Bluetooth: Add BT_SMP_ENFORCE_MITM option

Having this option disabled, MITM flag state can be controlled by bt_conn_security state. This option is enabled by default to not change the current implementation behavior. Related to SM/MAS/SCPK/BV-01-C. Fixes #17463 Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
2019-07-10 14:25:41 +02:00 · 2019-07-10 14:25:41 +02:00 · 74dbd835c3
commit 74dbd835c3
parent 6bdb1b8b60
2 changed files with 15 additions and 5 deletions
--- a/subsys/bluetooth/host/Kconfig
+++ b/subsys/bluetooth/host/Kconfig
@ -287,6 +287,14 @@ config BT_BONDABLE
 	  Bonding flag in AuthReq of SMP Pairing Request/Response will be set
 	  indicating the support for this mode.

+config BT_SMP_ENFORCE_MITM
+	bool "Enforce MITM protection"
+	default y
+	help
+	  With this option enabled, the Security Manager will set MITM option in
+	  the Authentication Requirements Flags whenever local IO Capabilities
+	  allow the generated key to be authenticated.
+
 config BT_OOB_DATA_FIXED
 	bool "Use a fixed random number for LESC OOB pairing"
 	depends on BT_TESTING
--- a/subsys/bluetooth/host/smp.c
+++ b/subsys/bluetooth/host/smp.c
@ -2306,7 +2306,7 @@ void bt_set_oob_data_flag(bool enable)
 	oobd_present = enable;
 }

-static u8_t get_auth(u8_t auth)
+static u8_t get_auth(struct bt_conn *conn, u8_t auth)
 {
 	if (sc_supported) {
 		auth &= BT_SMP_AUTH_MASK_SC;
@ -2314,7 +2314,9 @@ static u8_t get_auth(u8_t auth)
 		auth &= BT_SMP_AUTH_MASK;
 	}

-	if (get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) {
+	if ((get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) ||
+	    (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) &&
+	    (conn->required_sec_level < BT_SECURITY_HIGH))) {
 		auth &= ~(BT_SMP_AUTH_MITM);
 	} else {
 		auth |= BT_SMP_AUTH_MITM;
@ -2397,7 +2399,7 @@ int bt_smp_send_security_req(struct bt_conn *conn)
 	}

 	req = net_buf_add(req_buf, sizeof(*req));
-	req->auth_req = get_auth(BT_SMP_AUTH_DEFAULT);
+	req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);

 	/* SMP timer is not restarted for SecRequest so don't use smp_send */
 	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
@ -2440,7 +2442,7 @@ static u8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
 	smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
 	rsp = (struct bt_smp_pairing *)&smp->prsp[1];

-	rsp->auth_req = get_auth(req->auth_req);
+	rsp->auth_req = get_auth(conn, req->auth_req);
 	rsp->io_capability = get_io_capa();
 	rsp->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
 				       BT_SMP_OOB_NOT_PRESENT;
@ -2576,7 +2578,7 @@ int bt_smp_send_pairing_req(struct bt_conn *conn)

 	req = net_buf_add(req_buf, sizeof(*req));

-	req->auth_req = get_auth(BT_SMP_AUTH_DEFAULT);
+	req->auth_req = get_auth(conn, BT_SMP_AUTH_DEFAULT);
 	req->io_capability = get_io_capa();
 	req->oob_flag = oobd_present ? BT_SMP_OOB_PRESENT :
 				       BT_SMP_OOB_NOT_PRESENT;