooth/hci_event.c

+8 −12
Original line number Diff line number Diff line
@@ -2890,23 +2890,19 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 


	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);



	/* Check link security requirements are met */

	if (!hci_conn_check_link_mode(conn))

		ev->status = HCI_ERROR_AUTH_FAILURE;



	if (ev->status && conn->state == BT_CONNECTED) {

		if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)

			set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);



		hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);

		hci_conn_drop(conn);

		goto unlock;

	}



	/* In Secure Connections Only mode, do not allow any connections

	 * that are not encrypted with AES-CCM using a P-256 authenticated

	 * combination key.

		/* Notify upper layers so they can cleanup before

		 * disconnecting.

		 */

	if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&

	    (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||

	     conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {

		hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);

		hci_encrypt_cfm(conn, ev->status);

		hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);

		hci_conn_drop(conn);

		goto unlock;

	}