diff options
| author | Archie Pusaka <apusaka@chromium.org> | 2020-07-23 00:20:33 +0800 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2020-07-23 09:42:26 -0700 |
| commit | 0fe6813888ad2c46b98ac4d40673273b68d79052 (patch) | |
| tree | 867c2127bcfd0346b27ff7e5eed126a8c5513936 /profiles/input | |
| parent | ae39716c5f7944dfcaf08c16f1be9eb17dd65809 (diff) | |
| download | bluez-0fe6813888ad2c46b98ac4d40673273b68d79052.tar.gz | |
input: encrypt on receive conn req if classic_bonded_only
According to bluetooth HID1.1 spec, section 5.4.3.5.3:
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Response with a result code of “Connection Successful”
(0x0000) after an L2CAP Connect Request is received.
This patch raises the security level to medium when listening for
incoming connection if the flag classic_bonded_only is set,
effectively starting encryption.
Diffstat (limited to 'profiles/input')
| -rw-r--r-- | profiles/input/device.c | 5 | ||||
| -rw-r--r-- | profiles/input/device.h | 1 | ||||
| -rw-r--r-- | profiles/input/server.c | 6 |
3 files changed, 10 insertions, 2 deletions
diff --git a/profiles/input/device.c b/profiles/input/device.c index 9f89f4459..6ec0a4c63 100644 --- a/profiles/input/device.c +++ b/profiles/input/device.c @@ -109,6 +109,11 @@ void input_set_classic_bonded_only(bool state) classic_bonded_only = state; } +bool input_get_classic_bonded_only(void) +{ + return classic_bonded_only; +} + static void input_device_enter_reconnect_mode(struct input_device *idev); static int connection_disconnect(struct input_device *idev, uint32_t flags); diff --git a/profiles/input/device.h b/profiles/input/device.h index 5a077f92a..f61e8a558 100644 --- a/profiles/input/device.h +++ b/profiles/input/device.h @@ -30,6 +30,7 @@ struct input_conn; void input_set_idle_timeout(int timeout); void input_enable_userspace_hid(bool state); void input_set_classic_bonded_only(bool state); +bool input_get_classic_bonded_only(void); void input_set_auto_sec(bool state); int input_device_register(struct btd_service *service); diff --git a/profiles/input/server.c b/profiles/input/server.c index f2c8c0f70..2bd5e92e4 100644 --- a/profiles/input/server.c +++ b/profiles/input/server.c @@ -283,6 +283,8 @@ int server_start(const bdaddr_t *src) { struct input_server *server; GError *err = NULL; + BtIOSecLevel sec_level = input_get_classic_bonded_only() ? + BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW; server = g_new0(struct input_server, 1); bacpy(&server->src, src); @@ -291,7 +293,7 @@ int server_start(const bdaddr_t *src) server, NULL, &err, BT_IO_OPT_SOURCE_BDADDR, src, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL, - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW, + BT_IO_OPT_SEC_LEVEL, sec_level, BT_IO_OPT_INVALID); if (!server->ctrl) { error("Failed to listen on control channel"); @@ -304,7 +306,7 @@ int server_start(const bdaddr_t *src) server, NULL, &err, BT_IO_OPT_SOURCE_BDADDR, src, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR, - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW, + BT_IO_OPT_SEC_LEVEL, sec_level, BT_IO_OPT_INVALID); if (!server->intr) { error("Failed to listen on interrupt channel"); |