* [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes
@ 2026-06-08 9:11 Simon Mikuda
2026-06-08 12:00 ` [BlueZ] " bluez.test.bot
2026-06-08 14:23 ` [PATCH BlueZ] " Luiz Augusto von Dentz
0 siblings, 2 replies; 6+ messages in thread
From: Simon Mikuda @ 2026-06-08 9:11 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Simon Mikuda
When BLE remote doesn't reply with Insufficient Authentication Error
encryption is not started.
Good remote:
< ACL Data TX: Handle 64 flags 0x00 dlen 7
ATT: Read Request (0x0a) len 2
Handle: 0x0021 Type: HID Information (0x2a4a)
> ACL Data RX: Handle 64 flags 0x02 dlen 9
ATT: Error Response (0x01) len 4
Read Request (0x0a)
Handle: 0x0000
Error: Insufficient Authentication (0x05)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
Handle: 64 Address: xx:xx:xx:xx:xx:xx (OUI xx-xx-xx)
Random number: ...
Encrypted diversifier: ...
Long term key: ...
Bad remote:
< ACL Data TX: Handle 64 flags 0x00 dlen 7
ATT: Read Request (0x0a) len 2
Handle: 0x001e Type: HID Information (0x2a4a)
> ACL Data RX: Handle 64 flags 0x02 dlen 9
ATT: Read Response (0x0b) len 4
---
profiles/input/hog.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/profiles/input/hog.c b/profiles/input/hog.c
index f50a0f217..845087c9d 100644
--- a/profiles/input/hog.c
+++ b/profiles/input/hog.c
@@ -189,6 +189,9 @@ static int hog_accept(struct btd_service *service)
if (!bt_gatt_client_set_security(client,
BT_ATT_SECURITY_MEDIUM))
return -ECONNREFUSED;
+ } else if (auto_sec) {
+ bt_gatt_client_set_security(btd_device_get_gatt_client(device),
+ BT_ATT_SECURITY_MEDIUM);
}
/* TODO: Replace GAttrib with bt_gatt_client */
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [BlueZ] hog: Fix starting encryption on some BLE remotes
2026-06-08 9:11 [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes Simon Mikuda
@ 2026-06-08 12:00 ` bluez.test.bot
2026-06-08 14:23 ` [PATCH BlueZ] " Luiz Augusto von Dentz
1 sibling, 0 replies; 6+ messages in thread
From: bluez.test.bot @ 2026-06-08 12:00 UTC (permalink / raw)
To: linux-bluetooth, simon.mikuda
[-- Attachment #1: Type: text/plain, Size: 987 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1107612
---Test result---
Test Summary:
CheckPatch PASS 0.27 seconds
GitLint PASS 0.20 seconds
BuildEll PASS 12.59 seconds
BluezMake PASS 379.88 seconds
MakeCheck PASS 0.57 seconds
MakeDistcheck PASS 147.74 seconds
CheckValgrind PASS 116.75 seconds
CheckSmatch PASS 184.84 seconds
bluezmakeextell PASS 95.68 seconds
IncrementalBuild PASS 402.48 seconds
ScanBuild PASS 507.29 seconds
https://github.com/bluez/bluez/pull/2184
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes
2026-06-08 9:11 [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes Simon Mikuda
2026-06-08 12:00 ` [BlueZ] " bluez.test.bot
@ 2026-06-08 14:23 ` Luiz Augusto von Dentz
2026-06-09 16:25 ` Simon Mikuda
1 sibling, 1 reply; 6+ messages in thread
From: Luiz Augusto von Dentz @ 2026-06-08 14:23 UTC (permalink / raw)
To: Simon Mikuda; +Cc: linux-bluetooth
Hi Simon,
On Mon, Jun 8, 2026 at 5:20 AM Simon Mikuda
<simon.mikuda@streamunlimited.com> wrote:
>
> When BLE remote doesn't reply with Insufficient Authentication Error
> encryption is not started.
>
> Good remote:
> < ACL Data TX: Handle 64 flags 0x00 dlen 7
> ATT: Read Request (0x0a) len 2
> Handle: 0x0021 Type: HID Information (0x2a4a)
> > ACL Data RX: Handle 64 flags 0x02 dlen 9
> ATT: Error Response (0x01) len 4
> Read Request (0x0a)
> Handle: 0x0000
> Error: Insufficient Authentication (0x05)
> < HCI Command: LE Start Encryption (0x08|0x0019) plen 28
> Handle: 64 Address: xx:xx:xx:xx:xx:xx (OUI xx-xx-xx)
> Random number: ...
> Encrypted diversifier: ...
> Long term key: ...
>
> Bad remote:
> < ACL Data TX: Handle 64 flags 0x00 dlen 7
> ATT: Read Request (0x0a) len 2
> Handle: 0x001e Type: HID Information (0x2a4a)
> > ACL Data RX: Handle 64 flags 0x02 dlen 9
> ATT: Read Response (0x0b) len 4
> ---
> profiles/input/hog.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/profiles/input/hog.c b/profiles/input/hog.c
> index f50a0f217..845087c9d 100644
> --- a/profiles/input/hog.c
> +++ b/profiles/input/hog.c
> @@ -189,6 +189,9 @@ static int hog_accept(struct btd_service *service)
> if (!bt_gatt_client_set_security(client,
> BT_ATT_SECURITY_MEDIUM))
> return -ECONNREFUSED;
> + } else if (auto_sec) {
> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
> + BT_ATT_SECURITY_MEDIUM);
So this forces encryption even without bonding; why?
> }
>
> /* TODO: Replace GAttrib with bt_gatt_client */
> --
> 2.43.0
>
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes
2026-06-08 14:23 ` [PATCH BlueZ] " Luiz Augusto von Dentz
@ 2026-06-09 16:25 ` Simon Mikuda
2026-06-09 16:35 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 6+ messages in thread
From: Simon Mikuda @ 2026-06-09 16:25 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hi Luiz.
I don't think it forces encryption without bonding.
The diff is:
if (!device_is_bonded(device,
btd_device_get_bdaddr_type(device))) {
........
+ } else if (auto_sec) {
+ bt_gatt_client_set_security(btd_device_get_gatt_client(device),
+ BT_ATT_SECURITY_MEDIUM);
}
so it means device IS bonded and auto_sec is enabled
On 6/8/26 16:23, Luiz Augusto von Dentz wrote:
> Hi Simon,
>
> On Mon, Jun 8, 2026 at 5:20 AM Simon Mikuda
> <simon.mikuda@streamunlimited.com> wrote:
>> When BLE remote doesn't reply with Insufficient Authentication Error
>> encryption is not started.
>>
>> Good remote:
>> < ACL Data TX: Handle 64 flags 0x00 dlen 7
>> ATT: Read Request (0x0a) len 2
>> Handle: 0x0021 Type: HID Information (0x2a4a)
>>> ACL Data RX: Handle 64 flags 0x02 dlen 9
>> ATT: Error Response (0x01) len 4
>> Read Request (0x0a)
>> Handle: 0x0000
>> Error: Insufficient Authentication (0x05)
>> < HCI Command: LE Start Encryption (0x08|0x0019) plen 28
>> Handle: 64 Address: xx:xx:xx:xx:xx:xx (OUI xx-xx-xx)
>> Random number: ...
>> Encrypted diversifier: ...
>> Long term key: ...
>>
>> Bad remote:
>> < ACL Data TX: Handle 64 flags 0x00 dlen 7
>> ATT: Read Request (0x0a) len 2
>> Handle: 0x001e Type: HID Information (0x2a4a)
>>> ACL Data RX: Handle 64 flags 0x02 dlen 9
>> ATT: Read Response (0x0b) len 4
>> ---
>> profiles/input/hog.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/profiles/input/hog.c b/profiles/input/hog.c
>> index f50a0f217..845087c9d 100644
>> --- a/profiles/input/hog.c
>> +++ b/profiles/input/hog.c
>> @@ -189,6 +189,9 @@ static int hog_accept(struct btd_service *service)
>> if (!bt_gatt_client_set_security(client,
>> BT_ATT_SECURITY_MEDIUM))
>> return -ECONNREFUSED;
>> + } else if (auto_sec) {
>> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
>> + BT_ATT_SECURITY_MEDIUM);
> So this forces encryption even without bonding; why?
>
>> }
>>
>> /* TODO: Replace GAttrib with bt_gatt_client */
>> --
>> 2.43.0
>>
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes
2026-06-09 16:25 ` Simon Mikuda
@ 2026-06-09 16:35 ` Luiz Augusto von Dentz
2026-06-09 16:46 ` Simon Mikuda
0 siblings, 1 reply; 6+ messages in thread
From: Luiz Augusto von Dentz @ 2026-06-09 16:35 UTC (permalink / raw)
To: Simon Mikuda; +Cc: linux-bluetooth
Hi Simon,
On Tue, Jun 9, 2026 at 12:25 PM Simon Mikuda
<simon.mikuda@streamunlimited.com> wrote:
>
> Hi Luiz.
> I don't think it forces encryption without bonding.
> The diff is:
> if (!device_is_bonded(device,
> btd_device_get_bdaddr_type(device))) {
> ........
> + } else if (auto_sec) {
> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
> + BT_ATT_SECURITY_MEDIUM);
> }
>
> so it means device IS bonded and auto_sec is enabled
Hmm, but in that case doesn't the following code trigger first:
https://github.com/bluez/bluez/blob/master/src/device.c#L6469
So either there is a bug or the code you are adding is just a NOP
because the security has already been set to BT_ATT_SECURITY_MEDIUM.
>
> On 6/8/26 16:23, Luiz Augusto von Dentz wrote:
> > Hi Simon,
> >
> > On Mon, Jun 8, 2026 at 5:20 AM Simon Mikuda
> > <simon.mikuda@streamunlimited.com> wrote:
> >> When BLE remote doesn't reply with Insufficient Authentication Error
> >> encryption is not started.
> >>
> >> Good remote:
> >> < ACL Data TX: Handle 64 flags 0x00 dlen 7
> >> ATT: Read Request (0x0a) len 2
> >> Handle: 0x0021 Type: HID Information (0x2a4a)
> >>> ACL Data RX: Handle 64 flags 0x02 dlen 9
> >> ATT: Error Response (0x01) len 4
> >> Read Request (0x0a)
> >> Handle: 0x0000
> >> Error: Insufficient Authentication (0x05)
> >> < HCI Command: LE Start Encryption (0x08|0x0019) plen 28
> >> Handle: 64 Address: xx:xx:xx:xx:xx:xx (OUI xx-xx-xx)
> >> Random number: ...
> >> Encrypted diversifier: ...
> >> Long term key: ...
> >>
> >> Bad remote:
> >> < ACL Data TX: Handle 64 flags 0x00 dlen 7
> >> ATT: Read Request (0x0a) len 2
> >> Handle: 0x001e Type: HID Information (0x2a4a)
> >>> ACL Data RX: Handle 64 flags 0x02 dlen 9
> >> ATT: Read Response (0x0b) len 4
> >> ---
> >> profiles/input/hog.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/profiles/input/hog.c b/profiles/input/hog.c
> >> index f50a0f217..845087c9d 100644
> >> --- a/profiles/input/hog.c
> >> +++ b/profiles/input/hog.c
> >> @@ -189,6 +189,9 @@ static int hog_accept(struct btd_service *service)
> >> if (!bt_gatt_client_set_security(client,
> >> BT_ATT_SECURITY_MEDIUM))
> >> return -ECONNREFUSED;
> >> + } else if (auto_sec) {
> >> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
> >> + BT_ATT_SECURITY_MEDIUM);
> > So this forces encryption even without bonding; why?
> >
> >> }
> >>
> >> /* TODO: Replace GAttrib with bt_gatt_client */
> >> --
> >> 2.43.0
> >>
> >>
> >
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes
2026-06-09 16:35 ` Luiz Augusto von Dentz
@ 2026-06-09 16:46 ` Simon Mikuda
0 siblings, 0 replies; 6+ messages in thread
From: Simon Mikuda @ 2026-06-09 16:46 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Ahh. We have this modified in our codebase - we have a change that you
will not increase security yourself you leave it to remote device (in
case user has removed LTK on remote device and you still have one, you
will not trigger authentication error).
So you're right, if this is in place it would have increase the
security. We will squash those commits together internally.
Thanks!
On 6/9/26 18:35, Luiz Augusto von Dentz wrote:
> Hi Simon,
>
> On Tue, Jun 9, 2026 at 12:25 PM Simon Mikuda
> <simon.mikuda@streamunlimited.com> wrote:
>> Hi Luiz.
>> I don't think it forces encryption without bonding.
>> The diff is:
>> if (!device_is_bonded(device,
>> btd_device_get_bdaddr_type(device))) {
>> ........
>> + } else if (auto_sec) {
>> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
>> + BT_ATT_SECURITY_MEDIUM);
>> }
>>
>> so it means device IS bonded and auto_sec is enabled
> Hmm, but in that case doesn't the following code trigger first:
>
> https://github.com/bluez/bluez/blob/master/src/device.c#L6469
>
> So either there is a bug or the code you are adding is just a NOP
> because the security has already been set to BT_ATT_SECURITY_MEDIUM.
>
>> On 6/8/26 16:23, Luiz Augusto von Dentz wrote:
>>> Hi Simon,
>>>
>>> On Mon, Jun 8, 2026 at 5:20 AM Simon Mikuda
>>> <simon.mikuda@streamunlimited.com> wrote:
>>>> When BLE remote doesn't reply with Insufficient Authentication Error
>>>> encryption is not started.
>>>>
>>>> Good remote:
>>>> < ACL Data TX: Handle 64 flags 0x00 dlen 7
>>>> ATT: Read Request (0x0a) len 2
>>>> Handle: 0x0021 Type: HID Information (0x2a4a)
>>>>> ACL Data RX: Handle 64 flags 0x02 dlen 9
>>>> ATT: Error Response (0x01) len 4
>>>> Read Request (0x0a)
>>>> Handle: 0x0000
>>>> Error: Insufficient Authentication (0x05)
>>>> < HCI Command: LE Start Encryption (0x08|0x0019) plen 28
>>>> Handle: 64 Address: xx:xx:xx:xx:xx:xx (OUI xx-xx-xx)
>>>> Random number: ...
>>>> Encrypted diversifier: ...
>>>> Long term key: ...
>>>>
>>>> Bad remote:
>>>> < ACL Data TX: Handle 64 flags 0x00 dlen 7
>>>> ATT: Read Request (0x0a) len 2
>>>> Handle: 0x001e Type: HID Information (0x2a4a)
>>>>> ACL Data RX: Handle 64 flags 0x02 dlen 9
>>>> ATT: Read Response (0x0b) len 4
>>>> ---
>>>> profiles/input/hog.c | 3 +++
>>>> 1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/profiles/input/hog.c b/profiles/input/hog.c
>>>> index f50a0f217..845087c9d 100644
>>>> --- a/profiles/input/hog.c
>>>> +++ b/profiles/input/hog.c
>>>> @@ -189,6 +189,9 @@ static int hog_accept(struct btd_service *service)
>>>> if (!bt_gatt_client_set_security(client,
>>>> BT_ATT_SECURITY_MEDIUM))
>>>> return -ECONNREFUSED;
>>>> + } else if (auto_sec) {
>>>> + bt_gatt_client_set_security(btd_device_get_gatt_client(device),
>>>> + BT_ATT_SECURITY_MEDIUM);
>>> So this forces encryption even without bonding; why?
>>>
>>>> }
>>>>
>>>> /* TODO: Replace GAttrib with bt_gatt_client */
>>>> --
>>>> 2.43.0
>>>>
>>>>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-06-09 16:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-08 9:11 [PATCH BlueZ] hog: Fix starting encryption on some BLE remotes Simon Mikuda
2026-06-08 12:00 ` [BlueZ] " bluez.test.bot
2026-06-08 14:23 ` [PATCH BlueZ] " Luiz Augusto von Dentz
2026-06-09 16:25 ` Simon Mikuda
2026-06-09 16:35 ` Luiz Augusto von Dentz
2026-06-09 16:46 ` Simon Mikuda
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox