diff options
| author | Timo Mueller <timo.mueller@bmw-carit.de> | 2014-04-08 14:21:33 +0200 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2014-04-11 10:33:08 -0700 |
| commit | 7e74170af1fd5f09fb176759c1d0c0024548c057 (patch) | |
| tree | 269c646457c83fbe4e95edd7087bc998c5e9f6c0 /net/bluetooth | |
| parent | 6fd6b915bd94cd81611254f318fa3bb769cc4afe (diff) | |
| download | linux-stable-7e74170af1fd5f09fb176759c1d0c0024548c057.tar.gz linux-stable-7e74170af1fd5f09fb176759c1d0c0024548c057.tar.bz2 linux-stable-7e74170af1fd5f09fb176759c1d0c0024548c057.zip | |
Bluetooth: Use MITM Protection when IO caps allow it
When responding to a remotely-initiated pairing procedure, a MITM
protected SSP associaton model can be used for pairing if both local
and remote IO capabilities are set to something other than
NoInputNoOutput, regardless of the bonding type (Dedicated or
General).
This was already done for Dedicated Bonding but this patch proposes to
use the same policy for General Bonding as well.
The GAP Specification gives the flexibility to decide whether MITM
Protection is used ot not (Bluetooth Core Specification v4.0 Volume 3,
part C, section 6.5.3).
Note however that the recommendation is *not* to set this flag "unless
the security policy of an available local service requires MITM
Protection" (for both Dedicated and General Bonding). However, as we are
already requiring MITM for Dedicated Bonding, we will follow this
behaviour also for General Bonding.
Signed-off-by: Timo Mueller <timo.mueller@bmw-carit.de>
Signed-off-by: Mikel Astiz <mikel.astiz@bmw-carit.de>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/hci_event.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 2c097322b126..8f76e352ad00 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3424,11 +3424,6 @@ static u8 hci_get_auth_req(struct hci_conn *conn) conn->remote_auth == HCI_AT_NO_BONDING_MITM) return conn->remote_auth | (conn->auth_type & 0x01); - /* For general bonding, use the given auth_type */ - if (conn->remote_auth == HCI_AT_GENERAL_BONDING || - conn->remote_auth == HCI_AT_GENERAL_BONDING_MITM) - return conn->auth_type; - /* If both remote and local have enough IO capabilities, require * MITM protection */ @@ -3436,8 +3431,8 @@ static u8 hci_get_auth_req(struct hci_conn *conn) conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) return conn->remote_auth | 0x01; - /* No MITM protection possible so remove requirement */ - return conn->remote_auth & ~0x01; + /* No MITM protection possible so ignore remote requirement */ + return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01); } static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) |