count failures, trigger reparing when verification fails

2018-03-29 15:44:15 +01:00 · 2018-03-29 15:44:15 +01:00 · 9283413c4c
parent 780d8a4375
commit 9283413c4c
3 changed files with 22 additions and 7 deletions
--- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
+++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
@ -454,6 +454,8 @@ private:
        uint8_t oob_mitm_protection:1;
        uint8_t oob_present:1;
        uint8_t legacy_pairing_oob_request_pending:1;
+
+        uint8_t mic_failures:2;
    };

    pal::SecurityManager &_pal;
@ -526,7 +528,7 @@ public:

    /** @copydoc ble::pal::SecurityManager::on_invalid_mic
     */
-    virtual void on_invalid_mic(
+    virtual void on_signature_verification_failure(
        connection_handle_t connection
    );

--- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
+++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@ -281,12 +281,12 @@ public:
        ) = 0;

        /**
-         * Indicate that the MIC verification has failed. This could
+         * Indicate that signed data was rejected due to verification failure. This could
         * be due to an invalid CSRK key.
         *
         * @param[in] connection connection handle
         */
-        virtual void on_invalid_mic(
+        virtual void on_signature_verification_failure(
            connection_handle_t connection
        ) = 0;

--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -942,9 +942,21 @@ void GenericSecurityManager::on_valid_mic_timeout(connection_handle_t connection
    (void)connection;
 }

-void GenericSecurityManager::on_invalid_mic(connection_handle_t connection) {
-    (void)connection;
-    /* TODO: count and re-pair when threshold reached */
+void GenericSecurityManager::on_signature_verification_failure(connection_handle_t connection) {
+    ControlBlock_t *cb = get_control_block(connection);
+    if (!cb) {
+        return;
+    }
+
+    cb->mic_failures++;
+    if (cb->mic_failures == 3) {
+        cb->mic_failures = 0;
+        if (cb->is_master) {
+           requestPairing(connection);
+        } else {
+           slave_security_request(connection);
+        }
+    }
 }

 void GenericSecurityManager::on_slave_security_request(
@ -1263,7 +1275,8 @@ GenericSecurityManager::ControlBlock_t::ControlBlock_t() :
    attempt_oob(false),
    oob_mitm_protection(false),
    oob_present(false),
-    legacy_pairing_oob_request_pending(false) { }
+    legacy_pairing_oob_request_pending(false),
+    mic_failures(0) { }

 void GenericSecurityManager::on_ltk_request(connection_handle_t connection)
 {