You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by cc...@apache.org on 2016/12/13 03:08:40 UTC
[1/9] incubator-mynewt-core git commit: nimble/test: Fix expected
value in ble_sm_test_util_us_fail_inval
Repository: incubator-mynewt-core
Updated Branches:
refs/heads/develop 33bc18ef5 -> 7c218f67e
nimble/test: Fix expected value in ble_sm_test_util_us_fail_inval
Value from test def should be used, not hardcoded one.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/a3f6ea1d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/a3f6ea1d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/a3f6ea1d
Branch: refs/heads/develop
Commit: a3f6ea1de07e04e302dd442a6b72ecfdeb1aed49
Parents: 9faa191
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Sun Dec 11 23:44:02 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:53:31 2016 +0100
----------------------------------------------------------------------
net/nimble/host/test/src/ble_sm_test_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a3f6ea1d/net/nimble/host/test/src/ble_sm_test_util.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/test/src/ble_sm_test_util.c b/net/nimble/host/test/src/ble_sm_test_util.c
index 7f40ff9..faa38ff 100644
--- a/net/nimble/host/test/src/ble_sm_test_util.c
+++ b/net/nimble/host/test/src/ble_sm_test_util.c
@@ -2408,7 +2408,7 @@ ble_sm_test_util_us_fail_inval(struct ble_sm_test_params *params)
/* Receive a pair response from the peer. */
ble_sm_test_util_rx_pair_rsp(
- 2, ¶ms->pair_rsp, BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL));
+ 2, ¶ms->pair_rsp, BLE_HS_SM_US_ERR(params->pair_fail.reason));
TEST_ASSERT(!conn->bhc_sec_state.encrypted);
TEST_ASSERT(ble_sm_dbg_num_procs() == 0);
[7/9] incubator-mynewt-core git commit: nimble/sm: Improve pairing
req/rsp validation
Posted by cc...@apache.org.
nimble/sm: Improve pairing req/rsp validation
The "Invalid Parameters" error code is only valid if encryption key
size it larger than allowed maximum - if it is lower than supported
minimum key size, the error code shall be "Encryption Key Size".
Also we should accept pairing req/rsp in case either IO Capabilities
or OOB Flags are set to reserved values by forcing either Just Works
or discarding OOB Flags information respectively. This should allow
to handle pairing with future specs (if reserved values are used) and
is inline with other stacks (e.g. BlueZ, Zephyr).
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/3d129607
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/3d129607
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/3d129607
Branch: refs/heads/develop
Commit: 3d129607c9078bde96753208d35829e2c762e8ae
Parents: 9627249
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Tue Nov 22 21:09:22 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:47 2016 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_sm.c | 12 +++++++++---
net/nimble/host/src/ble_sm_cmd.c | 21 ---------------------
net/nimble/host/src/ble_sm_lgcy.c | 6 +++++-
net/nimble/host/src/ble_sm_sc.c | 6 +++++-
4 files changed, 19 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/3d129607/net/nimble/host/src/ble_sm.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm.c b/net/nimble/host/src/ble_sm.c
index 67e8728..d6527d4 100644
--- a/net/nimble/host/src/ble_sm.c
+++ b/net/nimble/host/src/ble_sm.c
@@ -1487,9 +1487,12 @@ ble_sm_pair_req_rx(uint16_t conn_handle, uint8_t op, struct os_mbuf **om,
if (conn->bhc_flags & BLE_HS_CONN_F_MASTER) {
res->sm_err = BLE_SM_ERR_CMD_NOT_SUPP;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_CMD_NOT_SUPP);
- } else if (!ble_sm_pair_cmd_is_valid(&req)) {
+ } else if (req.max_enc_key_size < BLE_SM_PAIR_KEY_SZ_MIN) {
+ res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
+ res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
+ } else if (req.max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
- res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
+ res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
} else {
res->execute = 1;
}
@@ -1520,7 +1523,10 @@ ble_sm_pair_rsp_rx(uint16_t conn_handle, uint8_t op, struct os_mbuf **om,
proc = ble_sm_proc_find(conn_handle, BLE_SM_PROC_STATE_PAIR, 1, &prev);
if (proc != NULL) {
proc->pair_rsp = rsp;
- if (!ble_sm_pair_cmd_is_valid(&rsp)) {
+ if (rsp.max_enc_key_size < BLE_SM_PAIR_KEY_SZ_MIN) {
+ res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
+ res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
+ } else if (rsp.max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
} else {
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/3d129607/net/nimble/host/src/ble_sm_cmd.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_cmd.c b/net/nimble/host/src/ble_sm_cmd.c
index e438c02..67fa1b0 100644
--- a/net/nimble/host/src/ble_sm_cmd.c
+++ b/net/nimble/host/src/ble_sm_cmd.c
@@ -90,26 +90,6 @@ ble_sm_pair_cmd_parse(void *payload, int len, struct ble_sm_pair_cmd *cmd)
cmd->resp_key_dist = u8ptr[5];
}
-int
-ble_sm_pair_cmd_is_valid(struct ble_sm_pair_cmd *cmd)
-{
- if (cmd->io_cap >= BLE_SM_IO_CAP_RESERVED) {
- return 0;
- }
-
- if (cmd->oob_data_flag >= BLE_SM_PAIR_OOB_RESERVED) {
- return 0;
- }
-
- if (cmd->max_enc_key_size < BLE_SM_PAIR_KEY_SZ_MIN ||
- cmd->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
-
- return 0;
- }
-
- return 1;
-}
-
void
ble_sm_pair_cmd_write(void *payload, int len, int is_req,
struct ble_sm_pair_cmd *cmd)
@@ -143,7 +123,6 @@ ble_sm_pair_cmd_tx(uint16_t conn_handle, int is_req,
ble_sm_pair_cmd_write(txom->om_data, txom->om_len, is_req, cmd);
BLE_SM_LOG_CMD(1, is_req ? "pair req" : "pair rsp", conn_handle,
ble_sm_pair_cmd_log, cmd);
- BLE_HS_DBG_ASSERT(ble_sm_pair_cmd_is_valid(cmd));
rc = ble_sm_tx(conn_handle, txom);
if (rc != 0) {
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/3d129607/net/nimble/host/src/ble_sm_lgcy.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_lgcy.c b/net/nimble/host/src/ble_sm_lgcy.c
index ddc666d..a77671e 100644
--- a/net/nimble/host/src/ble_sm_lgcy.c
+++ b/net/nimble/host/src/ble_sm_lgcy.c
@@ -65,12 +65,16 @@ ble_sm_lgcy_io_action(struct ble_sm_proc *proc)
{
int action;
- if (proc->pair_req.oob_data_flag && proc->pair_rsp.oob_data_flag) {
+ if (proc->pair_req.oob_data_flag == BLE_SM_PAIR_OOB_YES &&
+ proc->pair_rsp.oob_data_flag == BLE_SM_PAIR_OOB_YES) {
action = BLE_SM_IOACT_OOB;
} else if (!(proc->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_MITM) &&
!(proc->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_MITM)) {
action = BLE_SM_IOACT_NONE;
+ } else if (proc->pair_req.io_cap >= BLE_SM_IO_CAP_RESERVED ||
+ proc->pair_rsp.io_cap >= BLE_SM_IO_CAP_RESERVED) {
+ action = BLE_SM_IOACT_NONE;
} else if (proc->flags & BLE_SM_PROC_F_INITIATOR) {
action = ble_sm_lgcy_init_ioa[proc->pair_rsp.io_cap]
[proc->pair_req.io_cap];
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/3d129607/net/nimble/host/src/ble_sm_sc.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_sc.c b/net/nimble/host/src/ble_sm_sc.c
index 11b29a1..f8a6983 100644
--- a/net/nimble/host/src/ble_sm_sc.c
+++ b/net/nimble/host/src/ble_sm_sc.c
@@ -112,12 +112,16 @@ ble_sm_sc_io_action(struct ble_sm_proc *proc)
{
int action;
- if (proc->pair_req.oob_data_flag || proc->pair_rsp.oob_data_flag) {
+ if (proc->pair_req.oob_data_flag == BLE_SM_PAIR_OOB_YES ||
+ proc->pair_rsp.oob_data_flag == BLE_SM_PAIR_OOB_YES) {
action = BLE_SM_IOACT_OOB;
} else if (!(proc->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_MITM) &&
!(proc->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_MITM)) {
action = BLE_SM_IOACT_NONE;
+ } else if (proc->pair_req.io_cap >= BLE_SM_IO_CAP_RESERVED ||
+ proc->pair_rsp.io_cap >= BLE_SM_IO_CAP_RESERVED) {
+ action = BLE_SM_IOACT_NONE;
} else if (proc->flags & BLE_SM_PROC_F_INITIATOR) {
action = ble_sm_sc_init_ioa[proc->pair_rsp.io_cap]
[proc->pair_req.io_cap];
[4/9] incubator-mynewt-core git commit: bletiny: Add characteristic
with auth required permission
Posted by cc...@apache.org.
bletiny: Add characteristic with auth required permission
This is useful for e.g. testing with PTS - there are already two other
characteristics to read without security and with encryption required
only (i.e. unauthenticated pairing is enough).
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/6ef71974
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/6ef71974
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/6ef71974
Branch: refs/heads/develop
Commit: 6ef71974d9e1263309cb16874d622d1207541060
Parents: 838b53a
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Wed Nov 30 10:36:28 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:47 2016 +0100
----------------------------------------------------------------------
apps/bletiny/src/gatt_svr.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6ef71974/apps/bletiny/src/gatt_svr.c
----------------------------------------------------------------------
diff --git a/apps/bletiny/src/gatt_svr.c b/apps/bletiny/src/gatt_svr.c
index 6001a63..c21ca3c 100644
--- a/apps/bletiny/src/gatt_svr.c
+++ b/apps/bletiny/src/gatt_svr.c
@@ -52,6 +52,12 @@ const uint8_t gatt_svr_chr_sec_test_static_uuid[16] = {
0xe1, 0x45, 0x7e, 0x89, 0x9e, 0x65, 0x3a, 0x5c
};
+/* 5c3a659e-897e-45e1-b016-007107c96df8 */
+const uint8_t gatt_svr_chr_sec_test_static_auth_uuid[16] = {
+ 0xf8, 0x6d, 0xc9, 0x07, 0x71, 0x00, 0x16, 0xb0,
+ 0xe1, 0x45, 0x7e, 0x89, 0x9e, 0x65, 0x3a, 0x5c
+};
+
static uint8_t gatt_svr_sec_test_static_val;
static int
@@ -110,6 +116,11 @@ static const struct ble_gatt_svc_def gatt_svr_svcs[] = {
.flags = BLE_GATT_CHR_F_READ |
BLE_GATT_CHR_F_WRITE | BLE_GATT_CHR_F_WRITE_ENC,
}, {
+ /*** Characteristic: Static value. */
+ .uuid128 = gatt_svr_chr_sec_test_static_auth_uuid,
+ .access_cb = gatt_svr_chr_access_sec_test,
+ .flags = BLE_GATT_CHR_F_READ | BLE_GATT_CHR_F_READ_AUTHEN,
+ }, {
0, /* No more characteristics in this service. */
} },
},
@@ -235,7 +246,8 @@ gatt_svr_chr_access_sec_test(uint16_t conn_handle, uint16_t attr_handle,
return rc == 0 ? 0 : BLE_ATT_ERR_INSUFFICIENT_RES;
}
- if (memcmp(uuid128, gatt_svr_chr_sec_test_static_uuid, 16) == 0) {
+ if (memcmp(uuid128, gatt_svr_chr_sec_test_static_uuid, 16) == 0 ||
+ memcmp(uuid128, gatt_svr_chr_sec_test_static_auth_uuid, 16) == 0) {
switch (ctxt->op) {
case BLE_GATT_ACCESS_OP_READ_CHR:
rc = os_mbuf_append(ctxt->om, &gatt_svr_sec_test_static_val,
[6/9] incubator-mynewt-core git commit: nimble/sm: Fix obvious array
size mismatch
Posted by cc...@apache.org.
nimble/sm: Fix obvious array size mismatch
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/838b53a5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/838b53a5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/838b53a5
Branch: refs/heads/develop
Commit: 838b53a5c4712269edf3b747992fb8befa38412a
Parents: a034ac1
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Tue Nov 29 11:31:01 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:47 2016 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_sm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/838b53a5/net/nimble/host/src/ble_sm.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm.c b/net/nimble/host/src/ble_sm.c
index f42a54e..a49c3d2 100644
--- a/net/nimble/host/src/ble_sm.c
+++ b/net/nimble/host/src/ble_sm.c
@@ -498,7 +498,7 @@ ble_sm_persist_keys(struct ble_sm_proc *proc)
{
struct ble_store_value_sec value_sec;
struct ble_hs_conn *conn;
- uint8_t peer_addr[8];
+ uint8_t peer_addr[6];
uint8_t peer_addr_type;
int authenticated;
[3/9] incubator-mynewt-core git commit: nimble/test: Remove invalid
SM test cases
Posted by cc...@apache.org.
nimble/test: Remove invalid SM test cases
Test cases which check for pairing failing on reserved values are
invalid since reserved values shall be ignored as required by spec and
pairing shall succeed. These test cases will be replaced with ones that
check for pairing success when reserved bits are used.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/2e6367ca
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/2e6367ca
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/2e6367ca
Branch: refs/heads/develop
Commit: 2e6367caef814958f65a644c8d41df765ef98ece
Parents: c3f9aa1
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Sun Dec 11 23:47:48 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:43 2016 +0100
----------------------------------------------------------------------
net/nimble/host/test/src/ble_sm_test.c | 268 +---------------------------
1 file changed, 2 insertions(+), 266 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/2e6367ca/net/nimble/host/test/src/ble_sm_test.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/test/src/ble_sm_test.c b/net/nimble/host/test/src/ble_sm_test.c
index 5fd6c3d..0580821 100644
--- a/net/nimble/host/test/src/ble_sm_test.c
+++ b/net/nimble/host/test/src/ble_sm_test.c
@@ -188,78 +188,6 @@ TEST_CASE(ble_sm_test_case_peer_fail_inval)
} })
);
- /* Invalid IO capabiltiies. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x14,
- .oob_data_flag = 0,
- .authreq = 0x05,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_ENC_KEY_SZ,
- } })
- );
-
- /* Invalid OOB flag. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x04,
- .oob_data_flag = 2,
- .authreq = 0x05,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
- } })
- );
-
- /* Invalid authreq - reserved bonding flag. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x2,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
- } })
- );
-
- /* Invalid authreq - reserved other flag. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x20,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
- } })
- );
-
/* Invalid key size - too small. */
ble_sm_test_util_peer_fail_inval(
0,
@@ -274,7 +202,7 @@ TEST_CASE(ble_sm_test_case_peer_fail_inval)
.resp_key_dist = 0x07,
} }),
((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
+ .reason = BLE_SM_ERR_ENC_KEY_SZ,
} })
);
@@ -295,42 +223,6 @@ TEST_CASE(ble_sm_test_case_peer_fail_inval)
.reason = BLE_SM_ERR_INVAL,
} })
);
-
- /* Invalid init key dist. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x5,
- .max_enc_key_size = 16,
- .init_key_dist = 0x10,
- .resp_key_dist = 0x07,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
- } })
- );
-
- /* Invalid resp key dist. */
- ble_sm_test_util_peer_fail_inval(
- 0,
- ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
- ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
- ((struct ble_sm_pair_cmd[1]) { {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x5,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x10,
- } }),
- ((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
- } })
- );
}
TEST_CASE(ble_sm_test_case_peer_lgcy_fail_confirm)
@@ -436,110 +328,6 @@ TEST_CASE(ble_sm_test_case_us_fail_inval)
{
struct ble_sm_test_params params;
- /* Invalid IO capabiltiies. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x14,
- .oob_data_flag = 0,
- .authreq = 0x05,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_ENC_KEY_SZ,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
-
- /* Invalid OOB flag. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x14,
- .oob_data_flag = 2,
- .authreq = 0x05,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
-
- /* Invalid authreq - reserved bonding flag. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x02,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
-
- /* Invalid authreq - reserved other flag. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x20,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x07,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
-
/* Invalid key size - too small. */
params = (struct ble_sm_test_params) {
.init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
@@ -561,7 +349,7 @@ TEST_CASE(ble_sm_test_case_us_fail_inval)
.resp_key_dist = 0x07,
},
.pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
+ .reason = BLE_SM_ERR_ENC_KEY_SZ,
},
};
ble_sm_test_util_us_fail_inval(¶ms);
@@ -591,58 +379,6 @@ TEST_CASE(ble_sm_test_case_us_fail_inval)
},
};
ble_sm_test_util_us_fail_inval(¶ms);
-
- /* Invalid init key dist. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x05,
- .max_enc_key_size = 17,
- .init_key_dist = 0x10,
- .resp_key_dist = 0x07,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
-
- /* Invalid resp key dist. */
- params = (struct ble_sm_test_params) {
- .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
- .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
- .pair_req = (struct ble_sm_pair_cmd) {
- .io_cap = 3,
- .oob_data_flag = 0,
- .authreq = 0,
- .max_enc_key_size = 16,
- .init_key_dist = 0,
- .resp_key_dist = 0,
- },
- .pair_rsp = (struct ble_sm_pair_cmd) {
- .io_cap = 0x04,
- .oob_data_flag = 0,
- .authreq = 0x05,
- .max_enc_key_size = 16,
- .init_key_dist = 0x07,
- .resp_key_dist = 0x10,
- },
- .pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
- },
- };
- ble_sm_test_util_us_fail_inval(¶ms);
}
TEST_SUITE(ble_sm_gen_test_suite)
[9/9] incubator-mynewt-core git commit: This closes #130. Merge
remote-tracking branch 'andrzej-kaczmarek/nimble-fixing' into develop
Posted by cc...@apache.org.
This closes #130.
Merge remote-tracking branch 'andrzej-kaczmarek/nimble-fixing' into develop
* andrzej-kaczmarek/nimble-fixing:
bletiny: Add characteristic with auth required permission
nimble/sm: Fix obvious array size mismatch
nimble/sm: Use proper key size for encryption
nimble/sm: Improve pairing req/rsp validation
nimble/sm: Fix AuthReq/KeyDist validation in pairing req/rsp
nimble/test: Remove invalid SM test cases
nimble/test: Fix expected error for key size lower than minimum
nimble/test: Fix expected value in ble_sm_test_util_us_fail_inval
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/7c218f67
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/7c218f67
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/7c218f67
Branch: refs/heads/develop
Commit: 7c218f67ee8dcec6dd8fe755198793747bc282f4
Parents: 33bc18e 6ef7197
Author: Christopher Collins <cc...@apache.org>
Authored: Mon Dec 12 19:07:04 2016 -0800
Committer: Christopher Collins <cc...@apache.org>
Committed: Mon Dec 12 19:07:04 2016 -0800
----------------------------------------------------------------------
apps/bletiny/src/gatt_svr.c | 14 +-
net/nimble/host/src/ble_sm.c | 24 +-
net/nimble/host/src/ble_sm_cmd.c | 33 ---
net/nimble/host/src/ble_sm_lgcy.c | 11 +-
net/nimble/host/src/ble_sm_priv.h | 1 +
net/nimble/host/src/ble_sm_sc.c | 9 +-
net/nimble/host/test/src/ble_sm_test.c | 268 +----------------------
net/nimble/host/test/src/ble_sm_test_util.c | 2 +-
8 files changed, 52 insertions(+), 310 deletions(-)
----------------------------------------------------------------------
[5/9] incubator-mynewt-core git commit: nimble/sm: Fix
AuthReq/KeyDist validation in pairing req/rsp
Posted by cc...@apache.org.
nimble/sm: Fix AuthReq/KeyDist validation in pairing req/rsp
The reserved bits in AuthReq and key distribution flags shall be
ignored on reception thus non-zero values do not make pairing command
invalid. This is to ensure compatibility with future specs.
This fixes following PTS test cases for SM:
- TP/JW/BI-03-C
- TP/JW/BI-04-C
Reference:
Bluetooth Specification 4.2, Vol 3, Part H, Section 3.5.2
Bluetooth Specification 4.2, Vol 3, Part H, Section 3.6.1
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/9627249a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/9627249a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/9627249a
Branch: refs/heads/develop
Commit: 9627249a1fd3ce031fdca821646692adb9ebe31a
Parents: 2e6367c
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Tue Nov 15 22:56:02 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:47 2016 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_sm_cmd.c | 12 ------------
1 file changed, 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/9627249a/net/nimble/host/src/ble_sm_cmd.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_cmd.c b/net/nimble/host/src/ble_sm_cmd.c
index 34609c6..e438c02 100644
--- a/net/nimble/host/src/ble_sm_cmd.c
+++ b/net/nimble/host/src/ble_sm_cmd.c
@@ -101,24 +101,12 @@ ble_sm_pair_cmd_is_valid(struct ble_sm_pair_cmd *cmd)
return 0;
}
- if (cmd->authreq & BLE_SM_PAIR_AUTHREQ_RESERVED) {
- return 0;
- }
-
if (cmd->max_enc_key_size < BLE_SM_PAIR_KEY_SZ_MIN ||
cmd->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
return 0;
}
- if (cmd->init_key_dist & BLE_SM_PAIR_KEY_DIST_RESERVED) {
- return 0;
- }
-
- if (cmd->resp_key_dist & BLE_SM_PAIR_KEY_DIST_RESERVED) {
- return 0;
- }
-
return 1;
}
[2/9] incubator-mynewt-core git commit: nimble/test: Fix expected
error for key size lower than minimum
Posted by cc...@apache.org.
nimble/test: Fix expected error for key size lower than minimum
For key size lower than minimum, an "Encryption Key Size" error shall
be returned, not "Invalid Parameters".
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/c3f9aa19
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/c3f9aa19
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/c3f9aa19
Branch: refs/heads/develop
Commit: c3f9aa1968a483183de60ad9a8bf43545fa0c36a
Parents: a3f6ea1
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Sun Dec 11 23:46:14 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:38 2016 +0100
----------------------------------------------------------------------
net/nimble/host/test/src/ble_sm_test.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/c3f9aa19/net/nimble/host/test/src/ble_sm_test.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/test/src/ble_sm_test.c b/net/nimble/host/test/src/ble_sm_test.c
index a98f4bb..5fd6c3d 100644
--- a/net/nimble/host/test/src/ble_sm_test.c
+++ b/net/nimble/host/test/src/ble_sm_test.c
@@ -202,7 +202,7 @@ TEST_CASE(ble_sm_test_case_peer_fail_inval)
.resp_key_dist = 0x07,
} }),
((struct ble_sm_pair_fail[1]) { {
- .reason = BLE_SM_ERR_INVAL,
+ .reason = BLE_SM_ERR_ENC_KEY_SZ,
} })
);
@@ -457,7 +457,7 @@ TEST_CASE(ble_sm_test_case_us_fail_inval)
.resp_key_dist = 0x07,
},
.pair_fail = (struct ble_sm_pair_fail) {
- .reason = BLE_SM_ERR_INVAL,
+ .reason = BLE_SM_ERR_ENC_KEY_SZ,
},
};
ble_sm_test_util_us_fail_inval(¶ms);
[8/9] incubator-mynewt-core git commit: nimble/sm: Use proper key
size for encryption
Posted by cc...@apache.org.
nimble/sm: Use proper key size for encryption
This patch adds proper masking of STK/LTK keys depending on encryption
key size as defined in Bluetooth Specification 4.2, Vol 3, Part H,
Section 2.3.4.
This also fixes following PTS test cases for SM:
- TP/EKS/BV-01-C
- TP/EKS/BV-02-C
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/a034ac10
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/a034ac10
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/a034ac10
Branch: refs/heads/develop
Commit: a034ac10ac6b02413e47f8d74652c99eae3763c3
Parents: 3d12960
Author: Andrzej Kaczmarek <an...@codecoup.pl>
Authored: Tue Nov 22 23:46:31 2016 +0100
Committer: Andrzej Kaczmarek <an...@codecoup.pl>
Committed: Mon Dec 12 23:58:47 2016 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_sm.c | 10 ++++++++--
net/nimble/host/src/ble_sm_lgcy.c | 5 ++++-
net/nimble/host/src/ble_sm_priv.h | 1 +
net/nimble/host/src/ble_sm_sc.c | 3 +++
4 files changed, 16 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a034ac10/net/nimble/host/src/ble_sm.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm.c b/net/nimble/host/src/ble_sm.c
index d6527d4..f42a54e 100644
--- a/net/nimble/host/src/ble_sm.c
+++ b/net/nimble/host/src/ble_sm.c
@@ -314,11 +314,14 @@ ble_sm_gen_ltk(struct ble_sm_proc *proc, uint8_t *ltk)
}
#endif
- rc = ble_hs_hci_util_rand(ltk, 16);
+ rc = ble_hs_hci_util_rand(ltk, proc->key_size);
if (rc != 0) {
return rc;
}
+ /* Ensure proper key size */
+ memset(ltk + proc->key_size, 0, sizeof proc->ltk - proc->key_size);
+
return 0;
}
@@ -1377,6 +1380,9 @@ ble_sm_pair_cfg(struct ble_sm_proc *proc)
if (rx_key_dist & BLE_SM_PAIR_KEY_DIST_SIGN) {
proc->rx_key_flags |= BLE_SM_KE_F_SIGN_INFO;
}
+
+ proc->key_size = min(proc->pair_req.max_enc_key_size,
+ proc->pair_rsp.max_enc_key_size);
}
static void
@@ -1393,7 +1399,7 @@ ble_sm_pair_exec(struct ble_sm_proc *proc, struct ble_sm_result *res,
cmd.io_cap = ble_hs_cfg.sm_io_cap;
cmd.oob_data_flag = ble_hs_cfg.sm_oob_data_flag;
cmd.authreq = ble_sm_build_authreq();
- cmd.max_enc_key_size = 16;
+ cmd.max_enc_key_size = BLE_SM_PAIR_KEY_SZ_MAX;
if (is_req) {
cmd.init_key_dist = ble_hs_cfg.sm_our_key_dist;
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a034ac10/net/nimble/host/src/ble_sm_lgcy.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_lgcy.c b/net/nimble/host/src/ble_sm_lgcy.c
index a77671e..54a2ecb 100644
--- a/net/nimble/host/src/ble_sm_lgcy.c
+++ b/net/nimble/host/src/ble_sm_lgcy.c
@@ -181,7 +181,10 @@ ble_sm_gen_stk(struct ble_sm_proc *proc)
return rc;
}
- memcpy(proc->ltk, key, sizeof key);
+ memcpy(proc->ltk, key, proc->key_size);
+
+ /* Ensure proper key size */
+ memset(proc->ltk + proc->key_size, 0, sizeof key - proc->key_size);
return 0;
}
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a034ac10/net/nimble/host/src/ble_sm_priv.h
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_priv.h b/net/nimble/host/src/ble_sm_priv.h
index 7d96164..d75d475 100644
--- a/net/nimble/host/src/ble_sm_priv.h
+++ b/net/nimble/host/src/ble_sm_priv.h
@@ -257,6 +257,7 @@ struct ble_sm_proc {
uint8_t pair_alg;
uint8_t state;
uint8_t rx_key_flags;
+ uint8_t key_size;
struct ble_sm_pair_cmd pair_req;
struct ble_sm_pair_cmd pair_rsp;
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a034ac10/net/nimble/host/src/ble_sm_sc.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_sc.c b/net/nimble/host/src/ble_sm_sc.c
index f8a6983..6471607 100644
--- a/net/nimble/host/src/ble_sm_sc.c
+++ b/net/nimble/host/src/ble_sm_sc.c
@@ -440,6 +440,9 @@ ble_sm_sc_random_rx(struct ble_sm_proc *proc, struct ble_sm_result *res)
return;
}
+ /* Ensure proper key size */
+ memset(proc->ltk + proc->key_size, 0, sizeof proc->ltk - proc->key_size);
+
/* Ensure the ltk gets persisted when the pairing procedure succeeds. */
memcpy(proc->our_keys.ltk, proc->ltk, sizeof proc->our_keys.ltk);
proc->our_keys.ltk_valid = 1;