Commit d2eb9e10 authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann

Bluetooth: Update SMP security level to/from auth_req for SC

This patch updates the functions which map the SMP authentication
request to a security level and vice-versa to take into account the
Secure Connections feature.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 65668776
...@@ -284,17 +284,22 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) ...@@ -284,17 +284,22 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
} }
static __u8 authreq_to_seclevel(__u8 authreq) static u8 authreq_to_seclevel(u8 authreq)
{ {
if (authreq & SMP_AUTH_MITM) if (authreq & SMP_AUTH_MITM) {
return BT_SECURITY_HIGH; if (authreq & SMP_AUTH_SC)
return BT_SECURITY_FIPS;
else else
return BT_SECURITY_HIGH;
} else {
return BT_SECURITY_MEDIUM; return BT_SECURITY_MEDIUM;
}
} }
static __u8 seclevel_to_authreq(__u8 sec_level) static __u8 seclevel_to_authreq(__u8 sec_level)
{ {
switch (sec_level) { switch (sec_level) {
case BT_SECURITY_FIPS:
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return SMP_AUTH_MITM | SMP_AUTH_BONDING; return SMP_AUTH_MITM | SMP_AUTH_BONDING;
case BT_SECURITY_MEDIUM: case BT_SECURITY_MEDIUM:
...@@ -1026,6 +1031,8 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) ...@@ -1026,6 +1031,8 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC)) if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
set_bit(SMP_FLAG_SC, &smp->flags); set_bit(SMP_FLAG_SC, &smp->flags);
else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
/* If we need MITM check that it can be achieved */ /* If we need MITM check that it can be achieved */
if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
...@@ -1255,6 +1262,9 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) ...@@ -1255,6 +1262,9 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
authreq = seclevel_to_authreq(sec_level); authreq = seclevel_to_authreq(sec_level);
if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
authreq |= SMP_AUTH_SC;
/* Require MITM if IO Capability allows or the security level /* Require MITM if IO Capability allows or the security level
* requires it. * requires it.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment