kernel/net/bluetooth/smp.c, branch linux-4.1.yHosts the 0x221E linux distro kernel.https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-4.1.y2018-05-23T01:33:57ZBluetooth: Fix missing encryption refresh on Security Request2018-05-23T01:33:57ZSzymon Jancszymon.janc@codecoup.pl2018-02-26T14:41:53Zurn:sha1:8bc122ad650908e59dc83613c726b4dc542091bf
[ Upstream commit 64e759f58f128730b97a3c3a26d283c075ad7c86 ]
If Security Request is received on connection that is already encrypted
with sufficient security master should perform encryption key refresh
procedure instead of just ignoring Slave Security Request
(Core Spec 5.0 Vol 3 Part H 2.4.6).
> ACL Data RX: Handle 3585 flags 0x02 dlen 6
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
Handle: 3585
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
Long term key: 44264272a5c426a9e868f034cf0e69f3
> HCI Event: Command Status (0x0f) plen 4
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Key Refresh Complete (0x30) plen 3
Status: Success (0x00)
Handle: 3585
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Bluetooth: use constant time memory comparison for secret values2017-09-01T18:24:28ZJason A. DonenfeldJason@zx2c4.com2017-06-10T02:59:11Zurn:sha1:8f23f2d527ccd491cca2bfb9a6d0c183d1da12d1
[ Upstream commit 329d82309824ff1082dc4a91a5bbed8c3bec1580 ]
This file is filled with complex cryptography. Thus, the comparisons of
MACs and secret keys and curve points and so forth should not add timing
attacks, which could either result in a direct forgery, or, given the
complexity, some other type of attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Bluetooth: Delay check for conn->smp in smp_conn_security()2015-10-22T21:43:18ZJohan Hedbergjohan.hedberg@intel.com2015-09-04T09:22:46Zurn:sha1:25cbde3442a1fd07fc233bd881ded2f5bc8f4e26
commit d8949aad3eab5d396f4fefcd581773bf07b9a79e upstream.
There are several actions that smp_conn_security() might make that do
not require a valid SMP context (conn->smp pointer). One of these
actions is to encrypt the link with an existing LTK. If the SMP
context wasn't initialized properly we should still allow the
independent actions to be done, i.e. the check for the context should
only be done at the last possible moment.
Reported-by: Chuck Ebbert <cebbert.lkml@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bluetooth: Fix NULL pointer dereference in smp_conn_security2015-08-17T03:52:11ZJohan Hedbergjohan.hedberg@intel.com2015-07-20T17:31:25Zurn:sha1:4e200fcacc37eebe93acfc3d751b6b7b79bf85a1
commit 25ba265390c09b0a2b2f3fd9ba82e37248b7a371 upstream.
The l2cap_conn->smp pointer may be NULL for various valid reasons where SMP has
failed to initialize properly. One such scenario is when crypto support is
missing, another when the adapter has been powered on through a legacy method.
The smp_conn_security() function should have the appropriate check for this
situation to avoid NULL pointer dereferences.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bluetooth: Export SMP selftest result in debugfs2015-04-02T05:47:40ZMarcel Holtmannmarcel@holtmann.org2015-04-01T19:52:13Zurn:sha1:64dd374eac154f747623b256c59ecaf5affba724
When SMP selftest is enabled, then besides printing the result into the
kernel message buffer, also create a debugfs file that allows retrieving
the same information.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Refactor L2CAP variables into l2cap_ctrl2015-03-30T21:20:53ZJohan Hedbergjohan.hedberg@intel.com2015-03-30T20:21:01Zurn:sha1:a4368ff3ed3b57e4b5e36d83b75604f68bbcdaad
We're getting very close to the maximum possible size of bt_skb_cb. To
prepare to shrink the struct with the help of a union this patch moves
all L2CAP related variables into the l2cap_ctrl struct. To later add
other 'ctrl' structs the L2CAP one is renamed simple 'l2cap' instead
of 'control'.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Bluetooth: Fix potential NULL dereference in SMP channel setup2015-03-18T06:30:03ZMarcel Holtmannmarcel@holtmann.org2015-03-17T18:38:24Zurn:sha1:63511f6d5ba0c20850448991be297751ddb6798c
When the allocation of the L2CAP channel for the BR/EDR security manager
fails, then the smp variable might be NULL. In that case do not try to
free the non-existing crypto contexts
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Add workaround for broken OS X legacy SMP pairing2015-03-17T17:58:24ZJohan Hedbergjohan.hedberg@intel.com2015-03-15T17:34:04Zurn:sha1:19c5ce9c5ff80a26cba3afb3684d56539444ee40
OS X version 10.10.2 (and possibly older versions) doesn't support LE
Secure Connections but incorrectly copies all authentication request
bits from a Security Request to its Pairing Request. The result is that
an SC capable initiator (such as BlueZ) will think OS X intends to do SC
when in fact it's incapable of it:
< ACL Data TX: Handle 3585 flags 0x00 dlen 6
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
Max encryption key size: 16
Initiator key distribution: EncKey (0x01)
Responder key distribution: EncKey IdKey Sign (0x07)
< ACL Data TX: Handle 3585 flags 0x00 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
Max encryption key size: 16
Initiator key distribution: EncKey (0x01)
Responder key distribution: EncKey Sign (0x05)
The pairing eventually fails when we get an unexpected Pairing Confirm
PDU instead of a Public Key PDU:
> ACL Data RX: Handle 3585 flags 0x02 dlen 21
SMP: Pairing Confirm (0x03) len 16
Confim value: bcc3bed31b8f313a78ec3cce32685faf
It is only at this point that we can speculate that the remote doesn't
really support SC. This patch creates a workaround for the just-works
model, however the MITM case is unsolvable because the OS X user has
already been requested to enter a PIN which we're now expected to
randomly generate and show the user (i.e. a chicken-and-egg problem).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Bluetooth: Rename smp->local_rr into smp->local_rand2015-03-16T19:36:23ZMarcel Holtmannmarcel@holtmann.org2015-03-16T19:34:57Zurn:sha1:fb334fee60ebd1aea23cc5daf3abac10139c9a24
The variable for the out-of-band random number was badly named and
with that confusing. Just rename it to local_rand so it is clear
what value it represents.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Add extra SMP_DBG statement for remote OOB data2015-03-16T19:36:21ZMarcel Holtmannmarcel@holtmann.org2015-03-16T19:34:56Zurn:sha1:bc07cd696e1863d082fdc8650351b288bd41629b
Just for pure debugging purposes print the remote out-of-band data
that has been received and is going to be used.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>