michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Add BT_SMP_ENFORCE_MITM option

Browse source 
Having this option disabled, MITM flag state can be controlled by
bt_conn_security state. This option is enabled by default to not
change the current implementation behavior.
Related to SM/MAS/SCPK/BV-01-C.

Fixes #17463

Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
This commit is contained in:
Mariusz Skamra 2019-07-10 14:25:41 +02:00 committed by Johan Hedberg
commit 74dbd835c3
2 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
subsys/bluetooth/host/Kconfig
View file

@ -287,6 +287,14 @@ config BT_BONDABLE
Bonding flag in AuthReq of SMP Pairing Request/Response will be set Bonding flag in AuthReq of SMP Pairing Request/Response will be set
indicating the support for this mode. indicating the support for this mode.
config BT_SMP_ENFORCE_MITM
bool "Enforce MITM protection"
default y
help
With this option enabled, the Security Manager will set MITM option in
the Authentication Requirements Flags whenever local IO Capabilities
allow the generated key to be authenticated.
config BT_OOB_DATA_FIXED config BT_OOB_DATA_FIXED
bool "Use a fixed random number for LESC OOB pairing" bool "Use a fixed random number for LESC OOB pairing"
depends on BT_TESTING depends on BT_TESTING

12
subsys/bluetooth/host/smp.c
View file

@ -2306,7 +2306,7 @@ void bt_set_oob_data_flag(bool enable)
oobd_present = enable; oobd_present = enable;
} }
static u8_t get_auth(u8_t auth) static u8_t get_auth(struct bt_conn *conn, u8_t auth)
{ {
if (sc_supported) { if (sc_supported) {
auth &= BT_SMP_AUTH_MASK_SC; auth &= BT_SMP_AUTH_MASK_SC;
@ -2314,7 +2314,9 @@ static u8_t get_auth(u8_t auth)
auth &= BT_SMP_AUTH_MASK; auth &= BT_SMP_AUTH_MASK;
} }
if (get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) { if ((get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) ||
(!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
(conn->required_sec_level < BT_SECURITY_HIGH))) {
auth &= ~(BT_SMP_AUTH_MITM); auth &= ~(BT_SMP_AUTH_MITM);
} else { } else {
auth |= BT_SMP_AUTH_MITM; auth |= BT_SMP_AUTH_MITM;
@ -2397,7 +2399,7 @@ int bt_smp_send_security_req(struct bt_conn *conn)
} }
req = net_buf_add(req_buf, sizeof(*req)); req = net_buf_add(req_buf, sizeof(*req));
req->auth_req = get_auth(BT_SMP_AUTH_DEFAULT); req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);
/* SMP timer is not restarted for SecRequest so don't use smp_send */ /* SMP timer is not restarted for SecRequest so don't use smp_send */
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf); bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
@ -2440,7 +2442,7 @@ static u8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP; smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
rsp = (struct bt_smp_pairing *)&smp->prsp[1]; rsp = (struct bt_smp_pairing *)&smp->prsp[1];
rsp->auth_req = get_auth(req->auth_req); rsp->auth_req = get_auth(conn, req->auth_req);
rsp->io_capability = get_io_capa(); rsp->io_capability = get_io_capa();
rsp->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT : rsp->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
BT_SMP_OOB_NOT_PRESENT; BT_SMP_OOB_NOT_PRESENT;
@ -2576,7 +2578,7 @@ int bt_smp_send_pairing_req(struct bt_conn *conn)
req = net_buf_add(req_buf, sizeof(*req)); req = net_buf_add(req_buf, sizeof(*req));
req->auth_req = get_auth(BT_SMP_AUTH_DEFAULT); req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);
req->io_capability = get_io_capa(); req->io_capability = get_io_capa();
req->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT : req->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
BT_SMP_OOB_NOT_PRESENT; BT_SMP_OOB_NOT_PRESENT;