Bluetooth: Require authentication if MITM protection is requested

The HIGH security level requires a 16 digit pin code for non-SSP bondings. Sometimes this requirement is not acceptable and we still want protection againts MITM attacks (which is something that the MEDIUM security level doesn't provide), for that we should allow another way to request authentication without using the HIGH security level. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
author: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> 2011-09-02 14:51:20 -0300
committer: Gustavo F. Padovan <padovan@profusion.mobi> 2011-09-21 12:58:12 -0300
commit: e9bf2bf03e14627fac8520468231ea11dfa37610 (patch)
tree: 4f0b5949919271fff82ecd68659485c511131e5b /net/bluetooth/hci_event.c
parent: 8aab47574a7f5b46a4cdbc6fd820ab34e6c5dbf9 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index e54d0822260..fd6eea0941b 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1103,9 +1103,10 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
 		return 0;
 
 	/* Only request authentication for SSP connections or non-SSP
-	 * devices with sec_level HIGH */
+	 * devices with sec_level HIGH or if MITM protection is requested */
 	if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
-				conn->pending_sec_level != BT_SECURITY_HIGH)
+				conn->pending_sec_level != BT_SECURITY_HIGH &&
+				!(conn->auth_type & 0x01))
 		return 0;
 
 	return 1;
author	Vinicius Costa Gomes <vinicius.gomes@openbossa.org>	2011-09-02 14:51:20 -0300
committer	Gustavo F. Padovan <padovan@profusion.mobi>	2011-09-21 12:58:12 -0300
commit	e9bf2bf03e14627fac8520468231ea11dfa37610 (patch)
tree	4f0b5949919271fff82ecd68659485c511131e5b /net/bluetooth/hci_event.c
parent	8aab47574a7f5b46a4cdbc6fd820ab34e6c5dbf9 (diff)