Hi Frédéric,
On Tue, Apr 8, 2025 at 1:28 PM Luiz Augusto von Dentz
<luiz.dentz@xxxxxxxxx> wrote:
>
> Hi Frédéric,
>
> On Tue, Apr 8, 2025 at 1:09 PM Frédéric Danis
> <frederic.danis@xxxxxxxxxxxxx> wrote:
> >
> > This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:
> > Security Mode 4 Level 4, Responder - Invalid Encryption Key Size
> > - 128 bit
> >
> > This tests the security key with size from 1 to 15 bytes while the
> > Security Mode 4 Level 4 requests 16 bytes key size.
> >
> > Currently PTS fails with the following logs:
> > - expected:Connection Response:
> > Code: [3 (0x03)] Code
> > Identifier: (lt)WildCard: Exists(gt)
> > Length: [8 (0x0008)]
> > Destination CID: (lt)WildCard: Exists(gt)
> > Source CID: [64 (0x0040)]
> > Result: [3 (0x0003)] Connection refused - Security block
> > Status: (lt)WildCard: Exists(gt),
> > but received:Connection Response:
> > Code: [3 (0x03)] Code
> > Identifier: [1 (0x01)]
> > Length: [8 (0x0008)]
> > Destination CID: [64 (0x0040)]
> > Source CID: [64 (0x0040)]
> > Result: [0 (0x0000)] Connection Successful
> > Status: [0 (0x0000)] No further information available
> >
> > And HCI logs:
> > < HCI Command: Read Encrypti.. (0x05|0x0008) plen 2
> > Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)
> > > HCI Event: Command Complete (0x0e) plen 7
> > Read Encryption Key Size (0x05|0x0008) ncmd 1
> > Status: Success (0x00)
> > Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)
> > Key size: 7
> > > ACL Data RX: Handle 14 flags 0x02 dlen 12
> > L2CAP: Connection Request (0x02) ident 1 len 4
> > PSM: 4097 (0x1001)
> > Source CID: 64
> > < ACL Data TX: Handle 14 flags 0x00 dlen 16
> > L2CAP: Connection Response (0x03) ident 1 len 8
> > Destination CID: 64
> > Source CID: 64
> > Result: Connection successful (0x0000)
> > Status: No further information available (0x0000)
> >
> > Signed-off-by: Frédéric Danis <frederic.danis@xxxxxxxxxxxxx>
> > ---
> > net/bluetooth/l2cap_core.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> > index c7b66b2ea9f2..f2ab09582146 100644
> > --- a/net/bluetooth/l2cap_core.c
> > +++ b/net/bluetooth/l2cap_core.c
> > @@ -3997,6 +3997,13 @@ static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd,
> > goto response;
> > }
> >
> > + /* Check the encryption key size */
> > + if (!l2cap_check_enc_key_size(conn->hcon)) {
> > + conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
> > + result = L2CAP_CR_SEC_BLOCK;
> > + goto response;
> > + }
> > +
>
> Hmm maybe we should incorporate this is the statement before:
>
> /* Check if the ACL is secure enough (if not SDP) */
> if (psm != cpu_to_le16(L2CAP_PSM_SDP) &&
> !hci_conn_check_link_mode(conn->hcon)) {
> conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
> result = L2CAP_CR_SEC_BLOCK;
> goto response;
> }
>
> That said I don't quite understand why the likes of
> hci_conn_check_link_mode is not checking the key size since it is
> already doing security level checks, either way that indeed seem to be
> missing for incoming connection requests.
Also this need to add Fixes: 288c06973daa ("Bluetooth: Enforce key
size of 16 bytes on FIPS level") since apparently tha missed some code
paths.
> > result = L2CAP_CR_NO_MEM;
> >
> > /* Check for valid dynamic CID range (as per Erratum 3253) */
> > --
> > 2.43.0
> >
> >
>
>
> --
> Luiz Augusto von Dentz
--
Luiz Augusto von Dentz
