* [PATCH RFC BlueZ 1/1] attrib: Retry ATT request when link is unencrypted
2012-04-27 16:05 [PATCH RFC BlueZ 0/1] On demand LE link encryption/authentication Anderson Lizardo
@ 2012-04-27 16:05 ` Anderson Lizardo
2012-05-03 12:36 ` [PATCH RFC BlueZ 0/1] On demand LE link encryption/authentication Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Anderson Lizardo @ 2012-04-27 16:05 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Bruna Moreira
From: Bruna Moreira <bruna.moreira@openbossa.org>
If the client side receives an Error Response with "Insufficient
Authentication" or "Insufficient Encryption", it will increase the link
security level and send the same request again.
---
attrib/gattrib.c | 32 ++++++++++++++++++++++++++++++++
src/device.c | 2 +-
2 files changed, 33 insertions(+), 1 deletions(-)
diff --git a/attrib/gattrib.c b/attrib/gattrib.c
index 769be36..e551aef 100644
--- a/attrib/gattrib.c
+++ b/attrib/gattrib.c
@@ -61,6 +61,7 @@ struct command {
guint16 len;
guint8 expected;
gboolean sent;
+ gboolean retry;
GAttribResultFunc func;
gpointer user_data;
GDestroyNotify notify;
@@ -307,6 +308,22 @@ static void wake_up_sender(struct _GAttrib *attrib)
can_write_data, attrib, destroy_sender);
}
+static void increase_sec_level(struct _GAttrib *attrib)
+{
+ BtIOSecLevel sec_level;
+
+ bt_io_get(attrib->io, BT_IO_L2CAP, NULL,
+ BT_IO_OPT_SEC_LEVEL, &sec_level,
+ BT_IO_OPT_INVALID);
+
+ if (sec_level < BT_IO_SEC_HIGH) {
+ sec_level++;
+ bt_io_set(attrib->io, BT_IO_L2CAP, NULL,
+ BT_IO_OPT_SEC_LEVEL, sec_level,
+ BT_IO_OPT_INVALID);
+ }
+}
+
static gboolean received_data(GIOChannel *io, GIOCondition cond, gpointer data)
{
struct _GAttrib *attrib = data;
@@ -368,6 +385,20 @@ static gboolean received_data(GIOChannel *io, GIOCondition cond, gpointer data)
status = 0;
done:
+ if ((status == ATT_ECODE_INSUFF_ENC ||
+ status == ATT_ECODE_AUTHENTICATION) &&
+ cmd && cmd->retry) {
+ /* Increase security level */
+ increase_sec_level(attrib);
+
+ /* Retry request once */
+ cmd->sent = FALSE;
+ cmd->retry = FALSE;
+ g_queue_push_head(attrib->queue, cmd);
+ wake_up_sender(attrib);
+ return TRUE;
+ }
+
qempty = attrib->queue == NULL || g_queue_is_empty(attrib->queue);
if (cmd) {
@@ -434,6 +465,7 @@ guint g_attrib_send(GAttrib *attrib, guint id, guint8 opcode,
c->func = func;
c->user_data = user_data;
c->notify = notify;
+ c->retry = TRUE;
if (id) {
c->id = id;
diff --git a/src/device.c b/src/device.c
index 021b200..37b05f4 100644
--- a/src/device.c
+++ b/src/device.c
@@ -2003,7 +2003,7 @@ static gboolean att_connect(gpointer user_data)
BT_IO_OPT_DEST_BDADDR, &device->bdaddr,
BT_IO_OPT_DEST_TYPE, device->bdaddr_type,
BT_IO_OPT_CID, ATT_CID,
- BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
+ BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
BT_IO_OPT_INVALID);
}
--
1.7.5.4
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH RFC BlueZ 0/1] On demand LE link encryption/authentication
2012-04-27 16:05 [PATCH RFC BlueZ 0/1] On demand LE link encryption/authentication Anderson Lizardo
2012-04-27 16:05 ` [PATCH RFC BlueZ 1/1] attrib: Retry ATT request when link is unencrypted Anderson Lizardo
@ 2012-05-03 12:36 ` Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Johan Hedberg @ 2012-05-03 12:36 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
Hi Lizardo,
On Fri, Apr 27, 2012, Anderson Lizardo wrote:
> This patch adds support in BlueZ for only increasing security level of the LE
> link when the ATT request fails with "Insufficient Encryption" or "Insufficient
> Authentication". This mechanism is described on Core Specification page 1837
> ("3.2.5 Attribute Permissions") and 1876 ("4 Security Considerations"). This
> allows for very low latency connections when encryption is not required.
>
> On a related topic, we would like to propose changing how LE Security
> Modes/Levels are mapped to BlueZ/kernel security levels. Currently, for LE the
> kernel does the following mapping:
>
> * seclevel SDP (0): not used by LE. Effectively should work like LOW.
> * seclevel LOW (1): no authentication and no encryption (LE Security Mode 1
> Level 1)
> * seclevel MEDIUM (2): Unauthenticated pairing with encryption (LE Security
> Mode 1 Level 2), uses Just Works pairing algorithm
> * seclevel HIGH (3): Authenticated pairing with encryption (LE Security Mode 1
> Level 3), uses Passkey Entry pairing algorithm
>
> There is no support for LE Security Mode 2. Our proposal is to:
>
> 1) Rename SDP level to NONE. It will mean "no authentication and no encryption"
> for LE, for BR/EDR it will be unchanged.
> 2) use LOW for "Unauthenticated pairing with encryption"
> 3) use MEDIUM for "Authenticated pairing with encryption"
> 4) HIGH becomes unused for LE (maybe mapping to MEDIUM?)
>
> We believe this would align better with BR/EDR and with the definition of LE
> Security Mode 2. Thoughts?
MEDIUM for BR/EDR means unauthenticated so your rewritten definition
wouldn't match that anymore. Regarding security level 0 (SDP/NONE) the
specification says:
"Permitted only for SDP and service data sent via either L2CAP fixed
signaling channels or the L2CAP connectionless channel to PSMs that
correspond to service class UUIDs which are allowed to utilize Level 0."
Based on that I do think the s/SDP/NONE/ rename could make sense and
would be applicable to LE which uses a fixed CID. However in that case
there wouldn't really be any practical difference between NONE and LOW
for LE. MEDIUM would still map unauthenticated and HIGH to authenticated.
Johan
^ permalink raw reply [flat|nested] 3+ messages in thread