Linux-Bluetooth Archive on
 help / color / Atom feed
From: Archie Pusaka <>
To: linux-bluetooth <>,
	Luiz Augusto von Dentz <>
Cc: CrosBT Upstreaming <>,
	Archie Pusaka <>,
	Alain Michaud <>
Subject: [Bluez PATCH v1 2/2] input: encrypt on receive conn req if classic_bonded_only
Date: Thu, 23 Jul 2020 00:20:33 +0800
Message-ID: <20200723002022.Bluez.v1.2.If59e157d622b3f90c4b92919567a4662a2137806@changeid> (raw)
In-Reply-To: <20200723002022.Bluez.v1.1.I45e09d196073f099e1b67d2d69efd5cd20237ad1@changeid>

From: Archie Pusaka <>

According to bluetooth HID1.1 spec, section
If the Bluetooth HID Host is bonded to a Bluetooth HID device:
If encryption is not already enabled, the Bluetooth HID Host shall
enable encryption with the Bluetooth HID device before sending an
L2CAP Connect Response with a result code of “Connection Successful”
(0x0000) after an L2CAP Connect Request is received.

This patch raises the security level to medium when listening for
incoming connection if the flag classic_bonded_only is set,
effectively starting encryption.

Reviewed-by: Alain Michaud <>

 profiles/input/device.c | 5 +++++
 profiles/input/device.h | 1 +
 profiles/input/server.c | 6 ++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 9f89f4459..6ec0a4c63 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -109,6 +109,11 @@ void input_set_classic_bonded_only(bool state)
 	classic_bonded_only = state;
+bool input_get_classic_bonded_only(void)
+	return classic_bonded_only;
 static void input_device_enter_reconnect_mode(struct input_device *idev);
 static int connection_disconnect(struct input_device *idev, uint32_t flags);
diff --git a/profiles/input/device.h b/profiles/input/device.h
index 5a077f92a..f61e8a558 100644
--- a/profiles/input/device.h
+++ b/profiles/input/device.h
@@ -30,6 +30,7 @@ struct input_conn;
 void input_set_idle_timeout(int timeout);
 void input_enable_userspace_hid(bool state);
 void input_set_classic_bonded_only(bool state);
+bool input_get_classic_bonded_only(void);
 void input_set_auto_sec(bool state);
 int input_device_register(struct btd_service *service);
diff --git a/profiles/input/server.c b/profiles/input/server.c
index f2c8c0f70..2bd5e92e4 100644
--- a/profiles/input/server.c
+++ b/profiles/input/server.c
@@ -283,6 +283,8 @@ int server_start(const bdaddr_t *src)
 	struct input_server *server;
 	GError *err = NULL;
+	BtIOSecLevel sec_level = input_get_classic_bonded_only() ?
 	server = g_new0(struct input_server, 1);
 	bacpy(&server->src, src);
@@ -291,7 +293,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 	if (!server->ctrl) {
 		error("Failed to listen on control channel");
@@ -304,7 +306,7 @@ int server_start(const bdaddr_t *src)
 				server, NULL, &err,
+				BT_IO_OPT_SEC_LEVEL, sec_level,
 	if (!server->intr) {
 		error("Failed to listen on interrupt channel");

  reply index

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-22 16:20 [Bluez PATCH v1 1/2] input: authenticate when connecting to a bonded device Archie Pusaka
2020-07-22 16:20 ` Archie Pusaka [this message]
2020-07-23 16:43 ` Luiz Augusto von Dentz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200723002022.Bluez.v1.2.If59e157d622b3f90c4b92919567a4662a2137806@changeid \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Bluetooth Archive on

Archives are clonable:
	git clone --mirror linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ \
	public-inbox-index linux-bluetooth

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone