Pilla 技術宅

目的

在手機配對RPI2的BlueZ時，一直失敗，找了資料發現要改/usr/bin/bluez-simple-agent的capability 才可以配對？所以針對這個參數來了解BlueZ以及BlueTooth的相互關係

BlueTooth的SSP定義了安全配對的方法

底下資訊擷取自wiki

Secure Simple Pairing (SSP): This is required by Bluetooth v2.1, although a Bluetooth v2.1 device may only use legacy pairing to interoperate with a v2.0 or earlier device. Secure Simple Pairing uses a form of public key cryptography, and some types can help protect against man in the middle, or MITM attacks. SSP has the following characteristics:

Just works:

As the name implies, this method just works, with no user interaction. However, a device may prompt the user to confirm the pairing process. This method is typically used by headsets with very limited IO capabilities, and is more secure than the fixed PIN mechanism this limited set of devices uses for legacy pairing. This method provides no man-in-the-middle (MITM) protection.

Numeric comparison:

If both devices have a display, and at least one can accept a binary yes/no user input, they may use Numeric Comparison. This method displays a 6-digit numeric code on each device. The user should compare the numbers to ensure they are identical. If the comparison succeeds, the user(s) should confirm pairing on the device(s) that can accept an input. This method provides MITM protection, assuming the user confirms on both devices and actually performs the comparison properly.

Passkey Entry:

This method may be used between a device with a display and a device with numeric keypad entry (such as a keyboard), or two devices with numeric keypad entry. In the first case, the display is used to show a 6-digit numeric code to the user, who then enters the code on the keypad. In the second case, the user of each device enters the same 6-digit number. Both of these cases provide MITM protection.

Out of band (OOB):

This method uses an external means of communication, such as Near Field Communication (NFC) to exchange some information used in the pairing process. Pairing is completed using the Bluetooth radio, but requires information from the OOB mechanism. This provides only the level of MITM protection that is present in the OOB mechanism.

SSP 被認為相對安全的原因是:

* In most cases, it does not require a user to generate a passkey.

* For use-cases not requiring MITM protection, user interaction can be eliminated.

* For numeric comparison, MITM protection can be achieved with a simple equality comparison by the user.

* Using OOB with NFC enables pairing when devices simply get close, rather than requiring a lengthy discovery process.

Bluez的配對方式

由agent-api.txt這文檔中指出，blueZ有五個參數可以設定。

DisplayOnly, DisplayYesNo, KeyboardOnly, NoInputNoOutput and KeyboardDisplay.

這五種跟SSP的定義是什麼樣的關係？

Low Energy SMP based pairing introduces the additional KeyboardDisplay IO capability. If you want to support LE it's recommended you provide that as your agent capability and BlueZ will then automatically downgrade it to DisplayYesNo for BR/EDR (SSP) pairing and use it as is for LE SMP pairing.

And additionally that "" maps to DisplayYesNo for BR/EDR and KeyboardDisplay for LE.

上面是找Google找到的回應，這樣講看來設定程""，較可以符合大部分的設備