mbox series

[0/3] LE OOB pairing support

Message ID 20220603223225.20296-1-puffy.taco@gmail.com
Headers show
Series LE OOB pairing support | expand

Message

Mike Brudevold June 3, 2022, 10:32 p.m. UTC
From: Michael Brudevold <michael.brudevold@veranexsolutions.com>

This patch series implements userspace support for LE OOB pairing. It was
tested against an nRF52 dev kit with Nordic's NFC pairing example. Support is
only for reading a tag; generating and sending back OOB information was not
implemented.

Overall, LE EIR data is not dissimilar to BREDR, but the OOB blob starts off
slightly differently necessitating a different code path before reaching the
EIR parser.

Michael Brudevold (3):
  eir: parse data types for LE OOB pairing
  Accept LE formatted EIR data with neard plugin
  neard: Update D-Bus path and interface

 plugins/neard.c | 64 +++++++++++++++++++++++++++++++++++++++++++------
 src/adapter.c   |  3 ++-
 src/adapter.h   |  2 +-
 src/eir.c       | 21 ++++++++++++++++
 src/eir.h       |  4 ++++
 5 files changed, 85 insertions(+), 9 deletions(-)

Comments

Mike Brudevold June 10, 2022, 5:52 p.m. UTC | #1
More testing below.

On Fri, Jun 3, 2022 at 5:32 PM Michael Brudevold <puffy.taco@gmail.com> wrote:
>
> From: Michael Brudevold <michael.brudevold@veranexsolutions.com>
>
> This patch series implements userspace support for LE OOB pairing. It was
> tested against an nRF52 dev kit with Nordic's NFC pairing example. Support is
> only for reading a tag; generating and sending back OOB information was not
> implemented.

Further testing indicates that the OOB pairing data was not being used
(beyond BD addr).  I tried corrupting the relevant fields and it still
successfully paired.  The bluetooth capture in Wireshark shows an SMP
Pairing Request going out with the OOB data flags set to zero (OOB
auth not present).  This is a 5.13 kernel from Ubuntu 20.04, so I'll
check that it isn't a kernel version issue, but a coworker tested on
an Ubuntu 22.04 instance and had a similar high level experience.  I'm
still digging into where/how the OOB flag gets set for this request.

>
> Overall, LE EIR data is not dissimilar to BREDR, but the OOB blob starts off
> slightly differently necessitating a different code path before reaching the
> EIR parser.
>
> Michael Brudevold (3):
>   eir: parse data types for LE OOB pairing
>   Accept LE formatted EIR data with neard plugin
>   neard: Update D-Bus path and interface
>
>  plugins/neard.c | 64 +++++++++++++++++++++++++++++++++++++++++++------
>  src/adapter.c   |  3 ++-
>  src/adapter.h   |  2 +-
>  src/eir.c       | 21 ++++++++++++++++
>  src/eir.h       |  4 ++++
>  5 files changed, 85 insertions(+), 9 deletions(-)
>
> --
> 2.25.1
>
Mike Brudevold June 10, 2022, 8:39 p.m. UTC | #2
Found the issue.

On Fri, Jun 10, 2022 at 12:52 PM Mike Brudevold <puffy.taco@gmail.com> wrote:
>
> More testing below.
>
> On Fri, Jun 3, 2022 at 5:32 PM Michael Brudevold <puffy.taco@gmail.com> wrote:
> >
> > From: Michael Brudevold <michael.brudevold@veranexsolutions.com>
> >
> > This patch series implements userspace support for LE OOB pairing. It was
> > tested against an nRF52 dev kit with Nordic's NFC pairing example. Support is
> > only for reading a tag; generating and sending back OOB information was not
> > implemented.
>
> Further testing indicates that the OOB pairing data was not being used
> (beyond BD addr).  I tried corrupting the relevant fields and it still
> successfully paired.  The bluetooth capture in Wireshark shows an SMP
> Pairing Request going out with the OOB data flags set to zero (OOB
> auth not present).  This is a 5.13 kernel from Ubuntu 20.04, so I'll
> check that it isn't a kernel version issue, but a coworker tested on
> an Ubuntu 22.04 instance and had a similar high level experience.  I'm
> still digging into where/how the OOB flag gets set for this request.

Looks like the issue is that I need to update the adapter code to put
the rand/conf values into the appropriate hash256/rand256 for LE SC
(was only written to use hash192/rand192).  With this change, I can
corrupt these values and pairing becomes unsuccessful.  I'll get this
updated and send new patches.

>
> >
> > Overall, LE EIR data is not dissimilar to BREDR, but the OOB blob starts off
> > slightly differently necessitating a different code path before reaching the
> > EIR parser.
> >
> > Michael Brudevold (3):
> >   eir: parse data types for LE OOB pairing
> >   Accept LE formatted EIR data with neard plugin
> >   neard: Update D-Bus path and interface
> >
> >  plugins/neard.c | 64 +++++++++++++++++++++++++++++++++++++++++++------
> >  src/adapter.c   |  3 ++-
> >  src/adapter.h   |  2 +-
> >  src/eir.c       | 21 ++++++++++++++++
> >  src/eir.h       |  4 ++++
> >  5 files changed, 85 insertions(+), 9 deletions(-)
> >
> > --
> > 2.25.1
> >