From 0e4561bed2bb6b85a6c8aba70acbdacc3f3f430b Mon Sep 17 00:00:00 2001 From: Lyle Zhu Date: Fri, 20 Sep 2024 18:57:31 +0800 Subject: [PATCH] Bluetooth: SSP: No MITM if required level is less than L3 Regardless IO capabilities, clear MITM flag for pairing initiator if the required security level is less than BT_SECURITY_L3. Signed-off-by: Lyle Zhu --- subsys/bluetooth/host/classic/ssp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/subsys/bluetooth/host/classic/ssp.c b/subsys/bluetooth/host/classic/ssp.c index 124ee1fe87ba25..255853ec18f935 100644 --- a/subsys/bluetooth/host/classic/ssp.c +++ b/subsys/bluetooth/host/classic/ssp.c @@ -631,6 +631,9 @@ void bt_hci_io_capa_resp(struct net_buf *buf) /* Clear Bonding flag */ #define BT_HCI_SET_NO_BONDING(auth) ((auth) & 0x01) +/* Clear MITM flag */ +#define BT_HCI_SET_NO_MITM(auth) ((auth) & (~0x01)) + void bt_hci_io_capa_req(struct net_buf *buf) { struct bt_hci_evt_io_capa_req *evt = (void *)buf->data; @@ -675,6 +678,11 @@ void bt_hci_io_capa_req(struct net_buf *buf) auth = BT_HCI_DEDICATED_BONDING; } } + + if (conn->required_sec_level < BT_SECURITY_L3) { + /* If security level less than L3, clear MITM flag. */ + auth = BT_HCI_SET_NO_MITM(auth); + } } else { auth = ssp_get_auth(conn); }