Bluetooth: Require authentication if MITM protection is requested

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The HIGH security level requires a 16 digit pin code for non-SSP
bondings. Sometimes this requirement is not acceptable and we still
want protection againts MITM attacks (which is something that the
MEDIUM security level doesn't provide), for that we should allow
another way to request authentication without using the HIGH security
level.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

authored by

Vinicius Costa Gomes and committed by

Gustavo F. Padovan 14 years ago e9bf2bf0 8aab4757

+3 -2

1 changed file

expand all

net

bluetooth

hci_event.c

+3 -2

net/bluetooth/hci_event.c

··· 1103 1103 return 0; 1104 1104 1105 1105 /* Only request authentication for SSP connections or non-SSP 1106 - * devices with sec_level HIGH */ 1106 + * devices with sec_level HIGH or if MITM protection is requested */ 1107 1107 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 1108 - conn->pending_sec_level != BT_SECURITY_HIGH) 1108 + conn->pending_sec_level != BT_SECURITY_HIGH && 1109 + !(conn->auth_type & 0x01)) 1109 1110 return 0; 1110 1111 1111 1112 return 1;