* [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode
@ 2015-01-27 19:21 Marcel Holtmann
2015-01-27 20:13 ` Szymon Janc
0 siblings, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2015-01-27 19:21 UTC (permalink / raw)
To: linux-bluetooth
When using Secure Connection Only mode, the P-192 hash and rand values
for BR/EDR and the TK value for LE are not valid. The Secure Connections
Only mode limits the encryption keys to P-256 derived values for both
transports. To avoid accidentally loading weak values for pairing just
restrict it to P-256 values.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/mgmt.c | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 8417ab387d1a..5c7340b1cd66 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3660,6 +3660,21 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
goto unlock;
}
+ /* In case Secure Connections Only made has been enabled,
+ * do not allow providing P-192 hash and rand values.
+ *
+ * This actually means that in Secure Connections Only
+ * mode this command with the legacy parameter list
+ * is not supported at all.
+ */
+ if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
+ err = cmd_complete(sk, hdev->id,
+ MGMT_OP_ADD_REMOTE_OOB_DATA,
+ MGMT_STATUS_INVALID_PARAMS,
+ addr, sizeof(*addr));
+ goto unlock;
+ }
+
err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
cp->addr.type, cp->hash,
cp->rand, NULL, NULL);
@@ -3675,10 +3690,17 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
u8 *rand192, *hash192;
u8 status;
- if (bdaddr_type_is_le(cp->addr.type)) {
- /* Enforce zero-valued 192-bit parameters as
- * long as legacy SMP OOB isn't implemented.
- */
+ /* For Bluetooth LE, currently only P-256 hash and rand
+ * values are allowed. The P-192 hash and rand values
+ * are required to be zero. This is required since Legacy
+ * Pairing for LE with OOB is not implemented yet.
+ *
+ * In case Secure Connections Only made has been enabled,
+ * do not allow providing P-192 hash and rand values. It
+ * is required that the values are zero here as well.
+ */
+ if (bdaddr_type_is_le(cp->addr.type) ||
+ test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
if (memcmp(cp->rand192, ZERO_KEY, 16) ||
memcmp(cp->hash192, ZERO_KEY, 16)) {
err = cmd_complete(sk, hdev->id,
--
2.1.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode
2015-01-27 19:21 [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode Marcel Holtmann
@ 2015-01-27 20:13 ` Szymon Janc
2015-01-27 20:39 ` Marcel Holtmann
2015-01-27 21:08 ` Marcel Holtmann
0 siblings, 2 replies; 4+ messages in thread
From: Szymon Janc @ 2015-01-27 20:13 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: linux-bluetooth
Hi Marcel,
On Tuesday 27 of January 2015 11:21:52 Marcel Holtmann wrote:
> When using Secure Connection Only mode, the P-192 hash and rand values
> for BR/EDR and the TK value for LE are not valid. The Secure Connections
> Only mode limits the encryption keys to P-256 derived values for both
> transports. To avoid accidentally loading weak values for pairing just
> restrict it to P-256 values.
If so, shouldn't enabling Secure Connection Only mode result in clearing OOB
data (or at least removing legacy ones)?
>
> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
> ---
> net/bluetooth/mgmt.c | 30 ++++++++++++++++++++++++++----
> 1 file changed, 26 insertions(+), 4 deletions(-)
>
> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
> index 8417ab387d1a..5c7340b1cd66 100644
> --- a/net/bluetooth/mgmt.c
> +++ b/net/bluetooth/mgmt.c
> @@ -3660,6 +3660,21 @@ static int add_remote_oob_data(struct sock *sk,
> struct hci_dev *hdev, goto unlock;
> }
>
> + /* In case Secure Connections Only made has been enabled,
typo: made -> mode
> + * do not allow providing P-192 hash and rand values.
> + *
> + * This actually means that in Secure Connections Only
> + * mode this command with the legacy parameter list
> + * is not supported at all.
> + */
> + if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
> + err = cmd_complete(sk, hdev->id,
> + MGMT_OP_ADD_REMOTE_OOB_DATA,
> + MGMT_STATUS_INVALID_PARAMS,
> + addr, sizeof(*addr));
> + goto unlock;
> + }
> +
> err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
> cp->addr.type, cp->hash,
> cp->rand, NULL, NULL);
> @@ -3675,10 +3690,17 @@ static int add_remote_oob_data(struct sock *sk,
> struct hci_dev *hdev, u8 *rand192, *hash192;
> u8 status;
>
> - if (bdaddr_type_is_le(cp->addr.type)) {
> - /* Enforce zero-valued 192-bit parameters as
> - * long as legacy SMP OOB isn't implemented.
> - */
> + /* For Bluetooth LE, currently only P-256 hash and rand
> + * values are allowed. The P-192 hash and rand values
> + * are required to be zero. This is required since Legacy
> + * Pairing for LE with OOB is not implemented yet.
> + *
> + * In case Secure Connections Only made has been enabled,
same typo
> + * do not allow providing P-192 hash and rand values. It
> + * is required that the values are zero here as well.
> + */
> + if (bdaddr_type_is_le(cp->addr.type) ||
> + test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
> if (memcmp(cp->rand192, ZERO_KEY, 16) ||
> memcmp(cp->hash192, ZERO_KEY, 16)) {
> err = cmd_complete(sk, hdev->id,
--
BR
Szymon Janc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode
2015-01-27 20:13 ` Szymon Janc
@ 2015-01-27 20:39 ` Marcel Holtmann
2015-01-27 21:08 ` Marcel Holtmann
1 sibling, 0 replies; 4+ messages in thread
From: Marcel Holtmann @ 2015-01-27 20:39 UTC (permalink / raw)
To: Szymon Janc; +Cc: linux-bluetooth
Hi Szymon,
>> When using Secure Connection Only mode, the P-192 hash and rand values
>> for BR/EDR and the TK value for LE are not valid. The Secure Connections
>> Only mode limits the encryption keys to P-256 derived values for both
>> transports. To avoid accidentally loading weak values for pairing just
>> restrict it to P-256 values.
>
> If so, shouldn't enabling Secure Connection Only mode result in clearing OOB
> data (or at least removing legacy ones)?
most likely it should. However that can be a separate patch.
I think actually any change to SSP or SC setting should cause the remote OOB information to be flushed.
>>
>> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
>> ---
>> net/bluetooth/mgmt.c | 30 ++++++++++++++++++++++++++----
>> 1 file changed, 26 insertions(+), 4 deletions(-)
>>
>> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
>> index 8417ab387d1a..5c7340b1cd66 100644
>> --- a/net/bluetooth/mgmt.c
>> +++ b/net/bluetooth/mgmt.c
>> @@ -3660,6 +3660,21 @@ static int add_remote_oob_data(struct sock *sk,
>> struct hci_dev *hdev, goto unlock;
>> }
>>
>> + /* In case Secure Connections Only made has been enabled,
>
> typo: made -> mode
Johan can make that change before applying the patch. However good catch.
>
>> + * do not allow providing P-192 hash and rand values.
>> + *
>> + * This actually means that in Secure Connections Only
>> + * mode this command with the legacy parameter list
>> + * is not supported at all.
>> + */
>> + if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
>> + err = cmd_complete(sk, hdev->id,
>> + MGMT_OP_ADD_REMOTE_OOB_DATA,
>> + MGMT_STATUS_INVALID_PARAMS,
>> + addr, sizeof(*addr));
>> + goto unlock;
>> + }
>> +
>> err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
>> cp->addr.type, cp->hash,
>> cp->rand, NULL, NULL);
>> @@ -3675,10 +3690,17 @@ static int add_remote_oob_data(struct sock *sk,
>> struct hci_dev *hdev, u8 *rand192, *hash192;
>> u8 status;
>>
>> - if (bdaddr_type_is_le(cp->addr.type)) {
>> - /* Enforce zero-valued 192-bit parameters as
>> - * long as legacy SMP OOB isn't implemented.
>> - */
>> + /* For Bluetooth LE, currently only P-256 hash and rand
>> + * values are allowed. The P-192 hash and rand values
>> + * are required to be zero. This is required since Legacy
>> + * Pairing for LE with OOB is not implemented yet.
>> + *
>> + * In case Secure Connections Only made has been enabled,
>
> same typo
Same here, Johan, please fix this before applying.
>> + * do not allow providing P-192 hash and rand values. It
>> + * is required that the values are zero here as well.
>> + */
>> + if (bdaddr_type_is_le(cp->addr.type) ||
>> + test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
>> if (memcmp(cp->rand192, ZERO_KEY, 16) ||
>> memcmp(cp->hash192, ZERO_KEY, 16)) {
>> err = cmd_complete(sk, hdev->id,
Regards
Marcel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode
2015-01-27 20:13 ` Szymon Janc
2015-01-27 20:39 ` Marcel Holtmann
@ 2015-01-27 21:08 ` Marcel Holtmann
1 sibling, 0 replies; 4+ messages in thread
From: Marcel Holtmann @ 2015-01-27 21:08 UTC (permalink / raw)
To: Szymon Janc; +Cc: linux-bluetooth
Hi Szymon,
>> When using Secure Connection Only mode, the P-192 hash and rand values
>> for BR/EDR and the TK value for LE are not valid. The Secure Connections
>> Only mode limits the encryption keys to P-256 derived values for both
>> transports. To avoid accidentally loading weak values for pairing just
>> restrict it to P-256 values.
>
> If so, shouldn't enabling Secure Connection Only mode result in clearing OOB
> data (or at least removing legacy ones)?
coming to think about this, another option is to just not use the P-192 values when in SC only mode. Which is something we are currently missing.
Regards
Marcel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-01-27 21:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-27 19:21 [PATCH] Bluetooth: Limit OOB to P-256 values for Secure Connection Only mode Marcel Holtmann
2015-01-27 20:13 ` Szymon Janc
2015-01-27 20:39 ` Marcel Holtmann
2015-01-27 21:08 ` Marcel Holtmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.