iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19c5ce9c5f
linux/net/bluetooth
History
Johan Hedberg 19c5ce9c5f Bluetooth: Add workaround for broken OS X legacy SMP pairing 
OS X version 10.10.2 (and possibly older versions) doesn't support LE
Secure Connections but incorrectly copies all authentication request
bits from a Security Request to its Pairing Request. The result is that
an SC capable initiator (such as BlueZ) will think OS X intends to do SC
when in fact it's incapable of it:

< ACL Data TX: Handle 3585 flags 0x00 dlen 6
      SMP: Security Request (0x0b) len 1
        Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11
      SMP: Pairing Request (0x01) len 6
        IO capability: KeyboardDisplay (0x04)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
        Max encryption key size: 16
        Initiator key distribution: EncKey (0x01)
        Responder key distribution: EncKey IdKey Sign (0x07)
< ACL Data TX: Handle 3585 flags 0x00 dlen 11
      SMP: Pairing Response (0x02) len 6
        IO capability: NoInputNoOutput (0x03)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
        Max encryption key size: 16
        Initiator key distribution: EncKey (0x01)
        Responder key distribution: EncKey Sign (0x05)

The pairing eventually fails when we get an unexpected Pairing Confirm
PDU instead of a Public Key PDU:

> ACL Data RX: Handle 3585 flags 0x02 dlen 21
      SMP: Pairing Confirm (0x03) len 16
        Confim value: bcc3bed31b8f313a78ec3cce32685faf

It is only at this point that we can speculate that the remote doesn't
really support SC. This patch creates a workaround for the just-works
model, however the MITM case is unsolvable because the OS X user has
already been requested to enter a PIN which we're now expected to
randomly generate and show the user (i.e. a chicken-and-egg problem).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-03-17 18:58:24 +01:00
..
bnep bluetooth: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
cmtp Bluetooth: Remove dead code 2015-01-14 11:16:17 +02:00
hidp Bluetooth: hidp_connection_add() unsafe use of l2cap_pi() 2014-12-19 13:40:07 +01:00
rfcomm net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
6lowpan.c Bluetooth: 6lowpan: Remove PSM setting code 2015-01-14 22:48:13 +01:00
a2mp.c Bluetooth: Make __next_ident function static. 2015-02-15 10:14:54 +02:00
a2mp.h Bluetooth: Make __next_ident function static. 2015-02-15 10:14:54 +02:00
af_bluetooth.c Bluetooth: Convert mgmt to use HCI chan registration API 2015-03-06 20:15:21 +01:00
amp.c Bluetooth: Fix sparse warning in amp.c 2014-11-11 00:07:29 +01:00
amp.h
ecc.c Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
ecc.h Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
hci_conn.c Bluetooth: Introduce hci_dev_clear_flag helper macro 2015-03-13 12:09:27 +02:00
hci_core.c Bluetooth: Add simultaneous dual mode scan 2015-03-17 18:31:00 +02:00
hci_debugfs.c Bluetooth: The P-256 randomizer is 16 octets long and not 19 octets 2015-03-16 21:36:24 +02:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: Add simultaneous dual mode scan 2015-03-17 18:31:00 +02:00
hci_request.c Bluetooth: Merge hdev->dbg_flags fields into hdev->dev_flags 2015-03-13 19:28:36 +02:00
hci_request.h Bluetooth: Add hci_request support for hci_update_background_scan 2014-12-19 22:06:37 +01:00
hci_sock.c Bluetooth: Move generic mgmt command dispatcher to hci_sock.c 2015-03-17 18:03:08 +01:00
hci_sysfs.c
Kconfig Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
l2cap_core.c Bluetooth: Merge hdev->dbg_flags fields into hdev->dev_flags 2015-03-13 19:28:36 +02:00
l2cap_sock.c net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
lib.c Bluetooth: Convert bt_<level> logging functions to return void 2014-09-24 09:40:08 +02:00
Makefile Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt_util.c Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt.c Bluetooth: Move generic mgmt command dispatcher to hci_sock.c 2015-03-17 18:03:08 +01:00
sco.c Bluetooth: fix sco_exit compile warning 2015-03-07 22:13:17 +02:00
selftest.c Bluetooth: Use %llu for printing duration details of selftests 2015-01-14 10:02:45 +02:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c Bluetooth: Add workaround for broken OS X legacy SMP pairing 2015-03-17 18:58:24 +01:00
smp.h Bluetooth: Add function for generating LE SC out-of-band data 2015-03-16 10:31:27 +02:00