From 06be53208f7dcf78bc74bdb88614001f067c4b49 Mon Sep 17 00:00:00 2001 From: Szymon Janc Date: Thu, 20 Oct 2016 22:14:49 +0200 Subject: [PATCH] shared/att: Fix handling 'Insufficent Authentication' error respone >From Core Specification 4.2 Vol.3 Part C (page 375): When the link is not encrypted, the error code "Insufficient Authentication" does not indicate that MITM protection is required. When unauthenticated pairing has occurred and the link is currently encrypted, the error code "Insufficient Authentication" indicates that MITM protection is required. If LE Secure Connections authenticated pairing is required but LE legacy pairing has occurred and the link is currently encrypted, the service request shall be rejected with the error code "Insufficient Authentication". --- src/shared/att.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/shared/att.c b/src/shared/att.c index f1e0f5922..3071b51b8 100644 --- a/src/shared/att.c +++ b/src/shared/att.c @@ -603,13 +603,20 @@ static bool change_security(struct bt_att *att, uint8_t ecode) security = bt_att_get_security(att); if (ecode == BT_ATT_ERROR_INSUFFICIENT_ENCRYPTION && - security < BT_ATT_SECURITY_MEDIUM) + security < BT_ATT_SECURITY_MEDIUM) { security = BT_ATT_SECURITY_MEDIUM; - else if (ecode == BT_ATT_ERROR_AUTHENTICATION && - security < BT_ATT_SECURITY_HIGH) - security = BT_ATT_SECURITY_HIGH; - else + } else if (ecode == BT_ATT_ERROR_AUTHENTICATION) { + if (security < BT_ATT_SECURITY_MEDIUM) + security = BT_ATT_SECURITY_MEDIUM; + else if (security < BT_ATT_SECURITY_HIGH) + security = BT_ATT_SECURITY_HIGH; + else if (security < BT_ATT_SECURITY_FIPS) + security = BT_ATT_SECURITY_FIPS; + else + return false; + } else { return false; + } return bt_att_set_security(att, security); } -- 2.47.3