Linux bluetooth development
 help / color / mirror / Atom feed
From: Johan Hedberg <johan.hedberg@gmail.com>
To: Waldemar.Rymarkiewicz@tieto.com
Cc: hadess@hadess.net, linux-bluetooth@vger.kernel.org,
	par-gunnar.p.hjalmdahl@stericsson.com,
	joakim.xj.ceder@stericsson.com, arunkr.singh@stericsson.com
Subject: Re: [PATCH] BT_SECURITY_HIGH requires 16 digit pin code
Date: Fri, 27 Aug 2010 23:11:32 +0300	[thread overview]
Message-ID: <20100827201132.GA14223@jh-x301> (raw)
In-Reply-To: <99B09243E1A5DA4898CDD8B7001114480976E15A78@EXMB04.eu.tieto.com>

Hi Waldek,

On Fri, Aug 27, 2010, Waldemar.Rymarkiewicz@tieto.com wrote:
> However, I would appreciate any comments to the changes as I'm not
> sure what was originally assumed for the high security level.

Your assumptions were more or less correct. Additionally there should be
the check for encryption key size (to fulfill SAP requirements), though
that'd require at least a 3.0 capable controller if for the standardized
HCI command.

> What's more, I'am not happy that the link key request and the pin code
> request are handled in bluez. It makes that bluez need to pass it to
> the kernel as it's needed there. I used ioctl for that. Some comments
> on this?

I'm not happy with it either. In fact, the arbitrary split of security
logic between kernel and userspace has caused us lots of grief,
especially with SSP. Because of this, the plan for BlueZ 5.x is to move
most security related logic to the kernel side. The only thing remaining
in userspace is security policy requiring user interaction (e.g.
answering user confirmation requests) and persistent link key storage
(runtime storage will be added to the kernel side). The promiscuous HCI
socket will go away from bluetoothd so the daemon doesn't always wake up
when there's some HCI traffic.

To make all this possible we're designing a new protocol between kernel
and userspace. Hopefully we'll get the first bits, at least a
preliminary specification, upstream within the next month or so. Because
of this I'm wondering if the new ioctl that you're adding is really
worth it. Maybe we should just wait for BlueZ 5.x with this. That'd also
give us the possibility of adding a new parameter to
Agent.RequestPinCode since we need to break the agent API anyway (e.g.
add an incoming just-works pairing callback).

Johan

  reply	other threads:[~2010-08-27 20:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-27 11:45 [PATCH] BT_SECURITY_HIGH requires 16 digit pin code Waldemar Rymarkiewicz
2010-08-27 12:12 ` Bastien Nocera
2010-08-27 12:26   ` Waldemar.Rymarkiewicz
2010-08-27 12:32     ` Bastien Nocera
2010-08-27 12:45     ` Johan Hedberg
2010-08-27 13:32       ` Waldemar.Rymarkiewicz
2010-08-27 20:11         ` Johan Hedberg [this message]
2010-09-02 13:27       ` Waldemar.Rymarkiewicz
2010-09-02 13:51         ` Johan Hedberg
2010-09-02 15:30           ` Waldemar.Rymarkiewicz
2010-09-07  8:57           ` Waldemar.Rymarkiewicz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100827201132.GA14223@jh-x301 \
    --to=johan.hedberg@gmail.com \
    --cc=Waldemar.Rymarkiewicz@tieto.com \
    --cc=arunkr.singh@stericsson.com \
    --cc=hadess@hadess.net \
    --cc=joakim.xj.ceder@stericsson.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=par-gunnar.p.hjalmdahl@stericsson.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox