[PATCH net-next v3] net: nfc: nci: Increase NCI_DATA

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
@ 2025-09-02 11:36 Juraj Šarinay
  2025-09-02 12:19 ` Krzysztof Kozlowski
  2025-09-04  0:30 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Juraj Šarinay @ 2025-09-02 11:36 UTC (permalink / raw)
  To: netdev
  Cc: Juraj Šarinay, krzk, linux-kernel, davem, edumazet, kuba,
	pabeni, horms, mingo, tglx

An exchange with a NFC target must complete within NCI_DATA_TIMEOUT.
A delay of 700 ms is not sufficient for cryptographic operations on smart
cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH
or 3072-bit RSA. To prevent brute-force attacks, passports and similar
documents introduce even longer delays into access control protocols
(BAC/PACE).

The timeout should be higher, but not too much. The expiration allows
us to detect that a NFC target has disappeared.

Signed-off-by: Juraj Šarinay <juraj@sarinay.com>
---
v3:
  - introduce no parameter and raise the timeout unconditionally
v2: https://lore.kernel.org/netdev/20250825234354.855755-1-juraj@sarinay.com/
  - export nci_data_timeout to survive make allmodconfig
v1: https://lore.kernel.org/netdev/20250825134644.135448-1-juraj@sarinay.com/

 include/net/nfc/nci_core.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h
index e180bdf2f82b..664d5058e66e 100644
--- a/include/net/nfc/nci_core.h
+++ b/include/net/nfc/nci_core.h
@@ -52,7 +52,7 @@ enum nci_state {
 #define NCI_RF_DISC_SELECT_TIMEOUT		5000
 #define NCI_RF_DEACTIVATE_TIMEOUT		30000
 #define NCI_CMD_TIMEOUT				5000
-#define NCI_DATA_TIMEOUT			700
+#define NCI_DATA_TIMEOUT			3000
 
 struct nci_dev;
 
-- 
2.47.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
  2025-09-02 11:36 [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Juraj Šarinay
@ 2025-09-02 12:19 ` Krzysztof Kozlowski
  2025-09-04  0:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Krzysztof Kozlowski @ 2025-09-02 12:19 UTC (permalink / raw)
  To: Juraj Šarinay, netdev
  Cc: linux-kernel, davem, edumazet, kuba, pabeni, horms, mingo, tglx

On 02/09/2025 13:36, Juraj Šarinay wrote:
> An exchange with a NFC target must complete within NCI_DATA_TIMEOUT.
> A delay of 700 ms is not sufficient for cryptographic operations on smart
> cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH
> or 3072-bit RSA. To prevent brute-force attacks, passports and similar
> documents introduce even longer delays into access control protocols
> (BAC/PACE).
> 
> The timeout should be higher, but not too much. The expiration allows
> us to detect that a NFC target has disappeared.
> 
> Signed-off-by: Juraj Šarinay <juraj@sarinay.com>
> ---
> v3:

Thanks!

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>

Best regards,
Krzysztof

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
  2025-09-02 11:36 [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Juraj Šarinay
  2025-09-02 12:19 ` Krzysztof Kozlowski
@ 2025-09-04  0:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-09-04  0:30 UTC (permalink / raw)
  To: =?utf-8?q?Juraj_=C5=A0arinay_=3Cjuraj=40sarinay=2Ecom=3E?=
  Cc: netdev, krzk, linux-kernel, davem, edumazet, kuba, pabeni, horms,
	mingo, tglx

Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue,  2 Sep 2025 13:36:28 +0200 you wrote:
> An exchange with a NFC target must complete within NCI_DATA_TIMEOUT.
> A delay of 700 ms is not sufficient for cryptographic operations on smart
> cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH
> or 3072-bit RSA. To prevent brute-force attacks, passports and similar
> documents introduce even longer delays into access control protocols
> (BAC/PACE).
> 
> [...]

Here is the summary with links:
  - [net-next,v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
    https://git.kernel.org/netdev/net-next/c/21f82062d0f2

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-09-04  0:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-02 11:36 [PATCH net-next v3] net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Juraj Šarinay
2025-09-02 12:19 ` Krzysztof Kozlowski
2025-09-04  0:30 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).