aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohan Hedberg <johan.hedberg@intel.com>2012-06-07 02:58:37 -0400
committerGustavo Padovan <gustavo.padovan@collabora.co.uk>2012-06-08 02:58:34 -0400
commit4dab786482d706a2a41cd16cf174671d640a9870 (patch)
tree1d068a2942a98fb8e91cca4510d958ac24cf1c85
parentd06cc416f517a25713dedd9e2a9ccf4f3086c09a (diff)
Bluetooth: Fix SMP security elevation from medium to high
If we have an unauthenticated key it is not sufficient to acheive high security. Therefore, when deciding whether to encrypt the link or request pairing, it is essential to in addition to checking the existence of a key to also check whether it is authenticated or not. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-rw-r--r--net/bluetooth/smp.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index c4ac2849d9c2..37df4e9b3896 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -703,7 +703,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
703 return 0; 703 return 0;
704} 704}
705 705
706static u8 smp_ltk_encrypt(struct l2cap_conn *conn) 706static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
707{ 707{
708 struct smp_ltk *key; 708 struct smp_ltk *key;
709 struct hci_conn *hcon = conn->hcon; 709 struct hci_conn *hcon = conn->hcon;
@@ -712,6 +712,9 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
712 if (!key) 712 if (!key)
713 return 0; 713 return 0;
714 714
715 if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
716 return 0;
717
715 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 718 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
716 return 1; 719 return 1;
717 720
@@ -732,7 +735,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
732 735
733 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); 736 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
734 737
735 if (smp_ltk_encrypt(conn)) 738 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
736 return 0; 739 return 0;
737 740
738 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 741 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
@@ -771,7 +774,7 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
771 return 1; 774 return 1;
772 775
773 if (hcon->link_mode & HCI_LM_MASTER) 776 if (hcon->link_mode & HCI_LM_MASTER)
774 if (smp_ltk_encrypt(conn)) 777 if (smp_ltk_encrypt(conn, sec_level))
775 goto done; 778 goto done;
776 779
777 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 780 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))