You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ja...@apache.org on 2022/06/29 11:53:44 UTC
[mynewt-nimble] 02/02: nimble/host/sm: check for SC in ble_sm_pair_req_rx if BLE_SM_SC_ONLY
This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
commit e72da3a70b036bbcdc78461f3963edaf80f5885a
Author: Krzysztof Kopyściński <kr...@codecoup.pl>
AuthorDate: Fri Jun 24 07:59:02 2022 +0200
nimble/host/sm: check for SC in ble_sm_pair_req_rx if BLE_SM_SC_ONLY
For BLE_SM_SC_ONLY mode it's mandatory to use SC.
---
nimble/host/src/ble_sm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index fa14a367..7a0864f4 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1832,10 +1832,12 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
} else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
- } else if (MYNEWT_VAL(BLE_SM_SC_ONLY) && (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX)) {
+ } else if (MYNEWT_VAL(BLE_SM_SC_ONLY) && (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX) &&
+ !(req->authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
/* Fail if Secure Connections Only mode is on and remote does not meet
- * key size requirements - MITM was checked in last step
- */
+ * key size requirements - MITM was checked in last step. Fail if SC is not supported
+ * by peer.
+ */
res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
} else if (!ble_sm_verify_auth_requirements(req->authreq)) {