| Message ID | 20200513081853.362-1-lukasz.rymanowski@codecoup.pl (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Marcel Holtmann |
| Headers | show |
| Series | bluetooth/smp: Fix for GAP/SEC/SEM/BI-10-C | expand |
Hi Lukasz, > Security Mode 1 level 4, force us to use have key size 16 octects long. > This patch adds check for that. > > This is required for the qualification test GAP/SEC/SEM/BI-10-C > > Logs from test when ATT is configured with sec level BT_SECURITY_FIPS > > < ACL Data TX: Handle 3585 flags 0x00 dlen 11 #28 [hci0] 3.785965 > SMP: Pairing Request (0x01) len 6 > IO capability: DisplayYesNo (0x01) > OOB data: Authentication data not present (0x00) > Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d) > Max encryption key size: 16 > Initiator key distribution: EncKey Sign (0x05) > Responder key distribution: EncKey IdKey Sign (0x07) >> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #35 [hci0] 3.883020 > SMP: Pairing Response (0x02) len 6 > IO capability: DisplayYesNo (0x01) > OOB data: Authentication data not present (0x00) > Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d) > Max encryption key size: 7 > Initiator key distribution: EncKey Sign (0x05) > Responder key distribution: EncKey IdKey Sign (0x07) > < ACL Data TX: Handle 3585 flags 0x00 dlen 6 #36 [hci0] 3.883136 > SMP: Pairing Failed (0x05) len 1 > Reason: Encryption key size (0x06) > > Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl> > --- > net/bluetooth/smp.c | 4 ++++ > 1 file changed, 4 insertions(+) patch has been applied to bluetooth-next tree. Regards Marcel
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 5510017cf9ff..b9f5f74cd4a7 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -730,6 +730,10 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) struct hci_dev *hdev = conn->hcon->hdev; struct smp_chan *smp = chan->data; + if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS && + max_key_size != SMP_MAX_ENC_KEY_SIZE) + return SMP_ENC_KEY_SIZE; + if (max_key_size > hdev->le_max_key_size || max_key_size < SMP_MIN_ENC_KEY_SIZE) return SMP_ENC_KEY_SIZE;
Security Mode 1 level 4, force us to use have key size 16 octects long. This patch adds check for that. This is required for the qualification test GAP/SEC/SEM/BI-10-C Logs from test when ATT is configured with sec level BT_SECURITY_FIPS < ACL Data TX: Handle 3585 flags 0x00 dlen 11 #28 [hci0] 3.785965 SMP: Pairing Request (0x01) len 6 IO capability: DisplayYesNo (0x01) OOB data: Authentication data not present (0x00) Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d) Max encryption key size: 16 Initiator key distribution: EncKey Sign (0x05) Responder key distribution: EncKey IdKey Sign (0x07) > ACL Data RX: Handle 3585 flags 0x02 dlen 11 #35 [hci0] 3.883020 SMP: Pairing Response (0x02) len 6 IO capability: DisplayYesNo (0x01) OOB data: Authentication data not present (0x00) Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d) Max encryption key size: 7 Initiator key distribution: EncKey Sign (0x05) Responder key distribution: EncKey IdKey Sign (0x07) < ACL Data TX: Handle 3585 flags 0x00 dlen 6 #36 [hci0] 3.883136 SMP: Pairing Failed (0x05) len 1 Reason: Encryption key size (0x06) Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl> --- net/bluetooth/smp.c | 4 ++++ 1 file changed, 4 insertions(+)