Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp950855ybh; Tue, 10 Mar 2020 11:27:27 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvLctUKjZuyZ4M7DgfdpvccAJHqNmu4QQoUPIFQ0gN+o7r1VvKObJawJAa5Cspo6IDxpJak X-Received: by 2002:a05:6808:8e5:: with SMTP id d5mr2195562oic.88.1583864847330; Tue, 10 Mar 2020 11:27:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583864847; cv=none; d=google.com; s=arc-20160816; b=Ow2CsW7gOIHVrZvOtUucgzDHuEVFWjaM33rlbqG/wQVxItB2oVFyiyxbbuO8zvCPDW gVusyNtwtUl0x3SWY27BG3ZOowB+m1JTKB6WqeRuR9LP4iJDmnR3SQjjOMTLZC3onC/l Ri6NAH6SEJjGYz84o+lZbOQ8TM9d99YTKBZKiYkekPu1g2fEcDtj1PNR7Xl7rt5Wdbm5 QgiepnXGPb/nF3iE7PiCF6euRTQH3qbUtStyW3Qp1r85QrKGsplJ+3MsUgpfmyTSSsci t2EBjGZ/CHbTU5Qpn6P03xlWh7RjVSnWoz2ojF5MPDRs2CteIuoHjmSa/KcKzrQm7U3N uPmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=kYcwCOrsXB1F7HlVWxD6tTRn4jhXioACIQXu62kUgfY=; b=JUcF9fUYHzEEeqG2HycK3BnfPaxhXWOpaNFeJHUOM9c1lOsjQ/jB0PQENd/05AF7Wu XFxb2Ep21aooatwhtqZOPhrL+5Ii9MXjSjqLwLR0VISgLP4mHRFiZn7NkdqW+ogJu2XU hte8aA9h/cHldAwr8Vz1fZsb69YZmkRTkRUP+Br5IrYc2FyKZ4ykGe7YIUxPIo5uiw12 OX2ypy9Uc5n4B9Kvme071/4U4n+PYihzlHOzzQ7AFqBuiN/0JigaWb/zPTV+t1vZbq2T 4BukDzvc6TZJWnBIPk4ZMbcP6UazIwI3Qhjr3G16WZcEd7EvsQkYV0Fh6WkyM3bhmxGP B/qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UaLSVwS8; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7si8982373oti.301.2020.03.10.11.27.04; Tue, 10 Mar 2020 11:27:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UaLSVwS8; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726604AbgCJS1A (ORCPT + 99 others); Tue, 10 Mar 2020 14:27:00 -0400 Received: from mail-ot1-f67.google.com ([209.85.210.67]:45789 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726283AbgCJS1A (ORCPT ); Tue, 10 Mar 2020 14:27:00 -0400 Received: by mail-ot1-f67.google.com with SMTP id f21so14112249otp.12 for ; Tue, 10 Mar 2020 11:27:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kYcwCOrsXB1F7HlVWxD6tTRn4jhXioACIQXu62kUgfY=; b=UaLSVwS8bbvNtbVPDsG0mSjIXSm0IPTdEbTyJaNJl+msW0H0wk6h+edk1NDNVDahqS 3TRZsa1DIf6XchwhySpddTG/wEhiXbfRbW1FmbkzZEkvdQNoKldCgmbIWQ1+1ZJPCD7i 7zvl1pmSXXOeCDW1kUl2a0avP5h3OMQiZA5KnnrCHnK4rSkl/y/M9IRN27dD2Z1r7Dqm LHK/ypQlf0WDMt645JW7j84CCaZL3Soo7FI07YiUpND07L20fsLh0KEe/V+40ZbWL52E YM5QBWklT2JkEvq9D66WZ0M5tBdBcsVmM6CnR+mOegmsBlPVndz/6r29G1F6W2FPlXwl dsvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kYcwCOrsXB1F7HlVWxD6tTRn4jhXioACIQXu62kUgfY=; b=YF+5rNzMJgd73l8UO5JaI10nw8SvlqnJ7xtFTdMZ5A+htmbeHOYiktU54w9CtMA5/C 3GqShyc8suw5TKPujXrhiqZ3I+6kT7IfrXhnFPJ3a2nJ75G4/8G364c3Mvn/uHQ44J61 zRk5k6hsaH0sGS8lYQljOD+PrJkZs63ihCku5sEQnYp24gg6WNrEEg4PTWpjWwvc4WlY 3gKy2Z0VNCpmPxbERN5+uyTmYOel3lN5hnDLem0dMkKlapDdGha601geUVQHGqXvncr/ GouNml/O6EfiKZFRKuO1FmVNOK2aYADx5x3oJwf7SVFRDmDwpLg507sFCRALo1SFpA9S eeEg== X-Gm-Message-State: ANhLgQ2QYg2haNKBp1FCRyf3vJyuI55r87xuAS8986umPEAAh85dyLAK JjjreGs6bg3GGTpJEPBywgu7krJr2wBYWyRL/0BoE83p X-Received: by 2002:a05:6830:19c7:: with SMTP id p7mr5740297otp.79.1583864819663; Tue, 10 Mar 2020 11:26:59 -0700 (PDT) MIME-Version: 1.0 References: <20200310173649.32722-1-luiz.dentz@gmail.com> In-Reply-To: From: Luiz Augusto von Dentz Date: Tue, 10 Mar 2020 11:26:48 -0700 Message-ID: Subject: Re: [PATCH BlueZ] input: hog: Attempt to set security level if not bonded To: Alain Michaud Cc: BlueZ Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Alain, On Tue, Mar 10, 2020 at 11:04 AM Alain Michaud wrote: > > Hi Luiz, > > On Tue, Mar 10, 2020 at 1:36 PM Luiz Augusto von Dentz > wrote: > > > > From: Luiz Augusto von Dentz > > > > This attempts to set the security if the device is not bonded, the > > kernel will block any communication on the ATT socket while bumping > > the security and if that fails the device will be disconnected which > > is better than having the device dangling around without being able to > > communicate with it until it is properly bonded. > > --- > > profiles/input/hog.c | 13 +++++++++++-- > > 1 file changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/profiles/input/hog.c b/profiles/input/hog.c > > index dfac68921..f0226ebbd 100644 > > --- a/profiles/input/hog.c > > +++ b/profiles/input/hog.c > > @@ -49,6 +49,8 @@ > > #include "src/shared/util.h" > > #include "src/shared/uhid.h" > > #include "src/shared/queue.h" > > +#include "src/shared/att.h" > > +#include "src/shared/gatt-client.h" > > #include "src/plugin.h" > > > > #include "suspend.h" > > @@ -187,8 +189,15 @@ static int hog_accept(struct btd_service *service) > > } > > > > /* HOGP 1.0 Section 6.1 requires bonding */ > > - if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) > > - return -ECONNREFUSED; > > + if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) { > > + struct bt_gatt_client *client; > > + > > + client = btd_device_get_gatt_client(device); > > + if (!bt_gatt_client_set_security(client, > > + BT_ATT_SECURITY_MEDIUM)) { > > + return -ECONNREFUSED; > > + } > > + } > I wonder if this is really necessary. For example, this may cause a > device the user has not deliberately bonded to suddenly expose a HOG > Service which will trigger the user to pair (most users are known to > blindly accept the pairing). I believe the previous posture is more > secure by having the user deliberately pair HID devices as opposed to > on demand. There are dedicated APIs to connect specific profiles, so if hog_accept is reached it means the user/application does want to connect HoG and in that case it should trigger bonding, so this only automate the process, like Ive commented for legacy HID we already attempt to bump the security in a similar way. Having the user deliberately pair may cause breakage since in most cases the GATT services do that on demand, in fact HoG is possibly the only exception to that since it appear to mandate encryption at connection level rather than on attribute level, so if the user had a peripheral that used to not require bonding it will suddenly stop working but if we do have this change it would possible still work after the pairing procedure is complete. > > > > > /* TODO: Replace GAttrib with bt_gatt_client */ > > bt_hog_attach(dev->hog, attrib); > > -- > > 2.21.1 > > -- Luiz Augusto von Dentz