From: Peter Hurley <peter@hurleysoftware.com>
To: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Cc: "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
Subject: Re: [PATCH v2 10/13] Bluetooth: Fix setting the connection sec_level when encryption fails
Date: Tue, 6 Sep 2011 15:39:18 -0400 [thread overview]
Message-ID: <1315337959.11425.23.camel@THOR> (raw)
In-Reply-To: <1314313359-12652-11-git-send-email-vcgomes@gmail.com>
Hi Vinicius,
On Thu, 2011-08-25 at 19:02 -0400, Vinicius Costa Gomes wrote:
> From: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
>
> If the encryption changed event indicates that happened an error we
> should not set the security level of the connection.
>
> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
> ---
> include/net/bluetooth/hci_core.h | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 7aa02e2..b6f1865 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -797,7 +797,7 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status,
> if (conn->sec_level == BT_SECURITY_SDP)
> conn->sec_level = BT_SECURITY_LOW;
>
> - if (conn->pending_sec_level > conn->sec_level)
> + if (!status && conn->pending_sec_level > conn->sec_level)
> conn->sec_level = conn->pending_sec_level;
I think this should be moved out of hci_encrypt_cfm and directly into
hci_encrypt_change_evt. Currently, the only place this assignment is
valid is on receipt of a successful Encryption Change Event (Although,
where is the Encryption Key Refresh Complete Event handling? Or does the
current SMP implementation not allow sec_level elevation?)
Also, I believe that this assignment should only occur on LE links
(which should be specifically tested for). For example, what if an ACL
link authenticates at BT_SECURITY_MEDIUM level successfully but then
later a specific service attempts to authenticates at BT_SECURITY_HIGH
level but fails. The pending_sec_level will still be set to
BT_SECURITY_HIGH so SET_CONN_ENCRYPT just needs to be resent and the ACL
link will be promoted to BT_SECURITY_HIGH.
Maybe instead of testing for an LE link, a new pend bit should be
introduced to indicate that this link is specifically expecting to set
the link sec_level as a result of sending the LE_START_ENCRYPTION cmd?
Regards,
Peter Hurley
next prev parent reply other threads:[~2011-09-06 19:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-25 23:02 [PATCH v2 00/13] Bluetooth: New mgmt messages for SMP Keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 01/13] Bluetooth: Fix sending wrong authentication requirements Vinicius Costa Gomes
2011-09-19 19:30 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 02/13] Bluetooth: Use the LTK after receiving a LE Security Request Vinicius Costa Gomes
2011-09-19 19:33 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 03/13] Revert "Bluetooth: Add support for communicating keys with userspace" Vinicius Costa Gomes
2011-09-19 19:35 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 04/13] Bluetooth: Add structures for the new SMP messages Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 05/13] Bluetooth: Add support for cleaning the SMP key list Vinicius Costa Gomes
2011-09-19 19:36 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 06/13] Bluetooth: Add handlers for the new mgmt messages Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 07/13] Bluetooth: Rename smp_key_size to enc_size Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 08/13] Bluetooth: Use the smp_keys list for accessing SMP keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 09/13] Bluetooth: Fix not setting a pending security level Vinicius Costa Gomes
2011-09-19 19:38 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 10/13] Bluetooth: Fix setting the connection sec_level when encryption fails Vinicius Costa Gomes
2011-09-06 19:39 ` Peter Hurley [this message]
2011-09-06 20:46 ` Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 11/13] Bluetooth: Remove support for other SMP keys than the LTK Vinicius Costa Gomes
2011-09-19 19:39 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 12/13] Bluetooth: mgmt: Add support for removing SMP keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 13/13] Bluetooth: Disconnect the link if Encryption on LE links fails Vinicius Costa Gomes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315337959.11425.23.camel@THOR \
--to=peter@hurleysoftware.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=vinicius.gomes@openbossa.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.