diff options
Diffstat (limited to 'net/bluetooth/smp.c')
| -rw-r--r-- | net/bluetooth/smp.c | 60 |
1 files changed, 46 insertions, 14 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index f2829a7932e2..e33a982161c1 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -385,6 +385,16 @@ static const u8 gen_method[5][5] = { | |||
| 385 | { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, | 385 | { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, |
| 386 | }; | 386 | }; |
| 387 | 387 | ||
| 388 | static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) | ||
| 389 | { | ||
| 390 | /* If either side has unknown io_caps, use JUST WORKS */ | ||
| 391 | if (local_io > SMP_IO_KEYBOARD_DISPLAY || | ||
| 392 | remote_io > SMP_IO_KEYBOARD_DISPLAY) | ||
| 393 | return JUST_WORKS; | ||
| 394 | |||
| 395 | return gen_method[remote_io][local_io]; | ||
| 396 | } | ||
| 397 | |||
| 388 | static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, | 398 | static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, |
| 389 | u8 local_io, u8 remote_io) | 399 | u8 local_io, u8 remote_io) |
| 390 | { | 400 | { |
| @@ -401,14 +411,11 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, | |||
| 401 | BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); | 411 | BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); |
| 402 | 412 | ||
| 403 | /* If neither side wants MITM, use JUST WORKS */ | 413 | /* If neither side wants MITM, use JUST WORKS */ |
| 404 | /* If either side has unknown io_caps, use JUST WORKS */ | ||
| 405 | /* Otherwise, look up method from the table */ | 414 | /* Otherwise, look up method from the table */ |
| 406 | if (!(auth & SMP_AUTH_MITM) || | 415 | if (!(auth & SMP_AUTH_MITM)) |
| 407 | local_io > SMP_IO_KEYBOARD_DISPLAY || | ||
| 408 | remote_io > SMP_IO_KEYBOARD_DISPLAY) | ||
| 409 | method = JUST_WORKS; | 416 | method = JUST_WORKS; |
| 410 | else | 417 | else |
| 411 | method = gen_method[remote_io][local_io]; | 418 | method = get_auth_method(smp, local_io, remote_io); |
| 412 | 419 | ||
| 413 | /* If not bonding, don't ask user to confirm a Zero TK */ | 420 | /* If not bonding, don't ask user to confirm a Zero TK */ |
| 414 | if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM) | 421 | if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM) |
| @@ -669,7 +676,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 669 | { | 676 | { |
| 670 | struct smp_cmd_pairing rsp, *req = (void *) skb->data; | 677 | struct smp_cmd_pairing rsp, *req = (void *) skb->data; |
| 671 | struct smp_chan *smp; | 678 | struct smp_chan *smp; |
| 672 | u8 key_size, auth; | 679 | u8 key_size, auth, sec_level; |
| 673 | int ret; | 680 | int ret; |
| 674 | 681 | ||
| 675 | BT_DBG("conn %p", conn); | 682 | BT_DBG("conn %p", conn); |
| @@ -695,7 +702,19 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 695 | /* We didn't start the pairing, so match remote */ | 702 | /* We didn't start the pairing, so match remote */ |
| 696 | auth = req->auth_req; | 703 | auth = req->auth_req; |
| 697 | 704 | ||
| 698 | conn->hcon->pending_sec_level = authreq_to_seclevel(auth); | 705 | sec_level = authreq_to_seclevel(auth); |
| 706 | if (sec_level > conn->hcon->pending_sec_level) | ||
| 707 | conn->hcon->pending_sec_level = sec_level; | ||
| 708 | |||
| 709 | /* If we need MITM check that it can be acheived */ | ||
| 710 | if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { | ||
| 711 | u8 method; | ||
| 712 | |||
| 713 | method = get_auth_method(smp, conn->hcon->io_capability, | ||
| 714 | req->io_capability); | ||
| 715 | if (method == JUST_WORKS || method == JUST_CFM) | ||
| 716 | return SMP_AUTH_REQUIREMENTS; | ||
| 717 | } | ||
| 699 | 718 | ||
| 700 | build_pairing_cmd(conn, req, &rsp, auth); | 719 | build_pairing_cmd(conn, req, &rsp, auth); |
| 701 | 720 | ||
| @@ -743,6 +762,16 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 743 | if (check_enc_key_size(conn, key_size)) | 762 | if (check_enc_key_size(conn, key_size)) |
| 744 | return SMP_ENC_KEY_SIZE; | 763 | return SMP_ENC_KEY_SIZE; |
| 745 | 764 | ||
| 765 | /* If we need MITM check that it can be acheived */ | ||
| 766 | if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { | ||
| 767 | u8 method; | ||
| 768 | |||
| 769 | method = get_auth_method(smp, req->io_capability, | ||
| 770 | rsp->io_capability); | ||
| 771 | if (method == JUST_WORKS || method == JUST_CFM) | ||
| 772 | return SMP_AUTH_REQUIREMENTS; | ||
| 773 | } | ||
| 774 | |||
| 746 | get_random_bytes(smp->prnd, sizeof(smp->prnd)); | 775 | get_random_bytes(smp->prnd, sizeof(smp->prnd)); |
| 747 | 776 | ||
| 748 | smp->prsp[0] = SMP_CMD_PAIRING_RSP; | 777 | smp->prsp[0] = SMP_CMD_PAIRING_RSP; |
| @@ -838,6 +867,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 838 | struct smp_cmd_pairing cp; | 867 | struct smp_cmd_pairing cp; |
| 839 | struct hci_conn *hcon = conn->hcon; | 868 | struct hci_conn *hcon = conn->hcon; |
| 840 | struct smp_chan *smp; | 869 | struct smp_chan *smp; |
| 870 | u8 sec_level; | ||
| 841 | 871 | ||
| 842 | BT_DBG("conn %p", conn); | 872 | BT_DBG("conn %p", conn); |
| 843 | 873 | ||
| @@ -847,7 +877,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 847 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) | 877 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) |
| 848 | return SMP_CMD_NOTSUPP; | 878 | return SMP_CMD_NOTSUPP; |
| 849 | 879 | ||
| 850 | hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); | 880 | sec_level = authreq_to_seclevel(rp->auth_req); |
| 881 | if (sec_level > hcon->pending_sec_level) | ||
| 882 | hcon->pending_sec_level = sec_level; | ||
| 851 | 883 | ||
| 852 | if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) | 884 | if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) |
| 853 | return 0; | 885 | return 0; |
| @@ -901,9 +933,12 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) | |||
| 901 | if (smp_sufficient_security(hcon, sec_level)) | 933 | if (smp_sufficient_security(hcon, sec_level)) |
| 902 | return 1; | 934 | return 1; |
| 903 | 935 | ||
| 936 | if (sec_level > hcon->pending_sec_level) | ||
| 937 | hcon->pending_sec_level = sec_level; | ||
| 938 | |||
| 904 | if (hcon->link_mode & HCI_LM_MASTER) | 939 | if (hcon->link_mode & HCI_LM_MASTER) |
| 905 | if (smp_ltk_encrypt(conn, sec_level)) | 940 | if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) |
| 906 | goto done; | 941 | return 0; |
| 907 | 942 | ||
| 908 | if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) | 943 | if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) |
| 909 | return 0; | 944 | return 0; |
| @@ -918,7 +953,7 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) | |||
| 918 | * requires it. | 953 | * requires it. |
| 919 | */ | 954 | */ |
| 920 | if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || | 955 | if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT || |
| 921 | sec_level > BT_SECURITY_MEDIUM) | 956 | hcon->pending_sec_level > BT_SECURITY_MEDIUM) |
| 922 | authreq |= SMP_AUTH_MITM; | 957 | authreq |= SMP_AUTH_MITM; |
| 923 | 958 | ||
| 924 | if (hcon->link_mode & HCI_LM_MASTER) { | 959 | if (hcon->link_mode & HCI_LM_MASTER) { |
| @@ -937,9 +972,6 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) | |||
| 937 | 972 | ||
| 938 | set_bit(SMP_FLAG_INITIATOR, &smp->flags); | 973 | set_bit(SMP_FLAG_INITIATOR, &smp->flags); |
| 939 | 974 | ||
| 940 | done: | ||
| 941 | hcon->pending_sec_level = sec_level; | ||
| 942 | |||
| 943 | return 0; | 975 | return 0; |
| 944 | } | 976 | } |
| 945 | 977 | ||