You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ry...@apache.org on 2019/06/18 15:30:23 UTC
[mynewt-nimble] branch master updated: nimble/gap: Fix for checking
sc only mode
This is an automated email from the ASF dual-hosted git repository.
rymek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new f8a8da8 nimble/gap: Fix for checking sc only mode
f8a8da8 is described below
commit f8a8da84ce4a057c75d37101d48d89634273055f
Author: Ćukasz Rymanowski <lu...@codecoup.pl>
AuthorDate: Tue Jun 18 11:54:20 2019 +0200
nimble/gap: Fix for checking sc only mode
When host is configure for SC only mode, make sure to reject pairing
when remote wants Legacy pairing.
This fixes GAP/SEC/SEM/BV-23-C and GAP/SEC/SEM/BV-24-C
---
nimble/host/src/ble_sm.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index 4ef5b76..b0eee86 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1723,6 +1723,21 @@ err:
}
}
+static bool
+ble_sm_verify_auth_requirements(uint8_t authreq)
+{
+ /* For now we check only SC only mode. I.e.: when remote indicates
+ * to not support SC pairing, let us make sure legacy pairing is supported
+ * on our side. If not, we can fail right away.
+ */
+ if (!(authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
+ if (MYNEWT_VAL(BLE_SM_LEGACY) == 0) {
+ return false;
+ }
+ }
+ return true;
+}
+
static void
ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
struct ble_sm_result *res)
@@ -1795,6 +1810,9 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
} else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
+ } else if (!ble_sm_verify_auth_requirements(req->authreq)) {
+ res->sm_err = BLE_SM_ERR_AUTHREQ;
+ res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
} else {
/* The request looks good. Precalculate our pairing response and
* determine some properties of the imminent link. We need this