This change introduces a new configuration to strictly enforce key size checks. This ensures that systems are in a secured configuration by default while allowing for a compatible posture via a Kconfig option to support controllers who may not support the read encryption key size command. Signed-off-by: Alain Michaud <alainm@xxxxxxxxxxxx> --- net/bluetooth/Kconfig | 10 ++++++++++ net/bluetooth/hci_core.c | 10 ++++++++++ net/bluetooth/hci_event.c | 5 +++++ 3 files changed, 25 insertions(+) diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig index 165148c7c4ce..6a155b7b6fb2 100644 --- a/net/bluetooth/Kconfig +++ b/net/bluetooth/Kconfig @@ -128,4 +128,14 @@ config BT_DEBUGFS Provide extensive information about internal Bluetooth states in debugfs. +config BT_ENFORCE_CLASSIC_KEY_SIZES + bool "Enforces security requirements for Bluetooth classic" + depends on BT + default y + help + Enforces Bluetooth classic security requirements by disallowing use of + insecure Bluetooth chips, i.e. that doesn't support Read Encryption + Key Size command to prevent BT classic connection with very short + encryption key. + source "drivers/bluetooth/Kconfig" diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 4e6d61a95b20..142130d4b66b 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -1540,6 +1540,16 @@ static int hci_dev_do_open(struct hci_dev *hdev) clear_bit(HCI_INIT, &hdev->flags); +#ifdef BT_ENFORCE_CLASSIC_KEY_SIZES + /* Don't allow usage of Bluetooth if the chip doesn't support */ + /* Read Encryption Key Size command */ + if (!ret && !(hdev->commands[20] & 0x10)) { + bt_dev_err(hdev, + "Disabling BT, Read Encryption Key Size !supported"); + ret = -EIO; + } +#endif + if (!ret) { hci_dev_hold(hdev); hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index a40ed31f6eb8..6605da7ec72e 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2902,7 +2902,12 @@ static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status, if (rp->status) { bt_dev_err(hdev, "failed to read key size for handle %u", handle); +#ifdef BT_ENFORCE_CLASSIC_KEY_SIZES + hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); + hci_conn_drop(conn); +#else conn->enc_key_size = HCI_LINK_KEY_SIZE; +#endif } else { conn->enc_key_size = rp->key_size; } -- 2.25.1.481.gfbce0eb801-goog