[PATCH BlueZ 0/4] OOB Authentication improvements

[PATCH BlueZ 0/4] OOB Authentication improvements

[Brian Gix]

This patch set fixes some minor bugs, and adds explicit support for all
currently supported Provisioning authentication methods.

Brian Gix (4):
  mesh: Fix delivery of PB-ACK to acceptors
  nesh: Normalize endian of public/private ECC keys
  tools/mesh: Add all supported OOB methods to cfgclient
  test/mesh: Add support for testing more OOB auth

 mesh/pb-adv.c          |  1 -
 mesh/prov-acceptor.c   |  8 +++++++-
 mesh/prov-initiator.c  |  3 +++
 test/agent.py          | 23 +++++++++++++++++++++++
 tools/mesh-cfgclient.c | 32 +++++++++++++++++++++++++++-----
 5 files changed, 60 insertions(+), 7 deletions(-)

-- 
2.25.4

[PATCH BlueZ 1/4] mesh: Fix delivery of PB-ACK to acceptors

[Brian Gix]

Rwmove unneeded initialization that prevented the Acceptor roll of ever
recognizing a valid PB-ACK.
---
 mesh/pb-adv.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/mesh/pb-adv.c b/mesh/pb-adv.c
index c74dae79f..83f922aa8 100644
--- a/mesh/pb-adv.c
+++ b/mesh/pb-adv.c
@@ -358,7 +358,6 @@ static void pb_adv_packet(void *user_data, const uint8_t *pkt, uint16_t len)
 		first = !session->link_id;
 		session->link_id = link_id;
 		session->last_peer_trans_num = 0xFF;
-		session->local_acked = 0xFF;
 		session->peer_trans_num = 0x00;
 		session->local_trans_num = 0x7F;
 		session->opened = true;
-- 
2.25.4

[PATCH BlueZ 2/4] nesh: Normalize endian of public/private ECC keys

[Brian Gix]

The Mesh profile specification defines a Mesh byte order of Big Endian
for Public keys used to calculate shared secrets. Further the
specification sample data also show this same byte order for Private
keys.  However, our internal ECDH shared secret calculation requires
Little Endian byte ordering. This fixes our DBus interface, and
debugging output to use Mesh Byte Ordering (Big Endian) for all human
readable input/output.
---
 mesh/prov-acceptor.c  | 8 +++++++-
 mesh/prov-initiator.c | 3 +++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index e806b12ef..8df9eee9f 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -223,7 +223,11 @@ static bool acp_credentials(struct mesh_prov_acceptor *prov)
 
 	print_packet("PublicKeyProv", prov->conf_inputs.prv_pub_key, 64);
 	print_packet("PublicKeyDev", prov->conf_inputs.dev_pub_key, 64);
+
+	/* Normaize for debug out -- No longer needed for calculations */
+	swap_u256_bytes(prov->private_key);
 	print_packet("PrivateKeyLocal", prov->private_key, 32);
+
 	print_packet("ConfirmationInputs", &prov->conf_inputs,
 						sizeof(prov->conf_inputs));
 	print_packet("ECDHSecret", prov->secret, 32);
@@ -307,11 +311,13 @@ static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
 		return;
 	}
 
+	/* API delivers Mesh byte order, switch to little endian */
+	swap_u256_bytes(key);
 	memcpy(prov->private_key, key, 32);
 	ecc_make_public_key(prov->private_key,
 			prov->conf_inputs.dev_pub_key);
 
-	/* Convert to Mesh byte order */
+	/* Convert Public key to Mesh byte order */
 	swap_u256_bytes(prov->conf_inputs.dev_pub_key);
 	swap_u256_bytes(prov->conf_inputs.dev_pub_key + 32);
 
diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index ae9c646de..c62577523 100644
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -222,6 +222,9 @@ static bool int_credentials(struct mesh_prov_initiator *prov)
 
 	print_packet("PublicKeyProv", prov->conf_inputs.prv_pub_key, 64);
 	print_packet("PublicKeyDev", prov->conf_inputs.dev_pub_key, 64);
+
+	/* Print DBG out in Mesh order */
+	swap_u256_bytes(prov->private_key);
 	print_packet("PrivateKeyLocal", prov->private_key, 32);
 	print_packet("ConfirmationInputs", &prov->conf_inputs,
 						sizeof(prov->conf_inputs));
-- 
2.25.4

[PATCH BlueZ 3/4] tools/mesh: Add all supported OOB methods to cfgclient

[Brian Gix]

To support the widest range of mesh devices, we need to support any
possible capability combinations that a remote device may request.
---
 tools/mesh-cfgclient.c | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/tools/mesh-cfgclient.c b/tools/mesh-cfgclient.c
index 49069674f..fd859a606 100644
--- a/tools/mesh-cfgclient.c
+++ b/tools/mesh-cfgclient.c
@@ -104,7 +104,17 @@ static struct model_info *cfgcli;
 static struct l_queue *devices;
 
 static bool prov_in_progress;
-static const char *caps[] = {"static-oob", "out-numeric", "in-numeric"};
+static const char *caps[] = {"static-oob",
+				"push",
+				"twist",
+				"blink",
+				"beep",
+				"vibrate",
+				"public-oob",
+				"out-alpha",
+				"in-alpha",
+				"out-numeric",
+				"in-numeric"};
 
 static bool have_config;
 
@@ -419,7 +429,7 @@ static void agent_input_done(oob_type_t type, void *buf, uint16_t len,
 	struct l_dbus_message *reply = NULL;
 	struct l_dbus_message_builder *builder;
 	uint32_t val_u32;
-	uint8_t oob_data[16];
+	uint8_t oob_data[64];
 
 	switch (type) {
 	case NONE:
@@ -435,15 +445,15 @@ static void agent_input_done(oob_type_t type, void *buf, uint16_t len,
 		/* Fall Through */
 
 	case HEXADECIMAL:
-		if (len > 16) {
+		if (len > sizeof(oob_data)) {
 			bt_shell_printf("Bad input length\n");
 			break;
 		}
-		memset(oob_data, 0, 16);
+		memset(oob_data, 0, sizeof(oob_data));
 		memcpy(oob_data, buf, len);
 		reply = l_dbus_message_new_method_return(msg);
 		builder = l_dbus_message_builder_new(reply);
-		append_byte_array(builder, oob_data, 16);
+		append_byte_array(builder, oob_data, len);
 		l_dbus_message_builder_finalize(builder);
 		l_dbus_message_builder_destroy(builder);
 		break;
@@ -580,6 +590,16 @@ static struct l_dbus_message *prompt_numeric_call(struct l_dbus *dbus,
 	return NULL;
 }
 
+static struct l_dbus_message *prompt_public_call(struct l_dbus *dbus,
+                                               struct l_dbus_message *msg,
+                                               void *user_data)
+{
+       l_dbus_message_ref(msg);
+       agent_input_request(HEXADECIMAL, 64, "Enter 512 bit Public Key",
+                                                       agent_input_done, msg);
+       return NULL;
+}
+
 static struct l_dbus_message *prompt_static_call(struct l_dbus *dbus,
 						struct l_dbus_message *msg,
 						void *user_data)
@@ -618,6 +638,8 @@ static void setup_agent_iface(struct l_dbus_interface *iface)
 						"u", "s", "number", "type");
 	l_dbus_interface_method(iface, "PromptStatic", 0, prompt_static_call,
 						"ay", "s", "data", "type");
+       l_dbus_interface_method(iface, "PublicKey", 0, prompt_public_call,
+                                               "ay", "", "data");
 }
 
 static bool register_agent(void)
-- 
2.25.4

[PATCH BlueZ 4/4] test/mesh: Add support for testing more OOB auth

[Brian Gix]

To pass IOP testing, we need to be able to support Input OOB and Out of
band Public Key exchange,  This patch adds agent methods to support
those capabilities, but are turned off because the test code uses
insecure fixed values instead of randomized values.
---
 test/agent.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/test/agent.py b/test/agent.py
index b46cd95f4..57a74183d 100755
--- a/test/agent.py
+++ b/test/agent.py
@@ -35,7 +35,9 @@ class Agent(dbus.service.Object):
 		caps = []
 		oob = []
 		caps.append('out-numeric')
+		#caps.append('in-numeric') -- Do not use well known in-oob
 		caps.append('static-oob')
+		#caps.append('public-oob') -- Do not use well known key pairs
 		oob.append('other')
 		return {
 			AGENT_IFACE: {
@@ -56,6 +58,27 @@ class Agent(dbus.service.Object):
 		print(set_cyan('DisplayNumeric ('), type,
 				set_cyan(') number ='), set_green(value))
 
+	@dbus.service.method(AGENT_IFACE, in_signature="s", out_signature="u")
+	def PromptNumeric(self, type):
+		# Sample in-oob -- DO-NOT-USE
+		value = 12345
+		print(set_cyan('PromptNumeric ('), type,
+				set_cyan(') number ='), set_green(value))
+		return dbus.UInt32(value)
+
+	@dbus.service.method(AGENT_IFACE, in_signature="", out_signature="ay")
+	def PrivateKey(self):
+		# Sample Public/Private pair from Mesh Profile Spec DO-NOT-USE
+		private_key_str = '6872b109ea0574adcf88bf6da64996a4624fe018191d9322a4958837341284bc'
+		public_key_str = 'ce9027b5375fe5d3ed3ac89cef6a8370f699a2d3130db02b87e7a632f15b0002e5b72c775127dc0ce686002ecbe057e3d6a8000d4fbf2cdfffe0d38a1c55a043'
+		print(set_cyan('PrivateKey ()'))
+		print(set_cyan('Enter Public key on remote device: '),
+										set_green(public_key_str));
+		private_key = bytearray.fromhex(private_key_str)
+
+		return dbus.Array(private_key, signature='y')
+
+
 	@dbus.service.method(AGENT_IFACE, in_signature="s", out_signature="ay")
 	def PromptStatic(self, type):
 		static_key = numpy.random.randint(0, 255, 16)
-- 
2.25.4

RE: OOB Authentication improvements

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 4922 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=484617

---Test result---

Test Summary:
CheckPatch                    FAIL      0.88 seconds
GitLint                       PASS      0.45 seconds
Prep - Setup ELL              PASS      45.27 seconds
Build - Prep                  PASS      0.13 seconds
Build - Configure             PASS      7.80 seconds
Build - Make                  PASS      196.35 seconds
Make Check                    PASS      9.34 seconds
Make Distcheck                PASS      231.73 seconds
Build w/ext ELL - Configure   PASS      7.83 seconds
Build w/ext ELL - Make        PASS      185.18 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Output:
tools/mesh: Add all supported OOB methods to cfgclient
WARNING:STATIC_CONST_CHAR_ARRAY: static const char * array should probably be static const char * const
#18: FILE: tools/mesh-cfgclient.c:107:
+static const char *caps[] = {"static-oob",

ERROR:CODE_INDENT: code indent should use tabs where possible
#65: FILE: tools/mesh-cfgclient.c:594:
+                                               struct l_dbus_message *msg,$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#65: FILE: tools/mesh-cfgclient.c:594:
+                                               struct l_dbus_message *msg,$

ERROR:CODE_INDENT: code indent should use tabs where possible
#66: FILE: tools/mesh-cfgclient.c:595:
+                                               void *user_data)$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#66: FILE: tools/mesh-cfgclient.c:595:
+                                               void *user_data)$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#68: FILE: tools/mesh-cfgclient.c:597:
+       l_dbus_message_ref(msg);$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#69: FILE: tools/mesh-cfgclient.c:598:
+       agent_input_request(HEXADECIMAL, 64, "Enter 512 bit Public Key",$

ERROR:CODE_INDENT: code indent should use tabs where possible
#70: FILE: tools/mesh-cfgclient.c:599:
+                                                       agent_input_done, msg);$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#70: FILE: tools/mesh-cfgclient.c:599:
+                                                       agent_input_done, msg);$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#71: FILE: tools/mesh-cfgclient.c:600:
+       return NULL;$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#81: FILE: tools/mesh-cfgclient.c:641:
+       l_dbus_interface_method(iface, "PublicKey", 0, prompt_public_call,$

ERROR:CODE_INDENT: code indent should use tabs where possible
#82: FILE: tools/mesh-cfgclient.c:642:
+                                               "ay", "", "data");$

WARNING:LEADING_SPACE: please, no spaces at the start of a line
#82: FILE: tools/mesh-cfgclient.c:642:
+                                               "ay", "", "data");$

- total: 4 errors, 9 warnings, 68 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

"[PATCH] tools/mesh: Add all supported OOB methods to cfgclient" has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - PASS
Desc: Run gitlint with rule in .gitlint

##############################
Test: Prep - Setup ELL - PASS
Desc: Clone, build, and install ELL

##############################
Test: Build - Prep - PASS
Desc: Prepare environment for build

##############################
Test: Build - Configure - PASS
Desc: Configure the BlueZ source tree

##############################
Test: Build - Make - PASS
Desc: Build the BlueZ source tree

##############################
Test: Make Check - PASS
Desc: Run 'make check'

##############################
Test: Make Distcheck - PASS
Desc: Run distcheck to check the distribution

##############################
Test: Build w/ext ELL - Configure - PASS
Desc: Configure BlueZ source with '--enable-external-ell' configuration

##############################
Test: Build w/ext ELL - Make - PASS
Desc: Build BlueZ source with '--enable-external-ell' configuration



---
Regards,
Linux Bluetooth