Bluetooth: Ignore key unauthenticated for high security
authorWaldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Thu, 28 Apr 2011 10:07:56 +0000 (12:07 +0200)
committerGustavo F. Padovan <padovan@profusion.mobi>
Thu, 28 Apr 2011 18:03:42 +0000 (15:03 -0300)
High security level for pre v2.1 devices requires combination link key
authenticated by at least 16 digit PIN code.

It's also necessary to update key_type and pin_length when the key
exists and is sufficently secured for the connection as there will be
no link key notify event in that case.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
net/bluetooth/hci_event.c

index 655af8bc60e2213b618a1ec67e10686f076e8727..40e96cd79e4a661bd7866c4e782fda075cdbc50e 100644 (file)
@@ -2059,11 +2059,23 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
        }
 
        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
+       if (conn) {
+               if (key->type == HCI_LK_UNAUTH_COMBINATION &&
+                               conn->auth_type != 0xff &&
+                               (conn->auth_type & 0x01)) {
+                       BT_DBG("%s ignoring unauthenticated key", hdev->name);
+                       goto not_found;
+               }
 
-       if (key->type == HCI_LK_UNAUTH_COMBINATION && conn &&
-                       conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
-               BT_DBG("%s ignoring unauthenticated key", hdev->name);
-               goto not_found;
+               if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
+                               conn->pending_sec_level == BT_SECURITY_HIGH) {
+                       BT_DBG("%s ignoring key unauthenticated for high \
+                                                       security", hdev->name);
+                       goto not_found;
+               }
+
+               conn->key_type = key->type;
+               conn->pin_length = key->pin_len;
        }
 
        bacpy(&cp.bdaddr, &ev->bdaddr);