Bluetooth: Use general bonding whenever possible

When receiving incoming connection to specific services, always use general bonding. This ensures that the link key gets stored and can be used for further authentications. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Marcel Holtmann <marcel@holtmann.org> 2009-02-08 20:48:38 -0500
committer: Marcel Holtmann <marcel@holtmann.org> 2009-02-27 00:14:40 -0500
commit: 0684e5f9fb9e3f7e168ab831dfca693bcb44805b (patch)
tree: 1fb1315dff64ef2ebaa24729988b2c3b7c77d578 /net/bluetooth
parent: efc7688b557dd1be10eead7399b315efcb1dbc74 (diff)
3 files changed, 39 insertions, 16 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2435e830ba6..7fc4c048b57 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -391,19 +391,14 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
 EXPORT_SYMBOL(hci_conn_check_link_mode);
 /* Authenticate remote device */
-static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
+static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
        BT_DBG("conn %p", conn);
-        if (sec_level > conn->sec_level)
+        if (sec_level > conn->sec_level) {
-                conn->link_mode &= ~HCI_LM_AUTH;
+                conn->sec_level = sec_level;
+                conn->auth_type = auth_type;
-        conn->sec_level = sec_level;
+        } else if (conn->link_mode & HCI_LM_AUTH)
-        if (sec_level == BT_SECURITY_HIGH)
-                conn->auth_type |= 0x01;
-        if (conn->link_mode & HCI_LM_AUTH)
                return 1;
        if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
@@ -417,7 +412,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
 }
 /* Enable security */
-int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
+int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
        BT_DBG("conn %p", conn);
@@ -426,18 +421,18 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
        if (sec_level == BT_SECURITY_LOW) {
                if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)
-                        return hci_conn_auth(conn, sec_level);
+                        return hci_conn_auth(conn, sec_level, auth_type);
                else
                        return 1;
        }
        if (conn->link_mode & HCI_LM_ENCRYPT)
-                return hci_conn_auth(conn, sec_level);
+                return hci_conn_auth(conn, sec_level, auth_type);
        if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
                return 0;
-        if (hci_conn_auth(conn, sec_level)) {
+        if (hci_conn_auth(conn, sec_level, auth_type)) {
                struct hci_cp_set_conn_encrypt cp;
                cp.handle  = cpu_to_le16(conn->handle);
                cp.encrypt = 1;
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index b677af671f3..8a93dde4095 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -263,8 +263,22 @@ static void l2cap_chan_del(struct sock *sk, int err)
 static inline int l2cap_check_security(struct sock *sk)
 {
        struct l2cap_conn *conn = l2cap_pi(sk)->conn;
+        __u8 auth_type;
+        switch (l2cap_pi(sk)->sec_level) {
+        case BT_SECURITY_HIGH:
+                auth_type = HCI_AT_GENERAL_BONDING_MITM;
+                break;
+        case BT_SECURITY_MEDIUM:
+                auth_type = HCI_AT_GENERAL_BONDING;
+                break;
+        default:
+                auth_type = HCI_AT_NO_BONDING;
+                break;
+        }
-        return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
+        return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
+                                                                auth_type);
 }
 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 3717c25ba33..1828ec06ad1 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -226,8 +226,22 @@ static int rfcomm_l2sock_create(struct socket **sock)
 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
 {
        struct sock *sk = d->session->sock->sk;
+        __u8 auth_type;
-        return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level);
+        switch (d->sec_level) {
+        case BT_SECURITY_HIGH:
+                auth_type = HCI_AT_GENERAL_BONDING_MITM;
+                break;
+        case BT_SECURITY_MEDIUM:
+                auth_type = HCI_AT_GENERAL_BONDING;
+                break;
+        default:
+                auth_type = HCI_AT_NO_BONDING;
+                break;
+        }
+        return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
+                                                                auth_type);
 }
 /* ---- RFCOMM DLCs ---- */
author	Marcel Holtmann <marcel@holtmann.org>	2009-02-08 20:48:38 -0500
committer	Marcel Holtmann <marcel@holtmann.org>	2009-02-27 00:14:40 -0500
commit	0684e5f9fb9e3f7e168ab831dfca693bcb44805b (patch)
tree	1fb1315dff64ef2ebaa24729988b2c3b7c77d578 /net/bluetooth
parent	efc7688b557dd1be10eead7399b315efcb1dbc74 (diff)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 2435e830ba6..7fc4c048b57 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -391,19 +391,14 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
391	EXPORT_SYMBOL(hci_conn_check_link_mode);	391	EXPORT_SYMBOL(hci_conn_check_link_mode);
392		392
393	/* Authenticate remote device */	393	/* Authenticate remote device */
394	static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)	394	static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
395	{	395	{
396	BT_DBG("conn %p", conn);	396	BT_DBG("conn %p", conn);
397		397
398	if (sec_level > conn->sec_level)	398	if (sec_level > conn->sec_level) {
399	conn->link_mode &= ~HCI_LM_AUTH;	399	conn->sec_level = sec_level;
400		400	conn->auth_type = auth_type;
401	conn->sec_level = sec_level;	401	} else if (conn->link_mode & HCI_LM_AUTH)
402
403	if (sec_level == BT_SECURITY_HIGH)
404	conn->auth_type \|= 0x01;
405
406	if (conn->link_mode & HCI_LM_AUTH)
407	return 1;	402	return 1;
408		403
409	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {	404	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
@@ -417,7 +412,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
417	}	412	}
418		413
419	/* Enable security */	414	/* Enable security */
420	int hci_conn_security(struct hci_conn *conn, __u8 sec_level)	415	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
421	{	416	{
422	BT_DBG("conn %p", conn);	417	BT_DBG("conn %p", conn);
423		418
@@ -426,18 +421,18 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
426		421
427	if (sec_level == BT_SECURITY_LOW) {	422	if (sec_level == BT_SECURITY_LOW) {
428	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)	423	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)
429	return hci_conn_auth(conn, sec_level);	424	return hci_conn_auth(conn, sec_level, auth_type);
430	else	425	else
431	return 1;	426	return 1;
432	}	427	}
433		428
434	if (conn->link_mode & HCI_LM_ENCRYPT)	429	if (conn->link_mode & HCI_LM_ENCRYPT)
435	return hci_conn_auth(conn, sec_level);	430	return hci_conn_auth(conn, sec_level, auth_type);
436		431
437	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))	432	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
438	return 0;	433	return 0;
439		434
440	if (hci_conn_auth(conn, sec_level)) {	435	if (hci_conn_auth(conn, sec_level, auth_type)) {
441	struct hci_cp_set_conn_encrypt cp;	436	struct hci_cp_set_conn_encrypt cp;
442	cp.handle = cpu_to_le16(conn->handle);	437	cp.handle = cpu_to_le16(conn->handle);
443	cp.encrypt = 1;	438	cp.encrypt = 1;


diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index b677af671f3..8a93dde4095 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c
@@ -263,8 +263,22 @@ static void l2cap_chan_del(struct sock *sk, int err)
263	static inline int l2cap_check_security(struct sock *sk)	263	static inline int l2cap_check_security(struct sock *sk)
264	{	264	{
265	struct l2cap_conn *conn = l2cap_pi(sk)->conn;	265	struct l2cap_conn *conn = l2cap_pi(sk)->conn;
		266	__u8 auth_type;
		267
		268	switch (l2cap_pi(sk)->sec_level) {
		269	case BT_SECURITY_HIGH:
		270	auth_type = HCI_AT_GENERAL_BONDING_MITM;
		271	break;
		272	case BT_SECURITY_MEDIUM:
		273	auth_type = HCI_AT_GENERAL_BONDING;
		274	break;
		275	default:
		276	auth_type = HCI_AT_NO_BONDING;
		277	break;
		278	}
266		279
267	return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);	280	return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
		281	auth_type);
268	}	282	}
269		283
270	static inline u8 l2cap_get_ident(struct l2cap_conn *conn)	284	static inline u8 l2cap_get_ident(struct l2cap_conn *conn)


diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 3717c25ba33..1828ec06ad1 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c
@@ -226,8 +226,22 @@ static int rfcomm_l2sock_create(struct socket **sock)
226	static inline int rfcomm_check_security(struct rfcomm_dlc *d)	226	static inline int rfcomm_check_security(struct rfcomm_dlc *d)
227	{	227	{
228	struct sock *sk = d->session->sock->sk;	228	struct sock *sk = d->session->sock->sk;
		229	__u8 auth_type;
229		230
230	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level);	231	switch (d->sec_level) {
		232	case BT_SECURITY_HIGH:
		233	auth_type = HCI_AT_GENERAL_BONDING_MITM;
		234	break;
		235	case BT_SECURITY_MEDIUM:
		236	auth_type = HCI_AT_GENERAL_BONDING;
		237	break;
		238	default:
		239	auth_type = HCI_AT_NO_BONDING;
		240	break;
		241	}
		242
		243	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
		244	auth_type);
231	}	245	}
232		246
233	/* ---- RFCOMM DLCs ---- */	247	/* ---- RFCOMM DLCs ---- */