[Backport v1.14-branch] Bluetooth: host: Overwrite existing bond when IRK has been updated #33718
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jhedberg
approved these changes
Mar 26, 2021
|
Need #33467 |
|
Can you rebase now that the doc building is fixed. |
joerchan
force-pushed
the
backport-33266-to-v1.14-branch
branch
from
a7cf02b to
977af92
Compare
|
@galak Rebased, but something else went wrong. Is it an unstable test? |
|
@joerchan the failing test are not related, is this ready to move out of draft? |
Make sure that a new pairing procedure with an existing bond does not result in a security with weaker security properties. Signed-off-by: Joakim Andersson <[email protected]>
Disallows all unauthenticated pairing attempts made by the peer where an unauthenticated bond already exists. This would enable cases where an attacker could copy the peer device address to connect and start an unauthenticated pairing procedure to replace the existing bond. Now in order to create a new bond the old bond has to be explicitly deleted with bt_unpair. Added option to disable this rule in order to maintain backwards compatibility in case this behavior is accepted. Signed-off-by: Joakim Andersson <[email protected]>
Fix an issue where a slot in the key pool was considered free when either the address was cleared or no keys were written in the entry (enc_size == 0). This caused a problem with simultaneous pairing attempts that would be assigned the same entry. This patch makes it so a a slot is considered free even when keys are not yet present in the entry, and makes sure the address is cleared in case of pairing failure or timeout so to mark the slot as free. Signed-off-by: François Delawarde <[email protected]>
Fix an an issue where established bonding information in the peripheral are deleted when the central does not have the bond information. This could be because the central has removed the bond information, or this is in fact not the central but someone spoofing it's identity, or an accidental RPA match. This is a regression from: a3e89e8 Signed-off-by: Joakim Andersson <[email protected]>
Fail the pairing procedure when both devices have the same non-debug public key. Signed-off-by: Joakim Andersson <[email protected]>
Refactor update_keys_check helper function to operate on input keys input. This allows the function to be re-used on a keys structure that is not the current connection keys. This also avoids the helper function changing the connection state. The conn->le.keys pointer should at this point always have been assigned, as central when sending the pairing request, and as peripheral when receiving the pairing request at the very latest. Signed-off-by: Joakim Andersson <[email protected]>
Overwrite the existing bond when the IRK of the existing bond could not resolve the RPA of the peer. This would happen if the peer has deleted the bond and replaced the IRK that was used. Signed-off-by: Joakim Andersson <[email protected]>
joerchan
force-pushed
the
backport-33266-to-v1.14-branch
branch
from
977af92 to
664c927
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Originally meant to backport e06bac0~2..e06bac0 from #33266
Cherry-picking had dependencies so one more commit was included.
Additional fixes have been included in this PR, these should have been backported earlier.
Original backport commit list:
e06bac0 Bluetooth: host: Overwrite existing bond when IRK has been updated
7fee6b8 Bluetooth: host: Refactor update_keys_check to operate on keys as input
Dependency commit:
b35075d Bluetooth: SMP: Re-pairing cannot lower the security level of the bond
Additional fixes backported:
3102f3b Bluetooth: host: Fail pairing with identical public key
64d6d10 Bluetooth: SMP: Add option to disallow unauthenticated re-pairing
7ab754d Bluetooth: SMP: Fix bond lost on pairing failure.
a3e89e8 bluetooth: host: Fix simultaneous pairings getting the same keys slot