michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: BR/EDR: Check security on SSP authentication

Browse source 
Rejects by negative reply to authentication request if HIGH
security is required on local and both devices IO Capability values
disallow to interact with user.

Change-Id: Ia670d0b3c5c66a27175f4f5f38cd56e845e393b0
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
This commit is contained in:
Arkadiusz Lichwa 2016-02-24 11:38:20 +01:00 committed by Johan Hedberg
commit 029820c926
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
net/bluetooth/conn.c
View file

@ -858,6 +858,17 @@ void bt_conn_ssp_auth(struct bt_conn *conn, uint32_t passkey)
{ {
conn->br.ssp_method = ssp_pair_method(conn); conn->br.ssp_method = ssp_pair_method(conn);
/*
* If local required security is HIGH then MITM is mandatory.
* MITM protection is no achievable when SSP 'justworks' is applied.
*/
if (conn->required_sec_level > BT_SECURITY_MEDIUM &&
conn->br.ssp_method == JUST_WORKS) {
BT_DBG("MITM protection infeasible for required security");
ssp_confirm_neg_reply(conn);
return;
}
/* TODO: As pairing acceptor call user pairing consent API callback. */ /* TODO: As pairing acceptor call user pairing consent API callback. */
/* Start interactive authentication if valid, default to justworks. */ /* Start interactive authentication if valid, default to justworks. */