An exchange with a NFC target must complete within NCI_DATA_TIMEOUT. A delay of 700 ms is not sufficient for cryptographic operations on smart cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH or 3072-bit RSA. To prevent brute-force attacks, passports and similar documents introduce even longer delays into access control protocols (BAC/PACE). The timeout should be higher, but not too much. The expiration allows us to detect that a NFC target has disappeared. Expose data_timeout as a parameter of nci.ko. Keep the value in uint nci_data_timeout, set the default to 3 seconds. Point NCI_DATA_TIMEOUT to the new variable. Signed-off-by: Juraj Ĺ arinay --- include/net/nfc/nci_core.h | 4 +++- net/nfc/nci/core.c | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h index e180bdf2f82b..da62f0da1fb2 100644 --- a/include/net/nfc/nci_core.h +++ b/include/net/nfc/nci_core.h @@ -52,7 +52,9 @@ enum nci_state { #define NCI_RF_DISC_SELECT_TIMEOUT 5000 #define NCI_RF_DEACTIVATE_TIMEOUT 30000 #define NCI_CMD_TIMEOUT 5000 -#define NCI_DATA_TIMEOUT 700 + +extern unsigned int nci_data_timeout; +#define NCI_DATA_TIMEOUT nci_data_timeout struct nci_dev; diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index fc921cd2cdff..089a8757dbbb 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -31,6 +31,10 @@ #include #include +unsigned int nci_data_timeout = 3000; +module_param_named(data_timeout, nci_data_timeout, uint, 0644); +MODULE_PARM_DESC(data_timeout, "Round-trip communication timeout in milliseconds"); + struct core_conn_create_data { int length; struct nci_core_conn_create_cmd *cmd; -- 2.47.2