mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-02-14 00:40:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

don't modify ssp authreq for dedicated bonding

Browse Source
This commit is contained in:
matthias.ringwald@gmail.com 2014-01-19 15:04:04 +00:00
parent ad83dc6a89
commit 106d6d11cb
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/gap.h
View File

@ -94,6 +94,7 @@ gap_security_level_t gap_security_level_for_link_key_type(link_key_type_t link_k
gap_security_level_t gap_security_level(hci_con_handle_t con_handle); gap_security_level_t gap_security_level(hci_con_handle_t con_handle);
void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_t level); void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_t level);
int gap_mitm_protection_required_for_security_level(gap_security_level_t level);
#if defined __cplusplus #if defined __cplusplus
} }

17
src/hci.c
View File

@ -1291,7 +1291,14 @@ void hci_run(){
if (connection->authentication_flags & SEND_IO_CAPABILITIES_REPLY){ if (connection->authentication_flags & SEND_IO_CAPABILITIES_REPLY){
connectionClearAuthenticationFlags(connection, SEND_IO_CAPABILITIES_REPLY); connectionClearAuthenticationFlags(connection, SEND_IO_CAPABILITIES_REPLY);
if (hci_stack.bondable && hci_stack.ssp_io_capability != SSP_IO_CAPABILITY_UNKNOWN){ if (hci_stack.bondable && hci_stack.ssp_io_capability != SSP_IO_CAPABILITY_UNKNOWN){
hci_send_cmd(&hci_io_capability_request_reply, &connection->address, hci_stack.ssp_io_capability, NULL, hci_stack.ssp_authentication_requirement); // tweak authentication requirements
uint8_t authreq = hci_stack.ssp_authentication_requirement;
if (connection->bonding_flags & BONDING_DEDICATED){
authreq = gap_mitm_protection_required_for_security_level(connection->requested_security_level) ?
SSP_IO_AUTHREQ_MITM_PROTECTION_REQUIRED_DEDICATED_BONDING :
SSP_IO_AUTHREQ_MITM_PROTECTION_NOT_REQUIRED_DEDICATED_BONDING;
}
hci_send_cmd(&hci_io_capability_request_reply, &connection->address, hci_stack.ssp_io_capability, NULL, authreq);
} else { } else {
hci_send_cmd(&hci_io_capability_request_negative_reply, &connection->address, ERROR_CODE_PAIRING_NOT_ALLOWED); hci_send_cmd(&hci_io_capability_request_negative_reply, &connection->address, ERROR_CODE_PAIRING_NOT_ALLOWED);
} }
@ -1869,6 +1876,10 @@ static gap_security_level_t gap_security_level_for_connection(hci_connection_t *
} }
int gap_mitm_protection_required_for_security_level(gap_security_level_t level){
return level > LEVEL_2;
}
/** /**
* @brief get current security level * @brief get current security level
*/ */
@ -1938,10 +1949,6 @@ int gap_dedicated_bonding(bd_addr_t device, int mitm_protection_required){
// delete linkn key // delete linkn key
hci_drop_link_key_for_bd_addr( (bd_addr_t *) &device); hci_drop_link_key_for_bd_addr( (bd_addr_t *) &device);
// @TODO answer AutHReq based on context instead of global state
hci_stack.ssp_authentication_requirement =
SSP_IO_AUTHREQ_MITM_PROTECTION_NOT_REQUIRED_DEDICATED_BONDING;
// configure LEVEL_2/3, dedicated bonding // configure LEVEL_2/3, dedicated bonding
connection->state = SEND_CREATE_CONNECTION; connection->state = SEND_CREATE_CONNECTION;
connection->requested_security_level = mitm_protection_required ? LEVEL_3 : LEVEL_2; connection->requested_security_level = mitm_protection_required ? LEVEL_3 : LEVEL_2;