From a2531e1622e881c6ed285561f5aaa1f15201578c Mon Sep 17 00:00:00 2001
From: Joakim Andersson <joakim.andersson@nordicsemi.no>
Date: Wed, 31 Jul 2019 15:33:36 +0200
Subject: [PATCH] Bluetooth: SMP: MITM security possible without IO when OOB
 data present

Allow Security level HIGH and FIPS to be initiated when we have received
OOB data for the remote device. The security property of MITM is allowed
if out of band authentication data is available.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
---
 subsys/bluetooth/host/smp.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c
index 40ef8d77b5c..f2e08160c7d 100644
--- a/subsys/bluetooth/host/smp.c
+++ b/subsys/bluetooth/host/smp.c
@@ -2338,9 +2338,12 @@ static bool sec_level_reachable(struct bt_conn *conn)
 	case BT_SECURITY_MEDIUM:
 		return true;
 	case BT_SECURITY_HIGH:
-		return get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT;
+		return get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT ||
+		       (bt_auth && bt_auth->oob_data_request && oobd_present);
 	case BT_SECURITY_FIPS:
-		return get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT &&
+		return (get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT ||
+			(bt_auth && bt_auth->oob_data_request &&
+			 oobd_present)) &&
 		       sc_supported;
 	default:
 		return false;