Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6493194ybv; Wed, 12 Feb 2020 13:22:42 -0800 (PST) X-Google-Smtp-Source: APXvYqytOQxvQey9jLwT4hpdSa0tYHOaYI4muOeKCaswuv3VIdblp2UdR8aMm14V0DDQvCSi2m8M X-Received: by 2002:a54:450f:: with SMTP id l15mr808607oil.126.1581542562203; Wed, 12 Feb 2020 13:22:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581542562; cv=none; d=google.com; s=arc-20160816; b=r8cjg/kOp3nCUkIW8hAtQb9S8bAuS1lUxjDvooia9gN4LUeq249Jnij2I+GtdMyZjW 33mRW2if+ZPGG6BXMxoAHtK05ywHpNdQl40MTfmFCAh2O9/9yXIuRAL0olfelqAPNBmP acTsMH+LSVvgOCV/UFDeJwoLl9e1n594bG+pzT22qJacJ6dlZnYn4uYW3ps2OOeb+EI5 jo1xF9Ao3vHKsrn69zHx7LQ6WWTi8zKtIFFDBTYXAIaaopCnvGv7dK7z3/asYyiKwMHo 7vX7XlhJoT/vIF+uMgwLE4AgHteEL1vQWLAj/RChciOaIYV8JsYY9tjcpD+cYtuEBlin TYvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=RwpCBGUid+4H1vqyVrJdgWk8xEuaKpkoA1Bmvp3YEL4=; b=ggL1dPXAz2mHfM5jsfXz4470HuO6s506lUM9nleKqiQdzkaNleMkzD1mapzX2S8WWJ cqj9FTTzcnDHu3ClVDfyuTS8j2rMkzKvHifdi/+8yLUhhfAQDRfTkCVR391QnPU6E0dA VWwyhBF0vjdTa8dZgcFdUtsXfaOUk2DVVkEsv4c/3vSKamd40VuwX7YZBUT8Z1D7qJZq 5emfbD454ukUzfs18vGHuzA7i8Jes6X+YVwrXODYeE1NByKKpuh4f3EnmultK211MOJH eIrrgP8zVdADTqZy63xMD367kR7uJgLpAylphE3iOiXq8/EPst2QUHetgPJC13W+93n+ ZQ2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="K/mJu+Y3"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s20si18784otp.4.2020.02.12.13.22.29; Wed, 12 Feb 2020 13:22:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="K/mJu+Y3"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728674AbgBLVVp (ORCPT + 99 others); Wed, 12 Feb 2020 16:21:45 -0500 Received: from mail-ot1-f65.google.com ([209.85.210.65]:34701 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727548AbgBLVVp (ORCPT ); Wed, 12 Feb 2020 16:21:45 -0500 Received: by mail-ot1-f65.google.com with SMTP id j16so3460411otl.1 for ; Wed, 12 Feb 2020 13:21:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RwpCBGUid+4H1vqyVrJdgWk8xEuaKpkoA1Bmvp3YEL4=; b=K/mJu+Y39Tw1zfQmEiRhzW9vblwuVOlJCkoRuRmDm43UcvpghKX2LEoGLjk6b9bYD/ dyaD35ciJWAswQMsy4ZV1vojdSIarscmqLP1P1hoBkMNFEUqGXF2GZZJkDYJqQOPdLe/ jYJ8SNF9LbH69TUhpZxRPI7vpX/XdzTT6pS1jWjalpsSfJ2NktH5+t49athUzPJKe3ZM +PU+7wtwzC1n1TVW5t7dS7Bz0dpAnbcK2Xo1StoM3yMa1R6lV+T6QgePvjNkluFdukbE NG0yfS6PziSj1noN7oXaosDl72XFn2nw7NqNydoD7/VBRazA+6Fa353MxRXDvJ8YutJ6 6Jfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RwpCBGUid+4H1vqyVrJdgWk8xEuaKpkoA1Bmvp3YEL4=; b=GRgvuVOy766sMk2etO6Q2UVPhhWdiXReRsLvP/nvnSVy6Kfvxgl3BylZ4l1pmNAonL 8g5CMOoYq8C/gnCqPgUWILjfxdEssAKfObZAs+AN8j7FDpz45nREwghcB1K60hHVYcob n8v2jNq0riJMLkH6sbPVjGtSKH0CtqLmutprB7IU/oyw1foNWbAOHL1bXuIAdt6e62Gi j/6XVqG55x/JQQ4w0anoVXubP0Y2WIht98tF0Do3z5VX0yYnhNUDbFxqbgya92H03hHj /glcDHjTDdgK9hfUsATlYTsZw1VUvE2CHfS5unoKlBJ6Efp47qKFLWmiYDpDqfjREdE8 TC6g== X-Gm-Message-State: APjAAAVNjjHCIt7ayC1zOp3GnmAog0OQ4mH4ihDbBWtpT4azUqtHEFUN RHoaXfvCBESXJCeE3sxjF2lJasVfqHUiEhM/fOE= X-Received: by 2002:a9d:3f4b:: with SMTP id m69mr10150545otc.146.1581542504544; Wed, 12 Feb 2020 13:21:44 -0800 (PST) MIME-Version: 1.0 References: <20200212212729.Bluez.v2.1.I333a90ad3c75882c6f008c94a28ca7d3e8f6c76e@changeid> In-Reply-To: From: Luiz Augusto von Dentz Date: Wed, 12 Feb 2020 13:21:33 -0800 Message-ID: Subject: Re: [Bluez PATCH v2] core: Add new policy for Just-Works repairing To: Emil Lenngren Cc: Howard Chung , Bluez mailing list , Luiz Augusto Von Dentz , chromeos-bluetooth-upstreaming@chromium.org Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Emil, On Wed, Feb 12, 2020 at 6:00 AM Emil Lenngren wrote: > > Hi, > > Den ons 12 feb. 2020 kl 14:30 skrev Howard Chung : > > > > From: "howardchung@google.com" > > > > When kernel find out that the incoming Just-Works pairing is > > initiated by a paired device, it is user space's responsibility to > > decide the next action. > > > > This patch includes the following: > > - add JustWorksRepairing policy as an option in main.conf > > - handle the confirmation request from kernel > > > > --- > > The Just-Works repairing policy could be one of the following: > > - never: default; reject the repairing immediately. > > - confirm: prompt a confirmation dialog to user. > > - always: always accept the repairing. > > > > Changes in v2: > > - let RequestAuthorization handle the situation > > - remove the changes in client/ > > > > src/agent.c | 16 ++++++++++++++++ > > src/hcid.h | 8 ++++++++ > > src/main.c | 27 +++++++++++++++++++++++++++ > > src/main.conf | 5 +++++ > > 4 files changed, 56 insertions(+) > > > > diff --git a/src/agent.c b/src/agent.c > > index e0ffcd22f..e013ec85f 100644 > > --- a/src/agent.c > > +++ b/src/agent.c > > @@ -773,12 +773,28 @@ int agent_request_authorization(struct agent *agent, struct btd_device *device, > > GDestroyNotify destroy) > > { > > struct agent_request *req; > > + DBusError dbus_err; > > int err; > > > > err = agent_has_request(agent, device, AGENT_REQUEST_AUTHORIZATION); > > if (err) > > return err; > > > > + /* Just-Works repairing policy */ > > + if (device_is_paired(device, BDADDR_BREDR) || > > + device_is_paired(device, BDADDR_LE_PUBLIC)) { > > + if (main_opts.jw_repairing == JW_REPAIRING_NEVER) { > > + dbus_error_init(&dbus_err); > > + dbus_set_error_const(&dbus_err, > > + ERROR_INTERFACE ".Rejected", NULL); > > + cb(agent, &dbus_err, user_data); > > + return 0; > > + } else if (main_opts.jw_repairing == JW_REPAIRING_ALWAYS) { > > + cb(agent, NULL, user_data); > > + return 0; > > + } > > + } > > + > > DBG("Calling Agent.RequestAuthorization: name=%s, path=%s", > > agent->owner, agent->path); > > > > diff --git a/src/hcid.h b/src/hcid.h > > index adea85ce2..bcd2b9fa1 100644 > > --- a/src/hcid.h > > +++ b/src/hcid.h > > @@ -35,6 +35,12 @@ typedef enum { > > BT_GATT_CACHE_NO, > > } bt_gatt_cache_t; > > > > +enum { > > + JW_REPAIRING_NEVER, > > + JW_REPAIRING_CONFIRM, > > + JW_REPAIRING_ALWAYS, > > +} jw_repairing_t; > > + > > struct main_opts { > > char *name; > > uint32_t class; > > @@ -58,6 +64,8 @@ struct main_opts { > > uint16_t gatt_mtu; > > > > uint8_t key_size; > > + > > + jw_repairing_t jw_repairing; > > }; > > > > extern struct main_opts main_opts; > > diff --git a/src/main.c b/src/main.c > > index 1a6ab36a3..d67f469f1 100644 > > --- a/src/main.c > > +++ b/src/main.c > > @@ -93,6 +93,7 @@ static const char *supported_options[] = { > > "MultiProfile", > > "FastConnectable", > > "Privacy", > > + "JustWorksRepairing", > > NULL > > }; > > > > @@ -193,6 +194,20 @@ static bt_gatt_cache_t parse_gatt_cache(const char *cache) > > } > > } > > > > +static jw_repairing_t parse_jw_repairing(const char *jw_repairing) > > +{ > > + if (!strcmp(jw_repairing, "never")) { > > + return JW_REPAIRING_NEVER; > > + } else if (!strcmp(jw_repairing, "confirm")) { > > + return JW_REPAIRING_CONFIRM; > > + } else if (!strcmp(jw_repairing, "always")) { > > + return JW_REPAIRING_ALWAYS; > > + } else { > > + return JW_REPAIRING_NEVER; > > + } > > +} > > + > > + > > static void check_options(GKeyFile *config, const char *group, > > const char **options) > > { > > @@ -331,6 +346,18 @@ static void parse_config(GKeyFile *config) > > g_free(str); > > } > > > > + str = g_key_file_get_string(config, "General", > > + "JustWorksRepairing", &err); > > + if (err) { > > + DBG("%s", err->message); > > + g_clear_error(&err); > > + main_opts.jw_repairing = JW_REPAIRING_NEVER; > > + } else { > > + DBG("just_works_repairing=%s", str); > > + main_opts.jw_repairing = parse_jw_repairing(str); > > + g_free(str); > > + } > > + > > str = g_key_file_get_string(config, "General", "Name", &err); > > if (err) { > > DBG("%s", err->message); > > diff --git a/src/main.conf b/src/main.conf > > index 40687a755..bb5ff5b15 100644 > > --- a/src/main.conf > > +++ b/src/main.conf > > @@ -72,6 +72,11 @@ > > # Defaults to "off" > > # Privacy = off > > > > +# Specify the policy to the JUST-WORKS repairing initiated by peer > > +# Possible values: "never", "confirm", "always" > > +# Defaults to "never" > > +#JustWorksRepairing = never > > + > > [GATT] > > # GATT attribute cache. > > # Possible values: > > -- > > 2.25.0.225.g125e21ebc7-goog > > > > I haven't looked much into this, but have a question. What happens by > default currently when we have an already bonded device previously > paired using some MITM-protected mechanism, and suddenly wants to > re-bond using a less secure mechanism (Just Works)? In my opinion > denying this should obviously be the default in case no agent is > available, compared to if pairing a new device then the default should > be accept. When no agent is registered we don't set the pairable flag, so it shouldn't even be able do trigger a new pairing without an agent. -- Luiz Augusto von Dentz