[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bluetooth-dev] Unwanted authentication with Digianswer 1.09



Le Lundi 01 Octobre 2001 12:14, Alain Paschoud a écrit :
> Hello,
>
> On Tue, Sep 25, 2001 at 06:53:03AM -0400, LIBAULT David wrote:
> > I have exactly the same problem and had no choice but implementing a
> > security manager myself.
> >
> > I would like to point out that it is specified in the LAN access profile
> > that authentication and encryption should be enforced by both the
> > terminal and the gateway... So more and more terminals will require a pin
> > code/link key to connect to a gateway.
>
> I think a lot of people have the same problem. I wanted to connect to a
> phone, and I had to implement a pin-code reply part in the stack too.
>
> For the moment, I simply call a clone of function
> hci_pin_code_request_reply with a hard-coded pin code when I recieve a "PIN
> Code Request" event. But I haven't find a simple way to ask the code to the
> user when the stack need it.
>
> You say you implemented a simple security manager. Is it possible with it
> that the user enter a PIN-code only when the driver need it ? If yes, how
> is it possible to do that ?

For my application, the device runing the openbt stack has 1 pin code saved 
in memory (it is an access point). 

When a new device connects requiring authentication, the baseband require a 
link key from the stack (which redirects this request to my security 
manager). If the security manager doesn't have a link key for this device, 
the baseband will ask for a pin code. The security manager gives the pin code 
to the baseband (if it considers it is in pairing mode), and at the remote 
device, the user will be asked to enter a pin code. If the pin code entered 
at the remote device is the same, the baseband will give a link key to the 
security manager. This link key is stored somewhere by the security manager : 
the remote device is now paired. If a link key request comes from this device 
again, the security manager (as it now knows it) will give the saved link key 
to the baseband. If the security manager at the remote device is designed 
properly, it will also have this link key saved somewhere, and will not 
require the user to enter the pin code again.

It is important to store the link key, as the pin code should be sent as few 
times as possible over the air (event if it is crypted).

This is my understanding of how it works. Hope it helps.

Note : the security manager is a user mode program that receives the HCI 
security events via the /proc/sec_srv device, and sends security related HCI 
commands thru the /dev/ttyBTC device... In case you want the user to enter 
the pin code every time it is needed, maybe an xwindow program could do that, 
and open a dialog whenever a pin code is requested...

>
> Thank you for any advice or any example.
>
> --
> Alain Paschoud                      SMARTDATA SA
> alain.paschoud@xxxxxxx.ch         PSE-A
> http://www.smartdata.ch             1015 Lausanne
> Phone +41-21-693'84'98
> Fax   +41-27-693'84'91
> -
> To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
> the body of a message to majordomo@xxxxxxx.com
-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com