oob presence set correctly for legacy pairing

2018-02-09 10:52:39 +00:00 · 2018-02-09 10:52:39 +00:00 · 0806584e45
parent a2cff3079e
commit 0806584e45
2 changed files with 23 additions and 9 deletions
--- a/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h
+++ b/features/FEATURE_BLE/ble/generic/GenericSecurityDb.h
@ -57,8 +57,9 @@ struct SecurityEntry_t {
        signing_requested(false),
        mitm_requested(false),
        mitm_performed(false),
-        oob(false),
-        oob_mitm_protection(false) { }
+        attempt_oob(false),
+        oob_mitm_protection(false),
+        oob_present(false) { }

    /**
     * Reset state of the connection when disconnected.
@ -72,8 +73,9 @@ struct SecurityEntry_t {
        encryption_failed = false;
        encrypted = false;
        signing_requested = false;
-        oob = false;
+        attempt_oob = false;
        oob_mitm_protection = false;
+        oob_present = false;
    }

    connection_handle_t handle;
@ -102,8 +104,9 @@ struct SecurityEntry_t {
    uint8_t mitm_requested:1;
    uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */

-    uint8_t oob:1;
+    uint8_t attempt_oob:1;
    uint8_t oob_mitm_protection:1;
+    uint8_t oob_present:1;
 };

 struct SecurityEntryKeys_t {
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -152,7 +152,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio

    return _pal.send_pairing_request(
        connection,
-        entry->oob,
+        entry->oob_present,
        link_authentication,
        link_key_distribution,
        link_key_distribution
@ -175,7 +175,7 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con

    return _pal.send_pairing_response(
        connection,
-        entry->oob,
+        entry->oob_present,
        link_authentication,
        link_key_distribution,
        link_key_distribution
@ -486,7 +486,7 @@ ble_error_t GenericSecurityManager::setOOBDataUsage(
        return BLE_ERROR_INVALID_PARAM;
    }

-    entry->oob = useOOB;
+    entry->attempt_oob = useOOB;
    entry->oob_mitm_protection = OOBProvidesMITM;

    if (_public_keys_generated) {
@ -660,9 +660,20 @@ void GenericSecurityManager::generate_secure_connections_oob(

 void GenericSecurityManager::update_oob_presence(connection_handle_t connection) {
    SecurityEntry_t *entry = _db.get_entry(connection);
-    if (entry) {
+    if (!entry) {
+        return;
+    }
+
+    /* only update the oob state if we support secure connections,
+     * otherwise follow the user set preference for providing legacy
+     * pairing oob data */
+    entry->oob_present = entry->attempt_oob;
+
+    if (_default_authentication.get_secure_connections()) {
        if (entry->peer_address == _db.get_peer_sc_oob_address()) {
-            entry->oob = true;
+            entry->oob_present = true;
+        } else {
+            entry->oob_present = false;
        }
    }
 }