Enforce bluetooth security and authentication using BlueZ

Question

I'm using BlueZ 5.49 and trying to connect, pair, and pass information between two different bluetooth devices. It's seems like i have problem with enforcing security and authentication between the two.

I'm configuring each hci device with: hciconfig hci0 pscan auth encrypt which as i read, is setting the device to security mode 3.

In addition i'm creating manualy this path in both sides: /var/lib/bluetooth/<local_bdaddr>/<remote_bdaddr>/info with LinkKey.

I've noticed that if i'm creating the path for only one device, and then trying to connect using rfcomm connect from the device without the infofile, the connection succeed, even though the device is lacking the info file which containts the LinkKey. If i'm trying rfcomm connect from the device with the info file i'm getting Key Exchange Error, which is acceptable since the other device doesn't have the key.

My base line is that it seems that security and authentication are not enforced.

Many Thanks, Liad

Answer 1

Apparently hci device is by default set to work in Secure Simple Pairing also known as sspmode. Simple Pairing originaly generated to support devices that can't insert pin code during pairing process (such as headset).

Hence when a device is in sspmode enabled, it use a default pin key - say 0000, and then based on the pin, generating LinkKey to encrypt and authenticate, and thus not truely enforcing authentication as i mentioned before.

The line hciconfig hci0 sspmode disable is disabling the Secure Simple Pairing mode, and finally enforce authentication using the static LinkKey you supply in the info file which located in /var/lib/bluetooth/<your_mac>/<remote_mac>/info.