From: Mikel Astiz <mikel.astiz.oss@gmail.com>
To: linux-bluetooth@vger.kernel.org
Cc: Timo Mueller <timo.mueller@bmw-carit.de>,
Mikel Astiz <mikel.astiz@bmw-carit.de>
Subject: [RFC v2 2/2] Bluetooth: Use MITM protection when responding LM
Date: Thu, 30 May 2013 11:26:56 +0200 [thread overview]
Message-ID: <1369906016-17006-3-git-send-email-mikel.astiz.oss@gmail.com> (raw)
In-Reply-To: <1369906016-17006-1-git-send-email-mikel.astiz.oss@gmail.com>
From: Timo Mueller <timo.mueller@bmw-carit.de>
A MITM protected SSP associaton model can be used for pairing if both
local and remote IO capabilities are set to something other than
NoInputNoOutput, regardless of the bonding type (dedicated or general).
With these IO capabilities a MITM protected SSP association model has
been used by the Kernel if we are initiating the pairing process
(initiating LM).
When responding to a pairing request (remote device is the initiating
LM) the pairing should also be proteced against MITM attacks, as
proposed in this patch.
Signed-off-by: Timo Mueller <timo.mueller@bmw-carit.de>
Signed-off-by: Mikel Astiz <mikel.astiz@bmw-carit.de>
---
net/bluetooth/hci_event.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 777a040..ca59623 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3024,22 +3024,19 @@ unlock:
static u8 hci_get_auth_req(struct hci_conn *conn)
{
- /* If remote requests dedicated bonding follow that lead */
- if ((conn->remote_auth & ~0x01) == HCI_AT_DEDICATED_BONDING) {
- /* If both remote and local IO capabilities allow MITM
- * protection then require it, otherwise don't */
- if (conn->remote_cap == SMP_IO_NO_INPUT_OUTPUT ||
- conn->io_capability == SMP_IO_NO_INPUT_OUTPUT)
- return 0x02;
- else
- return 0x03;
- }
-
/* If remote requests no-bonding follow that lead */
if ((conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING)
return conn->remote_auth | (conn->auth_type & 0x01);
- return conn->auth_type;
+ /* If both remote and local IO capabilities allow MITM protection
+ * then require it
+ */
+ if (conn->remote_cap != SMP_IO_NO_INPUT_OUTPUT &&
+ conn->io_capability != SMP_IO_NO_INPUT_OUTPUT)
+ return conn->remote_auth | 0x01;
+
+ /* No MITM protection possible due to lacking capabilities */
+ return conn->remote_auth & ~0x01;
}
static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
--
1.8.1.4
next prev parent reply other threads:[~2013-05-30 9:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-30 9:26 [RFC v2 0/2] SSP MITM protection for General Bonding Mikel Astiz
2013-05-30 9:26 ` [RFC v2 1/2] Bluetooth: Use defines instead of integer literals Mikel Astiz
2013-06-13 8:15 ` Johan Hedberg
2013-05-30 9:26 ` Mikel Astiz [this message]
2013-06-13 8:32 ` [RFC v2 2/2] Bluetooth: Use MITM protection when responding LM Johan Hedberg
2013-06-17 6:50 ` Mikel Astiz
2013-06-13 8:08 ` [RFC v2 0/2] SSP MITM protection for General Bonding Mikel Astiz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1369906016-17006-3-git-send-email-mikel.astiz.oss@gmail.com \
--to=mikel.astiz.oss@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=mikel.astiz@bmw-carit.de \
--cc=timo.mueller@bmw-carit.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).