Bluetooth: Fix setting conn->pending_sec_level value from link key

When a connection is requested the conn->pending_sec_level value gets set to whatever level the user requested the connection to be. During the pairing process there are various sanity checks to try to ensure that the right length PIN or right IO Capability is used to satisfy the target security level. However, when we finally get hold of the link key that is to be used we should still set the actual final security level from the key type. This way when we eventually get an Encrypt Change event the correct value gets copied to conn->sec_level. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Johan Hedberg <johan.hedberg@intel.com> 2014-11-19 07:53:04 -0500
committer: Marcel Holtmann <marcel@holtmann.org> 2014-11-19 10:17:32 -0500
commit: cb6f3f7ace0e61285db22508a9efd8a5aeca0af5 (patch)
tree: c364e1fa331b3ace2697fadb1b7a7ff9aca4ea5a
parent: 22a3ceabf152c7c88afa9e34ea33fc3fa55e6cf8 (diff)
1 files changed, 40 insertions, 7 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 844f7d1ff1cd..54680fd39608 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3191,6 +3191,38 @@ unlock:
        hci_dev_unlock(hdev);
 }
+static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
+{
+        if (key_type == HCI_LK_CHANGED_COMBINATION)
+                return;
+        conn->pin_length = pin_len;
+        conn->key_type = key_type;
+        switch (key_type) {
+        case HCI_LK_LOCAL_UNIT:
+        case HCI_LK_REMOTE_UNIT:
+        case HCI_LK_DEBUG_COMBINATION:
+                return;
+        case HCI_LK_COMBINATION:
+                if (pin_len == 16)
+                        conn->pending_sec_level = BT_SECURITY_HIGH;
+                else
+                        conn->pending_sec_level = BT_SECURITY_MEDIUM;
+                break;
+        case HCI_LK_UNAUTH_COMBINATION_P192:
+        case HCI_LK_UNAUTH_COMBINATION_P256:
+                conn->pending_sec_level = BT_SECURITY_MEDIUM;
+                break;
+        case HCI_LK_AUTH_COMBINATION_P192:
+                conn->pending_sec_level = BT_SECURITY_HIGH;
+                break;
+        case HCI_LK_AUTH_COMBINATION_P256:
+                conn->pending_sec_level = BT_SECURITY_FIPS;
+                break;
+        }
+}
 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct hci_ev_link_key_req *ev = (void *) skb->data;
@@ -3232,8 +3264,7 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
                        goto not_found;
                }
-                conn->key_type = key->type;
+                conn_set_key(conn, key->type, key->pin_len);
-                conn->pin_length = key->pin_len;
        }
        bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -3266,12 +3297,8 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
        if (conn) {
                hci_conn_hold(conn);
                conn->disc_timeout = HCI_DISCONN_TIMEOUT;
-                pin_len = conn->pin_length;
-                if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
-                        conn->key_type = ev->key_type;
                hci_conn_drop(conn);
+                conn_set_key(conn, ev->key_type, conn->pin_length);
        }
        if (!test_bit(HCI_MGMT, &hdev->dev_flags))
@@ -3282,6 +3309,12 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
        if (!key)
                goto unlock;
+        /* Update connection information since adding the key will have
+         * fixed up the type in the case of changed combination keys.
+         */
+        if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
+                conn_set_key(conn, key->type, key->pin_len);
        mgmt_new_link_key(hdev, key, persistent);
        /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
author	Johan Hedberg <johan.hedberg@intel.com>	2014-11-19 07:53:04 -0500
committer	Marcel Holtmann <marcel@holtmann.org>	2014-11-19 10:17:32 -0500
commit	cb6f3f7ace0e61285db22508a9efd8a5aeca0af5 (patch)
tree	c364e1fa331b3ace2697fadb1b7a7ff9aca4ea5a
parent	22a3ceabf152c7c88afa9e34ea33fc3fa55e6cf8 (diff)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 844f7d1ff1cd..54680fd39608 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -3191,6 +3191,38 @@ unlock:
3191	hci_dev_unlock(hdev);	3191	hci_dev_unlock(hdev);
3192	}	3192	}
3193		3193
		3194	static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
		3195	{
		3196	if (key_type == HCI_LK_CHANGED_COMBINATION)
		3197	return;
		3198
		3199	conn->pin_length = pin_len;
		3200	conn->key_type = key_type;
		3201
		3202	switch (key_type) {
		3203	case HCI_LK_LOCAL_UNIT:
		3204	case HCI_LK_REMOTE_UNIT:
		3205	case HCI_LK_DEBUG_COMBINATION:
		3206	return;
		3207	case HCI_LK_COMBINATION:
		3208	if (pin_len == 16)
		3209	conn->pending_sec_level = BT_SECURITY_HIGH;
		3210	else
		3211	conn->pending_sec_level = BT_SECURITY_MEDIUM;
		3212	break;
		3213	case HCI_LK_UNAUTH_COMBINATION_P192:
		3214	case HCI_LK_UNAUTH_COMBINATION_P256:
		3215	conn->pending_sec_level = BT_SECURITY_MEDIUM;
		3216	break;
		3217	case HCI_LK_AUTH_COMBINATION_P192:
		3218	conn->pending_sec_level = BT_SECURITY_HIGH;
		3219	break;
		3220	case HCI_LK_AUTH_COMBINATION_P256:
		3221	conn->pending_sec_level = BT_SECURITY_FIPS;
		3222	break;
		3223	}
		3224	}
		3225
3194	static void hci_link_key_request_evt(struct hci_dev hdev, struct sk_buff skb)	3226	static void hci_link_key_request_evt(struct hci_dev hdev, struct sk_buff skb)
3195	{	3227	{
3196	struct hci_ev_link_key_req ev = (void ) skb->data;	3228	struct hci_ev_link_key_req ev = (void ) skb->data;
@@ -3232,8 +3264,7 @@ static void hci_link_key_request_evt(struct hci_dev hdev, struct sk_buff skb)
3232	goto not_found;	3264	goto not_found;
3233	}	3265	}
3234		3266
3235	conn->key_type = key->type;	3267	conn_set_key(conn, key->type, key->pin_len);
3236	conn->pin_length = key->pin_len;
3237	}	3268	}
3238		3269
3239	bacpy(&cp.bdaddr, &ev->bdaddr);	3270	bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -3266,12 +3297,8 @@ static void hci_link_key_notify_evt(struct hci_dev hdev, struct sk_buff skb)
3266	if (conn) {	3297	if (conn) {
3267	hci_conn_hold(conn);	3298	hci_conn_hold(conn);
3268	conn->disc_timeout = HCI_DISCONN_TIMEOUT;	3299	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3269	pin_len = conn->pin_length;
3270
3271	if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3272	conn->key_type = ev->key_type;
3273
3274	hci_conn_drop(conn);	3300	hci_conn_drop(conn);
		3301	conn_set_key(conn, ev->key_type, conn->pin_length);
3275	}	3302	}
3276		3303
3277	if (!test_bit(HCI_MGMT, &hdev->dev_flags))	3304	if (!test_bit(HCI_MGMT, &hdev->dev_flags))
@@ -3282,6 +3309,12 @@ static void hci_link_key_notify_evt(struct hci_dev hdev, struct sk_buff skb)
3282	if (!key)	3309	if (!key)
3283	goto unlock;	3310	goto unlock;
3284		3311
		3312	/* Update connection information since adding the key will have
		3313	* fixed up the type in the case of changed combination keys.
		3314	*/
		3315	if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
		3316	conn_set_key(conn, key->type, key->pin_len);
		3317
3285	mgmt_new_link_key(hdev, key, persistent);	3318	mgmt_new_link_key(hdev, key, persistent);
3286		3319
3287	/* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag	3320	/* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag