Bluetooth: Require authentication if MITM protection is requested
authorVinicius Costa Gomes <vinicius.gomes@openbossa.org>
Fri, 2 Sep 2011 17:51:20 +0000 (14:51 -0300)
committerGustavo F. Padovan <padovan@profusion.mobi>
Wed, 21 Sep 2011 15:58:12 +0000 (12:58 -0300)
The HIGH security level requires a 16 digit pin code for non-SSP
bondings. Sometimes this requirement is not acceptable and we still
want protection againts MITM attacks (which is something that the
MEDIUM security level doesn't provide), for that we should allow
another way to request authentication without using the HIGH security
level.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
net/bluetooth/hci_event.c

index e54d08222605a7ce730f9ff4703be5a9beb62036..fd6eea0941b636907af644729f2c0aa4b441a8bf 100644 (file)
@@ -1103,9 +1103,10 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
                return 0;
 
        /* Only request authentication for SSP connections or non-SSP
-        * devices with sec_level HIGH */
+        * devices with sec_level HIGH or if MITM protection is requested */
        if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
-                               conn->pending_sec_level != BT_SECURITY_HIGH)
+                               conn->pending_sec_level != BT_SECURITY_HIGH &&
+                               !(conn->auth_type & 0x01))
                return 0;
 
        return 1;