From 1bebac1147e10fc1c4e8b29bcc40eceb3a14cf93 Mon Sep 17 00:00:00 2001
From: "matthias.ringwald@gmail.com"
<matthias.ringwald@gmail.com@1a0a8af8-31b5-11de-8e0c-53a27eea117e>
Date: Thu, 28 Nov 2013 20:19:21 +0000
Subject: [PATCH] implement stk generation method decision
---
example/libusb/ble_server.c | 82 ++++++++++++++++++++++++++++++-------
1 file changed, 67 insertions(+), 15 deletions(-)
diff --git a/example/libusb/ble_server.c b/example/libusb/ble_server.c
index f32272307..d26efa3ad 100644
--- a/example/libusb/ble_server.c
+++ b/example/libusb/ble_server.c
@@ -163,6 +163,24 @@ typedef enum {
} security_manager_state_t;
+typedef enum {
+ JUST_WORKS,
+ PK_INIT_INPUT, // Initiator displays PK, responder inputs PK
+ PK_RESP_INPUT, // Responder displays PK, initiator inputs PK
+ OK_BOTH_INPUT, // Only input on both, both input PK
+ OOB // OOB available on both sides
+} stk_generation_method_t;
+
+// horizontal: initiator capabilities
+// vertial: responder capabilities
+static const stk_generation_method_t stk_generation_method[5][5] = {
+ { JUST_WORKS, JUST_WORKS, PK_INIT_INPUT, JUST_WORKS, PK_INIT_INPUT },
+ { JUST_WORKS, JUST_WORKS, PK_INIT_INPUT, JUST_WORKS, PK_INIT_INPUT },
+ { PK_RESP_INPUT, PK_RESP_INPUT, OK_BOTH_INPUT, JUST_WORKS, PK_RESP_INPUT },
+ { JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS, JUST_WORKS },
+ { PK_RESP_INPUT, PK_RESP_INPUT, PK_INIT_INPUT, JUST_WORKS, PK_RESP_INPUT },
+};
+
static att_connection_t att_connection;
static uint16_t att_addr_type;
static bd_addr_t att_address;
@@ -187,6 +205,7 @@ static key_t sm_aes128_plaintext;
//
static uint16_t sm_response_handle = 0;
+static stk_generation_method_t sm_stk_generation_method;
// defines which keys will be send after connection is encrypted
static int sm_key_distribution_set = 0;
@@ -209,9 +228,13 @@ static key_t sm_tk;
static key_t sm_m_random;
static key_t sm_m_confirm;
static uint8_t sm_m_have_oob_data;
+static uint8_t sm_m_auth_req;
+static uint8_t sm_m_io_capabilities = 0;
static uint8_t sm_preq[7];
static uint8_t sm_pres[7];
+static uint8_t sm_s_auth_req = 0;
+static uint8_t sm_s_io_capabilities = 0;
static key_t sm_s_random;
static key_t sm_s_confirm;
static key_t sm_stk;
@@ -375,6 +398,40 @@ static void sm_s1_r_prime(key_t r1, key_t r2, key_t r_prime){
memcpy(&r_prime[0], &r1[8], 8);
}
+void sm_reset_tk(){
+ int i;
+ for (i=0;i<16;i++){
+ sm_tk[i] = 0;
+ }
+}
+
+// decide on stk generation based on
+// - pairing request
+// - io capabilities
+// - OOB data availability
+static void sm_tk_setup(){
+
+ // If both devices have out of band authentication data, then the Authentication
+ // Requirements Flags shall be ignored when selecting the pairing method and the
+ // Out of Band pairing method shall be used.
+ if (sm_m_have_oob_data && (*sm_get_oob_data)(att_addr_type, att_address, sm_tk)){
+ sm_stk_generation_method = OOB;
+ return;
+ }
+
+ // If both devices have not set the MITM option in the Authentication Requirements
+ // Flags, then the IO capabilities shall be ignored and the Just Works association
+ // model shall be used.
+ if ((sm_s_auth_req & sm_m_auth_req & 0x04) == 0){
+ sm_stk_generation_method = JUST_WORKS;
+ sm_reset_tk();
+ }
+
+ // Otherwise the IO capabilities of the devices shall be used to determine the
+ // pairing method as defined in Table 2.4.
+ sm_stk_generation_method = stk_generation_method[sm_m_io_capabilities][sm_s_io_capabilities];
+}
+
static void sm_run(void){
// assert that we can send either one
@@ -393,29 +450,29 @@ static void sm_run(void){
}
case SM_STATE_SEND_PAIRING_RESPONSE: {
- // TODO use provided IO capabilites
- // TOOD use local MITM flag
- // TODO provide callback to request OOB data
+
+ // TODO use locally defined max encryption key size
uint8_t buffer[7];
memcpy(buffer, sm_preq, 7);
buffer[0] = SM_CODE_PAIRING_RESPONSE;
- // buffer[1] = 0x00; // io capability: DisplayOnly
- // buffer[1] = 0x02; // io capability: KeyboardOnly
- // buffer[1] = 0x03; // io capability: NoInputNoOutput
- buffer[1] = 0x04; // io capability: KeyboardDisplay
+ buffer[1] = sm_s_io_capabilities;
if (sm_get_oob_data){
buffer[2] = sm_get_oob_data(att_addr_type, att_address, NULL);
} else {
buffer[2] = 0x00; // no oob data available
}
- buffer[3] = buffer[3] & 3; // remove MITM flag
+ buffer[3] = sm_s_auth_req;
buffer[4] = 0x10; // maxium encryption key size
// for validate
memcpy(sm_pres, buffer, 7);
l2cap_send_connectionless(sm_response_handle, L2CAP_CID_SECURITY_MANAGER_PROTOCOL, (uint8_t*) buffer, sizeof(buffer));
+
+ // decide on Passkey Entry pairing algorithm
+ sm_tk_setup();
+
sm_state_responding = SM_STATE_W4_PAIRING_CONFIRM;
return;
}
@@ -549,7 +606,9 @@ static void sm_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *pac
case SM_CODE_PAIRING_REQUEST:
// store key distribtion request
+ sm_m_io_capabilities = packet[1];
sm_m_have_oob_data = packet[2];
+ sm_m_auth_req = packet[3];
sm_key_distribution_set = packet[6];
// for validate
@@ -608,13 +667,6 @@ static void sm_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *pac
sm_run();
}
-void sm_reset_tk(){
- int i;
- for (i=0;i<16;i++){
- sm_tk[i] = 0;
- }
-}
-
static void sm_distribute_keys(){
// TODO: handle initiator case here