From: Pavel Machek <pavel@ucw.cz>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
linux-bluetooth@vger.kernel.org,
kernel list <linux-kernel@vger.kernel.org>
Subject: [PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices
Date: Wed, 13 Feb 2019 23:48:59 +0100 [thread overview]
Message-ID: <20190213224859.GA7151@amd> (raw)
[-- Attachment #1: Type: text/plain, Size: 2180 bytes --]
Hi!
Currently, "no keyboard, no display" devices can be paired, but
pairing is not secure against active attacker.
Can we do better? Not for the first pairing; but for the next ones --
yes, I believe we can.
BLE device in this case has internal storage, and Linux running
there. From factory, random 6-digit number is stored in the
flash. Legitimate user knows the number, and system is manipulated so
that pairing passkey will be this pre-shared passkey. After pairing,
user is allowed to change it.
[Or maybe passkey is 000000 from the factory; this is still win for
the user, as long as he can change the key to something random in a
secure cave.]
Fortunately, kernel support for this is rather easy; patch is attached
below.
Does someone see a security issue with proposal above?
What would be suitable interface for setting pre-shared passkey?
Module parameter is really easy.
Signed-off-by: Pavel Machek <pavel@denx.de>
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 621146d..7a2b06595 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2674,6 +2674,11 @@ static u8 sc_select_method(struct smp_chan *smp)
return method;
}
+static int preshared_passkey = -1;
+
+module_param(preshared_passkey, int, 0600);
+MODULE_PARM_DESC(preshared_passkey, "Preshared passkey for device w/o keyboard or display");
+
static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
{
struct smp_cmd_public_key *key = (void *) skb->data;
@@ -2752,9 +2757,11 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
if (smp->method == DSP_PASSKEY) {
get_random_bytes(&hcon->passkey_notify,
sizeof(hcon->passkey_notify));
+ if (preshared_passkey != -1)
+ hcon->passkey_notify = preshared_passkey;
hcon->passkey_notify %= 1000000;
hcon->passkey_entered = 0;
smp->passkey_round = 0;
if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next reply other threads:[~2019-02-13 22:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 22:48 Pavel Machek [this message]
2019-02-14 15:27 ` [PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices Emil Lenngren
2019-02-15 11:46 ` Pavel Machek
2019-02-15 12:21 ` Emil Lenngren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213224859.GA7151@amd \
--to=pavel@ucw.cz \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.