Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp269126pxa; Fri, 14 Aug 2020 03:50:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3W5DhQP/pLAAtfTRa/am3b1xJnkehlR3AzAuNw6tLAnlT6uEusbRWVRei56Xra6vG55PP X-Received: by 2002:a50:e109:: with SMTP id h9mr1631805edl.47.1597402254640; Fri, 14 Aug 2020 03:50:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597402254; cv=none; d=google.com; s=arc-20160816; b=B4iJSfY9m0wDaNL/oe72z7tKbkO6Bc91ZtaH4kdL3vwkimRTgkxLZseRIJOhlymO85 mxv67XNmyF/21bBeLeIvpAfUcRsdr9MzN/eKO5c+CgkfL4Vzlxw8iMFRVt+mPBy+Ov1Y +JapLn6Q4mC4Ej/bQFAWnvBF/NEQW51ciz6PcwR0sikemLfMK3OscvMEMfEZOR9+5px0 ur+8AuI7bzNnySN5MQ4Efi4dKFnaygBXT72pTPv+YS1CdN4CWV49ez1JoTrQmCTpMyM0 q0ynjTuPRGEoWENsllxKSJEipzzgeMpHDEb7V6XAlNmyGbxZYNiMQSDn5itOZ/KW7eiK Uu/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Q1a9PUcYGX9ux4Mfdps7vP428ddbJQAbnf/pLAoi3NE=; b=IMLoEt74M4+t5TzK3BjoO9lCXvh15uvv9OeIVqiG05R6pHoZU2JwbUEoilPQg7/dp0 GwR8O7LghMd+uKU03BJGrP7eHN3mioyUP/+d/tEFpkD4kxHJRxgQmfUjk2P1bk+VRYV7 MW/YJGXpw9Gjk7ukS0a+W5RYqRkoqPygpzE4ZaVFbkPe3ZntBD4ugIRszGlEY5RZEb6N F3LOc6XK1OMWwLvVHHUN1VaCKDHOiy//y4Aj7tF7krdtH1TUlQGtwaLAMCr9kVNzTu7Z WKXOo7OggWnzOnYXOsjGPWHJ1LkDlGXnJ8mUgy4N9EFZtaIe527DQ6LKtFqlBb24Oir6 XEQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ML1859Oa; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c101si5252911edf.277.2020.08.14.03.50.15; Fri, 14 Aug 2020 03:50:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ML1859Oa; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727081AbgHNKte (ORCPT + 99 others); Fri, 14 Aug 2020 06:49:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727064AbgHNKt2 (ORCPT ); Fri, 14 Aug 2020 06:49:28 -0400 Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60A0FC061384 for ; Fri, 14 Aug 2020 03:49:23 -0700 (PDT) Received: by mail-oi1-x22f.google.com with SMTP id v13so7746825oiv.13 for ; Fri, 14 Aug 2020 03:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q1a9PUcYGX9ux4Mfdps7vP428ddbJQAbnf/pLAoi3NE=; b=ML1859OaZObRxKMk/2VNFzxEVwB2nJYUW59jyN7MUugdjW/tQLlKaL2VNn6cDUaYTb p7iVLIVe19Ph3bWbpBplhfZZi2H8OWHh3rHyOnykbNoSnbRxcT8fXdVmNUQlsGCrcxRy ZM+BABJtrx/EHKIqIRkguzj8t+26wsWSQjSB6qf7kJgRg9Wxi9I8OBvCwiIIw/tBxZih XFwxU+Eoqjq7WDNxq47lJNQclz90LAmUBEhX9L5F7viWrQsgZsgJlKmRGEVwxlPA5avw ky804lWqTFS1qUOPL4VKWWjYorStIS7PyfqJIr+e6PrmsD6uv4UoutfJS/KxvGxDzqPp trFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q1a9PUcYGX9ux4Mfdps7vP428ddbJQAbnf/pLAoi3NE=; b=S5rRaot9Hz0h/bo83/fulCPrbcjA3FyI3aIes9EVj6uai5RglT2ZecT6iogTaRujiy swHJM2hiwPlZLQm9mE2tN4w39Cc6LTda+PCpMNhiUEtt1l33umhqDR9RTwwMSGK6RTFf zrp4cMgWs13hgYPfXkYSrx0cSSvu7FijXmimRCnHgGbuirFixo6JEf+qFWpZ56g+jT15 Vg0WaM8uox2cFLzHsk3LLRewzEAZVP0Vaqr11S5Sx2we6bly0yI0b3zHmdUH34d/tUwk ojsE1Z1Yy8qLolj0ysgngk5pd2eKquQYox9c7s4Mnrenc3j9QYRBsE6RxPwn48/DmKLN ufWA== X-Gm-Message-State: AOAM531dwWkKfYu70ZkXJEVNiwnA1rjckSD9t0Jf+ljLMOu8uArqOVbk OINDZCsZfLCeD5unQ8nNS8pQrGzpKemCZr2D755JSMe0xCwsag== X-Received: by 2002:aca:c38c:: with SMTP id t134mr1110680oif.15.1597402162069; Fri, 14 Aug 2020 03:49:22 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Emil Lenngren Date: Fri, 14 Aug 2020 12:49:10 +0200 Message-ID: Subject: Re: [BlueZ] BLE Security Mode 2 Support To: Christian Seifert Cc: Bluetooth Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Christian, Den fre 14 aug. 2020 kl 11:21 skrev Christian Seifert : > > Hello, > > i am trying to implement a communication channel that uses BLE Security > Mode 2 Lvl 1 or 2. Both participants that need to communicate are > Raspberry Pi's running Raspberry Pi OS and BlueZ as Bluetooth Stack. The > data i want to send is already encrypted which makes Data Signing > interesting for me. > > Does BlueZ Support BLE Security Mode 2 Lvl 1/2 and if yes how can i > access the functionality? > > Furthermore in my research to find the answer for this question i always > seemed to come across Security Mode 3 mentioned in combination with > BlueZ. Does this simply refer to Security Mode 1 Lvl 3? > > In order to find an answer for this question: I searched the web > rigorously / Tried to find an answer in forums / Read the Documentation > / Tried to read the source code / Checked the archives > > As i found nearly nothing regarding this topic my last resort is to ask > this E-Mail Chain and i would be extremely gratefull if someone would be > able to answer my question or tip me off into the right direction. > > Thank you very much for your time and help in advance! > > Best regards, > Christian Seifert > > PS: Please excuse my poor Translation attempts as English is not my > first language. I will gladly try to rewrite any confusing or misleading > parts in my message if pointed out! I have worked with BLE for around six years and I've never heard of anyone using security mode 2. It seems like it's one of those "wouldn't-it-be-nice-to-have" when they designed this many years ago, without understanding the idea is quite bad when security mode 1 exists which is superior. There are not many benefits of using this over security mode 1. There are more cons: - Data is not being encrypted, only signed. - There's only one single kind of ATT packet that can be signed, the "Signed Write Command", which is then used by GATT "Signed Write Without Response". This means that no read/write requests, notifications/indications or service discovery can be signed. It's therefore not possible to sign anything in the direction from a GATT server to a GATT client. - The signature consists of a 8 bytes CMAC signature followed by a 32-bit message counter. You can therefore only send up to 12 bytes shorter packets for a given MTU. - The signature counter must be updated and stored on flash after every message, and must be preserved across reconnections and reboots. For embedded devices with a limit of write-erase cycles this could potentially be a huge issue. With security mode 1 this doesn't happen as the link layer packet counter is per connection and direction, and can therefore be stored in RAM. - A "MITM hacker" could potentially receive a signed message, disconnect from the sender, and a few days later connect to the intended receiver and deliver the message, without the receiver noticing it has been delayed such a long time (assuming it didn't get any packet with higher counter in the meantime). - Packets can intentionally or unintentionally be dropped, without the receiver noticing that there are missing packets (assuming the Bluetooth stack doesn't expose the counter to the "application"). - It requires a specific API for the application to use (signed writes). With security mode 1 it's the lower layer that encrypts and signes everything and your GATT application can be the same regardless if you're unencrypted or encrypted. - If you implement this in a GATT server and the GATT client doesn't support signed writes, you can't really know or ask the GATT client if it supports signed writes. Even though the CSRK might be transferred during bonding, you can't know if signed writes are actually supported (yes many bluetooth stacks are stupidly made like this). The only benefit as I see it is that it requires 2.5 less round trips than setting up AES-CCM as in security mode 1. Generally the support in different Bluetooth stacks doesn't seem to be that good. For example Nordic Semiconductor's soft device doesn't support security mode 2. It seems the dbus gatt api supports signed writes, by reading the documentation and code. Simply set "type" to "command" when executing a WriteValue. Signed authenticated writes will be used if the characteristic supports it and the link is unencrypted, otherwise normal Write Without Responses will be used. For the GATT server, set the characteristic flags to include "authenticated-signed-writes". I'm not sure how to make the bonding and connection setup to actually use security mode 2 instead of mode 1 though. Security mode 3 doesn't exist for BLE. It exists for Bluetooth classic though, so maybe that's what they're referring to. /Emil