Hi Martin,
>>>> I try to call printk (with priority KERN_ALERT) functions placed in the
>>>> net/bluetooth/smp.c file of my linux kernel 4.9.35 in order to get
>>>> output from specifc functions like:
>>>>
>>>> static int smp_cmd_public_key()
>>>>
>>>> But during a pairing with another bluetooth LE device the output of
>>>> these function is never shown in /var/log/kern.log
>>>>
>>>> Is there any way to verify, that the LE Controller accesses the Security
>>>> Manager Protocol source code the Linux Kernel?
>>>>
>>>> As far as I understood the Core Specification, in BT 4.0 an above the
>>>> Security Manager is always integrated in the Link Manager, when it comes
>>>> to BR/EDR. But for LE the SM is integrated in the Host part and not the
>>>> Controller. Thus LE Controller should access the smp.c in the Linux kernel.
>>>
>>> just run btmon and you see all the security manager exchanges.
>>>
>>> Regards
>>>
>>> Marcel
>>>
>> Hi Marcel,
>> I tested it, and I saw some basic SMP messages, like:
>>
>> Sent Pairing Request: Bonding, MITM, Initiator Key(s): LTK CSRK ,
>> Responder Key(s): LTK IRK CSRK
>>
>> I get a response and a confirmation of the pairing afterwards, but I
>> don't see the key exchange, or the messages from Authentication Stage 1
>> or 2.
>>
>> Is there any way to log parts of the smp.c functions into kern.log?
>
> just send the file created via "btmon -w trace.log" and I can tell you what is going on here. My guess is that you do not have LE SC enabled. That means legacy pairing is happening which does not using public key exchange.
< ACL Data TX: Handle 3585 flags 0x00 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: DisplayYesNo (0x01)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
Max encryption key size: 16
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, Legacy, No Keypresses (0x01)
Max encryption key size: 16
Initiator key distribution: Sign (0x04)
Responder key distribution: EncKey IdKey (0x03)
So while your Linux side supports LE SC, your remote side only supports legacy pairing. Which means no public key exchange will happen,
The LTK information is distributed instead of locally derived as with LE SC that uses ECDH.
> ACL Data RX: Handle 3585 flags 0x02 dlen 21
SMP: Encryption Information (0x06) len 16
Long term key: 8eb620e0cf2f490b9a174777d45c57b3
> ACL Data RX: Handle 3585 flags 0x02 dlen 15
SMP: Master Identification (0x07) len 10
EDIV: 0x4be8
Rand: 0xf9cd7eb564bf38b9
Btw. I have yet to see a LE HID device that uses LE SC.
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
