You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ja...@apache.org on 2022/06/29 11:53:42 UTC
[mynewt-nimble] branch master updated (55f1818d -> e72da3a7)
This is an automated email from the ASF dual-hosted git repository.
janc pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
from 55f1818d ble_conn: fix auth_pyld_timer memleak
new acaa9351 nimble/host/sm: rename BLE_SM_SC_LVL to BLE_SM_LVL
new e72da3a7 nimble/host/sm: check for SC in ble_sm_pair_req_rx if BLE_SM_SC_ONLY
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
nimble/host/src/ble_att_svr.c | 4 ++--
nimble/host/src/ble_sm.c | 14 ++++++++------
nimble/host/syscfg.yml | 5 +++--
porting/examples/linux/include/syscfg/syscfg.h | 4 ++--
porting/examples/linux_blemesh/include/syscfg/syscfg.h | 4 ++--
porting/examples/nuttx/include/syscfg/syscfg.h | 4 ++--
porting/nimble/include/syscfg/syscfg.h | 4 ++--
porting/npl/riot/include/syscfg/syscfg.h | 4 ++--
8 files changed, 23 insertions(+), 20 deletions(-)
[mynewt-nimble] 02/02: nimble/host/sm: check for SC in ble_sm_pair_req_rx if BLE_SM_SC_ONLY
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
commit e72da3a70b036bbcdc78461f3963edaf80f5885a
Author: Krzysztof Kopyściński <kr...@codecoup.pl>
AuthorDate: Fri Jun 24 07:59:02 2022 +0200
nimble/host/sm: check for SC in ble_sm_pair_req_rx if BLE_SM_SC_ONLY
For BLE_SM_SC_ONLY mode it's mandatory to use SC.
---
nimble/host/src/ble_sm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index fa14a367..7a0864f4 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1832,10 +1832,12 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
} else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
- } else if (MYNEWT_VAL(BLE_SM_SC_ONLY) && (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX)) {
+ } else if (MYNEWT_VAL(BLE_SM_SC_ONLY) && (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX) &&
+ !(req->authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
/* Fail if Secure Connections Only mode is on and remote does not meet
- * key size requirements - MITM was checked in last step
- */
+ * key size requirements - MITM was checked in last step. Fail if SC is not supported
+ * by peer.
+ */
res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
} else if (!ble_sm_verify_auth_requirements(req->authreq)) {
[mynewt-nimble] 01/02: nimble/host/sm: rename BLE_SM_SC_LVL to BLE_SM_LVL
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
commit acaa9351b1d8f58e25e014d61cc826df74c9991e
Author: Krzysztof Kopyściński <kr...@codecoup.pl>
AuthorDate: Fri Jun 24 07:25:58 2022 +0200
nimble/host/sm: rename BLE_SM_SC_LVL to BLE_SM_LVL
This rename makes it consistent with Core specification Vol. 3,
part C, 10.2.1 LE security mode 1. This level specifies security
requirements for both SC and legacy pairing, not only SC.
Updated description of this setting.
---
nimble/host/src/ble_att_svr.c | 4 ++--
nimble/host/src/ble_sm.c | 6 +++---
nimble/host/syscfg.yml | 5 +++--
porting/examples/linux/include/syscfg/syscfg.h | 4 ++--
porting/examples/linux_blemesh/include/syscfg/syscfg.h | 4 ++--
porting/examples/nuttx/include/syscfg/syscfg.h | 4 ++--
porting/nimble/include/syscfg/syscfg.h | 4 ++--
porting/npl/riot/include/syscfg/syscfg.h | 4 ++--
8 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/nimble/host/src/ble_att_svr.c b/nimble/host/src/ble_att_svr.c
index 0a03bcd3..1f97f82e 100644
--- a/nimble/host/src/ble_att_svr.c
+++ b/nimble/host/src/ble_att_svr.c
@@ -2500,7 +2500,7 @@ ble_att_svr_rx_notify(uint16_t conn_handle, struct os_mbuf **rxom)
/* All indications shall be confirmed, but only these with required
* security established shall be pass to application
*/
- if (MYNEWT_VAL(BLE_SM_SC_LVL) >= 2 && !sec_state.encrypted) {
+ if (MYNEWT_VAL(BLE_SM_LVL) >= 2 && !sec_state.encrypted) {
return 0;
}
@@ -2591,7 +2591,7 @@ ble_att_svr_rx_indicate(uint16_t conn_handle, struct os_mbuf **rxom)
/* All indications shall be confirmed, but only these with required
* security established shall be pass to application
*/
- if (MYNEWT_VAL(BLE_SM_SC_LVL) >= 2 && !sec_state.encrypted) {
+ if (MYNEWT_VAL(BLE_SM_LVL) >= 2 && !sec_state.encrypted) {
goto done;
}
diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index 5489551a..fa14a367 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1737,10 +1737,10 @@ ble_sm_verify_auth_requirements(uint8_t cmd)
return false;
}
}
- /* Fail if Secure Connections level forces MITM protection and remote does not
+ /* Fail if security level forces MITM protection and remote does not
* support it
*/
- if (MYNEWT_VAL(BLE_SM_SC_LVL) >= 3 && !(cmd & BLE_SM_PAIR_AUTHREQ_MITM)) {
+ if (MYNEWT_VAL(BLE_SM_LVL) >= 3 && !(cmd & BLE_SM_PAIR_AUTHREQ_MITM)) {
return false;
}
return true;
@@ -1823,7 +1823,7 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
if (conn->bhc_flags & BLE_HS_CONN_F_MASTER) {
res->sm_err = BLE_SM_ERR_CMD_NOT_SUPP;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_CMD_NOT_SUPP);
- } else if (MYNEWT_VAL(BLE_SM_SC_LVL) == 1) {
+ } else if (MYNEWT_VAL(BLE_SM_LVL) == 1) {
res->sm_err = BLE_SM_ERR_CMD_NOT_SUPP;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_CMD_NOT_SUPP);
} else if (req->max_enc_key_size < BLE_SM_PAIR_KEY_SZ_MIN) {
diff --git a/nimble/host/syscfg.yml b/nimble/host/syscfg.yml
index 04662402..e9d984dc 100644
--- a/nimble/host/syscfg.yml
+++ b/nimble/host/syscfg.yml
@@ -108,7 +108,7 @@ syscfg.defs:
- 'BLE_SM_SC if 1'
- '!BLE_SM_LEGACY if 1'
- BLE_SM_SC_LVL:
+ BLE_SM_LVL:
description: >
Force global Secure Connections mode 1 level. This level
describes requirements for pairing response/request received
@@ -117,7 +117,8 @@ syscfg.defs:
authentication requirements is granted
- 2 - allow to pair despite MITM being on or off
- 3 - allow to pair only when MITM protection is on
- - 4 - allow to pair only when 128 bit key is used and MITM is on
+ - 4 - allow to pair only with Secure Connections and
+ when 128 bit key is used and MITM is on
When set to 0 level is no forced and pairing is allowed for all
requests/responses with valid values (for example pairing will be
rejected with key longer than 128 bits). Successful pairing with
diff --git a/porting/examples/linux/include/syscfg/syscfg.h b/porting/examples/linux/include/syscfg/syscfg.h
index 14877d16..65aa24eb 100644
--- a/porting/examples/linux/include/syscfg/syscfg.h
+++ b/porting/examples/linux/include/syscfg/syscfg.h
@@ -823,8 +823,8 @@
#define MYNEWT_VAL_BLE_SM_SC_DEBUG_KEYS (0)
#endif
-#ifndef MYNEWT_VAL_BLE_SM_SC_LVL
-#define MYNEWT_VAL_BLE_SM_SC_LVL (0)
+#ifndef MYNEWT_VAL_BLE_SM_LVL
+#define MYNEWT_VAL_BLE_SM_LVL (0)
#endif
#ifndef MYNEWT_VAL_BLE_SM_SC_ONLY
diff --git a/porting/examples/linux_blemesh/include/syscfg/syscfg.h b/porting/examples/linux_blemesh/include/syscfg/syscfg.h
index 5fccff8a..9fdaff3d 100644
--- a/porting/examples/linux_blemesh/include/syscfg/syscfg.h
+++ b/porting/examples/linux_blemesh/include/syscfg/syscfg.h
@@ -826,8 +826,8 @@
#define MYNEWT_VAL_BLE_SM_SC_DEBUG_KEYS (0)
#endif
-#ifndef MYNEWT_VAL_BLE_SM_SC_LVL
-#define MYNEWT_VAL_BLE_SM_SC_LVL (0)
+#ifndef MYNEWT_VAL_BLE_SM_LVL
+#define MYNEWT_VAL_BLE_SM_LVL (0)
#endif
#ifndef MYNEWT_VAL_BLE_SM_SC_ONLY
diff --git a/porting/examples/nuttx/include/syscfg/syscfg.h b/porting/examples/nuttx/include/syscfg/syscfg.h
index 435b3aeb..fd9f4561 100644
--- a/porting/examples/nuttx/include/syscfg/syscfg.h
+++ b/porting/examples/nuttx/include/syscfg/syscfg.h
@@ -825,8 +825,8 @@
#define MYNEWT_VAL_BLE_SM_SC_DEBUG_KEYS (0)
#endif
-#ifndef MYNEWT_VAL_BLE_SM_SC_LVL
-#define MYNEWT_VAL_BLE_SM_SC_LVL (0)
+#ifndef MYNEWT_VAL_BLE_SM_LVL
+#define MYNEWT_VAL_BLE_SM_LVL (0)
#endif
#ifndef MYNEWT_VAL_BLE_SM_SC_ONLY
diff --git a/porting/nimble/include/syscfg/syscfg.h b/porting/nimble/include/syscfg/syscfg.h
index ba2a292d..a3602308 100644
--- a/porting/nimble/include/syscfg/syscfg.h
+++ b/porting/nimble/include/syscfg/syscfg.h
@@ -822,8 +822,8 @@
#define MYNEWT_VAL_BLE_SM_SC_DEBUG_KEYS (0)
#endif
-#ifndef MYNEWT_VAL_BLE_SM_SC_LVL
-#define MYNEWT_VAL_BLE_SM_SC_LVL (0)
+#ifndef MYNEWT_VAL_BLE_SM_LVL
+#define MYNEWT_VAL_BLE_SM_LVL (0)
#endif
#ifndef MYNEWT_VAL_BLE_SM_SC_ONLY
diff --git a/porting/npl/riot/include/syscfg/syscfg.h b/porting/npl/riot/include/syscfg/syscfg.h
index 84bdea5e..2d5f4b2e 100644
--- a/porting/npl/riot/include/syscfg/syscfg.h
+++ b/porting/npl/riot/include/syscfg/syscfg.h
@@ -1584,8 +1584,8 @@
#define MYNEWT_VAL_BLE_SM_SC_DEBUG_KEYS (0)
#endif
-#ifndef MYNEWT_VAL_BLE_SM_SC_LVL
-#define MYNEWT_VAL_BLE_SM_SC_LVL (0)
+#ifndef MYNEWT_VAL_BLE_SM_LVL
+#define MYNEWT_VAL_BLE_SM_LVL (0)
#endif
#ifndef MYNEWT_VAL_BLE_SM_SC_ONLY