Bluetooth: Fix redundant encryption when receiving Security Request

If we're already encrypted with a good enough LTK we should just ignore
an incoming SMP Security Request. The code was already taking care of
this in the smp_conn_security function before calling smp_ltk_encrypt
but failed to do the same in smp_cmd_security_req. This patch fixes the
issue by moving up the smp_sufficient_security function and using it in
the Security Request handler before trying to request encryption.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Rupesh Tatiya <rtatiya@codeaurora.org>

1 files changed, 21 insertions, 1 deletions

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index b5562abdd..c58e2757d 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -730,16 +730,36 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
 	return 1;
 
 }
+bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
+{
+	if (sec_level == BT_SECURITY_LOW) {
+		BT_INFO("TRUE:(sec_level == BT_SECURITY_LOW)");
+		return true;
+	}
+	if (hcon->sec_level >= sec_level) {
+		BT_INFO("TRUE:(hcon->sec_level >= sec_level)");
+		return true;
+	}
+	BT_INFO("return false");
+	return false;
+}
+
 static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
 {
 	struct smp_cmd_security_req *rp = (void *) skb->data;
 	struct smp_cmd_pairing cp;
 	struct hci_conn *hcon = conn->hcon;
 	struct smp_chan *smp;
+	u8 sec_level;
 
 	BT_DBG("conn %p", conn);
 
-	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
+	sec_level = authreq_to_seclevel(rp->auth_req);
+	if (smp_sufficient_security(hcon, sec_level))
+		return 0;
+
+	if (sec_level > hcon->pending_sec_level)
+		hcon->pending_sec_level = sec_level;
 
 	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
 		return 0;