[PATCH BlueZ 1/6] shared/csip: Fix returning invalid data to attribute Size reads

[PATCH BlueZ 1/6] shared/csip: Fix returning invalid data to attribute Size reads

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

The attribute Size value is stored in the size_val not on size member
which represents the attribute object.
---
 src/shared/csip.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/csip.c b/src/shared/csip.c
index 04a8d542b390..24d5d6a323bd 100644
--- a/src/shared/csip.c
+++ b/src/shared/csip.c
@@ -291,8 +291,8 @@ static void csis_size_read(struct gatt_db_attribute *attrib,
 	struct bt_csis *csis = user_data;
 	struct iovec iov;
 
-	iov.iov_base = &csis->size;
-	iov.iov_len = sizeof(csis->size);
+	iov.iov_base = &csis->size_val;
+	iov.iov_len = sizeof(csis->size_val);
 
 	gatt_db_attribute_read_result(attrib, id, 0, iov.iov_base,
 							iov.iov_len);
-- 
2.41.0

[PATCH BlueZ 2/6] shared/csip: Fix not requiring encryption

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

According to CSIS spec all attributes shall require encryption:

  'Table 5.1: Coordinated Set Identification Service characteristics'
---
 src/shared/csip.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/shared/csip.c b/src/shared/csip.c
index 24d5d6a323bd..eb80bbc3b26c 100644
--- a/src/shared/csip.c
+++ b/src/shared/csip.c
@@ -721,7 +721,8 @@ static struct csis_sirk *sirk_new(struct bt_csis *csis, struct gatt_db *db,
 	bt_uuid16_create(&uuid, CS_SIRK);
 	csis->sirk = gatt_db_service_add_characteristic(csis->service,
 					&uuid,
-					BT_ATT_PERM_READ,
+					BT_ATT_PERM_READ |
+					BT_ATT_PERM_READ_ENCRYPT,
 					BT_GATT_CHRC_PROP_READ,
 					csis_sirk_read, NULL,
 					csis);
@@ -729,7 +730,8 @@ static struct csis_sirk *sirk_new(struct bt_csis *csis, struct gatt_db *db,
 	bt_uuid16_create(&uuid, CS_SIZE);
 	csis->size = gatt_db_service_add_characteristic(csis->service,
 					&uuid,
-					BT_ATT_PERM_READ,
+					BT_ATT_PERM_READ |
+					BT_ATT_PERM_READ_ENCRYPT,
 					BT_GATT_CHRC_PROP_READ,
 					csis_size_read, NULL,
 					csis);
@@ -737,7 +739,10 @@ static struct csis_sirk *sirk_new(struct bt_csis *csis, struct gatt_db *db,
 	/* Lock */
 	bt_uuid16_create(&uuid, CS_LOCK);
 	csis->lock = gatt_db_service_add_characteristic(csis->service, &uuid,
-					BT_ATT_PERM_READ,
+					BT_ATT_PERM_READ |
+					BT_ATT_PERM_READ_ENCRYPT |
+					BT_ATT_PERM_WRITE |
+					BT_ATT_PERM_WRITE_ENCRYPT,
 					BT_GATT_CHRC_PROP_READ |
 					BT_GATT_CHRC_PROP_WRITE |
 					BT_GATT_CHRC_PROP_NOTIFY,
@@ -751,7 +756,8 @@ static struct csis_sirk *sirk_new(struct bt_csis *csis, struct gatt_db *db,
 	/* Rank */
 	bt_uuid16_create(&uuid, CS_RANK);
 	csis->rank = gatt_db_service_add_characteristic(csis->service, &uuid,
-					BT_ATT_PERM_READ,
+					BT_ATT_PERM_READ |
+					BT_ATT_PERM_READ_ENCRYPT,
 					BT_GATT_CHRC_PROP_READ,
 					csis_rank_read_cb,
 					NULL, csis);
-- 
2.41.0

[PATCH BlueZ 3/6] shared/csip: Fix not always reading SIRK value

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This makes sure the SIRK value is always read otherwise its value can
be outdated or not even read if the connection was interrupted before
read procedure was completed.
---
 src/shared/csip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/csip.c b/src/shared/csip.c
index eb80bbc3b26c..85de63ea626b 100644
--- a/src/shared/csip.c
+++ b/src/shared/csip.c
@@ -597,7 +597,7 @@ static void foreach_csis_char(struct gatt_db_attribute *attr, void *user_data)
 		DBG(csip, "SIRK found: handle 0x%04x", value_handle);
 
 		csis = csip_get_csis(csip);
-		if (!csis || csis->sirk)
+		if (!csis)
 			return;
 
 		csis->sirk = attr;
-- 
2.41.0

[PATCH BlueZ 4/6] device: Add btd_device_get_ltk

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This adds btd_device_get_ltk function which can be used by plugins to
access the LTK key.
---
 src/device.c | 17 +++++++++++++++++
 src/device.h |  2 ++
 2 files changed, 19 insertions(+)

diff --git a/src/device.c b/src/device.c
index 35ce1df0fe74..a734fff0dc73 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1938,6 +1938,23 @@ void device_set_ltk(struct btd_device *device, const uint8_t val[16],
 	queue_foreach(device->sirks, add_set, device);
 }
 
+bool btd_device_get_ltk(struct btd_device *device, uint8_t key[16],
+				bool *central, uint8_t *enc_size)
+{
+	if (!device || !device->ltk || !key)
+		return false;
+
+	memcpy(key, device->ltk->key, sizeof(device->ltk->key));
+
+	if (central)
+		*central = device->ltk->central;
+
+	if (enc_size)
+		*enc_size = device->ltk->enc_size;
+
+	return true;
+}
+
 static bool match_sirk(const void *data, const void *match_data)
 {
 	const struct sirk_info *sirk = data;
diff --git a/src/device.h b/src/device.h
index 0a9e51533ca5..8bb38669d457 100644
--- a/src/device.h
+++ b/src/device.h
@@ -132,6 +132,8 @@ void device_request_disconnect(struct btd_device *device, DBusMessage *msg);
 bool device_is_disconnecting(struct btd_device *device);
 void device_set_ltk(struct btd_device *device, const uint8_t val[16],
 				bool central, uint8_t enc_size);
+bool btd_device_get_ltk(struct btd_device *device, uint8_t val[16],
+				bool *central, uint8_t *enc_size);
 bool btd_device_add_set(struct btd_device *device, bool encrypted,
 				uint8_t sirk[16], uint8_t size, uint8_t rank);
 void device_store_svc_chng_ccc(struct btd_device *device, uint8_t bdaddr_type,
-- 
2.41.0

[PATCH BlueZ 5/6] csip: Add support for SIRK encryption

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This implements SIRK value encryption using the LTK which is accessed
using btd_device_get_ltk.
---
 profiles/audio/csip.c | 36 ++++++++++++++++++++++++++----
 src/shared/csip.c     | 51 ++++---------------------------------------
 src/shared/csip.h     |  5 ++---
 3 files changed, 38 insertions(+), 54 deletions(-)

diff --git a/profiles/audio/csip.c b/profiles/audio/csip.c
index 05bf588d8d6f..a697ebdfbda0 100644
--- a/profiles/audio/csip.c
+++ b/profiles/audio/csip.c
@@ -40,6 +40,7 @@
 #include "src/shared/gatt-client.h"
 #include "src/shared/gatt-server.h"
 #include "src/shared/csip.h"
+#include "src/shared/crypto.h"
 
 #include "btio/btio.h"
 #include "src/plugin.h"
@@ -313,10 +314,37 @@ static struct btd_profile csip_profile = {
 	.experimental	= true,
 };
 
-static bool csis_ltk_read(struct bt_csip *csip, uint8_t k[16], void *user_data)
+static bool csis_encrypt(struct bt_att *att, uint8_t val[16])
 {
-	/* TODO: Retrieve LTK using device object */
-	return false;
+	struct btd_device *device;
+	struct bt_crypto *crypto;
+	uint8_t ltk[16];
+	bool ret;
+
+	device = btd_adapter_find_device_by_fd(bt_att_get_fd(att));
+	if (!device) {
+		error("Unable to find device");
+		return false;
+	}
+
+	if (!btd_device_get_ltk(device, ltk, NULL, NULL)) {
+		error("Unable to get device LTK");
+		return false;
+	}
+
+	crypto = bt_crypto_new();
+	if (!crypto) {
+		error("Failed to open crypto");
+		return false;
+	}
+
+	ret = bt_crypto_sef(crypto, ltk, val, val);
+	if (!ret)
+		error("Failed to encrypt SIRK using LTK");
+
+	bt_crypto_unref(crypto);
+
+	return ret;
 }
 
 static void csis_data_add(struct csis_data *data)
@@ -332,7 +360,7 @@ static void csis_data_add(struct csis_data *data)
 
 	bt_csip_set_sirk(data->csip, btd_opts.csis.encrypt, btd_opts.csis.sirk,
 				btd_opts.csis.size, btd_opts.csis.rank,
-				csis_ltk_read, data);
+				csis_encrypt);
 
 	if (!servers)
 		servers = queue_new();
diff --git a/src/shared/csip.c b/src/shared/csip.c
index 85de63ea626b..53ce155416c7 100644
--- a/src/shared/csip.c
+++ b/src/shared/csip.c
@@ -66,6 +66,7 @@ struct bt_csis {
 	struct gatt_db_attribute *lock;
 	struct gatt_db_attribute *lock_ccc;
 	struct gatt_db_attribute *rank;
+	bt_csip_encrypt_func_t encrypt;
 };
 
 struct bt_csip_cb {
@@ -96,9 +97,6 @@ struct bt_csip {
 	bt_csip_destroy_func_t debug_destroy;
 	void *debug_data;
 
-	bt_csip_ltk_func_t ltk_func;
-	void *ltk_data;
-
 	bt_csip_sirk_func_t sirk_func;
 	void *sirk_data;
 
@@ -218,46 +216,6 @@ static void csip_debug(struct bt_csip *csip, const char *format, ...)
 	va_end(ap);
 }
 
-static bool csip_match_att(const void *data, const void *match_data)
-{
-	const struct bt_csip *csip = data;
-	const struct bt_att *att = match_data;
-
-	return bt_csip_get_att((void *)csip) == att;
-}
-
-static bool csis_sirk_enc(struct bt_csis *csis, struct bt_att *att,
-						struct csis_sirk *sirk)
-{
-	struct bt_csip *csip;
-	uint8_t k[16];
-	struct bt_crypto *crypto;
-	bool ret;
-
-	csip = queue_find(sessions, csip_match_att, att);
-	if (!csip)
-		return false;
-
-	if (!csip->ltk_func(csip, k, csip->ltk_data)) {
-		DBG(csip, "Unable to read sef key");
-		return false;
-	}
-
-	crypto = bt_crypto_new();
-	if (!crypto) {
-		DBG(csip, "Failed to open crypto");
-		return false;
-	}
-
-	ret = bt_crypto_sef(crypto, k, sirk->val, sirk->val);
-	if (!ret)
-		DBG(csip, "Failed to encrypt SIRK using sef");
-
-	bt_crypto_unref(crypto);
-
-	return ret;
-}
-
 static void csis_sirk_read(struct gatt_db_attribute *attrib,
 				unsigned int id, uint16_t offset,
 				uint8_t opcode, struct bt_att *att,
@@ -270,7 +228,7 @@ static void csis_sirk_read(struct gatt_db_attribute *attrib,
 	memcpy(&sirk, csis->sirk_val, sizeof(sirk));
 
 	if (sirk.type == BT_CSIP_SIRK_ENCRYPT &&
-				!csis_sirk_enc(csis, att, &sirk)) {
+				!csis->encrypt(att, sirk.val)) {
 		gatt_db_attribute_read_result(attrib, id, BT_ATT_ERROR_UNLIKELY,
 							NULL, 0);
 		return;
@@ -776,7 +734,7 @@ static struct csis_sirk *sirk_new(struct bt_csis *csis, struct gatt_db *db,
 
 bool bt_csip_set_sirk(struct bt_csip *csip, bool encrypt,
 				uint8_t k[16], uint8_t size, uint8_t rank,
-				bt_csip_ltk_func_t func, void *user_data)
+				bt_csip_encrypt_func_t func)
 {
 	uint8_t zero[16] = {};
 	uint8_t type;
@@ -793,8 +751,7 @@ bool bt_csip_set_sirk(struct bt_csip *csip, bool encrypt,
 	if (!sirk_new(csip->ldb->csis, csip->ldb->db, type, k, size, rank))
 		return false;
 
-	csip->ltk_func = func;
-	csip->ltk_data = user_data;
+	csip->ldb->csis->encrypt = func;
 
 	return true;
 }
diff --git a/src/shared/csip.h b/src/shared/csip.h
index bc5519cfbc49..81c8954aba8d 100644
--- a/src/shared/csip.h
+++ b/src/shared/csip.h
@@ -27,8 +27,7 @@ typedef void (*bt_csip_ready_func_t)(struct bt_csip *csip, void *user_data);
 typedef void (*bt_csip_destroy_func_t)(void *user_data);
 typedef void (*bt_csip_debug_func_t)(const char *str, void *user_data);
 typedef void (*bt_csip_func_t)(struct bt_csip *csip, void *user_data);
-typedef bool (*bt_csip_ltk_func_t)(struct bt_csip *csip, uint8_t k[16],
-							void *user_data);
+typedef bool (*bt_csip_encrypt_func_t)(struct bt_att *att, uint8_t k[16]);
 typedef bool (*bt_csip_sirk_func_t)(struct bt_csip *csip, uint8_t type,
 				    uint8_t k[16], uint8_t size, uint8_t rank,
 				    void *user_data);
@@ -54,7 +53,7 @@ struct bt_csip *bt_csip_new(struct gatt_db *ldb, struct gatt_db *rdb);
 
 bool bt_csip_set_sirk(struct bt_csip *csip, bool encrypt,
 				uint8_t k[16], uint8_t size, uint8_t rank,
-				bt_csip_ltk_func_t func, void *user_data);
+				bt_csip_encrypt_func_t func);
 
 bool bt_csip_get_sirk(struct bt_csip *csip, uint8_t *type,
 				uint8_t k[16], uint8_t *size, uint8_t *rank);
-- 
2.41.0

[PATCH BlueZ 6/6] main.conf: Fix default of CSIS.encrypt

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

CSIS.encrypt setting shall default to true, not false.
---
 src/main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main.c b/src/main.c
index cddf1396197b..ddb73431df94 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1195,6 +1195,7 @@ static void init_defaults(void)
 	btd_opts.avdtp.stream_mode = BT_IO_MODE_BASIC;
 
 	btd_opts.advmon.rssi_sampling_period = 0xFF;
+	btd_opts.csis.encrypt = true;
 }
 
 static void log_handler(const gchar *log_domain, GLogLevelFlags log_level,
-- 
2.41.0

RE: [BlueZ,1/6] shared/csip: Fix returning invalid data to attribute Size reads

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 948 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=789421

---Test result---

Test Summary:
CheckPatch                    PASS      2.70 seconds
GitLint                       PASS      7.02 seconds
BuildEll                      PASS      28.76 seconds
BluezMake                     PASS      979.14 seconds
MakeCheck                     PASS      12.63 seconds
MakeDistcheck                 PASS      163.32 seconds
CheckValgrind                 PASS      264.15 seconds
CheckSmatch                   PASS      356.79 seconds
bluezmakeextell               PASS      109.03 seconds
IncrementalBuild              PASS      4989.81 seconds
ScanBuild                     PASS      1092.62 seconds



---
Regards,
Linux Bluetooth

Re: [PATCH BlueZ 1/6] shared/csip: Fix returning invalid data to attribute Size reads

[patchwork-bot+bluetooth]

Hello:

This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Mon,  2 Oct 2023 16:13:05 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> The attribute Size value is stored in the size_val not on size member
> which represents the attribute object.
> ---
>  src/shared/csip.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Here is the summary with links:
  - [BlueZ,1/6] shared/csip: Fix returning invalid data to attribute Size reads
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=b938b05559d3
  - [BlueZ,2/6] shared/csip: Fix not requiring encryption
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=a1920af6f81f
  - [BlueZ,3/6] shared/csip: Fix not always reading SIRK value
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=65b53b0d3a88
  - [BlueZ,4/6] device: Add btd_device_get_ltk
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c35304f32c42
  - [BlueZ,5/6] csip: Add support for SIRK encryption
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=267bf36d844b
  - [BlueZ,6/6] main.conf: Fix default of CSIS.encrypt
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=954b8e5324fd

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html