[PATCH] pre-shared passcode: secure pairing for "no keyboard, no display" devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

Currently, "no keyboard, no display" devices can be paired, but
pairing is not secure against active attacker.

Can we do better? Not for the first pairing; but for the next ones --
yes, I believe we can.

BLE device in this case has internal storage, and Linux running
there. From factory, random 6-digit number is stored in the
flash. Legitimate user knows the number, and system is manipulated so
that pairing passkey will be this pre-shared passkey. After pairing,
user is allowed to change it.

[Or maybe passkey is 000000 from the factory; this is still win for
the user, as long as he can change the key to something random in a
secure cave.]

Fortunately, kernel support for this is rather easy; patch is attached
below.

Does someone see a security issue with proposal above?

What would be suitable interface for setting pre-shared passkey?
Module parameter is really easy.

Signed-off-by: Pavel Machek <pavel@xxxxxxx>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 621146d..7a2b06595 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2674,6 +2674,11 @@ static u8 sc_select_method(struct smp_chan *smp)
 	return method;
 }
 
+static int preshared_passkey = -1;
+
+module_param(preshared_passkey, int, 0600);
+MODULE_PARM_DESC(preshared_passkey, "Preshared passkey for device w/o keyboard or display");
+
 static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
 {
 	struct smp_cmd_public_key *key = (void *) skb->data;
@@ -2752,9 +2757,11 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
 		set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
 
 	if (smp->method == DSP_PASSKEY) {
 		get_random_bytes(&hcon->passkey_notify,
 				 sizeof(hcon->passkey_notify));
+		if (preshared_passkey != -1)
+			hcon->passkey_notify = preshared_passkey;
 		hcon->passkey_notify %= 1000000;
 		hcon->passkey_entered = 0;
 		smp->passkey_round = 0;
 		if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,




-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux