diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2014-07-09 12:18:09 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2014-07-09 12:23:05 -0400 |
| commit | 2bcd4003b8fafe200eb31f43d50e305e5dc44058 (patch) | |
| tree | 07682fff004cd17a2b261f0c8babf8321dce21fd /net/bluetooth/smp.c | |
| parent | 6fea7ad1d338dba592d65423427a997f1b7ff485 (diff) | |
Bluetooth: Always confirm incoming SMP just-works requests
For incoming requests we want to let the user know that pairing is
happening since otherwise there could be access to MEDIUM security
services without any user interaction at all. Therefore, set the
selected method to JUST_CFM instead of JUST_WORKS and let it be
converted back to JUST_WORKS later if we are the initators.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth/smp.c')
| -rw-r--r-- | net/bluetooth/smp.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 55c41de2f5a0..a17761c83820 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -391,10 +391,12 @@ static const u8 gen_method[5][5] = { | |||
| 391 | 391 | ||
| 392 | static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) | 392 | static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) |
| 393 | { | 393 | { |
| 394 | /* If either side has unknown io_caps, use JUST WORKS */ | 394 | /* If either side has unknown io_caps, use JUST_CFM (which gets |
| 395 | * converted later to JUST_WORKS if we're initiators. | ||
| 396 | */ | ||
| 395 | if (local_io > SMP_IO_KEYBOARD_DISPLAY || | 397 | if (local_io > SMP_IO_KEYBOARD_DISPLAY || |
| 396 | remote_io > SMP_IO_KEYBOARD_DISPLAY) | 398 | remote_io > SMP_IO_KEYBOARD_DISPLAY) |
| 397 | return JUST_WORKS; | 399 | return JUST_CFM; |
| 398 | 400 | ||
| 399 | return gen_method[remote_io][local_io]; | 401 | return gen_method[remote_io][local_io]; |
| 400 | } | 402 | } |
| @@ -414,10 +416,14 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, | |||
| 414 | 416 | ||
| 415 | BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); | 417 | BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); |
| 416 | 418 | ||
| 417 | /* If neither side wants MITM, use JUST WORKS */ | 419 | /* If neither side wants MITM, either "just" confirm an incoming |
| 418 | /* Otherwise, look up method from the table */ | 420 | * request or use just-works for outgoing ones. The JUST_CFM |
| 421 | * will be converted to JUST_WORKS if necessary later in this | ||
| 422 | * function. If either side has MITM look up the method from the | ||
| 423 | * table. | ||
| 424 | */ | ||
| 419 | if (!(auth & SMP_AUTH_MITM)) | 425 | if (!(auth & SMP_AUTH_MITM)) |
| 420 | method = JUST_WORKS; | 426 | method = JUST_CFM; |
| 421 | else | 427 | else |
| 422 | method = get_auth_method(smp, local_io, remote_io); | 428 | method = get_auth_method(smp, local_io, remote_io); |
| 423 | 429 | ||