mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-04-10 15:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

reject connection (0x03 security block) if both have SSP, PSM != SDP, and connection is not ecncrypted

Browse Source
This commit is contained in:
matthias.ringwald@gmail.com 2014-01-16 22:42:21 +00:00
parent e00caf9ce9
commit 2bd8b7e7f3
3 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/hci.c
View File

@ -1271,6 +1271,13 @@ void hci_run(){
if (connection->bonding_flags & BONDING_REQUEST_REMOTE_FEATURES){ if (connection->bonding_flags & BONDING_REQUEST_REMOTE_FEATURES){
hci_send_cmd(&hci_read_remote_supported_features_command, connection->con_handle); hci_send_cmd(&hci_read_remote_supported_features_command, connection->con_handle);
connection->bonding_flags &= ~BONDING_REQUEST_REMOTE_FEATURES; connection->bonding_flags &= ~BONDING_REQUEST_REMOTE_FEATURES;
return;
}
if (connection->bonding_flags & BONDING_DISCONNECT_SECURITY_BLOCK){
hci_send_cmd(&hci_disconnect, connection->con_handle, 0x0005); // authentication failure
connection->bonding_flags &= ~BONDING_DISCONNECT_SECURITY_BLOCK;
return;
} }
} }
@ -1552,6 +1559,14 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
return hci_stack.hci_transport->send_packet(HCI_COMMAND_DATA_PACKET, packet, size); return hci_stack.hci_transport->send_packet(HCI_COMMAND_DATA_PACKET, packet, size);
} }
// disconnect because of security block
void hci_disconnect_security_block(hci_con_handle_t con_handle){
hci_connection_t * connection = hci_connection_for_handle(con_handle);
if (!connection) return;
connection->bonding_flags |= BONDING_DISCONNECT_SECURITY_BLOCK;
}
// Configure Secure Simple Pairing // Configure Secure Simple Pairing
// enable will enable SSP during init // enable will enable SSP during init
@ -1559,6 +1574,10 @@ void hci_ssp_set_enable(int enable){
hci_stack.ssp_enable = enable; hci_stack.ssp_enable = enable;
} }
int hci_local_ssp_activated(){
return hci_ssp_supported() && hci_stack.ssp_enable;
}
// if set, BTstack will respond to io capability request using authentication requirement // if set, BTstack will respond to io capability request using authentication requirement
void hci_ssp_set_io_capability(int io_capability){ void hci_ssp_set_io_capability(int io_capability){
hci_stack.ssp_io_capability = io_capability; hci_stack.ssp_io_capability = io_capability;
@ -1711,6 +1730,13 @@ void hci_emit_security_level(hci_con_handle_t con_handle, uint8_t status, gap_se
hci_stack.packet_handler(HCI_EVENT_PACKET, event, sizeof(event)); hci_stack.packet_handler(HCI_EVENT_PACKET, event, sizeof(event));
} }
// query if remote side supports SSP
int hci_remote_ssp_supported(hci_con_handle_t con_handle){
hci_connection_t * connection = hci_connection_for_handle(con_handle);
if (!connection) return 0;
return (connection->bonding_flags & BONDING_REMOTE_SUPPORTS_SSP) ? 1 : 0;
}
// GAP API // GAP API
/** /**
* @bbrief enable/disable bonding. default is enabled * @bbrief enable/disable bonding. default is enabled

14
src/hci.h
View File

@ -236,11 +236,9 @@ typedef enum {
BONDING_REQUEST_REMOTE_FEATURES = 0x01, BONDING_REQUEST_REMOTE_FEATURES = 0x01,
BONDING_RECEIVED_REMOTE_FEATURES = 0x02, BONDING_RECEIVED_REMOTE_FEATURES = 0x02,
BONDING_REMOTE_SUPPORTS_SSP = 0x04, BONDING_REMOTE_SUPPORTS_SSP = 0x04,
BONDING_DISCONNECT_SECURITY_BLOCK = 0x08,
} bonding_flags_t; } bonding_flags_t;
#define CHANNEL_SECURITY_ENCRYPTED = 0x01
#define CHANNEL_SECURITY_AUTHENTICAED = 0x02
typedef enum { typedef enum {
BLUETOOTH_OFF = 1, BLUETOOTH_OFF = 1,
BLUETOOTH_ON, BLUETOOTH_ON,
@ -398,6 +396,15 @@ void hci_emit_system_bluetooth_enabled(uint8_t enabled);
void hci_emit_remote_name_cached(bd_addr_t *addr, device_name_t *name); void hci_emit_remote_name_cached(bd_addr_t *addr, device_name_t *name);
void hci_emit_discoverable_enabled(uint8_t enabled); void hci_emit_discoverable_enabled(uint8_t enabled);
// query if remote side supports SSP
// query if the local side supports SSP
int hci_local_ssp_activated();
// query if the remote side supports SSP
int hci_remote_ssp_supported(hci_con_handle_t con_handle);
// disconnect because of security block
void hci_disconnect_security_block(hci_con_handle_t con_handle);
/** Embedded API **/ /** Embedded API **/
@ -436,6 +443,7 @@ void hci_ssp_set_auto_accept(int auto_accept);
// get addr type and address used in advertisement packets // get addr type and address used in advertisement packets
void hci_le_advertisement_address(uint8_t * addr_type, bd_addr_t * addr); void hci_le_advertisement_address(uint8_t * addr_type, bd_addr_t * addr);
#if defined __cplusplus #if defined __cplusplus
} }
#endif #endif

18
src/l2cap.c
View File

@ -431,6 +431,8 @@ void l2cap_run(void){
switch (signaling_responses[0].code){ switch (signaling_responses[0].code){
case CONNECTION_REQUEST: case CONNECTION_REQUEST:
l2cap_send_signaling_packet(handle, CONNECTION_RESPONSE, sig_id, 0, 0, result, 0); l2cap_send_signaling_packet(handle, CONNECTION_RESPONSE, sig_id, 0, 0, result, 0);
// also disconnect if result is 0x0003 - security blocked
hci_disconnect_security_block(handle);
break; break;
case ECHO_REQUEST: case ECHO_REQUEST:
l2cap_send_signaling_packet(handle, ECHO_RESPONSE, sig_id, 0, NULL); l2cap_send_signaling_packet(handle, ECHO_RESPONSE, sig_id, 0, NULL);
@ -810,6 +812,19 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
log_error("no hci_connection for handle %u\n", handle); log_error("no hci_connection for handle %u\n", handle);
return; return;
} }
// reject connection (0x03 security block) and disconnect if both have SSP, connection is not encrypted and PSM != SDP
if (psm != PSM_SDP
&& hci_local_ssp_activated()
&& hci_remote_ssp_supported(handle)
&& gap_security_level(handle) == LEVEL_0){
// 0x0003 Security Block
l2cap_register_signaling_response(handle, CONNECTION_REQUEST, sig_id, 0x0003);
return;
}
// alloc structure // alloc structure
// log_info("l2cap_handle_connection_request register channel\n"); // log_info("l2cap_handle_connection_request register channel\n");
l2cap_channel_t * channel = (l2cap_channel_t*) btstack_memory_l2cap_channel_get(); l2cap_channel_t * channel = (l2cap_channel_t*) btstack_memory_l2cap_channel_get();
@ -844,10 +859,11 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
// add to connections list // add to connections list
linked_list_add(&l2cap_channels, (linked_item_t *) channel); linked_list_add(&l2cap_channels, (linked_item_t *) channel);
// // check security requirements
// gap_security_level_t current_level = gap_security_level(handle); // gap_security_level_t current_level = gap_security_level(handle);
// gap_security_level_t required_level = LEVEL_2; // gap_security_level_t required_level = LEVEL_2;
// if (current_level < required_level){ // if (current_level < required_level){
// channel->state = L2CAP_STATE_WAIT_AUTHENTICATION_RESULT;
// gap_request_security_level(handle, required_level); // gap_request_security_level(handle, required_level);
// return; // return;
// } // }