From 0806584e454ec82b4d2679475e19f02b5e5b7d4c Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 9 Feb 2018 10:52:39 +0000 Subject: [PATCH] oob presence set correctly for legacy pairing --- .../ble/generic/GenericSecurityDb.h | 11 ++++++---- .../source/generic/GenericSecurityManager.cpp | 21 ++++++++++++++----- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h b/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h index 54d1cf5112..f0f72bb946 100644 --- a/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h +++ b/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h @@ -57,8 +57,9 @@ struct SecurityEntry_t { signing_requested(false), mitm_requested(false), mitm_performed(false), - oob(false), - oob_mitm_protection(false) { } + attempt_oob(false), + oob_mitm_protection(false), + oob_present(false) { } /** * Reset state of the connection when disconnected. @@ -72,8 +73,9 @@ struct SecurityEntry_t { encryption_failed = false; encrypted = false; signing_requested = false; - oob = false; + attempt_oob = false; oob_mitm_protection = false; + oob_present = false; } connection_handle_t handle; @@ -102,8 +104,9 @@ struct SecurityEntry_t { uint8_t mitm_requested:1; uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */ - uint8_t oob:1; + uint8_t attempt_oob:1; uint8_t oob_mitm_protection:1; + uint8_t oob_present:1; }; struct SecurityEntryKeys_t { diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 63acb7f54f..f0de1348ab 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -152,7 +152,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio return _pal.send_pairing_request( connection, - entry->oob, + entry->oob_present, link_authentication, link_key_distribution, link_key_distribution @@ -175,7 +175,7 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con return _pal.send_pairing_response( connection, - entry->oob, + entry->oob_present, link_authentication, link_key_distribution, link_key_distribution @@ -486,7 +486,7 @@ ble_error_t GenericSecurityManager::setOOBDataUsage( return BLE_ERROR_INVALID_PARAM; } - entry->oob = useOOB; + entry->attempt_oob = useOOB; entry->oob_mitm_protection = OOBProvidesMITM; if (_public_keys_generated) { @@ -660,9 +660,20 @@ void GenericSecurityManager::generate_secure_connections_oob( void GenericSecurityManager::update_oob_presence(connection_handle_t connection) { SecurityEntry_t *entry = _db.get_entry(connection); - if (entry) { + if (!entry) { + return; + } + + /* only update the oob state if we support secure connections, + * otherwise follow the user set preference for providing legacy + * pairing oob data */ + entry->oob_present = entry->attempt_oob; + + if (_default_authentication.get_secure_connections()) { if (entry->peer_address == _db.get_peer_sc_oob_address()) { - entry->oob = true; + entry->oob_present = true; + } else { + entry->oob_present = false; } } }