Bluetooth: Require authentication if MITM protection is requested

The HIGH security level requires a 16 digit pin code for non-SSP bondings. Sometimes this requirement is not acceptable and we still want protection againts MITM attacks (which is something that the MEDIUM security level doesn't provide), for that we should allow another way to request authentication without using the HIGH security level. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: Require authentication if MITM protection is requested
The HIGH security level requires a 16 digit pin code for non-SSP bondings. Sometimes this requirement is not acceptable and we still want protection againts MITM attacks (which is something that the MEDIUM security level doesn't provide), for that we should allow another way to request authentication without using the HIGH security level. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e9bf2bf0 · Vinicius Costa Gomes · Gustavo F. Padovan · 8aab4757 · e9bf2bf0
Commit e9bf2bf0 authored Sep 02, 2011 by Vinicius Costa Gomes Committed by Gustavo F. Padovan Sep 21, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

net/bluetooth/hci_event.c net/bluetooth/hci_event.c +3 -2

No files found.
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1103,9 +1103,10 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
 		return 0;

 	/* Only request authentication for SSP connections or non-SSP
-	 * devices with sec_level HIGH */
+	 * devices with sec_level HIGH or if MITM protection is requested */
 	if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
-				conn->pending_sec_level != BT_SECURITY_HIGH)
+				conn->pending_sec_level != BT_SECURITY_HIGH &&
+				!(conn->auth_type & 0x01))
 		return 0;

 	return 1;