Commit 2bcd4003 authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann

Bluetooth: Always confirm incoming SMP just-works requests

For incoming requests we want to let the user know that pairing is
happening since otherwise there could be access to MEDIUM security
services without any user interaction at all. Therefore, set the
selected method to JUST_CFM instead of JUST_WORKS and let it be
converted back to JUST_WORKS later if we are the initators.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 6fea7ad1
...@@ -391,10 +391,12 @@ static const u8 gen_method[5][5] = { ...@@ -391,10 +391,12 @@ static const u8 gen_method[5][5] = {
static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
{ {
/* If either side has unknown io_caps, use JUST WORKS */ /* If either side has unknown io_caps, use JUST_CFM (which gets
* converted later to JUST_WORKS if we're initiators.
*/
if (local_io > SMP_IO_KEYBOARD_DISPLAY || if (local_io > SMP_IO_KEYBOARD_DISPLAY ||
remote_io > SMP_IO_KEYBOARD_DISPLAY) remote_io > SMP_IO_KEYBOARD_DISPLAY)
return JUST_WORKS; return JUST_CFM;
return gen_method[remote_io][local_io]; return gen_method[remote_io][local_io];
} }
...@@ -414,10 +416,14 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth, ...@@ -414,10 +416,14 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
/* If neither side wants MITM, use JUST WORKS */ /* If neither side wants MITM, either "just" confirm an incoming
/* Otherwise, look up method from the table */ * request or use just-works for outgoing ones. The JUST_CFM
* will be converted to JUST_WORKS if necessary later in this
* function. If either side has MITM look up the method from the
* table.
*/
if (!(auth & SMP_AUTH_MITM)) if (!(auth & SMP_AUTH_MITM))
method = JUST_WORKS; method = JUST_CFM;
else else
method = get_auth_method(smp, local_io, remote_io); method = get_auth_method(smp, local_io, remote_io);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment