From f9a79bed158da7b825b5666baa1b7b972ccbe56f Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Wed, 28 Feb 2018 17:43:54 +0000 Subject: [PATCH] fixed initiator distribution bug and setting LINK distribution field based on SC --- features/FEATURE_BLE/ble/SecurityManager.h | 2 +- .../source/generic/GenericSecurityManager.cpp | 26 ++++++++++--------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 29a16ece1c..dc2d3ec14f 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -68,7 +68,7 @@ * may be called as a result of the application requiring encryption or encryption through * requestAuthentication() or setLinkEncryption(). * - * All these can be implicitly called by useing setLinkSecurity() to conveniently set the required + * All these can be implicitly called by using setLinkSecurity() to conveniently set the required * security for the link. The SecurityManager will trigger all the process required to achieve the set * security level. * diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 481a261f45..0e4a500fe5 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -56,6 +56,8 @@ ble_error_t GenericSecurityManager::init( _default_authentication.set_secure_connections(secure_connections); _default_authentication.set_keypress_notification(true); + _default_key_distribution.set_link(secure_connections); + _default_key_distribution.set_signing(signing); if (signing) { init_signing(); @@ -126,7 +128,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio /* by default the initiator doesn't send any keys other then identity */ KeyDistribution initiator_distribution( - KeyDistribution::KEY_DISTRIBUTION_IDENTITY | KeyDistribution::KEY_DISTRIBUTION_LINK + KeyDistribution::KEY_DISTRIBUTION_IDENTITY | _default_key_distribution.get_link() ); /* if requested the initiator may send all the default keys for later @@ -171,28 +173,28 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con link_authentication.set_mitm(true); } - KeyDistribution initiator_dist = cb->get_initiator_key_distribution(); + KeyDistribution initiator_distribution = cb->get_initiator_key_distribution(); if (_master_sends_keys) { - initiator_dist &= _default_key_distribution; + initiator_distribution &= _default_key_distribution; } else { - initiator_dist &= KeyDistribution(KeyDistribution::KEY_DISTRIBUTION_IDENTITY | KeyDistribution::KEY_DISTRIBUTION_LINK); + initiator_distribution &= KeyDistribution(KeyDistribution::KEY_DISTRIBUTION_IDENTITY | KeyDistribution::KEY_DISTRIBUTION_LINK); } /* signing has to be offered and enabled on the link */ - if (initiator_dist.get_signing()) { - initiator_dist.set_signing( + if (initiator_distribution.get_signing()) { + initiator_distribution.set_signing( cb->signing_override_default ? cb->signing_requested : _default_key_distribution.get_signing() ); } - KeyDistribution responder_dist(cb->get_responder_key_distribution()); + KeyDistribution responder_distribution(cb->get_responder_key_distribution()); - responder_dist &= _default_key_distribution; + responder_distribution &= _default_key_distribution; /* signing has to be requested and enabled on the link */ - if (responder_dist.get_signing()) { - responder_dist.set_signing( + if (responder_distribution.get_signing()) { + responder_distribution.set_signing( cb->signing_override_default ? cb->signing_requested : _default_key_distribution.get_signing() ); } @@ -201,8 +203,8 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con connection, cb->oob_present, link_authentication, - responder_dist, - responder_dist + initiator_distribution, + responder_distribution ); }