Bluetooth: SMP: Fix dropping subsequent Security Requests

It is possible that slave sends subsequent Security Request while
link is already encrypted. One example is that current LTK is
unauthenticated and slave wants to increase security with MITM
protection.

Change-Id: I5f079e6140a5912443f770ba2c7cabeffcecdf2b
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This commit is contained in:
Szymon Janc 2015-10-13 11:41:25 +02:00 committed by Anas Nashif
commit 1706ecebe2

View file

@ -1309,6 +1309,7 @@ static uint8_t smp_signing_info(struct bt_conn *conn, struct bt_buf *buf)
static uint8_t smp_security_request(struct bt_conn *conn, struct bt_buf *buf)
{
struct bt_smp_security_request *req = (void *)buf->data;
struct bt_smp *smp = conn->smp;
struct bt_keys *keys;
uint8_t auth;
@ -1340,6 +1341,8 @@ static uint8_t smp_security_request(struct bt_conn *conn, struct bt_buf *buf)
return BT_SMP_ERR_UNSPECIFIED;
}
atomic_set_bit(&smp->flags, SMP_FLAG_ENC_PENDING);
return 0;
pair:
if (bt_smp_send_pairing_req(conn) < 0) {
@ -1486,6 +1489,18 @@ static void bt_smp_encrypt_change(struct bt_conn *conn)
return;
}
/* We were waiting for encryption but with no pairing in progress.
* This can happen if paired slave sent Security Request and we
* enabled encryption.
*
* Since it is possible that slave might sent another Security Request
* eg with different AuthReq we should allow it.
*/
if (!atomic_test_bit(&smp->flags, SMP_FLAG_PAIRING)) {
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
return;
}
if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
} else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {