You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ry...@apache.org on 2019/06/18 15:30:23 UTC

[mynewt-nimble] branch master updated: nimble/gap: Fix for checking sc only mode

This is an automated email from the ASF dual-hosted git repository.

rymek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git


The following commit(s) were added to refs/heads/master by this push:
     new f8a8da8  nimble/gap: Fix for checking sc only mode
f8a8da8 is described below

commit f8a8da84ce4a057c75d37101d48d89634273055f
Author: Ɓukasz Rymanowski <lu...@codecoup.pl>
AuthorDate: Tue Jun 18 11:54:20 2019 +0200

    nimble/gap: Fix for checking sc only mode
    
    When host is configure for SC only mode, make sure to reject pairing
    when remote wants Legacy pairing.
    
    This fixes GAP/SEC/SEM/BV-23-C and GAP/SEC/SEM/BV-24-C
---
 nimble/host/src/ble_sm.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index 4ef5b76..b0eee86 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1723,6 +1723,21 @@ err:
     }
 }
 
+static bool
+ble_sm_verify_auth_requirements(uint8_t authreq)
+{
+    /* For now we check only SC only mode. I.e.: when remote indicates
+     * to not support SC pairing, let us make sure legacy pairing is supported
+     * on our side. If not, we can fail right away.
+     */
+    if (!(authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
+        if (MYNEWT_VAL(BLE_SM_LEGACY) == 0) {
+            return false;
+        }
+    }
+    return true;
+}
+
 static void
 ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
                    struct ble_sm_result *res)
@@ -1795,6 +1810,9 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
         } else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
             res->sm_err = BLE_SM_ERR_INVAL;
             res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
+        } else if (!ble_sm_verify_auth_requirements(req->authreq)) {
+            res->sm_err = BLE_SM_ERR_AUTHREQ;
+            res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
         } else {
             /* The request looks good.  Precalculate our pairing response and
              * determine some properties of the imminent link.  We need this