Skip to content

Commit 2c068e0

Browse files
holtmannJohan Hedberg
authored andcommitted
Bluetooth: Handle security level 4 for RFCOMM connections
With the introduction of security level 4, the RFCOMM sockets need to be made aware of this new level. This change ensures that the pairing requirements are set correctly for these connections. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
1 parent 7d513e9 commit 2c068e0

File tree

3 files changed

+15
-2
lines changed

3 files changed

+15
-2
lines changed

include/net/bluetooth/rfcomm.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -295,6 +295,7 @@ struct rfcomm_conninfo {
295295
#define RFCOMM_LM_TRUSTED 0x0008
296296
#define RFCOMM_LM_RELIABLE 0x0010
297297
#define RFCOMM_LM_SECURE 0x0020
298+
#define RFCOMM_LM_FIPS 0x0040
298299

299300
#define rfcomm_pi(sk) ((struct rfcomm_pinfo *) sk)
300301

net/bluetooth/rfcomm/core.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,7 @@ static int rfcomm_check_security(struct rfcomm_dlc *d)
216216

217217
switch (d->sec_level) {
218218
case BT_SECURITY_HIGH:
219+
case BT_SECURITY_FIPS:
219220
auth_type = HCI_AT_GENERAL_BONDING_MITM;
220221
break;
221222
case BT_SECURITY_MEDIUM:
@@ -2085,7 +2086,8 @@ static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
20852086
set_bit(RFCOMM_SEC_PENDING, &d->flags);
20862087
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
20872088
continue;
2088-
} else if (d->sec_level == BT_SECURITY_HIGH) {
2089+
} else if (d->sec_level == BT_SECURITY_HIGH ||
2090+
d->sec_level == BT_SECURITY_FIPS) {
20892091
set_bit(RFCOMM_ENC_DROP, &d->flags);
20902092
continue;
20912093
}

net/bluetooth/rfcomm/sock.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -648,6 +648,11 @@ static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __u
648648
break;
649649
}
650650

651+
if (opt & RFCOMM_LM_FIPS) {
652+
err = -EINVAL;
653+
break;
654+
}
655+
651656
if (opt & RFCOMM_LM_AUTH)
652657
rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
653658
if (opt & RFCOMM_LM_ENCRYPT)
@@ -762,7 +767,11 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
762767
break;
763768
case BT_SECURITY_HIGH:
764769
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
765-
RFCOMM_LM_SECURE;
770+
RFCOMM_LM_SECURE;
771+
break;
772+
case BT_SECURITY_FIPS:
773+
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
774+
RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
766775
break;
767776
default:
768777
opt = 0;
@@ -774,6 +783,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
774783

775784
if (put_user(opt, (u32 __user *) optval))
776785
err = -EFAULT;
786+
777787
break;
778788

779789
case RFCOMM_CONNINFO:

0 commit comments

Comments
 (0)