Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netbt When encrypted connections are configured, verify ...



details:   https://anonhg.NetBSD.org/src/rev/0413bee100a8
branches:  trunk
changeset: 1003734:0413bee100a8
user:      plunky <plunky%NetBSD.org@localhost>
date:      Sat Sep 28 07:06:33 2019 +0000

description:
When encrypted connections are configured, verify that the encryption
key length has a minimum size when the adaptor supports that.

This addresses the 'Key Negotiation of Bluetooth' attack, CVE-2019-9506

https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/

diffstat:

 sys/netbt/hci.h       |   15 ++++++-
 sys/netbt/hci_event.c |  105 ++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 97 insertions(+), 23 deletions(-)

diffs (214 lines):

diff -r 922f57dbf90f -r 0413bee100a8 sys/netbt/hci.h
--- a/sys/netbt/hci.h   Sat Sep 28 07:06:32 2019 +0000
+++ b/sys/netbt/hci.h   Sat Sep 28 07:06:33 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hci.h,v 1.45 2018/07/25 19:09:38 kamil Exp $   */
+/*     $NetBSD: hci.h,v 1.46 2019/09/28 07:06:33 plunky Exp $  */
 
 /*-
  * Copyright (c) 2005 Iain Hibbert.
@@ -54,7 +54,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: hci.h,v 1.45 2018/07/25 19:09:38 kamil Exp $
+ * $Id: hci.h,v 1.46 2019/09/28 07:06:33 plunky Exp $
  * $FreeBSD: src/sys/netgraph/bluetooth/include/ng_hci.h,v 1.6 2005/01/07 01:45:43 imp Exp $
  */
 
@@ -1812,6 +1812,17 @@
        uint16_t        accuracy;       /* clock accuracy */
 } __packed hci_read_clock_rp;
 
+#define HCI_OCF_READ_ENCRYPTION_KEY_SIZE               0x0008
+#define HCI_CMD_READ_ENCRYPTION_KEY_SIZE               0x1408
+typedef struct {
+       uint16_t        con_handle;     /* connection handle */
+} __packed hci_read_encryption_key_size_cp;
+
+typedef struct {
+       uint8_t         status;         /* 0x00 - success */
+       uint16_t        con_handle;     /* connection handle */
+       uint8_t         size;           /* key size */
+} __packed hci_read_encryption_key_size_rp;
 
 /**************************************************************************
  **************************************************************************
diff -r 922f57dbf90f -r 0413bee100a8 sys/netbt/hci_event.c
--- a/sys/netbt/hci_event.c     Sat Sep 28 07:06:32 2019 +0000
+++ b/sys/netbt/hci_event.c     Sat Sep 28 07:06:33 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hci_event.c,v 1.25 2018/08/21 14:59:13 plunky Exp $    */
+/*     $NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $    */
 
 /*-
  * Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.25 2018/08/21 14:59:13 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -63,6 +63,7 @@
 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *);
 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *);
 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *);
+static void hci_cmd_read_encryption_key_size(struct hci_unit *, struct mbuf *);
 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status);
 
@@ -353,6 +354,10 @@
                hci_cmd_read_local_commands(unit, m);
                break;
 
+       case HCI_CMD_READ_ENCRYPTION_KEY_SIZE:
+               hci_cmd_read_encryption_key_size(unit, m);
+               break;
+
        case HCI_CMD_RESET:
                hci_cmd_reset(unit, m);
                break;
@@ -623,10 +628,11 @@
                return;
        }
 
-       /* XXX could check auth_enable here */
-
-       if (ep.encryption_mode)
-               link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
+       /*
+        * We purposefully ignore ep.encryption_mode here - if that is set then
+        * the link will be authenticated and encrypted, but we still want to
+        * verify the key size and setmode sets the right flags
+        */
 
        link->hl_state = HCI_LINK_OPEN;
        link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
@@ -777,17 +783,16 @@
 /*
  * Encryption Change
  *
- * The encryption status has changed. Basically, we note the change
- * then notify the upper layer protocol unless further mode changes
- * are pending.
- * Note that if encryption gets disabled when it has been requested,
- * we will attempt to enable it again.. (its a feature not a bug :)
+ * The encryption status has changed. Make a note if disabled, or
+ * check the key size if possible before allowing it is enabled.
+ * (checking of key size was enabled in 3.0 spec)
  */
 static void
 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
 {
        hci_encryption_change_ep ep;
        struct hci_link *link;
+       uint16_t con_handle;
        int err;
 
        if (m->m_pkthdr.len < sizeof(ep))
@@ -796,27 +801,34 @@
        m_copydata(m, 0, sizeof(ep), &ep);
        m_adj(m, sizeof(ep));
 
-       ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
+       con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
 
        DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
-                ep.con_handle, ep.status, ep.encryption_enable);
+                con_handle, ep.status, ep.encryption_enable);
 
-       link = hci_link_lookup_handle(unit, ep.con_handle);
+       link = hci_link_lookup_handle(unit, con_handle);
        if (link == NULL || link->hl_type != HCI_LINK_ACL)
                return;
 
        if (ep.status == 0) {
-               if (ep.encryption_enable == 0)
+               if (ep.encryption_enable == 0) {
                        link->hl_flags &= ~HCI_LINK_ENCRYPT;
-               else
+               } else if (unit->hci_cmds[20] & (1<<4)) {
+                       err = hci_send_cmd(unit, HCI_CMD_READ_ENCRYPTION_KEY_SIZE,
+                           &ep.con_handle, sizeof(ep.con_handle));
+
+                       if (err == 0)
+                               return;
+               } else {
                        link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
 
-               if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
-                       link->hl_state = HCI_LINK_OPEN;
+                       if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
+                               link->hl_state = HCI_LINK_OPEN;
 
-               err = hci_acl_setmode(link);
-               if (err == EINPROGRESS)
-                       return;
+                       err = hci_acl_setmode(link);
+                       if (err == EINPROGRESS)
+                               return;
+               }
        }
 
        hci_acl_linkmode(link);
@@ -1175,6 +1187,57 @@
 }
 
 /*
+ * process results of read_encryption_key_size command_complete event
+ */
+static void
+hci_cmd_read_encryption_key_size(struct hci_unit *unit, struct mbuf *m)
+{
+       hci_read_encryption_key_size_rp rp;
+       struct hci_link *link;
+       int err;
+
+       if (m->m_pkthdr.len < sizeof(rp))
+               return;
+
+       m_copydata(m, 0, sizeof(rp), &rp);
+       m_adj(m, sizeof(rp));
+
+       if (rp.status != 0)
+               return;
+
+       rp.con_handle = HCI_CON_HANDLE(le16toh(rp.con_handle));
+
+       DPRINTFN(1, "handle #%d, status=0x%x, key_size=0x%x\n",
+                rp.con_handle, rp.status, rp.size);
+
+       link = hci_link_lookup_handle(unit, rp.con_handle);
+       if (link == NULL || link->hl_type != HCI_LINK_ACL)
+               return;
+
+       /*
+        * if the key size is less than minimum standard, go straight to
+        * linkmode as this is non-recoverable. Otherwise, we are encrypted
+        * so can proceed with setmode.
+        */
+       if (rp.status == 0) {
+               if (rp.size < 7) {
+                       link->hl_flags &= ~HCI_LINK_ENCRYPT;
+               } else {
+                       link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
+
+                       if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
+                               link->hl_state = HCI_LINK_OPEN;
+
+                       err = hci_acl_setmode(link);
+                       if (err == EINPROGRESS)
+                               return;
+               }
+       }
+
+       hci_acl_linkmode(link);
+}
+
+/*
  * process results of reset command_complete event
  *
  * This has killed all the connections, so close down anything we have left,



Home | Main Index | Thread Index | Old Index