Hi Brian,
Sorry if these comments appear so late in this series life.
On 13:53 Wed 16 Nov, Brian Gix wrote:
> Some MITM scenarios require handling of the User Passkey Request event,
> by querying the user, and passing the response back.
>
> Signed-off-by: Brian Gix <bgix@xxxxxxxxxxxxxx>
> ---
> include/net/bluetooth/hci_core.h | 5 +++
> net/bluetooth/hci_event.c | 58 ++++++++++++++++++++++++++++++++++++++
> 2 files changed, 63 insertions(+), 0 deletions(-)
>
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 1795257..e7b2e25 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -933,6 +933,11 @@ int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
> u8 status);
> int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
> bdaddr_t *bdaddr, u8 status);
> +int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr);
> +int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
> + u8 status);
> +int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
> + bdaddr_t *bdaddr, u8 status);
> int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status);
> int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status);
> int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index dfe6fbc..980da08 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -931,6 +931,37 @@ static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
> hci_dev_unlock(hdev);
> }
>
> +static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
> +{
> + struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
> +
> + BT_DBG("%s status 0x%x", hdev->name, rp->status);
> +
> + hci_dev_lock(hdev);
> +
> + if (test_bit(HCI_MGMT, &hdev->flags))
> + mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
> + rp->status);
I was with the impression that the check for the MGMT bit was being
ignored on purpose on newer code, because mgmt is going to be the
default some time in the (near) future and if there's no one listening
for those events the overhead should be minimal. Can anyone confirm this
impression?
> +
> + hci_dev_unlock(hdev);
> +}
> +
> +static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
> + struct sk_buff *skb)
> +{
> + struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
> +
> + BT_DBG("%s status 0x%x", hdev->name, rp->status);
> +
> + hci_dev_lock(hdev);
> +
> + if (test_bit(HCI_MGMT, &hdev->flags))
> + mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
> + rp->status);
> +
> + hci_dev_unlock(hdev);
> +}
> +
> static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
> struct sk_buff *skb)
> {
> @@ -2015,6 +2046,14 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
> hci_cc_user_confirm_neg_reply(hdev, skb);
> break;
>
> + case HCI_OP_USER_PASSKEY_REPLY:
> + hci_cc_user_passkey_reply(hdev, skb);
> + break;
> +
> + case HCI_OP_USER_PASSKEY_NEG_REPLY:
> + hci_cc_user_passkey_neg_reply(hdev, skb);
> + break;
> +
> case HCI_OP_LE_SET_SCAN_ENABLE:
> hci_cc_le_set_scan_enable(hdev, skb);
> break;
> @@ -2774,6 +2813,21 @@ unlock:
> hci_dev_unlock(hdev);
> }
>
> +static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
> + struct sk_buff *skb)
> +{
> + struct hci_ev_user_passkey_req *ev = (void *) skb->data;
> +
> + BT_DBG("%s", hdev->name);
> +
> + hci_dev_lock(hdev);
> +
> + if (test_bit(HCI_MGMT, &hdev->flags))
> + mgmt_user_passkey_request(hdev, &ev->bdaddr);
> +
> + hci_dev_unlock(hdev);
> +}
> +
> static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
> {
> struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
> @@ -3113,6 +3167,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
> hci_user_confirm_request_evt(hdev, skb);
> break;
>
> + case HCI_EV_USER_PASSKEY_REQUEST:
> + hci_user_passkey_request_evt(hdev, skb);
> + break;
> +
> case HCI_EV_SIMPLE_PAIR_COMPLETE:
> hci_simple_pair_complete_evt(hdev, skb);
> break;
> --
> 1.7.7.2
>
> --
> Brian Gix
> bgix@xxxxxxxxxxxxxx
> Employee of Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Vinicius
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
