Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bluetooth: Add BT_SMP_ENFORCE_MITM option #17464

Merged
merged 1 commit into from Jul 11, 2019
Merged

Bluetooth: Add BT_SMP_ENFORCE_MITM option #17464

merged 1 commit into from Jul 11, 2019

Conversation

MariuszSkamra
Copy link
Collaborator

Having this option disabled, MITM flag state can be controlled by
bt_conn_security state. This option is enabled by default to not
change the current implementation behavior.
Related to SM/MAS/SCPK/BV-01-C.

Fixes #17463

@zephyrbot
Copy link
Collaborator

zephyrbot commented Jul 10, 2019
edited

All checks are passing now.

Review history of this comment for details about previous failed status.
Note that some checks might have not completed yet.

@MariuszSkamra MariuszSkamra requested a review from sjanc July 10, 2019 14:48
@jhedberg jhedberg added backport v1.14-branch bug The issue is a bug, or the PR is fixing a bug labels Jul 10, 2019
jhedberg
jhedberg approved these changes Jul 10, 2019
View reviewed changes
Copy link
Member

@jhedberg jhedberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will you also have a patch to update the tester app? If that's needed it might be easier (for the subsequent backport) to include them both in the same PR.

@MariuszSkamra
Copy link
Collaborator Author

Will you also have a patch to update the tester app? If that's needed it might be easier (for the subsequent backport) to include them both in the same PR.

I would wait with tester app PR for now. I think it will be necessary to modify btp documentation as well to add security level parameter to Opcode 0x11 - Pair command/response (or separate command). It's fixed now, set to BT_SECURITY_MEDIUM.

sjanc
sjanc approved these changes Jul 11, 2019
View reviewed changes
Copy link
Collaborator

@sjanc sjanc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeap, this is needed for manual testing only
we can think on how to extend btp when more tests will be added for autopts

joerchan
joerchan requested changes Jul 11, 2019
View reviewed changes
Copy link
Contributor

@joerchan joerchan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the addition of the mitm flag is required. When we receive a request we shouldn't let the peer's MITM flag say that we can we want MITM protection unless we can actually acheive it.
And when sending requests, we already check that the required sec_level can be acheived by checking the IO capabilites.
I think the BT_SMP_ENFORCE_MITM option should be the only change.

subsys/bluetooth/host/smp.c Outdated Show resolved Hide resolved
@MariuszSkamra
Bluetooth: Add BT_SMP_ENFORCE_MITM option
f3cc3b0 
Having this option disabled, MITM flag state can be controlled by
bt_conn_security state. This option is enabled by default to not
change the current implementation behavior.
Related to SM/MAS/SCPK/BV-01-C.

Fixes zephyrproject-rtos#17463

Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
@jhedberg jhedberg merged commit 74dbd83 into zephyrproject-rtos:master Jul 11, 2019
@backporting
Copy link

backporting bot commented Jul 11, 2019

The backport to v1.14-branch failed:

Commits ["f3cc3b038837207b278ac173efb269bc5f501929"] could not be cherry-picked on top of v1.14-branch

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub.
git fetch
# Create new working tree.
git worktree add .worktrees/backport v1.14-branch
# Navigate to the new directory.
cd .worktrees/backport
# Cherry-pick all the commits of this pull request and resolve the likely conflicts.
git cherry-pick f3cc3b038837207b278ac173efb269bc5f501929
# Create a new branch with these backported commits.
git checkout -b backport-17464-to-v1.14-branch
# Push it to GitHub.
git push --set-upstream origin backport-17464-to-v1.14-branch
# Go back to the original working tree.
cd ../..
# Delete the working tree.
git worktree remove .worktrees/backport

Then, create a pull request where the base branch is v1.14-branch and the compare/head branch is backport-17464-to-v1.14-branch.

@jhedberg jhedberg mentioned this pull request Jul 11, 2019
Closed
@joerchan joerchan mentioned this pull request Aug 8, 2019
Merged
@MariuszSkamra MariuszSkamra deleted the enforce_mitm branch July 22, 2022 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhedberg jhedberg jhedberg approved these changes

@joerchan joerchan joerchan approved these changes

@sjanc sjanc sjanc approved these changes

@Vudentz Vudentz Awaiting requested review from Vudentz

Assignees
No one assigned
Labels
area: Bluetooth bug The issue is a bug, or the PR is fixing a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bluetooth: API limits usage of MITM flags in Pairing Request
5 participants
@MariuszSkamra @zephyrbot @jhedberg @joerchan @sjanc