[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [bluetooth-dev] Where to store link keys ?



Here some reflections...

Link-Keys are very sensitive information. If you have a valid link key and
bt-address for a bluetooth device that device is open for you. That means it
should be considered very carefully where to store link-keys.

a) Hardware storage
Normally the number of link keys that can be stored in the hardware module
is restricted to a very low number (e.g. three link keys) But it is the
savest place for storage. You have to read out and analyse the flash memory
(or EEPROM) of the module to get the desired information. The link key
memory in the module can be managed with HCI commands.

b) Hard-Disk storage
It seems that in the actual stack implementation the user has to handle the
link keys. (It should be considered  to save the link key with corresponding
remote bt-address dependend from the local bt-address. That makes a
bt-hardware change easier.) Because you are in user mode, is is desirable to
protect the link key with some crypto algorithm and not to store it e.g. as
plain ascii text. Of course you have to save the link key otherwise every PC
restart requires a new pairing. 

Should the usage of the device be restricted to the user who have done the
pairing?
The best implementation is perhaps to store it in a root read only file.
Perhaps one possibility is to allow pairing only as root? Or running the
sec.-manager with root rights?

  Christian

> -----Ursprüngliche Nachricht-----
> Von:	Alain Paschoud [SMTP:alain.paschoud@xxxxxxx.ch]
> Gesendet am:	Freitag, 12. Oktober 2001 09:42
> An:	bluetooth-dev@xxxxxxx.com
> Betreff:	[bluetooth-dev] Where to store link keys ?
> 
> Hello,
> 
> I'm trying to understand how should exactly work the security manager for
> PIN code an LINK_KEYS.
> When connecting, if the orther bluetooth module need a PIN, it will return
> a
> PIN_CODE_REQUEST event that is forwarded to security manager in userland.
> The security manager have to ask the PIN to the user and have to return it
> to the driver to finish conneciton establishment. For PIN, it's OK.
> 
> But for LINK_KEYS, I've some problem to understand. I see three things :
> 
> - The module can answer to HCI commands like "HCI Read Stored Link Key"
> and
> "HCI Read Stored Link Key". So with that, I think that current link key is
> stored in the module. But because the same module can generate the event
> "Return Link Keys" (with several link keys), can it store all used
> link_keys ?
> 
> - In the stack, the sec_client.c implemented a local list (a pointer list)
> of link keys. But if the stack recieve a "Link Key Request", it doesn't
> look
> in this list, but it forwards the question in userland to the security
> manager...
> 
> 
> So, Normally should link keys be stored in userland (by security manager),
> in kernel land (in the local list), or in the bluetooth module ?
> 
> It seems logical to me that this link key have to be stored in userland so
> that it can be saved in a file and the pairing can bee kept event if the
> device has been shutted down.
> 
> If someone can give me some explanation, I'll be very gratefull.
>  
> --
> Alain Paschoud                      SMARTDATA SA
> alain.paschoud@xxxxxxx.ch         PSE-A
> http://www.smartdata.ch             1015 Lausanne
> Phone +41-21-693'84'98              
> Fax   +41-27-693'84'91              
> -
> To unsubscribe from this list: send the line "unsubscribe bluetooth-dev"
> in
> the body of a message to majordomo@xxxxxxx.com
-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com