Hi Roy, On Mon, Dec 18, 2017 at 2:24 PM, Roy Sigurd Karlsbakk <roy@xxxxxxxxxxxxx> wrote: >>> I'm trying to setup a raspberry pi as a bluetooth host allowing pairing from a >>> phone, but with a predefined pincode, and I can't find any docs on how to do >>> this. I find some on how to do this interactively, but then, this isn't meant >>> to be used like that, more like a "blackbox". I've tried to google this quite a >>> bit and reading the docs, but I can't find much. Any idea how to do this? >> >> With SSP, introduced in Bluetooth 2.1, there is no longer a need to >> have predefined pincode. In case that you don't have any means to >> confirm you should be able to use "NoInputNoOutput", you can check how >> this is done in bluetoothctl: > > Perhaps I'm overseeing something, but I don't quite understand how SSP will help. I'm more concerned about unauthorized bluetooth clients pairing with this than MITM-attacks. I want pairing to be fairly simple, but I need a way to identify the client. Authorization is a separate concept, usually services will require certain security level which when not met may cause the pairing process to kick in, authorization may happen regardless of that if the device is not trusted. In other words, Paired property tells if the device if the device has been authenticated and a link-key exists and Trusted tell if the device can connect without being authorized by the agent, the 2 properties acts completely independent. For instance, this is how we handle authorization in bluetoothctl: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/client/agent.c#n242 Note that RequestAuthorization is for authorizing a new pairing not a new connection, which is done by AuthorizeService: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n161 https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n174 In both cases the device object is given so you can identify who is pairing/connecting. -- Luiz Augusto von Dentz -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
