From: Peter Hurley <peter@hurleysoftware.com>
To: Johan Hedberg <johan.hedberg@gmail.com>
Cc: Daniel Wagner <wagi@monom.org>,
linux-bluetooth <linux-bluetooth@vger.kernel.org>
Subject: Re: [PATCH v3] Bluetooth: Fix l2cap conn failures for ssp devices
Date: Tue, 17 Jan 2012 07:34:33 -0500 [thread overview]
Message-ID: <1326803673.4432.2.camel@thor> (raw)
In-Reply-To: <20120117082725.GA14943@x220.P-661HNU-F1>
Hi Johan,
On Tue, 2012-01-17 at 03:27 -0500, Johan Hedberg wrote:
> Hi Peter,
>
> On Mon, Jan 16, 2012, Peter Hurley wrote:
> > The situation with this patch is that I asked Gustavo not to apply it
> > (via IRC). Although the patch works, the overall logic of the
> > auth/encryption system is flawed.
> >
> > With respect to this issue specifically (ie, ssp vs. non-ssp auth +
> > encrypt), the flaw is that the semantic meaning of the
> > HCI_CONN_ENCRYPT_PEND bit is overloaded. The meaning of one sense is
> > that an actual HCI_OP_SET_CONN_ENCRYPT command is in-flight, and thus,
> > for this hci connection, neither an auth nor encrypt request should be
> > sent. The second meaning is that the event handler *should* submit an
> > encrypt request upon receiving a successful auth complete event.
> >
> > At the time, I had a patch prepared which addressed this duality as part
> > of a series which enabled true re-auth & sec_level promotion.
> > Unfortunately, I discovered that a prior patch had been submitted and
> > applied which specifically disables sec_level promotion for non-ssp
> > devices. The ml conversation died here
> > http://marc.info/?l=linux-bluetooth&m=131609282919575&w=2 so I dropped
> > it.
>
> I think it'd be important to continue with this work. Even for
> controllers that don't allow a "security upgrade" you can still detect
> the situation when you get an auth_complete without any preceding
> link_key or PIN request and just drop the connection in such a case. For
> legacy pairing this would only happen when going from MEDIUM to HIGH
> since LOW means that you don't have a link key yet.
>
> Btw, could you tell me the commit id of this "patch which specifically
> disables sec_level promotion for non-ssp devices"?
19f8def Bluetooth: Fix auth_complete_evt for legacy units
Peter
next prev parent reply other threads:[~2012-01-17 12:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-09 20:26 [PATCH v3] Bluetooth: Fix l2cap conn failures for ssp devices Peter Hurley
2012-01-04 10:22 ` Daniel Wagner
2012-01-09 8:30 ` Daniel Wagner
2012-01-11 11:26 ` Johan Hedberg
2012-01-16 19:37 ` Peter Hurley
2012-01-17 8:27 ` Johan Hedberg
2012-01-17 12:34 ` Peter Hurley [this message]
2012-02-01 22:22 ` Luiz Augusto von Dentz
2012-02-02 0:12 ` Marcel Holtmann
2012-02-02 0:26 ` Johan Hedberg
2012-02-02 9:36 ` Daniel Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1326803673.4432.2.camel@thor \
--to=peter@hurleysoftware.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=wagi@monom.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).