From 40b10ccf8d75ec8f8fe8c1207b48d83ee9a0d3c7 Mon Sep 17 00:00:00 2001 From: Lyle Zhu Date: Thu, 17 Apr 2025 12:30:16 +0800 Subject: [PATCH] Bluetooth: Classic: SSP: Only set MITM when sec level is more than 2 The local device shall only set the MITM protection required flag if the local device itself requires MITM protection. Only set MITM flag when the required security level is more than 2 and pairing method is not `JUST_WORKS`. Signed-off-by: Lyle Zhu --- subsys/bluetooth/host/classic/ssp.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/subsys/bluetooth/host/classic/ssp.c b/subsys/bluetooth/host/classic/ssp.c index 7875eda6ab9..9f43b8a69d2 100644 --- a/subsys/bluetooth/host/classic/ssp.c +++ b/subsys/bluetooth/host/classic/ssp.c @@ -163,23 +163,15 @@ static uint8_t ssp_pair_method(const struct bt_conn *conn) static uint8_t ssp_get_auth(const struct bt_conn *conn) { bt_security_t max_sec_level; - uint8_t mitm = 0; /* Check if the MITM is required by service */ max_sec_level = bt_l2cap_br_get_max_sec_level(); + + /* + * The local device shall only set the MITM protection required flag + * if the local device itself requires MITM protection. + */ if ((max_sec_level > BT_SECURITY_L2) && (ssp_pair_method(conn) > JUST_WORKS)) { - mitm = BT_MITM; - } - - /* Validate no bond auth request, and if valid use it. */ - if ((conn->br.remote_auth == BT_HCI_NO_BONDING) || - ((conn->br.remote_auth == BT_HCI_NO_BONDING_MITM) && - (ssp_pair_method(conn) > JUST_WORKS))) { - return conn->br.remote_auth | mitm; - } - - /* Local & remote have enough IO capabilities to get MITM protection. */ - if (ssp_pair_method(conn) > JUST_WORKS) { return conn->br.remote_auth | BT_MITM; }