Re: Setting a static pin to allow pairing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Roy,

On Mon, Dec 18, 2017 at 2:24 PM, Roy Sigurd Karlsbakk <roy@xxxxxxxxxxxxx> wrote:
>>> I'm trying to setup a raspberry pi as a bluetooth host allowing pairing from a
>>> phone, but with a predefined pincode, and I can't find any docs on how to do
>>> this. I find some on how to do this interactively, but then, this isn't meant
>>> to be used like that, more like a "blackbox". I've tried to google this quite a
>>> bit and reading the docs, but I can't find much. Any idea how to do this?
>>
>> With SSP, introduced in Bluetooth 2.1, there is no longer a need to
>> have predefined pincode. In case that you don't have any means to
>> confirm you should be able to use "NoInputNoOutput", you can check how
>> this is done in bluetoothctl:
>
> Perhaps I'm overseeing something, but I don't quite understand how SSP will help. I'm more concerned about unauthorized bluetooth clients pairing with this than MITM-attacks. I want pairing to be fairly simple, but I need a way to identify the client.

Authorization is a separate concept, usually services will require
certain security level which when not met may cause the pairing
process to kick in, authorization may happen regardless of that if the
device is not trusted. In other words, Paired property tells if the
device if the device has been authenticated and a link-key exists and
Trusted tell if the device can connect without being authorized by the
agent, the 2 properties acts completely independent.

For instance, this is how we handle authorization in bluetoothctl:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/client/agent.c#n242

Note that RequestAuthorization is for authorizing a new pairing not a
new connection, which is done by AuthorizeService:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n161
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n174

In both cases the device object is given so you can identify who is
pairing/connecting.

-- 
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux