Security Interface
Description
pin_helper concept has been removed starting with bluez-utils 3.X. and has been replaced with a feature called passkey agents. An application that wants to handle passkey requests must use the "hcid" security interface to register a passkey agent. Currently, two types of passkey agents are supported: default and device specific. A "specific" passkey agent handles all passkey requests for a given remote device while a default handles all requests for which a specific agent was not found. "specific" passkey agents are useful to address pre-defined passkey values or environments where the user interaction is not allowed/difficult.
When the CreateBonding method is called the "hcid" daemon will verify if there is a link key stored in the file system. If it is available an error is returned, and if not, a D-Bus message is sent to the registered passkey agent asking for a passkey.
Each Passkey Agent is represented by a D-Bus object path. The "hcid" distinguishes the agents based on their unique bus names and their object paths.
Architecture
- Step 1: Represents the passkey agent registration
- Step 2: Represents a client calling CreateBonding
- Step 3: Represents the hcid asking for a passkey value
Message Flow
In the following figure, the "CreateBonding" method call is hidden. The "PIN Request" HCI event is generated when there is not a link available in the file system. In this case "Link Key Request Negative Reply" command is sent triggering the "Pin Request" event.
- Step 1: Represents the D-Bus message sent to register the default/device specific passkey agent.
- Step 2: Represents the HCI "PIN Request" event sent by the Bluetooth Host Controller.
- Step 3: Represents the D-Bus message sent to the default/device speficic passkey agent requesting a passkey.
- Step 4: Represents the "Auth Complete" event where the status contains "LMP Response Timeout"(The remote didn't type the passkey).
- Step 5: Represents the "hcid" issuing a "Cancel" to a previous Request call.
- Step 6: Represents the D-Bus message sent to release the passkey agent: basically sent when the hcid exits.
Message Sequence Chart
TBD: Add a Bonding and Authorization chart here
Related Documents
- PasskeyAgent Writing a passkey agent
- AuthorizationAgent? Writing an authorization agent
- HOWTO/Authorization Brief explanation how use authorization methods
- HOWTO/Bonding Brief explanation how use the bonding methods
Attachments
- PasskeyAgent.png (69.0 kB) -
Passkey Agent
, added by cktakahasi on 03/20/07 14:06:12. - PasskeyAgent_MessageFlow.png (65.7 kB) -
Passkey Agent Message Flow
, added by cktakahasi on 03/20/07 21:15:59.
