Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6093196ybv; Wed, 12 Feb 2020 05:58:58 -0800 (PST) X-Google-Smtp-Source: APXvYqxsGrP6QrHuRoh50Y6qmcDGMTuLr7maelydULGUIjvvZK2ez/AWnAHGFyIKYs8ZlqLLR1a2 X-Received: by 2002:aca:ad11:: with SMTP id w17mr6389310oie.85.1581515938631; Wed, 12 Feb 2020 05:58:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581515938; cv=none; d=google.com; s=arc-20160816; b=Vmjyy+knE6RK3E0gm2DPe5tF9v8clc0n9LwsjGLMwrYUeZhQcefXz2K2XYezFy3O82 91siZIVIXWv/WAlw+I3ZGrDVjNA9pCmD3k93TUngYHsI6P8bj8n7k9o/PWixlcxfovTF aWpP42L1wQneOzxdaARkYDU6ZhatJtP/t/9QHVXqGB2/DwiXu1bU0AFHAGzQ06TVU4Im etwObaQuM2yADuKH4ngZc6jpePBX/oJy3YueiGwvSQqiXLuFePVRWe7qmIF44ku43jeb qUSmgiao4x+f7sXEkHOQntyda9rsJ2ZZfW8cIxUHpFFGewDmu3yVJqlxlcb0ewmRMnNI O6EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=6EXWdJKBMXTZ1wgjEOeROfMvD3aPeZvry3+qKMj07qA=; b=K56yqR2KUvXvbmWH/+GSK9uQYI4/ntZoqeFgtt52BXFxSbJM0ij08cZUY79HRf1hv+ xHlc4RrXjqKZ9v+E8Lz07AU0kLOFJnWmZKNwSLjdSBuEb0656RUINH/0Q7lEgCpIv3p+ Ro3fTDjF8e19OGXwps1gLrmj2FYI2ILt8/WnKZjuFWZyS5N+Btvt+YAbImHKlayIt1cj 0Dzmpc9eqb24xdsq8s1F6v41351UniB3OLYesDkrH8xzLw35yuFwYw0dZWFBdPlA7qt+ JHwWj+XLbN8kgEwCvlYbePwKuBZ58o5Qnw7Hop/BW1AcOsy2kIB0Hz4nHIJD7WQ6XkGV srSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LbtBB7W+; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a3si262079otk.234.2020.02.12.05.58.37; Wed, 12 Feb 2020 05:58:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LbtBB7W+; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727781AbgBLN6e (ORCPT + 99 others); Wed, 12 Feb 2020 08:58:34 -0500 Received: from mail-ot1-f65.google.com ([209.85.210.65]:39501 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727732AbgBLN6d (ORCPT ); Wed, 12 Feb 2020 08:58:33 -0500 Received: by mail-ot1-f65.google.com with SMTP id 77so1967817oty.6 for ; Wed, 12 Feb 2020 05:58:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6EXWdJKBMXTZ1wgjEOeROfMvD3aPeZvry3+qKMj07qA=; b=LbtBB7W+NJDww+QDfZ7+i7YP7nPlsC7J7FTfQBi/BMhu/ZVettQHuum0mIq2bh9WCl zfbeutBqSMYLHddtBh6plJARpTUESH7z6zZo2k+EeHuKVpTH0qhvaEClwj2zphTjKEH6 SLquKWZh5+35IFVsGh8VPuuulC0TQJ5pLN1QaXvS5XvzpxMzu6YlRT2+OUqUkDDLNNZr 6jV2csjAo/V5KqKU8WLKe9d2dPxVYVXoHncZ8rr4ba6JPAGBVHl31Hk3MEYOHtoK6oMm s7jUaf/OmdOKFcLjlbpbTH3NwQ1GMVgdV5MdgRI7zjldOuIUdIvtTh7jWWcWGOkzwUSf Z52Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6EXWdJKBMXTZ1wgjEOeROfMvD3aPeZvry3+qKMj07qA=; b=VoU4Q1FGrHvNKsvzTYBRSwOMNFeultXE2xsLY9ks+bUl4tfG8P3v+/fdvhhGJB5rxP tpRsqh2gLVlk5rP390KUK1M5lpYYoxYfA9/yUP6y6eTrAjizZVZXOxlvmzSAOxX/Wgsy GuhTK/otv1002+e4k6aE9c8VtSmkaFfiQZOHzEZ9D5SL5lRbwiF8HJ2EbTaOGQb2QSkg 4oEe06aWWeVM3zbgzyAS0Jj2a+oNDf0LGdoN0aYPW3aEJtMLeFCOpY/aYCFlqdM5bKHF 995QBFSsuU7+G7mo2d1Xk5EqW/dTZXS/1wgrU79Btt9OLdF/0YRVtPYBHFxDIJWybbiz M1ng== X-Gm-Message-State: APjAAAV4mozv6bnCqzIAHnrgEGNa/8UwWh0UsaC2vLjYplKfNRscpTPz yo6+n2XLnDluG7iix0Vill1mS39whenB2c/BMh4= X-Received: by 2002:a9d:5786:: with SMTP id q6mr8973793oth.164.1581515913172; Wed, 12 Feb 2020 05:58:33 -0800 (PST) MIME-Version: 1.0 References: <20200212212729.Bluez.v2.1.I333a90ad3c75882c6f008c94a28ca7d3e8f6c76e@changeid> In-Reply-To: <20200212212729.Bluez.v2.1.I333a90ad3c75882c6f008c94a28ca7d3e8f6c76e@changeid> From: Emil Lenngren Date: Wed, 12 Feb 2020 14:58:22 +0100 Message-ID: Subject: Re: [Bluez PATCH v2] core: Add new policy for Just-Works repairing To: Howard Chung Cc: Bluez mailing list , luiz.von.dentz@intel.com, chromeos-bluetooth-upstreaming@chromium.org Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi, Den ons 12 feb. 2020 kl 14:30 skrev Howard Chung : > > From: "howardchung@google.com" > > When kernel find out that the incoming Just-Works pairing is > initiated by a paired device, it is user space's responsibility to > decide the next action. > > This patch includes the following: > - add JustWorksRepairing policy as an option in main.conf > - handle the confirmation request from kernel > > --- > The Just-Works repairing policy could be one of the following: > - never: default; reject the repairing immediately. > - confirm: prompt a confirmation dialog to user. > - always: always accept the repairing. > > Changes in v2: > - let RequestAuthorization handle the situation > - remove the changes in client/ > > src/agent.c | 16 ++++++++++++++++ > src/hcid.h | 8 ++++++++ > src/main.c | 27 +++++++++++++++++++++++++++ > src/main.conf | 5 +++++ > 4 files changed, 56 insertions(+) > > diff --git a/src/agent.c b/src/agent.c > index e0ffcd22f..e013ec85f 100644 > --- a/src/agent.c > +++ b/src/agent.c > @@ -773,12 +773,28 @@ int agent_request_authorization(struct agent *agent, struct btd_device *device, > GDestroyNotify destroy) > { > struct agent_request *req; > + DBusError dbus_err; > int err; > > err = agent_has_request(agent, device, AGENT_REQUEST_AUTHORIZATION); > if (err) > return err; > > + /* Just-Works repairing policy */ > + if (device_is_paired(device, BDADDR_BREDR) || > + device_is_paired(device, BDADDR_LE_PUBLIC)) { > + if (main_opts.jw_repairing == JW_REPAIRING_NEVER) { > + dbus_error_init(&dbus_err); > + dbus_set_error_const(&dbus_err, > + ERROR_INTERFACE ".Rejected", NULL); > + cb(agent, &dbus_err, user_data); > + return 0; > + } else if (main_opts.jw_repairing == JW_REPAIRING_ALWAYS) { > + cb(agent, NULL, user_data); > + return 0; > + } > + } > + > DBG("Calling Agent.RequestAuthorization: name=%s, path=%s", > agent->owner, agent->path); > > diff --git a/src/hcid.h b/src/hcid.h > index adea85ce2..bcd2b9fa1 100644 > --- a/src/hcid.h > +++ b/src/hcid.h > @@ -35,6 +35,12 @@ typedef enum { > BT_GATT_CACHE_NO, > } bt_gatt_cache_t; > > +enum { > + JW_REPAIRING_NEVER, > + JW_REPAIRING_CONFIRM, > + JW_REPAIRING_ALWAYS, > +} jw_repairing_t; > + > struct main_opts { > char *name; > uint32_t class; > @@ -58,6 +64,8 @@ struct main_opts { > uint16_t gatt_mtu; > > uint8_t key_size; > + > + jw_repairing_t jw_repairing; > }; > > extern struct main_opts main_opts; > diff --git a/src/main.c b/src/main.c > index 1a6ab36a3..d67f469f1 100644 > --- a/src/main.c > +++ b/src/main.c > @@ -93,6 +93,7 @@ static const char *supported_options[] = { > "MultiProfile", > "FastConnectable", > "Privacy", > + "JustWorksRepairing", > NULL > }; > > @@ -193,6 +194,20 @@ static bt_gatt_cache_t parse_gatt_cache(const char *cache) > } > } > > +static jw_repairing_t parse_jw_repairing(const char *jw_repairing) > +{ > + if (!strcmp(jw_repairing, "never")) { > + return JW_REPAIRING_NEVER; > + } else if (!strcmp(jw_repairing, "confirm")) { > + return JW_REPAIRING_CONFIRM; > + } else if (!strcmp(jw_repairing, "always")) { > + return JW_REPAIRING_ALWAYS; > + } else { > + return JW_REPAIRING_NEVER; > + } > +} > + > + > static void check_options(GKeyFile *config, const char *group, > const char **options) > { > @@ -331,6 +346,18 @@ static void parse_config(GKeyFile *config) > g_free(str); > } > > + str = g_key_file_get_string(config, "General", > + "JustWorksRepairing", &err); > + if (err) { > + DBG("%s", err->message); > + g_clear_error(&err); > + main_opts.jw_repairing = JW_REPAIRING_NEVER; > + } else { > + DBG("just_works_repairing=%s", str); > + main_opts.jw_repairing = parse_jw_repairing(str); > + g_free(str); > + } > + > str = g_key_file_get_string(config, "General", "Name", &err); > if (err) { > DBG("%s", err->message); > diff --git a/src/main.conf b/src/main.conf > index 40687a755..bb5ff5b15 100644 > --- a/src/main.conf > +++ b/src/main.conf > @@ -72,6 +72,11 @@ > # Defaults to "off" > # Privacy = off > > +# Specify the policy to the JUST-WORKS repairing initiated by peer > +# Possible values: "never", "confirm", "always" > +# Defaults to "never" > +#JustWorksRepairing = never > + > [GATT] > # GATT attribute cache. > # Possible values: > -- > 2.25.0.225.g125e21ebc7-goog > I haven't looked much into this, but have a question. What happens by default currently when we have an already bonded device previously paired using some MITM-protected mechanism, and suddenly wants to re-bond using a less secure mechanism (Just Works)? In my opinion denying this should obviously be the default in case no agent is available, compared to if pairing a new device then the default should be accept. /Emil