If there is no ServiceData there is no valid provisioning data for
PB-GATT
---
mesh/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mesh/main.c b/mesh/main.c
index b06f4352a..2289d7d10 100644
--- a/mesh/main.c
+++ b/mesh/main.c
@@ -503,7 +503,7 @@ static bool parse_service_data(GDBusProxy *proxy, const char *target_uuid,
}
if (!g_dbus_proxy_get_property(proxy, "ServiceData", &iter))
- return true;
+ return false;
if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
return false;
--
2.11.0
This is a good fix and should be accepted.
> -----Original Message-----
> From: [email protected] [mailto:linux-bluetooth-
> [email protected]] On Behalf Of Gix, Brian
> Sent: Thursday, August 31, 2017 4:12 PM
> To: Lukasz Rymanowski <[email protected]>; linux-
> [email protected]
> Subject: RE: [PATCH BlueZ 1/3] mesh: Fix for handling unprovisioned device
>
> An unprovisioned device that does not advertise the ServiceData for an
> Unprovisioned Mesh Device does not comply with the specification. The
> Service Data is the required method for an unprovisioned device to be
> recognized.
>
> > -----Original Message-----
> > From: [email protected] [mailto:linux-bluetooth-
> > [email protected]] On Behalf Of Lukasz Rymanowski
> > Sent: Thursday, August 31, 2017 3:13 AM
> > To: [email protected]
> > Cc: ?ukasz Rymanowski <[email protected]>
> > Subject: [PATCH BlueZ 1/3] mesh: Fix for handling unprovisioned device
> >
> > If there is no ServiceData there is no valid provisioning data for
> > PB-GATT
> > ---
> > mesh/main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/mesh/main.c b/mesh/main.c index b06f4352a..2289d7d10
> > 100644
> > --- a/mesh/main.c
> > +++ b/mesh/main.c
> > @@ -503,7 +503,7 @@ static bool parse_service_data(GDBusProxy *proxy,
> > const char *target_uuid,
> > }
> >
> > if (!g_dbus_proxy_get_property(proxy, "ServiceData", &iter))
> > - return true;
> > + return false;
> >
> > if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
> > return false;
> > --
> > 2.11.0
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe
> > linux-bluetooth" in the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected] More majordomo
> info at http://vger.kernel.org/majordomo-info.html
An unprovisioned device that does not advertise the ServiceData for an Unprovisioned Mesh Device does not comply with the specification. The Service Data is the required method for an unprovisioned device to be recognized.
> -----Original Message-----
> From: [email protected] [mailto:linux-bluetooth-
> [email protected]] On Behalf Of Lukasz Rymanowski
> Sent: Thursday, August 31, 2017 3:13 AM
> To: [email protected]
> Cc: ?ukasz Rymanowski <[email protected]>
> Subject: [PATCH BlueZ 1/3] mesh: Fix for handling unprovisioned device
>
> If there is no ServiceData there is no valid provisioning data for PB-GATT
> ---
> mesh/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mesh/main.c b/mesh/main.c
> index b06f4352a..2289d7d10 100644
> --- a/mesh/main.c
> +++ b/mesh/main.c
> @@ -503,7 +503,7 @@ static bool parse_service_data(GDBusProxy *proxy,
> const char *target_uuid,
> }
>
> if (!g_dbus_proxy_get_property(proxy, "ServiceData", &iter))
> - return true;
> + return false;
>
> if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
> return false;
> --
> 2.11.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected] More majordomo
> info at http://vger.kernel.org/majordomo-info.html
It would be an extremely bad idea to set the default Mesh Security to LOW.
If anything, the default security should be raised to HIGH.
We set it to Medium initially to aid in testability, however, we can show that any mesh that *ever* provisioned even a single node with LOW or MEDIUM security will be permanently compromised.
There is a white paper currently being written in the Mesh Working group which discusses this issue in detail, but the gist of the problem is that it is Extremely Simple to design a Man-in-the-Middle attack which will expose the entire Network Key, the Device Key, and all shared Application keys to any device provisioned with LOW security.
It is not much more difficult to compromise MEDIUM security if the only OOB material is a value between 0-9.
While I believe LOW security does have purpose for manufacturer device testing (to test and validate encryption algorithms) we must be extremely careful that it is never release "In the Wild".
I had honestly intended to change this to HIGH before making the initial push of this code... and leave it up to developers to *temporarily* lower the security level for short term testing on an as-needed basis. Because even MEDIUM is a security compromise we cannot risk for this technology.
I will in fact shortly send a patch to increase the default security level to HIGH.
Please note that this is 100% different from standard point-to-point Bluetooth. In Point-to-Point relationships, a compromised LTK (Long Term Key) requires a simple re-pairing. In Mesh, every single node in the mesh must be reprovisioned.
> -----Original Message-----
> From: [email protected] [mailto:linux-bluetooth-
> [email protected]] On Behalf Of Lukasz Rymanowski
> Sent: Thursday, August 31, 2017 3:13 AM
> To: [email protected]
> Cc: ?ukasz Rymanowski <[email protected]>
> Subject: [PATCH BlueZ 3/3] mesh: Use security low as default
>
> ---
> mesh/prov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mesh/prov.c b/mesh/prov.c
> index 32785dda1..964259cd0 100644
> --- a/mesh/prov.c
> +++ b/mesh/prov.c
> @@ -57,7 +57,7 @@
> #define MESH_PROV_SEC_LOW 0
>
> /* For Deployment, Security levels below HIGH are *not* recomended */
> -#define mesh_gatt_prov_security() MESH_PROV_SEC_MED
> +#define mesh_gatt_prov_security() MESH_PROV_SEC_LOW
>
> #define PROV_INVITE 0x00
> #define PROV_CAPS 0x01
> --
> 2.11.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected] More majordomo
> info at http://vger.kernel.org/majordomo-info.html
---
mesh/prov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mesh/prov.c b/mesh/prov.c
index 32785dda1..964259cd0 100644
--- a/mesh/prov.c
+++ b/mesh/prov.c
@@ -57,7 +57,7 @@
#define MESH_PROV_SEC_LOW 0
/* For Deployment, Security levels below HIGH are *not* recomended */
-#define mesh_gatt_prov_security() MESH_PROV_SEC_MED
+#define mesh_gatt_prov_security() MESH_PROV_SEC_LOW
#define PROV_INVITE 0x00
#define PROV_CAPS 0x01
--
2.11.0
---
mesh/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mesh/main.c b/mesh/main.c
index 2289d7d10..ecf324e15 100644
--- a/mesh/main.c
+++ b/mesh/main.c
@@ -718,7 +718,7 @@ static void update_device_info(GDBusProxy *proxy)
dev = find_device_by_uuid(adapter->mesh_devices,
prov_data.dev_uuid);
- /* Display provisioning service once per sicovery session */
+ /* Display provisioning service once per discovery session */
if (discovering && (!dev || !dev->hide))
print_prov_service(&prov_data);
--
2.11.0
Hi Łukasz,
On Thu, Aug 31, 2017, Łukasz Rymanowski wrote:
> If there is no ServiceData there is no valid provisioning data for
> PB-GATT
> ---
> mesh/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
I've applied patches 1 and 2 from this set. Thanks.
Johan