Linux-Bluetooth Archive on lore.kernel.org
 help / color / Atom feed
* [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device
@ 2020-07-22 16:20 Archie Pusaka
  2020-07-22 16:20 ` [Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only Archie Pusaka
  2020-07-23 16:43 ` [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Luiz Augusto von Dentz
  0 siblings, 2 replies; 3+ messages in thread
From: Archie Pusaka @ 2020-07-22 16:20 UTC (permalink / raw)
  To: linux-bluetooth, Luiz Augusto von Dentz
  Cc: CrosBT Upstreaming, Archie Pusaka, Alain Michaud

From: Archie Pusaka <apusaka@chromium.org>

According to bluetooth HID1.1 spec, part 5.4.3.4.3:
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Request to open the HID L2CAP Control channel.

When creating connection, this patch checks whether the target
device is bonded, if yes then we use the medium security level
instead of the low one to enable encryption.

Reviewed-by: Alain Michaud <alainm@chromium.org>
---

 profiles/input/device.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 2dc2ecab2..9f89f4459 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -112,6 +112,12 @@ void input_set_classic_bonded_only(bool state)
 static void input_device_enter_reconnect_mode(struct input_device *idev);
 static int connection_disconnect(struct input_device *idev, uint32_t flags);
 
+static bool input_device_bonded(struct input_device *idev)
+{
+	return device_is_bonded(idev->device,
+				btd_device_get_bdaddr_type(idev->device));
+}
+
 static void input_device_free(struct input_device *idev)
 {
 	bt_uhid_unref(idev->uhid);
@@ -979,8 +985,7 @@ static int hidp_add_connection(struct input_device *idev)
 		device_get_name(idev->device, req->name, sizeof(req->name));
 
 	/* Make sure the device is bonded if required */
-	if (classic_bonded_only && !device_is_bonded(idev->device,
-				btd_device_get_bdaddr_type(idev->device))) {
+	if (classic_bonded_only && !input_device_bonded(idev)) {
 		error("Rejected connection from !bonded device %s", dst_addr);
 		goto cleanup;
 	}
@@ -1153,16 +1158,23 @@ static int dev_connect(struct input_device *idev)
 {
 	GError *err = NULL;
 	GIOChannel *io;
+	BtIOSecLevel sec_level;
 
 	if (idev->disable_sdp)
 		bt_clear_cached_session(&idev->src, &idev->dst);
 
+	/* encrypt connection if device is bonded */
+	if (input_device_bonded(idev))
+		sec_level = BT_IO_SEC_MEDIUM;
+	else
+		sec_level = BT_IO_SEC_LOW;
+
 	io = bt_io_connect(control_connect_cb, idev,
 				NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, &idev->src,
 				BT_IO_OPT_DEST_BDADDR, &idev->dst,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	idev->ctrl_io = io;
 
@@ -1227,8 +1239,7 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
 				reconnect_mode_to_string(idev->reconnect_mode));
 
 	/* Make sure the device is bonded if required */
-	if (classic_bonded_only && !device_is_bonded(idev->device,
-				btd_device_get_bdaddr_type(idev->device)))
+	if (classic_bonded_only && !input_device_bonded(idev))
 		return;
 
 	/* Only attempt an auto-reconnect when the device is required to
-- 
2.28.0.rc0.105.gf9edc3c819-goog


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only
  2020-07-22 16:20 [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Archie Pusaka
@ 2020-07-22 16:20 ` Archie Pusaka
  2020-07-23 16:43 ` [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Luiz Augusto von Dentz
  1 sibling, 0 replies; 3+ messages in thread
From: Archie Pusaka @ 2020-07-22 16:20 UTC (permalink / raw)
  To: linux-bluetooth, Luiz Augusto von Dentz
  Cc: CrosBT Upstreaming, Archie Pusaka, Alain Michaud

From: Archie Pusaka <apusaka@chromium.org>

According to bluetooth HID1.1 spec, section 5.4.3.5.3:
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Response with a result code of “Connection Successful”
(0x0000) after an L2CAP Connect Request is received.

This patch raises the security level to medium when listening for
incoming connection if the flag classic_bonded_only is set,
effectively starting encryption.

Reviewed-by: Alain Michaud <alainm@chromium.org>
---

 profiles/input/device.c | 5 +++++
 profiles/input/device.h | 1 +
 profiles/input/server.c | 6 ++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 9f89f4459..6ec0a4c63 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -109,6 +109,11 @@ void input_set_classic_bonded_only(bool state)
 	classic_bonded_only = state;
 }
 
+bool input_get_classic_bonded_only(void)
+{
+	return classic_bonded_only;
+}
+
 static void input_device_enter_reconnect_mode(struct input_device *idev);
 static int connection_disconnect(struct input_device *idev, uint32_t flags);
 
diff --git a/profiles/input/device.h b/profiles/input/device.h
index 5a077f92a..f61e8a558 100644
--- a/profiles/input/device.h
+++ b/profiles/input/device.h
@@ -30,6 +30,7 @@ struct input_conn;
 void input_set_idle_timeout(int timeout);
 void input_enable_userspace_hid(bool state);
 void input_set_classic_bonded_only(bool state);
+bool input_get_classic_bonded_only(void);
 void input_set_auto_sec(bool state);
 
 int input_device_register(struct btd_service *service);
diff --git a/profiles/input/server.c b/profiles/input/server.c
index f2c8c0f70..2bd5e92e4 100644
--- a/profiles/input/server.c
+++ b/profiles/input/server.c
@@ -283,6 +283,8 @@ int server_start(const bdaddr_t *src)
 {
 	struct input_server *server;
 	GError *err = NULL;
+	BtIOSecLevel sec_level = input_get_classic_bonded_only() ?
+					BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
 
 	server = g_new0(struct input_server, 1);
 	bacpy(&server->src, src);
@@ -291,7 +293,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, src,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	if (!server->ctrl) {
 		error("Failed to listen on control channel");
@@ -304,7 +306,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
 				BT_IO_OPT_SOURCE_BDADDR, src,
 				BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
-				BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 				BT_IO_OPT_INVALID);
 	if (!server->intr) {
 		error("Failed to listen on interrupt channel");
-- 
2.28.0.rc0.105.gf9edc3c819-goog


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device
  2020-07-22 16:20 [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Archie Pusaka
  2020-07-22 16:20 ` [Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only Archie Pusaka
@ 2020-07-23 16:43 ` Luiz Augusto von Dentz
  1 sibling, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2020-07-23 16:43 UTC (permalink / raw)
  To: Archie Pusaka
  Cc: linux-bluetooth, CrosBT Upstreaming, Archie Pusaka, Alain Michaud

Hi Archie,

On Wed, Jul 22, 2020 at 9:20 AM Archie Pusaka <apusaka@google.com> wrote:
>
> From: Archie Pusaka <apusaka@chromium.org>
>
> According to bluetooth HID1.1 spec, part 5.4.3.4.3:
> If the Bluetooth HID Host is bonded to a Bluetooth HID device:
> If encryption is not already enabled, the Bluetooth HID Host shall
> enable encryption with the Bluetooth HID device before sending an
> L2CAP Connect Request to open the HID L2CAP Control channel.
>
> When creating connection, this patch checks whether the target
> device is bonded, if yes then we use the medium security level
> instead of the low one to enable encryption.
>
> Reviewed-by: Alain Michaud <alainm@chromium.org>
> ---
>
>  profiles/input/device.c | 21 ++++++++++++++++-----
>  1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/profiles/input/device.c b/profiles/input/device.c
> index 2dc2ecab2..9f89f4459 100644
> --- a/profiles/input/device.c
> +++ b/profiles/input/device.c
> @@ -112,6 +112,12 @@ void input_set_classic_bonded_only(bool state)
>  static void input_device_enter_reconnect_mode(struct input_device *idev);
>  static int connection_disconnect(struct input_device *idev, uint32_t flags);
>
> +static bool input_device_bonded(struct input_device *idev)
> +{
> +       return device_is_bonded(idev->device,
> +                               btd_device_get_bdaddr_type(idev->device));
> +}
> +
>  static void input_device_free(struct input_device *idev)
>  {
>         bt_uhid_unref(idev->uhid);
> @@ -979,8 +985,7 @@ static int hidp_add_connection(struct input_device *idev)
>                 device_get_name(idev->device, req->name, sizeof(req->name));
>
>         /* Make sure the device is bonded if required */
> -       if (classic_bonded_only && !device_is_bonded(idev->device,
> -                               btd_device_get_bdaddr_type(idev->device))) {
> +       if (classic_bonded_only && !input_device_bonded(idev)) {
>                 error("Rejected connection from !bonded device %s", dst_addr);
>                 goto cleanup;
>         }
> @@ -1153,16 +1158,23 @@ static int dev_connect(struct input_device *idev)
>  {
>         GError *err = NULL;
>         GIOChannel *io;
> +       BtIOSecLevel sec_level;
>
>         if (idev->disable_sdp)
>                 bt_clear_cached_session(&idev->src, &idev->dst);
>
> +       /* encrypt connection if device is bonded */
> +       if (input_device_bonded(idev))
> +               sec_level = BT_IO_SEC_MEDIUM;
> +       else
> +               sec_level = BT_IO_SEC_LOW;
> +
>         io = bt_io_connect(control_connect_cb, idev,
>                                 NULL, &err,
>                                 BT_IO_OPT_SOURCE_BDADDR, &idev->src,
>                                 BT_IO_OPT_DEST_BDADDR, &idev->dst,
>                                 BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
> -                               BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
> +                               BT_IO_OPT_SEC_LEVEL, sec_level,
>                                 BT_IO_OPT_INVALID);
>         idev->ctrl_io = io;
>
> @@ -1227,8 +1239,7 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
>                                 reconnect_mode_to_string(idev->reconnect_mode));
>
>         /* Make sure the device is bonded if required */
> -       if (classic_bonded_only && !device_is_bonded(idev->device,
> -                               btd_device_get_bdaddr_type(idev->device)))
> +       if (classic_bonded_only && !input_device_bonded(idev))
>                 return;
>
>         /* Only attempt an auto-reconnect when the device is required to
> --
> 2.28.0.rc0.105.gf9edc3c819-goog
>

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-22 16:20 [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Archie Pusaka
2020-07-22 16:20 ` [Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only Archie Pusaka
2020-07-23 16:43 ` [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Luiz Augusto von Dentz

Linux-Bluetooth Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-bluetooth/0 linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ https://lore.kernel.org/linux-bluetooth \
		linux-bluetooth@vger.kernel.org
	public-inbox-index linux-bluetooth

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-bluetooth


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git