nimble/sm: Fix Secure Connection only mode This patch fix scenarion when one device has set SC only mode and second device Legacy pairing
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/51d35533 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/51d35533 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/51d35533 Branch: refs/heads/develop Commit: 51d355330554af2ac86a7119f8b8b0bdc624642c Parents: ea988a0 Author: Åukasz Rymanowski <[email protected]> Authored: Wed Mar 22 23:48:46 2017 +0100 Committer: Åukasz Rymanowski <[email protected]> Committed: Thu Mar 23 09:44:15 2017 +0100 ---------------------------------------------------------------------- net/nimble/host/src/ble_sm.c | 50 +++++++++++++++++++++++---------- net/nimble/host/src/ble_sm_lgcy.c | 19 ++++++------- net/nimble/host/src/ble_sm_priv.h | 8 +++--- net/nimble/host/src/ble_sm_sc.c | 51 ++++++++++++++++++++++++---------- 4 files changed, 85 insertions(+), 43 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/51d35533/net/nimble/host/src/ble_sm.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_sm.c b/net/nimble/host/src/ble_sm.c index ef2f41b..f37d4fc 100644 --- a/net/nimble/host/src/ble_sm.c +++ b/net/nimble/host/src/ble_sm.c @@ -710,12 +710,12 @@ ble_sm_build_authreq(void) } static int -ble_sm_io_action(struct ble_sm_proc *proc) +ble_sm_io_action(struct ble_sm_proc *proc, uint8_t *action) { if (proc->flags & BLE_SM_PROC_F_SC) { - return ble_sm_sc_io_action(proc); + return ble_sm_sc_io_action(proc, action); } else { - return ble_sm_lgcy_io_action(proc); + return ble_sm_lgcy_io_action(proc, action); } } @@ -744,8 +744,13 @@ int ble_sm_proc_can_advance(struct ble_sm_proc *proc) { uint8_t ioact; + int rc; + + rc = ble_sm_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } - ioact = ble_sm_io_action(proc); if (ble_sm_ioact_state(ioact) != proc->state) { return 1; } @@ -1379,7 +1384,13 @@ ble_sm_confirm_rx(uint16_t conn_handle, struct os_mbuf **om, proc->state = BLE_SM_PROC_STATE_RANDOM; res->execute = 1; } else { - ioact = ble_sm_io_action(proc); + int rc; + + rc = ble_sm_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } + if (ble_sm_ioact_state(ioact) == proc->state) { proc->flags |= BLE_SM_PROC_F_ADVANCE_ON_IO; } @@ -1503,7 +1514,9 @@ ble_sm_pair_exec(struct ble_sm_proc *proc, struct ble_sm_result *res, ble_sm_pair_cfg(proc); proc->state = ble_sm_state_after_pair(proc); - ioact = ble_sm_io_action(proc); + rc = ble_sm_io_action(proc, &ioact); + BLE_HS_DBG_ASSERT(rc == 0); + if (ble_sm_ioact_state(ioact) == proc->state) { res->passkey_params.action = ioact; } @@ -1621,15 +1634,23 @@ ble_sm_pair_rsp_rx(uint16_t conn_handle, struct os_mbuf **om, res->sm_err = BLE_SM_ERR_INVAL; res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL); } else { + int rc; + ble_sm_pair_cfg(proc); - proc->state = ble_sm_state_after_pair(proc); - ioact = ble_sm_io_action(proc); - if (ble_sm_ioact_state(ioact) == proc->state) { - res->passkey_params.action = ioact; - } - if (ble_sm_proc_can_advance(proc)) { - res->execute = 1; + rc = ble_sm_io_action(proc, &ioact); + if (rc != 0) { + res->sm_err = BLE_SM_ERR_AUTHREQ; + res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ); + res->enc_cb = 1; + } else { + proc->state = ble_sm_state_after_pair(proc); + if (ble_sm_ioact_state(ioact) == proc->state) { + res->passkey_params.action = ioact; + } + if (ble_sm_proc_can_advance(proc)) { + res->execute = 1; + } } } } @@ -2373,6 +2394,7 @@ ble_sm_inject_io(uint16_t conn_handle, struct ble_sm_io *pkey) struct ble_sm_result res; struct ble_sm_proc *proc; int rc; + uint8_t action; memset(&res, 0, sizeof res); @@ -2383,7 +2405,7 @@ ble_sm_inject_io(uint16_t conn_handle, struct ble_sm_io *pkey) rc = BLE_HS_ENOENT; } else if (proc->flags & BLE_SM_PROC_F_IO_INJECTED) { rc = BLE_HS_EALREADY; - } else if (pkey->action != ble_sm_io_action(proc)) { + } else if ((ble_sm_io_action(proc, &action) == 0) && pkey->action != action) { /* Application provided incorrect IO type. */ rc = BLE_HS_EINVAL; } else if (ble_sm_ioact_state(pkey->action) != proc->state) { http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/51d35533/net/nimble/host/src/ble_sm_lgcy.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_sm_lgcy.c b/net/nimble/host/src/ble_sm_lgcy.c index 1447028..ff53b1e 100644 --- a/net/nimble/host/src/ble_sm_lgcy.c +++ b/net/nimble/host/src/ble_sm_lgcy.c @@ -61,31 +61,30 @@ static const uint8_t ble_sm_lgcy_resp_ioa[5 /*resp*/ ][5 /*init*/ ] = }; int -ble_sm_lgcy_io_action(struct ble_sm_proc *proc) +ble_sm_lgcy_io_action(struct ble_sm_proc *proc, uint8_t *action) { struct ble_sm_pair_cmd *pair_req, *pair_rsp; - int action; pair_req = (struct ble_sm_pair_cmd *) &proc->pair_req[1]; pair_rsp = (struct ble_sm_pair_cmd *) &proc->pair_rsp[1]; if (pair_req->oob_data_flag == BLE_SM_PAIR_OOB_YES && pair_rsp->oob_data_flag == BLE_SM_PAIR_OOB_YES) { - action = BLE_SM_IOACT_OOB; + *action = BLE_SM_IOACT_OOB; } else if (!(pair_req->authreq & BLE_SM_PAIR_AUTHREQ_MITM) && !(pair_rsp->authreq & BLE_SM_PAIR_AUTHREQ_MITM)) { - action = BLE_SM_IOACT_NONE; + *action = BLE_SM_IOACT_NONE; } else if (pair_req->io_cap >= BLE_SM_IO_CAP_RESERVED || pair_rsp->io_cap >= BLE_SM_IO_CAP_RESERVED) { - action = BLE_SM_IOACT_NONE; + *action = BLE_SM_IOACT_NONE; } else if (proc->flags & BLE_SM_PROC_F_INITIATOR) { - action = ble_sm_lgcy_init_ioa[pair_rsp->io_cap][pair_req->io_cap]; + *action = ble_sm_lgcy_init_ioa[pair_rsp->io_cap][pair_req->io_cap]; } else { - action = ble_sm_lgcy_resp_ioa[pair_rsp->io_cap][pair_req->io_cap]; + *action = ble_sm_lgcy_resp_ioa[pair_rsp->io_cap][pair_req->io_cap]; } - switch (action) { + switch (*action) { case BLE_SM_IOACT_NONE: proc->pair_alg = BLE_SM_PAIR_ALG_JW; break; @@ -103,10 +102,10 @@ ble_sm_lgcy_io_action(struct ble_sm_proc *proc) default: BLE_HS_DBG_ASSERT(0); - break; + return BLE_HS_EINVAL; } - return action; + return 0; } void http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/51d35533/net/nimble/host/src/ble_sm_priv.h ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_sm_priv.h b/net/nimble/host/src/ble_sm_priv.h index 86c31da..0263dda 100644 --- a/net/nimble/host/src/ble_sm_priv.h +++ b/net/nimble/host/src/ble_sm_priv.h @@ -332,7 +332,7 @@ void ble_sm_enc_key_refresh_rx(struct hci_encrypt_key_refresh *evt); int ble_sm_ltk_req_rx(struct hci_le_lt_key_req *evt); #if MYNEWT_VAL(BLE_SM_LEGACY) -int ble_sm_lgcy_io_action(struct ble_sm_proc *proc); +int ble_sm_lgcy_io_action(struct ble_sm_proc *proc, uint8_t *action); void ble_sm_lgcy_confirm_exec(struct ble_sm_proc *proc, struct ble_sm_result *res); void ble_sm_lgcy_random_exec(struct ble_sm_proc *proc, @@ -340,14 +340,14 @@ void ble_sm_lgcy_random_exec(struct ble_sm_proc *proc, void ble_sm_lgcy_random_rx(struct ble_sm_proc *proc, struct ble_sm_result *res); #else -#define ble_sm_lgcy_io_action(proc) (BLE_HS_ENOTSUP) +#define ble_sm_lgcy_io_action(proc, action) (BLE_HS_ENOTSUP) #define ble_sm_lgcy_confirm_exec(proc, res) #define ble_sm_lgcy_random_exec(proc, res) #define ble_sm_lgcy_random_rx(proc, res) #endif #if MYNEWT_VAL(BLE_SM_SC) -int ble_sm_sc_io_action(struct ble_sm_proc *proc); +int ble_sm_sc_io_action(struct ble_sm_proc *proc, uint8_t *action); void ble_sm_sc_confirm_exec(struct ble_sm_proc *proc, struct ble_sm_result *res); void ble_sm_sc_random_exec(struct ble_sm_proc *proc, @@ -364,7 +364,7 @@ void ble_sm_sc_dhkey_check_rx(uint16_t conn_handle, struct os_mbuf **rxom, struct ble_sm_result *res); void ble_sm_sc_init(void); #else -#define ble_sm_sc_io_action(proc) (BLE_SM_IOACT_NONE) +#define ble_sm_sc_io_action(proc, action) (BLE_HS_ENOTSUP) #define ble_sm_sc_confirm_exec(proc, res) #define ble_sm_sc_random_exec(proc, res) #define ble_sm_sc_random_rx(proc, res) http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/51d35533/net/nimble/host/src/ble_sm_sc.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_sm_sc.c b/net/nimble/host/src/ble_sm_sc.c index f78b049..8f6bc85 100644 --- a/net/nimble/host/src/ble_sm_sc.c +++ b/net/nimble/host/src/ble_sm_sc.c @@ -108,31 +108,30 @@ ble_sm_dbg_set_sc_keys(uint8_t *pubkey, uint8_t *privkey) #endif int -ble_sm_sc_io_action(struct ble_sm_proc *proc) +ble_sm_sc_io_action(struct ble_sm_proc *proc, uint8_t *action) { struct ble_sm_pair_cmd *pair_req, *pair_rsp; - int action; pair_req = (struct ble_sm_pair_cmd *) &proc->pair_req[1]; pair_rsp = (struct ble_sm_pair_cmd *) &proc->pair_rsp[1]; if (pair_req->oob_data_flag == BLE_SM_PAIR_OOB_YES || pair_rsp->oob_data_flag == BLE_SM_PAIR_OOB_YES) { - action = BLE_SM_IOACT_OOB; + *action = BLE_SM_IOACT_OOB; } else if (!(pair_req->authreq & BLE_SM_PAIR_AUTHREQ_MITM) && !(pair_rsp->authreq & BLE_SM_PAIR_AUTHREQ_MITM)) { - action = BLE_SM_IOACT_NONE; + *action = BLE_SM_IOACT_NONE; } else if (pair_req->io_cap >= BLE_SM_IO_CAP_RESERVED || pair_rsp->io_cap >= BLE_SM_IO_CAP_RESERVED) { - action = BLE_SM_IOACT_NONE; + *action = BLE_SM_IOACT_NONE; } else if (proc->flags & BLE_SM_PROC_F_INITIATOR) { - action = ble_sm_sc_init_ioa[pair_rsp->io_cap][pair_req->io_cap]; + *action = ble_sm_sc_init_ioa[pair_rsp->io_cap][pair_req->io_cap]; } else { - action = ble_sm_sc_resp_ioa[pair_rsp->io_cap][pair_req->io_cap]; + *action = ble_sm_sc_resp_ioa[pair_rsp->io_cap][pair_req->io_cap]; } - switch (action) { + switch (*action) { case BLE_SM_IOACT_NONE: proc->pair_alg = BLE_SM_PAIR_ALG_JW; break; @@ -155,10 +154,10 @@ ble_sm_sc_io_action(struct ble_sm_proc *proc) default: BLE_HS_DBG_ASSERT(0); - break; + return BLE_HS_EINVAL; } - return action; + return 0; } static int @@ -403,7 +402,9 @@ ble_sm_sc_random_exec(struct ble_sm_proc *proc, struct ble_sm_result *res) return; } - ioact = ble_sm_sc_io_action(proc); + rc = ble_sm_sc_io_action(proc, &ioact); + BLE_HS_DBG_ASSERT(rc == 0); + if (ble_sm_ioact_state(ioact) == proc->state && !(proc->flags & BLE_SM_PROC_F_IO_INJECTED)) { @@ -480,8 +481,13 @@ ble_sm_sc_random_rx(struct ble_sm_proc *proc, struct ble_sm_result *res) if (proc->flags & BLE_SM_PROC_F_INITIATOR) { ble_sm_sc_random_advance(proc); + int rc; + + rc = ble_sm_sc_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } - ioact = ble_sm_sc_io_action(proc); if (ble_sm_ioact_state(ioact) == proc->state && !(proc->flags & BLE_SM_PROC_F_IO_INJECTED)) { @@ -531,8 +537,13 @@ ble_sm_sc_public_key_exec(struct ble_sm_proc *proc, struct ble_sm_result *res, if (!(proc->flags & BLE_SM_PROC_F_INITIATOR)) { proc->state = BLE_SM_PROC_STATE_CONFIRM; + int rc; + + rc = ble_sm_sc_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } - ioact = ble_sm_sc_io_action(proc); if (ble_sm_ioact_state(ioact) == proc->state) { res->passkey_params.action = ioact; } @@ -588,9 +599,15 @@ ble_sm_sc_public_key_rx(uint16_t conn_handle, struct os_mbuf **om, res->enc_cb = 1; } else { if (proc->flags & BLE_SM_PROC_F_INITIATOR) { + int rc; + proc->state = BLE_SM_PROC_STATE_CONFIRM; - ioact = ble_sm_sc_io_action(proc); + rc = ble_sm_sc_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } + if (ble_sm_ioact_state(ioact) == proc->state) { res->passkey_params.action = ioact; } @@ -690,6 +707,7 @@ ble_sm_dhkey_check_process(struct ble_sm_proc *proc, ble_addr_t peer_addr; uint8_t *iocap; uint8_t ioact; + int rc; if (proc->flags & BLE_SM_PROC_F_INITIATOR) { struct ble_sm_pair_cmd *pair_rsp; @@ -729,8 +747,11 @@ ble_sm_dhkey_check_process(struct ble_sm_proc *proc, return; } + rc = ble_sm_sc_io_action(proc, &ioact); + if (rc != 0) { + BLE_HS_DBG_ASSERT(0); + } - ioact = ble_sm_sc_io_action(proc); if (ble_sm_ioact_state(ioact) == proc->state) { proc->flags |= BLE_SM_PROC_F_ADVANCE_ON_IO; }
