From: Pavel Machek <pavel@ucw.cz>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
linux-bluetooth@vger.kernel.org,
kernel list <linux-kernel@vger.kernel.org>
Subject: [PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices
Date: Wed, 13 Feb 2019 23:48:59 +0100 [thread overview]
Message-ID: <20190213224859.GA7151@amd> (raw)
[-- Attachment #1: Type: text/plain, Size: 2180 bytes --]
Hi!
Currently, "no keyboard, no display" devices can be paired, but
pairing is not secure against active attacker.
Can we do better? Not for the first pairing; but for the next ones --
yes, I believe we can.
BLE device in this case has internal storage, and Linux running
there. From factory, random 6-digit number is stored in the
flash. Legitimate user knows the number, and system is manipulated so
that pairing passkey will be this pre-shared passkey. After pairing,
user is allowed to change it.
[Or maybe passkey is 000000 from the factory; this is still win for
the user, as long as he can change the key to something random in a
secure cave.]
Fortunately, kernel support for this is rather easy; patch is attached
below.
Does someone see a security issue with proposal above?
What would be suitable interface for setting pre-shared passkey?
Module parameter is really easy.
Signed-off-by: Pavel Machek <pavel@denx.de>
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 621146d..7a2b06595 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2674,6 +2674,11 @@ static u8 sc_select_method(struct smp_chan *smp)
return method;
}
+static int preshared_passkey = -1;
+
+module_param(preshared_passkey, int, 0600);
+MODULE_PARM_DESC(preshared_passkey, "Preshared passkey for device w/o keyboard or display");
+
static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
{
struct smp_cmd_public_key *key = (void *) skb->data;
@@ -2752,9 +2757,11 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
if (smp->method == DSP_PASSKEY) {
get_random_bytes(&hcon->passkey_notify,
sizeof(hcon->passkey_notify));
+ if (preshared_passkey != -1)
+ hcon->passkey_notify = preshared_passkey;
hcon->passkey_notify %= 1000000;
hcon->passkey_entered = 0;
smp->passkey_round = 0;
if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next reply other threads:[~2019-02-13 22:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 22:48 Pavel Machek [this message]
2019-02-14 15:27 ` [PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices Emil Lenngren
2019-02-15 11:46 ` Pavel Machek
2019-02-15 12:21 ` Emil Lenngren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213224859.GA7151@amd \
--to=pavel@ucw.cz \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox