ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

oob presence set correctly for legacy pairing

pull/6188/head
paul-szczepanek-arm 2018-02-09 10:52:39 +00:00
parent a2cff3079e
commit 0806584e45
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
features/FEATURE_BLE/ble/generic/GenericSecurityDb.h
View File

@ -57,8 +57,9 @@ struct SecurityEntry_t {
signing_requested(false), signing_requested(false),
mitm_requested(false), mitm_requested(false),
mitm_performed(false), mitm_performed(false),
oob(false), attempt_oob(false),
oob_mitm_protection(false) { } oob_mitm_protection(false),
oob_present(false) { }
/** /**
* Reset state of the connection when disconnected. * Reset state of the connection when disconnected.
@ -72,8 +73,9 @@ struct SecurityEntry_t {
encryption_failed = false; encryption_failed = false;
encrypted = false; encrypted = false;
signing_requested = false; signing_requested = false;
oob = false; attempt_oob = false;
oob_mitm_protection = false; oob_mitm_protection = false;
oob_present = false;
} }
connection_handle_t handle; connection_handle_t handle;
@ -102,8 +104,9 @@ struct SecurityEntry_t {
uint8_t mitm_requested:1; uint8_t mitm_requested:1;
uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */ uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */
uint8_t oob:1; uint8_t attempt_oob:1;
uint8_t oob_mitm_protection:1; uint8_t oob_mitm_protection:1;
uint8_t oob_present:1;
}; };
struct SecurityEntryKeys_t { struct SecurityEntryKeys_t {

21
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -152,7 +152,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio
return _pal.send_pairing_request( return _pal.send_pairing_request(
connection, connection,
entry->oob, entry->oob_present,
link_authentication, link_authentication,
link_key_distribution, link_key_distribution,
link_key_distribution link_key_distribution
@ -175,7 +175,7 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con
return _pal.send_pairing_response( return _pal.send_pairing_response(
connection, connection,
entry->oob, entry->oob_present,
link_authentication, link_authentication,
link_key_distribution, link_key_distribution,
link_key_distribution link_key_distribution
@ -486,7 +486,7 @@ ble_error_t GenericSecurityManager::setOOBDataUsage(
return BLE_ERROR_INVALID_PARAM; return BLE_ERROR_INVALID_PARAM;
} }
entry->oob = useOOB; entry->attempt_oob = useOOB;
entry->oob_mitm_protection = OOBProvidesMITM; entry->oob_mitm_protection = OOBProvidesMITM;
if (_public_keys_generated) { if (_public_keys_generated) {
@ -660,9 +660,20 @@ void GenericSecurityManager::generate_secure_connections_oob(
void GenericSecurityManager::update_oob_presence(connection_handle_t connection) { void GenericSecurityManager::update_oob_presence(connection_handle_t connection) {
SecurityEntry_t *entry = _db.get_entry(connection); SecurityEntry_t *entry = _db.get_entry(connection);
if (entry) { if (!entry) {
return;
}
/* only update the oob state if we support secure connections,
* otherwise follow the user set preference for providing legacy
* pairing oob data */
entry->oob_present = entry->attempt_oob;
if (_default_authentication.get_secure_connections()) {
if (entry->peer_address == _db.get_peer_sc_oob_address()) { if (entry->peer_address == _db.get_peer_sc_oob_address()) {
entry->oob = true; entry->oob_present = true;
} else {
entry->oob_present = false;
} }
} }
} }