You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ja...@apache.org on 2022/04/13 08:41:16 UTC
[mynewt-nimble] branch master updated: host/ble_att_srv: security check for notifications/indications
This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new 39dcd34d host/ble_att_srv: security check for notifications/indications
39dcd34d is described below
commit 39dcd34def1447fdd62cbd4b1f01c31fce21acfa
Author: Krzysztof Kopyściński <kr...@codecoup.pl>
AuthorDate: Mon Mar 28 08:33:15 2022 +0200
host/ble_att_srv: security check for notifications/indications
According to Core Specification Version 5.3, Vol 3, Part C
10.3.2.2: " Any notifications received before the security requirements
are met shall be ignored. Any indications received before the security
requirements are met shall be confirmed and then discarded. When a
client reconnects to a server and expects to receive indications or
notifications for which security is required, the client shall enable
encryption with the server."
---
nimble/host/src/ble_att_svr.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/nimble/host/src/ble_att_svr.c b/nimble/host/src/ble_att_svr.c
index 73e258de..272fc567 100644
--- a/nimble/host/src/ble_att_svr.c
+++ b/nimble/host/src/ble_att_svr.c
@@ -2472,6 +2472,7 @@ ble_att_svr_rx_notify(uint16_t conn_handle, struct os_mbuf **rxom)
#endif
struct ble_att_notify_req *req;
+ struct ble_gap_sec_state sec_state;
uint16_t handle;
int rc;
@@ -2488,6 +2489,15 @@ ble_att_svr_rx_notify(uint16_t conn_handle, struct os_mbuf **rxom)
return BLE_HS_EBADDATA;
}
+ ble_att_svr_get_sec_state(conn_handle, &sec_state);
+
+ /* All indications shall be confirmed, but only these with required
+ * security established shall be pass to application
+ */
+ if (MYNEWT_VAL(BLE_SM_SC_LVL) >= 2 && !sec_state.encrypted) {
+ return 0;
+ }
+
/* Strip the request base from the front of the mbuf. */
os_mbuf_adj(*rxom, sizeof(*req));
@@ -2537,6 +2547,7 @@ ble_att_svr_rx_indicate(uint16_t conn_handle, struct os_mbuf **rxom)
#endif
struct ble_att_indicate_req *req;
+ struct ble_gap_sec_state sec_state;
struct os_mbuf *txom;
uint16_t handle;
uint8_t att_err;
@@ -2569,6 +2580,15 @@ ble_att_svr_rx_indicate(uint16_t conn_handle, struct os_mbuf **rxom)
goto done;
}
+ ble_att_svr_get_sec_state(conn_handle, &sec_state);
+
+ /* All indications shall be confirmed, but only these with required
+ * security established shall be pass to application
+ */
+ if (MYNEWT_VAL(BLE_SM_SC_LVL) >= 2 && !sec_state.encrypted) {
+ goto done;
+ }
+
/* Strip the request base from the front of the mbuf. */
os_mbuf_adj(*rxom, sizeof(*req));