diff --git a/ble/att.c b/ble/att.c index fca40497f..c8febcc76 100644 --- a/ble/att.c +++ b/ble/att.c @@ -259,14 +259,15 @@ static inline uint16_t setup_error_invalid_offset(uint8_t * response_buffer, uin static uint8_t att_validate_security(att_connection_t * att_connection, att_iterator_t * it){ int required_encryption_size = it->flags >> 12; + if (required_encryption_size) required_encryption_size++; // store -1 to fit into 4 bit printf("att_validate_security. flags 0x%04x - req enc size %u, authorized %u, authenticated %u, encryption_key_size %u\n", it->flags, required_encryption_size, att_connection->authorized, att_connection->authenticated, att_connection->encryption_key_size); - if ((it->flags & ATT_PROPERTY_AUTHORIZATION_REQUIRED) && att_connection->authorized == 0) { - return ATT_ERROR_INSUFFICIENT_AUTHORIZATION; - } if ((it->flags & ATT_PROPERTY_AUTHENTICATION_REQUIRED) && att_connection->authenticated == 0) { return ATT_ERROR_INSUFFICIENT_AUTHENTICATION; } + if ((it->flags & ATT_PROPERTY_AUTHORIZATION_REQUIRED) && att_connection->authorized == 0) { + return ATT_ERROR_INSUFFICIENT_AUTHORIZATION; + } if (required_encryption_size > 0 && att_connection->encryption_key_size == 0){ return ATT_ERROR_INSUFFICIENT_ENCRYPTION; } diff --git a/ble/att_server.c b/ble/att_server.c index 9203a9a88..b1972f7a0 100644 --- a/ble/att_server.c +++ b/ble/att_server.c @@ -146,7 +146,8 @@ static void att_event_packet_handler (uint8_t packet_type, uint16_t channel, uin sm_event_t * event = (sm_event_t *) packet; if (event->addr_type != att_client_addr_type) break; if (memcmp(event->address, att_client_address, 6) != 0) break; - att_connection.authenticated = event->authorization_result; + att_connection.authorized = event->authorization_result; + att_run(); break; } diff --git a/ble/sm.c b/ble/sm.c index d69686a6e..a3dc75761 100644 --- a/ble/sm.c +++ b/ble/sm.c @@ -504,7 +504,7 @@ static void sm_notify_client(uint8_t type, uint8_t addr_type, bd_addr_t address, event.passkey = passkey; event.central_device_db_index = index; - log_info("sm_notify_client %02x, addres_type %u, address (), num '%06u', index %u", event.type, event.addr_type, event.passkey, event.central_device_db_index); + log_info("sm_notify_client %02x, addres_type %u, address %s, num '%06u', index %u", event.type, event.addr_type, bd_addr_to_str(event.address), event.passkey, event.central_device_db_index); if (!sm_client_packet_handler) return; sm_client_packet_handler(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event)); @@ -518,7 +518,7 @@ static void sm_notify_client_authorization(uint8_t type, uint8_t addr_type, bd_a BD_ADDR_COPY(event.address, address); event.authorization_result = result; - log_info("sm_notify_client_authorization %02x, address_type %u, address (), result %u", event.type, event.addr_type, event.authorization_result); + log_info("sm_notify_client_authorization %02x, address_type %u, address %s, result %u", event.type, event.addr_type, bd_addr_to_str(event.address), event.authorization_result); if (!sm_client_packet_handler) return; sm_client_packet_handler(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event)); @@ -1212,8 +1212,10 @@ static void sm_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *pac case SM_CODE_IDENTITY_ADDRESS_INFORMATION: sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION; - sm_m_addr_type = packet[1]; - BD_ADDR_COPY(sm_m_address, &packet[2]); + // note: we don't update addr_type and address as higher layer would get confused + // note: if needed, we could use a different variable pair + // sm_m_addr_type = packet[1]; + // BD_ADDR_COPY(sm_m_address, &packet[2]); break; case SM_CODE_SIGNING_INFORMATION: diff --git a/example/libusb/ble_peripheral.c b/example/libusb/ble_peripheral.c index a2061764a..a4509a228 100644 --- a/example/libusb/ble_peripheral.c +++ b/example/libusb/ble_peripheral.c @@ -160,7 +160,7 @@ static void app_packet_handler (uint8_t packet_type, uint16_t channel, uint8_t * case SM_PASSKEY_DISPLAY_NUMBER: { // display number sm_event_t * event = (sm_event_t *) packet; - printf("GAP Bonding: Display Passkey '%u\n", event->passkey); + printf("GAP Bonding: Display Passkey '%06u\n", event->passkey); break; } @@ -205,7 +205,8 @@ void setup(void){ sm_init(); sm_set_io_capabilities(IO_CAPABILITY_DISPLAY_ONLY); sm_set_authentication_requirements( SM_AUTHREQ_BONDING | SM_AUTHREQ_MITM_PROTECTION); - sm_set_request_security(1); + // sm_set_request_security(1); + // sm_set_encrypted_key_size_range(7,15); // setup ATT server att_server_init(profile_data, NULL, att_write_callback); diff --git a/example/libusb/profile.gatt b/example/libusb/profile.gatt index da7c2a772..8424424aa 100644 --- a/example/libusb/profile.gatt +++ b/example/libusb/profile.gatt @@ -6,7 +6,7 @@ PRIMARY_SERVICE, GATT_SERVICE CHARACTERISTIC, GATT_SERVICE_CHANGED, READ, PRIMARY_SERVICE, FFF0 -CHARACTERISTIC, FFF1, READ | WRITE | DYNAMIC, +CHARACTERISTIC, FFF1, READ | WRITE | DYNAMIC | AUTHORIZATION_REQUIRED | ENCRYPTION_KEY_SIZE_7 | AUTHENTICATION_REQUIRED, CHARACTERISTIC, FFF2, READ | WRITE | DYNAMIC, CHARACTERISTIC, FFF3, READ | NOTIFY | INDICATE | CLIENT_CONFIGURATION, CHARACTERISTIC, 00001234-0000-1000-8000-00805F9B34FB, READ | WRITE | DYNAMIC,