Bluetooth: SMP: Fix dropping subsequent Security Requests
It is possible that slave sends subsequent Security Request while link is already encrypted. One example is that current LTK is unauthenticated and slave wants to increase security with MITM protection. Change-Id: I5f079e6140a5912443f770ba2c7cabeffcecdf2b Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This commit is contained in:
parent
cc1208fb5f
commit
1706ecebe2
1 changed files with 15 additions and 0 deletions
|
@ -1309,6 +1309,7 @@ static uint8_t smp_signing_info(struct bt_conn *conn, struct bt_buf *buf)
|
|||
static uint8_t smp_security_request(struct bt_conn *conn, struct bt_buf *buf)
|
||||
{
|
||||
struct bt_smp_security_request *req = (void *)buf->data;
|
||||
struct bt_smp *smp = conn->smp;
|
||||
struct bt_keys *keys;
|
||||
uint8_t auth;
|
||||
|
||||
|
@ -1340,6 +1341,8 @@ static uint8_t smp_security_request(struct bt_conn *conn, struct bt_buf *buf)
|
|||
return BT_SMP_ERR_UNSPECIFIED;
|
||||
}
|
||||
|
||||
atomic_set_bit(&smp->flags, SMP_FLAG_ENC_PENDING);
|
||||
|
||||
return 0;
|
||||
pair:
|
||||
if (bt_smp_send_pairing_req(conn) < 0) {
|
||||
|
@ -1486,6 +1489,18 @@ static void bt_smp_encrypt_change(struct bt_conn *conn)
|
|||
return;
|
||||
}
|
||||
|
||||
/* We were waiting for encryption but with no pairing in progress.
|
||||
* This can happen if paired slave sent Security Request and we
|
||||
* enabled encryption.
|
||||
*
|
||||
* Since it is possible that slave might sent another Security Request
|
||||
* eg with different AuthReq we should allow it.
|
||||
*/
|
||||
if (!atomic_test_bit(&smp->flags, SMP_FLAG_PAIRING)) {
|
||||
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
|
||||
return;
|
||||
}
|
||||
|
||||
if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
|
||||
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
|
||||
} else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue