[v4] Bluetooth: SMP: honor local MITM requirements for legacy pairing

[PATCH v4 0/2] Bluetooth: SMP: honor local MITM requirements for legacy pairing

Posted by Oleh Konko 20 hours ago

hi,

this v4 series follows up on Luiz's latest review direction.

1/2 moves the primary fix into smp_cmd_pairing_req(): when the local
side requires BT_SECURITY_HIGH, the responder first verifies that MITM
is achievable and then forces SMP_AUTH_MITM in the pairing response so
the responder auth bits and later method selection stay aligned.

2/2 keeps the stored legacy responder STK authentication bit tied to the
achieved MITM state rather than to pending_sec_level. that keeps the key
metadata consistent with the pairing result as defense in depth.

both patches carry Fixes and Cc: stable.

if anyone with recent Bluetooth qualification access can run this
against PTS as well, that would still be very helpful.

thanks,
Oleh

[PATCH v4 1/2] Bluetooth: SMP: force responder MITM requirements before building the pairing response
[PATCH v4 2/2] Bluetooth: SMP: derive legacy responder STK authentication from MITM state