From: Peter Hurley <peter@hurleysoftware.com>
To: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Cc: "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
Subject: Re: [PATCH v2 10/13] Bluetooth: Fix setting the connection sec_level when encryption fails
Date: Tue, 6 Sep 2011 15:39:18 -0400 [thread overview]
Message-ID: <1315337959.11425.23.camel@THOR> (raw)
In-Reply-To: <1314313359-12652-11-git-send-email-vcgomes@gmail.com>
Hi Vinicius,
On Thu, 2011-08-25 at 19:02 -0400, Vinicius Costa Gomes wrote:
> From: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
>
> If the encryption changed event indicates that happened an error we
> should not set the security level of the connection.
>
> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
> ---
> include/net/bluetooth/hci_core.h | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 7aa02e2..b6f1865 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -797,7 +797,7 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status,
> if (conn->sec_level == BT_SECURITY_SDP)
> conn->sec_level = BT_SECURITY_LOW;
>
> - if (conn->pending_sec_level > conn->sec_level)
> + if (!status && conn->pending_sec_level > conn->sec_level)
> conn->sec_level = conn->pending_sec_level;
I think this should be moved out of hci_encrypt_cfm and directly into
hci_encrypt_change_evt. Currently, the only place this assignment is
valid is on receipt of a successful Encryption Change Event (Although,
where is the Encryption Key Refresh Complete Event handling? Or does the
current SMP implementation not allow sec_level elevation?)
Also, I believe that this assignment should only occur on LE links
(which should be specifically tested for). For example, what if an ACL
link authenticates at BT_SECURITY_MEDIUM level successfully but then
later a specific service attempts to authenticates at BT_SECURITY_HIGH
level but fails. The pending_sec_level will still be set to
BT_SECURITY_HIGH so SET_CONN_ENCRYPT just needs to be resent and the ACL
link will be promoted to BT_SECURITY_HIGH.
Maybe instead of testing for an LE link, a new pend bit should be
introduced to indicate that this link is specifically expecting to set
the link sec_level as a result of sending the LE_START_ENCRYPTION cmd?
Regards,
Peter Hurley
next prev parent reply other threads:[~2011-09-06 19:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-25 23:02 [PATCH v2 00/13] Bluetooth: New mgmt messages for SMP Keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 01/13] Bluetooth: Fix sending wrong authentication requirements Vinicius Costa Gomes
2011-09-19 19:30 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 02/13] Bluetooth: Use the LTK after receiving a LE Security Request Vinicius Costa Gomes
2011-09-19 19:33 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 03/13] Revert "Bluetooth: Add support for communicating keys with userspace" Vinicius Costa Gomes
2011-09-19 19:35 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 04/13] Bluetooth: Add structures for the new SMP messages Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 05/13] Bluetooth: Add support for cleaning the SMP key list Vinicius Costa Gomes
2011-09-19 19:36 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 06/13] Bluetooth: Add handlers for the new mgmt messages Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 07/13] Bluetooth: Rename smp_key_size to enc_size Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 08/13] Bluetooth: Use the smp_keys list for accessing SMP keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 09/13] Bluetooth: Fix not setting a pending security level Vinicius Costa Gomes
2011-09-19 19:38 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 10/13] Bluetooth: Fix setting the connection sec_level when encryption fails Vinicius Costa Gomes
2011-09-06 19:39 ` Peter Hurley [this message]
2011-09-06 20:46 ` Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 11/13] Bluetooth: Remove support for other SMP keys than the LTK Vinicius Costa Gomes
2011-09-19 19:39 ` Gustavo Padovan
2011-08-25 23:02 ` [PATCH v2 12/13] Bluetooth: mgmt: Add support for removing SMP keys Vinicius Costa Gomes
2011-08-25 23:02 ` [PATCH v2 13/13] Bluetooth: Disconnect the link if Encryption on LE links fails Vinicius Costa Gomes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315337959.11425.23.camel@THOR \
--to=peter@hurleysoftware.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=vinicius.gomes@openbossa.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).