nimble/host: Fix MITM vulnerability during public key exchange in secure connection

commit: 6bb3c0c66839b6422e7eeb69f56733dcaa4b656b [log] [tgz]
author: Prasad Alatkar <prasad.alatkar@espressif.com> Wed Apr 14 20:55:41 2021 +0530
committer: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl> Thu May 06 13:19:27 2021 +0200
tree: e7ee361021b11a15aa05605b3e65ad4b9dafd9a4
parent: 68c259464a36b0609fe0e0fbdf13efa160d9820c [diff]
diff --git a/nimble/host/src/ble_sm_sc.c b/nimble/host/src/ble_sm_sc.c
index 7fae5b1..162a4a2 100644
--- a/nimble/host/src/ble_sm_sc.c
+++ b/nimble/host/src/ble_sm_sc.c

@@ -612,6 +612,13 @@
     }
 
     cmd = (struct ble_sm_public_key *)(*om)->om_data;
+    /* Check if the peer public key is same as our generated public key.
+     * Return fail if the public keys match. */
+    if (memcmp(cmd, ble_sm_sc_pub_key, 64) == 0) {
+        res->enc_cb = 1;
+        res->sm_err = BLE_SM_ERR_AUTHREQ;
+        return;
+    }
 
     ble_hs_lock();
     proc = ble_sm_proc_find(conn_handle, BLE_SM_PROC_STATE_PUBLIC_KEY, -1,
commit	6bb3c0c66839b6422e7eeb69f56733dcaa4b656b	[log] [tgz]
author	Prasad Alatkar <prasad.alatkar@espressif.com>	Wed Apr 14 20:55:41 2021 +0530
committer	Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>	Thu May 06 13:19:27 2021 +0200
tree	e7ee361021b11a15aa05605b3e65ad4b9dafd9a4
parent	68c259464a36b0609fe0e0fbdf13efa160d9820c [diff]