[Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device

[Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device

[Archie Pusaka]

From: Archie Pusaka <apusaka@chromium.org>

According to bluetooth HID1.1 spec, part 5.4.3.4.3:
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Request to open the HID L2CAP Control channel.

When creating connection, this patch checks whether the target
device is bonded, if yes then we use the medium security level
instead of the low one to enable encryption.

Reviewed-by: Alain Michaud <alainm@chromium.org>
---

 profiles/input/device.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 2dc2ecab2..9f89f4459 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -112,6 +112,12 @@ void input_set_classic_bonded_only(bool state)
 static void input_device_enter_reconnect_mode(struct input_device *idev);
 static int connection_disconnect(struct input_device *idev, uint32_t flags);
 
+static bool input_device_bonded(struct input_device *idev)
+{
+	return device_is_bonded(idev->device,
+				btd_device_get_bdaddr_type(idev->device));
+}
+
 static void input_device_free(struct input_device *idev)
 {
 	bt_uhid_unref(idev->uhid);
@@ -979,8 +985,7 @@ static int hidp_add_connection(struct input_device *idev)
 		device_get_name(idev->device, req->name, sizeof(req->name));
 
 	/* Make sure the device is bonded if required */
-	if (classic_bonded_only && !device_is_bonded(idev->device,
-				btd_device_get_bdaddr_type(idev->device))) {
+	if (classic_bonded_only && !input_device_bonded(idev)) {
 		error("Rejected connection from !bonded device %s", dst_addr);
 		goto cleanup;
 	}
@@ -1153,16 +1158,23 @@ static int dev_connect(struct input_device *idev)
 {
 	GError *err = NULL;
 	GIOChannel *io;
+	BtIOSecLevel sec_level;
 
 	if (idev->disable_sdp)
 		bt_clear_cached_session(&idev->src, &idev->dst);
 
+	/* encrypt connection if device is bonded */
+	if (input_device_bonded(idev))
+		sec_level = BT_IO_SEC_MEDIUM;
+	else
+		sec_level = BT_IO_SEC_LOW;
+
 	io = bt_io_connect(control_connect_cb, idev,
 				NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, &idev->src,
 				BT_IO_OPT_DEST_BDADDR, &idev->dst,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	idev->ctrl_io = io;
 
@@ -1227,8 +1239,7 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
 				reconnect_mode_to_string(idev->reconnect_mode));
 
 	/* Make sure the device is bonded if required */
-	if (classic_bonded_only && !device_is_bonded(idev->device,
-				btd_device_get_bdaddr_type(idev->device)))
+	if (classic_bonded_only && !input_device_bonded(idev))
 		return;
 
 	/* Only attempt an auto-reconnect when the device is required to
-- 
2.28.0.rc0.105.gf9edc3c819-goog

[Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only

[Archie Pusaka]

From: Archie Pusaka <apusaka@chromium.org>

According to bluetooth HID1.1 spec, section 5.4.3.5.3:
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Response with a result code of “Connection Successful”
(0x0000) after an L2CAP Connect Request is received.

This patch raises the security level to medium when listening for
incoming connection if the flag classic_bonded_only is set,
effectively starting encryption.

Reviewed-by: Alain Michaud <alainm@chromium.org>
---

 profiles/input/device.c | 5 +++++
 profiles/input/device.h | 1 +
 profiles/input/server.c | 6 ++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 9f89f4459..6ec0a4c63 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -109,6 +109,11 @@ void input_set_classic_bonded_only(bool state)
 	classic_bonded_only = state;
 }
 
+bool input_get_classic_bonded_only(void)
+{
+	return classic_bonded_only;
+}
+
 static void input_device_enter_reconnect_mode(struct input_device *idev);
 static int connection_disconnect(struct input_device *idev, uint32_t flags);
 
diff --git a/profiles/input/device.h b/profiles/input/device.h
index 5a077f92a..f61e8a558 100644
--- a/profiles/input/device.h
+++ b/profiles/input/device.h
@@ -30,6 +30,7 @@ struct input_conn;
 void input_set_idle_timeout(int timeout);
 void input_enable_userspace_hid(bool state);
 void input_set_classic_bonded_only(bool state);
+bool input_get_classic_bonded_only(void);
 void input_set_auto_sec(bool state);
 
 int input_device_register(struct btd_service *service);
diff --git a/profiles/input/server.c b/profiles/input/server.c
index f2c8c0f70..2bd5e92e4 100644
--- a/profiles/input/server.c
+++ b/profiles/input/server.c
@@ -283,6 +283,8 @@ int server_start(const bdaddr_t *src)
 {
 	struct input_server *server;
 	GError *err = NULL;
+	BtIOSecLevel sec_level = input_get_classic_bonded_only() ?
+					BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
 
 	server = g_new0(struct input_server, 1);
 	bacpy(&server->src, src);
@@ -291,7 +293,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, src,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	if (!server->ctrl) {
 		error("Failed to listen on control channel");
@@ -304,7 +306,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, src,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	if (!server->intr) {
 		error("Failed to listen on interrupt channel");
-- 
2.28.0.rc0.105.gf9edc3c819-goog

Re: [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device

[Luiz Augusto von Dentz]

Hi Archie,

On Wed, Jul 22, 2020 at 9:20 AM Archie Pusaka <apusaka@google.com> wrote:
>
> From: Archie Pusaka <apusaka@chromium.org>
>
> According to bluetooth HID1.1 spec, part 5.4.3.4.3:
> If the Bluetooth HID Host is bonded to a Bluetooth HID device:
> If encryption is not already enabled, the Bluetooth HID Host shall
> enable encryption with the Bluetooth HID device before sending an
> L2CAP Connect Request to open the HID L2CAP Control channel.
>
> When creating connection, this patch checks whether the target
> device is bonded, if yes then we use the medium security level
> instead of the low one to enable encryption.
>
> Reviewed-by: Alain Michaud <alainm@chromium.org>
> ---
>
>  profiles/input/device.c | 21 ++++++++++++++++-----
>  1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/profiles/input/device.c b/profiles/input/device.c
> index 2dc2ecab2..9f89f4459 100644
> --- a/profiles/input/device.c
> +++ b/profiles/input/device.c
> @@ -112,6 +112,12 @@ void input_set_classic_bonded_only(bool state)
>  static void input_device_enter_reconnect_mode(struct input_device *idev);
>  static int connection_disconnect(struct input_device *idev, uint32_t flags);
>
> +static bool input_device_bonded(struct input_device *idev)
> +{
> +       return device_is_bonded(idev->device,
> +                               btd_device_get_bdaddr_type(idev->device));
> +}
> +
>  static void input_device_free(struct input_device *idev)
>  {
>         bt_uhid_unref(idev->uhid);
> @@ -979,8 +985,7 @@ static int hidp_add_connection(struct input_device *idev)
>                 device_get_name(idev->device, req->name, sizeof(req->name));
>
>         /* Make sure the device is bonded if required */
> -       if (classic_bonded_only && !device_is_bonded(idev->device,
> -                               btd_device_get_bdaddr_type(idev->device))) {
> +       if (classic_bonded_only && !input_device_bonded(idev)) {
>                 error("Rejected connection from !bonded device %s", dst_addr);
>                 goto cleanup;
>         }
> @@ -1153,16 +1158,23 @@ static int dev_connect(struct input_device *idev)
>  {
>         GError *err = NULL;
>         GIOChannel *io;
> +       BtIOSecLevel sec_level;
>
>         if (idev->disable_sdp)
>                 bt_clear_cached_session(&idev->src, &idev->dst);
>
> +       /* encrypt connection if device is bonded */
> +       if (input_device_bonded(idev))
> +               sec_level = BT_IO_SEC_MEDIUM;
> +       else
> +               sec_level = BT_IO_SEC_LOW;
> +
>         io = bt_io_connect(control_connect_cb, idev,
>                                 NULL, &err,
>                                 BT_IO_OPT_SOURCE_BDADDR, &idev->src,
>                                 BT_IO_OPT_DEST_BDADDR, &idev->dst,
>                                 BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
> -                               BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
> +                               BT_IO_OPT_SEC_LEVEL, sec_level,
>                                 BT_IO_OPT_INVALID);
>         idev->ctrl_io = io;
>
> @@ -1227,8 +1239,7 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
>                                 reconnect_mode_to_string(idev->reconnect_mode));
>
>         /* Make sure the device is bonded if required */
> -       if (classic_bonded_only && !device_is_bonded(idev->device,
> -                               btd_device_get_bdaddr_type(idev->device)))
> +       if (classic_bonded_only && !input_device_bonded(idev))
>                 return;
>
>         /* Only attempt an auto-reconnect when the device is required to
> --
> 2.28.0.rc0.105.gf9edc3c819-goog
>

Applied, thanks.

-- 
Luiz Augusto von Dentz