提交 7d513e92 编写于 作者: M Marcel Holtmann 提交者: Johan Hedberg

Bluetooth: Handle security level 4 for L2CAP connections

With the introduction of security level 4, the L2CAP sockets need to
be made aware of this new level. This change ensures that the pairing
requirements are set correctly for these connections.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
上级 7b5a9241
...@@ -91,6 +91,7 @@ struct l2cap_conninfo { ...@@ -91,6 +91,7 @@ struct l2cap_conninfo {
#define L2CAP_LM_TRUSTED 0x0008 #define L2CAP_LM_TRUSTED 0x0008
#define L2CAP_LM_RELIABLE 0x0010 #define L2CAP_LM_RELIABLE 0x0010
#define L2CAP_LM_SECURE 0x0020 #define L2CAP_LM_SECURE 0x0020
#define L2CAP_LM_FIPS 0x0040
/* L2CAP command codes */ /* L2CAP command codes */
#define L2CAP_COMMAND_REJ 0x01 #define L2CAP_COMMAND_REJ 0x01
......
...@@ -737,6 +737,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -737,6 +737,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
case L2CAP_CHAN_RAW: case L2CAP_CHAN_RAW:
switch (chan->sec_level) { switch (chan->sec_level) {
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
case BT_SECURITY_FIPS:
return HCI_AT_DEDICATED_BONDING_MITM; return HCI_AT_DEDICATED_BONDING_MITM;
case BT_SECURITY_MEDIUM: case BT_SECURITY_MEDIUM:
return HCI_AT_DEDICATED_BONDING; return HCI_AT_DEDICATED_BONDING;
...@@ -749,7 +750,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -749,7 +750,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
if (chan->sec_level == BT_SECURITY_LOW) if (chan->sec_level == BT_SECURITY_LOW)
chan->sec_level = BT_SECURITY_SDP; chan->sec_level = BT_SECURITY_SDP;
} }
if (chan->sec_level == BT_SECURITY_HIGH) if (chan->sec_level == BT_SECURITY_HIGH ||
chan->sec_level == BT_SECURITY_FIPS)
return HCI_AT_NO_BONDING_MITM; return HCI_AT_NO_BONDING_MITM;
else else
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
...@@ -759,7 +761,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -759,7 +761,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
if (chan->sec_level == BT_SECURITY_LOW) if (chan->sec_level == BT_SECURITY_LOW)
chan->sec_level = BT_SECURITY_SDP; chan->sec_level = BT_SECURITY_SDP;
if (chan->sec_level == BT_SECURITY_HIGH) if (chan->sec_level == BT_SECURITY_HIGH ||
chan->sec_level == BT_SECURITY_FIPS)
return HCI_AT_NO_BONDING_MITM; return HCI_AT_NO_BONDING_MITM;
else else
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
...@@ -768,6 +771,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -768,6 +771,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
default: default:
switch (chan->sec_level) { switch (chan->sec_level) {
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
case BT_SECURITY_FIPS:
return HCI_AT_GENERAL_BONDING_MITM; return HCI_AT_GENERAL_BONDING_MITM;
case BT_SECURITY_MEDIUM: case BT_SECURITY_MEDIUM:
return HCI_AT_GENERAL_BONDING; return HCI_AT_GENERAL_BONDING;
...@@ -7206,7 +7210,8 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt) ...@@ -7206,7 +7210,8 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
if (encrypt == 0x00) { if (encrypt == 0x00) {
if (chan->sec_level == BT_SECURITY_MEDIUM) { if (chan->sec_level == BT_SECURITY_MEDIUM) {
__set_chan_timer(chan, L2CAP_ENC_TIMEOUT); __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
} else if (chan->sec_level == BT_SECURITY_HIGH) } else if (chan->sec_level == BT_SECURITY_HIGH ||
chan->sec_level == BT_SECURITY_FIPS)
l2cap_chan_close(chan, ECONNREFUSED); l2cap_chan_close(chan, ECONNREFUSED);
} else { } else {
if (chan->sec_level == BT_SECURITY_MEDIUM) if (chan->sec_level == BT_SECURITY_MEDIUM)
......
...@@ -432,6 +432,10 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -432,6 +432,10 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
L2CAP_LM_SECURE; L2CAP_LM_SECURE;
break; break;
case BT_SECURITY_FIPS:
opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
L2CAP_LM_SECURE | L2CAP_LM_FIPS;
break;
default: default:
opt = 0; opt = 0;
break; break;
...@@ -445,6 +449,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -445,6 +449,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
if (put_user(opt, (u32 __user *) optval)) if (put_user(opt, (u32 __user *) optval))
err = -EFAULT; err = -EFAULT;
break; break;
case L2CAP_CONNINFO: case L2CAP_CONNINFO:
...@@ -699,6 +704,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, ...@@ -699,6 +704,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
break; break;
} }
if (opt & L2CAP_LM_FIPS) {
err = -EINVAL;
break;
}
if (opt & L2CAP_LM_AUTH) if (opt & L2CAP_LM_AUTH)
chan->sec_level = BT_SECURITY_LOW; chan->sec_level = BT_SECURITY_LOW;
if (opt & L2CAP_LM_ENCRYPT) if (opt & L2CAP_LM_ENCRYPT)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册