don't use Master Identification Information to replace addr_type and address, sort security check order

2025-02-14 09:39:55 +00:00 · 2014-01-07 18:24:50 +00:00 · 2014-01-07 18:24:50 +00:00 · 0d0bcdceb3
commit 0d0bcdceb3
parent 8c0b356c3e
5 changed files with 16 additions and 11 deletions
--- a/ble/att.c
+++ b/ble/att.c
@ -259,14 +259,15 @@ static inline uint16_t setup_error_invalid_offset(uint8_t * response_buffer, uin

 static uint8_t att_validate_security(att_connection_t * att_connection, att_iterator_t * it){
    int required_encryption_size = it->flags >> 12;
+    if (required_encryption_size) required_encryption_size++;   // store -1 to fit into 4 bit
    printf("att_validate_security. flags 0x%04x - req enc size %u, authorized %u, authenticated %u, encryption_key_size %u\n",
        it->flags, required_encryption_size, att_connection->authorized, att_connection->authenticated, att_connection->encryption_key_size);
-    if ((it->flags & ATT_PROPERTY_AUTHORIZATION_REQUIRED) && att_connection->authorized == 0) {
-        return ATT_ERROR_INSUFFICIENT_AUTHORIZATION;
-    }
    if ((it->flags & ATT_PROPERTY_AUTHENTICATION_REQUIRED) && att_connection->authenticated == 0) {
        return ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
    }
+    if ((it->flags & ATT_PROPERTY_AUTHORIZATION_REQUIRED) && att_connection->authorized == 0) {
+        return ATT_ERROR_INSUFFICIENT_AUTHORIZATION;
+    }
    if (required_encryption_size > 0 && att_connection->encryption_key_size == 0){
        return ATT_ERROR_INSUFFICIENT_ENCRYPTION;
    }
--- a/ble/att_server.c
+++ b/ble/att_server.c
@ -146,7 +146,8 @@ static void att_event_packet_handler (uint8_t packet_type, uint16_t channel, uin
                    sm_event_t * event = (sm_event_t *) packet;
                    if (event->addr_type != att_client_addr_type) break;
                    if (memcmp(event->address, att_client_address, 6) != 0) break;
-                    att_connection.authenticated = event->authorization_result;
+                    att_connection.authorized = event->authorization_result;
+                    att_run();
                	break;
                }

--- a/ble/sm.c
+++ b/ble/sm.c
@ -504,7 +504,7 @@ static void sm_notify_client(uint8_t type, uint8_t addr_type, bd_addr_t address,
    event.passkey = passkey;
    event.central_device_db_index = index;

-    log_info("sm_notify_client %02x, addres_type %u, address (), num '%06u', index %u", event.type, event.addr_type, event.passkey, event.central_device_db_index);
+    log_info("sm_notify_client %02x, addres_type %u, address %s, num '%06u', index %u", event.type, event.addr_type, bd_addr_to_str(event.address), event.passkey, event.central_device_db_index);

    if (!sm_client_packet_handler) return;
    sm_client_packet_handler(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event));
@ -518,7 +518,7 @@ static void sm_notify_client_authorization(uint8_t type, uint8_t addr_type, bd_a
    BD_ADDR_COPY(event.address, address);
    event.authorization_result = result;

-    log_info("sm_notify_client_authorization %02x, address_type %u, address (), result %u", event.type, event.addr_type, event.authorization_result);
+    log_info("sm_notify_client_authorization %02x, address_type %u, address %s, result %u", event.type, event.addr_type, bd_addr_to_str(event.address), event.authorization_result);

    if (!sm_client_packet_handler) return;
    sm_client_packet_handler(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event));
@ -1212,8 +1212,10 @@ static void sm_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *pac

                case SM_CODE_IDENTITY_ADDRESS_INFORMATION:
                    sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
-                    sm_m_addr_type = packet[1];
-                    BD_ADDR_COPY(sm_m_address, &packet[2]); 
+                    // note: we don't update addr_type and address as higher layer would get confused
+                    // note: if needed, we could use a different variable pair
+                    // sm_m_addr_type = packet[1];
+                    // BD_ADDR_COPY(sm_m_address, &packet[2]); 
                    break;

                case SM_CODE_SIGNING_INFORMATION:
--- a/example/libusb/ble_peripheral.c
+++ b/example/libusb/ble_peripheral.c
@ -160,7 +160,7 @@ static void app_packet_handler (uint8_t packet_type, uint16_t channel, uint8_t *
                case SM_PASSKEY_DISPLAY_NUMBER: {
                    // display number
                    sm_event_t * event = (sm_event_t *) packet;
-                    printf("GAP Bonding: Display Passkey '%u\n", event->passkey);
+                    printf("GAP Bonding: Display Passkey '%06u\n", event->passkey);
                    break;
                }

@ -205,7 +205,8 @@ void setup(void){
    sm_init();
    sm_set_io_capabilities(IO_CAPABILITY_DISPLAY_ONLY);
    sm_set_authentication_requirements( SM_AUTHREQ_BONDING | SM_AUTHREQ_MITM_PROTECTION); 
-    sm_set_request_security(1);
+    // sm_set_request_security(1);
+    // sm_set_encrypted_key_size_range(7,15);

    // setup ATT server
    att_server_init(profile_data, NULL, att_write_callback);    
--- a/example/libusb/profile.gatt
+++ b/example/libusb/profile.gatt
@ -6,7 +6,7 @@ PRIMARY_SERVICE, GATT_SERVICE
 CHARACTERISTIC, GATT_SERVICE_CHANGED, READ,

 PRIMARY_SERVICE, FFF0
-CHARACTERISTIC, FFF1, READ | WRITE | DYNAMIC, 
+CHARACTERISTIC, FFF1, READ | WRITE | DYNAMIC | AUTHORIZATION_REQUIRED | ENCRYPTION_KEY_SIZE_7 | AUTHENTICATION_REQUIRED, 
 CHARACTERISTIC, FFF2, READ | WRITE | DYNAMIC, 
 CHARACTERISTIC, FFF3, READ | NOTIFY | INDICATE | CLIENT_CONFIGURATION, 
 CHARACTERISTIC, 00001234-0000-1000-8000-00805F9B34FB, READ | WRITE | DYNAMIC,