| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250825134644.135448-1-juraj@sarinay.com>
Date: Mon, 25 Aug 2025 15:46:43 +0200
From: Juraj Šarinay <juraj@...inay.com>
To: netdev@...r.kernel.org
Cc: Juraj Šarinay <juraj@...inay.com>,
krzk@...nel.org,
linux-kernel@...r.kernel.org,
davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com
Subject: [PATCH net-next] net: nfc: nci: Turn data timeout into a module parameter and increase the default
An exchange with a NFC target must complete within NCI_DATA_TIMEOUT.
A delay of 700 ms is not sufficient for cryptographic operations on smart
cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH
or 3072-bit RSA. To prevent brute-force attacks, passports and similar
documents introduce even longer delays into access control protocols
(BAC/PACE).
The timeout should be higher, but not too much. The expiration allows
us to detect that a NFC target has disappeared.
Expose data_timeout as a parameter of nci.ko. Keep the value in uint
nci_data_timeout, set the default to 3 seconds. Point NCI_DATA_TIMEOUT
to the new variable.
Signed-off-by: Juraj Šarinay <juraj@...inay.com>
---
include/net/nfc/nci_core.h | 4 +++-
net/nfc/nci/core.c | 4 ++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h
index e180bdf2f82b..da62f0da1fb2 100644
--- a/include/net/nfc/nci_core.h
+++ b/include/net/nfc/nci_core.h
@@ -52,7 +52,9 @@ enum nci_state {
#define NCI_RF_DISC_SELECT_TIMEOUT 5000
#define NCI_RF_DEACTIVATE_TIMEOUT 30000
#define NCI_CMD_TIMEOUT 5000
-#define NCI_DATA_TIMEOUT 700
+
+extern unsigned int nci_data_timeout;
+#define NCI_DATA_TIMEOUT nci_data_timeout
struct nci_dev;
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index fc921cd2cdff..089a8757dbbb 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -31,6 +31,10 @@
#include <net/nfc/nci_core.h>
#include <linux/nfc.h>
+unsigned int nci_data_timeout = 3000;
+module_param_named(data_timeout, nci_data_timeout, uint, 0644);
+MODULE_PARM_DESC(data_timeout, "Round-trip communication timeout in milliseconds");
+
struct core_conn_create_data {
int length;
struct nci_core_conn_create_cmd *cmd;
--
2.47.2
Powered by blists - more mailing lists