summaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_conn.c
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2014-03-19 22:10:25 +0100
committerJohan Hedberg <johan.hedberg@intel.com>2014-03-19 22:30:32 +0100
commit40b552aa5a0bfa785bc7ddb5c2d7965b1e0bb08d (patch)
tree3ea70beb7e49dd1e890efdc6a068756dd7e6d744 /net/bluetooth/hci_conn.c
parentBluetooth: Fix Pair Device response parameters for pairing failure (diff)
downloadlinux-40b552aa5a0bfa785bc7ddb5c2d7965b1e0bb08d.tar.xz
linux-40b552aa5a0bfa785bc7ddb5c2d7965b1e0bb08d.zip
Bluetooth: Enforce strict Secure Connections Only mode security
In Secure Connections Only mode, it is required that Secure Connections is used for pairing and that the link key is encrypted with AES-CCM using a P-256 authenticated combination key. If this is not the case, then new connection shall be refused or existing connections shall be dropped. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth/hci_conn.c')
-rw-r--r--net/bluetooth/hci_conn.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b4809e473a19..d958e2dca52f 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -781,6 +781,17 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
{
BT_DBG("hcon %p", conn);
+ /* In Secure Connections Only mode, it is required that Secure
+ * Connections is used and the link is encrypted with AES-CCM
+ * using a P-256 authenticated combination key.
+ */
+ if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
+ if (!hci_conn_sc_enabled(conn) ||
+ !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
+ conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
+ return 0;
+ }
+
if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
return 0;